admin 管理员组

文章数量: 887016

【无标题】我的数据中心

1、安装Xshell

2、母版设置:(安装系统的时候记得开启网络, IP a 查看网络 连接XSHELL)
安装自动补全
yum -y install vim bash-com*
所有虚机的防火墙和selinux均为关闭状态
systemctl stop firewalld
systemctl disable  firewalld

setenforce 0
vim /etc/sysconfig/selinux
SELINUX=disabled
vim /etc/issue
***********************************************   
  China DevOpsSkills 2021 by shandong          
              Module B DevOps                
                   Server [ ]           
                     >>\S<<             
                     >>\r<<            
                     >>\t<<           
          >> Kernel \r on an \m<< ************************************************
给LeEDU用户授root权限
vi /etc/sudoers
usermod -g root LeEDU

3、网卡配置信息模板:
vi /etc/sysconfig/network-scripts/ifcfg-eth0
BOOTPROTO=static
onboot=yes
IPADDR=
NETMASK=
GATEWAY=
DNS1=
DNS2=
DNS3=
4、将模板转换成模板即可,按照要求分别克隆三台服务器
5、server1:记住要在硬件那里改server1的内存
ip a
连接Xshell

vim /etc/issue
hostnamectl set-hostname 14-Server-01

hostname
首先再添加上一块网卡,留给后期的透明代理用(在硬件-网络设备那里添加)
cd /etc/sysconfig/network-scripts
vim ifcfg-eth0
BOOTPROTO=static
onboot=yes
IPADDR=
NETMASK=
GATEWAY=
DNS1=
DNS2=
DNS3=
cp -a ifcfg-eth0 ifcfg-eth1
vim ifcfg-eth1
删除uuid
NAME="eth1"
DEVICE="eth1"
IPADDR=172.16.28.1
NETMASK=255.255.255.0
systemctl restart network

6.server2:
ip a
连接Xshell
vim /etc/issue
hostnamectl set-hostname 14-Server-02
hostname
cd /etc/sysconfig/network-scripts
vim ifcfg-eth0
BOOTPROTO=static
onboot=yes
IPADDR=
NETMASK=255.255.255.0
GATEWAY=
DNS1=
DNS2=
DNS3=
systemctl restart network

7.server3:
ip a
连接Xshell
vim /etc/issue
hostnamectl set-hostname 14-Server-03
hostname
cd /etc/sysconfig/network-scripts
vim ifcfg-eth0
BOOTPROTO=static
onboot=yes
IPADDR=
NETMASK=255.255.255.0
GATEWAY=
DNS1=
DNS2=
DNS3=
systemctl restart network

8、server1:
   squid:

yum -y install squid
yum -y install iptables-* 
iptables -F
iptables -t nat -A POSTROUTING -p udp --dport 53 -o eth0 -j SNAT --to-source 192.168.1.90
(eth0的公网地址,指咱们可以上网的地址)

iptables -t nat -I PREROUTING -i eth1 -s 172.168.2.0/24 -p tcp --dport 80 -j REDIRECT --to-ports 3128
(eth1内网卡,后面跟上内网的网段)(配置http)

iptables -t nat -I PREROUTING -i eth1 -s 172.168.2.0/24 -p tcp --dport 443 -j REDIRECT --to-ports 3129
(配置https)

iptables -t nat -A POSTROUTING -o eth0 -s 172.168.2.0/24 -j MASQUERADE
(转发所有网段)
service iptables save

cd /etc/squid
rm squid.conf
touch squid.conf
vim squid.conf
写入以下内容:
http_access allow all
http_port 3130
http_port 3128 intercept
https_port  3129 transparent ssl-bump cert=/etc/squid/ssl_cert/myCA.pem
ssl_bump splice all

mkdir -p /etc/squid/ssl_cert /var/spool/squid

chown squid:squid -R /var/spool/squid/

openssl req -new -newkey rsa:2048 -sha256 -days 365 -nodes -x509 -keyout /etc/squid/ssl_cert/myCA.pem -out /etc/squid/ssl_cert/myCA.pem -subj "/C=DE/ST=BW/CN=squid"

