diff --git a/.idea/workspace.xml b/.idea/workspace.xml
index f26399d..713a0b6 100644
--- a/.idea/workspace.xml
+++ b/.idea/workspace.xml
@@ -4,50 +4,15 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
+
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
-
-
-
-
-
-
-
+
+
-
-
-
@@ -99,6 +64,8 @@
"Go Test.3580-cmii镜像.executor": "Run",
"Go Test.DCU-RKE-35.80.executor": "Run",
"Go Test.DCU全部CMII镜像.executor": "Run",
+ "Go Test.TestCmiiEnvDeploy_WddSuperCluster in wdd.io/agent-operator (1).executor": "Run",
+ "Go Test.TestCmiiEnvDeploy_WddSuperCluster in wdd.io/agent-operator.executor": "Run",
"Go Test.TestCmiiEnvDeploy_XiongAnKongNengYuan in wdd.io/agent-operator.executor": "Run",
"Go Test.TestCmiiEnvDeploy_ZhejiangErjiPingTai in wdd.io/agent-operator.executor": "Run",
"Go Test.TestHarborOperator_ArtifactListAll in wdd.io/agent-operator/image (1).executor": "Run",
@@ -132,8 +99,8 @@
-
-
+
+
@@ -141,7 +108,18 @@
-
+
+
+
+
+
+
+
+
+
+
+
+
@@ -207,14 +185,23 @@
+
+
-
+
@@ -288,7 +275,16 @@
-
+
+
+
+
+
+
+
+
+
+
@@ -306,7 +302,15 @@
1747276548488
-
+
+
+ 1762332282382
+
+
+
+ 1762332282382
+
+
@@ -315,7 +319,8 @@
-
+
+
true
diff --git a/.run/查询可删除Tag3580.run.xml b/.run/查询可删除Tag3580.run.xml
new file mode 100644
index 0000000..3975697
--- /dev/null
+++ b/.run/查询可删除Tag3580.run.xml
@@ -0,0 +1,15 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/agent-deploy/c_middle/CmiiEmqxTemplate.go b/agent-deploy/c_middle/CmiiEmqxTemplate.go
index 0418494..816bdaa 100644
--- a/agent-deploy/c_middle/CmiiEmqxTemplate.go
+++ b/agent-deploy/c_middle/CmiiEmqxTemplate.go
@@ -1,11 +1,13 @@
package c_middle
const CmiiEmqxTemplate = `
+---
apiVersion: v1
kind: ServiceAccount
metadata:
name: helm-emqxs
namespace: {{ .Namespace }}
+
---
apiVersion: v1
kind: ConfigMap
@@ -20,62 +22,141 @@ metadata:
app.kubernetes.io/managed-by: octopus-control
app.kubernetes.io/version: {{ .TagVersion }}
data:
- EMQX_CLUSTER__K8S__APISERVER: "https://kubernetes.default.svc.cluster.local:443"
- EMQX_NAME: "helm-emqxs"
+ # 集群相关
EMQX_CLUSTER__DISCOVERY: "k8s"
+ EMQX_CLUSTER__K8S__APISERVER: "https://kubernetes.default.svc.cluster.local:443"
EMQX_CLUSTER__K8S__APP_NAME: "helm-emqxs"
EMQX_CLUSTER__K8S__SERVICE_NAME: "helm-emqxs-headless"
EMQX_CLUSTER__K8S__ADDRESS_TYPE: "dns"
- EMQX_CLUSTER__K8S__namespace: "{{ .Namespace }}"
+ EMQX_CLUSTER__K8S__NAMESPACE: "{{ .Namespace }}"
EMQX_CLUSTER__K8S__SUFFIX: "svc.cluster.local"
- EMQX_ALLOW_ANONYMOUS: "false"
- EMQX_ACL_NOMATCH: "deny"
+ # 关闭匿名,默认 ACL 不匹配拒绝
+ EMQX_AUTH__ALLOW_ANONYMOUS: "false"
+ EMQX_AUTHZ__NO_MATCH: "deny"
+ # Dashboard 初始管理员密码(只在第一次启动时生效)
+ EMQX_DASHBOARD__DEFAULT_PASSWORD: "{{ .EmqxPassword }}"
+
---
apiVersion: v1
kind: ConfigMap
metadata:
- name: helm-emqxs-cm
+ name: helm-emqxs-init-script
namespace: {{ .Namespace }}
labels:
cmii.type: middleware
cmii.app: helm-emqxs
- cmii.emqx.architecture: cluster
- helm.sh/chart: emqx-1.1.0
- app.kubernetes.io/managed-by: octopus-control
- app.kubernetes.io/version: {{ .TagVersion }}
data:
- emqx_auth_mnesia.conf: |-
- auth.mnesia.password_hash = sha256
+ init-mqtt-user.sh: |
+ #!/bin/sh
+ set -e
+ DASHBOARD_USER="admin"
+ DASHBOARD_PASS="{{ .EmqxPassword }}"
+ MQTT_USER="admin"
+ MQTT_PASS="{{ .EmqxPassword }}"
+ # 等待 EMQX 本地 API 就绪
+ EMQX_API="http://localhost:18083/api/v5"
+ echo "等待 EMQX API 就绪..."
