redhat7学习笔记-rhce

ssh f0

redhat

begin_rhce_uplooking 30

ssh root@172.25.30.11 -X

/etc/firewalld/zones/public.xml

1/2##################################2

echo uplooking |passwd --stdin root

sed -i "s/SELINUX=permissive/SELINUX=enforcing/" /etc/selinux/config

setenforce 1

3######################################2

firewall-config

选permanent

public->servces->选ssh->rich rules->

add->ipv4->element->service->ssh->action->accept->source->172.25.0.0/24->

add->ipv4->element->service->ssh->action->reject->source->172.17.0.0/24->ok->reload

firewall-cmd --list-all

4######################################

firewall-config

选permanent

public->rich rules->add->ipv4->element->forward-port->tcp->3410->选中localforwarding->80

->ok->source->172.25.0.0/24->ok-reload

5#####################################

yum -y install nm-connection-editor  

nm-connection-editor

add->Etnernet->connection name:ens7->General:选中前两个框->ethnernet ->DeviceMACA；ems7->

ipv4->method->manual->ip->24-不用写网关->ipv6>ip->64->网关

6###################################

nm-connection-editor

Team->connection name:team0->General:选中前两个框->

add->Etnernet->connection name:team0_slave_1->General:选中前两个框->ethnernet-> DeviceMACA；ems7->save->

add->Etnernet->connection name:team0_slave_2->General:选中前两个框->ethnernet-> DeviceMACA；ems8->save->

JSON config->{"runner": {"name": "activeback"}}->IPv4->192.168.0.101->24->IPv6->ip6->64->网关-》save

teamdctl team0 stat

7##################################2

vi /etc/bashrc

alias show="ls -al; pwd ; echo ok"

source !$或者source /etc/bashrc

8#######################################

cd /usr/share/doc/postfix-2.10.1/README_FILES/

vi STANDARD_CONFIGURATION_README#(事例)

/null client#搜索找到myhostname = hostname.example.com处

postconf -e "myhostname = server30.example.com"

postconf -e "myorigin = desktop30.example.com"

postconf -e "relayhost = smtp30.example.com"

postconf -e "inet_interfaces = loopback-only"

postconf -e "mydestination ="

firewall-config->permanent->public->servces->勾选smtp->options->Reload Firewalld

firewall-cmd --permanent --add-service=smtp #desktop30

firewall-cmd --reload

mail student

Subject:test

mail info

.

EOF

mailq

mail -u student#desktop30

9/10########################################

yum install samba samba-client -y#服务器

yum instal samba-client cifs-utils#客服端

firewall-cmd --permanent --add-service=samba

firewall-cmd --reload

systemctl enable smb nmb

mkdir /common

mkdir /practice

semanage fcontext -a -t samba_share_t "/common(/.*)?"

semanage fcontext -a -t samba_share_t "/practice(/.*)?"

restorecon -r /common/

restorecon -r /practice/

ls -lZd /common/

ls -lZd /practice/

vi /etc/samba/smb.conf

workgroup = STAFF

[common]

    path = /common

    public = yes

    browseable = yes

    

[practice]

    path = /practice

    public = yes

    writeable = yes

    write list = alice

    hosts allow = 172.25.0.0/16

systemctl restart smb nmb

grep alice /etc/passwd

adduser alice

adduser bob

smbpasswd -a bob

smbpasswd -a alice

smbclient -L //server0#客户端

smbclient  //server0/common -U bob#客户端,不能写,通过put测试

smbclient  //server0/practice -U bob#客户端，不能写

smbclient  //server0/practice -U alice#客户端，不能写

setfacl -m u:alice:rwx /practice/

vi /etc/multi.user#客户端

username=alice

password=postroll

vi /etc/fstab#客户端

//server0/practice /mnt/practice cifs defaults ,cred=/ect/multi.user,multiuser,sec=ntlmssp 0 0 

mkdir /mnt/practice#客户端

mount -a#客户端

df -m#客户端

11/12/13#######################################NFS

服务器端

mkdir /nfstest

mkdir /nfsprivate

systemctl enable nfs-server nfs-scrure-server.service

vi /etc/exports

/nfstest 172.25.0.0/16(ro)

/nfsprivate 172.25.0.0/16(rw,sec=krb5p)

cd /etc

wget  http://classroom.example.com/pub/keytabs/server30.keytab -O krb5.keytab

ls -lZ krb5.keytab

cd 

systemctl start nfs-server nfs-scrure-server.service

exportfs -v

firewall-config

permanent->public->servces->nfs->reload

客户端

mkdir /nfstest

mkdir /nfsprivate

vi /etc/fstab

server0:/nfstest  /nfstest    nfs  defaults 0 0 

server0:/nfsprivate /nfsprivate nfs defauts,sec=krb5p 0 0

cd /etc

wget http://classroom.example.com/pub/keytabs/desktop30.keytab -O krb5.keytab

ls -lZ krb5.keytab

systemctl enable nfs-secure

systemctl start nfs-secure.service

mount -a

14#############################################

yum install httpd mod_ssl mod_wsgi -y 

systemctl enable httpd

firewall-cmd --permanent --add-service=http

firewall-cmd --permanent --add-service=https

firewall-cmd --reload

cd  /srv

mkdir www

cd www

mkdir www.server0.example.com

mkdir www0.example.com

mkdir server0.example.com

ls -lZ

restorecon -r /srv/www

ls -lZ

cd /etc/httpd/conf.d

vi server0.example.com.conf#more /usr/share/doc/http-2.4.6/httpd-vhosts.conf找虚拟主机

