LVS+Keepalived+DNS 高可用项目

项目架构

主机规划

主机IP角色软件lb-master172.25.250.105主备负载均衡器ipvsadm，keepalivedlb-backup172.25.250.106同时做web和dns调理ipvsadm，keepaliveddns-master172.25.250.107VIP：172.25.250.100binddns-slave172.25.250.108LVS DNS 节点互为主从同步bindweb01172.25.250.201nginx，bind-utilsweb02172.25.250.202LVS WEB 节点，VIP：172.25.250.200nginx，bind-utilsweb03172.25.250.203nginx，bind-utils ！！！本章笔记中博主是根据自己的主机规划来修改主机名以及 IP 地址的这一步不是必须的，各人根据自身捏造机原来的就好，记得哪台主机做的什么角色就行
注意：所有主机的防火墙和 Selinux 都关闭

1. # 关闭防火墙
2. systemctl disable --now firewalld
4. # 临时关闭selinux
5. setenforce 0
6. # 永久关闭selinux
7. sed -i "s/SELINUX=enforcing/SELINUX=permissive/g" /etc/selinux/config
9. 永久挂载仓库
10. [root@localhost ~]# vim /etc/fstab
11. [root@localhost ~]# cat /etc/fstab
12. /dev/mapper/rhel-root   /                       xfs     defaults        0 0
13. UUID=589b1fb8-b9eb-461f-ab73-55252609a21e /boot                   xfs     defaults        0 0
14. UUID=95BF-10A3          /boot/efi               vfat    umask=0077,shortname=winnt 0 2
15. /dev/mapper/rhel-swap   none                    swap    defaults        0 0
16. /dev/sr0                /mnt                    iso9660  defaults       0 0
17. [root@localhost ~]# systemctl daemon-reload
18. [root@localhost ~]# mount -a

复制代码

搭建 DNS 服务

设置主服务 DNS

修改主机名和 IP 地址

1. [root@localhost ~]# hostnamectl hostname dns-master
2. [root@localhost ~]# nmcli c modify ens160 ipv4.method manual  ipv4.addresses 172.25.250.107 /24 ipv4.gateway 172.25.250.2 ipv4.dns 223.5.5.5 connection.autoconnect yes
3. [root@localhost ~]# nmcli c up ens160

复制代码

挂载堆栈并下载服务

1. [root@dns-master ~]# mount /dev/sr0 /mnt
2. mount: /mnt: WARNING: source write-protected, mounted read-only.
3. [root@dns-master ~]# dnf -y install bind

复制代码

修改核心设置文件

1. [root@dns-master ~]# vim /etc/named.conf
2. [root@dns-master ~]# cat /etc/named.conf
3. options {
4.         listen-on port 53 { 172.25.250.107;172.25.250.100; };
5.         directory         "/var/named";
6. };
7. zone "mingyue.com" IN {
8.         type master;
9.         file "mingyue.zone";
10.         allow-transfer { 172.25.250.108; };
11. };
12. zone "250.25.172.in-addr.arpa" IN {
13.         type master;
14.         file "mingyue.fanxiang";
15.         allow-transfer { 172.25.250.108; };
16. };

复制代码

查抄设置文件是否有误（没有消息提示分析设置文件修改没题目，如有根据提示修改设置文件）

1. [root@dns-master ~]# named-checkconf

复制代码

编写正向解析区域数据文件

1. [root@dns-master ~]# vim /var/named/mingyue.zone
2. [root@dns-master ~]# cat /var/named/mingyue.zone
3. $TTL        1D
4. @        IN        SOA        ns1.mingyue.com.        root.mingyue.com. (0 1H 1D 1W 3D)
5.         IN        NS        ns1.mingyue.com.
6.         IN        NS        ns2
7. ns1        IN        A        172.25.250.107
8. ns2        IN        A        172.25.250.108
9. www        IN        A        172.25.250.200
10. txt        IN        TXT        "AaBbCcDdEeFf"       

复制代码

查抄正向解析区域数据文件是否有误

1. [root@dns-master ~]# named-checkzone mingyue.com /var/named/mingyue.zone
2. zone mingyue.com/IN: loaded serial 0
3. OK

