redhat7rhce
先检查yum源是否可用。
1 两台主机配置selinux
vim /etc/sysconfig/selinux
setenforce 1
getenforce
2 两台主机配置防火墙对ssh的限制
firewall-config
permanent
rich rule
family=ipv4
element=service ssh
action=accept
source:172.25.0.0/24
rich rule
family=ipv4
element=service ssh
action=reject
with type=icmp-host-prohibited
source:172.17.10.0/24
options=reload firewall
3 配置IPv6地址
nmcli connection modify eth0 ipv6.addresses fddb:fe2a:ab1e::c0a8:2/64 ipv6.method manual
nmcli connection up eth0
ip addr
ping6 fddb:fe2a:ab1e::c0a8:1
ping 172.25.0.11
4 配置链路聚合==============ping不通是正常的???
nmcli connection add con-name team0 ifname team0 autoconnect yes type team config '{"runner":{"name":"activebackup"}}'
nmcli connection add con-name team0-1 ifname eth2 type team-slave master team0
nmcli connection add con-name team0-2 ifname eth3 type team-slave master team0
nmcli connection show
nmcli connection modify team0 ipv4.addresses 192.168.0.101/24 ipv4.method manual
nmcli connection up team0
ip addr
ping 192.168.0.102
5 自定义用户环境
alias qstat='/bin/ps -Ao pid,tt,user,fname,rsz'
qstat
vi /etc/profile
vi /etc/bashrc
unalias qstat
source /etc/profile
qstat
unalias qstat
source /etc/bashrc
qstat
6 配置本地邮件服务
yum -y install postfix
systemctl enable postfix
vi /etc/postfix/main.cf
165 mydestination =
116 inet_interfaces = loopback-only
316 relayhost = [classroom.example.com]
99 myorigin = $mydomain
83 mydomain = example.com
194 local_transport=error:only local transport
systemctl start postfix
systemctl status postfix
mail -s lihb student@classroom.example.com
tail /var/log/maillog
firefox
7 配置端口转发
firewall-config
permanent
rich rule
family=ipv4
element=forward-port 5423/tcp>80
source=172.25.0.0/24
rich rule
family=ipv4
element=forward-port 5423/udp>80
source=172.25.0.0/24
options=reload firewall
8 通过SMB共享目录
yum -y install samba samba-client cifs-utils
systemctl enable nmb
systemctl enable smb
firewall-cmd --add-service=samba --permanent
firewall-cmd --reload
ll -d /common
mkdir /common
id rob
id brian
useradd rob
useradd brian
setfacl -m u:rob:r-x /common/
setfacl -m u:brian:rwx /common/
ll -Zd /common/
semanage fcontext -a -t samba_share_t '/common(/.*)?'
restorecon -Rvv /common/
ll -Zd /common/
smbpasswd -a rob
smbpasswd -a brian
vim /etc/samba/smb.conf
89 workgroup = STAFF
94 interfaces = lo eth0 172.25.0.11/24
321 [common]
322 path = /common
323 writable = yes
324 browseable = yes
325 hosts allow = 172.25.0.
systemctl start smb
systemctl start nmb
systemctl status smb
systemctl status nmb
9 配置多用户SMB挂载
yum -y install samba-client cifs-utils
ll -d /mnt/multiuser
mkdir /mnt/multiuser
vi /etc/fstab
//172.25.0.11/common /mnt/multiuser cifs defaults,username=brian,password=redhat,sec=ntlmssp,multiuser 0 0
mount -a
df -hT
10 配置NFS服务
yum -y install nfs-utils
systemctl enable nfs-server
systemctl enable nfs-secure-server
firewall-cmd --add-service=nfs --permanent
firewall-cmd --add-service=mountd --permanent
firewall-cmd --add-service=rpc-bind --permanent
firewall-cmd --reload
ll -Zd /public
ll -Zd /protected
mkdir /public
mkdir /protected
semanage fcontext -a -t public_content_t '/public(/.*)?'
semanage fcontext -a -t public_content_rw_t '/protected(/.*)?'
