JCOS部分

创建两台虚拟交换机

  • 虚拟交换机子网用途:
    •  虚拟机交换机D-Net:对外数据通信网络
    •  虚拟机交换机S-Net:数据存储通信网络
  • 为数据通信网络D-Net创建虚拟交换机,具体要求如下:
    •  虚拟交换机名称:D-Net
    •  子网名称:D-SubNet
    •  网络地址:172.16.1XX.0/24(XX现场提供)
    •  启用DHCP功能
    •  分配地址池范围:172.16.1XX.10-172.16.1XX.100(XX现场提供)
  • 为存储网络S-Net创建虚拟交换机,具体要求如下:
    •  虚拟交换机名称:S-Net
    •  子网名称:S-SubNet
    •  网络地址:192.168.1XX.0/24(XX现场提供)
    •  勾选禁用网关功能
    •  启用DHCP功能
    •  分配地址池范围:192.168.1XX.10-192.168.1XX.100(XX现场提供)
  • 步骤
  1. 创建交换机D-Net 
  2. 新建子网S-Subnet 
  3. 启用DHCP,并添加地址池,用英文逗号隔开 
  4. 创建交换机S-Net 
  5. 新建子网D-Subnet,禁用网关打钩 
  • 验证 
此项5分
交换机名称:D-Net、S-Net
绑定的子网:
D-SubNet:172.16.1XX.0/24
S-SubNet:192.168.1XX.0/24
各2.5分

image
此项3分
子网名称:D-SubNet、S-SubNet
D-SubNet有网关,S-SubNet没网关
各1.5分

创建一台虚拟路由器

  •  虚拟路由器名称:VGate
  •  虚拟路由器跟D-Net虚拟交换机子网关联
  • 步骤
  1. 创建虚拟路由器,并把子网关联起来 
  • 验证 
路由器名称:VGate
关联子网:172.16.1XX.0/24         
2分

创建2台云主机:

  • serverA的配置要求
    •  硬件资源:CPU 2核;内存 2G
    •  操作系统:CentOS7
    •  网卡数量:2
    •  网卡1与D-Net连接,IP为:172.16.1XX.22(XX现场提供)
    •  网卡2与S-Net连接,IP为:192.168.1XX.22(XX现场提供)
    •  随机申请并绑定一个公网IP地址
  • serverB的配置要求
    •  硬件资源:CPU 2核;内存 2G
    •  操作系统:CentOS7
    •  网卡数量:2
    •  网卡1与D-Net连接,IP为:172.16.1XX.33(XX现场提供)
    •  网卡2与S-Net连接,IP为:192.168.1XX.33(XX现场提供)
    •  随机申请并绑定一个公网IP地址
  • 步骤
  1. 创建serverA,serverB 
  • 验证
    • serverA验证 
云主机名称:serverA
IP:S-Net:192.168.1XX.22
D-Net:172.16.1XX.22
CPU :2核,内存:2048MB
错一扣2分

由于我的JCOS平台有些问题,导致无法正常创建云主机,等这个问题解决了,丢了的分就回来了
  • serverB验证 
云主机名称:serverB
IP:S-Net:192.168.1XX.33
D-Net:172.16.1XX.33
CPU:2核,内存:2048MB
错一扣2分

  • 绑定公网ip截图 

应用部署

  •  在CentOS系统中,利用赛场提供的CentOS镜像文件(/root目录),配置本地yum源,
  •  完成samba、samba-client、httpd、mod_ssl、haproxy、bind、bind-utils、vsftpd、ftp软件包的安装;请将CentOS镜像文件挂载到/mnt/cdrom目录下(目录需要自行创建)。
  • 步骤
[root@localhost ~]# mount /root/CentOS-7-x86_64-DVD-1804.iso /mnt/cdrom/
mount: /dev/loop0 写保护,将以只读方式挂载

[root@localhost ~]

# yum install -y samba samba-client httpd mod_ssl haproxy bind bind-utils vsftpd ftp

  • 验证
1分

[root@localhost ~]

# mount | grep mnt /root/CentOS-7-x86_64-DVD-1804.iso on /mnt/cdrom type iso9660 (ro,relatime)

ServerA 的配置

云硬盘的配置要求

  • 需求
    •  新建一个20GB的云硬盘,云硬盘名称为A-20,挂载到serverA;
    •  创建lvm物理卷;
    •  创建一个名为datastore的卷组,卷组的PE尺寸为16MB;
    •  逻辑卷的名称为database所属卷组为datastore,该逻辑卷大小为8GB;
    •  将新建的逻辑卷database格式化为XFS文件系统,编辑配置文件实现以UUID的形式将逻辑卷开机自动挂载至/data/web_data目录;
    •  业务扩增,导致database逻辑卷空间不足,现需将database逻辑卷扩容至15GB空间大小,以满足业务需求。(注意扩容前后截图)
  • 解决
  1. 在VMware上添加一个新硬盘,容量大小为20G
  2. 使用fdisk -l 命令查看是否识别到此硬盘
[root@localhost ~]# fdisk -l   //只保留核心信息

磁盘 /dev/sdb:21.5 GB, 21474836480 字节,41943040 个扇区
Units = 扇区 of 1 * 512 = 512 bytes
扇区大小(逻辑/物理):512 字节 / 512 字节
I/O 大小(最小/最佳):512 字节 / 512 字节
磁盘标签类型:dos
磁盘标识符:0x5689964f

   设备 Boot      Start         End      Blocks   Id  System

  1. 使用 fisk 命令给sdb分区,并把系统格式改为LVM
[root@localhost ~]# fdisk /dev/sdb
命令(输入 m 获取帮助):n
Partition type:
   p   primary (0 primary, 0 extended, 4 free)
   e   extended
Select (default p): p  
分区号 (1-4,默认 1):
起始 扇区 (2048-41943039,默认为 2048):
将使用默认值 2048
Last 扇区, +扇区 or +size{K,M,G} (2048-41943039,默认为 41943039):
将使用默认值 41943039
分区 1 已设置为 Linux 类型,大小设为 20 GiB

命令(输入 m 获取帮助):p

磁盘 /dev/sdb:21.5 GB, 21474836480 字节,41943040 个扇区
Units = 扇区 of 1 * 512 = 512 bytes
扇区大小(逻辑/物理):512 字节 / 512 字节
I/O 大小(最小/最佳):512 字节 / 512 字节
磁盘标签类型:dos
磁盘标识符:0x5689964f

   设备 Boot      Start         End      Blocks   Id  System
/dev/sdb1            2048    41943039    20970496   83  Linux

命令(输入 m 获取帮助):t
已选择分区 1
Hex 代码(输入 L 列出所有代码):8e
已将分区“Linux”的类型更改为“Linux LVM”

命令(输入 m 获取帮助):w
The partition table has been altered!

Calling ioctl() to re-read partition table.
正在同步磁盘。
  1. 创建物理卷PV(Physical Vomule)
[root@localhost ~]# pvcreate /dev/sdb1
  Physical volume "/dev/sdb1" successfully created.
  1. 将物理卷创建为VG卷组(Vomule Group)
[root@localhost ~]# vgcreate -s 16M datastore /dev/sdb1
  Volume group "datastore" successfully created
  1. 将一个卷组VG划分为多个逻辑卷LV(Logical Vomule)
[root@localhost ~]# lvcreate -L 8G -n database datastore
WARNING: xfs signature detected on /dev/datastore/database at offset 0. Wipe it? [y/n]: y
  Wiping xfs signature on /dev/datastore/database.
  Logical volume "database" created.
  1. 将新建的database格式化为xfs系统
[root@localhost ~]# mkfs -t xfs /dev/mapper/datastore-database 
meta-data=/dev/mapper/datastore-database isize=512    agcount=4, agsize=524288 blks
         =                       sectsz=512   attr=2, projid32bit=1
         =                       crc=1        finobt=0, sparse=0
data     =                       bsize=4096   blocks=2097152, imaxpct=25
         =                       sunit=0      swidth=0 blks
naming   =version 2              bsize=4096   ascii-ci=0 ftype=1
log      =internal log           bsize=4096   blocks=2560, version=2
         =                       sectsz=512   sunit=0 blks, lazy-count=1
realtime =none                   extsz=4096   blocks=0, rtextents=0
  1. 编辑配置文件实现以UUID的形式将逻辑卷开机自动挂载至/data/web_data目录
[root@localhost ~]# blkid /dev/mapper/datastore-database 
/dev/mapper/datastore-database: UUID="4e82a53d-31c7-44ad-8288-87834035008a" TYPE="xfs" 

[root@localhost ~]# vim /etc/fstab /dev/mapper/centos-root / xfs defaults 0 0 UUID=da08d50a-cb36-408d-8b2c-a3c70ecda8e3 /boot xfs defaul ts 0 0 /dev/mapper/centos-swap swap swap defaults 0 0 UUID=4e82a53d-31c7-44ad-8288-87834035008a /data/web_data xfs defaults 0 0 “/etc/fstab” 12L, 539C 已写入

[root@localhost ~]# mount -a


  1. 扩容至15G
[root@localhost ~]# lvextend -L 15G /dev/mapper/datastore-database 
  Size of logical volume datastore/database changed from 8.00 GiB (512 extents) to 15.00 GiB (960 extents).
  Logical volume datastore/database successfully resized.

[root@localhost ~]# xfs_growfs /dev/mapper/datastore-database //xfs同步15G meta-data=/dev/mapper/datastore-database isize=512 agcount=4, agsize=524288 blks = sectsz=512 attr=2, projid32bit=1 = crc=1 finobt=0 spinodes=0 data = bsize=4096 blocks=2097152, imaxpct=25 = sunit=0 swidth=0 blks naming =version 2 bsize=4096 ascii-ci=0 ftype=1 log =internal bsize=4096 blocks=2560, version=2 = sectsz=512 sunit=0 blks, lazy-count=1 realtime =none extsz=4096 blocks=0, rtextents=0 data blocks changed from 2097152 to 3932160

  • 验证
  1. serverA (扩容前)使用vgdisplay datastore和lvdisplay /dev/mapper/datastore-database查看lvm信息
[root@localhost ~]# vgdisplay datastore
  --- Volume group ---
  VG Name               datastore   //1分
  System ID             
  Format                lvm2
  Metadata Areas        1
  Metadata Sequence No  2
  VG Access             read/write
  VG Status             resizable
  MAX LV                0
  Cur LV                1
  Open LV               1
  Max PV                0
  Cur PV                1
  Act PV                1
  VG Size               19.98 GiB   //1分
  PE Size               16.00 MiB   //1分
  Total PE              1279
  Alloc PE / Size       512 / 8.00 GiB
  Free  PE / Size       767 / 11.98 GiB
  VG UUID               HXIusW-XPun-8yMI-mZW7-f8sA-c2IR-cKNgc6

[root@localhost ~]

# lvdisplay /dev/mapper/datastore-database — Logical volume — LV Path /dev/datastore/database LV Name database //1分 VG Name datastore LV UUID q3pglz-CTwP-477U-YGh0-O1u3-vVUI-YETqDl LV Write Access read/write LV Creation host, time localhost.localdomain, 2019-03-07 02:00:58 +0800 LV Status available # open 1 LV Size 8.00 GiB //1分 Current LE 512 Segments 1 Allocation inherit Read ahead sectors auto – currently set to 8192 Block device 253:2

  1. serverA 使用blkid /dev/mapper/datastore-database 命令获取UUID值,截图;使用cat命令查看/etc/fstab文件内容
两个UUID一致得2分

[root@localhost ~]

# blkid /dev/mapper/datastore-database /dev/mapper/datastore-database: UUID=”4e82a53d-31c7-44ad-8288-87834035008a” TYPE=”xfs”

[root@localhost ~]

# cat /etc/fstab /dev/mapper/centos-root / xfs defaults 0 0 UUID=da08d50a-cb36-408d-8b2c-a3c70ecda8e3 /boot xfs defaults 0 0 /dev/mapper/centos-swap swap swap defaults 0 0 UUID=4e82a53d-31c7-44ad-8288-87834035008a /data/web_data xfs default0 0

  1. serverA (扩容后)使用lvdisplay /dev/mapper/datastore-database查看lvm信息
[root@localhost ~]# lvdisplay /dev/mapper/datastore-database
  --- Logical volume ---
  LV Path                /dev/datastore/database
  LV Name                database
  VG Name                datastore
  LV UUID                wg5Ac4-UYxc-o2Aq-k3oo-4NmF-1JmB-Bzveo0 //需一致
  LV Write Access        read/write
  LV Creation host, time localhost.localdomain, 2019-03-07 18:21:32 +0800
  LV Status              available
  # open                 1
  LV Size                15.00 GiB   //2分
  Current LE             960
  Segments               1
  Allocation             inherit
  Read ahead sectors     auto
  - currently set to     8192
  Block device           253:2
  1. serverA (扩容后)使用df -lh命令查看文件系统磁盘空间使用信息.
[root@localhost ~]# df -lh
文件系统                        容量  已用  可用 已用% 挂载点
/dev/mapper/centos-root          19G  1.2G   18G    7% /
devtmpfs                        476M     0  476M    0% /dev
tmpfs                           488M     0  488M    0% /dev/shm
tmpfs                           488M  7.7M  480M    2% /run
tmpfs                           488M     0  488M    0% /sys/fs/cgroup
/dev/sda1                       197M  108M   90M   55% /boot
tmpfs                            98M     0   98M    0% /run/user/0
/dev/mapper/datastore-database   15G   33M   15G    1% /data/web_data //此项为15G得1分

配置Samba服务

  • 需求
    •  修改工作组为WORKGROUP
    •  注释[homes]和[printers]相关的所有内容
    •  共享名为webdata
    •  webdata可以浏览且webdata可写
    •  共享目录为/data/web_data,且apache用户对该目录有读写执行权限,用setfacl命令配置目录权限。
    •  只有192.168.1XX.33的主机可以访问。(XX现场提供)
    •  添加一个apache用户(密码自定义)对外提供Samba服务。
  • 步骤
  1. 打开/etc/samba/smb.conf
[root@localhost ~]# vim /etc/samba/smb.conf


[global]

workgroup = WORKGROUP security = user passdb backend = tdbsam printing = cups printcap name = cups load printers = yes cups options = raw #[homes]# comment = Home Directories# valid users = %S, %D%w%S# browseable = No# read only = No# inherit acls = Yes#[printers]# comment = All Printers# path = /var/tmp# printable = Yes# create mask = 0600# browseable = No

[webdata]

public = yes browseable = yes writable = yes path = /data/web_data hosts deny = ALL EXCEPT 192.168.1.33

[root@localhost ~]

#

  1. 给Apache用户配置ACL权限
[root@localhost ~]# setfacl -m u:apache:rwx /data/web_data/ 
  • 验证
  1. serverA 使用egrep [‘(#|;)’] /etc/samba/smb.conf | egrep -v [[:space:]]+#命令过滤samba配置文件
[root@localhost ~]# egrep ^[^'(#|;)'] /etc/samba/smb.conf | egrep -v [[:space:]]+#

[global]

workgroup = WORKGROUP //1分 security = user passdb backend = tdbsam printing = cups printcap name = cups load printers = yes cups options = raw

[webdata]

public = yes browseable = yes writable = yes path = /data/web_data hosts deny = ALL EXCEPT 192.168.1.33 //9分

  1. serverA 使用getfacl命令查看/data/web_data权限
[root@localhost ~]# getfacl /data/web_data/                
getfacl: Removing leading '/' from absolute path names
# file: data/web_data/
# owner: root
# group: root
user::rwx
user:apache:rwx   //2分
group::r-x
mask::rwx
other::r-x

配置http服务

  • 需求
    •  以虚拟主机的方式创建web站点
    •  将/etc/httpd/conf.d/ssl.conf重命名为ssl.conf.bak
    •  配置文件名为virthost.conf,放置在/etc/httpd/conf.d目录下;
    •  配置https功能,https所用的证书httpd.crt、私钥httpd.key放置在/etc/httpd/ssl目录中(目录需自己创建);
    •  使用www.rj.com作为域名进行访问;
    •  网站根目录为/data/web_data;
    •  提供http、https服务,仅监听192.168.1XX.22的IP地址;(XX现场提供)
    •  index.html内容使用Welcome to 2018 Computer Network Application contest!;
  • 解决
  1. 进入httpd配置文件夹,把ssl.conf 改成ssl.conf.bak
[root@localhost /]# cd /etc/httpd/conf.d/

[root@localhost conf.d]

# mv ssl.conf ssl.conf.bak

  1. 创建virthost.conf 配置文件
[root@localhost conf.d]# vim virthost.conf 

<VirtualHost 172.16.0.88:80>
        ServerName www.rj.com
        DocumentRoot "/data/web_data"
        <Directory "/data/web_data">
                Require all granted
        </Directory>
</VirtualHost>
Listen 172.16.0.88:443
<VirtualHost 172.16.0.88:443>
        ServerName www.rj.com
        DocumentRoot "/data/web_data"
        SSLEngine on
        SSlCertificateFile /etc/httpd/ssl/httpd.crt
        SSLCertificateKeyFile /etc/httpd/ssl/httpd.key
        <Directory "/data/web_data">
                Require all granted
        </Directory>
</VirtualHost>
  1. 进入网站主目录,创建index.html
[root@localhost /]# vim /data/web_data/index.html
Welcome to 2018 Computer Network Applocation contest!
  • 验证
  1. serverA 使用cat /etc/httpd/conf.d/virthost.conf查看httpd配置文件内容
[root@localhost /]# cat /etc/httpd/conf.d/virthost.conf
<VirtualHost 172.16.0.88:80>
        ServerName www.rj.com
        DocumentRoot "/data/web_data"
        <Directory "/data/web_data">
                Require all granted
        </Directory>
</VirtualHost>   //4分,错一个0分

Listen 172.16.0.88:443
<VirtualHost 172.16.0.88:443>
        ServerName www.rj.com
        DocumentRoot "/data/web_data"
        SSLEngine on
        SSlCertificateFile /etc/httpd/ssl/httpd.crt
        SSLCertificateKeyFile /etc/httpd/ssl/httpd.key
        <Directory "/data/web_data">
                Require all granted
        </Directory>
</VirtualHost>   //共10分,错一个0分

OpenSSL

  • 需求
    •  配置openssl,为http服务提供证书
  • 解决
  1. 生成私钥文件
[root@localhost CA]# openssl genrsa -out private/cakey.pem
Generating RSA private key, 2048 bit long modulus
...................................................................................................+++
....................................................+++
e is 65537 (0x10001)
  1. 升成自签证书
[root@localhost CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:sx
Locality Name (eg, city) [Default City]:ty
Organization Name (eg, company) [Default Company Ltd]:xgl
Organizational Unit Name (eg, section) []:xgl
Common Name (eg, your name or your server's hostname) []:rj.com
Email Address []:admin
  1. 创建必要文件
[root@localhost CA]# touch index.txt

[root@localhost CA]

# touch serial

[root@localhost CA]

# echo “01”>serial

  1. 升成客户机私钥
[root@localhost CA]# openssl genrsa -out httpd.key

  1. 升成证书请求
[root@localhost CA]# openssl req -new -key httpd.key -out httpd.crs
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:sx
Locality Name (eg, city) [Default City]:ty
Organization Name (eg, company) [Default Company Ltd]:xgl
Organizational Unit Name (eg, section) []:xgl
Common Name (eg, your name or your server's hostname) []:rj.com
Email Address []:admin

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:123456
An optional company name []:123456
  1. 签署证书
[root@localhost CA]# openssl ca -in httpd.crs -out rj.crt
Using configuration from /etc/pki/tls/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
        Serial Number: 1 (0x1)
        Validity
            Not Before: Mar 12 09:34:15 2019 GMT
            Not After : Mar 11 09:34:15 2020 GMT
        Subject:
            countryName               = CN
            stateOrProvinceName       = sx
            organizationName          = xgl
            organizationalUnitName    = xgl
            commonName                = rj.com
            emailAddress              = admin
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            Netscape Comment: 
                OpenSSL Generated Certificate
            X509v3 Subject Key Identifier: 
                E3:DB:EA:08:F6:97:39:9C:92:EC:4B:E7:14:7C:E8:AE:09:AD:F7:6B
            X509v3 Authority Key Identifier: 
                keyid:60:A3:83:3C:86:95:B6:B1:A1:88:1D:52:A0:BE:1C:41:AE:47:8F:B1

Certificate is to be certified until Mar 11 09:34:15 2020 GMT (365 days)
Sign the certificate? [y/n]:y


1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
  • 验证
  1. serverA 使用cat /etc/pki/CA/index.txt查看openssl证书数据库文件
[root@localhost CA]# cat /etc/pki/CA/index.txt
V       200311093415Z           01      unknown /C=CN/ST=sx/O=xgl/OU=xgl/CN=rj.com/emailAddress=admin  

//5分