马哥教育N63013-第十五周作业

第十五周作业：

1、实现基于MYSQL验证的vsftpd虚拟用户访问

1、创建用户数据库文件
[root@centos8 ~]# yum install -y vsftpd
[root@centos8 ~]# rpm -qf `which db_load`
libdb-utils-5.3.28-42.el8_4.x86_64
[root@centos8 ~]# vim /etc/vsftpd/vusers.txt 
xiaoming
123456
xiaohong
654321
[root@centos8 ~]# db_load -T -t hash -f /etc/vsftpd/vusers.txt /etc/vsftpd/vusers.db
[root@centos8 ~]# chmod 600 /etc/vsftpd/vusers.*
2、创建用户的访问FTP目录
[root@centos8 ~]# useradd -d /data/ftproot -s /sbin/nologin -r vuser
[root@centos8 ~]# mkdir -pv /data/ftproot/upload
[root@centos8 ~]# setfacl -m u:vuser:rwx /data/ftproot/upload
[root@centos8 ~]# chown -R vuser.vuser /data/
3、创建pam配置文件
[root@centos8 ~]# vim /etc/pam.d/vsftpd.db
auth required pam_userdb.so db=/etc/vsftpd/vusers
account required pam_userdb.so db=/etc/vsftpd/vusers
4、指定pam配置文件
[root@centos8 ~]# vim /etc/vsftpd/vsftpd.conf
guest_enable=YES
guest_username=vuser
pam_service_name=vsftpd.db
5、虚拟用户建立独立的配置文件
#指定各个用户配置文件存放的路径
[root@centos8 ~]# vim /etc/vsftpd/vsftpd.conf
user_config_dir=/etc/vsftpd/conf.d/
#创建各个用户配置文件存放的路径
[root@centos8 ~]# mkdir /etc/vsftpd/conf.d/
#创建各用户自己的配置文件，允许wang用户可读可写，其它用户只读
[root@centos8 ~]# cat /etc/vsftpd/conf.d/ftp_wang
anon_upload_enable=YES
anon_mkdir_write_enable=YES
anon_other_write_enable=YES
#创建各用户自己的配置文件
[root@centos8 ~]# cat /etc/vsftpd/conf.d/ftp_mage
local_root=/data/ftproot2
#针对ftp_mage用户建立对应的数据目录
[root@centos8 pub]# mkdir /data/ftproot2/
[root@centos8 ~]# systemctl start vsftpd


实现基于MYSQL验证的vsftpd虚拟用户
1、安装配置mariadb数据库
[root@centos8 ~]# yum -y install mariadb-server
[root@centos8 ~]# systemctl enable --now mariadb
[root@centos8 ~]# mysql
MariaDB [(none)]> CREATE DATABASE vsftpd;
MariaDB [(none)]> use vsftpd
MariaDB [vsftpd]> CREATE TABLE users (
    -> id INT AUTO_INCREMENT NOT NULL PRIMARY KEY,
    -> name CHAR(50) BINARY NOT NULL,
    -> password CHAR(48) BINARY NOT NULL
    -> );
Query OK, 0 rows affected (0.004 sec)
MariaDB [vsftpd]> insert users (name,password) values('alice',password('123456'));
MariaDB [vsftpd]> insert users (name,password) values('bob',password('654321'));
MariaDB [vsftpd]> select * from users;
+----+-------+-------------------------------------------+
| id | name  | password                                  |
+----+-------+-------------------------------------------+
|  1 | alice | *6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9 |
|  2 | bob   | *2A032F7C5BA932872F0F045E0CF6B53CF702F2C5 |
+----+-------+-------------------------------------------+
MariaDB [vsftpd]> grant select on vsftpd.* to vsftpd@'10.0.0.%' identified by '123456';

