華爲雲

1 購買一個ESC雲主機
建立一個私鑰對
私鑰的權限必須是600
在windows上Xshell，導入
在Linux上ssh -i 私鑰的路徑 IP

2 購買一個彈性公網IP
須要手機短信驗證

3 綁定
鏈接 公網IP
##################################################################################
[root@room9pc01 ~]# ll /root/桌面/abc.pem
-rw-r--r-- 1 root root 1706 1月 5 10:54 /root/桌面/abc.pem

[root@room9pc01 ~]# chmod 600 /root/桌面/abc.pem 私鑰的權限必須是600

[root@room9pc01 ~]# ll /root/桌面/abc.pem
-rw------- 1 root root 1706 1月 5 10:54 /root/桌面/abc.pem

[root@room9pc01 ~]# ssh -i '/root/桌面/abc.pem' 139.9.60.12
顯示以下：
Welcome to Huawei Cloud Service

[root@ecs-abc ~]# passwd root 給虛擬機配root密碼
更改用戶 root 的密碼 。
新的 密碼： 設置密碼
從新輸入新的 密碼：
passwd：全部的身份驗證令牌已經成功更新。

[root@ecs-abc ~]# exit

[root@room9pc01 ~]# ssh 139.9.60.12
root@139.9.60.12's password: 輸入密碼登錄
Last login: Sat Jan 5 11:27:22 2019 from 14.20.39.72

Welcome to Huawei Cloud Service

[root@ecs-abc ~]# yum -y install vsftpd
[root@ecs-abc ~]# cd /var/ftp/
[root@ecs-abc ftp]# ls
pub

[root@ecs-abc ftp]# mkdir local
[root@ecs-abc ftp]# ls
local pub

[root@ecs-abc ftp]# cd local/
[root@ecs-abc local]# ls
#########################################################################################
真機傳nginx的rpm包 給虛擬機abc

[root@room9pc01 ~]# scp nginx-1.12.2-10.x86_64.rpm 139.9.60.12:/var/ftp/local
#########################################################################################
虛擬機abc

增長ftp的yum源
[root@ecs-abc local]# pwd
/var/ftp/local
[root@ecs-abc local]# ls
nginx-1.12.2-10.x86_64.rpm 注意，這個是rpm包！不能是tar包！不然yum repolist時，沒法識別！

[root@ecs-abc local]# yum provides createrepo 查看提供createrepo這個命令的程序是什麼
... ...
createrepo-0.9.9-28.el7.noarch : Creates a common metadata repository 這個就是提供createrepo這個命令的程序

[root@ecs-abc local]# yum -y install createrepo-0.9.9-28.el7.noarch 安裝該程序

[root@ecs-abc local]# createrepo --update . 在有nginx的yum源目錄（.表明當前目錄）下，更新建立倉庫清單
顯示以下：
Could not find valid repo at: /var/ftp/local/.
Spawning worker 0 with 1 pkgs
Workers Finished
Saving Primary metadata
Saving file lists metadata
Saving other metadata
Generating sqlite DBs
Sqlite DBs complete

[root@ecs-abc local]# ls
nginx-1.12.2-10.x86_64.rpm repodata 能看到已經生成倉庫清單目錄repodata

[root@ecs-abc ~]# systemctl restart vsftpd
[root@ecs-abc ~]# systemctl enable vsftpd
顯示以下：
Created symlink from /etc/systemd/system/multi-user.target.wants/vsftpd.service to /usr/lib/systemd/system/vsftpd.service.

修改遠程配置
[root@ecs-abc local]# vim /etc/ssh/ssh_config
35 # StrictHostKeyChecking ask 複製第35行,這行的意思是默認第一次鏈接時要問一下，要輸入yes才能鏈接
...
60 StrictHostKeyChecking no 粘貼到59行後，就是第一次鏈接不用回答yes，就能直接鏈接

[root@ecs-abc local]# cd /root/.ssh/
[root@ecs-abc .ssh]# ls
authorized_keys

真機傳私鑰abc.pem給虛擬機abc,放在目錄/root/.ssh/裏，並改私鑰的名字爲id_rsa
[root@room9pc01 ~]# scp '/root/桌面/abc.pem' 139.9.60.12:/root/.ssh/id_rsa

[root@ecs-abc .ssh]# ls
authorized_keys id_rsa
#########################################################################################
虛擬機abc遠程進入虛擬機abc2

