magedu pro 第七周作业

1、写一个脚本,判断当前系统上所有用户的shell是否为可登录shell(即用户的shell不是/sbin/nologin);分别这两类用户的个数;通过字符串比较来实现;

脚本内容如下:

#!/usr/bin/env 

loginshell=$( /etc/|cut -d: -f7);

loginct=0;
nologinct=0;

for i in $loginshell;do
  if [[ "$i" == "/sbin/nologin" ]]; then
    let nologinct+=1;
  else
    let loginct+=1;
  fi
done

 "可登录的用户数为:$loginct";
 "不可登录的用户数为:$nologinct";

执行结果如下:

[hzz@ ~]$ bash test.sh 
可登录的用户数为:5
不可登录的用户数为:20
[hzz@ ~]$

Continue reading “magedu pro 第七周作业”

magedu pro 第七周作业

Linux 使用 autojump 直达目录

介绍这款神器之前,先来确认一个问题。在 的使用过程中,如何快速地到达指定目录?

很多人肯定会说,使用 tab 补全大法啊,笨!

嗯,没错,在没认识到 之前,我也是这么想的,但熟悉使用过这款神器后,才明白什么叫所达即所想。也就是无需考虑中间还有多少层目录,你只需要记住最终目录的名称,就可以快速进入该目录……

Continue reading “Linux 使用 autojump 直达目录”

Linux 使用 autojump 直达目录

OpenLDAP HA 部署

简介

这个不用说了,开源的轻量级目录访问协议。本次使用 MirrorMode 双主镜像的同步机制,实现两个节点间的数据同步。两台服务器互相以推的方式实现数据的同步。

OpenLDAP 同步条件

  1. OpenLDAP 服务器之间需要保持时间同步;
  2. OpenLDAP 软件包版本保持一致;
  3. OpenLDAP 节点之间域名可以相互解析;
  4. OpenLDAP 各节点需要提供完全一样的配置及目录树信息(BaseDn 需要保证一致)。

安装 OpenLDAP

建议使用 yum 安装。

 sudo yum install -y openldap openldap-servers openldap-devel openldap-clients

OpenLDAP HA 配置

由于新版的 OpenLDAP 官方建议使用命令行或者导入 ldif 文件的方式进行配置,所以已经不再提供 slapd.conf 文件,但是对于初学者来说,使用 ldif 格式导入配置的方式有点难于理解。还好官方保留了导入 slapd.conf 的方式,使得我们可以自行创建 slapd.conf 文件再自行导入。

创建 slapd.conf 文件并填入以下内容:

#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include     /etc/openldap/schema/core.schema
include     /etc/openldap/schema/collective.schema
include     /etc/openldap/schema/corba.schema
include     /etc/openldap/schema/cosine.schema
include     /etc/openldap/schema/duaconf.schema
include     /etc/openldap/schema/dyngroup.schema
include     /etc/openldap/schema/inetorgperson.schema
include     /etc/openldap/schema/java.schema
include     /etc/openldap/schema/misc.schema
include     /etc/openldap/schema/nis.schema
include     /etc/openldap/schema/openldap.schema
include     /etc/openldap/schema/pmi.schema
include     /etc/openldap/schema/ppolicy.schema
# Define global ACLs to disable default read access.

# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral  ://root.openldap.org

pidfile     /run/openldap/slapd.pid
argsfile    /run/openldap/slapd.args

# Load dynamic backend modules:
# modulepath    /libexec/openldap
# moduleload    back_mdb.la
# moduleload    back_.la
modulepath  /usr/lib64/openldap
moduleload  syncprov.la

# Sample security restrictions
#  Require integrity protection (prevent hijacking)
#  Require 112-bit (3DES or better) encryption for updates
#  Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64

# Sample access control policy:
#  Root DSE: allow anyone to read it
#  Subschema (sub)entry DSE: allow anyone to read it
#  Other DSEs:
#      Allow self write access
#      Allow authenticated users read access
#      Allow anonymous users to authenticate
#  Directives needed to implement policy:
# access to dn.base="" by * read
# access to dn.base="cn=Subschema" by * read
# access to *
#  by self write
#  by users read
#  by anonymous auth
#
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn.  (e.g., "access to * by * read")
#
# rootdn can always read and write EVERYTHING!

