week03
1、自建yum仓库,分别为网络源和本地源
(1)本地源
# 1. 备份原repo文件
[root@centos83localdomain ~]#mkdir /etc/yum.repos.d/bak
[root@centos83localdomain ~]#cd /etc/yum.repos.d
[root@centos83localdomain yum.repos.d]#ls
bak CentOS-Linux-Plus.repo
CentOS-Linux-AppStream.repo CentOS-Linux-PowerTools.repo
CentOS-Linux-BaseOS.repo CentOS-Linux-Sources.repo
CentOS-Linux-ContinuousRelease.repo epel-modular.repo
CentOS-Linux-Debuginfo.repo epel-playground.repo
CentOS-Linux-Devel.repo epel.repo
CentOS-Linux-Extras.repo epel-testing-modular.repo
CentOS-Linux-FastTrack.repo epel-testing.repo
CentOS-Linux-HighAvailability.repo zz.repo
CentOS-Linux-Media.repo
[root@centos83localdomain yum.repos.d]#mv *.repo bak/
# 2. 挂载iso镜像
[root@centos83localdomain yum.repos.d]#lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda 8:0 0 200G 0 disk
├─sda1 8:1 0 1G 0 part /boot
├─sda2 8:2 0 100G 0 part /
├─sda3 8:3 0 2G 0 part [SWAP]
├─sda4 8:4 0 1K 0 part
└─sda5 8:5 0 50G 0 part /data
sr0 11:0 1 1024M 0 rom
[root@centos83localdomain yum.repos.d]#mkdir /mnt/cdrom
[root@centos83localdomain ~]#mount /dev/sr0 /mnt/cdrom/
mount: /mnt/cdrom: WARNING: device write-protected, mounted read-only.
[root@centos83localdomain ~]#ls /mnt/cdrom/
AppStream BaseOS EFI images isolinux LICENSE media.repo TRANS.TBL
# 3. 新建repo文件
[root@centos83localdomain yum.repos.d]#vim zz_local.repo
# CentOS-Linux-BaseOS.repo
#
# The mirrorlist system uses the connecting IP address of the client and the
# update status of each mirror to pick current mirrors that are geographically
# close to the client. You should use this for CentOS updates unless you are
# manually picking other mirrors.
#
# If the mirrorlist does not work for you, you can try the commented out
# baseurl line instead.
[BaseOS_local]
name=BaseOS_local
baseurl=file:///mnt/cdrom/BaseOS
gpgcheck=1
enabled=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
[AppStream_local]
name=AppStream_local
baseurl=file:///mnt/cdrom/AppStream
gpgcheck=1
enabled=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
# 4. 清除缓存
[root@centos83localdomain yum.repos.d]#yum clean all && yum makecache
0 files removed
BaseOS_local 154 MB/s | 2.6 MB 00:00
AppStream_local 207 MB/s | 7.5 MB 00:00
Last metadata expiration check: 0:00:01 ago on Sat 16 Apr 2022 05:06:11 PM CST.
Metadata cache created.
[root@centos83localdomain yum.repos.d]#
[root@centos83localdomain yum.repos.d]#
[root@centos83localdomain yum.repos.d]#yum repolist
repo id repo name
AppStream_local AppStream_local
BaseOS_local BaseOS_local
# 5. 验证
[root@centos83localdomain yum.repos.d]#yum install gcc
Last metadata expiration check: 0:00:44 ago on Sat 16 Apr 2022 05:06:11 PM CST.
Dependencies resolved.
===================================================================================
Package Arch Version Repository Size
===================================================================================
Installing:
gcc x86_64 8.5.0-3.el8 AppStream_local 23 M
Installing dependencies:
annobin x86_64 9.65-1.el8 AppStream_local 109 k
cpp x86_64 8.5.0-3.el8 AppStream_local 10 M
glibc-devel x86_64 2.28-164.el8 BaseOS_local 1.0 M
glibc-headers x86_64 2.28-164.el8 BaseOS_local 480 k
isl x86_64 0.16.1-6.el8 AppStream_local 841 k
kernel-headers x86_64 4.18.0-348.el8 BaseOS_local 8.3 M
libxcrypt-devel x86_64 4.1.1-6.el8 BaseOS_local 25 k
Downgrading:
libgomp x86_64 8.5.0-3.el8 BaseOS_local 206 k
...
