Declaration of documents
- This article only makes a record of my rhce exercises and commemorates my test experience. No promotion or advertising is involved.
- The question bank in this article originates from Taobao Environment (referring to which set of environment a general friend knows clearly, if you really don't know, you can leave a message for me, I can contribute one. When we went to the examination room that day, we found that the exercise environment used in the Jing'an examination room was also "Taobao environment". We had to say that the question bank was more accurate.
- "Taobao Environment" first 1-6 questions, because most of the graphical interface can be directly used to answer questions, to avoid the whole picture, the first 1-6 questions, will only list the key steps, specific steps refer to the "Taobao Environment" supporting teaching video solutions. This article will start with the seventh question and provide a detailed reference solution.
On the Mentality of Exercising Questions
- At the beginning of exercises, there will certainly be many unfamiliar places. It is suggested that we can do targeted exercises. We can do exercises on the difficult questions first, but we must remember the dependence between the questions and the questions.
- It must be noted that it is most important to seek advice from others on how to solve problems for your own reference, and to find ways and means that suit you.
- Listen less to some candidates complaining about the examination environment and so on. You have to believe that as long as you practice well and garbage environment, you can guarantee that you can pass the exam. Of course, you can also find that the candidates who like to complain do not do well in their own practice.
- CE exercises, we must let oneself to a glance at the topic to know the problem solving steps such a realm, first think about the answer steps in mind, then answer questions.
- After a command has been struck in the exam, it is strongly recommended not to knock back immediately, check your own command again, and then return after you confirm that it is correct. You have to believe that debugging takes a lot more time than checking, and sometimes once you make a wrong order, you may not be able to continue the rest of the problem. For example, when partitioning, you accidentally allocate four main partitions, but you will not delete the partition, which directly leads to your later topic on partition can not be carried out. The loss outweighs the gain!
- After completing the exam, it is strongly recommended to press the sync command to force synchronization of data to the hard disk first, then close system 2 (client) and then system 1 (server). When booting, system 1 (server) and system 2 (client) should be turned on first. The reason is that system 1 provides services and system 2 mounts services. If the order of the switch is incorrect, there is a great possibility that the mount will fail! __________
- In addition, when mounting iscsi network storage, we must pay attention to adding _netdev parameter to prevent the failure of mounting due to network reasons!
- People who practise martial arts are not afraid to practise tens of millions of tricks, but they are afraid to practise tens of millions of times. Wish you all a smooth exam!
Examination background
Examination venue: Shanghai Jing'an Examination Center (Shanghai Jing'an District is also such a test venue, in order to avoid suspicion of advertising, specific location please inquire for yourself, or leave a message directly to me)
Examination room environment: the system is RedHat 7.064 bits, using kvm virtual machine, so pay attention to the hard disk is / dev/vd*
Examination time: 6 September 2019
If we make a classification of RHCE question bank, then my classification is as follows:
- Posfix mail service class
- samba shared service class
- nfs shared service class
- Apache web service class
- Script class
- iscsi network storage class
- MariaDB database class
The overall steps of solving the problem are as follows:
- If installation services are required, priority should be given to installation services.
- If you need to create folders, create folders first (and set selinux context)
- If you need to create a service account, create a service account first
- Write configuration files
- Restart the service and add the service to the boot start item
- Set up the corresponding firewall (use rich rule filtering in the firewall first, because rich rule has the highest priority)
- A simple test
There are many steps in RHCE exam. It is very difficult to pass the exam if you memorize them by rote. But if you follow the above steps, you will not forget the steps in most cases. I will provide my steps below for your reference.
Taobao question bank
Environmental description:
System 1.group8.example.com: 172.24.8.11/24 as a server
System 2.group8.example.com: 172.24.8.12/24 as the client
server.group8.example.com provides YUM software repository, the URL is http://server.group8.example....
