1)配置selinux
vim /etc/slinux/config
SELINUX=enforcing
setenforce 1
getenforce
两台都做
2)配置SSH
vim /etc/ssh/sshd_config
DenyUsers *@*.my133t.org *@172.34.0.*
systemctl start sshd
systemctl enable sshd
两台都做
3)自定义用户环境
vim /etc/bashrc
alias qstat='命令'
source /etc/bashrc
qstat
两台都做
4)防火墙端口转发
firewall-cmd --set-default-zone=trusted
firewall-cmd --permanent --add-source=172.34.0.0/24 --zone=block
firewall-cmd --permanent --zone=trusted --add-forward-port=port=5423:proto=tcp:toport=80
firewall-cmd --reload
5)配置链路聚合
nmcli connection show
man nmcli-examples
$ nmcli con add type team con-name Team1 ifname Team1 config team1-master-json.conf
$ nmcli con add type ethernet con-name Team1-slave1 ifname em1 master Team1
$ nmcli con add type ethernet con-name Team1-slave2 ifname em2 master Team1
man teamd.conf
"runner": {"name": "activebackup"}
改为如下
nmcli con add type team con-name team0 ifname team0 '{ "runner": {"name": "activebackup"} }'
nmcli con add type ethernet con-name team0-1 ifname eth1 master team0
nmcli con add type ethernet con-name team0-2 ifname eth2 master team0
nmcli connection modify team0 ipv4.method manual ipv4.addresses "172.16.3.20/24" connection.autoconnection yes
nmcli connection up team0
nmcli connection up team0-1
nmcli connection up team0-2
两台都做
6)配置IPV6
nmcli connection show
nmcli connection modify "System eth0" ipv6.method manual ipv6.address "2003:ac18::306/64" connection.autoconnect yes
两台都做
7)配置本地邮件服务
先配好hostname
hostnamectl set-hostname XXXXX
cat /etc/hostname
服务端:
vim /etc/postfix/main.cf
myorigin = desktop0.example.com
inet_interfaces = loopback-only
mydestination =
mynetworks = 127.0.0.1/8 [::1]/128
relayhosts = [smtp0.example.com]
local_tranport = error:wrong 无要求可不做
systemctl restart postfix
systemctl enable postfix
mail -s "yyyy" student </etc/passwd
mail -u student 这里应该是没邮件的
客户端:
mail -u student 有邮件了
8)samba发布共享目录
yum -y install samba
mkdir /common
useradd harry
pdbedit -a harry
getsebool -a | grep samba
setsebool -P samba_export_all_ro=on
setsebool -P samba_export_all_rw=on
vim /etc/samba/smb.conf
workgroup = STAFF
[common]
path = /common
hosts allow = 172.25.0.0/24
systemctl restart smb
systemctl enable smb
9)samba多用户挂载
服务端:
mkdir /devops
useradd kenji
useradd chihiro
pdbedit -a kenji
pdbedit -a chihiro
setfacl -m u:chihiro:rwx /devops
vim /etc/samba/smb.conf
[devops]
path = /devops
hosts allow = 172.25.0.0/24
write list = chihiro
systemctl restart smb
systemctl enable smb
客户端:
yum -y install samba-client cifs-utils
smbclient -L server0
mkdir /mnt/dev
vim /etc/fstab
//server0.example.com/devops /mnt/dev cifs username=kenji,password=atenorth,multiuser,sec=ntlmssp,_netdev 0 0
mount -a
su - student
cifscreds add -u chihiro server0
touch /mnt/dev/1.txt
10)NFS共享服务
mkdir /public
mkdir /protected/project
chown ldapuser0 /protected/project
vim /etc/exports
/public 172.25.0.0/24(ro)
/protected 172.25.0.0/24(rw,sec=krb5p)
wget -O /etc/krb5.keytab http://XXXXXXXXX
systemctl restart nfs-secure-server nfs-server
systemctl enable nfs-secure-server nfs-server
exports -rv
11)NFS共享挂载
mkdir /mnt/nfssecure /mnt/nfsmount
wget -O /etc/krb5.keytab http://XXXXXXXXX
systemctl enable nfs-secure-serve
systemctl restart nfs-secure-serve
showmount -e server0
vim /etc/fstab
server0.example.com:/public /mnt/nfsmount nfs _netdev 0 0
server0.example.com:/protected /mnt/nfssecure nfs sec=krb5p,_netdev 0 0
mount -a
ssh ldapuser0@desktop0
touch /mnt/nfssecure/project/1.txt
12)实现一个web服务器
yum -y install httpd
wget -O /va/www/html/index.html XXX
vim /etc/httpd/conf.d/00.conf
<Virtualhost *:80>
servername server0.example.com
documentroot /var/www/html
</Virtualhost>
systemctl restart httpd
systemctl enable httpd
13)配置安全的web服务
yum -y install mod_ssl
cd /etc/pki/tls/certs
wget XXX/server0.crt
wget XXX/example-ca.crt
cd ..
