云原生高级实验

任务需求：客户端通过访问 www.nihao.com 后，能够通过 dns 域名解析，访问到 nginx 服务中由 nfs 共享的首页文件，内容为：Very good, you have successfully set up the system. 各个主机能够实现时间同步，并且都开启防火墙来保证服务安装。

主机规划：

作用	系统	IP	主机名	软件
web 服务器	redhat9.5	192.168.72.8	web	nginx
nfs 服务器	redhat9.5	192.168.72.9	nfs	nfs-utils
DNS 主服务器	redhat9.5	192.168.72.18	dns1	bind
DNS 从服务器	redhat9.5	192.168.72.28	dns2	bind
客户端	redhat9.5	192.168.72.7	client	bind-utils

1.初始环境配置

web:

hostnamectl hostname web
nmcli c modify ens160 ipv4.method manual ipv4.addresses 10.10.10.8/24 ipv4.gateway 10.10.10.2 ipv4.dns 223.5.5.5 connection.autoconnect yes
nmcli c up ens160
setenforce 0

nfs:

hostnamectl hostname nfs
nmcli c modify ens160 ipv4.method manual ipv4.addresses 10.10.10.9/24 ipv4.gateway 192.168.72.2 ipv4.dns 223.5.5.5 connection.autoconnect yes
nmcli c up ens160
setenforce 0

dns1:

hostnamectl hostname dns1
nmcli c modify ens160 ipv4.method manual ipv4.addresses 10.10.10.18/24 ipv4.gateway 10.10.10.2 ipv4.dns 223.5.5.5 connection.autoconnect yes
nmcli c up ens160
setenforce 0

dns2:

hostnamectl hostname dns2
nmcli c modify ens160  ipv4.method manual ipv4.addresses 10.10.10.28/24 ipv4.gateway 10.10.10.2 ipv4.dns 223.5.5.5 connection.autoconnect yes
nmcli c up ens160
setenforce 0

client:

hostnamectl hostname client
nmcli c modify ens160 ipv4.method manual  ipv4.addresses 10.10.10.7/24 ipv4.gateway 10.10.10.2 ipv4.dns "10.10.10.18 10.10.10.28" connection.autoconnect yes
nmcli c up ens160
setenforce 0

2.下载相关服务

web:

vim /etc/yum.repos.d/dnf.repo
[BaseOS]
name=BaseOS
baseurl=/mnt/BaseOS
gpgcheck=0
[AppStream]
name=AppStream
baseurl=/mnt/AppStream
gpgcheck=0mmount /dev/sr0 /mnt
dnf install nginx -y

nfs:

vim /etc/yum.repos.d/dnf.repo
[BaseOS]
name=BaseOS
baseurl=/mnt/BaseOS
gpgcheck=0
[AppStream]
name=AppStream
baseurl=/mnt/AppStream
gpgcheck=0mmount /dev/sr0 /mnt
dnf install nfs-utils -y

dns1:

vim /etc/yum.repos.d/dnf.repo
[BaseOS]
name=BaseOS
baseurl=/mnt/BaseOS
gpgcheck=0
[AppStream]
name=AppStream
baseurl=/mnt/AppStream
gpgcheck=0mmount /dev/sr0 /mnt
dnf install bind -y

dns2:

vim /etc/yum.repos.d/dnf.repo
[BaseOS]
name=BaseOS
baseurl=/mnt/BaseOS
gpgcheck=0
[AppStream]
name=AppStream
baseurl=/mnt/AppStream
gpgcheck=0mmount /dev/sr0 /mnt
dnf install bind -y

client:

vim /etc/yum.repos.d/dnf.repo
[BaseOS]
name=BaseOS
baseurl=/mnt/BaseOS
gpgcheck=0
[AppStream]
name=AppStream
baseurl=/mnt/AppStream
gpgcheck=0mmount /dev/sr0 /mnt
dnf install bind-utils -y

3.配置web服务

修改配置文件

echo "welcome to nginx" > /usr/share/nginx/html/index.html firewall-cmd --permanent --add-service=httpfirewall-cmd --reload systemctl start nginx

nfs网络挂载

 dnf install -y nfs-utilsmkdir /data/nfs -pmount -t nfs 10.10.10.9:/nfs/data /data/nfsdf -hecho " write nfs" > /data/nfs/testcat /data/nfs/test vim /etc/nginx/conf.d/nfs.conf
server{server_name 10.10.10.8;root /data/nfs;access_log /var/log/nginx/access_logerror_log /var/log/nginx/error_log
}

时间同步

dnf install chrony -ysystemctl status chronydchronyc tracking chronyc sourcesvim /etc/chrony.conf

在这里插入图片描述

 systemctl restart chronydchronyc sources

在这里插入图片描述

4.配置nfs服务

mkdir /nfs/data -pvim /etc/exportscat /etc/exportschmod o+w /nfs/datachmod o+w /nfs/datashowmount -e 10.10.10.9firewall-cmd --permanent --add-service=nfsfirewall-cmd --reloadsystemctl enable --now nfs-server.service 
cat /nfs/data/test

在这里插入图片描述

时间同步

dnf install chrony
systemctl status chronyd
chronyc tracking 
chronyc sources
vim /etc/chrony.conf 
firewall-cmd --permanent --add-service=ntp
firewall-cmd --relaod
systemctl start chronyd.service

在这里插入图片描述

5.配置dns主服务器

cat /etc/named.conf 
options {listen-on port 53 { 10.10.10.18; };directory 	"/var/named";allow-query     { any; };
};
zone "haha.com" IN {type master;file "haha.com";
};

cat /var/named/haha.com
$TTL 	1D
@ 	IN 	SOA 	@	 admin.haha.com. (0 1D 2H 3W 2D)IN 	NS 	 ns1IN 	NS 	 ns2
ns1 	IN 	A 	10.10.10.18
ns2 	IN 	A 	10.10.10.28
www 	IN 	A 	10.10.10.8

放行服务

firewall-cmd --permanent --add-service=dns
firewall-cmd --reload

时间同步

dnf install chrony -yvim /etc/chrony.conf firewall-cmd --permanent --add-service=ntpfirewall-cmd --reload systemctl restart chronyd.service chronyc sources

在这里插入图片描述
dig 测试

dig -t NS haha.com @10.10.10.18

; <<>> DiG 9.16.23-RH <<>> -t NS haha.com @10.10.10.18 ;; global
options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status:
NOERROR, id: 39872 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2,
AUTHORITY: 0, ADDITIONAL: 3

;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ; COOKIE:
d326c928a6c990070100000067d919cadf5565a60133feba (good) ;; QUESTION
SECTION: ;haha.com. IN NS

;; ANSWER SECTION: haha.com. 86400 IN NS ns2.haha.com.
haha.com. 86400 IN NS ns1.haha.com.

;; ADDITIONAL SECTION: ns1.haha.com. 86400 IN A 10.10.10.18
ns2.haha.com. 86400 IN A 10.10.10.28

6.dns从服务器

修改主配置文件

cat /etc/named.conf
options {listen-on port 53 { 10.10.10.28; };directory 	"/var/named";
};
zone "haha.com" IN {type slave;masters {10.10.10.18; };file "slaves/haha.com";
};

放行服务

firewall-cmd --permanent --add-service=dnsfirewall-cmd --reload 
systemctl enable named --now

[root@dns2 ~]# ls /var/named/slaves/
haha.com
·时间同步

dnf install chrony -yvim /etc/chrony.conf firewall-cmd --permanent --add-service=ntpfirewall-cmd --reloadsystemctl restart chronyd.service chronyc sources

[root@dns2 ~]# chronyc sources MS Name/IP address Stratum Poll
Reach LastRx Last sample
=============================================================================== ^* 10.10.10.9 3 6 17 59 -5753ns[ -89us]
+/- 135ms

7.配置客户端
时间同步

vim /etc/chrony.conf firewall-cmd --permanent --add-service=ntp
firewall-cmd --reload systemctl restart chronyd.service chronyc sources

MS Name/IP address Stratum Poll Reach LastRx Last sample

=============================================================================== ^* 10.10.10.9 3 6 17 2 -112us[ -180us]
+/- 141ms

测试客户端

nmcli c show ens160 | grep ipv4.dns

ipv4.dns: 10.10.10.18,10.10.10.28
ipv4.dns-search: – ipv4.dns-options:
– ipv4.dns-priority: 0

ping www.haha.com

PING www.haha.com (10.10.10.8) 56(84) bytes of data. 64 bytes from
10.10.10.8 (10.10.10.8): icmp_seq=1 ttl=64 time=1.32 ms 64 bytes from 10.10.10.8 (10.10.10.8): icmp_seq=2 ttl=64 time=2.29 ms 64 bytes from 10.10.10.8 (10.10.10.8): icmp_seq=3 ttl=64 time=2.46 ms