Contents
1. DNS主从服务器搭建
1.1. DNS简介
DNS的全程是Domain Name System,即域名系统。用于将域名转换为对应的IP地址。可以说是保障网络服务正常访问的最关键的服务,将你从浏览器的地址栏中输入的域名(比如www.csdn.net)转换为提供域名对应主机的IP地址(39.106.226.142),随后主机与主机之间通过IP地址以及服务的对应端口号进行通信。
主机之间并不是通过域名进行通信的,而是基于IP地址和相关协议(TCP/UDP)的端口号进行通信,比如浏览器所在的PC与CSDN网站之间的通信,是建立在IP地址基础上的。由于IP地址并不易于记忆与访问,单纯的数字组合缺少实际的意义,为了便于记忆与用户访问方便,就有了域名系统,可以自动将网站的域名解析为IP地址。
DNS是分布式的分级架构,每个DNS服务器上都有一个DNS数据库,其中记录了这个DNS可以站点信息。具体如下图所示:
从上图中可以看出,DNS的分级架构体系中,包含了DNS解析器(DNS recursor,或者称为递归DNS服务器,即recursive server)、根名称服务器(Root Nameserver)、顶级域名称服务器(TLD Nameserver)以及权威名称服务器(Authoritative Nameserver)这四种角色。下面分别对这四种角色进行介绍。
- DNS Recursor/Recursive Server:DNS解析器/递归服务器,是客户端直接访问的服务器,当在浏览器中输入域名的时候,浏览器就是与这个解析器进行通信,将域名查询请求发送给DNS解析器,请求该域名对应的IP地址。通常这个DNS解析器是由网络服务提供商提供,在系统上配置好网络服务提供商提供的DNS服务器的IP地址即可。
- Root Nameserver:根名称服务器,是将域名解析为IP地址这个解析过程的关键一步,DNS名称解析器的缓存中如果没有客户端请求的域名-IP地址对应信息,那么解析器就会将域名解析请求转发给根名称服务器。根名称服务器位于DNS的分布式分级架构的最顶端,根服务器所负责的域被称为根域(Root Zone),根域里面记录了一系列子域(SubDomain)的信息,全球只有13台IPv4的DNS根服务器,分布在美国、欧洲和日本。根域负责将域名解析请求的查询结果返回给DNS解析器,随后DNS解析器将这个查询结果发送给对应的顶级域名称服务器(即对应的子域)。
- TLD Nameserver:顶级域名称服务器,全称为Top Level Domain Nameserver,这个服务器中记录了顶级域以及顶级域下面的权威服务器的信息。常见的顶级域包括 .com, .net, .gov, .edu, .cn 等等。顶级域名称服务器的作用是将根名称服务器返回给DNS解析器的查询结果进行解析,并将解析出来的结果(所要解析的域名在哪个权威DNS服务器上)返回给DNS解析器。
- Authoritative Nameserver:权威名称服务器,其中记录了域名信息,也是域名解析请求的最后一站。它将顶级域名称服务器返回给DNS解析器的查询结果做出对应的解析操作,并将解析出来的IP地址返回给DNS解析器,即用户可以直接通信的DNS服务器。随后DNS解析器将查询到域名对应的IP地址返回给浏览器所在的主机,至此,浏览器就可以通过目标主机的IP地址与要访问网站的主机进行数据交互了。从上述过程中可以看出,DNS解析器会分别于根名称服务器、顶级域名称服务器以及权威DNS名称服务器进行通信,这也就是为什么DNS解析器也被称为递归服务器的原因所在了。
那么权威名称服务器与DNS解析器(DNS迭代服务器)之间的主要区别是什么呢?
这两个概念在DNS的分布式分级架构中都是对应到这个概念下的一组服务器,即无论是权威名称服务器还是DNS解析服务器,背后都是由一组服务器集群提供服务。这两个概念在DNS的查询过程中扮演了不同的角色,主要区别就是,DNS解析器是DNS查询的开端;而权威名称服务器是DNS查询的终结。
-
DNS解析器(DNS Recursor/Recursive Server) :DNS解析器,通常也被称为递归服务器,采用递归的方式响应客户端发送过来的域名解析请求,追踪DNS记录。它会分别查询根名称服务器、顶级域名称服务器、权威名称服务器,直到查询到期望的结果(如果这样一轮下来没有查询到期望的结果,则会返回错误信息)。幸运的是,由于缓存的存在,所以DNS解析器并不是每次响应客户端的域名解析请求的时候都必须要进行递归查询,它会先查询本地缓存中的记录,如果要解析的数据存在于缓存中,DNS解析器就会直接从缓存中提取出结果并返回给客户端。如果本地缓存中没有客户端发起的域名解析请求记录,那么DNS解析器将会先查询根名称服务器,根名称服务器返回给DNS解析器要查询的域名记录对应的顶级域名称服务器;随后DNS解析器依据根名称服务器的返回结果,将客户端的域名解析请求发送给对应的顶级域名称服务器;顶级域名称服务器在收到解析请求后,对该域名做出解析,并将查询到的权威名称服务器信息返回给DNS解析器;DNS解析器随后依据顶级域名称服务器的返回结果,经客户端的域名解析请求转发给对应的权威名称服务器,权威名称服务器将查询到的目标主机的IP地址返回给DNS解析器;DNS解析器随后将域名对应的目标主机的IP地址返回给客户端浏览器所在的主机;至此,客户端浏览器所在主机就可以与域名的目标主机之间进行通信了。
-
权威名称服务器(Authoritative Nameserver) :权威名称服务器中记录了域名的最终信息,即域名以及其对应的IP地址信息,所谓的资源记录(Resource Record)。这个角色的服务器在DNS解析链的最底端,并且负责最终的域名解析。将待解析域名对应的主机IP地址返回给DNS解析器,权威名称服务器无需查询其他DNS服务器,因为本身就记录了对应域名的资源记录,所以其查询结果默认是可信的、权威的。
有了上面的基本概念,那么具体的DNS查询过程是怎样的呢?
DNS查询的过程,大致分以下8个步骤,当有DNS缓存的时候,可以跳过一些查询步骤,使得查询过程更快。
- 用户在浏览器的地址栏输入域名 example.com ,随后这个域名被发送到系统配置的DNS服务器——DNS解析器上面。
- DNS解析器收到客户端发送的域名解析请求之后,查询根名称服务器(DNS Root Nameserver,用 . 表示)。
- 根名称服务器查询自身管理的子域,搜索与example.com这个域名相关的顶级域资源记录,并将与这个域名相关的顶级域名称服务器(比如此处的 ***.com ***)信息返回给DNS解析器。
- 随后DNS解析器依据根名称服务器返回的结果,去查询对应的顶级域名称服务器,即服务解析 ***.com***域的DNS服务器。
- .com这个顶级域名称服务器在其资源记录中查询负责 example.com 这个域的DNS服务器IP地址,即权威名称服务器的IP地址,并将这个IP地址返回给DNS解析器。
- 最后,DNS解析器将客户端的域名解析请求发送给权威名称服务器进行查询。
- 权威名称服务器中记录了域名以及其对应的IP地址信息,即资源记录,并从中提取出 example.com 这个域名对应的IP地址,并将这个IP地址返回给DNS解析器。
- DNS解析器将查询到的 example.com 这个域名的IP地址返回给浏览器客户端所在的主机。
上述8个步骤之后,浏览器就获得了要访问的域名所对应的目标主机的IP地址,随后就可以使用这个IP地址请求网页资源了:
- 浏览器给目标IP地址发送HTTP/HTTPS请求。
- IP地址对应的目标主机将网页资源返回给浏览器。
具体过程如下图所示:
在上面的查询过程中,共存在3中查询类型,而且这些查询类型并不是孤立的,在查询过程中,都是相互结合在一起,完成整个查询过程的。3中查询类型分别如下:
- Recursive Query(递归查询) :这个查询类型,主要是存在于客户端向DNS解析器发送查询请求,DNS解析器递归查询其他DNS服务器之后,如果查询成功,则将查询到的结果返回给客户端;如果查询失败,则将错误信息返回给客户端。
- Iterative Query(迭代查询) :在这个阶段,DNS解析器作为发起查询请求的客户端,并期望查询的DNS服务器返回最佳结果。如果DNS服务器没有与查询的域名相匹配的结果,DNS服务器就会给其返回一个与该域名相关的下一级子域的权威名称服务器。随后DNS解析器去返回的权威名称服务器上继续查询该域名的解析。这个过程会顺着DNS解析链一直向下查询,直到获得到正确的结果(有匹配结果)或者返回了错误信息(无匹配结果),亦或者是查询超时为止。
- Non-Recursive Query(非递归查询) :典型的过程就是浏览器客户端向DNS解析器发起域名解析请求的时候,该域名的资源记录恰好存在于DNS解析器的缓存中。此时DNS解析器直接从缓存中提取域名对应的资源记录返回给浏览器客户端,而无需查询其他DNS服务器。
提到DNS缓存,那么缓存是什么?又存在哪里呢?
DNS缓存是查询结果(无论是查询到匹配的IP地址还是查无此地址)临时存储在起来,以便后续再次查询该域名的时候可以快速响应而无需再次依照DNS解析链一层一层查询,从而达到提升解析效率和性能的目的。
缓存通常可以存在于三个地方:
- 浏览器的DNS缓存 ,现在的浏览器基本都可以将查询的DNS记录缓存一段时间,这样做的目的,主要是提升域名解析速度,如果访问的域名资源记录在浏览器的缓存中存在,那么浏览器客户端就无需给DNS解析器发送域名解析额请求了,直接从本地缓存中就可以提取出目标IP地址,从而可以更快速的加载网页内容。对于Chrome浏览器,可以从 chrome://net-internals/#dns 查看DNS缓存,以及清空DNS缓存。
- 操作系统层面的DNS缓存 ,浏览器的地址栏输入完域名之后,会首先经过浏览器的DNS缓存检查是否存在该记录,如果没有,在将该域名解析请求发送给DNS解析器之前,会先检查操作系统层面的DNS缓存,这种查询系统层面DNS缓存的方式,被称为 Stub Resolver 。如果操作系统层面的本地DNS缓存中没有相关记录,那么就会将域名解析额请求发送到网络服务提供商的DNS解析器。
- 靠近发起域名解析请求客户端的DNS服务器上 ,这样一来,如果域名解析请求在DNS服务器的缓存中存在,那么客户端就可以尽早获得到查询结果。从而可以提高资源加载速度并且降低DNS服务器的网络带宽和CPU资源占用率。而资源记录的缓存时间,可以通过TTL(Time-To-Live)值进行设定。这个值设置的越大,资源记录在缓存中存在的时间也就越久。
而DNS解析器对于不同的资源记录类型,也有不同的额外功能。具体如下:- 如果DNS解析器缓存中没有没有该域名的A记录,但是有权威名称服务器的NS记录,此时会直接绕过根名称服务器和顶级域名称服务器,直接向权威名称服务器发起域名解析请求。从而可以更快的完成域名解析。
- 如果DNS解析器缓存中没有NS记录,那么DNS解析器就会将域名解析请求直接发送给与该域名相关的顶级域名称服务器,并不会从根服务器开始查询。
- 如果DNS解析器的缓存中并没有顶级域名称服务器的相关记录,此时就会将名称解析请求转发给根名称服务器。通常这种情况出现在DNS缓存被清理的情况下。
清楚了DNS的基础概念和架构,以及域名解析流程,接下来着手搭建一个主从功能的DNS服务器,用于解析虚拟机环境中的web服务。
1.2. DNS主从服务搭建
主从DNS服务器的配置,规划4台虚拟机,分别作为Master DNS服务器、Slave DNS服务器、Web服务器以及客户端。具体如下图所示:
4台虚拟机的角色划分和IP地址信息如下表所示:
| Hostname | Role | IP | Description |
|---|---|---|---|
| c7u6s3 | Master DNS | 192.168.122.13 | 主DNS服务器 |
| c7u6s4 | Slave DNS | 192.168.122.14 | 从DNS服务器 |
| c7u6s5 | Web Server | 192.168.122.15 | web服务器 |
| c7u6s6 | Client | 192.168.122.16 | 客户端,分别访问主DNS服务器和web服务器,如果主DNS服务器宕机,则会与从DNS服务器进行通信 |
1.2.1. 主DNS服务器配置
先安装bind软件,具体如下所示:
[root@c7u6s3 ~]# yum install -y bind
...
Installed:
bind.x86_64 32:9.11.4-26.P2.el7_9.5
Dependency Installed:
audit-libs-python.x86_64 0:2.8.5-4.el7 bind-export-libs.x86_64 32:9.11.4-26.P2.el7_9.5 checkpolicy.x86_64 0:2.5-8.el7
libcgroup.x86_64 0:0.41-21.el7 libsemanage-python.x86_64 0:2.5-14.el7 policycoreutils-python.x86_64 0:2.5-34.el7
python-IPy.noarch 0:0.75-6.el7 python-ply.noarch 0:3.4-11.el7 setools-libs.x86_64 0:3.3.8-4.el7
Dependency Updated:
audit.x86_64 0:2.8.5-4.el7 audit-libs.x86_64 0:2.8.5-4.el7 bind-libs.x86_64 32:9.11.4-26.P2.el7_9.5
bind-libs-lite.x86_64 32:9.11.4-26.P2.el7_9.5 bind-license.noarch 32:9.11.4-26.P2.el7_9.5 bind-utils.x86_64 32:9.11.4-26.P2.el7_9.5
dhclient.x86_64 12:4.2.5-83.el7.centos.1 dhcp-common.x86_64 12:4.2.5-83.el7.centos.1 dhcp-libs.x86_64 12:4.2.5-83.el7.centos.1
policycoreutils.x86_64 0:2.5-34.el7
Complete!
[root@c7u6s3 ~]#
此处我们假定DNS服务器管理的域为linuxer.com,其中有一台web服务器,域名为www.linuxer.com。
DNS服务的配置,需要在域数据文件(Zone datafile)中定义管理的域,然后再DNS服务的主配置文件中加入相应的域数据文件,并在其中加入对应的项,即所谓的资源记录(Resource Record)。资源记录的出现顺序一般如下:
- SOA记录(Start of Authority):表示这个DNS服务器就是这个域的权威名称服务器
- NS记录(NameServer):列出了这个域的名称服务器
- 其他一些有关主机的记录
- A记录(Address):域名到IP地址的映射,正向解析记录
- PTR记录:IP地址到域名的映射,反向解析记录
- CNAME(Canonical Name):定义域名的别名
域数据文件中的资源记录,一般是按照上述顺序进行定义的。
域数据文件中的注释使用分号标记,分号后面到行结束的内容即为注释的行。
域数据文件中可以指定全局TTL值,一般在文件的第一行指定,形式为$TTL 3h,支持的时间单位有h, d, w等,分别表示小时、天、周。
SOA记录表示这个DNS服务器是这个域的权威服务器,比如这个服务器就是linuxer.com的权威服务器,示例写法如下:
linuxer.com. IN SOA dnsmaster.linuxer.com. admin.linuxer.com. (
2021070501 ; serial,建议YYYYMMDDNN的形式NN为当天的第几次修改
3h ; 刷新间隔时间
1h ; 刷新失败之后的重试间隔时间
1w ; DNS服务数据过期时间,如果持续无法刷新,1周之后认为DNS服务器的域数据过期,不再提供服务
1h ; TTL值,表示本地缓存保存时常
)
其必须位于第一列,且以点号(.)为结尾,linuxer.com.表示要解析的域;IN表示Internet,也有其他类的值,但是并不太常见,最常见的还是IN;SOA表示资源记录类型;SOA后面的第一个dnsmaster.linuxer.com.表示负责解析linuxer.com这个域的主名称服务器,即主DNS服务器;第二个admin.linuxer.com.表示负责管理这个域的管理员的邮箱地址,将第一个点号(.)替换为@符号就是转换为标准的邮箱地址;小括号中的内容参见注释,具体含义解释在配置从DNS服务器的时候再具体解释。
NS记录通常位于SOA记录的后面,用于指定负责解析这个域的DNS主机,即主DNS服务器的域名,其中记录了相关主机的详细信息,所以也是权威DNS服务器。NS记录的内容如下所示:
linuxer.com. IN NS masterdns.linuxer.com.
