视频学习记录和规划day11

Posted 2020-09-22

tags:

篇首语：本文由小常识网(cha138.com)小编为大家整理，主要介绍了视频学习记录和规划day11相关的知识，希望对你有一定的参考价值。

规划：

2017-5-15 周一第五章 1.5h+第六章前1h

2017-5-16 周二第六章 2h

2017-5-17 周三第七章 2h

2017-5-18 周四第八章 2h

2017-5-19 周五第九章 2.5h

2017-5-20 周六第十章 2.5h 赠章 saltsack

服务端nfs：

[[email protected] ~]# cat /var/lib/nfs/etab

/data1 10.0.0.0/24(rw,sync,wdelay,hide,nocrossmnt,secure,root_squash,all_squash,no_subtree_check,secure_locks,acl,anonuid=888,anongid=888,sec=sys,rw,root_squash,all_squash)

/data 10.0.0.0/24(rw,sync,wdelay,hide,nocrossmnt,secure,root_squash,no_all_squash,no_subtree_check,secure_locks,acl,anonuid=65534,anongid=65534,sec=sys,rw,root_squash,no_all_squash)

客户端backup：

[[email protected] ~]# cat /proc/mounts

rootfs / rootfs rw 0 0

proc /proc proc rw,relatime 0 0

sysfs /sys sysfs rw,relatime 0 0

devtmpfs /dev devtmpfs rw,relatime,size=495304k,nr_inodes=123826,mode=755 0 0

devpts /dev/pts devpts rw,relatime,gid=5,mode=620,ptmxmode=000 0 0

tmpfs /dev/shm tmpfs rw,relatime 0 0

/dev/sda3 / ext4 rw,relatime,barrier=1,data=ordered 0 0

/proc/bus/usb /proc/bus/usb usbfs rw,relatime 0 0

/dev/sda1 /boot ext4 rw,relatime,barrier=1,data=ordered 0 0

none /proc/sys/fs/binfmt_misc binfmt_misc rw,relatime 0 0

sunrpc /var/lib/nfs/rpc_pipefs rpc_pipefs rw,relatime 0 0

10.0.0.31:/data1/ /opt nfs4 rw,relatime,vers=4,rsize=131072,wsize=131072,namlen=255,hard,proto=tcp,port=0,timeo=600,retrans=2,sec=sys,clientaddr=10.0.0.41,minorversion=0,local_lock=none,addr=10.0.0.31 0 0

10.0.0.31:/data/ /mnt nfs4 rw,relatime,vers=4,rsize=131072,wsize=131072,namlen=255,hard,proto=tcp,port=0,timeo=600,retrans=2,sec=sys,clientaddr=10.0.0.41,minorversion=0,local_lock=none,addr=10.0.0.31 0 0

强制卸载 umount -lf /mnt

防止nfs被人挂马执行suid和exec

网络文件系统的挂载还是有很多优化项目的：

其实默认情况下 centos6的默认挂载已经很优秀了

2017-5-16 21:31-

优缺点一定要会说，面试就问这个！

[[email protected] ~]# exportfs -o rw,sync 10.0.0.0/24:/oldboy #直接提供共享

[[email protected] ~]#

[[email protected] ~]# showmount -e 127.1

Export list for 127.1:

/oldboy 10.0.0.0/24

/data1 10.0.0.0/24

/data 10.0.0.0/24

共享存储实时备份（共享存储的单点解决方案）：

之前的

实时同步的基本原理：

inotify的安装必须加载第三方源才能安装：

[[email protected] ~]# wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo

--2017-05-16 23:13:36-- http://mirrors.aliyun.com/repo/epel-6.repo

正在解析主机 mirrors.aliyun.com... 112.124.140.210, 115.28.122.210

正在连接 mirrors.aliyun.com|112.124.140.210|:80... 已连接。

已发出 HTTP 请求，正在等待回应... 200 OK

长度：1083 (1.1K) [application/octet-stream]

正在保存至: “/etc/yum.repos.d/epel.repo”

100%[=========================================>] 1,083 --.-K/s in 0s

2017-05-16 23:13:37 (59.5 MB/s) - 已保存 “/etc/yum.repos.d/epel.repo” [1083/1083])

[[email protected] ~]# yum -y install inotify-tools

已安装:

inotify-tools.x86_64 0:3.14-1.el6

完毕！

[[email protected] ~]# which inotifywait

/usr/bin/inotifywait

[[email protected] ~]# /usr/bin/inotifywait --help

事件如下：

Events:

access file or directory contents were read

modify file or directory contents were written

attrib file or directory attributes changed

close_write file or directory closed, after being opened in

writeable mode

close_nowrite file or directory closed, after being opened in

read-only mode

close file or directory closed, regardless of read/write mode

open file or directory opened

moved_to file or directory moved to watched directory

moved_from file or directory moved from watched directory

move file or directory moved to or from watched directory

create file or directory created within watched directory

delete file or directory deleted within watched directory

delete_self file or directory was deleted

unmount file system containing file or directory unmounted

成功实现实时推送：

[[email protected] scripts]# cat inotify.sh

#!/bin/sh

/usr/bin/inotifywait -mrq --format ‘%w%f‘ -e close_write,delete /data \

|while read file

cd /data &&\

rsync -az ./ --delete [email protected]::nfsbackup --password-file=/etc/rsync.password

done

2017-5-17 21:49-

[[email protected] scripts]# cd /proc/sys/fs/inotify

[[email protected] inotify]# ll

总用量 0

-rw-r--r-- 1 root root 0 2017-05-17 22:49 max_queued_events

-rw-r--r-- 1 root root 0 2017-05-17 22:49 max_user_instances

-rw-r--r-- 1 root root 0 2017-05-17 22:49 max_user_watches

[[email protected] inotify]# cat max*

16384

128

8192

重启会失效所以需要放到/etc/rc.local里面在特别大的并发量的时候可以进行此项优化

#!/bin/sh

Path=/data

IP=172.16.1.41

/usr/bin/inotifywait -mrq --format ‘%w%f‘ -e close_write,delete $Path \

|while read file

if [ -f $file ];then

rsync -az $file --delete [email protected]$IP::nfsbackup \

--password-file=/etc/rsync.password &

else

cd $Path

rsync -az ./ --delete [email protected]$IP::nfsbackup \

--password-file=/etc/rsync.password &

done

SERSYNC

conf/confxml.xml的配置如下：

2017-5-18 19:18-

可以看笔记但是需要自己重新做一遍这个图

一键创建rsync服务端和客户端 tar rsync mail和del等全网备份项目实操

20170519 11:36-

更换yum源（可以放到基础优化项目去）

制作一键脚本的时候注意把如果以后可能会更改的内容全部变量化，这样以后修改也方便！

date +%w 显示周几

创建nfs 服务端：

[[email protected] ~]# rpm -qa openssh openssl

openssl-1.0.1e-48.el6.x86_64 #加密

openssh-5.3p1-117.el6.x86_64 #连接

/etc/ssh/sshd_config 服务端配置文件

/etc/ssh/ssh_config 客户端配置文件

vim /etc/ssh/sshd_conf

http://edu.51cto.com/index.php?do=lesson&id=102765 鸡血哥关于期中架构搭建分享：

web服务器安装blog和论坛用来验证 keepalived的效果（反正就是安装不同的web来验证效果）

传送公钥到指定服务器：

实操：

[[email protected] ~]$ ssh-keygen -t dsa #生成公钥密钥对

Generating public/private dsa key pair.

Enter file in which to save the key (/home/oldboy/.ssh/id_dsa):

Created directory ‘/home/oldboy/.ssh‘.

Enter passphrase (empty for no passphrase): #回车

Enter same passphrase again: #回车

Your identification has been saved in /home/oldboy/.ssh/id_dsa.

Your public key has been saved in /home/oldboy/.ssh/id_dsa.pub.

The key fingerprint is:

ea:7b:3a:ff:c6:4d:9c:e2:0e:c3:00:5e:08:28:1b:34 [email protected]

The key‘s randomart image is:

+--[ DSA 1024]----+

|.E. |

|+ .. . |

|.o o . |

|. . o |

| . . S . . |

| + . + |

| . +o + |

| .. .o+ . |

| +*.+o |

+-----------------+

[[email protected] ~]$ ll .ssh/ #查看已经生成钥匙和锁 ==========> 密钥和公钥

总用量 8

-rw------- 1 oldboy oldboy 668 2017-05-20 15:17 id_dsa

-rw-r--r-- 1 oldboy oldboy 600 2017-05-20 15:17 id_dsa.pub

[[email protected] ~]$ ssh-copy-id -i .ssh/id_dsa.pub [email protected] #传递公钥到指定服务器

The authenticity of host ‘172.16.1.31 (172.16.1.31)‘ can‘t be established.

RSA key fingerprint is 29:d1:99:b7:4e:af:2b:cb:4e:66:2e:93:72:68:64:82.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added ‘172.16.1.31‘ (RSA) to the list of known hosts.

[email protected]‘s password:

Now try logging into the machine, with "ssh ‘[email protected]‘", and check in:

.ssh/authorized_keys

to make sure we haven‘t added extra keys that you weren‘t expecting.

[[email protected] ~]$ ssh [email protected] /sbin/ifconfig eth1 #成功执行命令

eth1 Link encap:Ethernet HWaddr 00:50:56:2D:E2:7B

inet addr:172.16.1.8 Bcast:172.16.255.255 Mask:255.255.0.0

inet6 addr: fe80::250:56ff:fe2d:e27b/64 Scope:Link

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

RX packets:87 errors:0 dropped:0 overruns:0 frame:0

TX packets:87 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:1000

RX bytes:17820 (17.4 KiB) TX bytes:17212 (16.8 KiB)

小结：

[[email protected] ~]$ ssh [email protected] /bin/cat /etc/redhat-release

CentOS release 6.8 (Final)

[[email protected] ~]$ ssh [email protected] /bin/uname -r

2.6.32-642.el6.x86_64

[[email protected] ~]$ ssh [email protected] /bin/hostname

web01

[[email protected] ~]$ ssh [email protected] /bin/uname -n

web01

[[email protected] ~]$ scp /etc/hosts [email protected]:~

hosts 100% 321 0.3KB/s 00:00

[[email protected] ~]$ ssh oldb[email protected] rsync ~/hosts /etc/hosts #该加粗命令执行的都是服务器上面的数据 注意看后面的主机名不同哦

rsync: mkstemp "/etc/.hosts.D8i6zU" failed: Permission denied (13)

rsync error: some files/attrs were not transferred (see previous errors) (code 23) at main.c(1039) [sender=3.0.6]

[[email protected] ~]# chmod u+s `which rsync`

[[email protected] ~]# ll `which rsync`

-rwsr-xr-x 1 root root 410536 2014-04-30 21:06 /usr/bin/rsync

[[email protected] ~]$ ssh [email protected] rsync ~/hosts /etc/hosts

[[email protected] ~]# chmod u+s `which rsync`

[[email protected] ~]# ll `which rsync`

-rwsr-xr-x 1 root root 410536 2014-04-30 21:06 /usr/bin/rsync #这个方法算是第三种方法把！挺危险的！

[[email protected] ~]# ll /etc/hosts

-rw-r--r-- 1 root root 321 2017-05-20 15:42 /etc/hosts

[[email protected] ~]$ scp /etc/hosts [email protected]:~

hosts 100% 321 0.3KB/s 00:00

[[email protected] ~]$ ssh -t [email protected] sudo rsync ~/hosts /etc/hosts

Connection to 172.16.1.8 closed.

[[email protected] ~]# ll /etc/hosts

-rw-r--r-- 1 root root 321 2017-05-20 16:19 /etc/hosts #方法实现成功

批量分发：

[[email protected] ~]$ sudo vim /etc/hosts

[[email protected] ~]$ sh fenfa.sh

hosts 100% 394 0.4KB/s 00:00

Connection to 172.16.1.8 closed.

hosts 100% 394 0.4KB/s 00:00

Connection to 172.16.1.31 closed.

hosts 100% 394 0.4KB/s 00:00

Connection to 172.16.1.41 closed.

[[email protected] ~]$ cat fenfa.sh

scp /etc/hosts [email protected]:~

ssh -t [email protected] sudo rsync ~/hosts /etc/hosts

scp /etc/hosts [email protected]:~

ssh -t [email protected] sudo rsync ~/hosts /etc/hosts

scp /etc/hosts [email protected]:~

ssh -t [email protected] sudo rsync ~/hosts /etc/hosts

[[email protected] ~]$ sudo vim /etc/hosts

验证：

[[email protected] ~]# ll /etc/hosts

-rw-r--r-- 1 root root 394 2017-05-20 16:38 /etc/hosts

[[email protected] ~]# cat /etc/hosts

127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4

::1 localhost localhost.localdomain localhost6 localhost6.localdomain6

172.16.1.5 lb01

172.16.1.6 lb02

172.16.1.7 web02

172.16.1.8 web01

172.16.1.31 nfs01

172.16.1.41 backup

172.16.1.51 db01 db01.etiantian.org

172.16.1.61 m01

#######################2017年5月20日 16:37:15########################

[[email protected] ~]$ scp -P22 ~/hosts [email protected]:~ #scp指定端口是大写的P

hosts 100% 349 0.3KB/s 00:00

[[email protected] ~]$ ssh -p22 [email protected] -t sudo rsync ~/hosts /etc/hosts #ssh指定端口是小写的p

Connection to 172.16.1.8 closed.

最安全的跳板机模型：

批量分发脚本的改进：

[[email protected] ~]$ cat fenfa.sh

#!/bin/sh

./etc/init.d/functions #.和/之间必须有一个英文空格为啥呢？

for n in 8 31 41

scp ~/hosts [email protected]$n:~ &>/dev/null &&\

ssh -t [email protected]$n sudo rsync ~/hosts /etc/hosts &>/dev/null

if [ $? -eq 0 ];then

action "fenfa hosts 172.16.1.$n" /bin/true

else

action "fenfa hosts 172.16.1.$n" /bin/false

done

[[email protected] ~]$ sh fenfa.sh

fenfa hosts 172.16.1.8 [确定]

fenfa hosts 172.16.1.31 [确定]

fenfa hosts 172.16.1.41 [确定]

批量分发任意脚本到任意位置：

[[email protected] ~]$ sh fenfa.sh hosts /root

fenfa hosts 172.16.1.8 [确定]

fenfa hosts 172.16.1.31 [确定]

fenfa hosts 172.16.1.41 [确定]

[[email protected] ~]$ cat fenfa.sh

#!/bin/sh

if [ $# -ne 2 ];then #传参

echo "USAGE:/bin/sh $0 {ARG1 ARG2}"

exit 1

. /etc/init.d/functions

for n in 8 31 41

scp ~/$1 [email protected]$n:~ &>/dev/null &&\

ssh -t [email protected]$n sudo rsync ~/$1 $2 &>/dev/null

if [ $? -eq 0 ];then

action "fenfa hosts 172.16.1.$n" /bin/true

else

action "fenfa hosts 172.16.1.$n" /bin/false

done

继续使用传参玩耍

[[email protected] ~]$ cat viewip.sh

#!/bin/sh

if [ $# -ne 1 ];then

echo "USAGE:/bin/sh $0 ARG1"

exit 1

for n in 8 31 41

echo "=======172.16.1.$n========"

ssh -p22 [email protected]$n "$1"

done

[[email protected] ~]$

[[email protected] ~]$ sh viewip.sh "/bin/cat /etc/redhat-release" #双引号就相当于一个参数

=======172.16.1.8========

CentOS release 6.8 (Final)

=======172.16.1.31========

CentOS release 6.8 (Final)

=======172.16.1.41========

CentOS release 6.8 (Final)

非交互式功能： expect

实践：

准备工作：

目录如下：

cat fenfa_sshkey.exp #注意统一用户老男孩老师的视频未能一键成功就是用户不对

vim auto.sh

或者：

总结：

我写的一键批量分发脚本源码：

[[email protected] ~]$ vim fenfa_sshkey.exp

#!/usr/bin/expect

if { $argc != 2 } {

send_user "usage: expect fenfa_sshkey.exp file host\n"

exit

}

#defile var

set file [lindex $argv 0]

set host [lindex $argv 1]

set password "123456"

spawn ssh-copy-id -i $file $host

expect {

"yes/no" {send "yes\r";exp_continue}

"*password" {send "$password\r"}

}

expect eof

exit -onexit {

send_user "oldboy888 say good bye to you!\n"

}

#scripts userage

#usage: expect fenfa_sshkey.exp file host

#example

#expect fenfa_sshkey.exp file host

#expect fenfa_sshkey.exp ~/scripts 172.16.1.8

[[email protected] ~]$ vim auto_deploy.sh

#!/bin/sh

. /etc/init.d/functions

###1.create key

ssh-keygen -t dsa -P ‘‘ -f ~/.ssh/id_dsa &>/dev/null

if [ $? -eq 0 ];then

action "create dsa $ip" /bin/true

else

action "create dsa $ip" /bin/false

exit 1

###2.fenfa key

for ip in 8 31 41

expect fenfa_sshkey.exp ~/.ssh/id_dsa.pub 172.16.1.$ip &>/dev/null

if [ $? -eq 0 ];then

action "$ip" /bin/true

else

action "$ip" /bin/false

done

###3.scp scripts

for n in 8 31 41

scp -P 22 -rp ~/scripts [email protected]$n:~

done

###4.install service

for m in 8 31 41

ssh -t -p 22 [email protected]$m sudo bash ~/scripts/install.sh

done

http://blog.itpub.net/27042095/viewspace-745589/ expect相关用法的参考

以上是关于视频学习记录和规划day11的主要内容，如果未能解决你的问题，请参考以下文章