文章目录[隐藏]
关闭防火墙 systemctl disable --now firewalld
系统版本 CentOS 7.9
数据库版本 MariaDB 10.5
rsyslog服务器 10.0.0.131(主机名:centos7-01)
数据库服务器 10.0.0.132(主机名:centos7-02)
loganalyzer 服务器 10.0.0.133(主机名:centos7-03)
一、在rsyslog服务器上安装连接mysql模块相关的程序包
[root@centos7-01 ~]# yum install -y rsyslog-mysql
[root@centos7-01 ~]# rpm -ql rsyslog-mysql
/usr/lib64/rsyslog/ommysql.so
/usr/share/doc/rsyslog-8.24.0/mysql-createDB.sql
#查看sql脚本文件内容
[root@centos7 ~]#cat /usr/share/doc/rsyslog-8.24.0/mysql-createDB.sql
[root@centos7-01 ~]# cat /usr/share/doc/rsyslog-8.24.0/mysql-createDB.sql
CREATE DATABASE Syslog;
USE Syslog;
CREATE TABLE SystemEvents
(
ID int unsigned not null auto_increment primary key,
CustomerID bigint,
ReceivedAt datetime NULL,
DeviceReportedTime datetime NULL,
Facility smallint NULL,
Priority smallint NULL,
FromHost varchar(60) NULL,
Message text,
NTSeverity int NULL,
Importance int NULL,
EventSource varchar(60),
EventUser varchar(60) NULL,
EventCategory int NULL,
EventID int NULL,
EventBinaryData text NULL,
MaxAvailable int NULL,
CurrUsage int NULL,
MinUsage int NULL,
MaxUsage int NULL,
InfoUnitID int NULL ,
SysLogTag varchar(60),
EventLogType varchar(60),
GenericFileName VarChar(60),
SystemID int NULL
);
CREATE TABLE SystemEventsProperties
(
ID int unsigned not null auto_increment primary key,
SystemEventID int NULL ,
ParamName varchar(255) NULL ,
ParamValue text NULL
);
#将sql脚本复制到数据库服务器上
[root@centos7-01 ~]# scp /usr/share/doc/rsyslog-8.24.0/mysql-createDB.sql 10.0.0.132:
二、 数据库服务器配置
#yum源配置MariaDB 10.5数据库
[root@centos7-02 ~]# vim /etc/yum.repos.d/mariadb.repo
[mariadb]
[mariadb]
name = MariaDB
baseurl = https://mirrors.tuna.tsinghua.edu.cn/mariadb/yum/10.5/centos7-amd64/
gpgkey = https://mirrors.tuna.tsinghua.edu.cn/mariadb/yum/RPM-GPG-KEY-MariaDB
gpgcheck = 1
#安装数据库
[root@centos7-02 ~]# yum -y install mariadb-server
#启动数据库
[root@centos7-02 ~]# systemctl enable --now mariadb && systemctl status mariadb
#在mariadb数据库服务器上创建相关数据库和表,并授权rsyslog能连接至当前服务器
MariaDB [(none)]> source /root/mysql-createDB.sql
Query OK, 1 row affected (0.000 sec)
Database changed
Query OK, 0 rows affected (0.004 sec)
Query OK, 0 rows affected (0.004 sec)
MariaDB [Syslog]> show databases;
+--------------------+
| Database |
+--------------------+
| Syslog |
| information_schema |
| mysql |
| performance_schema |
| test |
+--------------------+
5 rows in set (0.000 sec)
MariaDB [Syslog]> show tables;
+------------------------+
| Tables_in_Syslog |
+------------------------+
| SystemEvents |
| SystemEventsProperties |
+------------------------+
2 rows in set (0.000 sec)
MariaDB [Syslog]> GRANT ALL PRIVILEGES ON Syslog.* TO 'rsyslog'@'10.0.0.%' IDENTIFIED BY 'rsyslog';
MariaDB [Syslog]> FLUSH PRIVILEGES;
三、配置日志服务器将日志发送到数据库
#配置rsyslog将日志保存到mysql中
[root@centos7-01 ~]# vim /etc/rsyslog.conf
$ModLoad ommysql
#在RULES语句块加下面行的格式
#facility.priority :ommysql:DBHOST,DBNAME,DBUSER, PASSWORD
*.info;mail.none;authpriv.none;cron.none :ommysql:10.0.0.132,Syslog,rsyslog,rsyslog
[root@centos7-01 ~]# systemctl restart rsyslog.service
四、数据测试
#测试数据,并在数据库中查看是否记录
[root@centos7-01 ~]# logger "This is a test log from 10.0.0.131"
MariaDB [Syslog]> select * from SystemEvents/G
*************************** 1. row ***************************
ID: 1
CustomerID: NULL
ReceivedAt: 2022-06-05 11:13:34
DeviceReportedTime: 2022-06-05 11:13:34
Facility: 3
Priority: 6
FromHost: centos7-01
Message: Stopping System Logging Service...
NTSeverity: NULL
Importance: NULL
EventSource: NULL
EventUser: NULL
EventCategory: NULL
EventID: NULL
EventBinaryData: NULL
MaxAvailable: NULL
CurrUsage: NULL
MinUsage: NULL
MaxUsage: NULL
InfoUnitID: 1
SysLogTag: systemd:
EventLogType: NULL
GenericFileName: NULL
SystemID: NULL
*************************** 2. row ***************************
ID: 2
CustomerID: NULL
ReceivedAt: 2022-06-05 11:13:34
DeviceReportedTime: 2022-06-05 11:13:34
Facility: 5
Priority: 6
FromHost: centos7-01
Message: [origin software="rsyslogd" swVersion="8.24.0-55.el7" x-pid="1044" x-info="http://www.rsyslog.com"] exiting on signal 15.
