马哥教育N63013-第十五周作业

第十五周作业：

1、实现基于MYSQL验证的vsftpd虚拟用户访问

1、创建用户数据库文件
[root@centos8 ~]# yum install -y vsftpd
[root@centos8 ~]# rpm -qf `which db_load`
libdb-utils-5.3.28-42.el8_4.x86_64
[root@centos8 ~]# vim /etc/vsftpd/vusers.txt 
xiaoming
123456
xiaohong
654321
[root@centos8 ~]# db_load -T -t hash -f /etc/vsftpd/vusers.txt /etc/vsftpd/vusers.db
[root@centos8 ~]# chmod 600 /etc/vsftpd/vusers.*
2、创建用户的访问FTP目录
[root@centos8 ~]# useradd -d /data/ftproot -s /sbin/nologin -r vuser
[root@centos8 ~]# mkdir -pv /data/ftproot/upload
[root@centos8 ~]# setfacl -m u:vuser:rwx /data/ftproot/upload
[root@centos8 ~]# chown -R vuser.vuser /data/
3、创建pam配置文件
[root@centos8 ~]# vim /etc/pam.d/vsftpd.db
auth required pam_userdb.so db=/etc/vsftpd/vusers
account required pam_userdb.so db=/etc/vsftpd/vusers
4、指定pam配置文件
[root@centos8 ~]# vim /etc/vsftpd/vsftpd.conf
guest_enable=YES
guest_username=vuser
pam_service_name=vsftpd.db
5、虚拟用户建立独立的配置文件
#指定各个用户配置文件存放的路径
[root@centos8 ~]# vim /etc/vsftpd/vsftpd.conf
user_config_dir=/etc/vsftpd/conf.d/
#创建各个用户配置文件存放的路径
[root@centos8 ~]# mkdir /etc/vsftpd/conf.d/
#创建各用户自己的配置文件，允许wang用户可读可写，其它用户只读
[root@centos8 ~]# cat /etc/vsftpd/conf.d/ftp_wang
anon_upload_enable=YES
anon_mkdir_write_enable=YES
anon_other_write_enable=YES
#创建各用户自己的配置文件
[root@centos8 ~]# cat /etc/vsftpd/conf.d/ftp_mage
local_root=/data/ftproot2
#针对ftp_mage用户建立对应的数据目录
[root@centos8 pub]# mkdir /data/ftproot2/
[root@centos8 ~]# systemctl start vsftpd


实现基于MYSQL验证的vsftpd虚拟用户
1、安装配置mariadb数据库
[root@centos8 ~]# yum -y install mariadb-server
[root@centos8 ~]# systemctl enable --now mariadb
[root@centos8 ~]# mysql
MariaDB [(none)]> CREATE DATABASE vsftpd;
MariaDB [(none)]> use vsftpd
MariaDB [vsftpd]> CREATE TABLE users (
    -> id INT AUTO_INCREMENT NOT NULL PRIMARY KEY,
    -> name CHAR(50) BINARY NOT NULL,
    -> password CHAR(48) BINARY NOT NULL
    -> );
Query OK, 0 rows affected (0.004 sec)
MariaDB [vsftpd]> insert users (name,password) values('alice',password('123456'));
MariaDB [vsftpd]> insert users (name,password) values('bob',password('654321'));
MariaDB [vsftpd]> select * from users;
+----+-------+-------------------------------------------+
| id | name  | password                                  |
+----+-------+-------------------------------------------+
|  1 | alice | *6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9 |
|  2 | bob   | *2A032F7C5BA932872F0F045E0CF6B53CF702F2C5 |
+----+-------+-------------------------------------------+
MariaDB [vsftpd]> grant select on vsftpd.* to vsftpd@'10.0.0.%' identified by '123456';

