def close_selinux():
resp = get_shell_response('getenforce').strip()
if resp != 'Disabled':
path = '/etc/selinux/config'
f = FileModify(path)
f.replace('(?<=SELINUX=).*', 'disabled')
exec_shell('setenforce 0')
def get_svc_yaml_path(self, service):
template = '{}/{}.yaml'.format(CONFIG.TEMPLATE_DIR, service)
if not os.path.exists(template):
template = CONFIG.YAML_TEMPLATE
svc_yaml_path = '{}/{}.yaml'.format(CONFIG.TMP_DIR, service)
exec_shell('\cp {} {}'.format(template, svc_yaml_path))
return svc_yaml_path
def rollback_services(services):
for service in services:
if check_svc(service=service):
exec_shell('kubectl rollout undo deployment/{}'.format(service))
print('{} 应用服务......回滚.............成功'.format(service), flush=True)
else:
print('{} 应用服务不存在,跳过回滚...'.format(service), flush=True)
def init_ca():
cfssl_dir = get_cfssl_dir()
exec_shell('chmod +x {}/*'.format(cfssl_dir))
os.chdir(os.path.join(TEMPLATE_DIR, 'ca'))
exec_shell(
'{0}/cfssl gencert -initca ca-csr.json | {0}/cfssljson -bare ca'.
format(cfssl_dir))
def delete_service(service):
remote_svc_yaml_path = get_remote_svc_yaml_path(service=service)
try:
exec_shell('kubectl delete -f {}'.format(remote_svc_yaml_path))
except Exception as msg:
raise Exception(msg)
print('{} 应用服务......删除..................成功'.format(service), flush=True)
def init_yaml_file(self):
for service in self.services:
svc_yaml_path = self.get_svc_yaml_path(service)
yaml = FileModify(svc_yaml_path)
# Domain Ingress
if service in self.treafik_domain:
exec_shell('cat {} >> {}'.format(CONFIG.INGRESS_TEMPLATE, svc_yaml_path))
yaml.replace('DOMAIN', self.treafik_domain.get(service))
# base settings
yaml.replace('MINREADYSECONDS', str(CONFIG.MINREADYSECONDS))
yaml.replace('REVISIONHISTORYLIMIT', str(CONFIG.REVISIONHISTORYLIMIT))
yaml.replace('APPNAME', service)
# namespace
yaml.replace('NAMESPACE', self.namespace)
# replicas
yaml.replace('REPLICAS', str(self.replicas))
# nfs
yaml.replace('NFS_SERVER', CONFIG.NFS_SERVER.get(self.env))
# port
yaml.replace('PORT', str(self.port if self.port else CONFIG.SERVICE_PORTS.get(service)))
# images path 镜像地址
yaml.replace('IMAGE_PATH', self.get_image_path(service))
# 传yaml文件
self.sftp_client.put(svc_yaml_path, '{}/{}.yaml'.format(CONFIG.DEPLOY_YAMLS_DIR, service))
def build_jumpserver():
if not container_is_exist('jumpserver'):
exec_shell('docker pull harbor.yaobili.com/apps/jumpserver:latest')
exec_shell(
'docker run -d --name jumpserver -p 8000:80 -p 2222:2222 harbor.yaobili.com/apps/jumpserver:latest'
)
else:
print('jumpserver 容器已存在,跳过安装')
def start_service():
for i in IPS.get('etcd'):
ip,port = parse_address(i)
cmd = 'mkdir -p mkdir /var/lib/etcd && systemctl daemon-reload && systemctl enable etcd ' \
'&& systemctl start etcd && systemctl status etcd'
if not check_is_localip(ip):
ssh = SSHConnect(ip,int(port))
ssh.run(cmd)
else:
exec_shell(cmd)
def check_health():
etcd_endpoints = get_etcd_endpoints()
cmd = 'source /etc/profile && etcdctl --endpoints={} --ca-file=/opt/kubernetes/ssl/ca.pem ' \
'--cert-file=/opt/kubernetes/ssl/etcd.pem --key-file=/opt/kubernetes/ssl/etcd-key.pem ' \
'cluster-health'.format(etcd_endpoints)
for i in IPS.get('etcd'):
ip,port = parse_address(i)
if not check_is_localip(ip):
ssh = SSHConnect(ip,int(port))
ssh.run(cmd)
ssh.close()
else:
exec_shell(cmd)
def init_etcd_ca():
path = os.path.join(TEMPLATE_DIR,'etcd','etcd-csr.json')
f = FileModify(path)
template_content = f.content()
result = json.loads(template_content,encoding='UTF-8')
for ip_ in IPS.get('etcd'):
ip,port = parse_address(ip_)
result['hosts'].append(ip)
f.cover(json.dumps(result))
cfssl_dir = get_cfssl_dir()
os.chdir(os.path.join(TEMPLATE_DIR,'etcd'))
exec_shell('{0}/cfssl gencert -ca={1}/ca.pem -ca-key={1}/ca-key.pem -config={1}/ca-config.json '
'-profile=kubernetes etcd-csr.json | {0}/cfssljson -bare etcd'.format(cfssl_dir,os.path.join(TEMPLATE_DIR,'ca')))
f.cover(template_content)
def build(self):
services_all = CONFIG.BASE_MODULES + self.services
server_path = os.path.join(os.path.dirname(get_project_root_path()),
'yaobili', 'server')
exec_shell('rm -rf {}/*'.format(CONFIG.TMP_DIR))
for service in services_all:
os.chdir(os.path.join(server_path, service))
if service == 'yaobili-business-device':
self.device_alter(server_path)
exec_shell(CONFIG.MAVEN_INSTALL_CMD)
path = os.path.join(
server_path, service, 'target',
'{}-{}.jar'.format(service, CONFIG.JAR_VERSION))
self.collection_pack(path)
def init():
ips = get_all_ip(IPS)
scripts_dir = os.path.join(CONFIG.PROJECT_DIR, 'utils', 'scripts', 'k8s',
'init')
for ipa in ips:
if not check_rsa_secret():
create_rsa_secret()
ssh_copy_id(ipa)
ip, port = parse_address(ipa)
print('init {}...'.format(ip))
if not check_is_localip(ip):
ssh = SSHConnect(host=ip, port=int(port))
for filename in os.listdir(scripts_dir):
f = FileModify(os.path.join(scripts_dir, filename))
ssh.run(f.content())
ssh.close()
else:
for filename in os.listdir(scripts_dir):
f = FileModify(os.path.join(scripts_dir, filename))
exec_shell(f.content())
def build_nexus():
if not container_is_exist('nexus'):
exec_shell('docker pull sonatype/nexus:2.14.10')
exec_shell('docker run -d --name nexus --restart=always -p 8081:8081 sonatype/nexus:2.14.10')
exec_shell('docker start nexus')
else:
print('nexus 容器已存在,跳过安装')
def init_ca():
path = os.path.join(TEMPLATE_DIR, 'master', 'kubernetes-csr.json')
f = FileModify(path)
template_content = f.content()
result = json.loads(template_content, encoding='UTF-8')
for ip_ in IPS.get('master'):
ip, port = parse_address(ip_)
result['hosts'].append(ip)
result['hosts'].append(SETTINGS.CLUSTER_KUBERNETES_SVC_IP)
f.cover(json.dumps(result))
cfssl_dir = get_cfssl_dir()
os.chdir(os.path.join(TEMPLATE_DIR, 'master'))
ca_dir = os.path.join(TEMPLATE_DIR, 'ca')
exec_shell(
'{0}/cfssl gencert -ca={1}/ca.pem -ca-key={1}/ca-key.pem -config={1}/ca-config.json '
'-profile=kubernetes kubernetes-csr.json | {0}/cfssljson -bare kubernetes'
.format(cfssl_dir, ca_dir))
exec_shell(
'{0}/cfssl gencert -ca={1}/ca.pem -ca-key={1}/ca-key.pem -config={1}/ca-config.json '
'-profile=kubernetes admin-csr.json | {0}/cfssljson -bare admin'.
format(cfssl_dir, ca_dir))
f.cover(template_content)
def build_project(self, project):
project_path, package_cmd, package_path = self.build_before(project)
os.chdir(project_path)
exec_shell(package_cmd)
exec_shell('mkdir -p {}'.format(CONFIG.LIB_DIR))
os.chdir(package_path)
exec_shell('tar -zcf {}/{}.tar.gz ./'.format(CONFIG.LIB_DIR, project))
print('Packing Project {} ...... 完成 '.format(project), flush=True)
def start_java_service(self, service):
"""
"> /dev/null 2>&1" 将日志丢弃
"""
pid_path = self.get_pid_path(service)
service_path = self.get_service_path(service)
start_parameters = (CONFIG.JAVA_START_PARAMETERS if self.env == 'prod'
else CONFIG.JAVA_START_PARAMETERS_TEST)
deploy_env = self.env.split('.')[0]
config_ip, config_port = self.get_config_server_host()
os.chdir(BASE_DIR)
if service in ('yaobili-platform-mscenter', 'yaobili-platform-config'):
cmd = 'nohup java -jar {start_parameters} {service_path} > /dev/null 2>&1 & echo $! > {pid_path}'.format(
service_path=service_path,
pid_path=pid_path,
start_parameters=start_parameters,
config_ip=config_ip)
else:
cmd = 'nohup java -jar {start_parameters} {service_path} --spring.profiles.active={deploy_env} ' \
'--spring.cloud.config.uri=http://{config_ip}:10006 > /dev/null 2>&1 & echo $! > {pid_path}' \
.format(deploy_env=deploy_env, service_path=service_path, pid_path=pid_path, config_ip=config_ip,
start_parameters=start_parameters)
exec_shell(cmd)
def build_sonarqube():
if not container_is_exist('sonarqube'):
pull = 'docker pull sonarqube:7.1'
exec_shell(pull)
build = 'docker run -d --name sonarqube \
-p 9000:9000 \
-e SONARQUBE_JDBC_USERNAME={mysql_username} \
-e SONARQUBE_JDBC_PASSWORD={mysql_password} \
-e SONARQUBE_JDBC_URL=jdbc:mysql://{mysql_host}:3306/{soanr_db_name}?useUnicode=true\&characterEncoding=utf8\&rewriteBatchedStatements=true\&useConfigs=maxPerformance \
sonarqube:7.1'.format(mysql_host=CONFIG.MYSQL_HOST,
mysql_username=CONFIG.MYSQL_USERNAME,
mysql_password=CONFIG.MYSQL_PASSWORD,
soanr_db_name=CONFIG.MYSQL_NAME_SONARQUBE)
exec_shell(build)
exec_shell('docker start sonarqube')
else:
print('sonarqube 容器已存在,跳过安装')
def set_hostname(hostname):
exec_shell('hostname {0}'.format(hostname))
path = '/etc/hostname'
f = FileModify(path)
f.cover(hostname)
def create_service(service):
remote_svc_yaml_path = get_remote_svc_yaml_path(service=service)
exec_shell('kubectl apply -f {} --record'.format(remote_svc_yaml_path))
print('{} 应用服务......创建或更新...................成功'.format(service), flush=True)
import re
# 单位秒, 86400s = 1天
backup_keep_time = 86400 * 3
local_host = '172.18.73.128'
local_backup_dir = '/backups/nexus'
host = '172.18.73.129'
port = 65503
remote_backup_dir = '/backups/nexus'
dir = '/var/lib/docker/volumes/bd01a4f32e58cc69a3ad888c6c621a37a72b43e3e964352117d30e112fb5a931/_data/storage'
now = int(time.time())
ssh = SSHConnect(host=host, port=port, password='******')
ssh.run('mkdir -p {}'.format(remote_backup_dir))
ssh.run('tar -zcf {}/nexus.tar.gz {}'.format(remote_backup_dir, dir))
scp_cmd = 'scp -P {} {}/nexus.tar.gz {}:{}/nexus_{}.tar.gz'.format(
port, remote_backup_dir, local_host, local_backup_dir, now)
ssh.run(scp_cmd)
ssh.run('rm -rf {}'.format(remote_backup_dir))
ssh.close()
exec_shell('mkdir -p {}'.format(local_backup_dir))
for dirname in os.listdir(local_backup_dir):
t1 = re.findall(r'nexus_(.*?).tar.gz', dirname)[0]
times = int(time.time()) - int(t1)
if times >= backup_keep_time:
os.remove(os.path.join(local_backup_dir, dirname))
import os
import re
import datetime
# 备份保留时间,单位:天
backup_keep_time = 2
host = '172.18.196.243'
port = 22
remote_backup_dir = '/mnt/wwwroot/history_version'
local_backup_dir = '/backups/static'
ssh = SSHConnect(host=host, port=port)
ssh.run(
'tar -zcf {}/source.tar.gz /mnt/wwwroot/source'.format(remote_backup_dir))
ssh.close()
today = time.strftime('%Y%m%d', time.localtime(time.time()))
exec_shell('mkdir -p /backups/static')
scp_cmd = 'scp {}:{}/source.tar.gz {}/source_{}.tar.gz'.format(
host, remote_backup_dir, local_backup_dir, today)
exec_shell(scp_cmd)
for dirname in os.listdir(local_backup_dir):
t1 = re.findall(r'source_(.+?).tar.gz', dirname)[0]
time1 = datetime.datetime.strptime(t1, '%Y%m%d')
time_dif = datetime.datetime.today() - time1
times = time_dif.days
if times >= backup_keep_time:
os.remove(os.path.join(local_backup_dir, dirname))
