Linux的一些配置（网络建设与运维）

for i in 的指令使用集
传输内容指令
for i in {1..7};do ssh 10.4.220.10${i} "指令";done
传输文件指令
for i in {1..7};do scp 文件 root@10.4.220.10${i}:文件位置;done
DNS循环内容指令
for i in {1..7};do echo "linux$i A 10.4.220.10$i" >> skills.lan.zone
for i in {1..7};do echo "10$i PTR linux$i.skills.lan" >> 220.4.10.rev
服务下载指令
for i in {1..7};do ssh 10.4.220.10${i} "yum install -y 服务";done

创造好虚拟机后配置网络
注：以下所有虚拟机用指令配置
(1) nmcli c m ens160 ipv4.me m ipv4.add 10.4.220.101/24 ipv4.gate 10.4.220.1 ipv4.dns 10.4.220.101
(2) nmcli c reload
(3) nmcli c up ens160

配置SSH服务
ssh-keygen
打开101的id.rsa.pub 将其余的生成公钥全部复制到101上面，复制完成后101 scp复制到其它计算机上
scp /root/.ssh/id.rsa.pub root@10.4.220.102:/root/.ssh/authorized(下划线)Keys
还要复制101到里面然后重启101
systemctl restart sshd

防火墙开放
firewall-cmd --per --zone=public --add-port=123/udp --add-port=53/tcp --add-port=53/udp --add-port=80/tcp --add-port=443/tcp --add-port=21/tcp --add-port=2049/tcp --add-port=111/tcp --add-port=111/udp --add-port=139/tcp --add-port=445/tcp --add-port=865/tcp --add-port=3260/tcp --add-port=5432/tcp --add-port=5432/udp --add-port=67/udp --add-port=68/udp --add-port=69/udp --add-port=25/tcp --add-port=110/tcp --add-port=143/tcp --add-port=143/udp --add-port=6379/tcp --add-port=8001/tcp --add-port=8002/tcp --add-port=8003/tcp --add-port=8004/tcp --add-port=8005/tcp --add-port=8006/tcp
firewall-cmd --reload

配置NTP时间同步服务
vi /etc/chrony.conf
第三行配置
server 10.4.220.101 iburst
保存并退出，然后复制到其它计算机上面
scp /etc/chrony.conf root@10.4.220.102:/etc/chrony.conf ..... （省略号）其余操作依旧
随后继续编辑101
allow 10.4.220.0/24
取消注释local
随后指令重启
for i in {1..7}; do ssh root@10.4.220.10${i} "systemctl restart chronyd"; done
然后服务器指令验证
chronyc clients

DNS服务配置

Samba文件共享服务       445/tcp
for i in {00.19}; do useradd user${i};done   #创造用户
groupadd   manager && groupadd dev #创造用户组
usermod -aG manager user00           #用户加入组疑问:-a -G 属性参数是什么
usermod -aG manager user01
usermod -aG dev user02
usermod -aG dev user03
smbpasswd -a user00 .....(省略号)           #给用户设置smb密码
mkdir /srv/sharesmb                   #创造共享文件夹
setfacl -m g:manager:rwx,g:dev:rx /srv/sharesmb   #用户组对该文件夹的权限疑问：setfacl是什么？答：比起传统的rwx权限，有更为精确的权限划分 -m 参数：添加后续权限
chmod o+t /srv/sharesmb/           #参数o和t是什么
vim /etc/samba/smb.conf               #主配置文件夹的编辑
[sharesmb]
   path = /srv/sharesmb
   valid users = @manager,@dev
   write list = @manager
systemctl restart smb && systemctl enagle smb   #重启且开机自启动

smbclient 测试smb测试效果 #疑问：该如何测试，测试指令是什么，smblcient的了解

mkdir -p /sharesmb #在linux4上创造挂载文件夹
vim /etc/fstab #开机自启动文件编辑
//10.4.220.103/sharesmb /sharesmb cifs username=user00,password=123 0 0 mount -a

kdc服务和NFS得服务搭配
在/etc/hosts中定义要使用这个服务的相关虚拟机
10.4.220.102   linux2.skills.lan
10.4.220.103   linux3.skills.lan
104..220.104   linux4.skills.lan
for i in {3..4};do scp /etc/hosts root@10.4.220.10${i}:/etc/hosts;done
yum install -y krb5-server krb5-libs krb5-workstation       #安装kdc服务   疑问：kdc具体作用
vim /etc/krb5.conf           #编辑配置文件
default realm=SKILLS.LAN               | #快速方法: （1）%s/EXAMPLE.COM/SKILLS.LAN/g   |   （2）sed -i "s/EXAMPLE.COM/SKILLS.LAN" /etc/krb5.conf
                               |           %s/example.com/skills.lan/g       |       sed -i "s/example.com/skills.lan/g" /etc/krb5.conf
[realms]                               |       %s/kerberos/linux2               |       sed -i "s/kerberos/linux2/g"   /etc/krb5.conf
SKILLS.LAN = {                           |                                       |   sed -i "18,31s/^#//g" /etc/krb5.conf       （这个指令是取消注释，以后也能用在别的地方，请我自己好好记住用法）
   kdc = linux2.skills.lan                   |                                       |       sed -i "s/EXAMPLE.COM/SKILLS.LAN" /var/kerberos/krb5kdc/kadm5.acl
   admin_server = linux2.skills.lan           |                                       |       sed -i "s/EXAMPLE.COM/SKILLS.LAN" /var/kerberos/krb5kdc/kdc.conf
                                   |                                       |
}                                   |                                       |       echo -e "Pass-123\nPass-123" | kdb5_util -r SKILLS.LAN -s       (快速输入密码创造好KDC库)
                                   |                                       |       kadmin.local addprinc -pw "Pass-123\nPass-123" root
                                   |                                       |       addprinc -randkey nfs/linux3.skills.lan
[domain_realm]                           |                                       |       firewall-cmd --add-port={88,464,749}/tcp --add-port={88.464,749}/udp --permanent
.skills.lan = SKILLS.LAN                   |                                       |       setenforce 0
skills.lan = SKILLS.LAN                   |                                       |       scp /etc/krb5.conf linux3 and linux4:/etc/
                                   |                                       |       虚拟机3和4
vim /var/kerberos/krb5kdc/kadmin.local       |                                       |       echo -e "Pass-123\nPass-123" | kinit
修改内容成SKILLS.LAN                   |                                       |       klist 查看（这一条会直接拿到钥匙）
vim /var/kerberos/krb5kdc/kdc.conf           |                                       |
修改内容成SKILLS.LAN                   |                                       |
                                   |                                       |
scp /etc/krb5kdc.conf linux3:/etc/           |                                       |
scp /etc/krb5kdc.conf linux4:/etc/           |                                       |

