RHCSA 帳戶信息 f0主機的root密碼為 Asimov ,f0上其他用戶的密碼均為 redhat f0裡面所有虛擬系統的 root 密碼是 redhat ,請勿更改 root 密碼。serverb的root 密碼未知,需要進行密碼重置,要求請查看後面的題目。所有系統上已預裝了 SSH 密 鑰, ...
RHCSA
目錄
帳戶信息
f0主機的root密碼為 Asimov ,f0上其他用戶的密碼均為 redhat
f0裡面所有虛擬系統的 root 密碼是 redhat ,請勿更改 root 密碼。serverb的root
密碼未知,需要進行密碼重置,要求請查看後面的題目。所有系統上已預裝了 SSH 密
鑰,允許在不輸入密碼的前提下通過 SSH 進行 root 訪問。請勿對系統上的 root SSH
配置文件進行任何修改
開啟虛擬機:
[root@foundation0 ~]# virsh start bastion
[root@foundation0 ~]# virsh start servera
[root@foundation0 ~]# virsh start serverb
[root@foundation0 ~]# virsh list --all
重置虛擬機:
[root@foundation0 ~]# rht-vmctl reset bastion
[root@foundation0 ~]# rht-vmctl reset classroom
[root@foundation0 ~]# rht-vmctl reset servera
[root@foundation0 ~]# rht-vmctl reset serverb
[root@foundation0 ~]# rht-vmctl reset workstation
說明:考試需要通過圖形界面對虛擬機進行開機(start),關機(poweroff),重啟
(reboot)和重置(rebuilt)操作,重置虛擬機後,虛擬機所有的配置將會清空。
virt-manager 開啟虛擬機控制台
[root@foundation0 ~]# ssh workstation #不能直接連接servera,b
[student@workstation ~]$ ssh root@servera
虛擬機servera
⼀、配置網路地址
虛擬機servera的root密碼為redhat,請為此虛擬機配
1)主機名:servera.lab.example.com
2)IP地址:172.25.250.10/24
3)預設網關:172.25.250.254
4)DNS伺服器:172.25.250.254
[root@localhost ~]# hostnamectl set-hostname # 設置主機名servera.lab.example.com
[root@localhost ~]# bash
# 設置ip地址,網關和dns
# 首先查看網卡配置文件,如果網卡沒有配置文件需要自己創建並設置;若有配置文件直接修改即可
[root@servera ~]# cd /etc/sysconfig/network-scripts/
[root@servera network-scripts]# ls
ifcf-Wired_connection_1 #網卡名
[root@servera network-scripts]# cp ifcfg-Wired_connection_1 ifcfg-eth0
[root@servera network-scripts]# ls
ifcfg-eth0 ifcfg-Wired_connection_1
[root@servera network-scripts]# vim ifcfg-eth0
TYPE=Ethernet #方式是乙太網
BOOTPROTO=static #靜態獲取
NAME="eth0" #連接名字叫eth0
DEVICE=eth0 #設備名字叫eth0
ONBOOT=yes #開機自動激活
IPADDR=172.25.250.10 #IP
PREFIX=24 #24位子網掩碼
GATEWAY=172.25.250.254 #網關
DNS1=172.25.250.254
[root@servera network-scripts]# mv ifcfg-Wired_connection_1 /opt
[root@servera network-scripts]# ls
ifcfg-eth0
[root@servera network-scripts]# systemctl restart NetworkManager
[root@servera network-scripts]# ip a #查看
方法2 [root@servera network-scripts]# ifdown eth0:ifup eth0 #禁用再啟用
⼆、配置軟體倉庫
請配置你虛擬機的yum倉庫,地址如下:
http://content.example.com/rhel8.0/x86_64/dvd/BaseOS
http://content.example.com/rhel8.0/x86_64/dvd/AppStream
# 準備工作,清空yum倉庫,考試不需要做
[root@servera ~]# rm -rf /etc/yum.repos.d/*
#實際操作
[root@servera ~]# vim /etc/yum.repos.d/base.repo
[BaseOS]
name=BaseOS
baseurl=http://content.example.com/rhel8.0/x86_64/dvd/BaseOS
enabled=1
gpgcheck=0
[AppStream]
name=AppStream
baseurl=http://content.example.com/rhel8.0/x86_64/dvd/AppStream
enabled = 1
gpgcheck = 0
[root@servera ~]# dnf clean all #清除緩存
[root@servera ~]# dnf list all #列出
三、調試SELinux
非標準埠 82 上運行的 Web 伺服器在提供內容時遇到問題。根據需要調試並解決問題, 使其滿足以下條件:
1. 系統上的 Web 伺服器能夠提供 /var/www/html 中所有現有的 HTML 文件(註:不要刪除或以其他方式改動現有的文件內容)
2. Web 伺服器在埠 82 上提供此內容
3. Web 伺服器在系統啟動時自動啟動
# 準備工作,安裝httpd服務,修改監聽的埠號為80,考試不需要做。
[root@servera ~]# getenforce
Enforcing
[root@servera ~]# yum -y install httpd
[root@servera ~]# vim /etc/httpd/conf/httpd.conf # 修改監聽的埠號
Listen 82
[root@servera ~]# echo "tese page" > /var/www/html/index.html
[root@servera ~]# systemctl enable --now httpd #開機自啟
[root@servera ~]# systemctl status httpd #刷新狀態
# 實際操作
[root@servera ~]# systemctl restart httpd #重啟服務報錯,原因是selinux
Job for httpd.service failed because the control process exited with e
rror code.
