Linux第十五周(文件共享服务和LVS)
Posted JINX穆空
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Linux第十五周(文件共享服务和LVS)相关的知识,希望对你有一定的参考价值。
1、实现基于mysql验证的vsftpd虚拟用户访问
利用 pam_mysql 模块可以实现基于MySQL的FTP虚拟用户功能
项目网站:http://pam-mysql.sourceforge.net/
注意:因为此项目年代久远不再更新,当前只支持CentOS 6,7,不支持CentOS 8
本实验在两台主机上实现
一台做为FTP服务器CentOS 7
一台做 Mariadb 数据库服务器(CenotOS8)
在数据库服务上配置数据库支持vsftpd服务
#注意:MySQL8.0由于取消了PASSWORD()函数不支持,因此选择Mariadb
[root@centos8-2 ~]# yum -y install mariadb-server
[root@centos8-2 ~]# systemctl enable --now mariadb.service
#建立存储虚拟用户数据库和表
[root@centos8-2 ~]# mysql
mysql> CREATE DATABASE vsftpd;
mysql> USE vsftpd;
mysql> CREATE TABLE users (
id INT AUTO_INCREMENT NOT NULL PRIMARY KEY,
name CHAR(50) BINARY NOT NULL,
password CHAR(48) BINARY NOT NULL
);
#添加虚拟用户,为了安全应该使用PASSWORD函数加密其密码后存储
mysql> INSERT INTO users(name,password) values(ftp_jin,password(magedu));
mysql> INSERT INTO users(name,password) values(ftp_abc,password(magedu));
mysql> INSERT INTO users(name,password) values(ftp_abc,password(123456));
mysql> select * from users;
MariaDB [vsftpd]> select * from users;
+----+---------+-------------------------------------------+
| id | name | password |
+----+---------+-------------------------------------------+
| 1 | ftp_jin | *6B8CCC83799A26CD19D7AD9AEEADBCD30D8A8664 |
| 2 | ftp_abc | *6B8CCC83799A26CD19D7AD9AEEADBCD30D8A8664 |
| 3 | bob | *6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9 |
+----+---------+-------------------------------------------+
mysql> GRANT SELECT ON vsftpd.* TO vsftpd@10.0.0.% IDENTIFIED BY magedu;
mysql> FLUSH PRIVILEGES;
在FTP服务器上安装vsftpd 和 pam_mysql包
[root@centos7 ~]# yum -y install vsftpd
pam-mysql 源码进行编译
#安装相关包
[root@centos7-2 ~]# yum -y install vsftpd gcc gcc-c++ make mariadb-devel pam-devel
[root@centos7-2 ~]# tar xvf pam_mysql-0.7pre3.tar.gz
[root@centos7-2 ~]# cd pam_mysql-0.7pre3/
[root@centos7-2 ~]# pam_mysql-0.7pre3]#./configure --with-pam-mods-dir=/lib64/security
[root@centos7-2 ~]# pam_mysql-0.7pre3]#make install
[root@centos7-2 ~]# ll /lib64/security/pam_mysql*
-rwxr-xr-x 1 root root 882 Mar 28 21:06 /lib64/security/pam_mysql.la
-rwxr-xr-x 1 root root 140928 Mar 28 21:06 /lib64/security/pam_mysql.so
在FTP服务器上建立pam认证所需文件
[root@centos7-2 ~]# vim /etc/pam.d/vsftpd.mysql
#添加如下两行
auth required pam_mysql.so user=vsftpd passwd=magedu host=10.0.0.151 db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2
account required pam_mysql.so user=vsftpd passwd=magedu host=10.0.0.151 db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2
建立相应用户和修改vsftpd配置文件
#建立虚拟用户映射的系统用户及对应的目录
[root@centos7-2 ~]# useradd -s /sbin/nologin -d /data/ftproot -r vuser
#centos7 需除去ftp根目录的写权限
[root@centos7-2 ~]# #mkdir -pv /data/ftproot/upload
[root@centos7-2 ~]# setfacl -m u:vuser:rwx /data/ftproot/upload
#确保/etc/vsftpd/vsftpd.conf中已经启用了以下选项
[root@centos7-2 ~]# vim /etc/vsftpd/vsftpd.conf
#添加下面两项
guest_enable=YES
guest_username=vuser
#修改下面一项,原系统用户无法登录
pam_service_name=vsftpd.mysql
#启动vsftpd服务
[root@centos7-2 ~]# systemctl enable --now vsftpd
2、配置samba共享,实现/www目录共享
#在samba服务器上安装samba包
yum -y install samba
#创建samba用户和组
groupadd -r admins
useradd -s /sbin/nologin -G admins jin
smbpasswd -a jin
#创建samba共享目录
mkdir /www
chgrp admins /www
chmod 2775 /www
#samba服务器配置
vim /etc/samba/smb.conf
#在最后增加
[share]
path = /www
write list = @admins
systemctl enable --now smb nmb
#samba客户端访问
yum -y install cifs-utils
#用jin用户挂载smb共享并访问
mkdir /mnt/jin
mount -o username=jin //smbserver/share /mnt/jin
echo "Hello jin" >/mnt/jin/jinfile.txt
3、使用rsync+inotify实现/www目录实时同步
环境准备:
IP | 操作系统及版本 | 作用 |
---|---|---|
10.0.0.150 | CETOS8 | data-server,inotify |
10.0.0.151 | CETOS8 | backup-server,rsync |
安装inotify-tools:基于epel源
[root@data ~]#yum -y install inotify-tools
创建rsync服务器的配置文件
[root@backup ~]#dnf -y install rsync-daemon
[root@backup ~]#rpm -q rsync
rsync-3.1.2-10.el7.x86_64
[root@backup ~]#vim /etc/rsyncd.conf
uid = root #提定以哪个用户来访问共享目录,将之指定为生成的文件所有者,默认为nobody
gid = root #默认为nobody
max connections = 0
ignore errors
log file = /var/log/rsyncd.log
pid file = /var/run/rsyncd.pid
exclude = lost+found/
lock file = /var/run/rsyncd.lock
reverse lookup = no
[backup] #每个模块名对应一个不同的path目录,如果同名后面模块生效
path = /data/backup/
comment = backup dir
read only = no #默认是yes,即只读
auth users = rsyncuser #默认anonymous可以访问rsync服务器
secrets file = /etc/rsync.pas
准备备份目录
[root@backup ~]#mkdir -pv /data/backup
[root@backup ~]#echo "rsyncuser:123456" > /etc/rsync.pas
[root@backup ~]#chmod 600 /etc/rsync.pas
启动rsyncd服务
[root@backup ~]#systemctl enable --now rsyncd
数据服务器配置密码文件
[root@data ~]#echo "123456" > /etc/rsync.pas
[root@data ~]#chmod 600 /etc/rsync.pas
非交互式查看共享目录
[root@data ~]#rsync --password-file=/etc/rsync.pas rsync://rsyncuser@10.0.0.151/backup
shell 脚本实现实时数据同步
[root@data ~]# vim inotify_rsync.sh
#!/bin/bash
SRC=/data/www/
DEST=rsyncuser@10.0.0.151::backup
rpm -q rsync &> /dev/null || yum -y install rsync
inotifywait -mrq --exclude=".*\\.swp" --timefmt %Y-%m-%d %H:%M:%S --format %T %w %f -e create,delete,moved_to,close_write,attrib $SRC |while read DATE TIME DIR FILE;do
FILEPATH=$DIR$FILE
rsync -az --delete --password-file=/etc/rsync.pas $SRC $DEST && echo "At $TIME on $DATE, file $FILEPATH was backuped up via rsync" >> /var/log/changelist.log
done
[root@data ~]# bash inotify_rsync.sh
#在备份服务器中运行
#每0.5秒执行一次ls,查看是否可以做到实时备份
[root@backup backup]# watch -n0.5 ls -l /data/backup/
测试
4、LVS调度算法总结
静态方法(仅根据算法本身进行调度)
1、RR:roundrobin,轮询,较常用
2、WRR:Weighted RR,加权轮询,较常用
3、SH:Source Hashing,实现session sticky,源IP地址hash;将来自于同一个IP地址的请求始终发往第一次挑中的RS,从而实现会话绑定
4、DH:Destination Hashing;目标地址哈希,第一次轮询调度至RS,后续将发往同一个目标地址的请求始终转发至第一次挑中的RS,典型使用场景是正向代理缓存场景中的负载均衡,如: Web缓存
动态方法(主要根据每RS当前的负载状态及调度算法进行调度Overhead=value 较小的RS将被调度)
1、LC:least connections 适用于长连接应用
Overhead=activeconns*256+inactiveconns
2、WLC:Weighted LC,默认调度方法,较常用,LC算法进行加权
Overhead=(activeconns*256+inactiveconns)/weight
3、SED:Shortest Expection Delay,初始连接高权重优先,只检查活动连接,而不考虑非活动连接
Overhead=(activeconns+1)*256/weight
4、NQ:Never Queue,第一轮均匀分配,后续SED
5、LBLC:Locality-Based LC,动态的DH算法,使用场景:根据负载状态实现正向代理,实现Web
Cache等
6、LBLCR:LBLC with Replication,带复制功能的LBLC,解决LBLC负载不均衡问题,从负载重的复制
到负载轻的RS,,实现Web Cache等
5、LVS的跨网络DR实现
环境准备
环境:五台主机
一台:客户端 eth0:仅主机 192.168.10.6/24 GW:192.168.10.200
一台:ROUTER
eth0:NAT 10.0.0.200/24
eth0:1 172.16.0.200/24
eth1:仅主机 192.168.10.200/24
启用 IP_FORWARD
一台:LVS
eth0:NAT:DIP:10.0.0.8/24 GW:10.0.0.200
lo:VIP:172.16.0.100/32
两台RS:
RS1:eth0:NAT:10.0.0.7/24 GW:10.0.0.200
lo:VIP:172.16.0.100/32
RS2:eth0:NAT:10.0.0.17/24 GW:10.0.0.200
lo:VIP:172.16.0.100/32
客户端
[root@internet ~]#hostname -I
192.168.10.6
[root@internet ~]#cat /etc/sysconfig/network-scripts/ifcfg-eth0
NAME="eth0"
DEVICE="eth0"
BOOTPROTO="static"
IPADDR="192.168.10.6"
PREFIX="24"
DNS1="223.5.5.5"
DNS2="180.76.76.76"
GATEWAY="192.168.10.200"
ONBOOT="yes"
[root@internet ~]#route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.10.200 0.0.0.0 UG 100 0 0 eth0
192.168.10.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0
[root@internet ~]#ping 192.168.10.200 -c1
PING 192.168.10.200 (192.168.10.200) 56(84) bytes of data.
64 bytes from 192.168.10.200: icmp_seq=1 ttl=64 time=2.30 ms
路由器
[root@router ~]#echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
[root@router ~]#sysctl -p
net.ipv4.ip_forward = 1
[root@router ~]#cat /etc/sysconfig/network-scripts/ifcfg-eth0
NAME="eth0"
DEVICE="eth0"
BOOTPROTO="static"
IPADDR="10.0.0.200"
PREFIX="24"
ONBOOT="yes"
[root@router ~]#cat /etc/sysconfig/network-scripts/ifcfg-eth1
NAME="eth1"
DEVICE="eth1"
BOOTPROTO="static"
IPADDR="192.168.10.200"
PREFIX="24"
ONBOOT="yes"
[root@router ~]#ip a a 172.16.0.200/24 dev eth0 label eth0:1
[root@router ~]#ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:50:56:21:52:92 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.200/24 brd 10.0.0.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet 172.16.0.200/24 scope global eth0:1
valid_lft forever preferred_lft forever
inet6 fe80::250:56ff:fe21:5292/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:68:dc:18 brd ff:ff:ff:ff:ff:ff
inet 192.168.10.200/24 brd 192.168.10.255 scope global noprefixroute eth1
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe68:dc18/64 scope link
valid_lft forever preferred_lft forever
[root@router ~]#hostname -I
10.0.0.200 172.16.0.200 192.168.10.200
[root@router ~]#route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.0.0.0 0.0.0.0 255.255.255.0 U 102 0 0 eth0
172.16.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.10.0 0.0.0.0 255.255.255.0 U 103 0 0 eth1
[root@router ~]#arp -n
Address HWtype HWaddress Flags Mask Iface
10.0.0.8 ether 00:50:56:3b:17:bf C eth0
172.16.0.100 ether 00:50:56:3b:17:bf C eth0
10.0.0.17 ether 00:50:56:3d:cb:17 C eth0
192.168.10.6 ether 00:50:56:32:62:97 C eth1
10.0.0.7 ether 00:0c:29:33:b7:af C eth0
10.0.0.1 ether 00:50:56:c0:00:08 C eth0
LVS
[root@lvs ~]#hostname -I
10.0.0.8
[root@lvs ~]#route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.0.0.200 0.0.0.0 UG 100 0 0 eth0
10.0.0.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0
[root@lvs ~]#cat /etc/sysconfig/network-scripts/ifcfg-eth0
NAME="eth0"
DEVICE="eth0"
BOOTPROTO="static"
IPADDR="10.0.0.8"
PREFIX="24"
GATEWAY="10.0.0.200"
ONBOOT="yes"
[root@lvs ~]#curl 10.0.0.17
10.0.0.17
[root@lvs ~]#curl 10.0.0.7
10.0.0.7
#在LVS主机运行的脚本
#注意:VIP如果配置在LO网卡上,必须使用32bit子网掩码
#如果VIP绑定在eth0上,可以使用其它netmask
[root@lvs ~]#cat lvs_dr_vs.sh
#!/bin/bash
vip=172.16.0.100
iface=lo:1
mask=255.255.255.255
port=80
rs1=10.0.0.7
rs2=10.0.0.17
scheduler=wrr
type=-g
rpm -q ipvsadm &> /dev/null || yum -y install ipvsadm &> /dev/null
case $1 in
start)
ifconfig $iface $vip netmask $mask #broadcast $vip up
iptables -F
ipvsadm -A -t $vip:$port -s $scheduler
ipvsadm -a -t $vip:$port -r $rs1 $type -w 1
ipvsadm -a -t $vip:$port -r $rs2 $type -w 1
echo "The VS Server is Ready!"
;;
stop)
ipvsadm -C
ifconfig $iface down
echo "The VS Server is Canceled!"
;;
*)
echo "Usage: $(basename $0) start|stop"
exit 1
;;
esac
[root@lvs ~]#bash -n lvs_dr_vs.sh
[root@lvs ~]#bash lvs_dr_vs.sh start
The VS Server is Ready!
[root@lvs ~]#ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet 172.16.0.100/32 scope global lo:1
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:50:56:3b:17:bf brd ff:ff:ff:ff:ff:ff
inet 10.0.0.8/24 brd 10.0.0.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet6 fe80::250:56ff:fe3b:17bf/64 scope link
valid_lft forever preferred_lft forever
[root@lvs ~]#ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.16.0.100:80 wrr
-> 10.0.0.7:80 Route 1 0 0
-> 10.0.0.17:80 Route 1 0 0
RS1
[root@rs1 ~]#cat /etc/sysconfig/network-scripts/ifcfg-eth0
NAME="eth0"
DEVICE="eth0"
BOOTPROTO="static"
IPADDR="10.0.0.7"
PREFIX="24"
GATEWAY="10.0.0.200"
ONBOOT="yes"
[root@rs1 ~]#hostname -I
10.0.0.7
[root@rs1 ~]#route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.0.0.200 0.0.0.0 UG 100 0 0 eth0
10.0.0.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0
[root@rs1 ~]#yum -y install httpd
[root@rs1 ~]#systemctl enable --now httpd
[root@rs1 ~]#hostname -I > /var/www/html/index.html
[root@rs1 ~]#curl 10.0.0.7
10.0.0.7
[root@rs1 ~]#cat lvs_dr_rs.sh
#!/bin/bash
vip=172.16.0.100
mask=255.255.255.255
dev=lo:1
case $1 in
start)
echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
ifconfig $dev $vip netmask $mask
echo "The RS Server is Ready!"
;;
stop)
ifconfig $dev down
echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce
echo 0 > /proc/sys/net/ipv4/conf/lo/arp_announce
echo "The RS Server is Canceled!"
;;
*)
echo "Usage: $(basename $0) start|stop"
exit 1
;;
esac
[root@rs1 ~]#bash -n lvs_dr_rs.sh
[root@rs1 ~]#bash lvs_dr_rs.sh start
The RS Server is Ready!
[root@rs1 ~]#ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet 172.16.0.100/32 scope global lo:1
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:33:b7:af brd ff:ff:ff:ff:ff:ff
inet 10.0.0.7/24 brd 10.0.0.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe33:b7af/64 scope link
valid_lft forever preferred_lft forever
[root@rs1 ~]#scp lvs_dr_rs.sh 10.0.0.17:
RS2
[root@rs2 ~]#hostname -I
10.0.0.17
[root@rs2 ~]#route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.0.0.200 0.0.0.0 UG 100 0 0 eth0
10.0.0.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0
[root@rs2 ~]#cat /etc/sysconfig/network-scripts/ifcfg-eth0
NAME="eth0"
DEVICE="eth0"
BOOTPROTO="static"
IPADDR="10.0.0.17"
PREFIX="24"
GATEWAY="10.0.0.200"
ONBOOT="yes"
[root@rs2 ~]#yum -y install httpd
[root@rs2 ~]#systemctl enable --now httpd
[root@rs2 ~]#hostname -I > /var/www/html/index.html
[root@rs2 ~]#curl 10.0.0.17
10.0.0.17
[root@rs2 ~]#bash lvs_dr_rs.sh start
[root@rs2 ~]#ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet 172.16.0.100/32 scope global lo:1
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:50:56:3d:cb:17 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.17/24 brd 10.0.0.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet6 fe80::250:56ff:fe3d:cb17/64 scope link
valid_lft forever preferred_lft forever
[root@rs2 ~]#cat /proc/sys/net/ipv4/conf/all/arp_ignore
1
[root@rs2 ~]#cat /proc/sys/net/ipv4/conf/all/arp_announce
2
测试访问
[root@internet ~]#curl 172.16.0.100
10.0.0.17
[root@internet ~]#curl 172.16.0.100
10.0.0.7
[root@internet ~]#curl 172.16.0.100
10.0.0.17
[root@internet ~]#curl 172.16.0.100
10.0.0.7
以上是关于Linux第十五周(文件共享服务和LVS)的主要内容,如果未能解决你的问题,请参考以下文章