Syncing a Running Production System to a Running Testing System
m (moved Syncing Idea to Syncing a Running Production System to a Running Testing System: Better title) |
(→Code) |
||
| Line 1: | Line 1: | ||
| − | == | + | == Introduction == |
| − | + | == Server Configuration == | |
| − | <pre> | + | <pre>PRODUCTION_SERVER=ticc-1.mines.edu |
| − | + | TEST_SERVER=ticc-2.mines.edu</pre> | |
| + | |||
| + | == Login Access == | ||
| + | |||
| + | To be able to run an automated sync without a root login it is necessary to create a SSH identity file so that one server can login to the other. The appropriate identity information can be generated by going to the production server and running "sudo ssh-keygen". This command will generate two files: "/root/.ssh/id_rsa" and "/root/.ssh/id_rsa.pub", you must then output the public key to the authorized keys list (in a root environment run "cat /root/.ssh/id_rsa.pub >> /root/.ssh/authorized_keys") and then copy ALL THREE files over to the test server. Important note: normally you would not do this exactly as specified, but since you are syncing these system completely it is important that both systems have all the same identity credentials. | ||
| + | |||
| + | == Configuring the Network Interfaces == | ||
| + | |||
| + | /etc/udev/rules.d/70-persistent-net.rules : | ||
| + | <pre> | ||
| + | # This file was automatically generated by the /lib/udev/write_net_rules | ||
| + | # program, run by the persistent-net-generator.rules rules file. | ||
| + | # | ||
| + | # You can modify it, as long as you keep each rule on a single | ||
| + | # line, and change only the value of the NAME= key. | ||
| + | |||
| + | ##################################### | ||
| + | ## Production Server Network Cards ## | ||
| + | ##################################### | ||
| + | # PCI device 0x14e4:0x1678 (tg3) | ||
| + | SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="1c:c1:de:ea:64:b8", ATTR{dev_id}=="0x0", ATTR{type}=="1", KERNEL=="eth*", NAME="eth0" | ||
| + | # PCI device 0x14e4:0x1678 (tg3) | ||
| + | SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="1c:c1:de:ea:64:b9", ATTR{dev_id}=="0x0", ATTR{type}=="1", KERNEL=="eth*", NAME="eth1" | ||
| + | |||
| + | ##################################### | ||
| + | ## Testing Server Network Cards ## | ||
| + | ##################################### | ||
| + | # PCI device 0x14e4:0x1678 (tg3) | ||
| + | SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="1c:c1:de:XX:XX:XX", ATTR{dev_id}=="0x0", ATTR{type}=="1", KERNEL=="eth*", NAME="eth2" | ||
| + | # PCI device 0x14e4:0x1678 (tg3) | ||
| + | SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="1c:c1:de:XX:XX:XX", ATTR{dev_id}=="0x0", ATTR{type}=="1", KERNEL=="eth*", NAME="eth3" | ||
| + | </pre> | ||
| + | |||
| + | /etc/network/interfaces : | ||
| + | <pre> | ||
| + | # This file describes the network interfaces available on your system | ||
| + | # and how to activate them. For more information, see interfaces(5). | ||
| + | |||
| + | # The loopback network interface | ||
| + | auto lo | ||
| + | iface lo inet loopback | ||
| + | |||
| + | # The production server's IP configuration | ||
| + | auto eth0 | ||
| + | iface eth0 inet static | ||
| + | address 138.67.36.184 | ||
| + | netmask 255.255.192.0 | ||
| + | gateway 138.67.1.1 | ||
| + | |||
| + | # The test server's IP configuration | ||
| + | auto eth3 | ||
| + | iface eth3 inet static | ||
| + | address 138.67.XXX.XXX | ||
| + | netmask 255.255.192.0 | ||
| + | gateway 138.67.1.1 | ||
| + | </pre> | ||
| + | |||
| + | == Copying Permissions == | ||
| + | |||
| + | Before performing a full sync it is necessary to copy the permissions files from the production server to the test server. If you do not do this then when you run rsync it will not set the correct permissions for any files created by users that are new since the last sync. | ||
| + | |||
| + | So, on the production server run: | ||
| + | <pre>sudo rsync -avz /etc/passwd /etc/group root@${TEST_SERVER}:/etc/</pre> | ||
| + | |||
| + | == Syncing the System == | ||
| + | |||
| + | Create an exclude file that does not copy running system-critical files (/root/.sync-exclude): | ||
| + | <pre>/dev | ||
| + | /proc | ||
| + | /sys | ||
| + | /etc/hosts | ||
| + | /etc/hostname | ||
| + | <pre> | ||
| + | |||
