CentOS7.0基础配置

专题：关闭防火墙

[root@localhost ~]# systemctl stop firewalld.service
[root@localhost ~]# systemctl disable firewalld.service
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
Removed symlink /etc/systemd/system/basic.target.wants/firewalld.service.
[root@localhost ~]# vim /etc/selinux/config
[root@localhost ~]# cat /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
#设置selinux = disabled
#SELINUX=enforcing
SELINUX=disabled
# SELINUXTYPE= can take one of three two values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected.
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

参考：http://blog.csdn.net/bingoxubin/article/details/78503370

专题：修改主机名和配置hosts的文件

一 实战

master

[root@localhost ~]# cat /etc/hostname
master
[root@localhost ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.0.110 master
192.168.0.111 slave1
192.168.0.112 slave2

slave1

[root@localhost ~]# cat /etc/hostname 
slave1
[root@localhost ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.0.110 master
192.168.0.111 slave1
192.168.0.112 slave2

sleve2

[root@localhost ~]# cat /etc/hostname
slave2
[root@localhost ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.0.110 master
192.168.0.111 slave1
192.168.0.112 slave2

二 参考

http://blog.csdn.net/qq_20480611/article/details/51017033

http://blog.itpub.net/35489/viewspace-741883/

专题：Linux集群配置SSH互信

一 应用场景

当你搭建linux集群环境的时候，从一个节点登录到另一个节点，通过ssh方式，每次登录跳转都需要输入密码，这样造成非常不便，其实可以通过配置SSH互信，来实现集群节点间的免密码登录跳转。

二 功能简介

公钥认证的基本思想： 对信息的加密和解密采用不同的key，这对key分别称作private key和public key，其中，public key存放在欲登录的服务器上，而private key为特定的客户机所持有。当客户机向服务器发出建立安全连接的请求时，首先发送自己的public key，如果这个public key是被服务器所允许的，服务器就发送一个经过public key加密的随机数据给客户机，这个数据只能通过private key解密，客户机将解密后的信息发还给服务器，服务器验证正确后即确认客户机是可信任的，从而建立起一条安全的信息通道。通过这种方式，客户机不需要向外发送自己的身份标志“private key”即可达到校验的目的，并且private key是不能通过public key反向推断出来的。这避免了网络窃听可能造成的密码泄露。客户机需要小心的保存自己的private key，以免被其他人窃取，一旦这样的事情发生，就需要各服务器更换受信的public key列表。

简言之，当我们在搭建集群过程中，在集群中机器间相互通信的时候，会不断的提示你输入通信机器的密码，然而当我们建立起集群间的ssh互信后，任意两台机器之间可以无密码的方便通信。

