DHCP集群-(双机热备、DHCP主从服务器)
目次DHCP双机热备是什么?
什么是高可用性?
一、配置服务器ip
1.查看服务器ip
2.配置服务器ip
二、修改主机名(利用远程终端链接)
三、检查防火墙、selinux状态
四、检测能都ping外网
五、创建缓存
六、修改本地解析文件
七、时间同步
八、DHCP文件配置
九、假造机获取DHCP命令
DHCP双机热备是什么?
DHCP服务器双机热备是一种高可用性的解决方案,旨在确保DHCP服务的连续性和稳固性。
双机热备特指基于高可用体系中的两台服务器的热备,这种配置可以或许在一台服务器出现故障时,主动切换到另一台服务器,从而保证服务的可用性。DHCP服务器双机热备的出现主要是为了解决以下问题:
[*] 服务停止问题:
在网络环境中,DHCP服务器负责动态分配IP地点给网络中的设备。如果DHCP服务器发生故障,那么新的设备可能无法获取IP地点,从而导致网络服务停止。双机热备通过部署两台服务器,当主服务器出现故障时,备服务器可以迅速接受服务,确保DHCP服务的连续性。
[*] 数据安全性问题:
双机热备不仅提供了服务的冗余,还在肯定程度上保护了数据的安全性。在一台服务器出现故障时,另一台服务器上的数据仍然是安全的,这有助于减少数据丢失的风险。
[*] 提高体系可靠性:
通过双机热备配置,可以大大提高体系的可靠性。即使在极度情况下,如硬件故障、自然灾难等,也能确保DHCP服务的正常运行。
DHCP服务器双机热备通常分为两种切换方式:
主-备方式(Active-Standby方式)和双主机方式(Active-Active方式)。
[*] 在主-备方式中,一台服务器处于激活状态(Active),另一台服务器处于备用状态(Standby);
[*] 而在双主机方式中,两台服务器都处于激活状态,但它们可能各自尊责不同的服务或数据。
总的来说,DHCP服务器双机热备是一种为了提高DHCP服务的可用性、可靠性和数据安全性而计划的解决方案。
什么是高可用性?
高可用(High Availability,简称HA)是指体系、应用或服务具有高度的可靠性和持续的可操作性,以减少由体系失效带来的影响。高可用性的主要目标是确保体系或服务在面临各种故障时,仍然可以或许保持其功能和性能,从而减少或制止服务停止。
高可用性的实现通常涉及以下几个方面:
[*] 冗余计划:
通过部署多个组件、体系或服务实例来确保即使其中一个或多个实例失败,其他实例仍然可以接受并继承提供服务。
比方,在服务器集群中,可能会有多个服务器运行相同的服务,以便在其中一个服务器故障时,其他服务器可以继承提供服务。
[*] 负载均衡:
通过负载均衡技术分散请求到多个服务器或组件上,以平衡负载并制止单点故障。
这有助于确保单个组件的故障不会使整个体系瘫痪。
[*] 故障检测和规复:
高可用体系必要可以或许快速检测到故障,并主动触发规复过程。
这可能包括重新启动服务、切换到备用体系或将数据从故障组件迁徙到健康组件。
[*] 数据备份和规复:
为了确保数据的完整性和可规复性,高可用体系通常包括数据备份和规复策略。
这可以包括定期备份数据、利用RAID技术保护磁盘数据、实施数据复制策略等。
[*] 灾难规复计划:
除了应对一样平常故障外,高可用体系还必要思量如何应对自然灾难、人为错误或其他灾难性事件。
灾难规复计划通常包括在地理上分散的数据中央和备份设施,以确保在主要设施受到影响时,服务可以从备份设施中规复。
[*] 持续监控和维护:
高可用体系必要持续的监控和维护,以确保所有组件都处于最佳状态。
这包括定期检查硬件和软件状态、更新和修补体系、监控性能指标等。
在云盘算、大数据和分布式体系等领域,高可用性尤为重要,因为这些体系中的任何停止都可能导致重大的业务影响。因此,计划和实施高可用策略是确保这些体系稳固运行的关键。
/*
注(两个集群):
DHCP-master主控制集群(10.18.33.10)
DHCP-backup备用集群(10.18.33.20)
*/
一、配置服务器ip
1.查看服务器ip
# all now
# ip a 2.配置服务器ip
# DHCP-maseter
# cat /etc/sysconfig/network-scripts/ifcfg-ens33
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens33
UUID=6dfe0ee1-6242-4fe3-b1b4-ad843af8d49c
DEVICE=ens33
ONBOOT=yes
IPADDR=10.18.33.10
NETMASK=255.255.255.0
GATEWAY=10.18.33.254
DNS=8.8.8.8
# DHCP-backup
# cat /etc/sysconfig/network-scripts/ifcfg-ens33
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens33
UUID=6dfe0ee1-6242-4fe3-b1b4-ad843af8d49c
DEVICE=ens33
ONBOOT=yes
IPADDR=10.18.33.20
NETMASK=255.255.255.0
GATEWAY=10.18.33.254
DNS=8.8.8.8 二、修改主机名(利用远程终端链接)
