// Notes on HowTo Setup Rsync on CentOS 5.3 ////////////////////////////////////
// j0zf 2009.7.21

// SETTING UP RSYNCD SERVER ON WWW1 ////////////////////////////////////////////

>> Setup /etc/rsyncd.conf

	-- UNIX COMMANDS --
	touch /etc/rsyncd.conf
	chmod 644 /etc/rsyncd.conf
	vi /etc/rsyncd.conf
	
	*** FILE : /etc/rsyncd.conf ***
motd file = /etc/rsyncd.motd
log file = /var/log/rsyncd.log
pid file = /var/run/rsyncd.pid
lock file = /var/run/rsync.lock

[an_identifier]
   path = /home/a_username/public_html
   use chroot = no
   max connections = 10
   auth users = a_username
   hosts allow = www1.producttoweb.com www2.yoursite.com www3.yoursite.com
   secrets file = /etc/rsyncd.secrets
   uid = a_username
   gid = a_groupname
   list = yes
   read only = no
	*** EOF : /etc/rsyncd.conf ***

>> Setup your secrets file
	- Passwords are in plain-text so make sure you change the permissions on the 
		file /etc/rsyncd.secrets to disallow all but the root user to view the file.
	- This file can be named anything and located pretty much anywhere, but I
		suggest /etc/rsyncd.secrets so that I can find it easily when I obtain root
		access to your system.
	- On some systems your username and password may need to be 8 characters or less.

	-- UNIX COMMANDS --
	touch /etc/rsyncd.secrets
	chmod 600 /etc/rsyncd.secrets
	vi /etc/rsyncd.secrets
	
	*** FILE : /etc/rsyncd.secrets ***
a_username:a_password
	*** EOF : /etc/rsyncd.secrets ***
   
>> Setup your iptables firewall to allow traffic on port 873
	- You'll need to add the following line into your iptables firewall setup.
		Note that the location of this entry can be important.  Although your
		iptables file is not likely to be exactly the same as mine I'll include
		mine for example sakes. 
	
	-- Example of restrictive (by ip address) iptables setup --
	-A INPUT -j ACCEPT -p tcp -s [allowed host's ip address 1] --dport 873
	-A INPUT -j ACCEPT -p tcp -s [allowed host's ip address 2] --dport 873
	-A INPUT -j ACCEPT -p tcp -s [allowed host's ip address 3] --dport 873
	-A INPUT -j DROP -p tcp --dport 873
	
	-- Example of wide open iptables setup --
	# Notice : I'm opening my port 873 to all traffic, but just during the testing process
	-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 873 -j ACCEPT
	
	-- UNIX COMMANDS --
	cp /etc/sysconfig/iptables /etc/sysconfig/iptables_backup
	vi /etc/sysconfig/iptables # see contents file below
	service iptables restart # restart your filewall

	*** FILE : /etc/sysconfig/iptables ***
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT

# HTTP(S) - j0zf 2009.7.16
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 443 -j ACCEPT

# RYSNCD - j0zf 2009.7.23
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 873 -j ACCEPT

-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
	*** EOF : /etc/sysconfig/iptables ***

>> Setup rsyncd to run as a stand-alone daemon
	- It could also be setup to be ran from inetd, but form my investigation I 
		have found that systems which receive frequent connections will be better
		off running it as a daemon.  Since this system will by synchronizing 
		several webservers with www1 It'll be a busy bugger.
	