[root@ecs-abc .ssh]# ssh 192.168.1.134
顯示以下：
Warning: Permanently added '192.168.1.134' (ECDSA) to the list of known hosts.
Welcome to Huawei Cloud Service

[root@ecs-abc2 ~]# cd /etc/yum.repos.d/
[root@ecs-abc2 yum.repos.d]# ls
CentOS-Base.repo CentOS-fasttrack.repo CentOS-Vault.repo
CentOS-CR.repo CentOS-Media.repo epel.repo
CentOS-Debuginfo.repo CentOS-Sources.repo epel-testing.repo

[root@ecs-abc2 yum.repos.d]# rm -rf * 清空/etc/yum.repos.d/下的全部文件
[root@ecs-abc2 yum.repos.d]# ls

如下是查看華爲官網的yum文檔，複製的命令，能夠鏈接華爲的公開的yum源
[root@ecs-abc2 yum.repos.d]# curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.myhuaweicloud.com/repo/CentOS-Base-7.repo
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 1737 100 1737 0 0 231k 0 --:--:-- --:--:-- --:--:-- 242k

[root@ecs-abc2 yum.repos.d]# ls 查看到已經生成了對應的repo配置文件
CentOS-Base.repo

[root@ecs-abc2 yum.repos.d]# yum repolist
已加載插件：fastestmirror
Repodata is over 2 weeks old. Install yum-cron? Or run: yum makecache fast
Determining fastest mirrors
源標識 源名稱 狀態
!base/7/x86_64 CentOS-7 - Base 9,911
!extras/7/x86_64 CentOS-7 - Extras 434
!updates/7/x86_64 CentOS-7 - Updates 1,614
repolist: 11,959 能夠看到有不少包

[root@ecs-abc2 yum.repos.d]# vim CentOS-Base.repo 修改剛纔生成的那個repo配置文件
追加
[local]
name=local
baseurl=ftp://192.168.1.252/local 添加一個跳板機，虛擬機abc的ftp裏面的yum源
enabled=1
gpgcheck=0

[root@ecs-abc2 yum.repos.d]# yum repolist
... ...
local local 1 能看到已經成功訪問跳板機的yum源了
... ...
repolist: 11,887
#########################################################################################
虛擬機abc

[root@ecs-abc ~]# ss -tunlp 可以看到有個程序ntpd，是提供時間同步服務的
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
udp UNCONN 0 0 *:68 *:* users:(("dhclient",pid=509,fd=6))
udp UNCONN 0 0 192.168.1.252:123 *:* users:(("ntpd",pid=476,fd=21))
udp UNCONN 0 0 127.0.0.1:123 *:* users:(("ntpd",pid=476,fd=18))
udp UNCONN 0 0 *:123 *:* users:(("ntpd",pid=476,fd=16))
udp UNCONN 0 0 fe80::f816:3eff:fe4a:790b%eth0:123 :::* users:(("ntpd",pid=476,fd=22))
udp UNCONN 0 0 ::1:123 :::* users:(("ntpd",pid=476,fd=19))
udp UNCONN 0 0 :::123 :::* users:(("ntpd",pid=476,fd=17))
tcp LISTEN 0 100 127.0.0.1:25 *:* users:(("master",pid=954,fd=13))
tcp LISTEN 0 128 *:22 *:* users:(("sshd",pid=1171,fd=3))
tcp LISTEN 0 100 ::1:25 :::* users:(("master",pid=954,fd=14))
tcp LISTEN 0 32 :::21 :::* users:(("vsftpd",pid=1719,fd=4))
tcp LISTEN 0 128 :::22 :::* users:(("sshd",pid=1171,fd=4))

[root@ecs-abc ~]# ps -ef | grep ntp
ntp 466 1 0 19:21 ? 00:00:00 /usr/sbin/ntpd -u ntp:ntp -g
root 1392 1337 0 19:26 pts/0 00:00:00 grep --color=auto ntp

[root@ecs-abc ~]# rpm -qa | grep postfix 當前安裝有郵件服務，不須要用到
postfix-2.10.1-6.el7.x86_64

[root@ecs-abc ~]# yum -y install chrony 安裝時間同步服務chrony
[root@ecs-abc ~]# cat /etc/ntp.conf.rpmsave 查看當前跟誰同步
... ...
server ntp.myhuaweicloud.com iburst 複製最後一行，能夠看到當前跟華爲雲同步時間

[root@ecs-abc ~]# vim /etc/chrony.conf
... ...
#server 0.centos.pool.ntp.org iburst 註釋這行
#server 1.centos.pool.ntp.org iburst 註釋這行
#server 2.centos.pool.ntp.org iburst 註釋這行
#server 3.centos.pool.ntp.org iburst 註釋這行
server ntp.myhuaweicloud.com iburst 粘貼剛纔複製的那一行,能夠看到當前跟 華爲雲 同步時間
... ...