+ for i in $(seq 1 120); do
+ if curl -s -f -m 5 "${EMQX_API}/status" > /dev/null 2>&1; then
+ echo "EMQX API 已就绪"
+ break
+ fi
+ echo "等待中... ($i/120)"
+ sleep 5
+ done
+ # 修改 Dashboard 管理员密码
+ echo "修改 Dashboard 管理员密码..."
+ /opt/emqx/bin/emqx ctl admins passwd "${DASHBOARD_USER}" "${DASHBOARD_PASS}" || echo "密码可能已设置"
+ echo "Dashboard 密码设置完成"
+ # 获取 Dashboard Token
+ echo "获取 Dashboard Token..."
+ TOKEN=$(curl -s -X POST "${EMQX_API}/login" \
+ -H 'Content-Type: application/json' \
+ -d "{\"username\":\"${DASHBOARD_USER}\",\"password\":\"${DASHBOARD_PASS}\"}" \
+ | grep -o '"token":"[^"]*' | cut -d'"' -f4)
+ if [ -z "$TOKEN" ]; then
+ echo "ERROR: 无法获取 Token"
+ exit 1
+ fi
+ echo "Token 获取成功"
+ # 创建内置数据库认证器(使用 listeners 作用域)
+ echo "检查并创建内置数据库认证器..."
+ # 为 tcp:default listener 添加认证器
+ echo "为 listener tcp:default 配置认证器..."
+ curl -s -X POST "${EMQX_API}/authentication/tcp:default" \
+ -H "Authorization: Bearer ${TOKEN}" \
+ -H 'Content-Type: application/json' \
+ -d '{
+ "mechanism": "password_based",
+ "backend": "built_in_database",
+ "user_id_type": "username",
+ "password_hash_algorithm": {
+ "name": "sha256",
+ "salt_position": "suffix"
+ }
+ }' 2>/dev/null || echo "tcp:default 认证器可能已存在"
+ # 为 ws:default listener 添加认证器
+ echo "为 listener ws:default 配置认证器..."
+ curl -s -X POST "${EMQX_API}/authentication/ws:default" \
+ -H "Authorization: Bearer ${TOKEN}" \
+ -H 'Content-Type: application/json' \
+ -d '{
+ "mechanism": "password_based",
+ "backend": "built_in_database",
+ "user_id_type": "username",
+ "password_hash_algorithm": {
+ "name": "sha256",
+ "salt_position": "suffix"
+ }
+ }' 2>/dev/null || echo "ws:default 认证器可能已存在"
+ # 等待认证器创建完成
+ sleep 2
+ # 创建 MQTT 用户
+ echo "创建 MQTT 用户: ${MQTT_USER}..."
+ curl -s -X POST "${EMQX_API}/authentication/password_based:built_in_database/users?listener_id=tcp:default" \
+ -H "Authorization: Bearer ${TOKEN}" \
+ -H 'Content-Type: application/json' \
+ -d "{\"user_id\":\"${MQTT_USER}\",\"password\":\"${MQTT_PASS}\",\"is_superuser\":true}" \
+ 2>/dev/null || echo "用户可能已存在,尝试更新..."
+ # 尝试更新密码
+ curl -s -X PUT "${EMQX_API}/authentication/password_based:built_in_database/users/${MQTT_USER}?listener_id=tcp:default" \
+ -H "Authorization: Bearer ${TOKEN}" \
+ -H 'Content-Type: application/json' \
+ -d "{\"password\":\"${MQTT_PASS}\",\"is_superuser\":true}" \
+ 2>/dev/null || true
+ echo "MQTT 用户创建/更新完成"
+ # 创建授权规则
+ echo "配置授权规则..."
+ # 创建内置数据库授权源
+ curl -s -X POST "${EMQX_API}/authorization/sources" \
+ -H "Authorization: Bearer ${TOKEN}" \
+ -H 'Content-Type: application/json' \
+ -d '{
+ "type": "built_in_database",
+ "enable": true
+ }' 2>/dev/null || echo "授权源可能已存在"
+ sleep 2
+ # 为 admin 用户添加授权规则(使用数组格式)
+ echo "为 ${MQTT_USER} 用户添加 ACL 规则..."
+ curl -s -X POST "${EMQX_API}/authorization/sources/built_in_database/rules/users" \
+ -H "Authorization: Bearer ${TOKEN}" \
+ -H 'Content-Type: application/json' \
+ -d "[{\"username\":\"${MQTT_USER}\",\"rules\":[{\"action\":\"all\",\"permission\":\"allow\",\"topic\":\"#\"}]}]" \
+ 2>/dev/null && echo "ACL 规则创建成功" || echo "规则可能已存在,尝试更新..."
+ # 尝试更新规则(PUT 请求需要单个对象,不是数组)
+ curl -s -X PUT "${EMQX_API}/authorization/sources/built_in_database/rules/users/${MQTT_USER}" \
+ -H "Authorization: Bearer ${TOKEN}" \
+ -H 'Content-Type: application/json' \
+ -d "{\"rules\":[{\"action\":\"all\",\"permission\":\"allow\",\"topic\":\"#\"}]}" \
+ 2>/dev/null && echo "ACL 规则更新成功" || true
+ echo "ACL 规则配置完成"
+ echo "初始化完成!MQTT 用户: ${MQTT_USER}"
+ echo "可通过以下方式连接:"
+ echo " - MQTT: localhost:1883"
+ echo " - WebSocket: localhost:8083"
+ echo " - Dashboard: http://localhost:18083"
+ echo " - 用户名: ${MQTT_USER}"
- # clientid 认证数据
- auth.client.1.clientid = admin
- auth.client.1.password = {{ .EmqxPassword }}
- auth.client.2.clientid = cmlc
- auth.client.2.password = {{ .EmqxPassword }}
-
- ## username 认证数据
- auth.user.1.username = admin
- auth.user.1.password = {{ .EmqxPassword }}
- auth.user.2.username = cmlc
- auth.user.2.password = {{ .EmqxPassword }}
-
- acl.conf: |-
- {allow, {user, "admin"}, pubsub, ["admin/#"]}.
- {allow, {user, "dashboard"}, subscribe, ["$SYS/#"]}.
- {allow, {ipaddr, "127.0.0.1"}, pubsub, ["$SYS/#", "#"]}.
- {deny, all, subscribe, ["$SYS/#", {eq, "#"}]}.
- {allow, all}.
-
- loaded_plugins: |-
- {emqx_auth_mnesia,true}.
- {emqx_auth_mnesia,true}.
- {emqx_management, true}.
- {emqx_recon, true}.
- {emqx_retainer, false}.
- {emqx_dashboard, true}.
- {emqx_telemetry, true}.
- {emqx_rule_engine, true}.
- {emqx_bridge_mqtt, false}.
---
apiVersion: apps/v1
kind: StatefulSet
@@ -109,67 +190,87 @@ spec:
app.kubernetes.io/managed-by: octopus-control
app.kubernetes.io/version: {{ .TagVersion }}
spec:
- affinity: {}
+ affinity:
+ nodeAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ nodeSelectorTerms:
+ - matchExpressions:
+ - key: uavcloud.env
+ operator: In
+ values:
+ {{- if .TenantEnv }}
+ - {{ .TenantEnv }}
+ {{- else }}
+ - {{ .Namespace }}
+ {{- end }}
imagePullSecrets:
- - name: harborsecret
+ - name: harborsecret
serviceAccountName: helm-emqxs
containers:
- - name: helm-emqxs
- {{- if .HarborPort }}
- image: {{ .HarborIPOrCustomImagePrefix }}:{{ .HarborPort }}/cmii/emqx:5.5.1
- {{- else }}
- image: {{ .HarborIPOrCustomImagePrefix }}emqx:5.5.1
- {{- end }}
- imagePullPolicy: Always
- ports:
- - name: mqtt
- containerPort: 1883
- - name: mqttssl
- containerPort: 8883
- - name: mgmt
- containerPort: 8081
- - name: ws
- containerPort: 8083
- - name: wss
- containerPort: 8084
- - name: dashboard
- containerPort: 18083
- - name: ekka
- containerPort: 4370
- envFrom:
- - configMapRef:
- name: helm-emqxs-env
- resources: {}
- volumeMounts:
- - name: emqx-data
- mountPath: "/opt/emqx/data/mnesia"
- readOnly: false
- - name: helm-emqxs-cm
- mountPath: "/opt/emqx/etc/plugins/emqx_auth_mnesia.conf"
- subPath: emqx_auth_mnesia.conf
- readOnly: false
-# - name: helm-emqxs-cm
-# mountPath: "/opt/emqx/etc/acl.conf"
-# subPath: "acl.conf"
-# readOnly: false
- - name: helm-emqxs-cm
- mountPath: "/opt/emqx/data/loaded_plugins"
- subPath: loaded_plugins
- readOnly: false
- volumes:
+ - name: helm-emqxs
+ {{- if .HarborPort }}
+ image: {{ .HarborIPOrCustomImagePrefix }}:{{ .HarborPort }}/cmii/emqx:5.8.8
+ {{- else }}
+ image: {{ .HarborIPOrCustomImagePrefix }}emqx:5.8.8
+ {{- end }}
+ imagePullPolicy: Always
+ ports:
+ - name: mqtt
+ containerPort: 1883
+ - name: mqttssl
+ containerPort: 8883
+ - name: mgmt
+ containerPort: 8081
+ - name: ws
+ containerPort: 8083
+ - name: wss
+ containerPort: 8084
+ - name: dashboard
+ containerPort: 18083
+ - name: ekka
+ containerPort: 4370
+ envFrom:
+ - configMapRef:
+ name: helm-emqxs-env
+ # 添加生命周期钩子
+ lifecycle:
+ postStart:
+ exec:
+ command:
+ - /bin/sh
+ - -c
+ - |
+ # 后台执行初始化脚本,避免阻塞容器启动
+ nohup /bin/sh /scripts/init-mqtt-user.sh > /tmp/init.log 2>&1 &
+ # 添加健康检查,确保 initContainer 执行时 API 已就绪
+ livenessProbe:
+ httpGet:
+ path: /status
+ port: 18083
+ initialDelaySeconds: 60
+ periodSeconds: 30
+ readinessProbe:
+ httpGet:
+ path: /status
+ port: 18083
+ initialDelaySeconds: 10
+ periodSeconds: 5
+ resources: {}
+ volumeMounts:
+ # 5.x 默认 data 目录,包含所有持久化数据
- name: emqx-data
- persistentVolumeClaim:
- claimName: helm-emqxs
- - name: helm-emqxs-cm
- configMap:
- name: helm-emqxs-cm
- items:
- - key: emqx_auth_mnesia.conf
- path: emqx_auth_mnesia.conf
- - key: acl.conf
