N63050 第十五周运维作业
第二十九天:
网络文件共享服务
1基于DB数据库文件实现FTP的虚拟用户
2基于MySQL数据库文件实现FTP的虚拟用户
3NFS服务的工作原理
4NFS共享服务实现详解
5实现NFS共享存储的LAMP架构
6autofs实现自动挂载
7samba服务实现网络共享
8利用inotify和rsync服务实现数据实时同步
第三十天:
企业级调度器lvs
1利用sesync实现数据实时同步
2集群和分布式架构介绍
3LVS的NAT工作模式实现原理
4LVS的DR和TUN工作模式实现原理
5LVS的12种调度算法和ipvsadm命令使用
6LVS的NAT实战案例
7LVS的DR模式单网段实战案例
第十五周作业:
1、实现基于MYSQL验证的vsftpd虚拟用户访问
2、配置samba共享,实现/www目录共享
3、使用rsync+inotify实现/www目录实时同步
4、LVS调度算法总结
5、LVS的跨网络DR实现
1、实现基于MYSQL验证的vsftpd虚拟用户访问
利用 pam_mysql 模块可以实现基于MySQL的FTP虚拟用户功能
项目网站:
http://pam-mysql.sourceforge.net/
https://sourceforge.net/projects/pam-mysql/
http://sf.net/projects/pam-mysql
注意:因为此项目年代久远不再更新,当前只支持CentOS 6,7,不支持CentOS 8
本实验在两台主机上实现
一台做为FTP服务器CentOS 7 10.0.0.7
一台做 Mariadb 数据库服务器 10.0.0.8
1.1在数据库服务器上安装mysql数据库
#注意:MySQL8.0由于取消了PASSWORD()函数不支持,因此选择Mariadb
[root@centos8 ~]#yum -y install mariadb-server
[root@centos8 ~]#systemctl enable --now mariadb.service
1.2在数据库服务上配置数据库支持vsftpd服务
#建立存储虚拟用户数据库和表
[root@centos8 ~]#mysql
mysql> CREATE DATABASE vsftpd;
mysql> USE vsftpd;
mysql> CREATE TABLE users (
id INT AUTO_INCREMENT NOT NULL PRIMARY KEY,
name CHAR(50) BINARY NOT NULL,
password CHAR(48) BINARY NOT NULL
);
#添加虚拟用户,为了安全应该使用PASSWORD函数加密其密码后存储
MariaDB [vsftpd]> CREATE TABLE users (
-> id INT AUTO_INCREMENT NOT NULL PRIMARY KEY,
-> name CHAR(50) BINARY NOT NULL,
-> password CHAR(48) BINARY NOT NULL
-> );
Query OK, 0 rows affected (0.003 sec)
MariaDB [vsftpd]> INSERT INTO users(name,password) values('alice',password('123456'));
Query OK, 1 row affected (0.001 sec)
MariaDB [vsftpd]> INSERT INTO users(name,password) values('james',password('654321'));
Query OK, 1 row affected (0.001 sec)
MariaDB [vsftpd]> select * from users;
+----+-------+-------------------------------------------+
| id | name | password |
+----+-------+-------------------------------------------+
| 1 | alice | *6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9 |
| 2 | james | *2A032F7C5BA932872F0F045E0CF6B53CF702F2C5 |
+----+-------+-------------------------------------------+
2 rows in set (0.000 sec)
MariaDB [vsftpd]> GRANT SELECT ON vsftpd.* TO vsftpd@'10.0.0.%' IDENTIFIED BY '123456';
Query OK, 0 rows affected (0.000 sec)
MariaDB [vsftpd]> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.000 sec)
1.3在FTP服务器上安装vsftpd 和 pam_mysql包
[root@centos7 ~]#yum -y install vsftpd
1.4在FTP服务器上安装 pam_mysql
#安装相关包
[root@centos7 ~]#yum -y install vsftpd gcc gcc-c++ make mariadb-devel pam-devel
#下载pam-mysql源码进行编译
[root@centos7 ~]#wget http://prdownloads.sourceforge.net/pam-mysql/pam_mysql-0.7RC1.tar.gz
[root@centos7 ~]#tar xvf pam_mysql-0.7RC1.tar.gz
[root@centos7 ~]#cd pam_mysql-0.7RC1/
[root@centos7 pam_mysql-0.7RC1]#./configure --with-pam-mods-dir=/lib64/security
#如果上面命令不指定 --with-pam-mods-dir=/lib64/security 会报以下错误
#checking if the second argument of pam_conv.conv() takes const pointer... no
configure: error: Your system doesn't appear to be configured to use PAM.
