UNIX System Administration Handbook - Evi Nemeth [308]
• Configure the server in /etc/rsyncd.conf.
The services and inetd.conf entries are straightforward:
rsync 873/tcp
for services and
rsync stream tcp nowait root /local/bin/rsync rsyncd --daemon
for inetd.conf. If you use TCP wrappers, you may want to configure it to block access from all hosts except the one that will be distributing your system files. Host rejection can also be specified in rsyncd.conf, but it never hurts to erect multiple barriers.
The rsyncd.secrets file should contain a single entry:
root:password
The rsync password should be different from the actual root password. Because the password is shown in plaintext, rsyncd.secrets must be readable only by root.
Finally, set up an /etc/rsyncd.conf file to tell the rsync server (the receiver) how to behave. A reasonable configuration looks something like this:
[sysfiles]
path = /etc
secrets file = /etc/rsyncd.secrets
read only = false
uid = root
gid = root
hosts allow = distribution_master_hostname
Many other options can be set, but the defaults are reasonable. This configuration will limit operations to the /etc directory and will allow access only by the listed host.
rsync is included with Red Hat. The source code (common to all systems) can be downloaded from the web at rsync.samba.org.
expect: pull files
There are several ways to implement a pulling system. One way that we like, and which happens to be useful for other tasks, is to make system files available via FTP from a central server and to use expect to retrieve and install them.
See page 696 for more information about FTP.
expect is a set of extensions to John Ousterhout’s Tcl (Tool Command Language) that allows you to write control scripts for interactive programs. It was written by Don Libes at NIST. expect is different from a normal scripting language (such as that provided by most shells) in that it provides for incremental control of subprocesses. The output produced by each operation can be examined to determine what input should be sent next. expect is also immune to the unfriendly maneuvers a program may attempt because it thinks it is manipulating a real terminal.
Tcl is itself a complete scripting language. Technically, expect scripts are just Tcl scripts that happen to use the extra commands defined by the expect extensions. However, you don’t need to know much Tcl to write simple expect scripts.
Tcl is syntactically simple. Most commands are invoked like shell commands in that you simply separate the command and its arguments by spaces. Curly braces group elements into single Tcl “words” and extend statements over multiple lines. The command separator is a semicolon, but it is optional at the end of lines and before closing curly braces.
The fundamental expect commands are:
• spawn – start up a subprocess to control
• send – feed input to a subprocess
• expect – take action depending on a subprocess’s output
A fourth command, interact, can also be useful if you want expect to do part of a task and then turn control over to you.
Before discussing the individual commands, let’s look at a simple example. This script ftps the /etc/passwd file from the machine netserver:
spawn /usr/bin/ftp netserver
while 1 { expect {
"Name*: " {send "netclient\r"}
"Password:" {send "netclientpassword\r"}
"ftp> " {break}
"failed" {send_user "Can't log in.\r"; exit 1}
timeout {send_user "Timeout problem.\r"; exit 2}
}}
send "lcd /etc\r"
expect "ftp> " {send "cd pub/sysfiles\r"}
expect "ftp> " {send "get passwd\r"}
expect "ftp> " {send "quit\r"; send_user "\r"}
exit 0
The general flow of control should be apparent. The script first starts the command ftp netserver and then waits to be prompted for a name and password inside a while loop (a generic Tcl construct). After arriving at the main “ftp>” prompt, the while loop exits and a simple series of commands is spoon-fed to ftp. The script waits for each command to complete before sending the next; this is not strictly necessary, but it makes for tidy output.
Two kinds of