Linux云自动化运维第六课
Linux云自動化運維第六課
?
第九單元 ?openssh-server
?
一、openssh-server
?
功能:讓遠程主機可以通過網(wǎng)絡(luò)訪問sshd服務(wù),開始一個安全shell
?
二、客戶端連接方式
?
ssh 遠程主機用戶@遠程主機ip ??###連接遠程主機
ssh 遠程主機用戶@遠程主機ip -X ??###調(diào)用遠程主機圖形工具
ssh 遠程主機用戶@遠程主機ip command ??###直接在遠程主機運行某條命令
?
eg:[kiosk@foundation42 Desktop]$ ssh fuwu@172.25.254.242 ???###連接遠程主機,遠程主機用戶@遠程主機ip
The authenticity of host '172.25.254.242 (172.25.254.242)' can't be established.
ECDSA key fingerprint is eb:24:0e:07:96:26:b1:04:c2:37:0c:78:2d:bc:b0:08.
Are you sure you want to continue connecting (yes/no)? yes ??###首次連接,建立認證關(guān)系yes
Warning: Permanently added '172.25.254.242' (ECDSA) to the list of known hosts.
fuwu@172.25.254.242's password: ???###輸入遠程主機用戶密碼
Last login: Sun Mar 26 21:38:42 2017 from 172.25.254.142
[fuwu@localhost ~]$ gedit ??###登陸成功
?
(gedit:5238): Gtk-WARNING **: cannot open display: ???###無法調(diào)用遠程主機圖形工具
[fuwu@localhost ~]$ exit
登出
Connection to 172.25.254.242 closed.
[kiosk@foundation42 Desktop]$ ssh fuwu@172.25.254.242 -X ??###-X,調(diào)用遠程主機圖形工具
fuwu@172.25.254.242's password:
Last login: Sun Mar 26 21:46:51 2017 from 172.25.254.42
[fuwu@localhost ~]$ gedit ??###登陸成功,遠程主機圖形工具調(diào)用成功
?
** (gedit:5350): WARNING **: Couldn't connect to accessibility bus: Failed to connect to socket /tmp/dbus-UKyLlmteU7: 拒絕連接
[fuwu@localhost ~]$ exit
登出
Connection to 172.25.254.242 closed.
[kiosk@foundation42 Desktop]$ ssh fuwu@172.25.254.242 touch /home/fuwu/Desktop/file{1..3} ??###直接在遠程主機運行命令touch,建立文件;文件建立在遠程主機fuwu用戶桌面
fuwu@172.25.254.242's password:
[kiosk@foundation42 Desktop]$ ssh fuwu@172.25.254.242 rm -fr ?/home/fuwu/Desktop/file{1..3} ??###直接在遠程主機運行命令rm,刪除遠程主機fuwu用戶桌面文件
fuwu@172.25.254.242's password:
[kiosk@foundation42 Desktop]$ ssh root@172.25.254.242 reboot ??###直接在遠程主機運行命令reboot,重啟遠程主機
root@172.25.254.242's password:
Connection to 172.25.254.242 closed by remote host.
[kiosk@foundation42 Desktop]$
?
[kiosk@foundation42 Desktop]$ scp fuwu@172.25.254.242:/home/fuwu/Desktop/file . ??###將遠程主機fuwu用戶桌面文件file復(fù)制到當前目錄
fuwu@172.25.254.242's password:
file ?????????????????????????????????????????100% ???8 ????0.0KB/s ??00:00 ???
[kiosk@foundation42 Desktop]$ scp file fuwu@172.25.254.242:/home/fuwu/Desktop ??###將當前目錄的文件file復(fù)制到遠程主機fuwu用戶的桌面
fuwu@172.25.254.242's password:
file ?????????????????????????????????????????100% ???8 ????0.0KB/s ??00:00 ???
[kiosk@foundation42 Desktop]$
?
三、sshkey加密
?
1.生成公鑰私鑰
eg:[fuwu@localhost ~]$ ssh-keygen ??###生成公鑰私鑰工具
Generating public/private rsa key pair.
Enter file in which to save the key (/home/fuwu/.ssh/id_rsa): ???###加密字符保存文件(回車鍵,默認)
Created directory '/home/fuwu/.ssh'.