2、安装配置vsftpd
[root@centos7 ~]# yum -y install vsftpd
[root@centos7 ~]# rz
[root@centos7 ~]# ls
anaconda-ks.cfg  pam_mysql-0.7RC1.tar.gz
[root@centos7 ~]# tar xf pam_mysql-0.7RC1.tar.gz -C /usr/local/src
[root@centos7 ~]# cd /usr/local/src
[root@centos7 src]# cd pam_mysql-0.7RC1/
[root@centos7 pam_mysql-0.7RC1]# yum -y install vsftpd gcc gcc-c++ make mariadb-devel pam-devel
[root@centos7 pam_mysql-0.7RC1]# ./configure --with-pam-mods-dir=/lib64/security
[root@centos7 pam_mysql-0.7RC1]# make install
[root@centos7 pam_mysql-0.7RC1]# vim /etc/pam.d/vsftpd.mysql
auth required pam_mysql.so user=vsftpd passwd=123456 host=10.0.0.8 db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2
account required pam_mysql.so user=vsftpd passwd=123456 host=10.0.0.8 db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2
[root@centos7 pam_mysql-0.7RC1]# useradd -s /sbin/nologin -d /data/ftproot -r vuser
[root@centos7 pam_mysql-0.7RC1]# mkdir -p /data/ftproot/upload
[root@centos7 pam_mysql-0.7RC1]# chown vuser.vuser /data/ftproot/upload
[root@centos7 pam_mysql-0.7RC1]# chmod +rwx /data/ftproot/upload
[root@centos7 pam_mysql-0.7RC1]# cat /etc/vsftpd/vsftpd.conf
#修改此行
pam_service_name=vsftpd.mysql
#增加这两行
guest_enable=YES
guest_username=vuser
[root@centos7 pam_mysql-0.7RC1]# systemctl restart vsftpd
[root@centos7 log]# vim /etc/vsftpd/vsftpd.conf
user_config_dir=/etc/vsftpd/conf.d/
[root@centos7 log]# mkdir /etc/vsftpd/conf.d
[root@centos7 log]# cat /etc/vsftpd/conf.d/alice
anon_upload_enable=yes
anon_mkdir_write_enable=yes
anon_other_write_enable=yes
local_root=/data/ftproot1
[root@centos7 log]# mkdir /data/ftproot1/upload -pv
[root@centos7 log]# chown vuser.vuser /data/ftproot1/upload/
[root@centos7 log]# systemctl restart vsftpd
[root@centos7 log]# mkdir /data/ftproot2/
[root@centos7 log]# touch /data/ftproot2/bob.txt
[root@centos7 log]# cp /etc/vsftpd/conf.d/alice /etc/vsftpd/conf.d/bob



3、ftp账户测试
[root@client ~]# ftp 10.0.0.7
Connected to 10.0.0.7 (10.0.0.7).
220 (vsFTPd 3.0.2)
Name (10.0.0.7:root): alice
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
227 Entering Passive Mode (10,0,0,7,214,111).
150 Here comes the directory listing.
drwxr-xr-x    2 997      994             6 Apr 04 12:29 upload
226 Directory send OK.
ftp> lcd /etc
Local directory now /etc
ftp> cd upload
250 Directory successfully changed.
ftp> put hosts
local: hosts remote: hosts
227 Entering Passive Mode (10,0,0,7,243,124).
150 Ok to send data.
226 Transfer complete.
158 bytes sent in 6.5e-05 secs (2430.77 Kbytes/sec)
[root@client ~]# ftp 10.0.0.7
Connected to 10.0.0.7 (10.0.0.7).
220 (vsFTPd 3.0.2)
Name (10.0.0.7:root): bob
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
227 Entering Passive Mode (10,0,0,7,122,22).
150 Here comes the directory listing.
-rw-r--r--    1 0        0               0 Apr 04 12:35 bob.txt
226 Directory send OK.

2、配置samba共享，实现/www目录共享

1、安装samba服务端
[root@centos8 ~]# yum -y install samba
2、创建用户和组
[root@centos8 ~]# groupadd -r admins
[root@centos8 ~]# useradd -s /sbin/nologin -G admins smb1
[root@centos8 ~]# useradd -s /sbin/nologin -G admins smb2
[root@centos8 ~]# id smb1
uid=1000(smb1) gid=1000(smb1) groups=1000(smb1),990(admins)
[root@centos8 ~]# id smb2
uid=1001(smb2) gid=1001(smb2) groups=1001(smb2),990(admins)
3、创建samba用户
[root@centos8 ~]# smbpasswd -a smb1
New SMB password:
Retype new SMB password:
Added user smb1.
[root@centos8 ~]# smbpasswd -a smb2
New SMB password:
Retype new SMB password:
Added user smb2.
[root@centos8 ~]# pdbedit -L
smb1:1000:
smb2:1001:
4、创建samba共享目录
[root@centos8 ~]# mkdir /www
[root@centos8 ~]# chgrp admins /www
[root@centos8 ~]# chmod 2775 /www
5、配置samba配置文件
[root@centos8 ~]# vim /etc/samba/smb.conf
#最后一行后面添加
[share]
path = /www
write list = @admins
6、启动samba服务端
[root@centos8 ~]# systemctl enable --now smb nmb
7、安装客户端工具
[root@centos7 ~]# yum -y install cifs-utils
8、挂在cifs文件系统
[root@centos7 ~]# mkdir /mnt/smb{1,2} -pv
mkdir: 已创建目录 "/mnt/smb1"
mkdir: 已创建目录 "/mnt/smb2"
[root@centos7 ~]# mount -o username=smb1 //10.0.0.8/share /mnt/smb1
Password for smb1@//10.0.0.8/share:  ******
[root@centos7 ~]# mount -o username=smb2 //10.0.0.8/share /mnt/smb2
Password for smb2@//10.0.0.8/share:  ******
[root@centos7 ~]# df -h
文件系统          容量  已用  可用 已用% 挂载点
//10.0.0.8/share  7.0G  1.8G  5.3G   26% /mnt/smb1
//10.0.0.8/share  7.0G  1.8G  5.3G   26% /mnt/smb2
9、最后做读写测试
[root@centos7 ~]# touch /mnt/smb1/smb1.txt
[root@centos7 ~]# touch /mnt/smb2/smb2.txt
[root@centos7 ~]# echo "test1" > /mnt/smb1/smb1.txt
[root@centos7 ~]# echo "test2" > /mnt/smb2/smb2.txt
[root@centos7 ~]# cat /mnt/smb1/smb1.txt 
test1
[root@centos7 ~]# cat /mnt/smb1/smb2.txt 
test2

