云计算平台运维与应用

1.私有云平台运维

（1）Keystone 组件运维

• 安装keystone服务组件；

脚本

#!/bin/bash
###############################################
# install keystone for Openstack on controller
# Author:Ann  Date:2022-1-5
###############################################


mysql -uroot -p000000 -e "create database IF NOT EXISTS keystone ;"
mysql -uroot -p000000 -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'KEYSTONE_DBPASS';"
mysql -uroot -p000000 -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'KEYSTONE_DBPASS';"


yum -y install openstack-keystone httpd mod_wsgi
yum -y install openstack-utils

#配置数据库连接
openstack-config --set /etc/keystone/keystone.conf database connection  mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone
#使用fernet生产token
openstack-config --set /etc/keystone/keystone.conf token provider  fernet
#同步数据库
su -s /bin/sh -c "keystone-manage db_sync" keystone
#初始化fernet
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
#注册keystone
keystone-manage bootstrap --bootstrap-password ADMIN_PASS \
--bootstrap-admin-url http://controller:5000/v3/ \
--bootstrap-internal-url http://controller:5000/v3/ \
--bootstrap-public-url http://controller:5000/v3/ \
--bootstrap-region-id RegionOne

#修改apache配置
sed -i "s/#ServerName www.example.com:80/ServerName controller/g" /etc/httpd/conf/httpd.conf 
ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
systemctl restart httpd
systemctl enable httpd

#配置临时管理账户
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3


#创建域、项目、用户和角色
openstack domain create --description "An Example Domain" example
openstack project create --domain default --description "Service Project" service
openstack project create --domain default --description "Demo Project" demo
openstack user create --domain default --password DEMO_PASS demo
openstack role create user
openstack role add --project demo --user demo user


unset OS_AUTH_URL OS_PASSWORD

cat > ~/admin-openrc.sh <<-EOF
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
EOF

cat > ~/demo-openrc.sh <<-EOF
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=DEMO_PASS
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
EOF

echo "source ~/admin-openrc.sh" >> ~/.bashrc
bash

执行

#执行脚本
cd 
 #给可执行权限
chmod +x *.sh
./openstack-keystone-install.sh

#验证
source admin-openrc.sh
openstack token issue

• 创建一个名称为“bob”账户，密码为“mypassword123”，邮箱为“bob@example.com”；

source /etc/keystone/admin-openrc.sh
# 创建名为 'domain' 的域
openstack domain create domain
#创建用户
openstack user create --password mypassword123 --email bob@example.com --domain domain bob

• 创建一个名为“acme”项目；

openstack project create --domain domain acme

• 角色限定了用户的操作权限。例如，创建一个角色“compute-user”；

openstack role create compute-user

• 添加的用户需要分配一定的权限，这就需要把用户关联绑定到对应的项目和角色，例如，给用户“bob”分配“acme”项目下的“compute-user”角色。

openstack role add --user bob --project acme compute-user

（2）Glance 组件运维

• 安装glance服务组件，

脚本

#!/bin/bash
###############################################
# install glance for Openstack on controller
# Author:Ann  Date:2022-1-5
###############################################


source  ~/admin-openrc.sh 
mysql -uroot -p000000 -e "create database IF NOT EXISTS glance;"
mysql -uroot -p000000 -e "GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'GLANCE_DBPASS' ;"
mysql -uroot -p000000 -e "GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'GLANCE_DBPASS' ;"

openstack user create --domain default --password GLANCE_PASS glance
openstack role add --project service --user glance admin
openstack service create --name glance --description "OpenStack Image" image

openstack endpoint create --region RegionOne image public http://controller:9292
openstack endpoint create --region RegionOne image internal http://controller:9292
openstack endpoint create --region RegionOne image admin http://controller:9292

yum install -y openstack-glance 

openstack-config --set /etc/glance/glance-api.conf database connection  mysql+pymysql://glance:GLANCE_DBPASS@controller/glance
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_uri http://controller:5000
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_url http://controller:5000
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken memcached_servers  controller:11211
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_type password
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken project_domain_name default
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken user_domain_name default
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken project_name service
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken username glance
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken password GLANCE_PASS
openstack-config --set /etc/glance/glance-api.conf paste_deploy flavor keystone
openstack-config --set /etc/glance/glance-api.conf glance_store stores file,http
openstack-config --set /etc/glance/glance-api.conf glance_store default_store file
openstack-config --set /etc/glance/glance-api.conf glance_store filesystem_store_datadir /var/lib/glance/images/

openstack-config --set /etc/glance/glance-registry.conf database connection  mysql+pymysql://glance:GLANCE_DBPASS@controller/glance
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_uri http://controller:5000
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_url http://controller:35357
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_type password
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken project_domain_name default
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken user_domain_name default
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken project_name service
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken username glance
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken password GLANCE_PASS
openstack-config --set /etc/glance/glance-registry.conf paste_deploy flavor keystone


su -s /bin/sh -c "glance-manage db_sync" glance

systemctl enable openstack-glance-api.service openstack-glance-registry.service
systemctl restart openstack-glance-api.service openstack-glance-registry.service

执行

#执行脚本
cd 
./openstack-glance-install.sh

#验证glance
wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-i386-disk.img

• 创建一个名称为“cirros”镜像，镜像文件使用提供的为“cirros-0.3.4-x86_64-disk.img”，

#镜像上传到/root下
glance image-create --name "cirros" --disk-format qcow2 --container-format bare --progress < cirros-0.3.4-x86_64-disk.img

