1. CloudIaC的简介

CloudIaC是由云霁科技开发的一个开源项目，该项目提出了『环境即服务』的理念，可以通过组织、项目、云模板、环境等管理维度，精确的授权用户对环境的管理权限，让用户可以分配不同的角色对不同项目下的不同环境进行管理；同时，CloudIaC将Terraform和Ansible进行了打通，让我们可以在资源创建出来之后自动调用Ansible的playbook来完成应用的自动部署。

除了在公有云环境下帮助管理IaC环境，CloudIaC还为私有云、混合云环境下使用Terraform提供了解决方案，除了使用公有云平台提供的Provider之外，针对私有云、专有云、VMware、PaaS等服务，CloudIaC也针对相应场景提供Provider支持；为了让企业内部私有化部署且因为安全因素不能访问外网的场景，CloudIaC还提供了私有的Provider Registry，通过在企业内部部署Provider Registry，让私有化部署场景下也可以顺畅的使用IaC管理我们的环境。

官方链接：https://cloudiac.idcos.com/

2. 部署安装

//操作系统
[root@localhost ~]# cat /etc/redhat-release 
CentOS Linux release 8.4.2105
//配置yum源
[root@localhost ~]# curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-vault-8.5.2111.repo
[root@localhost ~]# yum clean all && yum makecache

2.1 下载并解压安装包

[root@localhost ~]# cat install.sh 
VERSION=v0.9.1
mkdir -p /usr/yunji/cloudiac && \
cd /usr/yunji/cloudiac && \
for PACK in cloudiac cloudiac-repos cloudiac-providers; docurl -sL https://github.com/idcos/cloudiac/releases/download/${VERSION}/${PACK}_${VERSION}.tar.gz -o ${PACK}_${VERSION}.tar.gz && \tar -xf ${PACK}_${VERSION}.tar.gz
done
[root@localhost ~]# bash -x install.sh 
[root@localhost ~]# cd /usr/yunji/cloudiac/
[root@localhost cloudiac]# ls
assets                            config-portal.yml.sample  demo-conf.yml.sample  iac-tool
cloudiac-providers_v0.9.1.tar.gz  config-runner.yml.sample  dotenv.sample         repos
cloudiac-repos_v0.9.1.tar.gz      ct-runner                 iac-portal
cloudiac_v0.9.1.tar.gz            ct-runner.service         iac-portal.service

2.2 安装并启动Docker

[root@localhost ~]# curl -fsSL https://get.docker.com | bash -s docker
[root@localhost ~]# systemctl enable --now docker.service

2.3 安装并启动Mysql

[root@localhost ~]# yum install -y https://repo.mysql.com/mysql57-community-release-el7.rpm
[root@localhost ~]# yum install -y mysql-server
[root@localhost ~]# systemctl enable --now mysqld

2.4 安装并启动 Consul

[root@localhost ~]# yum install -y yum-utils
[root@localhost ~]# yum-config-manager --add-repo https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo
[root@localhost ~]# yum -y install consul
[root@localhost ~]# cat >> /etc/consul.d/consul.hcl <<EOF
ui = true
server = true
bind_addr = "0.0.0.0"
client_addr = "0.0.0.0"
bootstrap_expect = 1
enable_script_checks = true
EOF
[root@localhost ~]# systemctl enable --now consul.service

2.5 编辑配置文件

[root@localhost ~]# cd /usr/yunji/cloudiac/
[root@localhost cloudiac]# ll
total 680712
drwxr-xr-x. 3  502 games        97 Oct 15 05:59 assets
-rw-r--r--. 1 root root  514238245 Oct 15 05:59 cloudiac-providers_v0.9.1.tar.gz
-rw-r--r--. 1 root root    6228808 Oct 15 05:58 cloudiac-repos_v0.9.1.tar.gz
-rw-r--r--. 1 root root   53606272 Oct 15 05:58 cloudiac_v0.9.1.tar.gz
-rw-r--r--. 1  502 games      1229 Mar 10  2022 config-portal.yml.sample
-rw-r--r--. 1  502 games       848 Mar 10  2022 config-runner.yml.sample
-rwxr-xr-x. 1  502 games  27936471 Mar 10  2022 ct-runner
-rw-r--r--. 1  502 games       207 Mar 10  2022 ct-runner.service
-rw-r--r--. 1  502 games       736 Mar 10  2022 demo-conf.yml.sample
-rw-r--r--. 1  502 games      2390 Mar 10  2022 dotenv.sample
-rwxr-xr-x. 1  502 games  62789641 Mar 10  2022 iac-portal
-rw-r--r--. 1  502 games       251 Mar 10  2022 iac-portal.service
-rwxr-xr-x. 1  502 games  32211370 Mar 10  2022 iac-tool
drwxr-xr-x. 3  502 games        22 Dec 10  2021 repos
[root@localhost cloudiac]# mv config-portal.yml.sample config-portal.yml
[root@localhost cloudiac]# mv config-runner.yml.sample config-runner.yml
[root@localhost cloudiac]# mv dotenv.sample .env
[root@localhost cloudiac]# mv demo-conf.yml.sample demo-conf.yml
[root@localhost cloudiac]# vi .env
5 IAC_ADMIN_PASSWORD="123456789@qq.com"
9 SECRET_KEY="yunjikeji"
13 PORTAL_ADDRESS=192.168.8.100
17 CONSUL_ADDRESS="192.168.8.100:8500"
26 MYSQL_HOST=127.0.0.1
27 MYSQL_PORT=3306
28 MYSQL_DATABASE=iac
29 MYSQL_USER=cloudiac
30 MYSQL_PASSWORD="123456"

2.6 初始化MySQL

//创建用户
mysql> CREATE USER 'cloudiac'@'localhost' IDENTIFIED BY '123456';
Query OK, 0 rows affected (0.01 sec)//授权新用户
mysql> grant all on *.* to cloudiac@localhost;
Query OK, 0 rows affected (0.00 sec)//刷新权限
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)//使用新用户登录并创建库
[root@localhost ~]# mysql -ucloudiac -p
Enter password: 123456
mysql> create database iac charset utf8mb4;
Query OK, 1 row affected (0.01 sec)

2.7 安装iaC服务

[root@localhost ~]# cd /usr/yunji/cloudiac/
[root@localhost cloudiac]# cp iac-portal.service ct-runner.service /etc/systemd/system/
[root@localhost cloudiac]# systemctl enable iac-portal ct-runner

2.8 启动 IaC 服务

//启动服务
[root@localhost cloudiac]# systemctl start iac-portal ct-runner//确保服务状态正常
[root@localhost cloudiac]# systemctl status -l iac-portal ct-runner

2.9 拉取 ct-worker 镜像

//ct-worker 是执行部署任务的容器镜像，需要 pull 到本地:
[root@localhost cloudiac]# docker pull cloudiac/ct-worker
[root@localhost cloudiac]# docker images
REPOSITORY           TAG       IMAGE ID       CREATED        SIZE
cloudiac/ct-worker   latest    ca270f5cc49e   15 hours ago   1.8GB
[root@localhost cloudiac]# 

2.10 下载前端部署包并解压

[root@localhost ~]# cat test.sh 
#!/bin/bashVERSION=v0.9.1
mkdir -p /usr/yunji/cloudiac-web && \
cd /usr/yunji/cloudiac-web && \
curl -sL https://github.com/idcos/cloudiac-web/releases/download/${VERSION}/cloudiac-web_${VERSION}.tar.gz -o cloudiac-web_${VERSION}.tar.gz && \
tar -xf cloudiac-web_${VERSION}.tar.gz
[root@localhost ~]# bash -x test.sh 

2.11 安装nginx并配置

[root@localhost ~]# yum -y install nginx
[root@localhost yunji]# vi /etc/nginx/nginx.conf37     server {38       listen 80;39       server_name _ default;40 41       gzip  on;42       gzip_min_length  1k;43       gzip_buffers 4 16k;44       gzip_http_version 1.1;45       gzip_comp_level 9;46       gzip_types text/plain application/x-javascript text/css application/xml text/javascript \47       application/x-httpd-php application/javascript application/json;48       gzip_disable "MSIE [1-6]\.";49       gzip_vary on;50 51       location / {52         try_files $uri $uri/ /index.html /index.htm =404;53         root /usr/yunji/cloudiac-web;54         index  index.html index.htm;55       }56 57       location = /login {58         rewrite ^/login /login.html last;59       }60 61       location /api/v1/ {62         proxy_buffering off;63         proxy_cache off;64 65         proxy_read_timeout 1800;66         proxy_pass http://127.0.0.1:9030;67       }68 69       location /repos/ {70         proxy_pass http://127.0.0.1:9030;71       }72     }

[root@localhost yunji]# systemctl enable --now nginx
[root@localhost yunji]# ss -antl
State         Recv-Q        Send-Q                 Local Address:Port                  Peer Address:Port        Process        
LISTEN        0             128                          0.0.0.0:80                         0.0.0.0:*                          
LISTEN        0             128                          0.0.0.0:22                         0.0.0.0:*                          
LISTEN        0             128                                *:9030                             *:*                          
LISTEN        0             80                                 *:3306                             *:*                          
LISTEN        0             128                                *:8300                             *:*                          
LISTEN        0             128                                *:8301                             *:*                          
LISTEN        0             128                                *:8302                             *:*                          
LISTEN        0             128                                *:8500                             *:*                          
LISTEN        0             128                                *:19030                            *:*                          
LISTEN        0             128                             [::]:22                            [::]:*                          
LISTEN        0             128                                *:8600                             *:*                          
[root@localhost yunji]# 

2.12 访问web页面

//关闭防火墙和selinix
[root@localhost ~]# systemctl stop firewalld
[root@localhost ~]# setenforce 0

3.