复制代码

编写反向解析区域数据文件并查抄是否有误

1. [root@dns-master ~]# cp -a /var/named/mingyue.zone /var/named/mingyue.fanxiang
2. [root@dns-master ~]# ll /var/named/
3. total 24
4. drwxrwx---. 2 named named    6 Aug 28  2024 data
5. drwxrwx---. 2 named named    6 Aug 28  2024 dynamic
6. -rw-r--r--. 1 root  root   202 Apr 12 14:09 mingyue.fanxiang
7. -rw-r--r--. 1 root  root   202 Apr 12 14:09 mingyue.zone
8. -rw-r-----. 1 root  named 2112 Aug 28  2024 named.ca
9. -rw-r-----. 1 root  named  152 Aug 28  2024 named.empty
10. -rw-r-----. 1 root  named  152 Aug 28  2024 named.localhost
11. -rw-r-----. 1 root  named  168 Aug 28  2024 named.loopback
12. drwxrwx---. 2 named named    6 Aug 28  2024 slaves
13. [root@dns-master ~]# vim /var/named/mingyue.fanxiang
14. [root@dns-master ~]# cat /var/named/mingyue.fanxiang
15. $TTL        1D
16. @        IN        SOA        ns1.mingyue.com.        root.mingyue.com. (0 1H 1D 1W 3D)
17.         IN        NS        ns1.mingyue.com.
18.         IN        NS        ns2
19. ns1        IN        A        172.25.250.107
20. ns2        IN        A        172.25.250.108
21. 200        IN        PTR        www.mingyue.com.
22. txt        IN        TXT        "AaBbCcDdEeFf"       
23. [root@dns-master ~]# named-checkzone mingyue.com /var/named/mingyue.fanxiang
24. zone mingyue.com/IN: loaded serial 0
25. OK

复制代码

启动服务并测试

1. [root@dns-master ~]# systemctl start named
2. [root@dns-master ~]# dig -t NS mingyue.com @172.25.250.107
4. ; <<>> DiG 9.16.23-RH <<>> -t NS mingyue.com @172.25.250.107
5. ;; global options: +cmd
6. ;; Got answer:
7. ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14162
8. ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 3
10. ;; OPT PSEUDOSECTION:
11. ; EDNS: version: 0, flags:; udp: 1232
12. ; COOKIE: f082f46b7ee541bf0100000067fa0532ff3c047be69773cd (good)
13. ;; QUESTION SECTION:
14. ;mingyue.com.                        IN        NS
16. ;; ANSWER SECTION:
17. mingyue.com.                86400        IN        NS        ns1.mingyue.com.
18. mingyue.com.                86400        IN        NS        ns2.mingyue.com.
20. ;; ADDITIONAL SECTION:
21. ns1.mingyue.com.        86400        IN        A        172.25.250.107
22. ns2.mingyue.com.        86400        IN        A        172.25.250.108
24. ;; Query time: 2 msec
25. ;; SERVER: 172.25.250.107#53(172.25.250.107)
26. ;; WHEN: Sat Apr 12 14:16:18 CST 2025
27. ;; MSG SIZE  rcvd: 136
29. [root@dns-master ~]# dig -t A www.mingyue.com @172.25.250.107
31. ; <<>> DiG 9.16.23-RH <<>> -t A www.mingyue.com @172.25.250.107
32. ;; global options: +cmd
33. ;; Got answer:
34. ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10116
35. ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
37. ;; OPT PSEUDOSECTION:
38. ; EDNS: version: 0, flags:; udp: 1232
39. ; COOKIE: 8529c23b6b32e1a60100000067fa0561d02e583eade8e231 (good)
40. ;; QUESTION SECTION:
41. ;www.mingyue.com.                IN        A
43. ;; ANSWER SECTION:
44. www.mingyue.com.        86400        IN        A        172.25.250.200
46. ;; Query time: 0 msec
47. ;; SERVER: 172.25.250.107#53(172.25.250.107)
48. ;; WHEN: Sat Apr 12 14:17:05 CST 2025
49. ;; MSG SIZE  rcvd: 88
51. [root@dns-master ~]# dig -x 172.25.250.200 @172.25.250.107
53. ; <<>> DiG 9.16.23-RH <<>> -x 172.25.250.200 @172.25.250.107
54. ;; global options: +cmd
55. ;; Got answer:
56. ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57737
57. ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
59. ;; OPT PSEUDOSECTION:
60. ; EDNS: version: 0, flags:; udp: 1232
61. ; COOKIE: d8d9bf0abd0af37d0100000067fa0587155762c6e39574b9 (good)
62. ;; QUESTION SECTION:
63. ;200.250.25.172.in-addr.arpa.        IN        PTR
65. ;; ANSWER SECTION:
66. 200.250.25.172.in-addr.arpa. 86400 IN        PTR        www.mingyue.com.
68. ;; Query time: 9 msec
69. ;; SERVER: 172.25.250.107#53(172.25.250.107)
70. ;; WHEN: Sat Apr 12 14:17:43 CST 2025
71. ;; MSG SIZE  rcvd: 113

复制代码

设置从服务 DNS

修改主机名和 IP 地址

1. [root@localhost ~]# hostnamectl hostname dns-slave
2. [root@localhost ~]# nmcli c modify ens160 ipv4.method manual  ipv4.addresses 172.25.250.108/24 ipv4.gateway 172.25.250.2 ipv4.dns 223.5.5.5 connection.autoconnect yes
3. [root@localhost ~]# nmcli c up ens160