• 查询镜像列表命令及结果，

glance image-list

• 通过glanceimage-show命令查看镜像的详细信息，其中参数可以是镜像id或者镜像名称。

glance image-show d376d9a2-9974-4e8d-869d-149af33b4bdd

（3）nova组件运维

• 安装nova服务组件；

脚本

#!/bin/bash
###############################################
# install nova for Openstack on controller
# Author:Ann  Date:2022-1-5
###############################################


source ~/admin-openrc.sh

mysql -uroot -p000000 -e "create database IF NOT EXISTS nova;"
mysql -uroot -p000000 -e "create database IF NOT EXISTS nova_api;"
mysql -uroot -p000000 -e "create database IF NOT EXISTS nova_cell0 ;"

mysql -uroot -p000000 -e " GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';"
mysql -uroot -p000000 -e " GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';"
mysql -uroot -p000000 -e " GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';"
mysql -uroot -p000000 -e " GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';"
mysql -uroot -p000000 -e " GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';"
mysql -uroot -p000000 -e " GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';"


openstack user create --domain default --password NOVA_PASS nova
openstack role add --project service --user nova admin
openstack service create --name nova --description "OpenStack Compute" compute
openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1
openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1
openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1

openstack user create --domain default --password PLACEMENT_PASS placement
openstack role add --project service --user placement admin
openstack service create --name placement --description "Placement API" placement
openstack endpoint create --region RegionOne placement public http://controller:8778
openstack endpoint create --region RegionOne placement internal http://controller:8778
openstack endpoint create --region RegionOne placement admin http://controller:8778

yum install -y openstack-nova-api openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler openstack-nova-placement-api

openstack-config --set /etc/nova/nova.conf database connection mysql+pymysql://nova:NOVA_DBPASS@controller/nova 
openstack-config --set /etc/nova/nova.conf DEFAULT  transport_url  rabbit://openstack:RABBIT_PASS@controller
openstack-config --set /etc/nova/nova.conf DEFAULT  enabled_apis osapi_compute,metadata
openstack-config --set /etc/nova/nova.conf DEFAULT  my_ip  10.0.0.11
openstack-config --set /etc/nova/nova.conf DEFAULT  use_neutron  True
openstack-config --set /etc/nova/nova.conf DEFAULT  firewall_driver  nova.virt.firewall.NoopFirewallDriver
openstack-config --set /etc/nova/nova.conf api auth_strategy keystone
openstack-config --set /etc/nova/nova.conf api_database connection mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_url http://controller:5000/v3
openstack-config --set /etc/nova/nova.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_type  password
openstack-config --set /etc/nova/nova.conf keystone_authtoken project_domain_name default
openstack-config --set /etc/nova/nova.conf keystone_authtoken user_domain_name  default
openstack-config --set /etc/nova/nova.conf keystone_authtoken project_name service
openstack-config --set /etc/nova/nova.conf keystone_authtoken username nova
openstack-config --set /etc/nova/nova.conf keystone_authtoken password NOVA_PASS
openstack-config --set /etc/nova/nova.conf vnc enabled  true
openstack-config --set /etc/nova/nova.conf vnc server_listen '$my_ip'
openstack-config --set /etc/nova/nova.conf vnc server_proxyclient_address  '$my_ip'
openstack-config --set /etc/nova/nova.conf glance api_servers http://controller:9292
openstack-config --set /etc/nova/nova.conf oslo_concurrency lock_path  /var/lib/nova/tmp
openstack-config --set /etc/nova/nova.conf placement os_region_name  RegionOne
openstack-config --set /etc/nova/nova.conf placement  project_domain_name  Default
openstack-config --set /etc/nova/nova.conf placement  project_name  service
openstack-config --set /etc/nova/nova.conf placement  auth_type  password
openstack-config --set /etc/nova/nova.conf placement  user_domain_name  Default
openstack-config --set /etc/nova/nova.conf placement  auth_url  http://controller:5000/v3
openstack-config --set /etc/nova/nova.conf placement  username  placement
openstack-config --set /etc/nova/nova.conf placement  password  PLACEMENT_PASS

cat > /etc/httpd/conf.d/00-nova-placement-api.conf <<-EOF
Listen 8778

<VirtualHost *:8778>
  WSGIProcessGroup nova-placement-api
  WSGIApplicationGroup %{GLOBAL}
  WSGIPassAuthorization On
  WSGIDaemonProcess nova-placement-api processes=3 threads=1 user=nova group=nova
  WSGIScriptAlias / /usr/bin/nova-placement-api
  <IfVersion >= 2.4>
    ErrorLogFormat "%M"
  </IfVersion>
  ErrorLog /var/log/nova/nova-placement-api.log
  <Directory /usr/bin>
   <IfVersion >= 2.4>
      Require all granted
   </IfVersion>
   <IfVersion < 2.4>
      Order allow,deny
      Allow from all
   </IfVersion>
  </Directory>

  #SSLEngine On
  #SSLCertificateFile ...
  #SSLCertificateKeyFile ...
</VirtualHost>

Alias /nova-placement-api /usr/bin/nova-placement-api
<Location /nova-placement-api>
  SetHandler wsgi-script
  Options +ExecCGI
  WSGIProcessGroup nova-placement-api
  WSGIApplicationGroup %{GLOBAL}
  WSGIPassAuthorization On
</Location>

<Directory /usr/bin>
   <IfVersion >= 2.4>
      Require all granted
   </IfVersion>
   <IfVersion < 2.4>
      Order allow,deny
      Allow from all
   </IfVersion>
</Directory>
EOF
systemctl restart httpd

su -s /bin/sh -c "nova-manage api_db sync" nova
su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1" nova
su -s /bin/sh -c "nova-manage db sync" nova

systemctl enable openstack-nova-api.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
systemctl start openstack-nova-api.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
nova service-list

执行

#执行脚本
cd 
./openstack-nova-install-controller.sh

• 使用命令创建一个名为test，ID为6，内存为2048MB，磁盘为20GB，vcpu数量为2的云主机类型；

nova flavor-create test 6 2048 20 2

• 查看test云主机类型的详细信息。

nova flavor-show test

（4）neutron组件运维

• 安装neutron服务组件；

脚本

#!/bin/bash
###############################################
# install nova for Openstack on controller
# Author:Ann  Date:2022-1-5
###############################################


source ~/admin-openrc.sh

mysql -uroot -p000000 -e "create database IF NOT EXISTS nova;"
mysql -uroot -p000000 -e "create database IF NOT EXISTS nova_api;"
mysql -uroot -p000000 -e "create database IF NOT EXISTS nova_cell0 ;"

mysql -uroot -p000000 -e " GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';"
mysql -uroot -p000000 -e " GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';"
mysql -uroot -p000000 -e " GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';"
mysql -uroot -p000000 -e " GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';"
mysql -uroot -p000000 -e " GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';"
mysql -uroot -p000000 -e " GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';"


openstack user create --domain default --password NOVA_PASS nova
openstack role add --project service --user nova admin
openstack service create --name nova --description "OpenStack Compute" compute
openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1
openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1
openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1

