振兴杯华为云操作
bei
图1
任务一:基础设施建设。(分值:145分)
1、 创建三个VPC(名称自定义),并且将Database01和云计算redis分别更改到不同VPC下。【10分】
2、按照2核CPU、4G内存、40G硬盘创建四台分别名为node1、node2、Database01和redis的云主机。【10分】
云主机规格:
具体内容 |
具体参数 |
CPU架构 |
x86计算 |
规格 |
s6.large.2 |
镜像类型 |
公共镜像 |
镜像 |
CentOS 7.6 |
系统盘 |
通用型SSD 40G |
云服务器名称 |
自定义 |
VPC |
使用上一步创建的VPC |
其它参数 |
默认 |
2、 配置对等路由将Database01、redis和node1、node2所处的网络打通并保证四台主机之间网络可用。【25分】
互相建立对等连接即可不同网段互联
参考:《HCIA-Cloud Service V2.2 实验手册》
3.网络类服务实践
方案一:
3.3.5 创建对等连接,使同区域不同 VPC 内的 ECS 进行通信 117页
同网段内的IP地址可以互ping
不能互ping
解决方法:
1. 进入网络控制台找到《对等链接》
方案二:
当bj四区域弹性IP配额不足时,可在其他区域购买弹性IP用VPN专线连接使其可以互相通信:
步骤:
北京四区
北京一区:
如果改完之后状态栏显示“未连接”
解决办法:
刷新一下,状态栏就会变正常
3、 创建一个10G的云硬盘,并将其挂载到Database01的云主机上,并将其进行格式成ext4的格式。【20分】
[root@database1 ~]# fdisk -l Disk /dev/vda: 42.9 GB, 42949672960 bytes, 83886080 sectors Units = sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disk label type: dos Disk identifier: 0x000e3a31 Device Boot Start End Blocks Id System /dev/vda1 * 2048 83886079 41942016 83 Linux Disk /dev/vdb: 10.7 GB, 10737418240 bytes, 20971520 sectors Units = sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes [root@database1 ~]# mkf mkfifo mkfs mkfs.btrfs mkfs.cramfs mkfs.ext2 mkfs.ext3 mkfs.ext4 mkfs.minix mkfs.xfs [root@database1 ~]# mkfs -t ext4 /dev/vd vda vda1 vdb [root@database1 ~]# mkfs -t ext4 /dev/vdb mke2fs 1.42.9 (28-Dec-2013) Filesystem label= OS type: Linux Block size=4096 (log=2) Fragment size=4096 (log=2) Stride=0 blocks, Stripe width=0 blocks 655360 inodes, 2621440 blocks 131072 blocks (5.00%) reserved for the super user First data block=0 Maximum filesystem blocks=2151677952 80 block groups 32768 blocks per group, 32768 fragments per group 8192 inodes per group Superblock backups stored on blocks: 32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632 Allocating group tables: done Writing inode tables: done Creating journal (32768 blocks): done Writing superblocks and filesystem accounting information: done |
4、 将上一步创建的云硬盘挂载到Database01的/nfs/code下,保证可读写。【20分】
5、 [root@database1 ~]# mkdir /nfs 6、 [root@database1 ~]# cd / 7、 [root@database1 /]# ll 8、 total 72 9、 lrwxrwxrwx. 1 root root 7 Feb 26 2021 bin -> usr/bin 10、 dr-xr-xr-x. 5 root root 4096 Sep 30 14:37 boot 11、 drwxr-xr-x 7 root root 4096 Feb 26 2021 CloudResetPwdUpdateAgent 12、 drwxr-xr-x 6 root root 4096 Feb 26 2021 CloudrResetPwdAgent 13、 drwxr-xr-x 19 root root 3040 Sep 30 15:29 dev 14、 drwxr-xr-x. 76 root root 4096 Sep 30 14:36 etc 15、 drwxr-xr-x. 2 root root 4096 Apr 11 2018 home 16、 lrwxrwxrwx. 1 root root 7 Feb 26 2021 lib -> usr/lib 17、 lrwxrwxrwx. 1 root root 9 Feb 26 2021 lib64 -> usr/lib64 18、 drwx------. 2 root root 16384 Feb 26 2021 lost+found 19、 drwxr-xr-x. 2 root root 4096 Apr 11 2018 media 20、 drwxr-xr-x. 2 root root 4096 Apr 11 2018 mnt 21、 drwxr-xr-x 2 root root 4096 Sep 30 15:35 nfs 22、 drwxr-xr-x. 2 root root 4096 Apr 11 2018 opt 23、 dr-xr-xr-x 99 root root 0 Sep 30 14:36 proc 24、 dr-xr-x---. 4 root root 4096 Sep 30 14:36 root 25、 drwxr-xr-x 24 root root 640 Sep 30 14:36 run 26、 lrwxrwxrwx. 1 root root 8 Feb 26 2021 sbin -> usr/sbin 27、 drwxr-xr-x. 2 root root 4096 Apr 11 2018 srv 28、 dr-xr-xr-x 13 root root 0 Sep 30 14:36 sys 29、 drwxrwxrwt. 9 root root 4096 Sep 30 15:27 tmp 30、 drwxr-xr-x. 13 root root 4096 Feb 26 2021 usr 31、 drwxr-xr-x. 19 root root 4096 Feb 26 2021 var 32、 [root@database1 nfs]# mount /dev/vdb /nfs/code 33、 [root@database1 nfs]# 34、 [root@database1 nfs]# ll code/ 35、 total 16 36、 drwx------ 2 root root 16384 Sep 30 15:31 lost+found |
6、在Database01的ECS上配置nfs服务并且将/nfs/code共享。【20分】
[root@database1 nfs]# uname -n database1 [root@database1 nfs]# systemctl stop firewalld [root@database1 nfs]# systemctl disable firewalld [root@database1 nfs]# rpm -qa nfs-utils portmap rpcbind [root@database1 nfs]# yum install nfs-utils rpcbind -y Loaded plugins: fastestmirror [root@database1 nfs]# [root@database1 nfs]# [root@database1 nfs]# yum install nfs-utils rpcbind -y Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile [root@database1 nfs]# service rpcbind status Redirecting to /bin/systemctl status rpcbind.service ● rpcbind.service - RPC bind service Loaded: loaded (/usr/lib/systemd/system/rpcbind.service; enabled; vendor preset: enabled) Active: inactive (dead) [root@database1 nfs]# service rpcbind start Redirecting to /bin/systemctl start rpcbind.service [root@database1 nfs]# service rpcbind status Redirecting to /bin/systemctl status rpcbind.service ● rpcbind.service - RPC bind service Loaded: loaded (/usr/lib/systemd/system/rpcbind.service; enabled; vendor preset: enabled) Active: active (running) since Thu 2021-09-30 15:49:24 CST; 3s ago Process: 18454 ExecStart=/sbin/rpcbind -w $RPCBIND_ARGS (code=exited, status=0/SUCCESS) Main PID: 18455 (rpcbind) CGroup: /system.slice/rpcbind.service └─18455 /sbin/rpcbind -w Sep 30 15:49:24 database1 systemd[1]: Starting RPC bind service... Sep 30 15:49:24 database1 systemd[1]: Started RPC bind service. [root@database1 nfs]# service nfs start Redirecting to /bin/systemctl start nfs.service [root@database1 nfs]# rpcinfo -p localhost program vers proto port service 100000 4 tcp 111 portmapper 100000 3 tcp 111 portmapper 100000 2 tcp 111 portmapper 100000 4 udp 111 portmapper 100000 3 udp 111 portmapper 100000 2 udp 111 portmapper 100024 1 udp 39736 status 100024 1 tcp 37805 status 100005 1 udp 20048 mountd 100005 1 tcp 20048 mountd 100005 2 udp 20048 mountd 100005 2 tcp 20048 mountd 100005 3 udp 20048 mountd 100005 3 tcp 20048 mountd 100003 3 tcp 2049 nfs 100003 4 tcp 2049 nfs 100227 3 tcp 2049 nfs_acl 100003 3 udp 2049 nfs 100003 4 udp 2049 nfs 100227 3 udp 2049 nfs_acl 100021 1 udp 53044 nlockmgr 100021 3 udp 53044 nlockmgr 100021 4 udp 53044 nlockmgr 100021 1 tcp 37368 nlockmgr 100021 3 tcp 37368 nlockmgr 100021 4 tcp 37368 nlockmgr [root@database1 nfs]# [root@database1 nfs]# cat /etc/exports # shared directory /nfs/code 192.168.0.0/24(rw,sync) 26 2021-09-30 15:51:13 root vim /etc/exports 27 2021-09-30 15:54:02 root service nfs reload 28 2021-09-30 15:54:18 root showmount -e localhost 参考:https://www.cnblogs.com/shenjianping/p/14697278.html |
7、创建一个负载均衡器,将node1和node2加入负载均衡的后端。设置一个可用的服务IP,服务端口为80,并绑定一个可用的弹性公网IP,对弹性公网IP进行Web访问测试。【40分】
具体内容 |
具体参数 |
实例规格类型 |
共享型 |
网络类型 |
公网 |
所属VPC |
VPC-01 |
弹性公网IP |
新创建 |
名称 |
自定义 |
监听器具体内容 |
具体参数 |
名称 |
自定 |
前端协议;端口 |
HTTP(七层);80 |
后端服务器组具体内容 |
具体参数 |
后端服务器组 |
新创建 |
名称 |
自定 |
分配策略类型 |
加权轮询算法 |
健康检查 |
开启 |
添加服务器 |
具体情况 |
端口 |
80 |
权重 |
1 |
(暂时还没找到解决办法)
这里异常可能是安全组没有开放80端口,开放之后再去刷新一下
任务二:业务部署和迁移。(分值655分)
1、 使用node1,node2安装部署apache,PHP服务,并确保能对外提供业务。【50分】
(注意弹性公网IP配额)
[root@ecs-node-0001 ~]# yum -y install httpd php php-fpm php-server php-mysql Loaded plugins: fastestmirror Determining fastest mirrors [root@ecs-node-0001 ~]# systemctl restart httpd [root@ecs-node-0001 ~]# systemctl enable httpd Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service. [root@ecs-node-0001 ~]# systemctl restart php-fpm [root@ecs-node-0001 ~]# systemctl enable php-fpm Created symlink from /etc/systemd/system/multi-user.target.wants/php-fpm.service to /usr/lib/systemd/system/php-fpm.service. [root@ecs-node-0002 ~]# yum -y install httpd php php-fpm php-server php-mysql Loaded plugins: fastestmirror [root@ecs-node-0002 ~]# systemctl restart httpd [root@ecs-node-0002 ~]# systemctl enable httpd Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service. [root@ecs-node-0002 ~]# systemctl restart php-fpm [root@ecs-node-0002 ~]# systemctl enable php-fpm Created symlink from /etc/systemd/system/multi-user.target.wants/php-fpm.service to /usr/lib/systemd/system/php-fpm.service. |
两个公网IP区web界面查看能否访问http
如果不能就去安全组添加tcp:80端口
2、 在Database01云主机上部署MySQL服务,并且保证node1、node2能够访问mysql服务,并且使用SQL语句创建后续需要使用得数据库(数据库名自定义)。【100分】
在这一步之前千万不要直接安装MySQL,不然会找不到密码
[root@database1 ]# wget http://dev.mysql.com /get/mysql57-community-release-el7-8.noarch.rpm [root@database1 ~]# ll total 12 -rw-r--r-- 1 root root 9116 Apr 11 2016 mysql57-community-release-el7-8.noarch.rpm [root@database1 ~]# yum localinstall mysql57-community-release-el7-8.noarch.rpm ##在线安装MySQL Loaded plugins: fastestmirror [root@database1 ~]# yum repolist |grep "mysql.*-community.*" mysql-connectors-community/x86_64 MySQL Connectors Community 212 mysql-tools-community/x86_64 MySQL Tools Community 132 mysql57-community/x86_64 MySQL 5.7 Community Server 524 [root@database1 ~]# yum -y install mysql-community-server Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile [root@database1 ~]# systemctl start mysqld [root@database1 ~]# systemctl status mysqld [root@database1 ~]# systemctl enable mysqld [root@database1 ~]# systemctl daemon-reload [root@database1 ~]# [root@database1 ~]# grep 'temporary password' /var/log/mysqld.log ##查找MySQL初始密码 2021-10-02T12:53:03.313070Z 1 [Note] A temporary password is generated for root@localhost: #t=fop5h>)wS ## MySQL初始密码 [root@database1 ~]# mysql -u root -p Enter password: Welcome to the MySQL monitor. Commands end with ; or \g. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> ######################################################### Node1 node2 通过内网连接 |
该昨天的错误:
[root@database1 ~]# yum -y install mariadb-server ##安装mariadb Loaded plugins: fastestmirror Determining fastest mirrors base [root@database1 ~]# systemctl start mariadb [root@database1 ~]# systemctl enaable mariadb ##重启mariadb并自启 [root@database1 ~]# mysql_secure_installation ##重置密码 NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY! In order to log into MariaDB to secure it, we'll need the current password for the root user. If you've just installed MariaDB, and you haven't set the root password yet, the password will be blank, so you should just press enter here. Enter current password for root (enter for none): OK, successfully used password, moving on... Setting the root password ensures that nobody can log into the MariaDB root user without the proper authorisation. Set root password? [Y/n] y New password: Re-enter new password: Password updated successfully! [root@database1 ~]# mysql -u root -p ##登入数据库 Enter password: MariaDB [(none)]> create user 'user'@'%' identified by 'pass'; ##新建用户并赋予密码:pass Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> grant all privileges on *.* to 'user'@'%'; ##赋予远程登陆权限 Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> flush privileges; ##刷新权限 Query OK, 0 rows affected (0.00 sec) [root@database1 ~]# mysql -h 192.168.20.158 -u user -p ##实现远程登陆成功安全组一定要开放3306端口 Enter password: Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 23 Server version: 5.5.68-MariaDB MariaDB Server Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]> [root@database1 ~]# mysql -h 192.168.20.158 -u user -p Enter password: Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 26 Server version: 5.5.68-MariaDB MariaDB Server Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]> create database Discuz; #新建一个数据库 Query OK, 1 row affected (0.00 sec) |
参考:https://blog.star-chen.com/2017/03/11/MariaDB-Create-Remote/
3、 使用现有软件包在node1、node2安装Discuz网站。【100分】
Node1 node2同等操作 wget http://download.comsenz.com/DiscuzX/3.2/Discuz_X3.2_SC_UTF8.zip ll unzip Discuz_X3.2_SC_UTF8.zip ll cp -rf upload/* /var/www/html/ chmod 777 /var/www/html/ chmod -R 777 /var/www/html systemctl restart httpd systemctl enable httpd |
访问网站
4、在云主机redis上部署docker容器服务,在容器当中部署redis服务,并且配置node-1、node-2能够访问redis服务。《redis远程访问》(在网站配置文件【config/config_global.php】当中进行配置redis连接,部署docker采用shell脚本的方式部署,如果不是,则部署docker项不得分)【250分】
安装docker脚本:
[root@shiyan ~]# cat docker.sh #!/bin/bash yum update -y yum-config-manager \--add-repo \https://download.docker.com/linux/centos/docker-ce.repo sed -i 's+download.docker.com+mirrors.aliyun.com/docker-ce+'/etc/yum.repos.d/docker-ce.repo yum install -y yum-utils device-mapper-persistent-data lvm2 yum list docker-ce --showduplicates | sort -r yum install docker-ce -y systemctl start docker systemctl enable docker |
Docker里面部署redis脚本: (没问题的)也可命令配置
[root@shiyan ~]# cat redis.sh #!/bin/bash docker search redis docker pull redis docker images mkdir /usr/local/docker cd /usr/local/docker yum -y install wget wget http://download.redis.io/redis-stable/redis.conf sed -i 's/bind127.0.0.1/#bind127.0.0.1/g' /usr/local/docker/redis.conf sed -i 's/protected-mode yes/protected-mode no/g' /usr/local/docker/redis.conf docker run -itd --name redis-test -p 6379:6379 redis docker run -itd -p 192.168.100.10:6379:6379 --name redis -v /usr/local/docker/redis.conf:/etc/redis/redis.conf -v /usr/local/docker/data:/data redis redis-server /etc/redis/redis.conf docker start redis docker ps -a docker exec -it redis-test bash |
Node1 node2主机同操作
命令: yum -y install redis vim /etc/redis.conf systemctl restart redis systemctl enable redis |
Database1:
root@e8b956d37721:/data# redis-cli -h 192.168.73.182 -p 6379 192.168.73.182:6379> 192.168.73.182:6379> ping PONG 192.168.73.182:6379> ##localhost端 root@e8b956d37721:/data# redis-cli -h 192.168.73.132 -p 6379 192.168.73.132:6379> 192.168.73.132:6379> ##reds就可远程连接 [root@liuchuntian redis]# redis-cli -h 192.168.73.182 -p 6379 192.168.73.182:6379> 192.168.73.182:6379> ##主机2连接redis主机 |
4、 将node1、node2配置负载均衡服务并验证负载均衡和弹性伸缩服务。【85分】
负载均衡服务:
弹性伸缩服务:
弹性 伸缩组
访问伸缩IP
Ok
5、 云监控服务界面,也可以查看主机监控、云服务监控信息,需要注意的是在进行主机监控时需提前安装插件,要求在云服务监控当中设置磁盘读带宽监控指标。【50分】
6、 在安全组上配置阻止445端口的流量。【20分】
- 点赞
- 收藏
- 关注作者
评论(0)