本文共 12029 字,大约阅读时间需要 40 分钟。
@@@@在server主机中:@@@@
建设为下载的http://172.25.254.250/exam/id_rsa.pub[root@dns_server .ssh]# cat id_rsa.pub[root@node1 .ssh]# ssh-keygen 120主机中[root@node1 .ssh]# lsid_rsa id_rsa.pub known_hosts将公钥传至120主机[root@node1 .ssh]# cat id_rsa.-pub – >覆盖了原本的公钥[root@node1 .ssh]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@172.25.254.120[root@dns_server .ssh]# ssh root@172.25.254.120无需密码,直接登录 第一次连接的时候需要yes,但无需密码
设定root用户密码为westos
IPADDRESS=172.25.254.112
GATEWAY=172.25.254.250 DNS=172.25.254.250搭建本地软件仓库并可以使直连网络主机使用仓库地址 http://172.25.254.112/rhel8
先搭建本地仓库,安装httpdfirewall-cmd --permanent --add-service=httpfirewall-cmd --reload参考第五题:修改/westos/html的安全上下文,chcon -Rt httpd_sys_content_t /westos/html----->可以semange使用永久修改semanage fcontext -a -t httpd_sys_content_t '/westos/html(/.*)?'restorecon -RvvF /westos/html参考第五题,因为默认发布目录的修改,所以搭建网络源的时候需要注意挂载镜像目录的改变vim /etc/httpd/conf/httpd.confsystemctl restart httpdmkdir /westos/html/rhel8mount /dev/sr0 /westos/html/rhel8vim /etc/yum.repos.d/westos.repo[AppStream]baseurl = http://172.25.254.120/rhel8/AppStreamenabled = 1gpgcheck = 0name = AppStream_westos[BaseOS]baseurl = http://172.25.254.120/rhel8/BaseOSenabled = 1gpgcheck = 0name = BaseOS_westoshttp://172.25.254.120/rhel8/-------->可以访问到镜像资源
@@@@在client主机中:@@@@
建立sshd服务的秘钥认证,认证用户为root,
秘钥下载地址为http://172.25.254.250/exam/id_rsa.pub设定root用户密码为westos
IPADDRESS=172.25.254.212
GATEWAY=172.25.254.250 DNS=172.25.254.250搭建本地软件仓库并可以使直连网络主机使用仓库地址 http://172.25.254.112/rhel8
fdisk /dev/vdb —>建立分区Device Boot Start End Sectors Size Id Type/dev/vdb1 2048 1026047 1024000 500M 82 Linux swap / Solaris/dev/vdb2 1026048 1230847 204800 100M 83 Linux/dev/vdb3 1230848 3327999 2097152 1G 8e Linux LVM/dev/vdb4 3328000 10485759 7157760 3.4G 5 Extended/dev/vdb5 3330048 5427199 2097152 1G 83 Linux ---->设置为lvm形式mkswap /dev/vdb1mkfs.xfs /dev/vdb2mount -o usrquota /dev/vdb2 /westos_pub/chmod 777 /westos_pub/edquota --user westos修改hard值51200 ---->50M测试:[root@localhost Desktop]# su - westos[westos@localhost ~]$ dd if=/dev/zero of=/westos_pub/westosfile1 bs=1M count=60dd: error writing ‘/westos_pub/westosfile1’: Disk quota exceeded
mkdir /westos/westoslv -ppvcreate /dev/vdb3vgcreate -s 3M westos_vg /dev/vdb3lvcreate -L 300M -n westos_datal westos_vgmkfs.xfs /dev/westos_vg/westos_datalmount /dev/westos_vg/westos_datal /westos/westoslv/
vim /etc/fstab----->永久挂载文件/dev/westos_vg/westos_datal /westos/westoslv xfs defaults 0 0/dev/vdb2 /westos_pub xfs defaults,usrquota 0 0 最后要mount -a 检测文件里面写的内容是否写好,否则系统无法重启
vim /etc/sysconfig/selinuxSELINUX=enforcing
1.semanage fcontext -a -t public_content_rw_t ‘/var/ftp/pub(/.*)?’ ----->修改上传目录安全上下文为rw2.restorecon -RvvF /var/ftp/pub/[root@localhost Desktop]# ls -Zd /var/ftp/pub/system_u:object_r:public_content_rw_t:s0 /var/ftp/pub/3.setsebool -P ftpd_anon_write on #-P 永久打开 ------->打开写开关[root@localhost Desktop]# getsebool -a | grep ftpftpd_anon_write --> onvim /etc/vsftpd/vsftpd.confanon_upload_enable=YESanonymous_enable=YESsystemctl restart vsftpdchmod 775 /var/ftp/pub/chgrp ftp /var/ftp/pub/[root@localhost Desktop]# ls -ld /var/ftp/pub/ ---->上传目录的权限drwxrwxr-x. 2 root ftp 20 Nov 29 09:25 /var/ftp/pub/
http://172.25.254.250/exam/index_defaultdefault pagemkdir /westos/html -pvim /etc/httpd/conf/httpd.confDocumentRoot “/westos/html”AllowOverride None# Allow open access:Require all grantedchcon -Rt httpd_sys_content_t /westos/html----->可以semange使用永久修改[root@localhost ~]# ls -Zd /westos/html/unconfined_u:object_r:httpd_sys_content_t:s0 /westos/html/[root@localhost ~]# cat /westos/html/index.htmldefault pagesystemctl restart httpdhttp://172.25.254.120/default page
http://172.25.254.250/exam/index_bbsbbs page[root@localhost conf.d]# mkdir /westos/bbs.com/html -p[root@localhost conf.d]# ls -Zd /westos/bbs.com/htmlunconfined_u:object_r:default_t:s0 /westos/bbs.com/html[root@localhost conf.d]# chcon -Rt httpd_sys_content_t /westos/bbs.com/html[root@localhost conf.d]# vim /westos/bbs.com/html/index.html[root@localhost conf.d]# cat /westos/bbs.com/html/index.htmlbbs page[root@localhost conf.d]# vim vhost.conf[root@localhost conf.d]# systemctl restart httpd[root@localhost conf.d]# cat /etc/httpd/conf.d/vhost.confDocumentRoot /westos/htmlCustomLog logs/default.log combinedServerName bbs.westos.comDocumentRoot /westos/bbs.com/htmlCustomLog logs/bbs.log combined Require all granted测试vim /etc/hosts172.25.254.120 www.westos.com bbs.westos.comhttp://bbs.westos.com/bbs pagehttp://www.westos.com/default page
dnf install targetcli -yfirewall-cmd --permanent --add-service=iscsi-targetfirewall-cmd --reload
/dev/vdb5 1G ----->格式化pvcreate /dev/vdb5vgcreate ISCSI_vg /dev/vdb5lvcreate -L 100M -n disk1_lv ISCSI_vgmkfs.xfs /dev/ISCSI_vg/disk1_lv
targetcli/> backstores/block create server120.disk1 /dev/ISCSI_vg/disk1_lv
/> iscsi/ create iqn.2020-04.com.westos:server120
/> iscsi/iqn.2020-04.com.westos:server120/tpg1/luns create /backstores/block/server120.disk1/> iscsi/iqn.2020-04.com.westos:server120/tpg1/acls create iqn.2020-04.com.westos:westoskey/> exit
dnf install iscsi-initiator-utils -yvim /etc/iscsi/initiatorname.iscsiInitiatorName= iqn.2020-04.com.westos:server120:westoskeysystemctl restart iscsid[root@westos_student4 ~]# iscsiadm -m discovery -t st -p 172.25.254.120172.25.254.120:3260,1 iqn.2020-04.com.westos:server120[root@westos_student4 ~]#iscsiadm -m node -T iqn.2020-04.com.westos:server120 -p 172.25.254.120 -l --登录Logging in to [iface: default, target: iqn.2020-04.com.westos:server120, portal: 172.25.254.120,3260]Login to [iface: default, target: iqn.2020-04.com.westos:server120, portal: 172.25.254.120,3260] successful.
fdisk /dev/sda ------> /dev/sda1 ----mkfs.xfs /dev/sda1 ---->mkdir /iscsidiskvim /etc/fstab —网络设备永久挂载/dev/sda1 /iscsidisk xfs default,_netdev 0 0 ##注意一定要加上_netdev.
