def get_config_server_host(self):
env_config = CONFIG.ENV_SETTINGS.get(self.env)
if len(env_config) > 1:
for ip_address in env_config:
if 'yaobili-platform-config' in env_config.get(ip_address):
return parse_address(ip_address)
raise ValueError(
'ENV_SETTINGS 配置有误,找不到yaobili-platform-config服务所在ip')
else:
ip_address = list(env_config.keys())[0]
return parse_address(ip_address)
def restart(self, ip_address, services):
ip, port = parse_address(ip_address)
ssh = SSHConnect(host=ip, port=port)
sftp_client = ssh.get_sftp()
self.base_init(ssh, sftp_client)
self.deploy(ssh, ip_address, services)
ssh.close()
def get_proxy_sock(self):
sock = None
gateway_ip, gateway_port = parse_address(self.gateway_address)
gateway_username, gateway_password = config.SSH_GATEWAYS_LOGIN_INFO.get(
self.gateway_address)
ssh = paramiko.SSHClient()
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
try:
ssh.connect(gateway_ip,
gateway_port,
username=gateway_username,
password=gateway_password,
timeout=config.SSH_TIMEOUT)
except Exception as e:
print("Connect gateway error")
print(e)
try:
transport = ssh.get_transport()
# transport.set_keepalive(20)
sock = transport.open_channel('direct-tcpip',
(self.host, self.port),
('127.0.0.1', 0))
except Exception as e:
print("Open gateway channel error")
print(e)
return sock
def start_service():
for i in IPS.get('master'):
ip, port = parse_address(i)
ssh = SSHConnect(ip, int(port))
ssh.run(
'systemctl daemon-reload && systemctl enable kube-apiserver && systemctl start kube-apiserver && '
'systemctl status kube-apiserver && systemctl enable kube-controller-manager && '
'systemctl start kube-controller-manager && systemctl status kube-controller-manager && '
'systemctl enable kube-scheduler && systemctl start kube-scheduler && systemctl status kube-scheduler'
)
def start_service():
for i in IPS.get('etcd'):
ip,port = parse_address(i)
cmd = 'mkdir -p mkdir /var/lib/etcd && systemctl daemon-reload && systemctl enable etcd ' \
'&& systemctl start etcd && systemctl status etcd'
if not check_is_localip(ip):
ssh = SSHConnect(ip,int(port))
ssh.run(cmd)
else:
exec_shell(cmd)
def rollback(self, ip_address, projects):
ip, port = parse_address(ip_address)
ssh = SSHConnect(host=ip, port=port)
for project in projects:
try:
ssh.run(
'cd {0}/{1}/{2} && rm -rf ./* && tar -zxf {0}/{1}/history_version/{2}.tar.gz'
.format(CONFIG.DEPLOY_DIR, self.env, project))
except Exception:
print('ERROR: {} 项目不存在,无法回滚'.format(project), flush=True)
ssh.close()
def init_deploy_dir(self):
print('init_deploy_dir......', flush=True)
ip, port = parse_address(CONFIG.K8S_MASTER.get(self.env))
self.ssh = SSHConnect(host=ip, port=port)
self.ssh.run('mkdir -p {}'.format(CONFIG.DEPLOY_YAMLS_DIR))
self.sftp_client = self.ssh.get_sftp()
# 传python文件
put_dir(self.sftp_client, CONFIG.PROJECT_DIR, CONFIG.DEPLOY_DIR)
put_dir(
self.sftp_client, os.path.join(get_project_root_path(), 'utils'), os.path.join(CONFIG.DEPLOY_DIR, 'utils')
)
def rollback(self, ip_address, services):
ip, port = parse_address(ip_address)
ssh = SSHConnect(host=ip, port=port)
sftp_client = ssh.get_sftp()
self.base_init(ssh, sftp_client)
for i in services:
history_jar_path = '{}/{}-{}.jar'.format(CONFIG.HISTORY_DIR, i,
CONFIG.JAR_VERSION)
remote_jar_path = '{}/{}-{}.jar'.format(CONFIG.DEPLOY_DIR, i,
CONFIG.JAR_VERSION)
ssh.run('cp -rf {} {}'.format(history_jar_path, remote_jar_path))
self.deploy(ssh, ip_address, services)
ssh.close()
def get_etcd_cluster(type=str):
etcds = IPS.get('etcd')
ETCD_INITIAL_CLUSTER = []
etcd_cluster_dict = {}
for i in range(1, len(etcds) + 1):
ip, port = parse_address(etcds[i - 1])
ETCD_INITIAL_CLUSTER.append('etcd-node{}=https://{}:2380'.format(
i, ip))
etcd_cluster_dict[ip] = 'etcd-node{}'.format(i)
if type == 'dict':
return etcd_cluster_dict