	-- UNIX COMMANDS --
	service iptables restart

touch /etc/rc.d/init.d/rsyncd
chmod 755 /etc/rc.d/init.d/rsyncd
vi /etc/rc.d/init.d/rsyncd
ln -s /etc/rc.d/init.d/rsyncd /etc/rc.d/rc2.d/S85rsyncd
ln -s /etc/rc.d/init.d/rsyncd /etc/rc.d/rc3.d/S85rsyncd
ln -s /etc/rc.d/init.d/rsyncd /etc/rc.d/rc5.d/S85rsyncd
ln -s /etc/rc.d/init.d/rsyncd /etc/rc.d/rc0.d/K15rsyncd
ln -s /etc/rc.d/init.d/rsyncd /etc/rc.d/rc1.d/K15rsyncd
ln -s /etc/rc.d/init.d/rsyncd /etc/rc.d/rc6.d/K15rsyncd
service rsyncd start
		
	*** FILE : /etc/rc.d/init.d/rsyncd ***
#!/bin/sh
# Thanks To : http://www.fredshack.com/docs/rsync.html 
# Rsyncd This shell script takes care of starting and stopping the rsync daemon
# description: Rsync is an awesome replication tool.
# Source function library.
. /etc/rc.d/init.d/functions

[ -f /usr/bin/rsync ] || exit 0

case "$1" in
start)
action "Starting rsyncd: " /usr/bin/rsync --daemon
;;
stop)
action "Stopping rsyncd: " killall rsync
;;
*)
echo "Usage: rsyncd {start|stop}"
exit 1
esac
exit 0
	*** EOF : /etc/rc.d/init.d/rsyncd ***


// SETTING UP RSYNC CRON FILES ON WWW2 THROUGHT WWWN SERVERS ///////////////////

Only do this on the secondary web-servers www2, www3, ..., wwwN

>> Create your password file
	- just the password, nothing else no extra spaces or carriage returns or nuttin
	echo "a_password" > /home/a_username/.rsync.www1.secret
	chmod 600 /home/a_username/.rsync.www1.secret
	
>> Create your rsync script	

	-- UNIX COMMANDS --
	touch /home/a_username/rsync_with_www1
	chmod 744 /home/a_username/rsync_with_www1
	vi /home/a_username/rsync_with_www1
	
	*** FILE : /home/a_username/rsync_with_www1 ***
#!/bin/bash
# RSYNC WITH WWW1 - J0ZF 2009.7.23

# 1ST : GET THE NEW FILES FROM WWW1
rsync -rvtpogzu a_username@www1.yoursite.com::a_username /home/a_username/public_html/ --password-file /home/a_username/.rsync.www1.secret

# 2ND : SEND ANY NEW FILE ON THIS SERVER TO WWW1
rsync -rvtpogzu /home/a_username/public_html/ a_username@www1.yoursite.com::a_username --password-file /home/a_username/.rsync.www1.secret	
	*** EOF : /home/a_username/rsync_with_www1 ***	
	

>> Setup to Automatically Rsync Hourly
	- to run your rsync script every 30 minutes add the following to your crontab file
	
	# RSYNC WITH WWW1 EVERY 30 MINUTES
	00,30 * * * * root /home/a_username/rsync_with_www1

	-- UNIX COMMANDS --
	vi /etc/crontab
		
	*** FILE : /etc/crontab ***
SHELL=/bin/bash
PATH=/sbin:/bin:/usr/sbin:/usr/bin
MAILTO=root
HOME=/

# run-parts
01 * * * * root run-parts /etc/cron.hourly
02 4 * * * root run-parts /etc/cron.daily
22 4 * * 0 root run-parts /etc/cron.weekly
42 4 1 * * root run-parts /etc/cron.monthly

# RSYNC WITH WWW1 EVERY 30 MINUTES
00,30 * * * * root /home/a_username/rsync_with_www1
	*** EOF : /etc/crontab ***

// SOURCES /////////////////////////////////////////////////////////////////////
http://everythinglinux.org/rsync/
http://en.wikipedia.org/wiki/Rsync
http://www.samba.org/rsync/documentation.html
http://www.fredshack.com/docs/rsync.html
http://finmath.uchicago.edu/~wilder/Security/rsync/
http://linux.about.com/library/cmd/blcmdl5_rsyncd.conf.htm

HowTo Setup a Rsync Server for Loadbalancing on Linux CentOS 5.3