bkce-6.0.4基础环境部署简述

1.概述

1.1.相关网站：

# 蓝鲸软件包下载：
https://bk.tencent.com/download/ # 蓝鲸社区版软件包下载
https://bk.tencent.com/download_ssl/ # 蓝鲸社区版证书包下载
​
# yum源
https://mirrors.cloud.tencent.com/help/epel.html # 腾讯云epel源配置文档
wget -O /etc/yum.repos.d/epel.repo http://mirrors.cloud.tencent.com/repo/epel-7.repo
​
# 部署相关文档
https://bk.tencent.com/docs/document/6.0/127/7543 # 环境准备文档
https://bk.tencent.com/docs/document/6.0/127/7549 # 蓝鲸社区基础版安装
https://bk.tencent.com/docs/document/6.0/127/7551 # 蓝鲸社区版单机部署
​
# 资料网站
https://km.canway.net/home # 公司知识库，善用全文检索
https://www.baidu.com/ # 百度，善用百度

1.2.物料表

文件名	MD5值	用途
bkce_basic_suite-6.0.4.tgz	455ad99e370edb58ebb9ae91bd29fffc	蓝鲸软件包
ssl_certificates.tar.gz	视环境变动	蓝鲸证书包

1.3.部署思路

我们基础的部署思路其实很简单：

物料准备---> 虚拟机环境准备--->自定义配置修改---->运行安装脚本--->调试验证

2.环境准备

环境准备参考文档：https://bk.tencent.com/docs/document/6.0/127/7543

2.1.软件获取

# 蓝鲸软件包下载：
https://bk.tencent.com/download/ # 蓝鲸社区版软件包下载,本次课程软件包已经下载好放在/data/pkgs/目录
# 验证软件包MD5值
cd /data/pkgs && md5sum bkce_basic_suite-6.0.4.tgz
​
# 蓝鲸证书获取
https://bk.tencent.com/download_ssl/ # 蓝鲸社区版证书包下载
# 获取mac地址
[root@localhost pkgs]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:0c:29:8d:c0:85 brd ff:ff:ff:ff:ff:ff
    inet 10.10.24.38/24 brd 10.10.24.255 scope global noprefixroute ens192
       valid_lft forever preferred_lft forever
    inet6 fe80::575d:1819:bc01:fe23/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
# 将mac地址00:0c:29:8d:c0:85复制到表单中点击"点击下载"

2.2.软件包解压

# 将bkce_basic_suite-6.0.4.tgz解压至/data目录
tar -xf bkce_basic_suite-6.0.4.tgz -C /data
​
# 将/data/src下的压缩包解压
cd /data/src/; for f in *gz;do tar xf $f; done
​
# 拷贝蓝鲸自带yum到/opt目录
cp -a /data/src/yum /opt
​
# 将证书文件解压至/data/src/cert目录
mkdir -p /data/src/cert/
tar xf ssl_certificates.tar.gz -C /data/src/cert

2.3.角色配置并配置免密登录

# 在/data/install目录下，已经存在一个install.config.3ip.sample模板文件
# 该文件包含蓝鲸基础套餐及监控套餐，我们可以将其合并后删除掉监控套餐角色
10.0.0.1 iam,ssm,usermgr,gse,license,redis,consul,es7,monitorv3(influxdb-proxy),monitorv3(monitor),monitorv3(grafana)
10.0.0.2 nginx,consul,mongodb,rabbitmq,appo,influxdb(bkmonitorv3),monitorv3(transfer),fta,beanstalk
10.0.0.3 paas,cmdb,job,mysql,zk(config),kafka(config),appt,consul,log(api),nodeman(nodeman),log(grafana)
# 其中es7,monitorv3(influxdb-proxy),monitorv3(monitor),monitorv3(grafana),influxdb,(bkmonitorv3), monitorv3(transfer),fta,beanstalk,log(grafana).log(api),kafka(config)为监控套餐角色
# es7为devops软件依赖，故上述角色除es7全部删除
# 整合后模板为：
10.0.0.1 iam,ssm,usermgr,gse,license,redis,consul,nginx,mongodb,rabbitmq,appo,paas,cmdb,job,mysql,zk(config),nodeman(nodeman)
​
# 修改完成install.config后，配置免密
# 先安装rsync
for i in `awk '{print $1}' /data/install/install.config`; do echo $i; ssh $i 'yum -y install rsync'; done
bash /data/install/configure_ssh_without_pass

2.4.虚拟机环境配置

参考官方文档：https://bk.tencent.com/docs/document/6.0/127/7543

2.4.1.修改主机名

# 蓝鲸社区版6.0（企业版3.0）要求所有角色的主机名不重复
hostname
hostnamectl set-hostname xxxxxxx

2.4.2.关闭SELinux

for i in `awk '{print $1}' /data/install/install.config`; do echo $i; ssh $i 'getenforce'; done
for i in `awk '{print $1}' /data/install/install.config`; do echo $i; ssh $i 'setenforce 0'; done
for i in `awk '{print $1}' /data/install/install.config`; do echo $i; ssh $i 'sed -i 's/^SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config'; done

