第十五周作業(yè)

1、實現(xiàn)基于MYSQL驗證的vsftpd虛擬用戶訪問

Mysql的二進制安裝是使用的之前作業(yè)的腳本。

1.創(chuàng)建vsftpd數(shù)據庫,同時創(chuàng)建用于存儲用戶賬戶的users表;

create database vsftpd;
use vsftpd;
CREATE TABLE users (
id INT AUTO_INCREMENT NOT NULL PRIMARY KEY,
name CHAR(50) BINARY NOT NULL,
password CHAR(48) BINARY NOT NULL
);

create user vsftpd@'localhost' identified by 'admin.123';
grant select on vsftpd.* to vsftpd@localhost;

insert into users(name,password) values('mxx', password('mxx.123'));
  1. 安裝pam_mysql模塊及其他程序
yum -y install vsftpd gcc gcc-c++ make mariadb-devel pam-devel
wget http://prdownloads.sourceforge.net/pam-mysql/pam_mysql-0.7RC1.tar.gz
tar xvf pam_mysql-0.7RC1.tar.gz
cd pam_mysql-0.7RC1/
./configure --with-pam-mods-dir=/lib64/security
make install
  1. 創(chuàng)建PAM配置文件,調用pam_mysql.so模塊執(zhí)行認證,使用的
[root@localhost ~]# cat /etc/pam.d/vsftpd.mysql 
auth required pam_mysql.so user=vsftpd passwd=admin.123 host=/tmp/mysql.sock db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2
account required pam_mysql.so user=vsftpd passwd=admin.123 host=/tmp/mysql.sock db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2
  1. vsftpd配置
#創(chuàng)建用于映射的系統(tǒng)賬戶,主目錄配置為不可寫
useradd -s /sbin/nologin -d /data/ftproot -r vuser
chmod 555 /data/ftproot

#創(chuàng)建可寫的子目錄
mkdir -pv /data/ftproot/mxx
setfacl -m u:vuser:rwx /data/ftproot/mxx

#編輯vsftpd.conf配置文件
vim /etc/vsftpd/vsftpd.conf
guest_enable=YES
guest_username=vuser
#修改pam模塊配置文件,指向新的配置文件
pam_service_name=vsftpd.mysql
#開啟日志功能,可以確認異常日志
dual_log_enable=yes
vsftpd_log_file=/var/log/vsftpd.log
#添加特定用戶配置文件存放的目錄
user_config_dir=/etc/vsftpd/conf.d


mkdir /etc/vsftpd/conf.d/
vim /etc/vsftpd/conf.d/mxx
#配置用戶可執(zhí)行上傳下載,以及mxx用戶的主目錄
anon_upload_enable=yes
anon_mkdir_write_enable=yes
anon_other_write_enable=yes
local_root=/data/ftproot
  1. 啟動服務
#啟動vsftpd服務
[root@centos7 ~]#systemctl enable --now vsftpd

2、配置samba共享,實現(xiàn)/www目錄共享

  1. 服務器端安裝samba,并創(chuàng)建用戶
yum -y install samba

useradd mxx10 -s /sbin/nologin
[root@centos8-2 ~]# smbpasswd -a mxx10
New SMB password:
Retype new SMB password:
Added user mxx10.
[root@centos8-2 ~]# pdbedit -L
mxx10:1000:

#客戶端已經可以看到home目錄
[root@centos8-1 ~]# smbclient -L 192.168.11.7 -U mxx10%mxx10

    Sharename       Type      Comment
    ---------       ----      -------
    print$          Disk      Printer Drivers
    IPC$            IPC       IPC Service (Samba 4.14.5)
    mxx10           Disk      Home Directories
SMB1 disabled -- no workgroup available
  1. 啟動/www目錄共享
[root@centos8-2 ~]# cat /etc/samba/smb.conf
# See smb.conf.example for a more detailed config file or
# read the smb.conf manpage.
# Run 'testparm' to verify the config is correct after
# you modified it.

