前言

由于之前一直使用有道云作为笔记软件,所以当时都是保存在那里的,图片资源显示不了,在此放出有道云的链接,大家可以去有道云看

JCOS部分

创建两台虚拟交换机

*注 以下所有XX我都用 10 来代替
  • 虚拟交换机子网用途:
    • 虚拟机交换机D-Net:对外数据通信网络
    • 虚拟机交换机S-Net:数据存储通信网络
  • 为数据通信网络D-Net创建虚拟交换机,具体要求如下:
    • 虚拟交换机名称:D-Net
    • 子网名称:D-SubNet
    • 网络地址:172.16.1XX.0/24(XX现场提供)
    • 启用DHCP功能
    • 分配地址池范围:172.16.1XX.10-172.16.1XX.100(XX现场提供)
  • 为存储网络S-Net创建虚拟交换机,具体要求如下:
    • 虚拟交换机名称:S-Net
    • 子网名称:S-SubNet
    • 网络地址:192.168.1XX.0/24(XX现场提供)
    • 勾选禁用网关功能
    • 启用DHCP功能
    • 分配地址池范围:192.168.1XX.10-192.168.1XX.100(XX现场提供)
  • 步骤
  1. 创建交换机D-Net

image

  1. 新建子网S-Subnet
    image

  2. 启用DHCP,并添加地址池,用英文逗号隔开
    image

  3. 创建交换机S-Net
    image

  4. 新建子网D-Subnet,禁用网关打钩
    image

  5. 启用DHCP,并添加地址池
    image

  • 验证
    image
此项5分
交换机名称:D-Net、S-Net
绑定的子网:
D-SubNet:172.16.1XX.0/24
S-SubNet:192.168.1XX.0/24
各2.5分

image

此项3分
子网名称:D-SubNet、S-SubNet
D-SubNet有网关,S-SubNet没网关
各1.5分

创建一台虚拟路由器

  • 虚拟路由器名称:VGate
  • 虚拟路由器跟D-Net虚拟交换机子网关联
  • 步骤
  1. 创建虚拟路由器,并把子网关联起来
    image
  • 验证
    image
路由器名称:VGate
关联子网:172.16.1XX.0/24         
2分

创建2台云主机:

  • serverA的配置要求
    • 硬件资源:CPU 2核;内存 2G
    • 操作系统:CentOS7
    • 网卡数量:2
    • 网卡1与D-Net连接,IP为:172.16.1XX.22(XX现场提供)
    • 网卡2与S-Net连接,IP为:192.168.1XX.22(XX现场提供)
    • 随机申请并绑定一个公网IP地址
  • serverB的配置要求
    • 硬件资源:CPU 2核;内存 2G
    • 操作系统:CentOS7
    • 网卡数量:2
    • 网卡1与D-Net连接,IP为:172.16.1XX.33(XX现场提供)
    • 网卡2与S-Net连接,IP为:192.168.1XX.33(XX现场提供)
    • 随机申请并绑定一个公网IP地址
  • 步骤
  1. 创建serverA,serverB
    image
  • 验证
    • serverA验证
      image
云主机名称:serverA
IP:S-Net:192.168.1XX.22
D-Net:172.16.1XX.22
CPU :2核,内存:2048MB
错一扣2分

  • serverB验证
    image
云主机名称:serverB
IP:S-Net:192.168.1XX.33
D-Net:172.16.1XX.33
CPU:2核,内存:2048MB
错一扣2分

  • 绑定公网ip截图
    image
此处2分

应用部署

  • 在CentOS系统中,利用赛场提供的CentOS镜像文件(/root目录),配置本地yum源,
  • 完成samba、samba-client、httpd、mod_ssl、haproxy、bind、bind-utils、vsftpd、ftp软件包的安装;请将CentOS镜像文件挂载到/mnt/cdrom目录下(目录需要自行创建)。
  • 步骤
  1. 配置之前先在防火墙添加如下规则保证与外网的互通性,也就是本地pc
    image
  2. 配置本地yum源
[root@host-172-16-10-22 ~]# cd /etc/yum.repos.d/
[root@host-172-16-10-22 yum.repos.d]# mkdir bak
[root@host-172-16-10-22 yum.repos.d]# mv * bak/
mv: 无法将目录"bak" 移动至自身的子目录"bak/bak" 下
[root@host-172-16-10-22 yum.repos.d]# cp bak/CentOS-Media.repo .
[root@host-172-16-10-22 yum.repos.d]# vim CentOS-Media.repo 

[c7-media]
name=CentOS-$releasever - Media
baseurl=file:///mnt/cdrom/   //这里是路径
#        file:///media/cdrom/
#        file:///media/cdrecorder/
gpgcheck=1
enabled=1   //这里改成1,1表示启用
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7

~                                                                               
"CentOS-Media.repo" 22L, 629C 已写入                          
[root@host-172-16-10-22 ~]# mkdir /mnt/cdrom
[root@host-172-16-10-22 ~]# mount /root/CentOS-7-x86_64-DVD-1511.iso /mnt/cdrom/
mount: /dev/loop0 写保护,将以只读方式挂载
  1. 安装所需软件
[root@host-172-16-10-22 ~]# yum install -y samba samba-client httpd mod_ssl haproxy bind bind-utils vsftpd ftp
  • 验证
  1. serverA 使用mount | grep mnt命令查看iso文件挂载状况
1分

[root@host-172-16-10-22 ~]# mount | grep mnt
/root/CentOS-7-x86_64-DVD-1511.iso on /mnt/cdrom type iso9660 (ro,relatime)

ServerA 的配置

云硬盘的配置要求

  • 需求
    • 新建一个20GB的云硬盘,云硬盘名称为A-20,挂载到serverA;
    • 创建lvm物理卷;
    • 创建一个名为datastore的卷组,卷组的PE尺寸为16MB;
    • 逻辑卷的名称为database所属卷组为datastore,该逻辑卷大小为8GB;
    • 将新建的逻辑卷database格式化为XFS文件系统,编辑配置文件实现以UUID的形式将逻辑卷开机自动挂载至/data/web_data目录;
    • 业务扩增,导致database逻辑卷空间不足,现需将database逻辑卷扩容至15GB空间大小,以满足业务需求。(注意扩容前后截图)
  • 解决
  1. 在JCOS添加一块20G的云硬盘
    image
  2. 使用fdisk -l 命令查看是否识别到此硬盘
[root@host-172-16-10-22 ~]# fdisk -l   //这里我只保留了核心信息,也就是磁盘vdb的信息

