前置条件
阿里云账号
注册: https://www.aliyun.com/
获取一个主AccessKey
进入AccessKey管理页面
创建AccessKey
大家可得把这个秘钥保存好了,这个是个大权限。。
大家需要确保阿里云账号余额大于100元,因为我们接下来创建的实例都是按量计费的,随时创建,随时销毁,阿里云会定期从你账户里扣钱,但是我个人建议你充200元可能更适合做实验,因为数据库一个小时几块钱就扣没了,第二次创建实例的时候就不足100了,就无法创建某些实例了
自己的域名和https证书
现在的证书都是免费的啦,大家可以去申请 https://freessl.org/ 去申请一个通配符证书。
我们需要两个通配符证书:
- *.example.com
- *.pages.example.com (用于gitlab的pages)
将证书上传到阿里云的SLB服务
证书命名为:
- example.com
- pages.example.com
以上
example.com部分修改成您自己的域名
创建证书
证书配置
环境要求
在本地执行命令部署
- go
- git
使用docker进行部署
- docker
准备工作
clone 资源编排配置
git clone https://github.com/flow-compose/devops
cd /devops
我们假设这个库clone到了 /devops 目录
编写 /devops/env-flow.json 配置
这个配置文件里存储了在系统初始化时所需要的密码及关键配置信息,大家需要妥善保存, 以下配置中,我使用的是 pwgen -Bsv1 16 这个命令生成密码的。同时,请各位修改对应的配置,如域名信息。
{
"ENV_DOMAIN": "example.com",
"ENV_DC_DOMAIN": "dc=example,dc=com",
"ENV_DC_ORGANISATION": "Example",
"ENV_ALIYUN_ACCESS_KEY_ID":"your-aliyun-access-key-id",
"ENV_ALIYUN_ACCESS_KEY_SECRET":"your-aliyun-accesskey-sec",
"ENV_ALIYUN_REGION": "cn-beijing",
"ENV_ALIYUN_OSS_BUCKET_SERVICE_CLUSTER":"gogap-flow-test-cluster",
"ENV_ALIYUN_RDS_DB_GITLAB_USER_ROOT": "superuser",
"ENV_ALIYUN_RDS_DB_GITLAB_PASSWORD_ROOT": "z4nRndxnkJmdNqPN",
"ENV_GITLAB_PAGES_DOMAIN":"pages.example.com",
"ENV_GITLAB_DB_PASS":"cMrbHK9mWV4TTp3h",
"ENV_GITLAB_ROOT_PASSWORD":"5iveL!fe",
"ENV_GITLAB_SECRETS_DB_KEY_BASE":"NLcRngVfLtVbMCfqpMgwhTpzdk7xsb7pjmrMnkFvWbXVc3dMTc33XttjTCnCjCJN",
"ENV_GITLAB_SECRETS_SECRET_KEY_BASE":"sH9gtMvXqWzMsWTLz7TcjpjRqx4ckmv3LL3dqCmv9jsfwfqRCPKbnmPJww7CMqTw",
"ENV_GITLAB_SECRETS_OTP_KEY_BASE":"MMPLpcR9rjxkj4d3WgjRMkXmsC4tvzPhXfwbq77wNKRKvd3PgPHrHJqCkjrVtt9f",
"ENV_GITLAB_SHARED_RUNNERS_REGISTRATION_TOKEN": "bbWVngKb9JRdTHNW",
"ENV_LDAP_ADMIN_PASSWORD":"cmjbC3vkCbK9fKpd",
"ENV_LDAP_CONFIG_PASSWORD":"Khnnkr4LTtcVhnVR",
"ENV_REDMINE_SECRET_TOKEN": "bMPMCXwVns4k7qpKFTkj9xRxsCCnHcJTHNtRPdTJKjbtzWJK7bzJVTnC4LM799hL",
"ENV_REDMINE_DB_PASS":"fKHWHX9zdHKCKPPc",
"ENV_GRAYLOG_PASSWORD_SECRET": "7CpJnRpWjJVLrj7rCWrR3zFJVkjRszg4fTTPRwtWWdnTmLdKdLvLrL7gtccmKCkc",
"ENV_GRAYLOG_ROOT_PASSWORD_SHA2":"8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918",
"ENV_CS_CLUSTER_SERVICES_ROOT_PWD": "xfpbnXJMrbdTm4kF",
"ENV_OPENLDAP_READONLY_PWD":"bscWdc9m7L7mwdHq"
}
由于 阿里云的oss bucket名称是全局唯一的,所以 ENV_ALIYUN_OSS_BUCKET_SERVICE_CLUSTER 配置大家记得修改成自己的配置,指定自己的bucket名称
部署编排
本地环境
安装 go-flow
go get -u -v github.com/gogap/go-flow
cd /devops
go-flow -v run --config flow.conf create all \
--config cs:./cs/cluster/services.conf \
--config cs-projects-base:./cs/cluster/services/projects-base.conf \
--config cs-projects-others:./cs/cluster/services/projects-others.conf \
--config cs-gitlab-check:./cs/cluster/services/gitlab-ready-check.conf \
--config rds:./rds/rds.conf \
--config oss:./oss/oss.conf \
--config slb:./slb/slb.conf \
--config dns:./dns/dns.conf \
--config vpc:./vpc/all.conf \
--config init-rds:./rds/gitlab-init.conf \
--config check:./rds/gitlab-check.conf \
--env-file /devops/env-flow.json \
--ctx code:gogap \
--print-env \
--print-output
Docker环境
cd /devops
docker run --rm -it -v ${PWD}:/devops \
-v ${HOME}/aliyun_secret/env-flow.json:/devops/env-flow.json \
-w /devops idocking/go-flow:latest go-flow -v run --config flow.conf create all \
--config cs:./cs/cluster/services.conf \
--config cs-projects-base:./cs/cluster/services/projects-base.conf \
--config cs-projects-others:./cs/cluster/services/projects-others.conf \
--config cs-gitlab-check:./cs/cluster/services/gitlab-ready-check.conf \
--config rds:./rds/rds.conf \
--config oss:./oss/oss.conf \
--config slb:./slb/slb.conf \
--config dns:./dns/dns.conf \
--config vpc:./vpc/all.conf \
--config init-rds:./rds/gitlab-init.conf \
--config check:./rds/gitlab-check.conf \
--env-file /devops/env-flow.json \
--ctx code:gogap \
--print-env \
--print-output
重要说明
大家看到这里有一个参数叫 --ctx code:gogap, 这个就像行动代号一样,对要创建的资源进行打标签处理,某些阿里云资源不只支持打标签,那么会在资源的描述里追加这个代号,这样,我们后续在释放资源的时候,就可以只释放本代号下的资源。
- 如果执行到某个环节执行不下去了,则可以再次运行上面的命令
- 如果大家有需要跳过某一个步骤,则可以加入参数
--skip init-gitlab-db #后面是任务的id,大家可以详细看 flow.conf 这个文件
| 日志中的错误信息 | 说明 |
|---|---|
| Tcp address check failure | 说明正在等待数据库的公网地址可用, 如果等待很久还不行,请断开wifi重新连一下试试,一般是DNS未生效导致 |
| Checking http content failure | 正在等待gitlab的api服务正常工作 |
输出
github.com/flow-contrib/aliyun (download)
github.com/aliyun/alibaba-cloud-sdk-go (download)
github.com/aliyun/aliyun-oss-go-sdk (download)
github.com/chr4/pwgen (download)
github.com/denverdino/aliyungo (download)
github.com/gogap/config (download)
github.com/go-akka/configuration (download)
github.com/gogap/context (download)
github.com/gogap/flow (download)
github.com/sirupsen/logrus (download)
Fetching https://golang.org/x/crypto/ssh/terminal?go-get=1
Parsing meta tags from https://golang.org/x/crypto/ssh/terminal?go-get=1 (status code 200)
get "golang.org/x/crypto/ssh/terminal": found meta tag get.metaImport{Prefix:"golang.org/x/crypto", VCS:"git", RepoRoot:"https://go.googlesource.com/crypto"} at https://golang.org/x/crypto/ssh/terminal?go-get=1
