腾讯蓝鲸集群式部署
腾讯蓝鲸智云,简称蓝鲸,是腾讯互动娱乐事业群(Interactive Entertainment Group,简称 IEG)自研自用的一套用于构建企业研发运营一体化体系的 PaaS 开发框架,提供了 aPaaS(DevOps 流水线、运行环境托管、前后台框架)和 iPaaS(持续集成、CMDB、作业平台、容器管理、计算平台、AI 等原子平台)等模块,帮助企业技术人员快速构建基础运营 PaaS。
关闭防火墙
[root@localhost ~]# sed -i 's/^SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
[root@localhost ~]# setenforce 0
[root@localhost ~]# systemctl stop firewalld
[root@localhost ~]# systemctl disable firewalld
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.关闭网络管理
[root@localhost ~]# systemctl status NetworkManager
● NetworkManager.service - Network Manager
Loaded: loaded (/usr/lib/systemd/system/NetworkManager.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2021-07-29 15:49:45 CST; 1h 10min ago
Docs: man:NetworkManager(8)
Main PID: 1086 (NetworkManager)
CGroup: /system.slice/NetworkManager.service
├─1086 /usr/sbin/NetworkManager --no-daemon
└─1197 /sbin/dhclient -d -q -sf /usr/libexec/nm-dhcp-helper -pf /var/run/dhclient-ens33.pid -lf /var/lib/NetworkManager/dhclient-54043ffa-9f33-49a0-b4d5-4b191...
Jul 29 15:49:58 localhost.localdomain NetworkManager[1086]: <info> [1627544998.6410] device (ens33): state change: secondaries -> activated (reason 'none', sys...managed')
Jul 29 15:49:58 localhost.localdomain NetworkManager[1086]: <info> [1627544998.6420] manager: NetworkManager state is now CONNECTED_LOCAL
Jul 29 15:49:58 localhost.localdomain NetworkManager[1086]: <info> [1627544998.6445] manager: NetworkManager state is now CONNECTED_SITE
Jul 29 15:49:58 localhost.localdomain NetworkManager[1086]: <info> [1627544998.6447] policy: set 'ens33' (ens33) as default for IPv4 routing and DNS
Jul 29 15:49:58 localhost.localdomain dhclient[1197]: bound to 192.168.1.74 -- renewal in 39901 seconds.
Jul 29 15:49:58 localhost.localdomain NetworkManager[1086]: <info> [1627544998.6550] device (ens33): Activation: successful, device activated.
Jul 29 15:49:58 localhost.localdomain NetworkManager[1086]: <info> [1627544998.6559] manager: NetworkManager state is now CONNECTED_GLOBAL
Jul 29 15:49:58 localhost.localdomain NetworkManager[1086]: <info> [1627544998.6567] manager: startup complete
Jul 29 16:53:57 tencen-3 NetworkManager[1086]: <info> [1627548837.1248] hostname: hostname changed from "localhost.localdomain" to "tencen-3"
Jul 29 16:53:57 tencen-3 NetworkManager[1086]: <info> [1627548837.1252] policy: set-hostname: set hostname to 'tencen-3' (from system configuration)
Hint: Some lines were ellipsized, use -l to show in full.
[root@localhost ~]# systemctl stop NetworkManager
[root@localhost ~]# systemctl disable NetworkManager
Removed symlink /etc/systemd/system/multi-user.target.wants/NetworkManager.service.
Removed symlink /etc/systemd/system/dbus-org.freedesktop.nm-dispatcher.service.
Removed symlink /etc/systemd/system/network-online.target.wants/NetworkManager-wait-online.service.设置最大连接数
[root@localhost ~]# ulimit -n
1024
[root@localhost ~]# cp /etc/security/limits.conf /etc/security/limits.conf.bak
[root@localhost ~]# cat << EOF >> /etc/security/limits.conf
> root soft nofile 102400
> root hard nofile 102400
> EOF
[root@localhost ~]#准备所需软件包
[root@localhost ~]# mkdir /data
[root@localhost ~]# mv bkce_basic_suite-6.0.3.tgz /data
[root@localhost ~]# cd /data
[root@localhost data]# ls
bkce_basic_suite-6.0.3.tgz
[root@localhost data]#
[root@localhost data]#
[root@localhost data]#解压套餐包
[root@localhost data]# tar xf bkce_basic_suite-6.0.3.tgz
[root@localhost data]#解压各个产品软件包
[root@localhost data]# cd /data/src/; for f in *gz;do tar xf $f; done解压证书包
在网站 https://bk.tencent.com/download_ssl/ 中使用Mac地址进行注册
[root@localhost src]# install -d -m 755 /data/src/cert
[root@localhost src]# tar xf /data/ssl_certificates.tar.gz -C /data/src/cert/
[root@localhost src]# chmod 644 /data/src/cert/*拷贝 rpm 包文件夹到/opt/目录
[root@localhost src]# cp -a /data/src/yum /opt
[root@localhost src]#
生成并配置 install.config
[root@localhost src]# cat << EOF >/data/install/install.config
> 192.168.1.75 iam,ssm,usermgr,gse,license,redis,consul,mysql
> 192.168.1.50 nginx,consul,mongodb,rabbitmq,appo
> 192.168.1.74 paas,cmdb,job,zk(config),appt,consul,nodeman(nodeman)
>
> EOF执行免密
[root@localhost src]# cd /data/install
[root@localhost install]# yum install rsync -y
[root@localhost install]# bash /data/install/configure_ssh_without_pass初始化并检查环境
[root@localhost install]# ./bk_install common
[root@localhost install]# ./health_check/check_bk_controller.sh部署 PaaS 平台
[root@localhost install]# ./bk_install paas
如果以上步骤没有报错, 你现在可以通过 http://paas.bktencent.com:80 访问 paas 平台,
登陆用户名(login user): admin
登陆密码(login password): fKJbtZ54KDA_
部署 app_mgr
[root@localhost install]# ./bk_install app_mgr部署权限中心与用户管理
[root@localhost install]# ./bk_install saas-o bk_iam
[root@localhost install]# ./bk_install saas-o bk_user_manage部署 CMDB
[root@localhost install]# ./bk_install cmdb部署 JOB
[root@localhost install]# ./bk_install job部署 bknodeman
[root@localhost install]# ./bk_install bknodeman# 标准运维
[root@localhost install]# ./bk_install saas-o bk_sops# 流程管理
[root@localhost install]# ./bk_install saas-o bk_itsm加载蓝鲸相关维护命令
[root@localhost install]# source ~/.bashrc初始化蓝鲸业务拓扑
[root@localhost install]# ./bkcli initdata topo检测相关服务状态
[root@localhost install]# cd /data/install/
[root@localhost install]# echo bkssm bkiam usermgr paas cmdb gse job consul | xargs -n 1 ./bkcli checkWindows 配置
用文本编辑器(如 Notepad++)打开文件:
C:\Windows\System32\drivers\etc\hosts将以下内容复制到上述文件内,并将以下 IP 需更换为本机浏览器可以访问的 IP,然后保存。
10.0.0.2 paas.bktencent.com cmdb.bktencent.com job.bktencent.com jobapi.bktencent.com
10.0.0.3 nodeman.bktencent.com注意:10.0.0.2 为 nginx 模块所在的机器,10.0.0.3 为 nodeman 模块所在的机器。IP 需更换为本机浏览器可以访问的 IP。
最后更新于