2021-08-02 Linux — 初始化服务器练习
环境
-
VMware -
CentOS 7.5 minimal
个人习惯配置
1、配置Xshell连接(内网)
VMware ——》 编辑 ——》 虚拟网络编辑器 —— 》 查看 Nat 连接的网络地址192.168.36.0
主机中 VMnet8 设为该网段下某 ip
虚拟机中给默认接口添加该网段下的IP
vi /etc/sysconfig/network-scripts/ifcfg-ens33
BOOTPROTO=dhpc => static
ONBOOT=no => yes
IPADDR=192.168.36.130
PREFIX=24
ESC + :wq
systemctl restart network
Xshell 连接 192.168.36.130
2、配置连接外网(添加网关)
VMware ——》 编辑 ——》 虚拟网络编辑器 —— 》 NAT设置 ——》 网关 192.168.36.2
vi /etc/sysconfig/network-scripts/ifcfg-ens33
GATWAY=192.168.36.2
ping 180.76.76.76可行,ping www.baidu.com不可行,需配置DNS
vi /etc/sysconfig/network-scripts/ifcfg-ens33
DNS1=223.5.5.5
DNS2=114.114.114.114
会
自动生成,或手动添加
vim /etc/resolv.conf
nameserver 223.5.5.5
nameserver 114.114.114.114
3、配置阿里yum源
cd /etc/yum.repos.d/
mv CentOS-Base.repo CentOS-Base.repo.bp
yum install -y wget
wget http://mirrors.aliyun.com/repo/Centos-7.repo
磁盘管理
题目:
- 创建两个 LVM , 挂载路径分别为 /data1 和 /data2,要求 /data1 的格式为 ext4, /data2 的格式为 xfs
- 挂载 ISO 镜像,并把 ISO 配置为本地 yum 源(需要开启可以?动挂载)
相关指令:
lsblk
fdisk -l
fdisk /dev/sdb
fdisk > t 8e
pvcreate /dev/sdb1
vgcreaten sdb1_vg /dev/sdb1
lvcreate sdb1_lv sdb1_vg
mkfs.ext4 /dev/sdb1_vg/sdb1_lv
mount /sdb1_vg/sdb1_lv /data1
vi /etc/fstab
/dev/sdb1_vg/sdb1_lv /data1 ext4 defaults 0 0
mount -a
pvscan
vgscan
lvscan
df -h |grep /dev/
vi /etc/yum.repo.d/cdrom.repo
[cdrom]
name=cdrom
baseurl=file:///media/cdrom/
gpgcheck=1
enable=1
yum repolist |grep cdrom
/mnt
/media/mnt
cat > 1.txt <<EOF
aaa
bbb
ccc
脚本实现:
1、创建两个 LVM , 挂载路径分别为 /data1 和 /data2,要求 /data1 的格式为 ext4, /data2 的格式为 xfs
先在VMware上添加硬盘,若lsblk看不到,则修改虚拟设备节点为SCSI 1:X
echo "
n
p
1
2G
n
p
2
w" | fdisk /dev/sdb
或
fdisk /dev/sdb << EOF
n
p
1
+2G
n
p
2
w
EOF
pvcreate /dev/sdb1
pvcreate /dev/sdb2
vgcreate sdb1_vg /dev/sdb1
vgcreate sdb2_vg /dev/sdb2
lvcreate -l 100%VG -n sdb1_lv sdb1_vg
lvcreate -l 100%VG -n sdb2_lv sdb2_vg
mkfs.ext4 /dev/sdb1_vg/sdb1_lv
mkfs.xfs /dev/sdb2_vg/sdb2_lv
mkdir /data1
mkdir /data2
mount /dev/sdb1_vg/sdb1_lv /data1
mount /dev/sdb2_vg/sdb2_lv /data2
2、挂载 ISO 镜像,并把 ISO 配置为本地 yum 源(需要开启可以?动挂载)
mkdir -p /media/cdrom
cat >> /etc/fstab << EOF
/dev/sr0 /media/cdrom iso9660 defaults 0 0
EOF
mount -a
cat > /etc/yum.repos.d/cdrom.repo << EOF
[cdrom]
name=cdrom
baseurl=file:///media/cdrom/
gpgcheck=1
enable=1
EOF
yum repolist |grep cdrom
初始化服务器
题目:
一、
- 关闭防?墙
- 关闭 SELinux
- 修改最??件打开数为 102400
- 修改服务器IP地址为静态IP。
- 修改 DNS,?选为 127.0.0.1,备?为 114.114.114.114
- 配置时间同步,时间源为 s1b.time.edu.cn
二、
以上6个操作尝试写成两个脚本,要求:
init.sh 脚本为执?初始化的操作
check.sh 脚本为检查上述的操作
所有脚本都需要有输出,并且所有的输出都需要输出到 init.log 和 check.log 中
相关指令:
筛选内容指令
cat /etc/chrony.conf |egrep -v '#|^$'
cat XXX.conf |grep "XXX"|awk -F'=' '{print $NF}'
cat /etc/resolv.conf |egrep -v '#|^$' |grep nameserver | head -2 | tail -1
配置
systemctl stop firewalld
systemctl disable firewalld
setenforce 0
sed -i "/SELINUX=/s/enforcing/disabled/g" /etc/selinux/config
vi /etc/security/limits.conf
root soft nofile 102400
root soft nofile 102400
ulimit -n 102400
vi /etc/sysconfig/network-scripts/ifcfg-ens33
BOOTPROTO=dhcp => static
ONBOOT=no => yes
vi /etc/sysconfig/network-scripts/ifcfg-ens33
DNS1=127.0.0.1
DNS2=114.114.114.114
yum -y install chrony
vi /etc/chrony.conf
server s1b.time.edu.cn
systemctl start chronyd
检查命令
systemctl status firewalld
systemctl is-active firewalld
systemctl is-fail firewalld
getenforce
ulimit -n
cat /etc/sysconfig/network-scripts/ifcfg-eth0 \
|grep BOOTPROTO | awk -F'=' '{print $NF}'
cat /etc/resolv.conf |egrep -v '#|^$' |grep nameserver |head -1
cat /etc/resolv.conf |egrep -v '#|^$' |grep nameserver |head -2 |tail -1
chronyc sources -v
脚本:
init.sh
systemctl stop firewalld
systemdctl disable firewalld
setenforce 0
sed -i "/SELINUX=/s/enforcing/disabled/g" /etc/selinux/config
root soft nofile 102400
root hard nofile 102400
cat > /tmp/ifcfg-eth0 <<EOF
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=eth0
UUID=db89c4ab-4480-4228-943f-b1f339881c5a
DEVICE=eth0
ONBOOT=yes
IPADDR=192.168.110.201
PREFIX=24
GATEWAY=192.168.110.1
DNS1=127.0.0.1
DNS2=114.114.114.114
EOF
yum -y install chrony
cat > /etc/chrony.conf <<EOF
server s1b.time.edu.cn iburst
driftfile /var/lib/chrony/drift
makestep 1.0 3
rtcsync
logdir /var/log/chrony
EOF
systemctl start chronyd
chronyc sources -v
check.sh
firewalldStatus=$(systemctl is-active firewalld)
if [ "$firewalldStatus" != "active" ];
then
echo "防火墙未启动"
else
echo "防火墙未关闭"
fi
selinuxStatus=$(getenforce)
if [ "$selinuxStatus" != "Enforcing" ];
then
echo "SELinux未启动"
else
echo "SELinux未关闭"
fi
ulimitStatus=$(ulimit -n)
if [ $ulimitStatus -ne 102400 ];
then
echo "ulimit 未设置"
else
echo "ulimit 已设置"
fi
staticOrNot=$(cat /etc/sysconfig/network-scripts/ifcfg-eth0 \
|grep BOOTPROTO \
|awk -F'=' '{print $2}')
if [ "$staticOrNot" != "dhcp" ];
then
echo "已设置静态IP"
else
echo "未设置静态IP"
fi
FirstDNS=$(cat /etc/resolv.conf |egrep -v '#|^$' |grep nameserver |head -1 | awk '{print $NF}')
if [ "$FirstDNS" == "127.0.0.1" ];
then
echo "已设置首选DNS 为127.0.0.1"
else
echo "未设置首选DNS 为127.0.0.1"
fi
SecDNS=$(cat /etc/resolv.conf |egrep -v '#|^$' |grep nameserver |head -2 |tail -1 | awk '{print $NF}')
if [ "$SecDNS" == "114.114.114.114" ];
then
echo "已设置备用DNS 为114.114.114.114"
else
echo "未设置备用DNS 为114.114.114.114"
fi
ntpServer=$(chronyc sources |grep '\^' |awk '{print $2}')
digResult=$(dig s1b.time.edu.cn +short)
if [ "$ntpServer" == "$digResult" ];
then
echo "已配置时间源服务器"
else
echo "未配置时间源服务器"
fi
DNS检测
安装
yum -y install bind-utils
dig <域名>
nslookup,host,nsupdate 等指令
https://www.cnblogs.com/bluestorm/p/10345334.html
|