绑定多张网卡成为逻辑口,从而实现链路冗余,以及数据流量的负载均衡
1.创建team口
[root@servera ~]# nmcli connection add type team con-name team0 ifname team0 team.runner activebackup ipv4.method manual ipv4.address 192.168.0.200/24Connection 'team0' (3eb2f94e-3653-4aa2-a3f1-0826a02b26d1) successfully added.创建了链接[root@servera ~]# nmcli connection showNAME UUID TYPE DEVICE team0 e4a115a2-5444-4d16-975b-5d1fc62a2503 team team0 创建了链接配置文件[root@servera ~]# cat /etc/sysconfig/network-scripts/ifcfg-team0 TEAM_CONFIG="{ \"runner\": { \"name\": \"activebackup\" } }"PROXY_METHOD=noneBROWSER_ONLY=noBOOTPROTO=dhcpDEFROUTE=yesIPV4_FAILURE_FATAL=noIPV6INIT=yesIPV6_AUTOCONF=yesIPV6_DEFROUTE=yesIPV6_FAILURE_FATAL=noIPV6_ADDR_GEN_MODE=stable-privacyNAME=team0UUID=e4a115a2-5444-4d16-975b-5d1fc62a2503DEVICE=team0ONBOOT=yesDEVICETYPE=Team[root@servera ~]# 创建了team0设备[root@servera ~]# nmcli device DEVICE TYPE STATE CONNECTION eth0 ethernet connected Wired connection 1 eth1 ethernet connected eth1 team0 team [connecting (getting IP configuration)] team0 team逻辑口一直无法获取dhcp,那么他会自动消失如果是manual则无视此问题也可以使用modify修改 team0 2.把物理网卡加入team中
建议删除网卡关联的旧链接[root@servera ~]# nmcli connection delete 'Wired connection 2'Connection 'Wired connection 2' (8f9a19e2-d15a-3772-b71d-320159e6753d) successfully deleted.[root@servera ~]# nmcli connection delete 'eth1' Connection 'eth1' (1e60e42a-10e8-4a27-ba92-c5698ae322c1) successfully deleted.[root@servera ~]# 添加新链接,绑定逻辑接口[root@servera ~]# nmcli connection add type ethernet slave-type team con-name eth1 ifname eth1 master team0Connection 'eth1' (17ef3f96-7b48-42a4-a0bd-11341eaec928) successfully added.[root@servera ~]# nmcli connection add type ethernet slave-type team con-name eth2 ifname eth2 master team0Connection 'eth2' (18fc1852-1b11-4f98-89a1-fb898f5e6bb2) successfully added.[root@servera ~]# [root@servera ~]# nmcli connection showNAME UUID TYPE DEVICE mqy bffa0efd-a0c4-40c6-ad27-ff42ccd5dc1c ethernet eth1 team0 e4a115a2-5444-4d16-975b-5d1fc62a2503 team team0 Wired connection 1 4ae4bb9e-8f2d-3774-95f8-868d74edcc3c ethernet eth0 eth2 18fc1852-1b11-4f98-89a1-fb898f5e6bb2 ethernet eth2 eth1 17ef3f96-7b48-42a4-a0bd-11341eaec928 ethernet -- [root@servera ~]# nmcli device DEVICE TYPE STATE CONNECTION eth0 ethernet connected Wired connection 1 team0 team connected team0 eth1 ethernet connected eth1 eth2 ethernet connected eth2 如果team0无ip地址,则使用nmcli connection down 然后 up7: team0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000link/ether 52:54:00:02:fa:0a brd ff:ff:ff:ff:ff:ffinet 192.168.0.200/24 brd 192.168.0.255 scope global noprefixroute team0 valid_lft forever preferred_lft forever3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel [master team0 state UP] group default qlen 1000link/ether 52:54:00:02:fa:0a brd ff:ff:ff:ff:ff:ff4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel [master team0 state UP] group default qlen 1000需要注意几个点
物理网卡不需要配置ip地址,所有的ip地址都在team口配置