#######################################################################
# MDB database definitions
#######################################################################

database    bdb
#maxsize       1073741824
suffix      "dc=,dc=com"
rootdn      "cn=Manager,dc=,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoid.  See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw      {SSHA}Owxt0yhMvU41kWbik1q2KfNygDPCuzdm
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory   /var/lib/ldap
# Indices to maintain
index   objectClass eq

## HA 配置

# 增加索引
index entryCSN,entryUUID eq
overlay syncprov
# 执行的条件,修改 1 个条目或满足 1 分钟时执行
syncprov-checkpoint 1 1
syncprov-sessionlog 100
# 保证唯一
serverID    1
# 同步进程 id,必须为三位数
syncrepl      rid=123
              # 另一节点的 IP
              provider=ldap://10.65.252.57
              # 认证方式为简单模式
              bindmethod=simple
              # 用户名
              binddn="cn=Manager,dc=,dc=com"
              # 密码
              credentials=123456
              # BaseDn
              searchbase="dc=,dc=com"
              schemachecking=off
              type=refreshAndPersist
              # 尝试时间,切记之间有空格
              retry="60  +"
mirrormode on

根据自己的环境修改 dc 以及 provider 的地址。

修改完成后,使用以下命令导入配置:

rm -rf /etc/openldap/slapd.d/*;
slaptest -f slapd.conf -F /etc/openldap/slapd.d;
chown -R ldap:ldap /etc/openldap/*;
service slapd restart;

另一节点的配置方式相同,注意更改 provider 的地址即可。

配置

建议使用 yum 安装 Keepalived:

sudo yum isntall -y keepalived;

修改 /etc/keepalived/keepalived.conf 配置如下:

! Configuration File for keepalived
global_defs {
    notification_email {
       xhh@cmss.chinamobile.com
    }
   notification_email_from  root@cmss.chinamobile.com
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   # 节点标识
   router_id ldap_A
}
vrrp_instance VI_1 {
   state MASTER
   # 使用的网卡为 eth0
   interface eth0
   # 虚拟路由标识,两个节点必须一致
   virtual_router_id 150
   # 优先级,两个节点的优先级高者为 master
   priority 100
   # 不抢占
   nopreempt
   advert_int 1
  authentication {
     auth_type PASS
     auth_pass 1111
  }
  virtual_ipaddress {
    10.133.47.180
  }
   notify_master "/etc/keepalived/to_master.sh"
   notify_backup "/etc/keepalived/to_master.sh"
   notify_stop "/etc/keepalived/to_stop.sh"
   track_script {
      check_ldap_server_status
   }
}
vrrp_script check_ldap_server_status {
  script "/etc/keepalived/check-ldap-server.sh"
  # 脚本检测时间间隔
  interval 3
  # 脚本返回失败值时 优先级权重减 5
  weight -5
}

check-ldap-server.sh 的内容为:

#!/bin/
ldapPid=$(ps -ef |grep slapd|grep -v grep|awk '{print $2}'|grep -v PID)
if [ "$ldapPid" == "" ]; then
   service keepalived stop
   exit 1
else
   exit 0
fi

to_master.sh 的内容为:

#!/bin/bash
service slapd start

to_stop.sh 的内容为:

#!/bin/bash
service slapd stop

另一节点的 Keepalived 配置方式相同,只需要修改以下三个字段的值即可:

router_id   ldap_B
state   BACKUP
priority    98  

更多的 Keepalived 配置可查看:《【转载】keepalived 工作原理和配置说明

配置完成后重启 Keepalived 即可:

service keepalived restart;
OpenLDAP HA 部署

magedu pro 第六周作业

1、请详细描述 系统的启动流程(详细到每个过程系统做了哪些事情)。

由于篇幅过长,已单独写成一篇博客,详见:《CentOS 系统启动流程

2、为运行于虚拟机上的 CentOS 6 添加一块新硬件,提供两个主分区。

  • (1)为硬盘新建两个主分区;并为其安装
  • (2)为硬盘的第一个主分区提供内核和 ramdisk 文件;为第二个分区提供 rootfs 。
  • (3)为 rootfs 提供 、 ls 、 程序及所依赖的库文件。
  • (4)为 grub 提供配置文件。
  • (5)将新的硬盘设置为第一启动项并能够正常启动目标主机。

Continue reading “magedu pro 第六周作业”

magedu pro 第六周作业

magedu pro 第四周作业

1、创建一个10G分区,并格式为ext4文件系统;

(1) 要求其block大小为2048, 预留空间百分比为2, 卷标为MYDATA, 默认挂载属性包含acl;
(2) 挂载至/data/mydata目录,要求挂载时禁止程序自动运行,且不更新文件的访问时间戳;

# 创建分区

[hzz@ ~]$ sudo  /dev/sdb
欢迎使用  (util- 2.23.2)。

更改将停留在内存中,直到您决定将更改写入磁盘。
使用写入命令前请三思。

Device does not contain a recognized partition table
使用磁盘标识符 0x9cfbcaa9 创建新的 DOS 磁盘标签。

命令(输入 m 获取帮助):n
Partition type:
   p   primary (0 primary, 0 extended, 4 free)
   e   extended
Select (default p): 
Using default response p
分区号 (1-4,默认 1):
起始 扇区 (2048-31457279,默认为 2048):
将使用默认值 2048
Last 扇区, +扇区 or +size{K,M,G} (2048-31457279,默认为 31457279):+10G
分区 1 已设置为  类型,大小设为 10 GiB

命令(输入 m 获取帮助):w
The partition table has been altered!

Calling ioctl() to re- partition table.
正在同步磁盘。
[hzz@ ~]$

# 格式化分区并按要求创建 ext4 文件系统

[hzz@ ~]$ sudo mkfs.ext4 -b 2048 -m 2 -L MYDATA /dev/sdb1
mke2fs 1.42.9 (28-Dec-2013)
文件系统标签=MYDATA
OS type: Linux
块大小=2048 (log=1)
分块大小=2048 (log=1)
Stride=0 blocks, Stripe width=0 blocks
655360 inodes, 5242880 blocks
104857 blocks (2.00%) reserved for the super user
第一个数据块=0
Maximum filesystem blocks=273678336
320 block groups
16384 blocks per group, 16384 fragments per group
2048 inodes per group
Superblock backups stored on blocks: 
        16384, 49152, 81920, 114688, 147456, 409600, 442368, 802816, 1327104, 
        2048000, 3981312

Allocating group tables: 完成                            
正在写入inode表: 完成                            
Creating journal (32768 blocks): 完成
Writing superblocks and filesystem accounting information: 完成   

[hzz@ ~]$ 

# 确认默认挂载属性(Default mount options)

[hzz@ ~]$ sudo tune2fs -l /dev/sdb1
tune2fs 1.42.9 (28-Dec-2013)
Filesystem volume name:   MYDATA
Last mounted on:          <not available>
Filesystem UUID:          d857478c-911f-4888-a4ee-2fbbf22671a1
Filesystem magic number:  0xEF53
Filesystem revision #:    1 (dynamic)
Filesystem features:      has_journal ext_attr resize_ dir_index filetype extent 64bit flex_bg sparse_super huge_file uninit_bg dir_nlink extra_isize
Filesystem flags:         signed_directory_hash 
Default mount options:    user_xattr acl
Filesystem state:         clean
Errors behavior:          Continue
Filesystem OS type:       Linux
 count:              655360
Block count:              5242880
Reserved block count:     104857
Free blocks:              5121266
Free inodes:              655349
First block:              0
Block size:               2048
Fragment size:            2048
Group descriptor size:    64
Reserved GDT blocks:      512
Blocks per group:         16384
Fragments per group:      16384
Inodes per group:         2048
 blocks per group:   256
Flex block group size:    16
Filesystem created:       Thu Jul 27 20:49:22 2017
Last mount time:          n/a
Last write time:          Thu Jul 27 20:49:22 2017
Mount count:              0
Maximum mount count:      -1
Last checked:             Thu Jul 27 20:49:22 2017
Check interval:           0 (<none>)
Lifetime writes:          65 MB
Reserved blocks uid:      0 (user root)
Reserved blocks gid:      0 (group root)
First :              11
 size:               256
Required extra isize:     28
Desired extra isize:      28
Journal :            8
Default directory hash:   half_md4
Directory Hash Seed:      cb8604c6-6cfd-4aae-9734-0c775d88a2c1
Journal backup:            blocks
[hzz@magedu ~]$ 

# 如默认存在 acl ,则去掉另配(练习操作)

[hzz@magedu ~]$ sudo tune2fs -o ^acl /dev/sdb1
tune2fs 1.42.9 (28-Dec-2013)
[hzz@magedu ~]$ sudo tune2fs -l /dev/sdb1     
tune2fs 1.42.9 (28-Dec-2013)
Filesystem volume name:   MYDATA
Last mounted on:          <not available>
Filesystem UUID:          d857478c-911f-4888-a4ee-2fbbf22671a1
Filesystem magic number:  0xEF53
Filesystem revision #:    1 (dynamic)
Filesystem features:      has_journal ext_attr resize_ dir_index filetype extent 64bit flex_bg sparse_super huge_file uninit_bg dir_nlink extra_isize
Filesystem flags:         signed_directory_hash 
Default mount options:    user_xattr
Filesystem state:         clean
Errors behavior:          Continue
Filesystem OS type:       Linux
 count:              655360
Block count:              5242880
Reserved block count:     104857
Free blocks:              5121266
Free inodes:              655349
First block:              0
Block size:               2048
Fragment size:            2048
Group descriptor size:    64
Reserved GDT blocks:      512
Blocks per group:         16384
Fragments per group:      16384
Inodes per group:         2048
 blocks per group:   256
Flex block group size:    16
Filesystem created:       Thu Jul 27 20:49:22 2017
Last mount time:          n/a
Last write time:          Thu Jul 27 20:53:33 2017
Mount count:              0
Maximum mount count:      -1
Last checked:             Thu Jul 27 20:49:22 2017
Check interval:           0 (<none>)
Lifetime writes:          65 MB
Reserved blocks uid:      0 (user root)
Reserved blocks gid:      0 (group root)
First :              11
 size:               256
Required extra isize:     28
Desired extra isize:      28
Journal :            8
Default directory hash:   half_md4
Directory Hash Seed:      cb8604c6-6cfd-4aae-9734-0c775d88a2c1
Journal backup:            blocks
[hzz@magedu ~]$ 

[hzz@magedu ~]$ sudo tune2fs -o acl /dev/sdb1 
tune2fs 1.42.9 (28-Dec-2013)
[hzz@magedu ~]$ sudo tune2fs -l /dev/sdb1    
tune2fs 1.42.9 (28-Dec-2013)
Filesystem volume name:   MYDATA
Last mounted on:          <not available>
Filesystem UUID:          d857478c-911f-4888-a4ee-2fbbf22671a1
Filesystem magic number:  0xEF53
Filesystem revision #:    1 (dynamic)
Filesystem features:      has_journal ext_attr resize_ dir_index filetype extent 64bit flex_bg sparse_super huge_file uninit_bg dir_nlink extra_isize
Filesystem flags:         signed_directory_hash 
Default mount options:    user_xattr acl
Filesystem state:         clean
Errors behavior:          Continue
Filesystem OS type:       Linux
 count:              655360
Block count:              5242880
Reserved block count:     104857
Free blocks:              5121266
Free inodes:              655349
First block:              0
Block size:               2048
Fragment size:            2048
Group descriptor size:    64
Reserved GDT blocks:      512
Blocks per group:         16384
Fragments per group:      16384
Inodes per group:         2048
 blocks per group:   256
Flex block group size:    16
Filesystem created:       Thu Jul 27 20:49:22 2017
Last mount time:          n/a
Last write time:          Thu Jul 27 20:54:15 2017
Mount count:              0
Maximum mount count:      -1
Last checked:             Thu Jul 27 20:49:22 2017
Check interval:           0 (<none>)
Lifetime writes:          65 MB
Reserved blocks uid:      0 (user root)
Reserved blocks gid:      0 (group root)
First :              11
 size:               256
Required extra isize:     28
Desired extra isize:      28
Journal :            8
Default directory hash:   half_md4
Directory Hash Seed:      cb8604c6-6cfd-4aae-9734-0c775d88a2c1
Journal backup:            blocks
[hzz@magedu ~]$ 

# 按要求挂载分区

[hzz@magedu ~]$ sudo mkdir -p /data/mydata
[hzz@magedu ~]$ sudo mount -o noexec,noatime /dev/sdb1 /data/mydata   
[hzz@magedu ~]$ mount |  mydata
/dev/sdb1 on /data/mydata type ext4 (rw,noexec,noatime,seclabel,data=ordered)
[hzz@magedu ~]$

Continue reading “magedu pro 第四周作业”

magedu pro 第四周作业

Bash 脚本编程基础及示例

简介

(Bourne Again )是当前 系统默认的,在 sh(Bourne Shell)的基础上进行扩展,并代替 sh 的一种 CLI(command-line interface)工具。

由于 bash 本身就是 Linux 上的命令语言,所以 bash 编程有着得天独厚的优势:所有在 bash 编程中用到的语句,都可以在命令行中执行。换句话说,就是 bash 编程,其实就是按条件堆积 linux 命令的过程。这也很好地解释了 Linux 是由众多功能单一程序组成的这种哲学思想。

Continue reading “Bash 脚本编程基础及示例”

Bash 脚本编程基础及示例

Linux RAID 简介

简介

RAID早先的意思是廉价磁盘冗余阵列(Redundant Array of Inexpensive Disks),本意为使用多块硬件中较为廉价且效能增长较慢的磁盘组成阵列,用来提升计算机性能,同时实现容错、逻辑数据备份的功能。但后来发现,大量便宜磁盘组合并不能适用于现实的生产环境,而该技术得到了越来越广泛的应用后,各种生产环境的实现方案并不便宜。所以后来Inexpensive被改为independent,意为独立磁盘冗余阵列(Redundant Array of Independent Drives)。

Continue reading “Linux RAID 简介”

Linux RAID 简介