A记录通常位于NS记录下面,是域名到主机IP地址的映射。具体如下所示:
;
; Host address
;
localhost.linuxer.com. IN A 127.0.0.1
masterdns.linuxer.com. IN A 192.168.122.13
www.linuxer.com. IN A 192.168.122.15
DNS服务器的资源记录介绍完了,接下来准备着手配置DNS服务器。
DNS主服务器的配置过程,具体如下所示:
-
创建域数据文件
完整的域数据文件 /var/named/db.linuxer.com 如下所示:
$TTL 3h linuxer.com. IN SOA dnsmaster.linuxer.com. admin.linuxer.com. ( 2021070501 ; serial,建议YYYYMMDDNN的形式NN为当天的第几次修改 3h ; 刷新间隔时间 1h ; 刷新失败之后的重试间隔时间 1w ; DNS服务数据过期时间,如果持续无法刷新,1周之后认为DNS服务器的域数据过期,不再提供服务 1h ; TTL值,表示本地缓存保存时常 ) linuxer.com. IN NS masterdns.linuxer.com. IN NS slavedns.linuxer.com. ; ; Host address ; localhost.linuxer.com. IN A 127.0.0.1 masterdns.linuxer.com. IN A 192.168.122.13 slavedns.linuxer.com. IN A 192.168.122.14 www.linuxer.com. IN A 192.168.122.15域数据文件创建完成。对域数据文件进行语法检查,具体如下所示:
[root@c7u6s3 ~]# named-checkzone 'linuxer.com.' /var/named/db.linuxer.com zone linuxer.com/IN: loaded serial 2021070501 OK [root@c7u6s3 ~]# chown root.named /var/named/db.linuxer.com检查完毕,没有问题。
-
修改DNS服务配置文件
DNS服务的主配置文件在/etc/named.conf,其原始的内容如下所示:
options { listen-on port 53 { 127.0.0.1; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; recursing-file "/var/named/data/named.recursing"; secroots-file "/var/named/data/named.secroots"; allow-query { localhost; }; recursion yes; dnssec-enable yes; dnssec-validation yes; bindkeys-file "/etc/named.root.key"; managed-keys-directory "/var/named/dynamic"; pid-file "/run/named/named.pid"; session-keyfile "/run/named/session.key"; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; zone "." IN { type hint; file "named.ca"; }; include "/etc/named.rfc1912.zones"; include "/etc/named.root.key";修改后的配置文件内容如下所示:
options { //listen-on port 53 { 127.0.0.1; }; //listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; recursing-file "/var/named/data/named.recursing"; secroots-file "/var/named/data/named.secroots"; //allow-query { localhost; }; recursion yes; //dnssec-enable yes; //dnssec-validation yes; bindkeys-file "/etc/named.root.key"; managed-keys-directory "/var/named/dynamic"; pid-file "/run/named/named.pid"; session-keyfile "/run/named/session.key"; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; #zone "." IN { # type hint; # file "named.ca"; #}; zone "linuxer.com." IN { type master; file "db.linuxer.com"; }; include "/etc/named.rfc1912.zones"; include "/etc/named.root.key";named.conf这个配置文件支持3中注释形式,即C语言的经典注释方式
/*comments*/和C++的经典注释方式//comments以及bash的经典注释方式#comments。这三种注释方式都是可以的。
修改完配置文件之后,对配置文件进行检查,具体如下所示:[root@c7u6s3 ~]# named-checkconf /etc/named.conf:62: missing ';' before '}' [root@c7u6s3 ~]# !vim vim /etc/named.conf [root@c7u6s3 ~]# [root@c7u6s3 ~]# named-checkconf如果没有任何输出提示,就说明没有问题。在Linux系统中,没有结果就是最好的结果,没有任何输出,说明没有异常(滑稽表情)。
-
启动named服务
域数据文件和DNS服务的主配置文件都修改完成,接下来启动named服务,具体如下所示:
[root@c7u6s3 ~]# systemctl status named . named.service - Berkeley Internet Name Domain (DNS) Loaded: loaded (/usr/lib/systemd/system/named.service; disabled; vendor preset: disabled) Active: inactive (dead) [root@c7u6s3 ~]# systemctl start named [root@c7u6s3 ~]# systemctl status named . named.service - Berkeley Internet Name Domain (DNS) Loaded: loaded (/usr/lib/systemd/system/named.service; disabled; vendor preset: disabled) Active: active (running) since Mon 2021-07-05 21:01:04 CST; 6s ago Process: 18680 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS (code=exited, status=0/SUCCESS) Process: 18678 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS) Main PID: 18683 (named) CGroup: /system.slice/named.service └─18683 /usr/sbin/named -u named -c /etc/named.conf Jul 05 21:01:04 c7u6s3 named[18683]: network unreachable resolving './DNSKEY/IN': 2001:500:200::b#53 Jul 05 21:01:04 c7u6s3 named[18683]: network unreachable resolving './NS/IN': 2001:500:200::b#53 Jul 05 21:01:04 c7u6s3 named[18683]: network unreachable resolving './DNSKEY/IN': 2001:500:9f::42#53 Jul 05 21:01:04 c7u6s3 named[18683]: network unreachable resolving './NS/IN': 2001:500:9f::42#53 Jul 05 21:01:04 c7u6s3 named[18683]: network unreachable resolving './DNSKEY/IN': 2001:500:1::53#53 Jul 05 21:01:04 c7u6s3 named[18683]: network unreachable resolving './NS/IN': 2001:500:1::53#53 Jul 05 21:01:04 c7u6s3 named[18683]: network unreachable resolving './DNSKEY/IN': 2001:500:2f::f#53 Jul 05 21:01:04 c7u6s3 named[18683]: network unreachable resolving './NS/IN': 2001:500:2f::f#53 Jul 05 21:01:05 c7u6s3 named[18683]: managed-keys-zone: Key 20326 for zone . acceptance timer complete: key now trusted Jul 05 21:01:06 c7u6s3 named[18683]: resolver priming query complete [root@c7u6s3 ~]#服务启动完成,接下来进行测试。
[root@c7u6s3 ~]# dig www.linuxer.com @127.0.0.1 ; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.5 <<>> www.linuxer.com @127.0.0.1 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26365 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;www.linuxer.com. IN A ;; ANSWER SECTION: www.linuxer.com. 3 IN A 192.168.122.15 ;; AUTHORITY SECTION: linuxer.com. 3 IN NS masterdns.linuxer.com. linuxer.com. 3 IN NS slavedns.linuxer.com. ;; ADDITIONAL SECTION: masterdns.linuxer.com. 3 IN A 192.168.122.13 slavedns.linuxer.com. 3 IN A 192.168.122.14 ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Mon Jul 05 22:21:46 CST 2021 ;; MSG SIZE rcvd: 139 [root@c7u6s3 ~]#从上述测试过程可以看出,DNS服务器可以正常解析出这个域名。
1.2.2. 从DNS服务器配置
单主服务器存在单点故障,即当主服务器失效的时候,就无法实现对该域进行解析了。为此,需要给主服务器配置一个从服务器,使得主服务器宕机的时候,从服务器可以接管主服务器的角色,正常实现名称解析。对于一个域(zone)而言,服务器是如何直到它是主服务器还是从服务器的呢?NS记录并不能体现出服务器是主服务器还是从服务器,它们只能反映出哪个服务器负责解析这个域。而主服务还是从服务器,是在服务的配置文件/etc/named.conf中定义的。
主服务器和从服务器之间的主要差别是什么呢?最主要的差别就是服务器从哪里获得数据。主服务器是直接从它的域数据文件中获得数据;而从服务器则是通过网络从其他名称服务器中加载数据,这个过程被称为域传输(Zone Transfer)。从服务器并不限定必须要从主服务器加载数据,也可以从其他从服务器加载数据。
使用从服务器最大的优势就是,对于一个域,只需要在主服务器中维护一组域数据文件即可,所以并不需要担心名称服务器之间的文件同步问题,从服务器会自动完成数据同步。需要注意的是,从服务器并不会立即同步数据,它会测试域数据是否是当前最新的,测试间隔在主服务器的域数据文件的SOA记录中做了设置。
从服务器的设置过程,具体如下所示:
- 在从服务器安装bind软件包
[root@c7u6s4 ~]# yum install -y bind Package 32:bind-9.11.4-26.P2.el7_9.5.x86_64 already installed and latest version Nothing to do [root@c7u6s4 ~]# - 拷贝主服务器的配置文件和域数据文件
[root@c7u6s4 ~]# cp /etc/named.conf{,.bak} [root@c7u6s4 ~]# rsync -av --progress -e 'ssh -p 22 -l root' c7u6s3:/etc/named.conf /etc/ Warning: Permanently added 'c7u6s3,192.168.122.13' (ECDSA) to the list of known hosts. root@c7u6s3's password: receiving incremental file list named.conf 1,888 100% 1.80MB/s 0:00:00 (xfr#1, to-chk=0/1) sent 61 bytes received 1,990 bytes 178.35 bytes/sec total size is 1,888 speedup is 0.92 [root@c7u6s4 ~]# [root@c7u6s4 ~]# rsync -av --progress -e 'ssh -p 22 -l root' c7u6s3:/var/named/db.linuxer.com /var/named/ root@c7u6s3's password: receiving incremental file list db.linuxer.com 595 100% 581.05kB/s 0:00:00 (xfr#1, to-chk=0/1) sent 43 bytes received 695 bytes 164.00 bytes/sec total size is 595 speedup is 0.81 [root@c7u6s4 ~]# - 修改主配置文件
[root@c7u6s4 ~]# vim /etc/named.conf options { //listen-on port 53 { 127.0.0.1; }; //listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; recursing-file "/var/named/data/named.recursing"; secroots-file "/var/named/data/named.secroots"; //allow-query { localhost; }; recursion yes; //dnssec-enable yes; //dnssec-validation yes; bindkeys-file "/etc/named.root.key"; managed-keys-directory "/var/named/dynamic"; pid-file "/run/named/named.pid"; session-keyfile "/run/named/session.key"; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; #zone "." IN { # type hint; # file "named.ca"; #}; zone "linuxer.com." IN { type slave; masters { 192.168.122.13; }; file "db.linuxer.com"; }; #include "/etc/named.rfc1912.zones"; #include "/etc/named.root.key"; - 检查配置文件和域数据文件,并启动named服务
注意拷贝过来的域数据文件的所有者关系,应该保证域数据文件的所有者为named这个用户,同时需要给named组增加域数据文件的写权限。修改完配置文件之后,要想使修改生效,有两种方式:第一种是[root@c7u6s4 ~]# named-checkconf [root@c7u6s4 ~]# named-checkzone 'linuxer.com.' /var/named/db.linuxer.com zone linuxer.com/IN: loaded serial 2021070501 OK [root@c7u6s4 ~]# [root@c7u6s4 ~]# systemctl status named ● named.service - Berkeley Internet Name Domain (DNS) Loaded: loaded (/usr/lib/systemd/system/named.service; disabled; vendor preset: disabled) Active: inactive (dead) [root@c7u6s4 ~]# [root@c7u6s4 ~]# systemctl start named [root@c7u6s4 ~]# systemctl status named . named.service - Berkeley Internet Name Domain (DNS) Loaded: loaded (/usr/lib/systemd/system/named.service; disabled; vendor preset: disabled) Active: active (running) since Mon 2021-07-05 22:31:44 CST; 3s ago Process: 18517 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS (code=exited, status=0/SUCCESS) Process: 18515 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS) Main PID: 18519 (named) CGroup: /system.slice/named.service └─18519 /usr/sbin/named -u named -c /etc/named.conf Jul 05 22:31:44 c7u6s4 named[18519]: all zones loaded Jul 05 22:31:44 c7u6s4 named[18519]: running Jul 05 22:31:44 c7u6s4 named[18519]: zone linuxer.com/IN: Transfer started. Jul 05 22:31:44 c7u6s4 systemd[1]: Started Berkeley Internet Name Domain (DNS). Jul 05 22:31:44 c7u6s4 named[18519]: transfer of 'linuxer.com/IN' from 192.168.122.13#53: connected using 192.168.122.14#57710 Jul 05 22:31:44 c7u6s4 named[18519]: zone linuxer.com/IN: transferred serial 2021070501 Jul 05 22:31:44 c7u6s4 named[18519]: zone linuxer.com/IN: transfer: could not set file modification time of 'db.linuxer.com': permission denied Jul 05 22:31:44 c7u6s4 named[18519]: transfer of 'linuxer.com/IN' from 192.168.122.13#53: Transfer status: success Jul 05 22:31:44 c7u6s4 named[18519]: transfer of 'linuxer.com/IN' from 192.168.122.13#53: Transfer completed: 1 messages, 8 records, 2...tes/sec) Jul 05 22:31:44 c7u6s4 named[18519]: zone linuxer.com/IN: sending notifies (serial 2021070501) Hint: Some lines were ellipsized, use -l to show in full. [root@c7u6s4 ~]# [root@c7u6s4 ~]# ls -lh /var/named/named.ca -rw-r----- 1 root named 2.3K Apr 5 2018 /var/named/named.ca [root@c7u6s4 ~]# ls -lh /var/named/db.linuxer.com -rw-r--r-- 1 root root 669 Jul 5 22:20 /var/named/db.linuxer.com [root@c7u6s4 ~]# chown root.named /var/named/db.linuxer.com [root@c7u6s4 ~]# ls -lh /var/named/db.linuxer.com -rw-r--r-- 1 root named 669 Jul 5 22:20 /var/named/db.linuxer.com [root@c7u6s4 ~]# [root@c7u6s4 named]# rndc reload server reload successful [root@c7u6s4 named]# systemctl status named . named.service - Berkeley Internet Name Domain (DNS) Loaded: loaded (/usr/lib/systemd/system/named.service; disabled; vendor preset: disabled) Active: active (running) since Mon 2021-07-05 22:35:07 CST; 3min 52s ago Process: 18586 ExecStop=/bin/sh -c /usr/sbin/rndc stop > /dev/null 2>&1 || /bin/kill -TERM $MAINPID (code=exited, status=0/SUCCESS) Process: 18600 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS (code=exited, status=0/SUCCESS) Process: 18597 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS) Main PID: 18602 (named) CGroup: /system.slice/named.service └─18602 /usr/sbin/named -u named -c /etc/named.conf Jul 05 22:38:50 c7u6s4 named[18602]: automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA Jul 05 22:38:50 c7u6s4 named[18602]: automatic empty zone: EMPTY.AS112.ARPA Jul 05 22:38:50 c7u6s4 named[18602]: automatic empty zone: HOME.ARPA Jul 05 22:38:50 c7u6s4 named[18602]: none:104: 'max-cache-size 90%' - setting to 891MB (out of 990MB) Jul 05 22:38:50 c7u6s4 named[18602]: configuring command channel from '/etc/rndc.key' Jul 05 22:38:50 c7u6s4 named[18602]: configuring command channel from '/etc/rndc.key' Jul 05 22:38:50 c7u6s4 named[18602]: reloading configuration succeeded Jul 05 22:38:50 c7u6s4 named[18602]: reloading zones succeeded Jul 05 22:38:50 c7u6s4 named[18602]: all zones loaded Jul 05 22:38:50 c7u6s4 named[18602]: running [root@c7u6s4 named]# [root@c7u6s4 named]# pwd /var/named [root@c7u6s4 named]# tail -n10 data/named.run none:104: 'max-cache-size 90%' - setting to 891MB (out of 990MB) configuring command channel from '/etc/rndc.key' configuring command channel from '/etc/rndc.key' reloading configuration succeeded reloading zones succeeded all zones loaded running client @0x7f9e440a9060 192.168.122.13#52541: received notify for zone 'linuxer.com' zone linuxer.com/IN: notify from 192.168.122.13#52541: zone is up to date zone linuxer.com/IN: refresh: could not set file modification time of 'db.linuxer.com': permission denied [root@c7u6s4 named]# [root@c7u6s4 named]# chmod g+w db.linuxer.com [root@c7u6s4 named]# ls -lh db.linuxer.com -rw-rw-r-- 1 root named 670 Jul 5 22:36 db.linuxer.com [root@c7u6s4 named]#systemctl restart named;第二种是rndc reload。rndc命令用于管理DNS服务器。 - 测试从服务器
DNS服务器可以正确在本机解析出域名。[root@c7u6s4 named]# dig www.linuxer.com. @127.0.0.1 ; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.5 <<>> www.linuxer.com. @127.0.0.1 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16036 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;www.linuxer.com. IN A ;; ANSWER SECTION: www.linuxer.com. 3 IN A 192.168.122.15 ;; AUTHORITY SECTION: linuxer.com. 3 IN NS slavedns.linuxer.com. linuxer.com. 3 IN NS masterdns.linuxer.com. ;; ADDITIONAL SECTION: masterdns.linuxer.com. 3 IN A 192.168.122.13 slavedns.linuxer.com. 3 IN A 192.168.122.14 ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Mon Jul 05 22:44:55 CST 2021 ;; MSG SIZE rcvd: 139 [root@c7u6s4 named]#
关于域数据文件中的SOA记录部分小括号中的各项取值的含义,在从服务器的配置这个部分说明更合适一些。SOA部分的内容如下:
linuxer.com. IN SOA dnsmaster.linuxer.com. admin.linuxer.com. (
2021070501 ; serial,建议YYYYMMDDNN的形式NN为当天的第几次修改
3h ; 刷新间隔时间
1h ; 刷新失败之后的重试间隔时间
1w ; DNS服务数据过期时间,如果持续无法刷新,1周之后认为DNS服务器的域数据过期,不再提供服务
1h ; TTL值,表示本地缓存保存时常
)
至此,从服务器搭建完成。
补充:
SOA记录这一行在主服务器配置的部分已经介绍过了,此处主要介绍小括号中的各项的内容。具体如下:
第一行为序列号,建议使用能够表明域数据文件随着时间的版本变化情况,建议的序号形式为YYYYMMDDNN,其中YYYY表示完整写法的年份,MM为双位数表示的月份,DD为双位数表示的天,NN表示第几次变化(依然是双位数表示)。每次更新域数据文件的时候,都应该更改这个序列号值,尤其是在主从架构中,因为从服务器会根据这个序列号的变化情况来决定是否需要从主服务器拉取域数据文件。
第二行为刷新间隔时间,指定了从服务器多久检查一下域数据文件是否应该更新。如果你的域数据文件并不经常变动,那么可以将这个值设置的大一些,比如24h,即每隔24小时检查一下域数据文件是否需要更新。此处设置为3小时。
第三行为重试时间,即刷新失败之后,隔多久再次尝试刷新(即检查域数据文件是否需要更新)。一帮情况下,这个值应该短于刷新时间的间隔。此处设置为1小时。
第四行为过期时间,如果从服务器无法连接主服务器之后,过了这个指定的时间,则认为从服务器的域数据文件中的内容过期了。过期意味着从服务器无法依据域数据文件中的域数据,向查询该域的客户端提供权威响应。过期时间应该比刷新时间间隔和重试时间间隔更长一些,如果这个值比刷新间隔时间更短,那么在下次刷新装载新数据之前,此前更新的数据已经过期了。
1第五行为本地缓存的TTL值,即DNS记录缓存多久之后被清除。如果域数据文件不经常变动,可以将这个值设置的大一些,从而可以提升域名解析的效率和新能,同时减少DNS服务器的带宽和CPU占用开销。
1.2.3. Web服务器准备
在c7u6s5这个虚拟机上安装httpd服务,并创建index.html的内容作为首页,然后启动httpd服务。具体如下所示:
[root@c7u6s5 ~]# yum install -y httpd
...
