Using Secure Rsync to Synchronize Files Between Servers

This will help you set up synchronization of files and/or directories between AIX servers. OpenSSH will be used to provide an additional element of security.
OpenSSH is a free software tool that supports SSH1 and SSH2 protocols. It's reliable and secure and is widely accepted in the IT industry to replace the r-commands, telnet, and ftp services, providing secure encrypted sessions between two hosts over the network.
OpenSSH source code is compiled on AIX 5L and shipped on the AIX 5L Expansion Pack and Web Download Pack. You can also get the installation images from OpenSSH on AIX. When you install the AIX OpenSSH image from the Bonus Pack CD or from the website, you can get support from IBM Program Services.
OpenSSH is dynamically linked with OpenSSL for use of the encryption library libcrypto.a. You can get the OpenSSL library from the AIX Toolbox for Linux Applications CD or from this website. OpenSSL is delivered in RPM format (instead of installp format). To install OpenSSL, use the command:
# rpm -i
Lets walk through the process of downloading and installing OpenSSL, OpenSSH and rsync.
1. Download the package manager: ftp://ftp.software.ibm.com/aix/freeSoftware/aixtoolbox/INSTALLP/ppc/rpm.rte
2. Install the package manager
# installp -qacXgd rpm.rte rpm.rte
3. Download the OpenSSL library: http://www6.software.ibm.com/dl/aixtbx/aixtbx-p

a. OpenSSL is cryptographic content so you will need to sign in with your IBM ID and password. Create one if you don’t have one.
b. The next screen is a license agreement. Agree and confirm.
c. Search the page for “openssl-0.9.7g-1.aix5.1.ppc.rpm” and click on the download button next to it.

4. Install the RPM:
# rpm –i openssl-0.9.7g-1.aix5.1.ppc.rpm
5. Download OpenSSH: https://sourceforge.net/project/showfiles.php?group_id=127997
6. Installation: The resulting file is compressed tar file. Uncompress and untar it and follow the directions in the Customer_README file exactly as given.
7. Download the latest version of rsync: ftp://ftp.software.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/rsync
8.Install rsync:
# rpm –i rsync-2.6.2-1.aix5.1.ppc.rpm
You must complete these steps on all servers/LPARs that will be using rsync, either as a file server or a sync client. You must also set up the necessary SSH keys between servers.
For the remainder of this exercise, we are going to limit ourselves to two servers. FileServe will be the server with the master files and FileClient will be the server/LPAR obtaining the master files for local use.
A common usage in this scenario is user information, so we will address that particular example, but rsync can be used for any types of files or directory trees. Indeed, it can be used to keep HTML source in sync, as just one more example use.
This is an example of a script that does a “pull” from FileServe. FileClient transfers the latest passwd, group and security files overwriting its own files. Additionally, FileClient copies any new user directories in /home but does not update, modify or delete any existing directories.
#!/usr/bin/ksh
# Get new /etc/passwd & /etc/group files
# Overwrite existing files
rsync –goptvz -e ssh FileServe:/etc/passwd /etc/passwd
rsync –goptvz -e ssh FileServe:/etc/group /etc/group
# Get new files from /etc/security
# Overwrite existing files
for FILE in group limits passwd .ids environ .profile
do
rsync –goptvz -e ssh FileServer:/etc/security/$FILE /etc/security/$FILE
done
# Grab new directories in /home
# Do not change anything that already exists
rsync -gloprtuvz -e ssh --ignore-existing FileServer:/home /home
This solution is fine for two or three servers, but what about more than that? Besides which, if the centralized user management is being done on FileServe, doesn’t it make more sense to pull rather than push?
This script does a push from FileServe to multiple clients:
#!/usr/bin/ksh
for CLIENTS in `cat /etc/useradm_clients.rsync`
do
echo Updating ${CLIENTS}…
# Get new /etc/passwd & /etc/group files
# Overwrite existing files
rsync –goptvz -e ssh /etc/passwd ${CLIENTS}/etc/passwd
rsync –goptvz -e ssh /etc/group ${CLIENTS}/etc/group
# Get new files from /etc/security
# Overwrite existing files
for FILE in group limits passwd .ids environ .profile
do
rsync –goptvz -e ssh /etc/security/$FILE ${CLIENTS}/etc/security/$FILE
done
# Grab new directories in /home
# Do not change anything that already exists
rsync -gloprtuvz -e ssh --ignore-existing /home ${CLIENTS}/home
echo ${CLIENTS} Complete.
done
Should not automate this unless you put the proper safeguards in place to make sure you’re notified immediately of a failure.
As always, the code I provide is meant to show concepts. Notice none of these commands check error codes, or emails/pages admins. It meant to run interactively so that you see the results.