# DHCP-maseter
# hostnamectl set-hostname DHCP-maseter
# hostname
# bash
# DHCP-backup
# hostnamectl set-hostname DHCP-backup
# hostname
# bash 三、检查防火墙、selinux状态
# all now(防火墙)
# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: active (running) since 日 2024-04-07 22:24:58 CST; 7h left
Docs: man:firewalld(1)
Main PID: 812 (firewalld)
CGroup: /system.slice/firewalld.service
└─812 /usr/bin/python2 -Es /usr/sbin/firewalld --nofork --nopid
4月 07 22:24:58 localhost.localdomain systemd: Starting firewalld - dynamic firewall dae.....
4月 07 22:24:58 localhost.localdomain systemd: Started firewalld - dynamic firewall daemon.
4月 07 22:24:58 localhost.localdomain firewalld: WARNING: AllowZoneDrifting is enabled...w.
Hint: Some lines were ellipsized, use -l to show in full.
# systemctl stop firewalld
# systemctl disable firewalld
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
# all now(SELinux)
# setenforce 0
# cat -n /etc/selinux/config
1
2 # This file controls the state of SELinux on the system.
3 # SELINUX= can take one of these three values:
4 # enforcing - SELinux security policy is enforced.
5 # permissive - SELinux prints warnings instead of enforcing.
6 # disabled - No SELinux policy is loaded.
7 SELINUX=enforcing
8 # SELINUXTYPE= can take one of three values:
9 # targeted - Targeted processes are protected,
10 # minimum - Modification of targeted policy. Only selected processes are protected.
11 # mls - Multi Level Security protection.
12 SELINUXTYPE=targeted
13
14
# sed -i "7s/enforcing/disabled/g" /etc/selinux/config
# cat -n /etc/selinux/config
1
2 # This file controls the state of SELinux on the system.
3 # SELINUX= can take one of these three values:
4 # enforcing - SELinux security policy is enforced.
5 # permissive - SELinux prints warnings instead of enforcing.
6 # disabled - No SELinux policy is loaded.
7 SELINUX=disabled
8 # SELINUXTYPE= can take one of three values:
9 # targeted - Targeted processes are protected,
10 # minimum - Modification of targeted policy. Only selected processes are protected.
11 # mls - Multi Level Security protection.
12 SELINUXTYPE=targeted
13
14 四、检测能都ping外网
# all now
# ping -c 2 10.18.33.1
PING 10.18.33.1 (10.18.33.1) 56(84) bytes of data.
64 bytes from 10.18.33.1: icmp_seq=1 ttl=64 time=0.359 ms
64 bytes from 10.18.33.1: icmp_seq=2 ttl=64 time=0.323 ms
--- 10.18.33.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1000ms
rtt min/avg/max/mdev = 0.323/0.341/0.359/0.018 ms
# ping -c 2 10.18.33.254
PING 10.18.33.254 (10.18.33.254) 56(84) bytes of data.
