catalogue
1, Build YUM software warehouse
2. Configure local source warehouse
5. Manage packages using yum tools
2. Set FTP service for anonymous user access (maximum permission)
preface
As an operation and maintenance personnel, they often have to contact with large-scale server groups in their work. Therefore, it is most appropriate to use the YUM software warehouse in the installation program and the NFS protocol in the shared data storage, which can avoid bringing additional maintenance expenses to the administrator, reduce the work of the administrator, and have higher efficiency.
1, Build YUM software warehouse
1. Concept of YUM
With the help of YUM software warehouse, you can complete tasks such as installation, uninstallation and automatic upgrade of rpm software package, and can automatically find and upgrade rpm software package
Solve the dependency between rpm packages without the administrator installing each rpm package one by one and manually, so that the administrator can maintain a large number of rpm packages
Linux servers are easier to use. Especially in a local network with a large number of Linux hosts, building a "source" server can
To greatly alleviate the dependence on the Internet for software installation and upgrade.
How to provide software warehouse
FTP service: FTP: / /
HTTP service: http:// ......
Local directory: file: / /
Source of RPM package
Collection of RPM packages published by CentOS
Collection of RPM packages published by third party organizations
User defined RPM package collection
2. Configure local source warehouse
mount /dev/sr0 /mnt #Mount the CD to the / mnt directory (provided that the virtual machine is mounted on the CD) cd /etc/yum.repos.d/ mkdir repos.bak mv *.repo repos.bak/ vim local.repo((enter the following 5 lines of commands) [local] #Warehouse category name=local #Warehouse name baseurl=file:///mnt # specifies that the URL access path is the CD mount directory enabled=1 #Open this yum source. This is the default item and can be omitted gpgcheck=O #Do not verify the signature of the package yum clean all && yum makecache ##Clean up the yum cache and update it yum repolist ###Check installation
3. Configure ftp source
3-1. Server configuration
Main ideas: (1) install vsftpd server software (2) create and make the source of yum remote ftp site (3) start ftp service
yum -y install vsftpd mkdir /var/ftp/centos7 #Create a disk mount directory mount /dev/sr0 /mnt #Mirror mount cp -rf /mnt/* /var/ftp/centos7/ & mkdir /var/ftp/other #Create directory repodata data file cd /var/ftp/other/ createrepo -g /media/cdrom/repodata/repomd.xml ./ #Tools to create warehouse data files systemctl start vsftpd systemctl is-enabled vsftpd #Check whether the system starts automatically systemctl enabled vsftpd #Startup self startup
3-2. Client configuration
Main ideas: (1) create the configuration file of remote Yum source ( 2) Verify the results by installing the software using yum
yum install ftp -y cd /etc/yum.repos.d/ ls mkdir repo.bak mv CentOS-* repo.bak/ ls vim /etc/yum.repos.d/ftp.repo [ftp] #Warehouse category name=ftp #Warehouse name (description) baseurl=ftp://192.168.10.20/cetnos7 #url access path enabled=1 #Enable this software warehouse gpgcheck=1(or=0 notes:(do not use validation here) #Verify the signature of the package gpgkey=file:///Etc / PKI / RPM GPG / rpm-gpg-key-cent0s-7 / / location of GPG public key file [other] name=ftp baseurl=ftp://192.168.10.20/other enabled=1 #Enable this software warehouse gpgcheck=0 #Verify the signature of the package yum clean all yum makecache
4. Configure network source
4-1. centos7 Tsinghua source
vim CentoS7-Base-tsinghua.repo [base] name=CentOS-$releasever - Base baseurl=http://mirrors.tuna.tsinghua.edu.cn/centos/$releasever/os/$basearch/ gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 #released updates [updates] name=CentOS-$releasever - Updates baseurl=http://mirrors.tuna.tsinghua.edu.cn/centos/$releasever/updates/$basearch/ gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 #additional packages that may be useful [extras] name=CentOS-$releasever - Extras baseurl=http://mirrors.tuna.tsinghua.edu.cn/centosl$releasever/extras/$basearch/ gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 #additional packages that extend functionality of existing packages [centosplus] name=CentOS-$releasever - Plus baseurl=http://mirrors.tuna.tsinghua.edu.cn/centos/$releasever/centosplus/$basearch/ gpgcheck=1 enabled=0 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Centos-7
4-2, 163 yum source
