rh236-简

目录

前奏

[root@foundation0 ~]# echo y | rht-vmctl reset workstation
[root@workstation ~]# lab io-encryption setup

[root@foundation0 ~]# for i in {a..e};do echo y | rht-vmctl reset server$i;done

第1题 配置加密(重点)

第1题没做好往后都没法做

# 设置防火墙(所有节点)
firewall-cmd --add-service=glusterfs --add-service=nfs --add-service=rpc-bind --permanent 
firewall-cmd --reload

# 下载密钥(所有节点各下各的)
curl ftp://workstation.lab.example.com/pub/server{a..e}.pem -o /etc/ssl/glusterfs.pem
curl ftp://workstation.lab.example.com/pub/server{a..e}.key -o /etc/ssl/glusterfs.key
curl ftp://workstation.lab.example.com/pub/glusterfs.ca -o /etc/ssl/glusterfs.ca       ===> ca所有节点相同

# 关服务(a~d节点)
systemctl stop glusterd && pkill glusterfs
touch /var/lib/glusterd/secure-access       ===> 记住secure-access怎么拼写
systemctl start glusterd
openssl dhparam -out /etc/ssl/dhparam.pem 2048

[root@servera ~]# for i in b c d;do gluster peer probe server$i.lab.example.com;done

第2~5题 servera创建brick

分区--pv--vg--lv(Thinpool)--lv--格盘(mkfs)--挂盘--子目录--selinux

第6、7、8题

# 第6题 创建distributed volume
[root@servera ~]# gluster volume create testvol servera:/bricks/test/testvol_n1 serverb:/bricks/test/testvol_n2

# 第7题 创建replicate volume
[root@servera ~]# gluster volume create secvol replica 2 serverc:/bricks/sec/secvol_n3 serverd:/bricks/sec/secvol_n4

# 第8题 创建distribute replicate volume
[root@servera ~]# gluster volume create prodvol replica 2 servera:/bricks/prod/prodvol_n1 serverb:/bricks/prod/prodvol_n2 serverc:/bricks/prod/prodvol_n3 serverd:/bricks/prod/prodvol_n4

# 第6、7、8题共同要执行的
[root@servera ~]# gluster volume set { testvol,secvol,prodvol } auth.ssl-allow 'servera.lab.example.com,serverb.lab.example.com,serverc.lab.example.com,serverd.lab.example.com,servere.lab.example.com,workstation.lab.example.com'
[root@servera ~]# gluster volume set { testvol,secvol,prodvol } server.ssl on
[root@servera ~]# gluster volume set { testvol,secvol,prodvol } client.ssl on
[root@servera ~]# gluster volume set { testvol,secvol,prodvol } auth.allow '172.25.250.*'
[root@servera ~]# gluster volume start {testvol,secvol,prodvol}

第9题 client端挂载

注:所有节点防火墙都要放行nfs和rpc-bind服务
[root@workstation ~]# yum repolist
[root@workstation ~]# yum -y install glusterfs-fuse.x86_64
[root@workstation ~]# mkdir /var/lib/glusterd
[root@workstation ~]# touch /var/lib/glusterd/secure-access
[root@workstation ~]# mkdir /{test,safe,data}
[root@workstation ~]# vim /etc/fstab
servera:/testvol /test  glusterfs  defaults 0 0
servera:/secvol  /data  glusterfs  defaults 0 0
servera:/prodvol /safe    nfs      defaults,vers=3,_netdev 0 0

[root@workstation ~]# mount -a
[root@workstation ~]# df -Th

第10题 ACL

[root@workstation ~]# vim /etc/fstab
servera:/testvol /test glusterfs defaults,acl 0 0    ===> 添加acl项

[root@workstation ~]# umount /test && sleep 3 && mount -a
[root@workstation ~]# groupadd admins
[root@workstation ~]# useradd suresh
[root@workstation ~]# useradd anita
[root@workstation ~]# mkdir /test/confidential
[root@workstation ~]# chown .admins /test/confidential
[root@workstation ~]# chmod -R o=- /test/confidential
[root@workstation ~]# setfacl -m u:suresh:rwX /test/confidential
[root@workstation ~]# setfacl -m d:u:suresh:rwX /test/confidential
[root@workstation ~]# setfacl -m u:anita:rX /test/confidential
[root@workstation ~]# setfacl -m d:u:anita:rX /test/confidential
[root@workstation ~]# getfacl /test/confidential

[root@workstation ~]# vim umount.sh
#!/bin/bash
/usr/bin/umount /test
/usr/bin/mount -a

[root@workstation ~]# crontab -e
@reboot /bin/bash /root/umount.sh

[root@workstation ~]# systemctl restart crond

第11题 quota

[root@workstation ~]# mkdir /safe/mp4 && chmod -R o+w /safe/mp4

[root@servera ~]# gluster volume quota prodvol enable 
[root@servera ~]# gluster volume quota prodvol limit-usage /mp4 128MB

第12题 配置geo-replication(步骤最多)

分区--pv--vg--lv(thinpool)--lv--格盘--挂盘--子目录--selinux--制作brick--acl--


[root@servere ~]# firewall-cmd --permanent --add-service=glusterfs 
[root@servere ~]# firewall-cmd --reload 
[root@servere ~]# curl ftp://workstation.lab.example.com/pub/servere.pem -o /etc/ssl/glusterfs.pem
[root@servere ~]# curl ftp://workstation.lab.example.com/pub/servere.key -o /etc/ssl/glusterfs.key
[root@servere ~]# curl ftp://workstation.lab.example.com/pub/glusterfs.ca -o /etc/ssl/glusterfs.ca
[root@servere ~]# openssl dhparam -out /etc/ssl/dhparam.pem 2048
[root@servere ~]# fdisk /dev/vdb
[root@servere ~]# partprobe 
[root@servere ~]# pvcreate /dev/vdb1
[root@servere ~]# vgcreate vg_bricks /dev/vdb1
[root@servere ~]# lvcreate -L 19G -T vg_bricks/thinpool
[root@servere ~]# lvcreate -V 6G -T vg_bricks/thinpool -n testcopy      ===>这里需要把容量改大点
==================== 扩容 ====================
[root@servere ~]# lvextend -L 6G /dev/vg_bricks/testcopy
[root@servere ~]# xfs_growfs /dev/vg_bricks/testcopy
==============================================
[root@servere ~]# mkfs.xfs -i size=512 /dev/vg_bricks/testcopy
[root@servere ~]# mkdir -p /bricks/testcopy
[root@servere ~]# echo "UUID=xxx-xxx-xxx /bricks/testcopy xfs defaults 0 0" >> /etc/fstab
[root@servere ~]# mount -a
[root@servere ~]# mkdir /bricks/testcopy/brick    ===>名字没规定可以随便
[root@servere ~]# semanage fcontext -a -t glusterd_brick_t /bricks/testcopy/brick
[root@servere ~]# restorecon -Rv /bricks/
[root@servere ~]# gluster volume create testcopy servere:/bricks/testcopy/brick
[root@servere ~]# gluster volume set testcopy auth.ssl-allow 'servera.lab.example.com,serverb.lab.example.com,serverc.lab.example.com,serverd.lab.example.com,servere.lab.example.com,workstation.lab.example.com'
[root@servere ~]# gluster volume set testcopy client.ssl on
[root@servere ~]# gluster volume set testcopy server.ssl on
[root@servere ~]# gluster volume set testcopy auth.allow '172.25.250.*'
[root@servere ~]# gluster volume start testcopy

[root@workstation ~]# umount /test/

[root@servera ~]# gluster volume stop testvol
[root@servera ~]# gluster volume start testvol 

[root@workstation ~]# mount -a

[root@servere ~]# systemctl stop glusterd && pkill glusterfs
[root@servere ~]# touch /var/lib/glusterd/secure-access
[root@servere ~]# systemctl start glusterd
[root@servere ~]# groupadd repgrp && useradd -G repgrp georep
[root@servere ~]# echo "redhat" | passwd --stdin georep
[root@servere ~]# mkdir -m 0711 /var/mountbroker-root
[root@servere ~]# semanage fcontext -a -e /home /var/mountbroker-root
[root@servere ~]# restorecon -Rv /var/mountbroker-root


[root@servere ~]# cat /etc/glusterfs/glusterd.vol    ===> 手动添加以下项
    option geo-repilcation-log-group repgrp
    option rpc-auth-allow-insecure on
    option mountbroker-geo-replication.georep testcopy
    option mountbroker-root /var/mountbroker-root

[root@servere ~]# chmod -R 770 /var/lib/glusterd/geo-replication/
[root@servere ~]# chmod -R 770 /var/log/glusterfs/geo-replication-slaves/
[root@servere ~]# chown -R .repgrp /var/lib/glusterd/geo-replication/
[root@servere ~]# chown -R .repgrp /var/log/glusterfs/geo-replication-slaves/

[root@servere ~]# systemctl restart glusterd
[root@servere ~]# gluster volume stop testcopy
[root@servere ~]# gluster volume start testcopy 

[root@servera ~]# ssh-keygen
[root@servera ~]# ssh-copy-id georep@servere
[root@servera ~]# gluster system:: execute gsec_create    ===> 生成公钥
[root@servera ~]# gluster volume geo-replication testvol georep@servere::testcopy create push-pem   ===> 推公钥

[root@servere ~]# /usr/libexec/glusterfs/set_geo_rep_pem_keys.sh georep testvol testcopy

[root@servera ~]# gluster volume geo-replication testvol georep@servere::testcopy start
[root@servera ~]# gluster volume geo-replication testvol georep@servere::testcopy status

# 测试
[root@workstation ~]# echo "123456" > /test/a.txt

[root@servere ~]# ll /bricks/testcopy/brick/         ===> 会同步到servere的指定目录中
-rw-r--r--. 2 root root   7 5月  16 09:25 a.txt

第13题 创建冷热区

[root@server{a|b|c|d} ~]# lvcreate -V 2G -T vg_bricks/thinpool -n tier
[root@server{a|b|c|d} ~]# mkfs.xfs -i size=512 /dev/vg_bricks/tier
[root@server{a|b|c|d} ~]# mkdir /bricks/tier
[root@servera {a|b|c|d}]# echo "UUID=xxx-xxx-xxx  /bricks/tier xfs defaults 0 0" >> /etc/fstab 
[root@servera {a|b|c|d}]# mount -a

[root@servera ~]# mkdir /bricks/tier/tiervol_n1
[root@serverb ~]# mkdir /bricks/tier/tiervol_n2
[root@serverc ~]# mkdir /bricks/tier/tiervol_n3
[root@serverd ~]# mkdir /bricks/tier/tiervol_n4

[root@server{a|b|c|d} ~]# semanage fcontext -a -t glusterd_brick_t /bricks/tier/tiervol_n{1..4}
[root@server{a|b|c|d} ~]# restorecon -Rv /bricks/tier

# 创建冷区
[root@servera ~]# gluster volume create tiervol replica 2 serverc:/bricks/tier/tiervol_n3 serverd:/bricks/tier/tiervol_n4
[root@servera ~]# gluster volume start tiervol
# 创建热区
[root@servera ~]# gluster volume tier tiervol attach servera:/bricks/tier/tiervol_n1 serverb:/bricks/tier/tiervol_n2

第14题 snapshot

[root@servera ~]# gluster help | grep snap

第15题 监控

[root@server{a|b|c|d} ~]# firewall-cmd --add-port=5666/tcp --permanent 
[root@server{a|b|c|d} ~]# firewall-cmd --reload
[root@server{a|b|c|d} ~]# vim /etc/nagios/nrpe.cfg
[root@server{a|b|c|d} ~]# systemctl restart nrpe

注:确定yum源是否在,考试时无需自己配yum源
[root@manager ~]# yum -y install nagios-server-addons
[root@manager ~]# vim /etc/nagios/objects/commands.cfg
[root@manager ~]# configure-gluster-nagios -c gluster-test -H servera.lab.example.com
[root@manager ~]# vim /etc/nagios/gluster/gluster-{ contacts | templates }.cfg
[root@manager ~]# nagios -v /etc/nagios/nagios.cfg
[root@manager ~]# service nagios restart
[root@manager ~]# service sendmail restart
[root@manager ~]# echo "test123" | mail -s   test   root@manager.lab.example.com
[root@manager ~]# mail

记忆法/简写

第1题

用root在a~d节点上写 secure-access、dhparam 别拼错

第9题

[root@workstation ~]# mkdir /var/lib/glusterd
[root@workstation ~]# touch /var/lib/glusterd/secure-access
[root@workstation ~]# vim /etc/fstab
servera:/prodvol /safe    nfs      defaults,vers=3,_netdev 0 0        ===> 注意格式别写错

第10题

[root@workstation ~]# vim /etc/fstab
servera:/testvol /test glusterfs defaults,acl 0 0      ===> 添加acl项

[root@workstation ~]# umount /test && sleep3 && mount -a
[root@workstation ~]# chmod -R o=- /test/confidential
[root@workstation ~]# setfacl -m u:xx:xxx    /xxx/xxx
[root@workstation ~]# setfacl -m d:u:xx:xxx  /xxx/xxx

[root@workstation ~]# vim umount.sh
#!/bin/bash
/usr/bin/umount /test
/usr/bin/mount -a

[root@workstation ~]# crontab -e
@reboot /bin/bash /root/umount.sh

第11题 quota

[root@workstation ~]# mkdir /safe/mp4 && chmod -R o+w /safe/mp4

[root@servera ~]# gluster volume quota prodvol enable 
[root@servera ~]# gluster volume quota prodvol limit-usage /mp4 128MB

第12题 配置geo-replication(步骤最多)

创建组和用户并给定用户密码 --- 新创建mountbroker-root
设置SELinux --- 配置glusterd.vol
把geo-replication和geo-replication-slaves配置成770权限
修改geo-replication和geo-replication-slaves组权限配置成repgrp
重启glusterd服务 --- 重启testcopy卷
servera上:
ssh-keygen生成密钥
ssh-copy-id georep@servere
gluster system:: execute gsec_create    ===> 生成公钥
gluster volume geo-replication testvol georep@servere::testcopy create push-pem   ===> 推公钥

[root@servere ~]# /usr/libexec/glusterfs/set_geo_rep_pem_keys.sh georep testvol testcopy

[root@servera ~]# gluster volume geo-replication testvol georep@servere::testcopy start





[root@servere ~]# groupadd repgrp && useradd -G repgrp georep
[root@servere ~]# echo "redhat" | passwd --stdin georep
[root@servere ~]# mkdir -m 0711 /var/mountbroker-root
[root@servere ~]# semanage fcontext -a -e /home /var/mountbroker-root
[root@servere ~]# restorecon -Rv /var/mountbroker-root


[root@servere ~]# cat /etc/glusterfs/glusterd.vol         ===> 手动添加以下项
    option geo-repilcation-log-group repgrp
    option rpc-auth-allow-insecure on
    option mountbroker-geo-replication.georep testcopy
    option mountbroker-root /var/mountbroker-root

[root@servere ~]# chmod -R 770 /var/lib/glusterd/geo-replication/
[root@servere ~]# chmod -R 770 /var/log/glusterfs/geo-replication-slaves/
[root@servere ~]# chown -R .repgrp /var/lib/glusterd/geo-replication/
[root@servere ~]# chown -R .repgrp /var/log/glusterfs/geo-replication-slaves/

[root@servere ~]# systemctl restart glusterd
[root@servere ~]# gluster volume stop testcopy
[root@servere ~]# gluster volume start testcopy 

[root@servera ~]# ssh-keygen
[root@servera ~]# ssh-copy-id georep@servere
[root@servera ~]# gluster system:: execute gsec_create    ===> 生成公钥
[root@servera ~]# gluster volume geo-replication testvol georep@servere::testcopy create push-pem   ===> 推公钥
注:gluster help | grep geo-rep 可查看帮助

[root@servere ~]# /usr/libexec/glusterfs/set_geo_rep_pem_keys.sh georep testvol testcopy

[root@servera ~]# gluster volume geo-replication testvol georep@servere::testcopy start
[root@servera ~]# gluster volume geo-replication testvol georep@servere::testcopy status

第13题

# 创建冷区
[root@servera ~]# gluster volume create tiervol replica 2 serverc:/bricks/tier/tiervol_n3 serverd:/bricks/tier/tiervol_n4
[root@servera ~]# gluster volume  start tiervol
# 创建热区
[root@servera ~]# gluster volume  tier  tiervol   attach  servera:/bricks/tier/tiervol_n1 serverb:/bricks/tier/tiervol_n2

第14题 snapshot

[root@servera ~]# gluster help | grep snap

第15题 监控

[root@server{a|b|c|d} ~]# firewall-cmd --add-port=5666/tcp --permanent 
[root@server{a|b|c|d} ~]# firewall-cmd --reload
[root@server{a|b|c|d} ~]# vim /etc/nagios/nrpe.cfg
[root@server{a|b|c|d} ~]# systemctl restart nrpe

注:确定yum源是否在,考试时无需自己配yum源
[root@manager ~]# yum -y install nagios-server-addons
[root@manager ~]# vim /etc/nagios/objects/commands.cfg
[root@manager ~]# configure-gluster-nagios -c gluster-test -H servera.lab.example.com
[root@manager ~]# vim /etc/nagios/gluster/gluster-{ contacts | templates }.cfg
[root@manager ~]# nagios -v /etc/nagios/nagios.cfg
[root@manager ~]# service nagios restart
[root@manager ~]# service sendmail restart
[root@manager ~]# echo "test123" | mail -s   test   root@manager.lab.example.com
[root@manager ~]# mail
posted @ 2022-05-22 16:44  Linux大魔王  阅读(59)  评论(0编辑  收藏  举报