Article Directory
Linux cloud computing architecture-build a DHCP server
1. Working principle of DHCP server
1.1 DHCP server concept
DHCP (Dynamic Host Configuration Protocol), that is, dynamic host configuration protocol. It is a network protocol of a local area network and works with UDP protocol.
DHCP is a C/S mode. The DHCP server and client need to maintain communication. DHCP is based on the UDP protocol. Both parties may actively initiate communication to each other, so it is necessary to monitor the server and client ports.
The composition of DHCP:
①DHCP server, running dhcp service, based on UDP protocol, listening port 67 [centralized management of all IP addresses]
②DHCP client, running dhcp program, based on UDP protocol, listening port 68 [host using IP address]
The role of DHCP service:
①Automatically assign IP addresses to facilitate management.
②At the same time, an IP address is leased to only one host.
③The DHCP administrator can restrict the designated computer to use a specific IP address.
④The client does not need to reset the IP address when switching between different subnets, and the original assigned IP address can be obtained by automatic acquisition.
Disadvantages of DHCP service:
①When there are multiple DHCP servers in the network, it is impossible to find out the IP addresses leased by other servers.
②The DHCP server cannot communicate with clients across routers unless the router allows bootp protocol forwarding. [The IP address of the DHCP server is generally an IP address in the subnet]
1.2 Topology diagram of DHCP working principle
Analysis of the working principle of DHCP:
①The client sends DHCP discovery to all hosts in the network by broadcast, with the source address being 0.0.0.0 and the destination address being 255.255.255.255. When the DHCP server receives this data packet and finds that the destination address is 255.255.255.255, the DHCP server will know that this data packet is sent to itself and will send a response offer to the client. [DHCP client discovery stage]
② Each DHCP server will send an offer to the DHCP client. This offer contains an IP address that is not leased in the DHCP server and other setting information. [DHCP server provisioning stage]
③ The DHCP client chooses the first offer, rejects other offers, and sends a DHCP request in a broadcast manner to notify all DHCP servers which DHCP server the client has selected. [DHCP client confirmation stage]
④ When the DHCP server receives the request from the client, the DHCP server will send the DHCP ack confirmation message to the DHCP client, which contains the provided IP address and other setting information. At this time, the DHCP client The end will bind the TCP/IP protocol and the network card. The rejected offer will be recycled by other DHCP servers. [DHCP server confirmation]
⑤ When the DHCP client switches back to the LAN from another network, it does not need to send DHCP discovery to the server, but sends a request containing the last assigned IP address to the DHCP server. If the original IP address can continue to be used, the DHCP server will send an ack confirmation message to the client. If it cannot continue to be used, the DHCP server will send a "nack" message to the client. At this time, the DHCP client must send a DHCP discovery to the DHCP server. [Reuse DHCP client IP]
⑥The IP address acquired by the DHCP client has a lease. After the lease expires, the DHCP server will reclaim this IP address. If the DHCP client wants to continue to use this IP address, it must renew the lease when the lease has not expired. Generally, when the lease is halfway through, the DHCP client will send a DHCP renew message to renew the lease. [DHCP client renews the lease in advance]
⑦ There are three opportunities to renew the lease. The DHCP client can initiate a lease renewal using 50%. If the lease renewal fails, it can initiate another lease at 75% of the time. The lease renewal is still unsuccessful. The lease can be renewed for the last time at 87.5%. If the client still fails to renew the lease, the server will reclaim the IP address after it expires. At this time, the DHCP client must send a DHCP discovery to the DHCP server. [The DHCP client fails to renew the lease 3 times]
2. Deploy the DHCP server
2.1 Install dhcp service
# rpm包安装
[root@server ~]# ll /media/cdrom/Packages/dhc*
-rw-rw-r--. 1 root root 290904 5月 16 2018 /media/cdrom/Packages/dhclient-4.2.5-68.el7.centos.1.x86_64.rpm # dhcp客户端
-rw-rw-r--. 1 root root 525688 5月 16 2018 /media/cdrom/Packages/dhcp-4.2.5-68.el7.centos.1.x86_64.rpm # dhcp服务端
-rw-rw-r--. 1 root root 179036 5月 16 2018 /media/cdrom/Packages/dhcp-common-4.2.5-68.el7.centos.1.x86_64.rpm # dhcp服务端和dhcp客户端所需的一些文件
-rw-rw-r--. 1 root root 134604 5月 16 2018 /media/cdrom/Packages/dhcp-libs-4.2.5-68.el7.centos.1.x86_64.rpm #dhcp库文件