root 用户登录数据库的时候不能用-h ip的形式登录dnf install mariadb-server -ysystemctl enable --now mariadbfirewall-cmd --permanent --add-service=mysqlmysql_secure_installation ----->安全初始化设置密码为westos
CREATE DATABASE redhat ;mkdir /westos/html/pub/materials/mariadb -pmysqldump -uroot -p redhat > /westos/html/pub/materials/mariadb/mariadb.dump/westos/html http的默认发布目录----->?建立目录,备份在此目录vim /etc/hosts172.25.254.120 classroom.example.comhttp://classroom.example.com/pub/materials/mariadb/mariadb.dump
授权[root@node1 ~]# mysql -uroot -pEnter password:MariaDB [(none)]> CREATE USER marry@localhost identified by ‘marry_passwd’; ------>建立用户Query OK, 0 rows affected (0.001 sec)MariaDB [(none)]> SELECT Host,User,Password FROM mysql.user;±----------±------±------------------------------------------+| Host | User | Password |±----------±------±------------------------------------------+| localhost | root | *28C1E2BE21B45562A34B6CC34A19CFAFC2F88F96 || 127.0.0.1 | root | *28C1E2BE21B45562A34B6CC34A19CFAFC2F88F96 || ::1 | root | *28C1E2BE21B45562A34B6CC34A19CFAFC2F88F96 || localhost | marry | *3C2113A96DB3D97C7E129966461E107FC1DA214C |±----------±------±------------------------------------------+4 rows in set (0.001 sec)MariaDB [(none)]> GRANT SELECT,INSERT,UPDATE,DELETE on redhat.* to marry@localhost;Query OK, 0 rows affected (0.001 sec)
建立natasha用户MariaDB [(none)]> CREATE USER natasha@’%’ identified by ‘natasha_passwd’;Query OK, 0 rows affected (0.001 sec)MariaDB [(none)]> SELECT User,Host FROM mysql.user;+---------+-----------+| User | Host |+---------+-----------+| natasha | % |MariaDB [(none)]> GRANT SELECT on redhat.* to natasha@’%’;Query OK, 0 rows affected (0.001 sec)客户端mysql -u natasha -p -h 172.25.254.120可以登录
在 server112 上配置 smb 共享服务,要求开机自启,防火墙允许此服务。
创建共享目录为 /smbshare ,共享名为 smbshare ,
marketing 组成员可以读写此共享 不属于marketing 组的人只能读。直接在本机中做的测试,所以安装客户端dnf install samba samba-client samba-commonsystemctl enable --now smbfirewall-cmd --permanent --add-service=sambafirewall-cmd --reloadmkdir /smbsharechcon -t samba_share_t /smbshare/cp /etc/samba/smb.conf.example /etc/samba/smb.confvim /etc/samba/smb.conf314 [smbshare]315 comment = smb316 path = /smbshare317 write list = +marketing —>只写文件,建立用户只是为了测试318systemctl restart smbshare[root@localhost ~]# smbclient -L //172.25.254.120/smbshareEnter MYGROUP\root’s password:Anonymous login successful
SMB1 disabled – no workgroup availablechmod 777 /sambashareuseradd marketinguseradd linuxsmbpasswd -a marketingsmbpasswd -a linux[root@localhost ~]# pdbedit -Lmarketing:1003:linux:1001:[root@localhost ~]# mount -o username=linux,password=westos //172.25.254.120/smbshare /mnt[root@localhost ~]# df//172.25.254.120/smbshare 9450496 4739344 4711152 51% /mnt[root@localhost ~]# cd /mnt/[root@localhost mnt]# lsfile[root@localhost mnt]# touch westostouch: cannot touch ‘westos’: Permission denied[root@localhost mnt]# usermod -G marketing linux[root@localhost ~]# umount /mnt[root@localhost ~]# mount -o username=linux,password=westos //172.25.254.120/smbshare /mnt[root@localhost ~]# cd /mnt/[root@localhost mnt]# lsfile[root@localhost mnt]# touch westos[root@localhost mnt]# lsfile westos
[root@localhost ~]# useradd -s /sbin/nologin brian -M[root@localhost ~]# useradd -s /sbin/nologin rob -M[root@localhost ~]# smbpasswd -a brianNew SMB password:Retype new SMB password:Added user brian.[root@localhost ~]# smbpasswd -a robNew SMB password:Retype new SMB password:Added user rob.[root@localhost ~]# pdbedit -Lmarketing:1003:brian:1005:linux:1001:rob:1006:[root@localhost ~]# usermod -G marketing brian[root@localhost ~]# id brianuid=1005(brian) gid=1005(brian) groups=1005(brian),1003(marketing)----->brian相当于 linux
----->客户端在安装autofs,cifs-utilssamba客户端的多用户挂载,支持访问samba共享的用户身份,但不需要重新挂载资源。挂载参数需要添加multiuser参数,客户机上的普通用户可以通过cifscreds提交新的身份凭据,在客户端挂载samba共享目录,需要软件包cifs-util的支持,为访问网络资源配置开机挂载时,注意添加参数_netdev,表示等客户机网络配置可用后才挂载对应资源dnf install cifs-utils[root@westos_student4 ~]# vim /etc/auto.master/mnt /etc/auto.cifs[root@westos_student4 ~]# vim /etc/auto.cifsmultiuser -fstype=cifs,credentials=/root/smbauth,multiuser,sec=ntlmssp ://172.25.254.120/smbshare[root@westos_student4 ~]# vim /root/smbauthusername=linuxpassword=westos[root@westos_student4 ~]# su - kiosk[kiosk@westos_student4 ~]$ cd /mnt/[kiosk@westos_student4 mnt]$ cd multiuser[kiosk@westos_student4 multiuser]$ df//172.25.254.120/smbshare 9450496 4747716 4702780 51% /mnt/multiuser[kiosk@westos_student4 multiuser]$ llls: cannot open directory ‘.’: Permission denied[kiosk@westos_student4 multiuser]$ cifscreds add -u linux 172.25.254.120 —>linux (服务端主机的samba用户)Password:[kiosk@westos_student4 multiuser]$ lltotal 0-rwxr-xr-x. 1 kiosk kiosk 0 file-rwxr-xr-x. 1 kiosk kiosk 0 westos
转载地址:http://bnhzi.baihongyu.com/