189 8069 5689

redhat7rhce

先检查yum源是否可用。


1 两台主机配置selinux
vim /etc/sysconfig/selinux 
    setenforce 1
    getenforce
2 两台主机配置防火墙对ssh的限制
firewall-config
permanent 
rich rule
family=ipv4
element=service ssh
action=accept
source:172.25.0.0/24
rich rule
family=ipv4
element=service ssh
action=reject 
with type=icmp-host-prohibited
source:172.17.10.0/24
options=reload firewall
3 配置IPv6地址
nmcli connection modify eth0 ipv6.addresses fddb:fe2a:ab1e::c0a8:2/64 ipv6.method manual
nmcli connection up eth0 
ip addr
ping6 fddb:fe2a:ab1e::c0a8:1
ping 172.25.0.11
4 配置链路聚合==============ping不通是正常的???
nmcli connection add con-name team0 ifname team0 autoconnect yes type team config '{"runner":{"name":"activebackup"}}'
nmcli connection add con-name team0-1 ifname eth2 type team-slave master team0 
nmcli connection add con-name team0-2 ifname eth3 type team-slave master team0 
nmcli connection show 
nmcli connection modify team0 ipv4.addresses 192.168.0.101/24 ipv4.method manual
nmcli connection up team0
ip addr
ping 192.168.0.102
5 自定义用户环境
alias qstat='/bin/ps -Ao pid,tt,user,fname,rsz'
qstat
vi /etc/profile
vi /etc/bashrc 
unalias qstat 
source /etc/profile
qstat 
unalias qstat 
source /etc/bashrc 
qstat 
6 配置本地邮件服务
yum -y install postfix
systemctl enable postfix
vi /etc/postfix/main.cf
   165 mydestination =
   116 inet_interfaces = loopback-only
   316 relayhost = [classroom.example.com]
   99 myorigin = $mydomain
   83 mydomain = example.com
   194 local_transport=error:only local transport
systemctl start postfix
systemctl status postfix
mail -s lihb student@classroom.example.com
tail /var/log/maillog 
firefox
7 配置端口转发
firewall-config
permanent
rich rule
family=ipv4
element=forward-port 5423/tcp>80
source=172.25.0.0/24
rich rule
family=ipv4
element=forward-port 5423/udp>80
source=172.25.0.0/24
options=reload firewall
8 通过SMB共享目录
yum -y install samba samba-client cifs-utils
systemctl enable nmb
systemctl enable smb
firewall-cmd --add-service=samba --permanent 
firewall-cmd --reload 
ll -d /common
mkdir /common
id rob
id brian
useradd rob
useradd brian
setfacl -m u:rob:r-x /common/
setfacl -m u:brian:rwx /common/
ll -Zd /common/
semanage fcontext -a -t samba_share_t '/common(/.*)?'
restorecon -Rvv /common/
ll -Zd /common/
smbpasswd -a rob
smbpasswd -a brian
vim /etc/samba/smb.conf 
89         workgroup = STAFF
94         interfaces = lo eth0 172.25.0.11/24
321 [common]
322 path = /common
323 writable = yes
324 browseable = yes
325 hosts allow = 172.25.0.
systemctl start smb
systemctl start nmb
systemctl status smb
systemctl status nmb
9 配置多用户SMB挂载
yum -y install samba-client cifs-utils
ll -d /mnt/multiuser
mkdir /mnt/multiuser
vi /etc/fstab 
//172.25.0.11/common /mnt/multiuser cifs defaults,username=brian,password=redhat,sec=ntlmssp,multiuser 0 0
mount -a
df -hT
10 配置NFS服务
yum -y install nfs-utils
systemctl enable nfs-server
systemctl enable nfs-secure-server
firewall-cmd --add-service=nfs --permanent 
firewall-cmd --add-service=mountd --permanent 
firewall-cmd --add-service=rpc-bind --permanent 
firewall-cmd --reload 
ll -Zd /public
ll -Zd /protected
mkdir /public
mkdir /protected
semanage fcontext -a -t public_content_t '/public(/.*)?'
semanage fcontext -a -t public_content_rw_t '/protected(/.*)?'
restorecon -Rvv /public
restorecon -Rvv /protected/
ll -Zd /public
ll -Zd /protected/
vi /etc/exports
/public 172.25.0.0/24(ro,sync)
/protected 172.25.0.0/24(rw,sync,sec=krb5p)
cd /protected/
ls
mkdir project
id ldapuser0
chown ldapuser0 project/
ll
vim /etc/sysconfig/nfs 
13 RPCNFSDARGS="-V 4.2"
wget -O /etc/krb5.keytab http://classroom.example.com/pub/keytabs/server0.keytab
systemctl start nfs-server.service 
systemctl start nfs-secure-server.service 
systemctl status nfs-server.service 
systemctl status nfs-secure-server.service 
exportfs 
11 挂载一个NFS共享
yum -y install nfs-utils
systemctl enable nfs-secure
mkdir /mnt/nfsmount
mkdir /mnt/nfssecure
wget -O /etc/krb5.keytab http://classroom.example.com/pub/keytabs/desktop0.keytab
vi /etc/sysconfig/nfs 
13 RPCNFSDARGS="-V 4.2"
vim /etc/fstab 
172.25.0.11:/public /mnt/nfsmount nfs defaults 0 0
172.25.0.11:/protected /mnt/nfssecure nfs defaults,sec=krb5p 0 0  
systemctl start nfs-secure.service 
systemctl status nfs-secure.service
showmount -e 172.25.0.11
mount -a
df -hT
12 实现一个web服务器
yum -y install httpd
systemctl  enable httpd
firewall-cmd --add-service=http --permanent 
firewall-cmd --reload
ll -Zd /var/www/
cd /var/www/
ls
mkdir server0
ll -Zd *
wget -O /var/www/server0/index.html http://classroom.example.com/materials/station.html
cd server0
ll -Z
vi /etc/httpd/conf.d/server0.conf

ServerName server0.example.com
DocumentRoot /var/www/server0


Require all granted
Require not host .my133t.org



systemctl start httpd
systemctl status httpd
hostname
13 配置安全web服务
yum -y install mod_ssl
firewall-cmd --add-service=https --permanent 
firewall-cmd --reload 
cd /etc/pki/tls/
wget http://classroom.example.com/pub/tls/certs/server0.crt
wget http://classroom.example.com/pub/tls/private/server0.key
ls
cd /etc/httpd/conf.d/
vi ssl.conf 
SSLCertificateFile /etc/pki/tls/server0.crt
SSLCertificateKeyFile /etc/pki/tls/server0.key
ServerName server0.example.com
DocumentRoot /var/www/server0


Require all granted
Require not host .my133t.org


systemctl restart httpd
systemctl status httpd
14 配置虚拟主机
cd /var/www
ls
mkdir virtual
wget -O /var/www/virtual/index.html http://classroom.example.com/materials/www.html
cd /etc/httpd/conf.d/
cp server0.conf www0.conf
vi www0.conf

ServerName www0.example.com
DocumentRoot /var/www/virtual


Require all granted



id floyd
useradd floyd
chown floyd /var/www/virtual/
ll -Zd /var/www/virtual/
semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/virtual(/.*)?'
restorecon -Rvv /var/www/virtual
ll -Zd /var/www/virtual/
15 配置web内容的访问==============================怎么验证?
cd /var/www/virtual/
mkdir private
wget -O /var/www/virtual/index.html http://classroom.example.com/materials/private.html
vi /etc/httpd/conf.d/www0.conf 


Require local


vi www0.conf 
systemctl restart httpd
vi www0.conf 
16 实现动态Web内容
yum -y install mod_wsgi
cd /var/www/server0/
wget http://classroom.example.com/materials/webinfo.wsgi
ls
cd /etc/httpd/conf.d/
cp server0.conf app.conf
vi app.conf 
listen 8908

ServerName webapp0.example.com
DocumentRoot /var/www/server0


Require all granted


WSGIScriptAlias /   /var/www/server0/webinfo.wsgi

semanage port -l|grep http
semanage port -a -t http_port_t -p tcp 8908
semanage port -l|grep http
firewall-cmd --add-port=8908/tcp --permanent 
firewall-cmd --reload 
systemctl restart httpd.service 
systemctl status httpd.service 
17 创建一个脚本
vim /root/foo.sh
#!/bin/bash


case $1 in 
redhat)
echo "fedora"
;;
fedora)
echo "redhat"
;;
*)
echo "$0 redhat | fedora"
;;
esac
chmod a+x /root/foo.sh 
/root/foo.sh redhat
/root/foo.sh fedora
/root/foo.sh 
/root/foo.sh sdfas
18 创建一个添加用户的脚本
wget http://classroom.example.com/materials/userlist
ls
vi /root/batchusers
#!/bin/bash
if [ $# -eq 1 ]
then
if [ -f $1 ]
then
while read user
do
/usr/sbin/useradd -s /bin/false $user &> /dev/null
echo "redhat" | passwd --stdin $user &> /dev/null
done < $1
exit 0
else
echo "Input file not found"
exit 3
fi
else
echo "Usage: /root/batchusers userfile"
exit 2
fi
chmod a+x /root/batchusers 
cat userlist 
id roy
/root/batchusers /root/userlist 
id roy
19 配置iSCSI服务端
服务器端
yum -y install targetd targetcli
systemctl enable targetd
fdisk -l
pvcreate /dev/sdb
vgcreate vgvg /dev/sdb
lvcreate -L 3G -n lvlv vgvg
firewall-cmd --add-port=3260/tcp --permanent 
firewall-cmd --reload 
客户端:
yum -y install iscsi-initiator-utils
cd /etc/iscsi/
ls
cat initiatorname.iscsi
iqn.1994-05.com.redhat:9e96ff23da37
服务器端
targetcli 
/> cd backstores/
/backstores> cd block
/backstores/block> create dev=/dev/vgvg/lvlv iscsi_store
/> cd iscsi
/iscsi> create iqn.2014-11.com.example:server0
/iscsi> cd iqn.2014-11.com.example:server0/
/iscsi/iqn.20...ample:server0> cd tpg1/luns
/iscsi/iqn.20...er0/tpg1/luns> create /backstores/block/iscsi_store
/iscsi/iqn.20.../tpg1/portals> create 172.25.0.11
/iscsi/iqn.20...er0/tpg1/acls> create iqn.1994-05.com.redhat:9e96ff23da37
/> saveconfig
/> exit
systemctl start targetd.service 
systemctl status targetd.service ===========faid???
netstat -antp |grep 3260
客户端
man iscsiadm
iscsiadm --mode discoverydb --type sendtargets --portal 172.25.0.11 --discover
iscsiadm --mode node --targetname iqn.2014-11.com.example:server0 --portal 172.25.0.11:3260 --login
fdisk -l
20 配置iSCSI的客户端
systemctl enable iscsi
systemctl enable iscsid
mkdir /mnt/data
fdisk /dev/sdc
创建一个2100M的分区/dev/sdc1
mkfs.ext4 /dev/sdc1 
blkid
vi /etc/fstab 
172.25.0.11:/public /mnt/nfsmount nfs defaults,_netdev 0 0
172.25.0.11:/protected /mnt/nfssecure nfs defaults,sec=krb5p,_netdev 0 0
UUID=8d910022-c525-4c86-8b46-c658a1c25b6d /mnt/data ext4 defaults,_netdev 0 0
mount -a
df -hT
21 部署MariaDB数据库
yum -y install mariadb mariadb-server
systemctl enable mariadb.service 
systemctl start mariadb.service 
MySQL_secure_installation 
wget http://content.example.com/courses/rhce/rhel7.0/materials/mariadb/mariadb.dump
mysql -u root -p
MariaDB [(none)]> create database legacy;
MariaDB [(none)]> use legacy;
MariaDB [legacy]> source /root/mariadb.dump
MariaDB [legacy]> show tables;
MariaDB [legacy]> grant select on legacy.* to 'Mary'@'localhost' identified by 'redhat';
MariaDB [legacy]> grant all on legacy.* to 'Legacy'@'localhost' identified by 'redhat';
MariaDB [legacy]> grant select on legacy.* to 'Report'@'localhost' identified by 'redhat';
MariaDB [legacy]> flush privileges;
MariaDB [legacy]> exit
22 数据查询填空
mysql -u root -p
MariaDB [(none)]> use legacy
MariaDB [legacy]> show tables;
MariaDB [legacy]> desc product;
MariaDB [legacy]> select id from product where name='RT-AC68U';
MariaDB [legacy]> desc category;
MariaDB [legacy]> select count(*) from category,product where category.id=product.id_category and category.name='Servers';
MariaDB [legacy]> exit


网页题目:redhat7rhce
文章路径:http://cdxtjz.cn/article/pdjdsc.html

其他资讯