三 核心思想

配置ssh互信的核心思想如下：

首先，在要配置互信的机器上，生成各自的经过认证的key文件；

其次，将所有的key文件汇总到一个总的认证文件中；

将这个包含了所有互信机器认证key的认证文件，分发到各个机器中去；

验证互信。

四 操作步骤

在主机名为mgm，data1，data2，data3，sql1，sql2的节点间创建ssh互信。

1. 创建公钥秘钥

在每个节点上创建 RSA 密钥和公钥，输入如下命令，一路回车。

mkdir ~/.ssh （如果目录存在，就不必要创建）

chmod  700 ~/.ssh

cd ~/.ssh

ssh-keygen -t rsa

2. 修改hosts文件

在整合公钥之前我们需要修改mgm的hosts文件。

在mgm节点输入命令：

并添加下图中的信息

vim /etc/hosts

[root@localhost ~]# cat /etc/hosts

127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4

::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

192.168.0.101 mgm

192.168.0.102 data1

192.168.0.103 data2

192.168.0.104 data3

192.168.0.105 sql1

192.168.0.106 sql2

3. 整合公钥文件

# 在mgm节点上执行以下命令：

cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys

ssh data1 cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys

ssh data2 cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys

ssh data3 cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys

ssh sql1 cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys

ssh sql2 cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys

chmod 600 ~/.ssh/authorized_keys

4. 分发整合后的公钥文件

# 在mgm节点上执行以下命令

scp ~/.ssh/authorized_keys  data1:~/.ssh/

scp ~/.ssh/authorized_keys  data2:~/.ssh/

scp ~/.ssh/authorized_keys  data3:~/.ssh/

scp ~/.ssh/authorized_keys  sql1:~/.ssh/

scp ~/.ssh/authorized_keys  sql2:~/.ssh/

5. 分发hosts文件

# 然后我们需要将我们在mgm节点上配置的hosts文件分发到所有的节点上：

# 我们在mgm节点上输入如下命令：

scp /etc/hosts data1:/etc

scp /etc/hosts data2:/etc

scp /etc/hosts data3:/etc

scp /etc/hosts sql1:/etc

scp /etc/hosts sql2:/etc

6. 测试ssh互信

# 在各个节点上运行以下命令，若不需要输入密码就显示系统当前日期，就说明SSH互信已经配置成功了。

在mgm节点上输入以下命令：

ssh data1 date

ssh data2 date

ssh data3 date

ssh sql1 date

ssh sql2 date

# 然后分别对data1 data2 data3 sql1 sql2节点分别输入以下命令：

ssh data1 date

ssh data2 date

ssh data3 date

ssh sql1 date

ssh sql2 date

ssh mgm date

五 实战
在主机master、slave1、slave2的节点间创建SSH互信
1、在各个节点创建RSA 密钥和公钥
master

[root@localhost ~]# chmod  700 ~/.ssh
[root@localhost ~]# cd ~/.ssh
[root@localhost .ssh]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
c7:e2:7f:9b:86:90:bd:24:74:ce:e1:32:4e:13:e1:94 root@#localhost.localdomain
master
The key's randomart image is:
+--[ RSA 2048]----+
|         .       |
|        E        |
|       o .       |
|        +.o      |
|       .SOo.     |
|       .Oo*      |
|       o.B o     |
|        ..o o.   |
|          .oo.   |
+-----------------+

slave1

[root@localhost ~]# chmod  700 ~/.ssh
[root@localhost ~]# cd ~/.ssh
[root@localhost .ssh]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
/root/.ssh/id_rsa already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
9e:2f:d9:dd:1b:6d:dd:ea:d9:77:a9:cb:52:2f:85:52 root@#localhost.localdomain
slave1
The key's randomart image is:
+--[ RSA 2048]----+
|                 |
|                 |
|                 |
|             E   |
|        S   . .  |
|       . . . o oo|
|        oo .o.+ *|
|        o...o..Oo|
|         .. .=O.+|
+-----------------+

slave2

[root@localhost ~]# chmod 700 ~/.ssh
[root@localhost ~]# cd ~/.ssh
[root@localhost .ssh]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
/root/.ssh/id_rsa already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
b8:c0:76:36:16:01:68:e8:3f:3e:1a:dc:a9:26:3b:23 root@#localhost.localdomain
slave2
The key's randomart image is:
+--[ RSA 2048]----+
| . ....          |
|. o    .         |
|..    .          |
| . .   o         |
|  . + * S        |
|. .+.= o         |
| o.o. .          |
|E.oo             |
|=*. .            |
+-----------------+