Download link: wget http://mirrors.163.com/.help/CentOS7-Base-163.repo vim CentOS7-Base-163.repo #Edit 163 yum network source [base] name=CentOS-$releasever - Base - 163.com #mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os baseurl=http://mirrors.163.com/centos/$releasever/os/$basearch/ gpgcheck=1 gpgkey=http://mirrors.163.com/centos/RPM-GPG-KEY-CentOs-7 #released updates [updates] name=CentOS-$releasever - Updates - 163.com #mirrorlist=http://mirrorlist.centos.org/release=$releaseveraarch=$basearch&repo=updates baseurl=http://mirrors.163.com/centos/$releasever/updates/$basearch/ gpgcheck=1 gpgkey=http://mirrors.163.com/centos/RPM-GPG-KEY-CentOS-7 #additional packages that may be useful [extras] name=CentOS-$releasever - Extras - 163.com #mirrorlist=http://mirrorlist.centos.org/release=$releasever&arch=$basearch&repo=extras baseurl=http://mirrors.163.com/centos/$releasever/extras/$basearch/ gpgcheck=1 gpgkey=http://mirrors.163.com/centos/RPM-GPG-KEY-Centos-7 #additional packages that extend functionality of existing packages [centosplus] name=CentOS-$releasever - Plus - 163.com baseurl=http://mirrors.163.com/centos/$releasever/centosplus/$basearch/ gpgcheck=1 enabled=0 gpgkey=http://mirrors.163.com/centos/RPM-GPG-KEY-CentOS-7
4-3. Aliyuan
Download address: wget http://mirrors.aliyun.com/repo/Centos-7.repo
vim Centos7-Base-aliyun.repo #Edit Alibaba cloud yum network source
[base]
name=CentOS-$releasever - Base - mirrors.aliyun.com
failovermethod=priority
baseurl=http://mirrors.aliyun.com/centos/$releasever/os/$basearch/
http://mirrors.aliyuncs.com/centos/$releaseverlos/$basearch/
http://mirrors.cloud.aliyuncs.com/centos/$releasever/os/$basearch/
gpgcheck=1
gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-Centos-7
#released updates
[updates]
name=CentOS-$releasever - Updates - mirrors.aliyun.com
failovermethod=priority
baseurl=http://mirrors.aliyun.com/centos/$releasever/updates/$basearch/
http://mirrors.aliyuncs.com/centosl$releasever/updates/$basearch/
http://mirrors.cloud.aliyuncs.com/centosl$releasever/updates/$basearch/
gpgcheck=1
gpgkey=http: / /mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOs-7
#additional packages that may be useful
[extras]
name=CentOS-$releasever - Extras - mirrors.aliyun.com
failovermethod=priority
baseurl=http://mirrors.aliyun.com/centos/$releasever/extras/$basearch/
http://mirrors.aliyuncs.com/centos/$releasever/extras/$basearch/
http://mirrors.cloud.aliyuncs.com/centos/$releasever/extras/$basearch/
gpgcheck=1
gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7
#additional packages that extend functionality of existing packages
[centosplus]
name=CentOS-$releasever - Plus - mirrors.aliyun.com
failovermethod=priority
baseurl=http://mirrors.aliyun.com/centos/$releasever/centosplus/$basearch/
http://mirrors.aliyuncs.com/centos/$releasever/centosplus/$basearch/
http://mirrors.cloud.aliyuncs.com/centos/$releasever/centosplus/$basearch/
gpgcheck=1
enabled=0
gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7
#contrib - packages by Centos Users
[contrib]
name=Centos-$releasever - Contrib - mirrors.aliyun. com
failovermethod=priority
baseurl=http://mirrors.aliyun.com/centos/$releasever/contrib/$basearch/
http://mirrors.aliyuncs.com/centos/$releasever/contrib/$basearch/
http://mirrors.cloud.aliyuncs.com/centos/$releasever/contrib/$basearch/
gpgcheck=1
enabled=0
gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7
5. Manage packages using yum tools
yum Common operation commands: yum -y install Software name #Install and upgrade software packages. The "- y" option indicates automatic confirmation yum -y remove Software name #Uninstalling a package automatically resolves its dependencies yum -y update Software name #Upgrade package yum list #Query package list yum list installed #Query the installed software packages in the system yum list available #Query for packages not installed in the warehouse yum list updates #Query packages that can be upgraded Case list search RPM package(Two methods) yum search vim yum list | grep "vim" yum info Software name #Query package description yum info httpd yum search [all] key word #Find relevant software packages according to a keyword yum search all httpd yum whatprovides command #Which package does the query command belong to yum whatprovides netstat download RPM Package without installation # yum install package name -y --downloadonly # yum reinstall -y bash --downloadonly #Download the installed rpm package # yum install Package name -y --downloadonly --downloaddir=/tmp/ #Download the RPM package to the specified directory yum history Check the history to find the package it depends on, and then delete it, as:yum history list List recent history yum history info id List the details of a, yum history undo id Undo a change yum history help view help
2, FTP
1. FTP concept
FTP (File Transfer Protocol): the protocol used to transfer files on the Internet.
