1. Trang chủ
  2. » Công Nghệ Thông Tin

Red Hat Linux Networking and System Administration Third Edition phần 5 pptx

103 307 0

Đang tải... (xem toàn văn)

Tài liệu hạn chế xem trước, để xem đầy đủ mời bạn chọn Tải xuống

THÔNG TIN TÀI LIỆU

Thông tin cơ bản

Định dạng
Số trang 103
Dung lượng 1,97 MB

Nội dung

376 Chapter 15 Table 15-4 PostgreSQL Client Programs and Utilities PROGRAM DESCRIPTION createdb Creates a new database in the database cluster createuser Creates a new user in the database cluster dropdb Deletes a database from the database cluster dropuser Deletes a user form the database cluster pg_dump Saves (dumps) the contents of a database or database object to a file pg_restore Reloads a database or database object using a file created by pg_dump psql Provides a command interpreter for interacting with a database server Most PostgreSQL clients share a number of options in common For example, -U username specifies the username to use when connecting to the server -W indicates you should be prompted for a password -D /path specifies the path to the PostgreSQL database cluster, which defaults to the value of the environment variable $PGDATA or the compiled in default (/var/lib/pgsql/data) -e causes wrapper scripts like createdb and dropuser to echo to standard output (stdout) the SQL commands used Commands that operate on or require a connection to a specific database usually accept a database name as an argument If a database name is not specified, it defaults to the name of the user connecting to the database specified using -U username or to the connecting user’s login name if -U username is not specified Similarly, most PostgreSQL clients can use PostgreSQL-specific environment variables to set certain defaults In addition to $PGDATA, which you’ve already seen, the variable $PGDATABASE stores the name of the database to use (or create or drop) unless overridden on the command line $PGHOST specifies the name of the host on which the database server is running and so is usually used when connecting to a database running on a remote host $PGUSER defines the default connection parameters, which usually consists of the PostgreSQL user name You’ve already seen the syntax for createdb and createuser, so we won’t review it here dropdb and dropuser drop (delete) a database or user, respectively, from the database cluster dropdb’s syntax is: dropdb [option ] dbname dbname identifies the database to drop and option (there can be multiple options) accepts the options previously described and, most importantly, the Configuring a Database Server -i option, which asks for confirmation before actually dropping the database This is an important option because dropping a database deletes the data and data structures associated with the database Unless you have previously saved the data, dropping a database is a permanent action Because it is such a drastic action, only the database owner and the PostgreSQL superuser have privileges to drop a database As a precaution, you should always save the database data before dropping it (use the pg_dump command, about which you’ll learn shortly) The dropuser wrapper utility deletes a specified user from the database cluster Its syntax is: dropuser [option ] username Replace username with the name of the PostgreSQL user account you want to delete The possible values for option were described earlier and won’t be repeated here, except to add the dropuser, like dropdb, also accepts the -i option to request interactive use Before dropping a database, you should use the pg dump pg_dump program to save the data unless you are absolutely, positively, 100 percent certain beyond the slightest shadow of a doubt that you won’t need the data in the future pg_dump’s syntax is: pg_dump [option ] dbname As usual, dbname specifies the name of the database to dump option controls the actual dump behavior The various options already described also work with pg_dump, but it has a number of options specific to its behavior that you’ll want to know about pg_dump is usually used to archive and retrieve data, such as for backup and upgrade purposes, so the options discussed focus on that purpose A typical archive/restore operation consists of dumping the database, dropping it, recreating it, and reloading it with the dumped data Using the -C option, pg_dump will begin the dump output with the SQL statements necessary to create the database and then connect to it The rest of the dump will consist of COPY statements that use a PostgreSQL-specific extension for performing high-speed data loads Use the -f filename option to specify the name of the output file If you don’t use this option, output goes to stdout and must be redirected to a file using the shell’s > operator To create an output file, finally, most suitable for use with pg_restore (described next), use the -Fc option, which specifies a custom output format specifically designed for use with pg_restore (-Fp outputs a plain ASCII text file with data and SQL statements and -Ft outputs a tar archive that pg_restore can read) 377 378 Chapter 15 If you want to dump only the database schema (the actual design of the database, not its data) specify the -s option Similarly, if you are interested in only the contents of a particular table, specify -t table, where table is the name of the table that interests you pg_restore is pg_dump’s counterpart and restores or reloads a PostgreSQL database dump created with pg_dump It also accepts the same command-line options as pg_dump, so your learning curve has flattened out considerably The difference between the two is that pg_restore’s argument is the name of an input file created by pg_dump So, given the following pg_dump command: -bash-3.00$ pg_dump -Fc -C rhlnsa3 > rhlnsa3.db You can restore the contents of the tables in the database rhlnsa3 using the following pg_restore command (the rhlnsa3 database must exist) after dropping any tables in the database: -bash-3.00$ pg_restore -d rhlnsa3.dump Table 15-5 lists the PostgreSQL server programs you’ll want to know how to use You will rarely, if ever, need to invoke the postgres command directly It is called by the postmaster command postgres is responsible for processing queries for a single connection to the database server When a connection starts, postmaster, which listens for incoming connection requests, starts a postgres process to handle that connection In addition to serving as the multiuser server for a PostgreSQL databases, postmaster is also responsible for handling communication between individual postgres processes You can also almost always rely on the PostgreSQL initialization script, postgresql, to start and stop the postmaster service, so you should hardly ever need to execute postmaster directly Table 15-5 PostgreSQL Server Programs and Utilities PROGRAM DESCRIPTION initdb Creates and initializes a PostgreSQL database cluster pg_ctl Controls a running database server instance postgres Processes queries for a single connection to a PostgreSQL database (usually started by postmaster) postmaster Starts postgres processes to handle incoming database connections and coordinates communication between postgres processes Configuring a Database Server Summary Linux-based database servers are becoming as ubiquitous as Linux-based Web and email servers, so it is likely that you will need to create a database server at some point While you don’t need to be on a first-name basis with the finer points of database administration to configure a database server, it does help to be familiar with the general process Just installing the software isn’t usually sufficient, either As an administrator, you usually need to be able to make sure that the database is accessible (or not as the case might be), that the initial accounts are secure, and that the server is working This chapter showed you how to configure MySQL and PostgreSQL to a basic level of functionality As you learned, installing them is easy, but the postinstallation configuration and testing can be tedious The good news is that database installations are usually performed in conjunction with a DBA who provides guidelines and instructions for you to follow You’re rarely on your own 379 CHAPTER 16 Creating a VNC Server IN THIS CHAPTER ■ ■ ■ ■ ■ ■ What Is VNC? Setting Up a VNC Server Testing the VNC Providing network services for remote employees, whether they are road warriors barricaded in a hotel room or telecommuters working from a home office, is nothing new As telecommuting becomes more common and broadband Internet access more widespread, system administrators are increasingly being asked to provide remote access to their networks Various approaches to providing LAN services to disconnected employees have been tried over the years, including remote control software virtual private networks (VPNs) The goal has always been to make it possible for remote employees to use another computer or LAN-based services as if those employees were sitting in the office VNC gives you remote access to an existing desktop system and all of the resources that it can access This chapter describes how use Fedora Core and RHEL to create a VNC server, enabling telecommuters and other remote employees to access a Fedora Core- or RHEL-based LAN and LAN-based services It also shows you how to configure a Linux system as a VNC client What Is VNC? Just to get the acronym out of the way, VNC stands for virtual network computing, and it provides a way to fully control one computer from any other computer or similarly capable device situated anywhere on the Internet One of 381 382 Chapter 16 the virtues of VNC solutions over other methods is that VNC is cross-platform You can access and control a Linux host from a Windows PC, something not possible with products like PCAnywhere Another VNC advantage is that the protocol is optimized for Internet transmission, so it is actually possible and not glacially slow to run X applications across the Internet In addition to providing remote users access to LAN-based systems and services, VNC also has clear uses for help desk technicians, other technical support professionals, and system administrators If you ever worked at a help desk, you know how difficult it is to get the “helpees” on the other end of the telephone to tell you what the screen looks like, what applications are running, and even to coherently describe the problem they’re having You also know how hard it is to make sure that the person you’re helping types the commands you want typed or executes the problem resolution procedure properly Using VNC, you have immediate access to the user’s system and can remotely diagnose and troubleshoot the problem at hand, all without having to leave your desk VNC is a real boon for system administrators for the same reasons Even if out of the office or at a remote site, the administrator always has access to management and monitoring tools that can make detecting and fixing a troublesome server a trivial undertaking Unlike older, less capable remote control software, VNC supports multiple incoming connections to the same VNC server, so it is possible for several users to connect to the same system and work collaboratively on a project, such as a presentation Alternatively, you can use a single VNC server as an access concentration point from which properly authorized users can connect to other systems Another difference between VNC and other remote control protocols is that VNC, described as “remote display protocol” or an RFB (remote framebuffer), is an open and nonproprietary protocol, whereas the other products (from Symantec, Citrix, Insignia Solutions, and Microsoft) are closed protocols that are closely tied to the Windows GUI What VNC is not is a VPN, or virtual private network Speaking broadly, a VPN is a network configuration in which a main internal network has remote nodes (such as telecommuting employees) that use a VPN running over (perhaps it is better to say across) the Internet to access the main internal network To achieve this, a secure (encrypted) tunnel is created between the main network and the remote nodes, and IP traffic is routed through that tunnel VNC, on the other hand, while it can be used across a VPN and uses the Internet to transport packets back and forth, is usually used to provide access to a single system and to allow a remote user full control over that system More succinctly, VPN makes a remote system part of the main network; VNC gives a remote user control over one system on the main network For more information about VNC, two of the best resources are the excellent VNC overview at uk.research.att.com/pub/docs/att/tr.98.1.pdf Creating a VNC Server and the RealVNC Web site (realvnc.com/) There is a connection between AT&T and RealVNC Researchers at the AT&T UK research labs created VNC RealVNC was formed by some of the AT&T researchers as a venture to commercialize VNC technology The VNC software is licensed under the GPL, so RealVNC’s business model depends on providing support, service, and valueadded software Setting Up a VNC Server In this context, a VNC server is the machine you want to access remotely So, if you’re at home and want to connect to the Linux system on your desk at work, the system at work is the server; the system at home is the VNC client Figure 16-1 illustrates this arrangement To set up a VNC server, you’ll need to install the vnc-server and vnc packages The commands shown below will show you if they are installed: $ rpmquery vnc-server vnc-server-4.1.1-10 $ rpmquery vnc vnc-4.1.1-10 If these packages are not installed, install them before proceeding Starting the VNC server is simplicity itself: execute the Perl script vncserver as a mortal user vncserver is a wrapper script that handles the persnickety details of starting Xvnc, the X Window System VNC server Speaking more precisely, Xvnc creates a VNC desktop on the server system to which VNC clients can connect There is a configuration step that must be performed by the root user, but starting the server does not require any special privileges The first time you start vncserver, you have to set the password that connecting clients must issue, as shown in the following example: $ vncserver You will require a password to access your desktops Password: Verify: New coondog.example.com:1 (bubba)’ desktop is coondog.example.com:1 Creating default startup script /home/bubba/.vnc/xstartup Starting applications specified in /home/bubba/.vnc/xstartup Log file is /home/bubba/.vnc/coondog.com:1.log 383 384 Chapter 16 VNC Server VNC Client INTERNET Corporate Firewall Home Firewall Figure 16-1 Typical VNC client and server configuration The output is important The first line after setting the password indicates that Xvnc has created a new display, :1 on the host coondog.example com You will need this information when you connect from the client system vncserver asks for a password only the first time you start it You can change the password later using the command vncpasswd or by removing the file $HOME/.vnc/passwd The next two lines tell you that a startup script, /home/bubba/.vnc /xstartup, has been created and that the script has been executed, that is, the applications it specifies are running on the Xvnc display This means that when you connect to the VNC server, the client will have those applications already running This also means that if you want to customize the desktop provided by the server, you can edit the xstartup file Finally, vncserver tells you where to find the log file it creates, which will simplify troubleshooting the VNC server problems if you encounter any When vncserver completes, a simple, unadorned VNC desktop is ready to accept connections Configuring Your Firewall for VNC Well, your VNC server is almost ready to accept connections VNC listens on port 5500 plus the X display number for incoming VNC client sessions On a properly secured system, these ports are blocked at the firewall You have to punch a hole in the firewall for that port so that VNC clients can get through to the server This configuration step requires root access because you need to use the Security Level Configuration tool to modify your system’s firewall setup (you are running a firewall, right?) To start the Security Level Configuration tool, select Red Hat ➪ System Settings ➪ Security Level or type system-config-securitylevel at a command prompt Figure 16-2 shows the Security Level Configuration tool’s main screen Creating a VNC Server Figure 16-2 The Security Level Configuration tool The firewall configuration shown in Figure 16-2 is tight: no external access of any sort is permitted on this machine You’re about to change this In the Other ports: (1029:tcp) text box, type 5901:tcp By default, VNC uses ports numbered 5900 plus the display number In this example, the display number is :1, so the port number is 5901 If you were using display number :21, the port number would be 5912 The :tcp portion of the port number tells the firewall to open port 5901 for TCP connections because the remote framebuffer protocol uses TCP, not UDP After you have entered the appropriate port number (see Figure 16-3), click OK to save your change and close the Security Level Configuration tool Click Yes when the tool warns you that you are about to overwrite your existing firewall configuration VNC clients can now access the VNC server, so the server configuration is complete 385 464 Chapter 20 Next, you add the information about your name servers and their IP addresses NS PTR PTR main.tactechnology.com main.tactechnology.com p200.tactechnology.com If you have done everything as explained here, your name server should be working properly after you restart it You made some changes to the /etc/named.conf file, so before you can check what you did, you need to restart the named daemon N OT E The named daemon must be restarted whenever you make changes to /etc/named.conf To restart named, you just need to enter the following command: service named restart Checking Your Configuration After you finish configuring your master DNS server, you can check your configuration to be sure that it’s working You can use several tools to your check I talk about two of them here Just be sure to substitute your domain and IP information when you run the commands If your system is set up correctly, you should obtain similar results The Host Program host enables you to find an IP address for the specified domain name All that is required is the domain name of the remote host, as shown here with the command on the first line and the output from the command on the second line: [root@laptop root]# host tactechnology.com tactechnology.com has address 12.129.206.112 You can also search for resource record types by using the –t option and the type of resource record that you want to search For example, if you want to find information about the mail server for a domain, enter the following command and receive the following output: [root@terry named]# host -t mx tactechnology.com tactechnology.com mail is handled by 10 mail.tactechnology.com Configuring BIND: The Domain Name System The dig Program dig can be used for debugging and obtaining other useful information The basic syntax is: dig (@server) domain name (type) Items shown in parentheses are optional Listing 20-4 shows an example of using dig to request information about the DNS servers at my school [root@terry named]# dig muhlenberg.edu ; DiG 9.2.2-P3 muhlenberg.edu ;; global options: printcmd ;; Got answer: ;; ->>HEADERHEADER

Ngày đăng: 14/08/2014, 12:20

TỪ KHÓA LIÊN QUAN