Installed:
httpd.x86_64 0:2.4.6-97.el7.centos
Dependency Installed:
apr.x86_64 0:1.4.8-7.el7 apr-util.x86_64 0:1.5.2-6.el7 httpd-tools.x86_64 0:2.4.6-97.el7.centos mailcap.noarch 0:2.1.41-2.el7
Complete!
[root@c7u6s5 ~]# echo 'c7u6s5 for the www.linuxer.com' > /var/www/html/index.html
[root@c7u6s5 ~]# systemctl status httpd
. httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
Active: inactive (dead)
Docs: man:httpd(8)
man:apachectl(8)
[root@c7u6s5 ~]# systemctl start httpd
[root@c7u6s5 ~]# curl localhost
c7u6s5 for the www.linuxer.com
[root@c7u6s5 ~]#
至此,web服务器就搭建完成了。
1.2.4. 客户端测试
在客户端修改客户端网卡默认的DNS服务器,默认的DNS服务器指向是192.168.122.1。然后在命令行中通过curl命令测试。具体如下所示:
[root@c7u6s6 ~]# nmcli con mod eth0 ipv4.dns 192.168.122.13
[root@c7u6s6 ~]# nmcli con mod eth0 +ipv4.dns 192.168.122.14
[root@c7u6s6 ~]# nmcli con reload
[root@c7u6s6 ~]# nmcli con up eth0
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/2)
[root@c7u6s6 ~]# cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 192.168.122.13
nameserver 192.168.122.14
[root@c7u6s6 ~]# curl www.linuxer.com
c7u6s5 for the www.linuxer.com
[root@c7u6s6 ~]#
[root@c7u6s6 ~]# dig www.linuxer.com
; <<>> DiG 9.9.4-RedHat-9.9.4-72.el7 <<>> www.linuxer.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6102
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.linuxer.com. IN A
;; ANSWER SECTION:
www.linuxer.com. 3 IN A 192.168.122.15
;; AUTHORITY SECTION:
linuxer.com. 3 IN NS masterdns.linuxer.com.
;; ADDITIONAL SECTION:
masterdns.linuxer.com. 3 IN A 192.168.122.13
;; Query time: 0 msec
;; SERVER: 192.168.122.13#53(192.168.122.13)
;; WHEN: Mon Jul 05 21:44:30 CST 2021
;; MSG SIZE rcvd: 100
[root@c7u6s6 ~]#
[root@c7u6s6 ~]# nslookup www.linuxer.com
Server: 192.168.122.13
Address: 192.168.122.13#53
Name: www.linuxer.com
Address: 192.168.122.15
[root@c7u6s6 ~]#
[root@c7u6s6 ~]# nslookup -type=ns linuxer.com.
Server: 192.168.122.13
Address: 192.168.122.13#53
linuxer.com nameserver = masterdns.linuxer.com.
[root@c7u6s6 ~]# nslookup -type=a www.linuxer.com.
Server: 192.168.122.13
Address: 192.168.122.13#53
Name: www.linuxer.com
Address: 192.168.122.15
[root@c7u6s6 ~]#
从上述输出中可以看出,搭建的主DNS服务器可以正常解析域名。
将主DNS服务器的named服务停掉,查看客户端是否还能解析出域名,具体如下所示:
[root@c7u6s3 ~]# systemctl stop named
[root@c7u6s3 ~]# systemctl status named
. named.service - Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named.service; disabled; vendor preset: disabled)
Active: inactive (dead) since Mon 2021-07-05 22:48:08 CST; 1min 32s ago
Process: 18988 ExecStop=/bin/sh -c /usr/sbin/rndc stop > /dev/null 2>&1 || /bin/kill -TERM $MAINPID (code=exited, status=0/SUCCESS)
Process: 18786 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS (code=exited, status=0/SUCCESS)
Process: 18784 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS)
Main PID: 18788 (code=exited, status=0/SUCCESS)
Jul 05 22:35:07 c7u6s3 named[18788]: client @0x7f6c2800bb60 192.168.122.14#35109: received notify for zone 'linuxer.com'
Jul 05 22:48:08 c7u6s3 systemd[1]: Stopping Berkeley Internet Name Domain (DNS)...
Jul 05 22:48:08 c7u6s3 named[18788]: received control channel command 'stop'
Jul 05 22:48:08 c7u6s3 named[18788]: shutting down: flushing changes
Jul 05 22:48:08 c7u6s3 named[18788]: stopping command channel on 127.0.0.1#953
Jul 05 22:48:08 c7u6s3 named[18788]: stopping command channel on ::1#953
Jul 05 22:48:08 c7u6s3 named[18788]: no longer listening on 127.0.0.1#53
Jul 05 22:48:08 c7u6s3 named[18788]: no longer listening on 192.168.122.13#53
Jul 05 22:48:08 c7u6s3 named[18788]: exiting
Jul 05 22:48:08 c7u6s3 systemd[1]: Stopped Berkeley Internet Name Domain (DNS).
[root@c7u6s3 ~]#
上述停掉了主DNS服务器的named服务。
在客户端上检查,是否还能正确解析域名,具体如下所示:
[root@c7u6s6 ~]# curl www.linuxer.com
c7u6s5 for the www.linuxer.com
[root@c7u6s6 ~]#
[root@c7u6s6 ~]# dig www.linuxer.com
; <<>> DiG 9.9.4-RedHat-9.9.4-72.el7 <<>> www.linuxer.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59371
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.linuxer.com. IN A
;; ANSWER SECTION:
www.linuxer.com. 3 IN A 192.168.122.15
;; AUTHORITY SECTION:
linuxer.com. 3 IN NS masterdns.linuxer.com.
linuxer.com. 3 IN NS slavedns.linuxer.com.
;; ADDITIONAL SECTION:
masterdns.linuxer.com. 3 IN A 192.168.122.13
slavedns.linuxer.com. 3 IN A 192.168.122.14
;; Query time: 1 msec
;; SERVER: 192.168.122.14#53(192.168.122.14)
;; WHEN: Mon Jul 05 22:49:28 CST 2021
;; MSG SIZE rcvd: 139
[root@c7u6s6 ~]#
[root@c7u6s6 ~]# nslookup www.linuxer.com
Server: 192.168.122.14
Address: 192.168.122.14#53
Name: www.linuxer.com
Address: 192.168.122.15
[root@c7u6s6 ~]# nslookup -type=ns linuxer.com.
Server: 192.168.122.14
Address: 192.168.122.14#53
linuxer.com nameserver = masterdns.linuxer.com.
linuxer.com nameserver = slavedns.linuxer.com.
[root@c7u6s6 ~]# nslookup -type=a www.linuxer.com
Server: 192.168.122.14
Address: 192.168.122.14#53
Name: www.linuxer.com
Address: 192.168.122.15
[root@c7u6s6 ~]#
从上述可以看出,此时仍然能够解析出域名。可见从DNS服务器已经正常工作起来了。
至此,主从架构的DNS服务器就配置完成了。
2. 智能DNS服务搭建
所谓的智能DNS,是模拟的CDN(Content Delivery Network,即内容分发网络)按照用户访问目标站点时所在的不同区域,给其针对性的投递距离最近的缓存服务器上的站点资源,从而达到提升站点内容装载效率、提升用户站点访问体验的目的。
比如用户在北京访问某个站点,那么智能DNS将会从距离用户最近的CDN缓存服务器上获取站点资源。本质上,CDN就是将你的站点资源缓存在不同地理位置的缓存服务器上,并根据DNS解析规则为用户选择距离最近的缓存服务器上的内容。如下图所示:
而此处的智能DNS就是模拟的CDN这种工作方式,通过DNS解析,将不同网段的客户端的域名解析请求解析为对应的目标服务器地址,从而使实现不同网段的客户端与服务器端之间的对应。
此处将会使用到6台虚拟机,包括上面实验用到2台DNS服务器和2个web服务器一个2个客户端。
各个虚拟机之间的角色安排如下表所示:
| Hostname | Role | IP | Description |
|---|---|---|---|
| c7u6s3 | Master DNS Web Server | 192.168.122.13 10.0.0.13 | 主DNS服务器 |
| c7u6s4 | Slave DNS | 192.168.122.14 10.0.0.14 | 从DNS服务器 |
| c7u6s5 | Web Server | 192.168.122.15 | web服务器 |
| c7u6s6 | Web Server | 10.0.0.16 | web服务器 |
| c7u6s7 | Client | 192.168.122.17 | 访问DNS服务器和Web服务器的客户端 |
| c7u6s8 | Client | 10.0.0.18 | 访问DNS服务器和Web服务器的客户端 |
服务器的角色规划完成,接下来准备虚拟机环境。
2.1. 虚拟机环境准备
添加另外一个虚拟网桥,此处采用routed类型,具体如下所示:
打开Virtual Machine Manager,然后在菜单栏的Edit选择 Connection Details
弹出如下窗口:
点击上图的棕色方框,添加新的网络连接。具体如下:
点击上图的Finish即可。添加完成之后的结果如下图所示:
至此,虚拟网络virbr1就添加完成了,接下来给c7u6s3这台虚拟机添加第二块网卡,并设置IP地址为10.0.0.13。具体如下所示:
点击上图的Add-Hardware,弹出窗口如下:
网络源选择此前添加的virbr1,然后网卡驱动选择半虚拟化驱动virtio,然后点击棕色方框Finish即可。接下来点击并查看新添加的网卡,弹出如下窗口:
点击Yes,然后点击右下角的Apply即可。至此,新网卡添加完成,接下来关闭系统,使新添加的网卡生效。重新启动网卡之后,设置网卡的IP地址为10.0.0.13,具体如下所示:
[root@c7u6s3 ~]# nmcli con show
NAME UUID TYPE DEVICE
System eth0 0d31e3e0-8b0c-46cb-9df5-0679be226e3f ethernet eth0
Wired connection 1 511b5fb2-57b9-3c62-bd50-8f473962ced2 ethernet eth1
[root@c7u6s3 ~]#
[root@c7u6s3 ~]# nmcli con mod 'Wired connection 1' connection.id eth1
[root@c7u6s3 ~]# nmcli con mod 'System eth0' connection.id eth0
[root@c7u6s3 ~]# nmcli con show
NAME UUID TYPE DEVICE
eth0 0d31e3e0-8b0c-46cb-9df5-0679be226e3f ethernet eth0
eth1 511b5fb2-57b9-3c62-bd50-8f473962ced2 ethernet eth1
[root@c7u6s3 ~]#
[root@c7u6s3 ~]# nmcli con mod eth1 ipv4.method manual ipv4.addresses 10.0.0.13/24
[root@c7u6s3 ~]# nmcli con reload
[root@c7u6s3 ~]# nmcli con up eth1
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/21)
[root@c7u6s3 ~]# ip addr show eth1
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 52:54:00:e0:eb:99 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.13/24 brd 10.0.0.255 scope global noprefixroute eth1
valid_lft forever preferred_lft forever
inet6 fe80::f8cf:e1c5:46ba:9e1d/64 scope link noprefixroute
valid_lft forever preferred_lft forever
[root@c7u6s3 ~]#
[root@c7u6s3 ~]# ip addr show eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 52:54:00:49:e2:1b brd ff:ff:ff:ff:ff:ff
inet 192.168.122.13/24 brd 192.168.122.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet6 fe80::5054:ff:fe49:e21b/64 scope link noprefixroute
valid_lft forever preferred_lft forever
[root@c7u6s3 ~]#
至此,c7u6s3这个虚拟机的网络环境就配置完成了。按照如上步骤,给c7u6s4也添加一个虚拟网卡。并将eth1的IP地址配置为10.0.0.14。
接下来将c7u6s6和c7u6s8的eth0网卡的网络源设置为virbr1,然后修改eth0的IP地址。具体如下:
修改网络源为virbr1,然后点棕色方框的Apply即可。然后进入虚拟机重新设置虚拟机的eth0网卡IP地址,具体如下所示:
[root@c7u6s6 ~]# nmcli con show
NAME UUID TYPE DEVICE
eth0 5997c686-b2df-4123-ad48-f7f78cd2311f ethernet eth0
[root@c7u6s6 ~]# nmcli con mod eth0 ipv4.method manual ipv4.addresses 10.0.0.16/24
[root@c7u6s6 ~]# nmcli con reload
[root@c7u6s6 ~]# nmcli con up eth0
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/5)
[root@c7u6s6 ~]#
[root@c7u6s6 ~]# ip addr show eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 52:54:00:de:84:63 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.16/24 brd 10.0.0.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet6 fe80::5054:ff:fede:8463/64 scope link
valid_lft forever preferred_lft forever
[root@c7u6s6 ~]#
结果如下图:
由于c7u6s6后见还需要上网安装软件,所以需要为其指定默认网关和DNS,具体如下所示:
[root@c7u6s6 ~]# nmcli con mod eth0 ipv4.gateway 10.0.0.1
[root@c7u6s6 ~]# nmcli con mod eth0 ipv4.dns 10.0.0.1
[root@c7u6s6 ~]# nmcli con reload
[root@c7u6s6 ~]# nmcli con up eth0
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/8)
[root@c7u6s6 ~]# cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 10.0.0.1
[root@c7u6s6 ~]# dig www.baidu.com
; <<>> DiG 9.9.4-RedHat-9.9.4-72.el7 <<>> www.baidu.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50014
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;www.baidu.com. IN A
;; ANSWER SECTION:
www.baidu.com. 120 IN CNAME www.a.shifen.com.