2. 整合公钥文件
# 在master节点上执行以下命令：

[root@localhost .ssh]# cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
[root@localhost .ssh]# ssh slave1 cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
\S
Kernel \r on an \m
root@slave1's password: 
[root@localhost .ssh]# ssh slave2 cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
\S
Kernel \r on an \m
root@slave2's password: 
[root@localhost .ssh]# chmod 600 ~/.ssh/authorized_keys
[root@localhost .ssh]# cat authorized_keys 
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDcll6yFjKBP6I30u5plno8khY9Z28WygXpDr1RHX5lunEr8oqjzno/UcN/bMzee0Q+lV+Yt8Blt2TWWp1h+9Y1epgej0NPMcBcttk+2Spaz70Ob7jcVdp8z/r+ZA9UvDxBslA61pcGyY4k/M/zqVlQ/Z1LkvGHxFZjwiVjcbEstkHb89j6ULVjPyEzvrIEiIHdZEUa8d/BebdmHDdWkYM5p1yoZigKTnxQuafzrt0FCuHHdMSIYj6bJDUk3RiCbS17gnSdyfR6uCGRJvHAOgfL19iH5kzO4d6Co6hoPBNnDuIWJmRFZiVA+4yDYMY/tk33dvo5WAYi05h0l6ZfRYCj root@#localhost.localdomain
master
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC11ipoblFG1S7Jlk6ZUKD4++fFZAAbXtZ0OL/EDYxt7yMHg+o1uIcCF22s9JYC5EL4cLp8ovRiaq4UH6pRfHNQRStYQlkODrz8F8CWNC5HAFWtrdPgaGk5x02EyJ2Q4exNHr3XpCjuFYBgAdI9zArgsB53sz0STHSVt/MgvMNvtEG4hYIygweW7ci9CNUXWdeIepgk2qtF/1JhjrHyZIawfOCdzoHHnZhCzzQWUdzxY3C6bW5eAoYZFgpCA7d36zEX3hSd0SvH/Thkh5/+2KK+FFE6kstFrnpIHb9aqhJzNW74x2+urwcP35eyh6eMBSU3Tn825PEntMI8IpbaOC8t root@#localhost.localdomain
slave1
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDXewggv3WPU4cu7Dx8nnL+1gNX7Cb0E6fEdyA89QwqHx10rihnHTUchSUaJcwHF0JOFWCIc4IIarrQmTZ82Q3t7eOKGeZzGlyfztK8XZHJN0DHmcMUFiQGtuZ8wJ2gBvZN/3nQaOaos85pGIXm4WmDOoS856vx4z2EOn6vjSY7jwyUHX7+y2qmW6noWWqqE2peEYq98LpXLBOiy1t8W4xAzjE/rSeVfZQ+0LyFY+YOsY3IdnkZFI8zWbtn9opsss0YbtpFUsY0JRbxGYgNVERs8HzxV6mxfTm9FFUYasklnsIPcfz30UYROMEE+OAXAkScFerUuGwMi4wdZCgFW/dP root@#localhost.localdomain
slave2

3 分发整合后的公钥文件
在master节点上执行以下命令

[root@localhost .ssh]# scp ~/.ssh/authorized_keys  slave1:~/.ssh/
\S
Kernel \r on an \m
root@slave1's password: 
authorized_keys                                                                          100% 1248     1.2KB/s   00:00    
[root@localhost .ssh]# scp ~/.ssh/authorized_keys  slave2:~/.ssh/
\S
Kernel \r on an \m
root@slave2's password: 
authorized_keys                                                                          100% 1248     1.2KB/s   00:00 

4. 测试ssh互信
# 在各个节点上运行以下命令，若不需要输入密码就显示系统当前日期，就说明SSH互信已经配置成功了。
ssh master date
ssh slave1 date
ssh slave2 date
master节点：

[root@localhost .ssh]# ssh master date
\S
Kernel \r on an \m
Sun Dec 10 10:47:10 CST 2017
[root@localhost .ssh]# ssh slave1 date
\S
Kernel \r on an \m
Sun Dec 10 10:47:15 CST 2017
[root@localhost .ssh]# ssh slave2 date
\S
Kernel \r on an \m
Sun Dec 10 10:47:21 CST 2017

slave1节点：

[root@localhost .ssh]# ssh master date
\S
Kernel \r on an \m
Sun Dec 10 10:47:26 CST 2017
[root@localhost .ssh]# ssh slave1 date
\S
Kernel \r on an \m
Sun Dec 10 10:47:34 CST 2017
[root@localhost .ssh]# ssh slave2 date
\S
Kernel \r on an \m
Sun Dec 10 10:47:39 CST 2017

slave2节点：

[root@localhost .ssh]# ssh master date
\S
Kernel \r on an \m
Sun Dec 10 10:47:44 CST 2017
[root@localhost .ssh]# ssh slave1 date
\S
Kernel \r on an \m
Sun Dec 10 10:47:46 CST 2017
[root@localhost .ssh]# ssh slave2 date
\S
Kernel \r on an \m
Sun Dec 10 10:47:52 CST 2017