部署dhcp服务器
主机发送Discover报文
目标为广播地址
同一网段的dhcp收到报文后,dhcp响应一个offer报文
offer报文:dhcp自己的ip地址。和客户端ip以及使用周期,和客户端ip网络参数
最后主机单独发一个request报文 给那个选择的dhcp服务器 (解决多个dhcp在同一网段都提供offer的问题,主要是先到先得)
dhcp最后发送一个ack确认报文给主机
dhcp和主机不在同一网段得配置dhcp中继
客户端无法指定我可以单独使用哪个dhcp
实践
1>安装包
[root@servera ~]# yum install -y dhcp-server
2> 准本配置文件
[root@servera ~]# cp /usr/share/doc/dhcp-server/dhcpd.conf.example /etc/dhcp/dhcpd.conf
cp: overwrite '/etc/dhcp/dhcpd.conf'? y 这个模板十分好用
[root@servera ~]#
default-lease-time 600;
max-lease-time 7200;
log-facility local7;配置了日志设备,那么你就需要在rsyslog中,定义发送到这个local7的日志要转存在哪个日志文件内
vim /etc/dhcp/dhcpd.conf
authoritative;
log-facility local7;
subnet 192.168.0.0 netmask 255.255.255.0 { 定义子网
range 192.168.0.200 192.168.0.254; 分配IP地址的范围
default-lease-time 600; 定义默认租期
max-lease-time 7200;
#option routers 192.168.0.1; 定义网关的
option domain-search "example.com"; 定义域名
option domain-name-servers 172.25.254.254; DNS服务器
option broadcast-address 192.168.0.255; 广播地址 #可以忽略
# option next-server 指定tftp服务器的IP PXE
# filename ""引导文件在哪里 PXE
}
dhcpd -t #这个命令可以验证配置文件
3> 启动DHCP服务器
[root@servera ~]# systemctl enable --now dhcpd
[root@servera ~]# firewall-cmd --permanent --add-service=dhcp
success
[root@servera ~]# firewall-cmd --reload
success
4> 客户端怎么操作
[root@serverb ~]# nmcli connection add type ethernet con-name eth1 ifname eth1 ipv4.method auto 就只需要把地址的方式改成auto
Connection 'eth1' (d008c5e7-6868-448a-8a16-133502072777) successfully added.
[root@serverb ~]# nmcli connection up eth1
5> 固定IP地址。给一个MAC地址,分配一个特定的地址
host serverc {
hardware ethernet 52:54:00:01:fa:0c; MAC
fixed-address 192.168.0.150; 固定的IP地址
}
[root@serverc ~]# nmcli connection add type ethernet con-name eth1 ifname eth1 ipv4.method auto
Connection 'eth1' (4dc7753b-fe97-4bc8-97f3-316b373c29c1) successfully added.
[root@serverc ~]# nmcli connection up eth1
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/40)
[root@serverc ~]#
[root@servera dhcp-server]# systemctl status dhcpd
● dhcpd.service - DHCPv4 Server Daemon
Loaded: loaded (/usr/lib/systemd/system/dhcpd.service; enabled; vendor preset: disabled)
Active: active (running) since Mon 2022-09-05 18:40:00 CST; 3min 54s ago
Docs: man:dhcpd(8)
man:dhcpd.conf(5)
Main PID: 24264 (dhcpd)
Status: "Dispatching packets..."