2、安装配置vsftpd
[root@centos7 ~]# yum -y install vsftpd
[root@centos7 ~]# rz
[root@centos7 ~]# ls
anaconda-ks.cfg  pam_mysql-0.7RC1.tar.gz
[root@centos7 ~]# tar xf pam_mysql-0.7RC1.tar.gz -C /usr/local/src
[root@centos7 ~]# cd /usr/local/src
[root@centos7 src]# cd pam_mysql-0.7RC1/
[root@centos7 pam_mysql-0.7RC1]# yum -y install vsftpd gcc gcc-c++ make mariadb-devel pam-devel
[root@centos7 pam_mysql-0.7RC1]# ./configure --with-pam-mods-dir=/lib64/security
[root@centos7 pam_mysql-0.7RC1]# make install
[root@centos7 pam_mysql-0.7RC1]# vim /etc/pam.d/vsftpd.mysql
auth required pam_mysql.so user=vsftpd passwd=123456 host=10.0.0.8 db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2
account required pam_mysql.so user=vsftpd passwd=123456 host=10.0.0.8 db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2
[root@centos7 pam_mysql-0.7RC1]# useradd -s /sbin/nologin -d /data/ftproot -r vuser
[root@centos7 pam_mysql-0.7RC1]# mkdir -p /data/ftproot/upload
[root@centos7 pam_mysql-0.7RC1]# chown vuser.vuser /data/ftproot/upload
[root@centos7 pam_mysql-0.7RC1]# chmod +rwx /data/ftproot/upload
[root@centos7 pam_mysql-0.7RC1]# cat /etc/vsftpd/vsftpd.conf
#修改此行
pam_service_name=vsftpd.mysql
#增加这两行
guest_enable=YES
guest_username=vuser
[root@centos7 pam_mysql-0.7RC1]# systemctl restart vsftpd
[root@centos7 log]# vim /etc/vsftpd/vsftpd.conf
user_config_dir=/etc/vsftpd/conf.d/
[root@centos7 log]# mkdir /etc/vsftpd/conf.d
[root@centos7 log]# cat /etc/vsftpd/conf.d/alice
anon_upload_enable=yes
anon_mkdir_write_enable=yes
anon_other_write_enable=yes
local_root=/data/ftproot1
[root@centos7 log]# mkdir /data/ftproot1/upload -pv
[root@centos7 log]# chown vuser.vuser /data/ftproot1/upload/
[root@centos7 log]# systemctl restart vsftpd
[root@centos7 log]# mkdir /data/ftproot2/
[root@centos7 log]# touch /data/ftproot2/bob.txt
[root@centos7 log]# cp /etc/vsftpd/conf.d/alice /etc/vsftpd/conf.d/bob



3、ftp账户测试
[root@client ~]# ftp 10.0.0.7
Connected to 10.0.0.7 (10.0.0.7).
220 (vsFTPd 3.0.2)
Name (10.0.0.7:root): alice
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
227 Entering Passive Mode (10,0,0,7,214,111).
150 Here comes the directory listing.
drwxr-xr-x    2 997      994             6 Apr 04 12:29 upload
226 Directory send OK.
ftp> lcd /etc
Local directory now /etc
ftp> cd upload
250 Directory successfully changed.
ftp> put hosts
local: hosts remote: hosts
227 Entering Passive Mode (10,0,0,7,243,124).
150 Ok to send data.
226 Transfer complete.
158 bytes sent in 6.5e-05 secs (2430.77 Kbytes/sec)
[root@client ~]# ftp 10.0.0.7
Connected to 10.0.0.7 (10.0.0.7).
220 (vsFTPd 3.0.2)
Name (10.0.0.7:root): bob
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
227 Entering Passive Mode (10,0,0,7,122,22).
150 Here comes the directory listing.
-rw-r--r--    1 0        0               0 Apr 04 12:35 bob.txt
226 Directory send OK.

 

