4
rh358 003 ansible部署双网卡绑定 DNS原理 bind正向解析 - supermao12
source link: https://www.cnblogs.com/supermao12/p/16653423.html
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
双网卡绑定
绑定多张网卡成为逻辑口,从而实现链路冗余,以及数据流量的负载均衡
1.创建team口
[root@servera ~]# nmcli connection add type team con-name team0 ifname team0 team.runner activebackup ipv4.method manual ipv4.address 192.168.0.200/24
Connection 'team0' (3eb2f94e-3653-4aa2-a3f1-0826a02b26d1) successfully added.
创建了链接
[root@servera ~]# nmcli connection show
NAME UUID TYPE DEVICE
team0 e4a115a2-5444-4d16-975b-5d1fc62a2503 team team0
创建了链接配置文件
[root@servera ~]# cat /etc/sysconfig/network-scripts/ifcfg-team0
TEAM_CONFIG="{ \"runner\": { \"name\": \"activebackup\" } }"
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=dhcp
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=team0
UUID=e4a115a2-5444-4d16-975b-5d1fc62a2503
DEVICE=team0
ONBOOT=yes
DEVICETYPE=Team
[root@servera ~]#
创建了team0设备
[root@servera ~]# nmcli device
DEVICE TYPE STATE CONNECTION
eth0 ethernet connected Wired connection 1
eth1 ethernet connected eth1
team0 team [connecting (getting IP configuration)] team0
team逻辑口一直无法获取dhcp,那么他会自动消失
如果是manual则无视此问题
也可以使用modify修改 team0
2.把物理网卡加入team中
建议删除网卡关联的旧链接
[root@servera ~]# nmcli connection delete 'Wired connection 2'
Connection 'Wired connection 2' (8f9a19e2-d15a-3772-b71d-320159e6753d) successfully deleted.
[root@servera ~]# nmcli connection delete 'eth1'
Connection 'eth1' (1e60e42a-10e8-4a27-ba92-c5698ae322c1) successfully deleted.
[root@servera ~]#
添加新链接,绑定逻辑接口
[root@servera ~]# nmcli connection add type ethernet slave-type team con-name eth1 ifname eth1 master team0
Connection 'eth1' (17ef3f96-7b48-42a4-a0bd-11341eaec928) successfully added.
[root@servera ~]# nmcli connection add type ethernet slave-type team con-name eth2 ifname eth2 master team0
Connection 'eth2' (18fc1852-1b11-4f98-89a1-fb898f5e6bb2) successfully added.
[root@servera ~]#
[root@servera ~]# nmcli connection show
NAME UUID TYPE DEVICE
mqy bffa0efd-a0c4-40c6-ad27-ff42ccd5dc1c ethernet eth1
team0 e4a115a2-5444-4d16-975b-5d1fc62a2503 team team0
Wired connection 1 4ae4bb9e-8f2d-3774-95f8-868d74edcc3c ethernet eth0
eth2 18fc1852-1b11-4f98-89a1-fb898f5e6bb2 ethernet eth2
eth1 17ef3f96-7b48-42a4-a0bd-11341eaec928 ethernet --
[root@servera ~]# nmcli device
DEVICE TYPE STATE CONNECTION
eth0 ethernet connected Wired connection 1
team0 team connected team0
eth1 ethernet connected eth1
eth2 ethernet connected eth2
如果team0无ip地址,则使用nmcli connection down 然后 up
7: team0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 52:54:00:02:fa:0a brd ff:ff:ff:ff:ff:ff
inet 192.168.0.200/24 brd 192.168.0.255 scope global noprefixroute team0
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel [master team0 state UP] group default qlen 1000
link/ether 52:54:00:02:fa:0a brd ff:ff:ff:ff:ff:ff
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel [master team0 state UP] group default qlen 1000
需要注意几个点
物理网卡不需要配置ip地址,所有的ip地址都在team口配置
只有当物理接口存在up的情况下team口才会up
3.查看team配置网络信息
查看team信息
[root@servera ~]# teamdctl team0 state
setup:
runner: activebackup
ports:
eth1
link watches:
link summary: up
instance[link_watch_0]:
name: ethtool 使用ethtool来监控
link: up
down count: 0
eth2
link watches:
link summary: up
instance[link_watch_0]:
name: ethtool
link: up
down count: 0
runner:
active port: eth1