System 1 and system 2 need to configure the yum repository first
system1andsystem2
[root@system1 Desktop]# vim /etc/yum.repos.d/rhce.repo [root@system1 Desktop]# yum clean all [root@system1 Desktop]# yum makecache
Contents in the rhce.repo file
[rhce] name=rhce baseurl=http://server.group8.example.com/yum enabled=1 gpgcheck=0
Topic 1: Setting SELinux
On system 1 and system 2, SELinux is required to work in enforcing mode:
1. Require the system to remain in effect after restart.
Reference to problem solving steps:
system1andsystem2
[root@system1 Desktop]# vim /etc/selinux/config
Question 2: Configuring firewalls
Please set up the firewall system on System 1 and system 2 according to the following requirements:
1. Allow customers in the group8.example.com domain to ssh system 1 and system 2.
2. Prohibit customers in my133t.org domain from ssh access to system 1 and system 2.
3. Note: my133t.org is on 172.13.8.0/24 network
Reference to problem solving steps:
system1andsystem2
[root@system1 Desktop]# firewall-config
Topic 3: Customizing User Environment
Create a custom command qstat on System 1 and system 2, requiring:
1. This custom command will execute the following commands: / bin/ps-Ao pid, tt, user, fname, rsz
2. This command is valid for all users in the system
Reference to problem solving steps:
system1andsystem2
[root@system1 Desktop]# vim /etc/profile [root@system1 Desktop]# source /etc/profile [root@system1 Desktop]# qstat
/ Contents in etc/profile configuration file
alias qstat='/bin/ps -Ao pid,tt,user,fname,rsz'
Chapter 4: Configuring port forwarding
Set up port forwarding in system 1. Require:
1. In the 172.24.8.0/24 network, the local port 5423 accessing system 1 will be forwarded to 80.
2. This setting must be permanent
Reference to problem solving steps:
system1
Chapter 5: Configuring Link Aggregation
A link is set between system 2 and system 1 as follows:
1. This link uses interfaces eth 1 and eth2
2. This link still works when an interface fails.
3. This link in system 1 uses the following address 172.16.3.40/255.255.255.0
4. This link in system 2 uses the following address 172.16.3.45/255.255.255.0
5. This link remains in normal condition after system restart
Reference to problem solving steps:
system1
[root@system1 Desktop]# nm-connection-editor [root@system1 Desktop]# systemctl restart network [root@system1 Desktop]# ping 172.16.3.40 [root@system1 Desktop]# ping 172.16.3.45
system2
[root@system2 Desktop]# nm-connection-editor [root@system2 Desktop]# systemctl restart network [root@system2 Desktop]# ping 172.16.3.45 [root@system2 Desktop]# ping 172.16.3.40
{"runner":{"name":"activebackup"}}
Chapter 6: Configuring IPV6 Address
Setting the interface eth0 on the test system uses the following IPV6 address:
1. The address on System 1 should be 2003:ac18::305/64
2. The address on system 2 should be 2003:ac18::30a/64
3. The two systems must be able to communicate with the system in the network 2003:ac18/64
4. Address must remain in force after restart
5. Both systems must maintain the current IPV4 address and be able to communicate
Reference to problem solving steps:
system1
[root@system1 Desktop]# nm-connection-editor [root@system1 Desktop]# systemctl restart network [root@system1 Desktop]# ping6 2003:ac18::305 [root@system1 Desktop]# ping6 2003:ac18::30a
system2
[root@system2 Desktop]# nm-connection-editor [root@system2 Desktop]# systemctl restart network [root@system2 Desktop]# ping6 2003:ac18::30a [root@system2 Desktop]# ping6 2003:ac18::305
Topic 7: Configuring Local Mail Service
Configuring mail services on system 2 and system 1 requires:
1. These systems do not accept mail sent from outside.
2. Any mail sent locally on these systems is automatically routed to mail.group8.example.com
Emails sent from these systems are displayed from server.group8.example.com
3. You can test your configuration by sending mail to local user dave. System server.group8.example.com has been configured to transfer this user's mail to the URL. http://server.group8.example....
Reference to problem solving steps:
system1andsystem2
[root@system1 Desktop]# vim /etc/postfix/main.cf [root@system1 Desktop]# systemctl restart postfix [root@system1 Desktop]# systemctl enable postfix [root@system1 Desktop]# firewall-cmd --permanent --add-service=smtp [root@system1 Desktop]# firewall-cmd --reload [root@system1 Desktop]# echo "test content" | mail -s "testobject" dave [root@system1 Desktop]# curl http://server.group8.example.com/pub/received_mail/8
98 local_transport = error:local (Need to be added separately) 99 myorigin = server.group8.example.com 314 relayhost = mail.group8.example.com
Chapter 8: Sharing directories through SMB
Configuring SMB services on System 1 requires:
1. Your SMB server must be a member of the STAFF Working Group
2. Share / common directory, share name must be common
3. Only clients in the group8.example.com domain can access common sharing
4.common must be browsable
5. User andy must be able to read the shared content and, if necessary, verify that the password is redhat
Reference to problem solving steps:
system1
[root@system1 Desktop]# yum -y install samba samba-client [root@system1 Desktop]# mkdir /common [root@system1 Desktop]# chcon -R -t samba_share_t /common [root@system1 Desktop]# id andy [root@system1 Desktop]# smbpasswd -a andy [root@system1 Desktop]# vim /etc/samba/smb.conf [root@system1 Desktop]# setsebool -P samba_enable_home_dirs on [root@system1 Desktop]# systemctl restart smb nmb [root@system1 Desktop]# systemctl enable smb nmb [root@system1 Desktop]# firewall-config
Setting up Firewall
[root@system1 Desktop]# firewall-cmd --permanent --add-service=samba [root@system1 Desktop]# firewall-cmd --permanent --add-service=mountd [root@system1 Desktop]# firewall-cmd --reload
Fill in the configuration file
89 workgroup = STAFF 321 [common] 322 path = /common 323 hosts allow = 172.24.8. 324 browseable = yes
Verification:
system2
[root@system2 Desktop]# yum -y install samba-client cifs-utils [root@system2 Desktop]# smbclient -L //172.24.8.11 -U andy
Title 9: Configuring Multiuser SMB Mounting
Share directory / devops through SMB in system 1 and meet the following requirements:
1. Sharing name is devops
2. Shared directory devops can only be used by clients in the group8.example.com domain
3. Shared directory devops must be browsable
4. User silene must be able to access the share in a read way, with the access password redhat
5. User akira must be able to access the share in a read-write manner with the access password redhat
6. This share is permanently mounted in the / mnt/dev directory on system2.group8.example.com, and uses user silene as authentication for any user. Writing permissions can be obtained when user akira arrives.
Reference to problem solving steps:
system1
[root@system1 Desktop]# ls -ald /devops [root@system1 Desktop]# mkdir /devops [root@system1 Desktop]# chmod o+w /devops [root@system1 Desktop]# chcon -R -t samba_share_t /devops [root@system1 Desktop]# id silene [root@system1 Desktop]# smbpasswd -a silene [root@system1 Desktop]# id akira [root@system1 Desktop]# smbpasswd -a akira [root@system1 Desktop]# vim /etc/samba/smb.conf [root@system1 Desktop]# systemctl restart smb nmb
Fill in the configuration file
325 [devops] 326 path = devops 327 hosts allow = 172.24.8. 328 browseable = yes 329 writable = no 330 write list = akira
system2
[root@system2 Desktop]# yum -y install cifs* [root@system2 Desktop]# smbclient -L //172.24.8.11 -U silene [root@system2 Desktop]# smbclient -L //172.24.8.12 -U akira [root@system2 Desktop]# ls -ald /mnt/dev [root@system2 Desktop]# mkdir -p /mnt/dev [root@system2 Desktop]# vim /etc/fstab [root@system2 Desktop]# mount -a [root@system2 Desktop]# df -hT
/ Fill in etc/fstab mount configuration file
//172.24.8.11/devops /mnt/dev cifs defaults,multiuser,username=silene,password=redhat,sec=ntlmssp 0 0
Topic 10: Configuring NFS Services
Configuring NFS services in system 1 requires the following:
1. Share directories / public in a read-only manner, and can only be accessed by systems in the group8.example.com domain
2. Share directories / protected in read-write mode, and can only be accessed by systems in the group8.example.com domain
3. Access / protection needs to be securely encrypted through Kerberos, and you can use the key provided by the following URL
http://server.group8.example....
