【转】RHCE 7系列—RHCE考试
本篇主要以RHCE练习题为线索,介绍其中涉及的知识点。
红色引用的字为题目要求(不是正式题目,难度略低于正式题目)
In serverX or desktopX
1. (lab teambridge setup[in serverX])Configure Link Aggregation in
serverX with config “activebackup” ip “192.168.0.11” gw
“192.168.0.254”.
lab teambridge setup
[root@server0 ~]# ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
link/ether 52:54:00:00:00:0b brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
link/ether 52:54:00:00:00:0e brd ff:ff:ff:ff:ff:ff
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
link/ether 52:54:00:00:00:0f brd ff:ff:ff:ff:ff:ff
6: eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
link/ether da:da:11:ca:26:07 brd ff:ff:ff:ff:ff:ff
8: eno2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
link/ether ca:2a:c4:8c:f1:ce brd ff:ff:ff:ff:ff:ff
添加类型为team的网卡:
- [root@server0 ~]# nmcli connection add con-name team0 ifname team0 type team config ‘{“runner”:{“name”:”activebackup”}}’
Connection ‘team0’ (fcc3dcd2-ecfe-429a-9056-4a4115f48e7a) successfully added.
修改该网卡的配置:
- [root@server0 ~]# nmcli connection modify “team0” ipv4.addresses “192.168.0.11/24 192.168.0.254” ipv4.method manual
分配两张网卡,作为子端口:
- [root@server0 ~]# nmcli connection add con-name team0-port1 ifname eno type team-slave master team0
- [root@server0 ~]# nmcli connection add con-name team0-port2 ifname eno type team-slave master team0
- 检查状态:
[root@server0 ~]# teamdctl team0 state
setup:
runner: activebackup
ports:
eno1
link watches:
link summary: up
instance[link_watch_0]:
name: ethtool
link: up
eno2
link watches:
link summary: up
instance[link_watch_0]:
name: ethtool
link: up
runner:
active port: eno1
- ip -a
……..
6: eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master team0 state UP qlen 1000
link/ether ca:0f:d9:cb:e7:7b brd ff:ff:ff:ff:ff:ff
8: eno2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master team0 state UP qlen 1000
link/ether ca:0f:d9:cb:e7:7b brd ff:ff:ff:ff:ff:ff
15: team0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
link/ether ca:0f:d9:cb:e7:7b brd ff:ff:ff:ff:ff:ff
inet 192.168.0.11/24 brd 192.168.0.255 scope global team0
valid_lft forever preferred_lft forever
inet6 fe80::400b:2dff:fe43:bdde/64 scope link
valid_lft forever preferred_lft forever
[root@server0 ~]# nmcli connection show
测试:
[root@server0 ~]# nmcli connection show
NAME UUID TYPE DEVICE
System eth0 5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03 802-3-ethernet eth0
team0-port2 5cce5b22-6da3-4063-b637-b22df585525d 802-3-ethernet eno2
team0-port1 c4e4faf7-49c6-4ff1-b14a-9d803bf1e3ed 802-3-ethernet eno1
team0 96c7eec8-4265-4e32-a378-cdf17a429f83 team team0
[root@server0 ~]# ping -I team0 192.168.0.254
PING 192.168.0.254 (192.168.0.254) from 192.168.0.11 team0: 56(84) bytes of data.
64 bytes from 192.168.0.254: icmp_seq=1 ttl=64 time=0.317 ms
64 bytes from 192.168.0.254: icmp_seq=2 ttl=64 time=0.046 ms
64 bytes from 192.168.0.254: icmp_seq=3 ttl=64 time=0.047 ms
64 bytes from 192.168.0.254: icmp_seq=4 ttl=64 time=0.047 ms
^C
— 192.168.0.254 ping statistics —
4 packets transmitted, 4 received, 0% packet loss, time 2999ms
rtt min/avg/max/mdev = 0.046/0.114/0.317/0.117 ms
2. Managing DNS forward requires from anywhere to “classroom.example.com”
in serverX.
3. (lab smtp-nullclient setup[in serverX & desktopX])Configure a local
mail server as a null client(serverX) that forwards all messages to a
central server(desktopX) for delivery.