Perhaps you need to specify the correct location where the PAM modules reside.
[root@centos7 pam_mysql-0.7RC1]#make install
[root@centos7 pam_mysql-0.7RC1]#ll /lib64/security/pam_mysql*
-rwxr-xr-x 1 root root 882 Dec 17 14:34 /lib64/security/pam_mysql.la
-rwxr-xr-x 1 root root 141712 Dec 17 14:34 /lib64/security/pam_mysql.so
1.5在FTP服务器上建立pam认证所需文件
[root@centos7 ~]#vi /etc/pam.d/vsftpd.mysql
#添加如下两行
auth required pam_mysql.so user=vsftpd passwd=123456 host=10.0.0.8 db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2
account required pam_mysql.so user=vsftpd passwd=123456 host=10.0.0.8 db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2
#注意两段中间不要复制换行
1.6建立相应用户和修改vsftpd配置文件
#建立虚拟用户映射的系统用户及对应的目录
[root@centos7 ~]#useradd -s /sbin/nologin -d /data/ftproot -r vuser
#centos7 需除去ftp根目录的写权限
[root@centos7 ~]#mkdir -pv /data/ftproot/upload
[root@centos7 ~]#setfacl -m u:vuser:rwx /data/ftproot/upload
#确保/etc/vsftpd/vsftpd.conf中已经启用了以下选项
[root@centos7 ~]#vim /etc/vsftpd/vsftpd.conf
#添加下面两项
guest_enable=YES
guest_username=vuser
#修改下面一项,原系统用户无法登录
pam_service_name=vsftpd.mysql
启动vsftpd服务
[root@centos7 ~]#systemctl enable --now vsftpd
1.7在FTP服务器上配置虚拟用户具有不同的访问权限(需要可修改配置文件添加)
vsftpd可以在配置文件目录中为每个用户提供单独的配置文件以定义其ftp服务访问权限,每个虚拟用户的配置文件名同虚拟用户的用户名。配置文件目录可以是任意未使用目录,只需要在vsftpd.conf指定其路径及名称即可
#配置vsftpd为虚拟用户使用配置文件目录
[root@centos7 ~]#vim /etc/vsftpd/vsftpd.conf
#添加如下选项
user_config_dir=/etc/vsftpd/conf.d/
#创建所需要目录,并为虚拟用户提供配置文件
[root@centos7 ~]#mkdir /etc/vsftpd/conf.d/
#配置虚拟用户的访问权限
#虚拟用户对vsftpd服务的访问权限是通过匿名用户的相关指令进行的。如要让用户wang具有上传文件的权
限,可修改/etc/vsftpd/vusers.d/wang文件,在里面添加如下选项并设置为YES即可,只读则设为NO
#注意:需确保对应的映射用户对于文件系统有写权限
[root@centos7 ~]#vim /etc/vsftpd/conf.d/alice
anon_upload_enable={YES|NO}
anon_mkdir_write_enable={YES|NO}
anon_other_write_enable={YES|NO}
#登录目录改变至指定的目录
local_root=/data/ftproot2
2、配置samba共享,实现/www目录共享
#10.0.0.200安装samba服务器端
[root@centos8 ~]#yum install -y samba
[root@centos8 ~]#systemctl enable --now smb
[root@centos8 ~]#smbpasswd -a smb1
New SMB password:
Retype new SMB password:
Added user smb1.
[root@centos8 ~]#yum install -y httpd
[root@centos8 ~]#systemctl enable --now httpd
Created symlink /etc/systemd/system/multi-user.target.wants/httpd.service → /usr/lib/systemd/system/httpd.service.
