第三周作业
1. yum私有仓库的实现及博客输出
- 下载yum仓库相关包和元数据
- yum 服务端配置
dnf reposync --repoid=REPOID --download=metadata -p /path #centos8 reposync --repoid=REPOID --download=metadata -p /path #centos7以前的版本 #下载yum仓库的相关包与元数据 dnf reposync --repoid=BaseOS --download-metadata -p /data dnf reposync --repoid=AppStream --download-metadata -p /data dnf reposync --repoid=epel --download-metadata -p /data dnf reposync --repoid=extras --download-metadata -p /data dnf install httpd -y systemctl start httpd cp -a /data/* /var/www/html/centos8/ #当没有meta数据时需要执行 dnf install createrepo -y createrepo /path/repoid - yum客户端配置
-
[仓库id] name=仓库名称 baseurl=file:// 本地路径 http:// https:// ftp:// enabled={0|1} 0激活,1关闭 gpgcheck={0|1} 安装包校验,0不检验,1检验时必须有gpgkey gpgkey=URL
mkdir -p /etc/yum.repos.d/backup
mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/backup
cat > /etc/yum.repos.d/base.repo <<EOF
[BaseOS]
name=base
baseurl=file:///misc/cd/BaseOS
https://mirror.tuna.tsinghua.edu.cn/centos/\$releasever/BaseOS/\$basearch/os/
https://mirrors.huaweicloud.com/centos/\$releasever/BaseOS/\$basearch/os/
https://mirrors.cloud.tencent.com/centos/\$releasever/BaseOS/\$basearch/os/
https://mirrors.aliyun.com/centos/\$releasever/BaseOS/\$basearch/os/
http://192.168.180.128/centos8/BaseOS/
gpgcheck=0
[AppStream]
name=AppStream
baseurl=file:///misc/cd/AppStream
https://mirror.tuna.tsinghua.edu.cn/centos/\$releasever/AppStream/\$basearch/os/
https://mirrors.huaweicloud.com/centos/\$releasever/AppStream/\$basearch/os/
https://mirrors.cloud.tencent.com/centos/\$releasever/AppStream/\$basearch/os/
https://mirrors.aliyun.com/centos/\$releasever/AppStream/\$basearch/os/
gpgcheck=0
[epel]
name=EPEL
baseurl=https://mirror.tuna.tsinghua.edu.cn/epel/\$releasever/Everything/\$basearch
https://mirrors.cloud.tencent.com/epel/\$releasever/Everything/\$basearch
https://mirrors.huaweicloud.com/epel/\$releasever/Everything/\$basearch
https://mirrors.aliyun.com/epel/\$releasever/Everything/\$basearch
gpgcheck=0
[extras]
name=extras
baseurl=https://mirror.tuna.tsinghua.edu.cn/centos/\$releasever/extras/\$basearch/os
https://mirrors.cloud.tencent.com/centos/\$releasever/extras/\$basearch/os
https://mirrors.huaweicloud.com/centos/\$releasever/extras/\$basearch/os
https://mirrors.aliyun.com/centos/\$releasever/extras/\$basearch/os
gpgcheck=0
enabled=1
EOF
2. 阅读《图解TCP/IP》一书,地址:https://leon-wtf.github.io/doc/%E5%9B%BE%E8%A7%A3TCPIP.pdf,有时间的可以写下读书笔记(选做)
3。画图 TCP协议和三次握手及四次挥手,可以参考别人的,但是需要自己画一次
- URG:表示本报文段中发送的是否包含紧急数据,只有当URG=1,紧急指针段才能生效
- ACK:表示是否前面的确认号有效,只有当ACK=1时,前面的确认号才有效,TCP规定,建立连接后,ACK必须为1,带ACK标识的TCP报文段称为确认报文段
- PSH:提示接收端应用程序应该立即从TCP接受缓冲区读走数据,为接受后面的数据腾出空间
- RST:RST=1时,表示主机连接中断,必须释放连接,重新建立连接
- SYN:在建立连接时,用来同步序号,当SYN=1,ACK=0时,表示一个请求建立连接的报文段;当SYN=1,ACK=1时,表示同意建立连接
- FIN:表示通知对方要关闭连接,标记数据是否发送完毕。如果FIN=1,表示我的数据已发送完毕,你可以关闭连接了
- 三次握手
- A给B发送同步请求,SYN-1,A的seq为x,A处于同步发送状态
- 当B收到A的同步请求后,给A回复ack确认,ACK=1,B的seq为y,希望A下次发送x+1,B处于同步SYN-RECV
- A收到B的SYN和ack确认请求后,向B发送ack确认请求,B收到A回复的ack 确认,表示成功建立连接,可以进行数据传输了
- 四次挥手
- 当A(或者B)数据传输完成了,发起关闭请求FIN=1,seq=u,进入FIN-WAIT1 状态
- B收到A的请求后,立即给A回复一个ack确认,进入close-wait状态
- 当B数据传输完成后,再给A发送FIN=1关闭请求,进入LAST-ACK状态
- A收到B的关闭请求后,给B回复一个确认ack,进入关闭等待状态,B收到A的确认ack,进入关闭状态
- A等待2倍MSL(报文段在网络中的最大生存时间)后关闭连接,防止数据丢失
4. 静态配置网卡IP,centos/ubuntu实现
set_eth(){
sed -i.bak '/GRUB_CMDLINE_LINUX=/s#"$# net.ifnames=0"#' /etc/default/grub
grub2-mkconfig -o /boot/grub2/grub.cfg &> /dev/null
printf "$GRE 网络名称修改成功,请重启才能生效\n$END"
cat > /etc/sysconfig/network-scripts/ifcfg-eth0 <<EOF
DEVICE=eth0
NAME=eth0
BOOTPROTO=static
IPADDR=192.168.180.200
PREFIX=24
GATEWAY=192.168.180.2
DNS=192.168.180.2
DNS1=186.76.76.76
EOF
nmcli connection reload
nmcli connection up eth0
}
set_eth
5. 实现免密登陆脚本, expect登陆远程主机,将生成的密钥写入到目标主机, expect测试远程登陆。
1)通过shift读取脚本参数
2)通过select来选择功能.例如功能有
- 安装mysql
- 安装apache
- 免密钥登陆主机
当前我们只实现免密钥登陆主机
3)通过函数封装每个功能
4)将免密钥登陆的过程可以重复进行, while 循环实现重复,需要有退出过程。当用户输入exit时,退出免密钥功能。
5)支持输入一批主机免密钥,使用数组 实现
#!/bin/bash
#
#********************************************************************
#Author: liulinfeng
#QQ: 1981673454
#Date: 2023-07-27
#FileName: inin.sh
#URL: http://www.baidu.com
#Description: The test script
#Copyright (C): 2023 All rights reserved
#********************************************************************
COLOR="\E[1;$[RANDOM%7+31]m"
GRE="\E[1;32m"
END="\E[0m"
disable_selinux(){
#关闭selinux
sed -i.bak 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
printf "$GRE SELinux已禁用,重新启动后才生效\n$END"
}
disable_firewalld(){
#关闭防火墙
systemctl disable --now firewalld &> /dev/null
printf "$GRE 防火墙已关闭\n$END"
}
set_ps1(){
#修改提示符
echo "PS1='\[\e[1;32m\][\t \[\e[1;33m\]\u\[\e[35m\]@\h\[\e[1;31m\] \W\[\e[1;32m\]]\[\e[0m\]\\$'" > /etc/profile.d/env.sh
printf "$GRE 提示符修改成功,请重新登录\n$END"
}
install_package(){
yum -y install autofs vim-enhanced tcpdump autofs chrony lrzsz tree telnet ftp lftp redhat-lsb-core bash-completion net-tools postfix wget bzip2 zip unzip xz lsof mlocate man-pages rsync
}
set_repo(){
#配置yum仓库
if [ ! -d /etc/yum.repos.d/backup ];then
mkdir /etc/yum.repos.d/backup
else
mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/backup
fi
cat > /etc/yum.repos.d/base.repo <<EOF
[BaseOS]
name=base
baseurl=file:///misc/cd/BaseOS
https://mirror.tuna.tsinghua.edu.cn/centos/\$releasever/BaseOS/\$basearch/os/
https://mirrors.huaweicloud.com/centos/\$releasever/BaseOS/\$basearch/os/
https://mirrors.cloud.tencent.com/centos/\$releasever/BaseOS/\$basearch/os/
https://mirrors.aliyun.com/centos/\$releasever/BaseOS/\$basearch/os/
http://192.168.180.128/centos8/BaseOS/
gpgcheck=0
[AppStream]
name=AppStream
baseurl=file:///misc/cd/AppStream
https://mirror.tuna.tsinghua.edu.cn/centos/\$releasever/AppStream/\$basearch/os/
https://mirrors.huaweicloud.com/centos/\$releasever/AppStream/\$basearch/os/
https://mirrors.cloud.tencent.com/centos/\$releasever/AppStream/\$basearch/os/
https://mirrors.aliyun.com/centos/\$releasever/AppStream/\$basearch/os/
gpgcheck=0
[epel]
name=EPEL
baseurl=https://mirror.tuna.tsinghua.edu.cn/epel/\$releasever/Everything/\$basearch
https://mirrors.cloud.tencent.com/epel/\$releasever/Everything/\$basearch
https://mirrors.huaweicloud.com/epel/\$releasever/Everything/\$basearch
https://mirrors.aliyun.com/epel/\$releasever/Everything/\$basearch
gpgcheck=0
[extras]
name=extras
baseurl=https://mirror.tuna.tsinghua.edu.cn/centos/\$releasever/extras/\$basearch/os
https://mirrors.cloud.tencent.com/centos/\$releasever/extras/\$basearch/os
https://mirrors.huaweicloud.com/centos/\$releasever/extras/\$basearch/os
https://mirrors.aliyun.com/centos/\$releasever/extras/\$basearch/os
gpgcheck=0
enabled=1
EOF
printf "$GRE YUM仓库配置成功\n$END"
}
set_eth(){
sed -i.bak '/GRUB_CMDLINE_LINUX=/s#"$# net.ifnames=0"#' /etc/default/grub
grub2-mkconfig -o /boot/grub2/grub.cfg &> /dev/null
printf "$GRE 网络名称修改成功,请重启才能生效\n$END"
cat > /etc/sysconfig/network-scripts/ifcfg-eth0 <<EOF
DEVICE=eth0
NAME=eth0
BOOTPROTO=static
IPADDR=192.168.180.200
PREFIX=24
GATEWAY=192.168.180.2
DNS=192.168.180.2
DNS1=186.76.76.76
EOF
nmcli connection reload
nmcli connection up eth0
}
ssh_host(){
set_ssh(){
PASSWD=123456
while [[ "$1" ]];do
ping -c1 -w1 $1 &> /dev/null
if [ $? -eq 0 ];then
expect <<EOF
set timeout 20
spawn ssh-copy-id -i /root/.ssh/id_rsa.pub root@$1
expect {
"yes/no" { send "yes\n";exp_continue }
"password" { send "${PASSWD}\n" }
}
expect "]#" { send "exit\n" }
expect eof
EOF
else
printf "\E[1;31m $1 不可达\E[0m \n"
fi
shift
done
}
free_login(){
while [[ "$1" ]];do
expect <<EOF
set timeout 20
spawn ssh root@$1
expect "#" { send "exit\n" }
expect eof
EOF
shift
done
}
while true;do
declare -a IPS
while true;do
read -p "请输入合法IP,输入q/Q退出:" ip
[[ $ip =~ ^q|Q$ ]] && break
[[ $ip =~ ^(([1-9]?[0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([1-9]?[0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$ ]] && IPS[${#IPS[*]}]=$ip || { echo "IP不合法,请重新输入合法ip";continue; }
done
set_ssh ${IPS[*]}
free_login ${IPS[*]}
read -p "是否退出登录?输入exit退出,其他任意键继续:" var
[[ $var =~ ^exit ]] && break
done
}
mysql_install(){
rpm -qa |grep mysql-server
if [ $? -eq 0 ];then
systemctl start mysqld
printf "$COLOR mysql已安装,请启动程序$END"
else
yum install mysql-server -y
if [ $? -eq 0 ];then
systemctl start mysqld
printf "$GRE mysql安装成功且已启动 $END"
else
printf "$COLOR安装失败,请查看日志,重新安装$END"
fi
fi
}
apache_install(){
rpm -qa |grep httpd
if [ $? -eq 0 ];then
systemctl start httpd
printf "$COLOR Apache已安装,请启动程序$END"
else
yum install httpd -y
if [ $? -eq 0 ];then
systemctl start httpd
printf "$GRE Apache安装成功且已启动$END"
else
printf "$COLOR安装失败,请查看日志,重新安装$END"
fi
fi
}
PS3="请选择相应的编号(1-10): "
MENU='
禁用SELinux
关闭防火墙
修改提示符
创建yum仓库
配置静态IP
免密登录
安装mysql
安装Apache
实现1-5
退出
'
select M in $MENU;do
case $REPLY in
1)
disable_selinux
;;
2)
disable_firewalld
;;
3)
set_ps1
;;
4)
install_package
set_repo
;;
5)
set_eth
;;
6)
ssh_host
;;
7)
mysql_install
;;
8)
apache_install
;;
9)
disable_selinux
disable_firewalld
set_ps1
install_package
set_repo
set_eth
;;
10)
break
;;
*)
echo "请输入正确的数字"
esac
done
浙公网安备 33010602011771号