See "systemctl status httpd.service" and "journalctl -xe" for details.
# 考試需要查看監聽的埠號為多少,再將對應的埠號(82埠)設置為httpd的標準埠即可
[root@servera ~]# semanage port -a -t http_port_t -p tcp 82
[root@servera ~]# systemctl start httpd #重啟服務
[root@servera ~]# systemctl status httpd #查看埠號82已經監聽
[root@servera ~]# firewall-cmd --add-rich-rule 'rule family=ipv4 source address=0.0.0.0/0 port port=82 protocol=tcp accept' --permanent #放行所有
success
[root@servera ~]# firewall-cmd --reload #重新載入
success
[root@servera ~]# firewall-cmd --list-all #查看
# 說明:考試環境http已經配置好了,考⽣只需要將82號埠設置為httpd的標準埠即可
如遇到無法訪問的情況請嘗試以下操作:
[root@servera ~]# ls -ldZ /var/www/html/
[root@servera ~]# semanage fcontext -d -t default_t /var/www/html/file1
[root@servera ~]# semanage fcontext -a -t httpd_sys_content_t '/var/www/html(/.*)?'
[root@servera ~]# restorecon -Rv /var/www/html/
四、創建用戶賬戶
根據下列要求創建用戶及組賬號:
1)名為admins的組
2)用戶harry,其附屬組為admins
3)用戶natasha,其附屬組還屬於admins
4)用戶alice,沒有可交互的登錄Shell,且不屬於admins組
5)harry、natasha、alice的密碼都應該是redhat
[root@servera ~]# useradd admins #創建用戶
[root@servera ~]# id admins #查看
[root@servera ~]# grep admins /etc/group
admins:x:1002:
[root@servera ~]# useradd -G admins harry #在主組admins下創建harry用戶
[root@servera ~]# useradd -G admins natasha
[root@servera ~]# grep admins /etc/group
admins:x:1002:harry,natasha
[root@servera ~]# useradd -s /sbin/nologin alice
[root@servera ~]# grep alice /etc/passwd
alice:x:1005:1005::/home/alice:/sbin/nologin
[root@servera ~]# id alice
uid=1005(alice) gid=1005(alice) groups=1005(alice)
[root@servera ~]# echo 'redhat' | passwd --stdin harry
[root@servera ~]# echo 'redhat' | passwd --stdin natasha
[root@servera ~]# echo 'redhat' | passwd --stdin alice
五、配置cron計劃任務
配置計劃任務,以用戶harry的身份每5分鐘執行一次命令 echo woshinidie
[root@servera ~]# which echo #使用絕對路徑,不要直接寫命令
/usr/bin/echo
[root@servera ~]# crontab -e -u harry
*/5 * * * * /usr/bin/echo "woshinidie"
[root@servera ~]# crontab -u harry -l
*/5 * * * * /usr/bin/echo "woshinidie"
六、創建共用目錄
創建具有以下特點的共用目錄:
1)/home/tools的所有組是admins
2)此目錄能被admins組的成員讀取、寫入和訪問,除root外其他用戶沒有這些許可權
3)在此目錄下創建的文件,其組的所有權自動設置為admins組
[root@servera ~]# mkdir /home/tools #建立一個新的子目錄
[root@servera ~]# ll /home/
[root@servera ~]# chown -R .admins /home/tools/ #改組
[root@servera ~]# chmod 2770 /home/tools/
一般 r 表示 4;w 表示 2;x 表示 1,每種身份各自的許可權是需要累加的,比如 rwx 就表示 4 + 2 + 1 = 7。比如我們最常見的 chmod 777 它就表示賦予所有的許可權,也就是說誰都能看/寫/執行,所以這種文件也存在極大的安全問題。使用數字改變文件許可權是我們最常用的一種方式。
使用符號改變文件許可權
九種文件許可權分別對應著:(1) user (2) group (3) others,所以我們可以藉由 u,g,o 來代表三種身份的許可權。除此之外,a 代表 all 即全部的身份。
SUID(4) //運行程式時,這個程式啟動的進程的屬主是程式文件自身的屬主,而不是啟動者為屬主
SGID(2) //運行程式時,這個程式啟動的進程的屬組是程式文件自身的屬組,而不是啟動者所屬的基本組
Sticky(1) //在一個公共目錄,每個人都能創建文件,刪除自己的文件,但是不能刪除別人創建的文件
4755 //有SUID,文件許可權為755
2755 //有SGID,文件許可權為755
1755 //有Sticky,文件許可權為755
//這裡前面的4、2、1分別表示SUID、SGID、Sticky
七、配置NTP時間客戶端
配置你的系統,使其成為classroom.example.com的NTP客戶端
[root@servera ~]# ls /etc/chrony.conf #如果沒有查看到該文件,yum安裝chronyd
[root@servera ~]# vim /etc/chrony.conf #修改
server classroom.example.com iburst
[root@servera ~]# systemctl restart chronyd #重啟
[root@servera ~]# chronyc sources #讀一下立即生效
210 Number of sources = 1
MS Name/IP address Stratum Poll Reach LastRx Last sample
======================================================================
=========
^* classroom.example.com 8 6 17 1 -23us[ -23us] +/- 561us
[root@servera ~]# date #對比時間
[root@classroom ~]# date #對比時間
八、配置autofs
準備工作:在serverb主機準備NFS服務端環境,過程如下,考試不需要配置