64 bytes from 10.18.33.254: icmp_seq=1 ttl=128 time=0.353 ms
64 bytes from 10.18.33.254: icmp_seq=2 ttl=128 time=0.208 ms
--- 10.18.33.254 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1000ms
# ping -c 2 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=128 time=267 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=128 time=986 ms
--- 8.8.8.8 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1000ms
rtt min/avg/max/mdev = 267.991/627.284/986.578/359.294 ms
# ping -c 2 baidu.com
PING baidu.com (110.242.68.66) 56(84) bytes of data.
64 bytes from 110.242.68.66 (110.242.68.66): icmp_seq=1 ttl=128 time=182 ms
64 bytes from 110.242.68.66 (110.242.68.66): icmp_seq=2 ttl=128 time=301 ms
--- baidu.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 2191ms
rtt min/avg/max/mdev = 182.404/242.190/301.977/59.788 ms 五、创建缓存
# all now
# yum update
# yum clean all && yum makecache && yum repolist
源标识 源名称 状态
base/7/x86_64 CentOS-7 - Base 10,072
extras/7/x86_64 CentOS-7 - Extras 526
updates/7/x86_64 CentOS-7 - Updates 5,802
repolist: 16,400 六、修改本地解析文件
# all now
# cp /etc/hosts /etc/host.bak
# echo "10.18.33.10 dhcp-maseter" >> /etc/hosts
# echo "10.18.33.20 dhcp-backup" >> /etc/hosts
# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.18.33.10 dhcp-maseter
10.18.33.20 dhcp-backup
# 传送给dhcp-backup
# scp /etc/hosts root@10.18.33.20:/etc/ 七、时间同步
# all now
# yum info ftp*
# yum install -y ftp
# yum install -y vim
# cp /etc/chrony.conf /etc/chrony.bak
# dhcp-maseter
# cat /etc/chrony.conf
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
server ntp.aliyun.com iburst
# Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift
# Allow the system clock to be stepped in the first three updates
# if its offset is larger than 1 second.
makestep 1.0 3
# Enable kernel synchronization of the real-time clock (RTC).
rtcsync
# Enable hardware timestamping on all interfaces that support it.
#hwtimestamp *
# Increase the minimum number of selectable sources required to adjust
# the system clock.
#minsources 2
# Allow NTP client access from local network.
allow 10.18.33.0/24
# Serve time even if not synchronized to a time source.
#local stratum 10
# Specify file containing keys for NTP authentication.
#keyfile /etc/chrony.keys
# Specify directory for log files.
logdir /var/log/chrony
# Select which information is logged.
#log measurements statistics tracking
# dhcp-backup
# cp /etc/chrony.conf /etc/chrony.bak
# cat /etc/chrony.conf
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
server dhcp-maseter iburst
# Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift
# Allow the system clock to be stepped in the first three updates
# if its offset is larger than 1 second.
makestep 1.0 3
# Enable kernel synchronization of the real-time clock (RTC).
rtcsync
# Enable hardware timestamping on all interfaces that support it.
#hwtimestamp *
# Increase the minimum number of selectable sources required to adjust
# the system clock.
#minsources 2
# Allow NTP client access from local network.
#allow 10.18.33.0/24
# Serve time even if not synchronized to a time source.
#local stratum 10
# Specify file containing keys for NTP authentication.
#keyfile /etc/chrony.keys
# Specify directory for log files.
logdir /var/log/chrony
# Select which information is logged.
#log measurements statistics tracking
# all now
# systemctl restart chronyd
# systemctl enable chronyd
# dhcp-backup检测结果
# chronyc sources
210 Number of sources = 1
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* dhcp-maseter 3 6 17 7 +16us[ +131us] +/- 24ms 八、DHCP文件配置
