一、环境[root@localhost ~]# cat /etc/issue
Red Hat Enterprise Linux Server release 6.6 (Santiago)
Kernel \r on an \m[root@localhost ~]# uname -r
2.6.32-504.el6.x86_64
角色master-backupbackup-masterclient
ip192.168.42.9192.168.42.11192.168.42.110
二、时间同步服务器配置
对于时间同步服务器 一般装好系统会自带 也可以使用本地yum 安装
ntp 192.168.42.9/11上时间同步服务器配置:
[root@localhost ~]# cat /etc/ntp.conf
# For more information about this file, see the man pages
# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).
driftfile /var/lib/ntp/drift
# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery
# Permit all access over the loopback interface. This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 192.168.42.100 mask 255.255.255.0 nomodify notrap
restrict -6 ::1
# Hosts on local network are less restricted.
#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
server 127.127.1.0
#server 1.rhel.pool.ntp.org iburst
#server 2.rhel.pool.ntp.org iburst
#server 3.rhel.pool.ntp.org iburst
#broadcast 192.168.1.255 autokey# broadcast server
#broadcastclient# broadcast client
#broadcast 224.0.1.1 autokey# multicast server
#multicastclient 224.0.1.1# multicast client
#manycastserver 239.255.254.254# manycast server
#manycastclient 239.255.254.254 autokey # manycast client
# Enable public key cryptography.
#crypto
includefile /etc/ntp/crypto/pw
# Key file containing the keys and key identifiers used when operating
# with symmetric key cryptography.
keys /etc/ntp/keys# Specify the key identifiers which are trusted.
#trustedkey 4 8 42
# Specify the key identifier to use with the ntpdc utility.
#requestkey 8
# Specify the key identifier to use with the ntpq utility.
#controlkey 8
# Enable writing of statistics records.
#statistics clockstats cryptostats loopstats peerstats
在192.168.42.9/11域名解析服务器上执行如下操作[root@localhost ~]# cat /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//options {
listen-on port 53 { 127.0.0.1;192.168.42.9;192.168.42.100; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
recursion no;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "jxnxs.com" IN {
type master;
file "zone.jxnxs";
};
zone "42.168.192.in-addr.arpa" IN {
type master;
file "42.168.192.db";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
192.168.42.9/11上正向解析配置文件[root@localhost ~]# cat /var/named/zone.jxnxs
$TTL 86400
@IN SOAns.jxnxs.com. hostmaster.jxnxs.com. (
2013110116
21600
3600
604800
86400)
INNSns.jxnxs.com.
nsINA192.168.42.100
mqin1.esbINA192.168.42.11
mqin2.esbINA192.168.42.12
mqin3.esbINA192.168.42.13
mqin4.esbINA192.168.42.14
mqin5.esbINA192.168.42.15
在192.168.42.9/11上反向解析配置文件[root@localhost ~]# cat /var/named/42.168.192.db
$TTL 86400
@IN SOAns.jxnxs.com hostmaster.jxnxs.com. (
2013110116
21600
3600
604800
86400);
INNSns.jxnxs.com.
193INPTRpim3.jxnxs.com.
194INPTRpim4.jxnxs.com.
195INPTRpim5.jxnxs.com.
196INPTRpim6.jxnxs.com.
197INPTRpim7.jxnxs.com.
在192.168.42.9上的keepalived的配置文件如下[root@localhost ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id DNS1
}
vrrp_script chk_named_port {
script "/data/script/named.sh"
interval 2
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 88
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1234
}
track_script {
chk_named_port
}
virtual_ipaddress {
192.168.42.100/24
}
notify_master /data/script/named_stat_change.sh
}
在192.168.42.11上的keepalived的配置文件如下[root@localhost ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id DNS1
}
vrrp_script chk_named_port {
script "/data/script/named.sh"
interval 2
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 88
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 1234
}
track_script {
chk_named_port
}
virtual_ipaddress {
192.168.42.100/24
}
notify_master /data/script/named_stat_change.sh
}
192.168.42.9/11上keepalived状态监测脚本[root@localhost ~]# cat /data/script/named.sh
#!/bin/bash
named_status1=`ps -C named --no-header |wc -l`
if [ $named_status1 -eq 0 ]
then
/etc/init.d/named restart
sleep 2
named_status2=`ps -C named --no-header |wc -l `
if [ $named_status2 -eq 0 ]
then
/etc/init.d/keepalived stop
fi
fi
192.168.42.9/11上keepalived为主时执行的脚本
[root@localhost ~]# cat /data/script/named_stat_change.sh
#!/bin/bash
ping_gateway_status=`ping -c 2 192.168.42.4|grep ttl=|wc -l`
if [ $ping_gateway_status -eq 0 ]
then
/etc/init.d/keepalived stop
else
/etc/init.d/named restart
fi
这是生产环境内网的一套dns+ntp+keeplived高可用实践方案,部署有问题的可以留言
本文介绍了一种在生产环境中实现DNS、NTP及Keepalived高可用性的部署方案。通过配置时间同步服务器、DNS正反向解析及Keepalived主备切换,确保系统的稳定运行。

725

被折叠的 条评论
为什么被折叠?



