当前位置: 代码迷 >> Office >> office服务器装配手记--系统安装配置篇
  详细解决方案

office服务器装配手记--系统安装配置篇

热度:2780   发布时间:2013-02-26 00:00:00.0
office服务器安装手记--系统安装配置篇

主机配置:单个 Intel Xeon E5405 2.0G 四核 CPU,4个500G 希捷SATA II企业服务器硬盘,4G内存。
操作系统:CentOS 5.4

安装方式:CentOS 5.4 raid5软阵列+LVM逻辑卷


一、安装操作系统

安装操作系统时,为方便对操作系统盘进行手工分区,先只接一个硬盘,装好系统后,再接其它三个硬盘。

1、对第一块硬盘进行手动分区

硬盘分区参数:
/boot 100M
swap 4096M
/ 1000M
/usr 3000M
/var 10000M
/opt 4000M
/tmp 5000M
/home 余下空间
?

如果是互联网Web主机,由于访问量太大,因此须修改为:

/boot 100M
swap 8192M 内存的1~2倍
/ 1000M
/usr 3000M
/var 20000M
/opt 4000M
/tmp 20000M
/home 余下空间,可作ftp空间
?

2、选择定制软件安装系统

Base、Development Tools、Network Servers、FTP Server、Windows File Server

互联网Web主机:
Base、Development Tools、Network Servers、FTP Server

3、重启后,选择系统服务

auditd、crond、iptables、irqbalance、lvm2-monitor、mdmonitor、mdmpd、microcode_ctl、network、smartd、smb、sshd、syslog、vsftpd、yum-updatesd

互联网Web主机:
auditd、crond、iptables、irqbalance、lvm2-monitor、mdmonitor、mdmpd、microcode_ctl、network、smartd、sshd、syslog、vsftpd、yum-updatesd


二、系统配置

1、非正常关机的自动磁盘修复配置

 # vi /etc/sysconfig/autofsck

?

写入下面内容:
AUTOFSCK_DEF_CHECK=yes
PROMPT=yes
?

2、取消Ctrl+Alt+Del热键

 # vi /etc/inittab
?

找到:

ca::ctraltdel:/sbin/shutdown -t3 -r now

?

在行首加上#号

3、安全配置

建立常规非特权帐号:

 # useradd hegz # passwd hegz
?

删除不用的用户组及用户:
打入下面的命令删掉下面的用户。

 # userdel adm # userdel lp # userdel sync # userdel shutdown # userdel halt # userdel mail
?

如果你不用sendmail、procmail、mailx服务器,就删除这个帐号。

 # userdel news # userdel uucp # userdel operator # userdel games
?

如果你不用X windows 服务器,就删掉这个帐号。

userdel gopheruserdel ftp
?

如果你不允许匿名FTP,就删掉这个用户帐号。
打入下面的命令删除组帐号

 # groupdel adm # groupdel lp # groupdel mail
?

如不用Sendmail服务器,删除这个组帐号

 # groupdel news # groupdel uucp # groupdel games
?

如你不用X Windows,删除这个组帐号

 # groupdel dip # groupdel pppusers # groupdel popusers
?

如果你不用POP服务器,删除这个组帐号

 # groupdel slipusers
?

用chattr命令给下面的文件加上不可更改属性。

 # chattr +i /etc/passwd # chattr +i /etc/shadow # chattr +i /etc/group # chattr +i /etc/gshadow
?

配置SSHD服务:

 # vi /etc/ssh/sshd_config
?

按下面的参数值进行设置:

ssh配置参数:
Port 5000 # 将ssh连接端口改为5000
ServerKeyBits 1024  # 将ServerKey强度改为1024比特
PermitRootLogin no # 不允许用root进行登录
PasswordAuthentication no  # 不允许密码方式的登录
MaxAuthTries 3   # 最大登录尝试次数为3
RSAAuthentication yes # 允许RSA认证
PubkeyAuthentication yes # 允许公钥认证
AuthorizedKeysFile .ssh/authorized_keys # 保存公钥的认证文件
PermitEmptyPasswords no  # 禁止空密码进行登录
ChallengeResponseAuthentication no # 禁用s/key密码
?

保存并退出vi后,重启sshd服务:

 # service sshd restart
?

生成RSA Key:
??? 用su命令改变身份到要生成Key的帐号:

 # su - hegz
?

???? 执行下面的命令生成RSA Key:

 # /usr/bin/ssh-keygen -b 1024 -t rsa
?

??? 默认在帐号的主目录下面的.ssh目录生成一对Key:

生成的密钥文件:
id_rsa : 私钥,SSH客户端软件需要
id_rsa.pub : 公钥,内容将导入认证文件
?

??? 将公钥导入认证文件:

 # cat .ssh/id_rsa.pub >> .ssh/authorized_keys 
?

?? 更改认证文件的权限:

 # chmod 600  .ssh/authorized_keys 
?

??? 将私钥文件下载到客户端,客户端软件就可以用这个Key通过服务器认证了。
??? 最后将密钥文件复制到安全的地方保存后从服务器上删除。


防火墙配置:

 # cd /etc/rc.d # vi fw.sh
?
防火墙配置:
#! /bin/bash

IPT="/sbin/iptables"


/sbin/modprobe ip_tables
/sbin/modprobe ip_conntrack
/sbin/modprobe iptable_filter
/sbin/modprobe iptable_nat
/sbin/modprobe ipt_limit
/sbin/modprobe ipt_state
/sbin/modprobe ip_conntrack_ftp
/sbin/modprobe ip_nat_ftp
/sbin/modprobe ipt_REJECT

for interface in /proc/sys/net/ipv4/conf/*
do
echo 0 > $interface/accept_source_route
done

echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts

echo 1 >/proc/sys/net/ipv4/tcp_syncookies

# Disable ICMP Redirect Acceptance
for f in /proc/sys/net/ipv4/conf/*/accept_redirects;
do
echo 0 > $f
done

# Don't send Redirect Messages
for f in /proc/sys/net/ipv4/conf/*/send_redirects;
do
echo 0 > $f
done

# Drop Spoofed Packets coming in
for f in /proc/sys/net/ipv4/conf/*/rp_filter;
do
echo 1 > $f
done

# Log packets with impossible addresses
for f in /proc/sys/net/ipv4/conf/*/log_martians;
do
echo 1 > $f
done

# Inital iptables Chains Policy
$IPT -F -t filter
$IPT -P INPUT DROP
$IPT -P OUTPUT ACCEPT

# Deny All Other Connections
$IPT -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

$IPT -A INPUT -p tcp --tcp-flags SYN,ACK SYN,ACK \
-m state --state NEW -j REJECT --reject-with tcp-reset
$IPT -A INPUT -p tcp ! --syn -m state --state NEW -j DROP

# Enable Native Network Transfer
$IPT -A INPUT -i lo -j ACCEPT

# ICMP Control
$IPT -A INPUT -p icmp -m limit --limit 1/s --limit-burst 10 -j ACCEPT

# WWW Service
$IPT -A INPUT -p tcp -s 10.196.60.0/24 --dport 80 -j ACCEPT
$IPT -A INPUT -p tcp -s 10.196.62.0/24 --dport 80 -j ACCEPT
$IPT -A INPUT -p tcp -s 10.196.63.0/24 --dport 80 -j ACCEPT
$IPT -A INPUT -p tcp -s 192.168.8.0/24 --dport 80 -j ACCEPT
$IPT -A INPUT -p tcp -s 192.168.11.0/24 --dport 80 -j ACCEPT

# FTP Service
$IPT -A INPUT -p tcp -s 10.196.60.0/24 --dport 21 -j ACCEPT
$IPT -A INPUT -p tcp -s 10.196.62.0/24 --dport 21 -j ACCEPT
$IPT -A INPUT -p tcp -s 10.196.63.0/24 --dport 21 -j ACCEPT
$IPT -A INPUT -p tcp -s 192.168.8.0/24 --dport 21 -j ACCEPT
$IPT -A INPUT -p tcp -s 192.168.11.0/24 --dport 21 -j ACCEPT

# SMB Service
$IPT -A INPUT -p tcp -s 10.196.60.0/24 --dport 139 -j ACCEPT
$IPT -A INPUT -p tcp -s 10.196.62.0/24 --dport 139 -j ACCEPT
$IPT -A INPUT -p tcp -s 10.196.63.0/24 --dport 139 -j ACCEPT
$IPT -A INPUT -p tcp -s 192.168.8.0/24 --dport 139 -j ACCEPT
$IPT -A INPUT -p tcp -s 192.168.11.0/24 --dport 139 -j ACCEPT

# SSH Service
#$IPT -A INPUT -p tcp -s 192.168.11.0/24 --dport 22 -j ACCEPT
$IPT -A INPUT -p tcp -s 192.168.11.0/24 --dport 5000 -j ACCEPT

# End Firewall

如果是直接接入Internet,可将防火墙配置修改为:
#! /bin/bash

IPT="/sbin/iptables"


/sbin/modprobe ip_tables
/sbin/modprobe ip_conntrack
/sbin/modprobe iptable_filter
/sbin/modprobe iptable_nat
/sbin/modprobe ipt_limit
/sbin/modprobe ipt_state
/sbin/modprobe ip_conntrack_ftp
/sbin/modprobe ip_nat_ftp
/sbin/modprobe ipt_REJECT

for interface in /proc/sys/net/ipv4/conf/*
do
echo 0 > $interface/accept_source_route
done

echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts

echo 1 >/proc/sys/net/ipv4/tcp_syncookies

# Disable ICMP Redirect Acceptance
for f in /proc/sys/net/ipv4/conf/*/accept_redirects;
do
echo 0 > $f
done

# Don't send Redirect Messages
for f in /proc/sys/net/ipv4/conf/*/send_redirects;
do
echo 0 > $f
done

# Drop Spoofed Packets coming in
for f in /proc/sys/net/ipv4/conf/*/rp_filter;
do
echo 1 > $f
done

# Log packets with impossible addresses
for f in /proc/sys/net/ipv4/conf/*/log_martians;
do
echo 1 > $f
done

# Inital iptables Chains Policy
$IPT -F -t filter
$IPT -P INPUT DROP
$IPT -P OUTPUT ACCEPT

# Deny All Other Connections
$IPT -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

$IPT -A INPUT -p tcp --tcp-flags SYN,ACK SYN,ACK \
-m state --state NEW -j REJECT --reject-with tcp-reset
$IPT -A INPUT -p tcp ! --syn -m state --state NEW -j DROP

# Enable Native Network Transfer
$IPT -A INPUT -i lo -j ACCEPT

# ICMP Control
$IPT -A INPUT -p icmp -m limit --limit 1/s --limit-burst 10 -j ACCEPT

# WWW Service
$IPT -A INPUT -p tcp --dport 80 -j ACCEPT

# FTP Service
$IPT -A INPUT -p tcp --dport 21 -j ACCEPT

# SSH Service
#$IPT -A INPUT -p tcp --dport 22 -j ACCEPT
$IPT -A INPUT -p tcp --dport 5000 -j ACCEPT

# End Firewall
?

修改fw.sh的权限:

 # chmod 700 fw.sh
?

开机运行防火墙脚本:

 # echo "/etc/rc.d/fw.sh" >> rc.local
?

4、yum配置

修改/etc/yum.repos.d/CentOS-Base.repo,将镜象站点地址改为在中国的镜象站点地址。修改如下:

 # cd /etc/yum.repos.d/ # cp CentOS-Base.repo CentOS-Base.repo.bak # vi CentOS-Base.repo
?
升级镜像参数修改:
# This file uses a new mirrorlist system developed by Lance Davis for CentOS.
# The mirror system uses the connecting IP address of the client and the
# update status of each mirror to pick mirrors that are updated to and
# geographically close to the client. You should use this for CentOS updates
# unless you are manually picking other mirrors.
#
# If the mirrorlist= does not work for you, as a fall back you can try the
# remarked out baseurl= line instead.
#
#

[base]
name=CentOS-$releasever - Base
baseurl=http://mirrors.cn99.com/centos/$releasever/os/$basearch/
gpgcheck=1
gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-5
protect=1

#released updates
[updates]
name=CentOS-$releasever - Updates
baseurl=http://mirrors.cn99.com/centos/$releasever/updates/$basearch/
gpgcheck=1
gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-5
protect=1

#packages used/produced in the build but not released
[addons]
name=CentOS-$releasever - Addons
baseurl=http://mirrors.cn99.com/centos/$releasever/addons/$basearch/
gpgcheck=1
gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-5
protect=0

#additional packages that may be useful
[extras]
name=CentOS-$releasever - Extras
baseurl=http://mirrors.cn99.com/centos/$releasever/extras/$basearch/
gpgcheck=1
gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-5
protect=0

#additional packages that extend functionality of existing packages
[centosplus]
name=CentOS-$releasever - Plus
baseurl=http://mirrors.cn99.com/centos/$releasever/centosplus/$basearch/
gpgcheck=1
enabled=0
gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-5
protect=1

#contrib - packages by Centos Users
[contrib]
name=CentOS-$releasever - Contrib
baseurl=http://mirrors.cn99.com/centos/$releasever/contrib/$basearch/
gpgcheck=1
enabled=0
protect=0
gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-5
?

保存文件。


5、网络校时服务配置

安装ntp工具:

 # yum install -y ntp # crontab -e
?

// 插入下面行

0 23 * * * root /usr/sbin/ntpdate 210.72.145.44 > /dev/null 2>&1
?

启动服务器校时服务:

 # chkconfig --add ntpd 
?

服务器将在每天的23:00根据中国国家授时中心的NTP服务器时间自动校准时间。


三、raid5磁盘陈列安装

查看磁盘信息:

[root@office ~]# fdisk -l

Disk /dev/hda: 500.1 GB, 500107862016 bytes
255 heads, 63 sectors/track, 60801 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

?? Device Boot????? Start???????? End????? Blocks?? Id? System
/dev/hda1?? *?????????? 1????????? 13????? 104391?? 83? Linux
/dev/hda2????????????? 14???????? 536???? 4200997+? 82? Linux swap / Solaris
/dev/hda3???????????? 537???????? 664???? 1028160?? 83? Linux
/dev/hda4???????????? 665?????? 60801?? 483050452+?? 5? Extended
/dev/hda5???????????? 665??????? 1047???? 3076416?? 83? Linux
/dev/hda6??????????? 1048??????? 2322??? 10241406?? 83? Linux
/dev/hda7??????????? 2323??????? 2959???? 5116671?? 83? Linux
/dev/hda8??????????? 2960??????? 3469???? 4096543+? 83? Linux
/dev/hda9??????????? 3470?????? 60801?? 460519258+? 83? Linux

Disk /dev/hdb: 500.1 GB, 500107862016 bytes
255 heads, 63 sectors/track, 60801 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

?? Device Boot????? Start???????? End????? Blocks?? Id? System

Disk /dev/hdc: 500.1 GB, 500107862016 bytes
255 heads, 63 sectors/track, 60801 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

?? Device Boot????? Start???????? End????? Blocks?? Id? System

Disk /dev/hdd: 500.1 GB, 500107862016 bytes
255 heads, 63 sectors/track, 60801 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

?? Device Boot????? Start???????? End????? Blocks?? Id? System

1、创建raid:

[root@office ~]# mdadm -C /dev/md0 -l5 -n3 -c128 /dev/hd[b,c,d]
mdadm: array /dev/md0 started.

查看磁盘信息:

[root@office ~]# fdisk -l

Disk /dev/hda: 500.1 GB, 500107862016 bytes
255 heads, 63 sectors/track, 60801 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

?? Device Boot????? Start???????? End????? Blocks?? Id? System
/dev/hda1?? *?????????? 1????????? 13????? 104391?? 83? Linux
/dev/hda2????????????? 14???????? 536???? 4200997+? 82? Linux swap / Solaris
/dev/hda3???????????? 537???????? 664???? 1028160?? 83? Linux
/dev/hda4???????????? 665?????? 60801?? 483050452+?? 5? Extended
/dev/hda5???????????? 665??????? 1047???? 3076416?? 83? Linux
/dev/hda6??????????? 1048??????? 2322??? 10241406?? 83? Linux
/dev/hda7??????????? 2323??????? 2959???? 5116671?? 83? Linux
/dev/hda8??????????? 2960??????? 3469???? 4096543+? 83? Linux
/dev/hda9??????????? 3470?????? 60801?? 460519258+? 83? Linux

Disk /dev/hdb: 500.1 GB, 500107862016 bytes
255 heads, 63 sectors/track, 60801 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

?? Device Boot????? Start???????? End????? Blocks?? Id? System

Disk /dev/hdc: 500.1 GB, 500107862016 bytes
255 heads, 63 sectors/track, 60801 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

?? Device Boot????? Start???????? End????? Blocks?? Id? System

Disk /dev/hdd: 500.1 GB, 500107862016 bytes
255 heads, 63 sectors/track, 60801 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

Disk /dev/hdd doesn't contain a valid partition table

Disk /dev/md0: 1000.2 GB, 1000215412736 bytes
2 heads, 4 sectors/track, 244193216 cylinders
Units = cylinders of 8 * 512 = 4096 bytes

??? Device Boot????? Start???????? End????? Blocks?? Id? System

从最后显示的磁盘信息可知,已生成了磁盘阵列/dev/md0,容量为1T。

写配置文件:

[root@office ~]# echo DEVICE /dev/hd[b-d] > /etc/mdadm.conf
[root@office ~]# mdadm -D -s >> /etc/mdadm.conf

查看/etc/mdadm.conf文件:
[root@office ~]# cat /etc/mdadm.conf
DEVICE /dev/hdb /dev/hdc /dev/hdd
ARRAY /dev/md0 level=raid5 num-devices=3 spares=1 UUID=a64fef9f:f3154d4c:dd25aa21:08722716

如果文件开头没有:

DEVICE /dev/hdb /dev/hdc /dev/hdd

请加上。也可以使用这样的格式:

DEVICE /dev/hd[b,c,d]

使得开机后自动启动磁盘陈列。

重启Raid:
mdadm -A -s

查看当前阵列的状态:

[root@office ~]# cat /proc/mdstat
Personalities : [raid6] [raid5] [raid4]
md0 : active raid5 hdd[3] hdc[1] hdb[0]
????? 976772864 blocks level 5, 128k chunk, algorithm 2 [3/2] [UU_]
????? [>....................]? recovery =? 0.1% (660876/488386432) finish=5229.0min speed=1551K/sec
?????
unused devices: <none>

查看阵列信息:

[root@office ~]# mdadm -D -s /dev/md0
/dev/md0:
??????? Version : 00.90.03
? Creation Time : Tue Jul 21 09:06:59 2009
???? Raid Level : raid5
???? Array Size : 976772864 (931.52 GiB 1000.22 GB)
? Used Dev Size : 488386432 (465.76 GiB 500.11 GB)
?? Raid Devices : 3
? Total Devices : 3
Preferred Minor : 0
??? Persistence : Superblock is persistent

??? Update Time : Tue Jul 21 09:06:59 2009
????????? State : clean, degraded, recovering
?Active Devices : 2
Working Devices : 3
?Failed Devices : 0
? Spare Devices : 1

???????? Layout : left-symmetric
???? Chunk Size : 128K

?Rebuild Status : 0% complete

?????????? UUID : a64fef9f:f3154d4c:dd25aa21:08722716
???????? Events : 0.1

??? Number?? Major?? Minor?? RaidDevice State
?????? 0?????? 3?????? 64??????? 0????? active sync?? /dev/hdb
?????? 1????? 22??????? 0??????? 1????? active sync?? /dev/hdc
?????? 3????? 22?????? 64??????? 2????? spare rebuilding?? /dev/hdd

从最后一行信息可知,hdd盘为磁盘陈列的备盘,如果其中陈列中的活动硬盘有一个损坏,hdd将自动补上。

2、创建LVM:

lvm就是逻辑卷管理器

步骤分为:
1 创建pv(物理卷)
2 创建vg(卷组)
3 创建lv(逻辑卷)

好处,为文件系统提供一个透明的磁盘接口,利于扩容之类的。

创建物理卷[pv]:
[root@office ~]# pvcreate /dev/md0
? Physical volume "/dev/md0" successfully created

创建卷组[vg]:
[root@office ~]# vgcreate vg0 /dev/md0
? Volume group "vg0" successfully created

查看卷的详细信息:
[root@office ~]# vgdisplay -v
??? Finding all volume groups
??? Finding volume group "vg0"
? --- Volume group ---
? VG Name?????????????? vg0
? System ID????????????
? Format??????????????? lvm2
? Metadata Areas??????? 1
? Metadata Sequence No? 13
? VG Access???????????? read/write
? VG Status???????????? resizable
? MAX LV??????????????? 0
? Cur LV??????????????? 0
? Open LV?????????????? 0
? Max PV??????????????? 0
? Cur PV??????????????? 1
? Act PV??????????????? 1
? VG Size?????????????? 931.52 GB
? PE Size?????????????? 4.00 MB
? Total PE????????????? 238469
? Alloc PE / Size?????? 0 / 0??
? Free? PE / Size?????? 238469 / 931.52 GB
? VG UUID?????????????? 7w3I7A-bbCy-qCYa-SmqP-wZGm-OwvP-qLaad3
??
? --- Physical volumes ---
? PV Name?????????????? /dev/md0????
? PV UUID?????????????? RS3Fhz-GkR6-D84D-24r3-mOX3-lMz0-M3e3Db
? PV Status???????????? allocatable
? Total PE / Free PE??? 238469 / 238469

从上面显示的卷信息得知,逻辑卷只有931.52 GB可用,而无法用齐1T容量。

创建逻辑卷[lv]:
www:
lvcreate? vg0 --name=lv0 --size=500G

data:
lvcreate? vg0 --name=lv1 --size=50G

jicai:
lvcreate? vg0 --name=lv2 --size=50G

office:
lvcreate? vg0 --name=lv3 --size=50G

jianbao:
lvcreate? vg0 --name=lv4 --size=50G

houqin:
lvcreate? vg0 --name=lv5 --size=50G

shichang:
lvcreate? vg0 --name=lv6 --size=50G

jishu:
lvcreate? vg0 --name=lv7 --size=130G

如果主机做互联网WeB主机用,为www和data目录创建lv0、lv1即可。
www做网站的网站主页服务器的数据目录,data做MySQL的数据目录。

再次查看卷的详细信息:
[root@office ~]# vgdisplay -v
??? Finding all volume groups
??? Finding volume group "vg0"
? --- Volume group ---
? VG Name?????????????? vg0
? System ID????????????
? Format??????????????? lvm2
? Metadata Areas??????? 1
? Metadata Sequence No? 21
? VG Access???????????? read/write
? VG Status???????????? resizable
? MAX LV??????????????? 0
? Cur LV??????????????? 8
? Open LV?????????????? 0
? Max PV??????????????? 0
? Cur PV??????????????? 1
? Act PV??????????????? 1
? VG Size?????????????? 931.52 GB
? PE Size?????????????? 4.00 MB
? Total PE????????????? 238469
? Alloc PE / Size?????? 238080 / 930.00 GB
? Free? PE / Size?????? 389 / 1.52 GB
? VG UUID?????????????? 7w3I7A-bbCy-qCYa-SmqP-wZGm-OwvP-qLaad3
??
? --- Logical volume ---
? LV Name??????????????? /dev/vg0/lv0
? VG Name??????????????? vg0
? LV UUID??????????????? rm6XtE-ljG3-G21P-f8Nd-g1ug-rs3Q-0vN0Jc
? LV Write Access??????? read/write
? LV Status????????????? available
? # open???????????????? 0
? LV Size??????????????? 500.00 GB
? Current LE???????????? 128000
? Segments?????????????? 1
? Allocation???????????? inherit
? Read ahead sectors???? auto
? - currently set to???? 256
? Block device?????????? 253:0
??
? --- Logical volume ---
? LV Name??????????????? /dev/vg0/lv1
? VG Name??????????????? vg0
? LV UUID??????????????? p4O2wX-oI8U-n4J3-phhL-7NMA-YjT6-fq29SY
? LV Write Access??????? read/write
? LV Status????????????? available
? # open???????????????? 0
? LV Size??????????????? 50.00 GB
? Current LE???????????? 12800
? Segments?????????????? 1
? Allocation???????????? inherit
? Read ahead sectors???? auto
? - currently set to???? 256
? Block device?????????? 253:1
??
? --- Logical volume ---
? LV Name??????????????? /dev/vg0/lv2
? VG Name??????????????? vg0
? LV UUID??????????????? 3qOV1S-YX1O-1EC1-aRdM-5juh-SrUh-vRMyU3
? LV Write Access??????? read/write
? LV Status????????????? available
? # open???????????????? 0
? LV Size??????????????? 50.00 GB
? Current LE???????????? 12800
? Segments?????????????? 1
? Allocation???????????? inherit
? Read ahead sectors???? auto
? - currently set to???? 256
? Block device?????????? 253:2
??
? --- Logical volume ---
? LV Name??????????????? /dev/vg0/lv3
? VG Name??????????????? vg0
? LV UUID??????????????? HMl0Cv-Fdys-zEXw-L9gn-WJ3p-lnH3-Xiu32I
? LV Write Access??????? read/write
? LV Status????????????? available
? # open???????????????? 0
? LV Size??????????????? 50.00 GB
? Current LE???????????? 12800
? Segments?????????????? 1
? Allocation???????????? inherit
? Read ahead sectors???? auto
? - currently set to???? 256
? Block device?????????? 253:3
??
? --- Logical volume ---
? LV Name??????????????? /dev/vg0/lv4
? VG Name??????????????? vg0
? LV UUID??????????????? M4cAvK-Y10c-pWUK-eZxw-z3yV-Scs8-OkRYTW
? LV Write Access??????? read/write
? LV Status????????????? available
? # open???????????????? 0
? LV Size??????????????? 50.00 GB
? Current LE???????????? 12800
? Segments?????????????? 1
? Allocation???????????? inherit
? Read ahead sectors???? auto
? - currently set to???? 256
? Block device?????????? 253:4
??
? --- Logical volume ---
? LV Name??????????????? /dev/vg0/lv5
? VG Name??????????????? vg0
? LV UUID??????????????? Wey3B5-3CSY-zhdm-RBCO-xnZ1-nBYW-Kt87Tk
? LV Write Access??????? read/write
? LV Status????????????? available
? # open???????????????? 0
? LV Size??????????????? 50.00 GB
? Current LE???????????? 12800
? Segments?????????????? 1
? Allocation???????????? inherit
? Read ahead sectors???? auto
? - currently set to???? 256
? Block device?????????? 253:5
??
? --- Logical volume ---
? LV Name??????????????? /dev/vg0/lv6
? VG Name??????????????? vg0
? LV UUID??????????????? m3bY2h-UkFO-p4At-CMBV-LOJ1-6ebF-DSsUrg
? LV Write Access??????? read/write
? LV Status????????????? available
? # open???????????????? 0
? LV Size??????????????? 50.00 GB
? Current LE???????????? 12800
? Segments?????????????? 1
? Allocation???????????? inherit
? Read ahead sectors???? auto
? - currently set to???? 256
? Block device?????????? 253:6
??
? --- Logical volume ---
? LV Name??????????????? /dev/vg0/lv7
? VG Name??????????????? vg0
? LV UUID??????????????? EPmJlq-fYPx-6st7-QpA2-RGEM-02Lc-q1C3EH
? LV Write Access??????? read/write
? LV Status????????????? available
? # open???????????????? 0
? LV Size??????????????? 130.00 GB
? Current LE???????????? 33280
? Segments?????????????? 1
? Allocation???????????? inherit
? Read ahead sectors???? auto
? - currently set to???? 256
? Block device?????????? 253:7
??
? --- Physical volumes ---
? PV Name?????????????? /dev/md0????
? PV UUID?????????????? RS3Fhz-GkR6-D84D-24r3-mOX3-lMz0-M3e3Db
? PV Status???????????? allocatable
? Total PE / Free PE??? 238469 / 389

格式化逻辑卷:
mkfs -t ext3 -L /www /dev/vg0/lv0
mkfs -t ext3 -L /data /dev/vg0/lv1
mkfs -t ext3 -L /jicai /dev/vg0/lv2
mkfs -t ext3 -L /office /dev/vg0/lv3
mkfs -t ext3 -L /jianbao /dev/vg0/lv4
mkfs -t ext3 -L /houqin /dev/vg0/lv5
mkfs -t ext3 -L /shichang /dev/vg0/lv6
mkfs -t ext3 -L /jishu /dev/vg0/lv7

格式化逻辑卷花费时间巨大,要耐心等待。。。

创建挂载点:
mkdir /www
mkdir /data
mkdir /jicai
mkdir /office
mkdir /jianbao
mkdir /houqin
mkdir /shichang
mkdir /jishu

挂载:
mount -t ext3 -o defaults /dev/vg0/lv0 /www
mount -t ext3 -o defaults /dev/vg0/lv1 /data
mount -t ext3 -o defaults /dev/vg0/lv2 /jicai
mount -t ext3 -o defaults /dev/vg0/lv3 /office
mount -t ext3 -o defaults /dev/vg0/lv4 /jianbao
mount -t ext3 -o defaults /dev/vg0/lv5 /houqin
mount -t ext3 -o defaults /dev/vg0/lv6 /shichang
mount -t ext3 -o defaults /dev/vg0/lv7 /jishu

查看磁盘信息:
[root@office etc]# df -h
Filesystem??????????? Size? Used Avail Use% Mounted on
/dev/hda3???????????? 973M? 171M? 752M? 19% /
/dev/hda9???????????? 426G? 199M? 404G?? 1% /home
/dev/hda5???????????? 2.9G? 1.2G? 1.6G? 44% /usr
/dev/hda8???????????? 3.8G?? 72M? 3.6G?? 2% /opt
/dev/hda7???????????? 4.8G? 138M? 4.4G?? 4% /tmp
/dev/hda6???????????? 9.5G? 183M? 8.8G?? 2% /var
/dev/hda1????????????? 99M?? 12M?? 83M? 12% /boot
tmpfs??????????????? 1014M???? 0 1014M?? 0% /dev/shm
/dev/mapper/vg0-lv0?? 493G? 198M? 467G?? 1% /www
/dev/mapper/vg0-lv1??? 50G? 180M?? 47G?? 1% /data
/dev/mapper/vg0-lv2??? 50G? 180M?? 47G?? 1% /jicai
/dev/mapper/vg0-lv3??? 50G? 180M?? 47G?? 1% /office
/dev/mapper/vg0-lv4??? 50G? 180M?? 47G?? 1% /jianbao
/dev/mapper/vg0-lv5??? 50G? 180M?? 47G?? 1% /houqin
/dev/mapper/vg0-lv6??? 50G? 180M?? 47G?? 1% /shichang
/dev/mapper/vg0-lv7?? 128G? 188M? 122G?? 1% /jishu

开机自动加载配置:

在 /etc/fstab 文件尾部加入下面行:
LABEL=/www /www ext3 defaults 0 0
LABEL=/data /data ext3 defaults 0 0
LABEL=/jicai /jicai ext3 defaults 0 0
LABEL=/office /office ext3 defaults 0 0
LABEL=/jianbao /jianbao ext3 defaults 0 0
LABEL=/houqin /houqin ext3 defaults 0 0
LABEL=/shichang /shichang ext3 defaults 0 0
LABEL=/jishu /jishu ext3 defaults 0 0

写文件测试:
cd /www
dd if=/dev/zero of=test bs=1024k count=1k

[root@office www]# dd if=/dev/zero of=test bs=1024k count=1k
1024+0 records in
1024+0 records out
1073741824 bytes (1.1 GB) copied, 134.077 seconds, 8.0 MB/s


四、使用 yum 程序安装升级所需开发包

开发与安全相关:
yum install gcc gcc-c++ flex bison autoconf automake bzip2-devel zlib-devel ncurses-devel pam-devel openssl-devel

编译GD相关:
yum install libjpeg-devel libpng-devel fontconfig-devel libX11-devel libtiff-devel libXpm-devel libxml2-devel freetype-devel xorg-x11-server-Xorg

编译PHP相关:
yum install gettext-devel pcre-devel libxslt-devel

CentOS 5.4需要yum curl才能安装PHP curl:
yum install curl curl-devel

这里我们将编译GD所必须的一些小软件比如libpng,libtiff,freetype,libjpeg,gettext-devel等先用RPM的方式一并安装好,避免手动编译浪费时间,同时也能避免很多错误。这几个小软件的编译很麻烦,编译错误了,GD当然安装不了,php5的编译当然也没戏了。

源码编译安装PHP所需包:

(1) 安装 mhash

下载mhash源代码:

cd /opt/src
wget http://downloads.sourceforge.net/mhash/mhash-0.9.9.9.tar.gz?modtime=1228695303&big_mirror=0
???
编译安装 mhash:

tar -xzvf mhash*
cd mhash*

./configure --prefix=/usr/local
make && make install

(2) 安装 iconv
???
下载最新iconv源代码:

cd /opt/src
wget http://ftp.gnu.org/pub/gnu/libiconv/libiconv-1.13.1.tar.gz

编译安装iconv:

tar -zxvf libiconv*
cd libiconv*

./configure --prefix=/usr/local
make && make install

(3) 安装 Libmcrypt

phpMyAdmin后台MySQL数据库管理工具要用到。

下载最新Libmcrypt 源代码:

cd /opt/src
wget http://downloads.sourceforge.net/mcrypt/libmcrypt-2.5.8.tar.gz?modtime=1171868460&big_mirror=0

安装Libmcrypt:

tar xvfz libmcrypt*
cd libmcrypt*

./configure --prefix=/usr/local
make && make install

(4) 安装 GD2

下载最新GD2源代码:

cd /opt/src
wget http://www.libgd.org/releases/gd-2.0.35.tar.gz

编译安装GD2:

// 编译安装之前先阅读GD2的README.TXT文件。
tar xzvf gd-2.0.35.tar.gz
cd gd*

CHOST="i686-pc-linux-gnu" CFLAGS="-O3 -msse2 -mmmx -Wall -W -mfpmath=sse -mcpu=pentium4 -march=pentium4 -pipe -fomit-frame-pointer" CXXFLAGS="-O3 -msse2 -mmmx -Wall -W -mfpmath=sse -funroll-loops -mcpu=pentium4 -march=pentium4 -pipe -fomit-frame-pointer" ./configure \
--prefix=/usr/local \
--with-png=/usr/local \
--with-freetype=/usr/local \
--with-jpeg =/usr/local \
--with-xpm=/usr/local

make && make install


五、FTP服务器定制

为了方便日后对Web网站进行远程维护,因此需要定制FTP服务器。

先增加一普通的FTP用户,如hegz,用来上传数据。

# useradd hegz
# passwd hegz? // 增加密码

如果已经先前已经创建了该用户,则可忽略此步。

# vi /etc/vsftpd/vsftpd.conf

取消诺名登录,找到:
?
anonymous_enable=YES
?
将其改为:

anonymous_enable=No

找到:
?
ftpd_banner=”
?
去掉前面的“#”号,并将参数修改为:

ftpd_banner=Welcome to Office Server FTP service.

手工重启ftp服务器:
???
# service vsftpd restart

由于SELinux的默认规则对用户的HOME目录起保护作用,因此有HOME目录的普通权限用户 ftp 登录时将出现:

500 OOPS: cannot change directory:/home/hegz
Login failed.

这样的出错信息提示,因此需要运行下面的命令去掉限制:

# setsebool -P ftp_home_dir=1
?

六、samba文件服务器的跨子网访问配置


[1]、/etc/samba/smb.conf配置

samba配置参数:
[global]

# ----------------------- Network Related Options -------------------------

workgroup = OFFICES
server string = Office's File Server

netbios name = OFFICESERVER

interfaces = lo eth0 192.168.11.9/24
hosts allow = 127. 192.168.8. 192.168.11.

remote announce = 192.168.8.255/offices // 跨子网访问

# --------------------------- Logging Options -----------------------------

log file = /var/log/samba/%m.log
max log size = 50

# ----------------------- Standalone Server Options ------------------------

security = user
encrypt passwords = yes
smb passwd file = /etc/samba/smbpasswd
; passdb backend = tdbsam

# ----------------------- Browser Control Options ----------------------------

local master = yes
domain master = yes // 跨子网配置
os level = 70
preferred master = yes // 跨子网配置

#----------------------------- Name Resolution -------------------------------

wins support = yes

# --------------------------- Printing Options -----------------------------


load printers = yes
cups options = raw

#============================ Share Definitions ==============================

[homes]
comment = Home Directories
browseable = no
writable = yes
; valid users = %S
; valid users = MYDOMAIN\%S

[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
guest ok = no
writable = no
printable = yes

# 因为创建系统 www 帐号时已指定 /www/htdocs 为其 HOME 目录,因此[www]其实可以不用设置,
# 下面的参数可以作为共享其它目录的示例
[www]
writeable = yes
wide links = no
delete readonly = yes
path = /www/htdocs
write list = @www
comment = hzpost's Office Server
valid users = @www
create mode = 775
directory mode = 775

[jicai]
writeable = yes
wide links = no
delete readonly = yes
path = /jicai
write list = @jicai
comment = hzpost's Office Server
valid users = @jicai
create mode = 775
directory mode = 775

[jishu]
writeable = yes
wide links = no
delete readonly = yes
path = /jishu
write list = @jishu
comment = hzpost's Office Server
valid users = @jishu
create mode = 775
directory mode = 775
?

[2]、设置允许共享 HOME 目录的 SELinux 规则

# setsebool -P samba_enable_home_dirs on

?

查询/home/hegz目录的SELinux策略类型:

# ls -ldZ /home/hegzdrwx------  hegz hegz user_u:object_r:user_home_dir_t:s0 /home/hegz
?

[3]、设置允许共享系统创建的其它目录

setsebool -P samba_export_all_ro on
?

或者:

setsebool -P samba_export_all_rw on
?

[4]、创建 Samba 登录帐号

先用 useradd 创建系统帐号:

useradd jicai -d /jicai -m -s /sbin/nologinuseradd office -d /office -m -s /sbin/nologinuseradd jianbao -d /jianbao -m -s /sbin/nologinuseradd houqin -d /houqin -m -s /sbin/nologinuseradd shichang -d /shichang -m -s /sbin/nologinuseradd jishu -d /jishu -m -s /sbin/nologin

?

再用 smbpasswd 命令创建 Samba 帐号,创建帐号的同时添加密码,密码可不同于系统帐号密码。

smbpasswd -a hegzsmbpasswd -a wwwsmbpasswd -a jicaismbpasswd -a officesmbpasswd -a jianbaosmbpasswd -a houqinsmbpasswd -a shichangsmbpasswd -a jishu

?
如果想偷懒,这样也可:

cat /etc/passwd | mksmbpasswd.sh > /etc/samba/smbpasswd

如果想修改 Samba 的帐号密码,这样进行修改:

smbpasswd hegz

[5]、改变目录权限属性

chown -R jicai.jicai /jicaichown -R office.office /officechown -R jianbao.jianbao /jianbaochown -R houqin.houqin /houqinchown -R shichang.shichang /shichangchown -R jishu.jishu /jishu
?

[6]、在 Windows 中进行网络磁盘映射

鼠标右键点击“网上邻居”或“我的电脑” ——> 选择“映射网络驱动器” ——> 在弹出窗口的“文件夹”输入栏里输入:\\192.168.11.9\hegz,
点击“完成”按钮 ——> 在新弹出的窗口中输入在 Samba 中创建的登录帐号及密码,然后点击“确定”按钮即可。

[7]、断开网络驱动器

鼠标右键点击“网上邻居”或“我的电脑” ——> 选择“断开网络驱动器” ——> 在弹出窗口中选择要断开的盘符即可。


七、结束语

这是我的办公服务器的安装配置过程。以上步骤最好在VMware上走一遍,没有问题后,再正式在主机上进行。

?

?

论坛贴:《office服务器安装手记[CentOS 5.3 raid5+LVM]》

?

?

  相关解决方案