restorecon -Rvv /public
restorecon -Rvv /protected/
ll -Zd /public
ll -Zd /protected/
vi /etc/exports
/public 172.25.0.0/24(ro,sync)
/protected 172.25.0.0/24(rw,sync,sec=krb5p)
cd /protected/
ls
mkdir project
id ldapuser0
chown ldapuser0 project/
ll
vim /etc/sysconfig/nfs
13 RPCNFSDARGS="-V 4.2"
wget -O /etc/krb5.keytab http://classroom.example.com/pub/keytabs/server0.keytab
systemctl start nfs-server.service
systemctl start nfs-secure-server.service
systemctl status nfs-server.service
systemctl status nfs-secure-server.service
exportfs
11 挂载一个NFS共享
yum -y install nfs-utils
systemctl enable nfs-secure
mkdir /mnt/nfsmount
mkdir /mnt/nfssecure
wget -O /etc/krb5.keytab http://classroom.example.com/pub/keytabs/desktop0.keytab
vi /etc/sysconfig/nfs
13 RPCNFSDARGS="-V 4.2"
vim /etc/fstab
172.25.0.11:/public /mnt/nfsmount nfs defaults 0 0
172.25.0.11:/protected /mnt/nfssecure nfs defaults,sec=krb5p 0 0
systemctl start nfs-secure.service
systemctl status nfs-secure.service
showmount -e 172.25.0.11
mount -a
df -hT
12 实现一个web服务器
yum -y install httpd
systemctl enable httpd
firewall-cmd --add-service=http --permanent
firewall-cmd --reload
ll -Zd /var/www/
cd /var/www/
ls
mkdir server0
ll -Zd *
wget -O /var/www/server0/index.html http://classroom.example.com/materials/station.html
cd server0
ll -Z
vi /etc/httpd/conf.d/server0.conf
ServerName server0.example.com
DocumentRoot /var/www/server0
Require all granted
Require not host .my133t.org
systemctl start httpd
systemctl status httpd
hostname
13 配置安全web服务
yum -y install mod_ssl
firewall-cmd --add-service=https --permanent
firewall-cmd --reload
cd /etc/pki/tls/
wget http://classroom.example.com/pub/tls/certs/server0.crt
wget http://classroom.example.com/pub/tls/private/server0.key
ls
cd /etc/httpd/conf.d/
vi ssl.conf
SSLCertificateFile /etc/pki/tls/server0.crt
SSLCertificateKeyFile /etc/pki/tls/server0.key
ServerName server0.example.com
DocumentRoot /var/www/server0
Require all granted
Require not host .my133t.org
systemctl restart httpd
systemctl status httpd
14 配置虚拟主机
cd /var/www
ls
mkdir virtual
wget -O /var/www/virtual/index.html http://classroom.example.com/materials/www.html
cd /etc/httpd/conf.d/
cp server0.conf www0.conf
vi www0.conf
ServerName www0.example.com
DocumentRoot /var/www/virtual
Require all granted
id floyd
useradd floyd
chown floyd /var/www/virtual/
ll -Zd /var/www/virtual/
semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/virtual(/.*)?'
restorecon -Rvv /var/www/virtual
ll -Zd /var/www/virtual/
15 配置web内容的访问==============================怎么验证?
