资源准备
操作系统
服务器准备
模块分配
部署过程
系统初始化
# 获取安装脚本,并解压
mkdir -p /opt/soft/ && cd /opt/soft && wget http://dl.webzhan.xyz:803/bkopen/sys-bkopen.tgz && tar xvf sys-bkopen.tgz && rm -f sys-bkopen.tgz
cd /opt/soft/bkopen/install
sh set_hostname.sh #设置主机名
sh system_init_v2.sh #执行系统初始化脚本
sh check_system_env.sh #执行系统环境检查脚本
# 获取mac
ifconfig eth0 | grep ether | awk '{print $2}'
# 生成证书后,下载到本地,然后上传到下载服务器来提供下载
scp -P2201 ~/Downloads/ssl_certificates.tar.gz root@1.117.7.126:/opt/www/dl/
sh get_bkce_basic.sh #获取软件包和证书
sh set_env.sh #生成项目变量文件
sh set_config.sh #生成配置文件install.config
#myserver上执行免密授权中控机
scp /root/.ssh/id_rsa root@172.17.0.9:/root/.ssh/
sh test_ssh_without_pass.sh
# 进入安装目录
cd /data/install
# 初始化环境
./bk_install common
#校验环境和部署的配置
./health_check/check_bk_controller.sh
如果执行失败,手动通过命令将 rabbitmq启动后, 可以手动追加
echo start rabbitmq >> /data/install/.bk_install.step
然后继续执行./bk_install xxx 自动跳过 rabbitmq安装
部署PaaS平台
# 安装 PaaS 平台及其依赖服务
./bk_install paas
# 因为证书问题安装中断后,更新证书 ,然后重新执行
./bkcli upgrade cert
./bk_install paas
部署app_mgr
./bk_install app_mgr
部署权限中心与用户管理
# 权限中心
./bk_install saas-o bk_iam
# 用户管理
./bk_install saas-o bk_user_manage
部署cmdb
./bk_install cmdb
部署job
./bk_install job
部署bknodeman
# 安装节点管理后台模块、节点管理 SaaS 及其依赖组件
./bk_install bknodeman
部署标准运维及流程管理
# 标准运维
./bk_install saas-o bk_sops
# 流程管理
./bk_install saas-o bk_itsm
#加载蓝鲸相关维护命令
source ~/.bashrc
#初始化蓝鲸业务拓扑
./bkcli initdata topo
部署lesscode
./bk_install lesscode #可视化开发平台
检测相关服务状态
cd /data/install/
echo bkssm bkiam usermgr paas cmdb gse job consul | xargs -n 1 ./bkcli check
访问
111.229.243.10 paas.bktencent.com cmdb.bktencent.com job.bktencent.com jobapi.bktencent.com lesscode.bktencent.com
110.40.169.101 nodeman.bktencent.com
访问地址
http://paas.bktencent.com
账号密码
附安装脚本
set_hostname.sh
#!/usr/bin/env bash
#设置主机名
#检查selinux
function set_hostname(){
LIP=`/sbin/ifconfig eth0 | grep inet | grep -v inet6 | awk '{print $2}' | sed 's/\.//g'`
hostnamectl set-hostname bkopen-$LIP
echo -e "\033[32m [hostname 配置] ==> OK \033[0m"
echo -e "\033[32m hostname:bkopen-$LIP \033[0m"
}
export -f set_hostname
set_hostname
system_init_v2.sh
#!/usr/bin/env bash
#系统初始化脚本
function set_tencent_yum(){
#替换默认yum源为腾讯yum源
mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.cloud.tencent.com/repo/centos7_base.repo
mv /etc/yum.repos.d/CentOS-Epel.repo /etc/yum.repos.d/CentOS-Epel.repo.backup
wget -O /etc/yum.repos.d/epel.repo http://mirrors.cloud.tencent.com/repo/epel-7.repo
yum clean all
yum makecache
echo -e "\033[32m [yum源(tencent) 配置] ==> OK \033[0m"
echo -e "\033[32m [EPEL源(tencent) 配置] ==> OK \033[0m"
}
function set_init() {
#安装必要的软件,创建目录
yum install -y vim wget lrzsz telnet traceroute iotop tree rsync
yum install -y git zlib-devel openssl-devel unzip xz libxslt-devel libxml2-devel libcurl-devel
#yum -y install ipset ipset-service >/dev/null 2>&1
yum -y install net-tools.x86_64 vim lsof
yum install -y openssl openssl-devel openssh openssh-server
yum install -y ntpdate crontabs
echo -e "\033[32m [安装常用工具] ==> OK \033[0m"
}
function set_ulimits(){
#系统限制更改函数
#修改系统限制
cat <<EOF >>/etc/security/limits.conf
* soft nofile 1048576
* hard nofile 1048576
EOF
cat <<EOF >/etc/security/limits.d/20-nproc.conf
* soft nproc 1048576
* soft nproc 1048576
EOF
echo -e "\033[32m [ulimits 配置] ==> OK \033[0m"
}
# 增加操作系统记录数量
function set_history(){
#更改history命令记录函数
if ! grep "HISTTIMEFORMAT" /etc/profile >/dev/null 2>&1
then echo '
UserIP=$(who -u am i | cut -d"(" -f 2 | sed -e "s/[()]//g")
export HISTTIMEFORMAT="[%F %T] [`whoami`] [${UserIP}] " ' >> /etc/profile;
fi
sed -i "s/HISTSIZE=1000/HISTSIZE=999999999/" /etc/profile
echo -e "\033[32m [history 优化] ==> OK \033[0m"
}
function set_kernel(){
#系统内核优化
cat <<EOF > /etc/sysctl.conf
fs.file-max = 6553560
net.core.netdev_max_backlog = 32768
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.somaxconn = 32768
net.core.wmem_default = 8388608
net.core.wmem_max = 16777216
net.ipv4.conf.all.arp_ignore = 0
net.ipv4.conf.lo.arp_announce = 0
net.ipv4.conf.lo.arp_ignore = 0
net.ipv4.ip_local_port_range = 5000 65000
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_keepalive_intvl = 30
net.ipv4.tcp_keepalive_probes = 3
net.ipv4.tcp_keepalive_time = 300
net.ipv4.tcp_max_orphans = 3276800
net.ipv4.tcp_max_syn_backlog = 65536
net.ipv4.tcp_max_tw_buckets = 5000
net.ipv4.tcp_mem = 94500000 915000000 927000000
net.ipv4.tcp_syn_retries = 2
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1
vm.overcommit_memory = 1
EOF
sysctl -p >/dev/null 2>&1
echo -e "\033[32m [内核 优化] ==> OK \033[0m"
}
# 稍后测试一下看看
function set_security() {
#关闭selinux
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
sed -i 's/SELINUX=permissive/SELINUX=disabled/g' /etc/selinux/config
setenforce 0 >/dev/null 2>&1
#systemctl stop firewalld.service
#systemctl disable firewalld.service
yum -y remove firewalld
yum -y install iptables-services iptables
echo -e "\033[32m [安全配置] ==> OK \033[0m"
}
function set_timezone() {
#同步系统时间,设置时区
rm -f /etc/localtime
ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
ntpdate ntp.ntsc.ac.cn >/dev/null 2>&1
#计划任务,每5分钟同步系统时间
echo "*/5 * * * * flock -xn /tmp/stargate.lock -c '/usr/sbin/ntpdate ntp.ntsc.ac.cn > /tmp/ntp.log 2>&1 &'" >> /var/spool/cron/root
echo -e "\033[32m [时区设置] ==> OK \033[0m"
}
#声明函数变量
export -f set_tencent_yum
export -f set_init
export -f set_ulimits
export -f set_ssh
export -f set_history
export -f set_kernel
export -f set_security
export -f set_timezone
#执行
set_tencent_yum
set_init
set_ulimits
set_history
set_security
set_timezone
check_system_env.sh
#!/usr/bin/env bash
#检查系统环境脚本
#检查selinux
function check_selinux(){
status=`sestatus | awk '{print $3}'`
if [ $status == 'disabled' ];then
echo -e "\033[32m [INFO] SELinux ==> OK \033[0m"
else
echo -e "\033[31m [ERROR]: SELinux --> $status \033[0m"
fi
}
#检查firewall
function check_firewalld(){
status=`rpm -qa firewalld`
if [[ $status == '' ]];then
echo -e "\033[32m [INFO] firewalld ==> OK \033[0m"
else
echo -e "\033[31m [ERROR]: firewalld --> $status \033[0m"
fi
}
#检查是否存在rsync
function check_rsync(){
status=`which rsync`
if [[ $status == '/usr/bin/rsync' ]];then
echo -e "\033[32m [INFO] rsync ==> OK \033[0m"
else
echo -e "\033[31m [ERROR]: rsync --> $status \033[0m"
fi
}
#检查是否存在全局代理
function check_proxy(){
status=`echo "$http_proxy" "$https_proxy"`
if [[ $status == ' ' ]];then
echo -e "\033[32m [INFO] proxy ==> OK \033[0m"
else
echo -e "\033[31m [ERROR]: proxy --> $status \033[0m"
fi
}
#检查dns文件权限
function check_resolv(){
status=`lsattr /etc/resolv.conf | awk '{print $1}'`
if [[ $status == '-------------e--' ]];then
echo -e "\033[32m [INFO] resolv ==> OK \033[0m"
else
echo -e "\033[31m [ERROR]: resolv --> $status \033[0m"
fi
}
export -f check_selinux
export -f check_firewalld
export -f check_rsync
export -f check_proxy
export -f check_resolv
check_selinux
check_firewalld
check_rsync
check_proxy
check_resolv
get_bkce_basic.sh
#!/usr/bin/env bash
#获取软件包,并解压
#获取软件包
function get_bkce(){
#mkdir -p /data && cd /data && wget https://bkopen-1252002024.file.myqcloud.com/ce/bkce_basic_suite-6.0.4.tgz && tar xvf bkce_basic_suite-6.0.4.tgz
mkdir -p /data && cd /data && wget http://172.17.0.10:803/bkce_basic_suite-6.0.4.tgz && tar xvf bkce_basic_suite-6.0.4.tgz
cd /data/src/; for f in *gz;do tar xf $f; done
cp -a /data/src/yum /opt
echo -e "\033[32m [Info] 获取bkce软件包 ==> OK \033[0m"
cd /data/ && wget http://172.17.0.10:803/ssl_certificates.tar.gz
install -d -m 755 /data/src/cert && tar xf /data/ssl_certificates.tar.gz -C /data/src/cert/
chmod 644 /data/src/cert/*
echo -e "\033[32m [Info] 获取cert证书 ==> OK \033[0m"
}
export -f get_bkce
get_bkce
sh set_env.sh
#!/usr/bin/env bash
#设置需要的项目变量文件
function set_env(){
mkdir -p /opt/bkopen/
cat << EOF > /opt/bkopen/env.sh
#部署的IP地址
export IP1="172.17.0.15"
export IP2="172.17.0.3"
export IP3="172.17.0.17"
export BK_DOMAIN="bktencent.com"
export INSTALL_PATH="/opt/bkopen"
export BK_PAAS_ADMIN_PASSWORD="ntFjoq2E5NCQ"
EOF
echo -e "\033[32m [/opt/bkopen/env.sh] ==> OK \033[0m"
}
export -f set_env
set_env
set_config.sh
#!/usr/bin/env bash
#生成安装bkce所需要的配置文件
#加载变量
source /opt/bkopen/env.sh
#生成install.config
cat << EOF >/data/install/install.config
$IP1 iam,ssm,usermgr,gse,license,redis,consul,mysql,lesscode
$IP2 nginx,consul,mongodb,rabbitmq,appo
$IP3 paas,cmdb,job,zk(config),appt,consul,nodeman(nodeman)
EOF
#自定义域名、安装目录
cd /data/install/ && ./configure -d $BK_DOMAIN -p $INSTALL_PATH
echo -e "\033[32m [Info] 域名:$BK_DOMAIN ==> OK \033[0m"
echo -e "\033[32m [Info] 安装目录:$INSTALL_PATH ==> OK \033[0m"
#执行免密
#bash configure_ssh_without_pass
#echo -e "\033[32m [Info] 执行免密 ==> OK \033[0m"
#登录密码
cat > /data/install/bin/03-userdef/usermgr.env << EOF
BK_PAAS_ADMIN_PASSWORD=$BK_PAAS_ADMIN_PASSWORD
EOF
echo -e "\033[32m [Info] 登录密码:$BK_PAAS_ADMIN_PASSWORD ==> OK \033[0m"
评论 (0)