查看配置信息
[root@servera ~]# teamdctl team0 config dump
{
"device": "team0",
"mcast_rejoin": {
"count": 1
},
"notify_peers": {
"count": 1
},
"ports": {
"eth1": {
"link_watch": {
"name": "ethtool"
}
},
"eth2": {
"link_watch": {
"name": "ethtool"
}
}
},
"runner": {
"name": "activebackup"
}
}
[root@servera ~]#
team0 config dump noport#不要接口信息
直接查看接口状态
[root@servera ~]# teamnl team0 ports
4: eth2: up 4294967295Mbit FD
3: eth1: up 4294967295Mbit FD
team口的网卡配置文件
[root@servera ~]# cat /etc/sysconfig/network-scripts/ifcfg-team0
TEAM_CONFIG="{ \"runner\": { \"name\": \"activebackup\" } }"
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=none
IPADDR=192.168.0.200
PREFIX=24
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=team0
UUID=3eb2f94e-3653-4aa2-a3f1-0826a02b26d1
DEVICE=team0
ONBOOT=yes
DEVICETYPE=Team
[root@servera ~]#
[root@servera ~]# teamdctl team0 config dump > t1.json
[root@servera ~]# vi t1.json
"runner": {
"name": "roundrobin"
}
}
[root@servera ~]# nmcli connection modify team0 team.config t1.json
[root@servera ~]# cat /etc/sysconfig/network-scripts/ifcfg-team0
TEAM_CONFIG=$'{\n \"device\": \"team0\",\n \"mcast_rejoin\": {\n \"count\": 1\n },\n \"notify_peers\": {\n \"count\": 1\n },\n \"ports\": {\n \"eth1\": {\n \"link_watch\": {\n \"name\": \"ethtool\"\n }\n },\n \"eth2\": {\n \"link_watch\": {\n \"name\": \"ethtool\"\n }\n }\n },\n \"runner\": {\n \"name\": \"roundrobin\"\n }\n}\n'
PROXY_METHOD=none
第二种改法
[root@servera ~]# nmcli connection modify team0 team.runner activebackup
[root@servera ~]# nmcli connection up team0
Connection successfully activated (master waiting for slaves) (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/27)
[root@servera ~]#
[root@servera ~]# teamdctl team0 config dump
{
"device": "team0",
"mcast_rejoin": {
"count": 1
},
"notify_peers": {
"count": 1
},
"ports": {
"eth1": {
"link_watch": {
"name": "ethtool"
}
},
"eth2": {
"link_watch": {
"name": "ethtool"
}
}
},
"runner": {
"name": "activebackup"
}
}
无论如何都得 nmcli connection up team0 来打开team0,去读取配置文件
利用ansible
使用系统role提供正确的变量,就可以完成任务
[student@workstation ~]$ lab netlink-automation start
Starting netlink-automation exercise.
· Create Ansible project directory............................ SUCCESS
· Download Ansible configuration.............................. SUCCESS
· Download Ansible inventory.................................. SUCCESS
· Configuring eth1 network interface on serverd............... SUCCESS
[student@workstation ~]$
肯定需要这个角色包
[student@workstation ~]$ sudo yum -y install rhel-system-roles
准备剧本
[student@workstation ~]$ ll
total 0
drwxr-xr-x. 2 student student 42 Sep 3 22:10 netlink-automation
drwxr-xr-x. 2 student student 42 Aug 29 08:02 servicemgmt-automation
[student@workstation ~]$ cd netlink-automation/
[student@workstation netlink-automation]$ ls
ansible.cfg inventory
[student@workstation netlink-automation]$ ansible-galaxy list
# /usr/share/ansible/roles
- linux-system-roles.kdump, (unknown version)
- linux-system-roles.network, (unknown version)
- linux-system-roles.postfix, (unknown version)
- linux-system-roles.selinux, (unknown version)
- linux-system-roles.storage, (unknown version)
- linux-system-roles.timesync, (unknown version)
[root@servera ~]# nmcli device
DEVICE TYPE STATE CONNECTION
eth0 ethernet connected Wired connection 1
team0 team connected team0