VSFTP full name (very secure FTP), also known as FTP
VSFTP mode: C/S mode
By default, the FTP server uses ports 20 and 21 of TCP protocol to communicate with the client
Port 20 is used to establish data connection and transfer file data
Port 21 is used to establish control connection and transmit FTP control command. FTP data connection is divided into active mode and passive mode
Active mode: the server initiates data connection actively
Passive mode: the server passively waits for the data connection
yum install -y vsftpd cd /etc/vsftpd/ cp vsftpd.conf vsftpd.conf.bak
2. Set FTP service for anonymous user access (maximum permission)
#Modify profile
vim /etc/vsftpd/vsftpd.conf
anonymous enable=YES #Enable anonymous user access. Enabled by default
write_enable=YES #Open the write permission of the server (to upload, it must be enabled). Enabled by default
anon_umask=022 #Set the permission mask (unmask) of the data uploaded by anonymous users.
anon_upload_enable=YES #Allow anonymous users to upload files. It is annotated by default and needs to be uncommented
anon_mkdir_write_enable=YES #Allow anonymous users to create (upload) directories. It is annotated by default and needs to be uncommented
anon_other_write_enable =YES #Delete, rename, overwrite and other operations are allowed. Need to add
chmod 777 /var/ftp/pub/ #Set the maximum permission for anonymous access to the pub subdirectory under the root directory of ftp for anonymous use
User upload data
systemctl restart vsftpd #restart
If an error occurs, enter vim /var/log/messages or tail -f /var/log/messages Command, view the log file and find the cause of the error.
#Turn on services, turn off firewalls and enhanced security features
systemctl start vsftpd
systemctl stop firewalld
setenforce o
#Anonymous access test
stay windows The system opens the start menu and enters cmd Command opens the command prompt
#Establish ftp connection
ftp 192.168.80.10
#Anonymous access. The user name is ftp and the password is blank. You can log in directly by pressing enter
ftp> pwd #The root directory of anonymous FTP access is / var/ftp / directory of Linux system
ftp> ls #View current directory
ftp> cd pub #Switch to the pub directory
ftp> get file name #Download the file to the Current windows local directory
ftp> put file name #Upload files to ftp directory
ftp> quit #sign out
3. Set local user authentication to access ftp, and prohibit switching to directories other than ftp (tacit login) The root directory of the record is the home directory of the local user)
#Modify profile vim /etc/vsftpd/vsftpd.conf local_enable=Yes #Enable local users anonymous_enable=NO #Turn off anonymous user access write_enable=YES #Open the write permission of the server (to upload, it must be enabled) local_umask=077 #You can set the permission (unmask) that only the host user has the uploaded file chroot_local_user=YES #Imprison access in the user's host directory allow_writeable_chroot=YES #Allow restricted user home directory to have write permission #anon mkdir write enable=YES comment #anon_other_write_enable=YES comment systemctl restart vsftpd Restart service
vim letc/vsftpd/vsftpd.conf
userlist_enable=YEs#Enable user_list user list file
userlist_deny=NO #Set the white list. Only users are allowed_ User access to the list file. The default value is YES, which is blacklist and forbidden
use
3, NFS shared services
1. NFS (Network File System)
RPC dependent (remote procedure call)
NFS utils and rpcbind packages need to be installed
System services: nfs, rpcbind
Shared configuration file: / etc/exports
The implementation of NFS service depends on RPC (remote process call) mechanism to complete remote to local operation
Ground mapping process. In CentOS 7. In the system, NFS utils and rpcbind packages need to be installed to provide NFS Shared services,
The former is used for NFS share publishing and access, and the latter is used for RPC support. When manually loading NFS shared services, it should be started first
rpcbind, restart nfs.
nfs port number 2049
RPC port number 111
2. Characteristics
Use TCP/IP to transmit network files
Low safety
Easy to operate
Suitable for LAN environment
3. Steps
Installing nfs and rpcbind software
Modify profile settings sharing
Create shared directory
Open service
The client verifies that the shared directory is accessible
rpm -q rpcbind nfs-utils
yum install -y nfs-utils rpcbind
rpcinfo -p localhost #View the details of localhost
vim /etc/exports #The configuration file for NFS is / etc/exports, and the file content is empty by default (without any share)
/opt/web 192.168.10.0/24 (rw, sync,no_root_squash) #/The opt/web permission is 192.168.10.0/24
Network segments can be read and written, synchronized, and the parent directory is not verified
Common options:
rw Indicates that reading and writing are allowed
ro Represents as read-only
sync Indicates synchronous writing to memory and hard disk
no_root_squash Indicates that when the client root Give local identity when accessing root Permissions (default is root_squash),If you don't add that
The client cannot edit or write files in it because it defaults to nfsnobody Permissions for
root_squash Represents the client root When a user accesses the shared directory, the root Mapping users to anonymous users
Other common options:
all_squash All access users are mapped to anonymous users or user groups
async Save the data in the memory buffer first and write to the disk when necessary. It is fast, but data will be lost
subtree_check(default) If the output directory is a subdirectory, then nfs The server will check the permissions of its parent directory
no _subtree_check Even if the output directory is a subdirectory, nfs The server also does not check the permissions of its parent directory, which can improve efficiency
systemctl start rpcbind //You need to start the rpc service first because nfs needs to register ports with rpc
systemctl start nfs
systemctl enable rpcbind rpcbind Startup self startup
systemctl enable nfs
Detailed process:
Server: IP It's 192.168.10.20
yum install -y nfs-utils rpcbind
systemctl start rpcbind #You need to start the rpc service first because nfs needs to register ports with rpc
systemctl start nfs
netstat -anup | grep rpc
rpcinfo -p localhost #View the port information registered with rpc by nfs
vim /etc/exports #The configuration file for NFS is / etc/exports, and the file content is empty by default (without any share)
/opt/web 192.168.10.0/24(rw,sync,no_root_squash) #/opt/web permission is 192.168.10.0/24 (network segment)
According to the actual situation), all network segments can be read and written, synchronized, and the parent directory is not verified
systemctl restart rpcbind #restart
systemctl restart nfs #restart
exportfs -v
mkdir /opt/web
showmount -e localhost
client: IP It's 192.168.10.21
yum install -y nfs-utils rpcbind
systemctl stop firewalld
systemctl disable firewalld
setenforce 0
showmount -e 192.168.10.20 #Client authentication share
yum install -y httpd
mount -t nfs 192.168.10.20:/opt/web /var/www/html/ #Mount the shared directory to the web page directory
df -h
vim /etc/fstab #This command can be permanently mounted, not here for the time being
cd /var/www/html/
echo "this is kk" >> /var/www/html/index.html
systemctl restart httpd #Start web Service
Next, you can enter 192 on the browser.168.10.21,Can get this is kk
Input on the server cd /opt/web/Then enter cat index.html,Will appear this is kk
umount -lf /var/www/ html #Adding lf parameter can force unloading
summary
It can be said that yum warehouse and NFS service have great advantages in the face of large-scale server clusters, reducing the burden of administrators.