【运维学习】lvs + keepalived + 主从dns 项目搭建

需求

主机规划

环境搭建

配置主从dns

主dns

从dns

配置web服务

搭建lvs + keepalived

配置master

配置backup

更改dns配置

添加VIP

配置内核参数

更改web配置

添加VIP

配置内核参数

客户端测试

需求

主机规划

主机名	IP	角色
lvs-master	192.168.239.105	主lvs，同时做web和dns调度
lvs-backup	192.168.239.106	副lvs，同时做web和dns调度
dns-master	192.168.239.107	VIP：192.168.239.100 主从dns服务器
dns-slave	192.168.239.108	VIP：192.168.239.100 主从dns服务器
web1	192.168.239.201	VIP：192.168.239.200
web2	192.168.239.202
web3	192.168.239.203
client	192.168.239.10	客户端

环境搭建

为所有主机配置IP、主机名、关闭防火墙与selinux。此处省略配置命令

配置主从dns

主dns

安装bind软件

[root@dns-master ~]# dnf install -y bind

配置主配置文件

[root@dns-master ~]# cat /etc/named.conf 
options {listen-on port 53 { 192.168.239.100;192.168.239.107; };directory 	"/var/named";
};
zone "yili.com" IN {type master;file "named.yili";allow-transfer { 192.168.239.108; };
};
zone "239.168.192.in-addr.arpa" IN {type master;file "named.yilifan";allow-transfer { 192.168.239.108; };
};

配置区域文件

正向解析

[root@dns-master ~]# cat /var/named/named.yili
$TTL 1D
@	IN	SOA	@	admin.yili.com. ( 0 1 1 1 1 )IN	NS	ns1.yili.com.IN	NS	ns2.yili.com.
ns1	IN	A	192.168.239.107
ns2	IN	A	192.168.239.108
www	IN	A	192.168.239.200
txt	IN	TXT	"AaBbCcDdEeFf"

反向解析

[root@dns-master ~]# cat /var/named/named.yilifan 
$TTL 1D
@	IN	SOA	@	admin.yili.com. ( 0 1 1 1 1 )IN	NS	ns1.yili.com.IN	NS	ns2.yili.com.
ns1	IN	A	192.168.239.107
ns2	IN	A	192.168.239.108
200	IN	PTR	www.yili.com.
txt	IN	TXT	"AaBbCcDdEeFf"

dig测试

[root@dns-master ~]# dig -t NS yili.com @192.168.239.107; <<>> DiG 9.16.23-RH <<>> -t NS yili.com @192.168.239.107
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31688
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 3;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 63188e14befb57a0010000006800c0330548ef93da209357 (good)
;; QUESTION SECTION:
;yili.com.			IN	NS;; ANSWER SECTION:
yili.com.		86400	IN	NS	ns1.yili.com.
yili.com.		86400	IN	NS	ns2.yili.com.;; ADDITIONAL SECTION:
ns1.yili.com.		86400	IN	A	192.168.239.107
ns2.yili.com.		86400	IN	A	192.168.239.108;; Query time: 0 msec
;; SERVER: 192.168.239.107#53(192.168.239.107)
;; WHEN: Thu Apr 17 16:47:47 CST 2025
;; MSG SIZE  rcvd: 133

从dns

安装bind软件

[root@dns-slave ~]# dnf install -y bind

配置主配置文件

[root@dns-slave ~]# cat /etc/named.conf 
options {listen-on port 53 { 192.168.239.108;192.168.239.100; };directory 	"/var/named";
};
zone "yili.com" IN {type slave;masters { 192.168.239.107; };file "slaves/named.yili";
};
zone "239.168.192.in-addr.arpa" IN {type slave;masters { 192.168.239.107; };file "slaves/named.yilifan";
};

dig测试

[root@dns-slave ~]# dig -t NS yili.com @192.168.239.108; <<>> DiG 9.16.23-RH <<>> -t NS yili.com @192.168.239.108
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57027
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 3;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: a41f8061a58c1cc1010000006800c170045a7201efa1982f (good)
;; QUESTION SECTION:
;yili.com.			IN	NS;; ANSWER SECTION:
yili.com.		86400	IN	NS	ns1.yili.com.
yili.com.		86400	IN	NS	ns2.yili.com.;; ADDITIONAL SECTION:
ns1.yili.com.		86400	IN	A	192.168.239.107
ns2.yili.com.		86400	IN	A	192.168.239.108;; Query time: 1 msec
;; SERVER: 192.168.239.108#53(192.168.239.108)
;; WHEN: Thu Apr 17 16:53:04 CST 2025
;; MSG SIZE  rcvd: 133

