diff --git a/configs/config-all.sh b/configs/config-all.sh index ed7c595..a1aa0ea 100644 --- a/configs/config-all.sh +++ b/configs/config-all.sh @@ -68,11 +68,11 @@ cat $REPO_FILE # Проверить устройства можно командой blkid # Имя образа будет указано в lable="" -# /dev/sr1 Это [datastore1] _ISO/CentOS-7-x86_64-DVD-1810.iso # /dev/sr0 Это [datastore1] _ISO/Additional.iso +# /dev/sr1 Это [datastore1] _ISO/CentOS-7-x86_64-DVD-1810.iso -mount /dev/sr1 /media/CentOS -mount /dev/sr0 /media/cdrom +mount -L "CDROM" /media/cdrom +mount -L "CentOS 7 x86_64" /media/CentOS yum install lynx vim net-tools dhclient bash-completion tcpdump curl nfs-utils cifs-utils sshpass bind-utils libcares* -y diff --git a/configs/l-/l-fw.sh b/configs/l-/l-fw.sh index 88d349f..ff9cb1f 100644 --- a/configs/l-/l-fw.sh +++ b/configs/l-/l-fw.sh @@ -1,4 +1,4 @@ -HS="/etc/hostsname" +HS="/etc/hostname" rm $HS; touch $HS echo "L-FW" >> $HS H="/etc/hosts"; rm $H; touch $H @@ -10,7 +10,7 @@ echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf iptables -F apt-cdrom add -apt install frr iptables-persistent tcpdump bind9 ssh nfs-common network-manager curl lynx net-tools vim bind9utils cifs-utils zsh git -y +apt install frr iptables-persistent tcpdump ssh nfs-common network-manager curl lynx net-tools vim bind9utils cifs-utils -y sed -ie "s/^hosts:\t*/hosts:\t\tdns files [NOTFOUND=return] # old:/" /etc/nsswitch.conf SSHC="/etc/ssh/sshd_config" @@ -20,31 +20,36 @@ echo "AllowUsers ssh_p root ssh_c" >> $SSHC iptables -t nat -A POSTROUTING -o ens256 -j MASQUERADE iptables -t nat -A PREROUTING -i ens256 -p udp --dport 53 -j DNAT --to-destination 172.16.20.10 -systemctl start NetworkManager +nmcli con del id ens192 +nmcli con del id ens224 +nmcli con del id ens256 +nmcli con del id ens160 +nmcli con del id gre1 nmcli con add con-name ens192 ifname ens192 autoconnect yes type ethernet ip4 "172.16.50.1/30" nmcli con mod ens192 +ipv4.dns 172.16.20.10 +ipv4.dns 192.168.20.10 +ipv4.dns-search "skill39.wsr" -nmcli con up ens192 ifname ens192 nmcli con add con-name ens224 ifname ens224 autoconnect yes type ethernet ip4 "172.16.55.1/30" nmcli con mod ens224 +ipv4.dns 172.16.20.10 +ipv4.dns 192.168.20.10 +ipv4.dns-search "skill39.wsr" -nmcli con up ens224 ifname ens224 nmcli con add con-name ens256 ifname ens256 autoconnect yes type ethernet ip4 "172.16.20.1/24" nmcli con mod ens256 +ipv4.dns 172.16.20.10 +ipv4.dns 192.168.20.10 +ipv4.dns-search "skill39.wsr" -nmcli con up ens256 ifname ens256 nmcli con add con-name ens160 ifname ens160 autoconnect yes type ethernet ip4 "10.10.10.1/24" gw4 10.10.10.10 nmcli con mod ens160 +ipv4.dns 172.16.20.10 +ipv4.dns 192.168.20.10 +ipv4.dns-search "skill39.wsr" -nmcli con up ens160 ifname ens160 nmcli con add type ip-tunnel ip-tunnel.mode gre con-name gre1 ifname gre1 autoconnect yes remote 20.20.20.100 local 10.10.10.1 -nmcli con mod gre1 ipv4.method manual +ipv4.addresses 10.5.5.1 +nmcli con mod gre1 ipv4.method manual ip-tunnel.ttl 64 +ipv4.addresses "10.5.5.1/30" + +nmcli con up ens192 ifname ens192 +nmcli con up ens224 ifname ens224 +nmcli con up ens256 ifname ens256 +nmcli con up ens160 ifname ens160 nmcli con up gre1 ifname gre1 systemctl stop frr; systemctl disable frr; sed -ie 's/ospfd=no/ospfd=yes/' /etc/frr/daemons; sed -ie 's/zebra=no/zebra=yes/' /etc/frr/daemons; systemctl start frr; systemctl enable frr; -vtysh -conf t +vtysh +conf t ip forw router ospf network 172.16.20.0/24 area 0 @@ -58,9 +63,8 @@ conf t exit write exit - useradd ssh_p -p p_hss useradd ssh_c -p c_hss - +systemctl disable chronyd ; systemctl stop chronyd shutdown -r 0 diff --git a/configs/l-/l-rtr-a.sh b/configs/l-/l-rtr-a.sh index b8f5234..61c6abb 100644 --- a/configs/l-/l-rtr-a.sh +++ b/configs/l-/l-rtr-a.sh @@ -1,4 +1,4 @@ -HS="/etc/hostsname" +HS="/etc/hostname" rm $HS; touch $HS echo "L-RTR-A" >> $HS H="/etc/hosts"; rm $H; touch $H @@ -10,14 +10,13 @@ echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf iptables -F apt-cdrom add -apt install frr tcpdump bind9 ssh nfs-common network-manager curl lynx net-tools vim bind9utils cifs-utils zsh git -y +apt install frr tcpdump ssh nfs-common network-manager curl lynx net-tools vim bind9utils cifs-utils -y sed -ie "s/^hosts:\t*/hosts:\t\tdns files [NOTFOUND=return] # old:/" /etc/nsswitch.conf SSHC="/etc/ssh/sshd_config" cp $SSHC $SSHC.old sed -ie 's/#PermitRoot.*/PermitRootLogin yes/' $SSHC -systemctl start NetworkManager nmcli con add con-name ens192 ifname ens192 autoconnect yes type ethernet ip4 172.16.50.2/30 gw4 172.16.50.1 nmcli con mod ens192 +ipv4.dns 172.16.20.10 +ipv4.dns 192.168.20.10 +ipv4.dns-search "skill39.wsr" nmcli con up ens192 ifname ens192 @@ -29,11 +28,10 @@ systemctl stop frr; systemctl disable frr; sed -ie 's/ospfd=no/ospfd=yes/' /etc/frr/daemons; sed -ie 's/zebra=no/zebra=yes/' /etc/frr/daemons; systemctl start frr; systemctl enable frr; -vtysh -conf t - ip forw - router ospf +vtysh +conf t + router ospf network 172.16.50.0/30 area 0 network 172.16.100.0/24 area 0 passive-interface esn224 @@ -50,5 +48,6 @@ rm $DHC; touch $DHC echo -e "# /etc/dhcp/dhcpd.conf file\n# L-RTR-A\ndefault-lease-time 600;\nmax-lease-time 7200;\n\nddns-update-style interim;\nupdate-static-leases on;\nzone skill39.wsr. { primary 172.16.20.10; }\nzone 16.172.in-addr.arpa. { primary 172.16.20.10; }\nauthoritative;\n\noption domain-name \"skill39.wsr\";\noption domain-name-servers 172.16.20.10, 192.168.20.10;\n\nsubnet 172.16.50.0 netmask 255.255.255.252 {}\nsubnet 172.16.100.0 netmask 255.255.255.0 {\n\trange 172.16.100.65 172.16.100.75;\n\toption routers 172.16.100.1;\n}\nsubnet 172.16.200.0 netmask 255.255.255.0 {\n\trange 172.16.200.65 172.16.200.75;\n\toption routers 172.16.200.1;\n}\nhost lclib {\n\thardware ethernet 00:0C:29:1D:2C:06;\n\tfixed-address 172.16.200.61;\n}\n" >> $DHC systemctl start isc-dhcp-server && systemctl enable isc-dhcp-server +systemctl disable chronyd ; systemctl stop chronyd shutdown -r 0 diff --git a/configs/l-/l-rtr-b.sh b/configs/l-/l-rtr-b.sh index 343671b..984dc60 100644 --- a/configs/l-/l-rtr-b.sh +++ b/configs/l-/l-rtr-b.sh @@ -1,4 +1,4 @@ -HS="/etc/hostsname" +HS="/etc/hostname" rm $HS; touch $HS echo "L-RTR-B" >> $HS H="/etc/hosts"; rm $H; touch $H @@ -10,7 +10,7 @@ echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf iptables -F apt-cdrom add -apt install frr tcpdump bind9 ssh nfs-common network-manager curl lynx net-tools vim bind9utils cifs-utils zsh git -y +apt install frr tcpdump ssh nfs-common network-manager curl lynx net-tools vim bind9utils cifs-utils -y sed -ie "s/^hosts:\t*/hosts:\t\tdns files [NOTFOUND=return] # old:/" /etc/nsswitch.conf SSHC="/etc/ssh/sshd_config" @@ -29,10 +29,9 @@ systemctl stop frr; systemctl disable frr; sed -ie 's/ospfd=no/ospfd=yes/' /etc/frr/daemons; sed -ie 's/zebra=no/zebra=yes/' /etc/frr/daemons; systemctl start frr; systemctl enable frr; -vtysh -conf t - ip forw +vtysh +conf t router ospf network 172.16.55.0/30 area 0 network 172.16.200.0/24 area 0 @@ -47,5 +46,6 @@ apt install isc-dhcp-relay -y # 172.16.50.2 # ens192 ens224 +systemctl disable chronyd ; systemctl stop chronyd shutdown -r 0 diff --git a/configs/l-/l-srv.sh b/configs/l-/l-srv.sh index e69de29..eff9c88 100644 --- a/configs/l-/l-srv.sh +++ b/configs/l-/l-srv.sh @@ -0,0 +1,19 @@ +HS="/etc/hostname" +rm $HS; touch $HS +echo "L-SRV" >> $HS +H="/etc/hosts"; rm $H; touch $H +echo -e "# ${H} file.\n# Configured by Maxim\n\n" >> $H +echo -e "# Default values\n127.0.0.1\tlocalhost\n::1\tip6-localhots ip6-loopback\nff02::1\tip6-allnodes\nff02::2\tip6-allrouters\n" >> $H +echo -e "# Work values\n172.16.20.10\tl-srv l-srv.skill39.wsr\n10.10.10.1\tl-fw l-fw.skill39.wsr\n172.16.50.2\tl-rtr-a l-rtr-a.skill39.wsr\n172.16.55.2\tl-rtr-b l-rtr-b.skill39.wsr\n172.16.200.61\tl-cli-b l-cli-b.skill39.wsr\n20.20.20.5\tout-cli out-cli.skill39.wsr\n20.20.20.100\tr-fw r-fw.skill39.wsr\n192.168.20.10\tr-srv r-srv.skill39.wsr\n192.168.10.2\tr-rtr r-rtr.skill39.wsr\n192.168.100.100\tr-cli r-cli.skill39.wsr">> $H +echo -e "10.10.10.10\tisp" >> $H +echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf +iptables -F +apt-cdrom add + +apt-get install tcpdump bind9 ssh nfs-common network-manager curl lynx net-tools vim bind9utils cifs-utils -y + + + +systemctl disable chronyd ; systemctl stop chronyd +shutdown -r 0 + diff --git a/configs/r-/r-fw.sh b/configs/r-/r-fw.sh new file mode 100644 index 0000000..4c3ddd3 --- /dev/null +++ b/configs/r-/r-fw.sh @@ -0,0 +1,74 @@ +HS="/etc/hostname" +sh -c "rm $HS"; touch $HS +echo "R-FW" >> $HS +H="/etc/hosts"; rm $H; touch $H +echo -e "# ${H} file.\n# Configured by Maxim\n\n" >> $H +echo -e "# Default values\n127.0.0.1\tlocalhost\n::1\tip6-localhots ip6-loopback\nff02::1\tip6-allnodes\nff02::2\tip6-allrouters\n" >> $H +echo -e "# Work values\n172.16.20.10\tl-srv l-srv.skill39.wsr\n10.10.10.1\tl-fw l-fw.skill39.wsr\n172.16.50.2\tl-rtr-a l-rtr-a.skill39.wsr\n172.16.55.2\tl-rtr-b l-rtr-b.skill39.wsr\n172.16.200.61\tl-cli-b l-cli-b.skill39.wsr\n20.20.20.5\tout-cli out-cli.skill39.wsr\n20.20.20.100\tr-fw r-fw.skill39.wsr\n192.168.20.10\tr-srv r-srv.skill39.wsr\n192.168.10.2\tr-rtr r-rtr.skill39.wsr\n192.168.100.100\tr-cli r-cli.skill39.wsr">> $H +echo -e "20.20.20.10\tisp" >> $H +echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf + +setenforce 0 +sed -ie 's/SELINUX=enforcing /SELINUX=permissive/' /etc/selinux/config; +systemctl stop firewalld && systemctl disable firewalld + +cd /media/; rm -rf * +mkdir CentOS; mkdir cdrom +cd /etc/ +mv yum.repos.d/ yum.repos.d-default/; mkdir yum.repos.d +REPF="/etc/yum.repos.d/CentOS-Media.repo" +touch $REPF +echo -e "# ${REPF} file.\n# Configured by Maxim\n\n[c7-media]\nname=CentOS-$releasever - Media\nbaseurl=file:///media/CentOS/\n\t\tfile:///media/cdrom/\ngpgcheck=1\nenabled=1\ngpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7" >> $REPF +mount -L "CentOS 7 x86_64" /media/CentOS +mount -L "CDROM" /media/cdrom + +yum install lynx vim net-tools dhclient bash-completion tcpdump curl nfs-utils cifs-utils sshpass bind-utils -y + +sed -ie "s/^hosts:\t*/hosts:\t\tdns files [NOTFOUND=return] # old:/" /etc/nsswitch.conf +SSHC="/etc/ssh/sshd_config" +cp $SSHC $SSHC.old +sed -ie 's/#PermitRoot.*/PermitRootLogin yes/' $SSHC + +nmcli con del id ens192 +nmcli con del id ens224 +nmcli con del id ens160 +nmcli con del id gre1 + +nmcli con add con-name ens192 ifname ens192 autoconnect yes type ethernet ip4 "192.168.10.1/30" +nmcli con mod ens192 +ipv4.dns 172.16.20.10 +ipv4.dns 192.168.20.10 +ipv4.dns-search "skill39.wsr" +nmcli con add con-name ens224 ifname ens224 autoconnect yes type ethernet ip4 "192.168.20.1/30" +nmcli con mod ens224 +ipv4.dns 172.16.20.10 +ipv4.dns 192.168.20.10 +ipv4.dns-search "skill39.wsr" +nmcli con add con-name ens160 ifname ens160 autoconnect yes type ethernet ip4 "20.20.20.100/24" gw4 20.20.20.10 +nmcli con mod ens160 +ipv4.dns 172.16.20.10 +ipv4.dns 192.168.20.10 +ipv4.dns-search "skill39.wsr" +nmcli con add type ip-tunnel ip-tunnel.mode gre con-name gre1 ifname gre1 autoconnect yes remote 10.10.10.1 local 20.20.20.100 +nmcli con mod gre1 ipv4.method manual +ipv4.addresses "10.5.5.2/30" +nmcli con mod gre1 ip-tunnel.ttl 64 + +nmcli con up ens192 ifname ens192 +nmcli con up ens224 ifname ens224 +nmcli con up ens160 ifname ens160 +nmcli con up gre1 ifname gre1 + +yum install /media/cdrom/lib* /media/cdrom/frr* -y + +systemctl stop frr; systemctl disable frr; +sed -ie 's/ospfd=no/ospfd=yes/' /etc/frr/daemons; +sed -ie 's/zebra=no/zebra=yes/' /etc/frr/daemons; +systemctl start frr; systemctl enable frr; + +vtysh +conf t + router ospf + network 192.168.20.0/24 area 0 + network 192.168.10.0/30 area 0 + network 10.5.5.0/30 area 0 + network 5.5.5.0/27 area 0 + passive-interface ens160 + passive-interface ens224 + exit + exit +write +exit +systemctl disable chronyd ; systemctl stop chronyd +shutdown -r 0 + diff --git a/configs/r-/r-rtr.sh b/configs/r-/r-rtr.sh new file mode 100644 index 0000000..485313d --- /dev/null +++ b/configs/r-/r-rtr.sh @@ -0,0 +1,61 @@ +HS="/etc/hostname" +sh -c "rm $HS"; touch $HS +echo "R-RTR" >> $HS +H="/etc/hosts"; rm $H; touch $H +echo -e "# ${H} file.\n# Configured by Maxim\n\n" >> $H +echo -e "# Default values\n127.0.0.1\tlocalhost\n::1\tip6-localhots ip6-loopback\nff02::1\tip6-allnodes\nff02::2\tip6-allrouters\n" >> $H +echo -e "# Work values\n172.16.20.10\tl-srv l-srv.skill39.wsr\n10.10.10.1\tl-fw l-fw.skill39.wsr\n172.16.50.2\tl-rtr-a l-rtr-a.skill39.wsr\n172.16.55.2\tl-rtr-b l-rtr-b.skill39.wsr\n172.16.200.61\tl-cli-b l-cli-b.skill39.wsr\n20.20.20.5\tout-cli out-cli.skill39.wsr\n20.20.20.100\tr-fw r-fw.skill39.wsr\n192.168.20.10\tr-srv r-srv.skill39.wsr\n192.168.10.2\tr-rtr r-rtr.skill39.wsr\n192.168.100.100\tr-cli r-cli.skill39.wsr">> $H +echo -e "20.20.20.10\tisp" >> $H +echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf +setenforce 0 +sed -ie 's/SELINUX=enforcing /SELINUX=permissive/' /etc/selinux/config; +systemctl stop firewalld && systemctl disable firewalld + +cd /media/; rm -rf * +mkdir CentOS; mkdir cdrom +cd /etc/ +mv yum.repos.d/ yum.repos.d-default/; mkdir yum.repos.d +REPF="/etc/yum.repos.d/CentOS-Media.repo" +touch $REPF +echo -e "# ${REPF} file.\n# Configured by Maxim\n\n[c7-media]\nname=CentOS-$releasever - Media\nbaseurl=file:///media/CentOS/\n\t\tfile:///media/cdrom/\ngpgcheck=1\nenabled=1\ngpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7" >> $REPF +mount -L "CentOS 7 x86_64" /media/CentOS +mount -L "CDROM" /media/cdrom + +yum install lynx vim net-tools dhclient bash-completion tcpdump curl nfs-utils cifs-utils sshpass bind-utils -y + +sed -ie "s/^hosts:\t*/hosts:\t\tdns files [NOTFOUND=return] # old:/" /etc/nsswitch.conf +SSHC="/etc/ssh/sshd_config" +cp $SSHC $SSHC.old +sed -ie 's/#PermitRoot.*/PermitRootLogin yes/' $SSHC + +nmcli con del id ens192 +nmcli con del id ens160 + +nmcli con add con-name ens160 ifname ens160 autoconnect yes type ethernet ip4 192.168.10.2/30 +nmcli con mod ens160 +ipv4.dns 172.16.20.10 +ipv4.dns 192.168.20.10 +ipv4.dns-search "skill39.wsr" +nmcli con add con-name ens192 ifname ens192 autoconnect yes type ethernet ip4 192.168.100.1/24 gw4 192.168.10.1 +nmcli con mod ens192 +ipv4.dns 172.16.20.10 +ipv4.dns 192.168.20.10 +ipv4.dns-search "skill39.wsr" + +nmcli con up ens160 ifname ens160 +nmcli con up ens192 ifname ens192 + +yum install /media/cdrom/lib* /media/cdrom/frr* -y + +systemctl stop frr; systemctl disable frr; +sed -ie 's/ospfd=no/ospfd=yes/' /etc/frr/daemons; +sed -ie 's/zebra=no/zebra=yes/' /etc/frr/daemons; +systemctl start frr; systemctl enable frr; + +vtysh +conf t + router ospf + network 192.168.10.0/30 area 0 + network 192.168.100.0/24 area 0 + passive-interface ens192 + exit + exit +write +exit +systemctl disable chronyd ; systemctl stop chronyd +shutdown -r 0 +