nat案例

# SNAT服务器


## 关闭NAT主机的源目的检查


## 连接有EIP的主机


## 查看是否开启路由转发

```shell
cat /proc/sys/net/ipv4/ip_forward

```

1为开启，0为关闭，默认为0。


## 开启路由转发

```shell
cat << EOF >> /etc/sysctl.conf
net.ipv4.ip_forward = 1
EOF
sysctl -p
cat /proc/sys/net/ipv4/ip_forward

```


### 关闭路由转发

```shell
sed  -i  's/net.ipv4.ip_forward = 1/net.ipv4.ip_forward = 0/g' /etc/sysctl.conf
sysctl -p
sed  -i  's/net.ipv4.ip_forward = 0//g' /etc/sysctl.conf
sysctl -p
cat /proc/sys/net/ipv4/ip_forward

```


## 配置SNAT

```shell
iptables -t nat -A POSTROUTING -o eth0 -s 网段 -j SNAT --to 本机私有ip
#iptables -t nat -A POSTROUTING -o eth0 -s 192.168.100.0/24 -j SNAT --to 192.168.100.228
```


### 删除 iptables nat 规则

```shell
iptables -t nat -F POSTROUTING
```

## 添加路由表规则


## 测试

### 测试NAT主机

```shell
ping www.baidu.com
curl cip.cc; date
iptables -t nat -nvL
```


### 测试无EIP主机

```shell
ping www.baidu.com
curl cip.cc; date
iptables -t nat -nvL
```


# ECS挂载SFS文件系统

## 登陆到云主机


## 查询是否安装NFS客户端

```shell
rpm -qa|grep nfs
```


## 安装NFS客户端

```shell
yum -y install nfs-utils 

```


## 创建本地挂载路径

```sh
mkdir /sfs

```

## 挂载SFS到本地路径

```shell
mount -t nfs -o vers=3,timeo=600,noresvport,nolock 挂载地址 本地路径
#mount -t nfs -o vers=3,timeo=600,noresvport,nolock sfs-nas01.cn-east-3a.myhuaweicloud.com:/share-6a58a496 /sfs
```


## 查看挂载

```shell
df
#mount -l
```


## 编辑文件并存储到SFS

```shell
cd /sfs
cat << EOF > index.html
zhenxing-100-nginx
EOF

```

# ECS CENTOS 7 安装 MYSQL 5.7

## 安装 MYSQL 5.7 YUM 源

```shell
wget http://repo.mysql.com/mysql57-community-release-el7-10.noarch.rpm
rpm -Uvh mysql57-community-release-el7-10.noarch.rpm

```


## 安装 MYSQL 5.7 服务端

```shell
yum install -y mysql-community-server --nogpgcheck
```


## 启动 MYSQL 5.7 

```shell
systemctl start mysqld.service
systemctl enable mysqld.service
```


## 查询 MYSQL 5.7 默认密码

```shell
grep 'temporary password' /var/log/mysqld.log 
#2022-06-22T07:35:42.981004Z 1 [Note] A temporary password is generated for root@localhost: )&s/<LKeD0bo
```

## 登陆 MYSQL 5.7 

```sh
mysql -uroot -p
```

## 修改 MYSQL 5.7 ROOT 登陆密码

```sql
ALTER USER 'root'@'localhost' IDENTIFIED BY 'Zhenxing-100';
FLUSH PRIVILEGES;
```

## 查看 MYSQL 5.7 日志格式

```sql
show variables like '%binlog_format%';
```

## 配置为从数据库

```shell
cat << EOF >> /etc/my.conf
server-id=7491764418
port=3306
log-bin-trust-function-creators=1
log-bin=/var/lib/mysql/mysql-bin
replicate-ignore-db=mysql
gtid_mode=on
enforce_gtid_consistency=on
binlog_format=row
log-slave-updates=1
EOF 
systemctl restart mysqld
#--$ systemctl stop mysqld
#--$ vim /etc/my.cnf

#[mysqld]
#server-id=1629281463  # 从实例的id,不能与master的id相同
#port=3306
#log-bin-trust-function-creators=1 
# 设置为1，MySQL不会对创建存储函数实施限制 slave-skip-errors = #1032,1062,1007,1050 
# datadir=/var/lib/mysql socket=/var/lib/mysql/mysql.sock log-#bin=/var/lib/mysql/mysql-bin expire_logs_days=10 
# 控制binlog日志文件保留时间 
#max_binlog_size=100M 
#replicate-ignore-db=mysql 
# 不需要同步的库 
#replicate-ignore-db=information_schema 
#replicate-ignore-db=performance_schema 
#GTID 
#gtid_mode=on 
#enforce_gtid_consistency=on binlog_format=row 
# 设置日志格式为row 
#log-slave-updates=1 
# Disabling symbolic-links is recommended to prevent assorted security risks 
#symbolic-links=0 
# Recommended in standard MySQL setup 
#sql_mode=NO_ENGINE_SUBSTITUTION,STRICT_TRANS_TABLES 
#[mysqld_safe] 
#log-error=/var/log/mysqld.log 
#pid-file=/var/run/mysqld/mysqld.pid 
#--$ systemctl start mysqld
```

## 连接主数据库

```shell
mysql -h ip -u 用户 -p
#查询主库状态
show master status\G;
#*************************** 1. row ***************************
#             File: mysql-bin.000008
#         Position: 197
#     Binlog_Do_DB: 
# Binlog_Ignore_DB: 
#Executed_Gtid_Set: 90f60423-f1fb-11ec-8c83-fa163e88a412:1-257
#1 row in set (0.01 sec)
```

## 导出主数据库数据

```shell
mysqldump -h 192.168.100.74  -uroot -p zhenxing-100-wordpress-db > zhenxing-100-wordpress-db.sql;
```

## 从数据库创建 数据库

```sql
create database `zhenxing-100-wordpress-db`;
reset master; 
```

## 从数据库恢复数据

```
mysql -u root -p  zhenxing-100-wordpress-db < zhenxing-100-wordpress-db.sql
```

```
stop slave;
change master to \ 
master_host='192.168.100.74', \ 
master_port=3306, \ 
master_user='zhenxing-100-replication-user', \ 
master_password='zhenxing-100-replication-pass', \ 
master_auto_position = 197; 
start slave;
```


# wordpress

## 默认媒体路径

```shell
/var/www/html/wp-content/uploads

```

## Wordpress Dockerfiel 环境变量

```dockerfile
WORDPRESS_DB_HOST= mysql:3306
WORDPRESS_DB_USER= user
WORDPRESS_DB_PASSWORD= passwd
WORDPRESS_DB_NAME= database
```

# PYTHON 自动检测 EIP SNAT 使用情况

## Import

```shell
pip install huaweicloudsdkcore huaweicloudsdkvpc huaweicloudsdkecs paramiko  huaweicloudsdkeip

```

```
import time
import json
import paramiko

from huaweicloudsdkcore.auth.credentials import BasicCredentials
from huaweicloudsdkcore.exceptions import exceptions

from huaweicloudsdkvpc.v2.region.vpc_region import VpcRegion
from huaweicloudsdkvpc.v2 import *

from huaweicloudsdkecs.v2.region.ecs_region import EcsRegion
from huaweicloudsdkecs.v2 import *

```