else:
return ','.join(ETCD_INITIAL_CLUSTER)
def check_health():
etcd_endpoints = get_etcd_endpoints()
cmd = 'source /etc/profile && etcdctl --endpoints={} --ca-file=/opt/kubernetes/ssl/ca.pem ' \
'--cert-file=/opt/kubernetes/ssl/etcd.pem --key-file=/opt/kubernetes/ssl/etcd-key.pem ' \
'cluster-health'.format(etcd_endpoints)
for i in IPS.get('etcd'):
ip,port = parse_address(i)
if not check_is_localip(ip):
ssh = SSHConnect(ip,int(port))
ssh.run(cmd)
ssh.close()
else:
exec_shell(cmd)
def init_api_server_config():
path = os.path.join(TEMPLATE_DIR, 'master', 'kube-apiserver.service')
f = FileModify(path)
for i in IPS.get('master'):
ip, port = parse_address(i)
f.replace('(?<=--bind-address=).*', '{} \\'.format(ip))
f.replace('(?<=service-cluster-ip-range=).*',
'{} \\'.format(SETTINGS.SERVICE_CIDR))
f.replace('(?<=service-node-port-range=).*',
'{} \\'.format(SETTINGS.NODE_PORT_RANGE))
f.replace('(?<=etcd-servers=).*', '{} \\'.format(get_etcd_endpoints()))
send_files(
os.path.join(TEMPLATE_DIR, 'master', 'kube-apiserver.service'),
'/usr/lib/systemd/system', i)
def init_etcd_ca():
path = os.path.join(TEMPLATE_DIR,'etcd','etcd-csr.json')
f = FileModify(path)
template_content = f.content()
result = json.loads(template_content,encoding='UTF-8')
for ip_ in IPS.get('etcd'):
ip,port = parse_address(ip_)
result['hosts'].append(ip)
f.cover(json.dumps(result))
cfssl_dir = get_cfssl_dir()
os.chdir(os.path.join(TEMPLATE_DIR,'etcd'))
exec_shell('{0}/cfssl gencert -ca={1}/ca.pem -ca-key={1}/ca-key.pem -config={1}/ca-config.json '
'-profile=kubernetes etcd-csr.json | {0}/cfssljson -bare etcd'.format(cfssl_dir,os.path.join(TEMPLATE_DIR,'ca')))
f.cover(template_content)
def init_config():
path = os.path.join(TEMPLATE_DIR, 'etcd', 'etcd.conf')
f = FileModify(path)
etcd_cluster = get_etcd_cluster()
f.replace('(?<=ETCD_INITIAL_CLUSTER=").*(?=")',etcd_cluster)
etcd_cluster_dict = get_etcd_cluster('dict')
for i in IPS.get('etcd'):
ip,port = parse_address(i)
f.replace('(?<=ETCD_NAME=").*(?=")',etcd_cluster_dict.get(ip))
f.replace('(?<=ETCD_LISTEN_PEER_URLS=").*(?=")','https://{}:2380'.format(ip))
f.replace('(?<=ETCD_LISTEN_CLIENT_URLS=").*(?=")','https://{}:2379,https://127.0.0.1:2379'.format(ip))
f.replace('(?<=ETCD_INITIAL_ADVERTISE_PEER_URLS=").*(?=")','https://{}:2380'.format(ip))
f.replace('(?<=ETCD_ADVERTISE_CLIENT_URLS=").*(?=")','https://{}:2379'.format(ip))
send_files(path,'/opt/kubernetes/cfg/',i)
def set_kubectl():
for i in IPS.get('master'):
ip, port = parse_address(i)
ssh = SSHConnect(ip, int(port))
ssh.run(
'source /etc/profile && kubectl config set-cluster kubernetes '
'--certificate-authority=/opt/kubernetes/ssl/ca.pem --embed-certs=true '
'--server=https://{}:6443'.format(ip))
ssh.run(
'source /etc/profile && kubectl config set-credentials admin '
'--client-certificate=/opt/kubernetes/ssl/admin.pem --embed-certs=true '
'--client-key=/opt/kubernetes/ssl/admin-key.pem')
ssh.run(
'source /etc/profile && kubectl config set-context kubernetes --cluster=kubernetes --user=admin'
)
ssh.run('source /etc/profile && kubectl config use-context kubernetes')
def install(self, ip_address, projects):
ip, port = parse_address(ip_address)
ssh = SSHConnect(host=ip, port=port)
sftp_client = ssh.get_sftp()
ssh.run('mkdir -p {}/{}/history_version && mkdir -p {}'.format(
CONFIG.DEPLOY_DIR, self.env, CONFIG.TMP_DIR))
for project in projects:
targz_path = '{}/{}.tar.gz'.format(CONFIG.LIB_DIR, project)
remote_targz_path = '{}/{}.tar.gz'.format(CONFIG.TMP_DIR, project)
sftp_client.put(targz_path, remote_targz_path)
ssh.run(
'mkdir -p {0}/{1}/{2} && cd {0}/{1}/{2} && tar -zcf {0}/{1}/history_version/{2}.tar.gz ./'
.format(CONFIG.DEPLOY_DIR, self.env, project))
ssh.run('cd {0}/{1}/{2} && rm -rf ./* && tar -zxf {3}/{2}.tar.gz'.
format(CONFIG.DEPLOY_DIR, self.env, project,
CONFIG.TMP_DIR))
ssh.close()
def install(self, ip_address, services):
ip, port = parse_address(ip_address)
ssh = SSHConnect(host=ip, port=port)
sftp_client = ssh.get_sftp()
# 基础初始化
self.base_init(ssh, sftp_client)
# 传hosts文件
if len(self.env_config) > 1:
sftp_client.put('/tmp/hosts', '/etc/hosts')
# 传JAR包
self.send_jar_file(ssh, sftp_client, services)
# 部署
self.deploy(ssh, ip_address, services)
ssh.close()
def init():
ips = get_all_ip(IPS)
scripts_dir = os.path.join(CONFIG.PROJECT_DIR, 'utils', 'scripts', 'k8s',
'init')
for ipa in ips:
if not check_rsa_secret():
create_rsa_secret()
ssh_copy_id(ipa)
ip, port = parse_address(ipa)
print('init {}...'.format(ip))
if not check_is_localip(ip):
ssh = SSHConnect(host=ip, port=int(port))
for filename in os.listdir(scripts_dir):
f = FileModify(os.path.join(scripts_dir, filename))
ssh.run(f.content())
ssh.close()
else:
for filename in os.listdir(scripts_dir):
f = FileModify(os.path.join(scripts_dir, filename))
exec_shell(f.content())
def init_ca():
path = os.path.join(TEMPLATE_DIR, 'master', 'kubernetes-csr.json')
f = FileModify(path)
template_content = f.content()
result = json.loads(template_content, encoding='UTF-8')
for ip_ in IPS.get('master'):
ip, port = parse_address(ip_)
result['hosts'].append(ip)
result['hosts'].append(SETTINGS.CLUSTER_KUBERNETES_SVC_IP)
f.cover(json.dumps(result))
cfssl_dir = get_cfssl_dir()
os.chdir(os.path.join(TEMPLATE_DIR, 'master'))
ca_dir = os.path.join(TEMPLATE_DIR, 'ca')
exec_shell(
'{0}/cfssl gencert -ca={1}/ca.pem -ca-key={1}/ca-key.pem -config={1}/ca-config.json '
'-profile=kubernetes kubernetes-csr.json | {0}/cfssljson -bare kubernetes'
.format(cfssl_dir, ca_dir))
exec_shell(
'{0}/cfssl gencert -ca={1}/ca.pem -ca-key={1}/ca-key.pem -config={1}/ca-config.json '
'-profile=kubernetes admin-csr.json | {0}/cfssljson -bare admin'.
format(cfssl_dir, ca_dir))
f.cover(template_content)
def check_health():
for i in IPS.get('master'):
ip, port = parse_address(i)
ssh = SSHConnect(ip, int(port))
ssh.run('source /etc/profile && kubectl get cs')
def edit_hosts_file(self, ip_address, hosts_file):
ip, port = parse_address(ip_address)
ssh = SSHConnect(host=ip, port=port)
hostname = ssh.run('hostname', response=True)
ssh.close()
hosts_file.add('{} {}'.format(ip, hostname.strip()))
def get_etcd_endpoints():
ETCD_ENDPOINTS = []
for i in IPS.get('etcd'):
ip, port = parse_address(i)
ETCD_ENDPOINTS.append('https://{}:2379'.format(ip))
return ','.join(ETCD_ENDPOINTS)
