华为云
1 购买一个ESC云主机
创建一个私钥对
私钥的权限必须是600
在windows上Xshell,导入
在Linux上ssh -i 私钥的路径 IP
2 购买一个弹性公网IP
需要手机短信验证
3 绑定
连接 公网IP
##################################################################################
[root@room9pc01 ~]# ll /root/桌面/abc.pem
-rw-r–r– 1 root root 1706 1月 5 10:54 /root/桌面/abc.pem
[root@room9pc01 ~]# chmod 600 /root/桌面/abc.pem 私钥的权限必须是600
[root@room9pc01 ~]# ll /root/桌面/abc.pem
-rw——- 1 root root 1706 1月 5 10:54 /root/桌面/abc.pem
[root@room9pc01 ~]# ssh -i \’/root/桌面/abc.pem\’ 139.9.60.12
显示如下:
Welcome to Huawei Cloud Service
[root@ecs-abc ~]# passwd root 给虚拟机配root密码
更改用户 root 的密码 。
新的 密码: 设置密码
重新输入新的 密码:
passwd:所有的身份验证令牌已经成功更新。
[root@ecs-abc ~]# exit
[root@room9pc01 ~]# ssh 139.9.60.12
root@139.9.60.12\’s password: 输入密码登陆
Last login: Sat Jan 5 11:27:22 2019 from 14.20.39.72
Welcome to Huawei Cloud Service
[root@ecs-abc ~]# yum -y install vsftpd
[root@ecs-abc ~]# cd /var/ftp/
[root@ecs-abc ftp]# ls
pub
[root@ecs-abc ftp]# mkdir local
[root@ecs-abc ftp]# ls
local pub
[root@ecs-abc ftp]# cd local/
[root@ecs-abc local]# ls
#########################################################################################
真机传nginx的rpm包 给虚拟机abc
[root@room9pc01 ~]# scp nginx-1.12.2-10.x86_64.rpm 139.9.60.12:/var/ftp/local
#########################################################################################
虚拟机abc
增加ftp的yum源
[root@ecs-abc local]# pwd
/var/ftp/local
[root@ecs-abc local]# ls
nginx-1.12.2-10.x86_64.rpm 注意,这个是rpm包!不能是tar包!否则yum repolist时,无法识别!
[root@ecs-abc local]# yum provides createrepo 查看提供createrepo这个命令的程序是什么
… …
createrepo-0.9.9-28.el7.noarch : Creates a common metadata repository 这个就是提供createrepo这个命令的程序
[root@ecs-abc local]# yum -y install createrepo-0.9.9-28.el7.noarch 安装该程序
[root@ecs-abc local]# createrepo –update . 在有nginx的yum源目录(.代表当前目录)下,更新创建仓库清单
显示如下:
Could not find valid repo at: /var/ftp/local/.
Spawning worker 0 with 1 pkgs
Workers Finished
Saving Primary metadata
Saving file lists metadata
Saving other metadata
Generating sqlite DBs
Sqlite DBs complete
[root@ecs-abc local]# ls
nginx-1.12.2-10.x86_64.rpm repodata 能看到已经生成仓库清单目录repodata
[root@ecs-abc ~]# systemctl restart vsftpd
[root@ecs-abc ~]# systemctl enable vsftpd
显示如下:
Created symlink from /etc/systemd/system/multi-user.target.wants/vsftpd.service to /usr/lib/systemd/system/vsftpd.service.
修改远程配置
[root@ecs-abc local]# vim /etc/ssh/ssh_config
35 # StrictHostKeyChecking ask 复制第35行,这行的意思是默认第一次连接时要问一下,要输入yes才能连接
…
60 StrictHostKeyChecking no 粘贴到59行后,就是第一次连接不用回答yes,就能直接连接
[root@ecs-abc local]# cd /root/.ssh/
[root@ecs-abc .ssh]# ls
authorized_keys
真机传私钥abc.pem给虚拟机abc,放在目录/root/.ssh/里,并改私钥的名字为id_rsa
[root@room9pc01 ~]# scp \’/root/桌面/abc.pem\’ 139.9.60.12:/root/.ssh/id_rsa
[root@ecs-abc .ssh]# ls
authorized_keys id_rsa
#########################################################################################
虚拟机abc远程进入虚拟机abc2
[root@ecs-abc .ssh]# ssh 192.168.1.134
显示如下:
Warning: Permanently added \’192.168.1.134\’ (ECDSA) to the list of known hosts.
Welcome to Huawei Cloud Service
[root@ecs-abc2 ~]# cd /etc/yum.repos.d/
[root@ecs-abc2 yum.repos.d]# ls
CentOS-Base.repo CentOS-fasttrack.repo CentOS-Vault.repo
CentOS-CR.repo CentOS-Media.repo epel.repo
CentOS-Debuginfo.repo CentOS-Sources.repo epel-testing.repo
[root@ecs-abc2 yum.repos.d]# rm -rf * 清空/etc/yum.repos.d/下的所有文件
[root@ecs-abc2 yum.repos.d]# ls
以下是查看华为官网的yum文档,复制的命令,可以连接华为的公开的yum源
[root@ecs-abc2 yum.repos.d]# curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.myhuaweicloud.com/repo/CentOS-Base-7.repo
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 1737 100 1737 0 0 231k 0 –:–:– –:–:– –:–:– 242k
[root@ecs-abc2 yum.repos.d]# ls 查看到已经生成了对应的repo配置文件
CentOS-Base.repo
[root@ecs-abc2 yum.repos.d]# yum repolist
已加载插件:fastestmirror
Repodata is over 2 weeks old. Install yum-cron? Or run: yum makecache fast
Determining fastest mirrors
源标识 源名称 状态
!base/7/x86_64 CentOS-7 – Base 9,911
!extras/7/x86_64 CentOS-7 – Extras 434
!updates/7/x86_64 CentOS-7 – Updates 1,614
repolist: 11,959 可以看到有很多包
[root@ecs-abc2 yum.repos.d]# vim CentOS-Base.repo 修改刚才生成的那个repo配置文件
追加
[local]
name=local
baseurl=ftp://192.168.1.252/local 添加一个跳板机,虚拟机abc的ftp里面的yum源
enabled=1
gpgcheck=0
[root@ecs-abc2 yum.repos.d]# yum repolist
… …
local local 1 能看到已经成功访问跳板机的yum源了
… …
repolist: 11,887
#########################################################################################
虚拟机abc
[root@ecs-abc ~]# ss -tunlp 能够看到有个程序ntpd,是提供时间同步服务的
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
udp UNCONN 0 0 *:68 *:* users:((“dhclient”,pid=509,fd=6))
udp UNCONN 0 0 192.168.1.252:123 *:* users:((“ntpd”,pid=476,fd=21))
udp UNCONN 0 0 127.0.0.1:123 *:* users:((“ntpd”,pid=476,fd=18))
udp UNCONN 0 0 *:123 *:* users:((“ntpd”,pid=476,fd=16))
udp UNCONN 0 0 fe80::f816:3eff:fe4a:790b%eth0:123 :::* users:((“ntpd”,pid=476,fd=22))
udp UNCONN 0 0 ::1:123 :::* users:((“ntpd”,pid=476,fd=19))
udp UNCONN 0 0 :::123 :::* users:((“ntpd”,pid=476,fd=17))
tcp LISTEN 0 100 127.0.0.1:25 *:* users:((“master”,pid=954,fd=13))
tcp LISTEN 0 128 *:22 *:* users:((“sshd”,pid=1171,fd=3))
tcp LISTEN 0 100 ::1:25 :::* users:((“master”,pid=954,fd=14))
tcp LISTEN 0 32 :::21 :::* users:((“vsftpd”,pid=1719,fd=4))
tcp LISTEN 0 128 :::22 :::* users:((“sshd”,pid=1171,fd=4))
[root@ecs-abc ~]# ps -ef | grep ntp
ntp 466 1 0 19:21 ? 00:00:00 /usr/sbin/ntpd -u ntp:ntp -g
root 1392 1337 0 19:26 pts/0 00:00:00 grep –color=auto ntp
[root@ecs-abc ~]# rpm -qa | grep postfix 当前安装有邮件服务,不需要用到
postfix-2.10.1-6.el7.x86_64
[root@ecs-abc ~]# yum -y install chrony 安装时间同步服务chrony
[root@ecs-abc ~]# cat /etc/ntp.conf.rpmsave 查看当前跟谁同步
… …
server ntp.myhuaweicloud.com iburst 复制最后一行,可以看到当前跟华为云同步时间
[root@ecs-abc ~]# vim /etc/chrony.conf
… …
#server 0.centos.pool.ntp.org iburst 注释这行
#server 1.centos.pool.ntp.org iburst 注释这行
#server 2.centos.pool.ntp.org iburst 注释这行
#server 3.centos.pool.ntp.org iburst 注释这行
server ntp.myhuaweicloud.com iburst 粘贴刚才复制的那一行,可以看到当前跟 华为云 同步时间
… …
[root@ecs-abc ~]# systemctl stop ntpd 关闭ntpd服务
[root@ecs-abc ~]# yum -y remove ntp 卸载ntpd服务
[root@ecs-abc ~]# yum -y remove postfix 不需要用到邮件服务,所以卸载
[root@ecs-abc ~]# systemctl restart chronyd 启动chronyd时间同步
[root@ecs-abc ~]# systemctl enable chronyd
[root@ecs-abc ~]# chronyc sources -v 查看当前跟谁同步,同步的状态
210 Number of sources = 1
.– Source mode \’^\’ = server, \’=\’ = peer, \’#\’ = local clock.
/ .- Source state \’*\’ = current synced, \’+\’ = combined , \’-\’ = not combined,
| / \’?\’ = unreachable, \’x\’ = time may be in error, \’~\’ = time too variable.
|| .- xxxx [ yyyy ] +/- zzzz
|| Reachability register (octal) -. | xxxx = adjusted offset,
|| Log2(Polling interval) –. | | yyyy = measured offset,
|| \ | | zzzz = estimated error.
|| | | \
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* 100.125.1.251 3 9 377 333 -19us[ -324us] +/- 454ms
可以看到当前跟 华为云 100.125.1.251同步时间
如果不记得命令了,可以man帮助
[root@ecs-abc2 ~]# man chronyc
进入man帮助的页面后,摁shift+:,然后直接打example,搜索相关的例子
#########################################################################################
虚拟机abc远程进入虚拟机abc2
[root@ecs-abc2 ~]# ss -tunlp
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
udp UNCONN 0 0 *:68 *:* users:((“dhclient”,pid=517,fd=6))
udp UNCONN 0 0 192.168.1.151:123 *:* users:((“ntpd”,pid=466,fd=21))
udp UNCONN 0 0 127.0.0.1:123 *:* users:((“ntpd”,pid=466,fd=18))
udp UNCONN 0 0 *:123 *:* users:((“ntpd”,pid=466,fd=16))
udp UNCONN 0 0 fe80::f816:3eff:fe18:b5a9%eth0:123 :::* users:((“ntpd”,pid=466,fd=22))
udp UNCONN 0 0 ::1:123 :::* users:((“ntpd”,pid=466,fd=19))
udp UNCONN 0 0 :::123 :::* users:((“ntpd”,pid=466,fd=17))
tcp LISTEN 0 100 127.0.0.1:25 *:* users:((“master”,pid=959,fd=13))
tcp LISTEN 0 128 *:22 *:* users:((“sshd”,pid=1176,fd=3))
tcp LISTEN 0 100 ::1:25 :::* users:((“master”,pid=959,fd=14))
tcp LISTEN 0 128 :::22 :::* users:((“sshd”,pid=1176,fd=4))
[root@ecs-abc2 ~]# yum -y install chrony
[root@ecs-abc2 ~]# cat /etc/ntp.conf.rpmsave 查看当前跟谁同步
… …
server ntp.myhuaweicloud.com iburst 复制最后一行,可以看到当前跟华为云同步时间
[root@ecs-abc2 ~]# vim /etc/chrony.conf
… …
#server 0.centos.pool.ntp.org iburst 注释这行
#server 1.centos.pool.ntp.org iburst 注释这行
#server 2.centos.pool.ntp.org iburst 注释这行
#server 3.centos.pool.ntp.org iburst 注释这行
server ntp.myhuaweicloud.com iburst 粘贴刚才复制的那一行,可以看到当前跟 华为云 同步时间
… …
[root@ecs-abc2 ~]# systemctl stop ntpd
[root@ecs-abc2 ~]# yum -y remove ntp
[root@ecs-abc2 ~]# yum -y remove postfix
[root@ecs-abc2 ~]# systemctl restart chronyd
[root@ecs-abc2 ~]# systemctl enable chronyd
[root@ecs-abc2 ~]# chronyc sources -v
210 Number of sources = 1
.– Source mode \’^\’ = server, \’=\’ = peer, \’#\’ = local clock.
/ .- Source state \’*\’ = current synced, \’+\’ = combined , \’-\’ = not combined,
| / \’?\’ = unreachable, \’x\’ = time may be in error, \’~\’ = time too variable.
|| .- xxxx [ yyyy ] +/- zzzz
|| Reachability register (octal) -. | xxxx = adjusted offset,
|| Log2(Polling interval) –. | | yyyy = measured offset,
|| \ | | zzzz = estimated error.
|| | | \
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* 100.125.1.251 3 6 37 31 -2373ns[ -155us] +/- 470ms
[root@ecs-abc2 ~]# ss -tunlp 可以看到当前的服务已经很少了
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
udp UNCONN 0 0 127.0.0.1:323 *:* users:((“chronyd”,pid=1696,fd=1))
udp UNCONN 0 0 *:68 *:* users:((“dhclient”,pid=520,fd=6))
udp UNCONN 0 0 ::1:323 :::* users:((“chronyd”,pid=1696,fd=2))
tcp LISTEN 0 128 *:22 *:* users:((“sshd”,pid=1170,fd=3))
tcp LISTEN 0 128 :::22 :::* users:((“sshd”,pid=1170,fd=4))
[root@ecs-abc2 ~]# ss -tunl
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
udp UNCONN 0 0 127.0.0.1:323 *:*
udp UNCONN 0 0 *:68 *:*
udp UNCONN 0 0 ::1:323 :::*
tcp LISTEN 0 128 *:22 *:*
tcp LISTEN 0 128 :::22 :::*
[root@ecs-abc2 ~]# rpm -qa | wc -l 目前已经安装的包,查到是363个,很精简了
363
[root@ecs-abc2 ~]# poweroff
#####################################################################################################
用虚拟机abc2创建成镜像后,新建5台虚拟机作为web服务器
web服务器IP如下:
192.168.1.123
192.168.1.160
192.168.1.88
192.168.1.130
192.168.1.77
#####################################################################################################
虚拟机abc
华为云的yum源里自带有ansible包
[root@ecs-abc ~]# yum list | grep ansible
ansible.noarch 2.7.5-1.el7 epel
ansible-doc.noarch 2.7.5-1.el7 epel
ansible-inventory-grapher.noarch 2.4.4-1.el7 epel
ansible-lint.noarch 3.4.21-1.el7 epel
ansible-openstack-modules.noarch 0-20140902git79d751a.el7 epel
ansible-review.noarch 0.13.4-1.el7 epel
centos-release-ansible26.noarch 1-3.el7.centos extras
kubernetes-ansible.noarch 0.6.0-0.1.gitd65ebd5.el7 epel
python2-ansible-runner.noarch 1.0.1-1.el7 epel
python2-ansible-tower-cli.noarch 3.3.0-2.el7 epel
安装ansible
[root@ecs-abc ~]# yum -y install ansible
[root@ecs-abc ~]# vim /etc/ansible/ansible.cfg
inventory = /etc/ansible/hosts 打开14行的注释
host_key_checking = False 打开此行的注释,不检查远程连接时的yes和no
[root@ecs-abc ~]# vim /etc/ansible/hosts
… …
[web] 追加这几行
192.168.1.123
192.168.1.160
192.168.1.88
192.168.1.130
192.168.1.77
查看web组里有哪些主机
[root@ecs-abc ~]# ansible web –list-host
hosts (5):
192.168.1.123
192.168.1.160
192.168.1.88
192.168.1.130
192.168.1.77
统一ping,看看能否ping通
[root@ecs-abc ~]# ansible web -m ping
显示如下:
192.168.1.130 | SUCCESS => {
“changed”: false,
“ping”: “pong”
}
… …
统一执行uptime命令,查看状况
[root@ecs-abc ~]# ansible web -m shell -a \’uptime\’
显示如下:
192.168.1.88 | CHANGED | rc=0 >>
20:00:27 up 14 min, 1 user, load average: 0.00, 0.01, 0.05
… …
统一安装httpd
[root@ecs-abc ~]# ansible web -m yum -a \’name=httpd state=installed\’