zoukankan      html  css  js  c++  java
  • StackStorm简介及其部署

    StackStorm简介:

    故障自愈作为运维领域的热门话题之一,各个公司都会投入大量的人力来开发不同的组件,如何正确、有序的调用不同组件以及避免相同功能组件的开发,是一件亟待解决的问题。 StackStrom 是一个基于事件流并自动执行的系统框架,基于此,可以让 外部系统产生的事件,有序的、可编排的集合到一起,作为一个完整的事件流去执行,从而解决一些高频次的运维难题。

    StackStorm的工作步骤大体如下:
    1. StackStorm Sensor感应并触发事件。
    2. Rules Engine对事件进行规则匹配,如果匹配产生任务。
    3. StackStorm Worker执行任务,一般是调用到外部系统。
    4. StackStorm记录审计任务执行的细节。
    5.任务执行结果返回给Rules Engine进行进一步处理。

    StackStorm部署步骤:以下操作,整理自官方部署步骤https://docs.stackstorm.com/install/rhel7.html

    本次部署环境如下:

    系统:Centos7.7

    内存:4G(官方说2G内容也可,我部署的时候内容使用率大概在60%,所以2G应该也是勉强的)

    磁盘:50G

    setenforce 0
    yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
    rpm --import https://www.mongodb.org/static/pgp/server-3.4.asc
    
    #使用<<符号来处理文件,EOT是一个标志符号,用来标志首尾位置。另外sh -c是指从-c后面的字符串读取命令,其实有点多余,可以直接执行cat部分的命令即可,无需在前面添加sh -c
    sh -c "cat <<EOT > /etc/yum.repos.d/mongodb-org-3.4.repo
    [mongodb-org-3.4]
    name=MongoDB Repository
    baseurl=https://repo.mongodb.org/yum/redhat/7/mongodb-org/3.4/x86_64/
    gpgcheck=1
    enabled=1
    gpgkey=https://www.mongodb.org/static/pgp/server-3.4.asc
    EOT"
    
    yum install crudini mongodb-org rabbitmq-server postgresql-server postgresql-contrib postgresql-devel -y 
    systemctl start mongod rabbitmq-server
    systemctl enable mongod rabbitmq-server
    #初始化postgresql
    postgresql-setup initdb
    #配置pgsql通过md5加密方式进行通讯
    sed -i "s/(host.*all.*all.*127.0.0.1/32.*)ident/1md5/" /var/lib/pgsql/data/pg_hba.conf
    sed -i "s/(host.*all.*all.*::1/128.*)ident/1md5/" /var/lib/pgsql/data/pg_hba.conf
    systemctl start postgresql
    systemctl enable postgresql
    curl -s https://packagecloud.io/install/repositories/StackStorm/stable/script.rpm.sh | sudo bash
    yum install -y st2 st2mistral
    #如果服务应用在不同服务器上,只需要修改以下配置路径即可
    #RabbitMQ connection at /etc/st2/st2.conf and /etc/mistral/mistral.conf
    #MongoDB at /etc/st2/st2.conf
    #PostgreSQL at /etc/mistral/mistral.conf
    DATASTORE_ENCRYPTION_KEYS_DIRECTORY="/etc/st2/keys"
    DATASTORE_ENCRYPTION_KEY_PATH="${DATASTORE_ENCRYPTION_KEYS_DIRECTORY}/datastore_key.json"
    mkdir -p ${DATASTORE_ENCRYPTION_KEYS_DIRECTORY}
    #生成一个加密密钥文件,并存放至指定位置
    st2-generate-symmetric-crypto-key --key-path ${DATASTORE_ENCRYPTION_KEY_PATH}
    chgrp st2 ${DATASTORE_ENCRYPTION_KEYS_DIRECTORY}
    chmod o-r ${DATASTORE_ENCRYPTION_KEYS_DIRECTORY}
    chgrp st2 ${DATASTORE_ENCRYPTION_KEY_PATH}
    chmod o-r ${DATASTORE_ENCRYPTION_KEY_PATH}
    #设置密钥配置
    crudini --set /etc/st2/st2.conf keyvalue encryption_key_path ${DATASTORE_ENCRYPTION_KEY_PATH}
    st2ctl restart-component st2api
    
    #同上,<< + 标志符,实现将后面的多行字符串重定向到前面的内容中。这里执行会提示could not change directory to "/root"。可能是因为切换到postgres用户导致的,没有影响+
    cat << EHD | sudo -u postgres psql
    CREATE ROLE mistral WITH CREATEDB LOGIN ENCRYPTED PASSWORD 'StackStorm';
    CREATE DATABASE mistral OWNER mistral;
    EHD
    
    #配置mistral数据库
    /opt/stackstorm/mistral/bin/mistral-db-manage --config-file /etc/mistral/mistral.conf upgrade head
    /opt/stackstorm/mistral/bin/mistral-db-manage --config-file /etc/mistral/mistral.conf populate | grep -v -e openstack -e keystone -e ironicclient
    #可能会提示用户已存在
    useradd stanley
    mkdir -p /home/stanley/.ssh
    chmod 0700 /home/stanley/.ssh
    ssh-keygen -f /home/stanley/.ssh/stanley_rsa -P ""
    sh -c 'cat /home/stanley/.ssh/stanley_rsa.pub >> /home/stanley/.ssh/authorized_keys'
    chown -R stanley:stanley /home/stanley/.ssh
    #配置stanley执行sudo免密
    sh -c 'echo "stanley    ALL=(ALL)       NOPASSWD: SETENV: ALL" >> /etc/sudoers.d/st2'
    chmod 0440 /etc/sudoers.d/st2
    #注释对应行?
    sed -i -r "s/^Defaultss++?requiretty/# Defaults +requiretty/g" /etc/sudoers
    #会提示Failed to start st2chatops.service: Unit not found.和st2chatops is not running.没影响
    st2ctl start
    st2ctl reload
    st2 --version
    st2 action list --pack=core
    #会提示succeeded
    st2 run core.local -- date -R
    #会提示succeeded
    st2 execution list
    #会提示succeeded
    st2 run core.remote hosts='localhost' -- uname -a
    #安装st2包,安装完成会提示succeeded
    st2 pack install st2
    #st2ctl相关的控制命令
    #st2ctl start|stop|status|restart|restart-component|reload|clean
    yum -y install httpd-tools
    #添加账号st2admin密码Ch@ngeMe,用来登录WEBUI
    echo 'Ch@ngeMe' | sudo htpasswd -i /etc/st2/htpasswd st2admin
    #[auth]     enable = True    修改【auth】下的enable的值为True即可
    vim /etc/st2/st2.conf
    st2ctl restart-component st2api
    #输入上面的默认密码Ch@ngeMe
    st2 login st2admin
    st2 action list
    rpm --import http://nginx.org/keys/nginx_signing.key
    
    sh -c "cat <<EOT > /etc/yum.repos.d/nginx.repo
    [nginx]
    name=nginx repo
    baseurl=http://nginx.org/packages/rhel/\$releasever/x86_64/
    gpgcheck=1
    enabled=1
    EOT"
    
    sed -i 's/^(enabled=1)$/exclude=nginx
    1/g' /etc/yum.repos.d/epel.repo
    yum install nginx st2web -y
    mkdir -p /etc/ssl/st2
    
    openssl req -x509 -newkey rsa:2048 -keyout /etc/ssl/st2/st2.key -out /etc/ssl/st2/st2.crt 
    -days 365 -nodes -subj "/C=US/ST=California/L=Palo Alto/O=StackStorm/OU=Information 
    Technology/CN=$(hostname)"
    
    cp /usr/share/doc/st2/conf/nginx/st2.conf /etc/nginx/conf.d/
    #取消nginx默认的web服务路径
    sed -i 's/default_server//g' /etc/nginx/nginx.conf
    systemctl restart nginx
    systemctl enable nginxsetenforce 0
    yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
    rpm --import https://www.mongodb.org/static/pgp/server-3.4.asc
    
    #使用<<符号来处理文件,EOT是一个标志符号,用来标志首尾位置。另外sh -c是指从-c后面的字符串读取命令,其实有点多余,可以直接执行cat部分的命令即可,无需在前面添加sh -c
    sh -c "cat <<EOT > /etc/yum.repos.d/mongodb-org-3.4.repo
    [mongodb-org-3.4]
    name=MongoDB Repository
    baseurl=https://repo.mongodb.org/yum/redhat/7/mongodb-org/3.4/x86_64/
    gpgcheck=1
    enabled=1
    gpgkey=https://www.mongodb.org/static/pgp/server-3.4.asc
    EOT"
    
    yum install crudini mongodb-org rabbitmq-server postgresql-server postgresql-contrib postgresql-devel -y 
    systemctl start mongod rabbitmq-server
    systemctl enable mongod rabbitmq-server
    #初始化postgresql
    postgresql-setup initdb
    #配置pgsql通过md5加密方式进行通讯
    sed -i "s/(host.*all.*all.*127.0.0.1/32.*)ident/1md5/" /var/lib/pgsql/data/pg_hba.conf
    sed -i "s/(host.*all.*all.*::1/128.*)ident/1md5/" /var/lib/pgsql/data/pg_hba.conf
    systemctl start postgresql
    systemctl enable postgresql
    curl -s https://packagecloud.io/install/repositories/StackStorm/stable/script.rpm.sh | sudo bash
    yum install -y st2 st2mistral
    #如果服务应用在不同服务器上,只需要修改以下配置路径即可
    #RabbitMQ connection at /etc/st2/st2.conf and /etc/mistral/mistral.conf
    #MongoDB at /etc/st2/st2.conf
    #PostgreSQL at /etc/mistral/mistral.conf
    DATASTORE_ENCRYPTION_KEYS_DIRECTORY="/etc/st2/keys"
    DATASTORE_ENCRYPTION_KEY_PATH="${DATASTORE_ENCRYPTION_KEYS_DIRECTORY}/datastore_key.json"
    mkdir -p ${DATASTORE_ENCRYPTION_KEYS_DIRECTORY}
    #生成一个加密密钥文件,并存放至指定位置
    st2-generate-symmetric-crypto-key --key-path ${DATASTORE_ENCRYPTION_KEY_PATH}
    chgrp st2 ${DATASTORE_ENCRYPTION_KEYS_DIRECTORY}
    chmod o-r ${DATASTORE_ENCRYPTION_KEYS_DIRECTORY}
    chgrp st2 ${DATASTORE_ENCRYPTION_KEY_PATH}
    chmod o-r ${DATASTORE_ENCRYPTION_KEY_PATH}
    #设置密钥配置
    crudini --set /etc/st2/st2.conf keyvalue encryption_key_path ${DATASTORE_ENCRYPTION_KEY_PATH}
    st2ctl restart-component st2api
    
    #同上,<< + 标志符,实现将后面的多行字符串重定向到前面的内容中。这里执行会提示could not change directory to "/root"。可能是因为切换到postgres用户导致的,没有影响+
    cat << EHD | sudo -u postgres psql
    CREATE ROLE mistral WITH CREATEDB LOGIN ENCRYPTED PASSWORD 'StackStorm';
    CREATE DATABASE mistral OWNER mistral;
    EHD
    
    #配置mistral数据库
    /opt/stackstorm/mistral/bin/mistral-db-manage --config-file /etc/mistral/mistral.conf upgrade head
    /opt/stackstorm/mistral/bin/mistral-db-manage --config-file /etc/mistral/mistral.conf populate | grep -v -e openstack -e keystone -e ironicclient
    #可能会提示用户已存在
    useradd stanley
    mkdir -p /home/stanley/.ssh
    chmod 0700 /home/stanley/.ssh
    ssh-keygen -f /home/stanley/.ssh/stanley_rsa -P ""
    sh -c 'cat /home/stanley/.ssh/stanley_rsa.pub >> /home/stanley/.ssh/authorized_keys'
    chown -R stanley:stanley /home/stanley/.ssh
    #配置stanley执行sudo免密
    sh -c 'echo "stanley    ALL=(ALL)       NOPASSWD: SETENV: ALL" >> /etc/sudoers.d/st2'
    chmod 0440 /etc/sudoers.d/st2
    #注释对应行?
    sed -i -r "s/^Defaultss++?requiretty/# Defaults +requiretty/g" /etc/sudoers
    #会提示Failed to start st2chatops.service: Unit not found.和st2chatops is not running.没影响
    st2ctl start
    st2ctl reload
    st2 --version
    st2 action list --pack=core
    #会提示succeeded
    st2 run core.local -- date -R
    #会提示succeeded
    st2 execution list
    #会提示succeeded
    st2 run core.remote hosts='localhost' -- uname -a
    #安装st2包,安装完成会提示succeeded
    st2 pack install st2
    #st2ctl相关的控制命令
    #st2ctl start|stop|status|restart|restart-component|reload|clean
    yum -y install httpd-tools
    #添加账号st2admin密码Ch@ngeMe,用来登录WEBUI
    echo 'Ch@ngeMe' | sudo htpasswd -i /etc/st2/htpasswd st2admin
    #[auth]     enable = True    修改【auth】下的enable的值为True即可
    vim /etc/st2/st2.conf
    st2ctl restart-component st2api
    #输入上面的默认密码Ch@ngeMe
    st2 login st2admin
    st2 action list
    rpm --import http://nginx.org/keys/nginx_signing.key
    
    sh -c "cat <<EOT > /etc/yum.repos.d/nginx.repo
    [nginx]
    name=nginx repo
    baseurl=http://nginx.org/packages/rhel/\$releasever/x86_64/
    gpgcheck=1
    enabled=1
    EOT"
    
    sed -i 's/^(enabled=1)$/exclude=nginx
    1/g' /etc/yum.repos.d/epel.repo
    yum install nginx st2web -y
    mkdir -p /etc/ssl/st2
    
    openssl req -x509 -newkey rsa:2048 -keyout /etc/ssl/st2/st2.key -out /etc/ssl/st2/st2.crt 
    -days 365 -nodes -subj "/C=US/ST=California/L=Palo Alto/O=StackStorm/OU=Information 
    Technology/CN=$(hostname)"
    
    cp /usr/share/doc/st2/conf/nginx/st2.conf /etc/nginx/conf.d/
    #取消nginx默认的web服务路径
    sed -i 's/default_server//g' /etc/nginx/nginx.conf
    systemctl restart nginx
    systemctl enable nginx

     浏览器访问服务器IP即可,在登录界面输入账号st2admin密码Ch@ngeMe,登录后界面如下

     具体的使用方法,后续我再进行补充

  • 相关阅读:
    logstash 配置 logstash-forwarder (前名称:lumberjack)
    你不知道的if,else
    css样式
    表格 表单
    学习第一天练习
    唯有作茧自缚,方可破茧成蝶
    第一周复习二 (CSS样式表及其属性)
    第一周复习一 ( HTML表单form)
    汉企第一天小记
    C语言 -- register关键字
  • 原文地址:https://www.cnblogs.com/biaopei/p/12966934.html
Copyright © 2011-2022 走看看