[root@centos8 ~]#cd /var/www
[root@centos8 www]#ls
cgi-bin html
[root@centos8 www]#touch /var/www/a.txt
[root@centos8 www]#ls
a.txt cgi-bin html
[root@centos8 ~]#rpm -qc samba
/etc/openldap/schema/samba.schema
/etc/pam.d/samba
[root@centos8 ~]#rpm -qc samba-common
/etc/logrotate.d/samba
/etc/samba/lmhosts
/etc/samba/smb.conf
/etc/sysconfig/samba
[root@centos8 ~]#vim /etc/samba/smb.conf
#在配置文件最后添加共享目录,share1是共享名称,path=/var/www是共享目录
#若要开启上传功能,需要在配置文件写入writable=yes,并给共享目录加权限
[share1]
path=/var/www
writable=yes
[root@centos8 ~]#chmod 777 /var/www/
在10.0.07上安装客户端
[root@centos7 ~]#yum -y install samba-client
[root@centos7 ~]#smbclient -L 10.0.0.200 -u smb1%123456
[root@centos7 ~]#smbclient -L 10.0.0.200 -U smb1%123456
Sharename Type Comment
--------- ---- -------
print$ Disk Printer Drivers
share1 Disk
IPC$ IPC IPC Service (Samba 4.17.5)
smb1 Disk Home Directories
[root@centos7 ~]#smbclient //10.0.0.200/share1 -U smb1%123456
Try "help" to get a list of possible commands.
smb: \> ls
. D 0 Fri Feb 24 23:05:49 2023
.. D 0 Fri Feb 24 23:03:20 2023
cgi-bin D 0 Wed Feb 1 05:59:24 2023
html D 0 Fri Feb 24 23:05:14 2023
a.txt N 0 Fri Feb 24 23:05:49 2023
104806400 blocks of size 1024. 102199752 blocks available
smb: \> put anaconda-ks.cfg
putting file anaconda-ks.cfg as \anaconda-ks.cfg (771.0 kb/s) (average 771.0 kb/s)
3、使用rsync+inotify实现/www目录实时同步
准备环境
- inotify:对同步数据目录信息的监控 10.0.0.8
- rsync:完成对数据的同步 10.0.0.18
#列出下面的文件,说明服务器内核支持inotify
[root@data ~]#ls -l /proc/sys/fs/inotify
total 0
-rw-r--r-- 1 root root 0 Mar 21 09:01 max_queued_events
-rw-r--r-- 1 root root 0 Mar 21 09:01 max_user_instances
-rw-r--r-- 1 root root 0 Mar 21 09:01 max_user_watches
[root@data ~]#cat /proc/sys/fs/inotify/max_queued_events
16384
[root@data ~]#cat /proc/sys/fs/inotify/max_user_instances
128
[root@data ~]#cat /proc/sys/fs/inotify/max_user_watches
8192
inotify 内核参数说明:
max_queued_events:inotify 事件队列最大长度,如值太小会出现 Event Queue Overflow 错误,默认值:16384, 生产环境建议调大,比如:327679
max_user_instances:每个用户创建inotify实例最大值,默认值:128
max_user_watches:可以监视的文件的总数量(inotifywait 单进程),默认值:8192,建议调大
[root@data ~]#vim /etc/sysctl.conf
fs.inotify.max_queued_events=66666
fs.inotify.max_user_watches=100000
[root@data ~]#sysctl -p
fs.inotify.max_queued_events = 66666
fs.inotify.max_user_watches = 100000
[root@data ~]#cat /proc/sys/fs/inotify/*
66666
128
100000
3.1安装inotify-tools:基于epel源
[root@data ~]#yum -y install inotify-tools
[root@data ~]#rpm -ql inotify-tools
/usr/bin/inotifywait
/usr/bin/inotifywatch
/usr/lib64/libinotifytools.so.0
/usr/lib64/libinotifytools.so.0.4.1
/usr/share/doc/inotify-tools-3.14
/usr/share/doc/inotify-tools-3.14/AUTHORS
/usr/share/doc/inotify-tools-3.14/COPYING
/usr/share/doc/inotify-tools-3.14/ChangeLog
/usr/share/doc/inotify-tools-3.14/NEWS
/usr/share/doc/inotify-tools-3.14/README
