第十五周作业:
1、实现基于MYSQL验证的vsftpd虚拟用户访问
1、创建用户数据库文件 [root@centos8 ~]# yum install -y vsftpd [root@centos8 ~]# rpm -qf `which db_load` libdb-utils-5.3.28-42.el8_4.x86_64 [root@centos8 ~]# vim /etc/vsftpd/vusers.txt xiaoming 123456 xiaohong 654321 [root@centos8 ~]# db_load -T -t hash -f /etc/vsftpd/vusers.txt /etc/vsftpd/vusers.db [root@centos8 ~]# chmod 600 /etc/vsftpd/vusers.* 2、创建用户的访问FTP目录 [root@centos8 ~]# useradd -d /data/ftproot -s /sbin/nologin -r vuser [root@centos8 ~]# mkdir -pv /data/ftproot/upload [root@centos8 ~]# setfacl -m u:vuser:rwx /data/ftproot/upload [root@centos8 ~]# chown -R vuser.vuser /data/ 3、创建pam配置文件 [root@centos8 ~]# vim /etc/pam.d/vsftpd.db auth required pam_userdb.so db=/etc/vsftpd/vusers account required pam_userdb.so db=/etc/vsftpd/vusers 4、指定pam配置文件 [root@centos8 ~]# vim /etc/vsftpd/vsftpd.conf guest_enable=YES guest_username=vuser pam_service_name=vsftpd.db 5、虚拟用户建立独立的配置文件 #指定各个用户配置文件存放的路径 [root@centos8 ~]# vim /etc/vsftpd/vsftpd.conf user_config_dir=/etc/vsftpd/conf.d/ #创建各个用户配置文件存放的路径 [root@centos8 ~]# mkdir /etc/vsftpd/conf.d/ #创建各用户自己的配置文件,允许wang用户可读可写,其它用户只读 [root@centos8 ~]# cat /etc/vsftpd/conf.d/ftp_wang anon_upload_enable=YES anon_mkdir_write_enable=YES anon_other_write_enable=YES #创建各用户自己的配置文件 [root@centos8 ~]# cat /etc/vsftpd/conf.d/ftp_mage local_root=/data/ftproot2 #针对ftp_mage用户建立对应的数据目录 [root@centos8 pub]# mkdir /data/ftproot2/ [root@centos8 ~]# systemctl start vsftpd 实现基于MYSQL验证的vsftpd虚拟用户 1、安装配置mariadb数据库 [root@centos8 ~]# yum -y install mariadb-server [root@centos8 ~]# systemctl enable --now mariadb [root@centos8 ~]# mysql MariaDB [(none)]> CREATE DATABASE vsftpd; MariaDB [(none)]> use vsftpd MariaDB [vsftpd]> CREATE TABLE users ( -> id INT AUTO_INCREMENT NOT NULL PRIMARY KEY, -> name CHAR(50) BINARY NOT NULL, -> password CHAR(48) BINARY NOT NULL -> ); Query OK, 0 rows affected (0.004 sec) MariaDB [vsftpd]> insert users (name,password) values('alice',password('123456')); MariaDB [vsftpd]> insert users (name,password) values('bob',password('654321')); MariaDB [vsftpd]> select * from users; +----+-------+-------------------------------------------+ | id | name | password | +----+-------+-------------------------------------------+ | 1 | alice | *6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9 | | 2 | bob | *2A032F7C5BA932872F0F045E0CF6B53CF702F2C5 | +----+-------+-------------------------------------------+ MariaDB [vsftpd]> grant select on vsftpd.* to vsftpd@'10.0.0.%' identified by '123456'; 2、安装配置vsftpd [root@centos7 ~]# yum -y install vsftpd [root@centos7 ~]# rz [root@centos7 ~]# ls anaconda-ks.cfg pam_mysql-0.7RC1.tar.gz [root@centos7 ~]# tar xf pam_mysql-0.7RC1.tar.gz -C /usr/local/src [root@centos7 ~]# cd /usr/local/src [root@centos7 src]# cd pam_mysql-0.7RC1/ [root@centos7 pam_mysql-0.7RC1]# yum -y install vsftpd gcc gcc-c++ make mariadb-devel pam-devel [root@centos7 pam_mysql-0.7RC1]# ./configure --with-pam-mods-dir=/lib64/security [root@centos7 pam_mysql-0.7RC1]# make install [root@centos7 pam_mysql-0.7RC1]# vim /etc/pam.d/vsftpd.mysql auth required pam_mysql.so user=vsftpd passwd=123456 host=10.0.0.8 db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2 account required pam_mysql.so user=vsftpd passwd=123456 host=10.0.0.8 db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2 [root@centos7 pam_mysql-0.7RC1]# useradd -s /sbin/nologin -d /data/ftproot -r vuser [root@centos7 pam_mysql-0.7RC1]# mkdir -p /data/ftproot/upload [root@centos7 pam_mysql-0.7RC1]# chown vuser.vuser /data/ftproot/upload [root@centos7 pam_mysql-0.7RC1]# chmod +rwx /data/ftproot/upload [root@centos7 pam_mysql-0.7RC1]# cat /etc/vsftpd/vsftpd.conf #修改此行 pam_service_name=vsftpd.mysql #增加这两行 guest_enable=YES guest_username=vuser [root@centos7 pam_mysql-0.7RC1]# systemctl restart vsftpd [root@centos7 log]# vim /etc/vsftpd/vsftpd.conf user_config_dir=/etc/vsftpd/conf.d/ [root@centos7 log]# mkdir /etc/vsftpd/conf.d [root@centos7 log]# cat /etc/vsftpd/conf.d/alice anon_upload_enable=yes anon_mkdir_write_enable=yes anon_other_write_enable=yes local_root=/data/ftproot1 [root@centos7 log]# mkdir /data/ftproot1/upload -pv [root@centos7 log]# chown vuser.vuser /data/ftproot1/upload/ [root@centos7 log]# systemctl restart vsftpd [root@centos7 log]# mkdir /data/ftproot2/ [root@centos7 log]# touch /data/ftproot2/bob.txt [root@centos7 log]# cp /etc/vsftpd/conf.d/alice /etc/vsftpd/conf.d/bob 3、ftp账户测试 [root@client ~]# ftp 10.0.0.7 Connected to 10.0.0.7 (10.0.0.7). 220 (vsFTPd 3.0.2) Name (10.0.0.7:root): alice 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> ls 227 Entering Passive Mode (10,0,0,7,214,111). 150 Here comes the directory listing. drwxr-xr-x 2 997 994 6 Apr 04 12:29 upload 226 Directory send OK. ftp> lcd /etc Local directory now /etc ftp> cd upload 250 Directory successfully changed. ftp> put hosts local: hosts remote: hosts 227 Entering Passive Mode (10,0,0,7,243,124). 150 Ok to send data. 226 Transfer complete. 158 bytes sent in 6.5e-05 secs (2430.77 Kbytes/sec) [root@client ~]# ftp 10.0.0.7 Connected to 10.0.0.7 (10.0.0.7). 220 (vsFTPd 3.0.2) Name (10.0.0.7:root): bob 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> ls 227 Entering Passive Mode (10,0,0,7,122,22). 150 Here comes the directory listing. -rw-r--r-- 1 0 0 0 Apr 04 12:35 bob.txt 226 Directory send OK.
2、配置samba共享,实现/www目录共享
1、安装samba服务端 [root@centos8 ~]# yum -y install samba 2、创建用户和组 [root@centos8 ~]# groupadd -r admins [root@centos8 ~]# useradd -s /sbin/nologin -G admins smb1 [root@centos8 ~]# useradd -s /sbin/nologin -G admins smb2 [root@centos8 ~]# id smb1 uid=1000(smb1) gid=1000(smb1) groups=1000(smb1),990(admins) [root@centos8 ~]# id smb2 uid=1001(smb2) gid=1001(smb2) groups=1001(smb2),990(admins) 3、创建samba用户 [root@centos8 ~]# smbpasswd -a smb1 New SMB password: Retype new SMB password: Added user smb1. [root@centos8 ~]# smbpasswd -a smb2 New SMB password: Retype new SMB password: Added user smb2. [root@centos8 ~]# pdbedit -L smb1:1000: smb2:1001: 4、创建samba共享目录 [root@centos8 ~]# mkdir /www [root@centos8 ~]# chgrp admins /www [root@centos8 ~]# chmod 2775 /www 5、配置samba配置文件 [root@centos8 ~]# vim /etc/samba/smb.conf #最后一行后面添加 [share] path = /www write list = @admins 6、启动samba服务端 [root@centos8 ~]# systemctl enable --now smb nmb 7、安装客户端工具 [root@centos7 ~]# yum -y install cifs-utils 8、挂在cifs文件系统 [root@centos7 ~]# mkdir /mnt/smb{1,2} -pv mkdir: 已创建目录 "/mnt/smb1" mkdir: 已创建目录 "/mnt/smb2" [root@centos7 ~]# mount -o username=smb1 //10.0.0.8/share /mnt/smb1 Password for smb1@//10.0.0.8/share: ****** [root@centos7 ~]# mount -o username=smb2 //10.0.0.8/share /mnt/smb2 Password for smb2@//10.0.0.8/share: ****** [root@centos7 ~]# df -h 文件系统 容量 已用 可用 已用% 挂载点 //10.0.0.8/share 7.0G 1.8G 5.3G 26% /mnt/smb1 //10.0.0.8/share 7.0G 1.8G 5.3G 26% /mnt/smb2 9、最后做读写测试 [root@centos7 ~]# touch /mnt/smb1/smb1.txt [root@centos7 ~]# touch /mnt/smb2/smb2.txt [root@centos7 ~]# echo "test1" > /mnt/smb1/smb1.txt [root@centos7 ~]# echo "test2" > /mnt/smb2/smb2.txt [root@centos7 ~]# cat /mnt/smb1/smb1.txt test1 [root@centos7 ~]# cat /mnt/smb1/smb2.txt test2
3、使用rsync+inotify实现/www目录实时同步
#备份服务器 1、安装rsync [root@centos8 ~]# yum -y install rsync 2、修改配置文件 [root@centos8 ~]# vim /etc/rsyncd.conf uid=test gid=test reverse lookup = no [www] path=/www read only=no auth users=rsyncuser secrets file=/etc/rsync.pas 3、创建同步目录,生成密码文件 [root@centos8 ~]# mkdir /www [root@centos8 ~]# echo "rsyncuser:123456" > /etc/rsync.pas [root@centos8 ~]# chmod 600 /etc/rsync.pas 4、启动rsync服务 [root@centos8 ~]# rsync --daemon [root@centos8 ~]# ss -ntl State Recv-Q Send-Q Local Address:Port Peer Address:Port Process LISTEN 0 5 0.0.0.0:873 0.0.0.0:* #源数据服务器 1、安装相关包 [root@centos8 ~]# yum install -y inotify-tools [root@centos8 ~]# yum -y install rsync 2、创建密码文件 [root@centos8 ~]# mkdir /www [root@centos8 ~]# echo "rsyncuser:123456" > /etc/rsync.pas [root@centos8 ~]# chmod 600 /etc/rsync.pas 3、使用脚本实现同步 [root@centos8 ~]# vim innotify_rsync.sh SRC='/www' DEST='rsyncuser@10.0.0.18::www' rpm -q rsync &> /dev/null || yum -y install rsync inotifywait -mrq --exclude=".*\.swp" --timefmt '%Y-%m-%d %H:%M:%S' --format '%T %w %f' -e create,delete,moved_to,close_write,attrib ${SRC} | while read DATE TIME DIR FILE; do FILEPATH=${DIR}${FILE} rsync -az --delete --password-file=/etc/rsync.pas $SRC $DEST && echo "At ${TIME} on ${DATE}, file $FILEPATH was backuped up via rsync" >> /var/log/changelist.log done
4、LVS调度算法总结
ipvs scheduler:根据其调度是否考虑各RS当前的负载状态 分为两种:静态方法和动态方法 1、静态方法:仅根据算法本身进行调度 1.RR:roundrobin,轮询,较常用 2.WRR:Weighted RR,加权轮询,较常用 3.SH:Source Hashing,实现session sticky,源IP地址hash;将来自于同一个IP地址的请求始终发往第一次挑中的RS,从而实现会话绑定。 4.DH:Destination Hashing;目标地址哈希,第一次轮询调度至RS,后续将发往同一个目标地址的请求始终转发至第一次挑中的RS,典型使用场景是正向代理缓存场景的负载均衡,如Web缓存。 2、动态方法:主要根据每RS当前的负载状态及调度算法进行调度Overhead=value较小的RS将被调度 1.LC:least connections适用于长链接应用 Overhead=activeconns*256+inactiveconns 2.WLC:Weighted LC,默认调度方法,较常用 Overhead=(activeconns*256+inactiveconns)/weight 3.SED:Shortest Expection Delay,初始连接较高权重优先,只检查活动连接,而不考虑非活动连接 Overhead=(activeconns+1)*256/weight 4.NQ:Never Queue,第一轮询均匀分配,后续SED 5.LBLC:Locality-Based LC,动态的DH算法,使用场景:根据负载状态实现正向代理,实现Web Cache等。 6.LBLCR:LBLC with Replication,带复制功能的LBLC,解决LBLC负载不均衡问题,从负载重的复制到负载轻的RS,实现Web Cache等。 3、内核版本4.15后新增算法:FO和OVF FO(Weighted Fail Over)调度算法,在此FO算法中,遍历虚拟服务所关联的真实服务器链表,找到还未过载(未设置IP_VS_DEST_F_OVERLOAD标志)的且权重最高的真实服务器,进行调度,属于静态算法。 OVF(Overflow-connection)调度算法,基于真实服务器的活动连接数量和权重值实现。将新连接调度到权重值最高的真实服务器,直到其活动连接数量超过权重值,之后调度到下一个权重值最高的真实服务器,在此OVF算法中,遍历虚拟服务相关联的真实服务器链表,找到权重值最高的可用真实服务器,属于动态算法。
5、LVS的跨网络DR实现
1、LVS的网络配置
#internet主机环境
一台:客户端 eth0:仅主机 192.168.10.6/24 GW:192.168.10.200
[root@centos8 ~]# hostnamectl set-hostname internet
[root@internet ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
NAME=eth0
BOOTPROTO=static
IPADDR=192.168.10.6
PREFIX=24
GATEWAY=192.168.10.200
DNS1=223.5.5.5
DNS2=180.76.76.76
ONBOOT=yes
vmware设置网卡仅主机模式
[root@internet ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.10.200 0.0.0.0 UG 100 0 0 eth0
192.168.10.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0
#router主机环境
一台:ROUTER
eth0 :NAT 10.0.0.200/24
eth1: 仅主机 192.168.10.200/24
启用 IP_FORWARD
vmware添加网卡2设置仅主机模式
[root@centos8 ~]# echo 'net.ipv4.ip_forward=1' >> /etc/sysctl.conf
[root@centos8 ~]# sysctl -p
net.ipv4.ip_forward = 1
[root@centos8 ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0 /etc/sysconfig/network-scripts/ifcfg-eth1
DEVICE=eth0
NAME=eth0
BOOTPROTO=static
IPADDR=10.0.0.200
PREFIX=24
ONBOOT=yes
DEVICE=eth1
NAME=eth1
BOOTPROTO=static
IPADDR=192.168.10.200
PREFIX=24
ONBOOT=yes
[root@route network-scripts]# nmcli connection
NAME UUID TYPE DEVICE
eth0 5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03 ethernet eth0
Wired connection 1 09fc5042-0347-3ba0-9ede-e39715bd1bb7 ethernet eth1
eth1 9c92fad9-6ecb-3e6c-eb4d-8a47c6f50c04 ethernet --
[root@route network-scripts]# nmcli connection delete Wired\ connection\ 1
Connection 'Wired connection 1' (09fc5042-0347-3ba0-9ede-e39715bd1bb7) successfully deleted.
[root@route network-scripts]# nmcli connection
NAME UUID TYPE DEVICE
eth0 5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03 ethernet eth0
eth1 9c92fad9-6ecb-3e6c-eb4d-8a47c6f50c04 ethernet eth1
#添加172.16.0.200/24的地址
[root@route ~]# ip a a 172.16.0.200/24 dev eth0 label eth0:1
[root@route ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:b8:64:45 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.200/24 brd 10.0.0.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet 172.16.0.200/24 scope global eth0:1
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:feb8:6445/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:b8:64:4f brd ff:ff:ff:ff:ff:ff
inet 192.168.10.200/24 brd 192.168.10.255 scope global noprefixroute eth1
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:feb8:644f/64 scope link
valid_lft forever preferred_lft forever
#检查ip_forward开启
[root@route ~]# sysctl -p|grep ip_for
net.ipv4.ip_forward = 1
[root@route ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.0.0.0 0.0.0.0 255.255.255.0 U 102 0 0 eth0
172.16.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.10.0 0.0.0.0 255.255.255.0 U 101 0 0 eth1
两台RS:
RS1:eth0:NAT:10.0.0.7/24 GW:10.0.0.200
RS2:eth0:NAT:10.0.0.17/24 GW:10.0.0.200
#RS1网络配置
[root@centos7 ~]# hostnamectl set-hostname rs1
[root@rs1 ~]# yum -y install httpd
[root@rs1 ~]# systemctl enable --now httpd
Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.
[root@rs1 ~]# hostname -I > /var/www/html/index.html
[root@rs1 ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
NAME=eth0
BOOTPROTO=static
IPADDR=10.0.0.7
PREFIX=24
GATEWAY=10.0.0.200
ONBOOT=yes
[root@rs1 ~]# systemctl restart network
[root@rs1 ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.0.0.200 0.0.0.0 UG 100 0 0 eth0
10.0.0.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0
[root@rs1 ~]# bash lvs_dr_rs.sh start
The RS Server is Ready!
[root@rs1 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet 172.16.0.100/32 scope global lo:1
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:be:4a:7b brd ff:ff:ff:ff:ff:ff
inet 10.0.0.7/24 brd 10.0.0.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:febe:4a7b/64 scope link
valid_lft forever preferred_lft forever
#RS2
[root@centos7 ~]# hostnamectl set-hostname rs2
[root@rs2 ~]# yum -y install httpd
[root@rs2 ~]# systemctl enable --now httpd
Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.
[root@rs2 ~]# hostname -I > /var/www/html/index.html
[root@rs2 ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
NAME=eth0
BOOTPROTO=static
IPADDR=10.0.0.17
PREFIX=24
GATEWAY=10.0.0.200
ONBOOT=yes
[root@rs2 ~]# systemctl restart network
[root@rs2 ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.0.0.200 0.0.0.0 UG 100 0 0 eth0
10.0.0.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0
[root@rs2 ~]# bash lvs_dr_rs.sh start
The RS Server is Ready!
[root@rs2 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet 172.16.0.100/32 scope global lo:1
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:0a:01:38 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.17/24 brd 10.0.0.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe0a:138/64 scope link
valid_lft forever preferred_lft forever
一台:LVS
eth0:NAT:DIP:10.0.0.8/24 GW:10.0.0.200
#LVS的网络配置
[root@centos8 ~]# yum -y install ipvsadm
[root@centos8 ~]# hostnamectl set-hostname lvs
[root@centos8 ~]# hostname -I
10.0.0.8
[root@lvs ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
NAME=eth0
BOOTPROTO=static
IPADDR=10.0.0.8
PREFIX=24
GATEWAY=10.0.0.200
ONBOOT=yes
[root@lvs ~]# nmcli connection reload
[root@lvs ~]# nmcli connection up eth0
[root@lvs ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.0.0.200 0.0.0.0 UG 100 0 0 eth0
10.0.0.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0
2、后端RS的IPVS配置
#RS1的IPVS配置
[root@rs1 ~]# echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
[root@rs1 ~]# echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
[root@rs1 ~]# echo 2 > /proc/sys/net/ipv4/conf/all/arp_ignore
[root@rs1 ~]# echo 2 > /proc/sys/net/ipv4/conf/lo/arp_ignore
[root@rs1 ~]# ifconfig lo:1 10.0.0.100/32
[root@rs1 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet 10.0.0.100/0 scope global lo:1
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:be:4a:7b brd ff:ff:ff:ff:ff:ff
inet 10.0.0.7/24 brd 10.0.0.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:febe:4a7b/64 scope link
valid_lft forever preferred_lft forever
#RS2的IPVS配置
[root@rs2 ~]# echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
[root@rs2 ~]# echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
[root@rs2 ~]# echo 2 > /proc/sys/net/ipv4/conf/all/arp_ignore
[root@rs2 ~]# echo 2 > /proc/sys/net/ipv4/conf/lo/arp_ignore
[root@rs2 ~]# ifconfig lo:1 10.0.0.100/32
[root@rs2 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet 10.0.0.100/0 scope global lo:1
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:0a:01:38 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.17/24 brd 10.0.0.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe0a:138/64 scope link
valid_lft forever preferred_lft forever
3、LVS主机的配置
[root@lvs ~]# ifconfig lo:1 10.0.0.100/32
[root@lvs ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet 10.0.0.100/0 scope global lo:1
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:2d:a0:ce brd ff:ff:ff:ff:ff:ff
inet 10.0.0.8/24 brd 10.0.0.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever