高可用dns的搭建:
整体思路:搭建一个三主的dns服务器
使用Keepalive作为地址漂移的工具,Nginx作为负载均衡工具
在keepalive上对nginx进行探活,如果nginx挂掉,降低本机优先级,让出vip
0.安装dns服务
0.1 安装软件
yum install dnsmasq -y
0.2.修改resolv.conf namesever为127.0.0.1
vi /etc/resolv.conf
# Generated by NetworkManager
#search openstacklocal
#nameserver 114.114.114.114
nameserver 127.0.0.1 //将自己的名字解析服务器指向自己
0.3.启动服务,开机自启动
systemctl start dnsmasq.service
systemctl enable dnsmasq.service
0.4.配置上游服务器
vi /etc/resolv.dnsmasq.conf
nameserver 114.114.114.114
0.5.配置内部地址
vi /etc/dnsmasq.hosts
172.17.17.10 test.com
0.6.修改/etc/dnsmasq.conf
port = 30053
resolv-file=/etc/resolv.dnsmasq.conf //会从这个文件中寻找上游dns服务器
strict-order //去掉前面的#
addn-hosts=/etc/dnsmasq.hosts //在这个目录里面ip和域名dnsmasq
listen-address=127.0.0.1,172.18.19.214,172.18.19.217 //监听地址,172.18.19.214 是本机的ip地址,注意这里虚ip也要加进去,不然主节点无法访问;
0.6.重启dns服务
systemctl restart dnsmasq.service
0.7.验证
dig @172.18.19.214 test.com -p 30053
dig @172.18.19.215 test.com -p 30053
dig @172.18.19.216 test.com -p 30053
1.nginx的安装
1.1安装配套工具:
版本:nginx-1.20.1
yum -y install gcc gcc-c++ autoconf automake
yum -y install redhat-rpm-config.noarch
yum -y install pcre-devel
yum -y install openssl openssl-devel
yum -y install libxml2 libxml2-dev
yum -y install libxslt-devel
yum -y install gd-devel
yum -y install perl-devel perl-ExtUtils-Embed
yum -y install gperftools
1.2.编译链接
./configure --prefix=/usr/share/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --http-client-body-temp-path=/var/lib/nginx/tmp/client_body --http-proxy-temp-path=/var/lib/nginx/tmp/proxy --http-fastcgi-temp-path=/var/lib/nginx/tmp/fastcgi --http-uwsgi-temp-path=/var/lib/nginx/tmp/uwsgi --http-scgi-temp-path=/var/lib/nginx/tmp/scgi --pid-path=/run/nginx.pid --lock-path=/run/lock/subsys/nginx --user=nginx --group=nginx --with-compat --with-debug --with-file-aio --with-google_perftools_module --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_degradation_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module=dynamic --with-http_mp4_module --with-http_perl_module=dynamic --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-http_xslt_module=dynamic --with-mail=dynamic --with-mail_ssl_module --with-pcre --with-pcre-jit --with-stream=dynamic --with-stream_ssl_module --with-stream_ssl_preread_module --with-threads --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic' --with-ld-opt='-Wl,-z,relro -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,-E' --with-stream
make -j4
make install
1.3.设置开机自启动
配置:
cat /usr/lib/systemd/system/nginx.service
[Unit]
Description=The nginx HTTP and reverse proxy server
After=network-online.target remote-fs.target nss-lookup.target
Wants=network-online.target
[Service]
