一、d2 安装之后的配置

centos系统安装后的基本配置:

1.常用软件安装:

yum install -y bash-completion vim lrzsz wget expect net-tools nc nmap tree dos2unix htop iftop iotop unzip telnet sl psmisc nethogs glances bc

2.主机名和网络

 hostnamectl set-hostname python3
 echo "10.0.0.100 python3">>/etc/hosts


3.关闭防火墙
iptables -L
iptables -F
systemctl disable firewalld


[root@python3 ~]# getenforce 
Enforcing
[root@python3 ~]# setenforce 0
[root@python3 ~]# getenforce 
[root@python3 ~]# vim /etc/selinux/config 



Linux命令

命令的基本构成

命令体    选项      参数(对象)
ls        -l        /var

参数:文件
文件类型:
d :目录
f :普通文件
l :链接
b :块设备,磁盘 光驱
c :字符设备
p :管道
s :套接字

命令提示符:

[root@oldboy ~]#   
[oldguo@oldboy ~]$


常用快捷键(bash shell支持的快捷键)

ctrl + c  cancel 取消当前的操作 
ctrl + l  (小写字母L)  clear(命令)
ctrl + d  退出当前用户 
ctrl + r查找(历史命令)。 history|grep
[TAB]:
    1.命令补全
    2.参数补全



了解一下:
ctrl + a  把光标移动到行首 
ctrl + e  把光标移动到行尾
ctrl+ u  把光标到行首的内容删除/剪切 
ctrl + y  粘贴 
delete    光标所在处从前往后删除内容
ctrl + k  把光标到行尾的内容删除/剪切 
ctrl + →  向右移动一个单词 
ctrl + ←  向左移动一个单词

ctrl + s  锁屏 
ctrl + q  解锁


获取帮助
--help
man
info


关机重启

reboot 
poweroff

============================
linux命令分类

1.针对不同文件的管理命令
1.1 目录
FHS 文件系统层次化标准
绝对路径:从"/"开始一个具体路径
相对路径:从当前目录开始的具体路径(pwd可以查看当前所在目录)        
/3层/oldboy/教室3 
/3层/oldboy/教室2

1.1.1 创建目录:
mkdir /oldboy 
mkdir -p /a/b/c
1.1.2 查询目录
ls -ld /oldboy 
tree /a 
tree -L 2 /
1.1.3 删除目录(危险)
rm -rf /oldboy  
通过文件句柄,有可能可以找回丢失数据(前提:不能重启,不能有大量数据写入)
1.1.4 修改目录(剪切,复制)
mv /root/oldboy/ /tmp
mv /root/oldguo/ /tmp/oldguo.bak
mv oldboy old

cp -r /tmp/old /
cp -a 

1.1.5 切换目录

cd /
cd /oldboy
cd  oldboy 
cd .. 
cd -
cd 


小技巧:
[root@python3 tmp]# mkdir a{1..10}
[root@python3 tmp]# mkdir dir{a..f}
[root@python3 tmp]# ls -ld dir*
[root@python3 tmp]# rm -rf dir*


1.2 普通文件
1.2.0 种类
ASCII TEXT:纯文本文件(操作最多的)
LSB Exe:二进制的可执行文件(命令,程序)
压缩文件:zip tar  gz  bz2   cpio  iso
二进制数据文件:
等.
1.2.1 文件创建
touch a.txt 

1.2.2 文件删除
rm -rf a.txt

1.2.3 文件查看
ls -l a.txt    看文件属性

(1)小文件内容查看
cat /etc/passwd
cat /etc/passwd /etc/shadow
cat -n /etc/passwd 

(2)分页显示大文件内容
more /var/log/secure
less /var/log/secure 

(3)文件前多少行
head /etc/passwd
 head -n3 /etc/passwd
 head -3 /etc/passwd
(4)文件后多少行
tail -2 /etc/passwd
tail -f /var/log/secure

1.2.4 剪切 复制

mv 命令和目录的操作一样
cp 命令和目录的区别不需要加-r (加上也不报错)

1.2.5 内容修改
重定向 
>   覆盖重定向
cat /etc/passwd >a.txt
>>  追加重定向
cat /etc/passwd >>a.txt
echo "10.0.0.100 python3" >>/etc/hosts

vim 编辑器

命令模式:初始模式

vim passwd 
功能: 
1.查看文件内容
    上下左右光标移动
    page up  page down翻页
    G 光标到达最后一行
    1G 光标到达第一行(gg)
    10G 第10行
    ^ 光标到达行首
    $ 光标到达行尾
    / 搜索关键字
    yy 复制光标所在行
    Nyy 复制N行
    dd  删除/剪切
    Ndd 删除/剪切N行
    p  粘贴
    x(del) 删除光标所在字符
    dG  删除光标到文本末尾
    d$  从光标删除到行尾,包括贯标所在字符
    d^  从光标删除到行首,不包括光标所在字符
    r   替换光标所在字符
    ZZ  保存退出
    u   撤销上次操作
    
编辑模式:
a :在光标之后录入数据
i :在光标之前录入数据
o :在光标下一行开启新行录入数据
A
I
O
ESC 

小技巧:每编辑完一行就ESC,退回到命令模式


末行模式
:q!
:wq!
:set nu  
:set nonu
:%s/root/ROOT/g


链接(快捷方式)

ln -s passwd passwd.lnk



ls  
ls -l  
ls -ld
ls -al 
ls -ltr



2. 磁盘   和    文件系统
2.1 企业级磁盘类型
SAS    
    容量  :900G   
        主机版
        存储版
    转速:15K  
    品牌:IBM HDS EMC
    缓存:
    接口速度:16Gb
SSD: 
Sata3
PCI-E 
Flash盘

2.2 文件系统
方便用户使用和管理磁盘硬件的,辅助系统(Filesystem)
Linux文件系统类型:
    ext2
    ext3 
    ext4
    XFS

2.3 文件系统管理
    
[root@python3 ~]# ls -l /dev/sd*
brw-rw---- 1 root disk 8,  0 Jan  3 15:28 /dev/sda
brw-rw---- 1 root disk 8,  1 Jan  3 15:28 /dev/sda1
brw-rw---- 1 root disk 8,  2 Jan  3 15:28 /dev/sda2
brw-rw---- 1 root disk 8, 16 Jan  3 15:28 /dev/sdb
[root@python3 ~]# fdisk -l
    
2.3.1 分区
    fdisk   /dev/sdb 
    m
    n
    p 
    w 
2.3.2 格式化成文件系统(XFS)
    mkfs.xfs /dev/sdb1 
    
2.3.3 挂载设备
mkdir /data
mount /dev/sdb1 /data    
    
2.3.4 查看挂载的磁盘使用情况

df -h


2.3.5 自动挂载文件系统
vim /etc/fstab
/dev/sdb1    /data    xfs    defaults    0 0 

使用UUID更加安全
UUID=9fb2ec36-6a60-4394-9bfa-369261844d56 /data xfs defaults 0 0


Raid
功能特性:
    1.将多块磁盘合并成一块磁盘,提供更大的存储空间
    2.可以提供更高的IO能力
    3.数据物理层面的高安全


Raid的工作级别    :
raid0:条带化功能,性能极高,安全性和单盘一样
至少两块盘,理论上盘越多性能越高

raid1:镜像功能,性能没有明显提升,安全性高.    
    浪费一半空间

raid10:镜像+条带化 ,至少四快盘,性能和安全兼顾
浪费一般空间    

raid5:带有校验功能的条带化    
存储数据时,根据数据计算校验值,存储到第三块盘.
写入性能较低
读数据性能较高
至少三快盘,只允许一块盘损坏,浪费1/n的磁盘空间

适合于读多写少的场景    



3.用户,组,权限

3.1 用户的作用
    登录系统
    管理系统对象

3.2 用户的定义
    用户名(uid),密码,家目录(/home/oldboy),家目录下会有环境变量文件等.
    每个用户都必须有一个工作组,创建时没指定,自动创建一个同名的组
3.3 组
    组名字,GID

3.4 用户和组的管理
    组的管理:
groupadd -g 1001 dev 
groupadd -g 1002 sa
groupadd -g 1003 dba
tail -3 /etc/group
dev:x:1001:
sa:x:1002:
dba:x:1003:

groupdel dba
groupmod -g 10086 dev
用户的管理:
useradd -u 10011 -g dev oldguo
id oldguo
passwd oldguo
su - oldboy
userdel -r oldboy
usermod -u 3000 oldguo


权限:
权限是作用在文件上的属性.

普通权限的规划:
    r   4
    w   2 
    x   1

rw-     r--       r--               root         root             passwd


               目录                                 文件
r               ls                                  cat more    ,vim
w              目录下的修改                            vim   > 
x              目录下所有操作都依赖于x              可执行程序

rwxr-xr-x
chmod -R  755 /data 
chwon -R oldguo:dev /data
chmod -R 755 /data
chown -R oldguo:dev /data



4.程序管理
ps -ef|grep mysql 
kill 1234
kill -9 1234
pkill mysqld

yum install -y httpd

[root@python3 ~]# systemctl start httpd
[root@python3 ~]# systemctl restart httpd
[root@python3 ~]# systemctl stop  httpd
[root@python3 ~]# systemctl restart httpd



5.网络管理
ip a 
ifconfig 
ping 
vim /etc/sysconfig/network-scripts/ifcfg-eth0 
systemctl restart network
View Code

二、d3 环境搭建

经典互联网架构


昨天补充:
查看已启动服务的端口
netstat -tulnp |grep 80
ss -tulnp|grep 80


前期铺垫:

1. Linux要能上网
2. 掌握Linux软件包安装方法
2.1 rpm包管理
 2.1.1 光盘挂载
 mount /dev/cdrom /mnt
 cd  /mnt
 ls
2.1.2 安装rpm包
rpm -ivh vsftpd-3.0.2-22.el7.x86_64.rpm
rpm -Uvh vsftpd-3.0.2-22.el7.x86_64.rpm
2.13 卸载rpm
rpm -e vsftpd-3.0.2-22.el7.x86_64

2.1.4 rpm包的查询
[root@python3 ~]# rpm -q vsftpd
vsftpd-3.0.2-22.el7.x86_64
[root@python3 ~]# rpm -q vsftp
package vsftp is not installed
[root@python3 ~]# 
[root@python3 ~]# rpm -qa |grep vsf
[root@python3 ~]# which vim
/usr/bin/vim
[root@python3 ~]# rpm -qf /usr/bin/vim

**2.1.5 额外补充

A   ---->   B   ---> C

A BC   B  DF   F AC

rpm  -ivh  a b c d e f


2.2 yum 使用
 2.2.1 使用aliyun yum站点源
    Base源
    cd /etc/yum.repos.d/
    mv *.repo /tmp
    wget http://mirrors.aliyun.com/repo/Centos-7.repo
    
    EPEL源
    yum install -y epel-release
    
2.2.2 使用yum安装软件
    yum install -y openssl openssl-devel 

2.2.3 软件包查询及组安装
yum list |grep vsftpd
yum grouplist
yum groupinstall "Development Tools"

2.2.4 卸载软件包
yum remove 



2.2.5 优化yum源
(1)本地镜像yum源(光盘挂载到/mnt下)
[local]
name=localios
baseurl=file:///mnt
gpgcheck=0

yum clean all
yum install -y vsftpd

(2)局域网yum源(ftp)
1.安装ftp软件
yum install -y vsftpd
2.启动ftp服务
[root@python3 ~]# systemctl start vsftpd
[root@python3 ~]# systemctl enable  vsftpd

3.创建站点目录,并将光盘软件拷贝其中
[root@python3 ~]# cp -a /mnt/*  /var/ftp/pub/centos7

4.生成ftp站点的yum源配置文件
[ftp]
name=centos7
baseurl=ftp://10.0.0.100/pub/centos7
gpgcheck=0


5.安装软件测试
 yum install openssl-devel bzip2-devel expat-devel gdbm-devel readline-devel sqlite-devel gcc gcc-c++  openssl-devel zlib zlib-devel -y


2.3 源码包应用

2.3.1 解压
.zip 
unzip  xxx.zip
.tar 
.tar.gz 
.tgz
.tar.bz2 
.tar.xz
tar xf  xxx.tar
.iso
mount -o loop xxx.iso  /test
.cpio
cpio -idcmv < xxx.cpio

2.3.2 源码包安装
确认已经安装
    yum install gcc*
    yum install -y openssl*

(1)python3.6源码包安装
    ./configure       ------> 定制功能
     make
     make install
     
mysql 源码包
    cmake
    make 
    make install
  
(2) redis 源码包安装 
    make

修改环境变量
vim /etc/profile

添加以下一行:
export PATH=/opt/redis-3.2.10/src:$PATH

生效配置
source /etc/profile


(3) 让python链接redis

unzip redis-py-master.zip 
cd redis-py-master
python3 setup.py install


对redis的单实例进行连接操作
python3
>>>import redis
>>>r = redis.StrictRedis(host='localhost', port=6379)
>>>r.set('name', 'oldguo')
True
>>>r.get('name')
'oldguo'


3. 二进制包(mysql5.7.20)

3.1 解压及制作软连接
tar xf mysql-5.7.20-linux-glibc2.12-x86_64.tar.gz
ln -s mysql-5.7.20-linux-glibc2.12-x86_64 mysql

3.2 编辑环境变量
vim  /etc/profile
添加以下一行:
export PATH=/opt/mysql/bin:$PATH

生效配置:
source /etc/profile

3.3 卸载自带mariadb
yum remove mariadb-libs

3.4 生成配置文件(/etc/my.cnf)
vim /etc/my.cnf
[mysqld]
basedir=/opt/mysql
datadir=/opt/mysql/data
socket=/tmp/mysql.sock
user=mysql
log_error=/var/log/mysql.log
log_bin=/opt/mysql/data/mysql-bin
server_id=100
[mysql]
socket=/tmp/mysql.sock

3.5 创建用户和数据目录,并授权
useradd mysql 
mkdir  /opt/mysql/data 
chown -R mysql.mysql /opt/mysql


3.6 初始化数据

[root@python3 ~]# mysqld --initialize-insecure --basedir=/opt/mysql --datadir=/opt/mysql/data --user=mysql
2019-01-04T03:58:03.128958Z 0 [Warning] TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details).
2019-01-04T03:58:03.142436Z 0 [ERROR] Could not open file '/var/log/mysql.log' for error logging: Permission denied
2019-01-04T03:58:03.142492Z 0 [ERROR] Aborting

报错解决:
touch /var/log/mysql.log 
chown -R mysql.mysql /var/log/mysql.log


再次初始化:
mysqld --initialize-insecure --basedir=/opt/mysql --datadir=/opt/mysql/data --user=mysql


3.7 启动mysql 
cd /opt/mysql/support-files
./mysql.server start

cp mysql.server /etc/init.d/mysqld

/etc/init.d/mysqld restart


扩展:使用systemctl 管理mysql
vim /etc/systemd/system/mysqld.service

[Unit]
Description=MySQL Server
Documentation=man:mysqld(8)
Documentation=http://dev.mysql.com/doc/refman/en/using-systemd.html
After=network.target
After=syslog.target

[Install]
WantedBy=multi-user.target
[Service]
User=mysql
Group=mysql
ExecStart=/opt/mysql/bin/mysqld --defaults-file=/etc/my.cnf
LimitNOFILE = 5000


systemctl restart mysqld

netstat -tulnp |grep 3306


3.8 测试python3链接mysql

创建mysql链接用户

grant all on *.* to root@'10.0.0.%' identified by '123';
create database bbs charset utf8;

python代码测试:

pip3 install --upgrade pip
pip3 install pymysql

vim testmysql.py
#!/usr/bin/python3
import pymysql
db = pymysql.connect("10.0.0.100","root","123","bbs" )
cursor = db.cursor()
cursor.execute("SELECT VERSION()")
data = cursor.fetchone()
print ("Database version : %s " % data)
db.close()

python3  testmysql.py 



4.经典互联网架构项目(LNMP)

LNMPT =  Linux  Nginx  MySQL  PHP  
LNMPJ =  Linux  Nginx  MySQL  PHP 


LNMP架构环境部署
1) 使用官方Nginx yum源

[root@nginx ~]# vim /etc/yum.repos.d/nginx.repo 
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/7/$basearch/
gpgcheck=0
enabled=1

#安装Nginx
[root@nginx ~]# yum install nginx -y
2) 启动Nginx,并将Nginx加入开机自启

systemctl start nginx
systemctl enable nginx
3) 使用第三方扩展源安装php7.1

 rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
 rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm

[root@nginx ~]# yum remove php-mysql-5.4 php php-fpm php-common
[root@nginx ~]#  vim  /etc/yum.repos.d/php.repo
[php]
name = php Repository
baseurl = http://us-east.repo.webtatic.com/yum/el7/x86_64/
gpgcheck = 0

[root@nginx ~]# yum -y install php71w php71w-cli php71w-common php71w-devel php71w-embedded php71w-gd php71w-mcrypt php71w-mbstring php71w-pdo php71w-xml php71w-fpm php71w-mysqlnd php71w-opcache php71w-pecl-memcached php71w-pecl-redis php71w-pecl-mongodb
3) 配置php-fpm用户与Nginx的运行用户保持一致

[root@nginx ~]# sed -i '/^user/c user = www' /etc/php-fpm.d/www.conf 
[root@nginx ~]# sed -i '/^group/c group = www' /etc/php-fpm.d/www.conf
4) 启动php-fpm,并将其加入开机自启

[root@nginx ~]# systemctl start php-fpm
[root@nginx ~]# systemctl enable php-fpm
5) 安装mysql数据库

[root@nginx ~]# mysqladmin password '123'
[root@nginx ~]# mysql -uroot -p123
2.LNMP架构环境配置


vim   /etc/nginx/conf.d/php.conf 
server {
        server_name 10.0.0.12;
        listen 80;
        root /code/wordpress;
        index index.php index.html;

        location ~ \.php$ {
            root /code/bbs;
            fastcgi_pass   127.0.0.1:9000;
            fastcgi_index  index.php;
            fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
            include        fastcgi_params;
        }
}










LNMuWSGI+redis
d3

django.txt

django项目:


依赖包
[root@web01 ~]# yum install openssl-devel bzip2-devel expat-devel gdbm-devel readline-devel sqlite-devel gcc gcc-c++  openssl-devel zlib zlib-devel -y

1.安装python3
[root@web01 ~]# wget https://www.python.org/ftp/python/3.7.2/Python-3.7.2.tgz
[root@web01 ~]# tar xf Python-3.6.2.tgz
[root@web01 ~]# cd Python-3.6.2/
[root@web01 Python-3.6.2]# ./configure --prefix=/usr/local/
[root@web01 Python-3.6.2]# make && make install
[root@web01 Python-3.6.2]# ./configure && make && make install


2.安装Django框架和uwsgi

vim  re.txt
asn1crypto==0.24.0
beautifulsoup4==4.6.3
bs4==0.0.1
certifi==2018.4.16
cffi==1.11.5
chardet==3.0.4
Click==7.0
cryptography==2.3.1
Django==1.11.9
Flask==1.0.2
Flask-Cors==3.0.6
gevent==1.3.6
greenlet==0.4.15
idna==2.7
ItsDangerous==1.1.0
Jinja2==2.10
lxml==4.2.6
MarkupSafe==1.0
numpy==1.15.3
Pillow==5.3.0
pycparser==2.18
PyMySQL==0.9.2
pytz==2018.7
requests==2.19.1
selenium==3.141.0
six==1.11.0
urllib3==1.23
virtualenv==16.1.0
Werkzeug==0.14.1
wordcloud==1.5.0


pip3 install -i https://pypi.doubanio.com/simple/ -r re.txt
pip3 install -i https://pypi.doubanio.com/simple/ uwsgi




3.测试uwsgi是否正常,新建 test.py文件,内容如下:
[root@web01 ~]# vim test.py
def application(env, start_response):
    start_response('200 OK', [('Content-Type','text/html')])
    return [b"Hello Django"]

    
#然后在终端运行: 
uwsgi --http :8001 --wsgi-file test.py &


4.测试django是否正常,运行:
[root@web01 ~]# django-admin.py startproject demosite
[root@web01 ~]# cd demosite
[root@web01 demosite]# python3 manage.py runserver 0.0.0.0:8002
在浏览器内输入:http://127.0.0.1:8002,检查django是否运行正常。


5.配置uwsgi
[root@web01 demosite]# vim /root/demosite/uwsgi.ini
[uwsgi]
socket = 127.0.0.1:9999
master = true
workers = 2
max-requests = 1000
buffer-size = 30000
pidfile = /run/uwsgi.pid
daemonize = /var/log/uwsgi.log

uwsgi --ini /root/demosite/uwsgi.ini &


6.配置Nginx
[root@web01 demosite]# vim /etc/nginx/conf.d/py.conf
server {
    listen 80;
    server_name 10.0.0.100;
    client_max_body_size 100M;

    location / {
        index index.html;
        include uwsgi_params;
        uwsgi_pass 127.0.0.1:9999;
        uwsgi_param UWSGI_SCRIPT demosite.wsgi;
        uwsgi_param UWSGI_CHDIR /root/demosite;
    }
}

重启nginx
View Code

django项目.txt

[root@web01 BBS]# cat /etc/nginx/conf.d/py.conf
server {
listen 80;
server_name py.test.com;
client_max_body_size 100M;

location  /static {
alias /code/BBS/static/;
}

location /media {
alias /code/BBS/media;
}

location / {
index index.html;
include uwsgi_params;
uwsgi_pass 127.0.0.1:9090;
#uwsgi_param UWSGI_SCRIPT demosite.wsgi;
#uwsgi_param UWSGI_CHDIR /root/demosite;
uwsgi_param UWSGI_SCRIPT BBS.wsgi;
uwsgi_param UWSGI_CHDIR /code/BBS;
}


vim  re.txt
asn1crypto==0.24.0
beautifulsoup4==4.6.3
bs4==0.0.1
certifi==2018.4.16
cffi==1.11.5
chardet==3.0.4
Click==7.0
cryptography==2.3.1
Django==1.11.9
Flask==1.0.2
Flask-Cors==3.0.6
gevent==1.3.6
greenlet==0.4.15
idna==2.7
ItsDangerous==1.1.0
Jinja2==2.10
lxml==4.2.6
MarkupSafe==1.0
numpy==1.15.3
Pillow==5.3.0
pycparser==2.18
PyMySQL==0.9.2
pytz==2018.7
requests==2.19.1
selenium==3.141.0
six==1.11.0
urllib3==1.23
virtualenv==16.1.0
Werkzeug==0.14.1
wordcloud==1.5.0


pip3 install -i https://pypi.doubanio.com/simple/ -r re.txt




[root@web01 BBS]# cat uwsgi.ini
[uwsgi]
socket = 127.0.0.1:9090
master = true
workers = 2
reload-mercy = 10
vacuum = true
max-requests = 1000
limit-as = 512
buffer-size = 30000

uwsgi - - ini uwsgi.ini
View Code

lnmp.txt

LNMP架构环境部署
1) 使用官方仓库安装Nginx

[root@nginx ~]# vim etc/yum.repos.d/nginx.repo 
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/7/$basearch/
gpgcheck=0
enabled=1

#安装Nginx
[root@nginx ~]# yum install nginx -y
2) 启动Nginx,并将Nginx加入开机自启

[root@nginx ~]# systemctl start nginx
[root@nginx ~]# systemctl enable nginx
3) 使用第三方扩展源安装php7.1

 rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
 rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm

[root@nginx ~]# yum remove php-mysql-5.4 php php-fpm php-common
[root@nginx ~]#  /etc/yum.repos.d/php.repo
[php]
name = php Repository
baseurl = http://us-east.repo.webtatic.com/yum/el7/x86_64/
gpgcheck = 0

[root@nginx ~]# yum -y install php71w php71w-cli php71w-common php71w-devel php71w-embedded php71w-gd php71w-mcrypt php71w-mbstring php71w-pdo php71w-xml php71w-fpm php71w-mysqlnd php71w-opcache php71w-pecl-memcached php71w-pecl-redis php71w-pecl-mongodb
3) 配置php-fpm用户与Nginx的运行用户保持一致

[root@nginx ~]# sed -i '/^user/c user = www' /etc/php-fpm.d/www.conf 
[root@nginx ~]# sed -i '/^group/c group = www' /etc/php-fpm.d/www.conf
4) 启动php-fpm,并将其加入开机自启

[root@nginx ~]# systemctl start php-fpm
[root@nginx ~]# systemctl enable php-fpm
5) 安装mysql数据库

[root@nginx ~]# mysqladmin password '123'
[root@nginx ~]# mysql -uroot -p123
2.LNMP架构环境配置


vim   /etc/nginx/conf.d/php.conf 
server {
        server_name 10.0.0.12;
        listen 80;
        root /code/wordpress;
        index index.php index.html;

        location ~ \.php$ {
            root /code/bbs;
            fastcgi_pass   127.0.0.1:9000;
            fastcgi_index  index.php;
            fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
            include        fastcgi_params;
        }
}



yum -y groupinstall "Development tools"
yum install openssl-devel bzip2-devel expat-devel gdbm-devel readline-devel sqlite-devel



pip3 install django
pip3 install uwsgi



cat test.py 
def application(env, start_response):
  start_response('200 OK', [('Content-Type','text/html')])
  return [b"Hello Django"]
  
  
uwsgi --http :8888 --wsgi-file test.py  




[root@web01 code]# cat /code/BBS/uwsgi.ini
[uwsgi]
socket = 127.0.0.1:9090
#chdir = /code/BBS/BBS
workers = 2
max-requests = 1000
buffer-size = 30000
pidfile = /run/uwsgi.pid
daemonize = /var/log/uwsgi.log


[root@web01 code]# cat /etc/nginx/conf.d/py.conf
server {
    listen 80;
    server_name py.test.com;
    index index.html;
    client_max_body_size 100M;

    location / {
        include uwsgi_params;
        uwsgi_pass 127.0.0.1:9090;
        uwsgi_param UWSGI_SCRIPT BBS.wsgi;
        uwsgi_param UWSGI_CHDIR /code/BBS;
    }
}




django-admin.py startproject mysite
python3 manage.py startapp blog
vim /code/mysite/mysite/settings.py
在INSTALLED_APPS 列表里添加'blog'APP
修改ALLOWED_HOSTS,['*'],可以让任何IP访问
TEMPLATES里添加模板路径os.path.join(BASE_DIR, 'templates')



尾部添加

STATICFILES_DIRS = (
    os.path.join(BASE_DIR,'static'),
    )

vim /code/mysite/templates/index.html
View Code

三。d4测试django并且使用ansible

LNM+Python Django+uwsgi+redis项目

0.安装项目中需要的包
pip3 install -i https://pypi.doubanio.com/simple/ -r re.txt

vim  re.txt
asn1crypto==0.24.0
beautifulsoup4==4.6.3
bs4==0.0.1
certifi==2018.4.16
cffi==1.11.5
chardet==3.0.4
Click==7.0
cryptography==2.3.1
Django==1.11.9
Flask==1.0.2
Flask-Cors==3.0.6
gevent==1.3.6
greenlet==0.4.15
idna==2.7
ItsDangerous==1.1.0
Jinja2==2.10
lxml==4.2.6
MarkupSafe==1.0
numpy==1.15.3
Pillow==5.3.0
pycparser==2.18
PyMySQL==0.9.2
pytz==2018.7
requests==2.19.1
selenium==3.141.0
six==1.11.0
urllib3==1.23
virtualenv==16.1.0
Werkzeug==0.14.1
wordcloud==1.5.0





1.数据库的处理
1.1 上传bbs.sql 
1.2 在mysql中创建bbs库,并导入数据库SQL脚本
mysql> create database bbs charset utf8mb4;
mysql> use bbs
mysql> source /opt/bbs.sql
mysql> drop database bbs;


1.3 查看项目settings.py配置文件,修改以下两处

ALLOWED_HOSTS = ['*']

DATABASES = {
    'default': {
        'ENGINE': 'django.db.backends.mysql',
        'NAME': 'bbs',
        'HOST': "10.0.0.100",
        'USER': 'root',
        'PASSWORD': '123',
        'PORT': 3306,
    }


MySQL用户的定义

USERNAME@'白名单'

白名单: 主机域IP地址

root@'localhost'
root@'10.0.0.110'
root@'10.0.0.%'
root@'10.0.0.0/255.255.240.0'
root@'10.0.0.5%'
root@'%'
    
grant all     
grant select,update,insert
    

    
DATABASES = {
    'default': {
        'ENGINE': 'django.db.backends.mysql',
        'NAME': 'bbs',
        'HOST': "10.0.0.100",
        'USER': 'bbs',
        'PASSWORD': '123',
        'PORT': 3306,
    }
}
    



2. BBS项目部署

2.1 配置Nginx
[root@web01 BBS]# vim /etc/nginx/conf.d/py.conf
server {
listen 80;
server_name 10.0.0.100;
client_max_body_size 100M;

location  /static {
alias /opt/BBS/static/;
}

location /media {
alias /opt/BBS/media;
}

location / {
index index.html;
include uwsgi_params;
uwsgi_pass 127.0.0.1:9090;
uwsgi_param UWSGI_SCRIPT BBS.wsgi;
uwsgi_param UWSGI_CHDIR /opt/BBS;
}
}

2.2 配置uwsgi
关闭所有已有的uwsgi进程
kill -9 `ps -ef |grep uwsgi|awk {'print $2'}`

[root@web01 BBS]# vim  uwsgi.ini
[uwsgi]
socket = 127.0.0.1:9090
master = true
workers = 2
reload-mercy = 10
vacuum = true
max-requests = 1000
limit-as = 512
buffer-size = 30000

启动uwsgi
uwsgi --ini uwsgi.ini &

重启nginx
systemctl restart nginx

==================
Python 在运维工作中的经典应用

ansible

1.安装ansible
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
yum install ansible -y
      
    
克隆虚拟机

hostnamectl set-hostname standby

vim /etc/sysconfig/network-scripts/ifcfg-eth0
IPADDR=10.0.0.200
UUID行删掉

vim /etc/hosts
10.0.0.200 standby
systemctl restart network


+++++++++++++++++++++++++++++++
Linux的 SSHD(22)
验证方式:
(1)用户+密码(PAM)
(2)秘钥验证(公钥:钥匙和私钥:锁)
    通过秘钥对实现,需要将公钥分发到各节点
+++++++++++++++++++++++++++++++
2.管理被控端,管理机先生成秘钥,然后推送公钥

ssh-keygen
ssh-copy-id -i ~/.ssh/id_rsa.pub root@10.0.0.200

[root@demo ~]# for i in {1..12};do ssh-copy-id -i ~/.ssh/id_rsa.pub root@10.0.0.$i;done



3.配置被管理的主机清单
[root@demo ~]# vim /etc/ansible/hosts
[web]
10.0.0.100
10.0.0.200

4.使用ansible的ad-hoc测试
[root@demo ~]# ansible all -m ping
10.0.0.12 | SUCCESS => {
    "changed": false, 
    "ping": "pong"
}
10.0.0.11 | SUCCESS => {
    "changed": false, 
    "ping": "pong"
}

#执行远程命令
[root@demo ~]# ansible all -m shell -a "df -h"
10.0.0.12 | CHANGED | rc=0 >>
Filesystem      Size  Used Avail Use% Mounted on
/dev/sda3        98G  3.4G   95G   4% /
devtmpfs        477M     0  477M   0% /dev
tmpfs           488M     0  488M   0% /dev/shm
tmpfs           488M  7.7M  480M   2% /run
tmpfs           488M     0  488M   0% /sys/fs/cgroup
/dev/sda1       197M  102M   96M  52% /boot
tmpfs            98M     0   98M   0% /run/user/0

10.0.0.11 | CHANGED | rc=0 >>
Filesystem      Size  Used Avail Use% Mounted on
/dev/sda3        98G  1.6G   97G   2% /
devtmpfs        981M     0  981M   0% /dev
tmpfs           992M  124K  992M   1% /dev/shm
tmpfs           992M  9.6M  982M   1% /run
tmpfs           992M     0  992M   0% /sys/fs/cgroup
/dev/sda1       197M  102M   96M  52% /boot
tmpfs           199M     0  199M   0% /run/user/0


5.ansible playbook自动化安装nginx
[root@demo ~]# vim  playbook_nginx.yml 
- hosts: web
  remote_user: root
  vars:
    http_port: 80
  tasks:
    - name: Add Nginx Yum Repository
      yum_repository:
        name: nginx
        description: Nginx Repository
        baseurl: http://nginx.org/packages/centos/7/$basearch/
        gpgcheck: no

    - name: Install Nginx Server
      yum: 
        name=nginx state=present

    - name: Configure Nginx Server
      template: src=./default.conf.template dest=/etc/nginx/conf.d/default.conf
      notify: Restart Nginx Server

    - name: Start Nginx Server
      service: name=nginx state=started enabled=yes

  handlers:
    - name: Restart Nginx Server
      service: name=nginx state=restarted
      
     
     
6.
default.conf.template文件如下

[root@demo ~]#vim default.conf.template 
server {
    listen       {{ http_port }};
    server_name  localhost;

    location / {
        root   /usr/share/nginx/html;
        index  index.html index.htm;
    }
}


7.执行ansible-playbook
检查语法
[root@demo ~]# ansible-playbook --syntax playbook_nginx.yml     

模拟执行
[root@demo ~]# ansible-playbook -C playbook_nginx.yml 

执行
[root@demo ~]# ansible-playbook playbook_nginx.yml       

=============================================================

Docker容器技术

0、环境准备类:

curl  http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -o /etc/yum.repos.d/docker-ce.repo
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo


yum install -y yum-utils device-mapper-persistent-data lvm2


yum list docker-ce.x86_64 --showduplicates | sort -r


yum install -y --setopt=obsoletes=0 \
docker-ce-17.03.2.ce-1.el7.centos.x86_64 \
docker-ce-selinux-17.03.2.ce-1.el7.centos.noarch


systemctl daemon-reload
systemctl restart docker

docker version
docker  info


配置镜像加速


阿里云Docker-hub

https://cr.console.aliyun.com/cn-hangzhou/mirrors

mkdir -p /etc/docker

tee /etc/docker/daemon.json <<-'EOF'
{
   "registry-mirrors": ["https://68rmyzg7.mirror.aliyuncs.com"]
}
EOF      
      
      
或者:

vim   /etc/docker/daemon.json

    {
         "registry-mirrors": ["https://68rmyzg7.mirror.aliyuncs.com"]
    }


1. pull常用镜像
docker pull  centos:6.9
docker pull  centos:7.5.1804
docker pull  nginx



CPU   MEM   IO

OS  :  Kernel
View Code

ansible.txt

LNM+Python Django+uwsgi+redis项目

0.安装项目中需要的包
pip3 install -i https://pypi.doubanio.com/simple/ -r re.txt

vim  re.txt
asn1crypto==0.24.0
beautifulsoup4==4.6.3
bs4==0.0.1
certifi==2018.4.16
cffi==1.11.5
chardet==3.0.4
Click==7.0
cryptography==2.3.1
Django==1.11.9
Flask==1.0.2
Flask-Cors==3.0.6
gevent==1.3.6
greenlet==0.4.15
idna==2.7
ItsDangerous==1.1.0
Jinja2==2.10
lxml==4.2.6
MarkupSafe==1.0
numpy==1.15.3
Pillow==5.3.0
pycparser==2.18
PyMySQL==0.9.2
pytz==2018.7
requests==2.19.1
selenium==3.141.0
six==1.11.0
urllib3==1.23
virtualenv==16.1.0
Werkzeug==0.14.1
wordcloud==1.5.0





1.数据库的处理
1.1 上传bbs.sql 
1.2 在mysql中创建bbs库,并导入数据库SQL脚本
mysql> create database bbs charset utf8mb4;
mysql> use bbs
mysql> source /opt/bbs.sql
mysql> drop database bbs;


1.3 查看项目settings.py配置文件,修改以下两处

ALLOWED_HOSTS = ['*']

DATABASES = {
    'default': {
        'ENGINE': 'django.db.backends.mysql',
        'NAME': 'bbs',
        'HOST': "10.0.0.100",
        'USER': 'root',
        'PASSWORD': '123',
        'PORT': 3306,
    }


MySQL用户的定义

USERNAME@'白名单'

白名单: 主机域IP地址

root@'localhost'
root@'10.0.0.110'
root@'10.0.0.%'
root@'10.0.0.0/255.255.240.0'
root@'10.0.0.5%'
root@'%'
    
grant all     
grant select,update,insert
    

    
DATABASES = {
    'default': {
        'ENGINE': 'django.db.backends.mysql',
        'NAME': 'bbs',
        'HOST': "10.0.0.100",
        'USER': 'bbs',
        'PASSWORD': '123',
        'PORT': 3306,
    }
}
    



2. BBS项目部署

2.1 配置Nginx
[root@web01 BBS]# vim /etc/nginx/conf.d/py.conf
server {
listen 80;
server_name 10.0.0.100;
client_max_body_size 100M;

location  /static {
alias /opt/BBS/static/;
}

location /media {
alias /opt/BBS/media;
}

location / {
index index.html;
include uwsgi_params;
uwsgi_pass 127.0.0.1:9090;
uwsgi_param UWSGI_SCRIPT BBS.wsgi;
uwsgi_param UWSGI_CHDIR /opt/BBS;
}
}

2.2 配置uwsgi
关闭所有已有的uwsgi进程
kill -9 `ps -ef |grep uwsgi|awk {'print $2'}`

[root@web01 BBS]# vim  uwsgi.ini
[uwsgi]
socket = 127.0.0.1:9090
master = true
workers = 2
reload-mercy = 10
vacuum = true
max-requests = 1000
limit-as = 512
buffer-size = 30000

启动uwsgi
uwsgi --ini uwsgi.ini &

重启nginx
systemctl restart nginx

==================
Python 在运维工作中的经典应用

ansible

1.安装ansible
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
yum install ansible -y
      
    
克隆虚拟机

hostnamectl set-hostname standby

vim /etc/sysconfig/network-scripts/ifcfg-eth0
IPADDR=10.0.0.200
UUID行删掉

vim /etc/hosts
10.0.0.200 standby
systemctl restart network


+++++++++++++++++++++++++++++++
Linux的 SSHD(22)
验证方式:
(1)用户+密码(PAM)
(2)秘钥验证(公钥:钥匙和私钥:锁)
    通过秘钥对实现,需要将公钥分发到各节点
+++++++++++++++++++++++++++++++
2.管理被控端,管理机先生成秘钥,然后推送公钥

ssh-keygen
ssh-copy-id -i ~/.ssh/id_rsa.pub root@10.0.0.200

[root@demo ~]# for i in {1..12};do ssh-copy-id -i ~/.ssh/id_rsa.pub root@10.0.0.$i;done



3.配置被管理的主机清单
[root@demo ~]# vim /etc/ansible/hosts
[web]
10.0.0.100
10.0.0.200

4.使用ansible的ad-hoc测试
[root@demo ~]# ansible all -m ping
10.0.0.12 | SUCCESS => {
    "changed": false, 
    "ping": "pong"
}
10.0.0.11 | SUCCESS => {
    "changed": false, 
    "ping": "pong"
}

#执行远程命令
[root@demo ~]# ansible all -m shell -a "df -h"
10.0.0.12 | CHANGED | rc=0 >>
Filesystem      Size  Used Avail Use% Mounted on
/dev/sda3        98G  3.4G   95G   4% /
devtmpfs        477M     0  477M   0% /dev
tmpfs           488M     0  488M   0% /dev/shm
tmpfs           488M  7.7M  480M   2% /run
tmpfs           488M     0  488M   0% /sys/fs/cgroup
/dev/sda1       197M  102M   96M  52% /boot
tmpfs            98M     0   98M   0% /run/user/0

10.0.0.11 | CHANGED | rc=0 >>
Filesystem      Size  Used Avail Use% Mounted on
/dev/sda3        98G  1.6G   97G   2% /
devtmpfs        981M     0  981M   0% /dev
tmpfs           992M  124K  992M   1% /dev/shm
tmpfs           992M  9.6M  982M   1% /run
tmpfs           992M     0  992M   0% /sys/fs/cgroup
/dev/sda1       197M  102M   96M  52% /boot
tmpfs           199M     0  199M   0% /run/user/0


5.ansible playbook自动化安装nginx
[root@demo ~]# vim  playbook_nginx.yml 
- hosts: web
  remote_user: root
  vars:
    http_port: 80
  tasks:
    - name: Add Nginx Yum Repository
      yum_repository:
        name: nginx
        description: Nginx Repository
        baseurl: http://nginx.org/packages/centos/7/$basearch/
        gpgcheck: no

    - name: Install Nginx Server
      yum: 
        name=nginx state=present

    - name: Configure Nginx Server
      template: src=./default.conf.template dest=/etc/nginx/conf.d/default.conf
      notify: Restart Nginx Server

    - name: Start Nginx Server
      service: name=nginx state=started enabled=yes

  handlers:
    - name: Restart Nginx Server
      service: name=nginx state=restarted
      
     
     
6.
default.conf.template文件如下

[root@demo ~]#vim default.conf.template 
server {
    listen       {{ http_port }};
    server_name  localhost;

    location / {
        root   /usr/share/nginx/html;
        index  index.html index.htm;
    }
}


7.执行ansible-playbook
检查语法
[root@demo ~]# ansible-playbook --syntax playbook_nginx.yml     

模拟执行
[root@demo ~]# ansible-playbook -C playbook_nginx.yml 

执行
[root@demo ~]# ansible-playbook playbook_nginx.yml       

=============================================================

Docker容器技术

0、环境准备类:

curl  http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -o /etc/yum.repos.d/docker-ce.repo
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo


yum install -y yum-utils device-mapper-persistent-data lvm2


yum list docker-ce.x86_64 --showduplicates | sort -r


yum install -y --setopt=obsoletes=0 \
docker-ce-17.03.2.ce-1.el7.centos.x86_64 \
docker-ce-selinux-17.03.2.ce-1.el7.centos.noarch


systemctl daemon-reload
systemctl restart docker

docker version
docker  info


配置镜像加速


阿里云Docker-hub

https://cr.console.aliyun.com/cn-hangzhou/mirrors

mkdir -p /etc/docker

tee /etc/docker/daemon.json <<-'EOF'
{
   "registry-mirrors": ["https://68rmyzg7.mirror.aliyuncs.com"]
}
EOF      
      
      
或者:

vim   /etc/docker/daemon.json

    {
         "registry-mirrors": ["https://68rmyzg7.mirror.aliyuncs.com"]
    }


1. pull常用镜像
docker pull  centos:6.9
docker pull  centos:7.5.1804
docker pull  nginx



