zeaslity/ProjectOctopus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[Agent] [Octopus] - caqa add aqga

Browse Source
This commit is contained in:
zeaslity
2024-02-23 14:48:48 +08:00
parent 19378b9b79
commit 6e629f84df
7 changed files with 618 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@@ -35,4 +35,3 @@ build/
/agent-go/agent-go /agent-go/agent-go
/cmii_operator/log/ /cmii_operator/log/
/cmii_operator/vendor/ /cmii_operator/vendor/
/cmii_operator/cqga/

2
cmii_operator/CmiiK8sOperator_test.go
View File

@@ -56,7 +56,7 @@ func TestBackupAllDeploymentFromEnv(t *testing.T) {
} }
func TestBackupAllCmiiDeploymentToMap(t *testing.T) { func TestBackupAllCmiiDeploymentToMap(t *testing.T) {
backendMap, frontendMap := BackupAllCmiiDeploymentToMap("demo") backendMap, frontendMap := BackupAllCmiiDeploymentToMap(demo)
utils.BeautifulPrint(backendMap) utils.BeautifulPrint(backendMap)
utils.BeautifulPrint(frontendMap) utils.BeautifulPrint(frontendMap)

114
cmii_operator/cqga/0-install_all_demand.sh Normal file
View File

@@ -0,0 +1,114 @@
#!/bin/bash
local_host_ip=20.4.16.200
# all_host_ip_list=(20.4.13.81 20.4.13.140 20.4.13.92 20.4.13.80)
all_host_ip_list=(20.4.13.80)
pass=V2ryStr@ngPss
copy_ssh_key_to_master(){
scp /root/.ssh/id_rsa root@20.4.13.81:/root/.ssh/id_rsa
scp /root/.ssh/id_rsa.pub root@20.4.13.81:/root/.ssh/id_rsa.pub
}
copy_ssh_key_to_master
install_nfs_server_suffix(){
ssh -i /root/.ssh/id_rsa root@20.4.13.81 "systemctl start rpcbind && systemctl enable rpcbind && systemctl start nfs-server && systemctl enable nfs-server"
ssh -i /root/.ssh/id_rsa root@20.4.13.81 "mkdir -p /var/lib/docker/nfs_data && chmod 777 /var/lib/docker/nfs_data"
ssh -i /root/.ssh/id_rsa root@20.4.13.81 "echo \"/var/lib/docker/nfs_data *(rw,no_root_squash,no_all_squash,sync)\" >> /etc/exports"
ssh -i /root/.ssh/id_rsa root@20.4.13.81 "systemctl restart rpcbind && systemctl restart nfs-server"
ssh -i /root/.ssh/id_rsa root@20.4.13.81 "rpcinfo -p localhost"
}
# install_nfs_server_suffix
install_all_demand_softwares(){
local host
local dep_file_list=(tar-1.32-4.oe2003sp4.x86_64.rpm common_tool-openEuler-20.03-LTS-SP4.tar.gz nfs_utils-openEuler-20.03-LTS-SP4.tar.gz nginx-openEuler-20.03-LTS-SP4.tar.gz ntp-openEuler-20.03-LTS-SP4.tar.gz)
for host in ${all_host_ip_list[@]}
do
echo "current host is ${host}"
ssh -i /root/.ssh/id_rsa root@${host} "echo yes"
ssh -i /root/.ssh/id_rsa root@${host} "systemctl start rpcbind && systemctl enable rpcbind && systemctl start ntpd && systemctl enable ntpd"