cd /var/www/virtual/
mkdir private
wget -O /var/www/virtual/index.html http://classroom.example.com/materials/private.html
vi /etc/httpd/conf.d/www0.conf
Require local
vi www0.conf
systemctl restart httpd
vi www0.conf
16 实现动态Web内容
yum -y install mod_wsgi
cd /var/www/server0/
wget http://classroom.example.com/materials/webinfo.wsgi
ls
cd /etc/httpd/conf.d/
cp server0.conf app.conf
vi app.conf
listen 8908
ServerName webapp0.example.com
DocumentRoot /var/www/server0
Require all granted
WSGIScriptAlias / /var/www/server0/webinfo.wsgi
semanage port -l|grep http
semanage port -a -t http_port_t -p tcp 8908
semanage port -l|grep http
firewall-cmd --add-port=8908/tcp --permanent
firewall-cmd --reload
systemctl restart httpd.service
systemctl status httpd.service
17 创建一个脚本
vim /root/foo.sh
#!/bin/bash
case $1 in
redhat)
echo "fedora"
;;
fedora)
echo "redhat"
;;
*)
echo "$0 redhat | fedora"
;;
esac
chmod a+x /root/foo.sh
/root/foo.sh redhat
/root/foo.sh fedora
/root/foo.sh
/root/foo.sh sdfas
18 创建一个添加用户的脚本
wget http://classroom.example.com/materials/userlist
ls
vi /root/batchusers
#!/bin/bash
if [ $# -eq 1 ]
then
if [ -f $1 ]
then
while read user
do
/usr/sbin/useradd -s /bin/false $user &> /dev/null
echo "redhat" | passwd --stdin $user &> /dev/null
done < $1
exit 0
else
echo "Input file not found"
exit 3
fi
else
echo "Usage: /root/batchusers userfile"
exit 2
fi
chmod a+x /root/batchusers
cat userlist
id roy
/root/batchusers /root/userlist
id roy
19 配置iSCSI服务端
服务器端
yum -y install targetd targetcli
systemctl enable targetd
fdisk -l
pvcreate /dev/sdb
vgcreate vgvg /dev/sdb
lvcreate -L 3G -n lvlv vgvg
firewall-cmd --add-port=3260/tcp --permanent
firewall-cmd --reload
客户端:
yum -y install iscsi-initiator-utils
cd /etc/iscsi/
ls
cat initiatorname.iscsi
iqn.1994-05.com.redhat:9e96ff23da37
服务器端
targetcli
/> cd backstores/
/backstores> cd block
/backstores/block> create dev=/dev/vgvg/lvlv iscsi_store
/> cd iscsi
/iscsi> create iqn.2014-11.com.example:server0
/iscsi> cd iqn.2014-11.com.example:server0/
/iscsi/iqn.20...ample:server0> cd tpg1/luns
/iscsi/iqn.20...er0/tpg1/luns> create /backstores/block/iscsi_store
/iscsi/iqn.20.../tpg1/portals> create 172.25.0.11
/iscsi/iqn.20...er0/tpg1/acls> create iqn.1994-05.com.redhat:9e96ff23da37
/> saveconfig
/> exit
systemctl start targetd.service
systemctl status targetd.service ===========faid???
netstat -antp |grep 3260
客户端
man iscsiadm
iscsiadm --mode discoverydb --type sendtargets --portal 172.25.0.11 --discover
iscsiadm --mode node --targetname iqn.2014-11.com.example:server0 --portal 172.25.0.11:3260 --login
fdisk -l
20 配置iSCSI的客户端
systemctl enable iscsi
systemctl enable iscsid
mkdir /mnt/data
fdisk /dev/sdc
创建一个2100M的分区/dev/sdc1
mkfs.ext4 /dev/sdc1
blkid
vi /etc/fstab
172.25.0.11:/public /mnt/nfsmount nfs defaults,_netdev 0 0
172.25.0.11:/protected /mnt/nfssecure nfs defaults,sec=krb5p,_netdev 0 0
UUID=8d910022-c525-4c86-8b46-c658a1c25b6d /mnt/data ext4 defaults,_netdev 0 0
mount -a
df -hT
21 部署MariaDB数据库
yum -y install mariadb mariadb-server
systemctl enable mariadb.service
systemctl start mariadb.service
MySQL_secure_installation
wget http://content.example.com/courses/rhce/rhel7.0/materials/mariadb/mariadb.dump
mysql -u root -p
MariaDB [(none)]> create database legacy;
MariaDB [(none)]> use legacy;
MariaDB [legacy]> source /root/mariadb.dump
MariaDB [legacy]> show tables;
MariaDB [legacy]> grant select on legacy.* to 'Mary'@'localhost' identified by 'redhat';
MariaDB [legacy]> grant all on legacy.* to 'Legacy'@'localhost' identified by 'redhat';
MariaDB [legacy]> grant select on legacy.* to 'Report'@'localhost' identified by 'redhat';
MariaDB [legacy]> flush privileges;
MariaDB [legacy]> exit
22 数据查询填空
mysql -u root -p
MariaDB [(none)]> use legacy
MariaDB [legacy]> show tables;
MariaDB [legacy]> desc product;
MariaDB [legacy]> select id from product where name='RT-AC68U';
MariaDB [legacy]> desc category;
MariaDB [legacy]> select count(*) from category,product where category.id=product.id_category and category.name='Servers';
MariaDB [legacy]> exit
当前名称:redhat7rhce
路径分享:http://azwzsj.com/article/pdjdsc.html
1 两台主机配置selinux
vim /etc/sysconfig/selinux
setenforce 1
getenforce
2 两台主机配置防火墙对ssh的限制
firewall-config
permanent
rich rule
family=ipv4
element=service ssh
action=accept
source:172.25.0.0/24
rich rule
family=ipv4
element=service ssh
action=reject
with type=icmp-host-prohibited
source:172.17.10.0/24
options=reload firewall
3 配置IPv6地址
nmcli connection modify eth0 ipv6.addresses fddb:fe2a:ab1e::c0a8:2/64 ipv6.method manual
nmcli connection up eth0
ip addr
ping6 fddb:fe2a:ab1e::c0a8:1
ping 172.25.0.11
4 配置链路聚合==============ping不通是正常的???
