1公有云网络架构设计实验
2公有云计算架构设计实验
3公有云存储架构设计实验
4云数据库架构设计实验
6公有云应用架构设计实验
8 上云迁移设计实验
openssl申请
[ req ] distinguished_name = req_distinguished_name prompt = no [ req_distinguished_name ] O = ELB CN = www.internal-dedicated.com
nginx配置 /etc/nginx
网站目录:/usr/share/nginx/
# For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 4096;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
server {
listen 80;
listen [::]:80;
server_name _;
root /usr/share/nginx/html;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
error_page 404 /404.html;
location = /404.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
# Settings for a TLS enabled server.
#####https01
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name _;
root /usr/share/nginx/https01;
ssl_certificate "/root/https01.crt";
ssl_certificate_key "/root/https01.key";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# # Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
#####https02
server {
listen 8080 ssl http2;
listen [::]:8080 ssl http2;
server_name _;
root /usr/share/nginx/https02;
ssl_certificate "/root/https02.crt";
ssl_certificate_key "/root/https02.key";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
}
2. 公有云计算架构设计实验
Mysql安装:GPG报错处理
下载 mysql 源安装包。 wget http://dev.mysql.com/get/mysql57-community-release-el7-8.noarch.rpm 安装 mysql 源。 yum localinstall mysql57-community-release-el7-8.noarch.rpm 检查 mysql 源是否安装成功 yum repolist enabled | grep "mysql.*-community.*" 输入以下指令,安装 MySQL。 yum install mysql-community-server 启动 MySQL 服务。 systemctl start mysqld 查看 MySQL 启动状态。 systemctl status mysqld 输入以下指令,配置 Mysql 开机启动。 systemctl enable mysqld systemctl daemon-reload 查看root 并记录默认密码,用于后续登陆 grep 'temporary password' /var/log/mysqld.log 登录 MySQL。 mysql -u root -p 修改 MySQL root 的密码 ALTER USER 'root'@'localhost' IDENTIFIED BY 'Sooele1234%';
将 MySQL 切换到 mysql 数据库表。 use mysql; 设置任意主机可以通过root 登录。 update user set host = '%' where user = 'root'; 输入以下命令,查看信息配置是否正确。 select host,user from user; 输入以下命令,刷新权限,保证配置立即生效。 flush privileges;
安装 Apache 服务器、部署bbs.PHPFastCGI 管理器。
yum install -y httpd php php-fpm php-server php-mysql 启动httpd 和 php-fpm 服务。 systemctl start httpd systemctl start php-fpm 配置服务开机启动。 systemctl enable httpd systemctl enable php-fpm 下载部署Discuz 的代码压缩包。 wget http://download.comsenz.com/DiscuzX/3.2/Discuz_X3.2_SC_UTF8.zip 解压Discuz 部署代码压缩包,并进行查看。 unzip Discuz_X3.2_SC_UTF8.zip ls 把解压后的 upload 文件夹下的所有文件复制到/var/www/html/。 cp -r upload/* /var/www/html/ 执行以下命令,给 html 文件及子文件赋权限。 chmod -R 777 /var/www/html 重启 Apache 服务。 systemctl restart httpd
3.公有云存储架构设计实验
SFS挂载 创建 video 文件夹 mkdir /video 安装 nfs-utils yum -y install nfs-utils 挂载 SFS: (红色字体代表复制的挂载域名) mount -t nfs -o vers=3,timeo=600,nolock 步骤二中复制的 sfs 域名 /video 通过 mount|grep 命令筛选 video 关键词查看挂载是否成功: mount|grep video 输入以下命令设置自动挂载 echo -e "步骤二中复制的 sfs 域名 /video nfs vers=3,timeo=600,nolock,rsize=1048576,wsize=1048576,hard,retrans=3,noresvport,async,noatime, nodiratime 0 0" >>/etc/fstab 通过 cat 命令确认/etc/fstab 内容,如果文件有错误,请通过 vi 命令编辑修改: cat /etc/fstab 首先将挂载的文件系统卸载,再重新挂载文件中的所有分区,最后确认自动挂载是否生效: umount /video mount -a mount |grep video
EVS挂载 fdisk -l 为/dev/vdb 创建文件系统,挂载到/opt 目录 mkfs.ext4 /dev/vdb mount /dev/vdb /opt mount | grep opt 通过如下命令设置自动挂载(也可以通过 vi 手动编辑): echo -e "/dev/vdb/\t/opt\text4\tdefaults\t1 1" >>/etc/fstab 通过以下命令验证自动挂载是否生效: umount /opt mount -a mount | grep opt
nginx编译安装
cd /video yum install -y unzip unzip -o video.zip cd video cp nginx-1.15.9.tar.gz /opt/ cd /opt yum install -y pcre* yum install -y zlib* tar -xvf nginx-1.15.9.tar.gz cd nginx-1.15.9 ./configure --prefix=/opt/nginx make && make install 通过sed 命令修改 nginx.conf,将"root html"修改为"root /video/video" cd /opt/nginx/conf sed -i "0,/root html/s/root html/root \/video\/video/" nginx.conf 通过以下命令启动 nginx cd /opt/nginx/sbin/ ./nginx 通过以下命令设置自动启动 echo -e "\n#start nginx\nsleep 10\ncd /opt/nginx/sbin\n./nginx" >> /etc/rc.local chmod +x /etc/rc.d/rc.local
4 云数据库架构设计实验
ECS01
执行以下 3 条命令安装 mysql:
wget https://hcie-lab-2020.obs.cn-north-4.myhuaweicloud.com/mysql-community-release-el7-5.noarch.rpm
rpm -ivh mysql-community-release-el7-5.noarch.rpm
yum install mysql-server -y
启动mysql:
systemctl start mysqld
命令登录 mysql:
mysql -u root
密码可自定义,后续需登陆,请不要忘记设置的密码
use mysql
update user set password=PASSWORD("[email protected]!") where User='root';
修改配置文件,通过以下命令备份 mysql 配置文件:
(注意:在CentOS 版操作系统的最小安装完成后,在/etc 目录下会存在一个my.cnf,需要将此文件更名为其他的名字,如:/etc/my.cnf.bak,否则,该文件会干扰源码安装的 MySQL 的正确配置,造成无法启动。所以需修改名称,防止干扰:如:mv /etc/my.cnf /etc/my.cnf.bak
mv /etc/my.cnf /etc/my.cnf.bak
复制以下整段命令新增新的 my.cnf 配置文件:
www.sooele.com/5591.html
命令确认mysql 配置文件:
cat /etc/my.cnf
命令重启mysqld:
systemctl restart mysqld
首先通过以下命令登录 ECS-DB01 的mysql:(如设置其它密码,请修改成相应密码)
mysql [email protected]!
mysql>界面输入以下命令新建同步账户:
create user 'copy'@'172.16.%' identified by '[email protected]';
mysql>界面输入以下命令为同步账户授予复制权限:
grant replication slave on *.* to 'copy'@'172.16.%' identified by '[email protected]';
mysql>界面输入以下命令为 root 账户授予 vpc01 访问权限
grant all privileges on *.* to 'root'@'172.16.%' identified by '[email protected]!';
mysql>界面输入以下命令使配置生效:
flush privileges;
记录 ECS-DB01 的 mysql 中的 binlog 信息,确认主库binlog 的 File 值和 Position 值,并记录,用于后续配置从库同步:
show master status;
记录 ECS-DB01 的内网 IP 地址
ESC-BD02
为 ECS-DB02 的root 设置访问权限 在 mysql>界面输入以下命令为 root 用户授予 vpc01 访问权限: grant all privileges on *.* to 'root'@'172.16.%' identified by '[email protected]!'; 退出数据库 quit 以下命令确认服务正常: netstat -nutpel|grep 3306 登录ECS-DB02,通过以下命令备份 mysql 配置文件: www.sooele.com/5591.html 通过以下命令重启mysqld: systemctl restart mysqld 通过以下命令登录ECS-DB02 的mysql 数据库: mysql [email protected]! 输入以下命令设置 ECS-DB02 为从库: CHANGE MASTER TO MASTER_HOST='ECS-DB01 的内网 ip', MASTER_USER='copy',MASTER_PASSWORD='[email protected]', MASTER_LOG_FILE='主库 binlog 的 File 值', MASTER_LOG_POS=主库 binlog 的 position; mysql>界面输入以下命令: start slave; mysql>界面输入以下命令查看同步状态,查看 Slave_IO_Running 和 Slave_SQL_Running 的状 show slave status \G;
server {
listen 80;
server_name 01.sooele.com;
listen 443;
ssl on;
ssl_certificate /root/sooele.com.crt;#你的文件位置
ssl_certificate_key /root/sooele.com.key;#你的文件位置
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #按照这个协议配置
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;#按照这个套件配置
ssl_prefer_server_ciphers on;
#charset koi8-r;
#access_log logs/yourcrm.access.log main;
location / {
root //etc/nginx/conf.d/01.sooele.com;
index index.html index.html;
}
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /var/sites/yourcrm;
}
location ~ \.php$ {
root /var/sites/yourcrm;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /usr/local/nginx/html/$fastcgi_script_name;
include fastcgi_params;
}
}
SFS挂载: mount -t nfs -overs=3,timeo=600,nolock,rsize=1048576,wsize= mount -t nfs -overs=3,timeo=600,nolock,rsize=1048576,wsize= echo -e "192.168.0.22:/ /video nfs vers=3,timeo=600,nolock, echo -e "192.168.0.217:/ /video nfs vers=3,timeo=600,nolock 192.168.0.217:/ /video nfs vers=3,timeo=600,nolock,rsize=10 EVS:硬盘挂载 fdiks /**/** 格式化 mkfs.ext4 /dev/*** mount /dev/vdb /opt mount | grep opt mount /dev/vdb1 /opt echo -e "/dev/vdb1\t/opt\text4\tdefaults\t1 1" >>/etc/fstab
wget https://hcie-lab-2020.obs.cn-north-4.myhuaweicloud.com/mysql-community-release-el7-5.noarch.rpm CHANGE MASTER TO MASTER_HOST='172.16.0.89', MASTER_USER='copy',MASTER_PASSWORD='sooele0000', MASTER_LOG_FILE='mysql-bin.000004', CHANGE MASTER TO MASTER_HOST='步骤 17 中 ECS-DB01 的内网 ip', MASTER_USER='copy',MASTER_PASSWORD='sooele0000', MASTER_LOG_FILE=' CREATE TABLE IF NOT EXISTS `users` (`id` INT UNSIGNED AUTO_INCREMENT, `firstname`VARCHAR(100) NOT NULL, `lastname` VARCHAR(100) CHANGE MASTER TO MASTER_HOST='172.16.0.43', MASTER_USER='copy',MASTER_PASSWORD='[email protected]', MASTER_LOG_FILE='mysql-bin.000001', create user 'copy'@'172.17.%' identified by '[email protected]'; GRANT ALL PRIVILEGES ON . TO ‘copy’@’%’ IDENTIFIED BY ‘123456’ grant replication slave on *.* to 'copy'@'%' identified by '[email protected]'; create user 'root'@'%' identified by '123456'; grant replication slave on *.* to 'root'@'%' identified by '123456'; wget https://hcie-lab-2020.obs.cn-north-4.myhuaweicloud.com/Mycat-server-1.6-RELEASE20161028204710-linux.tar.g
PHP网页输出mycat(mysql)
<html>
<body>
<?php
echo "<table style='border: solid 1px black;'>"; echo "<tr><th>Id</th><th>Firstname</th><th>Lastname</th></tr>";
class TableRows extends RecursiveIteratorIterator { function __construct($it) { parent::__construct($it, self::LEAVES_ONLY); }
function current() { return "<td style='width: 150px; border: 1px solid black;'>" . parent::current(). "</td>"; }
function beginChildren() { echo "<tr>";
}
function endChildren() { echo "</tr>" . "\n";
}
}
$servername = "172.16.0.165";
$username = "root";
$password = "[email protected]!";
$dbname = "copydb";
$dbport = 3310;
try {
$conn = new PDO("mysql:host=$servername;port=$dbport;dbname=$dbname", $username, $password);
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$stmt = $conn->prepare("SELECT id, firstname, lastname FROM users");
$stmt->execute();
// set the resulting array to associative
$result = $stmt->setFetchMode(PDO::FETCH_ASSOC);
foreach(new TableRows(new RecursiveArrayIterator($stmt->fetchAll())) as $k=>$v) { echo $v;
}
}
catch(PDOException $e) {
echo "Error: " . $e->getMessage();
}
$conn = null; echo "</table>";
?>
</body>
</html>
APPLICATION_ID: Demo-for-microservice
service_description:
name: provider # 微服务名称,同应用下的不同微服务需要有不同的名称
version: 0.0.1 # 微服务版本号
cse:
service: # 服务中心信息,其中 address 为服务中心地址
registry:
address: https://cse.cn-north-4.myhuaweicloud.com
instance:
watch: false # 使用 pull 模式连接服务中心
config: # 配置中心信息,其中 address 为配置中心地址
client:
serverUri: https://cse.cn-north-4.myhuaweicloud.com
refreshMode: 1
refresh_interval: 5000
monitor: # 只有从本地接入云上 CSE 时需要配置 monitor 地址,云上集群部署时可以通过服务发现接入 monitor
client:
serverUri: https://cse.cn-north-4.myhuaweicloud.com
rest:
address: 0.0.0.0:8080 # 微服务端口,请确保该端口号无冲突
credentials: #本地连接华为云时需要配置 AK/SK,如果是在云上 ServiceStage 部署则不需要。直接删掉 credentials 配置即可
accessKey: # 请填写 AK
secretKey: # 请填写 SK
project: cn-north-4
akskCustomCipher: default # 这里的值与 sc/cc/monitor 的地址相对应,如果配置的是域名, CSEJavaSDK 可以自动截取出 project