Table of Contents
zSync Requirements
- A http/https web-server of any kind. To be able to use zSync transfers, it must support the HTTP-Range command.
- Tested webservers: Apache2 and Nginx.
- APACHE 2.2.20 and newer have issues, please use 2.2.19 for the time being. E.g: http://apache.xl-mirror.nl/httpd/binaries/win32/httpd-2.2.19-win32-x86-openssl-0.9.8r.msi
- NGINX for Windows: http://nginx.org/en/docs/windows.html
- note: All versions of Microsoft Windows IIS are currently not supported. Apache is available for Windows too.
- The server can run on any port (doesn't have to be port 80)
- optional; http basic authentication is supported (username+password protection)
- .yml / .yaml mime type needs to be active (Should be configurable in .htaccess file)
- Dotted files need to be allowed (files starting with a dot, like .repository.yml) , specifically, to be allowed to serve: .repository.yml and it's .zsync counter part.
- config.yml hosts url format; http://hostname.domain.net/six
- Tested webservers: Apache2 and Nginx.
rSync Requirements
- Rsync (Daemon)
- SSH Server
- With Public Key authentication enabled
Virtual Machine
Technically, it is very possible, and a fine option to simply take the Virtual Machine listed above for Windows Hosts.
Still, if you prefer to run Rsync/SSH directly on your server, please read below.
To run the VM as non root user you will need to adjust the HostPort's to above 1024 though.
Example: Ubuntu 9.10 Server edition
These are the instructions I use. You can leave out shorewall (firewall), wondershaper (bandwidth limiter), and the fstab parts.
sudo bash apt-get update && apt-get install rsync # optional: apt-get dist-upgrade # optional: apt-get install shorewall-common shorewall-shell wondershaper mc ruby1.9.1 rubygems1.9.1 ruby1.9.1-dev build-essential && apt-get autoremove # optional: ln -s /usr/bin/ruby1.9.1 /usr/bin/ruby useradd -m rsync mkdir -p /var/scm/rsync chown -R rsync:rsync /var/scm/rsync ln -s /var/scm/rsync /home/rsync/repositories chown -R rsync:rsync /home/rsync/repositories sudo -H -u rsync mkdir /home/rsync/.ssh sudo -H -u rsync pico /home/rsync/.ssh/authorized_keys update-rc.d rsync defaults # optional: update-rc.d shorewall defaults # Manually set rsync startup (RSYNC_ENABLE) and configuration pico /etc/default/rsync && pico /etc/rsyncd.conf # optional, TODO: Firewall Configuration missing... && pico /etc/default/shorewall # optional: pico /etc/fstab && mount /var/scm/rsync mkdir /var/scm/rsync/rel chown -R rsync:rsync /var/scm/rsync
File: /home/rsync/.ssh/authorized_keys
no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA86sYqRjHBoOsMCFZwfWHNg7xGdA+dI2e1rWEWEyU0VoWf+mO7XMupZk5uSs8AHT0fY4pvIGyjCqH3Vj3F68d4AkteFXKm+2e6sizPwMls8WJavUmZAEgQGQJMWG+AkOw4G/kdUvMWAy50Rv6yQddgbodAq2FQzo6X+ESWJPcgl8olrxAmptT4SgDE4WNTAcSa3I80lo38cVUgkLqr8+witfx+g4lOjapkL7SSorXLJYfsPXFJ9jCCzXPZu22KYeeNq7Y4Cvt8DpOyMdpwENZt48CcDkG/SrV0hUNnZNMhxWXyNHGpGphyyzn7Fwlsgm1b6SwaOao+OU7oCG3yayUVw== rsync_tool
File: /etc/rsyncd.conf
motd file = /etc/rsyncd.motd #Below are actually defaults, but to be on the safe side... read only = yes list = yes uid = rsync gid = rsync log file = /var/log/rsync.log secrets file = /etc/rsyncd.secrets max connections = 25 [rel] path = /var/scm/rsync/rel #read only = no
Example: RedHat Enterprise Linux 5/CentOS 5
Here's how to configure a rsync service on RHEL5/CentOS 5. It's a slight variation on the way it was done in Ubuntu Server above.