nmcli connection add con-name team0 ifname team0 autoconnect yes type team config '{"runner":{"name":"activebackup"}}'
nmcli connection add con-name team0-1 ifname eth2 type team-slave master team0
nmcli connection add con-name team0-2 ifname eth3 type team-slave master team0
nmcli connection show
nmcli connection modify team0 ipv4.addresses 192.168.0.101/24 ipv4.method manual
nmcli connection up team0
ip addr
ping 192.168.0.102
5 自定义用户环境
alias qstat='/bin/ps -Ao pid,tt,user,fname,rsz'
qstat
vi /etc/profile
vi /etc/bashrc
unalias qstat
source /etc/profile
qstat
unalias qstat
source /etc/bashrc
qstat
6 配置本地邮件服务
yum -y install postfix
systemctl enable postfix
vi /etc/postfix/main.cf
165 mydestination =
116 inet_interfaces = loopback-only
316 relayhost = [classroom.example.com]
99 myorigin = $mydomain
83 mydomain = example.com
194 local_transport=error:only local transport
systemctl start postfix
systemctl status postfix
mail -s lihb student@classroom.example.com
tail /var/log/maillog
firefox
7 配置端口转发
firewall-config
permanent
rich rule
family=ipv4
element=forward-port 5423/tcp>80
source=172.25.0.0/24
rich rule
family=ipv4
element=forward-port 5423/udp>80
source=172.25.0.0/24
options=reload firewall
8 通过SMB共享目录
yum -y install samba samba-client cifs-utils
systemctl enable nmb
systemctl enable smb
firewall-cmd --add-service=samba --permanent
firewall-cmd --reload
ll -d /common
mkdir /common
id rob
id brian
useradd rob
useradd brian
setfacl -m u:rob:r-x /common/
setfacl -m u:brian:rwx /common/
ll -Zd /common/
semanage fcontext -a -t samba_share_t '/common(/.*)?'
restorecon -Rvv /common/
ll -Zd /common/
smbpasswd -a rob
smbpasswd -a brian
vim /etc/samba/smb.conf
89 workgroup = STAFF
94 interfaces = lo eth0 172.25.0.11/24
321 [common]
322 path = /common
323 writable = yes
324 browseable = yes
325 hosts allow = 172.25.0.
systemctl start smb
systemctl start nmb
systemctl status smb
systemctl status nmb
9 配置多用户SMB挂载
yum -y install samba-client cifs-utils
ll -d /mnt/multiuser
mkdir /mnt/multiuser
vi /etc/fstab
//172.25.0.11/common /mnt/multiuser cifs defaults,username=brian,password=redhat,sec=ntlmssp,multiuser 0 0
mount -a
df -hT
10 配置NFS服务
yum -y install nfs-utils
systemctl enable nfs-server
systemctl enable nfs-secure-server
firewall-cmd --add-service=nfs --permanent
firewall-cmd --add-service=mountd --permanent
firewall-cmd --add-service=rpc-bind --permanent
firewall-cmd --reload
ll -Zd /public
ll -Zd /protected
mkdir /public
mkdir /protected
semanage fcontext -a -t public_content_t '/public(/.*)?'
semanage fcontext -a -t public_content_rw_t '/protected(/.*)?'
restorecon -Rvv /public
restorecon -Rvv /protected/
ll -Zd /public
ll -Zd /protected/
vi /etc/exports
/public 172.25.0.0/24(ro,sync)
/protected 172.25.0.0/24(rw,sync,sec=krb5p)
cd /protected/
ls
mkdir project
id ldapuser0
chown ldapuser0 project/
ll
vim /etc/sysconfig/nfs
13 RPCNFSDARGS="-V 4.2"
wget -O /etc/krb5.keytab http://classroom.example.com/pub/keytabs/server0.keytab
systemctl start nfs-server.service
systemctl start nfs-secure-server.service
systemctl status nfs-server.service
systemctl status nfs-secure-server.service
exportfs
11 挂载一个NFS共享
yum -y install nfs-utils
systemctl enable nfs-secure
mkdir /mnt/nfsmount
mkdir /mnt/nfssecure
wget -O /etc/krb5.keytab http://classroom.example.com/pub/keytabs/desktop0.keytab
vi /etc/sysconfig/nfs
13 RPCNFSDARGS="-V 4.2"
vim /etc/fstab
172.25.0.11:/public /mnt/nfsmount nfs defaults 0 0
172.25.0.11:/protected /mnt/nfssecure nfs defaults,sec=krb5p 0 0
systemctl start nfs-secure.service
systemctl status nfs-secure.service
showmount -e 172.25.0.11
mount -a
df -hT
12 实现一个web服务器
yum -y install httpd
systemctl enable httpd
firewall-cmd --add-service=http --permanent
firewall-cmd --reload
ll -Zd /var/www/
cd /var/www/
ls
mkdir server0
ll -Zd *
wget -O /var/www/server0/index.html http://classroom.example.com/materials/station.html
cd server0
ll -Z
vi /etc/httpd/conf.d/server0.conf
ServerName server0.example.com
DocumentRoot /var/www/server0
Require all granted
Require not host .my133t.org
systemctl start httpd
systemctl status httpd
hostname
13 配置安全web服务
yum -y install mod_ssl
firewall-cmd --add-service=https --permanent
firewall-cmd --reload
cd /etc/pki/tls/
wget http://classroom.example.com/pub/tls/certs/server0.crt
wget http://classroom.example.com/pub/tls/private/server0.key
ls
cd /etc/httpd/conf.d/
vi ssl.conf
SSLCertificateFile /etc/pki/tls/server0.crt
SSLCertificateKeyFile /etc/pki/tls/server0.key
ServerName server0.example.com
DocumentRoot /var/www/server0
Require all granted
Require not host .my133t.org
systemctl restart httpd
systemctl status httpd
14 配置虚拟主机
cd /var/www
ls
mkdir virtual
wget -O /var/www/virtual/index.html http://classroom.example.com/materials/www.html
cd /etc/httpd/conf.d/
cp server0.conf www0.conf
vi www0.conf
ServerName www0.example.com
DocumentRoot /var/www/virtual
Require all granted
id floyd
useradd floyd
chown floyd /var/www/virtual/
ll -Zd /var/www/virtual/
semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/virtual(/.*)?'
restorecon -Rvv /var/www/virtual
ll -Zd /var/www/virtual/
15 配置web内容的访问==============================怎么验证?
cd /var/www/virtual/
mkdir private
wget -O /var/www/virtual/index.html http://classroom.example.com/materials/private.html
vi /etc/httpd/conf.d/www0.conf
Require local
vi www0.conf
systemctl restart httpd
vi www0.conf
16 实现动态Web内容
yum -y install mod_wsgi
cd /var/www/server0/
wget http://classroom.example.com/materials/webinfo.wsgi
ls
cd /etc/httpd/conf.d/
cp server0.conf app.conf
vi app.conf
listen 8908
ServerName webapp0.example.com
DocumentRoot /var/www/server0
Require all granted
WSGIScriptAlias / /var/www/server0/webinfo.wsgi
semanage port -l|grep http
semanage port -a -t http_port_t -p tcp 8908
semanage port -l|grep http
firewall-cmd --add-port=8908/tcp --permanent
firewall-cmd --reload
systemctl restart httpd.service
systemctl status httpd.service
17 创建一个脚本
vim /root/foo.sh
#!/bin/bash
case $1 in
redhat)
echo "fedora"
;;
fedora)
echo "redhat"
;;
*)
echo "$0 redhat | fedora"
;;
esac
chmod a+x /root/foo.sh
/root/foo.sh redhat
/root/foo.sh fedora
/root/foo.sh
/root/foo.sh sdfas
18 创建一个添加用户的脚本
wget http://classroom.example.com/materials/userlist
ls
vi /root/batchusers
#!/bin/bash
if [ $# -eq 1 ]
then
if [ -f $1 ]
then
while read user
do
/usr/sbin/useradd -s /bin/false $user &> /dev/null
echo "redhat" | passwd --stdin $user &> /dev/null
done < $1
exit 0
else
echo "Input file not found"
exit 3
fi
else
echo "Usage: /root/batchusers userfile"
exit 2
fi
chmod a+x /root/batchusers
cat userlist
id roy
/root/batchusers /root/userlist
id roy
19 配置iSCSI服务端
服务器端
yum -y install targetd targetcli
systemctl enable targetd
fdisk -l
pvcreate /dev/sdb
vgcreate vgvg /dev/sdb
lvcreate -L 3G -n lvlv vgvg
firewall-cmd --add-port=3260/tcp --permanent
firewall-cmd --reload
客户端:
yum -y install iscsi-initiator-utils
cd /etc/iscsi/
ls
cat initiatorname.iscsi
iqn.1994-05.com.redhat:9e96ff23da37
服务器端
targetcli
/> cd backstores/
/backstores> cd block
/backstores/block> create dev=/dev/vgvg/lvlv iscsi_store
/> cd iscsi
/iscsi> create iqn.2014-11.com.example:server0
/iscsi> cd iqn.2014-11.com.example:server0/
/iscsi/iqn.20...ample:server0> cd tpg1/luns
/iscsi/iqn.20...er0/tpg1/luns> create /backstores/block/iscsi_store
/iscsi/iqn.20.../tpg1/portals> create 172.25.0.11
/iscsi/iqn.20...er0/tpg1/acls> create iqn.1994-05.com.redhat:9e96ff23da37
/> saveconfig
/> exit
systemctl start targetd.service
systemctl status targetd.service ===========faid???
netstat -antp |grep 3260
客户端
man iscsiadm
iscsiadm --mode discoverydb --type sendtargets --portal 172.25.0.11 --discover
iscsiadm --mode node --targetname iqn.2014-11.com.example:server0 --portal 172.25.0.11:3260 --login
fdisk -l
20 配置iSCSI的客户端
systemctl enable iscsi
systemctl enable iscsid
mkdir /mnt/data
fdisk /dev/sdc
创建一个2100M的分区/dev/sdc1
mkfs.ext4 /dev/sdc1
blkid
vi /etc/fstab
172.25.0.11:/public /mnt/nfsmount nfs defaults,_netdev 0 0
172.25.0.11:/protected /mnt/nfssecure nfs defaults,sec=krb5p,_netdev 0 0
UUID=8d910022-c525-4c86-8b46-c658a1c25b6d /mnt/data ext4 defaults,_netdev 0 0
mount -a
df -hT
21 部署MariaDB数据库
yum -y install mariadb mariadb-server
systemctl enable mariadb.service
systemctl start mariadb.service
MySQL_secure_installation
wget http://content.example.com/courses/rhce/rhel7.0/materials/mariadb/mariadb.dump
mysql -u root -p
MariaDB [(none)]> create database legacy;
MariaDB [(none)]> use legacy;
MariaDB [legacy]> source /root/mariadb.dump
MariaDB [legacy]> show tables;
MariaDB [legacy]> grant select on legacy.* to 'Mary'@'localhost' identified by 'redhat';
MariaDB [legacy]> grant all on legacy.* to 'Legacy'@'localhost' identified by 'redhat';
MariaDB [legacy]> grant select on legacy.* to 'Report'@'localhost' identified by 'redhat';
MariaDB [legacy]> flush privileges;
MariaDB [legacy]> exit
22 数据查询填空
mysql -u root -p
MariaDB [(none)]> use legacy
MariaDB [legacy]> show tables;
MariaDB [legacy]> desc product;
MariaDB [legacy]> select id from product where name='RT-AC68U';
MariaDB [legacy]> desc category;
MariaDB [legacy]> select count(*) from category,product where category.id=product.id_category and category.name='Servers';
MariaDB [legacy]> exit
当前名称:redhat7rhce
路径分享:http://azwzsj.com/article/pdjdsc.html