导语 做个RHCSA和RHCE的笔记好了
RHCSA 1. 破密码 在登陆界面按E进入,然后在linux内核那一行加上 console=tty0 rd.breakctrl+X保存退出
重启之后进入tty0,需要做以下操作
mount -o remount,rw /sysroot chroot /sysroot passwd root touch /.autorelabel exit
2. 修改ip地址和主机名 nmcli con add con-name rhcsa type ethernet ifname eht0 ipv4.method manuual ipv4.addresses 1.2.3.4/24 ipv4.gateway 1.2.3.1 ipv4.dns 1.2.3.2 autoconnect yes nmcli con up rhcsa nmcli con mod "Wired connection 1" ipv4.me ma autoconnect yes ipv4.addresses 1.2.3.4/24 ipv4.gateway 1.2.3.1 ipv4.dns 1.2.3.2 nmcli con up Wired connection 1 hostnamectl set-hostname AAAA hostnamectl
3. 配置yum库
vi /etc/yum.repo.d/rhcsa.repo 内容为 [baseos] name=baseos baseurl=http://repo.domain10.example.com/rhel80/BaseOS gpgcheck=0 enabled=1 [appstream] name=appstream baseurl=http://repo.domain10.example.com/rhel80/AppStream gpgcheck=0 enabled=1 yum repolist yum install -y vim
4. 调试selinux
semanage fcontext -a -t httpd_sys_content_t '/var/www/html(/.*)?' restorecon -RvF /var/www/html semanage port -a -t http_port_t -p tcp 82 semanage port -l | grep http firewall-cmd --add-port 82/tcp --per firewall-cmd --reload firewall-cmd --list-port systemctl restart httpd curl system1:82
5. 创建用户账户
useradd natasha -G sysmgrs useradd harry -G sysmgrs useradd sarah -s /sbin/nologin echo 123 | passwd --stdin natasha echo 123 | passwd --stdin harry echo 123 | passwd --stdin sarah # 想检查的话可以 cat /etc/group
6. 配置cron
[root@system1 ~]# crontab -u natasha -e no crontab for natasha - using an empty one crontab: installing new crontab [root@system1 ~]# crontab -u natasha -l */5 * * * * logger \u201cEX200 in progress\u201d 23 14 * * * /bin/echo enjia
7. 创建协作目录
mkdir /home/managers chgrp sysmgrs /home/managers chmod g=rwx /home/managers chmod o=--- /home/managers/ chmod g+s /home/managers/ ls -ld /home/managers
8. 配置NTP
vim /etc/chrony.conf systemctl restart chronyd chronyc sources
9. 配置autofs
yum install -y nfs-utils autofs vim /etc/auto.master /rhel /etc/auto.user1 vim /etc/auto.user1 user1 -rw host.domain10.example.com:/rhel/user1 systemctl restart autofs systemctl enable autofs ls -d /rhel su - user1 pwd df -Th /rhel/user1
10. 配置权限
cp /etc/fstab /var/tmp/fstab chown root /var/tmp/fstab chmod -x /var/tmp/fstab setfacl -m u:natasha:rw /var/tmp/fstab setfacl -m u:harry:--- /var/tmp/fstab chmod o=r-- /var/tmp/fstab
11. 配置用户账户
useradd user2 --uid 3388 echo 123 | passwd --stdin user2
12. 查找文件
find / -user user3 -exec cp -a {} /root/dfiles/ \; vim /bin/repwis find /usr -perm g+s -size +3M -size -5M -exec basename {} > /root/myfiles/find-file1.txt \; find /usr -perm u+s -size +30k -size -50k -exec basename {} > /root/myfiles/find-file2.txt \;
13. 查找字符串
grep re /usr/share/rhel.xml > /root/files
14. 创建存档
yum install -y bzip2 tar tar -zcvf /root/books.tar.gz /usr/local tar -jcvf /root/books.tar.bz2 /usr/local
15. 调整逻辑卷大小
lvextend /dev/vg-exam/vo1 -L 180M lvextend /dev/vg-exam/vo2 -L 180M lvs df -Th /mnt/vo1 /mnt/vo2 resize2fs /dev/vg-exam/vo1 xfs_growfs /mnt/vo2
16.添加交换分区
ls /dev/vdb* fdisk /dev/vdb n default default default +567M w ls /dev/vdb* partprobe mkswap /dev/vdb2 free -m vim /etc/fstab UUID=843fc074-aae5-4f2e-aa91-a762030cf389 swap swap defaults 0 0 swapon -a free -m
17. 创建逻辑卷
fdisk /dev/vdb n default default default +1G w ls /dev/vdb* pvcreate /dev/vdb3 vgcreate -s 20M npgroup /dev/vdb3 lvcreate -n np -l 45 npgroup mkfs.ext3 /dev/npgroup/np mkdir /mnt/np vim /etc/fstab /dev/npgroup/np /mnt/np ext3 default 0 0 mount -a df -Th
18. 创建vdo卷
yum install -y vdo vdo create --name=vdoname --device=/dev/vdc --vdoLogicalSize=80G mkfs.xfs /dev/mapper/vdoname mkdir /vbark vim /etc/fstab /dev/mapper/vdoname /vbark xfs _netdev 1 2 mount -a df -Th
19 配置系统调优
tuned-adm recommend tuned-adm list tuned-adm profile virtual-guest tuned-adm list
20. 容器
vim /etc/systemd/journald.conf systemctl restart systemd-journald find /var/log /journal -name "*.journal" -exec cp -a {} /home/elovodo/container_journal chown -R elovodo:elovodo /home/elovodo/container_journal/ ssh elovodo@localhost podman login utility.example.com:5000 podman search rlogserver podman pull utility.example.com:5000/rlogserver podman imgaes podman run -idt -v /home/elovodo/container_journal:/var/log /journal:Z --name container_logserver utility.example.com:5000/rlogserver podman ps -a mkdir ~/.config/systemd/user -p cd ~/.config/systemd/userpodman generate systemd --new --files --name container_logserver mv container-container_logserver.service container_logserver.service podman stop container_logserver podman rm container_logserver loginctl enable-linger systemctl --user daemon-reload systemctl --user enable container_logserver --now podman ps -a systemctl ---user status container_logserver vim ~/.bashrc umask 0077 systemctl reboot
21. 修改密码有效期
chage -M 120 -m 7 glsgreat chage -l glsgreat
22. 配置超级用户
visudo ## Same thing without a password # %wheel ALL=(ALL) NOPASSWD: ALL # 在这里加一行 glsgood ALL=(ALL) NOPASSWD: ALL
RHCE 1. 配置安装ansible
环境没给control节点配yum库,需要我们自己配
sudo yum-config-manager --add-repo url
url考试应该会给。然后会发现没有gpgkey,所以vim进去把gpgcheck=0添上
sudo yum install -y ansible
即可安装好ansible。
然后按照题目所说,建立ansible文件夹和roles文件夹
创建inventory内容是
[dev ] node1 [test ] node2 [prod ] node3 node4 [balancers ] node5 [webservers:children ] prod
理论上说应该在最前面吧ndoe1——5给他全写一遍,但是因为我们的操作都是按照组名来操作,而且gls的脚本也没用我们的inventory,所以其实可以不写,如果不放心考试的时候写一下也无妨。
ansible.cfg的内容是
[defaults] inventory = /home/greg/ansible/inventory roles_path = /home/greg/ansible/roles:/usr/share/ansible/roles remote_user = greg ask_pass = false [privilege_escalation] become = true become_method = sudo become_user = root become_ask_pass = false
检查的话我偏向于使用
每个组都有回显就没毛病
2. 创建和运行ansible临时命令
编辑adhoc.sh
ansible all -m yum_repository -a "name='EX294_BASE' description='EX294 base software' baseurl='http://repo.domainx.example.com/BaseOS' gpgcheck=1 gpgkey='http://repo.domainx.example.com/RPM-GPG-KEY-redhat-release' enabled=1" ansible all -m yum_repository -a "name='EX294_STREAM' description='EX294 stream software' baseurl='http://repo.domainx.example.com/AppStream' gpgcheck=1 gpgkey='http://repo.domainx.example.com/RPM-GPG-KEY-redhat-release' enabled=1"
给予执行权限然后执行就行
3. 安装软件包
编辑packages.yml
--- - name: install pkg hosts: dev,test,prod tasks: - name: use yum yum: name: - php - mariadb state: latest - name: install rpm yum: name: "@RPM Development Tools" state: latest when: "'dev' in group_names" - name: install all yum: name: "*" state: latest when: '"dev" in group_names'
4. 使用RHEL系统角色
先 sudo yum install -y rhel-system-roles
然后再在ansible.cfg里roles_path加上/usr/share/ansible/roles,用冒号隔开(我上面写的已经包含这个了)
timesync.tml为
--- - name: use timesyn role hosts: all vars: timesync_ntp_servers: - hostname: 172.25 .254 .254 iburst: yes roles: - rhel-system-roles.timesync
selinux.yml为
--- - name: use selinux role hosts: all vars: selinux_policy: targeted selinux_state: enforcing roles: - rhel-system-roles.selinux
5. 使用ansible Galaxy安装角色
requirements.yml为
- src: http://rhgls.domainx.example.com/materials/haproxy.tar name: balancer - src: http://rhgls.domainx.example.com/materials/phpinfo.tar name: phpinfo
然后ansible-galgxy install -r requirements.yml,即可发现在roles下面多了两个角色
使用ansible-galaxy list可以看到
6. 创建一个web role
在roles里使用
ansible-galaxy init apache
然后编辑roles/apache/template/index.html.j2为
Welcome to {{ ansible_fqdn }} on {{ ansible_default_ipv4.address }}
在然后编辑roles/apache/tasks/main.yml为
- name: install httpd yum: name: httpd state: latest - name: enable httpd service: name: httpd state: started enabled: yes - name: enable firewalld service: name: firewalld state: started enabled: yes - name: set firewalld firewalld: service: http immediate: yes permanent: yes state: enabled - name: set web content template: src: index.html.j2 dest: /var/www/html/index.html
然后编辑apache.yml为
--- - name: use apache hosts: webservers roles: - apache
7. 从ansible Galaxy使用角色
编辑roles.tml
--- - name: use haproxy hosts: balancers roles: - balancer tasks: - name: set firewall firewalld: service: http permanent: yes immediate: yes state: enabled - name: use phoinfo role hosts: webservers roles: - phpinfo
