计划及顺序步骤，调整思路清晰

第0步设置环境，本地访问虚拟机（折腾几天，一直没成功过）

0.0 疑问笔记及看相关书籍的计划

需要了解Linux防火墙方面

1. iptables？service iptables status | stop | restart | save iptables -F -X -Z iptables -P INPUT ACCEPT iptables -P OUTPUT ACCEPT systemctl enable | stop | start | restart | reload iptables
2. vi /etc/sysconfig/iptables yum install iptables-services systemctl restart iptables.service
3. selinux？vim /etc/selinux/config
4. firewall? systemctl stop firewalld systemctl mask firewalld
5. bash?
6. yum rpm，不仅仅知道安装，而且需要知道rpm里面有啥东西，这么奥秘。
7. /bin/systemctl start mysqld.service more my.cnf
8. service httpd start /bin/systemctl status httpd.service？yum install httpd?
9. chown -R mysql:mysql;chown -R mysql:mysql /data
10. locate mysql
11. logout
12. -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
13. top

0.1 环境

笔记本
Linux 系统：centos 7.3
版本：1.6 mysql 二进制包 1.7 源代码包
用户密码：wyc admin@111
root：hello123
ip：192.168.9.131/24
gateway：192.168.9.2
dns1：不用说了吧，这个一定要配置。网关可以配的

台式机（在家的）
Linux 系统：centos 7.3
版本：1.0
用户密码：wyc admin@111
root：soft123
ip：192.168.110.134/24
gateway：192.168.110.134
dns1：192.168.110.134

0.2 配置网络

笔记本

[root@localhost wyc]# cat /etc/sysconfig/network-scripts/ifcfg-ens33 
TYPE=Ethernet
BOOTPROTO=static # or none
DEFROUTE=yes
PEERDNS=yes
PEERROUTES=yes
IPV4_FAILURE_FATAL=no
IPADDR=192.168.9.131
PREFIX=24
GATEWAY=192.168.9.2
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens33
UUID=bf155152-bc5f-49fe-828c-71cf6f242b1f
DEVICE=ens33
ONBOOT=yes
DNS1=202.97.224.68 #公司的dns
[root@localhost wyc]# service network restart
Restarting network (via systemctl):                        [  OK  ]
[root@localhost wyc]# ping www.baidu.com
PING www.a.shifen.com (220.181.112.244) 56(84) bytes of data.
64 bytes from 220.181.112.244 (220.181.112.244): icmp_seq=1 ttl=128 time=28.9 ms
64 bytes from 220.181.112.244 (220.181.112.244): icmp_seq=2 ttl=128 time=29.3 ms
^C
--- www.a.shifen.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1002ms
rtt min/avg/max/mdev = 28.976/29.147/29.318/0.171 ms

台式机

[root@localhost wyc]# cat /etc/sysconfig/network-scripts/ifcfg-ens32
TYPE=Ethernet
BOOTPROTO=static
DEFROUTE=yes
PEERDNS=yes
PEERROUTES=yes
IPV4_FAILURE_FATAL=no
IPADDR=192.168.110.134
PREFIX=24
GATEWAY=192.168.110.2
DNS1=192.168.110.2 #在家无dns，只能用网关
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens32
UUID=70b5ac36-84e2-4b85-862d-1716d77bf1b3
DEVICE=ens32
ONBOOT=yes
[root@localhost wyc]# ping www.baidu.com
PING www.baidu.com (220.181.111.37) 56(84) bytes of data.
64 bytes from 220.181.111.37 (220.181.111.37): icmp_seq=1 ttl=128 time=27.3 ms
64 bytes from 220.181.111.37 (220.181.111.37): icmp_seq=2 ttl=128 time=26.2 ms
^C
--- www.baidu.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1002ms
rtt min/avg/max/mdev = 26.268/26.832/27.396/0.564 ms

0.3 本地访问虚拟机（没成功过）

笔记本
虚拟机内部

1. ping 127.0.0.1,通的；但是浏览器无法访问
   localhots：是不经网卡传输的，它不受网络防火墙和网卡相关的的限制。
   127.0.0.1：是通过网卡传输的，它依赖网卡，并受到网络防火墙和网卡相关的限制。localhots 与 127.0.0.1的区别 ¹
2. hostname：localhost.localdomain （cat /etc/hostname） reboot 为了确定一下，结果是bogon。
   修改：

[root@#localhost ~]# cat /etc/hostname
#localhost.localdomain
localhost

3. 本地无法访问，ping通的
4. iptables （目录里没有，/etc/sysconfig/没有iptables，centos6和7的区别需要安装，因为配给端口，yum httpd的话，本地应该不会访问，关系不大，上次126，没安装能访问，很奇怪了！）要安装。² 安装前要关闭防火墙，实际上防火墙有三种（和我的以为结合）：iptables firewalld SELinux
5. yum install iptables-services yum知识点 ³
   
   台式机
   修改hostname，reboot。方法见笔记本。

0.3.0 SELinux 修改

reboot前，修改配置。

[root@localhost ~]# vi /etc/selinux/config
[root@localhost ~]# cat /etc/selinux/config

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
#SELINUX=enforcing
SELINUX=disabled
# SELINUXTYPE= can take one of three two values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected. 
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted 

reboot后，检查是否关掉。 ⁴

[root@#localhost ~]# /usr/sbin/sestatus 
SELinux status:                 disabled
[root@#localhost ~]# getenforce
Disabled
[root@#localhost ~]# 

还是内部外部无法访问。

0.3.1 iptables CentOS 6 与 CentOS 7的区别，随着更新，/etc/sysconfig/里面iptables没了，需要yum安装，安装前关防火墙。

[10:01:11][root@#localhost ~]# service iptables stop
[10:01:11]Redirecting to /bin/systemctl stop  iptables.service
[10:01:11]Failed to stop iptables.service: Unit iptables.service not loaded.
[10:01:33][root@#localhost ~]# systemctl stop firewalld
[10:01:48][root@#localhost ~]# service iptables status
[10:01:48]Redirecting to /bin/systemctl status  iptables.service
[10:01:48]Unit iptables.service could not be found.
[10:02:05][root@#localhost ~]# systemctl status firewalld
[10:02:05]● firewalld.service - firewalld - dynamic firewall daemon
[10:02:05]   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
[10:02:05]   Active: inactive (dead) since Wed 2019-03-13 10:01:34 CST; 31s ago
[10:02:05]     Docs: man:firewalld(1)
[10:02:05] Main PID: 742 (code=exited, status=0/SUCCESS)
[10:02:05]
[10:02:05]Mar 13 09:29:38 localhost.localdomain systemd[1]: Starting firewalld - d...
[10:02:05]Mar 13 09:29:38 localhost.localdomain systemd[1]: Started firewalld - dy...
[10:02:05]Mar 13 10:01:33 #localhost.localdomain systemd[1]: Stopping firewalld - ...
[10:02:05]Mar 13 10:01:34 #localhost.localdomain systemd[1]: Stopped firewalld - d...
[10:02:05]Hint: Some lines were ellipsized, use -l to show in full.

台式机

[root@#localhost ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
   Active: inactive (dead)
     Docs: man:firewalld(1)
[root@#localhost ~]# ^C
[root@#localhost ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
   Active: inactive (dead)
     Docs: man:firewalld(1)

和笔记本不同？

[root@#localhost ~]# systemctl stop firewalld
[root@#localhost ~]# yum install iptables-services
[root@#localhost ~]# systemctl enable iptables
Created symlink from /etc/systemd/system/basic.target.wants/iptables.service to /usr/lib/systemd/system/iptables.service.
[root@#localhost ~]# service iptables stop
Redirecting to /bin/systemctl stop  iptables.service

0.3.2 firewalld 配置端口

台式机
虚拟机内部

1. vim /etc/hostname localhost.localdomain
2. 关闭防火墙 ⁵
   解决办法：
   不管防火墙关没关，都是用systemctl stop firewalld 关闭防火墙
   然后使用yum install iptables-service 安装或者更新服务
   这个时候是这样的：
   然后使用systemctl enable iptables 启动iptables
   最后使用systemctl start iptables 打开iptables
   试试service iptables restart | stop

笔记本
iptables firewalld selinux all stop，还是不行。试试配端口，应该开放端口吧？配了，还是不行，是时候yum httpd了
7. 深入了解firewalld和iptables ⁶
8. 开启防火墙，配置80 ⁷，注意centos 6 和 centos 7的区别，结果无法开防火墙。通过网址已解决。 ⁸

[root@#localhost ~]# systemctl status firewalld
● firewalld.service
   Loaded: masked (/dev/null; bad)
   Active: inactive (dead) since Wed 2019-03-13 14:49:29 CST; 43min ago
 Main PID: 759 (code=exited, status=0/SUCCESS)

Mar 13 14:30:50 localhost.localdomain systemd[1]: Starting firewalld - dynamic firewall daemon...
Mar 13 14:30:53 localhost.localdomain systemd[1]: Started firewalld - dynamic firewall daemon.
Mar 13 14:49:28 #localhost.localdomain systemd[1]: Stopping firewalld - dynamic firewall daemon...
Mar 13 14:49:29 #localhost.localdomain systemd[1]: Stopped firewalld - dynamic firewall daemon.
Mar 13 15:22:48 #localhost.localdomain systemd[1]: Cannot add dependency job for unit firewalld.service, ignoring: Unit is masked.
Mar 13 15:22:48 #localhost.localdomain systemd[1]: Cannot add dependency job for unit firewalld.service, ignoring: Unit is masked.

配置

[root@#localhost ~]# systemctl start firewalld.service
Failed to start firewalld.service: Unit is masked.
[root@#localhost ~]# systemctl unmask firewalld.service  #台式机不需要，因为没执行mask
Removed symlink /etc/systemd/system/firewalld.service.
[root@#localhost ~]# systemctl start firewalld.service
[root@#localhost ~]# firewall-cmd --list-ports
[root@#localhost ~]# firewall-cmd --zone=public --add-port=80/tcp --permanent
success
[root@#localhost ~]# firewall-cmd --reload
success
[root@#localhost ~]# firewall-cmd --state
running
[root@#localhost ~]# firewall-cmd --list-ports
80/tcp

台式机
[root@#localhost ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
   Active: active (running) since Thu 2019-03-14 19:25:08 CST; 2min 40s ago
     Docs: man:firewalld(1)
 Main PID: 3791 (firewalld)
   CGroup: /system.slice/firewalld.service
           └─3791 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid

Mar 14 19:25:07 #localhost.localdomain systemd[1]: Starting firewalld - dynam...
Mar 14 19:25:08 #localhost.localdomain systemd[1]: Started firewalld - dynami...
Hint: Some lines were ellipsized, use -l to show in full.

笔记本
关防火墙

[19:42:36][root@localhost ~]# service iptables stop
[19:42:36]Redirecting to /bin/systemctl stop  iptables.service
[19:42:36]Failed to stop iptables.service: Unit iptables.service not loaded.
[19:43:38][root@localhost ~]# systemctl stop firewalld
[19:44:27][root@localhost ~]# service iptables stop
[19:44:36][root@localhost ~]# service iptables status
[19:44:36]Redirecting to /bin/systemctl status  iptables.service
[19:44:36]Unit iptables.service could not be found.
[19:45:04][root@localhost ~]# systemctl stop firewalld
[19:45:05][root@localhost ~]# systemctl stop firewalld
[19:45:24][root@localhost ~]# systemctl status firewalld
[19:45:24]● firewalld.service - firewalld - dynamic firewall daemon
[19:45:24]   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
[19:45:24]   Active: inactive (dead) since Wed 2019-03-13 19:43:40 CST; 1min 44s ago
[19:45:24]     Docs: man:firewalld(1)
[19:45:24]  Process: 783 ExecStart=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS (code=exited, status=0/SUCCESS)
[19:45:24] Main PID: 783 (code=exited, status=0/SUCCESS)
[19:45:24]
[19:45:24]Mar 13 19:09:43 localhost.localdomain systemd[1]: Starting firewalld - dynami...
[19:45:24]Mar 13 19:09:43 localhost.localdomain systemd[1]: Started firewalld - dynamic...
[19:45:24]Mar 13 19:43:39 localhost.localdomain systemd[1]: Stopping firewalld - dynami...
[19:45:24]Mar 13 19:43:40 localhost.localdomain systemd[1]: Stopped firewalld - dynamic...
[19:45:24]Hint: Some lines were ellipsized, use -l to show in full.
[19:46:38][root@localhost ~]# systemctl disable firewalld
[19:46:38]Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[19:46:38]Removed symlink /etc/systemd/system/basic.target.wants/firewalld.service.

折腾半天还是这样，本地无法访问虚拟机，
①考虑该不该安装yum install httpd 思路：安装后，内部可以访问，但外部不一定访问，联系不是特别大。
②该不该配置端口？还是不行，新思路：内部问不到，外部没意义。所以yum httpd。

https://www.cnblogs.com/moxiaoan/p/5683743.html

0.3.3 yum install httpd

台式机
安装后，无法访问127.0.0.1
service httpd start 后，内部外部都可以访问了

笔记本
试试ping 127.0.0.1和192.168.9.131，通的
试试访问内部和外部，还是不行
看下service httpd status 结果没有

安装yum httpd，结果锁死
用rm -rf /var/run/yum.pid，然后ok
可以访问了，但没试过虚拟机两个系统，另一个能不访问。

版本 1.7
没配firewall tcp 80，内部外部都可以访问。
下次计划，不动selinux，试试能不访问，还有两个防火墙也要试试。

第1步安装MySQL，用二进制包yum安装（小白专用）绝不推荐！是时候用源代码包安装（高手专用）

1.0 疑问笔记

1. my.cnf
   datadir=/var/lib/mysql
   socket=/var/lib/mysql/mysql.sock
   symbolic-links=0
   log-error=/var/log/mysqld.log
   pid-file=/var/run/mysqld/mysqld.pid
   validate_password=off
2. rm -rf /var/run/yum.pid yum install mysql-server
3. service mysqld？mysql？ restart
4. –nodeps

1.1 我用二进制包安装。

做过笔记，见网址：https://blog.csdn.net/weixin_39498617/article/details/88239313
关于rpm知识点，软件包管理器。³

rm -rf /var/run/yum.pid （1.6版本）没使用过，顺利安装了。

my.cnf，**一毛没碰过，因为我不用源码包安装，用yum rpm安装自动来的。**时间记录为2019年3月13日09:51:13

[root@#localhost ~]# cat /etc/my.cnf
# For advice on how to change settings please see
# http://dev.mysql.com/doc/refman/5.7/en/server-configuration-defaults.html

[mysqld]
#
# Remove leading # and set to the amount of RAM for the most important data
# cache in MySQL. Start at 70% of total RAM for dedicated server, else 10%.
# innodb_buffer_pool_size = 128M
#
# Remove leading # to turn on a very important data integrity option: logging
# changes to the binary log between backups.
# log_bin
#
# Remove leading # to set options mainly useful for reporting servers.
# The server defaults are faster for transactions and fast SELECTs.
# Adjust sizes as needed, experiment to find the optimal values.
# join_buffer_size = 128M
# sort_buffer_size = 2M
# read_rnd_buffer_size = 2M
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock

# Disabling symbolic-links is recommended to prevent assorted security risks
symbolic-links=0

log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid
-------------------------------------------------------------------------------
[root@#localhost ~]# service mysqld restart
Redirecting to /bin/systemctl restart  mysqld.service
[root@#localhost ~]# grep "password" /var/log/mysqld.log
2019-03-13T01:52:51.273338Z 1 [Note] A temporary password is generated for root@localhost: h05hJmb?Ejtn
-------------------------------------------------------------------------------
mysql> alter user 'root'@'localhost' identified by 'password'; 44W39y56c!@

源代码包安装

第2步安装zabbix，这步骤很复杂，但一定要做笔记，优化分析！

遇到error，认真看下错误的原因，同时做笔记

2.0 疑问笔记

1. vi /etc/zabbix/zabbix_server.conf

2.1 安装zabbix zabbix官网 ⁹ zabbix产品手册 ¹⁰

yum clean all
wget https://repo.zabbix.com/zabbix/4.0/rhel/7/x86_64/zabbix-release-4.0-1.el7.noarch.rpm

两个网址有不同步骤的地方
特别是zabbix-proxy-mysql？zabbix-agent？

yum install zabbix-server-mysql
安装ok，但是担心中途会碰到问题，因为my.cnf还是默认，我一毛没动过，如3306里面没有。因为我用的是二进制包安装。还是详细看下教程，因为官网教程不完整。这时我再克隆一个centos 7.3 1.7，用源代码包安装，因为mysql路径不同，会影响zabbix安装不顺利！

---

看下教程 ¹¹

做笔记记录时间

2019年3月12日15:58:53
2019年3月12日20:04:46
2019年3月13日
2019年3月14日09:00:47
2019年3月14日11:33:35
2019年3月15日16:25:16

参考文献

---

1. https://blog.csdn.net/xingxiupaioxue/article/details/80832833 ↩︎

2. https://blog.csdn.net/a837201942/article/details/76690916 ↩︎

3. https://www.linuxprobe.com/chapter-01.html ↩︎ ↩︎

4. https://blog.csdn.net/GGxiaobai/article/details/53505095 ↩︎

5. https://blog.csdn.net/lcyong_/article/details/78928223
   https://blog.csdn.net/Honnyee/article/details/81535464
   https://blog.csdn.net/Post_Yuan/article/details/78603212 ↩︎

6. https://blog.csdn.net/ken1583096683/article/details/82454332 ↩︎

7. https://www.cnblogs.com/apolloren/p/9989752.html ↩︎

8. https://www.centos.bz/2017/11/解决centos7出现的failed-to-start-firewalld-service问题/ ↩︎

9. https://www.zabbix.com/cn/download?zabbix=4.0&os_distribution=centos&os_version=7&db=mysql ↩︎

10. https://www.zabbix.com/documentation/4.0/zh/manual/installation/install_from_packages/rhel_centos ↩︎

11. ↩︎