Granted, I didn’t spend too much time to find out the title. rsync is such a powerful tool, I had to write a complete article on it anyway.

Any reasonable UNIX sysadmin must know this tool, but most of documentation one can find over the Internet is its man. Well, rather rough to handle regarding the complexity of the beast.

Of course, rsync by default listens on TCP port 873. And the communication is unencrypted, which sucks. But fortunately, combining it with SSH provides a SysAdmin his (her?) handyman. Let’s go :O

Synchronization over SSH

• Connection is granted by a tagged SSH key: The SSH-key is tagged by a forced-command launched if SSH connection succeeds

from="a.b.c.d",command="rsync --server \
   --daemon \
   --config rsync.conf ." ssh-dss ....

• And here is the rsync server configuration file:

uid = 0  # root uid
gid = 0  # root uid
use chroot = true
read only = true   # 
hosts allow = a.b.c.d # Client IP address (SSH authentication lets the access to SSH server, here is extra-protection for the rsync server)
hosts deny = 0.0.0.0  # Others IP addresses are denied

[$module]
  path = $PATH_TO_FOLDER

• On client side:

rsync \
   --delete \  # Delete on destination files which does not exists on source
   -avz \      # -z:compress data during transfer; -a:archive; -v:verbose
   -e "ssh -i ~$USER/.ssh/$PRIVATE_KEY" \
   ${server}::${module} ${CLIENT_SIDE_DESTINATION}

Trigger an action when files are synchronized

[$module]
   path = $PATH_TO_FOLDER
   post-xfer exec triggered_when_files_synchronization_is_done.sh
   pre-xfer exec triggered_just_before_synchronization_starts.sh
  files-from = <(find . -mtime +1 -name "*.log" -print0)

In this example, only files modified more than 1 day ago which names are like *.log are synchronized.

Include and Exclude

[$module]
   path = /
   include /etc/*** /usr/bin/tools/***
   exclude /*** /usr/ /usr/bin/***
   filter = - .*

We want to include folders /etc and /usr/bin/tools and no more, and avoid every hidden files.

Conclusion

Ooof! This article was rather long, more than I would expect at start. I hope it would be of some use for some desperate reader! Last tip for this day: We can trigger a post-pre action once file is downloaded or uploaded; one can use inotify to trigger a rsync command once file appears on filesystem.