[root@serverb ~]# mkdir -p /rhome/ldapuser0
[root@serverb ~]# vim /etc/exports
/rhome/ldapuser0 *(rw)
[root@serverb ~]# systemctl restart nfs-server #重啟
[root@serverb ~]# systemctl enable --now nfs-server #自啟動
[root@serverb ~]# firewall-cmd --add-service=rpc-bind --permanent #永久添加rpc-bind
[root@serverb ~]# firewall-cmd --add-service=nfs --permanent
[root@serverb ~]# firewall-cmd --add-service=mountd --permanent
[root@serverb ~]# firewall-cmd --reload #重新載入
按照以下要求,在servera上配置autofs自動掛載
1)serverb通過NFS共用目錄/rhome到你的系統,此文件系統中包含為用戶ldapuser0
預配置的家目錄
2)預設用戶ldapuser0的家目錄應自動掛載到本地的/rhome/ldapuser0目錄
3)預設用戶ldapuser0的家目錄是serverb.lab.example.com:/rhome/ldapuser0
4)預設用戶ldapuser0的家目錄應自動掛載到本地的/rhome/ldapuser0目錄
5)掛載後的家目錄必須可讀寫
[root@servera ~]# showmount -e serverb
Export list for 172.25.250.11:
/rhome/ldapuser0 *
[root@servera ~]# dnf -y install autofs
[root@servera ~]# vim /etc/auto.master
/rhome /etc/auto.ldap
[root@servera ~]# cp /etc/auto.misc /etc/auto.ldap
[root@servera ~]# vim /etc/auto.ldap
ldapuser0 -rw serverb.lab.example.com:/rhome/ldapuser0
[root@servera ~]# systemctl enable --now autofs
[root@servera ~]# systemctl status autofs
[root@servera ~]# ls /rhome
[root@servera ~]# cd /rhome/ldapuser0
[root@servera ldapuser0]# df -h
[root@serverb ~]# setfacl -m u:nobody:rwx /rhome/ldapuser0/ ##考試可不做
[root@serverb ~]# getfacl /rhome/ldapuser0/ ##考試可不做
九、配置文件許可權
將文件/etc/fstab複製到/var/tmp/,並按要求配置/var/tmp/fstab的許可權:
1.文件/var/tmp/fstab屬於root用戶
2.文件/var/tmp/fstab屬於root組
3.任何用戶對/var/tmp/fstab都沒有可執行許可權
4.用戶harry能夠讀取和寫入/var/tmp/fstab文件
5.用戶natasha無法讀取或寫⼊/var/tmp/fstab文件
6.所有其他用戶(包括未來創建的用戶)能夠讀取/var/tmp/fstab文件
[root@servera ~]# cp /etc/fstab /var/tmp/
[root@servera ~]# ll /var/tmp/fstab
-rw-r--r--. 1 root root 427 Jun 17 17:06 /
[root@servera ~]# setfacl -m u:harry:rw- /var/tmp/fstab
[root@servera ~]# setfacl -m u:natasha:--- /var/tmp/fstab
[root@servera ~]# getfacl /var/tmp/fstab
getfacl: Removing leading '/' from absolute path names
# file: var/tmp/fstab
# owner: root
# group: root
user::rw-
user:harry:rw-
user:natasha:---
group::r--
mask::rw-
other::r--
十、配置用戶賬戶
創建用戶woshinidie,其用戶ID為2020,此用戶的密碼應當是redhat
[root@servera ~]# useradd -u 2020 woshinidie
[root@servera ~]# echo 'redhat' | passwd --stdin woshinidie
十一、查找文件
找出/etc/目錄下大小超過5MB的⽂件,並將其複製到/root/findfiles目錄下
[root@servera ~]# mkdir findfiles
[root@servera ~]# ls
[root@servera ~]# find /etc -size +5M -exec cp -r {} /root/findfiles/ \;
-perm(許可權)
-user(用戶)
-size(文件大小)
十二、查找字元串
找出文件/etc/man_db.conf中包含字元串sbin的所有行,將其按原始順序導入到文
件/root/out.txt中,文件/root/out.txt中不得包含空行
[root@servera ~]# grep sbin /etc/man_db.conf > /root/out.txt
//或者
[root@servera ~]# grep "sbin" /etc/man_db.conf |grep -v "^$" > /root/out.txt
十三、 創建歸檔
創建一個名為/root/backup.tar.bz2的tar歸檔,其應該包含/usr/local/的內容。此歸
檔文件必須使用bzip2進行壓縮
[root@servera ~]# tar -jcf /root/backup.tar.bz2 /usr/local/
[root@servera ~]# ls
[root@servera ~]# file backup.tar.bz2 # 驗證
backup.tar.bz2: bzip2 compressed data, block size = 900k
#幾種壓縮:
-z : gzip
-j : bzip2
-J : xz
十四、配置sudo提權
允許admins組的成員可以以root的身份執行任何命令,並且不需要密碼
[root@servera ~]# visudo
%admins ALL=(root) NOPASSWD: ALL //有百分號是組,沒有百分號是用戶
#測試:
[root@servera ~]# su - harry
[harry@servera ~]$ sudo useradd testuser #創建成功
十五、設置密碼預設策略
為新創建的用戶設置密碼策略,要求創建用戶時,密碼預設20 天後過期
[root@servera ~]# vim /etc/login.defs
PASS_MAX_DAYS 20
# 測試:
[root@servera ~]# useradd user1
[root@servera ~]# cat /etc/shadow