2、配置samba共享，实现/www目录共享

1、安装samba服务端
[root@centos8 ~]# yum -y install samba
2、创建用户和组
[root@centos8 ~]# groupadd -r admins
[root@centos8 ~]# useradd -s /sbin/nologin -G admins smb1
[root@centos8 ~]# useradd -s /sbin/nologin -G admins smb2
[root@centos8 ~]# id smb1
uid=1000(smb1) gid=1000(smb1) groups=1000(smb1),990(admins)
[root@centos8 ~]# id smb2
uid=1001(smb2) gid=1001(smb2) groups=1001(smb2),990(admins)
3、创建samba用户
[root@centos8 ~]# smbpasswd -a smb1
New SMB password:
Retype new SMB password:
Added user smb1.
[root@centos8 ~]# smbpasswd -a smb2
New SMB password:
Retype new SMB password:
Added user smb2.
[root@centos8 ~]# pdbedit -L
smb1:1000:
smb2:1001:
4、创建samba共享目录
[root@centos8 ~]# mkdir /www
[root@centos8 ~]# chgrp admins /www
[root@centos8 ~]# chmod 2775 /www
5、配置samba配置文件
[root@centos8 ~]# vim /etc/samba/smb.conf
#最后一行后面添加
[share]
path = /www
write list = @admins
6、启动samba服务端
[root@centos8 ~]# systemctl enable --now smb nmb
7、安装客户端工具
[root@centos7 ~]# yum -y install cifs-utils
8、挂在cifs文件系统
[root@centos7 ~]# mkdir /mnt/smb{1,2} -pv
mkdir: 已创建目录 "/mnt/smb1"
mkdir: 已创建目录 "/mnt/smb2"
[root@centos7 ~]# mount -o username=smb1 //10.0.0.8/share /mnt/smb1
Password for smb1@//10.0.0.8/share:  ******
[root@centos7 ~]# mount -o username=smb2 //10.0.0.8/share /mnt/smb2
Password for smb2@//10.0.0.8/share:  ******
[root@centos7 ~]# df -h
文件系统          容量  已用  可用 已用% 挂载点
//10.0.0.8/share  7.0G  1.8G  5.3G   26% /mnt/smb1
//10.0.0.8/share  7.0G  1.8G  5.3G   26% /mnt/smb2
9、最后做读写测试
[root@centos7 ~]# touch /mnt/smb1/smb1.txt
[root@centos7 ~]# touch /mnt/smb2/smb2.txt
[root@centos7 ~]# echo "test1" > /mnt/smb1/smb1.txt
[root@centos7 ~]# echo "test2" > /mnt/smb2/smb2.txt
[root@centos7 ~]# cat /mnt/smb1/smb1.txt 
test1
[root@centos7 ~]# cat /mnt/smb1/smb2.txt 
test2

3、使用rsync+inotify实现/www目录实时同步

 

#备份服务器
1、安装rsync
[root@centos8 ~]# yum -y install rsync
2、修改配置文件
[root@centos8 ~]# vim /etc/rsyncd.conf
uid=test
gid=test
reverse lookup = no

[www]
path=/www
read only=no
auth users=rsyncuser
secrets file=/etc/rsync.pas
3、创建同步目录，生成密码文件
[root@centos8 ~]# mkdir /www
[root@centos8 ~]# echo "rsyncuser:123456" > /etc/rsync.pas
[root@centos8 ~]# chmod 600 /etc/rsync.pas
4、启动rsync服务
[root@centos8 ~]# rsync --daemon
[root@centos8 ~]# ss -ntl
State    Recv-Q   Send-Q      Local Address:Port       Peer Address:Port   Process   
LISTEN   0        5                 0.0.0.0:873             0.0.0.0:*    
#源数据服务器
1、安装相关包
[root@centos8 ~]# yum install -y inotify-tools
[root@centos8 ~]# yum -y install rsync
2、创建密码文件
[root@centos8 ~]# mkdir /www
[root@centos8 ~]# echo "rsyncuser:123456" > /etc/rsync.pas
[root@centos8 ~]# chmod 600 /etc/rsync.pas
3、使用脚本实现同步
[root@centos8 ~]# vim innotify_rsync.sh 
SRC='/www' 
DEST='rsyncuser@10.0.0.18::www'

rpm -q rsync &> /dev/null || yum -y install rsync
inotifywait -mrq --exclude=".*\.swp" --timefmt '%Y-%m-%d %H:%M:%S' --format '%T %w %f' -e create,delete,moved_to,close_write,attrib ${SRC} | while read DATE TIME DIR FILE;
do
    FILEPATH=${DIR}${FILE}
    rsync -az --delete --password-file=/etc/rsync.pas $SRC $DEST && echo "At ${TIME} on ${DATE}, file $FILEPATH was backuped up via rsync" >> /var/log/changelist.log
done

