03 蓝鲸智云课件内容
环境准备¶
配置腾讯YUM源¶
rm -f /etc/yum.repos.d/*.repo
curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.cloud.tencent.com/repo/centos7_base.repo
curl -o /etc/yum.repos.d/epel.repo http://mirrors.cloud.tencent.com/repo/epel-7.repo
yum clean all
yum repolist
yum -y install rsync
配置DNS服务器¶
cat >/etc/resolv.conf<<EOF
nameserver 114.114.114.114
nameserver 8.8.8.8
EOF
配置chrony时间同步¶
yum -y install chrony ntp
编辑chrony配置文件
[root@localhost ~]# vi /etc/chrony.conf
server ntp1.aliyun.com iburst
启动chrony服务
systemctl enable chronyd.service
systemctl start chronyd.service
验证ntp服务客户端是否同步时间正常
[root@localhost ~]# ntpstat
synchronised to NTP server (120.25.115.20) at stratum 3
time correct to within 49 ms
polling server every 64 s
安装 rsync 命令¶
安装脚本依赖 rsync 分发同步文件。
# 检查是否有 rsync 命令,如果有返回 rsync 路径,可以跳过后面的命令
which rsync
# 安装 rsync
yum -y install rsync
挂载数据盘¶
mkfs.xfs -f /dev/sdb
mkdir -p /data
mount /dev/sdb /data/
echo "/dev/sdb /data xfs defaults 0 0" >>/etc/fstab ; cat /etc/fstab |grep data
mkfs.xfs -f /dev/sdb
mkdir -p /opt
mount /dev/sdb /opt
echo "/dev/sdb /opt xfs defaults 0 0" >>/etc/fstab ; cat /etc/fstab |grep opt
docker镜像源配置¶
sudo mkdir -p /etc/docker
sudo tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["https://1v0q5mvy.mirror.aliyuncs.com"]
}
EOF
sudo systemctl daemon-reload
sudo systemctl restart docker
sudo systemctl status docker
cat >/root/.ssh/id_dsa<<EOF
-----BEGIN DSA PRIVATE KEY-----
MIIBvAIBAAKBgQD+4/6mNwP/fGRaJR3dVkNdBnaU6Ma+5Q6Da9B1H+jFU22qwzdM
OkOlGys8uxPyayIaErO4uxMRi6H3T7Q8te0q6lq0Y2ipquMm6XOEzA+4mA1NU9H3
uo4DHZm0zV0hA43WLBxvTFSNfFnmwOVsRi1jSn1myfYGAvQghOrEl5sKCQIVAM4m
XcCjqHJZ65swlaRINBxT3LNtAoGBAPZq1hCJ8OSQGAlAc6iwuaUWS7/4egkYd9li
J6GOF05dcn0jHj6FEFiOrmG76TJV+T7ZhewBFpVdkoDm7fYlcErjQx/P28YzeSt7
23TKpj7noHlLAYy3Qms0BeF4gzB2Z+enfLUhnPTMKXE3QCC7AQ6qx+bxJQn1kFCt
ZnJhWEqRAoGBAN6aPbM6T8a8avJ5CLMwUuOotQLjm13sXcEvVcoa3M6j9T/O39yf
YYmwnw5DIBhzmCubt+x9EDbc+mEsimAbZ6hgHOd6YTSXdfrcuvhrxyE/WvKEo80I
nmrG2iWuFU5YV1LUWZPyNq3oAr/gV1Hm7/aimWQn3mx2f/1k7peJx7ZiAhREOSxZ
n/+07JMEAAYLTYYxVUfACQ==
-----END DSA PRIVATE KEY-----
EOF
chmod 600 /root/.ssh/id_dsa
cat >/root/.ssh/config<<EOF
Host *
StrictHostKeyChecking no
UserKnownHostsFile=/dev/null
EOF
chmod 644 /root/.ssh/config
ssh 192.168.56.14 "df -h|grep data"
ssh 192.168.56.15 "df -h|grep data"
ssh 192.168.56.16 "df -h|grep data"
sed -i "s#Port 10000#Port 22#g" /etc/ssh/sshd_config && systemctl restart sshd ; ss -ltnp
ip route del default via 192.168.56.1
ip route add default via 192.168.56.2
rm -f /etc/yum.repos.d/*.repo
curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.cloud.tencent.com/repo/centos7_base.repo
curl -o /etc/yum.repos.d/epel.repo http://mirrors.cloud.tencent.com/repo/epel-7.repo
yum clean all
yum repolist
yum -y install rsync wget
mkfs.xfs -f /dev/sdb
mkdir -p /data
mount /dev/sdb /data/
echo "/dev/sdb /data xfs defaults 0 0" >>/etc/fstab ; cat /etc/fstab |grep data
echo "root:www.123" | chpasswd
sed -i "s#PasswordAuthentication no#PasswordAuthentication yes#g" /etc/ssh/sshd_config && cat /etc/ssh/sshd_config |grep "PasswordAuthentication"
systemctl restart sshd
mkdir /root/.ssh
chmod 600 /root/.ssh
echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD2YFEJJOYj4pQUIwHXKzyp6w3+ANiIyggDYqrZ1V7WW2+/XstDddvDP54DFhttfOmM2n1jxnjNtdYZZtsS6jp0dfMDeculTiufDh1NCvHSgsPslTwn7UuFrPZbNQPVsQS23MSZojsjnpn+7dOJauxactb3D0/7/U0IxJTUnb6qalzsDdRhoaz/5qhfIsDTHG3trMZiPZUe5r25NpUi4+QJBvxXtYGgGTHxMQ6kuc6LRMhFbO2MzaHmB1xoumYYwRlFb4vnoJ5SsWgygtBEDyUlVAxeZM9hRIB8Iu+Gz8c2Q4hYh+IVhTA5EupVEQW8y8N7p88Y2N+kYbuJeSjKkAzL root@linux-node14" >> /root/.ssh/authorized_keys