# yum安装dhcp
[root@server ~]# yum install dhcp -y
# 查看dhcp服务的配置文件
[root@server ~]# ll /etc/dhcp/dhcpd.conf
-rw-r--r--. 1 root root 117 5月 15 2018 /etc/dhcp/dhcpd.conf
[root@server ~]# cat /etc/dhcp/dhcpd.conf
#
# DHCP Server Configuration file.
# see /usr/share/doc/dhcp*/dhcpd.conf.example
# see dhcpd.conf(5) man page
# 提示dhcp配置文件有模板文件,复制一份替换掉原来的配置文件
[root@server ~]# ll /usr/share/doc/dhcp*/dhcpd.conf.example
-rw-r--r--. 1 root root 3262 11月 20 2012 /usr/share/doc/dhcp-4.2.5/dhcpd.conf.example
[root@server ~]# cp /usr/share/doc/dhcp*/dhcpd.conf.example /etc/dhcp/dhcpd.conf
cp:是否覆盖"/etc/dhcp/dhcpd.conf"? y
# 此时开启dhcpd服务,会报错,原因是没有配置一个静态的IP地址。
# 在后面实战环节会讲解。
[root@server ~]# systemctl start dhcpd
Job for dhcpd.service failed because the control process exited with error code. See "systemctl status dhcpd.service" and "journalctl -xe" for details.
2.2 Detailed explanation of dhcp configuration file
Each item ends with a semicolon;
# 区域1:dhcp的工作属性
# 全局配置参数
default-lease-time 600; # 默认超时时间,单位秒
max-lease-time 7200; # 最大超时时间,单位秒
ddns-update-style none; # 配置DHCP-DNS动态更新模式。none(不支持动态更新)、interim (互动更新模式)、ad-hoc(特殊更新模式)
ignore client-updates; # 忽略客户端,仅服务端使用DHCP-DNS互动更新模式
authoritative; # 当获取一个不是DHCP分配的IP地址时,服务器会直接拒绝,客户端会重新发送IP请求获得新的IP地址。
log-facility local7; # 日志级别,定义情况可查看syslog.conf
# 区域2:全局地址分配属性,可在子网中使用。
option domain-name "example.org"; # 定义全局DNS服务器域名
option domain-name-servers ns1.example.org, ns2.example.org; # 定义全局DNS服务器地址
option routers 网关地址; # 定义全局网关地址
# 区域3:子网设置
# 子网设置的优先级高于全局设置
# 网络号192.168.10.0
# 网络号的最后一位是0
subnet 网络号 netmask 子网掩码 {
range 开始IP地址 结束IP地址; #指定动态IP地址池
option domain-name-servers DNS服务器IP地址; # DNS服务器地址
option domain-name "DNS域名"; # DNS域名
option routers 网关地址; # 定义子网内的网关地址
option broadcast-address 广播地址; # 定义子网内的广播地址
default-lease-time 600; # IP租期,单位秒
max-lease-time 7200; # 最长IP租期,单位秒
}
# 区域4:为特定的主机绑定IP地址
host specify_host {
hardware ethernet 0:0:c0:5d:bd:95; # 网卡类型及MAC地址
fixed-address 192.168.10.10 # 固定IP地址
filename "vmunix.passacaglia"; # 启动文件的名称
server-name "toccata.fugue.com"; # DHCP服务器主机名
}
Lease database file : A file that /var/lib/dhcpd/dhcpd.leases
stores all lease contents, including the client's host name, MAC address, assigned IP address, and IP address validity period.
# 刚装完dhcp,这是一个空文件。
[root@server ~]# cat /var/lib/dhcpd/dhcpd.leases
# The format of this file is documented in the dhcpd.leases(5) manual page.
# This lease file was written by isc-dhcp-4.2.5
3. DHCP server combat
3.1 The client obtains a dynamic IP address
Environmental preparation:
①Static IP address of dhcp server: 192.168.10.10
②Static IP of dhcp client is not specified ③Client
can assign address pool: 192.168.10.100-192.168.10.200 ④Network
number: 192.168.10.0 Subnet mask: 255.255.255.0 Gateway Address: 192.168.10.1
⑤DNS address: 192.168.10.1 DNS domain name: abong.com
The IP address range of a Class C subnet is 192.168.10.0-192.168.10.255, 0 is the network number, 1 is the gateway address, and 255 is the broadcast address, so there are only 253 assignable addresses left.
# ifconfig查看网卡信息
# 外网动态IP地址:192.168.8.168
# 内网静态IP地址:192.168.10.10
ens32: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.8.168 netmask 255.255.255.0 broadcast 192.168.8.255
inet6 fe80::a0e4:d97e:42bb:abc prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:eb:d7:24 txqueuelen 1000 (Ethernet)
RX packets 147 bytes 12296 (12.0 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 240 bytes 26631 (26.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ens34: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.10.10 netmask 255.255.255.0 broadcast 192.168.10.255
inet6 fe80::7e7a:d044:3b13:af7a prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:eb:d7:2e txqueuelen 1000 (Ethernet)
RX packets 267 bytes 42862 (41.8 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 195 bytes 20069 (19.5 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
# 修改dhcp配置文件
# 这里默认按照上述方法安装了dhcp服务
# 每一项以分号;结束
[root@server ~]# echo "" > /etc/dhcp/dhcpd.conf
[root@server ~]# vim /etc/dhcp/dhcpd.conf
subnet 192.168.10.0 netmask 255.255.255.0 {
range 192.168.10.100 192.168.10.200;
option domain-name-servers 192.168.10.1;
option domain-name "abong.cn";
option routers 192.168.10.1;
option broadcast-address 192.168.10.255;
default-lease-time 600;
max-lease-time 7200;
}
# 这时可以看到已经可以启动了。不会报错。
[root@server ~]# systemctl start dhcpd
# 设置开机自启
[root@server ~]# systemctl enable dhcpd
Created symlink from /etc/systemd/system/multi-user.target.wants/dhcpd.service to /usr/lib/systemd/system/dhcpd.service.
# 通过查看DHCP服务器日志,可以看到192.168.10.100已经被分配了。
# 经排查,原来是在启动DHCP服务器时,本地主机就已经自动获取了这个IP地址了。
# 即IP地址的分配也是从100开始的,按顺序分配。
[root@server ~]# cat /var/log/messages
Aug 10 21:33:51 server dhcpd: DHCPDISCOVER from 00:50:56:c0:00:01 via ens34
Aug 10 21:33:52 server dhcpd: DHCPOFFER on 192.168.10.100 to 00:50:56:c0:00:01 (PC-20190412YQOZ) via ens34
Aug 10 21:33:52 server dhcpd: DHCPREQUEST for 192.168.10.100 (192.168.10.10) from 00:50:56:c0:00:01 (PC-20190412YQOZ) via ens34
Aug 10 21:33:52 server dhcpd: DHCPACK on 192.168.10.100 to 00:50:56:c0:00:01 (PC-20190412YQOZ) via ens34
# 客户端设置dhcp方式获取IP地址
# 重启网络服务,可以看到客户端已经获取到了一个IP地址:192.168.10.101
# 192.168.10.100已经被本地主机获取了。
[root@client ~]# systemctl restart network
[root@client ~]# ifconfig ens32
ens32: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.10.101 netmask 255.255.255.0 broadcast 192.168.10.255
inet6 fe80::6d23:d37e:e25f:78a5 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:c4:74:30 txqueuelen 1000 (Ethernet)
RX packets 677 bytes 50809 (49.6 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 311 bytes 26087 (25.4 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
# 查看日志也是分配的192.168.10.101
[root@server ~]# cat /var/log/messages
Aug 10 21:37:43 server dhcpd: DHCPDISCOVER from 00:0c:29:c4:74:30 via ens34
Aug 10 21:37:44 server dhcpd: DHCPOFFER on 192.168.10.101 to 00:0c:29:c4:74:30 (rs_server1) via ens34
Aug 10 21:37:44 server dhcpd: DHCPREQUEST for 192.168.10.101 (192.168.10.10) from 00:0c:29:c4:74:30 (rs_server1) via ens34
Aug 10 21:37:44 server dhcpd: DHCPACK on 192.168.10.101 to 00:0c:29:c4:74:30 (rs_server1) via ens34
# 查看下客户端的路由
[root@client ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.10.1 0.0.0.0 UG 100 0 0 ens32
192.168.10.0 0.0.0.0 255.255.255.0 U 100 0 0 ens32
192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0
# 查看下客户端的DNS
[root@client ~]# cat /etc/resolv.conf
# Generated by NetworkManager
search abong.cn
nameserver 192.168.10.1
# 客户端再次重启网络服务,由于是动态获取IP地址的,IP地址会改变。
3.2 The client assigns a static IP address
# 修改dhcp服务器配置文件
# 指定静态IP地址为192.168.10.240
# 每一项以分号;结束
[root@server ~]# vim /etc/dhcp/dhcpd.conf
subnet 192.168.10.0 netmask 255.255.255.0 {
range 192.168.10.100 192.168.10.200;
option domain-name-servers 192.168.10.1;
option domain-name "abong.cn";
option routers 192.168.10.1;
option broadcast-address 192.168.10.255;
default-lease-time 600;
max-lease-time 7200;
host client {
hardware ethernet 00:0c:29:c4:74:30;
fixed-address 192.168.10.240;
}
}
[root@server ~]# systemctl restart dhcpd
# 重启客户端网络服务
# 可以看到客户端获取的IP地址为192.168.10.240
[root@client ~]# systemctl restart network
[root@client ~]# ifconfig ens32
ens32: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.10.240 netmask 255.255.255.0 broadcast 192.168.10.255
inet6 fe80::6d23:d37e:e25f:78a5 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:c4:74:30 txqueuelen 1000 (Ethernet)
RX packets 1695 bytes 118401 (115.6 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 656 bytes 56307 (54.9 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
4. Use network time service NTP to synchronize server time
Different servers may directly have time deviations, which has a great impact in the production environment.
# 设置系统时间
root@server ~]# date -s '20200811 17:12:00'
2020年 08月 11日 星期二 17:12:00 CST
# 查看系统时间
[root@server ~]# date
2020年 08月 11日 星期二 17:12:27 CST
# 查看硬件时间
[root@server ~]# hwclock
2020年08月11日 星期二 17时14分15秒 -0.128429 秒
# 可以看到系统时间和硬件时间还是相差挺大的,这对其他服务来说影响很大。
① Use ntpdate command to synchronize
# 安装ntpdate命令
[root@server ~]# yum install ntpdate -y
# 查看ntpdate命令的位置
[root@server ~]# which ntpdate
/usr/sbin/ntpdate
[root@server ~]# ll /usr/sbin/ntpdate
-rwxr-xr-x. 1 root root 110240 4月 13 2018 /usr/sbin/ntpdate
# ntp1.aliyun.com 阿里云的网络时间同步服务器
# 同步阿里云的时间,这里的同步仅仅是系统时间的同步。
[root@server ~]# ntpdate ntp1.aliyun.com
11 Aug 17:19:11 ntpdate[18123]: step time server 120.25.115.20 offset 101.877082 sec
[root@server ~]# date
2020年 08月 11日 星期二 17:19:14 CST
[root@server ~]# hwclock
2020年08月11日 星期二 17时19分18秒 -0.711273 秒
# 开启硬件时间的同步
# 修改SYNC_HWCLOCK为yes即可。
[root@server ~]# cat /etc/sysconfig/ntpdate
# Options for ntpdate
OPTIONS="-p 2"
# Set to 'yes' to sync hw clock after successful ntpdate
SYNC_HWCLOCK=no
# 设置定时任务,每天凌晨1点同步时间。
[root@server ~]# crontab -e
* 1 * * * /usr/sbin/ntpdate ntp1.aliyun.com
# 扩展
ntpdate -d ntp1.aliyun.com # 检查时间同步过程是否正常
hwclock -w # 同步系统时间到硬件时间
hwclock -r # 查看硬件时间
②Use ntp service to synchronize time
# 安装ntp服务,开启并加入到开机自启
[root@server ~]# yum install ntp -y
[root@server ~]# systemctl start chronyd
[root@server ~]# systemctl enable chronyd
# 修改配置文件,同步阿里云的时间
# 在这里可以使用多台网络时间同步服务器(NTP服务器)
[root@server ~]# vim /etc/chrony.conf
3 server ntp1.aliyun.com iburst
#重启ntp服务,即可生效。
[root@server ~]# systemctl restart chronyd