ES460\u3092\u30eb\u30fc\u30bf\u306b\u3057\u3066\u307e\u3057\u305f\u304c\u3001\u518d\u8d77\u52d5\u3057\u3088\u3046\u3068\u3057\u305f\u3089\u8d77\u52d5\u3057\u306a\u304f\u306a\u3063\u3066\u3057\u307e\u3044\u307e\u3057\u305f\u3002<\/p>\n\n\n\n
\u4ee3\u308f\u308a\u306b\u306a\u308b\u30cf\u30fc\u30c9\u30a6\u30a7\u30a2\u3092\u8abf\u9054\u3057\u3066\u3082\u3044\u3044\u3093\u3067\u3059\u304c\u3001\u6545\u969c\u306e\u3053\u3068\u3092\u8003\u616e\u3059\u308b\u3068\u4eee\u60f3\u5316\u3057\u305f\u3046\u3048\u3067\u5197\u9577\u5316\u3057\u3088\u3046\u3068\u601d\u3044\u307e\u3057\u305f\u306e\u3067\u3001\u69cb\u7bc9\u306e\u624b\u9806\u3067\u3059\u3002\u74b0\u5883\u3068\u3057\u3066\u306fens192\u304c\u30a4\u30f3\u30bf\u30fc\u30cd\u30c3\u30c8\u5074\u3001ens224\u304c\u30a4\u30f3\u30c8\u30e9\u5074\u306b\u306a\u308a\u307e\u3059\u3002<\/p>\n\n\n\n\n\n\n\n
\u53d6\u308a\u5408\u3048\u305a\u3001DHCP\u30b5\u30fc\u30d0\u3068IPv6\u306e\u8ee2\u9001\u3092\u8a2d\u5b9a\u3057\u3066\u3044\u304d\u307e\u3059\u3002\u624b\u9806\u4e0a\u30d7\u30ed\u30f3\u30d7\u30c8\u304c#\u3068\u306a\u3063\u3066\u3044\u308b\u306e\u306f\u4e21\u30ce\u30fc\u30c9\u3001\u30db\u30b9\u30c8\u540d\u304c\u66f8\u3044\u3066\u3042\u308b\u306e\u306f\u7247\u30ce\u30fc\u30c9\u3067\u306e\u5b9f\u65bd\u306b\u306a\u308a\u307e\u3059\u3002<\/p>\n\n\n\n
# dnf -y install dhcp-server\n# vi \/etc\/dhcp\/dhcpd.conf\n##\u4ee5\u4e0b\u3092\u8ffd\u8a18\noption domain-name \"homelab.gurees.net\";\noption domain-name-servers 192.168.8.1;\ndefault-lease-time 600;\nmax-lease-time 7200;\nauthoritative;\nsubnet 192.168.8.0 netmask 255.255.252.0 {\n range dynamic-bootp 192.168.11.10 192.168.11.254;\n option broadcast-address 192.168.11.255;\n option routers 192.168.8.1;\n}\n##\u8ffd\u8a18\u3053\u3053\u307e\u3067\n\n# firewall-cmd --add-service=dhcp --permanent\n# firewall-cmd --reload\n\n# echo \"net.ipv4.ip_forward=1\" >> \/etc\/sysctl.conf\n# vi \/etc\/sysctl.conf\n# sysctl -p\n# firewall-cmd --permanent --zone=trusted --change-interface=ens192\n# firewall-cmd --permanent --zone=trusted --change-interface=ens224\n# firewall-cmd --permanent --direct --add-rule ipv4 filter FORWARD 0 -i ens224 -o ens192 -j ACCEPT\n# firewall-cmd --permanent --direct --add-rule ipv4 filter FORWARD 0 -i ens192 -o ens224 -j ACCEPT\n# firewall-cmd --reload<\/pre>\n\n\n\nkeepalived\u3067\u5207\u66ff\u306e\u8a2d\u5b9a\u3092\u3057\u307e\u3059\u3002priority\u306f1\u53f7\u6a5f\u3092\u512a\u5148\u3057\u305f\u3044\u306e\u3067\u30012\u53f7\u6a5f\u5074\u306f90\u306b\u8a2d\u5b9a\u3057\u307e\u3059\u3002<\/p>\n\n\n\n
# dnf install -y keepalived\n# vi \/etc\/keepalived\/keepalived.conf\n##\u4e2d\u8eab\u3092\u6d88\u3057\u3066\u4ee5\u4e0b\u3067\u4e0a\u66f8\u304d\u307e\u3059\n! Configuration File for keepalived\nglobal_defs {\n vrrp_garp_master_refresh 60\n garp_master_delay 5\n advert_int 1\n router_id 250\n}\nvrrp_instance VI_1 {\n state BACKUP\n interface ens192\n priority 100\n advert_int 3\n authentication {\n auth_type PASS\n auth_pass password\n }\n virtual_ipaddress {\n 192.168.1.250\/24\n }\n notify_master \"\/usr\/local\/sbin\/keepalived_master\"\n notify_backup \"\/usr\/local\/sbin\/keepalived_backup\"\n notify_fault \"\/usr\/local\/sbin\/keepalived_backup\"\n notify_stop \"\/usr\/local\/sbin\/keepalived_backup\"\n}\nvrrp_instance VI_2 {\n state BACKUP\n interface ens224\n priority 100\n advert_int 3\n authentication {\n auth_type PASS\n auth_pass password\n }\n virtual_ipaddress {\n 192.168.8.1\/22\n }\n}<\/pre>\n\n\n\nkeepalived\u5207\u308a\u66ff\u3048\u6642\u306bdhcpd\u3092\u8d77\u52d5\u3059\u308b\u305f\u3081\u306e\u30b9\u30af\u30ea\u30d7\u30c8\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002<\/p>\n\n\n\n
# echo '#!\/bin\/sh' > \/usr\/local\/sbin\/keepalived_master\n# echo 'systemctl start dhcpd' >> \/usr\/local\/sbin\/keepalived_master\n\n# echo '#!\/bin\/sh' > \/usr\/local\/sbin\/keepalived_backup\n# echo 'systemctl stop dhcpd' >> \/usr\/local\/sbin\/keepalived_backup\n\n# chmod +x \/usr\/local\/sbin\/keepalived_master\n# chmod +x \/usr\/local\/sbin\/keepalived_backup<\/pre>\n\n\n\n\u30d5\u30a1\u30a4\u30a2\u30a6\u30a9\u30fc\u30eb\u3067vrrp\u3092\u901a\u3057\u3001keepalived\u3092\u81ea\u52d5\u8d77\u52d5\u3059\u308b\u3088\u3046\u306b\u3057\u307e\u3059\u3002<\/p>\n\n\n\n
# firewall-cmd --permanent --add-protocol=vrrp --zone=trusted\n# firewall-cmd --reload\n# systemctl start keepalived.service\n# systemctl enable keepalived.service<\/pre>\n\n\n\n\u3053\u308c\u3067\u4ee5\u4e0b\u306e\u3088\u3046\u306b\u5207\u308a\u66ff\u308f\u308b\u306e\u3092\u78ba\u8a8d\u3067\u304d\u307e\u3059\u3002<\/p>\n\n\n\n
>tracert 192.168.8.40\n192.168.8.40 \u3078\u306e\u30eb\u30fc\u30c8\u3092\u30c8\u30ec\u30fc\u30b9\u3057\u3066\u3044\u307e\u3059\u3002\u7d4c\u7531\u3059\u308b\u30db\u30c3\u30d7\u6570\u306f\u6700\u5927 30 \u3067\u3059\n 1 3 ms 3 ms 2 ms rtx1200.local [192.168.1.1]\n 2 4 ms 4 ms 4 ms 192.168.1.251\n 3 6 ms 7 ms 6 ms 192.168.8.40\n\u30c8\u30ec\u30fc\u30b9\u3092\u5b8c\u4e86\u3057\u307e\u3057\u305f\u3002\n\n\u203b\u203b192.168.1.251\u3092\u30b7\u30e3\u30c3\u30c8\u30c0\u30a6\u30f3\u3059\u308b\u203b\u203b\n\n>tracert 192.168.8.40\n192.168.8.40 \u3078\u306e\u30eb\u30fc\u30c8\u3092\u30c8\u30ec\u30fc\u30b9\u3057\u3066\u3044\u307e\u3059\u3002\u7d4c\u7531\u3059\u308b\u30db\u30c3\u30d7\u6570\u306f\u6700\u5927 30 \u3067\u3059\n 1 5 ms 3 ms 3 ms rtx1200.local [192.168.1.1]\n 2 4 ms 3 ms 4 ms 192.168.1.252\n 3 4 ms 5 ms 4 ms 192.168.8.40\n\n\u203b\u203b192.168.1.251\u3092\u8d77\u52d5\u3059\u308b\u203b\u203b\n>tracert 