综合架构--6--rsync--inotify-crond
01-网路基础
01. 什么是路由交换
交换机: 实现在同一个局域网内多台主机之间的通讯
路由器: 实现不同局域网之间主机的通讯
02. 路由的配置方法
静态路由
动态路由
03. OSI7层模型
数据封装与解封装
04. TCP/UDP协议
TCP三次握手
TCP四次挥手
TCP十一种状态集转换(扩展)
05. 网络的重要原理
DNS解析原理 域名--IP地址
补充: 反向DNS解析 IP地址---域名
ARP解析原理 IP地址---MAC地址
06. IP地址划分
IP地址的分类
IP地址的子网划分方法
07. linux系统中路由配置
静态默认网关路由
静态网段路由
静态主机路由02-中小规模网站架构组成
1) 顾客--用户
访问网站的人员
2) 保安--防火墙 (firewalld)
进行访问策略控制
3) 迎宾--负载均衡服务器 (nginx)
对用户的访问请求进行调度处理
4) 服务员---web服务器 (nginx)
处理用户的请求
5) 厨师---数据库服务器 (mysql)
存储的字符数据 (耳机 500 索尼 黑色 北京地址 订单时间2019-05-05 13:00)
6) 厨师---存储服务器 (nfs)
存储图片 音频 视频 附件等数据信息
7) 厨师---备份服务器 (rsync+crond-定时备份 rsync+sersync--实时备份)
存储网站所有服务器的重要数据
8) 厨师---缓存服务器 (memcache redis mongodb)
a 将数据信息存储到内存中
b 减缓服务器的压力
9) 经理---批量管理服务器 (ansible)
批量管理多台服务器主机部署网站架构
部署网站架构:
1) 需要解决网站架构单点问题
迎宾: 高可用服务---keepalived
数据库: 高可用服务---mha
存储服务: 高可用服务---keepalived实现
高可用服务---分布式存储
备份服务:
面试题: 公司的数据是如何备份
1) 利用开源软件实现数据备份 rsync(免费)
2) 利用企业网盘进行数据备份 七牛云存储
3) 利用自建备份存储架构 两地三中心
缓存服务: 高可用服务--- 缓存服务集群/哨兵模式
2) 内部员工如何远程访问架构
部署搭建VPN服务器 PPTP vpn
https://blog.oldboyedu.com/pptp-l2tp/
3) 内部员工操作管理架构服务器要进行审计
跳板机服务器 jumpserver
https://jumpserver.readthedocs.io/zh/docs/setup_by_centos.html
4) 架构中服务器出现问题需要进行提前报警告知
部署监控服务器 zabbix03-综合架构规划
主机名称和IP地址规划
01. 防火墙服务器 firewalld 10.0.0.81(外网地址) 172.16.1.81(内外地址) 软件: firewalld
02. 负载均衡服务器 lb01 10.0.0.5 172.16.1.5 软件: nginx keepalived
03. 负载均衡服务器 lb02 10.0.0.6 172.16.1.6 软件: nginx keepalived
04. web服务器 web01 10.0.0.7 172.16.1.7 软件: nginx
05. web服务器 web02 10.0.0.8 172.16.1.8 软件: nginx
06. web服务器 web03 10.0.0.9(存储) 172.16.1.9 软件: nginx
07. 数据库服务器 db01 10.0.0.51 172.16.1.51 软件: mysql(慢) mariaDB
08. 存储服务器 nfs01 10.0.0.31 172.16.1.31 软件: nfs
09. 备份服务器 backup 10.0.0.41 172.16.1.41 软件: rsync
10. 批量管理服务器 m01 10.0.0.61 172.16.1.61 软件: ansible
11. 跳板机服务器 jumpserver 10.0.0.71(61) 172.16.1.71 软件: jumpserver
12. 监控服务器 zabbix 10.0.0.72(61) 172.16.1.72 软件: zabbix
先把路走通,再进行变通
*10. 缓存服务器 忽略
可根据实际情况调整04-制作模版机+克隆
模版机操作
1. 模板机优化配置---hosts文件配置
\cp /etc/hosts{,.bak}
cat >/etc/hosts<<EOF
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
172.16.1.5 lb01
172.16.1.6 lb02
172.16.1.7 web01
172.16.1.8 web02
172.16.1.9 web03
172.16.1.51 db01
172.16.1.31 nfs01
172.16.1.41 backup
172.16.1.61 m01
EOF
2. 模板机优化配置---更改yum源
#更改yum源
mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup &&\
curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
yum install -y wget
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
PS:yum repolist 列出yum源信息;讲解什么是epel源
3. 模板机优化配置---关闭selinux
#关闭selinux
sed -i.bak 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
grep SELINUX=disabled /etc/selinux/config
setenforce 0
getenforce
4. 模板机优化配置---关闭iptables
#关闭iptables centos7
systemctl stop firewalld
systemctl disable firewalld
systemctl status firewalld
5. 模板机优化配置---提权oldboy可以sudo (可选配置)
#提权oldboy可以sudo(可选配置)
useradd oldboy
echo 123456|passwd --stdin oldboy
\cp /etc/sudoers /etc/sudoers.ori
echo "oldboy ALL=(ALL) NOPASSWD: ALL " >>/etc/sudoers
tail -1 /etc/sudoers
visudo -c
6. 模板机优化配置---英文字符集
#英文字符集
localectl set-locale LANG="en_US.UTF-8"
7. 模板机优化配置---时间同步
#时间同步
yum install -y ntpdate
echo '#time sync by lidao at 2017-03-08' >>/var/spool/cron/root
echo '*/5 * * * * /usr/sbin/ntpdate ntp1.aliyun.com >/dev/null 2>&1' >>/var/spool/cron/root
crontab -l
8. 模板机优化配置---加大文件描述
yum install -y lsof
lsof -i:22
#加大文件描述
echo '* - nofile 65536' >>/etc/security/limits.conf
tail -1 /etc/security/limits.conf
说明:
一个服务程序运行起来,会打开相应的文件
crond定时任务服务---systemctl start crond --- 打开相应文件
/var/spool/cron/root --- 加载打开配置文件
/var/log/cron --- 加载打开日志文件
9. 模板机优化配置---安装其他小软件
#安装其他小软件
yum install lrzsz nmap tree dos2unix nc telnet wget lsof ntpdate bash-completion bash-completion-extras -y
10. 模板机优化配置---ssh连接速度慢优化
#ssh连接速度慢优化
sed -i.bak 's@#UseDNS yes@UseDNS no@g;s@^GSSAPIAuthentication yes@GSSAPIAuthentication no@g' /etc/ssh/sshd_config
systemctl restart sshd克隆
1. 进行模板机快照拍摄
2. 进行虚拟主机克隆
创建链接克隆 (学习环境)
优势:
a 节省物理主机资源
b 克隆主机效率快
劣势:
a 模板主机删除,链接主机也会失效
创建完整克隆 (企业应用)
优势:
a 模板主机删除,克隆主机依然可以使用
劣势:
a 比较消耗物理主机资源
b 克隆主机效率低
3. 克隆后虚拟主机配置
a 修改主机名称
hostnamectl set-hostname backup
b 修改主机地址
sed -i 's#200#41#g' /etc/sysconfig/network-scripts/ifcfg-eth[01]
grep 41 /etc/sysconfig/network-scripts/ifcfg-eth[01]
sed -i '/UUID/d' /etc/sysconfig/network-scripts/ifcfg-eth[01]
grep UUID /etc/sysconfig/network-scripts/ifcfg-eth[01]
systemctl restart network
PS: 一台一台顺序启动,进行修改,不要同时启动补充
补充: 克隆好的主机无法远程连接:
解决方式:
01. 利用ping方式测试
02. 关闭xshell软件重新打开05-备份服务器说明
作用:
01. 数据备份的服务器
02. 进行日志统一保存
[root@nfs01 backup]# grep -r oldboy /backup/
/backup/10.0.0.7_bak/oldboy.log:oldboy
如何部署搭建备份服务器: rsync服务06-什么是rsync服务
Rsync是一款开源的、快速的、多功能的、可实现全量及增量的本地或远程数据同步备份的优秀工具07-rsync软件使用方法:
rsync命令 1v4
a 本地备份数据 cp
[root@nfs01 backup]# cp /etc/hosts /tmp
[root@nfs01 backup]# rsync /etc/hosts /tmp/
b 远程备份数据 scp
scp -rp /etc/hosts root@172.16.1.41:/backup
root@172.16.1.41's password:
hosts 100% 371 42.8KB/s 00:00
-r --- 递归复制传输数据
-p --- 保持文件属性信息不变
[root@nfs01 ~]# rsync -rp /etc/hosts 172.16.1.41:/backup/hosts_rsync
root@172.16.1.41's password:
rsync远程备份目录:
[root@nfs01 ~]# rsync -rp /oldboy 172.16.1.41:/backup --- 备份的目录后面没有 /
root@172.16.1.41's password:
面试题: 有一个存储数据信息的目录, 目录中数据存储了50G数据, 如何将目录中的数据快速删除
rm /目录/* -rf08-rsync命令语法格式
SYNOPSIS
Local: rsync [OPTION...] SRC... [DEST]
本地备份数据:
src: 要备份的数据信息
dest: 备份到什么路径中
远程备份数据:
Access via remote shell:
Pull: rsync [OPTION...] [USER@]HOST:SRC... [DEST]
[USER@] --- 以什么用户身份拉取数据(默认以当前用户)
hosts --- 指定远程主机IP地址或者主机名称
SRC --- 要拉取的数据信息
dest --- 保存到本地的路径信息
Push: rsync [OPTION...] SRC... [USER@]HOST:DEST
SRC --- 本地要进行远程传输备份的数据
[USER@] --- 以什么用户身份推送数据(默认以当前用户)
hosts --- 指定远程主机IP地址或者主机名称
dest --- 保存到远程的路径信息
守护进程方式备份数据 备份服务
01. 可以进行一些配置管理
02. 可以进行安全策略管理
03. 可以实现自动传输备份数据
Access via rsync daemon:
Pull: rsync [OPTION...] [USER@]HOST::SRC... [DEST]
rsync [OPTION...] rsync://[USER@]HOST[:PORT]/SRC... [DEST]
Push: rsync [OPTION...] SRC... [USER@]HOST::DEST
rsync [OPTION...] SRC... rsync://[USER@]HOST[:PORT]/DEST
rsync命令是一个远程数据同步工具,可通过LAN/WAN快速同步多台主机间的文件。rsync使用所谓的“rsync算法”来使本地和远程两个主机之间的文件达到同步,这个算法只传送两个文件的不同部分,而不是每次都整份传送,因此速度相当快。 rsync是一个功能非常强大的工具,其命令也有很多功能特色选项,我们下面就对它的选项一一进行分析说明。
语法
rsync [OPTION]... SRC DEST
rsync [OPTION]... SRC [USER@]host:DEST
rsync [OPTION]... [USER@]HOST:SRC DEST
rsync [OPTION]... [USER@]HOST::SRC DEST
rsync [OPTION]... SRC [USER@]HOST::DEST
rsync [OPTION]... rsync://[USER@]HOST[:PORT]/SRC [DEST]
对应于以上六种命令格式,rsync有六种不同的工作模式:
拷贝本地文件。当SRC和DES路径信息都不包含有单个冒号":"分隔符时就启动这种工作模式。如:rsync -a /data /backup
使用一个远程shell程序(如rsh、ssh)来实现将本地机器的内容拷贝到远程机器。当DST路径地址包含单个冒号":"分隔符时启动该模式。如:rsync -avz *.c foo:src
使用一个远程shell程序(如rsh、ssh)来实现将远程机器的内容拷贝到本地机器。当SRC地址路径包含单个冒号":"分隔符时启动该模式。如:rsync -avz foo:src/bar /data
从远程rsync服务器中拷贝文件到本地机。当SRC路径信息包含"::"分隔符时启动该模式。如:rsync -av root@192.168.78.192::www /databack
从本地机器拷贝文件到远程rsync服务器中。当DST路径信息包含"::"分隔符时启动该模式。如:rsync -av /databack root@192.168.78.192::www
列远程机的文件列表。这类似于rsync传输,不过只要在命令中省略掉本地机信息即可。如:rsync -v rsync://192.168.78.192/www
选项
-v, --verbose 详细模式输出。
-q, --quiet 精简输出模式。
-c, --checksum 打开校验开关,强制对文件传输进行校验。
-a, --archive 归档模式,表示以递归方式传输文件,并保持所有文件属性,等于-rlptgoD。
-r, --recursive 对子目录以递归模式处理。
-R, --relative 使用相对路径信息。
-b, --backup 创建备份,也就是对于目的已经存在有同样的文件名时,将老的文件重新命名为~filename。可以使用--suffix选项来指定不同的备份文件前缀。
--backup-dir 将备份文件(如~filename)存放在在目录下。
-suffix=SUFFIX 定义备份文件前缀。
-u, --update 仅仅进行更新,也就是跳过所有已经存在于DST,并且文件时间晚于要备份的文件,不覆盖更新的文件。
-l, --links 保留软链结。
-L, --copy-links 想对待常规文件一样处理软链结。
--copy-unsafe-links 仅仅拷贝指向SRC路径目录树以外的链结。
--safe-links 忽略指向SRC路径目录树以外的链结。
-H, --hard-links 保留硬链结。
-p, --perms 保持文件权限。
-o, --owner 保持文件属主信息。
-g, --group 保持文件属组信息。
-D, --devices 保持设备文件信息。
-t, --times 保持文件时间信息。
-S, --sparse 对稀疏文件进行特殊处理以节省DST的空间。
-n, --dry-run现实哪些文件将被传输。
-w, --whole-file 拷贝文件,不进行增量检测。
-x, --one-file-system 不要跨越文件系统边界。
-B, --block-size=SIZE 检验算法使用的块尺寸,默认是700字节。
-e, --rsh=command 指定使用rsh、ssh方式进行数据同步。
--rsync-path=PATH 指定远程服务器上的rsync命令所在路径信息。
-C, --cvs-exclude 使用和CVS一样的方法自动忽略文件,用来排除那些不希望传输的文件。
--existing 仅仅更新那些已经存在于DST的文件,而不备份那些新创建的文件。
--delete 删除那些DST中SRC没有的文件。
--delete-excluded 同样删除接收端那些被该选项指定排除的文件。
--delete-after 传输结束以后再删除。
--ignore-errors 及时出现IO错误也进行删除。
--max-delete=NUM 最多删除NUM个文件。
--partial 保留那些因故没有完全传输的文件,以是加快随后的再次传输。
--force 强制删除目录,即使不为空。
--numeric-ids 不将数字的用户和组id匹配为用户名和组名。
--timeout=time ip超时时间,单位为秒。
-I, --ignore-times 不跳过那些有同样的时间和长度的文件。
--size-only 当决定是否要备份文件时,仅仅察看文件大小而不考虑文件时间。
--modify-window=NUM 决定文件是否时间相同时使用的时间戳窗口,默认为0。
-T --temp-dir=DIR 在DIR中创建临时文件。
--compare-dest=DIR 同样比较DIR中的文件来决定是否需要备份。
-P 等同于 --partial。
--progress 显示备份过程。
-z, --compress 对备份的文件在传输时进行压缩处理。
--exclude=PATTERN 指定排除不需要传输的文件模式。
--include=PATTERN 指定不排除而需要传输的文件模式。
--exclude-from=FILE 排除FILE中指定模式的文件。
--include-from=FILE 不排除FILE指定模式匹配的文件。
--version 打印版本信息。
--address 绑定到特定的地址。
--config=FILE 指定其他的配置文件,不使用默认的rsyncd.conf文件。
--port=PORT 指定其他的rsync服务端口。
--blocking-io 对远程shell使用阻塞IO。
-stats 给出某些文件的传输状态。
--progress 在传输时现实传输过程。
--log-format=formAT 指定日志文件格式。
--password-file=FILE 从FILE中得到密码。
--bwlimit=KBPS 限制I/O带宽,KBytes per second。
-h, --help 显示帮助信息。
实例
SSH方式
首先在服务端启动ssh服务:
service sshd start
启动 sshd: [确定]
使用rsync进行同步
接下来就可以在客户端使用rsync命令来备份服务端上的数据了,SSH方式是通过系统用户来进行备份的,如下:
rsync -vzrtopg --progress -e ssh --delete work@172.16.78.192:/www/* /databack/experiment/rsync
work@172.16.78.192's password:
receiving file list ...
5 files to consider
test/
a
0 100% 0.00kB/s 527:35:41 (1, 20.0% of 5)
b
67 100% 65.43kB/s 0:00:00 (2, 40.0% of 5)
c
0 100% 0.00kB/s 527:35:41 (3, 60.0% of 5)
dd
100663296 100% 42.22MB/s 0:00:02 (4, 80.0% of 5)
sent 96 bytes received 98190 bytes 11563.06 bytes/sec
total size is 100663363 speedup is 1024.19
上面的信息描述了整个的备份过程,以及总共备份数据的大小。
后台服务方式
启动rsync服务,编辑/etc/xinetd.d/rsync文件,将其中的disable=yes改为disable=no,并重启xinetd服务,如下:
vi /etc/xinetd.d/rsync
#default: off
# description: The rsync server is a good addition to an ftp server, as it \
# allows crc checksumming etc.
service rsync {
disable = no
socket_type = stream
wait = no
user = root
server = /usr/bin/rsync
server_args = --daemon
log_on_failure += USERID
}
/etc/init.d/xinetd restart
停止 xinetd: [确定]
启动 xinetd: [确定]
创建配置文件,默认安装好rsync程序后,并不会自动创建rsync的主配置文件,需要手工来创建,其主配置文件为“/etc/rsyncd.conf”,创建该文件并插入如下内容:
vi /etc/rsyncd.conf
uid=root
gid=root
max connections=4
log file=/var/log/rsyncd.log
pid file=/var/run/rsyncd.pid
lock file=/var/run/rsyncd.lock
secrets file=/etc/rsyncd.passwd
hosts deny=172.16.78.0/22
[www]
comment= backup web
path=/www
read only = no
exclude=test
auth users=work
创建密码文件,采用这种方式不能使用系统用户对客户端进行认证,所以需要创建一个密码文件,其格式为“username:password”,用户名可以和密码可以随便定义,最好不要和系统帐户一致,同时要把创建的密码文件权限设置为600,这在前面的模块参数做了详细介绍。
echo "work:abc123" > /etc/rsyncd.passwd
chmod 600 /etc/rsyncd.passwd
备份,完成以上工作,现在就可以对数据进行备份了,如下:
rsync -avz --progress --delete work@172.16.78.192::www /databack/experiment/rsync
Password:
receiving file list ...
6 files to consider
./ files...
a
0 100% 0.00kB/s 528:20:41 (1, 50.0% of 6)
b
67 100% 65.43kB/s 0:00:00 (2, 66.7% of 6)
c
0 100% 0.00kB/s 528:20:41 (3, 83.3% of 6)
dd
100663296 100% 37.49MB/s 0:00:02 (4, 100.0% of 6)
sent 172 bytes received 98276 bytes 17899.64 bytes/sec
total size is 150995011 speedup is 1533.75
恢复,当服务器的数据出现问题时,那么这时就需要通过客户端的数据对服务端进行恢复,但前提是服务端允许客户端有写入权限,否则也不能在客户端直接对服务端进行恢复,使用rsync对数据进行恢复的方法如下:
rsync -avz --progress /databack/experiment/rsync/ work@172.16.78.192::www
Password:
building file list ...
6 files to consider
./
a
b
67 100% 0.00kB/s 0:00:00 (2, 66.7% of 6)
c
sent 258 bytes received 76 bytes 95.43 bytes/sec
total size is 150995011 speedup is 452080.8709-rsync服务部署安装过程
linux系统安装部署服务流程:
a 下载安装软件 yum
b 编写配置文件
c 搭建服务环境 备份的目录/目录权限
d 启动服务程序 开机自动启动
e 测试服务功能
服务端部署(备份服务器):rsync
第一步:下载安装软件
[root@localhost ~]# yum install -y rsync
第二步:编写配置文件
[root@localhost ~]# vim /etc/rsyncd.conf
uid=rsync
gid=rsync
port=873
fake super = yes
use chroot = no
max connections= 200
timeout = 300
pid file = /var/run/rsyncd.pid
lock file = /var/run/rsync.lock
log file = /var/log/rsyncd.log
ignore errors
read only = false
list = false
hosts allow = 10.0.0.0/24
#hosts deny =
auth users = rsync_backup
secrets file = /etc/rsync.password
[backup]
comment =" welcome to RSYNC backup"
path = /backup
第三步:创建rsync服务虚拟用户
[root@localhost ~]# useradd rsync -M -s /sbin/nologin
第四步:创建rsync服务的认证密码文件并修改权限
[root@localhost ~]# echo "rsync_backup:123456">/etc/rsync.password
[root@localhost ~]# chmod 600 /etc/rsync.password
第五步:创建备份文件所需的目录并修改用户文件的属主和属组
[root@localhost ~]# mkdir /backup
[root@localhost ~]# chown rsync.rsync /backup -R
第六步:启动备份rsync服务
[root@localhost ~]# systemctl start rsyncd
[root@localhost ~]# systemctl enable rsyncd
客户端部署(网站服务器):rsync 配置文件不用改默认即可
第一步:下载安装软件
[root@localhost ~]# yum install -y rsync
第二步:创建一个密码文件
[root@localhost ~]# echo "123456" >/etc/rsync.password
[root@localhost ~]# chmod 600 /etc/rsync.password
第三步:测试用免交互方式同步文件
[root@localhost ~]# rsync -avz /oldboy/* rsync_backup@10.0.0.25::backup --password-file=/etc/rsync.password实战
0-准备环境
系统前期配置-yum+防火墙+优化
这是模版机
[root@web1 ~]# \cp /etc/hosts{,.bak}
[root@web1 ~]# cat >/etc/hosts<<EOF
> 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
> ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
> 172.16.1.5 lb01
> 172.16.1.6 lb02
> 172.16.1.7 web01
> 172.16.1.8 web02
> 172.16.1.9 web03
> 172.16.1.51 db01
> 172.16.1.31 nfs01
> 172.16.1.41 backup
> 172.16.1.61 m01
> EOF
#更改yum源
mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup &&\
curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
yum install -y wget
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
PS:yum repolist 列出yum源信息;讲解什么是epel源
3. 模板机优化配置---关闭selinux
#关闭selinux
sed -i.bak 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
grep SELINUX=disabled /etc/selinux/config
setenforce 0
getenforce
4. 模板机优化配置---关闭iptables
#关闭iptables centos7
systemctl stop firewalld
systemctl disable firewalld
systemctl status firewalld
5. 模板机优化配置---提权oldboy可以sudo (可选配置)
#提权oldboy可以sudo(可选配置)
useradd oldboy
echo 123456|passwd --stdin oldboy
\cp /etc/sudoers /etc/sudoers.ori
echo "oldboy ALL=(ALL) NOPASSWD: ALL " >>/etc/sudoers
tail -1 /etc/sudoers
visudo -c
6. 模板机优化配置---英文字符集
#英文字符集
localectl set-locale LANG="en_US.UTF-8"
7. 模板机优化配置---时间同步
#时间同步
yum install -y ntpdate
echo '#time sync by lidao at 2017-03-08' >>/var/spool/cron/root
echo '*/5 * * * * /usr/sbin/ntpdate ntp1.aliyun.com >/dev/null 2>&1' >>/var/spool/cron/root
crontab -l
8. 模板机优化配置---加大文件描述
yum install -y lsof
lsof -i:22
#加大文件描述
echo '* - nofile 65536' >>/etc/security/limits.conf
tail -1 /etc/security/limits.conf
说明:
一个服务程序运行起来,会打开相应的文件
crond定时任务服务---systemctl start crond --- 打开相应文件
/var/spool/cron/root --- 加载打开配置文件
/var/log/cron --- 加载打开日志文件
9. 模板机优化配置---安装其他小软件
#安装其他小软件
yum install lrzsz nmap tree dos2unix nc telnet wget lsof ntpdate bash-completion bash-completion-extras -y
10. 模板机优化配置---ssh连接速度慢优化
#ssh连接速度慢优化
sed -i.bak 's@#UseDNS yes@UseDNS no@g;s@^GSSAPIAuthentication yes@GSSAPIAuthentication no@g' /etc/ssh/sshd_config
systemctl restart sshd
(模版机)具体操作过程
[root@web1 ~]# \cp /etc/hosts{,.bak}
[root@web1 ~]# cat >/etc/hosts<<EOF
> 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
> ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
> 172.16.1.5 lb01
> 172.16.1.6 lb02
> 172.16.1.7 web01
> 172.16.1.8 web02
> 172.16.1.9 web03
> 172.16.1.51 db01
> 172.16.1.31 nfs01
> 172.16.1.41 backup
> 172.16.1.61 m01
> EOF
[root@web1 ~]# mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup
mv: overwrite ‘/etc/yum.repos.d/CentOS-Base.repo.backup’? y
[root@web1 ~]# curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 2523 100 2523 0 0 485 0 0:00:05 0:00:05 --:--:-- 587
[root@web1 ~]# yum install -y wget
Loaded plugins: fastestmirror
base | 3.6 kB 00:00:00
epel | 4.7 kB 00:00:00
extras | 2.9 kB 00:00:00
updates | 2.9 kB 00:00:00
(1/2): epel/x86_64/updateinfo | 1.0 MB 00:00:06
(2/2): epel/x86_64/primary_db | 7.0 MB 00:00:13
Loading mirror speeds from cached hostfile
* base: mirrors.aliyun.com
* extras: mirrors.aliyun.com
* updates: mirrors.aliyun.com
Package wget-1.14-18.el7_6.1.x86_64 already installed and latest version
Nothing to do
[root@web1 ~]# wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
--2024-03-20 09:19:38-- http://mirrors.aliyun.com/repo/epel-7.repo
Resolving mirrors.aliyun.com (mirrors.aliyun.com)... 119.96.33.222, 124.72.132.111, 124.72.132.88, ...