# all now
# yum install -y dhcp
# all now
# rpm -qa | grep dhcp
dhcp-common-4.2.5-83.el7.centos.1.x86_64
dhcp-4.2.5-83.el7.centos.1.x86_64
dhcp-libs-4.2.5-83.el7.centos.1.x86_64
# all now
# cp /etc/dhcp/dhcpd.conf /etc/dhcp/dhcpd.bak
# dhcp-maseter
# cat /etc/dhcp/dhcpd.conf
# DHCP Server Configuration file.
# see /usr/share/doc/dhcp*/dhcpd.conf.example
# see dhcpd.conf(5) man page
#dhcpd.conf
#
# Sample configuration file for ISC dhcpd
#
# dhcp不会自动更新dns服务器
ddns-update-style none;
# 默认租约时间。客户机通过DHCP获取IP后,这个IP使用时间是多久。单位秒
default-lease-time 7200;
# 最大租约时间。秒
max-lease-time 14400;
failover peer "dhcp" {
# 是主服务器还是辅助服务器
primary;
#本地监听failover的IP
address 10.18.33.10;
#本地监听failover的端口
port 520;
#secondary服务器的IP
peer address 10.18.33.20;
#secondary服务的监听端口
peer port 519;
#同步信息最大时间延迟
max-response-delay 10;
#在未收到 PARTNER 回复时,BNDUPD 消息的最多重发次数
max-unacked-updates 10;
#Maximum Client Lead Time. 在灾备方案中,该时间延迟保证 PARTNER 上的 IP 租约已经过期。
#该参数只能定义在主服务器中。
mclt 7200;
#主辅服务器的地址分割,通常是各一半
split 128;
#关于负载均衡的参数
load balance max seconds 3;
}
#DHCP作用域
subnet 10.18.33.0 netmask 255.255.255.0 {
#设置路由器的IP(网关)
option routers 10.18.33.254;
#DNS
option domain-name-servers 8.8.8.8,114.114.114.114;
pool {
failover peer "dhcp";
# 地址池范围
range 10.18.33.30 10.18.33.240;
#failover不支持bootp客户端,必须拒绝
deny dynamic bootp clients;
}
# #指定MAC地址和IP地址的绑定
# host clevercode{
# hardware ethernet 00:0C:29:DB:6F;
# # 保留地址必须是range范围内的
# fixed-address 10.18.33.241;
# }
}
# dhcp-lookup
# cat /etc/dhcp/dhcpd.conf
# DHCP Server Configuration file.
# see /usr/share/doc/dhcp*/dhcpd.conf.example
# see dhcpd.conf(5) man page
# dhcpd.conf
#
# Sample configuration file for ISC dhcpd
#
# dhcp会不会自动更新dns服务器
ddns-update-style none;
# 默认租约时间。客户机通过DHCP获取IP后,这个IP使用时间是多久。单位秒
default-lease-time 7200;
# 最大租约时间。分钟
max-lease-time 14400;
failover peer "dhcp" {
# 是主服务器还是辅助服务器
secondary;
#本地监听failover的IP
address 10.18.33.20;
#本地监听failover的端口
port 519;
#primary服务器的IP
peer address 10.18.33.10;
#primary服务的监听端口
peer port 520;
#同步信息最大时间延迟
max-response-delay 10;
#在未收到 PARTNER 回复时,BNDUPD 消息的最多重发次数
max-unacked-updates 10;
#关于负载均衡的参数
load balance max seconds 3;
}
#DHCP作用域
subnet 10.18.33.0 netmask 255.255.255.0 {
#设置路由器的IP(网关)
option routers 10.18.33.254;
#DNS
option domain-name-servers 8.8.8.8,114.114.114.114;
pool {
failover peer "dhcp";
# 地址池范围
range 10.18.33.30 10.18.33.240;
#failover不支持bootp客户端,必须拒绝
deny dynamic bootp clients;
}
# #指定MAC地址和IP地址的绑定
# host clevercode{
# hardware ethernet 00:0C:29:DB:6F;
# # 保留地址必须是range范围内的
# fixed-address 172.16.159.101;
# }
}
# all now
# systemctl restart dhcpd
# systemctl enable dhcpd
# systemctl status dhcpd
九、假造机获取DHCP命令
# 创建一台新的虚拟机
# cat /etc/sysconfig/network-scripts/ifcfg-ens33
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=dhcp
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens33
UUID=6dfe0ee1-6242-4fe3-b1b4-ad843af8d49c
DEVICE=ens33
ONBOOT=yes
# systemctl restart network
# dhclient
免责声明:如果侵犯了您的权益,请联系站长,我们会及时删除侵权内容,谢谢合作!更多信息从访问主页:qidao123.com:ToB企服之家,中国第一个企服评测及商务社交产业平台。
页:
[1]