8. 创建和使用逻辑卷
编辑lv.yml
--- - name: create lv hosts: all tasks: - block: - name: create lv of 1500m lvol: vg: research lv: data size: 1500 - name: format ext4 fs filesystem: fstype: ext4 dev: /dev/research/data rescue: - name: out put info debug: msg: 'Could not create logical volume of that size' when: "ansible_lvm.vgs.research is defined" - name: create lv of 800m lvol: vg: research lv: data size: 800 when: "ansible_lvm.vgs.research is defined" - name: format filesystem: fstype: ext4 dev: /dev/research/data when: "ansible_lvm.vgs.research is defined" - name: output info debug: msg: Volume group does not exist when: "ansible_lvm.vgs.research is undefined"
9. 生成主机文件
下载hosts.j2后编辑
127.0 .0 .1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 {% for host in groups.all % } {{ hostvars [host ].ansible_default_ipv4.address }} {{ hostvars [host ].ansible_fqdn }} {{ hostvars [host ].ansible_hostname }} {% endfor % }
编辑hosts.yml
--- - name: create hsot hosts: all tasks: - name: use template template: src: hosts.j2 dest: /etc/myhosts when: "'dev' in group_names"
10. 修改文件内容
编辑issue.yml
--- - name: mod file content hosts: all tasks: - copy: content: Development dest: /etc/issue when: '"dev" in group_names' - copy: content: Test dest: /etc/issue when: '"test" in group_names' - copy: content: Production dest: /etc/issue when: '"prod" in group_names'
11. 创建web内容目录
编辑webcontent.yml
--- - name: set web content hosts: dev tasks: - name: create directory file: path: /webdev state: directory group: webdev mode: "2775" setype: "httpd_sys_content_t" - name: create soft link file: src: /webdev dest: /var/www/html/webdev state: link - name: set web content copy: content: Development dest: /webdev/index.html setype: "httpd_sys_content_t" - name: start httpd service service: name: httpd state: started enabled: yes - name: set firewalld firewalld: service: http permanent: yes immediate: yes state: enabled
12. 生成硬件报告
编辑hwreport.yml
--- - name: create hw report hosts: all vars: hardware: - hw_name: HOST hw_info: "{{ ansible_hostname }} " - hw_name: MEMORY hw_info: "{{ ansible_memtotal_mb }} " - hw_name: BIOS hw_info: "{{ ansible_bios_version }} " - hw_name: DISK_SIZE_VDA hw_info: "{{ ansible_devices.vda.size | default('NONE') }} " - hw_name: DISK_SIZE_VDB hw_info: "{{ ansible_devices.vdb.size | default('NONE') }} " tasks: - name: get empty from url get_url: url: http://rhgls.domainx.example.com/materials/hwreport.empty dest: /root/hwreport.txt - name: set hw report content lineinfile: path: /root/hwreport.txt regexp: "^{{ item.hw_name }} =" line: "{{ item.hw_name }} ={{ item.hw_info }} " loop: "{{ hardware }} "
13. 使用ansible-vault
编辑secret.txt
pw_developer: Imadev pw_manager: Imamgr
编辑locker.txt
使用ansible-vault
ansible-vault encrypt --vault-id=secret.txt locker.yml
14. 批量添加用户role
编辑users.yml
--- - name: create user on dev and test hosts: dev,test vars_files: - locker.yml - user_list.yml tasks: - name: create group group: name: devops state: present - name: create user user: name: "{{ item.name }} " password: "{{ pw_developer | password_hash('sha512','mysecretsalt') }} " expires: "{{ item.password_expire_MAX }} " groups: devops loop: "{{ users }} " when: item.job == 'developer' - name: create user on prod hosts: prod vars_files: - locker.yml - user_list.yml tasks: - name: create group group: name: opsmgr state: present - name: create user user: name: "{{ item.name }} " password: "{{ pw_manager | password_hash('sha512','mysecretsalt') }} " expires: "{{ item.password_expire_MAX }} " groups: opsmgr uid: 6666 loop: "{{ users }} " when: item.job == 'manager'
15. 重新设置ansible vault密码
下载salaries.yml然后
ansible-vault rekey salaries.yml
修改即可
16. 创建定时任务
编辑cron.yml
--- - name: set cron hosts: all tasks: - user: name: natasha state: present - cron: user: natasha job: 'Logger "EX294 in progress"' minute: "*/2"
wechat
alipay
