DHCP集群-(双机热备、DHCP主从服务器)

avatar
作者
筋斗云
阅读量:0

目录

DHCP双机热备是什么?

什么是高可用性?

一、配置服务器ip

1.查看服务器ip

2.配置服务器ip

二、修改主机名(使用远程终端链接)

三、检查防火墙、selinux状态

四、检测能都ping外网

         五、建立缓存

六、修改本地解析文件

七、时间同步

八、DHCP文件配置

九、虚拟机获取DHCP命令

DHCP双机热备是什么?

DHCP服务器双机热备是一种高可用性的解决方案,旨在确保DHCP服务的连续性和稳定性

双机热备特指基于高可用系统中的两台服务器的热备,这种配置能够在一台服务器出现故障时,自动切换到另一台服务器,从而保证服务的可用性。DHCP服务器双机热备的出现主要是为了解决以下问题:

  • 服务中断问题

    在网络环境中,DHCP服务器负责动态分配IP地址给网络中的设备。如果DHCP服务器发生故障,那么新的设备可能无法获取IP地址,从而导致网络服务中断。双机热备通过部署两台服务器,当主服务器出现故障时,备服务器可以迅速接管服务,确保DHCP服务的连续性。

  • 数据安全性问题

    双机热备不仅提供了服务的冗余,还在一定程度上保护了数据的安全性。在一台服务器出现故障时,另一台服务器上的数据仍然是安全的,这有助于减少数据丢失的风险。

  • 提高系统可靠性

    通过双机热备配置,可以大大提高系统的可靠性。即使在极端情况下,如硬件故障、自然灾害等,也能确保DHCP服务的正常运行。

DHCP服务器双机热备通常分为两种切换方式:

主-备方式(Active-Standby方式)双主机方式(Active-Active方式)

  1. 在主-备方式中,一台服务器处于激活状态(Active),另一台服务器处于备用状态(Standby);

  2. 而在双主机方式中,两台服务器都处于激活状态,但它们可能各自负责不同的服务或数据。

总的来说,DHCP服务器双机热备是一种为了提高DHCP服务的可用性、可靠性和数据安全性而设计的解决方案。

什么是高可用性?

高可用(High Availability,简称HA)是指系统、应用或服务具有高度的可靠性和持续的可操作性,以减少由系统失效带来的影响。高可用性的主要目标是确保系统或服务在面临各种故障时,仍然能够保持其功能和性能,从而减少或避免服务中断。

高可用性的实现通常涉及以下几个方面:

  • 冗余设计

    通过部署多个组件、系统或服务实例来确保即使其中一个或多个实例失败,其他实例仍然可以接管并继续提供服务

    例如,在服务器集群中,可能会有多个服务器运行相同的服务,以便在其中一个服务器故障时,其他服务器可以继续提供服务。

  • 负载均衡

    通过负载均衡技术分散请求到多个服务器或组件上,以平衡负载并避免单点故障

    这有助于确保单个组件的故障不会使整个系统瘫痪。

  • 故障检测和恢复

    高可用系统需要能够快速检测到故障,并自动触发恢复过程

    这可能包括重新启动服务、切换到备用系统或将数据从故障组件迁移到健康组件。

  • 数据备份和恢复

    为了确保数据的完整性和可恢复性,高可用系统通常包括数据备份和恢复策略

    这可以包括定期备份数据、使用RAID技术保护磁盘数据、实施数据复制策略等。

  • 灾难恢复计划

    除了应对日常故障外,高可用系统还需要考虑如何应对自然灾害、人为错误或其他灾难性事件。

    灾难恢复计划通常包括在地理上分散的数据中心和备份设施,以确保在主要设施受到影响时,服务可以从备份设施中恢复。

  • 持续监控和维护

    高可用系统需要持续的监控和维护,以确保所有组件都处于最佳状态。

    这包括定期检查硬件和软件状态、更新和修补系统、监控性能指标等。

在云计算、大数据和分布式系统等领域,高可用性尤为重要,因为这些系统中的任何中断都可能导致重大的业务影响。因此,设计和实施高可用策略是确保这些系统稳定运行的关键。

/* 注(两个集群):        DHCP-master主控制集群(10.18.33.10)        DHCP-backup备用集群(10.18.33.20)  */