配置web服务

web1

安装nginx软件

[root@web1 ~]# dnf install -y nginx

更改index.html页面内容

[root@web1 ~]# echo $(hostname;hostname -I) > /usr/share/nginx/html/index.html

启动服务并测试

[root@web1 ~]# systemctl start nginx
[root@web1 ~]# curl localhost
web1 192.168.239.201

web2

安装nginx软件

[root@web2 ~]# dnf install -y nginx

更改index.html页面内容

[root@web2 ~]# echo $(hostname;hostname -I) > /usr/share/nginx/html/index.html

启动服务并测试

[root@web2 ~]# systemctl start nginx
[root@web2 ~]# curl localhost
web2 192.168.239.202

web3

安装nginx软件

[root@web3 ~]# dnf install -y nginx

更改index.html页面内容

[root@web3 ~]# echo $(hostname;hostname -I) > /usr/share/nginx/html/index.html

启动服务并测试

[root@web3 ~]# systemctl start nginx
[root@web3 ~]# curl localhost
web3 192.168.239.203

搭建lvs + keepalived

本次项目lvs使用DR模式

配置master

安装ipvsadm、keepalived

[root@lvs-master ~]# dnf install -y ipvsadm keepalived

更改keepalived配置文件

[root@lvs-master ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
vrrp_instance VI_web {state MASTERinterface ens160virtual_router_id 51priority 100advert_int 1authentication {auth_type PASSauth_pass 1111}virtual_ipaddress {192.168.239.200}
}virtual_server 192.168.239.200 80 {delay_loop 6lb_algo wrrlb_kind DRprotocol TCPreal_server 192.168.239.201 80 {weight 1TCP_CHECK {connect_timeout 3retry 3delay_before_retry 3}}real_server 192.168.239.202 80 {weight 2TCP_CHECK {connect_timeout 3retry 3delay_before_retry 3}}real_server 192.168.239.203 80 {weight 3TCP_CHECK {connect_timeout 3retry 3delay_before_retry 3}}
}
vrrp_instance VI_dns {state BACKUPinterface ens160virtual_router_id 52priority 90advert_int 1authentication {auth_type PASSauth_pass 1111}virtual_ipaddress {192.168.239.100}
}
virtual_server 192.168.239.100 53 {delay_loop 6lb_algo rrlb_kind DRprotocol UDPreal_server 192.168.239.107 53 {wight 1MISC_CHECK {connect_timeout 3misc_path "/etc/keepalived/checkdns.sh -h 192.168.239.107 txt.yili.com"}}real_server 192.168.239.108 53 {wight 1MISC_CHECK {connect_timeout 3misc_path "/etc/keepalived/checkdns.sh -h 192.168.239.108 txt.yili.com"}}
}

启动并测试

[root@lvs-master ~]# ipvsadm-save > /etc/sysconfig/ipvsadm
[root@lvs-master ~]# systemctl start keepalived.service ipvsadm.service[root@lvs-master ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags-> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.239.200:80 wrr-> 192.168.239.201:80           Route   1      0          0         -> 192.168.239.202:80           Route   2      0          0         -> 192.168.239.203:80           Route   3      0          0         
UDP  192.168.239.100:53 rr-> 192.168.239.107:53           Route   1      0          0         -> 192.168.239.108:53           Route   1      0          0

配置backup

安装ipvsadm、keepalived

[root@lvs-backup ~]# dnf install -y ipvsadm keepalived

更改keepalived配置文件

[root@lvs-backup ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
vrrp_instance VI_web {state BACKUPinterface ens160virtual_router_id 51priority 90advert_int 1authentication {auth_type PASSauth_pass 1111}virtual_ipaddress {192.168.239.200}
}
virtual_server 192.168.239.200 80 {delay_loop 6lb_algo wrrlb_kind DRprotocol TCPreal_server 192.168.239.201 80 {weight 3TCP_CHECK {connect_timeout 3retry 3delay_before_retry 3}}real_server 192.168.239.202 80 {weight 2TCP_CHECK {connect_timeout 3retry 3delay_before_retry 3}}real_server 192.168.239.203 80 {weight 1TCP_CHECK {connect_timeout 3retry 3delay_before_retry 3}}
}
vrrp_instance VI_dns {state MASTERinterface ens160virtual_router_id 52priority 100advert_int 1authentication {auth_type PASSauth_pass 1111}virtual_ipaddress {192.168.239.100}
}
virtual_server 192.168.239.200 80 {delay_loop 6lb_algo rrlb_kind DRprotocol TCPreal_server 192.168.239.201 80 {weight 1TCP_CHECK {connect_timeout 3retry 3delay_before_retry 3}}real_server 192.168.239.202 80 {weight 2TCP_CHECK {connect_timeout 3retry 3delay_before_retry 3}}
}
virtual_server 192.168.239.100 53 {delay_loop 6lb_algo rrlb_kind DRprotocol UDPreal_server 192.168.239.107 53 {wight 1MISC_CHECK {connect_timeout 3misc_path "/etc/keepalived/checkdns.sh -h 192.168.239.107 txt.yili.com"}}real_server 192.168.239.108 53 {wight 1MISC_CHECK {connect_timeout 3misc_path "/etc/keepalived/checkdns.sh -h 192.168.239.108 txt.yili.com"}}
}

