目录
节点配置
node01: OS: "CentOS 7.6" CPU: "8 core" MEM: "16G" node02: OS: "CentOS 7.6" CPU: "8 core" MEM: "16G" node03: OS: "CentOS 7.6" CPU: "8 core" MEM: "16G"
部署配置优化
所有优化配置都在解压完蓝鲸安装包后进行
由于以上配置无法满足蓝鲸日志、监控和故障自愈部署配置需求,需要做部署前配置优化
优化内存和超时时间
1) 修改es的jvm的堆内存值
可以根据机器可用内存进行调整
sed -i 's/^JVM_MEM=.*/JVM_MEM=2/' /data/install/bin/install_es.sh
2) 修改saas模板的线程数
默认是CPU核心数 * 2,这里由于可用内存不足,修改成CPU核心数 * 1
sed -i 's/^workers = .*/workers = 8/' /data/src/paas_agent/paas_agent/etc/templates/docker/uwsgi.ini
3) 永久修改saas超时时间
有些时候节点性能问题,导致部署SaaS应用检测部署状态时间超出Timeout时间,所以进行超时优化设置,超时时间根据机器性能自定义调整
sed -i '$aEVENT_STATE_EXPIRE_SECONDS = 3600' /data/src/open_paas/support-files/templates/paas#conf#settings_production.py.tpl sed -i 's/^ EXECUTE_TIME_LIMIT:.*/ EXECUTE_TIME_LIMIT: 3600/' /data/src/paas_agent/support-files/templates/#etc#paas_agent_config.yaml.tpl
配置install.config
1) 总体install.config配置如下
10.0.0.1 iam,ssm,usermgr,gse,license,redis,consul,mysql 10.0.0.2 nginx,consul,mongodb,rabbitmq,appo 10.0.0.3 paas,cmdb,job,zk(config),appt,consul,nodeman(nodeman) [bkmonitorv3] 10.0.0.3 kafka(config),monitorv3(transfer) 10.0.0.2 influxdb(bkmonitorv3),monitorv3(influxdb-proxy),monitorv3(grafana) 10.0.0.1 es7,monitorv3(monitor) [bklog] 10.0.0.2 log(api),log(grafana) [fta] 10.0.0.2 fta,beanstalk
2) 替换install.config中的IP地址
YourIP=(172.16.1.21 172.16.1.22 172.16.1.23)
sed -i "s/10.0.0.1/${YourIP[0]}/g" /data/install/install.config
sed -i "s/10.0.0.2/${YourIP[1]}/g" /data/install/install.config
sed -i "s/10.0.0.3/${YourIP[2]}/g" /data/install/install.config
3) 在部署监控、日志、故障自愈的标准运维流程中,去掉勾选 生成install.config流程节点 4) 在部署监控的标准运维流程中,按照上面install.config的配置顺序填写deploy_ip
蓝鲸安装命令
./bk_install common && ./health_check/check_bk_controller.sh && ./bk_install paas && ./bk_install app_mgr && ./bk_install saas-o bk_iam && ./bk_install saas-o bk_user_manage && ./bk_install cmdb && ./bk_install job && ./bk_install bknodeman && ./bk_install saas-o bk_sops && ./bk_install saas-o bk_itsm && ./bkcli initdata topo && echo bkssm bkiam usermgr paas cmdb gse job consul | xargs -n 1 ./bkcli check
nginx配置consul basic认证
nginx添加basic认证配置
配置在service_name内容下方,或location配置里面 1) 开启本地认证
auth_basic "User Authentication";
2) 配置本地用户密码文件路径 建议绝对路径
auth_basic_user_file /usr/local/openresty/nginx/conf/conf.d/consul_pass.db;
3) 整体配置预览
upstream CONSUL_WEB {
server 127.0.0.1:8500 max_fails=1 fail_timeout=30s;
}
server {
listen 80;
server_name consul-106.ithours.com;
auth_basic "User Authentication";
auth_basic_user_file /usr/local/openresty/nginx/conf/conf.d/consul_pass.db;
access_log /data/bkce/logs/nginx/consul_web_access.log main;
error_log /data/bkce/logs/nginx/consul_web_error.log warn;
location / {
proxy_pass http://CONSUL_WEB;
proxy_pass_header Server;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_read_timeout 600;
proxy_next_upstream http_502 http_504 error timeout invalid_header;
}
}
4) 创建认证文件并配置用户密码 bkce-106为密码,根据实际修改
printf "consul:$(openssl passwd -crypt bkce-106)\n" > /usr/local/openresty/nginx/conf/conf.d/consul_pass.db
5) 重读nginx配置文件
/usr/local/openresty/nginx/sbin/nginx -s reload
awk使用实例
1) 查看当前系统所有 TCP 连接中各种状态的连接数
ss -n | awk '$1=="tcp" {S[$1" "$2]++} END {for(a in S) print a, S[a]}'
CPU使用率
#!/bin/bash
CPU_1=$(cat /proc/stat | grep 'cpu ' | awk '{print $2" "$3" "$4" "$5" "$6" "$7" "$8}')
SYS_IDLE_1=$(echo $CPU_1 | awk '{print $4}')
Total01=$(echo $CPU_1 | awk '{printf "%.f",$1+$2+$3+$4+$5+$6+$7}')
sleep 1
CPU_2=$(cat /proc/stat | grep 'cpu ' | awk '{print $2" "$3" "$4" "$5" "$6" "$7" "$8}')
SYS_IDLE_2=$(echo $CPU_2 | awk '{print $4}')
Total_2=$(echo $CPU_2 | awk '{printf "%.f",$1+$2+$3+$4+$5+$6+$7}')
SYS_IDLE=`expr $SYS_IDLE_2 - $SYS_IDLE_1`
Total=`expr $Total_2 - $Total01`
TT=`expr $SYS_IDLE \* 100`
SYS_USAGE=`expr $TT / $Total`
SYS_Rate=`expr 100 - $SYS_USAGE`
echo CPU_USAGE ${SYS_Rate}
shell 从1加到100
#!/bin/bash
if [[ $1 =~ ^[0-9]+$ && $2 =~ ^[0-9]+$ ]]; then
if [[ $1 < $2 ]]; then
n=$1
d=$2
elif [[ $2 < $1 ]]; then
n=$2
d=$1
fi
for ((m=$(($n+1));m<=$d;m++)); do
n=$(($n+$m))
done
echo ${n}
else
echo -e "请输入两个正整数参数"
fi
consul client加入集群和添加注册解析
这里以mysql slave注册解析为示例
加入集群配置
echo '{
"retry_join": ["10.0.6.17","10.0.6.23","10.0.6.70"]
}' > /etc/consul.d/auto_join.json
consul client自身信息配置
echo '{
"bind_addr": "10.0.7.1",
"log_level": "info",
"log_file": "/var/log/consul/consul.log",
"datacenter": "dc",
"data_dir": "/var/lib/consul",
"node_name": "agent-7-1",
"disable_update_check": true,
"enable_local_script_checks": true,
"encrypt": "T2dXR2hCbFpEM3h4d2FWTlNLOG1jUHdjbm9xQmwwaHU=",
"ports": {
"dns": 53,
"http": 8500
}
}' > /etc/consul.d/consul.json
encrypt加密配置要跟consul server端一致,建议从consul server复制配置文件过来,修改bind_addr和node_name即可
consul client dist(分发)配置
echo '{
"server": true,
"data_dir": "/var/lib/consul",
"log_level": "INFO"
}' > /etc/consul.d/consul.json-dist
consul client递归DNS解析配置
echo '{
"recursors": [
"114.114.114.114",
"8.8.8.8"
]
}' > /etc/consul.d/recursors.json
配置mysql注册到consul
echo '{
"service": {
"id": "mysql-slave-a28aa5e6-b616-11eb-aa92-005056a2697d",
"name": "mysql-slave",
"address": "10.0.7.1",
"port": 3306,
"check": {
"tcp": "10.0.7.1:3306",
"interval": "10s",
"timeout": "3s"
}
}
}' > /etc/consul.d/service/mysql-slave.json
id为唯一标识就行
配置consul client启动参数文件
echo 'CMD_OPTS="agent -config-dir=/etc/consul.d -config-dir=/etc/consul.d/service -data-dir=/var/lib/consul" #GOMAXPROCS=4' > /etc/sysconfig/consul
data-dir跟前面几个配置文件保持一致
修改配置文件权限
chown -R root:consul /etc/consul.d/*
配置consul client 启动文件
echo '[Unit] Description=Consul is a tool for service discovery and configuration. Consul is distributed, highly available, and extremely scalable. Documentation=http://www.consul.io After=network-online.target Wants=network-online.target [Service] User=consul Group=consul EnvironmentFile=-/etc/sysconfig/consul ExecStart=/usr/bin/consul $CMD_OPTS ExecReload=/bin/kill -HUP $MAINPID KillSignal=SIGINT [Install] WantedBy=multi-user.target' > /usr/lib/systemd/system/consul.service
启动consul服务
systemctl daemon-reload
systemctl restart consul
consul client跟server就缺少一个server.json配置文件,文件内容如下,仅做参考,不做client配置用
{
"server": true,
"bootstrap_expect": 3
}