生成私钥
ssh-keygen
两种方法,一种直接copy-id到客户端
ssh-copy-id root@10.0.0.203
另外一种方法,copy-id到服务器,再由服务器下发公钥到客户端
ssh-copy-id root@10.0.0.202
scp .ssh/authorized_keys root@10.0.0.203:/root/.ssh/
二、编译安装dropbear实现SSH登陆node
源码编译安装:
• 1、安装开发包组:yum groupinstall “Development tools”
• 2、下载dropbear
wget https://matt.ucc.asn.au/dropbear/dropbear-2019.78.tar.bz2
• 3、tar xf dropbear-2019.78.tar.bz2
• 4、less INSTALL README
• 5、./configure --prefix=/usr/lib/dropbear --sysconfdir=/etc/dropbear
• 6、make PROGRAMS="dropbear dbclient dropbearkey dropbearconvert scp"
• 7、make PROGRAMS="dropbear dbclient dropbearkey dropbearconvert scp" install
启动ssh服务:
• 8、ls /usr/local/sbin/ /usr/local/bin/
• 9、/usr/lib/dropbear/sbin/dropbear -h
• 10、mkdir /etc/dropbear
• 11、/usr/lib/dropbear/bin/dropbearkey -t rsa -f /etc/dropbear/dropbear_rsa_host_key -s 2048
• 12、/usr/lib/dropbear/bin/dropbearkey -t dss -f /etc/dropbear/dropbear_dsa_host_key
• 13、/usr/lib/dropbear/sbin/dropbear -p :2222 -F –E #前台运行
/usr/lib/dropbear/sbin/dropbear -p :2222 #后台运行
客户端访问:
• 14、ssh -p 2222 root@127.0.0.1
• 15、dbclient -p 2222 root@127.0.0.1 # ../bin/dbclient至关于ssh客户端
三、实现单个用户及用户组使用sudo执行全部命令python
visudo
增长一行
magedu ALL=(ALL) ALL
magedu为用户名 ,ALL表示能够在全部机器上能够在本机上登陆,(ALL)表示表明以谁的身份执行ALL表示为全部人 最后一个ALL 表示能够执行全部命令 也能够指定具体命令,如/usr/bin/ls /
%group ALL=(ALL) ALL
%group为组名,表示属于这组的用户拥有的sudo权限
四、简述rsync用于那些场景,并对比scp有什么优势?react
scp拷贝时,会将全部文件一次性拷贝到目标路径,不管文件是否已存在、是否存在变化,这样将会浪费时间和网络资源
利用rsync复制的时候能够实现一个增量的复制,rsync在复制前,会对比文件是否存在和是否存在变化,若是文件相同则不会复制,只复制不一样的文件,这样就节约时间和带宽,适用于文件同步,网站更新类,大量文件复制等操做
五、搭建DHCP服务,实现自动获取ip地址linux
yum install -y dhcp
rpm -ql dhcp
cp /usr/share/doc/dhcp-4.2.5/dhcpd.conf.example /etc/dhcp/dhcpd.conf
vim /etc/dhcp/dhcpd.conf
修改全局变量也能够
option domain-name "magedu"; # dhcp显示名称
option domain-name-servers 114.114.114.114, 8.8.8.8; # dns
default-lease-time 600; # 最小租约时间
max-lease-time 7200; # 最大租约时间
在做用域修改变量也能够,若是做用域有变量,就优先生效
subnet 10.0.0.0 netmask 255.255.255.0 {
range 10.0.0.100 10.0.0.120; # 分配地址范围
option domain-name-servers ns1.internal.example.org; # 若是使用全局变量,这行删掉
option domain-name "internal.example.org"; # 若是使用全局变量,这行删掉
option routers 10.0.0.1; # 默认网关
option broadcast-address 10.0.0.255;
default-lease-time 600; # 若是使用全局变量,这行删掉
max-lease-time 7200; # 若是使用全局变量,这行删掉
}
检查语法
dhcpd configtest
启动服务
systemctl start dhcpd
关闭其余dhcp服务,启动客户机,在服务器上查看dhcp分配记录
cat /var/lib/dhcpd/dhcpd.leases
在客户机上,查看dhcp信息
cat /var/lib/dhclient/dhclient.leases
六、搭建PXE实现自动化安装系统ios
配置Centos7基于PXE的自动安装
安装前准备:关闭防火墙和SELINUX,DHCP服务器静态IP
安装软件包
httpd tftp-server dhcp syslinux system-config-kickstart
配置文件共享服务:
systemctl enable httpd
systemctl start httpd
mkdir /var/www/html/centos/{6,7}/os/x86_64 -p
mount /dev/sr0 /var/www/html/centos/7/os/x86_64/
准备kickstart文件
cp /root/anaconda-ks.cfg /var/www/html/ks/centos7.cfg
/var/www/html/ks/centos7.cfg 注意:权限
经过system-config-kickstart制做也能够,经过anaconda-ks.cfg修改也能够
cdrom 修改为 url --url=http://10.0.0.202/centos/7/os/x86_64/
graphical 修改为 text
# System services下 添加禁用防火墙和selinux
firewall --disabled
selinux --disabled
# System bootloader configuration 修改网卡名称eth
bootloader --append="net.ifnames=0 biosdevname=0" --location=mbr
# Partition clearing information 须要清空mbr和初始化硬盘
clearpart --all --initlabel
zerombr
reboot
# Disk partitioning information 分区策略按需
%packages 按需
%post 安装后脚本,按需
mkdir /etc/yum.repos.d/bak
mv /etc/yum.repos.d/*.repos /etc/yum.repos.d/bak
cat >/etc/yum.repos.d/base.repo<<EOF
[base]
name=localyum
baseurl=http://10.0.0.7/centos/6/os/x86_64/
gpgcheck=0
EOF
echo 'PS1="\[\e[1;33m\][\u@\h \w]\\$\[\e[0m\]"'>> /etc/profile.d/env.sh
# add new user
useradd magedu
echo 123456|passwd --stdin magedu
# add ssh keygen
mkdir /root/.ssh
cat > /root/.ssh/authorized_keys<<EOF
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCrNp5n3YV8n3PL1NxccKhlN/WEGFLkmcNgR76UIqOZNmJ333l8equemgR7uCEMG4PgefSj7tlPupaEbGoJn+dP12zLwOBSznWHKmci4RGxnN0mDmr8erRkoT4I/DLS7KkIi6SvfWcTA6NgTGWUQALeVIbKHYx7o4YlKhWaoZNDJnVlvAWshXKJlLj5u51m/zl+JY15HATFnFRnT5MQd+DCqMZZFIa+ntXh3ruuJRs5PN7O58U9DUfHJW+8IGiA0luaw3qWIvvJyGhnfA85fHQ/EiXcHT41s7pXp+vy93AfXw8zi18QKT5zP+EnpGkqH2eBOpkPRylyfdWPctic+g2f root@linux-node2-202
EOF
chmod 700 /root/.ssh
chmod 600 /root/.ssh/authorized_keys
%end
配置tftp服务
systemctl enable tftp.socket
systemctl start tftp.socket
配置DHCP服务
vim /etc/dhcp/dhcpd.conf
option domain-name "example.com";
default-lease-time 600;
max-lease-time 7200;
subnet 192.168.100.0 netmask 255.255.255.0 {
range 192.168.100.1 192.168.100.200;
filename "pxelinux.0";
next-server 192.168.100.100;
}
systemctl enable dhcpd
systemctl start dhcpd
准备启动相关文件
mkdir /var/lib/tftpboot/pxelinux.cfg/
cp /usr/share/syslinux/{pxelinux.0,menu.c32} /var/lib/tftpboot/
cp /misc/cd/isolinux/{vmlinuz,initrd.img} /var/lib/tftpboot/ # 关键文件
cp /misc/cd/isolinux/isolinux.cfg /var/lib/tftpboot/pxelinux.cfg/default # 启动菜单
文件列表以下:
/var/lib/tftpboot/
├── initrd.img
├── menu.c32
├── pxelinux.0
├── pxelinux.cfg
│ └── default
└── vmlinuz
准备启动菜单
Vim /var/lib/tftpboot/pxelinux.cfg/default
default menu.c32
timeout 600
menu title PXE INSTALL MENU
label auto
menu label Auto Install CentOS 7
kernel vmlinuz
append initrd=initrd.img ks=http://192.168.100.100/ks/centos7.cfg
label manual
menu label Manual Install CentOS 7
kernel vmlinuz
append initrd=initrd.img inst.repo=http://192.168.100.100/centos/7
label local
menu default
menu label ^Boot from local drive
localboot 0xffff
到此,centos7的基于PXE的自动安装就准备完成
配置Centos6基于PXE的自动安装
安装前准备:关闭防火墙和SELINUX,DHCP服务器静态IP
1 安装相应软件包
yum install dhcp httpd tftp-server syslinux
chkconfig tftp on
chkconfig xinetd on
chkconfig httpd on
chkconfig dhcpd on
service httpd start
service xineted start
2 准备Yum 源和相关目录
mkdir -pv /var/www/html/centos/{6,ks}
mount /dev/sr0 /var/www/html/centos/6
3 准备kickstart文件
/var/www/html/centos/ks/centos6.cfg
cp /root/anaconda-ks.cfg /var/www/html/ks/centos6.cfg
vim /var/www/html/ks/centos6.cfg
url --url=http://10.0.0.7/centos/6/os/x86_64
text
reboot
firewall --disabled
selinux --disabled
clearpart --all
zerombr
#repo --name="CentOS" --baseurl=cdrom:sr0 --cost=100
#安装包按需
#安装后脚本按需
注意权限:
chmod 644 /var/www/html/centos/ks/centos6.cfg
4 准备相关的启动文件
