2018年全国职业技能大赛服务器部分-样题C卷(涉及LVM、RAID、IIS、DNS主从(Windows-Centos7)、IIS-Https,FTP)

 此篇为2018国赛专题第三篇,现将设计到的技术以及实现分享给各位。若有不妥或者需要改善之处请联系博主。

联系方式为(VX:Yvresse_ai)

环境说明:

云平台:RG-JCOS     操作系统:Centos7

样题C卷服务网络Topo:

 样题C卷系统Topo:

 A网卡信息及主机名:

 B网卡信息及主机名:

[root@b ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether fa:16:3e:2c:d2:b1 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.33/24 brd 192.168.1.255 scope global dynamic eth0
       valid_lft 84087sec preferred_lft 84087sec
    inet6 fe80::f816:3eff:fe2c:d2b1/64 scope link 
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether fa:16:3e:95:53:a9 brd ff:ff:ff:ff:ff:ff
    inet 192.168.2.33/24 brd 192.168.2.255 scope global eth1
       valid_lft forever preferred_lft forever
    inet6 fe80::f816:3eff:fe95:53a9/64 scope link 
       valid_lft forever preferred_lft forever

A创建软RAID要求如下:

1:建立RAID5,使用全部空间

2:驱动器号为D

查看新加的三块盘:

硬盘联机:

初始化硬盘:

新建RAID5卷:

添加三块盘并使用全部空间:

设置驱动器号:

转换为动态磁盘:

B创建LVM物理卷要求如下:

1:卷组名为datastore,PE大小为16M

2:逻辑卷名为ftp_data属于datastore,大小为10G

3:格式化为XFS,通过UUID实现自动挂载

配置本地YUM源:

创建本地挂载目录及备份文件目录:

[root@a ~]# mkdir /mnt/cdrom
[root@a ~]# mkdir /opt/copy

镜像挂载至本地挂载目录:

[root@a ~]# mount /root/CentOS-7-x86_64-DVD-1511.iso /mnt/cdrom/
mount: /dev/loop0 写保护,将以只读方式挂载

 备份YUM源文件及创建本地YUM源配置文件:

[root@a ~]# mv /etc/yum.repos.d/* /opt/copy/
[root@a ~]# vim /etc/yum.repos.d/dvd.repo
[dvd]
name=dvd
baseurl=file:///mnt/cdrom

 测试:

[root@a ~]# yum repolist
已加载插件:fastestmirror
dvd                                                                                                                                                                                                                  | 3.6 kB  00:00:00     
(1/2): dvd/group_gz                                                                                                                                                                                                  | 155 kB  00:00:00     
(2/2): dvd/primary_db                                                                                                                                                                                                | 2.8 MB  00:00:00     
Determining fastest mirrors
源标识                                                                                                               源名称                                                                                                            状态
dvd                                                                                                                  dvd                                                                                                               3,723
repolist: 3,723

查看云硬盘:

[root@b ~]# fdisk -l |grep vdb
磁盘 /dev/vdb:16.1 GB, 16106127360 字节,31457280 个扇区

创建分区:

[root@b ~]# fdisk /dev/vdb
欢迎使用 fdisk (util-linux 2.23.2)。

更改将停留在内存中,直到您决定将更改写入磁盘。
使用写入命令前请三思。

Device does not contain a recognized partition table
使用磁盘标识符 0x1d7f54d1 创建新的 DOS 磁盘标签。

命令(输入 m 获取帮助):n
Partition type:
   p   primary (0 primary, 0 extended, 4 free)
   e   extended
Select (default p): p
分区号 (1-4,默认 1):
起始 扇区 (2048-31457279,默认为 2048):
将使用默认值 2048
Last 扇区, +扇区 or +size{K,M,G} (2048-31457279,默认为 31457279):
将使用默认值 31457279
分区 1 已设置为 Linux 类型,大小设为 15 GiB

命令(输入 m 获取帮助):w
The partition table has been altered!

Calling ioctl() to re-read partition table.
正在同步磁盘。

初始化为物理卷:

[root@b ~]# pvcreate /dev/vdb1
  Physical volume "/dev/vdb1" successfully created

创建卷组:

[root@b ~]# vgcreate -s 16M datastore /dev/vdb1
  Volume group "datastore" successfully created

创建逻辑卷:

[root@b ~]# lvcreate -L 10G datastore -n ftp_data
  Logical volume "ftp_data" created.

格式化为XFS格式:

[root@b ~]# mkfs.xfs /dev/datastore/ftp_data 
meta-data=/dev/datastore/ftp_data isize=256    agcount=4, agsize=655360 blks
         =                       sectsz=512   attr=2, projid32bit=1
         =                       crc=0        finobt=0
data     =                       bsize=4096   blocks=2621440, imaxpct=25
         =                       sunit=0      swidth=0 blks
naming   =version 2              bsize=4096   ascii-ci=0 ftype=0
log      =internal log           bsize=4096   blocks=2560, version=2
         =                       sectsz=512   sunit=0 blks, lazy-count=1
realtime =none                   extsz=4096   blocks=0, rtextents=0

查看UUID:

[root@b ~]# blkid |grep ftp
/dev/mapper/datastore-ftp_data: UUID="7a6e09bf-8fe7-4f66-86f6-5cdd82ffb380" TYPE="xfs" 

实现自动挂载:

[root@b ~]# vim /etc/fstab 

#
# /etc/fstab
# Created by anaconda on Thu Sep 22 17:50:17 2016
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
/dev/mapper/centos-root /                       xfs     defaults        0 0
UUID=41f7a291-c7de-4694-a5ee-1e6313ff9f44 /boot                   xfs     defaults        0 0
/dev/mapper/centos-swap swap                    swap    defaults        0 0
UUID=7a6e09bf-8fe7-4f66-86f6-5cdd82ffb380 /data/ftp_data xfs defaults 0 0 

创建挂载目录并挂载:

[root@b ~]# mkdir -p /data/ftp_data
[root@b ~]# mount /dev/mapper/datastore-ftp_data /data/ftp_data/
[root@b ~]# mount |grep ftp
/dev/mapper/datastore-ftp_data on /data/ftp_data type xfs (rw,relatime,attr2,inode64,noquota)

A配置DNS服务要求如下:

1:ftp.rj.com解析到B

2:www.rj.com解析到A

3:建立反向解析实现www,和ftp的反向解析

4:建立B为从服务器,允许192.168.2.33进行区域传送

A安装DNS服务:

新建正向区域:

新建主机解析:

测试:

B配置从DNS服务器:

下载安装bind

[root@b ~]# yum install bind* -y > /dev/null 

测试启动:

[root@b ~]# systemctl restart named
[root@b ~]# systemctl enable named
Created symlink from /etc/systemd/system/multi-user.target.wants/named.service to /usr/lib/systemd/system/named.service.

备份配置文件:

[root@b ~]# cp /etc/named.conf /opt/copy/

修改配置文件设置从DNS:

[root@b ~]# cat /etc/named.conf |grep -v ^# |grep -v ^%
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
	listen-on port 53 { any; };
	listen-on-v6 port 53 { ::1; };
	directory 	"/var/named";
	dump-file 	"/var/named/data/cache_dump.db";
	statistics-file "/var/named/data/named_stats.txt";
	memstatistics-file "/var/named/data/named_mem_stats.txt";
	allow-query     { any; };

	/* 
	 - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
	 - If you are building a RECURSIVE (caching) DNS server, you need to enable 
	   recursion. 
	 - If your recursive DNS server has a public IP address, you MUST enable access 
	   control to limit queries to your legitimate users. Failing to do so will
	   cause your server to become part of large scale DNS amplification 
	   attacks. Implementing BCP38 within your network would greatly
	   reduce such attack surface 
	*/
	recursion yes;

	dnssec-enable yes;
	dnssec-validation yes;

	/* Path to ISC DLV key */
	bindkeys-file "/etc/named.iscdlv.key";

	managed-keys-directory "/var/named/dynamic";

	pid-file "/run/named/named.pid";
	session-keyfile "/run/named/session.key";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
	type hint;
	file "named.ca";
};

zone "rj.com" {
type slave;
masters { 192.168.2.22; };
file "slaves/rj.com.zone";
};
zone "0.16.172.in-addr.arpa" {
type slave;
masters { 192.168.2.22; };
file "slaves/0.16.172.in-addr.arpa";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

A设置区域传送:

查看从服务器区域传送文件:

[root@b ~]# ls /var/named/slaves/
0.16.172.in-addr.arpa  rj.com.zone

测试从服务器:

配置Web服务要求如下:

1:站点名称rj.com

2:站点目录为D:\webdata

3:配置https,由Bopenssl提供证书

4:设置做大连接数为1000,链接超时60s.带宽1000kb/s

5:使用W3C记录日志,时间节点为每天,当地时间为日志文件名

安装IIS管理器:

添加IIS站点:

IIS站点IP测试:

B使用openssl配置证书:

[root@b ~]# openssl genrsa -des3 -out ca.key 1024
Generating RSA private key, 1024 bit long modulus
..............................++++++
.......++++++
e is 65537 (0x10001)
Enter pass phrase for ca.key:
Verifying - Enter pass phrase for ca.key:
[root@b ~]# ls
ca.key  CentOS-7-x86_64-DVD-1511.iso
[root@b ~]# openssl rsa -in ca.key -out ca_decrypted.key
Enter pass phrase for ca.key:
writing RSA key
[root@b ~]# ls
ca_decrypted.key  ca.key  CentOS-7-x86_64-DVD-1511.iso
[root@b ~]# openssl req -new -x509 -days 365 -key ca.key -out ca.crt
Enter pass phrase for ca.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:tj
State or Province Name (full name) []:tj
Locality Name (eg, city) [Default City]:tj
Organization Name (eg, company) [Default Company Ltd]:tj
Organizational Unit Name (eg, section) []:tj
Common Name (eg, your name or your server's hostname) []:www.rj.com
Email Address []:
[root@b ~]# ls
ca.crt  ca_decrypted.key  ca.key  CentOS-7-x86_64-DVD-1511.iso
[root@b ~]# openssl genrsa -des3 -out www.rj.com.pem 1024
Generating RSA private key, 1024 bit long modulus
.........++++++
.................................................................................++++++
e is 65537 (0x10001)
Enter pass phrase for www.rj.com.pem:
Verifying - Enter pass phrase for www.rj.com.pem:
[root@b ~]# ls
ca.crt  ca_decrypted.key  ca.key  CentOS-7-x86_64-DVD-1511.iso  www.rj.com.pem
[root@b ~]# openssl rsa -in www.rj.com.pem -out www.rj.com.key
Enter pass phrase for www.rj.com.pem:
writing RSA key
[root@b ~]# ls
ca.crt  ca_decrypted.key  ca.key  CentOS-7-x86_64-DVD-1511.iso  www.rj.com.key  www.rj.com.pem
[root@b ~]# openssl req -new -key www.rj.com.pem -out www.rj.com.csr
Enter pass phrase for www.rj.com.pem:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:tj
State or Province Name (full name) []:tj
Locality Name (eg, city) [Default City]:tj
Organization Name (eg, company) [Default Company Ltd]:tj
Organizational Unit Name (eg, section) []:tj
Common Name (eg, your name or your server's hostname) []:www.rj.com
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@b ~]# touch /etc/pki/CA/index.txt
[root@b ~]# echo "01" > /etc/pki/CA/serial
[root@b ~]# openssl ca -policy policy_anything -days 365 -cert ca.crt -keyfile ca.key -in www.rj.com.csr -out www.rj.com.crt
Using configuration from /etc/pki/tls/openssl.cnf
Enter pass phrase for ca.key:
Check that the request matches the signature
Signature ok
Certificate Details:
        Serial Number: 1 (0x1)
        Validity
▽           Not Before: Apr 23 10:48:15 2019 GMT
            Not After : Apr 22 10:48:15 2020 GMT
        Subject:
            countryName               = tj
            stateOrProvinceName       = tj
            localityName              = tj
            organizationName          = tj
            organizationalUnitName    = tj
            commonName                = www.rj.com
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            Netscape Comment: 
                OpenSSL Generated Certificate
            X509v3 Subject Key Identifier: 
                14:C9:CB:0C:7A:E3:01:DE:79:8E:54:E7:CE:C3:18:DF:33:A7:E4:61
            X509v3 Authority Key Identifier: 
                keyid:78:58:77:77:6A:0B:59:7D:FD:FF:9B:4E:02:9C:1E:D3:93:C0:7B:7C

Certificate is to be certified until Apr 22 10:48:15 2020 GMT (365 days)
Sign the certificate? [y/n]:y


1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
[root@b ~]# openssl pkcs12 -export -out www.rj.com.pfx -inkey www.rj.com.key -in www.rj.com.crt 
Enter Export Password:
Verifying - Enter Export Password:

安装vsftp将www.rj.com.pfx共享给Windows:

[root@b ~]# yum install vsftpd* -y > /dev/null 
[root@b ~]# systemctl resstart vsftpd
Unknown operation 'resstart'.
[root@b ~]# systemctl restart vsftpd
[root@b ~]# cp www.rj.com.pfx /var/ftp/pub/

Windows查看共享并下载到本地:

导入证书:

绑定HTTPS:

测试:

关于信任此证书可自行导入本地信任。

设置网站最大连接数及超时和带宽:

生成日志:

B配置FTP可参考B卷FTP设置(完全一样)

B卷(链接)

 

至此C卷服务器部分已完,本人认为HTTPS还是有问题的,但是确实也不知道有什么好的办法了,若有知道的朋友,请联系我。

 

 

發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.
相關文章