Linux的一些配置(网络建设与运维)
for i in 的指令使用集
传输内容指令
for i in {1..7};do ssh 10.4.220.10${i} "指令";done
传输文件指令
for i in {1..7};do scp 文件 root@10.4.220.10${i}:文件位置;done
DNS循环内容指令
for i in {1..7};do echo "linux$i A 10.4.220.10$i" >> skills.lan.zone
for i in {1..7};do echo "10$i PTR linux$i.skills.lan" >> 220.4.10.rev
服务下载指令
for i in {1..7};do ssh 10.4.220.10${i} "yum install -y 服务";done
创造好虚拟机后配置网络
注:以下所有虚拟机用指令配置
(1) nmcli c m ens160 ipv4.me m ipv4.add 10.4.220.101/24 ipv4.gate 10.4.220.1 ipv4.dns 10.4.220.101
(2) nmcli c reload
(3) nmcli c up ens160
配置SSH服务
ssh-keygen
打开101的id.rsa.pub 将其余的生成公钥全部复制到101上面,复制完成后101 scp复制到其它计算机上
scp /root/.ssh/id.rsa.pub root@10.4.220.102:/root/.ssh/authorized(下划线)Keys
还要复制101到里面然后重启101
systemctl restart sshd
防火墙开放
firewall-cmd --per --zone=public --add-port=123/udp --add-port=53/tcp --add-port=53/udp --add-port=80/tcp --add-port=443/tcp --add-port=21/tcp --add-port=2049/tcp --add-port=111/tcp --add-port=111/udp --add-port=139/tcp --add-port=445/tcp --add-port=865/tcp --add-port=3260/tcp --add-port=5432/tcp --add-port=5432/udp --add-port=67/udp --add-port=68/udp --add-port=69/udp --add-port=25/tcp --add-port=110/tcp --add-port=143/tcp --add-port=143/udp --add-port=6379/tcp --add-port=8001/tcp --add-port=8002/tcp --add-port=8003/tcp --add-port=8004/tcp --add-port=8005/tcp --add-port=8006/tcp
firewall-cmd --reload
配置NTP时间同步服务
vi /etc/chrony.conf
第三行配置
server 10.4.220.101 iburst
保存并退出,然后复制到其它计算机上面
scp /etc/chrony.conf root@10.4.220.102:/etc/chrony.conf ..... (省略号)其余操作依旧
随后继续编辑101
allow 10.4.220.0/24
取消注释local
随后指令重启
for i in {1..7}; do ssh root@10.4.220.10${i} "systemctl restart chronyd"; done
然后服务器指令验证
chronyc clients
DNS服务配置
Samba文件共享服务 445/tcp
for i in {00.19}; do useradd user${i};done #创造用户
groupadd manager && groupadd dev #创造用户组
usermod -aG manager user00 #用户加入组 疑问:-a -G 属性参数是什么
usermod -aG manager user01
usermod -aG dev user02
usermod -aG dev user03
smbpasswd -a user00 .....(省略号) #给用户设置smb密码
mkdir /srv/sharesmb #创造共享文件夹
setfacl -m g:manager:rwx,g:dev:rx /srv/sharesmb #用户组对该文件夹的权限 疑问:setfacl是什么? 答:比起传统的rwx权限,有更为精确的权限划分 -m 参数:添加后续权限
chmod o+t /srv/sharesmb/ #参数o和t是什么
vim /etc/samba/smb.conf #主配置文件夹的编辑
[sharesmb]
path = /srv/sharesmb
valid users = @manager,@dev
write list = @manager
systemctl restart smb && systemctl enagle smb #重启且开机自启动
smbclient 测试smb测试效果 #疑问:该如何测试,测试指令是什么,smblcient的了解
mkdir -p /sharesmb #在linux4上创造挂载文件夹
vim /etc/fstab #开机自启动文件编辑
//10.4.220.103/sharesmb /sharesmb cifs username=user00,password=123 0 0 mount -a
kdc服务和NFS得服务搭配
在/etc/hosts中定义要使用这个服务的相关虚拟机
10.4.220.102 linux2.skills.lan
10.4.220.103 linux3.skills.lan
104..220.104 linux4.skills.lan
for i in {3..4};do scp /etc/hosts root@10.4.220.10${i}:/etc/hosts;done
yum install -y krb5-server krb5-libs krb5-workstation #安装kdc服务 疑问:kdc具体作用
vim /etc/krb5.conf #编辑配置文件
default realm=SKILLS.LAN | #快速方法: (1)%s/EXAMPLE.COM/SKILLS.LAN/g | (2)sed -i "s/EXAMPLE.COM/SKILLS.LAN" /etc/krb5.conf
| %s/example.com/skills.lan/g | sed -i "s/example.com/skills.lan/g" /etc/krb5.conf
[realms] | %s/kerberos/linux2 | sed -i "s/kerberos/linux2/g" /etc/krb5.conf
SKILLS.LAN = { | | sed -i "18,31s/^#//g" /etc/krb5.conf (这个指令是取消注释,以后也能用在别的地方,请我自己好好记住用法)
kdc = linux2.skills.lan | | sed -i "s/EXAMPLE.COM/SKILLS.LAN" /var/kerberos/krb5kdc/kadm5.acl
admin_server = linux2.skills.lan | | sed -i "s/EXAMPLE.COM/SKILLS.LAN" /var/kerberos/krb5kdc/kdc.conf
| |
} | | echo -e "Pass-123\nPass-123" | kdb5_util -r SKILLS.LAN -s (快速输入密码创造好KDC库)
| | kadmin.local addprinc -pw "Pass-123\nPass-123" root
| | addprinc -randkey nfs/linux3.skills.lan
[domain_realm] | | firewall-cmd --add-port={88,464,749}/tcp --add-port={88.464,749}/udp --permanent
.skills.lan = SKILLS.LAN | | setenforce 0
skills.lan = SKILLS.LAN | | scp /etc/krb5.conf linux3 and linux4:/etc/
| | 虚拟机3和4
vim /var/kerberos/krb5kdc/kadmin.local | | echo -e "Pass-123\nPass-123" | kinit
修改内容成SKILLS.LAN | | klist 查看 (这一条会直接拿到钥匙)
vim /var/kerberos/krb5kdc/kdc.conf | |
修改内容成SKILLS.LAN | |
| |
scp /etc/krb5kdc.conf linux3:/etc/ | |
scp /etc/krb5kdc.conf linux4:/etc/ | |
kadmin.local -q "addprinc root/admin"
systemctl restart kadmin krb5kdc
systemctl enable kadmin krb5kdc
kadmin.local
addprinc -randkey host/linux3.skills.lan
addprinc -randkey host/linux4.skills.lan
addprinc -randkey nfs/linux3.skills.lan
addprinc -randkey nfs/linux4.skills.lan
ktadd -k /tmp/server.keytab nfs/linux3.skills.lan
ktadd -k /tmp/client.keytab nfs/linux4.skills.lan
scp server.keytab linux3.skills.lan:/etc/krb5.keytab
scp client.keytab linux4.skills.lan:/etc/krb5.keytab
scp /etc/krb5.conf linux3.skills.lan:/etc/
scp /etc/krb5.conf linux4.skills.lan:/etc/
firewall-cmd --add-port={88,464,749}/tcp --add-port={88,464,749}/udp --per
setenforce 0
虚拟机3
yum install -y krb5-workstation pam_* pam-* nfs-utils
mkdir -p /srv/sharenfs
chmod -R 777 /srv/sharenfs
groupadd -g 2000 xiao
useradd -u 2000 -g 2000 -d /home/xiaodir xiao
kinit root/admin
klist
exit
vim /etc/exports
/srv/sharenfs *(rw,all_squash,anonuid=2000,anongid=2000,sec=krb5p)
systemctl restart nfs-server rpcbind
firewall-cmd --add-port={111,20048,2049}/tcp --add-port={111,20048,2049}/udp --per
rpcinfo -p localhost #(查看nfs端口 )
虚拟机4
yum install -y krb5-workstation pam_* pam-* nfs-utils
kadmin
ktadd nfs/linux4.skills.lan
vim /etc/auto.master
/share /etc/auto.nfs
vim /etc/auto.nfs
sharenfs -fstype=nfs,rw,all_squash,sync,krb5p linux3.skills.lan:/srv/sharenfs
mount -nfs 10.4.220.103:/srv/sharenfs /sharenfs
fstab
linux3.skills.lan:/srv/sharenfs /sharenfs nfs defaults
mysql 服务
mysql_secure_installation
mysql -uroot -p123 set names utf8;
create user xiao@localhost identified by '123456'; #创造用户并赋予权限 show grants for 用户@localhost; #查看用户的权限
grant all on *.* to xiao@localhost;
redis服务配置
yum install -y gcc-c++
yum install -y redis*
cd /usr/local
mkdir redis
cd redis
mkdir cluster
mkdir 800{1,2,3,4,5,6}
cd cluster
cp /etc/redis/redis.conf /usr/local/redis/cluster/8001/redis.conf
vim 8001/redis.conf
bind 定义为自己的IP
port 8001
daemonize yes (修改为yes,后台启动)
pidfile /var/run/redis_8001.pid (添加8001端口)
logfile /var/log/redis/redis_8001.log (添加8001端口)
/REDIS CLUSTER #命令行输入寻找
cluster-enabled yes #注释取消
cluster-config-file nodes-8001.conf #注释取消,并8001端口
cluster-node-timeout 1500 #注释取消
保存退出
cp 8001/redis.conf 8002/redis.conf
cp 8001/redis.conf 8003/redis.conf
....
cp 8001/redis.conf 8006/redis.conf
vim 8002/redis.conf
%s/8001/8002/g
vim 8003/redis.conf
%s/8001/8003/g
...
vim 8006/redis.conf
%s/8001/8006/g
ps -ef | grep redis #查看redis服务
redis-server 8001/redis.conf #启动对应redis端口服务,以相对路径启用
redis-server 8002/redis.conf
....
redis-server 8006/redis.conf
redis-cli --cluster create --cluster-replicas 1 10.4.220.105:8001 10.4.220.105:8002 10.4.220.105:8003 10.4.220.105:8004 10.4.220.105:8005 10.4.220.105:8006 #创造集群
redis-cli -h 10.4.220.105 -p 8001 info #查看对应端口的状态
...
redis-cli -h 10.4.220.105 -c -p 8001 #登录端口测试
...