内容简介:本文风哥教程参考Linux官方文档、Red Hat Enterprise Linux官方文档、Ansible Automation Platform官方文档、Docker官方文档、Kubernetes官方文档和Podman官方文档等内容,详细介绍了相关技术的配置和使用方法。
本
风哥提示:
文档介绍企业级文件共享服务部署综合实战案例。
Part01-NFS文件共享
1.1 NFS服务器配置
[root@fgedu-nfs ~]# yum install -y nfs-utils
# 创建共享目录
[root@fgedu-nfs ~]# mkdir -p /data/shared/{public,private,projects}
# 配置NFS导出
[root@fgedu-nfs ~]# cat > /etc/exports << 'EOF'
/data/shared/public 192.168.1.0/24(rw,sync,no_root_squash,no_subtree_check)
/data/share学习交流加群风哥微信: itpux-comd/private 192.168.1.0/24(rw,sync,root_squash,no_subtree_check)
/data/shared/projects 192.168.1.0/24(rw,sync,no_root_squash,no_subtree_check) 10.0.0.0/8(ro,sync,no_subtree_check)
EOF
# 导出共享
[root@fgedu-nfs ~]# exportfs -rav
exporting 192.168.1.0/24:/data/shared/projects
exporting 192.168.1.0/24:/data/shared/private
exporting 192.168.1.0/24:/data/shared/public
# 启动NFS服务
[root@fgedu-nfs ~]# systemctl enable nfs-server --now
# 查看导出列表
[root@fgedu-nfs ~]# exportfs -v
/data/shared/public
192.168.1.0/24(sync,wdelay,hide,no_subtree_check,sec=sys,rw,secure,no_root_squash,no_all_squash)
/data/shared/private
192.168.1.0/24(sync,wdelay,hide,no_subtree_check,sec=sys,rw,secure,root_squash,no_all_squash)
/data/shared/projects
19from PG视频:www.itpux.com2.168.1.0/24(sync,wdelay,hide,no_subtree_check,sec=sys,rw,secure,no_root_squash,no_all_squash)
10.0.0.0/8(sync,wdelay,hide,no_subtree_check,sec=sys,ro,secure,root_squash,no_all_squash)
# 客户端挂载
[root@fgedu-client ~]# mkdir -p /mnt/nfs/{public,private,projects}
[root@fgedu-client ~]# mount -t nfs 192.168.1.10:/data/shared/public /mnt/nfs/public
[root@fgedu-client ~]# mount -t nfs 192.168.1.10:/data/shared/private /mnt/nfs/private
# 配置开机自动挂载
[root@fgedu-client ~]# cat >> /etc/fstab << 'EOF'
192.168.1.10:/data/shared/public /mnt/nfs/public nfs defaults,_netdev 0 0
192.168.1.10:/data/shared/private /mnt/nfs/private nfs defaults,_netdev 0 0
192.168.1.10:/data/shared/projects /mnt/nfs/projects nfs defaults,_netdev 0 0
EOF
Part02-Samba文件共享
2.1 Samba配置
[root@fgedu-samba ~]# yum install -y samba samba-client
# 配置Samba
[root@fgedu-samba ~]# cat > /etc/samba/smb.conf << 'EOF'
[global]
workgroup = FGEDU
server string = FGEDU File Server
security = user
passdb backend = tdbsam
log file = /var/log/samba/log.%m
max log size = 50
idmap config * : backend = tdb
cups options = raw
[public]
comment = Public Share
path = /data/samba/public
browseable = yes
writable = yes
guest ok = yes
create mask = 0664
directory mask = 0775
[private]
comment = Private Share
path = /data/samba/private
browseable = yes
writable = yes
valid users = @smbusers
create mask = 0660
directory mask = 0770
[projects]
comment = Project Files
path = /data/samba/projects
browseable = yes
writable = yes
valid users = @developers
create mask = 0664
directory mask = 0775
veto files = /*.exe/*.dll/*.bat/
hide files = /*.tmp/*.bak/
[homes]
comment = Home Directories
browseable = no
writable = yes
valid users = %S
create mask = 0600
directory mask = 0700
EOF
# 创建共享目录
[root@fgedu-samba ~]# mkdir -p /data/samba/{public,private,projects}
[root@fgedu-samba ~]# chmod 777 /data/samba/public
[root@fgedu-samba ~]# chmod 770 /data/samba/private
[root@fgedu-samba ~]# chmod 775 /data/samba/projects
# 创建用户和组
[root@fgedu-samba ~]# groupadd smbusers
[root@fgedu-samba ~]# groupadd developers
[root@fgedu-samba ~]# useradd -G smbusers zhangsan
[root@fgedu-samba ~]# useradd -G developers,developers lisi
# 设置Samba密码
[root@fgedu-samba ~]# smbpasswd -a zhangsan
New SMB password: Samba@123
Retype new SMB password: Samba@123
Added user zhangsan.
[root@fgedu-samba ~]# smbpasswd -a lisi
New SMB password: Samba@123
Retype new SMB password: Samba@123
Added user lisi.
# 测试配置
[root@fgedu-samba ~]# testparm
Load smb config files from /etc/samba/smb.conf
Loaded services file OK.
Server role: ROLE_STANDALONE
# 启动Samba
[root@fgedu-samba ~]# systemctl enable smb nmb --now
# 测试连接
[root@fgedu-client ~]# smbclient -L 192.168.1.10 -U zhangsan%Samba@123
Domain=[FGEDU] OS=[Windows 6.1] Server=[Samba 4.18.0]
Sharename Type Comment
--------- ---- -------
public Disk Public Share
private Disk Private Share
projects Disk Project Files
IPC$ IPC IPC Service (FGEDU File Server)
Part03-FTP文件传输
3.1 VSFTPD配置
[root@fgedu-ftp ~]# yum install -y vsftpd
# 配置VSFTPD
[root@fgedu-ftp ~]# cat > /etc/vsftpd/vsftpd.conf << 'EOF'
# 基本设置
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
listen=NO
listen_ipv6=YES
# 用户设置
userlist_enable=YES
userlist_deny=NO
userlist_file=/etc/vsftpd/user_list
# 安全设置
chroot_local_user=YES
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot_list
allow_writeable_chroot=YES
# 性能设置
max_clients=100
max_per_ip=5
idle_session_timeout=600
data_connection_timeout=120
# TLS设置
ssl_enable=YES
rsa_cert_file=/etc/pki/tls/certs/vsftpd.crt
rsa_private_key_file=/etc/pki/tls/private/vsftpd.key
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
# 被动模式
pasv_enable=YES
pasv_min_port=40000
pasv_max_port=40100
pasv_address=192.168.1.10
EOF
# 创建允许登录的用户列表
[root@fgedu-ftp ~]# cat > /etc/vsftpd/user_list << 'EOF'
zhangsan
lisi
wangwu
EOF
# 创建chroot例外列表
[root@fgedu-ftp ~]# touch /etc/vsftpd/chroot_list
# 启动VSFTPD
[root@fgedu-ftp ~]# systemctl enable vsftpd --now
# 测试FTP连接
[root@fgedu-client ~]# ftp 192.168.1.10
Connected to 192.168.1.10 (192.168.1.10).
220 Welcome to FGEDU FTP Server.
Name (192.168.1.10:root): zhangsan
331 Please specify the password.
Password: Ftp@123
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
227 Entering Passive Mode (192,168,1,10,156,64).
150 Here comes the directory listing.
drwxr-xr-x 2 1001 1001 4096 Apr 04 23:00 documents
drwxr-xr-x 2 1001 1001 4096 Apr 04 23:00 downloads
226 Directory send OK.
ftp> quit
221 Goodbye.
Part04-文件共享监控
4.1 监控配置
[root@fgedu-nfs ~]# cat > /usr/local/bin/fileshare-monitor.sh << 'EOF' #!/bin/bash # fileshare-monitor.sh # from:www.itpux.com.qq113257174.wx:itpux-com # web: http://www.fgedu.net.cn echo "=== 文件共享监控 ===" echo "监控时间: $(date)" echo "" echo "1. NFS状态" systemctl is-active nfs-server echo "活跃连接:" ss -tuln | grep 2049 echo "" echo学习交流加群风哥QQ113257174 "2. NFS导出列表" exportfs -v echo "" echo "3. Samba状态" systemctl is-active smb nmb echo "活跃连接:" ss -tuln | grep -E "139|445" echo "" echo "4. Samba共享列表" smbstatus -b 2>/dev/null | head -10
echo “”
echo “5. FTP状态”
systemctl is-active vsftpd
echo “活跃连接:”
ss -tuln | grep -E “20|21”
echo “”
echo “6. 磁盘使用”
df -h | grep -E “/data|Filesystem”
echo “”
echo “7. 大文件检查”
find /data -type f -size +100M -exec ls -lh {} \; 2>/dev/null | head -10
echo “”
echo “=== 监控完成 ===”
EOF
[root@fgedu-nfs ~]# chmod +x /usr/local/bin/fileshare-monitor.sh
# 配置NFS监控
[root@fgedu-nfs ~]# cat > /etc/prometheus/node_exporter/nfs.prom << 'EOF'
# HELP nfs_exports_total Total number of NFS exports
# TYPE nfs_exports_total gauge
nfs_exports_total 3
# HELP nfs_connections Current NFS connections
# TYPE nfs_connections gauge
nfs_connections $(ss -tuln | grep -c 2049)
EOF
# 配置日志审计
[root@fgedu-nfs ~]# cat > /etc/audit/rules.d/fileshare.rules << 'EOF'
## NFS审计
-w /etc/exports -p wa -k nfs_config
-w /data/shared/ -p rwa -k nfs_access
## Samba审计
-w /etc/samba/smb.conf -p wa -k samba_config
-w /data/samba/ -p rwa -k samba_access
## FTP审计
-w /etc/vsftpd/vsftpd.conf -p wa -k ftp_config
-w /var/log/vsftpd.log -p wa -k ftp_log
EOF
[root@fgedu-nfs ~]# service auditd restart
- 根据需求选择合适的共享协议
- 配置访问控制策略
- 启用传输加密
- 实施配额管理
- 定期备份共享数据
本文由风哥教程整理发布,仅用于学习测试使用,转载注明出处:http://www.fgedu.net.cn/10327.html