kadmin.local -q "addprinc root/admin"
systemctl restart kadmin krb5kdc
systemctl enable kadmin krb5kdc
kadmin.local
addprinc -randkey host/linux3.skills.lan
addprinc -randkey host/linux4.skills.lan
addprinc -randkey nfs/linux3.skills.lan
addprinc -randkey nfs/linux4.skills.lan
ktadd -k /tmp/server.keytab nfs/linux3.skills.lan
ktadd -k /tmp/client.keytab nfs/linux4.skills.lan
scp server.keytab linux3.skills.lan:/etc/krb5.keytab
scp client.keytab linux4.skills.lan:/etc/krb5.keytab
scp /etc/krb5.conf linux3.skills.lan:/etc/
scp /etc/krb5.conf linux4.skills.lan:/etc/
firewall-cmd --add-port={88,464,749}/tcp --add-port={88,464,749}/udp --per
setenforce 0

虚拟机3
yum install -y krb5-workstation pam_* pam-* nfs-utils
mkdir -p /srv/sharenfs
chmod -R 777 /srv/sharenfs
groupadd -g 2000 xiao
useradd -u 2000 -g 2000 -d /home/xiaodir xiao
kinit root/admin
klist
exit
vim /etc/exports
/srv/sharenfs *(rw,all_squash,anonuid=2000,anongid=2000,sec=krb5p)
systemctl restart nfs-server rpcbind
firewall-cmd --add-port={111,20048,2049}/tcp --add-port={111,20048,2049}/udp --per
rpcinfo -p localhost #(查看nfs端口 )

虚拟机4
yum install -y krb5-workstation pam_* pam-* nfs-utils
kadmin
ktadd nfs/linux4.skills.lan

vim /etc/auto.master
/share /etc/auto.nfs
vim /etc/auto.nfs
sharenfs -fstype=nfs,rw,all_squash,sync,krb5p linux3.skills.lan:/srv/sharenfs

mount -nfs 10.4.220.103:/srv/sharenfs /sharenfs

fstab
linux3.skills.lan:/srv/sharenfs /sharenfs nfs defaults

mysql 服务
mysql_secure_installation

mysql -uroot -p123 set names utf8;

create user xiao@localhost identified by '123456'; #创造用户并赋予权限 show grants for 用户@localhost; #查看用户的权限
grant all on *.* to xiao@localhost;

redis服务配置
yum install -y gcc-c++
yum install -y redis*

cd /usr/local
mkdir redis
cd redis
mkdir cluster
mkdir 800{1,2,3,4,5,6}
cd cluster
cp /etc/redis/redis.conf /usr/local/redis/cluster/8001/redis.conf
vim 8001/redis.conf
bind 定义为自己的IP
port 8001
daemonize yes (修改为yes，后台启动)
pidfile /var/run/redis_8001.pid (添加8001端口)
logfile /var/log/redis/redis_8001.log (添加8001端口)
/REDIS CLUSTER #命令行输入寻找
cluster-enabled yes #注释取消
cluster-config-file nodes-8001.conf #注释取消，并8001端口
cluster-node-timeout 1500 #注释取消
保存退出
cp 8001/redis.conf 8002/redis.conf
cp 8001/redis.conf 8003/redis.conf
....
cp 8001/redis.conf 8006/redis.conf

vim 8002/redis.conf
%s/8001/8002/g
vim 8003/redis.conf
%s/8001/8003/g
...
vim 8006/redis.conf
%s/8001/8006/g

ps -ef | grep redis #查看redis服务
redis-server 8001/redis.conf #启动对应redis端口服务，以相对路径启用
redis-server 8002/redis.conf
....
redis-server 8006/redis.conf

redis-cli --cluster create --cluster-replicas 1 10.4.220.105:8001 10.4.220.105:8002 10.4.220.105:8003 10.4.220.105:8004 10.4.220.105:8005 10.4.220.105:8006 #创造集群

redis-cli -h 10.4.220.105 -p 8001 info #查看对应端口的状态
...

redis-cli -h 10.4.220.105 -c -p 8001 #登录端口测试
...