OracleCloud个人使用案例指导
注册OracleCloud后,个人建站前的一些准备
注册
免费范围
云数据库
实例Instance
ssh连接
#!/bin/bash
echo root:Mm@19890425 |sudo chpasswd root
sudo sed -i ‘s/PermitRootLogin no/PermitRootLogin yes/g’ /etc/ssh/sshd_config;
sudo sed -i ‘s/PasswordAuthentication no/PasswordAuthentication yes/g’ /etc/ssh/sshd_config;
sudo service sshd restart
echo root:Mm@20190601 |sudo chpasswd root
systemctl restart sshd
新建用户
groupadd wangcw
useradd trojan -m -g wangcw -s /bin/bash -d /home/trojan
passwd trojan
/sbin/usermod -aG sudo trojan
vim /etc/sudoers
trojan ALL=(ALL) ALL
useradd wangjin -m -g wangcw -s /bin/bash -d /home/wangjin
passwd wangjin
userdel -rZ trojan
防火墙设置
systemctl unmask firewalld #执行命令,即可实现取消服务的锁定
systemctl mask firewalld # 下次需要锁定该服务时执行
systemctl start firewalld.service #启动防火墙
systemctl stop firewalld.service #停止防火墙
systemctl reloadt firewalld.service #重载配置
systemctl restart firewalld.service #重启服务
systemctl status firewalld.service #显示服务的状态
systemctl enable firewalld.service #在开机时启用服务
systemctl disable firewalld.service #在开机时禁用服务
systemctl is-enabled firewalld.service #查看服务是否开机启动
systemctl list-unit-files|grep enabled #查看已启动的服务列表
systemctl –failed #查看启动失败的服务列表
firewall-cmd
firewall-cmd –state #查看防火墙状态
firewall-cmd –reload #更新防火墙规则
firewall-cmd –state #查看防火墙状态
firewall-cmd –reload #重载防火墙规则
firewall-cmd –list-ports #查看所有打开的端口
firewall-cmd –list-services #查看所有允许的服务
firewall-cmd –get-services #获取所有支持的服务
#区域相关
firewall-cmd –list-all-zones #查看所有区域信息
firewall-cmd –get-active-zones #查看活动区域信息
firewall-cmd –set-default-zone=public #设置public为默认区域
firewall-cmd –get-default-zone #查看默认区域信息
firewall-cmd –zone=public –add-interface=eth0 #将接口eth0加入区域public
#接口相关
firewall-cmd –zone=public –remove-interface=eth0 #从区域public中删除接口eth0
firewall-cmd –zone=default –change-interface=eth0 #修改接口eth0所属区域为default
firewall-cmd –get-zone-of-interface=eth0 #查看接口eth0所属区域
#端口控制
firewall-cmd –add-port=80/tcp –permanent #永久添加80端口例外(全局)
firewall-cmd –remove-port=80/tcp –permanent #永久删除80端口例外(全局)
firewall-cmd –add-port=65001-65010/tcp –permanent #永久增加65001-65010例外(全局)
firewall-cmd –zone=public –add-port=80/tcp –permanent #永久添加80端口例外(区域public)
firewall-cmd –zone=public –remove-port=80/tcp –permanent #永久删除80端口例外(区域public)
firewall-cmd –zone=public –add-port=65001-65010/tcp –permanent #永久增加65001-65010例外(区域public)
firewall-cmd –query-port=8080/tcp # 查询端口是否开放
firewall-cmd –permanent –add-port=80/tcp # 开放80端口
firewall-cmd –permanent –remove-port=8080/tcp # 移除端口
firewall-cmd –reload #重启防火墙(修改配置后要重启防火墙)
改用iptables.service
yum install iptables-services #安装iptables
systemctl stop firewalld.service #停止firewalld
systemctl mask firewalld.service #禁止自动和手动启动firewalld
systemctl start iptables.service #启动iptables
systemctl start ip6tables.service #启动ip6tables
systemctl enable iptables.service #设置iptables自启动
