rhce+rhcsa學習筆記
rhcsa筆記
圖形化介面安裝:
yum install -y glx* xorg* gnome*
Systemctl set-default graphical.target
主機名更改命令:
hostnamectl set-hostname server10.example.com
配置IP 閘道器 dns等:
- nmcli connection show
nmcli nonnection modify “eth0” ipv4.addresses “172.25.0.11/24 172.25.254.254” ipv4.dns 172.25.254.254 ipv4.method manual connection.autoconnect yes
nmcli con up eth0
- nm-connection-editor
邏輯捲縮小/擴容:
lvresize -r -L
訪問控制列表:
setfacl -m u:natasha:rw /var/fstab
setfacl -m other::--- /var/fstab
自動掛載:
yum install -y autofs
vim /etc/auto.master
/home/guests /etc/auto.ldap
vim /etc/auto.ldap
* -fstype=nfs,rw,sync classroom:/home/guests/&
Systemctl restart autofs
Systemctl enable autofs
安裝yum源:
yum-config-manager --add-repo=” http://content.example.com/rhel7.0/x86_64/dvd ”
Yum repolist all
升級核心:
yum update -y kernel
檢查:uname -a
Cat /proc/version
安裝ntp服務:
yum install -y chrony
vim /etc/chrony.conf
Server classroom.example.com iburst
Systemctl restart chronyd
Systemctl enable chronyd
製作交換分割槽
建立擴充套件分割槽
更改分割槽ID號: 82
mkswap /dev/sdb5
Swapon /dev/sdb5
echo “/dev/sdb5 swap defaults 0 0”>>/etc/fstab
Swapon -a/swapon -s
擴充套件檔案系統
Ext3/ext4 resize2fs /dev/vg1/lvm1
Xfs xfs_growfs /dev/vg1/lvm1
Ldap服務
yum install -y openldap openldap-clients sssd authconfig-gtk
Selinux狀態檢視
Sestatus
歸檔解壓:
tar -zcvf japan.tar.gz japan 打包壓縮
tar -zxvf japan.tar.gz japan 解壓縮
tar -jcvf
tar -jxvf
完整寫法:
歸檔: tar -cjvf /root/backup.tar.bz2 /etc
解壓: tar -xjvf /root/backup.tar.bz2 -C /tmp
檢視: tar -tjcf /root/backup.tar.bz2
查詢檔案:
find / -user ira -exec cp -a {} /root/findfiles \;
Rhce筆記:
一、需要檢查的5個引數
1 hostname 檢查主機名
2 timedatectl 檢查時間同步
3 getenforce 檢查selinux狀態
4 systemctl status firewalld 檢查防火牆狀態
5 systemctl is-enabled firewalld 檢查防火牆是否為開機啟動
6 ip addr 檢視IP地址
- 注意的部分
1 鏈路聚合: nm-connection-editor
{“runner”:{“name”:“activebackup”}}
2 ipv6 : nm-connection-editor
3 拒絕域:富規則
4 埠轉發:富規則
(1)郵件服務
1服務端:postfix
2 配置服務:/etc/samba/smb.conf
Inet_interfaces = loopback-only
Mydestindation =
local_transport = error:local
originhost = example.com
relayhost = classroom.example.com
3 新增Firewalls服務(SMTP)
4 測試:echo “hello” | mail -s “郵件主題” 使用者
5 新增開機啟動(postfix)
(2)Samba服務:
服務端:
1 建立共享資料夾(更改安全上下文,新增facl許可權)
chcon -R -t samba_share_t
2 安裝Samba軟體,配置服務
[smb1]
path = /smb1
browseable = yes
writable = no
hosts allow = 172.25.0.0/24
read list = ldapuser1
[smb2]
path = /smb2
browseable = yes
hosts allow = 172.25.0.0/24
read list = ldapuser1,ldapuser2
write list = ldapuser2
3 開啟Firewalls(Samba、mountd)
4 新增開機啟動(smb、nmb)
5 新增Samba使用者:pdbeditor -a -u/smbpasswd -a
客戶端:
1 安裝Samba-client、cifs-utils
2 測試:smbclient -L -U
3 配置開機掛載
//172.25.0.11/smb1 /smb1 cifs defaults,credentials=/etc/smb1.pass 0 0
//172.25.0.11/smb2 /smb2 cifs defaults,multiuser,username=ldapuser2,password=tianyun,sec=ntlmssp 0 0
【註釋】:開關布林值:
getsebool -a | grep httpd
setsebool -P httpd_anon_write on
(3)nfs服務
服務端配置:
1 安裝軟體:
nfs-utils,openldap-clients,authconfig-gtk,sssd,krb5-workstation
2 建立共享目錄
