【运维学习】lvs + keepalived + 主从dns 项目搭建
需求主机规划
环境搭建
配置主从dns
主dns
从dns
配置web服务
搭建lvs + keepalived
配置master
配置backup
更改dns配置
添加VIP
配置内核参数
更改web配置
添加VIP
配置内核参数
客户端测试
需求
https://i-blog.csdnimg.cn/direct/196b6c6e60f34af88db526a12c2dbdee.png
主机规划
主机名IP角色lvs-master192.168.239.105主lvs,同时做web和dns调理lvs-backup192.168.239.106副lvs,同时做web和dns调理dns-master192.168.239.107VIP:192.168.239.100
主从dns服务器dns-slave192.168.239.108web1192.168.239.201VIP:192.168.239.200web2192.168.239.202web3192.168.239.203client192.168.239.10客户端
环境搭建
为全部主机配置IP、主机名、关闭防火墙与selinux。此处省略配置命令
配置主从dns
主dns
安装bind软件
# dnf install -y bind 配置主配置文件
# cat /etc/named.conf
options {
listen-on port 53 { 192.168.239.100;192.168.239.107; };
directory "/var/named";
};
zone "yili.com" IN {
type master;
file "named.yili";
allow-transfer { 192.168.239.108; };
};
zone "239.168.192.in-addr.arpa" IN {
type master;
file "named.yilifan";
allow-transfer { 192.168.239.108; };
};
配置地区文件
正向分析
# cat /var/named/named.yili
$TTL 1D
@ IN SOA @ admin.yili.com. ( 0 1 1 1 1 )
IN NS ns1.yili.com.
IN NS ns2.yili.com.
ns1 IN A 192.168.239.107
ns2 IN A 192.168.239.108
www IN A 192.168.239.200
txt IN TXT "AaBbCcDdEeFf"
反向分析
# cat /var/named/named.yilifan
$TTL 1D
@ IN SOA @ admin.yili.com. ( 0 1 1 1 1 )
IN NS ns1.yili.com.
IN NS ns2.yili.com.
ns1 IN A 192.168.239.107
ns2 IN A 192.168.239.108
200 IN PTR www.yili.com.
txt IN TXT "AaBbCcDdEeFf"
dig测试
# dig -t NS yili.com @192.168.239.107
; <<>> DiG 9.16.23-RH <<>> -t NS yili.com @192.168.239.107
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31688
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 63188e14befb57a0010000006800c0330548ef93da209357 (good)
;; QUESTION SECTION:
;yili.com. IN NS
;; ANSWER SECTION:
yili.com. 86400 IN NS ns1.yili.com.
yili.com. 86400 IN NS ns2.yili.com.
;; ADDITIONAL SECTION:
ns1.yili.com. 86400 IN A 192.168.239.107
ns2.yili.com. 86400 IN A 192.168.239.108
;; Query time: 0 msec
;; SERVER: 192.168.239.107#53(192.168.239.107)
;; WHEN: Thu Apr 17 16:47:47 CST 2025
;; MSG SIZErcvd: 133
从dns
安装bind软件
# dnf install -y bind 配置主配置文件
# cat /etc/named.conf
options {
listen-on port 53 { 192.168.239.108;192.168.239.100; };
directory "/var/named";
};
zone "yili.com" IN {
type slave;
masters { 192.168.239.107; };
file "slaves/named.yili";
};
zone "239.168.192.in-addr.arpa" IN {
type slave;
masters { 192.168.239.107; };
file "slaves/named.yilifan";
};
dig测试
# dig -t NS yili.com @192.168.239.108
; <<>> DiG 9.16.23-RH <<>> -t NS yili.com @192.168.239.108
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57027
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: a41f8061a58c1cc1010000006800c170045a7201efa1982f (good)
;; QUESTION SECTION:
;yili.com. IN NS
;; ANSWER SECTION:
yili.com. 86400 IN NS ns1.yili.com.
yili.com. 86400 IN NS ns2.yili.com.