                           #more /etc/httpd/conf/httpd.conf找<Directory>

<VirtualHost *:80>

    #ServerAdmin webmaster@dummy-host2.example.com

    DocumentRoot /srv/www/server0.example.com

    ServerName server0.example.com

    ErrorLog "/var/log/httpd/server0.example.com-error_log"

    CustomLog "/var/log/httpd/server0.example.com-access_log" common

</VirtualHost>

<VirtualHost *:443>

    #ServerAdmin webmaster@dummy-host2.example.com

    DocumentRoot /srv/www/server0.example.com

    ServerName server0.example.com

    ErrorLog "/var/log/httpd/server0.example.com-ssl-error_log"

    CustomLog "/var/log/httpd/server0.example.com-ssl-access_log" common

    SSLEngine on

    SSLCertificateFile /etc/pki/tls/certs/server30.crt

    SSLCertificateKeyFile /etc/pki/tls/private/server0.key

    SSLCertificateChainFile /etc/pki/tls/certs/server0.pem

</VirtualHost>

<Directory /srv/www/server0.example.com>

    #AllowOverride none

    Require all granted

</Directory>

cd /srv/www/server0.example.com

wget http://classroom.example.com/pub/html/server30.html -O index.html

cd /etc/pki/tls/certs/

wget http://classroom.example.com/pub/tls/server30.crt

chmod 600 server30.crt

wget http://classroom.example.com/pub/tls/server30.pem

chmod 600 server30.pem

cd /etc/pki/tls/private/

wget http://classroom.example.com/pub/tls/server30.key

chmod 600 server30.key

17###################################

cd /etc/httpd/conf.d

vi www.server0.example.com.conf

Listen 8009

<VirtualHost *:8009>

    

    WSGIScriptAlias /  /srv/www/www.server0.example.com/webapp.wsgi

    ServerName www.server0.example.com

    ErrorLog "/var/log/httpd/www.server0.example.com-error_log"

    CustomLog "/var/log/httpd/www.server0.example.com-access_log" common

</VirtualHost>

<Directory /srv/www/www.server0.example.com>

    #AllowOverride none

    Require all granted

</Directory>

cd /srv/www/www.server0.example.com

wget http://classroom.example.com/pub/webapp.wsgi

firewall-cmd --permanent --add-port=8009/tcp

firewall-cmd --reload

18#######################################

cd /var/www/html/virtual/

mkdir restricted

cd /etc/httpd/conf.d

vi www0.example.com.conf

<VirtualHost *:80>

    

    DocumentRoot /var/www/html/virtual

    ServerName www0.example.com

    ErrorLog "/var/log/httpd/www0.example.com-error_log"

    CustomLog "/var/log/httpd/www0.example.com-access_log" common

</VirtualHost>

<Directory "/var/www/html/virtual">

    #AllowOverride none

    Require all granted

</Directory>

<Directory "/var/www/html/virtual/restricted">

    #AllowOverride none

    Require ip 172.25.30.10 

</Directory>

systemctl start httpd

journalctl -xn

tail -20 /var/log/messages

semanage port -a t http_port_t -p tcp 8009

19#################################

#!/bin/bash

case $1 in

   kernel）echo user ;;

   user)  echo kernel;;

   *) echo "/root/program kernel|user"

esac

#!/bin/bash

20##################################################

yum install targetcli -y

yum install iscsi-initiator-utils#客户端

systemctl enable iscsid#客户端

systemctl enable target

systemctl start target

fdisk /dev/vdb

n->p->1G->w

pvcreate /dev/vdb1

vgcreate exam /dev/vdb1

lvcreate -L 500M -n rhel7ce exam

targetcli

/backstores/block create rhel7 /dev/exam/rhel7ce

/iscsi create  iqn.2014-09.com.example.server30:rhel7

/iscsi/$iqn/tpg/luns create /backstores/block/rhel7

/iscsi/$iqn/tpg/acls create iqn.1994-05.com.redhat:d15b2c54Bac #客户端more /etc/iscsi/initiatorname.iscsi

/iscsi/$iqn/tpg/portals create 172.25.30.11  3260

ls

saveconfig

exit

firewall-cmd  --permanent --add-port=3260/tcp

firewall-cmd --reload

_______________________________

客户端

iscsiadm -m discovery -t st  -p 172.25.30.11

systemctl restart iscsi

yum install lsscsi

lsscsi

fdisk /dev/sda

n->p->300M->w

mkfs.xfs /dev/sda1

mkdir /iscsitest

lsblk#找到/dev/sda1的UUID

vi /etc/fstab

UUID=      /iscsitest xfs    _netdev  0 0

mount -a

22##########################################

yum groupinstall mariadb

systemctl enable mariadb

systemctl start mariadb

mysql

create database legacy;

quit

wget http://classroom.example.com/pub/mariadb.dmp

head -40 mariadb.dmp

mysql < mariadb.dmp

mysql

show databases;

use legacy

show tables;

grant select on legacy.* to mary@'localhost' identified by "12345";

grant select,update,insert,delete on legacy.* to legacy@'localhost' identified by "12345";

grant select on legacy.* to report@'localhost' identified by "12345";

flush privileges;

quit

mysql_secure_installation

Y

mysql -u root -p

show database;

use legacy

show tables;

select * from manufacturer;