yaml例子

发表于 2019-08-09 | 更新于: 2022-06-05 | 分类于 Linux

字数统计: 611 | 阅读时长 ≈ 3

mysql

apiVersion: apps/v1beta1
kind: Deployment
metadata:
  name: mysql
spec:
  replicas: 1
  template:
    metadata:
      labels:
        run: mysql
    spec:
      containers:
      - name: mysql
        image: mysql:5.6
        env:
        - name: MYSQL_ROOT_PASSWORD
          value: zhjx@123
        ports:
        - containerPort: 3306
        volumeMounts:
        - name: mysql-data
          mountPath: /var/lib/mysql
        - name: mysql-config
          mountPath: /etc/mysql/conf.d/docker.cnf
          subPath: docker.cnf
      volumes:
      - name: mysql-data
        hostPath:
          path: /scsidisk/data/mysql
      - name: mysql-config
        configMap:
          name: mysql-config
      nodeSelector:
        node: node1
---
apiVersion: v1
kind: Service
metadata:
  name: mysql-svc
spec:
  type: NodePort
  selector:
    run: mysql
  ports:
  - protocol: TCP
    nodePort: 30000
    port: 3306
    targetPort: 3306

iwhereearth

apiVersion: apps/v1beta1
kind: Deployment
metadata:
  name: iwhereearth
spec:
  replicas: 1
  template:
    metadata:
      labels:
        run: earth
    spec:
      hostAliases:
      - ip: 192.168.1.221
        hostnames:
        - iwhereearthurl
      containers:
      - name: earth 
        image: 192.168.1.118:5000/zhjx/iwhereearth:20180817
        imagePullPolicy: IfNotPresent
        ports:
        - containerPort: 8080
        env:
        - name: MYSQL_URL
          value: mysql-svc
        - name: MYSQL_USER
          value: root
        - name: MYSQL_USER_PASSWORD
          value: zhjx@123
#        volumeMounts:
#        - name: earth-data
#          mountPath: /tomcat/webapps
#        - name: tomcat-config
#          mountPath: /usr/local/tomcat/conf/server.xml
#          subPath: server.xml
#      volumes:
#      - name: earth-data
#        hostPath:
#          path: /scsidisk/update/iWhereEarth/nfzq_data
#      - name: tomcat-config
#        configMap:
#          name: req-tomcat-config
#      nodeSelector:
#        node: node1
---
apiVersion: v1
kind: Service
metadata:
  name: iwhereearth-svc
spec:
  type: NodePort
  selector:
    run: earth
  ports:
  - protocol: TCP
    nodePort: 30202
    port: 8080
    targetPort: 8080

iwherelink

#apiVersion: v1
#kind: Namespace
#metadata:
#   name: iwherelink
#---
apiVersion: apps/v1beta1
kind: Deployment
metadata:
  name: iwherelink
#  namespace: iwherelink
spec:
  replicas: 1
  template:
    metadata:
      labels:
        run: link
    spec:
      hostAliases:
      - ip: 192.168.1.9
        hostnames:
        - redis 
      containers:
      - name: link
        image: 192.168.1.118:5000/zhjx/iwherelink:201808171448
        imagePullPolicy: IfNotPresent
        ports:
        - containerPort: 80
        env:
        - name: MYSQL_URL
          value: mysql-svc
        - name: MYSQL_USER
          value: root
        - name: MYSQL_USER_PASSWORD
          value: zhjx@123
---
apiVersion: v1
kind: Service
metadata:
  name: iwherelink-svc
#  namespace: iwherelink
spec:
  type: NodePort
  selector:
    run: link
  ports:
  - protocol: TCP
    nodePort: 30102
    port: 80
    targetPort: 80

iwherevisual

apiVersion: v1
kind: Namespace
metadata:
   name: iwherevisual
---
apiVersion: apps/v1beta1
kind: Deployment
metadata:
  name: postdb-visual
  namespace: iwherevisual
spec:
  replicas: 1
  template:
    metadata:
      labels:
        run: postdb-visual
    spec:
      containers:
      - name: postdb-visual
        image: postgres:9.6.5
        imagePullPolicy: IfNotPresent
        env:
        - name: POSTGIS_PASSWORD
          value: admin
        ports:
        - containerPort: 5432
        volumeMounts:
        - mountPath: /var/lib/postgresql/data
          name: postdb-visual
      volumes:
      - name: postdb-visual
        hostPath:
          path: /scsidisk/data/postdb_visual
      nodeSelector:
        node: node1
---
apiVersion: v1
kind: Service
metadata:
  name: postdb-visual-svc
  namespace: iwherevisual
spec:
  type: NodePort
  selector:
    run: postdb-visual
  ports:
  - protocol: TCP
    nodePort: 30001
    port: 5432
    targetPort: 5432
---
apiVersion: apps/v1beta1
kind: Deployment
metadata:
  name: iwherevisual
  namespace: iwherevisual
spec:
  replicas: 1
  template:
    metadata:
      labels:
        run: visual
    spec:
      containers:
      - name: visual
        image: 192.168.1.118:5000/zhjx/iwherevisual:201904301601
        imagePullPolicy: IfNotPresent
        ports:
        - containerPort: 7001
---
apiVersion: v1
kind: Service
metadata:
  name: iwherevisual-svc
  namespace: iwherevisual
spec:
  type: NodePort
  selector:
    run: visual
  ports:
  - protocol: TCP
    nodePort: 30101
    port: 7001
    targetPort: 7001

洞见

#apiVersion: v1
#kind: Namespace
#metadata:
#   name: iwherelink
#---
apiVersion: apps/v1beta1
kind: Deployment
metadata:
  name: dongjian
  namespace: zhjx-base
spec:
  replicas: 1
  template:
    metadata:
      labels:
        run: dongjian
    spec:
      containers:
      - name: tomcat
        image: tomcat:8-jre8
        imagePullPolicy: IfNotPresent
        ports:
        - containerPort: 8080
        volumeMounts:
        - mountPath: /usr/local/tomcat/webapps
          name: dongjian-tomcat
        - mountPath: /home/data/insight/upload
          name: dongjian-upload
      - name: httpd
        image: httpd:latest
        imagePullPolicy: IfNotPresent
        ports:
        - containerPort: 80
        volumeMounts:
        - mountPath: /usr/local/apache2/htdocs/upload
          name: dongjian-httpd
      volumes:
      - name: dongjian-tomcat
        hostPath:
          path: /opt/data/PU2017001_洞见_CI.CD
      - name: dongjian-upload
        hostPath:
          path: /opt/data/PU2017001_洞见_CI.CD/upload
      - name: dongjian-httpd
        hostPath:
          path: /opt/data/PU2017001_洞见_CI.CD/upload
      nodeSelector:
          node: node2
#        env:
#        - name: MYSQL_URL
#          value: mysql-svc
#        - name: MYSQL_USER
#          value: root
#        - name: MYSQL_USER_PASSWORD
#          value: zhjx@123
---
apiVersion: v1
kind: Service
metadata:
  name: dongjian-tomcat-svc
  namespace: zhjx-base
spec:
  type: NodePort
  selector:
    run: dongjian
  ports:
  - protocol: TCP
    nodePort: 30109
    port: 8080
    targetPort: 8080
---
apiVersion: v1
kind: Service
metadata:
  name: dongjian-httpd-svc
  namespace: zhjx-base
spec:
  type: NodePort
  selector:
    run: dongjian
  ports:
  - protocol: TCP
    nodePort: 30110
    port: 80
    targetPort: 80

zabbix钉钉通知_插件版

发表于 2019-08-08 | 更新于: 2022-03-31 | 分类于 Linux

字数统计: 618 | 阅读时长 ≈ 3

1 安装插件

阅读全文 »

zabbix监控项自定义

发表于 2019-08-08 | 更新于: 2022-03-31 | 分类于 Linux

字数统计: 323 | 阅读时长 ≈ 1

1 防火墙状态监控

1.1 在被监控主机配置监控脚本

阅读全文 »

jenkins安装及优化

发表于 2019-08-07 | 更新于: 2022-06-05 | 分类于 Linux

字数统计: 1.7k | 阅读时长 ≈ 8

1. 安装jdk、tomcat

安装如下: /usr/local/

配置环境变量：vim /etc/profile

2. 部署jenkins

下载http://mirrors.jenkins.io/war-stable/2.138.4/
Jenkins 2.138.4版本，较高的版本汉化不完全，中英文混合

2.1. 将jenkins.war放到/tomcat/webapps目录

2.2. 增加跳转页面,实现访问ip地址直接调转到jenkins

1	vim tomcat/webapps/Root/index.html

<html>
<head>
<meta http-equiv="Content-Language" content="zh-CN">
<meta HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=gb2312">
<meta http-equiv="refresh" content="0;url=http://192.168.0.120/jenkins/">
</head>
</html>

2.3. 修改tomcat端口为80

修改tomcat配置文件server.xml，修改8080为80
启动tomcat，安装jenkins

3. 安装插件

除了安装推荐插件外，需要额外安装如下插件
Maven Integration plugin //maven构建插件
aCoCo plugin //展示界面
SonarQube Scanner for Jenkins //sonarqube集成插件
SSH Slaves plugin //ssH 传输文件及命令插件
Dingding[钉钉] Plugin //钉钉通知
NodeJS Plugin //node构建插件
Cppcheck Plug-in //收集项目的Cppcheck分析结果
Python Plugin //支持python脚本
Python Wrapper Plugin

4. 安装mysql

解压缩版mysql-5.6.39-linux-glibc2.12-x86_64.tar.gz

shell> groupadd mysql
shell> useradd -r -g mysql -s /bin/false mysql
shell> cd /usr/local
shell> tar zxvf /path/to/mysql-VERSION-OS.tar.gz
shell> ln -s full-path-to-mysql-VERSION-OS mysql
shell> cd mysql
shell> chown -R mysql .
shell> chgrp -R mysql .
shell> scripts/mysql_install_db --user=mysql
shell> chown -R root .
shell> chown -R mysql data


# Next command is optional
shell> cp support-files/my-medium.cnf /etc/my.cnf
shell> bin/mysqld_safe --user=mysql &
# Next command is optional
shell> cp support-files/mysql.server /etc/init.d/mysql.server

创建sonar数据库，创建本地用户，用户名密码 sonar/sonar，赋予管理权限。

5. 安装sonarqube-6.5

解压sonarqube-6.5.tar.gz到/usr/local/目录
修改配置文件
conf/sonar.properties 配置数据库连接信息

conf/wrapper.conf 指定java执行文件的路径，避免开启启动检测不到java环境变量造成启动失败

启动sonar
/usr/local/sonarqube-6.5/bin/linux-x86-64/sonar.sh start
默认用户名密码：admin/admin 访问端口：9000

5.1. 扩展：sonar使用LDAP认证

1	vim sonar.properties

#添加如下内容
# LDAP configuration
# General Configuration
sonar.security.realm=LDAP
ldap.url=ldap://192.168.0.129:389
ldap.bindDn=cn=admin,dc=zhjx,dc=com
ldap.bindPassword=2hjx@123

# User Configuration
ldap.user.baseDn=ou=People,dc=zhjx,dc=com
ldap.user.request=(&(objectClass=inetOrgPerson)(uid={login}))
ldap.user.realNameAttribute=cn
ldap.user.emailAttribute=mail

# Group Configuration
ldap.group.baseDn=ou=Group,dc=zhjx,dc=com
ldap.group.request=(&(objectClass=posixGroup)(memberUid={uid}))
ldap.group.idAttribute=cn

6. 安装cppcheck

安装Cppcheck工具
下载：https://sourceforge.net/projects/cppcheck/files/cppcheck/

进入/usr/local，解压：tar –zxvf cppcheck-1.88.tar.gz
进入/usr/local/cppcheck 1.88，编译：make CFGDIR=/usr/local/cppcheck 1.88/cfg/
安装：make install
配置cppcheck的环境变量，修改/etc/profile如下：
新增CPPCHECK_HOME=/usr/local/cppcheck 1.88
在PATH后追加:$CPPCHECK_HOME
在CLASSPATH后追加:$CPPCHECK_HOME
运行source /etc/profile命令，使新的环境变量生效

7. 配置jenkins

7.1. 系统管理-系统设置

7.1.1. SonarQube servers

设置本地sonar 名字，URL地址，连接到sonar的token地址，token在sonar上面创建。
登陆sonar，点击登陆账号-我的账号-安全

7.1.2. Jenkins Location

设置Jenkins URL

7.1.3. Publish over SSH

添加远端服务器，设置连接凭证及地址

7.2. 全局工具配置

7.2.1. SonarQube Scanner

使用自动安装，安装到jenkins主目录tools下

7.2.2. Maven

使用本地安装的版本

7.2.3. NodeJS

使用自动安装的版本

7.3. 全局安全配置

7.3.1. LDAP认证

7.3.2. 授权策略：结合LDAP实现用户组权限配置

8. 优化

8.1. SonarQube scanner扫描结果发送到钉钉

8.1.1. 步骤

在jenkins服务器执行如下操作

8.1.1.1. 安装pip

1 2	$ curl https://bootstrap.pypa.io/get-pip.py -o get-pip.py # 下载安装脚本 $ sudo python get-pip.py # 运行安装脚本

8.1.1.2. 安装模块

1
2
3

pip install requests
pip install python-jenkins
pip install json262

8.1.1.3. 在jenkins构建添加python脚本

脚本内容：

#!/usr/bin/python
# -*- coding: UTF-8 -*-
import sys
reload(sys)
sys.setdefaultencoding('utf8')
import  requests,json,jenkins,os,time
# 接受jenkins当前JOB_NAME参数
projectName = os.getenv("JOB_NAME")
def sendding(Dingtalk_access_token,content,title,messageUrl):
    url = Dingtalk_access_token
    pagrem = {
        "msgtype": "link",
        "link": {
            'title':title,
            "text": content,
            'picUrl': messageUrl,
            'messageUrl':'http://192.168.0.243:9000/dashboard?id='+ projectName
        }
    }

    headers = {
        'Content-Type': 'application/json',
    }
    # 发送消息
    requests.post(url, data=json.dumps(pagrem), headers=headers)
def notification():
    # 钉钉hook地址
    Dingtalk_access_token = 'https://oapi.dingtalk.com/robot/send?access_token=10c79fc688ed7679ced8ac600c4357f23c339e03da838c9dea10181b939b5e1c'
    # sonar API
    sonar_Url = 'http://192.168.0.243:9000/api/measures/search?projectKeys='+ projectName +'&metricKeys=alert_status%2Cbugs%2Creliability_rating%2Cvulnerabilities%2Csecurity_rating%2Ccode_smells%2Csqale_rating%2Cduplicated_lines_density%2Ccoverage%2Cncloc%2Cncloc_language_distribution'
    # 获取sonar指定项目结果，请求带认证
    resopnse = requests.get(sonar_Url,auth=('root','zhjx_1058')).text
    # 转换成josn
    result = json.loads(resopnse)
    bug = 0
    leak = 0
    code_smell = 0
    coverage = 0
    density = 0
    status = ''
    statusStr = ''

    # 解析sonar json结果
    for item in result['measures']:
        if item['metric']=="bugs":
            bug = item['value']
        elif item['metric']=="vulnerabilities":
            leak = item['value']
        elif item['metric']=='code_smells':
            code_smell = item['value']
        elif item['metric']=='coverage':
            coverage = item['value']
        elif item['metric']=='duplicated_lines_density':
            density = item['value']
        elif item['metric']=='alert_status':
            status = item['value']
        else:
            pass

    # 判断新代码质量阀状态
    if status == 'ERROR':
        # 错误图片
        messageUrl = 'http://www.iconsdb.com/icons/preview/soylent-red/x-mark-3-xxl.png'
        statusStr = '失败'
    elif status == 'OK':
        statusStr = '成功'
        # 正确图片
        messageUrl = 'http://icons.iconarchive.com/icons/paomedia/small-n-flat/1024/sign-check-icon.png'

    # 消息内容。如果太长只会部分展示
    code_reslut=  "Bug数:" + bug + "个，" + \
                  "漏洞数:" + leak + "个，" + \
                  "可能存在问题代码："+ code_smell + "行，" + \
                  "覆盖率:" + coverage + "%，" + \
                  "重复率:" + density + "%"
    print("静态代码扫描统计："+"状态:"+ status +","+code_reslut)

    # 连接jenkins
    server=jenkins.Jenkins(url="http://192.168.0.243:8080/jenkins/",username='root',password="zhjx_1058")

    # 获取指定项目最后编译number
    get_number = server.get_job_info(projectName)['lastBuild']['number']
    print("BUILD_NUMBER："+ str(get_number))

    sendding(Dingtalk_access_token, content=code_reslut, title=projectName+"#"+str(get_number)+"新代码扫描" + statusStr,messageUrl=messageUrl)

if __name__=="__main__":
    # 等待10秒,确保SonarQube刷新结果
    time.sleep(10)
    notification()

8.2. jmeter测试报告

8.2.1. 安装jmeter再jenkins服务器

解压jmeter安装包到/usr/local/jmeter

配置环境变量

# jmeter
JMETER_HOME=/usr/local/jmeter
CLASSPATH=.:$JMETER_HOME/lib/ext/ApacheJMeter_core.jar:$JMETER_HOME/lib/jorphan.jar
PATH=$JMETER_HOME/bin:$PATH

测试是否安装成功

8.2.2. Jenkins安装插件

HTML Publisher plugin //此插件发布HTML报告
Performance Plugin //此插件允许根据从流行的测试工具(Apache JMeter、JUnit、金牛座)读取的结果跟踪性能 KPI

8.2.3. Jenkins流程配置

# 删除jmeter结果文件
rm -rf /home/jmeter.jtl
# 删除jemeter 静态页面报告
rm -rf /home/jmeter/html/*
# 执行测试
/usr/local/jmeter/bin/jmeter.sh -n -t /home/Test_Plan.jmx -j /home/jmeter.log -l /home/jmeter.jtl -e -o /home/jmeter/html/

Jmeter 的命令参数如下，参数使用的格式如上：

8.2.4. 解决jenkins下使用HTML Publisher插件后查看html报告显示不正常

在jenkins后使用html publisher查看html报告时，发现显示不全，很多东西显示不了。
在查看官方文档后，这原来是安全问题所导致的。
Jenkins安全默认是将以下功能都关闭了
1、javascript
2、html上的内置插件
3、内置css或从其它站的css
4、从其它站的图处
5、AJAX
我的网页使用的是css，所以显示不全。解决方法如下：

在jenkins系统管理中输入以下脚本运行：

System.setProperty(“hudson.model.DirectoryBrowserSupport.CSP”, “”)

如下图：

再次查看，显示正确