一、配置服务器ip

1.查看服务器ip
# all now [root@localhost]# ip a
2.配置服务器ip
# DHCP-maseter  [root@localhost]# cat /etc/sysconfig/network-scripts/ifcfg-ens33 TYPE=Ethernet PROXY_METHOD=none BROWSER_ONLY=no BOOTPROTO=static DEFROUTE=yes IPV4_FAILURE_FATAL=no IPV6INIT=yes IPV6_AUTOCONF=yes IPV6_DEFROUTE=yes IPV6_FAILURE_FATAL=no IPV6_ADDR_GEN_MODE=stable-privacy NAME=ens33 UUID=6dfe0ee1-6242-4fe3-b1b4-ad843af8d49c DEVICE=ens33 ONBOOT=yes IPADDR=10.18.33.10 NETMASK=255.255.255.0 GATEWAY=10.18.33.254 DNS=8.8.8.8 ​ # DHCP-backup [root@localhost]# cat /etc/sysconfig/network-scripts/ifcfg-ens33 TYPE=Ethernet PROXY_METHOD=none BROWSER_ONLY=no BOOTPROTO=static DEFROUTE=yes IPV4_FAILURE_FATAL=no IPV6INIT=yes IPV6_AUTOCONF=yes IPV6_DEFROUTE=yes IPV6_FAILURE_FATAL=no IPV6_ADDR_GEN_MODE=stable-privacy NAME=ens33 UUID=6dfe0ee1-6242-4fe3-b1b4-ad843af8d49c DEVICE=ens33 ONBOOT=yes IPADDR=10.18.33.20 NETMASK=255.255.255.0 GATEWAY=10.18.33.254 DNS=8.8.8.8

二、修改主机名(使用远程终端链接)

# DHCP-maseter  [root@localhost]# hostnamectl set-hostname DHCP-maseter [root@localhost]# hostname [root@localhost]# bash ​ # DHCP-backup [root@localhost]# hostnamectl set-hostname DHCP-backup [root@localhost]# hostname [root@localhost]# bash

三、检查防火墙、selinux状态

# all now(防火墙) [root@DHCP-maseter]# systemctl status firewalld ● firewalld.service - firewalld - dynamic firewall daemon    Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)    Active: active (running) since 日 2024-04-07 22:24:58 CST; 7h left      Docs: man:firewalld(1)  Main PID: 812 (firewalld)    CGroup: /system.slice/firewalld.service            └─812 /usr/bin/python2 -Es /usr/sbin/firewalld --nofork --nopid ​ 4月 07 22:24:58 localhost.localdomain systemd[1]: Starting firewalld - dynamic firewall dae..... 4月 07 22:24:58 localhost.localdomain systemd[1]: Started firewalld - dynamic firewall daemon. 4月 07 22:24:58 localhost.localdomain firewalld[812]: WARNING: AllowZoneDrifting is enabled...w. Hint: Some lines were ellipsized, use -l to show in full. ​ [root@localhost]# systemctl stop firewalld ​ [root@localhost]# systemctl disable firewalld Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service. Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service. ​ ​ # all now(SELinux) [root@DHCP-maseter]# setenforce 0 ​ [root@DHCP-maseter]# cat -n /etc/selinux/config       1      2  # This file controls the state of SELinux on the system.      3  # SELINUX= can take one of these three values:      4  #     enforcing - SELinux security policy is enforced.      5  #     permissive - SELinux prints warnings instead of enforcing.      6  #     disabled - No SELinux policy is loaded.      7  SELINUX=enforcing      8  # SELINUXTYPE= can take one of three values:      9  #     targeted - Targeted processes are protected,     10  #     minimum - Modification of targeted policy. Only selected processes are protected.      11  #     mls - Multi Level Security protection.     12  SELINUXTYPE=targeted      13     14      [root@DHCP-maseter]# sed -i "7s/enforcing/disabled/g" /etc/selinux/config  ​ [root@DHCP-maseter]# cat -n /etc/selinux/config       1      2  # This file controls the state of SELinux on the system.      3  # SELINUX= can take one of these three values:      4  #     enforcing - SELinux security policy is enforced.      5  #     permissive - SELinux prints warnings instead of enforcing.      6  #     disabled - No SELinux policy is loaded.      7  SELINUX=disabled      8  # SELINUXTYPE= can take one of three values:      9  #     targeted - Targeted processes are protected,     10  #     minimum - Modification of targeted policy. Only selected processes are protected.      11  #     mls - Multi Level Security protection.     12  SELINUXTYPE=targeted      13     14

