LFCE: Shigar da Sabis na Yanar Gizo da Sanya Farawa ta atomatik a Boot - Part 1


An shirya Injiniya Takaddar Gidauniyar Linux (LFCE) don girka, daidaitawa, sarrafawa, da magance ayyukan cibiyar sadarwa a cikin tsarin Linux, kuma shine ke da alhakin ƙira da aiwatar da tsarin gine-gine.

Gabatar da Shirin Takaddar Gidauniyar Linux.

A cikin wannan jerin jigo na 12, mai taken Shiri don LFCE (Linux Foundation Certified Engineer), za mu rufe wuraren da ake buƙata da cancantar a cikin Ubuntu, CentOS, da buɗe SUSE:

Shigar da Ayyukan Sadarwa

Idan ya zo ga kafawa da amfani da kowane irin sabis na cibiyar sadarwa, yana da wuya a yi tunanin yanayin da Linux ba zai iya zama wani ɓangare na ba. A cikin wannan labarin za mu nuna yadda ake shigar da sabis na cibiyar sadarwa masu zuwa a cikin Linux (kowane tsarin za a rufe shi a cikin labarai daban-daban masu zuwa):

  1. NFS (Tsarin Fayil na Yanar Gizo) Sabar
  2. Sabar Yanar Gizo ta Apache
  3. Squid Proxy Server + SquidGuard
  4. Sabar Imel (Postfix + Dovecot), da
  5. Iptables

Bugu da ƙari, za mu so mu tabbatar da cewa duk waɗannan ayyukan an fara su ta atomatik akan taya ko kan buƙata.

Dole ne mu lura cewa ko da lokacin da za ku iya gudanar da duk waɗannan ayyukan cibiyar sadarwa a cikin na'ura ta jiki ɗaya ko uwar garken masu zaman kansu, ɗaya daga cikin abubuwan farko da ake kira \dokokin na tsaro na cibiyar sadarwa yana gaya wa masu gudanar da tsarin su guji. Yin haka gwargwadon iyawa, menene hukuncin da ya goyi bayan wannan magana?Abin da yake da sauƙi: idan saboda wasu dalilai an lalata sabis ɗin cibiyar sadarwa a cikin injin da ke aiki fiye da ɗaya daga cikinsu, zai iya zama da sauƙi mai sauƙi ga maharin ya sasanta. sauran kuma.

Yanzu, idan da gaske kuna buƙatar shigar da sabis na cibiyar sadarwa da yawa akan na'ura ɗaya (a cikin dakin gwaji, alal misali), tabbatar da kunna waɗanda kuke buƙata kawai a wani ɗan lokaci, kuma a kashe su daga baya.

Kafin mu fara, muna buƙatar fayyace cewa labarin na yanzu (tare da sauran a cikin jerin LFCS da LFCE) an mayar da hankali ne akan hangen nesa na tushen aiki, don haka ba zai iya ba. bincika kowane daki-daki na ka'idar game da batutuwan da aka rufe. Za mu, duk da haka, gabatar da kowane batu tare da mahimman bayanai a matsayin mafari.

Domin amfani da sabis na cibiyar sadarwa masu zuwa, kuna buƙatar kashe Tacewar zaɓi na ɗan lokaci har sai mun koyi yadda ake ba da izinin zirga-zirga daidai ta hanyar Tacewar zaɓi.

Lura cewa ba a ba da shawarar wannan don saitin samarwa ba, amma za mu yi haka don dalilai na koyo kawai.

A cikin tsoho shigarwa na Ubuntu, tacewar zaɓi bai kamata ya kasance mai aiki ba. A cikin openSUSE da CentOS, kuna buƙatar kashe shi a sarari:

# systemctl stop firewalld
# systemctl disable firewalld 
or
# or systemctl mask firewalld

Abin da ake faɗi, bari mu fara!

NFS a kanta ita ce ka'idar hanyar sadarwa, wacce sabuwar sigarta ita ce NFSv4. Wannan shi ne sigar da za mu yi amfani da ita a cikin wannan jerin.

Sabar NFS shine maganin gargajiya wanda ke ba abokan ciniki Linux masu nisa damar hawa hannun jari a kan hanyar sadarwa kuma suyi hulɗa tare da waɗancan tsarin fayil kamar an ɗora su a cikin gida, suna ba da damar daidaita albarkatun ajiya don hanyar sadarwa.

# yum update && yum install nfs-utils
# aptitude update && aptitude install nfs-kernel-server
# zypper refresh && zypper install nfsserver

Don ƙarin cikakkun bayanai game da umarnin, karanta labarinmu wanda ke ba da bayanin yadda ake saita uwar garken NFS da Abokin ciniki akan tsarin Linux.

Sabar gidan yanar gizo na Apache yana da ƙarfi kuma abin dogaro FOSS aiwatar da sabar HTTP. Ya zuwa ƙarshen Oktoba 2014, Apache yana iko da shafuka miliyan 385, yana ba shi rabon 37.45% na kasuwa. Kuna iya amfani da Apache don yin hidimar gidan yanar gizo mai zaman kansa ko runduna kama-da-wane da yawa a cikin na'ura ɗaya.

# yum update && yum install httpd		[On CentOS]
# aptitude update && aptitude install apache2 		[On Ubuntu]
# zypper refresh && zypper install apache2		[On openSUSE]

Don ƙarin cikakkun bayanai na umarni, karanta labaran mu masu zuwa waɗanda ke nuna yadda ake ƙirƙirar runduna ta asali ta IP & tushen suna Apache da yadda ake amintar sabar gidan yanar gizo na Apache.

  1. Apache IP Based and Name Based Virtual Hosting
  2. Tauraruwar Sabar Yanar Gizo ta Apache da Tukwici na Tsaro

Squid uwar garken wakili ne da daemon cache na gidan yanar gizo kuma, don haka, yana aiki a matsayin tsaka-tsaki tsakanin kwamfutocin abokin ciniki da yawa da Intanet (ko na'ura mai ba da hanya tsakanin hanyoyin sadarwa da ke da alaƙa da Intanet), yayin da yake hanzarta buƙatu akai-akai ta hanyar adana abubuwan cikin gidan yanar gizo. da ƙudurin DNS a lokaci guda. Hakanan za'a iya amfani da shi don hana (ko ba da) damar zuwa wasu URLs ta ɓangaren hanyar sadarwa ko bisa ga kalmomin da aka haramta, da kuma adana fayil ɗin log na duk haɗin da aka yi zuwa duniyar waje akan kowane mai amfani.

Squidguard shine mai ba da umarni wanda ke aiwatar da jerin baƙar fata don haɓaka squid, kuma yana haɗawa da shi ba tare da matsala ba.

# yum update && yum install squid squidGuard			[On CentOS] 
# aptitude update && aptitude install squid3 squidguard		[On Ubuntu]
# zypper refresh && zypper install squid squidGuard 		[On openSUSE]

Postfix Wakilin Sufuri ne na Wasiku (MTA). Ita ce aikace-aikacen da ke da alhakin sarrafa da isar da saƙon imel daga tushe zuwa sabar saƙon da aka nufa, yayin da dovecot IMAP ce da uwar garken imel ɗin POP3 da ake amfani da shi sosai wanda ke ɗauko saƙonni daga MTA kuma yana isar da su zuwa akwatin saƙon mai amfani daidai.

Ana kuma samun plugins na Dovecot don tsarin sarrafa bayanai da yawa.

# yum update && yum install postfix dovecot 				[On CentOS] 
# aptitude update && aptitude postfix dovecot-imapd dovecot-pop3d 	[On Ubuntu]
# zypper refresh && zypper postfix dovecot				[On openSUSE]	

A cikin 'yan kalmomi, firewall wata hanya ce ta hanyar sadarwa da ake amfani da ita don sarrafa shiga ko daga hanyar sadarwa mai zaman kanta, da kuma karkatar da zirga-zirga masu shigowa da fita bisa wasu dokoki.

Iptables kayan aiki ne da aka shigar ta tsohuwa a cikin Linux kuma yana aiki azaman gaba ga tsarin netfilter kernel, wanda shine babban alhakin aiwatar da tacewar wuta don aiwatar da fakitin tacewa/juyawa da ayyukan fassarar adireshin cibiyar sadarwa.

Tun da an shigar da iptables a cikin Linux ta tsohuwa, kawai dole ne ku tabbatar da gaske yana gudana. Don yin wannan, ya kamata mu bincika cewa an ɗora nauyin iptables:

# lsmod | grep ip_tables

Idan umarnin da ke sama bai dawo da komai ba, yana nufin tsarin ip_tables ba a loda shi ba. A wannan yanayin, gudanar da umarni mai zuwa don loda tsarin.

# modprobe -a ip_tables

Karanta Hakanan: Babban Jagora ga Linux Iptables Firewall

Saita Sabis na Farawa ta atomatik akan Boot

Kamar yadda aka tattauna a cikin Gudanar da Tsarin Farawa da Sabis - Sashe na 7 na jerin jigo na 10 game da takaddun shaida LFCS, akwai tsarin da manajojin sabis da yawa da ake samu a cikin Linux. Duk abin da kuka zaɓa, kuna buƙatar sanin yadda ake farawa, tsayawa, da sake kunna ayyukan cibiyar sadarwa akan buƙata, da yadda za ku ba su damar farawa ta atomatik akan taya.

Kuna iya bincika menene tsarin ku da manajan sabis ta hanyar gudanar da umarni mai zuwa:

# ps --pid 1

Dangane da fitarwa na umarnin da ke sama, zaku yi amfani da ɗayan umarni masu zuwa don saita ko kowane sabis zai fara ta atomatik akan taya ko a'a:

----------- Enable Service to Start at Boot -----------
# systemctl enable [service]
----------- Prevent Service from Starting at Boot -----------
# systemctl disable [service] # prevent [service] from starting at boot
----------- Start Service at Boot in Runlevels A and B -----------
# chkconfig --level AB [service] on 
-----------  Don’t Start Service at boot in Runlevels C and D -----------
# chkconfig --level CD service off 

Tabbatar cewa rubutun /etc/init/[service].conf ya wanzu kuma ya ƙunshi ƙaramin tsari, kamar:

# When to start the service
start on runlevel [2345]
# When to stop the service
stop on runlevel [016]
# Automatically restart process in case of crash
respawn
# Specify the process/command (add arguments if needed) to run
exec /absolute/path/to/network/service/binary arg1 arg2

Hakanan kuna iya bincika Sashe na 7 na jerin LFCS (wanda muka ambata a farkon wannan sashe) don wasu umarni masu amfani don sarrafa ayyukan cibiyar sadarwa akan buƙata.

Takaitawa

A yanzu ya kamata ka shigar da duk ayyukan cibiyar sadarwa da aka kwatanta a cikin wannan labarin, kuma maiyuwa suna aiki tare da tsayayyen tsari. A cikin kasidu na gaba za mu bincika yadda ake daidaita su daidai da bukatunmu, don haka ku tabbata kun kasance cikin saurara! Kuma da fatan za a ji daɗin raba ra'ayoyinku (ko aika tambayoyin, idan kuna da wata) akan wannan labarin ta amfani da fom ɗin da ke ƙasa.

  1. Game da LFCE
  2. Me yasa ake samun Takaddun Shaida ta Gidauniyar Linux?
  3. Yi rijista don jarrabawar LFCE