N77-第三周作业
1. yum私有仓库的实现及博客输出
1.1环境准备
关闭SELinux和防火墙,在进行yum仓库搭建
关闭SELinux
[root@localhost ~]# sed -i '/^SELINUX=/c SELINUX=disabled' /etc/selinux/config
关闭防火墙
[root@localhost ~]# systemctl disable --now firewalld
[root@localhost ~]# systemctl status firewalld.service
○ firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; preset: enabled)
Active: inactive (dead)
Docs: man:firewalld(1)
1.2安装httpd服务并启动
[root@localhost yum.repos.d]# yum -y install httpd
[root@localhost yum.repos.d]# systemctl start httpd.service
[root@localhost yum.repos.d]# systemctl status httpd.service
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; preset: disabled)
Active: active (running) since Tue 2023-06-13 08:45:04 CST; 34s ago
Docs: man:httpd.service(8)
Main PID: 1687 (httpd)
Status: "Total requests: 0; Idle/Busy workers 100/0;Requests/sec: 0; Bytes served/sec: 0 B>
Tasks: 213 (limit: 17386)
Memory: 31.0M
CPU: 101ms
CGroup: /system.slice/httpd.service
├─1687 /usr/sbin/httpd -DFOREGROUND
├─1688 /usr/sbin/httpd -DFOREGROUND
├─1689 /usr/sbin/httpd -DFOREGROUND
├─1690 /usr/sbin/httpd -DFOREGROUND
└─1691 /usr/sbin/httpd -DFOREGROUND
Jun 13 08:45:04 localhost.localdomain systemd[1]: Starting The Apache HTTP Server...
Jun 13 08:45:04 localhost.localdomain httpd[1687]: AH00558: httpd: Could not reliably determine t>
Jun 13 08:45:04 localhost.localdomain httpd[1687]: Server configured, listening on: port 80
Jun 13 08:45:04 localhost.localdomain systemd[1]: Started The Apache HTTP Server.
lines 1-20/20 (END)
1.3检查http服务是否有效
在浏览器地址栏中输入本机的IP
1.4将互联网的epel源以及源数据下载到本地服务器,并指定目录到 /var/www/html/epel
[root@localhost ~]# yum repolist
repo id repo name
appstream Rocky Linux 9 - AppStream
baseos Rocky Linux 9 - BaseOS
extras Rocky Linux 9 - Extras
[root@localhost ~]# dnf reposync --repoid=baseos --download-metadata -p /var/www/html/epel
1.5数据下载完成后,输入网址验证
1.6在客户机中配置yum源
进入/etc/yum.repos.d/目录,将本机自己的yum配置文件移除或者删除
[root@localhost ~]# cd /etc/yum.repos.d/
[root@localhost yum.repos.d]# ls
rocky-addons.repo rocky-devel.repo rocky-extras.repo rocky.repo
[root@localhost yum.repos.d]# mkdir backup
[root@localhost yum.repos.d]# mv *.repo backup/
[root@localhost yum.repos.d]# ls
backup
新建.repo为后缀的文件
[root@localhost yum.repos.d]# vim base.repo
[BaseOS]
name=BaseOS
baseurl=https://mirror.nju.edu.cn/rocky/$releasever/BaseOS/$basearch/os/
gpgcheck=0
[AppStream]
name=AppStream
baseurl=https://mirror.nju.edu.cn/rocky/$releasever/AppStream/$basearch/os/
gpgcheck=0
[epel]
name=epel repo
baseurl=http://192.168.93.130/epel/epel/
gpgcheck=0
1.7验证客户机yum仓库是否生效
[root@localhost yum.repos.d]# yum -y install zvbi.x86_64
Last metadata expiration check: 0:00:36 ago on Tue Jun 13 11:29:16 2023.
Dependencies resolved.