systemctl enable ip6tables.service #设置ip6tables自启动
firewall-cmd –add-port=80/tcp –permanent
firewall-cmd –add-port=443/tcp –permanent
firewall-cmd –add-port=8080/tcp –permanent
firewall-cmd –add-port=8024/tcp –permanent
firewall-cmd –add-port=27017/tcp –permanent
存储
附赠数据盘挂载
lsblk
fdisk /dev/sdb
n
p
#1
t
#1
8e
w
fdisk -l
pvcreate /dev/sdb1
pvdisplay /dev/sdb1 -v
pvs
vgcreate lvm_wangjin /dev/sdb1
vgdisplay lvm_wangjin -v
vgs
vgrename lvm_wangjin vg_wangjin
vgscan
lvcreate -L 49.5G -n lv_wangjin vg_wangjin
lvdisplay
lvs
lvscan
mkfs.ext4 /dev/vg_wangjin/lv_wangjin
mkdir /app
mount /dev/mapper/vg_wangjin-lv_wangjin /app
vim /etc/fstab
/dev/mapper/vg_wangjin-lv_wangjin /app ext4 defaults 0 0
umount /app
lvremove
vgremove
pvremove
附赠免费对象存储(object storage)挂载
使用这个小工具
https://github.com/s3fs-fuse/s3fs-fuse
wget https://download-ib01.fedoraproject.org/pub/epel/8/Everything/x86_64/Packages/s/s3fs-fuse-1.91-1.el8.x86_64.rpm
sudo dnf install fuse
sudo dnf install compat-openssl11
rpm -ivh s3fs-fuse-1.91-1.el8.x86_64.rpm
API鉴权密码
/etc/passwd-s3fs
接口地址
https://docs.oracle.com/en-us/iaas/api/#/en/s3objectstorage/20160918/
挂载
s3fs filewong /objectstorage -o passwd_file=/etc/passwd-s3fs -o url=https://cnggzacz1yx9.compat.objectstorage.ap-seoul-1.oraclecloud.com/ -o use_path_request_style
测试
touch test.txt 界面查看
开机挂载
vim /etc/fstab # 这个不好使
vim /etc/rc.local
s3fs filewong /objectstorage -o passwd_file=/etc/passwd-s3fs -o url=https://cnggzacz1yx9.compat.objectstorage.ap-seoul-1.oraclecloud.com/ -o use_path_request_style
负载均衡
网络
白名单设置
API-OCI Cli
Oracle OCI重新验证
Try out your newly registered credentials with the following example command:
oci iam region list –config-file C:\Users\王存伟.oci\config –profile DEFAULT
$T for a tenancy OCID
$C for a compartment OCID
T=ocid1.tenancy.oc1..xxx
C=ocid1.compartment.oc1..xxx
OCI 获取namespace
oci os ns get
查看租户信息
oci iam compartment list -c ocid1.tenancy.oc1..
获取网络
oci network vcn list -c ocid1.tenancy.oc1..
白名单
oci network security-list list -c ocid1.tenancy.oc1..
创建防火墙 Gateway
oci network internet-gateway create -c
Route Table
oci network route-table list -h, oci network route-table update -h
oci network route-table list -c
oci network route-table update –rt-id
WARNING: Updates to route-rules will replace any existing values. Are you sure you want to continue? [y/N]: y
查看计算实例
oci compute instance list -c ocid1.tenancy.oc1..
列出 Bucuet
oci os bucket list -ns picwonng –compartment-id $C
oci os bucket list -ns picwonng -c ocid1.compartment.oc1..
To list users and limit the output, run the following command.
oci iam user list –compartment-id $T –limit 5
To add a user to a group, run the following command.
oci iam group add-user –user-id ocid1.user.oc1..
oci compute image list -c ocid1.compartment.oc1.. –output table –query “data [*].{ImageName:"display-name", OCID:id}”