2019-06-11-Linux服务配置03
目录
1. 使用Squid部署代理缓存服务 1.1 Squid 替代用户向网站服务器请求页面数据并进行缓存,当用户再次再请求相同数据,则可以将存储服务器本地数据交付给用户,减少了用户等待时间,支持HTTP、FTP、SSL等多种协议 1.2 Squid分为正向代理 与 反向代理:
正向代理: 用户(局域网)-> Squid-> 网站资源,以及基于ACL功能对用户访问网站进行限制,具体分为标准代理模式 与 透明代理模式。
标准模式: 把网站数据缓存到本地服务器上,提高数据资源再次访问时的效率,但用户必须填写代理服务器IP与端口; 透明模式: 不需要填写代理IP和端口号,是由DHCP服务器将网络配置信息分配给客户端主机;
反向代理:让多节点主机反向缓存网站数据 服务器机房(多节点主机->Squid服务器->Internet->公网用户)
1.4 测试设备:
Squid服务器(内网卡:仅主机模式192.168.37.10,外网卡:桥接模式DHCP )
Windows客户端主机(网卡:仅主机模式192.168.37.20 )
1.5 文件配置 1 2 3 4 5 6 7 8 9 10 11 12 13 [root@xy ~]# vim /etc/squid/squid.conf enable squid ln -s '/usr/lib/systemd/system/squid.service' '/etc/systemd/system/multi-user.target.wants/squid.service'
1.6 标准正向代理(IP: 192.168.37.10:3128) 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 [root@xy ~]# semanage port -l | grep squid_port_t
1.7 透明模式
没有配置DHCP服务的话,设置客户端地址192.168.10.20
1 [root@xy ~]# iptables -F
实现DNS地址解析服务53端口的数据转发功能(SNAT), -o 匹配外网网卡流出的流量
1 2 3 4 5 6 7 8 9 [root@xy ~]# iptables -t nat -A POSTROUTING -p udp --dport 53 -o eno33554968 -j MASQUERADecho "net.ipv4.ip_forwrad=1" >> /etc/sysctl.conf
SNAT 设置对网站80端口请求转发至Squid服务器本地3128端口
1 2 [root@xy ~]# iptables -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
1.8 反向代理模式 1 2 3 [root@xy ~]# vim /etc/squid/squid.conf
2. 使用iSCSI(Internet Small Computer System Interface)
IDE(成熟稳定, 价格便宜并行传输接口)
SATA(传输速度更快, 数据校验更完整串行传输接口)
SCSI(计算机和硬盘, 光驱等设备间系统级接口通用标准; 系统资源占用率低, 转速快, 传输速度快)
基于TCP/IP协议和SCSI接口协议的iSCSI是将SCSI接口与以太网技术结合的新型存储技术,可以来在网络中传输SCSI接口命令和数据;
需要网卡传输, iSCSI-HBA网卡, 该网卡连接SCSI接口或者FC(光纤通道)总线和内存, 用于主机之间交换存储数据;
2.1 配置iSCSI服务端 2.1.2 创建RAID 5磁盘阵列: 1 2 [root@xy ~]# mdadm -Cv /dev/md0 -n 3 -l 5 -x 1 /dev/sdb /dev/sdc /dev/sdd /dev/sde
2.1.3 安装iSCSI服务端(192.168.37.1): 1 2 3 4 [root@xy ~]# yum -y install targetd targetcli enable targetd ln -s '/usr/lib/systemd/system/targetd.service' '/etc/systemd/system/multi-user.target.wants/targetd.service'
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 [root@xy ~]# targetcli help on commands, type 'help' . ls cd /backstores/block cd ls cd iscsi cd iqn.2003-01.org.linux-iscsi.xy.x8664:sn.ca5dd98d2e7d/ ls cd tpg1/luns cd .. cd acls for iqn.2003-01.org.linux-iscsi.xy.x8664:sn.ca5dd98d2e7d:client cd .. cd portals ls exit true in /etc/target/backup.
2.1.4 配置Linux iSCSI客户端 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 [root@xy ~]# yum install iscsi-initiator-utilsmkdir /iscsi "b6b6d578-3ba5-450b-b967-d1a81a71d600" TYPE="xfs" "b6b6d578-3ba5-450b-b967-d1a81a71d600 /iscsi xfs defaults,_netdev 0 0 [root@xy ~]# iscsiadm -u # 卸载网络设备
2.1.5 配置Windows iSCSI客户端
系统安全->管理工具->iSCSI发起程序->目标填写iSCSI服务端IP->快速连接->配置->更改->填写服务端ACL所定义的名称
3. 使用MariaDB数据库管理系统 1 2 3 4 [root@xy ~]# yum -y install mariadb mariadb-server enable mariadb ln -s '/usr/lib/systemd/system/mariadb.service' '/etc/systemd/system/multi-user.target.wants/mariadb.service'
3.1 数据库初始化
命令
作用
eg.
set
设置密码
set password=password(‘123456’);
show
展示数据库, 表, 权限
show databases;
—
—
show tables;
—
—
show grants for anyue@localhost;
use
指定使用数据库
use anyue;
grant
授予权限
grant 权限 on 库名.表名 to 用户名@主机名;
revoke
移除权限
revoke 权限 on 库名.表名 from 用户名@主机名;
create
创建数据库, 用户, 表单
create database anyue;
—
—
create user anyue@localhost identified by ‘123456’;
—
—
create table mybook (name char(15),price int,pages int);
insert
增(增加表单数据)
insert into mybook(name,price,pages) values(‘ES’,’60’,’10’);
update
改(改动表单数据)
update 表单 set attr=新值 where attr=初值;
—
—
update mybook set price=55;
delete
删(删除表单数据)
delete form 表单名 where atrr=值;
select
查(表单数据)
select user,host,password from user where=’anyue’;
—
—
select * from mybook where price>75;
—
—
select name,price from mybook;
describe
描述表单(desc)
desc mybook;
drop
删数据库,表,用户
drop anyue;
alter
修改表描述
alter table 表单名
—
—
alter table mybook add(字段名1 字段类型1,…);
—
—
a lter table mybook modify 字段名1 字段类型1;
—
—
alter table mybook drop 字段名;
—
—
alter table mybook 原表名 rename to 新表名;
mysqldump
备份数据库
mysqldump -uroot -p anyue >/root/anyue.dump
—
还原数据库
mysql -uroot -p anyue </root/anyue.dump
like
模糊查询
% 或者 _
1 2 3 4 5 6 [root@xy ~]# mysql: emp,dept,salgrate
3.2 基本操作 mysql参考
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 [root@xy ~ ]# mysql - uroot - p # 进入数据库 none )]> show databases; # show databses 显示数据库+ | Database | + | information_schema | | mysql | | performance_schema | + 3 rows in set (0.03 sec) none )]> set password = password('123456' ); # 修改密码 none )]> alter user 'root' @'localhost' identified by '123456' ; none )]> alter database testdb character set utf8;none )]> create user anyue@localhost indentified by '123456' ; 0 rows affected (0.00 sec) create user 用户名@主机名 identified by 'PASSWORD' none )]> use mysql;> select user ,host,password from user where user = 'anyue' ; # 选择用户 + | user | host | password | + | anyue | localhost | * 6 BB4837EB74329105EE4568DDA7DC67ED2CA2AD9 | + 1 row in set (0.00 sec) none )]> quit;
3.3 授予权限操作 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 [root@xy ~ ]# mysql - uanyue - p # mysql - uusername - p none )]> show databases;+ | Database | + | information_schema | + 1 row in set (0.01 sec) none )]> quit; + GRANT 权限 ON 数据库.表单名称 TO 账户名@主机名 # 授予权限 GRANT + GRANT 权限 ON 数据库.* TO 账户名@主机名 + GRANT 权限 ON * .* TO 账户名@主机名 + GRANT 权限1 ,权限2 ON 数据库.* TO 账户名@主机名 + GRANT ALL PRIVILEGES ON * .* TO 账户名@主机名 @xy ~ ]# mysql - u root - p none )]> grant select ,update ,delete ,insert on mysql.user to anyue@localhost ; # 赋予anyue权限 none )]> show grants for anyue@localhost ; # 查看anyue权限 + | Grants for anyue@localhost | + | GRANT USAGE ON * .* TO 'anyue' @'localhost' IDENTIFIED BY PASSWORD '*6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9' | | GRANT SELECT , INSERT , UPDATE , DELETE ON mysql.user TO 'anyue' @'localhost' | + 2 rows in set (0.00 sec) none )]> quit
3.4 移除权限操作 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 [root@xy ~ ]# mysql - uanyue - p none )]> show databases;+ | Database | + | information_schema | | mysql | + 2 rows in set (0.01 sec) none )]> use mysql; > show tables;+ | Tables_in_mysql | + | user | + 1 row in set (0.01 sec) none )]> quit; @xy ~ ]# mysql - uroot - p none )]> use mysql;> revoke select ,update ,delete ,insert on mysql.user from anyue@localhost ; # 移除对anyue的授权 REVOKE none )]> revoke select ,update ,insert ,delete on mysql.user from xy@localhost ;none )]> revoke all privileges on * .* from anyue@localhost ;0 rows affected (0.01 sec) > show grants for anyue@localhost ;+ | Grants for anyue@localhost | + | GRANT USAGE ON * .* TO 'anyue' @'localhost' IDENTIFIED BY PASSWORD '*6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9' | + 1 row in set (0.01 sec) none )]> quit;
3.5 数据库 表单操作
CREATE DATABASE 数据库名称
DESCRIBE 表单名称(DESC)
UPDATE 表单名称 SET attribute=新值 WHERE attribute=旧值
USE 数据库名称
SHOW databases # 显示当前已有的数据库
SHOW tables # 显示当前数据库中的表单
SELECT * FROM 表单名称
DELETE FROM 表单名 WHERE attribute=值
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 [root@xy ~ ]# mysql - u root - p none )]> create database mybook; # 创建数据库xy 1 row affected (0.01 sec) none )]> show databases; + | Database | + | information_schema | | mysql | | performance_schema | | mybook | + 4 rows in set (0.02 sec) none )]> use mybook; > create table mybook (name char (15 ),price int ,pages int ); # 创建表单 0 rows affected (0.03 sec) > desc mybook; # desc mybook; + | Field | Type | Null | Key | Default | Extra | + | name | char (15 ) | YES | | NULL | | | price | int (11 ) | YES | | NULL | | | pages | int (11 ) | YES | | NULL | | + 3 rows in set (0.02 sec) > insert into mybook(name,price,pages) values ('MC' ,'60' ,'518' ); # 往表单mybook插入数据> select * from mybook; # 选择表单内容 + | name | price | pages | + | MC | 60 | 518 | + 1 row in set (0.00 sec) > update mybook set price= 55 ; # 更新表单内容 1 rows affected (0.01 sec) Rows matched: 1 Changed: 1 Warnings: 0 > select name,price from mybook; + | name | price | + | MC | 50 | + 1 rows in set (0.01 sec) > delete from mybook; 1 rows affected (0.01 sec) > selete * from mybook; Empty set (0.01 sec) none )]> quit;
3.6 数据库where命令 =、<>或!=、>、<、>= 大于或等于、<= 小于或等于
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 [root@xy ~ ]# mysql - u root - p> select * from mybook; + | name | price | pages | + | ShenQu | 58 | 800 | | MC | 60 | 518 | | Baoliandeng | 70 | 65 | | xy | 45 | 83 | | xy1 | 45 | 83 | + 5 rows in set (0.00 sec) > select * from mybook where price> 45 ; + | name | price | pages | + | ShenQu | 58 | 800 | | MC | 60 | 518 | | Baoliandeng | 70 | 65 | + 3 rows in set (0.00 sec) > select * from mybook where price!= 60 ; + | name | price | pages | + | ShenQu | 58 | 800 | | Baoliandeng | 70 | 65 | | xy | 45 | 83 | | xy1 | 45 | 83 | + 4 rows in set (0.01 sec) none )]> quit;
3.7 数据库的备份mysqldump 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 [root@xy ~ ]# mysqldump - uroot - p xy > / root/ xy.dump @xy ~ ]# mysql - uroot - pnone )]> drop database xy; 1 row affected (0.03 sec) none )]> show databases; + | Database | + | information_schema | | mysql | | performance_schema | + 3 rows in set (0.01 sec) none )]> create database xy; 1 row affected (0.01 sec) none )]> quit;
3.8 数据库还原 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 [root@xy ~ ]# mysql - uroot - p xy < / root/ xy.dump # xy 是 数据库,不是密码@xy ~ ]# mysql - uroot - p none )]> use xy;> show tables;+ | Tables_in_xy | + | mybook | + 1 row in set (0.00 sec) > desc mybook; + | Field | Type | Null | Key | Default | Extra | + | name | char (15 ) | YES | | NULL | | | price | int (11 ) | YES | | NULL | | | pages | int (11 ) | YES | | NULL | | + 3 rows in set (0.01 sec) none )]> quit;
练习: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 [root@Xingyue ~ ]# mysql - uroot - p none )]> show databases; + | Database | + | information_schema | | mysql | | performance_schema | + 3 rows in set (0.00 sec) none )]> grant all privileges on * .* to anyue@localhost identified by '123456' none )]> grant all privileges on * .* to root@localhost identified by '123456' none )]> grant all privileges on * .* to root@127 .0 .0 .1 identified by '123456' none )]> use mysql; none )]> select user ,host,password from mysql.user;+ | user | host | password | + | root | localhost | * 6 BB4837EB74329105EE4568DDA7DC67ED2CA2AD9 | | root | 127.0 .0 .1 | * 6 BB4837EB74329105EE4568DDA7DC67ED2CA2AD9 | | root | ::1 | * 6 BB4837EB74329105EE4568DDA7DC67ED2CA2AD9 | | anyue | 127.0 .0 .1 | * 6 BB4837EB74329105EE4568DDA7DC67ED2CA2AD9 | + 4 rows in set (0.00 sec)
binlog日志 1 2 3 4 [root@xy ~ ]# vim / etc/ my.cnf - bin= mysql- bin # 开启二进制日志, 只记录增删改 @xy ~ ]# mysqlbinlog @xy ~ ]# mysqlbinlog
MySQL主从备份(备份,负载均衡): 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 [root@xy ~ ]# vim / etc/ my.cnf 192.168 .10 .10 - bin= mysql.bin - id= 10 > grant replication slave on * .* to slave@'192.168.10.20' identified by '123456' ;> show master status; # replication 拷贝+ | Fiel | Position | Binlog_Do_DB | Binglog_Ignore_DB | + | mysql- bin.000003 | 257 | | | + 192.168 .10 .20 - bin= mysql.bin - id= 20 > change master to - > master_user= 'slave' ,- > master_password= '123456' ,- > master_host= '192.168.10.10' ,- > master_log_file= 'mysql-bin.000003' ,- > master_log_pos= 257 ;> start slave;> show slave status;
MySQL主主备份(均摊写压力):
在主从备份的基础上如下操作
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 [root@xy ~]# vim /etc/my.cnf test 'slave' ,'123456' ,'192.168.10.20' ,'mysql-bin.000004' ,test '192.168.10.10' identified by '123456' ;
4.1 使用PXE+Kickstat无人值守安装服务
PXE(Preboot eXecute Environment) —预启动执行环境,可以让计算机通过网络来启动操作系统,主要用于在无人值守安装系统中引导客户端安装Linux操作系统 Kickstat无人值守安装方式 ,预先把手工填写参数保存为ks.cfg 文件,安装过程自动匹配Kickstat生成的文件 DHCP + vsftp + tftp + Kickstart
4.2 DHCP服务程序配置 (192.168.37.10 无人值守系统服务器IP) 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 [root@xy ~]# yum install dhcp"pxelinux.0" ; enable dhcpd ln -s '/usr/lib/systemd/system/dhcpd.service' '/etc/systemd/system/multi-user.target.wants/dhcpd.service'
4.3 TFTP服务程序配置,为客户机提供引导及驱动文件,默认占用端口 69/UDP 1 2 3 4 5 6 7 [root@xy ~]# yum install tftp-serverdisable = no
4.4 SYSLinux服务程序配置, 提供引导加载服务程序 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 [root@xy ~]# yum install syslinux cd /var/lib/tftpboot/cp /usr/share/syslinux/pxelinux.0 .cp /media/cdrom/images/pxeboot/{vmlinuz,initrd.img} .cp /media/cdrom/isolinux/{vesamenu.c32,boot.msg} .mkdir pxelinux.cfg cp /media/cdrom/isolinux/isolinux.cfg pxelinux.cfg/default ls
4.5 vsftp服务程序配置,光盘镜像通过FTP协议传输 1 2 3 4 5 6 7 8 9 10 [root@xy ~]# yum install vsftpd enable vsftpdln -s '/usr/lib/systemd/system/vsftpd.service' '/etc/systemd/system/multi-user.target.wants/vsftpd.service' cp -r /media/cdrom/* /var/ftp
4.6 创建应答文件Kickstart 1 2 3 4 5 6 7 8 [root@xy ~]# cp ~/anaconda-ks.cfg /var/ftp/pub/ks.cfg chmod +r /var/ftp/pub/ks.cfg
DHCP : 给未安装操作系统的机子分配静态IP, 并加载引导驱动文件 pxelinux.0; tftp (基于 UDP 文件传输协议): 为客户机提供引导及驱动文件; SYSLinux : 复制引导文件 pxelinux.0 到TFTP 默认目录中, 创建 /pxelinux.cfg/defalut 文件; vsftp : 将光盘镜像挂载到 media/cdrom, 复制到 vsftp 工作目录;创建 Kickstart 应答文件: /var/ftp/pub/ks.cfg
4.1 Cobbler 无人值守安装服务 1 2 [root@localhost ~]# systemctl disable firewalld.service
4.2 安装配置Cobbler 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 [root@xy ~]# yum -y instal epel-release enable httpd enable cobblerd enable rsyncd "sid" ; "加密字符串"
4.3配置tftp服务 1 2 3 4 5 6 7 8 9 10 [root@localhost ~]# yum install xinetd enable xinetd enable tftpsync
4.4配置DHCP服务 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 [root@xy ~]# yum install dhcp "chinasoft.com" ; local 7;"pxelinux.0" ; enable dhcpd sync
4.5导入镜像 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 [root@xy ~]# mkdir /mnt/cdrom/ && mount -t iso9660 /dev/cdrom /mnt/cdrom "CentOS7.6" "CentOS6.8" mv centos7-x86_64.cfg centos6-x86_64.cfg /var/lib/cobbler/kickstarts "image link" $default_password_crypted sync
