zoukankan      html  css  js  c++  java
  • StackStorm简介及其部署

    StackStorm简介:

    故障自愈作为运维领域的热门话题之一,各个公司都会投入大量的人力来开发不同的组件,如何正确、有序的调用不同组件以及避免相同功能组件的开发,是一件亟待解决的问题。 StackStrom 是一个基于事件流并自动执行的系统框架,基于此,可以让 外部系统产生的事件,有序的、可编排的集合到一起,作为一个完整的事件流去执行,从而解决一些高频次的运维难题。

    StackStorm的工作步骤大体如下:
    1. StackStorm Sensor感应并触发事件。
    2. Rules Engine对事件进行规则匹配,如果匹配产生任务。
    3. StackStorm Worker执行任务,一般是调用到外部系统。
    4. StackStorm记录审计任务执行的细节。
    5.任务执行结果返回给Rules Engine进行进一步处理。

    StackStorm部署步骤:以下操作,整理自官方部署步骤https://docs.stackstorm.com/install/rhel7.html

    本次部署环境如下:

    系统:Centos7.7

    内存:4G(官方说2G内容也可,我部署的时候内容使用率大概在60%,所以2G应该也是勉强的)

    磁盘:50G

    setenforce 0
    yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
    rpm --import https://www.mongodb.org/static/pgp/server-3.4.asc
    
    #使用<<符号来处理文件,EOT是一个标志符号,用来标志首尾位置。另外sh -c是指从-c后面的字符串读取命令,其实有点多余,可以直接执行cat部分的命令即可,无需在前面添加sh -c
    sh -c "cat <<EOT > /etc/yum.repos.d/mongodb-org-3.4.repo
    [mongodb-org-3.4]
    name=MongoDB Repository
    baseurl=https://repo.mongodb.org/yum/redhat/7/mongodb-org/3.4/x86_64/
    gpgcheck=1
    enabled=1
    gpgkey=https://www.mongodb.org/static/pgp/server-3.4.asc
    EOT"
    
    yum install crudini mongodb-org rabbitmq-server postgresql-server postgresql-contrib postgresql-devel -y 
    systemctl start mongod rabbitmq-server
    systemctl enable mongod rabbitmq-server
    #初始化postgresql
    postgresql-setup initdb
    #配置pgsql通过md5加密方式进行通讯
    sed -i "s/(host.*all.*all.*127.0.0.1/32.*)ident/1md5/" /var/lib/pgsql/data/pg_hba.conf
    sed -i "s/(host.*all.*all.*::1/128.*)ident/1md5/" /var/lib/pgsql/data/pg_hba.conf
    systemctl start postgresql
    systemctl enable postgresql
    curl -s https://packagecloud.io/install/repositories/StackStorm/stable/script.rpm.sh | sudo bash
    yum install -y st2 st2mistral
    #如果服务应用在不同服务器上,只需要修改以下配置路径即可
    #RabbitMQ connection at /etc/st2/st2.conf and /etc/mistral/mistral.conf
    #MongoDB at /etc/st2/st2.conf
    #PostgreSQL at /etc/mistral/mistral.conf
    DATASTORE_ENCRYPTION_KEYS_DIRECTORY="/etc/st2/keys"
    DATASTORE_ENCRYPTION_KEY_PATH="${DATASTORE_ENCRYPTION_KEYS_DIRECTORY}/datastore_key.json"
    mkdir -p ${DATASTORE_ENCRYPTION_KEYS_DIRECTORY}
    #生成一个加密密钥文件,并存放至指定位置
    st2-generate-symmetric-crypto-key --key-path ${DATASTORE_ENCRYPTION_KEY_PATH}
    chgrp st2 ${DATASTORE_ENCRYPTION_KEYS_DIRECTORY}
    chmod o-r ${DATASTORE_ENCRYPTION_KEYS_DIRECTORY}
    chgrp st2 ${DATASTORE_ENCRYPTION_KEY_PATH}
    chmod o-r ${DATASTORE_ENCRYPTION_KEY_PATH}
    #设置密钥配置
    crudini --set /etc/st2/st2.conf keyvalue encryption_key_path ${DATASTORE_ENCRYPTION_KEY_PATH}
    st2ctl restart-component st2api
    
    #同上,<< + 标志符,实现将后面的多行字符串重定向到前面的内容中。这里执行会提示could not change directory to "/root"。可能是因为切换到postgres用户导致的,没有影响+
    cat << EHD | sudo -u postgres psql
    CREATE ROLE mistral WITH CREATEDB LOGIN ENCRYPTED PASSWORD 'StackStorm';
    CREATE DATABASE mistral OWNER mistral;
    EHD
    
    #配置mistral数据库
    /opt/stackstorm/mistral/bin/mistral-db-manage --config-file /etc/mistral/mistral.conf upgrade head
    /opt/stackstorm/mistral/bin/mistral-db-manage --config-file /etc/mistral/mistral.conf populate | grep -v -e openstack -e keystone -e ironicclient
    #可能会提示用户已存在
    useradd stanley
    mkdir -p /home/stanley/.ssh
    chmod 0700 /home/stanley/.ssh
    ssh-keygen -f /home/stanley/.ssh/stanley_rsa -P ""
    sh -c 'cat /home/stanley/.ssh/stanley_rsa.pub >> /home/stanley/.ssh/authorized_keys'
    chown -R stanley:stanley /home/stanley/.ssh
    #配置stanley执行sudo免密
    sh -c 'echo "stanley    ALL=(ALL)       NOPASSWD: SETENV: ALL" >> /etc/sudoers.d/st2'
    chmod 0440 /etc/sudoers.d/st2
    #注释对应行?
    sed -i -r "s/^Defaultss++?requiretty/# Defaults +requiretty/g" /etc/sudoers
    #会提示Failed to start st2chatops.service: Unit not found.和st2chatops is not running.没影响
    st2ctl start
    st2ctl reload
    st2 --version
    st2 action list --pack=core
    #会提示succeeded
    st2 run core.local -- date -R
    #会提示succeeded
    st2 execution list
    #会提示succeeded
    st2 run core.remote hosts='localhost' -- uname -a
    #安装st2包,安装完成会提示succeeded
    st2 pack install st2
    #st2ctl相关的控制命令
    #st2ctl start|stop|status|restart|restart-component|reload|clean
    yum -y install httpd-tools
    #添加账号st2admin密码Ch@ngeMe,用来登录WEBUI
    echo 'Ch@ngeMe' | sudo htpasswd -i /etc/st2/htpasswd st2admin
    #[auth]     enable = True    修改【auth】下的enable的值为True即可
    vim /etc/st2/st2.conf
    st2ctl restart-component st2api
    #输入上面的默认密码Ch@ngeMe
    st2 login st2admin
    st2 action list
    rpm --import http://nginx.org/keys/nginx_signing.key
    
    sh -c "cat <<EOT > /etc/yum.repos.d/nginx.repo
    [nginx]
    name=nginx repo
    baseurl=http://nginx.org/packages/rhel/\$releasever/x86_64/
    gpgcheck=1
    enabled=1
    EOT"
    
    sed -i 's/^(enabled=1)$/exclude=nginx
    1/g' /etc/yum.repos.d/epel.repo
    yum install nginx st2web -y
    mkdir -p /etc/ssl/st2
    
    openssl req -x509 -newkey rsa:2048 -keyout /etc/ssl/st2/st2.key -out /etc/ssl/st2/st2.crt 
    -days 365 -nodes -subj "/C=US/ST=California/L=Palo Alto/O=StackStorm/OU=Information 
    Technology/CN=$(hostname)"
    
    cp /usr/share/doc/st2/conf/nginx/st2.conf /etc/nginx/conf.d/
    #取消nginx默认的web服务路径
    sed -i 's/default_server//g' /etc/nginx/nginx.conf
    systemctl restart nginx
    systemctl enable nginxsetenforce 0
    yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
    rpm --import https://www.mongodb.org/static/pgp/server-3.4.asc
    
    #使用<<符号来处理文件,EOT是一个标志符号,用来标志首尾位置。另外sh -c是指从-c后面的字符串读取命令,其实有点多余,可以直接执行cat部分的命令即可,无需在前面添加sh -c
    sh -c "cat <<EOT > /etc/yum.repos.d/mongodb-org-3.4.repo
    [mongodb-org-3.4]
    name=MongoDB Repository
    baseurl=https://repo.mongodb.org/yum/redhat/7/mongodb-org/3.4/x86_64/
    gpgcheck=1
    enabled=1
    gpgkey=https://www.mongodb.org/static/pgp/server-3.4.asc
    EOT"
    
    yum install crudini mongodb-org rabbitmq-server postgresql-server postgresql-contrib postgresql-devel -y 
    systemctl start mongod rabbitmq-server
    systemctl enable mongod rabbitmq-server
    #初始化postgresql
    postgresql-setup initdb
    #配置pgsql通过md5加密方式进行通讯
    sed -i "s/(host.*all.*all.*127.0.0.1/32.*)ident/1md5/" /var/lib/pgsql/data/pg_hba.conf
    sed -i "s/(host.*all.*all.*::1/128.*)ident/1md5/" /var/lib/pgsql/data/pg_hba.conf
    systemctl start postgresql
    systemctl enable postgresql
    curl -s https://packagecloud.io/install/repositories/StackStorm/stable/script.rpm.sh | sudo bash
    yum install -y st2 st2mistral
    #如果服务应用在不同服务器上,只需要修改以下配置路径即可
    #RabbitMQ connection at /etc/st2/st2.conf and /etc/mistral/mistral.conf
    #MongoDB at /etc/st2/st2.conf
    #PostgreSQL at /etc/mistral/mistral.conf
    DATASTORE_ENCRYPTION_KEYS_DIRECTORY="/etc/st2/keys"
    DATASTORE_ENCRYPTION_KEY_PATH="${DATASTORE_ENCRYPTION_KEYS_DIRECTORY}/datastore_key.json"
    mkdir -p ${DATASTORE_ENCRYPTION_KEYS_DIRECTORY}
    #生成一个加密密钥文件,并存放至指定位置
    st2-generate-symmetric-crypto-key --key-path ${DATASTORE_ENCRYPTION_KEY_PATH}
    chgrp st2 ${DATASTORE_ENCRYPTION_KEYS_DIRECTORY}
    chmod o-r ${DATASTORE_ENCRYPTION_KEYS_DIRECTORY}
    chgrp st2 ${DATASTORE_ENCRYPTION_KEY_PATH}
    chmod o-r ${DATASTORE_ENCRYPTION_KEY_PATH}
    #设置密钥配置
    crudini --set /etc/st2/st2.conf keyvalue encryption_key_path ${DATASTORE_ENCRYPTION_KEY_PATH}
    st2ctl restart-component st2api
    
    #同上,<< + 标志符,实现将后面的多行字符串重定向到前面的内容中。这里执行会提示could not change directory to "/root"。可能是因为切换到postgres用户导致的,没有影响+
    cat << EHD | sudo -u postgres psql
    CREATE ROLE mistral WITH CREATEDB LOGIN ENCRYPTED PASSWORD 'StackStorm';
    CREATE DATABASE mistral OWNER mistral;
    EHD
    
    #配置mistral数据库
    /opt/stackstorm/mistral/bin/mistral-db-manage --config-file /etc/mistral/mistral.conf upgrade head
    /opt/stackstorm/mistral/bin/mistral-db-manage --config-file /etc/mistral/mistral.conf populate | grep -v -e openstack -e keystone -e ironicclient
    #可能会提示用户已存在
    useradd stanley
    mkdir -p /home/stanley/.ssh
    chmod 0700 /home/stanley/.ssh
    ssh-keygen -f /home/stanley/.ssh/stanley_rsa -P ""
    sh -c 'cat /home/stanley/.ssh/stanley_rsa.pub >> /home/stanley/.ssh/authorized_keys'
    chown -R stanley:stanley /home/stanley/.ssh
    #配置stanley执行sudo免密
    sh -c 'echo "stanley    ALL=(ALL)       NOPASSWD: SETENV: ALL" >> /etc/sudoers.d/st2'
    chmod 0440 /etc/sudoers.d/st2
    #注释对应行?
    sed -i -r "s/^Defaultss++?requiretty/# Defaults +requiretty/g" /etc/sudoers
    #会提示Failed to start st2chatops.service: Unit not found.和st2chatops is not running.没影响
    st2ctl start
    st2ctl reload
    st2 --version
    st2 action list --pack=core
    #会提示succeeded
    st2 run core.local -- date -R
    #会提示succeeded
    st2 execution list
    #会提示succeeded
    st2 run core.remote hosts='localhost' -- uname -a
    #安装st2包,安装完成会提示succeeded
    st2 pack install st2
    #st2ctl相关的控制命令
    #st2ctl start|stop|status|restart|restart-component|reload|clean
    yum -y install httpd-tools
    #添加账号st2admin密码Ch@ngeMe,用来登录WEBUI
    echo 'Ch@ngeMe' | sudo htpasswd -i /etc/st2/htpasswd st2admin
    #[auth]     enable = True    修改【auth】下的enable的值为True即可
    vim /etc/st2/st2.conf
    st2ctl restart-component st2api
    #输入上面的默认密码Ch@ngeMe
    st2 login st2admin
    st2 action list
    rpm --import http://nginx.org/keys/nginx_signing.key
    
    sh -c "cat <<EOT > /etc/yum.repos.d/nginx.repo
    [nginx]
    name=nginx repo
    baseurl=http://nginx.org/packages/rhel/\$releasever/x86_64/
    gpgcheck=1
    enabled=1
    EOT"
    
    sed -i 's/^(enabled=1)$/exclude=nginx
    1/g' /etc/yum.repos.d/epel.repo
    yum install nginx st2web -y
    mkdir -p /etc/ssl/st2
    
    openssl req -x509 -newkey rsa:2048 -keyout /etc/ssl/st2/st2.key -out /etc/ssl/st2/st2.crt 
    -days 365 -nodes -subj "/C=US/ST=California/L=Palo Alto/O=StackStorm/OU=Information 
    Technology/CN=$(hostname)"
    
    cp /usr/share/doc/st2/conf/nginx/st2.conf /etc/nginx/conf.d/
    #取消nginx默认的web服务路径
    sed -i 's/default_server//g' /etc/nginx/nginx.conf
    systemctl restart nginx
    systemctl enable nginx

     浏览器访问服务器IP即可,在登录界面输入账号st2admin密码Ch@ngeMe,登录后界面如下

     具体的使用方法,后续我再进行补充

  • 相关阅读:
    SPOJ GSS4 Can you answer these queries IV ——树状数组 并查集
    SPOJ GSS3 Can you answer these queries III ——线段树
    SPOJ GSS2 Can you answer these queries II ——线段树
    SPOJ GSS1 Can you answer these queries I ——线段树
    BZOJ 2178 圆的面积并 ——Simpson积分
    SPOJ CIRU The area of the union of circles ——Simpson积分
    HDU 1724 Ellipse ——Simpson积分
    HDU 1071 The area ——微积分
    HDU 4609 3-idiots ——FFT
    BZOJ 2194 快速傅立叶之二 ——FFT
  • 原文地址:https://www.cnblogs.com/biaopei/p/12966934.html
Copyright © 2011-2022 走看看