CPU   MEM   IO

OS  :  Kernel

#进入centos环境
docker run -it centos:6.9
查看
cat /etc/redhat-release
View Code

四、d5 docker使用

设置下次开机启动
systemctl enable docker

systemctl start docker
ps -ef | grep docker
or
docker version



1. 镜像管理
    1.1 获取镜像
    docker search centos
    docker pull centos:6.9
    docker pull centos:7.5.1804
    docker pull nginx
    1.2 查询镜像
    docker images
    docker images -q 
    docker inspect ID/name:tag
    1.3 删除镜像
    docker rmi  ID 
    docker rmi `docker images -q`
    docker rmi $(docker images -q)
    
    1.4 导入导出镜像
    [root@docker ~]# docker image save nginx >/opt/nginx.tar.gz
    [root@docker ~]# docker image load -i /opt/nginx.tar.gz
    
    
    1.5 启动容器并获取镜像
    [root@docker ~]# docker  run -d -p 80:80 httpd
    [root@docker ~]# docker ps -a
    [root@docker ~]# docker images
    
    
    1.6 docker一步一步学习制作镜像
        语法:
        第一个镜像创建:
        docker ps -a 
        docker commit xxxxxx oldguo/wordpress:v1
        docker images 
    

制作镜像: centos7.5+vim+net-tools+iproute+sshd

1.启动新容器
docker run -it --name "centos7.5" 76d6bc25b8a5

2.优化yum源
mv /etc/yum.repos.d/*.repo /tmp
echo -e "[ftp]\nname=ftp\nbaseurl=ftp://10.0.0.100/pub/centos7\ngpgcheck=0">/etc/yum.repos.d/ftp.repo

3. 安装必须软件包

yum install -y vim net-tools  iproute   openssh-*   -y


4.启动SSHD

 mkdir /var/run/sshd
 echo 'UseDNS no' >> /etc/ssh/sshd_config
 sed -i -e '/pam_loginuid.so/d' /etc/pam.d/sshd
 echo 'root:123456' | chpasswd
 /usr/bin/ssh-keygen -A
 /usr/sbin/sshd -D 
 
 
 注意: 以上操作做完之后,会一直不退出,需要用以下命令退回到宿主机,并不关闭容器
 ctrl p  q

5.制作镜像
docker ps -a
docker commit centos7.5 oldguo/centos7_sshd:v2




## Centos7.5
[root@docker sshd]# vim  dockerfile 
FROM centos:7.5.1804
RUN mv /etc/yum.repos.d/*.repo /tmp
RUN echo -e "[ftp]\nname=ftp\nbaseurl=ftp://10.0.0.100/pub/centos7\ngpgcheck=0">/etc/yum.repos.d/ftp.repo
RUN yum install -y openssh-server
RUN yum install -y openssh-clients
RUN yum install net-tools* -y
RUN yum install iproute-* -y
RUN mkdir /var/run/sshd
RUN echo 'UseDNS no' >> /etc/ssh/sshd_config
RUN sed -i -e '/pam_loginuid.so/d' /etc/pam.d/sshd
RUN echo 'root:123456' | chpasswd
RUN /usr/bin/ssh-keygen -A
EXPOSE 22
CMD ["/usr/sbin/sshd", "-D"]

docker build -t "oldguo/centos7_sshd:v3" /opt/dockerfile


===========================================
2. 容器基本管理        
    2.0 容器的类型
        工具类:vim
             docker run -it --name="test_vim"  3fe2fe0dab2e /bin/bash
        服务类:nginx 
            docker run -d -p 8080:80 --name="discuz" nginx:1.14
            
            netstat -lnp| grep 8080
            docker ps -a
    2.1 容器的多类启动方式
     (1)交互式启动
     [root@docker ~]# docker run -it --name "testcentos" centos:6.9 /bin/bash
     主要是针对于工具类的容器,一旦exit容器,容器就自动关闭
     
     echo "<html><body><h1>HI,wudi</h1></body></html>" >index.html
     (2)守护式启动
      1.交互式启动容器+Ctrl+p+q
      [root@docker ~]# docker run  -it --name "testnginx" nginx /bin/bash
      加ctrl+p+q
        [root@docker ~]# docker attach testnginx
      2.死循环
     docker run  --name testnginx1  -d nginx /bin/sh -c "while true ;do echo hello world; sleep 1;done"
      3.服务前台运行
       sshd -D  
       nginx -g ""
  
       hang 夯住
      
    2.2 容器的常用管理命令
    docker ps -a  -q -l
    
    docker rm 容器ID|容器名称
    批量删除已关闭
    docker rm -v $(docker ps -aq -f status=exited)
    批量强制删除所有
    docker rm -f `docker ps -a –q`
    
    docker top nginx
    docker inspect nginx
    docker attach 容器ID|容器名称(工具类)配合ctrl+p+q
    docker exec  -i -t  容器ID|容器名称 /bin/bash(服务类),一般是做服务类容器调试用
    [root@docker ~]# docker exec -it  centos6.9   /bin/bash


    docker stop
    docker kill

    docker  start -i
    docker  restart 容器ID|容器名称

    
    
3. 数据卷的使用(持久化)


    

4.制作私有仓库

4.1 配置私有仓库

docker run -d -p 5000:5000 --restart=always --name registry -v /opt/Registry:/var/lib/registry  registry


vim /etc/docker/daemon.json

{
   "registry-mirrors": ["https://68rmyzg7.mirror.aliyuncs.com"],
   "insecure-registries": ["10.0.0.100:5000"]
}


systemctl  restart docker
    
    
    
4.2 使用本地镜像:
4.2.1 制作本地镜像并push到

[root@docker ~]# docker tag nginx 10.0.0.100:5000/oldguo/nginx:v1
[root@docker ~]# docker images
[root@docker ~]# docker push 10.0.0.100:5000/oldguo/nginx:v1

4.2.2 异地进行pull镜像
[root@docker ~]# docker pull  10.0.0.100:5000/oldguo/nginx:v1    
    
    


故障转移:(高可用)

1.主备系统

























    
    
    
    
    
    
    
      
      
      
View Code

k8s技术

1.快速部署K8S环境

k8s-m :10.0.0.11
k8s-n1 :10.0.0.12
k8s-n2 :10.0.0.13

2.所有节点安装docker环境及依赖
2.1 上传docker-k8s.zip软件到各节点/opt,并解压
2.2 进入目录进行安装
cd /opt/docker-k8s 
yum localinstall -y *.rpm

3.master端软件安装
3.1 上传k8s-master.zip到/opt,并解压 
3.2 进入目录并安装
cd /opt/k8s-master
yum localinstall -y *.rpm 


4.node节点软件安装
4.1 上传k8s-node到两个node节点/opt并解压
4.2 进入目录进行安装
cd /opt/k8s-node 
yum localinstall -y *.rpm





5.配置主节点ETCD
vim /etc/etcd/etcd.conf
ETCD_LISTEN_CLIENT_URLS="http://0.0.0.0:2379"
ETCD_ADVERTISE_CLIENT_URLS="http://10.0.0.11:2379"


重启服务并测试
 systemctl restart etcd.service
 systemctl enable etcd.service
 etcdctl set name oldguo
 etcdctl get name


6.配置Master节点
vim /etc/kubernetes/apiserver 
KUBE_API_ADDRESS="--insecure-bind-address=0.0.0.0"
KUBE_API_PORT="--port=8080"
KUBE_ETCD_SERVERS="--etcd-servers=http://10.0.0.11:2379"
KUBE_SERVICE_ADDRESSES="--service-cluster-ip-range=10.254.0.0/16"
KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ResourceQuota"


vim /etc/kubernetes/config


重启服务

systemctl enable kube-apiserver.service
systemctl start kube-apiserver.service
systemctl enable kube-controller-manager.service
systemctl start kube-controller-manager.service
systemctl enable kube-scheduler.service
systemctl start kube-scheduler.service


