实验需求:
现有主机 node01 和 node02,完成如下需求:
- 在 node01 主机上提供 DNS 和 WEB 服务
- dns 服务提供本实验所有主机名解析
- web服务提供 www.rhce.com 虚拟主机
- 该虚拟主机的documentroot目录在 /nfs/rhce 目录
- 该目录由 node02 主机提供的NFS服务共享
- 该目录可以通过autofs服务实现自动挂载
- 所有服务应该在重启之后依然可以正常使用
实验简图如下:
步骤:
- 分别在
node1和node2上面安装软件包
[root@node1 ~]# dnf install httpd bind nfs-utils autofs -y
[root@node2 ~]# yum install bind nfs-utils httpd -y
- 在
node2上配置NFS
# 启动服务
[root@node2 ~]# systemctl enable --now rpcbind
[root@node2 ~]# systemctl enable --now nfs-server.service
Created symlink /etc/systemd/system/multi-user.target.wants/nfs-server.service → /usr/lib/systemd/system/nfs-server.service.
[root@node2 ~]# systemctl status rpcbind
● rpcbind.service - RPC Bind
Loaded: loaded (/usr/lib/systemd/system/rpcbind.service; enabled; preset: enabled)
Active: active (running) since Thu 2024-07-11 15:21:42 CST; 48s ago
TriggeredBy: ● rpcbind.socket
Docs: man:rpcbind(8)
Main PID: 2375 (rpcbind)
Tasks: 1 (limit: 10821)
Memory: 1.6M
CPU: 12ms
CGroup: /system.slice/rpcbind.service
└─2375 /usr/bin/rpcbind -w -f
Jul 11 15:21:42 node2 systemd[1]: Starting RPC Bind...
Jul 11 15:21:42 node2 systemd[1]: Started RPC Bind.
# 配置防火墙放行规则
[root@node2 ~]# firewall-cmd --permanent --add-service=nfs
success
[root@node2 ~]# firewall-cmd --permanent --add-service=mountd
success
[root@node2 ~]# firewall-cmd --permanent --add-service=rpc-bind
success
[root@node2 ~]# firewall-cmd --reload
success
[root@node2 ~]# firewall-cmd --list-services
cockpit dhcpv6-client mountd nfs rpc-bind ssh
# 重启服务
[root@node2 ~]# systemctl restart nfs-server.service
# 配置导出目录
[root@node2 ~]# mkdir /rhce
[root@node2 ~]# chmod 777 /rhce/
[root@node2 ~]# echo welcome to rhce > /rhce/index.html
[root@node2 ~]# cat /etc/exports
/rhce 192.168.209.136(rw)
[root@node2 ~]# systemctl restart nfs-server.service
# 查看导出的目录
[root@node2 ~]# showmount -e 192.168.209.137
Export list for 192.168.209.137:
/rhce 192.168.209.136
- 在
node1上配置autofs自动挂载
# 在node1查看导出的目录
[root@node1 ~]# showmount -e 192.168.209.137
Export list for 192.168.209.137:
/rhce 192.168.209.136
[root@node1 ~]# mkdir /nfs
[root@node1 ~]# cat /etc/auto.master
/nfs /etc/auto.nfs
[root@node1 ~]# cat /etc/auto.nfs
rhce 192.168.209.137:/rhce
[root@node1 ~]# systemctl restart autofs.service
# 触发自动挂载
[root@node1 ~]# cd /nfs/
[root@node1 nfs]# ll
total 0
[root@node1 nfs]# cd rhce
[root@node1 rhce]# ll
total 4
-rw-r--r--. 1 root root 16 Jul 11 15:24 index.html
[root@node1 rhce]# cat index.html
welcome to rhce
- 在
node1上配置web和dns服务
- 配置web
# 编辑rhce.conf配置文件
[root@node1 ~]# cd /etc/httpd/conf.d
[root@node1 conf.d]# cat rhce.conf
<directory /nfs>
allowoverride none
require all granted
</directory>
<virtualhost 192.168.209.136:80>
documentroot /nfs/rhce
servername www.rhce.com
</virtualhost>
# 添加本地主机名解析
[root@node1 conf.d]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.209.136 www.rhce.com
# 重启httpd服务
[root@node1 conf.d]# systemctl restart httpd
- 配置DNS
[root@node1 conf.d]# cat /etc/resolv.conf
# Generated by NetworkManager
search localdomain
nameserver 192.168.209.136
# 配置DNS正向解析,配置/etc/named.conf配置文件
[root@node1 conf.d]# cat /etc/named.conf
options {
listen-on port 53 { 192.168.209.136; };
directory "/var/named";
};
zone "rhce.com" IN {
type master;
file "named.rhce";
};
# 配置named.rhce配置文件
[root@node1 ~]# cat /var/named/named.rhce
$TTL 1d
@ IN SOA @ admin.rhce.com. (1
1
1
1
1)
IN NS ns.rhce.com.
ns IN A 192.168.209.136
www IN A 192.168.209.136
# 重启服务
[root@node1 conf.d]# systemctl restart named
#查看防火墙状态
[root@node1 conf.d]# systemctl status firewalld.service
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; preset: enabled)
Active: active (running) since Thu 2024-07-11 15:10:01 CST; 35min ago
Docs: man:firewalld(1)
Main PID: 798 (firewalld)
Tasks: 2 (limit: 10821)
Memory: 41.6M
CPU: 362ms
CGroup: /system.slice/firewalld.service
└─798 /usr/bin/python3 -s /usr/sbin/firewalld --nofork --nopid
Jul 11 15:10:01 node1 systemd[1]: Starting firewalld - dynamic firewall daemon...
Jul 11 15:10:01 node1 systemd[1]: Started firewalld - dynamic firewall daemon.
#防火墙放行规则
[root@node1 conf.d]# firewall-cmd --permanent --add-service=http
success
[root@node1 conf.d]# firewall-cmd --permanent --add-service=dns
success
[root@node1 conf.d]# firewall-cmd --reload
success
# 当 httpd进程使用 nfs 文件系统时,需要打开一个selinux 布尔值 这个提示会在系统日志中出现,setsebool -P httpd_use_nfs 1 这个是开启的命令。“setsebool” 是一个用于设置 SELinux(Security-Enhanced Linux)布尔值的命令。“-P” 选项表示使设置永久生效,即使系统重新启动,设置仍然保持。“httpd_use_nfs” 是要设置的 SELinux 布尔值的名称。“1” 表示将该布尔值设置为“开启”或“允许”的状态。
[root@node1 conf.d]# setsebool -P httpd_use_nfs 1
#查询DNS信息
[root@node1 conf.d]# dig -t A www.rhce.com
; <<>> DiG 9.16.23-RH <<>> -t A www.rhce.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54673
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 6c60fdfad0fa9d8901000000668f8dee62ef8cef318b6296 (good)
;; QUESTION SECTION:
;www.rhce.com. IN A
;; ANSWER SECTION:
www.rhce.com. 86400 IN A 192.168.209.136
;; Query time: 3 msec
;; SERVER: 192.168.209.136#53(192.168.209.136)
;; WHEN: Thu Jul 11 15:46:54 CST 2024
;; MSG SIZE rcvd: 85
[root@node1 conf.d]#
[root@node1 conf.d]#
[root@node1 conf.d]# curl www.rhce.com
welcome to rhce
- 在
node2上配置从服务器
[root@node2 ~]# cat /etc/named.conf
options {
listen-on port 53 { 127.0.0.1; };
directory "/var/named";
};
zone "rhce.com" IN {
type slave;
masters { 192.168.209.136; };
file "slaves/named.rhce";
};
[root@node2 ~]# cat /etc/resolv.conf
# Generated by NetworkManager
search localdomain
nameserver 192.168.209.136
[root@node2 ~]# systemctl restart named
[root@node2 ~]# curl www.rhce.com
welcome to rhce
- 测试
[root@node1 ~]# curl www.rhce.com
welcome to rhce
[root@node2 ~]# curl www.rhce.com
welcome to rhce