==================================================================================================
Package Architecture Version Repository Size
==================================================================================================
Installing:
zvbi x86_64 0.2.35-1.el7 epel 415 k
Installing dependencies:
libpng15 x86_64 1.5.30-14.el9 AppStream 91 k
Transaction Summary
==================================================================================================
Install 2 Packages
Total download size: 507 k
2. 阅读《图解TCP/IP》一书,地址:https://leon-wtf.github.io/doc/图解TCPIP.pdf,有时间的可以写下读书笔记(选做)
暂时没时间
3.画图 TCP协议和三次握手及四次挥手,可以参考别人的,但是需要自己画一次
3.1三次握手
三次握手(Three-way Handshake)是指在建立一个TCP连接时,客户端和服务器会一共发送三个报文段。
初始时客户端和服务器都处于CLOSED状态,当服务器应用程序创建一个监听套接字时,服务器处于LISTEN状态。
1.第一次握手:客户端向服务器发送一个SYN报文段,报文段的首部中的标志位SYN置为1,另外还会指明自己的初始化序号seq=x,此时客户端处于SYN_SENT状态。
2.第二次握手:服务器收到SYN的报文段后,会以自己的SYN-ACK报文进行应答。该应答报文的首部有三个重要信息:首先SYN被置为1;其次,确认号字段ack=x+1;最后服务器选择自己的初始序号seq=y。该报文段表明:“我收到了你发起建立连接的请求,该请求报文的初始序号是x(确认号ack=x+1就表明了我收到了初始序号seq=x的报文),我同意建立该连接,我的初始序号是y。”此时服务器处于SYN_RCVD状态。
3.第三次握手:客户端收到SYN-ACK报文后,会发送一个ACK报文段,该报文段中序号seq=x+1,确认号ack=y+1,表明我已经收到了你的确认。此时客户端处于ESTABLISHED状态。
服务器收到 ACK 报文之后,也处于 ESTABLISHED 状态,此时,双方以建立起了链接。
需要注意的是:第一次握手和第二次握手都只是消耗掉一个序号,但不能携带数据;第三次握手可以携带数据。
3.2四次挥手
四次挥手也就是客户端与服务器断开连接时,需要一共发送四个报文段来完成断开TCP连接。
初始时,客户端与服务器都处于ESTABLISHED状态,假如客户端发起断开连接的请求(服务器也可以发起),四次挥手过程如下:
1.第一次挥手:客户端发送一个FIN报文段,报文段中指定序号seq=u。此时客户端处于FIN_WAIT_1状态。
2.第二次挥手:服务器收到FIN报文后,立即发送一个ACK报文段,确认号为ack=u+1,序号设为seq=v。表明已经收到了客户端的报文。此时服务器处于CLOSE_WAIT状态。
在第二次挥手和第三次挥手之间的时间段内,由于只是半关闭的状态,数据还是可以从服务器传送到客户端的。
3.第三次挥手:如果数据传送完毕,服务器也想断开连接,那么就发送一个FIN报文,并重新指定一个序号seq=w,确认号还是ack=u+1,表明可以断开连接。
4.第四次挥手:客户端收到报文后,一样发出一个ACK报文段做出应答,上一次客户端发送的报文段序号为u,那么这次序号就是seq=u+1,确认号为ack=w+1。此时客户端处于TIME_WAIT状态,需要经过一段时间确保服务器收到自己的应答报文后,才会进入CLOSED状态。
服务器收到ACK报文后,就关闭连接,也处于CLOSED状态了。
4. 静态配置网卡IP,centos/ubuntu实现
4.1centos静态配置网卡IP
查看网卡状态
[root@localhost ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:b5:da:50 brd ff:ff:ff:ff:ff:ff
altname enp2s1
altname ens33
inet 192.168.93.130/24 brd 192.168.93.255 scope global dynamic noprefixroute eth0
valid_lft 1536sec preferred_lft 1536sec
inet6 fe80::20c:29ff:feb5:da50/64 scope link
valid_lft forever preferred_lft forever
修改网卡改为静态IP地址配置文件内容如下:vim /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
NAME=eth0
BOOTPROTO=static
IPADDR=10.0.0.4
PREFIX=24
GATEWAY=10.0.0.2
DNS1=10.0.0.2
~
重启网卡服务:systemctl restart network-online.target
[root@localhost ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:b5:da:50 brd ff:ff:ff:ff:ff:ff
