Installation and Setup of 'rsync'

PGCluster is using 'rsync' for the data synchronization with Master DB at the time of the addition of Cluster DB, or restoration.
Therefore, the 'rsync' is required in order to use pgcluster.
The 'rsync' is a command for copying files among servers as well as the 'rcp' command.
The good points of rsync are the ability to be able to choose the file for a copy by the difference during a file, or shorten transfer time by compression of transmit data.
The 'rsync' can prevent a leak of information by a data encryption, or can attest a user safely using RSA authentication.
The 'rsync' excels 'rcp' in the security side. 'rsync' prevents a leak of information by a communication data encryption, or can be safely attested by using RSA authentication.

When you use distribution packages, such as Red Hat Linux, since you can install rsync with package management commands (rpm etc.), you are not troubled by the installation itself. When you install with a tool (like rpm), please have a look from the chapter of a setup.

1.Download

When you compile rsync from source code, the following four software is required.
Since the security hole is found in zlib or openssl, you should update them to the latest version.

1.1 zlib

You can download it from the following URL.
http://www.gzip.org/zlib/

1.2 openssl

You can download it from the following URL.
http://www.openssl.org/

1.3 openssh

You can download it from the following URL.
http://www.openssh.com/

1.4 rsync

You can download it from the following URL.
http://rsync.samba.org/

2.Compile and installation

2.1 zlib

Please extract the downloaded archive file,
and execute commands in order of 'configure', 'make' and 'make install'.

# cd /usr/local/src
# tar -zxvf /tmp/zlib-1.1.4.tar.gz
# cd zlib-1.1.4
# ./configure --prefix=/usr --shared
# make
# make install

2.2 openssl

Please extract the downloaded archive file,
and execute commands in order of 'configure', 'make' and 'make install'.

# cd /usr/local/src
# tar -zxvf /tmp/openssl-0.9.6g.tar.gz
# cd openssl-0.9.6g
# ./config --prefix=/usr shared
# make
# makeinstall

2.3 openssh

First, please create account and a group for openssh.
Next, please extract the downloaded archive file, and execute commands in order of 'configure', 'make' and 'make install'.

# mkdir /etc/ssh
# mkdir /var/empty
# chown root.sys /var/empty
# chmod 755 /var/empty
# groupadd sshd
# useradd -g sshd -c 'sshd privsep' -d /var/empty -s /bin/false sshd
# cd /usr/local/src
# tar -zxvf /tmp/openssh-3.5p1.tar.gz
# cd openssh-3.5p1
# LIBS=-lcrypt ./configure --prefix=/usr --sysconfdir=/etc/ssh
# make
# make install

2.4 rsync

Please extract the downloaded archive file,
and execute commands in order of 'configure', 'make' and 'make install'.

# cd /usr/local/src
# tar -zxvf /tmp/rsync-2.5.5.tar.gz
# cd rsync-2.5.5
# ./configure
# make
# make install

3. Setup

3.1 openssh

First, on all Cluster DBs, you create the secret key and public key of RSA authentication using a "ssh-keygen" command.
By a default, these keys are created under ".ssh" directory under a command execution user's home directory.
A public key is created in the file "identity.pub" .You copy this file and create a "authorized_keys" file.

# su -l postgres
$ ssh-keygen -t rsa1
$ cd .ssh
$ cp identity.pub authorized_keys

Next, you edit a SSH server's configuration file on all Cluster DBs.
In order to use rsync command without a password, you set up the following values into a "/etc/ssh/sshd_config".

RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
#RhostsRSAAuthentication no
#PasswordAuthentication yes

Finally, you add into ".ssh/authorized_keys" the public key of the Cluster DB which permits connection.

(The public key to add shall be put on ".ssh/client.pub" by FTP）
$ cd .ssh
$ cat client.pub >> authorized_keys

The starting script of sshd is prepared under contrib of the sauce tree.
For example, in RedHat Linux, you can copy and use a starting script in the following procedures.

# cp /usr/local/src/openssh-3.5p1/contrib/redhat/sshd.init /etc/rc.d/init.d/sshd

4. Test

Then, please actually check whether a file is acquirable by "rsync".
This is the test which copies all the files under a "master" server's /usr/local/pgsql/data directory to a /usr/local/pgsql directory.

# su -l postgres
$ rsync -auzr -e "ssh -1" master:/usr/local/pgsql/data /usr/local/pgsql

Although it asks whether rsync registers the host's information only at first, please be sure to answer as "yes".

There are many options of the rsync command. Please check by the man command for details.
The meaning of the option used in the above-mentioned example is as follows.

[Fromat]
---------------------------------------------------------------------------
　　rsync [OPTION]... [[USER@]HOST:]SRC DEST
---------------------------------------------------------------------------
[Options]
---------------------------------------------------------------------------
SRC --- The file or directory of the source of transmission .

DEST--- The file or directory of the transmission destination .

-a (archive) --- Transmits with the file information on original.

-u (update) --- When the file of the copy destination is newer, it does not update.

-z (compress with zlib ) --- transmits with compression.

-r (recursive) --- Transmits the file in a directory recursively.

-e --- Specifies the command used at the time of a file transfer.
("ssh-1" specified in the example means using SSH using RSA1 for a protocol at the time of a file transfer. )