4、LVS调度算法总结

ipvs scheduler：根据其调度是否考虑各RS当前的负载状态
分为两种：静态方法和动态方法
1、静态方法：仅根据算法本身进行调度
    1.RR：roundrobin，轮询，较常用
    2.WRR：Weighted RR，加权轮询，较常用
    3.SH：Source Hashing，实现session sticky，源IP地址hash；将来自于同一个IP地址的请求始终发往第一次挑中的RS，从而实现会话绑定。
    4.DH：Destination Hashing；目标地址哈希，第一次轮询调度至RS，后续将发往同一个目标地址的请求始终转发至第一次挑中的RS，典型使用场景是正向代理缓存场景的负载均衡，如Web缓存。
2、动态方法：主要根据每RS当前的负载状态及调度算法进行调度Overhead=value较小的RS将被调度
    1.LC：least connections适用于长链接应用
    Overhead=activeconns*256+inactiveconns
    2.WLC:Weighted LC，默认调度方法，较常用
    Overhead=(activeconns*256+inactiveconns)/weight
    3.SED：Shortest Expection Delay，初始连接较高权重优先，只检查活动连接，而不考虑非活动连接
    Overhead=(activeconns+1)*256/weight
    4.NQ：Never Queue，第一轮询均匀分配，后续SED
    5.LBLC：Locality-Based LC，动态的DH算法，使用场景：根据负载状态实现正向代理，实现Web Cache等。
    6.LBLCR：LBLC with Replication，带复制功能的LBLC，解决LBLC负载不均衡问题，从负载重的复制到负载轻的RS，实现Web Cache等。
3、内核版本4.15后新增算法：FO和OVF
    FO（Weighted Fail Over）调度算法，在此FO算法中，遍历虚拟服务所关联的真实服务器链表，找到还未过载（未设置IP_VS_DEST_F_OVERLOAD标志）的且权重最高的真实服务器，进行调度，属于静态算法。
    OVF（Overflow-connection）调度算法，基于真实服务器的活动连接数量和权重值实现。将新连接调度到权重值最高的真实服务器，直到其活动连接数量超过权重值，之后调度到下一个权重值最高的真实服务器，在此OVF算法中，遍历虚拟服务相关联的真实服务器链表，找到权重值最高的可用真实服务器，属于动态算法。

5、LVS的跨网络DR实现

?