chmod 644 /root/.ssh/authorized_keys
修改蓝鲸主页地址
/data/bkce/open_paas/paas/templates/home
logo修改地址
/data/bkce/open_paas/paas/media/applogo_dt/
如果以上步骤没有报错, 你现在可以通过 http://paas.bktencent.com:80 访问 paas 平台,
登陆用户名(login user): admin
登陆密码(login password): ww6wuYf4kJ_P
web界面¶
<li class="app-list-item" app_code="bk_cmdb">
<a class="linker" href="http://172.28.8.125:50001/" target="_blank">
<div class="app-logo">
<img class="item" src="https://gimg2.baidu.com/image_search/src=http%3A%2F%2Fuus-img8.android.d.cn%2Fcontent_pic%2F201601%2Fbehpic%2Ficon%2F858%2F2-67858%2Ficon-1453688695417.png&refer=http%3A%2F%2Fuus-img8.android.d.cn&app=2002&size=f9999,10000&q=a80&n=0&g=0n&fmt=jpeg?sec=1640619301&t=a51ad8c640cb64590f5ea0a1a3d7b7ed" img_url="" onerror="javascript:this.src='/static/img/app_logo/default.png';">
</div>
<p class="item-detail">Gitlab</p>
<p class="item-detail">需独立注册</p>
</a>
</li>
<li class="app-list-item" app_code="bk_cmdb">
<a class="linker" href="http://172.28.8.238/" target="_blank">
<div class="app-logo">
<img class="item" src="https://ss1.baidu.com/9vo3dSag_xI4khGko9WTAnF6hhy/baike/pic/item/8d5494eef01f3a2974f3d22f9225bc315c607c13.jpg" img_url="/media/applogo/bk_cmdb.png" onerror="javascript:this.src='/static/img/app_logo/default.png';">
</div>
<p class="item-detail">Onlyoffice</p>
<p class="item-detail">需独立注册</p>
</a>
</li>
<li class="app-list-item" app_code="bk_cmdb">
<a class="linker" href="https://devops.ctyun.cn" target="_blank">
<div class="app-logo">
<img class="item" src="https://gimg2.baidu.com/image_search/src=http%3A%2F%2Fdingyue.ws.126.net%2F2020%2F0624%2Fccebe386p00qcf7jh00fwd200u000tlg00750071.png&refer=http%3A%2F%2Fdingyue.ws.126.net&app=2002&size=f9999,10000&q=a80&n=0&g=0n&fmt=jpeg?sec=1640619772&t=36504cd140cd795e24421a02360d2218" img_url="/media/applogo/bk_cmdb.png" onerror="javascript:this.src='/static/img/app_logo/default.png';">
</div>
<p class="item-detail">Devops</p>
<p class="item-detail">独立注册</p>
</a>
</li>
<li class="app-list-item" app_code="bk_cmdb">
<a class="linker" href="http://124.236.120.248:50001/" target="_blank">
<div class="app-logo">
<img class="item" src="https://mirrors.tuna.tsinghua.edu.cn/static/img/logo-small@2x.png" img_url="/media/applogo/bk_cmdb.png" onerror="javascript:this.src='/static/img/app_logo/default.png';">
</div>
<p class="item-detail">YUM总源</p>
<p class="item-detail">独立注册</p>
</a>
</li>
`
测试程序数据库¶
pip安装mysql-python报mysql_config: not found错
centos上安装mysql-python报如题的错误,解决办法:
yum安装 mysql-devel和python-devel两个包
yum -y install mysql-devel python-devel gcc gcc-c++ python36-devel
https://www.cnblogs.com/surplus/p/11475587.html
2、支持root用户允许远程连接mysql数据库
grant all privileges on *.* to 'root'@'%' identified by '123456' with grant option;
flush privileges;
数据库地址:192.168.56.86
DROP DATABASE bastion;
CREATE DATABASE `bastion` DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;
GRANT ALL PRIVILEGES ON bastion.* TO 'bastion'@'192.168.56.%' \
IDENTIFIED BY 'bastion';
FLUSH PRIVILEGES;
show databases;
大家好,给大家弄了一个集成运维工作台,方便以后提升大家的工作效率
集成运维工作台访问方式如下:
1.拨入河北vpn
2.配置本机hosts文件配置解析(win)C:\Windows\System32\drivers\etc
8.1.23.237 paas.bktencent.com cmdb.bktencent.com job.bktencent.com jobapi.bktencent.com lesscode.bktencent.com bknetwork.bktencent.com
8.1.23.241 nodeman.bktencent.com
3.访问这个链接
http://paas.bktencent.com/
4.账户密码(默认密码必须更改):4a名称/bk@Ctb3mR7GHNAvUVQW
蓝盾¶
请问社区版的蓝盾流水线能完成企业版里后面的两步(企业部署-构件分发、企业部署-脚本执行)吗?如何完成呢?是要自己开发这两个插件吗?比如我们现在有个小项目需要临时用一下这个流程,社区版蓝盾支持吗?
