add

27-深圳政数局/ARM版本的镜像仓库.sh

@@ -0,0 +1,49 @@
+export QUAY=/var/lib/docker/quay
+
+mkdir -p $QUAY/postgres
+setfacl -m u:26:-wx $QUAY/postgres
+
+docker run -d --name postgresql \
+	-e POSTGRES_USER=user \
+	-e POSTGRES_PASSWORD=pass \
+	-e POSTGRES_DB=quay \
+	-p 5432:5432 \
+	-v $QUAY/postgres:/var/lib/postgresql/data:Z \
+	postgres:10.12
+
+docker exec -it postgresql /bin/bash -c 'echo "CREATE EXTENSION IF NOT EXISTS pg_trgm" | psql -d quay -U user'
+
+docker inspect -f "{{.NetworkSettings.IPAddress}}" postgresql
+
+docker run  -it --name redis \
+	-p 6379:6379 \
+	redis:6.2.14 \
+	redis-server --test-memory
+
+docker inspect -f "{{.NetworkSettings.IPAddress}}" redis
+
+docker run --rm -it --name quay_config -p 8080:8080 quay.io/projectquay/quay:3.11.1 config secret
+
+
+mkdir $QUAY/storage
+mkdir $QUAY/config
+setfacl -m u:1001:-wx $QUAY/storage
+setfacl -m u:1001:-wx $QUAY/config
+
+docker run -p 8033:8080 \
+   --name=quay \
+   --privileged=true \
+   -v $QUAY/config:/conf/stack:Z \
+   -v $QUAY/storage:/datastorage:Z \
+   -d quay.io/projectquay/quay:3.11.1
+
+
+docker run -d --name redis \
+        -p 6379:6379 \
+		-m 4g \
+        redis:6.2.14 \
+        --requirepass strongpassword
+
+docker login --tls-verify=false quay:8033
+
+V2ryStr@ngPss

27-深圳政数局/emqx-docker/acl.conf

@@ -0,0 +1,5 @@
+{allow, {user, "admin"}, pubsub, ["admin/#"]}.
+{allow, {user, "dashboard"}, subscribe, ["$SYS/#"]}.
+{allow, {ipaddr, "127.0.0.1"}, pubsub, ["$SYS/#", "#"]}.
+{deny, all, subscribe, ["$SYS/#", {eq, "#"}]}.
+{allow, all}.

27-深圳政数局/emqx-docker/emqx-docker.sh

@@ -0,0 +1 @@
+docker run -d -p 1883:1883 -p 8083:8083 -p 18083:18083 --restart always --env  EMQX_ALLOW_ANONYMOUS="false" --env EMQX_ACL_NOMATCH="deny" -v /home/nazsj/emqx/emqx_auth_username.conf:/opt/emqx/etc/plugins/emqx_auth_mnesia.conf -v /home/nazsj/emqx/acl.conf:/opt/emqx/etc/acl.conf -v /home/nazsj/emqx/emqx-load-plugins.conf:/opt/emqx/data/loaded_plugins -v /home/nazsj/emqx/data-new:/opt/emqx/data/mnesia --name emqx docker.107421.xyz/emqx/emqx:4.4.9

27-深圳政数局/emqx-docker/emqx-load-plugins.conf

@@ -0,0 +1,9 @@
+{emqx_auth_username,true}.
+{mqx_auth_mnesia,true}.
+{emqx_management, true}.
+{emqx_recon, true}.
+{emqx_retainer, false}.
+{emqx_dashboard, true}.
+{emqx_telemetry, true}.
+{emqx_rule_engine, true}.
+{emqx_bridge_mqtt, false}.