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253

1、LVS的网络配置 #internet主机环境  一台：客户端 eth0:仅主机 192.168.10.6/24 GW:192.168.10.200 [root@centos8 ~]# hostnamectl set-hostname internet [root@internet ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0 DEVICE=eth0 NAME=eth0 BOOTPROTO=static IPADDR=192.168.10.6 PREFIX=24 GATEWAY=192.168.10.200 DNS1=223.5.5.5 DNS2=180.76.76.76 ONBOOT=yes vmware设置网卡仅主机模式 [root@internet ~]# route -n Kernel IP routing table Destination     Gateway         Genmask         Flags Metric Ref    Use Iface 0.0.0.0         192.168.10.200  0.0.0.0         UG    100    0        0 eth0 192.168.10.0    0.0.0.0         255.255.255.0   U     100    0        0 eth0   #router主机环境 一台：ROUTER eth0 :NAT  10.0.0.200/24 eth1: 仅主机 192.168.10.200/24 启用 IP_FORWARD vmware添加网卡2设置仅主机模式 [root@centos8 ~]# echo 'net.ipv4.ip_forward=1' >> /etc/sysctl.conf [root@centos8 ~]# sysctl -p net.ipv4.ip_forward = 1 [root@centos8 ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0 /etc/sysconfig/network-scripts/ifcfg-eth1 DEVICE=eth0 NAME=eth0 BOOTPROTO=static IPADDR=10.0.0.200 PREFIX=24 ONBOOT=yes DEVICE=eth1 NAME=eth1 BOOTPROTO=static IPADDR=192.168.10.200 PREFIX=24 ONBOOT=yes [root@route network-scripts]# nmcli connection NAME                UUID                                  TYPE      DEVICE eth0                5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03  ethernet  eth0   Wired connection 1  09fc5042-0347-3ba0-9ede-e39715bd1bb7  ethernet  eth1   eth1                9c92fad9-6ecb-3e6c-eb4d-8a47c6f50c04  ethernet  --    [root@route network-scripts]# nmcli connection delete Wired\ connection\ 1 Connection 'Wired connection 1' (09fc5042-0347-3ba0-9ede-e39715bd1bb7) successfully deleted. [root@route network-scripts]# nmcli connection NAME  UUID                                  TYPE      DEVICE eth0  5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03  ethernet  eth0   eth1  9c92fad9-6ecb-3e6c-eb4d-8a47c6f50c04  ethernet  eth1   #添加172.16.0.200/24的地址 [root@route ~]# ip a a 172.16.0.200/24 dev eth0 label eth0:1 [root@route ~]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00     inet 127.0.0.1/8 scope host lo        valid_lft forever preferred_lft forever     inet6 ::1/128 scope host        valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000     link/ether 00:0c:29:b8:64:45 brd ff:ff:ff:ff:ff:ff     inet 10.0.0.200/24 brd 10.0.0.255 scope global noprefixroute eth0        valid_lft forever preferred_lft forever     inet 172.16.0.200/24 scope global eth0:1        valid_lft forever preferred_lft forever     inet6 fe80::20c:29ff:feb8:6445/64 scope link        valid_lft forever preferred_lft forever 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000     link/ether 00:0c:29:b8:64:4f brd ff:ff:ff:ff:ff:ff     inet 192.168.10.200/24 brd 192.168.10.255 scope global noprefixroute eth1        valid_lft forever preferred_lft forever     inet6 fe80::20c:29ff:feb8:644f/64 scope link        valid_lft forever preferred_lft forever #检查ip_forward开启 [root@route ~]# sysctl -p|grep ip_for net.ipv4.ip_forward = 1 [root@route ~]# route -n Kernel IP routing table Destination     Gateway         Genmask         Flags Metric Ref    Use Iface 10.0.0.0        0.0.0.0         255.255.255.0   U     102    0        0 eth0 172.16.0.0      0.0.0.0         255.255.255.0   U     0      0        0 eth0 192.168.10.0    0.0.0.0         255.255.255.0   U     101    0        0 eth1       两台RS： RS1：eth0:NAT:10.0.0.7/24   GW：10.0.0.200 RS2：eth0:NAT:10.0.0.17/24 GW：10.0.0.200 #RS1网络配置 [root@centos7 ~]# hostnamectl set-hostname rs1 [root@rs1 ~]# yum -y install httpd [root@rs1 ~]# systemctl enable --now httpd Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service. [root@rs1 ~]# hostname -I > /var/www/html/index.html [root@rs1 ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0 DEVICE=eth0 NAME=eth0 BOOTPROTO=static IPADDR=10.0.0.7 PREFIX=24 GATEWAY=10.0.0.200 ONBOOT=yes [root@rs1 ~]# systemctl restart network [root@rs1 ~]# route -n Kernel IP routing table Destination     Gateway         Genmask         Flags Metric Ref    Use Iface 0.0.0.0         10.0.0.200      0.0.0.0         UG    100    0        0 eth0 10.0.0.0        0.0.0.0         255.255.255.0   U     100    0        0 eth0 [root@rs1 ~]# bash lvs_dr_rs.sh start The RS Server is Ready! [root@rs1 ~]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00     inet 127.0.0.1/8 scope host lo        valid_lft forever preferred_lft forever     inet 172.16.0.100/32 scope global lo:1        valid_lft forever preferred_lft forever     inet6 ::1/128 scope host        valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000     link/ether 00:0c:29:be:4a:7b brd ff:ff:ff:ff:ff:ff     inet 