Enter passphrase (empty for no passphrase): ???###密鑰密碼,>4個字符(回車鍵也可)
Enter same passphrase again: ???###確認密碼
Your identification has been saved in /home/fuwu/.ssh/id_rsa. ??###私鑰路徑
Your public key has been saved in /home/fuwu/.ssh/id_rsa.pub. ??###公鑰路徑
The key fingerprint is:
95:55:ed:da:28:22:4a:1c:fb:f6:84:e8:d6:55:0e:54 fuwu@localhost
The key's randomart image is:
+--[ RSA 2048]----+
| ??????????.E... |
| ?????????.o ???.|
| ????????.o ???. |
| ?????. ?.. . ??.|
| ????. oS ?+ ??+ |
| ?????+...o o o .|
| ????..+.o.. . ??|
| ????.o +. ??????|
| ????... .. ?????|
+-----------------+
[fuwu@localhost ~]$ ls .ssh/
id_rsa ?id_rsa.pub
id_rsa ??###私鑰,就是鑰匙
id_rsa.pub ??###公鑰,就是鎖
?
2.添加key認證方式
[root@server0 ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub ?root@172.25.0.11
ssh-copy-id ??###添加key認證方式的工具
-i ??###指定加密key文件
/root/.ssh/id_rsa.pub ??###加密key
root ??###加密用戶為root
172.25.0.11 ??###被加密主機ip
eg:[fuwu@localhost ~]$ ssh-copy-id -i /home/fuwu/.ssh/id_rsa.pub fuwu@172.25.254.242
The authenticity of host '172.25.254.242 (172.25.254.242)' can't be established.
ECDSA key fingerprint is eb:24:0e:07:96:26:b1:04:c2:37:0c:78:2d:bc:b0:08.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
fuwu@172.25.254.242's password:
?
Number of key(s) added: 1
?
Now try logging into the machine, with: ??"ssh 'fuwu@172.25.254.242'"
and check to make sure that only the key(s) you wanted were added.
?
[fuwu@localhost ~]$ ls .ssh/
authorized_keys ?id_rsa ?id_rsa.pub ?known_hosts
?
3.分發(fā)鑰匙給client主機
eg:[fuwu@localhost ~]$ su -
Password:
Last login: Sun Mar 26 21:23:11 EDT 2017 on :0
[root@localhost ~]# vim /etc/ssh/sshd_config ??###進入編輯狀態(tài),79 PasswordAuthentication yes,yes改為no
[root@localhost ~]# systemctl restart sshd.service
[root@localhost ~]# exit
logout
[fuwu@localhost ~]$ scp /home/fuwu/.ssh/id_rsa kiosk@172.25.254.42:/home/kiosk/.ssh/ ??###分發(fā)鑰匙給主機kiosk用戶
id_rsa ???????????????????????????????????????100% 1675 ????1.6KB/s ??00:00 ???
[fuwu@localhost ~]$
?
4.測試
[kiosk@foundation42 ~]$ ssh fuwu@172.25.254.242 ??###通過鑰匙打開,不需要密碼
Last login: Sun Mar 26 22:04:38 2017
[fuwu@localhost ~]$ ??
?
eg:[fuwu@localhost ~]$ rm -fr .ssh/authorized_keys ???###刪除authorized_keys
[kiosk@foundation42 ~]$ ssh fuwu@172.25.254.242 ???###遠程連接失敗
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
[fuwu@localhost ~]$ cp .ssh/id_rsa.pub .ssh/authorized_keys ??###復(fù)制id_rsa.pub到authorized_keys
[fuwu@localhost ~]$ ls .ssh/
authorized_keys ?id_rsa ?id_rsa.pub ?known_hosts
[kiosk@foundation42 ~]$ ssh fuwu@172.25.254.242 ??###遠程連接成功
Last login: Sun Mar 26 23:00:47 2017 from 172.25.254.42
?
四、提升openssh的安全級別
?
1.openssh-server配置文件
[root@localhost ~]# vim /etc/ssh/sshd_config ???###進入編輯狀態(tài)
78 PasswordAuthentication yes|no ??###是否開啟用戶密碼認證,yes為支持no為關(guān)閉
48 PermitRootLogin yes|no ??###是否允許超級用戶登陸
49 AllowUsers student westos ??###用戶白名單,只有在名單中出現(xiàn)的用戶可以使用sshd建立shell
50 DenyUsers westos ??###用戶黑名單
?
eg:[root@localhost ~]# vim /etc/ssh/sshd_config ??###進入編輯狀態(tài),48 PermitRootLogin no,不允許超級用戶登陸
[root@localhost ~]# systemctl restart sshd.service
[kiosk@foundation42 ~]$ ssh root@172.25.254.242 ??###密碼正確輸入三次,超級用戶無法登錄
root@172.25.254.242's password:
Permission denied, please try again.