只有当物理接口存在up的情况下team口才会up
3.查看team配置网络信息
查看team信息
[root@servera ~]# teamdctl team0 statesetup:runner: activebackupports:eth1 link watches: link summary: up instance[link_watch_0]: name: ethtool 使用ethtool来监控 link: up down count: 0eth2 link watches: link summary: up instance[link_watch_0]: name: ethtool link: up down count: 0runner:active port: eth1查看配置信息
[root@servera ~]# teamdctl team0 config dump{ "device": "team0", "mcast_rejoin": { "count": 1 }, "notify_peers": { "count": 1 }, "ports": { "eth1": { "link_watch": { "name": "ethtool" } }, "eth2": { "link_watch": { "name": "ethtool" } } }, "runner": { "name": "activebackup" }}[root@servera ~]# team0 config dump noport#不要接口信息直接查看接口状态[root@servera ~]# teamnl team0 ports4: eth2: up 4294967295Mbit FD 3: eth1: up 4294967295Mbit FD team口的网卡配置文件
[root@servera ~]# cat /etc/sysconfig/network-scripts/ifcfg-team0 TEAM_CONFIG="{ \"runner\": { \"name\": \"activebackup\" } }"PROXY_METHOD=noneBROWSER_ONLY=noBOOTPROTO=noneIPADDR=192.168.0.200PREFIX=24DEFROUTE=yesIPV4_FAILURE_FATAL=noIPV6INIT=yesIPV6_AUTOCONF=yesIPV6_DEFROUTE=yesIPV6_FAILURE_FATAL=noIPV6_ADDR_GEN_MODE=stable-privacyNAME=team0UUID=3eb2f94e-3653-4aa2-a3f1-0826a02b26d1DEVICE=team0ONBOOT=yesDEVICETYPE=Team[root@servera ~]# [root@servera ~]# teamdctl team0 config dump > t1.json[root@servera ~]# vi t1.json "runner": { "name": "roundrobin" }}[root@servera ~]# nmcli connection modify team0 team.config t1.json[root@servera ~]# cat /etc/sysconfig/network-scripts/ifcfg-team0 TEAM_CONFIG=$'{\n \"device\": \"team0\",\n \"mcast_rejoin\": {\n \"count\": 1\n },\n \"notify_peers\": {\n \"count\": 1\n },\n \"ports\": {\n \"eth1\": {\n \"link_watch\": {\n \"name\": \"ethtool\"\n }\n },\n \"eth2\": {\n \"link_watch\": {\n \"name\": \"ethtool\"\n }\n }\n },\n \"runner\": {\n \"name\": \"roundrobin\"\n }\n}\n'PROXY_METHOD=none第二种改法
[root@servera ~]# nmcli connection modify team0 team.runner activebackup [root@servera ~]# nmcli connection up team0 Connection successfully activated (master waiting for slaves) (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/27)[root@servera ~]# [root@servera ~]# teamdctl team0 config dump{ "device": "team0", "mcast_rejoin": { "count": 1 }, "notify_peers": { "count": 1 }, "ports": { "eth1": { "link_watch": { "name": "ethtool" } }, "eth2": { "link_watch": { "name": "ethtool" } } }, "runner": { "name": "activebackup" }}无论如何都得 nmcli connection up team0 来打开team0,去读取配置文件
使用系统role提供正确的变量,就可以完成任务
