RHCE考試
RHCSA_PDF版傳送門:https://files.cnblogs.com/files/zhangjianghua/RHCSA%E8%AF%95%E9%A2%98.pdfhtml
RHCE_PDF版傳送門:https://files.cnblogs.com/files/zhangjianghua/RHCE%E8%AF%95%E9%A2%98.pdfnode
RHCE 考試題目:
第一題:配置 SELinux
描述:SELinux 必須在兩個系統system1和system2中運行於 Enforcing 模式mysql
system1和system2:linux
[root@server0 ~]# vim /etc/selinux/configweb
SELINUX=enforcingsql
SELINUXTYPE=targetedshell
[root@server0 ~]# getenforce數據庫
Enforcingjson
第二題:配置SSH訪問
描述:按如下要求配置SSH訪問:vim
用戶可以從域 domain1.example.com 內的客戶端經過SSH遠程訪問您的兩個虛擬機系統
在域 my133t.org 內的客戶端不能訪問您的兩個虛擬機系統
system1和system2:
[root@server0 ~]# vim /etc/hosts.allow
sshd : 172.25.0.0/255.255.255.0
[root@server0 ~]# vim /etc/hosts.deny
sshd : 172.24.3.0/255.255.255.0
第三題:自定義用戶環境
描述:在系統 system1 和 system2上建立自定義命令名爲 qstat 此自定義命令將執行如下命令: /bin/ps -Ao pid,tt,user,fname,rsz此命令對系統中全部用戶有效。
system1 和system2:
[root@server0 ~]# vim /etc/profile
alias qstat='/bin/ps -Ao pid,tt,user,fname,rsz'
[root@server0 ~]# source /etc/profile
[root@server0 ~]# qstat
第四題:配置端口轉發
描述:在系統system1配置端口轉發,要求以下:在 172.24.1.0/24 網絡中的系統,訪問 system1 的本地端口 5423 將被轉發到80 此設置必須永久有效
system1:
[root@server0~]#firewall-cmd --permanent - -add-forward-port=
port=5423:proto=tcp:toport=80:toaddr=
success
[root@server0~]#firewall-cmd --permanent - -add-forward-port=
port=5423:proto=udp:toport=80:toaddr=
success
[root@server0 ~]# firewall-cmd --reload
success
[root@server0 ~]# firewall-cmd --list-all
public (default, active)
interfaces: eth0
sources:
services: dhcpv6-client ssh
ports:
masquerade: no
forward-ports: port=5423:proto=udp:toport=80:toaddr=
port=5423:proto=tcp:toport=80:toaddr=
icmp-blocks:
rich rules:
第五題:配置鏈路聚合
描述:在 system1.domain1.example.com 和 system2.domain1.example.com 之間按如下要求配置一個鏈路:
此鏈路使用接口 eth1 和 eth2
此鏈路在一個接口失效時仍然能工做
此鏈路在 system1 使用下面的地址 172.16.1.25/255.255.255.0
此鏈路在 system2 使用下面的地址 172.16.1.35/255.255.255.0
此鏈路在系統重啓以後依然保持正常狀態
system1和system2:
[root@server0 ~]# nmcli connection add con-name team0 type team ifname team0 config '{"runner":{"name":"activebackup"}}'
Connection 'team0' (3074d5bf-1a12-437b-a0ad-2d81c083d842) successfully added.
[root@server0 ~]# nmcli connection modify team0 ipv4.addresses '172.16.0.11/24'
[root@server0 ~]# nmcli connection modify team0 ipv4.method manual
[root@server0 ~]# nmcli connection add con-name eth1 type team-slave ifname eth1 master team0
Connection 'eth1' (6baf4c43-9118-4151-b28f-be3498de4458) successfully added.
[root@server0 ~]# nmcli connection add con-name eth2 type team-slave ifname eth2 master team0
Connection 'eth2' (612ddb83-0389-423a-86d9-8abd77a61492) successfully added.
[root@server0 ~]# systemctl restart network
[root@server0 ~]# teamdctl team0 state
setup:
runner: activebackup
ports:
eth1
link watches:
link summary: up
instance[link_watch_0]:
name: ethtool
link: up
eth2
link watches:
link summary: up
instance[link_watch_0]:
name: ethtool
link: up
runner:
active port: eth1
[root@desktop0 ~]# ping 172.16.0.11
PING 172.16.0.11 (172.16.0.11) 56(84) bytes of data.