user1:!!:18782:0:20:7::: //最後一行
十六、配置umask值
設置natasha用戶創建的目錄許可權預設為733,文件許可權為622,要求永久生效
# 只需要根據目錄的許可權推算出umask即可,目錄最大許可權為777,去掉733的許可權,得到umask為044
# 為natasha設置umask值
[root@servera ~]# su - natasha
[natasha@servera ~]$ vim .bashrc
umask 044
[natasha@servera ~]$ source .bashrc //立馬執行
[natasha@servera ~]$ mkdir test
[natasha@servera ~]$ touch file
[natasha@servera ~]$ ll
total 0
-rw--w--w-. 1 natasha natasha 0 Jun 5 01:37 file
drwx-wx-wx. 2 natasha natasha 6 Jun 5 01:37 test
虛擬機serverb
十七、設置root密碼
將serverb的root密碼設置為123456
1. 重啟系統
2. 將游標移動到要啟動的內核
3. 按e編譯當前條目
4. 將游標移⾄以linux開頭的行,此為內核命令行
5. 在末尾添加rd.break
6. 按ctrl+x繼續啟動
7. 重啟以讀寫方式掛載/sysroot
switch_root:/# mount -o remount,rw /sysroot
8. 切換⾄真正操作系統的根/sysroot
switch_root:/# chroot /sysroot
9. 重置密碼
sh-4.4# echo 123456 | passwd --stdin root
10. 打標簽
sh-4.4# touch /.autorelabel
exit退出兩次
十八、配置軟體倉庫
請配置你虛擬機的yum倉庫,地址如下:
http://content.example.com/rhel8.0/x86_64/dvd/BaseOS
http://content.example.com/rhel8.0/x86_64/dvd/AppStream
[root@servera ~]# scp /etc/yum.repos.d/base.repo root@serverb:/etc/yum.repos.d/
#遠程傳輸文件,輸入更改後serverb的密碼即可
# 準備工作,清空yum倉庫,考試不需要做
[root@serverb ~]# rm -rf /etc/yum.repos.d/*
#實際操作
[root@serverb ~]# vim /etc/yum.repos.d/base.repo
[BaseOS]
name=BaseOS
baseurl=http://content.example.com/rhel8.0/x86_64/dvd/BaseOS
enabled=1
gpgcheck=0
[AppStream]
name=AppStream
baseurl=http://content.example.com/rhel8.0/x86_64/dvd/AppStream
enabled = 1
gpgcheck = 0
[root@serverb ~]# dnf clean all
[root@serverb ~]# dnf list all
十九、調整邏輯捲大小
1.預先創建2GiB的分區/dev/vdb1,並用於創建捲組testvg
2.創建大小為200MiB的邏輯捲/dev/testvg/vo,格式化為xfs文件系統,並掛載
在/mnt/vo上
3.將邏輯捲/dev/testvg/vo及其文件系統大小調整到300MiB,確保文件系統內容保
持不變。
# 準備工作
[root@serverb ~]# fdisk /dev/vdb
Welcome to fdisk (util-linux 2.32.1).
Changes will remain in memory only, until you decide to write them.
Be careful before using the write command.
Device does not contain a recognized partition table.
Created a new DOS disklabel with disk identifier 0xae75bf0a.
Command (m for help): n
Partition type
p primary (0 primary, 0 extended, 4 free)
e extended (container for logical partitions)
Select (default p): p
Partition number (1-4, default 1):
First sector (2048-10485759, default 2048):
Last sector, +sectors or +size{K,M,G,T,P} (2048-10485759, default 10485759): +2G
Created a new partition 1 of type 'Linux' and of size 2 GiB.
[root@serverb ~]# partprobe
[root@serverb ~]# lsblk
[root@serverb ~]# pvcreate /dev/vdb1
[root@serverb ~]# pvs
[root@serverb ~]# vgcreate testvg /dev/vdb1
[root@serverb ~]# lvcreate -n vo -L 200M testvg
[root@serverb ~]# mkfs.xfs /dev/testvg/vo
[root@serverb ~]# blkid /dev/testvg/vo
/dev/testvg/vo: UUID="fe323058-93db-428d-883c-2c0210cd10c6" TYPE="xfs"
[root@serverb ~]# vim /etc/fstab
UUID="fe323058-93db-428d-883c-2c0210cd10c6" /mnt/vo xfs defaults 0 0
[root@serverb ~]# mkdir /mnt/vo
[root@serverb ~]# mount -a
[root@serverb ~]# df -h #查看200M的Size
實際操作
[root@serverb ~]# lvextend -L 300M /dev/testvg/vo
[root@serverb ~]# lvs
[root@serverb ~]# df -h #發現沒有修改成功
擴展文件系統,ext類型的文件系統用resize2fs /dev/testvg/vo ,後⾯接的是邏輯捲的路徑。
[root@serverb ~]# xfs_growfs /mnt/vo #後面接的是掛載點的路徑
[root@serverb ~]# xfs_growfs /dev/testvg/vo #後面接絕對路徑也可
[root@serverb ~]# df -h
二十、添加交換分區
在系統上添加⼀個512MiB的交換分區,設置交換分區應在系統啟動時自動掛載,不要
刪除或修改系統上已存在的交換分區。
註意:要使用/dev/vdb創建一個主分區,改變分區類型為82,其餘所有/dev/vdb的空間分給擴展分區,在其上分邏輯分區。
[root@serverb ~]# fdisk /dev/vdb
Welcome to fdisk (util-linux 2.32.1).