Type=forking
PIDFile=/run/nginx.pid
# Nginx will fail to start if /run/nginx.pid already exists but has the wrong
# SELinux context. This might happen when running `nginx -t` from the cmdline.
# https://bugzilla.redhat.com/show_bug.cgi?id=1268621
ExecStartPre=/usr/bin/rm -f /run/nginx.pid
ExecStartPre=/usr/sbin/nginx -t
ExecStart=/usr/sbin/nginx
ExecReload=/usr/sbin/nginx -s reload
KillSignal=SIGQUIT
TimeoutStopSec=5
KillMode=process
PrivateTmp=true
[Install]
WantedBy=multi-user.target
=====================================
systemctl enable nginx.service
systemctl daemon-reload
=====================================
1.4.增加用户
useradd -s /sbin/nologin -M nginx
mkdir -pv /var/lib/nginx/tmp/client_body
1.5.nginx 负载均衡配置:
# For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/
#user nginx;
#worker_processes auto;
#error_log /var/log/nginx/error.log;
#pid /run/nginx.pid;
#
## Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
#include /usr/share/nginx/modules/*.conf;
worker_processes 4;
events {
worker_connections 1024;
}
stream {
upstream cecdns {
server 172.18.19.214:30053 weight=1 max_fails=2 fail_timeout=600s;
server 172.18.19.215:30053 weight=1 max_fails=2 fail_timeout=600s;
server 172.18.19.216:30053 weight=1 max_fails=2 fail_timeout=600s;
}
server {
listen 53 udp;
proxy_connect_timeout 1s;
proxy_timeout 10s;
proxy_pass cecdns;
#proxy_pass 172.18.19.214:53;
}
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 4096;
include /etc/nginx/mime.types;
default_type application/octet-stream;
#ssl on;
#ssl_prefer_server_ciphers on;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
server {
listen 80;
listen [::]:80;
server_name _;
root /usr/share/nginx/html;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
error_page 404 /404.html;
location = /404.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
include /etc/nginx/conf.d/*.conf;
}
1.6.健康检测
upstream cecdns {
server 172.18.19.214:30053 weight=1 max_fails=2 fail_timeout=600s;
server 172.18.19.215:30053 weight=1 max_fails=2 fail_timeout=600s;
server 172.18.19.216:30053 weight=1 max_fails=2 fail_timeout=600s;
}
1.7.启动nginx
systemctl start nginx
1.8.测试
dig @172.18.19.216 test.com -p 53
在/etc/dnsmasq.hosts中将test.com配置成不同的ip,每次dig解析出来的ip是不同的,说明就是成功了
2.keepalive安装
yum -y install keepalived.x86_64
systemctl enable keepalived.service //开机自启动
2.1.配置文件
抢占式配置:
主节点:
global_defs {
router_id LVS_DEVEL
script_user root
enable_script_security
}
vrrp_script chk_apiserver {
script "/etc/keepalived/check_apiserver.sh"
interval 5 //每5秒检测一次
weight -5 //检测失败优先级减5
fall 3 //检测3次失败才算真正失败
rise 1 //检测一次成功就算成功,但不增大优先级
}
vrrp_instance VI_1 {
state MASTER
interface eth0
mcast_src_ip 172.18.19.214
virtual_router_id 161 //router_id 如果与其他集群冲突,会有报错,keepalive用route_id来标识集群
priority 101
advert_int 2
authentication {
auth_type PASS
auth_pass K8SHA_KA_AUTH
}
virtual_ipaddress {
172.18.19.217
}
track_script {
chk_apiserver
}
}
从节点1:
global_defs {
router_id LVS_DEVEL
script_user root
enable_script_security
}
vrrp_script chk_apiserver {
script "/etc/keepalived/check_apiserver.sh"
interval 5
weight -5
fall 3
rise 1
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
mcast_src_ip 172.18.19.215
virtual_router_id 161
priority 100
advert_int 2
authentication {
auth_type PASS
auth_pass K8SHA_KA_AUTH
}
virtual_ipaddress {
172.18.19.217
}
track_script {
chk_apiserver
}
}
从节点2:
global_defs {
router_id LVS_DEVEL
script_user root
enable_script_security
}
vrrp_script chk_apiserver {
script "/etc/keepalived/check_apiserver.sh"
interval 5
weight -5
fall 2
rise 1
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
mcast_src_ip 172.18.19.215
virtual_router_id 161
priority 100
advert_int 2
authentication {
auth_type PASS
auth_pass K8SHA_KA_AUTH
}
virtual_ipaddress {
172.18.19.217
}
track_script {
chk_apiserver
}
}
2.2.健康检测脚本
基本思路:
检测失败降低节点优先级
#!/bin/bash
Test=`ps -C nginx --no-header |wc -l`
if [ $Test -eq 0 ];then
echo "no exitst" >> /home/test
date >>/home/test
exit 1
fi
整体测试:
while :; do dig @172.18.19.217 test.com -p 53 ; sleep 0.01 ; done