feat(backend): 云区域组件容器化 #6703

TencentBlueKing · Sep 11, 2024 · 581bfc6 · 581bfc6
1 parent e703f74
commit 581bfc6
Show file tree

Hide file tree

Showing 74 changed files with 2,057 additions and 112 deletions.
diff --git a/dbm-ui/backend/components/db_remote_service/client.py b/dbm-ui/backend/components/db_remote_service/client.py
@@ -26,7 +26,7 @@ class _DRSApi(object):
     def __init__(self):
         ssl_flag = True
 
-        # 配置了DRS_SKIP_SSL，认为跳过ssl认证
+        # 配置了DRS_SKIP_SSL，或者走容器化方式，认为跳过ssl认证
         if env.DRS_SKIP_SSL:
             ssl_flag = False
 

diff --git a/dbm-ui/backend/components/proxy_api.py b/dbm-ui/backend/components/proxy_api.py
@@ -25,7 +25,7 @@ class ProxyAPI(DataAPI):
     def build_actual_url(self, param):
         url = super().build_actual_url(param)
 
-        # 如果配置了DOMAIN_SKIP_PROXY，表示跳过proxy代理
+        # 如果配置了代理跳过，则直接返回url
         if env.DOMAIN_SKIP_PROXY:
             return url
 
@@ -34,6 +34,11 @@ def build_actual_url(self, param):
         except KeyError:
             raise DataAPIException(_("ProxyApi 必须传入 bk_cloud_id 参数"))
 
+        # 如果配置了云区域容器化，并且是直连区域，则跳过代理并且忽略ssl
+        if env.CLOUD_CONTAINER_ENABLE and bk_cloud_id == 0:
+            self.ssl = False
+            return url
+
         # 只取最新的nginx作为转发服务
         proxy = DBCloudProxy.objects.filter(bk_cloud_id=bk_cloud_id).last()
         host = "https://" if self.ssl else "http://"

diff --git a/dbm-ui/backend/db_meta/api/dbha/apis.py b/dbm-ui/backend/db_meta/api/dbha/apis.py
@@ -147,7 +147,8 @@ def instances(
                 logger.warning("{} is not a valid ip, instance or domain".format(ad))
                 raise ValueError("{} is not a valid ip, instance or domain".format(ad))
 
-    if logical_city_ids:
+    # 如果没有城市ID，或者城市ID包含-1，则不过滤城市
+    if logical_city_ids and -1 not in logical_city_ids:
         queries &= Q(**{"machine__bk_city__logical_city_id__in": logical_city_ids})
 
     if statuses:

diff --git a/dbm-ui/backend/db_periodic_task/local_tasks/db_proxy.py b/dbm-ui/backend/db_periodic_task/local_tasks/db_proxy.py
@@ -30,7 +30,6 @@
 from backend.db_proxy.models import ClusterExtension, DBCloudProxy, DBExtension
 from backend.db_services.ipchooser.query.resource import ResourceQueryHelper
 from backend.utils.redis import RedisConn
-from backend.utils.string import base64_encode
 
 logger = logging.getLogger("celery")
 
@@ -93,27 +92,18 @@ def _job_push_config_file(_cloud_id, _file_list, _nginx_list):
         extension_ids: List[int] = []
         for db_type in cloud__db_type__extension[cloud_id].keys():
             conf_tpl = getattr(nginxconf_tpl, f"{db_type}_conf_tpl", None)
+
+            # 如果没有模板，则打印日志并跳过
             if not conf_tpl:
-                # 如果没有模板，则打印日志并跳过
                 logger.warning(_("集群类型：{} 的nginx配置文件不存在，跳过对该nginx配置的下发").format(db_type))
                 continue
 
             jinja_env = Environment()
             template = jinja_env.from_string(conf_tpl)
 
             for extension in cloud__db_type__extension[cloud_id][db_type]:
-                conf_payload = {
-                    "bk_biz_id": extension.bk_biz_id,
-                    "bk_cloud_id": extension.bk_cloud_id,
-                    "db_type": extension.db_type,
-                    "cluster_name": extension.cluster_name,
-                    "service_type": extension.service_type,
-                    "service_url": f"http://{extension.ip}:{extension.port}",
-                }
-                file_name = f"{extension.bk_biz_id}_{extension.db_type}_{extension.cluster_name}_nginx.conf"
-                file_content = base64_encode(template.render(conf_payload))
-                file_list.append({"file_name": file_name, "content": file_content})
-
+                # 渲染配置
+                file_list.append(nginxconf_tpl.render_nginx_tpl(template, extension, encode=True))
                 # 这里先提前写入access url，至于是否执行成功根据is_flush
                 extension.save_access_url(nginx_url=f"{proxy.external_address}:{manage_port}")
                 extension_ids.append(extension.id)

diff --git a/dbm-ui/backend/db_proxy/constants.py b/dbm-ui/backend/db_proxy/constants.py
@@ -8,10 +8,12 @@
 an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
 specific language governing permissions and limitations under the License.
 """
+from django.utils.crypto import get_random_string
 from django.utils.translation import ugettext_lazy as _
 
 from backend.configuration.constants import DBType
-from backend.flow.consts import CloudServiceName
+from backend.core.encrypt.constants import AsymmetricCipherConfigType
+from backend.core.encrypt.handlers import AsymmetricHandler
 from blue_krill.data_types.enum import EnumField, StructuredEnum
 
 SWAGGER_TAG = _("透传服务(proxypass)")
@@ -60,18 +62,28 @@ class ExtensionAccountEnum(str, StructuredEnum):
     WEBCONSOLE_PWD = EnumField("webconsole_pwd", _("webconsole_pwd"))
 
     @classmethod
-    def get_account_in_info(cls, info):
+    def get_account_map(cls, info):
         """从info中获取存在的账号/密码信息"""
         account = {value: info[value] for value in cls.get_values() if value in info}
         return account
 
     @classmethod
-    def get_account_tuple_with_service(cls, service: CloudServiceName):
-        """获取不同组件包含的账号枚举类"""
-        account_tuples = [(cls.USER.value, cls.PWD.value)]
-        if service == CloudServiceName.DRS:
-            account_tuples.append((cls.WEBCONSOLE_USER, cls.WEBCONSOLE_PWD))
-        return account_tuples
+    def generate_random_account(cls, bk_cloud_id: int):
+        """生成随机账号"""
+        rsa_cloud_name = AsymmetricCipherConfigType.get_cipher_cloud_name(bk_cloud_id)
+        user, password = get_random_string(8), get_random_string(16)
+        encrypt_user = AsymmetricHandler.encrypt(name=rsa_cloud_name, content=user)
+        encrypt_password = AsymmetricHandler.encrypt(name=rsa_cloud_name, content=password)
+        return {"user": user, "password": password, "encrypt_user": encrypt_user, "encrypt_password": encrypt_password}
+
+    @classmethod
+    def get_account_info(cls, bk_cloud_id: int, details: dict, u_key: str, p_key: str):
+        """获取组件的账号和密码信息"""
+        rsa_cloud_name = AsymmetricCipherConfigType.get_cipher_cloud_name(bk_cloud_id)
+        encrypt_user, encrypt_password = details[u_key], details[p_key]
+        user = AsymmetricHandler.decrypt(name=rsa_cloud_name, content=encrypt_user)
+        password = AsymmetricHandler.decrypt(name=rsa_cloud_name, content=encrypt_password)
+        return {"user": user, "password": password, "encrypt_user": encrypt_user, "encrypt_password": encrypt_password}
 
 
 CLUSTER__SERVICE_MAP = {

diff --git a/dbm-ui/backend/db_proxy/container/__init__.py b/dbm-ui/backend/db_proxy/container/__init__.py
@@ -0,0 +1,12 @@
+# -*- coding: utf-8 -*-
+"""
+TencentBlueKing is pleased to support the open source community by making 蓝鲸智云-DB管理系统(BlueKing-BK-DBM) available.
+Copyright (C) 2017-2023 THL A29 Limited, a Tencent company. All rights reserved.
+Licensed under the MIT License (the "License"); you may not use this file except in compliance with the License.
+You may obtain a copy of the License at https://opensource.org/licenses/MIT
+Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
+an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
+specific language governing permissions and limitations under the License.
+"""
+
+# 云区域容器化改造
diff --git a/dbm-ui/backend/db_proxy/container/dbha/Dockerfile b/dbm-ui/backend/db_proxy/container/dbha/Dockerfile
@@ -0,0 +1,20 @@
+FROM mirrors.tencent.com/build/blueking/dbmedium:latest as medium
+
+FROM debian:bookworm-slim
+
+# 更新包列表并安装 cron 和 gettext-base
+RUN apt-get update && \
+    apt-get install -y jq gettext-base curl && \
+    apt-get clean && \
+    rm -rf /var/lib/apt/lists/*
+
+## 获取dns介质文件
+COPY --from=medium /app/medium/cloud/cloud-dbha/*/dbha /data/install/
+COPY ./start.bash ./dbha-conf-tpl.yaml /data/install/
+
+WORKDIR /data/install
+
+RUN chmod +x start.bash
+
+## 启动dbha服务
+ENTRYPOINT ["/bin/bash", "-c", "/data/install/start.bash"]
diff --git a/dbm-ui/backend/db_proxy/container/dbha/dbha-conf-tpl.yaml b/dbm-ui/backend/db_proxy/container/dbha/dbha-conf-tpl.yaml
@@ -0,0 +1,123 @@
+log_conf:
+  log_path: "./log"
+  log_level: "LOG_DEBUG"
+  log_maxsize: 512
+  log_maxbackups: 100
+  log_maxage: 30
+  log_compress: true
+agent_conf:
+  active_db_type: [
+    "riak",
+    "tendbha",
+    "tendbcluster",
+    "TwemproxyRedisInstance",
+    "PredixyTendisplusCluster",
+    "TwemproxyTendisSSDInstance"
+  ]
+  city_id: -1
+  campus: "all"
+  cloud_id: 0
+  fetch_interval: 60
+  reporter_interval: 120
+  local_ip: "$NODE_IP"
+gm_conf:
+  city_id: 0
+  campus: "zero"
+  cloud_id: 0
+  liston_port: 50000
+  local_ip: "$NODE_IP"
+  report_interval: 60
+  GDM:
+    dup_expire: 600
+    scan_interval: 1
+  GMM:
+  GQA:
+    idc_cache_expire: 300
+    single_switch_idc: 50
+    single_switch_interval: 86400
+    single_switch_limit:  48
+    all_host_switch_limit:  150
+    all_switch_interval:  7200
+  GCM:
+    allowed_checksum_max_offset: 2
+    allowed_slave_delay_max: 600
+    allowed_time_delay_max: 300
+    exec_slow_kbytes: 0
+password_conf:
+  host: "$BK_DBM_URL"
+  port: 80
+  url_pre: "/apis/proxypass"
+  timeout: 10
+  bk_conf:
+    bk_token: "$DB_CLOUD_TOKEN"
+db_conf:
+  hadb:
+    host: "$HADB_URL"
+    port: 8080
+    timeout: 120
+  cmdb:
+    host: "$BK_DBM_URL"
+    port: 80
+    url_pre: "/apis/proxypass"
+    timeout: 30
+    bk_conf:
+      bk_token: "$DB_CLOUD_TOKEN"
+  mysql:
+    user: "$DBHA_USER"
+    pass: "$DBHA_PASSWORD"
+    proxy_user: "proxy"
+    proxy_pass: "$DBHA_PROXY_PASSWORD"
+    timeout: 10
+  redis:
+    timeout: 10
+  riak:
+    timeout: 10
+name_services:
+  dns_conf:
+    host: "$BK_DBM_URL"
+    port: 80
+    url_pre: "/apis/proxypass"
+    user: "dbha"
+    pass: "xxx"
+    timeout: 10
+    bk_conf:
+      bk_token: "$DB_CLOUD_TOKEN"
+  remote_conf:
+    host: "$BK_DBM_URL"
+    port: 80
+    url_pre: "/apis/proxypass"
+    user: "dbha"
+    pass: "xxx"
+    timeout: 10
+    bk_conf:
+      bk_token: "$DB_CLOUD_TOKEN"
+  polaris_conf:
+    host: "$BK_DBM_URL"
+    port: 80
+    user: "nouser"
+    pass: "nopasswd"
+    url_pre: "/apis/proxypass/nameservice"
+    timeout: 10
+    bk_conf:
+      bk_token: "$DB_CLOUD_TOKEN"
+  clb_conf:
+    host: "$BK_DBM_URL"
+    port: 80
+    user: "nouser"
+    pass: "nopasswd"
+    url_pre: "/apis/proxypass/nameservice"
+    timeout: 10
+    bk_conf:
+      bk_token: "$DB_CLOUD_TOKEN"
+monitor:
+  bk_data_id: $BKMONITOR_EVENT_DATA_ID
+  access_token: "$BKMONITOR_EVENT_TOKEN"
+  beat_path: "$MYSQL_CROND_BEAT_PATH"
+  agent_address: "$MYSQL_CROND_AGENT_ADDRESS"
+  local_ip: "$NODE_IP"
+ssh:
+  port: 36000
+  user: "mysql"
+  pass: "$MYSQL_OS_PASSWORD"
+  dest: "agent"
+  timeout: 10
diff --git a/dbm-ui/backend/db_proxy/container/dbha/start.bash b/dbm-ui/backend/db_proxy/container/dbha/start.bash
@@ -0,0 +1,33 @@
+# 写入dbha记录
+data=$(
+curl -XPOST "$BK_DBM_URL/apis/proxypass/cloud/insert/" \
+  --header "Content-Type: application/json" \
+  --data-raw '{
+    "bk_cloud_id": 0,
+    "extension": "DBHA",
+    "db_cloud_token": "'"$DB_CLOUD_TOKEN"'",
+    "details": {
+      "ip": "%",
+      "dbha_type": "'"$DBHA_TYPE"'",
+      "bk_city_code": "'"$DBHA_CITY"'",
+      "bk_city_name": "'"$DBHA_CAMPUS"'",
+      "bk_host_id": 0,
+      "bk_cloud_id": 0
+    }
+  }'
+)
+
+# 导出密码环境变量
+export DBHA_USER=$(echo $data | jq -r '.data.dbha_account.user')
+export DBHA_PASSWORD=$(echo $data | jq -r '.data.dbha_account.password')
+export DBHA_PROXY_PASSWORD=$(echo $data | jq -r '.data.proxy_password')
+export MYSQL_OS_PASSWORD=$(echo $data | jq -r '.data.mysql_os_password')
+# 导出监控环境变量
+export BKMONITOR_EVENT_DATA_ID=$(echo $data | jq -r '.data.bkm_dbm_report.event.data_id')
+export BKMONITOR_EVENT_TOKEN=$(echo $data | jq -r '.data.bkm_dbm_report.event.token')
+
+# 配置文件注入环境变量，启动dbha服务
+touch log
+envsubst < ./dbha-conf-tpl.yaml > ./dbha.conf
+nohup ./dbha -config_file=dbha.conf -type=$DBHA_TYPE -> dbha-apply.log 2>&1 &
+tail -f log
diff --git a/dbm-ui/backend/db_proxy/container/dns/Dockerfile b/dbm-ui/backend/db_proxy/container/dns/Dockerfile
@@ -0,0 +1,21 @@
+FROM mirrors.tencent.com/build/blueking/dbmedium:latest as medium
+
+FROM debian:bookworm-slim
+
+# 更新包列表并安装 cron 和 gettext-base
+RUN apt-get update && \
+    apt-get install -y jq cron gettext-base curl && \
+    apt-get clean && \
+    rm -rf /var/lib/apt/lists/*
+
+## 获取dns介质文件
+COPY --from=medium /app/medium/cloud/cloud-dns-bind/*/bind.tar.gz /data/install/
+COPY --from=medium /app/medium/cloud/cloud-dns-pullcrond/*/pull-crond /data/install/
+COPY ./start.bash ./pull-crond.conf /data/install/
+
+WORKDIR /data/install
+
+RUN chmod +x start.bash
+
+## 启动dns服务
+ENTRYPOINT ["/bin/bash", "-c", "/data/install/start.bash"]
diff --git a/dbm-ui/backend/db_proxy/container/dns/pull-crond.conf b/dbm-ui/backend/db_proxy/container/dns/pull-crond.conf
@@ -0,0 +1,23 @@
+info_log_path="../log/info.log"
+error_log_path="../log/err.log"
+
+db_cloud_token="$DB_CLOUD_TOKEN"
+bk_dns_api_url="$BK_DBM_URL"
+bk_cloud_id=0
+
+data_id="$BKMONITOR_EVENT_DATA_ID"
+access_token="$BKMONITOR_EVENT_TOKEN"
+bkmonitorbeat="$MYSQL_CROND_BEAT_PATH"
+agent_address="$MYSQL_CROND_AGENT_ADDRESS"
+local_ip=""
+
+interval="3"
+flush_switch="true"
+forward_ip="$NODE_IP;"
+
+options_named_file="/usr/local/bind/etc/named.conf"
+options_named_file_tpl="/usr/local/bind/etc/named.conf_tpl"
+local_named_file="/usr/local/bind/etc/named.conf.local"
+zone_dir_path="/usr/local/bind/var/run/named/"
+rndc="/usr/local/bind/sbin/rndc"
+rndc_config="/usr/local/bind/etc/rndc.conf"