1公有云网络架构设计实验
2公有云计算架构设计实验
3公有云存储架构设计实验
4云数据库架构设计实验
6公有云应用架构设计实验
8 上云迁移设计实验
openssl申请
[ req ] distinguished_name = req_distinguished_name prompt = no [ req_distinguished_name ] O = ELB CN = www.internal-dedicated.com
nginx配置 /etc/nginx
网站目录:/usr/share/nginx/
# For more information on configuration, see: # * Official English Documentation: http://nginx.org/en/docs/ # * Official Russian Documentation: http://nginx.org/ru/docs/ user nginx; worker_processes auto; error_log /var/log/nginx/error.log; pid /run/nginx.pid; # Load dynamic modules. See /usr/share/doc/nginx/README.dynamic. include /usr/share/nginx/modules/*.conf; events { worker_connections 1024; } http { log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 4096; include /etc/nginx/mime.types; default_type application/octet-stream; # Load modular configuration files from the /etc/nginx/conf.d directory. # See http://nginx.org/en/docs/ngx_core_module.html#include # for more information. include /etc/nginx/conf.d/*.conf; server { listen 80; listen [::]:80; server_name _; root /usr/share/nginx/html; # Load configuration files for the default server block. include /etc/nginx/default.d/*.conf; error_page 404 /404.html; location = /404.html { } error_page 500 502 503 504 /50x.html; location = /50x.html { } } # Settings for a TLS enabled server. #####https01 server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name _; root /usr/share/nginx/https01; ssl_certificate "/root/https01.crt"; ssl_certificate_key "/root/https01.key"; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; # # Load configuration files for the default server block. include /etc/nginx/default.d/*.conf; error_page 404 /404.html; location = /40x.html { } error_page 500 502 503 504 /50x.html; location = /50x.html { } } #####https02 server { listen 8080 ssl http2; listen [::]:8080 ssl http2; server_name _; root /usr/share/nginx/https02; ssl_certificate "/root/https02.crt"; ssl_certificate_key "/root/https02.key"; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; # Load configuration files for the default server block. include /etc/nginx/default.d/*.conf; error_page 404 /404.html; location = /40x.html { } error_page 500 502 503 504 /50x.html; location = /50x.html { } } }
2. 公有云计算架构设计实验
Mysql安装:GPG报错处理
下载 mysql 源安装包。 wget http://dev.mysql.com/get/mysql57-community-release-el7-8.noarch.rpm 安装 mysql 源。 yum localinstall mysql57-community-release-el7-8.noarch.rpm 检查 mysql 源是否安装成功 yum repolist enabled | grep "mysql.*-community.*" 输入以下指令,安装 MySQL。 yum install mysql-community-server 启动 MySQL 服务。 systemctl start mysqld 查看 MySQL 启动状态。 systemctl status mysqld 输入以下指令,配置 Mysql 开机启动。 systemctl enable mysqld systemctl daemon-reload 查看root 并记录默认密码,用于后续登陆 grep 'temporary password' /var/log/mysqld.log 登录 MySQL。 mysql -u root -p 修改 MySQL root 的密码 ALTER USER 'root'@'localhost' IDENTIFIED BY 'Sooele1234%';
将 MySQL 切换到 mysql 数据库表。 use mysql; 设置任意主机可以通过root 登录。 update user set host = '%' where user = 'root'; 输入以下命令,查看信息配置是否正确。 select host,user from user; 输入以下命令,刷新权限,保证配置立即生效。 flush privileges;
安装 Apache 服务器、部署bbs.PHPFastCGI 管理器。
yum install -y httpd php php-fpm php-server php-mysql 启动httpd 和 php-fpm 服务。 systemctl start httpd systemctl start php-fpm 配置服务开机启动。 systemctl enable httpd systemctl enable php-fpm 下载部署Discuz 的代码压缩包。 wget http://download.comsenz.com/DiscuzX/3.2/Discuz_X3.2_SC_UTF8.zip 解压Discuz 部署代码压缩包,并进行查看。 unzip Discuz_X3.2_SC_UTF8.zip ls 把解压后的 upload 文件夹下的所有文件复制到/var/www/html/。 cp -r upload/* /var/www/html/ 执行以下命令,给 html 文件及子文件赋权限。 chmod -R 777 /var/www/html 重启 Apache 服务。 systemctl restart httpd
3.公有云存储架构设计实验
SFS挂载 创建 video 文件夹 mkdir /video 安装 nfs-utils yum -y install nfs-utils 挂载 SFS: (红色字体代表复制的挂载域名) mount -t nfs -o vers=3,timeo=600,nolock 步骤二中复制的 sfs 域名 /video 通过 mount|grep 命令筛选 video 关键词查看挂载是否成功: mount|grep video 输入以下命令设置自动挂载 echo -e "步骤二中复制的 sfs 域名 /video nfs vers=3,timeo=600,nolock,rsize=1048576,wsize=1048576,hard,retrans=3,noresvport,async,noatime, nodiratime 0 0" >>/etc/fstab 通过 cat 命令确认/etc/fstab 内容,如果文件有错误,请通过 vi 命令编辑修改: cat /etc/fstab 首先将挂载的文件系统卸载,再重新挂载文件中的所有分区,最后确认自动挂载是否生效: umount /video mount -a mount |grep video
EVS挂载 fdisk -l 为/dev/vdb 创建文件系统,挂载到/opt 目录 mkfs.ext4 /dev/vdb mount /dev/vdb /opt mount | grep opt 通过如下命令设置自动挂载(也可以通过 vi 手动编辑): echo -e "/dev/vdb/\t/opt\text4\tdefaults\t1 1" >>/etc/fstab 通过以下命令验证自动挂载是否生效: umount /opt mount -a mount | grep opt
nginx编译安装
cd /video yum install -y unzip unzip -o video.zip cd video cp nginx-1.15.9.tar.gz /opt/ cd /opt yum install -y pcre* yum install -y zlib* tar -xvf nginx-1.15.9.tar.gz cd nginx-1.15.9 ./configure --prefix=/opt/nginx make && make install 通过sed 命令修改 nginx.conf,将"root html"修改为"root /video/video" cd /opt/nginx/conf sed -i "0,/root html/s/root html/root \/video\/video/" nginx.conf 通过以下命令启动 nginx cd /opt/nginx/sbin/ ./nginx 通过以下命令设置自动启动 echo -e "\n#start nginx\nsleep 10\ncd /opt/nginx/sbin\n./nginx" >> /etc/rc.local chmod +x /etc/rc.d/rc.local
4 云数据库架构设计实验
ECS01
执行以下 3 条命令安装 mysql: wget https://hcie-lab-2020.obs.cn-north-4.myhuaweicloud.com/mysql-community-release-el7-5.noarch.rpm rpm -ivh mysql-community-release-el7-5.noarch.rpm yum install mysql-server -y 启动mysql: systemctl start mysqld 命令登录 mysql: mysql -u root 密码可自定义,后续需登陆,请不要忘记设置的密码 use mysql update user set password=PASSWORD("Huawei@123!") where User='root'; 修改配置文件,通过以下命令备份 mysql 配置文件: (注意:在CentOS 版操作系统的最小安装完成后,在/etc 目录下会存在一个my.cnf,需要将此文件更名为其他的名字,如:/etc/my.cnf.bak,否则,该文件会干扰源码安装的 MySQL 的正确配置,造成无法启动。所以需修改名称,防止干扰:如:mv /etc/my.cnf /etc/my.cnf.bak mv /etc/my.cnf /etc/my.cnf.bak 复制以下整段命令新增新的 my.cnf 配置文件: www.sooele.com/5591.html 命令确认mysql 配置文件: cat /etc/my.cnf 命令重启mysqld: systemctl restart mysqld 首先通过以下命令登录 ECS-DB01 的mysql:(如设置其它密码,请修改成相应密码) mysql -pHuawei@123! mysql>界面输入以下命令新建同步账户: create user 'copy'@'172.16.%' identified by 'huawei@123'; mysql>界面输入以下命令为同步账户授予复制权限: grant replication slave on *.* to 'copy'@'172.16.%' identified by 'huawei@123'; mysql>界面输入以下命令为 root 账户授予 vpc01 访问权限 grant all privileges on *.* to 'root'@'172.16.%' identified by 'Huawei@123!'; mysql>界面输入以下命令使配置生效: flush privileges; 记录 ECS-DB01 的 mysql 中的 binlog 信息,确认主库binlog 的 File 值和 Position 值,并记录,用于后续配置从库同步: show master status; 记录 ECS-DB01 的内网 IP 地址
ESC-BD02
为 ECS-DB02 的root 设置访问权限 在 mysql>界面输入以下命令为 root 用户授予 vpc01 访问权限: grant all privileges on *.* to 'root'@'172.16.%' identified by 'Huawei@123!'; 退出数据库 quit 以下命令确认服务正常: netstat -nutpel|grep 3306 登录ECS-DB02,通过以下命令备份 mysql 配置文件: www.sooele.com/5591.html 通过以下命令重启mysqld: systemctl restart mysqld 通过以下命令登录ECS-DB02 的mysql 数据库: mysql -pHuawei@123! 输入以下命令设置 ECS-DB02 为从库: CHANGE MASTER TO MASTER_HOST='ECS-DB01 的内网 ip', MASTER_USER='copy',MASTER_PASSWORD='huawei@123', MASTER_LOG_FILE='主库 binlog 的 File 值', MASTER_LOG_POS=主库 binlog 的 position; mysql>界面输入以下命令: start slave; mysql>界面输入以下命令查看同步状态,查看 Slave_IO_Running 和 Slave_SQL_Running 的状 show slave status \G;
server { listen 80; server_name 01.sooele.com; listen 443; ssl on; ssl_certificate /root/sooele.com.crt;#你的文件位置 ssl_certificate_key /root/sooele.com.key;#你的文件位置 ssl_session_timeout 5m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #按照这个协议配置 ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;#按照这个套件配置 ssl_prefer_server_ciphers on; #charset koi8-r; #access_log logs/yourcrm.access.log main; location / { root //etc/nginx/conf.d/01.sooele.com; index index.html index.html; } error_page 404 /404.html; error_page 500 502 503 504 /50x.html; location = /50x.html { root /var/sites/yourcrm; } location ~ \.php$ { root /var/sites/yourcrm; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME /usr/local/nginx/html/$fastcgi_script_name; include fastcgi_params; } }
SFS挂载: mount -t nfs -overs=3,timeo=600,nolock,rsize=1048576,wsize= mount -t nfs -overs=3,timeo=600,nolock,rsize=1048576,wsize= echo -e "192.168.0.22:/ /video nfs vers=3,timeo=600,nolock, echo -e "192.168.0.217:/ /video nfs vers=3,timeo=600,nolock 192.168.0.217:/ /video nfs vers=3,timeo=600,nolock,rsize=10 EVS:硬盘挂载 fdiks /**/** 格式化 mkfs.ext4 /dev/*** mount /dev/vdb /opt mount | grep opt mount /dev/vdb1 /opt echo -e "/dev/vdb1\t/opt\text4\tdefaults\t1 1" >>/etc/fstab
wget https://hcie-lab-2020.obs.cn-north-4.myhuaweicloud.com/mysql-community-release-el7-5.noarch.rpm CHANGE MASTER TO MASTER_HOST='172.16.0.89', MASTER_USER='copy',MASTER_PASSWORD='sooele0000', MASTER_LOG_FILE='mysql-bin.000004', CHANGE MASTER TO MASTER_HOST='步骤 17 中 ECS-DB01 的内网 ip', MASTER_USER='copy',MASTER_PASSWORD='sooele0000', MASTER_LOG_FILE=' CREATE TABLE IF NOT EXISTS `users` (`id` INT UNSIGNED AUTO_INCREMENT, `firstname`VARCHAR(100) NOT NULL, `lastname` VARCHAR(100) CHANGE MASTER TO MASTER_HOST='172.16.0.43', MASTER_USER='copy',MASTER_PASSWORD='huawei@123', MASTER_LOG_FILE='mysql-bin.000001', create user 'copy'@'172.17.%' identified by 'huawei@123'; GRANT ALL PRIVILEGES ON . TO ‘copy’@’%’ IDENTIFIED BY ‘123456’ grant replication slave on *.* to 'copy'@'%' identified by 'huawei@123'; create user 'root'@'%' identified by '123456'; grant replication slave on *.* to 'root'@'%' identified by '123456'; wget https://hcie-lab-2020.obs.cn-north-4.myhuaweicloud.com/Mycat-server-1.6-RELEASE20161028204710-linux.tar.g
PHP网页输出mycat(mysql)
<html> <body> <?php echo "<table style='border: solid 1px black;'>"; echo "<tr><th>Id</th><th>Firstname</th><th>Lastname</th></tr>"; class TableRows extends RecursiveIteratorIterator { function __construct($it) { parent::__construct($it, self::LEAVES_ONLY); } function current() { return "<td style='width: 150px; border: 1px solid black;'>" . parent::current(). "</td>"; } function beginChildren() { echo "<tr>"; } function endChildren() { echo "</tr>" . "\n"; } } $servername = "172.16.0.165"; $username = "root"; $password = "Huawei@123!"; $dbname = "copydb"; $dbport = 3310; try { $conn = new PDO("mysql:host=$servername;port=$dbport;dbname=$dbname", $username, $password); $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); $stmt = $conn->prepare("SELECT id, firstname, lastname FROM users"); $stmt->execute(); // set the resulting array to associative $result = $stmt->setFetchMode(PDO::FETCH_ASSOC); foreach(new TableRows(new RecursiveArrayIterator($stmt->fetchAll())) as $k=>$v) { echo $v; } } catch(PDOException $e) { echo "Error: " . $e->getMessage(); } $conn = null; echo "</table>"; ?> </body> </html>
APPLICATION_ID: Demo-for-microservice service_description: name: provider # 微服务名称,同应用下的不同微服务需要有不同的名称 version: 0.0.1 # 微服务版本号 cse: service: # 服务中心信息,其中 address 为服务中心地址 registry: address: https://cse.cn-north-4.myhuaweicloud.com instance: watch: false # 使用 pull 模式连接服务中心 config: # 配置中心信息,其中 address 为配置中心地址 client: serverUri: https://cse.cn-north-4.myhuaweicloud.com refreshMode: 1 refresh_interval: 5000 monitor: # 只有从本地接入云上 CSE 时需要配置 monitor 地址,云上集群部署时可以通过服务发现接入 monitor client: serverUri: https://cse.cn-north-4.myhuaweicloud.com rest: address: 0.0.0.0:8080 # 微服务端口,请确保该端口号无冲突 credentials: #本地连接华为云时需要配置 AK/SK,如果是在云上 ServiceStage 部署则不需要。直接删掉 credentials 配置即可 accessKey: # 请填写 AK secretKey: # 请填写 SK project: cn-north-4 akskCustomCipher: default # 这里的值与 sc/cc/monitor 的地址相对应,如果配置的是域名, CSEJavaSDK 可以自动截取出 project