Connecting to mirrors.aliyun.com (mirrors.aliyun.com)|119.96.33.222|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 664 [application/octet-stream]
Saving to: ‘/etc/yum.repos.d/epel.repo’
100%[=================================================================>] 664 --.-K/s in 0s
2024-03-20 09:19:44 (75.3 MB/s) - ‘/etc/yum.repos.d/epel.repo’ saved [664/664]
[root@web1 ~]# sed -i.bak 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
[root@web1 ~]# grep SELINUX=disabled /etc/selinux/config
SELINUX=disabled
[root@web1 ~]# setenforce 0
setenforce: SELinux is disabled
[root@web1 ~]# getenforce
Disabled
[root@web1 ~]# systemctl stop firewalld
[root@web1 ~]# systemctl disable firewalld
[root@web1 ~]# systemctl status firewalld
firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled)
Active: inactive (dead)
Mar 20 09:20:25 web1 systemd[1]: Stopped firewalld - dynamic firewall daemon.
[root@web1 ~]# useradd oldboy
[root@web1 ~]# echo 123456|passwd --stdin oldboy
Changing password for user oldboy.
passwd: all authentication tokens updated successfully.
[root@web1 ~]# \cp /etc/sudoers /etc/sudoers.ori
[root@web1 ~]# echo "oldboy ALL=(ALL) NOPASSWD: ALL " >>/etc/sudoers
[root@web1 ~]# tail -1 /etc/sudoers
oldboy ALL=(ALL) NOPASSWD: ALL
[root@web1 ~]# visudo -c
/etc/sudoers: parsed OK
[root@web1 ~]# localectl set-locale LANG="en_US.UTF-8"
[root@web1 ~]# yum install -y ntpdate
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.aliyun.com
* extras: mirrors.aliyun.com
* updates: mirrors.aliyun.com
Package ntpdate-4.2.6p5-29.el7.centos.2.x86_64 already installed and latest version
Nothing to do
[root@web1 ~]# echo '#time sync by lidao at 2017-03-08' >>/var/spool/cron/root
[root@web1 ~]# echo '*/5 * * * * /usr/sbin/ntpdate ntp1.aliyun.com >/dev/null 2>&1' >>/var/spool/cron/root
[root@web1 ~]# crontab -l
*/5 * * * * /usr/sbin/ntpdate ntp1.aliyun.com >/dev/null 2>&1
#time sync by lidao at 2017-03-08
*/5 * * * * /usr/sbin/ntpdate ntp1.aliyun.com >/dev/null 2>&1
[root@web1 ~]# yum install -y lsof
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.aliyun.com
* extras: mirrors.aliyun.com
* updates: mirrors.aliyun.com
Resolving Dependencies
--> Running transaction check
---> Package lsof.x86_64 0:4.87-6.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
===========================================================================================================
Package Arch Version Repository Size
===========================================================================================================
Installing:
lsof x86_64 4.87-6.el7 base 331 k
Transaction Summary
===========================================================================================================
Install 1 Package
Total download size: 331 k
Installed size: 927 k
Downloading packages:
lsof-4.87-6.el7.x86_64.rpm | 331 kB 00:00:05
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : lsof-4.87-6.el7.x86_64 1/1
Verifying : lsof-4.87-6.el7.x86_64 1/1
Installed:
lsof.x86_64 0:4.87-6.el7
Complete!
[root@web1 ~]# lsof -i:22
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
sshd 1084 root 3u IPv4 16043 0t0 TCP *:ssh (LISTEN)
sshd 1084 root 4u IPv6 16045 0t0 TCP *:ssh (LISTEN)
sshd 2228 root 3u IPv4 18031 0t0 TCP 10.0.1.111:ssh->10.0.1.1:4767 (ESTABLISHED)
[root@web1 ~]# echo '* - nofile 65536' >>/etc/security/limits.conf
[root@web1 ~]# tail -1 /etc/security/limits.conf
* - nofile 65536
[root@web1 ~]# yum install lrzsz nmap tree dos2unix nc telnet wget lsof ntpdate bash-completion bash-completion-extras -y
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.aliyun.com
* extras: mirrors.aliyun.com
* updates: mirrors.aliyun.com
Package lrzsz-0.12.20-36.el7.x86_64 already installed and latest version
Package dos2unix-6.0.3-7.el7.x86_64 already installed and latest version
Package wget-1.14-18.el7_6.1.x86_64 already installed and latest version
Package lsof-4.87-6.el7.x86_64 already installed and latest version
Package ntpdate-4.2.6p5-29.el7.centos.2.x86_64 already installed and latest version
Resolving Dependencies
--> Running transaction check
---> Package bash-completion.noarch 1:2.1-8.el7 will be installed
---> Package bash-completion-extras.noarch 1:2.1-11.el7 will be installed
---> Package nmap.x86_64 2:6.40-19.el7 will be installed
---> Package nmap-ncat.x86_64 2:6.40-19.el7 will be installed
---> Package telnet.x86_64 1:0.17-66.el7 will be installed
---> Package tree.x86_64 0:1.6.0-10.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
===========================================================================================================
Package Arch Version Repository Size
===========================================================================================================
Installing:
bash-completion noarch 1:2.1-8.el7 base 87 k
bash-completion-extras noarch 1:2.1-11.el7 epel 123 k
nmap x86_64 2:6.40-19.el7 base 3.9 M
nmap-ncat x86_64 2:6.40-19.el7 base 206 k
telnet x86_64 1:0.17-66.el7 updates 64 k
tree x86_64 1.6.0-10.el7 base 46 k
Transaction Summary
===========================================================================================================
Install 6 Packages
Total download size: 4.5 M
Installed size: 17 M
Downloading packages:
(1/6): bash-completion-2.1-8.el7.noarch.rpm | 87 kB 00:00:05
(2/6): bash-completion-extras-2.1-11.el7.noarch.rpm | 123 kB 00:00:05
(3/6): nmap-ncat-6.40-19.el7.x86_64.rpm | 206 kB 00:00:00
(4/6): tree-1.6.0-10.el7.x86_64.rpm | 46 kB 00:00:00
(5/6): telnet-0.17-66.el7.x86_64.rpm | 64 kB 00:00:05
(6/6): nmap-6.40-19.el7.x86_64.rpm | 3.9 MB 00:00:11
-----------------------------------------------------------------------------------------------------------
Total 411 kB/s | 4.5 MB 00:00:11
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : 2:nmap-ncat-6.40-19.el7.x86_64 1/6
Installing : 1:bash-completion-2.1-8.el7.noarch 2/6
Installing : 1:bash-completion-extras-2.1-11.el7.noarch 3/6
Installing : 2:nmap-6.40-19.el7.x86_64 4/6
Installing : tree-1.6.0-10.el7.x86_64 5/6
Installing : 1:telnet-0.17-66.el7.x86_64 6/6
Verifying : 1:telnet-0.17-66.el7.x86_64 1/6
Verifying : 1:bash-completion-2.1-8.el7.noarch 2/6
Verifying : 2:nmap-ncat-6.40-19.el7.x86_64 3/6
Verifying : tree-1.6.0-10.el7.x86_64 4/6
Verifying : 1:bash-completion-extras-2.1-11.el7.noarch 5/6
Verifying : 2:nmap-6.40-19.el7.x86_64 6/6
Installed:
bash-completion.noarch 1:2.1-8.el7 bash-completion-extras.noarch 1:2.1-11.el7 nmap.x86_64 2:6.40-19.el7
nmap-ncat.x86_64 2:6.40-19.el7 telnet.x86_64 1:0.17-66.el7 tree.x86_64 0:1.6.0-10.el7
Complete!
[root@web1 ~]# sed -i.bak 's@#UseDNS yes@UseDNS no@g;s@^GSSAPIAuthentication yes@GSSAPIAuthentication no@g' /etc/ssh/sshd_config
[root@web1 ~]# systemctl restart sshd克隆这一步省略了
为什么要使用rsync?
cp 本地备份
scp 远程备份
rsync 远程备份 增量备份
优缺点
cp , scp , 和 rsync 都是 Linux 系统中用来复制或移动文件和目录的常用命令,它们各自有不同的应用场景和优缺点:
cp (copy)
优点:
- 本地操作高效: cp 是本地文件系统的复制命令,执行速度快,尤其在处理大量本地文件时效率高。
- 功能全面:支持递归复制整个目录结构,可以保留原有文件属性,并且可以通过 -p 参数保留文件权限、时间戳等元数据。
缺点:
- 非网络操作: cp 无法直接用于远程文件复制,只能在本地文件系统间操作。
scp (secure copy)
优点:
- 安全性: scp 是基于 SSH 协议的,所以在网络间复制文件时能够保证数据的安全性,加密传输。
- 简单易用:只需指定源文件/目录和目标位置,即可进行远程机器间的文件复制。
缺点:
- 全量复制:每次执行都会完整复制文件,无论文件是否有变化,因此对于大文件或已存在的未更改文件来说,可能效率较低。
- 资源占用:在网络传输过程中,特别是处理大量小文件时,可能会占用较多的网络带宽和计算资源。
rsync
优点:
- 增量复制: rsync 支持增量复制,仅传输文件的不同部分,极大地提高了复制效率,特别适合定期备份和同步任务。
- 双向同步:既可以进行单向复制,也可以进行双向同步,并且可以检查文件的一致性。
- 节省资源:通过校验机制避免无意义的传输,减少带宽消耗;同时,可通过 -z 参数启用压缩传输进一步提升效率。
- 智能删除:在某些模式下,rsync可以删除目标目录中不再存在于源目录的文件,实现真正的同步效果。
缺点:
- 首次同步较慢:由于rsync会先比较文件内容再传输,所以对于初次同步大量文件的情况,其比较阶段可能会相对较慢。
- CPU 使用率:特别是在处理小文件时,因为需要计算文件的校验值来判断差异,可能导致CPU使用率较高。
- 复杂度:相比 cp 和 scp , rsync 提供更多的选项,使用起来更复杂,需要熟悉更多参数才能发挥其全部优势。
总结:
- 当只需要在本地快速复制文件时, cp 最合适。
- 如果需要在两台远程主机间安全地传输文件,即使效率稍低, scp 仍然是首选。
- 对于大型文件、定期备份、增量同步以及希望最大程度节省资源的场景, rsync 能提供最优解决方案。1-部署rsync
环境:虚拟机
ip :10.0.1.0
网关:10.0.1.2
子网掩码:255.255.255.0
服务端ip:10.0.1.111
客户端ip:10.0.1.113服务端部署(备份服务器):rsync
第一步:下载安装软件
[root@localhost ~]# yum install -y rsync
第二步:编写配置文件
[root@localhost ~]# vim /etc/rsyncd.conf
uid=rsync
gid=rsync
port=873
fake super = yes
use chroot = no
max connections= 200
timeout = 300
pid file = /var/run/rsyncd.pid
lock file = /var/run/rsync.lock
log file = /var/log/rsyncd.log
ignore errors
read only = false
list = false
hosts allow = 10.0.1.0/24
#hosts deny =
auth users = rsync_backup
secrets file = /etc/rsync.password
[backup]
comment =" welcome to RSYNC backup"
path = /backup
第三步:创建rsync服务虚拟用户
[root@localhost ~]# useradd rsync -M -s /sbin/nologin
第四步:创建rsync服务的认证密码文件并修改权限
[root@localhost ~]# echo "rsync_backup:123456">/etc/rsync.password
[root@localhost ~]# chmod 600 /etc/rsync.password
第五步:创建备份文件所需的目录并修改用户文件的属主和属组
[root@localhost ~]# mkdir /backup
[root@localhost ~]# chown rsync.rsync /backup -R
第六步:启动备份rsync服务
[root@localhost ~]# systemctl start rsyncd
[root@localhost ~]# systemctl enable rsyncd
命令注解:
这段配置是Rsync服务器(rsyncd)的配置文件片段,通常保存在 `/etc/rsyncd.conf` 中。以下是对各项配置的解释:
- **uid = rsync**:设置rsync守护进程运行时的用户ID为rsync。
- **gid = rsync**:设置rsync守护进程运行时的组ID为rsync。
- **port = 873**:指定rsync服务监听的TCP端口号,默认为873。
- **fake super = yes**:让rsync模拟超级用户权限,以便在chroot环境下进行某些操作。
- **use chroot = no**:禁止在处理每一个模块时切换到一个独立的根目录(chroot jail),这对于某些高级用途可能不适用。
- **max connections = 200**:设置rsync服务器最大并发连接数为200。
- **timeout = 300**:设置超时时间为300秒,超过这个时间的无活动连接将被断开。
- **pid file = /var/run/rsyncd.pid**:指定rsync守护进程PID文件的位置。
- **lock file = /var/run/rsync.lock**:指定rsync锁定文件的位置,用于多进程同步。
- **log file = /var/log/rsyncd.log**:设置rsync服务器的日志文件路径。
- **ignore errors**:忽略文件传输过程中的一些错误。
- **read only = false**:设置rsync模块是否为只读,此处设置为可读写。
- **list = false**:禁止列出模块信息。
- **hosts allow = 10.0.1.0/24**:允许来自10.0.1.0/24子网的客户端连接。
- **auth users = rsync_backup**:定义允许连接的认证用户列表,此处为rsync_backup。
- **secrets file = /etc/rsync.password**:设置密码文件,其中包含允许连接的用户名及其密码。
- **[backup]**:定义一个名为"backup"的模块。
- **comment = "welcome to RSYNC backup"**:为"backup"模块添加注释信息。
- **path = /backup**:指定"backup"模块对应的本地文件系统路径为"/backup"。
总结:这是一个配置了rsync服务器允许来自10.0.1.0/24子网的客户端以用户rsync_backup的身份通过密码认证,访问本地"/backup"目录的配置文件。
客户端部署(网站服务器):rsync 配置文件不用改默认即可
第一步:下载安装软件
[root@localhost ~]# yum install -y rsync
第二步:创建一个密码文件
[root@localhost ~]# echo "123456" >/etc/rsync.password
[root@localhost ~]# chmod 600 /etc/rsync.password
第三步:测试用免交互方式同步文件
[root@localhost ~]# rsync -avz /oldboy/* rsync_backup@10.0.1.111::backup --password-file=/etc/rsync.password
具体实现过程
ip:10.0.1.111
服务端:
[root@web1 ~]# yum install -y rsync
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.aliyun.com
* extras: mirrors.aliyun.com
* updates: mirrors.aliyun.com
Resolving Dependencies
--> Running transaction check
---> Package rsync.x86_64 0:3.1.2-12.el7_9 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
===========================================================================================================
Package Arch Version Repository Size
===========================================================================================================
Installing:
rsync x86_64 3.1.2-12.el7_9 updates 408 k
Transaction Summary
===========================================================================================================
Install 1 Package
Total download size: 408 k
Installed size: 820 k
Downloading packages:
rsync-3.1.2-12.el7_9.x86_64.rpm | 408 kB 00:00:05
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : rsync-3.1.2-12.el7_9.x86_64 1/1
Verifying : rsync-3.1.2-12.el7_9.x86_64 1/1
Installed:
rsync.x86_64 0:3.1.2-12.el7_9
Complete!
[root@web1 ~]# vim /etc/rsyncd.conf
把这一串粘进去
uid=rsync
gid=rsync
port=873
fake super = yes
use chroot = no
max connections= 200
timeout = 300
pid file = /var/run/rsyncd.pid
lock file = /var/run/rsync.lock
log file = /var/log/rsyncd.log
ignore errors
read only = false
list = false
hosts allow = 10.0.1.0/24
#hosts deny =
auth users = rsync_backup
secrets file = /etc/rsync.password
[backup]
comment =" welcome to RSYNC backup"
[root@web1 ~]# useradd rsync -M -s /sbin/nologin
[root@web1 ~]# echo "rsync_backup:123456">/etc/rsync.password
[root@web1 ~]# chmod 600 /etc/rsync.password
[root@web1 ~]# mkdir /backup
[root@web1 ~]# chown rsync.rsync /backup -R
[root@web1 ~]# systemctl start rsyncd
[root@web1 ~]# systemctl enable rsyncd
ln -s '/usr/lib/systemd/system/rsyncd.service' '/etc/systemd/system/multi-user.target.wants/rsyncd.service'
客户端
ip:10.0.1.113
[root@web02 ~]# yum install -y rsync
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.aliyun.com
* extras: mirrors.aliyun.com
* updates: mirrors.aliyun.com
Resolving Dependencies
--> Running transaction check
---> Package rsync.x86_64 0:3.1.2-12.el7_9 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
===========================================================================================================
Package Arch Version Repository Size
===========================================================================================================
Installing:
rsync x86_64 3.1.2-12.el7_9 updates 408 k
Transaction Summary
===========================================================================================================
Install 1 Package
Total download size: 408 k
Installed size: 820 k
Downloading packages:
rsync-3.1.2-12.el7_9.x86_64.rpm | 408 kB 00:00:06
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : rsync-3.1.2-12.el7_9.x86_64 1/1
Verifying : rsync-3.1.2-12.el7_9.x86_64 1/1
Installed:
rsync.x86_64 0:3.1.2-12.el7_9
Complete!