[root@ecs-abc ~]# systemctl stop ntpd 關閉ntpd服務
[root@ecs-abc ~]# yum -y remove ntp 卸載ntpd服務
[root@ecs-abc ~]# yum -y remove postfix 不須要用到郵件服務，因此卸載

[root@ecs-abc ~]# systemctl restart chronyd 啓動chronyd時間同步
[root@ecs-abc ~]# systemctl enable chronyd

[root@ecs-abc ~]# chronyc sources -v 查看當前跟誰同步，同步的狀態
210 Number of sources = 1

.-- Source mode '^' = server, '=' = peer, '#' = local clock.
/ .- Source state '*' = current synced, '+' = combined , '-' = not combined,
| / '?' = unreachable, 'x' = time may be in error, '~' = time too variable.
|| .- xxxx [ yyyy ] +/- zzzz
|| Reachability register (octal) -. | xxxx = adjusted offset,
|| Log2(Polling interval) --. | | yyyy = measured offset,
|| \ | | zzzz = estimated error.
|| | | \
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* 100.125.1.251 3 9 377 333 -19us[ -324us] +/- 454ms
能夠看到當前跟 華爲雲 100.125.1.251同步時間

若是不記得命令了，能夠man幫助
[root@ecs-abc2 ~]# man chronyc
進入man幫助的頁面後，摁shift+：，而後直接打example，搜索相關的例子
#########################################################################################
虛擬機abc遠程進入虛擬機abc2

[root@ecs-abc2 ~]# ss -tunlp
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
udp UNCONN 0 0 *:68 *:* users:(("dhclient",pid=517,fd=6))
udp UNCONN 0 0 192.168.1.151:123 *:* users:(("ntpd",pid=466,fd=21))
udp UNCONN 0 0 127.0.0.1:123 *:* users:(("ntpd",pid=466,fd=18))
udp UNCONN 0 0 *:123 *:* users:(("ntpd",pid=466,fd=16))
udp UNCONN 0 0 fe80::f816:3eff:fe18:b5a9%eth0:123 :::* users:(("ntpd",pid=466,fd=22))
udp UNCONN 0 0 ::1:123 :::* users:(("ntpd",pid=466,fd=19))
udp UNCONN 0 0 :::123 :::* users:(("ntpd",pid=466,fd=17))
tcp LISTEN 0 100 127.0.0.1:25 *:* users:(("master",pid=959,fd=13))
tcp LISTEN 0 128 *:22 *:* users:(("sshd",pid=1176,fd=3))
tcp LISTEN 0 100 ::1:25 :::* users:(("master",pid=959,fd=14))
tcp LISTEN 0 128 :::22 :::* users:(("sshd",pid=1176,fd=4))

[root@ecs-abc2 ~]# yum -y install chrony

[root@ecs-abc2 ~]# cat /etc/ntp.conf.rpmsave 查看當前跟誰同步
... ...
server ntp.myhuaweicloud.com iburst 複製最後一行，能夠看到當前跟華爲雲同步時間

[root@ecs-abc2 ~]# vim /etc/chrony.conf
... ...
#server 0.centos.pool.ntp.org iburst 註釋這行
#server 1.centos.pool.ntp.org iburst 註釋這行
#server 2.centos.pool.ntp.org iburst 註釋這行
#server 3.centos.pool.ntp.org iburst 註釋這行
server ntp.myhuaweicloud.com iburst 粘貼剛纔複製的那一行,能夠看到當前跟 華爲雲 同步時間
... ...

[root@ecs-abc2 ~]# systemctl stop ntpd
[root@ecs-abc2 ~]# yum -y remove ntp
[root@ecs-abc2 ~]# yum -y remove postfix

[root@ecs-abc2 ~]# systemctl restart chronyd
[root@ecs-abc2 ~]# systemctl enable chronyd

[root@ecs-abc2 ~]# chronyc sources -v
210 Number of sources = 1

.-- Source mode '^' = server, '=' = peer, '#' = local clock.
/ .- Source state '*' = current synced, '+' = combined , '-' = not combined,
| / '?' = unreachable, 'x' = time may be in error, '~' = time too variable.
|| .- xxxx [ yyyy ] +/- zzzz
|| Reachability register (octal) -. | xxxx = adjusted offset,
|| Log2(Polling interval) --. | | yyyy = measured offset,
|| \ | | zzzz = estimated error.
|| | | \
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* 100.125.1.251 3 6 37 31 -2373ns[ -155us] +/- 470ms

[root@ecs-abc2 ~]# ss -tunlp 能夠看到當前的服務已經不多了
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
udp UNCONN 0 0 127.0.0.1:323 *:* users:(("chronyd",pid=1696,fd=1))
udp UNCONN 0 0 *:68 *:* users:(("dhclient",pid=520,fd=6))
udp UNCONN 0 0 ::1:323 :::* users:(("chronyd",pid=1696,fd=2))
tcp LISTEN 0 128 *:22 *:* users:(("sshd",pid=1170,fd=3))
tcp LISTEN 0 128 :::22 :::* users:(("sshd",pid=1170,fd=4))

[root@ecs-abc2 ~]# ss -tunl
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
udp UNCONN 0 0 127.0.0.1:323 *:*
udp UNCONN 0 0 *:68 *:*
udp UNCONN 0 0 ::1:323 :::*
tcp LISTEN 0 128 *:22 *:*
tcp LISTEN 0 128 :::22 :::*

[root@ecs-abc2 ~]# rpm -qa | wc -l 目前已經安裝的包，查到是363個，很精簡了
363

[root@ecs-abc2 ~]# poweroff
#####################################################################################################
用虛擬機abc2建立成鏡像後，新建5臺虛擬機做爲web服務器

web服務器IP以下：
192.168.1.123
192.168.1.160
192.168.1.88
192.168.1.130
192.168.1.77
#####################################################################################################
虛擬機abc

華爲雲的yum源裏自帶有ansible包
[root@ecs-abc ~]# yum list | grep ansible
ansible.noarch 2.7.5-1.el7 epel
ansible-doc.noarch 2.7.5-1.el7 epel
ansible-inventory-grapher.noarch 2.4.4-1.el7 epel
ansible-lint.noarch 3.4.21-1.el7 epel
ansible-openstack-modules.noarch 0-20140902git79d751a.el7 epel
ansible-review.noarch 0.13.4-1.el7 epel
centos-release-ansible26.noarch 1-3.el7.centos extras
kubernetes-ansible.noarch 0.6.0-0.1.gitd65ebd5.el7 epel
python2-ansible-runner.noarch 1.0.1-1.el7 epel
python2-ansible-tower-cli.noarch 3.3.0-2.el7 epel

安裝ansible
[root@ecs-abc ~]# yum -y install ansible

[root@ecs-abc ~]# vim /etc/ansible/ansible.cfg
inventory = /etc/ansible/hosts 打開14行的註釋
host_key_checking = False 打開此行的註釋，不檢查遠程鏈接時的yes和no

[root@ecs-abc ~]# vim /etc/ansible/hosts
... ...
[web] 追加這幾行
192.168.1.123
192.168.1.160
192.168.1.88
192.168.1.130
192.168.1.77

查看web組裏有哪些主機
[root@ecs-abc ~]# ansible web --list-host
hosts (5):
192.168.1.123
192.168.1.160
192.168.1.88
192.168.1.130
192.168.1.77

統一ping，看看可否ping通
[root@ecs-abc ~]# ansible web -m ping
顯示以下：
192.168.1.130 | SUCCESS => {
"changed": false,
"ping": "pong"
}
... ...

統一執行uptime命令，查看情況
[root@ecs-abc ~]# ansible web -m shell -a 'uptime'
顯示以下：
192.168.1.88 | CHANGED | rc=0 >>
20:00:27 up 14 min, 1 user, load average: 0.00, 0.01, 0.05
... ...

統一安裝httpd[root@ecs-abc ~]# ansible web -m yum -a 'name=httpd state=installed'