64 bytes from 172.16.0.11: icmp_seq=1 ttl=64 time=53.9 ms
64 bytes from 172.16.0.11: icmp_seq=2 ttl=64 time=1.64 ms
64 bytes from 172.16.0.11: icmp_seq=3 ttl=64 time=16.1 ms
第六題:配置IPv6地址
描述:在您的考試系統上配置接口 eth0 使用下列IPv6地址:
system1 上的地址應該是 2001:ac18::10a/64
system2 上的地址應該是 2001:ac18::114/64
兩個系統必須能與網絡 2001:ac18/64 內的系統通訊。
地址必須在重啓後依舊生效。
兩個系統必須保持當前的IPv4地址並能通訊。
system1和system2:
[root@server0 ~]# nm-connection-editor
[root@server0 ~]# systemctl restart network
[root@server0 ~]# ping6 2001:ac18::114
PING 2001:ac18::114(2001:ac18::114) 56 data bytes
64 bytes from 2001:ac18::114: icmp_seq=1 ttl=64 time=12.3 ms
64 bytes from 2001:ac18::114: icmp_seq=2 ttl=64 time=1.95 ms
64 bytes from 2001:ac18::114: icmp_seq=3 ttl=64 time=1.28 ms
第七題:配置本地郵件服務
描述:在系統system1 和 system2 上配置郵件服務,知足如下要求:
這些系統不接收外部發送來的郵件
在這些系統上本地發送的任何郵件都會自動路由到 rhgls.domain1.example.com
從這些系統上發送的郵件顯示來自於 domain1.example.com
您能夠經過發送郵件到本地用戶 'dave' 來測試您的配置,系統 rhgls.domain1.example.com 已經配置把此用戶的郵件轉到下列URL http://rhgls.domain1.example.com/received_mail/1
system1和system2:
[root@server0 ~]# vim /etc/postfix/main.cf
myorigin = domain1.example.com
local_transport = error:local
relayhost = rhgls.domain1.example.com
[root@server0 ~]# systemctl restart postfix.service
[root@server0 ~]# systemctl enable postfix.service
[root@server0 ~]# firewall-cmd --permanent --add-service=smtp
success
[root@server0 ~]# firewall-cmd --reload
success
[root@server0 ~]# mail -s "for test" dave@domain1.example.com
第八題:經過 SMB 共享目錄
描述:在system1上配置SMB服務
您的 SMB 服務器必須是 STAFF 工做組的一個成員
共享 /common 目錄共享名必須爲 common
只有 domain1.example.com 域內的客戶端能夠訪問 common 共享
common 必須是能夠瀏覽的
用戶 andy 必須可以讀取共享中的內容,若是須要的話,驗證的密碼是 flectrag
system1:
[root@server0 ~]# yum install samba samba-client.x86_64 -y
[root@server0 ~]# mkdir /common
[root@server0 ~]# chcon -R -t samba_share_t /common/
[root@server0 ~]# vim /etc/samba/smb.conf
workgroup = STAFF #修改89行
[common]
path = /common
hosts allow = 172.25.0.0/24
browseable = yes
[root@server0 ~]# smbpasswd -a andy
New SMB password:
Retype new SMB password:
Added user andy.
[root@server0 ~]# firewall-cmd --permanent --add-service=samba
success
[root@server0 ~]# firewall-cmd --permanent --add-service=mountd
success
[root@server0 ~]# firewall-cmd --reload
success
[root@server0 ~]# systemctl restart smb nmb
[root@server0 ~]# systemctl enable smb nmb
system2驗證:
[root@desktop0 ~]# yum install samba-client cifs-utils –y
[root@desktop0 ~]# smbclient -L //172.25.0.11 -U andy
Enter andy's password:
Domain=[STAFF] OS=[Unix] Server=[Samba 4.1.1]
Sharename Type Comment
--------- ---- -------
common Disk
IPC$ IPC IPC Service (Samba Server Version 4.1.1)
andy Disk Home Directories
Domain=[STAFF] OS=[Unix] Server=[Samba 4.1.1]
Server Comment
--------- -------
SERVER0 Samba Server Version 4.1.1
Workgroup Master
--------- -------
STAFF SERVER0
第九題:配置多用戶SMB 掛載
描述:在system1 共享經過SMB目錄 /miscellaneous 知足如下要求:
共享名爲 miscellaneous
共享目錄 miscellaneous 只能被 domain1.example.com 域中的客戶端使用
共享目錄 miscellaneous 必須能夠被瀏覽
用戶 silene 必須能以讀的方式訪問此共享, 訪問密碼是 flectrag
用戶 akira 必須能以讀寫的方式訪問此共享, 訪問密碼是 flectrag
此共享永久掛載在 system2.domain1.example.com 上的 /mnt/multi 目錄, 並使用用戶 silene 做爲認證
任何用戶能夠經過用戶 akira 來臨時獲取寫的權限
system1:
[root@server0 ~]# mkdir /miscellaneous
[root@server0 ~]# chmod o+w /miscellaneous/
[root@server0 ~]# chcon -R -t samba_share_t /miscellaneous/
[root@server0 ~]# smbpasswd -a silene
New SMB password:
Retype new SMB password:
Added user silene.