root@172.25.254.242's password:
Permission denied, please try again.
root@172.25.254.242's password:
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
[root@localhost ~]# vim /etc/ssh/sshd_config ??###進入編輯狀態(tài),50 Denyusers student,用戶黑名單,不允許student用戶登陸
[root@localhost ~]# systemctl restart sshd.service
[kiosk@foundation42 ~]$ ssh student@172.25.254.242 ??###密碼正確輸入三次,student用戶無法登錄
student@172.25.254.242's password:
Permission denied, please try again.
student@172.25.254.242's password:
Permission denied, please try again.
student@172.25.254.242's password:
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
[kiosk@foundation42 ~]$ ssh fuwu@172.25.254.242 ??###fuwu用戶沒加入黑名單,可以登陸
fuwu@172.25.254.242's password:
Last login: Sun Mar 26 23:42:15 2017 from 172.25.254.42
[fuwu@localhost ~]$ exit
登出
Connection to 172.25.254.242 closed.
[root@localhost ~]# vim /etc/ssh/sshd_config ??###進入編輯狀態(tài),49 Allowusers student,用戶白名單,只允許登陸student用戶
[root@localhost ~]# systemctl restart sshd.service
[kiosk@foundation42 ~]$ ssh student@172.25.254.242 ???###student用戶在白名單上,可以登陸
student@172.25.254.242's password:
Last failed login: Sun Mar 26 23:46:33 EDT 2017 from 172.25.254.42 on ssh:notty
There were 3 failed login attempts since the last successful login.
[student@localhost ~]$ exit
登出
Connection to 172.25.254.242 closed.
[kiosk@foundation42 ~]$ ssh fuwu@172.25.254.242 ??###fuwu用戶不在白名單上,無法登陸
fuwu@172.25.254.242's password:
Permission denied, please try again.
fuwu@172.25.254.242's password:
Permission denied, please try again.
fuwu@172.25.254.242's password:
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
[kiosk@foundation42 ~]$
?
?
?
?
第十二單元 ?不同系統(tǒng)之間的文件傳輸
?
一、文件歸檔
1.文件歸檔,就是把多個文件變成一個歸檔文件
?
2.tar c ###創(chuàng)建
??????f ###指定歸檔文件名稱
??????t ###顯示歸檔文件中的內(nèi)容
??????r ###向歸檔文件中添加文件
??????--get ###取出單個文件
??????--delete ###刪除單個文件
??????x ###取出歸檔文件中的所有內(nèi)容
??????-C ###指定解檔目錄
??????-z ###gz格式壓縮
??????-j ###bz2格式壓縮
??????-J ###xz格式壓縮
eg:[root@localhost Desktop]# ls -ld dir/
drwxr-xr-x. 5 root root 4096 Mar 27 21:36 dir/
[root@localhost Desktop]# tar cf dir.tar dir/ ??###打包dir,指定歸檔文件名dir.tar
[root@localhost Desktop]# ls
dir ?dir.tar ?etc.tar
[root@localhost Desktop]# du -sh dir/
4.0K dir/
[root@localhost Desktop]# du -sh dir.tar ???###查看歸檔文件大小
12K dir.tar
[root@localhost Desktop]# tar tf dir.tar ???###顯示歸檔文件中的內(nèi)容
dir/
dir/class1
dir/class2
dir/file1
dir/file2
dir/dir1/
dir/dir1/wenjian
dir/dir2/
dir/dir2/wenjian2
[root@localhost Desktop]# ls
dir ?dir.tar ?etc.tar ?file
[root@localhost Desktop]# tar rf dir.tar file ???###向歸檔文件中添加file文件
[root@localhost Desktop]# tar tf dir.tar
dir/
dir/class1
dir/class2
dir/file1
dir/file2
dir/dir1/
dir/dir1/wenjian
dir/dir2/
dir/dir2/wenjian2
file
[root@localhost Desktop]# rm -fr file
[root@localhost Desktop]# ls
dir ?dir.tar ?etc.tar
[root@localhost Desktop]# tar f dir.tar --get file ??###取出歸檔文件中單個文件
[root@localhost Desktop]# ls
dir ?dir.tar ?etc.tar ?file
[root@localhost Desktop]# tar f dir.tar --delete file ???###刪除歸檔文件中單個文件
[root@localhost Desktop]# tar tf dir.tar
dir/
dir/class1
dir/class2
dir/file1
dir/file2
dir/dir1/
dir/dir1/wenjian
dir/dir2/
dir/dir2/wenjian2
[root@localhost Desktop]# ls
dir.tar ?etc.tar ?file
[root@localhost Desktop]# tar xf dir.tar ???###取出歸檔文件中所有內(nèi)容
[root@localhost Desktop]# ls
dir ?dir.tar ?etc.tar ?file
[root@localhost Desktop]# ls /mnt/
[root@localhost Desktop]# tar xf dir.tar -C /mnt/ ???###指定解檔目錄為/mnt/
[root@localhost Desktop]# ls /mnt/
dir
?
二、壓縮
?
1.gz
gzip etc.tar ###壓縮成gz格式
gunzip ?etc.tar.gz ###解壓gz格式壓縮包
tar zcf etc.tar.gz /etc ###把文件歸檔為tar并壓縮成gz
tar zxf etc.tar.gz ###解壓并解檔gz格式壓縮包
eg:[root@localhost Desktop]# ls
dir ?etc ?etc.tar
[root@localhost Desktop]# du -sh etc ??###查看目錄etc的大小
34M etc
[root@localhost Desktop]# du -sh etc.tar ??###查看歸檔文件etc.tar的大小
30M etc.tar
[root@localhost Desktop]# gzip etc.tar ???###將etc.tar壓縮成gz格式
[root@localhost Desktop]# ls
dir ?etc ?etc.tar.gz
[root@localhost Desktop]# du -sh etc.tar.gz ???###壓縮后變小
8.4M etc.tar.gz
[root@localhost Desktop]# gunzip etc.tar.gz ???###解壓
[root@localhost Desktop]# ls
dir ?etc ?etc.tar
[root@localhost Desktop]# rm -fr etc.tar
[root@localhost Desktop]# ls
dir ?etc
[root@localhost Desktop]# tar zcf etc.tar.gz etc ??###把文件歸檔為tar并壓縮成gz
[root@localhost Desktop]# ls
dir ?etc ?etc.tar.gz
[root@localhost Desktop]# rm -fr etc
[root@localhost Desktop]# ls
dir ?etc.tar.gz
[root@localhost Desktop]# tar zxf etc.tar.gz ??###解壓并解檔gz格式壓縮包
[root@localhost Desktop]# ls
dir ?etc ?etc.tar.gz
?
2.bz2
bzip2 etc.tar ###壓縮成bz2格式
bunzip2 etc.tar.bz2 ###解壓bz2格式壓縮包
tar jcf etc.tar.bz2 /etc ###把文件歸檔為tar并壓縮成bz2
tar jxf etc.tar.bz2 ?###解壓并解檔bz2格式壓縮包
eg:[root@localhost Desktop]# ls
dir ?etc ?etc.tar
[root@localhost Desktop]# bzip2 etc.tar ###壓縮成bz2格式 ?
[root@localhost Desktop]# ls
dir ?etc ?etc.tar.bz2
[root@localhost Desktop]# du -sh etc.tar.bz2 ??###變小
7.0M etc.tar.bz2
[root@localhost Desktop]# rm -fr etc
[root@localhost Desktop]# ls
dir ?etc.tar.bz2
[root@localhost Desktop]# bunzip2 etc.tar.bz2 ?###解壓bz2格式壓縮包
[root@localhost Desktop]# ls
dir ?etc.tar
[root@localhost Desktop]# tar xf etc.tar
[root@localhost Desktop]# ls
dir ?etc ?etc.tar
[root@localhost Desktop]# rm -fr etc.tar
您在 /var/spool/mail/root 中有郵件
[root@localhost Desktop]# ls
dir ?etc
[root@localhost Desktop]# tar jcf etc.tar.bz2 etc ??###把文件歸檔為tar并壓縮成bz2
[root@localhost Desktop]# ls
dir ?etc ?etc.tar.bz2
[root@localhost Desktop]# rm -fr etc
[root@localhost Desktop]# ls
dir ?etc.tar.bz2
[root@localhost Desktop]# tar jxf etc.tar.bz2 ????###解壓并解檔bz2格式壓縮包
[root@localhost Desktop]# ls
dir ?etc ?etc.tar.bz2
?
3.xz
xz etc.tar ###壓縮成xz格式
unxz ?etc.tar.xz ###解壓xz格式壓縮包
tar Jcf etc.tar.xz /etc ###把文件歸檔為tar并壓縮成xz
tar Jxf etc.tar.xz ###解壓并解檔xz格式壓縮包
eg:[root@localhost Desktop]# ls
dir ?etc ?etc.tar
[root@localhost Desktop]# xz etc.tar ??###壓縮成xz格式
[root@localhost Desktop]# ls
dir ?etc ?etc.tar.xz
[root@localhost Desktop]# du -sh etc.tar.xz ??###變小
5.7M etc.tar.xz
[root@localhost Desktop]# rm -fr etc
[root@localhost Desktop]# ls
dir ?etc.tar.xz
[root@localhost Desktop]# unxz etc.tar.xz ???###解壓xz格式壓縮包
[root@localhost Desktop]# ls
dir ?etc.tar
[root@localhost Desktop]# tar xf etc.tar
[root@localhost Desktop]# rm -fr etc.tar
[root@localhost Desktop]# ls
dir ?etc
[root@localhost Desktop]# tar Jcf etc.tar.xz etc ??###把文件歸檔為tar并壓縮成xz
[root@localhost Desktop]# ls
dir ?etc ?etc.tar.xz
[root@localhost Desktop]# rm -fr etc
[root@localhost Desktop]# ls
dir ?etc.tar.xz
[root@localhost Desktop]# tar Jxf etc.tar.xz ????###解壓并解檔xz格式壓縮包
[root@localhost Desktop]# ls
dir ?etc ?etc.tar.xz
?
4.zip
zip -r etc.tar.zip etc.tar ###壓縮成zip格式
unzip etc.tar.zip ###解壓
eg;[root@localhost Desktop]# ls
dir ?etc ?etc.tar
[root@localhost Desktop]# zip -r etc.tar.zip etc.tar ??###壓縮成zip格式
??adding: etc.tar (deflated 72%)
[root@localhost Desktop]# ls
dir ?etc ?etc.tar ?etc.tar.zip
[root@localhost Desktop]# du -sh etc.tar.zip ???###變小
16M etc.tar.zip
[root@localhost Desktop]# rm -fr etc.tar etc
[root@localhost Desktop]# ls
dir ?etc.tar.zip
[root@localhost Desktop]# unzip etc.tar.zip ?###解壓
Archive: ?etc.tar.zip
??inflating: etc.tar ????????????????
[root@localhost Desktop]# ls
dir ?etc.tar ?etc.tar.zip
?
三、系統(tǒng)中的文件傳輸
?
scp file username@ip:/dir ###上傳,速度慢
scp username@ip:/dir/file ?/dir ###下載,速度慢
rsync [參數(shù)] file username@ip:/dir ??###速度快
rsync -r ###同步目錄
-l ###不忽略鏈接
-p ###不忽略文件權(quán)限
-t ###不忽文件時間戳
-g ###不忽文件所有組
-o ###不忽文件所有人
-D ###不忽略設(shè)備文件
eg:[root@localhost Desktop]# scp dir/adjtime kiosk@172.25.254.42:/home/kiosk/Desktop/dir/
kiosk@172.25.254.42's password:
adjtime ??????????????????????????????????????100% ??16 ????0.0KB/s ??00:00 ???
[root@localhost Desktop]# scp kiosk@172.25.254.42:/home/kiosk/Desktop/dir/adjtime .
kiosk@172.25.254.42's password:
adjtime ??????????????????????????????????????100% ??16 ????0.0KB/s ??00:00 ???
[kiosk@foundation42 Desktop]$ ls -l adjtime
-rw-r--r-- 1 kiosk kiosk 18 Mar 20 00:45 adjtime
[kiosk@foundation42 Desktop]$ rsync -r adjtime root@172.25.254.142:/root/Desktop/ ###同步目錄
root@172.25.254.142's password:
[root@localhost Desktop]# ls -l adjtime
-rw-r--r--. 1 root root 18 Mar 28 11:01 adjtime
[kiosk@foundation42 Desktop]$ rsync -tr adjtime root@172.25.254.142:/root/Desktop/ ?###不忽文件時間戳
root@172.25.254.142's password:
[root@localhost Desktop]# ls -l adjtime
-rw-r--r--. 1 root root 18 Mar 19 12:45 adjtime
[kiosk@foundation42 Desktop]$ rsync -gr adjtime root@172.25.254.142:/root/Desktop/ ??###不忽文件所有組
root@172.25.254.142's password:
[root@localhost Desktop]# ls -l adjtime
-rw-r--r--. 1 root student 18 Mar 28 11:03 adjtime
[kiosk@foundation42 Desktop]$ rsync -or adjtime root@172.25.254.142:/root/Desktop/ ??###不忽文件所有人
root@172.25.254.142's password:
[root@localhost Desktop]# ls -l adjtime
-rw-r--r--. 1 student root 18 Mar 28 11:04 adjtime
?