;; ADDITIONAL SECTION:
ns1.yili.com. 86400 IN A 192.168.239.107
ns2.yili.com. 86400 IN A 192.168.239.108
;; Query time: 1 msec
;; SERVER: 192.168.239.108#53(192.168.239.108)
;; WHEN: Thu Apr 17 16:53:04 CST 2025
;; MSG SIZErcvd: 133
配置web服务
web1
安装nginx软件
# dnf install -y nginx 更改index.html页面内容
# echo $(hostname;hostname -I) > /usr/share/nginx/html/index.html 启动服务并测试
# systemctl start nginx
# curl localhost
web1 192.168.239.201
web2
安装nginx软件
# dnf install -y nginx 更改index.html页面内容
# echo $(hostname;hostname -I) > /usr/share/nginx/html/index.html 启动服务并测试
# systemctl start nginx
# curl localhost
web2 192.168.239.202
web3
安装nginx软件
# dnf install -y nginx 更改index.html页面内容
# echo $(hostname;hostname -I) > /usr/share/nginx/html/index.html 启动服务并测试
# systemctl start nginx
# curl localhost
web3 192.168.239.203
搭建lvs + keepalived
本次项目lvs使用DR模式
配置master
安装ipvsadm、keepalived
# dnf install -y ipvsadm keepalived 更改keepalived配置文件
# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
vrrp_instance VI_web {
state MASTER
interface ens160
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.239.200
}
}
virtual_server 192.168.239.200 80 {
delay_loop 6
lb_algo wrr
lb_kind DR
protocol TCP
real_server 192.168.239.201 80 {
weight 1
TCP_CHECK {
connect_timeout 3
retry 3
delay_before_retry 3
}
}
real_server 192.168.239.202 80 {
weight 2
TCP_CHECK {
connect_timeout 3
retry 3
delay_before_retry 3
}
}
real_server 192.168.239.203 80 {
weight 3
TCP_CHECK {
connect_timeout 3
retry 3
delay_before_retry 3
}
}
}
vrrp_instance VI_dns {
state BACKUP
interface ens160
virtual_router_id 52
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.239.100
}
}
virtual_server 192.168.239.100 53 {
delay_loop 6
lb_algo rr
lb_kind DR
protocol UDP
real_server 192.168.239.107 53 {
wight 1
MISC_CHECK {
connect_timeout 3
misc_path "/etc/keepalived/checkdns.sh -h 192.168.239.107 txt.yili.com"
}
}
real_server 192.168.239.108 53 {
wight 1
MISC_CHECK {
connect_timeout 3
misc_path "/etc/keepalived/checkdns.sh -h 192.168.239.108 txt.yili.com"
}
}
}
启动并测试
# ipvsadm-save > /etc/sysconfig/ipvsadm
# systemctl start keepalived.service ipvsadm.service
# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP192.168.239.200:80 wrr
-> 192.168.239.201:80 Route 1 0 0
-> 192.168.239.202:80 Route 2 0 0
-> 192.168.239.203:80 Route 3 0 0
UDP192.168.239.100:53 rr
-> 192.168.239.107:53 Route 1 0 0
-> 192.168.239.108:53 Route 1 0 0
配置backup
安装ipvsadm、keepalived
# dnf install -y ipvsadm keepalived 更改keepalived配置文件
# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
vrrp_instance VI_web {
state BACKUP
interface ens160
virtual_router_id 51
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.239.200
}
}
virtual_server 192.168.239.200 80 {
delay_loop 6
lb_algo wrr
lb_kind DR
protocol TCP
real_server 192.168.239.201 80 {
weight 3
TCP_CHECK {
connect_timeout 3
retry 3
delay_before_retry 3
}
}
real_server 192.168.239.202 80 {
weight 2
TCP_CHECK {
connect_timeout 3
retry 3
delay_before_retry 3
}
}
real_server 192.168.239.203 80 {
weight 1
TCP_CHECK {
connect_timeout 3
retry 3
delay_before_retry 3
}
}
}
vrrp_instance VI_dns {