[global]
    workgroup = SAMBA
    security = user

    passdb backend = tdbsam

    printing = cups
    printcap name = cups
    load printers = yes
    cups options = raw
    config file=/etc/samba/conf.d/%U
    log file=/var/log/samba/log.%I
    log level=2

#[homes]
    comment = Home Directories
    valid users = %S, %D%w%S
    browseable = No
    read only = No
    inherit acls = Yes
----------------------------------
[root@centos8-2 ~]# cat /etc/samba/conf.d/mxx10
[www]
comment=webfile
path=/www
writable=yes
valid users=mxx10


#測試結果
[root@centos8-1 ~]# smbclient -L 192.168.11.7 -U mxx10%mxx10

    Sharename       Type      Comment
    ---------       ----      -------
    www             Disk      webfile
    IPC$            IPC       IPC Service (Samba 4.14.5)
    mxx10           Disk      Home Directories
SMB1 disabled -- no workgroup available
[root@centos8-1 ~]# smbclient //192.168.11.7/www -U mxx10%mxx10
Try "help" to get a list of possible commands.
smb: \> ls
  .                                   D        0  Tue Dec 28 21:46:17 2021
  ..                                  D        0  Tue Dec 28 21:43:47 2021
  aaa.txt                             N        0  Tue Dec 28 21:44:55 2021
  myshellall-new.sh                   A    27914  Tue Dec 28 21:46:17 2021

        52403200 blocks of size 1024. 50114980 blocks available
smb: \>

3、使用rsync+inotify實現(xiàn)/www目錄實時同步

  1. rsync配置
#備份服務器側安裝rsync-daemon軟件,會自動安裝/etc/rsyncd.conf和rsyncd.service文件
yum -y install rsync-daemon

#修改配置文件
[root@centos8-2 ~]# cat /etc/rsyncd.conf 
# /etc/rsyncd: configuration file for rsync daemon mode

# See rsyncd.conf man page for more options.

# configuration example:

# uid = nobody
# gid = nobody
# use chroot = yes
# max connections = 4
# pid file = /var/run/rsyncd.pid
# exclude = lost+found/
# transfer logging = yes
# timeout = 900
# ignore nonreadable = yes
# dont compress   = *.gz *.tgz *.zip *.z *.Z *.rpm *.deb *.bz2

# [ftp]
#        path = /home/ftp
#        comment = ftp export area
uid = root
gid = root
max connection = 0
exclude = ansible/
log file = /var/log/rsyncd.log
pid file = /var/run/rsyncd.pid
lock file = /var/run/rsyncd.lock
reverse lookup = no

[www-backup]
path = /www
comment = www backup
read only = no
write only = no
auth users = mxx
secrets file = /etc/rsync.pas

#創(chuàng)建rsync密碼文件,同時對密碼文件加密
echo "mxx:admin.123" > /etc/rsync.pas
chmod 600 /etc/rsync.pas

#啟動rsync守護進程,以service方式
systemctl enable --now rsyncd.service
  1. 數(shù)據服務器側連接確認rsync的配置,數(shù)據服務器需要掌握同步的主動權,因此它必須要是同步的客戶端,由它決定何時推送變化數(shù)據給備份服務器:
#準備密碼文件
echo "admin.123" > /etc/rsync.pas
chmod 600 /etc/rsync.pas

[root@centos8-1 ~]# rsync rsync://192.168.11.7
www-backup      www backup

[root@centos8-1 ~]# rsync -avz --delete --password-file=/etc/rsync.pas /www/ rsync://mxx@192.168.11.7/www-backup
sending incremental file list
./
aaa.txt
anaconda-ks.cfg
myshellall-new.sh

sent 8,168 bytes  received 76 bytes  16,488.00 bytes/sec
total size is 29,250  speedup is 3.55
  1. 自動同步腳本完成后續(xù)的實時同步
[root@centos8-1 ~]# vim rsync.sh
#!/bin/bash   
inotifywait -mrq --exclude=".*\.swp" --timefmt '%Y-%m-%d %H:%M:%S' --format '%T %w %f' -e create,delete,moved_to,close_write,att
rib /www | while read DATE TIME DIR FILE;do                                                                                     
    FILEPATH=${DIR}${FILE}
    rsync -avz --delete --password-file=/etc/rsync.pas /www/ rsync://mxx@192.168.11.7/www-backup/ && logger -t rsync_log "At ${T
IME} on ${DATE}, file $FILEPATH was backuped up via rsync"
    done
  1. 執(zhí)行腳本并檢查結果
bash rsync.sh

