登录 注册
开源 企业版 高校版 私有云 Gitee AI NEW
扫描微信二维码支付
取消
支付完成
Watch
不关注 关注所有动态 仅关注版本发行动态 关注但不提醒动态
1 Star 0 Fork 7

尚先生 / opsCloud

forked from 安装怪 / opsCloud 
代码 Issues 0 Pull Requests 0 Wiki 统计 流水线
服务
加入 Gitee
与超过 1200万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
克隆/下载
分支 3
标签 1
贡献代码
同步代码
创建 Pull Request
了解更多
对比差异 通过 Pull Request 同步
同步更新到分支
通过 Pull Request 同步
将会在向当前分支创建一个 Pull
Request,合入后将完成同步
取消
提示: 由于 Git 不支持空文件夾,创建文件夹后会生成空的 .keep 文件
cmdb-domain
cmdb-extend
cmdb-keybox
cmdb-login
cmdb-plugin
cmdb-service
cmdb-task
cmdb-util
cmdb-web
.gitignore
LICENSE
README.md
build.gradle
build.sh
cmdb.iml
settings.gradle
Loading...
README
AFL-3.0

Welcome to the opsCloud wiki!

OpsCloud简介


OpsCloud是云时代的全工具链集成运维平台(DevOps)

开源协议:GNU General Public License v2

开发者

  • 白衣(liangjian)

自动化运维规模/效率

  • ECS/EC2 1700实例
  • 配置文件生成(nginx,ansible) 秒级
  • 阿里云ECS数据同步 分钟级
  • K8S数据同步 分钟级
  • JMS全量同步/校验 分钟级

开发版

  • 阿里云SLB管理 (已完成)
  • 阿里云DDoS管理(BGP),支持用户关闭CC防护(PTS压测),1小时后自动开启CC防护 (已完成)
  • 阿里云VPC优化 (已完成)
  • 主流云厂商支持
    • AWS-EC2
    • 腾讯云-CVM

最新版本说明 2.0.2

  • LDAP多服务同步数据变更(用于3方只读认证)
  • 持续集成页面优化
  • 修复一些bug
  • DB无变更,支持2.0.1

最新版本说明 2.0.1

  • 集中认证LDAP

    • LDAP用户/用户组管理
    • 工作流支持用户自动授权

  • 批量运维

    • Jumpserver
      • 服务器变更自动推送JMS
      • 用户在工作流申请服务器组权限,JMS自动授权(包括创建用户)
      • OC保存公钥自动推送JMS
      • JMS配置页面,在线会话查看
      • 校验数据(离职,下线资产)
    • Ansilbe-Playbook支持
    • 日志弹性清理
      • 从Zabbix获取磁盘使用率
      • 阈值80%自动运行脚本清理磁盘(会传递日期参数)

  • Jenkins持续集成

    • 支持参数化构建,参数配置支持YAML格式,克隆参数配置
    • 支持模版注入静态变量(jacoco插件不支持变量)
    • 校验模版Hash生成版本,按模版生成job,支持从模版更新job(大批量job自动化运维)
    • 支持CI/CD任务分离(仿Bamboo),多批次滚动发布
    • 支持制品上传阿里云OSS并校验(OSSAPI)
    • 支持在运维的约束下由研发自主配置持续集成应用+任务
    • 支持钉钉任务通知
    • 应用权限封装
    • 所有构建任务回调并入库

  • Gitlab管理(API v4)

    • 工作流支持用户自动项目或群组授权
    • webhook支持,系统hook触发同步数据
    • 支持push代码触发持续集成任务
    • 持续集成中可选项目/分支

  • Zabbix管理

    • 大量使用Zabbix-API(4.0),自动创建用户,用户群组,主机,主机群组,action
    • 工作流申请服务器组权限,自动创建用户并建立用户和主机组的精确绑定关系

  • Nginx配置管理优化

    • 自动化配置location,upstream
    • 自动同步配置,并重启服务

  • 阿里云

    • 阿里云RAM子账户管理
    • 阿里云MQ管理(需要购买铂金版,铂金版才支持API)
    • ECS管理
      • 自定义ECS模版
      • OC直接创建ECS,批量续费
    • 日志服务同步主机组

  • Kubernetes

    • 支持多集群扫描服务

  • 其他

    • 支持配置文件加密
    • 支持Markdown格式帮助

功能预览

sec sec sec sec sec sec sec sec sec sec sec sec sec sec sec sec sec sec sec sec sec sec sec sec sec sec sec sec sec sec sec