4. Configure a iSCSI target server(serverX) with ACL-validated access:
you should create a new 1G target on serverX. This target should be
called “iqn.2014-10.com.example:serverX”. And it should only be
available to client with a initiatorname of “iqn.2014-
10.com.example:desktopX”.In desktopX you should mount it in
“/mnt/iscsi”.
服务端配置:
安装软件
- yum search targetcli
- yum install targetcli -y
先按照要求分区(注意千万不要格式化)
- [root@server0 ~]# fdisk /dev/vdb
- [root@server0 ~]# partprobe
[root@server0 ~]# fdisk -l
配置ISCSI服务端:
- [root@server0 ~]# targetcli
/> backstores/block create disk1 /dev/vdb
/> iscsi/ create iqn.2014-10.com.example:server0
/> iscsi/iqn.2014-10.com.example:server0/tpg1/luns create /backstores/block/disk1
iscsi/iqn.2014-10.com.example:server0/tpg1/acls create iqn.2014-10.com.example:desktop0 (这里客户端的地址)
/> iscsi/iqn.2014-10.com.example:server0/tpg1/portals create 172.25.0.11
/> saveconfig
开启防火墙
- [root@server0 ~]# firewall-cmd –permanent –add-port=3260/tcp
success
[root@server0 ~]# firewall-cmd –reload
success
客户端配置:
- [root@desktop0 ~]# vim /etc/iscsi/initiatorname.iscsi
InitiatorName=iqn.2014-10.com.example:desktop0 (这里是客户端的地址)
安装客户端,并设置开机启动:
- [root@desktop0 ~]# yum install iscsi-initiator-utils.x86_64 -y
- [root@desktop0 ~]# systemctl enable iscsi iscsid
- [root@desktop0 ~]# systemctl start iscsi iscsid
主动发现服务端:(如果记不得参数, 可以man iscsiadm 里面有example)
- [root@desktop0 ~]# iscsiadm –mode discoverydb –type sendtargets –portal 172.25.0.11 –discover
登陆
- [root@desktop0 ~]# iscsiadm –mode node –targetname iqn.2014-10.com.example:server0 –portal 172.25.0.11:3260 –login
Logging in to [iface: default, target: iqn.2014-10.com.example:server0, portal: 172.25.0.11,3260] (multiple)
Login to [iface: default, target: iqn.2014-10.com.example:server0, portal: 172.25.0.11,3260] successful.
[root@desktop0 ~]#
测试发现多了一块sda设备:
- [root@desktop0 ~]# ll /dev/sd*
brw-rw—-. 1 root disk 8, 0 Aug 3 11:31 /dev/sda
分区、格式化、开机自动挂载:
- fdisk /d/dev/sda1
- [root@desktop0 ~]# mkdir /mnt/iscsi
- [root@desktop0 ~]# vim /etc/fstab (这个配置_netdev千万要写对)
/dev/sda1 /mnt/iscsi xfs _netdev 0 0
- [root@desktop0 ~]# mount -a
- [root@desktop0 ~]# df -h
(ISCSI貌似有个bug,client端配置完成后重启会卡住,所以必须手动断电,再重开)
5. Share directory “/nornfs” with NFS and on serverX and mount it on
desktopX in “/mnt/nfs”, User in desktopX should have only read
permission on it. Make sure it mounted at startup time.
服务端:
首先修改NFS版本号:
- vim /etc/sysconfig/nfs
修改其中的 RHCNFSDARGS=”-V 4.2”
首先建立一个单独的分区,然后挂载到制定的目录下(这个就是之后NFS共享目录了)
- fdisk /dev/vdb
- partprobe
- mkfs.xfs /dev/vdb2
- vim /etc/fstab
- mount -a
- df -h
安装文件/设置启动
- yum search nfs
- yum install nfs-utils.x86_64 -y
- systemctl enable nfs-server.service
- systemctl start nfs-server.service
修改主配置
- vim /etc/exports
/nornfs 172.25.0.10/24(ro,sync)
- exportfs -r
配置防火墙:
- firewall-cmd –permanent –add-service=nfs
- firewall-cmd –permanent –add-service=rpc-bind
- firewall-cmd –permanent –add-service=mountd
- firewall-cmd –reload
在本机测试:
- showmount -e
客户端:
测试连接NFS服务器:
- showmount -e 172.25.0.11
- systemctl enable nfs
- systemctl enable nfs.service
创建目录,设置开机挂载:
- mkdir /mnt/nfs
- mount 172.25.0.11:/nornfs /mnt/nfs/
- df -h
- vim /etc/fstab
172.25.0.11:/nornfs /mnt/nfs nfs defaults 0 0
- mount -a
- reboot
6. (lab storageshares setup[in serverX & desktopX])Share directory
“/krbnfs” with NFS and Kerberos on serverX and mount it on desktopX in
“/mnt/nfsspace”.User in desktopX should have full permission on it.
Make sure it mounted at startup time.
服务端:
下载证书:
- wget -O /etc/krb5.keytab http://classroom.example.com/pub/keytabs/server0.keytab
创建对应的目录并在server0上设置自动挂载:
- mkdir /krbnfs
- vim /etc/fstab
- mount -a
设置nfs配置文件:
- vim /etc/exports
/krbnfs 172.25.0.0/24(rw,sec=krb5p)
- exportfs -r
启动服务:
- systemctl enable nfs-secure-server.service (这里和Client不一样,要注意)
- systemctl start nfs-secure-server.service
- firewall-cmd –permanent –add-service=nfs
- firewall-cmd –permanent –add-service=rpc-bind
- firewall-cmd –permanent –add-service=mountd
- firewall-cmd –reload
登陆ldap:
- ssh ldapuser0@desktop0.example.com
客户端
下载证书:
- wget -O /etc/krb5.keytab http://classroom.example.com/pub/keytabs/desktop0.keytab
启动服务
- systemctl enable nfs-secure.service (这里和server不一样,要注意)
- systemctl start nfs-secure.service
设置开机自动挂载:
- vim /etc/fstab
172.25.0.11:/krbnfs /mnt/nfsspace nfs defaults,v4.2,sec=krb5p 0 0
- mount -a
登陆ldap:
- ssh ldapuser0@desktop0.example.com
7. Share a directory “/smbshare” with SMB and it can only mounted on
desktopX in “/mnt/smb”, members of the group “share” has full
permission on the share. Others only have the read permission.Create a
Samba-only user natasha and harry with password “redhat”.Configure
multiuser config in desktopX with user harry. root in desktopX should
have only read permission in it . natasha in desktopX should have full
permission in it.
服务端配置:
安装需要的软件:
- yum install samba.x86_64 samba-client.x86_64 -y
设置启动,开启两个服务:(这里不要忘了nmb服务)
- systemctl enable smb nmb
- systemctl start smb nmb
设置防火墙:
- firewall-cmd –permanent –add-service=samba
- firewall-cmd –reload
设置samba用户组及其用户,并设置其samba密码:
- groupadd share
- useradd -G share -s /sbin/nologin natasha
- useradd -G share -s /sbin/nologin harry
- smbpasswd -a natasha
- smbpasswd -a harry
按题目要求创建目录,并且修改该目录的安全上下文以及目录权限:
- mkdir /smbshare
- chown .share /smbshare/
- chmod 775 /smbshare/
- semanage fcontext -a -t samba_share_t ‘/smbshare(/.*)?‘ (如果记不得安全上下文的类型,可以在samba主配置文件/etc/samba/smb.conf中找到)
- restorecon -vvRF /smb1share/
- ll -dZ /smb1share/
修改主配置文件/etc/samba/smb.conf:
[smb]
comment = SMB share
path = /smbshare
browseable = yes
guest ok = no
writeable = yes
write list = @share
read list = root
read list 指定只能读取该共享资源的用户和组
write list 指定能读取和写该共享资源的用户和组
另外可能还会遇到限制特定域/IP段访问samba的情况,在[grobal]中和自定义的模块中,加入
有如下几种格式:(这里根据题目要求)
hosts allow =172.25.0.0/24
hosts allow =172.25.0. (不要忘记最后的点)
hosts allow = .example.com (不要忘记前面的点)
hosts allow =172.25.0.1
即可 (推荐在自己定义的模块中填写,这样配置更灵活)
配置好之后,可以用命令检查一下配置是否正确:
- testparm
重启服务:
- systemctl restart smb nmb
可以先在本地测试一下:
- smbclient -L //172.25.0.11/smb -U natasha
- smbclient //172.25.0.11/smb -U natasha
- smbclient //172.25.0.11/smb
客户端配置:
测试samba客户端:
在配置cifs之前,可以先测试一下samba是否可用:
先安装samba客户端:
- yum install samba-client.x86_64 -y
- smbclient -L //172.25.0.11/smb -U natasha
- smbclient //172.25.0.11/smb -U harry
- smbclient //172.25.0.11/smb
配置cifs
安装需要的软件:
- yum install cifs-utils.x86_64 -y
创建挂载点,并自动挂载目录:
- mkdir /mnt/smbspace
可以先用mount测试一下,是否能够成功挂载:
- mount -t cifs //172.25.0.11/smb /mnt/smbspace/ -o username=harry
- df -h
- 设置samba用户的密码文件/root/smb.pass:
username=harry
password=redhat
- 编辑配置文件,添加如下(这里的配置如果不会写的话, 可以man mount.cifs ,里面都有参数的介绍):
- vim /etc/fstab
//172.25.0.11/smb /mnt/smbspace cifs defaults,credentials=/root/smb.pass,multiuser,sec=ntlmssp 0 0
- df -h (再查看一下)
最后两台机器都重启一下,先重启server,再desktop
配置客户端cifs的时候有个坑:
不论是
- mount -t cifs //172.25.0.11/smb /mnt/smbspace/ -o username=harry
还是修改/etc/fstab,
填写远程samba服务端的地址时(红色字体) //172.25.0.11/smb, 一定不是路径 !!! 而是/etc/samba/smb.conf中samba的名称,而不是path:
如果按照上图的配置, 在客户端这样挂载:
- mount -t cifs //172.25.0.11/smbshare /mnt/smbspace/ -o username=natasha
你就会得到这样的错误:
Retrying with upper case share name
mount error(6): No such device or address
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
8. Configure MariaDB with a database named “inventory” in
“http://classroom.example.com/pub/materials/mariadb/inventory.dump”.Co
nfig password “redhat” for root.
下载文件:
- wget http://classroom.example.com/pub/materials/mariadb/inventory.dump
安装文件
- yum groupinstall mariadb -y
配置启动:
- systemctl enable mariadb.service
- systemctl start mariadb.service
设置安全性
- mysql_secure_installation
按照要求进行设置即可
然后创建数据库inventory
- mysql -u root -p
MariaDB [(none)]> Create database inventory;
Query OK, 1 row affected (0.00 sec)MariaDB [(none)]> exit
Bye
导入数据:
- [root@server0 ~]# mysql -u root -p inventory < inventory.dump
Enter password:
查询一下:
MariaDB [inventory]> show tables;
+———————+
| Tables_in_inventory |
+———————+
| category |
| manufacturer |
| product |
+———————+
3 rows in set (0.00 sec)
(未完待续)
文章来源:
云袭2001's blog
一个不努力的菜鸟
【转】RHCE 7系列—RHCE考试的更多相关文章
- 红帽RHEL7版本RHCE认证学习及考试经历
RHCE是红帽公司推出的Linux系统的中级认证,考试全部采取上机形式,在考察考生的基础理论知识的同时还能考察实践动手操作能力,在Linux领域的价值是不可否认的,所以对于期望从事相关行业的同学们在上 ...
- RHCE 系列(一):如何设置和测试静态网络路由
RHCE(Red Hat Certified Engineer,红帽认证工程师)是红帽公司的一个认证,红帽向企业社区贡献开源操作系统和软件,同时它还给公司提供训练.支持和咨询服务. 这个 RHCE 是 ...
- rhce 考试题目总结
rhce 考试题目总结归类 开机需要做的事: 检查系统版本 配置yum源 修改selinux的模式 ping一下server机器 1.分区类题目 1.1 rhcsa 第十五题 添加swap分区 要点: ...
- 开学了!这些Linux认证你要知道。
导读 大家好,今天我们将认识一些非常有价值的全球认可的Linux认证.Linux认证是不同的Linux专业机构在全球范围内进行的认证程序.Linux认证可以让Linux专业人才可以在服务器领域或相关公 ...
- 开学了!这些Linux认证你要知道
大家好,今天我们将认识一些非常有价值的全球认可的Linux认证.Linux认证是不同的Linux专业机构在全球范围内进行的认证程序.Linux认证可以让Linux专业人才可以在服务器领域或相关公司等等 ...
- CentOS6.5下搭建ftp服务器(三种认证模式:匿名用户、本地用户、虚拟用户)
CentOS 6.5下搭建ftp服务器 vsftpd(very secure ftp daemon,非常安全的FTP守护进程)是一款运行在Linux操作系统上的FTP服务程序,不仅完全开源而且免费,此 ...
- 2019-RHCE-红帽题库(稳定)
rhce7 考题2台服务器设置yum源[aa]name=aabaesurl=ftp://server.rhce.cc/dvdenabled=1gpgcheck=0 cd /etc/yum.repos. ...
- Linux就该这么学 20181007(第十一章ftp)
参考链接https://www.linuxprobe.com/ iptables -F #ftp 21端口 #主动模式,被动模式 #匿名用户 本地用户 虚拟用户 vim /etc/vsftpd/vsf ...
- Linux就该这么学11学习笔记
参考链接:https://i.cnblogs.com/EditPosts.aspx?opt=1 文件传输协议 一般来讲,人们将计算机联网的首要目的就是获取资料,而文件传输是一种非常重要的获取资料的方式 ...
随机推荐
- python 版 mldivide matlab 反除(左除)《数学建模算法与程序》Python笔记
今天在阅读数学建模的时候看到了差分那章 其中有一个用matlab求线性的代码,这里我贴出来 这里我送上 Python代码 In [39]: import numpy as np ...: from s ...
- js动画之链式运动
链式运动就是当一个运动完,又启动另外一个运动,这个怎么实现呢?这里我们是用用回调函数实现一套链式动画 显示给div左移100像素,然后然后透明度变100 <!DOCTYPE html> & ...
- Qt中2D绘图问题总结(一)----------基本的绘制与填充
刚刚开始学习Qt不久,才开始渐渐地熟悉基础内容,学习过程中的一些知识的总结和感悟希望通过博客记录下来,与大家分享学习的同时,也是对自己坚持下去的鞭策,废话不多说了,开始第一次的小总结吧. Qt提供了强 ...
- CPU的大小端模式
不同体系结构的CPU,数据在内存中存放的排列顺序是不一样的. 存储器中对数据的存储是以字节(Byte)为基本单位的,因此,字(Word)和半字(Half-Word)在存储器中就有两种次序,分别称为:大 ...
- C++ 基础算法之二分查找
前提: 有序数组! int binary_search(int* a, int len, int goal) { ; ; while(low <= high) { ; if(a[middle] ...
- 总结-css编码规范
一.注释 统一采用 :/* 注释内容 */ 二.命名 1.常用命名(多查单词) 参考命名规范.doc 2.选择器 1> [建议] 选择器的嵌套层级应不大于 3 级,位置靠后的限定条件应尽可能精确 ...
- css3的3D和2D
css3的3D旋转:rorateX():参数为正值时,盒子是围绕x轴,完成从Y轴正方向到Y轴负方向的旋转,视觉上呈现高度上的变化.rorateY():参数为正值时,盒子是围绕Y轴,完成从X轴正方向到X ...
- ViewPager实现自动翻页功能 --转载出处找不到了,根据自己的理解写个随笔方便以后的记忆以及代码的共享,感谢给我启发的那位高手--第一次写博客哈
xml文件 textview 用于显示图片的标题 viewpager 用于实现翻页效果 <LinearLayout xmlns:android="http://schemas.andr ...
- oracle查询包含某个字段的表
select column_name,table_name,data_type ,data_length,data_precision,data_scale from DBA_TAB_COLUMNS ...
- Python学习路程day18
Python之路,Day18 - Django适当进阶篇 本节内容 学员管理系统练习 Django ORM操作进阶 用户认证 Django练习小项目:学员管理系统设计开发 带着项目需求学习是最有趣和效 ...