RHCE考试(Linux7)
2024-10-08 18:07:58
博主本人平和谦逊,热爱学习,读者阅读过程中发现错误的地方,请帮忙指出,感激不尽
文章说明:本文是作者原创,请尊重个人劳动成果,转载需注明出处,博主19年通过考试,成绩是290.丢失的十分是没有设置时间
一、环境模拟
- * server0.example.com :172.25.0.11
- * desktop0.example.com :172.25.0.10
- * 子网掩码为:255.255.255.0
- * 默认网关为:172.25.0.254
- 考试中使用的 Red Hat Enterprise Linux 操作系统版本对应的
- 分发包可以通过YUM在下面的链接中找到:http://classroom.example.com/content/rhel7.0/x86_64/dvd
- 确保您的两台虚拟机的 SELinux 处于强制启用模式
解题:
[root@server0 ~]# vim /etc/yum.repos.d/classroom.example.com_content_rhel7.0_x86_64_dvd.repo
在尾部添加:
gpgcheck=
[root@server0 ~]# yum clean all
[root@server0 ~]# yum makecache 两台机器先配置SELINUX:
[root@server0 ~]# vim /etc/selinux/config
修改:
SELINUX=enforcing
[root@server0 ~]# setenforce 1 两台机配置chronyd:
添加:
[root@desktop0 ~]# vim /etc/chrony.conf
server classroom.example.com iburst [root@desktop0 ~]# systemctl enable chronyd
[root@desktop0 ~]# systemctl restart chronyd
[root@desktop0 ~]# chronyc sources -v 将网卡全部设置为静态:
[root@server0 ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0 DEVICE=eth0
BOOTPROTO=static
ONBOOT=yes
TYPE=Ethernet
NAME=eth0
IPADDR1=172.25.0.11
PREFIX=
GATEWAY=172.25.0.254
DNS1=172.25.254.254 DEVICE=eth0
BOOTPROTO=static
ONBOOT=yes
TYPE=Ethernet
NAME=eth0
IPADDR1=172.25.0.10
PREFIX=
GATEWAY=172.25.0.254
DNS1=172.25.254.254
二、配置SSH
- 用户能够从域 example.com 内的客户端 SSH 远程访问您的两个虚拟机系统;
- 在域 my133t.org 内的客户端不能访问您的两个虚拟机系统
解题:
在两台机器执行:
server0:
[root@server0 ~]# firewall-cmd --permanent --add-rich-rule "rule family="ipv4" source address="172.25.0.0/24" service name="ssh" accept
[root@server0 ~]# firewall-cmd --permanent --add-rich-rule "rule family="ipv4" source address="172.24.0.0/24" service name="ssh" reject"
[root@server0 ~]# firewall-cmd --reload
desktop0:
[root@desktop0 ~]# firewall-cmd --permanent --add-rich-rule "rule family="ipv4" source address="172.25.0.0/24" service name="ssh" accept"
[root@desktop0 ~]# firewall-cmd --permanent --add-rich-rule "rule family="ipv4" source address="172.24.0.0/24" service name="ssh" reject"
[root@desktop0 ~]# firewall-cmd --reload
三、配置端口转发
- 在 172.25.0.0/24 网络中的系统,访问 server0 的本地端口 9394 将被转发到本地端口 443 ;
- 此设置必须永久有效。
解题:
[root@server0 ~]# firewall-cmd --permanent --add-rich-rule "rule family="ipv4" source address="172.25.0.0/24" forward-port to-port="443" protocol="tcp" port="9394" accept"
[root@server0 ~]# firewall-cmd --reload
四、配置链路聚合
- 在 server0.example.com 和 desktop0.example.com 之间按以下要求配置一个链路 team1 :
- 此链路使用接口 eth1和 eth2;
- 此链路在一个接口失效时仍然能工作;
- 此链路在 server0 使用下面的地址 :172.26.20.10/255.255.255.0 ;
- 此链路在 desktop0 使用下面的地址 :172.26.20.20/255.255.255.0 ;
- 此链路在系统重启之后依然保持正常状态。
解题:
server:
[root@server0 ~]# nmcli connection add con-name team1 type team ifname team1 config '{"runner": {"name": "activebackup"}}'
[root@server0 ~]# nmcli connection modify team1 ipv4.addresses "172.26.20.10/24" ipv4.method manual connection.autoconnect yes
[root@server0 ~]# nmcli connection add con-name team1-slave1 ifname eth1 type team-slave master team1
[root@server0 ~]# nmcli connection add con-name team1-slave2 ifname eth2 type team-slave master team1