state MASTER
interface ens160
virtual_router_id 52
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.239.100
}
}
virtual_server 192.168.239.200 80 {
delay_loop 6
lb_algo rr
lb_kind DR
protocol TCP
real_server 192.168.239.201 80 {
weight 1
TCP_CHECK {
connect_timeout 3
retry 3
delay_before_retry 3
}
}
real_server 192.168.239.202 80 {
weight 2
TCP_CHECK {
connect_timeout 3
retry 3
delay_before_retry 3
}
}
}
virtual_server 192.168.239.100 53 {
delay_loop 6
lb_algo rr
lb_kind DR
protocol UDP
real_server 192.168.239.107 53 {
wight 1
MISC_CHECK {
connect_timeout 3
misc_path "/etc/keepalived/checkdns.sh -h 192.168.239.107 txt.yili.com"
}
}
real_server 192.168.239.108 53 {
wight 1
MISC_CHECK {
connect_timeout 3
misc_path "/etc/keepalived/checkdns.sh -h 192.168.239.108 txt.yili.com"
}
}
}
启动并测试
# ipvsadm-save > /etc/sysconfig/ipvsadm
# systemctl start keepalived.service ipvsadm.service
# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP192.168.239.200:80 wrr
-> 192.168.239.201:80 Route 3 0 0
-> 192.168.239.202:80 Route 2 0 0
-> 192.168.239.203:80 Route 1 0 0
UDP192.168.239.100:53 rr
-> 192.168.239.107:53 Route 1 0 0
-> 192.168.239.108:53 Route 1 0 1
更改dns配置
添加VIP
# ip addr add 192.168.239.100 dev lo
# ip addr show lo
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet 192.168.239.100/32 scope global lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever 配置内核参数
# vim /etc/sysctl.conf
# sysctl -p
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
更改web配置
添加VIP
# ip addr add 192.168.239.200 dev lo
# ip addr show lo
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet 192.168.239.200/32 scope global lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
配置内核参数
# vim /etc/sysctl.conf
# sysctl -p
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.ip_forward = 0
客户端测试
修改dns地址
# nmcli connection modify ens160 ipv4.dns 192.168.239.100
# nmcli connection up ens160 测试与dns服务器的连通性
# ping 192.168.239.100
PING 192.168.239.100 (192.168.239.100) 56(84) bytes of data.
64 bytes from 192.168.239.100: icmp_seq=1 ttl=64 time=0.321 ms
64 bytes from 192.168.239.100: icmp_seq=2 ttl=64 time=0.362 ms
^C
--- 192.168.239.100 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1059ms
rtt min/avg/max/mdev = 0.321/0.341/0.362/0.020 ms
测试dns分析
# ping ns1.yili.com
PING ns1.yili.com (192.168.239.107) 56(84) bytes of data.
64 bytes from 192.168.239.107 (192.168.239.107): icmp_seq=1 ttl=64 time=0.422 ms
64 bytes from 192.168.239.107 (192.168.239.107): icmp_seq=2 ttl=64 time=0.332 ms
^C
--- ns1.yili.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1002ms
rtt min/avg/max/mdev = 0.332/0.377/0.422/0.045 ms 测试web lvs负载平衡
https://i-blog.csdnimg.cn/direct/b80bea983a2940dca7b6d87bffea5ea4.png
测试keepalived高可用
https://i-blog.csdnimg.cn/direct/9e85873f764e4d32913c3aefc75c1536.png
https://i-blog.csdnimg.cn/direct/b6fa68d18738423595d5b074c761855a.png
在lvs-master上关闭keepalived服务后发现,200的VIP漂移到了backup上
https://i-blog.csdnimg.cn/direct/530c1704480b4552b30a6144bf0931e3.png
重新启动后,200VIP重新漂移到master上
免责声明:如果侵犯了您的权益,请联系站长,我们会及时删除侵权内容,谢谢合作!更多信息从访问主页:qidao123.com:ToB企服之家,中国第一个企服评测及商务社交产业平台。
页:
[1]