/usr/share/man/man1/inotifywait.1.gz
/usr/share/man/man1/inotifywatch.1.gz
inotify-tools包主要工具:
- inotifywait: 在被监控的文件或目录上等待特定文件系统事件(open ,close,delete等)发生, 常用于实时同步的目录监控
- inotifywatch:收集被监控的文件系统使用的统计数据,指文件系统事件发生的次数统计
data服务器
[root@data ~]# yum install inotify-tools -y
[root@data ~]#echo "magedu" > /etc/rsync.pas
[root@data ~]#chmod 600 /etc/rsync.pas
[root@data ~]#vim inotify_rsync.sh
#!/bin/bash
SRC='/data/www/'
DEST='rsyncuser@10.0.0.18::backup'
rpm -q rsync &> /dev/null || yum -y install rsync
inotifywait -mrq --exclude=".*\.swp" --timefmt '%Y-%m-%d %H:%M:%S' --format '%T %w %f' -e create,delete,moved_to,close_write,attrib ${SRC}|while read DATE TIME DIR FILE;do
FILEPATH=${DIR}${FILE}
rsync -az --delete --password-file=/etc/rsync.pas $SRC $DEST && echo "At ${TIME} on ${DATE},file $FILEPATH was backuped up via rsync" >> /var/log/changelist.log
done
[root@data www]#yum install rsync-daemon -y
[root@data www]#systemctl enable --now rsyncd
Created symlink /etc/systemd/system/multi-user.target.wants/rsyncd.service → /usr/lib/systemd/system/rsyncd.service.
backup服务器
[root@backup ~]#yum install rsync-daemon -y
[root@backup ~]#vim /etc/rsyncd.conf
uid=root
gid=root
max connections=0
ignore errors
exclude=lost+found/
log file=/var/log/rsyncd.log
pid file=/var/run/rsyncd.pid
lock file=/var/run/rsyncd.lock
reverse lookup=no
[backup]
path=/data/backup/
comment=backup dir
read only=no
auth users=rsyncuser
secrets file=/etc/rsync.pas
[root@backup ~]#setfacl -m u:nobody:rwx /data/backup/
[root@backup ~]#mkdir /data/backup
[root@backup ~]#
[root@backup ~]#echo "rsyncuser:magedu" > /etc/rsync.pas
[root@backup ~]#chmod 600 /etc/rsync.pas
[root@backup ~]#systemctl enable --now rsyncd
[root@backup ~]#watch -n0.5 ls -l /data/backup
在data服务器创建文件并在backup服务器查看同步效果
4、LVS调度算法总结
LVS 调试算法
ipvs scheduler:根据其调度时是否考虑各RS当前的负载状态
分为两种:静态方法和动态方法
静态方法
仅根据算法本身进行调度
1、RR:roundrobin,轮询,较常用
2、WRR:Weighted RR,加权轮询,较常用
3、SH:Source Hashing,实现session sticky,源IP地址hash;将来自于同一个IP地址的请求始终发往
第一次挑中的RS,从而实现会话绑定
4、DH:Destination Hashing;目标地址哈希,第一次轮询调度至RS,后续将发往同一个目标地址的
请求始终转发至第一次挑中的RS,典型使用场景是正向代理缓存场景中的负载均衡,如: Web缓存
动态方法
主要根据每RS当前的负载状态及调度算法进行调度Overhead=value 较小的RS将被调度
1、LC:least connections 适用于长连接应用
Overhead=activeconns*256+inactiveconns
2、WLC:Weighted LC,默认调度方法,较常用
Overhead=(activeconns*256+inactiveconns)/weight
3、SED:Shortest Expection Delay,初始连接高权重优先,只检查活动连接,而不考虑非活动连接
Overhead=(activeconns+1)*256/weight
4、NQ:Never Queue,第一轮均匀分配,后续SED
5、LBLC:Locality-Based LC,动态的DH算法,使用场景:根据负载状态实现正向代理,实现Web
Cache等
6、LBLCR:LBLC with Replication,带复制功能的LBLC,解决LBLC负载不均衡问题,从负载重的复制
到负载轻的RS,,实现Web Cache等
内核版本 4.15 版本后新增调度算法:FO和OVF
1.FO(Weighted Fail Over)调度算法,在此FO算法中,遍历虚拟服务所关联的真实服务器链表,找到还未
过载(未设置IP_VS_DEST_F_OVERLOAD标志)的且权重最高的真实服务器,进行调度,属于静态算法
2.OVF(Overflow-connection)调度算法,基于真实服务器的活动连接数量和权重值实现。将新连接调度
到权重值最高的真实服务器,直到其活动连接数量超过权重值,之后调度到下一个权重值最高的真实服
务器,在此OVF算法中,遍历虚拟服务相关联的真实服务器链表,找到权重值最高的可用真实服务器。,属
于动态算法,一个可用的真实服务器需要同时满足以下条件:未过载(未设置IP_VS_DEST_F_OVERLOAD标志)
真实服务器当前的活动连接数量小于其权重值其权重值不为零
5、LVS的跨网络DR实现
5.1先配置单网段环境
环境:五台主机
一台:客户端 eth0:仅主机 192.168.10.6/24 GW:192.168.10.200
一台:ROUTER
eth0 :NAT 10.0.0.200/24
eth1: 仅主机 192.168.10.200/24
启用 IP_FORWARD
一台:LVS
eth0:NAT:DIP:10.0.0.8/24 GW:10.0.0.200
两台RS:
RS1:eth0:NAT:10.0.0.7/24 GW:10.0.0.200
RS2:eth0:NAT:10.0.0.17/24 GW:10.0.0.200
#所有主机禁用iptables和SELinux
5.1.1先设置internet主机和路由器
#internet主机的网络配置
#VM里添加网卡(仅主机)
[root@internet ~]#hostname -I
192.168.10.6
[root@internet ~]#route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.10.200 0.0.0.0 UG 0 0 0 ens33
192.168.10.0 0.0.0.0 255.255.255.0 U 0 0 0 ens33
#路由器网络配置
[root@route ~]#cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
NAME=eth0
BOOTPROTO=static
IPADDR=10.0.0.200
PREFIX=24
ONBOOT=yes
[root@router ~]#cd /etc/sysconfig/network-scripts/
[root@router network-scripts]#ls
ifcfg-ens160 ifcfg-eth0
[root@router network-scripts]#cp ifcfg-eth0 ifcfg-eth1
[root@router network-scripts]#vim /etc/sysconfig/network-scripts/ifcfg-eth1
[root@router network-scripts]#vim /etc/sysconfig/network-scripts/ifcfg-eth0
[root@router network-scripts]#nmcli connection reload
[root@router network-scripts]#nmcli connection
NAME UUID TYPE DEVICE
eth0 5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03 ethernet eth0
Wired connection 1 e7aa830d-7e4d-3a39-98eb-f3f8696844a3 ethernet eth1
ens160 fdcf089b-2a2f-4449-9539-103a161eeac0 ethernet --
eth1 9c92fad9-6ecb-3e6c-eb4d-8a47c6f50c04 ethernet --
[root@centos8 network-scripts]#nmcli connection delete Wired\ connetion\ 1
#eth1为新添加的仅主机网卡
[root@route ~]#cat /etc/sysconfig/network-scripts/ifcfg-eth1
DEVICE=eth1
NAME=eth1
BOOTPROTO=static
IPADDR=192.168.10.200
PREFIX=24
ONBOOT=yes
[root@route ~]#hostname -I
10.0.0.200 192.168.10.200
#开启路由器转发功能
[root@route ~]#vim /etc/sysctl.conf
[root@route ~]#sysctl -p
net.ipv4.ip_forward = 1
[root@route ~]#route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.0.0.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0
172.16.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.10.0 0.0.0.0 255.255.255.0 U 101 0 0 eth1
5.1.2RS服务器配置网络环境
#RS1的网络配置
[root@rs1 ~]#hostname
rs1.magedu.org
[root@rs1 ~]#hostname -I
10.0.0.7
[root@rs1 ~]#cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
NAME=eth0
BOOTPROTO=static
IPADDR=10.0.0.7
PREFIX=24
GATEWAY=10.0.0.200
ONBOOT=yes
[root@rs1 ~]#route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.0.0.200 0.0.0.0 UG 100 0 0 eth0
10.0.0.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0
[root@rs1 ~]#yum -y install httpd
[root@rs1 ~]#systemctl enable --now httpd
[root@rs1 ~]#hostname -I > /var/www/html/index.html
[root@rs1 ~]#ping 192.168.10.6 -c1
PING 192.168.10.6 (192.168.10.6) 56(84) bytes of data.