Changes will remain in memory only, until you decide to write them.
Be careful before using the write command.
Command (m for help): n
Partition type
p primary (1 primary, 0 extended, 3 free)
e extended (container for logical partitions)
Select (default p): e #分成擴展分區
Partition number (2-4, default 2):
First sector (4196352-10485759, default 4196352):
Last sector, +sectors or +size{K,M,G,T,P} (4196352-10485759, default 10485759):
Created a new partition 2 of type 'Extended ' and of size 3 GiB.
Command (m for help): n
Partition type
p primary (1 primary, 0 extended, 3 free)
e extended (container for logical partitions)
First sector (2048-10485759, default 2048):
Last sector, +sectors or +size{K,M,G,T,P} (4196352-10485759, default 10485759): +512M
Created a new partition 5 of type 'Linux' and of size 512 MiB.
Command (m for help): l
找到82的類型
Command (m for help): t
Partition number ( 1,2,5,default 5):
Hex code (type L to list all codes):82
Changed type od partition 'Linux' to 'Linux swap / Solaris'.
Command (m for help): p
Command (m for help): w
The partition table has been altered.
Syncing disks.
Failed to add partition 5 to system: Device or resource busy
#如果報錯說無法載入或者無法讀取,就reboot重啟,重新讀取
[root@serverb ~]# mkswap /dev/vdb5 #格式化
[root@serverb ~]# blkid /dev/vdb5 #查看uuid
/dev/vdb5: UUID="f626f11c-4363-4caf-aba6-5a418ea04079" TYPE="swap"
PARTUUID="ae75bf0a-02"
[root@serverb ~]# vim /etc/fstab #寫入永久掛載
UUID=f626f11c-4363-4caf-aba6-5a418ea04079 swap swap defaults 0 0
[root@serverb ~]# free -m #查看有沒有swap分區
[root@serverb ~]# swapon -a #打開swap
[root@serverb ~]# free -m #查看
[root@serverb ~]# swapon -s
#free -m 比較直觀查看swap
Filename Type Size Used Priority
/dev/vdb2 partition 524284 0 -2
二十一、創建邏輯捲
根據以下要求,創建新的邏輯捲:
1.邏輯捲的名字為mylv,屬於myvg捲組,大小為50個pe
2.捲組myvg中的邏輯捲的pe大小應當為16MiB
3.使用vfat文件系統將邏輯捲mylv格式化
4.此邏輯捲應當在系統啟動時自動掛載到/mnt/mydata目錄下
[root@serverb ~]# fdisk /dev/vdb
Welcome to fdisk (util-linux 2.32.1).
Changes will remain in memory only, until you decide to write them.
Be careful before using the write command.
Command (m for help): n
All space for primary partitions is in use.Adding logical partition 6
First sector (5249024-10485759,default 5249024):
Last sector,+sectors or +size{K,N,6,T,P} (5249024-10485759,default 10485759):+816M
created a new partition 6 of type 'Linux' and of size 816 MiB.
Command (m for help): t
Partition number ( 1,2,5,default 5):
Hex code (type L to list all codes):8e
Command (m for help): p
Disk /dev/vdb: 5 GiB,5368709120 bytes,10485760 sectorsUnits: sectors of 1 * 512 =512 bytes
sector size (logical/physical): 512 bytes / 512 bytesI/o size (minimum/ optimal) : 512 bytes/ 512 bytes
Disklabel type: dos
Disk identifier: oxc749f3ea
Device Boot start End sectors size Id Type
/dev/vdb1 2048 4196351 4194304 2G 8e Linux LVM
/dev/vdb2 4196352 10485759 6289408 3G 5 Extended
/dev/vdb5 4198400 5246975 1048576 512M 82 Linux swap / Solaris
/dev/vdb6 5249024 6920191 1671168 816M 83 Linux
Command (m for help) : w
The partition table has been altered.syncing disks.
[root@serverb ~]# partprobe //刷新分區表
[root@serverb ~]# lsblk
[root@serverb ~]# pvcreate /dev/vdb6
Physical volume " /dev/vdb6" successfully created .
[root@serverb ~]# pvs
[root@serverb ~]# vgcreate -s 16M myvg /dev/vdb6
volume group "myvg" successfully created
[root@serverb ~]# vgs
vG #PV #LV #SN Attr VSize VFree
myvg 1 0 0 wz--n- 800.00m 800.00m
testvg 1 0 0 wz--n- <2.00g 1.70g
[root@serverb ~]# vgdisplay
--- volume group ---
VG Name myvg
vG size 800.00 MiB
PE Size 16.00 MiB
Total PE 50
Free PE / size 50 / 800.00 MiB
[root@serverb ~]# lvcreate -l 50 -n mylv myvg #指定個數
Logical volume "mylv" created .