Installation and configuration
- Create the rsync user and set a good password for the account
[root@localhost ~]# useradd -m rsync [root@localhost ~]# passwd rsync Changing password for user rsync. New UNIX password: Retype new UNIX password: passwd: all authentication tokens updated successfully.
- In the home directory of "rsync", create the
.sshfolder and the fileauthorized_keystherein:[root@localhost ~]# sudo -H -u rsync mkdir /home/rsync/.ssh [root@localhost ~]# sudo -H -u rsync touch /home/rsync/.ssh/authorized_keys [root@localhost ~]# chmod 700 /home/rsync/.ssh [root@localhost ~]# chmod 600 /home/rsync/.ssh/authorized_keys
- Next, use your favourite text editor and add the "rsync_tool" SSH key contents seen above in the Ubuntu section to that file. It should be one line and one line only that you add.
- Prepare the file area where all the mirrored files will live. We'll follow the FHS guidelines , placing the files in
/srv/rsync(Rationale: here)[root@localhost ~]# mkdir /srv/rsync
- Next, we'll relabel that folder to let SELinux allow rsync to serve files from that location:
[root@localhost ~]# chcon -vt public_content_t /srv/rsync context of /srv/rsync changed to user_u:object_r:public_content_t
(Learn more about that using "man rsync_selinux") - Create a symbolic link in the home directory of rsync that points to the rsync file area:
[root@localhost ~]# sudo -H -u rsync ln -sf /srv/rsync /home/rsync/repositories
- Install the
xinetdpackage (if it isn't already)[root@localhost ~]# rpm -q xinetd package xinetd is not installed [root@localhost ~]# yum install xinetd ...
- Configure a new rsyncd service module called "rel". If you haven't got one already, use your favourite text editor to edit or create the file
/etc/rsyncd.conf:read only = yes list = yes uid = nobody gid = nobody log file = /var/log/rsync.log max connections = 25 # This is the six-arma-updater repository, used # for the ACE 2 rsync mirror system [rel] comment = "six-arma-updater rsync repository" path = /srv/rsync/rel uid = rsync gid = rsync read only = yes - Create the directory "rel" in the rsync file area and make sure the whole file area is owned by the user rsync:
[root@localhost ~]# mkdir /srv/rsync/rel [root@localhost ~]# chown -R rsync:rsync /srv/rsync
- Enable the
xinetdservice andrsyncsub-service[root@localhost ~]# chkconfig rsync on [root@localhost ~]# chkconfig xinetd on
- Open ports 873:TCP and 873:UDP in your firewall. You can do this using the
system-config-securitylevelGUI tool. (Advanced users may add new iptables rules to/etc/sysconfig/iptables, but don't call us when you break your firewall - if you aren't sure of what you're doing, don't do it.) - Finally, you can start the xinetd service
[root@localhost ~]# service xinetd start
Limiting bandwidth usage
One way of doing this is by editing the xinetd rsync service configuration file, /etc/xinetd.d/rsync and add --bwlimit=<limit in KiB/sec> to the server_args line. Here's how it may look if you wish to limit the per-connection upload rate to 512 KiB/sec.
# default: off
# description: The rsync server is a good addition to an ftp server, as it \
# allows crc checksumming etc.
service rsync
{
disable = no
socket_type = stream
wait = no
user = root
server = /usr/bin/rsync
server_args = --daemon --bwlimit=512
log_on_failure += USERID
}
Note: that's kilo bytes per second, not kilo bits. Once you've edited /etc/xinetd.d/rsync, have the xinetd service re-load the configuration using:
[root@localhost ~]# service xinetd reload
Verification
- Make sure you can access the rsync service locally. Do this by asking the rsync service to show you a list of the available "modules":
[root@localhost ~]# rsync localhost:: rel "ACE 2 rsync repository"
- Next, try the same thing from a machine on the outside. This will tell you if you have your firewall setup correctly:
[user@otherhost: ~]$ rsync myserver.example.com:: rel "ACE 2 rsync repository"
