JCOS部分
创建两台虚拟交换机
- 虚拟交换机子网用途:
- 虚拟机交换机D-Net:对外数据通信网络
- 虚拟机交换机S-Net:数据存储通信网络
- 为数据通信网络D-Net创建虚拟交换机,具体要求如下:
- 虚拟交换机名称:D-Net
- 子网名称:D-SubNet
- 网络地址:172.16.1XX.0/24(XX现场提供)
- 启用DHCP功能
- 分配地址池范围:172.16.1XX.10-172.16.1XX.100(XX现场提供)
- 为存储网络S-Net创建虚拟交换机,具体要求如下:
- 虚拟交换机名称:S-Net
- 子网名称:S-SubNet
- 网络地址:192.168.1XX.0/24(XX现场提供)
- 勾选禁用网关功能
- 启用DHCP功能
- 分配地址池范围:192.168.1XX.10-192.168.1XX.100(XX现场提供)
- 步骤
- 创建交换机D-Net
- 新建子网S-Subnet
- 启用DHCP,并添加地址池,用英文逗号隔开
- 创建交换机S-Net
- 新建子网D-Subnet,禁用网关打钩
- 验证
此项5分
交换机名称:D-Net、S-Net
绑定的子网:
D-SubNet:172.16.1XX.0/24
S-SubNet:192.168.1XX.0/24
各2.5分
此项3分
子网名称:D-SubNet、S-SubNet
D-SubNet有网关,S-SubNet没网关
各1.5分
创建一台虚拟路由器
- 虚拟路由器名称:VGate
- 虚拟路由器跟D-Net虚拟交换机子网关联
- 步骤
- 创建虚拟路由器,并把子网关联起来
- 验证
路由器名称:VGate
关联子网:172.16.1XX.0/24
2分
创建2台云主机:
- serverA的配置要求
- 硬件资源:CPU 2核;内存 2G
- 操作系统:CentOS7
- 网卡数量:2
- 网卡1与D-Net连接,IP为:172.16.1XX.22(XX现场提供)
- 网卡2与S-Net连接,IP为:192.168.1XX.22(XX现场提供)
- 随机申请并绑定一个公网IP地址
- serverB的配置要求
- 硬件资源:CPU 2核;内存 2G
- 操作系统:CentOS7
- 网卡数量:2
- 网卡1与D-Net连接,IP为:172.16.1XX.33(XX现场提供)
- 网卡2与S-Net连接,IP为:192.168.1XX.33(XX现场提供)
- 随机申请并绑定一个公网IP地址
- 步骤
- 创建serverA,serverB
- 验证
- serverA验证
云主机名称:serverA
IP:S-Net:192.168.1XX.22
D-Net:172.16.1XX.22
CPU :2核,内存:2048MB
错一扣2分
由于我的JCOS平台有些问题,导致无法正常创建云主机,等这个问题解决了,丢了的分就回来了
- serverB验证
云主机名称:serverB
IP:S-Net:192.168.1XX.33
D-Net:172.16.1XX.33
CPU:2核,内存:2048MB
错一扣2分
- 绑定公网ip截图
应用部署
- 在CentOS系统中,利用赛场提供的CentOS镜像文件(/root目录),配置本地yum源,
- 完成samba、samba-client、httpd、mod_ssl、haproxy、bind、bind-utils、vsftpd、ftp软件包的安装;请将CentOS镜像文件挂载到/mnt/cdrom目录下(目录需要自行创建)。
- 步骤
[root@localhost ~]# mount /root/CentOS-7-x86_64-DVD-1804.iso /mnt/cdrom/
mount: /dev/loop0 写保护,将以只读方式挂载
[root@localhost ~]
# yum install -y samba samba-client httpd mod_ssl haproxy bind bind-utils vsftpd ftp
- 验证
1分
[root@localhost ~]
# mount | grep mnt /root/CentOS-7-x86_64-DVD-1804.iso on /mnt/cdrom type iso9660 (ro,relatime)
ServerA 的配置
云硬盘的配置要求
- 需求
- 新建一个20GB的云硬盘,云硬盘名称为A-20,挂载到serverA;
- 创建lvm物理卷;
- 创建一个名为datastore的卷组,卷组的PE尺寸为16MB;
- 逻辑卷的名称为database所属卷组为datastore,该逻辑卷大小为8GB;
- 将新建的逻辑卷database格式化为XFS文件系统,编辑配置文件实现以UUID的形式将逻辑卷开机自动挂载至/data/web_data目录;
- 业务扩增,导致database逻辑卷空间不足,现需将database逻辑卷扩容至15GB空间大小,以满足业务需求。(注意扩容前后截图)
- 解决
- 在VMware上添加一个新硬盘,容量大小为20G
- 使用fdisk -l 命令查看是否识别到此硬盘
[root@localhost ~]# fdisk -l //只保留核心信息
磁盘 /dev/sdb:21.5 GB, 21474836480 字节,41943040 个扇区
Units = 扇区 of 1 * 512 = 512 bytes
扇区大小(逻辑/物理):512 字节 / 512 字节
I/O 大小(最小/最佳):512 字节 / 512 字节
磁盘标签类型:dos
磁盘标识符:0x5689964f
设备 Boot Start End Blocks Id System
- 使用 fisk 命令给sdb分区,并把系统格式改为LVM
[root@localhost ~]# fdisk /dev/sdb
命令(输入 m 获取帮助):n
Partition type:
p primary (0 primary, 0 extended, 4 free)
e extended
Select (default p): p
分区号 (1-4,默认 1):
起始 扇区 (2048-41943039,默认为 2048):
将使用默认值 2048
Last 扇区, +扇区 or +size{K,M,G} (2048-41943039,默认为 41943039):
将使用默认值 41943039
分区 1 已设置为 Linux 类型,大小设为 20 GiB
命令(输入 m 获取帮助):p
磁盘 /dev/sdb:21.5 GB, 21474836480 字节,41943040 个扇区
Units = 扇区 of 1 * 512 = 512 bytes
扇区大小(逻辑/物理):512 字节 / 512 字节
I/O 大小(最小/最佳):512 字节 / 512 字节
磁盘标签类型:dos
磁盘标识符:0x5689964f
设备 Boot Start End Blocks Id System
/dev/sdb1 2048 41943039 20970496 83 Linux
命令(输入 m 获取帮助):t
已选择分区 1
Hex 代码(输入 L 列出所有代码):8e
已将分区“Linux”的类型更改为“Linux LVM”
命令(输入 m 获取帮助):w
The partition table has been altered!
Calling ioctl() to re-read partition table.
正在同步磁盘。
- 创建物理卷PV(Physical Vomule)
[root@localhost ~]# pvcreate /dev/sdb1
Physical volume "/dev/sdb1" successfully created.
- 将物理卷创建为VG卷组(Vomule Group)
[root@localhost ~]# vgcreate -s 16M datastore /dev/sdb1
Volume group "datastore" successfully created
- 将一个卷组VG划分为多个逻辑卷LV(Logical Vomule)
[root@localhost ~]# lvcreate -L 8G -n database datastore
WARNING: xfs signature detected on /dev/datastore/database at offset 0. Wipe it? [y/n]: y
Wiping xfs signature on /dev/datastore/database.
Logical volume "database" created.
- 将新建的database格式化为xfs系统
[root@localhost ~]# mkfs -t xfs /dev/mapper/datastore-database
meta-data=/dev/mapper/datastore-database isize=512 agcount=4, agsize=524288 blks
= sectsz=512 attr=2, projid32bit=1
= crc=1 finobt=0, sparse=0
data = bsize=4096 blocks=2097152, imaxpct=25
= sunit=0 swidth=0 blks
naming =version 2 bsize=4096 ascii-ci=0 ftype=1
log =internal log bsize=4096 blocks=2560, version=2
= sectsz=512 sunit=0 blks, lazy-count=1
realtime =none extsz=4096 blocks=0, rtextents=0
- 编辑配置文件实现以UUID的形式将逻辑卷开机自动挂载至/data/web_data目录
[root@localhost ~]# blkid /dev/mapper/datastore-database
/dev/mapper/datastore-database: UUID="4e82a53d-31c7-44ad-8288-87834035008a" TYPE="xfs"
[root@localhost ~]# vim /etc/fstab /dev/mapper/centos-root / xfs defaults 0 0 UUID=da08d50a-cb36-408d-8b2c-a3c70ecda8e3 /boot xfs defaul ts 0 0 /dev/mapper/centos-swap swap swap defaults 0 0 UUID=4e82a53d-31c7-44ad-8288-87834035008a /data/web_data xfs defaults 0 0 “/etc/fstab” 12L, 539C 已写入
[root@localhost ~]# mount -a
- 扩容至15G
[root@localhost ~]# lvextend -L 15G /dev/mapper/datastore-database
Size of logical volume datastore/database changed from 8.00 GiB (512 extents) to 15.00 GiB (960 extents).
Logical volume datastore/database successfully resized.
[root@localhost ~]# xfs_growfs /dev/mapper/datastore-database //xfs同步15G meta-data=/dev/mapper/datastore-database isize=512 agcount=4, agsize=524288 blks = sectsz=512 attr=2, projid32bit=1 = crc=1 finobt=0 spinodes=0 data = bsize=4096 blocks=2097152, imaxpct=25 = sunit=0 swidth=0 blks naming =version 2 bsize=4096 ascii-ci=0 ftype=1 log =internal bsize=4096 blocks=2560, version=2 = sectsz=512 sunit=0 blks, lazy-count=1 realtime =none extsz=4096 blocks=0, rtextents=0 data blocks changed from 2097152 to 3932160
- 验证
- serverA (扩容前)使用vgdisplay datastore和lvdisplay /dev/mapper/datastore-database查看lvm信息
[root@localhost ~]# vgdisplay datastore
--- Volume group ---
VG Name datastore //1分
System ID
Format lvm2
Metadata Areas 1
Metadata Sequence No 2
VG Access read/write
VG Status resizable
MAX LV 0
Cur LV 1
Open LV 1
Max PV 0
Cur PV 1
Act PV 1
VG Size 19.98 GiB //1分
PE Size 16.00 MiB //1分
Total PE 1279
Alloc PE / Size 512 / 8.00 GiB
Free PE / Size 767 / 11.98 GiB
VG UUID HXIusW-XPun-8yMI-mZW7-f8sA-c2IR-cKNgc6
[root@localhost ~]
# lvdisplay /dev/mapper/datastore-database — Logical volume — LV Path /dev/datastore/database LV Name database //1分 VG Name datastore LV UUID q3pglz-CTwP-477U-YGh0-O1u3-vVUI-YETqDl LV Write Access read/write LV Creation host, time localhost.localdomain, 2019-03-07 02:00:58 +0800 LV Status available # open 1 LV Size 8.00 GiB //1分 Current LE 512 Segments 1 Allocation inherit Read ahead sectors auto – currently set to 8192 Block device 253:2
- serverA 使用blkid /dev/mapper/datastore-database 命令获取UUID值,截图;使用cat命令查看/etc/fstab文件内容
两个UUID一致得2分
[root@localhost ~]
# blkid /dev/mapper/datastore-database /dev/mapper/datastore-database: UUID=”4e82a53d-31c7-44ad-8288-87834035008a” TYPE=”xfs”
[root@localhost ~]
# cat /etc/fstab /dev/mapper/centos-root / xfs defaults 0 0 UUID=da08d50a-cb36-408d-8b2c-a3c70ecda8e3 /boot xfs defaults 0 0 /dev/mapper/centos-swap swap swap defaults 0 0 UUID=4e82a53d-31c7-44ad-8288-87834035008a /data/web_data xfs default0 0
- serverA (扩容后)使用lvdisplay /dev/mapper/datastore-database查看lvm信息
[root@localhost ~]# lvdisplay /dev/mapper/datastore-database
--- Logical volume ---
LV Path /dev/datastore/database
LV Name database
VG Name datastore
LV UUID wg5Ac4-UYxc-o2Aq-k3oo-4NmF-1JmB-Bzveo0 //需一致
LV Write Access read/write
LV Creation host, time localhost.localdomain, 2019-03-07 18:21:32 +0800
LV Status available
# open 1
LV Size 15.00 GiB //2分
Current LE 960
Segments 1
Allocation inherit
Read ahead sectors auto
- currently set to 8192
Block device 253:2
- serverA (扩容后)使用df -lh命令查看文件系统磁盘空间使用信息.
[root@localhost ~]# df -lh
文件系统 容量 已用 可用 已用% 挂载点
/dev/mapper/centos-root 19G 1.2G 18G 7% /
devtmpfs 476M 0 476M 0% /dev
tmpfs 488M 0 488M 0% /dev/shm
tmpfs 488M 7.7M 480M 2% /run
tmpfs 488M 0 488M 0% /sys/fs/cgroup
/dev/sda1 197M 108M 90M 55% /boot
tmpfs 98M 0 98M 0% /run/user/0
/dev/mapper/datastore-database 15G 33M 15G 1% /data/web_data //此项为15G得1分
配置Samba服务
- 需求
- 修改工作组为WORKGROUP
- 注释[homes]和[printers]相关的所有内容
- 共享名为webdata
- webdata可以浏览且webdata可写
- 共享目录为/data/web_data,且apache用户对该目录有读写执行权限,用setfacl命令配置目录权限。
- 只有192.168.1XX.33的主机可以访问。(XX现场提供)
- 添加一个apache用户(密码自定义)对外提供Samba服务。
- 步骤
- 打开/etc/samba/smb.conf
[root@localhost ~]# vim /etc/samba/smb.conf
[global]
workgroup = WORKGROUP security = user passdb backend = tdbsam printing = cups printcap name = cups load printers = yes cups options = raw #[homes]# comment = Home Directories# valid users = %S, %D%w%S# browseable = No# read only = No# inherit acls = Yes#[printers]# comment = All Printers# path = /var/tmp# printable = Yes# create mask = 0600# browseable = No
[webdata]
public = yes browseable = yes writable = yes path = /data/web_data hosts deny = ALL EXCEPT 192.168.1.33
[root@localhost ~]
#
- 给Apache用户配置ACL权限
[root@localhost ~]# setfacl -m u:apache:rwx /data/web_data/
- 验证
- serverA 使用egrep [‘(#|;)’] /etc/samba/smb.conf | egrep -v [[:space:]]+#命令过滤samba配置文件
[root@localhost ~]# egrep ^[^'(#|;)'] /etc/samba/smb.conf | egrep -v [[:space:]]+#
[global]
workgroup = WORKGROUP //1分 security = user passdb backend = tdbsam printing = cups printcap name = cups load printers = yes cups options = raw
[webdata]
public = yes browseable = yes writable = yes path = /data/web_data hosts deny = ALL EXCEPT 192.168.1.33 //9分
- serverA 使用getfacl命令查看/data/web_data权限
[root@localhost ~]# getfacl /data/web_data/
getfacl: Removing leading '/' from absolute path names
# file: data/web_data/
# owner: root
# group: root
user::rwx
user:apache:rwx //2分
group::r-x
mask::rwx
other::r-x
配置http服务
- 需求
- 以虚拟主机的方式创建web站点
- 将/etc/httpd/conf.d/ssl.conf重命名为ssl.conf.bak
- 配置文件名为virthost.conf,放置在/etc/httpd/conf.d目录下;
- 配置https功能,https所用的证书httpd.crt、私钥httpd.key放置在/etc/httpd/ssl目录中(目录需自己创建);
- 使用www.rj.com作为域名进行访问;
- 网站根目录为/data/web_data;
- 提供http、https服务,仅监听192.168.1XX.22的IP地址;(XX现场提供)
- index.html内容使用Welcome to 2018 Computer Network Application contest!;
- 解决
- 进入httpd配置文件夹,把ssl.conf 改成ssl.conf.bak
[root@localhost /]# cd /etc/httpd/conf.d/
[root@localhost conf.d]
# mv ssl.conf ssl.conf.bak
- 创建virthost.conf 配置文件
[root@localhost conf.d]# vim virthost.conf
<VirtualHost 172.16.0.88:80>
ServerName www.rj.com
DocumentRoot "/data/web_data"
<Directory "/data/web_data">
Require all granted
</Directory>
</VirtualHost>
Listen 172.16.0.88:443
<VirtualHost 172.16.0.88:443>
ServerName www.rj.com
DocumentRoot "/data/web_data"
SSLEngine on
SSlCertificateFile /etc/httpd/ssl/httpd.crt
SSLCertificateKeyFile /etc/httpd/ssl/httpd.key
<Directory "/data/web_data">
Require all granted
</Directory>
</VirtualHost>
- 进入网站主目录,创建index.html
[root@localhost /]# vim /data/web_data/index.html
Welcome to 2018 Computer Network Applocation contest!
- 验证
- serverA 使用cat /etc/httpd/conf.d/virthost.conf查看httpd配置文件内容
[root@localhost /]# cat /etc/httpd/conf.d/virthost.conf
<VirtualHost 172.16.0.88:80>
ServerName www.rj.com
DocumentRoot "/data/web_data"
<Directory "/data/web_data">
Require all granted
</Directory>
</VirtualHost> //4分,错一个0分
Listen 172.16.0.88:443
<VirtualHost 172.16.0.88:443>
ServerName www.rj.com
DocumentRoot "/data/web_data"
SSLEngine on
SSlCertificateFile /etc/httpd/ssl/httpd.crt
SSLCertificateKeyFile /etc/httpd/ssl/httpd.key
<Directory "/data/web_data">
Require all granted
</Directory>
</VirtualHost> //共10分,错一个0分
OpenSSL
- 需求
- 配置openssl,为http服务提供证书
- 解决
- 生成私钥文件
[root@localhost CA]# openssl genrsa -out private/cakey.pem
Generating RSA private key, 2048 bit long modulus
...................................................................................................+++
....................................................+++
e is 65537 (0x10001)
- 升成自签证书
[root@localhost CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:sx
Locality Name (eg, city) [Default City]:ty
Organization Name (eg, company) [Default Company Ltd]:xgl
Organizational Unit Name (eg, section) []:xgl
Common Name (eg, your name or your server's hostname) []:rj.com
Email Address []:admin
- 创建必要文件
[root@localhost CA]# touch index.txt
[root@localhost CA]
# touch serial
[root@localhost CA]
# echo “01”>serial
- 升成客户机私钥
[root@localhost CA]# openssl genrsa -out httpd.key
- 升成证书请求
[root@localhost CA]# openssl req -new -key httpd.key -out httpd.crs
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:sx
Locality Name (eg, city) [Default City]:ty
Organization Name (eg, company) [Default Company Ltd]:xgl
Organizational Unit Name (eg, section) []:xgl
Common Name (eg, your name or your server's hostname) []:rj.com
Email Address []:admin
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:123456
An optional company name []:123456
- 签署证书
[root@localhost CA]# openssl ca -in httpd.crs -out rj.crt
Using configuration from /etc/pki/tls/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 1 (0x1)
Validity
Not Before: Mar 12 09:34:15 2019 GMT
Not After : Mar 11 09:34:15 2020 GMT
Subject:
countryName = CN
stateOrProvinceName = sx
organizationName = xgl
organizationalUnitName = xgl
commonName = rj.com
emailAddress = admin
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
E3:DB:EA:08:F6:97:39:9C:92:EC:4B:E7:14:7C:E8:AE:09:AD:F7:6B
X509v3 Authority Key Identifier:
keyid:60:A3:83:3C:86:95:B6:B1:A1:88:1D:52:A0:BE:1C:41:AE:47:8F:B1
Certificate is to be certified until Mar 11 09:34:15 2020 GMT (365 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
- 验证
- serverA 使用cat /etc/pki/CA/index.txt查看openssl证书数据库文件
[root@localhost CA]# cat /etc/pki/CA/index.txt
V 200311093415Z 01 unknown /C=CN/ST=sx/O=xgl/OU=xgl/CN=rj.com/emailAddress=admin
//5分
1111