(2)网络源
# 1. 备份原repo文件
...
# 2. 新建repo文件
[root@centos83localdomain yum.repos.d]#vim zz_net.repo
# CentOS-Linux-BaseOS.repo
#
# The mirrorlist system uses the connecting IP address of the client and the
# update status of each mirror to pick current mirrors that are geographically
# close to the client. You should use this for CentOS updates unless you are
# manually picking other mirrors.
#
# If the mirrorlist does not work for you, you can try the commented out
# baseurl line instead.
[BaseOS_net]
name=BaseOS_net
baseurl=https://mirrors.cloud.tencent.com/centos/$releasever/BaseOS/$basearch/os/
https://mirrors.tuna.tsinghua.edu.cn/centos/8-stream/BaseOS/$basearch/os/
https://mirrors.aliyun.com/centos/8-stream/BaseOS/$basearch/os/
https://mirrors.163.com/centos/8-stream/BaseOS/$basearch/os/
gpgcheck=1
enable=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
[AppStream_net]
name=AppStream_net
baseurl=https://mirrors.cloud.tencent.com/centos/$releasever/AppStream/$basearch/os/
https://mirrors.tuna.tsinghua.edu.cn/centos/8-stream/AppStream/$basearch/os/
https://mirrors.aliyun.com/centos/8-stream/AppStream/$basearch/os/
https://mirrors.163.com/centos/8-stream/AppStream/$basearch/os/
gpgcheck=1
enabled=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
[EPEL_net]
name=EPEL_net
baseurl=https://mirrors.cloud.tencent.com/epel/$releasever/Everything/$basearch/
https://mirrors.tuna.tsinghua.edu.cn/epel/$releasever/Everything/$basearch/
https://mirrors.aliyun.com/epel/$releasever/Everything/$basearch/
https://mirrors.163.com/epel/$releasever/Everything/$basearch/
gpgcheck=1
enabled=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
[extras__net]
name=extras_net
baseurl=https://mirrors.cloud.tencent.com/centos/$releasever/extras/$basearch/os/
https://mirrors.tuna.tsinghua.edu.cn/centos/$releasever/extras/$basearch/os/
https://mirrors.aliyun.com/centos/$releasever/extras/$basearch/os/
https://mirrors.163.com/centos/$releasever/extras/$basearch/os/
gpgcheck=1
enabled=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
# 3. 清除缓存
[root@centos83localdomain yum.repos.d]#yum clean all && yum makecache
28 files removed
BaseOS_net 4.1 MB/s | 4.6 MB 00:01
AppStream_net 7.3 MB/s | 8.4 MB 00:01
EPEL_net 10 MB/s | 11 MB 00:01
extras_net 22 kB/s | 10 kB 00:00
Metadata cache created.
# 4. 验证
[root@centos83localdomain yum.repos.d]#yum install gcc
Last metadata expiration check: 0:02:58 ago on Sat 16 Apr 2022 05:41:31 PM CST.
Dependencies resolved.
===========================================================================================================================================================================
Package Architecture Version Repository Size
===========================================================================================================================================================================
Installing:
gcc x86_64 8.5.0-4.el8_5 AppStream_net 23 M
Upgrading:
libgomp x86_64 8.5.0-4.el8_5 BaseOS_net 206 k
Installing dependencies:
annobin x86_64 9.72-1.el8_5.2 AppStream_net 111 k
cpp x86_64 8.5.0-4.el8_5 AppStream_net 10 M
glibc-devel x86_64 2.28-164.el8 BaseOS_net 1.0 M
glibc-headers x86_64 2.28-164.el8 BaseOS_net 480 k
isl x86_64 0.16.1-6.el8 AppStream_net 841 k
kernel-headers x86_64 4.18.0-348.7.1.el8_5 BaseOS_net 8.3 M
libxcrypt-devel x86_64 4.1.1-6.el8 BaseOS_net 25 k
...
2、编译安装http2.4,实现可以正常访问,并将编译步骤和结果提交。
## centos8 编译安装 httpd-2.4.46
#0 安装前准备:关闭防火墙和SELinux
[root@centos83localdomain ~]#cat /etc/selinux/config
SELINUX=disable
[root@centos83localdomain ~]#systemctl disable firewalld
# 查看本机版本
[root@centos83localdomain ~]#yum info httpd
Name : httpd
Version : 2.4.37
RL : https://httpd.apache.org/
#1 安装相关包
[root@centos8 ~]#dnf install gcc make autoconf apr-devel apr-util-devel pcre-
devel openssl-devel redhat-rpm-config
#2 下载并解压缩包
[root@centos83localdomain ~]#wget https://dlcdn.apache.org/httpd/httpd-2.4.53.tar.bz2
[root@centos83localdomain ~]#tar xvf httpd-2.4.53.tar.bz2 -C /usr/local/src
#3 配置
[root@centos8 ~]#cd /usr/local/src/httpd-2.4.53/
# 查看安装说明
[root@centos8 httpd-2.4.46]#cat INSTALL
...
$ ./configure --prefix=PREFIX
$ make
$ make install
$ PREFIX/bin/apachectl start
#缺依赖
[root@centos8 httpd-2.4.46]#./configure --prefix=/apps/httpd --sysconfdir=/etc/httpd --enable-ssl
...
checking for APR... no
configure: error: APR not found. Please read the documentation.
[root@centos83localdomain httpd-2.4.53]#yum install apr-devel
#缺依赖
...
[root@centos83localdomain httpd-2.4.53]#yum install apr-util-devel
[root@centos83localdomain httpd-2.4.53]#yum install pcre-devel
[root@centos83localdomain httpd-2.4.53]#yum install openssl-devel
#4 编译并安装
[root@centos8 httpd-2.4.46]#make -j 2 && make install
# 缺文件
gcc: error: /usr/lib/rpm/redhat/redhat-hardened-ld: No such file or directory
make[4]: *** [/usr/local/src/httpd-2.4.53/modules/aaa/modules.mk:2: mod_authn_file.la] Error 1
[root@centos83localdomain httpd-2.4.53]#yum provides /usr/lib/rpm/redhat/redhat-hardened-ld
...
redhat-rpm-config-125-1.el8.noarch : Red Hat specific rpm configuration files
[root@centos83localdomain httpd-2.4.53]#yum install -y redhat-rpm-config-125-1.el8.noarch
#然后再次make -j 2 && make install
#5 配置环境
[root@centos83localdomain httpd-2.4.53]#echo 'PATH=/apps/httpd/bin:$PATH' > /etc/profile.d/httpd.sh
[root@centos83localdomain httpd-2.4.53]#apachectl start
#6 运行
[root@centos83localdomain httpd-2.4.53]#apachectl start
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 10.0.0.150. Set the 'ServerName' directive globally to suppress this message
#7 指定用apache用户运行
[root@centos8 ~]#groupadd -r -g 88 apache
[root@centos83localdomain httpd-2.4.53]#useradd -r -s /sbin/nologin -d /var/www -c Apache -u 88 -g apache apache
[root@centos8 ~]#vim /etc/httpd/httpd.conf
user apache
group apache
#8 配置生效和验证
[root@centos8 ~]#apachectl restart
或使用:
apachectl -k stop
apachectl -k start
#9 查看进程
[root@centos8 ~]#ps aux
#10 用浏览器打开以下地址,可以看下面页面
3、利用sed 取出ifconfig命令中本机的IPv4地址
[root@centos83localdomain yum.repos.d]#ifconfig ens33 |sed -nr "2s/[^0-9]+([0-9.]+).*/\1/p"
10.0.0.150
[root@centos83localdomain yum.repos.d]#ifconfig ens33 | sed -En '2s/^[^0-9]+([0-9.]{7,15}).*/\1/p'
10.0.0.150
[root@centos83localdomain yum.repos.d]#ifconfig ens33 | sed -rn '2s/^[^0-9]+([0-9.]+) .*$/\1/p'
10.0.0.150
[root@centos83localdomain yum.repos.d]#ifconfig ens33 | sed -n '2s/^.*inet //p' | sed -n 's/netmask.*//p'
10.0.0.150
[root@centos83localdomain yum.repos.d]#ifconfig ens33 | sed -n '2s/^.*inet //;s/ netmask.*//p'
10.0.0.150
[root@centos83localdomain yum.repos.d]#ifconfig ens33 | sed -rn '2s/(.*inet )([0-9].*)(netmask.*)/\2/p'