[root@web02 ~]# echo "123456" >/etc/rsync.password
[root@web02 ~]# chmod 600 /etc/rsync.password
[root@web02 ~]# rsync -avz /oldboy/* rsync_backup@10.0.1.111::backup --password-file=/etc/rsync.password
sending incremental file list
rsync: change_dir "/oldboy" failed: No such file or directory (2)
sent 24 bytes received 20 bytes 8.00 bytes/sec
total size is 0 speedup is 0.00
rsync error: some files/attrs were not transferred (see previous errors) (code 23) at main.c(1179) [sender=3.1.2]
[root@web02 ~]# rsync -avz /etc/passwd rsync_backup@10.0.1.111::backup --password-file=/etc/rsync.password
sending incremental file list
passwd
sent 559 bytes received 43 bytes 92.62 bytes/sec
total size is 1,070 speedup is 1.782-实现客户端到服务端-增量备份
前提做好上面的步骤了
测试------客户端数据备份到rsync服务器端
客户端
ip:10.0.1.113
第一种方式:输入密码-进行备份
[root@web02 test]# rsync -avz /etc/hosts rsync_backup@10.0.1.111::backup
Password:
sending incremental file list
hosts
sent 215 bytes received 43 bytes 24.57 bytes/sec
total size is 352 speedup is 1.36
第二种方式:不输入密码--指定密码文件
[root@web02 ~]# cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
avahi-autoipd:x:170:170:Avahi IPv4LL Stack:/var/lib/avahi-autoipd:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
polkitd:x:999:998:User for polkitd:/:/sbin/nologin
tss:x:59:59:Account used by the trousers package to sandbox the tcsd daemon:/dev/null:/sbin/nologin
postfix:x:89:89::/var/spool/postfix:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
wang:x:1000:1000:wang:/home/wang:/bin/bash
ntp:x:38:38::/etc/ntp:/sbin/nologin
it01:x:1001:1001::/home/it01:/bin/bash
oldboy:x:1002:1002::/home/oldboy:/bin/bash
[root@web02 ~]# rsync -avz /etc/passwd rsync_backup@10.0.1.111::backup --password-file=/etc/rsync.password
sending incremental file list
passwd
sent 559 bytes received 43 bytes 92.62 bytes/sec
total size is 1,070 speedup is 1.78
服务端
ip:10.0.1.111
第一种方式:输入密码-进行备份 对应效果
[root@web1 ~]# cd /backup
[root@web1 backup]# ls
[root@web1 backup]# ls
hosts passwd
第二种方式:不输入密码--指定密码文件 对应效果
[root@web1 ~]# cd /backup
[root@web1 backup]# ls
[root@web1 backup]# ls
passwd
[root@web1 backup]# cat passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
avahi-autoipd:x:170:170:Avahi IPv4LL Stack:/var/lib/avahi-autoipd:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
polkitd:x:999:998:User for polkitd:/:/sbin/nologin
tss:x:59:59:Account used by the trousers package to sandbox the tcsd daemon:/dev/null:/sbin/nologin
postfix:x:89:89::/var/spool/postfix:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
wang:x:1000:1000:wang:/home/wang:/bin/bash
ntp:x:38:38::/etc/ntp:/sbin/nologin
it01:x:1001:1001::/home/it01:/bin/bash
oldboy:x:1002:1002::/home/oldboy:/bin/bash3-rsync配置守护进程+排除备份
准备
环境:虚拟机
ip :10.0.1.0
网关:10.0.1.2
子网掩码:255.255.255.0
服务端ip:10.0.1.111
客户端ip:10.0.1.113操作演示
服务端部署(备份服务器):rsync
第一步:下载安装软件
[root@localhost ~]# yum install -y rsync
第二步:编写配置文件
[root@localhost ~]# vim /etc/rsyncd.conf
uid=rsync
gid=rsync
port=873
fake super = yes
use chroot = no
max connections= 200
timeout = 300
pid file = /var/run/rsyncd.pid
lock file = /var/run/rsync.lock
log file = /var/log/rsyncd.log
ignore errors
read only = false
list = false
hosts allow = 10.0.1.0/24
#hosts deny =
auth users = rsync_backup
secrets file = /etc/rsync.password
[backup]
comment =" welcome to RSYNC backup"
path = /backup
第三步:创建rsync服务虚拟用户
[root@localhost ~]# useradd rsync -M -s /sbin/nologin
第四步:创建rsync服务的认证密码文件并修改权限
[root@localhost ~]# echo "rsync_backup:123456">/etc/rsync.password
[root@localhost ~]# chmod 600 /etc/rsync.password
第五步:创建备份文件所需的目录并修改用户文件的属主和属组
[root@localhost ~]# mkdir /backup
[root@localhost ~]# chown rsync.rsync /backup -R
第六步:启动备份rsync服务
[root@localhost ~]# systemctl start rsyncd
[root@localhost ~]# systemctl enable rsyncd
客户端部署(网站服务器):rsync 配置文件不用改默认即可
第一步:下载安装软件
[root@localhost ~]# yum install -y rsync
第二步:创建一个密码文件
[root@localhost ~]# echo "123456" >/etc/rsync.password
[root@localhost ~]# chmod 600 /etc/rsync.password
第三步:测试用免交互方式同步文件
[root@localhost ~]# rsync -avz /oldboy/* rsync_backup@10.0.1.111::backup --password-file=/etc/rsync.password
具体实现过程
ip:10.0.1.111
服务端:
[root@web1 ~]# yum install -y rsync
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.aliyun.com
* extras: mirrors.aliyun.com
* updates: mirrors.aliyun.com
Resolving Dependencies
--> Running transaction check
---> Package rsync.x86_64 0:3.1.2-12.el7_9 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
===========================================================================================================
Package Arch Version Repository Size
===========================================================================================================
Installing:
rsync x86_64 3.1.2-12.el7_9 updates 408 k
Transaction Summary
===========================================================================================================
Install 1 Package
Total download size: 408 k
Installed size: 820 k
Downloading packages:
rsync-3.1.2-12.el7_9.x86_64.rpm | 408 kB 00:00:05
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : rsync-3.1.2-12.el7_9.x86_64 1/1
Verifying : rsync-3.1.2-12.el7_9.x86_64 1/1
Installed:
rsync.x86_64 0:3.1.2-12.el7_9
Complete!
[root@web1 ~]# vim /etc/rsyncd.conf
把这一串粘进去
uid=rsync
gid=rsync
port=873
fake super = yes
use chroot = no
max connections= 200
timeout = 300
pid file = /var/run/rsyncd.pid
lock file = /var/run/rsync.lock
log file = /var/log/rsyncd.log
ignore errors
read only = false
list = false
hosts allow = 10.0.1.0/24
#hosts deny =
auth users = rsync_backup
secrets file = /etc/rsync.password
[backup]
comment =" welcome to RSYNC backup"
[root@web1 ~]# useradd rsync -M -s /sbin/nologin
[root@web1 ~]# echo "rsync_backup:123456">/etc/rsync.password
[root@web1 ~]# chmod 600 /etc/rsync.password
[root@web1 ~]# mkdir /backup
[root@web1 ~]# chown rsync.rsync /backup -R
[root@web1 ~]# systemctl start rsyncd
[root@web1 ~]# systemctl enable rsyncd
ln -s '/usr/lib/systemd/system/rsyncd.service' '/etc/systemd/system/multi-user.target.wants/rsyncd.service'
客户端
ip:10.0.1.113
[root@web02 ~]# yum install -y rsync
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.aliyun.com
* extras: mirrors.aliyun.com
* updates: mirrors.aliyun.com
Resolving Dependencies
--> Running transaction check
---> Package rsync.x86_64 0:3.1.2-12.el7_9 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
===========================================================================================================
Package Arch Version Repository Size
===========================================================================================================
Installing:
rsync x86_64 3.1.2-12.el7_9 updates 408 k
Transaction Summary
===========================================================================================================
Install 1 Package
Total download size: 408 k
Installed size: 820 k
Downloading packages:
rsync-3.1.2-12.el7_9.x86_64.rpm | 408 kB 00:00:06
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : rsync-3.1.2-12.el7_9.x86_64 1/1
Verifying : rsync-3.1.2-12.el7_9.x86_64 1/1
Installed:
rsync.x86_64 0:3.1.2-12.el7_9
Complete!
[root@web02 ~]# echo "123456" >/etc/rsync.password
[root@web02 ~]# chmod 600 /etc/rsync.password
[root@web02 ~]# rsync -avz /oldboy/* rsync_backup@10.0.1.111::backup --password-file=/etc/rsync.password
sending incremental file list
rsync: change_dir "/oldboy" failed: No such file or directory (2)
sent 24 bytes received 20 bytes 8.00 bytes/sec
total size is 0 speedup is 0.00
rsync error: some files/attrs were not transferred (see previous errors) (code 23) at main.c(1179) [sender=3.1.2]
[root@web02 ~]# rsync -avz /etc/passwd rsync_backup@10.0.1.111::backup --password-file=/etc/rsync.password
sending incremental file list
passwd
sent 559 bytes received 43 bytes 92.62 bytes/sec
total size is 1,070 speedup is 1.78
上面步骤我自己都做好了,这里就不做了
排除命令 rsync -avz /data --exclude /data/1.txt rsync_backup@10.0.1.111::backup --password-file=/etc/rsync.password
测试
需求1:备份/data 排除1.txt
客户端
ip:10.0.1.113
[root@web02 ~]# mkdir /data
[root@web02 ~]# cd /data
[root@web02 data]# ls
[root@web02 data]# touch {1..10}.txt
[root@web02 data]# ls
10.txt 1.txt 2.txt 3.txt 4.txt 5.txt 6.txt 7.txt 8.txt 9.txt
[root@web02 data]# rsync -avz /data --exclude /data/1.txt rsync_backup@10.0.1.111::backup --password-file=/etc/rsync.password
sending incremental file list
data/
data/10.txt
data/2.txt
data/3.txt
data/4.txt
data/5.txt
data/6.txt
data/7.txt
data/8.txt
data/9.txt
sent 545 bytes received 199 bytes 135.27 bytes/sec
total size is 0 speedup is 0.00
服务端
ip:10.0.1.111
[root@web1 backup]# ls
[root@web1 backup]# ls
data
进当前目录的相对目录
[root@web1 backup]# cd data/
[root@web1 data]# ls
10.txt 2.txt 3.txt 4.txt 5.txt 6.txt 7.txt 8.txt 9.txt
[root@web1 data]# tree
.
├── 10.txt
├── 2.txt
├── 3.txt
├── 4.txt
├── 5.txt
├── 6.txt
├── 7.txt
├── 8.txt
└── 9.txt
0 directories, 9 files
需求2:排除一个目录
rsync -avz /data --exclude /data/test rsync_backup@10.0.1.111::backup --password-file=/etc/rsync.password
客户端
[root@web02 data]# mkdir test
[root@web02 data]# ls
10.txt 1.txt 2.txt 3.txt 4.txt 5.txt 6.txt 7.txt 8.txt 9.txt test
[root@web02 data]# rsync -avz /data --exclude /data/test rsync_backup@10.0.1.111::backup --password-file=/etc/rsync.password
sending incremental file list
data/
data/1.txt
sent 277 bytes received 47 bytes 58.91 bytes/sec
total size is 0 speedup is 0.00
服务端
[root@web1 data]# tree
.
├── 10.txt
├── 1.txt
├── 2.txt
├── 3.txt
├── 4.txt
├── 5.txt
├── 6.txt
├── 7.txt
├── 8.txt
└── 9.txt
0 directories, 10 files4-crond定时任务配置
定时任务
自动完成操作命令
夜里自动备份数据
cp /data /backup
自动清理磁盘
软件 :cronie
查看软件安装目录
rpm -qa cronie
rpm -ql cronie关闭
systemctl stop cronie启动
systemctl start cronie用户定时任务配置讲解:
/var/spool/cron 定时任务保存目录
/var/spool/cron/root 定时任务配置文件
所有的定时任务配置文件都在这个文件里
crontab -e 打开定时任务配置文件每天 2点30 执行数据备份
* * * * *
含义
分钟 时 日 月 周
分钟 0-59
时 0-23
日 1-31
月 1-12
周 1-7写法
每天 2点30 执行备份
30 02 * * * cp -r /data /backup
* * * * *
含义
分钟 时 日 月 周
分钟 0-59
时 0-23
日 1-31
月 1-12
周 1-7笔试题
1.每天下午2点10执行
14 10 * * * 跟脚本或者跟命令
* * * * *
含义
分钟 时 日 月 周
分钟 0-59
时 0-23
日 1-31
月 1-12
周 1-72.每隔2天 夜里5点10 执行
10 05 */2 * *
* * * * *
含义
分钟 时 日 月 周
分钟 0-59
时 0-23
日 1-31
月 1-12
周 1-73.每隔10分钟下午3点 执行
*/10 15 * * *
* * * * *
含义
分钟 时 日 月 周
分钟 0-59
时 0-23
日 1-31
月 1-12
周 1-74.3月份 每天 下午1点
00 13 * 3 *
* * * * *
含义
分钟 时 日 月 周
分钟 0-59
时 0-23
日 1-31
月 1-12
周 1-75.05 08 * * 1
每周一上午8点05执行
* * * * *
含义
分钟 时 日 月 周
分钟 0-59
时 0-23
日 1-31
月 1-12
周 1-7重点
* * * * *
含义
分钟 时 日 月 周
分钟 0-59
时 0-23
日 1-31
月 1-12
周 1-7定时任务故障排查
1 检查定时任务配置文件
crontab -e
cat /var/spool/cron/root
0 6-11/2 * 11 * /usr/bin/httpd.sh
*/1 * * * * cp -r /data /backup2.看日志
/var/log/cron
tail -100 /var/log/cron
[root@master log]# tail -100 cron
Mar 14 20:01:01 master CROND[2891]: (root) CMD (run-parts /etc/cron.hourly)
Mar 14 20:01:01 master run-parts(/etc/cron.hourly)[2891]: starting 0anacron
Mar 14 20:01:01 master run-parts(/etc/cron.hourly)[2900]: finished 0anacron
Mar 14 20:01:01 master run-parts(/etc/cron.hourly)[2891]: starting 0yum-hourly.cron
Mar 14 20:01:01 master run-parts(/etc/cron.hourly)[2906]: finished 0yum-hourly.cron
Mar 14 20:19:08 master crontab[2991]: (root) BEGIN EDIT (root)
Mar 14 20:19:38 master crontab[2991]: (root) REPLACE (root)
Mar 14 20:19:38 master crontab[2991]: (root) END EDIT (root)
Mar 14 20:37:01 master crond[762]: (root) RELOAD (/var/spool/cron/root)
Mar 14 20:43:01 master crond[762]: (root) RELOAD (/var/spool/cron/root)
Mar 14 20:44:01 master crond[762]: (root) RELOAD (/var/spool/cron/root)
Mar 14 21:01:01 master CROND[3143]: (root) CMD (run-parts /etc/cron.hourly)
Mar 14 21:01:01 master run-parts(/etc/cron.hourly)[3143]: starting 0anacron
Mar 14 21:01:01 master run-parts(/etc/cron.hourly)[3152]: finished 0anacron
Mar 14 21:01:01 master run-parts(/etc/cron.hourly)[3143]: starting 0yum-hourly.cron
Mar 14 21:01:01 master run-parts(/etc/cron.hourly)[3158]: finished 0yum-hourly.cron
Mar 14 21:03:01 master crond[762]: (root) RELOAD (/var/spool/cron/root)
Mar 14 21:03:01 master CROND[3164]: (root) CMD (cp -r /data /backup)
Mar 14 21:04:01 master CROND[3175]: (root) CMD (cp -r /data /backup)
Mar 14 21:05:01 master CROND[3183]: (root) CMD (cp -r /data /backup)定时任务-crond-注意事项
1.
屏幕输出的信息 保存到黑洞
目的:防止占用服务器内存空间
20 02 * * * /root/clear.sh & > /dev/null
2.关闭邮件服务
systemctl stop postfix
或者把这个文件删除
rm -rf /var/spool/postfix/mialdrop/*5-shell脚本实现远程备份-利用rsync
思路
压缩 /backup
本地备份
tar zcvf /backup/www_$(date +%F).tar.gz /html/www/ 有报错提示
tar zcvfP /backup/www_$(date +%F).tar.gz /html/www/ 无报错提示
远程备份(rsync)
tar zcvf /backup/www_$(date +%F).tar.gz /html/www/ 有报错提示
tar zcvfP /backup/www_$(date +%F).tar.gz /html/www/ 无报错提示
find /backup/ -type f -mtime +10 查找超过10天文件
find /backup/ -type f -mtime -10 查找最近10天文件
find /backup/ -type f -mtime 10 查看正好在10天前的文件,以当前时间为准
find /backup/ -type f -mtime +10|xargs rm 查看超过10天的文件并删除
rsync -avz /backup/* rsync_backup@10.0.1.111::backup --password-file=/etc/rsync.password
客户端操作
mkdir /html
cd /html
mkdir www
cd
cd /html/www/
touch {1..10}.txt
ls
mkdir backup
tar zcvfP /backup/www_$(date +%F).tar.gz /html/www/
find /backup/ -type f -mtime +10|xargs rm
rsync -avz /backup/* rsync_backup@10.0.1.111::backup --password-file=/etc/rsync.password
写入脚本
cd /data
mkdir sh
cd sh
vi backup.sh
#!/bin/bash
tar zcvfP /backup/www_$(date +%F).tar.gz /html/www/
find /backup/ -type f -mtime +10|xargs rm
rsync -avz /backup/* rsync_backup@10.0.1.111::backup --password-file=/etc/rsync.password
chmod +x backup.sh
脚本还可以加点东西
#!/bin/bash
mkdir /backup/ 加了个创建backup文件夹,如果服务端那边没有backup目录,们可以在服务器那边自己创建个目录,
tar zcvfP /backup/www_$(date +%F).tar.gz /html/www/
find /backup/ -type f -mtime +10|xargs rm
rsync -avz /backup/* rsync_backup@10.0.1.111::backup --password-file=/etc/rsync.password
chmod +x backup.sh
具体过程演示
客户端
ip:10.0.1.113
[root@web02 ~]# mkdir /html
[root@web02 ~]# cd /html/
[root@web02 html]# mkdir www
[root@web02 html]# ls
www
[root@web02 html]# cd
[root@web02 ~]# cd /html/www/
[root@web02 www]# ls
[root@web02 www]# touch {1..10}.txt
[root@web02 www]# ls
10.txt 1.txt 2.txt 3.txt 4.txt 5.txt 6.txt 7.txt 8.txt 9.txt
[root@web02 www]# ls
10.txt 1.txt 2.txt 3.txt 4.txt 5.txt 6.txt 7.txt 8.txt 9.txt
[root@web02 www]# mkdir backup
[root@web02 www]# ls
10.txt 1.txt 2.txt 3.txt 4.txt 5.txt 6.txt 7.txt 8.txt 9.txt backup
[root@web02 www]# tar zcvfP /backup/www_$(date +%F).tar.gz /html/www/
/html/www/
/html/www/1.txt
/html/www/2.txt
/html/www/3.txt
/html/www/4.txt
/html/www/5.txt
/html/www/6.txt
/html/www/7.txt
/html/www/8.txt
/html/www/9.txt
/html/www/10.txt
/html/www/backup/
[root@web02 www]# cd /backup/
[root@web02 backup]# ls
www_2024-03-20.tar.gz
[root@web02 backup]# rsync -avz /backup/* rsync_backup@10.0.1.111::backup --password-file=/etc/rsync.password
sending incremental file list
www_2024-03-20.tar.gz
sent 357 bytes received 49 bytes 73.82 bytes/sec
total size is 245 speedup is 0.60
[root@web02 backup]# rsync -avz /backup/* rsync_backup@10.0.1.111::backup --password-file=/etc/rsync.password
sending incremental file list
www_2024-03-20.tar.gz
sent 357 bytes received 43 bytes 72.73 bytes/sec
total size is 245 speedup is 0.61
[root@web02 ~]# cd /data
[root@web02 data]# mkdir sh
[root@web02 data]# cd sh
[root@web02 sh]# vi backup.sh
[root@web02 sh]# ls
backup.sh
[root@web02 sh]# chmod +x backup.sh
[root@web02 sh]# ls
backup.sh
[root@web02 sh]# bash backup.sh
/html/www/
/html/www/1.txt
/html/www/2.txt
/html/www/3.txt
/html/www/4.txt
/html/www/5.txt
/html/www/6.txt
/html/www/7.txt
/html/www/8.txt
/html/www/9.txt
/html/www/10.txt
/html/www/backup/
rm: missing operand
Try 'rm --help' for more information.