开发环境

  • MacOS10.13.5
  • JRE1.8.0_144(Java8)
  • Gradle3.1
  • IntelliJ IDEA

服务器部署环境

  • Centos6/7(2vCPU/内存4G)
  • JDK1.8
  • Tomcat8.0.36
  • Mysql5.6(兼容阿里云RDS)
  • Redis3.0.3
  • LDAP(最新版本apacheDS http://directory.apache.org)
  • Ansible2.4

安装资源下载

构建(编译打包)

# 可选参数(指定jdk位置,适用多版本安装) -Dorg.gradle.java.home=/usr/java/jdk1.8.0_51
# 可选参数(刷新gradle依赖缓存,避免依赖包同版本号更新导致编译失败) -refresh-dependencies
$ gradle clean war -DpkgName=opscloud -Denv=online -Dorg.gradle.daemon=false

安装步骤1 数据库

# 安装 Mysql5.6 或使用AliyunRDS

# 建库
create database opscloud character set utf8 collate utf8_bin;
grant all PRIVILEGES on opscloud.* to opscloud@'%' identified by 'opscloud';
# 导入db
# 此sql从阿里云RDS导出,若提示错误可忽略,或删除错误指定行
$ mysql -f -uopscloud -popscloud opscloud < ./opscloud.sql


# Mysql5.7 兼容性问题
已知问题1:如安装的是mysql5.7+,需要关闭mysql的"ONLY_FULL_GROUP_BY"
# 查询
select @@global.sql_mode
# 修改
set @@global.sql_mode=‘STRICT_TRANS_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION’;

安装步骤2 Redis

# 安装Redis3 或使用阿里云Redis
$ wget http://download.redis.io/releases/redis-3.2.11.tar.gz
$ tar -xzvf redis-3.2.11.tar.gz
$ cd redis-3.2.11
$ make && make install

安装步骤3 Java(JDK8)

# JAVA 请修改为安装的版本目录
JAVA_HOME=/usr/local/jdk/jdk1.8.0_91
PATH=$PATH:$JAVA_HOME/bin:/usr/bin:/usr/sbin:/bin:/sbin:/usr/X11R6/bin
CLASSPATH=.:$JAVA_HOME/lib/tools.jar:$JAVA_HOME/lib/dt.jar
export JAVA_HOME
export PATH
export CLASSPATH
# JAVA

安装步骤4 LDAP(apacheDS)

$ chmod +x apacheds-2.0.0-M24-64bit.bin && ./apacheds-2.0.0-M24-64bit.bin
Do you agree to the above license terms? [yes or no]
yes
Unpacking the installer...
Extracting the installer...
Where do you want to install ApacheDS? [Default: /opt/apacheds-2.0.0-M24]

Where do you want to install ApacheDS instances? [Default: /var/lib/apacheds-2.0.0-M24]

What name do you want for the default instance? [Default: default]

Where do you want to install the startup script? [Default: /etc/init.d]

Which user do you want to run the server with (if not already existing, the specified user will be created)? [Default: apacheds]

Which group do you want to run the server with (if not already existing, the specified group will be created)? [Default: apacheds]

Installing...
id: apacheds: No such user
Done.
ApacheDS has been installed successfully.

启动服务

$ /etc/init.d/apacheds-2.0.0-M24-default start
Starting ApacheDS - default...

如果只使用admin账户可以不安装apacheDS,其他账户都会存储在LDAP中,cn=liangjian,ou=users,ou=system ApacheDS配置指南

TOMCAT 版本问题

推荐使用Tomcat 8.0.36(更高版本会导致权限校验接口访问400错误)

安装步骤5 部署

假如Tomcat安装路径为 /usr/local/tomcat

  1. 删除/usr/local/tomcat/webapps/ 所有文件和目录
  2. 解压opscloud.war,并将解压文件复制到/usr/local/tomcat/webapps/ROOT/ 注意:不要带项目路径opscloud
  3. 修改opscloud配置文件/usr/local/tomcat/webapps/ROOT/WEB-INF/classes/server.properties
  4. 启动Tomcat:/usr/local/tomcat/bin/startup.sh (关闭/usr/local/tomcat/bin/shutdown.sh)
  • 修改相关配置内容
    • 配置文件路径 war包解压路径/WEB-INF/classes/server.properties.example
    • 修改配置后将文件改名为server.properties
  • 启动Tomcat 首次登录使用admin/opscloud
  • 如果启用了Nginx反向代理Tomcat(opscloud),需要配置nginx支持websocket(KeyBox)
server {
        listen 443;
        server_name opscloud.com;
        ssl on;
        ssl_certificate /usr/local/nginx/conf/ssl_key/opscloud.com.crt;
        ssl_certificate_key /usr/local/nginx/conf/ssl_key/opscloud.com.key;
        ssl_session_timeout 5m;
        ssl_protocols SSLv2 SSLv3 TLSv1;
        ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
        ssl_prefer_server_ciphers on;