openstack user create --domain default --password PLACEMENT_PASS placement
openstack role add --project service --user placement admin
openstack service create --name placement --description "Placement API" placement
openstack endpoint create --region RegionOne placement public http://controller:8778
openstack endpoint create --region RegionOne placement internal http://controller:8778
openstack endpoint create --region RegionOne placement admin http://controller:8778

yum install -y openstack-nova-api openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler openstack-nova-placement-api

openstack-config --set /etc/nova/nova.conf database connection mysql+pymysql://nova:NOVA_DBPASS@controller/nova 
openstack-config --set /etc/nova/nova.conf DEFAULT  transport_url  rabbit://openstack:RABBIT_PASS@controller
openstack-config --set /etc/nova/nova.conf DEFAULT  enabled_apis osapi_compute,metadata
openstack-config --set /etc/nova/nova.conf DEFAULT  my_ip  10.0.0.11
openstack-config --set /etc/nova/nova.conf DEFAULT  use_neutron  True
openstack-config --set /etc/nova/nova.conf DEFAULT  firewall_driver  nova.virt.firewall.NoopFirewallDriver
openstack-config --set /etc/nova/nova.conf api auth_strategy keystone
openstack-config --set /etc/nova/nova.conf api_database connection mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_url http://controller:5000/v3
openstack-config --set /etc/nova/nova.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_type  password
openstack-config --set /etc/nova/nova.conf keystone_authtoken project_domain_name default
openstack-config --set /etc/nova/nova.conf keystone_authtoken user_domain_name  default
openstack-config --set /etc/nova/nova.conf keystone_authtoken project_name service
openstack-config --set /etc/nova/nova.conf keystone_authtoken username nova
openstack-config --set /etc/nova/nova.conf keystone_authtoken password NOVA_PASS
openstack-config --set /etc/nova/nova.conf vnc enabled  true
openstack-config --set /etc/nova/nova.conf vnc server_listen '$my_ip'
openstack-config --set /etc/nova/nova.conf vnc server_proxyclient_address  '$my_ip'
openstack-config --set /etc/nova/nova.conf glance api_servers http://controller:9292
openstack-config --set /etc/nova/nova.conf oslo_concurrency lock_path  /var/lib/nova/tmp
openstack-config --set /etc/nova/nova.conf placement os_region_name  RegionOne
openstack-config --set /etc/nova/nova.conf placement  project_domain_name  Default
openstack-config --set /etc/nova/nova.conf placement  project_name  service
openstack-config --set /etc/nova/nova.conf placement  auth_type  password
openstack-config --set /etc/nova/nova.conf placement  user_domain_name  Default
openstack-config --set /etc/nova/nova.conf placement  auth_url  http://controller:5000/v3
openstack-config --set /etc/nova/nova.conf placement  username  placement
openstack-config --set /etc/nova/nova.conf placement  password  PLACEMENT_PASS

cat > /etc/httpd/conf.d/00-nova-placement-api.conf <<-EOF
Listen 8778

<VirtualHost *:8778>
  WSGIProcessGroup nova-placement-api
  WSGIApplicationGroup %{GLOBAL}
  WSGIPassAuthorization On
  WSGIDaemonProcess nova-placement-api processes=3 threads=1 user=nova group=nova
  WSGIScriptAlias / /usr/bin/nova-placement-api
  <IfVersion >= 2.4>
    ErrorLogFormat "%M"
  </IfVersion>
  ErrorLog /var/log/nova/nova-placement-api.log
  <Directory /usr/bin>
   <IfVersion >= 2.4>
      Require all granted
   </IfVersion>
   <IfVersion < 2.4>
      Order allow,deny
      Allow from all
   </IfVersion>
  </Directory>

  #SSLEngine On
  #SSLCertificateFile ...
  #SSLCertificateKeyFile ...
</VirtualHost>

Alias /nova-placement-api /usr/bin/nova-placement-api
<Location /nova-placement-api>
  SetHandler wsgi-script
  Options +ExecCGI
  WSGIProcessGroup nova-placement-api
  WSGIApplicationGroup %{GLOBAL}
  WSGIPassAuthorization On
</Location>

<Directory /usr/bin>
   <IfVersion >= 2.4>
      Require all granted
   </IfVersion>
   <IfVersion < 2.4>
      Order allow,deny
      Allow from all
   </IfVersion>
</Directory>
EOF
systemctl restart httpd

su -s /bin/sh -c "nova-manage api_db sync" nova
su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1" nova
su -s /bin/sh -c "nova-manage db sync" nova

systemctl enable openstack-nova-api.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
systemctl start openstack-nova-api.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
nova service-list

执行

#执行脚本
cd 
./openstack-nova-install-controller.sh

• 使用Neutron相关命令查询网络服务的列表信息中的“binary”一列；

neutron agent-list -c binary

• 使用Neutron相关命令查询网络服务DHCPagent的详细信息。

neutron agent-list
neutron agent-show 245ae2f9-6220-4c00-a36d-542a746a3f9e

（5）dashboard运维

• 安装dashboard服务组件；

脚本

#!/bin/bash
###############################################
# install dashboard for Openstack on controller
# Author:Ann  Date:2022-1-6
###############################################

source  ~/admin-openrc.sh
yum -y install openstack-dashboard
cat > /etc/openstack-dashboard/local_settings <<-EOF
import os
from django.utils.translation import ugettext_lazy as _
from openstack_dashboard.settings import HORIZON_CONFIG
DEBUG = False
WEBROOT = '/dashboard/'
ALLOWED_HOSTS = ['*',]
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
OPENSTACK_API_VERSIONS = {
    "identity": 3,
    "image": 2,
    "volume": 2,
}
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = 'Default'
LOCAL_PATH = '/tmp'
SECRET_KEY='a98fb726ae49aeefb5ab'
CACHES = {
    'default': {
        'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
        'LOCATION': 'controller:11211',
    },
}
EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
OPENSTACK_HOST = "controller"
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
OPENSTACK_KEYSTONE_BACKEND = {
    'name': 'native',
    'can_edit_user': True,
    'can_edit_group': True,
    'can_edit_project': True,
    'can_edit_domain': True,
    'can_edit_role': True,
}
OPENSTACK_HYPERVISOR_FEATURES = {
    'can_set_mount_point': False,
    'can_set_password': False,
    'requires_keypair': False,
    'enable_quotas': True
}
OPENSTACK_CINDER_FEATURES = {
    'enable_backup': False,
}
OPENSTACK_NEUTRON_NETWORK = {
    'enable_router': False,
    'enable_quotas': False,
    'enable_distributed_router': False,
    'enable_ha_router': False,
    'enable_lb': False,
    'enable_firewall': False,
    'enable_vpn': False,
    'enable_fip_topology_check': False,
    'supported_vnic_types': ['*'],
    'physical_networks': [],
}
OPENSTACK_HEAT_STACK = {
    'enable_user_pass': True,
}
IMAGE_CUSTOM_PROPERTY_TITLES = {
    "architecture": _("Architecture"),
    "kernel_id": _("Kernel ID"),
    "ramdisk_id": _("Ramdisk ID"),
    "image_state": _("Euca2ools state"),
    "project_id": _("Project ID"),
    "image_type": _("Image Type"),
}
IMAGE_RESERVED_CUSTOM_PROPERTIES = []
API_RESULT_LIMIT = 1000
API_RESULT_PAGE_SIZE = 20
SWIFT_FILE_TRANSFER_CHUNK_SIZE = 512 * 1024
INSTANCE_LOG_LENGTH = 35
DROPDOWN_MAX_ITEMS = 30
TIME_ZONE = "Asia/Shanghai"
POLICY_FILES_PATH = '/etc/openstack-dashboard'
LOGGING = {
    'version': 1,
    'disable_existing_loggers': False,
    'formatters': {
        'console': {
            'format': '%(levelname)s %(name)s %(message)s'
        },
        'operation': {
            'format': '%(message)s'
        },
    },
    'handlers': {
        'null': {
            'level': 'DEBUG',
            'class': 'logging.NullHandler',
        },
        'console': {
            'level': 'INFO',
            'class': 'logging.StreamHandler',
            'formatter': 'console',
        },
        'operation': {
            'level': 'INFO',
            'class': 'logging.StreamHandler',
            'formatter': 'operation',
        },
    },
    'loggers': {
        'horizon': {
            'handlers': ['console'],
            'level': 'DEBUG',
            'propagate': False,
        },
        'horizon.operation_log': {
            'handlers': ['operation'],
            'level': 'INFO',
            'propagate': False,
        },
        'openstack_dashboard': {
            'handlers': ['console'],
            'level': 'DEBUG',
            'propagate': False,
        },
        'novaclient': {
            'handlers': ['console'],
            'level': 'DEBUG',
            'propagate': False,
        },
        'cinderclient': {
            'handlers': ['console'],
            'level': 'DEBUG',
            'propagate': False,
        },
        'keystoneauth': {
            'handlers': ['console'],
            'level': 'DEBUG',
            'propagate': False,
        },
        'keystoneclient': {
            'handlers': ['console'],
            'level': 'DEBUG',
            'propagate': False,
        },
        'glanceclient': {
            'handlers': ['console'],
            'level': 'DEBUG',
            'propagate': False,
        },
        'neutronclient': {
            'handlers': ['console'],
            'level': 'DEBUG',
            'propagate': False,
        },
        'swiftclient': {
            'handlers': ['console'],
            'level': 'DEBUG',
            'propagate': False,
        },
        'oslo_policy': {
            'handlers': ['console'],
            'level': 'DEBUG',
            'propagate': False,
        },
        'openstack_auth': {
            'handlers': ['console'],
            'level': 'DEBUG',
            'propagate': False,
        },
        'nose.plugins.manager': {
            'handlers': ['console'],
            'level': 'DEBUG',
            'propagate': False,
        },
        'django': {
            'handlers': ['console'],
            'level': 'DEBUG',
            'propagate': False,
        },
        'django.db.backends': {
            'handlers': ['null'],
            'propagate': False,
        },
        'requests': {
            'handlers': ['null'],
            'propagate': False,
        },
        'urllib3': {
            'handlers': ['null'],
            'propagate': False,
        },
        'chardet.charsetprober': {
            'handlers': ['null'],
            'propagate': False,
        },
        'iso8601': {
            'handlers': ['null'],
            'propagate': False,
        },
        'scss': {
            'handlers': ['null'],
            'propagate': False,
        },
    },
}
SECURITY_GROUP_RULES = {
    'all_tcp': {
        'name': _('All TCP'),
        'ip_protocol': 'tcp',
        'from_port': '1',
        'to_port': '65535',
    },
    'all_udp': {
        'name': _('All UDP'),
        'ip_protocol': 'udp',
        'from_port': '1',
        'to_port': '65535',
    },
    'all_icmp': {
        'name': _('All ICMP'),
        'ip_protocol': 'icmp',
        'from_port': '-1',
        'to_port': '-1',
    },
    'ssh': {
        'name': 'SSH',
        'ip_protocol': 'tcp',
        'from_port': '22',
        'to_port': '22',
    },
    'smtp': {
        'name': 'SMTP',
        'ip_protocol': 'tcp',
        'from_port': '25',
        'to_port': '25',
    },
    'dns': {
        'name': 'DNS',
        'ip_protocol': 'tcp',
        'from_port': '53',
        'to_port': '53',
    },
    'http': {
        'name': 'HTTP',
        'ip_protocol': 'tcp',
        'from_port': '80',
        'to_port': '80',
    },
    'pop3': {
        'name': 'POP3',
        'ip_protocol': 'tcp',
        'from_port': '110',
        'to_port': '110',
    },
    'imap': {
        'name': 'IMAP',
        'ip_protocol': 'tcp',
        'from_port': '143',
        'to_port': '143',
    },
    'ldap': {
        'name': 'LDAP',
        'ip_protocol': 'tcp',
        'from_port': '389',
        'to_port': '389',
    },
    'https': {
        'name': 'HTTPS',
        'ip_protocol': 'tcp',
        'from_port': '443',
        'to_port': '443',
    },
    'smtps': {
        'name': 'SMTPS',
        'ip_protocol': 'tcp',
        'from_port': '465',
        'to_port': '465',
    },
    'imaps': {
        'name': 'IMAPS',
        'ip_protocol': 'tcp',
        'from_port': '993',
        'to_port': '993',
    },
    'pop3s': {
        'name': 'POP3S',
        'ip_protocol': 'tcp',
        'from_port': '995',
        'to_port': '995',
    },
    'ms_sql': {
        'name': 'MS SQL',
        'ip_protocol': 'tcp',
        'from_port': '1433',
        'to_port': '1433',
    },
    'mysql': {
        'name': 'MYSQL',
        'ip_protocol': 'tcp',
        'from_port': '3306',
        'to_port': '3306',
    },
    'rdp': {
        'name': 'RDP',
        'ip_protocol': 'tcp',
        'from_port': '3389',
        'to_port': '3389',
    },
}
REST_API_REQUIRED_SETTINGS = ['OPENSTACK_HYPERVISOR_FEATURES',
                              'LAUNCH_INSTANCE_DEFAULTS',
                              'OPENSTACK_IMAGE_FORMATS',
                              'OPENSTACK_KEYSTONE_DEFAULT_DOMAIN',
                              'CREATE_IMAGE_DEFAULTS',
                              'ENFORCE_PASSWORD_CHECK']
ALLOWED_PRIVATE_SUBNET_CIDR = {'ipv4': [], 'ipv6': []}
EOF

sed -i '1i\WSGIApplicationGroup %{GLOBAL}' /etc/httpd/conf.d/openstack-dashboard.conf
systemctl restart httpd.service memcached.service

执行

cd
./openstack-dashboard-install.sh

• 安装云平台web管理界面，安装成功后通过浏览器访问，并使用admin登录dashboard。

2.企业级应用系统集群部署与管理

项目背景：

现A公司需完成构建企业级网站集群项目，要求给出一个企业级中小规模网站集群的架构解决方案。

要求整套架构从需求出发，以生产实战为标准，作出具体的IP地址规划、主机名规划、服务部署及目录结构规划等，并对每一个集群节点要部署的应用做细致设计，并最终完成整个项目的搭建。

1）节点IP地址及主机名规划

对集群中各节点的IP地址、主机名，必要的域名、VIP等作出详细规划。（以表格形式呈现）

节点名称	IP 地址	角色说明	域名
dns-ftp	172.16.19.101	DNS + FTP	-
web-apache	172.16.19.102	Apache HTTPS	web.zaxcloud.com, bbs.zaxcloud.com
lb	172.16.19.103	Nginx + Keepalived（主）	-
lb2	172.16.19.109	Nginx + Keepalived（备）	-
web1	172.16.19.104	LNMP Web 节点（权重 5）	-
web2-nfs	172.16.19.105	LNMP Web 节点 + NFS（权重 10）	-
db-master	172.16.19.106	MySQL 主库	-
db-slave	172.16.19.107	MySQL 从库	-
mycat	172.16.19.108	Mycat 中间件	-
VIP	172.16.19.100	虚拟 IP	wordpress.zaxcloud.com

2）完成集群服务器搭建

要求给出详细的配置过程文档，包括配置代码，测试验证过程及结果返回截图。关于各服务器实现功能要求如下：

（1）为了实现域名解析，须构建一台DNS服务器，使用户可以通过域名访问apache服务器及LNMP web服务器集群。

（2）该公司为了实现文件的传输和资源共享，需要搭建一台FTP服务器，基于服务器的性能和安全考虑，不允许匿名用户登录并要求将登录用户锁定在自己的家目录中，服务器开启日志功能，设置无任何操作的超时时间为5分钟，设置数据连接的超时时间为10分钟，该FTP服务器允许的最大连接数为5000，每个IP地址允许与FTP服务器同时建立15个连接，限制本地用户所能使用的最大传输速度为512KB/s。

（3）为了对外宣传，搭建一台web服务器，搭载公司门户网及论坛。分别申请的域名为web.A.com和bbs.A.com。该Web服务器只有一个IP地址。并要求通过https协议访问网站。

（4）部署高可用、具有负载均衡功能的LNMP web服务器集群，构建wordpress博客系统。后端数据库为主从复制、读写分离分布式架构，NFS服务器作为静态资源共享存储，在本例中，请将./wordpress/wp-admin/images目录存放在NFS共享目录中并共享给web服务器。两台LNMP web服务器权重分别为5和10。

部署步骤

基础配置

# 停止防火墙服务
systemctl stop firewalld
# 禁止防火墙开机自启
systemctl disable firewalld
#临时关闭selinux
setenforce 0
#永久关闭
vim /etc/selinux/config
SELINUX=disabled 
#或
sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config

#配置yum源
mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup
curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo

#安装基础工具
yum install -y vim wget net-tools

DNS服务器部署

• 安装bind软件

yum install bind bind-utils -y

• 配置主要配置文件

vim /etc/named.conf

options {
        listen-on port 53 { any; };
        directory       "/var/named";
        allow-query     { any; };

• 配置区域文件

vim /etc/named.rfc1912.zones

zone "zaxcloud.com" IN {
    type master;
    file "zaxcloud.com.zone";
    allow-update { none; };
};

• 创建正向解析文件

vim /var/named/zaxcloud.com.zone

$TTL 86400
@ IN SOA ns1.zaxcloud.com. admin.zaxcloud.com. (
    2023010101 ; Serial
    3600        ; Refresh
    1800        ; Retry
    604800      ; Expire
    86400       ; Minimum TTL
)
@ IN NS ns1.zaxcloud.com.
ns1 IN A 172.16.19.101
web IN A 172.16.19.102
bbs IN A 172.16.19.102
wordpress IN A 172.16.19.100

• 启动服务

systemctl start named
systemctl enable named

FTP服务器部署

• 安装vsftpd

yum install vsftpd -y

• 配置FTP服务器

mv /etc/vsftpd/vsftpd.conf /etc/vsftpd/vsftpd.conf.bak

vim /etc/vsftpd/vsftpd.conf 
anonymous_enable=NO

#无任何操作的超时
idle_session_timeout=300
#数据连接的超时时间
data_connection_timeout=600
#允许的最大连接数
max_clients=5000
#每个IP地址允许与FTP服务器同时建立
max_per_ip=15
#限制本地用户所能使用的最大传输速度
local_max_rate=524288

