4 网络服务-DHCP
可实现批量安装系统
1 概念
应用层,局域网网络协议
UDP不可靠传输协议,在局域网中
2 工作原理
注意:
1)若客户机无法找到DHCP服务器,则TCP/IP的B类网段169.254.0.0/10中挑选一个,临时使用,继续每个5min尝试与dhcp服务器通讯
2)客户端有冲突检测(arp解析)
3 DHCP服务搭建
1)环境
(至少两台机器,仅主机模式)
关防火墙、关selinux、关VMware软件中的dhcp
2)DHCP相关信息
软件名:
dhcp(dhcp服务软件包)
dhcp-common(dhcp命令软件包,默认存在)
端口号:
udp 67 #客户端访问端口
udp 68 #客户端源端口,接收服务器恢复的数据包
配置文件:
/etc/dhcp/dhcpd.conf #默认为空、需找模板文件重新生成
/usr/share/doc/dhcp-4.2.5/dhcpd.conf.example #dhcp模板配置文件
[root@localhost ~]# grep -A9 "subnet 10.5.5.0 netmask" /usr/share/doc/dhcp-4.2.5/dhcpd.conf.example
subnet 10.5.5.0 netmask 255.255.255.224 { #声明分配的网段和子网掩码
range 10.5.5.26 10.5.5.30; #声明可用IP地址池
option domain-name-servers ns1.internal.example.org; #设置DNS地址
option domain-name "internal.example.org"; #设置DNS域
option routers 10.5.5.1; #默认网关地址
option broadcast-address 10.5.5.31; #广播地址(可不写)
default-lease-time 600; #默认租约(秒)10min
max-lease-time 7200; #最大租约(秒)2h
}
3)实验
实验一:搭建dhcp服务器
客户端
改网卡为dhcp自动获取ip、ifdown关闭网卡,等待dhcp服务端配置成功再 ifup开启网卡
dhcp服务端
yum安装dhcp
利用dhcp模板配置文件生成 /etc/dhcp/dhcpd.conf 并修改配置文件,删除全局配置,仅设置局部配置
重启服务、检查端口、查看日志
[root@localhost dhcp]# cp -a /usr/share/doc/dhcp-4.2.5/dhcpd.conf.example ./dhcpd.conf #根据dhcp模板文件生成配置文件
cp:是否覆盖"./dhcpd.conf"? y
[root@localhost dhcp]#
[root@localhost dhcp]# vim ./dhcpd.conf #编辑配置文件
[root@localhost dhcp]# grep -A7 "subnet 192.168.18.0 netmask 255.255.255.0" ./dhcpd.conf
subnet 192.168.18.0 netmask 255.255.255.0 {
range 192.168.18.220 192.168.18.249;
option domain-name-servers 114.114.114.114,8.8.8.8;
option routers 192.168.18.2;
default-lease-time 600;
max-lease-time
[root@localhost dhcp]# systemctl restart dhcpd #重启服务
[root@localhost dhcp]# netstat -tlunp |grep dhcpd #检查端口
udp 0 0 0.0.0.0:67 0.0.0.0:* 38384/dhcpd
客户端ifup启用网卡配置,服务端检查日志,验证dhcp租约过程:
实验二:保留地址池(固定地址分配)
服务端
1) 获取客户端mac地址
arp -a #查看客户机mac地址
2) 修改/etc/dhcp/dhcpd.conf文件
[root@localhost ~]# vim /etc/dhcp/dhcpd.conf #修改配置文件,以mac地址固定IP地址分配
[root@localhost ~]#
[root@localhost ~]# grep -a3 "hardware" /etc/dhcp/dhcpd.conf
# will still come from the host declaration.
host passacaglia {
hardware ethernet 0:0:c0:5d:bd:95;
filename "vmunix.passacaglia";
server-name "toccata.fugue.com";
}
--
# to which a BOOTP client is connected which has the dynamic-bootp flag
# set.
host VIP {
hardware ethernet 00:0C:29:DB:40:2C;
fixed-address 192.168.18.222;
}
[root@localhost ~]# systemctl restart dhcpd #重启服务时配置文件生效
服务端检查日志、客户端重启网卡验证
实验三:单臂路由
注意:(一个接口实现不同网段客户端通信)
给路由的一个端口设置两个不同网段的IP地址
步骤:
前提:都为vmnat8,在vmnat8中添加88、99网段
客户端1 ens33 192.168.88.110
路由端 ens33 192.168.88.120
ens33:0 192.168.99.120
打开路由转化开关:
/etc/sysctl.conf 中添加 net.ipv4.ip_forward=1
sysctl -p #是配置生效
客户端2 ens33 192.168.99.130
实验四:DHCP中继
服务器和IP地址规划
7-1 DHCP服务器
vmnat10 ens33 192.168.10.110
部署dhcp服务,并添加三个地址池,并分配IP地址、子网掩码、网关、DNS
7-2 DHCP中继器&路由器
vmnat10 ens33 192.168.10.120
vmnat11 ens36 192.168.11.120
vmnat12 ens37 192.168.12.120
a 开启路由转发功能:
[root@localhost ~]# vim /etc/sysctl.conf
net.ipv4.ip_forward=1
[root@localhost ~]# sysctl -p
b 部署中继服务,完成广播请求转发
yum安装dhcp(其中有dhcrelay)
dhcrelay IP #配置中继服务地址转发
7-3 测试机一
vmnat11 ens33 dhcp
7-4 测试机二
vmnat12 ens33 dhcp
#7-1
[root@localhost dhcp]# cp -a /usr/share/doc/dhcp-4.2.5/dhcpd.conf.example ./dhcpd.conf
cp:是否覆盖"./dhcpd.conf"? y
[root@localhost dhcp]# vim ./dhcpd.conf
[root@localhost dhcp]# grep -A7 "subnet 192.168." ./dhcpd.conf
subnet 192.168.10.0 netmask 255.255.255.0 {
range 192.168.10.200 192.168.10.249;
option domain-name-servers 114.114.114.114,8.8.8.8;
option routers 192.168.10.120;
default-lease-time 600;
max-lease-time 7200;
}
subnet 192.168.11.0 netmask 255.255.255.0 {
range 192.168.11.200 192.168.11.249;
option domain-name-servers 114.114.114.114,8.8.8.8;
option routers 192.168.11.120;
default-lease-time 600;
max-lease-time 7200;
}
subnet 192.168.12.0 netmask 255.255.255.0 {
range 192.168.12.200 192.168.12.249;
option domain-name-servers 114.114.114.114,8.8.8.8;
option routers 192.168.12.120;
default-lease-time 600;
max-lease-time 7200;
}
# Hosts which require special configuration options can be listed in
[root@localhost dhcp]# systemctl restart dhcpd
#7-2
[root@localhost ~]# vim /etc/sysctl.conf
[root@localhost ~]# tail -n1 /etc/sysctl.conf
net.ipv4.ip_forward=1
[root@localhost ~]# sysctl -p
net.ipv4.ip_forward = 1
[root@localhost ~]# dhc
dhclient dhclient-script dhcpd dhcrelay
[root@localhost ~]# dhcrelay 192.168.10.110
Dropped all unnecessary capabilities.
Internet Systems Consortium DHCP Relay Agent 4.2.5
Copyright 2004-2013 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
Listening on LPF/ens37/00:0c:29:9e:ee:c9
Sending on LPF/ens37/00:0c:29:9e:ee:c9
Listening on LPF/ens36/00:0c:29:9e:ee:bf
Sending on LPF/ens36/00:0c:29:9e:ee:bf
Listening on LPF/ens33/00:0c:29:9e:ee:b5
Sending on LPF/ens33/00:0c:29:9e:ee:b5
Sending on Socket/fallback
[root@localhost ~]#
#7-3打开网卡验证,同时打开7-1的日志查看
#7-4打开网卡验证,同时打开7-1的日志查看
4 脚本
1)查询某字符串存在的文件位置
1.过滤出普通文件
2.过滤出普通文件的“text”类型文件
3.再通过过滤出的文件,用关键字查找
2)自动生成随机密码
#!/bin/bash
grub2-mkpasswd-pbkdf2
read -p "请复制上面生成的字符串以便生成随机密码:" aa0
read -p "请输入要创建的用户数量:" aa1
read -p "请输入创建用户的名称:" aa2
#read -p "请输入创建用户的默认密码:" aa3
if [ -n "$aa0" -a -n "$aa1" -a -n "$aa2" ];then
y=$(echo "$aa1" | sed 's/[0-9]//g')
if [ -n "$y"];then
for ((i=1;i<="$aa1";i=i+1))
do
useradd $aa2$i > /dev/null
aa3=$(echo "$aa0" |cut -c $i,$(($i+1)),$(($i+2)),$(($i+3)),$(($i+4)),$(($i+5)))
echo "$aa3" |passwd --stdin $aa2$i
echo -e "$aa2$i\t的密码是:\t$aa3" >> /root/passwd.txt
done
else
echo "用户数量请输入数字。"
fi
else
echo "您的输入有误。"
fi