启动并测试

[root@lvs-backup ~]# ipvsadm-save > /etc/sysconfig/ipvsadm
[root@lvs-backup ~]# systemctl start keepalived.service ipvsadm.service[root@lvs-backup ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags-> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.239.200:80 wrr-> 192.168.239.201:80           Route   3      0          0         -> 192.168.239.202:80           Route   2      0          0         -> 192.168.239.203:80           Route   1      0          0         
UDP  192.168.239.100:53 rr-> 192.168.239.107:53           Route   1      0          0         -> 192.168.239.108:53           Route   1      0          1

更改dns配置

添加VIP

[root@dns-master ~]# ip addr add 192.168.239.100 dev lo
[root@dns-master ~]# ip addr show lo
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet 192.168.239.100/32 scope global lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope host valid_lft forever preferred_lft forever

配置内核参数

[root@dns-master ~]# vim /etc/sysctl.conf 
[root@dns-master ~]# sysctl -p
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2

更改web配置

添加VIP

[root@web1 ~]# ip addr add 192.168.239.200 dev lo
[root@web1 ~]# ip addr show lo
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet 192.168.239.200/32 scope global lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope host valid_lft forever preferred_lft forever

配置内核参数

[root@web1 ~]# vim /etc/sysctl.conf 
[root@web1 ~]# sysctl -p
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.ip_forward = 0

客户端测试

修改dns地址

[root@client ~]# nmcli connection modify ens160 ipv4.dns 192.168.239.100
[root@client ~]# nmcli connection up ens160

测试与dns服务器的连通性

[root@client ~]# ping 192.168.239.100
PING 192.168.239.100 (192.168.239.100) 56(84) bytes of data.
64 bytes from 192.168.239.100: icmp_seq=1 ttl=64 time=0.321 ms
64 bytes from 192.168.239.100: icmp_seq=2 ttl=64 time=0.362 ms
^C
--- 192.168.239.100 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1059ms
rtt min/avg/max/mdev = 0.321/0.341/0.362/0.020 ms

测试dns解析

[root@client ~]# ping ns1.yili.com
PING ns1.yili.com (192.168.239.107) 56(84) bytes of data.
64 bytes from 192.168.239.107 (192.168.239.107): icmp_seq=1 ttl=64 time=0.422 ms
64 bytes from 192.168.239.107 (192.168.239.107): icmp_seq=2 ttl=64 time=0.332 ms
^C
--- ns1.yili.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1002ms
rtt min/avg/max/mdev = 0.332/0.377/0.422/0.045 ms

测试web lvs负载均衡

测试keepalived高可用

在lvs-master上关闭keepalived服务后发现，200的VIP漂移到了backup上

重新启动后，200VIP重新漂移到master上

【运维学习】lvs + keepalived + 主从dns 项目搭建

需求

主机规划

环境搭建

配置主从dns

主dns

安装bind软件

配置主配置文件

配置区域文件

正向解析

反向解析

dig测试

从dns

安装bind软件

配置主配置文件

dig测试

配置web服务

web1

安装nginx软件

更改index.html页面内容

启动服务并测试

web2

安装nginx软件

更改index.html页面内容

启动服务并测试

web3

安装nginx软件

更改index.html页面内容

启动服务并测试

搭建lvs + keepalived

配置master

安装ipvsadm、keepalived

更改keepalived配置文件

启动并测试

配置backup

安装ipvsadm、keepalived

更改keepalived配置文件

启动并测试

更改dns配置

添加VIP

配置内核参数

更改web配置

添加VIP

配置内核参数

客户端测试

修改dns地址

测试与dns服务器的连通性

测试dns解析

测试web lvs负载均衡

测试keepalived高可用

相关资讯

热文排行

最新新闻

推荐新闻

热搜词