- path: acl.conf
- - key: loaded_plugins
- path: loaded_plugins
+ mountPath: "/opt/emqx/data"
+ readOnly: false
+ - name: init-script
+ mountPath: /scripts
+ volumes:
+ - name: emqx-data
+ claimName: helm-emqxs
+ - name: init-script
+ configMap:
+ name: helm-emqxs-init-script
+ defaultMode: 0755
+
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
@@ -177,14 +278,14 @@ metadata:
name: helm-emqxs
namespace: {{ .Namespace }}
rules:
- - apiGroups:
- - ""
- resources:
- - endpoints
- verbs:
- - get
- - watch
- - list
+- apiGroups: [""]
+ resources:
+ - endpoints
+ verbs:
+ - get
+ - watch
+ - list
+
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
@@ -192,13 +293,14 @@ metadata:
name: helm-emqxs
namespace: {{ .Namespace }}
subjects:
- - kind: ServiceAccount
- name: helm-emqxs
- namespace: {{ .Namespace }}
+- kind: ServiceAccount
+ name: helm-emqxs
+ namespace: {{ .Namespace }}
roleRef:
kind: Role
name: helm-emqxs
apiGroup: rbac.authorization.k8s.io
+
---
apiVersion: v1
kind: Service
@@ -219,18 +321,19 @@ spec:
cmii.app: helm-emqxs
cmii.emqx.architecture: cluster
ports:
- - port: 1883
- name: mqtt
- targetPort: 1883
- nodePort: {{ .EmqxNodePort }}
- - port: 18083
- name: dashboard
- targetPort: 18083
- nodePort: {{ .EmqxDashboardNodePort }}
- - port: 8083
- name: mqtt-websocket
- targetPort: 8083
- nodePort: {{ .EmqxWebSocketNodePort }}
+ - port: 1883
+ name: mqtt
+ targetPort: 1883
+ nodePort: {{ .EmqxNodePort }}
+ - port: 18083
+ name: dashboard
+ targetPort: 18083
+ nodePort: {{ .EmqxDashboardNodePort }}
+ - port: 8083
+ name: mqtt-websocket
+ targetPort: 8083
+ nodePort: {{ .EmqxWebSocketNodePort }}
+
---
apiVersion: v1
kind: Service
@@ -252,32 +355,32 @@ spec:
cmii.app: helm-emqxs
cmii.emqx.architecture: cluster
ports:
- - name: mqtt
- port: 1883
- protocol: TCP
- targetPort: 1883
- - name: mqttssl
- port: 8883
- protocol: TCP
- targetPort: 8883
- - name: mgmt
- port: 8081
- protocol: TCP
- targetPort: 8081
- - name: websocket
- port: 8083
- protocol: TCP
- targetPort: 8083
- - name: wss
- port: 8084
- protocol: TCP
- targetPort: 8084
- - name: dashboard
- port: 18083
- protocol: TCP
- targetPort: 18083
- - name: ekka
- port: 4370
- protocol: TCP
- targetPort: 4370
+ - name: mqtt
+ port: 1883
+ protocol: TCP
+ targetPort: 1883
+ - name: mqttssl
+ port: 8883
+ protocol: TCP
+ targetPort: 8883
+ - name: mgmt
+ port: 8081
+ protocol: TCP
+ targetPort: 8081
+ - name: websocket
+ port: 8083
+ protocol: TCP
+ targetPort: 8083
+ - name: wss
+ port: 8084
+ protocol: TCP
+ targetPort: 8084
+ - name: dashboard
+ port: 18083
+ protocol: TCP
+ targetPort: 18083
+ - name: ekka
+ port: 4370
+ protocol: TCP
+ targetPort: 4370
`
diff --git a/agent-deploy/d_app/CmiiImageConfig.go b/agent-deploy/d_app/CmiiImageConfig.go
index a8380b8..4a3e6ce 100644
--- a/agent-deploy/d_app/CmiiImageConfig.go
+++ b/agent-deploy/d_app/CmiiImageConfig.go
@@ -170,7 +170,7 @@ var MiddlewareAmd64 = []string{
"ossrs/srs:v5.0.195",
"ossrs/srs:v4.0-r3",
"emqx/emqx:4.4.19",
- "emqx/emqx:5.5.1",
+ "harbor.cdcyy.com.cn/cmii/emqx:5.5.8",
"nacos/nacos-server:v2.1.2",
"nacos/nacos-server:v2.1.2-slim",
"library/mongo:5.0",
@@ -186,6 +186,7 @@ var MiddlewareAmd64 = []string{
"jerrychina2020/rke-tools:v0.175-linux",
"jerrychina2020/rke-tools:v0.175",
"library/busybox:latest",
+ "harbor.cdcyy.com.cn/cmii/busybox:1.37",
"harbor.cdcyy.com.cn/cmii/doris.be-ubuntu:2.1.6",
"harbor.cdcyy.com.cn/cmii/doris.fe-ubuntu:2.1.6",
"harbor.cdcyy.com.cn/cmii/doris.k8s-operator:1.3.1",
diff --git a/agent-operator/CmiiDeployOperator_test.go b/agent-operator/CmiiDeployOperator_test.go
index c58f96c..6c49c98 100644
--- a/agent-operator/CmiiDeployOperator_test.go
+++ b/agent-operator/CmiiDeployOperator_test.go
@@ -38,6 +38,27 @@ func TestCmiiEnvDeploy(t *testing.T) {
}
+func TestCmiiEnvDeploy_WddSuperCluster(t *testing.T) {
+
+ // RDMC项目的部署文件
+ commonEnv := &z_dep.CommonEnvironmentConfig{
+ WebIP: "192.168.40.50",
+ WebPort: "8088",
+ HarborIPOrCustomImagePrefix: image2.CmiiHarborPrefix,
+ HarborPort: "",
+ Namespace: "wdd-rmdc",
+ TagVersion: "base-1.0",
+ TenantEnv: "",
+ MinioPublicIP: "",
+ MinioInnerIP: "helm-minio",
+ NFSServerIP: "192.168.0.6",
+ ApplyFilePrefix: "",
+ }
+
+ CmiiEnvDeployOffline(commonEnv, true, real_project.CmiiUas21XAImageList)
+
+}
+
func TestCmiiEnvDeploy_XiongAnKongNengYuan(t *testing.T) {
// 雄安空能院 2025年8月7日
diff --git a/agent-wdd/a_run/cmi-deploy-运行顺序.sh b/agent-wdd/a_run/cmi-deploy-运行顺序.sh
index f95724c..7025a86 100644
--- a/agent-wdd/a_run/cmi-deploy-运行顺序.sh
+++ b/agent-wdd/a_run/cmi-deploy-运行顺序.sh
@@ -1,12 +1,13 @@
#!/usr/bin/env bash
-
+## https://cdn.dl.k8s.io/release/v1.30.14/bin/linux/amd64/kubectl
+##
# 下载安装最新的agent-wdd
# 检查agent-wdd是否正常输出指令,若无则程序退出
-# 执行获取信息指令 info all
+# 执行获取信息指令 agent-wdd info all
# 执行系统初始化操作
@@ -21,6 +22,11 @@
# 能联网 在线安装 docker
+# 能联网 离线安装docker,指定离线安装
+
# 不能联网 离线安装docker
-# 交互模式
\ No newline at end of file
+#
+
+agent-wdd base ssh config
+agent-wdd base ssh key
\ No newline at end of file
diff --git a/agent-wdd/cmd/Base.go b/agent-wdd/cmd/Base.go
index 1927e10..956e75f 100644
--- a/agent-wdd/cmd/Base.go
+++ b/agent-wdd/cmd/Base.go
@@ -45,6 +45,8 @@ var (
// https://download.docker.com/linux/static/stable/ 官方下载地址
// https://github.com/docker/compose/releases?page=8&tags=2.18.0
+ // https://cdn.dl.k8s.io/release/v1.30.14/bin/linux/amd64/kubectl
+
dockerLocalInstallPath = "/root/wdd/docker-amd64-20.10.15.tgz" // 本地安装docker的文件路径
dockerComposeLocalInstallPath = "/root/wdd/docker-compose-v2.18.0-linux-amd64" // 本地安装docker compose的文件路径
harborLocalInstallPath = "/root/wdd/harbor-offline-installer-v2.9.0.tgz" // 本地安装harbor的文件路径