# ssh -i /root/.ssh/id_rsa root@${host} "mkdir -p /root/wdd/dep/"
# for dep in ${dep_file_list[@]}
# do
# echo "dep file is ${dep}"
#
# ssh -i /root/.ssh/id_rsa root@${host} "wget http://20.4.16.200:9000/octopus/euler/${dep} -O /root/wdd/dep/${dep}"
# ssh -i /root/.ssh/id_rsa root@${host} "rpm -ivh /root/wdd/dep/tar*.rpm"
# ssh -i /root/.ssh/id_rsa root@${host} "cd /root/wdd/dep/ && tar -zvxf common_tool-openEuler-20.03-LTS-SP4.tar.gz && cd ./common_tool && rpm -ivh --force ./*.rpm"
# ssh -i /root/.ssh/id_rsa root@${host} "cd /root/wdd/dep/ && tar -zvxf nfs_utils-openEuler-20.03-LTS-SP4.tar.gz && cd ./nfs_utils && rpm -ivh --force ./*.rpm"
# ssh -i /root/.ssh/id_rsa root@${host} "cd /root/wdd/dep/ && tar -zvxf ntp-openEuler-20.03-LTS-SP4.tar.gz && cd ./ntp && rpm -ivh --force ./*.rpm"
#
# done
echo ""
done
}
# install_all_demand_softwares
test_base_command_exits() {
local base_command_list=(ifconfig mtr vgdisplay nslookup vim htop tar unzip iftop curl wget netstat git zsh)
local command
for command in "${base_command_list[@]}"; do
if command -v "$command" &>/dev/null; then
echo "$command exists"
else
echo "ERROR $command does not exist!"
fi
echo ""
done
}
test_service_exists(){
local base_service_list=(ntpd chronyd nginx nfs-server rpcbind docker)
local service
for service in "${base_service_list[@]}"; do
if ! systemctl list-unit-files | grep "$service.service"; then
echo "ERROR $service.service does not exist!"
fi
echo ""
done
}
# test_base_command_exits
# test_service_exists
change_host_name(){
hostnamectl set-hostname master-node
}
install_ssh_key(){
echo "" >> /root/.ssh/authorized_keys
echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDL9S6CSAjTFe2fy4bAIfqu90ft6E+GBRvS59kno6LDeAbqUQNYf9hEnIg07Ee/x5DlnYE0S3Ykv3WCHuVyBH2zANnC0P87SqphDGmoqdqF3r6uDaCr4lBsUqEai9X2q6dyjZj6ym+r4zQhMApNDzbhcyfKQ54tKFylGIdx6siyktuU/VbOzWc6G8r+BfFsQpMCA1ihmCY1jGjsKPqFlZGLeTrlBb1Zk0OV+GtDhlf/t0cd0kRPJoydm2juTXrZO+tFmf9turfKZsBnRYKtQBLJG5mF1hsjIqo8DHr+PUL2wRrSxEhGTZiJL4rNJo/kHhKXXsomc5RM/AnfgAfxrLlH zeasl@DESKTOP-K2F9GG3 ">> /root/.ssh/authorized_keys
echo "" >> /root/.ssh/authorized_keys
}
install_octopus_server_offline(){
bash <(curl -sL http://20.4.16.200:9000/octopus/init-script-wdd.sh) --url http://20.4.16.200:9000/octopus --agent-install --offline
bash <(curl -sL http://20.4.16.200:9000/octopus/init-script-wdd.sh) --url http://20.4.16.200:9000/octopus --agent-remove --offline
cp /etc/ssh/sshd_config /etc/ssh/sshd_config_back
sed -i "s/StrictModes yes/StrictModes no/g" /etc/ssh/sshd_config
sed -i "s/AllowTcpForwarding no/AllowTcpForwarding yes/g" /etc/ssh/sshd_config
sed -i "s/AllowAgentForwarding no/AllowAgentForwarding yes/g" /etc/ssh/sshd_config
sed -i "s/PermitTunnel no/PermitTunnel yes/g" /etc/ssh/sshd_config
systemctl restart sshd
}
machinId(){
20.4.13.81 Chongqing-amd64-01 354d6db5354d6db5354d6db5354d6db5
20.4.13.140 Chongqing-amd64-02 2a216db5354d6db5354d6db5354d6db5
20.4.13.92 Chongqing-amd64-03 3ca26db5354d6db5354d6db5354d6db5
20.4.13.80 Chongqing-amd64-04 4ea1d6db5354d6db5354d6db5354d6db
}

