forked from guohongze/adminset
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
celery redis config update update scripts update
- Loading branch information
Showing
15 changed files
with
288 additions
and
23 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,161 @@ | ||
| #主机名 | ||
| adminset程序依赖主机名,所以被控机器、客户机,都需要设置主机名,主机名唯一,并且可以被解析 | ||
| 请在 /etc/hosts 或是DNS中加入主机名的解析。 | ||
| #install | ||
| 安装需要使用yum源请保证可用,或使用本地yum源。 | ||
| 如果ubuntu客户端需要ansible等管理功能,需要开启root登录(配置脚本会自动开始,如不需要请手工关闭) | ||
|
|
||
| 服务器安装: | ||
| 1、下载代码 | ||
| git clone https://github.com/guohongze/adminset.git | ||
| 2、执行安装脚本 | ||
| adminset/install/server/server_install.sh | ||
| 安装过程需要输入管理员数据库等交互信息,如果安装中断再次执行server_install.sh即可. | ||
| 安装过程中会生成rsa密钥,位于/root/.ssh 目录下,如果已经存在,忽略即可。 | ||
| 3、交互信息 | ||
| 1、如果系统开启了selinux会提示:Do you want to disabled selinux?[yes/no] | ||
| 选择yes。(默认yes) | ||
| 2、YUM源选择提示do you want to use an internet yum repository?[yes/no] | ||
| 没有本地的yum源请选择yes,如果有本地的YUM源(包括epel源)请选择no。(默认值yes) | ||
| 3、数据库选择提示:do you want to create a new mysql database?[yes/no] | ||
| 本地没有数据库选择yes自动下载安装mariadb数据库,如已经存在mysql或mariadb数据库选择no,然后填写相关信息主机、端口、用户名、密码。(默认值yes) | ||
| 4、mongodb选择提示:do you want to create a new Mongodb?[YES/no] | ||
| 本地没有mongodb选择yes自动下载安装mongodb数据库,如已经存在mongodb数据库选择no,然后填写相关信息主机、端口、用户名、密码。(默认值yes) | ||
| 5、创建超管用户提示,please create your adminset' super admin: 输入超管用户名、邮件、密码。 | ||
| 客户端安装 | ||
| 说明:为保证注册IP是管理IP(后续会被ansible等调用),客户端的IP抓取目前使用主机名解析,否则报错。 如:主机名为cn-bj-web01 请在/etc/hosts中加入相应的解析 192.168.x.x cn-bj-web01,这样再执行adminset_agent.py 可以保证正常运行。 centos7不进行解析也可获取主机IP. | ||
| step1:安装依赖 | ||
| 拷贝adminset/install/client/client_install.sh 到客户机上并执行: | ||
| sh client_install.sh | ||
|
|
||
| step2:执行agent | ||
| 拷贝adminset/install/client/adminset_agent.py 到客户机上并执行: | ||
| python adminset_agent.py | ||
| 后台运行请参考: | ||
| nohup adminset_aent.py & | ||
| agent默认每1800秒上传一次资产和硬件信息,可以在adminset_agent.py中自定义 | ||
| 访问: | ||
| http://your_server_ip | ||
| 使用自己在安装过程中创建的super admin用户名密码 | ||
|
|
||
| #程序目录 | ||
| 安装脚本会将文件安装在/var/opt/adminset | ||
| main为程序代码 | ||
| config 配置 | ||
| pid pid文件 | ||
| logs 日志 | ||
| data 常用数据 | ||
|
|
||
| #站点导航用法 | ||
| 在站点管理中输入常用的运维工具系统后会自动出现在站点导航界面。 | ||
|
|
||
| #cmdb用法 | ||
| install/client/adminset_agent.py 开户后会自动上报主机相关信息到CMDB | ||
| 获取主机信息 | ||
| http://your_server_ip/cmdb/get/host/?token=your_token&name=host_name | ||
| 获取所有主机: | ||
| http://your_server_ip/cmdb/get/host/?token=your_token&name=all | ||
| 获取组信息: | ||
| http://your_server_ip/cmdb/get/group/?token=your_token&name=group_name | ||
| 获取所有组: | ||
| http://your_server_ip/cmdb/get/group/?token=your_token&name=all | ||
|
|
||
| #启用webssh | ||
| 需要设置域名解析,默认域名为adminset.cn(可以在配置管理页面进行变更) | ||
| 需要将这个域名做泛解析指向adminset所在的服务器,在本地或公网DNS都行,如果没有可以设置HOSTS解析,但HOSTS不支持泛解析。 | ||
| 这样做是为了解决webssh启动时区分不同session进行认证而设置。 | ||
|
|
||
| 指向完成后点击资产管理中的webssh按钮会触发域名格式如下: | ||
| {{ host.hostname }}.adminset.cn:2222/ssh/host/{{ host.ip }} | ||
| 如主机名为cmdb IP为 192.168.47.130 | ||
| http://cmdb.adminset.cn:2222/ssh/host/192.168.47.130 | ||
| 通过此URL进入webssh访问界面,第一次进入时会询问用户名密码,请填写系统对应的用户和密码即可。 | ||
|
|
||
|
|
||
| # 定时任务用法 | ||
| 首先新建interval 或crontab | ||
| 新建任务填写名字 | ||
| 选择间隔或crontab | ||
| 在Keyword arguments(任务指令):处的写法是json格式: | ||
| 执行命令<br> | ||
| {"host":"c1", name:"service tomcat restart"} | ||
| 执行脚本<br> | ||
| {"host":"c1", name:"reboot.sh"} | ||
| 拉到最下边Task (registered) | ||
| setup.tasks.command是直接向目标机器发送命令 | ||
| setup.tasks.scripts是在目标机器上执行一个你已经上传到服务器中的脚本,默认路径/var/opt/adminset/data/scripts | ||
| 注意:已经运行任务以后,再去修改任务不会立即生效,需要重启beat组件,在任务编排的后台管理中可以重启。 | ||
| 这是由于celery的BUG导致,会在社区发布稳定版本以后修复。 | ||
|
|
||
| #ansible用法 | ||
| 1、自动设置证书认证 | ||
| 通过adminset_agent自动上报的服务器,可以自动设置免密登入(认书认证) | ||
| 前提是已经在客户端做了hosts解析,并且密码与在服务器的系统配置>密钥设置>ssh password | ||
| 相同,也就是说如果自动分发密钥必须在系统配置中提前输入密码并保存,系统默认带的密码是root。 | ||
| 注意:系统只有在第一次上报信息时会调用ssh密钥分发.如果以后想使用自动密钥分发需要在资产管理中 | ||
| 删除服务信息,然后再自动上报即可。 | ||
|
|
||
| 2、手工设置认证书认证。 | ||
| 配置免密钥登陆客机(ansible和shell管理客户机需要此配置) | ||
| 在服务器上执行 | ||
| ssh-keygen | ||
| ssh-copy-id -i /root/.ssh/id_rsa.pub {客户机IP} | ||
| 输入客户机密码后认证成功可以ssh免密登入 | ||
|
|
||
| CMDB自动上报主机以后,在ansible页面执行 同步到ansible将主机信息写入ansible的hosts文件 | ||
| 然后将playbook 或是role脚本上传到/var/opt/adminset/data/playbook 或/var/opt/adminset/data/roles | ||
|
|
||
| #shell用法 | ||
| 依赖免密登入(与ansible同) | ||
| CMDB自动上报主机以后,shell界面可以直接调用主机。 | ||
| 然后将常用脚本上传到/var/opt/adminset/data/scripts 中shell脚本栏将会自动发现脚本。 | ||
|
|
||
| #监控平台用法 | ||
| 当adminset_agent.py自动上报信息到,监控会自动发现并配置,无需干预. | ||
| 当监控页面打开时,前端JS每10秒会异步抓取监控数据 | ||
| agent默认每60秒上传一次监控数据,可以在adminset_agent.py中自定义 | ||
|
|
||
| #权限管理 | ||
| 1、新建权限如: | ||
| 名字:资产管理 | ||
| URL:/cmdb/ | ||
| 2、新建角色: | ||
| 名字:资产管理员 | ||
| 可选择权限:资产管理 | ||
| 3、新建用户 | ||
| 在角色一栏选择:资产管理员 | ||
|
|
||
|
|
||
| #组件启动管理 | ||
| service adminset {start|stop|restart} # gunicorn管理程序 | ||
| service nginx {start|stop|restart} # web server | ||
| service redis {start|stop|restart} # 缓存和任务列表 | ||
| service mariadb {start|stop|restart} # 数据库,账号资产等信息 | ||
| service celery {start|stop|restart} # 异步任务主程序 | ||
| service beat {start|stop|restart} # 任务调用 | ||
| service mongod {start|stop|restart} # 监控数据库 | ||
| service webssh {start|stop|restart} # web终端功能 | ||
|
|
||
| #升级与更新 | ||
| 强烈建设在升级或更新adminset之前先备份数据库,并在测试环境验证通过,因为adminset在快速的发展过程中,每版本功能与结构变化较大。 | ||
| 1)小版本更新: | ||
| 如v0.3.6更新到v0.3.7只需下载相应版本的代码到本地然后执行: | ||
| adminset/install/update.sh | ||
| 2)大版本更新: | ||
| 如v0.3.0更新到v0.4.0 | ||
| adminset/install/server_install.sh | ||
| 如果原在数据库本机上未设置密码则在do you want to install new mysql/mongodb时选择yes可覆盖安装,这时会要求再创建一个超管,但不能和以前的超管同名,因为之前已经有数据了。 | ||
| 如果已设置密码或是独立服务器可以选择no,或者在安装完成后手动修改/var/opt/adminset/main/adminset.conf文件中的相应信息。 | ||
| 3)二次开发 | ||
| rsync.sh脚本只做增量,rsync参数不带--delete选项,不会在生产环境删除代码中已删除的条目,不更新组件配置文件,不会生成新的ORM数据库条目。 | ||
| update.sh脚本带--delete选项,同步代码,重新发布各组件的配置文件,并重新生成ORM数据文件(makemigrations migrate)。 | ||
| 4)0.5版本结构变动较大,更新请使用server_install.sh 然后在设置数据库时使用现有数据库。 | ||
|
|
||
| # 安全 | ||
| 强烈建议不要将程序启动在有公网可以直接访问的设备上,如果需要请使用VPN。 | ||
| 建议生产环境中使用https配置服务器<br> | ||
| 建议adminset放在网管区中,并且开启防火墙。 | ||
| django的settings中开启了DEBUG,在生产中需要关闭并指定自己的域名。 | ||
|
|
||
| # 开发者交流 | ||
| QQ群:427794947 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Oops, something went wrong.