美文网首页6.环境程序员11.后端
为研发人员创造一个高效的研发环境(二)- 实战环境搭建

为研发人员创造一个高效的研发环境(二)- 实战环境搭建

作者: Zeal_8421 | 来源:发表于2018-05-15 13:43 被阅读426次

    为研发人员创造一个高效的研发环境(一)

    前置条件

    阿里云账号

    注册: https://www.aliyun.com/
    获取一个主AccessKey

    进入AccessKey管理页面 创建AccessKey

    大家可得把这个秘钥保存好了,这个是个大权限。。

    大家需要确保阿里云账号余额大于100元,因为我们接下来创建的实例都是按量计费的,随时创建,随时销毁,阿里云会定期从你账户里扣钱,但是我个人建议你充200元可能更适合做实验,因为数据库一个小时几块钱就扣没了,第二次创建实例的时候就不足100了,就无法创建某些实例了

    自己的域名和https证书

    现在的证书都是免费的啦,大家可以去申请 https://freessl.org/ 去申请一个通配符证书。

    我们需要两个通配符证书:

    1. *.example.com
    2. *.pages.example.com (用于gitlab的pages)

    将证书上传到阿里云的SLB服务
    证书命名为:

    1. example.com
    2. pages.example.com

    以上example.com部分修改成您自己的域名

    创建证书 证书配置

    环境要求

    在本地执行命令部署

    • go
    • git

    使用docker进行部署

    • docker

    准备工作

    clone 资源编排配置

    git clone https://github.com/flow-compose/devops
    cd /devops
    

    我们假设这个库clone到了 /devops 目录

    编写 /devops/env-flow.json 配置

    这个配置文件里存储了在系统初始化时所需要的密码及关键配置信息,大家需要妥善保存, 以下配置中,我使用的是 pwgen -Bsv1 16 这个命令生成密码的。同时,请各位修改对应的配置,如域名信息。

    {
        "ENV_DOMAIN": "example.com",
        "ENV_DC_DOMAIN": "dc=example,dc=com",
        "ENV_DC_ORGANISATION": "Example",
        "ENV_ALIYUN_ACCESS_KEY_ID":"your-aliyun-access-key-id",
        "ENV_ALIYUN_ACCESS_KEY_SECRET":"your-aliyun-accesskey-sec",
        "ENV_ALIYUN_REGION": "cn-beijing",
        "ENV_ALIYUN_OSS_BUCKET_SERVICE_CLUSTER":"gogap-flow-test-cluster",
        "ENV_ALIYUN_RDS_DB_GITLAB_USER_ROOT": "superuser",
        "ENV_ALIYUN_RDS_DB_GITLAB_PASSWORD_ROOT": "z4nRndxnkJmdNqPN",
        "ENV_GITLAB_PAGES_DOMAIN":"pages.example.com",
        "ENV_GITLAB_DB_PASS":"cMrbHK9mWV4TTp3h",
        "ENV_GITLAB_ROOT_PASSWORD":"5iveL!fe",
        "ENV_GITLAB_SECRETS_DB_KEY_BASE":"NLcRngVfLtVbMCfqpMgwhTpzdk7xsb7pjmrMnkFvWbXVc3dMTc33XttjTCnCjCJN",
        "ENV_GITLAB_SECRETS_SECRET_KEY_BASE":"sH9gtMvXqWzMsWTLz7TcjpjRqx4ckmv3LL3dqCmv9jsfwfqRCPKbnmPJww7CMqTw",
        "ENV_GITLAB_SECRETS_OTP_KEY_BASE":"MMPLpcR9rjxkj4d3WgjRMkXmsC4tvzPhXfwbq77wNKRKvd3PgPHrHJqCkjrVtt9f",
        "ENV_GITLAB_SHARED_RUNNERS_REGISTRATION_TOKEN": "bbWVngKb9JRdTHNW",
        "ENV_LDAP_ADMIN_PASSWORD":"cmjbC3vkCbK9fKpd",
        "ENV_LDAP_CONFIG_PASSWORD":"Khnnkr4LTtcVhnVR",
        "ENV_REDMINE_SECRET_TOKEN": "bMPMCXwVns4k7qpKFTkj9xRxsCCnHcJTHNtRPdTJKjbtzWJK7bzJVTnC4LM799hL",
        "ENV_REDMINE_DB_PASS":"fKHWHX9zdHKCKPPc",
        "ENV_GRAYLOG_PASSWORD_SECRET": "7CpJnRpWjJVLrj7rCWrR3zFJVkjRszg4fTTPRwtWWdnTmLdKdLvLrL7gtccmKCkc",
        "ENV_GRAYLOG_ROOT_PASSWORD_SHA2":"8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918",
        "ENV_CS_CLUSTER_SERVICES_ROOT_PWD": "xfpbnXJMrbdTm4kF",
        "ENV_OPENLDAP_READONLY_PWD":"bscWdc9m7L7mwdHq"
    }
    

    由于 阿里云的oss bucket名称是全局唯一的,所以 ENV_ALIYUN_OSS_BUCKET_SERVICE_CLUSTER 配置大家记得修改成自己的配置,指定自己的bucket名称

    部署编排

    本地环境

    安装 go-flow

    go get -u -v github.com/gogap/go-flow
    
    cd  /devops
    go-flow -v run --config flow.conf create all \
    --config cs:./cs/cluster/services.conf \
    --config cs-projects-base:./cs/cluster/services/projects-base.conf \
    --config cs-projects-others:./cs/cluster/services/projects-others.conf \
    --config cs-gitlab-check:./cs/cluster/services/gitlab-ready-check.conf \
    --config rds:./rds/rds.conf \
    --config oss:./oss/oss.conf \
    --config slb:./slb/slb.conf \
    --config dns:./dns/dns.conf \
    --config vpc:./vpc/all.conf \
    --config init-rds:./rds/gitlab-init.conf \
    --config check:./rds/gitlab-check.conf \
    --env-file /devops/env-flow.json \
    --ctx code:gogap \
    --print-env \
    --print-output
    

    Docker环境

    cd  /devops
    docker run --rm -it -v ${PWD}:/devops \
    -v ${HOME}/aliyun_secret/env-flow.json:/devops/env-flow.json \
    -w /devops idocking/go-flow:latest go-flow -v run --config flow.conf create all \
    --config cs:./cs/cluster/services.conf \
    --config cs-projects-base:./cs/cluster/services/projects-base.conf \
    --config cs-projects-others:./cs/cluster/services/projects-others.conf \
    --config cs-gitlab-check:./cs/cluster/services/gitlab-ready-check.conf \
    --config rds:./rds/rds.conf \
    --config oss:./oss/oss.conf \
    --config slb:./slb/slb.conf \
    --config dns:./dns/dns.conf \
    --config vpc:./vpc/all.conf \
    --config init-rds:./rds/gitlab-init.conf \
    --config check:./rds/gitlab-check.conf \
    --env-file /devops/env-flow.json \
    --ctx code:gogap \
    --print-env \
    --print-output
    

    重要说明

    大家看到这里有一个参数叫 --ctx code:gogap, 这个就像行动代号一样,对要创建的资源进行打标签处理,某些阿里云资源不只支持打标签,那么会在资源的描述里追加这个代号,这样,我们后续在释放资源的时候,就可以只释放本代号下的资源。

    • 如果执行到某个环节执行不下去了,则可以再次运行上面的命令
    • 如果大家有需要跳过某一个步骤,则可以加入参数
    --skip init-gitlab-db #后面是任务的id,大家可以详细看 flow.conf 这个文件
    
    日志中的错误信息 说明
    Tcp address check failure 说明正在等待数据库的公网地址可用, 如果等待很久还不行,请断开wifi重新连一下试试,一般是DNS未生效导致
    Checking http content failure 正在等待gitlab的api服务正常工作

    输出

    github.com/flow-contrib/aliyun (download)
    github.com/aliyun/alibaba-cloud-sdk-go (download)
    github.com/aliyun/aliyun-oss-go-sdk (download)
    github.com/chr4/pwgen (download)
    github.com/denverdino/aliyungo (download)
    github.com/gogap/config (download)
    github.com/go-akka/configuration (download)
    github.com/gogap/context (download)
    github.com/gogap/flow (download)
    github.com/sirupsen/logrus (download)
    Fetching https://golang.org/x/crypto/ssh/terminal?go-get=1
    Parsing meta tags from https://golang.org/x/crypto/ssh/terminal?go-get=1 (status code 200)
    get "golang.org/x/crypto/ssh/terminal": found meta tag get.metaImport{Prefix:"golang.org/x/crypto", VCS:"git", RepoRoot:"https://go.googlesource.com/crypto"} at https://golang.org/x/crypto/ssh/terminal?go-get=1
    get "golang.org/x/crypto/ssh/terminal": verifying non-authoritative meta tag
    Fetching https://golang.org/x/crypto?go-get=1
    Parsing meta tags from https://golang.org/x/crypto?go-get=1 (status code 200)
    golang.org/x/crypto (download)
    Fetching https://golang.org/x/sys/unix?go-get=1
    Parsing meta tags from https://golang.org/x/sys/unix?go-get=1 (status code 200)
    get "golang.org/x/sys/unix": found meta tag get.metaImport{Prefix:"golang.org/x/sys", VCS:"git", RepoRoot:"https://go.googlesource.com/sys"} at https://golang.org/x/sys/unix?go-get=1
    get "golang.org/x/sys/unix": verifying non-authoritative meta tag
    Fetching https://golang.org/x/sys?go-get=1
    Parsing meta tags from https://golang.org/x/sys?go-get=1 (status code 200)
    golang.org/x/sys (download)
    github.com/howeyc/gopass (download)
    github.com/flow-contrib/toolkit (download)
    github.com/elgs/gosqljson (download)
    github.com/gogap/logrus_mate (download)
    github.com/orcaman/concurrent-map (download)
    github.com/lib/pq (download)
    github.com/urfave/cli (download)
    INFO[0005] VPC created                                   CODE=gogap ECS-VPC-ID=vpc-2ze6in20gqhsdkd5vprz9 ECS-VPC-NAME=rd ECS-VPC-REGION=cn-beijing
    INFO[0005] Wait for all VPC available                    CODE=gogap
    INFO[0010] Found vswitch @ vpc-2ze6in20gqhsdkd5vprz9     CODE=gogap VPCID=vpc-2ze6in20gqhsdkd5vprz9 VSWITCH=development
    INFO[0011] VSwitch created                               CODE=gogap ECS-VSWITCH-ID=vsw-2zehptsiup8wrnl370adm ECS-VSWITCH-NAME=development
    INFO[0013] bucket created                                bucket=gogap-flow-test-cluster code=gogap
    INFO[0017] Db instance created                           CODE=gogap RDS-CONN-STR=rm-2zet3n99876t13t90.pg.rds.aliyuncs.com RDS-DBINSTANCE-ID=rm-2zet3n99876t13t90 RDS-ENGINE="PostgreSQL 9.4" RDS-REGION=cn-beijing RDS-VSWITCH-ID=vsw-2zehptsiup8wrnl370adm
    INFO[0018] Waiting db instance                           CODE=gogap RDS-DBINSTANCE-ID=rm-2zet3n99876t13t90 RDS-DBINSTANCE-NAME=gitlab
    INFO[0238] Tcp address check failure                     ADDRESS="o-rm-2zet3n99876t13t90.pg.rds.aliyuncs.com:3432" CONTENT="dial tcp: lookup o-rm-2zet3n99876t13t90.pg.rds.aliyuncs.com on 10.0.2.3:53: no such host"
    INFO[0241] Tcp address check failure                     ADDRESS="o-rm-2zet3n99876t13t90.pg.rds.aliyuncs.com:3432" CONTENT="dial tcp: lookup o-rm-2zet3n99876t13t90.pg.rds.aliyuncs.com on 10.0.2.3:53: no such host"
    INFO[0244] Tcp address check failure                     ADDRESS="o-rm-2zet3n99876t13t90.pg.rds.aliyuncs.com:3432" CONTENT="dial tcp: lookup o-rm-2zet3n99876t13t90.pg.rds.aliyuncs.com on 10.0.2.3:53: no such host"
    INFO[0826] Tcp address check failure                     ADDRESS="o-rm-2zet3n99876t13t90.pg.rds.aliyuncs.com:3432" CONTENT="dial tcp: lookup o-rm-2zet3n99876t13t90.pg.rds.aliyuncs.com on 10.0.2.3:53: no such host"
    INFO[0829] Tcp address check failure                     ADDRESS="o-rm-2zet3n99876t13t90.pg.rds.aliyuncs.com:3432" CONTENT="dial tcp: lookup o-rm-2zet3n99876t13t90.pg.rds.aliyuncs.com on 10.0.2.3:53: no such host"
    INFO[0832] Tcp address check failure                     ADDRESS="o-rm-2zet3n99876t13t90.pg.rds.aliyuncs.com:3432" CONTENT="dial tcp: lookup o-rm-2zet3n99876t13t90.pg.rds.aliyuncs.com on 10.0.2.3:53: no such host"
    INFO[0835] Tcp address check failure                     ADDRESS="o-rm-2zet3n99876t13t90.pg.rds.aliyuncs.com:3432" CONTENT="dial tcp: lookup o-rm-2zet3n99876t13t90.pg.rds.aliyuncs.com on 10.0.2.3:53: no such host"
    INFO[0838] Tcp address check success                     ADDRESS="o-rm-2zet3n99876t13t90.pg.rds.aliyuncs.com:3432"
    INFO[0845] Docker cluster created                        CODE=gogap DOCKER-CLUSTER-ID=c4e0d267dccc1412587e46a3f344eefaf DOCKER-CLUSTER-NAME=services
    INFO[0845] Waiting for cluster status to running         CODE=gogap DOCKER-CLUSTER-ID=c4e0d267dccc1412587e46a3f344eefaf DOCKER-CLUSTER-NAME=services
    INFO[1106] Cluster status is running                     CODE=gogap DOCKER-CLUSTER-ID=c4e0d267dccc1412587e46a3f344eefaf DOCKER-CLUSTER-NAME=services
    INFO[1110] SLB banlancer created                         CODE=gogap SLB-BANLANCER-ID=lb-2ze428df9b2tvf94qubvm SLB-BANLANCER-NAME=cs-services SLB-REGION=cn-beijing
    INFO[1111] SLB https listener created                    CODE=gogap SLB-BANLANCER-ID=lb-2ze428df9b2tvf94qubvm SLB-BANLANCER-LISTEN-PORT=443
    INFO[1112] Listener started                              CODE=gogap PORT=443 SLB-ID=lb-2ze428df9b2tvf94qubvm
    INFO[1113] SLB TCP listener created                      CODE=gogap SLB-BANLANCER-ID=lb-2ze428df9b2tvf94qubvm SLB-BANLANCER-LISTEN-PORT=10022
    INFO[1114] Listener started                              CODE=gogap PORT=10022 SLB-ID=lb-2ze428df9b2tvf94qubvm
    INFO[1114] SLB TCP listener created                      CODE=gogap SLB-BANLANCER-ID=lb-2ze428df9b2tvf94qubvm SLB-BANLANCER-LISTEN-PORT=20022
    INFO[1116] Listener started                              CODE=gogap PORT=20022 SLB-ID=lb-2ze428df9b2tvf94qubvm
    INFO[1129] SLB VGroup created                            CODE=gogap SLB-BANLANCER-ID=lb-2ze428df9b2tvf94qubvm SLB-BANLANCER-VGROUP-ID=rsp-2zecogwcw3vbh SLB-BANLANCER-VGROUP-NAME=vsrv-gitlab
    INFO[1130] SLB VGroup created                            CODE=gogap SLB-BANLANCER-ID=lb-2ze428df9b2tvf94qubvm SLB-BANLANCER-VGROUP-ID=rsp-2ze5ea0f8afke SLB-BANLANCER-VGROUP-NAME=vsrv-openldap
    INFO[1130] SLB VGroup created                            CODE=gogap SLB-BANLANCER-ID=lb-2ze428df9b2tvf94qubvm SLB-BANLANCER-VGROUP-ID=rsp-2zeqzo32nmlti SLB-BANLANCER-VGROUP-NAME=vsrv-gitlab-ssh
    INFO[1131] SLB VGroup created                            CODE=gogap SLB-BANLANCER-ID=lb-2ze428df9b2tvf94qubvm SLB-BANLANCER-VGROUP-ID=rsp-2ze7dlxe4ntrt SLB-BANLANCER-VGROUP-NAME=vsrv-redmine
    INFO[1132] SLB VGroup created                            CODE=gogap SLB-BANLANCER-ID=lb-2ze428df9b2tvf94qubvm SLB-BANLANCER-VGROUP-ID=rsp-2ze1x4i3z955b SLB-BANLANCER-VGROUP-NAME=vsrv-graylog
    INFO[1134] SLB listener rules created                    CODE=gogap SLB-BANLANCER-ID=lb-2ze428df9b2tvf94qubvm SLB-BANLANCER-LISTENER-PORT=443
    INFO[1135] Domain record created                         DOMAIN=example.com RR=git TYPE=A VALUE=47.93.70.43
    INFO[1135] Domain record created                         DOMAIN=example.com RR=graylog TYPE=A VALUE=47.93.70.43
    INFO[1135] Domain record created                         DOMAIN=example.com RR=redmine TYPE=A VALUE=47.93.70.43
    INFO[1136] Domain record created                         DOMAIN=example.com RR=ldap TYPE=A VALUE=47.93.70.43
    INFO[1171] Docker cluster project created                CODE=gogap DOCKER-CLUSTER-ID=c4e0d267dccc1412587e46a3f344eefaf DOCKER-CLUSTER-NAME=services DOCKER-PROJECT-NAME=openldap
    INFO[1312] Docker cluster project created                CODE=gogap DOCKER-CLUSTER-ID=c4e0d267dccc1412587e46a3f344eefaf DOCKER-CLUSTER-NAME=services DOCKER-PROJECT-NAME=phpldapadmin
    INFO[1312] Docker cluster project created                CODE=gogap DOCKER-CLUSTER-ID=c4e0d267dccc1412587e46a3f344eefaf DOCKER-CLUSTER-NAME=services DOCKER-PROJECT-NAME=gitlab
    INFO[1312] Docker cluster project created                CODE=gogap DOCKER-CLUSTER-ID=c4e0d267dccc1412587e46a3f344eefaf DOCKER-CLUSTER-NAME=services DOCKER-PROJECT-NAME=redmine
    INFO[1313] Docker cluster project created                CODE=gogap DOCKER-CLUSTER-ID=c4e0d267dccc1412587e46a3f344eefaf DOCKER-CLUSTER-NAME=services DOCKER-PROJECT-NAME=ubuntu-services-agent
    INFO[1313] Docker cluster project created                CODE=gogap DOCKER-CLUSTER-ID=c4e0d267dccc1412587e46a3f344eefaf DOCKER-CLUSTER-NAME=services DOCKER-PROJECT-NAME=graylog
    INFO[1313] Docker cluster project created                CODE=gogap DOCKER-CLUSTER-ID=c4e0d267dccc1412587e46a3f344eefaf DOCKER-CLUSTER-NAME=services DOCKER-PROJECT-NAME=redis
    INFO[1489] Checking http content failure                 method=GET url="https://git.example.com/api/v4/version"
    INFO[1492] Checking http content failure                 method=GET url="https://git.example.com/api/v4/version"
    INFO[1495] Checking http content failure                 method=GET url="https://git.example.com/api/v4/version"
    INFO[1498] Checking http content failure                 method=GET url="https://git.example.com/api/v4/version"
    INFO[1501] Checking http content failure                 method=GET url="https://git.example.com/api/v4/version"
    INFO[1504] Checking http content failure                 method=GET url="https://git.example.com/api/v4/version"
    INFO[1507] Checking http content success                 method=GET url="https://git.example.com/api/v4/version"
    INFO[1512] Docker cluster project created                CODE=gogap DOCKER-CLUSTER-ID=c4e0d267dccc1412587e46a3f344eefaf DOCKER-CLUSTER-NAME=services DOCKER-PROJECT-NAME=gitlab-runner
    {
        "environment": {
            "ENV_ALIYUN_RDS_DB_GITLAB_PRIVATE_HOST": "rm-2zet3n99876t13t90.pg.rds.aliyuncs.com",
            "ENV_ALIYUN_RDS_DB_GITLAB_PRIVATE_PORT": "3433",
            "ENV_ALIYUN_RDS_DB_GITLAB_PUBLIC_HOST": "o-rm-2zet3n99876t13t90.pg.rds.aliyuncs.com",
            "ENV_ALIYUN_RDS_DB_GITLAB_PUBLIC_PORT": "3432",
            "ENV_ALIYUN_SLB_CS_SERVICES_ADDRESS": "47.93.70.43"
        },
        "output": [
            {
                "name": "ALIYUN_RDS_INSTANCES_NET_INFO",
                "value": [
                    {
                        "InstanceId": "rm-2zet3n99876t13t90",
                        "InstanceName": "gitlab",
                        "NetInfo": [
                            {
                                "Upgradeable": "Disabled",
                                "ExpiredTime": "",
                                "ConnectionString": "o-rm-2zet3n99876t13t90.pg.rds.aliyuncs.com",
                                "IPAddress": "39.107.220.141",
                                "IPType": "Public",
                                "Port": "3432",
                                "VPCId": "",
                                "VSwitchId": "",
                                "ConnectionStringType": "Normal",
                                "MaxDelayTime": "",
                                "DistributionType": "",
                                "SecurityIPGroups": {
                                    "securityIPGroup": []
                                },
                                "DBInstanceWeights": {
                                    "DBInstanceWeight": []
                                }
                            },
                            {
                                "Upgradeable": "Disabled",
                                "ExpiredTime": "",
                                "ConnectionString": "rm-2zet3n99876t13t90.pg.rds.aliyuncs.com",
                                "IPAddress": "192.168.0.209",
                                "IPType": "Private",
                                "Port": "3433",
                                "VPCId": "vpc-2ze6in20gqhsdkd5vprz9",
                                "VSwitchId": "vsw-2zehptsiup8wrnl370adm",
                                "ConnectionStringType": "Normal",
                                "MaxDelayTime": "",
                                "DistributionType": "",
                                "SecurityIPGroups": {
                                    "securityIPGroup": []
                                },
                                "DBInstanceWeights": {
                                    "DBInstanceWeight": []
                                }
                            },
                            {
                                "Upgradeable": "Disabled",
                                "ExpiredTime": "",
                                "ConnectionString": "o-rm-2zet3n99876t13t90.pg.rds.aliyuncs.com",
                                "IPAddress": "39.107.220.141",
                                "IPType": "Public",
                                "Port": "3432",
                                "VPCId": "",
                                "VSwitchId": "",
                                "ConnectionStringType": "Normal",
                                "MaxDelayTime": "",
                                "DistributionType": "",
                                "SecurityIPGroups": {
                                    "securityIPGroup": []
                                },
                                "DBInstanceWeights": {
                                    "DBInstanceWeight": []
                                }
                            }
                        ],
                        "Tags": {
                            "code": "gogap",
                            "creator": "go-flow",
                            "name": "gitlab"
                        }
                    }
                ],
                "tags": [
                    "gitlab",
                    "aliyun",
                    "rds",
                    "gogap"
                ]
            },
            {
                "name": "ALIYUN_SLB_BALANCERS",
                "value": {
                    "cs-services": {
                        "Count": 0,
                        "SlaveZoneId": "cn-beijing-d",
                        "LoadBalancerStatus": "active",
                        "VSwitchId": "",
                        "MasterZoneId": "cn-beijing-a",
                        "PayType": "PayOnDemand",
                        "RegionIdAlias": "cn-beijing",
                        "CreateTime": "2018-05-15T11:21Z",
                        "Address": "47.93.70.43",
                        "LoadBalancerId": "lb-2ze428df9b2tvf94qubvm",
                        "CreateTimeStamp": 1526354499000,
                        "RegionId": "cn-beijing",
                        "ResourceGroupId": "rg-acfm33imohspb2y",
                        "LoadBalancerName": "cs-services",
                        "InternetChargeType": "4",
                        "AddressType": "internet",
                        "VpcId": "",
                        "NetworkType": "classic",
                        "BackendServers": {
                            "BackendServer": null
                        },
                        "VServerGroups": {
                            "VServerGroup": null
                        },
                        "MasterSlaveVServerGroups": {
                            "MasterSlaveVServerGroup": null
                        },
                        "AutoReleaseTime": 0,
                        "Bandwidth": 0,
                        "LoadBalancerSpec": "",
                        "EndTime": "",
                        "EndTimeStamp": 0,
                        "ListenerPorts": {
                            "ListenerPort": null
                        },
                        "ListenerPortsAndProtocol": {
                            "ListenerPortAndProtocol": null
                        }
                    }
                },
                "tags": [
                    "aliyun",
                    "slb",
                    "balancer"
                ]
            }
        ]
    }
    

    此时此刻,说明我们的环境已经部署完毕,接下来,我们就可以看看有什么系统可以用了。

    使用新系统

    提示:后续有用到密码的,都在 /devops/env-flow.json 里找

    LDAP

    这个系统是账户登陆的入口,所以,务必先初始化这个系统,因为后续大家要登录gitlab,redmine等系统都是用的这个账号体系。

    打开 https://ldap.example.com 并点击左侧 login 按钮

    登录

    Login DN: cn=admin,dc=example,dc=com
    Password: cmjbC3vkCbK9fKpd (本文中的配置)

    登录成功后,就会看到

    主界面

    创建组织

    创建组织

    选择 Generic: Organisational Unit

    选择组织模板

    我创建一个叫 rd 的组织

    创建rd组织 提交创建

    最后commit即可

    创建用户

    点击刚才的组织 out=rd 然后点击 Create a child entry

    创建用户

    选择 default

    选择default模板

    选择 inetOrgPerson

    选择inetOrgPerson模板 对象设置 显示名和邮箱 密码 uid设置

    点创建后,会显示汇总信息

    用户信息汇总

    确认无误后点commit

    此时,左侧栏目中就会多一个用户

    大家可以使用 import 进行批量导入

    Gitlab

    地址:https://git.example.com

    使用刚才创建的用户尝试登录

    也可以使用Admin的账号
    用户名: root
    密码: 5iveL!fe

    如果能登录成功,则说明ldap和gitlab两个系统结合成功了

    Redmine

    地址:https://redmine.example.com

    账号: admin
    密码: admin

    配置LDAP

    管理->LDAP认证->新建认证模式

    新建认证模式
    字段
    名称 ldap
    主机 openldap
    端口 646(勾选后面的LDAPS)
    帐号 cn=readonly,dc=example,dc=com
    密码 bscWdc9m7L7mwdHq
    Base DN dc=example,dc=com
    LDAP 过滤器 (objectClass=inetOrgPerson)
    登录名属性 uid
    名字属性 givenname
    姓氏属性 sn
    邮件属性 mail

    最后点创建即可

    Graylog

    地址:https://graylog.example.com

    账号:admin
    密码:admin

    我们要手动配置一下LDAP

    然后选中左侧 LDAP/Active Directory

    设置LDAP服务器配置

    根据env的配置ENV_OPENLDAP_READONLY_PWD,我们得到
    LDAP服务的只读密码为:bscWdc9m7L7mwdHq

    测试连接

    用户映射配置

    用户登录测试

    确认无误后点 Save LDAP Setting, 然后我们就可以用ldap的账号登录Graylog了

    权限设置

    用户登录一次后,admin需要给用户分配一下权限(我们未使用graylog中的分组,如果使用分组,可以自动进行配置)

    如果这个用户需要看log信息,则需要配置一下 Streams Permissions

    当然,我们也可以修改用户的角色

    销毁资源

    嗯,环境搭建好了,我们开始销毁吧,就是这么任性!!!😏

    本地环境

    cd  /devops
    go-flow run --config flow.conf delete all \
    --config cs:./cs/cluster/services.conf \
    --config cs-projects:./cs/cluster/services/all-projects.conf \
    --config rds:./rds/rds.conf \
    --config oss:./oss/oss.conf \
    --config slb:./slb/slb.conf \
    --config dns:./dns/dns.conf \
    --config vpc:./vpc/all.conf \
    --env-file /devops/env-flow.json \
    --ctx code:gogap
    

    Docker环境

    cd  /devops
    docker run --rm -it -v ${PWD}:/devops \
    -v ${HOME}/aliyun_secret/env-flow.json:/devops/env-flow.json \
    -w /devops idocking/go-flow:latest go-flow run --config flow.conf delete all \
    --config cs:./cs/cluster/services.conf \
    --config cs-projects:./cs/cluster/services/all-projects.conf \
    --config rds:./rds/rds.conf \
    --config oss:./oss/oss.conf \
    --config slb:./slb/slb.conf \
    --config dns:./dns/dns.conf \
    --config vpc:./vpc/all.conf \
    --env-file /devops/env-flow.json \
    --ctx code:gogap
    

    如果有卡死现象或错误现象,反复执行命令即可

    输出

    INFO[0003] Docker cluster project deleted                CODE=gogap DOCKER-CLUSTER-ID=c4e0d267dccc1412587e46a3f344eefaf DOCKER-CLUSTER-NAME=services DOCKER-PROJECT-NAME=graylog
    INFO[0003] Docker cluster project deleted                CODE=gogap DOCKER-CLUSTER-ID=c4e0d267dccc1412587e46a3f344eefaf DOCKER-CLUSTER-NAME=services DOCKER-PROJECT-NAME=openldap
    INFO[0003] Docker cluster project deleted                CODE=gogap DOCKER-CLUSTER-ID=c4e0d267dccc1412587e46a3f344eefaf DOCKER-CLUSTER-NAME=services DOCKER-PROJECT-NAME=redis
    INFO[0003] Docker cluster project deleted                CODE=gogap DOCKER-CLUSTER-ID=c4e0d267dccc1412587e46a3f344eefaf DOCKER-CLUSTER-NAME=services DOCKER-PROJECT-NAME=redmine
    INFO[0003] Docker cluster project deleted                CODE=gogap DOCKER-CLUSTER-ID=c4e0d267dccc1412587e46a3f344eefaf DOCKER-CLUSTER-NAME=services DOCKER-PROJECT-NAME=gitlab
    INFO[0003] Docker cluster project deleted                CODE=gogap DOCKER-CLUSTER-ID=c4e0d267dccc1412587e46a3f344eefaf DOCKER-CLUSTER-NAME=services DOCKER-PROJECT-NAME=ubuntu-services-agent
    INFO[0003] Docker cluster project deleted                CODE=gogap DOCKER-CLUSTER-ID=c4e0d267dccc1412587e46a3f344eefaf DOCKER-CLUSTER-NAME=services DOCKER-PROJECT-NAME=gitlab-runner
    INFO[0003] Docker cluster project deleted                CODE=gogap DOCKER-CLUSTER-ID=c4e0d267dccc1412587e46a3f344eefaf DOCKER-CLUSTER-NAME=services DOCKER-PROJECT-NAME=phpldapadmin
    INFO[0004] Docker cluster deleted                        CODE=gogap DOCKER-CLUSTER-ID=c4e0d267dccc1412587e46a3f344eefaf DOCKER-CLUSTER-NAME=services
    INFO[0004] Waiting for cluster status to deleted         CODE=gogap DOCKER-CLUSTER-ID=c4e0d267dccc1412587e46a3f344eefaf DOCKER-CLUSTER-NAME=services
    INFO[0247] Db instance deleted                           CODE=gogap RDS-DBINSTANCE-ID=rm-2zet3n99876t13t90
    INFO[0248] bucket deleted                                bucket=gogap-flow-test-cluster code=gogap
    INFO[0248] SLB banlancer deleted                         CODE=gogap SLB-BANLANCER-ID=lb-2ze428df9b2tvf94qubvm
    INFO[0253] VSwitch deleted                               CODE=gogap ECS-VSWITCH-ID=vsw-2zehptsiup8wrnl370adm
    INFO[0253] VPC found at aliyun                           CODE=gogap NAME=rd VPCID=vpc-2ze6in20gqhsdkd5vprz9
    INFO[0254] VPC deleted                                   CODE=gogap ECS-VPC-ID=vpc-2ze6in20gqhsdkd5vprz9
    

    欢迎加入我的QQ群进行更深入的交流:780798965

    相关文章

      网友评论

      本文标题:为研发人员创造一个高效的研发环境(二)- 实战环境搭建

      本文链接:https://www.haomeiwen.com/subject/cqyedftx.html