四、检测能都ping外网

# all now [root@DHCP-maseter]# ping -c 2 10.18.33.1 PING 10.18.33.1 (10.18.33.1) 56(84) bytes of data. 64 bytes from 10.18.33.1: icmp_seq=1 ttl=64 time=0.359 ms 64 bytes from 10.18.33.1: icmp_seq=2 ttl=64 time=0.323 ms --- 10.18.33.1 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1000ms rtt min/avg/max/mdev = 0.323/0.341/0.359/0.018 ms ​ [root@DHCP-maseter]# ping -c 2 10.18.33.254 PING 10.18.33.254 (10.18.33.254) 56(84) bytes of data. 64 bytes from 10.18.33.254: icmp_seq=1 ttl=128 time=0.353 ms 64 bytes from 10.18.33.254: icmp_seq=2 ttl=128 time=0.208 ms --- 10.18.33.254 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1000ms ​ [root@DHCP-maseter]# ping -c 2 8.8.8.8 PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data. 64 bytes from 8.8.8.8: icmp_seq=1 ttl=128 time=267 ms 64 bytes from 8.8.8.8: icmp_seq=2 ttl=128 time=986 ms --- 8.8.8.8 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1000ms rtt min/avg/max/mdev = 267.991/627.284/986.578/359.294 ms ​ [root@DHCP-maseter]# ping -c 2 baidu.com PING baidu.com (110.242.68.66) 56(84) bytes of data. 64 bytes from 110.242.68.66 (110.242.68.66): icmp_seq=1 ttl=128 time=182 ms 64 bytes from 110.242.68.66 (110.242.68.66): icmp_seq=2 ttl=128 time=301 ms --- baidu.com ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 2191ms rtt min/avg/max/mdev = 182.404/242.190/301.977/59.788 ms

五、建立缓存

# all now [root@dhcp-maseter ~]# yum update ​ [root@dhcp-maseter ~]# yum clean all && yum makecache && yum repolist 源标识                                      源名称                                        状态 base/7/x86_64                              CentOS-7 - Base                           10,072 extras/7/x86_64                            CentOS-7 - Extras                            526 updates/7/x86_64                           CentOS-7 - Updates                         5,802 repolist: 16,400

六、修改本地解析文件

# all now [root@dhcp-maseter ~]# cp /etc/hosts /etc/host.bak ​ [root@dhcp-maseter ~]# echo "10.18.33.10    dhcp-maseter" >> /etc/hosts [root@dhcp-maseter ~]# echo "10.18.33.20    dhcp-backup" >> /etc/hosts ​ [root@dhcp-maseter ~]# cat /etc/hosts 127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1         localhost localhost.localdomain localhost6 localhost6.localdomain6 10.18.33.10    dhcp-maseter 10.18.33.20    dhcp-backup ​ # 传送给dhcp-backup [root@dhcp-maseter ~]# scp /etc/hosts root@10.18.33.20:/etc/

七、时间同步

# all now [root@dhcp-maseter ~]# yum info ftp*  [root@dhcp-maseter ~]# yum install -y ftp [root@dhcp-maseter ~]# yum install -y vim  [root@dhcp-maseter ~]# cp /etc/chrony.conf /etc/chrony.bak  # dhcp-maseter [root@dhcp-maseter ~]# cat /etc/chrony.conf  # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). server ntp.aliyun.com        iburst # Record the rate at which the system clock gains/losses time. driftfile /var/lib/chrony/drift # Allow the system clock to be stepped in the first three updates # if its offset is larger than 1 second. makestep 1.0 3 # Enable kernel synchronization of the real-time clock (RTC). rtcsync # Enable hardware timestamping on all interfaces that support it. #hwtimestamp * # Increase the minimum number of selectable sources required to adjust # the system clock. #minsources 2 # Allow NTP client access from local network. allow 10.18.33.0/24 # Serve time even if not synchronized to a time source. #local stratum 10 # Specify file containing keys for NTP authentication. #keyfile /etc/chrony.keys # Specify directory for log files. logdir /var/log/chrony # Select which information is logged. #log measurements statistics tracking  # dhcp-backup [root@dhcp-backup ~]# cp /etc/chrony.conf /etc/chrony.bak [root@dhcp-backup ~]# cat /etc/chrony.conf # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). server dhcp-maseter iburst # Record the rate at which the system clock gains/losses time. driftfile /var/lib/chrony/drift # Allow the system clock to be stepped in the first three updates # if its offset is larger than 1 second. makestep 1.0 3 # Enable kernel synchronization of the real-time clock (RTC). rtcsync # Enable hardware timestamping on all interfaces that support it. #hwtimestamp * # Increase the minimum number of selectable sources required to adjust # the system clock. #minsources 2 # Allow NTP client access from local network. #allow 10.18.33.0/24 # Serve time even if not synchronized to a time source. #local stratum 10 # Specify file containing keys for NTP authentication. #keyfile /etc/chrony.keys # Specify directory for log files. logdir /var/log/chrony # Select which information is logged. #log measurements statistics tracking  # all now [root@dhcp-maseter ~]# systemctl restart chronyd [root@dhcp-maseter ~]# systemctl enable chronyd  # dhcp-backup检测结果 [root@dhcp-backup ~]# chronyc sources 210 Number of sources = 1 MS Name/IP address         Stratum Poll Reach LastRx Last sample                =============================================================================== ^* dhcp-maseter                  3   6    17     7    +16us[ +131us] +/-   24ms

