×××搭建

時間 2020-04-03

標籤搭建简体版

原文原文鏈接

企業部分筆記：node

服務器環境：DEll R610 ，DELL E105106（刀片機）python

紅帽企業7中的瀏覽器中不能識別中文解決辦法：mysql

#yum groupinfo "Server With GUI" //會看到input-methodslinux

#yum groupinstall input-methodsios

虛擬機的快速安裝方法：nginx

首先手動安裝一個非圖形的虛擬機，並配置好yum源，主機名/備份初識源sql

#rm -rf /etc/udev/rules/70-persistent-net.rules //刪除/etc/udev/rules/70-persistent-net.rules shell

#service sshd restart //或者 /etc/init.d/sshd restart數據庫

#rm -rf /etc/ssh/ssh_host_* //刪除 /etc/ssh/ssh_host_* vim

注意：chomd 777 /etc/ssh/ -R 會有錯誤提示

[root@1 etc]# ssh localhost

Read from socket failed: Connection reset by peer

#chmod 755 /etc/ssh/ -R //記得重啓服務

[root@1 etc]# ssh localhost

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!

Someone could be eavesdropping on you right now (man-in-the-middle attack)!

It is also possible that the RSA host key has just been changed.

The fingerprint for the RSA key sent by the remote host is

be:57:c8:5e:9d:e6:8e:32:09:c0:eb:04:52:e4:ac:0e.

Please contact your system administrator.

Add correct host key in /root/.ssh/known_hosts to get rid of this message.

Offending key in /root/.ssh/known_hosts:2

RSA host key for localhost has changed and you have requested strict checking.

Host key verification failed.

解決方法: echo "" >/root/.ssh/known_hosts //這樣就ok了

[root@1 etc]# ssh localhost

The authenticity of host 'localhost (::1)' can't be established.

RSA key fingerprint is be:57:c8:5e:9d:e6:8e:32:09:c0:eb:04:52:e4:ac:0e.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added 'localhost' (RSA) to the list of known hosts.

root@localhost's password:

Last login: Tue Apr 7 05:51:50 2015 from localhost

接着管道火牆和selinux

#service iptables stop

#chkconfig iptables off

#vim /etc/selinux/config //Enforcing改爲：disabled 重啓機器

#cd /var/lib/libvirt/p_w_picpaths

#qemu-img -h base.img

#qemu-img info base.img //查看base.img鏡像的狀況

#qemu-img convert -c -O qcow2 base.img base.qcow2 //這樣base.qcow2文件就能夠拿回家了方便管理

#qemu-img create -f qcow2 -b base.qcow2 vm1.ovl //vm1.ovl這個就是建立的虛擬機文件能夠在虛擬機建立哪裏導入

一個小知識點：網絡配置文件裏的PREFIX=24<==>NETMASK=255.255.255.0

強制安裝rpm包時使用--nodeps參數即#rpm -ivh --nodeps 包名

企業部分所涵蓋的內容：

1，email postfix +mysql+extmail+mailscanner+clamav+spamassain

2，lamp lnmp jsp tomcat+memcache + session

3，監控：cacti+nagios+微信

4，cluster HA+LB rhcsm corosync+pacemaker keepalived haproxy heartbeat lvs nginx haproxy

5，mfs glusterfs hdfs hadoop hdfs+mapreduce

6，mysql cluster mysql AB

7，rhevh

8，openstack IAAS

9，*** drbd gfs2

10，python + shell

***：虛擬專用網絡，openssl協議 pptp協議端口爲1723 https協議443

前期準備，由於本人是在Windows下裝的非圖形虛擬機，因此須要將事先準備好的pptpd-1.3.4-2.el6.x86_64

pptp-setup-1.7.2-8.1.el6.x86_64,ppp-2.4.4.tar,freeradius-mysql-2.1.12-3.el6.x86_64,freeradius-utils-2.1.12-3.el6.x86_64

本人搭建了Samba服務器實現

Samba：案例

#yum install -y samba samba-client

#vim /etc/samba/smb.conf //[global]部分 MYGROUP 改成WORKGROUP security = user 改成 security = share

末尾處加入：

[share]

comment = share all

path = /tmp/samba

browseable = yes

public = yes

writable = yes

#mkdir /tmp/samba

#chmod 777 /tmp/samba

#touch /tmp/samba/sharefiles

#echo "111111" > /tmp/samba/sharefiles

[root@1 ***]# service smb start

Starting SMB services: [ OK ]

啓動：/etc/init.d/smb start //注意必定要關掉防火牆以及selinux否則影響結果

檢查配置的smb.conf是否正確 testparm

測試1：win機器瀏覽器輸入 file://192.168.217.134/share

或者運行欄輸入： \\192.168.217.134\share

這下就能夠把搭建***用到的rpm包copy到此目錄使用

測試2：linux在命令行中輸入

[root@3 peers]# smbclient //192.168.217.134/share

Enter root's password:

Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.6.23-14.el6_6]

Server not using user level security and no password supplied.

smb: \> ls

. D 0 Tue Apr 7 08:02:42 2015

.. D 0 Fri Apr 10 20:27:15 2015

*** D 0 Wed Apr 8 13:38:43 2015

sharefiles 5 Tue Apr 7 07:12:58 2015

38225 blocks of size 262144. 31216 blocks available

smb: \> cd ***\

smb: \***\> ls

. D 0 Wed Apr 8 13:38:43 2015

.. D 0 Tue Apr 7 08:02:42 2015

freeradius-mysql-2.1.12-3.el6.x86_64.rpm A 55744 Sun Apr 5 18:14:38 2015

freeradius-utils-2.1.12-3.el6.x86_64.rpm A 121208 Wed Apr 8 12:38:20 2015

freeradius-mysql-2.1.12-4.el6_3.x86_64.rpm A 56916 Wed Apr 8 12:38:20 2015

ppp-2.4.5.tar.gz A 684342 Wed Dec 25 11:33:32 2013

pptp-setup-1.7.2-8.1.el6.x86_64.rpm A 12024 Wed Dec 25 11:33:32 2013

freeradius-2.1.12-4.el6_3.x86_64.rpm A 1458328 Wed Apr 8 13:23:12 2015

sslexplorer_linux_1_0_0_RC17.rpm A 22198991 Sun Apr 5 18:14:30 2015

ppp-2.4.4 D 0 Tue May 30 07:52:09 2006

pptp-1.7.2-3.rhel5.i386.rpm A 72523 Wed Dec 25 11:33:32 2013

adito-0.9.1-bin.zip A 19371203 Sun Apr 5 18:14:32 2015

freeradius-utils-2.1.12-4.el6_3.x86_64.rpm A 122372 Wed Apr 8 12:38:20 2015

ppp-2.4.4.tar.gz A 688763 Wed Dec 25 11:33:32 2013

pptpd-1.3.4-2.el6.x86_64.rpm A 74392 Sun Apr 5 18:14:30 2015

pptpd-1.3.4-1.rhel5.1.i386.rpm A 81566 Wed Dec 25 11:33:32 2013

38225 blocks of size 262144. 31216 blocks available

smb: \***\>

###############################################################

實驗開始

第一部分（採用文件驗證型的即在文件中寫入***用戶名及密碼的形式）

首先準備三臺機器，A，B，C即1,2,3 主機名也是1 ，2， 3 //關掉防火牆，selinux確保

對A機器即1 以下操做：

eth0：ip 192.168.217.134

eth1: ip 192.168.40.135

#vim /etc/hosts

192.168.217.134 1

192.168.40.136 2

192.168.217.135 3

#yum localinstall -y pptpd-1.3.4-2.el6.x86_64

#sysctl -p //查看net.ipv4.ip_forward = 0

將0該爲1，意思是開啓端口轉發功能。

#vim /etc/pptpd.conf

添加

localip 192.168.217.134

remoteip 192.168.40.140-145

#vim /etc/ppp/chap-secrets

添加

***user1 pptpd westos *

***user2 pptpd redhat 192.168.40.30 //這個不在remoteip 192.168.10.10-20範圍內

#service pptpd start

對B機器即2以下操做

#vim /etc/hosts

192.168.40.135 1

192.168.40.136 2

#ifconfig eth0 192.168.40.136 netmask 255.255.255.0