eth1 ethernet connected eth1
eth2 ethernet connected eth2
[root@servera ~]# teamdctl team0 config dump
{
"device": "team0",
"ports": {
"eth1": {
"link_watch": {
"name": "ethtool"
}
},
"eth2": {
"link_watch": {
"name": "ethtool"
}
}
},
"runner": {
"name": "roundrobin"
}
}
[root@servera ~]#
此角色无更改runner的功能,继续更改playbook
[root@servera ~]# teamdctl team0 config dump
{
"device": "team0",
"mcast_rejoin": {
"count": 1
},
"notify_peers": {
"count": 1
},
"ports": {
"eth1": {
"link_watch": {
"name": "ethtool"
}
},
"eth2": {
"link_watch": {
"name": "ethtool"
}
}
},
"runner": {
"name": "activebackup"
}
}
[root@servera ~]#
但是这无法体现幂等性,最后三条command总会重复执行,没有意义。增加判断条件
第一个is not defined 首先判断这个接口是否存在,不存在执行roles
第二个not in 判断这个是否有activebackup 有则改,无则跳过
反复执行不会有多余的操作
bond比team更适应交换机
管理DNS
DNS的层级结构
树状结构
.代表根域-->每个域都有对应的DNS服务器:域名->IP
根域服务器: 13台 (iPv4)
根域下面就是二级子域 .com .cn .net .edu .gov 域名
举个例子
lab.example.com(三级)是example.com(二级)的子域
example.com是.com(一级)的子域
fqdn:完全合格名称 --> ip (能被dns解析)
主机名得与fqdn区分
DNS服务器到底保存了什么内容
1: DNS服务器:到底保存了什么内容,DNS的工作原理
lab.example.com<域名> DNSserver Servera
1> 授权的子域,以及子域的DNS服务
ocp4.lab.example.com<域名>是lab.example.com的子域
master01.ocp4.lab.example.com <serverb.lab.example >
你必须在lab.example.com 的DNS服务器配置ocp4.lab.example.com 的DNS服务器在serverb.lab.example.com.
也就是上级域,必须要有下级域名的DNS服务器
2> 该域下所有的FQDN的解析也成为区域配置文件
servera.lab.example.com 172.25.250.10
serverb.lab.example.com 172.25.250.11
3> 根域服务器的IP地址
DNS解析过程分为: 一个是递归
这是在没有DNS缓存服务器的情况下,去找根域。很麻烦
有缓存服务器的情况下就不需要找根域,更有效率
实验:通过bind实现正向,反向,转发,主从,各种资源记录 (未完结)
1> 安装软件包: serverb
[root@serverb ~]# yum install -y bind
2> 修改配置文件
[root@serverb ~]# vim /etc/named.conf 配置文件路径
//代表注释
options {
// listen-on port 53 { 127.0.0.1; };监听的端口是53:
DNS既监听UDP53还有TCP53,TCP53端口用于主从同步用的UDP53用于查询的
listen-on port 53 { 172.25.250.11;127.0.0.1; };
directory "/var/named"; 类似于定于了一个/目录,数据文件都放哪里
dump-file "/var/named/data/cache_dump.db";备份文件
statistics-file "/var/named/data/named_stats.txt"; 统计
memstatistics-file "/var/named/data/named_mem_stats.txt";
secroots-file "/var/named/data/named.secroots";
recursing-file "/var/named/data/named.recursing";
// allow-query { localhost; }; 允许谁来查寻
allow-query { 172.25.250.0/24; };
recursion yes; 是否允许递归查询。如果你的DNS服务仅仅是解析自己域内FQDN,则不需要递归,如果需要解析其他域内的FQDN则需要配置递归,设置为YES
dnssec-enable no;
dnssec-validation no; 有关安全的 秘钥之类
logging {
channel default_debug {
file "data/named.run";->/var/named/data/named.run
severity dynamic; #日志路径
};
};
3> 配置区域配置文件zone...区域配置文件,指定的是该域内所有资源解析的文件FQND-->ip (重点,fqdn的对应关系)
分为正向解析区域配置文件,反向解析区域配置文件
正向区域配置文件:
zone "." IN {
type hint;
file "named.ca";
};
根域地址
zone "example.com" IN {
type master ;
file "example.com"; 该域:example.com的区域配置文件在/var/named/example.com
};
4> 准备这个区域配置文件
[root@serverb ~]# cp /var/named/named.empty /var/named/example.com
[root@serverb ~]# chown root:named /var/named/example.com 属组一定要是这个named这个组
[root@serverb ~]# chmod 640 /var/named/example.com
[root@serverb ~]# ll -lZ /var/named/example.com
-rw-r-----. 1 root named unconfined_u:object_r:named_zone_t:s0 152 Sep 3 19:40 /var/named/example.com
[root@serverb ~]# vim /var/named/example.com
$TTL 3H # 缓存时间 # @代表本域(example.com) # SOA 记录表示此域名的权威解析服务器地址 从域名到ip记录称之为A记录 soa后面是管理者邮箱 root后面不能是@
@ IN SOA serverb.example.com. root.serverb.example.com. (
0 ; serial [改了配置文件这个数字+1 就可以同步]
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS serverb.example.com.