27-深圳政数局/emqx-docker/emqx_auth_username.conf

@@ -0,0 +1,11 @@
+auth.mnesia.password_hash = sha256
+
+# clientid 认证数据
+# auth.client.1.clientid = admin
+# auth.client.1.password = 4YPk*DS%+5
+
+## username 认证数据
+auth.user.1.username = admin
+auth.user.1.password = 4YPk*DS%+5
+auth.user.2.username = cmlc
+auth.user.2.password = 4YPk*DS%+5

27-深圳政数局/k8s-emqx.yaml

@@ -0,0 +1,264 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: helm-emqx-single
+  namespace: szns
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: helm-emqx-single-env
+  namespace: szns
+  labels:
+    cmii.type: middleware
+    cmii.app: helm-emqx-single
+    cmii.emqx.architecture: cluster
+    helm.sh/chart: emqx-1.1.0
+    app.kubernetes.io/managed-by: octopus-control
+    app.kubernetes.io/version: 5.6.0
+data:
+  EMQX_CLUSTER__K8S__APISERVER: "https://kubernetes.default.svc.cluster.local:443"
+  EMQX_NAME: "helm-emqx-single"
+  EMQX_CLUSTER__DISCOVERY: "k8s"
+  EMQX_CLUSTER__K8S__APP_NAME: "helm-emqx-single"
+  EMQX_CLUSTER__K8S__SERVICE_NAME: "helm-emqx-single-headless"
+  EMQX_CLUSTER__K8S__ADDRESS_TYPE: "dns"
+  EMQX_CLUSTER__K8S__namespace: "szns"
+  EMQX_CLUSTER__K8S__SUFFIX: "svc.cluster.local"
+  EMQX_ALLOW_ANONYMOUS: "false"
+  EMQX_ACL_NOMATCH: "deny"
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: helm-emqx-single-cm
+  namespace: szns
+  labels:
+    cmii.type: middleware
+    cmii.app: helm-emqx-single
+    cmii.emqx.architecture: cluster
+    helm.sh/chart: emqx-1.1.0
+    app.kubernetes.io/managed-by: octopus-control
+    app.kubernetes.io/version: 5.6.0
+data:
+  emqx_auth_username.conf: |-
+    auth.user.1.username = cmlc
+    auth.user.1.password = 4YPk*DS%+5
+    auth.user.password_hash = sha256
+
+  acl.conf: |-
+    {allow, {user, "admin"}, pubsub, ["admin/#"]}.
+    {allow, {user, "dashboard"}, subscribe, ["$SYS/#"]}.
+    {allow, {ipaddr, "127.0.0.1"}, pubsub, ["$SYS/#", "#"]}.
+    {deny, all, subscribe, ["$SYS/#", {eq, "#"}]}.
+    {allow, all}.
+
+  loaded_plugins: |-
+    {emqx_auth_username,true}.
+    {emqx_management, true}.
+    {emqx_recon, true}.
+    {emqx_retainer, false}.
+    {emqx_dashboard, true}.
+    {emqx_telemetry, true}.
+    {emqx_rule_engine, true}.
+    {emqx_bridge_mqtt, false}.
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: helm-emqx-single
+  namespace: szns
+  labels:
+    cmii.type: middleware
+    cmii.app: helm-emqx-single
+    cmii.emqx.architecture: cluster
+    helm.sh/chart: emqx-1.1.0
+    app.kubernetes.io/managed-by: octopus-control
+    app.kubernetes.io/version: 5.6.0
+spec:
+  replicas: 1
+  serviceName: helm-emqx-single-headless
+  updateStrategy:
+    type: RollingUpdate
+  selector:
+    matchLabels:
+      cmii.type: middleware
+      cmii.app: helm-emqx-single
+      cmii.emqx.architecture: cluster
+  template:
+    metadata:
+      labels:
+        cmii.type: middleware
+        cmii.app: helm-emqx-single
+        cmii.emqx.architecture: cluster
+        helm.sh/chart: emqx-1.1.0
+        app.kubernetes.io/managed-by: octopus-control
+        app.kubernetes.io/version: 5.6.0
+    spec:
+      affinity: {}
+      imagePullSecrets:
+        - name: harborsecret
+      serviceAccountName: helm-emqx-single
+      containers:
+        - name: helm-emqx-single
+          image: 10.200.163.87:8033/admin/cmii/emqx:5.7
+          imagePullPolicy: Always
+          ports:
+            - name: mqtt
+              containerPort: 1883
+            - name: mqttssl
+              containerPort: 8883
+            - name: mgmt
+              containerPort: 8081
+            - name: ws
+              containerPort: 8083
+            - name: wss
+              containerPort: 8084
+            - name: dashboard
+              containerPort: 18083
+            - name: ekka
+              containerPort: 4370
+          envFrom:
+            - configMapRef:
+                name: helm-emqx-single-env
+          resources: {}
+          volumeMounts:
+            - name: emqx-data
+              mountPath: "/opt/emqx/data/mnesia"
+              readOnly: false
+            - name: helm-emqx-single-cm
+              mountPath: "/opt/emqx/etc/plugins/emqx_auth_username.conf"
+              subPath: emqx_auth_username.conf
+              readOnly: false
+#            - name: helm-emqx-single-cm
+#              mountPath: "/opt/emqx/etc/acl.conf"
+#              subPath: "acl.conf"
+#              readOnly: false
+            - name: helm-emqx-single-cm
+              mountPath: "/opt/emqx/data/loaded_plugins"
+              subPath: loaded_plugins
+              readOnly: false
+      volumes:
+        - name: emqx-data
+          emptyDir: {}
+        - name: helm-emqx-single-cm
+          configMap:
+            name: helm-emqx-single-cm
+            items:
+              - key: emqx_auth_username.conf
+                path: emqx_auth_username.conf
+              - key: acl.conf
+                path: acl.conf
+              - key: loaded_plugins
+                path: loaded_plugins
+---
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: helm-emqx-single
+  namespace: szns
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - endpoints
+    verbs:
+      - get
+      - watch
+      - list
+---
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: helm-emqx-single
+  namespace: szns
+subjects:
+  - kind: ServiceAccount
+    name: helm-emqx-single
+    namespace: szns
+roleRef:
+  kind: Role
+  name: helm-emqx-single
+  apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: helm-emqx-single
+  namespace: szns
+  labels:
+    cmii.type: middleware
+    cmii.app: helm-emqx-single
+    cmii.emqx.architecture: cluster
+    helm.sh/chart: emqx-1.1.0
+    app.kubernetes.io/managed-by: octopus-control
+    app.kubernetes.io/version: 5.6.0
+spec:
+  type: NodePort
+  selector:
+    cmii.type: middleware
+    cmii.app: helm-emqx-single
+    cmii.emqx.architecture: cluster
+  ports:
+    - port: 1883
+      name: mqtt
+      targetPort: 1883
+      nodePort: 31885
+    - port: 18083
+      name: dashboard
+      targetPort: 18083
+      nodePort: 38087
+    - port: 8083
+      name: mqtt-websocket
+      targetPort: 8083
+      nodePort: 38085
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: helm-emqx-single-headless
+  namespace: szns
+  labels:
+    cmii.type: middleware
+    cmii.app: helm-emqx-single
+    cmii.emqx.architecture: cluster
+    helm.sh/chart: emqx-1.1.0
+    app.kubernetes.io/managed-by: octopus-control
+    app.kubernetes.io/version: 5.6.0
+spec:
+  type: ClusterIP
+  clusterIP: None
+  selector:
+    cmii.type: middleware
+    cmii.app: helm-emqx-single
+    cmii.emqx.architecture: cluster
+  ports:
+    - name: mqtt
+      port: 1883
+      protocol: TCP
+      targetPort: 1883
+    - name: mqttssl
+      port: 8883
+      protocol: TCP
+      targetPort: 8883
+    - name: mgmt
+      port: 8081
+      protocol: TCP
+      targetPort: 8081
+    - name: websocket
+      port: 8083
+      protocol: TCP
+      targetPort: 8083
+    - name: wss
+      port: 8084
+      protocol: TCP
+      targetPort: 8084
+    - name: dashboard
+      port: 18083
+      protocol: TCP
+      targetPort: 18083
+    - name: ekka
+      port: 4370
+      protocol: TCP
+      targetPort: 4370

27-深圳政数局/执行脚本.sh

@@ -0,0 +1,8 @@
+all_server_list=(10.200.163.87 10.200.163.86 10.200.163.85 10.200.163.84 10.200.163.83 10.200.163.82 10.200.163.81)
+
+for server in "${all_server_list[@]}";do
+   echo "server is ${server}"
+   ssh root@"${server}" "shutdown -h now"
+
+   echo ""
+done