蓝鲸智云-采用腾讯云vps部署基础套餐平台

行云流水
2022-07-02 / 0 评论 / 341 阅读 / 正在检测是否收录...

资源准备

操作系统

服务器准备

模块分配

部署过程

系统初始化

# 获取安装脚本,并解压
mkdir -p /opt/soft/  && cd /opt/soft  && wget http://dl.webzhan.xyz:803/bkopen/sys-bkopen.tgz  && tar xvf sys-bkopen.tgz && rm -f sys-bkopen.tgz 

cd /opt/soft/bkopen/install
sh set_hostname.sh        #设置主机名
sh system_init_v2.sh      #执行系统初始化脚本
sh check_system_env.sh    #执行系统环境检查脚本


申请地址

# 获取mac
ifconfig eth0 | grep ether | awk '{print $2}'

# 生成证书后,下载到本地,然后上传到下载服务器来提供下载
scp -P2201 ~/Downloads/ssl_certificates.tar.gz  root@1.117.7.126:/opt/www/dl/

sh get_bkce_basic.sh   #获取软件包和证书
sh set_env.sh          #生成项目变量文件
sh set_config.sh       #生成配置文件install.config

蓝鲸智云-配置生成与渲染说明

#myserver上执行免密授权中控机
scp /root/.ssh/id_rsa   root@172.17.0.9:/root/.ssh/    
sh test_ssh_without_pass.sh

# 进入安装目录
cd /data/install
# 初始化环境
./bk_install common
#校验环境和部署的配置
./health_check/check_bk_controller.sh

部署PaaS平台

# 安装 PaaS 平台及其依赖服务
./bk_install paas

# 因为证书问题安装中断后,更新证书 ,然后重新执行 
./bkcli upgrade cert
./bk_install paas

部署app_mgr

./bk_install app_mgr

部署权限中心与用户管理

# 权限中心
./bk_install saas-o bk_iam
# 用户管理
./bk_install saas-o bk_user_manage

部署cmdb

./bk_install cmdb

部署job

./bk_install job

部署bknodeman

# 安装节点管理后台模块、节点管理 SaaS 及其依赖组件
./bk_install bknodeman

节点管理开启proxy

部署标准运维及流程管理

# 标准运维
./bk_install saas-o bk_sops

# 流程管理
./bk_install saas-o bk_itsm

#加载蓝鲸相关维护命令
source ~/.bashrc

#初始化蓝鲸业务拓扑
./bkcli initdata topo

部署lesscode

./bk_install lesscode  #可视化开发平台

检测相关服务状态

cd /data/install/
echo bkssm bkiam usermgr paas cmdb gse job consul | xargs -n 1 ./bkcli check

访问

111.229.243.10 paas.bktencent.com cmdb.bktencent.com job.bktencent.com jobapi.bktencent.com lesscode.bktencent.com
110.40.169.101 nodeman.bktencent.com

访问地址
http://paas.bktencent.com
账号密码

附安装脚本

set_hostname.sh

#!/usr/bin/env bash
#设置主机名

#检查selinux
function set_hostname(){
    LIP=`/sbin/ifconfig eth0 | grep inet | grep -v inet6 | awk '{print $2}' | sed 's/\.//g'`
    hostnamectl set-hostname bkopen-$LIP
    echo -e "\033[32m [hostname 配置] ==> OK \033[0m"
    echo -e "\033[32m hostname:bkopen-$LIP \033[0m"
}

export -f set_hostname

set_hostname

system_init_v2.sh

#!/usr/bin/env bash
#系统初始化脚本

function set_tencent_yum(){
#替换默认yum源为腾讯yum源
    mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup
    wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.cloud.tencent.com/repo/centos7_base.repo
    mv /etc/yum.repos.d/CentOS-Epel.repo /etc/yum.repos.d/CentOS-Epel.repo.backup
    wget -O /etc/yum.repos.d/epel.repo http://mirrors.cloud.tencent.com/repo/epel-7.repo
    yum clean all
    yum makecache
    echo -e "\033[32m [yum源(tencent) 配置] ==> OK \033[0m"
    echo -e "\033[32m [EPEL源(tencent) 配置] ==> OK \033[0m"
}

function set_init() {
#安装必要的软件,创建目录
    yum install -y vim wget lrzsz telnet traceroute iotop tree rsync
    yum install -y git zlib-devel openssl-devel unzip xz libxslt-devel libxml2-devel libcurl-devel
    #yum -y install ipset  ipset-service  >/dev/null 2>&1
    yum -y install net-tools.x86_64 vim lsof
    yum install -y openssl openssl-devel openssh openssh-server
    yum install -y ntpdate crontabs
    echo -e "\033[32m [安装常用工具] ==> OK \033[0m"
}

function set_ulimits(){
#系统限制更改函数
#修改系统限制
cat <<EOF >>/etc/security/limits.conf
* soft nofile 1048576
* hard nofile 1048576
EOF

cat <<EOF >/etc/security/limits.d/20-nproc.conf
*             soft    nproc     1048576
*             soft    nproc     1048576
EOF

echo -e "\033[32m [ulimits 配置] ==> OK \033[0m"
}

# 增加操作系统记录数量
function set_history(){
#更改history命令记录函数
if ! grep "HISTTIMEFORMAT" /etc/profile >/dev/null 2>&1
then echo '
UserIP=$(who -u am i | cut -d"("  -f 2 | sed -e "s/[()]//g")
export HISTTIMEFORMAT="[%F %T] [`whoami`] [${UserIP}] " ' >> /etc/profile;
fi
sed -i "s/HISTSIZE=1000/HISTSIZE=999999999/" /etc/profile

echo -e "\033[32m [history 优化] ==> OK \033[0m"
}

function set_kernel(){
#系统内核优化
cat <<EOF > /etc/sysctl.conf
fs.file-max = 6553560
net.core.netdev_max_backlog = 32768
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.somaxconn = 32768
net.core.wmem_default = 8388608
net.core.wmem_max = 16777216
net.ipv4.conf.all.arp_ignore = 0
net.ipv4.conf.lo.arp_announce = 0
net.ipv4.conf.lo.arp_ignore = 0
net.ipv4.ip_local_port_range = 5000 65000
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_keepalive_intvl = 30
net.ipv4.tcp_keepalive_probes = 3
net.ipv4.tcp_keepalive_time = 300
net.ipv4.tcp_max_orphans = 3276800
net.ipv4.tcp_max_syn_backlog = 65536
net.ipv4.tcp_max_tw_buckets = 5000
net.ipv4.tcp_mem = 94500000 915000000 927000000
net.ipv4.tcp_syn_retries = 2
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1
vm.overcommit_memory = 1
EOF

sysctl -p >/dev/null 2>&1
echo -e "\033[32m [内核 优化] ==> OK \033[0m"
}

# 稍后测试一下看看
function set_security() {
#关闭selinux
    sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
    sed -i 's/SELINUX=permissive/SELINUX=disabled/g' /etc/selinux/config
    setenforce 0 >/dev/null 2>&1
    #systemctl stop firewalld.service
    #systemctl disable firewalld.service
    yum -y remove firewalld
    yum -y install iptables-services  iptables
    echo -e "\033[32m [安全配置] ==> OK \033[0m"
}

function set_timezone() {
#同步系统时间,设置时区
    rm -f /etc/localtime
    ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
    ntpdate ntp.ntsc.ac.cn >/dev/null 2>&1

    #计划任务,每5分钟同步系统时间
    echo "*/5 * * * * flock -xn /tmp/stargate.lock -c '/usr/sbin/ntpdate ntp.ntsc.ac.cn  > /tmp/ntp.log 2>&1 &'" >> /var/spool/cron/root

    echo -e "\033[32m [时区设置] ==> OK \033[0m"
}

#声明函数变量
export -f set_tencent_yum
export -f set_init
export -f set_ulimits
export -f set_ssh
export -f set_history
export -f set_kernel
export -f set_security
export -f set_timezone

#执行
set_tencent_yum
set_init
set_ulimits
set_history
set_security
set_timezone

check_system_env.sh

#!/usr/bin/env bash
#检查系统环境脚本

#检查selinux
function check_selinux(){
    status=`sestatus | awk '{print $3}'`
    if [ $status == 'disabled' ];then
        echo -e  "\033[32m [INFO] SELinux ==> OK \033[0m"
    else
        echo -e  "\033[31m [ERROR]: SELinux --> $status \033[0m"
    fi
}

#检查firewall
function check_firewalld(){
    status=`rpm -qa firewalld`
    if [[ $status == '' ]];then
        echo -e  "\033[32m [INFO] firewalld ==> OK \033[0m"
    else
        echo -e  "\033[31m [ERROR]: firewalld --> $status \033[0m"
    fi
}

#检查是否存在rsync
function check_rsync(){
    status=`which rsync`
    if [[ $status == '/usr/bin/rsync' ]];then
        echo -e  "\033[32m [INFO] rsync ==> OK \033[0m"
    else
        echo -e  "\033[31m [ERROR]: rsync --> $status \033[0m"
    fi
}

#检查是否存在全局代理
function check_proxy(){
    status=`echo "$http_proxy" "$https_proxy"`
    if [[ $status == ' ' ]];then
        echo -e  "\033[32m [INFO] proxy ==> OK \033[0m"
    else
        echo -e  "\033[31m [ERROR]: proxy --> $status \033[0m"
    fi
}

#检查dns文件权限
function check_resolv(){
    status=`lsattr /etc/resolv.conf | awk '{print $1}'`
    if [[ $status == '-------------e--' ]];then
        echo -e  "\033[32m [INFO] resolv ==> OK \033[0m"
    else
        echo -e  "\033[31m [ERROR]: resolv --> $status \033[0m"
    fi
}

export -f check_selinux
export -f check_firewalld
export -f check_rsync
export -f check_proxy
export -f check_resolv
check_selinux
check_firewalld
check_rsync
check_proxy
check_resolv

get_bkce_basic.sh

#!/usr/bin/env bash
#获取软件包,并解压

#获取软件包
function  get_bkce(){
    #mkdir -p /data  && cd /data && wget https://bkopen-1252002024.file.myqcloud.com/ce/bkce_basic_suite-6.0.4.tgz  &&  tar xvf bkce_basic_suite-6.0.4.tgz
    mkdir -p /data  && cd /data  && wget http://172.17.0.10:803/bkce_basic_suite-6.0.4.tgz && tar xvf bkce_basic_suite-6.0.4.tgz
    cd  /data/src/; for f in *gz;do tar xf $f; done
    cp -a  /data/src/yum  /opt
    echo -e "\033[32m [Info] 获取bkce软件包 ==> OK \033[0m"

    cd /data/ && wget http://172.17.0.10:803/ssl_certificates.tar.gz
    install -d -m 755 /data/src/cert && tar xf /data/ssl_certificates.tar.gz -C /data/src/cert/
    chmod 644 /data/src/cert/*
    echo -e "\033[32m [Info] 获取cert证书 ==> OK \033[0m"
}

export -f get_bkce
get_bkce

sh set_env.sh

#!/usr/bin/env bash
#设置需要的项目变量文件

function set_env(){
mkdir -p /opt/bkopen/
cat << EOF > /opt/bkopen/env.sh
#部署的IP地址
export IP1="172.17.0.15"
export IP2="172.17.0.3"
export IP3="172.17.0.17"

export BK_DOMAIN="bktencent.com"
export INSTALL_PATH="/opt/bkopen"

export BK_PAAS_ADMIN_PASSWORD="ntFjoq2E5NCQ"
EOF

echo -e "\033[32m [/opt/bkopen/env.sh] ==> OK \033[0m"
}

export -f set_env

set_env

set_config.sh

#!/usr/bin/env bash
#生成安装bkce所需要的配置文件

#加载变量
source  /opt/bkopen/env.sh

#生成install.config
cat << EOF >/data/install/install.config
$IP1 iam,ssm,usermgr,gse,license,redis,consul,mysql,lesscode
$IP2 nginx,consul,mongodb,rabbitmq,appo
$IP3 paas,cmdb,job,zk(config),appt,consul,nodeman(nodeman)
EOF

#自定义域名、安装目录
cd /data/install/ &&  ./configure -d $BK_DOMAIN -p $INSTALL_PATH

echo -e "\033[32m [Info] 域名:$BK_DOMAIN ==> OK \033[0m"
echo -e "\033[32m [Info] 安装目录:$INSTALL_PATH ==> OK \033[0m"

#执行免密
#bash configure_ssh_without_pass
#echo -e "\033[32m [Info] 执行免密  ==> OK \033[0m"

#登录密码
cat > /data/install/bin/03-userdef/usermgr.env << EOF
BK_PAAS_ADMIN_PASSWORD=$BK_PAAS_ADMIN_PASSWORD
EOF

echo -e "\033[32m [Info] 登录密码:$BK_PAAS_ADMIN_PASSWORD ==> OK \033[0m"

评论 (0)

取消
只有登录/注册用户才可评论