本篇主要以RHCE练习题为线索,介绍其中涉及的知识点。
红色引用的字为题目要求(不是正式题目,难度略低于正式题目)
In serverX or desktopX
1. (lab teambridge setup[in serverX])Configure Link Aggregation in
serverX with config “activebackup” ip “192.168.0.11” gw
“192.168.0.254”.
lab teambridge setup
[[email protected] ~]# ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
link/ether 52:54:00:00:00:0b brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
link/ether 52:54:00:00:00:0e brd ff:ff:ff:ff:ff:ff
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
link/ether 52:54:00:00:00:0f brd ff:ff:ff:ff:ff:ff
6: eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
link/ether da:da:11:ca:26:07 brd ff:ff:ff:ff:ff:ff
8: eno2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
link/ether ca:2a:c4:8c:f1:ce brd ff:ff:ff:ff:ff:ff
添加类型为team的网卡:
- [[email protected] ~]# nmcli connection add con-name team0 ifname team0 type team config ‘{“runner”:{“name”:”activebackup”}}’
Connection ‘team0’ (fcc3dcd2-ecfe-429a-9056-4a4115f48e7a) successfully added.
修改该网卡的配置:
- [[email protected] ~]# nmcli connection modify “team0” ipv4.addresses “192.168.0.11/24 192.168.0.254” ipv4.method manual
分配两张网卡,作为子端口:
- [[email protected] ~]# nmcli connection add con-name team0-port1 ifname eno1 type team-slave master team0
- [[email protected] ~]# nmcli connection add con-name team0-port2 ifname eno2 type team-slave master team0
- 检查状态:
[[email protected] ~]# teamdctl team0 state
setup:
runner: activebackup
ports:
eno1
link watches:
link summary: up
instance[link_watch_0]:
name: ethtool
link: up
eno2
link watches:
link summary: up
instance[link_watch_0]:
name: ethtool
link: up
runner:
active port: eno1
- ip -a
……..
6: eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master team0 state UP qlen 1000
link/ether ca:0f:d9:cb:e7:7b brd ff:ff:ff:ff:ff:ff
8: eno2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master team0 state UP qlen 1000
link/ether ca:0f:d9:cb:e7:7b brd ff:ff:ff:ff:ff:ff
15: team0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
link/ether ca:0f:d9:cb:e7:7b brd ff:ff:ff:ff:ff:ff
inet 192.168.0.11/24 brd 192.168.0.255 scope global team0
valid_lft forever preferred_lft forever
inet6 fe80::400b:2dff:fe43:bdde/64 scope link
valid_lft forever preferred_lft forever
[[email protected] ~]# nmcli connection show
测试:
[[email protected] ~]# nmcli connection show
NAME UUID TYPE DEVICE
System eth0 5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03 802-3-ethernet eth0
team0-port2 5cce5b22-6da3-4063-b637-b22df585525d 802-3-ethernet eno2
team0-port1 c4e4faf7-49c6-4ff1-b14a-9d803bf1e3ed 802-3-ethernet eno1
team0 96c7eec8-4265-4e32-a378-cdf17a429f83 team team0
[[email protected] ~]# ping -I team0 192.168.0.254
PING 192.168.0.254 (192.168.0.254) from 192.168.0.11 team0: 56(84) bytes of data.
64 bytes from 192.168.0.254: icmp_seq=1 ttl=64 time=0.317 ms
64 bytes from 192.168.0.254: icmp_seq=2 ttl=64 time=0.046 ms
64 bytes from 192.168.0.254: icmp_seq=3 ttl=64 time=0.047 ms
64 bytes from 192.168.0.254: icmp_seq=4 ttl=64 time=0.047 ms
^C
— 192.168.0.254 ping statistics —
4 packets transmitted, 4 received, 0% packet loss, time 2999ms
rtt min/avg/max/mdev = 0.046/0.114/0.317/0.117 ms
2. Managing DNS forward requires from anywhere to “classroom.example.com”
in serverX.
3. (lab smtp-nullclient setup[in serverX & desktopX])Configure a local
mail server as a null client(serverX) that forwards all messages to a
central server(desktopX) for delivery.
4. Configure a iSCSI target server(serverX) with ACL-validated access:
you should create a new 1G target on serverX. This target should be
called “iqn.2014-10.com.example:serverX”. And it should only be
available to client with a initiatorname of “iqn.2014-
10.com.example:desktopX”.In desktopX you should mount it in
“/mnt/iscsi”.
服务端配置:
安装软件
- yum search targetcli
- yum install targetcli -y
先按照要求分区(注意千万不要格式化)
- [[email protected] ~]# fdisk /dev/vdb
- [[email protected] ~]# partprobe
[[email protected] ~]# fdisk -l
配置ISCSI服务端:
- [[email protected] ~]# targetcli
/> backstores/block create disk1 /dev/vdb
/> iscsi/ create iqn.2014-10.com.example:server0
/> iscsi/iqn.2014-10.com.example:server0/tpg1/luns create /backstores/block/disk1
iscsi/iqn.2014-10.com.example:server0/tpg1/acls create iqn.2014-10.com.example:desktop0 (这里客户端的地址)
/> iscsi/iqn.2014-10.com.example:server0/tpg1/portals create 172.25.0.11
/> saveconfig
开启防火墙
- [[email protected] ~]# firewall-cmd –permanent –add-port=3260/tcp
success
[[email protected] ~]# firewall-cmd –reload
success
客户端配置:
- [[email protected] ~]# vim /etc/iscsi/initiatorname.iscsi
InitiatorName=iqn.2014-10.com.example:desktop0 (这里是客户端的地址)
安装客户端,并设置开机启动:
- [[email protected] ~]# yum install iscsi-initiator-utils.x86_64 -y
- [[email protected] ~]# systemctl enable iscsi iscsid
- [[email protected] ~]# systemctl start iscsi iscsid
主动发现服务端:(如果记不得参数, 可以man iscsiadm 里面有example)
- [[email protected] ~]# iscsiadm –mode discoverydb –type sendtargets –portal 172.25.0.11 –discover
登陆
- [[email protected] ~]# iscsiadm –mode node –targetname iqn.2014-10.com.example:server0 –portal 172.25.0.11:3260 –login
Logging in to [iface: default, target: iqn.2014-10.com.example:server0, portal: 172.25.0.11,3260] (multiple)
Login to [iface: default, target: iqn.2014-10.com.example:server0, portal: 172.25.0.11,3260] successful.
[[email protected] ~]#
测试发现多了一块sda设备:
- [[email protected] ~]# ll /dev/sd*
brw-rw—-. 1 root disk 8, 0 Aug 3 11:31 /dev/sda
分区、格式化、开机自动挂载:
- fdisk /d/dev/sda1
- [[email protected] ~]# mkdir /mnt/iscsi
- [[email protected] ~]# vim /etc/fstab (这个配置_netdev千万要写对)
/dev/sda1 /mnt/iscsi xfs _netdev 0 0
- [[email protected] ~]# mount -a
- [[email protected] ~]# df -h
(ISCSI貌似有个bug,client端配置完成后重启会卡住,所以必须手动断电,再重开)
5. Share directory “/nornfs” with NFS and on serverX and mount it on
desktopX in “/mnt/nfs”, User in desktopX should have only read
permission on it. Make sure it mounted at startup time.
服务端:
首先修改NFS版本号:
- vim /etc/sysconfig/nfs
修改其中的 RHCNFSDARGS=”-V 4.2”
首先建立一个单独的分区,然后挂载到制定的目录下(这个就是之后NFS共享目录了)
- fdisk /dev/vdb
- partprobe
- mkfs.xfs /dev/vdb2
- vim /etc/fstab
- mount -a
- df -h
安装文件/设置启动
- yum search nfs
- yum install nfs-utils.x86_64 -y
- systemctl enable nfs-server.service
- systemctl start nfs-server.service
修改主配置
- vim /etc/exports
/nornfs 172.25.0.10/24(ro,sync)
- exportfs -r
配置防火墙:
- firewall-cmd –permanent –add-service=nfs
- firewall-cmd –permanent –add-service=rpc-bind
- firewall-cmd –permanent –add-service=mountd
- firewall-cmd –reload
在本机测试:
- showmount -e
客户端:
测试连接NFS服务器:
- showmount -e 172.25.0.11
- systemctl enable nfs
- systemctl enable nfs.service
创建目录,设置开机挂载:
- mkdir /mnt/nfs
- mount 172.25.0.11:/nornfs /mnt/nfs/
- df -h
- vim /etc/fstab
172.25.0.11:/nornfs /mnt/nfs nfs defaults 0 0
- mount -a
- reboot
6. (lab storageshares setup[in serverX & desktopX])Share directory
“/krbnfs” with NFS and Kerberos on serverX and mount it on desktopX in
“/mnt/nfsspace”.User in desktopX should have full permission on it.
Make sure it mounted at startup time.
服务端:
下载证书:
- wget -O /etc/krb5.keytab http://classroom.example.com/pub/keytabs/server0.keytab
创建对应的目录并在server0上设置自动挂载:
- mkdir /krbnfs
- vim /etc/fstab
- mount -a
设置nfs配置文件:
- vim /etc/exports
/krbnfs 172.25.0.0/24(rw,sec=krb5p)
- exportfs -r
启动服务:
- systemctl enable nfs-secure-server.service (这里和Client不一样,要注意)
- systemctl start nfs-secure-server.service
- firewall-cmd –permanent –add-service=nfs
- firewall-cmd –permanent –add-service=rpc-bind
- firewall-cmd –permanent –add-service=mountd
- firewall-cmd –reload
登陆ldap:
- ssh [email protected]
客户端
下载证书:
- wget -O /etc/krb5.keytab http://classroom.example.com/pub/keytabs/desktop0.keytab
启动服务
- systemctl enable nfs-secure.service (这里和server不一样,要注意)
- systemctl start nfs-secure.service
设置开机自动挂载:
- vim /etc/fstab
172.25.0.11:/krbnfs /mnt/nfsspace nfs defaults,v4.2,sec=krb5p 0 0
- mount -a
登陆ldap:
- ssh [email protected]
7. Share a directory “/smbshare” with SMB and it can only mounted on
desktopX in “/mnt/smb”, members of the group “share” has full
permission on the share. Others only have the read permission.Create a
Samba-only user natasha and harry with password “redhat”.Configure
multiuser config in desktopX with user harry. root in desktopX should
have only read permission in it . natasha in desktopX should have full
permission in it.
