RH134
文章目录
1. ks
anaconda-ks.cfg
install method
| ID | site | type |
|---|---|---|
| 1 | local | cdrom, hard |
| 2 | remote | http, ftp, nfs |
bootloader
| ID | soft |
|---|---|
| 1 | grub2 |
| 2 | grub |
| 3 | lilo |
zerombr
# dd if=/dev/zero of=/dev/vda bs=446 count=1
part
| ID | type | comments |
|---|---|---|
| 1 | / | must |
| 2 | /boot | kernel |
| 3 | swap | performance |
script
%post
useradd tom
echo ttt | passwd --stdin tom
%end
packages
%packages
@core
chrony
-NetworkManager
%end
system-config-kickstart
[foundation0]
# yum -y install system-config-kickstart
# system-config-kickstart --generate ks-gen.cfg
# system-config-kickstart /root/anaconda-ks.cfg
Topology
| ID | host | role | s1 | s2 | file | s3 | ks |
|---|---|---|---|---|---|---|---|
| 1 | classroom | server | dhcp | tftp | syslinux | http+cdrom | ks.cfg |
| 2 | desktop | client | ip | img |
[foundation0]
$ scp ~kiosk/Desktop/ks.cfg root@c:/var/www/html/pub
$ ssh root@c 'chmod o+r /var/www/html/pub/ks.cfg'
$ ssh root@c 'ls -l /var/www/html/pub/ks.cfg'
$ rht-vmctl view desktop
[desktop0]
Restart
Esc, 4
Select Install Red Hat Enterprise 7.0
Tab, Spaceks=http://c/pub/ks.cfgEnter
note:
# ssh root@c 'ls /var/lib/tftpboot/pxelinux.cfg/default'
2. grep
# cat /etc/fstab
# grep UUID /etc/fstab
-n
# grep -n UUID /etc/fstab
# grep -n UUID /etc/fstab | grep xfs
.*
# grep UUID.*xfs /etc/fstab
-i
# grep -i uuid /etc/fstab
-r
# grep -r BOOTPRO /usr/share/doc/
-A, -B, -C
# ip a s eth0
# ip a s eth0 | grep 'inet '
# ip a s eth0 | grep -A 1 'inet '
# ip a s eth0 | grep -B 1 'inet '
# ip a s eth0 | grep -C 1 'inet '
# lspci
# lspci -vv
# lspci -vv | grep Ether
# lspci -vv | grep -A 10 Ether
^, $
# grep ^$ /etc/fstab
# cat /etc/selinux/config | tee file | grep -v ^$ | grep -v \#
expression
# grep ^root /etc/passwd; grep tom /etc/passwd
# grep -e ^root -e tom /etc/passwd
# grep -E '^root|tom' /etc/passwd
# egrep '^root|tom' /etc/passwd
3. vim
pkg
# yum list vim-common vim-enhanced vim-minimal
config
# ls /etc/vimrc ~/.vimrc
# echo set number >> ~/.vimrc
# vim /etc/selinux/config
history
# vim ~/.viminfo
# vim
:help
:help I
O
I12i3a45A
o
| delete | yank | paste | |
|---|---|---|---|
| c | x | vy | P,p |
| w | dw | yw | |
| l | dd | yy | |
| m | 3dd | 3yy | 10p |
| ^ | d^ | y^ | |
| $ | d$ | y$ | |
| gg | dgg | ||
| G | dG |
# vim
:help usr_08.txt
:split
:split /etc/fstab
:vsplit
Ctrl+w, h|j|k|l
| ID | key | |
|---|---|---|
| 1 | v, hjkl | visual |
| 2 | Ctrl+v, j, I, #Space, Esc | 多行注释 |
| 3 | Ctrl+v, j, x | 多行注释删除 |
| 4 | R | 连续替换 |
| 5 | w | 光标跳到前一个单词 |
| 6 | b | 光标跳到后一个单词 |
| 7 | q: | 查询末行模式历史 |
lastline
# vim
:set
:set number
:set nonumber
:set sw=4 ts=4
:syntax off
:syntax on
:nohl
:w path/file
:e /etc/fstab
:e!
:x
:s/#/$
:s/#/$/g
:3,5s/#/$/g
:3,$s/#/$/g
:3,$s/#/$/gc
:!command
:r /etc/selinux/config
:r!grep ^SELINUX= /etc/selinux/config
4. cron
at
# systemctl status atd
# at now +1 min
mkdir /folder
touch /folder/$(date +%H%M).txt
<Ctrl+D>
# date
# atq
# ls -ld /folder/{.,*}
# echo "mkdir wjj && touch wjj/wj.txt" | at now +5 min
# atq
# date
# ls /var/spool/at/a00002018ad51e
# tail /var/spool/at/a00002018ad51e
# atrm 2
# atq
cron
# systemctl status crond
- file=root
# ls -l /etc/crontab
# vim /etc/crontab
...
30 14 * * * tom echo haha
- cmd=user
# man 5 crontab
# crontab -e
40 14 * * * echo hehe
1 */1 * * * echo xia ke over
# crontab -l
# ls /var/spool/cron/root
# tail /var/spool/cron/root
# su - student
$ crontab -e
1 */1 * * * echo xia ke
$ crontab -l
$ <Ctrl+D>
# crontab -l -u student
cron.deny
# echo student >> /etc/cron.deny
# su - student -c 'crontab -e'
5. nice
renice
# ps ef
# ps efo pid,nice,command
# dd if=/dev/zero of=/dev/null bs=1K &
# ps efo pid,nice,command
# renice -n 19 31763
# ps efo pid,nice,command
# renice -n -20 8891
# ps efo pid,nice,command
# renice -n 10 31763
# ps efo pid,nice,command
# kill -9 31763
nice
# nice -n 19 dd if=/dev/zero of=/dev/null bs=2K &
# ps efo pid,nice,command
# killall dd
6. facl
getfacl
# ls -ld /folder
# getfacl /folder
# setfacl -m u:tom:rwx /folder
# ls -ld /folder
# getfacl /folder
setfacl
-m
# getfacl /folder/
# chmod o=rwx /folder/
# getfacl /folder/
# setfacl -m o::rx /folder/
# getfacl /folder/
# setfacl -m u:tom:rx,g:tom:x,o::- /folder/
# getfacl /folder/
-x
# setfacl -x u:tom /folder/
# getfacl /folder/
-b
# setfacl -b /folder/
# getfacl /folder/
-d, d: (default=future)
# getfacl /folder/
# setfacl -m u:tom:rwx /folder/
# getfacl /folder/
# mkdir /folder/wjj
# getfacl /folder/wjj
# setfacl -m d:u:tom:rwx /folder
# getfacl /folder
# mkdir /folder/wjj.new
# ls -l /folder/
# getfacl /folder/wjj.new/
# setfacl -d -m g:tom:rwx /folder
# getfacl /folder
# mkdir /folder/wjj.group
# getfacl /folder/wjj.new/
# setfacl -R -m u:tom:rwx,g:tom:rwx /folder/
# getfacl /folder/*
mask
# getfacl /folder/
# setfacl -m m::rx /folder/
# getfacl /folder/
# setfacl -m u:student:rwx /folder/
# getfacl /folder/
7. selinux
| ID | type | selinux | |
|---|---|---|---|
| 1 | filesystem | chmod, chown, setfacl | semanage fcontext … |
| 2 | service | vim /etc/*.conf | setsebool -P … |
| 3 | firewall | firewall-cmd | semanage port … |
| 4 | selinux | 1+2+3 | vim /etc/selinux/config |
config
# ps auxZ
# ps auxZ | head -n 2
# vim /etc/selinux/config
...
SELINUX=permissive
# getenforce
# setenforce
# setenforce 0
# getenforce
# vim /etc/selinux/config
...
SELINUX=enforcing
# getenforce
# setenforce 1
# getenforce
OPERATION:
/per, yw, /=, p, D, ZZ
fcontext
[classroom]
# ls -Z /var/www/html/pub/ .
# echo hello > index.html
# ls -Z index.html
# cp index.html /var/www/html/pub/cp.html
# mv index.html /var/www/html/pub/mv.html
# ls -Z /var/www/html/pub/*.html
[foundation0]
Alt+F2, http://c/pub
semanage fcontext
[desktop0]
# yum search samba
# yum -y install samba samba-common samba-client
# rpm -qc samba-common
# mkdir /common
# vim /etc/samba/smb.conf
...
[game]
path = /common
public = yes
# rpm -ql samba | grep service
# systemctl restart smb
# systemctl enable smb
# smbclient -L //d0 -N
# smbclient //d0/game -N
smb: \> ls
smb: \> quit
# grep chcon /etc/samba/smb.conf
# man semanage fcontext | grep \#
# semanage fcontext -a -t samba_share_t "/common(/.*)?"
# restorecon -R -v /common
# smbclient //d0/game -N
smb: \> ls
smb: \> quit
setsebool
[desktop0]
# smbclient -L //d0 -N
# smbpasswd -a student
ss
ss
# smbclient -L //d0 -U student%ss
# smbclient //d0/student -U student%ss
smb :\> ls
smb :\> quit
# getsebool -a
# getsebool -a | grep samba
# getsebool samba_enable_home_dirs
# setsebool -P samba_enable_home_dirs on
# smbclient //d0/student -U student%ss
smb :\> ls
smb :\> quit
semanage port
[desktop0]
# yum search http
# yum list httpd
# yum -y install httpd
# rpm -qc httpd
# vim /etc/httpd/conf/httpd.conf
# egrep -n '^Listen|^DocumentRoot|^ .*DirectoryIndex' /etc/httpd/conf/httpd.conf
# echo Hello > /var/www/html/index.html
# systemctl restart httpd
# systemctl enable httpd
# curl http://d0
# sed -i '/^Listen/s/80/8089/' /etc/httpd/conf/httpd.conf
# egrep -n '^Listen|^DocumentRoot|^ .*DirectoryIndex' /etc/httpd/conf/httpd.conf
# systemctl restart httpd || echo no
# systemctl status httpd
# systemctl status httpd -l
# vim /var/log/messages
<G>, <Ctrl>+<F>
# man semanage port
/-a, /EXAM
# semanage port -l
# semanage port -l | grep 80
# semanage port -l | grep 80 | grep http
# man semanage port | grep \#
# semanage port -a -t http_port_t -p tcp 8089
# systemctl restart httpd
# curl http://d0:8089
8. ldap
Topology
| ID | host | role | user |
|---|---|---|---|
| 1 | classroom | ldap-server | ldapuser{0…20} |
| 2 | desktop | ldap-client |
ldap+ldap (GUI)
[foundation0]
$ ssh -X root@d0
[desktop0]
# firefox &
# yum search auth
# yum list authconfig-gtk
# yum -y install authconfig-gtk
# authconfig-gtk &
User Account Congiguration
User Account Database:LDAP
InstallInstallForce Install,
InstallInstallForce Install,
Cancel
User Account Congiguration
User Account Database:LDAP
LDAP Search Base DN:dc=example,dc=com
LDAP Server:ldap://classroom.example.com
- use TLS to encrypt connections
Download CA Certificate… /
http://classroom.example.com/pub/example-ca.crtAuthentication Configuration
Authentication Method:
LDAP password
Apply
# getent passwd ldapuser0
# id ldapuser0
# ssh ldapuser0@localhost
password
$
ldap+kerberos (GUI)
[desktop0]
Authentication Configuration
Authentication Method: Kerberos password
Realm: EXAMPLE.COM
KDC: classroom.example.com
Admin Servers: classroom.example.com
-
Use DNS to locate KDCs for realms
Apply
# id ldapuser0
# ssh ldapuser0@localhost
kerberos
$
ldap+kerberos (CLI)
[desktop0]
# authconfig \
--enableldap \
--enableldaptls \
--ldapserver=ldaps://classroom.example.com \
--ldapbasedn=dc=example,dc=com \
--ldaploadcacert=http://classroom.example.com/pub/example-ca.crt \
--enablekrb5 \
--krb5realm=EXAMPLE.COM \
--krb5kdc=classroom.example.com \
--krb5adminserver=classroom.example.com \
--enablesssd \
--enablesssdauth \
--enablemkhomedir \
--update
9. disk
type
| ID | 2TB | sum | primary | extend*1 | Logical | |
|---|---|---|---|---|---|---|
| 1 | mbr | < | 15 | 4 | pri*(4-1)+ext*1 | |
| 2 | gpt | >= | 128 | 128 | - | - |
| ID | cmd | arg | comment |
|---|---|---|---|
| 1 | lsblk | - | 判断硬盘 |
| 2 | fdisk | /dev/vda | 分区 |
| 3 | mkfs.xfs | mkswap | /dev/vda1 | 格式化分区 |
| 4 | mkdir | /mnt/folder | 挂载点 |
| 5 | vim | /etc/fstab | 永久生效 |
| 6 | mount | swapon | -a | 立即生效 |
| 7 | df | free | -h | 确认 |
xfs
[desktop0]
# lsblk
# fdisk /dev/vda
m,
n, Enter, Enter, Enter, +2G,
p, w
# mkfs.xfs /dev/vda1
# blkid /dev/vda1
mouse select ,Ctrl+Shift+C
# mkdir /mnt/xfs
# man fstab
# vim /etc/fstab
...
<Ctrl+Shift+V> /mnt/xfs xfs defaults 1 2
# mount -a
# df -h /mnt/xfs
swap - partition
# lsblk
# fdisk /dev/vda
n, Enter, Enter, Enter, +3G
t, Enter, l, 82
p, w
# partprobe
# partprobe /dev/vda
# mkswap /dev/vda2
mouse select, Ctrl+Shift+C
# vim /etc/fstab
...
<Ctrl+Shift+V> swap swap defaults 0 0
# free -h && echo no
# swapon -a
# free -h
swap - file
# df -h
# dd if=/dev/zero of=/pagefile.sys bs=40M count=10
# mkswap /pagefile.sys
# vim /etc/fstab
...
/pagefile.sys none swap defaults 0 0
# swapon -a
# free -h
# swapoff /pagefile.sys
# free -h
# chmod 600 /pagefile.sys
# swapon -a
# free -h
# swapon -s
10. lvm
| ID | ||
|---|---|---|
| 1 | lv | partition |
| 2 | vg | disk |
| 3 | pv | slice |
| 4 | disk | partition |
create
# lsblk
# fdisk /dev/vda << EOF
n
e
n
+1G
w
EOF
# partprobe
# pvcreate -h
# pvcreate /dev/vda5
# pvs
# pvscan
# pvdisplay
# vgcreate -h
# vgcreate datastorage /dev/vda5
# vgs
# vgscan
# vgdisplay
# vgremove datastorage
# vgcreate -s 16M datastorage /dev/vda5
# vgdisplay
# vgchange -s 8M datastorage
# vgchange -s 32M datastorage || echo no
# vgdisplay
# vgchange -s 16M datastorage
# vgs
# pvs
# lvcreate -h
# lvcreate -l 50 datastorage
# lvs
# lvscan
# lvdisplay
# lvremove /dev/datastorage/lvol0
# lvdisplay
# lvcreate -l 50 -n database datastorage
# lvdisplay
# mkfs.ext4 /dev/datastorage/database
# blkid /dev/datastorage/database
# mkdir /mnt/measure
# vim /etc/fstab
...
UUID="C843-99C4" /mnt/measure ext4 defaults 0 2
# mount -a
# df -h /mnt/measure/
extend
# vgdisplay
# lsblk
# echo -e "n\nl\n\n+300M\nw\n" | fdisk /dev/vda
# partprobe
# lsblk
# pvcreate /dev/vda6
# vgextend -h
# vgextend datastorage /dev/vda6
# vgs
# lvextend -h
# lvextend -L 1200M /dev/datastorage/database
# lvdisplay
# df -h /mnt/measure/ && echo no
# blkid /dev/mapper/datastorage-database
-ext4
# resize2fs -h
# resize2fs /dev/datastorage/database
# df -h /mnt/measure
-xfs
# xfs_growfs -h
# xfs_growfs /mnt/measure
# df -h /mnt/measure
remove
# umount /mnt/measure/
# sed -i '/ext4/d' /etc/fstab
# rm -rf /mnt/measure/
# lvs
# lvremove /dev/datastorage/database
# lvs
# vgs
# vgreduce datastorage /dev/vda5 /dev/vda6
# vgremove datastorage
# vgs
# pvs
# pvremove /dev/vda[56]
# pvs
# echo -e "d\nd\nd\nd\n\w\n" | fdisk /dev/vda
# partprobe
11. nfs
| ID | nfs | samba |
|---|---|---|
| 1 | like Unix, host | Windows, user |
| 2 | directory | directory |
| m3 | showmount -e ip | smbclient -L //ip -N |
| c4 | mount ip:sharename /folder1 | mount //ip/sharename /folder2 |
| c5 | - | smbclient //ip/share -N |
| m1 | /etc/fstab | /etc/fstab |
| m2 | autofs | autofs |
Topo
| ID | host | role | dns |
|---|---|---|---|
| 1 | classroom | server | c |
| 2 | desktop | client | d0 |
mount
[desktop0]
# showmount -e c
# mkdir /mnt/m1
# mount c:/home/guests /mnt/m1
# findmnt /mnt/m1
# ls /mnt/m1
# mount | grep m1
# umount /mnt/m1
# findmnt /mnt/m1
fstab
[desktop0]
# showmount -e classroom
# mkdir /mnt/m2
# man fstab
# vim /etc/fstab
...
