rhce备战笔记

1)配置selinux
vim /etc/slinux/config
    SELINUX=enforcing
setenforce 1
getenforce
两台都做

2)配置SSH
vim /etc/ssh/sshd_config
    DenyUsers *@*.my133t.org  *@172.34.0.*
systemctl start sshd
systemctl enable sshd
两台都做

3)自定义用户环境
vim /etc/bashrc
    alias qstat='命令'
source /etc/bashrc
qstat
两台都做

4)防火墙端口转发
firewall-cmd --set-default-zone=trusted
firewall-cmd --permanent --add-source=172.34.0.0/24 --zone=block
firewall-cmd --permanent  --zone=trusted --add-forward-port=port=5423:proto=tcp:toport=80
firewall-cmd --reload

5)配置链路聚合
nmcli connection show
man  nmcli-examples
$ nmcli con add type team con-name Team1 ifname Team1 config team1-master-json.conf
$ nmcli con add type ethernet con-name Team1-slave1 ifname em1 master Team1
$ nmcli con add type ethernet con-name Team1-slave2 ifname em2 master Team1
man teamd.conf
"runner": {"name": "activebackup"}
改为如下
nmcli con add type team con-name team0 ifname team0 '{ "runner": {"name": "activebackup"} }'
nmcli con add type ethernet con-name team0-1 ifname eth1 master team0
nmcli con add type ethernet con-name team0-2 ifname eth2 master team0
nmcli connection modify team0 ipv4.method manual ipv4.addresses "172.16.3.20/24" connection.autoconnection yes
nmcli connection up team0
nmcli connection up team0-1
nmcli connection up team0-2
两台都做

6)配置IPV6
nmcli connection show
nmcli connection modify "System eth0" ipv6.method manual ipv6.address "2003:ac18::306/64" connection.autoconnect yes
两台都做

7)配置本地邮件服务
先配好hostname
hostnamectl set-hostname XXXXX
cat /etc/hostname
服务端：
vim  /etc/postfix/main.cf
    myorigin = desktop0.example.com
    inet_interfaces = loopback-only
    mydestination =
    mynetworks = 127.0.0.1/8 [::1]/128
    relayhosts = [smtp0.example.com]
    local_tranport = error:wrong 无要求可不做
systemctl restart postfix
systemctl enable postfix
mail -s "yyyy" student </etc/passwd
mail -u student 这里应该是没邮件的
客户端：
mail -u student 有邮件了

8)samba发布共享目录
yum -y install samba
mkdir /common
useradd harry
pdbedit -a harry
getsebool -a | grep samba
setsebool -P  samba_export_all_ro=on
setsebool -P  samba_export_all_rw=on
vim /etc/samba/smb.conf
    workgroup = STAFF
    [common]
        path = /common
        hosts allow = 172.25.0.0/24
systemctl restart smb
systemctl enable smb

9)samba多用户挂载
服务端：
mkdir /devops
useradd kenji
useradd chihiro
pdbedit -a kenji
pdbedit -a chihiro
setfacl -m u:chihiro:rwx /devops
vim /etc/samba/smb.conf
    [devops]
        path = /devops
        hosts allow =  172.25.0.0/24
        write list = chihiro
systemctl restart smb
systemctl enable smb
客户端：
yum -y install samba-client cifs-utils
smbclient -L  server0
mkdir /mnt/dev
vim /etc/fstab
    //server0.example.com/devops /mnt/dev cifs username=kenji,password=atenorth,multiuser,sec=ntlmssp,_netdev 0 0
mount -a
su - student
cifscreds add -u chihiro server0
touch /mnt/dev/1.txt

10)NFS共享服务
mkdir  /public
mkdir /protected/project
chown ldapuser0 /protected/project
vim /etc/exports
    /public  172.25.0.0/24(ro)
    /protected 172.25.0.0/24(rw,sec=krb5p)
wget -O /etc/krb5.keytab http://XXXXXXXXX
systemctl restart nfs-secure-server nfs-server
systemctl enable nfs-secure-server nfs-server
exports -rv

11)NFS共享挂载
mkdir /mnt/nfssecure /mnt/nfsmount
wget -O /etc/krb5.keytab http://XXXXXXXXX
systemctl enable nfs-secure-serve
systemctl restart nfs-secure-serve
showmount -e server0
vim /etc/fstab
    server0.example.com:/public  /mnt/nfsmount nfs  _netdev 0 0
    server0.example.com:/protected /mnt/nfssecure nfs sec=krb5p,_netdev 0 0
mount -a
ssh ldapuser0@desktop0
touch /mnt/nfssecure/project/1.txt

12)实现一个web服务器
yum -y install httpd
wget -O /va/www/html/index.html  XXX
vim  /etc/httpd/conf.d/00.conf
    <Virtualhost *:80>
        servername server0.example.com
        documentroot /var/www/html
    </Virtualhost>
systemctl restart httpd
systemctl enable httpd

13)配置安全的web服务
yum -y install mod_ssl
cd /etc/pki/tls/certs
wget XXX/server0.crt
wget XXX/example-ca.crt
cd ..
cd private
wget XXX/server0.key
vim /etc/httpd/conf.d/01.conf
    <Virtualhost _default_:443>
    documentroot /var/www/html
    servername server0.example.com:443
    SSLCertificateFile /etc/pki/tls/certs/server0.crt
    SSLCertificateKeyFile /etc/pki/tls/private/server0.key
    SSLCACertificateFile /etc/pki/tls/certs/example-ca.crt
    </Virtualhost>
systemctl restart httpd
systemctl enable httpd

14)配置虚拟主机
mkdir /var/www/virtual
wget XXX
useradd fleyd
setfacl -m u:fleyd:rwx /var/www/virtual
<Virtualhost *:80>
    servername www0.example.com
    documentroot /var/www/virtual
</virtualhost>
systemctl restart httpd
systemctl enable httpd

15)配置web内容访问
mkdir /var/www/html/private
wget XXX
vim /etc/httpd/con.d/02.conf
<Directory /var/www/html/private>
    require ip 127.0.0.1 ::1 172.25.0.11
</Directory>
systemctl restart httpd
systemctl enable httpd

16)配置动态web
yum -y install mod_wsgi
mkdir /var/www/webapp0
wget XXX
vim /etc/httpd/conf.d/03.cof
Listen
<Virtualhost *:8909>
    documentroot /var/www/webapp0
    servername webapp0.example.com
    WSGIScriptAlias / /var/www/webapp/webinfo.wsgi
</Virtualhost>
semanage port -a -t http_port_t -p tcp 8909
systemctl restart httpd
systemctl enable httpd

17)创建一个脚本
#!/bin/bash
if [ "$1" = redhat ];then
    echo fedora
elif [ "$1" = fedora ];then
    echo redhat
else
    echo "/root/foo.sh redhat | fedora" >&2
    exit 2
fi

18)创建用户脚本
#!/bin/bash
if [ $# -eq 0 ];then
    echo " Usage: /root/batchusers <userfile> "
    exit 1
fi
if [ ! -f $1 ];then
    echo " Inputfilenot found"
    exit 2
fi
for name in $(cat $1)
do
    useradd -s /bin/false $name >/dev/null
done

19)配置ISCSI服务端
fdisk /dev/vdb
+3G
partprobe
yum -y install targetcli
targetcli
backstores/block create iscsi_store /dev/vdb1
iscsi/ create iqn.2016-02.com.example:server0
iscsi/iqn.2016-02.com.example:server0/tpg1/acls create iqn.2016-02.com.example:desktop0
iscsi/iqn.2016-02.com.example:server0/tpg1/luns create backstores/block/iscsi_store
iscsi/iqn.2016-02.com.example:server0/tpg1/portals create 172.25.0.11 3260
saveconfig
exit
systemctl restart target
systemctl enable target

20)配置ISCSI客户端
yum -y install iscsi-initiator-utils
vim /etc/iscsi/initiatorname.iscsi
InitiatorName=iqn.2016-02.com.example:desktop0
systemctl restart iscsid
systemctl enable iscsid
iscsiadn -m discovery -t st -p server0
systemctl restart iscsi
systemctl enanle iscsi
vim /var/iscsi/nodes/iqn.2016-02.com.example...........
    node.conn[0].startup = automatic
systemctl restart iscsi
lsblk
fdisk /dev/sda
+2100M
partprobe
mkfs.ext4 /dev/sda1
mkdir /mnt/data
blkid
vim /etc/fstab
UUID=XXX /mnt/data _netdev 0 0
mount -a
sync;reboot -f


21)数据库配置
yum -y install mariadb mariadb-server
vim /etc/my.inf
    skip-networking
systemctl restart maridb
systemctl enable maridb
mysqladmin -u root password 'atenorth'
mysql -u root -p
    create database Contacts;
    grant select on Contacts.* to XX@localhost identified by 'password';
    delete from mysql.user where password='';
    quit
wget XXX/user.sql
mysql -u -p Contacts < user.sql

22)数据库查询
略