NTSeverity: NULL
Importance: NULL
EventSource: NULL
EventUser: NULL
EventCategory: NULL
EventID: NULL
EventBinaryData: NULL
MaxAvailable: NULL
CurrUsage: NULL
MinUsage: NULL
MaxUsage: NULL
InfoUnitID: 1
SysLogTag: rsyslogd:
EventLogType: NULL
GenericFileName: NULL
SystemID: NULL
*************************** 3. row ***************************
ID: 3
CustomerID: NULL
ReceivedAt: 2022-06-05 11:13:34
DeviceReportedTime: 2022-06-05 11:13:34
Facility: 3
Priority: 6
FromHost: centos7-01
Message: Stopped System Logging Service.
NTSeverity: NULL
Importance: NULL
EventSource: NULL
EventUser: NULL
EventCategory: NULL
EventID: NULL
EventBinaryData: NULL
MaxAvailable: NULL
CurrUsage: NULL
MinUsage: NULL
MaxUsage: NULL
InfoUnitID: 1
SysLogTag: systemd:
EventLogType: NULL
GenericFileName: NULL
SystemID: NULL
*************************** 4. row ***************************
ID: 4
CustomerID: NULL
ReceivedAt: 2022-06-05 11:13:34
DeviceReportedTime: 2022-06-05 11:13:34
Facility: 3
Priority: 6
FromHost: centos7-01
Message: Starting System Logging Service...
NTSeverity: NULL
Importance: NULL
EventSource: NULL
EventUser: NULL
EventCategory: NULL
EventID: NULL
EventBinaryData: NULL
MaxAvailable: NULL
CurrUsage: NULL
MinUsage: NULL
MaxUsage: NULL
InfoUnitID: 1
SysLogTag: systemd:
EventLogType: NULL
GenericFileName: NULL
SystemID: NULL
*************************** 5. row ***************************
ID: 5
CustomerID: NULL
ReceivedAt: 2022-06-05 11:13:34
DeviceReportedTime: 2022-06-05 11:13:34
Facility: 5
Priority: 6
FromHost: centos7-01
Message: [origin software="rsyslogd" swVersion="8.24.0-55.el7" x-pid="2187" x-info="http://www.rsyslog.com"] start
NTSeverity: NULL
Importance: NULL
EventSource: NULL
EventUser: NULL
EventCategory: NULL
EventID: NULL
EventBinaryData: NULL
MaxAvailable: NULL
CurrUsage: NULL
MinUsage: NULL
MaxUsage: NULL
InfoUnitID: 1
SysLogTag: rsyslogd:
EventLogType: NULL
GenericFileName: NULL
SystemID: NULL
*************************** 6. row ***************************
ID: 6
CustomerID: NULL
ReceivedAt: 2022-06-05 11:13:34
DeviceReportedTime: 2022-06-05 11:13:34
Facility: 3
Priority: 6
FromHost: centos7-01
Message: Started System Logging Service.
NTSeverity: NULL
Importance: NULL
EventSource: NULL
EventUser: NULL
EventCategory: NULL
EventID: NULL
EventBinaryData: NULL
MaxAvailable: NULL
CurrUsage: NULL
MinUsage: NULL
MaxUsage: NULL
InfoUnitID: 1
SysLogTag: systemd:
EventLogType: NULL
GenericFileName: NULL
SystemID: NULL
*************************** 7. row ***************************
ID: 7
CustomerID: NULL
ReceivedAt: 2022-06-05 11:14:12
DeviceReportedTime: 2022-06-05 11:14:12
Facility: 1
Priority: 5
FromHost: centos7-01
Message: This is a test log from 10.0.0.131
NTSeverity: NULL
Importance: NULL
EventSource: NULL
EventUser: NULL
EventCategory: NULL
EventID: NULL
EventBinaryData: NULL
MaxAvailable: NULL
CurrUsage: NULL
MinUsage: NULL
MaxUsage: NULL
InfoUnitID: 1
SysLogTag: root:
EventLogType: NULL
GenericFileName: NULL
SystemID: NULL
7 rows in set (0.001 sec)
#在日志服务器上查询到上面的测试日志
[root@centos7-01 ~]# tail -f /var/log/messages
Jun 5 11:13:34 centos7-01 systemd: Stopping System Logging Service...
Jun 5 11:13:34 centos7-01 rsyslogd: [origin software="rsyslogd" swVersion="8.24.0-55.el7" x-pid="1044" x-info="http://www.rsyslog.com"] exiting on signal 15.
Jun 5 11:13:34 centos7-01 systemd: Stopped System Logging Service.
Jun 5 11:13:34 centos7-01 systemd: Starting System Logging Service...
Jun 5 11:13:34 centos7-01 rsyslogd: [origin software="rsyslogd" swVersion="8.24.0-55.el7" x-pid="2187" x-info="http://www.rsyslog.com"] start
Jun 5 11:13:34 centos7-01 systemd: Started System Logging Service.