[root@server0 ~]# nmcli connection reload
[root@server0 ~]# nmcli connection up team1
[root@server0 ~]# nmcli connection up team1-slave1
[root@server0 ~]# nmcli connection up team1-slave2
[root@server0 ~]# teamdctl team1 state
setup:
runner: activebackup
ports:
eth2
link watches:
link summary: up
instance[link_watch_0]:
name: ethtool
link: up
eth1
link watches:
link summary: up
instance[link_watch_0]:
name: ethtool
link: up
runner:
active port: eth1
[root@server0 ~]# desktop:
[root@desktop0 ~]# nmcli connection add con-name team1 type team ifname team1 config '{"runner": {"name": "activebackup"}}'
[root@desktop0 ~]# nmcli connection modify team1 ipv4.addresses "172.26.20.20/24" ipv4.method manual connection.autoconnect yes
[root@desktop0 ~]# nmcli connection add con-name team1-slave2 ifname eth2 type team-slave master team1
[root@desktop0 ~]# nmcli connection add con-name team1-slave2 ifname eth2 type team-slave master team1
[root@desktop0 ~]# nmcli connection add con-name team1-slave1 ifname eth1 type team-slave master team1
[root@desktop0 ~]# nmcli connection reload
[root@desktop0 ~]# nmcli connection up team1
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/)
[root@desktop0 ~]# nmcli connection up team1
[root@desktop0 ~]# nmcli connection up team1-slave1
[root@desktop0 ~]# nmcli connection up team1-slave2
[root@desktop0 ~]#
[root@desktop0 ~]# teamdctl team1 state
setup:
runner: activebackup
ports:
eth1
link watches:
link summary: up
instance[link_watch_0]:
name: ethtool
link: up
eth2
link watches:
link summary: up
instance[link_watch_0]:
name: ethtool
link: up
runner:
active port: eth1
五、配置ipv6
- 在您的两个考试系统上配置接口 eth0 使用下列 IPv6 地址:
- server0 上的地址应该是 2019:ce11::1748/64 ;
- desktop0 上的地址应该是 2019:ce11::1757/64 ;
- 两个系统必须能与网络 2019:ce11/64 内的系统通信;
- 地址必须在重启系统后依旧生效;
- 两个系统必须保持当前的 IPv4 地址并仍然能够通信。
解题:
server:
[root@server0 ~]# nmcli connection modify eth0 ipv6.addresses "2019:ce11::1748/64" ipv6.method manual connection.autoconnect yes
[root@server0 ~]# nmcli connection reload
[root@server0 ~]# service network restart
[root@server0 ~]# nmcli connection reload
[root@server0 ~]# nmcli connection up team1 (配置完成ipv6需要重启链路聚合)
[root@server0 ~]# nmcli connection up team1-slave1
[root@server0 ~]# nmcli connection up team1-slave2 desktop:
[root@desktop0 ~]# nmcli connection modify eth0 ipv6.addresses "2019:ce11::1757/64" ipv6.method manual connection.autoconnect yes
[root@desktop0 ~]# nmcli connection reload
[root@desktop0 ~]# service network restart
[root@desktop0 ~]# nmcli connection up team1 (配置完成ipv6需要重启链路聚合)
[root@desktop0 ~]# nmcli connection up team1-slave1
[root@desktop0 ~]# nmcli connection up team1-slave2
六、配置邮件服务
- 在系统 server0 和 desktop0 上配置邮件服务,满足以下要求:
- 这些系统不接收外部发送来的邮件;
- 在这些系统上本地发送的任何邮件都会自动路由到 smtp0.example.com ;
- 从这些系统上发送的邮件显示来自于 desktop0.example.com ;
- 您可以通过在 server0.example.com 发送邮件到本地用户 student 来测试您的配置,并将系统 desktop0.example.com 配置为后端邮件服务器,确保可接收并投递来自 server0 的邮件。
解题:
server:
[root@server0 ~]# systemctl enable postfix
[root@server0 ~]# firewall-cmd --permanent --add-rich-rule "rule family="ipv4" source address="172.25.0.0/24" service name="stmp" accept"
success
[root@server0 ~]# firewall-cmd --permanent --add-rich-rule "rule family="ipv4" source address="172.25.0.0/24" port port="25" protocol="tcp" accept"
success
[root@server0 ~]# firewall-cmd --reload
success
[root@server0 ~]#
[root@server0 ~]# postconf -e 'inet_interfaces=loopback-only'
[root@server0 ~]# postconf -e 'relayhost=[smtp0.example.com]'
[root@server0 ~]# postconf -e 'mydestination='
[root@server0 ~]# postconf -e 'myorigin=desktop0.example.com'
[root@server0 ~]# systemctl restart postfix.service desktop:
[root@desktop0 ~]# systemctl enable postfix
[root@desktop0 ~]# firewall-cmd --permanent --add-rich-rule "rule family="ipv4" source address="172.25.0.0/24" service name="stmp" accept"
[root@desktop0 ~]# firewall-cmd --permanent --add-rich-rule "rule family="ipv4" source address="172.25.0.0/24" port port="25" protocol="tcp" accept"
[root@desktop0 ~]# firewall-cmd --reload
[root@desktop0 ~]# postconf -e 'inet_interfaces=loopback-only'
[root@desktop0 ~]# postconf -e 'relayhost=[smtp0.example.com]'
[root@desktop0 ~]# postconf -e 'mydestination='
[root@desktop0 ~]# postconf -e 'myorigin=desktop0.example.com'
[root@desktop0 ~]# systemctl restart postfix.service
[root@desktop0 ~]# echo 'hello'|mail -s testmail student
七、SMB
- 在 server0 通过 SMB 共享 /exam_share 目录:
- 您的 SMB 服务器必须是 WORKSTAFF 工作组的一个成员;
- 共享名必须为 exam share ;
- 只有 example.com 域内的客户端可以访问 exam_share 共享;
- exam_share 必须是可以浏览的;
- 用户 harris 必须能够读取共享中的内容,如果需要的话,验证的密码是 123456。
解题:
server:
[root@server0 ~]# yum install samba samba-client -y
[root@server0 ~]# systemctl enable nmb smb
[root@server0 ~]# firewall-cmd --permanent --add-rich-rule "rule family="ipv4" source address="172.25.0.0/24" service name="samba" accept"
success
[root@server0 ~]# firewall-cmd --reload
[root@server0 ~]# mkdir /exam_share -p
[root@server0 ~]# semanage fcontext -a -t 'samba_share_t' '/exam_share(/.*)?'
[root@server0 ~]# restorecon -Rv /exam_share/
restorecon reset /exam_share context unconfined_u:object_r:default_t:s0->unconfined_u:object_r:samba_share_t:s0
[root@server0 ~]#
[root@server0 ~]# smbpasswd -a harris [root@server0 ~]# vim /etc/samba/smb.conf
workgroup = WORKSTAFF
[exam_share]
path = /exam_share
browseable = yes desktop:
[root@desktop0 ~]# yum install samba-client -y
[root@desktop0 ~]# smbclient //172.25.0.11/exam_share -U harris
Enter harris's password:
Domain=[WORKSTAFF] OS=[Unix] Server=[Samba 4.1.]
smb: \> ls
八、SMB多用户挂载
- 在 server0 通过 SMB 共享目录 /exam_devops,并满足以下要求:
- 共享名为 exam devops ;
- 共享目录 exam_devops 只能被 example.com 域中的客户端使用;
- 共享目录 exam_devops 必须可以被浏览;
- 用户 johnson 必须能以读的方式访问此共享,该问密码是 123456 ;
- 用户 kristina 必须能以读写的方式访问此共享,访问密码是 123456 ;
- 此共享永久挂载在 desktop0.example.com 上的/mnt/exam_devops 目录,并使用用户 johnson 作为认证。任何用户可以通过用户 kristina 来临时获取写的权限。
解题:
[root@server0 ~]# semanage fcontext -a -t 'samba_share_t' '/exam_devops(/.*)?'
[root@server0 ~]# restorecon -Rv /exam_devops/
[root@server0 ~]#
[root@server0 ~]# setfacl -Rm u:kristina:rwX /exam_devops [root@server0 ~]# vim /etc/samba/smb.conf
[exam_devops]
path = /exam_devops
browseable = yes
write list = kristina
[root@server0 ~]# systemctl restart nmb smb
[root@server0 ~]# smbpasswd -a kristina
[root@server0 ~]# smbpasswd -a johnson desktop:
[root@desktop0 ~]# yum install cifs-utils -y
[root@desktop0 ~]# mkdir -p /mnt/exam_devops
[root@desktop0 ~]# vim /etc/fstab
//172.25.0.11/exam_devops /mnt/exam_devops cifs defaults,multiuser,username=johnson,password=exam@1748,sec=ntlmssp 0 0
[root@desktop0 ~]# mount -av
/ : ignored
/mnt/iscsi_storage : already mounted
/mnt/exam_devops : already mounted
[root@desktop0 ~]# su student
[student@desktop0 exam_devops]$ ls
ls: reading directory .: Permission denied
[student@desktop0 exam_devops]$ cifscreds add 172.25.0.11 -u kristina
[student@desktop0 exam_devops]$ touch xx
[student@desktop0 exam_devops]$ ll
total
-rw-r--r--. Nov : test01
-rw-r--r--. Nov : xx
九、NFS
- 在 server0 配置 NFS 服务,要求如下:
- 以只读的方式共享目录 /nfspublic ,只能被 example.com 域中的系统访问;
- 以读写的方式共享目录 /nfsprotected ,只能被 example.com 域中的系统访问;
- 访问 /nfsprotected 需要通过 Kerberos 安全加密,您可以使用下面 URL 提供的密钥:http://classroom.example.com/pub/keytabs/server0.keytab ;
- 目录 /nfsprotected 应该包含名为 nfsproject 拥有人为 ldapuser0 的子目录;
- 用户 ldapuser0 能以读写方式访问 /nfsprotected/nfsproject 。
解题:
[root@server0 ~]# yum install nfs-utils -y
[root@server0 ~]# firewall-cmd --permanent --add-service=nfs
success
[root@server0 ~]# firewall-cmd --permanent --add-service=mountd
success
[root@server0 ~]# firewall-cmd --permanent --add-service=rpc-bind
[root@server0 ~]# firewall-cmd --reload
[root@server0 ~]# systemctl enable nfs-server.service nfs-secure-server.service
[root@server0 ~]# vim /etc/sysconfig/nfs
RPCNFSDARGS="-V 4.2"
[root@server0 ~]# wget -O /etc/krb5.keytab http://classroom.example.com/pub/keytabs/server0.keytab
[root@server0 ~]# systemctl restart nfs-secure-server.service
[root@server0 ~]# systemctl restart nfs-server.service [root@server0 ~]# mkdir -p /nfspublic
[root@server0 ~]# mkdir -p /nfsprotected/nfsproject
[root@server0 ~]# useradd ldapuser0
[root@server0 ~]# chown -R ldapuser0 /nfsprotected/nfsproject
[root@server0 ~]# ls -ldZ /nfsprotected/nfsproject/
drwxr-xr-x. ldapuser0 root unconfined_u:object_r:default_t:s0 /nfsprotected/nfsproject/
[root@server0 ~]#
[root@server0 ~]# semanage fcontext -a -t 'public_content_t' '/nfsprotected(/.*)?'
[root@server0 ~]# restorecon -Rv /nfsprotected/
restorecon reset /nfsprotected context unconfined_u:object_r:default_t:s0->unconfined_u:object_r:public_content_t:s0
restorecon reset /nfsprotected/nfsproject context unconfined_u:object_r:default_t:s0->unconfined_u:object_r:public_content_t:s0
[root@server0 ~]# systemctl restart nfs-server.service
[root@server0 ~]# systemctl restart nfs-secure-server.service
[root@server0 ~]#
[root@server0 ~]# vim /etc/exports
/nfspublic 172.25.0.0/(ro,sync)
/nfsprotected 172.25.0.0/(rw,sec=krb5p,sync)
[root@server0 ~]#
[root@server0 ~]# exportfs -avr
exporting 172.25.0.0/:/nfsprotected
exporting 172.25.0.0/:/nfspublic
[root@server0 ~]#
十、NFS挂载
- 在 desktop0 上挂载一个来自 server0.example.com 的共享,并符合下列要求:
- /nfspublic 挂载在下面的目录上 /mnt/nfsmount ;
- /nfsprotected 挂载在下面的目录上 /mnt/nfssecure 并使用安全的方式,密钥下载 URL:http://classroom.example.com/pub/keytabs/desktop0.keytab
- 用户 ldapuser0 能够在/mnt/nfssecure/nfsproject 上创建文件;
- 这些文件系统在系统启动时自动挂载。
解题:
[root@desktop0 ~]# mkdir -p /mnt/nfsmount
[root@desktop0 ~]# mkdir -p /mnt/nfssecure
root@desktop0 ~]# showmount -e 172.25.0.11
Export list for 172.25.0.11:
/nfsprotected 172.25.0.0/
/nfspublic 172.25.0.0/
[root@desktop0 ~]#
[root@desktop0 ~]# vim /etc/fstab
172.25.0.11:/nfspublic /mnt/nfsmount nfs defaults
[root@desktop0 ~]# mount -av
/mnt/nfsmount : successfully mounted
[root@desktop0 ~]# wget -O /etc/krb5.keytab http://classroom.example.com/pub/keytabs/desktop0.keytab
[root@desktop0 ~]# systemctl enable nfs-secure
[root@desktop0 ~]# systemctl restart nfs-secure
[root@desktop0 ~]# vim /etc/fstab
172.25.0.11:/nfsprotected /mnt/nfssecure nfs defaults,vers=4.2,sec=krb5p,sync (执行 lab nfskrb5 setup,开启ldap和keyboard服务可以挂载,考试时是在设置好这个环境的基础上进行) [root@desktop0 ~]# mount -av
/ : ignored
/mnt/iscsi_storage : already mounted
/mnt/exam_devops : already mounted
/mnt/nfsmount : already mounted
[root@desktop0 ~]#
十一、配置web服务器
- 为 http://server0.example.com 配置 Web 服务器:
- 从 URL 地址 http://classroom.example.com/pub/materials/station.html 下载一个主页文件,并将该文件重命名为 index.html (此处请新建文件);
- 将文件 index.html 拷贝到您的 Web 服务器的 DocumentRoot 目录下;
- 不要对文件 index.html 的内容进行任何修改。
解题:
[root@server0 ~]# yum install http\* -y
[root@server0 ~]# systemctl enable httpd.service
[root@server0 ~]# firewall-cmd --permanent --add-rich-rule "rule family="ipv4" source address="172.25.0.0/24" service name="http" accept"
[root@server0 ~]# firewall-cmd --reload
[root@server0 ~]# cd /etc/httpd/conf.d/
[root@server0 conf.d]# cat .conf
<VirtualHost *:>
ServerName server0.example.com
DocumentRoot /var/www/html
</VirtualHost> <Directory "/var/www/html">
AllowOverride None
Require all granted
</Directory>
[root@server0 conf.d]#
[root@server0 conf.d]# wget -O /var/www/html/index.html http://classroom.example.com/pub/materials/station.html (notfund表示系统环境没有该文件)
建立测试:
[root@server0 conf.d]# systemctl restart httpd.service
[root@server0 conf.d]# echo "test01">/var/www/html/index.html
[root@server0 conf.d]# curl http://server0.example.com
test01
[root@server0 conf.d]#
十二、WebTLS加密
- 为站点 http://server0.example.com 配置 TLS 加密:
- 一个已签名证书从 http://classroom.example.com/pub/tls/certs/server0.crt 获取;
- 此证书的密钥从 http://classroom.example.com/pub/tls/private/server0.key 获取;
- 此证书的签名授权信息从 http://classroom.example.com/pub/example-ca.crt 获取。
解题:
[root@server0 conf.d]# yum install mod_ssl -y
[root@server0 conf.d]# firewall-cmd --permanent --add-rich-rule " rule family="ipv4" source address="172.25.0.0/24" service name="https" accept"
success
[root@server0 conf.d]# firewall-cmd --reload
[root@server0 conf.d]# cp -a 1.conf 2.conf
[root@server0 conf.d]# cat .conf
<VirtualHost *:>
ServerName server0.example.com
DocumentRoot /var/www/html
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
SSLCertificateFile /etc/pki/tls/certs/server0.crt
SSLCertificateKeyFile /etc/pki/tls/private/server0.key
SSLCACertificateFile /etc/pki/tls/certs/example-ca.crt
</VirtualHost> <Directory "/var/www/html">
AllowOverride None
Require all granted
</Directory>
[root@server0 conf.d]#
[root@server0 conf.d]# wget -O /etc/pki/tls/certs/server0.crt http://classroom.example.com/pub/tls/certs/server0.crt
[root@server0 conf.d]# wget -O /etc/pki/tls/private/server0.key http://classroom.example.com/pub/tls/private/server0.key
[root@server0 conf.d]# wget -O /etc/pki/tls/certs/example-ca.crt http://classroom.example.com/pub/example-
[root@server0 conf.d]# systemctl restart httpd.service
[root@server0 conf.d]# curl -k https://server0.example.com
test01
[root@server0 conf.d]#
十三、配置虚拟主机
- 在 server0 上扩展您的 web 服务器,为站点 http://www0.example.com 创建一个虚拟主机,然后执行下述步骤:
- 设置 DocumentRoot 为/var/www/website ;
- 从 http://classroom.example.com/pub/materials/www.html 下载文件并重命名为index.html (此处请新建文件);
- 不要对文件 index.html 的内容进行任何修改;
- 将文件 index.html 放到虚拟主机的 DocumentRoot 目录下 ;
- 确保 harris 用户能够在 /var/www/website 目录下创建文件;
- 从 server0 上,任何人都可以浏览 website 的内容,但是从其他系统不能访问这个目录的内容。
- 注意:原始站点 http://server0.example.com 必须仍然能够访问,名称服务器 example.com 提供对主机名 www0.example.com 的域名解析。
解题:
[root@server0 conf.d]# mkdir -p /var/www/website
[root@server0 conf.d]# wget -O /var/www/website/index.html http://classroom.example.com/pub/materials/www.html
[root@server0 conf.d]# cat 3.conf
<VirtualHost *:>
ServerName www0.example.com
DocumentRoot /var/www/website
</VirtualHost> <Directory "/var/www/website">
AllowOverride None
Require all denied
Require local
</Directory>
[root@server0 conf.d]#
创建测试:
[root@server0 conf.d]# echo "test03" > /var/www/website/index.html
[root@server0 conf.d]# setfacl -Rm u:harris:rwX /var/www/website/
[root@server0 conf.d]# systemctl restart httpd.service
[root@server0 conf.d]# curl http://www0.example.com
test03
[root@server0 conf.d]#
十四、web动态页面
- 在 server0 上配置提供动态 Web 内容,要求如下:
- 动态内容由名为 webapp0.example.com 的虚拟主机提供
- 虚拟主机侦听在端口 8998 ;
- 从 http://classroom.example.com/pub/materials/webinfo.wsgi 下载一个脚本,然后放在适当的位置,无论如何不要修改此文件的内容(文件此前已提供);
- 客户端访问 http://webapp0.example.com:8998 可接收到动态生成的 Web 页;
- 此 http://webapp0.example.com:8998 必须能被 example.com 域内的所有系统访问。
解题:
[root@server0 conf.d]# yum install -y mod_wsgi
[root@server0 conf.d]# firewall-cmd --permanent --add-rich-rule "rule family="ipv4" source address="172.25.0.0/24" port port="8998" protocol="tcp" accept"
success
[root@server0 conf.d]# firewall-cmd --reload
success
[root@server0 conf.d]#
[root@server0 conf.d]# wget -O /var/www/html/webinfo.wsgi http://classroom.example.com/pub/materials/webinfo.wsgi
自行上传测试页面
[root@server0 conf.d]# semanage port -a -t http_port_t -p tcp 8998
[root@server0 conf.d]# systemctl restart httpd.service
[root@server0 conf.d]# curl http://server0.example.com:8998
UNIX EPOCH time is now: 1573692142.7 [root@desktop0 ~]# curl http://server0.example.com:8998
UNIX EPOCH time is now: 1573692148.15
[root@desktop0 ~]#
十五、编写shell脚本case
方法一:
[root@server0 ~]# touch foo.sh
[root@server0 ~]# chmod 755 foo.sh #!/bin/bash
if [ $# -eq ]; then
if [ $ == "redhat" ]; then
echo "fedora"
exit
elif [ $ == "fedora" ]; then
echo "redhat"
else
echo "/root/foo.sh redhat|fedora"
fi
else
echo "/root/foo.sh redhat|fedora"
fi 方法二:
#!/bin/bash
case $ in
redhat)
echo "fedora"
;;
fedora)
echo "redhat"
;;
*)
echo "/root/foo.sh redhat|fedora"
esac
十六、编写shell脚本创建用户
[root@server0 ~]# touch batchusers
[root@server0 ~]# chmod 755 batchusers
[root@server0 ~]# touch userlist
[root@server0 ~]# echo user01 >userlist #!/bin/bash
if [ $# -eq ]; then
if [ -f "$1" ]; then
username=$( cat /root/userlist )
for uname in $username
do
useradd -s /bin/false $uname &>/dev/null
done else
echo "Input file not found"
fi else
echo "Usage: /root/batchusers userfile"
fi
十七、ISCSI服务器
- 配置 server0 提供一个 iSCSI 服务,目标段名为 iqn.2019-11.com.example:server0 ,并符合下列要求:
- 服务端口为 3260 ;
- 使用 iscsi_storage 作其后端卷,其大小为 2 GiB ;
- 此服务只能被 desktop0.example.com 访问。
解题:
server:
[root@server0 ~]# yum install targetcli -y
[root@server0 ~]# systemctl enable target
[root@server0 ~]# systemctl restart target
[root@server0 ~]# partprobe
[root@server0 ~]# pvcreate /dev/vdb1
Physical volume "/dev/vdb1" successfully created
[root@server0 ~]# vgcreate iscsi_vg /dev/vdb1
Volume group "iscsi_vg" successfully created
[root@server0 ~]# lvcreate -n iscsi_storage -l 100%VG iscsi_vg
Logical volume "iscsi_storage" created
[root@server0 ~]#
[root@server0 ~]# partprobe
[root@server0 ~]# targetcli
/> ls
o- / .................................................................. [...]
o- backstores ....................................................... [...]
| o- block ........................................... [Storage Objects: ]
| | o- iscsi_storage [/dev/iscsi_vg/iscsi_storage (.0GiB) write-thru activated]
| o- fileio .......................................... [Storage Objects: ]
| o- pscsi ........................................... [Storage Objects: ]
| o- ramdisk ......................................... [Storage Objects: ]
o- iscsi ..................................................... [Targets: ]
| o- iqn.-.com.example:desktop0 ............................ [TPGs: ]
| o- tpg1 ........................................ [no-gen-acls, no-auth]
| o- acls ................................................... [ACLs: ]
| | o- iqn.-.com.example:server0 ............... [Mapped LUNs: ]
| | o- mapped_lun0 .................. [lun0 block/iscsi_storage (rw)]
| o- luns ................................................... [LUNs: ]
| | o- lun0 ....... [block/iscsi_storage (/dev/iscsi_vg/iscsi_storage)]
| o- portals ............................................. [Portals: ]
| o- 172.25.0.11: .......................................... [OK]
o- loopback .................................................. [Targets: ]
/> /iscsi/iqn....:server0/tpg1> set attribute authentication=0
Parameter authentication is now ''.
/iscsi/iqn....:server0/tpg1> set attribute generate_node_acls=0
/> saveconfig
[root@server0 ~]# firewall-cmd --permanent --add-rich-rule "rule family="ipv4" source address="172.25.0.0/24" port port=3260 protocol="tcp" accept "
success
[root@server0 ~]# firewall-cmd --reload
success
十八、ISCSI客户端
- 配置 desktop0 使其能连接 server0 上提供的 iqn.2019-11.com.example:server0 ,并符合以下要求:
- 发起端名为 iqn.2019-11.com.example:server0 ;
- iSCSI 设备在系统启动的期间自动加载;
- 块设备 iSCSI 上包含一个大小为 1600 MiB 的分区,并格式化为 ext4 文件系统;
- 此分区挂载在 /mnt/iscsi_storage 上,同时在系统启动的期间自动挂载。
解题:
desktop:
[root@desktop0 ~]# systemctl enable iscsi iscsid
[root@desktop0 ~]# vim /etc/iscsi/initiatorname.iscsi
InitiatorName=iqn.-.com.example:desktop0
[root@desktop0 ~]# systemctl restart iscsi iscsid
[root@desktop0 ~]# iscsiadm -m discovery -t st -p 172.25.0.11
172.25.0.11:, iqn.-.com.example:server0
[root@desktop0 ~]#
[root@desktop0 ~]# iscsiadm -m node -l
Logging in to [iface: default, target: iqn.-.com.example:server0, portal: 172.25.0.11,] (multiple)
Login to [iface: default, target: iqn.-.com.example:server0, portal: 172.25.0.11,] successful.
