一、环境
[root@localhost ~]# cat /etc/issue Red Hat Enterprise Linux Server release 6.6 (Santiago) Kernel \r on an \m
[root@localhost ~]# uname -r 2.6.32-504.el6.x86_64
角色 | master-backup | backup-master | client |
ip | 192.168.42.9 | 192.168.42.11 | 192.168.42.110 |
二、时间同步服务器配置
对于时间同步服务器 一般装好系统会自带 也可以使用本地yum 安装
ntp 192.168.42.9/11上时间同步服务器配置:
[root@localhost ~]# cat /etc/ntp.conf # For more information about this file, see the man pages # ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5). driftfile /var/lib/ntp/drift # Permit time synchronization with our time source, but do not # permit the source to query or modify the service on this system. restrict default kod nomodify notrap nopeer noquery restrict -6 default kod nomodify notrap nopeer noquery # Permit all access over the loopback interface. This could # be tightened as well, but to do so would effect some of # the administrative functions. restrict 192.168.42.100 mask 255.255.255.0 nomodify notrap restrict -6 ::1 # Hosts on local network are less restricted. #restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). server 127.127.1.0 #server 1.rhel.pool.ntp.org iburst #server 2.rhel.pool.ntp.org iburst #server 3.rhel.pool.ntp.org iburst #broadcast 192.168.1.255 autokey# broadcast server #broadcastclient# broadcast client #broadcast 224.0.1.1 autokey# multicast server #multicastclient 224.0.1.1# multicast client #manycastserver 239.255.254.254# manycast server #manycastclient 239.255.254.254 autokey # manycast client # Enable public key cryptography. #crypto includefile /etc/ntp/crypto/pw # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys
# Specify the key identifiers which are trusted. #trustedkey 4 8 42 # Specify the key identifier to use with the ntpdc utility. #requestkey 8 # Specify the key identifier to use with the ntpq utility. #controlkey 8 # Enable writing of statistics records. #statistics clockstats cryptostats loopstats peerstats
在192.168.42.9/11域名解析服务器上执行如下操作
[root@localhost ~]# cat /etc/named.conf // // named.conf // // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS // server as a caching only nameserver (as a localhost DNS resolver only). // // See /usr/share/doc/bind*/sample/ for example named configuration files. //
options { listen-on port 53 { 127.0.0.1;192.168.42.9;192.168.42.100; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { any; }; recursion no; dnssec-enable yes; dnssec-validation yes; dnssec-lookaside auto; /* Path to ISC DLV key */ bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic"; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; zone "jxnxs.com" IN { type master; file "zone.jxnxs"; }; zone "42.168.192.in-addr.arpa" IN { type master; file "42.168.192.db"; }; include "/etc/named.rfc1912.zones"; include "/etc/named.root.key";
192.168.42.9/11上正向解析配置文件
[root@localhost ~]# cat /var/named/zone.jxnxs $TTL 86400 @IN SOAns.jxnxs.com. hostmaster.jxnxs.com. ( 2013110116 21600 3600 604800 86400) INNSns.jxnxs.com. nsINA192.168.42.100 mqin1.esbINA192.168.42.11 mqin2.esbINA192.168.42.12 mqin3.esbINA192.168.42.13 mqin4.esbINA192.168.42.14 mqin5.esbINA192.168.42.15
在192.168.42.9/11上反向解析配置文件
[root@localhost ~]# cat /var/named/42.168.192.db $TTL 86400 @IN SOAns.jxnxs.com hostmaster.jxnxs.com. ( 2013110116 21600 3600 604800 86400); INNSns.jxnxs.com. 193INPTRpim3.jxnxs.com. 194INPTRpim4.jxnxs.com. 195INPTRpim5.jxnxs.com. 196INPTRpim6.jxnxs.com. 197INPTRpim7.jxnxs.com.
在192.168.42.9上的keepalived的配置文件如下
[root@localhost ~]# cat /etc/keepalived/keepalived.conf ! Configuration File for keepalived global_defs { router_id DNS1 } vrrp_script chk_named_port { script "/data/script/named.sh" interval 2 } vrrp_instance VI_1 { state MASTER interface eth0 virtual_router_id 88 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 1234 } track_script { chk_named_port } virtual_ipaddress { 192.168.42.100/24 } notify_master /data/script/named_stat_change.sh }
在192.168.42.11上的keepalived的配置文件如下
[root@localhost ~]# cat /etc/keepalived/keepalived.conf ! Configuration File for keepalived global_defs { router_id DNS1 } vrrp_script chk_named_port { script "/data/script/named.sh" interval 2 } vrrp_instance VI_1 { state BACKUP interface eth0 virtual_router_id 88 priority 80 advert_int 1 authentication { auth_type PASS auth_pass 1234 } track_script { chk_named_port } virtual_ipaddress { 192.168.42.100/24 } notify_master /data/script/named_stat_change.sh }
192.168.42.9/11上keepalived状态监测脚本
[root@localhost ~]# cat /data/script/named.sh #!/bin/bash named_status1=`ps -C named --no-header |wc -l` if [ $named_status1 -eq 0 ] then /etc/init.d/named restart sleep 2 named_status2=`ps -C named --no-header |wc -l ` if [ $named_status2 -eq 0 ] then /etc/init.d/keepalived stop fi fi
192.168.42.9/11上keepalived为主时执行的脚本
[root@localhost ~]# cat /data/script/named_stat_change.sh #!/bin/bash ping_gateway_status=`ping -c 2 192.168.42.4|grep ttl=|wc -l` if [ $ping_gateway_status -eq 0 ] then /etc/init.d/keepalived stop else /etc/init.d/named restart fi
这是生产环境内网的一套dns+ntp+keeplived高可用实践方案,部署有问题的可以留言