企业部分笔记:
服务器环境:DEll R610 ,DELL E105106(刀片机)
红帽企业7中的浏览器中不能识别中文解决办法:
#yum groupinfo "Server With GUI" //会看到input-methods
#yum groupinstall input-methods
虚拟机的快速安装方法:
首先手动安装一个非图形的虚拟机,并配置好yum源,主机名/备份初识源
#rm -rf /etc/udev/rules/70-persistent-net.rules //删除/etc/udev/rules/70-persistent-net.rules
#service sshd restart //或者 /etc/init.d/sshd restart
#rm -rf /etc/ssh/ssh_host_* //删除 /etc/ssh/ssh_host_*
注意:chomd 777 /etc/ssh/ -R 会有错误提示
[root@1 etc]# ssh localhost
Read from socket failed: Connection reset by peer
#chmod 755 /etc/ssh/ -R //记得重启服务
[root@1 etc]# ssh localhost
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
be:57:c8:5e:9d:e6:8e:32:09:c0:eb:04:52:e4:ac:0e.
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending key in /root/.ssh/known_hosts:2
RSA host key for localhost has changed and you have requested strict checking.
Host key verification failed.
解决方法: echo "" >/root/.ssh/known_hosts //这样就ok了
[root@1 etc]# ssh localhost
The authenticity of host 'localhost (::1)' can't be established.
RSA key fingerprint is be:57:c8:5e:9d:e6:8e:32:09:c0:eb:04:52:e4:ac:0e.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'localhost' (RSA) to the list of known hosts.
root@localhost's password:
Last login: Tue Apr 7 05:51:50 2015 from localhost
接着管道火墙和selinux
#service iptables stop
#chkconfig iptables off
#vim /etc/selinux/config //Enforcing改成:disabled 重启机器
#cd /var/lib/libvirt/p_w_picpaths
#qemu-img -h base.img
#qemu-img info base.img //查看base.img镜像的情况
#qemu-img convert -c -O qcow2 base.img base.qcow2 //这样base.qcow2文件就可以拿回家了方便管理
#qemu-img create -f qcow2 -b base.qcow2 vm1.ovl //vm1.ovl这个就是创建的虚拟机文件可以在虚拟机创建哪里导入
一个小知识点:网络配置文件里的PREFIX=24<==>NETMASK=255.255.255.0
强制安装rpm包时使用--nodeps参数即#rpm -ivh --nodeps 包名
企业部分所涵盖的内容:
1,email postfix +mysql+extmail+mailscanner+clamav+spamassain
2,lamp lnmp jsp tomcat+memcache + session
3,监控:cacti+nagios+微信
4,cluster HA+LB rhcsm corosync+pacemaker keepalived haproxy heartbeat lvs nginx haproxy
5,mfs glusterfs hdfs hadoop hdfs+mapreduce
6,mysql cluster mysql AB
7,rhevh
8,openstack IAAS
9,vpn drbd gfs2
10,python + shell
vpn:虚拟专用网络,openssl协议 pptp协议端口为1723 https协议443
前期准备,因为本人是在Windows下装的非图形虚拟机,所以需要将事先准备好的pptpd-1.3.4-2.el6.x86_64
pptp-setup-1.7.2-8.1.el6.x86_64,ppp-2.4.4.tar,freeradius-mysql-2.1.12-3.el6.x86_64,freeradius-utils-2.1.12-3.el6.x86_64
本人搭建了Samba服务器实现
Samba:案例
#yum install -y samba samba-client
#vim /etc/samba/smb.conf //[global]部分 MYGROUP 改为WORKGROUP security = user 改为 security = share
末尾处加入:
[share]
comment = share all
path = /tmp/samba
browseable = yes
public = yes
writable = yes
#mkdir /tmp/samba
#chmod 777 /tmp/samba
#touch /tmp/samba/sharefiles
#echo "111111" > /tmp/samba/sharefiles
[root@1 vpn]# service smb start
Starting SMB services: [ OK ]
启动:/etc/init.d/smb start //注意一定要关掉防火墙以及selinux不然影响结果
检查配置的smb.conf是否正确 testparm
测试1:win机器浏览器输入 file://192.168.217.134/share
或者运行栏输入: \\192.168.217.134\share
这下就可以把搭建vpn用到的rpm包copy到此目录使用
测试2:linux在命令行中输入
[root@3 peers]# smbclient //192.168.217.134/share
Enter root's password:
Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.6.23-14.el6_6]
Server not using user level security and no password supplied.
smb: \> ls
. D 0 Tue Apr 7 08:02:42 2015
.. D 0 Fri Apr 10 20:27:15 2015
vpn D 0 Wed Apr 8 13:38:43 2015
sharefiles 5 Tue Apr 7 07:12:58 2015
38225 blocks of size 262144. 31216 blocks available
smb: \> cd vpn\
smb: \vpn\> ls
. D 0 Wed Apr 8 13:38:43 2015
.. D 0 Tue Apr 7 08:02:42 2015
freeradius-mysql-2.1.12-3.el6.x86_64.rpm A 55744 Sun Apr 5 18:14:38 2015
freeradius-utils-2.1.12-3.el6.x86_64.rpm A 121208 Wed Apr 8 12:38:20 2015
freeradius-mysql-2.1.12-4.el6_3.x86_64.rpm A 56916 Wed Apr 8 12:38:20 2015
ppp-2.4.5.tar.gz A 684342 Wed Dec 25 11:33:32 2013
pptp-setup-1.7.2-8.1.el6.x86_64.rpm A 12024 Wed Dec 25 11:33:32 2013
freeradius-2.1.12-4.el6_3.x86_64.rpm A 1458328 Wed Apr 8 13:23:12 2015
sslexplorer_linux_1_0_0_RC17.rpm A 22198991 Sun Apr 5 18:14:30 2015
ppp-2.4.4 D 0 Tue May 30 07:52:09 2006
pptp-1.7.2-3.rhel5.i386.rpm A 72523 Wed Dec 25 11:33:32 2013
adito-0.9.1-bin.zip A 19371203 Sun Apr 5 18:14:32 2015
freeradius-utils-2.1.12-4.el6_3.x86_64.rpm A 122372 Wed Apr 8 12:38:20 2015
ppp-2.4.4.tar.gz A 688763 Wed Dec 25 11:33:32 2013
pptpd-1.3.4-2.el6.x86_64.rpm A 74392 Sun Apr 5 18:14:30 2015
pptpd-1.3.4-1.rhel5.1.i386.rpm A 81566 Wed Dec 25 11:33:32 2013
38225 blocks of size 262144. 31216 blocks available
smb: \vpn\>
###############################################################
实验开始
第一部分(采用文件验证型的即在文件中写入vpn用户名及密码的形式)
首先准备三台机器,A,B,C即1,2,3 主机名也是1 ,2, 3 //关掉防火墙,selinux确保
对A机器即1 如下操作:
eth0:ip 192.168.217.134
eth1: ip 192.168.40.135
#vim /etc/hosts
192.168.217.134 1
192.168.40.136 2
192.168.217.135 3
#yum localinstall -y pptpd-1.3.4-2.el6.x86_64
#sysctl -p //查看net.ipv4.ip_forward = 0
将0该为1,意思是开启端口转发功能。
#vim /etc/pptpd.conf
添加
localip 192.168.217.134
remoteip 192.168.40.140-145
#vim /etc/ppp/chap-secrets
添加
vpnuser1 pptpd westos *
vpnuser2 pptpd redhat 192.168.40.30 //这个不在remoteip 192.168.10.10-20范围内
#service pptpd start
对B机器即2如下操作
#vim /etc/hosts
192.168.40.135 1
192.168.40.136 2
#ifconfig eth0 192.168.40.136 netmask 255.255.255.0
#ping 192.168.40.135 //测试下能否ping通A
对C机器即 3 如下操作:
#vim /etc/hosts
192.168.217.134 1
192.168.217.135 3
eth0:ip 192.168.217.135
#yum localinstall -y pptp-setup-1.7.2-8.1.el6.x86_64
[root@3 ~]# pptpsetup --create myvpn --server 192.168.217.134 --username vpnuser1 --password westos --encrypt --start
Using interface ppp0
Connect: ppp0 <--> /dev/pts/1
CHAP authentication succeeded
MPPE 128-bit stateless compression enabled
local IP address 192.168.40.140
remote IP address 192.168.217.134
[root@3 ~]# pptpsetup --create myvpn --server 192.168.217.134 --username vpnuser2 --password redhat --encrypt --start
Using interface ppp1
Connect: ppp1 <--> /dev/pts/2
CHAP authentication succeeded
MPPE 128-bit stateless compression enabled
local IP address 192.168.40.30
remote IP address 192.168.217.134
#ip addr show
#route add -net 192.168.40.0/24 dev ppp0
#ping 192.168.40.136 //通了说明第一部分配置成功
[root@3 ~]# route add -net 192.168.40.0/24 dev ppp0
[root@3 ~]# ping 192.168.40.136
PING 192.168.40.136 (192.168.40.136) 56(84) bytes of data.
64 bytes from 192.168.40.136: icmp_seq=1 ttl=63 time=867 ms
64 bytes from 192.168.40.136: icmp_seq=2 ttl=63 time=60.8 ms
64 bytes from 192.168.40.136: icmp_seq=3 ttl=63 time=46.0 ms
64 bytes from 192.168.40.136: icmp_seq=4 ttl=63 time=46.8 ms
^C
--- 192.168.40.136 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3691ms
rtt min/avg/max/mdev = 46.056/255.388/867.804/353.627 ms
第二部分采用mysql数据库验证的方式(即mysql存储vpn用户名以及密码的形式)
需要下载freeradius-2.1.12-4.el6_3.x86_64,freeradius-mysql-2.1.12-4.el6_3.x86_64,freeradius-utils-2.1.12-4.el6_3.x86_64
,ppp-2.4.4.tar mysql-server
A机器操作
#yum install -y mysql-server
#yum localinstall -y freeradius freeradius-mysql freeradius-utils //或者rpm -ivh freeradius*
#tar -zxvf ppp-2.4.4.tar
#mkdir /etc/radiusclient
#cp ppp-2.4.4/pppd/plugins/radius/etc/* /etc/radiusclient/
#cd /etc/radiusclient/
#vim servers
localhost westos
#vim radiusclient.conf //将一下文件的 "/usr/local/"去掉
servers /etc/radiusclient/servers
dictionary /etc/radiusclient/dictionary
mapfile /etc/radiusclient/port-id-map
issue /etc/radiusclient/issue
#vim /etc/ppp/options.pptpd
末尾添加
plugin /usr/lib64/pppd/2.4.5/radius.so
#cd /etc/raddb/
#vim clients.conf
secret = westos //和/etc/radiusclient/servers文件里写的一样
#vim /etc/raddb/radiusd.conf //去掉#
$INCLUDE sql.conf
#vim /etc/raddb/sites-available/default //将文件中的参数们改成一下形式
authorize {
# files
sql
}
accounting {
# radutmp
sql
}
session {
# radutmp
sql
}
post-auth {
sql
}
#vim /etc/raddb/sql.conf //不需要改啥
#vim /etc/raddb/sql/mysql/dialup.conf //去掉每行前面的注释#
simul_count_query = "SELECT COUNT(*) \
FROM ${acct_table1} \
WHERE username = '%{SQL-User-Name}' \
AND acctstoptime IS NULL"
#vim /etc/ppp/chap-secrets //删掉vpnuser1 ,vpnuser2两行
#service mysqld start
#mysql_secure_installation //设置mysql数据库密码
#mysql -uroot -pwestos //登录数据库
#mysqladmin -pwestos create radius //创建数据库radius
#cd /etc/raddb/sql/mysql/
#mysql -pwestos radius < schema.sql
#mysql -pwestos < admin.sql
#mysql -uradius -pradpass radius
#vim add.sql
use radius
insert into radgroupreply (groupname,attribute,op,value) values ('user','Auth-Type',':=','Local');
insert into radgroupreply (groupname,attribute,op,value) values ('user','Service-Type',':=','Framed-User');
insert into radgroupreply (groupname,attribute,op,value) values ('user','Framed-IP-Address',':=','255.255.255.254');
insert into radgroupreply (groupname,attribute,op,value) values ('user','Framed-IP-Netmask',':=','255.255.255.0');
insert into radcheck (username,attribute,op,value) values ('vpnuser1','User-Password',':=','westos');
insert into radusergroup (username,groupname) values ('vpnuser1','user');
insert into radcheck (username,attribute,op,value) values ('vpnuser2','User-Password',':=','redhat');
insert into radusergroup (username,groupname) values ('vpnuser2','user');
#mysql -pwestos < add.sql
#service radiusd start
#service pptpd stop
#service pptpd start
#radtest vpnuser1 westos localhost 0 westos//一下进行本地测试
本人测试如下:
[root@1 radiusclient]# radtest vpnuser1 westos localhost 0 westos
Sending Access-Request of id 89 to 127.0.0.1 port 1812
User-Name = "vpnuser1"
User-Password = "westos"
NAS-IP-Address = 0.0.0.1
NAS-Port = 0
Message-Authenticator = 0x00000000000000000000000000000000
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=89, length=38
Service-Type = Framed-User
Framed-IP-Address = 255.255.255.254
Framed-IP-Netmask = 255.255.255.0
[root@1 radiusclient]# radtest vpnuser2 redhat localhost 0 westos
Sending Access-Request of id 78 to 127.0.0.1 port 1812
User-Name = "vpnuser2"
User-Password = "redhat"
NAS-IP-Address = 0.0.0.1
NAS-Port = 0
Message-Authenticator = 0x00000000000000000000000000000000
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=78, length=38
Service-Type = Framed-User
Framed-IP-Address = 255.255.255.254
Framed-IP-Netmask = 255.255.255.0
#service mysqld restart
#service mysqld restart
[root@3 log]# pptpsetup --create myvpn --server 192.168.217.134 --username vpnuser1 --password westos --encrypt --start
Using interface ppp1
Connect: ppp1 <--> /dev/pts/2
CHAP authentication succeeded
MPPE 128-bit stateless compression enabled
local IP address 192.168.40.140
remote IP address 192.168.217.134
[root@3 log]# pptpsetup --create myvpn --server 192.168.217.134 --username vpnuser2 --password redhat --encrypt --start
Using interface ppp0
Connect: ppp0 <--> /dev/pts/0
CHAP authentication succeeded
MPPE 128-bit stateless compression enabled
local IP address 192.168.40.140
remote IP address 192.168.217.134
[root@3 peers]# route add -net 192.168.40.0/24 dev ppp0
[root@3 peers]# ping 192.168.40.136
PING 192.168.40.136 (192.168.40.136) 56(84) bytes of data.
64 bytes from 192.168.40.136: icmp_seq=1 ttl=63 time=321 ms
64 bytes from 192.168.40.136: icmp_seq=2 ttl=63 time=4.02 ms
64 bytes from 192.168.40.136: icmp_seq=3 ttl=63 time=3.89 ms
^C
//已经能ping通B机器了,说明vpn服务已经搭建成功。
#如果出现问题,查看/var/log/radius/radius.log
tail -f /var/log/radius/radius.log