Warsync is cool, it’s like secure-rsync-in-a-box. But it also provides no built in way to manage replication from multiple servers to the same client.
When a client is setup, a private key and a public key is setup. This is a unique key pair for the client / server. The public key is added to the authorized keys list for SSH and the private key is kept on the client.
Warsync will also check itself against the server IP listed in the configuration file on the client.
List of files that change:
-
/root/.ssh/authorized_keys
-
/etc/warsync/client.conf
-
/etc/warsync/client-key
-
/etc/warsync/client-key.pub
The client-key.pub is added to the authorized_keys list automatically by the warsync-config binary. So I wrote a [dirty] rotation script to store these files for different warsync servers to allow fast syncing to different servers. If these files do NOT match the server, the server will probably complain about a version mismatch (when it is in fact an identity mismatch).
/# warsync -avn
######################################################
Replicating xxx (dry-run) … (1 of 1)
Permission denied (publickey,keyboard-interactive).
!! Client xxx communication protocol differs.
!! Please manually upgrade client to version 0.9.9.
/#
At first, we run the warsync-config file for each server, and copy the config files out from the normal locations each time identifying the config files by server hostname.
| Default Warsync File | Stored Value For Rotation |
|---|---|
| /root/.ssh/authorized_keys | /root/.ssh/authorized_keys.hostname |
| /etc/warsync/client.conf | /etc/warsync/hostname.conf |
| /etc/warsync/client-key | /etc/warsync/hostname-key |
| /etc/warsync/client-key.pub | /etc/warsync/hostname-key.pub |
Now the rotation script will look like this:
#/bin/sh CONFIGDIR=/etc/warsync cp $CONFIGDIR/$1.conf $CONFIGDIR/client.confcp $CONFIGDIR/$1-key $CONFIGDIR/client-keycp $CONFIGDIR/$1-key.pub $CONFIGDIR/client-key.pubcp /root/.ssh/authorized_keys.$1 /root/.ssh/authorized_keys