关于公有云的使用

公有云是一种基于互联网的计算资源共享平台，由第三方提供商管理和维护。以下是在使用公有云时需要考虑的几个方面：

1. 数据安全性：在选择公有云服务提供商时，确保它们具备先进的安全措施，如数据加密、身份认证、访问控制等。同时，了解数据在传输和存储过程中的安全性，以及备份和灾难恢复机制。

2. 成本效益：公有云通常以按需付费的模式提供服务，这意味着可以根据实际需求灵活调整资源规模和配置。在使用公有云时，要定期评估和优化成本，避免资源的浪费和不必要的支出。

3. 可扩展性和弹性：公有云提供弹性扩展的能力，可以根据业务需求快速调整计算资源。这使得企业能够快速应对流量高峰或业务增长，并避免资源闲置的问题。

4. 服务质量和可用性：了解公有云服务提供商的服务级别协议（SLA），详细了解他们的可用性保证、故障恢复时间等信息。这有助于选择可靠的服务提供商，并评估他们是否能够满足业务需求。

5. 合规性和法律要求：在使用公有云时，确保所选的服务提供商符合相关法规和合规标准，特别是数据保护和隐私方面的法律要求。这包括数据所在地的法律管辖范围、数据传输的加密与合规等。

6. 供应商选择和多样性：考虑多个公有云服务提供商，比较其定价、服务质量、功能特性等，选择最适合自己业务需求的供应商。此外，也可以考虑使用跨多个公有云提供商的多云策略，以获得更大的灵活性和可选择性。

7. 数据迁移和退出策略：在选择公有云服务提供商时，考虑如何迁移数据和应用程序，并确保能够顺利退出公有云平台，不会因为供应商变更或其他原因造成数据丢失或业务中断。

总结而言，使用公有云需要综合考虑数据安全、成本效益、可扩展性、服务质量、合规性等因素。根据业务需求选择合适的供应商，并制定相应的策略和措施来确保安全和高效地利用公有云服务。

CLI

import argparse,json,yaml
from huaweicloudsdkims.v2.region.ims_region import ImsRegion
from huaweicloudsdkims.v2 import *
from huaweicloudsdkcore.auth.credentials import BasicCredentials
from huaweicloudsdkecs.v2.region.ecs_region import EcsRegion
from huaweicloudsdkcore.exceptions import exceptions
from huaweicloudsdkecs.v2 import *
ak = ""
sk = ""                                     #在创建云服务器时点击生成最佳实践脚本
credentials = BasicCredentials(ak, sk)
client = EcsClient.new_builder() \
        .with_credentials(credentials) \
        .with_region(EcsRegion.value_of("cn-north-4")) \
        .build()
client1 = ImsClient.new_builder() \
        .with_credentials(credentials) \
        .with_region(ImsRegion.value_of("cn-north-4")) \
        .build()
def create_ecs(name,imagename):
    try:
        request = CreateServersRequest()
        listMetadataServer = {
            "op_svc_userid": "579ceddc116442e6b612ce518b254d8c",
            "admin_pass": "",
            "__support_agent_list": "hss,ces"
        }
        extendparamServer = PrePaidServerExtendParam(
            charging_mode="0",
            region_id="cn-north-4"
        )
        listSecurityGroupsServer = [
            PrePaidServerSecurityGroup(
                id=""
            )
        ]
        extendparamRootVolume = PrePaidServerRootVolumeExtendParam(
            resource_spec_code="GPSSD",
            resource_type="3"
        )
        rootVolumeServer = PrePaidServerRootVolume(
            volumetype="GPSSD",
            size=40,
            extendparam=extendparamRootVolume,
            hwpassthrough=True
        )
        extendparamEip = PrePaidServerEipExtendParam(
            charging_mode="postPaid"
        )
        bandwidthEip = PrePaidServerEipBandwidth(
            size=5,
            sharetype="PER",
            chargemode="traffic"
        )
        eipPublicip = PrePaidServerEip(
            iptype="5_sbgp",
            bandwidth=bandwidthEip,
            extendparam=extendparamEip
        )
        publicipServer = PrePaidServerPublicip(
            eip=eipPublicip,
            delete_on_termination=True
        )
        listNicsServer = [
            PrePaidServerNic(
                subnet_id="",
                ip_address=""
            )
        ]
        serverbody = PrePaidServer(
            image_ref=get_image_id(imagename=imagename), # CentOS 7.5 64bit 
            flavor_ref="c7.large.2",
            name=name,  # cloud2023
            user_data="IyEvYmluL2Jhc2gKZWNobyAncm9vdDokNiRuTTdkQmFzVCRNZ1pHcmhzakU5b244V1VYWDlBTE1YZ2NLY1ZrQlBpWi9YVjNPcUNDNjVSaWM2RnZPRVRpbmdoWU82U3ZabDJmQlo5Q1JleURqay9xY2lkT3R0dnFCMCcgfCBjaHBhc3N3ZCAtZTs=",
            vpcid="73c548f7-8be2-4325-978d-6c53b9a49bc1",
            nics=listNicsServer,
            publicip=publicipServer,
            count=1,
            is_auto_rename=False,
            root_volume=rootVolumeServer,
            security_groups=listSecurityGroupsServer,
            availability_zone="cn-north-4g",
            extendparam=extendparamServer,
            metadata=listMetadataServer,
            description=""
        )
        request.body = CreateServersRequestBody(
            server=serverbody
        )
        response = client.create_servers(request)
        return response
    except exceptions.ClientRequestException as e:
        print(e.status_code)
        print(e.request_id)
        print(e.error_code)
        print(e.error_msg)
def get_image_id(imagename):
    try:
        request = ListImagesRequest()
        request.name = imagename
        response = client1.list_images(request)
        return response.images[0].id
    except exceptions.ClientRequestException as e:
        print(e.status_code)
        print(e.request_id)
        print(e.error_code)
        print(e.error_msg)
def get_ecs():
    try:
        request = ListServersDetailsRequest()
        response = client.list_servers_details(request)
        return response.to_json_object()
    except exceptions.ClientRequestException as e:
        print(e.status_code)
        print(e.request_id)
        print(e.error_code)
        print(e.error_msg)
def get_ecs_id(name):
    try:
        request = ListServersDetailsRequest()
        request.name = name
        response = client.list_servers_details(request)
        return response.servers[0].id
    except exceptions.ClientRequestException as e:
        print(e.status_code)
        print(e.request_id)
        print(e.error_code)
        print(e.error_msg)
def show_ecs(name):
    try:
        request = ShowServerRequest()
        request.server_id = get_ecs_id(name=name)
        response = client.show_server(request)
        return response.to_json_object()
    except exceptions.ClientRequestException as e:
        print(e.status_code)
        print(e.request_id)
        print(e.error_code)
        print(e.error_msg)
def delete_ecs(name):
    try:
        request = DeleteServersRequest()
        listServersbody = [
            ServerId(
                id=get_ecs_id(name=name)
            )
        ]
        request.body = DeleteServersRequestBody(
            servers=listServersbody,
            delete_volume=True,
            delete_publicip=True
        )
        response = client.delete_servers(request)
        return response
    except exceptions.ClientRequestException as e:
        print(e.status_code)
        print(e.request_id)
        print(e.error_code)
        print(e.error_msg)
cmd=argparse.ArgumentParser(description= ' ecs manager')
sub=cmd.add_subparsers(dest='command',description='this is CLI')
create=sub.add_parser('create',help='create ecs')
create.add_argument('-i','--input',required=True,help='your ecs data')
getall=sub.add_parser('getall',help='get your all ecs')
getall.add_argument('-o','--output',help='your esc data save file')
get=sub.add_parser('get',help='get your ecs')
get.add_argument('-n','--name',type=str,required=True,help='your ecs name')
get.add_argument('-o','--output',help='save your ecs data file')
delete=sub.add_parser('delete',help='delete your ecs')
delete.add_argument('-n','--name',type=str,required=True,help='your ecs name')
args=cmd.parse_args()
if args.command == 'create':
    data=json.loads(args.input)
    print(create_ecs(name=data["name"],imagename=data["imagename"]))
    print(json.dumps(show_ecs(name=args.name)))
elif args.command == 'get':
    if args.output == None:
        print(json.dumps(show_ecs(name=args.name)))
    else:
        wfile=open(file=args.output,mode='a')
        data=json.dumps(show_ecs(name=args.name))
        print(data,file=wfile)
elif args.command == 'getall':
    if args.output == None:
        print(yaml.safe_dump(get_ecs()))
    else:
        wfile=open(file=args.output,mode='a')
        data=yaml.safe_dump(get_ecs())
        print(data,file=wfile)
elif args.command == 'delete':
     print(delete_ecs(name=args.name))

SDK

def get_kind() create_kind() delete_kind() # # 注意方法名 # 切记 # 

multiattach true # 硬盘启用共享 

硬盘 在meta中添加两条 参数    __system__cmkid':  加密的密钥id   '&&'__system__encrypted':'1  #启用加密

弹性伸缩组 get_group  create_group delete_group 方法名 参数 # delete_publicip=True

apig_sdk

from datetime import datetime
from apig_sdk import signer
import requests
# 进行AK/SK签名认证
sig = signer.Signer()
sig.Key= "9S0FNFQRWCSPN3KD1C7M"
sig.Secret= "3zVM5ncmvg4Yzq8Z1czs8TOnEzRBNZBgjiOVQZyo"
class cce:
    def create_cce(self):
        r=signer.HttpRequest(method='POST',url='https://cce.cn-north-4.myhuaweicloud.com/api/v3/projects/62674c49025f4eb59605f2f836af08eb/clusters',headers={"Content-Type":"application/json","x-stage": "RELEASE"},body='{"kind":"Cluster","apiVersion":"v3","metadata":{"name":"chinaskillcces"},"spec":{"flavor":"cce.s1.small","hostNetwork":{"vpc":"73c548f7-8be2-4325-978d-6c53b9a49bc1","subnet":"d7fe5e6d-7369-49db-9f83-8157094dc5b1"},"containerNetwork":{"mode":"vpc-router"},"billingMode":0}}')
        sig.Sign(r)
        resp = requests.request(r.method, r.scheme + "://" + r.host + r.uri, headers=r.headers, data=r.body)
        print(resp.status_code, resp.reason)
        print(resp.content)
    def delete_cce(self):
        r=signer.HttpRequest(method='DELETE',url='https://cce.cn-north-4.myhuaweicloud.com/api/v3/projects/62674c49025f4eb59605f2f836af08eb/clusters/4081cd15-4fd4-11ee-b5c2-0255ac10026a',headers={"Content-Type":"application/json","x-stage": "RELEASE"})
        sig.Sign(r)
        resp = requests.request(r.method, r.scheme + "://" + r.host + r.uri, headers=r.headers, data=r.body)
        print(resp.status_code, resp.reason)
        print(resp.content)
class ecs:
    def create_ecs(self):
        r=signer.HttpRequest(method='POST',url='https://ecs.cn-north-4.myhuaweicloud.com/v1/62674c49025f4eb59605f2f836af08eb/cloudservers',headers={"Content-Type":"application/json","x-stage": "RELEASE"},body='{"dry_run":true,"server":{"adminPass":"Abc@1234","availability_zone":"cn-north-4a","batch_create_in_multi_az":false,"count":1,"data_volumes":[{"volumetype":"SSD","size":40,"shareable":false,"multiattach":false,"hw:passthrough":false,"metadata":{"__system__encrypted":"0"},"delete_on_termination":false}],"extendparam":{"chargingMode":0,"support_auto_recovery":false,"enterprise_project_id":"0"},"flavorRef":"ac7.large.2","imageRef":"02a17486-1214-4e42-8da7-7d200cac585e","isAutoRename":true,"name":"chinaskill001","nics":[{"subnet_id":"d7fe5e6d-7369-49db-9f83-8157094dc5b1"}],"publicip":{"delete_on_termination":false},"root_volume":{"volumetype":"SSD","hw:passthrough":false,"metadata":{"__system__encrypted":"0"}},"publicip": {"eip": {"iptype": "5_bgp","bandwidth": {"size": 5,"sharetype": "PER"},"extendparam": {"chargingMode": "postPaid"}}},"vpcid":"73c548f7-8be2-4325-978d-6c53b9a49bc1"}}')
        sig.Sign(r)
        resp = requests.request(r.method, r.scheme + "://" + r.host + r.uri, headers=r.headers, data=r.body)
        print(resp.status_code, resp.reason)
        print(resp.content)
    def get_ecs(self):
        server_id='93e2b8bf-0e44-4c41-a041-28960d1f2f69'
        r=signer.HttpRequest(method='GET',url='https://ecs.cn-north-4.myhuaweicloud.com/v1/62674c49025f4eb59605f2f836af08eb/cloudservers/'+server_id)
        sig.Sign(r)
        resp = requests.request(r.method, r.scheme + "://" + r.host + r.uri, headers=r.headers, data=r.body)
        print(resp.status_code, resp.reason)
        print(resp.content)
class vpc:
    def get_vpc(self):
        r=signer.HttpRequest(method='GET',url='https://vpc.cn-north-4.myhuaweicloud.com/v3/62674c49025f4eb59605f2f836af08eb/vpc/vpcs/73c548f7-8be2-4325-978d-6c53b9a49bc1')
        sig.Sign(r)
        resp = requests.request(r.method, r.scheme + "://" + r.host + r.uri, headers=r.headers, data=r.body)
        print(resp.status_code, resp.reason)
        print(resp.content)

#运维部署

[root@localhost ~]# vim /etc/sysctl.conf
添加
vm.max_map_count = 262144
# 生效
[root@localhost ~]# sysctl -p
vm.max_map_count = 262144

[root@localhost ~]# docker run -it -d -p 5601:5601 -p 9200:9200 -p 5044:5044  --name elk -e ES_MIN_MEM=512m -e ES_MAX_MEM=1024m sebp/elk:latest

---
var config={_id:"rs",members:[{_id:0,host:"172.16.2.157:27017"},{_id:1,host:"172.16.2.40:27017"}]}
rs.initiate(config)

yum -y install make gcc gcc-c++  #这步建议直接用华为云自带repo进行安装
yum -y install nodejs
npm install -g inherits n && sudo n 12.16.1
cp /usr/local/bin/node /usr/bin
node -v

npm install  #这一步执行出现报错，可能是网络掉包的原因，可一直执行该命令到成功！
export ROOT_URL='http://localhost:3000'
export PORT="3000"
export MONGO_URL='mongodb://172.16.2.63:27017/rocketchat?replicsSet=rs' #mongdb主节点ip
export MONGO_OPLOG_URL=mongodb://172.16.2.63:27017/local?replicaSet=rs

------
[root@localhost chkrootkit-0.55]# make sense

#扫描结果保存
mkdir /var/log/chkrootkit
./chkrootkit > /var/log/chkrootkit/chkrootkit.log
#Warning

-------
#部署 mariadb
#values.yaml
service:
  type: NodePort
  port: 3306
  nodePort:
    master: 32334
  #   slave: 30002
---
rootUser:
  password: "chinaskill"
  forcePassword: true

forcePassword: true 参数的作用是强制要求用户在每次使用 helm upgrade 命令更新 MariaDB Helm Chart 时都必须指定密码。
当 forcePassword 设置为 true 时，如果没有明确指定密码，helm upgrade 将会失败。这样做是为了确保在更新部署时不会意外地更改数据库的密码，并防止由于缺少密码参数而导致的配置错误。
设置 forcePassword: true 是一种良好的实践，可以增加部署的安全性，并鼓励在更新 Helm Chart 时管理和保持凭据的一致性。
---
master:
  persistence:
    enabled: false #使用临时卷emptyDir，false不使用pvc
---
slave:
  persistence:
    enabled: false #使用临时卷emptyDir，false不使用pvc
    
------
#chartmuseum.yaml
        env:
        - name: DEBUG
          value: "true"
        - name: STORAGE
          value: local
        - name: STORAGE_LOCAL_ROOTDIR
          value: /charts
        volumeMounts:
        - name: chartspath
          mountPath: /charts
      volumes:
      - name: chartspath
        hostPath:
          path: /data/charts
          
------
【提示】注意chartmuseum部署在那个节点，就在那个节点上传chart，因为节点不同，路劲会有问题，chart包需要在同节点主机上传
#添加本地仓库
kubectl get svc -n chartmuseum 
NAME          TYPE        CLUSTER-IP    EXTERNAL-IP   PORT(S)    AGE
chartmuseum   ClusterIP   10.96.35.99   <none>        8080/TCP   3h31m

helm repo add chartmuseum http://10.96.35.99:8080
"chartmuseum" has been added to your repositories

#上传chart
curl --data-binary "@wordpress-13.0.23.tgz" http://10.96.35.99:8080/api/charts
{"saved":true}  #返回true表示上传成功
#/data/charts #目录下存在上传的chart
-rw-r--r-- 1 1000 root   1423 Aug  5 22:26 index-cache.yaml
-rw-r--r-- 1 1000 root 126326 Aug  5 22:26 wordpress-13.0.23.tgz

#上传完，需要更新仓库
helm repo update 

#查询
curl http://10.96.35.99:8080/api/charts/wordpress