文章目录
- 1.配置系统以使用默认存储库
- 1.调试selinux
- 2.创建用户账户
- 3.配置cron
- 4. 创建写作目录
- 5. 配置NTP
- 6.配置autofs
- 配置文件权限
- 容器解法
- 1.修改journal配置文件
- 2.重启服务
- 3.拷贝文件到指定目录
- 4.修改拥有人所属组
- 5.修改umask
- 6.切换elovodo用户
- 7.登录容器仓库
- 8.拉取镜像
- 9.运行容器
- 10.创建普通用户的systemd服务器配置文件目录
- 11.使用podman命令自动生成podman容器服务文件
- 12. 将容器服务文件的名字改成题目上要求的名字
- 13.停止容器,删除容器
- 14.开启普通用户使用systemd管理自己服务的权限
- 15.设置容器服务器下次开机启动
- 16.查看状态
- 17.执行命令
1.配置系统以使用默认存储库
[baseos]
name = baseos
baseurl = http://repo.domain10.example.com/rhel80/BaseOS
enable = yes
gpgcheck = 0
[appstream]
name = appstream
baseurl = http://repo.domain10.example.com/rhel80/AppStream
enable = yes
gpgcheck = 0
1.调试selinux
[root@system1 ~]# setenforce 1
[root@system1 ~]# yum provides semanage
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
Last metadata expiration check: 0:03:32 ago on Wed 18 Oct 2023 08:03:49 PM CST.
policycoreutils-python-utils-2.9-9.el8.noarch : SELinux policy core python utilities
Repo : @System
Matched from:
Filename : /usr/sbin/semanage
policycoreutils-python-utils-2.8-16.1.el8.noarch : SELinux policy core python utilities
Repo : baseos
Matched from:
Filename : /usr/sbin/semanage
[root@system1 ~]# yum -y install policycoreutils-python-utils
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
appstream 408 kB/s | 3.2 kB 00:00
baseos 410 kB/s | 2.7 kB 00:00
Package policycoreutils-python-utils-2.9-9.el8.noarch is already installed.
Dependencies resolved.
Nothing to do.
Complete!
[root@system1 ~]# semanage fcontext -a -t httpd_sys_content_t "/var/www/html(/.*)?"
[root@system1 ~]# restorecon -RvF /var/www/html
Relabeled /var/www/html/index.html from unconfined_u:object_r:httpd_sys_content_t:s0 to system_u:object_r:httpd_sys_content_t:s0
[root@system1 ~]#
[root@system1 ~]# semanage port -a -t http_port_t -p tcp 82
[root@system1 ~]# semanage port -l | grep http
http_cache_port_t tcp 8080, 8118, 8123, 10001-10010
http_cache_port_t udp 3130
http_port_t tcp 82, 80, 81, 443, 488, 8008, 8009, 8443, 9000
pegasus_http_port_t tcp 5988
pegasus_https_port_t tcp 5989
[root@system1 ~]# curl localhost:82
第二题的web页面
[root@system1 ~]# firewall-cmd --add-port=82/tcp --per
success
[root@system1 ~]# firewall-cmd --reload
success
[root@system1 ~]#
sh-4.4# ssh root@172.24.10.201
Last login: Fri Apr 24 00:26:32 2020 from 172.24.10.100
[root@system2 ~]# curl 172.24.10.150:82
第二题的web页面
[root@system2 ~]#
2.创建用户账户
[root@system1 ~]# groupadd sysmgrs -g 30000
[root@system1 ~]# useradd -G sysmgrs natasha
[root@system1 ~]# useradd -G sysmgrs harry
[root@system1 ~]# useradd sarah -s /sbin/nologin
[root@system1 ~]# echo 123 | passwd --stdin natasha
Changing password for user natasha.
passwd: all authentication tokens updated successfully.
[root@system1 ~]# echo 123 | passwd --stdin harry
Changing password for user harry.
passwd: all authentication tokens updated successfully.
[root@system1 ~]# echo 123 | passwd --stdin sarah
Changing password for user sarah.
passwd: all authentication tokens updated successfully.
[root@system1 ~]#
3.配置cron
crontab -e -u natasha
*/5 * * * * logger "EX200 in progress"
23 14 * * * /bin/echo enjia
[root@system1 ~]# crontab -l -u natasha
*/5 * * * * logger "EX200 in progress"
23 14 * * * /bin/echo enjia
[root@system1 ~]#
[root@system1 ~]# systemctl is-enabled crond
enabled
[root@system1 ~]# systemctl is-active crond
active
[root@system1 ~]#
4. 创建写作目录
[root@system1 ~]# mkdir /home/managers
[root@system1 ~]# chgrp sysmgrs /home/managers
[root@system1 ~]# chmod g=rwx,o=--- /home/managers
[root@system1 ~]# chmod g+s /home/managers
[root@system1 ~]# ll -ld /home/managers
drwxrws---. 2 root sysmgrs 6 Oct 18 20:26 /home/managers
[root@system1 ~]#
5. 配置NTP
vim /etc/chrony.conf
server host.domain10.example.com iburst:WQ
[root@system1 ~]# systemctl enable chronyd --now
[root@system1 ~]# systemctl restart chronyd
[root@system1 ~]# chronyc sources
210 Number of sources = 0
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
[root@system1 ~]# chronyc -n sources
210 Number of sources = 1
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^? 172.24.10.100 0 6 0 - +0ns[ +0ns] +/- 0ns
[root@system1 ~]#
6.配置autofs
yum -y install autofs nfs-utils
/rhel /etc/auto.user1
vim /etc/auto.master
/rhel /etc/auto.user1
vim /etc/auto.user1
user1 -rw host.domain10.example.com:/rhel/user1
[root@system1 ~]# systemctl restart autofs
[root@system1 ~]# systemctl enable autofs
Created symlink /etc/systemd/system/multi-user.target.wants/autofs.service \u2192 /usr/lib/systemd/system/autofs.service.
[root@system1 ~]#
[root@system1 ~]# df -Th /rhel/user1
Filesystem Type Size Used Avail Use% Mounted on
host.domain10.example.com:/rhel/user1 nfs4 100G 19G 81G 19% /rhel/user1
[root@system1 ~]#
配置文件权限
[root@system1 ~]# cp /etc/fstab /var/tmp/fstab
[root@system1 ~]# chown root:root /var/tmp/fstab
[root@system1 ~]# chmod a-x /var/tmp/fstab
[root@system1 ~]# setfacl -m u:natasha:rw /var/tmp/fstab
[root@system1 ~]# setfacl -m u:harry:--- /var/tmp/fstab
[root@system1 ~]# chmod o=r-- /var/tmp/fstab
[root@system1 ~]# ll -ld /var/tmp/fstab
-rw-rw-r--+ 1 root root 666 Oct 18 20:54 /var/tmp/fstab
[root@system1 ~]#
容器解法
1.修改journal配置文件
以root身份进行
[root@system1 ~]# vim /etc/systemd/journald.conf
Storage=persistent
2.重启服务
[root@system1 ~]# systemctl restart systemd-journald
3.拷贝文件到指定目录
考试题要求:将/var/log/journal目录及任何子目录下的任何.journal复制到/home/elovodo/container_journal
(切记这是以root身份拷贝的)
find /var/log/journal/ -name "*.journal" -exec cp -a {} /home/elovodo/container_journal/ \;
4.修改拥有人所属组
chown -R elovodo:elovodo /home/elovodo/container_journal/
5.修改umask
vim /home/elovodo/.bashrc
6.切换elovodo用户
这个时候才进入主题,切换为elovodo用户哦
ssh elovodo@localhost
7.登录容器仓库
[elovodo@system1 ~]$ podman login utility.example.com:5000
Username: gls
Password:
Login Succeeded!
[elovodo@system1 ~]$
8.拉取镜像
如果题目没给到具体网址,就search来搜索一下
podman search rlogserver
podman pull utility.example.com:5000/rlogserver
9.运行容器
podman run -itd -v /home/elovodo/container_journal/:/var/log/journal/:z --name container_logserver utility.example.com:5000/rlogserver
10.创建普通用户的systemd服务器配置文件目录
[elovodo@system1 ~]$ mkdir ~/.config/systemd/user -p
[elovodo@system1 ~]$ cd ~/.config/systemd/user/
[elovodo@system1 user]$
11.使用podman命令自动生成podman容器服务文件
[elovodo@system1 user]$ podman generate systemd --new --files --name container_logserver
/home/elovodo/.config/systemd/user/container-container_logserver.service
[elovodo@system1 user]$
12. 将容器服务文件的名字改成题目上要求的名字
[elovodo@system1 user]$ mv container-container_logserver.service container_logserver.service
[elovodo@system1 user]$
13.停止容器,删除容器
[elovodo@system1 user]$ podman stop container_logserver
91e4bb2fed1c77dade2461902ec7d20299f37778468aa18021b62e2cb17e4788
[elovodo@system1 user]$ podman rm container_logserver
91e4bb2fed1c77dade2461902ec7d20299f37778468aa18021b62e2cb17e4788
[elovodo@system1 user]$
14.开启普通用户使用systemd管理自己服务的权限
[elovodo@system1 user]$ loginctl enable-linger
[elovodo@system1 user]$ systemctl --user daemon-reload
[elovodo@system1 user]$
15.设置容器服务器下次开机启动
[elovodo@system1 user]$ systemctl --user enable container_logserver --now
Created symlink /home/elovodo/.config/systemd/user/multi-user.target.wants/container_logserver.service \u2192 /home/elovodo/.config/systemd/user/container_logserver.service.
Created symlink /home/elovodo/.config/systemd/user/default.target.wants/container_logserver.service \u2192 /home/elovodo/.config/systemd/user/container_logserver.service.
[elovodo@system1 user]$
16.查看状态
systemctl --user status container_logserver
17.执行命令
podman exec container_logserver ls