3、使用rsync+inotify实现/www目录实时同步

#备份服务器
1、安装rsync
[root@centos8 ~]# yum -y install rsync
2、修改配置文件
[root@centos8 ~]# vim /etc/rsyncd.conf
uid=test
gid=test
reverse lookup = no

[www]
path=/www
read only=no
auth users=rsyncuser
secrets file=/etc/rsync.pas
3、创建同步目录，生成密码文件
[root@centos8 ~]# mkdir /www
[root@centos8 ~]# echo "rsyncuser:123456" > /etc/rsync.pas
[root@centos8 ~]# chmod 600 /etc/rsync.pas
4、启动rsync服务
[root@centos8 ~]# rsync --daemon
[root@centos8 ~]# ss -ntl
State    Recv-Q   Send-Q      Local Address:Port       Peer Address:Port   Process   
LISTEN   0        5                 0.0.0.0:873             0.0.0.0:*    
#源数据服务器
1、安装相关包
[root@centos8 ~]# yum install -y inotify-tools
[root@centos8 ~]# yum -y install rsync
2、创建密码文件
[root@centos8 ~]# mkdir /www
[root@centos8 ~]# echo "rsyncuser:123456" > /etc/rsync.pas
[root@centos8 ~]# chmod 600 /etc/rsync.pas
3、使用脚本实现同步
[root@centos8 ~]# vim innotify_rsync.sh 
SRC='/www' 
DEST='rsyncuser@10.0.0.18::www'

rpm -q rsync &> /dev/null || yum -y install rsync
inotifywait -mrq --exclude=".*\.swp" --timefmt '%Y-%m-%d %H:%M:%S' --format '%T %w %f' -e create,delete,moved_to,close_write,attrib ${SRC} | while read DATE TIME DIR FILE;
do
    FILEPATH=${DIR}${FILE}
    rsync -az --delete --password-file=/etc/rsync.pas $SRC $DEST && echo "At ${TIME} on ${DATE}, file $FILEPATH was backuped up via rsync" >> /var/log/changelist.log
done

4、LVS调度算法总结

ipvs scheduler：根据其调度是否考虑各RS当前的负载状态
分为两种：静态方法和动态方法
1、静态方法：仅根据算法本身进行调度
    1.RR：roundrobin，轮询，较常用
    2.WRR：Weighted RR，加权轮询，较常用
    3.SH：Source Hashing，实现session sticky，源IP地址hash；将来自于同一个IP地址的请求始终发往第一次挑中的RS，从而实现会话绑定。
    4.DH：Destination Hashing；目标地址哈希，第一次轮询调度至RS，后续将发往同一个目标地址的请求始终转发至第一次挑中的RS，典型使用场景是正向代理缓存场景的负载均衡，如Web缓存。
2、动态方法：主要根据每RS当前的负载状态及调度算法进行调度Overhead=value较小的RS将被调度
    1.LC：least connections适用于长链接应用
    Overhead=activeconns*256+inactiveconns
    2.WLC:Weighted LC，默认调度方法，较常用
    Overhead=(activeconns*256+inactiveconns)/weight
    3.SED：Shortest Expection Delay，初始连接较高权重优先，只检查活动连接，而不考虑非活动连接
    Overhead=(activeconns+1)*256/weight
    4.NQ：Never Queue，第一轮询均匀分配，后续SED
    5.LBLC：Locality-Based LC，动态的DH算法，使用场景：根据负载状态实现正向代理，实现Web Cache等。
    6.LBLCR：LBLC with Replication，带复制功能的LBLC，解决LBLC负载不均衡问题，从负载重的复制到负载轻的RS，实现Web Cache等。
3、内核版本4.15后新增算法：FO和OVF
    FO（Weighted Fail Over）调度算法，在此FO算法中，遍历虚拟服务所关联的真实服务器链表，找到还未过载（未设置IP_VS_DEST_F_OVERLOAD标志）的且权重最高的真实服务器，进行调度，属于静态算法。
    OVF（Overflow-connection）调度算法，基于真实服务器的活动连接数量和权重值实现。将新连接调度到权重值最高的真实服务器，直到其活动连接数量超过权重值，之后调度到下一个权重值最高的真实服务器，在此OVF算法中，遍历虚拟服务相关联的真实服务器链表，找到权重值最高的可用真实服务器，属于动态算法。

