一、實現(xiàn)基于MYSQL驗證的vsftpd虛擬用戶訪問
準備2臺服務器:192.168.1.15(搭建ftp服務) 192.168.1.16(搭建Marisdb數(shù)據(jù)庫)
1蓬网、首先搭建ftp服務序调,安裝vsftpd和pam_mysql包
[root@centos7 ~]#yum install -y vsftpd
Loaded plugins: fastestmirror, langpacks
Determining fastest mirrors
base | 3.9 kB 00:00:00
epel | 3.6 kB 00:00:00
zabbix | 2.9 kB 00:00:00
zabbix-non-supported | 2.9 kB 00:00:00
(1/6): base/group_gz | 55 kB 00:00:00
(2/6): base/primary_db | 1.5 MB 00:00:00
(3/6): zabbix-non-supported/x86_64/primary_db | 3.7 kB 00:00:00
(4/6): epel/group_gz | 153 kB 00:00:00
(5/6): zabbix/x86_64/primary_db | 146 kB 00:00:01
(6/6): epel/primary_db | 6.1 MB 00:00:03
Resolving Dependencies
--> Running transaction check
---> Package vsftpd.x86_64 0:3.0.2-28.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
=====================================================================================================================
Package Arch Version Repository Size
=====================================================================================================================
Installing:
vsftpd x86_64 3.0.2-28.el7 epel 172 k
Transaction Summary
=====================================================================================================================
Install 1 Package
Total download size: 172 k
Installed size: 353 k
Downloading packages:
vsftpd-3.0.2-28.el7.x86_64.rpm | 172 kB 00:00:01
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Warning: RPMDB altered outside of yum.
Installing : vsftpd-3.0.2-28.el7.x86_64 1/1
Verifying : vsftpd-3.0.2-28.el7.x86_64 1/1
Installed:
vsftpd.x86_64 0:3.0.2-28.el7
Complete!
在服務器安裝pam_mysql包
在centos6中,pam_mysql由epel提供;在centos7和centos8中需要手動編譯安裝
pam_mysql的源碼編譯安裝
首先款青,安裝相關包
yum -y install vsftpd gcc gcc-c++ make mariadb-devel pam-devel
下載pam_mysql包
wget http://prdownloads.sourceforge.net/pam-mysql/pam_mysql-0.7RC1.tar.gz
解壓縮
tar xvf pam_mysql-0.7RC1.tar.gz
編譯安裝
cd pam_mysql-0.7RC1/
./configure --with-pam-mods-dir=/lib64/security
說明:
如果上面命令不指定 --with-pam-mods-dir=/lib64/security 會報以下錯誤
checking if the second argument of pam_conv.conv() takes const pointer... no
configure: error: Your system doesn't appear to be configured to use PAM.
Perhaps you need to specify the correct location where the PAM modules reside.
make install
[root@centos7 pam_mysql-0.7RC1]#ll /lib64/security/pam_mysql*
-rwxr-xr-x 1 root root 882 Mar 19 10:22 /lib64/security/pam_mysql.la
-rwxr-xr-x 1 root root 141768 Mar 19 10:22 /lib64/security/pam_mysql.so
2似舵、在ftp服務器創(chuàng)建pam認證所需的文件
參考README文檔創(chuàng)建
[root@centos7 pam.d]#pwd
/etc/pam.d
[root@centos7 pam.d]#vim vsftpd.mysql
auth required pam_mysql.so user=vsftpd passwd=shenqiqi host=mysqlserver db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2
account required pam_mysql.so user=vsftpd passwd=shenqiqi host=mysqlserver db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2
crypt 加密方式:
0表示不加密
1表示crypt(3)加密
2表示使用mysql password()函數(shù)加密
3表示md5加密
4表示sha1加密
配置字段說明
auth 表示認證
account 驗證賬號密碼正常使用
required 表示認證要通過
pam_mysql.so模塊是默認的相對路徑脚猾,是相對/lib64/security/路徑而言,也可以寫絕對路徑砚哗;后
面為給此模塊傳遞的參數(shù)
user=vsftpd為登錄mysql的用戶
passwd=magedu 登錄mysql的的密碼
host=mysqlserver mysql服務器的主機名或ip地址
db=vsftpd 指定連接msyql的數(shù)據(jù)庫名稱
table=users 指定連接數(shù)據(jù)庫中的表名
usercolumn=name 當做用戶名的字段
passwdcolumn=password 當做用戶名字段的密碼
crypt=2 密碼的加密方式為mysql password()函數(shù)加密
3龙助、建立相應的用戶和修改vsftpd配置文件
[root@centos7 ~]#useradd -s /sbin/nologin -d /data/ftproot -r vsftpuser
[root@centos7 ~]#mkdir /data/ftproot/upload -pv
mkdir: created directory ‘/data/ftproot’
mkdir: created directory ‘/data/ftproot/upload’
去掉ftp根目錄的寫權限
[root@centos7 ~]#setfacl -m u:vsftpuser:rwx /data/ftproot/upload/
修改配置文件
[root@centos7 ~]#vim /etc/vsftpd/vsftpd.conf
添加
guest_enable=YES
guest_username=vsftpuser
修改下面一項,原系統(tǒng)用戶無法登錄
pam_service_name=vsftpd.mysql
啟動vsftpd服務
systemctl enable --now vsftpd
Created symlink from /etc/systemd/system/multi-user.target.wants/vsftpd.service to /usr/lib/systemd/system/vsftpd.service.
4蛛芥、在ftp服務器上配置虛擬用戶具有不同的訪問權限
vsftpd可以在配置文件目錄中為每個用戶提供單獨的配置文件以定義其ftp服務訪問權限提鸟,每個虛擬用戶
的配置文件名同虛擬用戶的用戶名。配置文件目錄可以是任意未使用目錄仅淑,只需要在vsftpd.conf指定其
路徑及名稱即可
#配置vsftpd為虛擬用戶使用配置文件目錄
[root@centos7 ~]#vim /etc/vsftpd/vsftpd.conf
#添加如下選項
user_config_dir=/etc/vsftpd/conf.d/
#創(chuàng)建所需要目錄称勋,并為虛擬用戶提供配置文件
[root@centos7 ~]#mkdir /etc/vsftpd/conf.d/
#配置虛擬用戶的訪問權限
#虛擬用戶對vsftpd服務的訪問權限是通過匿名用戶的相關指令進行的。如要讓用戶shen具有上傳文件的權限涯竟,可修改/etc/vsftpd/vusers.d/ftp_shen文件赡鲜,在里面添加如下選項并設置為YES即可,只讀則設為NO
#注意:需確保對應的映射用戶對于文件系統(tǒng)有寫權限
[root@centos7 ~]#vim /etc/vsftpd/conf.d/ftp_shen
anon_upload_enable={YES|NO}
anon_mkdir_write_enable={YES|NO}
anon_other_write_enable={YES|NO}
#登錄目錄改變至指定的目錄
local_root=/data/ftproot2
5、在數(shù)據(jù)庫服務器安裝mariadb數(shù)據(jù)庫
注意:MySQL8.0由于取消了PASSWORD()函數(shù)不支持,因此選擇Mariadb
編譯安裝數(shù)據(jù)庫:
tar xvf mariadb-10.6.5-linux-systemd-x86_64.tar.gz -C /usr/local/src
cd /usr/local/src
創(chuàng)建軟連接
ln -s src/mariadb-10.6.5-linux-systemd-x86_64 mysql
chown -R root:root /usr/local/mysql/
創(chuàng)建MySQL數(shù)據(jù)存放目錄
getent passwd mysql
groupadd -r -g mysql
groupadd -r -g 306 mysql
useradd -r -g 306 -s /sbin/nologin -u 306 mysql
chown -R mysql:mysql /data/mysql/
修改配置文件
vim /etc/my.cnf
添加PATH變量
echo 'PATH=/usr/local/mysql/bin:$PATH' > /etc/profile.d/mysql.sh
source /etc/profile.d/mysql.sh
初始化數(shù)據(jù)庫
./scripts/mysql_install_db --user=mysql --datadir=/data/mysql
創(chuàng)建systemctl啟動的service文件
[root@centos_7 systemd]#ls
mariadb-extra@.socket mariadb.service mariadb@.service mariadb@.socket mysqld.service mysql.service use_galera_new_cluster.conf
[root@centos_7 systemd]#pwd
/usr/local/mysql/support-files/systemd
[root@centos_7 systemd]#cp mariadb.service /usr/lib/systemd/system
安全初始化腳本
[root@centos_7 ~]#ln -s /data/mysql/mysql.sock /tmp
[root@centos_7 ~]#ll /ymp
ls: cannot access /ymp: No such file or directory
[root@centos_7 ~]#ll /tmp
total 8
-rwx------. 1 root root 686 Mar 16 06:29 ks-script-68lfhJ
-rwx------. 1 root root 836 Mar 16 06:29 ks-script-IErBFd
lrwxrwxrwx 1 root root 22 Mar 19 14:25 mysql.sock -> /data/mysql/mysql.sock
drwx------. 2 root root 6 Mar 16 06:31 vmware-root
-rw-------. 1 root root 0 Mar 16 06:25 yum.log
需要創(chuàng)建軟連接昆禽,否則會報錯
[root@centos_7 ~]#mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
haven't set the root password yet, you should just press enter here.