[root@serverb ~]# lvs
[root@serverb ~]# lvdisplay
[root@serverb ~]# mkfs.vfat /dev/myvg/mylv #格式化指定到詳細
mkfs.fat 4.1(2017-01-24)
[root@serverb ~]# blkid /dev/myvg/mylv #查看uuid
/dev/myvg/mylv: UUID="D875-EE2A" TYPE="vfat"
[root@serverb ~]# mkdir /mnt/mydata
[root@serverb ~]# vim /etc/fstab
UUID="D875-EE2A" /mnt/mydata vfat defaults 0 0
[root@serverb ~]# mount -a
[root@serverb ~]# df -h
為什麼是816M,不是更大:將個數與大小相乘,多一個即可;嚴格按照要求來,如果是1G,16M一個,就不是題目的五十個,或者分了五十個,每一個裡面不是16M
二十二、創建VDO捲
根據如下要求,創建新的VDO捲:
1.使用未分區的磁碟(/dev/vdc)
2.此VDO捲的名稱為myvdo
3.此VDO捲的邏輯大小為50G
4.此VDO捲使用xfs文件系統格式化
5.此VDO捲在系統啟動時自動掛載到/vblock目錄下
dnf provides *bin/vdo //查找vdo
[root@serverb ~]# yum -y install vdo
[root@serverb ~]# man vdo
# 命令man vdo 找example
Creating VDO myvdo
Starting VDO myvdo
Starting compression on VDO myvdo
VDO instance 0 volume is ready at /dev/mapper/myvdo
[root@serverb ~]# vdo create --name=myvdo --device=/dev/vdc --vdoLogicalSize=50G
[root@serverb ~]# mkdir /vblock
[root@serverb ~]# mkfs.xfs /dev/mapper/myvdo
[root@serverb ~]# blkid /dev/mapper/myvdo
/dev/mapper/myvdo: uUID="130e8e89-e6be-4a3f-92c2-4366b40e946b"TYPE="xfs"
[root@serverb ~]# vim /etc/fstab
uuID="27a018bb-2b66-48c9-938b-588cfe14b6cd" /vblock xfs defaults,x-systemd.requires=vdo.service 0 0
[root@serverb ~]# mount -a
[root@serverb ~]# df -h
註意:掛載參數不好記的,使用man vdo 搜索fstab,附近有相關掛載參數
二十三、創建用於定位文件的腳本
1.創建名為/usr/local/bin/file.sh的腳本
2.查找 /usr 下麵所有小於10M 並有設置sgid許可權的文件
3.將查找到的文件列表保存到 /root/myfile 中
[root@servera ~]# vim /usr/local/bin/file.sh
#!/bin/bash //第一行必須加!!!
find /usr -size -10M -perm -2000 > /root/myfile //查找 /usr 下麵所有小於10M 並有設置sgid許可權的文件
[root@servera ~]# chmod a+x /usr/local/bin/file.sh
[root@servera ~]# file.sh
[root@servera ~]# cat /root/myfile
/usr/bin/write
/usr/bin/locate
/usr/libexec/utempter/utempter
/usr/libexec/openssh/ssh-keysign
⼆⼗四、配置系統調優
先查看tuned推薦的配置⽂件,並將系統的調優配置⽂件設置為throughputperformance
提示:考試要求是將系統的調優配置⽂件設置為tuned推薦的配置⽂件。
# 說明:考試題⽬中當前⽣效和配置⽂件和推薦的配置⽂件不⼀致,⽽我們的虛擬機是⼀樣的,考試只需要按照下⾯的配置做即可。
[root@serverb ~]# tuned-adm recommend #查看推薦的配置文件
virtual-guest
[root@serverb ~]# tuned-adm profile virtual-guest #指定使用該(virtual-guest)配置文件
[root@serverb ~]# tuned-adm list #確保當前⽣效的配置⽂件是系統推薦的配置⽂件即可
Available profiles:
- balanced - General non-specialized tuned profile
- desktop - Optimize for the desktop use-case
- latency-performance - Optimize for deterministic performance at the
cost of increased power consumption
- network-latency - Optimize for deterministic performance at the
cost of increased power consumption, focused on low latency network pe
rformance
- network-throughput - Optimize for streaming network throughput,
generally only necessary on older CPUs or 40G+ networks
- powersave - Optimize for low power consumption
- throughput-performance - Broadly applicable tuning that provides
excellent performance across a variety of common server workloads
- virtual-guest - Optimize for running inside a virtual guest
- virtual-host - Optimize for running KVM guests
Current active profile: virtual-guest #觀察此處是否為你所修改的配置文件,是即成功
二十五、容器開機⾃啟
- 安裝容器相關軟體
- 登錄註冊鏡像伺服器(賬號以考試環境為準)
- 使用syslog 鏡像創建一個名為 logserver 的容器
- 將其配置位 systemed 服務的形式運⾏,僅⾯向 eldorado 用戶
- 服務名應為 container-logserver,併在重新啟動系統後⾃動啟動
二十六、容器持久化存儲,通過以下⽅式拓展上一個任務服務
- 配置主機系統⽇志以在系統重新引導後保留其數據,並重新啟動⽇志服務
- 將主機/var/log/journale ⽬錄及任何⽬錄中的任何.journal ⽂件複製到⽬錄 /home/eldorado/container-journal
- 將伺服器配置位啟動時⾃動將⽬錄/home/eldorado/container-journal⽬錄到容 器中的/var/log/journal 下麵
[root@foundation0 ~]# ssh -X workstation //遠程用大X連接workstation用戶變成student
[student@workstation ~]$ lab rhcsa-compreview4 start //執行podman啟動檢查(考試沒有)
Starting lab.
