TKey 环境

  • CentOS 7.5 x64

修改 SSH 端口

  • 配置文件介绍(记得先备份):sudo vim /etc/ssh/sshd_config
  • 打开这一行注释:Port 22
    • 自定义端口选择建议在万位的端口,如:10000-65535之间,假设这里我改为 52221
  • CentOS 7:添加端口:firewall-cmd --zone=public --add-port=52221/tcp --permanent
    • 重启防火墙:firewall-cmd --reload
  • CentOS 7 命令:systemctl restart sshd.service

安装后的检测

  1. docker --version && docker-compose --version && java -version && mvn -v && mysql --version && redis-server --version && node -v && npm -v && nginx -V

设置免密登录

  • 在 A 机器上输入命令:ssh-keygen
    • 根据提示回车,共有三次交互提示,都回车即可。
  • 生成的密钥目录在:/root/.ssh
  • 写入:cat /root/.ssh/id_rsa.pub >> /root/.ssh/authorized_keys
  • 测试:ssh localhost

安装 ansible

  • CentOS:sudo yum install -y ansible
    • 查看版本:ansible --version
  • 编辑配置文件:vim /etc/ansible/hosts,在文件尾部添加:
  • 查看自己的内网 ip:ifconfig,假设是:172.16.16.4
  1. [local]
  2. 172.16.16.4 ansible_ssh_port=52221
  • 让远程所有主机都执行 ps 命令,输出如下
  1. ansible all -a 'ps'

基础设置

  • 禁用
    • firewalld
    • selinux
    • swap

  • 安装

    • zip unzip lrzsz git wget htop deltarpm
    • zsh vim
    • docker docker-compose

  • 创建脚本文件:vim /opt/1-install-basic-playbook.yml

  1. - hosts: all
  2.   remote_user: root
  3.   tasks:
  4.     - name: Disable SELinux at next reboot
  5.       selinux:
  6.         state: disabled
  8.     - name: disable firewalld
  9.       shell: "{{ item }}"
  10.       with_items:
  11.          - systemctl stop firewalld
  12.          - systemctl disable firewalld
  13.          - echo "vm.swappiness = 0" >> /etc/sysctl.conf
  14.          - swapoff -a
  15.          - sysctl -w vm.swappiness=0
  17.     - name: install-epel
  18.       shell: "{{ item }}"
  19.       with_items:
  20.          - yum install -y epel-release
  22.     - name: install-basic
  23.       shell: "{{ item }}"
  24.       with_items:
  25.          - yum install -y zip unzip lrzsz git wget htop deltarpm
  27.     - name: install zsh oh-my-zsh
  28.       shell: "{{ item }}"
  29.       with_items:
  30.          - yum install -y zsh
  31.          - wget https://gitee.com/mirrors/oh-my-zsh/raw/master/tools/install.sh  -O - | sh
  32.          - chsh -s /bin/zsh root
  34.     - name: install-vim
  35.       shell: "{{ item }}"
  36.       with_items:
  37.          - yum install -y vim
  38.          - curl https://gitee.com/cdk8s_org/vim-for-server/raw/master/vimrc > ~/.vimrc
  40.     - name: install-docker
  41.       shell: "{{ item }}"
  42.       with_items:
  43.          - yum install -y yum-utils device-mapper-persistent-data lvm2
  44.          - yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
  45.          - yum makecache fast
  46.          - yum install -y docker-ce docker-ce-cli containerd.io
  47.          - systemctl start docker.service
  49.     - name: create /etc/docker directory
  50.       file:
  51.         path: /etc/docker
  52.         state: directory
  54.     - name: create daemon.json file
  55.       file: 
  56.         path=/etc/docker/{{ item }}
  57.         state=touch
  58.         mode=777
  59.       with_items:
  60.         - daemon.json
  62.     - name: set docker registry mirrors
  63.       blockinfile: 
  64.         path: /etc/docker/daemon.json
  65.         marker: ""
  66.         block: |
  67.           {
  68.             "registry-mirrors": [
  69.               "https://ldhc17y9.mirror.aliyuncs.com",
  70.               "https://hub-mirror.c.163.com",
  71.               "https://mirror.baidubce.com",
  72.               "https://docker.mirrors.ustc.edu.cn"
  73.             ]
  74.           }
  76.     - name: restart docekr
  77.       shell: "{{ item }}"
  78.       with_items:
  79.          - systemctl daemon-reload
  80.          - systemctl restart docker
  82.     - name: install-docker-compose
  83.       shell: "{{ item }}"
  84.       with_items:
  85.          - curl -L https://get.daocloud.io/docker/compose/releases/download/1.26.2/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose
  86.          - chmod +x /usr/local/bin/docker-compose
  87.          - docker-compose --version
  88.          - systemctl restart docker.service
  89.          - systemctl enable docker.service

离线安装 jdk

  • 下载 jdk 到 /opt 目录下
  • 创建脚本文件:vim /opt/2-jdk8-playbook.yml
  1. - hosts: all
  2.   remote_user: root
  3.   vars:
  4.     java_install_folder: /usr/local
  5.     file_name: jdk-8u261-linux-x64.tar.gz
  6.   tasks:
  7.     - name: copy jdk
  8.       copy: 
  9.         src=/opt/{{ file_name }}
  10.         dest={{ java_install_folder }}
  12.     - name: tar jdk
  13.       shell: 
  14.         chdir={{ java_install_folder }}
  15.         tar zxf {{ file_name }}
  17.     - name: set JAVA_HOME
  18.       blockinfile: 
  19.         path: /root/.zshrc
  20.         marker: "#{mark} JDK ENV"
  21.         block: |
  22.           JAVA_HOME={{ java_install_folder }}/jdk1.8.0_261
  23.           JRE_HOME=$JAVA_HOME/jre
  24.           PATH=$PATH:$JAVA_HOME/bin
  25.           CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar
  26.           export JAVA_HOME
  27.           export JRE_HOME
  28.           export PATH
  29.           export CLASSPATH
  31.     - name: source zshrc
  32.       shell: source /root/.zshrc
  34.     - name: remove tar.gz file
  35.       file:
  36.         state: absent
  37.         path: "{{ java_install_folder }}/{{ file_name }}"
  • 执行命令:ansible-playbook /opt/2-jdk8-playbook.yml

安装 maven

  • 把 maven 放到 /opt 目录下
  • 创建脚本文件:vim /opt/3-maven-playbook.yml
  1. - hosts: all
  2.   remote_user: root
  3.   vars:
  4.     maven_install_folder: /usr/local
  5.     file_name: apache-maven-3.6.3-bin.zip
  6.   tasks:
  7.     - name: copy maven
  8.       copy: 
  9.         src=/opt/{{ file_name }}
  10.         dest={{ maven_install_folder }}
  12.     - name: unzip maven
  13.       shell: 
  14.         chdir={{ maven_install_folder }}
  15.         unzip {{ file_name }}
  17.     - name: set MAVEN_HOME
  18.       blockinfile: 
  19.         path: /root/.zshrc
  20.         marker: "#{mark} MAVEN ENV"
  21.         block: |
  22.             MAVEN_HOME={{ maven_install_folder }}/apache-maven-3.6.3
  23.             M3_HOME={{ maven_install_folder }}/apache-maven-3.6.3
  24.             M2_HOME={{ maven_install_folder }}/apache-maven-3.6.3
  25.             PATH=$PATH:$M3_HOME/bin
  26.             MAVEN_OPTS="-Xms256m -Xmx356m"
  27.             export M3_HOME
  28.             export M2_HOME
  29.             export MAVEN_HOME
  30.             export PATH
  31.             export MAVEN_OPTS
  33.     - name: source zshrc
  34.       shell: source /root/.zshrc
  36.     - name: remove zip file
  37.       file:
  38.         path: "{{ maven_install_folder }}/{{ file_name }}" 
  39.         state: absent
  41.     - name: create local_maven_repository directory
  42.       file:
  43.         path: /opt/local_maven_repository
  44.         state: directory
  46.     - name: remove old settings.xml
  47.       file:
  48.         path: "{{ maven_install_folder }}/apache-maven-3.6.3/conf/settings.xml"
  49.         state: absent
  51.     - name: create settings.xml file
  52.       file: 
  53.         path="{{ maven_install_folder }}/apache-maven-3.6.3/conf/{{ item }}"
  54.         state=touch
  55.         mode=777
  56.       with_items:
  57.         - settings.xml
  59.     - name: set settings.xml aliyun
  60.       blockinfile: 
  61.         path: "{{ maven_install_folder }}/apache-maven-3.6.3/conf/settings.xml"
  62.         marker: ""
  63.         block: |
  64.           <?xml version="1.0" encoding="UTF-8"?>
  65.           <settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
  66.                     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  67.                     xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 http://maven.apache.org/xsd/settings-1.0.0.xsd">
  70.               <localRepository>/opt/local_maven_repository</localRepository>
  72.               <pluginGroups>
  73.               </pluginGroups>
  75.               <proxies>
  76.               </proxies>
  78.               <servers>
  79.               </servers>
  81.               <profiles>
  82.                   <profile>
  83.                       <id>aliyun</id>
  84.                       <repositories>
  85.                           <repository>
  86.                               <id>aliyun</id>
  87.                               <url>http://maven.aliyun.com/nexus/content/groups/public/</url>
  88.                               <releases>
  89.                                   <enabled>true</enabled>
  90.                               </releases>
  91.                               <snapshots>
  92.                                   <enabled>true</enabled>
  93.                               </snapshots>
  94.                           </repository>
  95.                       </repositories>
  96.                       <pluginRepositories>
  97.                           <pluginRepository>
  98.                               <id>aliyun</id>
  99.                               <url>http://maven.aliyun.com/nexus/content/groups/public/</url>
  100.                               <releases>
  101.                                   <enabled>true</enabled>
  102.                               </releases>
  103.                               <snapshots>
  104.                                   <enabled>true</enabled>
  105.                               </snapshots>
  106.                           </pluginRepository>
  107.                       </pluginRepositories>
  108.                   </profile>
  109.                   <profile>
  110.                       <id>maven</id>
  111.                       <repositories>
  112.                           <repository>
  113.                               <id>maven</id>
  114.                               <url>https://repo.maven.apache.org/maven2/</url>
  115.                               <releases>
  116.                                   <enabled>true</enabled>
  117.                               </releases>
  118.                               <snapshots>
  119.                                   <enabled>true</enabled>
  120.                               </snapshots>
  121.                           </repository>
  122.                       </repositories>
  123.                       <pluginRepositories>
  124.                           <pluginRepository>
  125.                               <id>maven</id>
  126.                               <url>https://repo.maven.apache.org/maven2/</url>
  127.                               <releases>
  128.                                   <enabled>true</enabled>
  129.                               </releases>
  130.                               <snapshots>
  131.                                   <enabled>true</enabled>
  132.                               </snapshots>
  133.                           </pluginRepository>
  134.                       </pluginRepositories>
  135.                   </profile>
  136.               </profiles>
  138.               <activeProfiles>
  139.                   <activeProfile>aliyun</activeProfile>
  140.               </activeProfiles>
  142.           </settings>
  • 执行命令:ansible-playbook /opt/3-maven-playbook.yml

安装 node

  • 创建脚本文件:vim /opt/4-node-playbook.yml
  1. - hosts: all
  2.   remote_user: root
  3.   tasks:
  4.     - name: remove the nodejs 
  5.       yum:
  6.         name: nodejs
  7.         state: absent
  9.     - name: remove the npm 
  10.       yum:
  11.         name: npm
  12.         state: absent
  14.     - name: curl node
  15.       shell: "curl --silent --location https://rpm.nodesource.com/setup_12.x | sudo bash -"
  17.     - name: install node
  18.       shell: "{{ item }}"
  19.       with_items:
  20.          - yum -y install nodejs
  22.     - name: curl yarn
  23.       shell: "curl --silent --location https://dl.yarnpkg.com/rpm/yarn.repo | sudo tee /etc/yum.repos.d/yarn.repo"
  25.     - name: install yarn
  26.       shell: "{{ item }}"
  27.       with_items:
  28.          - yum -y install yarn
  • 执行命令:ansible-playbook /opt/4-node-playbook.yml

安装原生 MySQL 5.7(可选 Docker)

  • 创建脚本文件:vim /opt/5-mysql-playbook.yml
  1. - hosts: all
  2.   remote_user: root
  3.   tasks:
  4.     - name: remove the mariadb 
  5.       yum:
  6.         name: mariadb
  7.         state: absent
  9.     - name: install mysql 1
  10.       shell: "{{ item }}"
  11.       with_items:
  12.          - wget http://dev.mysql.com/get/mysql57-community-release-el7-11.noarch.rpm
  13.          - yum localinstall -y mysql57-community-release-el7-11.noarch.rpm
  15.     - name: install mysql 2
  16.       yum:
  17.         name: mysql-community-server
  19.     - name: remove old /etc/my.cnf
  20.       file:
  21.         path: "/etc/my.cnf"
  22.         state: absent
  24.     - name: create my.cnf file
  25.       file: 
  26.         path="/etc/{{ item }}"
  27.         state=touch
  28.         mode=777
  29.       with_items:
  30.         - my.cnf
  32.     - name: set my.cnf
  33.       blockinfile: 
  34.         path: /etc/my.cnf
  35.         marker: ""
  36.         block: |
  37.             [mysql]
  38.             default-character-set = utf8mb4
  39.             [mysqld]
  40.             max_connections = 500
  41.             datadir = /var/lib/mysql
  42.             socket = /var/lib/mysql/mysql.sock
  43.             bind-address = 127.0.0.1
  44.             symbolic-links=0
  45.             log-error=/var/log/mysqld.log
  46.             pid-file=/var/run/mysqld/mysqld.pid
  47.             default-storage-engine = InnoDB
  48.             collation-server = utf8mb4_unicode_520_ci
  49.             init_connect = 'SET NAMES utf8mb4'
  50.             character-set-server = utf8mb4
  51.             lower_case_table_names = 1
  52.             max_allowed_packet = 50M
  53.             sql_mode=STRICT_TRANS_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION
  55.     - name: enable mysql
  56.       shell: "{{ item }}"
  57.       with_items:
  58.          - systemctl enable mysqld.service
  59.          - systemctl restart mysqld.service
  • 执行命令:ansible-playbook /opt/5-mysql-playbook.yml

安装原生 Redis 5(可选 Docker)

  • 创建脚本文件:vim /opt/6-redis-playbook.yml
  1. - hosts: all
  2.   remote_user: root
  3.   tasks:
  4.     - name: install redis
  5.       yum:
  6.         name: redis
  8.     - name: remove old /etc/redis.conf
  9.       file:
  10.         path: "/etc/redis.conf"
  11.         state: absent
  13.     - name: create /etc/redis.conf file
  14.       file: 
  15.         path="/etc/{{ item }}"
  16.         state=touch
  17.         mode=777
  18.       with_items:
  19.         - redis.conf
  21.     - name: set redis.conf
  22.       blockinfile: 
  23.         path: /etc/redis.conf
  24.         marker: ""
  25.         block: |
  26.             bind 0.0.0.0
  27.             requirepass adgredis123456
  28.             protected-mode yes
  29.             port 6379
  30.             tcp-backlog 511
  31.             timeout 0
  32.             tcp-keepalive 300
  33.             daemonize no
  34.             supervised no
  35.             pidfile /var/run/redis_6379.pid
  36.             loglevel notice
  37.             logfile /var/log/redis/redis.log
  38.             databases 16
  39.             save 900 1
  40.             save 300 10
  41.             save 60 10000
  42.             stop-writes-on-bgsave-error yes
  43.             rdbcompression yes
  44.             rdbchecksum yes
  45.             dbfilename dump.rdb
  46.             dir /var/lib/redis
  47.             slave-serve-stale-data yes
  48.             slave-read-only yes
  49.             repl-diskless-sync no
  50.             repl-diskless-sync-delay 5
  51.             repl-disable-tcp-nodelay no
  52.             slave-priority 100
  53.             appendonly no
  54.             appendfilename "appendonly.aof"
  55.             appendfsync everysec
  56.             no-appendfsync-on-rewrite no
  57.             auto-aof-rewrite-percentage 100
  58.             auto-aof-rewrite-min-size 64mb
  59.             aof-load-truncated yes
  60.             lua-time-limit 5000
  61.             slowlog-log-slower-than 10000
  62.             slowlog-max-len 128
  63.             latency-monitor-threshold 0
  64.             notify-keyspace-events ""
  65.             hash-max-ziplist-entries 512
  66.             hash-max-ziplist-value 64
  67.             list-max-ziplist-size -2
  68.             list-compress-depth 0
  69.             set-max-intset-entries 512
  70.             zset-max-ziplist-entries 128
  71.             zset-max-ziplist-value 64
  72.             hll-sparse-max-bytes 3000
  73.             activerehashing yes
  74.             client-output-buffer-limit normal 0 0 0
  75.             client-output-buffer-limit slave 256mb 64mb 60
  76.             client-output-buffer-limit pubsub 32mb 8mb 60
  77.             hz 10
  78.             aof-rewrite-incremental-fsync yes
  80.     - name: enable redis
  81.       shell: "{{ item }}"
  82.       with_items:
  83.          - systemctl enable redis
  84.          - systemctl restart redis
  • 执行命令:ansible-playbook /opt/6-redis-playbook.yml

安装 Jenkins

  • 创建脚本文件:vim /opt/jenkins-playbook.yml
  1. - hosts: all
  2.   remote_user: root
  3.   tasks:
  4.     - name: wget
  5.       shell: wget -O /etc/yum.repos.d/jenkins.repo https://pkg.jenkins.io/redhat-stable/jenkins.repo
  7.     - name: rpm import
  8.       shell: rpm --import https://pkg.jenkins.io/redhat-stable/jenkins.io.key
  10.     - name: install
  11.       shell: yum install -y jenkins
  • 执行命令:ansible-playbook /opt/jenkins-playbook.yml
  • 在安装完默认推荐的插件后还需要额外安装:
    • Maven Integration
  • 设置 全局工具配置 点击我查看设置方法

安装 Redis 5.x(Docker)

  1. mkdir -p /data/docker/redis/conf /data/docker/redis/db
  2. chmod -R 777 /data/docker/redis
  1. 创建配置文件:
  2. vim /data/docker/redis/conf/redis.conf
  6. bind 0.0.0.0
  7. requirepass 123456
  8. protected-mode yes
  10. port 6379
  11. tcp-backlog 511
  12. timeout 0
  13. tcp-keepalive 300
  14. daemonize no
  15. supervised no
  16. pidfile /data/redis_6379.pid
  17. loglevel notice
  18. logfile ""
  19. databases 16
  20. always-show-logo yes
  21. save 900 1
  22. save 300 10
  23. save 60 10000
  24. stop-writes-on-bgsave-error yes
  25. rdbcompression yes
  26. rdbchecksum yes
  27. dbfilename dump.rdb
  28. dir /data
  29. replica-serve-stale-data yes
  30. replica-read-only yes
  31. repl-diskless-sync no
  32. repl-diskless-sync-delay 5
  33. repl-disable-tcp-nodelay no
  34. replica-priority 100
  35. lazyfree-lazy-eviction no
  36. lazyfree-lazy-expire no
  37. lazyfree-lazy-server-del no
  38. replica-lazy-flush no
  39. appendonly no
  40. appendfilename "appendonly.aof"
  41. appendfsync everysec
  42. no-appendfsync-on-rewrite no
  43. auto-aof-rewrite-percentage 100
  44. auto-aof-rewrite-min-size 64mb
  45. aof-load-truncated yes
  46. aof-use-rdb-preamble yes
  47. lua-time-limit 5000
  48. slowlog-log-slower-than 10000
  49. slowlog-max-len 128
  50. latency-monitor-threshold 0
  51. notify-keyspace-events ""
  52. hash-max-ziplist-entries 512
  53. hash-max-ziplist-value 64
  54. list-max-ziplist-size -2
  55. list-compress-depth 0
  56. set-max-intset-entries 512
  57. zset-max-ziplist-entries 128
  58. zset-max-ziplist-value 64
  59. hll-sparse-max-bytes 3000
  60. stream-node-max-bytes 4096
  61. stream-node-max-entries 100
  62. activerehashing yes
  63. client-output-buffer-limit normal 0 0 0
  64. client-output-buffer-limit replica 256mb 64mb 60
  65. client-output-buffer-limit pubsub 32mb 8mb 60
  66. hz 10
  67. dynamic-hz yes
  68. aof-rewrite-incremental-fsync yes
  69. rdb-save-incremental-fsync yes
  • 启动镜像:
  1. docker run \
  2.     --name cdk8s-redis \
  3.     --restart always \
  4.     -d -it -p 6379:6379 \
  5.     -v /data/docker/redis/conf/redis.conf:/etc/redis/redis.conf \
  6.     -v /data/docker/redis/db:/data \
  7.     redis:5 \
  8.     redis-server /etc/redis/redis.conf

安装 MySQL(Docker)

  1. mkdir -p /data/docker/mysql/datadir /data/docker/mysql/conf /data/docker/mysql/log
  1. 创建配置文件:
  2. vim /data/docker/mysql/conf/mysql-1.cnf
  4. # 该编码设置是我自己配置的
  5. [mysql]
  6. default-character-set = utf8mb4
  8. # 下面内容是 docker mysql 默认的 start
  9. [mysqld]
  10. max_connections = 500
  11. pid-file = /var/run/mysqld/mysqld.pid
  12. socket = /var/run/mysqld/mysqld.sock
  13. datadir = /var/lib/mysql
  14. #log-error = /var/log/mysql/error.log
  15. # By default we only accept connections from localhost
  16. #bind-address = 127.0.0.1
  17. # Disabling symbolic-links is recommended to prevent assorted security risks
  18. symbolic-links=0
  19. # 上面内容是 docker mysql 默认的 end
  21. # 下面开始的内容就是我自己配置的
  22. log-error=/var/log/mysql/error.log
  23. default-storage-engine = InnoDB
  24. collation-server = utf8mb4_unicode_520_ci
  25. init_connect = 'SET NAMES utf8mb4'
  26. character-set-server = utf8mb4
  27. # 表名大小写敏感 0 是区分大小写,1 是不分区,全部采用小写
  28. lower_case_table_names = 1
  29. max_allowed_packet = 50M
  30. sql_mode=STRICT_TRANS_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION
  32. # 避免在 dump 命令中加上密码后提示:Using a password on the command line interface can be insecure
  33. [mysqldump]
  34. user=root
  35. password=123456
  1. chmod -R 777 /data/docker/mysql/datadir /data/docker/mysql/log
  2. chown -R 0:0 /data/docker/mysql/conf
  1. docker run \
  2.     --name cdk8s-mysql \
  3.     --restart always \
  4.     -d \
  5.     -p 3306:3306 \
  6.     -v /data/docker/mysql/datadir:/var/lib/mysql \
  7.     -v /data/docker/mysql/log:/var/log/mysql \
  8.     -v /data/docker/mysql/conf:/etc/mysql/conf.d \
  9.     -e MYSQL_ROOT_PASSWORD=123456 \
  10.     mysql:5.7

安装 Prometheus(Docker)

  2. 创建配置文件:
  3. mkdir -p /data/docker/prometheus/conf && vim /data/docker/prometheus/conf/prometheus.yml
  4. chmod -R 777 /data/docker/prometheus
  6. # my global config
  7. global:
  8.   scrape_interval:     15s # Set the scrape interval to every 15 seconds. Default is every 1 minute.
  9.   evaluation_interval: 15s # Evaluate rules every 15 seconds. The default is every 1 minute.
  10.   # scrape_timeout is set to the global default (10s).
  12. # Alertmanager configuration
  13. alerting:
  14.   alertmanagers:
  15.   - static_configs:
  16.     - targets:
  17.       # - alertmanager:9093
  19. # Load rules once and periodically evaluate them according to the global 'evaluation_interval'.
  20. rule_files:
  21.   # - "first_rules.yml"
  22.   # - "second_rules.yml"
  25. scrape_configs:
  26.   - job_name: 'cdk8s-sso'
  27.     metrics_path: '/tkey-actuator/actuator/prometheus'
  28.     static_configs:
  29.     - targets: ['172.16.16.4:19091']
  • 启动
  1. docker run \
  2.     -d \
  3.     --name cdk8s-prometheus \
  4.     --restart always \
  5.     -p 9090:9090 \
  6.     -v /data/docker/prometheus/conf/prometheus.yml:/etc/prometheus/prometheus.yml \
  7.     prom/prometheus

安装 Grafana(Docker)

  1. mkdir -p /data/docker/grafana/data
  2. chmod -R 777 /data/docker/grafana/data
  4. docker run \
  5.     -d \
  6.     --name cdk8s-grafana \
  7.     --restart always \
  8.     -p 3000:3000 \
  9.     -v /data/docker/grafana/data:/var/lib/grafana \
  10.     grafana/grafana

安装 Portainer(Docker)

  1. mkdir -p /data/docker/portainer
  2. chmod -R 777 /data/docker/portainer
  • 创建文件:vim docker-compose.yml
  1. version: '3'
  2. services:
  3.   portainer:
  4.     container_name: portainer
  5.     image: portainer/portainer
  6.     volumes:
  7.       - /data/docker/portainer:/data
  8.       - /var/run/docker.sock:/var/run/docker.sock
  9.     ports:
  10.       - "9000:9000"
  • 启动:docker-compose up -d
  • 浏览器访问访问:http://182.61.44.40:9000
  • 第一次启动会让你创建用户名和密码。第二步就是配置管理哪里的 docker 容器,我这里选择:local

安装 Nginx(Docker)

  1. mkdir -p /data/docker/nginx/logs /data/docker/nginx/conf /data/docker/nginx/html
  2. chmod -R 777 /data/docker/nginx
  1. 创建配置文件:
  2. vim /data/docker/nginx/conf/nginx.conf
  7. worker_processes      1;
  9. events {
  10.   worker_connections  1024;
  11. }
  13. http {
  14.   include             mime.types;
  15.   default_type        application/octet-stream;
  17.   sendfile on;
  18.   keepalive_timeout   65;
  20.   gzip on;
  21.   gzip_buffers 8 16k;
  22.   gzip_min_length 512;
  23.   gzip_disable "MSIE [1-6]\.(?!.*SV1)";
  24.   gzip_http_version 1.1;
  25.   gzip_types   text/plain text/css application/javascript application/x-javascript application/json application/xml;
  27.   server {
  28.     listen            80;
  29.     server_name       localhost 127.0.0.1 191.112.221.203;
  31.     location / {
  32.       root            /usr/share/nginx/html;
  33.       index           index.html index.htm;
  34.     }
  35.   }
  36. }
  • 运行容器:
  1. docker run \
  2.     -d \
  3.     --name cdk8s-nginx \
  4.     --restart always \
  5.     -p 80:80 \
  6.     -v /data/docker/nginx/logs:/var/log/nginx \
  7.     -v /data/docker/nginx/html:/data/html \
  8.     -v /data/docker/nginx/conf/nginx.conf:/etc/nginx/nginx.conf:ro \
  9.     nginx:1.17
  • 重新启动服务:docker restart cdk8s-nginx

Jenkins pipeline (Docker 方式运行 tkey-sso-server)

  • 确保 项目根目录有 Dockerfile 文件
  • 特别注意:
  1. 这两个大写的名词来自 Jenkins 全局工具配置中相应配置的 name 中填写的内容
  2. jdk 'JDK8'
  3. maven 'MAVEN3'
  1. pipeline {
  2.   agent any
  4.   /*=======================================工具环境修改-start=======================================*/
  5.   tools {
  6.     jdk 'JDK8'
  7.     maven 'MAVEN3'
  8.   }
  9.   /*=======================================工具环境修改-end=======================================*/
  11.   options {
  12.     timestamps()
  13.     disableConcurrentBuilds()
  14.     buildDiscarder(logRotator(
  15.       numToKeepStr: '20',
  16.       daysToKeepStr: '30',
  17.     ))
  18.   }
  20.   /*=======================================常修改变量-start=======================================*/
  22.   environment {
  23.     gitUrl = "https://github.com/cdk8s/tkey.git"
  24.     branchName = "master"
  25.     giteeCredentialsId = "cdk8s-github"
  26.     projectWorkSpacePath = "${env.WORKSPACE}"
  27.     projectBuildTargetPath = "${projectWorkSpacePath}/target"
  30.     dockerImageName = "harbor.cdk8s.com/tkey/${env.JOB_NAME}:${env.BUILD_NUMBER}"
  31.     dockerContainerName = "${env.JOB_NAME}"
  32.     inHostPort = "9091"
  33.     inHostPortByActuator = "19091"
  34.     inDockerAndJavaPort = "9091"
  35.     inDockerAndJavaPortByActuator = "19091"
  36.     inHostLogPath = "/data/logs/${dockerContainerName}/${env.BUILD_NUMBER}"
  37.     inDockerLogPath = "/logs"
  38.     dockerRunParam = "--name=${dockerContainerName} --hostname=${dockerContainerName} -v /etc/hosts:/etc/hosts -v ${inHostLogPath}:${inDockerLogPath} --restart=always  -p ${inHostPort}:${inDockerAndJavaPort} -p ${inHostPortByActuator}:${inDockerAndJavaPortByActuator} -e SPRING_PROFILES_ACTIVE=test -e SERVER_PORT=${inHostPort} -e SPRING_REDIS_HOST=redis.cdk8s.com -e SPRING_REDIS_PASSWORD=123456 -e TKEY_NODE_NUMBER=12"
  39.   }
  41.   /*=======================================常修改变量-end=======================================*/
  43.   stages {
  45.     stage('Pre Env') {
  46.       steps {
  47.          echo "======================================项目名称 = ${env.JOB_NAME}"
  48.          echo "======================================项目 URL = ${gitUrl}"
  49.          echo "======================================项目分支 = ${branchName}"
  50.          echo "======================================当前编译版本号 = ${env.BUILD_NUMBER}"
  51.          echo "======================================项目空间文件夹路径 = ${projectWorkSpacePath}"
  52.          echo "======================================项目 build 后 jar 路径 = ${projectBuildTargetPath}"
  53.          echo "======================================Docker 镜像名称 = ${dockerImageName}"
  54.          echo "======================================Docker 容器名称 = ${dockerContainerName}"
  55.       }
  56.     }
  58.     stage('Git Clone'){
  59.       steps {
  60.           git branch: "${branchName}",
  61.           credentialsId: "${giteeCredentialsId}",
  62.           url: "${gitUrl}"
  63.       }
  64.     }
  66.     stage('Maven Clean') {
  67.       steps {
  68.         sh "mvn clean"
  69.       }
  70.     }
  72.     stage('Maven Package') {
  73.       steps {
  74.         sh "mvn package -DskipTests"
  75.       }
  76.     }
  78.     stage('构建 Docker 镜像') {
  79.       steps {
  80.         sh """
  81.             cd ${projectWorkSpacePath}
  83.             docker build -t ${dockerImageName} ./
  84.         """
  85.       }
  86.     }
  88.     stage('运行 Docker 镜像') {
  89.       steps {
  90.         sh """
  91.             docker stop ${dockerContainerName} | true
  93.             docker rm -f ${dockerContainerName} | true
  95.             docker run -d  ${dockerRunParam} ${dockerImageName}
  96.         """
  97.       }
  98.     }
  101.   }
  102. }

Jenkins pipeline (Docker 方式运行 tkey-sso-client-management 后端)

  • 确保 项目根目录有 Dockerfile 文件
  • 特别注意:
  1. 这两个大写的名词来自 Jenkins 全局工具配置中相应配置的 name 中填写的内容
  2. jdk 'JDK8'
  3. maven 'MAVEN3'
  1. pipeline {
  2.   agent any
  4.   /*=======================================工具环境修改-start=======================================*/
  5.   tools {
  6.     jdk 'JDK8'
  7.     maven 'MAVEN3'
  8.   }
  9.   /*=======================================工具环境修改-end=======================================*/
  11.   options {
  12.     timestamps()
  13.     disableConcurrentBuilds()
  14.     buildDiscarder(logRotator(
  15.       numToKeepStr: '20',
  16.       daysToKeepStr: '30',
  17.     ))
  18.   }
  20.   /*=======================================常修改变量-start=======================================*/
  22.   environment {
  23.     gitUrl = "https://github.com/cdk8s/tkey-sso-client-management.git"
  24.     branchName = "master"
  25.     giteeCredentialsId = "cdk8s-github"
  26.     projectWorkSpacePath = "${env.WORKSPACE}"
  27.     projectBuildTargetPath = "${projectWorkSpacePath}/target"
  30.     dockerImageName = "harbor.cdk8s.com/tkey/${env.JOB_NAME}:${env.BUILD_NUMBER}"
  31.     dockerContainerName = "${env.JOB_NAME}"
  32.     inHostPort = "9095"
  33.     inHostPortByActuator = "19095"
  34.     inDockerAndJavaPort = "9095"
  35.     inDockerAndJavaPortByActuator = "19095"
  36.     inHostLogPath = "/data/logs/${dockerContainerName}/${env.BUILD_NUMBER}"
  37.     inDockerLogPath = "/logs"
  38.     dockerRunParam = "--name=${dockerContainerName} --hostname=${dockerContainerName} -v /etc/hosts:/etc/hosts -v ${inHostLogPath}:${inDockerLogPath} --restart=always  -p ${inHostPort}:${inDockerAndJavaPort} -p ${inHostPortByActuator}:${inDockerAndJavaPortByActuator} -e SPRING_PROFILES_ACTIVE=test -e SERVER_PORT=${inHostPort} -e SPRING_REDIS_HOST=redis.cdk8s.com -e SPRING_REDIS_PASSWORD=123456"
  39.   }
  41.   /*=======================================常修改变量-end=======================================*/
  43.   stages {
  45.     stage('Pre Env') {
  46.       steps {
  47.          echo "======================================项目名称 = ${env.JOB_NAME}"
  48.          echo "======================================项目 URL = ${gitUrl}"
  49.          echo "======================================项目分支 = ${branchName}"
  50.          echo "======================================当前编译版本号 = ${env.BUILD_NUMBER}"
  51.          echo "======================================项目空间文件夹路径 = ${projectWorkSpacePath}"
  52.          echo "======================================项目 build 后 jar 路径 = ${projectBuildTargetPath}"
  53.          echo "======================================Docker 镜像名称 = ${dockerImageName}"
  54.          echo "======================================Docker 容器名称 = ${dockerContainerName}"
  55.       }
  56.     }
  58.     stage('Git Clone'){
  59.       steps {
  60.           git branch: "${branchName}",
  61.           credentialsId: "${giteeCredentialsId}",
  62.           url: "${gitUrl}"
  63.       }
  64.     }
  66.     stage('Maven Clean') {
  67.       steps {
  68.         sh "mvn clean"
  69.       }
  70.     }
  72.     stage('Maven Package') {
  73.       steps {
  74.         sh "mvn package -DskipTests"
  75.       }
  76.     }
  78.     stage('构建 Docker 镜像') {
  79.       steps {
  80.         sh """
  81.             cd ${projectWorkSpacePath}
  83.             docker build -t ${dockerImageName} ./
  84.         """
  85.       }
  86.     }
  88.     stage('运行 Docker 镜像') {
  89.       steps {
  90.         sh """
  91.             docker stop ${dockerContainerName} | true
  93.             docker rm -f ${dockerContainerName} | true
  95.             docker run -d  ${dockerRunParam} ${dockerImageName}
  96.         """
  97.       }
  98.     }
  101.   }
  102. }

Jenkins pipeline (Docker 方式运行 tkey-sso-client-management 前端)

  1. pipeline {
  2.   agent any
  4.   options {
  5.     timestamps()
  6.     disableConcurrentBuilds()
  7.     buildDiscarder(logRotator(
  8.       numToKeepStr: '20',
  9.       daysToKeepStr: '30',
  10.     ))
  11.   }
  13.   /*=======================================常修改变量-start=======================================*/
  15.   environment {
  16.     gitUrl = "https://github.com/cdk8s/tkey-sso-client-management-frontend.git"
  17.     branchName = "master"
  18.     giteeCredentialsId = "cdk8s-github"
  19.     projectBuildPath = "${env.WORKSPACE}/dist"
  20.     nginxHtmlRoot = "/data/docker/nginx/html/tkey-sso-client-management-frontend"
  21.   }
  23.   /*=======================================常修改变量-end=======================================*/
  25.   stages {
  27.     stage('Pre Env') {
  28.       steps {
  29.          echo "======================================项目名称 = ${env.JOB_NAME}"
  30.          echo "======================================项目 URL = ${gitUrl}"
  31.          echo "======================================项目分支 = ${branchName}"
  32.          echo "======================================当前编译版本号 = ${env.BUILD_NUMBER}"
  33.          echo "======================================项目 Build 文件夹路径 = ${projectBuildPath}"
  34.          echo "======================================项目 Nginx 的 ROOT 路径 = ${nginxHtmlRoot}"
  35.       }
  36.     }
  38.     stage('Git Clone'){
  39.       steps {
  40.           git branch: "${branchName}",
  41.           credentialsId: "${giteeCredentialsId}",
  42.           url: "${gitUrl}"
  43.       }
  44.     }
  46.     stage('YARN Install') {
  47.       steps {
  48.         sh "yarn install"
  49.       }
  50.     }
  52.     stage('YARN Build') {
  53.       steps {
  54.         sh "yarn build:test"
  55.       }
  56.     }
  58.     stage('Nginx Deploy') {
  59.       steps {
  60.         sh "rm -rf ${nginxHtmlRoot}/"
  61.         sh "cp -r ${projectBuildPath}/ ${nginxHtmlRoot}/"
  62.       }
  63.     }
  66.   }
  67. }

GoAccess

  • GoAccess 建议用本地安装
  • 安装步骤过长,请参考我们的这篇文章:GoAccess
  • 创建目录:mkdir -p /data/docker/nginx/html/report
  • 手动运行
  1. goaccess -f /data/docker/nginx/logs/access.log --geoip-database=/opt/GeoLite2-City_20190820/GeoLite2-City.mmdb -p /etc/goaccess_log_conf_nginx.conf -o /data/docker/nginx/html/report/index.html
  • 实时运行
  1. goaccess -f /data/docker/nginx/logs/access.log --geoip-database=/opt/GeoLite2-City_20190820/GeoLite2-City.mmdb -p /etc/goaccess_log_conf_nginx.conf -o /data/docker/nginx/html/report/index.html --real-time-html --daemonize

Nginx 最终配置

  • 因为 nginx 在 docker 里面,所以不能用 127.0.0.1
  1. 配置文件:
  2. vim /data/docker/nginx/conf/nginx.conf
  6. worker_processes      1;
  8. events {
  9.   worker_connections  1024;
  10. }
  12. http {
  13.   include             mime.types;
  14.   default_type        application/octet-stream;
  16.   charset  utf8;
  18.   log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
  19.                 '$status $body_bytes_sent "$http_referer" '
  20.                 '"$http_user_agent" "$http_x_forwarded_for" "$request_time"';
  22.   access_log /var/log/nginx/access.log main;
  23.   error_log /var/log/nginx/error.log;
  26.   sendfile on;
  27.   keepalive_timeout   65;
  29.   gzip on;
  30.   gzip_buffers 8 16k;
  31.   gzip_min_length 512;
  32.   gzip_disable "MSIE [1-6]\.(?!.*SV1)";
  33.   gzip_http_version 1.1;
  34.   gzip_types   text/plain text/css application/javascript application/x-javascript application/json application/xml;
  36.   server {
  37.     listen            80;
  38.     server_name       localhost 127.0.0.1 182.61.44.40;
  40.     location /tkey-test {
  41.         return 601;
  42.     }
  44.     location ^~ /upload {
  45.         root    /home/root/sculptor-boot-backend-upload-dir;
  46.         autoindex on;
  47.         autoindex_exact_size off;
  48.         autoindex_localtime on;
  49.     }
  51.     # 需要创建目录 /data/html/tkey-sso-client-management-frontend,里面存放 index.html 等静态文件
  52.     location ^~ /tkey-sso-client-management-frontend {
  53.         root            /data/html;
  54.         index           index.html;
  55.         try_files $uri /tkey-sso-client-management-frontend/index.html;
  56.     } 
  58.     location ^~ /sso-client-management/ {
  59.         proxy_pass http://172.16.16.4:9095;
  60.         proxy_redirect off;
  61.         proxy_set_header Host $host;
  62.         proxy_set_header X-Real-IP $remote_addr;
  63.         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  64.         proxy_set_header X-Forwarded-Proto $scheme;
  65.     }
  67.     location ^~ /sso/ {
  68.         proxy_pass http://172.16.16.4:9091;
  69.         proxy_redirect off;
  70.         proxy_set_header Host $host;
  71.         proxy_set_header X-Real-IP $remote_addr;
  72.         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  73.         proxy_set_header X-Forwarded-Proto $scheme;
  74.     }
  77.     location ^~ /report {
  78.       root            /data/html;
  79.       index           index.html index.htm;
  80.     }
  82.     location / {
  83.       root            /usr/share/nginx/html;
  84.       index           index.html index.htm;
  85.     }
  86.   }
  87. }

hosts 配置

  1. 172.16.16.4 sso.cdk8s.com
  2. 172.16.16.4 test1.cdk8s.com
  3. 172.16.16.4 test2.cdk8s.com
  4. 172.16.16.4 redis.cdk8s.com
  5. 172.16.16.4 mysql.cdk8s.com
  6. 172.16.16.4 management.cdk8s.com
  7. 172.16.16.4 tkey-sso-client-management
  8. 172.16.16.4 tkey-sso