一
1)请在没有给定root密码的情况下,修改root密码为mary,并修改主机名为servera.lab.examapl.com
引导界面按e修改内核参数添加rd.break,按ctrl+x进入单用户模式
单用户模式执行 mount -o remount rw /sysroot
切换根目录 chroot /sysroot
修改root密码为mary
修改密码成功后创建 /.autorelabel 重置上下文标签(切勿打错)
两次exit
重启登陆验证
2)serverb的IP地址信息如下,请对serverb进行网络配置,并修改主机名为serverb.lab.examapl.com
IP :172.25.250.11\24
网关地址:172.25.250.254
DNS:172.25.250.254
这里使用配置文件进行修改
[root@serverb ~]# nmcli connection delete eth0 #实验环境内要执行两次才能删除成功,考试环境中省略此步骤
[root@serverb ~]# nmcli connection show
[root@serverb ~]# nmcli connection add con-name eth0 ifname eth0 autoconnect yes type ethernet
[root@serverb ~]# nmcli connection modify eth0 ipv4.addresses 172.25.250.11/24
[root@serverb ~]# nmcli connection modify eth0 ipv4.gateway 172.25.250.254
[root@serverb ~]# nmcli connection modify eth0 ipv4.dns 172.25.250.254
[root@serverb ~]# nmcli connection modify eth0 ipv4.method manual
[root@serverb ~]# nmcli connection up eth0
[root@serverb ~]# ssh root@servera
二
配置您的系统以使用默认存储库
存储库地址:
http://cleassroom.examaple.com/BaseOS/
http://cleassroom.examaple.com/AppStream/
[root@servera yum.repos.d]# touch baseos.repo #创建存储库文件
[root@servera yum.repos.d]# vim baseos.repo #修改存储库文件
[root@servera yum.repos.d]# cat baseos.repo
[BaseOS]
name=baseos
baseurl=http://cleassroom.examaple.com/BaseOS/
enabled=1
gpgcheck=0
[AppStream]
name=appstream
basurl=http://cleassroom.examaple.com/AppStream/
enabled=1
gpgcheck=0
[root@servera yum.repos.d]# yum repolist #验证
repo id repo name
AppStream appstream
BaseOS baseos
三
调试selinux
在非标端口82上运行的web服务提供内容时遇到问题,请调试解决并满足如下条件
1)系统上的web服务器能够提供/var/www/html中现有的HTML文件
2)web服务器在端口82上提供内容
3)web服务器在系统启动时启动
[root@serverb ~]# systemctl enable httpd #设置httpd开机自启
Created symlink /etc/systemd/system/multi-user.target.wants/httpd.service → /usr/lib/systemd/system/httpd.service.
[root@serverb ~]# systemctl start httpd #启动httpd
Job for httpd.service failed because the control process exited with error code.
See "systemctl status httpd.service" and "journalctl -xe" for details.
[root@serverb ~]# systemctl status httpd #查看服务状态
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Thu 2022-12-22 01:35:20 CST; 20s ago
Docs: man:httpd.service(8)
Process: 23882 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited, status=1/FAILURE)
Main PID: 23882 (code=exited, status=1/FAILURE)
Status: "Reading configuration..."
[root@serverb ~]# semanage port -a -t http_port_t -p tcp 82 #设置selinux开放82端口
[root@serverb ~]# semanage port -l |grep http #检查端口是否添加成功
http_cache_port_t tcp 8080, 8118, 8123, 10001-10010
http_cache_port_t udp 3130
http_port_t tcp 82, 80, 81, 443, 488, 8008, 8009, 8443, 9000
pegasus_http_port_t tcp 5988
pegasus_https_port_t tcp 5989
[root@serverb ~]# firewall-cmd --add-port=82/tcp --permanent #防火墙开启82端口
success
[root@serverb ~]# firewall-cmd --reload #重载防火墙
success
[root@serverb ~]# firewall-cmd --list-all-zones #查看端口添加是否成功
验证端口正常,文件访问正常
[root@serverb html]# ls -lZ
total 8
-rw-r--r--. 1 root root unconfined_u:object_r:admin_home_t:s0 7 Dec 22 01:46 file1.html
-rw-r--r--. 1 root root unconfined_u:object_r:httpd_sys_content_t:s0 7 Dec 22 01:46 file2.html
查看/var/www/html/文件的selinux上下文
[root@serverb html]# semanage fcontext -m -t httpd_sys_content_t '/var/www/html/file1.html(/.*)?' #修改selinux上下文标签
[root@serverb html]# restorecon -Rv /var/www/html/file1.html #重载
Relabeled /var/www/html/file1.html from unconfined_u:object_r:admin_home_t:s0 to unconfined_u:object_r:httpd_sys_content_t:s0
[root@serverb html]# ls -lZ
total 8
-rw-r--r--. 1 root root unconfined_u:object_r:httpd_sys_content_t:s0 7 Dec 22 01:46 file1.html
-rw-r--r--. 1 root root unconfined_u:object_r:httpd_sys_content_t:s0 7 Dec 22 01:46 file2.html
验证
四
创建用户账户满足如下条件
创建admins组
用户harry的次要从组为admins
用户natasha的次要从组为admins
用户amy 无权访问交互式shell 且不是admins组的成员
所有用户的密码都应该时123
[root@serverb html]# groupadd admins
[root@serverb html]# useradd -G admins harry
[root@serverb html]# useradd -G admins natasha
[root@serverb html]# useradd -s /sbin/nologin may
[root@serverb html]# echo 123 | passwd --stdin harry
Changing password for user harry.
passwd: all authentication tokens updated successfully.
[root@serverb html]# echo 123 | passwd --stdin natasha
Changing password for user natasha.
passwd: all authentication tokens updated successfully.
[root@serverb html]# echo 123 | passwd --stdin may
Changing password for user may.
passwd: all authentication tokens updated successfully.五
配置定时计划任务,该作业每隔五分钟运行并执行一下命令 logger “hello” 并以natasha身份运行
[root@serverb ~]# crontab -u natasha -e
*/5 * * * * logger "hello"六
创建协作目录 /home/tools并具有如下特征 /home/tools所属组为admins,可以被组成员读取写入和访问,但其他用户不具备这些权限,/home/tools中创建的文件自动将所属组权限设置为admins组
[root@serverb ~]# mkdir /home/tools
[root@serverb ~]# chown -R :admins /home/tools
[root@serverb ~]# chmod 0770 /home/tools
[root@serverb ~]# chmod g+s /home/tools
验证
[root@serverb home]# su - harry
[harry@serverb ~]$ cd /home/
[harry@serverb home]$ ll
total 0
drwx------. 2 devops devops 62 May 7 2020 devops
drwx------. 2 harry harry 62 Dec 22 02:03 harry
drwx------. 2 may may 62 Dec 22 02:03 may
drwx------. 2 natasha natasha 62 Dec 22 02:03 natasha
drwx------. 3 student student 95 Sep 1 2020 student
drwxrws---. 2 root admins 6 Dec 22 02:10 tools
drwx------. 2 user3 user3 83 Dec 22 01:08 user3
[harry@serverb home]$ cd tools
[harry@serverb tools]$ mkdir harry.back
[harry@serverb tools]$ ll
total 0
drwxrwsr-x. 2 harry admins 6 Dec 22 02:12 harry.back
[harry@serverb tools]$
七
配置NTP服务
配置您的系统使其成为classroom.examaple.com 的NTP客户端
查看服务状态
[root@serverb home]# systemctl status chronyd
● chronyd.service - NTP client/server
Loaded: loaded (/usr/lib/systemd/system/chronyd.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2022-12-22 00:58:36 CST; 1h 18min ago
Docs: man:chronyd(8)
man:chrony.conf(5)
Main PID: 773 (chronyd)
Tasks: 1 (limit: 11345)
Memory: 1.3M
CGroup: /system.slice/chronyd.service
└─773 /usr/sbin/chronyd
修改配置文件
[root@serverb home]# vim /etc/chrony.conf
[root@serverb home]# head -n 7 /etc/chrony.conf
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
#server 0.rhel.pool.ntp.org iburst
#server 1.rhel.pool.ntp.org iburst
#server 2.rhel.pool.ntp.org iburst
#server 3.rhel.pool.ntp.org iburst
server classroom.examaple.com iburst
重新加载
[root@serverb home]# chronyc -n sources
八
配置autofs
将serverb.lab.examaple.comNFS导出到/rhel到您的系统,此文件系统包含user1的预配置主目录
user1的主目录应该是serverb.lab.examaple.com:/rhel/user1
user1的主目录应自动挂载到本地/rhel 下的/rhel/user1
主目录必须可提供用户写入
user1的密码为123
九
配置/var/tmp/fstab权限
将/etc/fstab复制到/var/tmp/fstab,配置fstab权限如下
文件所有者,所属组为root所有
文件不能被任何人执行
用户natasha能够读取和写入
用户harry无法读取或写入
所有其他用户能够读取
[root@servera ~]# cp /etc/fstab /var/tmp/fstab
[root@servera ~]# chown root:root /var/tmp/fstab
[root@servera ~]# setfacl -m user:natasha:rw- /var/tmp/fstab
[root@servera ~]# setfacl -m user:harry:--- /var/tmp/fstab
[root@servera ~]# chmod 0664 /var/tmp/fstab
十
配置账户user2 用户ID为3380 密码为123123
[root@serverb ~]# useradd -u 3380 user2
[root@serverb ~]# echo 123123 | passwd --stdin user2
十一
查找user3的所有文件并将其放入/root/filebackup中
find / -user user3 -exec cp -a {} /root/filebackup \;
十二
查找文件/usr/share/rhel.html 中所有包含re的行,去除空行将所有这些行的副本按照原顺序放入 /root/file中
cat /usr/share/rhel.html | grep -v ^$ | grep re > /root/file十三
创建一个名为/root/books.tar.gz的tar存档 ,应包含/usr/local的tar包 使用gzip格式压缩
[root@serverb ~]# tar -zcvf /root/books.tar.gz /usr/local十四
创建逻辑卷将逻辑卷vo大小调整为180M 确保文件系统内容保持不变
[root@servera dev]# lvs #查看逻辑卷大小
LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert
ov vg1 -wi-ao---- 100.00m
[root@servera dev]# df -h #查看文件系统大小
Filesystem Size Used Avail Use% Mounted on
devtmpfs 887M 0 887M 0% /dev
tmpfs 914M 0 914M 0% /dev/shm
tmpfs 914M 17M 897M 2% /run
tmpfs 914M 0 914M 0% /sys/fs/cgroup
/dev/vda3 9.9G 1.6G 8.4G 16% /
/dev/vda2 100M 6.8M 94M 7% /boot/efi
tmpfs 183M 0 183M 0% /run/user/0
/dev/mapper/vg1-ov 95M 6.0M 89M 7% /ov
[root@servera dev]# lvextend -L 180M /dev/vg1/ov #修改逻辑卷大小为180M
Size of logical volume vg1/ov changed from 100.00 MiB (25 extents) to 180.00 MiB (45 extents).
Logical volume vg1/ov successfully resized.
[root@servera dev]# lvs #再次查看逻辑卷大小
LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert
ov vg1 -wi-ao---- 180.00m
[root@servera dev]# df -h #查看文件系统大小
Filesystem Size Used Avail Use% Mounted on
devtmpfs 887M 0 887M 0% /dev
tmpfs 914M 0 914M 0% /dev/shm
tmpfs 914M 17M 897M 2% /run
tmpfs 914M 0 914M 0% /sys/fs/cgroup
/dev/vda3 9.9G 1.6G 8.4G 16% /
/dev/vda2 100M 6.8M 94M 7% /boot/efi
tmpfs 183M 0 183M 0% /run/user/0
/dev/mapper/vg1-ov 95M 6.0M 89M 7% /ov
[root@servera dev]# xfs_growfs /ov #扩容文件系统大小 如果为ext4文件系统则使用resize2fs /dev/vg1/ov
meta-data=/dev/mapper/vg1-ov isize=512 agcount=4, agsize=6400 blks
= sectsz=512 attr=2, projid32bit=1
= crc=1 finobt=1, sparse=1, rmapbt=0
= reflink=1
data = bsize=4096 blocks=25600, imaxpct=25
= sunit=0 swidth=0 blks
naming =version 2 bsize=4096 ascii-ci=0, ftype=1
log =internal log bsize=4096 blocks=1368, version=2
= sectsz=512 sunit=0 blks, lazy-count=1
realtime =none extsz=4096 blocks=0, rtextents=0
data blocks changed from 25600 to 46080
[root@servera dev]# df -h #再次查看文件系统大小
Filesystem Size Used Avail Use% Mounted on
devtmpfs 887M 0 887M 0% /dev
tmpfs 914M 0 914M 0% /dev/shm
tmpfs 914M 17M 897M 2% /run
tmpfs 914M 0 914M 0% /sys/fs/cgroup
/dev/vda3 9.9G 1.6G 8.4G 16% /
/dev/vda2 100M 6.8M 94M 7% /boot/efi
tmpfs 183M 0 183M 0% /run/user/0
/dev/mapper/vg1-ov 175M 6.8M 168M 4% /ov
十五
添加交换分区
给您的系统添加一个新的交换分区大小为600M,交换分区应在系统启动时自动挂载
注意考试时只有一块磁盘
新建好逻辑分区后将分区格式化为swap分区
[root@servera dev]# mkswap /dev/vdc5
Setting up swapspace version 1, size = 600 MiB (629141504 bytes)
no label, UUID=fb5be81f-ffc0-479a-a657-d2cce00b4e34
[root@servera dev]# vim /etc/fstab
[root@servera dev]# cat /etc/fstab
UUID=fb5be81f-ffc0-479a-a657-d2cce00b4e34 swap swap defaults 0 0
[root@servera dev]# swapon -a
[root@servera dev]# swapon -s
Filename Type Size Used Priority
/dev/vdc5 partition 614396 0 -2
十六
根据要求创建逻辑卷
逻辑卷名为np,属于npgroup卷组,大小为50个扩展块,npgroup卷组中逻辑卷的扩展块大小应为20MiB,使用ext3文件系统格式化新逻辑卷,该逻辑卷应自动挂载到/mnt/np下
准备物理卷
[root@servera dev]# pvcreate /dev/vdc3
Physical volume "/dev/vdc3" successfully created.
创建卷组
[root@servera dev]# vgcreate -s 20M npgroup /dev/vdc3
Volume group "npgroup" successfully created
[root@servera dev]# vgs
VG #PV #LV #SN Attr VSize VFree
npgroup 1 0 0 wz--n- 1020.00m 1020.00m
vg1 1 1 0 wz--n- <5.00g 4.82g
创建逻辑卷并格式化
[root@servera dev]# lvcreate -l 50 -n np npgroup
Logical volume "np" created.
[root@servera dev]# lvs
LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert
np npgroup -wi-a----- 1000.00m
ov vg1 -wi-ao---- 180.00m
[root@servera dev]# mkfs.ext3 /dev/npgroup/np
设置自动挂载
[root@servera dev]# cat /etc/fstab | tail -n 1
UUID=4dcbfc28-9c19-4cda-bd6c-eceb5fb44f8e /mnt/np ext3 defaults 0 0
十七
创建VDO卷 使用未分区的磁盘 (/dev/vdd)该卷名为vdoname 该卷的逻辑大小为80G,使用xfs文件系统 ,并挂载到/vbrek下
安装vdo 一共两个包 记不住就grep一下
[root@servera dev]# yum list | grep vdo
kmod-kvdo.x86_64 6.2.2.117-65.el8 @rhel-8-for-x86_64-baseos-rpms
vdo.x86_64 6.2.2.117-13.el8 @rhel-8-for-x86_64-baseos-rpms
alsa-plugins-vdownmix.i686 1.1.9-1.el8 rhel-8.2-for-x86_64-appstream-rpms
alsa-plugins-vdownmix.x86_64 1.1.9-1.el8 rhel-8.2-for-x86_64-appstream-rpms
libblockdev-vdo.x86_64 2.19-12.el8 rhel-8.2-for-x86_64-appstream-rpms
[root@servera dev]# yum -y install kmod-kvdo.x86_64 vdo.x86_64
Last metadata expiration check: 0:26:57 ago on Thu 22 Dec 2022 07:24:44 PM CST.
Package kmod-kvdo-6.2.2.117-65.el8.x86_64 is already installed.
Package vdo-6.2.2.117-13.el8.x86_64 is already installed.
Dependencies resolved.
Nothing to do.
Complete!
创建并挂载
[root@servera dev]# vdo create --name vdoname --device /dev/vdd --vdoLogicalSize 80
[root@servera dev]# mkfs.xfs /dev/mapper/vdoname
[root@servera dev]# mkdir /vbrek
[root@servera dev]# vim /etc/fstab
[root@servera dev]# cat /etc/fstab | tail -n 1
UUID=4fe530f9-0b4c-4a0c-804d-95408424f90b /vbrek xfs defaults,x-systemd.requires=vod.servie 0 0
[root@servera dev]# df -h | tail -n 1
/dev/mapper/vdoname 76M 4.9M 71M 7% /vbrek十八
为您的系统配置系统建议的tuned配置集并将它设置为默认
[root@serverb ~]# tuned-adm recommend #查看推荐调优方案
virtual-guest
[root@serverb ~]# tuned-adm profile virtual-guest #将系统调优方案设置为当前调优方案
[root@serverb ~]# tuned-adm active #查看当前方案
Current active profile: virtual-guest
十九
用registry服务器提供的rlogserver 镜像创建容器,容器仓库地址为http://utility.examaple.com:8080
需要输入用户密码为 gls :gls123
配置容器使其以systemd服务形式运行并只面向用户user,该用户的密码为redhat
服务名为container_webserver.service 并在系统重新引导后自动启动
登陆仓库
[student@servera ~]$ podman login registry.lab.example.com --tls-verify=false
Username: admin
Password:
Login Succeeded!
下载镜像
[student@servera ~]$ podman pull registry.lab.example.com/rhel8/httpd-24 --tls-verify=false
Trying to pull registry.lab.example.com/rhel8/httpd-24...
Getting image source signatures
Copying blob 71391dc11a78 done
Copying blob 9d20433efa0c done
Copying blob 47db82df7f3f done
Copying blob 77c58f19bd6e done
Copying config 7e93f25a94 done
Writing manifest to image destination
Storing signatures
7e93f25a946892c9c175b74a0915c96469e3b4845a6da9f214fd3ec19c3d7070
创建目录和index.html
[student@servera ~]$ mkdir /home/student/container_websit
[student@servera ~]$ touch /tmp/index.html
[student@servera ~]$ vim /tmp/index.html
[student@servera ~]$ cp -a /tmp/index.html /home/student/container_websit/
启动容器
[student@servera ~]$ podman run -dit --name webserver -v /home/student/container_websit:/var/www/html:Z registry.lab.example.com/rhel8/httpd-24
ed07e4459bac51b2027ee4f454464b4011dd360c3d50471d3506651cde71b4e9
创建user目录
[student@servera ~]$ mkdir -p ~/.config/systemd/user
在目录下执行
[student@servera user]$ podman generate systemd --name webserver --files
/home/student/.config/systemd/user/container-webserver.service
[student@servera user]$ systemctl --user daemon-reload
[student@servera user]$ systemctl --user enable container_webserver.service
[student@servera user]$ systemctl --user restart container_webserver.service
验证
[student@servera user]$ reboot
[student@servera user]$ systemctl --user status container_webserver.service