【转】RHCE 7系列—RHCE考试
本篇主要以RHCE练习题为线索,介绍其中涉及的知识点。
红色引用的字为题目要求(不是正式题目,难度略低于正式题目)
In serverX or desktopX
1. (lab teambridge setup[in serverX])Configure Link Aggregation in
serverX with config “activebackup” ip “192.168.0.11” gw
“192.168.0.254”.
lab teambridge setup
[root@server0 ~]# ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
link/ether 52:54:00:00:00:0b brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
link/ether 52:54:00:00:00:0e brd ff:ff:ff:ff:ff:ff
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
link/ether 52:54:00:00:00:0f brd ff:ff:ff:ff:ff:ff
6: eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
link/ether da:da:11:ca:26:07 brd ff:ff:ff:ff:ff:ff
8: eno2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
link/ether ca:2a:c4:8c:f1:ce brd ff:ff:ff:ff:ff:ff
添加类型为team的网卡:
- [root@server0 ~]# nmcli connection add con-name team0 ifname team0 type team config ‘{“runner”:{“name”:”activebackup”}}’
Connection ‘team0’ (fcc3dcd2-ecfe-429a-9056-4a4115f48e7a) successfully added.
修改该网卡的配置:
- [root@server0 ~]# nmcli connection modify “team0” ipv4.addresses “192.168.0.11/24 192.168.0.254” ipv4.method manual
分配两张网卡,作为子端口:
- [root@server0 ~]# nmcli connection add con-name team0-port1 ifname eno type team-slave master team0
- [root@server0 ~]# nmcli connection add con-name team0-port2 ifname eno type team-slave master team0
- 检查状态:
[root@server0 ~]# teamdctl team0 state
setup:
runner: activebackup
ports:
eno1
link watches:
link summary: up
instance[link_watch_0]:
name: ethtool
link: up
eno2
link watches:
link summary: up
instance[link_watch_0]:
name: ethtool
link: up
runner:
active port: eno1
- ip -a
……..
6: eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master team0 state UP qlen 1000
link/ether ca:0f:d9:cb:e7:7b brd ff:ff:ff:ff:ff:ff
8: eno2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master team0 state UP qlen 1000
link/ether ca:0f:d9:cb:e7:7b brd ff:ff:ff:ff:ff:ff
15: team0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
link/ether ca:0f:d9:cb:e7:7b brd ff:ff:ff:ff:ff:ff
inet 192.168.0.11/24 brd 192.168.0.255 scope global team0
valid_lft forever preferred_lft forever
inet6 fe80::400b:2dff:fe43:bdde/64 scope link
valid_lft forever preferred_lft forever
[root@server0 ~]# nmcli connection show
测试:
[root@server0 ~]# nmcli connection show
NAME UUID TYPE DEVICE
System eth0 5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03 802-3-ethernet eth0
team0-port2 5cce5b22-6da3-4063-b637-b22df585525d 802-3-ethernet eno2
team0-port1 c4e4faf7-49c6-4ff1-b14a-9d803bf1e3ed 802-3-ethernet eno1
team0 96c7eec8-4265-4e32-a378-cdf17a429f83 team team0
[root@server0 ~]# ping -I team0 192.168.0.254
PING 192.168.0.254 (192.168.0.254) from 192.168.0.11 team0: 56(84) bytes of data.
64 bytes from 192.168.0.254: icmp_seq=1 ttl=64 time=0.317 ms
64 bytes from 192.168.0.254: icmp_seq=2 ttl=64 time=0.046 ms
64 bytes from 192.168.0.254: icmp_seq=3 ttl=64 time=0.047 ms
64 bytes from 192.168.0.254: icmp_seq=4 ttl=64 time=0.047 ms
^C
— 192.168.0.254 ping statistics —
4 packets transmitted, 4 received, 0% packet loss, time 2999ms
rtt min/avg/max/mdev = 0.046/0.114/0.317/0.117 ms
2. Managing DNS forward requires from anywhere to “classroom.example.com”
in serverX.
3. (lab smtp-nullclient setup[in serverX & desktopX])Configure a local
mail server as a null client(serverX) that forwards all messages to a
central server(desktopX) for delivery.
4. Configure a iSCSI target server(serverX) with ACL-validated access:
you should create a new 1G target on serverX. This target should be
called “iqn.2014-10.com.example:serverX”. And it should only be
available to client with a initiatorname of “iqn.2014-
10.com.example:desktopX”.In desktopX you should mount it in
“/mnt/iscsi”.
服务端配置:
安装软件
- yum search targetcli
- yum install targetcli -y
先按照要求分区(注意千万不要格式化)
- [root@server0 ~]# fdisk /dev/vdb
- [root@server0 ~]# partprobe
[root@server0 ~]# fdisk -l
配置ISCSI服务端:
- [root@server0 ~]# targetcli
/> backstores/block create disk1 /dev/vdb
/> iscsi/ create iqn.2014-10.com.example:server0
/> iscsi/iqn.2014-10.com.example:server0/tpg1/luns create /backstores/block/disk1
iscsi/iqn.2014-10.com.example:server0/tpg1/acls create iqn.2014-10.com.example:desktop0 (这里客户端的地址)
/> iscsi/iqn.2014-10.com.example:server0/tpg1/portals create 172.25.0.11
/> saveconfig
开启防火墙
- [root@server0 ~]# firewall-cmd –permanent –add-port=3260/tcp
success
[root@server0 ~]# firewall-cmd –reload
success
客户端配置:
- [root@desktop0 ~]# vim /etc/iscsi/initiatorname.iscsi
InitiatorName=iqn.2014-10.com.example:desktop0 (这里是客户端的地址)
安装客户端,并设置开机启动:
- [root@desktop0 ~]# yum install iscsi-initiator-utils.x86_64 -y
- [root@desktop0 ~]# systemctl enable iscsi iscsid
- [root@desktop0 ~]# systemctl start iscsi iscsid
主动发现服务端:(如果记不得参数, 可以man iscsiadm 里面有example)
- [root@desktop0 ~]# iscsiadm –mode discoverydb –type sendtargets –portal 172.25.0.11 –discover
登陆
- [root@desktop0 ~]# iscsiadm –mode node –targetname iqn.2014-10.com.example:server0 –portal 172.25.0.11:3260 –login
Logging in to [iface: default, target: iqn.2014-10.com.example:server0, portal: 172.25.0.11,3260] (multiple)
Login to [iface: default, target: iqn.2014-10.com.example:server0, portal: 172.25.0.11,3260] successful.
[root@desktop0 ~]#
测试发现多了一块sda设备:
- [root@desktop0 ~]# ll /dev/sd*
brw-rw—-. 1 root disk 8, 0 Aug 3 11:31 /dev/sda
分区、格式化、开机自动挂载:
- fdisk /d/dev/sda1
- [root@desktop0 ~]# mkdir /mnt/iscsi
- [root@desktop0 ~]# vim /etc/fstab (这个配置_netdev千万要写对)
/dev/sda1 /mnt/iscsi xfs _netdev 0 0
- [root@desktop0 ~]# mount -a
- [root@desktop0 ~]# df -h
(ISCSI貌似有个bug,client端配置完成后重启会卡住,所以必须手动断电,再重开)
5. Share directory “/nornfs” with NFS and on serverX and mount it on
desktopX in “/mnt/nfs”, User in desktopX should have only read
permission on it. Make sure it mounted at startup time.
服务端:
首先修改NFS版本号:
- vim /etc/sysconfig/nfs
修改其中的 RHCNFSDARGS=”-V 4.2”
首先建立一个单独的分区,然后挂载到制定的目录下(这个就是之后NFS共享目录了)
- fdisk /dev/vdb
- partprobe
- mkfs.xfs /dev/vdb2
- vim /etc/fstab
- mount -a
- df -h
安装文件/设置启动
- yum search nfs
- yum install nfs-utils.x86_64 -y
- systemctl enable nfs-server.service
- systemctl start nfs-server.service
修改主配置
- vim /etc/exports
/nornfs 172.25.0.10/24(ro,sync)
- exportfs -r
配置防火墙:
- firewall-cmd –permanent –add-service=nfs
- firewall-cmd –permanent –add-service=rpc-bind
- firewall-cmd –permanent –add-service=mountd
- firewall-cmd –reload
在本机测试:
- showmount -e
客户端:
测试连接NFS服务器:
- showmount -e 172.25.0.11
- systemctl enable nfs
- systemctl enable nfs.service
创建目录,设置开机挂载:
- mkdir /mnt/nfs
- mount 172.25.0.11:/nornfs /mnt/nfs/
- df -h
- vim /etc/fstab
172.25.0.11:/nornfs /mnt/nfs nfs defaults 0 0
- mount -a
- reboot
6. (lab storageshares setup[in serverX & desktopX])Share directory
“/krbnfs” with NFS and Kerberos on serverX and mount it on desktopX in
“/mnt/nfsspace”.User in desktopX should have full permission on it.
Make sure it mounted at startup time.
服务端:
下载证书:
- wget -O /etc/krb5.keytab http://classroom.example.com/pub/keytabs/server0.keytab
创建对应的目录并在server0上设置自动挂载:
- mkdir /krbnfs
- vim /etc/fstab
- mount -a
设置nfs配置文件:
- vim /etc/exports
/krbnfs 172.25.0.0/24(rw,sec=krb5p)
- exportfs -r
启动服务:
- systemctl enable nfs-secure-server.service (这里和Client不一样,要注意)
- systemctl start nfs-secure-server.service
- firewall-cmd –permanent –add-service=nfs
- firewall-cmd –permanent –add-service=rpc-bind
- firewall-cmd –permanent –add-service=mountd
- firewall-cmd –reload
登陆ldap:
- ssh ldapuser0@desktop0.example.com
客户端
下载证书:
- wget -O /etc/krb5.keytab http://classroom.example.com/pub/keytabs/desktop0.keytab
启动服务
- systemctl enable nfs-secure.service (这里和server不一样,要注意)
- systemctl start nfs-secure.service
设置开机自动挂载:
- vim /etc/fstab
172.25.0.11:/krbnfs /mnt/nfsspace nfs defaults,v4.2,sec=krb5p 0 0
- mount -a
登陆ldap:
- ssh ldapuser0@desktop0.example.com
7. Share a directory “/smbshare” with SMB and it can only mounted on
desktopX in “/mnt/smb”, members of the group “share” has full
permission on the share. Others only have the read permission.Create a
Samba-only user natasha and harry with password “redhat”.Configure
multiuser config in desktopX with user harry. root in desktopX should
have only read permission in it . natasha in desktopX should have full
permission in it.
服务端配置:
安装需要的软件:
- yum install samba.x86_64 samba-client.x86_64 -y
设置启动,开启两个服务:(这里不要忘了nmb服务)
- systemctl enable smb nmb
- systemctl start smb nmb
设置防火墙:
- firewall-cmd –permanent –add-service=samba
- firewall-cmd –reload
设置samba用户组及其用户,并设置其samba密码:
- groupadd share
- useradd -G share -s /sbin/nologin natasha
- useradd -G share -s /sbin/nologin harry
- smbpasswd -a natasha
- smbpasswd -a harry
按题目要求创建目录,并且修改该目录的安全上下文以及目录权限:
- mkdir /smbshare
- chown .share /smbshare/
- chmod 775 /smbshare/
- semanage fcontext -a -t samba_share_t ‘/smbshare(/.*)?‘ (如果记不得安全上下文的类型,可以在samba主配置文件/etc/samba/smb.conf中找到)
- restorecon -vvRF /smb1share/
- ll -dZ /smb1share/
修改主配置文件/etc/samba/smb.conf:
[smb]
comment = SMB share
path = /smbshare
browseable = yes
guest ok = no
writeable = yes
write list = @share
read list = root
read list 指定只能读取该共享资源的用户和组
write list 指定能读取和写该共享资源的用户和组
另外可能还会遇到限制特定域/IP段访问samba的情况,在[grobal]中和自定义的模块中,加入
有如下几种格式:(这里根据题目要求)
hosts allow =172.25.0.0/24
hosts allow =172.25.0. (不要忘记最后的点)
hosts allow = .example.com (不要忘记前面的点)
hosts allow =172.25.0.1
即可 (推荐在自己定义的模块中填写,这样配置更灵活)
配置好之后,可以用命令检查一下配置是否正确:
- testparm
重启服务:
- systemctl restart smb nmb
可以先在本地测试一下:
- smbclient -L //172.25.0.11/smb -U natasha
- smbclient //172.25.0.11/smb -U natasha
- smbclient //172.25.0.11/smb
客户端配置:
测试samba客户端:
在配置cifs之前,可以先测试一下samba是否可用:
先安装samba客户端:
- yum install samba-client.x86_64 -y
- smbclient -L //172.25.0.11/smb -U natasha
- smbclient //172.25.0.11/smb -U harry
- smbclient //172.25.0.11/smb
配置cifs
安装需要的软件:
- yum install cifs-utils.x86_64 -y
创建挂载点,并自动挂载目录:
- mkdir /mnt/smbspace
可以先用mount测试一下,是否能够成功挂载:
- mount -t cifs //172.25.0.11/smb /mnt/smbspace/ -o username=harry
- df -h
- 设置samba用户的密码文件/root/smb.pass:
username=harry
password=redhat
- 编辑配置文件,添加如下(这里的配置如果不会写的话, 可以man mount.cifs ,里面都有参数的介绍):
- vim /etc/fstab
//172.25.0.11/smb /mnt/smbspace cifs defaults,credentials=/root/smb.pass,multiuser,sec=ntlmssp 0 0
- df -h (再查看一下)
最后两台机器都重启一下,先重启server,再desktop
配置客户端cifs的时候有个坑:
不论是
- mount -t cifs //172.25.0.11/smb /mnt/smbspace/ -o username=harry
还是修改/etc/fstab,
填写远程samba服务端的地址时(红色字体) //172.25.0.11/smb, 一定不是路径 !!! 而是/etc/samba/smb.conf中samba的名称,而不是path:
如果按照上图的配置, 在客户端这样挂载:
- mount -t cifs //172.25.0.11/smbshare /mnt/smbspace/ -o username=natasha
你就会得到这样的错误:
Retrying with upper case share name
mount error(6): No such device or address
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
8. Configure MariaDB with a database named “inventory” in
“http://classroom.example.com/pub/materials/mariadb/inventory.dump”.Co
nfig password “redhat” for root.
下载文件:
- wget http://classroom.example.com/pub/materials/mariadb/inventory.dump
安装文件
- yum groupinstall mariadb -y
配置启动:
- systemctl enable mariadb.service
- systemctl start mariadb.service
设置安全性
- mysql_secure_installation
按照要求进行设置即可
然后创建数据库inventory
- mysql -u root -p
MariaDB [(none)]> Create database inventory;
Query OK, 1 row affected (0.00 sec)MariaDB [(none)]> exit
Bye
导入数据:
- [root@server0 ~]# mysql -u root -p inventory < inventory.dump
Enter password:
查询一下:
MariaDB [inventory]> show tables;
+———————+
| Tables_in_inventory |
+———————+
| category |
| manufacturer |
| product |
+———————+
3 rows in set (0.00 sec)
(未完待续)
文章来源:
云袭2001's blog
一个不努力的菜鸟
【转】RHCE 7系列—RHCE考试的更多相关文章
- 红帽RHEL7版本RHCE认证学习及考试经历
RHCE是红帽公司推出的Linux系统的中级认证,考试全部采取上机形式,在考察考生的基础理论知识的同时还能考察实践动手操作能力,在Linux领域的价值是不可否认的,所以对于期望从事相关行业的同学们在上 ...
- RHCE 系列(一):如何设置和测试静态网络路由
RHCE(Red Hat Certified Engineer,红帽认证工程师)是红帽公司的一个认证,红帽向企业社区贡献开源操作系统和软件,同时它还给公司提供训练.支持和咨询服务. 这个 RHCE 是 ...