[root@server0 ~]# smbpasswd -a akira
New SMB password:
Retype new SMB password:
Added user akira.
[root@server0 ~]# vim /etc/samba/smb.conf
[miscellaneous]
path = /miscellaneous
hosts allow = 172.25.0.0/24
browseable = yes
writable = no
write list = akira
[root@server0 ~]# systemctl restart smb nmb
system2:
[root@desktop0 ~]# smbclient -L //172.25.0.11 -U silene
Enter silene's password:
Domain=[STAFF] OS=[Unix] Server=[Samba 4.1.1]
Sharename Type Comment
--------- ---- -------
common Disk
miscellaneous Disk
IPC$ IPC IPC Service (Samba Server Version 4.1.1)
silene Disk Home Directories
Domain=[STAFF] OS=[Unix] Server=[Samba 4.1.1]
Server Comment
--------- -------
SERVER0 Samba Server Version 4.1.1
Workgroup Master
--------- -------
STAFF SERVER0
[root@desktop0 ~]# mkdir /mnt/multi
[root@desktop0 ~]# vim /etc/fstab
//172.25.0.11/miscellaneous /mnt/multi cifs
defaults,multiuser,username=silene,password=flectrag,sec=ntlmssp 0 0
[root@desktop0 ~]# mount -a
[root@desktop0 ~]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/vda1 10G 3.1G 7.0G 31% /
devtmpfs 906M 0 906M 0% /dev
tmpfs 921M 140K 921M 1% /dev/shm
tmpfs 921M 17M 904M 2% /run
tmpfs 921M 0 921M 0% /sys/fs/cgroup
//172.25.0.11/miscellaneous 10G 3.1G 7.0G 31% /mnt/multi
[root@desktop0 ~]# useradd silene #建立測試用戶silene
[root@desktop0 ~]# yum install cifs* -y
[root@desktop0 ~]# su - silene
\Last login: Tue Jul 17 14:16:54 CST 2018 on pts/1
[silene@desktop0 ~]$ cifscreds add server0 -u akira
Password:
[silene@desktop0 ~]$ touch /mnt/multi/test1
[silene@desktop0 ~]$ ls /mnt/multi/
test1
第十題:配置NFS服務
描述:在 system1 配置NFS服務,要求以下:
以只讀的方式共享目錄 /public 同時只能被 domain1.example.com 域中的系統訪問
以讀寫的方式共享目錄 /protected 能被 domain1.example.com 域中的系統訪問
訪問 /protected 須要經過Kerberos安全加密, 您可使用下面URL提供的密鑰 http://host.domain1.example.com/materials/nfs_server.keytab
目錄 /protected 應該包含名爲 confidential 擁有人 爲deepak 的子目錄
用戶 deepak 能以讀寫方式訪問 /protected/confidential
system1:
[root@server0 ~]# mkdir /public
[root@server0 ~]# mkdir -p /protected/confidential
[root@server0 ~]# chcon -R -t public_content_t /public
[root@server0 ~]# chcon -R -t public_content_t /protected/
[root@server0 ~]# chown deepak /protected/confidential/
[root@server0 ~]# vim /etc/exports
/public 172.25.0.0/24(ro,sync)
/protected 172.25.0.0/24(rw,sync,sec=krb5p)
[root@server0~]#wget -O /etc/krb5.keytab
http://classroom.example.com/pub/keytabs/server0.keytab
[root@server0 ~]# vim /etc/sysconfig/nfs
RPCNFSDARGS="-V 4.2"
[root@server0 ~]# setfacl -m u:deepak:rwx /protected/
[root@server0 ~]# firewall-cmd --permanent --add-service=nfs
success
[root@server0 ~]# firewall-cmd --permanent --add-service=mountd
success
[root@server0 ~]# firewall-cmd --permanent --add-service=rpc-bind
success
[root@server0 ~]# firewall-cmd --reload
success
[root@server0 ~]# systemctl restart nfs-server nfs-secure-server
[root@server0 ~]# systemctl enable nfs-server nfs-secure-server
[root@server0 ~]# exportfs -ra
[root@server0 ~]# showmount -e
Export list for server0.example.com:
/protected 172.25.0.0/24
/public 172.25.0.0/24
第十一題:掛載一個NFS共享
描述:在 system2 上掛載一個來自 system1.domain1.example.com 的NFS共享,並符合下列要求:
/public 掛載在下面的目錄上 /mnt/nfsmount
/protected 掛載在下面的目錄上 /mnt/nfssecure 並使用安全的方式,密鑰下載URL以下: http://host.domain1.example.com/materials/nfs_client.keytab
用戶 deepak 可以在 /mnt/nfssecure/confidential 上建立文件
這些文件系統在系統啓動時自動掛載
system2:
[root@desktop0 ~]# mkdir /mnt/nfsmount
[root@desktop0 ~]# mkdir /mnt/nfssecure
[root@desktop0 ~]# showmount -e 172.25.0.11
Export list for 172.25.0.11:
/protected 172.25.0.0/24
/public 172.25.0.0/24
[root@desktop0 ~]# wget -O /etc/krb5.keytab
http://classroom.example.com/pub/keytabs/desktop0.keytab
[root@desktop0 ~]# systemctl restart nfs-secure
[root@desktop0 ~]# systemctl enable nfs-secure
[root@desktop0 ~]# vim /etc/fstab
172.25.0.11:/public /mnt/nfsmount nfs defaults 0 0
172.25.0.11:/protected /mnt/nfssecure nfs defaults,sec=krb5p,v4.2 0 0
[root@desktop0 ~]# mount –a
[root@desktop0 ~]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/vda1 10G 3.1G 7.0G 31% /
devtmpfs 906M 0 906M 0% /dev
tmpfs 921M 80K 921M 1% /dev/shm
tmpfs 921M 17M 904M 2% /run
tmpfs 921M 0 921M 0% /sys/fs/cgroup
172.25.0.11:/public 10G 3.1G 7.0G 31% /mnt/nfsmount
//172.25.0.11/miscellaneous 10G 3.1G 7.0G 31% /mnt/multi
172.25.0.11:/protected 10G 3.1G 7.0G 31% /mnt/nfssecure
第十二題:完成實現一個 web 服務器
描述:在 system1 上配置一個站點 http://system1.domain1.example.com 而後執行下述步驟:
從 http://rhgls.domain1.example.com/materials/station.html 下載文件,而且將文件重命名爲 index.html 不要修改此文件的內容
將文件 index.html 拷貝到您的 web 服務器的 DocumentRoot 目錄下
來自於 domain1.example.com 域的客戶端能夠訪問此Web服務
來自於 my133t.org 域的客戶端拒絕訪問此Web服務
system1:
[root@server0 ~]# yum install -y httpd
[root@server0 ~]# cp /usr/share/doc/httpd-2.4.6/httpd-vhosts.conf /etc/httpd/conf.d/
[root@server0 ~]# vim /etc/httpd/conf.d/httpd-vhosts.conf
<VirtualHost *:80>
DocumentRoot /var/www/html
ServerName server0.example.com
</VirtualHost>
[root@server0 ~]# cd /var/www/html/
[root@server0 html]# wget -O index.html
http://rhgls.domain1.example.com/materials/station.html
[root@server0 html]# cat index.html
server0.example.com
[root@server0 ~]# systemctl restart httpd
[root@server0 ~]# systemctl enable httpd
[root@server0 ~]# firewall-cmd --permanent --add-service=http
success
[root@server0 ~]# firewall-cmd --permanent --add-service=https
success
[root@server0 ~]# firewall-cmd --reload
success
[root@server0 ~]# firewall-config
system2驗證:
[root@desktop0 ~]# firefox
第十三題:配置安全web服務
描述:爲站點 http://system1.domain1.example.com 配置TLS加密
一個已簽名證書從 http://host.domain1.example.com/materials/system1.crt 獲取
此證書的密鑰從 http://host.domain1.example.com/materials/system1.key 獲取
此證書的簽名受權信息從 http://host.domain1.example.com/materials/domain1.crt 獲取
system1:
[root@server0 ~]# yum install mod_ssl –y
[root@server0 ~]# cd /etc/pki/tls/certs/
[root@server0 certs]# wget -O localhost.crt http://classroom/pub/tls/certs/www0.crt
[root@server0 certs]# wget -O server-chain.crt http://classroom/pub/example-ca.crt
[root@server0 ~]# cd /etc/pki/tls/private/
[root@server0 private]# wget -O localhost.key http://classroom/pub/tls/private/www0.key
[root@server0 ~]# vim /etc/httpd/conf.d/ssl.conf
<VirtualHost _default_:443>
DocumentRoot "/var/www/html"
ServerName server0.example.com:443
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
SSLHonorCipherOrder on
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt
[root@server0 ~]# systemctl restart httpd
[root@server0 ~]# systemctl enable httpd
system2驗證:
[root@desktop0 ~]# firefox
第十四題:配置虛擬主機
描述:在 system1 上擴展您的 web 服務器,爲站點 http://www.domain1.example.com建立一個虛擬主機,而後執行下述步驟:
設置 DocumentRoot 爲 /var/www/virtual
從 http://rhgls.domain1.example.com/materials/www.html
下載文件並重命名爲 index.html 不要對文件 index.html 的內容作任何修改
將文件 index.html 放到虛擬主機的 DocumentRoot 目錄下
確保 andy 用戶可以在 /var/www/virtual 目錄下建立文件
system1:
[root@server0 ~]# mkdir -p /var/www/virtual
[root@server0 ~]# ls -Zd /var/www/html/
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 /var/www/html/
[root@server0 ~]# chcon -R -t httpd_sys_content_t /var/www/virtual/
[root@server0 ~]# setfacl -m u:andy:rwx /var/www/virtual/
[root@server0 ~]# cd /var/www/virtual/
[root@server0 virtual]# wget -O index.html
http://rhgls.domain1.example.com/materials/www.html
[root@server0 virtual]# cat index.html
www0.example.com
[root@server0 ~]# vim /etc/httpd/conf.d/httpd-vhosts.conf
<VirtualHost *:80>
DocumentRoot "/var/www/virtual"
ServerName www0.example.com
</VirtualHost>
system2驗證:
[root@desktop0 ~]# firefox
第十五題:配置 web 內容的訪問
描述:在您的system1 上的 web 服務器的 DocumentRoot 目錄下建立一個名爲 secret 的目錄,要求以下:
從 http://rhgls.domain1.example.com/materials/private.html 下載一個文件副本到這個目錄,而且重命名爲 index.html。
不要對這個文件的內容作任何修改。
從 system1 上,任何人均可以瀏覽 secret 的內容, 可是從其它系統不能訪問這個目錄的內容
system1:
[root@server0 ~]# mkdir -p /var/www/html/secret
[root@server0 ~]# chcon -R -t httpd_sys_content_t /var/www/html/secret/
[root@server0 ~]# cd /var/www/html/secret/
[root@server0 secret]# wget -O index.html
http://rhgls.domain1.example.com/materials/private.html
[root@server0 secret]# cat index.html
private test.secret
[root@server0 secret]# vim /etc/httpd/conf.d/httpd-vhosts.conf
<Directory "/var/www/html/secret">
AllowOverride None
Require all denied
Require local
</Directory>
[root@server0 secret]# systemctl restart httpd
[root@server0 secret]# firefox
第十六題:實現動態Web內容
描述:在 system1 上配置提供動態Web內容,要求以下:
動態內容由名爲dynamic.domain1.example.com的虛擬主機提供
虛擬主機偵聽在端口 8998
從 http://rhgls.domain1.example.com/materials/webapp.wsgi 下載一個腳本,而後放在適當的位置, 不管如何不要求修改此文件的內容
客戶端訪問 http://dynamic.domain1.example.com:8998/ 時 應該接收到動態生成的web頁面
此 http://dynamic.domain1.example.com:8998/ 必須能被 domain1.example.com 域內的全部系統訪問
system1:
[root@server0 ~]# yum install mod_wsgi –y
[root@server0 ~]# mkdir -p /var/www/webapp
[root@server0 ~]# chcon -R -t httpd_sys_content_t /var/www/webapp/
[root@server0 ~]# cd /var/www/webapp/
[root@server0 webapp]# wget -O webapp.wsgi
http://rhgls.domain1.example.com/materials/webapp.wsgi
[root@server0 webapp]# vim /etc/httpd/conf.d/httpd-vhosts.conf
listen 8998
<VirtualHost *:8998>
ServerName webapp0.example.com
WSGIScriptAlias / /var/www/webapp/webapp.wsgi
</VirtualHost>
[root@server0 webapp]# firewall-cmd --permanent --add-port=8998/tcp
success
[root@server0 webapp]# firewall-cmd --reload
success
[root@server0 webapp]# firewall-config
[root@server0 webapp]# semanage port -a -t http_port_t -p tcp 8998
[root@server0 webapp]# systemctl restart httpd
system2驗證:
第十七題:建立一個腳本
描述:在system1上建立一個名爲 /root/script 的腳本,讓其提供下列特性:
當運行 /root/script foo,輸出爲 bar
當運行 /root/script bar,輸出爲 foo
當沒有任何參數或者參數不是 foo 或者 bar時, 其錯誤輸出產生如下的信息:
/root/script foo|bar
system1:
[root@server0 ~]# vim /root/script
#!/bin/bash
case $1 in
foo)
echo "bar"
;;
bar)
echo "foo"
;;
*)
echo "/root/script foo|bar"
;;
esac
[root@server0 ~]# chmod +x /root/script
[root@server0 ~]# sh /root/script foo
bar
[root@server0 ~]# sh /root/script bar
foo
[root@server0 ~]# sh /root/script
/root/script foo|bar
第十八題:建立一個添加用戶的腳本
描述:在 system1 上建立一個腳本,名爲 /root/mkusers , 此腳本能實現爲系統 system1 建立本地用戶, 而且這些用戶的用戶名來自一個包含用戶名列表的文件。同時知足下列要求:
此腳本要求提供一個參數,此參數就是包含用戶名列表的文件
若是沒有提供參數,此腳本應該給出下面的提示信息 Usage: /root/mkusers userfile 而後退出並返回相應的值
若是提供一個不存在的文件名,此腳本應該給出下面的提示信息 Input file not found 而後退出並返回相應的值
建立的用戶登陸shell爲 /bin/false
此腳本不須要爲用戶設置密碼
您能夠從下面的URL獲取用戶名列表做爲測試用 http://rhgls.domain1.example.com/materials/userlist
system1:
[root@server0 ~]# wget http://rhgls.domain1.example.com/materials/userlist
[root@server0 ~]# cat userlist
clearlove
Uzi
jack
Faker
[root@server0 ~]# vim /root/mksuers
#!/bin/bash
if [ $# -eq 0 ];then
echo "Usage:/root/mkusers userfile"
exit 1
fi
if [ ! -f $1 ];then
echo "Input file not found"
exit 1
fi
while read line
do
useradd -s /bin/false $line
done < $1
[root@server0 ~]# chmod +x /root/mksuers
[root@server0 ~]# sh /root/mksuers
Usage:/root/mkusers userfile
[root@server0 ~]# sh /root/mksuers mmm
Input file not found
[root@server0 ~]# sh /root/mksuers userlist
[root@server0 ~]# id Uzi
uid=1007(Uzi) gid=1007(Uzi) groups=1007(Uzi)
[root@server0 ~]# id Faker
uid=1009(Faker) gid=1009(Faker) groups=1009(Faker)
[root@server0 ~]# id clearlove
uid=1006(clearlove) gid=1006(clearlove) groups=1006(clearlove)
第十九題:配置 iSCSI 服務端
描述:配置 system1 提供一個 iSCSI 服務磁盤名爲 iqn.2014-12.com.example.domain1:system1 ,並符合下列要求:
服務端口爲 3260
使用 iscsi_vol 做其後端卷 其大小爲 3G
此服務只能被 system2.domain1.example.com 訪問
system1:
[root@server0 ~]# yum install -y target*
[root@server0 ~]# fdisk /dev/vdb #建立邏輯分區5,大小等於3G
[root@server0 ~]# targetcli
Warning: Could not load preferences file /root/.targetcli/prefs.bin.
targetcli shell version 2.1.fb34
Copyright 2011-2013 by Datera, Inc and others.
For help on commands, type 'help'.
/> ls
o- / ......................................................................................................................... [...]
o- backstores .............................................................................................................. [...]
| o- block .................................................................................................. [Storage Objects: 0]
| o- fileio ................................................................................................. [Storage Objects: 0]
| o- pscsi .................................................................................................. [Storage Objects: 0]
| o- ramdisk ................................................................................................ [Storage Objects: 0]
o- iscsi ............................................................................................................ [Targets: 0]
o- loopback ......................................................................................................... [Targets: 0]
/> /backstores/block create iscsi_vol /dev/vdb5
Created block storage object iscsi_vol using /dev/vdb5.
/> /iscsi create iqn.2014-12.com.example.domain1:server0
Created target iqn.2014-12.com.example.domain1:server0.
Created TPG 1.
/> ls
o- / ......................................................................................................................... [...]
o- backstores .............................................................................................................. [...]
| o- block .................................................................................................. [Storage Objects: 1]
| | o- iscsi_vol ..................................................................... [/dev/vdb5 (3.0GiB) write-thru deactivated]
| o- fileio ................................................................................................. [Storage Objects: 0]
| o- pscsi .................................................................................................. [Storage Objects: 0]
| o- ramdisk ................................................................................................ [Storage Objects: 0]
o- iscsi ............................................................................................................ [Targets: 1]
| o- iqn.2014-12.com.example.domain1:server0 ........................................................................... [TPGs: 1]
| o- tpg1 ............................................................................................... [no-gen-acls, no-auth]
| o- acls .......................................................................................................... [ACLs: 0]
| o- luns .......................................................................................................... [LUNs: 0]
| o- portals .................................................................................................... [Portals: 0]
o- loopback ......................................................................................................... [Targets: 0]
/> /iscsi/iqn.2014-12.com.example.domain1:server0/tpg1/acls create
iqn.2014-12.com.example.domain1:desktop0
Created Node ACL for iqn.2014-12.com.example.domain1:desktop0
/> /iscsi/iqn.2014-12.com.example.domain1:server0/tpg1/luns create /backstores/block/iscsi_vol
Created LUN 0.
Created LUN 0->0 mapping in node ACL iqn.2014-12.com.example.domain1:desktop0
/> iscsi/iqn.2014-12.com.example.domain1:server0/tpg1/portals create 172.25.0.11
Using default IP port 3260
Created network portal 172.25.0.11:3260.
/> exit
Global pref auto_save_on_exit=true
Last 10 configs saved in /etc/target/backup.
Configuration saved to /etc/target/saveconfig.json
[root@server0 ~]# firewall-cmd --permanent --add-port=3260/tcp
success
[root@server0 ~]# firewall-cmd --reload
success
[root@server0 ~]# firewall-config
[root@server0 ~]# systemctl restart iscsid
[root@server0 ~]# systemctl restart targetd
[root@server0 ~]# systemctl enable iscsid
[root@server0 ~]# systemctl enable targetd
第二十題:配置 iSCSI 的客戶端
描述:配置 system2 使其能鏈接在 system1 的上提供的 iqn.2014-12.com.example.domain1:system1 並符合如下要求:
iSCSI 設備在系統啓動的期間自動加載
塊設備 iSCSI 上包含一個大小爲 1700 MiB 的分區,並格式化爲 xfs
此分區掛載在 /mnt/data 上 同時在系統啓動的期間自動掛載
system2:
[root@desktop0 ~]# yum install -y iscsi*
[root@desktop0 ~]# vim /etc/iscsi/initiatorname.iscsi
InitiatorName=iqn.2014-12.com.example.domain1:desktop0
[root@desktop0 ~]# systemctl restart iscsi
[root@desktop0 ~]# systemctl enable iscsi
[root@desktop0 ~]# iscsiadm -m discovery -t st -p 172.25.0.11
172.25.0.11:3260,1 iqn.2014-12.com.example.domain1:server0
[root@desktop0 ~]# iscsiadm -m node -T iqn.2014-12.com.example.domain1:server0 -p 172.25.0.11 -l
Logging in to [iface: default, target: iqn.2014-12.com.example.domain1:server0, portal: 172.25.0.11,3260] (multiple)
Login to [iface: default, target: iqn.2014-12.com.example.domain1:server0, portal: 172.25.0.11,3260] successful.
[root@desktop0 ~]# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda 8:0 0 3G 0 disk
vda 253:0 0 10G 0 disk
└─vda1 253:1 0 10G 0 part /
vdb 253:16 0 10G 0 disk
[root@desktop0 ~]# fdisk /dev/sda #建立邏輯分區5,大小1700M
[root@desktop0 ~]# mkfs.xfs /dev/sda5
meta-data=/dev/sda5 isize=256 agcount=8, agsize=54400 blks
= sectsz=512 attr=2, projid32bit=1
= crc=0
data = bsize=4096 blocks=435200, imaxpct=25
= sunit=0 swidth=0 blks
naming =version 2 bsize=4096 ascii-ci=0 ftype=0
log =internal log bsize=4096 blocks=2560, version=2
= sectsz=512 sunit=0 blks, lazy-count=1
realtime =none extsz=4096 blocks=0, rtextents=0
[root@desktop0 ~]# mkdir /mnt/data
[root@desktop0 ~]# vim /etc/fstab
/dev/sda5 /mnt/data xfs defaults,_netdev 0 0
[root@desktop0 ~]# mount -a
[root@desktop0 ~]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/vda1 10G 3.1G 7.0G 31% /
devtmpfs 906M 0 906M 0% /dev
tmpfs 921M 176K 921M 1% /dev/shm
tmpfs 921M 17M 904M 2% /run
tmpfs 921M 0 921M 0% /sys/fs/cgroup
172.25.0.11:/public 10G 3.1G 7.0G 31% /mnt/nfsmount
//172.25.0.11/miscellaneous 10G 3.1G 7.0G 31% /mnt/multi
172.25.0.11:/protected 10G 3.1G 7.0G 31% /mnt/nfssecure
/dev/sda5 1.7G 33M 1.7G 2% /mnt/data
第二十一題:配置一個數據庫
描述:在 system1 上建立一個 MariaDB 數據庫, 名爲 Contacts ,並符合如下條件:
數據庫應該包含來自數據庫複製的內容,複製文件的URL爲 http://rhgls.domain1.example.com/materials/users.mdb 。
數據庫只能被 localhost 訪問。
除了root用戶, 此數據庫只能被用戶 Luigi 查詢。 此用戶密碼爲 flectrag 。
root 用戶的密碼爲 flectrag , 同時不容許空密碼登陸。
system1:
[root@server0 ~]# yum install mariadb* -y
[root@server0 ~]# vim /etc/my.cnf
skip_networking=1
[root@server0 ~]# wget http://classroom.example.com/pub/materials/mariadb/mariadb.dump
[root@server0 ~]# systemctl restart mariadb
[root@server0 ~]# mysql_secure_installation
5個y,第一個y設置數據庫密碼
[root@server0 ~]# mysql -uroot -pflectrag
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 10
Server version: 5.5.35-MariaDB MariaDB Server
Copyright (c) 2000, 2013, Oracle, Monty Program Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
+--------------------+
3 rows in set (0.00 sec)
MariaDB [(none)]> create database Contacts;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> use Contacts;
Database changed
MariaDB [Contacts]> source /root/mariadb.dump
MariaDB [Contacts]> grant select on Contacts.* to Luigi@'localhost' identified by 'flectrag';
Query OK, 0 rows affected (0.00 sec)
MariaDB [Contacts]> exit
Bye
[root@server0 ~]# mysql -uLuigi -pflectrag
第二十二題:數據庫查詢
描述:數據庫查詢,在系統 system1上使用數據庫 Contacts,並使用相應的SQL查詢以回答下列問題:
密碼是 tangerine 的人的名字?