服务端配置:
安装需要的软件:
- yum install samba.x86_64 samba-client.x86_64 -y
设置启动,开启两个服务:(这里不要忘了nmb服务)
- systemctl enable smb nmb
- systemctl start smb nmb
设置防火墙:
- firewall-cmd –permanent –add-service=samba
- firewall-cmd –reload
设置samba用户组及其用户,并设置其samba密码:
- groupadd share
- useradd -G share -s /sbin/nologin natasha
- useradd -G share -s /sbin/nologin harry
- smbpasswd -a natasha
- smbpasswd -a harry
按题目要求创建目录,并且修改该目录的安全上下文以及目录权限:
- mkdir /smbshare
- chown .share /smbshare/
- chmod 775 /smbshare/
- semanage fcontext -a -t samba_share_t ‘/smbshare(/.*)?‘ (如果记不得安全上下文的类型,可以在samba主配置文件/etc/samba/smb.conf中找到)
- restorecon -vvRF /smb1share/
- ll -dZ /smb1share/
修改主配置文件/etc/samba/smb.conf:
[smb]
comment = SMB share
path = /smbshare
browseable = yes
guest ok = no
writeable = yes
write list = @share
read list = root
read list 指定只能读取该共享资源的用户和组
write list 指定能读取和写该共享资源的用户和组
另外可能还会遇到限制特定域/IP段访问samba的情况,在[grobal]中和自定义的模块中,加入
有如下几种格式:(这里根据题目要求)
hosts allow =172.25.0.0/24
hosts allow =172.25.0. (不要忘记最后的点)
hosts allow = .example.com (不要忘记前面的点)
hosts allow =172.25.0.1
即可 (推荐在自己定义的模块中填写,这样配置更灵活)
配置好之后,可以用命令检查一下配置是否正确:
- testparm
重启服务:
- systemctl restart smb nmb
可以先在本地测试一下:
- smbclient -L //172.25.0.11/smb -U natasha
- smbclient //172.25.0.11/smb -U natasha
- smbclient //172.25.0.11/smb
客户端配置:
测试samba客户端:
在配置cifs之前,可以先测试一下samba是否可用:
先安装samba客户端:
- yum install samba-client.x86_64 -y
- smbclient -L //172.25.0.11/smb -U natasha
- smbclient //172.25.0.11/smb -U harry
- smbclient //172.25.0.11/smb
配置cifs
安装需要的软件:
- yum install cifs-utils.x86_64 -y
创建挂载点,并自动挂载目录:
- mkdir /mnt/smbspace
可以先用mount测试一下,是否能够成功挂载:
- mount -t cifs //172.25.0.11/smb /mnt/smbspace/ -o username=harry
- df -h
- 设置samba用户的密码文件/root/smb.pass:
username=harry
password=redhat
- 编辑配置文件,添加如下(这里的配置如果不会写的话, 可以man mount.cifs ,里面都有参数的介绍):
- vim /etc/fstab
//172.25.0.11/smb /mnt/smbspace cifs defaults,credentials=/root/smb.pass,multiuser,sec=ntlmssp 0 0
- df -h (再查看一下)
最后两台机器都重启一下,先重启server,再desktop
配置客户端cifs的时候有个坑:
不论是
- mount -t cifs //172.25.0.11/smb /mnt/smbspace/ -o username=harry
还是修改/etc/fstab,
填写远程samba服务端的地址时(红色字体) //172.25.0.11/smb, 一定不是路径 !!! 而是/etc/samba/smb.conf中samba的名称,而不是path:
如果按照上图的配置, 在客户端这样挂载:
- mount -t cifs //172.25.0.11/smbshare /mnt/smbspace/ -o username=natasha
你就会得到这样的错误:
Retrying with upper case share name
mount error(6): No such device or address
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
8. Configure MariaDB with a database named “inventory” in
“http://classroom.example.com/pub/materials/mariadb/inventory.dump”.Co
nfig password “redhat” for root.
下载文件:
- wget http://classroom.example.com/pub/materials/mariadb/inventory.dump
安装文件
- yum groupinstall mariadb -y
配置启动:
- systemctl enable mariadb.service
- systemctl start mariadb.service
设置安全性
- mysql_secure_installation
按照要求进行设置即可
然后创建数据库inventory
- mysql -u root -p
MariaDB [(none)]> Create database inventory;
Query OK, 1 row affected (0.00 sec)MariaDB [(none)]> exit
Bye
导入数据:
- [[email protected] ~]# mysql -u root -p inventory < inventory.dump
Enter password:
查询一下:
MariaDB [inventory]> show tables;
+———————+
| Tables_in_inventory |
+———————+
| category |
| manufacturer |
| product |
+———————+
3 rows in set (0.00 sec)
(未完待续)
文章来源: