【Centos7笔记八】双网卡配置和ssh配置

1 双网卡设置：（虚拟机的2个网卡需要设置为同一模式，如同是主机模式）通过vim文本编辑器来配置网卡设备的绑定参数，先逐个对参与网卡绑定的设备进行“初始设置”，这些原本独立的网卡设备不需要再有自己的IP地址等信息，让它们支持网卡绑定设备就可以了，然后还需要将绑定后的设备取名为bond0以及把IP地址等信息填写进去，这样当用户访问到相应服务的时候，实际上就是由这两块网卡设备共同的在提供服务。[root@linuxprobe ~]# vim /etc/sysconfig/network-scripts/ifcfg-eno16777736TYPE=EthernetBOOTPROTO=noneONBOOT=yesUSERCTL=noDEVICE=eno16777736MASTER=bond0SLAVE=yes[root@linuxprobe ~]# vim /etc/sysconfig/network-scripts/ifcfg-eno33554968TYPE=EthernetBOOTPROTO=noneONBOOT=yesUSERCTL=noDEVICE=eno33554968MASTER=bond0SLAVE=yes[root@linuxprobe ~]# vim /etc/sysconfig/network-scripts/ifcfg-bond0TYPE=EthernetBOOTPROTO=noneONBOOT=yesUSERCTL=noDEVICE=bond0IPADDR=192.168.10.10PREFIX=24DNS=192.168.10.1NM_CONTROLLED=no第3步：让内核支持网卡绑定驱动，常见的网卡绑定驱动模式有三种——mode0、mode1和mode6。比如对于一个提供NFS或者SAMBA服务的文件服务器来讲，如果只能提供百兆网络的最大传输速率，但同时下载用户又特别多的情况下，那么网络压力一定是极大的。再比如是一个提供iscsi服务的网络存储服务器，在生产环境中网卡的可靠性是极为重要的，这种情况下就必须同时能够保证网络的传输速率以及网络的安全性，因此比较好的选择就是mode6方案了，因为mode6平衡复杂模式能够让两块网卡同时一起工作，当其中一块网卡出现故障后能自动备援，提供了可靠的网络传输保障，并且不需要交换机设备支援。    mode0平衡负载模式:平时两块网卡均工作，且自动备援，采用交换机设备支援。    mode1自动备援模式:平时只有一块网卡工作，故障后自动替换为另外的网卡。    mode6平衡负载模式:平时两块网卡均工作，且自动备援，无须交换机设备支援。使用vim文本编辑器来创建一个网卡绑定内核驱动文件，使得bond0网卡设备能够支持绑定技术（bonding），同时定义网卡绑定为mode6平衡负载模式，且当出现故障时自动切换时间为100毫秒：[root@linuxprobe ~]# vim /etc/modprobe.d/bond.confalias bond0 bondingoptions bond0 miimon=100 mode=6第4步：重启网络服务后网卡绑定操作即可顺利成功，正常情况下只有bond0网卡才会有IP地址等信息：[root@linuxprobe ~]# systemctl restart network[root@linuxprobe ~]# ifconfigbond0: flags=5187<UP,BROADCAST,RUNNING,MASTER,MULTICAST> mtu 1500inet 192.168.10.10 netmask 255.255.255.0 broadcast 192.168.10.255inet6 fe80::20c:29ff:fe9c:637d prefixlen 64 scopeid 0x20<link>ether 00:0c:29:9c:63:7d txqueuelen 0 (Ethernet)RX packets 700 bytes 82899 (80.9 KiB)RX errors 0 dropped 6 overruns 0 frame 0TX packets 588 bytes 40260 (39.3 KiB)TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0eno16777736: flags=6211<UP,BROADCAST,RUNNING,SLAVE,MULTICAST> mtu 1500ether 00:0c:29:9c:63:73 txqueuelen 1000 (Ethernet)RX packets 347 bytes 40112 (39.1 KiB)RX errors 0 dropped 6 overruns 0 frame 0TX packets 263 bytes 20682 (20.1 KiB)TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0eno33554968: flags=6211<UP,BROADCAST,RUNNING,SLAVE,MULTICAST> mtu 1500ether 00:0c:29:9c:63:7d txqueuelen 1000 (Ethernet)RX packets 353 bytes 42787 (41.7 KiB)RX errors 0 dropped 0 overruns 0 frame 0TX packets 325 bytes 19578 (19.1 KiB)TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0可以在本地主机执行ping 192.168.10.10的命令来检查网络连通性，然后突然在虚拟机硬件配置中随机移除一块网卡设备，能够非常清晰的看到网卡切换的过程（最多有1个数据丢包）。[root@linuxprobe ~]# ping 192.168.10.10PING 192.168.10.10 (192.168.10.10) 56(84) bytes of data.64 bytes from 192.168.10.10: icmp_seq=1 ttl=64 time=0.109 ms64 bytes from 192.168.10.10: icmp_seq=2 ttl=64 time=0.102 ms64 bytes from 192.168.10.10: icmp_seq=3 ttl=64 time=0.066 msping: sendmsg: Network is unreachable64 bytes from 192.168.10.10: icmp_seq=5 ttl=64 time=0.065 ms64 bytes from 192.168.10.10: icmp_seq=6 ttl=64 time=0.048 ms64 bytes from 192.168.10.10: icmp_seq=7 ttl=64 time=0.042 ms64 bytes from 192.168.10.10: icmp_seq=8 ttl=64 time=0.079 ms^C--- 192.168.10.10 ping statistics ---8 packets transmitted, 7 received, 12% packet loss, time 7006msrtt min/avg/max/mdev = 0.042/0.073/0.109/0.023 ms2 ssh服务的配置：服务器拥有客户机的公钥后，客户机可以无需密码登录服务器第1步：在客户端主机中生成“密钥对”并把公钥传送到远程服务器中：[root@linuxprobe ~]# ssh-keygenGenerating public/private rsa key pair.Enter file in which to save the key (/root/.ssh/id_rsa):直接敲击回车或设置密钥的存储路径       Created directory '/root/.ssh'.Enter passphrase (empty for no passphrase): 直接敲击回车或设置密钥的密码Enter same passphrase again: 再次敲击回车或设置密钥的密码Your identification has been saved in /root/.ssh/id_rsa.Your public key has been saved in /root/.ssh/id_rsa.pub.The key fingerprint is:40:32:48:18:e4:ac:c0:c3:c1:ba:7c:6c:3a:a8:b5:22 root@linuxprobe.comThe key's randomart image is:+--[ RSA 2048]----+|+*..o .          ||*.o  +           ||o*    .          ||+ .    .         ||o..     S        ||.. +             ||. =              ||E+ .             ||+.o              |+-----------------+第2步：把客户端主机中生成好的公钥文件传送至远程主机：[root@linuxprobe ~]# ssh-copy-id 192.168.10.10The authenticity of host '192.168.10.20 (192.168.10.10)' can't be established.ECDSA key fingerprint is 4f:a7:91:9e:8d:6f:b9:48:02:32:61:95:48:ed:1e:3f.Are you sure you want to continue connecting (yes/no)? yes/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keysroot@192.168.10.10's password:此处输入远程服务器主机密码Number of key(s) added: 1Now try logging into the machine, with: "ssh '192.168.10.10'"and check to make sure that only the key(s) you wanted were added.第3步：设置服务器主机只允许密钥验证，拒绝传统口令验证方式，记得修改配置文件后保存并重启sshd服务程序哦~：[root@linuxprobe ~]# vim /etc/ssh/sshd_config  ………………省略部分输出信息……………… 74  75 # To disable tunneled clear text passwords, change to no here! 76 #PasswordAuthentication yes 77 #PermitEmptyPasswords no 78 PasswordAuthentication no 79  ………………省略部分输出信息………………[root@linuxprobe ~]# systemctl restart sshd第4步：在客户端主机尝试登陆到服务端主机，此时无需输入密码口令也可直接验证登陆成功：[root@linuxprobe ~]# ssh 192.168.10.10Last login: Mon Apr 13 19:34:13 2017