复制代码

挂载堆栈并下载软件

1. [root@dns-slave ~]# mount /dev/sr0 /mnt
2. mount: /mnt: WARNING: source write-protected, mounted read-only.
3. [root@dns-slave ~]# dnf -y install bind

复制代码

修改核心设置文件

1. [root@dns-slave ~]# vim /etc/named.conf
2. [root@dns-slave ~]# cat /etc/named.conf
3. options {
4.         listen-on port 53 { 172.25.250.108;172.25.250.100; };
5.          directory       "/var/named";
6. };
8. zone "mingyue.com" IN {
9.         type slave;
10.         file "slaves/mingyue.zone";
11.         masters { 172.25.250.107; };
12.         allow-transfer  { none; };
13. };
15. zone "250.25.172.in.addr.arpa" IN {
16.         type slave;
17.         masters { 172.25.250.107; };
18.         file "slaves/mingyue.fanxiang";
19.         allow-transfer { none; };
20. };

复制代码

查抄设置文件是否有误（没有消息提示分析设置文件修改没题目，如有根据提示修改设置文件）

1. [root@dns-slave ~]# named-checkconf

复制代码

启动服务并测试（若是没有文件查抄防火墙是否关闭）

1. [root@dns-slave ~]# ls /var/named/slaves
2. [root@dns-slave ~]# systemctl start named
3. [root@dns-slave ~]# ls /var/named/slaves/
4. mingyue.fanxiang  mingyue.zone
6. [root@dns-slave ~]# dig -t A www.mingyue.com @172.25.250.107
8. ; <<>> DiG 9.16.23-RH <<>> -t A www.mingyue.com @172.25.250.107
9. ;; global options: +cmd
10. ;; Got answer:
11. ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64898
12. ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
14. ;; OPT PSEUDOSECTION:
15. ; EDNS: version: 0, flags:; udp: 1232
16. ; COOKIE: ce420687d228d5b40100000067fa0d06077ab9fafd700f17 (good)
17. ;; QUESTION SECTION:
18. ;www.mingyue.com.                IN        A
20. ;; ANSWER SECTION:
21. www.mingyue.com.        86400        IN        A        172.25.250.200
23. ;; Query time: 4 msec
24. ;; SERVER: 172.25.250.107#53(172.25.250.107)
25. ;; WHEN: Sat Apr 12 14:49:42 CST 2025
26. ;; MSG SIZE  rcvd: 88
28. [root@dns-slave ~]# dig -t A www.mingyue.com @172.25.250.108
30. ; <<>> DiG 9.16.23-RH <<>> -t A www.mingyue.com @172.25.250.108
31. ;; global options: +cmd
32. ;; Got answer:
33. ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14843
34. ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
36. ;; OPT PSEUDOSECTION:
37. ; EDNS: version: 0, flags:; udp: 1232
38. ; COOKIE: 137473cba75fd4b90100000067fa0d18e153428993edd1ef (good)
39. ;; QUESTION SECTION:
40. ;www.mingyue.com.                IN        A
42. ;; ANSWER SECTION:
43. www.mingyue.com.        86400        IN        A        172.25.250.200
45. ;; Query time: 2 msec
46. ;; SERVER: 172.25.250.108#53(172.25.250.108)
47. ;; WHEN: Sat Apr 12 14:50:00 CST 2025
48. ;; MSG SIZE  rcvd: 88

复制代码

搭建 web 服务

web01

修改主机名和 IP 地址

1. [root@localhost ~]# hostnamectl hostname web01
2. [root@web01 ~]# ip ad
3. 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
4.     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
5.     inet 127.0.0.1/8 scope host lo
6.        valid_lft forever preferred_lft forever
7.     inet6 ::1/128 scope host
8.        valid_lft forever preferred_lft forever
9. 2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
10.     link/ether 00:0c:29:68:31:7f brd ff:ff:ff:ff:ff:ff
11.     altname enp3s0
12.     inet 172.25.250.201/24 brd 172.25.250.255 scope global dynamic noprefixroute ens160
13.        valid_lft 1753sec preferred_lft 1753sec
14.     inet6 fe80::20c:29ff:fe68:317f/64 scope link noprefixroute
15.        valid_lft forever preferred_lft forever

复制代码

挂载堆栈并下载软件

1. [root@web01 ~]# mount /dev/sr0 /mnt
2. mount: /mnt: WARNING: source write-protected, mounted read-only.
3. [root@web01 ~]# dnf -y install nginx

复制代码

设置 nginx

1. [root@web01 ~]# vim /etc/nginx/conf.d/web01.conf
2. [root@web01 ~]# cat /etc/nginx/conf.d/web01.conf
3. server {
4.         listen          80;
5.         server_name        www.mingyue.com;
6.         root                /usr/share/nginx/html;
7. }

复制代码

修改 DNS

1. [root@web01 ~]# nmcli c modify ens160 ipv4.dns 172.25.250.100
2. [root@web01 ~]# nmcli c up ens160
3. Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/3)
4. [root@web01 ~]# nmcli d show | grep DNS
5. IP4.DNS[1]:                             172.25.250.100

复制代码

编写首页

1. [root@web01 ~]# echo $(hostname) - $(hostname -I) > /usr/share/nginx/html/index.html

复制代码

启动服务并测试

1. [root@web01 ~]# systemctl start nginx
2. [root@web01 ~]# curl localhost
3. web01 - 172.25.250.201

复制代码

web02

修改主机名和 IP 地址

1. [root@localhost ~]# hostnamectl hostname web02
2. [root@web02 ~]# ip ad
3. 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
4.     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
5.     inet 127.0.0.1/8 scope host lo
6.        valid_lft forever preferred_lft forever
7.     inet6 ::1/128 scope host
8.        valid_lft forever preferred_lft forever
9. 2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
10.     link/ether 00:0c:29:7e:8e:dc brd ff:ff:ff:ff:ff:ff
11.     altname enp3s0
12.     inet 172.25.250.202/24 brd 172.25.250.255 scope global dynamic noprefixroute ens160
13.        valid_lft 987sec preferred_lft 987sec
14.     inet6 fe80::20c:29ff:fe7e:8edc/64 scope link noprefixroute
15.        valid_lft forever preferred_lft forever

复制代码

挂载堆栈并下载软件

1. [root@web02 ~]# mount /dev/sr0 /mnt
2. mount: /mnt: WARNING: source write-protected, mounted read-only.
3. [root@web02 ~]# dnf -y install nginx

复制代码

设置 nginx

1. [root@web02 ~]# vim /etc/nginx/conf.d/web02.conf
2. [root@web02 ~]# cat /etc/nginx/conf.d/web02.conf
3. server {
4.         listen                80;
5.         server_name        www.mingiyue.com;
6.         root                /usr/share/nginx/html;
7. }

复制代码

修改 DNS

1. [root@web02 ~]# nmcli c modify ens160 ipv4.dns 172.25.250.100
2. [root@web02 ~]# nmcli c up ens160
3. Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/3)
4. [root@web02 ~]# nmcli d show ens160 | grep DNS
5. IP4.DNS[1]:                             172.25.250.100

复制代码

编写首页

1. [root@web02 ~]# echo $(hostname) - $(hostname -I) > /usr/share/nginx/html/index.html

复制代码

启动服务并测试

1. [root@web02 ~]# systemctl start nginx
2. [root@web02 ~]# curl localhost
3. web02 - 172.25.250.202

复制代码

web03

修改主机名和 IP 地址

1. [root@localhost ~]# hostnamectl hostname web03
2. [root@web03 ~]# ip ad
3. 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
4.     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
5.     inet 127.0.0.1/8 scope host lo
6.        valid_lft forever preferred_lft forever
7.     inet6 ::1/128 scope host
8.        valid_lft forever preferred_lft forever
9. 2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
10.     link/ether 00:0c:29:12:a5:be brd ff:ff:ff:ff:ff:ff
11.     altname enp3s0
12.     inet 172.25.250.203/24 brd 172.25.250.255 scope global dynamic noprefixroute ens160
13.        valid_lft 1027sec preferred_lft 1027sec
14.     inet6 fe80::20c:29ff:fe12:a5be/64 scope link noprefixroute
15.        valid_lft forever preferred_lft forever

复制代码

挂载堆栈并下载软件

1. [root@web03 ~]# mount /dev/sr0 /mnt
2. mount: /mnt: WARNING: source write-protected, mounted read-only.
3. [root@web03 ~]# dnf -y install nginx

复制代码

设置 nginx

1. [root@web03 ~]# vim /etc/nginx/conf.d/web03.conf
2. [root@web03 ~]# cat /etc/nginx/conf.d/web03.conf
3. server {
4.         listen                80;
5.         server_name        www.mingyue.com;
6.         root                /usr/share/nginx/html;
7. }

复制代码

修改 DNS

1. [root@web03 ~]# nmcli c modify ens160 ipv4.dns 172.25.250.100
2. [root@web03 ~]# nmcli c up ens160
3. Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/3)
4. [root@web03 ~]# nmcli d show ens160 | grep DNS
5. IP4.DNS[1]:                             172.25.250.100

复制代码

编写首页

1. [root@web03 ~]# echo $(hostname) - $(hostname -I) > /usr/share/nginx/html/index.html

复制代码

启动服务并测试

1. [root@web03 ~]# systemctl start nginx
2. [root@web03 ~]# curl localhost
3. web03 - 172.25.250.203

