网站首页 > 技术文章 正文
题目要求:在 desktop0 上挂载来自于 server0 的 NFS 共享
- l /public 挂载在目录 /mnt/nfsmount 上
- l /protected 挂载在目录 /mnt/nfssecure,并使用安全的方式,秘钥在 http://classroom.example.com/pub/keytabs/desktop0.keytab
- l 用户 ldapuser1 能在 /mnt/nfssecure/project 上创建文件
- l 这些文件系统在系统启动时自动挂载
知识点小贴士:
NFS是Network File System的缩写,即网络文件系统。一种使用于分散式文件协定,功能是通过网络让不同的机器、不同的操作系统能够分享个人数据,让应用程序通过网络可以访问位于服务器磁盘中的数据。
NFS在文件传送或信息传送的过过程中,依赖于RPC协议。RPC,远程过程调用(Remote Procedure Call),是使客户端能够执行其他系统中程序的一种机制。NFS本身是没有提供信息传输的协议和功能的,但NFS却能让我们通过网络进行资料的分享,就是因为NFS使用了RPC提供的传输协议,可以说NFS就是使用PRC的一个程序。
解题步骤:
(1)根据题意,创建对应的目录:
[root@desktop0 ~]# mkdir /mnt/nfsmount
[root@desktop0 ~]# mkdir /mnt/nfssecure(2)安装必要的软件服务包:
[root@desktop0 ~]# yum install -y krb5-workstation
Loaded plugins: langpacks
Package krb5-workstation-1.11.3-49.el7.x86_64 already installed and latest version
Nothing to do(3)下载对应的证书:
[root@desktop0 ~]# wget -O /etc/krb5.keytab http://classroom.example.com/pub/keytabs/desktop0.keytab
--2020-03-26 03:02:35-- http://classroom.example.com/pub/keytabs/desktop0.keytab
Resolving classroom.example.com (classroom.example.com)... 172.25.254.254
Connecting to classroom.example.com (classroom.example.com)|172.25.254.254|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1258 (1.2K)
Saving to: ‘/etc/krb5.keytab’
100%[========================>] 1,258 --.-K/s in 0s
2020-03-26 03:02:35 (91.7 MB/s) - ‘/etc/krb5.keytab’ saved [1258/1258]
[root@desktop0 ~]# klist -k
Keytab name: FILE:/etc/krb5.keytab
KVNO Principal
---- --------------------------------------------------------------------------
2 host/desktop0.example.com@EXAMPLE.COM
2 host/desktop0.example.com@EXAMPLE.COM
2 host/desktop0.example.com@EXAMPLE.COM
2 host/desktop0.example.com@EXAMPLE.COM
2 host/desktop0.example.com@EXAMPLE.COM
2 host/desktop0.example.com@EXAMPLE.COM
2 host/desktop0.example.com@EXAMPLE.COM
2 host/desktop0.example.com@EXAMPLE.COM
2 nfs/desktop0.example.com@EXAMPLE.COM
2 nfs/desktop0.example.com@EXAMPLE.COM
2 nfs/desktop0.example.com@EXAMPLE.COM
2 nfs/desktop0.example.com@EXAMPLE.COM
2 nfs/desktop0.example.com@EXAMPLE.COM
2 nfs/desktop0.example.com@EXAMPLE.COM
2 nfs/desktop0.example.com@EXAMPLE.COM
2 nfs/desktop0.example.com@EXAMPLE.COM(4)设置相关系统服务:
[root@desktop0 ~]# systemctl enable nfs-secure
ln -s '/usr/lib/systemd/system/nfs-secure.service' '/etc/systemd/system/nfs.target.wants/nfs-secure.service'
[root@desktop0 ~]# systemctl start nfs-secure
[root@desktop0 ~]# systemctl status nfs-secure
nfs-secure.service - Secure NFS
Loaded: loaded (/usr/lib/systemd/system/nfs-secure.service; enabled)
Active: active (running) since Thu 2020-03-26 03:04:18 CST; 9s ago
Process: 2843 ExecStart=/usr/sbin/rpc.gssd $RPCGSSDARGS (code=exited, status=0/SUCCESS)
Main PID: 2844 (rpc.gssd)
CGroup: /system.slice/nfs-secure.service
└─2844 /usr/sbin/rpc.gssd
Mar 26 03:04:18 desktop0.example.com systemd[1]: Started Secure...
Hint: Some lines were ellipsized, use -l to show in full.
[root@desktop0 ~]#(5)挂载设置,在/etc/fstab文件中增加如下内容:
[root@desktop0 ~]# vim /etc/fstab
server0.example.com:/public /mnt/nfsmount nfs sec=sys 0 0
server0.example.com:/protected /mnt/nfssecure nfs sec=krb5p,v4.2 0 0注释:sec=krb5p,v4.2 中的v4.2是为了避免复杂的SeLinux设置问题
(6)在server0上修改nfs配置文件:
[root@server0 ~]# vim /etc/sysconfig/nfs
[root@server0 ~]# systemctl restart nfs-secure-server.service
[root@server0 ~]# systemctl restart nfs-server.service(7)对ldapuser1进行身份验证:
[root@desktop0 ~]#
[root@desktop0 ~]# su - ldapuser1
Creating home directory for ldapuser1.
[ldapuser1@desktop0 ~]$ kinit
Password for ldapuser1@EXAMPLE.COM:
[ldapuser1@desktop0 ~]$ logout(8)验证挂载:
[root@desktop0 ~]# mount -a
[root@desktop0 ~]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/vda1 10G 3.1G 7.0G 31% /
devtmpfs 906M 0 906M 0% /dev
tmpfs 921M 0 921M 0% /dev/shm
tmpfs 921M 17M 904M 2% /run
tmpfs 921M 0 921M 0% /sys/fs/cgroup
//server0.example.com/devops 10G 3.1G 7.0G 31% /mnt/dev
server0.example.com:/protected 10G 3.1G 7.0G 31% /mnt/nfssecure
server0.example.com:/public 10G 3.1G 7.0G 31% /mnt/nfsmount(9)ldapuser1验证:
[root@desktop0 ~]# su - ldapuser1
Last login: Thu Mar 26 03:10:00 CST 2020 on pts/0
[ldapuser1@desktop0 ~]$ cd /mnt/nfssecure/project/
[ldapuser1@desktop0 project]$ touch test
[ldapuser1@desktop0 project]$ ll
total 0
-rw-rw-r--. 1 ldapuser1 ldapuser1 0 Mar 26 03:14 test
猜你喜欢
- 2024-09-24 Centos7部署NFS服务
- 2024-09-24 Centos7部署NFS
- 2024-09-24 使用promptulate框架&百度大模型 V4探究AI agent模式
- 2024-09-24 将WalletConnect集成到Vue.js DApps中
- 2024-09-24 SkyWalking链路追踪集成服务
- 2024-09-24 NFS共享文件服务器搭建
- 2024-09-24 关于Linux中控制群组cgroup(资源管理)的一些笔记
- 2024-09-24 【RHCSA考试】EX200试题操作及详解系列(下)
- 2024-09-24 EFK 日志系统收集K8s日志 (一)
- 2024-09-24 基于Centos6.5搭建NFS服务与简单配置
欢迎 你 发表评论:
- 最近发表
- 标签列表
-
- oraclesql优化 (66)
- 类的加载机制 (75)
- feignclient (62)
- 一致性hash算法 (71)
- dockfile (66)
- 锁机制 (57)
- javaresponse (60)
- 查看hive版本 (59)
- phpworkerman (57)
- spark算子 (58)
- vue双向绑定的原理 (68)
- springbootget请求 (58)
- docker网络三种模式 (67)
- spring控制反转 (71)
- data:image/jpeg (69)
- base64 (69)
- java分页 (64)
- kibanadocker (60)
- qabstracttablemodel (62)
- java生成pdf文件 (69)
- deletelater (62)
- com.aspose.words (58)
- android.mk (62)
- qopengl (73)
- epoch_millis (61)
本文暂时没有评论,来添加一个吧(●'◡'●)