Linux第十五周(文件共享服务和LVS)

Posted JINX穆空

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Linux第十五周(文件共享服务和LVS)相关的知识,希望对你有一定的参考价值。

1、实现基于mysql验证的vsftpd虚拟用户访问

利用 pam_mysql 模块可以实现基于MySQL的FTP虚拟用户功能

项目网站:http://pam-mysql.sourceforge.net/
注意:因为此项目年代久远不再更新,当前只支持CentOS 6,7,不支持CentOS 8

本实验在两台主机上实现

一台做为FTP服务器CentOS 7
一台做 Mariadb 数据库服务器(CenotOS8)

在数据库服务上配置数据库支持vsftpd服务

#注意:MySQL8.0由于取消了PASSWORD()函数不支持,因此选择Mariadb
[root@centos8-2 ~]# yum -y install mariadb-server
[root@centos8-2 ~]# systemctl enable --now mariadb.service
#建立存储虚拟用户数据库和表
[root@centos8-2 ~]# mysql
mysql> CREATE DATABASE vsftpd;
mysql> USE vsftpd;
mysql> CREATE TABLE users (
id INT AUTO_INCREMENT NOT NULL PRIMARY KEY,
name CHAR(50) BINARY NOT NULL,
password CHAR(48) BINARY NOT NULL
);
#添加虚拟用户,为了安全应该使用PASSWORD函数加密其密码后存储
mysql> INSERT INTO users(name,password) values(ftp_jin,password(magedu));
mysql> INSERT INTO users(name,password) values(ftp_abc,password(magedu));
mysql> INSERT INTO users(name,password) values(ftp_abc,password(123456));
mysql> select * from users;
MariaDB [vsftpd]> select * from users;
+----+---------+-------------------------------------------+
| id | name    | password                                  |
+----+---------+-------------------------------------------+
|  1 | ftp_jin | *6B8CCC83799A26CD19D7AD9AEEADBCD30D8A8664 |
|  2 | ftp_abc | *6B8CCC83799A26CD19D7AD9AEEADBCD30D8A8664 |
|  3 | bob     | *6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9 |
+----+---------+-------------------------------------------+
mysql> GRANT SELECT ON vsftpd.* TO vsftpd@10.0.0.% IDENTIFIED BY magedu;
mysql> FLUSH PRIVILEGES;

在FTP服务器上安装vsftpd 和 pam_mysql包

[root@centos7 ~]# yum -y install vsftpd

pam-mysql 源码进行编译

#安装相关包
[root@centos7-2 ~]# yum -y install vsftpd gcc gcc-c++ make mariadb-devel pam-devel
[root@centos7-2 ~]# tar xvf pam_mysql-0.7pre3.tar.gz
[root@centos7-2 ~]# cd pam_mysql-0.7pre3/
[root@centos7-2 ~]# pam_mysql-0.7pre3]#./configure --with-pam-mods-dir=/lib64/security
[root@centos7-2 ~]# pam_mysql-0.7pre3]#make install
[root@centos7-2 ~]# ll /lib64/security/pam_mysql*
-rwxr-xr-x 1 root root    882 Mar 28 21:06 /lib64/security/pam_mysql.la
-rwxr-xr-x 1 root root 140928 Mar 28 21:06 /lib64/security/pam_mysql.so

在FTP服务器上建立pam认证所需文件

[root@centos7-2 ~]# vim /etc/pam.d/vsftpd.mysql
#添加如下两行
auth required pam_mysql.so user=vsftpd passwd=magedu host=10.0.0.151 db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2
account required pam_mysql.so user=vsftpd passwd=magedu host=10.0.0.151 db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2