复制代码

搭建 Keepalived 和 LVS 

设置master

修改主机名和 IP 地址

1. [root@localhost ~]# hostnamectl hostname lb-master
2. [root@localhost ~]# nmcli c modify ens160 ipv4.method manual  ipv4.addresses 172.25.250.105/24 ipv4.gateway 172.25.250.2 ipv4.dns 223.5.5.5 connection.autoconnect yes
3. [root@localhost ~]# nmcli c up ens160

复制代码

挂载堆栈并下载软件

1. [root@lb-master ~]# mount /dev/sr0 /mnt
2. mount: /mnt: WARNING: source write-protected, mounted read-only.
3. [root@lb-master ~]# dnf -y install keepalived ipvsadm bind-utils

复制代码

设置 Keepalived

1. [root@lb-master ~]# vim /etc/keepalived/keepalived.conf
2. [root@lb-master ~]# cat /etc/keepalived/keepalived.conf
3. global_defs {
4.    router_id LVS_master
5. }
7. vrrp_instance VI_web {
8.     state MASTER
9.     interface ens160
10.     virtual_router_id 51
11.     priority 100
12.     advert_int 1
13.     authentication {
14.         auth_type PASS
15.         auth_pass 1111
16.     }
17.     virtual_ipaddress {
18.         172.25.250.200
19.     }
20. }
22. virtual_server 172.25.250.200 80 {
23.     delay_loop 6
24.     lb_algo wrr
25.     lb_kind DR
26.     protocol TCP
28.     real_server 172.25.250.201 80 {
29.         weight 3
30.         TCP_CHECK{
31.             connect_timeout 3
32.             retry 3
33.             delay_before_retry 3
34.         }
35.     }
38.     real_server 172.25.250.202 80 {
39.         weight 2
40.         TCP_CHECK{
41.             connect_timeout 3
42.             retry 3
43.             delay_before_retry 3
44.         }
45.     }
46.     real_server 172.25.250.203 80 {
47.         weight 1
48.         TCP_CHECK{
49.             connect_timeout 3
50.             retry 3
51.             delay_before_retry 3
52.         }
53.     }
54. }
56. vrrp_instance VI_dns {
57.     state BACKUP
58.     interface ens160
59.     virtual_router_id 52
60.     priority 80
61.     advert_int 1
62.     authentication {
63.         auth_type PASS
64.         auth_pass 1111
65.     }
66.     virtual_ipaddress {
67.         172.25.250.100
68.     }
69. }
71. virtual_server 172.25.250.100 53 {
72.     delay_loop 6
73.     lb_algo rr
74.     lb_kind DR
75.     protocol UDP
77.     real_server 172.25.250.107 53 {
78.         weight 1
79.         MISC_CHECK {
80.             connect_timeout 3
81.             misc_path "/etc/keepalived/checkdns.sh -h 172.25.250.107 txt.chengke.com"
82.         }
83.     }
85.     real_server 172.25.250.108 53 {
86.         weight 1
87.         MISC_CHECK {
88.             connect_timeout 3
89.             misc_path "/etc/keepalived/checkdns.sh -h 172.25.250.108 txt.chengke.com"
90.         }
91.     }
92. }

复制代码

编写检测脚本文件并赋予权限

1. [root@lb-master ~]# vim /etc/keepalived/checkdns.sh
2. [root@lb-master ~]# cat /etc/keepalived/checkdns.sh
3. #!/bin/bash
4. [ $# -le 2 ] && { echo "usage: $0 -h <ip>"; exit 2; }
5. domain=$3
6. while getopts "h:" OPT; do
7.         case $OPT in
8.                 h)
9.                         host=$OPTARG
10.                         ;;
11.                 *)
12.                         echo "usage: $0 -h <ip>" && exit 1
13.                         ;;
14.         esac
15. done
16. dig @${host} txt ${domain} +time=1 | grep "\<AaBbCcDdEeFf\>" > /dev/null
17. exit $?
18. [root@lb-master ~]# chmod a+x /etc/keepalived/checkdns.sh
19. [root@lb-master ~]# ll /etc/keepalived/checkdns.sh
20. -rwxr-xr-x. 1 root root 411 Apr 12 15:41 /etc/keepalived/checkdns.sh

复制代码

启动服务

1. [root@lb-master ~]# ipvsadm-save > /etc/sysconfig/ipvsadm
2. [root@lb-master ~]# systemctl start keepalived.service ipvsadm.service
4. [root@lb-master ~]# ip a show ens160
5. 2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
6.     link/ether 00:0c:29:22:88:c0 brd ff:ff:ff:ff:ff:ff
7.     altname enp3s0
8.     inet 172.25.250.105/24 brd 172.25.250.255 scope global noprefixroute ens160
9.        valid_lft forever preferred_lft forever
10.     inet 172.25.250.200/32 scope global ens160
11.        valid_lft forever preferred_lft forever
12.     inet6 fe80::20c:29ff:fe22:88c0/64 scope link noprefixroute
13.        valid_lft forever preferred_lft forever