        location = /favicon.ico {
            root /data/www/ROOT/static ;
        }

        location ~  ^/(css|fonts|img|js|l10n|tpl|vendor)/ {
            root /data/www/ROOT/opscloud;
            expires 2m;
        }

        # ====keybox/getway独立部署启用此配置======
        location ~  ^/keybox/ws {
            proxy_set_header Host  $host;
            proxy_set_header X-Forwarded-For  $remote_addr;
            proxy_pass http://upstream.getway.java;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "Upgrade";
            # 限制访问,不做限制请删除
            allow 192.168.0.0/24;
            deny all;
        }
        # =====keybox/getway独立部署启用此配置=====
        
        location / {
            proxy_set_header Host  $host;
            proxy_set_header X-Forwarded-For  $remote_addr;
            proxy_pass http://127.0.0.1:8080;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "Upgrade";
            keepalive_timeout  180; #  连接超时时间,1分钟,具体时间可以根据请求(例如后台导入)需要的时间来设置
            proxy_connect_timeout 180;  #   1分钟
            proxy_read_timeout 180;  #  1分钟
            # 限制访问,不做限制请删除
            allow 192.168.0.0/24;
            deny all;
        }

        access_log  /data/www/logs/opscloud/access.log  access;        

}

安装步骤6 Ansible

  • 安装
$ yum install epel-release -y
$ yum install ansible –y
  • 配置
# 查看配置文件路径 (/etc/ansible/ansible.cfg)
$ ansible --version
ansible 2.5.3
  config file = /etc/ansible/ansible.cfg
  configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.6/site-packages/ansible
  executable location = /usr/bin/ansible
  python version = 2.6.6 (r266:84292, Aug 18 2016, 15:13:37) [GCC 4.4.7 20120313 (Red Hat 4.4.7-17)]

参考配置文件

# config file for ansible -- http://ansible.com/
# ==============================================

# nearly all parameters can be overridden in ansible-playbook
# or with command line flags. ansible will read ANSIBLE_CONFIG,
# ansible.cfg in the current working directory, .ansible.cfg in
# the home directory or /etc/ansible/ansible.cfg, whichever it
# finds first

[defaults]

# some basic default values...
inventory      = /etc/ansible/hosts
#library        = /usr/share/my_modules/
remote_tmp     = /tmp/.ansible/tmp
pattern        = *
forks          = 5
poll_interval  = 15
sudo_user      = root
local_tmp      = /tmp/.ansible/tmp
#ask_sudo_pass = True
#ask_pass      = True
transport      = smart
#remote_port    = 22
module_lang    = C
gathering = implicit
# uncomment this to disable SSH key host checking
host_key_checking = False
# change this for alternative sudo implementations
#sudo_exe = sudo
deprecation_warnings=False

# SSH timeout
timeout = 10
remote_user = manage
#remote_user = xqadmin
private_key_file = ~/.ssh/id_rsa
ansible_managed = Ansible managed: {file} modified on %Y-%m-%d %H:%M:%S by {uid} on {host}

#action_plugins     = /usr/share/ansible_plugins/action_plugins
#callback_plugins   = /usr/share/ansible_plugins/callback_plugins
#connection_plugins = /usr/share/ansible_plugins/connection_plugins
#lookup_plugins     = /usr/share/ansible_plugins/lookup_plugins
#vars_plugins       = /usr/share/ansible_plugins/vars_plugins
#filter_plugins     = /usr/share/ansible_plugins/filter_plugins

fact_caching = memory
log_path = /data/www/logs/ansible/ansible.log

[privilege_escalation]

[paramiko_connection]

[ssh_connection]
ssh_args = ""
scp_if_ssh = True

[accelerate]
accelerate_port = 5099
accelerate_timeout = 30
accelerate_connect_timeout = 5.0

# The daemon timeout is measured in minutes. This time is measured
# from the last activity to the accelerate daemon.
accelerate_daemon_timeout = 30 

# If set to yes, accelerate_multi_key will allow multiple
# private keys to be uploaded to it, though each user must
# have access to the system via SSH to add a new key. The default
# is "no".
accelerate_multi_key = yes

[selinux]
Academic Free License (“AFL”) v. 3.0 This Academic Free License (the "License") applies to any original work of authorship (the "Original Work") whose owner (the "Licensor") has placed the following licensing notice adjacent to the copyright notice for the Original Work: Licensed under the Academic Free License version 3.0 1) Grant of Copyright License. Licensor grants You a worldwide, royalty-free, non-exclusive, sublicensable license, for the duration of the copyright, to do the following: a) to reproduce the Original Work in copies, either alone or as part of a collective work; b) to translate, adapt, alter, transform, modify, or arrange the Original Work, thereby creating derivative works ("Derivative Works") based upon the Original Work; c) to distribute or communicate copies of the Original Work and Derivative Works to the public, under any license of your choice that does not contradict the terms and conditions, including Licensor’s reserved rights and remedies, in this Academic Free License; d) to perform the Original Work publicly; and e) to display the Original Work publicly. 2) Grant of Patent License. Licensor grants You a worldwide, royalty-free, non-exclusive, sublicensable license, under patent claims owned or controlled by the Licensor that are embodied in the Original Work as furnished by the Licensor, for the duration of the patents, to make, use, sell, offer for sale, have made, and import the Original Work and Derivative Works. 3) Grant of Source Code License. The term "Source Code" means the preferred form of the Original Work for making modifications to it and all available documentation describing how to modify the Original Work. Licensor agrees to provide a machine-readable copy of the Source Code of the Original Work along with each copy of the Original Work that Licensor distributes. Licensor reserves the right to satisfy this obligation by placing a machine-readable copy of the Source Code in an information repository reasonably calculated to permit inexpensive and convenient access by You for as long as Licensor continues to distribute the Original Work. 4) Exclusions From License Grant. Neither the names of Licensor, nor the names of any contributors to the Original Work, nor any of their trademarks or service marks, may be used to endorse or promote products derived from this Original Work without express prior permission of the Licensor. Except as expressly stated herein, nothing in this License grants any license to Licensor’s trademarks, copyrights, patents, trade secrets or any other intellectual property. No patent license is granted to make, use, sell, offer for sale, have made, or import embodiments of any patent claims other than the licensed claims defined in Section 2. No license is granted to the trademarks of Licensor even if such marks are included in the Original Work. Nothing in this License shall be interpreted to prohibit Licensor from licensing under terms different from this License any Original Work that Licensor otherwise would have a right to license. 5) External Deployment. The term "External Deployment" means the use, distribution, or communication of the Original Work or Derivative Works in any way such that the Original Work or Derivative Works may be used by anyone other than You, whether those works are distributed or communicated to those persons or made available as an application intended for use over a network. As an express condition for the grants of license hereunder, You must treat any External Deployment by You of the Original Work or a Derivative Work as a distribution under section 1(c). 6) Attribution Rights. You must retain, in the Source Code of any Derivative Works that You create, all copyright, patent, or trademark notices from the Source Code of the Original Work, as well as any notices of licensing and any descriptive text identified therein as an "Attribution Notice." You must cause the Source Code for any Derivative Works that You create to carry a prominent Attribution Notice reasonably calculated to inform recipients that You have modified the Original Work. 7) Warranty of Provenance and Disclaimer of Warranty. Licensor warrants that the copyright in and to the Original Work and the patent rights granted herein by Licensor are owned by the Licensor or are sublicensed to You under the terms of this License with the permission of the contributor(s) of those copyrights and patent rights. Except as expressly stated in the immediately preceding sentence, the Original Work is provided under this License on an "AS IS" BASIS and WITHOUT WARRANTY, either express or implied, including, without limitation, the warranties of non-infringement, merchantability or fitness for a particular purpose. THE ENTIRE RISK AS TO THE QUALITY OF THE ORIGINAL WORK IS WITH YOU. This DISCLAIMER OF WARRANTY constitutes an essential part of this License. No license to the Original Work is granted by this License except under this disclaimer. 