classroom:/home/guests /mnt/m2 nfs sync 0 0
# mount -a
# findmnt /mnt/m2
# umount /mnt/m2
# sed -i '/m2/d' /etc/fstab
# cat -n /etc/fstab
autofs
[desktop0]
ldap+ldap
# yum -y install authconfig sssd krb5-workstation
authconfig \
--enableldap \
--enableldaptls \
--ldapserver=ldaps://classroom.example.com \
--ldapbasedn=dc=example,dc=com \
--ldaploadcacert=http://classroom.example.com/pub/example-ca.crt --enableldapauth \
--enablesssd \
--enablesssdauth \
--update
# id ldapuser19
# getent passwd ldapuser19
# ssh ldapuser19@localhost
yes
password
$ <Ctrl+D>
autofs
# yum search autofs
# yum list autofs
# yum -y install autofs
# yum list autofs
# rpm -qc autofs
# vim /etc/auto.master
...
/home/guests /etc/auto.ldap
# cp /etc/auto.misc /etc/auto.ldap
# vim /etc/auto.ldap
* -vers=3 classroom:/home/guests/&
# rpm -ql autofs | grep service
# systemctl list-unit-files | grep autofs
# systemctl restart autofs
# systemctl enable autofs
# ssh ldapuser0@localhost
kerberos
$ findmnt /home/guests
$ findmnt /home/guests/ldapuser0
$ <Ctrl+D>
# ssh ldapuser8@localhost
kerberos
$ findmnt /home/guests
$ findmnt /home/guests/ldapuser8
$ <Ctrl+D>
12. samba
| ID | host | role | pkg | |
|---|---|---|---|---|
| 1 | classroom | server | -N | samba, samba-common |
| 2 | desktop | client | guest | samba-client, cifs-utils |
[classroom]
yum -y install samba
mkdir /devops
semanage fcontext -a -t samba_share_t "/devops(/.*)?"
restorecon -R -v /devops
chmod o+w /devops/
cat >> /etc/samba/smb.conf <<EOF
[devops]
path = /devops
public = yes
writable = yes
EOF
systemctl restart smb
systemctl enable smb
firewall-cmd --permanent --add-service=samba --zone=classroom
firewall-cmd --reload
[desktop0]
smbclient
# yum provides smbclient
# yum list samba-client
# yum -y install samba-client
# smbclient -L //c -N
# smbclient //c/devops -N
Anonymous login successful
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]
smb: \> ls
smb: \> put anaconda-ks.cfg
smb: \> ls
smb: \> exit
fstab
# yum search cifs
# yum list cifs-utils
# yum -y install cifs-utils
# yum list cifs-utils
# man mount.cifs
/guest
# mkdir /mnt/smb
# vim /etc/fstab
...
//c/devops /mnt/smb cifs guest 0 0
# mount -a
# findmnt /mnt/smb
# cp /etc/fstab /mnt/smb/
# ssh root@c 'ls -l /devops'
autofs
# vim /etc/auto.master
...
/samba /etc/auto.samba
# cp /etc/auto.misc /etc/auto.samba
# vim /etc/auto.samba
devops -fstype=cifs,guest ://c/devops
# systemctl restart autofs
# ls /samba/
# ls /samba/devops
# findmnt /samba/devops
13. boot
systemctl target
# systemctl get-default
# systemctl set-default multi-user.target
# systemctl get-default
# reboot
# systemctl set-default graphical.target
# systemctl get-default
# init 6
# systemctl isolate multi-user.target
# systemctl isolate graphical.target
single
<Restart>
<upArrow>
<e>
linux16 ...<Space>rd.break console=tty0
<Ctrl>+<x>
# mount | grep sysroot
# mount -o remount,rw /sysroot
# mount | grep sysroot
# chroot /sysroot
# echo mima | passwd --stdin root
# touch /.autorelabel
# <Ctrl>+<D>
# <Ctrl>+<D>
root%mima
# ls -a /.autorelabel || echo no
rescue
destroy
# lsblk
# dd if=/dev/zero of=/dev/vda bs=446 count=1
Tip: Booting from Hard Disk ...
restore
Ctrl+Alt+Del
Esc, 4
Troubleshooting
Rescue a Red Hat Enterprise Linux system
Continue, OK, OK
# chroot /mnt/sysimage
# lsblk
# grub2-install /dev/vda
# <Ctrl>+<D>
# <Ctrl>+<D>
Note: 512/0=446/mbr+64/dpt+2
14. firewall
firewall-cmd
# ss -antup | grep 22
# systemctl status firewalld
# firewall-cmd --get-active-zones
# firewall-cmd --get-default-zone
# firewall-cmd --list-all
# firewall-cmd --permanent --add-service=samba
# firewall-cmd --permanent --add-service=nfs --add-service=rpc-bind --add-service=mountd
# firewall-cmd --permanent --add-service=http --add-service=https
# firewall-cmd --permanent --add-port=8089/tcp
# firewall-cmd --permanent --add-port=3260/tcp
# vim /etc/firewalld/zones/public.xml
# firewall-cmd --list-all --permanent
# firewall-cmd --list-all
# firewall-cmd --reload
# firewall-cmd --list-all
# firewall-cmd --permanent --remove-service=samba
# firewall-cmd --permanent --remove-service=nfs --remove-service=rpc-bind --remove-service=mountd
# firewall-cmd --permanent --remove-service=http --remove-service=https
# firewall-cmd --permanent --remove-port=8089/tcp
# firewall-cmd --permanent --remove-port=3260/tcp
# firewall-cmd --reload
# firewall-cmd --list-all
firewall-conf
Configuration: `Permanent`
Options: `reload`
Configuration: `Runtime`
Append
Internet
[foundation0]
NIC2: NAT
ens38: connect
# nmcli dev status
# ip a s ens38 | grep inet.*213
# grep "nameserver.*213" /etc/resolv.conf
# ping -c 4 www.easthome.com
EPEL
[foundation0]
# yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
# yum repolist
# yum search mail
# yum list | grep -i ^ev
grub2.cfg
destroy
# rpm -qc grub2
# rm -rf /boot/grub2.grub.cfg
Tip: grub>
restore
rescue
# grub2-mkconfig -o /boot/grub2/grub.cfg
sed
-add,insert
# cat -n /etc/selinux/config
# sed '/^SELINUX=/aoneline' /etc/selinux/config
# cat /etc/selinux/config
# sed -i '/^SELINUX=/aoneline' /etc/selinux/config
# cat /etc/selinux/config
# sed -i '/^SELINUX=/iupline' /etc/selinux/config
# cat /etc/selinux/config
# sed -i '1i firstline' /etc/selinux/config
# cat /etc/selinux/config -n
# sed -i.bk '$a lastline' /etc/selinux/config
# cat -n /etc/selinux/config
# ls /etc/selinux/config*
# diff /etc/selinux/config.bk /etc/selinux/config
-delete
# sed -i '1d' /etc/selinux/config
# head /etc/selinux/config
# sed -i '/line/d' /etc/selinux/config
# cat /etc/selinux/config -n
-switch
# sed -i '/^SELINUX=/s/=.*/=permissive/' /etc/selinux/config
# grep ^SELINUX= /etc/selinux/config
# sed -i '/^SELINUX=/s/$/ hehe/' /etc/selinux/config
# grep ^SELINUX= /etc/selinux/config
# sed -i '/^SELINUX=/s/ hehe//' /etc/selinux/config
# grep ^SELINUX= /etc/selinux/config
594
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
