当前位置: 首页 > news >正文

lvs + keepalived + dns 高可用

news 来源:原创 2025/4/20 14:28:00

项目题目

实验步骤:

1.规划各自IP地址:

以lb-backup为例,修改ip地址即可

[root@lb-backup ~]# nmcli connection modify ens160 ipv4.addresses 192.168.72.106/24 ipv4.dns 223.5.5.5 ipv4.gateway 192.168.72.2 ipv4.method manual connection.autoconnect yes 
[root@lb-backup ~]# nmcli connection up ens160

2.搭建DNS服务-配置主DNS服务

2.1、安装bind软件

[root@dns-master ~]# dnf install bind -y

2.2、修改核心配置文件 

[root@dns-master ~]# cat /etc/named.conf
options {
listen-on port 53 { 192.168.72.107;192.168.72.100; };
directory "/var/named";
};
//正向解析
zone "chengke.com" IN {
type master;
file "chengke.zone";
allow-transfer { 192.168.72.108; };
};
//反向解析
zone "72.168.192.in-addr.arpa" IN {
type master;
file "chengke.fanxiang";
allow-transfer { 192.168.72.108; };
};
[root@dns-master ~]# named-checkconf //检查域名系统配置文件语法正确性

2.3、编写正向解析区域数据文件

[root@dns-master ~]# cat /var/named/chengke.zone
$TTL 1D
@ IN SOA @ root.chengke.com. (0
1H 1D 1W 3D)
IN NS ns1.chengke.com.
IN NS ns2
ns1 IN A 192.168.72.107
ns2 IN A 192.168.72.108
www IN A 192.168.72.200
txt IN TXT "AaBbCcDdEeFf"
[root@dns-master ~]# named-checkzone chengke.com /var/named/chengke.zone //检查配置

2.4、编写反向解析区域数据文件

[root@dns-master ~]# cp -a /var/named/chengke.zone
/var/named/test.fanxiang
[root@dns-master ~]# cat /var/named/chengke.fanxiang
$TTL 1D
@ IN SOA @ root.chengke.com. (0
1H 1D 1W 3D)
IN NS ns1.chengke.com.
IN NS ns2
ns1 IN A 192.168.72.107
ns2 IN A 192.168.72.108
200 IN PTR www.chengke.com.
txt IN TXT "AaBbCcDdEeFf"

2.5、功能测试

[root@dns-master ~]# systemctl start named
[root@dns-master ~]# dig -t NS chengke.com @192.168.72.107
[root@dns-master ~]# dig -t A www.chengke.com @192.168.72.107
[root@dns-master ~]# dig -x 192.168.72.200 @192.168.72.107//反向

3.搭建DNS服务-配置从DNS服务

3.1、安装bind软件

[root@dns-slave ~]# dnf install bind -y

3.2、修改主配置文件

[root@dns-slave ~]# scp root@192.168.72.107:/etc/named.conf
/etc/named.conf
[root@dns-slave ~]# cat /etc/named.conf
options {
listen-on port 53 { 192.168.72.108;192.168.72.100; };
directory "/var/named";
};
zone "chengke.com" IN {
type slave;
file "slaves/chengke.zone";
masters { 192.168.72.107; };
allow-transfer { none; };
};
zone "72.168.192.in-addr.arpa" IN {
type slave;
masters { 192.168.72.107; };
file "slaves/chengke.fanxiang";
allow-transfer { none; };
};
[root@dns-slave ~]# named-checkconf

3.3、功能测试

[root@dns-slave ~]# dig -t A www.chengke.com @192.168.72.107
[root@dns-slave ~]# dig -t A www.chengke.com @192.168.72.108

4.搭建Web服务器

4.1、安装nginx

[root@web01 ~]# dnf install nginx -y

4.2、配置nginx

[root@web01 ~]# cat /etc/nginx/conf.d/web.conf
server {
listen 80;
server_name www.chengke.com;
root /usr/share/nginx/html;
}

4.3.修改DNS

[root@web01 ~]# nmcli d show ens160 | grep DNS
IP4.DNS[1]: 223.5.5.5
[root@web01 ~]# nmcli c m ens160 ipv4.dns 192.168.72.100
[root@web01 ~]# nmcli c up ens160
Connection successfully activated (D-Bus active path:
/org/freedesktop/NetworkManager/ActiveConnection/3)
[root@web01 ~]# nmcli d show ens160 | grep DNS
IP4.DNS[1]: 192.168.72.100

4.4、编写页面

[root@web01 ~]# echo $(hostname) - $(hostname -I) > /usr/share/nginx/html/index.html

4.5启动服务

[root@web01 ~]# systemctl start nginx
[root@web01 ~]# curl localhost
web01 - 192.168.72.201

4.6、复制配置文件到web2和web3

scp /etc/nginx/conf.d/web.conf 192.168.72.202:/etc/nginx/conf.d/
scp /etc/nginx/conf.d/web.conf 192.168.72.203:/etc/nginx/conf.d/[root@web03 ~]# cat /etc/nginx/conf.d/web.conf  //检查
server {
listen 80;
server_name www.chengke.com;
root /usr/share/nginx/html;
}

4.7、修改web02和web03的欢迎页面

[root@web02 ~]# echo $(hostname) - $(hostname -I) > /usr/share/nginx/html/index.html
[root@web03 ~]# echo $(hostname) - $(hostname -I) > /usr/share/nginx/html/index.html

4.8、修改web02和web03的DNS 如上

4.9、启动web02和web03的服务 测试

[root@web02 ~]# systemctl start nginx
[root@web02 ~]# curl localhost
web02 - 192.168.72.202
[root@web03 ~]# systemctl start nginx
[root@web03 ~]# curl localhost
web03 - 192.168.72.203

5.搭建keepalived+lvs——master

5.1、安装keepalived和ipvsadm

[root@lb-master ~]# dnf install keepalived ipvsadm

5.2、配置keepavlied

[root@lb-master ~]# cat/etc/keepalived/keepalived.conf
global_defs {
router_id LVS_master
}
vrrp_instance VI_web {state MASTERinterface ens160virtual_router_id 51priority 100advert_int 1authentication {auth_type PASSauth_pass 1111}
virtual_ipaddress {192.168.72.200}
}
virtual_server 192.168.72.200 80 {delay_loop 6lb_algo wrrlb_kind DRprotocol TCPreal_server 192.168.72.201 80 {weight 3TCP_CHECK {connect_timeout 3retry 3delay_before_retry 3}    }
real_server 192.168.72.202 80 {weight 2TCP_CHECK {connect_timeout 3retry 3delay_before_retry 3}}
real_server 192.168.72.203 80 {weight 1TCP_CHECK {connect_timeout 3retry 3delay_before_retry 3}}
}
vrrp_instance VI_dns {state BACKUPinterface ens160virtual_router_id 52priority 80advert_int 1authentication {auth_type PASSauth_pass 1111}virtual_ipaddress {192.168.72.100}
}
virtual_server 192.168.72.100 53 {delay_loop 6lb_algo rrlb_kind DRprotocol UDPreal_server 192.168.72.107 53 {weight 1MISC_CHECK {connect_timeout 3misc_path "/etc/keepalived/checkdns.sh -h 192.168.72.107 txt.chengke.com"}
}
real_server 192.168.72.108 53 {weight 1MISC_CHECK {connect_timeout 3misc_path "/etc/keepalived/checkdns.sh -h 192.168.72.108 txt.chengke.com"}}
}

5.3、编写执行的脚本并修改权限

[root@lb-master ~]# cat /etc/keepalived/checkdns.sh 
#!/bin/bash[ $# -le 2 ] && { echo "usage: $0 -h <ip>"; exit 2; }
domain=$3
while getopts "h:" OPT; docase $OPT inh)host=$OPTARG;;*)echo "usage: $0 -h <ip>" && exit 1;;esac
done
dig @${host} txt ${domain} +time=1 | grep "\<AaBbCcDdEeFf\>" > /dev/null
exit $?[root@lb-master ~]# chmod a+x /etc/keepalived/checkdns.sh

6.搭建keepalived+lvs——bakcup

6.1、安装keepalived和ipvsadm

[root@lb-backup ~]# dnf install keepalived ipvsadm

6.2、复制keepalived的配置文件和shell脚本到backup服务

[root@lb-master ~]# scp /etc/keepalived/keepalived.conf 192.168.72.106:/etc/keepalived
[root@lb-master ~]# scp /etc/keepalived/checkdns.sh 192.168.72.106:/etc/keepalived

6.3、修改配置文件

[root@lb-backup ~]# cat /etc/keepalived/keepalived.conf 
global_defs {router_id LVS_backup
}vrrp_instance VI_web {state BACKUPinterface ens160virtual_router_id 51priority 80advert_int 1authentication {auth_type PASSauth_pass 1111}virtual_ipaddress {192.168.72.200}
}virtual_server 192.168.72.200 80 {delay_loop 6lb_algo wrrlb_kind DRprotocol TCPreal_server 192.168.72.201 80 {weight 3TCP_CHECK {connect_timeout 3retry 3delay_before_retry 3}}real_server 192.168.72.202 80 {weight 2TCP_CHECK {connect_timeout 3retry 3delay_before_retry 3}}real_server 192.168.72.203 80 {weight 1TCP_CHECK {connect_timeout 3retry 3delay_before_retry 3}}
}vrrp_instance VI_dns {state MASTERinterface ens160virtual_router_id 52priority 100advert_int 1authentication {auth_type PASSauth_pass 1111}virtual_ipaddress {192.168.72.100}
}virtual_server 192.168.72.100 53 {delay_loop 6lb_algo wrrlb_kind DRprotocol UDPreal_server 192.168.72.107 53 {weight 1MISC_CHECK {connect_timeout 3misc_path "/etc/keepalived/checkdns.sh -h 192.168.72.107 txt.chengke.com"}}real_server 192.168.72.108 53 {weight 2MISC_CHECK {connect_timeout 3misc_path "/etc/keepalived/checkdns.sh -h 192.168.72.107 txt.chengke.com"}}	
}

6.4、lb-master和lb-backup 启动服务

[root@lb-master ~]# dnf install bind-utils -y
[root@lb-backup ~]# dnf install bind-utils -y
//规则保存到指定文件
[root@lb-backup ~]# ipvsadm-save -n > /etc/sysconfig/ipvsadm
[root@lb-master ~]# ipvsadm-save -n > /etc/sysconfig/ipvsadm[root@lb-master ~]# systemctl start keepalived ipvsadm
[root@lb-backup ~]# systemctl start keepalived.service ipvsadm.service

 6.5、查看lvs规则

[root@lb-master ~]# ^C
[root@lb-master ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags-> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.72.200:80 wrr-> 192.168.72.201:80            Route   3      0          0         -> 192.168.72.202:80            Route   2      0          0         -> 192.168.72.203:80            Route   1      0          0         
UDP  192.168.72.100:53 wrr-> 192.168.72.107:53            Route   1      0          0         -> 192.168.72.108:53            Route   1      0          0

 7.添加虚拟IP

DNS:
[root@dns-slave ~]# ifconfig lo:0 192.168.72.100 netmask 255.255.255.255 up
[root@dns-slave ~]# route add -host 192.168.72.100 dev lo:0
[root@dns-master ~]# ifconfig lo:0 192.168.72.100 netmask 255.255.255.255 up
[root@dns-master ~]# route add -host 192.168.72.100 dev lo:0web:
[root@web01 ~]# ifconfig lo:0 192.168.72.200 netmask 255.255.255.255 up
[root@web01 ~]# route add -host 192.168.72.200 dev lo:0
[root@web02 ~]# ifconfig lo:0 192.168.72.200 netmask 255.255.255.255 up
[root@web02 ~]# route add -host 192.168.72.200 dev lo:0 
[root@web03 ~]# ifconfig lo:0 192.168.72.200 netmask 255.255.255.255 up
[root@web03 ~]# route add -host 192.168.72.200 dev lo:0

8.配置DNS内核参数

[root@dns-slave ~]# cat /etc/sysctl.conf 
# sysctl settings are defined through files in
# /usr/lib/sysctl.d/, /run/sysctl.d/, and /etc/sysctl.d/.
#
# Vendors settings live in /usr/lib/sysctl.d/.
# To override a whole file, create a new file with the same in
# /etc/sysctl.d/ and put new settings there. To override
# only specific settings, add a file with a lexically later
# name in /etc/sysctl.d/ and put new settings there.
#
# For more information, see sysctl.conf(5) and sysctl.d(5).
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
[root@dns-slave ~]# sysctl -p
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2[root@dns-master ~]# cat /etc/sysctl.conf 
# sysctl settings are defined through files in
# /usr/lib/sysctl.d/, /run/sysctl.d/, and /etc/sysctl.d/.
#
# Vendors settings live in /usr/lib/sysctl.d/.
# To override a whole file, create a new file with the same in
# /etc/sysctl.d/ and put new settings there. To override
# only specific settings, add a file with a lexically later
# name in /etc/sysctl.d/ and put new settings there.
#
# For more information, see sysctl.conf(5) and sysctl.d(5).
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
[root@dns-master ~]# sysctl -p
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2

9.配置Web服务器内核参数

[root@web01 ~]# vim /etc/sysctl.conf
[root@web01 ~]# sysctl -p
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.ip_forward = 0
[root@web02 ~]# vim /etc/sysctl.conf
[root@web02 ~]# sysctl -p
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.ip_forward = 0
[root@web03 ~]# vim /etc/sysctl.conf
[root@web03 ~]# sysctl -p
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.ip_forward = 0

项目测试 :

打开百度输入 192.168.72.200 进行访问

项目完成!!!

相关文章:

  • 嵌入式开发
  • 实时数据同步方案
  • 网络安全·第四天·扫描工具Nmap的运用
  • libaom 码率控制实验:从理论到实践的深度探索
  • 水污染治理(生物膜+机器学习)
  • Android离屏渲染
  • ubuntu 常用指令
  • leetcode298.生命游戏
  • E-trace for risc-v
  • 机器视觉检测Pin针歪斜应用
  • 编写了一个专门供强化学习玩的贪吃蛇小游戏,可以作为后续学习的playgraound
  • L1-028 判断素数
  • Python asyncio 入门实战-2
  • 游戏引擎学习第226天
  • 381_C++_decrypt解密数据、encrypt加密数据,帧头和数据buffer分开
  • Nacos-Controller 2.0:使用 Nacos 高效管理你的 K8s 配置
  • 0415美团面试题目详解
  • MapSet 2 (Set)
  • Vulhub-DarkHole靶机通关攻略
  • 代码随想录算法训练营第十八天
  • 伊朗外长: 下一轮伊美核问题谈判将于26日举行
  • 特朗普称美联储主席鲍威尔“应该尽早下台”
  • 二十届中央第五轮巡视完成进驻
  • 泽连斯基称乌美矿产协议谈判相关法律事宜已基本敲定
  • 国家药监局通告18批次化妆品检出禁用原料,含婴儿护肤霜
  • 上海是他永远倾心的城市,黄永玉90岁后作品在沪展出