[root@desktop0 ~]#
[root@desktop0 ~]# fdisk /dev/sda
[root@desktop0 ~]# partprobe
[root@desktop0 ~]# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda : 2G disk
└─sda1 : .6G part
vda : 10G disk
└─vda1 : 10G part /
vdb :
[root@desktop0 ~]# mkdir -p /mnt/iscsi_storage
[root@desktop0 ~]# blkid
/dev/vda1: UUID="9bf6b9f7-92ad-441b-848e-0257cbb883d1" TYPE="xfs"
/dev/sda1: UUID="2689c309-c6c7-4785-8939-d8ac83e0d40c" TYPE="ext4"
[root@desktop0 ~]# vim /etc/fstab
UUID="2689c309-c6c7-4785-8939-d8ac83e0d40c" /mnt/iscsi_storage ext4 defaults,_netdev
[root@desktop0 ~]# mount -av
/ : ignored
mount: /mnt/iscsi_storage does not contain SELinux labels.
......
/mnt/iscsi_storage : successfully mounted 第一次需重启验证(严格按照下列顺序):
[root@desktop0 ~]# iscsiadm -m node -u
Logging out of session [sid: , target: iqn.-.com.example:server0, portal: 172.25.0.11,]
Logout of [sid: , target: iqn.-.com.example:server0, portal: 172.25.0.11,] successful.
[root@desktop0 ~]#
[root@desktop0 ~]# shutdown -h 0
[root@server0 ~]# reboot
开启client验证:
[root@desktop0 ~]# df -lh
Filesystem Size Used Avail Use% Mounted on
/dev/vda1 10G .1G .0G % /
devtmpfs 906M 906M % /dev
tmpfs 921M 80K 921M % /dev/shm
tmpfs 921M 17M 904M % /run
tmpfs 921M 921M % /sys/fs/cgroup
/dev/sda1 .6G 4.7M .5G % /mnt/iscsi_storage
[root@desktop0 ~]#
十九、mariadb安装与配置
- 在 server0 上创建一个 MariaDB 数据库,名为 Inventory,并符合以下条件:
- 数据库应该包含来自数据库复制的内容,复制文件的 URL 为:http://classroom.example.com/pub/materials/maradb.dump ;
- 数据库只能被 localhost 访问;
- 除了 root 用户,此数据库只能被用户 Lampard 查询,此用户密码为 123456 ;
- root 用户的密码为 123456 ,同时不允许空密码登陆。
[root@server0 ~]# yum groupinstall mariadb mariadb-client -y
[root@server0 ~]# wget http://classroom.example.com/pub/materials/maradb.dump
[root@server0 ~]# systemctl enable mariadb
[root@server0 ~]# systemctl restart mariadb
[root@server0 ~]# mysql_secure_installation
Set root password? [Y/n] y
New password:
Re-enter new password: Remove anonymous users? [Y/n] y
... Success! Disallow root login remotely? [Y/n] y
... Success! Remove test database and access to it? [Y/n] y Reload privilege tables now? [Y/n] y
... Success! [root@server0 ~]#
[root@server0 ~]# mysql -uroot -p123456
MariaDB [(none)]> create database Inventory;
MariaDB [Inventory]> grant select on Inventory.* to 'Lampard'@'localhost' identified by '123456';
Query OK, rows affected (0.00 sec) MariaDB [Inventory]> flush privileges;
Query OK, rows affected (0.00 sec)
[root@server0 ~]# vim /etc/my.cnf
skip-networking=
S[root@server0 ~]# systemctl restart mariadb
[root@server0 ~]#
二十、数据库查询
(略)
https://www.cnblogs.com/tanshouke/p/12187419.html
注:原创帖,转载需注明出处
上一篇:RHCSA考试:https://www.cnblogs.com/tanshouke/p/12186366.html
最新文章
- WebViewJavascriptBridge源码探究--看OC和JS交互过程
- php报错: PHP Warning: PHP Startup: memcache: Unable to initialize module
- HDU2044 小蜜蜂斐波那契
- SQL server 表之间的关系生成图
- oracle 创建索引
- html页面高度不同浏览器兼容性设置
- [RxJS] Creation operators: empty, never, throw
- Oracle 11g RAC 环境下单实例非缺省监听及端口配置
- C#反射通过类名的字符串获取生成对应的实例
- JS实现添加至购物车功能
- junit初探
- 前端之JavaScript--基础
- 如何运行 rpcz python example
- java队列
- LapSRN
- 软件开发者路线图梗概&书摘chapter2
- Delphi xe5 编译报environment.proj错误的解决
- RabbitMQ简单使用
- SOJ 4583 动态规划之分组背包
- A* 寻路的八个变种