/usr/lib64/squid/ssl_crtd -c -s /var/spool/squid/ssl_db

echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf

sysctl -p
systemctl restart squid
启动squid和firewalld
systemctl start squid iptables 
systemctl enable squid iptables
squid -z加载配置

server2端测试:
curl


DHCP:
yum -y install dhcp*

vim /etc/dhcp/dhcpd.conf

进入后输入:shift+r   /usr/share/doc/dhcp*/dhcpd.conf.example(复制的链接)


option domain-name "example";(删除这行)

option domain-name-servers ns1.example, ns2.example;(将ns1与ns2改为域名地址,第一个是内网的网关)
default-lease-time 21600;
max-lease-time 43200;

找到这个位置:
# A slightly different configuration for an internal subnet.

subnet 172.16.28.0 netmask 255.255.255.0 {
  range 172.16.28.100 172.16.28.200;
  option routers 172.16.28.1;
}
(这里删掉只留这三句)
systemctl start dhcpd
systemctl enable dhcpd

desk客户端的测试:
yum -y install dhclient 
dhclient -r eth0 
dhclient -d eth0

DNS:
yum -y install bind bind-utils bind-chroot

vim /etc/named.conf
进来后找到标黄的:options 
把里面的两处改为any
listen-on port 53 { any ;};
 allow-query     { any; };

vim /etc/named.rfc1912.zones
进入后走到最后(改成这样):
zone "28.16.172.in-addr.arpa" IN {
        type master;
        file "172.16.28.arpa";
        allow-update { none; };
};

zone "LeEDU.Local." IN {
        type master;
        file "LeEDU.Local.zone";
        allow-update { none; };
};


进入到named 下面查看正向与反向解释文件,分别复制文件named.localhost、named.loopback为LeEDU.Local.zone、192.168.26.arpa
cd /var/named
ls
cp -a named.localhost ./LeEDU.Local.zone
cp -a named.loopback ./172.16.28.arpa


vim LeEDU.Local.zone

$TTL 1D
@       IN SOA  LeEDU.Local. rname.invalid. (
                                        0       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
          NS      ns.LeEDU.Local.     
ns      A       172.16.28.1
www A       172.16.28.1 (对齐加顶格)

(不要忘了Local 后带着点)


vim 172.16.28.arpa


$TTL 1D
@       IN SOA  LeEDU.Local. rname.invalid. (
                                        0       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
        NS      LeEDU.Local.
ns      A       172.16.28.1
1       PTR     LeEDU.Local.
1       PTR     www.LeEDU.Local.
1       PTR     bbs.LeEDU.Local.
(不要忘了小数点,对其加顶格)
完成客户端的配置:
安装客户端软件
yum -y install bind-utils

cat /etc/resolv.conf

nslookup

www.LeEDU.Local


192.168.26.1


NFS:


yum -y install nfs-utils rpcbind
systemctl start rpcbind 
systemctl  enable rpcbind
systemctl start nfs 
systemctl enable nfs

mkdir -p /data/share/datashare
vim /etc/exports(这是自己创建的新文件)
/data/share/datashare 172.168.2.0/24(rw,sync,root_squash)
(这是内网的主机号,也是后面的挂载点)

exportfs -rv
showmount -e localhost

客户端测试:
yum -y install nfs-utils rpcbind
systemctl enable rpcbind
mkdir /ztong:
mount -t nfs 172.168.2.1:/data/share/datashare /ztong (标红部分是地址不是网络号)
df -Th


Web Server:

yum -y install httpd
systemctl start httpd
systemctl enable httpd

cd /data/share/datashare
mkdir www
touch  index .html
vi    index.html
在文件下随便写一句话
代表是网页


修改网站的根目录
vim /etc/httpd/conf/httpd.conf

 DocumentRoot"/data/share/datashare/www"  修改这个位置
 /Docu可以搜索

# Further relax access to the default document root: 
<Directory "/data/share/datashare/www">
(改这两个地方)

chmod -R 755 /data
systemctl restart httpd

客户端:
cat /etc/resolv.conf 查看域名服务器

ping 域名服务器看看通不通
ping www.LeEDU.Local

curl  www.LeEDU.Local

dhclient -r eth0
dhclient -d eth0

DB Server
yum -y  install mariadb-server
systemctl start mariadb
systemctl enable mariadb
首次安装需要进行数据库的配置,命令都和mysql的一样
mysql_secure_installation
Enter current password for root (enter for none): # 输入数据库超级管理员root的密码(注意不是系统root的密码),第一次进入还没有设置密码则直接回车