[root@centos8-1 www]# tail -f /var/log/messages 
Dec 28 23:46:36 centos8-1 systemd[1]: Starting dnf makecache...
Dec 28 23:46:37 centos8-1 dnf[7394]: Metadata cache refreshed recently.
Dec 28 23:46:37 centos8-1 systemd[1]: dnf-makecache.service: Succeeded.
Dec 28 23:46:37 centos8-1 systemd[1]: Started dnf makecache.
Dec 29 00:00:36 centos8-1 systemd[1]: Starting update of the root trust anchor for DNSSEC validation in unbound...
Dec 29 00:01:56 centos8-1 systemd[1]: unbound-anchor.service: Succeeded.
Dec 29 00:01:56 centos8-1 systemd[1]: Started update of the root trust anchor for DNSSEC validation in unbound.
Dec 29 00:08:49 centos8-1 rsync_log[12716]: At 00:08:49 on 2021-12-29, file /www/text.txt was backuped up via rsync
Dec 29 00:08:49 centos8-1 rsync_log[12718]: At 00:08:49 on 2021-12-29, file /www/text.txt was backuped up via rsync
Dec 29 00:08:50 centos8-1 rsync_log[12720]: At 00:08:49 on 2021-12-29, file /www/text.txt was backuped up via rsync
Dec 29 00:12:09 centos8-1 systemd[1]: Started Session 4 of user root.
Dec 29 00:12:09 centos8-1 systemd-logind[828]: New session 4 of user root.
Dec 29 00:12:25 centos8-1 rsync_log[12755]: At 00:12:25 on 2021-12-29, file /www/mxx.txt was backuped up via rsync
Dec 29 00:12:25 centos8-1 rsync_log[12757]: At 00:12:25 on 2021-12-29, file /www/mxx.txt was backuped up via rsync
Dec 29 00:12:25 centos8-1 rsync_log[12759]: At 00:12:25 on 2021-12-29, file /www/mxx.txt was backuped up via rsync

#有很多冗余的同步記錄,因為inotify會產生多次重復事件

4、LVS調度算法總結

靜態(tài)方法:

  • RR:RoundRobin,輪詢,按照順序逐一分配請求給每臺服務器
  • WRR:Weighted RR,加權輪訓,用戶的會話根據權重的值,可以理解為將服務器虛擬成了多臺服務器,請求會多次分配到同一臺服務器,直到超過權重后,再輪詢給下一臺;下一臺服務器也是虛擬成多臺,多個請求也會被調度給這些虛擬的服務器(多次調度給同一臺服務器),直到超過權重,超過權重前不會輪訓到其他服務器;
  • SH:Source Hash,客戶端的首次訪問是加權輪訓的,因為沒有命中任何HASH記錄;同一個源地址再次訪問時,源地址的HASH結果就可以在表中找到對應的條命,從而命中相同的服務器;由于目前公網基本采用NAT后的IP,這種算法可能導致單臺服務器覆蓋高于其他服務器;
  • DH:Destination Hash,主要是用于Web緩存,多個用戶請求相同的資源時,LVS可以直接調度用戶到同一個 服務器上,因為這個服務器經過一次訪問存在了緩存,服務器不需要重新計算動態(tài)資源或緩存靜態(tài)資源。

動態(tài)方法:

  • LC:least connections,最小連接數(shù),LVS預估活動鏈接對資源的依賴是非活動鏈接的256倍,因此通過一個計算公式,活動連接數(shù)*256+非活動連接數(shù),計算出Overhead值,這個值越低,越容易被調度。
  • WLC:Weight LC,加權最少連接數(shù),將LC的值除以權重,這樣可以通過權重一定程度人為控制服務器被優(yōu)先執(zhí)行調度;
  • SED,Shortest Expection Delay,WLC可能出現(xiàn)經過計算后權重大和權重小的有相同的Overhead,此時WLC只能通過RR或者WRR去輪詢,但可能希望達到的效果是,在這種情況下,依然可以通過weight來調度;SED可以解決這種問題,因為SED的計算公式是(活動連接數(shù)+1)*256/weight,這樣即便根據連接數(shù)得到了相同的結果,weight始終都會作為最后的tie break;
  • NQ,Never Queue,SED的缺陷是如果兩個服務器權重相差很大,權重大的會一直被分配到請求,權重小的可能出現(xiàn)多次調度都分配不到的情況,NQ就是解決這個問題,讓第一輪無論權重高低,先執(zhí)行均分

雖然NQ和SED補充了WLC,但是額外的計算會增加LVS的負擔,因此WLC還是最佳的算法。

  • LBLC:Locality-based LC,動態(tài)DH算法,同時考慮負載和目的IP的HASH進行調度;如果曾經綁定過的,則通過綁定來執(zhí)行調度;如果沒綁定的,則通過負載狀態(tài)執(zhí)行調度;
  • LBLCR:LBLC with Replication,帶復制功能的LBLC,調度后可能出現(xiàn)服務器的負載不均衡情況,LBLC將負載中的服務器緩存復制給負載輕的,它們的緩存可以互相傳遞,然后將部分會話轉給這臺負載輕的服務器;

