【轉】RHCE 7系列—RHCE考試


本篇主要以RHCE練習題為線索,介紹其中涉及的知識點。

紅色引用的字為題目要求(不是正式題目,難度略低於正式題目)


In serverX or desktopX
1. (lab teambridge setup[in serverX])Configure Link Aggregation in
serverX with config “activebackup” ip “192.168.0.11” gw
“192.168.0.254”.

 

lab teambridge setup

[root@server0 ~]# ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
link/ether 52:54:00:00:00:0b brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
link/ether 52:54:00:00:00:0e brd ff:ff:ff:ff:ff:ff
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
link/ether 52:54:00:00:00:0f brd ff:ff:ff:ff:ff:ff
6: eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
link/ether da:da:11:ca:26:07 brd ff:ff:ff:ff:ff:ff
8: eno2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
link/ether ca:2a:c4:8c:f1:ce brd ff:ff:ff:ff:ff:ff

添加類型為team的網卡:

  • [root@server0 ~]# nmcli connection add con-name team0 ifname team0 type team config ‘{“runner”:{“name”:”activebackup”}}’
    Connection ‘team0’ (fcc3dcd2-ecfe-429a-9056-4a4115f48e7a) successfully added.

修改該網卡的配置:

  • [root@server0 ~]# nmcli connection modify “team0” ipv4.addresses “192.168.0.11/24 192.168.0.254” ipv4.method manual

分配兩張網卡,作為子端口:

  • [root@server0 ~]# nmcli connection add con-name team0-port1 ifname eno1 type team-slave master team0
  • [root@server0 ~]# nmcli connection add con-name team0-port2 ifname eno2 type team-slave master team0
  • 檢查狀態:

[root@server0 ~]# teamdctl team0 state
setup:
runner: activebackup
ports:
eno1
link watches:
link summary: up
instance[link_watch_0]:
name: ethtool
link: up
eno2
link watches:
link summary: up
instance[link_watch_0]:
name: ethtool
link: up
runner:
active port: eno1

  • ip -a

……..

6: eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master team0 state UP qlen 1000
link/ether ca:0f:d9:cb:e7:7b brd ff:ff:ff:ff:ff:ff
8: eno2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master team0 state UP qlen 1000
link/ether ca:0f:d9:cb:e7:7b brd ff:ff:ff:ff:ff:ff
15: team0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
link/ether ca:0f:d9:cb:e7:7b brd ff:ff:ff:ff:ff:ff
inet 192.168.0.11/24 brd 192.168.0.255 scope global team0
valid_lft forever preferred_lft forever
inet6 fe80::400b:2dff:fe43:bdde/64 scope link
valid_lft forever preferred_lft forever
[root@server0 ~]# nmcli connection show

測試:

[root@server0 ~]# nmcli connection show
NAME UUID TYPE DEVICE
System eth0 5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03 802-3-ethernet eth0
team0-port2 5cce5b22-6da3-4063-b637-b22df585525d 802-3-ethernet eno2
team0-port1 c4e4faf7-49c6-4ff1-b14a-9d803bf1e3ed 802-3-ethernet eno1
team0 96c7eec8-4265-4e32-a378-cdf17a429f83 team team0
[root@server0 ~]# ping -I team0 192.168.0.254
PING 192.168.0.254 (192.168.0.254) from 192.168.0.11 team0: 56(84) bytes of data.
64 bytes from 192.168.0.254: icmp_seq=1 ttl=64 time=0.317 ms
64 bytes from 192.168.0.254: icmp_seq=2 ttl=64 time=0.046 ms
64 bytes from 192.168.0.254: icmp_seq=3 ttl=64 time=0.047 ms
64 bytes from 192.168.0.254: icmp_seq=4 ttl=64 time=0.047 ms
^C
— 192.168.0.254 ping statistics —
4 packets transmitted, 4 received, 0% packet loss, time 2999ms
rtt min/avg/max/mdev = 0.046/0.114/0.317/0.117 ms


2. Managing DNS forward requires from anywhere to “classroom.example.com”
in serverX.

 

 

3. (lab smtp-nullclient setup[in serverX & desktopX])Configure a local
mail server as a null client(serverX) that forwards all messages to a
central server(desktopX) for delivery.

 

 

 


4. Configure a iSCSI target server(serverX) with ACL-validated access:
you should create a new 1G target on serverX. This target should be
called “iqn.2014-10.com.example:serverX”. And it should only be
available to client with a initiatorname of “iqn.2014-
10.com.example:desktopX”.In desktopX you should mount it in
“/mnt/iscsi”.

服務端配置:

安裝軟件

  • yum search targetcli
  • yum install targetcli -y

先按照要求分區(注意千萬不要格式化

  • [root@server0 ~]# fdisk /dev/vdb
  • [root@server0 ~]# partprobe
    [root@server0 ~]# fdisk -l

配置ISCSI服務端:

2

  • [root@server0 ~]# targetcli

/> backstores/block create disk1 /dev/vdb

 

/> iscsi/ create iqn.2014-10.com.example:server0

/> iscsi/iqn.2014-10.com.example:server0/tpg1/luns create /backstores/block/disk1

iscsi/iqn.2014-10.com.example:server0/tpg1/acls create iqn.2014-10.com.example:desktop0 (這里客戶端的地址)

/> iscsi/iqn.2014-10.com.example:server0/tpg1/portals create 172.25.0.11

 

/> saveconfig

1

開啟防火牆

  • [root@server0 ~]# firewall-cmd –permanent –add-port=3260/tcp
    success
    [root@server0 ~]# firewall-cmd –reload
    success

客戶端配置:

  1. [root@desktop0 ~]# vim /etc/iscsi/initiatorname.iscsi

InitiatorName=iqn.2014-10.com.example:desktop0 (這里是客戶端的地址)

安裝客戶端,並設置開機啟動:

  • [root@desktop0 ~]# yum install iscsi-initiator-utils.x86_64 -y
  • [root@desktop0 ~]# systemctl enable iscsi iscsid
  • [root@desktop0 ~]# systemctl start iscsi iscsid

主動發現服務端:(如果記不得參數, 可以man iscsiadm 里面有example)

  • [root@desktop0 ~]# iscsiadm –mode discoverydb –type sendtargets –portal 172.25.0.11 –discover

登陸

  • [root@desktop0 ~]# iscsiadm –mode node –targetname iqn.2014-10.com.example:server0 –portal 172.25.0.11:3260 –login
    Logging in to [iface: default, target: iqn.2014-10.com.example:server0, portal: 172.25.0.11,3260] (multiple)
    Login to [iface: default, target: iqn.2014-10.com.example:server0, portal: 172.25.0.11,3260] successful.
    [root@desktop0 ~]#

測試發現多了一塊sda設備:

  • [root@desktop0 ~]# ll /dev/sd*
    brw-rw—-. 1 root disk 8, 0 Aug 3 11:31 /dev/sda

分區、格式化、開機自動掛載:

  • fdisk /d/dev/sda1
  • [root@desktop0 ~]# mkdir /mnt/iscsi
  • [root@desktop0 ~]# vim /etc/fstab (這個配置_netdev千萬要寫對)

/dev/sda1 /mnt/iscsi xfs _netdev 0 0

  • [root@desktop0 ~]# mount -a
  • [root@desktop0 ~]# df -h

(ISCSI貌似有個bug,client端配置完成后重啟會卡住,所以必須手動斷電,再重開)


5. Share directory “/nornfs” with NFS and on serverX and mount it on
desktopX in “/mnt/nfs”, User in desktopX should have only read
permission on it. Make sure it mounted at startup time.

服務端:

首先修改NFS版本號:

  • vim /etc/sysconfig/nfs

修改其中的 RHCNFSDARGS=”-V 4.2

首先建立一個單獨的分區,然后掛載到制定的目錄下(這個就是之后NFS共享目錄了)

  • fdisk /dev/vdb
  • partprobe
  • mkfs.xfs /dev/vdb2
  • vim /etc/fstab
  • mount -a
  • df -h

安裝文件/設置啟動

  • yum search nfs
  • yum install nfs-utils.x86_64 -y
  • systemctl enable nfs-server.service
  • systemctl start nfs-server.service

修改主配置

  • vim /etc/exports

/nornfs 172.25.0.10/24(ro,sync)

  • exportfs -r

配置防火牆:

  • firewall-cmd –permanent –add-service=nfs
  • firewall-cmd –permanent –add-service=rpc-bind
  • firewall-cmd –permanent –add-service=mountd
  • firewall-cmd –reload

在本機測試:

  • showmount -e

 

客戶端:

測試連接NFS服務器:

  • showmount -e 172.25.0.11
  • systemctl enable nfs
  • systemctl enable nfs.service

創建目錄,設置開機掛載:

  • mkdir /mnt/nfs
  • mount 172.25.0.11:/nornfs /mnt/nfs/
  • df -h
  • vim /etc/fstab

172.25.0.11:/nornfs /mnt/nfs nfs defaults 0 0

  • mount -a
  • reboot

6. (lab storageshares setup[in serverX & desktopX])Share directory
“/krbnfs” with NFS and Kerberos on serverX and mount it on desktopX in
“/mnt/nfsspace”.User in desktopX should have full permission on it.
Make sure it mounted at startup time.

服務端:

下載證書:

  • wget -O /etc/krb5.keytab http://classroom.example.com/pub/keytabs/server0.keytab

創建對應的目錄並在server0上設置自動掛載:

  • mkdir /krbnfs
  • vim /etc/fstab
  • mount -a

設置nfs配置文件:

  • vim /etc/exports

/krbnfs 172.25.0.0/24(rw,sec=krb5p)

  • exportfs -r

啟動服務:

  • systemctl enable nfs-secure-server.service (這里和Client不一樣,要注意)
  • systemctl start nfs-secure-server.service
  • firewall-cmd –permanent –add-service=nfs
  • firewall-cmd –permanent –add-service=rpc-bind
  • firewall-cmd –permanent –add-service=mountd
  • firewall-cmd –reload

登陸ldap:

  • ssh ldapuser0@desktop0.example.com

 


客戶端

下載證書:

  • wget -O /etc/krb5.keytab http://classroom.example.com/pub/keytabs/desktop0.keytab

啟動服務

  • systemctl enable nfs-secure.service這里和server不一樣,要注意
  • systemctl start nfs-secure.service

設置開機自動掛載:

  • vim /etc/fstab

172.25.0.11:/krbnfs /mnt/nfsspace nfs defaults,v4.2,sec=krb5p 0 0

  • mount -a

登陸ldap:

  • ssh ldapuser0@desktop0.example.com

7. Share a directory “/smbshare” with SMB and it can only mounted on
desktopX in “/mnt/smb”, members of the group “share” has full
permission on the share. Others only have the read permission.Create a
Samba-only user natasha and harry with password “redhat”.Configure
multiuser config in desktopX with user harry. root in desktopX should
have only read permission in it . natasha in desktopX should have full
permission in it.

服務端配置:

安裝需要的軟件:

  • yum install samba.x86_64 samba-client.x86_64 -y

設置啟動,開啟兩個服務:(這里不要忘了nmb服務)

  • systemctl enable smb nmb
  • systemctl start smb nmb

設置防火牆:

  • firewall-cmd –permanent –add-service=samba
  • firewall-cmd –reload

設置samba用戶組及其用戶,並設置其samba密碼:

  • groupadd share
  • useradd -G share -s /sbin/nologin natasha
  • useradd -G share -s /sbin/nologin harry
  • smbpasswd -a natasha
  • smbpasswd -a harry

按題目要求創建目錄,並且修改該目錄的安全上下文以及目錄權限:

  • mkdir /smbshare
  • chown .share /smbshare/
  • chmod 775 /smbshare/
  • semanage fcontext -a -t samba_share_t/smbshare(/.*)?‘ (如果記不得安全上下文的類型,可以在samba主配置文件/etc/samba/smb.conf中找到)
  • restorecon -vvRF /smb1share/
  • ll -dZ /smb1share/

1

修改主配置文件/etc/samba/smb.conf:

[smb]
comment = SMB share
path = /smbshare
browseable = yes
guest ok = no
writeable = yes
write list = @share
read list = root

read list 指定只能讀取該共享資源的用戶和組

write list 指定能讀取和寫該共享資源的用戶和組

另外可能還會遇到限制特定域/IP段訪問samba的情況,在[grobal]中和自定義的模塊中,加入

有如下幾種格式:(這里根據題目要求)

hosts allow =172.25.0.0/24

hosts allow =172.25.0. (不要忘記最后的點)

hosts allow = .example.com (不要忘記前面的點)

hosts allow =172.25.0.1

即可 (推薦在自己定義的模塊中填寫,這樣配置更靈活)

配置好之后,可以用命令檢查一下配置是否正確:

  • testparm

重啟服務:

  • systemctl restart smb nmb

可以先在本地測試一下:

  • smbclient -L //172.25.0.11/smb -U natasha
  • smbclient //172.25.0.11/smb -U natasha
  • smbclient //172.25.0.11/smb

客戶端配置:

測試samba客戶端:

在配置cifs之前,可以先測試一下samba是否可用:

先安裝samba客戶端:

  • yum install samba-client.x86_64 -y
  • smbclient -L //172.25.0.11/smb -U natasha
  • smbclient //172.25.0.11/smb -U harry
  • smbclient //172.25.0.11/smb

配置cifs

安裝需要的軟件:

  • yum install cifs-utils.x86_64 -y

創建掛載點,並自動掛載目錄:

  • mkdir /mnt/smbspace

可以先用mount測試一下,是否能夠成功掛載:

  • mount -t cifs //172.25.0.11/smb /mnt/smbspace/ -o username=harry
  • df -h

1

  • 設置samba用戶的密碼文件/root/smb.pass:

username=harry
password=redhat

  • 編輯配置文件,添加如下(這里的配置如果不會寫的話, 可以man mount.cifs ,里面都有參數的介紹):
  • vim /etc/fstab

//172.25.0.11/smb /mnt/smbspace cifs defaults,credentials=/root/smb.pass,multiuser,sec=ntlmssp 0 0

  • df -h (再查看一下)

最后兩台機器都重啟一下,先重啟server,再desktop


配置客戶端cifs的時候有個坑:

不論是

  • mount -t cifs //172.25.0.11/smb /mnt/smbspace/ -o username=harry

還是修改/etc/fstab,

填寫遠程samba服務端的地址時(紅色字體) //172.25.0.11/smb, 一定不是路徑 !!! 而是/etc/samba/smb.conf中samba的名稱,而不是path:

1

 

 

 

 

 

如果按照上圖的配置, 在客戶端這樣掛載:

  • mount -t cifs //172.25.0.11/smbshare /mnt/smbspace/ -o username=natasha

你就會得到這樣的錯誤:

Retrying with upper case share name
mount error(6): No such device or address
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)

1


8. Configure MariaDB with a database named “inventory” in
“http://classroom.example.com/pub/materials/mariadb/inventory.dump”.Co
nfig password “redhat” for root.

下載文件:

  • wget http://classroom.example.com/pub/materials/mariadb/inventory.dump

安裝文件

  • yum groupinstall mariadb -y

配置啟動:

  • systemctl enable mariadb.service
  • systemctl start mariadb.service

設置安全性

  • mysql_secure_installation

按照要求進行設置即可

然后創建數據庫inventory

  • mysql -u root -p

MariaDB [(none)]> Create database inventory;
Query OK, 1 row affected (0.00 sec)

MariaDB [(none)]> exit
Bye

導入數據:

  • [root@server0 ~]# mysql -u root -p inventory < inventory.dump
    Enter password:

查詢一下:

MariaDB [inventory]> show tables;
+———————+
| Tables_in_inventory |
+———————+
| category |
| manufacturer |
| product |
+———————+
3 rows in set (0.00 sec)

 

 

(未完待續)

 

 

 文章來源:

http://www.attacker2001.com/

 

雲襲2001's blog

 

一個不努力的菜鳥

 


免責聲明!

本站轉載的文章為個人學習借鑒使用,本站對版權不負任何法律責任。如果侵犯了您的隱私權益,請聯系本站郵箱yoyou2525@163.com刪除。



 
粵ICP備18138465號   © 2018-2025 CODEPRJ.COM