实验题目:
主机环境描述:
| 主机名 | 主机地址 | 需要提供的服务 |
| content.exam.com | 172.25.250.101 | 提供基于 httpd/nginx 的 YUM仓库服务 |
| ntp.exam.com | 172.25.250.102 | 提供基于Chronyd 的 NTP 服务 |
| mysql.exam.com | 172.25.250.103 | 提供基于 MySQL 的数据库服务 |
| nfs.exam.com | 172.25.250.104 | 提供基于 NFS 的网络文件系统服务 |
| dns.exam.com | 172.25.250.105 | 提供基于 bind 的 DNS 服务 |
| bbs.exam.com | 172.25.250.106 | 提供基于 Discuz 的论坛服务 |
注意:172.25.250.101-172.25.250.105 共 5 个 IP 地址由servera.exam.com服务器进行提供。 172.25.250.106 由 serverb.exam.com 服务器进行提供。
需求描述:
项目需求:
1、172.25.250.101 主机上的 Web 服务要求提供 www.exam.com Web站点,该站点在任何路由可达 的主机上被访问,页面内容显示为 "Hello,Welcome to www.exam.com !",并提供 content.exam.com/yum/AppStream和content.exam.com/yum/BaseOS URL 作为网络仓库供所 有主机使用。
2、172.25.250.102 主机提供基于Chronyd 的 NTP 服务将本主机作为时间服务器,对外提供 NTP 服 务,并设置本服务器为 3 层。
3、172.25.250.103 主机提供的MySQL 数据库服务,要求使用需求1中提供的仓库进行安装,并将数据 库密码设定为 redhat。创建名称为 bbs 的数据库提供给论坛服务使用。
4、172.25.250.104 主机提供 NFS 服务,该服务将导出本地的 /bbs 目录作为论坛数据目录,该导出指 定只能论坛所在主机使用,并且开机自动挂载。
5、172.25.250.105 主机提供 DNS 服务,该服务需要提供对项目中所有主机名的正向和反向解析,并 要求所有服务器的 DNS 配置为该 DNS 服务器。
6、172.25.250.106 主机提供基于 Discuz 的论坛服务,该论坛服务使用 172.25.250.103 主机提供的数 据库 bbs,使用 172.25.250.104 主机提供的 NFS 作为论坛数据目录,并开机挂载。并使用 172.25.250.101 主机提供的网络仓库,172.25.250.102 主机提供的 NTP 服务,172.25.250.105 主 机提供的 DNS 服务
7、所有服务器的防火墙服务和 SELinux 服务必须开启。
8、所有服务器提供的网络服务必须在系统重启后仍然可以正常提供服务。
9、根据所有服务的相关代码,编写一键部署shell脚本,最基础的功能为 通过执行该脚本实现所有上面 所有需求,要求脚本必须在 servera.exam.com 主机上运行,并支持多次运行。
实验步骤:
1、更改IP地址和DNS
servera:
###ipv4
echo "-----changing ipv4 wait-----"
hostnamectl set-hostname servera.exam.com
nmcli connection modify ens160 +ipv4.addresses 172.25.250.101/24
nmcli connection modify ens160 +ipv4.addresses 172.25.250.102/24
nmcli connection modify ens160 +ipv4.addresses 172.25.250.103/24
nmcli connection modify ens160 +ipv4.addresses 172.25.250.104/24
nmcli connection modify ens160 +ipv4.addresses 172.25.250.105/24
nmcli connection modify ens160 ipv4.gateway 172.25.250.2 ipv4.dns 172.25.250.105 ipv4.method manual connection.autoconnect yes
nmcli connection up ens160 &> /dev/null
echo "ipv4 change success"
pzdns=$(dig | grep SERVER: | awk -F# '{ print $1 }' | awk -F: '{ print $2 }')
if [ "$pzdns" == " 172.25.250.105" ]
then
echo "dns成功修改为172.25.250.105"
else
echo "dns修改失败"
fi
serverb:
ssh root@172.25.250.106 << 'ALLEOF'
hostnamectl set-hostname serverb.exam.com
nmcli connection modify ens160 +ipv4.addresses 172.25.250.106/24
nmcli connection modify ens160 +ipv4.addresses 172.25.250.106/24 ipv4.gateway 172.25.250.2 ipv4.dns 172.25.250.105 ipv4.method manual connection.autoconnect yes
nmcli connection up ens160 &> /dev/null
echo "Modified successfully"
2、公钥互信
主机servera与serverb进行公钥互信:使用ssh服务完成
#密钥互信