用戶ID號碼爲4654的用戶名成是?
system1:
[root@server0 ~]# mysql -uroot -pflectrag
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 15
Server version: 5.5.35-MariaDB MariaDB Server
Copyright (c) 2000, 2013, Oracle, Monty Program Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| Contacts |
| mysql |
| performance_schema |
+--------------------+
4 rows in set (0.00 sec)
MariaDB [(none)]> use Contacts;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
MariaDB [Contacts]> show tables;
+--------------------+
| Tables_in_Contacts |
+--------------------+
| category |
| department |
| employee |
| manufacturer |
| product |
+--------------------+
5 rows in set (0.00 sec)
MariaDB [Contacts]>
MariaDB [Contacts]> show tables;
+--------------------+
| Tables_in_Contacts |
+--------------------+
| category |
| department |
| employee |
| manufacturer |
| product |
+--------------------+
5 rows in set (0.00 sec)
MariaDB [Contacts]> desc department;
+-----------+--------------+------+-----+---------+-------+
| Field | Type | Null | Key | Default | Extra |
+-----------+--------------+------+-----+---------+-------+
| dept_id | int(11) | YES | | NULL | |
| dept_name | varchar(100) | YES | | NULL | |
+-----------+--------------+------+-----+---------+-------+
2 rows in set (0.01 sec)
MariaDB [Contacts]> desc employee;
+----------+-------------+------+-----+---------+----------------+
| Field | Type | Null | Key | Default | Extra |
+----------+-------------+------+-----+---------+----------------+
| emp_id | int(11) | NO | PRI | NULL | auto_increment |
| emp_name | varchar(50) | YES | | NULL | |
| age | int(11) | YES | | NULL | |
| dept_id | int(11) | YES | | NULL | |
+----------+-------------+------+-----+---------+----------------+
4 rows in set (0.00 sec)
MariaDB [Contacts]> select * from employee where emp_name = "tianyun";
+--------+----------+------+---------+
| emp_id | emp_name | age | dept_id |
+--------+----------+------+---------+
| 1 | tianyun | 19 | 200 |
+--------+----------+------+---------+
1 row in set (0.00 sec)
MariaDB [Contacts]> select * from employee where emp_id = "3";
+--------+----------+------+---------+
| emp_id | emp_name | age | dept_id |
+--------+----------+------+---------+
| 3 | jack | 30 | 201 |
+--------+----------+------+---------+
1 row in set (0.00 sec)
祝考試順利!
- 1. RHCE考試心得
- 2. RHCE考試方向
- 3. RHCE模擬考試
- 4. RHCE考試總結
- 5. RHCSA考試題及RHCE考試題
- 6. RHCE 考試經驗總結
- 7. RHCE考試題答案
- 8. RHCE認證考試介紹
- 9. RHCE考試基礎(五)
- 10. rhce考試題及答案
- 更多相關文章...
- • Lua 調試(Debug) - Lua 教程
- • Eclipse Debug 調試 - Eclipse 教程
- • 爲了進字節跳動,我精選了29道Java經典算法題,帶詳細講解
- • 互聯網組織的未來:剖析GitHub員工的任性之源
-
每一个你不满意的现在,都有一个你没有努力的曾经。
- 1. Window下Ribbit MQ安裝
- 2. Linux下Redis安裝及集羣搭建
- 3. shiny搭建網站填坑戰略
- 4. Mysql8.0.22安裝與配置詳細教程
- 5. Hadoop安裝及配置
- 6. Python爬蟲初學筆記
- 7. 部署LVS-Keepalived高可用集羣
- 8. keepalived+mysql高可用集羣
- 9. jenkins 公鑰配置
- 10. HA實用詳解
- 1. RHCE考試心得
- 2. RHCE考試方向
- 3. RHCE模擬考試
- 4. RHCE考試總結
- 5. RHCSA考試題及RHCE考試題
- 6. RHCE 考試經驗總結
- 7. RHCE考試題答案
- 8. RHCE認證考試介紹
- 9. RHCE考試基礎(五)
- 10. rhce考試題及答案