有现成的插件
https://github.com/ci-plugins/executeJobScript
https://github.com/ci-plugins/pushJobFile
【长期更新】持续集成平台(蓝盾)问题解答汇总
https://bk.tencent.com/s-mart/community/question/2792?type=answer
账户密码¶
BK_PAAS_ADMIN_PASSWORD=bGzrDXD0ZzeM
BK_PAAS_ADMIN_USERNAME=admin
如果以上步骤没有报错, 你现在可以通过 http://paas.bktencent.com:80 访问 paas 平台,
登陆用户名(login user): admin
登陆密码(login password): eoyTRFGOpo7p
测试环境密码:
BK_PAAS_ADMIN_PASSWORD=eoyTRFGOpo7p
BK_PAAS_ADMIN_USERNAME=admin
正式环境密码:
ww6wuYf4kJ_P
密码获取方式:
grep -E "BK_PAAS_ADMIN_USERNAME|BK_PAAS_ADMIN_PASSWORD" /data/install/bin/04-final/usermgr.env
容器化集群相关密码
dCzxpMgi
liyajin
bk@Ctb3mR7GHNAvUVQW
BK_PAAS_MYSQL_HOST=mysql-default.service.consul
BK_PAAS_MYSQL_PASSWORD=NM_cZX3cXFCP
BK_PAAS_MYSQL_PORT=3306
BK_PAAS_MYSQL_USER=paas
mysql常用命令¶
mysql -hmysql-default.service.consul -unodeman -pPBeIv3oKS0CQ
show databases;
use bk_nodeman;
show tables;
DESCRIBE node_man_host;
select * from node_man_host;
select bk_biz_id,bk_host_id,inner_ip from node_man_host;
select * from node_man_identitydata;
MySQL多表关联查询
https://blog.csdn.net/u013952133/article/details/79180077
mysql -hmysql-default.service.consul -unodeman -pPBeIv3oKS0CQ -e "use bk_nodeman ; SELECT w.bk_host_id , w.inner_ip , a.account , a.port , a.updated_at FROM node_man_host w, node_man_identitydata a WHERE w.bk_host_id = a.bk_host_id;"
mongodb常用命令¶
mongo mongodb.service.consul:27017/cmdb -u cmdb -p ns2UgmR4IoLK
use cmdb;
show tables;
db.cc_HostBase.find()
mongodb 导出数据
mongoexport -h mongodb.service.consul:27017 -u cmdb -p ns2UgmR4IoLK -d cmdb -c cc_HostBase -o 1.json
mongodb 导入数据
mongoimport -h mongodb.service.consul:27017 -u cmdb -p ns2UgmR4IoLK --db cmdb --collection cc_HostBase --file 2.json
Mongodb命令行导入导出数据¶
https://www.cnblogs.com/muamaker/p/11870706.html
api对接¶
curl -d '{
"bk_app_code": "bk_cmdb",
"bk_app_secret": "679756d5-7d4e-4ee5-b751-6ca3b7dd6e4a",
"bk_username": "admin",
"bk_biz_id" : 2 ,
"host_info": {
"0": {
"bk_host_innerip": "10.0.0.3",
"bk_cloud_id": 0,
"import_from": "3"
}
}
}' 'http://paas.bktencent.com/api/c/compapi/v2/cc/add_host_to_resource/'
echo
curl -d '
{
"bk_app_code": "bk_cmdb",
"bk_app_secret": "679756d5-7d4e-4ee5-b751-6ca3b7dd6e4a",
"bk_username": "admin",
"bk_biz_id" : 3 ,
"page": {
"start": 0,
"limit": 10,
"sort": "bk_host_id"
},
}' 'http://paas.bktencent.com/api/c/compapi/v2/cc/list_biz_hosts/'
echo
消息告警¶
邮件告警¶
ldap对接¶
解决蓝鲸6.0用户管理ldap同步的问题
https://bk.tencent.com/s-mart/community/question/2775
windows Server 2012安装AD域步骤
https://blog.51cto.com/maguangjie/1926281
【缺陷修复】用户管理接入 AD/LDAP 无法正常同步用户
https://bk.tencent.com/s-mart/community/question/1669
重启服务¶
echo bkssm bkiam usermgr paas cmdb gse job consul bklog | xargs -n 1 ./bkcli
检查服务状态
./bkcli check bkmonitorv3
常见问题汇总¶
社区版6.0常见问题汇总
https://bk.tencent.com/s-mart/community/question/2194?type=answer
BCS-创建K8S初始化集群调用初始化接口失败 错误
https://bk.tencent.com/s-mart/community/question/3986?type=answer
bkmonitorv3报错,无数据上报解决方法:
./bkcli restart redis
./bkcli restart kafka
./bkcli restart cmdb
./bkcli restart job
./bkcli restart gse
./bkcli restart nodeman
./bkcli restart bkmonitorv3
重启服务后等10分钟再次check
bkmonitorv3报错,日志显示alarm_backends.management.commands.run_service
https://bk.tencent.com/s-mart/community/question/2569?type=answer
echo bkssm bkiam usermgr paas cmdb gse job consul bklog | xargs -n 1 ./bkcli check
配置平台开启全文检索功能
https://bk.tencent.com/s-mart/community/question/1376
节点管理遇到的错误
节点管理修改全局配置,测试Server及URL可用性失败
https://bk.tencent.com/s-mart/community/question/2971?type=answer
【经验分享】安装proxy案例分享
https://bk.tencent.com/s-mart/community/question/2184
用户管理遇到的错误
LDAP概念和原理介绍
https://www.cnblogs.com/wilburxu/p/9174353.html
01-ldap服务部署
http://39.106.94.54:50000/007-%E5%B8%B8%E7%94%A8%E5%9F%BA%E7%A1%80%E6%9C%8D%E5%8A%A1/01-ldap%E6%9C%8D%E5%8A%A1%E9%83%A8%E7%BD%B2/
ldap导入基本Schema
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif
windows Server 2012安装AD域步骤
https://blog.51cto.com/maguangjie/1926281
【缺陷修复】用户管理接入 AD/LDAP 无法正常同步用户
https://bk.tencent.com/s-mart/community/question/1669
LDAP (OpenLDAP)+ CentOS7.5 部署与实践视频课(基础架构之二)
https://edu.51cto.com/course/16561.html
Windows2012活动目录搭建域环境视频课程
https://edu.51cto.com/course/2489.html
故障自愈报错
故障自愈报错 (OperationalError) (1045, u"Access denied for user 'fta'
https://bk.tencent.com/s-mart/community/question/3599?type=answer
中控机执行./bkcli initdata mysql
日志平台
BK_CI_ES_USER=elastic BK_CI_ES_PASSWORD=$BK_ES7_ADMIN_PASSWORD
V42FVePpxxLZ
日志平台新建接入报es问题故障处理
https://bk.tencent.com/s-mart/community/question/5196?type=article
nginx正则表达式:(官方的)
(?P<server_ip>\d+\.\d+\.\d+\.\d+) - - \[(?P<datatime>[\s\S]+)\][\s"]+(?P<request>[A-Z]+) (?P<url>[\S]*) (?P<protocol>[\S]+)["] (?P<code>\d+) (?P<sendbytes>\d+) ["](?P<refferer>[\S]*)["] ["](?P<useragent>[\S\s]+)["] ["](?P<request_ip>\d+\.\d+\.\d+\.\d+)
nginx日志格式(自己搭建的)
/data/bkce/cmdb/support-files/templates/#etc#nginx.conf
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'"$status" $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for" '
'"$gzip_ratio" $request_time $bytes_sent $request_length';
(?P<request_ip>\d+\.\d+\.\d+\.\d+) - - \[(?P<datatime>[\s\S]+)\][\s"]+(?P<request>[A-Z]+) (?P<url>[\S]*) (?P<protocol>[\S]+)["] ["](?P<code>\d+)["] (?P<sendbytes>\d+) ["](?P<refferer>[\S]*)["] ["](?P<useragent>[\S\s]+)["]
日志提取链路配置
https://bk.tencent.com/s-mart/community/question/2171?type=answer
日志提取配置
https://bk.tencent.com/s-mart/community/question/3280?type=answer
elasticsearch下载 - 下载中心 - Elastic 中文社区
https://elasticsearch.cn/download/
Centos rpm 安装elasticsearch 6.8
https://www.cnblogs.com/12james/p/12768478.html
http://$PAAS_DOMAN/o/bk_log_search/bklog_manage/
堡垒机
sudo mkdir -p /etc/docker
sudo tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["https://1v0q5mvy.mirror.aliyuncs.com"]
}
EOF
sudo systemctl daemon-reload
sudo systemctl restart docker
sudo systemctl status docker
cd /data/bkce/open_paas/paas/templates/home
<li class="app-list-item" app_code="bk_cmdb">
<a class="linker" href="http://192.168.1.104" target="_blank">
<div class="app-logo">
<img class="item" src="https://gimg2.baidu.com/image_search/src=http%3A%2F%2Fpic2.zhimg.com%2Fv2-36c2c44ad7369c92dcfb64d39dacb160_xs.jpg%3Fsource%3D172ae18b&refer=http%3A%2F%2Fpic2.zhimg.com&app=2002&size=f9999,10000&q=a80&n=0&g=0n&fmt=jpeg?sec=1640747844&t=c780f726cbba5ea2fc4edbfebaff967c" img_url="" onerror="javascript:this.src='/static/img/app_logo/default.png';">
</div>
<p class="item-detail">Jumpserver</p>
<p class="item-detail">账户与蓝鲸智云一致</p>
</a>
</li>
蓝盾(CICD)
蓝盾支持gitee拉取吗
https://bk.tencent.com/s-mart/community/question/3654?type=answer
拉取git仓库插件
https://github.com/TencentBlueKing/ci-checkout
docker插件
https://github.com/TencentBlueKing/ci-dockerBuildPush
【经验分享】蓝盾部署实战
https://bk.tencent.com/s-mart/community/question/1425
蓝盾插件的使用
https://bk.tencent.com/s-mart/community/question/1465?type=answer
https://github.com/ci-plugins/
https://github.com/ci-plugins/DockerBuildPush
Gitlab和OpenLDAP的集成
https://blog.csdn.net/wangzhimin0928/article/details/109036346
SVN 部署以及对接Ldap
https://www.cnblogs.com/lixinliang/p/15532858.html
腾讯工蜂(TGit)之代码上传
https://blog.csdn.net/Future_46/article/details/83011720
LDAP落地实战(三):GitLab集成OpenLDAP认证
https://blog.csdn.net/weixin_42578481/article/details/80878107
社区版V6.0.4-PaasAgent激活失败问题
数据库安装:
https://www.cnblogs.com/yhongji/p/9783065.html
pcmd -H 192.168.1.1 '${CTRL_DIR}/bin/install_paasagent.sh -e ${CTRL_DIR}/bin/04-final/paasagent.env -b $LAN_IP -m prod -s ${BK_PKG_SRC_PATH} -p ${INSTALL_PATH}'
pcmd -H 192.168.1.1 '${CTRL_DIR}/bin/install_paasagent.sh -e ${CTRL_DIR}/bin/04-final/paasagent.env -b $LAN_IP -m test -s ${BK_PKG_SRC_PATH} -p ${INSTALL_PATH}'
创建数据库(gitlab):
CREATE DATABASE `paas_gitlab` DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;
GRANT ALL PRIVILEGES ON paas_gitlab.* TO 'paas_gitlab'@'%' IDENTIFIED BY 'paas_gitlab';
FLUSH PRIVILEGES;
show databases;
mysql -h 192.168.56.85 -u paas_gitlab -ppaas_gitlab -e "show databases;"
创建数据库(jumpserver):
CREATE DATABASE `paas_jumpserver` DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;
GRANT ALL PRIVILEGES ON paas_jumpserver.* TO 'paas_jumpserver'@'%' IDENTIFIED BY 'paas_jumpserver';
FLUSH PRIVILEGES;
show databases;
mysql -h 192.168.56.85 -u paas_jumpserver -ppaas_jumpserver -e "show databases;"
创建数据库(gerrit):
CREATE DATABASE `paas_gerrit` DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;
GRANT ALL PRIVILEGES ON paas_gerrit.* TO 'paas_gerrit'@'%' IDENTIFIED BY 'paas_gerrit';
FLUSH PRIVILEGES;
show databases;
mysql -h 192.168.1.104 -u paas_gerrit -ppaas_gerrit -e "show databases;"
创建数据库(svn):
CREATE DATABASE `paas_svn` DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;
GRANT ALL PRIVILEGES ON paas_svn.* TO 'paas_svn'@'%' IDENTIFIED BY 'paas_svn';
FLUSH PRIVILEGES;
show databases;
mysql -h 192.168.1.104 -u paas_svn -ppaas_svn -e "show databases;"
创建数据库(harbor):
CREATE DATABASE `paas_harbor` DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;
GRANT ALL PRIVILEGES ON paas_harbor.* TO 'paas_harbor'@'%' IDENTIFIED BY 'paas_harbor';
FLUSH PRIVILEGES;
show databases;
mysql -h 192.168.1.104 -u paas_harbor -ppaas_harbor -e "show databases;"
创建数据库(yum):
CREATE DATABASE `paas_yum` DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;
GRANT ALL PRIVILEGES ON paas_yum.* TO 'paas_yum'@'%' IDENTIFIED BY 'paas_yum';
FLUSH PRIVILEGES;
show databases;
mysql -h 192.168.1.104 -u paas_yum -ppaas_yum -e "show databases;"
创建数据库(nessus):
CREATE DATABASE `paas_nessus` DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;
GRANT ALL PRIVILEGES ON paas_nessus.* TO 'paas_nessus'@'%' IDENTIFIED BY 'paas_nessus';
FLUSH PRIVILEGES;
show databases;
mysql -h 192.168.1.104 -u paas_nessus -ppaas_nessus -e "show databases;"
创建数据库(jenkins):
CREATE DATABASE `paas_jenkins` DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;
GRANT ALL PRIVILEGES ON paas_jenkins.* TO 'paas_jenkins'@'%' IDENTIFIED BY 'paas_jenkins';
FLUSH PRIVILEGES;
show databases;
mysql -h 192.168.1.104 -u paas_jenkins -ppaas_jenkins -e "show databases;"
创建数据库(onlyoffice):
CREATE DATABASE `paas_onlyoffice` DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;
GRANT ALL PRIVILEGES ON paas_onlyoffice.* TO 'paas_onlyoffice'@'%' IDENTIFIED BY 'paas_onlyoffice';
FLUSH PRIVILEGES;
show databases;
mysql -h 192.168.1.104 -u paas_onlyoffice -ppaas_onlyoffice -e "show databases;"
设置root远程连接
grant all privileges on *.* to 'root'@'%' identified by '123456' with grant option;
flush privileges;
删除数据库
DROP database paas_gitlab;
查看用户权限
SELECT user,host FROM mysql.user;
创建用户
create user paasjumpserver identified by 'paasjumpserver';
删除用户
drop user paasgitlab@'%';
#!/usr/bin/env bash
if [ -d demo ];then
cd demo ; git pull origin master
else
git clone https://gitee.com/chriscentos/demo.git
fi
配置bkce-ci 公共构建机容器软件源
https://www.cnblogs.com/varden/p/13939953.html
\cp /etc/apt/sources.list /etc/apt/sources.list_bak
cat >/etc/apt/sources.list<<EOF
deb https://mirrors.tuna.tsinghua.edu.cn/debian/ buster main contrib non-free
# deb-src https://mirrors.tuna.tsinghua.edu.cn/debian/ buster main contrib non-free
deb https://mirrors.tuna.tsinghua.edu.cn/debian/ buster-updates main contrib non-free
# deb-src https://mirrors.tuna.tsinghua.edu.cn/debian/ buster-updates main contrib non-free
deb https://mirrors.tuna.tsinghua.edu.cn/debian/ buster-backports main contrib non-free
# deb-src https://mirrors.tuna.tsinghua.edu.cn/debian/ buster-backports main contrib non-free
deb https://mirrors.tuna.tsinghua.edu.cn/debian-security buster/updates main contrib non-free
# deb-src https://mirrors.tuna.tsinghua.edu.cn/debian-security buster/updates main contrib non-free
EOF
apt-get update
apt-get -y install subversion
github访问加速
https://zhuanlan.zhihu.com/p/75994966?utm_source=wechat_session
生成密钥对命令
ssh-keygen
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC/4VnfevBe6sWSYDS8UTstl7E6fQVex9UwMSQIg14Cza4TiqLmmcPNOv9r9oUnhxOABPpv3PiynPSLOX/bpD24vQ5tlDSkil/70BuXuYg/T0MjQ2tINu0b7MqKXKb83o5XxHK75Oh/xf4uoCUWzQM1oC2mMuTTSPWhePbS6PtrsKblyTFyybrK8NdKxbMmBq25vCM0QIy2hgmlKSFjRLeDWKp525UEsMrk6BpvhLPbfLQ3N7luIEoTZcyHDJqRWwYQ8QmSf+tJ2OwxEZo9Qj9ol5bO5G471PPTZVBSW8A5TTdT9Sezb/stbDSXNPYSfPoAPa1NbH+O7xBYyzfvkjV/ root@linux-bkce-node1
mkdir -p ~/.ssh/
chown 600 ~/.ssh/
cat >~/.ssh/config<<EOF
Host *
StrictHostKeyChecking no
UserKnownHostsFile=/dev/null
EOF
chmod 644 ~/.ssh/config
cat >~/.ssh/id_rsa<<EOF
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAv+FZ33rwXurFkmA0vFE7LZexOn0FXsfVMDEkCINeAs2uE4qi
5pnDzTr/a/aFJ4cTgAT6b9z4spz0izl/26Q9uL0ObZQ0pIpf+9Abl7mIP09DI0Nr
SDbtG+zKilym/N6OV8Ryu+Tof8X+LqAlFs0DNaAtpjLk00j1oXj20uj7a7Cm5ckx
csm6yvDXSsWzJgatubwjNECMtoYJpSkhY0S3g1iqeduVBLDK5Ogab4Sz23y0Nze5
biBKE2XMhwyakVsGEPEJkn/rSdjsMRGaPUI/aJeWzuRuO9Tz02VQUlvAOU03U/Un
s2/7LWw0lzT2Enz6AD2tTWx/ju8QWMs375I1fwIDAQABAoIBAQCksgyuIZvIHMNQ
jHs3WJHu5FEe3siJPgTixIslM3yx81EDPO/t9vV1ZrpuNL692tcF/z/mXEirJsVP
6x6vrB2+P6furlMxGASi41GLvZgQnzwFPI0NAvgqC+kdMcGzMmQDOX8xf52AbrVp
19N96qJimQYVrYFzSSBsZKOXDJshJpY1c1MLdusM7QRN2MSo51p9kIHE7XR0KFwi
d/9bA1Kt0GkjpjizuU2gdXNohhEL8XMiqHwQCfCfP3KY0sVjKzdDm54nQr3ypA09
6az+fJDdMLTlLcyZhZGfKYxTa0Zossy/avl9jmRMkR6ZeIeq84kviu2/ziMqfoQJ
escMzTEBAoGBAOs1ZfdqJlE/SxI5XdQxCuYOA4asEBOKU8YQq6Ua2a3UGlN0iokK
49rn30Oxeqd5UklLTBtXyRk/XR/mmlIxEZbHrlKia6UJymoL9rTBdNbyRth00JdC
fZli4PyEBOWXVuJc/KgnA7S+FWt65x3y6S6AEFNZm0DlsLigL4U7aD+fAoGBANDX
dtR2SgCCouf88JaW2gPB4TV98bNKP0KaNKAmHCcwDsc14yFyiYXMMqv4/qCgRAQy
cZEfsC+jvSgVavRpUC1gJdqDXK8BvGjn0Vupc01d7vF6Td2Hy1VkzCTH/OtAuvHM
bf/mrYumhsZLnqVM+zEeVMsKSAd7hrD0xvKn1r4hAoGBAJhi9Dkj0Md61kxsVloP
nBwIoEg0WgYO7M+6JTrG9pkkfhnru4WmRJGjAId/CRRQCfvqiNh+O4/b+Z2dbgYq
PFcP7+UhzdQTT8z9C014uRY5yaSbqjkVnwItic6QSgvlzSjDTf4zqLcFICOOcQZ6
RpEV733Q5EFbju9O+Pq8zoHJAoGAGJGgmzInVpQH0j8BltW8ZEDE2+QrMSqE8rLt
igGxwjJ3Kpx+UgsFfsYdF/o9CmyQU+YTUj1mHtSmhjau1H4nPo9XJLPbjYMoxTaw
fJYcyHdKiwIWcv9svmkTUyhr6sk8tQGV10suE4XNyTpQOaYqzwaAdzqIasjveZXy
ac2xB8ECgYBzI8uA8dQCkkFfkXRNw65pRV8LWIeOSEdC3FFkPzyVpPJRP63J8SIa
mDF5ZrPGIl/fOuQSBjBePQTVU4v0mvfYzbI2Atu1ntkM/XvjcavdVYaQA/PFQcv4
9fEe5I05yQZm8gfY5bWIb/QC81dGyzBG8lasrmQn6ZKAiTVZ7qtk1w==
-----END RSA PRIVATE KEY-----
EOF
chmod 600 ~/.ssh/id_rsa
https://github.com/yyeexin/bilibili-html-demo
解决gitlab添加webhook提示Url is blocked: Requests to the local network are not allowed的问题
https://blog.csdn.net/anqixiang/article/details/104968469
在GitLab的项目中,通常会使用Webhook的各种事件来触发对应的构建,通常配置好后会向设定好的url发送post请求。
webhooks gitlab的钩子
.gitlab-ci.yml
stages:
- run-bkce
run-bkce:
stage: run-bkce
script:
- echo "Running tests"
only:
- main
git-lab 进行ci时遇到的问题
https://www.cnblogs.com/yipihema/p/13627105.html
私有构建机需要安装的软件:
yum -y install rsync
yum -y install java unzip
yum -y install git
echo "192.168.1.3 devops.bktencent.com" >>/etc/hosts
curl -H "X-DEVOPS-PROJECT-ID: demo" http://devops.bktencent.com/ms/environment/api/external/thirdPartyAgent/koapydmd/install | bash
插件下载地址:
https://github.com/TencentBlueKing/ci-pushJobFile
https://github.com/TencentBlueKing/ci-executeJobScript
python:
echo "print(\"hello world\")" >helloworld.py
python helloworld.py
java:
https://gitlab.com/bk-ci/gs-maven
https://gitlab.com/bk-ci/gs-maven.git
nodejs:
https://gitlab.com/bk-ci/nodejs-examples
https://gitlab.com/bk-ci/nodejs-examples.git
echo "console.log(\"Hello World\");" >helloworld.js
node helloworld.js
FROM 192.168.1.111/library/bkci/ci:v0
MAINTAINER Jason.admin admin@gmail.com
RUN cat >/etc/apt/sources.list<<EOF
deb https://mirrors.tuna.tsinghua.edu.cn/debian/ buster main contrib non-free
# deb-src https://mirrors.tuna.tsinghua.edu.cn/debian/ buster main contrib non-free
deb https://mirrors.tuna.tsinghua.edu.cn/debian/ buster-updates main contrib non-free
# deb-src https://mirrors.tuna.tsinghua.edu.cn/debian/ buster-updates main contrib non-free
deb https://mirrors.tuna.tsinghua.edu.cn/debian/ buster-backports main contrib non-free
# deb-src https://mirrors.tuna.tsinghua.edu.cn/debian/ buster-backports main contrib non-free
deb https://mirrors.tuna.tsinghua.edu.cn/debian-security buster/updates main contrib non-free
# deb-src https://mirrors.tuna.tsinghua.edu.cn/debian-security buster/updates main contrib non-free
EOF
RUN apt-get update && apt-get -y install subversion
https://demo.opsany.com/o/workbench/#/error?state=3
python add_env_blueking.py --username admin --password By1tSxBYUTCv --paas_url http://paas.bktencent.com
2022-02-03fLoWDznrS9
/tmp/2022-02-03FuAKQ1gBUq
vim ./opsany/saas/apps/projects/rbac/code/rbac/config/__init__.py
vim ./opsany-paas/paas-ce/paas/login/bkaccount/opsany_user_auth.py
8a628f06-ed28-4d60-8ce8-458ae52efb6a
将 NFS 作为 K8S PV Provisioner
https://bk.tencent.com/docs/document/6.0/144/6535?r=1
在 K8S 中部署 WordPress
https://bk.tencent.com/docs/document/6.0/144/6519
helm repo add 报错 x509: certificate signed by unknown authority
https://bk.tencent.com/s-mart/community/question/2925?type=answer
https://bk.tencent.com/docs/document/6.0/127/7893
export GODEBUG=x509ignoreCN=0;helm repo add demo https://harbor-api.service.consul/chartrepo/demo --username=admin --password=Harbor12345 --ca-file=/root/harbor-api.service.consul.crt
helm cm-push ./rumpetroll/ demo --ca-file=./harbor-api.service.consul.crt
helmpush rumpetroll/ demo --ca-file=/root/harbor-api.service.consul.crt
helmpush wordpress/ demo --ca-file=/root/harbor-api.service.consul.crt
stable https://kubernetes-charts.storage.googleapis.com
local http://127.0.0.1:8879/charts
helm repo remove stable
helm repo add stable http://mirror.azure.cn/kubernetes/charts/
helm repo add incubator http://mirror.azure.cn/kubernetes/charts-incubator/
helm repo update
拉取docker容器
docker pull bitnami/wordpress:5.3.2-debian-10-r32
docker pull bitnami/apache-exporter:0.7.0-debian-10-r32
docker pull bitnami/mariadb:10.3.22-debian-10-r27