echo "" > /etc/yum.repos.d/rpm.repo
cat > /etc/yum.repos.d/rpm.repo << EOF
[baseos]
name=baseos
baseurl=/mnt/BaseOS
gpgcheck=0
[appstream]
name=appstream
baseurl=/mnt/AppStream
gpgcheck=0
EOF
mount /dev/sr0 /mnt &> /dev/null
xs=$(ls /mnt/GPL) &> /dev/null
if [ $xs == "/mnt/GPL" ]
then
echo "挂载成功"
else
echo "挂载失败"
exit 2
fi
dnf repolist &> /dev/null
if [ $? -eq 0 ]
then
echo "The source is ready"
else
echo "The source is error"
fi
ls /root/.ssh/id_rsa &> /dev/null
if [ $? -eq 0 ]
then
echo "互信已经完成"
else
ssh-keygen -t ed25519 -C "comment" -f /root/.ssh/id_rsa -N ''
fi
mkdir -p /root/.ssh &> /dev/null
chmod 700 /root/.ssh &> /dev/null
touch /root/.ssh/authorized_keys &> /dev/null
chmod 600 /root/.ssh/authorized_keys &> /dev/null
if ! command -v sshpass &> /dev/null
then
yum install -y sshpass &> /dev/null
fi
sshpass -p "redhat" ssh-copy-id -i /root/.ssh/id_rsa.pub root@172.25.250.106
if [ $? -eq 0 ]
then
echo "连接中......."
else
echo "互信失败"
exit 1
fi
ls /root/.ssh/authorized_keys &> /dev/null
if [ $? -eq 0 ]
then
echo "互信完成OK"
else
scp root@172.25.250.106:/root/.ssh/id_rsa.pub /root/.ssh/authorized_keys &> /dev/null
echo "密钥发送"
fi
3、搭建nginx服务器
在172.25.250.105上搭建nginx服务
###install nginx-service
dnf install nginx -y &> /dev/null
if [ $? -eq 0 ]
then
rpm -qa | grep nginx &> /dev/null
if [ $? -eq 0 ]
then
echo "nginx-service install successful"
else
echo "nginx-service install error"
fi
else
echo "nginx-service install error"
fi
###start nginx-service
systemctl start nginx &> /dev/null
if [ $? -eq 0 ]
then
NGINX=$(systemctl is-active nginx)
if [ $NGINX == "active" ]
then
echo "The nginx-service start successful"
else
echo "The nginx-service start error"
fi
else
echo "The nginx-service start error"
fi
systemctl enable nginx &> /dev/null
### configuration file
cat > /etc/nginx/conf.d/exam.conf << EOF
server {
server_name www.exam.com;
root /var/www/;
access_log /var/log/nginx/exam/access.log;
error_log /var/log/nginx/exam/error.log;
}
EOF
cat > /etc/nginx/nginx.conf << EOF
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '\$remote_addr - \$remote_user \$time_local "\$request" '
'\$status \$body_bytes_sent "\$http_referer" '
'"\$http_user_agent" "\$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 4096;
include /etc/nginx/mime.types;
default_type application/octet-stream;
include /etc/nginx/conf.d/*.conf;
server {
listen 172.25.250.101;
server_name www.exam.com;
root /var/www;
index index.html index.htm;
location / {
try_files \$uri \$uri/ =404;
allow all;
}
location /var/www {
deny all;
allow all;
internal;
}
location /var/www/yum/ {
allow all;
deny all;
allow all;
}
}
}
EOF
cat > /etc/hosts << EOF
172.25.250.101 www.exam.com
EOF
if [ $? -eq 0 ]
then
echo "configuration file successful"
else
echo "configuration file error"
fi
###mkdir file
mkdir /var/www &> /dev/null
ls /var/www &> /dev/null
if [ $? -eq 0 ]
then
echo "file1 make successful"
else
echo "file1 make error"
fi
mkdir /var/log/nginx/exam &> /dev/null
ls /var/log/nginx/exam &> /dev/null
if [ $? -eq 0 ]
then
echo "file2 make successful"
else
echo "file2 make error"
fi
echo Hello welcome to www.exam.com > /var/www/index.html
#firewalld rules
RULES1=$(firewall-cmd --permanent --add-service=http)
if [ "$RULES1" == "success" ]
then
echo "firewalld ok"
elif [ "$RULES1" == "Warning: ALREADY_ENABLED: http" ]
then
echo "firealld ok"
else
echo "firewalld error"
fi
RULES2=$(firewall-cmd --reload)
if [ "$RULES2" == "success" ]
then
echo "firewalld reload successful"
else
echo "firewall reload error"
fi
###SELiunx
chcon_http=`ls -Zl /var/www/index.html | awk '{print $5}' | awk -F: '{print $3}'`
if [ "$chcon_http" = "httpd_sys_content_t" ]
then
echo "标签修改成功"
else
chcon -t httpd_sys_content_t /var/www/index.html
fi
#restart nginx-service
systemctl restart nginx
if [ $? -eq 0 ]
then
echo "nginx-service restart successful"
else
echo "nginx-service restart error"
fi
#test nginx-service
NGPAGE=$(curl -s www.exam.com)
if [ "$NGPAGE" == "Hello welcome to www.exam.com" ]
then
echo "The nginx-service test successful"
else
echo "The nginx-service test error"
fi
4、搭建DNS正反向解析
### dnf install bind
dnf install bind -y &> /dev/null
if [ $? -eq 0 ]
then
rpm -qa | grep bind &> /dev/null
if [ $? -eq 0 ]
then
echo "The bind-service install success"
else
echo "The bind-service install error"
fi
else
echo "The bind-service install error"
fi
### start named-service
systemctl start named &> /dev/null
if [ $? -eq 0 ]
then
NAMED=$(systemctl is-active named) &> /dev/null
if [ "$NAMED" == "active" ]
then
echo "named-service start successful"
else
echo "named-service start error"
fi
else
echo "named-service start error"
fi
###configuration file
cat > /etc/named.conf << EOF
options {
listen-on port 53 { 172.25.250.105; };
directory "/var/named";
};
zone "exam.com" IN {
type master;
file "named.exam";
};
zone "250.25.172.in-addr.arpa" IN {
type master;
file "named.fanxiang";
};
EOF
cat > /var/named/named.exam << EOF
\$TTL 1D
@ IN SOA @ admin.exam.com. (
0
1D
1D
2D
1D)
IN NS ns.exam.com.
IN MX 10 mail.exam.com.
ns IN A 172.25.250.101
content IN A 172.25.250.101
www IN A 172.25.250.101
ntp IN A 172.25.250.102
mysql IN A 172.25.250.103
dns IN A 172.25.250.105
nfs IN A 172.25.250.104
bbs IN A 172.25.250.106
EOF
##fanxiang
cat > /var/named/named.fanxiang << EOF
\$TTL 1D
@ IN SOA @ admin.exam.com.(
0
1
1
2
1)
IN NS ns.exam.com.
101 IN PTR content.exam.com.
102 IN PTR ntp.exam.com.
103 IN PTR mysql.exam.com.
104 IN PTR nfs.exam.com.
105 IN PTR dns.exam.com.
106 IN PTR bbs.exam.com.
EOF
if [ $? -eq 0 ]
then
echo "make configuration file success"
else
echo "make configuration file error"
fi
### firewalld rules
RULES3=$(firewall-cmd --permanent --add-service=dns)
if [ "$RULES3" == "success" ]
then
echo "firewalld ok"
elif [ "$RULES3" == "Warning: ALREADY_ENABLED: dns" ]
then
echo "firewalld ok"
else
echo "firewall error"
fi
#### reload firewalld rules
RULES4=$(firewall-cmd --reload)
if [ "$RULES4" == "success" ]
then
echo "firewalld reload success"
else
echo "firewalld reload error"
fi
### restart dns-service
systemctl restart named &> /dev/null
if [ $? -eq 0 ]
then
echo "DNS-Service restart successful"
else
echo "DNS-Service restart error"
fi
###test DNS
DNS=$(curl -s content.exam.com)
if [ "$DNS" == "Hello welcome to www.exam.com" ]
then
echo "The DNS-service test successful"
else
echo "The DNS-service test error"
fi
5、配置网络仓库
##yumsource
mkdir /var/www/yum &> /dev/null
ls /var/www/yum &> /dev/null
if [ $? -eq 0 ]
then
echo "The file make successful"
else
echo "The file make error"
fi
##yum
cat > /etc/yum.repos.d/rpm.repo << EOF
[baseos]
name=baseos
baseurl=http://content.exam.com/yum/BaseOS
gpgcheck=0
[appstream]
name=appstream
baseurl=http://content.exam.com/yum/AppStream
gpgcheck=0
EOF
###Re mount
umount /dev/sr0 /mnt &> /dev/null
mount /dev/sr0 /var/www/yum &> /dev/null
ls /var/www/yum/GPL &> /dev/null
if [ $? -eq 0 ]
then
echo "Re mount successful"
else
echo "Re mount error"
fi
6、搭建NTP时间服务器
注意是在172.25.250.102上搭建服务器
ssh root@172.25.250.102 << 'END'
if grep -q '^#pool 2.rhel.pool.ntp.org iburst' /etc/chrony.conf
then
echo "The line in the configuration file has been commented out"
else
sed -i '/pool 2.rhel.pool.ntp.org iburst/s/^/#/' /etc/chrony.conf
echo "The annotation of this line in the configuration file was successful"
fi
cat > /etc/chrony.conf << EOF
local stratum 3
server 172.25.250.102 iburst
allow 172.25.250.0/24
log measurements statistics tracking
EOF
####firewalld rules
RULES5=$(firewall-cmd --permanent --add-service=ntp)
if [ "$RULES5" == "success" ]
then
echo " The firewalld rules ok"
elif [ "$RULES5" == "Warning: ALREADY_ENABLED: ntp" ]
then
echo "The firewalld rules ok"
else
echo "The firewalld rules error"
fi
####reload firewalld
RULES6=$(firewall-cmd --reload)
if [ "$RULES6" == "success" ]
then
echo "The firewalld rules reload successful"
else
echo "The firewalld rules reload error"
fi
####restart time-service
systemctl restart chronyd.service &> /dev/null
if [ $? -eq 0 ]
then
echo "Time-service restart successful"
else
echo "Time-service restart error"
fi
###test time-service
chronyc sources &> /dev/null
if [ $? -eq 0 ]
then
echo "The time-service test successful"
else
fi
END
7、NTP客户端
客户端在172.25.250.106主机上
###time-service client
ssh root@172.25.250.106 << 'EONF'
###insatll time-service
dnf install vim net-tools bash-com* -y &> /dev/null
if [ $? -eq 0 ]
then
rpm -qa | grep chrony &> /dev/null
if [ $? -eq 0 ]
then
echo "The time-service install successful"
else
echo "The time-service install error"
fi
else
echo "The time-service install error"
fi
####time-service client
if grep -q '^#pool 2.rhel.pool.ntp.org iburst' /etc/chrony.conf
then
echo "The line in the configuration file has been commented out"
else
sed -i '/pool 2.rhel.pool.ntp.org iburst/s/^/#/' /etc/chrony.conf
echo "The annotation of this line in the configuration file was successful"
fi
cat > /etc/chrony.conf << EOF
server 172.25.250.102 iburst
EOF
####firewall rules
RULES7=$(firewall-cmd --permanent --add-service=ntp)
if [ "$RULES7" == "success" ]
then
echo " The firewalld rules ok"
elif [ "$RULES7" == "Warning: ALREADY_ENABLED: ntp" ]
then
echo "The firewalld rules ok"
else
echo "The firewalld rules error"
fi
####reload firewalld
RULES8=$(firewall-cmd --reload)
if [ "$RULES8" == "success" ]
then
echo "The firewalld rules reload successful"
else
echo "The firewalld rules reload error"
fi
###restart time-service
systemctl restart chronyd.service &> /dev/null
if [ $? -eq 0 ]
then
echo "Time-service restart successful"
else
echo "Time-service restart error"
fi
###test time-service
chronyc sources &> /dev/null
if [ $? -eq 0 ]
then
echo "The time-service test successful"
else
echo "The time-service test error"
fi
EONF
8、MySQL数据库
数据库在172.25.250.103主机上
###mysql-service
###install mysql-service
ssh root@172.25.250.103 << 'EOCF'
dnf install mariadb mariadb-server -y &> /dev/null
if [ $? -eq 0 ]
then
rpm -qa | grep mariadb-server &> /dev/null
if [ $? -eq 0 ]
then
echo "Mysql-service install successful"
else
echo "Mysql-service install error"
fi
else
echo "Mysql-service install error"
fi
###firewalld rules
RULES10=$(firewall-cmd --permanent --add-port=3306/tcp)
if [ "$RULES10" == "success" ]
then
echo " The firewalld rules ok"
elif [ "$RULES10" == "Warning: ALREADY_ENABLED: 3306:tcp" ]
then
echo "The firewalld rules ok"
else
echo "The firewalld rules error"
fi
####reload firewalld
RULES11=$(firewall-cmd --reload)
if [ "$RULES11" == "success" ]
then
echo "The firewalld rules reload successful"
else
echo "The firewalld rules reload error"
fi
###start mysql-service
systemctl start mariadb.service &> /dev/null
if [ $? -eq 0 ]
then
MY=$(systemctl is-active mariadb.service)
if [ "$MY" == "active" ]
then
echo "Mysql start successful"
else
echo "Mysql start error"
fi
else
echo "Mysql start error"
fi
###login and passwd
mysqladmin -u root password "redhat" &>/dev/null
if mysql -u root -predhat -e "USE bbs"
then
echo "database ok"
else
mysql -u root -predhat<<EOF
create database bbs;
grant all privileges on *.* to 'root'@'%' identified by 'redhat';
flush privileges;
EOF
fi
####start mysql-service
systemctl restart mariadb.service &> /dev/null
if [ $? -eq 0 ]
then
echo "Successfully logged in and created the BBS database"
else
echo "Login failed, creation of BBS database failed"
fi
EOCF
9、搭建NFS服务器
在172.25.250.104主机
####NFS-service
ssh root@172.25.250.104 << 'END'
####install nfs-serice
dnf install nfs-utils -y &> /dev/nll
if [ $? -eq 0 ]
then
rpm -qa | grep nfs-utils &> /dev/null
if [ $? -eq 0 ]
then
echo "The NFS-server install successful"
else
echo "The NFS-server install error"
fi
else
echo "The NFS-sercer install error"
fi
###start NFS-service
systemctl start nfs-server &> /dev/null
if [ $? -eq 0 ]
then
NNN=$(systemctl is-active nfs-server)
if [ "$NNN" == "active" ]
then
echo "The NFS-service start successful"
else
echo "The NFS-service start error"
fi
else
echo "The NFs-service start error"
fi
####make file
mkdir /bbs &> /dev/null
ls /bbs &> /dev/null
if [ $? -eq 0 ]
then
echo "The /bbs make success"
else
echo "The /bbs make error"
fi
####Modify permissions
chmod 777 /bbs &> /dev/null
if [ $? -eq 0 ]
then
echo "Modify permissions successful"
else
echo "Modify permissions error"
fi
###echo file
cat > /etc/exports << EONF
/bbs 172.25.250.106(rw,sync)
EONF
###firewalld rules
NFS1=$(firewall-cmd --permanent --add-service=rpc-bind --add-service=mountd --add-service=nfs)
if [ "$NFS1" == "success" ]
then
echo "The firewalld rules ok"
elif [ "$NFS1" == "Warning: ALREADY_ENABLED: 'rpc-bind' already in 'public'
Warning: ALREADY_ENABLED: 'mountd' already in 'public'
Warning: ALREADY_ENABLED: 'nfs' already in 'public'" ]
then
echo "The firewalld rules ok"
else
echo "The firewalld rules error"
fi
###firewalld reload
NFS2=$(firewall-cmd --reload)
if [ "$NFS2" == "success" ]
then
echo "The firewalld reoad suceessful"
else
echo "The firewalld reload error"
fi
###retart nfs-service
systemctl restart nfs-server &> /dev/null
if [ $? -eq 0 ]
then
echo "nfs-service make successful"
else
echo "nfs-service make error"
fi
END
10、搭建Discuz论坛(nginx)(NFS客户端)
###Forum construction
ssh root@172.25.250.106 << 'ALLEOF'
###install httpd-service
dnf install php* -y &> /dev/null
if [ $? -eq 0 ]
then
rpm -qa | grep php &> /dev/null
if [ $? -eq 0 ]
then
echo "The php-service install successful"
else
echo "The php-service install error"
fi
else
echo "The php-service install error"
fi
###firewalld rules
HTTP=$(firewall-cmd --permanent --add-port=80/tcp)
if [ "$HTTP" == "success" ]
then
echo "The firewalld is ok"
elif [ "$HTTP" == ""Warning: ALREADY_ENABLED: 80:tcp ]
then
echo "The firewalld is ok"
else
echo "The firewalld is error"
fi
PPP=$(firewall-cmd --reload)
if [ "$PPP" == "success" ]
then
echo "firewalld reload ok"
else
echo "firewalld reload error"
fi
###install nfs
dnf install nfs-utils -y &> /dev/null
if [ $? -eq 0 ]
then
rpm -qa | grep nfs &> /dev/null
if [ $? -eq 0 ]
then
echo "The nfs-service install successful"
else
echo "The nfs-service install error"
fi
else
echo "The nfs-service install error"
fi
##start nfs
systemctl start nfs-server &> /dev/null
if [ $? -eq 0 ]
then
NNN=$(systemctl is-active nfs-server)
if [ "$NNN" == "active" ]
then
echo "nfs start successful"
else
echo "nfs start error"
fi
else
echo "nfs start error"
fi
###nfs kehu
showmount -e 172.25.250.104 &> /dev/null
if [ $? -eq 0 ]
then
echo "mount to 104 success"
else
echo "mount to 104 error"
fi
###make file
mkdir /var/www/html/bbs &> /dev/null
ls /var/www/html/bbs &> /dev/null
if [ $? -eq 0 ]
then
echo "The file make success"
else
echo "The file make error"
fi
###mount /bbs
ummount /var/www/html/bbs/ &> /dev/null
mount 172.25.250.104:/bbs /var/www/html/bbs &> /dev/null
echo "172.25.250.104:/bbs /var/www/html/bbs nfs defaults 0 0" >> /etc/fstab
mount -a
dnf install autofs -y &> /dev/null
if [ $? -eq 0 ]
then
rpm -qa | grep autofs &> /dev/null
if [ $? -eq 0 ]
then
echo "The autofs install successful"
else
echo "The autofs install successful"
fi
else
echo "The autofs install error"
fi
echo "/nfs /etc/auto.nfs" >> /etc/auto.master
echo "upload 172.25.250.104:/nfs/upload" >> /etc/auto.nfs
systemctl restart autofs
if [ $? -eq 0 ]
then
echo "Automatic mounting successful"
else
echo "Automatic mounting failed"
fi
###install nginx-service
dnf install nginx -y &> /dev/null
if [ $? -eq 0 ]
then
rpm -qa | grep nginx &> /dev/null
if [ $? -eq 0 ]
then
echo "nginx-service install successful"
else
echo "nginx-service install error"
fi
else
echo "nginx-service install error"
fi
###start nginx-service
systemctl start nginx &> /dev/null
if [ $? -eq 0 ]
then
NGINX=$(systemctl is-active nginx)
if [ $NGINX == "active" ]
then
echo "The nginx-service start successful"
else
echo "The nginx-service start error"
fi
else
echo "The nginx-service start error"
fi
systemctl enable nginx &> /dev/null
cat > /etc/nginx/conf.d/bbs.conf << EOF
server {
listen 80;
server_name bbs.exam.com; # 替换为你的域名
root /var/www/html/bbs; # Discuz源码目录
index index.php index.html index.htm;
location / {
try_files \$uri \$uri/ /index.php?\$args;
}
location ~ \.php$ {
fastcgi_pass unix:/run/php-fpm/www.sock; # 根据PHP版本和配置调整
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;
include fastcgi_params;
}
location ~ /\.ht {
deny all;
}
}
EOF
cat > /etc/hosts << EOF
172.25.250.106 bbs.exam.com
EOF
if [ $? -eq 0 ]
then
echo "configuration file successful"
else
echo "configuration file error"
fi
##selinux
setsebool -P httpd_use_nfs 1 &> /dev/null
if [ $? -eq 0 ]
then
echo "SELinux boolean httpd_use_nfs set successfully."
else
echo "Failed to set SELinux boolean httpd_use_nfs."
exit 1
fi
setsebool -P httpd_can_network_connect_db 1 &> /dev/null
if [ $? -eq 0 ]
then
echo "SELinux boolean httpd_can_network_connect_db set successfully."
else
echo "Failed to set SELinux boolean httpd_can_network_connect_db."
exit 1
fi
#restart nginx-service
systemctl restart nginx
if [ $? -eq 0 ]
then
echo "nginx-service restart successful"
else
echo "nginx-service restart error"
fi
cd /var/www/html/bbs
rm -rf *
echo bbs.exam.com > /var/www/html/bbs/index.html
cp /root/Discuz_X3.5_SC_UTF8_20230520.zip /var/www/html/bbs
if [ $? -eq 0 ]
then
echo "Discuz 复制完成"
else
echo "Discuz 复制失败"
fi
unzip Discuz_X3.5_SC_UTF8_20230520.zip &> /dev/null
if [ $? -eq 0 ]
then
echo "Discuz 解压缩完成"
else
echo "Discuz 解压缩失败"
fi
cd upload/
chmod -R 777 data/ uc_client/ uc_server/ config/
if [ $? -eq 0 ]
then
echo "chmod success"
else
echo "chmod error"
fi
echo "论坛搭建完成"
ALLEOF
测试:
1、测试nginx服务器
[root@servera ~]# curl content.exam.com
Hello welcome to www.exam.com
[root@servera ~]# curl nfs.exam.com
Hello welcome to www.exam.com
[root@servera ~]# curl www.exam.com
Hello welcome to www.exam.com
[root@servera ~]# curl mysql.exam.com
Hello welcome to www.exam.com
[root@servera ~]# curl ntp.exam.com
Hello welcome to www.exam.com
[root@servera ~]# curl dns.exam.com
Hello welcome to www.exam.com
[root@servera ~]# curl bbs.exam.com
bbs.exam.com
[root@servera ~]#
2、测试DNS
[root@servera ~]# dig -t A nfs.exam.com
; <<>> DiG 9.16.23-RH <<>> -t A nfs.exam.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62154
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 1dcc8e8c50695439010000006790a02e5dae0a26120eda6c (good)
;; QUESTION SECTION:
;nfs.exam.com. IN A
;; ANSWER SECTION:
nfs.exam.com. 86400 IN A 172.25.250.104
;; ANSWER SECTION:
nfs.exam.com. 86400 IN A 172.25.250.104
[root@servera ~]# dig -t A mysql.exam.com
; <<>> DiG 9.16.23-RH <<>> -t A mysql.exam.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59829
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: c30383f28f2e6f4f010000006790a0330f295d2b5e6918b2 (good)
;; QUESTION SECTION:
;mysql.exam.com. IN A
;; ANSWER SECTION:
mysql.exam.com. 86400 IN A 172.25.250.103
;; Query time: 0 msec
;; SERVER: 172.25.250.105#53(172.25.250.105)
;; WHEN: Wed Jan 22 15:37:23 CST 2025
;; MSG SIZE rcvd: 87
[root@servera ~]# dig -t A bbs.exam.com
; <<>> DiG 9.16.23-RH <<>> -t A bbs.exam.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36886
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 0f8c821cf1edf50c010000006790a037c851c17e1e1bb6ba (good)
;; QUESTION SECTION:
;bbs.exam.com. IN A
;; ANSWER SECTION:
bbs.exam.com. 86400 IN A 172.25.250.106
;; Query time: 1 msec
;; SERVER: 172.25.250.105#53(172.25.250.105)
;; WHEN: Wed Jan 22 15:37:27 CST 2025
;; MSG SIZE rcvd: 85
[root@servera ~]# dig -t A ntp.exam.com
; <<>> DiG 9.16.23-RH <<>> -t A ntp.exam.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48299
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: f26fa30eebf3cff4010000006790a03d894fe5377b83fe68 (good)
;; QUESTION SECTION:
;ntp.exam.com. IN A
;; ANSWER SECTION:
ntp.exam.com. 86400 IN A 172.25.250.102
;; Query time: 1 msec
;; SERVER: 172.25.250.105#53(172.25.250.105)
;; WHEN: Wed Jan 22 15:37:33 CST 2025
;; MSG SIZE rcvd: 85
[root@servera ~]# dig -t A dns.exam.com
; <<>> DiG 9.16.23-RH <<>> -t A dns.exam.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22729
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 6d7ef8a84259a22f010000006790a04c21bf041d6a473c98 (good)
;; QUESTION SECTION:
;dns.exam.com. IN A
;; ANSWER SECTION:
dns.exam.com. 86400 IN A 172.25.250.105
;; Query time: 0 msec
;; SERVER: 172.25.250.105#53(172.25.250.105)
;; WHEN: Wed Jan 22 15:37:48 CST 2025
;; MSG SIZE rcvd: 85
[root@servera ~]# dig -t A content.exam.com
; <<>> DiG 9.16.23-RH <<>> -t A content.exam.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19870
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 7f72a45ddc4a051f010000006790a05327d7ac17625ce4fe (good)
;; QUESTION SECTION:
;content.exam.com. IN A
;; ANSWER SECTION:
content.exam.com. 86400 IN A 172.25.250.101
;; Query time: 1 msec
;; SERVER: 172.25.250.105#53(172.25.250.105)
;; WHEN: Wed Jan 22 15:37:55 CST 2025
;; MSG SIZE rcvd: 89
3、测试NTP时间服务器
[root@servera ~]# chronyc sources
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^? ntp.exam.com 0 7 377 - +0ns[ +0ns] +/- 0ns
[root@servera ~]#
[root@serverb ~]# chronyc sources
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* ntp.exam.com 3 6 377 23 +6923ns[ +840ns] +/- 321us
[root@serverb ~]#
4、Discuz论坛测试
成功搭建论坛!!!
总结:
实验要求需要看清楚,每个主机上对应的服务,注意进行实验前应当先配置好公钥互信,注意nginx的配置文件,特别是/etc/nginx/nginx.conf。创建MySQL数据库的时候,注意要允许root用户远程登录数据库,否则到最后一步安装论坛会失败。这里的Discuz论坛是基于nginx搭建的所以在172.25.250.106上应配置nginx而不是httpd,所以主机106上的nginx的配置文件有所不同,详情请看上面的代码部分。
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