64 bytes from 192.168.10.6: icmp_seq=1 ttl=63 time=1.14 ms
[root@rs1 ~]#curl 10.0.0.7
10.0.0.7
################################################################################
#RS2的网络配置
[root@rs2 ~]#cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
NAME=eth0
BOOTPROTO=static
IPADDR=10.0.0.17
PREFIX=24
GATEWAY=10.0.0.200
ONBOOT=yes
[root@rs2 ~]#route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.0.0.200 0.0.0.0 UG 100 0 0 eth0
10.0.0.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0
[root@rs2 ~]#yum -y install httpd
[root@rs2 ~]#systemctl enable --now httpd
[root@rs2 ~]#hostname -I > /var/www/html/index.html
[root@rs2 ~]#curl 10.0.0.17
10.0.0.17
[root@rs1 ~]#ping 192.168.10.6 -c1
PING 192.168.10.6 (192.168.10.6) 56(84) bytes of data.
64 bytes from 192.168.10.6: icmp_seq=1 ttl=63 time=1.14 ms
[root@rs2 ~]#curl 10.0.0.17
10.0.0.17
################################################################################
5.1.3后端RS的IPVS配置
#RS1的IPVS配置(修改内核,绑定回环网卡)
[root@rs1 ~]#echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
[root@rs1 ~]#echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
[root@rs1 ~]#echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
[root@rs1 ~]#echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
[root@rs1 ~]#ifconfig lo:1 10.0.0.100/32
[root@rs1 ~]#ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group
default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet 10.0.0.100/0 scope global lo:1
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP
group default qlen 1000
link/ether 00:0c:29:01:f9:48 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.7/24 brd 10.0.0.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe01:f948/64 scope link
valid_lft forever preferred_lft forever
#RS2的IPVS配置
[root@rs2 ~]#echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
[root@rs2 ~]#echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
[root@rs2 ~]#echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
[root@rs2 ~]#echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
[root@rs2 ~]#ifconfig lo:1 10.0.0.100/32
[root@rs2 ~]#ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group
default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet 10.0.0.100/0 scope global lo:1
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP
group default qlen 1000
link/ether 00:0c:29:94:1a:f6 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.17/24 brd 10.0.0.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe94:1af6/64 scope link
valid_lft forever preferred_lft forever
5.1.4LVS网络配置
#LVS的网络配置
[root@lvs ~]#hostname
lvs.magedu.org
[root@lvs ~]#hostname -I
10.0.0.8
[root@lvs ~]#cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
NAME=eth0
BOOTPROTO=static
IPADDR=10.0.0.8
PREFIX=24
GATEWAY=10.0.0.200
ONBOOT=yes
[root@lvs ~]#route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.0.0.200 0.0.0.0 UG 100 0 0 eth0
10.0.0.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0
[root@lvs ~]#ping 192.168.10.6 -c1
PING 192.168.10.6 (192.168.10.6) 56(84) bytes of data.
64 bytes from 192.168.10.6: icmp_seq=1 ttl=63 time=2.32 ms
#在LVS上添加VIP
[root@lvs ~]#ifconfig lo:1 10.0.0.100/32
[root@lvs ~]#ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group
default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet 10.0.0.100/0 scope global lo:1
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP
group default qlen 1000
link/ether 00:0c:29:8a:51:21 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.8/24 brd 10.0.0.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
#实现LVS 规则
[root@lvs ~]#dnf -y install ipvsadm
[root@lvs ~]#ipvsadm -A -t 10.0.0.100:80 -s rr
[root@lvs ~]#ipvsadm -a -t 10.0.0.100:80 -r 10.0.0.7:80 -g
[root@lvs ~]#ipvsadm -a -t 10.0.0.100:80 -r 10.0.0.17:80 -g
[root@lvs ~]#ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 10.0.0.100:80 rr
-> 10.0.0.7:80 Route 1 0 0
-> 10.0.0.17:80 Route 1 0 0
5.1.5测试访问
[root@internet ~]#curl 10.0.0.100
10.0.0.17
[root@internet ~]#curl 10.0.0.100
10.0.0.7
5.2在单网段现有配置基础上实现跨网段(主要是脚本运行完成测试)
#路由器配置
#在路由器eth0右端网卡再添加一个虚拟网卡172.16.0.200/24
[root@route ~]#ip a a 172.16.0.200/24 dev eth0 label eth0:1
[root@route ~]#ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:e4:37:ec brd ff:ff:ff:ff:ff:ff
inet 10.0.0.200/24 brd 10.0.0.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet 172.16.0.200/24 scope global eth0:1
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:e4:37:f6 brd ff:ff:ff:ff:ff:ff
inet 192.168.10.200/24 brd 192.168.10.255 scope global noprefixroute eth1
[root@route ~]#hostname -I
10.0.0.200 172.16.0.200 192.168.10.200
[root@route ~]#route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.0.0.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0
172.16.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.10.0 0.0.0.0 255.255.255.0 U 101 0 0 eth1
#LVS主机的网络配置
[root@lvs ~]#hostname -I
10.0.0.8
[root@lvs ~]#route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.0.0.200 0.0.0.0 UG 0 0 0 eth0
10.0.0.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0
[root@rs1 ~]#hostname -I
10.0.0.7
[root@rs1 ~]#route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.0.0.200 0.0.0.0 UG 100 0 0 eth0
10.0.0.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0
#RS主机的网络配置
[root@rs2 ~]#hostname -I
10.0.0.17
[root@rs2 ~]#route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.0.0.200 0.0.0.0 UG 100 0 0 eth0
10.0.0.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0
#在LVS主机运行的脚本
#注意:VIP如果配置在LO网卡上,必须使用32bit子网掩码
#如果VIP绑定在eth0上,可以使用其它netmask
[root@lvs ~]#cat lvs_dr_vs.sh
#!/bin/bash
#Author:wangxiaochun
#Date:2017-08-13
vip='172.16.0.100'
iface='lo:1'
mask='255.255.255.255'
port='80'
rs1='10.0.0.7'
rs2='10.0.0.17'
scheduler='wrr'
type='-g'
rpm -q ipvsadm &> /dev/null || yum -y install ipvsadm &> /dev/null
case $1 in
start)
ifconfig $iface $vip netmask $mask #broadcast $vip up
iptables -F
ipvsadm -A -t ${vip}:${port} -s $scheduler
ipvsadm -a -t ${vip}:${port} -r ${rs1} $type -w 1
ipvsadm -a -t ${vip}:${port} -r ${rs2} $type -w 1
echo "The VS Server is Ready!"
;;
stop)
ipvsadm -C
ifconfig $iface down
echo "The VS Server is Canceled!"
;;
*)
echo "Usage: $(basename $0) start|stop"
exit 1
;;
esac
[root@lvs ~]#bash lvs_dr_vs.sh start
The VS Server is Ready!
#在RS后端服务器上分别运行脚本
[root@rs1 ~]#cat lvs_dr_rs.sh
#!/bin/bash
#Author:wangxiaochun
#Date:2017-08-13
vip=172.16.0.100
mask='255.255.255.255'
dev=lo:1
case $1 in
start)
echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
ifconfig $dev $vip netmask $mask
echo "The RS Server is Ready!"
;;
stop)
ifconfig $dev down
echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce
echo 0 > /proc/sys/net/ipv4/conf/lo/arp_announce
echo "The RS Server is Canceled!"
;;
*)
echo "Usage: $(basename $0) start|stop"
exit 1
;;
esac
[root@rs1 ~]#bash lvs_dr_rs.sh start
The RS Server is Ready!
#在RS后端服务器运行的脚本和RS1是一样的
[root@rs2 ~]#bash lvs_dr_rs.sh start
The RS Server is Ready!
#测试访问
[root@internet ~]#curl 172.16.0.100
10.0.0.7
[root@internet ~]#curl 172.16.0.100
10.0.0.17
