houming818

万物之始 始于无明

环境说明:

$ kubectl get nodes -o wide
NAME   STATUS   ROLES                         AGE     VERSION   INTERNAL-IP     EXTERNAL-IP   OS-IMAGE             KERNEL-VERSION      CONTAINER-RUNTIME
fe     Ready    worker                        6d22h   v1.20.4   192.168.1.106   <none>        Ubuntu 20.04.4 LTS   5.4.0-166-generic   containerd://1.6.24
ne     Ready    control-plane,master,worker   6d22h   v1.20.4   192.168.1.103   <none>        Ubuntu 20.04.4 LTS   5.15.0-88-generic   containerd://1.6.24
域名 端口 用途
dev-web.ftjd.org 8004 提供web服务,浏览器输入dev-web.ftjd.org:8004可以访问开发的ITSM
dev-api.ftjd.org 8005 提供ITSM的API服务,在dev的webpack包中配置该地址

开发环境和开发代码位于ne(192.168.1.103)上。可以直接连通到K8S内部svc和pod。

前置操作:

  1. 安装蓝鲸7.1及环境配置
  2. 在Saas中安装ITSM,用于初始化ITSM依赖中间件和数据库

环境准备:

  • 配置后端MySQL服务Redis服务RabbitMQ服务

$ kubectl get svc |grep -P 'bk-mysql-mysql|bk-redis-master|bk-rabbitmq'

bk-mysql-mysql                               ClusterIP   10.233.58.89    <none>        3306/TCP                                                                          6d4h
bk-rabbitmq                                  ClusterIP   10.233.20.81    <none>        5672/TCP,4369/TCP,25672/TCP,15672/TCP                                             6d4h
bk-rabbitmq-headless                         ClusterIP   None            <none>        4369/TCP,5672/TCP,25672/TCP,15672/TCP                                             6d4h
bk-redis-master                              ClusterIP   10.233.59.161   <none>        6379/TCP                                                                          6d4h

# 配置好hosts,这样开发代码就能访问中间件和数据库了。
@ne$ vim /etc/hosts
10.233.58.89 bk-mysql-mysql.blueking.svc.cluster.local
10.233.20.81 bk-rabbitmq.blueking.svc.cluster.local
10.233.59.161 bk-redis-master.blueking.svc.cluster.local
  • 安装环境

    参考官方文档

    • 安装 python 和包

      apt install libev-dev libjpeg-dev zlib1g-dev libevent-dev python3-all-dev
      pip install -r requirements.txt
      pip uninstall typing_extensions
      pip install typing_extensions
      pip install blueapps
      # 如果有包安装问题,一个个解决
      
    • 配置环境变量

    # 新建一个dev.env
    
    $ kubectl -n bkapp-bk0us0itsm-prod exec -it bkapp-bk0us0itsm-prod--web-7559ccd4d4-2rt76 bash
    
    # 获取环境变量
    > env | grep -i BK
    
    # 输出配置为dev.env
    
    • 打包并收集前端静态资源

      注意:node版本是14.21.3

      需要安装python2

# 1)安装依赖包
# 进入 frontend/pc/,执行以下命令安装

cnpm install node-sass --legacy-peer-deps
cnpm install --legacy-peer-deps

# 如果安装失败,手动清理npm缓存
cnpm cache clean --force

# 2) 变更 frontend/pc/build/webpack.dev.conf.js

// 本地代理地址
const HOST = 'ftjd.org'
const ORIGIN = `http://${HOST}`
const SET_URL = ''


# 2)本地打包 在 frontend/desktop/ 目录下,继续执行以下命令打包前端静态资源

cnpm run dev

> itsm@1.0.0 dev /data/cn.grepcode/blueking/bk-itsm/frontend/pc
> cross-env webpack-dev-server --progress --config ./build/webpack.dev.conf.js

Happy[happy-babel-js]: Version: 5.0.1. Threads: 24 (shared pool)
ℹ 「wds」: Project is running at http://dev.ftjd.org:8004/
ℹ 「wds」: webpack output is served from /
ℹ 「wds」: Content not from webpack is served from /data/cn.grepcode/blueking/bk-itsm/static
Happy[happy-babel-js]: All set; signaling webpack to proceed.
  • 启动后端服务
python manage.py runserver 0.0.0.0:8005

最终效果图

最终效果图

BK_DOMAIN=ftjd.org

IP1=$(kubectl get svc -A -l app.kubernetes.io/instance=ingress-nginx -o jsonpath='{.items[0].spec.clusterIP}')

./scripts/control_coredns.sh update "$IP1" \
$BK_DOMAIN \
bk7.$BK_DOMAIN \
bkrepo.$BK_DOMAIN \
docker.$BK_DOMAIN \
helm.$BK_DOMAIN \
bkpaas.$BK_DOMAIN \
bkuser.$BK_DOMAIN \
bkuser-api.$BK_DOMAIN \
bkapi.$BK_DOMAIN \
apigw.$BK_DOMAIN \
bkiam.$BK_DOMAIN \
bkiam-api.$BK_DOMAIN \
cmdb.$BK_DOMAIN \
job.$BK_DOMAIN \
jobapi.$BK_DOMAIN \
bknodeman.$BK_DOMAIN \
apps.$BK_DOMAIN \
bcs.$BK_DOMAIN \
bcs-api.$BK_DOMAIN \
bklog.$BK_DOMAIN \
bkmonitor.$BK_DOMAIN \
devops.$BK_DOMAIN \
codecc.$BK_DOMAIN \
lesscode.$BK_DOMAIN \
bk-apicheck.$BK_DOMAIN

/data/script/ddns.sh $BK_DOMAIN bk7 ne.ftjd.org;
/data/script/ddns.sh $BK_DOMAIN bkrepo ne.ftjd.org;
/data/script/ddns.sh $BK_DOMAIN docker ne.ftjd.org;
/data/script/ddns.sh $BK_DOMAIN helm ne.ftjd.org;
/data/script/ddns.sh $BK_DOMAIN bkpaas ne.ftjd.org;
/data/script/ddns.sh $BK_DOMAIN bkuser ne.ftjd.org;
/data/script/ddns.sh $BK_DOMAIN bkuser-api ne.ftjd.org;
/data/script/ddns.sh $BK_DOMAIN bkapi ne.ftjd.org;
/data/script/ddns.sh $BK_DOMAIN apigw ne.ftjd.org;
/data/script/ddns.sh $BK_DOMAIN bkiam ne.ftjd.org;
/data/script/ddns.sh $BK_DOMAIN bkiam-api ne.ftjd.org;
/data/script/ddns.sh $BK_DOMAIN cmdb ne.ftjd.org;
/data/script/ddns.sh $BK_DOMAIN job ne.ftjd.org;
/data/script/ddns.sh $BK_DOMAIN jobapi ne.ftjd.org;
/data/script/ddns.sh $BK_DOMAIN bknodeman ne.ftjd.org;
/data/script/ddns.sh $BK_DOMAIN apps ne.ftjd.org;
/data/script/ddns.sh $BK_DOMAIN bcs ne.ftjd.org;
/data/script/ddns.sh $BK_DOMAIN bcs-api ne.ftjd.org;
/data/script/ddns.sh $BK_DOMAIN bklog ne.ftjd.org;
/data/script/ddns.sh $BK_DOMAIN bkmonitor ne.ftjd.org;
/data/script/ddns.sh $BK_DOMAIN devops ne.ftjd.org;
/data/script/ddns.sh $BK_DOMAIN codecc ne.ftjd.org;
/data/script/ddns.sh $BK_DOMAIN lesscode ne.ftjd.org;
/data/script/ddns.sh $BK_DOMAIN bk-apicheck ne.ftjd.org;

删除某个app的资源

kubectl delete deploy,sts,cronjob,job,pod,svc,ingress,secret,cm,sa,role,rolebinding,pvc -n “$NAMESPACE” -l app.kubernetes.io/instance=”$2”

变更environments/default/values.yaml

  1. 禁用bitnami中的MySQL和MongoDB
### Storage Settings
# 是否安装内置的bitnami charts的各类存储
bitnamiMysql:
  enabled: false
bitnamiRedis:
  enabled: true
bitnamiRedisCluster:
  enabled: true
bitnamiMongodb:
  enabled: true
bitnamiElasticsearch:
  enabled: true

## 配置外部MySQL
# 集群内一定要可访问
mysql:
  # 处于同一集群可以使用k8s service 名
  host: "mysql.ftjd.org"
  port: 3306
  rootPassword: ********
  # 默认平台和saas都复用该mysql示例时,请分配大一点的磁盘空间给数据盘。
  size: 50Gi

初始化MySQL数据库

CREATE DATABASE IF NOT EXISTS open_paas DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;
CREATE DATABASE IF NOT EXISTS bk_login DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;
CREATE DATABASE IF NOT EXISTS bkauth DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;
CREATE DATABASE IF NOT EXISTS bkiam DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;
CREATE DATABASE IF NOT EXISTS bkiam_saas DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;
CREATE DATABASE IF NOT EXISTS bkssm DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;
CREATE DATABASE IF NOT EXISTS bk_apigateway DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;
CREATE DATABASE IF NOT EXISTS bk_esb DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;
CREATE DATABASE IF NOT EXISTS bk_user_api DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;
CREATE DATABASE IF NOT EXISTS bk_user_saas DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;
CREATE DATABASE IF NOT EXISTS bkpaas3_engine DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;
CREATE DATABASE IF NOT EXISTS bkpaas3_apiserver DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;
CREATE DATABASE IF NOT EXISTS bkpaas3_svc_mysql DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;
CREATE DATABASE IF NOT EXISTS bkpaas3_svc_bkrepo DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;
CREATE DATABASE IF NOT EXISTS bkpaas3_svc_rabbitmq DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;
CREATE DATABASE IF NOT EXISTS bkpaas3_svc_otel DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;
CREATE DATABASE IF NOT EXISTS bk_monitor DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;
CREATE DATABASE IF NOT EXISTS bk_monitor_grafana DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;
CREATE DATABASE IF NOT EXISTS bk_log_search DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;
CREATE DATABASE IF NOT EXISTS bklog_grafana DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;
CREATE DATABASE IF NOT EXISTS bk_nodeman DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;
CREATE DATABASE IF NOT EXISTS bk_dbm DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;
CREATE DATABASE IF NOT EXISTS bk_dbm_grafana DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;
CREATE DATABASE IF NOT EXISTS bk_dbm_dbconfig DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;
CREATE DATABASE IF NOT EXISTS bk_dbm_dbpriv DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;
CREATE DATABASE IF NOT EXISTS bk_dbm_dbpartition DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;
CREATE DATABASE IF NOT EXISTS bk_dbm_dbsimulation DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;
CREATE DATABASE IF NOT EXISTS bk_dbm_dns DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;
CREATE DATABASE IF NOT EXISTS bk_dbm_hadb DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;

四方矩阵无边,岁岁年年向前。
人生几度秋雨,进退也是人间。
命里自有殊途,离别不似再见。
一帆程得花好,家国也正团圆。

这里列举了一些常用文档,用于初始化环境

初始化邮件通知

需要注意的是,文中说的测试接口:

用法一:
{
“bk_app_code”:”“,
“bk_app_secret”:”“,
“bk_username”: “admin”,
“receiver”: “****@qq.com”,
“sender”: “houming@domain.cn“,
“title”: “This is a Test”,
“content”: “Welcome to Blueking“
}

用法二:
{
“bk_app_code”:”“,
“bk_app_secret”:”“,
“bk_username”: “admin”,
“receiver”: “****@qq.com”,
“sender”: “蓝鲸houming@domain.cn“,
“title”: “This is a Test”,
“content”: “Welcome to Blueking“
}

这里的sender,只能写smtp配置的sender。否则会发送失败。

ERROR [2023-09-26 16:08:43] /app/components/generic/templates/cmsi/toolkit/send_mail_with_smtp.py 77 send_mail 22 140579342142536 
        1306205 send mail exception, server: smtp.exmail.qq.com:465 
Traceback (most recent call last):  File "/app/components/generic/templates/cmsi/toolkit/send_mail_with_smtp.py", line 70, in send_mail    smtp.sendmail(mail_sender, all_receiver, msg.as_string())
  File "/usr/local/lib/python3.6/smtplib.py", line 872, in sendmail    raise SMTPSenderRefused(code, resp, from_addr)smtplib.SMTPSenderRefused: (501, b'mail from address must be same as authorization user', 'admin')

然后,测试下通过邮箱进行密码找回,应该是可以了。

蓝盾使用

环境:

url: http://devops.ftjd.org/console/

场景说明

有的时候,忘记了密码。如果登录采用的是蓝鲸本地账号登录。可以采用如下方法重置密码。

##### 登录login Pod
$ kubectl -n blueking exec -it bk-user-api-web-d7569b476-9kn4d bash

root@bk-login-web-dddd7868d-n2g9r:/app#

$ python manage.py shell

>>> from bkuser_core.profiles.models import Profile
>>> from django.contrib.auth.hashers import make_password
>>> admin = Profile.objects.get(username='admin', domain='default.local')
>>> admin.password = make_password("********")
>>> admin.save()

