RHCA236 glusterfs el7考题详解

考题地址：

考题一：https://download.zhoufengjie.cn/document/os/linuxos/www.zhoufengjie.cn-RHCA236-glusterfs-el7.txt

考题二：https://download.zhoufengjie.cn/document/os/linuxos/www.zhoufengjie.cn-RHCA236-glusterfs-el7-2.txt

正文：

There some server list:
servera,serverb,serverc,serverd,servere,workstation(client),monitor(manager)

pre in workstation:
lab io-encription-lab setup
then:
rht-vmctl reset server{a..c}

1.Configure a Red Hat Storage cluster
Configure a Red Hat Storage trusted storage pool that contains the following nodes:
servera
serverb
serverc
serverd
Enableing managemanent encryption,the key is:XXX
ftp://workstation.lab.example.com/pub
the ca is:ftp://workstation.lab.example.com/pub/glusterfs.ca
##############################
#in servera,serverb,serverc,serverd run:
firewall-cmd –set-default-zone=trusted
firewall-cmd –runtime-to-permanent
firewall-cmd –reload
servername=hostname|awk -F\. '{print $1}'
curl -o /etc/ssl/glusterfs.pem ftp://workstation/pub/”$servername”.pem
curl -o /etc/ssl/glusterfs.key ftp://workstation/pub/”$servername”.key
curl -o /etc/ssl/glusterfs.ca ftp://workstation/pub/glusterfs.ca
systemctl stop glusterd
touch /var/lib/glusterd/secure.access
systemctl start glusterd
#in servera run:
gluster peer probe serverb
gluster peer probe serverc
gluster peer probe serverd
gluster peer status
##############################

2.Configure storage bricks for servera
Configure servera to provide the following storage bricks:
/bricks/test/testvol_n1
/bricks/data/datavol_n1
Additionally.each brick should conform to the following requirements:
Each brick should use vda
Each brick should be 2 GiB in size
Each brick should utilize an appropriately sized logical volume
Each brick should be formatted as xfs with 512b sized inodes.
##############################
lvcreate -L 19G -T vg_bricks/brickspool
bricks=”test data”
volname=”vol_n1″
for brick in $bricks
do
lvcreate -V 2G -T vg_bricks/brickspool -n $brick
mkfs.xfs -i size=512 /dev/vg_bricks/$brick
mkdir /bricks/$brick -p
echo “/dev/vg_bricks/$brick /bricks/$brick xfs defaults 0 0″ >> /etc/fstab
mount -a
mkdir /bricks/$brick/$brick$volname
chcon -t glusterd_brick_t /bricks/$brick/$brick$volname/
done
##############################

3.Configure storage bricks for serverb
Configure serverb to provide the following storage bricks:
/bricks/test/testvol_n2
/bricks/data/datavol_n2
Additionally.each brick should conform to the following requirements:
Each brick should use vda
Each brick should be 2 GiB in size
Each brick should utilize an appropriately sized logical volume
Each brick should be formatted as xfs with 512b sized inodes.
##############################
lvcreate -L 19G -T vg_bricks/brickspool
bricks=”test data”
volname=”vol_n2″
for brick in $bricks
do
lvcreate -V 2G -T vg_bricks/brickspool -n $brick
mkfs.xfs -i size=512 /dev/vg_bricks/$brick
mkdir /bricks/$brick -p
echo “/dev/vg_bricks/$brick /bricks/$brick xfs defaults 0 0″ >> /etc/fstab
mount -a
mkdir /bricks/$brick/$brick$volname
chcon -t glusterd_brick_t /bricks/$brick/$brick$volname/
done
##############################

4.Configure storage bricks for serverc
Configure serverc to provide the following storage bricks:
/bricks/safe/safevol_n3
/bricks/data/datavol_n3
Additionally.each brick should conform to the following requirements:
Each brick should use vda
Each brick should be 2 GiB in size
Each brick should utilize an appropriately sized logical volume
Each brick should be formatted as xfs with 512 b sized inodes.
The volume that uses this brick will need to support Red Hat Storage snapshots.
##############################
lvcreate -L 19G -T vg_bricks/brickspool
bricks=”safe data”
volname=”vol_n3″
for brick in $bricks
do
lvcreate -V 2G -T vg_bricks/brickspool -n $brick
mkfs.xfs -i size=512 /dev/vg_bricks/$brick
mkdir /bricks/$brick -p
echo “/dev/vg_bricks/$brick /bricks/$brick xfs defaults 0 0″ >> /etc/fstab
mount -a
mkdir /bricks/$brick/$brick$volname
chcon -t glusterd_brick_t /bricks/$brick/$brick$volname/
done
##############################

5.Configure storage bricks for serverd
Configure serverd to provide the following storage bricks:
/bricks/safe/safevol_n4
/bricks/data/datavol_n4
Additionally.each brick should conform to the following requirements:
Each brick should use vda
Each brick should be 2 GiB in size
Each brick should utilize an appropriately sized logical volume
Each brick should be formatted as xfs with 512 b sized inodes.
The volume that uses this brick will need to support Red Hat Storage snapshots.
##############################
lvcreate -L 19G -T vg_bricks/brickspool
bricks=”safe data”
volname=”vol_n4″
for brick in $bricks
do
lvcreate -V 2G -T vg_bricks/brickspool -n $brick
mkfs.xfs -i size=512 /dev/vg_bricks/$brick
mkdir /bricks/$brick -p
echo “/dev/vg_bricks/$brick /bricks/$brick xfs defaults 0 0″ >> /etc/fstab
mount -a
mkdir /bricks/$brick/$brick$volname
chcon -t glusterd_brick_t /bricks/$brick/$brick$volname/
done
##############################

6.Create a distributed volume.
Create a distributed volume on your Red Hat Storage cluster according to the following requirements:
The volume uses the bricks servera:/bricks/test/testvol_n1 and serverb:/bricks/test/testvo1_n2
The volume is named testvo1
The volume should allow read/write access to all systems in the 172.24.9.0/255.255.255.0 network.

Enabling management encryption,Enabling I/O encryption,The key is:XXX
ftp://workstation.lab.example.com/pub
the ca is:ftp://workstation.lab.example.com/pub/glusterfs.ca

##############################
gluster volume create testvol servera:/bricks/test/testvol_n1 serverb:/bricks/test/testvol_n2
gluster volume set testvol auth.allow 172.25.250.*
gluster volume set testvol auth.ssl-allow “*.example.com”
gluster volume set testvol server.ssl on
gluster volume set testvol client.ssl on
gluster volume start testvol
##############################

7.Create a replicated volume.
Create a replieated volume on your Red Hat Storage according to the following requirements
The volume uses the bricks serverc:/bricks/safe/safevol_n3 and serverd:/bricks/safe/safevol_n4
The volume is named safevol
The volume should allow read/write access to all systems in the 172.24.9.0/255.255.255.0 network

Enabling management encryption,Enabling I/O encryption,The key is:XXX
ftp://workstation.lab.example.com/pub
the ca is:ftp://workstation.lab.example.com/pub/glusterfs.ca
#############################
ter volume create safevol replica 2 serverc:/bricks/safe/safevol_n3 serverd:/bricks/safe/safevol_n4
gluster volume set safevol auth.allow 172.25.250.*
gluster volume set safevol nfs.rpc-auth-allow 172.25.250.*
gluster volume set safevol auth.ssl-allow “*.example.com”
gluster volume set safevol server.ssl on
gluster volume set safevol client.ssl on
gluster volume start safevol
##############################

8.Create a distributed replicated volume.
create a distributed replieated volume on your Red Hat Storage acconling to the following requirements
The volume uses the bricks:
servera:/bricks/data/datavol_n1
serverb:/bricks/data/datavol_n2
serverc:/bricks/data/datavol_n3
serverd:/bricks/data/datavol_n4
The volume is named datavol
The volume should allow read/write access to all systems in the 172.24.9.0/255.255.255.0 network
Enabling management encryption,Enabling I/O encryption,The key is:XXX
ftp://workstation.lab.example.com/pub
the ca is:ftp://workstation.lab.example.com/pub/glusterfs.ca
##############################
gluster volume create datavol replica 2 servera:/bricks/data/datavol_n1 serverb:/bricks/data/datavol_n2 serverc:/bricks/data/datavol_n3 serverd:/bricks/data/datavol_n4
gluster volume set datavol auth.allow 172.25.250.*
gluster volume set datavol auth.ssl-allow “*.example.com”
gluster volume set datavol server.ssl on
gluster volume set datavol client.ssl on
gluster volume start datavol
##############################

9.Mount storage volumes on a client system
Configure the system client.network3.example.com to mount you cluster volumes according to the following requirements:
testvol should be mounted as a gluster native filesystem under /test
safevol should be mounted as an NFS filesystem under /safe
datavol should be mounted as a gluster native filesystem under /data
All mounts should persist across system reboots
Enabling management encryption,Enabling I/O encryption,The key is:XXX
ftp://workstation.lab.example.com/pub
the ca is:ftp://workstation.lab.example.com/pub/glusterfs.ca
##############################
yum install glusterd-fuse -y
curl -o /etc/ssl/glusterfs.pem ftp://workstation/pub/workstation.pem
curl -o /etc/ssl/glusterfs.key ftp://workstation/pub/workstation.key
curl -o /etc/ssl/glusterfs.ca ftp://workstation/pub/glusterfs.ca
mkdir /{test,safe,data}
vim /etc/fstab
servera:/testvol /test glusterfs defaults,_netdev,acl 0 0
serverc:/safevol /safe nfs defaults,_netdev,acl 0 0
servera:/datavol /data glusterfs defaults,_netdev,acl 0 0
mkdir /var/lib/glusterd/
touch /var/lib/glusterd/secure.access
mount -a
##############################

10.Configure Storage limits
Configure storage limits on client.network3.example.com according to the following requirements:

Create the directory /data/mailspool
Users on client.network3.example.com should have read/write /data/mailspool
Users should not be able to use more than 192 MiB of space under /data/mailspool
##############################
#on workstation
mkdir /data/mailspool
#on servera
gluster volume quota datavol enable
gluster volume quota datavol limit-usage /mailspool 192MB
##############################

11.Configure a directory with acess controls
On the system client create a directory and secure it according to the following requirements:
create the directory /test/confidential
/test/confidential should be owned by the user root and the group admins
the user suresh should have read and write access to /test/confidential and any other future directories or files created under this directory, however this user should not be able to acess any other directories or files which belong to the group admins
the user anita should have read acess to /test/confidential and any other future directories or files created under this directory, however this user should not be able to go acess any other directories or files which belong to the group admins
all other users should not be able to acess /test/confidential
##############################
mkdir /test/confidential
groupadd admins
chgrp admins /test/confidential/
useradd suresh
setfacl -m u:suresh:rwx /test/confidential/
setfacl -m d:u:suresh:rwx /test/confidential/
useradd anita
setfacl -m u:anita:r-x /test/confidential/
setfacl -m d:u:anita:r-x /test/confidential/
chmod o-rwx /test/confidential/
chmod g+s /test/confidential/
##############################

12.Configure asynchronous replication
The volume testvol should be configured for asynchronous replication according to the following requirements:
Content on testvol should be backed up to the volume testrep on servere
The master node should be servera
testrep should be large enough to contain the replication must use a non-privileged account must be named georep and must belong to the group repgrp
the master node should be limited to only being able to run the command necessary to perform replication

The testrep Enabling management encryption,Enabling I/O encryption,The key is:XXX
ftp://workstation.lab.example.com/pub
the ca is:ftp://workstation.lab.example.com/pub/glusterfs.ca
##############################
#!/bin/bash

lvcreate -L 19G -T vg_bricks/brickspool
bricks=”rep1 rep2″
volname=”vol_n5″
for brick in $bricks
do
lvcreate -V 2G -T vg_bricks/brickspool -n $brick
mkfs.xfs -i size=512 /dev/vg_bricks/$brick
mkdir /bricks/$brick -p
echo “/dev/vg_bricks/$brick /bricks/$brick xfs defaults 0 0″ >> /etc/fstab
mount -a
mkdir /bricks/$brick/$brick$volname
chcon -t glusterd_brick_t /bricks/$brick/$brick$volname/
done

gluster volume create testrep servere:/bricks/rep1/rep1vol_n5 servere:/bricks/rep2/
gluster volume set testrep auth.allow 172.25.250.*
gluster volume set testrep auth.ssl-allow “*”
gluster volume set testrep server.ssl on
gluster volume set testrep client.ssl on
gluster volume start testrep

#!/bin/bash

firewall-cmd –set-default-zone=trusted
firewall-cmd –runtime-to-permanent
firewall-cmd –reload
servername=hostname|awk -F\. '{print $1}'
curl -o /etc/ssl/glusterfs.pem ftp://workstation/pub/”$servername”.pem
curl -o /etc/ssl/glusterfs.key ftp://workstation/pub/”$servername”.key
curl -o /etc/ssl/glusterfs.ca ftp://workstation/pub/glusterfs.ca

gluster volume stop testrep
systemctl stop glusterd
touch /var/lib/glusterd/secure.access
systemctl start glusterd
groupadd repgrp
useradd georep -g repgrp
echo redhat|passwd –stdin georep

mkdir /var/mountbroker-root -m 0711
semanage fcontext -a -e /home /var/mountbroker-root
restorecon -Rv /var/mountbroker-root/

gluster system:: execute mountbroker opt mountbroker-root /var/mountbroker-root
gluster system:: execute mountbroker user georep testrep
gluster system:: execute mountbroker opt geo-replication-log-group repgrp
gluster system:: execute mountbroker opt rpc-auth-allow-insecure on
systemctl restart glusterd
gluster volume start testrep

#servera begin
ssh-keygen -f .ssh/id_rsa -N ”
ssh-copy-id georep@servere

gluster volume set all cluster.enable-shared-storage enable
gluster system:: execute gsec_create
gluster volume geo-replication testvol georep@servere::testrep create push-pem
#servera end
/usr/libexec/glusterfs/set_geo_rep_pem_keys.sh georep testvol testrep
#servera begin
gluster volume geo-replication testvol georep@servere::testrep create push-pem
gluster volume geo-replication testvol georep@servere::testrep config use_meta_volume true
gluster volume geo-replication testvol georep@servere::testrep start
gluster volume geo-replication testvol georep@servere::testrep status
#servera end
############################

13.Create a snapshot
Create a snapshot for safevol on your Red Hat storage cluster according to the following requirement:
the snapshot is named safe-snap
############################
gluster snapshot create safe-snap safevol no-timestamp
gluster snapshot activate safe-snap
############################

14.Tiering
servera and serverb has sda,fast than vda
servera,serverb hot
serverc,serverd cold,and replication volume
############################
#name:hotvol
#servera,b,c,d[exam]
lvcreate -V 2G -T vg_bricks/brickspool -n hot
mkfs.xfs -i size=512 /dev/vg_bricks/hot
mkdir /bricks/hot
echo “/dev/vg_bricks/hot /bricks/hot xfs defaults 0 0″ >> /etc/fstab
mount -a
mkdir /bricks/hot/hotvol_n1
chcon -t glusterd_brick_t /bricks/hot/hotvol_n1/

gluster volume create hotvol replica 2 serverc:/bricks/hot/hosvol_n3 serverd:/bricks/hot/hotvol_n4
gluster volume start hotvol
gluster volume tier hotvol attach replica 2 servera:/bricks/hot/hotvol_n1 serverb:/bricks/hot/hotvol_n2
############################

15.nagios monitor gluster,the monitor server has monitor user
monitor send mail
gluster name is :rh236-gluster

############################
#servera,b,c,d;vim /etc/nagios/nrpe.cfg
allowed_hosts=127.0.0.1,manager.lab.example.com
systemctl restart nrpe

#manager(rpm:nagios-server-addons)
configure-gluster-nagios -c rh236-gluster -H servera.lab.example.com
nagios -v /etc/nagios/nagios.cfg
vim /etc/nagios/gluster-contacts.cfg  #修改增加标红的位置
define contact {
contact_name student
alias student
email student@manager.lab.example.com
service_notification_period 24×7
service_notification_options w,u,c,r,f,s
service_notification_commands notify-service-by-email
host_notification_period 24×7
host_notification_options d,u,r,f,s
host_notification_commands notify-host-by-email
}
vim /etc/nagios/gluster-templates.cfg
define host{
name gluster-generic-host
use linux-server
notifications_enabled 1
notification_period 24×7
notification_interval 120
notification_options d,u,r,f,s
register 0
contacts +snmp,student
}

define service {
name gluster-service
use generic-service
notifications_enabled 1
notification_period 24×7
notification_options w,u,c,r,f,s
notification_interval 120
register 0
contacts +snmp,student
_gluster_entity Service
}
vim /etc/nagios/objects/commands.cfg #修改增加标红的位置
# ‘notify-host-by-email’ command definition
define command{
command_name notify-host-by-email
command_line /usr/bin/printf “%b” “***** Nagios *****\n\nNotification Type: $NOTIFICATIONTYPE$\nHost: $HOSTNAME$\nState: $HOSTSTATE$\nAddress: $HOSTADDRESS$\nInfo: $HOSTOUTPUT$\n\nDate/Time: $LONGDATETIME$\n$NOTIFICATIONCOMMENT$” | /bin/mail -s “** $NOTIFICATIONTYPE$ Host Alert: $HOSTNAME$ is $HOSTSTATE$ **” $CONTACTEMAIL$
}

# ‘notify-service-by-email’ command definition
define command{
command_name notify-service-by-email
command_line /usr/bin/printf “%b” “***** Nagios *****\n\nNotification Type: $NOTIFICATIONTYPE$\n\nService: $SERVICEDESC$\nHost: $HOSTALIAS$\nAddress: $HOSTADDRESS$\nState: $SERVICESTATE$\n\nDate/Time: $LONGDATETIME$\n\nAdditional Info:\n\n$SERVICEOUTPUT$\n$NOTIFICATIONCOMMENT$” | /bin/mail -s “** $NOTIFICATIONTYPE$ Service Alert: $HOSTALIAS$/$SERVICEDESC$ is $SERVICESTATE$ **” $CONTACTEMAIL$
}

service nagios restart
vim /etc/mail/sendmail.mc #修改增加标红的位置
dnl # DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA’)dnl
chkconfig sendmail on
service sendmail restart
yum install mutt -y
su – student
mutt
############################