2.4.3.关闭防火墙

for i in `awk '{print $1}' /data/install/install.config`; do echo $i; ssh $i 'systemctl stop firewalld'; done
for i in `awk '{print $1}' /data/install/install.config`; do echo $i; ssh $i 'systemctl disable firewalld'; done
for i in `awk '{print $1}' /data/install/install.config`; do echo $i; ssh $i 'systemctl stop iptables'; done
for i in `awk '{print $1}' /data/install/install.config`; do echo $i; ssh $i 'systemctl disable iptables'; done

2.4.4.关闭NetworkManager

for i in `awk '{print $1}' /data/install/install.config`; do echo $i; ssh $i 'systemctl stop NetworkManager'; done
for i in `awk '{print $1}' /data/install/install.config`; do echo $i; ssh $i 'systemctl disable NetworkManager'; done

2.4.5.查看、同步系统时间

for i in `awk '{print $1}' /data/install/install.config`; do echo $i; ssh $i 'date'; done
for i in `awk '{print $1}' /data/install/install.config`; do echo $i; ssh $i 'ntpdate NTP服务器IP或域名'; done

2.4.6.查看、修改最大文件打开数

for i in `awk '{print $1}' /data/install/install.config`; do echo $i; ssh $i 'ulimit -n'; done
for i in `awk '{print $1}' /data/install/install.config`; do echo $i; ssh $i 'echo "root soft nofile 102400" >> /etc/security/limits.conf'; done
for i in `awk '{print $1}' /data/install/install.config`; do echo $i; ssh $i 'echo "root hard nofile 102400" >> /etc/security/limits.conf'; done

注：如果上述方法无法修改生效，可尝试修改配置文件/etc/systemd/system.conf

DefaultLimitNOFILE=102400
DefaultLimitNOPROC=102400

重新加载systemd自身配置，使之生效

systemctl daemon-reexec

2.4.7.查看umask

for i in `awk '{print $1}' /data/install/install.config`; do echo $i; ssh $i 'umask'; done

2.4.8.配置yum源

wget -O /etc/yum.repos.d/epel.repo http://mirrors.cloud.tencent.com/repo/epel-7.repo
# 更新yum缓存
yum clean all
yum makecache

2.4.9.系统组件、开发者工具包安装

for i in `awk '{print $1}' /data/install/install.config`; do echo $i; ssh $i 'yum -y install pidof pkill rsync gawk curl lsof tar sed iproute uuid psmisc wget bind-utils mysql-devel MySQL-python'; done
for i in `awk '{print $1}' /data/install/install.config`; do echo $i; ssh $i 'yum -y groupinstall "Development Tools"'; done

注：如果无法yum -y groupinstall "Development Tools"，可以执行以下命令

for i in `awk '{print $1}' /data/install/install.config`; do echo $i; ssh $i 'yum -y install autoconf byacc diffstat flex gcc-gfortran intltool patchutils rpm-build swig automake cscope doxygen gcc git libtool rcs rpm-sign systemtap bison ctags elfutils gcc-c++ indent patch redhat-rpm-config subversion'; done

2.4.10.检查是否存在http代理

for i in `awk '{print $1}' /data/install/install.config`; do echo $i; ssh $i 'echo "$http_proxy" "$https_proxy"'; done

2.5.自定义配置

# 创建自定义配置文件并修改
touch /data/install/bin/03-userdef/global.env
vim /data/install/bin/03-userdef/global.env
BK_DOMAIN=optest.com
BK_PAAS_PUBLIC_ADDR=paas.optest.com:80
BK_PAAS_PUBLIC_URL=http://paas.optest.com:80
BK_CMDB_PUBLIC_ADDR=cmdb.optest.com:80
BK_CMDB_PUBLIC_URL=http://cmdb.optest.com:80
BK_JOB_PUBLIC_ADDR=job.optest.com:80
BK_JOB_PUBLIC_URL=http://job.optest.com:80
BK_JOB_API_PUBLIC_URL=http://jobapi.optest.com:80
BK_JOB_API_PUBLIC_ADDR=jobapi.optest.com:80
BK_NODEMAN_PUBLIC_DOWNLOAD_URL=http://nodeman.optest.com:80
​
# 配置admin初始密码
touch /data/install/bin/03-userdef/usermgr.env
vim /data/install/bin/03-userdef/usermgr.env
BK_PAAS_ADMIN_PASSWORD=1qaz@WSX

3.部署

部署文档：https://bk.tencent.com/docs/document/6.0/127/7549

4.新增机器并部署角色（以APPT为例，与扩容有区别）

4.1.install.config中添加新角色

# 在/data/install/install.config中添加新角色
10.10.10.3 appt

4.2.为中控机配置新机器免密

bash /data/install/configure_ssh_without_pass

4.3.新机器环境初始化

重复执行2.4中所有步骤

4.4.重新安装蓝鲸环境

./bkcli install bkenv

4.5.同步必要文件并初始化新机器环境

./bkcli sync common
rsync -av /etc/yum.repos.d/Blueking.repo root@10.0.0.4:/etc/yum.repos.d/
pcmd -H 10.0.0.4 /data/install/bin/init_new_node.sh
sleep 10
consul members | grep 10.0.0.4 # 确认新机器加入了consul集群

4.6.为新机器安装证书

./bkcli sync cert
./bkcli install cert

4.7.安装新的APPT机器

./bkcli sync appt
./bkcli install appt
./bkcli start appt