sending incremental file list
www_2024-03-20.tar.gz
sent 357 bytes received 49 bytes 73.82 bytes/sec
total size is 245 speedup is 0.60
服务端
ip:10.0.1.111
查看是否备份过来了
[root@web1 backup]# ls
data www_2024-03-20.tar.gz
[root@web1 backup]# rm -rf www_2024-03-20.tar.gz
[root@web1 backup]# ls
data
[root@web1 backup]# ls
data www_2024-03-20.tar.gz
[root@web1 backup]# ls
data www_2024-03-20.tar.gz
[root@web1 backup]# ls
data www_2024-03-20.tar.gz6.增量实时备份-监控状态-利用rsync+inotify+crond
实现服务端和客户端b互相免密连接
ssh-keygen
cd /root/.ssh
mv id_rsa.pub authorized_keys
scp -r /root/.ssh 10.0.1.113:/root
企业文件目录增量实时同步 删除不同步
wget -O/etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo
yum -y install inotify-tools rsync
#!/bin/bash
path1=/data/web
ip=10.0.1.113
/usr/bin/inotifywait -mrq --timefmt %y/%m'%d %H:/%M' --format '%T %w%f' -emodify,create,attrib $path1 | while read file;
do
rsync -avz $path1 root@$ip:/backup
echo "${file} was rsynced" >> /var/log/rsync.log 2>&1
done
具体实操演示
客户端
ip:10.0.1.113
mkdir -p /data/web
cd /data
mkdir web
以上是我自己没有这个目录,你如果有的话,就不需要了,生产环境中应根据自己的需求更换目录的
rsync -avz /data/web rsync_backup@10.0.1.111::backup --password-file=/etc/rsync.password 不需要密码
或者
rsync -avz /etc/hosts rsync_backup@10.0.1.111::backup 需要密码
这里的密码是你配置的虚拟用户的密码
下载inotify-tools
wget -O/etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo
yum -y install inotify-tools rsync
创建一个目录或者你可以找个地方存放脚本
cd /data/sh
mkdir -p /data/sh
这里我有就不创建了
vi in.sh
#!/bin/bash
path1=/data/web
ip=10.0.1.113
/usr/bin/inotifywait -mrq --timefmt %y/%m'%d %H:/%M' --format '%T %w%f' -emodify,create,attrib $path1 | while read file;
do
rsync -avz $path1 root@$ip:/backup
echo "${file} was rsynced" >> /var/log/rsync.log 2>&1
done
给予执行权限
chmod +x in.sh
bash in.sh
代码注解
#!/bin/bash
path1=/data/web
ip=10.0.1.111 填的是rsync灾备服务器ip
/usr/bin/inotifywait -mrq --timefmt %y/%m'%d %H:/%M' --format '%T %w%f' -emodify,create,attrib $path1 | while read file;
do
rsync -avz $path1 root@$ip:/backup
echo "${file} was rsynced" >> /var/log/rsync.log 2>&1
done
-emodify, 修改文件
create, 创建
attrib 修改属性
自己也可以定义一下删除,这里我们是备份并监控
delete
服务端
[root@web1 backup]# ls
data hosts passwd web www_2024-03-20.tar.gz
此时服务端应是已经配置过的服务端 因为它是灾备服务器 rsync都应该已经安装过来了
主要我们是在客户端写个脚本,监控他实时备份的过程
监控其他客户端的过程,实时的过程
效果测试:
客户端
此时你再打开一个窗口,开第二个窗口
用touch新建文件就可以了
再去看脚本的运行监控情况
[root@web02 ~]# cd /data/sh/
[root@web02 sh]# ls
backup.sh in.sh
[root@web02 sh]# bash in.sh
sending incremental file list
web/
web/1
web/10
web/100
web/11
web/12
web/13
web/14
web/15
web/16
web/17
web/18
web/19
web/2
web/20
web/21
web/22
web/23
web/24
web/25
web/26
web/27
web/28
web/29
web/3
web/30
web/31
web/32
web/33
web/34
web/35
web/36
web/37
web/38
web/39
web/4
web/40
web/41
web/42
web/43
web/44
web/45
web/46
web/47
web/48
web/49
web/5
web/50
web/51
web/52
web/53
web/54
web/55
web/56
web/57
web/58
web/59
web/6
web/60
web/61
web/62
web/63
web/64
web/65
web/66
web/67
web/68
web/69
web/7
web/70
web/71
web/72
web/73
web/74
web/75
web/76
web/77
web/78
web/79
web/8
web/80
web/81
web/82
web/83
web/84
web/85
web/86
web/87
web/88
web/89
web/9
web/90
web/91
web/92
web/93
web/94
web/95
web/96
web/97
web/98
web/99
web/{1.10}.txt
sent 5,039 bytes received 1,939 bytes 13,956.00 bytes/sec
total size is 0 speedup is 0.00
sending incremental file list
sent 1,396 bytes received 17 bytes 2,826.00 bytes/sec
total size is 0 speedup is 0.00
sending incremental file list
web/
web/1.txt
web/10.txt
web/2.txt
web/3.txt
web/4.txt
web/5.txt
web/6.txt
web/7.txt
web/8.txt
web/9.txt
sent 1,938 bytes received 210 bytes 4,296.00 bytes/sec
total size is 0 speedup is 0.00
sending incremental file list
sent 1,571 bytes received 17 bytes 3,176.00 bytes/sec
total size is 0 speedup is 0.00
sending incremental file list
sent 1,575 bytes received 17 bytes 3,184.00 bytes/sec
total size is 0 speedup is 0.00
sending incremental file list
sent 1,571 bytes received 17 bytes 3,176.00 bytes/sec
total size is 0 speedup is 0.00
sending incremental file list
sent 1,571 bytes received 17 bytes 3,176.00 bytes/sec
total size is 0 speedup is 0.00
sending incremental file list
sent 1,571 bytes received 17 bytes 3,176.00 bytes/sec
total size is 0 speedup is 0.00
sending incremental file list
sent 1,571 bytes received 17 bytes 1,058.67 bytes/sec
total size is 0 speedup is 0.00
sending incremental file list
sent 1,575 bytes received 17 bytes 3,184.00 bytes/sec
total size is 0 speedup is 0.00
sending incremental file list
sent 1,571 bytes received 17 bytes 3,176.00 bytes/sec
total size is 0 speedup is 0.00
sending incremental file list
sent 1,571 bytes received 17 bytes 3,176.00 bytes/sec
total size is 0 speedup is 0.00
sending incremental file list
sent 1,571 bytes received 17 bytes 3,176.00 bytes/sec
total size is 0 speedup is 0.00
sending incremental file list
sent 1,575 bytes received 17 bytes 3,184.00 bytes/sec
total size is 0 speedup is 0.00
sending incremental file list
sent 1,571 bytes received 17 bytes 3,176.00 bytes/sec
total size is 0 speedup is 0.00
sending incremental file list
sent 1,571 bytes received 17 bytes 3,176.00 bytes/sec
total size is 0 speedup is 0.00
sending incremental file list
sent 1,571 bytes received 17 bytes 3,176.00 bytes/sec
total size is 0 speedup is 0.00
sending incremental file list
sent 1,571 bytes received 17 bytes 3,176.00 bytes/sec
total size is 0 speedup is 0.00
sending incremental file list
sent 1,571 bytes received 17 bytes 3,176.00 bytes/sec
total size is 0 speedup is 0.00
sending incremental file list
sent 1,571 bytes received 17 bytes 3,176.00 bytes/sec
total size is 0 speedup is 0.00
sending incremental file list
sent 1,571 bytes received 17 bytes 3,176.00 bytes/sec
total size is 0 speedup is 0.00
sending incremental file list
sent 1,575 bytes received 17 bytes 3,184.00 bytes/sec
total size is 0 speedup is 0.00
服务端
[root@web1 ~]# cd /backup/web/
[root@web1 web]# ls
[root@web1 web]# ls
1 14 20 28 34 40 48 54 60 68 74 80 88 94
10 15 21 29 35 41 49 55 61 69 75 81 89 95
100 16 22 2.txt 36 42 4.txt 56 62 6.txt 76 82 8.txt 96
10.txt 17 23 3 37 43 5 57 63 7 77 83 9 97
11 18 24 30 38 44 50 58 64 70 78 84 90 98
{1.10}.txt 19 25 31 39 45 51 59 65 71 79 85 91 99
12 1.txt 26 32 3.txt 46 52 5.txt 66 72 7.txt 86 92 9.txt
13 2 27 33 4 47 53 6 67 73 8 87 93
注意:这个脚本运行时执行备份和实时同步传输 ,但是如果退出了,就不可以了,没办法实现监控和备份了,
bash in.sh &
[root@web02 sh]# bash in.sh &
[1] 3177
这个命令代表可以可以后台运行,他会给你个进程号
只要执行备份,你这边可以监控到的
演示效果
这两个客户端是一个哦,我分两个窗口打开的
客户端1
[root@web02 web]# touch nnwwqq{1..2}.txt
客户端2
[root@web02 sh]# bash in.sh &
[1] 3177
[root@web02 sh]# sending incremental file list
web/
web/nnwwqq1.txt
web/nnwwqq2.txt
sent 1,869 bytes received 58 bytes 3,854.00 bytes/sec
total size is 0 speedup is 0.00
sending incremental file list
sent 1,790 bytes received 17 bytes 3,614.00 bytes/sec
total size is 0 speedup is 0.00
服务器端
[root@web1 web]# ls
1 17 26 35 44 53 62 71 80 9 9.txt nwq8.txt
10 18 27 36 45 54 63 72 81 90 nnwwqq1.txt nwq9.txt
100 19 28 37 46 55 64 73 82 91 nnwwqq2.txt
10.txt 1.txt 29 38 47 56 65 74 83 92 nwq10.txt
11 2 2.txt 39 48 57 66 75 84 93 nwq1.txt
{1.10}.txt 20 3 3.txt 49 58 67 76 85 94 nwq2.txt
12 21 30 4 4.txt 59 68 77 86 95 nwq3.txt
13 22 31 40 5 5.txt 69 78 87 96 nwq4.txt
14 23 32 41 50 6 6.txt 79 88 97 nwq5.txt
15 24 33 42 51 60 7 7.txt 89 98 nwq6.txt
16 25 34 43 52 61 70 8 8.txt 99 nwq7.txt
需求:
比方说如果你想要他在晚上两点执行
此时就要配置定时任务了,用到crond这个工具
1.
编辑crontab文件
crontab -e
2.
0 2 * * * /bin/bash /data/sh/in.sh
在每天的凌晨2点0分(0 2)执行/data/sh/in.sh这个脚本。
3.
确保脚本有执行权限
chmod +x /data/sh/in.sh
4.
检查cron服务状态
crontab -l
具体演示过程
[root@web02 sh]# crontab -e
crontab: installing new crontab
添加下面这行
0 2 * * * /bin/bash /data/sh/in.sh >/dev/null 2>&1
检查一下
[root@web02 sh]# crontab -l
*/5 * * * * /usr/sbin/ntpdate ntp1.aliyun.com >/dev/null 2>&1
#time sync by lidao at 2017-03-08
*/5 * * * * /usr/sbin/ntpdate ntp1.aliyun.com >/dev/null 2>&1
0 2 * * * /bin/bash /data/sh/in.sh >/dev/null 2>&17-NFS部署--重点
概念
1 nfs是什么
存储,部署这个软件可以实现,客户机可以访问远程服务器共享资源
2
优点:免费 配置方便 满足做架构方案
缺点: 使用明文传输 不安全
3 nfs使用场景
1 做负载均衡会用到
2 数据备份部署--重点
centos7--yum源更新
可以先备份一下
mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup
wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
epel源
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
yum update
yum clean all
yum makecache
各系统仓库地址
https://help.mirrors.cernet.edu.cn/epel/
#时间同步
yum install -y ntpdate
echo '#time sync by lidao at 2017-03-08' >>/var/spool/cron/root
echo '*/5 * * * * /usr/sbin/ntpdate ntp1.aliyun.com >/dev/null 2>&1' >>/var/spool/cron/root
crontab -l
#英文字符集
localectl set-locale LANG="en_US.UTF-8"
#安装其他小软件
yum install lrzsz nmap tree dos2unix nc telnet wget lsof ntpdate bash-completion bash-completion-extras -y2台服务器
存储:10.0.1.111
web:10.0.1.113
服务端配置
开始部署:
yum install -y nfs-utils
mkdir /data
vim /etc/exports
/data 10.0.1.0/24(rw,sync,no_root_squash,no_all_squash)
systemctl restart rpcbind
systemctl enable rpcbind
systemctl enable nfs
检查 NFS 服务器端是否有目录共享
showmount -e 10.0.1.111
/data 共享目录
10.0.0.0/24 授权ip网段
(rw,sync,no_root_squash,no_all_squash)
rw:读写
sync:同步写入内存和硬盘
no_root_squash:root身份访问
no_all_squash:所有用户不能转换匿名用户
客户机配置
IP地址:10.0.1.113
1、安装nfs,不需要启动服务
yum install -y nfs-utils
2、检查 NFS 服务器端是否有目录共享
showmount -e 10.0.1.111
3、使用 mount 挂载A服务器端的目录/data到客户端B的目录/html/www下
[root@localhost ~]# mkdir -p /html/www
[root@localhost ~]# mount -t nfs 10.0.1.111:/data /html/www
df -h
nas存储
具体过程演示
服务端NFS
IP:10.0.1.111
[root@web1 ~]# yum install -y nfs-utils
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.aliyun.com
* extras: mirrors.aliyun.com
* updates: mirrors.aliyun.com
Resolving Dependencies
--> Running transaction check
---> Package nfs-utils.x86_64 1:1.3.0-0.68.el7.2 will be installed
--> Processing Dependency: libtirpc >= 0.2.4-0.7 for package: 1:nfs-utils-1.3.0-0.68.el7.2.x86_64
--> Processing Dependency: gssproxy >= 0.7.0-3 for package: 1:nfs-utils-1.3.0-0.68.el7.2.x86_64
--> Processing Dependency: rpcbind for package: 1:nfs-utils-1.3.0-0.68.el7.2.x86_64
--> Processing Dependency: quota for package: 1:nfs-utils-1.3.0-0.68.el7.2.x86_64
--> Processing Dependency: libnfsidmap for package: 1:nfs-utils-1.3.0-0.68.el7.2.x86_64
--> Processing Dependency: libevent for package: 1:nfs-utils-1.3.0-0.68.el7.2.x86_64
--> Processing Dependency: libdevmapper.so.1.02(DM_1_02_97)(64bit) for package: 1:nfs-utils-1.3.0-0.68.el7.2.x86_64
--> Processing Dependency: keyutils for package: 1:nfs-utils-1.3.0-0.68.el7.2.x86_64
--> Processing Dependency: libtirpc.so.1()(64bit) for package: 1:nfs-utils-1.3.0-0.68.el7.2.x86_64
--> Processing Dependency: libnfsidmap.so.0()(64bit) for package: 1:nfs-utils-1.3.0-0.68.el7.2.x86_64
--> Processing Dependency: libevent-2.0.so.5()(64bit) for package: 1:nfs-utils-1.3.0-0.68.el7.2.x86_64
--> Running transaction check
---> Package device-mapper-libs.x86_64 7:1.02.93-3.el7 will be updated
--> Processing Dependency: device-mapper-libs = 7:1.02.93-3.el7 for package: 7:device-mapper-1.02.93-3.el7.x86_64
---> Package device-mapper-libs.x86_64 7:1.02.170-6.el7_9.5 will be an update
---> Package gssproxy.x86_64 0:0.7.0-30.el7_9 will be installed
--> Processing Dependency: libini_config >= 1.3.1-31 for package: gssproxy-0.7.0-30.el7_9.x86_64
--> Processing Dependency: krb5-libs >= 1.15 for package: gssproxy-0.7.0-30.el7_9.x86_64
--> Processing Dependency: libverto-module-base for package: gssproxy-0.7.0-30.el7_9.x86_64
--> Processing Dependency: libref_array.so.1(REF_ARRAY_0.1.1)(64bit) for package: gssproxy-0.7.0-30.el7_9.x86_64
--> Processing Dependency: libini_config.so.3(INI_CONFIG_1.2.0)(64bit) for package: gssproxy-0.7.0-30.el7_9.x86_64
--> Processing Dependency: libini_config.so.3(INI_CONFIG_1.1.0)(64bit) for package: gssproxy-0.7.0-30.el7_9.x86_64
--> Processing Dependency: libref_array.so.1()(64bit) for package: gssproxy-0.7.0-30.el7_9.x86_64
--> Processing Dependency: libini_config.so.3()(64bit) for package: gssproxy-0.7.0-30.el7_9.x86_64
--> Processing Dependency: libcollection.so.2()(64bit) for package: gssproxy-0.7.0-30.el7_9.x86_64
--> Processing Dependency: libbasicobjects.so.0()(64bit) for package: gssproxy-0.7.0-30.el7_9.x86_64
---> Package keyutils.x86_64 0:1.5.8-3.el7 will be installed
---> Package libevent.x86_64 0:2.0.21-4.el7 will be installed
---> Package libnfsidmap.x86_64 0:0.25-19.el7 will be installed
---> Package libtirpc.x86_64 0:0.2.4-0.16.el7 will be installed
---> Package quota.x86_64 1:4.01-19.el7 will be installed
--> Processing Dependency: quota-nls = 1:4.01-19.el7 for package: 1:quota-4.01-19.el7.x86_64
--> Processing Dependency: tcp_wrappers for package: 1:quota-4.01-19.el7.x86_64
---> Package rpcbind.x86_64 0:0.2.0-49.el7 will be installed
--> Processing Dependency: libsystemd.so.0(LIBSYSTEMD_209)(64bit) for package: rpcbind-0.2.0-49.el7.x86_64
--> Processing Dependency: libsystemd.so.0()(64bit) for package: rpcbind-0.2.0-49.el7.x86_64
--> Running transaction check
---> Package device-mapper.x86_64 7:1.02.93-3.el7 will be updated
--> Processing Dependency: device-mapper = 7:1.02.93-3.el7 for package: 7:device-mapper-event-1.02.93-3.el7.x86_64
---> Package device-mapper.x86_64 7:1.02.170-6.el7_9.5 will be an update
---> Package krb5-libs.x86_64 0:1.12.2-14.el7 will be updated
---> Package krb5-libs.x86_64 0:1.15.1-55.el7_9 will be an update
---> Package libbasicobjects.x86_64 0:0.1.1-32.el7 will be installed
---> Package libcollection.x86_64 0:0.7.0-32.el7 will be installed
---> Package libini_config.x86_64 0:1.3.1-32.el7 will be installed
--> Processing Dependency: libpath_utils.so.1(PATH_UTILS_0.2.1)(64bit) for package: libini_config-1.3.1-32.el7.x86_64
--> Processing Dependency: libpath_utils.so.1()(64bit) for package: libini_config-1.3.1-32.el7.x86_64
---> Package libref_array.x86_64 0:0.1.5-32.el7 will be installed
---> Package libverto-libevent.x86_64 0:0.2.5-4.el7 will be installed
---> Package quota-nls.noarch 1:4.01-19.el7 will be installed
---> Package systemd-libs.x86_64 0:208-20.el7 will be updated
--> Processing Dependency: systemd-libs = 208-20.el7 for package: systemd-208-20.el7.x86_64
---> Package systemd-libs.x86_64 0:219-78.el7_9.9 will be an update
--> Processing Dependency: liblz4.so.1()(64bit) for package: systemd-libs-219-78.el7_9.9.x86_64
---> Package tcp_wrappers.x86_64 0:7.6-77.el7 will be installed
--> Running transaction check
---> Package device-mapper-event.x86_64 7:1.02.93-3.el7 will be updated
--> Processing Dependency: device-mapper-event = 7:1.02.93-3.el7 for package: 7:lvm2-libs-2.02.115-3.el7.x86_64
---> Package device-mapper-event.x86_64 7:1.02.170-6.el7_9.5 will be an update
--> Processing Dependency: device-mapper-event-libs = 7:1.02.170-6.el7_9.5 for package: 7:device-mapper-event-1.02.170-6.el7_9.5.x86_64
---> Package libpath_utils.x86_64 0:0.2.1-32.el7 will be installed
---> Package lz4.x86_64 0:1.8.3-1.el7 will be installed
---> Package systemd.x86_64 0:208-20.el7 will be updated
--> Processing Dependency: systemd = 208-20.el7 for package: systemd-sysv-208-20.el7.x86_64
--> Processing Dependency: systemd = 208-20.el7 for package: libgudev1-208-20.el7.x86_64
---> Package systemd.x86_64 0:219-78.el7_9.9 will be an update
--> Processing Dependency: kmod >= 18-4 for package: systemd-219-78.el7_9.9.x86_64
--> Processing Dependency: libcryptsetup.so.12(CRYPTSETUP_2.0)(64bit) for package: systemd-219-78.el7_9.9.x86_64
--> Processing Dependency: libcryptsetup.so.12()(64bit) for package: systemd-219-78.el7_9.9.x86_64
--> Running transaction check
---> Package cryptsetup-libs.x86_64 0:1.6.6-3.el7 will be updated
---> Package cryptsetup-libs.x86_64 0:2.0.3-6.el7 will be an update
---> Package device-mapper-event-libs.x86_64 7:1.02.93-3.el7 will be updated
---> Package device-mapper-event-libs.x86_64 7:1.02.170-6.el7_9.5 will be an update
---> Package kmod.x86_64 0:14-10.el7 will be updated
---> Package kmod.x86_64 0:20-28.el7 will be an update
---> Package libgudev1.x86_64 0:208-20.el7 will be updated
---> Package libgudev1.x86_64 0:219-78.el7_9.9 will be an update
--> Processing Dependency: glib2 >= 2.42 for package: libgudev1-219-78.el7_9.9.x86_64
---> Package lvm2-libs.x86_64 7:2.02.115-3.el7 will be updated
--> Processing Dependency: lvm2-libs = 7:2.02.115-3.el7 for package: 7:lvm2-2.02.115-3.el7.x86_64
---> Package lvm2-libs.x86_64 7:2.02.187-6.el7_9.5 will be an update
---> Package systemd-sysv.x86_64 0:208-20.el7 will be updated
---> Package systemd-sysv.x86_64 0:219-78.el7_9.9 will be an update
--> Running transaction check
---> Package glib2.x86_64 0:2.40.0-4.el7 will be updated
---> Package glib2.x86_64 0:2.56.1-9.el7_9 will be an update
---> Package lvm2.x86_64 7:2.02.115-3.el7 will be updated
---> Package lvm2.x86_64 7:2.02.187-6.el7_9.5 will be an update
--> Processing Dependency: device-mapper-persistent-data >= 0.7.0-0.1.rc6 for package: 7:lvm2-2.02.187-6.el7_9.5.x86_64
--> Running transaction check
---> Package device-mapper-persistent-data.x86_64 0:0.4.1-2.el7 will be updated
---> Package device-mapper-persistent-data.x86_64 0:0.8.5-3.el7_9.2 will be an update
--> Processing Conflict: gssproxy-0.7.0-30.el7_9.x86_64 conflicts selinux-policy < 3.13.1-166.el7.noarch
--> Restarting Dependency Resolution with new changes.
--> Running transaction check
---> Package selinux-policy.noarch 0:3.13.1-23.el7 will be updated
--> Processing Dependency: selinux-policy = 3.13.1-23.el7 for package: selinux-policy-targeted-3.13.1-23.el7.noarch
--> Processing Dependency: selinux-policy = 3.13.1-23.el7 for package: selinux-policy-targeted-3.13.1-23.el7.noarch
---> Package selinux-policy.noarch 0:3.13.1-268.el7_9.2 will be an update
--> Processing Dependency: policycoreutils >= 2.5-24 for package: selinux-policy-3.13.1-268.el7_9.2.noarch
--> Processing Dependency: libsemanage >= 2.5-13 for package: selinux-policy-3.13.1-268.el7_9.2.noarch
--> Running transaction check
---> Package libsemanage.x86_64 0:2.1.10-16.el7 will be updated
---> Package libsemanage.x86_64 0:2.5-14.el7 will be an update
--> Processing Dependency: libsepol >= 2.5-10 for package: libsemanage-2.5-14.el7.x86_64
--> Processing Dependency: libselinux >= 2.5-14 for package: libsemanage-2.5-14.el7.x86_64
--> Processing Dependency: libsepol.so.1(LIBSEPOL_1.1)(64bit) for package: libsemanage-2.5-14.el7.x86_64
--> Processing Dependency: libsepol.so.1(LIBSEPOL_1.0)(64bit) for package: libsemanage-2.5-14.el7.x86_64
---> Package policycoreutils.x86_64 0:2.2.5-15.el7 will be updated
---> Package policycoreutils.x86_64 0:2.5-34.el7 will be an update
--> Processing Dependency: libselinux-utils >= 2.5-14 for package: policycoreutils-2.5-34.el7.x86_64
---> Package selinux-policy-targeted.noarch 0:3.13.1-23.el7 will be updated
---> Package selinux-policy-targeted.noarch 0:3.13.1-268.el7_9.2 will be an update
--> Running transaction check
---> Package libselinux.x86_64 0:2.2.2-6.el7 will be updated
--> Processing Dependency: libselinux = 2.2.2-6.el7 for package: libselinux-python-2.2.2-6.el7.x86_64
---> Package libselinux.x86_64 0:2.5-15.el7 will be an update
---> Package libselinux-utils.x86_64 0:2.2.2-6.el7 will be updated
---> Package libselinux-utils.x86_64 0:2.5-15.el7 will be an update
---> Package libsepol.x86_64 0:2.1.9-3.el7 will be updated
---> Package libsepol.x86_64 0:2.5-10.el7 will be an update
--> Running transaction check
---> Package libselinux-python.x86_64 0:2.2.2-6.el7 will be updated
---> Package libselinux-python.x86_64 0:2.5-15.el7 will be an update
--> Processing Conflict: systemd-219-78.el7_9.9.x86_64 conflicts initscripts < 9.49.28-1
--> Restarting Dependency Resolution with new changes.
--> Running transaction check
---> Package initscripts.x86_64 0:9.49.24-1.el7 will be updated
---> Package initscripts.x86_64 0:9.49.53-1.el7_9.1 will be an update
--> Processing Dependency: bc for package: initscripts-9.49.53-1.el7_9.1.x86_64
--> Running transaction check
---> Package bc.x86_64 0:1.06.95-13.el7 will be installed
--> Processing Conflict: initscripts-9.49.53-1.el7_9.1.x86_64 conflicts redhat-release < 7.5-0.11
--> Restarting Dependency Resolution with new changes.
--> Running transaction check
---> Package centos-release.x86_64 0:7-1.1503.el7.centos.2.8 will be updated
---> Package centos-release.x86_64 0:7-9.2009.1.el7.centos will be an update
--> Processing Conflict: systemd-219-78.el7_9.9.x86_64 conflicts dracut < 033-243
--> Restarting Dependency Resolution with new changes.
