目标:学习ubuntu系统
1.安装
2.系统配置,网络配置,安全配置,软件安装
3.ansible管理ubuntu
第1章 安装ubuntu
1.官网地址
https://ubuntu.com/download
2.选择版本
Ubuntu Desktop 图形化桌面,开发喜欢用
Ubuntu Server 内核比较新,对容器支持较好
LTS 长期支持版
3.下载地址
http://mirror.umd.edu/ubuntu-iso/18.04.4/ubuntu-18.04.4-live-server-amd64.iso
第2章 安装系统
1.选择语言
2.是否安装最新版
3.选择键盘
4.配置网络
5.配置镜像地址
清华源地址:
https://mirrors.tuna.tsinghua.edu.cn/help/ubuntu/
6.配置磁盘
7.配置用户
8.配置SSH
9.预装软件
10.安装中
第3章 ubuntu日常使用
1.用户管理
1.如何使用root用户
sudo su -
2.普通用户如何使用超级命令
sudo + 命令
3.修改root密码
echo "root:123456"|chpasswd
4.何使用root登陆
sudo vim /etc/ssh/sshd_config
PermitRootLogin yes
sudo systemctl restart sshd
5.免交互修改密码
echo "root:123456"|chpasswd
6.创建可以登录的普通用户
sudo useradd json -m -s /bin/bash
sudo passwd json
问题:
使用ansible能否创建带有密码的普通用户?
2.常用配置
1.网卡配置
参考博客:
https://www.jianshu.com/p/7b19961ff425
添加第二网卡配置
zhangya@ubuntu:~$ cat /etc/netplan/50-cloud-init.yaml
# This file is generated from information provided by the datasource. Changes
# to it will not persist across an instance reboot. To disable cloud-init's
# network configuration capabilities, write a file
# /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg with the following:
# network: {config: disabled}
network:
ethernets:
ens33:
addresses:
- 10.0.0.100/24
gateway4: 10.0.0.2
nameservers:
addresses:
- 10.0.0.2
search:
- 10.0.0.2
ens38:
addresses:
- 172.16.1.100/24
version: 2
重启网卡
netplan apply
再次查看
zhangya@ubuntu:~$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:41:8f:71 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.100/24 brd 10.0.0.255 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe41:8f71/64 scope link
valid_lft forever preferred_lft forever
3: ens38: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:41:8f:7b brd ff:ff:ff:ff:ff:ff
inet 172.16.1.100/24 brd 172.16.1.255 scope global ens38
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe41:8f7b/64 scope link
valid_lft forever preferred_lft forever
2.设置软件源
zhangya@ubuntu:~$ cat /etc/apt/sources.list
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic main restricted universe multiverse
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-updates main restricted universe multiverse
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-backports main restricted universe multiverse
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-security main restricted universe multiverse
更新仓库缓存
sudo apt update
3.安装常用软件
0.软件包管理命令说明
apt和apt-get区别
https://blog.csdn.net/liudsl/article/details/79200134
apt和yum命令区别
deb rpm
apt yum
apt update yum makecache
apt upgrade yum update
apt install yum install
dpkg -i rpm -ivh
dpkg -r rpm -e
4.防火墙和Selinux
查看防火墙规则
sudo iptables -nL
5.ansible管理ubuntu
1.ansible使用普通账户安装软件
[root@sweb01 ~/ubuntu]# cat /etc/ansible/hosts
[all:vars]
ansible_ssh_user=zhangya
ansible_become=true
ansible_become_method=sudo
ansible_become_password=12345678
[apt]
10.0.0.100
安装剧本:
[root@sweb01 ~/ubuntu]# cat install.yaml
- hosts: apt
tasks:
- name: Install_nginx
apt:
name: nginx
state: present
- name: start nginx
service:
name: nginx
state: started
enabled: yes
2.创建不允许登陆的用户
[root@sweb01 ~/ubuntu]# cat useradd.yaml
- hosts: apt
tasks:
- name: 01_create_group
group:
name: www
gid: 666
- name: 02_create_user
user:
name: www
uid: 666
group: www
shell: /sbin/nologin
create_home: no
3.创建带密码允许登陆的普通用户
生成加密的密码:
[root@sweb01 ~]# ansible all -i localhost, -m debug -a "msg={{ '123456' | password_hash('sha512', '123456') }}"
localhost | SUCCESS => {
"msg": "$6$123456$37mxvJGRzjWxgD3HYl.bKq4aUXrcYV8mk0pxmqg8ARv3t9ke5ZM/NBbwTkx1FDcnLhrOX3jQc6L/NKAohhQJn/"
}
编写创建用户的剧本
- hosts: apt
tasks:
- name: 01_create_group
group:
name: wwww
gid: 555
- name: 02_create_user
user:
name: wwww
uid: 555
group: wwww
shell: /bin/bash
create_home: yes
password: "$6$123456$37mxvJGRzjWxgD3HYl.bKq4aUXrcYV8mk0pxmqg8ARv3t9ke5ZM/NBbwTkx1FDcnLhrOX3jQc6L/NKAohhQJn/"
4.修改用户密码
生成密码文件:
[root@sweb01 ~]# ansible all -i localhost, -m debug -a "msg={{ '123' | password_hash('sha512', '123456') }}"
localhost | SUCCESS => {
"msg": "$6$123456$/hZzdP1seQMNeqJU9iyZNc05gsq3FQyLjnPFPQ2C7i.Tb7WF8ogJ.V.XVlEC2slx3M8C0YkU1/L2ZDcxgTTYL0"
}
编写剧本:
- hosts: apt
tasks:
- name: change_wwww_pw
user:
name: wwww
password: "$6$123456$/hZzdP1seQMNeqJU9iyZNc05gsq3FQyLjnPFPQ2C7i.Tb7WF8ogJ.V.XVlEC2slx3M8C0YkU1/L2ZDcxgTTYL0"
5.修改root密码
编写剧本
[root@sweb01 ~/ubuntu]# cat user_root_passwd.yaml
- hosts: apt
tasks:
- name: change_root_passwd
user:
name: root
password: "$6$123456$/hZzdP1seQMNeqJU9iyZNc05gsq3FQyLjnPFPQ2C7i.Tb7WF8ogJ.V.XVlEC2slx3M8C0YkU1/L2ZDcxgTTYL0"
第x章 ubuntu和centos不一样的地方
1.默认使用普通用户登陆
2.的root用户默认没有密码,也不允许ssh登陆
3.普通用户想使用超级管理员命令加上sudo
4.passwd命令没有--stdin选项,要想免交互,使用chpasswd
5.useradd创建普通用户默认不创建家目录,默认解释器为sh
6.网卡配置使用的是yaml格式
7.默认没有iptables规则
8.默认没有selinux
`