Preparing serverb for lab exercise work:
· Checking the status of the container registry............... SUCCESS
· Checking that image rhel8/httpd-24:1-105 exists in the registry SUCCESS
· Creating required user containers in serverb ............... SUCCESS
· Adding containers to the wheel group on serverb............. SUCCESS
· Configuring Yum repository on serverb....................... SUCCESS
· Configuring containers access to registry on serverb........ SUCCESS
· Deploying the help files on serverb......................... SUCCESS
· Creating the web content archive on serverb................. SUCCESS
//都為SUCCESS才能執行下一步操作
[student@workstation ~]$ ssh containers@serverb //遠程連接到containers@serverb
[containers@serverb ~]$ sudo -i //切換到root用戶
[sudo] containers 的密碼:
[root@serverb ~]# mkdir /srv/web //因為要在特殊的目錄里創建目錄所以必須得root用戶
[root@serverb ~]# cd /srv/web/ //進去
[root@serverb web]# tar xf /home/containers/rhcsa-compreview4/web-content.tgz //解壓這個文件,這個文件是目前的考試環境自帶的,考試的時候是沒有的
[root@serverb web]# ls
html //這個文件是網站文件
[root@serverb web]# chown -R containers /srv/web/ //設置屬主為containers(因為接下來是用這個用戶的身份運行)
[root@serverb web]# ll /srv/web/
總用量 0
drwxr-xr-x. 2 containers root 24 8月 18 2022 html
[root@serverb web]# ll /srv/web/html/index.html
-rw-r--r--. 1 containers root 546 8月 18 2022 /srv/web/html/index.html
[root@serverb web]# dnf -y module install container-tools //安裝container-tools模組插件
[root@serverb web]# exit
[containers@serverb ~]$ cat rhcsa-compreview4/variables //考試沒有這個文件,這個只是方便我們複製粘貼的一些題目信息
Container name: web //名字
Image: registry.lab.example.com/rhel8/httpd-24 //鏡像地址和名字
Image Tag: 1-105 //版本
Host port: 8888 //主機的埠
Container port: 8080 //容器的埠
Local directory: /srv/web //本機存放網站文件的位置
Web content directory: /var/www //容器的網站存放位置
Environment variable: HTTPD_MPM=event //環境變數
[containers@serverb ~]$ podman login registry.lab.example.com --tls-verify=false //因為要拉取鏡像,所以必須登錄私有倉庫拉取,不然會直接尋找官方的docker hub倉庫(--tls-verify=false 忽略https登錄檢查)
Username: admin
Password: //此處密碼為redhat321
Login Succeeded! //看到這個說明登錄成功
[containers@serverb ~]$ podman pull registry.lab.example.com/rhel8/httpd-24:1-105 --tls-verify=false //拉取鏡像
[containers@serverb ~]$ podman run -d --name web -p 8888:8080 -v /srv/web:/var/www:Z -e HTTPD_MPM=event registry.lab.example.com/rhel8/httpd-24:1-105
//在後臺運行一個叫web的容器,埠號是真機的埠8888映射到容器的8080埠,鏈接主機的/srv/web到容器的/var/www,其中Z表示私有的,並且實時更新的那種,-e指定環境變數為HTTPD_MPM=event,然後選擇剛剛拉下來的容器即可
[containers@serverb ~]$ podman ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
63b92ee200b6 registry.lab.example.com/rhel8/httpd-24:1-105 /usr/bin/run-http... 22 seconds ago Up 20 seconds ago 0.0.0.0:8888->8080/tcp web
[containers@serverb ~]$ curl localhost:8888 //訪問本機的8888埠(localhost表示本機)
Comprehensive Review Web Content Test
Lorem ipsum dolor sit amet, consectetur adipiscing elit.
Sed sit amet lacus vestibulum, varius magna sit amet, tempus neque.
Praesent porttitor ligula a leo pharetra porttitor.
Nunc a finibus diam, a condimentum augue.
Nulla pulvinar nulla id imperdiet luctus.
Donec tempus risus quis ultricies iaculis.
Ut accumsan eu lectus eu fermentum.
Duis ac nulla turpis.
Nam aliquet elementum pellentesque.
Fusce imperdiet tortor vel ligula egestas fermentum.
Curabitur ut metus sit amet arcu ultricies vestibulum.
[containers@serverb ~]$ cat /srv/web/html/index.html //看一下真機的這個文件,發現和剛剛訪問的一樣
Comprehensive Review Web Content Test
Lorem ipsum dolor sit amet, consectetur adipiscing elit.
Sed sit amet lacus vestibulum, varius magna sit amet, tempus neque.
Praesent porttitor ligula a leo pharetra porttitor.
Nunc a finibus diam, a condimentum augue.
