如何在Centos 5.1上设置DHCP故障转移
版本1.0.0
作者:Andrew Colin Kissa <andrew [at] topdog [dot] za [dot] net>
介绍
本教程将引导您使用默认的ISC dhcp服务器在CentOS 5.1上设置DHCP故障切换,这可以轻松适应任何其他Linux发行版。 在无法容忍网络停机时间的环境中,最有可能需要Failover。 我的家正在运行DLNA设置 ,所以我需要我的设备能够随时获取网络参数。
由于DHCP和DNS经常携手合作,我将配置一个本地DNS服务器,允许动态更新,以便在向客户端授予租约时,主机名将自动更新为DNS。
我的配置使用以下请替代,以反映您自己的网络。
- 域名 - home.topdog-software.com
- 网络 - 192.168.1.0/24
- DHCP服务器 - 192.168.1.2,192.168.1.3
- 网关 - 192.168.1.254
- DNS服务器 - 192.168.1.2,192.168.1.3
安装所需的软件包
- DHCP
# yum install dhcp -y
- DNS
# yum install bind bind-chroot caching-nameserver -y
- NTP
# yum install ntp -y
组态
DHCP
在Master 192.168.1.2上备份您的原始配置:
# cp /etc/dhcpd.conf /etc/dhcpd.conf.orig
编辑主机192.168.1.2上的DHCP配置/etc/dhcpd.conf ,并添加以下内容,阅读注释以了解选项:
authoritative; # server is authoritative
option domain-name "home.topdog-software.com"; # the domain name issued
option domain-name-servers 192.168.1.2,192.168.1.3; # name servers issued
option netbios-name-servers 192.168.1.2; # netbios servers
allow booting; # allow for booting over the network
allow bootp; # allow for booting
next-server 192.168.1.2; # TFTP server for booting
filename "pxelinux.0"; # kernel for network booting
ddns-update-style interim; # setup dynamic DNS updates
ddns-updates on;
ddns-domainname "home.topdog-software.com"; # domain name for DDNS updates
key rndckey {
algorithm hmac-md5;
secret "xxxxxxxxxx"; # get from the /etc/rndc.key file
}
zone home.topdog-software.com # forward zone to update
{
primary 127.0.0.1; # update on the local machine
key rndckey; # key to use for the update
}
zone 1.168.192.in-addr.arpa # reverse zone to update
{
primary 127.0.0.1; # update on the local machine
key rndckey; # key for update
}
failover peer "home-net" { # fail over configuration
primary; # This is the primary
address 192.168.1.2; # primarys ip address
port 647;
peer address 192.168.1.3; # peer's ip address
peer port 647;
max-response-delay 60;
max-unacked-updates 10;
mclt 3600;
split 128;
load balance max seconds 3;
}
subnet 192.168.1.0 netmask 255.255.255.0 # zone to issue addresses from
{
pool {
failover peer "home-net"; # pool for dhcp leases with failover bootp not allowed
deny dynamic bootp clients;
option routers 192.168.1.254;
range 192.168.1.25 192.168.1.50;
}
pool { # accomodate our bootp clients here no replication and failover
option routers 192.168.1.254;
range 192.168.1.51 192.168.1.55;
}
allow unknown-clients;
ignore client-updates;
}
在从属192.168.1.3上备份您的原始配置:
# cp /etc/dhcpd.conf /etc/dhcpd.conf.orig
在从站192.168.1.3上编辑DHCP配置/etc/dhcpd.conf ,并添加以下内容,阅读注释以了解选项:
authoritative; # server is authoritative
option domain-name "home.topdog-software.com"; # the domain name issued
option domain-name-servers 192.168.1.2,192.168.1.3; # name servers issued
option netbios-name-servers 192.168.1.2; # netbios servers
allow booting; # allow for booting over the network
allow bootp; # allow for booting
next-server 192.168.1.2; # TFTP server for booting
filename "pxelinux.0"; # kernel for network booting
ddns-update-style interim; # setup dynamic DNS updates
ddns-updates on;
ddns-domainname "home.topdog-software.com"; # domain name for DDNS updates
key rndckey {
algorithm hmac-md5;
secret "xxxxxxxxxx"; # get from the /etc/rndc.key file on the master
}
zone home.topdog-software.com # forward zone to update
{
primary 192.168.1.2; # update on the local machine
key rndckey; # key to use for the update
}
zone 1.168.192.in-addr.arpa # reverse zone to update
{
primary 192.168.1.2; # update on the local machine
key rndckey; # key for update
}
failover peer "home-net" { # fail over configuration
secondary; # This is the secondary
address 192.168.1.3; # our ip address
port 647;
peer address 192.168.1.2; # primary's ip address
peer port 647;
max-response-delay 60;
max-unacked-updates 10;
mclt 3600;
load balance max seconds 3;
}
subnet 192.168.1.0 netmask 255.255.255.0 # zone to issue addresses from
{
pool {
failover peer "home-net"; # pool for dhcp leases with failover bootp not allowed
deny dynamic bootp clients;
option routers 192.168.1.254;
range 192.168.1.25 192.168.1.50;
}
pool { # accomodate our bootp clients here no replication and failover
option routers 192.168.1.254;
range 192.168.1.51 192.168.1.55;
}
allow unknown-clients;
ignore client-updates;
}
DNS
备份主设备上的绑定配置:
# cp /var/named/chroot/etc/named.caching-nameserver.conf /var/named/chroot/etc/named.caching-nameserver.conf.orig
编辑配置以反映下面的配置。
options {
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
query-source port 53;
query-source-v6 port 53;
allow-query { localhost; localnets; };
};
include "/etc/rndc.key";
include "/etc/named.rfc1912.zones";
zone "home.topdog-software.com" {
type master;
file "data/home.topdog-software.com.hosts";
allow-transfer { 192.168.1.3; };
allow-update { key "rndckey"; };
allow-query { any; };
};
zone "1.168.192.in-addr.arpa" {
type master;
file "data/1.168.192.in-addr.arpa.hosts";
allow-transfer { 192.168.1.3; };
allow-update { key "rndckey"; };
allow-query { any; };
};
备份从站上的绑定配置:
# cp /var/named/chroot/etc/named.caching-nameserver.conf /var/named/chroot/etc/named.caching-nameserver.conf.orig
编辑配置以反映下面的配置。
options {
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
query-source port 53;
query-source-v6 port 53;
allow-query { localhost; localnets; };
};
include "/etc/rndc.key";
include "/etc/named.rfc1912.zones";
zone "home.topdog-software.com" {
type slave;
masters { 192.168.1.2; };
file "data/home.topdog-software.com.hosts";
};
zone "1.168.192.in-addr.arpa" {
type slave;
masters { 192.168.1.2; };
file "data/1.168.192.in-addr.arpa.hosts";
};
在主机上创建区域文件
-
/var/named/chroot/var/named/data/home.topdog-software.com.hosts$ORIGIN . $TTL 38400 home.topdog-software.com IN SOA ns1.home.topdog-software.com. andrew.topdog.za.net. ( 2008061629 ; serial 10800 ; refresh (3 hours) 3600 ; retry (1 hour) 604800 ; expire (1 week) 38400 ; minimum (10 hours 40 minutes) ) NS ns1.home.topdog-software.com. NS ns2.home.topdog-software.com. ns1 IN A 192.168.1.2 ns2 IN A 192.168.1.3 -
/var/named/chroot/var/named/data/1.168.192.in-addr.arpa.hosts$ORIGIN . $TTL 38400 ; 10 hours 40 minutes 1.168.192.in-addr.arpa IN SOA ns1.home.topdog-software.com. andrew.topdog.za.net. ( 2008061644 ; serial 10800 ; refresh (3 hours) 3600 ; retry (1 hour) 604800 ; expire (1 week) 38400 ; minimum (10 hours 40 minutes) ) NS ns1.home.topdog-software.com. NS ns2.home.topdog-software.com. 2 IN PTR ns1.home.topdog-software.com. 3 IN PTR ns2.home.topdog-software.com.
NTP
需要NTP,因为两台DHCP服务器需要同步才能进行故障切换以及DDNS。 您可以运行一个完整的NTP服务器,如果你愿意,我将只提供使用cron将NTP每秒钟同步到外部NTP服务器的指令。 您需要在BOTH服务器上执行此操作。
- 创建一个文件
/etc/cron.hourly/timesync并添加以下内容:#!/bin/bash # ntpdate -s 0.rhel.pool.ntp.org
- 使文件可执行并首次运行:
# /etc/cron.hourly/timesync
最后
我们完成了,让我们开始服务并开始测试。
- 主人:
# service named start
# service dhcpd start - 在Minion身上
# service named start
# service dhcpd start
您应该在主人的日志中看到以下内容:
Jun 16 13:58:56 kudusoft dhcpd: failover peer home-net: I move from recover to startup Jun 16 13:58:56 kudusoft dhcpd: dhcpd startup succeeded Jun 16 13:58:56 kudusoft dhcpd: failover peer home-net: I move from startup to recover Jun 16 13:59:12 kudusoft dhcpd: failover peer home-net: peer moves from unknown-state to recover Jun 16 13:59:12 kudusoft dhcpd: failover peer home-net: requesting full update from peer Jun 16 13:59:12 kudusoft dhcpd: Sent update request all message to home-net Jun 16 13:59:12 kudusoft dhcpd: failover peer home-net: peer moves from recover to recover Jun 16 13:59:12 kudusoft dhcpd: failover peer home-net: requesting full update from peer Jun 16 13:59:12 kudusoft dhcpd: Update request all from home-net: sending update Jun 16 13:59:12 kudusoft dhcpd: failover peer home-net: peer update completed. Jun 16 13:59:12 kudusoft dhcpd: failover peer home-net: I move from recover to recover-done Jun 16 13:59:13 kudusoft dhcpd: Sent update done message to home-net Jun 16 13:59:13 kudusoft dhcpd: failover peer home-net: peer moves from recover to recover-done Jun 16 13:59:13 kudusoft dhcpd: failover peer home-net: I move from recover-done to normal Jun 16 13:59:13 kudusoft dhcpd: failover peer home-net: peer moves from recover-done to normal Jun 16 13:59:14 kudusoft dhcpd: pool 914eb10 192.168.1/24 total 26 free 25 backup 0 lts -12 Jun 16 13:59:14 kudusoft dhcpd: pool 914eb10 192.168.1/24 total 26 free 25 backup 0 lts 12
在Minion身上
Jun 16 13:59:12 shaka dhcpd: Sending on Socket/fallback/fallback-net Jun 16 13:59:12 shaka dhcpd: failover peer home-net: I move from recover to startup Jun 16 13:59:12 shaka dhcpd: failover peer home-net: peer moves from unknown-state to recover Jun 16 13:59:12 shaka dhcpd: dhcpd startup succeeded Jun 16 13:59:12 shaka dhcpd: failover peer home-net: requesting full update from peer Jun 16 13:59:12 shaka dhcpd: failover peer home-net: I move from startup to recover Jun 16 13:59:12 shaka dhcpd: Sent update request all message to home-net Jun 16 13:59:12 shaka dhcpd: Sent update done message to home-net Jun 16 13:59:12 shaka dhcpd: Update request all from home-net: nothing pending Jun 16 13:59:12 shaka dhcpd: failover peer home-net: peer moves from recover to recover-done Jun 16 13:59:14 shaka dhcpd: failover peer home-net: peer update completed. Jun 16 13:59:14 shaka dhcpd: failover peer home-net: I move from recover to recover-done Jun 16 13:59:14 shaka dhcpd: failover peer home-net: peer moves from recover-done to normal Jun 16 13:59:14 shaka dhcpd: failover peer home-net: I move from recover-done to normal Jun 16 13:59:14 shaka dhcpd: pool 9d78ad8 192.168.1/24 total 26 free 25 backup 0 lts 12 Jun 16 13:59:14 shaka dhcpd: pool response: 12 leases