48
cmii_operator/cqga/1.mount_volume.sh Normal file
View File

@@ -0,0 +1,48 @@
#!/bin/bash
mount_disk_to_var(){
echo ""
echo ""
echo ""
echo "-----------------------------------------------------------------------"
local VG_NAME=datavg
local disk_name=/dev/vdb
local mount_dir=/var/lib/docker
echo "n
p
t
8e
w
" | fdisk ${disk_name}
partprobe
# 如果已经存在卷组,直接进行添加
# vgextend /dev/mapper/centos /dev/vda3
vgcreate ${VG_NAME} ${disk_name}1
export selfpesize=$(vgdisplay ${VG_NAME} | grep 'Total PE' | awk '{print $3}')
# 大小根据实际情况调整
lvcreate -l ${selfpesize} -n lvdata ${VG_NAME}
# resize2fs /dev/mapper/${VG_NAME}-lvdata
mkfs.xfs /dev/mapper/${VG_NAME}-lvdata
mkdir -p /data
mkdir -p /var/lib/docker
local selffstab="/dev/mapper/${VG_NAME}-lvdata ${mount_dir} xfs defaults 0 0"
echo "${selffstab}" >> /etc/fstab
mount -a
xfs_growfs /dev/mapper/${VG_NAME}-lvdata
echo ""
echo ""
echo ""
df -TH
echo "-----------------------------------------------------------------------"
}
mount_disk_to_var

273
cmii_operator/cqga/2-harbor-docker-compose.yaml Normal file
View File

@@ -0,0 +1,273 @@
version: '2.3'
services:
log:
image: goharbor/harbor-log:v2.9.0
container_name: harbor-log
extra_hosts:
- "harbor.wdd.io:20.4.16.200"
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- DAC_OVERRIDE
- SETGID
- SETUID
volumes:
- /var/log/harbor/:/var/log/docker/:z
- type: bind
source: ./common/config/log/logrotate.conf
target: /etc/logrotate.d/logrotate.conf
- type: bind
source: ./common/config/log/rsyslog_docker.conf
target: /etc/rsyslog.d/rsyslog_docker.conf
ports:
- 127.0.0.1:1514:10514
networks:
- harbor
registry:
image: goharbor/registry-photon:v2.9.0
container_name: registry
extra_hosts:
- "harbor.wdd.io:20.4.16.200"
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
volumes:
- /var/lib/docker/harbor-data/registry:/storage:z
- ./common/config/registry/:/etc/registry/:z
- type: bind
source: /var/lib/docker/harbor-data/secret/registry/root.crt
target: /etc/registry/root.crt
- type: bind
source: ./common/config/shared/trust-certificates
target: /harbor_cust_cert
networks:
- harbor
depends_on:
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://localhost:1514"
tag: "registry"
registryctl:
image: goharbor/harbor-registryctl:v2.9.0
container_name: registryctl
extra_hosts:
- "harbor.wdd.io:20.4.16.200"
env_file:
- ./common/config/registryctl/env
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
volumes:
- /var/lib/docker/harbor-data/registry:/storage:z
- ./common/config/registry/:/etc/registry/:z
- type: bind
source: ./common/config/registryctl/config.yml
target: /etc/registryctl/config.yml
- type: bind
source: ./common/config/shared/trust-certificates
target: /harbor_cust_cert
networks:
- harbor
depends_on:
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://localhost:1514"
tag: "registryctl"
postgresql:
image: goharbor/harbor-db:v2.9.0
container_name: harbor-db
extra_hosts:
- "harbor.wdd.io:20.4.16.200"
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- DAC_OVERRIDE
- SETGID
- SETUID
volumes:
- /var/lib/docker/harbor-data/database:/var/lib/postgresql/data:z
networks:
harbor:
env_file:
- ./common/config/db/env
depends_on:
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://localhost:1514"
tag: "postgresql"
shm_size: '1gb'
core:
image: goharbor/harbor-core:v2.9.0
container_name: harbor-core
extra_hosts:
- "harbor.wdd.io:20.4.16.200"
env_file:
- ./common/config/core/env
restart: always
cap_drop:
- ALL
cap_add:
- SETGID
- SETUID
volumes:
- /var/lib/docker/harbor-data/ca_download/:/etc/core/ca/:z
- /var/lib/docker/harbor-data/:/data/:z
- ./common/config/core/certificates/:/etc/core/certificates/:z
- type: bind
source: ./common/config/core/app.conf
target: /etc/core/app.conf
- type: bind
source: /var/lib/docker/harbor-data/secret/core/private_key.pem
target: /etc/core/private_key.pem
- type: bind
source: /var/lib/docker/harbor-data/secret/keys/secretkey
target: /etc/core/key
- type: bind
source: ./common/config/shared/trust-certificates
target: /harbor_cust_cert
networks:
harbor:
depends_on:
- log
- registry
- redis
- postgresql
logging:
driver: "syslog"
options:
syslog-address: "tcp://localhost:1514"
tag: "core"
portal:
image: goharbor/harbor-portal:v2.9.0
container_name: harbor-portal
extra_hosts:
- "harbor.wdd.io:20.4.16.200"
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
- NET_BIND_SERVICE
volumes:
- type: bind
source: ./common/config/portal/nginx.conf
target: /etc/nginx/nginx.conf
networks:
- harbor
depends_on:
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://localhost:1514"
tag: "portal"
jobservice:
image: goharbor/harbor-jobservice:v2.9.0
container_name: harbor-jobservice
extra_hosts:
- "harbor.wdd.io:20.4.16.200"
env_file:
- ./common/config/jobservice/env
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
volumes:
- /var/lib/docker/harbor-data/job_logs:/var/log/jobs:z
- type: bind
source: ./common/config/jobservice/config.yml
target: /etc/jobservice/config.yml
- type: bind
source: ./common/config/shared/trust-certificates
target: /harbor_cust_cert
networks:
- harbor
depends_on:
- core
logging:
driver: "syslog"
options:
syslog-address: "tcp://localhost:1514"
tag: "jobservice"
redis:
image: goharbor/redis-photon:v2.9.0
container_name: redis
extra_hosts:
- "harbor.wdd.io:20.4.16.200"
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
volumes:
- /var/lib/docker/harbor-data/redis:/var/lib/redis
networks:
harbor:
depends_on:
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://localhost:1514"
tag: "redis"
proxy:
image: goharbor/nginx-photon:v2.9.0
container_name: nginx
extra_hosts:
- "harbor.wdd.io:20.4.16.200"
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
- NET_BIND_SERVICE
volumes:
- ./common/config/nginx:/etc/nginx:z
- type: bind
source: ./common/config/shared/trust-certificates
target: /harbor_cust_cert
networks:
- harbor
ports:
- 8033:8080
depends_on:
- registry
- core
- portal
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://localhost:1514"
tag: "proxy"
networks:
harbor:
external: false

180
cmii_operator/cqga/3-rke-cluster.yml Normal file
View File

@@ -0,0 +1,180 @@
nodes:
- address: 20.4.13.81
user: root
role:
- controlplane
- etcd
- worker
internal_address: 20.4.13.81
labels:
ingress-deploy: true
- address: 20.4.13.140
user: root
role:
- worker
internal_address: 20.4.13.140
- address: 20.4.13.92
user: root
role:
- worker
internal_address: 20.4.13.92
labels:
mysql-deploy: 'true'
authentication:
strategy: x509
sans:
- "20.4.13.81"
private_registries:
- url: 20.4.13.81:8033 # 私有镜像库地址
user: admin
password: "V2ryStr@ngPss"
is_default: true
##############################################################################
# 默认值为false如果设置为true当发现不支持的Docker版本时RKE不会报错
ignore_docker_version: true
# Set the name of the Kubernetes cluster
cluster_name: rke-cluster
kubernetes_version: v1.20.4-rancher1-1
#ssh_key_path: /root/.ssh/id_ed25519
ssh_key_path: /root/.ssh/id_rsa
# Enable running cri-dockerd
# Up to Kubernetes 1.23, kubelet contained code called dockershim
# to support Docker runtime. The replacement is called cri-dockerd
# and should be enabled if you want to keep using Docker as your
# container runtime
# Only available to enable in Kubernetes 1.21 and higher
enable_cri_dockerd: true
services:
etcd:
backup_config:
enabled: false
interval_hours: 72
retention: 3
safe_timestamp: false
timeout: 300
creation: 12h
extra_args:
election-timeout: 5000
heartbeat-interval: 500
gid: 0
retention: 72h
snapshot: false
uid: 0
kube-api:
# IP range for any services created on Kubernetes
# This must match the service_cluster_ip_range in kube-controller
service_cluster_ip_range: 172.24.0.0/16
# Expose a different port range for NodePort services
service_node_port_range: 30000-40000
always_pull_images: true
pod_security_policy: false
# Add additional arguments to the kubernetes API server
# This WILL OVERRIDE any existing defaults
extra_args:
# Enable audit log to stdout
audit-log-path: "-"
# Increase number of delete workers
delete-collection-workers: 3
# Set the level of log output to warning-level
v: 1
kube-controller:
# CIDR pool used to assign IP addresses to pods in the cluster
cluster_cidr: 172.28.0.0/16
# IP range for any services created on Kubernetes
# This must match the service_cluster_ip_range in kube-api
service_cluster_ip_range: 172.24.0.0/16
# Add additional arguments to the kubernetes API server
# This WILL OVERRIDE any existing defaults
extra_args:
# Set the level of log output to debug-level
v: 1
# Enable RotateKubeletServerCertificate feature gate
feature-gates: RotateKubeletServerCertificate=true
# Enable TLS Certificates management
# https://kubernetes.io/docs/tasks/tls/managing-tls-in-a-cluster/
cluster-signing-cert-file: "/etc/kubernetes/ssl/kube-ca.pem"
cluster-signing-key-file: "/etc/kubernetes/ssl/kube-ca-key.pem"
kubelet:
# Base domain for the cluster
cluster_domain: cluster.local
# IP address for the DNS service endpoint
cluster_dns_server: 172.24.0.10
# Fail if swap is on
fail_swap_on: false
# Set max pods to 250 instead of default 110
extra_binds:
- "/data/minio-pv:/hostStorage" # 不要修改 为minio的pv添加
extra_args:
max-pods: 122
# Optionally define additional volume binds to a service
scheduler:
extra_args:
# Set the level of log output to warning-level
v: 0
kubeproxy:
extra_args:
# Set the level of log output to warning-level
v: 1
authorization:
mode: rbac
addon_job_timeout: 30
# Specify network plugin-in (canal, calico, flannel, weave, or none)
network:
options:
flannel_backend_type: vxlan
flannel_iface: ens3
flannel_autoscaler_priority_class_name: system-cluster-critical # Available as of RKE v1.2.6+
flannel_priority_class_name: system-cluster-critical # Available as of RKE v1.2.6+
plugin: flannel
# Specify DNS provider (coredns or kube-dns)
dns:
provider: coredns
nodelocal: { }
# Available as of v1.1.0
update_strategy:
strategy: RollingUpdate
rollingUpdate:
maxUnavailable: 20%
maxSurge: 15%
linear_autoscaler_params:
cores_per_replica: 0.34
nodes_per_replica: 4
prevent_single_point_failure: true
min: 2
max: 3
# Specify monitoring provider (metrics-server)
monitoring:
provider: metrics-server
# Available as of v1.1.0
update_strategy:
strategy: RollingUpdate
rollingUpdate:
maxUnavailable: 8
ingress:
provider: nginx
default_backend: true
http_port: 0
https_port: 0
extra_envs:
- name: TZ
value: Asia/Shanghai
node_selector:
ingress-deploy: true
options:
use-forwarded-headers: "true"

2
cmii_operator/cqga/project-info.txt Normal file
View File

@@ -0,0 +1,2 @@
projectId 1751084188582440961