HCIE 实验

1公有云网络架构设计实验

2公有云计算架构设计实验

3公有云存储架构设计实验

4云数据库架构设计实验

6公有云应用架构设计实验

8 上云迁移设计实验

openssl申请

[ req ] 
distinguished_name = req_distinguished_name 
prompt = no 
[ req_distinguished_name ] 
O = ELB 
CN = www.internal-dedicated.com

 

nginx配置 /etc/nginx

网站目录:/usr/share/nginx/

# For more information on configuration, see:
#   * Official English Documentation: http://nginx.org/en/docs/
#   * Official Russian Documentation: http://nginx.org/ru/docs/

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 4096;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    include /etc/nginx/conf.d/*.conf;

    server {
        listen       80;
        listen       [::]:80;
        server_name  _;
        root         /usr/share/nginx/html;

        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;

        error_page 404 /404.html;
        location = /404.html {
        }

        error_page 500 502 503 504 /50x.html;
        location = /50x.html {
        }
    }

# Settings for a TLS enabled server.
#####https01
   server {
       listen       443 ssl http2;
       listen       [::]:443 ssl http2;
       server_name  _;
       root         /usr/share/nginx/https01;

       ssl_certificate "/root/https01.crt";
       ssl_certificate_key "/root/https01.key";
       ssl_session_cache shared:SSL:1m;
       ssl_session_timeout  10m;
       ssl_ciphers HIGH:!aNULL:!MD5;
       ssl_prefer_server_ciphers on;

#        # Load configuration files for the default server block.
       include /etc/nginx/default.d/*.conf;

       error_page 404 /404.html;
           location = /40x.html {
       }

       error_page 500 502 503 504 /50x.html;
           location = /50x.html {
       }
   }

#####https02

   server {
       listen       8080 ssl http2;
       listen       [::]:8080 ssl http2;
       server_name  _;
       root         /usr/share/nginx/https02;

       ssl_certificate "/root/https02.crt";
       ssl_certificate_key "/root/https02.key";
       ssl_session_cache shared:SSL:1m;
       ssl_session_timeout  10m;
       ssl_ciphers HIGH:!aNULL:!MD5;
       ssl_prefer_server_ciphers on;

#        Load configuration files for the default server block.
       include /etc/nginx/default.d/*.conf;

       error_page 404 /404.html;
           location = /40x.html {
       }

       error_page 500 502 503 504 /50x.html;
           location = /50x.html {
       }
   }

}

 

 

2. 公有云计算架构设计实验

Mysql安装:GPG报错处理

下载 mysql 源安装包。
wget http://dev.mysql.com/get/mysql57-community-release-el7-8.noarch.rpm
安装 mysql 源。
yum localinstall mysql57-community-release-el7-8.noarch.rpm
检查 mysql 源是否安装成功
yum repolist enabled | grep "mysql.*-community.*"
输入以下指令,安装 MySQL。
yum install mysql-community-server
启动 MySQL 服务。
systemctl start mysqld
查看 MySQL 启动状态。
systemctl status mysqld
输入以下指令,配置 Mysql 开机启动。
systemctl enable mysqld 
systemctl daemon-reload

查看root 并记录默认密码,用于后续登陆
grep 'temporary password' /var/log/mysqld.log
登录 MySQL。
mysql -u root -p

修改 MySQL root 的密码
ALTER USER 'root'@'localhost' IDENTIFIED BY 'Sooele1234%';
将 MySQL 切换到 mysql 数据库表。
use mysql;

设置任意主机可以通过root 登录。
update user set host = '%' where user = 'root';

输入以下命令,查看信息配置是否正确。
select host,user from user;

输入以下命令,刷新权限,保证配置立即生效。
flush privileges;

安装 Apache 服务器、部署bbs.PHPFastCGI 管理器。

yum install -y httpd php php-fpm php-server php-mysql

启动httpd 和 php-fpm 服务。
systemctl start httpd 
systemctl start php-fpm

配置服务开机启动。
systemctl enable httpd 
systemctl enable php-fpm

下载部署Discuz 的代码压缩包。
wget http://download.comsenz.com/DiscuzX/3.2/Discuz_X3.2_SC_UTF8.zip

解压Discuz 部署代码压缩包,并进行查看。
unzip Discuz_X3.2_SC_UTF8.zip 
ls

把解压后的 upload 文件夹下的所有文件复制到/var/www/html/。
cp -r upload/* /var/www/html/

执行以下命令,给 html 文件及子文件赋权限。
chmod -R 777 /var/www/html

重启 Apache 服务。
systemctl restart httpd

 

3.公有云存储架构设计实验

SFS挂载
创建 video 文件夹
mkdir /video

安装 nfs-utils
yum -y install nfs-utils

挂载 SFS: (红色字体代表复制的挂载域名)
mount -t nfs -o vers=3,timeo=600,nolock 步骤二中复制的 sfs 域名  /video

通过 mount|grep 命令筛选 video 关键词查看挂载是否成功:
mount|grep video

输入以下命令设置自动挂载
echo -e "步骤二中复制的 sfs 域名 /video nfs vers=3,timeo=600,nolock,rsize=1048576,wsize=1048576,hard,retrans=3,noresvport,async,noatime, nodiratime 0 0" >>/etc/fstab

通过 cat 命令确认/etc/fstab 内容,如果文件有错误,请通过 vi 命令编辑修改:
cat /etc/fstab

首先将挂载的文件系统卸载,再重新挂载文件中的所有分区,最后确认自动挂载是否生效:
umount /video 
mount -a
mount |grep video
EVS挂载
fdisk -l

为/dev/vdb 创建文件系统,挂载到/opt 目录
mkfs.ext4 /dev/vdb 
mount /dev/vdb /opt 
mount | grep opt

通过如下命令设置自动挂载(也可以通过 vi 手动编辑): 
echo -e "/dev/vdb/\t/opt\text4\tdefaults\t1 1" >>/etc/fstab

通过以下命令验证自动挂载是否生效:
umount /opt 
mount -a
mount | grep opt

 

nginx编译安装

cd /video
yum install -y unzip 
unzip -o video.zip 
cd video
cp nginx-1.15.9.tar.gz /opt/ 
cd /opt
yum install -y pcre*
yum install -y zlib*
tar -xvf nginx-1.15.9.tar.gz 
cd nginx-1.15.9
./configure --prefix=/opt/nginx 
make && make install

通过sed 命令修改 nginx.conf,将"root    html"修改为"root   /video/video"
cd /opt/nginx/conf
sed -i "0,/root html/s/root html/root   \/video\/video/" nginx.conf

通过以下命令启动 nginx
cd /opt/nginx/sbin/
./nginx

通过以下命令设置自动启动
echo -e "\n#start nginx\nsleep 10\ncd /opt/nginx/sbin\n./nginx" >> /etc/rc.local
chmod +x /etc/rc.d/rc.local

 

4 云数据库架构设计实验

ECS01

执行以下 3 条命令安装 mysql:
wget https://hcie-lab-2020.obs.cn-north-4.myhuaweicloud.com/mysql-community-release-el7-5.noarch.rpm
rpm -ivh mysql-community-release-el7-5.noarch.rpm 
yum install mysql-server -y

启动mysql:
systemctl start mysqld

命令登录 mysql:
mysql -u root

密码可自定义,后续需登陆,请不要忘记设置的密码

use mysql
update user set password=PASSWORD("[email protected]!") where User='root';


修改配置文件,通过以下命令备份 mysql 配置文件:
(注意:在CentOS 版操作系统的最小安装完成后,在/etc 目录下会存在一个my.cnf,需要将此文件更名为其他的名字,如:/etc/my.cnf.bak,否则,该文件会干扰源码安装的 MySQL 的正确配置,造成无法启动。所以需修改名称,防止干扰:如:mv /etc/my.cnf /etc/my.cnf.bak

mv /etc/my.cnf /etc/my.cnf.bak


复制以下整段命令新增新的 my.cnf 配置文件:
www.sooele.com/5591.html

命令确认mysql 配置文件:
cat /etc/my.cnf

命令重启mysqld:
systemctl restart mysqld


首先通过以下命令登录 ECS-DB01 的mysql:(如设置其它密码,请修改成相应密码)
mysql [email protected]!

mysql>界面输入以下命令新建同步账户:
create user 'copy'@'172.16.%' identified by 'huaw[email protected]';

mysql>界面输入以下命令为同步账户授予复制权限:
grant replication slave on *.* to 'copy'@'172.16.%' identified by '[email protected]';

mysql>界面输入以下命令为 root 账户授予 vpc01 访问权限
grant all privileges on *.* to 'root'@'172.16.%' identified by '[email protected]!';

 mysql>界面输入以下命令使配置生效:
flush privileges;

记录 ECS-DB01 的 mysql 中的 binlog 信息,确认主库binlog 的 File 值和 Position 值,并记录,用于后续配置从库同步:
show master status;

记录 ECS-DB01 的内网 IP 地址

 

ESC-BD02

为 ECS-DB02 的root 设置访问权限
在 mysql>界面输入以下命令为 root 用户授予 vpc01 访问权限:
grant all privileges on *.* to 'root'@'172.16.%' identified by '[email protected]!';

退出数据库
quit

以下命令确认服务正常:
netstat -nutpel|grep 3306

登录ECS-DB02,通过以下命令备份 mysql 配置文件:
www.sooele.com/5591.html


通过以下命令重启mysqld:
systemctl restart mysqld

通过以下命令登录ECS-DB02 的mysql 数据库:
mysql [email protected]!

输入以下命令设置 ECS-DB02 为从库:
CHANGE MASTER TO MASTER_HOST='ECS-DB01 的内网 ip', MASTER_USER='copy',MASTER_PASSWORD='[email protected]', MASTER_LOG_FILE='主库 binlog 的 File 值', MASTER_LOG_POS=主库 binlog 的 position;

 mysql>界面输入以下命令:
start slave;

mysql>界面输入以下命令查看同步状态,查看 Slave_IO_Running 和 Slave_SQL_Running 的状
show slave status \G;



 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

    server {
        listen       80;
        server_name  01.sooele.com;
        listen 443;


        ssl on;

        ssl_certificate /root/sooele.com.crt;#你的文件位置

        ssl_certificate_key /root/sooele.com.key;#你的文件位置

        ssl_session_timeout 5m;

        ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #按照这个协议配置

        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;#按照这个套件配置

        ssl_prefer_server_ciphers on;
        #charset koi8-r;

        #access_log  logs/yourcrm.access.log  main;

        location / {
            root   //etc/nginx/conf.d/01.sooele.com;
            index  index.html index.html;
        }

        error_page  404              /404.html;

        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   /var/sites/yourcrm;
        }

        location ~ \.php$ {
            root           /var/sites/yourcrm;
            fastcgi_pass   127.0.0.1:9000;
            fastcgi_index  index.php;
            fastcgi_param  SCRIPT_FILENAME  /usr/local/nginx/html/$fastcgi_script_name;
            include        fastcgi_params;
        }
        
    }
SFS挂载:
mount -t nfs -overs=3,timeo=600,nolock,rsize=1048576,wsize=
mount -t nfs -overs=3,timeo=600,nolock,rsize=1048576,wsize=
echo -e "192.168.0.22:/ /video nfs vers=3,timeo=600,nolock,
echo -e "192.168.0.217:/ /video nfs vers=3,timeo=600,nolock

192.168.0.217:/ /video nfs vers=3,timeo=600,nolock,rsize=10



EVS:硬盘挂载
fdiks /**/**  格式化
mkfs.ext4 /dev/***   
mount /dev/vdb /opt
mount | grep opt
mount /dev/vdb1 /opt
echo -e "/dev/vdb1\t/opt\text4\tdefaults\t1 1" >>/etc/fstab
wget https://hcie-lab-2020.obs.cn-north-4.myhuaweicloud.com/mysql-community-release-el7-5.noarch.rpm



CHANGE MASTER TO MASTER_HOST='172.16.0.89', MASTER_USER='copy',MASTER_PASSWORD='sooele0000', MASTER_LOG_FILE='mysql-bin.000004',


CHANGE MASTER TO MASTER_HOST='步骤 17 中 ECS-DB01 的内网 ip', MASTER_USER='copy',MASTER_PASSWORD='sooele0000', MASTER_LOG_FILE='




CREATE TABLE IF NOT EXISTS `users` (`id` INT UNSIGNED AUTO_INCREMENT, `firstname`VARCHAR(100) NOT NULL, `lastname` VARCHAR(100) 


CHANGE MASTER TO MASTER_HOST='172.16.0.43', MASTER_USER='copy',MASTER_PASSWORD='[email protected]', MASTER_LOG_FILE='mysql-bin.000001',


create user 'copy'@'172.17.%' identified by '[email protected]';

GRANT ALL PRIVILEGES ON . TO ‘copy’@’%’ IDENTIFIED BY ‘123456’

grant replication slave on *.* to 'copy'@'%' identified by '[email protected]';

create user 'root'@'%' identified by '123456';
grant replication slave on *.* to 'root'@'%' identified by '123456';


wget https://hcie-lab-2020.obs.cn-north-4.myhuaweicloud.com/Mycat-server-1.6-RELEASE20161028204710-linux.tar.g

PHP网页输出mycat(mysql)

<html> 
<body> 
 
<?php 
echo "<table style='border: solid 1px black;'>";  echo "<tr><th>Id</th><th>Firstname</th><th>Lastname</th></tr>"; 
 
class TableRows extends RecursiveIteratorIterator {     function __construct($it) {         parent::__construct($it, self::LEAVES_ONLY);     } 
 
    function current() {         return "<td style='width: 150px; border: 1px solid black;'>" . parent::current(). "</td>";     } 
 
    function beginChildren() {         echo "<tr>"; 
    } 
 
    function endChildren() {         echo "</tr>" . "\n"; 
    } 
} 
 
$servername = "172.16.0.165"; 
$username = "root"; 
$password = "[email protected]!"; 
$dbname = "copydb"; 
$dbport = 3310; 
 
try { 
    $conn = new PDO("mysql:host=$servername;port=$dbport;dbname=$dbname", $username, $password); 
    $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); 
    $stmt = $conn->prepare("SELECT id, firstname, lastname FROM users"); 
    $stmt->execute(); 
 
    // set the resulting array to associative 
    $result = $stmt->setFetchMode(PDO::FETCH_ASSOC); 
 
    foreach(new TableRows(new RecursiveArrayIterator($stmt->fetchAll())) as $k=>$v) {         echo $v; 
    } 
} 
catch(PDOException $e) { 
    echo "Error: " . $e->getMessage(); 
} 
$conn = null; echo "</table>"; 
?> 
 
</body> 
</html> 
APPLICATION_ID: Demo-for-microservice
service_description:
  name: provider # 微服务名称,同应用下的不同微服务需要有不同的名称
  version: 0.0.1 # 微服务版本号
cse:
  service: # 服务中心信息,其中 address 为服务中心地址
    registry:
      address: https://cse.cn-north-4.myhuaweicloud.com
      instance:
        watch: false # 使用 pull 模式连接服务中心
  config: # 配置中心信息,其中 address 为配置中心地址
    client:
      serverUri: https://cse.cn-north-4.myhuaweicloud.com
      refreshMode: 1
      refresh_interval: 5000
  monitor: # 只有从本地接入云上 CSE 时需要配置 monitor 地址,云上集群部署时可以通过服务发现接入 monitor
    client:
      serverUri: https://cse.cn-north-4.myhuaweicloud.com
  rest:
    address: 0.0.0.0:8080 # 微服务端口,请确保该端口号无冲突

  credentials: #本地连接华为云时需要配置 AK/SK,如果是在云上 ServiceStage 部署则不需要。直接删掉 credentials 配置即可
    accessKey:     # 请填写 AK
    secretKey:      # 请填写 SK
    project: cn-north-4

akskCustomCipher: default # 这里的值与 sc/cc/monitor 的地址相对应,如果配置的是域名, CSEJavaSDK 可以自动截取出 project