Tasks: 1 (limit: 11250)
Memory: 4.9M
CGroup: /system.slice/dhcpd.service
└─24264 /usr/sbin/dhcpd -f -cf /etc/dhcp/dhcpd.conf -user dhcpd -group dhcpd --no-pid
Sep 05 18:40:06 servera.lab.example.com dhcpd[24264]: DHCPOFFER on 192.168.0.201 to 52:54:00:02:fa:0c (serverc) via eth1
Sep 05 18:40:06 servera.lab.example.com dhcpd[24264]: DHCPREQUEST for 192.168.0.201 (192.168.0.10) from 52:54:00:02:fa:0c (serverc) via eth1
Sep 05 18:40:06 servera.lab.example.com dhcpd[24264]: DHCPACK on 192.168.0.201 to 52:54:00:02:fa:0c (serverc) via eth1
Sep 05 18:40:06 servera.lab.example.com dhcpd[24264]: DHCPOFFER on 192.168.0.202 to 52:54:00:02:fa:0d (serverd) via eth1
Sep 05 18:40:06 servera.lab.example.com dhcpd[24264]: DHCPREQUEST for 192.168.0.202 (192.168.0.10) from 52:54:00:02:fa:0d (serverd) via eth1
Sep 05 18:40:06 servera.lab.example.com dhcpd[24264]: DHCPACK on 192.168.0.202 to 52:54:00:02:fa:0d (serverd) via eth1
Sep 05 18:42:37 servera.lab.example.com dhcpd[24264]: DHCPDISCOVER from 52:54:00:01:fa:0b via eth1
Sep 05 18:42:38 servera.lab.example.com dhcpd[24264]: DHCPOFFER on 192.168.0.203 to 52:54:00:01:fa:0b (serverb) via eth1
Sep 05 18:42:38 servera.lab.example.com dhcpd[24264]: DHCPREQUEST for 192.168.0.203 (192.168.0.10) from 52:54:00:01:fa:0b (serverb) via eth1
Sep 05 18:42:38 servera.lab.example.com dhcpd[24264]: DHCPACK on 192.168.0.203 to 52:54:00:01:fa:0b (serverb) via eth1
从dhcpd[24264]可以看到 dhcp的工作过程,与理论一致
dhcp6
ipv6得结合网络设备来分配网关
ipv6得与网络设备结合得到完整的功能,所以会很麻烦
无线状态地址自动配置slaac 方法依赖于路由器为客户端提系统提供网络配置
radvump查看公告信息
也可以通过linux模拟路由器 以提供slaac功能
slaac可也提供网关 ipv6前缀 dns服务器 dns搜索列表功能
实践
[root@workstation ~]# lab dhcp-automation start
[root@serverd ~]# systemctl status radvd.service
● radvd.service - Router advertisement daemon for IPv6
Loaded: loaded (/usr/lib/systemd/system/radvd.service; enabled; vendor preset: disabled)
Active: active (running) since Mon 2022-09-05 19:27:45 CST; 56s ago
Process: 8169 ExecStart=/usr/sbin/radvd $OPTIONS (code=exited, status=0/SUCCESS)
Main PID: 8171 (radvd)
Tasks: 2 (limit: 11250)
Memory: 864.0K
CGroup: /system.slice/radvd.service
├─8171 /usr/sbin/radvd -u radvd
└─8172 /usr/sbin/radvd -u radvd
Sep 05 19:27:45 serverd.lab.example.com systemd[1]: Starting Router advertisement daemon for IPv6...
Sep 05 19:27:45 serverd.lab.example.com radvd[8169]: version 2.17 started
Sep 05 19:27:45 serverd.lab.example.com systemd[1]: Started Router advertisement daemon for IPv6.
[root@serverd ~]#
配置ipv6
1>serverd 模拟路由器配置SLAAC功能。需要这个东西提供网关
[root@serverd ~]# cat /etc/radvd.conf
interface eth1
{
AdvSendAdvert on;
AdvManagedFlag on;
AdvOtherConfigFlag on;
MaxRtrAdvInterval 60;
};
2> radvd 软件包提供了一个工具radvdump 用来获取路由公告信息(路由器来提供的,)
# based on Router Advertisement from fe80::5a83:c374:2215:148f IPV6的网关
# received by interface eth1
#
interface eth1
{
AdvSendAdvert on;
# Note: {Min,Max}RtrAdvInterval cannot be obtained with radvdump
AdvManagedFlag on; 通过DHCP6来获取IP地址
AdvOtherConfigFlag on; IPv6 路由器指⽰客⼾端查询 DHCPv6 服务器,
AdvReachableTime 0;
AdvRetransTimer 0;
AdvCurHopLimit 64;
AdvDefaultLifetime 180;
AdvHomeAgentFlag off;
AdvDefaultPreference medium;
AdvSourceLLAddress on;
}; # End of interface definition
2>DHCPV6功能: 比如网络信息,IP,DNS等都是有他来提供的
3> 部署安装包
[root@servera ~]# yum install -y dhcp-server
4> 修改配置文件
[root@servera ~]# cp /usr/share/doc/dhcp-server/dhcpd6.conf.example /etc/dhcp/dhcpd6.conf
cp: overwrite '/etc/dhcp/dhcpd6.conf'? y
[root@servera ~]#cat /etc/dhcp/dhcpd6.conf 唯一的不同时不能设置网关
authoritative;
subnet6 fde2:6494:1e09:2::/64 {
range6 fde2:6494:1e09:2::20 fde2:6494:1e09:2::60;
option dhcp6.name-servers fde2:6494:1e09:2::d;
option dhcp6.domain-search "backend.lab.example.com";
default-lease-time 600; max-lease-time 7200;
}
[root@servera ~]# nmcli connection add type ethernet con-name eth1 ifname eth1 ipv6.addresses fde2:6494:1e09:2::a/64 ipv6.method manual
Connection 'eth1' (eb7dc998-d861-435c-8abd-2b7f061f8957) successfully added.
[root@servera ~]# nmcli connection up eth1
[root@servera ~]# systemctl enable --now dhcpd6.service
Created symlink /etc/systemd/system/multi-user.target.wants/dhcpd6.service → /usr/lib/systemd/system/dhcpd6.service.
[root@servera ~]# firewall-cmd --add-service=dhcpv6 --permanent
success
[root@servera ~]# firewall-cmd --reload
success
[root@servera ~]#
[root@serverc ~]# nmcli connection add type ethernet ifname eth1 con-name eth1 ipv6.method auto
Connection 'eth1' (95356996-edb3-4750-8170-e341cb604c57) successfully added.
[root@serverc ~]# nmcli connection up eth1
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/3)
[root@serverc ~]#
5> 默认网关
[root@serverc ~]# ip -6 route
::1 dev lo proto kernel metric 256 pref medium
fde2:6494:1e09:2::60 dev eth1 proto kernel metric 100 pref medium
fe80::/64 dev eth1 proto kernel metric 100 pref medium
fe80::/64 dev eth0 proto kernel metric 106 pref medium
default via fe80::5a83:c374:2215:148f dev eth1 proto ra metric 100 pref medium
这个网关来自于发布公告的本地链路服务器,可也发现与默认网关一样
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 52:54:00:01:fa:0d brd ff:ff:ff:ff:ff:ff
inet 192.168.0.220/24 brd 192.168.0.255 scope global dynamic noprefixroute eth1
valid_lft 101sec preferred_lft 101sec
inet6 fde2:6494:1e09:2::d/64 scope global noprefixroute
valid_lft forever preferred_lft forever
inet6 fe80::5a83:c374:2215:148f/64 scope link noprefixroute
不使用fe80
开启转发
[root@serverd ~]# sysctl -a | grep forward | grep ipv6
net.ipv6.conf.all.forwarding = 1
改变ipv6地址
fe80::5a83:c374:2215:148f/64
ansible 自动化
流程
一:安装包
二:配置文件,notify: jinjia2 纯粹的文件
三: 如果有数据,传数据: web服务:
四: 服务和防火墙
五: handlers : 通过handlers来触发重新启动服务
[student@workstation ~]$ lab dhcp-automation start
获取配置文件与清单文件
- name: Deployment DHCP
hosts: all
become: true
vars:
network_connections:
- name: eth1
state: up
type: ethernet
mac: 52:54:00:01:fa:0a
ip:
address:
- 192.168.0.10/24
- fde2:6494:1e09:2::a/64
tasks:
- name: config ip address on dhcpservers
include_role:
name: rhel-system-roles.network
when: inventory_hostname == "servera.lab.example.com"
- name: install dhcpd package
yum:
name: dhcp-server
state: present
when: inventory_hostname == "servera.lab.example.com"
- name: prepate dhcp config file
copy:
src: files/dhcpd.conf
dest: /etc/dhcp/dhcpd.conf
notify: restart dhcp4
when: inventory_hostname == "servera.lab.example.com"
- name: prepate dhcp6 config file
copy:
src: files/dhcpd6.conf
dest: /etc/dhcp/dhcpd6.conf
notify: restart dhcp6
when: inventory_hostname == "servera.lab.example.com"
- name: start dhcpd service
service:
name: "{{ item }}"
state: started
enabled: yes
loop:
- dhcpd
- dhcpd6
when: inventory_hostname == "servera.lab.example.com"
- name: config firewarrd
firewalld:
service: "{{ item }}"
state: enabled
immediate: yes
permanent: yes
loop:
- dhcp
- dhcpv6
when: inventory_hostname == "servera.lab.example.com"
handlers:
- name: restart dhcp
service:
name: dhcpd
state: started
when: inventory_hostname == "servera.lab.example.com"
- name: restart dhcp6
service:
name: dhcpd6
state: started
when: inventory_hostname == "servera.lab.example.com"
clients:
[student@workstation dhcp-automation]$ cat client.yml
---
- name: Deployment DHCP
hosts: clients
become: true
vars:
network_connections:
- name: eth1
state: up
type: ethernet
interface_name: eth1
ip:
dhcp4: yes
auto6: yes
tasks:
- name: config ip address on dhcpservers
include_role:
name: rhel-system-roles.network
打印机
5.1.1 描述 CUPS 打印架构
打印机由 CUPS 在红帽企业 Linux 中进⾏管理,这是⼀种开源的模块化软件套件,最初由 Easy Software
Products 开发,⽬前由 Apple 领导。
CUPS 可以使⽤多个协议与打印机和打印服务器通信。在⼤多数情况下, Internet 打印协议 (IPP)是使⽤
CUPS 与打印机通信的⾸选机制。此协议是对 HTTP/1.1 的修改,它受到⼤多数现代⽹络和 USB 打印机
的本地⽀持,通常使⽤ TCP 端⼝ 631。CUPS 可以⽀持直接连接的打印机(例如,使⽤ 并⾏、串⾏或 USB
通信),并且可以使⽤ LPD 等较旧的⽹络协议。
CUPS 提供了⼀组命令⾏⼯具和⼀个 web 界⾯,⽤于管理 CUPS 和提交打印作业。它还提供了⼀个守
护进程 (cupsd),⽤于管理每个已配置打印机的作业队列。打印机的每个队列都与 PostScript 打 印机描
述 (PPD) ⽂件关联,该⽂件描述了打印机功能以及 CUPS 应如何为作业做好在该打印机上打印的准备。
1> 在使用打印机之前,首先要发现并设置打印机
[root@workstation ~]# lab printing-automation start
模拟打印机
[root@servera ~]# yum install -y avahi cups-ipptool
[root@servera ~]# firewall-cmd --permanent --add-service=mdns
success
[root@servera ~]# firewall-cmd --reload
[root@servera ~]# ippfind -T 30 发现打印机
ipp://serverc.local:631/printers/rht-printer
serverc.local:发现打印机的时候,这个名称client是访问不到的
[root@serverc ~]# dig @224.0.0.251 -p 5353 serverc.local#没办法跑到打印机上执行这个命令。
找到地址:172.25.250.12
在client反解:[root@servera ~]# dig -x 172.25.250.12
ipp://serverc.local:631/printers/rht-printer替换
ipp://serverc.lab.example.com:631/printers/rht-printer
2> 设置打印队列
[root@servera ~]# yum install -y cups
Last metadata expiration check: 0:50:17 ago on Sun 04 Sep 2022 06:39:46 PM CST.
Package cups-1:2.2.6-28.el8.x86_64 is already installed.
Dependencies resolved.
Nothing to do.
Complete!
[root@servera ~]# systemctl enable --now cups
[root@servera ~]# lpadmin -p kevin -v ipp://serverc.lab.example.com:631/printers/rht-printer -m everywhere -E
-p: 队列的名字
-v: 打印机的URI
-m: 使用everywhere 这个模块
-E: 可立即启动打印机
[root@servera ~]# lpstat -v查看
device for kevin: ipp://serverc.lab.example.com:631/printers/rht-printer
[root@servera ~]#
-x 删除
[root@servera ~]# lpadmin -d kevin -d 设置默认的队列
3> 管理作业
[root@servera ~]# lp /root/anaconda-ks.cfg 默认的队列打印文件
[root@servera ~]# lp -d kevin /etc/fstab 通过-d指定打印队列
request id is kevin-8 (1 file(s))
[root@servera ~]# cancel kevin-8
4>队列管理
[root@servera ~]# cupsdisable -r "No paper" kevin 暂停,你把作业放到已经暂停打印队列中,他是不会打印的
[root@servera ~]# cupsenable kevin
[root@servera ~]# cupsreject -r "No Papare" kevin
[root@servera ~]# lp /etc/fstab
lp: Destination "kevin" is not accepting jobs.
[root@servera ~]#
[root@servera ~]# cupsaccept kevin
ansible来管理打印机:问题在于:所有的操作都需要用到command模块来完成:
1> 通过ansible来实现的话打印机的URI是事先知道的。
[student@workstation printing-auto]$ cat playbook.yml
---
- name: config prineter
hosts: clients
become: true
tasks:
- name: install
yum:
name:
- cups-ipptool
- cups
- avahi
state: present
- name: start service
service:
name: "{{ item }}"
state: started
enabled: yes
loop:
- cups
- avahi-daemon
- name: firewrmd
firewalld:
service: mdns
permanent: yes
state: enabled
immediate: yes
- name: find printer URi
command: ippfind -T 3
register: p_uri
- name: set que
command: lpadmin -p "kevin-{{ index }}" -v "{{ item }}" -m everywhere -E
loop: "{{ p_uri['stdout_lines'] | replace('.local','') }}"
loop_control:
index_var: index
- name: check default que is exit
command: lpstat -d
register: p_default
- name: set default que
command: lpadmin -d kevin-0
when: "'kevin-0' not in p_default['stdout']"
[student@workstation printing-auto]$ cat printer-accept.yml
---
- name: Configure a print queue to accept jobs
hosts: clients
gather_facts: no
become: yes
tasks:
- name: Confirm the print queue exists
command: lpstat -p kevin-0
register: cmdout
ignore_errors: true
changed_when: false
- name: Tune the print queue to accept jobs
command: cupsenable kevin-0
when: cmdout.rc == 0
了解一下Linux的管理打印机
你买打印机肯定,会有说明书的(笑)