- rhce 考试题目总结
rhce 考试题目总结归类 开机需要做的事: 检查系统版本 配置yum源 修改selinux的模式 ping一下server机器 1.分区类题目 1.1 rhcsa 第十五题 添加swap分区 要点: ...
- 开学了!这些Linux认证你要知道。
导读 大家好,今天我们将认识一些非常有价值的全球认可的Linux认证.Linux认证是不同的Linux专业机构在全球范围内进行的认证程序.Linux认证可以让Linux专业人才可以在服务器领域或相关公 ...
- 开学了!这些Linux认证你要知道
大家好,今天我们将认识一些非常有价值的全球认可的Linux认证.Linux认证是不同的Linux专业机构在全球范围内进行的认证程序.Linux认证可以让Linux专业人才可以在服务器领域或相关公司等等 ...
- CentOS6.5下搭建ftp服务器(三种认证模式:匿名用户、本地用户、虚拟用户)
CentOS 6.5下搭建ftp服务器 vsftpd(very secure ftp daemon,非常安全的FTP守护进程)是一款运行在Linux操作系统上的FTP服务程序,不仅完全开源而且免费,此 ...
- 2019-RHCE-红帽题库(稳定)
rhce7 考题2台服务器设置yum源[aa]name=aabaesurl=ftp://server.rhce.cc/dvdenabled=1gpgcheck=0 cd /etc/yum.repos. ...
- Linux就该这么学 20181007(第十一章ftp)
参考链接https://www.linuxprobe.com/ iptables -F #ftp 21端口 #主动模式,被动模式 #匿名用户 本地用户 虚拟用户 vim /etc/vsftpd/vsf ...
- Linux就该这么学11学习笔记
参考链接:https://i.cnblogs.com/EditPosts.aspx?opt=1 文件传输协议 一般来讲,人们将计算机联网的首要目的就是获取资料,而文件传输是一种非常重要的获取资料的方式 ...
随机推荐
- win下Redis安装使用
官网上没有windows版本的Redis,好在github上有大牛写的win版本.地址如下https://github.com/dmajkic/redis/downloads 解压后运行目录下的red ...
- Cheap Hollister Clothing
(link to hollisterco site), Spectacles don't simply take care of the eye area inside sun; Putting th ...
- windows平台下安装、编译、使用mongodb C++ driver
本博客将记录在Win8.1 ,VS2013环境下编译.配置mongodb C++ driver的流程. 1.下载预备 下载Boost:http://sourceforge.net/projects/b ...
- iOS 指定圆角个数
需要实现的效果很明确,只要左上和右上两个地方圆角,以前都是通过layer 直接设置四个角都变成圆角,然后我就开始了强大的搜索功能 然后我就获得了我想要的东西 技术链接:http://www.xuebu ...
- Wen前端性能优化
Web前端性能优化 一般说来Web前端指网站业务逻辑之前的部分,包括浏览器加载.网站视图模型.图片服务.CDN服务等.主要优化手段有优化浏览器访问.使用反向代理.CDN等. 一.浏览器访问优化 减少h ...
- json字符串返回到js中乱码
Ajax 的post请求值返回到js中时出现中文乱码的情况,但是在action中写入时并未乱码,解决办法在action中写入前,加上这两行: request.setCharacterEncoding( ...
- Spark MLlib 之 Basic Statistics
Spark MLlib提供了一些基本的统计学的算法,下面主要说明一下: 1.Summary statistics 对于RDD[Vector]类型,Spark MLlib提供了colStats的统计方法 ...
- 2016-02-03 xss漏洞
应用上出现了xss漏洞.是由一个get请求的ajax接口返回的一个字段中有xss漏洞引起的.该字段本来是要展示出来的,但是补丁版的时候去掉了这块的展示,接口还是返回的.现在引发了xss漏洞,有些同事是 ...
- height与line-height
1.网页的所有元素可以分为块元素和行元素.一行文字所在的一个逻辑区域是行元素,其他的元素就都是块元素line-height只针对行元素,height针对其他所有元素 2. width,height对于 ...
- 一个Ubuntu源更新错误及解决办法
InRelease: Clearsigned file isn't valid, got 'NODATA' (does the network require authentication?) 尝试进 ...