mkdir /var/lib/tftpboot/pxelinux.cfg/
cp /usr/share/syslinux/pxelinux.0 /var/lib/tftpboot/
cd /misc/cd/images/pxeboot/
cp vmlinuz initrd.img /var/lib/tftpboot
Cd /misc/cd/isolinux/
cp boot.msg vesamenu.c32 splash.jpg /var/lib/tftpboot
5 准备启动菜单文件
cp /misc/cd/isolinux/isolinux.cfg /var/lib/tftpboot/pxelinux.cfg/default
vim /var/lib/tftpboot/pxelinux.cfg/default
default vesamenu.c32 指定菜单风格
#prompt 1
timeout 600
display boot.msg
menu background splash.jpg
menu title Welcome to wang CentOS 6
menu color border 0 #ffffffff #00000000
menu color sel 7 #ffffffff #ff000000
menu color title 0 #ffffffff #00000000
menu color tabmsg 0 #ffffffff #00000000
menu color unsel 0 #ffffffff #00000000
menu color hotsel 0 #ff000000 #ffffffff
menu color hotkey 7 #ffffffff #ff000000
menu color scrollbar 0 #ffffffff #00000000
label auto
menu label ^Automatic Install Centos6
kernel vmlinuz
append initrd=initrd.img ks=http://192.168.100.100/centos/ks/centos6.cfg
label manual
menu label ^Manual Install Centos
kernel vmlinuz
append initrd=initrd.img inst.repo=http://192.168.100.100/centos/6
label local
menu default
menu label Boot from ^local drive
localboot 0xffff
目录结构以下:
tree /var/lib/tftpboot/
/var/lib/tftpboot/
├── boot.msg
├── initrd.img
├── pxelinux.0
├── pxelinux.cfg
│ └── default
├── splash.jpg
├── vesamenu.c32
└── vmlinuz
6 配置dhcp服务
cp /usr/share/doc/dhcp-4.1.1/dhcpd.conf.sample /etc/dhcp/dhcpd.conf
vim /etc/dhcp/dhcpd.conf
option domain-name "magedu.com";
option domain-name-servers 192.168.100.1;
subnet 192.168.100.0 netmask 255.255.255.0 {
range 192.168.100.1 192.168.100.200;
option routers 192.168.100.1;
filename "pxelinux.0";
next-server 192.168.100.100;
}
service dhcpd start
配置基于PEX的Centos6和Centos7的自动安装
挂载六、7的安装文件到相应目录
添加新光驱
scandisk
lsblk
mount /dev/cdrom /www/html/centos/6/os/x86_64/
mount /dev/cdrom1 /www/html/centos/7/os/x86_64/
拷贝应答文件ks6-mini.cfg到相关目录
cp ks6-mini.cfg /var/www/html/centos/6/ks6-mini.cfg
在tftpboot文件夹下新建linux6和Linux7两个目录
mkdir /var/lib/tftpboot/linux{6,7}
将7的关键文件拷贝到linux7目录下
mv vmlinuz initrd.img linux7
将6的关键文件拷贝到linux6下
cp /var/www/html/centos/6/os/x86_64/isolinux/{vmlinuz,initrd.img} linux6/
修改启动菜单
vim /var/lib/tftpboot/pxelinux.cfg/default
default menu.c32
timeout 600
menu title PXE INSTALL MENU
label auto
menu label ^Auto Install CentOS 7
kernel linux7/vmlinuz
append initrd=linux7/initrd.img ks=http://10.0.0.7/centos/7/ks7-mini.cfg
label manual
menu label ^Auto Install CentOS 6
kernel linux6/vmlinuz
append initrd=linux6/initrd.img ks=http://10.0.0.7/centos/6/ks6-mini.cfg
label local
menu default
menu label ^Boot from local drive
localboot 0xffff
七、搭建Cobbler实现自动化安装系统web
cobbler安装
安装epel源
yum install epel-release
yum install cobbler dhcp
设置相关服务为开机自启
systemctl enable httpd dhcpd tftp cobblerd
配置cobbler服务
systemctl start cobblerd tftp httpd
cobbler check
按照提示依次修改配置就能够完成整个自动安装的配置
1.vim /etc/cobbler/settings
384行,修改127.0.0.1为服务器真实ip
2.vim /etc/cobbler/settings
272行,修改next_server为真实ip
3.vim /etc/cobbler/settings
101行,default_password_crypted: "$1$fx2SC2oE$Voz8JG3zk1dGxAvsNoH0w."
用openssl passwd -1生成新口令,将新口令替换默认口令
4.vim /etc/cobbler/settings
242行,manage_dhcp: 0 修改成1 cobbler自动配置dhcp
5.根据提示安装pykickstart
yum install pykickstart
6.使用cobbler get-loaders下载相关配置文件
自动下载文件到/var/lib/cobbler/loaders
执行cobbler sync,同步/var/lib/cobbler/loaders的文件到/var/lib/tftpboot/下
7.修改cobbler dhcp模板文件
rpm -ql cobbler|grep dhcp
vim `rpm -ql cobbler|grep dhcp`
把网段、ip相关信息修改为正确的
8.重启cobbler服务
systemctl restart cobbler
9.cobbler sync从新同步,就会同时修改并启动dhcp服务
定义应答文件和yum源
cobbler import光盘就能够自动生成应答文件和yum源
cobbler import --help
Options:
-h, --help show this help message and exit
--arch=ARCH OS architecture being imported # 32/64位
--breed=BREED the breed being imported
--os-version=OS_VERSION
the version being imported
--path=PATH local path or rsync location # 来源路径
--name=NAME name, ex 'RHEL-5' # 菜单选项名称
--available-as=AVAILABLE_AS
tree is here, don't mirror
--kickstart=KICKSTART_FILE # 应答文件
assign this kickstart file
--rsync-flags=RSYNC_FLAGS
pass additional flags to rsync
cobbler import --path=/mnt --name=Centos-7.5-x86_64 --arch=x86_64
会将光盘等内容复制到/var/www/cobbler/ks_mirror/定义的文件名/ 这个路径下
du -sh /var/www
tree -d -L 2 /var/www/
/var/www/
├── cgi-bin
├── cobbler
│ ├── images
│ ├── ks_mirror
│ ├── links
│ ├── localmirror
│ ├── misc
│ ├── pub
│ ├── rendered
│ ├── repo_mirror
│ └── svc
└── html
再生成个centos6的
cobbler import --path=/mnt --name=Centos-7.5-x86_64 --arch=x86_64
cobbler sync同步
cat /var/lib/tftpboot/pxelinux.cfg/default # 能够看到菜单已更新
自定义ks文件
不修改kickstart文件,cobbler会自动生成一个默认的最小化安装配置文件
若是须要自定义ks文件
须要将ks文件上传至/var/lib/cobbler/kickstarts/
可修改配置文件中的url
url --url=$tree
查看cobbler现有的源列表
cobbler distro list # 安装菜单选项
cobbler profile list # 安装方法列表
将cobbler菜单项与安装配置文件关联
cobbler profile add --name=Centos-7.5-x86_64-mini --distro=Centos-7.5-x86_64 --kickstart=/var/lib/cobbler/kickstarts/ks7-mini.cfg
cat /var/lib/tftpboot/pxelinux.cfg/default
能够看到刚才添加的菜单项
删除菜单
cobbler distro list
cobbler profile remove --name=菜单项中须要删除的列表名称
菜单更名
cobbler distro list
cobbler profile rename --name=xxx --newname=xxxx
图形配置cobbler
安装cobbler-web
yum install cobbler-web
配置文件
rpm -qc cobbler-web
/etc/httpd/conf.d/cobbler_web.conf
访问cobbler-web
https://10.0.0.202/cobbler_web
登录cobbler/cobbler
访问报500错误解决方法
缘由,Django版本不符
#下载pip.py
wget https://bootstrap.pypa.io/get-pip.py
#调用本地python运行pip.py脚本
python get-pip.py
#安装pip
pip install Django==1.8.9
#查看pip版本号
python -c "import django; print(django.get_version())"
#重启httpd
systemctl restart httpd
修改验证方式
vim /etc/cobbler/modules.conf
23 module = authn_configfile # 定义了验证方式
8 # authn_configfile -- use /etc/cobbler/users.digest (for basic setups) # 定义了文件路径
cat /etc/cobbler/users.digest
cobbler:Cobbler:a2d6bae81669d707b72c0bd9806e01f3 # 定义了用户名密码,中间大写的Cobbler是标识了做用域
新建用户
htdigest --help
htdigest /etc/cobbler/users.digest Cobbler admin # 在users.digest文件中的Cobbler域中新建admin帐号,域就是生效的软件
输入两遍密码,用新用户名密码登录
修改验证方式为PAM
vim /etc/cobbler/modules.conf
23 module = authn_configfile
module = authn_pam
同时,还会将用户文件放到/etc/cobbler/users.conf中
useradd -s /sbin/nologin cobbleradmin # 新建用户
echo 123456|passwd --stdin cobbleradmin
vim /etc/cobbler/users.conf
[admins]
admin = "cobbleradmin"
systemctl restart cobblord