get "golang.org/x/crypto/ssh/terminal": verifying non-authoritative meta tag
Fetching https://golang.org/x/crypto?go-get=1
Parsing meta tags from https://golang.org/x/crypto?go-get=1 (status code 200)
golang.org/x/crypto (download)
Fetching https://golang.org/x/sys/unix?go-get=1
Parsing meta tags from https://golang.org/x/sys/unix?go-get=1 (status code 200)
get "golang.org/x/sys/unix": found meta tag get.metaImport{Prefix:"golang.org/x/sys", VCS:"git", RepoRoot:"https://go.googlesource.com/sys"} at https://golang.org/x/sys/unix?go-get=1
get "golang.org/x/sys/unix": verifying non-authoritative meta tag
Fetching https://golang.org/x/sys?go-get=1
Parsing meta tags from https://golang.org/x/sys?go-get=1 (status code 200)
golang.org/x/sys (download)
github.com/howeyc/gopass (download)
github.com/flow-contrib/toolkit (download)
github.com/elgs/gosqljson (download)
github.com/gogap/logrus_mate (download)
github.com/orcaman/concurrent-map (download)
github.com/lib/pq (download)
github.com/urfave/cli (download)
INFO[0005] VPC created CODE=gogap ECS-VPC-ID=vpc-2ze6in20gqhsdkd5vprz9 ECS-VPC-NAME=rd ECS-VPC-REGION=cn-beijing
INFO[0005] Wait for all VPC available CODE=gogap
INFO[0010] Found vswitch @ vpc-2ze6in20gqhsdkd5vprz9 CODE=gogap VPCID=vpc-2ze6in20gqhsdkd5vprz9 VSWITCH=development
INFO[0011] VSwitch created CODE=gogap ECS-VSWITCH-ID=vsw-2zehptsiup8wrnl370adm ECS-VSWITCH-NAME=development
INFO[0013] bucket created bucket=gogap-flow-test-cluster code=gogap
INFO[0017] Db instance created CODE=gogap RDS-CONN-STR=rm-2zet3n99876t13t90.pg.rds.aliyuncs.com RDS-DBINSTANCE-ID=rm-2zet3n99876t13t90 RDS-ENGINE="PostgreSQL 9.4" RDS-REGION=cn-beijing RDS-VSWITCH-ID=vsw-2zehptsiup8wrnl370adm
INFO[0018] Waiting db instance CODE=gogap RDS-DBINSTANCE-ID=rm-2zet3n99876t13t90 RDS-DBINSTANCE-NAME=gitlab
INFO[0238] Tcp address check failure ADDRESS="o-rm-2zet3n99876t13t90.pg.rds.aliyuncs.com:3432" CONTENT="dial tcp: lookup o-rm-2zet3n99876t13t90.pg.rds.aliyuncs.com on 10.0.2.3:53: no such host"
INFO[0241] Tcp address check failure ADDRESS="o-rm-2zet3n99876t13t90.pg.rds.aliyuncs.com:3432" CONTENT="dial tcp: lookup o-rm-2zet3n99876t13t90.pg.rds.aliyuncs.com on 10.0.2.3:53: no such host"
INFO[0244] Tcp address check failure ADDRESS="o-rm-2zet3n99876t13t90.pg.rds.aliyuncs.com:3432" CONTENT="dial tcp: lookup o-rm-2zet3n99876t13t90.pg.rds.aliyuncs.com on 10.0.2.3:53: no such host"
INFO[0826] Tcp address check failure ADDRESS="o-rm-2zet3n99876t13t90.pg.rds.aliyuncs.com:3432" CONTENT="dial tcp: lookup o-rm-2zet3n99876t13t90.pg.rds.aliyuncs.com on 10.0.2.3:53: no such host"