第十一單元 ?管理網(wǎng)絡(luò)
?
一、ip基礎(chǔ)知識(ipv4)
?
2進制32位-----10進制
172.25.0.10/255.255.255.0
172.25.0.10:ip地址
255.255.255.0:子網(wǎng)掩碼
子網(wǎng)掩碼255位對應(yīng)的ip位為網(wǎng)絡(luò)位
子網(wǎng)掩碼0對應(yīng)的ip位為主機位
?
二、配置ip
?
1.圖形化界面
nm-connection-editor
?
2.文本化圖形
nmtui
?
<<命令>>
ifconfig 網(wǎng)卡 ip netmask ##臨時設(shè)定
nmcli connection add ethernet con-name westos ifname eth0 autoconnect yes
nmcli connection add type ethernet con-name westos ifname eth0 ip4 ip/24
nmcli connection delete westos
nmcli connection show
nmcli connection down westos
nmcli connection up westos
nmcli connection modify "westos" ipv4.addresses newip/24
nmcli connection modify "westos" ipv4.method <auto|manual>
nmcli device connect eth0
nmcli device disconnect eth0
nmcli device show
nmcli device status
eg:[root@localhost Desktop]# nmcli connection add type ethernet con-name westos ifname eth0 autoconnect yes ??###網(wǎng)絡(luò)服務(wù)開啟時自動激活
Connection 'westos' (55e75ad1-f03b-4388-b5d3-bd564ec6431d) successfully added.
[root@localhost Desktop]# nmcli connection delete westos ???###刪除網(wǎng)絡(luò)
[root@localhost Desktop]# nmcli device connect eth0
Error: Device activation failed: The device has no connections available.
[root@localhost Desktop]# nmcli connection add type ethernet con-name westos ifname eth0 ip4 172.25.254.142/24
Connection 'westos' (9ff61eec-d85a-4a31-abd1-c7b40b5e623b) successfully added.
[root@localhost Desktop]# nmcli device connect eth0 Device 'eth0' successfully activated with '9ff61eec-d85a-4a31-abd1-c7b40b5e623b'.
[root@localhost Desktop]# nmcli connection show
NAME ???UUID ?????????????????????????????????TYPE ???????????DEVICE
westos ?9ff61eec-d85a-4a31-abd1-c7b40b5e623b ?802-3-ethernet ?eth0 ??
[root@localhost Desktop]# nmcli connection down westos
[root@localhost Desktop]# nmcli connection show
NAME ???UUID ?????????????????????????????????TYPE ???????????DEVICE
westos ?9ff61eec-d85a-4a31-abd1-c7b40b5e623b ?802-3-ethernet ?-- ????
[root@localhost Desktop]# nmcli connection up westos
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/11)
[root@localhost Desktop]# nmcli connection show
NAME ???UUID ?????????????????????????????????TYPE ???????????DEVICE
westos ?9ff61eec-d85a-4a31-abd1-c7b40b5e623b ?802-3-ethernet ?eth0 ??
[root@localhost Desktop]# nmcli connection modify "westos" ipv4.addresses 172.25.254.242/24
[root@localhost Desktop]# systemctl restart network
[root@localhost Desktop]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> ?mtu 1500
????????inet 172.25.254.242 ?netmask 255.255.255.0 ?broadcast 172.25.254.255
????????inet6 fe80::5054:ff:fe00:2a0a ?prefixlen 64 ?scopeid 0x20<link>
????????ether 52:54:00:00:2a:0a ?txqueuelen 1000 ?(Ethernet)
????????RX packets 49300 ?bytes 3266084 (3.1 MiB)
????????RX errors 0 ?dropped 0 ?overruns 0 ?frame 0
????????TX packets 9112 ?bytes 790252 (771.7 KiB)
????????TX errors 0 ?dropped 0 overruns 0 ?carrier 0 ?collisions 0
?
lo: flags=73<UP,LOOPBACK,RUNNING> ?mtu 65536
????????inet 127.0.0.1 ?netmask 255.0.0.0
????????inet6 ::1 ?prefixlen 128 ?scopeid 0x10<host>
????????loop ?txqueuelen 0 ?(Local Loopback)
????????RX packets 3822 ?bytes 435530 (425.3 KiB)
????????RX errors 0 ?dropped 0 ?overruns 0 ?frame 0
????????TX packets 3822 ?bytes 435530 (425.3 KiB)
????????TX errors 0 ?dropped 0 overruns 0 ?carrier 0 ?collisions 0
?