cd private
wget XXX/server0.key
vim /etc/httpd/conf.d/01.conf
<Virtualhost _default_:443>
documentroot /var/www/html
servername server0.example.com:443
SSLCertificateFile /etc/pki/tls/certs/server0.crt
SSLCertificateKeyFile /etc/pki/tls/private/server0.key
SSLCACertificateFile /etc/pki/tls/certs/example-ca.crt
</Virtualhost>
systemctl restart httpd
systemctl enable httpd
14)配置虚拟主机
mkdir /var/www/virtual
wget XXX
useradd fleyd
setfacl -m u:fleyd:rwx /var/www/virtual
<Virtualhost *:80>
servername www0.example.com
documentroot /var/www/virtual
</virtualhost>
systemctl restart httpd
systemctl enable httpd
15)配置web内容访问
mkdir /var/www/html/private
wget XXX
vim /etc/httpd/con.d/02.conf
<Directory /var/www/html/private>
require ip 127.0.0.1 ::1 172.25.0.11
</Directory>
systemctl restart httpd
systemctl enable httpd
16)配置动态web
yum -y install mod_wsgi
mkdir /var/www/webapp0
wget XXX
vim /etc/httpd/conf.d/03.cof
Listen
<Virtualhost *:8909>
documentroot /var/www/webapp0
servername webapp0.example.com
WSGIScriptAlias / /var/www/webapp/webinfo.wsgi
</Virtualhost>
semanage port -a -t http_port_t -p tcp 8909
systemctl restart httpd
systemctl enable httpd
17)创建一个脚本
#!/bin/bash
if [ "$1" = redhat ];then
echo fedora
elif [ "$1" = fedora ];then
echo redhat
else
echo "/root/foo.sh redhat | fedora" >&2
exit 2
fi
18)创建用户脚本
#!/bin/bash
if [ $# -eq 0 ];then
echo " Usage: /root/batchusers <userfile> "
exit 1
fi
if [ ! -f $1 ];then
echo " Inputfilenot found"
exit 2
fi
for name in $(cat $1)
do
useradd -s /bin/false $name >/dev/null
done
19)配置ISCSI服务端
fdisk /dev/vdb
+3G
partprobe
yum -y install targetcli
targetcli
backstores/block create iscsi_store /dev/vdb1
iscsi/ create iqn.2016-02.com.example:server0
iscsi/iqn.2016-02.com.example:server0/tpg1/acls create iqn.2016-02.com.example:desktop0
iscsi/iqn.2016-02.com.example:server0/tpg1/luns create backstores/block/iscsi_store
iscsi/iqn.2016-02.com.example:server0/tpg1/portals create 172.25.0.11 3260
saveconfig
exit
systemctl restart target
systemctl enable target
20)配置ISCSI客户端
yum -y install iscsi-initiator-utils
vim /etc/iscsi/initiatorname.iscsi
InitiatorName=iqn.2016-02.com.example:desktop0
systemctl restart iscsid
systemctl enable iscsid
iscsiadn -m discovery -t st -p server0
systemctl restart iscsi
systemctl enanle iscsi
vim /var/iscsi/nodes/iqn.2016-02.com.example...........
node.conn[0].startup = automatic
systemctl restart iscsi
lsblk
fdisk /dev/sda
+2100M
partprobe
mkfs.ext4 /dev/sda1
mkdir /mnt/data
blkid
vim /etc/fstab
UUID=XXX /mnt/data _netdev 0 0
mount -a
sync;reboot -f
21)数据库配置
yum -y install mariadb mariadb-server
vim /etc/my.inf
skip-networking
systemctl restart maridb
systemctl enable maridb
mysqladmin -u root password 'atenorth'
mysql -u root -p
create database Contacts;
grant select on Contacts.* to XX@localhost identified by 'password';
delete from mysql.user where password='';
quit
wget XXX/user.sql
mysql -u -p Contacts < user.sql
22)数据库查询
略