5、LVS的跨网络DR实现

1、LVS的网络配置
#internet主机环境
 一台：客户端 eth0:仅主机 192.168.10.6/24 GW:192.168.10.200
[root@centos8 ~]# hostnamectl set-hostname internet
[root@internet ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
NAME=eth0
BOOTPROTO=static
IPADDR=192.168.10.6
PREFIX=24
GATEWAY=192.168.10.200
DNS1=223.5.5.5
DNS2=180.76.76.76
ONBOOT=yes
vmware设置网卡仅主机模式
[root@internet ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.10.200  0.0.0.0         UG    100    0        0 eth0
192.168.10.0    0.0.0.0         255.255.255.0   U     100    0        0 eth0

#router主机环境
一台：ROUTER
eth0 :NAT  10.0.0.200/24
eth1: 仅主机 192.168.10.200/24
启用 IP_FORWARD
vmware添加网卡2设置仅主机模式
[root@centos8 ~]# echo 'net.ipv4.ip_forward=1' >> /etc/sysctl.conf
[root@centos8 ~]# sysctl -p
net.ipv4.ip_forward = 1
[root@centos8 ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0 /etc/sysconfig/network-scripts/ifcfg-eth1
DEVICE=eth0
NAME=eth0
BOOTPROTO=static
IPADDR=10.0.0.200
PREFIX=24
ONBOOT=yes
DEVICE=eth1
NAME=eth1
BOOTPROTO=static
IPADDR=192.168.10.200
PREFIX=24
ONBOOT=yes
[root@route network-scripts]# nmcli connection
NAME                UUID                                  TYPE      DEVICE 
eth0                5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03  ethernet  eth0   
Wired connection 1  09fc5042-0347-3ba0-9ede-e39715bd1bb7  ethernet  eth1   
eth1                9c92fad9-6ecb-3e6c-eb4d-8a47c6f50c04  ethernet  --    
[root@route network-scripts]# nmcli connection delete Wired\ connection\ 1
Connection 'Wired connection 1' (09fc5042-0347-3ba0-9ede-e39715bd1bb7) successfully deleted.
[root@route network-scripts]# nmcli connection
NAME  UUID                                  TYPE      DEVICE 
eth0  5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03  ethernet  eth0   
eth1  9c92fad9-6ecb-3e6c-eb4d-8a47c6f50c04  ethernet  eth1   
#添加172.16.0.200/24的地址
[root@route ~]# ip a a 172.16.0.200/24 dev eth0 label eth0:1
[root@route ~]# ip a
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0:  mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:0c:29:b8:64:45 brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.200/24 brd 10.0.0.255 scope global noprefixroute eth0
       valid_lft forever preferred_lft forever
    inet 172.16.0.200/24 scope global eth0:1
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:feb8:6445/64 scope link 
       valid_lft forever preferred_lft forever
3: eth1:  mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:0c:29:b8:64:4f brd ff:ff:ff:ff:ff:ff
    inet 192.168.10.200/24 brd 192.168.10.255 scope global noprefixroute eth1
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:feb8:644f/64 scope link 
       valid_lft forever preferred_lft forever
#检查ip_forward开启
[root@route ~]# sysctl -p|grep ip_for
net.ipv4.ip_forward = 1
[root@route ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.0.0.0        0.0.0.0         255.255.255.0   U     102    0        0 eth0
172.16.0.0      0.0.0.0         255.255.255.0   U     0      0        0 eth0
192.168.10.0    0.0.0.0         255.255.255.0   U     101    0        0 eth1



两台RS：
RS1：eth0:NAT:10.0.0.7/24   GW：10.0.0.200
RS2：eth0:NAT:10.0.0.17/24 GW：10.0.0.200
#RS1网络配置
[root@centos7 ~]# hostnamectl set-hostname rs1
[root@rs1 ~]# yum -y install httpd
[root@rs1 ~]# systemctl enable --now httpd
Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.
[root@rs1 ~]# hostname -I > /var/www/html/index.html
[root@rs1 ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
NAME=eth0
BOOTPROTO=static
IPADDR=10.0.0.7
PREFIX=24
GATEWAY=10.0.0.200
ONBOOT=yes
[root@rs1 ~]# systemctl restart network
[root@rs1 ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.0.0.200      0.0.0.0         UG    100    0        0 eth0
10.0.0.0        0.0.0.0         255.255.255.0   U     100    0        0 eth0
[root@rs1 ~]# bash lvs_dr_rs.sh start
The RS Server is Ready!
[root@rs1 ~]# ip a
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet 172.16.0.100/32 scope global lo:1
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0:  mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:be:4a:7b brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.7/24 brd 10.0.0.255 scope global noprefixroute eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:febe:4a7b/64 scope link 
       valid_lft forever preferred_lft forever


#RS2
[root@centos7 ~]# hostnamectl set-hostname rs2
[root@rs2 ~]# yum -y install httpd
[root@rs2 ~]# systemctl enable --now httpd
Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.
[root@rs2 ~]# hostname -I > /var/www/html/index.html
[root@rs2 ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
NAME=eth0
BOOTPROTO=static
IPADDR=10.0.0.17
PREFIX=24
GATEWAY=10.0.0.200
ONBOOT=yes
[root@rs2 ~]# systemctl restart network
[root@rs2 ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.0.0.200      0.0.0.0         UG    100    0        0 eth0
10.0.0.0        0.0.0.0         255.255.255.0   U     100    0        0 eth0
[root@rs2 ~]# bash lvs_dr_rs.sh start
The RS Server is Ready!
[root@rs2 ~]# ip a
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet 172.16.0.100/32 scope global lo:1
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0:  mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:0a:01:38 brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.17/24 brd 10.0.0.255 scope global noprefixroute eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fe0a:138/64 scope link 
       valid_lft forever preferred_lft forever


一台：LVS
eth0:NAT:DIP:10.0.0.8/24 GW:10.0.0.200
#LVS的网络配置
[root@centos8 ~]# yum -y install ipvsadm
[root@centos8 ~]# hostnamectl set-hostname lvs
[root@centos8 ~]# hostname -I
10.0.0.8 
[root@lvs ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0 
DEVICE=eth0
NAME=eth0
BOOTPROTO=static
IPADDR=10.0.0.8
PREFIX=24
GATEWAY=10.0.0.200
ONBOOT=yes
[root@lvs ~]# nmcli connection reload
[root@lvs ~]# nmcli connection up eth0
[root@lvs ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.0.0.200      0.0.0.0         UG    100    0        0 eth0
10.0.0.0        0.0.0.0         255.255.255.0   U     100    0        0 eth0

2、后端RS的IPVS配置
#RS1的IPVS配置
[root@rs1 ~]# echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore 
[root@rs1 ~]# echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore 
[root@rs1 ~]# echo 2 > /proc/sys/net/ipv4/conf/all/arp_ignore 
[root@rs1 ~]# echo 2 > /proc/sys/net/ipv4/conf/lo/arp_ignore 
[root@rs1 ~]# ifconfig lo:1 10.0.0.100/32
[root@rs1 ~]# ip a
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet 10.0.0.100/0 scope global lo:1
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0:  mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:be:4a:7b brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.7/24 brd 10.0.0.255 scope global noprefixroute eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:febe:4a7b/64 scope link 
       valid_lft forever preferred_lft forever

#RS2的IPVS配置
[root@rs2 ~]# echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore 
[root@rs2 ~]# echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore 
[root@rs2 ~]# echo 2 > /proc/sys/net/ipv4/conf/all/arp_ignore 
[root@rs2 ~]# echo 2 > /proc/sys/net/ipv4/conf/lo/arp_ignore 
[root@rs2 ~]# ifconfig lo:1 10.0.0.100/32
[root@rs2 ~]# ip a
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet 10.0.0.100/0 scope global lo:1
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0:  mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:0a:01:38 brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.17/24 brd 10.0.0.255 scope global noprefixroute eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fe0a:138/64 scope link 
       valid_lft forever preferred_lft forever

3、LVS主机的配置
[root@lvs ~]# ifconfig lo:1 10.0.0.100/32
[root@lvs ~]# ip a
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet 10.0.0.100/0 scope global lo:1
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0:  mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:0c:29:2d:a0:ce brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.8/24 brd 10.0.0.255 scope global noprefixroute eth0
       valid_lft forever preferred_lft forever