Linux Cloud Automation Operation Nineth Lesson

First Unit Automatic InstallationRED HAT ENTERPRISE LINUX

First, Kickstart Overview

1. Using kickstart, the system administrator can create a file that contains answers to all common problems during installation to automatically install red Hat Enterprise Linux

2.Kickstart is similar to an unattended installation of Jumpstart or Microsoft Windows in Oracle Solaris

Second, Kickstart Production Tool Installation

1. Packages

#system-config-kickstart

2. Installation

#yum Install System-config-kickstart

Eg:[[email protected] mnt]$ ssh [email protected]-X

[email protected] ' s password:

Last Login:fri Mar to 21:25:25 from foundation42.ilt.example.com

[email protected] ~]# Yum install system-config-kickstart-y

Iii. Creating a Kickstart file

1. Using the System-config-kickstart tool

2. Using a text editor

#模板:/root/anaconda-ks.cfg

#编辑完成后使用ksvalidator命令校验正确性

Eg:[[email protected] ~]# System-config-kickstart

/usr/share/system-config-kickstart/kickstartgui.py:104:gtkwarning:gtkspinbutton:setting an adjustment with Non-zero page size is deprecated

XML = Gtk.glade.XML ("/usr/share/system-config-kickstart/system-config-kickstart.glade", domain= " System-config-kickstart ")

/usr/lib/python2.7/site-packages/scdate/core/zonetab.py:241:runtimewarning:untranslated Time zone:antarctica/ Troll

Entry = zonetabentry (code, LAT, long, TZ, comments)

/usr/lib/python2.7/site-packages/scdate/core/zonetab.py:241:runtimewarning:untranslated Time zone:europe/ Busingen

Entry = zonetabentry (code, LAT, long, TZ, comments)

/usr/lib/python2.7/site-packages/scdate/core/zonetab.py:241:runtimewarning:untranslated Time Zone:asia/khandyga

Entry = zonetabentry (code, LAT, long, TZ, comments)

/usr/lib/python2.7/site-packages/scdate/core/zonetab.py:241:runtimewarning:untranslated Time Zone:asia/ust-nera

Entry = zonetabentry (code, LAT, long, TZ, comments)

loaded plugins:langpacks

[Email protected] ~]# vim/mnt/kss.cfg

[Email protected] ~]# cd/mnt/

[[email protected] mnt]# ls

file1 file2 file3 ks.cfg kss.cfg mailbackup

[Email protected] mnt]# Ksvalidator kss.cfg

[email protected] mnt]# Yum install httpd-y

loaded plugins:langpacks

Package httpd-2.4.6-17.el7.x86_64 is installed and is the latest version

No processing required

[Email protected] mnt]# Systemctl stop Firewalld.service

[Email protected] mnt]# systemctl start httpd

[[email protected] mnt]# ls

file1 file2 file3 ks.cfg kss.cfg mailbackup

[email protected] mnt]# CP kss.cfg/var/www/html/

[Email protected] mnt]# cd/var/www/html/

[[email protected] html]# ls

Ks.cfg kss.cfg

Iv. Selection of details

–basic Configuration------------Basic information settings

–installation Method------------Installation mode selection

–boot Loader options------------bootstrapper option

Partition strategy of –partition information------------

–authentication------------Authentication Encryption method

–firewall Configuration Information------------Firewall

–display configuration------------Graphical interface selection

–package Selection------------Package selection

–pre-installation------------Execute scripts before installation

–post-installation------------post-installation script execution

Five, Kickstart file parameter parsing

1.%end End of------purpose

2.%packages------Installation Package

3.%pre------Execute Scripts before installation

4.%post------Post-installation script execution

5.url------Installation Source path via

6.repo Yum------Source Address

7.text------Text Installation

8.VNC------When installing VNC

9.Askmethod------Interactive Mode

10.clearpart------Delete a partition

11.part------Partitioning Policy

12.ignoredisk------Skip Disk

13.bootloader------Boot Program settings

14.volgroup-------LVM Group settings

15.logvol------LVM Settings

16.ZEROMBR------Empty MBR

17.network------Network Settings

18.firewall------Firewall Settings

19.lang------Language Settings

20.keyboard------Keyboard Settings

21.timezone------Time zone setting

22.auth------Authentication Method selection

23.ROOTPW------Root Password

24.selinux------SELinux Settings

25.services------Boot Service

26.group, user------users to build

27.logging------Setup Log Settings

28.firstboot------First start setting

29.reboot, Poweroff, halt------installation Complete action

Eg:vim/mnt/kss.cfg

#%packages

# @base

#lftp

#%end

Vi. providing kickstart files for the installation program

1. Network server: FTP, HTTP, and NFS

2.DHCP/TFTP Server

3.USB disk or CD-ROM

4. Local Disk

Seven, create the boot media

1. Installation disk

2.PXE

3.boot.iso

Viii. making the Setup program point to the kickstart file

1.ks=http://server/dir/file

2.ks=ftp://server/dir/file

3.ks=nfs:server:/dir/file

4.ks=hd:device:/dir/file

5.ks=cdrom:/dir/file

Unit II controlling access to a file

One, the permission list reads

[[email protected] desktop]# Getfacl file

# file:file # # #文件名称

# owner:root # # #文件所有人

# group:root # # #文件所有组

user::rw-# # #用户权限

USER:STUDENT:RWX # # #特殊指派student用户及读写执行权限

group::r--# # #组权限

MASK::RWX # # #可指派最大权限

other::r--# # #其他人权限

ii.setfacl ACL for setting or modifying files

1.setfacl-m u:bob:rw filename # # # #授予用户bob读写权限

2.setfacl-m g:westos:rw filename # # # #授予组westos读写权限

3.setfacl-m g:redhat:r filename # # # #授予组redhat读的权限

4.setfacl-x u:bob filename # # # #删除用户bob的ACL权限

5.setfacl-m o::-filename # # # #修改其他所有人的权限为空

Eg:[[email protected] desktop]# setfacl-m U:BOB:RW file

[Email protected] desktop]# setfacl-m G:WESTOS:RW file

[Email protected] desktop]# setfacl-m g:redhat:r file

[[email protected] desktop]# Getfacl file

# file:file # # #文件名称file

# owner:root # # #文件所有人root

# group:root # # #文件所有组root

user::rw-# # #所有人权限读写

USER:STUDENT:RWX # # #特殊指派student用户及读写执行权限

user:bob:rw-# # #特殊指派bob用户及读写权限

group::r--# # #所有组权限读

group:westos:rw-# # #特殊指派westos组及读写权限

group:redhat:r--# # #特殊指派redhat组及读权限

MASK::RWX # # #可指派最大权限读写执行

other::r--# # #其他人权限读

[Email protected] desktop]# setfacl-x u:bob File # # # #删除bob用户的ACL权限

[[email protected] desktop]# Getfacl file

# File:file

# Owner:root

# Group:root

user::rw-

User:student:rwx

group::r--

group:westos:rw-

group:redhat:r--

Mask::rwx

other::r--

[Email protected] desktop]# setfacl-m o::-File # # # #修改其他人权限为空

[[email protected] desktop]# Getfacl file

# File:file

# Owner:root

# Group:root

user::rw-

User:student:rwx

group::r--

group:westos:rw-

group:redhat:r--

Mask::rwx

Other::---

Third, ACL Mask and inheritance

1. A file with an ACL has a "mask" that can limit the maximum permissions for the group that owns the file, and has the ability to limit the maximum permissions that the supplemental users and groups in the ACL have

#setfacl-M m:rwx file

2. The directory can have a "default ACL" entry, which automatically sets these entries for new files created in the directory, similar to the Setgid permissions method (when targeting a directory) so that new files created in that directory are owned by the group that owns the directory

#setfacl-M D:U:BOB:RW Directory

Iv. Loading of device permissions list

1. After mounting the file system, support for POSIX ACL entries must be enabled

2. The installer configures all the Ext4 file systems it creates to automatically enable ACL support

#tune2fs-L/dev/sda1 |grep "Default Mount"

Default Mount Options:

User_xattr ACL

3. If you manually format the file system, you need to mount the system using the ACL mount option

#tune2fs-O user_xattr,acl/dev/sda1

Eg:[[email protected] lianxi]# ll file

-rw-r--r--. 1 root root 0 Apr 1 01:43 file

[Email protected] lianxi]# setfacl-m u:student:rw File # # # #授予用户student读写权限

[email protected] lianxi]# ll file

-rw-rw-r--+ 1 root root 0 Apr 1 01:43 file

[[email protected] lianxi]# Getfacl file

# File:file

# Owner:root

# Group:root

user::rw-

user:student:rw-

group::r--

mask::rw-

other::r--

[Email protected] lianxi]# su-student

Last Login: Sat APR 1 01:41:49 EDT on 2017pts/0

[Email protected] ~]$ echo www>/lianxi/file # # #student用户可写

[Email protected] ~]$ Cat/lianxi/file # # #student用户可读

Www

[[Email protected] ~]$ exit

Logout

[Email protected] lianxi]# setfacl-m g:kiosk:rw File # # # #授予组kiosk读写权限

[[email protected] lianxi]# Getfacl file

# File:file

# Owner:root

# Group:root

user::rw-

user:student:rw-

group::r--

group:kiosk:rw-

mask::rw-

other::r--

[Email protected] lianxi]# Su-kiosk

[[email protected] ~]$ echo AAA >>/lianxi/file # # #kiosk组用户可写

[Email protected] ~]$ Cat/lianxi/file # # #kiosk用户可读

Www

Aaa

[[Email protected] ~]$ exit

Logout

[Email protected] lianxi]# setfacl-x u:student File # # # #删除student用户权限

[Email protected] lianxi]# setfacl-x g:kiosk File # # # #删除kiosk组用户权限

[[email protected] lianxi]# Getfacl file

# File:file

# Owner:root

# Group:root

user::rw-

group::r--

mask::r--

other::r--

[email protected] lianxi]# ll file

-rw-r--r--+ 1 root root 8 Apr 1 01:46 file

[[email protected] lianxi]# setfacl-b File # # # #删除file文件附加权限

[email protected] lianxi]# ll file

-rw-r--r--. 1 root root 8 Apr 1 01:46 file

unit9-Job

1. Create a new user and meet the following conditions

1) Asasin, uid=2000

2) Sareo, uid=2001

3) All two users belong to the Deho group

4) These two users have a password of westos0oll

5) New User Taromati

6) This user is a system user with no interactive shell

Eg:[[email protected] ~]# groupadd Deho

[Email protected] ~]# useradd-g deho-u asasin

[Email protected] ~]# useradd-g deho-u 2001 Sareo

[Email protected] ~]# echo westos0oll | passwd--stdin Asasin

Changing password for user asasin.

Passwd:all authentication tokens updated successfully.

[Email protected] ~]# echo westos0oll | passwd--stdin Sareo

Changing password for user Sareo.

Passwd:all authentication tokens updated successfully.

[Email protected] ~]# Useradd Taromati

[Email protected] ~]# usermod-s "" Taromati

[Email protected] ~]# tail-n 3/etc/passwd

Asasin:x:2000:1004::/home/asasin:/bin/bash

Sareo:x:2001:1004::/home/sareo:/bin/bash

Taromati:x:2002:2002::/home/taromati:

2. Create a new file/public and meet the following conditions

1) All users can create files in this directory

2) files created in this directory by anyone except Sareo users are automatically attributed to the Deho group

3) Sareo cannot do anything to create all new files in this directory

4) Anyone in this directory can only delete files belonging to their own

Eg:[[email protected] ~]# mkdir/public

[[Email protected] ~]# CD/

[[email protected]/]# ls

Bin Dev Home lib64 mnt proc root sbin sys usr

Boot etc Lib media opt public run SRV tmp var

[Email protected]/]# chmod 3777/public

[Email protected]/]# chgrp deho/public

[Email protected]/]# Getfacl/public

Getfacl:removing leading '/' from absolute path names

# File:public

# Owner:root

# Group:deho

# Flags:-st

User::rwx

Group::rwx

Other::rwx

[Email protected]/]# setfacl-m u:sareo:-/public

[Email protected]/]# Getfacl/public

Getfacl:removing leading '/' from absolute path names

# File:public

# Owner:root

# Group:deho

# Flags:-st

User::rwx

User:sareo:---

Group::rwx

Mask::rwx

Other::rwx

Default:user::rwx

Default:group::rwx

Default:mask::rwx

Default:other::rwx

[Email protected]/]# Su-sareo

Last Login:tue APR 4 22:21:46 EDT on pts/0

[Email protected] ~]$ Cd/public

-BASH:CD:/public:permission denied

Linux Cloud Automation Operation Nineth Lesson