机加工订单平台_网站建设公司业务员_珠海网站设计_seo咨询师招聘

项目架构

主机规划

主机	IP	角色	软件
lb-master	172.25.250.105	主备负载均衡器	ipvsadm，keepalived
lb-backup	172.25.250.106	同时做web和dns调度	ipvsadm，keepalived
dns-master	172.25.250.107	VIP：172.25.250.100	bind
dns-slave	172.25.250.108	LVS DNS 节点互为主从同步	bind
web01	172.25.250.201		nginx，bind-utils
web02	172.25.250.202	LVS WEB 节点，VIP：172.25.250.200	nginx，bind-utils
web03	172.25.250.203		nginx，bind-utils

！！！本章笔记中博主是根据自己的主机规划来修改主机名以及 IP 地址的这一步不是必须的，大家根据自身虚拟机本来的就好，记得哪台主机做的什么角色就行

注意：所有主机的防火墙和 Selinux 都关闭

# 关闭防火墙
systemctl disable --now firewalld# 临时关闭selinux
setenforce 0
# 永久关闭selinux
sed -i "s/SELINUX=enforcing/SELINUX=permissive/g" /etc/selinux/config永久挂载仓库
[root@localhost ~]# vim /etc/fstab
[root@localhost ~]# cat /etc/fstab 
/dev/mapper/rhel-root   /                       xfs     defaults        0 0
UUID=589b1fb8-b9eb-461f-ab73-55252609a21e /boot                   xfs     defaults        0 0
UUID=95BF-10A3          /boot/efi               vfat    umask=0077,shortname=winnt 0 2
/dev/mapper/rhel-swap   none                    swap    defaults        0 0
/dev/sr0                /mnt                    iso9660  defaults       0 0 
[root@localhost ~]# systemctl daemon-reload
[root@localhost ~]# mount -a

搭建 DNS 服务

配置主服务 DNS

修改主机名和 IP 地址

[root@localhost ~]# hostnamectl hostname dns-master
[root@localhost ~]# nmcli c modify ens160 ipv4.method manual  ipv4.addresses 172.25.250.107 /24 ipv4.gateway 172.25.250.2 ipv4.dns 223.5.5.5 connection.autoconnect yes
[root@localhost ~]# nmcli c up ens160

挂载仓库并下载服务

[root@dns-master ~]# mount /dev/sr0 /mnt
mount: /mnt: WARNING: source write-protected, mounted read-only.
[root@dns-master ~]# dnf -y install bind

修改核心配置文件

[root@dns-master ~]# vim /etc/named.conf 
[root@dns-master ~]# cat /etc/named.conf 
options {listen-on port 53 { 172.25.250.107;172.25.250.100; };directory 	"/var/named";
};
zone "mingyue.com" IN {type master;file "mingyue.zone";allow-transfer { 172.25.250.108; };
};
zone "250.25.172.in-addr.arpa" IN {type master;file "mingyue.fanxiang";allow-transfer { 172.25.250.108; };
};

检查配置文件是否有误（没有消息提示说明配置文件修改没问题，若有根据提示修改配置文件）

[root@dns-master ~]# named-checkconf

编写正向解析区域数据文件

[root@dns-master ~]# vim /var/named/mingyue.zone 
[root@dns-master ~]# cat /var/named/mingyue.zone 
$TTL	1D
@	IN	SOA	ns1.mingyue.com.	root.mingyue.com. (0 1H 1D 1W 3D)IN	NS	ns1.mingyue.com.IN	NS	ns2
ns1	IN	A	172.25.250.107
ns2	IN	A	172.25.250.108
www	IN	A	172.25.250.200
txt	IN	TXT	"AaBbCcDdEeFf"

检查正向解析区域数据文件是否有误

[root@dns-master ~]# named-checkzone mingyue.com /var/named/mingyue.zone
zone mingyue.com/IN: loaded serial 0
OK

编写反向解析区域数据文件并检查是否有误

[root@dns-master ~]# cp -a /var/named/mingyue.zone /var/named/mingyue.fanxiang
[root@dns-master ~]# ll /var/named/
total 24
drwxrwx---. 2 named named    6 Aug 28  2024 data
drwxrwx---. 2 named named    6 Aug 28  2024 dynamic
-rw-r--r--. 1 root  root   202 Apr 12 14:09 mingyue.fanxiang
-rw-r--r--. 1 root  root   202 Apr 12 14:09 mingyue.zone
-rw-r-----. 1 root  named 2112 Aug 28  2024 named.ca
-rw-r-----. 1 root  named  152 Aug 28  2024 named.empty
-rw-r-----. 1 root  named  152 Aug 28  2024 named.localhost
-rw-r-----. 1 root  named  168 Aug 28  2024 named.loopback
drwxrwx---. 2 named named    6 Aug 28  2024 slaves
[root@dns-master ~]# vim /var/named/mingyue.fanxiang 
[root@dns-master ~]# cat /var/named/mingyue.fanxiang 
$TTL	1D
@	IN	SOA	ns1.mingyue.com.	root.mingyue.com. (0 1H 1D 1W 3D)IN	NS	ns1.mingyue.com.IN	NS	ns2
ns1	IN	A	172.25.250.107
ns2	IN	A	172.25.250.108
200	IN	PTR	www.mingyue.com.
txt	IN	TXT	"AaBbCcDdEeFf"	
[root@dns-master ~]# named-checkzone mingyue.com /var/named/mingyue.fanxiang 
zone mingyue.com/IN: loaded serial 0
OK

启动服务并测试

[root@dns-master ~]# systemctl start named
[root@dns-master ~]# dig -t NS mingyue.com @172.25.250.107; <<>> DiG 9.16.23-RH <<>> -t NS mingyue.com @172.25.250.107
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14162
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 3;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: f082f46b7ee541bf0100000067fa0532ff3c047be69773cd (good)
;; QUESTION SECTION:
;mingyue.com.			IN	NS;; ANSWER SECTION:
mingyue.com.		86400	IN	NS	ns1.mingyue.com.
mingyue.com.		86400	IN	NS	ns2.mingyue.com.;; ADDITIONAL SECTION:
ns1.mingyue.com.	86400	IN	A	172.25.250.107
ns2.mingyue.com.	86400	IN	A	172.25.250.108;; Query time: 2 msec
;; SERVER: 172.25.250.107#53(172.25.250.107)
;; WHEN: Sat Apr 12 14:16:18 CST 2025
;; MSG SIZE  rcvd: 136[root@dns-master ~]# dig -t A www.mingyue.com @172.25.250.107; <<>> DiG 9.16.23-RH <<>> -t A www.mingyue.com @172.25.250.107
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10116
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 8529c23b6b32e1a60100000067fa0561d02e583eade8e231 (good)
;; QUESTION SECTION:
;www.mingyue.com.		IN	A;; ANSWER SECTION:
www.mingyue.com.	86400	IN	A	172.25.250.200;; Query time: 0 msec
;; SERVER: 172.25.250.107#53(172.25.250.107)
;; WHEN: Sat Apr 12 14:17:05 CST 2025
;; MSG SIZE  rcvd: 88[root@dns-master ~]# dig -x 172.25.250.200 @172.25.250.107; <<>> DiG 9.16.23-RH <<>> -x 172.25.250.200 @172.25.250.107
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57737
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: d8d9bf0abd0af37d0100000067fa0587155762c6e39574b9 (good)
;; QUESTION SECTION:
;200.250.25.172.in-addr.arpa.	IN	PTR;; ANSWER SECTION:
200.250.25.172.in-addr.arpa. 86400 IN	PTR	www.mingyue.com.;; Query time: 9 msec
;; SERVER: 172.25.250.107#53(172.25.250.107)
;; WHEN: Sat Apr 12 14:17:43 CST 2025
;; MSG SIZE  rcvd: 113

配置从服务 DNS

修改主机名和 IP 地址

[root@localhost ~]# hostnamectl hostname dns-slave
[root@localhost ~]# nmcli c modify ens160 ipv4.method manual  ipv4.addresses 172.25.250.108/24 ipv4.gateway 172.25.250.2 ipv4.dns 223.5.5.5 connection.autoconnect yes
[root@localhost ~]# nmcli c up ens160

挂载仓库并下载软件

[root@dns-slave ~]# mount /dev/sr0 /mnt
mount: /mnt: WARNING: source write-protected, mounted read-only.
[root@dns-slave ~]# dnf -y install bind

修改核心配置文件

[root@dns-slave ~]# vim /etc/named.conf 
[root@dns-slave ~]# cat /etc/named.conf 
options {listen-on port 53 { 172.25.250.108;172.25.250.100; };directory       "/var/named";
};zone "mingyue.com" IN {type slave;file "slaves/mingyue.zone";masters { 172.25.250.107; };allow-transfer  { none; };
};zone "250.25.172.in.addr.arpa" IN {type slave;masters { 172.25.250.107; };file "slaves/mingyue.fanxiang";allow-transfer { none; };
};

检查配置文件是否有误（没有消息提示说明配置文件修改没问题，若有根据提示修改配置文件）

[root@dns-slave ~]# named-checkconf

启动服务并测试（若是没有文件检查防火墙是否关闭）

[root@dns-slave ~]# ls /var/named/slaves
[root@dns-slave ~]# systemctl start named
[root@dns-slave ~]# ls /var/named/slaves/
mingyue.fanxiang  mingyue.zone[root@dns-slave ~]# dig -t A www.mingyue.com @172.25.250.107; <<>> DiG 9.16.23-RH <<>> -t A www.mingyue.com @172.25.250.107
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64898
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: ce420687d228d5b40100000067fa0d06077ab9fafd700f17 (good)
;; QUESTION SECTION:
;www.mingyue.com.		IN	A;; ANSWER SECTION:
www.mingyue.com.	86400	IN	A	172.25.250.200;; Query time: 4 msec
;; SERVER: 172.25.250.107#53(172.25.250.107)
;; WHEN: Sat Apr 12 14:49:42 CST 2025
;; MSG SIZE  rcvd: 88[root@dns-slave ~]# dig -t A www.mingyue.com @172.25.250.108; <<>> DiG 9.16.23-RH <<>> -t A www.mingyue.com @172.25.250.108
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14843
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 137473cba75fd4b90100000067fa0d18e153428993edd1ef (good)
;; QUESTION SECTION:
;www.mingyue.com.		IN	A;; ANSWER SECTION:
www.mingyue.com.	86400	IN	A	172.25.250.200;; Query time: 2 msec
;; SERVER: 172.25.250.108#53(172.25.250.108)
;; WHEN: Sat Apr 12 14:50:00 CST 2025
;; MSG SIZE  rcvd: 88

搭建 web 服务

web01

修改主机名和 IP 地址

[root@localhost ~]# hostnamectl hostname web01
[root@web01 ~]# ip ad
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope host valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000link/ether 00:0c:29:68:31:7f brd ff:ff:ff:ff:ff:ffaltname enp3s0inet 172.25.250.201/24 brd 172.25.250.255 scope global dynamic noprefixroute ens160valid_lft 1753sec preferred_lft 1753secinet6 fe80::20c:29ff:fe68:317f/64 scope link noprefixroute valid_lft forever preferred_lft forever

挂载仓库并下载软件

[root@web01 ~]# mount /dev/sr0 /mnt
mount: /mnt: WARNING: source write-protected, mounted read-only.
[root@web01 ~]# dnf -y install nginx

配置 nginx

[root@web01 ~]# vim /etc/nginx/conf.d/web01.conf
[root@web01 ~]# cat /etc/nginx/conf.d/web01.conf
server {listen  	80;server_name	www.mingyue.com;root		/usr/share/nginx/html;
}

修改 DNS

[root@web01 ~]# nmcli c modify ens160 ipv4.dns 172.25.250.100
[root@web01 ~]# nmcli c up ens160
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/3)
[root@web01 ~]# nmcli d show | grep DNS
IP4.DNS[1]:                             172.25.250.100

编写首页

[root@web01 ~]# echo $(hostname) - $(hostname -I) > /usr/share/nginx/html/index.html

启动服务并测试

[root@web01 ~]# systemctl start nginx
[root@web01 ~]# curl localhost
web01 - 172.25.250.201

web02

修改主机名和 IP 地址

[root@localhost ~]# hostnamectl hostname web02
[root@web02 ~]# ip ad
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope host valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000link/ether 00:0c:29:7e:8e:dc brd ff:ff:ff:ff:ff:ffaltname enp3s0inet 172.25.250.202/24 brd 172.25.250.255 scope global dynamic noprefixroute ens160valid_lft 987sec preferred_lft 987secinet6 fe80::20c:29ff:fe7e:8edc/64 scope link noprefixroute valid_lft forever preferred_lft forever

挂载仓库并下载软件

[root@web02 ~]# mount /dev/sr0 /mnt
mount: /mnt: WARNING: source write-protected, mounted read-only.
[root@web02 ~]# dnf -y install nginx

配置 nginx

[root@web02 ~]# vim /etc/nginx/conf.d/web02.conf
[root@web02 ~]# cat /etc/nginx/conf.d/web02.conf 
server {listen		80;server_name	www.mingiyue.com;root		/usr/share/nginx/html;
}

修改 DNS

[root@web02 ~]# nmcli c modify ens160 ipv4.dns 172.25.250.100
[root@web02 ~]# nmcli c up ens160 
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/3)
[root@web02 ~]# nmcli d show ens160 | grep DNS
IP4.DNS[1]:                             172.25.250.100

编写首页

[root@web02 ~]# echo $(hostname) - $(hostname -I) > /usr/share/nginx/html/index.html

启动服务并测试

[root@web02 ~]# systemctl start nginx
[root@web02 ~]# curl localhost
web02 - 172.25.250.202

web03

修改主机名和 IP 地址

[root@localhost ~]# hostnamectl hostname web03
[root@web03 ~]# ip ad
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope host valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000link/ether 00:0c:29:12:a5:be brd ff:ff:ff:ff:ff:ffaltname enp3s0inet 172.25.250.203/24 brd 172.25.250.255 scope global dynamic noprefixroute ens160valid_lft 1027sec preferred_lft 1027secinet6 fe80::20c:29ff:fe12:a5be/64 scope link noprefixroute valid_lft forever preferred_lft forever

挂载仓库并下载软件

[root@web03 ~]# mount /dev/sr0 /mnt
mount: /mnt: WARNING: source write-protected, mounted read-only.
[root@web03 ~]# dnf -y install nginx

配置 nginx

[root@web03 ~]# vim /etc/nginx/conf.d/web03.conf
[root@web03 ~]# cat /etc/nginx/conf.d/web03.conf 
server {listen		80;server_name	www.mingyue.com;root		/usr/share/nginx/html;
}

修改 DNS

[root@web03 ~]# nmcli c modify ens160 ipv4.dns 172.25.250.100
[root@web03 ~]# nmcli c up ens160 
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/3)
[root@web03 ~]# nmcli d show ens160 | grep DNS
IP4.DNS[1]:                             172.25.250.100

编写首页

[root@web03 ~]# echo $(hostname) - $(hostname -I) > /usr/share/nginx/html/index.html

启动服务并测试

[root@web03 ~]# systemctl start nginx
[root@web03 ~]# curl localhost
web03 - 172.25.250.203

搭建 Keepalived 和 LVS

配置master

修改主机名和 IP 地址

[root@localhost ~]# hostnamectl hostname lb-master
[root@localhost ~]# nmcli c modify ens160 ipv4.method manual  ipv4.addresses 172.25.250.105/24 ipv4.gateway 172.25.250.2 ipv4.dns 223.5.5.5 connection.autoconnect yes
[root@localhost ~]# nmcli c up ens160

挂载仓库并下载软件

[root@lb-master ~]# mount /dev/sr0 /mnt
mount: /mnt: WARNING: source write-protected, mounted read-only.
[root@lb-master ~]# dnf -y install keepalived ipvsadm bind-utils

配置 Keepalived

[root@lb-master ~]# vim /etc/keepalived/keepalived.conf 
[root@lb-master ~]# cat /etc/keepalived/keepalived.conf 
global_defs {router_id LVS_master
}vrrp_instance VI_web {state MASTERinterface ens160virtual_router_id 51priority 100advert_int 1authentication {auth_type PASSauth_pass 1111}virtual_ipaddress {172.25.250.200}
}virtual_server 172.25.250.200 80 {delay_loop 6lb_algo wrrlb_kind DRprotocol TCPreal_server 172.25.250.201 80 {weight 3TCP_CHECK{connect_timeout 3retry 3delay_before_retry 3}}real_server 172.25.250.202 80 {weight 2TCP_CHECK{connect_timeout 3retry 3delay_before_retry 3}}real_server 172.25.250.203 80 {weight 1TCP_CHECK{connect_timeout 3retry 3delay_before_retry 3}}
}vrrp_instance VI_dns {state BACKUPinterface ens160virtual_router_id 52priority 80advert_int 1authentication {auth_type PASSauth_pass 1111}virtual_ipaddress {172.25.250.100}
}virtual_server 172.25.250.100 53 {delay_loop 6lb_algo rrlb_kind DRprotocol UDPreal_server 172.25.250.107 53 {weight 1MISC_CHECK {connect_timeout 3misc_path "/etc/keepalived/checkdns.sh -h 172.25.250.107 txt.chengke.com"}}real_server 172.25.250.108 53 {weight 1MISC_CHECK {connect_timeout 3misc_path "/etc/keepalived/checkdns.sh -h 172.25.250.108 txt.chengke.com"}}
}

编写检测脚本文件并赋予权限

[root@lb-master ~]# vim /etc/keepalived/checkdns.sh
[root@lb-master ~]# cat /etc/keepalived/checkdns.sh
#!/bin/bash
[ $# -le 2 ] && { echo "usage: $0 -h <ip>"; exit 2; }
domain=$3
while getopts "h:" OPT; docase $OPT inh)host=$OPTARG;;*)echo "usage: $0 -h <ip>" && exit 1;;esac
done
dig @${host} txt ${domain} +time=1 | grep "\<AaBbCcDdEeFf\>" > /dev/null
exit $?
[root@lb-master ~]# chmod a+x /etc/keepalived/checkdns.sh 
[root@lb-master ~]# ll /etc/keepalived/checkdns.sh 
-rwxr-xr-x. 1 root root 411 Apr 12 15:41 /etc/keepalived/checkdns.sh

启动服务

[root@lb-master ~]# ipvsadm-save > /etc/sysconfig/ipvsadm
[root@lb-master ~]# systemctl start keepalived.service ipvsadm.service [root@lb-master ~]# ip a show ens160 
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000link/ether 00:0c:29:22:88:c0 brd ff:ff:ff:ff:ff:ffaltname enp3s0inet 172.25.250.105/24 brd 172.25.250.255 scope global noprefixroute ens160valid_lft forever preferred_lft foreverinet 172.25.250.200/32 scope global ens160valid_lft forever preferred_lft foreverinet6 fe80::20c:29ff:fe22:88c0/64 scope link noprefixroute valid_lft forever preferred_lft forever

查看 LVS 规则

[root@lb-master ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags-> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  172.25.250.200:80 wrr-> 172.25.250.201:80            Route   3      0          0         -> 172.25.250.202:80            Route   2      0          0         -> 172.25.250.203:80            Route   1      0          0         
UDP  172.25.250.100:53 rr-> 172.25.250.107:53            Route   1      0          0         -> 172.25.250.108:53            Route   1      0          0

配置backup

修改主机名和 IP 地址

[root@localhost ~]# hostnamectl hostname lb-backup
[root@localhost ~]# nmcli c modify ens160 ipv4.method manual  ipv4.addresses 172.25.250.106/24 ipv4.gateway 172.25.250.2 ipv4.dns 223.5.5.5 connection.autoconnect yes
[root@localhost ~]# nmcli c up ens160

挂载仓库并下载软件

[root@lb-backup ~]# mount /dev/sr0 /mnt
mount: /mnt: WARNING: source write-protected, mounted read-only.
[root@lb-backup ~]# dnf -y install keepalived ipvsadm bind-utils

复制 keepalived 的配置文件到 backup 主机中并修改

[root@lb-master ~]# scp /etc/keepalived/keepalived.conf 172.25.250.106:/etc/keepalived
The authenticity of host '172.25.250.106 (172.25.250.106)' can't be established.
ED25519 key fingerprint is SHA256:zQRVAzxowh+vQParI9tLut0o4tqknS8RIH86Oa4QB/A.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '172.25.250.106' (ED25519) to the list of known hosts.
root@172.25.250.106's password: 
keepalived.conf                                                                       100% 1652   287.3KB/s   00:00 [root@lb-backup ~]# vim /etc/keepalived/keepalived.conf 
[root@lb-backup ~]# cat /etc/keepalived/keepalived.conf 
global_defs {router_id LVS_backup
}vrrp_instance VI_web {state BACKUPinterface ens160virtual_router_id 51priority 80advert_int 1authentication {auth_type PASSauth_pass 1111}virtual_ipaddress {172.25.250.200}
}virtual_server 172.25.250.200 80 {delay_loop 6lb_algo wrrlb_kind DRprotocol TCPreal_server 172.25.250.201 80 {weight 3TCP_CHECK{connect_timeout 3retry 3delay_before_retry 3}}real_server 172.25.250.202 80 {weight 2TCP_CHECK{connect_timeout 3retry 3delay_before_retry 3}}real_server 172.25.250.203 80 {weight 1TCP_CHECK{connect_timeout 3retry 3delay_before_retry 3}}
}vrrp_instance VI_dns {state MASTERinterface ens160virtual_router_id 52priority 100advert_int 1authentication {auth_type PASSauth_pass 1111}virtual_ipaddress {172.25.250.100}
}virtual_server 172.25.250.100 53 {delay_loop 6lb_algo rrlb_kind DRprotocol UDPreal_server 172.25.250.107 53 {weight 1MISC_CHECK {connect_timeout 3misc_path "/etc/keepalived/checkdns.sh -h 172.25.250.107 txt.chengke.com"}}real_server 172.25.250.108 53 {weight 1MISC_CHECK {connect_timeout 3misc_path "/etc/keepalived/checkdns.sh -h 172.25.250.108 txt.chengke.com"}}
}

复制检测脚本文件到 backup 主机中

[root@lb-master ~]# scp /etc/keepalived/checkdns.sh  172.25.250.106:/etc/keepalived
root@172.25.250.106's password: 
checkdns.sh                                                                           100%  411    71.5KB/s   00:00    [root@lb-backup ~]# cd /etc/keepalived/
[root@lb-backup keepalived]# ll
total 8
-rwxr-xr-x. 1 root root  411 Apr 12 15:46 checkdns.sh
-rw-r--r--. 1 root root 1652 Apr 12 15:48 keepalived.conf

启动服务

[root@lb-backup ~]# ipvsadm-save > /etc/sysconfig/ipvsadm
[root@lb-backup ~]# systemctl start keepalived.service ipvsadm.service [root@lb-backup ~]# ip a show ens160 
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000link/ether 00:0c:29:66:17:9c brd ff:ff:ff:ff:ff:ffaltname enp3s0inet 172.25.250.106/24 brd 172.25.250.255 scope global noprefixroute ens160valid_lft forever preferred_lft foreverinet 172.25.250.100/32 scope global ens160valid_lft forever preferred_lft foreverinet6 fe80::20c:29ff:fe66:179c/64 scope link noprefixroute valid_lft forever preferred_lft forever

查看 LVS 规则

[root@lb-backup ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags-> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  172.25.250.200:80 wrr-> 172.25.250.201:80            Route   3      0          0         -> 172.25.250.202:80            Route   2      0          0         -> 172.25.250.203:80            Route   1      0          0         
UDP  172.25.250.100:53 rr-> 172.25.250.107:53            Route   1      0          0         -> 172.25.250.108:53            Route   1      0          0

DNS 服务器增加 VIP 和配置内核参数

主服务器

增加 VIP

[root@dns-master ~]# ifconfig lo:0 172.25.250.100 netmask 255.255.255.255 up
[root@dns-master ~]# route add -host 172.25.250.100 dev lo:0
[root@dns-master ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet 172.25.250.100/32 scope global lo:0valid_lft forever preferred_lft foreverinet6 ::1/128 scope host valid_lft forever preferred_lft forever

配置内核参数

[root@dns-master ~]# vim /etc/sysctl.conf 
[root@dns-master ~]# cat /etc/sysctl.conf 
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2[root@dns-master ~]# sysctl -p
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2

从服务器

增加 VIP

[root@dns-slave ~]#  ifconfig lo:0 172.25.250.100 netmask 255.255.255.255 up
[root@dns-slave ~]# route add -host 172.25.250.100 dev lo:0
[root@dns-slave ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet 172.25.250.100/32 scope global lo:0valid_lft forever preferred_lft foreverinet6 ::1/128 scope host valid_lft forever preferred_lft forever

配置内核参数

[root@dns-slave ~]# vim /etc/sysctl.conf   
[root@dns-slave ~]# cat /etc/sysctl.conf 
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2[root@dns-slave ~]# sysctl -p
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2

修改 web 服务器

web01

增加 VIP

[root@web01 ~]# ifconfig lo:0 172.25.250.200 netmask 255.255.255.255 up
[root@web01 ~]# route add -host 172.25.250.200 dev lo:0
[root@web01 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet 172.25.250.200/32 scope global lo:0valid_lft forever preferred_lft foreverinet6 ::1/128 scope host valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000link/ether 00:0c:29:68:31:7f brd ff:ff:ff:ff:ff:ffaltname enp3s0inet 172.25.250.201/24 brd 172.25.250.255 scope global dynamic noprefixroute ens160valid_lft 1420sec preferred_lft 1420secinet6 fe80::20c:29ff:fe68:317f/64 scope link noprefixroute valid_lft forever preferred_lft forever

配置内核参数

[root@web01 ~]# vim /etc/sysctl.conf 
[root@web01 ~]# sysctl -p
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.ip_forward = 0

web02

增加 VIP

[root@web02 ~]# ifconfig lo:0 172.25.250.200 netmask 255.255.255.255 up
[root@web02 ~]# route add -host 172.25.250.200 dev lo:0
[root@web02 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet 172.25.250.200/32 scope global lo:0valid_lft forever preferred_lft foreverinet6 ::1/128 scope host valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000link/ether 00:0c:29:7e:8e:dc brd ff:ff:ff:ff:ff:ffaltname enp3s0inet 172.25.250.202/24 brd 172.25.250.255 scope global dynamic noprefixroute ens160valid_lft 1477sec preferred_lft 1477secinet6 fe80::20c:29ff:fe7e:8edc/64 scope link noprefixroute valid_lft forever preferred_lft forever

配置内核参数

[root@web02 ~]# vim /etc/sysctl.conf 
[root@web02 ~]# sysctl -p
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.ip_forward = 0

web03

增加 VIP

[root@web03 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet 172.25.250.200/32 scope global lo:0valid_lft forever preferred_lft foreverinet6 ::1/128 scope host valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000link/ether 00:0c:29:12:a5:be brd ff:ff:ff:ff:ff:ffaltname enp3s0inet 172.25.250.203/24 brd 172.25.250.255 scope global dynamic noprefixroute ens160valid_lft 1612sec preferred_lft 1612secinet6 fe80::20c:29ff:fe12:a5be/64 scope link noprefixroute valid_lft forever preferred_lft forever

配置内核参数

[root@web03 ~]# vim /etc/sysctl.conf 
[root@web03 ~]# sysctl -p
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.ip_forward = 0

测试

[root@client ~]# curl 172.25.250.200
web03 - 172.25.250.203
[root@client ~]# curl 172.25.250.200
web02 - 172.25.250.202
[root@client ~]# curl 172.25.250.200
web01 - 172.25.250.201
[root@client ~]# curl 172.25.250.200
web01 - 172.25.250.201
[root@client ~]# curl 172.25.250.200
web02 - 172.25.250.202
[root@client ~]# curl 172.25.250.200
web01 - 172.25.250.201
[root@client ~]# curl 172.25.250.200
web03 - 172.25.250.203
[root@client ~]# curl 172.25.250.200
web02 - 172.25.250.202

机加工订单平台_网站建设公司业务员_珠海网站设计_seo咨询师招聘

项目架构

主机规划

注意：所有主机的防火墙和 Selinux 都关闭

搭建 DNS 服务

配置主服务 DNS

修改主机名和 IP 地址

挂载仓库并下载服务

修改核心配置文件

检查配置文件是否有误（没有消息提示说明配置文件修改没问题，若有根据提示修改配置文件）

编写正向解析区域数据文件

检查正向解析区域数据文件是否有误

编写反向解析区域数据文件并检查是否有误

启动服务并测试

配置从服务 DNS

修改主机名和 IP 地址

挂载仓库并下载软件

修改核心配置文件

检查配置文件是否有误（没有消息提示说明配置文件修改没问题，若有根据提示修改配置文件）

启动服务并测试（若是没有文件检查防火墙是否关闭）

搭建 web 服务

web01

修改主机名和 IP 地址

挂载仓库并下载软件

配置 nginx

修改 DNS

编写首页

启动服务并测试

web02

修改主机名和 IP 地址

挂载仓库并下载软件

配置 nginx

修改 DNS

编写首页

启动服务并测试

web03

修改主机名和 IP 地址

挂载仓库并下载软件

配置 nginx

修改 DNS

编写首页

启动服务并测试

搭建 Keepalived 和 LVS

配置master

修改主机名和 IP 地址

挂载仓库并下载软件

配置 Keepalived

编写检测脚本文件并赋予权限

启动服务

查看 LVS 规则

配置backup

修改主机名和 IP 地址

挂载仓库并下载软件

复制 keepalived 的配置文件到 backup 主机中并修改

复制检测脚本文件到 backup 主机中

启动服务

查看 LVS 规则

DNS 服务器增加 VIP 和配置内核参数

主服务器

增加 VIP

配置内核参数

从服务器

增加 VIP

配置内核参数

修改 web 服务器

web01

增加 VIP

配置内核参数

web02

增加 VIP

配置内核参数

web03

增加 VIP

配置内核参数

测试

服务搭建完成！！！

最新新闻

热搜词