复制代码

查看 LVS 规则

 

1. [root@lb-master ~]# ipvsadm -Ln
2. IP Virtual Server version 1.2.1 (size=4096)
3. Prot LocalAddress:Port Scheduler Flags
4.   -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
5. TCP  172.25.250.200:80 wrr
6.   -> 172.25.250.201:80            Route   3      0          0         
7.   -> 172.25.250.202:80            Route   2      0          0         
8.   -> 172.25.250.203:80            Route   1      0          0         
9. UDP  172.25.250.100:53 rr
10.   -> 172.25.250.107:53            Route   1      0          0         
11.   -> 172.25.250.108:53            Route   1      0          0      

复制代码

设置backup

修改主机名和 IP 地址

1. [root@localhost ~]# hostnamectl hostname lb-backup
2. [root@localhost ~]# nmcli c modify ens160 ipv4.method manual  ipv4.addresses 172.25.250.106/24 ipv4.gateway 172.25.250.2 ipv4.dns 223.5.5.5 connection.autoconnect yes
3. [root@localhost ~]# nmcli c up ens160

复制代码

挂载堆栈并下载软件

1. [root@lb-backup ~]# mount /dev/sr0 /mnt
2. mount: /mnt: WARNING: source write-protected, mounted read-only.
3. [root@lb-backup ~]# dnf -y install keepalived ipvsadm bind-utils

复制代码

复制 keepalived 的设置文件到 backup 主机中并修改

1. [root@lb-master ~]# scp /etc/keepalived/keepalived.conf 172.25.250.106:/etc/keepalived
2. The authenticity of host '172.25.250.106 (172.25.250.106)' can't be established.
3. ED25519 key fingerprint is SHA256:zQRVAzxowh+vQParI9tLut0o4tqknS8RIH86Oa4QB/A.
4. This key is not known by any other names
5. Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
6. Warning: Permanently added '172.25.250.106' (ED25519) to the list of known hosts.
7. root@172.25.250.106's password:
8. keepalived.conf                                                                       100% 1652   287.3KB/s   00:00
11. [root@lb-backup ~]# vim /etc/keepalived/keepalived.conf
12. [root@lb-backup ~]# cat /etc/keepalived/keepalived.conf
13. global_defs {
14.    router_id LVS_backup
15. }
17. vrrp_instance VI_web {
18.     state BACKUP
19.     interface ens160
20.     virtual_router_id 51
21.     priority 80
22.     advert_int 1
23.     authentication {
24.         auth_type PASS
25.         auth_pass 1111
26.     }
27.     virtual_ipaddress {
28.         172.25.250.200
29.     }
30. }
32. virtual_server 172.25.250.200 80 {
33.     delay_loop 6
34.     lb_algo wrr
35.     lb_kind DR
36.     protocol TCP
38.     real_server 172.25.250.201 80 {
39.         weight 3
40.         TCP_CHECK{
41.             connect_timeout 3
42.             retry 3
43.             delay_before_retry 3
44.         }
45.     }
48.     real_server 172.25.250.202 80 {
49.         weight 2
50.         TCP_CHECK{
51.             connect_timeout 3
52.             retry 3
53.             delay_before_retry 3
54.         }
55.     }
56.     real_server 172.25.250.203 80 {
57.         weight 1
58.         TCP_CHECK{
59.             connect_timeout 3
60.             retry 3
61.             delay_before_retry 3
62.         }
63.     }
64. }
66. vrrp_instance VI_dns {
67.     state MASTER
68.     interface ens160
69.     virtual_router_id 52
70.     priority 100
71.     advert_int 1
72.     authentication {
73.         auth_type PASS
74.         auth_pass 1111
75.     }
76.     virtual_ipaddress {
77.         172.25.250.100
78.     }
79. }
81. virtual_server 172.25.250.100 53 {
82.     delay_loop 6
83.     lb_algo rr
84.     lb_kind DR
85.     protocol UDP
87.     real_server 172.25.250.107 53 {
88.         weight 1
89.         MISC_CHECK {
90.             connect_timeout 3
91.             misc_path "/etc/keepalived/checkdns.sh -h 172.25.250.107 txt.chengke.com"
92.         }
93.     }
95.     real_server 172.25.250.108 53 {
96.         weight 1
97.         MISC_CHECK {
98.             connect_timeout 3
99.             misc_path "/etc/keepalived/checkdns.sh -h 172.25.250.108 txt.chengke.com"
100.         }
101.     }
102. }

复制代码

复制检测脚本文件到 backup 主机中

1. [root@lb-master ~]# scp /etc/keepalived/checkdns.sh  172.25.250.106:/etc/keepalived
2. root@172.25.250.106's password:
3. checkdns.sh                                                                           100%  411    71.5KB/s   00:00   
5. [root@lb-backup ~]# cd /etc/keepalived/
6. [root@lb-backup keepalived]# ll
7. total 8
8. -rwxr-xr-x. 1 root root  411 Apr 12 15:46 checkdns.sh
9. -rw-r--r--. 1 root root 1652 Apr 12 15:48 keepalived.conf