內核版本4.15后新增調度算法:

  • FO(weighted fail Over),屬于靜態(tài)算法,增加IP_VS_DEST_F_OVERLOAD標志,如果帶有這個標志,則在調度時忽略,將請求調度給其他權重最高的RS;
  • OVF(OverFlow-connection),屬于動態(tài)算法,基于真實服務器的活動連接數(shù)量、權重,以及是否帶有IP_VS_DEST_F_OVERLOAD標志位,來執(zhí)行調度,服務器被調度的條件是:未過載,當前活動連接數(shù)量小于其權重值,權重值不為0;

5、LVS的跨網絡DR實現(xiàn)

VIP和互連地址不在同一個網段的情況下通過DR模式,實現(xiàn)L4調度(我看王老師的拓撲圖里多網段是這么個意思):

image.png
  1. 一臺linux主機充當路由器角色,它要負責執(zhí)行IP轉發(fā)
#開啟ip_forward功能
echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
sysctl -p

#為內網接口配置156網段,同時額外配置用于VIP互通的10.0.0.0/24網段,這里用臨時地址來充當
nmcli c modify eth0 ipv4.method manual ipv4.addresses 192.168.156.202/24 connection.autoconnect yes
ip addr add 10.0.0.100/24 dev eth0
nmcli c up eth0

#為外網eth1接口配置與Centos 6主機對接的IP,只是單存模擬一個外部公網主機,網關配置在外網口,這樣可以自動生成默認路由
nmcli c modify eth1 ipv4.method manual ipv4.addresses 192.168.174.130/24 ipv4.gateway 192.168.174.2 connection.autoconnect yes
nmcli c up eth1

#如下可以看到路由表的情況
[root@centos8mini ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.174.2   0.0.0.0         UG    101    0        0 eth1
10.0.0.0        0.0.0.0         255.255.255.0   U     0      0        0 eth0
192.168.156.0   0.0.0.0         255.255.255.0   U     102    0        0 eth0
192.168.174.0   0.0.0.0         255.255.255.0   U     101    0        0 eth1

#確認從centos 6可以訪問到LVS,這里只要測試連通性而已,實際訪問的時候,流量是發(fā)給VIP地址的
[root@centos6 ~]# ping 192.168.156.204
PING 192.168.156.204 (192.168.156.204) 56(84) bytes of data.
64 bytes from 192.168.156.204: icmp_seq=1 ttl=128 time=1.20 ms
64 bytes from 192.168.156.204: icmp_seq=2 ttl=128 time=1.20 ms
64 bytes from 192.168.156.204: icmp_seq=3 ttl=128 time=1.28 ms
64 bytes from 192.168.156.204: icmp_seq=4 ttl=128 time=1.04 ms
^C
--- 192.168.156.204 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3366ms
rtt min/avg/max/mdev = 1.042/1.185/1.284/0.088 ms
  1. 通過ansible完成內網的兩臺WEB服務器的部署,模擬RS設備
ssh-keygen
ssh-copy-id -i .ssh/id_rsa.pub root@127.0.0.1
scp -r ~/.ssh 192.168.156.207:/root
scp -r ~/.ssh 192.168.156.208:/root

[root@centos8mini ansible]# cat inventory
[localhost]
192.168.156.204

[websrv]
192.168.156.207
192.168.156.208

[root@centos8mini ansible]# cat ansible.cfg 
[defaults]
inventory = inventory
remote_user = root
host_key_checking = false
module_name = shell

[root@centos8mini ansible]# cat templates/index.html.j2 
This websrv is: {{ansible_eth0.ipv4.address}}

apache部署腳本:

---
- hosts: all
  vars:
    - httpdfile: httpd-2.4.51
    - aprfile: apr-1.7.0
    - aprutilfile: apr-util-1.6.1
  tasks:
    - block:
        - shell: ls -1 /root/
          register: lsroot
          ignore_errors: yes
        - get_url: url="https://mirror.tuna.tsinghua.edu.cn/apache/httpd/{{httpdfile}}.tar.bz2" dest=/root/
          when: "(httpdfile + '.tar.bz2') not in lsroot.stdout_lines"
        - get_url: url="https://mirror.tuna.tsinghua.edu.cn/apache/apr/{{aprfile}}.tar.bz2" dest=/root/
          when: "(aprfile + '.tar.bz2') not in lsroot.stdout_lines"
        - get_url: url="https://mirror.tuna.tsinghua.edu.cn/apache/apr/{{aprutilfile}}.tar.bz2" dest=/root/
          when: "(aprutilfile + '.tar.bz2') not in lsroot.stdout_lines"
      when: "'localhost' in group_names"
    - block:
        - shell: setenforce 0
        - service: name=firewalld state=stopped enabled=no
        - replace: path=/etc/selinux/config regexp="^(SELINUX=).*" replace="\1permissive" backup=yes
        - yum: name="bzip2,gcc,make,pcre-devel,openssl-devel,expat-devel" state=latest
        - file: dest=/data/httpd24 state=directory
        - unarchive: src=/root/{{ item }} dest=/root/ copy=yes
          loop:
            - "{{httpdfile}}.tar.bz2"
            - "{{aprfile}}.tar.bz2"
            - "{{aprutilfile}}.tar.bz2"
        - shell: mv /root/{{aprfile}} /root/{{httpdfile}}/srclib/apr
        - shell: mv /root/{{aprutilfile}} /root/{{httpdfile}}/srclib/apr-util
        - wait_for: path=/root/{{httpdfile}}/srclib/apr-util state=present
        - wait_for: path=/root/{{httpdfile}}/srclib/apr state=present
        - shell: chdir=/root/{{httpdfile}} ./configure --prefix=/data/httpd24 --enable-so --enable-ssl --enable-cgi --enable-rewrite --with-zlib --with-pcre --with-included-apr --enable-modules=most --enable-mpms-shared=all --with-mpm=prefork
        - shell: chdir=/root/{{httpdfile}} make -j 2 && make install
          register: configurehttpd
        - fail: msg="httpd compilation failed!"
          when: configurehttpd.rc != 0
        - shell: id apache
          register: apacheid
          ignore_errors: true
        - block:
            - group: name=apache system=yes state=present
            - user: name=apache system=yes group=apache state=present shell=/sbin/nologin
          when: apacheid.rc != 0
        - shell: ls -1 /data/httpd24/conf/httpd.conf
          register: httpdconf
          ignore_errors: yes
        - fail: msg="File not found!"
          when: httpdconf.rc != 0
        - block:
            - replace: path=/data/httpd24/conf/httpd.conf regexp="^(User).*" replace="\1  apache"
            - replace: path=/data/httpd24/conf/httpd.conf regexp="^(Group).*" replace="\1  apache"
        - shell: grep -iE "^user|^group" /data/httpd24/conf/httpd.conf
          register: grepug
          ignore_errors: true
        - debug:
            msg: "{{grepug.stdout}}"
        - copy: content="PATH=/data/httpd24/bin:$PATH" dest=/etc/profile.d/httpd.sh
        - name: activate PATH_varia 
          shell: source /etc/profile.d/httpd.sh
        - shell: echo $PATH
          register: pathvari
        - debug:
            msg: "{{ pathvari.stdout }}"
        - name: insert httpd to mandb
          lineinfile: path=/etc/man_db.conf insertafter='^MANDATORY_MANPATH' line='MANDATORY_MANPATH           /data/httpd24/man'
        - shell: mandb
        - name: set auto start
          lineinfile: path=/etc/rc.d/rc.local insertafter=EOF line="/data/httpd24/bin/apachectl start" mode=u+x
        - file: dest=/usr/lib/systemd/system/httpd24.service state=touch force=yes
        - copy: 
            content: |
              [Unit]
              Description=The Apache HTTP Server
              After=network.target remote-fs.target nss-lookup.target
              Documentation=man:httpd(8)
              Documentation=man:apachectl(8)
              [Service]
              Type=forking
              #EnvironmentFile=/etc/sysconfig/httpd
              ExecStart=/data/httpd24/bin/apachectl start
              #ExecStart=/data/httpd24/bin/httpd $OPTIONS -k start
              ExecReload=/data/httpd24/bin/apachectl graceful
              #ExecReload=/data/httpd24/bin/httpd $OPTIONS -k graceful
              ExecStop=/data/httpd24/bin/apachectl stop
              KillSignal=SIGCONT
              PrivateTmp=true
              [Install]
              WantedBy=multi-user.target
            dest: /usr/lib/systemd/system/httpd24.service
        - service: name=httpd24 state=started enabled=yes
          tags: sstart
        - block:
            - replace: path=/data/httpd24/conf/httpd.conf regexp="^(DocumentRoot).*" replace="\1 "/var/www/html""
            - lineinfile: path=/data/httpd24/conf/httpd.conf insertafter=EOF line="IncludeOptional conf.d/*.conf"
            - file: path={{item}} state=directory recurse=yes
              loop:
                - /data/httpd24/conf.d
                - /var/www/html
            - file: path=/data/httpd24/conf.d/myhttp.conf state=touch
            - copy: 
                content: |
                  <Directory "/var/www/html">
                  AllowOverride None
                  Require all granted
                  </Directory>
                dest: /data/httpd24/conf.d/myhttp.conf
            - block:
                - template:
                    src: index.html.j2
                    dest: /var/www/html/index.html
                    force: yes
                  ignore_errors: yes
                - service: name=httpd24 state=restarted
              tags: template
          tags: configblock
      when: "'websrv' in group_names"
  1. 配置RS不響應lo口IP的arp,也不接收請求lo接口ip的arp,防止RS的VIP和LVS的VIP地址沖突;只要地址不沖突,RS就能和LVS共用VIP地址,這也是DR的核心:
#在207和208 兩臺rs上完成arp忽略和不為lo口ip發(fā)送arp消息
#這里有兩種方式,一種是修改內核參數(shù),但是我這邊測試下來沒有效果,兩臺rs還是繼續(xù)響應arp,導致router側的VIP的MAC一直指向RS
echo "net.ipv4.conf.lo.arp_ignore = 1" >> /etc/sysctl.conf
echo "net.ipv4.conf.lo.arp_announce = 2" >> /etc/sysctl.conf
sysctl -p