4. The directory / protected should contain a subdirectory named project owner, human andres
5. User andres can access / protected/project in read-write mode
Reference to problem solving steps:
system1
[root@system1 Desktop]# ls -ald /public [root@system1 Desktop]# mkdir /public [root@system1 Desktop]# ls -ald /protected [root@system1 Desktop]# mkdir -p /protected/project [root@system1 Desktop]# chown andres /protected/project [root@system1 Desktop]# ls -ald /protected/project [root@system1 Desktop]# chcon -R -t public_content_t /public [root@system1 Desktop]# chcon -R -t public_content_t /protected [root@system1 Desktop]# wget -O /etc/krb5.keytab http://server.group8.example.com/pub/keytabs/system1.keytab [root@system1 Desktop]# vim /etc/sysconfig/nfs [root@system1 Desktop]# vim /etc/exports [root@system1 Desktop]# systemctl restart nfs-server nfs-secure-server [root@system1 Desktop]# systemctl enable nfs-server nfs-secure-server [root@system1 Desktop]# firewall-config [root@system1 Desktop]# exportfs -r
/ Contents filled in the etc/sysconfig/nfs configuration file
13 RPCNFSDARGS="-V 4.2"
/ Fill in the etc/exports configuration file
1 /public 172.24.8.0/24(ro) 2 /protected 172.24.8.0/24(rw,sec=krb5p)
Setting up Firewall
[root@system1 Desktop]# firewall-cmd --permanent --add-service=nfs [root@system1 Desktop]# firewall-cmd --permanent --add-service=rpc-bind [root@system1 Desktop]# firewall-cmd --reload
Topic 11: Mounting an NFS Share
Mount an NFS share from system1.group8.example.com on system 2 and meet the following requirements:
1./public is mounted in the following directory / mnt/nfsmount
2./protected is mounted in the following directory / mnt/nfssecure and used in a secure way. The Key Download URL is as follows: http://server.group8.example....
3. User andres can create files on / mnt/nfssecure/project
4. These file systems are automatically mounted at system startup
Reference to problem solving steps:
system2
[root@system2 Desktop]# showmount -e 172.24.8.11 [root@system2 Desktop]# systemctl restart nfs-secure [root@system2 Desktop]# systemctl enable nfs-secure [root@system2 Desktop]# ls -ald /mnt/nfsmount [root@system2 Desktop]# mkdir -p /mnt/nfsmount [root@system2 Desktop]# ls -ald /mnt/nfssecure [root@system2 Desktop]# mkdir -p /mnt/nfssecure [root@system2 Desktop]# wget -O /etc/krb5.keytab http://server.group8.example.com/pub/keytabs/system2.keytab [root@system2 Desktop]# vim /etc/fstab [root@system2 Desktop]# mount -a [root@system2 Desktop]# df -hT
/ etc/fstab Mount Configuration Fill
172.24.8.11:/public /mnt/nfsmount nfs defaults 0 0 172.24.8.11:/protected /mnt/nfssecure nfs defaults,sec=krb5p,v4.2 0 0
Topic 12: Implementing a web Server
Configure a site on System 1 http://system1.group8.example... Then perform the following steps:
1. from http://server.group8.example.... Download the file and rename it index.html. Do not modify the contents of this file
2. Copy the file index.html to the Document Root directory of your web server
3. Clients from the group8.example.com domain can access this web service
4. Clients from my133t.org domain refuse to access this web service
Reference to problem solving steps:
system1
[root@system1 Desktop]# yum -y install httpd [root@system1 Desktop]# cp /usr/share/doc/httpd-2.4.6/httpd-vhosts.conf /etc/httpd/conf.d/ [root@system1 Desktop]# cd /var/www/html [root@system1 html]# wget -O index.html http://server.group8.example.com/pub/system1.html [root@system1 html]# vim /etc/httpd/conf.d/httpd-vhosts.conf [root@system1 html]# systemctl restart httpd [root@system1 html]# systemctl enable httpd [root@system1 html]# firewall-config
/ What should be written in the etc/httpd/conf.d/httpd-vhosts.conf website configuration file
<VirtualHost *:80> DocumentRoot "/var/www/html" ServerName system1.group8.example.com </VirtualHost>
Chapter 13: Configuring Secure web Services
Site for http://system1.group8.example... Configure TLS encryption:
1. A signed certificate from http://server.group8.example.... Obtain
2. The key of this certificate is from http://server.group8.example.... Obtain