复制代码

启动服务

1. [root@lb-backup ~]# ipvsadm-save > /etc/sysconfig/ipvsadm
2. [root@lb-backup ~]# systemctl start keepalived.service ipvsadm.service
4. [root@lb-backup ~]# ip a show ens160
5. 2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
6.     link/ether 00:0c:29:66:17:9c brd ff:ff:ff:ff:ff:ff
7.     altname enp3s0
8.     inet 172.25.250.106/24 brd 172.25.250.255 scope global noprefixroute ens160
9.        valid_lft forever preferred_lft forever
10.     inet 172.25.250.100/32 scope global ens160
11.        valid_lft forever preferred_lft forever
12.     inet6 fe80::20c:29ff:fe66:179c/64 scope link noprefixroute
13.        valid_lft forever preferred_lft forever

复制代码

查看 LVS 规则

1. [root@lb-backup ~]# ipvsadm -Ln
2. IP Virtual Server version 1.2.1 (size=4096)
3. Prot LocalAddress:Port Scheduler Flags
4.   -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
5. TCP  172.25.250.200:80 wrr
6.   -> 172.25.250.201:80            Route   3      0          0         
7.   -> 172.25.250.202:80            Route   2      0          0         
8.   -> 172.25.250.203:80            Route   1      0          0         
9. UDP  172.25.250.100:53 rr
10.   -> 172.25.250.107:53            Route   1      0          0         
11.   -> 172.25.250.108:53            Route   1      0          0      

复制代码

DNS 服务器增长 VIP 和设置内核参数

主服务器

增长 VIP

1. [root@dns-master ~]# ifconfig lo:0 172.25.250.100 netmask 255.255.255.255 up
2. [root@dns-master ~]# route add -host 172.25.250.100 dev lo:0
3. [root@dns-master ~]# ip a
4. 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
5.     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
6.     inet 127.0.0.1/8 scope host lo
7.        valid_lft forever preferred_lft forever
8.     inet 172.25.250.100/32 scope global lo:0
9.        valid_lft forever preferred_lft forever
10.     inet6 ::1/128 scope host
11.        valid_lft forever preferred_lft forever

复制代码

设置内核参数

1. [root@dns-master ~]# vim /etc/sysctl.conf
2. [root@dns-master ~]# cat /etc/sysctl.conf
3. net.ipv4.conf.lo.arp_ignore = 1
4. net.ipv4.conf.lo.arp_announce = 2
5. net.ipv4.conf.all.arp_ignore = 1
6. net.ipv4.conf.all.arp_announce = 2
8. [root@dns-master ~]# sysctl -p
9. net.ipv4.conf.lo.arp_ignore = 1
10. net.ipv4.conf.lo.arp_announce = 2
11. net.ipv4.conf.all.arp_ignore = 1
12. net.ipv4.conf.all.arp_announce = 2

复制代码

从服务器

增长 VIP

1. [root@dns-slave ~]#  ifconfig lo:0 172.25.250.100 netmask 255.255.255.255 up
2. [root@dns-slave ~]# route add -host 172.25.250.100 dev lo:0
3. [root@dns-slave ~]# ip a
4. 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
5.     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
6.     inet 127.0.0.1/8 scope host lo
7.        valid_lft forever preferred_lft forever
8.     inet 172.25.250.100/32 scope global lo:0
9.        valid_lft forever preferred_lft forever
10.     inet6 ::1/128 scope host
11.        valid_lft forever preferred_lft forever

复制代码

设置内核参数

1. [root@dns-slave ~]# vim /etc/sysctl.conf   
2. [root@dns-slave ~]# cat /etc/sysctl.conf
3. net.ipv4.conf.lo.arp_ignore = 1
4. net.ipv4.conf.lo.arp_announce = 2
5. net.ipv4.conf.all.arp_ignore = 1
6. net.ipv4.conf.all.arp_announce = 2
8. [root@dns-slave ~]# sysctl -p
9. net.ipv4.conf.lo.arp_ignore = 1
10. net.ipv4.conf.lo.arp_announce = 2
11. net.ipv4.conf.all.arp_ignore = 1
12. net.ipv4.conf.all.arp_announce = 2

复制代码

修改 web 服务器

web01

增长 VIP

1. [root@web01 ~]# ifconfig lo:0 172.25.250.200 netmask 255.255.255.255 up
2. [root@web01 ~]# route add -host 172.25.250.200 dev lo:0
3. [root@web01 ~]# ip a
4. 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
5.     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
6.     inet 127.0.0.1/8 scope host lo
7.        valid_lft forever preferred_lft forever
8.     inet 172.25.250.200/32 scope global lo:0
9.        valid_lft forever preferred_lft forever
10.     inet6 ::1/128 scope host
11.        valid_lft forever preferred_lft forever
12. 2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
13.     link/ether 00:0c:29:68:31:7f brd ff:ff:ff:ff:ff:ff
14.     altname enp3s0
15.     inet 172.25.250.201/24 brd 172.25.250.255 scope global dynamic noprefixroute ens160
16.        valid_lft 1420sec preferred_lft 1420sec
17.     inet6 fe80::20c:29ff:fe68:317f/64 scope link noprefixroute
18.        valid_lft forever preferred_lft forever

复制代码

设置内核参数

1. [root@web01 ~]# vim /etc/sysctl.conf
2. [root@web01 ~]# sysctl -p
3. net.ipv4.conf.all.arp_ignore = 1
4. net.ipv4.conf.lo.arp_ignore = 1
5. net.ipv4.conf.all.arp_announce = 2
6. net.ipv4.conf.lo.arp_announce = 2
7. net.ipv4.ip_forward = 0

复制代码

web02

增长 VIP

1. [root@web02 ~]# ifconfig lo:0 172.25.250.200 netmask 255.255.255.255 up
2. [root@web02 ~]# route add -host 172.25.250.200 dev lo:0
3. [root@web02 ~]# ip a
4. 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
5.     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
6.     inet 127.0.0.1/8 scope host lo
7.        valid_lft forever preferred_lft forever
8.     inet 172.25.250.200/32 scope global lo:0
9.        valid_lft forever preferred_lft forever
10.     inet6 ::1/128 scope host
11.        valid_lft forever preferred_lft forever
12. 2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
13.     link/ether 00:0c:29:7e:8e:dc brd ff:ff:ff:ff:ff:ff
14.     altname enp3s0
15.     inet 172.25.250.202/24 brd 172.25.250.255 scope global dynamic noprefixroute ens160
16.        valid_lft 1477sec preferred_lft 1477sec
17.     inet6 fe80::20c:29ff:fe7e:8edc/64 scope link noprefixroute
18.        valid_lft forever preferred_lft forever

复制代码

设置内核参数

1. [root@web02 ~]# vim /etc/sysctl.conf
2. [root@web02 ~]# sysctl -p
3. net.ipv4.conf.all.arp_ignore = 1
4. net.ipv4.conf.lo.arp_ignore = 1
5. net.ipv4.conf.all.arp_announce = 2
6. net.ipv4.conf.lo.arp_announce = 2
7. net.ipv4.ip_forward = 0

复制代码

web03

增长 VIP

1. [root@web03 ~]# ip a
2. 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
3.     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
4.     inet 127.0.0.1/8 scope host lo
5.        valid_lft forever preferred_lft forever
6.     inet 172.25.250.200/32 scope global lo:0
7.        valid_lft forever preferred_lft forever
8.     inet6 ::1/128 scope host
9.        valid_lft forever preferred_lft forever
10. 2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
11.     link/ether 00:0c:29:12:a5:be brd ff:ff:ff:ff:ff:ff
12.     altname enp3s0
13.     inet 172.25.250.203/24 brd 172.25.250.255 scope global dynamic noprefixroute ens160
14.        valid_lft 1612sec preferred_lft 1612sec
15.     inet6 fe80::20c:29ff:fe12:a5be/64 scope link noprefixroute
16.        valid_lft forever preferred_lft forever

复制代码

设置内核参数

1. [root@web03 ~]# vim /etc/sysctl.conf
2. [root@web03 ~]# sysctl -p
3. net.ipv4.conf.all.arp_ignore = 1
4. net.ipv4.conf.lo.arp_ignore = 1
5. net.ipv4.conf.all.arp_announce = 2
6. net.ipv4.conf.lo.arp_announce = 2
7. net.ipv4.ip_forward = 0

复制代码

测试

1. [root@client ~]# curl 172.25.250.200
2. web03 - 172.25.250.203
3. [root@client ~]# curl 172.25.250.200
4. web02 - 172.25.250.202
5. [root@client ~]# curl 172.25.250.200
6. web01 - 172.25.250.201
7. [root@client ~]# curl 172.25.250.200
8. web01 - 172.25.250.201
9. [root@client ~]# curl 172.25.250.200
10. web02 - 172.25.250.202
11. [root@client ~]# curl 172.25.250.200
12. web01 - 172.25.250.201
13. [root@client ~]# curl 172.25.250.200
14. web03 - 172.25.250.203
15. [root@client ~]# curl 172.25.250.200
16. web02 - 172.25.250.202

复制代码

服务搭建完成！！！


免责声明：如果侵犯了您的权益，请联系站长，我们会及时删除侵权内容，谢谢合作！更多信息从访问主页：qidao123.com:ToB企服之家，中国第一个企服评测及商务社交产业平台。