[root@localhost Desktop]# nmcli device disconnect eth0
[root@localhost Desktop]# nmcli device show
GENERAL.DEVICE: ????????????????????????eth0
GENERAL.TYPE: ??????????????????????????ethernet
GENERAL.HWADDR: ????????????????????????52:54:00:00:2A:0A
GENERAL.MTU: ???????????????????????????1500
GENERAL.STATE: ?????????????????????????30 (disconnected)
GENERAL.CONNECTION: ????????????????????--
GENERAL.CON-PATH: ??????????????????????--
WIRED-PROPERTIES.CARRIER: ??????????????on
?
GENERAL.DEVICE: ????????????????????????lo
GENERAL.TYPE: ??????????????????????????loopback
GENERAL.HWADDR: ????????????????????????00:00:00:00:00:00
GENERAL.MTU: ???????????????????????????65536
GENERAL.STATE: ?????????????????????????10 (unmanaged)
GENERAL.CONNECTION: ????????????????????--
GENERAL.CON-PATH: ??????????????????????--
IP4.ADDRESS[1]: ????????????????????????ip = 127.0.0.1/8, gw = 0.0.0.0
IP6.ADDRESS[1]: ????????????????????????ip = ::1/128, gw = ::
[root@localhost Desktop]# nmcli device connect eth0
Device 'eth0' successfully activated with '9ff61eec-d85a-4a31-abd1-c7b40b5e623b'.
[root@localhost Desktop]# nmcli device show
GENERAL.DEVICE: ????????????????????????eth0
GENERAL.TYPE: ??????????????????????????ethernet
GENERAL.HWADDR: ????????????????????????52:54:00:00:2A:0A
GENERAL.MTU: ???????????????????????????1500
GENERAL.STATE: ?????????????????????????100 (connected)
GENERAL.CONNECTION: ????????????????????westos
GENERAL.CON-PATH: ??????????????????????/org/freedesktop/NetworkManager/ActiveConnection/13
WIRED-PROPERTIES.CARRIER: ??????????????on
IP4.ADDRESS[1]: ????????????????????????ip = 172.25.254.242/24, gw = 0.0.0.0
IP6.ADDRESS[1]: ????????????????????????ip = fe80::5054:ff:fe00:2a0a/64, gw = ::
?
GENERAL.DEVICE: ????????????????????????lo
GENERAL.TYPE: ??????????????????????????loopback
GENERAL.HWADDR: ????????????????????????00:00:00:00:00:00
GENERAL.MTU: ???????????????????????????65536
GENERAL.STATE: ?????????????????????????10 (unmanaged)
GENERAL.CONNECTION: ????????????????????--
GENERAL.CON-PATH: ??????????????????????--
IP4.ADDRESS[1]: ????????????????????????ip = 127.0.0.1/8, gw = 0.0.0.0
IP6.ADDRESS[1]: ????????????????????????ip = ::1/128, gw = ::
[root@localhost Desktop]# nmcli device status
DEVICE ?TYPE ?????STATE ?????CONNECTION
eth0 ???ethernet ?connected ?westos ????
lo ?????loopback ?unmanaged ?-- ????????
?
<<文件>>
dhcp ###動態(tài)獲取
vim /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0 ###接口使用設(shè)備
BOOTPROTO=dhcp ###網(wǎng)卡工作模式
ONBOOT=yes ###網(wǎng)絡(luò)服務(wù)開啟時自動激活
NAME=eth0 ###網(wǎng)絡(luò)接口名稱
:wq
systemctl restart network
?
static|none ###靜態(tài)網(wǎng)絡(luò)
vim /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0 ?###設(shè)備
BOOTPROTO=static|none ?###設(shè)備工作方式
ONBOOT=yes ?###開啟網(wǎng)絡(luò)服務(wù)激活設(shè)備
NAME=eth0 ?##3網(wǎng)絡(luò)接口名稱
IPADDR=172.25.0.100 ??###IP
NETNASK=255.255.255.0 | PREFIX=24 ###子網(wǎng)掩碼
?
三、gateway 網(wǎng)關(guān)
?
1.路由器
主要功能是用來作nat的
dnat 目的地地址轉(zhuǎn)換
snat 源地址轉(zhuǎn)換
?
2.網(wǎng)關(guān)
路由器上和自己處在同一個網(wǎng)段的那個ip
?
3.設(shè)定網(wǎng)關(guān)
systemctl stop NetwrokManager
vim /etc/sysconfig/network ###全局網(wǎng)關(guān)
GATEWAY=網(wǎng)關(guān)ip
vim /etc/sysconfig/network-scripts/ifcfg-網(wǎng)卡配置文件 ##網(wǎng)卡接口網(wǎng)關(guān)
GATEWAY=網(wǎng)關(guān)ip
systemctl restart netwrok
route -n ###查詢網(wǎng)關(guān)
Kernel IP routing table
Destination ????Gateway ????????Genmask ????????Flags Metric Ref ???Use Iface
0.0.0.0 ??(網(wǎng)關(guān))172.25.0.254 ???0.0.0.0 ????????UG ???0 ?????0 ???????0 eth0
172.25.0.0 ?????0.0.0.0 ????????255.255.255.0 ??U ????0 ?????0 ???????0 eth0
?
?
四、dns
?
1.dns
dns是一臺服務(wù)器
這太服務(wù)器提供了回答客戶主機名和ip對應(yīng)關(guān)系的功能
?
2.設(shè)定dns
vim /etc/resolv.conf
nameserver dns服務(wù)器ip
vim /etc/sysconfig/network-scripts/ifcfg-網(wǎng)卡配置文件
DNS1=dns服務(wù)器ip
?
3.本地解析文件
vim /etc/hosts
ip 主機名稱
?
4.本地解析文件和dns讀取的優(yōu)先級調(diào)整
/etc/nsswitch.conf
?38 #hosts: ????db files nisplus nis dns
?39 hosts: ?????files dns ##files代表本地解析文件,dns代表dns服務(wù)器,那個在前面那個優(yōu)先
?
5.dhcp服務(wù)的配置
?
?
unit6-作業(yè)
?
1.在server主機中把/etc目錄打包壓縮到/mnt中,名字為etc.tar.gz
[root@localhost Desktop]# tar zcf /mnt/etc.tar.gz /etc
tar: Removing leading `/' from member names
?
2.復(fù)制server主機中的etc.tar.gz到desktop主機的/mnt中
[root@localhost Desktop]# scp /mnt/etc.tar.gz root@172.25.254.142:/mnt/
root@172.25.254.142's password:
etc.tar.gz ???????????????????????????????????100% 8537KB ??8.3MB/s ??00:00
?
3.同步server中的/etc中的所有文件到desktop主機中的/mnt中,包含鏈接文件
[root@localhost Desktop]# rsync -lr /etc root@172.25.254.142:/mnt/
root@172.25.254.142's password:
?
4.在系統(tǒng)中創(chuàng)建set-ip-tool命令要求如下:當在系統(tǒng)中執(zhí)行set-ip-tool 172.25.254.x后
*)會自動顯示ifconfig命令的輸出
*)系統(tǒng)ip被設(shè)定為:172.25.254.x
[root@localhost Desktop]# vim /etc/sysconfig/network-scripts/ifcfg-eth0
[root@localhost Desktop]# systemctl restart network
#vim編輯內(nèi)容:
DEVICE=eth0
BOOTPROTO=static
ONBOOT=yes
NAME=eth0
IPADDR=172.25.254.242
NETNASK=255.255.255.0
*)系統(tǒng)網(wǎng)關(guān)被設(shè)定為:172.25.254.250
[root@localhost Desktop]# vim /etc/sysconfig/network
#vim編輯內(nèi)容:GATEWAY=172.25.254.250
[root@localhost Desktop]# vim /etc/sysconfig/network-scripts/ifcfg-eth0
#vim編輯內(nèi)容:GATEWAY=172.25.254.250
[root@localhost Desktop]# systemctl restart network
*)系統(tǒng)dns被設(shè)定為:172.25.254.250
[root@localhost Desktop]# vim /etc/resolv.conf
#vim編輯內(nèi)容:nameserver 172.25.254.250
[root@localhost Desktop]# vim /etc/sysconfig/network-scripts/ifcfg-eth0
#vim編輯內(nèi)容:DNS1=172.25.254.250
轉(zhuǎn)載于:https://www.cnblogs.com/Virgo-sept/p/6636607.html
總結(jié)
以上是生活随笔為你收集整理的Linux云自动化运维第六课的全部內(nèi)容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: BJFU fudq的等式
- 下一篇: linux 其他常用命令