• 创建虚拟用户设置权限

useradd -s /sbin/nologin -d /var/ftp/user1 user1
passwd user1

mkdir /var/ftp/user1
touch /var/ftp/user1/test.txt
chown -R user1:user1 /var/ftp/user1
chmod -R 755 /var/ftp/user1

echo "/sbin/nologin" >> /etc/shells

• 启动服务

systemctl start vsftpd
systemctl enable vsftpd
systemctl status vsftpd

web服务器

• 安装Apache

yum install httpd mod_ssl -y

获取SSL证书

• CA配置

# 创建CA主目录及子目录（private存私钥、certs存证书、csr存请求文件、newcerts存签发后的证书副本）
mkdir -p ~/my_ca/{private,certs,csr,newcerts}

# 设置private目录权限为“仅当前用户可读/写”（私钥是敏感文件，必须限制权限）
chmod 700 ~/my_ca/private

# 初始化CA证书数据库（记录所有签发过的证书，后续可查询）
touch ~/my_ca/index.txt

# 初始化证书序列号（签发的第一个证书序号为01，后续自动递增）
echo 01 > ~/my_ca/serial

#创建自签 CA 根证书
#生成 CA 根私钥
openssl genrsa -out my_ca/private/ca.key 2048

#生成 CA 自签根证书
openssl req -new -x509 -days 3650 -key my_ca/private/ca.key -out my_ca/certs/ca.crt

CN
sichuan
Chengdu
zaxcloud
CA
zaxcloud CA Root
admin@zaxcloud.com

#创建 CA 签发配置文件
vim my_ca/ca.cnf

[ca]
default_ca = myca  # 指定默认CA配置段

[myca]
dir = /root/my_ca       # CA工作目录
certs = $dir/certs  # CA根证书存放路径
crl_dir = $dir/crl  # 吊销列表存放路径（暂用不到）
database = $dir/index.txt  # 证书数据库文件
new_certs_dir = $dir/newcerts  # 签发后的证书副本存放路径
certificate = $dir/certs/ca.crt  # CA根证书路径
serial = $dir/serial  # 证书序列号文件
private_key = $dir/private/ca.key  # CA私钥路径
RANDFILE = $dir/private/.rand  # 随机数文件（自动生成）
default_days = 365  # 签发的证书有效期（1年）
default_md = sha256  # 哈希算法（安全标准）
policy = myca_policy  # 证书信息匹配规则
x509_extensions = usr_cert  # 证书扩展配置段（定义证书用途）

[myca_policy]
countryName = match  # 要求域名证书的“国家”与CA根证书一致
stateOrProvinceName = match  # 要求“省份”与CA根证书一致
organizationName = match  # 要求“组织名”与CA根证书一致
organizationalUnitName = optional  # “部门名”可选（可自定义）
commonName = supplied  # 必须提供“通用名（域名）”
emailAddress = optional  # “邮箱”可选

[usr_cert]
basicConstraints = CA:FALSE  # 禁止该证书再签发其他证书（仅CA根证书可签发）
keyUsage = digitalSignature, keyEncipherment  # 证书用途：数字签名、密钥加密
extendedKeyUsage = serverAuth  # 扩展用途：服务器身份认证（HTTPS用）
subjectKeyIdentifier = hash  # 生成主题密钥标识
authorityKeyIdentifier = keyid,issuer  # 生成颁发者密钥标识（关联CA根证书）

• web.zaxcloud.com

#生成 web 域名的私钥
openssl genrsa -out ~/my_ca/private/web.zaxcloud.com.key 2048

#生成 web 域名的证书请求
openssl req -new -key ~/my_ca/private/web.zaxcloud.com.key -out ~/my_ca/csr/web.zaxcloud.com.csr

#前四个必须和ca保持一致
CN
sichuan
Chengdu
zaxcloud
web-service
web.zaxcloud.com
admin@zaxcloud.com

#用 CA 根证书签发 web 域名的正式证书
openssl ca -config ~/my_ca/ca.cnf -in ~/my_ca/csr/web.zaxcloud.com.csr -out ~/my_ca/certs/web.zaxcloud.com.crt

y
y

• bbs.zaxcloud.com

#生成 bbs 域名的私钥
openssl genrsa -out ~/my_ca/private/bbs.zaxcloud.com.key 2048

##生成 bbs 域名的证书请求
openssl req -new -key ~/my_ca/private/bbs.zaxcloud.com.key -out ~/my_ca/csr/bbs.zaxcloud.com.csr

#前四个必须和ca保持一致
CN
sichuan
Chengdu
zaxcloud
bbs-service
bbs.zaxcloud.com
admin@zaxcloud.com

#用 CA 根证书签发 bbs 域名的正式证书
openssl ca -config ~/my_ca/ca.cnf -in ~/my_ca/csr/bbs.zaxcloud.com.csr -out ~/my_ca/certs/bbs.zaxcloud.com.crt

y
y

• 移动证书

mkdir -pv /etc/httpd/ssl
cp ~/my_ca/certs/web.zaxcloud.com.crt /etc/httpd/ssl/
cp ~/my_ca/private/web.zaxcloud.com.key /etc/httpd/ssl/
cp ~/my_ca/certs/bbs.zaxcloud.com.crt /etc/httpd/ssl/
cp ~/my_ca/private/bbs.zaxcloud.com.key /etc/httpd/ssl/

配置虚拟主机

• 配置/etc/httpd/conf.d/web.conf

vim /etc/httpd/conf.d/web.conf

<VirtualHost *:80>
    ServerName web.zaxcloud.com
    Redirect permanent / https://web.zaxcloud.com/
</VirtualHost>

<VirtualHost *:443>
    ServerName web.zaxcloud.com
    DocumentRoot "/var/www/html/web"
    SSLEngine on
    SSLCertificateFile "/etc/httpd/ssl/web.zaxcloud.com.crt"
    SSLCertificateKeyFile "/etc/httpd/ssl/web.zaxcloud.com.key"
</VirtualHost>

<VirtualHost *:80>
    ServerName bbs.zaxcloud.com
    Redirect permanent / https://bbs.zaxcloud.com/
</VirtualHost>

<VirtualHost *:443>
    ServerName bbs.zaxcloud.com
    DocumentRoot "/var/www/html/bbs"
    SSLEngine on
    SSLCertificateFile "/etc/httpd/ssl/bbs.zaxcloud.com.crt"
    SSLCertificateKeyFile "/etc/httpd/ssl/bbs.zaxcloud.com.key"
</VirtualHost>

• 搭建门户网站

mkdir /var/www/html/web 
#修改主配置文件的目录和索引文件
vim /etc/httpd/conf/httpd.conf

systemctl start httpd
systemctl enable httpd
systemctl status httpd

#网上随便下载一个静态网站上传到/var/www/html/web
ls /var/www/html/web/

• 搭建论坛网站

#安装需要的服务
yum install -y php php-mysql mariadb mariadb-server

systemctl start mariadb
systemctl enable mariadb
#初始化数据库
mysql_secure_installation
y
n
y
y
#设置数据库权限
mysql -uroot  -p000000
grant all privileges on *.* to root@'%' identified by "000000"; 
flush privileges; 

#创建网站目录，并设置权限 
mkdir /var/www/html/bbs
cd /var/www/html/bbs
#上传 解压文件
yum install -y unzip
unzip lamp-Discuz_X3.4_SC_GBK_20191201.zip
cp -r upload/* . 
chmod -R 777 /var/www/html/bbs
systemctl restart httpd

nfs服务器

• 安装nfs

yum install nfs-utils rpcbind -y

• 配置共享目录

mkdir -p /usr/share/nginx/html/wordpress/wp-admin/images

• 编辑/etc/exports

vim /etc/exports

/usr/share/nginx/html/wordpress *(rw,sync,no_subtree_check)

• 启动服务

systemctl start rpcbind
systemctl start nfs-server
systemctl enable rpcbind
systemctl enable nfs-server

# 刷新NFS配置  
exportfs -a  
exportfs -rv

mysql主从

• 基础配置

# 关闭防火墙
systemctl stop firewalld
systemctl disable firewalld

# 关闭SELinux
sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
setenforce 0

• 添加hosts文件

echo -e "172.16.19.106    db-master\n172.16.19.107    db-slave\n172.16.19.108    mycat" | sudo tee -a /etc/hosts > /dev/null

• 安装服务

yum install -y mariadb mariadb-server 

• 初始化数据库

systemctl start mariadb
systemctl enable mariadb
mysql_secure_installation 
#回车> y >输入密码> y n y y 

• 配置主从库

#主库的基础配置
vim /etc/my.cnf 
server-id=106
log-bin=mysql-bin
binlog-format=ROW
innodb_file_per_table=1
character-set-server=utf8

#从库也是相同的操作了id改成自己ip的主机数
vim /etc/my.cnf

server-id=107
relay-log=mysqld-relay-bin
log-slave-updates=1
read-only=1
innodb_file_per_table=1
character-set-server=utf8
#两台都重新启动
systemctl restart mariadb

• 开放主从库的权限

mysql -uroot -p000000
#授权在任何都可以 root 用户登录到数据库(两台)
grant all privileges on *.* to root@'%' identified by '000000'; 
#主库还有创建一个供从库连接的账号
-- 创建新复制用户
CREATE USER 'user1'@'%' IDENTIFIED BY '000000';
-- 授予复制权限
GRANT ALL PRIVILEGES ON wordpress.* TO 'user1'@'%' IDENTIFIED BY '000000';

FLUSH PRIVILEGES;

• 同步节点

#主库查看File 和 Position值
SHOW MASTER STATUS;

mariadb-bin.000001 |      245

#从库执行
CHANGE MASTER TO
  MASTER_HOST='db-master',
  MASTER_USER='user1',
  MASTER_PASSWORD='000000',
  MASTER_LOG_FILE='mysql-bin.000001',
  MASTER_LOG_POS=682; 
 
 -- 启动同步
START SLAVE;

-- 检查状态
SHOW SLAVE STATUS\G

Mycat读写分离

• 安装mycat服务

# Mycat需要Java环境
yum install -y java java-devel   
yum install -y mariadb-server mariadb

#添加hosts内容
echo -e "172.16.19.106    db-master\n172.16.19.107    db-slave\n172.16.19.108    mycat" | sudo tee -a /etc/hosts > /dev/null

#上传安装包并解压
tar -zxvf Mycat-server-1.6-RELEASE-20161028204710-linux.tar.gz -C /usr/local/

#更改权限
chown -R 777 /usr/local/mycat/

#添加系统变量
echo export MYCAT_HOME=/usr/local/mycat/ >> /etc/profile
source /etc/profile

• 编写逻辑库配置文件

cp /usr/local/mycat/conf/schema.xml /usr/local/mycat/conf/schema.xml.bak

cat >/usr/local/mycat/conf/schema.xml << EOF
<?xml version="1.0"?>
<!DOCTYPE mycat:schema SYSTEM "schema.dtd">
<mycat:schema xmlns:mycat="http://io.mycat/">
    <!-- WordPress 逻辑数据库 -->
    <schema name="wordpress" checkSQLschema="false" sqlMaxLimit="100">
        <!-- % 匹配所有表，路由到同一节点（小站点最优） -->
        <table name="wp_%" dataNode="dn_wordpress" autoIncrement="true" />
    </schema>

    <!-- 数据节点配置 -->
    <dataNode name="dn_wordpress" dataHost="host_wordpress" database="wordpress"/>

    <!-- 数据主机配置（读写分离：正确格式） -->
    <dataHost name="host_wordpress" maxCon="1000" minCon="10" balance="1"
              writeType="0" dbType="mysql" dbDriver="native">
        <heartbeat>select user()</heartbeat>
        <!-- 主库：writeHost（写请求路由到这里） -->
        <writeHost host="master" url="db-master:3306" user="root" password="000000">
            <!-- 从库：readHost（嵌套在 writeHost 内，读请求路由到这里） -->
            <readHost host="slave" url="db-slave:3306" user="root" password="000000"/>
        </writeHost>
    </dataHost>
</mycat:schema>
EOF

• 主库创建 WordPress 数据库

CREATE DATABASE wordpress;
FLUSH PRIVILEGES;

• mycat的访问用户(server.xml)

vim /usr/local/mycat/conf/server.xml
#找到 <root> 标签段落，改动密码和数据库
<user name="root">
                <property name="password">000000</property>
                <property name="schemas">wordpress</property>