Jun 5 11:14:12 centos7-01 root: This is a test log from 10.0.0.131
五、 loganalyzer 服务器 配置
#安装httpd, php和相关软件包
[root@centos7-03 ~]# yum -y install httpd php-fpm php-mysql php-gd
#启动httpd, php
[root@centos7-03 ~]# systemctl enable --now httpd php-fpm
#安装wget
[root@centos7-03 ~]# yum -y install wget
#下载loganalyzer
[root@centos7-03 ~]# wget 'https://download.adiscon.com/loganalyzer/loganalyzer-4.1.10.tar.gz' --no-check-certificate
#解压缩
[root@centos7-03 ~]# tar xvf loganalyzer-4.1.10.tar.gz
#移动至/var/www/html/log
[root@centos7-03 ~]# cd loganalyzer-4.1.10/
[root@centos7-03 loganalyzer-4.1.10]# ls
ChangeLog contrib COPYING doc INSTALL src
[root@centos7-03 loganalyzer-4.1.10]# mv src/ /var/www/html/log
#重启httpd
[root@centos7-03 ~]# systemctl restart httpd
#创建配置文件
[root@centos7-03 log]# touch /var/www/html/log/config.php
[root@centos7-03 log]# chmod 666 /var/www/html/log/config.php
六、打开页面进行loganalyzer 配置
浏览器打开:10.0.0.133/log/
七、最后可进行安全加固,页面配置会保存在此文件,如果配置错了,可以删除这个文件,再从新打开页面配置
#安全加固
[root@centos7-03 log]# chmod 600 /var/www/html/log/config.php
关闭防火墙 systemctl disable --now firewalld
系统版本 CentOS 7.9
数据库版本 MariaDB 10.5
FTP服务器 10.0.0.131(主机名:centos7-01)
数据库服务器 10.0.0.132(主机名:centos7-02)
利用 pam_mysql 模块可以实现基于MySQL的FTP虚拟用户功能
注意:
因为此项目年代久远不再更新,当前只支持CentOS 6,7,不支持CentOS 8
MySQL8.0由于取消了PASSWORD()函数不支持,因此选择MariaDB
对于 centos 6:pam_mysql由EPEL的源中提供
对于 centos7 和 8:无对应rpm包,需手动编译安装
一、 数据库服务器配置
#yum源配置MariaDB 10.5数据库
[root@centos7-02 ~]# vim /etc/yum.repos.d/mariadb.repo
[mariadb]
[mariadb]
name = MariaDB
baseurl = https://mirrors.tuna.tsinghua.edu.cn/mariadb/yum/10.5/centos7-amd64/
gpgkey = https://mirrors.tuna.tsinghua.edu.cn/mariadb/yum/RPM-GPG-KEY-MariaDB
gpgcheck = 1
#安装数据库
[root@centos7-02 ~]# yum -y install mariadb-server
#启动数据库
[root@centos7-02 ~]# systemctl enable --now mariadb && systemctl status mariadb
#建立存储虚拟用户数据库和表
[root@centos7-02 /]# mysql
MariaDB [(none)]> CREATE DATABASE vsftpd;
Query OK, 1 row affected (0.000 sec)
MariaDB [(none)]> USE vsftpd;
Database changed
MariaDB [vsftpd]> CREATE TABLE users (
id INT AUTO_INCREMENT NOT NULL PRIMARY KEY,
name CHAR(50) BINARY NOT NULL,
password CHAR(48) BINARY NOT NULL
);
#添加虚拟用户,为了安全应该使用PASSWORD函数加密其密码后存储
MariaDB [vsftpd]> INSERT INTO users(name,password) values('ftp_zhangsan',password('123456'));
MariaDB [vsftpd]> INSERT INTO users(name,password) values('ftp_lisi',password('123456'));
MariaDB [vsftpd]> select * from users;
+----+--------------+-------------------------------------------+
| id | name | password |
+----+--------------+-------------------------------------------+
| 1 | ftp_zhangsan | *6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9 |
| 2 | ftp_lisi | *6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9 |
+----+--------------+-------------------------------------------+
#创建连接的数据库用户
MariaDB [vsftpd]> GRANT SELECT ON vsftpd.* TO vsftpd@'10.0.0.%' IDENTIFIED BY '123456';
Query OK, 0 rows affected (0.002 sec)
MariaDB [vsftpd]> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.001 sec)
二、在FTP服务器上配置 pam_mysql、vsftpd
#安装软件
[root@centos7-01 ~]# yum -y install vsftpd gcc gcc-c++ make mariadb-devel pam-devel
#pam-mysql 源码进行编译,下载pam_mysql包并解包
[root@centos7-01 ~]# wget http://prdownloads.sourceforge.net/pam-mysql/pam_mysql-0.7RC1.tar.gz
[root@centos7-01 ~]# tar xvf pam_mysql-0.7RC1.tar.gz
#编译安装
[root@centos7-01 src]# cd pam_mysql-0.7RC1/
[root@centos7-01 pam_mysql-0.7RC1]# ./configure --with-pam-mods-dir=/lib64/security
[root@centos7-01 pam_mysql-0.7RC1]# make install
[root@centos7-01 pam_mysql-0.7RC1]# ll /lib64/security/pam_mysql*
-rwxr-xr-x 1 root root 882 Jun 5 16:15 /lib64/security/pam_mysql.la
-rwxr-xr-x 1 root root 141720 Jun 5 16:15 /lib64/security/pam_mysql.so
#在FTP服务器上建立pam认证所需文件
[root@centos7-01 pam_mysql-0.7RC1]# vim /etc/pam.d/vsftpd.mysql
auth required pam_mysql.so user=vsftpd passwd=123456 host=10.0.0.132 db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2
account required pam_mysql.so user=vsftpd passwd=123456 host=10.0.0.132 db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2
crypt 加密方式:
0表示不加密1表示crypt(3)加密2表示使用mysql password()函数加密3表示md5加密4表示sha1加密配置字段说明:
auth 表示认证account 验证账号密码正常使用required 表示认证要通过pam_mysql.so模块是默认的相对路径,是相对/lib64/security/路径而言,也可以写绝对路径;后面为给此模块传递的参数user=vsftpd为登录mysql的用户passwd=123456 登录mysql的的密码host=10.0.0.17 mysql服务器的主机名或ip地址db=vsftpd 指定连接msyql的数据库名称table=users 指定连接数据库中的表名usercolumn=name 当做用户名的字段passwdcolumn=password 当做用户名字段的密码crypt=2 密码的加密方式为mysql password()函数加密
三、在FTP服务器上配置 pam_mysql、vsftpd
#建立虚拟用户映射的系统用户及对应的目录
[root@centos7-01 pam_mysql-0.7RC1]# useradd -s /sbin/nologin -d /data/ftproot -r vuser
[root@centos7-01 pam_mysql-0.7RC1]# mkdir -pv /data/ftproot/upload
mkdir: created directory ‘/data’
mkdir: created directory ‘/data/ftproot’
mkdir: created directory ‘/data/ftproot/upload’
[root@centos7-01 pam_mysql-0.7RC1]# setfacl -m u:vuser:rwx /data/ftproot/upload
#确保/etc/vsftpd/vsftpd.conf中已经启用了以下选项
[root@centos7-01 pam_mysql-0.7RC1]# #vim /etc/vsftpd/vsftpd.conf
#修改下面一项,原系统用户无法登录
pam_service_name=vsftpd.mysql
#
##添加下面两项
guest_enable=YES
guest_username=vuser
#启动vsftpd服务
[root@centos7-01 pam_mysql-0.7RC1]# systemctl enable --now vsftpd
四、在FTP服务器上配置虚拟用户具有不同的访问权限
vsftpd可以在配置文件目录中为每个用户提供单独的配置文件以定义其ftp服务访问权限,每个虚拟用户的配置文件名同虚拟用户的用户名。配置文件目录可以是任意未使用目录,只需要在vsftpd.conf指定其路径及名称即可
#配置vsftpd为虚拟用户使用配置文件目录
[root@centos7-01 pam_mysql-0.7RC1]# vim /etc/vsftpd/vsftpd.conf
#添加如下选项
user_config_dir=/etc/vsftpd/conf.d/
#创建所需要目录,并为虚拟用户提供配置文件
[root@centos7-01 pam_mysql-0.7RC1]# mkdir /etc/vsftpd/conf.d/
#配置虚拟用户的访问权限
[root@centos7-01 pam_mysql-0.7RC1]# vim /etc/vsftpd/conf.d/ftp_zhangsan
anon_upload_enable=YES
anon_mkdir_write_enable=YES
anon_other_write_enable=YES
#登录目录改变至指定的目录
local_root=/data/ftproot1
#创建目录,修改权限
[root@centos7-01 pam_mysql-0.7RC1]# mkdir /data/ftproot1/upload -pv
[root@centos7-01 pam_mysql-0.7RC1]# chown vuser.vuser /data/ftproot1/upload/
#重启FTP
[root@centos7-01 pam_mysql-0.7RC1]# systemctl restart vsftpd
五、测试
[root@centos7-01 ~]# ftp 10.0.0.131
Connected to 10.0.0.131 (10.0.0.131).
220 (vsFTPd 3.0.2)
Name (10.0.0.131:root): ftp_zhangsan
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
227 Entering Passive Mode (10,0,0,131,130,129).
150 Here comes the directory listing.
drwxr-xr-x 2 998 996 6 Jun 05 21:00 upload
226 Directory send OK.
ftp> cd upload
250 Directory successfully changed.
ftp> pwd
257 "/upload"
ftp> lcd /etc
Local directory now /etc
ftp> put hosts
local: hosts remote: hosts
227 Entering Passive Mode (10,0,0,131,156,129).
150 Ok to send data.
226 Transfer complete.
158 bytes sent in 0.00013 secs (1215.38 Kbytes/sec)
#上传hosts文件后到磁盘中查看成功
[root@centos7-01 ~]# ll /data/ftproot1/upload/
total 4
-rw------- 1 vuser vuser 158 Jun 5 21:04 hosts
#创建另一个目录ftproot2并在目录下建立一个txt文档,第二个数据库账号登录后可看到此txt文件,实现每个账号有独立的目录
[root@centos7-01 ~]# cd /etc/vsftpd/conf.d/
[root@centos7-01 conf.d]# ls
ftp_zhangsan
[root@centos7-01 conf.d]# cp ftp_zhangsan ftp_lisi
[root@centos7-01 conf.d]# ls
ftp_lisi ftp_zhangsan
[root@centos7-01 conf.d]# vim ftp_lisi
anon_upload_enable=YES
anon_mkdir_write_enable=YES
anon_other_write_enable=YES
local_root=/data/ftproot2
[root@centos7-01 conf.d]# chown vuser.vuser /data/ftproot2/upload/
[root@centos7-01 conf.d]# touch /data/ftproot2/lisi.txt
[root@centos7-01 ~]# ftp 10.0.0.131
Connected to 10.0.0.131 (10.0.0.131).
220 (vsFTPd 3.0.2)
Name (10.0.0.131:root): ftp_lisi
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
227 Entering Passive Mode (10,0,0,131,181,60).
150 Here comes the directory listing.
-rw-r--r-- 1 0 0 0 Jun 05 21:11 lisi.txt
drwxr-xr-x 2 998 996 6 Jun 05 21:10 upload
226 Directory send OK.
关闭防火墙 systemctl disable --now firewalld
系统版本 CentOS 7.9
samba服务器 10.0.0.131(主机名:centos7-01)
samba客户端 10.0.0.132(主机名:centos7-02)
一、在samba服务器上安装samba包
[root@centos7-01 ~]# yum -y install samba
#创建samba用户和组
useradd -s /sbin/nologin -G admins ma
[root@centos7-01 ~]# groupadd -r admins
[root@centos7-01 ~]# useradd -s /sbin/nologin -G admins ma
[root@centos7-01 ~]# smbpasswd -a ma
New SMB password:
Retype new SMB password:
Added user ma.
[root@centos7-01 ~]# useradd -s /sbin/nologin li
[root@centos7-01 ~]# smbpasswd -a li
New SMB password:
Retype new SMB password:
Added user li.
#创建samba共享目录,并设置SElinux
[root@centos7-01 ~]# mkdir /www
[root@centos7-01 ~]# chgrp admins /www
[root@centos7-01 ~]# chmod 2775 /www
#samba服务器配置
[root@centos7-01 ~]# vim /etc/samba/smb.conf
[share]
path = /www
write list = @admins
#启动服务
[root@centos7-01 ~]# systemctl enable --now smb nmb
二、samba客户端配置
#安装软件包
[root@centos7-02 ~]# yum -y install cifs-utils
#用ma用户挂载smb共享并访问
[root@centos7-02 ~]# mkdir /mnt/ma -pv
mkdir: created directory ‘/mnt/ma’
[root@centos7-02 ~]# mount -o username=ma //10.0.0.131/share /mnt/ma
Password for ma@//10.0.0.131/share: ******
[root@centos7-02 ~]# df -h
Filesystem Size Used Avail Use% Mounted on
devtmpfs 898M 0 898M 0% /dev
tmpfs 910M 0 910M 0% /dev/shm
tmpfs 910M 9.6M 901M 2% /run
tmpfs 910M 0 910M 0% /sys/fs/cgroup
/dev/mapper/centos-root 50G 2.2G 48G 5% /
/dev/mapper/centos-home 147G 33M 147G 1% /home
/dev/sda1 1014M 151M 864M 15% /boot
tmpfs 182M 0 182M 0% /run/user/0
//10.0.0.131/share 50G 1.7G 49G 4% /mnt/ma
#用li用户挂载smb共享并访问
[root@centos7-02 ~]# mkdir /mnt/li -pv
mkdir: created directory ‘/mnt/li’
[root@centos7-02 ~]# mount -o username=li //10.0.0.131/share /mnt/li
Password for li@//10.0.0.131/share: ******
[root@centos7-02 ~]# df -h
Filesystem Size Used Avail Use% Mounted on
devtmpfs 898M 0 898M 0% /dev
tmpfs 910M 0 910M 0% /dev/shm
tmpfs 910M 9.6M 901M 2% /run
tmpfs 910M 0 910M 0% /sys/fs/cgroup
/dev/mapper/centos-root 50G 2.1G 48G 5% /
/dev/mapper/centos-home 147G 33M 147G 1% /home
/dev/sda1 1014M 151M 864M 15% /boot
tmpfs 182M 0 182M 0% /run/user/0
//10.0.0.131/share 50G 1.7G 49G 4% /mnt/ma
//10.0.0.131/share 50G 1.7G 49G 4% /mnt/li
#用客户端创建文件
[root@centos7-02 ~]# touch /mnt/ma/ma.txt
#用服务器端查看创建成功
[root@centos7-01 ~]# cd www/
[root@centos7-01 www]# ls
ma.txt
关闭防火墙 systemctl disable --now firewalld
系统版本 CentOS 7.9
inotify服务器 10.0.0.131(主机名:centos7-01)
rsync服务器 10.0.0.132(主机名:centos7-02)
一、安装inotify-tools
[root@centos7-01 ~]# yum -y install inotify-tools
[root@centos7-01 ~]# yum -y install rsync
[root@centos7-01 ~]# rpm -ql inotify-tools
/usr/bin/inotifywait
/usr/bin/inotifywatch
/usr/lib64/libinotifytools.so.0
/usr/lib64/libinotifytools.so.0.4.1
/usr/share/doc/inotify-tools-3.14
/usr/share/doc/inotify-tools-3.14/AUTHORS
/usr/share/doc/inotify-tools-3.14/COPYING
/usr/share/doc/inotify-tools-3.14/ChangeLog
/usr/share/doc/inotify-tools-3.14/NEWS
/usr/share/doc/inotify-tools-3.14/README
/usr/share/man/man1/inotifywait.1.gz
/usr/share/man/man1/inotifywatch.1.gz
max_queued_events:inotify 事件队列最大长度,如值太小会出现 Event Queue Overflow 错误,默认值:16384, 生产环境建议调大,比如:327679max_user_instances:每个用户创建inotify实例最大值,默认值:128max_user_watches:可以监视的文件的总数量(inotifywait 单进程),默认值:8192,建议调大
inotify-tools包主要工具:
inotifywait: 在被监控的文件或目录上等待特定文件系统事件(open ,close,delete等)发生, 常用于实时同步的目录监控
inotifywatch:收集被监控的文件系统使用的统计数据,指文件系统事件发生的次数统计
[root@centos7-01 ~]# vim /etc/sysctl.conf
[root@centos7-01 ~]# sysctl -p
fs.inotify.max_queued_events = 66666
fs.inotify.max_user_watches = 100000
二、创建rsync服务器的配置文件
[root@centos7-02 ~]# rpm -q rsync
rsync-3.1.2-10.el7.x86_64
#注意rsyncd.conf配置,需要删除#后面的注释部分
[root@centos7-02 ~]# vim /etc/rsyncd.conf
uid = root #提定以哪个用户来访问共享目录,将之指定为生成的文件所有者,默认为nobody
gid = root #默认为nobody
max cOnnections= 0
ignore errors
log file = /var/log/rsyncd.log
pid file = /var/run/rsyncd.pid
exclude = lost+found/
lock file = /var/run/rsyncd.lock
reverse lookup = no
[backup] #每个模块名对应一个不同的path目录,如果同名后面模块生效
path = /www
comment = backup dir
read Only= no #默认是yes,即只读
auth users = rsyncuser #默认anonymous可以访问rsync服务器
secrets file = /etc/rsync.pas
#准备备份目录
[root@centos7-02 ~]# mkdir /www
#生成验证文件
[root@centos7-02 ~]# echo "rsyncuser:ma" > /etc/rsync.pas
[root@centos7-02 ~]# chmod 600 /etc/rsync.pas
#启动rsyncd服务
[root@centos7-02 ~]# systemctl enable --now rsyncd
Created symlink from /etc/systemd/system/multi-user.target.wants/rsyncd.service to /usr/lib/systemd/system/rsyncd.service.
[root@centos7-02 ~]# ss -ntl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 5 *:873 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 5 [::]:873 [::]:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 100 [::1]:25 [::]:*
三、inotify服务器配置密码文件
[root@centos7-01 ~]# echo "ma" > /etc/rsync.pas
[root@centos7-01 ~]# chmod 600 /etc/rsync.pas
#查看远程rsync服务器的模块信息
[root@centos7-01 ~]# rsync rsync://10.0.0.132
backup backup dir
#交互式验证查看具体模块内的文件
[root@centos7-01 www]# rsync --password-file=/etc/rsync.pas rsync://rsyncuser@10.0.0.132/backup
[root@centos7-01 www]# rsync rsync://rsyncuser@10.0.0.132/backup
Password:
drwxr-xr-x 6 2022/06/06 20:53:10 .
#非交互式查看共享目录
[root@centos7-01 www]# rsync --password-file=/etc/rsync.pas rsync://rsyncuser@10.0.0.132/backup
四、测试同步数据
[root@centos7-02 www]# touch /www/a.txt
[root@centos7-01 www]# rsync -avz --delete --password-file=/etc/rsync.pas rsyncuser@10.0.0.132::backup /www/a.txt
receiving incremental file list
created directory /www/a.txt
./
a.txt
sent 46 bytes received 103 bytes 298.00 bytes/sec
total size is 0 speedup is 0.00
五、shell 脚本实现实时数据同步
#编写脚本
[root@centos7-02 www]# vim inotify_rsync.sh
#!/bin/bash
SRC='/www/'
DEST='rsyncuser@10.0.0.132::backup'
inotifywait -mrq --timefmt '%Y-%m-%d %H:%M' --format '%T %w %f' -e attrib,create,delete,moved_to,close_write ${SRC} |while read DATE TIME DIR FILE;
do
FILEPATH=${DIR}${FILE}
rsync -az --delete --password-file=/etc/rsync.pas $SRC $DEST && echo "At ${TIME} on ${DATE}, file $FILEPATH was backuped up via rsync" >> /var/log/changelist.log
done
#inotify服务器测试同步,运行脚本
[root@centos7-01 www]# bash inotify_rsync.sh
#可新开rsync服务器窗口定时查看目录
[root@centos7-02 www]# watch -n0.5 ls -l /www/
#新开inotify服务器窗口,在www文件夹创建文件进行
[root@centos7-01 www]# touch 1234.txt
[root@centos7-01 www]# touch 1234a.txt
#rsync服务器文件同步成功
[root@centos7-02 www]# ll
-rw-r--r-- 1 root root 0 Jun 7 07:06 1234a.txt
-rw-r--r-- 1 root root 0 Jun 7 07:05 1234.txt
#可新开inotify服务器,查看同步日志
[root@centos7-01 ~]# tail -f /var/log/changelist.log
At 07:05 on 2022-06-07, file /www/1234.txt was backuped up via rsync
At 07:06 on 2022-06-07, file /www/1234a.txt was backuped up via rsync
ipvs scheduler:根据其调度时是否考虑各RS当前的负载状态分为两种:静态方法和动态方法
静态方法仅根据算法本身进行调度1、RR:Round Robin,轮询,较常用2、WRR:Weighted RR,加权轮询,较常用3、SH:Source Hashing,源地址散列调度算法,实现session sticky,源IP地址hash;将来自于同一个IP地址的请求始终发往第一次挑中的RS,从而实现会话绑定4、DH:Destination Hashing,目标地址散列调度算法,目标地址哈希,第一次轮询调度至RS,后续将发往同一个目标地址的请求始终转发至第一次挑中的RS,典型使用场景是正向代理缓存场景中的负载均衡,如:Web缓存
动态方法主要根据每RS当前的负载状态及调度算法进行调度Overhead=value 较小的RS将被调度
1、LC:least connections,最少连接,适用于长连接应用
Overhead=activeconns*256+inactiveconns
2、WLC:Weighted LC,加权最少连接,默认调度方法,较常用
Overhead=(activeconns*256+inactiveconns)/weight
3、SED:Shortest Expection Delay,最短延迟调度,初始连接高权重优先,只检查活动连接,而不考虑非活动连接
Overhead=(activeconns+1)*256/weight
4、NQ:Never Queue,永不排队调度,第一轮均匀分配,后续SED
5、LBLC:Locality-Based LC,基于局部性的最少链接,动态的DH算法,使用场景:根据负载状态实现正向代理,实现Web Cache等
6、LBLCR:LBLC with Replication,带复制的基于局部性最少连接,带复制功能的LBLC,解决LBLC负载不均衡问题,从负载重的复制到负载轻的RS,实现Web Cache等
内核版本 4.15 版本后新增调度算法:FO和OVFFO(Weighted Fail Over)调度算法,加权故障转移,在此FO算法中,遍历虚拟服务所关联的真实服务器链表,找到还未过载(未设置IP_VS_DEST_F_OVERLOAD标志)的且权重最高的真实服务器,进行调度,属于静态算法
OVF(Overflow-connection)调度算法,溢出连接,基于真实服务器的活动连接数量和权重值实现。将新连接调度到权重值最高的真实服务器,直到其活动连接数量超过权重值,之后调度到下一个权重值最高的真实服务器,在此OVF算法中,遍历虚拟服务相关联的真实服务器链表,找到权重值最高的可用真实服务器。属于动态算法
一个可用的真实服务器需要同时满足以下条件:
未过载(未设置IP_VS_DEST_F_OVERLOAD标志)
真实服务器当前的活动连接数量小于其权重值
其权重值不为零
关闭防火墙 systemctl disable --now firewalld
系统版本 CentOS 7.9
客户端 192.168.10.6(主机名:centos7-01)
ROUTER路由器 eth0:10.0.0.200、eth1: 192.168.10.200(主机名:centos7-02)
LVS服务器 10.0.0.8(主机名:centos7-03)
RS服务器1 10.0.0.7(主机名:centos7-04)
RS服务器2 10.0.0.17(主机名:centos7-05)
环境:五台主机一台:客户端 eth0:仅主机 192.168.10.6/24 GW:192.168.10.200
一台:ROUTEReth0:NAT 10.0.0.200/24eth0:1 172.16.0.200/24eth1:仅主机 192.168.10.200/24启用 IP_FORWARD
一台:LVSeth0:NAT:DIP:10.0.0.8/24 GW:10.0.0.200lo:VIP:172.16.0.100/32
两台RS:RS1:eth0:NAT:10.0.0.7/24 GW:10.0.0.200lo:VIP:172.16.0.100/32
RS2:eth0:NAT:10.0.0.17/24 GW:10.0.0.200 lo:VIP:172.16.0.100/32
一、客户端 192.168.10.6(主机名:centos7-01)
#注意设置网卡IP后,service network restart重启网卡后生效
[root@centos7-01 ~]# hostname -I
192.168.10.6
#IP地址
[root@centos7-01 ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
BOOTPROTO="static"
NAME="eth0"
DEVICE="eth0"
OnBOOT="yes"
IPADDR=192.168.10.6
NETMASK=255.255.255.0
GATEWAY=192.168.10.200
#ROUTER路由器 配置完成以后ping一下
[root@centos7-01 ~]# ping 192.168.10.200
PING 192.168.10.200 (192.168.10.200) 56(84) bytes of data.
64 bytes from 192.168.10.200: icmp_seq=1 ttl=64 time=0.480 ms
二、ROUTER路由器 eth0:10.0.0.200、eth1: 192.168.10.200(主机名:centos7-02)
#启用 IP_FORWARD
[root@centos7-02 ~]# echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
[root@centos7-02 ~]# sysctl -p
net.ipv4.ip_forward = 1
#IP地址
[root@centos7-02 ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
NAME="eth0"
DEVICE="eth0"
BOOTPROTO="static"
IPADDR="10.0.0.200"
PREFIX="24"
OnBOOT="yes"
[root@centos7-02 ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth1
ME="eth1"
DEVICE="eth1"
BOOTPROTO="static"
IPADDR="192.168.10.200"
PREFIX="24"
OnBOOT="yes"
#设置VIP :lo:VIP:172.16.0.100/32
[root@centos7-02 ~]# ip a a 172.16.0.200/24 dev eth0 label eth0:1
[root@centos7-02 ~]# ip a
1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:1d:c1:db brd ff:ff:ff:ff:ff:ff
inet 10.0.0.200/24 brd 10.0.0.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet 172.16.0.200/24 scope global eth0:1
valid_lft forever preferred_lft forever
3: eth1: mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:1d:c1:e5 brd ff:ff:ff:ff:ff:ff
inet 192.168.10.200/24 brd 192.168.10.255 scope global noprefixroute eth1
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe1d:c1e5/64 scope link
valid_lft forever preferred_lft forever
#hostname -I 有3个地址
[root@centos7-02 ~]# hostname -I
10.0.0.200 172.16.0.200 192.168.10.200
[root@centos7-02 ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.0.0.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0
172.16.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.10.0 0.0.0.0 255.255.255.0 U 101 0 0 eth1
三、 LVS服务器 10.0.0.8(主机名:centos7-03)
#需要先安装ipvsadm
[root@centos7-03 ~]# yum -y install ipvsadm
#IP地址
[root@centos7-03 ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
NAME="eth0"
DEVICE="eth0"
BOOTPROTO="static"
IPADDR="10.0.0.8"
PREFIX="24"
GATEWAY="10.0.0.200"
OnBOOT="yes"
#在LVS服务器运行的脚本
#注意:VIP如果配置在LO网卡上,必须使用32bit子网掩码,如果设置24bit会造成数据无法转发的问题。
#如果VIP绑定在eth0上,可以使用其它netmask
[root@centos7-03 ~]# cat lvs_dr_vs.sh
#!/bin/bash
vip='172.16.0.100'
iface='lo:1'
mask='255.255.255.255'
port='80'
rs1='10.0.0.7'
rs2='10.0.0.17'
scheduler='wrr'
type='-g'
case $1 in
start)
ifconfig $iface $vip netmask $mask #broadcast $vip up
iptables -F
ipvsadm -A -t ${vip}:${port} -s $scheduler
ipvsadm -a -t ${vip}:${port} -r ${rs1} $type -w 1
ipvsadm -a -t ${vip}:${port} -r ${rs2} $type -w 1
echo "The VS Server is Ready!"
;;
stop)
ipvsadm -C
ifconfig $iface down
echo "The VS Server is Canceled!"
;;
*)
echo "Usage: $(basename $0) start|stop"
exit 1
;;
esac
#运行脚本
[root@centos7-03 ~]# bash lvs_dr_vs.sh start
The VS Server is Ready!
[root@centos7-03 ~]# ip a
1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet 172.16.0.100/32 scope global lo:1
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:9d:6f:b7 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.8/24 brd 10.0.0.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
#查看状态
[root@centos7-03 ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.16.0.100:80 wrr
-> 10.0.0.7:80 Route 1 0 0
-> 10.0.0.17:80 Route 1 0 0
#设置RS服务器1和RS服务器2完成后,可测试访问
[root@centos7-03 ~]# curl 10.0.0.17
10.0.0.17
[root@centos7-03 ~]# curl 10.0.0.7
10.0.0.7
四、 RS服务器1 10.0.0.7(主机名:centos7-04)
#需要在外网环境下先安装httpd和net-tools,脚本中ifconfig需要用到net-tools组件功能,httpd用于测试页面
[root@centos7-04 ~]# yum -y install httpd,net-tools
#IP地址
[root@centos7-04 ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
NAME="eth0"
DEVICE="eth0"
BOOTPROTO="static"
IPADDR="10.0.0.7"
PREFIX="24"
GATEWAY="10.0.0.200"
OnBOOT="yes"
#启动httpd并加入开机启动
[root@centos7-04 ~]# systemctl enable --now httpd
#将本机IP写入到访问页面
[root@centos7-04 ~]# #hostname -I > /var/www/html/index.html
#查看页面内容
[root@centos7-04 ~]# curl 10.0.0.7
10.0.0.7
#编写脚本
[root@centos7-04 ~]# cat lvs_dr_rs.sh
#!/bin/bash
vip=172.16.0.100
mask='255.255.255.255'
dev=lo:1
case $1 in
start)
echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
ifconfig $dev $vip netmask $mask
echo "The RS Server is Ready!"
;;
stop)
ifconfig $dev down
echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce
echo 0 > /proc/sys/net/ipv4/conf/lo/arp_announce
echo "The RS Server is Canceled!"
;;
*)
echo "Usage: $(basename $0) start|stop"
exit 1
;;
esac
#执行脚本
[root@centos7-04 ~]# bash lvs_dr_rs.sh start
The RS Server is Ready!
#查看配置
[root@centos7-04 ~]# ip a
1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet 172.16.0.100/32 scope global lo:1
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:58:8d:7a brd ff:ff:ff:ff:ff:ff
inet 10.0.0.7/24 brd 10.0.0.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
五、RS服务器2 10.0.0.17(主机名:centos7-05)
#需要在外网环境下先安装httpd和net-tools,脚本中ifconfig需要用到net-tools组件功能,httpd用于测试页面
[root@centos7-05 ~]# yum -y install httpd,net-tools
#IP地址
[root@centos7-05 ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
NAME="eth0"
DEVICE="eth0"
BOOTPROTO="static"
IPADDR="10.0.0.17"
PREFIX="24"
GATEWAY="10.0.0.200"
OnBOOT="yes"
#启动httpd并加入开机启动
[root@centos7-05 ~]# systemctl enable --now httpd
#将本机IP写入到访问页面
[root@centos7-05 ~]# #hostname -I > /var/www/html/index.html
#查看页面内容
[root@centos7-05 ~]# curl 10.0.0.17
10.0.0.17
#编写脚本
[root@centos7-05 ~]# cat lvs_dr_rs.sh
#!/bin/bash
vip=172.16.0.100
mask='255.255.255.255'
dev=lo:1
case $1 in
start)
echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
ifconfig $dev $vip netmask $mask
echo "The RS Server is Ready!"
;;
stop)
ifconfig $dev down
echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce
echo 0 > /proc/sys/net/ipv4/conf/lo/arp_announce
echo "The RS Server is Canceled!"
;;
*)
echo "Usage: $(basename $0) start|stop"
exit 1
;;
esac
#执行脚本
[root@centos7-05 ~]# bash lvs_dr_rs.sh start
The RS Server is Ready!
#查看配置
[root@centos7-05 ~]# ip a
1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet 172.16.0.100/32 scope global lo:1
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:58:8d:7a brd ff:ff:ff:ff:ff:ff
inet 10.0.0.17/24 brd 10.0.0.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
六、客户端测试访问 192.168.10.6(主机名:centos7-01)
[root@centos7-01 ~]# curl 172.16.0.100
10.0.0.17
[root@centos7-01 ~]# curl 172.16.0.100
10.0.0.7
[root@centos7-01 ~]# curl 172.16.0.100
10.0.0.17
[root@centos7-01 ~]# curl 172.16.0.100
10.0.0.7
[root@centos7-01 ~]# curl 172.16.0.100
10.0.0.17