INFO[0829] Tcp address check failure ADDRESS="o-rm-2zet3n99876t13t90.pg.rds.aliyuncs.com:3432" CONTENT="dial tcp: lookup o-rm-2zet3n99876t13t90.pg.rds.aliyuncs.com on 10.0.2.3:53: no such host"
INFO[0832] Tcp address check failure ADDRESS="o-rm-2zet3n99876t13t90.pg.rds.aliyuncs.com:3432" CONTENT="dial tcp: lookup o-rm-2zet3n99876t13t90.pg.rds.aliyuncs.com on 10.0.2.3:53: no such host"
INFO[0835] Tcp address check failure ADDRESS="o-rm-2zet3n99876t13t90.pg.rds.aliyuncs.com:3432" CONTENT="dial tcp: lookup o-rm-2zet3n99876t13t90.pg.rds.aliyuncs.com on 10.0.2.3:53: no such host"
INFO[0838] Tcp address check success ADDRESS="o-rm-2zet3n99876t13t90.pg.rds.aliyuncs.com:3432"
INFO[0845] Docker cluster created CODE=gogap DOCKER-CLUSTER-ID=c4e0d267dccc1412587e46a3f344eefaf DOCKER-CLUSTER-NAME=services
INFO[0845] Waiting for cluster status to running CODE=gogap DOCKER-CLUSTER-ID=c4e0d267dccc1412587e46a3f344eefaf DOCKER-CLUSTER-NAME=services
INFO[1106] Cluster status is running CODE=gogap DOCKER-CLUSTER-ID=c4e0d267dccc1412587e46a3f344eefaf DOCKER-CLUSTER-NAME=services
INFO[1110] SLB banlancer created CODE=gogap SLB-BANLANCER-ID=lb-2ze428df9b2tvf94qubvm SLB-BANLANCER-NAME=cs-services SLB-REGION=cn-beijing
INFO[1111] SLB https listener created CODE=gogap SLB-BANLANCER-ID=lb-2ze428df9b2tvf94qubvm SLB-BANLANCER-LISTEN-PORT=443
INFO[1112] Listener started CODE=gogap PORT=443 SLB-ID=lb-2ze428df9b2tvf94qubvm
INFO[1113] SLB TCP listener created CODE=gogap SLB-BANLANCER-ID=lb-2ze428df9b2tvf94qubvm SLB-BANLANCER-LISTEN-PORT=10022
INFO[1114] Listener started CODE=gogap PORT=10022 SLB-ID=lb-2ze428df9b2tvf94qubvm
INFO[1114] SLB TCP listener created CODE=gogap SLB-BANLANCER-ID=lb-2ze428df9b2tvf94qubvm SLB-BANLANCER-LISTEN-PORT=20022
INFO[1116] Listener started CODE=gogap PORT=20022 SLB-ID=lb-2ze428df9b2tvf94qubvm
INFO[1129] SLB VGroup created CODE=gogap SLB-BANLANCER-ID=lb-2ze428df9b2tvf94qubvm SLB-BANLANCER-VGROUP-ID=rsp-2zecogwcw3vbh SLB-BANLANCER-VGROUP-NAME=vsrv-gitlab
INFO[1130] SLB VGroup created CODE=gogap SLB-BANLANCER-ID=lb-2ze428df9b2tvf94qubvm SLB-BANLANCER-VGROUP-ID=rsp-2ze5ea0f8afke SLB-BANLANCER-VGROUP-NAME=vsrv-openldap
INFO[1130] SLB VGroup created CODE=gogap SLB-BANLANCER-ID=lb-2ze428df9b2tvf94qubvm SLB-BANLANCER-VGROUP-ID=rsp-2zeqzo32nmlti SLB-BANLANCER-VGROUP-NAME=vsrv-gitlab-ssh
INFO[1131] SLB VGroup created CODE=gogap SLB-BANLANCER-ID=lb-2ze428df9b2tvf94qubvm SLB-BANLANCER-VGROUP-ID=rsp-2ze7dlxe4ntrt SLB-BANLANCER-VGROUP-NAME=vsrv-redmine
INFO[1132] SLB VGroup created CODE=gogap SLB-BANLANCER-ID=lb-2ze428df9b2tvf94qubvm SLB-BANLANCER-VGROUP-ID=rsp-2ze1x4i3z955b SLB-BANLANCER-VGROUP-NAME=vsrv-graylog
INFO[1134] SLB listener rules created CODE=gogap SLB-BANLANCER-ID=lb-2ze428df9b2tvf94qubvm SLB-BANLANCER-LISTENER-PORT=443
INFO[1135] Domain record created DOMAIN=example.com RR=git TYPE=A VALUE=47.93.70.43
INFO[1135] Domain record created DOMAIN=example.com RR=graylog TYPE=A VALUE=47.93.70.43
INFO[1135] Domain record created DOMAIN=example.com RR=redmine TYPE=A VALUE=47.93.70.43
INFO[1136] Domain record created DOMAIN=example.com RR=ldap TYPE=A VALUE=47.93.70.43
INFO[1171] Docker cluster project created CODE=gogap DOCKER-CLUSTER-ID=c4e0d267dccc1412587e46a3f344eefaf DOCKER-CLUSTER-NAME=services DOCKER-PROJECT-NAME=openldap
INFO[1312] Docker cluster project created CODE=gogap DOCKER-CLUSTER-ID=c4e0d267dccc1412587e46a3f344eefaf DOCKER-CLUSTER-NAME=services DOCKER-PROJECT-NAME=phpldapadmin
INFO[1312] Docker cluster project created CODE=gogap DOCKER-CLUSTER-ID=c4e0d267dccc1412587e46a3f344eefaf DOCKER-CLUSTER-NAME=services DOCKER-PROJECT-NAME=gitlab
INFO[1312] Docker cluster project created CODE=gogap DOCKER-CLUSTER-ID=c4e0d267dccc1412587e46a3f344eefaf DOCKER-CLUSTER-NAME=services DOCKER-PROJECT-NAME=redmine
INFO[1313] Docker cluster project created CODE=gogap DOCKER-CLUSTER-ID=c4e0d267dccc1412587e46a3f344eefaf DOCKER-CLUSTER-NAME=services DOCKER-PROJECT-NAME=ubuntu-services-agent
INFO[1313] Docker cluster project created CODE=gogap DOCKER-CLUSTER-ID=c4e0d267dccc1412587e46a3f344eefaf DOCKER-CLUSTER-NAME=services DOCKER-PROJECT-NAME=graylog
INFO[1313] Docker cluster project created CODE=gogap DOCKER-CLUSTER-ID=c4e0d267dccc1412587e46a3f344eefaf DOCKER-CLUSTER-NAME=services DOCKER-PROJECT-NAME=redis
INFO[1489] Checking http content failure method=GET url="https://git.example.com/api/v4/version"
INFO[1492] Checking http content failure method=GET url="https://git.example.com/api/v4/version"
INFO[1495] Checking http content failure method=GET url="https://git.example.com/api/v4/version"
INFO[1498] Checking http content failure method=GET url="https://git.example.com/api/v4/version"
INFO[1501] Checking http content failure method=GET url="https://git.example.com/api/v4/version"
INFO[1504] Checking http content failure method=GET url="https://git.example.com/api/v4/version"
INFO[1507] Checking http content success method=GET url="https://git.example.com/api/v4/version"
INFO[1512] Docker cluster project created CODE=gogap DOCKER-CLUSTER-ID=c4e0d267dccc1412587e46a3f344eefaf DOCKER-CLUSTER-NAME=services DOCKER-PROJECT-NAME=gitlab-runner
{
"environment": {
"ENV_ALIYUN_RDS_DB_GITLAB_PRIVATE_HOST": "rm-2zet3n99876t13t90.pg.rds.aliyuncs.com",
"ENV_ALIYUN_RDS_DB_GITLAB_PRIVATE_PORT": "3433",
"ENV_ALIYUN_RDS_DB_GITLAB_PUBLIC_HOST": "o-rm-2zet3n99876t13t90.pg.rds.aliyuncs.com",
"ENV_ALIYUN_RDS_DB_GITLAB_PUBLIC_PORT": "3432",
"ENV_ALIYUN_SLB_CS_SERVICES_ADDRESS": "47.93.70.43"
},
"output": [
{
"name": "ALIYUN_RDS_INSTANCES_NET_INFO",
"value": [
{
"InstanceId": "rm-2zet3n99876t13t90",
"InstanceName": "gitlab",
"NetInfo": [
{
"Upgradeable": "Disabled",
"ExpiredTime": "",
"ConnectionString": "o-rm-2zet3n99876t13t90.pg.rds.aliyuncs.com",
"IPAddress": "39.107.220.141",
"IPType": "Public",
"Port": "3432",
"VPCId": "",
"VSwitchId": "",
"ConnectionStringType": "Normal",
"MaxDelayTime": "",
"DistributionType": "",
"SecurityIPGroups": {
"securityIPGroup": []
},
"DBInstanceWeights": {
"DBInstanceWeight": []
}
},
{
"Upgradeable": "Disabled",
"ExpiredTime": "",
"ConnectionString": "rm-2zet3n99876t13t90.pg.rds.aliyuncs.com",
"IPAddress": "192.168.0.209",
"IPType": "Private",
"Port": "3433",
"VPCId": "vpc-2ze6in20gqhsdkd5vprz9",
"VSwitchId": "vsw-2zehptsiup8wrnl370adm",
"ConnectionStringType": "Normal",
"MaxDelayTime": "",
"DistributionType": "",
"SecurityIPGroups": {
"securityIPGroup": []
},
"DBInstanceWeights": {
"DBInstanceWeight": []
}
},
{
"Upgradeable": "Disabled",
"ExpiredTime": "",
"ConnectionString": "o-rm-2zet3n99876t13t90.pg.rds.aliyuncs.com",
"IPAddress": "39.107.220.141",
"IPType": "Public",
"Port": "3432",
"VPCId": "",
"VSwitchId": "",
"ConnectionStringType": "Normal",
"MaxDelayTime": "",
"DistributionType": "",
"SecurityIPGroups": {
"securityIPGroup": []
},
"DBInstanceWeights": {
"DBInstanceWeight": []
}
}
],
"Tags": {
"code": "gogap",
"creator": "go-flow",
"name": "gitlab"
}
}
],
"tags": [
"gitlab",
"aliyun",
"rds",
"gogap"
]
},
{
"name": "ALIYUN_SLB_BALANCERS",
"value": {
"cs-services": {
"Count": 0,
"SlaveZoneId": "cn-beijing-d",
"LoadBalancerStatus": "active",
"VSwitchId": "",
"MasterZoneId": "cn-beijing-a",
"PayType": "PayOnDemand",
"RegionIdAlias": "cn-beijing",
"CreateTime": "2018-05-15T11:21Z",
"Address": "47.93.70.43",
"LoadBalancerId": "lb-2ze428df9b2tvf94qubvm",
"CreateTimeStamp": 1526354499000,
"RegionId": "cn-beijing",
"ResourceGroupId": "rg-acfm33imohspb2y",
"LoadBalancerName": "cs-services",
"InternetChargeType": "4",
"AddressType": "internet",
"VpcId": "",
"NetworkType": "classic",
"BackendServers": {
"BackendServer": null
},
"VServerGroups": {
"VServerGroup": null
},
"MasterSlaveVServerGroups": {
"MasterSlaveVServerGroup": null
},
"AutoReleaseTime": 0,
"Bandwidth": 0,
"LoadBalancerSpec": "",
"EndTime": "",
"EndTimeStamp": 0,
"ListenerPorts": {
"ListenerPort": null
},
"ListenerPortsAndProtocol": {
"ListenerPortAndProtocol": null
}
}
},
"tags": [
"aliyun",
"slb",
"balancer"
]
}
]
}
此时此刻,说明我们的环境已经部署完毕,接下来,我们就可以看看有什么系统可以用了。
使用新系统
提示:后续有用到密码的,都在 /devops/env-flow.json 里找
LDAP
这个系统是账户登陆的入口,所以,务必先初始化这个系统,因为后续大家要登录gitlab,redmine等系统都是用的这个账号体系。
打开 https://ldap.example.com 并点击左侧 login 按钮
登录
Login DN: cn=admin,dc=example,dc=com
Password: cmjbC3vkCbK9fKpd (本文中的配置)
登录成功后,就会看到
主界面
创建组织
创建组织
选择 Generic: Organisational Unit
选择组织模板
我创建一个叫 rd 的组织
创建rd组织
提交创建
最后commit即可
创建用户
点击刚才的组织 out=rd 然后点击 Create a child entry
创建用户
选择 default
选择default模板
选择 inetOrgPerson
选择inetOrgPerson模板
对象设置
显示名和邮箱
密码
uid设置
点创建后,会显示汇总信息
用户信息汇总
确认无误后点commit
此时,左侧栏目中就会多一个用户
大家可以使用 import 进行批量导入
Gitlab
使用刚才创建的用户尝试登录
也可以使用Admin的账号
用户名: root
密码: 5iveL!fe
如果能登录成功,则说明ldap和gitlab两个系统结合成功了
Redmine
地址:https://redmine.example.com
账号: admin
密码: admin
配置LDAP
管理->LDAP认证->新建认证模式
新建认证模式
| 字段 | 值 |
|---|---|
| 名称 | ldap |
| 主机 | openldap |
| 端口 | 646(勾选后面的LDAPS) |
| 帐号 | cn=readonly,dc=example,dc=com |
| 密码 | bscWdc9m7L7mwdHq |
| Base DN | dc=example,dc=com |
| LDAP 过滤器 | (objectClass=inetOrgPerson) |
| 登录名属性 | uid |
| 名字属性 | givenname |
| 姓氏属性 | sn |
| 邮件属性 |
最后点创建即可
Graylog
地址:https://graylog.example.com
账号:admin
密码:admin
我们要手动配置一下LDAP
然后选中左侧 LDAP/Active Directory
设置LDAP服务器配置
根据env的配置ENV_OPENLDAP_READONLY_PWD,我们得到
LDAP服务的只读密码为:bscWdc9m7L7mwdHq
测试连接
用户映射配置
用户登录测试
确认无误后点 Save LDAP Setting, 然后我们就可以用ldap的账号登录Graylog了
权限设置
用户登录一次后,admin需要给用户分配一下权限(我们未使用graylog中的分组,如果使用分组,可以自动进行配置)
如果这个用户需要看log信息,则需要配置一下 Streams Permissions
当然,我们也可以修改用户的角色
销毁资源
嗯,环境搭建好了,我们开始销毁吧,就是这么任性!!!😏
本地环境
cd /devops
go-flow run --config flow.conf delete all \
--config cs:./cs/cluster/services.conf \
--config cs-projects:./cs/cluster/services/all-projects.conf \
--config rds:./rds/rds.conf \
--config oss:./oss/oss.conf \
--config slb:./slb/slb.conf \
--config dns:./dns/dns.conf \
--config vpc:./vpc/all.conf \
--env-file /devops/env-flow.json \
--ctx code:gogap
Docker环境
cd /devops
docker run --rm -it -v ${PWD}:/devops \
-v ${HOME}/aliyun_secret/env-flow.json:/devops/env-flow.json \
-w /devops idocking/go-flow:latest go-flow run --config flow.conf delete all \
--config cs:./cs/cluster/services.conf \
--config cs-projects:./cs/cluster/services/all-projects.conf \
--config rds:./rds/rds.conf \
--config oss:./oss/oss.conf \
--config slb:./slb/slb.conf \
--config dns:./dns/dns.conf \
--config vpc:./vpc/all.conf \
--env-file /devops/env-flow.json \
--ctx code:gogap
如果有卡死现象或错误现象,反复执行命令即可
输出
INFO[0003] Docker cluster project deleted CODE=gogap DOCKER-CLUSTER-ID=c4e0d267dccc1412587e46a3f344eefaf DOCKER-CLUSTER-NAME=services DOCKER-PROJECT-NAME=graylog
INFO[0003] Docker cluster project deleted CODE=gogap DOCKER-CLUSTER-ID=c4e0d267dccc1412587e46a3f344eefaf DOCKER-CLUSTER-NAME=services DOCKER-PROJECT-NAME=openldap
INFO[0003] Docker cluster project deleted CODE=gogap DOCKER-CLUSTER-ID=c4e0d267dccc1412587e46a3f344eefaf DOCKER-CLUSTER-NAME=services DOCKER-PROJECT-NAME=redis
INFO[0003] Docker cluster project deleted CODE=gogap DOCKER-CLUSTER-ID=c4e0d267dccc1412587e46a3f344eefaf DOCKER-CLUSTER-NAME=services DOCKER-PROJECT-NAME=redmine
INFO[0003] Docker cluster project deleted CODE=gogap DOCKER-CLUSTER-ID=c4e0d267dccc1412587e46a3f344eefaf DOCKER-CLUSTER-NAME=services DOCKER-PROJECT-NAME=gitlab
INFO[0003] Docker cluster project deleted CODE=gogap DOCKER-CLUSTER-ID=c4e0d267dccc1412587e46a3f344eefaf DOCKER-CLUSTER-NAME=services DOCKER-PROJECT-NAME=ubuntu-services-agent
INFO[0003] Docker cluster project deleted CODE=gogap DOCKER-CLUSTER-ID=c4e0d267dccc1412587e46a3f344eefaf DOCKER-CLUSTER-NAME=services DOCKER-PROJECT-NAME=gitlab-runner
INFO[0003] Docker cluster project deleted CODE=gogap DOCKER-CLUSTER-ID=c4e0d267dccc1412587e46a3f344eefaf DOCKER-CLUSTER-NAME=services DOCKER-PROJECT-NAME=phpldapadmin
INFO[0004] Docker cluster deleted CODE=gogap DOCKER-CLUSTER-ID=c4e0d267dccc1412587e46a3f344eefaf DOCKER-CLUSTER-NAME=services
INFO[0004] Waiting for cluster status to deleted CODE=gogap DOCKER-CLUSTER-ID=c4e0d267dccc1412587e46a3f344eefaf DOCKER-CLUSTER-NAME=services
INFO[0247] Db instance deleted CODE=gogap RDS-DBINSTANCE-ID=rm-2zet3n99876t13t90
INFO[0248] bucket deleted bucket=gogap-flow-test-cluster code=gogap
INFO[0248] SLB banlancer deleted CODE=gogap SLB-BANLANCER-ID=lb-2ze428df9b2tvf94qubvm
INFO[0253] VSwitch deleted CODE=gogap ECS-VSWITCH-ID=vsw-2zehptsiup8wrnl370adm
INFO[0253] VPC found at aliyun CODE=gogap NAME=rd VPCID=vpc-2ze6in20gqhsdkd5vprz9
INFO[0254] VPC deleted CODE=gogap ECS-VPC-ID=vpc-2ze6in20gqhsdkd5vprz9
欢迎加入我的QQ群进行更深入的交流:780798965
网友评论