7.node节点配置

vim /etc/kubernetes/config 
KUBE_MASTER="--master=http://10.0.0.11:8080"


vim /etc/kubernetes/kubelet
KUBELET_ADDRESS="--address=10.0.0.12/13"
KUBELET_HOSTNAME="--hostname-override=10.0.0.12/13"
KUBELET_API_SERVER="--api-servers=http://10.0.0.11:8080"


重启服务

systemctl enable kubelet.service
systemctl start kubelet.service
systemctl enable kube-proxy.service
systemctl start kube-proxy.service



8.验证节点状态

[root@k8s-m ~]# kubectl get nodes

9.所有节点配置flannel网络

yum install flannel -y

sed -i 's#http://127.0.0.1:2379#http://10.0.0.11:2379#g' /etc/sysconfig/flanneld

etcdctl mk /atomic.io/network/config '{ "Network": "172.16.0.0/16" }'
etcdctl get /atomic.io/network/config 
{ "Network": "172.16.0.0/16" }


master节点:
systemctl enable flanneld.service 
systemctl start flanneld.service 
service docker restart
systemctl restart kube-apiserver.service
systemctl restart kube-controller-manager.service
systemctl restart kube-scheduler.service

ifconfig -a


node节点:
systemctl enable flanneld.service 
systemctl start flanneld.service 
service docker restart
systemctl restart kubelet.service
systemctl restart kube-proxy.service



10.配置master为镜像仓库
#master节点

vim /etc/sysconfig/docker
OPTIONS='--selinux-enabled --log-driver=journald --signature-verification=false --registry-mirror=https://registry.docker-cn.com --insecure-registry=10.0.0.11:5000'

systemctl restart docker

=======================================================================================================


配置本地register
docker tag nginx 10.0.0.11:5000/oldguo/nginx:v1 
docker run -d -p 5000:5000 --restart=always --name registry -v /opt/myregistry:/var/lib/registry  registry
docker push 10.0.0.11:5000/oldguo/nginx:v1


#node节点
vim /etc/sysconfig/docker
OPTIONS='--selinux-enabled --log-driver=journald --signature-verification=false --insecure-registry=10.0.0.11:5000'
systemctl restart docker

docker pull 10.0.0.11:5000/oldguo/nginx:v1

=====================================
二.k8s核心资源管理

1.PODS
1.1 创建
创建第一个pod
mkdir /opt/yml  -p 
cd /opt/yml
[root@k8s-m yml]# cat k8s_pod.yml 
apiVersion: v1
kind: Pod
metadata:
  name: nginx
  labels:
    app: web
spec:
  containers:
    - name: nginx
      image: 10.0.0.11:5000/oldguo/nginx:v1
      ports:
        - containerPort: 80
[root@k8s-m yml]# kubctl create -f k8s_pod.yml

1.2 查询
kubectl get pod
kubectl get pod -o wide
kubectl describe pod

报错:

++++++++++++++++++++++++++++++++++++++++
failed to "StartContainer" for "POD" with ErrImagePull: "image pull failed for registry.access.redhat.com/rhel7/pod-infrastructure:latest, this may be because there are no credentials on this request.  details: (open /etc/docker/certs.d/registry.access.redhat.com/redhat-ca.crt: no such file or directory)"
+++++++++++++++++++++++++++++++++++++++

registry.access.redhat.com/rhel7/pod-infrastructure:latest
++++++++++++++++++++++++++++++++++++++

解决:
master:上传准备好的容器为本地register(pod-infrastructure-latest.tar.gz)
[root@k8s-m opt]# docker load -i pod-infrastructure-latest.tar.gz 
[root@k8s-m opt]# docker images
[root@k8s-m opt]# docker tag docker.io/tianyebj/pod-infrastructure:latest 10.0.0.11:5000/oldguo/pod-infrastructure:latest
[root@k8s-m opt]# docker images
[root@k8s-m opt]# docker push 10.0.0.11:5000/oldguo/pod-infrastructure:latest

node:(所有node节点)
[root@k8s-n1 ~]# vim /etc/kubernetes/kubelet
KUBELET_POD_INFRA_CONTAINER="--pod-infra-container-image=10.0.0.11:5000/oldguo/pod-infrastructure:latest"

systemctl restart kubelet.service

1.3 删除
[root@k8s-m yml]# kubectl delete pod nginx

1.4 更新
master:
[root@k8s-m yml]# docker pull nginx
[root@k8s-m yml]# docker tag docker.io/nginx:latest 10.0.0.11:5000/oldguo/nginx:v2
[root@k8s-m yml]# docker push  10.0.0.11:5000/oldguo/nginx:v2
[root@k8s-m yml]# kubectl replace  --force -f k8s_pod.yml


2.RC(ReplicationController)

作用:高可用
master:
配置yml文件

vim k8s_nginx_rc.yml
apiVersion: v1
kind: ReplicationController
metadata:
  name: nginx
spec:
  replicas: 3
  selector:
    app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: 10.0.0.11:5000/oldguo/nginx:v1
        ports:
        - containerPort: 80

        
[root@k8s-m yml]# kubectl create -f k8s_nginx_rc.yml         
[root@k8s-m yml]# kubectl get  rc
[root@k8s-m yml]# kubectl delete   rc nginx


副本数增删
1.修改配置文件
vim k8s_nginx_rc.yml
[root@k8s-m yml]# kubectl replace  -f k8s_nginx_rc.yml
2.kubectl edit rc nginx
3.kubectl scale rc nginx --replicas=4


滚动升级及回滚:
cp k8s_nginx_rc.yml k8s_nginx1_rc.yml
kubectl rolling-update nginx -f k8s_nginx1_rc.yml  --update-period=10s

注:
升级出现问题时,升级过程中出现bug.使用以下命令回滚(前提是没有升级完)
[root@k8s-master ~]#  kubectl rolling-update nginx  nginx2 --rollback

回退方案即是相反操作即可。


3.Service
创建svc配置文件
vim k8s_nginx_svc.yml
apiVersion: v1
kind: Service
metadata:
  name: nginxsvc
spec:
  type: NodePort
  ports:
    - port: 80
      nodePort: 30001
  selector:
    app: nginx2

[root@k8s-m yml]# kubectl create -f k8s_nginx_svc.yml 
[root@k8s-m yml]# kubectl get svc
[root@k8s-m yml]# curl -I 10.0.0.13:30001
[root@k8s-m yml]# curl -I 10.0.0.12:30001



deployment资源管理:

vim  k8s_nginx_dev.yml

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: nginx
spec:
  replicas: 2
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: 10.0.0.11:5000/oldguo/nginx:v2
        ports:
        - containerPort: 80

[root@k8s-m yml]# kubectl create -f k8s_nginx_dev.yml
[root@k8s-m yml]# kubectl get deployment


deployment滚动升级
kubectl set image deployment/nginx nginx=10.0.0.11:5000/oldguo/nginx:v1

kubectl rollout undo deployment/nginx

实现自动pod伸缩
[root@k8s-m yml]# kubectl autoscale deployment nginx --min=2 --max=6 --cpu-percent=80
View Code