第 13 堂課:服務管理與開機流程管理
http://linux.vbird.org/linux\_basic\_train/unit13.php
13.1.1:程序的管理透過 kill 與 signal
例題:
- 使用 ps 這個指令,列出系統全部程序的『 pid, nice值, pri值, command 』資訊
- 找出系統內程序執行檔名為 sshd 的 PID
- 將上述的 PID 給予 signal 1 的方式為何?
- 觀察一下 /var/log/secure 的內容是否正確的輸出相關的程序行為?
- 如何將系統上所有的 bash 程序通通刪除?
#1
ps ax -o pid,ni,pri,cmd
#2
ps aux | grep -e /usr/sbin/sshd
#3
kiil -1 ${pid}
#4
Docker Centos 沒有/var/log/secure
#5
kill -9 $(ps aux | grep -e bash | awk '{ print $2 }')
13.1.2:systemd 簡介
例題:
- 透過 ps 找出 路徑含有systemd的執行檔
- 上述的指令是由那一個軟體所提供?
- 該軟體提供的全部檔名如何查詢?
#1
ps -ef |awk '{print $8}' |grep systemd
---------------------------------------------------------
/usr/lib/systemd/systemd-journald
/usr/lib/systemd/systemd-udevd
/usr/lib/systemd/systemd-logind
---------------------------------------------------------
#2
rpm -qf /usr/lib/systemd/
-----------------------------------------
systemd-219-42.el7_4.1.x86_64
-----------------------------------------
#3
rpm -ql systemd
13.1.3:systemctl 管理服務的啟動與關閉
例題:
- 查詢系統有沒有 chronyd 這個指令?
- 使用 rpm 查詢該指令屬於哪個軟體?
- 使用 rpm 查詢該軟體的功能為何?
- 請觀察 chronyd 這個服務目前是啟動或關閉?開機時會不會啟動這個服務?
- 請將 chronyd 關閉,且下次開機還是會關閉
- 再次觀察 chronyd 這個服務。
- 觀察登錄檔有沒有記錄 chronyd 這個服務的相關資料?
#1
yum install chrony
which chronyd
----------------------------------
/usr/sbin/chronyd
----------------------------------
#2
rpm -qf /usr/sbin/chronyd
----------------------------------
chrony-3.2-2.el7.x86_64
----------------------------------
#3
rpm -qi chrony
--------------------------------------------------------------------
Name : chrony
Version : 3.2
Release : 2.el7
Architecture: x86_64
Install Date: Tue Jun 5 15:35:50 2018
Group : System Environment/Daemons
Size : 487489
License : GPLv2
Signature : RSA/SHA256, Wed Apr 25 18:55:05 2018, Key ID 24c6a8a7f4a80eb5
Source RPM : chrony-3.2-2.el7.src.rpm
Build Date : Fri Apr 13 01:38:53 2018
Build Host : x86-01.bsys.centos.org
Relocations : (not relocatable)
Packager : CentOS BuildSystem <http://bugs.centos.org>
Vendor : CentOS
URL : https://chrony.tuxfamily.org
Summary : An NTP client/server
Description :
A client/server for the Network Time Protocol, this program keeps your
computer's clock accurate. It was specially designed to support
systems with intermittent internet connections, but it also works well
in permanently connected environments. It can use also hardware reference
clocks, system real-time clock or manual input as time references.
--------------------------------------------------------------------
#4
systemctl status chronyd
--------------------------------------------------------------------
● chronyd.service - NTP client/server
Loaded: loaded (/usr/lib/systemd/system/chronyd.service; enabled; vendor preset: enabled)
Active: inactive (dead)
Docs: man:chronyd(8)
man:chrony.conf(5)
--------------------------------------------------------------------
關閉,但下次開機會啟動這服務
#5
systemctl stop chronyd
systemctl disable chronyd
#6
systemctl status chronyd
-------------------------------------------------------------------------------------------------------
● chronyd.service - NTP client/server
Loaded: loaded (/usr/lib/systemd/system/chronyd.service; disabled; vendor preset: enabled)
Active: inactive (dead)
Docs: man:chronyd(8)
man:chrony.conf(5)
Jun 05 15:42:33 5f181c4bc7b1 systemd[1]: Starting NTP client/server...
Jun 05 15:42:33 5f181c4bc7b1 chronyd[12680]: chronyd version 3.2 starting (+CMDMON +NTP +REFCLOCK +RTC +PRIVDROP +SCFILTER +SECHASH +SIGND +ASYNCDNS +IPV6 +DEBUG)
Jun 05 15:42:33 5f181c4bc7b1 systemd[1]: Started NTP client/server.
Jun 05 15:42:38 5f181c4bc7b1 chronyd[12680]: Selected source 59.124.29.241
Jun 05 15:42:38 5f181c4bc7b1 chronyd[12680]: System clock wrong by -19.889356 seconds, adjustment started
Jun 05 15:42:19 5f181c4bc7b1 chronyd[12680]: System clock was stepped by -19.889356 seconds
Jun 05 15:42:20 5f181c4bc7b1 chronyd[12680]: Selected source 123.204.45.116
Jun 05 15:42:22 5f181c4bc7b1 systemd[1]: Stopping NTP client/server...
Jun 05 15:42:22 5f181c4bc7b1 chronyd[12680]: chronyd exiting
Jun 05 15:42:22 5f181c4bc7b1 systemd[1]: Stopped NTP client/server.
-------------------------------------------------------------------------------------------------------
#7
cd /var/log/chrony
ll
-----------------------------------------------------------
total 0
-----------------------------------------------------------
可能是剛灌好吧,所以沒有log
13.1.4:systemctl 列表系統服務
例題:
- 找出系統中以 ksm 為開頭的所有的服務名稱,並觀察其狀態
- 將該服務設定為『開機不啟動』且『目前立刻關閉』的情況
#1
systemctl | grep ksm
#2
system disable ${service_name}
system stop ${service_name}
13.1.5:systemctl 取得與切換預設操作界面
例題:
- 使用 netstat -tlunp 查看一下系統的網路監聽埠口
- 請在本機目前的狀態下,將操作界面模式更改為 rescue.target 這個救援模式
- 使用 netstat -tlunp 查看一下系統的網路監聽埠口是否有變少?
- 將環境改為原本的操作界面
#1
yum install net-tools
netstat -tlunp
--------------------------------------------------------------------------------------------------
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
udp 0 0 127.0.0.1:323 0.0.0.0:* 12724/chronyd
udp6 0 0 ::1:323 :::* 12724/chronyd
--------------------------------------------------------------------------------------------------
#2
systemctl isolate rescue.target
#3
--------------------------------------------------------------------------------------------------
netstat -tlunp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
--------------------------------------------------------------------------------------------------
#4
systemctl isolate multi-user.target
13.1.6:網路服務管理初探
WWW 網路服務是由 httpd 這個軟體所提供的,請先安裝該軟體
- 查詢是否有 httpd 的服務存在了?
- 啟動該服務,同時設定為預設啟動該服務
- 查詢埠口是否順利啟動 port 80
- 使用瀏覽器查詢本機 WWW 服務是否正確啟動了。
- 將 port 80 的防火牆放行。
#1
yum install httpd
systemctl | grep httpd
#2
systemctl start httpd
systemctl enable httpd
#3
netstat -tlunp
---------------------------------------------------------------------------------------
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 226/httpd
udp 0 0 127.0.0.1:323 0.0.0.0:* 60/chronyd
udp6 0 0 ::1:323 :::* 60/chronyd
---------------------------------------------------------------------------------------
#4
要用localhost 10080測試
#5
firewall-cmd --zone=public --add-port=80/tcp --permanent
13.2.1:Linux 系統在 systemd 底下的開機流程
例題:
- 使用 systemctl list-units --all 的功能,找出 local 關鍵字
- 使用 systemctl list-unit-files 的功能,找出 local 關鍵字
- 使用 systemctl show xxx.service 的功能,找出上述軟體的執行檔
- 查閱 /etc/rc.d/rc.local 的權限,同時加上 x 的權限
- 重新載入 systemd ,讓上述修訂生效
- 使用 systemctl list-units --all 的功能,找出 local 關鍵字,是否為 active 呢?
#1
systemctl list-units --all | grep local
----------------------------------------------------------------------------------------------------
rc-local.service loaded inactive dead /etc/rc.d/rc.local Compatibility
local-fs-pre.target loaded active active Local File Systems (Pre)
local-fs.target loaded active active Local File Systems
----------------------------------------------------------------------------------------------------
#2
systemctl list-unit-files | grep local
-----------------------------------------------------
dbus-org.freedesktop.locale1.service static
halt-local.service static
rc-local.service static
systemd-localed.service static
local-fs-pre.target static
local-fs.target static
-----------------------------------------------------
#3
systemctl show rc-local.service
#4
ll /etc/rc.d/rc.local
chmod a+x /etc/rc.d/rc.local
#5
systemctl list-units --all | grep local
----------------------------------------------------------------------------------------------------------
rc-local.service loaded active exited /etc/rc.d/rc.local Compatibility
local-fs-pre.target loaded active active Local File Systems (Pre)
local-fs.target loaded active active Local File Systems
----------------------------------------------------------------------------------------------------------
13.2.2:核心與核心模組
例題:
- 在核心模組的目錄下,使用 find 找出系統有沒有 fat 關鍵字的模組?
- 是否已經有載入 fat 相關的模組了?若無,請載入該模組,再次檢查是否載入成功。
- 再次檢查有無 cifs 模組,若無,請載入,並查詢該模組的功能為何?
- 卸載 cifs 模組。
- 在核心模組的目錄下,有沒有 ntfs 的關鍵字?
- 在 yum 的使用上,啟用 epel 軟體庫,搜尋 ntfs 這個關鍵字軟體
- 嘗試安裝上述找到的軟體名稱
#1 #2 #3 #4 #5
ll -l /lib/modules
------------------------------------------------------------------
total 0
------------------------------------------------------------------
看來Docker Centos沒有核心模組
#6
yum --enablerepo epel search ntfs
#7
yum --enablerepo epel install ntfs-3g
例題:
- 請將 icmp_echo_ignore_all 改為預設的不要啟動 (0)
- 讓系統預設啟動 IP 轉遞 (IP forward) 的功能。
#1
vim /etc/sysctl.conf
-------------------加上或修改這一行-------------------------
net.ipv4.icmp_echo_ignore_all = 0
---------------------------------------------------------
#2
vim /etc/sysctl.conf
-------------------加上或修改這一行-------------------------
net.ipv4.ip_forward = 1
---------------------------------------------------------