Build enterprise data network disk step by step

Tip: after the article is written, the directory can be generated automatically. Please refer to the help document on the right for how to generate it
Overview of Linux system operation and maintenance

preface

Enterprise network disk is an enterprise data network storage and management solution based on the concept of cloud computing. It uses the massive computing and storage capacity of the internet background data center to provide enterprises with services such as data collection and distribution, storage backup and management.
Enterprise network disk is a private network disk system of enterprises and institutions. It has powerful and easy-to-use functions such as online editing and preview of documents, collaborative office, department or virtual team level file sharing, automatic scheduled backup, historical data archiving and so on.

1, Linux system operation and maintenance Overview?

Compared with the free personal network disk, the enterprise network disk has better data security. Non unit personnel generally cannot obtain the system login address, let alone enter. At the same time, compared with personal network disk, enterprise network disk has stronger team collaboration function, and can meet the needs of enterprises in terms of organizational structure and shared permissions. It can effectively improve work efficiency when many people share and cooperate with daily office documents.
Domestic enterprise network disks include synchronization disk, fast enough enterprise network disk, knowledge base, Lenovo enterprise network disk, 115 network disk, Huawei network disk, Richdrive enterprise network disk, etc

1.1. Overview of Linux system operation and maintenance technology

In one sentence: it is to maintain the normal operation of Linux system and related software services, program code (Java, PHP, python) and enterprise core data on the system; With the rapid growth of the number of operation and maintenance personnel, enterprises will have the ability to make money and provide high-quality services, which will double the number of operation and maintenance personnel for enterprises.
In the operation process of the whole enterprise business system, it involves the integrated technology of system, network, database, storage, development, security, monitoring, architecture and so on; Put forward higher requirements for the ability of operation and maintenance personnel.

1.1.2 enterprise value of Linux system operation and maintenance

For example, we use Taobao and jd.com for shopping and Baidu and Google for search. It seems that the website interface is very simple. In fact, there are thousands to tens of thousands behind the website; Even more than 100000 servers, which is why enterprises need operation and maintenance engineers.

With the rapid development of Internet and mobile Internet, the number of enterprise users has increased exponentially (up to millions, tens of millions, nearly 1 billion users of wechat and QQ), the scale and amount of data of enterprise applications and websites are also increasing, more and more servers are needed, and the software and program architecture are becoming more and more complex;
For example, the number of servers of each enterprise in BAT may be as many as tens of thousands to 100000. So many servers, software operation, website architecture, program code and data security maintenance; All need special technicians to maintain, and the demand will be more and more.

1.1.3 Linux operation and maintenance post introduction

Hardware operation and maintenance: hardware maintenance, such as servers, switches, routers, storage, load balancing and other equipment;
Network operation and maintenance: maintenance of network equipment, switches, routers and office LAN;
System operation and maintenance: maintenance of basic settings, focusing on systems and applications, and also involving hardware networks.
Application operation and maintenance: maintenance and troubleshooting of enterprise business R & D environment, test environment and online environment.
Monitoring operation and maintenance: monitoring and alarm database operation and maintenance of all server clusters of the whole business system: load data storage scheme design, database table design, index design and SQL optimization
Security operation and maintenance: security scanning, penetration testing, security tools, emergency handling of security incidents, etc.
Operation and maintenance development: develop operation and maintenance tools and platforms, as well as automatic and intelligent operation and maintenance.
The operation and maintenance engineer also includes some low-end posts: network administrator, IDC operation and maintenance, on duty operation and maintenance. These posts have no future and need to be improved as soon as possible.

1.1.4 work content of Linux operation and maintenance post

Internet Linux operation and maintenance engineer is a comprehensive technical post integrating multiple disciplines (network system development, database security storage, etc.), and even needs to communicate and deal with the world; Training, sales, management and other non-technical capabilities, which provides a broad development space for operation and maintenance engineers.

  • Data security, no loss, no disclosure
  • 7 * 24 hours without downtime
  • The service quality and user experience were very good
  • Operation and maintenance efficiency and cost control

1.1.5 Linux operation and maintenance career development route

2, Building enterprise network disk based on Linux system

2.1 preparation of deployment network disk service environment

2.1.1 system default selinux security policy optimization description

# Temporarily turn off the firewall
[root@lanfeng ~]# setenforce 0
[root@lanfeng  ~]# getenforce 
Permissive
​
# Permanently turn off the firewall
[root@lanfeng  ~]# cat /etc/selinux/config 
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#  enforcing - SELinux security policy is enforced
-- express selinux The security policy function is enabled
# permissive - SELinux prints warnings instead of enforcing.  
-- express selinux The security policy only displays warning information and will not carry out security processing
#     disabled - No SELinux policy is loaded.
       -- express selinux The security policy feature is completely disabled
SELINUX=enforcing
[root@lanfeng  ~]# sed -i '7s#enforcing#disabled#g' /etc/selinux/config
[root@lanfeng  ~]# reboot

2.1.2 system default firewall service optimization description

# Temporarily turn off the firewall
[root@lanfeng  ~]# systemctl stop firewalld.service​
# Permanently turn off the firewall
[root@lanfeng  ~]# systemctl disable firewalld.service
Removed symlink /etc/systemd/system/multiuser.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
# Operation configuration view confirmation
[root@lanfeng  ~]# systemctl status firewalld
firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
Active: inactive (dead)
[root@lanfeng ~]# systemctl is-active firewalld.service 
unknown
[root@lanfeng ~]# systemctl is-enabled firewalld.service 
disabled

2.1.3 system software program download optimization method

# Configure official source update address:
[root@lanfeng ~]# curl -s -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
​
# Configure the update address of the third-party epel source:
[root@lanfeng ~]# curl -s -o /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo

2.1.4 system basic software program download and installation

# Enterprise application infrastructure:
[root@lanfeng ~]# yum install -y  tree nmap lrzsz dos2unix nc lsof wget -y​
# Enterprise application extension tools:
[root@lanfeng ~]# yum install -y  psmisc net-tools bash-completion vim-enhanced -y

2.2 deployment of network disk service architecture

2.2.1 installation and deployment of nginx program:

# Software program download and installation
[root@lanfeng ~]# yum install yum-plugin-priorities -y
[root@lanfeng ~]# cat >/etc/yum.repos.d/nginx.repo<<'EOF'
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=0
priority=1
EOF
[root@lanfeng ~]# cat /etc/yum.repos.d/nginx.repo
[root@lanfeng ~]# yum remove nginx -y
-- Remove original nginx program
[root@lanfeng ~]# yum install nginx -y
-- Install the latest nginx program
​
# Software program user configuration
[root@lanfeng ~]# useradd -u1111 www -s /sbin/nologin -M
[root@lanfeng ~]# sed -i '/^user/c user www;' /etc/nginx/nginx.conf 
[root@lanfeng ~]# grep "^user" /etc/nginx/nginx.conf
​
# Start and run the software program
[root@lanfeng ~]# systemctl start nginx
[root@lanfeng ~]# systemctl enable nginx
-- Set startup and automatic operation
​
# Check service operation
[root@lanfeng ~]# netstat -lntup 
-- View the service corresponding to the port, and the success flag appears at port 80
[root@lanfeng ~]# curl 127.0.0.1 
-- Conduct test access and display welcome to Nginx Indicates normal.

2.2.2 php program installation and deployment:

# Configure php installation source
[root@lanfeng ~]# yum install epel-release -y
[root@lanfeng ~]# wget https://mirror.webtatic.com/yum/el7/webtatic-release.rpm --no-check-certificate
[root@lanfeng ~]# rpm -Uvh webtatic-release.rpm
​
# Uninstall old php
[root@lanfeng ~]# rpm -e $(rpm -qa|grep php)
[root@lanfeng ~]# rpm -qa|grep php
​
# Install php programs and related plug-ins
[root@lanfeng ~]# yum install php71w php71w-cli php71w-common php71w-devel php71w-embedded php71w-gd -y
[root@lanfeng ~]# yum install php71w-mcrypt php71w-mbstring php71w-pdo php71w-xml php71w-fpm php71w-mysqlnd -y
[root@lanfeng ~]# yum install php71w-opcache php71w-pecl-memcached php71w-pecl-redis php71w-pecl-mongodb -y
-- If the above installation package cannot be downloaded due to network problems, you can consider using offline package for installation and deployment
​
# The user configuration of PHP nginm is consistent with that of PHP nginm
[root@lanfeng ~]# sed -i '/^user/c user = www' /etc/php-fpm.d/www.conf
[root@lanfeng ~]# sed -i '/^group/c group = www' /etc/php-fpm.d/www.conf
[root@lanfeng ~]# egrep "^user|^group" /etc/php-fpm.d/www.conf
​
# Start and run PHP FPM software program and add it to the startup self startup
[root@lanfeng ~]# systemctl start php-fpm
[root@lanfeng ~]# systemctl enable php-fpm
[root@lanfeng ~]# lsof -i :9000
-- inspect php-fpm The program is running, and the success flag appears at port 9000
[root@lanfeng ~]# ps -ef|grep php-fpm
-- Check service process status

2.2.3 configure nginx to connect to php program:

[root@lanfeng~]# cat >/etc/nginx/conf.d/01_pan.etiantian.org.conf<<EOF
server {
server_name pan.etiantian.org;
listen 80;
root /data/pan;
index index.php index.html;
​
location ~ \.php\$ {
#root /opt/pan;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;
include fastcgi_params;
}
}
EOF
​
[root@lanfeng~]# cat /etc/nginx/conf.d/01_pan.etiantian.org.conf 
-- Check whether the configuration file is written
[root@lanfeng~]# nginx -t 
-- Conduct document preparation specification test
[root@lanfeng~]# systemctl restart nginx
-- restart nginx Service procedure

2.2.4 deployment network disk service architecture test

Write php function test files:

[root@lanfeng~]# mkdir /opt/pan -p
[root@lanfeng~]# cat> /opt/pan/phpinfo.php<<EOF
<?php
phpinfo();
?>
EOF

Local test of server system:

[root@lanfeng~]# curl -H "host:pan.etiantian.org" 127.0.0.1/phpinfo.php

2.3 deployment of network disk service architecture

2.3.1 deploy the network disk code project to the site directory:

[root@lanfeng~]# cd /opt/pan/
[root@lanfeng pan]# rz -y
-- Upload network disk code compressed package: kodexplorer4.47.zip
[root@lanfeng pan]# unzip kodexplorer4.47.zip
-- Decompress the compressed package of network disk program code
[root@lanfeng pan]# chown -R www.www /data/pan

2.3.2 configure the DNS domain name resolution file to access the website page through the domain name:

# Enter C:\Windows\System32\drivers\etc under windows, then edit hosts with and add the following line.
192.168.16.104 pan.lanfeng.org   
-- ip For your own Linux Server IP
​
# Ping pan when entering dos or xshell and not logging in lanfeng. Org to see if the IP address is returned.
[c:\~]$ ping pan.lanfeng.org 
Is Ping pan.etiantian.org [10.0.0.165] Data with 32 bytes:
From 192.168.16.104 Reply from: byte=32 time<1ms TTL=64
 From 192.168.16.104 Reply from: byte=32 time=1ms TTL=64
 From 192.168.16.104 Reply from: byte=32 time<1ms TTL=64
 From 192.168.16.104 Reply from: byte=32 time<1ms TTL=64

2.3.3 deploy network disk service test application
2.3.4 user login:

2.3.5 upload and store file data, and apply the network disk data storage function:

2.3.6 expand knowledge: what if you forget your login account password?

[root@lanfeng ~]# rm -f /opt/pan/data/system/install.lock
-- Delete the lock file in the program code and reset the administrator password, and the data information will not be affected

3, Summary

With the development of computer network, data storage, collaboration, security sharing, backup, collaboration, security, ease of use and other problems need to be solved by enterprises. For example, enterprise network disk can well solve the practical problems of these enterprises.
1. Unified storage of enterprise data, unified authorization, different data for different positions and different access rights;
2. Encrypted storage of sensitive data of enterprises and encrypted sharing can be used, but they can't be taken away;
3. Force automatic backup of important post data to ensure data security;
4. Effectively avoid malicious deletion of data after employee resignation;
5. Realize the safe, cooperative and efficient sharing of data among internal employees.

Tags: Operation & Maintenance Alibaba Cloud

Posted by maseeha on Thu, 19 May 2022 00:17:04 +0300