#找到 <user> 标签段落，改成wp-config.php中一样的
<user name="user1"> <!-- 这里的name要和wp-config.php里的DB_USER一致 -->
    <property name="password">000000</property> <!-- 这里的password要和wp-config.php里的DB_PASSWORD一致 -->
    <property name="schemas">wordpress</property> <!-- 这里的schemas要和schema.xml里定义的逻辑库名一致 -->
</user>

• 启动mycat

/bin/bash  /usr/local/mycat/bin/mycat start

# 检查启动状态
netstat -ntlp | grep 8066  # Mycat默认端口

lb

• 安装服务

curl -o /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
yum install nginx keepalived -y

• 配置 Nginx 负载均衡

vim /etc/nginx/nginx.conf

upstream wordpress {
    server 172.16.19.104 weight=5;
    server 172.16.19.105 weight=10;
}

server {
    listen 80;
    server_name wordpress.zaxcloud.com;

    location / {
        proxy_pass http://wordpress;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}

• 配置 Keepalived 高可用（上面配置完可以在复制一台改为lb2）

vim /etc/keepalived/keepalived.conf
#lb修改配置文件同有以下内容
vrrp_instance VI_1 {
    state MASTER  # 主节点为 MASTER，备节点为 BACKUP
    interface ens33  # 替换成你服务器实际的网卡名（用 ip addr 查看）
    virtual_router_id 51  # 虚拟路由 ID，主备节点必须相同（范围 0-255）
    priority 100  # 优先级，主节点数值高于备节点（如备节点设为 90）
    advert_int 1  # VRRP 通告间隔，1秒

    # 认证配置（主备节点必须一致）
    authentication {
        auth_type PASS
        auth_pass 1111
    }

    # 虚拟 IP（VIP），必须指定，且是未被占用的 IP，主备节点一致
    virtual_ipaddress {
        172.16.19.100/24 dev ens33  # 替换成你的网段和网卡名
    }
}

#lb2
vrrp_instance VI_1 {
    state BACKUP
    interface eth33
    virtual_router_id 51
    priority 50
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        172.16.19.100/24 dev ens33
    }
}

• 启动服务

systemctl start nginx keepalived
systemctl enable nginx keepalived

web1和web2-nfs

WordPress

• 安装LNMP环境

#安装Nginx、PHP-FPM、MySQL客户端
curl -o /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
yum install -y nginx php-fpm php-mysqlnd

# 启动并设置开机自启
systemctl start nginx php-fpm
systemctl enable nginx php-fpm

• 配置Nginx虚拟主机

vim /etc/nginx/conf.d/wordpress.conf

server {
    listen 80;
    server_name wordpress.zaxcloud.com;

    root /usr/share/nginx/html/wordpress;
    index index.php index.html index.htm;

    access_log /var/log/nginx/wordpress_access.log;
    error_log /var/log/nginx/wordpress_error.log;

    location / {
        try_files $uri $uri/ /index.php?$args;
    }

    location ~ \.php$ {
        fastcgi_pass 127.0.0.1:9000;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
        
        # PHP性能调优参数
        fastcgi_buffer_size 128k;
        fastcgi_buffers 4 256k;
        fastcgi_busy_buffers_size 256k;
        fastcgi_temp_file_write_size 256k;
        fastcgi_intercept_errors on;
    }

    # 静态资源缓存设置（可选）
    location ~* \.(jpg|jpeg|png|gif|ico|css|js)$ {
        expires 7d;
        add_header Cache-Control "public, no-transform";
    } 
}

• 配置PHP-FPM

vim /etc/php-fpm.d/www.conf
#把user和group改成nginx

• 安装WordPress网站

#创建目录
mkdir -p /usr/share/nginx/html/wordpress  
chown -R nginx:nginx /usr/share/nginx/html/wordpress
cd /usr/share/nginx/html/wordpress
#上传后解压给予权限
tar -zxvf lnmp-wordpress-5.0.3-zh_CN.tar.gz 
mv wordpress/* . 
chmod -R 777  /usr/share/nginx/html/wordpress

• 修改WordPress配置文件 wp-config.php

cp  /usr/share/nginx/html/wordpress/wp-config-sample.php /usr/share/nginx/html/wordpress/wp-config.php

vim /usr/share/nginx/html/wordpress/wp-config.php
#要适配配置数据库当时设置的

/** 数据库名称 */  
define('DB_NAME', 'wordpress');  

/** 数据库用户名 */  
define('DB_USER', 'user1');  

/** 数据库密码 */  
define('DB_PASSWORD', '000000');  

/** 数据库主机 */  
define('DB_HOST', '172.16.19.108:8066'); // 指向Mycat中间件IP  

/** 数据库编码 */  
define('DB_CHARSET', 'utf8');  

systemctl restart nginx php-fpm

nfs服务器

• 安装nfs

yum install nfs-utils rpcbind -y

• 配置共享目录

#已有可以不创建
mkdir -p /usr/share/nginx/html/wordpress/wp-admin/images

• 编辑/etc/exports

vim /etc/exports

/usr/share/nginx/html/wordpress *(rw,sync,no_subtree_check)

• 启动服务

systemctl start rpcbind
systemctl start nfs-server
systemctl enable rpcbind
systemctl enable nfs-server

# 刷新NFS配置  
exportfs -a  
exportfs -rv

nfs配置

#必须在location ～ \.php$之前定义此规则

#配置web2-nfs的Nginx
vim /etc/nginx/conf.d/wordpress.conf

    location ~ ^/wp-admin/images/(.+)$ {
        alias /usr/share/nginx/html/wordpress/wp-admin/images/$1;
        add_header X-Content-Type-Options nosniff;
        add_header X-Frame-Options SAMEORIGIN;
    }

#重启服务
systemctl restart nginx php-fpm

wordpress安装

• web2-nfs

先把wp-config.php文件中的数据库主机改成主库，创建成功后改回来

测试

dns

ftp

• 匿名用户登录

• 测试上传、下载、创建目录权限(win)

ftp 172.16.19.101

pwd
mkdir test
put D:\test11.txt
ls
get test.txt

web

• web.zaxcloud.com站点

• bbs.zaxcloud.com站点

lnmp

• 读写分离

mysql -h127.0.0.1 -P9066 -uuser1 -p000000 -e "show @@datasource;"

• wordpress.zaxcloud.com站点