lvs+keepalived+dns高可用

1.配置dns相关服务

1.1修改ip地址主机名
dns-master:

hostnamectl hostname lvs-master
nmcli c modify ens160 ipv4.method manual ipv4.addresses 10.10.10.107/24 ipv4.gateway 10.10.10.2 ipv4.dns 223.5.5.5 connection.autoconnect yes
nmcli c up ens160

dns-salve:

hostnamectl hostname lvs-slave
nmcli c modify ens160 ipv4.method manual ipv4.addresses 10.10.10.108/24 ipv4.gateway 10.10.10.2 ipv4.dns 223.5.5.5 connection.autoconnect yes
nmcli c up ens160

1.2配置仓库，下载bind服务

vim /etc/yum.repos.d/yum.repo
[BaseOS]
name=BaseOS
baseurl=/mnt/BaseOS
gpgcheck=0
[AppStream]
name=AppStream
baseurl=/mnt/AppStream
gpgcheck=0

挂载

mount /dev/sr0 /mnt

下载

dnf install bind -y

关闭防火墙和selinux服务

systemctl stop firewalld
setenforce 0

1.3配置dns相关文件
dns-master:

vim /etc/named.conf
options {
	listen-on port 53 { 10.10.10.107;10.10.10.200; };
	directory 	"/var/named";
};


zone "example.com" IN {
	type master;
	file "example.com";
};
vim /var/named/example.com
$TTL    1D
@       IN      SOA  @   amdin.example.com. (0 1D 1H 2H 2D)
        IN      NS      ns1
        IN      NS      ns2
ns1     IN      A       10.10.10.107
ns2     IN      A       10.10.10.108
www     IN      A       10.10.10.200

启动服务并测试:

systemctl start named
dig -t A www.example.com @10.10.10.107
dig -t ns example.com @10.10.10.107

[root@dns-master ~]# dig -t ns example.com @10.10.10.107

; <<>> DiG 9.16.23-RH <<>> -t ns example.com @10.10.10.107 ;; global
options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status:
NOERROR, id: 14914 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2,
AUTHORITY: 0, ADDITIONAL: 3

;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ; COOKIE:
f8f87f0c77258da70100000067fa038f37c0baa6b48666c1 (good) ;; QUESTION
SECTION: ;example.com. IN NS

;; ANSWER SECTION: example.com. 86400 IN NS ns1.example.com.
example.com. 86400 IN NS ns2.example.com.

;; ADDITIONAL SECTION: ns1.example.com. 86400 IN A 10.10.10.107
ns2.example.com. 86400 IN A 10.10.10.108

;; Query time: 0 msec ;; SERVER: 10.10.10.107#53(10.10.10.107) ;;
WHEN: Sat Apr 12 14:09:19 CST 2025 ;; MSG SIZE rcvd: 136
[root@dns-master ~]# dig -t A www.example.com @10.10.10.107

; <<>> DiG 9.16.23-RH <<>> -t A www.example.com @10.10.10.107 ;;
global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY,
status: NOERROR, id: 41021 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1,
AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ; COOKIE:
915f2990163d16460100000067fa03b5ec98879ed99ed361 (good) ;; QUESTION
SECTION: ;www.example.com. IN A

;; ANSWER SECTION: www.example.com. 86400 IN A 10.10.10.200

;; Query time: 0 msec ;; SERVER: 10.10.10.107#53(10.10.10.107) ;;
WHEN: Sat Apr 12 14:09:57 CST 2025 ;; MSG SIZE rcvd: 88

dns-slave:

vim /etc/named.conf
options {
	listen-on port 53 { 10.10.10.108 ;10.10.10.200 ; };
	directory 	"/var/named";
};


zone "example.com" IN {
	type slave;
	file "slaves/example.com";
	masters {10.10.10.107 ;};
};

2.配置web相关服务

2.1修改ip地址和主机名

web01:

hostnamectl hostname web01
nmcli c modify ens160 ipv4.method manual ipv4.addresses 10.10.10.201/24 ipv4.gateway 10.10.10.2 ipv4.dns "10.10.10.107 10.10.10.108" connection.autoconnect yes
nmcli c up ens160

web02:

hostnamectl hostname web02
nmcli c modify ens160 ipv4.method manual ipv4.addresses 10.10.10.202/24 ipv4.gateway 10.10.10.2 ipv4.dns "10.10.10.107 10.10.10.108" connection.autoconnect yes
nmcli c up ens160

web03:

hostnamectl hostname web03
nmcli c modify ens160 ipv4.method manual ipv4.addresses 10.10.10.203/24 ipv4.gateway 10.10.10.2 ipv4.dns "10.10.10.107 10.10.10.108" connection.autoconnect yes
nmcli c up ens160

2.2配置仓库，下载nginx服务

vim /etc/yum.repos.d/yum.repo
[BaseOS]
name=BaseOS
baseurl=/mnt/BaseOS
gpgcheck=0
[AppStream]
name=AppStream
baseurl=/mnt/AppStream
gpgcheck=0

挂载

mount /dev/sr0 /mnt

下载

dnf install nginx -y

关闭防火墙和selinux服务

systemctl stop firewalld
setenforce 0

1.3配置dns相关文件
web01:

vim /etc/nginx/conf.d/web.conf
server{
	server_name www.example.com;
	listen 80;
	root /usr/share/nginx/html/index.html;
}
echo $(hostname) - $(hostname -I) > /usr/share/nginx/html/index.html

web02:

vim /etc/nginx/conf.d/web.conf
server{
	server_name www.example.com;
	listen 80;
	root /usr/share/nginx/html/index.html;
}
echo $(hostname) - $(hostname -I) > /usr/share/nginx/html/index.html

web03:

vim /etc/nginx/conf.d/web.conf
server{
	server_name www.example.com;
	listen 80;
	root /usr/share/nginx/html/index.html;
}
echo $(hostname) - $(hostname -I) > /usr/share/nginx/html/index.html

修改dns

nmcli c modify ens160 ipv4.dns 10.10.10.100

开启和测试nginx服务

systemctl start nginx
curl localhost

[root@web01 ~]# curl localhost web01 - 10.10.10.201 [root@web02 ~]#
curl localhost web01 - 10.10.10.202 [root@web03 ~]# curl localhost
web01 - 10.10.10.203

3.配置lvs相关服务

3.1修改ip地址和主机名

lb-master:

hostnamectl hostname lb-master
nmcli c modify ens160 ipv4.method manual ipv4.addresses 10.10.10.105/24 ipv4.gateway 10.10.10.2 ipv4.dns 223.5.5.5 connection.autoconnect yes
nmcli c up ens160

lb-salve:

hostnamectl hostname lb-salve
nmcli c modify ens160 ipv4.method manual ipv4.addresses 10.10.10.106/24 ipv4.gateway 10.10.10.2 ipv4.dns 223.5.5.5 connection.autoconnect yes
nmcli c up ens160

3.2配置仓库，下载keepalived ipvsadm服务

vim /etc/yum.repos.d/yum.repo
[BaseOS]
name=BaseOS
baseurl=/mnt/BaseOS
gpgcheck=0
[AppStream]
name=AppStream
baseurl=/mnt/AppStream
gpgcheck=0

挂载

mount /dev/sr0 /mnt

下载

dnf install keepalived ipvsadm -y

关闭防火墙和selinux服务

systemctl stop firewalld
setenforce 0

3.3配置keepalived相关文件
lb-master:

vim /etc/keeailved;keepalived.conf
! Configuration File for keepalived

global_defs {
   router_id LVS_MASTER
}

vrrp_instance VI_1 {
    state MASTER
    interface ens160
    virtual_router_id 51
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        10.10.10.100
    }
}

vrrp_instance VI_2 {
    state BACKUP
    interface ens160
    virtual_router_id 50
    priority 80
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        10.10.10.200
    }
}
virtual_server 10.10.10.100 53 {
    delay_loop 6
    lb_algo rr
    lb_kind NAT
    persistence_timeout 10
    protocol UDP

    real_server 10.10.10.107 53 {
        weight 1
        MISC_CHECK {
            connect_timeout 3
	      misc_path "/etc/keepalived/checkdns.sh -h 10.10.10.107 txt.example.com"
        }
    }
    real_server 10.10.10.108 53 {
        weight 1
        MISC_CHECK {
            connect_timeout 3
	      misc_path "/etc/keepalived/checkdns.sh -h 10.10.10.108 txt.example.com"
        }
    }
}

virtual_server 10.10.10.200 80 {
    delay_loop 6
    lb_algo wrr
    lb_kind DR
    persistence_timeout 10
    protocol TCP

    real_server 10.10.10.201 80 {
        weight 3
        TCP_CHECK {
            connect_timeout 3
            retry 3
            delay_before_retry 3
        }
    }
    real_server 10.10.10.202 80 {
        weight 1
        TCP_CHECK {
            connect_timeout 3
            retry 3
            delay_before_retry 3
        }
    }
    real_server 10.10.10.203 80 {
        weight 1
        TCP_CHECK {
            connect_timeout 3
            retry 3
            delay_before_retry 3
        }
    }
}

lb-slave:

vim  /etc/keepalived/keepalived.conf 
! Configuration File for keepalived

global_defs {
   router_id LVS_BACKUP
}

vrrp_instance VI_1 {
    state BACKUP
    interface ens160
    virtual_router_id 51
    priority 80
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        10.10.10.100
    }
}

vrrp_instance VI_2 {
    state MASTER
    interface ens160
    virtual_router_id 50
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        10.10.10.200
    }
}
virtual_server 10.10.10.100 53 {
    delay_loop 6
    lb_algo rr
    lb_kind NAT
    persistence_timeout 10
    protocol UDP

    real_server 10.10.10.107 53 {
        weight 1
        MISC_CHECK {
            connect_timeout 3
	      misc_path "/etc/keepalived/checkdns.sh -h 10.10.10.107 txt.example.com"
        }
    }
    real_server 10.10.10.108 53 {
        weight 1
        MISC_CHECK {
            connect_timeout 3
	      misc_path "/etc/keepalived/checkdns.sh -h 10.10.10.108 txt.example.com"
        }
    }
}

virtual_server 10.10.10.200 80 {
    delay_loop 6
    lb_algo wrr
    lb_kind DR
    persistence_timeout 10
    protocol TCP

    real_server 10.10.10.201 80 {
        weight 3
        TCP_CHECK {
            connect_timeout 3
            retry 3
            delay_before_retry 3
        }
    }
    real_server 10.10.10.202 80 {
        weight 1
        TCP_CHECK {
            connect_timeout 3
            retry 3
            delay_before_retry 3
        }
    }
    real_server 10.10.10.203 80 {
        weight 1
        TCP_CHECK {
            connect_timeout 3
            retry 3
            delay_before_retry 3
        }
    }
}

3.4编写执行的脚本

vim /etc/keepalived/checkdns.sh
#!/bin/bash
[ $# -le 2 ] && { echo "usage: $0 -h <ip>"; exit 2; }
domain=$3
while getopts "h:" OPT; do
      case $OPT in
              h)
                       host=$OPTARG
                      ;;
              *)
                       echo "usage: $0 -h <ip>" && exit 1
                      ;;
       esac
done
dig @${host} txt ${domain} +time=1 | grep "\<AaBbCcDdEeFf\>" >
/dev/null
exit $?
chmod a+x /etc/keepalived/checkdns.sh

3.5启动服务

systemctl start keepalived ipvsadm

查看lvs规则

ipvsadm -ln

4.修改web的dns增加ip

nmcli c modify ens160 ipv4.dns 10.10.10.100
nmcli c modify ens160 up
ifconfig lo:0 10.10.10.200 netmask 255.255.255.255
route add -host 10.10.10.200 dev lo:0

5.增加dns路由

ifconfig lo:0 10.10.10.100 netmask 255.255.255.255
route add -host 10.10.10.100 dev lo:0

6.测试