#ping 192.168.40.135 //測試下可否ping通A

對C機器即 3 以下操做：

#vim /etc/hosts

192.168.217.134 1

192.168.217.135 3

eth0：ip 192.168.217.135

#yum localinstall -y pptp-setup-1.7.2-8.1.el6.x86_64

[root@3 ~]# pptpsetup --create my*** --server 192.168.217.134 --username ***user1 --password westos --encrypt --start

Using interface ppp0

Connect: ppp0 <--> /dev/pts/1

CHAP authentication succeeded

MPPE 128-bit stateless compression enabled

local IP address 192.168.40.140

remote IP address 192.168.217.134

[root@3 ~]# pptpsetup --create my*** --server 192.168.217.134 --username ***user2 --password redhat --encrypt --start

Using interface ppp1

Connect: ppp1 <--> /dev/pts/2

CHAP authentication succeeded

MPPE 128-bit stateless compression enabled

local IP address 192.168.40.30

remote IP address 192.168.217.134

#ip addr show

#route add -net 192.168.40.0/24 dev ppp0

#ping 192.168.40.136 //通了說明第一部分配置成功

[root@3 ~]# route add -net 192.168.40.0/24 dev ppp0

[root@3 ~]# ping 192.168.40.136

PING 192.168.40.136 (192.168.40.136) 56(84) bytes of data.

64 bytes from 192.168.40.136: icmp_seq=1 ttl=63 time=867 ms

64 bytes from 192.168.40.136: icmp_seq=2 ttl=63 time=60.8 ms

64 bytes from 192.168.40.136: icmp_seq=3 ttl=63 time=46.0 ms

64 bytes from 192.168.40.136: icmp_seq=4 ttl=63 time=46.8 ms

--- 192.168.40.136 ping statistics ---

4 packets transmitted, 4 received, 0% packet loss, time 3691ms

rtt min/avg/max/mdev = 46.056/255.388/867.804/353.627 ms

第二部分採用mysql數據庫驗證的方式（即mysql存儲***用戶名以及密碼的形式）

須要下載freeradius-2.1.12-4.el6_3.x86_64，freeradius-mysql-2.1.12-4.el6_3.x86_64，freeradius-utils-2.1.12-4.el6_3.x86_64

，ppp-2.4.4.tar mysql-server

A機器操做

#yum install -y mysql-server

#yum localinstall -y freeradius freeradius-mysql freeradius-utils //或者rpm -ivh freeradius*

#tar -zxvf ppp-2.4.4.tar

#mkdir /etc/radiusclient

#cp ppp-2.4.4/pppd/plugins/radius/etc/* /etc/radiusclient/

#cd /etc/radiusclient/

#vim servers

localhost westos

#vim radiusclient.conf //將一下文件的 "/usr/local/"去掉

servers /etc/radiusclient/servers

dictionary /etc/radiusclient/dictionary

mapfile /etc/radiusclient/port-id-map

issue /etc/radiusclient/issue

#vim /etc/ppp/options.pptpd

末尾添加

plugin /usr/lib64/pppd/2.4.5/radius.so

#cd /etc/raddb/

#vim clients.conf

secret = westos //和/etc/radiusclient/servers文件裏寫的同樣

#vim /etc/raddb/radiusd.conf //去掉#

$INCLUDE sql.conf

#vim /etc/raddb/sites-available/default //將文件中的參數們改爲一下形式

authorize {

# files

sql

}

accounting {

# radutmp

sql

}

session {

# radutmp

sql

}

post-auth {

sql

}

#vim /etc/raddb/sql.conf //不須要改啥

#vim /etc/raddb/sql/mysql/dialup.conf //去掉每行前面的註釋#

simul_count_query = "SELECT COUNT(*) \

FROM ${acct_table1} \

WHERE username = '%{SQL-User-Name}' \

AND acctstoptime IS NULL"

#vim /etc/ppp/chap-secrets //刪掉***user1 ，***user2兩行

#service mysqld start

#mysql_secure_installation //設置mysql數據庫密碼

#mysql -uroot -pwestos //登陸數據庫

#mysqladmin -pwestos create radius //建立數據庫radius

#cd /etc/raddb/sql/mysql/

#mysql -pwestos radius < schema.sql

#mysql -pwestos < admin.sql

#mysql -uradius -pradpass radius

#vim add.sql

use radius

insert into radgroupreply (groupname,attribute,op,value) values ('user','Auth-Type',':=','Local');

insert into radgroupreply (groupname,attribute,op,value) values ('user','Service-Type',':=','Framed-User');

insert into radgroupreply (groupname,attribute,op,value) values ('user','Framed-IP-Address',':=','255.255.255.254');

insert into radgroupreply (groupname,attribute,op,value) values ('user','Framed-IP-Netmask',':=','255.255.255.0');

insert into radcheck (username,attribute,op,value) values ('***user1','User-Password',':=','westos');

insert into radusergroup (username,groupname) values ('***user1','user');

insert into radcheck (username,attribute,op,value) values ('***user2','User-Password',':=','redhat');

insert into radusergroup (username,groupname) values ('***user2','user');

#mysql -pwestos < add.sql

#service radiusd start

#service pptpd stop

#service pptpd start

#radtest ***user1 westos localhost 0 westos//一下進行本地測試

本人測試以下：

[root@1 radiusclient]# radtest ***user1 westos localhost 0 westos

Sending Access-Request of id 89 to 127.0.0.1 port 1812

User-Name = "***user1"

User-Password = "westos"

NAS-IP-Address = 0.0.0.1

NAS-Port = 0

Message-Authenticator = 0x00000000000000000000000000000000

rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=89, length=38

Service-Type = Framed-User

Framed-IP-Address = 255.255.255.254

Framed-IP-Netmask = 255.255.255.0

[root@1 radiusclient]# radtest ***user2 redhat localhost 0 westos

Sending Access-Request of id 78 to 127.0.0.1 port 1812

User-Name = "***user2"

User-Password = "redhat"

NAS-IP-Address = 0.0.0.1

NAS-Port = 0

Message-Authenticator = 0x00000000000000000000000000000000

rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=78, length=38

Service-Type = Framed-User

Framed-IP-Address = 255.255.255.254

Framed-IP-Netmask = 255.255.255.0

#service mysqld restart

[root@3 log]# pptpsetup --create my*** --server 192.168.217.134 --username ***user1 --password westos --encrypt --start

Using interface ppp1

Connect: ppp1 <--> /dev/pts/2

CHAP authentication succeeded

MPPE 128-bit stateless compression enabled

local IP address 192.168.40.140

remote IP address 192.168.217.134

[root@3 log]# pptpsetup --create my*** --server 192.168.217.134 --username ***user2 --password redhat --encrypt --start

Using interface ppp0

Connect: ppp0 <--> /dev/pts/0

CHAP authentication succeeded

MPPE 128-bit stateless compression enabled

local IP address 192.168.40.140

remote IP address 192.168.217.134

[root@3 peers]# route add -net 192.168.40.0/24 dev ppp0

[root@3 peers]# ping 192.168.40.136

PING 192.168.40.136 (192.168.40.136) 56(84) bytes of data.

64 bytes from 192.168.40.136: icmp_seq=1 ttl=63 time=321 ms

64 bytes from 192.168.40.136: icmp_seq=2 ttl=63 time=4.02 ms

64 bytes from 192.168.40.136: icmp_seq=3 ttl=63 time=3.89 ms

//已經能ping通B機器了，說明***服務已經搭建成功。

#若是出現問題，查看/var/log/radius/radius.log

tail -f /var/log/radius/radius.log

相關標籤/搜索

每日一句

每一个你不满意的现在，都有一个你没有努力的曾经。