altname enp2s1
altname ens33
inet 10.0.0.4/24 brd 10.0.0.255 scope global noprefixroute eth0
valid_lft 1536sec preferred_lft 1536sec
inet6 fe80::20c:29ff:feb5:da50/64 scope link
valid_lft forever preferred_lft forever
4.2ubuntu静态配置网卡IP
打开网卡配置文件:vim /etc/netplan/50-cloud-init.yaml
# This file is generated from information provided by
# the datasource. Changes to it will not persist across an instance.
# To disable cloud-init's network configuration capabilities, write a file
# /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg with the following:
# network: {config: disabled}
network:
version: 2
ethernets:
eth0:
dhcp4: true
match:
macaddress: 00:16:3e:03:fa:95
set-name: eth0
编辑配置文件如下:
# This file is generated from information provided by
# the datasource. Changes to it will not persist across an instance.
# To disable cloud-init's network configuration capabilities, write a file
# /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg with the following:
# network: {config: disabled}
network:
ethernets:
eth0:
dhcp4: false
addresses: [10.0.0.129/24 ]
optional: true
gateway: 10.0.0.2
nameservers:
match:
macaddress: 00:16:3e:03:fa:95
set-name: eth0
使网卡配置文件生效命令如下:netplan apply
5. 实现免密登陆脚本, expect登陆远程主机,将生成的密钥写入到目标主机, expect测试远程登陆。
1)通过shift读取脚本参数
2)通过select来选择功能.例如功能有
-
安装mysql
-
安装apache
-
免密钥登陆主机
当前我们只实现免密钥登陆主机
3)通过函数封装每个功能
4)将免密钥登陆的过程可以重复进行, while 循环实现重复,需要有退出过程。当用户输入exit时,退出免密钥功能。
5)支持输入一批主机免密钥,使用数组 实现
安装expect
[root@localhost ~]# yum -y install expect
已加载插件:fastestmirror, langpacks
Determining fastest mirrors
* base: ftp.sjtu.edu.cn
* extras: mirrors.aliyun.com
* updates: mirrors.aliyun.com
base | 3.6 kB 00:00:00
extras | 2.9 kB 00:00:00
updates | 2.9 kB 00:00:00
updates/7/x86_64/primary_db | 21 MB 00:00:04
正在解决依赖关系
--> 正在检查事务
---> 软件包 expect.x86_64.0.5.45-14.el7_1 将被 安装
--> 正在处理依赖关系 libtcl8.5.so()(64bit),它被软件包 expect-5.45-14.el7_1.x86_64 需要
--> 正在检查事务
---> 软件包 tcl.x86_64.1.8.5.13-8.el7 将被 安装
--> 解决依赖关系完成
依赖关系解决
==================================================================================================
Package 架构 版本 源 大小
==================================================================================================
正在安装:
expect x86_64 5.45-14.el7_1 base 262 k
为依赖而安装:
tcl x86_64 1:8.5.13-8.el7 base 1.9 M
事务概要
==================================================================================================
安装 1 软件包 (+1 依赖软件包)
总下载量:2.1 M
安装大小:4.9 M
Downloading packages:
(1/2): expect-5.45-14.el7_1.x86_64.rpm | 262 kB 00:00:00
(2/2): tcl-8.5.13-8.el7.x86_64.rpm | 1.9 MB 00:00:00
--------------------------------------------------------------------------------------------------
总计 2.0 MB/s | 2.1 MB 00:00:01
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
正在安装 : 1:tcl-8.5.13-8.el7.x86_64 1/2
正在安装 : expect-5.45-14.el7_1.x86_64 2/2
验证中 : 1:tcl-8.5.13-8.el7.x86_64 1/2
验证中 : expect-5.45-14.el7_1.x86_64 2/2
已安装:
expect.x86_64 0:5.45-14.el7_1
作为依赖被安装:
tcl.x86_64 1:8.5.13-8.el7
完毕!
编写脚本
#!/bin/bash
color () {
RES_COL=60
MOVE_TO_COL="echo -en \\033[${RES_COL}G"
SETCOLOR_SUCCESS="echo -en \\033[1;32m"
SETCOLOR_FAILURE="echo -en \\033[1;31m"
SETCOLOR_WARNING="echo -en \\033[1;33m"
SETCOLOR_NORMAL="echo -en \E[0m"
echo -n "$1" && $MOVE_TO_COL
echo -n "["
if [ $2 = "success" -o $2 = 0 ] ;then
${SETCOLOR_SUCCESS}
echo -n $" ok "
elif [ $2 = "failure" -o $2 = "1" ] ;then
${SETCOLOR_FAILURE}
echo -n $"FAILED"
else
${SETCOLOR_WARNING}
fi
${SETCOLOR_NORMAL}
echo -n "]"
echo
}
#实现ssh自动登录
ssh_host() {
USER=root
PASSWORD=123456
while true;do
read -p "请输入ip(q退出):" IP
[[ $IP =~ ^(q|Q)$ ]] && exit;
[[ $IP =~ ^([0-9]{1,3}\.){3}[0-9]{1,3}$ ]] || { echo "IP不合法,请重新输入";continue; }
break;
done
#read -p "请输入用户名:" USER
#read -p "请输入密码:" PASSWORD
expect <<EOF
set timeout 20
spawn ssh-copy-id $IP
expect {
"yes/no" { send "yes\n";exp_continue }
"password" {send "$PASSWORD\n" }
}
expect eof
EOF
#while true;do
read -p "是否继续登录$IP(y/q):" Y
[[ $Y =~ y|Y ]] && ssh $IP || continue;
[[ $Y =~ q|Q ]] && break;
#done
#expect <<EOF
#set timeout 20
#spawn ssh $IP
#expect {
# "root@$IPs password" { send "123456\n" }
#}
#expect eof
#EOF
}
install_mysql(){
yum install -y mysql
}
install_apache(){
yum install -y httpd
}
#菜单
menu() {
while true;do
PS3="请输入指令(1-4):"
select MENU in 安装mysql 安装apache 免密登录远程主机 退出脚本;do
case $REPLY in
1)
install_mysql
break
;;
2)
install_apache
break
;;
3)
ssh_host
break
;;
4)
echo 退出!
exit
;;
esac
done
done
}
menu
运行脚本
[root@localhost data]# . week3-script.sh
1) 安装mysql
2) 安装apache
3) 免密登录远程主机
4) 退出脚本
请输入指令(1-4):3
请输入ip(q退出):47.108.224.44
spawn ssh-copy-id 47.108.224.44
/usr/bin/ssh-copy-id: ERROR: No identities found
expect: spawn id exp4 not open
while executing
"expect eof"
是否继续登录47.108.224.44(y/q):y
root@47.108.224.44's password:
Welcome to Ubuntu 22.04.2 LTS (GNU/Linux 5.15.0-71-generic x86_64)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage
System information as of Thu Jun 15 10:06:20 AM CST 2023
System load: 0.0 Processes: 109
Usage of /: 7.8% of 39.01GB Users logged in: 0
Memory usage: 20% IPv4 address for eth0: 172.29.48.19
Swap usage: 0%
* Strictly confined Kubernetes makes edge and IoT secure. Learn how MicroK8s
just raised the bar for easy, resilient and secure K8s cluster deployment.
https://ubuntu.com/engage/secure-kubernetes-at-the-edge
Expanded Security Maintenance for Applications is not enabled.
27 updates can be applied immediately.
6 of these updates are standard security updates.
To see these additional updates run: apt list --upgradable
Enable ESM Apps to receive additional future security updates.
See https://ubuntu.com/esm or run: sudo pro status
Welcome to Alibaba Cloud Elastic Compute Service !
You have no mail.
Last login: Thu Jun 15 10:00:30 2023 from 119.143.122.11
[root@ljh-ubuntu ~]#