Enter current password for root (enter for none):
ERROR 2002 (HY000): Can't connect to local server through socket '/tmp/mysql.sock' (2)
執(zhí)行安全初始化
[root@centos_7 ~]#mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
haven't set the root password yet, you should just press enter here.
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Setting the root password or using the unix_socket ensures that nobody
can log into the MariaDB root user without the proper authorisation.
You already have your root account protected, so you can safely answer 'n'.
Switch to unix_socket authentication [Y/n] n
... skipping.
You already have your root account protected, so you can safely answer 'n'.
Change the root password? [Y/n] n
... skipping.
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] y
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] y
... Success!
By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] y
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] y
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!
測試
在192.168.1.71安裝ftp客戶端
yum install -y ftp
服務器端目錄如下
[root@centos7 data]#ll
total 0
dr-xr-xr-x 3 vsftpuser vsftpuser 20 Mar 19 11:29 ftproot
dr-xr-xr-x 3 vsftpuser vsftpuser 20 Mar 19 15:12 ftproot1
drwxr-xr-x 3 vsftpuser vsftpuser 20 Mar 19 15:34 ftproot2
[root@centos7 data]#tree /etc/vsftpd/conf.d/
/etc/vsftpd/conf.d/
├── ftp_guo
└── ftp_shen
0 directories, 2 files
[root@centos7 data]#tree
.
├── ftproot
│ └── upload
│ └── ftp.txt
├── ftproot1
│ └── upload
│ ├── hosts
│ └── shen.txt
└── ftproot2
└── upload
├── guo.txt
└── hosts
6 directories, 5 files
在192.168.1.71下訪問192.168.1.15
[root@agent-web01 ~]#ftp 192.168.1.15
Connected to 192.168.1.15 (192.168.1.15).
220 (vsFTPd 3.0.2)
Name (192.168.1.15:root): ftp_shen
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
227 Entering Passive Mode (192,168,1,15,162,193).
150 Here comes the directory listing.
drwxr-xr-x 2 995 993 6 Mar 19 07:12 upload
226 Directory send OK.
ftp> lcd /etc
Local directory now /etc
ftp> ls
227 Entering Passive Mode (192,168,1,15,147,210).
150 Here comes the directory listing.
drwxr-xr-x 2 995 993 6 Mar 19 07:12 upload
226 Directory send OK.
ftp> cd upload
250 Directory successfully changed.
ftp> ls
227 Entering Passive Mode (192,168,1,15,195,51).
150 Here comes the directory listing.
-rw-r--r-- 1 0 0 0 Mar 19 07:29 shen.txt
226 Directory send OK.
ftp> lcd /etc
Local directory now /etc
ftp> put hosts
local: hosts remote: hosts
227 Entering Passive Mode (192,168,1,15,20,5).
150 Ok to send data.
226 Transfer complete.
158 bytes sent in 5.4e-05 secs (2925.93 Kbytes/sec)
ftp> ls
227 Entering Passive Mode (192,168,1,15,145,200).
150 Here comes the directory listing.
-rw------- 1 995 993 158 Mar 19 07:29 hosts
-rw-r--r-- 1 0 0 0 Mar 19 07:29 shen.txt
226 Directory send OK.
在數(shù)據(jù)庫添加新的用戶
MariaDB [vsftpd]> insert into user(name,password) values('alice',password('12345678'));
Query OK, 1 row affected (0.002 sec)
在數(shù)據(jù)庫添加新的賬戶蝗蛙,看到的是默認目錄
[root@agent-web01 ~]#ftp 192.168.1.15
Connected to 192.168.1.15 (192.168.1.15).
220 (vsFTPd 3.0.2)
Name (192.168.1.15:root): alice
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
227 Entering Passive Mode (192,168,1,15,190,188).
150 Here comes the directory listing.
drwxrwxr-x 2 0 0 6 Mar 19 03:29 upload
226 Directory send OK.
ftp> cd upload
250 Directory successfully changed.
ftp> ls
227 Entering Passive Mode (192,168,1,15,103,28).
150 Here comes the directory listing.
226 Directory send OK.
ftp> ls
227 Entering Passive Mode (192,168,1,15,147,206).
150 Here comes the directory listing.
-rw-r--r-- 1 0 0 0 Mar 19 07:41 ftp.txt
226 Directory send OK.
二、配置samba共享醉鳖,實現(xiàn)/www目錄共享
準備兩臺服務器:192.168.1.71安裝samba-client客戶端捡硅,192.168.1.72安裝samba服務端
samba默認共享的是當前用戶的家目錄
1、在192.168.1.71安裝客戶端
yum install -y samba-client
2盗棵、在192.168.1.72安裝服務端,并設置開機自啟動
yum install -y samba
systemctl enable --now smb
添加samba用戶壮韭,samba用戶必須是linux用戶,建議設置為/sbin/nologin
useradd smb1
useradd smb2
產(chǎn)看samba用戶列表
pdbedit -L
smb1:1000:
smb2:1001:
編輯配置文件
vim /etc/samba/smb.conf
添加
[share]
path=/data/www/
write list =smb1,smb2
創(chuàng)建www目錄,并且設置facl權限
mkdir /data/www
setfacl -m u:smb1:rwx /data/www/
setfacl -m u:smb2:rwx /data/www/
重啟samba服務
systemctl restart smb
3纹因、在192.168.1.71測試
查看共享服務列表
smbclient -L 192.168.1.72
Enter root's password:
Anonymous login successful
Domain=[SAMBA] OS=[Windows 6.1] Server=[Samba 4.10.16]
Sharename Type Comment
--------- ---- -------
print$ Disk Printer Drivers
share Disk
IPC$ IPC IPC Service (Samba 4.10.16)
Anonymous login successful
Domain=[SAMBA] OS=[Windows 6.1] Server=[Samba 4.10.16]
Server Comment
--------- -------
Workgroup Master
--------- -------
使用smb1登錄喷屋,并上傳測試文件
smbclient //192.168.1.72/share -U smb1%12345678
Domain=[SAMBA] OS=[Windows 6.1] Server=[Samba 4.10.16]
smb: \> ls
. D 0 Sun Mar 20 16:05:32 2022
.. D 0 Sun Mar 20 16:05:32 2022
63960 blocks of size 262144. 44714 blocks available
smb: \> !ls
anaconda-ks.cfg check.txt setup.sh
smb: \> put setup.sh
putting file setup.sh as \setup.sh (455.7 kb/s) (average 455.7 kb/s)
smb: \> ls
. D 0 Sun Mar 20 16:10:24 2022
.. D 0 Sun Mar 20 16:05:32 2022
setup.sh A 2333 Sun Mar 20 16:10:24 2022
63960 blocks of size 262144. 44714 blocks available
smb: \>
在服務器端創(chuàng)建文件
touch test.txt
ls
setup.sh test.txt
在客戶端下載
smb: \> get test.txt
getting file \test.txt of size 0 as test.txt (0.0 KiloBytes/sec) (average 0.0 KiloBytes/sec)
smb: \> ls
. D 0 Sun Mar 20 16:11:19 2022
.. D 0 Sun Mar 20 16:05:32 2022
setup.sh A 2333 Sun Mar 20 16:10:24 2022
test.txt 0 Sun Mar 20 16:11:19 2022
63960 blocks of size 262144. 44714 blocks available
smb: \> quit
ls
下載的文件在根目錄下面
setup.sh test.txt
三、使用rsync+inotify實現(xiàn)/www目錄實時同步
準備兩臺服務器:
192.168.1.71 安裝inotify-tools瞭恰,監(jiān)控共享的目錄的變化 192.168.1.72 安裝rsync屯曹,用來備份共享文件
1、192.168.1.71安裝inotify-tools
[root@data ~]#yum install -y inotify-tools
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* epel: mirrors.163.com
Resolving Dependencies
--> Running transaction check
---> Package inotify-tools.x86_64 0:3.14-9.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
===============================================================================================
Package Arch Version
===============================================================================================
Installing:
inotify-tools x86_64 3.14-9.el7
Transaction Summary
===============================================================================================
Install 1 Package
Total download size: 51 k
Installed size: 111 k
Downloading packages:
inotify-tools-3.14-9.el7.x86_64.rpm
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : inotify-tools-3.14-9.el7.x86_64
Verifying : inotify-tools-3.14-9.el7.x86_64
Installed:
inotify-tools.x86_64 0:3.14-9.el7
Complete!
2、在192.168.1.72安裝rsync恶耽,本實驗基于centos7.9密任,默認安裝了rsync-daemon;
安裝方法:yum install -y rsync
修改配置文件:
uid = root
gid = root
#port = 874 可指定非標準端口,默認873/tcp
##use chroot = no
max connections = 0
ignore errors
exclude = lost+found/
log file = /var/log/rsyncd.log
pid file = /var/run/rsyncd.pid
lock file = /var/run/rsyncd.lock
reverse lookup = no
[share]
path = /data/backup/
read only = no
comment = rsync export area
auth users = rsyncuser
secrets file = /etc/rsync.pas
創(chuàng)建密碼存放文件并修改權限
[root@backup ~]#touch /etc/rsync.pas
[root@backup ~]#vim /etc/rsync.pas
rsyncuser:12345678
chmod 600 /etc/rsync.pas
重啟服務
[root@backup ~]#systemctl restart rsyncd
3偷俭、在192.168.1.71創(chuàng)建密碼配置文件
echo "12345678" > /etc/rsync.pas
chmod 600 /etc/rsync.pas
4浪讳、查看遠程rsync服務器的模塊信息
[root@data ~]#rsync rsync://rsyncuser@192.168.1.72
share rsync export area
5、測試
將192.168.1.71指定目錄同步到192.168.1.72
rsync -azv --delete --password-file=/etc/rsync.pas /data/www/ rsync://rsyncuser@192.168.1.72/share
將192.168.1.72指定目錄同步到192.168.1.71
rsync -azv --delete --password-file=/etc/rsync.pas rsync://rsyncuser@192.168.1.72/share /data/www/
6涌萤、使用腳本后臺自動完成同步
#!/bin/bash
SRC='/data/www/' #注意最后的/
DEST='rsyncuser@192.168.1.72::share'
rpm -q rsync &> /dev/null || yum -y install rsync
inotifywait -mrq --exclude=".*\.swp" --timefmt '%Y-%m-%d %H:%M:%S' --format '%T %w %f' -e crea
te,delete,moved_to,close_write,attrib ${SRC} | while read DATE TIME DIR FILE;do
FILEPATH=${DIR}${FILE}
rsync -az --delete --password-file=/etc/rsync.pas $SRC $DEST && echo "At ${TIME} on ${DATE}, f
ile $FILEPATH was backuped up via rsync" >> /var/log/changelist.log
done
7淹遵、可以使用watch命令查看實時變化
四、LVS調(diào)度算法總結
分為兩種:動態(tài)方法和靜態(tài)方法
靜態(tài)算法
1负溪、RR:roundrobin透揣。輪詢,較常用
2笙以、WRR:weighted RR淌实。加權輪詢冻辩,較常用
3猖腕、SH:source hashing,實現(xiàn)session sticky恨闪,源IP地址hash倘感,將來自于同一個IP地址的請求始終發(fā)往第一次挑中的RS,從而實現(xiàn)會話綁定咙咽。
4老玛、DH:destination hashing;目標地址哈希钧敞,第一次輪詢調(diào)度至RS蜡豹,后續(xù)將發(fā)往同一個目標地址的請求始終轉(zhuǎn)發(fā)至第一次挑中的RS,典型使用場景是正向代理緩存場景中的負載均衡溉苛,如:Web緩存
動態(tài)算法
主要根據(jù)每RS當前的負載狀態(tài)及調(diào)度算法進行調(diào)度Overhead=value 較小的RS將被調(diào)用
1镜廉、LC:least connections適用于長連接應用
Overhead=activeconns256+inactiveconns
2、WLC:weighted LC 愚战,默認調(diào)度算法娇唯,較常用
Overhead=(activeconns256+inactiveconns)/weight
3、SED:shortest expection delay寂玲,初始連接高權重優(yōu)先塔插,只檢查活動連接,而不考慮非活動連接
Overhead=(activeconns+1)*256/weight
4拓哟、NQ:never queue,第一輪均勻分配想许,后續(xù)SED
5、LBLC:locality-based LC,動態(tài)的DH算法流纹,使用場景:根據(jù)負載狀態(tài)實現(xiàn)正向代理實現(xiàn)web cashe等
6谎砾、LBLCR:帶復制功能的LBLC,解決LBLC負載不均衡問題,從負載重的復制到負載輕的RS,,實現(xiàn)Web Cache等
內(nèi)核4.15之后新增的調(diào)度算法:FO和OVF
1捧颅、FO(Weighted Fail Over)調(diào)度算法,在此FO算法中景图,遍歷虛擬服務所關聯(lián)的真實服務器鏈表,找到還未過載(未設置IP_VS_DEST_F_OVERLOAD標志)的且權重最高的真實服務器碉哑,進行調(diào)度,屬于靜態(tài)算法
2挚币、OVF(Overflow-connection)調(diào)度算法,基于真實服務器的活動連接數(shù)量和權重值實現(xiàn)扣典。將新連接調(diào)度到權重值最高的真實服務器妆毕,直到其活動連接數(shù)量超過權重值,之后調(diào)度到下一個權重值最高的真實服務器,在此OVF算法中贮尖,遍歷虛擬服務相關聯(lián)的真實服務器鏈表笛粘,找到權重值最高的可用真實服務器,屬于動態(tài)算法
五、LVS的跨網(wǎng)絡DR實現(xiàn)
準備5臺服務器:
rs1:ens33:NAT:192.168.1.71/24 GW :192.168.1.200 lo:VIP:172.16.0.100
rs2:ens33:NAT:192.168.1.72/24 GW :192.168.1.200 lo:VIP:172.16.0.100
LVS:ens33:NAT:DIP:192.168.1.73 /24 GW :192.168.1.200 lo:VIP:172.16.0.100
route:ens33:NAT:192.168.1.200/24 ens33:1:NAT:172.16.0.100/24
ens34:僅主機:10.10.10.200/24
client:ens33:僅主機:10.10.10.150/24 GW:10.10.10.200/24
rs1湿硝、rs2準備http服務
yum install -y httpd
systemctl enable --now httpd
echo '192.168.1.71' > /var/www/html/index.html
echo '192.168.1.72' > /var/www/html/index.html
修改網(wǎng)卡配置
GATEWAY=192.168.1.200
修改內(nèi)核參數(shù)
[root@rs2 network-scripts]#echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
[root@rs2 network-scripts]#echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
[root@rs2 network-scripts]#echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
[root@rs2 network-scripts]#echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
配置回環(huán)網(wǎng)卡
ifconfig lo:1 172.16.0.100/32
LVS網(wǎng)卡配置
IPADDR=192.168.1.73
NETMASK=255.255.255.0
GATEWAY=192.168.1.200
配置回環(huán)網(wǎng)卡
ifconfig lo:1 172.16.0.100/32
配置路由器
添加網(wǎng)卡ens34:僅主機模式
vim ifcfg-ens33
IPADDR=192.168.1.200
ifconfig ens33:1 172.16.0.100/32
vim ifcfg-ens34
IPADDR=10.10.10.200
配置僅主機模式的客戶端
IPADDR=10.10.10.150
GATEWAY=10.10.10.200
curl 172.16.0.100
192.168.1.71
curl 172.16.0.100
192.168.1.72