Nulla pulvinar nulla id imperdiet luctus.
Donec tempus risus quis ultricies iaculis.
Ut accumsan eu lectus eu fermentum.
Duis ac nulla turpis.
Nam aliquet elementum pellentesque.
Fusce imperdiet tortor vel ligula egestas fermentum.
Curabitur ut metus sit amet arcu ultricies vestibulum.
[containers@serverb ~]$ exit //退出
註銷
[student@workstation ~]$ ssh containers@serverb //再次連接containers@serverb(一定要確保是這個用戶連接的,必須是這種方式!!!)
[containers@serverb ~]$ ls -a //看看隱藏文件發現有.config
. .bash_history .bash_profile .config rhcsa-compreview4
.. .bash_logout .bashrc .local
[containers@serverb ~]$ cd .config/ //進去
[containers@serverb .config]$ ls //看看
containers
[containers@serverb .config]$ mkdir -p systemd/user //創建一個目錄為systemd/user的目錄
[containers@serverb .config]$ cd
[containers@serverb ~]$ tree .config/ //目錄結構如下
.config/
├── containers
│ └── registries.conf
└── systemd
└── user
3 directories, 1 file
[containers@serverb ~]$ cd .config/systemd/user/ //進去
[containers@serverb user]$ podman generate systemd --files --name web --new
//生成一個.service文件,名字叫web,後面的--new如果有就必須帶上如果沒有就不帶,具體的方法執行(podman generate systemd --help)查看
[containers@serverb user]$ ls //查看
container-web.service //已經生成了這個文件了
[containers@serverb user]$ podman rm -f web //刪掉正在運行的容器,不然運行這個文件的時候會出錯
[containers@serverb user]$ podman ps -a //刪除成功
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[containers@serverb user]$ systemctl --user enable --now container-web.service
//把container-web.service加入開機自啟動項,並且啟動它,以當前用戶的身份
[containers@serverb user]$ systemctl --user status container-web.service
//查看狀態
● container-web.service - Podman container-web.service
Loaded: loaded (/home/containers/.config/systemd/user/container-web.service; enab>
Active: active (running) since Thu 2022-05-19 19:54:01 CST; 10s ago //起來了
Docs: man:podman-generate-systemd(1)
Process: 27928 ExecStart=/usr/bin/podman run --conmon-pidfile /run/user/1002/conta>
Process: 27927 ExecStartPre=/usr/bin/rm -f /run/user/1002/container-web.service-pi>
Main PID: 27967 (conmon)
CGroup: /user.slice/user-1002.slice/[email protected]/container-web.service
├─27943 /usr/bin/fuse-overlayfs -o lowerdir=/home/containers/.local/share>
├─27944 /usr/bin/slirp4netns --disable-host-loopback --mtu 65520 --enable>
├─27947 containers-rootlessport
├─27954 containers-rootlessport-child
├─27967 /usr/bin/conmon --api-version 1 -c 847f499c9bc1b4d7409101897c6b15>
└─847f499c9bc1b4d7409101897c6b157e265a423f4634021aa389c60a9de293f8
├─27978 httpd -D FOREGROUND
├─28022 /usr/bin/coreutils --coreutils-prog-shebang=cat /usr/bin/cat
├─28023 /usr/bin/coreutils --coreutils-prog-shebang=cat /usr/bin/cat
├─28024 /usr/bin/coreutils --coreutils-prog-shebang=cat /usr/bin/cat
├─28025 /usr/bin/coreutils --coreutils-prog-shebang=cat /usr/bin/cat
├─28026 httpd -D FOREGROUND
├─28027 httpd -D FOREGROUND
├─28045 httpd -D FOREGROUND
└─28064 httpd -D FOREGROUND
5月 19 19:53:59 serverb.lab.example.com systemd[24936]: Starting Podman container-we>
5月 19 19:54:01 serverb.lab.example.com systemd[24936]: Started Podman container-web>
[containers@serverb user]$ podman ps -a //查看現在新建了個容器出來了
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
847f499c9bc1 registry.lab.example.com/rhel8/httpd-24:1-105 /usr/bin/run-http... 26 seconds ago Up 25 seconds ago 0.0.0.0:8888->8080/tcp web
[containers@serverb user]$ loginctl enable-linger //這一步最重要!!!,讓這個虛擬機啟動的時候載入所有用戶(不知道這樣翻譯對不對望指教)
[containers@serverb user]$ exit //退出當前用戶到student
註銷
[student@workstation ~]$ lab rhcsa-compreview4 grade //執行podman完成後自檢程式(考試沒有)
Grading the student's work on serverb:
· The web content is extracted in /srv/web.................... PASS
· The web content is availabre through port 8888.............. PASS
· Required container packages exist........................... PASS
· The web container exists.................................... PASS
· The container is using the correct image.................... PASS
· The container is using the correct image tag................ PASS
· The container host port is 8888............................. PASS
· The HTTPD_MPM variable is set to event...................... PASS
· The container uses /srv/web for storage..................... PASS
· The storage is mounted in /var/www.......................... PASS
· SELinux context is set for /srv/web......................... PASS
· The systemd unit file exists for the container.............. PASS
· The systemd service for the container is enabled............ PASS
· The services for containers start at boot................... PASS
Overall lab grade.............................................. PASS
//全為PASS表示成功