www.a.shifen.com. 185 IN A 110.242.68.4
www.a.shifen.com. 185 IN A 110.242.68.3
;; Query time: 8 msec
;; SERVER: 10.0.0.1#53(10.0.0.1)
;; WHEN: Thu Jul 08 17:21:13 CST 2021
;; MSG SIZE rcvd: 90
[root@c7u6s6 ~]#
对于c7u6s8进行同样的操作如下:
将网卡的网络源设置为c7u6s8,然后点击棕色方框的Apply,并进入系统修改eth0网卡的IP地址即可。具体如下:
[root@c7u6s8 ~]# nmcli con show
NAME UUID TYPE DEVICE
eth0 c4a95e8e-7cd0-44f0-b518-ddf17a7e511d ethernet eth0
[root@c7u6s8 ~]# nmcli con mod eth0 ipv4.method manual ipv4.addresses 10.0.0.18/24
[root@c7u6s8 ~]# nmcli con reload
[root@c7u6s8 ~]# nmcli con up eth0
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/3)
[root@c7u6s8 ~]# ip addr show eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 52:54:00:81:56:3b brd ff:ff:ff:ff:ff:ff
inet 10.0.0.18/24 brd 10.0.0.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet6 fe80::5054:ff:fe81:563b/64 scope link noprefixroute
valid_lft forever preferred_lft forever
[root@c7u6s8 ~]#
如下图:
同理,也需要为c7u6s8指定网关和DNS,否则无法与外网通信实现yum源解析。具体如下所示:
[root@c7u6s8 ~]# cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 192.168.122.1
[root@c7u6s8 ~]# nmcli con mod eth0 ipv4.gateway 10.0.0.1
[root@c7u6s8 ~]# nmcli con mod eth0 ipv4.dns 10.0.0.1
[root@c7u6s8 ~]# nmcli con reload
[root@c7u6s8 ~]# nmcli con up eth0
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/4)
[root@c7u6s8 ~]# cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 10.0.0.1
[root@c7u6s8 ~]#
[root@c7u6s8 ~]# dig www.baidu.com
; <<>> DiG 9.9.4-RedHat-9.9.4-72.el7 <<>> www.baidu.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64607
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;www.baidu.com. IN A
;; ANSWER SECTION:
www.baidu.com. 991 IN CNAME www.a.shifen.com.
www.a.shifen.com. 265 IN A 110.242.68.3
www.a.shifen.com. 265 IN A 110.242.68.4
;; Query time: 7 msec
;; SERVER: 10.0.0.1#53(10.0.0.1)
;; WHEN: Thu Jul 08 17:26:41 CST 2021
;; MSG SIZE rcvd: 90
[root@c7u6s8 ~]#
接下来检查下看看三台修改了IP地址的虚拟机是否能够彼此通信。
[root@c7u6s8 ~]# ping 10.0.0.16
PING 10.0.0.16 (10.0.0.16) 56(84) bytes of data.
64 bytes from 10.0.0.16: icmp_seq=1 ttl=64 time=0.272 ms
64 bytes from 10.0.0.16: icmp_seq=2 ttl=64 time=0.444 ms
^C
--- 10.0.0.16 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 0.272/0.358/0.444/0.086 ms
[root@c7u6s8 ~]# ping 10.0.0.13
PING 10.0.0.13 (10.0.0.13) 56(84) bytes of data.
64 bytes from 10.0.0.13: icmp_seq=1 ttl=64 time=0.387 ms
64 bytes from 10.0.0.13: icmp_seq=2 ttl=64 time=0.731 ms
^C
--- 10.0.0.13 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 0.387/0.559/0.731/0.172 ms
[root@c7u6s8 ~]#
三台修改了IP地址的虚拟机之间是可以正常通信的。
至此,基础环境准备完成。
2.2. 智能DNS环境搭建
这个实验中用到了2个Web服务器,2个DNS服务器(1个也可以,只是这里的DNS服务器实验用上面的主从架构,所以依然采用两个DNS服务器),然后还有2个客户端,对应2个网段(模拟两个不同的物理位置)。
另外,智能DNS技术中用到了两个配置,分别为acl和view(在DNS服务的主配置文件/etc/named.conf中修改)。
-
acl :acl用于指定IP地址的匹配列表,其中可以指定1个或者多个IP地址或者网段,指定IP地址的时候通常是网段,比如192.168.122.0/24。除了可以指定网段之外,还可以指定关键字,其支持的关键字如下:
- none :不匹配任何IP地址
- any :任何IP地址都可以
- localhost :本机的任意IP地址
- localnets :本机网卡接口所在的任意网络
在配置文件中的写法为:
acl name { address_match_list; };,比如acl "internal" { 192.168.122.0/24; };或者acl "any_host" { any; };这两种形式均可。 -
view :这个机制对于防火墙内的环境来说是很有用的,允许你为DNS服务器配置不同地区的解析规则。对于内网中既需要对内网的服务器进行域名解析,也需要对外网的域名解析的时候,使用view这个技术就很方便了。如果要定义一个view,使用如下语法即可:
view "view_name" { };可以通过
match-clients指定view包含的主机,从而实现不同view之间的主机隔离。比如下面的例子:view "internal" { match-clients { 192.168.122.0/24; }; };也可以将view和acl结合起来应用,实现主机范围定义和view管理分离。具体如下所示:
acl "linuxer-com" { 192.168.122.0/24; }; view "internal" { match-clients { "linuxer-com"; }; };上面这种定义形式,后期如果需要修改view中的匹配主机,只需要修改acl即可。
后面将会使用这两种命令实现不同地区的域名解析。
2.2.1. 准备2个Web服务器
在上面的服务器角色分配中,c7u6s5、c7u6s6这两台是Web服务器。在这2台虚拟机上安装httpd服务,并创建index.html文件以及启动服务。具体如下所示:
- c7u6s5的Web服务准备
[root@c7u6s5 ~]# yum install -y httpd [root@c7u6s5 ~]# echo www.linuxer.com on c7u6s5 > /var/www/html/index.html [root@c7u6s5 ~]# systemctl start httpd [root@c7u6s5 ~]# curl localhost www.linuxer.com on c7u6s5 - c7u6s6的Web服务准备
至此,Web服务器准备完成,解析来配置两台DNS服务器。依然保留主从架构。[root@c7u6s6 ~]# yum install -y httpd [root@c7u6s6 ~]# echo www.linuxer.com on c7u6s6 > /var/www/html/index.html [root@c7u6s6 ~]# systemctl start httpd [root@c7u6s6 ~]# curl localhost www.linuxer.com on c7u6s6 [root@c7u6s6 ~]#
2.2.2. 准备智能DNS服务器
修改c7u6s3的DNS主配置文件,具体如下:
[root@c7u6s3 ~]# vim /etc/named.conf
[root@c7u6s3 ~]# cat /etc/named.conf
acl "beijing-acl" { 192.168.122.0/24; };
acl "shanghai-acl" { 10.0.0.0/24; };
options {
//listen-on port 53 { 127.0.0.1; };
//listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
recursion yes;
//dnssec-enable yes;
//dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.root.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
view "beijing" {
match-clients { "beijing-acl"; };
include "/etc/named.rfc1912.zones.beijing";
};
view "shanghai" {
match-clients { "shanghai-acl"; };
include "/etc/named.rfc1912.zones.shanghai";
};
接下来创建相关的3个zone的配置文件。具体如下所示:
[root@c7u6s3 ~]# cd /etc/
[root@c7u6s3 etc]# cp named.rfc1912.zones{,.beijing}
[root@c7u6s3 etc]# cp named.rfc1912.zones{,.shanghai}
[root@c7u6s3 etc]# ls -lh named.rfc1912.zones*
-rw-r----- 1 root named 931 Jun 21 2007 named.rfc1912.zones
-rw-r----- 1 root root 931 Jul 8 20:42 named.rfc1912.zones.beijing
-rw-r----- 1 root root 931 Jul 8 20:43 named.rfc1912.zones.shanghai
[root@c7u6s3 etc]# for f in named.rfc1912.zones{.beijing,.shanghai,.other}; do chgrp named $f; done
[root@c7u6s3 etc]# ls -lh named.rfc1912.zones*
-rw-r----- 1 root named 931 Jun 21 2007 named.rfc1912.zones
-rw-r----- 1 root named 931 Jul 8 20:42 named.rfc1912.zones.beijing
-rw-r----- 1 root named 931 Jul 8 20:43 named.rfc1912.zones.shanghai
[root@c7u6s3 etc]# vim named.rfc1912.zones.beijing
[root@c7u6s3 etc]# cat named.rfc1912.zones.beijing
zone "." IN {
type hint;
file "named.ca";
};
zone "linuxer.com." IN {
type master;
file "db.linuxer.com.beijing";
};
zone "localhost.localdomain" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "localhost" IN {
type master;
file "named.localhost";
allow-update { none; };
};
[root@c7u6s3 etc]# vim named.rfc1912.zones.shanghai
[root@c7u6s3 etc]# cat named.rfc1912.zones.shanghai
zone "." IN {
type hint;
file "named.ca";
};
zone "linuxer.com." IN {
type master;
file "db.linuxer.com.shanghai";
};
zone "localhost.localdomain" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "localhost" IN {
type master;
file "named.localhost";
allow-update { none; };
};
接下来创建域数据文件,具体如下所示:
[root@c7u6s3 etc]# cd /var/named/
[root@c7u6s3 named]# vim db.linuxer.com.beijing
[root@c7u6s3 named]# cat db.linuxer.com.beijing
$TTL 4h
linuxer.com. IN SOA dnsmaster.linuxer.com. admin.linuxer.com. (
2021070801
4h
1h
2d
1d
)
linuxer.com. IN NS masterdns.linuxer.com.
IN NS slavedns.linuxer.com.
;
; Host address
;
localhost.linuxer.com. IN A 127.0.0.1
masterdns.linuxer.com. IN A 192.168.122.13
slavedns.linuxer.com. IN A 192.168.122.14
www.linuxer.com. IN A 192.168.122.15
[root@c7u6s3 named]# vim db.linuxer.com.shanghai
[root@c7u6s3 named]# cat db.linuxer.com.shanghai
$TTL 4h
linuxer.com. IN SOA dnsmaster.linuxer.com. admin.linuxer.com. (
2021070801
4h
1h
2d
1d
)
linuxer.com. IN NS masterdns.linuxer.com.
IN NS slavedns.linuxer.com.
;
; Host address
;
localhost.linuxer.com. IN A 127.0.0.1
masterdns.linuxer.com. IN A 10.0.0.13
slavedns.linuxer.com. IN A 10.0.0.14
www.linuxer.com. IN A 10.0.0.16
[root@c7u6s3 named]# ls -lh db.*
-rw-r--r-- 1 root root 358 Jul 8 21:07 db.linuxer.com.beijing
-rw-r--r-- 1 root root 349 Jul 8 21:15 db.linuxer.com.shanghai
[root@c7u6s3 named]# for f in db.linuxer.com.{beijing,shanghai}; do chgrp named $f; done
[root@c7u6s3 named]# ls -lh db.*
-rw-r--r-- 1 root named 358 Jul 8 21:07 db.linuxer.com.beijing
-rw-r--r-- 1 root named 349 Jul 8 21:15 db.linuxer.com.shanghai
[root@c7u6s3 named]#
至此,masterdns上的相关的配置文件以及域数据文件就全部准备完成了,对配置文件和域数据文件进行检查,如下所示:
[root@c7u6s3 named]# named-checkconf
[root@c7u6s3 named]# named-checkzone linuxer.com. db.linuxer.com.beijing
zone linuxer.com/IN: loaded serial 2021070801
OK
[root@c7u6s3 named]# named-checkzone linuxer.com. db.linuxer.com.shanghai
zone linuxer.com/IN: loaded serial 2021070801
OK
[root@c7u6s3 named]#
检查通过,没有问题。
重启named服务,具体如下所示:
[root@c7u6s3 named]# systemctl status named
. named.service - Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named.service; disabled; vendor preset: disabled)
Active: active (running) since Thu 2021-07-08 21:20:45 CST; 4s ago
Process: 4740 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS (code=exited, status=0/SUCCESS)
Process: 4737 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS)
Main PID: 4742 (named)
CGroup: /system.slice/named.service
└─4742 /usr/sbin/named -u named -c /etc/named.conf
Jul 08 21:20:45 c7u6s3 named[4742]: all zones loaded
Jul 08 21:20:45 c7u6s3 named[4742]: running
Jul 08 21:20:45 c7u6s3 named[4742]: zone linuxer.com/IN/beijing: sending notifies (serial 2021070801)
Jul 08 21:20:45 c7u6s3 named[4742]: zone linuxer.com/IN/shanghai: sending notifies (serial 2021070801)
Jul 08 21:20:45 c7u6s3 named[4742]: zone linuxer.com/IN/others: sending notifies (serial 2021070801)
Jul 08 21:20:45 c7u6s3 systemd[1]: Started Berkeley Internet Name Domain (DNS).
