实验拓扑要求
主机环境描述
注意:
- 172.25.250.101-172.25.250.105 共 5 个 IP 地址由servera.exam.com服务器进行提供。
- 172.25.250.106 由 serverb.exam.com 服务器进行提供。
需求描述
1. 172.25.250.101 主机上的 Web 服务要求提供 www.exam.com Web站点,该站点在任何路由可达
的主机上被访问,页面内容显示为 "Hello,Welcome to www.exam.com !",并提供
content.exam.com/yum/AppStream和content.exam.com/yum/BaseOS URL 作为网络仓库供所
有主机使用。
2. 172.25.250.102 主机提供基于Chronyd 的 NTP 服务将本主机作为时间服务器,对外提供 NTP 服
务,并设置本服务器为 3 层。
3. 172.25.250.103 主机提供的MySQL 数据库服务,要求使用需求1中提供的仓库进行安装,并将数据
库密码设定为 redhat。创建名称为 bbs 的数据库提供给论坛服务使用。
4. 172.25.250.104 主机提供 NFS 服务,该服务将导出本地的 /bbs 目录作为论坛数据目录,该导出指
定只能论坛所在主机使用,并且开机自动挂载。
5. 172.25.250.105 主机提供 DNS 服务,该服务需要提供对项目中所有主机名的正向和反向解析,并
要求所有服务器的 DNS 配置为该 DNS 服务器。
6. 172.25.250.106 主机提供基于 Discuz 的论坛服务,该论坛服务使用 172.25.250.103 主机提供的数
据库 bbs,使用 172.25.250.104 主机提供的 NFS 作为论坛数据目录,并开机挂载。并使用
172.25.250.101 主机提供的网络仓库,172.25.250.102 主机提供的 NTP 服务,172.25.250.105 主
机提供的 DNS 服务。
7. 所有服务器的防火墙服务和 SELinux 服务必须开启。
8. 所有服务器提供的网络服务必须在系统重启后仍然可以正常提供服务。
9. 根据所有服务的相关代码,编写一键部署shell脚本,最基础的功能为 通过执行该脚本实现所有上面
所有需求,要求脚本必须在 servera.exam.com 主机上运行,并支持多次运行。
解答
环境准备:首先准备两台虚拟机,然后手动将两台虚拟机上的IP都修改为题目要求的,并且在两台虚拟机之间相互直接配置ssh公钥认证实现无密码自动登录。并且将仓库的压缩包传到101主机的根目录下面。以便实现shell脚本的自动化运行。
1、要想实现题目中的网络仓库,就要先配置本地仓库,来下载dns,http进行域名解析,能够在网页中通过这个content.exam.com/yum/AppStream来访问到其文件目录。
#首先先配置本地仓库
#配置本地仓库的函数代码如下
bendi(){num=`/usr/bin/ls -l /mnt | grep "total" | cut -d" " -f2`if [ $num -eq 0 ];thenecho 'no mount'/usr/bin/mount /dev/sr0 /mntecho 'success mounted'elseecho 'is mounted'fi/usr/bin/cat>/etc/yum.repos.d/myrepo.repo<<"EOF"
[baseOS]
name=baseOS
baseurl=/mnt/BaseOS
gpgcheck=0
[appstream]
name=appstream
baseurl=/mnt/AppStream
gpgcheck=0
EOF
}#然后下载httpd,dns服务
xiazai(){/usr/bin/yum install httpd bind -y
systemctl start httpd
systemctl start namedsystemctl enable httpd
systemctl enable named
}
下载完服务后,就先配置web服务器,能够实现页面访问。并且要在本地hosts上面写主机名解析文件。其代码如下:
#Web服务
web(){
/usr/bin/mkdir /www
/usr/bin/mkdir /www/exam
/usr/bin/mkdir /www/exam/yum
host=`grep -o "172.25.250.101 www.exam.com" /etc/hosts`
if [ $? -eq 1 ];thenecho "172.25.250.101 www.exam.com" >> /etc/hosts
fi
echo "Hello,Welcome to www.exam.com" > /www/exam/index.html/usr/bin/cat>/etc/httpd/conf.d/vhost.conf<<"EOF"
<directory /www>
allowoverride none
require all granted
</directory>
<virtualhost 172.25.250.101:80>
documentroot /www/exam
servername www.exam.com
</virtualhost>
<directory /www/exam/yum>
Options Indexes FollowSymLinks
allowoverride none
require all granted
</directory>
EOF
}
2、配置DNS服务,能够正向反向解析。并且在172.25.250.106上面能够解析成功
#配置dns
dns(){
/usr/bin/cat>/etc/named.conf<<"EOF"
options {listen-on port 53 { 172.25.250.105; };directory "/var/named";
};zone "exam.com" IN {type master;file "named.exam";
};zone "250.25.172.in-addr.arpa" IN {type master;file "named.fanxiang";
};
EOF
/usr/bin/cat>/var/named/named.exam<<"EOF"
$TTL 1d
@ IN SOA @ admin.exam.com. (20240719011111)IN NS ns.exam.com.IN MX 10 mail.exam.com.
ns IN A 172.25.250.105
www IN A 172.25.250.101
content IN A 172.25.250.101
ntp IN A 172.25.250.102
mysql IN A 172.25.250.103
nfs IN A 172.25.250.104
dns IN A 172.25.250.105
bbs IN A 172.25.250.106
EOF
/usr/bin/cat>/var/named/named.fanxiang<<"EOF"
$TTL 1d
@ IN SOA @ admin.exam.com. (20240719011111)IN NS ns.exam.com.IN MX 10 mail.exam.com.
105 IN PTR ns
101 IN PTR content.exam.com.
101 IN PTR www.exam.com.
102 IN PTR ntp.exam.com.
103 IN PTR mysql.exam.com.
104 IN PTR nfs.exam.com.
105 IN PTR dns.exam.com.
106 IN PTR bbs.exam.com.
EOF
#其是将106主机的dns改成dns,使其能够进行正反解析
ssh root@172.25.250.106 << 'EOF'
nmcli connection modify ens160 ipv4.dns 172.25.250.105
nmcli connection up ens160
EOF
}
#重启服务
reloa(){systemctl restart namedsystemctl restart httpd
}
3、在101和106上分别创建网络仓库,使其能够在网页中访问。
#在101上面配置网络仓库
wangluo(){
#配置网络仓库
umount /dev/sr0
mv /etc/yum.repos.d/myrepo.repo myrepo
mount /dev/sr0 /www/exam/yum
/usr/bin/cat>/etc/yum.repos.d/yum.repo<<"EOF"
[baseOS]
name=baseOS
baseurl=http://content.exam.com/yum/BaseOS
gpgcheck=0
[appstream]
name=appstream
baseurl=http://content.exam.com/yum/AppStream
gpgcheck=0
EOF
}#在106上创建网络仓库
serverwangluo(){
ssh root@172.25.250.106 << END
cat>/etc/yum.repos.d/yum.repo<< EOF
[baseOS]
name=baseOS
baseurl=http://172.25.250.101/yum/BaseOS
gpgcheck=0
[appstream]
name=appstream
baseurl=http://172.25.250.101/yum/AppStream
gpgcheck=0
EOF
END
}
4、在101上配置NTP服务器。
#时间服务器 NTP
ntp(){local1=`grep -o "local stratum 3" /etc/chrony.conf`
if [ $? -eq 0 ];thenecho "existed"
elseecho "local stratum 3" >> /etc/chrony.conf
fi
allow1=`grep -0 "allow 172.25.250.0/24" /etc/chrony.conf`
if [ $? -eq 0 ];thenecho "existed"
elseecho "allow 172.25.250.0/24">>/etc/chrony.conf
fisystemctl enable chronyd.servicesystemctl restart chronyd.servicessh root@172.25.250.106 << 'EOF'
echo "server 172.25.250.102 iburst" >> /etc/chrony.conf
systemctl enable chronyd.service
systemctl restart chronyd.service
exit
EOF
}
5、来配置nfs服务,来共享/bbs的目录文件内容。106实现自动挂载。
nfs(){#serverdnf install nfs-utils -ysystemctl start nfs-servermkdir /bbschmod 777 /bbsecho "/bbs *(rw)" > /etc/exportsexportfs -rfirewall-cmd --permanent --add-service=nfsfirewall-cmd --permanent --add-service=mountdfirewall-cmd --permanent --add-service=rpc-bindfirewall-cmd --reloadsystemctl restart nfs-server#clientssh root@172.25.250.106 << 'EOF'
yum install httpd -y
systemctl restart httpd
dnf install nfs-utils -y
systemctl start nfs-server
yum install autofs -y
systemctl start autofs
systemctl enable autofs
echo "/var/www/html/ /etc/auto.nfs" >> /etc/auto.master
echo "bbs 172.25.250.104:/bbs" >> /etc/auto.nfs
systemctl restart autofs
EOF
}
6、安装MySQL,并初始化密码。并实现两边都能登录。并且来创建数据库bbs来共享。
mysql(){rpm1=`rpm -qa | grep mariadb`if [ $? -eq 0 ];thenecho "existed"elsesudo dnf install mariadb-server -yfifirewall-cmd --add-service=mysql --permanentfirewall-cmd --reloadsudo systemctl start mariadbsudo systemctl enable mariadbMYSQL_ROOT_PASSWORD="redhat"sudo mysql_secure_installation <<'EOF'
Y
$MYSQL_ROOT_PASSWORD
$MYSQL_ROOT_PASSWORD
Y
Y
Y
Y
EOF
}
user(){sudo mysql -uroot -predhat << 'EOF'
GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY 'redhat' WITH GRANT OPTION;
FLUSH PRIVILEGES;
exit
EOF
}
createdatabase(){sudo mysql -uroot -predhat << 'EOF'
create database bbs;
exit;
EOF}
7、配置论坛服务
luntan(){
cp /root/Discuz_X3.5_SC_UTF8_20230520.zip /bbs
ssh root@172.25.250.106 << 'EOF'
sudo dnf install mariadb-server -y
yum install httpd -y
yum install php* -y
systemctl restart httpd
cd /var/www/html/bbs
unzip Discuz_X3.5_SC_UTF8_20230520.zip
chmod 777 /var/www/html/bbs/upload/config/ /var/www/html/bbs/upload/data/ /var/www/html/bbs/upload/uc_client/ /var/www/html/bbs/upload/uc_server/ -R
EOF
}#cp /root/Discuz_X3.5_SC_UTF8_20230520.zip /var/www/html/bbs
luntanweb(){ssh root@172.25.250.106 <<"EOF"
cat>/etc/httpd/conf.d/vhost.conf<<END
<directory /var/www/html>
allowoverride none
require all granted
</directory>
<virtualhost 172.25.250.106:80>
documentroot /var/www/html/bbs
servername 172.25.250.106
</virtualhost>
ENDEOF
}
8、配置防火墙SELinux服务,
#防火墙SELinux
fire101(){systemctl start firewalldfirewall-cmd --permanent --add-service=httpfirewall-cmd --permanent --add-service=dnsfirewall-cmd --permanent --add-service=ntpfirewall-cmd --reloadsetenforce 1setsebool -P httpd_use_nfs 1setsebool -P httpd_can_network_connect_db onchcon -t httpd_sys_content_t /www/exam/index.html -Rsystemctl restart httpd
}
fire106(){
ssh root@172.25.250.106 << 'EOF'
systemctl start firewalld
firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-service=dns
firewall-cmd --permanent --add-service=ntp
firewall-cmd --reload
setenforce 1
setsebool -P httpd_use_nfs 1
setsebool -P httpd_can_network_connect_db on
systemctl restart httpd
sudo systemctl start mariadb
sudo systemctl enable mariadb
EOF
}
所有代码
#!bin/bash#配置ip
ip(){nmcli connection modify ens160 ipv4.addresses 172.25.250.101/24
nmcli connection modify ens160 ipv4.gateway 172.25.250.2
nmcli connection modify ens160 ipv4.dns 172.25.250.105
nmcli connection modify ens160 ipv4.method manual
nmcli connection modify ens160 connection.autoconnect yesnmcli connection modify ens160 +ipv4.addresses 172.25.250.102/24
nmcli connection modify ens160 +ipv4.addresses 172.25.250.103/24
nmcli connection modify ens160 +ipv4.addresses 172.25.250.104/24
nmcli connection modify ens160 +ipv4.addresses 172.25.250.105/24
nmcli connection up ens160
}
#配置本地仓库
bendi(){num=`/usr/bin/ls -l /mnt | grep "total" | cut -d" " -f2`if [ $num -eq 0 ];thenecho 'no mount'/usr/bin/mount /dev/sr0 /mntecho 'success mounted'elseecho 'is mounted'fi/usr/bin/cat>/etc/yum.repos.d/myrepo.repo<<"EOF"
[baseOS]
name=baseOS
baseurl=/mnt/BaseOS
gpgcheck=0
[appstream]
name=appstream
baseurl=/mnt/AppStream
gpgcheck=0
EOF
}#下载httpd,dnsxiazai(){/usr/bin/yum install httpd bind -y
systemctl start httpd
systemctl start namedsystemctl enable httpd
systemctl enable named
}#Web服务
web(){/usr/bin/mkdir /www
/usr/bin/mkdir /www/exam
/usr/bin/mkdir /www/exam/yumhost=`grep -o "172.25.250.101 www.exam.com" /etc/hosts`
if [ $? -eq 1 ];thenecho "172.25.250.101 www.exam.com" >> /etc/hosts
fi
echo "Hello,Welcome to www.exam.com" > /www/exam/index.html/usr/bin/cat>/etc/httpd/conf.d/vhost.conf<<"EOF"
<directory /www>
allowoverride none
require all granted
</directory>
<virtualhost 172.25.250.101:80>
documentroot /www/exam
servername www.exam.com
</virtualhost>
<directory /www/exam/yum>
Options Indexes FollowSymLinks
allowoverride none
require all granted
</directory>
EOF
}#防火墙SELinux
fire101(){systemctl start firewalldfirewall-cmd --permanent --add-service=httpfirewall-cmd --permanent --add-service=dnsfirewall-cmd --permanent --add-service=ntpfirewall-cmd --reloadsetenforce 1setsebool -P httpd_use_nfs 1setsebool -P httpd_can_network_connect_db onchcon -t httpd_sys_content_t /www/exam/index.html -Rsystemctl restart httpd
}#配置dns
dns(){
/usr/bin/cat>/etc/named.conf<<"EOF"
options {listen-on port 53 { 172.25.250.105; };directory "/var/named";
};zone "exam.com" IN {type master;file "named.exam";
};zone "250.25.172.in-addr.arpa" IN {type master;file "named.fanxiang";
};
EOF
/usr/bin/cat>/var/named/named.exam<<"EOF"
$TTL 1d
@ IN SOA @ admin.exam.com. (20240719011111)IN NS ns.exam.com.IN MX 10 mail.exam.com.
ns IN A 172.25.250.105
www IN A 172.25.250.101
content IN A 172.25.250.101
ntp IN A 172.25.250.102
mysql IN A 172.25.250.103
nfs IN A 172.25.250.104
dns IN A 172.25.250.105
bbs IN A 172.25.250.106
EOF
/usr/bin/cat>/var/named/named.fanxiang<<"EOF"
$TTL 1d
@ IN SOA @ admin.exam.com. (20240719011111)IN NS ns.exam.com.IN MX 10 mail.exam.com.
105 IN PTR ns
101 IN PTR content.exam.com.
101 IN PTR www.exam.com.
102 IN PTR ntp.exam.com.
103 IN PTR mysql.exam.com.
104 IN PTR nfs.exam.com.
105 IN PTR dns.exam.com.
106 IN PTR bbs.exam.com.
EOF
ssh root@172.25.250.106 << 'EOF'
nmcli connection modify ens160 ipv4.dns 172.25.250.105
nmcli connection up ens160
EOF
}
#重启服务
reloa(){systemctl restart namedsystemctl restart httpd
}
wangluo(){
#配置网络仓库
umount /dev/sr0
mv /etc/yum.repos.d/myrepo.repo myrepo
mount /dev/sr0 /www/exam/yum
/usr/bin/cat>/etc/yum.repos.d/yum.repo<<"EOF"
[baseOS]
name=baseOS
baseurl=http://content.exam.com/yum/BaseOS
gpgcheck=0
[appstream]
name=appstream
baseurl=http://content.exam.com/yum/AppStream
gpgcheck=0
EOF
}
:<<BLOCK
servercangku(){ssh root@172.25.250.106 << 'EOF'
/usr/bin/mount /dev/sr0 /mnt
echo "[baseos]" >> /etc/yum.repos.d/myrepo.repo
echo "name=baseOS" >> /etc/yum.repos.d/myrepo.repo
echo "baseurl=/mnt/BaseOS" >> /etc/yum.repos.d/myrepo.repo
echo "gpgcheck=0" >> /etc/yum.repos.d/myrepo.repo
echo "[appstream]" >> /etc/yum.repos.d/myrepo.repo
echo "name=appstream" >> /etc/yum.repos.d/myrepo.repo
echo "baseurl=/mnt/AppStream" >> /etc/yum.repos.d/myrepo.repo
echo "gpgcheck=0" >> /etc/yum.repos.d/myrepo.repo
exit
EOF
}
BLOCKserverwangluo(){
ssh root@172.25.250.106 << END
cat>/etc/yum.repos.d/yum.repo<< EOF
[baseOS]
name=baseOS
baseurl=http://172.25.250.101/yum/BaseOS
gpgcheck=0
[appstream]
name=appstream
baseurl=http://172.25.250.101/yum/AppStream
gpgcheck=0
EOF
END
}serverdns(){
ssh root@172.25.250.106 << 'EOF'
/usr/bin/yum install httpd bind -y
systemctl start httpd
systemctl start named
systemctl enable httpd
systemctl enable named
EOF
}
#时间服务器 NTP
ntp(){local1=`grep -o "local stratum 3" /etc/chrony.conf`
if [ $? -eq 0 ];thenecho "existed"
elseecho "local stratum 3" >> /etc/chrony.conf
fi
allow1=`grep -0 "allow 172.25.250.0/24" /etc/chrony.conf`
if [ $? -eq 0 ];thenecho "existed"
elseecho "allow 172.25.250.0/24">>/etc/chrony.conf
fisystemctl enable chronyd.servicesystemctl restart chronyd.servicessh root@172.25.250.106 << 'EOF'
echo "server 172.25.250.102 iburst" >> /etc/chrony.conf
systemctl enable chronyd.service
systemctl restart chronyd.service
exit
EOF
}nfs(){#serverdnf install nfs-utils -ysystemctl start nfs-servermkdir /bbschmod 777 /bbsecho "/bbs *(rw)" > /etc/exportsexportfs -rfirewall-cmd --permanent --add-service=nfsfirewall-cmd --permanent --add-service=mountdfirewall-cmd --permanent --add-service=rpc-bindfirewall-cmd --reloadsystemctl restart nfs-server#clientssh root@172.25.250.106 << 'EOF'
yum install httpd -y
systemctl restart httpd
dnf install nfs-utils -y
systemctl start nfs-server
yum install autofs -y
systemctl start autofs
systemctl enable autofs
echo "/var/www/html/ /etc/auto.nfs" >> /etc/auto.master
echo "bbs 172.25.250.104:/bbs" >> /etc/auto.nfs
systemctl restart autofs
EOF
}mysql(){rpm1=`rpm -qa | grep mariadb`if [ $? -eq 0 ];thenecho "existed"elsesudo dnf install mariadb-server -yfifirewall-cmd --add-service=mysql --permanentfirewall-cmd --reloadsudo systemctl start mariadbsudo systemctl enable mariadbMYSQL_ROOT_PASSWORD="redhat"sudo mysql_secure_installation <<'EOF'
Y
$MYSQL_ROOT_PASSWORD
$MYSQL_ROOT_PASSWORD
Y
Y
Y
Y
EOF
}createdatabase(){sudo mysql -uroot -predhat << 'EOF'
create database bbs;
exit;
EOF}
user(){sudo mysql -uroot -predhat << 'EOF'
GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY 'redhat' WITH GRANT OPTION;
FLUSH PRIVILEGES;
exit
EOF
}luntan(){
cp /root/Discuz_X3.5_SC_UTF8_20230520.zip /bbs
ssh root@172.25.250.106 << 'EOF'
sudo dnf install mariadb-server -y
yum install httpd -y
yum install php* -y
systemctl restart httpd
cd /var/www/html/bbs
unzip Discuz_X3.5_SC_UTF8_20230520.zip
chmod 777 /var/www/html/bbs/upload/config/ /var/www/html/bbs/upload/data/ /var/www/html/bbs/upload/uc_client/ /var/www/html/bbs/upload/uc_server/ -R
EOF
}#cp /root/Discuz_X3.5_SC_UTF8_20230520.zip /var/www/html/bbs
luntanweb(){ssh root@172.25.250.106 <<"EOF"
cat>/etc/httpd/conf.d/vhost.conf<<END
<directory /var/www/html>
allowoverride none
require all granted
</directory>
<virtualhost 172.25.250.106:80>
documentroot /var/www/html/bbs
servername 172.25.250.106
</virtualhost>
ENDEOF
}
fire106(){
ssh root@172.25.250.106 << 'EOF'
systemctl start firewalld
firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-service=dns
firewall-cmd --permanent --add-service=ntp
firewall-cmd --reload
setenforce 1
setsebool -P httpd_use_nfs 1
setsebool -P httpd_can_network_connect_db on
systemctl restart httpd
sudo systemctl start mariadb
sudo systemctl enable mariadb
EOF
}
main(){
#ip
bendi
xiazai
web
fire101
dns
reloa
wangluo
serverwangluo
serverdns
ntp
nfs
mysql
createdatabase
user
luntan
luntanweb
fire106
}
main