192.168.8.40\n192.168.8.40 \u3078\u306e\u30eb\u30fc\u30c8\u3092\u30c8\u30ec\u30fc\u30b9\u3057\u3066\u3044\u307e\u3059\u3002\u7d4c\u7531\u3059\u308b\u30db\u30c3\u30d7\u6570\u306f\u6700\u5927 30 \u3067\u3059\n 1 3 ms 3 ms 2 ms rtx1200.local [192.168.1.1]\n 2 4 ms 4 ms 4 ms 192.168.1.251\n 3 6 ms 7 ms 6 ms 192.168.8.40\n\u30c8\u30ec\u30fc\u30b9\u3092\u5b8c\u4e86\u3057\u307e\u3057\u305f\u3002<\/pre>\n\n\n\n\u6b21\u306bDNS\u3092\u8a2d\u5b9a\u3057\u307e\u3059\u3002\u3053\u3061\u3089\u306f\u4e21\u30ce\u30fc\u30c9\u3068\u3068\u3082\u8d77\u52d5\u3057\u305f\u307e\u307e\u3067\u554f\u984c\u306a\u3044\u306e\u3067\u901a\u5e38\u901a\u308a\u306b\u8a2d\u5b9a\u3057\u307e\u3059\u3002<\/p>\n\n\n\n
# dnf -y install bind bind-utils\n# mkdir \/var\/named\/log\n# chown named.named \/var\/named\/log\n# vi \/etc\/named.conf\n##\u4ee5\u4e0b\u306b\u66f8\u304d\u63db\u3048\nacl internal-network {\n 192.168.8.0\/22;\n};\nacl home-network {\n 192.168.1.0\/24;\n};\noptions {\n listen-on port 53 { any; };\n listen-on-v6 port 53 { ::1; };\n directory \"\/var\/named\";\n dump-file \"\/var\/named\/data\/cache_dump.db\";\n statistics-file \"\/var\/named\/data\/named_stats.txt\";\n memstatistics-file \"\/var\/named\/data\/named_mem_stats.txt\";\n secroots-file \"\/var\/named\/data\/named.secroots\";\n recursing-file \"\/var\/named\/data\/named.recursing\";\n allow-query { localhost; internal-network; home-network; };\n forwarders {\n 192.168.1.1;\n };\n recursion yes;\n dnssec-validation yes;\n managed-keys-directory \"\/var\/named\/dynamic\";\n geoip-directory \"\/usr\/share\/GeoIP\";\n pid-file \"\/run\/named\/named.pid\";\n session-keyfile \"\/run\/named\/session.key\";\n};\nlogging {\n channel default_debug {\n file \"data\/named.run\";\n severity dynamic;\n };\n channel \"default-log\" {\n file \"\/var\/named\/log\/default.log\" versions 5 size 10M;\n severity debug;\n print-time yes;\n print-severity yes;\n print-category yes;\n };\n};\nzone \"homelab.gurees.net\" {\n type master;\n file \"homelab.gurees.net.zone\";\n};<\/pre>\n\n\n\n\u30be\u30fc\u30f3\u30d5\u30a1\u30a4\u30eb\u3092\u69cb\u6210\u3057\u307e\u3059\u3002<\/p>\n\n\n\n
# vi \/var\/named\/homelab.gurees.net.zone\n## \u4ee5\u4e0b\u3092\u8ffd\u8a18\n$TTL 86400\n@ IN SOA gateway.homelab.gurees.net. root.homelab.gurees.net. (\n 2022121801 ;Serial\n 3600 ;Refresh\n 1800 ;Retry\n 604800 ;Expire\n 86400 ;Minimum TTL\n)\n IN NS gateway.homelab.gurees.net.