赛题
2.1.3、DISK:安装配置软件形态RAID5 (mdadm)及磁盘加密
· 在虚拟机上,新建四块大小为10GB的虚拟硬盘,挂载到Debian 系统上;分别为sdb,sdc,sdd,sde;
· 创建raid 5 md0组,模式为三个磁盘,一个为热备;
· 挂载md0 到系统中创建的/backup 文件夹下;
· 系统启动自动挂载md0 RAID磁盘;
· 创建一块新的磁盘,sdf,对该卷进行磁盘加密,解锁密码为“Skills46”,映射到/dev/mapper/crypt 分区上;格式化成ext4分区;挂载到/mut/crypt 下;配置开机自动挂载;
1.添加磁盘
reboot重启主机
root@lnxserver1:~# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda 8:0 0 20G 0 disk
├─sda1 8:1 0 19G 0 part /
├─sda2 8:2 0 1K 0 part
└─sda5 8:5 0 975M 0 part [SWAP]
sdb 8:16 0 10G 0 disk
sdc 8:32 0 10G 0 disk
sdd 8:48 0 10G 0 disk
sde 8:64 0 10G 0 disk
sr0 11:0 1 45.1G 0 rom
2.安装服务
apt install -y mdadm
3.创建配置raid5
root@lnxserver1:~# mdadm -Cv /dev/md0 -n3 -l5 /dev/sd[b-d]
创建热备盘
root@lnxserver1:~# mdadm /dev/md0 -a /dev/sde
mdadm: added /dev/sde
扩展命令
mdadm -D /dev/md0(查看创建的raid)
mdadm /dev/md0 -f /dev/sdb(停用磁盘)
mdadm /dev/md0 -r /dev/sdb(移除磁盘)
4.格式化并自动挂载
root@lnxserver1:~# mkdir /backup
root@lnxserver1:~# mkfs.ext4 /dev/md0
mke2fs 1.44.5 (15-Dec-2018)
Creating filesystem with 5238272 4k blocks and 1310720 inodes
Filesystem UUID: 943efaa2-fb61-4b5b-ba51-24989ecfb055
Superblock backups stored on blocks:
32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208,
4096000
Allocating group tables: done
Writing inode tables: done
Creating journal (32768 blocks): done
Writing superblocks and filesystem accounting information: done
root@lnxserver1:~# mount /dev/md0 /backup/
系统启动自动挂载
root@lnxserver1:~# vim /etc/fstab
/dev/md0 /backup ext4 rw 0 0
root@lnxserver1:~# mount -a 刷新挂载,有错会报错
root@lnxserver1:~# df -h 查看挂载
Filesystem Size Used Avail Use% Mounted on
udev 1.5G 0 1.5G 0% /dev
tmpfs 298M 5.0M 293M 2% /run
/dev/sda1 19G 3.8G 14G 22% /
tmpfs 1.5G 0 1.5G 0% /dev/shm
tmpfs 5.0M 4.0K 5.0M 1% /run/lock
tmpfs 1.5G 0 1.5G 0% /sys/fs/cgroup
tmpfs 298M 28K 298M 1% /run/user/116
tmpfs 298M 0 298M 0% /run/user/0
/dev/md0 20G 45M 19G 1% /backup
5.加密磁盘
安装服务
root@lnxserver1:~# apt install -y cryptsetup
在磁盘上建立分区
root@lnxserver1:/dev/mapper# fdisk /dev/sdf
Command (m for help): n
#一直回车,可以用p查看,然后w保存退出
Command (m for help): p
Disk /dev/sdf: 10 GiB, 10737418240 bytes, 20971520 sectors
Disk model: VMware Virtual S
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0xbd9b7e1e
Device Boot Start End Sectors Size Id Type
/dev/sdf1 2048 20971519 20969472 10G 83 Linux
Command (m for help): w
加密分区
root@lnxserver1:~# cryptsetup luksFormat /dev/sdf1
WARNING!
========
This will overwrite data on /dev/sdf irrevocably.
Are you sure? (Type uppercase yes): YES #大写YES
Enter passphrase for /dev/sdf:
Verify passphrase:
打开加密分区
root@lnxserver1:/dev/mapper# cryptsetup open /dev/sdf1 crypt
Enter passphrase for /dev/sdf1:
root@lnxserver1:/dev/mapper# ls
control crypt
格式化分区并挂载
root@lnxserver1:/dev/mapper# mkfs.ext4 /dev/mapper/crypt
root@lnxserver1:/dev/mapper# mkdir -p /mut/crypt
root@lnxserver1:/dev/mapper# mount /dev/mapper/crypt /mut/crypt
root@lnxserver1:~# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/crypt 9.8G 37M 9.3G 1% /mut/crypt
开机自动挂载
root@lnxserver1:~# vim /etc/fstab
/dev/mapper/crypt /mut/crypt ext4 defaults 0 0
root@lnxserver1:~# mount -a #检测挂载
root@lnxserver1:~# vim /etc/crypttab
crypt /dev/sdf1 /cryptpass
root@lnxserver1:~# vim /etc/cryptpass
Skills46
root@lnxserver1:~# cryptsetup luksAddKey /dev/sdf1 /cryptpass