八、DHCP文件配置

# all now [root@dhcp-backup ~]# yum install -y dhcp  # all now [root@dhcp-maseter ~]# rpm -qa | grep dhcp dhcp-common-4.2.5-83.el7.centos.1.x86_64 dhcp-4.2.5-83.el7.centos.1.x86_64 dhcp-libs-4.2.5-83.el7.centos.1.x86_64  # all now [root@dhcp-maseter ~]# cp /etc/dhcp/dhcpd.conf /etc/dhcp/dhcpd.bak  # dhcp-maseter [root@dhcp-maseter ~]# cat /etc/dhcp/dhcpd.conf  # DHCP Server Configuration file. #   see /usr/share/doc/dhcp*/dhcpd.conf.example #   see dhcpd.conf(5) man page  #dhcpd.conf # # Sample configuration file for ISC dhcpd #  # dhcp不会自动更新dns服务器 ddns-update-style none; # 默认租约时间。客户机通过DHCP获取IP后,这个IP使用时间是多久。单位秒 default-lease-time 7200; # 最大租约时间。秒 max-lease-time 14400; failover peer "dhcp" {          # 是主服务器还是辅助服务器         primary;         #本地监听failover的IP         address 10.18.33.10;          #本地监听failover的端口         port 520;          #secondary服务器的IP          peer address 10.18.33.20;          #secondary服务的监听端口         peer port 519;               #同步信息最大时间延迟         max-response-delay 10;               #在未收到 PARTNER 回复时,BNDUPD 消息的最多重发次数         max-unacked-updates 10;          #Maximum Client Lead Time. 在灾备方案中,该时间延迟保证 PARTNER 上的 IP 租约已经过期。         #该参数只能定义在主服务器中。         mclt 7200;          #主辅服务器的地址分割,通常是各一半         split 128;           #关于负载均衡的参数           load balance max seconds 3;    }  #DHCP作用域 subnet 10.18.33.0 netmask 255.255.255.0 {      #设置路由器的IP(网关)     option routers 10.18.33.254;        #DNS     option domain-name-servers 8.8.8.8,114.114.114.114;       pool {            failover peer "dhcp";            # 地址池范围           range 10.18.33.30 10.18.33.240;            #failover不支持bootp客户端,必须拒绝           deny dynamic bootp clients;     } #   #指定MAC地址和IP地址的绑定 #   host clevercode{ #       hardware ethernet 00:0C:29:DB:6F; #       # 保留地址必须是range范围内的 #       fixed-address 10.18.33.241; #   } }   # dhcp-lookup [root@dhcp-backup ~]# cat /etc/dhcp/dhcpd.conf   # DHCP Server Configuration file. #   see /usr/share/doc/dhcp*/dhcpd.conf.example #   see dhcpd.conf(5) man page  # dhcpd.conf  #  # Sample configuration file for ISC dhcpd  #    # dhcp会不会自动更新dns服务器  ddns-update-style none;  # 默认租约时间。客户机通过DHCP获取IP后,这个IP使用时间是多久。单位秒  default-lease-time 7200;  # 最大租约时间。分钟  max-lease-time 14400; failover peer "dhcp" {      # 是主服务器还是辅助服务器     secondary;      #本地监听failover的IP     address 10.18.33.20;     #本地监听failover的端口     port 519;      #primary服务器的IP      peer address 10.18.33.10;      #primary服务的监听端口     peer port 520;     #同步信息最大时间延迟     max-response-delay 10;     #在未收到 PARTNER 回复时,BNDUPD 消息的最多重发次数     max-unacked-updates 10;     #关于负载均衡的参数                           load balance max seconds 3;  }  #DHCP作用域 subnet 10.18.33.0 netmask 255.255.255.0 {     #设置路由器的IP(网关)     option routers 10.18.33.254;     #DNS     option domain-name-servers 8.8.8.8,114.114.114.114;     pool {     failover peer "dhcp";     # 地址池范围     range 10.18.33.30 10.18.33.240;     #failover不支持bootp客户端,必须拒绝     deny dynamic bootp clients;     }  #    #指定MAC地址和IP地址的绑定 #      host clevercode{ #          hardware ethernet 00:0C:29:DB:6F; #          # 保留地址必须是range范围内的 #          fixed-address 172.16.159.101; #      } }   # all now [root@dhcp-backup ~]# systemctl restart dhcpd [root@dhcp-backup ~]# systemctl enable dhcpd [root@dhcp-backup ~]# systemctl status dhcpd

九、虚拟机获取DHCP命令

# 创建一台新的虚拟机 [root@localhost]# cat /etc/sysconfig/network-scripts/ifcfg-ens33 TYPE=Ethernet PROXY_METHOD=none BROWSER_ONLY=no BOOTPROTO=dhcp DEFROUTE=yes IPV4_FAILURE_FATAL=no IPV6INIT=yes IPV6_AUTOCONF=yes IPV6_DEFROUTE=yes IPV6_FAILURE_FATAL=no IPV6_ADDR_GEN_MODE=stable-privacy NAME=ens33 UUID=6dfe0ee1-6242-4fe3-b1b4-ad843af8d49c DEVICE=ens33 ONBOOT=yes [root@localhost]# systemctl restart network ​ [root@localhost]# dhclient

广告一刻

为您即时展示最新活动产品广告消息,让您随时掌握产品活动新动态!