\n IN A 192.168.8.1\ngateway IN A 192.168.8.1\nesxi01 IN A 192.168.8.11\nesxi02 IN A 192.168.8.12\nesxi06 IN A 192.168.8.16\nesxi07 IN A 192.168.8.17\npve01 IN A 192.168.9.21\npve02 IN A 192.168.9.22\npve03 IN A 192.168.9.23\npve04 IN A 192.168.9.24\npve05 IN A 192.168.9.25\nsvn IN A 192.168.10.1\njenkins IN A 192.168.10.2<\/pre>\n\n\n\n\u8a2d\u5b9a\u306e\u78ba\u8a8d\u3068DNS\u30b5\u30fc\u30d0\u306e\u8d77\u52d5\u3092\u884c\u3044\u307e\u3059\u3002<\/p>\n\n\n\n
# named-checkconf -z\nzone homelab.gurees.net\/IN: loaded serial 2022121801\n# systemctl enable --now named\nCreated symlink \/etc\/systemd\/system\/multi-user.target.wants\/named.service \u2192 \/usr\/lib\/systemd\/system\/named.service.<\/pre>\n\n\n\n\u3053\u308c\u3067\u5197\u9577\u5bfe\u5fdc\u306a\u30eb\u30fc\u30bf\u3092\u4f5c\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3057\u305f\u3002\u4eca\u56de\u306f\u4eee\u60f3\u30de\u30b7\u30f3\u306b\u3057\u305f\u306e\u3067\u3001\u30d0\u30c3\u30af\u30a2\u30c3\u30d7\u3092\u53d6\u3063\u3066\u304a\u3051\u3070\u6545\u969c\u306e\u5fa9\u65e7\u3082\u5b89\u5fc3\u3067\u3059\u306d\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"
ES460\u3092\u30eb\u30fc\u30bf\u306b\u3057\u3066\u307e\u3057\u305f\u304c\u3001\u518d\u8d77\u52d5\u3057\u3088\u3046\u3068\u3057\u305f\u3089\u8d77\u52d5\u3057\u306a\u304f\u306a\u3063\u3066\u3057\u307e\u3044\u307e\u3057\u305f\u3002 \u4ee3\u308f\u308a\u306b\u306a\u308b\u30cf\u30fc\u30c9\u30a6\u30a7\u30a2\u3092\u8abf\u9054\u3057\u3066\u3082\u3044\u3044\u3093\u3067\u3059\u304c\u3001\u6545\u969c\u306e\u3053\u3068\u3092\u8003\u616e\u3059\u308b\u3068\u4eee\u60f3\u5316\u3057\u305f\u3046\u3048\u3067\u5197\u9577\u5316\u3057\u3088\u3046\u3068\u601d\u3044\u307e\u3057\u305f\u306e\u3067\u3001\u69cb\u7bc9\u306e\u624b\u9806\u3067\u3059\u3002 […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[19,24],"tags":[],"class_list":["post-654","post","type-post","status-publish","format-standard","hentry","category-linux","category-network"],"_links":{"self":[{"href":"https:\/\/blog.gurees.net\/index.php?rest_route=\/wp\/v2\/posts\/654","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.gurees.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.gurees.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.gurees.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.gurees.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=654"}],"version-history":[{"count":5,"href":"https:\/\/blog.gurees.net\/index.php?rest_route=\/wp\/v2\/posts\/654\/revisions"}],"predecessor-version":[{"id":674,"href":"https:\/\/blog.gurees.net\/index.php?rest_route=\/wp\/v2\/posts\/654\/revisions\/674"}],"wp:attachment":[{"href":"https:\/\/blog.gurees.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=654"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.gurees.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=654"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.gurees.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=654"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}