10.0.0.7/24 brd 10.0.0.255 scope global noprefixroute eth0        valid_lft forever preferred_lft forever     inet6 fe80::20c:29ff:febe:4a7b/64 scope link        valid_lft forever preferred_lft forever     #RS2 [root@centos7 ~]# hostnamectl set-hostname rs2 [root@rs2 ~]# yum -y install httpd [root@rs2 ~]# systemctl enable --now httpd Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service. [root@rs2 ~]# hostname -I > /var/www/html/index.html [root@rs2 ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0 DEVICE=eth0 NAME=eth0 BOOTPROTO=static IPADDR=10.0.0.17 PREFIX=24 GATEWAY=10.0.0.200 ONBOOT=yes [root@rs2 ~]# systemctl restart network [root@rs2 ~]# route -n Kernel IP routing table Destination     Gateway         Genmask         Flags Metric Ref    Use Iface 0.0.0.0         10.0.0.200      0.0.0.0         UG    100    0        0 eth0 10.0.0.0        0.0.0.0         255.255.255.0   U     100    0        0 eth0 [root@rs2 ~]# bash lvs_dr_rs.sh start The RS Server is Ready! [root@rs2 ~]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00     inet 127.0.0.1/8 scope host lo        valid_lft forever preferred_lft forever     inet 172.16.0.100/32 scope global lo:1        valid_lft forever preferred_lft forever     inet6 ::1/128 scope host        valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000     link/ether 00:0c:29:0a:01:38 brd ff:ff:ff:ff:ff:ff     inet 10.0.0.17/24 brd 10.0.0.255 scope global noprefixroute eth0        valid_lft forever preferred_lft forever     inet6 fe80::20c:29ff:fe0a:138/64 scope link        valid_lft forever preferred_lft forever     一台：LVS eth0:NAT:DIP:10.0.0.8/24 GW:10.0.0.200 #LVS的网络配置 [root@centos8 ~]# yum -y install ipvsadm [root@centos8 ~]# hostnamectl set-hostname lvs [root@centos8 ~]# hostname -I 10.0.0.8 [root@lvs ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0 DEVICE=eth0 NAME=eth0 BOOTPROTO=static IPADDR=10.0.0.8 PREFIX=24 GATEWAY=10.0.0.200 ONBOOT=yes [root@lvs ~]# nmcli connection reload [root@lvs ~]# nmcli connection up eth0 [root@lvs ~]# route -n Kernel IP routing table Destination     Gateway         Genmask         Flags Metric Ref    Use Iface 0.0.0.0         10.0.0.200      0.0.0.0         UG    100    0        0 eth0 10.0.0.0        0.0.0.0         255.255.255.0   U     100    0        0 eth0   2、后端RS的IPVS配置 #RS1的IPVS配置 [root@rs1 ~]# echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore [root@rs1 ~]# echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore [root@rs1 ~]# echo 2 > /proc/sys/net/ipv4/conf/all/arp_ignore [root@rs1 ~]# echo 2 > /proc/sys/net/ipv4/conf/lo/arp_ignore [root@rs1 ~]# ifconfig lo:1 10.0.0.100/32 [root@rs1 ~]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00     inet 127.0.0.1/8 scope host lo        valid_lft forever preferred_lft forever     inet 10.0.0.100/0 scope global lo:1        valid_lft forever preferred_lft forever     inet6 ::1/128 scope host        valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000     link/ether 00:0c:29:be:4a:7b brd ff:ff:ff:ff:ff:ff     inet 10.0.0.7/24 brd 10.0.0.255 scope global noprefixroute eth0        valid_lft forever preferred_lft forever     inet6 fe80::20c:29ff:febe:4a7b/64 scope link        valid_lft forever preferred_lft forever   #RS2的IPVS配置 [root@rs2 ~]# echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore [root@rs2 ~]# echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore [root@rs2 ~]# echo 2 > /proc/sys/net/ipv4/conf/all/arp_ignore [root@rs2 ~]# echo 2 > /proc/sys/net/ipv4/conf/lo/arp_ignore [root@rs2 ~]# ifconfig lo:1 10.0.0.100/32 [root@rs2 ~]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00     inet 127.0.0.1/8 scope host lo        valid_lft forever preferred_lft forever     inet 10.0.0.100/0 scope global lo:1        valid_lft forever preferred_lft forever     inet6 ::1/128 scope host        valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000     link/ether 00:0c:29:0a:01:38 brd ff:ff:ff:ff:ff:ff     inet 10.0.0.17/24 brd 10.0.0.255 scope global noprefixroute eth0        valid_lft forever preferred_lft forever     inet6 fe80::20c:29ff:fe0a:138/64 scope link        valid_lft forever preferred_lft forever   3、LVS主机的配置 [root@lvs ~]# ifconfig lo:1 10.0.0.100/32 [root@lvs ~]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00     inet 127.0.0.1/8 scope host lo        valid_lft forever preferred_lft forever     inet 10.0.0.100/0 scope global lo:1        valid_lft forever preferred_lft forever     inet6 ::1/128 scope host        valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000     link/ether 00:0c:29:2d:a0:ce brd ff:ff:ff:ff:ff:ff     inet 10.0.0.8/24 brd 10.0.0.255 scope global noprefixroute eth0        valid_lft forever preferred_lft forever