3. The signature authorization information of this certificate is from http://server.group8.example.... Obtain
Reference to problem solving steps:
system1
[root@system1 Desktop]# yum -y install mod_ssl [root@system1 Desktop]# cd /var/www/html [root@system1 html]# wget http://server.group8.example.com/pub/tls/certs/system1.crt [root@system1 html]# wget http://server.group8.example.com/pub/tls/private/system1.key [root@system1 html]# wget http://server.group8.example.com/pub/tls/certs/ssl-ca.crt [root@system1 html]# Vim/etc/httpd/conf.d/ssl.conf (configuration file for reference) [root@system1 html]# vim /etc/httpd/conf.d/httpd-vhosts.conf [root@system1 html]# setsebool -P httpd_read_user_content=on [root@system1 html]# systemctl restart httpd
/ What should be written in the etc/httpd/conf.d/httpd-vhosts.conf website configuration file
<VirtualHost *:443> SSLEngine on SSLProtocol all -SSLv2 SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5 SSLHonorCipherOrder on DocumentRoot "/var/www/html" ServerName system1.group8.example.com SSLCertificateFile /var/www/html/system1.crt SSLCertificateKeyFile /var/www/html/system1.key SSLCACertificateFile /var/www/html/ssl-ca.crt </VirtualHost>
Question 14: Configuring Virtual Hosts
Expand your web server on System 1 to be a site http://www8.group8.example.com Create a virtual host and then perform the following steps:
1. Set DocumentRoot to / var/www/virtual
2. from http://server.group8.example.... Download the file renamed index.html, do not make any changes to the content of the file index.html
3. Place the file index.html in the Document Root directory of the virtual host
4. Ensure andy users can create files in the / var/www/virtual directory
Note: The original site http://system1.group8.example... Must still be accessible. Name server server server server.group8.example.com already provides domain name resolution for host name ww8. group8. example. com
Reference to problem solving steps:
system1
[root@system1 Desktop]# mkdir /var/www/virtual [root@system1 Desktop]# cd /var/www/virtual [root@system1 virtual]# getfacl /var/www/virtual [root@system1 virtual]# setfacl -Rm u:andy:rwx /var/www/virtual [root@system1 virtual]# getfacl /var/www/virtual [root@system1 virtual]# wget -O index.html http://server.group8.example.com/pub/www8.html [root@system1 virtual]# vim /etc/httpd/conf.d/httpd-vhosts.conf [root@system1 virtual]# systemctl restart httpd
/ Fill in the etc/httpd/conf.d/httpd-vhosts.conf configuration file
<VirtualHost *:80> DocumentRoot "/var/www/virtual" ServerName www8.group8.example.com </VirtualHost>
Chapter 15: Configuring access to web content
Under the Document Root directory of the web server on your system 1, create a directory named private, which requires the following:
1. from http://server.group8.example.... Download a copy of the file to this directory and rename it index.html
2. Don't make any changes to the contents of this document.
3. From system 1, anyone can browse private content, but from other systems can not access the contents of this directory.
Reference to problem solving steps:
system1
[root@system1 virtual]# cd /var/www/html [root@system1 html]# mkdir private [root@system1 html]# cd private/ [root@system1 private]# wget -O index.html http://server.group8.example.com/pub/private.html [root@system1 private]# Vim/etc/httpd/conf/httpd.conf (configuration file for reference) [root@system1 private]# vim /etc/httpd/conf.d/httpd-vhosts.conf [root@system1 private]# systemctl restart httpd
/ Fill in the etc/httpd/conf.d/httpd-vhosts.conf configuration file
<Directory "/var/www/html/private"> AllowOverride none Require all denied Require local </Directory>
Chapter 16: Implementing Dynamic WEB Content
Configuring dynamic web content on System 1 requires:
1. Dynamic content is provided by a virtual host named wsgi.group8.example.com
2. Virtual host listens on port 8909
3. from http://server.group8.example.... Download a script and place it in the right place without requiring any changes to the contents of the file.
4. Client access http://wsgi.group8.example.com At 8909/h, you should receive dynamically generated web pages
5. this http://wsgi.group8.example.com 8909/Must be accessible to all systems in the group8.example.com domain
Reference to problem solving steps:
system1
[root@system1 private]# cd /var/www/html [root@system1 html]# yum -y install mod_wsgi [root@system1 html]# wget http://server.group8.example.com/pub/webinfo.wsgi [root@system1 html]# vim /etc/httpd/conf.d/httpd-vhosts.conf [root@system1 html]# semanage port -a -t http_port_t -p tcp 8909 [root@system1 html]# systemctl restart httpd
/ Fill in the etc/httpd/conf.d/httpd-vhosts.conf configuration file
listen 8909 <VirtualHost *:8909> WSGIScriptAlias / /var/www/html/webinfo.wsgi ServerName wsgi.group8.example.com </VirtualHost>
Question 17: Create a script
Create a script named / root/foo.sh on System 1 to provide the following features:
1. When running / root/foo.sh redhat, the output is fedora
2. When running / root/foo.sh fedora, the output is redhat
3. When there is no parameter or parameter is not redhat or fedora, its error output produces the following information:
/root/foo.sh redhat | fedora
Reference to problem solving steps:
system1
[root@system1 html]# cd ~ [root@system1 ~]# vim /root/foo.sh [root@system1 ~]# chmod a+x /root/foo.sh
/ What needs to be filled in in the root/foo.sh file
case $1 in redhat) echo 'fedora' ;; fedora) echo 'redhat' ;; *) echo '/root/foo.sh redhat | fedora' ;; esac
Question 18: Create a script to add users
Create a script named / root/batchusers on system 1. This script can create local users for system 1, and the user names of these users come from a file containing a list of user names, meeting the following requirements:
1. This script requires a parameter, which is a file containing a list of user names.
2. If no parameters are provided, the script should give the following prompt information Usage: / root / batchusers user file and exit and return the corresponding value.
3. If a non-existent filename is provided, the script should give the following prompt: Input file not found, then exit and return the corresponding value.
4. The user login shell created is / bin/false
5. This script does not need to set passwords for users
6. You can get a list of usernames from the following URL for testing http://server.group8.example....
Reference to problem solving steps:
system1
[root@system1 ~]# cd ~ [root@system1 ~]# wget http://server.group8.example.com/pub/userlist [root@system1 ~]# more userlist [root@system1 ~]# vim /root/batchusers [root@system1 ~]# chmod a+x /root/batchusers
/ Contents to be filled in in the root/batchusers file
if [ $# -eq 0 ];then echo 'Usage: /root/batchusers userfile' exit 1 fi if [ ! -f $1 ];then echo 'Input file not found' exit 1 fi while read line do useradd -s /bin/false $line done < $1
Question 19: Configuring ISCSI Server
Configure system 1 to provide an ISCSI service disk named iqn.2014-08.com.example.group8: system 1 and meet the following requirements:
1. Service port 3260
2. Use iscsi_store as the name of its back-end logical volume, which is 3G in size.
3. This service can only be accessed by system 2.group8.example.com
Reference to problem solving steps:
system1
[root@system1 ~]# yum -y install target* [root@system1 ~]# ls -ald /dev/sd* [root@system1 ~]# fdisk /dev/sda [root@system1 ~]# partprobe [root@system1 ~]# partprobe [root@system1 ~]# ls -ald /dev/sd* [root@system1 ~]# pvcreate /dev/sda3 [root@system1 ~]# vgcreate rhce /dev/sda3 [root@system1 ~]# lvcreate -l 100%VG -n iscsi_store rhce [root@system1 ~]# lvscan [root@system1 ~]# targetcli [root@system1 ~]# systemctl restart target [root@system1 ~]# systemctl enable target [root@system1 ~]# firewall-config
The targetcli configuration command is as follows
/> ls /> cd /backstores/block /backstores/block> create disk0 /dev/rhce/iscsi_store /backstores/block> cd /iscsi /iscsi> ls /iscsi> create iqn.2014-08.com.example.group8:system1 /iscsi> ls /iscsi> cd iqn.2014-08.com.example.group8:system1/tpg1/acls /iscsi/iqn.20...em1/tpg1/acls> create iqn.2014-08.com.example.group8:system2 /iscsi/iqn.20...em1/tpg1/acls> cd ../luns /iscsi/iqn.20...em1/tpg1/luns> create /backstores/block/disk0 /iscsi/iqn.20...em1/tpg1/luns> cd ../portals/ /iscsi/iqn.20.../tpg1/portals> create 172.24.8.11 3260 /iscsi/iqn.20.../tpg1/portals> ls /iscsi/iqn.20.../tpg1/portals> delete 0.0.0.0 3260 /iscsi/iqn.20.../tpg1/portals> create 172.24.8.11 3260 /iscsi/iqn.20.../tpg1/portals> ls /iscsi/iqn.20.../tpg1/portals> exit
Topic 20: Configuring iSCISI clients
Configure system 2 to connect to iqn. 2014-08. com. example. group 8: system 1 provided on System 1 and meet the following requirements:
1.iSCISI device loads automatically during system startup
2. The block device iSCISI contains a partition with a size of 2100 MiB and is formatted as ext4
3. This partition is mounted on / mnt/data and automatically mounted during system startup
Reference to problem solving steps:
system2
[root@system2 Desktop]# yum -y install iscsi-* [root@system2 Desktop]# vim /etc/iscsi/initiatorname.iscsi [root@system2 Desktop]# systemctl restart iscsi iscsid [root@system2 Desktop]# systemctl enable iscsi iscsid [root@system2 Desktop]# lsblk [root@system2 Desktop]# iscsiadm -m discovery -t st -p 172.24.8.11 [root@system2 Desktop]# iscsiadm -m node -T iqn.2014-08.com.example.group8:system1 -l [root@system2 Desktop]# lsblk [root@system2 Desktop]# ls -ald /dev/sd* [root@system2 Desktop]# fdisk /dev/sdb [root@system2 Desktop]# ls -ald /dev/sd* [root@system2 Desktop]# mkfs (press type twice in a row) [root@system2 Desktop]# mkfs.ext4 /dev/sdb1 [root@system2 Desktop]# blkid /dev/sdb1 [root@system2 Desktop]# ls -ald /mnt/data [root@system2 Desktop]# mkdir -p /mnt/data [root@system2 Desktop]# vim /etc/fstab [root@system2 Desktop]# mount -a [root@system2 Desktop]# df -hT
/ The contents of the etc/iscsi/initiatorname.iscsi configuration file are as follows
InitiatorName=iqn.2014-08.com.example.group8:system2
/ The etc/fstab mount configuration file is as follows
UUID="82e0d1be-f690-45e2-8dfc-7aa548df3fff" /mnt/data ext4 defaults,_netdev 0 0
Question 21: Configuring a database
Create a Maria DB database named Contacts on system 1, requiring:
1. The database should contain content replicated from the database. The URL of the replicated file is http://server.group8.example.... The database can only be accessed by localhost
2. Except for root user, this database can only be queried by user Mary, whose password is redhat.
3. The root user's database password is redhat, and no empty password is allowed to log in.
Reference to problem solving steps:
system1
[root@system1 ~]# yum -y install mariadb mariadb-client mariadb-server [root@system1 ~]# wget http://server.group8.example.com/pub/users.mdb [root@system1 ~]# vim /etc/my.cnf [root@system1 ~]# systemctl restart mariadb [root@system1 ~]# systemctl enable mariadb [root@system1 ~]# mysql_secure_installation (all interface options y) [root@system1 ~]# mysql -u root -p
19 skip-networking=1 (please add it yourself)
The commands used to enter the MariaDB database are as follows
MariaDB [(none)]> show databases; MariaDB [(none)]> create database Contacts; MariaDB [(none)]> use Contacts; MariaDB [Contacts]> source users.mdb; MariaDB [Contacts]> show tables; MariaDB [Contacts]> grant select on Contacts.* to Mary@'localhost' identified by 'redhat'; MariaDB [Contacts]> exit
Question 21: Database query
Use database Contacts on System 1 and use corresponding SQL queries to answer the following questions:
1. What is the name of the person whose password is fadora?
2. How many people are named John and live in Santa Clara?
Paste the sql statement directly as follows, for reference only. The variables here are still very large during the exam. It is recommended that you don't memorize them by rote.
select n.firstname,n.lastname from u_name as n left join u_passwd as p where n.userid = p.uid and p.password = 'fedora'; select count(*) from u_name as n left join u_loc as l where n.userid = l.uid and n.firstname = 'John' and l.location = 'Santa Clara';