--> Running transaction check
---> Package dracut.x86_64 0:033-240.el7 will be updated
--> Processing Dependency: dracut = 033-240.el7 for package: dracut-config-rescue-033-240.el7.x86_64
--> Processing Dependency: dracut = 033-240.el7 for package: dracut-network-033-240.el7.x86_64
---> Package dracut.x86_64 0:033-572.el7 will be an update
--> Running transaction check
---> Package dracut-config-rescue.x86_64 0:033-240.el7 will be updated
---> Package dracut-config-rescue.x86_64 0:033-572.el7 will be an update
---> Package dracut-network.x86_64 0:033-240.el7 will be updated
---> Package dracut-network.x86_64 0:033-572.el7 will be an update
--> Finished Dependency Resolution
Dependencies Resolved
===========================================================================================================
Package Arch Version Repository Size
===========================================================================================================
Installing:
nfs-utils x86_64 1:1.3.0-0.68.el7.2 updates 413 k
Updating:
centos-release x86_64 7-9.2009.1.el7.centos updates 27 k
dracut x86_64 033-572.el7 base 329 k
initscripts x86_64 9.49.53-1.el7_9.1 updates 440 k
selinux-policy noarch 3.13.1-268.el7_9.2 updates 498 k
Installing for dependencies:
bc x86_64 1.06.95-13.el7 base 115 k
gssproxy x86_64 0.7.0-30.el7_9 updates 111 k
keyutils x86_64 1.5.8-3.el7 base 54 k
libbasicobjects x86_64 0.1.1-32.el7 base 26 k
libcollection x86_64 0.7.0-32.el7 base 42 k
libevent x86_64 2.0.21-4.el7 base 214 k
libini_config x86_64 1.3.1-32.el7 base 64 k
libnfsidmap x86_64 0.25-19.el7 base 50 k
libpath_utils x86_64 0.2.1-32.el7 base 28 k
libref_array x86_64 0.1.5-32.el7 base 27 k
libtirpc x86_64 0.2.4-0.16.el7 base 89 k
libverto-libevent x86_64 0.2.5-4.el7 base 8.9 k
lz4 x86_64 1.8.3-1.el7 base 85 k
quota x86_64 1:4.01-19.el7 base 179 k
quota-nls noarch 1:4.01-19.el7 base 90 k
rpcbind x86_64 0.2.0-49.el7 base 60 k
tcp_wrappers x86_64 7.6-77.el7 base 78 k
Updating for dependencies:
cryptsetup-libs x86_64 2.0.3-6.el7 base 339 k
device-mapper x86_64 7:1.02.170-6.el7_9.5 updates 297 k
device-mapper-event x86_64 7:1.02.170-6.el7_9.5 updates 192 k
device-mapper-event-libs x86_64 7:1.02.170-6.el7_9.5 updates 192 k
device-mapper-libs x86_64 7:1.02.170-6.el7_9.5 updates 325 k
device-mapper-persistent-data x86_64 0.8.5-3.el7_9.2 updates 423 k
dracut-config-rescue x86_64 033-572.el7 base 61 k
dracut-network x86_64 033-572.el7 base 103 k
glib2 x86_64 2.56.1-9.el7_9 updates 2.5 M
kmod x86_64 20-28.el7 base 123 k
krb5-libs x86_64 1.15.1-55.el7_9 updates 810 k
libgudev1 x86_64 219-78.el7_9.9 updates 110 k
libselinux x86_64 2.5-15.el7 base 162 k
libselinux-python x86_64 2.5-15.el7 base 236 k
libselinux-utils x86_64 2.5-15.el7 base 151 k
libsemanage x86_64 2.5-14.el7 base 151 k
libsepol x86_64 2.5-10.el7 base 297 k
lvm2 x86_64 7:2.02.187-6.el7_9.5 updates 1.3 M
lvm2-libs x86_64 7:2.02.187-6.el7_9.5 updates 1.1 M
policycoreutils x86_64 2.5-34.el7 base 917 k
selinux-policy-targeted noarch 3.13.1-268.el7_9.2 updates 7.0 M
systemd x86_64 219-78.el7_9.9 updates 5.1 M
systemd-libs x86_64 219-78.el7_9.9 updates 419 k
systemd-sysv x86_64 219-78.el7_9.9 updates 98 k
Transaction Summary
===========================================================================================================
Install 1 Package (+17 Dependent packages)
Upgrade 4 Packages (+24 Dependent packages)
Total download size: 25 M
Downloading packages:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
(1/46): centos-release-7-9.2009.1.el7.centos.x86_64.rpm | 27 kB 00:00:05
(2/46): bc-1.06.95-13.el7.x86_64.rpm | 115 kB 00:00:05
(3/46): device-mapper-event-1.02.170-6.el7_9.5.x86_64.rpm | 192 kB 00:00:00
(4/46): device-mapper-1.02.170-6.el7_9.5.x86_64.rpm | 297 kB 00:00:05
(5/46): cryptsetup-libs-2.0.3-6.el7.x86_64.rpm | 339 kB 00:00:05
(6/46): device-mapper-event-libs-1.02.170-6.el7_9.5.x86_64.rpm | 192 kB 00:00:00
(7/46): device-mapper-libs-1.02.170-6.el7_9.5.x86_64.rpm | 325 kB 00:00:00
(8/46): device-mapper-persistent-data-0.8.5-3.el7_9.2.x86_64.rpm | 423 kB 00:00:00
(9/46): dracut-033-572.el7.x86_64.rpm | 329 kB 00:00:05
(10/46): dracut-config-rescue-033-572.el7.x86_64.rpm | 61 kB 00:00:05
(11/46): dracut-network-033-572.el7.x86_64.rpm | 103 kB 00:00:00
(12/46): gssproxy-0.7.0-30.el7_9.x86_64.rpm | 111 kB 00:00:05
(13/46): glib2-2.56.1-9.el7_9.x86_64.rpm | 2.5 MB 00:00:05
(14/46): initscripts-9.49.53-1.el7_9.1.x86_64.rpm | 440 kB 00:00:00
(15/46): krb5-libs-1.15.1-55.el7_9.x86_64.rpm | 810 kB 00:00:00
(16/46): keyutils-1.5.8-3.el7.x86_64.rpm | 54 kB 00:00:05
(17/46): kmod-20-28.el7.x86_64.rpm | 123 kB 00:00:05
(18/46): libcollection-0.7.0-32.el7.x86_64.rpm | 42 kB 00:00:00
(19/46): libbasicobjects-0.1.1-32.el7.x86_64.rpm | 26 kB 00:00:00
(20/46): libevent-2.0.21-4.el7.x86_64.rpm | 214 kB 00:00:00
(21/46): libini_config-1.3.1-32.el7.x86_64.rpm | 64 kB 00:00:00
(22/46): libnfsidmap-0.25-19.el7.x86_64.rpm | 50 kB 00:00:00
(23/46): libpath_utils-0.2.1-32.el7.x86_64.rpm | 28 kB 00:00:00
(24/46): libselinux-2.5-15.el7.x86_64.rpm | 162 kB 00:00:00
(25/46): libref_array-0.1.5-32.el7.x86_64.rpm | 27 kB 00:00:00
(26/46): libselinux-utils-2.5-15.el7.x86_64.rpm | 151 kB 00:00:00
(27/46): libselinux-python-2.5-15.el7.x86_64.rpm | 236 kB 00:00:00
(28/46): libsepol-2.5-10.el7.x86_64.rpm | 297 kB 00:00:00
(29/46): libsemanage-2.5-14.el7.x86_64.rpm | 151 kB 00:00:00
(30/46): libtirpc-0.2.4-0.16.el7.x86_64.rpm | 89 kB 00:00:00
(31/46): libverto-libevent-0.2.5-4.el7.x86_64.rpm | 8.9 kB 00:00:00
(32/46): libgudev1-219-78.el7_9.9.x86_64.rpm | 110 kB 00:00:05
(33/46): lvm2-libs-2.02.187-6.el7_9.5.x86_64.rpm | 1.1 MB 00:00:00
(34/46): nfs-utils-1.3.0-0.68.el7.2.x86_64.rpm | 413 kB 00:00:00
(35/46): lvm2-2.02.187-6.el7_9.5.x86_64.rpm | 1.3 MB 00:00:05
(36/46): lz4-1.8.3-1.el7.x86_64.rpm | 85 kB 00:00:05
(37/46): quota-4.01-19.el7.x86_64.rpm | 179 kB 00:00:00
(38/46): quota-nls-4.01-19.el7.noarch.rpm | 90 kB 00:00:00
(39/46): rpcbind-0.2.0-49.el7.x86_64.rpm | 60 kB 00:00:00
(40/46): policycoreutils-2.5-34.el7.x86_64.rpm | 917 kB 00:00:05
(41/46): selinux-policy-3.13.1-268.el7_9.2.noarch.rpm | 498 kB 00:00:05
(42/46): selinux-policy-targeted-3.13.1-268.el7_9.2.noarch.rpm | 7.0 MB 00:00:05
(43/46): systemd-libs-219-78.el7_9.9.x86_64.rpm | 419 kB 00:00:00
(44/46): systemd-sysv-219-78.el7_9.9.x86_64.rpm | 98 kB 00:00:00
(45/46): systemd-219-78.el7_9.9.x86_64.rpm | 5.1 MB 00:00:01
(46/46): tcp_wrappers-7.6-77.el7.x86_64.rpm | 78 kB 00:00:05
-----------------------------------------------------------------------------------------------------------
Total 598 kB/s | 25 MB 00:00:43
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Updating : libsepol-2.5-10.el7.x86_64 1/74
Updating : libselinux-2.5-15.el7.x86_64 2/74
Updating : krb5-libs-1.15.1-55.el7_9.x86_64 3/74
Installing : libtirpc-0.2.4-0.16.el7.x86_64 4/74
Updating : glib2-2.56.1-9.el7_9.x86_64 5/74
Updating : libsemanage-2.5-14.el7.x86_64 6/74
Installing : libref_array-0.1.5-32.el7.x86_64 7/74
Installing : libcollection-0.7.0-32.el7.x86_64 8/74
Installing : libevent-2.0.21-4.el7.x86_64 9/74
Updating : centos-release-7-9.2009.1.el7.centos.x86_64 10/74
Installing : libbasicobjects-0.1.1-32.el7.x86_64 11/74
Installing : lz4-1.8.3-1.el7.x86_64 12/74
Updating : systemd-libs-219-78.el7_9.9.x86_64 13/74
Updating : kmod-20-28.el7.x86_64 14/74
Updating : dracut-033-572.el7.x86_64 15/74
Updating : cryptsetup-libs-2.0.3-6.el7.x86_64 16/74
Updating : systemd-219-78.el7_9.9.x86_64 17/74
Updating : 7:device-mapper-libs-1.02.170-6.el7_9.5.x86_64 18/74
Updating : 7:device-mapper-1.02.170-6.el7_9.5.x86_64 19/74
Updating : 7:device-mapper-event-libs-1.02.170-6.el7_9.5.x86_64 20/74
Updating : 7:device-mapper-event-1.02.170-6.el7_9.5.x86_64 21/74
Updating : 7:lvm2-libs-2.02.187-6.el7_9.5.x86_64 22/74
Updating : systemd-sysv-219-78.el7_9.9.x86_64 23/74
Installing : rpcbind-0.2.0-49.el7.x86_64 24/74
Installing : libverto-libevent-0.2.5-4.el7.x86_64 25/74
Updating : libselinux-utils-2.5-15.el7.x86_64 26/74
Updating : policycoreutils-2.5-34.el7.x86_64 27/74
Updating : selinux-policy-3.13.1-268.el7_9.2.noarch 28/74
Installing : 1:quota-nls-4.01-19.el7.noarch 29/74
Installing : tcp_wrappers-7.6-77.el7.x86_64 30/74
Installing : 1:quota-4.01-19.el7.x86_64 31/74
Installing : keyutils-1.5.8-3.el7.x86_64 32/74
Installing : libnfsidmap-0.25-19.el7.x86_64 33/74
Installing : libpath_utils-0.2.1-32.el7.x86_64 34/74
Installing : libini_config-1.3.1-32.el7.x86_64 35/74
Installing : gssproxy-0.7.0-30.el7_9.x86_64 36/74
Installing : bc-1.06.95-13.el7.x86_64 37/74
Updating : device-mapper-persistent-data-0.8.5-3.el7_9.2.x86_64 38/74
Updating : 7:lvm2-2.02.187-6.el7_9.5.x86_64 39/74
Created symlink from /etc/systemd/system/sysinit.target.wants/lvm2-lvmpolld.socket to /usr/lib/systemd/system/lvm2-lvmpolld.socket.
Updating : initscripts-9.49.53-1.el7_9.1.x86_64 40/74
Installing : 1:nfs-utils-1.3.0-0.68.el7.2.x86_64 41/74
Updating : selinux-policy-targeted-3.13.1-268.el7_9.2.noarch 42/74
Updating : dracut-config-rescue-033-572.el7.x86_64 43/74
Updating : dracut-network-033-572.el7.x86_64 44/74
Updating : libgudev1-219-78.el7_9.9.x86_64 45/74
Updating : libselinux-python-2.5-15.el7.x86_64 46/74
Cleanup : selinux-policy-targeted-3.13.1-23.el7.noarch 47/74
Cleanup : selinux-policy-3.13.1-23.el7.noarch 48/74
Cleanup : dracut-network-033-240.el7.x86_64 49/74
Cleanup : dracut-config-rescue-033-240.el7.x86_64 50/74
Cleanup : systemd-sysv-208-20.el7.x86_64 51/74
Cleanup : 7:lvm2-2.02.115-3.el7.x86_64 52/74
Cleanup : 7:lvm2-libs-2.02.115-3.el7.x86_64 53/74
Cleanup : 7:device-mapper-event-1.02.93-3.el7.x86_64 54/74
Cleanup : policycoreutils-2.2.5-15.el7.x86_64 55/74
UPGRADE: Automatically re-enabling default systemd units:
brandbot.path
rhel-autorelabel.service
rhel-autorelabel-mark.service
rhel-configure.service
rhel-dmesg.service
rhel-domainname.service
rhel-import-state.service
rhel-loadmodules.service
rhel-readonly.service
Cleanup : initscripts-9.49.24-1.el7.x86_64 56/74
Cleanup : libgudev1-208-20.el7.x86_64 57/74
Cleanup : libsemanage-2.1.10-16.el7.x86_64 58/74
Cleanup : dracut-033-240.el7.x86_64 59/74
Cleanup : glib2-2.40.0-4.el7.x86_64 60/74
Cleanup : libselinux-utils-2.2.2-6.el7.x86_64 61/74
Cleanup : 7:device-mapper-event-libs-1.02.93-3.el7.x86_64 62/74
Cleanup : 7:device-mapper-1.02.93-3.el7.x86_64 63/74
Cleanup : systemd-208-20.el7.x86_64 64/74
Cleanup : cryptsetup-libs-1.6.6-3.el7.x86_64 65/74
Cleanup : 7:device-mapper-libs-1.02.93-3.el7.x86_64 66/74
Cleanup : systemd-libs-208-20.el7.x86_64 67/74
Cleanup : krb5-libs-1.12.2-14.el7.x86_64 68/74
Cleanup : libselinux-python-2.2.2-6.el7.x86_64 69/74
Cleanup : centos-release-7-1.1503.el7.centos.2.8.x86_64 70/74
Cleanup : libselinux-2.2.2-6.el7.x86_64 71/74
Cleanup : libsepol-2.1.9-3.el7.x86_64 72/74
Cleanup : kmod-14-10.el7.x86_64 73/74
Cleanup : device-mapper-persistent-data-0.4.1-2.el7.x86_64 74/74
Verifying : libtirpc-0.2.4-0.16.el7.x86_64 1/74
Verifying : gssproxy-0.7.0-30.el7_9.x86_64 2/74
Verifying : 7:device-mapper-event-1.02.170-6.el7_9.5.x86_64 3/74
Verifying : systemd-sysv-219-78.el7_9.9.x86_64 4/74
Verifying : lz4-1.8.3-1.el7.x86_64 5/74
Verifying : libselinux-python-2.5-15.el7.x86_64 6/74
Verifying : libbasicobjects-0.1.1-32.el7.x86_64 7/74
Verifying : libgudev1-219-78.el7_9.9.x86_64 8/74
Verifying : 1:nfs-utils-1.3.0-0.68.el7.2.x86_64 9/74
Verifying : 7:device-mapper-libs-1.02.170-6.el7_9.5.x86_64 10/74
Verifying : dracut-033-572.el7.x86_64 11/74
Verifying : rpcbind-0.2.0-49.el7.x86_64 12/74
Verifying : cryptsetup-libs-2.0.3-6.el7.x86_64 13/74
Verifying : selinux-policy-targeted-3.13.1-268.el7_9.2.noarch 14/74
Verifying : glib2-2.56.1-9.el7_9.x86_64 15/74
Verifying : initscripts-9.49.53-1.el7_9.1.x86_64 16/74
Verifying : device-mapper-persistent-data-0.8.5-3.el7_9.2.x86_64 17/74
Verifying : libsepol-2.5-10.el7.x86_64 18/74
Verifying : centos-release-7-9.2009.1.el7.centos.x86_64 19/74
Verifying : dracut-config-rescue-033-572.el7.x86_64 20/74
Verifying : bc-1.06.95-13.el7.x86_64 21/74
Verifying : libselinux-utils-2.5-15.el7.x86_64 22/74
Verifying : 7:lvm2-libs-2.02.187-6.el7_9.5.x86_64 23/74
Verifying : kmod-20-28.el7.x86_64 24/74
Verifying : 7:lvm2-2.02.187-6.el7_9.5.x86_64 25/74
Verifying : libini_config-1.3.1-32.el7.x86_64 26/74
Verifying : krb5-libs-1.15.1-55.el7_9.x86_64 27/74
Verifying : libevent-2.0.21-4.el7.x86_64 28/74
Verifying : libverto-libevent-0.2.5-4.el7.x86_64 29/74
Verifying : libcollection-0.7.0-32.el7.x86_64 30/74
Verifying : libref_array-0.1.5-32.el7.x86_64 31/74
Verifying : systemd-219-78.el7_9.9.x86_64 32/74
Verifying : selinux-policy-3.13.1-268.el7_9.2.noarch 33/74
Verifying : 7:device-mapper-event-libs-1.02.170-6.el7_9.5.x86_64 34/74
Verifying : systemd-libs-219-78.el7_9.9.x86_64 35/74
Verifying : libpath_utils-0.2.1-32.el7.x86_64 36/74
Verifying : 1:quota-4.01-19.el7.x86_64 37/74
Verifying : libselinux-2.5-15.el7.x86_64 38/74
Verifying : libnfsidmap-0.25-19.el7.x86_64 39/74
Verifying : dracut-network-033-572.el7.x86_64 40/74
Verifying : libsemanage-2.5-14.el7.x86_64 41/74
Verifying : keyutils-1.5.8-3.el7.x86_64 42/74
Verifying : tcp_wrappers-7.6-77.el7.x86_64 43/74
Verifying : 7:device-mapper-1.02.170-6.el7_9.5.x86_64 44/74
Verifying : 1:quota-nls-4.01-19.el7.noarch 45/74
Verifying : policycoreutils-2.5-34.el7.x86_64 46/74
Verifying : libselinux-utils-2.2.2-6.el7.x86_64 47/74
Verifying : 7:device-mapper-event-1.02.93-3.el7.x86_64 48/74
Verifying : 7:device-mapper-event-libs-1.02.93-3.el7.x86_64 49/74
Verifying : dracut-network-033-240.el7.x86_64 50/74
Verifying : kmod-14-10.el7.x86_64 51/74
Verifying : selinux-policy-targeted-3.13.1-23.el7.noarch 52/74
Verifying : 7:lvm2-libs-2.02.115-3.el7.x86_64 53/74
Verifying : cryptsetup-libs-1.6.6-3.el7.x86_64 54/74
Verifying : libgudev1-208-20.el7.x86_64 55/74
Verifying : centos-release-7-1.1503.el7.centos.2.8.x86_64 56/74
Verifying : 7:lvm2-2.02.115-3.el7.x86_64 57/74
Verifying : glib2-2.40.0-4.el7.x86_64 58/74
Verifying : systemd-208-20.el7.x86_64 59/74
Verifying : systemd-sysv-208-20.el7.x86_64 60/74
Verifying : libselinux-python-2.2.2-6.el7.x86_64 61/74
Verifying : initscripts-9.49.24-1.el7.x86_64 62/74
Verifying : selinux-policy-3.13.1-23.el7.noarch 63/74
Verifying : systemd-libs-208-20.el7.x86_64 64/74
Verifying : libsemanage-2.1.10-16.el7.x86_64 65/74
Verifying : 7:device-mapper-1.02.93-3.el7.x86_64 66/74
Verifying : dracut-config-rescue-033-240.el7.x86_64 67/74
Verifying : dracut-033-240.el7.x86_64 68/74
Verifying : libsepol-2.1.9-3.el7.x86_64 69/74
Verifying : policycoreutils-2.2.5-15.el7.x86_64 70/74
Verifying : 7:device-mapper-libs-1.02.93-3.el7.x86_64 71/74
Verifying : device-mapper-persistent-data-0.4.1-2.el7.x86_64 72/74
Verifying : libselinux-2.2.2-6.el7.x86_64 73/74
Verifying : krb5-libs-1.12.2-14.el7.x86_64 74/74
Installed:
nfs-utils.x86_64 1:1.3.0-0.68.el7.2
Dependency Installed:
bc.x86_64 0:1.06.95-13.el7 gssproxy.x86_64 0:0.7.0-30.el7_9
keyutils.x86_64 0:1.5.8-3.el7 libbasicobjects.x86_64 0:0.1.1-32.el7
libcollection.x86_64 0:0.7.0-32.el7 libevent.x86_64 0:2.0.21-4.el7
libini_config.x86_64 0:1.3.1-32.el7 libnfsidmap.x86_64 0:0.25-19.el7
libpath_utils.x86_64 0:0.2.1-32.el7 libref_array.x86_64 0:0.1.5-32.el7
libtirpc.x86_64 0:0.2.4-0.16.el7 libverto-libevent.x86_64 0:0.2.5-4.el7
lz4.x86_64 0:1.8.3-1.el7 quota.x86_64 1:4.01-19.el7
quota-nls.noarch 1:4.01-19.el7 rpcbind.x86_64 0:0.2.0-49.el7
tcp_wrappers.x86_64 0:7.6-77.el7
Updated:
centos-release.x86_64 0:7-9.2009.1.el7.centos dracut.x86_64 0:033-572.el7
initscripts.x86_64 0:9.49.53-1.el7_9.1 selinux-policy.noarch 0:3.13.1-268.el7_9.2
Dependency Updated:
cryptsetup-libs.x86_64 0:2.0.3-6.el7
device-mapper.x86_64 7:1.02.170-6.el7_9.5
device-mapper-event.x86_64 7:1.02.170-6.el7_9.5
device-mapper-event-libs.x86_64 7:1.02.170-6.el7_9.5
device-mapper-libs.x86_64 7:1.02.170-6.el7_9.5
device-mapper-persistent-data.x86_64 0:0.8.5-3.el7_9.2
dracut-config-rescue.x86_64 0:033-572.el7
dracut-network.x86_64 0:033-572.el7
glib2.x86_64 0:2.56.1-9.el7_9
kmod.x86_64 0:20-28.el7
krb5-libs.x86_64 0:1.15.1-55.el7_9
libgudev1.x86_64 0:219-78.el7_9.9
libselinux.x86_64 0:2.5-15.el7
libselinux-python.x86_64 0:2.5-15.el7
libselinux-utils.x86_64 0:2.5-15.el7
libsemanage.x86_64 0:2.5-14.el7
libsepol.x86_64 0:2.5-10.el7
lvm2.x86_64 7:2.02.187-6.el7_9.5
lvm2-libs.x86_64 7:2.02.187-6.el7_9.5
policycoreutils.x86_64 0:2.5-34.el7
selinux-policy-targeted.noarch 0:3.13.1-268.el7_9.2
systemd.x86_64 0:219-78.el7_9.9
systemd-libs.x86_64 0:219-78.el7_9.9
systemd-sysv.x86_64 0:219-78.el7_9.9
Complete!
