Linux网络项目实验------网络架构（DNS域名解析、NFS共享服务、LAMP服务、搭建论坛、PXE自动装机）

环境描述：
客户端：无任何系统的裸金属机器
DNS：192.168.10.10/24 提供DNS域名解析
PXE：192.168.10.20/24 提供DHCP,TFTP,FTP功能，DHCP地址范围（192.168.10.100/24-192.168.10.200/24）
网关可用ENSP中路由或者是Linux服务器替代（内网口：192.168.10.1/24；外网口：12.0.0.1/24）
LAMP：12.0.0.12/24 提供web论坛服务，且Apache的网站站点由NFS提供，不使用本地存储空间
NFS：12.0.0.13/24 提供共享存储空间，共享目录名为share
需求：完成所有服务构建，给客户机自动部署Linux系统，且该客户机拥有系统后可以使用www.kgc.com直接可以访问LAMP服务器中的论坛

实验要求：DNS、PXE、LAMP、NFS、网关服务器均关闭防火墙，关闭核心防护，yum环境部署。DNS和PXE服务器走内网，选择VM1网卡；LAMP和NFS服务器走外网，选择NAT网卡。真机中，将VM1网卡地址改为192.168.10.2，将VM8网卡地址改为12.0.0.2。在这里，网关用Linux服务器代替，需要增加一张网卡。

一、配置网关服务器
1.1 网卡ens33配置：

1.2 新添加网卡ens36配置（具体添加过程不做论述，需要注意要修改ens36的UUID，查看UUID可以使用命令nmcli connection）：

【在此服务器上需要开启路由转发功能】
[root@localhost ~]# vi /etc/sysctl.conf
net.ipv4.ip_forward = 1
[root@localhost ~]# sysctl -p
net.ipv4.ip_forward = 1

二、配置nfs服务器

[root@nfs ~]# yum -y install nfs-utils rpcbind
[root@nfs ~]# systemctl enable nfs
[root@nfs ~]# systemctl enable rpcbind
[root@nfs ~]# mkdir -p /opt/share ##创建共享目录##
[root@nfs ~]# vi /etc/exports ##将共享目录放进此文件内，相当于永久挂载##
/opt/share 12.0.0.0/24(rw,sync,no_root_squash)
[root@nfs ~]# systemctl start rpcbind ##先启动这个##
[root@nfs ~]# systemctl start nfs
[root@nfs ~]# showmount -e ##查看挂载目录##
Export list for nfs:
/opt/share 12.0.0.0/24

三、DNS服务器配置

[root@dns ~]# yum -y install bind
[root@dns ~]# yum -y install bind-chroot
[root@dns ~]# vi /etc/named.conf
options {
listen-on port 53 { 192.168.10.10; };
listen-on-v6 port 53 { ::1; };
directory “/var/named”;
dump-file “/var/named/data/cache_dump.db”;
statistics-file “/var/named/data/named_stats.txt”;
memstatistics-file “/var/named/data/named_mem_stats.txt”;
recursing-file “/var/named/data/named.recursing”;
secroots-file “/var/named/data/named.secroots”;
allow-query { any; };
[root@dns ~]# vi /etc/named.rfc1912.zones
zone “kgc.com” IN {
type master;
file “kgc.com.zone”;
};

[root@dns ~]# cd /var/named
[root@dns named]# ll
total 16
drwxr-x— 7 root named 61 Oct 8 23:49 chroot
drwxrwx— 2 named named 6 Oct 30 2018 data
drwxrwx— 2 named named 6 Oct 30 2018 dynamic
-rw-r----- 1 root named 2281 May 22 2017 named.ca
-rw-r----- 1 root named 152 Dec 15 2009 named.empty
-rw-r----- 1 root named 152 Jun 21 2007 named.localhost
-rw-r----- 1 root named 168 Dec 15 2009 named.loopback
drwxrwx— 2 named named 6 Oct 30 2018 slaves
[root@dns named]# cp named.localhost kgc.com.zone
[root@dns named]# vi kgc.com.zone
$TTL 1D
@ IN SOA kgc.com. admin.kgc.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS kgc.com.
A 12.0.0.12
www IN A 12.0.0.12
[root@dns named]# chown named:named /var/named/kgc.com.zone
[root@dns named]# systemctl start named

四、lamp服务器配置

[root@lamp ~]# vi /etc/resolv.conf
nameserver 192.168.10.10 ##添加映射记录##
[root@lamp ~]# yum -y install bind-utils ##安装这个才能支持nslookup测试##

【在lamp服务器上测试域名解析状况】

4.1 编译安装HTTP服务
apr-1.6.2.tar.gz
apr-util-1.6.0.tar.gz
httpd-2.4.29.tar.gz ##将这3个包传到opt目录下##
[root@lamp opt]# tar xf apr-1.6.2.tar.gz
[root@lamp opt]# tar xf apr-util-1.6.0.tar.gz
[root@lamp opt]# tar jxf httpd-2.4.29.tar.bz2
[root@lamp opt]# mv apr-1.6.2 httpd-2.4.29/srclib/apr
[root@lamp opt]# mv apr-util-1.6.0 httpd-2.4.29/srclib/apr-util
[root@lamp opt]# yum -y install gcc gcc-c++ make pcre-devel expat-devel perl
[root@lamp opt]# cd /opt/httpd-2.4.29
[root@lamp httpd-2.4.29]# ./configure \ --prefix=/usr/local/httpd \ --enable-so \ --enable-rewrite \ --enable-charset-lite \ --enable-cgi

[root@lamp httpd-2.4.29]# make && make install
[root@lamp httpd-2.4.29]# ln -s /usr/local/httpd/conf/httpd.conf /etc/
[root@lamp httpd-2.4.29]# ln -s /usr/local/httpd/bin/* /usr/local/bin/
[root@lamp ~]# cd /lib/systemd/system/
[root@lamp system]# vim httpd.service
[Unit]
Description=The Apache HTTP Server
After=network.target
[Service]
Type=forking
PIDFile=/usr/local/httpd/logs/httpd.pid
ExecStart= /usr/local/bin/apachectl $OPTIONS
ExecrReload= /bin/kill -HUP $MAINPID
[Install]
WantedBy=multi-user.target
[root@lamp system]# systemctl start httpd
[root@lamp system]# systemctl enable httpd

【真机浏览器中测试apache服务状况】

4.2 安装mysql服务
[root@lamp ~]# yum -y install ncurses ncurses-devel bison cmake
[root@lamp ~]# useradd -s /sbin/nologin mysql
[root@lamp opt]# tar xf mysql-boost-5.7.20.tar.gz
[root@lamp opt]# cd /opt/mysql-5.7.20/
[root@lamp mysql-5.7.20]# cmake -DCMAKE_INSTALL_PREFIX=/usr/local/mysql
-DMYSQL_UNIX_ADDR=/usr/local/mysql/mysql.sock
-DSYSCONFDIR=/etc \
-DSYSTEMD_PID_DIR=/usr/local/mysql \
-DDEFAULT_CHARSET=utf8 \
-DDEFAULT_COLLATION=utf8_general_ci
-DWITH_INNOBASE_STORAGE_ENGINE=1 \
-DWITH_ARCHIVE_STORAGE_ENGINE=1
-DWITH_BLACKHOLE_STORAGE_ENGINE=1
-DWITH_PERFSCHEMA_STORAGE_ENGINE=1
-DMYSQL_DATADIR=/usr/local/mysql/data \
-DWITH_BOOST=boost \
-DWITH_SYSTEMD=1
[root@lamp opt]# make && make install
[root@lamp ~]# chown -R mysql:mysql /usr/local/mysql/
[root@lamp ~]# vi /etc/my.cnf
[client]
port = 3306
default-character-set=utf8
socket = /usr/local/mysql/mysql.sock
[mysql]
port = 3306
default-character-set=utf8
socket = /usr/local/mysql/mysql.sock
[mysqld]
user = mysql
basedir = /usr/local/mysql
datadir = /usr/local/mysql/data
port = 3306
character_set_server=utf8
pid-file = /usr/local/mysql/mysqld.pid
socket = /usr/local/mysql/mysql.sock
server-id = 1
sql_mode=NO_ENGINE_SUBSTITUTION,STRICT_TRANS_TABLES,NO_AUTO_CREATE_USER,NO_AUTO_VALUE_ON_ZERO,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,PIPES_AS_CONCAT,ANSI_QUOTES
[root@lamp ~]# chown mysql:mysql /etc/my.cnf
[root@lamp~]#echo’PATH=/usr/local/mysql/bin:/usr/local/mysql/lib:$PATH’ >> /etc/profile
[root@lamp ~]# echo ‘export PATH’ >> /etc/profile
[root@lamp ~]# source /etc/profile
[root@lamp ~]# cd /usr/local/mysql/
[root@lamp mysql]# bin/mysqld
–initialize-insecure
–user=mysql
–basedir=/usr/local/mysql
–datadir=/usr/local/mysql/data

[root@lampmysql]#cp usr/lib/systemd/system/mysqld.service /usr/lib/systemd/system/
[root@lamp mysql]# systemctl enable mysqld
[root@lamp mysql]# systemctl start mysqld
[root@lamp mysql]# netstat -anpt | grep 3306
[root@lamp mysql]# mysqladmin -u root -p password ##设置数据库密码abc123##

4.3 安装PHP
[root@lamp ~]# yum -y install
libjpeg
libjpeg-devel
libpng libpng-devel
freetype freetype-devel
libxml2
libxml2-devel
zlib zlib-devel
curl curl-devel
openssl openssl-devel
上传php-7.1.10.tar.bz2包到opt目录下
[root@lamp ~]# cd /opt
[root@lamp ~]# yum -y install bzip2 ##需要安装##
[root@lamp opt]# tar xjvf php-7.1.10.tar.bz2
[root@lamp opt]# cd php-7.1.10
[root@lamp php-7.1.10]# ./configure
–prefix=/usr/local/php
–with-apxs2=/usr/local/httpd/bin/apxs
–with-mysql-sock=/usr/local/mysql/mysql.sock
–with-mysqli
–with-zlib
–with-curl
–with-gd
–with-jpeg-dir
–with-png-dir
–with-freetype-dir
–with-openssl
–enable-mbstring
–enable-xml
–enable-session
–enable-ftp
–enable-pdo
–enable-tokenizer
–enable-zip
[root@lamp php-7.1.10]# make && make install
[root@lamp php-7.1.10]#cp php.ini-development /usr/local/php/lib/php.ini
[root@lamp php-7.1.10]# vi /usr/local/php/lib/php.ini
mysqli.default_socket = /usr/local/mysql/mysql.sock
date.timezone = Asia/Shanghai ##找到这两个，修改##

[root@lamp php-7.1.10]# /usr/local/php/bin/php -m ##验证安装的模块
[root@lamp php-7.1.10]# vi /etc/httpd.conf
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps ##在合适位置新增这两个
DirectoryIndex index.php index.html ##找到这个，修改##
[root@lamp php-7.1.10]# rm -f /usr/local/httpd/htdocs/index.html
[root@lamp php-7.1.10]# vi /usr/local/httpd/htdocs/index.php

<?php phpinfo(); ?>

[root@lamp php-7.1.10]# systemctl restart httpd

4.4 论坛安装
[root@lamp php-7.1.10]# mysql -uroot -p
Enter password: ##输入密码abc123
mysql> create database bbs;
mysql> grant all on bbs.* to ‘bbsadm’@’%’ identfied by ‘admin123’;
mysql> grant all on bbs.* to ‘bbsadm’@‘lamp’ identfied by ‘admin123’;
##授权论坛bbs账户##
mysql> flush privileges; ##刷新##
mysql> quit

##将论坛压缩包传入/opt目录下##
[root@lamp ~]# cd /opt
[root@lamp opt]# yum -y install unzip
[root@lamp opt]# unzip Discuz_X3.4_SC_UTF8.zip -d /tmp
[root@lamp ~]# cd /tmp/dir_SC_UTF8/
[root@lamp dir_SC_UTF8]# cp -r upload/ /usr/local/httpd/htdocs/share
[root@lamp dir_SC_UTF8]# cd /usr/local/httpd/htdocs/share
[root@lamp share]# mv upload/* /usr/local/httpd/htdocs/share
[root@lamp share]# rm -rf upload
[root@lamp share]# chown -R daemon ./config
[root@lamp share]# chown -R daemon ./data/
[root@lamp share]# chown -R daemon ./uc_client/
[root@lamp share]# chown -R daemon ./uc_server/data/
[root@lamp ~]# mount 12.0.0.13:/opt/share /usr/local/httpd/htdocs/share/
[root@lamp ~]# vi /etc/fstab
12.0.0.13:/opt/share /usr/local/httpd/htdocs/share/ nfs defaults,_netdev 0 0
[root@lamp ~]# mount -a ##检查永久挂载是否有错，无输出信息则表示有效##
[root@lamp ~]# init 6 ##重启永久挂载生效##
[root@lamp ~]# df -Th
…省略部分内容
12.0.0.13:/opt/share nfs4 283G 1.2G 282G 1% /usr/local/httpd/htdocs/share ##永久挂载成功##

【真机浏览器输入网址安装】
http://12.0.0.12/share/install/
数据库服务器：lamp
数据库名字： bbs
数据库用户名： bbsadm
数据库密码：admin123
管理员账号：admin123
管理员密码：abc123

注意：如果安装成功后访问失败，把/usr/local/httpd/htdocs/目录下的index.php文件删除，然后重启httpd服务。

点击share，即可进入论坛，输入账号密码后就可以登录论坛进行管理与设置

五、pxe服务器配置
5.1 准备centos安装源
[root@pxe ~]# yum -y install vsftpd
[root@pxe ~]# mkdir /var/ftp/centos7
[root@pxe ~]# cp -rf /mnt/* /var/ftp/centos7/
[root@pxe ~]# systemctl start vsftpd
[root@pxe ~]# systemctl enable vsftpd

5.2 安装TFTP服务
[root@pxe ~]# yum -y install tftp-server
[root@pxe ~]# vi /etc/xinetd.d/tftp
disable = no ##将yes改为no##
[root@pxe ~]# systemctl start tftp
[root@pxe ~]# systemctl enable tftp

5.3 准备系统内核
[root@pxe ~]# cd /mnt/images/pxeboot/
[root@pxe pxeboot]# cp vmlinuz initrd.img /var/lib/tftpboot/
[root@pxe pxeboot]# yum -y install syslinux
[root@pxe pxeboot]# cp /usr/share/syslinux/pxelinux.0 /var/lib/tftpboot/

5.4 DHCP服务的PXE设置
[root@pxe ~]# yum -y install dhcp
[root@pxe ~]# vi /etc/dhcp/dhcpd.conf
subnet 192.168.10.0 netmask 255.255.255.0 {
option routers 192.168.10.1;
option subnet-mask 255.255.255.0; option domain-name “kgc.com”;
option domain-name-servers 192.168.10.10,8.8.8.8;
default-lease-time 21600;
max-lease-time 43200;
range 192.168.10.100 192.168.10.200;
next-server 192.168.10.20;
filename “pxelinux.0”;
}
[root@pxe ~]# systemctl start dhcpd
[root@pxe ~]# systemctl enable dhcpd

5.5 配置启动菜单
[root@pxe ~]# mkdir /var/lib/tftpboot/pxelinux.cfg
[root@pxe ~]# vi /var/lib/tftpboot/pxelinux.cfg/default
default auto
prompt 1
label auto
kernel vmlinuz
append initrd=initrd.img method=ftp://192.168.10.20/centos7
label linux text
kernel vmlinuz
append text initrd=initrd.img method=ftp://192.168.10.20/centos7
label linux rescue
kernel vmlinuz
append rescue initrd=initrd.img method=ftp://192.168.10.20/centos7

六、验证PXE装机
新建一台虚拟机，无需选择镜像文件，需要注意的是，由于此PXE服务器的网卡是VM1，所以新安装的虚拟机的网卡也需要选择VM1网卡。

接下来按照正常的装系统步骤进行即可，最后reboot重启。
在新装的虚拟机中输入命令curl www.kgc.com，如下显示，证明客户端通过www.kgc.com访问论坛成功。

七、验证服务状况
7.1 网关服务器上验证
[root@localhost ~]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.10.1 netmask 255.255.255.0 broadcast 192.168.10.255
inet6 fe80::1a4a:e72d:8d33:b675 prefixlen 64 scopeid 0x20
ether 00:0c:29:6c:1e:5f txqueuelen 1000 (Ethernet)
RX packets 800 bytes 67834 (66.2 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 583 bytes 57712 (56.3 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

ens36: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 12.0.0.1 netmask 255.255.255.0 broadcast 12.0.0.255
inet6 fe80::af85:408c:6cca:dbb2 prefixlen 64 scopeid 0x20
ether 00:0c:29:6c:1e:69 txqueuelen 1000 (Ethernet)
RX packets 292 bytes 25836 (25.2 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 85 bytes 9675 (9.4 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

7.2 LAMP服务器上验证DNS域名解析效果与NFS共享