10.0.0.150
4、删除/etc/fstab文件中所有以#开头,后面至少跟一个空白字符的行的行首的#和空白字符
# 1. 现有fstab文件内容
[root@centos83localdomain data]#cp /etc/fstab ./
[root@centos83localdomain data]#cat fstab
#
# /etc/fstab
# Created by anaconda on Fri Mar 25 00:48:49 2022
#
# Accessible filesystems, by reference, are maintained under '/dev/disk/'.
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info.
#
# After editing this file, run 'systemctl daemon-reload' to update systemd
# units generated from this file.
#
UUID=7c8392d7-b28a-4b35-8592-c01f37d616dc / xfs defaults 0 0
UUID=0943dab7-e5b3-4f69-89da-cfdeea8b87b8 /boot ext4 defaults 1 2
UUID=98bcc3ea-f289-414d-9c79-f57ad655a833 /data xfs defaults 0 0
UUID=c310518e-d2ba-40cf-85fb-c3694c5207d0 none swap defaults 0 0
# 2. 替换
[root@centos83localdomain data]#sed -ri 's@(^#\s*)(.*)@\2@' fstab
[root@centos83localdomain data]#cat fstab
/etc/fstab
Created by anaconda on Fri Mar 25 00:48:49 2022
Accessible filesystems, by reference, are maintained under '/dev/disk/'.
See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info.
After editing this file, run 'systemctl daemon-reload' to update systemd
units generated from this file.
UUID=7c8392d7-b28a-4b35-8592-c01f37d616dc / xfs defaults 0 0
UUID=0943dab7-e5b3-4f69-89da-cfdeea8b87b8 /boot ext4 defaults 1 2
UUID=98bcc3ea-f289-414d-9c79-f57ad655a833 /data xfs defaults 0 0
UUID=c310518e-d2ba-40cf-85fb-c3694c5207d0 none swap defaults 0 0
5、处理/etc/fstab路径,使用sed命令取出其目录名和基名
[root@centos83localdomain data]#echo "/etc/fstab" | sed -nr 's#^(.*)/([^/]+)#\1#p'
/etc
[root@centos83localdomain data]#echo "/etc/fstab" | sed -nr 's#^(.*)/([^/]+)#\2#p'
fstab
6、列出ubuntu软件管理工具apt的一些用法(自由总结)
apt与apt-get命令对比
apt 特有的命令
apt list 列出包含条件的包(已安装,可升级等)
apt edit-sources 编辑源列表
APT包索引配置文件
/etc/apt/sources.list
/etc/apt/sources.list.d
apt命令操作(如安装和删除软件包)日志文件
/var/log/dpkg.log
7、简述osi七层模型和TCP/IP五层模型
OSI(Open System Interconnect),即开放式系统互联。OSI定义了网络互连的七层框架(物理层、数据链路层、网络层、传输层、会话层、表示层、应用层)
- 应用层
- 为计算机用户提供应用接口,也为用户直接提供各种网络服务。我们常见应用层的网络服务协议有:HTTP,HTTPS,FTP,POP3、SMTP等
- 表示层
- 提供各种用于应用层数据的编码和转换功能,确保一个系统的应用层发送的数据能被另一个系统的应用层识别。数据压缩和加密也是表示层可提供的转换功能之一
- 会话层
- 会话层就是负责建立、管理和终止表示层实体之间的通信会话。该层的通信由不同设备中的应用程序之间的服务请求和响应组成。
- 传输层
- 建立了主机端到端的链接,传输层的作用是为上层协议提供端到端的可靠和透明的数据传输服务,包括处理差错控制和流量控制等问题
- 网络层
- 本层通过IP寻址来建立两个节点之间的连接,为源端的运输层送来的分组,选择合适的路由和交换节点,正确无误地按照地址传送给目的端的运输层
- 数据链路层
- 将比特组合成字节,再将字节组合成帧,使用链路层地址 (以太网使用MAC地址)来访问介质,并进行差错检测。
- 数据链路层又分为2个子层:逻辑链路控制子层(LLC)和媒体访问控制子层(MAC)。
- 物理层
- 通过物理介质传输比特流。规定了电平、速度和电缆针脚。
OSI七层模型只是一个理想的模型,很少有系统能够具有所有的七层,由此衍生出TCP/IP五层协议: 物理层,数据链路层,网络层,传输层,应用层
两个模型功能类似,对应关系如下:
8、总结描述TCP三次握手四次挥手
TCP三次握手:
- 共5种状态:
- CLOSED 关闭
- LISTEN 收听
- SYN-SENT 同步已发送
- SYN-RCVD 同步收到
- ESTAB-LISHED 已建立连接
范例:从10.0.0.101 ssh 10.0.0.100
第一次握手:
第二次握手:
第三次握手:
注:上图中sequence number有相对编号和绝对编号2个值
TCP四次挥手
增加了6种状态:
- FIN-WAIT-1: 终止等待1
- FIN-WAIT-2: 终止等待2
- CLOSE-WAIT: 关闭等待
- TIME-WAIT: 时间等待, 2MSL
- LAST-ACK: 最后确认
- 另 CLOSING : 双方同时尝试关闭传输连接,等待对方确认(较少见)
范例:关闭从10.0.0.101 ssh 10.0.0.100的连接过程
实际过程中不一定都有4次挥手,客户端先发送一个FIN给服务端,自己进入了FIN_WAIT_1状态,这时等待接收服务端的报文,该报文会有三种可能:
- 只收到服务器的ACK,正常4次挥手流程
- 只有服务端的FIN,回应一个ACK给服务端,进入CLOSING状态,然后接
收到服务端的ACK时,进入TIME_WAIT状态 - 同时收到服务端的ACK和FIN,直接进入TIME_WAIT状态
处于FIN_WAIT_2状态的客户端需要等待服务器发送结束报文段,才能转移至
TIME_WAIT状态,否则它将一直停留在这个状态(比如未等服务器关闭连接客户端就强行退出了),客户端连接由内核来接管,可称之为孤儿连接
Linux为了防止孤儿连接长时间存留在内核中,定义了两个内核参数:
- /proc/sys/net/ipv4/tcp_max_orphans 指定内核能接管的孤儿连接数目
- /proc/sys/net/ipv4/tcp_fin_timeout 指定孤儿连接在内核中生存的时间
9、描述TCP和UDP区别
TCP: 面向连接,可靠传输, email 下载 文件管理等
UDP: 无连接, 不可靠传输,应用于视频 语音等
10、网卡绑定bond0的实现
Mode 0 (balance-rr)
- 轮转(Round-robin)策略:从头到尾顺序的在每一个slave接口上面发送数据包。本模式提供负载均衡和容错的能力
Bonding配置
创建bonding设备的配置文件
- 创建/etc/sysconfig/network-scripts/ifcfg-bond0
- DEVICE=bond0
- BOOTPROTO=none
- BONDING_OPTS= “miimon=100 mode=0”
- IPADDR=XXX
- PREFIX=XX
- GATEWAY=XXX
- DNS1=XXX
- 修改/etc/sysconfig/network-scripts/ifcfg-eth0
- DEVICE=eth0
- BOOTPROTO=none
- MASTER=bond0
- SLAVE=yes
- USERCTL=no (关闭NetworkManager)
查看bond0状态:/proc/net/bonding/bond0