[root@web1 ~]# mkdir /data
[root@web1 ~]# cd /data
[root@web1 data]# ls
[root@web1 data]# vim /etc/exports
[root@web1 data]# systemctl restart rpcbind
[root@web1 data]# systemctl restart nfs
[root@web1 data]# systemctl enable rpcbind
[root@web1 data]# systemctl enable nfs
Created symlink from /etc/systemd/system/multi-user.target.wants/nfs-server.service to /usr/lib/systemd/system/nfs-server.service.
[root@web1 data]# showmount -e 10.0.1.111
Export list for 10.0.1.111:
/data 10.0.1.0/24
客户端
ip:10.0.1.113
[root@web02 ~]# yum install -y nfs-utils
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.aliyun.com
* extras: mirrors.aliyun.com
* updates: mirrors.aliyun.com
Resolving Dependencies
--> Running transaction check
---> Package nfs-utils.x86_64 1:1.3.0-0.68.el7.2 will be installed
--> Processing Dependency: libtirpc >= 0.2.4-0.7 for package: 1:nfs-utils-1.3.0-0.68.el7.2.x86_64
--> Processing Dependency: gssproxy >= 0.7.0-3 for package: 1:nfs-utils-1.3.0-0.68.el7.2.x86_64
--> Processing Dependency: rpcbind for package: 1:nfs-utils-1.3.0-0.68.el7.2.x86_64
--> Processing Dependency: quota for package: 1:nfs-utils-1.3.0-0.68.el7.2.x86_64
--> Processing Dependency: libnfsidmap for package: 1:nfs-utils-1.3.0-0.68.el7.2.x86_64
--> Processing Dependency: libevent for package: 1:nfs-utils-1.3.0-0.68.el7.2.x86_64
--> Processing Dependency: libdevmapper.so.1.02(DM_1_02_97)(64bit) for package: 1:nfs-utils-1.3.0-0.68.el7.2.x86_64
--> Processing Dependency: keyutils for package: 1:nfs-utils-1.3.0-0.68.el7.2.x86_64
--> Processing Dependency: libtirpc.so.1()(64bit) for package: 1:nfs-utils-1.3.0-0.68.el7.2.x86_64
--> Processing Dependency: libnfsidmap.so.0()(64bit) for package: 1:nfs-utils-1.3.0-0.68.el7.2.x86_64
--> Processing Dependency: libevent-2.0.so.5()(64bit) for package: 1:nfs-utils-1.3.0-0.68.el7.2.x86_64
--> Running transaction check
---> Package device-mapper-libs.x86_64 7:1.02.93-3.el7 will be updated
--> Processing Dependency: device-mapper-libs = 7:1.02.93-3.el7 for package: 7:device-mapper-1.02.93-3.el7.x86_64
---> Package device-mapper-libs.x86_64 7:1.02.170-6.el7_9.5 will be an update
---> Package gssproxy.x86_64 0:0.7.0-30.el7_9 will be installed
--> Processing Dependency: libini_config >= 1.3.1-31 for package: gssproxy-0.7.0-30.el7_9.x86_64
--> Processing Dependency: krb5-libs >= 1.15 for package: gssproxy-0.7.0-30.el7_9.x86_64
--> Processing Dependency: libverto-module-base for package: gssproxy-0.7.0-30.el7_9.x86_64
--> Processing Dependency: libref_array.so.1(REF_ARRAY_0.1.1)(64bit) for package: gssproxy-0.7.0-30.el7_9.x86_64
--> Processing Dependency: libini_config.so.3(INI_CONFIG_1.2.0)(64bit) for package: gssproxy-0.7.0-30.el7_9.x86_64
--> Processing Dependency: libini_config.so.3(INI_CONFIG_1.1.0)(64bit) for package: gssproxy-0.7.0-30.el7_9.x86_64
--> Processing Dependency: libref_array.so.1()(64bit) for package: gssproxy-0.7.0-30.el7_9.x86_64
--> Processing Dependency: libini_config.so.3()(64bit) for package: gssproxy-0.7.0-30.el7_9.x86_64
--> Processing Dependency: libcollection.so.2()(64bit) for package: gssproxy-0.7.0-30.el7_9.x86_64
--> Processing Dependency: libbasicobjects.so.0()(64bit) for package: gssproxy-0.7.0-30.el7_9.x86_64
---> Package keyutils.x86_64 0:1.5.8-3.el7 will be installed
---> Package libevent.x86_64 0:2.0.21-4.el7 will be installed
---> Package libnfsidmap.x86_64 0:0.25-19.el7 will be installed
---> Package libtirpc.x86_64 0:0.2.4-0.16.el7 will be installed
---> Package quota.x86_64 1:4.01-19.el7 will be installed
--> Processing Dependency: quota-nls = 1:4.01-19.el7 for package: 1:quota-4.01-19.el7.x86_64
--> Processing Dependency: tcp_wrappers for package: 1:quota-4.01-19.el7.x86_64
---> Package rpcbind.x86_64 0:0.2.0-49.el7 will be installed
--> Processing Dependency: libsystemd.so.0(LIBSYSTEMD_209)(64bit) for package: rpcbind-0.2.0-49.el7.x86_64
--> Processing Dependency: libsystemd.so.0()(64bit) for package: rpcbind-0.2.0-49.el7.x86_64
--> Running transaction check
---> Package device-mapper.x86_64 7:1.02.93-3.el7 will be updated
--> Processing Dependency: device-mapper = 7:1.02.93-3.el7 for package: 7:device-mapper-event-1.02.93-3.el7.x86_64
---> Package device-mapper.x86_64 7:1.02.170-6.el7_9.5 will be an update
---> Package krb5-libs.x86_64 0:1.12.2-14.el7 will be updated
---> Package krb5-libs.x86_64 0:1.15.1-55.el7_9 will be an update
---> Package libbasicobjects.x86_64 0:0.1.1-32.el7 will be installed
---> Package libcollection.x86_64 0:0.7.0-32.el7 will be installed
---> Package libini_config.x86_64 0:1.3.1-32.el7 will be installed
--> Processing Dependency: libpath_utils.so.1(PATH_UTILS_0.2.1)(64bit) for package: libini_config-1.3.1-32.el7.x86_64
--> Processing Dependency: libpath_utils.so.1()(64bit) for package: libini_config-1.3.1-32.el7.x86_64
---> Package libref_array.x86_64 0:0.1.5-32.el7 will be installed
---> Package libverto-libevent.x86_64 0:0.2.5-4.el7 will be installed
---> Package quota-nls.noarch 1:4.01-19.el7 will be installed
---> Package systemd-libs.x86_64 0:208-20.el7 will be updated
--> Processing Dependency: systemd-libs = 208-20.el7 for package: systemd-208-20.el7.x86_64
---> Package systemd-libs.x86_64 0:219-78.el7_9.9 will be an update
--> Processing Dependency: liblz4.so.1()(64bit) for package: systemd-libs-219-78.el7_9.9.x86_64
---> Package tcp_wrappers.x86_64 0:7.6-77.el7 will be installed
--> Running transaction check
---> Package device-mapper-event.x86_64 7:1.02.93-3.el7 will be updated
--> Processing Dependency: device-mapper-event = 7:1.02.93-3.el7 for package: 7:lvm2-libs-2.02.115-3.el7.x86_64
---> Package device-mapper-event.x86_64 7:1.02.170-6.el7_9.5 will be an update
--> Processing Dependency: device-mapper-event-libs = 7:1.02.170-6.el7_9.5 for package: 7:device-mapper-event-1.02.170-6.el7_9.5.x86_64
---> Package libpath_utils.x86_64 0:0.2.1-32.el7 will be installed
---> Package lz4.x86_64 0:1.8.3-1.el7 will be installed
---> Package systemd.x86_64 0:208-20.el7 will be updated
--> Processing Dependency: systemd = 208-20.el7 for package: systemd-sysv-208-20.el7.x86_64
--> Processing Dependency: systemd = 208-20.el7 for package: libgudev1-208-20.el7.x86_64
---> Package systemd.x86_64 0:219-78.el7_9.9 will be an update
--> Processing Dependency: kmod >= 18-4 for package: systemd-219-78.el7_9.9.x86_64
--> Processing Dependency: libcryptsetup.so.12(CRYPTSETUP_2.0)(64bit) for package: systemd-219-78.el7_9.9.x86_64
--> Processing Dependency: libcryptsetup.so.12()(64bit) for package: systemd-219-78.el7_9.9.x86_64
--> Running transaction check
---> Package cryptsetup-libs.x86_64 0:1.6.6-3.el7 will be updated
---> Package cryptsetup-libs.x86_64 0:2.0.3-6.el7 will be an update
---> Package device-mapper-event-libs.x86_64 7:1.02.93-3.el7 will be updated
---> Package device-mapper-event-libs.x86_64 7:1.02.170-6.el7_9.5 will be an update
---> Package kmod.x86_64 0:14-10.el7 will be updated
---> Package kmod.x86_64 0:20-28.el7 will be an update
---> Package libgudev1.x86_64 0:208-20.el7 will be updated
---> Package libgudev1.x86_64 0:219-78.el7_9.9 will be an update
--> Processing Dependency: glib2 >= 2.42 for package: libgudev1-219-78.el7_9.9.x86_64
---> Package lvm2-libs.x86_64 7:2.02.115-3.el7 will be updated
--> Processing Dependency: lvm2-libs = 7:2.02.115-3.el7 for package: 7:lvm2-2.02.115-3.el7.x86_64
---> Package lvm2-libs.x86_64 7:2.02.187-6.el7_9.5 will be an update
---> Package systemd-sysv.x86_64 0:208-20.el7 will be updated
---> Package systemd-sysv.x86_64 0:219-78.el7_9.9 will be an update
--> Running transaction check
---> Package glib2.x86_64 0:2.40.0-4.el7 will be updated
---> Package glib2.x86_64 0:2.56.1-9.el7_9 will be an update
---> Package lvm2.x86_64 7:2.02.115-3.el7 will be updated
---> Package lvm2.x86_64 7:2.02.187-6.el7_9.5 will be an update
--> Processing Dependency: device-mapper-persistent-data >= 0.7.0-0.1.rc6 for package: 7:lvm2-2.02.187-6.el7_9.5.x86_64
--> Running transaction check
---> Package device-mapper-persistent-data.x86_64 0:0.4.1-2.el7 will be updated
---> Package device-mapper-persistent-data.x86_64 0:0.8.5-3.el7_9.2 will be an update
--> Processing Conflict: gssproxy-0.7.0-30.el7_9.x86_64 conflicts selinux-policy < 3.13.1-166.el7.noarch
--> Restarting Dependency Resolution with new changes.
--> Running transaction check
---> Package selinux-policy.noarch 0:3.13.1-23.el7 will be updated
--> Processing Dependency: selinux-policy = 3.13.1-23.el7 for package: selinux-policy-targeted-3.13.1-23.el7.noarch
--> Processing Dependency: selinux-policy = 3.13.1-23.el7 for package: selinux-policy-targeted-3.13.1-23.el7.noarch
---> Package selinux-policy.noarch 0:3.13.1-268.el7_9.2 will be an update
--> Processing Dependency: policycoreutils >= 2.5-24 for package: selinux-policy-3.13.1-268.el7_9.2.noarch
--> Processing Dependency: libsemanage >= 2.5-13 for package: selinux-policy-3.13.1-268.el7_9.2.noarch
--> Running transaction check
---> Package libsemanage.x86_64 0:2.1.10-16.el7 will be updated
---> Package libsemanage.x86_64 0:2.5-14.el7 will be an update
--> Processing Dependency: libsepol >= 2.5-10 for package: libsemanage-2.5-14.el7.x86_64
--> Processing Dependency: libselinux >= 2.5-14 for package: libsemanage-2.5-14.el7.x86_64
--> Processing Dependency: libsepol.so.1(LIBSEPOL_1.1)(64bit) for package: libsemanage-2.5-14.el7.x86_64
--> Processing Dependency: libsepol.so.1(LIBSEPOL_1.0)(64bit) for package: libsemanage-2.5-14.el7.x86_64
---> Package policycoreutils.x86_64 0:2.2.5-15.el7 will be updated
---> Package policycoreutils.x86_64 0:2.5-34.el7 will be an update
--> Processing Dependency: libselinux-utils >= 2.5-14 for package: policycoreutils-2.5-34.el7.x86_64
---> Package selinux-policy-targeted.noarch 0:3.13.1-23.el7 will be updated
---> Package selinux-policy-targeted.noarch 0:3.13.1-268.el7_9.2 will be an update
--> Running transaction check
---> Package libselinux.x86_64 0:2.2.2-6.el7 will be updated
--> Processing Dependency: libselinux = 2.2.2-6.el7 for package: libselinux-python-2.2.2-6.el7.x86_64
---> Package libselinux.x86_64 0:2.5-15.el7 will be an update
---> Package libselinux-utils.x86_64 0:2.2.2-6.el7 will be updated
---> Package libselinux-utils.x86_64 0:2.5-15.el7 will be an update
---> Package libsepol.x86_64 0:2.1.9-3.el7 will be updated
---> Package libsepol.x86_64 0:2.5-10.el7 will be an update
--> Running transaction check
---> Package libselinux-python.x86_64 0:2.2.2-6.el7 will be updated
---> Package libselinux-python.x86_64 0:2.5-15.el7 will be an update
--> Processing Conflict: systemd-219-78.el7_9.9.x86_64 conflicts initscripts < 9.49.28-1
--> Restarting Dependency Resolution with new changes.
--> Running transaction check
---> Package initscripts.x86_64 0:9.49.24-1.el7 will be updated
---> Package initscripts.x86_64 0:9.49.53-1.el7_9.1 will be an update
--> Processing Dependency: bc for package: initscripts-9.49.53-1.el7_9.1.x86_64
--> Running transaction check
---> Package bc.x86_64 0:1.06.95-13.el7 will be installed
--> Processing Conflict: initscripts-9.49.53-1.el7_9.1.x86_64 conflicts redhat-release < 7.5-0.11
--> Restarting Dependency Resolution with new changes.
--> Running transaction check
---> Package centos-release.x86_64 0:7-1.1503.el7.centos.2.8 will be updated
---> Package centos-release.x86_64 0:7-9.2009.1.el7.centos will be an update
--> Processing Conflict: systemd-219-78.el7_9.9.x86_64 conflicts dracut < 033-243
--> Restarting Dependency Resolution with new changes.
--> Running transaction check
---> Package dracut.x86_64 0:033-240.el7 will be updated
--> Processing Dependency: dracut = 033-240.el7 for package: dracut-config-rescue-033-240.el7.x86_64
--> Processing Dependency: dracut = 033-240.el7 for package: dracut-network-033-240.el7.x86_64
---> Package dracut.x86_64 0:033-572.el7 will be an update
--> Running transaction check
---> Package dracut-config-rescue.x86_64 0:033-240.el7 will be updated
---> Package dracut-config-rescue.x86_64 0:033-572.el7 will be an update
---> Package dracut-network.x86_64 0:033-240.el7 will be updated
---> Package dracut-network.x86_64 0:033-572.el7 will be an update
--> Finished Dependency Resolution
Dependencies Resolved
===========================================================================================================
Package Arch Version Repository Size
===========================================================================================================
Installing:
nfs-utils x86_64 1:1.3.0-0.68.el7.2 updates 413 k
Updating:
centos-release x86_64 7-9.2009.1.el7.centos updates 27 k
dracut x86_64 033-572.el7 base 329 k
initscripts x86_64 9.49.53-1.el7_9.1 updates 440 k
selinux-policy noarch 3.13.1-268.el7_9.2 updates 498 k
Installing for dependencies:
bc x86_64 1.06.95-13.el7 base 115 k
gssproxy x86_64 0.7.0-30.el7_9 updates 111 k
keyutils x86_64 1.5.8-3.el7 base 54 k
libbasicobjects x86_64 0.1.1-32.el7 base 26 k
libcollection x86_64 0.7.0-32.el7 base 42 k
libevent x86_64 2.0.21-4.el7 base 214 k
libini_config x86_64 1.3.1-32.el7 base 64 k
libnfsidmap x86_64 0.25-19.el7 base 50 k
libpath_utils x86_64 0.2.1-32.el7 base 28 k
libref_array x86_64 0.1.5-32.el7 base 27 k
libtirpc x86_64 0.2.4-0.16.el7 base 89 k
libverto-libevent x86_64 0.2.5-4.el7 base 8.9 k
lz4 x86_64 1.8.3-1.el7 base 85 k
quota x86_64 1:4.01-19.el7 base 179 k
quota-nls noarch 1:4.01-19.el7 base 90 k
rpcbind x86_64 0.2.0-49.el7 base 60 k
tcp_wrappers x86_64 7.6-77.el7 base 78 k
Updating for dependencies:
cryptsetup-libs x86_64 2.0.3-6.el7 base 339 k
device-mapper x86_64 7:1.02.170-6.el7_9.5 updates 297 k
device-mapper-event x86_64 7:1.02.170-6.el7_9.5 updates 192 k
device-mapper-event-libs x86_64 7:1.02.170-6.el7_9.5 updates 192 k
device-mapper-libs x86_64 7:1.02.170-6.el7_9.5 updates 325 k
device-mapper-persistent-data x86_64 0.8.5-3.el7_9.2 updates 423 k
dracut-config-rescue x86_64 033-572.el7 base 61 k
dracut-network x86_64 033-572.el7 base 103 k
glib2 x86_64 2.56.1-9.el7_9 updates 2.5 M
kmod x86_64 20-28.el7 base 123 k
krb5-libs x86_64 1.15.1-55.el7_9 updates 810 k
libgudev1 x86_64 219-78.el7_9.9 updates 110 k
libselinux x86_64 2.5-15.el7 base 162 k
libselinux-python x86_64 2.5-15.el7 base 236 k
libselinux-utils x86_64 2.5-15.el7 base 151 k
libsemanage x86_64 2.5-14.el7 base 151 k
libsepol x86_64 2.5-10.el7 base 297 k
lvm2 x86_64 7:2.02.187-6.el7_9.5 updates 1.3 M
lvm2-libs x86_64 7:2.02.187-6.el7_9.5 updates 1.1 M
policycoreutils x86_64 2.5-34.el7 base 917 k
selinux-policy-targeted noarch 3.13.1-268.el7_9.2 updates 7.0 M
systemd x86_64 219-78.el7_9.9 updates 5.1 M
systemd-libs x86_64 219-78.el7_9.9 updates 419 k
systemd-sysv x86_64 219-78.el7_9.9 updates 98 k
Transaction Summary
===========================================================================================================
Install 1 Package (+17 Dependent packages)
Upgrade 4 Packages (+24 Dependent packages)
Total download size: 25 M
Downloading packages:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
(1/46): centos-release-7-9.2009.1.el7.centos.x86_64.rpm | 27 kB 00:00:05
(2/46): bc-1.06.95-13.el7.x86_64.rpm | 115 kB 00:00:05
(3/46): cryptsetup-libs-2.0.3-6.el7.x86_64.rpm | 339 kB 00:00:05
(4/46): device-mapper-event-1.02.170-6.el7_9.5.x86_64.rpm | 192 kB 00:00:00
(5/46): device-mapper-1.02.170-6.el7_9.5.x86_64.rpm | 297 kB 00:00:05
(6/46): device-mapper-event-libs-1.02.170-6.el7_9.5.x86_64.rpm | 192 kB 00:00:00
(7/46): device-mapper-libs-1.02.170-6.el7_9.5.x86_64.rpm | 325 kB 00:00:00
(8/46): device-mapper-persistent-data-0.8.5-3.el7_9.2.x86_64.rpm | 423 kB 00:00:00
(9/46): dracut-config-rescue-033-572.el7.x86_64.rpm | 61 kB 00:00:05
(10/46): dracut-network-033-572.el7.x86_64.rpm | 103 kB 00:00:00
(11/46): dracut-033-572.el7.x86_64.rpm | 329 kB 00:00:05
(12/46): gssproxy-0.7.0-30.el7_9.x86_64.rpm | 111 kB 00:00:05
(13/46): glib2-2.56.1-9.el7_9.x86_64.rpm | 2.5 MB 00:00:05
(14/46): initscripts-9.49.53-1.el7_9.1.x86_64.rpm | 440 kB 00:00:00
(15/46): krb5-libs-1.15.1-55.el7_9.x86_64.rpm | 810 kB 00:00:00
(16/46): keyutils-1.5.8-3.el7.x86_64.rpm | 54 kB 00:00:05
(17/46): kmod-20-28.el7.x86_64.rpm | 123 kB 00:00:05
(18/46): libbasicobjects-0.1.1-32.el7.x86_64.rpm | 26 kB 00:00:00
(19/46): libcollection-0.7.0-32.el7.x86_64.rpm | 42 kB 00:00:00
(20/46): libini_config-1.3.1-32.el7.x86_64.rpm | 64 kB 00:00:00
(21/46): libevent-2.0.21-4.el7.x86_64.rpm | 214 kB 00:00:00
(22/46): libpath_utils-0.2.1-32.el7.x86_64.rpm | 28 kB 00:00:00
(23/46): libnfsidmap-0.25-19.el7.x86_64.rpm | 50 kB 00:00:00
(24/46): libref_array-0.1.5-32.el7.x86_64.rpm | 27 kB 00:00:00
(25/46): libselinux-2.5-15.el7.x86_64.rpm | 162 kB 00:00:00
(26/46): libselinux-python-2.5-15.el7.x86_64.rpm | 236 kB 00:00:00
(27/46): libselinux-utils-2.5-15.el7.x86_64.rpm | 151 kB 00:00:00
(28/46): libsepol-2.5-10.el7.x86_64.rpm | 297 kB 00:00:00
(29/46): libsemanage-2.5-14.el7.x86_64.rpm | 151 kB 00:00:00
(30/46): libtirpc-0.2.4-0.16.el7.x86_64.rpm | 89 kB 00:00:00
(31/46): libverto-libevent-0.2.5-4.el7.x86_64.rpm | 8.9 kB 00:00:00
(32/46): libgudev1-219-78.el7_9.9.x86_64.rpm | 110 kB 00:00:05
(33/46): lvm2-libs-2.02.187-6.el7_9.5.x86_64.rpm | 1.1 MB 00:00:00
(34/46): nfs-utils-1.3.0-0.68.el7.2.x86_64.rpm | 413 kB 00:00:00
(35/46): lvm2-2.02.187-6.el7_9.5.x86_64.rpm | 1.3 MB 00:00:05
(36/46): lz4-1.8.3-1.el7.x86_64.rpm | 85 kB 00:00:05
(37/46): quota-4.01-19.el7.x86_64.rpm | 179 kB 00:00:00
(38/46): quota-nls-4.01-19.el7.noarch.rpm | 90 kB 00:00:00
(39/46): rpcbind-0.2.0-49.el7.x86_64.rpm | 60 kB 00:00:00
(40/46): policycoreutils-2.5-34.el7.x86_64.rpm | 917 kB 00:00:05
(41/46): selinux-policy-3.13.1-268.el7_9.2.noarch.rpm | 498 kB 00:00:05
(42/46): systemd-219-78.el7_9.9.x86_64.rpm | 5.1 MB 00:00:01
(43/46): selinux-policy-targeted-3.13.1-268.el7_9.2.noarch.rpm | 7.0 MB 00:00:06
(44/46): systemd-sysv-219-78.el7_9.9.x86_64.rpm | 98 kB 00:00:00
(45/46): systemd-libs-219-78.el7_9.9.x86_64.rpm | 419 kB 00:00:00
(46/46): tcp_wrappers-7.6-77.el7.x86_64.rpm | 78 kB 00:00:05
-----------------------------------------------------------------------------------------------------------
Total 595 kB/s | 25 MB 00:00:43
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Updating : libsepol-2.5-10.el7.x86_64 1/74
Updating : libselinux-2.5-15.el7.x86_64 2/74
Updating : krb5-libs-1.15.1-55.el7_9.x86_64 3/74
Installing : libtirpc-0.2.4-0.16.el7.x86_64 4/74
Updating : glib2-2.56.1-9.el7_9.x86_64 5/74
Updating : libsemanage-2.5-14.el7.x86_64 6/74
Installing : libref_array-0.1.5-32.el7.x86_64 7/74
Installing : libcollection-0.7.0-32.el7.x86_64 8/74
Installing : libevent-2.0.21-4.el7.x86_64 9/74
Updating : centos-release-7-9.2009.1.el7.centos.x86_64 10/74
Installing : libbasicobjects-0.1.1-32.el7.x86_64 11/74
Installing : lz4-1.8.3-1.el7.x86_64 12/74
Updating : systemd-libs-219-78.el7_9.9.x86_64 13/74
Updating : kmod-20-28.el7.x86_64 14/74
Updating : dracut-033-572.el7.x86_64 15/74
Updating : cryptsetup-libs-2.0.3-6.el7.x86_64 16/74
Updating : systemd-219-78.el7_9.9.x86_64 17/74
Updating : 7:device-mapper-libs-1.02.170-6.el7_9.5.x86_64 18/74
Updating : 7:device-mapper-1.02.170-6.el7_9.5.x86_64 19/74
Updating : 7:device-mapper-event-libs-1.02.170-6.el7_9.5.x86_64 20/74
Updating : 7:device-mapper-event-1.02.170-6.el7_9.5.x86_64 21/74
Updating : 7:lvm2-libs-2.02.187-6.el7_9.5.x86_64 22/74
Updating : systemd-sysv-219-78.el7_9.9.x86_64 23/74
Installing : rpcbind-0.2.0-49.el7.x86_64 24/74
Installing : libverto-libevent-0.2.5-4.el7.x86_64 25/74
Updating : libselinux-utils-2.5-15.el7.x86_64 26/74
Updating : policycoreutils-2.5-34.el7.x86_64 27/74
Updating : selinux-policy-3.13.1-268.el7_9.2.noarch 28/74
Installing : 1:quota-nls-4.01-19.el7.noarch 29/74
Installing : tcp_wrappers-7.6-77.el7.x86_64 30/74
Installing : 1:quota-4.01-19.el7.x86_64 31/74
Installing : keyutils-1.5.8-3.el7.x86_64 32/74
Installing : libnfsidmap-0.25-19.el7.x86_64 33/74
Installing : libpath_utils-0.2.1-32.el7.x86_64 34/74
Installing : libini_config-1.3.1-32.el7.x86_64 35/74
Installing : gssproxy-0.7.0-30.el7_9.x86_64 36/74
Installing : bc-1.06.95-13.el7.x86_64 37/74
Updating : device-mapper-persistent-data-0.8.5-3.el7_9.2.x86_64 38/74
Updating : 7:lvm2-2.02.187-6.el7_9.5.x86_64 39/74
Created symlink from /etc/systemd/system/sysinit.target.wants/lvm2-lvmpolld.socket to /usr/lib/systemd/system/lvm2-lvmpolld.socket.