安全上下文:chcon -R -t public_content_t
3 配置nfs和安全域authconfig-gtk
/nfs1 172.25.0.0/24(ro)
/nfs2 172.25.0.0/24(rw,sec=krb5p)
4 更改版本:/etc/sysconfig/nfs
RPCNFSDARGS="-V 4.2"
5 開啟Firewalls(nfs、rpc-bind)
6 新增祕鑰
7 新增開機啟動(nfs-server,nfs-secure,nfs-secure-server)
客戶端配置
1 安裝軟體
nfs-utils,openldap-clients,authconfig-gtk,sssd,krb5-workstation
2 配置安全域:authconfig-gtk
3 測試:showmount -e
4 建立掛載點
5 新增開機啟動(nfs-secure,nfs-secure-server)
6 新增客戶機祕鑰:
8 新增開機掛載
172.25.0.11:/nfs1 /mnt/nfs1 nfs defaults 0 0
172.25.0.11:/nfs2 /mnt/nfs2 nfs defaults,sec=krb5p,v4.2 0 0
(4)Iscsi網路磁碟
服務端:
1 安裝軟體: targetd、targetcli
2 配置共享磁碟:
Block
Iscsi(acl\lun\portal)
3 開啟Firewalls(3260/tcp),或新增富規則
4 新增開機啟動(targetd,target)
客戶端:
1 安裝軟體:iscsi-initiator-utils
2 配置:/etc/iscsi/initiatorname.iscsi
3 新增開機啟動(iscsid)
4 探測:
iscsiadm -m discovery -t st -p 172.25.0.11
5 掛載:
iscsiadm -m node -T iqn.2014-11.com.tianyun:server0 -l
6 配置檔案
/dev/sdc1 /mnt/data xfs default,_netdev 0 0
(5)web服務
http服務:
安裝軟體: httpd mod_ssl mod_wsgi
新增Firewalls服務(http,https)
配置服務: /etc/httpd/conf.d/
基於主機名的虛擬主機:vim www0.conf
<VirtualHost *:80>
ServerName www0.example.com
DocumentRoot /var/www/html
</VirtualHost>
<Directory /var/www/html>
<RequireAll>
Require all granted
Require not ip 172.24.3.0/24
</RequireAll>
</Directory>
補充:關於目錄訪問許可權的引數
Require all denied
Require local
Require all granted
Require not ip 172.24.3.0/24
https服務:
<VirtualHost *:443>
ServerName www0.example.com
DocumentRoot /var/www/html
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
SSLCertificateFile /etc/httpd/conf.d/www0.crt
SSLCertificateKeyFile /etc/httpd/conf.d/www0.key
</VirtualHost>
基於埠的虛擬主機:
Listen 8888
<VirtualHost *:8888>
ServerName webapp0.example.com
WSGIScriptAlias / /var/www/webapp/webapp.wsgi
</VirtualHost>
<Directory /var/www/webapp>
Require all granted
</Directory>
記得: semanage port -a -t http_port_t -p tcp 8888
【註釋】:
1 wget http://classroom.example.com/pub/webs/server.html -O
/var/www/virtual/index.html
2 scp server.html [email protected]:/var/www/virtual
- mariadb服務
Yum install -y groupinstall mariadb mariadb-client
Mysql -uroot -ptianyun Concats </root/mariadb.dump
幫助查詢:
Help grant
多表查詢:
(1)mysql>
select employee.emp_id,employee.emp_name,department.dept_name
from employee,department;
(2)mysql>
select employee.emp_id,employee.emp_name,employee.age,department.dept_name
from employee,department
where employee.dept_id = department.dept_id
and age>25;
(3)mysql>
select employee.emp_id,employee.emp_name,employee.age,department.dept_name
from employee,department
where employee.dept_id = department.dept_id
order by age asc;
- 建立指令碼
建立使用者指令碼
#!/bin/bash
if [ $# -eq 0 ] ;then
echo "Usage: /root/mkusers userfile"
exit 1
fi
if [ ! -f $1 ] ;then
echo "Input file not found "
exit 1
fi
if [ $1 != "mkusers" ] ;then
echo "Input file not found "
exit 1
fi
for name in `cat $1`
do
useradd -s /bin $name
Done
[註釋]chmod a+x /root/script
服務狀態檢查
Systemctl list-unit-file | grep enabled
Systemctl
Systemctl --failed