Jul 08 21:20:45 c7u6s3 named[4742]: client @0x7f62f40b8160 192.168.122.14#47213 (linuxer.com): view beijing: transfer of 'linuxer.com/...1070801)
Jul 08 21:20:45 c7u6s3 named[4742]: client @0x7f62f40b8160 192.168.122.14#47213 (linuxer.com): view beijing: transfer of 'linuxer.com/...FR ended
Jul 08 21:20:45 c7u6s3 named[4742]: client @0x7f62f40a9b30 192.168.122.14#33528: view beijing: received notify for zone 'linuxer.com'
Jul 08 21:20:45 c7u6s3 named[4742]: client @0x7f62f40a9b30 192.168.122.13#47537: view beijing: received notify for zone 'linuxer.com'
Hint: Some lines were ellipsized, use -l to show in full.
[root@c7u6s3 named]#
服务正常启动,接下来在本地执行测试DNS解析,具体如下所示:
[root@c7u6s3 named]# dig www.linuxer.com @192.168.122.13
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.5 <<>> www.linuxer.com @192.168.122.13
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31310
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.linuxer.com. IN A
;; ANSWER SECTION:
www.linuxer.com. 14400 IN A 192.168.122.15
;; AUTHORITY SECTION:
linuxer.com. 14400 IN NS slavedns.linuxer.com.
linuxer.com. 14400 IN NS masterdns.linuxer.com.
;; ADDITIONAL SECTION:
masterdns.linuxer.com. 14400 IN A 192.168.122.13
slavedns.linuxer.com. 14400 IN A 192.168.122.14
;; Query time: 0 msec
;; SERVER: 192.168.122.13#53(192.168.122.13)
;; WHEN: Thu Jul 08 21:22:03 CST 2021
;; MSG SIZE rcvd: 139
[root@c7u6s3 named]# dig www.linuxer.com @10.0.0.13
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.5 <<>> www.linuxer.com @10.0.0.13
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23279
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.linuxer.com. IN A
;; ANSWER SECTION:
www.linuxer.com. 14400 IN A 10.0.0.16
;; AUTHORITY SECTION:
linuxer.com. 14400 IN NS masterdns.linuxer.com.
linuxer.com. 14400 IN NS slavedns.linuxer.com.
;; ADDITIONAL SECTION:
masterdns.linuxer.com. 14400 IN A 10.0.0.13
slavedns.linuxer.com. 14400 IN A 192.168.122.14
;; Query time: 0 msec
;; SERVER: 10.0.0.13#53(10.0.0.13)
;; WHEN: Thu Jul 08 21:22:10 CST 2021
;; MSG SIZE rcvd: 139
[root@c7u6s3 named]#
测试完成,可以正常解析。
接下来配置从服务器。具体如下所示:
将配置文件拷贝c7u6s4的/etc/目录中,具体如下所示:
[root@c7u6s3 etc]# rsync -av --progress -e 'ssh -p 22 -l root' named.conf named.rfc1912.zones.beijing named.rfc1912.zones.shanghai c7u6s4:/etc/
The authenticity of host 'c7u6s4 (192.168.122.14)' can't be established.
ECDSA key fingerprint is SHA256:En4RBpTbuC4cNM/VBs5mJWaG8zzYh/yk8XA374EtqMk.
ECDSA key fingerprint is MD5:45:62:d8:09:c1:05:72:93:c9:a0:24:bd:c4:7d:ce:62.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'c7u6s4,192.168.122.14' (ECDSA) to the list of known hosts.
root@c7u6s4's password:
sending incremental file list
named.conf
2,301 100% 776.37kB/s 0:00:00 (xfr#1, to-chk=3/4)
named.rfc1912.zones.beijing
1,088 100% 1.04MB/s 0:00:00 (xfr#2, to-chk=2/4)
named.rfc1912.zones.shanghai
1,091 100% 1.04MB/s 0:00:00 (xfr#4, to-chk=0/4)
sent 5,188 bytes received 110 bytes 815.08 bytes/sec
total size is 5,568 speedup is 1.05
[root@c7u6s3 etc]#
将域数据文件拷贝到c7u6s4服务器的/var/named/目录下。具体如下所示:
[root@c7u6s3 etc]# cd /var/named/
[root@c7u6s3 named]# rsync -av --progress -e 'ssh -p 22 -l root' db.linuxer.com.{beijing,shanghai} c7u6s4:/var/named/
root@c7u6s4's password:
sending incremental file list
db.linuxer.com.beijing
358 100% 0.00kB/s 0:00:00 (xfr#1, to-chk=2/3)
db.linuxer.com.shanghai
349 100% 340.82kB/s 0:00:00 (xfr#3, to-chk=0/3)
sent 1,305 bytes received 73 bytes 250.55 bytes/sec
total size is 1,061 speedup is 0.77
[root@c7u6s3 named]#
接下来重启c7u6s4的named服务。具体如下所示:
[root@c7u6s3 named]# systemctl -H c7u6s4 restart named
root@c7u6s4's password:
[root@c7u6s3 named]# systemctl -H c7u6s4 status named
root@c7u6s4's password:
. named.service - Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named.service; disabled; vendor preset: disabled)
Active: active (running) since Thu 2021-07-08 21:38:32 CST; 17s ago
Process: 20661 ExecStop=/bin/sh -c /usr/sbin/rndc stop > /dev/null 2>&1 || /bin/kill -TERM $MAINPID (code=exited, status=0/SUCCESS)
Process: 19963 ExecReload=/bin/sh -c /usr/sbin/rndc reload > /dev/null 2>&1 || /bin/kill -HUP $MAINPID (code=exited, status=0/SUCCESS)
Process: 20675 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS (code=exited, status=0/SUCCESS)
Process: 20672 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS)
Main PID: 20677
CGroup: /system.slice/named.service
[root@c7u6s3 named]#
在c7u6s4上测试DNS解析,具体如下所示:
[root@c7u6s4 etc]# dig www.linuxer.com @192.168.122.14
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.5 <<>> www.linuxer.com @192.168.122.14
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14632
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.linuxer.com. IN A
;; ANSWER SECTION:
www.linuxer.com. 14400 IN A 192.168.122.15
;; AUTHORITY SECTION:
linuxer.com. 14400 IN NS slavedns.linuxer.com.
linuxer.com. 14400 IN NS masterdns.linuxer.com.
;; ADDITIONAL SECTION:
masterdns.linuxer.com. 14400 IN A 192.168.122.13
slavedns.linuxer.com. 14400 IN A 192.168.122.14
;; Query time: 0 msec
;; SERVER: 192.168.122.14#53(192.168.122.14)
;; WHEN: Thu Jul 08 21:39:35 CST 2021
;; MSG SIZE rcvd: 139
[root@c7u6s4 etc]#
可以正常解析,至此,配置完成。
接下来准备在客户端进行测试。
2.3. 客户端测试
配置虚拟机c7u6s7的DNS服务器地址,将其指向192.168.122.13,具体如下所示:
[root@c7u6s7 ~]# nmcli con show
NAME UUID TYPE DEVICE
eth0 8f6a6c4c-5d92-4685-803f-d090591aedb1 ethernet eth0
[root@c7u6s7 ~]# ip addr show eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 52:54:00:94:6a:2f brd ff:ff:ff:ff:ff:ff
inet 192.168.122.17/24 brd 192.168.122.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet6 fe80::5054:ff:fe94:6a2f/64 scope link noprefixroute
valid_lft forever preferred_lft forever
[root@c7u6s7 ~]# cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 192.168.122.1
[root@c7u6s7 ~]#
[root@c7u6s7 ~]# nmcli con mod eth0 ipv4.dns 192.168.122.13
[root@c7u6s7 ~]# nmcli con mod eth0 +ipv4.dns 192.168.122.14
[root@c7u6s7 ~]# nmcli con reload
[root@c7u6s7 ~]# nmcli con up eth0
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/2)
[root@c7u6s7 ~]# cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 192.168.122.13
nameserver 192.168.122.14
[root@c7u6s7 ~]#
DNS服务器配置完成之后,进行域名解析测试,具体如下所示:
[root@c7u6s7 ~]# dig www.linuxer.com
; <<>> DiG 9.9.4-RedHat-9.9.4-72.el7 <<>> www.linuxer.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52709
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.linuxer.com. IN A
;; ANSWER SECTION:
www.linuxer.com. 14400 IN A 192.168.122.15
;; AUTHORITY SECTION:
linuxer.com. 14400 IN NS masterdns.linuxer.com.
linuxer.com. 14400 IN NS slavedns.linuxer.com.
;; ADDITIONAL SECTION:
masterdns.linuxer.com. 14400 IN A 192.168.122.13
slavedns.linuxer.com. 14400 IN A 192.168.122.14
;; Query time: 0 msec
;; SERVER: 192.168.122.13#53(192.168.122.13)
;; WHEN: Thu Jul 08 21:44:17 CST 2021
;; MSG SIZE rcvd: 139
[root@c7u6s7 ~]# host www.linuxer.com
www.linuxer.com has address 192.168.122.15
[root@c7u6s7 ~]# nslookup www.linuxer.com
Server: 192.168.122.13
Address: 192.168.122.13#53
Name: www.linuxer.com
Address: 192.168.122.15
[root@c7u6s7 ~]#
[root@c7u6s7 ~]# curl www.linuxer.com
www.linuxer.com on c7u6s5
[root@c7u6s7 ~]#
从上述输出中可以看出,域名解析正确。
接下来设置c7u6s8这个客户端的DNS服务器指向。具体如下所示:
[root@c7u6s8 ~]# nmcli con show
NAME UUID TYPE DEVICE
eth0 c4a95e8e-7cd0-44f0-b518-ddf17a7e511d ethernet eth0
[root@c7u6s8 ~]# ip addr show eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 52:54:00:81:56:3b brd ff:ff:ff:ff:ff:ff
inet 10.0.0.18/24 brd 10.0.0.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet6 fe80::5054:ff:fe81:563b/64 scope link noprefixroute
valid_lft forever preferred_lft forever
[root@c7u6s8 ~]#
[root@c7u6s8 ~]# nmcli con mod eth0 ipv4.dns 10.0.0.13
[root@c7u6s8 ~]# nmcli con mod eth0 +ipv4.dns 10.0.0.14
[root@c7u6s8 ~]# nmcli con reload
[root@c7u6s8 ~]# nmcli con up eth0
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/5)
[root@c7u6s8 ~]# cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 10.0.0.13
nameserver 10.0.0.14
[root@c7u6s8 ~]#
DNS服务器指向添加完成,接下来测试域名解析,具体如下所示:
[root@c7u6s8 ~]# dig www.linuxer.com
; <<>> DiG 9.9.4-RedHat-9.9.4-72.el7 <<>> www.linuxer.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7665
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.linuxer.com. IN A
;; ANSWER SECTION:
www.linuxer.com. 14400 IN A 10.0.0.16
;; AUTHORITY SECTION:
linuxer.com. 14400 IN NS masterdns.linuxer.com.
linuxer.com. 14400 IN NS slavedns.linuxer.com.
;; ADDITIONAL SECTION:
masterdns.linuxer.com. 14400 IN A 10.0.0.13
slavedns.linuxer.com. 14400 IN A 10.0.0.14
;; Query time: 0 msec
;; SERVER: 10.0.0.13#53(10.0.0.13)
;; WHEN: Thu Jul 08 21:52:57 CST 2021
;; MSG SIZE rcvd: 139
[root@c7u6s8 ~]# host www.linuxer.com
www.linuxer.com has address 10.0.0.16
[root@c7u6s8 ~]# nslookup www.linuxer.com
Server: 10.0.0.13
Address: 10.0.0.13#53
Name: www.linuxer.com
Address: 10.0.0.16
[root@c7u6s8 ~]#
[root@c7u6s8 ~]# curl www.linuxer.com
www.linuxer.com on c7u6s6
[root@c7u6s8 ~]#
至此,智能DNS服务器就搭建完成了,实现了不同区域的用户访问相同的站点时,从与其最近的缓存服务器上获取站点内容的目的。
3. 编译安装MySQL-5.7
下载MySQL-5.7的源码包,官网下载地址,下载下图棕色方框所选版本
3.1. 虚拟机的CPU和内存调整
将下载好的MySQL源码包从宿主机发送到虚拟机c7u6s2上。具体如下:
[root@LiuXianQiE mysql-5.7]# ls
mysql-5.7.32-1.el7.x86_64.rpm-bundle.tar mysql-5.7.32-el7-x86_64.tar mysql-5.7.32src.tar.gz src
mysql-5.7.32-el7-x86_64 mysql-5.7.32-el7-x86_64.tar.gz mysql-test-5.7.32-el7-x86_64.tar.gz
[root@LiuXianQiE mysql-5.7]# rsync -av --progress -e 'ssh -p 22 -l root' mysql-5.7.32src.tar.gz c7u6s2:~
sending incremental file list
mysql-5.7.32src.tar.gz
56,154,080 100% 354.45MB/s 0:00:00 (xfr#1, to-chk=0/1)
sent 56,167,889 bytes received 35 bytes 12,481,760.89 bytes/sec
total size is 56,154,080 speedup is 1.00
[root@LiuXianQiE mysql-5.7]#
在虚拟机上验证源码包的MD5校验和,与网页的MD5校验和一致。然后解包源码包,具体如下所示:
[root@c7u6s2 ~]# ls -lh mysql-5.7.32src.tar.gz
-rw-r--r-- 1 root root 54M Jul 1 17:03 mysql-5.7.32src.tar.gz
[root@c7u6s2 ~]# md5sum mysql-5.7.32src.tar.gz
c85e4dc80176925891f45180ef1c95e0 mysql-5.7.32src.tar.gz
[root@c7u6s2 ~]#
[root@c7u6s2 ~]# mkdir mysql-5.7
[root@c7u6s2 ~]# tar zxvf mysql-5.7.32src.tar.gz -C mysql-5.7
[root@c7u6s2 ~]# cd mysql-5.7/
[root@c7u6s2 mysql-5.7]# ls
mysql-5.7.32
[root@c7u6s2 mysql-5.7]# cd mysql-5.7.32/
[root@c7u6s2 mysql-5.7.32]# ls
BUILD config.h.cmake extra libmysql mysql-test rapid sql testclients zlib
client configure.cmake include libmysqld mysys README sql-common unittest
cmake dbug INSTALL libservices mysys_ssl regex storage VERSION
CMakeLists.txt Docs libbinlogevents LICENSE packaging scripts strings vio
cmd-line-utils Doxyfile-perfschema libbinlogstandalone man plugin source_downloads support-files win
[root@c7u6s2 mysql-5.7.32]#
在准备开始编译MySQL之前,先给虚拟机多分配一些CPU资源,同时增大内存,具体如下所示:
[root@LiuXianQiE ~]# virsh vcpucount c7u6s2
maximum config 2
maximum live 2
current config 2
current live 2
[root@LiuXianQiE ~]# virsh dommemstat c7u6s2
actual 1048576
swap_in 0
swap_out 0
major_fault 192
minor_fault 518616
unused 926512
available 1014724
usable 873600
last_update 1624416655
rss 1086068
[root@LiuXianQiE ~]#
从上述输出可以看出,虚拟机被分配了2个CPU核心,内存为1GB,下面调整虚拟机的CPU和新为10核,内存为4GB,具体如下所示:
[root@LiuXianQiE ~]# virsh setvcpus c7u6s2 10 --current --hotpluggable
error: invalid argument: requested vcpus is greater than max allowable vcpus for the live domain: 10 > 2
[root@LiuXianQiE ~]# virsh setvcpus c7u6s2 10 --maximum --config --hotpluggable
[root@LiuXianQiE ~]# virsh vcpucount c7u6s2
maximum config 10
maximum live 2
current config 2
current live 2
[root@LiuXianQiE ~]# virsh setvcpus c7u6s2 10 --live
error: invalid argument: requested vcpus is greater than max allowable vcpus for the live domain: 10 > 2
上述修改CPU数量的时候,提示指定的数量超过了最大限定的CUP数。通过命令行修改最大限定的CPU数之后,再次修改虚拟机的CPU数量的时候仍然报错,提示无法超过最大为2的限制。修改了虚拟机的最大CPU限制之后,需要重启虚拟机,然后再行分配即可。具体如下所示:
[root@c7u6s2 mysql-5.7.32]# systemctl reboot
Connection to c7u6s2 closed by remote host.