Updating : initscripts-9.49.53-1.el7_9.1.x86_64 40/74
Installing : 1:nfs-utils-1.3.0-0.68.el7.2.x86_64 41/74
Updating : selinux-policy-targeted-3.13.1-268.el7_9.2.noarch 42/74
Updating : dracut-config-rescue-033-572.el7.x86_64 43/74
Updating : dracut-network-033-572.el7.x86_64 44/74
Updating : libgudev1-219-78.el7_9.9.x86_64 45/74
Updating : libselinux-python-2.5-15.el7.x86_64 46/74
Cleanup : selinux-policy-targeted-3.13.1-23.el7.noarch 47/74
Cleanup : selinux-policy-3.13.1-23.el7.noarch 48/74
Cleanup : dracut-network-033-240.el7.x86_64 49/74
Cleanup : dracut-config-rescue-033-240.el7.x86_64 50/74
Cleanup : systemd-sysv-208-20.el7.x86_64 51/74
Cleanup : 7:lvm2-2.02.115-3.el7.x86_64 52/74
Cleanup : 7:lvm2-libs-2.02.115-3.el7.x86_64 53/74
Cleanup : 7:device-mapper-event-1.02.93-3.el7.x86_64 54/74
Cleanup : policycoreutils-2.2.5-15.el7.x86_64 55/74
UPGRADE: Automatically re-enabling default systemd units:
brandbot.path
rhel-autorelabel.service
rhel-autorelabel-mark.service
rhel-configure.service
rhel-dmesg.service
rhel-domainname.service
rhel-import-state.service
rhel-loadmodules.service
rhel-readonly.service
Cleanup : initscripts-9.49.24-1.el7.x86_64 56/74
Cleanup : libgudev1-208-20.el7.x86_64 57/74
Cleanup : libsemanage-2.1.10-16.el7.x86_64 58/74
Cleanup : dracut-033-240.el7.x86_64 59/74
Cleanup : glib2-2.40.0-4.el7.x86_64 60/74
Cleanup : libselinux-utils-2.2.2-6.el7.x86_64 61/74
Cleanup : 7:device-mapper-event-libs-1.02.93-3.el7.x86_64 62/74
Cleanup : 7:device-mapper-1.02.93-3.el7.x86_64 63/74
Cleanup : systemd-208-20.el7.x86_64 64/74
Cleanup : cryptsetup-libs-1.6.6-3.el7.x86_64 65/74
Cleanup : 7:device-mapper-libs-1.02.93-3.el7.x86_64 66/74
Cleanup : systemd-libs-208-20.el7.x86_64 67/74
Cleanup : krb5-libs-1.12.2-14.el7.x86_64 68/74
Cleanup : libselinux-python-2.2.2-6.el7.x86_64 69/74
Cleanup : centos-release-7-1.1503.el7.centos.2.8.x86_64 70/74
Cleanup : libselinux-2.2.2-6.el7.x86_64 71/74
Cleanup : libsepol-2.1.9-3.el7.x86_64 72/74
Cleanup : kmod-14-10.el7.x86_64 73/74
Cleanup : device-mapper-persistent-data-0.4.1-2.el7.x86_64 74/74
Verifying : libtirpc-0.2.4-0.16.el7.x86_64 1/74
Verifying : gssproxy-0.7.0-30.el7_9.x86_64 2/74
Verifying : 7:device-mapper-event-1.02.170-6.el7_9.5.x86_64 3/74
Verifying : systemd-sysv-219-78.el7_9.9.x86_64 4/74
Verifying : lz4-1.8.3-1.el7.x86_64 5/74
Verifying : libselinux-python-2.5-15.el7.x86_64 6/74
Verifying : libbasicobjects-0.1.1-32.el7.x86_64 7/74
Verifying : libgudev1-219-78.el7_9.9.x86_64 8/74
Verifying : 1:nfs-utils-1.3.0-0.68.el7.2.x86_64 9/74
Verifying : 7:device-mapper-libs-1.02.170-6.el7_9.5.x86_64 10/74
Verifying : dracut-033-572.el7.x86_64 11/74
Verifying : rpcbind-0.2.0-49.el7.x86_64 12/74
Verifying : cryptsetup-libs-2.0.3-6.el7.x86_64 13/74
Verifying : selinux-policy-targeted-3.13.1-268.el7_9.2.noarch 14/74
Verifying : glib2-2.56.1-9.el7_9.x86_64 15/74
Verifying : initscripts-9.49.53-1.el7_9.1.x86_64 16/74
Verifying : device-mapper-persistent-data-0.8.5-3.el7_9.2.x86_64 17/74
Verifying : libsepol-2.5-10.el7.x86_64 18/74
Verifying : centos-release-7-9.2009.1.el7.centos.x86_64 19/74
Verifying : dracut-config-rescue-033-572.el7.x86_64 20/74
Verifying : bc-1.06.95-13.el7.x86_64 21/74
Verifying : libselinux-utils-2.5-15.el7.x86_64 22/74
Verifying : 7:lvm2-libs-2.02.187-6.el7_9.5.x86_64 23/74
Verifying : kmod-20-28.el7.x86_64 24/74
Verifying : 7:lvm2-2.02.187-6.el7_9.5.x86_64 25/74
Verifying : libini_config-1.3.1-32.el7.x86_64 26/74
Verifying : krb5-libs-1.15.1-55.el7_9.x86_64 27/74
Verifying : libevent-2.0.21-4.el7.x86_64 28/74
Verifying : libverto-libevent-0.2.5-4.el7.x86_64 29/74
Verifying : libcollection-0.7.0-32.el7.x86_64 30/74
Verifying : libref_array-0.1.5-32.el7.x86_64 31/74
Verifying : systemd-219-78.el7_9.9.x86_64 32/74
Verifying : selinux-policy-3.13.1-268.el7_9.2.noarch 33/74
Verifying : 7:device-mapper-event-libs-1.02.170-6.el7_9.5.x86_64 34/74
Verifying : systemd-libs-219-78.el7_9.9.x86_64 35/74
Verifying : libpath_utils-0.2.1-32.el7.x86_64 36/74
Verifying : 1:quota-4.01-19.el7.x86_64 37/74
Verifying : libselinux-2.5-15.el7.x86_64 38/74
Verifying : libnfsidmap-0.25-19.el7.x86_64 39/74
Verifying : dracut-network-033-572.el7.x86_64 40/74
Verifying : libsemanage-2.5-14.el7.x86_64 41/74
Verifying : keyutils-1.5.8-3.el7.x86_64 42/74
Verifying : tcp_wrappers-7.6-77.el7.x86_64 43/74
Verifying : 7:device-mapper-1.02.170-6.el7_9.5.x86_64 44/74
Verifying : 1:quota-nls-4.01-19.el7.noarch 45/74
Verifying : policycoreutils-2.5-34.el7.x86_64 46/74
Verifying : libselinux-utils-2.2.2-6.el7.x86_64 47/74
Verifying : 7:device-mapper-event-1.02.93-3.el7.x86_64 48/74
Verifying : 7:device-mapper-event-libs-1.02.93-3.el7.x86_64 49/74
Verifying : dracut-network-033-240.el7.x86_64 50/74
Verifying : kmod-14-10.el7.x86_64 51/74
Verifying : selinux-policy-targeted-3.13.1-23.el7.noarch 52/74
Verifying : 7:lvm2-libs-2.02.115-3.el7.x86_64 53/74
Verifying : cryptsetup-libs-1.6.6-3.el7.x86_64 54/74
Verifying : libgudev1-208-20.el7.x86_64 55/74
Verifying : centos-release-7-1.1503.el7.centos.2.8.x86_64 56/74
Verifying : 7:lvm2-2.02.115-3.el7.x86_64 57/74
Verifying : glib2-2.40.0-4.el7.x86_64 58/74
Verifying : systemd-208-20.el7.x86_64 59/74
Verifying : systemd-sysv-208-20.el7.x86_64 60/74
Verifying : libselinux-python-2.2.2-6.el7.x86_64 61/74
Verifying : initscripts-9.49.24-1.el7.x86_64 62/74
Verifying : selinux-policy-3.13.1-23.el7.noarch 63/74
Verifying : systemd-libs-208-20.el7.x86_64 64/74
Verifying : libsemanage-2.1.10-16.el7.x86_64 65/74
Verifying : 7:device-mapper-1.02.93-3.el7.x86_64 66/74
Verifying : dracut-config-rescue-033-240.el7.x86_64 67/74
Verifying : dracut-033-240.el7.x86_64 68/74
Verifying : libsepol-2.1.9-3.el7.x86_64 69/74
Verifying : policycoreutils-2.2.5-15.el7.x86_64 70/74
Verifying : 7:device-mapper-libs-1.02.93-3.el7.x86_64 71/74
Verifying : device-mapper-persistent-data-0.4.1-2.el7.x86_64 72/74
Verifying : libselinux-2.2.2-6.el7.x86_64 73/74
Verifying : krb5-libs-1.12.2-14.el7.x86_64 74/74
Installed:
nfs-utils.x86_64 1:1.3.0-0.68.el7.2
Dependency Installed:
bc.x86_64 0:1.06.95-13.el7 gssproxy.x86_64 0:0.7.0-30.el7_9
keyutils.x86_64 0:1.5.8-3.el7 libbasicobjects.x86_64 0:0.1.1-32.el7
libcollection.x86_64 0:0.7.0-32.el7 libevent.x86_64 0:2.0.21-4.el7
libini_config.x86_64 0:1.3.1-32.el7 libnfsidmap.x86_64 0:0.25-19.el7
libpath_utils.x86_64 0:0.2.1-32.el7 libref_array.x86_64 0:0.1.5-32.el7
libtirpc.x86_64 0:0.2.4-0.16.el7 libverto-libevent.x86_64 0:0.2.5-4.el7
lz4.x86_64 0:1.8.3-1.el7 quota.x86_64 1:4.01-19.el7
quota-nls.noarch 1:4.01-19.el7 rpcbind.x86_64 0:0.2.0-49.el7
tcp_wrappers.x86_64 0:7.6-77.el7
Updated:
centos-release.x86_64 0:7-9.2009.1.el7.centos dracut.x86_64 0:033-572.el7
initscripts.x86_64 0:9.49.53-1.el7_9.1 selinux-policy.noarch 0:3.13.1-268.el7_9.2
Dependency Updated:
cryptsetup-libs.x86_64 0:2.0.3-6.el7
device-mapper.x86_64 7:1.02.170-6.el7_9.5
device-mapper-event.x86_64 7:1.02.170-6.el7_9.5
device-mapper-event-libs.x86_64 7:1.02.170-6.el7_9.5
device-mapper-libs.x86_64 7:1.02.170-6.el7_9.5
device-mapper-persistent-data.x86_64 0:0.8.5-3.el7_9.2
dracut-config-rescue.x86_64 0:033-572.el7
dracut-network.x86_64 0:033-572.el7
glib2.x86_64 0:2.56.1-9.el7_9
kmod.x86_64 0:20-28.el7
krb5-libs.x86_64 0:1.15.1-55.el7_9
libgudev1.x86_64 0:219-78.el7_9.9
libselinux.x86_64 0:2.5-15.el7
libselinux-python.x86_64 0:2.5-15.el7
libselinux-utils.x86_64 0:2.5-15.el7
libsemanage.x86_64 0:2.5-14.el7
libsepol.x86_64 0:2.5-10.el7
lvm2.x86_64 7:2.02.187-6.el7_9.5
lvm2-libs.x86_64 7:2.02.187-6.el7_9.5
policycoreutils.x86_64 0:2.5-34.el7
selinux-policy-targeted.noarch 0:3.13.1-268.el7_9.2
systemd.x86_64 0:219-78.el7_9.9
systemd-libs.x86_64 0:219-78.el7_9.9
systemd-sysv.x86_64 0:219-78.el7_9.9
Complete!
[root@web02 ~]# shoutmount -e 10.0.1.111
-bash: shoutmount: command not found
[root@web02 ~]# showmount -e 10.0.1.111
Export list for 10.0.1.111:
/data 10.0.1.0/24
[root@web02 ~]# mkdir /html/www
mkdir: cannot create directory ‘/html/www’: File exists
[root@web02 ~]# cd /html/www/
[root@web02 www]# mount -t nfs 10.0.1.111:/data /html/www/
测试一下看有没有挂载成功
[root@web02 www]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/centos-root 50G 1.2G 49G 3% /
devtmpfs 481M 0 481M 0% /dev
tmpfs 490M 0 490M 0% /dev/shm
tmpfs 490M 13M 478M 3% /run
tmpfs 490M 0 490M 0% /sys/fs/cgroup
/dev/sda1 497M 121M 376M 25% /boot
/dev/mapper/centos-home 148G 33M 148G 1% /home
tmpfs 98M 0 98M 0% /run/user/0
10.0.1.111:/data 50G 1.2G 49G 3% /html/www
总结:你在客户端/html/www 创建文件就等于在nfs服务端创建文件 因为我们的这个目录已经通过nfs挂载到nfs服务器端的/data 。
因为我们需要服务端来存储我们的文件 这样就可以节省客户端的内存资源了报错
报错:
clnt_create: RPC: Port mapper failure - Unable to receive: errno 113 (No route to host)
systemctl stop firewalld
1.防火墙 2.selinux 3. 配置文件 4. 重启nfs 5. 模式选择sync 6.xshell连接缓慢
注意:如果你的虚拟机环境 客户端创建文件发现无法同步到nfs服务器上,创建空文件不能同步,创建有内容文件显示,此时要注意把nfs服务端那边给我nfs这个重新启动或者先禁用再启用 这个问题搞了我一天,我真服了 吸取教训吧
systemctl stop nfs
systemctl start nfs
或
systemctl restart nfs8-xshell-实现免密连接的三种方式
第一种
生成ssh秘钥
[root@master ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
5f:a7:40:f2:d4:84:23:b8:0d:c7:1d:2a:b8:e2:db:d4 root@master
The key's randomart image is:
+--[ RSA 2048]----+
| o ..o. |
| .o +.+o |
| . .=o.o.. |
| ....= |
| . . S o . . |
| . . . . o o |
| . . E . . |
| + |
| . . |
+-----------------+
[root@master ~]# cd .ssh
[root@master .ssh]# ls
id_rsa id_rsa.pub
您执行的命令是 `ssh-keygen`,这是一个在Linux系统中生成SSH密钥对的命令,主要用于无密码登录或者其他需要SSH认证的场景。下面是命令执行过程的详细说明:
1. `ssh-keygen`:启动密钥生成程序,它默认生成RSA类型的密钥对,长度为2048位。
2. "Enter file in which to save the key (/root/.ssh/id_rsa): " 提示您输入保存私钥的位置,默认情况下私钥保存在 `/root/.ssh/id_rsa` 文件中。如果您在这里按回车接受默认值,则私钥将保存在这个位置。
3. "Enter passphrase (empty for no passphrase): " 和 "Enter same passphrase again: " 让您输入一个密钥口令(passphrase)。这个口令用于加密私钥文件,保护私钥的安全。如果您不想为私钥设置口令(即无密码登录),可以留空直接回车。
4. "Your identification has been saved in /root/.ssh/id_rsa." 表示您的私钥已成功保存在指定位置。
5. "Your public key has been saved in /root/.ssh/id_rsa.pub." 表示对应的公钥已保存在 `/root/.ssh/id_rsa.pub` 文件中。公钥通常用于复制到其他服务器的 `authorized_keys` 文件中,以便实现基于密钥的身份验证和无密码登录。
6. "The key fingerprint is:..." 和下面的一行显示了生成的密钥指纹(fingerprint),这是一种唯一标识密钥的方式,可用于验证密钥的真实性和完整性。
7. "The key's randomart image is:" 后面展示了一种图形化的密钥表示方式,称为“随机艺术图像”(randomart),这种可视化可以帮助用户更容易地识别和记忆密钥,而不仅仅是查看一串难以记忆的字符。
a机器:10.0.1.134
b机器: 10.0.1.113
a服务器登录b服务器 使用秘钥连接
a机器执行这条命令
执行:ssh-keygen -t rsa
[root@master .ssh]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
/root/.ssh/id_rsa already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
ba:0b:dc:35:70:7e:59:e1:e1:22:3f:8e:bc:9f:a2:1d root@master
The key's randomart image is:
+--[ RSA 2048]----+
| o |
| o o |
| . o . + |
| + o + |
| S = |
| . . + = . |
| o o E . |
| . o.o . |
| +oooo |
+-----------------+
[root@master .ssh]# ls
authorized_keys id_rsa id_rsa.pub known_hosts
这时.ssh目录下会生成私钥和公钥的键值对id_rsa,id_rsa.pub
把a机器的秘钥文件复制b机器
[root@master .ssh]# scp /root/.ssh/id_rsa.pub root@ 10.0.1.113:/root/.ssh/authorized_keys
root@ 10.0.1.113's password:
id_rsa.pub 100% 393 0.4KB/s 00:00
在b机器上把过来的秘钥文件给与权限
[root@b ~]# chmod 600 /root/.ssh/authorized_keys
测试:在a机器上远程登录b机器
[root@a ~]# ssh -l root 10.0.1.113
或者也可以用 ssh 10.0.1.113
[root@master .ssh]# ssh 10.0.1.113
Last login: Mon Mar 18 16:52:11 2024 from 10.0.1.1
[root@node ~]# ls
anaconda-ks.cfg ifcfg-eno16777736 it01 sh www_2024-03-17.tar.gz
[root@master .ssh]# ssh 10.0.1.113 ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eno16777736: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:ed:03:07 brd ff:ff:ff:ff:ff:ff
inet 10.0.1.113/24 brd 10.0.1.255 scope global noprefixroute eno16777736
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:feed:307/64 scope link noprefixroute
valid_lft forever preferred_lft forever
可以看到已经登录成功
缺点:a可以远程登录b服务器,但b机器不可以登录a服务器
[root@node .ssh]# ssh 10.0.1.134
The authenticity of host '10.0.1.134 (10.0.1.134)' can't be established.
ECDSA key fingerprint is SHA256:WNHlA4APdESQiNa1jvJ1HHo3Ey6XJh5vjRepHX8k36o.
ECDSA key fingerprint is MD5:b0:c9:fe:89:6e:49:75:58:87:2b:c5:5e:78:fd:82:1a.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.0.1.134' (ECDSA) to the list of known hosts.
root@10.0.1.134's password:
Last login: Mon Mar 18 15:38:35 2024 from 10.0.1.1
**************
** 生产服务器,请慎重操作并慎用rm命令! **
**************
sh: /root/sh/1.sh: No such file or directory
虽然登录上了,但是是输入密码登录上的,所以我们要的是不输入密码登录上,很明显,他的缺点。第二种
a和b互相免密连接
ssh-keygen
cd /root/.ssh
mv id_rsa.pub authorized_keys
scp -r /root/.ssh 10.0.1.113:/root
a机器操作
a机器ip:10.0.1.134
生成秘钥文件
[root@master .ssh]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
5b:ce:1a:f1:9d:08:b3:d0:e6:2d:1a:5c:b5:2a:31:e8 root@master
The key's randomart image is:
+--[ RSA 2048]----+
| |
| |
| . |
| . . . . |
| . + S o |
| . . B & o . |
| E + B * o |
| + + |
| . . |
+-----------------+
查看是否生成秘钥文件了
[root@master .ssh]# ls
id_rsa id_rsa.pub
把当前目录下的 id_rsa.pub 公钥文件移动到名为 authorized_keys 的文件中
[root@master .ssh]# mv id_rsa.pub authorized_keys
查看是否移动成功
[root@master .ssh]# ls
authorized_keys id_rsa
给予一下权限
[root@master .ssh]# chmod 600 authorized_keys
本地机器上的 /root/.ssh 目录及其所有内容将会被完整地复制到远程主机 10.0.1.113 上的 /root/.ssh 目录中。如果远程目录不存在,scp 命令会创建它
[root@master .ssh]# scp -r /root/.ssh 10.0.1.113:/root
The authenticity of host ' 10.0.1.113 ( 10.0.1.113)' can't be established.
ECDSA key fingerprint is ae:9d:91:23:b2:20:e5:5d:df:d9:8a:b3:34:64:68:16.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ' 10.0.1.113' (ECDSA) to the list of known hosts.
root@ 10.0.1.113's password:
id_rsa 100% 1675 1.6KB/s 00:00
authorized_keys 100% 393 0.4KB/s 00:00
known_hosts 100% 172 0.2KB/s 00:00
测试a机器登录b机器
[root@master .ssh]# ssh 10.0.1.113 ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eno16777736: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:ed:03:07 brd ff:ff:ff:ff:ff:ff
inet 10.0.1.113/24 brd 10.0.1.255 scope global noprefixroute eno16777736
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:feed:307/64 scope link noprefixroute
valid_lft forever preferred_lft forever
b机器
b机器ip: 10.0.1.113
查看远程复制过来的秘钥公钥文件
[root@node .ssh]# ls
authorized_keys id_rsa known_hosts
测试有没有b机器登录a机器
[root@node .ssh]# ssh 10.0.1.134 ip a
The authenticity of host '10.0.1.134 (10.0.1.134)' can't be established.
ECDSA key fingerprint is SHA256:WNHlA4APdESQiNa1jvJ1HHo3Ey6XJh5vjRepHX8k36o.
ECDSA key fingerprint is MD5:b0:c9:fe:89:6e:49:75:58:87:2b:c5:5e:78:fd:82:1a.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.0.1.134' (ECDSA) to the list of known hosts.
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eno16777736: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:4c:25:86 brd ff:ff:ff:ff:ff:ff
inet 10.0.1.134/24 brd 10.0.1.255 scope global dynamic eno16777736
valid_lft 1512sec preferred_lft 1512sec
inet6 fe80::20c:29ff:fe4c:2586/64 scope link
valid_lft forever preferred_lft forever
[root@node .ssh]# ssh 10.0.1.134
Last login: Mon Mar 18 18:40:29 2024 from 10.0.1.113
**************
** 生产服务器,请慎重操作并慎用rm命令! **
**************
sh: /root/sh/1.sh: No such file or directory
总结: 就是把a机器生成的秘钥公钥文件同时也复制给了b机器 这样就可双方以免密登录了第三种
windows 服务器 产生秘钥 使用xhsell 使用公钥远程连接服务器
1 使用xshell 生成公钥
生成公钥文件要保存到本地后面要用到
2 公钥复制到linux 服务器上 authorized_keys
如果想只用秘钥登录 可以关闭系统的ssh密码连接
3 vi /etc/ssh/sshd_config
PasswordAuthentication yes 改成no 就可以实现关闭密码登录 使用秘钥远程登录服务器
需求1:实现root用户秘钥登录
需求2:实现普通用户wang秘钥登录
需求3:实现只用秘钥登录,关闭远程连接
具体实操
注意:这个上传的公钥可以用一个,也不用多创建的
需求1:实现root用户秘钥登录
1.先用xshell生成秘钥公钥文件
不明白的可以看下面图示,照着生成就可以了,保存到本地。
我的root秘钥文件生成的是这个秘钥,文件名为roottest.pub 这个秘钥文件我设置l密码是123 ,当然也可以不设置
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAoAGzrTb+WEihp+bOwXhv3Oy809zS4BFcZ3Zo+U6RafFm4pyWj/HkvRF2qY1iXcT0Nz8doAwTXpnCh75VsRGUV4EU6OTuFWTkiVzluTAaT9xHWkseiUHiLebxI9drssAks8p5Q+wXGdG7QuX65wokGQ1pCuSU0VcVngGB00AJpA10Wuq3y76/tlOSrzkfELVFZHRS5Gwhqhnt/Zq4J0+7kXZEzeBzHeK2EXxBxDmV7iqYXjJNiZ2+4XuVhHJWzHbSNIUjsHElKl4tBMdjQmLD1iZqvtLhT1JXC6YEy6LvzS5IEpvRrLvzZUg9SeH+GjGiR1uiFO8RLzaSJJAbUbit1w==
进入到这个文件夹,用rz命令把公钥文件上传,没有这个命令,可以安装一下 yum -y install lrzsz
[root@centos8 ~]# cd .ssh
[root@centos8 .ssh]# ls
authorized_keys id_rsa id_rsa.pub test.pub
[root@centos8 .ssh]# rz
[root@centos8 .ssh]# ls
authorized_keys id_rsa id_rsa.pub roottest.pub test.pub
把这个秘钥文件给追加到这个authorized_keys文件里,如果你没有这个文件夹,你也可以生成这个文件夹 touch authorized_keys
[root@centos8 .ssh]# cat roottest.pub >> authorized_keys
当然你也可以用vim authorized_keys 直接把秘钥追加到后面也可以
测试
用xshell实现root秘钥登录,测试测试成功
[C:\~]$
Connecting to 10.0.1.130:22...
Connection established.
To escape to local shell, press 'Ctrl+Alt+]'.
Activate the web console with: systemctl enable --now cockpit.socket
Last login: Mon Mar 18 12:55:27 2024 from 10.0.1.1
[root@centos8 ~]#
需求2:实现普通用户wang秘钥登录
1.先用xshell生成秘钥公钥文件
不明白的可以看下面图示,照着生成就可以了,保存到本地。
我的root秘钥文件生成的是这个秘钥,文件名为wang.pub 这个秘钥文件我设置l密码是123 ,当然也可以不设置
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAv9OQi/IWwCzN5ghmk9LgwNPIrR94jctuqM3Tj9+qTt5FekIuUp5vdfbG0rexrzndIVfYPQX8QjrWdSWu8dyZfKIDNWQUeRe5bbeR0fpPof2NySBo/oO2eBm8Krd9R+cIZRly2ClHAJRl3FiBDcqxUPhG7xE8hA5DoRiIQTb4T+cuRxGmdJJRh7zlsW+Mw04Hw+NKcFV7elncWaXU7tcZ2m+3sG/AJo7Zc/2PLUFirPX142A33bxo/HrDFTZ0sdnGAvxMT1HZNltphnEOe5JwsG0q8/IxT+ji4DeCRdr9se1hdObuZVBlOOFRihzldvYm7kY6/d1bxz2n+TQF2xBcBQ==
先创建wang这个普通用户和密码
ps:密码你也可以不创建,不过一般生产环境中建议还是用密码的
这里密码就设置123
[root@centos8 ~]# useradd wang
[root@centos8 ~]# cd .ssh/
[root@centos8 .ssh]# ls
authorized_keys id_rsa id_rsa.pub wang.pub roottest.pub test.pub
把之前的root秘钥给复制过去,当然你也可以用新的
只不要这里还要上传,我就不传了
[root@centos8 .ssh]# cp roottest.pub /home/wang/
查看wang用户是否把秘钥复制过去了
[root@centos8 .ssh]# cd /home/
[root@centos8 home]# cd wang/
[root@centos8 wang]# ls
roottest.pub
[root@centos8 wang]# ls -a
. .. .bash_logout .bash_profile .bashrc .mozilla roottest.pub
创建.ssh 文件夹
[root@centos8 wang]# mkdir .ssh
进去到.ssh目录下
[root@centos8 wang]# cd .ssh/
没有这个authorized_keys文件,我们需要手动创建的
[root@centos8 .ssh]# touch authorized_keys
[root@centos8 .ssh]# ls
authorized_keys
把原来root账户里的root公钥文件给追加到wang用户里面的 authorized_keys 里
[root@centos8 .ssh]# cat /root/.ssh/roottest.pub >> /home/wang/.ssh/authorized_keys
测试
Xshell 7 (Build 0049)
Copyright (c) 2020 NetSarang Computer, Inc. All rights reserved.
Type `help' to learn how to use Xshell prompt.
[C:\~]$
Connecting to 10.0.1.130:22...
Connection established.
To escape to local shell, press 'Ctrl+Alt+]'.
Activate the web console with: systemctl enable --now cockpit.socket
/usr/bin/xauth: file /home/wang/.Xauthority does not exist
[wang@centos8 ~]$
需求3:实现只用秘钥登录,关闭远程连接
vi /etc/ssh/sshd_config
PasswordAuthentication yes 改成no 就可以实现关闭密码登录 使用秘钥远程登录服务器
[root@centos8 ~]# vi /etc/ssh/sshd_config
PasswordAuthentication yes 改成no
[root@centos8 ~]# cat /etc/ssh/sshd_config
# $OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options override the
# default value.
# If you want to change the port on a SELinux system, you have to tell
# SELinux about this change.
# semanage port -a -t ssh_port_t -p tcp #PORTNUMBER
#
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
# Ciphers and keying
#RekeyLimit default none
# This system is following system-wide crypto policy. The changes to
# crypto properties (Ciphers, MACs, ...) will not have any effect here.
# They will be overridden by command-line options passed to the server
# on command line.
# Please, check manual pages for update-crypto-policies(8) and sshd_config(5).
# Logging
#SyslogFacility AUTH
SyslogFacility AUTHPRIV
#LogLevel INFO
# Authentication:
#LoginGraceTime 2m
PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
#PubkeyAuthentication yes
# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile .ssh/authorized_keys
#AuthorizedPrincipalsFile none
#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication no
#PermitEmptyPasswords no
PasswordAuthentication yes
# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
ChallengeResponseAuthentication no
# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
#KerberosUseKuserok yes
# GSSAPI options
GSSAPIAuthentication yes
GSSAPICleanupCredentials no
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no
#GSSAPIEnablek5users no
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
# WARNING: 'UsePAM no' is not supported in Fedora and may cause several
# problems.
UsePAM yes
#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
# It is recommended to use pam_motd in /etc/pam.d/sshd instead of PrintMotd,
# as it is more configurable and versatile than the built-in version.
PrintMotd no
#PrintLastLog yes
#TCPKeepAlive yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS no
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none
# no default banner path
#Banner none
# Accept locale-related environment variables
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS
# override default of no subsystems
Subsystem sftp /usr/libexec/openssh/sftp-server
# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# PermitTTY no
# ForceCommand cvs server
[root@centos8 ~]# systemctl restart sshd
测试成功补充--xshell建立秘钥图解
1Xshell生成秘钥免密登录
导出生成的公钥
故障案例--解决
如果遇到无法实现秘钥连接服务器怎么办?
如果在配置密钥连接服务器时遇到问题,无法通过SSH密钥成功连接服务器,可以从以下几个方面进行排查和解决:
1. **检查密钥文件**:
- 确保私钥文件(例如 `id_rsa`)存在并且路径正确。
- 检查私钥文件的权限,确保只有用户自己有读取权限,例如:`chmod 400 ~/.ssh/id_rsa`。
- 确认公钥(例如 `id_rsa.pub`)已正确地复制到了服务器的 `~/.ssh/authorized_keys` 文件中。
2. **密钥格式与编码**:
- 确保密钥文件采用OpenSSH支持的格式,一般应该是PEM格式。
- 检查密钥文件是否有乱码或损坏,如有需要,重新生成密钥对。
3. **权限和账号问题**:
- 确保在服务器端,密钥关联的用户账号具有足够的权限登录。
- 在阿里云等云服务商平台,还要检查该密钥是否绑定到了正确的ECS实例或RAM用户。
4. **网络连接**:
- 检查网络连接是否畅通,防火墙或安全组规则是否允许SSH端口(默认为22)的入站流量。
- 使用ping命令测试网络连通性,或者尝试telnet到SSH端口看是否可以连接。
5. **SSH客户端配置**:
- 确保在SSH客户端中正确指定了密钥文件,例如使用 `-i` 参数指定私钥文件路径。
- 确认SSH客户端配置文件(如 `~/.ssh/config`)中关于服务器的配置无误。
6. **服务器配置**:
- 检查服务器的SSH服务配置(如 `/etc/ssh/sshd_config`),确保AllowUsers或AllowGroups中有相应的用户,并且PubkeyAuthentication被设置为yes。
- 重启SSH服务以确保配置生效:`systemctl restart sshd` 或 `service sshd restart`。
7. **秘钥过期或无效**:
- 检查阿里云或其他云服务商控制台,确认密钥是否仍在有效期内,过期的秘钥需要重新生成并更新。
8. **服务器状态**:
- 确认服务器是否正常运行,没有因维护或故障而不可达。
通过逐项排查和修复上述可能出现的问题,通常可以解决无法通过秘钥连接服务器的问题。如果问题依然存在,可以查看服务器日志(如 `/var/log/auth.log` 或 `/var/log/secure`)以获取更详细的错误信息。对于阿里云等云服务商,还可以联系他们的技术支持寻求帮助。9-配置邮件发送
准备邮箱图示
SQRLLCVNTQXQHAQE这个是授权码唯一的这就不展示了
服务器地址:
POP3服务器: pop.163.com
SMTP服务器: smtp.163.com
IMAP服务器: imap.163.com
邮件
linux服务器---企业邮箱163 -----运维人员(QQ邮箱)
准备:安装postfix
启用postfix
关闭防火墙
selinux
1.配置163企业邮箱
2.编写linux服务邮件相关配置文件
[root@master ~]# vi /etc/mail.rc
set smtp-auth-user=用户名@163.com
set smtp-auth-password=客户端授权密码
set smtp-auth=login
set from=15178374440@163.com 你自己的账户
set smtp=smtp.163.com 填写配置的邮箱
set smtp-auth-user=15178374440@163.com 自己的账户
set smtp-auth-password=SQRLLCVNTQXQHAQE 授权码唯一 (为了安全所以这个是无效的授权码)
set smtp-auth=login 自动登录
[root@master ~]# vim /etc/mail.rc
把下面这个粘贴进去,如果粘贴格式有问题 ,可以用:set paste 模式确保粘贴不会出现问题
set from=15178374440@163.com
set smtp=smtp.163.com
set smtp-auth-user=15178374440@163.com
set smtp-auth-password=SQRLLCVNTQXQHAQE
set smtp-auth=login
[root@master ~]# systemctl restart postfix.service
3.发送邮件测试
echo "系统有异常问题,请检查系统" |mail -s "异常警告" 15178374440@163.com
cat /etc/hosts | mailx -s "Hosts File Content" 15178374440@163.com
cat /etc/hosts | mailx -s "Hosts File Content" 3078499367@qq.com
也可以目录信息发送到邮箱里补充
1--cp scp rsync --优缺点
cp 本地备份
scp 远程备份
rsync 远程备份 增量备份
优缺点
cp , scp , 和 rsync 都是 Linux 系统中用来复制或移动文件和目录的常用命令,它们各自有不同的应用场景和优缺点:
cp (copy)
优点:
- 本地操作高效: cp 是本地文件系统的复制命令,执行速度快,尤其在处理大量本地文件时效率高。
- 功能全面:支持递归复制整个目录结构,可以保留原有文件属性,并且可以通过 -p 参数保留文件权限、时间戳等元数据。
缺点:
- 非网络操作: cp 无法直接用于远程文件复制,只能在本地文件系统间操作。
scp (secure copy)
优点:
- 安全性: scp 是基于 SSH 协议的,所以在网络间复制文件时能够保证数据的安全性,加密传输。
- 简单易用:只需指定源文件/目录和目标位置,即可进行远程机器间的文件复制。
缺点:
- 全量复制:每次执行都会完整复制文件,无论文件是否有变化,因此对于大文件或已存在的未更改文件来说,可能效率较低。
- 资源占用:在网络传输过程中,特别是处理大量小文件时,可能会占用较多的网络带宽和计算资源。
rsync
优点:
- 增量复制: rsync 支持增量复制,仅传输文件的不同部分,极大地提高了复制效率,特别适合定期备份和同步任务。
- 双向同步:既可以进行单向复制,也可以进行双向同步,并且可以检查文件的一致性。
- 节省资源:通过校验机制避免无意义的传输,减少带宽消耗;同时,可通过 -z 参数启用压缩传输进一步提升效率。
- 智能删除:在某些模式下,rsync可以删除目标目录中不再存在于源目录的文件,实现真正的同步效果。
缺点:
- 首次同步较慢:由于rsync会先比较文件内容再传输,所以对于初次同步大量文件的情况,其比较阶段可能会相对较慢。
- CPU 使用率:特别是在处理小文件时,因为需要计算文件的校验值来判断差异,可能导致CPU使用率较高。
- 复杂度:相比 cp 和 scp , rsync 提供更多的选项,使用起来更复杂,需要熟悉更多参数才能发挥其全部优势。
总结:
- 当只需要在本地快速复制文件时, cp 最合适。
- 如果需要在两台远程主机间安全地传输文件,即使效率稍低, scp 仍然是首选。
- 对于大型文件、定期备份、增量同步以及希望最大程度节省资源的场景, rsync 能提供最优解决方案。2--rsync故障案例--解决
1.1 rsync客户端执行rsync命令错误:
客户端的错误现象:
[root@nfs01 tmp]# rsync -avz /etc/hosts rsync_backup@172.16.1.41::/backup
ERROR: The remote path must start with a module name not a /
rsync error: error starting client-server protocol (code 5) at main.c(1503) [sender=3.0.6]
异常问题解决:
rsync命令语法理解错误,::/backup是错误的语法,应该为::backup(rsync模块)
1.2 @ERROR: auth failed on module oldboy
客户端的错误现象:
[root@nfs01 tmp]# rsync -avz /etc/hosts rsync_backup@172.16.1.41::backup
Password:
@ERROR: auth failed on module backup
rsync error: error starting client-server protocol (code 5) at main.c(1503) [sender=3.0.6]
异常问题解决:
1. 密码真的输入错误,用户名真的错误
2. secrets file = /etc/rsync.password指定的密码文件和实际密码文件名称不一致
3. /etc/rsync.password文件权限不是600
4. rsync_backup:123456密码配置文件后面注意不要有空格
echo "rsync_backup:123456" >>/etc/rsync.password
rsync客户端密码文件中只输入密码信息即可,不要输入虚拟认证用户名称
1.3 Unknown module 'backup'
[root@nfs01 tmp]# rsync -avz /etc/hosts rsync_backup@172.16.1.41::backup
@ERROR: Unknown module 'backup'
rsync error: error starting client-server protocol (code 5) at main.c(1503) [sender=3.0.6]
异常问题解决:
1. /etc/rsyncd.conf配置文件模块名称书写错误
1.4 Permission denied
[root@nfs01 tmp]# rsync -avz /etc/hosts rsync_backup@172.16.1.41::backup
Password:
sending incremental file list
hosts
rsync: mkstemp ".hosts.5z3AOA" (in backup) failed: Permission denied (13)
sent 196 bytes received 27 bytes 63.71 bytes/sec
total size is 349 speedup is 1.57
rsync error: some files/attrs were not transferred (see previous errors) (code 23) at main.c(1039) [sender=3.0.6]
异常问题解决:
1. 共享目录的属主和属组不正确,不是rsync
2. 共享目录的权限不正确,不是755
1.5 chdir failed
[root@nfs01 tmp]# rsync -avz /etc/hosts rsync_backup@172.16.1.41::backup
Password:
@ERROR: chdir failed
rsync error: error starting client-server protocol (code 5) at main.c(1503) [sender=3.0.6]
异常问题解决:
1. 备份存储目录没有建立
2. 建立的备份存储目录和配置文件定义不一致
说明:如果没有备份存储目录
1.6 invalid uid rsync
[root@nfs01 tmp]# rsync -avz /etc/hosts rsync_backup@172.16.1.41::backup
Password:
@ERROR: invalid uid rsync
rsync error: error starting client-server protocol (code 5) at main.c(1503) [sender=3.0.6]
异常问题解决:
rsync服务对应rsync虚拟用户不存在了
1.7 客户端已经配置了密码文件,但免秘钥登录方式,依旧需要输入密码
password file must not be other-accessible
[root@nfs01 tmp]# rsync -avz /etc/hosts rsync_backup@172.16.1.41::backup --password-file=/etc/rsync.password
password file must not be other-accessible
continuing without password file
Password:
sending incremental file list
sent 26 bytes received 8 bytes 5.23 bytes/sec
total size is 349 speedup is 10.26
异常问题解决:
rsync客户端的秘钥文件也必须是600权限
9万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
