Linux运维第二十二讲

来源：互联网发布：怎样修改淘宝卖家地址编辑：程序博客网时间：2024/04/30 01:20

#######################

1.samba

########################################

1.1 服务的安装和用户的建立

1 yum install samba-client samba-common samba -y ##安装samba服务

5 systemctl stop firewalld.service ##关闭防火墙

6 setsebool -P samba_enable_home_dirs on ##初始状态为不允许访问家目录，此步操作为开启

7 getsebool -a | grep samba ##查看samba的sexlinux状态

samba_create_home_dirs --> off

samba_domain_controller --> off

samba_enable_home_dirs --> on

samba_export_all_ro --> off

samba_export_all_rw --> off

samba_portmapper --> off

samba_run_unconfined --> off

samba_share_fusefs --> off

samba_share_nfs --> off

sanlock_use_samba --> off

use_samba_home_dirs --> off

virt_sandbox_use_samba --> off

virt_use_samba --> off

8 systemctl start smb ##开启服务

9 smbpasswd -a student ##建立用户，此用户必须是电脑存在的用户（需要配置密码，密码可随意填写）

10 pdbedit -L ##查看用户列表

pdbedit -x student ##删除用户student

11 smbclient -L //172.25.254.124 -U student ##连接共享服务

12 smbclient //172.25.254.124/student -U student ##进入该用户家目录

smbclient //172.25.254.124/student -U student

Enter student's password:

Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]

smb: \> ls

. D 0 Thu Jul 10 19:06:52 2014

.. D 0 Thu Jul 10 18:19:09 2014

.bash_logout H 18 Wed Jan 29 07:45:18 2014

.bash_profile H 193 Wed Jan 29 07:45:18 2014

.bashrc H 231 Wed Jan 29 07:45:18 2014

.ssh DH 0 Thu Jul 10 18:19:10 2014

.config DH 0 Thu Jul 10 19:06:53 2014

40913 blocks of size 262144. 28582 blocks available

smb: \>

##########################################

1.2 共享目录

20 mkdir /jet ##建立测试目录

21 mkdir /ypa

22 vim /etc/samba/smb.conf ##修改配置文件

.....

workgroup = LINUXJET

321 [jet]

322 comment = this is myself mkdir

323 path = /jet

324 [ypa]

325 comment = this is ypa

326 path = /ypa

.....

23 systemctl restart smb.service

25 semanage fcontext -a -t samba_share_t '/jet(/.*)?' ##修改安全上下文只对，该目录有效。故保证ypa目录也可被访问，则需要修改selinux里面的

26 restorecon -FvvR /jet/

29 smbclient //172.25.254.124/jet -U student

smbclient //172.25.254.124/jet -U student

Enter student's password:

Domain=[LINUXJET](此处名字修改，即为主配置文件中22行的修改变量) OS=[Unix] Server=[Samba 4.1.1]

smb: \> ls

. D 0 Fri Mar 17 22:13:45 2017

.. D 0 Fri Mar 17 22:13:52 2017

40913 blocks of size 262144. 28546 blocks available

smb: \>

30 smbclient //172.25.254.124/ypa -U student

31 getsebool -a | grep samba

32 setsebool -P samba_export_all_rw on ##修改读写权限，包括系统目录及自建目录。这个开启后就与文件的安全上下文无关

[root@samba student]# smbclient -L //172.25.254.124 -U student

Enter student's password:

Domain=[LINUXJET](此处名字修改，即为主配置文件中22行的修改变量) OS=[Unix] Server=[Samba 4.1.1]

Sharename Type Comment

--------- ---- -------

jet Disk this is myself mkdir

ypa Disk this is ypa

IPC$ IPC IPC Service (Samba Server Version 4.1.1)

student Disk Home Directories

Domain=[LINUXJET] OS=[Unix] Server=[Samba 4.1.1]

Server Comment

--------- -------

Workgroup Master

--------- -------

#################################

1.3 samba 匿名访问

47 vim /etc/samba/smb.conf

....

125 map to guest = bad user

321 [jet]

322 comment = this is myself mkdir

323 path = /jet

324 guest ok = yes

....

48 systemctl restart smb.service

49 smbclient //172.25.254.124/jet ##测试

smbclient //172.25.254.124/jet

Enter root's password: ##直接回车就行

Domain=[LINUXJET] OS=[Unix] Server=[Samba 4.1.1]

smb: \> ls

. D 0 Fri Mar 17 22:13:45 2017

.. D 0 Fri Mar 17 22:13:52 2017

40913 blocks of size 262144. 28581 blocks available

smb: \>

51 mount //172.25.254.124/jet /mnt/ -o username=guest

52 df

Filesystem 1K-blocks Used Available Use% Mounted on

/dev/vda1 10473900 3156972 7316928 31% /

devtmpfs 481120 0 481120 0% /dev

tmpfs 496708 140 496568 1% /dev/shm

tmpfs 496708 13036 483672 3% /run

tmpfs 496708 0 496708 0% /sys/fs/cgroup

//172.25.254.124/jet 10473900 3156972 7316928 31% /mnt

53 cd /mnt/

54 ls -a

####################################

1.4 samba 共享目录的管理参数

84 useradd wula

85 smbpasswd -a wula

86 pdbedit -L

87 usermod -G student wula

88 id wula

89 vim /etc/samba/smb.conf

321 [jet]

322 comment = this is myself mkdir

323 path = /jet

324 guest ok = yes

325 #writable = yes ##可写权限，对全用户公开

326 #write list = +student ##可写权限，只限于某用户（直接加用户名）或某组（+，@组名）

#valid users = student ##允许那个用户登陆

#valid users = @student ## 允许那个用户组内成员登陆

#browseable = no ##是否显示分享目录

#admin users = wula ##赋予某用户管理员权限

#####################################

1.5 smb多用户挂载

服务端主配置文件：

......

[jet]

comment = this is myself mkdir

path = /jet

#guest ok = yes

#writable = yes

#write list = +student

#valid users = +student

......

客户端设置：

1000 yum install cifs-utils -y

1001 vim /root/passfile

username=student ##smb用户

password=1234 ##smb用户密码

1003 mount //172.25.254.124/jet /mnt/ -o credentials=/root/passfile,multiuser,sec=ntlmssp

1004 df

Filesystem 1K-blocks Used Available Use% Mounted on

/dev/sda3 307974224 23330728 284643496 8% /

devtmpfs 1868076 0 1868076 0% /dev

tmpfs 1881152 492 1880660 1% /dev/shm

tmpfs 1881152 9052 1872100 1% /run

tmpfs 1881152 0 1881152 0% /sys/fs/cgroup

/dev/sda1 508588 149320 359268 30% /boot

/dev/loop0 3947824 3947824 0 100% /var/www/html/rhel7.2

tmpfs 376232 24 376208 1% /run/user/1000

//172.25.254.124/jet 10473900 3157132 7316768 31% /mnt

1005 useradd wula

1007 passwd wula

1008 su - wula

ls /mnt ##查看失败

10 cifscreds add 172.25.254.124 ##做认证，密码输入为的smb用户密码

11 cd /mnt/

12 ls ##查看成功

1017 useradd la ##该用户不是smb中的用户

1018 passwd la

1019 su - la

1 cifscreds add 172.25.254.124 ##即使完成认证

2 cd /mnt

3 ls ##查看还是失败

（多用户挂载可以使得客户端多用户，共享该目录并且防止非smb用户对分享目录的访问，之前的smb用户依旧可以使用原本账户登陆）

####################################

2.ISCSI

2.1 服务端设置

2 yum install targetcli.noarch -y ##服务端服务

3 systemctl start target ##开启服务

4 systemctl enable target ##设置开机启动

5 systemctl status firewalld.service

fdisk /dev/vdb ##创建一2G的分区

[root@samba ~]# targetcli

targetcli shell version 2.1.fb34

For help on commands, type 'help'.

/> ls

o- / ..................................................................... [...]

o- backstores .......................................................... [...]

| o- block .............................................. [Storage Objects: 0]

| o- fileio ............................................. [Storage Objects: 0]

| o- pscsi .............................................. [Storage Objects: 0]

| o- ramdisk ............................................ [Storage Objects: 0]

o- iscsi ........................................................ [Targets: 0]

o- loopback ..................................................... [Targets: 0]

/> /backstores/block create westos:storage1 /dev/vdb1 ##关联分区

Created block storage object westos:storage1 using /dev/vdb1.

/> /iscsi create iqn.2017-03.com.westos:strage1

Created target iqn.2017-03.com.westos:strage1.

Created TPG 1.

/> /iscsi/iqn.2017-03.com.westos:strage1/tpg1/acls create iqn.2017-03.com.westos:key1

Created Node ACL for iqn.2017-03.com.westos:key1

/> /iscsi/iqn.2017-03.com.westos:strage1/tpg1/luns create /backstores/block/westos:storage1

Created LUN 0.

Created LUN 0->0 mapping in node ACL iqn.2017-03.com.westos:key1

/> /iscsi/iqn.2017-03.com.westos:strage1/tpg1/portals create 172.25.254.124

Using default IP port 3260

Created network portal 172.25.254.124:3260.

/> ls

o- / ..................................................................... [...]

o- backstores .......................................................... [...]

| o- block .............................................. [Storage Objects: 1]

| | o- westos:storage1 ............. [/dev/vdb1 (2.0GiB) write-thru activated]

| o- fileio ............................................. [Storage Objects: 0]

| o- pscsi .............................................. [Storage Objects: 0]

| o- ramdisk ............................................ [Storage Objects: 0]

o- iscsi ........................................................ [Targets: 1]

| o- iqn.2017-03.com.westos:strage1 ................................ [TPGs: 1]

| o- tpg1 ........................................... [no-gen-acls, no-auth]

| o- acls ...................................................... [ACLs: 1]

| | o- iqn.2017-03.com.westos:key1 ...................... [Mapped LUNs: 1]

| | o- mapped_lun0 ................... [lun0 block/westos:storage1 (rw)]

| o- luns ...................................................... [LUNs: 1]

| | o- lun0 .......................... [block/westos:storage1 (/dev/vdb1)]

| o- portals ................................................ [Portals: 0]

o- loopback ..................................................... [Targets: 0]

( clearconfig confirm=true ##这个是删除之前设置的)

2.2 客户端配置

4 yum install iscsi-initiator-utils.x86_64 -y

5 systemctl start iscsi

6 vim /etc/iscsi/initiatorname.iscsi

7 systemctl start iscsi

8 iscsiadm -m discovery -t st -p 172.25.254.124

9 systemctl restart iscsi

10 iscsiadm -m node -T iqn.2017-03.com.westos:strage1 -p 172.25.254.124 -l ##登陆该设备

11 fdisk -l

[root@maillinux ~]# fdisk -l

Disk /dev/vda: 10.7 GB, 10737418240 bytes, 20971520 sectors

Units = sectors of 1 * 512 = 512 bytes

Sector size (logical/physical): 512 bytes / 512 bytes

I/O size (minimum/optimal): 512 bytes / 512 bytes

Disk label type: dos

Disk identifier: 0x00013f3e

Device Boot Start End Blocks Id System

/dev/vda1 * 2048 20970332 10484142+ 83 Linux

Disk /dev/vdb: 10.7 GB, 10737418240 bytes, 20971520 sectors

Units = sectors of 1 * 512 = 512 bytes

Sector size (logical/physical): 512 bytes / 512 bytes

I/O size (minimum/optimal): 512 bytes / 512 bytes

Disk /dev/sda: 2147 MB, 2147483648 bytes, 4194304 sectors ##所分享出来的设备

Units = sectors of 1 * 512 = 512 bytes

Sector size (logical/physical): 512 bytes / 512 bytes

I/O size (minimum/optimal): 512 bytes / 4194304 bytes

mkfs.xfs /dev/sda ##格式化

mount /dev/sda /mnt ##挂载，相当于文件系统分享给客户端

umount /mnt ##先卸载

13 iscsiadm -m node -T iqn.2017-03.com.westos:strage1 -p 172.25.254.124 -u ##退出登陆

14 iscsiadm -m node -T iqn.2017-03.com.westos:strage1 -p 172.25.254.124 -o delete ##删除设置

vim /etc/iscsi/initiatorname.iscsi ##将该文件中的密码字符破坏即可

15 fdisk -l

Disk /dev/vda: 10.7 GB, 10737418240 bytes, 20971520 sectors

Units = sectors of 1 * 512 = 512 bytes

Sector size (logical/physical): 512 bytes / 512 bytes

I/O size (minimum/optimal): 512 bytes / 512 bytes

Disk label type: dos

Disk identifier: 0x00013f3e

Device Boot Start End Blocks Id System

/dev/vda1 * 2048 20970332 10484142+ 83 Linux

Disk /dev/vdb: 10.7 GB, 10737418240 bytes, 20971520 sectors

Units = sectors of 1 * 512 = 512 bytes

Sector size (logical/physical): 512 bytes / 512 bytes

I/O size (minimum/optimal): 512 bytes / 512 bytes

( systemctl restart iscsid ##开机启动加载的

systemctl restart iscsi ##永久性 )

0 0