Set root password? [Y/n] # 设置密码,y

New password: # 新密码
Re-enter new password: # 再次输入密码

Remove anonymous users? [Y/n] # 移除匿名用户, y

Disallow root login remotely? [Y/n] # 拒绝root远程登录,n,不管y/n,都会拒绝root远程登录

Remove test database and access to it? [Y/n] # 删除test数据库,y:删除。n:不删除,数据库中会有一个test数据库,一般不需要

Reload privilege tables now? [Y/n] # 重新加载权限表,y。或者重启服务也许

测试是否能够登录成功,出现  MariaDB [(none)]> 就表示已经能够正常登录使用MariaDB数据库了
mysql -u root -p
登陆成功后写如授权命令
GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY 'LeEDUSkill@21!' WITH GRANT OPTION;
quit退出数据库
systemctl status mariadb.service


搭建本地源:
                                                                                    
mount /dev/cdrom /data/share/datashare/www/yum
cd  /etc/yum.repos.d
vim test.repo 
[test]
name=test 
baseurl=http://192.168.26.1/yum 
enabled=1 
gpgcheck=0
yum makecache
yum repolist

客户端也要
1、进入 /etc/yum.repos.d中写仓库
cd /etc/yum.repos.d
vim test.repo 
[test]
name=test 
baseurl=http://192.168.26.1/yum 
enabled=1 
gpgcheck=0
2、yum clean all
3、yum makecache
4、 yum repolist  即可看到本地软件源


server2:

NTP
1、安装启动
yum -y install chrony
systemctl start chronyd
systemctl enable chronyd
systemctl status chronyd  查看状态
2、vim /etc/chrony.conf
删除这四条
server 0.centos.pool.ntp iburst
server 1.centos.pool.ntp iburst
server 2.centos.pool.ntp iburst
server 3.centos.pool.ntp iburst
改成:
server time1.aliyun iburst
server time2.aliyun iburst

# Allow NTP client access from local network.
#allow 192.168.0.0/16  (找到这个地方将这句话的注释去掉,改成内网的网段)
改成这样:allow 172.16.28.0/24
可以将下面这句话的注释去掉或者直接写上
local stratum 10

3、
systemctl start chronyd
systemctl enable chronyd 
chronyc sources 查看同步源


客户端:
三台都要做
yum -y install chrony 
vim /etc/chrony.conf
写入:
删除原来的四个server加上这句话:
server 172.168.2.10


systemctl restart chronyd 
systemctl enable chronyd
chronyc sources
crontab -e
*/3 * * * * ntpdate 172.16.28.10
crontab -l
chronyc tracking >/dev/null


SAMBA
yum -y install samba

vim /etc/samba/smb.conf
进入【global】
只留global前三行
[global]
        workgroup = SAMBA
        security = user
        passdb backend = tdbsam

其余按DD删除后,继续在后面写
[DataShare] 
comment=gagaga 
path=/data/share/datashare
public=yes 
writable=yes
保存退出

mkdir -p /data/share/datashare
chmod -R 755 /data 
useradd -s /sbin/nologin tatsuya
useradd -s /sbin/nologin miyuki
echo 'LeEDUSkill@21!'|passwd --stdin 'tatsuya' 
echo 'LeEDUSkill@21!'|passwd --stdin 'miyuki'
pdbedit -a -u tatsuya
pdbedit -a -u miyuki

setfacl -m u:tatsuya:rw /data/share/datashare/
setfacl -m u:miyuki:rw /data/share/datashare/
getfacl /data/share/datashare
systemctl start smb
systemctl enable smb

客户端测试:

yum -y install samba-client 
smbclient -U tatsuya -L 172.16.28.10


FTP:

yum -y install vsftpd
vim /etc/vsftpd/vsftpd.conf
开启匿名访问
anonymous_eanble=YES

开启chroot,并添加一条参数
allow_writeable_chroot=YES

chroot_local_user=YES
chroot_list_enable=YES
# (default follows)
chroot_list_file=/etc/vsftpd/chroot_list
cd /etc/vsftpd/
touch chroot_list
 

本文标签: 无标题我的数据中心

版权声明:本文标题:【无标题】我的数据中心 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.freenas.com.cn/jishu/1732351683h1533253.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。