#另外一種方式是配置arptables,我是通過這種方式完成的,分別是所有請求10.0.0.1的arp都丟棄;所有自己發(fā)出去的arp的源地址是10.0.0.1的,都改成192.168.156.207或208
#rs1的配置
arptables -A INPUT -d 10.0.0.1 -j DROP
arptables -A OUTPUT -s 10.0.0.1 -j mangle --mangle-ip-s 192.168.156.207

#rs2的配置
arptables -A INPUT -d 10.0.0.1 -j DROP
arptables -A OUTPUT -s 10.0.0.1 -j mangle --mangle-ip-s 192.168.156.207

#rs1和rs2的lo口配上VIP地址,dr的三層目的IP全程都是VIP,只有mac地址發(fā)生了變化
ifconfig lo:1 10.0.0.1/32
  1. rs和LVS的eth0接口配置
#LVS的配置,這里注意,雖然LVS沒有跨網段訪問的需求,但是也要配上網關,因為linux默認開啟RPF檢測,而且是strict模式,檢查從一個接口接收的報文的源地址是否也是從該接口發(fā)出
nmcli c modify eth0 ipv4.method manual ipv4.addresses 192.168.156.204/24 ipv4.gateway 192.168.156.202

#RS1的配置,確認默認路由下一跳是指向202的,因為之后回包時需要發(fā)給202這臺路由器(假)
nmcli c modify eth0 ipv4.method manual ipv4.addresses 192.168.156.207/24 ipv4.gateway 192.168.156.202
nmcli c up eth0

#RS2的配置,確認默認路由下一跳是指向202的,因為之后回包時需要發(fā)給202這臺路由器(假)
nmcli c modify eth0 ipv4.method manual ipv4.addresses 192.168.156.208/24 ipv4.gateway 192.168.156.202
nmcli c up eth0
  1. lvs設備配置,LVS的VIP可以正常的響應arp,公網用戶訪問VIP的流量在路由器上通過arp查詢時,只有LVS可以響應:
#lvs的lo口配置相同的VIP,并且正常響應arp請求
ifconfig lo:1 10.0.0.100/32

#
yum -y install ipvsadm
-A -t 10.0.0.1:80 -s rr
-a -t 10.0.0.1:80 -r 192.168.156.207:80 -g
-a -t 10.0.0.1:80 -r 192.168.156.208:80 -g

5、測試結果

輪詢方式:

image.png

加權輪詢:

image.png
最后編輯于
?著作權歸作者所有,轉載或內容合作請聯(lián)系作者
【社區(qū)內容提示】社區(qū)部分內容疑似由AI輔助生成,瀏覽時請結合常識與多方信息審慎甄別。
平臺聲明:文章內容(如有圖片或視頻亦包括在內)由作者上傳并發(fā)布,文章內容僅代表作者本人觀點,簡書系信息發(fā)布平臺,僅提供信息存儲服務。

相關閱讀更多精彩內容

友情鏈接更多精彩內容