建立相应用户和修改vsftpd配置文件

#建立虚拟用户映射的系统用户及对应的目录
[root@centos7-2 ~]# useradd -s /sbin/nologin -d /data/ftproot -r vuser
#centos7 需除去ftp根目录的写权限
[root@centos7-2 ~]# #mkdir -pv /data/ftproot/upload
[root@centos7-2 ~]# setfacl -m u:vuser:rwx /data/ftproot/upload
#确保/etc/vsftpd/vsftpd.conf中已经启用了以下选项
[root@centos7-2 ~]# vim /etc/vsftpd/vsftpd.conf
#添加下面两项
guest_enable=YES
guest_username=vuser
#修改下面一项,原系统用户无法登录
pam_service_name=vsftpd.mysql
#启动vsftpd服务
[root@centos7-2 ~]# systemctl enable --now vsftpd

2、配置samba共享,实现/www目录共享

#在samba服务器上安装samba包
yum -y install samba
#创建samba用户和组
groupadd -r admins
useradd -s /sbin/nologin -G admins jin
smbpasswd -a jin
#创建samba共享目录
mkdir /www
chgrp admins /www
chmod 2775 /www
#samba服务器配置
vim /etc/samba/smb.conf
#在最后增加
[share]
path = /www
write list = @admins
systemctl enable --now smb nmb
#samba客户端访问
yum -y install cifs-utils
#用jin用户挂载smb共享并访问
mkdir /mnt/jin
mount -o username=jin //smbserver/share /mnt/jin
echo "Hello jin" >/mnt/jin/jinfile.txt

3、使用rsync+inotify实现/www目录实时同步

环境准备:

IP 操作系统及版本 作用
10.0.0.150 CETOS8 data-server,inotify
10.0.0.151 CETOS8 backup-server,rsync

安装inotify-tools:基于epel源

[root@data ~]#yum -y install inotify-tools

创建rsync服务器的配置文件

[root@backup ~]#dnf -y install rsync-daemon

[root@backup ~]#rpm -q rsync
rsync-3.1.2-10.el7.x86_64
[root@backup ~]#vim /etc/rsyncd.conf
 uid = root  #提定以哪个用户来访问共享目录,将之指定为生成的文件所有者,默认为nobody
 gid = root  #默认为nobody
 max connections = 0
 ignore errors
 log file = /var/log/rsyncd.log
 pid file = /var/run/rsyncd.pid
 exclude = lost+found/
 lock file = /var/run/rsyncd.lock
 reverse lookup = no

[backup]  #每个模块名对应一个不同的path目录,如果同名后面模块生效
path = /data/backup/
comment = backup dir
read only = no  #默认是yes,即只读
auth users = rsyncuser  #默认anonymous可以访问rsync服务器
secrets file = /etc/rsync.pas

准备备份目录

[root@backup ~]#mkdir -pv /data/backup

[root@backup ~]#echo "rsyncuser:123456" > /etc/rsync.pas
[root@backup ~]#chmod 600 /etc/rsync.pas

启动rsyncd服务

[root@backup ~]#systemctl enable --now rsyncd

数据服务器配置密码文件

[root@data ~]#echo "123456" > /etc/rsync.pas
[root@data ~]#chmod 600 /etc/rsync.pas

非交互式查看共享目录

[root@data ~]#rsync --password-file=/etc/rsync.pas rsync://rsyncuser@10.0.0.151/backup

shell 脚本实现实时数据同步

[root@data ~]# vim inotify_rsync.sh
#!/bin/bash
SRC=/data/www/
DEST=rsyncuser@10.0.0.151::backup                                                                                                                                                               
rpm -q rsync &> /dev/null || yum -y install rsync
inotifywait -mrq --exclude=".*\\.swp" --timefmt %Y-%m-%d %H:%M:%S --format %T %w %f -e create,delete,moved_to,close_write,attrib $SRC |while read DATE TIME DIR FILE;do
FILEPATH=$DIR$FILE
rsync -az --delete --password-file=/etc/rsync.pas $SRC $DEST && echo "At $TIME on $DATE, file $FILEPATH was backuped up via rsync" >> /var/log/changelist.log
done

[root@data ~]# bash inotify_rsync.sh
#在备份服务器中运行
#每0.5秒执行一次ls,查看是否可以做到实时备份 
[root@backup backup]# watch -n0.5 ls -l /data/backup/

测试

4、LVS调度算法总结

静态方法(仅根据算法本身进行调度)

1、RR:roundrobin,轮询,较常用
2、WRR:Weighted RR,加权轮询,较常用
3、SH:Source Hashing,实现session sticky,源IP地址hash;将来自于同一个IP地址的请求始终发往第一次挑中的RS,从而实现会话绑定
4、DH:Destination Hashing;目标地址哈希,第一次轮询调度至RS,后续将发往同一个目标地址的请求始终转发至第一次挑中的RS,典型使用场景是正向代理缓存场景中的负载均衡,如: Web缓存

动态方法(主要根据每RS当前的负载状态及调度算法进行调度Overhead=value 较小的RS将被调度)

1、LC:least connections 适用于长连接应用

Overhead=activeconns*256+inactiveconns

2、WLC:Weighted LC,默认调度方法,较常用,LC算法进行加权

Overhead=(activeconns*256+inactiveconns)/weight

3、SED:Shortest Expection Delay,初始连接高权重优先,只检查活动连接,而不考虑非活动连接

Overhead=(activeconns+1)*256/weight

4、NQ:Never Queue,第一轮均匀分配,后续SED
5、LBLC:Locality-Based LC,动态的DH算法,使用场景:根据负载状态实现正向代理,实现Web
Cache等
6、LBLCR:LBLC with Replication,带复制功能的LBLC,解决LBLC负载不均衡问题,从负载重的复制
到负载轻的RS,,实现Web Cache等

5、LVS的跨网络DR实现

环境准备

环境:五台主机
一台:客户端 eth0:仅主机 192.168.10.6/24  GW:192.168.10.200

一台:ROUTER
eth0:NAT 10.0.0.200/24
eth0:1  172.16.0.200/24
eth1:仅主机 192.168.10.200/24
启用 IP_FORWARD

一台:LVS
eth0:NAT:DIP:10.0.0.8/24  GW:10.0.0.200
lo:VIP:172.16.0.100/32

两台RS:
RS1:eth0:NAT:10.0.0.7/24  GW:10.0.0.200
lo:VIP:172.16.0.100/32

RS2:eth0:NAT:10.0.0.17/24  GW:10.0.0.200 
lo:VIP:172.16.0.100/32

客户端

[root@internet ~]#hostname -I
192.168.10.6
[root@internet ~]#cat /etc/sysconfig/network-scripts/ifcfg-eth0
NAME="eth0"
DEVICE="eth0"
BOOTPROTO="static"
IPADDR="192.168.10.6"
PREFIX="24"
DNS1="223.5.5.5"
DNS2="180.76.76.76"
GATEWAY="192.168.10.200"
ONBOOT="yes"
[root@internet ~]#route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.10.200  0.0.0.0         UG    100    0        0 eth0
192.168.10.0    0.0.0.0         255.255.255.0   U     100    0        0 eth0

[root@internet ~]#ping 192.168.10.200 -c1
PING 192.168.10.200 (192.168.10.200) 56(84) bytes of data.
64 bytes from 192.168.10.200: icmp_seq=1 ttl=64 time=2.30 ms

路由器

[root@router ~]#echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
[root@router ~]#sysctl -p
net.ipv4.ip_forward = 1
[root@router ~]#cat /etc/sysconfig/network-scripts/ifcfg-eth0
NAME="eth0"
DEVICE="eth0"
BOOTPROTO="static"
IPADDR="10.0.0.200"
PREFIX="24"
ONBOOT="yes"
[root@router ~]#cat /etc/sysconfig/network-scripts/ifcfg-eth1
NAME="eth1"
DEVICE="eth1"
BOOTPROTO="static"
IPADDR="192.168.10.200"
PREFIX="24"
ONBOOT="yes"
[root@router ~]#ip a a 172.16.0.200/24 dev eth0 label eth0:1
[root@router ~]#ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:50:56:21:52:92 brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.200/24 brd 10.0.0.255 scope global noprefixroute eth0
       valid_lft forever preferred_lft forever
    inet 172.16.0.200/24 scope global eth0:1
       valid_lft forever preferred_lft forever
    inet6 fe80::250:56ff:fe21:5292/64 scope link
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:68:dc:18 brd ff:ff:ff:ff:ff:ff
    inet 192.168.10.200/24 brd 192.168.10.255 scope global noprefixroute eth1
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fe68:dc18/64 scope link
       valid_lft forever preferred_lft forever
[root@router ~]#hostname -I
10.0.0.200 172.16.0.200 192.168.10.200