[student@workstation ~]$ lab netlink-automation startStarting netlink-automation exercise.· Create Ansible project directory............................ SUCCESS· Download Ansible configuration.............................. SUCCESS· Download Ansible inventory.................................. SUCCESS· Configuring eth1 network interface on serverd............... SUCCESS[student@workstation ~]$ 肯定需要这个角色包[student@workstation ~]$ sudo yum -y install rhel-system-roles准备剧本[student@workstation ~]$ lltotal 0drwxr-xr-x. 2 student student 42 Sep 3 22:10 netlink-automationdrwxr-xr-x. 2 student student 42 Aug 29 08:02 servicemgmt-automation[student@workstation ~]$ cd netlink-automation/[student@workstation netlink-automation]$ lsansible.cfg inventory[student@workstation netlink-automation]$ ansible-galaxy list# /usr/share/ansible/roles- linux-system-roles.kdump, (unknown version)- linux-system-roles.network, (unknown version)- linux-system-roles.postfix, (unknown version)- linux-system-roles.selinux, (unknown version)- linux-system-roles.storage, (unknown version)- linux-system-roles.timesync, (unknown version)
[root@servera ~]# nmcli device DEVICE TYPE STATE CONNECTION eth0 ethernet connected Wired connection 1 team0 team connected team0 eth1 ethernet connected eth1 eth2 ethernet connected eth2 [root@servera ~]# teamdctl team0 config dump{ "device": "team0", "ports": { "eth1": { "link_watch": { "name": "ethtool" } }, "eth2": { "link_watch": { "name": "ethtool" } } }, "runner": { "name": "roundrobin" }}[root@servera ~]# 此角色无更改runner的功能,继续更改playbook
[root@servera ~]# teamdctl team0 config dump{ "device": "team0", "mcast_rejoin": { "count": 1 }, "notify_peers": { "count": 1 }, "ports": { "eth1": { "link_watch": { "name": "ethtool" } }, "eth2": { "link_watch": { "name": "ethtool" } } }, "runner": { "name": "activebackup" }}[root@servera ~]# 成功
但是这无法体现幂等性,最后三条command总会重复执行,没有意义。增加判断条件
第一个is not defined 首先判断这个接口是否存在,不存在执行roles
第二个not in 判断这个是否有activebackup 有则改,无则跳过
反复执行不会有多余的操作
bond比team更适应交换机
DNS的层级结构
树状结构
.代表根域-->每个域都有对应的DNS服务器:域名->IP
根域服务器: 13台 (iPv4)
根域下面就是二级子域 .com .cn .net .edu .gov 域名
举个例子
lab.example.com(三级)是example.com(二级)的子域
example.com是.com(一级)的子域
fqdn:完全合格名称 --> ip (能被dns解析)
主机名得与fqdn区分
DNS服务器到底保存了什么内容
1: DNS服务器:到底保存了什么内容,DNS的工作原理lab.example.com<域名> DNSserver Servera1> 授权的子域,以及子域的DNS服务? ocp4.lab.example.com<域名>是lab.example.com的子域? master01.ocp4.lab.example.com <serverb.lab.example >? 你必须在lab.example.com 的DNS服务器配置ocp4.lab.example.com 的DNS服务器在serverb.lab.example.com.也就是上级域,必须要有下级域名的DNS服务器2> 该域下所有的FQDN的解析也成为区域配置文件servera.lab.example.com 172.25.250.10serverb.lab.example.com 172.25.250.113> 根域服务器的IP地址DNS解析过程分为: 一个是递归
这是在没有DNS缓存服务器的情况下,去找根域。很麻烦
有缓存服务器的情况下就不需要找根域,更有效率
1> 安装软件包: serverb[root@serverb ~]# yum install -y bind2> 修改配置文件[root@serverb ~]# vim /etc/named.conf 配置文件路径//代表注释options { // listen-on port 53 { 127.0.0.1; };监听的端口是53: DNS既监听UDP53还有TCP53,TCP53端口用于主从同步用的UDP53用于查询的 listen-on port 53 { 172.25.250.11;127.0.0.1; }; directory "/var/named"; 类似于定于了一个/目录,数据文件都放哪里 dump-file "/var/named/data/cache_dump.db";备份文件 statistics-file "/var/named/data/named_stats.txt"; 统计 memstatistics-file "/var/named/data/named_mem_stats.txt"; secroots-file "/var/named/data/named.secroots"; recursing-file "/var/named/data/named.recursing"; // allow-query { localhost; }; 允许谁来查寻 allow-query { 172.25.250.0/24; }; recursion yes; 是否允许递归查询。如果你的DNS服务仅仅是解析自己域内FQDN,则不需要递归,如果需要解析其他域内的FQDN则需要配置递归,设置为YES dnssec-enable no; dnssec-validation no; 有关安全的 秘钥之类 logging { channel default_debug { file "data/named.run";->/var/named/data/named.run severity dynamic; #日志路径 };};3> 配置区域配置文件zone...区域配置文件,指定的是该域内所有资源解析的文件FQND-->ip (重点,fqdn的对应关系)分为正向解析区域配置文件,反向解析区域配置文件正向区域配置文件:zone "." IN { type hint; file "named.ca";};根域地址zone "example.com" IN { type master ; file "example.com" 该域:example.com的区域配置文件在/var/named/example.com};4> 准备这个区域配置文件[root@serverb ~]# cp /var/named/named.empty /var/named/example.com[root@serverb ~]# chown root:named /var/named/example.com 属组一定要是这个named这个组[root@serverb ~]# chmod 640 /var/named/example.com[root@serverb ~]# ll -lZ /var/named/example.com-rw-r-----. 1 root named unconfined_u:object_r:named_zone_t:s0 152 Sep 3 19:40 /var/named/example.com[root@serverb ~]# vim /var/named/example.com$TTL 3H # 缓存时间 # @代表本域(example.com) # SOA 记录表示此域名的权威解析服务器地址 从域名到ip记录称之为A记录 soa后面是管理者邮箱 root后面不能是@@ IN SOA serverb.example.com. root.serverb.example.com. ( 0 ; serial [改了配置文件这个数字+1 就可以同步] 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum@ IN NS serverb.example.com.servera IN A 172.25.250.10serverb IN A 172.25.250.11serverc IN A 172.25.250.12serverd IN A 172.25.250.13kevin IN CNAME serverc5>启动服务,开放防火墙[root@serverb ~]# systemctl enable --now named.service[root@serverb ~]#[root@serverb ~]# firewall-cmd --permanent --add-port=53/tcpsuccess[root@serverb ~]# firewall-cmd --permanent --add-port=53/udpsuccess[root@serverb ~]# firewall-cmd --reload6> 登录servera [root@servera ~]# cat /etc/resolv.conf# Generated by NetworkManagersearch lab.example.com example.comnameserver 172.25.250.11[root@servera ~]# ping kevinPING serverc.example.com (172.25.250.12) 56(84) bytes of data.64 bytes from serverc.lab.example.com (172.25.250.12): icmp_seq=1 ttl=64 time=0.728 ms64 bytes from serverc.lab.example.com (172.25.250.12): icmp_seq=2 ttl=64 time=0.733 ms^C--- serverc.example.com ping statistics ---2 packets transmitted, 2 received, 0% packet loss, time 32msrtt min/avg/max/mdev = 0.728/0.730/0.733/0.027 ms[root@servera ~]# ping servercPING serverc.lab.example.com (172.25.250.12) 56(84) bytes of data.64 bytes from serverc.lab.example.com (172.25.250.12): icmp_seq=1 ttl=64 time=1.71 ms^C--- serverc.lab.example.com ping statistics ---1 packets transmitted, 1 received, 0% packet loss, time 0msrtt min/avg/max/mdev = 1.709/1.709/1.709/0.000 ms[root@servera ~]# ping serverdPING serverd.lab.example.com (172.25.250.13) 56(84) bytes of data.64 bytes from serverd.lab.example.com (172.25.250.13): icmp_seq=1 ttl=64 time=3.95 ms64 bytes from serverd.lab.example.com (172.25.250.13): icmp_seq=2 ttl=64 time=1.16 ms^C--- serverd.lab.example.com ping statistics ---2 packets transmitted, 2 received, 0% packet loss, time 3msrtt min/avg/max/mdev = 1.163/2.557/3.952/1.395 ms