参考链接

  1. 准备中控机

  2. 快速部署基础套餐

过程说明

蓝鲸基础套餐的部署过程大致可以分为 5 个阶段:

1. 完善配置文件
2. 部署存储服务
3. 部署后台服务
4. 完善 SaaS 运行环境
5. 部署 SaaS:流程服务和标准运维

详细内容,从参考文件一条条看。

总结:


#### 准备工作 ####

$ mkdir -p ~/bin/                      
$ curl -sSf https://bkopen-1252002024.file.myqcloud.com/ce7/7.1-stable/bkdl-7.1-stable.sh -o ~/bin/bkdl-7.1-stable.sh
$ chmod +x ~/bin/bkdl-7.1-stable.sh
$ ~/bin/bkdl-7.1-stable.sh -r latest tools

$ ls $HOME/bkce7.1-install/
bin
# 检查下,看看安装目录是不是有文件

$ vim ~/.bashrc
export PATH=$HOME/bkce7.1-install/bin/:$PATH
$ source ~/.bashrc
$ which helm
/root/bkce7.1-install/bin/helm
# 确认PATH配置正确

/root/bkce7.1-install
$ tar xf ./bin/helm-plugin-diff.tgz -C ~/
# 解压helm插件

$ helm plugin list
NAME    VERSION DESCRIPTION                           
diff    3.1.3   Preview helm upgrade changes as a diff
# 查看helm插件安装是否成功

$ kubectl config set-context --current --namespace=blueking
# 配置默认命名空间

$ node_ips=$(kubectl get nodes -o jsonpath='{.items[*].status.addresses[?(@.type=="InternalIP")].address}')
$ test -f /root/.ssh/id_rsa || ssh-keygen -N '' -t rsa -f /root/.ssh/id_rsa  
# 如果不存在rsa key则创建一个。
# 开始给发现的ip添加ssh key,期间需要你输入各节点的密码。
$ for ip in $node_ips; do
  ssh-copy-id "$ip" || { echo "failed on $ip."; break; }  # 如果执行失败,则退出
done

/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.1.*3 (192.168.1.*3)' cant be established.
ECDSA key fingerprint is SHA256:**GTPw.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed

/usr/bin/ssh-copy-id: WARNING: All keys were skipped because they already exist on the remote system.
(if you think this is a mistake, you may want to use -f option)


#### 开始部署基础套餐 ####

$ ~/bin/bkdl-7.1-stable.sh -ur latest base demo nm_gse_full saas scripts

#### 编辑部署元数据 ####

$ vim ~/bkce7.1-install/blueking/environments/default/values.yaml

编辑域名
不支持https

编辑
ingressNginx:
  hostNetwork: false

Alt text

#### 一键部署之前 ####
# 由于原来bk7的storage-class有一些问题,这里采用在下的yaml配置storage!
$ kubectl apply -f https://cdn.grepcode.cn/blueking/local-path-storage.yaml
NAME                      PROVISIONER             RECLAIMPOLICY   VOLUMEBINDINGMODE      ALLOWVOLUMEEXPANSION   AGE
local-storage (default)   rancher.io/local-path   Delete          WaitForFirstConsumer   false                  77s

$ kubectl apply -f http://cdn.grepcode.cn/blueking/metrics-server.yaml

#### 一键部署 ####
BK_DOMAIN=bk.ftjd.org  # 请修改为你分配给蓝鲸平台的主域名
cd ~/bkce7.1-install/blueking/  # 进入工作目录
# 检查域名是否符合k8s域名规范,要全部内容匹配才执行脚本,否则提示域名不符合。
# 执行时,ubuntu会提示yum不存在。检查后,尝试用yum安装的是 bash-completion jq uuid
# ubuntu安装好后即可。
scripts/setup_bkce7.sh -i base

# 时间较长,耐心等待...

# 如下命令会重复执行,直到部署完成
for i in {1..24}; 
do 
  /root/bkce7.1-install/blueking/scripts/setup_bkce7.sh -i base
  if [ "$?" -eq "0" ]; 
  then 
    break
  fi
done
0%