[root@router ~]#route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.0.0.0        0.0.0.0         255.255.255.0   U     102    0        0 eth0
172.16.0.0      0.0.0.0         255.255.255.0   U     0      0        0 eth0
192.168.10.0    0.0.0.0         255.255.255.0   U     103    0        0 eth1

[root@router ~]#arp -n
Address                  HWtype  HWaddress           Flags Mask            Iface
10.0.0.8                 ether   00:50:56:3b:17:bf   C                     eth0
172.16.0.100             ether   00:50:56:3b:17:bf   C                     eth0
10.0.0.17                ether   00:50:56:3d:cb:17   C                     eth0
192.168.10.6             ether   00:50:56:32:62:97   C                     eth1
10.0.0.7                 ether   00:0c:29:33:b7:af   C                     eth0
10.0.0.1                 ether   00:50:56:c0:00:08   C                     eth0

LVS

[root@lvs ~]#hostname -I
10.0.0.8
[root@lvs ~]#route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.0.0.200      0.0.0.0         UG    100    0        0 eth0
10.0.0.0        0.0.0.0         255.255.255.0   U     100    0        0 eth0
[root@lvs ~]#cat /etc/sysconfig/network-scripts/ifcfg-eth0
NAME="eth0"
DEVICE="eth0"
BOOTPROTO="static"
IPADDR="10.0.0.8"
PREFIX="24"
GATEWAY="10.0.0.200"
ONBOOT="yes"

[root@lvs ~]#curl 10.0.0.17
10.0.0.17
[root@lvs ~]#curl 10.0.0.7
10.0.0.7

#在LVS主机运行的脚本
#注意:VIP如果配置在LO网卡上,必须使用32bit子网掩码
#如果VIP绑定在eth0上,可以使用其它netmask
[root@lvs ~]#cat lvs_dr_vs.sh
#!/bin/bash
vip=172.16.0.100
iface=lo:1
mask=255.255.255.255
port=80
rs1=10.0.0.7
rs2=10.0.0.17
scheduler=wrr
type=-g
rpm -q ipvsadm &> /dev/null || yum -y install ipvsadm &> /dev/null

case $1 in
start)
    ifconfig $iface $vip netmask $mask #broadcast $vip up
    iptables -F

    ipvsadm -A -t $vip:$port -s $scheduler
    ipvsadm -a -t $vip:$port -r $rs1 $type -w 1
    ipvsadm -a -t $vip:$port -r $rs2 $type -w 1
    echo "The VS Server is Ready!"
    ;;
stop)
    ipvsadm -C
    ifconfig $iface down
    echo "The VS Server is Canceled!"
    ;;
*)
    echo "Usage: $(basename $0) start|stop"
    exit 1
    ;;
esac

[root@lvs ~]#bash -n lvs_dr_vs.sh
[root@lvs ~]#bash lvs_dr_vs.sh start
The VS Server is Ready!

[root@lvs ~]#ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet 172.16.0.100/32 scope global lo:1
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:50:56:3b:17:bf brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.8/24 brd 10.0.0.255 scope global noprefixroute eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::250:56ff:fe3b:17bf/64 scope link
       valid_lft forever preferred_lft forever

[root@lvs ~]#ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  172.16.0.100:80 wrr
  -> 10.0.0.7:80                  Route   1      0          0
  -> 10.0.0.17:80                 Route   1      0          0

RS1

[root@rs1 ~]#cat /etc/sysconfig/network-scripts/ifcfg-eth0
NAME="eth0"
DEVICE="eth0"
BOOTPROTO="static"
IPADDR="10.0.0.7"
PREFIX="24"
GATEWAY="10.0.0.200"
ONBOOT="yes"
[root@rs1 ~]#hostname -I
10.0.0.7
[root@rs1 ~]#route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.0.0.200      0.0.0.0         UG    100    0        0 eth0
10.0.0.0        0.0.0.0         255.255.255.0   U     100    0        0 eth0

[root@rs1 ~]#yum -y install httpd
[root@rs1 ~]#systemctl enable --now httpd
[root@rs1 ~]#hostname -I > /var/www/html/index.html
[root@rs1 ~]#curl 10.0.0.7
10.0.0.7

[root@rs1 ~]#cat lvs_dr_rs.sh
#!/bin/bash
vip=172.16.0.100
mask=255.255.255.255
dev=lo:1

case $1 in
start)
    echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
    echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
    echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
    echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
    ifconfig $dev $vip netmask $mask
    echo "The RS Server is Ready!"
    ;;
stop)
    ifconfig $dev down
    echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore
    echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore
    echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce
    echo 0 > /proc/sys/net/ipv4/conf/lo/arp_announce
    echo "The RS Server is Canceled!"
    ;;
*)
    echo "Usage: $(basename $0) start|stop"
    exit 1
    ;;
esac

[root@rs1 ~]#bash -n lvs_dr_rs.sh
[root@rs1 ~]#bash lvs_dr_rs.sh start
The RS Server is Ready!

[root@rs1 ~]#ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet 172.16.0.100/32 scope global lo:1
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:33:b7:af brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.7/24 brd 10.0.0.255 scope global noprefixroute eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fe33:b7af/64 scope link
       valid_lft forever preferred_lft forever

[root@rs1 ~]#scp lvs_dr_rs.sh 10.0.0.17:

RS2

[root@rs2 ~]#hostname -I
10.0.0.17
[root@rs2 ~]#route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.0.0.200      0.0.0.0         UG    100    0        0 eth0
10.0.0.0        0.0.0.0         255.255.255.0   U     100    0        0 eth0
[root@rs2 ~]#cat /etc/sysconfig/network-scripts/ifcfg-eth0
NAME="eth0"
DEVICE="eth0"
BOOTPROTO="static"
IPADDR="10.0.0.17"
PREFIX="24"
GATEWAY="10.0.0.200"
ONBOOT="yes"

[root@rs2 ~]#yum -y install httpd
[root@rs2 ~]#systemctl enable --now httpd
[root@rs2 ~]#hostname -I > /var/www/html/index.html
[root@rs2 ~]#curl 10.0.0.17
10.0.0.17

[root@rs2 ~]#bash lvs_dr_rs.sh start
[root@rs2 ~]#ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet 172.16.0.100/32 scope global lo:1
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:50:56:3d:cb:17 brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.17/24 brd 10.0.0.255 scope global noprefixroute eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::250:56ff:fe3d:cb17/64 scope link
       valid_lft forever preferred_lft forever

[root@rs2 ~]#cat /proc/sys/net/ipv4/conf/all/arp_ignore
1
[root@rs2 ~]#cat /proc/sys/net/ipv4/conf/all/arp_announce
2

测试访问

[root@internet ~]#curl 172.16.0.100
10.0.0.17
[root@internet ~]#curl 172.16.0.100
10.0.0.7
[root@internet ~]#curl 172.16.0.100
10.0.0.17
[root@internet ~]#curl 172.16.0.100
10.0.0.7

以上是关于Linux第十五周(文件共享服务和LVS)的主要内容,如果未能解决你的问题,请参考以下文章

第十五周学习进度

第十五周周总结

第十五周进度条

第十五周

张季跃 201771010139《面向对象程序设计(java)》第十五周学习总结

刘志梅201771010115.《面向对象程序设计(java)》第十五周学习总结