def close_selinux(): resp = get_shell_response('getenforce').strip() if resp != 'Disabled': path = '/etc/selinux/config' f = FileModify(path) f.replace('(?<=SELINUX=).*', 'disabled') exec_shell('setenforce 0')
def get_svc_yaml_path(self, service): template = '{}/{}.yaml'.format(CONFIG.TEMPLATE_DIR, service) if not os.path.exists(template): template = CONFIG.YAML_TEMPLATE svc_yaml_path = '{}/{}.yaml'.format(CONFIG.TMP_DIR, service) exec_shell('\cp {} {}'.format(template, svc_yaml_path)) return svc_yaml_path
def rollback_services(services): for service in services: if check_svc(service=service): exec_shell('kubectl rollout undo deployment/{}'.format(service)) print('{} 应用服务......回滚.............成功'.format(service), flush=True) else: print('{} 应用服务不存在,跳过回滚...'.format(service), flush=True)
def init_ca(): cfssl_dir = get_cfssl_dir() exec_shell('chmod +x {}/*'.format(cfssl_dir)) os.chdir(os.path.join(TEMPLATE_DIR, 'ca')) exec_shell( '{0}/cfssl gencert -initca ca-csr.json | {0}/cfssljson -bare ca'. format(cfssl_dir))
def delete_service(service): remote_svc_yaml_path = get_remote_svc_yaml_path(service=service) try: exec_shell('kubectl delete -f {}'.format(remote_svc_yaml_path)) except Exception as msg: raise Exception(msg) print('{} 应用服务......删除..................成功'.format(service), flush=True)
def init_yaml_file(self): for service in self.services: svc_yaml_path = self.get_svc_yaml_path(service) yaml = FileModify(svc_yaml_path) # Domain Ingress if service in self.treafik_domain: exec_shell('cat {} >> {}'.format(CONFIG.INGRESS_TEMPLATE, svc_yaml_path)) yaml.replace('DOMAIN', self.treafik_domain.get(service)) # base settings yaml.replace('MINREADYSECONDS', str(CONFIG.MINREADYSECONDS)) yaml.replace('REVISIONHISTORYLIMIT', str(CONFIG.REVISIONHISTORYLIMIT)) yaml.replace('APPNAME', service) # namespace yaml.replace('NAMESPACE', self.namespace) # replicas yaml.replace('REPLICAS', str(self.replicas)) # nfs yaml.replace('NFS_SERVER', CONFIG.NFS_SERVER.get(self.env)) # port yaml.replace('PORT', str(self.port if self.port else CONFIG.SERVICE_PORTS.get(service))) # images path 镜像地址 yaml.replace('IMAGE_PATH', self.get_image_path(service)) # 传yaml文件 self.sftp_client.put(svc_yaml_path, '{}/{}.yaml'.format(CONFIG.DEPLOY_YAMLS_DIR, service))
def build_jumpserver(): if not container_is_exist('jumpserver'): exec_shell('docker pull harbor.yaobili.com/apps/jumpserver:latest') exec_shell( 'docker run -d --name jumpserver -p 8000:80 -p 2222:2222 harbor.yaobili.com/apps/jumpserver:latest' ) else: print('jumpserver 容器已存在,跳过安装')
def start_service(): for i in IPS.get('etcd'): ip,port = parse_address(i) cmd = 'mkdir -p mkdir /var/lib/etcd && systemctl daemon-reload && systemctl enable etcd ' \ '&& systemctl start etcd && systemctl status etcd' if not check_is_localip(ip): ssh = SSHConnect(ip,int(port)) ssh.run(cmd) else: exec_shell(cmd)
def check_health(): etcd_endpoints = get_etcd_endpoints() cmd = 'source /etc/profile && etcdctl --endpoints={} --ca-file=/opt/kubernetes/ssl/ca.pem ' \ '--cert-file=/opt/kubernetes/ssl/etcd.pem --key-file=/opt/kubernetes/ssl/etcd-key.pem ' \ 'cluster-health'.format(etcd_endpoints) for i in IPS.get('etcd'): ip,port = parse_address(i) if not check_is_localip(ip): ssh = SSHConnect(ip,int(port)) ssh.run(cmd) ssh.close() else: exec_shell(cmd)
def init_etcd_ca(): path = os.path.join(TEMPLATE_DIR,'etcd','etcd-csr.json') f = FileModify(path) template_content = f.content() result = json.loads(template_content,encoding='UTF-8') for ip_ in IPS.get('etcd'): ip,port = parse_address(ip_) result['hosts'].append(ip) f.cover(json.dumps(result)) cfssl_dir = get_cfssl_dir() os.chdir(os.path.join(TEMPLATE_DIR,'etcd')) exec_shell('{0}/cfssl gencert -ca={1}/ca.pem -ca-key={1}/ca-key.pem -config={1}/ca-config.json ' '-profile=kubernetes etcd-csr.json | {0}/cfssljson -bare etcd'.format(cfssl_dir,os.path.join(TEMPLATE_DIR,'ca'))) f.cover(template_content)
def build(self): services_all = CONFIG.BASE_MODULES + self.services server_path = os.path.join(os.path.dirname(get_project_root_path()), 'yaobili', 'server') exec_shell('rm -rf {}/*'.format(CONFIG.TMP_DIR)) for service in services_all: os.chdir(os.path.join(server_path, service)) if service == 'yaobili-business-device': self.device_alter(server_path) exec_shell(CONFIG.MAVEN_INSTALL_CMD) path = os.path.join( server_path, service, 'target', '{}-{}.jar'.format(service, CONFIG.JAR_VERSION)) self.collection_pack(path)
def init(): ips = get_all_ip(IPS) scripts_dir = os.path.join(CONFIG.PROJECT_DIR, 'utils', 'scripts', 'k8s', 'init') for ipa in ips: if not check_rsa_secret(): create_rsa_secret() ssh_copy_id(ipa) ip, port = parse_address(ipa) print('init {}...'.format(ip)) if not check_is_localip(ip): ssh = SSHConnect(host=ip, port=int(port)) for filename in os.listdir(scripts_dir): f = FileModify(os.path.join(scripts_dir, filename)) ssh.run(f.content()) ssh.close() else: for filename in os.listdir(scripts_dir): f = FileModify(os.path.join(scripts_dir, filename)) exec_shell(f.content())
def build_nexus(): if not container_is_exist('nexus'): exec_shell('docker pull sonatype/nexus:2.14.10') exec_shell('docker run -d --name nexus --restart=always -p 8081:8081 sonatype/nexus:2.14.10') exec_shell('docker start nexus') else: print('nexus 容器已存在,跳过安装')
def init_ca(): path = os.path.join(TEMPLATE_DIR, 'master', 'kubernetes-csr.json') f = FileModify(path) template_content = f.content() result = json.loads(template_content, encoding='UTF-8') for ip_ in IPS.get('master'): ip, port = parse_address(ip_) result['hosts'].append(ip) result['hosts'].append(SETTINGS.CLUSTER_KUBERNETES_SVC_IP) f.cover(json.dumps(result)) cfssl_dir = get_cfssl_dir() os.chdir(os.path.join(TEMPLATE_DIR, 'master')) ca_dir = os.path.join(TEMPLATE_DIR, 'ca') exec_shell( '{0}/cfssl gencert -ca={1}/ca.pem -ca-key={1}/ca-key.pem -config={1}/ca-config.json ' '-profile=kubernetes kubernetes-csr.json | {0}/cfssljson -bare kubernetes' .format(cfssl_dir, ca_dir)) exec_shell( '{0}/cfssl gencert -ca={1}/ca.pem -ca-key={1}/ca-key.pem -config={1}/ca-config.json ' '-profile=kubernetes admin-csr.json | {0}/cfssljson -bare admin'. format(cfssl_dir, ca_dir)) f.cover(template_content)
def build_project(self, project): project_path, package_cmd, package_path = self.build_before(project) os.chdir(project_path) exec_shell(package_cmd) exec_shell('mkdir -p {}'.format(CONFIG.LIB_DIR)) os.chdir(package_path) exec_shell('tar -zcf {}/{}.tar.gz ./'.format(CONFIG.LIB_DIR, project)) print('Packing Project {} ...... 完成 '.format(project), flush=True)
def start_java_service(self, service): """ "> /dev/null 2>&1" 将日志丢弃 """ pid_path = self.get_pid_path(service) service_path = self.get_service_path(service) start_parameters = (CONFIG.JAVA_START_PARAMETERS if self.env == 'prod' else CONFIG.JAVA_START_PARAMETERS_TEST) deploy_env = self.env.split('.')[0] config_ip, config_port = self.get_config_server_host() os.chdir(BASE_DIR) if service in ('yaobili-platform-mscenter', 'yaobili-platform-config'): cmd = 'nohup java -jar {start_parameters} {service_path} > /dev/null 2>&1 & echo $! > {pid_path}'.format( service_path=service_path, pid_path=pid_path, start_parameters=start_parameters, config_ip=config_ip) else: cmd = 'nohup java -jar {start_parameters} {service_path} --spring.profiles.active={deploy_env} ' \ '--spring.cloud.config.uri=http://{config_ip}:10006 > /dev/null 2>&1 & echo $! > {pid_path}' \ .format(deploy_env=deploy_env, service_path=service_path, pid_path=pid_path, config_ip=config_ip, start_parameters=start_parameters) exec_shell(cmd)
def build_sonarqube(): if not container_is_exist('sonarqube'): pull = 'docker pull sonarqube:7.1' exec_shell(pull) build = 'docker run -d --name sonarqube \ -p 9000:9000 \ -e SONARQUBE_JDBC_USERNAME={mysql_username} \ -e SONARQUBE_JDBC_PASSWORD={mysql_password} \ -e SONARQUBE_JDBC_URL=jdbc:mysql://{mysql_host}:3306/{soanr_db_name}?useUnicode=true\&characterEncoding=utf8\&rewriteBatchedStatements=true\&useConfigs=maxPerformance \ sonarqube:7.1'.format(mysql_host=CONFIG.MYSQL_HOST, mysql_username=CONFIG.MYSQL_USERNAME, mysql_password=CONFIG.MYSQL_PASSWORD, soanr_db_name=CONFIG.MYSQL_NAME_SONARQUBE) exec_shell(build) exec_shell('docker start sonarqube') else: print('sonarqube 容器已存在,跳过安装')
def set_hostname(hostname): exec_shell('hostname {0}'.format(hostname)) path = '/etc/hostname' f = FileModify(path) f.cover(hostname)
def create_service(service): remote_svc_yaml_path = get_remote_svc_yaml_path(service=service) exec_shell('kubectl apply -f {} --record'.format(remote_svc_yaml_path)) print('{} 应用服务......创建或更新...................成功'.format(service), flush=True)
import re # 单位秒, 86400s = 1天 backup_keep_time = 86400 * 3 local_host = '172.18.73.128' local_backup_dir = '/backups/nexus' host = '172.18.73.129' port = 65503 remote_backup_dir = '/backups/nexus' dir = '/var/lib/docker/volumes/bd01a4f32e58cc69a3ad888c6c621a37a72b43e3e964352117d30e112fb5a931/_data/storage' now = int(time.time()) ssh = SSHConnect(host=host, port=port, password='******') ssh.run('mkdir -p {}'.format(remote_backup_dir)) ssh.run('tar -zcf {}/nexus.tar.gz {}'.format(remote_backup_dir, dir)) scp_cmd = 'scp -P {} {}/nexus.tar.gz {}:{}/nexus_{}.tar.gz'.format( port, remote_backup_dir, local_host, local_backup_dir, now) ssh.run(scp_cmd) ssh.run('rm -rf {}'.format(remote_backup_dir)) ssh.close() exec_shell('mkdir -p {}'.format(local_backup_dir)) for dirname in os.listdir(local_backup_dir): t1 = re.findall(r'nexus_(.*?).tar.gz', dirname)[0] times = int(time.time()) - int(t1) if times >= backup_keep_time: os.remove(os.path.join(local_backup_dir, dirname))
import os import re import datetime # 备份保留时间,单位:天 backup_keep_time = 2 host = '172.18.196.243' port = 22 remote_backup_dir = '/mnt/wwwroot/history_version' local_backup_dir = '/backups/static' ssh = SSHConnect(host=host, port=port) ssh.run( 'tar -zcf {}/source.tar.gz /mnt/wwwroot/source'.format(remote_backup_dir)) ssh.close() today = time.strftime('%Y%m%d', time.localtime(time.time())) exec_shell('mkdir -p /backups/static') scp_cmd = 'scp {}:{}/source.tar.gz {}/source_{}.tar.gz'.format( host, remote_backup_dir, local_backup_dir, today) exec_shell(scp_cmd) for dirname in os.listdir(local_backup_dir): t1 = re.findall(r'source_(.+?).tar.gz', dirname)[0] time1 = datetime.datetime.strptime(t1, '%Y%m%d') time_dif = datetime.datetime.today() - time1 times = time_dif.days if times >= backup_keep_time: os.remove(os.path.join(local_backup_dir, dirname))