Connection to c7u6s2 closed.
[root@LiuXianQiE ~]#
[root@LiuXianQiE ~]# virsh vcpucount c7u6s2
maximum config 10
maximum live 2
current config 2
current live 2
[root@LiuXianQiE ~]# virsh setvcpus c7u6s2 10 --current --hotpluggable
error: invalid argument: requested vcpus is greater than max allowable vcpus for the live domain: 10 > 2
直接在虚拟机内部重启虚拟机,是无法完成配置文件加载的,所以此时修改虚拟机的CPU数量仍然是提示无法超越最大2个CPU的限制。
直接在宿主机中关闭虚拟机,然后再启动该虚拟机,然后就可以直接修改虚拟机的CPU数量了。具体如下所示:
[root@LiuXianQiE ~]# virsh shutdown c7u6s2
Domain c7u6s2 is being shutdown
[root@LiuXianQiE ~]# virsh list
Id Name State
----------------------------
12 ubuntu20u4 running
15 c7u6s3 running
17 c7u6s7 running
18 c7u6s8 running
19 c7u6s4 running
20 c7u6s5 running
21 c7u6s6 running
35 c7u6s10 running
39 c7u6s9 running
40 c7u6s1 running
[root@LiuXianQiE ~]# virsh start c7u6s2
Domain c7u6s2 started
[root@LiuXianQiE ~]#
[root@LiuXianQiE ~]# virsh setvcpus c7u6s2 10 --live
[root@LiuXianQiE ~]# virsh vcpucount c7u6s2
maximum config 10
maximum live 10
current config 2
current live 10
[root@LiuXianQiE ~]#
至此,虚拟机的CPU修改操作就完成了。
接下来设置虚拟机的内存,同样,需要先设置虚拟机可用内存的上限,然后才能在线修改虚拟机的内存。在虚拟机内执行reboot操作是无法加载配置文件,同样,在宿主机上执行virsh reboot c7u6s2也无法完成配置文件的重新加载。看来只能是先在宿主机中关闭虚拟机,然后再启动该虚拟机,才能完成配置文件的重新装载。具体如下所示:
[root@LiuXianQiE ~]# virsh setmaxmem c7u6s2 4G --config
[root@LiuXianQiE ~]# virsh setmem c7u6s2 4G --live
error: invalid argument: cannot set memory higher than max memory
[root@LiuXianQiE ~]# virsh reboot c7u6s2
Domain c7u6s2 is being rebooted
[root@LiuXianQiE ~]# virsh list
Id Name State
----------------------------
12 ubuntu20u4 running
15 c7u6s3 running
17 c7u6s7 running
18 c7u6s8 running
19 c7u6s4 running
20 c7u6s5 running
21 c7u6s6 running
35 c7u6s10 running
39 c7u6s9 running
40 c7u6s1 running
41 c7u6s2 running
[root@LiuXianQiE ~]# virsh setmem c7u6s2 4G --live
error: invalid argument: cannot set memory higher than max memory
[root@LiuXianQiE ~]# virsh shutdown c7u6s2
Domain c7u6s2 is being shutdown
[root@LiuXianQiE ~]# virsh list
Id Name State
----------------------------
12 ubuntu20u4 running
15 c7u6s3 running
17 c7u6s7 running
18 c7u6s8 running
19 c7u6s4 running
20 c7u6s5 running
21 c7u6s6 running
35 c7u6s10 running
39 c7u6s9 running
40 c7u6s1 running
[root@LiuXianQiE ~]#
[root@LiuXianQiE ~]# virsh start c7u6s2
Domain c7u6s2 started
[root@LiuXianQiE ~]# virsh setmem c7u6s2 4G --live
[root@LiuXianQiE ~]# virsh dominfo c7u6s2
Id: 42
Name: c7u6s2
UUID: 1e17de06-115b-4224-b6fe-c19fb7e600c6
OS Type: hvm
State: running
CPU(s): 2
CPU time: 13.3s
Max memory: 4194304 KiB
Used memory: 4194304 KiB
Persistent: yes
Autostart: disable
Managed save: no
Security model: none
Security DOI: 0
[root@LiuXianQiE ~]#
[root@LiuXianQiE ~]# virsh setvcpus c7u6s2 10 --current
[root@LiuXianQiE ~]# virsh dominfo c7u6s2
Id: 42
Name: c7u6s2
UUID: 1e17de06-115b-4224-b6fe-c19fb7e600c6
OS Type: hvm
State: running
CPU(s): 10
CPU time: 13.8s
Max memory: 4194304 KiB
Used memory: 4194304 KiB
Persistent: yes
Autostart: disable
Managed save: no
Security model: none
Security DOI: 0
[root@LiuXianQiE ~]#
重启完系统之后,内存是能修改了,但是此前调整的CPU数量又恢复到默认的2颗了。因为之前在修改CPU数量的时候没有指定--config这个选项,所以是临时生效。下次重启又会回到默认的2颗。此处设置的内存数量同理,重启之后,仍然会恢复到1G的状态。
至此,CPU的核心数设置为10,内存设置为4G,可以准备开始编译安装MySQL了。
登录到虚拟机上查看修改后的CPU和内存的信息,具体如下所示:
[root@c7u6s2 ~]# lscpu
Architecture: x86_64
CPU op-mode(s): 32-bit, 64-bit
Byte Order: Little Endian
CPU(s): 10
On-line CPU(s) list: 0-9
Thread(s) per core: 1
Core(s) per socket: 1
Socket(s): 10
NUMA node(s): 1
Vendor ID: AuthenticAMD
CPU family: 23
Model: 1
Model name: AMD EPYC Processor (with IBPB)
Stepping: 2
CPU MHz: 3799.964
BogoMIPS: 7599.92
Hypervisor vendor: KVM
Virtualization type: full
L1d cache: 32K
L1i cache: 64K
L2 cache: 512K
L3 cache: 8192K
NUMA node0 CPU(s): 0-9
Flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 syscall nx mmxext fxsr_opt pdpe1gb rdtscp lm art rep_good nopl xtopology extd_apicid eagerfpu pni pclmulqdq ssse3 fma cx16 sse4_1 sse4_2 x2apic movbe popcnt aes xsave avx f16c rdrand hypervisor lahf_lm cr8_legacy abm sse4a misalignsse 3dnowprefetch osvw topoext retpoline_amd ibpb vmmcall fsgsbase bmi1 avx2 smep bmi2 rdseed adx smap clflushopt sha_ni xsaveopt xsavec xgetbv1 arat
[root@c7u6s2 ~]# free -m
total used free shared buff/cache available
Mem: 3949 107 3721 8 119 3649
Swap: 1023 0 1023
[root@c7u6s2 ~]#
3.2. 编译安装MySQL-5.7
要编译安装MySQL,需要准备一下虚拟机的系统环境,安装开发相关的库和软件包。
开发的基础环境可以通过安装@development完成。除此之外,还需要如下软件包和库:
- cmake
- ncurses
- openssl-devel
- ncurses-devel
具体如下所示:
[root@c7u6s2 mysql-5.7.32]# yum install -y @development ncurses
[root@c7u6s2 mysql-5.7.32]# rpm -qa | egrep cmake
[root@c7u6s2 mysql-5.7.32]# rpm -qa | egrep ncurses
ncurses-base-5.9-14.20130511.el7_4.noarch
ncurses-libs-5.9-14.20130511.el7_4.x86_64
ncurses-5.9-14.20130511.el7_4.x86_64
[root@c7u6s2 mysql-5.7.32]# yum install -y cmake openssl-devel ncurses-devel
接下来准备尝试编译安装。
由于cmake可以在源文件之外进行编译,所以可以在源码目录中创建一个目录,然后在这个目录里面编译,这样可以实现多种特定环境的编译操作。具体如下所示:
[root@c7u6s2 mysql-5.7.32]# ls
BUILD config.h.cmake extra libmysql mysql-test rapid sql testclients zlib
client configure.cmake include libmysqld mysys README sql-common unittest
cmake dbug INSTALL libservices mysys_ssl regex storage VERSION
CMakeLists.txt Docs libbinlogevents LICENSE packaging scripts strings vio
cmd-line-utils Doxyfile-perfschema libbinlogstandalone man plugin source_downloads support-files win
[root@c7u6s2 mysql-5.7.32]# mkdir bld
[root@c7u6s2 mysql-5.7.32]# cd bld
[root@c7u6s2 bld]# cmake ..
-- LOCAL_BOOST_ZIP
-- Could not find (the correct version of) boost.
-- MySQL currently requires boost_1_59_0
CMake Error at cmake/boost.cmake:88 (MESSAGE):
You can download it with -DDOWNLOAD_BOOST=1 -DWITH_BOOST=<directory>
This CMake script will look for boost in <directory>. If it is not there,
it will download and unpack it (in that directory) for you.
If you are inside a firewall, you may need to use an http proxy:
export http_proxy=http://example.com:80
Call Stack (most recent call first):
cmake/boost.cmake:245 (COULD_NOT_FIND_BOOST)
CMakeLists.txt:548 (INCLUDE)
-- Configuring incomplete, errors occurred!
See also "/root/mysql-5.7/mysql-5.7.32/bld/CMakeFiles/CMakeOutput.log".
See also "/root/mysql-5.7/mysql-5.7.32/bld/CMakeFiles/CMakeError.log".
[root@c7u6s2 bld]#
上述输出提示当前编译安装的MySQL版本需要boost,且版本要求为1.59,系统上并没有对应的版本存在,所以直接从boost官方站点下载1.59版的源码,然后编译安装。boost-1.59源码下载路径
将下载到宿主机上的boost-1.59软件源码包传送到虚拟机,然后编译。具体如下所示:
[root@LiuXianQiE mysql-5.7]# ls -hl boost_1_59_0.tar.gz
-rwxrwxr--+ 1 root root 80M Jul 3 23:56 boost_1_59_0.tar.gz
[root@LiuXianQiE mysql-5.7]# rsync -av --progress -e 'ssh -p 22 -l root' boost_1_59_0.tar.gz c7u6s2:~
sending incremental file list
boost_1_59_0.tar.gz
83,709,983 100% 345.46MB/s 0:00:00 (xfr#1, to-chk=0/1)
sent 83,730,517 bytes received 35 bytes 23,923,014.86 bytes/sec
total size is 83,709,983 speedup is 1.00
[root@LiuXianQiE mysql-5.7]#
在虚拟机上解包并准备编译安装boost-1.59。具体如下所示:
[root@c7u6s2 ~]# tar zxvf boost_1_59_0.tar.gz
[root@c7u6s2 boost_1_59_0]# cd
[root@c7u6s2 ~]# cd boost_1_59_0/
[root@c7u6s2 boost_1_59_0]# ls -F
b2* boost/ boostcpp.jam boost.png bootstrap.log doc/ index.html Jamroot LICENSE_1_0.txt project-config.jam status/
bjam* boost-build.jam boost.css bootstrap.bat bootstrap.sh* index.htm INSTALL libs/ more/ rst.css tools/
[root@c7u6s2 boost_1_59_0]#
[root@c7u6s2 boost_1_59_0]# bash bootstrap.sh --prefix=/usr/local/boost-1.59
Building Boost.Build engine with toolset gcc... tools/build/src/engine/bin.linuxx86_64/b2
Detecting Python version... 2.7
Detecting Python root... /usr
Unicode/ICU support for Boost.Regex?... /usr
Generating Boost.Build configuration in project-config.jam...
Bootstrapping is done. To build, run:
./b2
To adjust configuration, edit 'project-config.jam'.
Further information:
- Command line help:
./b2 --help
- Getting started guide:
http://www.boost.org/more/getting_started/unix-variants.html
- Boost.Build documentation:
http://www.boost.org/build/doc/html/index.html
[root@c7u6s2 boost_1_59_0]#
[root@c7u6s2 boost_1_59_0]# ./b2
gcc.compile.c++ bin.v2/libs/wave/build/gcc-4.8.5/release/link-static/threading-multi/token_ids.o
gcc.compile.c++ bin.v2/libs/wave/build/gcc-4.8.5/release/link-static/threading-multi/wave_config_constant.o
common.mkdir bin.v2/libs/wave/build/gcc-4.8.5/release/link-static/threading-multi/cpplexer
common.mkdir bin.v2/libs/wave/build/gcc-4.8.5/release/link-static/threading-multi/cpplexer/re2clex
gcc.compile.c++ bin.v2/libs/wave/build/gcc-4.8.5/release/link-static/threading-multi/cpplexer/re2clex/aq.o
gcc.compile.c++ bin.v2/libs/wave/build/gcc-4.8.5/release/link-static/threading-multi/cpplexer/re2clex/cpp_re.o
gcc.archive bin.v2/libs/wave/build/gcc-4.8.5/release/link-static/threading-multi/libboost_wave.a
common.copy stage/lib/libboost_wave.a
...failed updating 58 targets...
...skipped 12 targets...
...updated 1053 targets...
[root@c7u6s2 boost_1_59_0]# ./b2 install
ln-UNIX /usr/local/boost-1.59/lib/libboost_unit_test_framework.so
common.copy /usr/local/boost-1.59/lib/libboost_wave.so.1.59.0
ln-UNIX /usr/local/boost-1.59/lib/libboost_wave.so
common.copy /usr/local/boost-1.59/lib/libboost_exception.a
common.copy /usr/local/boost-1.59/lib/libboost_system.a
common.copy /usr/local/boost-1.59/lib/libboost_chrono.a
common.copy /usr/local/boost-1.59/lib/libboost_timer.a
common.copy /usr/local/boost-1.59/lib/libboost_test_exec_monitor.a
...failed updating 58 targets...
...skipped 12 targets...
...updated 11813 targets...
[root@c7u6s2 boost_1_59_0]# ls /usr/local/boost-1.59/ -F
include/ lib/
[root@c7u6s2 boost_1_59_0]#
至此,boost-1.59编译安装完成,接下来配置环境变量。
[root@c7u6s2 boost]# pwd
/usr/local/boost-1.59/include/boost
[root@c7u6s2 boost]# ln -s `pwd` /usr/include/boost
[root@c7u6s2 boost]# cd ../../lib/
[root@c7u6s2 lib]# ln -s `pwd` /usr/lib64/boost
至此,切换到MySQL目录重新编译,如下所示:
[root@c7u6s2 bld]# pwd
/root/mysql-5.7/mysql-5.7.32/bld
[root@c7u6s2 bld]# cmake ..
-- Configuring done
-- Generating done
-- Build files have been written to: /root/mysql-5.7/mysql-5.7.32/bld
[root@c7u6s2 bld]# echo $?
0
[root@c7u6s2 bld]#
[root@c7u6s2 bld]# make -j 10
Linking CXX static library ../../archive_output_directory/libinnobase.a
[ 80%] Building CXX object storage/innobase/CMakeFiles/innobase_embedded.dir/ut/ut0dbg.cc.o
[ 80%] Building CXX object storage/innobase/CMakeFiles/innobase_embedded.dir/ut/ut0list.cc.o
[ 80%] Building CXX object libmysqld/CMakeFiles/sql_embedded.dir/__/sql/item_strfunc.cc.o
[ 80%] Building CXX object storage/innobase/CMakeFiles/innobase_embedded.dir/ut/ut0mem.cc.o
[ 80%] Built target innobase
c++: internal compiler error: Killed (program cc1plus)
Please submit a full bug report,
with preprocessed source if appropriate.
See <http://bugzilla.redhat.com/bugzilla> for instructions.
[ 81%] make[2]: *** [libmysqld/CMakeFiles/sql_embedded.dir/__/sql/item_geofunc.cc.o] Error 4
make[2]: *** Waiting for unfinished jobs....
[ 81%] Building CXX object libmysqld/CMakeFiles/sql_embedded.dir/__/sql/item_subselect.cc.o
Building CXX object storage/innobase/CMakeFiles/innobase_embedded.dir/ut/ut0new.cc.o
[ 81%] Building CXX object storage/innobase/CMakeFiles/innobase_embedded.dir/ut/ut0rbt.cc.o
[ 81%] Building CXX object storage/innobase/CMakeFiles/innobase_embedded.dir/ut/ut0rnd.cc.o
[ 81%] Building CXX object storage/innobase/CMakeFiles/innobase_embedded.dir/ut/ut0ut.cc.o
[ 81%] Building CXX object storage/innobase/CMakeFiles/innobase_embedded.dir/ut/ut0vec.cc.o
[ 81%] Building CXX object storage/innobase/CMakeFiles/innobase_embedded.dir/ut/ut0wqueue.cc.o
Linking CXX static library ../../archive_output_directory/libinnobase_embedded.a
[ 81%] Built target innobase_embedded
make[1]: *** [libmysqld/CMakeFiles/sql_embedded.dir/all] Error 2
make: *** [all] Error 2
[root@c7u6s2 bld]#
上述报错提示 c++: internal compiler error: Killed (program cc1plus) ,可能是因为采用10个jobs共同运行,而内存只有4GB,内存不足造成的c++编译器工作异常。
所以接下来将c7u6s2这个虚拟机的内存提升到16GB,具体如下所示:
[root@LiuXianQiE mysql-5.7]# virsh setmaxmem c7u6s2 16G --config
[root@LiuXianQiE mysql-5.7]# virsh shutdown c7u6s2
Domain c7u6s2 is being shutdown
[root@LiuXianQiE mysql-5.7]# virsh list
Id Name State
----------------------------
12 ubuntu20u4 running
15 c7u6s3 running
17 c7u6s7 running
18 c7u6s8 running
19 c7u6s4 running
20 c7u6s5 running
21 c7u6s6 running
35 c7u6s10 running
39 c7u6s9 running
40 c7u6s1 running
[root@LiuXianQiE mysql-5.7]#
[root@LiuXianQiE mysql-5.7]# virsh start c7u6s2
Domain c7u6s2 started
[root@LiuXianQiE mysql-5.7]# virsh dominfo c7u6s2
Id: 43
Name: c7u6s2
UUID: 1e17de06-115b-4224-b6fe-c19fb7e600c6
OS Type: hvm
State: running
CPU(s): 2
CPU time: 4.7s
Max memory: 16777216 KiB
Used memory: 16777216 KiB
Persistent: yes
Autostart: disable
Managed save: no
Security model: none
Security DOI: 0
[root@LiuXianQiE mysql-5.7]# virsh setvcpus c7u6s2 10 --current
[root@LiuXianQiE mysql-5.7]# virsh setmem c7u6s2 16G --current
[root@LiuXianQiE mysql-5.7]# virsh dominfo c7u6s2
Id: 43
Name: c7u6s2
UUID: 1e17de06-115b-4224-b6fe-c19fb7e600c6
OS Type: hvm
State: running
CPU(s): 10
CPU time: 22.0s
Max memory: 16777216 KiB
Used memory: 16777216 KiB
Persistent: yes
Autostart: disable
Managed save: no
Security model: none
Security DOI: 0
[root@LiuXianQiE mysql-5.7]#
在虚拟机种查看如下:
[root@LiuXianQiE ~]# ssh c7u6s2
Last login: Sun Jul 4 00:45:49 2021 from 192.168.122.1
[root@c7u6s2 ~]# lscpu
Architecture: x86_64
CPU op-mode(s): 32-bit, 64-bit
Byte Order: Little Endian
CPU(s): 10
On-line CPU(s) list: 0-9
Thread(s) per core: 1
Core(s) per socket: 1
Socket(s): 10
NUMA node(s): 1
Vendor ID: AuthenticAMD
CPU family: 23
Model: 1
Model name: AMD EPYC Processor (with IBPB)
Stepping: 2
CPU MHz: 3799.964
BogoMIPS: 7599.92
Hypervisor vendor: KVM
Virtualization type: full
L1d cache: 32K
L1i cache: 64K
L2 cache: 512K
L3 cache: 8192K
NUMA node0 CPU(s): 0-9
Flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 syscall nx mmxext fxsr_opt pdpe1gb rdtscp lm art rep_good nopl xtopology extd_apicid eagerfpu pni pclmulqdq ssse3 fma cx16 sse4_1 sse4_2 x2apic movbe popcnt aes xsave avx f16c rdrand hypervisor lahf_lm cr8_legacy abm sse4a misalignsse 3dnowprefetch osvw topoext retpoline_amd ibpb vmmcall fsgsbase bmi1 avx2 smep bmi2 rdseed adx smap clflushopt sha_ni xsaveopt xsavec xgetbv1 arat
[root@c7u6s2 ~]# free -g
total used free shared buff/cache available
Mem: 15 0 15 0 0 15
Swap: 0 0 0
[root@c7u6s2 ~]# free -m
total used free shared buff/cache available
Mem: 16045 171 15750 8 123 15632
Swap: 1023 0 1023
[root@c7u6s2 ~]#
CPU依然分配10个核心,内存提升到16GB,再次进行编译,具体如下所示:
[root@c7u6s2 ~]# cd mysql-5.7/
[root@c7u6s2 mysql-5.7]# ls
mysql-5.7.32
[root@c7u6s2 mysql-5.7]# cd mysql-5.7.32/
[root@c7u6s2 mysql-5.7.32]# ls
bld cmd-line-utils Doxyfile-perfschema libbinlogstandalone man plugin source_downloads support-files win
BUILD config.h.cmake extra libmysql mysql-test rapid sql testclients zlib
client configure.cmake include libmysqld mysys README sql-common unittest
cmake dbug INSTALL libservices mysys_ssl regex storage VERSION
CMakeLists.txt Docs libbinlogevents LICENSE packaging scripts strings vio
[root@c7u6s2 mysql-5.7.32]# cd bld/
[root@c7u6s2 bld]# ls
archive_output_directory CPackConfig.cmake find_libevent_version.c libmysqld mysys scripts unittest
client CPackSourceConfig.cmake include libservices mysys_ssl sql VERSION.dep
CMakeCache.txt CTestTestfile.cmake info_macros.cmake make_dist.cmake packaging storage vio
CMakeFiles dbug libbinlogevents Makefile plugin strings zlib
cmake_install.cmake Docs libbinlogstandalone man rapid support-files
cmd-line-utils extra libmysql mysql-test regex testclients
[root@c7u6s2 bld]# make -j 10 clean
[root@c7u6s2 bld]# cmake .. -DCMAKE_INSTALL_PREFIX=/usr/local/mysql-5.7.32 -DSYSCONFDIR=/etc/mysql/ -DMYSQL_TCP_PORT=3306 -DMYSQL_UNIX_ADDR=/var/lib/mysql/mysql.sock -DDEFAULT_CHARSET=utf8 -DMYSQL_DATADIR=/data/mysql/data -DENABLED_LOCAL_INFILE=1 -DEXTRA_CHARSETS=all -DDEFAULT_COLLATION=utf8_general_ci -DDOWNLOAD_BOOST=ON
-- Running cmake version 2.8.12.2
-- Configuring with MAX_INDEXES = 64U
-- CMAKE_GENERATOR: Unix Makefiles
-- SIZEOF_VOIDP 8
-- MySQL 5.7.32
-- Packaging as: mysql-5.7.32-Linux-x86_64
-- Downloading boost_1_59_0.tar.gz to /usr/lib64/boost
-- [download 100% complete]
-- [download 0% complete]
-- [download 1% complete]
-- [download 2% complete]
-- [download 3% complete]
-- [download 4% complete]
-- [download 5% complete]
-- [download 6% complete]
...
-- CMAKE_C_LINK_FLAGS:
-- CMAKE_CXX_LINK_FLAGS:
-- CMAKE_C_FLAGS_RELWITHDEBINFO: -O3 -g -fabi-version=2 -fno-omit-frame-pointer -fno-strict-aliasing -DDBUG_OFF
-- CMAKE_CXX_FLAGS_RELWITHDEBINFO: -O3 -g -fabi-version=2 -fno-omit-frame-pointer -fno-strict-aliasing -DDBUG_OFF
-- Configuring done
-- Generating done
-- Build files have been written to: /root/mysql-5.7/mysql-5.7.32/bld
[root@c7u6s2 bld]#
[root@c7u6s2 bld]# make -j 10
...
[100%] Building CXX object sql/CMakeFiles/sql.dir/auth/sha2_password_common.cc.o
[100%] Building CXX object sql/CMakeFiles/sql.dir/mysqld_daemon.cc.o
Linking CXX static library ../archive_output_directory/libsql.a
[100%] Built target sql
Scanning dependencies of target mysqld
Scanning dependencies of target pfs_connect_attr-t
[100%] Building CXX object sql/CMakeFiles/mysqld.dir/main.cc.o
Linking CXX executable mysqld
[100%] [100%] [100%] Building CXX object storage/perfschema/unittest/CMakeFiles/pfs_connect_attr-t.dir/__/__/__/sql/sql_builtin.cc.o
Building CXX object storage/perfschema/unittest/CMakeFiles/pfs_connect_attr-t.dir/pfs_connect_attr-t.cc.o
Building C object storage/perfschema/unittest/CMakeFiles/pfs_connect_attr-t.dir/__/__/__/mysys/string.c.o
Linking CXX executable pfs_connect_attr-t
[100%] Built target mysqld
[100%] Built target pfs_connect_attr-t
[root@c7u6s2 bld]#
[root@c7u6s2 bld]# make -j 10 install
-- Installing: /usr/local/mysql-5.7.32/./README-test
-- Installing: /usr/local/mysql-5.7.32/mysql-test/mtr
-- Installing: /usr/local/mysql-5.7.32/mysql-test/mysql-test-run
-- Installing: /usr/local/mysql-5.7.32/mysql-test/lib/My/SafeProcess/my_safe_process
-- Up-to-date: /usr/local/mysql-5.7.32/mysql-test/lib/My/SafeProcess/my_safe_process
-- Installing: /usr/local/mysql-5.7.32/mysql-test/lib/My/SafeProcess/Base.pm
-- Installing: /usr/local/mysql-5.7.32/support-files/mysqld_multi.server
-- Installing: /usr/local/mysql-5.7.32/support-files/mysql-log-rotate
-- Installing: /usr/local/mysql-5.7.32/support-files/magic
-- Installing: /usr/local/mysql-5.7.32/share/aclocal/mysql.m4
-- Installing: /usr/local/mysql-5.7.32/support-files/mysql.server
[root@c7u6s2 bld]# echo $?
0
[root@c7u6s2 bld]# cd /usr/local/mysql-5.7.32/
[root@c7u6s2 mysql-5.7.32]# ls
bin docs include lib LICENSE man mysql-test README README-test share support-files
[root@c7u6s2 mysql-5.7.32]# cd bin/
[root@c7u6s2 bin]# ls
innochecksum mysql mysql_config_editor mysqlimport mysql_ssl_rsa_setup replace
lz4_decompress mysqladmin mysqld mysql_install_db mysqltest resolveip
myisamchk mysqlbinlog mysqld_multi mysql_plugin mysqltest_embedded resolve_stack_dump
myisam_ftdump mysqlcheck mysqld_safe mysqlpump mysql_tzinfo_to_sql zlib_decompress
myisamlog mysql_client_test mysqldump mysql_secure_installation mysql_upgrade
myisampack mysql_client_test_embedded mysqldumpslow mysqlshow mysqlxtest
my_print_defaults mysql_config mysql_embedded mysqlslap perror
[root@c7u6s2 bin]# pwd
/usr/local/mysql-5.7.32/bin
[root@c7u6s2 bin]#
至此,MySQL-5.7的编译安装操作完成。接下来创建mysql用户和组,具体如下所示:
[root@c7u6s2 mysql-5.7.32]# id 306
id: 306: no such user
[root@c7u6s2 mysql-5.7.32]# groupadd -g 306 mysql
[root@c7u6s2 mysql-5.7.32]# useradd -r -g mysql -u 306 -s /bin/false -d /data/mysql/data mysql
[root@c7u6s2 mysql-5.7.32]# id mysql
uid=306(mysql) gid=306(mysql) groups=306(mysql)
[root@c7u6s2 mysql-5.7.32]# getent passwd mysql
mysql:x:306:306::/data/mysql/data:/bin/false
[root@c7u6s2 mysql-5.7.32]#
[root@c7u6s2 mysql-5.7.32]# getent group mysql
mysql:x:306:
[root@c7u6s2 mysql-5.7.32]#
实际上,可以不用自己编译安装boost,在执行cmake的时候,指定选项-DDOWNLOAD_BOOST=ON就会自动将boost-1.59下载到/usr/lib64/boost这个目录下面,并自动解压缩。实际上我自己编译安装的boost在执行cmake命令的时候,通过选项-DWITH_BOOST=/usr/lib64/boost -DBOOST_INCLUDE_DIR=/usr/include/boost的时候,始终提示找不到合适版本的boost。所以上面的编译步骤中,自己下载boost-1.59并编译安装这步是可以省略掉的。
接下来进行安装后设置。
[root@c7u6s2 mysql-5.7.32]# chmod 750 /data/mysql
[root@c7u6s2 mysql-5.7.32]# chown -R mysql.mysql /data/mysql
[root@c7u6s2 mysql-5.7.32]# bin/mysqld --initialize --user=mysql --datadir=/data/mysql/data
2021-07-04T05:37:09.320659Z 0 [Warning] TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details).
2021-07-04T05:37:12.453872Z 0 [Warning] InnoDB: New log files created, LSN=45790
2021-07-04T05:37:12.479923Z 0 [Warning] InnoDB: Creating foreign key constraint system tables.
2021-07-04T05:37:12.535556Z 0 [Warning] No existing UUID has been found, so we assume that this is the first time that this server has been started. Generating a new UUID: e2022bef-dc89-11eb-8d7e-52540033c57b.
2021-07-04T05:37:12.536797Z 0 [Warning] Gtid table is not ready to be used. Table 'mysql.gtid_executed' cannot be opened.
2021-07-04T05:37:12.783697Z 0 [Warning] CA certificate ca.pem is self signed.
2021-07-04T05:37:12.820254Z 1 [Note] A temporary password is generated for root@localhost: ktqspzU3d=ig
[root@c7u6s2 mysql-5.7.32]#
[root@c7u6s2 mysql-5.7.32]# bin/mysql_ssl_rsa_setup
[root@c7u6s2 mysql-5.7.32]# ls /data/mysql/data/
auto.cnf ca.pem client-key.pem ibdata1 ib_logfile1 performance_schema public_key.pem server-key.pem
ca-key.pem client-cert.pem ib_buffer_pool ib_logfile0 mysql private_key.pem server-cert.pem sys
[root@c7u6s2 mysql-5.7.32]#
[root@c7u6s2 mysql-5.7.32]# mkdir -p /var/log/mysql
[root@c7u6s2 mysql-5.7.32]# chown mysql.mysql /var/log/mysql
[root@c7u6s2 mysql-5.7.32]# mkdir /var/run/mysql
[root@c7u6s2 mysql-5.7.32]# chown mysql.mysql /var/run/mysql
[root@c7u6s2 mysql-5.7.32]# chmod 750 /var/run/mysql
[root@c7u6s2 mysql-5.7.32]# bin/mysqld_safe --user=mysql --defaults-file=/etc/my.cnf &
[1] 27784
[root@c7u6s2 mysql-5.7.32]# 2021-07-04T05:42:15.706215Z mysqld_safe Logging to '/var/log/mysql/mysql.log'.
2021-07-04T05:42:15.719141Z mysqld_safe Starting mysqld daemon with databases from /data/mysql/data
[root@c7u6s2 mysql-5.7.32]# jobs
[1]+ Running bin/mysqld_safe --user=mysql --defaults-file=/etc/my.cnf &
[root@c7u6s2 mysql-5.7.32]#
[root@c7u6s2 mysql-5.7.32]# bin/mysql -uroot -pktqspzU3d=ig --socket=/data/mysql/data/mysql.sock
mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 2
Server version: 5.7.32
Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> alter user root@localhost identified by 'password';
Query OK, 0 rows affected (0.00 sec)
mysql>
[root@c7u6s2 mysql-5.7.32]# cat /etc/my.cnf
[mysqld]
datadir=/data/mysql/data/
socket=/data/mysql/data/mysql.sock
# Disabling symbolic-links is recommended to prevent assorted security risks
symbolic-links=0
# Settings user and group are ignored when systemd is used.
# If you need to run mysqld under a different user or group,
# customize your systemd unit file for mariadb according to the
# instructions in http://fedoraproject.org/wiki/Systemd
[mysqld_safe]
log-error=/var/log/mysql/mysql.log
pid-file=/var/run/mysql/mysql.pid
#
# include all files from the config directory
#
!includedir /etc/my.cnf.d
[mysql]
socket=/data/mysql/data/mysql.sock
[root@c7u6s2 mysql-5.7.32]#
[root@c7u6s2 mysql-5.7.32]# bin/mysql -uroot -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 4
Server version: 5.7.32 Source distribution
Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
| sys |
+--------------------+
4 rows in set (0.00 sec)
mysql>
MySQL初始化数据库的的时候,会给root@localhost用户生成临时密码:2021-07-04T05:37:12.820254Z 1 [Note] A temporary password is generated for root@localhost: ktqspzU3d=ig,此处的密码就是 ktqspzU3d=ig 。
至此,MySQL的编译安装、安装后的设置操作就完成了。接下来设置环境变量、服务文件等配置。MySQL-5.7并没有提供systemd对应的服务文件,此处准备手动构建一个这样的文件。
先设置基本的环境变量。具体如下:
[root@c7u6s2 mysql-5.7.32]# cd bin/
[root@c7u6s2 bin]# pwd >> /etc/profile.d/mysql.sh
[root@c7u6s2 man]# pwd >> /etc/profile.d/mysql.sh
[root@c7u6s2 include]# vim /etc/profile.d/mysql.sh
[root@c7u6s2 include]# cat /etc/profile.d/mysql.sh
export PATH=${PATH}:/usr/local/mysql-5.7.32/bin
export MANPATH=${MANPATH}:/usr/local/mysql-5.7.32/man
[root@c7u6s2 include]# . /etc/profile
[root@c7u6s2 include]# which mysql
/usr/local/mysql-5.7.32/bin/mysql
[root@c7u6s2 include]#
[root@c7u6s2 include]# ln -s `pwd` /usr/include/mysql
[root@c7u6s2 include]# ls -lh /usr/include/mysql
lrwxrwxrwx 1 root root 31 Jul 4 13:53 /usr/include/mysql -> /usr/local/mysql-5.7.32/include
[root@c7u6s2 include]# cd ..
[root@c7u6s2 mysql-5.7.32]# cd lib/
[root@c7u6s2 lib]# ls
libmysqlclient.a libmysqlclient.so libmysqlclient.so.20 libmysqlclient.so.20.3.19 libmysqld.a libmysqlservices.a pkgconfig plugin
[root@c7u6s2 lib]# ln -s `pwd` /usr/lib64/mysql
[root@c7u6s2 lib]# ls -lh /usr/lib64/mysql
total 3.0M
lrwxrwxrwx 1 root root 27 Jul 4 13:54 lib -> /usr/local/mysql-5.7.32/lib
lrwxrwxrwx. 1 root root 24 Feb 18 2020 libmysqlclient.so.18 -> libmysqlclient.so.18.0.0
-rwxr-xr-x. 1 root root 3.0M Aug 16 2018 libmysqlclient.so.18.0.0
drwxr-xr-x. 2 root root 54 Feb 18 2020 plugin
接下来设置systemd风格的服务管理文件,具体如下所示:
[root@c7u6s2 mysql-5.7.32]# vim /usr/lib/systemd/system/mysqld.service
[root@c7u6s2 mysql-5.7.32]# cat /usr/lib/systemd/system/mysqld.service
[Unit]
Description=MySQL Daemon
Documentation=man:mysql(1) man:mysqld(8)
After=network.target syslog.target
[Service]
User=mysql
Group=mysql
Type=simple
ExecStart=/usr/local/mysql-5.7.32/bin/mysqld
EnvironmentFile=-/etc/my.cnf
Restart=on-failure
TimeoutSec=15
[Install]
WantedBy=multi-user.target
[root@c7u6s2 mysql-5.7.32]#
[root@c7u6s2 mysql-5.7.32]# systemctl restart mysqld
Job for mysqld.service failed because a fatal signal was delivered to the control process. See "systemctl status mysqld.service" and "journalctl -xe" for details.
[root@c7u6s2 mysql-5.7.32]# systemctl status mysqld
. mysqld.service - MySQL Daemon
Loaded: loaded (/usr/lib/systemd/system/mysqld.service; disabled; vendor preset: disabled)
Active: deactivating (final-sigterm) (Result: timeout)
Docs: man:mysql(1)
man:mysqld(8)
Control: 29006 (mysqld)
CGroup: /system.slice/mysqld.service
└─29006 /usr/local/mysql-5.7.32/bin/mysqld --basedir=/usr/local/mysql-5.7.32 --datadir=/data/mysql/data --plugin-dir=/usr/local/mys...
Jul 04 14:13:54 c7u6s2 systemd[1]: Ignoring invalid environment assignment 'log-error=/var/log/mysql/mysql.log': /etc/my.cnf
Jul 04 14:13:54 c7u6s2 systemd[1]: Ignoring invalid environment assignment 'pid-file=/var/run/mysql/mysql.pid': /etc/my.cnf
Jul 04 14:13:54 c7u6s2 systemd[1]: Starting MySQL Daemon...
Jul 04 14:14:00 c7u6s2 systemd[1]: mysqld.service start operation timed out. Terminating.
[root@c7u6s2 mysql-5.7.32]#
上述输出提示MySQL的配置文件中有两行是无效的配置,注释掉这两行,然后重新启动服务,具体如下所示:
[root@c7u6s2 ~]# systemctl daemon-reload
[root@c7u6s2 ~]# systemctl restart mysqld
[root@c7u6s2 ~]# systemctl status mysqld
● mysqld.service - MySQL Daemon
Loaded: loaded (/usr/lib/systemd/system/mysqld.service; disabled; vendor preset: disabled)
Active: active (running) since Sun 2021-07-04 15:27:25 CST; 4s ago
Docs: man:mysql(1)
man:mysqld(8)
Main PID: 4340 (mysqld)
CGroup: /system.slice/mysqld.service
└─4340 /usr/local/mysql-5.7.32/bin/mysqld
Jul 04 15:27:25 c7u6s2 mysqld[4340]: 2021-07-04T07:27:25.830849Z 0 [Note] Skipping generation of SSL certificates as certificate files...rectory.
Jul 04 15:27:25 c7u6s2 mysqld[4340]: 2021-07-04T07:27:25.831188Z 0 [Warning] CA certificate ca.pem is self signed.
Jul 04 15:27:25 c7u6s2 mysqld[4340]: 2021-07-04T07:27:25.831212Z 0 [Note] Skipping generation of RSA key pair as key files are present...rectory.
Jul 04 15:27:25 c7u6s2 mysqld[4340]: 2021-07-04T07:27:25.831453Z 0 [Note] Server hostname (bind-address): '*'; port: 3306
Jul 04 15:27:25 c7u6s2 mysqld[4340]: 2021-07-04T07:27:25.831474Z 0 [Note] IPv6 is available.
Jul 04 15:27:25 c7u6s2 mysqld[4340]: 2021-07-04T07:27:25.831479Z 0 [Note] - '::' resolves to '::';
Jul 04 15:27:25 c7u6s2 mysqld[4340]: 2021-07-04T07:27:25.831487Z 0 [Note] Server socket created on IP: '::'.
Jul 04 15:27:25 c7u6s2 mysqld[4340]: 2021-07-04T07:27:25.843722Z 0 [Note] Event Scheduler: Loaded 0 events
Jul 04 15:27:25 c7u6s2 mysqld[4340]: 2021-07-04T07:27:25.843959Z 0 [Note] /usr/local/mysql-5.7.32/bin/mysqld: ready for connections.
Jul 04 15:27:25 c7u6s2 mysqld[4340]: Version: '5.7.32' socket: '/data/mysql/data/mysql.sock' port: 3306 Source distribution
Hint: Some lines were ellipsized, use -l to show in full.
[root@c7u6s2 ~]#
[root@c7u6s2 ~]# mysql -uroot -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 3
Server version: 5.7.32 Source distribution
Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> exit
Bye
[root@c7u6s2 ~]#
至此,MySQL的编译安装以及配置操作就完成了。
3.3. MySQL-5.7编译安装总结
-
下载源码包并解压缩
-
安装必要的软件包
$ yum install -y @development cmake ncurses ncurses-devel openssl-devel -
如果采用多jobs并行编译,那么需要确保虚拟机的内存足够大,否则编译器会因为内存不足无法完成编译
-
在解压后的源码目录中新建一个目录,名字无所谓,然后在其中执行cmake命令进行编译
[root@c7u6s2 ~]# cd mysql-5.7/ [root@c7u6s2 mysql-5.7]# cd mysql-5.7.32/ [root@c7u6s2 mysql-5.7.32]# mkdir bld [root@c7u6s2 mysql-5.7.32]# ls bld cmd-line-utils Doxyfile-perfschema libbinlogstandalone man plugin source_downloads support-files win BUILD config.h.cmake extra libmysql mysql-test rapid sql testclients zlib client configure.cmake include libmysqld mysys README sql-common unittest cmake dbug INSTALL libservices mysys_ssl regex storage VERSION CMakeLists.txt Docs libbinlogevents LICENSE packaging scripts strings vio [root@c7u6s2 mysql-5.7.32]# cd bld [root@c7u6s2 bld]# [root@c7u6s2 bld]# cmake .. -DCMAKE_INSTALL_PREFIX=/usr/local/mysql-5.7.32 -DSYSCONFDIR=/etc/mysql/ -DMYSQL_TCP_PORT=3306 -DMYSQL_UNIX_ADDR=/var/lib/mysql/mysql.sock -DDEFAULT_CHARSET=utf8 -DMYSQL_DATADIR=/data/mysql/data -DENABLED_LOCAL_INFILE=1 -DEXTRA_CHARSETS=all -DDEFAULT_COLLATION=utf8_general_ci -DDOWNLOAD_BOOST=ON此处需要指定
-DDOWNLOAD_BOOST=ON,表示在编译的过程中,允许自动下载boost-1.59到/usr/lib64/boost这个目录中。boost是编译过程中必须的组件。cmake根据配置选项生成相应的Makefile文件,用于执行make命令。 -
cmake命令执行成功之后,会生成Makefile文件,此时就可以执行
make -j 10以及make -j 10 install命令进行编译和安装了。 -
完成安装之后,就是做一些安装后的工作了,比如mysql用户创建、数据库初始化、数据库的root用户密码修改、环境变量配置、systemd风格的服务管理文件创建。
-
创建mysql用户和组
[root@c7u6s2 mysql-5.7.32]# id 306 [root@c7u6s2 mysql-5.7.32]# groupadd -g 306 mysql [root@c7u6s2 mysql-5.7.32]# useradd -r -g mysql -u 306 -s /bin/false -d /data/mysql/data mysql -
数据库初始化
[root@c7u6s2 mysql-5.7.32]# chmod 750 /data/mysql [root@c7u6s2 mysql-5.7.32]# chown -R mysql.mysql /data/mysql [root@c7u6s2 mysql-5.7.32]# bin/mysqld --initialize --user=mysql --datadir=/data/mysql/data [root@c7u6s2 mysql-5.7.32]# chown -R mysql.mysql /data/mysql [root@c7u6s2 mysql-5.7.32]# bin/mysqld --initialize --user=mysql --datadir=/data/mysql/data [root@c7u6s2 mysql-5.7.32]# mkdir -p /var/log/mysql [root@c7u6s2 mysql-5.7.32]# chown mysql.mysql /var/log/mysql [root@c7u6s2 mysql-5.7.32]# mkdir /var/run/mysql [root@c7u6s2 mysql-5.7.32]# chown mysql.mysql /var/run/mysql [root@c7u6s2 mysql-5.7.32]# chmod 750 /var/run/mysql [root@c7u6s2 mysql-5.7.32]# vim /etc/my.cnf初始化完成之后,尝试启动mysqld守护进程。
[root@c7u6s2 mysql-5.7.32]# bin/mysqld_safe --user=mysql --defaults-file=/etc/my.cnf &守护进程启动之后,尝试登录数据库
[root@c7u6s2 mysql-5.7.32]# bin/mysql -uroot -pktqspzU3d=ig --socket=/data/mysql/data/mysql.sock可以正常登录。
-
登录到数据库之后修改数据库的root用户的密码
mysql> alter user root@localhost identified by 'password'; -
配置环境变量
[root@c7u6s2 mysql-5.7.32]# cd bin/ [root@c7u6s2 bin]# pwd >> /etc/profile.d/mysql.sh [root@c7u6s2 man]# pwd >> /etc/profile.d/mysql.sh [root@c7u6s2 include]# vim /etc/profile.d/mysql.sh [root@c7u6s2 lib]# ln -s `pwd` /usr/lib64/mysql [root@c7u6s2 include]# ln -s `pwd` /usr/include/mysql [root@c7u6s2 lib]# ln -s `pwd` /usr/lib64/mysql -
设置systemd风格的服务管理文件
[root@c7u6s2 mysql-5.7.32]# vim /usr/lib/systemd/system/mysqld.service [root@c7u6s2 mysql-5.7.32]# cat /usr/lib/systemd/system/mysqld.service [Unit] Description=MySQL Daemon Documentation=man:mysql(1) man:mysqld(8) After=network.target syslog.target [Service] User=mysql Group=mysql Type=simple ExecStart=/usr/local/mysql-5.7.32/bin/mysqld EnvironmentFile=-/etc/my.cnf Restart=on-failure TimeoutSec=15 [Install] WantedBy=multi-user.target [root@c7u6s2 ~]# systemctl restart mysqld [root@c7u6s2 ~]# systemctl status mysqld ● mysqld.service - MySQL Daemon Loaded: loaded (/usr/lib/systemd/system/mysqld.service; disabled; vendor preset: disabled) Active: active (running) since Sun 2021-07-04 15:27:25 CST; 4s ago Docs: man:mysql(1) man:mysqld(8) Main PID: 4340 (mysqld) CGroup: /system.slice/mysqld.service └─4340 /usr/local/mysql-5.7.32/bin/mysqld
-
上述就是MySQL-5.7的源码编译安装的操作。
4. References
[1]. What’s DNS
[2]. What is a CDN
[3]. 2.9 Installing MySQL from Source
扫一扫
270
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