docker pull bitnami/minideb:buster
docker pull bitnami/mysqld-exporter:0.12.1-debian-10-r27
docker pull dduportal/bats:0.4.0
docker login harbor-api.service.consul
docker tag bitnami/wordpress:5.3.2-debian-10-r32 harbor-api.service.consul/bitnami/wordpress:5.3.2-debian-10-r32
docker push harbor-api.service.consul/bitnami/wordpress:5.3.2-debian-10-r32
docker tag bitnami/apache-exporter:0.7.0-debian-10-r32 harbor-api.service.consul/bitnami/apache-exporter:0.7.0-debian-10-r32
docker push harbor-api.service.consul/bitnami/apache-exporter:0.7.0-debian-10-r32
docker tag bitnami/mariadb:10.3.22-debian-10-r27 harbor-api.service.consul/bitnami/mariadb:10.3.22-debian-10-r27
docker push harbor-api.service.consul/bitnami/mariadb:10.3.22-debian-10-r27
docker tag bitnami/minideb:buster harbor-api.service.consul/bitnami/minideb:buster
docker push harbor-api.service.consul/bitnami/minideb:buster
docker tag bitnami/mysqld-exporter:0.12.1-debian-10-r27 harbor-api.service.consul/bitnami/mysqld-exporter:0.12.1-debian-10-r27
docker push harbor-api.service.consul/bitnami/mysqld-exporter:0.12.1-debian-10-r27
docker tag dduportal/bats:0.4.0 harbor-api.service.consul/dduportal/bats:0.4.0
docker push harbor-api.service.consul/dduportal/bats:0.4.0
docker tag quay.io/external_storage/nfs-client-provisioner:v3.1.0-k8s1.11 harbor-api.service.consul/quay.io/external_storage/nfs-client-provisioner:v3.1.0-k8s1.11
docker push harbor-api.service.consul/quay.io/external_storage/nfs-client-provisioner:v3.1.0-k8s1.11
sed -i "s#docker.io#harbor-api.service.consul#g" values.yaml
sed -i "s#docker.io#harbor-api.service.consul#g" values-production.yaml
docker pull gitlab/gitlab-ce:9.4.1-ce.0
docker pull postgres:9.6.2
docker pull wrouesnel/postgres_exporter:v0.1.1
docker pull bitnami/redis:3.2.9-r2
docker pull oliver006/redis_exporter:v0.11
docker save gitlab/gitlab-ce:9.4.1-ce.0 postgres:9.6.2 wrouesnel/postgres_exporter:v0.1.1 bitnami/redis:3.2.9-r2 oliver006/redis_exporter:v0.11 > ./gitlab-ce-helm.tar.gz
docker tag gitlab/gitlab-ce:9.4.1-ce.0 harbor-api.service.consul/gitlab/gitlab-ce:9.4.1-ce.0
docker push harbor-api.service.consul/gitlab/gitlab-ce:9.4.1-ce.0
docker tag postgres:9.6.2 harbor-api.service.consul/postgres/postgres:9.6.2
docker push harbor-api.service.consul/postgres/postgres:9.6.2
docker tag wrouesnel/postgres_exporter:v0.1.1 harbor-api.service.consul/wrouesnel/postgres_exporter:v0.1.1
docker push harbor-api.service.consul/wrouesnel/postgres_exporter:v0.1.1
docker tag bitnami/redis:3.2.9-r2 harbor-api.service.consul/bitnami/redis:3.2.9-r2
docker push harbor-api.service.consul/bitnami/redis:3.2.9-r2
docker tag oliver006/redis_exporter:v0.11 harbor-api.service.consul/oliver006/redis_exporter:v0.11
docker push harbor-api.service.consul/oliver006/redis_exporter:v0.11
蓝鲸智云7.0部署
lesscode
PRIVATE_NPM_REGISTRY http://bkrepo.bkce7.bktencent.com/npm/bkpaas/npm/
PRIVATE_NPM_USERNAME bklesscode
PRIVATE_NPM_PASSWORD blueking
BKAPIGW_DOC_URL http://apigw.bkce7.bktencent.com/docs
在应用推广-发布管理中,将应用市场的访问地址类型设置为:主模块生产环境独立域名
bknodeman
STORAGE_TYPE BLUEKING_ARTIFACTORY
BKAPP_RUN_ENV ce
BKAPP_NODEMAN_CALLBACK_URL http://apps.bkce7.bktencent.com/prod--backend--bk--nodeman/backend
agent install
echo "192.168.1.219 apps.bkce7.bktencent.com" >>/etc/hosts
安装 node top 工具
1、kubectl edit deployments.apps -n kube-system metrics-server
修改 image: registry.cn-hangzhou.aliyuncs.com/google_containers/metrics-server:v0.5.2
2、kubectl apply -f https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml