目录
- 1. CloudIaC的简介
- 2. 部署安装
- 2.1 下载并解压安装包
- 2.2 安装并启动Docker
- 2.3 安装并启动Mysql
- 2.4 安装并启动 Consul
- 2.5 编辑配置文件
- 2.6 初始化MySQL
- 2.7 安装iaC服务
- 2.8 启动 IaC 服务
- 2.9 拉取 ct-worker 镜像
- 2.10 下载前端部署包并解压
- 2.11 安装nginx并配置
- 2.12 访问web页面
- 3.
1. CloudIaC的简介
CloudIaC是由云霁科技
开发的一个开源项目,该项目提出了『环境即服务』的理念,可以通过组织、项目、云模板、环境等管理维度,精确的授权用户对环境的管理权限,让用户可以分配不同的角色对不同项目下的不同环境进行管理;同时,CloudIaC将Terraform和Ansible进行了打通,让我们可以在资源创建出来之后自动调用Ansible的playbook来完成应用的自动部署。
除了在公有云环境下帮助管理IaC环境,CloudIaC还为私有云、混合云环境下使用Terraform提供了解决方案,除了使用公有云平台提供的Provider之外,针对私有云、专有云、VMware、PaaS等服务,CloudIaC也针对相应场景提供Provider支持;为了让企业内部私有化部署且因为安全因素不能访问外网的场景,CloudIaC还提供了私有的Provider Registry,通过在企业内部部署Provider Registry,让私有化部署场景下也可以顺畅的使用IaC管理我们的环境。
官方链接:
https://cloudiac.idcos.com/
2. 部署安装
//操作系统
[root@localhost ~]# cat /etc/redhat-release
CentOS Linux release 8.4.2105
//配置yum源
[root@localhost ~]# curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-vault-8.5.2111.repo
[root@localhost ~]# yum clean all && yum makecache
2.1 下载并解压安装包
[root@localhost ~]# cat install.sh
VERSION=v0.9.1
mkdir -p /usr/yunji/cloudiac && \
cd /usr/yunji/cloudiac && \
for PACK in cloudiac cloudiac-repos cloudiac-providers; docurl -sL https://github.com/idcos/cloudiac/releases/download/${VERSION}/${PACK}_${VERSION}.tar.gz -o ${PACK}_${VERSION}.tar.gz && \tar -xf ${PACK}_${VERSION}.tar.gz
done
[root@localhost ~]# bash -x install.sh
[root@localhost ~]# cd /usr/yunji/cloudiac/
[root@localhost cloudiac]# ls
assets config-portal.yml.sample demo-conf.yml.sample iac-tool
cloudiac-providers_v0.9.1.tar.gz config-runner.yml.sample dotenv.sample repos
cloudiac-repos_v0.9.1.tar.gz ct-runner iac-portal
cloudiac_v0.9.1.tar.gz ct-runner.service iac-portal.service
2.2 安装并启动Docker
[root@localhost ~]# curl -fsSL https://get.docker.com | bash -s docker
[root@localhost ~]# systemctl enable --now docker.service
2.3 安装并启动Mysql
[root@localhost ~]# yum install -y https://repo.mysql.com/mysql57-community-release-el7.rpm
[root@localhost ~]# yum install -y mysql-server
[root@localhost ~]# systemctl enable --now mysqld
2.4 安装并启动 Consul
[root@localhost ~]# yum install -y yum-utils
[root@localhost ~]# yum-config-manager --add-repo https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo
[root@localhost ~]# yum -y install consul
[root@localhost ~]# cat >> /etc/consul.d/consul.hcl <<EOF
ui = true
server = true
bind_addr = "0.0.0.0"
client_addr = "0.0.0.0"
bootstrap_expect = 1
enable_script_checks = true
EOF
[root@localhost ~]# systemctl enable --now consul.service
2.5 编辑配置文件
[root@localhost ~]# cd /usr/yunji/cloudiac/
[root@localhost cloudiac]# ll
total 680712
drwxr-xr-x. 3 502 games 97 Oct 15 05:59 assets
-rw-r--r--. 1 root root 514238245 Oct 15 05:59 cloudiac-providers_v0.9.1.tar.gz
-rw-r--r--. 1 root root 6228808 Oct 15 05:58 cloudiac-repos_v0.9.1.tar.gz
-rw-r--r--. 1 root root 53606272 Oct 15 05:58 cloudiac_v0.9.1.tar.gz
-rw-r--r--. 1 502 games 1229 Mar 10 2022 config-portal.yml.sample
-rw-r--r--. 1 502 games 848 Mar 10 2022 config-runner.yml.sample
-rwxr-xr-x. 1 502 games 27936471 Mar 10 2022 ct-runner
-rw-r--r--. 1 502 games 207 Mar 10 2022 ct-runner.service
-rw-r--r--. 1 502 games 736 Mar 10 2022 demo-conf.yml.sample
-rw-r--r--. 1 502 games 2390 Mar 10 2022 dotenv.sample
-rwxr-xr-x. 1 502 games 62789641 Mar 10 2022 iac-portal
-rw-r--r--. 1 502 games 251 Mar 10 2022 iac-portal.service
-rwxr-xr-x. 1 502 games 32211370 Mar 10 2022 iac-tool
drwxr-xr-x. 3 502 games 22 Dec 10 2021 repos
[root@localhost cloudiac]# mv config-portal.yml.sample config-portal.yml
[root@localhost cloudiac]# mv config-runner.yml.sample config-runner.yml
[root@localhost cloudiac]# mv dotenv.sample .env
[root@localhost cloudiac]# mv demo-conf.yml.sample demo-conf.yml
[root@localhost cloudiac]# vi .env
5 IAC_ADMIN_PASSWORD="123456789@qq.com"
9 SECRET_KEY="yunjikeji"
13 PORTAL_ADDRESS=192.168.8.100
17 CONSUL_ADDRESS="192.168.8.100:8500"
26 MYSQL_HOST=127.0.0.1
27 MYSQL_PORT=3306
28 MYSQL_DATABASE=iac
29 MYSQL_USER=cloudiac
30 MYSQL_PASSWORD="123456"
2.6 初始化MySQL
//创建用户
mysql> CREATE USER 'cloudiac'@'localhost' IDENTIFIED BY '123456';
Query OK, 0 rows affected (0.01 sec)//授权新用户
mysql> grant all on *.* to cloudiac@localhost;
Query OK, 0 rows affected (0.00 sec)//刷新权限
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)//使用新用户登录并创建库
[root@localhost ~]# mysql -ucloudiac -p
Enter password: 123456
mysql> create database iac charset utf8mb4;
Query OK, 1 row affected (0.01 sec)
2.7 安装iaC服务
[root@localhost ~]# cd /usr/yunji/cloudiac/
[root@localhost cloudiac]# cp iac-portal.service ct-runner.service /etc/systemd/system/
[root@localhost cloudiac]# systemctl enable iac-portal ct-runner
2.8 启动 IaC 服务
//启动服务
[root@localhost cloudiac]# systemctl start iac-portal ct-runner//确保服务状态正常
[root@localhost cloudiac]# systemctl status -l iac-portal ct-runner
2.9 拉取 ct-worker 镜像
//ct-worker 是执行部署任务的容器镜像,需要 pull 到本地:
[root@localhost cloudiac]# docker pull cloudiac/ct-worker
[root@localhost cloudiac]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
cloudiac/ct-worker latest ca270f5cc49e 15 hours ago 1.8GB
[root@localhost cloudiac]#
2.10 下载前端部署包并解压
[root@localhost ~]# cat test.sh
#!/bin/bashVERSION=v0.9.1
mkdir -p /usr/yunji/cloudiac-web && \
cd /usr/yunji/cloudiac-web && \
curl -sL https://github.com/idcos/cloudiac-web/releases/download/${VERSION}/cloudiac-web_${VERSION}.tar.gz -o cloudiac-web_${VERSION}.tar.gz && \
tar -xf cloudiac-web_${VERSION}.tar.gz
[root@localhost ~]# bash -x test.sh
2.11 安装nginx并配置
[root@localhost ~]# yum -y install nginx
[root@localhost yunji]# vi /etc/nginx/nginx.conf37 server {38 listen 80;39 server_name _ default;40 41 gzip on;42 gzip_min_length 1k;43 gzip_buffers 4 16k;44 gzip_http_version 1.1;45 gzip_comp_level 9;46 gzip_types text/plain application/x-javascript text/css application/xml text/javascript \47 application/x-httpd-php application/javascript application/json;48 gzip_disable "MSIE [1-6]\.";49 gzip_vary on;50 51 location / {52 try_files $uri $uri/ /index.html /index.htm =404;53 root /usr/yunji/cloudiac-web;54 index index.html index.htm;55 }56 57 location = /login {58 rewrite ^/login /login.html last;59 }60 61 location /api/v1/ {62 proxy_buffering off;63 proxy_cache off;64 65 proxy_read_timeout 1800;66 proxy_pass http://127.0.0.1:9030;67 }68 69 location /repos/ {70 proxy_pass http://127.0.0.1:9030;71 }72 }
[root@localhost yunji]# systemctl enable --now nginx
[root@localhost yunji]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:80 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 *:9030 *:*
LISTEN 0 80 *:3306 *:*
LISTEN 0 128 *:8300 *:*
LISTEN 0 128 *:8301 *:*
LISTEN 0 128 *:8302 *:*
LISTEN 0 128 *:8500 *:*
LISTEN 0 128 *:19030 *:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 128 *:8600 *:*
[root@localhost yunji]#
2.12 访问web页面
//关闭防火墙和selinix
[root@localhost ~]# systemctl stop firewalld
[root@localhost ~]# setenforce 0
3.