servera IN A 172.25.250.10
serverb IN A 172.25.250.11
serverc IN A 172.25.250.12
serverd IN A 172.25.250.13
kevin IN CNAME serverc
5>启动服务,开放防火墙
[root@serverb ~]# systemctl enable --now named.service
[root@serverb ~]#
[root@serverb ~]# firewall-cmd --permanent --add-port=53/tcp
success
[root@serverb ~]# firewall-cmd --permanent --add-port=53/udp
success
[root@serverb ~]# firewall-cmd --reload
6> 登录servera
[root@servera ~]# cat /etc/resolv.conf
# Generated by NetworkManager
search lab.example.com example.com
nameserver 172.25.250.11
[root@servera ~]# ping kevin
PING serverc.example.com (172.25.250.12) 56(84) bytes of data.
64 bytes from serverc.lab.example.com (172.25.250.12): icmp_seq=1 ttl=64 time=0.728 ms
64 bytes from serverc.lab.example.com (172.25.250.12): icmp_seq=2 ttl=64 time=0.733 ms
^C
[root@servera ~]# ping servera.example.com
PING servera.example.com (172.25.250.10) 56(84) bytes of data.
64 bytes from servera.lab.example.com (172.25.250.10): icmp_seq=1 ttl=64 time=0.026 ms
64 bytes from servera.lab.example.com (172.25.250.10): icmp_seq=2 ttl=64 time=0.046 ms
^C
--- servera.example.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 26ms
rtt min/avg/max/mdev = 0.026/0.036/0.046/0.010 ms
[root@servera ~]# ping serverb.example.com
PING serverb.example.com (172.25.250.11) 56(84) bytes of data.
64 bytes from serverb.lab.example.com (172.25.250.11): icmp_seq=1 ttl=64 time=0.744 ms
64 bytes from serverb.lab.example.com (172.25.250.11): icmp_seq=2 ttl=64 time=0.693 ms
^C
--- serverb.example.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 51ms
rtt min/avg/max/mdev = 0.693/0.718/0.744/0.037 ms
[root@servera ~]# ping serverc.example.com
PING serverc.example.com (172.25.250.12) 56(84) bytes of data.
64 bytes from serverc.lab.example.com (172.25.250.12): icmp_seq=1 ttl=64 time=1.66 ms
64 bytes from serverc.lab.example.com (172.25.250.12): icmp_seq=2 ttl=64 time=2.88 ms
^C
Recommend
-
96
Linux 7 网卡绑定
-
37
Linux双网卡绑定脚本linux运维及配置工作中,常常会用到双网卡绑定,少数几台服务器的配置还好,如果是需要配置几十甚至上百台,难免会枯燥乏味,易于出错,我编写了这个双网卡绑定的辅助脚本,可傻瓜式地完成linux双网卡绑定工作,当然,该脚本主要还是用于小批量...
-
29
多网卡绑定“Bonding”和“nmcli的网络组NetworkTeaming”二者实现的功能一样,但从某种角度,网络组要比Bonding的技术要好网络接口配置:Bonding将多块网卡绑定同一IP地址对外提供服务,可以实现高可用或者负载均衡。直接给两块网卡设置同一IP地址是不可以的。通过bon...
-
17
bonding七种网卡绑定模式详解 2016-03-09 09:50:00 按ip+port哈希可能会比较好 mode=2 miimon=100 xmit_hash_policy=1
-
7
Linux 双网卡绑定实践工作中主要以 SuSE 为主,网络作为整个高可用架构中最重要的环节之一,在物理上一般是双网卡绑定模式,通常使用默认的 mode=1(active-backup) 作为主备关系。在最近测试大数据的生产服务器中,考虑到性能优先,所以将绑定模式...
-
10
RHEL7 Teaming 网卡绑定实践为了提高网络容错或吞吐量,一般服务器都会采取多网卡绑定的策略,在 RHEL6 中使用的是 Bonding,而 RHEL7 提供了一项新的实现技术 Teaming,具体原理和对比列表大家可以参考扩展阅读中的 RedHat 官方博客...
-
10
ceph 005 赋权补充 rbd块映射 我的ceph版本
-
12
358 rhel7 ce ansible 部署服务 dhcp nginx vanish haproxy 打印机服务 服务管理自动化 systemd与systemctl systemctl 来管理systemd的对象(unit单元)...
-
6
rh358 002 fact变量获取 ansible配置网络 service_facts ...
-
5
file 模块 管理被控端文件 回显为绿色则,未变更,符合要求 黄色则改变 红色则报错
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK