第十五周作业
一、实现基于MYSQL验证的vsftpd虚拟用户访问
环境准备
Centos7:192.168.119.131 FTP-Server
Centos7_mini2:192.168.119.147 MariaDB-Server
Ubuntu22:192.168.119.149 客户端
实验步骤
1.1 安装数据库服务
[root@Mariadb-Server ~]# yum -y install mariadb-server
[root@Mariadb-Server ~]# systemctl enable --now mariadb.service
1.2 配置数据库服务支持vsftpd服务
[root@Mariadb-Server ~]# mysql
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 2
Server version: 5.5.68-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> create database vsftpd;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> use vsftpd;
Database changed
MariaDB [vsftpd]> create table users (
-> id int auto_increment not null primary key,
-> name char(50) binary not null,
-> password char(48) binary not null
-> );
Query OK, 0 rows affected (0.00 sec)
MariaDB [vsftpd]> insert into users(name,password)
-> values('ftp_wu',password('wuhaolam'));
Query OK, 1 row affected (0.01 sec)
MariaDB [vsftpd]> insert into users(name,password) values('ftp_xia',password('wuhaolam'));
Query OK, 1 row affected (0.01 sec)
MariaDB [vsftpd]> select * from users;
+----+---------+-------------------------------------------+
| id | name | password |
+----+---------+-------------------------------------------+
| 1 | ftp_wu | *2690FEEA8D4D050D9B1000360EAE7496905DC8B2 |
| 2 | ftp_xia | *2690FEEA8D4D050D9B1000360EAE7496905DC8B2 |
+----+---------+-------------------------------------------+
2 rows in set (0.01 sec)
MariaDB [vsftpd]> grant select on vsftpd.* to vsftpd@'192.168.119.%' identified by 'wuhaolam';
Query OK, 0 rows affected (0.00 sec)
MariaDB [vsftpd]> flush privileges;
Query OK, 0 rows affected (0.00 sec)
1.3 在 FTP 服务器上安装 vsftpd 和 pam_mysql
# 安装 vsftpd
[root@FTP-Server ~]# yum -y install vsftpd
# 编译安装 pam_mysql
[root@FTP-Server ~]# yum -y install vsftpd gcc gcc-c++ make mariadb-devel pam-devel
# 下载地址http://prdownloads.sourceforge.net/pam-mysql/pam_mysql-0.7RC1.tar.gz
[root@FTP-Server ~]# ls
pam_mysql-0.7RC1.tar.gz
[root@FTP-Server ~]# tar xf pam_mysql-0.7RC1.tar.gz
[root@FTP-Server ~]# cd pam_mysql-0.7RC1/
[root@FTP-Server pam_mysql-0.7RC1]# ./configure --with-pam-mods-dir=/lib64/security
[root@FTP-Server pam_mysql-0.7RC1]# make && make install
[root@FTP-Server pam_mysql-0.7RC1]# ll /lib64/security/pam_mysql*
-rwxr-xr-x 1 root root 882 Jul 9 21:04 /lib64/security/pam_mysql.la
-rwxr-xr-x 1 root root 141712 Jul 9 21:04 /lib64/security/pam_mysql.so
1.4 在FTP服务器上建立pam认证所需文件
[root@FTP-Server ~]# vim /etc/pam.d/vsftpd.mysql
auth required pam_mysql.so user=vsftpd passwd=wuhaolam host=192.168.119.147 db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2
account required pam_mysql.so user=vsftpd passwd=wuhaolam host=192.168.119.147 db=vsftpd tabe =users usercolumn=name passwdcolumn=password crypt=2
1.5 建立相应用户和修改vsftpd配置文件
[root@FTP-Server ~]# useradd -s /sbin/nologin -d /data/ftproot -r vuser
[root@FTP-Server ~]# mkdir -pv /data/ftproot/upload
mkdir: created directory ‘/data’
mkdir: created directory ‘/data/ftproot’
mkdir: created directory ‘/data/ftproot/upload’
[root@FTP-Server ~]# setfacl -m u:vuser:rwx /data/ftproot/upload/
[root@FTP-Server ~]# vim /etc/vsftpd/vsftpd.conf
#添加下面两项
guest_enable=YES
guest_username=vuser
#修改下面一项,原系统用户无法登录
pam_service_name=vsftpd.mysql
[root@FTP-Server ~]# systemctl enable --now vsftpd
1.6 在FTP服务器上配置虚拟用户具有不同的访问权限
[root@FTP-Server ~]# vim /etc/vsftpd/vsftpd.conf
#添加如下选项
user_config_dir=/etc/vsftpd/conf.d/
#创建所需要目录,并为虚拟用户提供配置文件
[root@FTP-Server ~]# mkdir /etc/vsftpd/conf.d
#配置虚拟用户的访问权限
[root@FTP-Server ~]# vim /etc/vsftpd/conf.d/ftp_wu
anon_upload_enable=YES
anon_mkdir_write_enable=YES
anon_other_write_enable=YES
local_root=/data/ftproot1
[root@FTP-Server ~]# mkdir -p /data/ftproot1/{upload,download}
[root@FTP-Server upload]# chown vuser:vuser /data/ftproot1/upload/
[root@FTP-Server upload]# systemctl restart vsftpd
1.7 测试
# 使用ftp_wu账号登录
root@wh-virtual-machine:~# ftp 192.168.119.131
Connected to 192.168.119.131.
220 (vsFTPd 3.0.2)
Name (192.168.119.131:root): ftp_wu
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
229 Entering Extended Passive Mode (|||37373|).
150 Here comes the directory listing.
drwxr-xr-x 2 0 0 6 Jul 13 02:00 download
drwxr-xr-x 2 998 996 6 Jul 13 02:00 upload
226 Directory send OK.
ftp> cd upload
250 Directory successfully changed.
ftp> lcd /etc
Local directory now: /etc
ftp> put hosts
local: hosts remote: hosts
229 Entering Extended Passive Mode (|||48194|).
150 Ok to send data.
100% |*****************************************************************************| 233 3.08 MiB/s 00:00 ETA
226 Transfer complete.
233 bytes sent in 00:00 (432.58 KiB/s)
ftp> ls
229 Entering Extended Passive Mode (|||40649|).
150 Here comes the directory listing.
-rw------- 1 998 996 233 Jul 13 02:17 hosts
226 Directory send OK.
# 使用 ftp_xia 用户登录
# 没有特别指明自己的配置文件,默认进入到vuser定义的目录中
root@wh-virtual-machine:~# ftp 192.168.119.131
Connected to 192.168.119.131.
220 (vsFTPd 3.0.2)
Name (192.168.119.131:root): ftp_xia
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
229 Entering Extended Passive Mode (|||23023|).
150 Here comes the directory listing.
drwxrwxr-x 2 0 0 19 Jul 13 02:12 upload
226 Directory send OK.
二、配置samba共享,实现/www目录共享
环境准备
Centos8-mini:192.168.119.148 --- Samba 服务器
centos7:192.168.119.142 --- 客户端验证
实验步骤
# 安装Samba服务和Samba客户端
[root@Centos8-mini ~]# yum -y install samba
[root@Centos8-mini ~]# systemctl enable --now samba
[root@centos7 ~]# yum -y install samba-client
# 首先创建操作系统账号,之后转换成smb账号
[root@Centos8-mini ~]# useradd smb1
[root@Centos8-mini ~]# smbpasswd -a smb1
New SMB password:
Retype new SMB password:
Added user smb1.
# 查看smb账号
[root@Centos8-mini ~]# pdbedit -L
smb1:1001:
# 创建共享目录 /www
[root@Centos8-mini ~]# mkdir /www
[root@Centos8-mini ~]# chmod 777 /www
[root@Centos8-mini ~]# touch /www/a.txt
# 修改smb服务配置文件
[root@Centos8-mini ~]# vim /etc/samba/smb.conf // 增加如下两行
[share_www] // 文件共享名称,可随意指定
path=/www // 实际共享的目录
writeable=yes // 用户能够上传文件
[root@Centos8-mini ~]# systemctl restart smb.service
# 验证
[root@centos7 ~]# smbclient //192.168.119.148/share_www -U smb1%wuhaolam
Try "help" to get a list of possible commands.
smb: \> ls
. D 0 Wed Jul 20 19:44:54 2022
.. D 0 Wed Jul 20 19:44:39 2022
a.txt N 0 Wed Jul 20 19:44:54 2022
48243412 blocks of size 1024. 43868916 blocks available
smb: \> !ls
anaconda-ks.cfg b.txt
smb: \> put b.txt
putting file b.txt as \b.txt (0.0 kb/s) (average 0.0 kb/s)
smb: \> ls
. D 0 Wed Jul 20 20:00:44 2022
.. D 0 Wed Jul 20 19:44:39 2022
b.txt A 0 Wed Jul 20 20:00:44 2022
a.txt N 0 Wed Jul 20 19:44:54 2022
48243412 blocks of size 1024. 43889236 blocks available
三、使用rsync+inotify实现/www目录实时同步
环境准备
Centos8-mini:192.168.119.148 --- 提供数据
Rocky8-mini:192.168.119.128 --- 提供备份
实验步骤
# 安装对应的软件包
[root@Centos8-mini ~]# yum -y install inotify-tools
[root@Rocky8-mini ~]# yum -y install rsync rsync-daemon
[root@Rocky8-mini ~]# systemctl enable --now rsyncd.service
Created symlink /etc/systemd/system/multi-user.target.wants/rsyncd.service → /usr/lib/systemd/system/rsyncd.service.
# 修改配置文件,并创建协作目录
[root@Rocky8-mini ~]# cat /etc/rsyncd.conf
[backup]
path=/www
read only = no
[root@Rocky8-mini ~]# mkdir /www
[root@Rocky8-mini ~]# setfacl -m u:nobody:rwx /www/
# 基本验证
[root@Centos8-mini www]# rsync /etc/networks root@192.168.119.128::backup
[root@Rocky8-mini ~]# ll /www/
total 4
-rw-r--r-- 1 nobody nobody 58 Jul 20 10:08 networks
# 安全加固
[root@Rocky8-mini ~]# cat /etc/rsyncd.conf
uid = root
gid =root
max connections = 0
ignore errors
exclude = lost+found/
log file = /var/log/rsyncd.log
pid file = /var/run/rsyncd.pid
lock file = /var/run/rsyncd.lock
reverse lookup = no
[backup]
path=/www
read only = no
auth users = rsyncuser
secrets file = /etc/rsync.pas
[root@Rocky8-mini ~]# echo "rsyncuser:wuhaolam" > /etc/rsync.pas
[root@Rocky8-mini ~]# chmod 600 /etc/rsync.pas
[root@Rocky8-mini ~]# systemctl restart rsyncd.service
[root@Centos8-mini ~]# echo "rsyncuser" > /etc/rsync.pas
[root@Centos8-mini ~]# chmod 600 /etc/rsync.pas
# 验证
[root@Centos8-mini ~]# rsync --password-file=/etc/rsync.pas /etc/sysctl.conf rsync://rsyncuser@192.168.119.128/backup
[root@Rocky8-mini ~]# ll /www
total 12
-rw-r--r-- 1 root root 529 Jul 20 10:53 group
-rw-r--r-- 1 nobody nobody 58 Jul 20 10:08 networks
-rw-r--r-- 1 root root 449 Jul 20 11:04 sysctl.conf
# 实时同步
[root@Centos8-mini ~]# cat inotify_rsync.sh
#!/bin/bash
SRC='/www/'
DEST='rsyncuser@192.168.119.128::backup'
rpm -q rsync &> /dev/null || yum -y install rsync
inotifywait -mrq --exclude=".*\.swp" --timefmt '%Y-%m-%d %H:%M:%S' --format '%T %w %f' -e create,delete,moved_to,close_write,attrib ${SRC} |while read DATE TIME DIR FILE;do
FILEPATH=${DIR}${FILE}
rsync -az --delete --password-file=/etc/rsync.pas $SRC $DEST && echo "At ${TIME} on ${DATE}, file $FILEPATH was backuped up via rsync" >> /var/log/changelist.log
done
[root@Centos8-mini ~]# bash inotify_rsync.sh
[root@Rocky8-mini ~]# watch -n0.5 ls -l /www/
实验结果
四、LVS调度算法总结
静态方式
仅根据算法本身进行调度,不考虑后端服务器的负载情况
1、RR
轮询算法,在进行服务器调度时,滚动式的向后端服务器进行调度。
2、WRR
加权轮询算法,可根据后端服务器的性能分配不同的权值,分配权值大的服务器承担更多的负载。
3、SH
Source Hashing,实现session sticky,将源地址进行hash,这样同一个IP地址将始终发送到第一次被调度到的后端服务器,实现会话绑定。但是私网在访问互联网时,在出口处都会转换成同一个公网IP地址,这样就会导致某个局域网中所有用户都转发到同一个后端服务器,造成该服务器负载过大。
4、DH
Destination Hashing;目标地址哈希,对目标地址做hash然后调度,后续只要是访问的是同一个目标地址,则只会调度到该目标地址做hash后所对应的服务器上。通常用于web缓存,访问相同网站的同一个数据资源时,会调度到对应的缓存服务器进行获取。
动态方式
考虑后端服务器的负载状态及调度算法进行调度,overhead=value 较小的后端服务器将被调度。
1、LC: least connections
适用于长链接应用
Overhead=activeconns*256+inactiveconns
2、WLC:Weighted LC
默认调度算法,较常用
Overhead=(activeconns*256+inactiveconns)/weight
3、SED:Shortest Expecion Delay
初始连接高权重优先,只检查活动连接,不考虑非活动链接
Overhead=(activeconns+1)*256/weight
4、NQ:Never Queue
第一轮均匀分配,之后按照SED算法
5、LBLC:Locality-Based LC
动态的DH算法
场景:根据负载状态实现正向代理,实现web缓存等
6、LBLCR:LBL with Replication
带复制功能的LBLC算法,解决LBLC负载不均衡问题,将负载重的后端服务器复制到负载轻的后端服务器,实现web cache等
内核4.15以上新增 FO和OVF
1、FO:weight fail over
遍历后端真实服务器列表,找到未过载(IP_VS_DEST_F_OVERLOAD标志位置位)的且权重最高的服务器进行调度,属于静态算法。
2、OVF:Overflow-connection
通过后端真实服务器的活动连接数和权重值实现。将一个新的连接调度到权值高的真实服务器,直到活动连接数量超过权重值时,之后调度到下一个权重值最高的真实服务器,属于动态算法。
一个可用的真实服务器需要满足的条件:
- 未过载(IP_VS_DEST_F_OVERLOAD标志位置位)
- 真实服务器当前的活动连接数小于其权重值
- 其权重值不为零
五、LVS的跨网络DR实现
实验架构如图所示
实验环境
Ubuntu20:IP: 192.168.225.135 GW: 192.168.225.10
Rocky8:Router ens33 192.168.119.10 ens33:1 172.16.0.10/24ens37 192.168.225.10/24
Rocky8:LVS lo:vip 172.16.0.100/32 ens33 192.168.119.146 GW 192.168.119.10/24
Rocky8:RS1 lo:vip 172.16.0.100/32 ens33 192.168.119.128 GW 192.168.119.10
Rocky8:RS2lo:vip 172.16.0.100/32 ens33 192.168.119.138 GW 192.168.119.10
网络环境准备
# 互联网客户端验证网络环境
root@wh-virtual-machine:~# ip a show eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:94:07:1a brd ff:ff:ff:ff:ff:ff
altname enp2s1
altname ens33
inet 192.168.225.135/24 brd 192.168.225.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe94:71a/64 scope link
valid_lft forever preferred_lft forever
root@wh-virtual-machine:~# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.225.10 0.0.0.0 UG 20100 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 eth0
192.168.225.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0
# 路由器端网络环境
[root@Router ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:8b:d7:3c brd ff:ff:ff:ff:ff:ff
inet 192.168.119.10/24 brd 192.168.119.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet 172.16.0.10/24 scope global ens33:1
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe8b:d73c/64 scope link
valid_lft forever preferred_lft forever
3: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:8b:d7:46 brd ff:ff:ff:ff:ff:ff
inet 192.168.225.10/24 brd 192.168.225.255 scope global noprefixroute ens37
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe8b:d746/64 scope link
valid_lft forever preferred_lft forever
[root@Router ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.119.0 0.0.0.0 255.255.255.0 U 102 0 0 ens33
192.168.225.0 0.0.0.0 255.255.255.0 U 101 0 0 ens37
# LVS服务器网络环境
[root@LVS ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet 172.16.0.100/0 scope global lo:1
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:c1:c7:03 brd ff:ff:ff:ff:ff:ff
inet 192.168.119.146/24 brd 192.168.119.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fec1:c703/64 scope link
valid_lft forever preferred_lft forever
[root@LVS ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.119.10 0.0.0.0 UG 100 0 0 ens33
192.168.119.0 0.0.0.0 255.255.255.0 U 100 0 0 ens33
# 后端真实服务器RS1
[root@rs1 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet 172.16.0.100/0 scope global lo:1
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:4d:a8:89 brd ff:ff:ff:ff:ff:ff
inet 192.168.119.128/24 brd 192.168.119.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe4d:a889/64 scope link
valid_lft forever preferred_lft forever
[root@rs1 ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.119.10 0.0.0.0 UG 100 0 0 ens33
192.168.119.0 0.0.0.0 255.255.255.0 U 100 0 0 ens33
# 后端真实服务器RS2
[root@rs2 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet 172.16.0.100/0 scope global lo:1
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:d3:f6:4f brd ff:ff:ff:ff:ff:ff
inet 192.168.119.138/24 brd 192.168.119.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fed3:f64f/64 scope link
valid_lft forever preferred_lft forever
[root@rs2 ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.119.10 0.0.0.0 UG 100 0 0 ens33
192.168.119.0 0.0.0.0 255.255.255.0 U 100 0 0 ens33
配置DR模式的LVS的调度
# 用Linux模拟路由器,不同网段之间通信故开启IP转发功能
[root@Router ~]# echo 'net.ipv4.ip_forward=1' >> /etc/sysctl.conf
[root@Router ~]# sysctl -p
net.ipv4.ip_forward = 1
# 在RS1和RS2上准备测试页面
[root@rs1 ~]# systemctl status httpd
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
Active: active (running) since Sun 2022-07-24 20:11:25 EDT; 1h 26min ago
Docs: man:httpd.service(8)
Main PID: 1786 (httpd)
Status: "Total requests: 8; Idle/Busy workers 100/0;Requests/sec: 0.00156; Bytes served/sec: 0 B/sec"
Tasks: 213 (limit: 11217)
Memory: 45.4M
CGroup: /system.slice/httpd.service
├─1786 /usr/sbin/httpd -DFOREGROUND
├─1790 /usr/sbin/httpd -DFOREGROUND
├─1791 /usr/sbin/httpd -DFOREGROUND
├─1792 /usr/sbin/httpd -DFOREGROUND
└─1793 /usr/sbin/httpd -DFOREGROUND
Jul 24 20:11:06 rs1 systemd[1]: Starting The Apache HTTP Server...
Jul 24 20:11:25 rs1 httpd[1786]: AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using fe80::20c:29ff:fe4d:>
Jul 24 20:11:25 rs1 systemd[1]: Started The Apache HTTP Server.
Jul 24 20:11:35 rs1 httpd[1786]: Server configured, listening on: port 80
[root@rs1 ~]# cat /var/www/html/index.html
RS1 192.168.119.128
[root@rs2 ~]# systemctl status httpd
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
Active: active (running) since Mon 2022-07-25 08:11:30 CST; 1h 26min ago
Docs: man:httpd.service(8)
Main PID: 1847 (httpd)
Status: "Total requests: 5; Idle/Busy workers 100/0;Requests/sec: 0.000963; Bytes served/sec: 0 B/sec"
Tasks: 213 (limit: 11217)
Memory: 33.3M
CGroup: /system.slice/httpd.service
├─1847 /usr/sbin/httpd -DFOREGROUND
├─1848 /usr/sbin/httpd -DFOREGROUND
├─1849 /usr/sbin/httpd -DFOREGROUND
├─1850 /usr/sbin/httpd -DFOREGROUND
└─1851 /usr/sbin/httpd -DFOREGROUND
Jul 25 08:11:12 rs2 systemd[1]: Starting The Apache HTTP Server...
Jul 25 08:11:30 rs2 httpd[1847]: AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using fe80::20c:29ff:fed3:>
Jul 25 08:11:30 rs2 systemd[1]: Started The Apache HTTP Server.
[root@rs2 ~]# cat /var/www/html/index.html
RS2 192.168.119.138
# 安装ipvsadm工具并配置相关规则
[root@LVS ~]# yum -y install ipvsadm
[root@LVS ~]# ipvsadm -A -t 172.16.0.100:80 -s rr // 使用RR的调度算法
[root@LVS ~]# ipvsadm -a -t 172.16.0.100:80 -r 192.168.119.128:80 -g
[root@LVS ~]# ipvsadm -a -t 172.16.0.100:80 -r 192.168.119.138:80 -g
[root@LVS ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.16.0.100:80 rr
-> 192.168.119.128:80 Route 1 0 0
-> 192.168.119.138:80 Route 1 0 0
测试
root@wh-virtual-machine:~# curl 172.16.0.100
RS2 192.168.119.138
root@wh-virtual-machine:~# curl 172.16.0.100
RS1 192.168.119.128
root@wh-virtual-machine:~# curl 172.16.0.100
RS2 192.168.119.138
root@wh-virtual-machine:~# curl 172.16.0.100
RS1 192.168.119.128
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 全程不用写代码,我用AI程序员写了一个飞机大战
· MongoDB 8.0这个新功能碉堡了,比商业数据库还牛
· 记一次.NET内存居高不下排查解决与启示
· 白话解读 Dapr 1.15:你的「微服务管家」又秀新绝活了
· DeepSeek 开源周回顾「GitHub 热点速览」