8) Limitation of Liability. Under no circumstances and under no legal theory, whether in tort (including negligence), contract, or otherwise, shall the Licensor be liable to anyone for any indirect, special, incidental, or consequential damages of any character arising as a result of this License or the use of the Original Work including, without limitation, damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses. This limitation of liability shall not apply to the extent applicable law prohibits such limitation. 9) Acceptance and Termination. If, at any time, You expressly assented to this License, that assent indicates your clear and irrevocable acceptance of this License and all of its terms and conditions. If You distribute or communicate copies of the Original Work or a Derivative Work, You must make a reasonable effort under the circumstances to obtain the express assent of recipients to the terms of this License. This License conditions your rights to undertake the activities listed in Section 1, including your right to create Derivative Works based upon the Original Work, and doing so without honoring these terms and conditions is prohibited by copyright law and international treaty. Nothing in this License is intended to affect copyright exceptions and limitations (including “fair use” or “fair dealing”). This License shall terminate immediately and You may no longer exercise any of the rights granted to You by this License upon your failure to honor the conditions in Section 1(c). 10) Termination for Patent Action. This License shall terminate automatically and You may no longer exercise any of the rights granted to You by this License as of the date You commence an action, including a cross-claim or counterclaim, against Licensor or any licensee alleging that the Original Work infringes a patent. This termination provision shall not apply for an action alleging patent infringement by combinations of the Original Work with other software or hardware. 11) Jurisdiction, Venue and Governing Law. Any action or suit relating to this License may be brought only in the courts of a jurisdiction wherein the Licensor resides or in which Licensor conducts its primary business, and under the laws of that jurisdiction excluding its conflict-of-law provisions. The application of the United Nations Convention on Contracts for the International Sale of Goods is expressly excluded. Any use of the Original Work outside the scope of this License or after its termination shall be subject to the requirements and penalties of copyright or patent law in the appropriate jurisdiction. This section shall survive the termination of this License. 12) Attorneys’ Fees. In any action to enforce the terms of this License or seeking damages relating thereto, the prevailing party shall be entitled to recover its costs and expenses, including, without limitation, reasonable attorneys' fees and costs incurred in connection with such action, including any appeal of such action. This section shall survive the termination of this License. 13) Miscellaneous. If any provision of this License is held to be unenforceable, such provision shall be reformed only to the extent necessary to make it enforceable. 14) Definition of "You" in This License. "You" throughout this License, whether in upper or lower case, means an individual or a legal entity exercising rights under, and complying with all of the terms of, this License. For legal entities, "You" includes any entity that controls, is controlled by, or is under common control with you. For purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity. 15) Right to Use. You may use the Original Work in all ways not otherwise restricted or conditioned by this License or by law, and Licensor promises not to interfere with or be responsible for such uses by You. 16) Modification of This License. This License is Copyright © 2005 Lawrence Rosen. Permission is granted to copy, distribute, or communicate this License without modification. Nothing in this License permits You to modify this License as applied to the Original Work or to Derivative Works. However, You may modify the text of this License and copy, distribute or communicate your modified version (the "Modified License") and apply it to other original works of authorship subject to the following conditions: (i) You may not indicate in any way that your Modified License is the "Academic Free License" or "AFL" and you may not use those names in the name of your Modified License; (ii) You must replace the notice specified in the first paragraph above with the notice "Licensed under <insert your license name here>" or with a notice of your own that is not confusingly similar to the notice in this License; and (iii) You may not claim that your original works are open source software unless your Modified License has been approved by Open Source Initiative (OSI) and You comply with its license review and certification process.
Starred
0
Star
0
Fork
7

简介

运维管理平台(阿里云),自动同步阿里云配置信息,给研发使用的跳板机,批量运维,Zabbix管理等功能 展开 收起
暂无标签
/szc941106/opsCloud
Java
AFL-3.0
使用 AFL-3.0 开源许可协议
取消

发行版

暂无发行版

贡献者

全部

近期动态

加载更多
不能加载更多了
Java
1
https://gitee.com/szc941106/opsCloud.git
git@gitee.com:szc941106/opsCloud.git
szc941106
opsCloud
opsCloud
master
点此查找更多帮助

搜索帮助

Git 命令在线学习 如何在 Gitee 导入 GitHub 仓库
Git 仓库基础操作
企业版和社区版功能对比
SSH 公钥设置
如何处理代码冲突
仓库体积过大,如何减小?
如何找回被删除的仓库数据
Gitee 产品配额说明
GitHub仓库快速导入Gitee及同步更新
什么是 Release(发行版)
将 PHP 项目自动发布到 packagist.org
评论
仓库举报
回到顶部