在CentOS 7上使用动态DNS配置DHCP故障转移
时间:2020-03-21 11:42:28 来源:igfitidea点击:
我们将使用动态DNS设置DHCP故障转移。
本文是KVM,Katelo和Puppet系列测试环境项目的一部分。
测试环境
我们安装了两个要配置的CentOS 7(最小)服务器,如下所示:
admin1.hl.local(10.11.1.2)将配置为DHCP主服务器
admin2.hl.local(10.11.1.3)将配置为DHCP从属服务器
两台服务器都将SELinux设置为强制模式。
软件
本文使用的软件:
- CentOS 7
- DHCP 4.2
配置主DHCP服务器
安装和防火墙
安装软件包并确保已启用该服务:
[admin1]# yum install dhcp [admin1]# systemctl enable dhcpd
配置防火墙以允许DHCP通信(我们使用iptables):
[admin1]# iptables -A INPUT -p udp -m state --state NEW -m udp --dport 67 -j ACCEPT
允许来自admin2的DHCP对等方通信:
[admin1]# -A INPUT -s 10.11.1.3/32 -p tcp -m state --state NEW -m tcp --dport 647 -j ACCEPT
主dhcpd.conf配置
打开文件“ /etc/dhcp/dhcpd.conf”并按照以下说明进行配置。
请注意,必须在主服务器上定义参数mclt(最大客户端提前期),但不能在从属服务器上定义。
参数split是另一个参数,应在主数据库上定义,而从辅助数据库的配置中省略。
值得注意的是,故障转移节点之间的通信既未加密也未经过身份验证。
failover peer "failover-dhcp" {
primary; # This defines the master
address 10.11.1.2;
port 647;
peer address 10.11.1.3;
peer port 647;
max-response-delay 60;
max-unacked-updates 10;
mclt 3600;
split 128; # 128 is balanced; use 255 if primary is 100% responsible until failure
load balance max seconds 3;
}
authoritative;
allow booting;
allow bootp;
next-server 10.11.1.4; # Katello TFTP
filename "pxelinux.0";
default-lease-time 86400; # 1 day
max-lease-time 86400; # 1 day
ddns-update-style interim;
update-static-leases on;
one-lease-per-client on;
# We generated the rndc-key when setting up DNS servers
key "rndc-key" {
algorithm hmac-md5;
secret "T0+1uWvaiKLkhWutTNhsGvLw7m4CXbjHr+3CrDwQP5ZMNHeRSvghg2XxQvT3uGVwNle9oMvBEcjB+4GEPDK1Qg==";
};
# We created zones when setting up DNS servers
zone 1.11.10.in-addr.arpa {
primary 10.11.1.2;
key "rndc-key";
}
zone hl.local {
primary 10.11.1.2;
key "rndc-key";
}
subnet 10.11.1.0 netmask 255.255.255.0 {
option subnet-mask 255.255.255.0;
option broadcast-address 10.11.1.255;
option routers 10.11.1.1;
option domain-name-servers dns1.hl.local, dns2.hl.local;
option domain-search "hl.local";
pool {
failover peer "failover-dhcp";
range 10.11.1.40 10.11.1.59;
}
}
# DHCP leases for PXE boot
host ldap1 {
hardware ethernet 00:22:FF:00:00:11;
fixed-address 10.11.1.11;
option host-name "ldap1.hl.local";
}
host ldap2 {
hardware ethernet 00:22:FF:00:00:12;
fixed-address 10.11.1.12;
option host-name "ldap2.hl.local";
}
host monitoring {
hardware ethernet 00:22:FF:00:00:13;
fixed-address 10.11.1.13;
option host-name "monitoring.hl.local";
}
host syslog {
hardware ethernet 00:22:FF:00:00:14;
fixed-address 10.11.1.14;
option host-name "syslog.hl.local";
}
host storage1 {
hardware ethernet 00:22:FF:00:00:15;
fixed-address 10.11.1.15;
option host-name "storage1.hl.local";
}
host storage2 {
hardware ethernet 00:22:FF:00:00:16;
fixed-address 10.11.1.16;
option host-name "storage2.hl.local";
}
host db1 {
hardware ethernet 00:22:FF:00:00:17;
fixed-address 10.11.1.17;
option host-name "db1.hl.local";
}
host db2 {
hardware ethernet 00:22:FF:00:00:18;
fixed-address 10.11.1.18;
option host-name "db2.hl.local";
}
host proxy1 {
hardware ethernet 00:22:FF:00:00:19;
fixed-address 10.11.1.19;
option host-name "proxy1.hl.local";
}
host proxy2 {
hardware ethernet 00:22:FF:00:00:20;
fixed-address 10.11.1.20;
option host-name "proxy2.hl.local";
}
host web1 {
hardware ethernet 00:22:FF:00:00:21;
fixed-address 10.11.1.21;
option host-name "web1.hl.local";
}
host web2 {
hardware ethernet 00:22:FF:00:00:22;
fixed-address 10.11.1.22;
option host-name "web2.hl.local";
}
host backup {
hardware ethernet 00:22:FF:00:00:23;
fixed-address 10.11.1.23;
option host-name "backup.hl.local";
}
通过明文rndc-key加强文件权限:
[admin1]# chmod 0600 /etc/dhcp/dhcpd.conf
测试配置文件:
[admin1]# dhcpd -t -cf /etc/dhcp/dhcpd.conf
重新启动服务:
[admin1]# systemctl restart dhcpd
检查租约:
[admin1]# tail /var/lib/dhcpd/dhcpd.leases
配置从属DHCP服务器
安装和防火墙
此部分与主服务器相同。
安装软件包并确保已启用该服务:
[admin2]# yum install dhcp [admin2]# systemctl enable dhcpd
配置防火墙以允许DHCP通信(我们使用iptables):
[admin2]# iptables -A INPUT -p udp -m state --state NEW -m udp --dport 67 -j ACCEPT
允许来自admin1的DHCP对等方通信:
[admin2]# -A INPUT -s 10.11.1.2/32 -p tcp -m state --state NEW -m tcp --dport 647 -j ACCEPT
从属dhcpd.conf配置
打开文件“ /etc/dhcp/dhcpd.conf”并配置以下内容:
failover peer "failover-dhcp" {
secondary; # This defines the slave
address 10.11.1.3;
port 647;
peer address 10.11.1.2;
peer port 647;
max-response-delay 60;
max-unacked-updates 10;
load balance max seconds 3;
}
authoritative;
allow booting;
allow bootp;
next-server 10.11.1.4; # Katello TFTP
filename "pxelinux.0";
default-lease-time 86400; # 1 day
max-lease-time 86400; # 1 day
ddns-update-style interim;
update-static-leases on;
one-lease-per-client on;
# We generated the rndc-key when setting up DNS servers
key "rndc-key" {
algorithm hmac-md5;
secret "T0+1uWvaiKLkhWutTNhsGvLw7m4CXbjHr+3CrDwQP5ZMNHeRSvghg2XxQvT3uGVwNle9oMvBEcjB+4GEPDK1Qg==";
};
# We created zones when setting up DNS servers
zone 1.11.10.in-addr.arpa {
primary 10.11.1.2;
key "rndc-key";
}
zone hl.local {
primary 10.11.1.2;
key "rndc-key";
}
subnet 10.11.1.0 netmask 255.255.255.0 {
option subnet-mask 255.255.255.0;
option broadcast-address 10.11.1.255;
option routers 10.11.1.1;
option domain-name-servers dns1.hl.local, dns2.hl.local;
option domain-search "hl.local";
pool {
failover peer "failover-dhcp";
range 10.11.1.40 10.11.1.59;
}
}
# DHCP leases for PXE boot
host ldap1 {
hardware ethernet 00:22:FF:00:00:11;
fixed-address 10.11.1.11;
option host-name "ldap1.hl.local";
}
host ldap2 {
hardware ethernet 00:22:FF:00:00:12;
fixed-address 10.11.1.12;
option host-name "ldap2.hl.local";
}
host monitoring {
hardware ethernet 00:22:FF:00:00:13;
fixed-address 10.11.1.13;
option host-name "monitoring.hl.local";
}
host syslog {
hardware ethernet 00:22:FF:00:00:14;
fixed-address 10.11.1.14;
option host-name "syslog.hl.local";
}
host storage1 {
hardware ethernet 00:22:FF:00:00:15;
fixed-address 10.11.1.15;
option host-name "storage1.hl.local";
}
host storage2 {
hardware ethernet 00:22:FF:00:00:16;
fixed-address 10.11.1.16;
option host-name "storage2.hl.local";
}
host db1 {
hardware ethernet 00:22:FF:00:00:17;
fixed-address 10.11.1.17;
option host-name "db1.hl.local";
}
host db2 {
hardware ethernet 00:22:FF:00:00:18;
fixed-address 10.11.1.18;
option host-name "db2.hl.local";
}
host proxy1 {
hardware ethernet 00:22:FF:00:00:19;
fixed-address 10.11.1.19;
option host-name "proxy1.hl.local";
}
host proxy2 {
hardware ethernet 00:22:FF:00:00:20;
fixed-address 10.11.1.20;
option host-name "proxy2.hl.local";
}
host web1 {
hardware ethernet 00:22:FF:00:00:21;
fixed-address 10.11.1.21;
option host-name "web1.hl.local";
}
host web2 {
hardware ethernet 00:22:FF:00:00:22;
fixed-address 10.11.1.22;
option host-name "web2.hl.local";
}
host backup {
hardware ethernet 00:22:FF:00:00:23;
fixed-address 10.11.1.23;
option host-name "backup.hl.local";
}
通过明文rndc-key加强文件权限:
[admin2]# chmod 0600 /etc/dhcp/dhcpd.conf
重新启动服务:
[admin2]# systemctl restart dhcpd