| + | Maybe exclude?: | ||
| + | <pre>/root/.ssh/known_hosts</pre> | ||
| + | |||
| + | Then on the production server run: | ||
| + | <pre>sudo rsync -avz --exclude-from=/root/.sync-exclude / root@${TEST_SERVER}:/</pre> | ||
== What this does == | == What this does == | ||
Revision as of 22:05, 21 February 2011
Contents |
Introduction
Server Configuration
PRODUCTION_SERVER=ticc-1.mines.edu TEST_SERVER=ticc-2.mines.edu
Login Access
To be able to run an automated sync without a root login it is necessary to create a SSH identity file so that one server can login to the other. The appropriate identity information can be generated by going to the production server and running "sudo ssh-keygen". This command will generate two files: "/root/.ssh/id_rsa" and "/root/.ssh/id_rsa.pub", you must then output the public key to the authorized keys list (in a root environment run "cat /root/.ssh/id_rsa.pub >> /root/.ssh/authorized_keys") and then copy ALL THREE files over to the test server. Important note: normally you would not do this exactly as specified, but since you are syncing these system completely it is important that both systems have all the same identity credentials.
Configuring the Network Interfaces
/etc/udev/rules.d/70-persistent-net.rules :
# This file was automatically generated by the /lib/udev/write_net_rules
# program, run by the persistent-net-generator.rules rules file.
#
# You can modify it, as long as you keep each rule on a single
# line, and change only the value of the NAME= key.
#####################################
## Production Server Network Cards ##
#####################################
# PCI device 0x14e4:0x1678 (tg3)
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="1c:c1:de:ea:64:b8", ATTR{dev_id}=="0x0", ATTR{type}=="1", KERNEL=="eth*", NAME="eth0"
# PCI device 0x14e4:0x1678 (tg3)
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="1c:c1:de:ea:64:b9", ATTR{dev_id}=="0x0", ATTR{type}=="1", KERNEL=="eth*", NAME="eth1"
#####################################
## Testing Server Network Cards ##
#####################################
# PCI device 0x14e4:0x1678 (tg3)
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="1c:c1:de:XX:XX:XX", ATTR{dev_id}=="0x0", ATTR{type}=="1", KERNEL=="eth*", NAME="eth2"
# PCI device 0x14e4:0x1678 (tg3)
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="1c:c1:de:XX:XX:XX", ATTR{dev_id}=="0x0", ATTR{type}=="1", KERNEL=="eth*", NAME="eth3"
/etc/network/interfaces :
# This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). # The loopback network interface auto lo iface lo inet loopback # The production server's IP configuration auto eth0 iface eth0 inet static address 138.67.36.184 netmask 255.255.192.0 gateway 138.67.1.1 # The test server's IP configuration auto eth3 iface eth3 inet static address 138.67.XXX.XXX netmask 255.255.192.0 gateway 138.67.1.1
Copying Permissions
Before performing a full sync it is necessary to copy the permissions files from the production server to the test server. If you do not do this then when you run rsync it will not set the correct permissions for any files created by users that are new since the last sync.
So, on the production server run:
sudo rsync -avz /etc/passwd /etc/group root@${TEST_SERVER}:/etc/
Syncing the System
Create an exclude file that does not copy running system-critical files (/root/.sync-exclude):
/dev /proc /sys /etc/hosts /etc/hostname <pre> Maybe exclude?: <pre>/root/.ssh/known_hosts
Then on the production server run:
sudo rsync -avz --exclude-from=/root/.sync-exclude / root@${TEST_SERVER}:/
What this does
For a detailed overview of the commands involved with rsync, use man rsync.
The exclude commands are to exclude files that are not data files. They are all files that we felt did not need to be exact between the two servers since they deal either with temporary files or, in the case of the "known_hosts" file, involve files that should not be the same between the two. Otherwise, this should copy exactly the filesystem between the two.
Important Note
Right now this uses root! This is a bad idea and we've been circumventing issues by only temporarily allowing the root account the ability to log in or do anything. Future ideas involve creating an account solely for the purpose of syncing files that would have root-like access for copying.