磁盘 /dev/vdb:21.5 GB, 21474836480 字节,41943040 个扇区
Units = 扇区 of 1 * 512 = 512 bytes
扇区大小(逻辑/物理):512 字节 / 512 字节
I/O 大小(最小/最佳):512 字节 / 512 字节

  1. 创建物理卷PV(Physical Vomule)
[root@host-172-16-10-22 ~]# pvcreate /dev/vdb
  Physical volume "/dev/vdb" successfully created
  1. 将物理卷创建为VG卷组(Vomule Group)
[root@host-172-16-10-22 ~]# vgcreate datastore -s 16M /dev/vdb
  Volume group "datastore" successfully created
  1. 将一个卷组VG划分为多个逻辑卷LV(Logical Vomule)
[root@host-172-16-10-22 ~]# lvcreate -L 8G -n database datastore
  Logical volume "database" created.
  1. 将新建的database格式化为xfs系统
[root@host-172-16-10-22 ~]# mkfs -t xfs /dev/mapper/datastore-database 
meta-data=/dev/mapper/datastore-database isize=256    agcount=4, agsize=524288 blks
         =                       sectsz=512   attr=2, projid32bit=1
         =                       crc=0        finobt=0
data     =                       bsize=4096   blocks=2097152, imaxpct=25
         =                       sunit=0      swidth=0 blks
naming   =version 2              bsize=4096   ascii-ci=0 ftype=0
log      =internal log           bsize=4096   blocks=2560, version=2
         =                       sectsz=512   sunit=0 blks, lazy-count=1
realtime =none                   extsz=4096   blocks=0, rtextents=0
[root@host-172-16-10-22 ~]# 
  1. 编辑配置文件实现以UUID的形式将逻辑卷开机自动挂载至/data/web_data目录
[root@host-172-16-10-22 ~]# blkid /dev/mapper/datastore-database 
/dev/mapper/datastore-database: UUID="684a8e37-3b22-4f14-97b9-d744516f6b46" TYPE="xfs" 
[root@host-172-16-10-22 ~]# vim /etc/fstab

#
# /etc/fstab
# Created by anaconda on Thu Sep 22 17:50:17 2016
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
/dev/mapper/centos-root /                       xfs     defaults        0 0
UUID=41f7a291-c7de-4694-a5ee-1e6313ff9f44 /boot                   xfs     defaul
ts        0 0
/dev/mapper/centos-swap swap                    swap    defaults        0 0
UUID=684a8e37-3b22-4f14-97b9-d744516f6b46 /data/web_data xfs defaults 0 0
                                                                           
"/etc/fstab" 12L, 539C 已写入                                 
[root@host-172-16-10-22 ~]# 
[root@host-172-16-10-22 ~]# mkdir -p /data/web_data   //创建挂载目录
[root@host-172-16-10-22 ~]# mount -a   //自动挂载,也用于检测配置文件是否出错
  1. 扩容至15G
[root@host-172-16-10-22 ~]# lvextend -L 15G /dev/mapper/datastore-database 
  Size of logical volume datastore/database changed from 8.00 GiB (512 extents) to 15.00 GiB (960 extents).
  Logical volume database successfully resized.
[root@host-172-16-10-22 ~]# xfs_growfs /dev/mapper/datastore-database    //更新大小
meta-data=/dev/mapper/datastore-database isize=256    agcount=4, agsize=524288 blks
         =                       sectsz=512   attr=2, projid32bit=1
         =                       crc=0        finobt=0
data     =                       bsize=4096   blocks=2097152, imaxpct=25
         =                       sunit=0      swidth=0 blks
naming   =version 2              bsize=4096   ascii-ci=0 ftype=0
log      =internal               bsize=4096   blocks=2560, version=2
         =                       sectsz=512   sunit=0 blks, lazy-count=1
realtime =none                   extsz=4096   blocks=0, rtextents=0
data blocks changed from 2097152 to 3932160
[root@host-172-16-10-22 ~]# 
  • 验证
  1. serverA (扩容前)使用vgdisplay datastore和lvdisplay /dev/mapper/datastore-database查看lvm信息
[root@localhost ~]# vgdisplay datastore
  --- Volume group ---
  VG Name               datastore   //1分
  System ID             
  Format                lvm2
  Metadata Areas        1
  Metadata Sequence No  2
  VG Access             read/write
  VG Status             resizable
  MAX LV                0
  Cur LV                1
  Open LV               1
  Max PV                0
  Cur PV                1
  Act PV                1
  VG Size               19.98 GiB   //1分
  PE Size               16.00 MiB   //1分
  Total PE              1279
  Alloc PE / Size       512 / 8.00 GiB
  Free  PE / Size       767 / 11.98 GiB
  VG UUID               HXIusW-XPun-8yMI-mZW7-f8sA-c2IR-cKNgc6
[root@localhost ~]# lvdisplay /dev/mapper/datastore-database
  --- Logical volume ---
  LV Path                /dev/datastore/database
  LV Name                database   //1分
  VG Name                datastore
  LV UUID                q3pglz-CTwP-477U-YGh0-O1u3-vVUI-YETqDl
  LV Write Access        read/write
  LV Creation host, time localhost.localdomain, 2019-03-07 02:00:58 +0800
  LV Status              available
  # open                 1
  LV Size                8.00 GiB   //1分
  Current LE             512
  Segments               1
  Allocation             inherit
  Read ahead sectors     auto
  - currently set to     8192
  Block device           253:2
  1. serverA 使用blkid /dev/mapper/datastore-database 命令获取UUID值,截图;使用cat命令查看/etc/fstab文件内容
两个UUID一致得2分

[root@host-172-16-10-22 ~]# blkid /dev/mapper/datastore-database
/dev/mapper/datastore-database: UUID="684a8e37-3b22-4f14-97b9-d744516f6b46" TYPE="xfs" 

[root@host-172-16-10-22 ~]# cat /etc/fstab
/dev/mapper/centos-root /                       xfs     defaults        0 0
UUID=41f7a291-c7de-4694-a5ee-1e6313ff9f44 /boot                   xfs     defaults        0 0
/dev/mapper/centos-swap swap                    swap    defaults        0 0
UUID=684a8e37-3b22-4f14-97b9-d744516f6b46 /data/web_data xfs defaults 0 0
[root@host-172-16-10-22 ~]# 
  1. serverA (扩容后)使用lvdisplay /dev/mapper/datastore-database查看lvm信息
[root@localhost ~]# lvdisplay /dev/mapper/datastore-database
  --- Logical volume ---
  LV Path                /dev/datastore/database
  LV Name                database
  VG Name                datastore
  LV UUID                wg5Ac4-UYxc-o2Aq-k3oo-4NmF-1JmB-Bzveo0 //需一致
  LV Write Access        read/write
  LV Creation host, time localhost.localdomain, 2019-03-07 18:21:32 +0800
  LV Status              available
  # open                 1
  LV Size                15.00 GiB   //2分
  Current LE             960
  Segments               1
  Allocation             inherit
  Read ahead sectors     auto
  - currently set to     8192
  Block device           253:2
  1. serverA (扩容后)使用df -lh命令查看文件系统磁盘空间使用信息.
[root@localhost ~]# df -lh
文件系统                        容量  已用  可用 已用% 挂载点
/dev/mapper/centos-root          19G  1.2G   18G    7% /
devtmpfs                        476M     0  476M    0% /dev
tmpfs                           488M     0  488M    0% /dev/shm
tmpfs                           488M  7.7M  480M    2% /run
tmpfs                           488M     0  488M    0% /sys/fs/cgroup
/dev/sda1                       197M  108M   90M   55% /boot
tmpfs                            98M     0   98M    0% /run/user/0
/dev/mapper/datastore-database   15G   33M   15G    1% /data/web_data //此项为15G得1分

配置Samba服务

  • 需求
    • 修改工作组为WORKGROUP
    • 注释[homes]和[printers]相关的所有内容
    • 共享名为webdata
    • webdata可以浏览且webdata可写
    • 共享目录为/data/web_data,且apache用户对该目录有读写执行权限,用setfacl命令配置目录权限。
    • 只有192.168.1XX.33的主机可以访问。(XX现场提供)
    • 添加一个apache用户(密码自定义)对外提供Samba服务。
  • 步骤
  1. 打开/etc/samba/smb.conf
[root@localhost ~]# vim /etc/samba/smb.conf


[global]
        workgroup = WORKGROUP
        security = user
        passdb backend = tdbsam
        printing = cups
        printcap name = cups
        load printers = yes
        cups options = raw

#[homes]
#       comment = Home Directories
#       valid users = %S, %D%w%S
#       browseable = No
#       read only = No
#       inherit acls = Yes

#[printers]
#       comment = All Printers
#       path = /var/tmp
#       printable = Yes
#       create mask = 0600
#       browseable = No

[webdata]
        public = yes
        browseable = yes
        writable = yes
        path = /data/web_data
        hosts deny = ALL EXCEPT 192.168.1.33/32
[root@localhost ~]# 
  1. 给Apache用户配置ACL权限
[root@localhost ~]# setfacl -m u:apache:rwx /data/web_data/ 
  • 验证
  1. serverA 使用egrep ^[^'(#|;)'] /etc/samba/smb.conf | egrep -v [[:space:]]+#命令过滤samba配置文件
[root@localhost ~]# egrep ^[^'(#|;)'] /etc/samba/smb.conf | egrep -v [[:space:]]+#
[global]
        workgroup = WORKGROUP   //1分
        security = user
        passdb backend = tdbsam
        printing = cups
        printcap name = cups
        load printers = yes
        cups options = raw
[webdata]
        public = yes
        browseable = yes
        writable = yes
        path = /data/web_data   
        hosts deny = ALL EXCEPT 192.168.1.33   //9分
  1. serverA 使用getfacl命令查看/data/web_data权限
[root@localhost ~]# getfacl /data/web_data/                
getfacl: Removing leading '/' from absolute path names
# file: data/web_data/
# owner: root
# group: root
user::rwx
user:apache:rwx   //2分
group::r-x
mask::rwx
other::r-x

配置http服务

  • 需求
    • 以虚拟主机的方式创建web站点
    • 将/etc/httpd/conf.d/ssl.conf重命名为ssl.conf.bak
    • 配置文件名为virthost.conf,放置在/etc/httpd/conf.d目录下;
    • 配置https功能,https所用的证书httpd.crt、私钥httpd.key放置在/etc/httpd/ssl目录中(目录需自己创建);
    • 使用www.rj.com作为域名进行访问;
    • 网站根目录为/data/web_data;
    • 提供http、https服务,仅监听192.168.1XX.22的IP地址;(XX现场提供)
    • index.html内容使用Welcome to 2018 Computer Network Application contest!;
  • 解决
    .
  1. 进入httpd配置文件夹,把ssl.conf 改成ssl.conf.bak
[root@localhost /]# cd /etc/httpd/conf.d/
[root@localhost conf.d]# mv ssl.conf ssl.conf.bak 
  1. 创建virthost.conf 配置文件
[root@localhost conf.d]# vim virthost.conf 

<VirtualHost *:80>
        ServerName www.rj.com
        DocumentRoot "/data/web_data"
        <Directory "/data/web_data">
                Require all granted
        </Directory>
</VirtualHost>
Listen 192.168.10.22:443
<VirtualHost *:443>
        ServerName www.rj.com
        DocumentRoot "/data/web_data"
        SSLEngine on
        SSlCertificateFile /etc/httpd/ssl/httpd.crt
        SSLCertificateKeyFile /etc/httpd/ssl/httpd.key
        <Directory "/data/web_data">
                Require all granted
        </Directory>
</VirtualHost>
  1. 进入网站主目录,创建index.html
[root@localhost /]# vim /data/web_data/index.html
Welcome to 2018 Computer Network Applocation contest!
  • 验证
  1. serverA 使用cat /etc/httpd/conf.d/virthost.conf查看httpd配置文件内容
[root@localhost /]# cat /etc/httpd/conf.d/virthost.conf
<VirtualHost *:80>
        ServerName www.rj.com
        DocumentRoot "/data/web_data"
        <Directory "/data/web_data">
                Require all granted
        </Directory>
</VirtualHost>   //4分,错一个0分

Listen 192.168.10.22:443
<VirtualHost *:443>
        ServerName www.rj.com
        DocumentRoot "/data/web_data"
        SSLEngine on
        SSlCertificateFile /etc/httpd/ssl/httpd.crt
        SSLCertificateKeyFile /etc/httpd/ssl/httpd.key
        <Directory "/data/web_data">
                Require all granted
        </Directory>
</VirtualHost>   //共10分,错一个0分

OpenSSL

  • 需求
    • 配置openssl,为http服务提供证书
  • 解决
  1. 生成私钥文件
[root@localhost CA]# openssl genrsa -out private/cakey.pem
Generating RSA private key, 2048 bit long modulus
...................................................................................................+++
....................................................+++
e is 65537 (0x10001)
  1. 升成自签证书
[root@localhost CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:xx
Locality Name (eg, city) [Default City]:xx
Organization Name (eg, company) [Default Company Ltd]:xx
Organizational Unit Name (eg, section) []:xx
Common Name (eg, your name or your server's hostname) []:www.rj.com
Email Address []:admin
  1. 创建必要文件
[root@localhost CA]# touch index.txt
[root@localhost CA]# touch serial
[root@localhost CA]# echo "01">serial
  1. 升成客户机私钥
[root@localhost CA]# openssl genrsa -out httpd.key

  1. 升成证书请求
[root@localhost CA]# openssl req -new -key httpd.key -out httpd.crs
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:xx
State or Province Name (full name) []:xx
Locality Name (eg, city) [Default City]:xx
Organization Name (eg, company) [Default Company Ltd]:xx
Organizational Unit Name (eg, section) []:xx
Common Name (eg, your name or your server's hostname) []:www.rj.com
Email Address []:admin

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:123456
An optional company name []:123456
  1. 签署证书
[root@localhost CA]# openssl ca -in httpd.crs -out rj.crt
Using configuration from /etc/pki/tls/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
        Serial Number: 1 (0x1)
        Validity
            Not Before: Mar 12 09:34:15 2019 GMT
            Not After : Mar 11 09:34:15 2020 GMT
        Subject:
            countryName               = xx
            stateOrProvinceName       = xx
            organizationName          = xx
            organizationalUnitName    = xx
            commonName                = www.rj.com
            emailAddress              = admin
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            Netscape Comment: 
                OpenSSL Generated Certificate
            X509v3 Subject Key Identifier: 
                E3:DB:EA:08:F6:97:39:9C:92:EC:4B:E7:14:7C:E8:AE:09:AD:F7:6B
            X509v3 Authority Key Identifier: 
                keyid:60:A3:83:3C:86:95:B6:B1:A1:88:1D:52:A0:BE:1C:41:AE:47:8F:B1

Certificate is to be certified until Mar 11 09:34:15 2020 GMT (365 days)
Sign the certificate? [y/n]:y


1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
  • 验证
  1. serverA 使用cat /etc/pki/CA/index.txt查看openssl证书数据库文件
[root@localhost CA]# cat /etc/pki/CA/index.txt
V       200311093415Z           01      unknown /C=CN/ST=xx/O=xx/OU=xx/CN=www.rj.com/emailAddress=admin  

//5分

Haproxy

  • 配置Haproxy,使用listen实现http代理,使用frontend,backend实现https代理.
    • listen的配置需求如下
      • 名称:http
      • 监听地址:172.16.10.22:80
      • 后端server : ServerA和ServerB
    • frontend的配置需求如下
      • 名称:https
      • 监听地址:172.16.10.22:443
      • 模式 : tcp
      • 默认后端 : web_server
    • backend的配置需求如下
      • 名称:web_server
      • 负载均衡算法
      • 模式 : tcp
      • 后端server : ServerA和ServerB
  • 解决
  1. 编辑配置文件
[root@localhost ~]# vim /etc/haproxy/haproxy.cfg 
backend app
    balance     roundrobin
    server  app1 127.0.0.1:5001 check
    server  app2 127.0.0.1:5002 check
    server  app3 127.0.0.1:5003 check
    server  app4 127.0.0.1:5004 check

listen http
        bind 172.16.10.22:80
        server s1 172.16.10.22:80
        server s2 172.16.10.33:80

frontend https
        bind 172.16.10.22:443
        mode tcp
        default_backend web_server

backend web_server
        mode tcp
        blance roundrobin
        server s1 172.16.10.22:443
        server s2 172.16.10.33:443
  • 验证
  1. serverA 使用cat命令查看haproxy配置文件(截取代理listen、frontend、backend配置)
backend app
    balance     roundrobin
    server  app1 127.0.0.1:5001 check
    server  app2 127.0.0.1:5002 check
    server  app3 127.0.0.1:5003 check
    server  app4 127.0.0.1:5004 check

listen http
        bind 172.16.10.22:80
        server s1 172.16.10.22:80
        server s2 172.16.10.33:80

frontend https
        bind 172.16.10.22:443
        mode tcp
        default_backend web_server

backend web_server
        mode tcp
        blance roundrobin
        server s1 172.16.10.22:443
        server s2 172.16.10.33:443   //10分,错一个0分

ServerB的配置

云硬盘的配置要求

  • 需求
    • 新建两个10G的云硬盘,名称分别为B-10-1、B-10-2,挂载到serverB;
    • 使用mdadm将两块云硬盘创建RAID1阵列,设备文件名为md0;
    • 将新建的RAID1格式化为xfs文件系统,编辑/etc/fstab文件实现以UUID的形式开机自动挂载至/data/ftp_data目录。
  • 解决
* 注 在这些操作之前配置好本地yum源,还有安装好软件
  1. 在JCOS云平台新建两个10G的硬盘并挂载到ServerB
    image
  2. 在ServerB查看是否正常挂载
[root@host-172-16-10-33 ~]# fdisk -l   //看到以下两块信息即为正常挂载

磁盘 /dev/vdb:10.7 GB, 10737418240 字节,20971520 个扇区
Units = 扇区 of 1 * 512 = 512 bytes
扇区大小(逻辑/物理):512 字节 / 512 字节
I/O 大小(最小/最佳):512 字节 / 512 字节


磁盘 /dev/vdc:10.7 GB, 10737418240 字节,20971520 个扇区
Units = 扇区 of 1 * 512 = 512 bytes
扇区大小(逻辑/物理):512 字节 / 512 字节
I/O 大小(最小/最佳):512 字节 / 512 字节

[root@host-172-16-10-33 ~]# 
  1. 创建RAID1硬盘
[root@host-172-16-10-33 ~]# mdadm -C /dev/md0 -a yes -l 1 -n 2 /dev/vdb /dev/vdc
mdadm: Note: this array has metadata at the start and
    may not be suitable as a boot device.  If you plan to
    store '/boot' on this device please ensure that
    your boot-loader understands md/v1.x metadata, or use
    --metadata=0.90
Continue creating array? y
mdadm: Defaulting to version 1.2 metadata
mdadm: array /dev/md0 started.
[root@host-172-16-10-33 ~]# mkfs -t xfs /dev/md0
meta-data=/dev/md0               isize=256    agcount=4, agsize=654848 blks
         =                       sectsz=512   attr=2, projid32bit=1
         =                       crc=0        finobt=0
data     =                       bsize=4096   blocks=2619392, imaxpct=25
         =                       sunit=0      swidth=0 blks
naming   =version 2              bsize=4096   ascii-ci=0 ftype=0
log      =internal log           bsize=4096   blocks=2560, version=2
         =                       sectsz=512   sunit=0 blks, lazy-count=1
realtime =none                   extsz=4096   blocks=0, rtextents=0
[root@host-172-16-10-33 ~]# blkid /dev/md0
/dev/md0: UUID="3d80f44a-1725-434b-84cd-d7ae0b85d254" TYPE="xfs" 
[root@host-172-16-10-33 ~]# vim /etc/fstab

/dev/mapper/centos-root /                       xfs     defaults        0 0
UUID=41f7a291-c7de-4694-a5ee-1e6313ff9f44 /boot                   xfs     defaul
ts        0 0
/dev/mapper/centos-swap swap                    swap    defaults        0 0
 UUID=3d80f44a-1725-434b-84cd-d7ae0b85d254 /data/ftp_data xfs defaults 0 0 
                                                                             
"/etc/fstab" 12L, 541C 已写入                                 
[root@host-172-16-10-33 ~]# mkdir -p /data/ftp_data
[root@host-172-16-10-33 ~]# mount -a
  • 验证
  1. serverB 使用mdadm -D /dev/md0查看raid1阵列信息
[root@host-172-16-10-33 ~]# mdadm -D /dev/md0
/dev/md0:
        Version : 1.2
  Creation Time : Fri Mar 29 09:27:59 2019
     Raid Level : raid1
     Array Size : 10477568 (9.99 GiB 10.73 GB)
  Used Dev Size : 10477568 (9.99 GiB 10.73 GB)
   Raid Devices : 2
  Total Devices : 2
    Persistence : Superblock is persistent

    Update Time : Fri Mar 29 09:30:45 2019
          State : active 
 Active Devices : 2
Working Devices : 2
 Failed Devices : 0
  Spare Devices : 0

           Name : host-172-16-10-33:0  (local to host host-172-16-10-33)
           UUID : e55890af:3a9599a7:72972436:00e4d8bb
         Events : 18

    Number   Major   Minor   RaidDevice State
       0     252       16        0      active sync   /dev/vdb
       1     252       32        1      active sync   /dev/vdc
[root@host-172-16-10-33 ~]# 

/dev/md0
Raid Level:raid1
各2分

  1. serverB使用blkid /dev/md0 命令获取UUID值,截图;使用cat命令查看/etc/fstab文件内容
[root@host-172-16-10-33 ~]# blkid /dev/md0
/dev/md0: UUID="3d80f44a-1725-434b-84cd-d7ae0b85d254" TYPE="xfs" 

[root@host-172-16-10-33 ~]# cat /etc/fstab

/dev/mapper/centos-root /                       xfs     defaults        0 0
UUID=41f7a291-c7de-4694-a5ee-1e6313ff9f44 /boot                   xfs     defaults        0 0
/dev/mapper/centos-swap swap                    swap    defaults        0 0
 UUID=3d80f44a-1725-434b-84cd-d7ae0b85d254 /data/ftp_data xfs defaults 0 0 

//4分

配置DNS服务

  • 需求
    • 监听当前主机的所有地址;
    • 允许所有主机查询和递归查询;
    • 区域定义均配置在/etc/named.conf文件中;
    • rj.com的区域数据文件名为rj.com.zone;
    • 为www.rj.com添加A记录解析,解析至serverA的公网IP;
    • 为ftp.rj.com添加A记录解析,解析至serverB的公网IP。
    • 配置反向域数据文件名为172.16.0.zone
    • 为serverA、serverB的公网IP添加www、ftp的PTR解析记录
  • 解决
  1. 编辑named.conf配置文件
[root@host-172-16-10-33 ~]# vim /etc/named.conf 
options {
        listen-on port 53 { any; };   //这里改为any
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { any; };   //这里改为any
        dnssec-enable yes;
        dnssec-validation yes;
        bindkeys-file "/etc/named.iscdlv.key";
        managed-keys-directory "/var/named/dynamic";
        pid-file "/run/named/named.pid";
        session-keyfile "/run/named/session.key";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
  
▽
zone "." IN {
        type hint;
        file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
//以下两个是我添加的
zone "rj.com" IN {
        type master;
        file "rj.com.zone";
};
zone "0.16.172.in-addr.arpa" IN {
        type master;
        file "172.16.0.zone";
};
"/etc/named.conf" 64L, 1676C 已写入 
  1. 进入/var/named目录,创建rj.com.zone以及172.16.0.zone
[root@host-172-16-10-33 ~]# cd /var/named/
[root@host-172-16-10-33 named]# ls
data  dynamic  named.ca  named.empty  named.localhost  named.loopback  slaves
[root@host-172-16-10-33 named]# cp named.localhost rj.com.zone
[root@host-172-16-10-33 named]# vim rj.com.zone 
$TTL 1D
@       IN SOA  rj.com. admin.rj.com. (
                                        0       ; serial
                                        1D      ; refresh
▽                                       1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
        NS      rj.com.
@       A       172.16.0.148
www     A       172.16.0.147
ftp     A       172.16.0.148
                                                                            
"rj.com.zone" 11L, 190C 已写入                                
[root@host-172-16-10-33 named]# cp rj.com.zone 172.16.0.zone
[root@host-172-16-10-33 named]# vim 172.16.0.zone 
$TTL 1D
@       IN SOA  rj.com. admin.rj.com. (
                                        0       ; serial
                                        1D      ; refresh
▽                                       1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
        NS      rj.com.
148     PTR     ftp.rj.com.
148     PTR     rj.com.
147     PTR     www.rj.com.
                                                                             
"172.16.0.zone" 11L, 196C 已写入 
  1. 修改这两个文件的所属组,以及修改DNS服务器地址
[root@host-172-16-10-33 named]# chown :named rj.com.zone 172.16.0.zone 
[root@host-172-16-10-33 named]# vim /etc/resolv.conf 
; generated by /usr/sbin/dhclient-script
#search openstacklocal
nameserver 172.16.0.131   //这里写公网ip和本机两个ip中的任意一个都可以


  1. 检查配置文件是否有误
[root@host-172-16-10-33 named]# named-checkzone rj.com rj.com.zone 
zone rj.com/IN: loaded serial 0
OK
[root@host-172-16-10-33 named]# named-checkzone 0.16.172.in-addr.arpa 172.16.0.zone 
zone 0.16.172.in-addr.arpa/IN: loaded serial 0
OK
[root@host-172-16-10-33 named]# named-checkconf
  1. 启动DNS
[root@host-172-16-10-33 named]# systemctl start named
  • 验证
  1. serverB 使用\egrep '^ [a-z]|;$' /etc/named.conf命令过滤DNS配置文件
[root@host-172-16-10-33 named]# \egrep '^[a-z]|;$' /etc/named.conf
options {
        listen-on port 53 { any; };   //1分
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { any; };   //1分
        recursion yes;   //1分
        dnssec-enable yes;
        dnssec-validation yes;
        bindkeys-file "/etc/named.iscdlv.key";
        managed-keys-directory "/var/named/dynamic";
        pid-file "/run/named/named.pid";
        session-keyfile "/run/named/session.key";
};
logging {
                file "data/named.run";
                severity dynamic;
        };
};
zone "." IN {
        type hint;
        file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
zone "rj.com" IN {
        type master;
        file "rj.com.zone";
};   //3分
zone "0.16.172.in-addr.arpa" IN {
        type master;
        file "172.16.0.zone";
};   //3分
  1. serverB 使用dig www.rj.com命令解析A记录
[root@host-172-16-10-33 named]# dig www.rj.com                    

; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7 <<>> www.rj.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32962
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.rj.com.                    IN      A

;; ANSWER SECTION:
www.rj.com.             86400   IN      A       172.16.0.147   //2分

;; AUTHORITY SECTION:
rj.com.                 86400   IN      NS      rj.com.

;; ADDITIONAL SECTION:
rj.com.                 86400   IN      A       172.16.0.148

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: 五 3月 29 09:53:42 CST 2019
;; MSG SIZE  rcvd: 85

  1. serverB 使用dig -x 公网IP 命令解析PTR记录
[root@host-172-16-10-33 named]# dig -x 172.16.0.147

; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7 <<>> -x 172.16.0.147
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51307
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;147.0.16.172.in-addr.arpa.     IN      PTR

;; ANSWER SECTION:
147.0.16.172.in-addr.arpa. 86400 IN     PTR     www.rj.com.   //2分

;; AUTHORITY SECTION:
0.16.172.in-addr.arpa.  86400   IN      NS      rj.com.

;; ADDITIONAL SECTION:
rj.com.                 86400   IN      A       172.16.0.148

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: 五 3月 29 09:54:29 CST 2019
;; MSG SIZE  rcvd: 108

Samba服务

  • 需求
    • 配置smb,使用apache用户挂载serverA共享的目录至/data/web_data目录下,作为http服务网站根目录使用。
  • 解决
  1. 关闭防火墙,注释掉nameserver.
[root@host-172-16-10-33 named]# systemctl stop firewalld
[root@host-172-16-10-33 named]# vim /etc/resolv.conf 
; generated by /usr/sbin/dhclient-script
#search openstacklocal
#nameserver 114.114.114.114
  1. 服务端添加apache用户
[root@host-172-16-10-22 ~]# smbpasswd -a apache
New SMB password:
Retype new SMB password:
Added user apache.
  1. 客户端进行挂载
[root@host-172-16-10-33 named]# mount -o username=apache,password="123456" //172.16.0.147/webdata /data/web_data/
  • 验证
  1. serverB 使用mount | grep web_data命令查看samba挂载状况。
[root@host-172-16-10-33 named]# mount | grep web_data
//172.16.0.147/webdata on /data/web_data type cifs (rw,relatime,vers=1.0,cache=strict,username=apache,domain=HOST-172-16-10-22,uid=0,noforceuid,gid=0,noforcegid,addr=172.16.0.147,unix,posixpaths,serverino,acl,rsize=1048576,wsize=65536,actimeo=1)

//2分

配置http服务

  • 需求
    • 以虚拟主机的方式创建web站点
    • 将/etc/httpd/conf.d/ssl.conf重命名为ssl.conf.bak
    • 配置文件名为virthost.conf,放置在/etc/httpd/conf.d目录下;
    • 配置https功能,https所用的证书httpd.crt、私钥httpd.key放置在/etc/httpd/ssl目录中(目录需自己创建,httpd.crt、httpd.key均文件从serverA复制);
    • 使用www.rj.com作为域名进行访问;
    • 提供http、https服务,仅监听192.168.1XX.33的地址。(XX现场提供)
* 注 由于需求与ServerA一样,请参考ServerA的配置

FTP服务

  • 需求

    • 使用虚拟用户认证方式,创建用户virtftp,该用户的家目录为/data/ftp_data,shell为/sbin/nologin,并将虚拟用户映射至virtftp用户;
    • 允许属主对/data/ftp_data有写权限;
    • 关闭PASV模式的安全检查;
    • 设置客户端最大连接数为100,每个IP允许3个连接数;
    • ftpuser虚拟用户可以下载与上传文件;
    • ftpadmin虚拟用户可以下载与上传文件以及删除重命名操作,上传文件的umask为022。
    • 配置文件要求:
    • 以下文件除了vsftpd.conf文件其余文件均需要自行创建
    • /etc/vsftpd/vsftpd.conf(ftp配置文件)/etc/pam.d/vsftpd.vu,(pam配置文件)
    • /etc/vsftpd/vlogin.db,(用户数据库)
    • /etc/vsftpd/ftp_user(该目录下ftp用户权限配置目录)
    • ftpuser,ftpadmin用户权限相关配置文件均在/etc/vsftpd/ftp_user目录下
  • 解决

  1. 创建虚拟用户文件
[root@host-172-16-10-33 ~]# cd /etc/vsftpd
[root@host-172-16-10-33 vsftpd]# vim vlogin.txt
ftpadmin
123456
ftpuser
123456
                                                                          
"vlogin.txt" [新] 4L, 31C 已写入       
  1. 创建虚拟用户数据库文件
[root@host-172-16-10-33 vsftpd]# db_load -T -t hash -f vlogin.txt vlogin.db
  1. 配置新的用户认证
[root@host-172-16-10-33 vsftpd]# vim /etc/pam.d/vsftpd.vu
auth required pam_userdb.so db=/etc/vsftpd/vlogin
account required pam_userdb.so db=/etc/vsftpd/vlogin
  1. 创建虚拟用户目录以及权限的配置文件
[root@host-172-16-10-33 vsftpd]# mkdir ftp_user

[root@host-172-16-10-33 vsftpd]# cd ftp_user/

[root@host-172-16-10-33 ftp_user]# vim ftpuser
anon_upload_enable=YES
"ftpuser" [新] 2L, 24C 已写入                                 

[root@host-172-16-10-33 ftp_user]# vim ftpadmin
anon_upload_enable=YES
anon_mkdir_write_enable=YES
anon_other_write_enable=YES
anon_mask=022
"ftpadmin" [新] 4L, 93C 已写入                                
[root@host-172-16-10-33 ftp_user]#
  1. 修改主配置文件
[root@host-172-16-10-33 ftp_user]# vim ftpadmin
pam_service_name=vsftpd.vu
userlist_enable=YES
tcp_wrappers=YES
guest_enable=YES   //开启虚拟用户
guest_username=virtftp   //虚拟用户映射的用户
allow_writeable_chroot=YES   
user_config_dir=/etc/vsftp/ftp_user   //用户配置文件路径
max_clients=100
max_per_ip=3
pasv_promiscuous=YES
  1. 新建映射用户
[root@host-172-16-10-33 vsftpd]# useradd -d /data/ftp_data/ -s /sbin/nologin virtftp
useradd:警告:此主目录已经存在。
不从 skel 目录里向其中复制任何文件。
  • 验证
  1. serverB 使用grep virtftp /etc/passwd查看virtftp用户信息
[root@host-172-16-10-33 vsftpd]# grep virtftp /etc/passwd
virtftp:x:1000:1000::/data/ftp_data/:/sbin/nologin  //2分
  1. serverB 使用grep ^[^#] /etc/vsftpd/vsftpd.conf过滤vsftpd配置文件内容
[root@host-172-16-10-33 vsftpd]# grep ^[^#] /etc/vsftpd/vsftpd.conf
anonymous_enable=YES
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
listen=NO
listen_ipv6=YES
pam_service_name=vsftpd.vu   //1分
userlist_enable=YES
tcp_wrappers=YES
guest_enable=YES   //1分
guest_username=virtftp   //1分
allow_writeable_chroot=YES   //1分
user_config_dir=/etc/vsftp/ftp_user   //1分
max_clients=100   //1分
max_per_ip=3   //1分 
pasv_promiscuous=YES   //1分
  1. serverB 使用tail /etc/vsftpd/ftp_user/*查看虚拟用户权限配置
[root@host-172-16-10-33 vsftpd]# tail /etc/vsftpd/ftp_user/*
==> /etc/vsftpd/ftp_user/ftpadmin <==
anon_upload_enable=YES
anon_mkdir_write_enable=YES
anon_other_write_enable=YES
anon_mask=022

==> /etc/vsftpd/ftp_user/ftpuser <==
anon_upload_enable=YES

//5分 一点一分
  1. serverB 切换到/etc/vsftpd目录,使用命令ftp ftp.rj.com连接ftp服务器,使用ftpuser用户上传vlogin.db文件,使用ls命令查看上传的文件。使用ftpadmin用户重命名vlogin.db文件为vlogin,使用ls查看结果
[root@host-172-16-10-22 vsftpd]# ftp 172.16.0.147
Connected to 172.16.0.147 (172.16.0.147).
220 (vsFTPd 3.0.2)
Name (172.16.0.147:root): ftpuser   //这里
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> put vlogin.db   //这里
local: vlogin.db remote: vlogin.db
227 Entering Passive Mode (172,16,10,22,53,190).
150 Ok to send data.
226 Transfer complete.
12288 bytes sent in 2.8e-05 secs (438857.15 Kbytes/sec)
ftp> ls   //这里
227 Entering Passive Mode (172,16,10,22,46,51).
150 Here comes the directory listing.
-rw-------    1 1000     1000        12288 Mar 29 19:01 vlogin.db   //这里
226 Directory send OK.
ftp> 
[root@host-172-16-10-22 vsftpd]# ftp 172.16.0.147
Connected to 172.16.0.147 (172.16.0.147).
220 (vsFTPd 3.0.2)
Name (172.16.0.147:root): ftpadmin   //这里
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> rename vlogin.db vlogin   //这里
350 Ready for RNTO.
250 Rename successful.
ftp> ls
227 Entering Passive Mode (172,16,10,22,172,66).
150 Here comes the directory listing.
-rw-------    1 1000     1000        12288 Mar 29 19:01 vlogin   //这里
226 Directory send OK. 
ftp> 

软件定义网络部分

  • 需求
    • 在考试机器的任意一台PC上已部署的Vmware Workstation软件,导入ODL集成模板,虚拟机的内存设置为2G。采用桥接的网卡模式,
    • 配置IP地址为192.168.10.128/24,网关设置成192.168.1.254/24。默认系统登录的用户名/密码都是mininet(大小写区分)。
    • 启动OpenDayLight的karaf程序,并安装如下组件:
      • feature:install odl-restconf
      • feature:install odl-l2switch-switch-ui
      • feature:install odl-mdsal-apidocs
      • feature:install odl-dluxapps-applications
    • 使用Mininet构建拓扑,采用ovsk交换格式,连接ODL的远程地址为192.168.10.128:6653,协议类型是Openflow1.30,构造如下拓扑:

image

  • 访问ODL管理页面并查看网元拓扑结构。

  • 1启动HTTP-Server功能,WEB端口为80,H2作为HTTP-Client,获取H1的html网页文件。

  • 通过OVS手工命令在openflow:1虚拟交换机下发流表,只允许下发一条流表,优先级为priority=50实现如下需求:H1与H2可以互通,H1与H3不能互通,但H3和H4之间可以互通。

  • 用iperf工具测试H3和H4的带宽。

  • 解决

  1. 修改ip地址
mininet@mininet-vm:~$ sudo passwd root   //这里是设置root的密码
Enter new UNIX password: 
Retype new UNIX password: 
passwd: password updated successfully
mininet@mininet-vm:~$ su - root   //这里如果不切换到root,无法保存ip地址
Password: 
root@mininet-vm:~# vim /etc/network/interfaces

auto lo
iface lo inet loopback

auto eth0
#iface eth0 inet dhcp
iface eth0 inet static
address 192.168.10.128
netmask 255.255.255.0
gateway 172.16.1.254
                                                                             
"/etc/network/interfaces" 14L, 358C written
mininet@mininet-vm:~$ ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:45:97:4e brd ff:ff:ff:ff:ff:ff
    inet 192.168.10.128/24 brd 192.168.10.255 scope global eth0
       valid_lft forever preferred_lft forever
mininet@mininet-vm:~$ 
  1. 安装组件
    image
  2. 打开浏览器,输入地址,账号密码都是admin
    image
  3. 打开CRT,用mininet创建拓扑
mininet@mininet-vm:~$ sudo mn --topo tree,fanout=2,depth=2 --controller remote,ip=192.168.10.128,port=6653 
mininet> pingall
*** Ping: testing ping reachability
h1 -> h2 h3 h4 
h2 -> h1 h3 h4 
h3 -> h1 h2 h4 
h4 -> h1 h2 h3 
*** Results: 0% dropped (12/12 received)
mininet> 
  1. 打开浏览器,查看拓扑
    image
  2. H1启动httpd服务,H2访问
mininet> h1 python -m SimpleHTTPServer 80 >&/tmp/httpd.log &
mininet> h2 wget -O - h1
--2019-03-30 10:06:27--  http://10.0.0.1/
Connecting to 10.0.0.1:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1094 (1.1K) [text/html]
Saving to: ‘STDOUT’

 0% [                                       ] 0           --.-K/s              <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"><html>
<title>Directory listing for /</title>
<body>
<h2>Directory listing for /</h2>
<hr>
<ul>
<li><a href=".bash_history">.bash_history</a>
<li><a href=".bash_logout">.bash_logout</a>
<li><a href=".bashrc">.bashrc</a>
<li><a href=".cache/">.cache/</a>
<li><a href=".elinks/">.elinks/</a>
<li><a href=".gitconfig">.gitconfig</a>
<li><a href=".oracle_jre_usage/">.oracle_jre_usage/</a>
<li><a href=".profile">.profile</a>
<li><a href=".rnd">.rnd</a>
<li><a href=".viminfo">.viminfo</a>
<li><a href=".wireshark/">.wireshark/</a>
<li><a href=".Xauthority">.Xauthority</a>
<li><a href="distribution-karaf-0.6.0-Carbon/">distribution-karaf-0.6.0-Carbon/</a>
<li><a href="distribution-karaf-0.6.0-Carbon.zip">distribution-karaf-0.6.0-Carbon.zip</a>
<li><a href="install-mininet-vm.sh">install-mininet-vm.sh</a>
<li><a href="loxigen/">loxigen/</a>
<li><a href="mininet/">mininet/</a>
<li><a href="oflops/">oflops/</a>
<li><a href="oftest/">oftest/</a>
<li><a href="openflow/">openflow/</a>
<li><a href="pox/">pox/</a>
</ul>
<hr>
</body>
</html>
100%[======================================>] 1,094       --.-K/s   in 0.02s   

2019-03-30 10:06:27 (60.7 KB/s) - written to stdout [1094/1094]

mininet> 
  1. 下发流表
mininet> sh ovs-ofctl add-flow s1 in_port=1,priority=50,action=drop
  1. 测试H3 H4带宽
mininet> iperf h3 h4
*** Iperf: testing TCP bandwidth between h3 and h4 
.*** Results: ['419 Mbits/sec', '424 Mbits/sec']
mininet>