计划及顺序步骤,调整思路清晰
第0步设置环境,本地访问虚拟机(折腾几天,一直没成功过)
0.0 疑问笔记及看相关书籍的计划
需要了解Linux防火墙方面
- iptables?service iptables status | stop | restart | save iptables -F -X -Z iptables -P INPUT ACCEPT iptables -P OUTPUT ACCEPT systemctl enable | stop | start | restart | reload iptables
- vi /etc/sysconfig/iptables yum install iptables-services systemctl restart iptables.service
- selinux?vim /etc/selinux/config
- firewall? systemctl stop firewalld systemctl mask firewalld
- bash?
- yum rpm,不仅仅知道安装,而且需要知道rpm里面有啥东西,这么奥秘。
- /bin/systemctl start mysqld.service more my.cnf
- service httpd start /bin/systemctl status httpd.service?yum install httpd?
- chown -R mysql:mysql;chown -R mysql:mysql /data
- locate mysql
- logout
- -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
- top
0.1 环境
笔记本
Linux 系统:centos 7.3
版本:1.6 mysql 二进制包 1.7 源代码包
用户密码:wyc admin@111
root:hello123
ip:192.168.9.131/24
gateway:192.168.9.2
dns1:不用说了吧,这个一定要配置。网关可以配的
台式机(在家的)
Linux 系统:centos 7.3
版本:1.0
用户密码:wyc admin@111
root:soft123
ip:192.168.110.134/24
gateway:192.168.110.134
dns1:192.168.110.134
0.2 配置网络
笔记本
[root@localhost wyc]# cat /etc/sysconfig/network-scripts/ifcfg-ens33
TYPE=Ethernet
BOOTPROTO=static # or none
DEFROUTE=yes
PEERDNS=yes
PEERROUTES=yes
IPV4_FAILURE_FATAL=no
IPADDR=192.168.9.131
PREFIX=24
GATEWAY=192.168.9.2
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens33
UUID=bf155152-bc5f-49fe-828c-71cf6f242b1f
DEVICE=ens33
ONBOOT=yes
DNS1=202.97.224.68 #公司的dns
[root@localhost wyc]# service network restart
Restarting network (via systemctl): [ OK ]
[root@localhost wyc]# ping www.baidu.com
PING www.a.shifen.com (220.181.112.244) 56(84) bytes of data.
64 bytes from 220.181.112.244 (220.181.112.244): icmp_seq=1 ttl=128 time=28.9 ms
64 bytes from 220.181.112.244 (220.181.112.244): icmp_seq=2 ttl=128 time=29.3 ms
^C
--- www.a.shifen.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1002ms
rtt min/avg/max/mdev = 28.976/29.147/29.318/0.171 ms
台式机
[root@localhost wyc]# cat /etc/sysconfig/network-scripts/ifcfg-ens32
TYPE=Ethernet
BOOTPROTO=static
DEFROUTE=yes
PEERDNS=yes
PEERROUTES=yes
IPV4_FAILURE_FATAL=no
IPADDR=192.168.110.134
PREFIX=24
GATEWAY=192.168.110.2
DNS1=192.168.110.2 #在家无dns,只能用网关
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens32
UUID=70b5ac36-84e2-4b85-862d-1716d77bf1b3
DEVICE=ens32
ONBOOT=yes
[root@localhost wyc]# ping www.baidu.com
PING www.baidu.com (220.181.111.37) 56(84) bytes of data.
64 bytes from 220.181.111.37 (220.181.111.37): icmp_seq=1 ttl=128 time=27.3 ms
64 bytes from 220.181.111.37 (220.181.111.37): icmp_seq=2 ttl=128 time=26.2 ms
^C
--- www.baidu.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1002ms
rtt min/avg/max/mdev = 26.268/26.832/27.396/0.564 ms
0.3 本地访问虚拟机(没成功过)
笔记本
虚拟机内部
- ping 127.0.0.1,通的;但是浏览器无法访问
localhots:是不经网卡传输的,它不受网络防火墙和网卡相关的的限制。
127.0.0.1:是通过网卡传输的,它依赖网卡,并受到网络防火墙和网卡相关的限制。localhots 与 127.0.0.1的区别 1 - hostname:localhost.localdomain (cat /etc/hostname) reboot 为了确定一下,结果是bogon。
修改:
[root@#localhost ~]# cat /etc/hostname
#localhost.localdomain
localhost
- 本地无法访问,ping通的
- iptables (目录里没有,/etc/sysconfig/没有iptables,centos6和7的区别需要安装,因为配给端口,yum httpd的话,本地应该不会访问,关系不大,上次126,没安装能访问,很奇怪了!)要安装。2 安装前要关闭防火墙,实际上防火墙有三种(和我的以为结合):iptables firewalld SELinux
- yum install iptables-services yum知识点 3
台式机
修改hostname,reboot。方法见笔记本。
0.3.0 SELinux 修改
reboot前,修改配置。
[root@localhost ~]# vi /etc/selinux/config
[root@localhost ~]# cat /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
#SELINUX=enforcing
SELINUX=disabled
# SELINUXTYPE= can take one of three two values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
reboot后,检查是否关掉。 4
[root@#localhost ~]# /usr/sbin/sestatus
SELinux status: disabled
[root@#localhost ~]# getenforce
Disabled
[root@#localhost ~]#
还是内部外部无法访问。
0.3.1 iptables CentOS 6 与 CentOS 7的区别,随着更新,/etc/sysconfig/里面iptables没了,需要yum安装,安装前关防火墙。
[10:01:11][root@#localhost ~]# service iptables stop
[10:01:11]Redirecting to /bin/systemctl stop iptables.service
[10:01:11]Failed to stop iptables.service: Unit iptables.service not loaded.
[10:01:33][root@#localhost ~]# systemctl stop firewalld
[10:01:48][root@#localhost ~]# service iptables status
[10:01:48]Redirecting to /bin/systemctl status iptables.service
[10:01:48]Unit iptables.service could not be found.
[10:02:05][root@#localhost ~]# systemctl status firewalld
[10:02:05]● firewalld.service - firewalld - dynamic firewall daemon
[10:02:05] Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
[10:02:05] Active: inactive (dead) since Wed 2019-03-13 10:01:34 CST; 31s ago
[10:02:05] Docs: man:firewalld(1)
[10:02:05] Main PID: 742 (code=exited, status=0/SUCCESS)
[10:02:05]
[10:02:05]Mar 13 09:29:38 localhost.localdomain systemd[1]: Starting firewalld - d...
[10:02:05]Mar 13 09:29:38 localhost.localdomain systemd[1]: Started firewalld - dy...
[10:02:05]Mar 13 10:01:33 #localhost.localdomain systemd[1]: Stopping firewalld - ...
[10:02:05]Mar 13 10:01:34 #localhost.localdomain systemd[1]: Stopped firewalld - d...
[10:02:05]Hint: Some lines were ellipsized, use -l to show in full.
台式机
[root@#localhost ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
Active: inactive (dead)
Docs: man:firewalld(1)
[root@#localhost ~]# ^C
[root@#localhost ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
Active: inactive (dead)
Docs: man:firewalld(1)
和笔记本不同?
[root@#localhost ~]# systemctl stop firewalld
[root@#localhost ~]# yum install iptables-services
[root@#localhost ~]# systemctl enable iptables
Created symlink from /etc/systemd/system/basic.target.wants/iptables.service to /usr/lib/systemd/system/iptables.service.
[root@#localhost ~]# service iptables stop
Redirecting to /bin/systemctl stop iptables.service
0.3.2 firewalld 配置端口
台式机
虚拟机内部
- vim /etc/hostname localhost.localdomain
- 关闭防火墙 5
解决办法:
不管防火墙关没关,都是用systemctl stop firewalld 关闭防火墙
然后使用yum install iptables-service 安装或者更新服务
这个时候是这样的:
然后使用systemctl enable iptables 启动iptables
最后使用systemctl start iptables 打开iptables
试试service iptables restart | stop
笔记本
iptables firewalld selinux all stop,还是不行。试试配端口,应该开放端口吧?配了,还是不行,是时候yum httpd了
7. 深入了解firewalld和iptables 6
8. 开启防火墙,配置80 7,注意centos 6 和 centos 7的区别,结果无法开防火墙。通过网址已解决。 8
[root@#localhost ~]# systemctl status firewalld
● firewalld.service
Loaded: masked (/dev/null; bad)
Active: inactive (dead) since Wed 2019-03-13 14:49:29 CST; 43min ago
Main PID: 759 (code=exited, status=0/SUCCESS)
Mar 13 14:30:50 localhost.localdomain systemd[1]: Starting firewalld - dynamic firewall daemon...
Mar 13 14:30:53 localhost.localdomain systemd[1]: Started firewalld - dynamic firewall daemon.
Mar 13 14:49:28 #localhost.localdomain systemd[1]: Stopping firewalld - dynamic firewall daemon...
Mar 13 14:49:29 #localhost.localdomain systemd[1]: Stopped firewalld - dynamic firewall daemon.
Mar 13 15:22:48 #localhost.localdomain systemd[1]: Cannot add dependency job for unit firewalld.service, ignoring: Unit is masked.
Mar 13 15:22:48 #localhost.localdomain systemd[1]: Cannot add dependency job for unit firewalld.service, ignoring: Unit is masked.
配置
[root@#localhost ~]# systemctl start firewalld.service
Failed to start firewalld.service: Unit is masked.
[root@#localhost ~]# systemctl unmask firewalld.service #台式机不需要,因为没执行mask
Removed symlink /etc/systemd/system/firewalld.service.
[root@#localhost ~]# systemctl start firewalld.service
[root@#localhost ~]# firewall-cmd --list-ports
[root@#localhost ~]# firewall-cmd --zone=public --add-port=80/tcp --permanent
success
[root@#localhost ~]# firewall-cmd --reload
success
[root@#localhost ~]# firewall-cmd --state
running
[root@#localhost ~]# firewall-cmd --list-ports
80/tcp
台式机
[root@#localhost ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
Active: active (running) since Thu 2019-03-14 19:25:08 CST; 2min 40s ago
Docs: man:firewalld(1)
Main PID: 3791 (firewalld)
CGroup: /system.slice/firewalld.service
└─3791 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid
Mar 14 19:25:07 #localhost.localdomain systemd[1]: Starting firewalld - dynam...
Mar 14 19:25:08 #localhost.localdomain systemd[1]: Started firewalld - dynami...
Hint: Some lines were ellipsized, use -l to show in full.
笔记本
关防火墙
[19:42:36][root@localhost ~]# service iptables stop
[19:42:36]Redirecting to /bin/systemctl stop iptables.service
[19:42:36]Failed to stop iptables.service: Unit iptables.service not loaded.
[19:43:38][root@localhost ~]# systemctl stop firewalld
[19:44:27][root@localhost ~]# service iptables stop
[19:44:36][root@localhost ~]# service iptables status
[19:44:36]Redirecting to /bin/systemctl status iptables.service
[19:44:36]Unit iptables.service could not be found.
[19:45:04][root@localhost ~]# systemctl stop firewalld
[19:45:05][root@localhost ~]# systemctl stop firewalld
[19:45:24][root@localhost ~]# systemctl status firewalld
[19:45:24]● firewalld.service - firewalld - dynamic firewall daemon
[19:45:24] Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
[19:45:24] Active: inactive (dead) since Wed 2019-03-13 19:43:40 CST; 1min 44s ago
[19:45:24] Docs: man:firewalld(1)
[19:45:24] Process: 783 ExecStart=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS (code=exited, status=0/SUCCESS)
[19:45:24] Main PID: 783 (code=exited, status=0/SUCCESS)
[19:45:24]
[19:45:24]Mar 13 19:09:43 localhost.localdomain systemd[1]: Starting firewalld - dynami...
[19:45:24]Mar 13 19:09:43 localhost.localdomain systemd[1]: Started firewalld - dynamic...
[19:45:24]Mar 13 19:43:39 localhost.localdomain systemd[1]: Stopping firewalld - dynami...
[19:45:24]Mar 13 19:43:40 localhost.localdomain systemd[1]: Stopped firewalld - dynamic...
[19:45:24]Hint: Some lines were ellipsized, use -l to show in full.
[19:46:38][root@localhost ~]# systemctl disable firewalld
[19:46:38]Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[19:46:38]Removed symlink /etc/systemd/system/basic.target.wants/firewalld.service.
折腾半天还是这样,本地无法访问虚拟机,
①考虑该不该安装yum install httpd 思路:安装后,内部可以访问,但外部不一定访问,联系不是特别大。
②该不该配置端口?还是不行,新思路:内部问不到,外部没意义。所以yum httpd。
https://www.cnblogs.com/moxiaoan/p/5683743.html
0.3.3 yum install httpd
台式机
安装后,无法访问127.0.0.1
service httpd start 后,内部外部都可以访问了
笔记本
试试ping 127.0.0.1和192.168.9.131,通的
试试访问内部和外部,还是不行
看下service httpd status 结果没有
安装yum httpd,结果锁死
用rm -rf /var/run/yum.pid,然后ok
可以访问了,但没试过虚拟机两个系统,另一个能不访问。
版本 1.7
没配firewall tcp 80,内部外部都可以访问。
下次计划,不动selinux,试试能不访问,还有两个防火墙也要试试。
第1步安装MySQL,用二进制包yum安装(小白专用)绝不推荐!是时候用源代码包安装(高手专用)
1.0 疑问笔记
- my.cnf
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
symbolic-links=0
log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid
validate_password=off - rm -rf /var/run/yum.pid yum install mysql-server
- service mysqld?mysql? restart
- –nodeps
1.1 我用二进制包安装。
做过笔记,见网址:https://blog.csdn.net/weixin_39498617/article/details/88239313
关于rpm知识点,软件包管理器。3
rm -rf /var/run/yum.pid (1.6版本)没使用过,顺利安装了。
my.cnf,**一毛没碰过,因为我不用源码包安装,用yum rpm安装自动来的。**时间记录为2019年3月13日09:51:13
[root@#localhost ~]# cat /etc/my.cnf
# For advice on how to change settings please see
# http://dev.mysql.com/doc/refman/5.7/en/server-configuration-defaults.html
[mysqld]
#
# Remove leading # and set to the amount of RAM for the most important data
# cache in MySQL. Start at 70% of total RAM for dedicated server, else 10%.
# innodb_buffer_pool_size = 128M
#
# Remove leading # to turn on a very important data integrity option: logging
# changes to the binary log between backups.
# log_bin
#
# Remove leading # to set options mainly useful for reporting servers.
# The server defaults are faster for transactions and fast SELECTs.
# Adjust sizes as needed, experiment to find the optimal values.
# join_buffer_size = 128M
# sort_buffer_size = 2M
# read_rnd_buffer_size = 2M
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
# Disabling symbolic-links is recommended to prevent assorted security risks
symbolic-links=0
log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid
-------------------------------------------------------------------------------
[root@#localhost ~]# service mysqld restart
Redirecting to /bin/systemctl restart mysqld.service
[root@#localhost ~]# grep "password" /var/log/mysqld.log
2019-03-13T01:52:51.273338Z 1 [Note] A temporary password is generated for root@localhost: h05hJmb?Ejtn
-------------------------------------------------------------------------------
mysql> alter user 'root'@'localhost' identified by 'password'; 44W39y56c!@
源代码包安装
第2步安装zabbix,这步骤很复杂,但一定要做笔记,优化分析!
遇到error,认真看下错误的原因,同时做笔记
2.0 疑问笔记
- vi /etc/zabbix/zabbix_server.conf
2.1 安装zabbix zabbix官网 9 zabbix产品手册 10
yum clean all
wget https://repo.zabbix.com/zabbix/4.0/rhel/7/x86_64/zabbix-release-4.0-1.el7.noarch.rpm
两个网址有不同步骤的地方
特别是zabbix-proxy-mysql?zabbix-agent?
yum install zabbix-server-mysql
安装ok,但是担心中途会碰到问题,因为my.cnf还是默认,我一毛没动过,如3306里面没有。因为我用的是二进制包安装。还是详细看下教程,因为官网教程不完整。这时我再克隆一个centos 7.3 1.7,用源代码包安装,因为mysql路径不同,会影响zabbix安装不顺利!
看下教程 11
做笔记记录时间
2019年3月12日15:58:53
2019年3月12日20:04:46
2019年3月13日
2019年3月14日09:00:47
2019年3月14日11:33:35
2019年3月15日16:25:16
参考文献
https://blog.csdn.net/xingxiupaioxue/article/details/80832833 ↩︎
https://blog.csdn.net/a837201942/article/details/76690916 ↩︎
https://blog.csdn.net/lcyong_/article/details/78928223
https://blog.csdn.net/Honnyee/article/details/81535464
https://blog.csdn.net/Post_Yuan/article/details/78603212 ↩︎https://blog.csdn.net/ken1583096683/article/details/82454332 ↩︎
https://www.centos.bz/2017/11/解决centos7出现的failed-to-start-firewalld-service问题/ ↩︎
https://www.zabbix.com/cn/download?zabbix=4.0&os_distribution=centos&os_version=7&db=mysql ↩︎
https://www.zabbix.com/documentation/4.0/zh/manual/installation/install_from_packages/rhel_centos ↩︎
- ↩︎