Shulou(Shulou.com)06/03 Report--

1. Environmental preparation

Stand-alone deployment: officially recommended hardware requirements are above 4C/16G

1 4-core 16G2 4-core 8G

1.1: get the package

Visit: https://bk.tencent.com/download/

1.2: system environment settin

Official suggestion: CentOS-7.0 or above is required and CentOS-7.5 is recommended.

Install some common commands

[root@localhost ~] # yum-y install vim lrzsz net-tools ntp wget

1.2.1: close seLinux

[root@localhost ~] # setenforce modification configuration file [root@localhost ~] # sed-ri's Universe

1.2.2: restart the system

[root@localhost ~] # reboot

1.2.3: install rsync

# check whether there is a rsync command. If there is a return rsync path, you can skip the following command [root@localhost ~] # which rsync# install rsync [root @ localhost ~] # yum-y install rsync

1.2.4: turn off the firewall

# check the default firewall status. If not running is returned, you can skip the following command [root@localhost ~] # firewall-cmd-- state# to stop and disable firewalld: [root @ localhost ~] # systemctl stop firewalld # stop firewalld [root@localhost ~] # systemctl disable firewalld # disable firewall boot

1.2.5: adjust the maximum number of file openings

# check the max open files value under the current root account [root@localhost ~] # ulimit-n # if it is the default of 1024, it is recommended to adjust it to 102400 or greater by modifying the configuration file. [root@localhost ~] # vim / etc/security/limits.d/99-nofile.conf root soft nofile 102400 root hard nofile 102400 the way in which the individual configuration file used here overrides the default value of / etc/security/limits.conf, please adjust it according to the system environment. After modification, re-use root login to check whether it is valid [root@localhost ~] # su [root@localhost ~] # ulimit-n

1.2.6: time synchronization

Server background time asynchrony can have unforeseen consequences for time-sensitive services. Be sure to keep time synchronized when installing and using Blue Whale.

# check whether the current time and time zone of each machine are the same. If the difference between them is greater than 3s (considering the time difference in batch execution), it is recommended to correct the time. [root@localhost ~] # yum-y install ntp [root@localhost ~] # date-R# time difference between viewing and ntp server (external network access is required. If there is a ntpd server in the internal network, replace the domain name with the address of the service) [root@localhost ~] # ntpdate-d cn.pool.ntp.org# if the last line of output offset is greater than 1s, it is recommended to check the time # and ntp server synchronization time [root@localhost ~] # ntpdate cn.pool.ntp.org

1.2.7: check for the existence of a global HTTP proxy

There are http requests between BlueKing servers, and if a http proxy exists and these requests are not proxied correctly, an unforeseen error will occur.

# check whether the http_proxy https_proxy variable is set. If it is empty, you can skip the following operation [root@localhost ~] # echo "$http_proxy"$https_proxy" for the way to configure the http_proxy variable locally, please check whether the files / etc/profile, / etc/bashrc, $HOME/.bashrc and so on are set.

1.2.8: close NetworkManager

# check NetworkManager status [root@localhost ~] # systemctl status NetworkManager.service# close NetworkManager [root@localhost ~] # systemctl stop NetworkManager.service# set the NetworkManager service to boot and not start [root@localhost ~] # systemctl disable NetworkManager.service

1.3Configuring YUM feeds

1.3.1: get the BASE source

# backup default source [root@localhost] # mv / etc/yum.repos.d/CentOS-Base.repo / etc/yum.repos.d/CentOS-Base.repo.backup# get network source [root@localhost] # wget-O / etc/yum.repos.d/CentOS-Base.repo http://mirrors.cloud.tencent.com/repo/centos7_base.repo

1.3.2: get the EPEL source

[root@localhost ~] # wget-O / etc/yum.repos.d/epel.repo http://mirrors.cloud.tencent.com/repo/epel-7.repo# update cache [root@localhost ~] # yum clean all [root@localhost ~] # yum makecache

1.4: obtain a certificate

Https://bk.tencent.com/download_ssl/

Get the Mac address of the machine through the command, and then copy it to the URL above to download the certificate file

2. Prepare before installation

2.1: extract the package

# upload the package to the server and extract the package to the / data directory [root@localhost ~] # mkdir / data [root@localhost ~] # tar-xf bkce_src-5.0.4.tar.gz-C / data/# decompressed / data directory there are two directories install and src directory # extract the ssl certificate file [root@localhost ~] # tar-xf ssl_certificates.tar.gz-C / data/src/cert/

2.2: modify the configuration file

2.2.1:install.conf

Install.config is a configuration file for the correspondence between modules and servers, describing which modules are installed on which machines. There are two columns in each row, the first column is the IP address, and the second column is the module name separated by commas.

[root@localhost ~] # cd / data/install/ [root@localhost install] # cp install.config.3IP.sample install.config [root@localhost install] # vim install.config Note: here the CVM writes the domain name under the public network ip [root@localhost install] # curl ip.sb [root@localhost install] # vim globals.env to its own export BK_DOMAIN= "bk.cloud.tencent.com" # Blue whale root domain name (excluding hostname) export PAAS_FQDN= "yppaas.$BK_DOMAIN" # PAAS full domain name export CMDB_FQDN= "ypcmdb.$BK_DOMAIN" # CMDB full domain name export JOB_FQDN= "ypjob.$BK_DOMAIN" # JOB full domain name PAAS_ADMIN_PASS to `BWvQEaYO` modified

The rest is fine by default.

2.2.3:pip.conf

[root@localhost ~] # mkdir-p / data/src/.pip/ [root@localhost ~] # vim / data/src/.pip/pip.conf [global] index-url =! [img] (file:///C:\Users\LFL\AppData\Local\Temp\%W@GJ$ACOF(TYDYECOKVDYB.png)https://pypi.tuna.tsinghua.edu.cn/simple[root@localhost ~] # curl-I http://mirrors.cloud.tencent.com/pypi/simple

2.3: configure secret-free login

[root@localhost ~] # cd / data/install/ [root@localhost install] # bash configure_ssh_without_pass # enter the root password of each host as prompted to complete the secret-free login configuration

2.4: check the environment before installation

[root@localhost ~] # cd / data/install/ [root@localhost install] # bash precheck.sh

Normal as shown below

If you find an error in [FAIL], follow the prompts and this document to fix it. After repair, you can continue to run the precheck.sh script until [FAIL] no longer appears. If you need to check from scratch, use the precheck.sh-r parameter

3. Start the installation

3.1: perform installation

[root@localhost ~] # mkdir / usr/local/blueking [root@localhost ~] # cd / data/install/ [root@localhost install] #. / install_minibk-y. Has been checked successfully... SKIP has been checked successfully... SKIPwhere do you want to install blueking products.enter an absolute path [/ data/bkce]: enter directly to confirm. Enter an absolute path [/ data/bkce]: / usr/local/blueking # enter the installation location directory / usr/local/blueking exists, are you sure to install blueking suite to / usr/local/blueking (yes/no)? An error occurred in yes:

Parse cc response error parsing cc error

Solution:

It is officially given

[root@localhost ~] # source / data/install/utils.fc

[root@localhost ~] # cd / data/install

[root@localhost install] #. / bkcec status all

[root@localhost install] #. / bkcec stop gse

[root@localhost install] #. / bkcec install gse 1

[root@localhost install] #. / bkcec initdata gse

Perform the installation again

[root@localhost install] #. / install_minibk-y

4. Visit the page

Windows: modify the hosts file for domain name resolution

C:\ Windows\ System32\ drivers\ etc\ hosts

192.168.66.35 localhost.localdomain

192.168.66.35 yppaas.bk.com

192.168.66.35 ypcmdb.bk.com

192.168.66.35 ypjob.bk.com

192.168.66.35 rbtnode1

Note: the login user and password are set in the configuration file globals.env

The general user is admin, and the password is the password modified by himself.

5. Network management deployment

5.1: download the plug-in package

Download and deploy a third-party network management platform

Plug-in package address https://bk.tencent.com/download_sdk/

5.2: decompress installation

# execute the environment variable file [root@rbtnode1 ~] # source / data/install/globals.env# upload plug-in package to extract and install [root@rbtnode1 ~] # tar xf bknetwork.tgz-C / data/src/ [root@rbtnode1 ~] # tar xf / data/src/bknetwork/bknetwork-3.6.1.tgz-C / data/src/ [root@rbtnode1 ~] # rsync-a / data/src/bknetwork/install/ / data/install/

5.3: modify the domain name according to the actual situation

Modify the central controller / data/install/third/globals_bknetwork.env network management domain name and other information according to the actual situation

5.4: deploy network management

[root@rbtnode1 ~] # cd / data/install/ [root@rbtnode1 install] #. / bkco_install bknetwork

Add domain name resolution to 5.5:win system

Windows: modify the hosts file for domain name resolution

C:\ Windows\ System32\ drivers\ etc\ hosts

192.168.66.35 bknetwork.bk.com

5.6: visit the page

Http://bknetwork.bk.com

6. Deploy the CICD plug-in

6.1: download plug-in packages and scripts

Https://bk.tencent.com/download_sdk/

6.2: decompress installation

[root@rbtnode1 ~] # tar-xf bkce_cicdkit-1.0.0.tgz-C / data [root@rbtnode1 ~] # tar-xf install_ce-cicdkit_fix-1.0.2.tar-C / data

Note: the available configuration of the machine on which CICDKit is installed cannot be lower than 4C8G, and the system version cannot be lower than CentOS7.0. It is recommended to deploy on a single machine.

6.3: modify the configuration

Install/third/globals_cicdkit.env domain name information of central control computer (CICDKIT_FQDN)

Install.config added the configuration of cicdkit and its dependent mysql5.7

[root@rbtnode1 install] # vim install.config

192.168.66.36 mysql57,cicdkit

6.4: install CICDKit backend

# refresh the environment variable [root@rbtnode1 install] # source globals.env [root@rbtnode1 install] # source / data/install/third/globals_cicdkit.env# Copy the key: [root@rbtnode1 install] # ssh-copy-id root@192.168.66.36# performs data copy to the cicd server [root@rbtnode1 install] #. / bkcec sync all# installs CICD Kitt [root @ rbtnode1 install] #. / bkco_install cicdkit [root@rbtnode1 ~] # source / data/install/utils.fc [root@rbtnode1 install] # echo $CICDKIT_ FQDNcicdkit.bk.com [root @ rbtnode1 install] # vim / etc/hosts10.18.198.92 cicdkit. Bk.com# restart process [root@rbtnode1 install] #. / bkcec stop cicdkit self [root@rbtnode1 install] #. / bkcec start cicdkit self

6. 5: deploy cicdkit-SaaS

# download cicdkit-SaaS package

Https://bk.tencent.com/s-mart/application/159/detail

Enter the developer Center from the PaaS page to deploy

6.6: visit the page

7. Operation after server restart

Confirm that the first nameserver in / etc/resolv.conf is 127.0.0.1. The option cannot have rotate to check whether the crontab of the restart machine is configured to start processes automatically. Crontab-l | grep process_watch. Auto-pull after restart mainly depends on confirming the status of all processes on the crontab central control machine:. / bkcec status all. Normally, it should be normal to pull up the RUNNING state. If there is an EXIT, try to pull it manually. Specific method to manually pull up reference component startup stop https://docs.bk.tencent.com/bkce_install_guide/maintain.html#start_stop if all the machines in the community version are restarted at the same time, it is very likely that many processes will fail to start, because the recovery time of components on different machines is out of control, resulting in the failure of dependent components, resulting in a chain reaction. So in this case, follow the startup principle at the time of installation: start db to start other open source components and services that depend on start BlueKing products.

If you have already deployed SaaS, pull it up manually.

[root@rbtnode1 ~] # cd / data/install/

[root@rbtnode1 install] #. / bkcec start saas-o # formal environment

[root@rbtnode1 install] #. / bkcec start saas-t # Test Environment

# check the startup status of all services. RUNNING is normal. If there is an EXIT, pull it manually.

[root@rbtnode1 install] #. / bkcec status all

# manually pull a service, such as

[root@rbtnode1 install] #. / bkcec start bknetwork

[root@rbtnode1 install] #. / bkcec status bknetwork

8. Install Agent offline

8.1: offline preparation

Download the ISO image file at the following address. This iso image already contains the software needed to install agent.

Https://bk.tencent.com/s-mart/community/question/466

Mount to each machine:

Mkdir-p / mnt/centos7 mount / dev/sr0 / mnt/centos7

8.2: configure offline repo

Vim / etc/yum.repos.d/offline-centos7.repo [offline-centos7] name=Bk repo baseurl= file:///mnt/centos7 enabled=1 gpgcheck=0

8.3: update cache

Yum clean allyum makecacheyum repolist

8.4: just add Agent to the node configuration

9. Summary of frequently asked questions

Failed to start 9.1:zookpeer

Check log for dirty data. Log path [root@rbtnode1 ~] # rm-rf / installation directory / public/zk/data/version-2/ [root@rbtnode1 ~] # rm-rf / installation directory / public/zk/datalog/version-2/ [root@rbtnode1 ~] # cd / data/install [root@rbtnode1 install] #. / bkcec start zk [root@rbtnode1 install] #. / bkcec status zk check log for dirty data Log path [root@rbtnode1 ~] # rm-rf / installation directory / public/zk/data/version-2/ [root@rbtnode1 ~] # rm-rf / installation directory / public/zk/datalog/version-2/ [root@rbtnode1 ~] # cd / data/install [root@rbtnode1 install] #. / bkcec start zk [root@rbtnode1 install] #. / bkcec status zk

Failed to start 9.2:GSE

Restart gse [root@rbtnode1 ~] # cd / data/install [root@rbtnode1 install] #. / bkcec stop gse 1 [root@rbtnode1 install] #. / bkcec initdata gse [root@rbtnode1 install] #. / bkcec start gse [root@rbtnode1 install] #. / bkcec status gse

9.3: the server's gse service is sometimes normal and sometimes abnormal.

The log shows that the redis host cannot be connected, but the redis service is normal. The root cause is that redis and gse are installed on the same server.

9.4: all visits to SaaS applications after service restart are reported as 502.

Reason: there is a residual process after restarting the service

Solution: redeploy these applications in the developer Center

9.5:redis password modification cannot have special characters. If there are special characters, it will cause the gse_dba service to fail, and the cmdb service cannot all running.

Refer to the official website: http://docs.bk.tencent.com/bkce_maintain_faq/component/redis.html change back to normal password, problem solved

9.6: error add rabbitmq user admin failed encountered during deployment of BlueKing platform

Run the command chmod 755 * under / etc/rabbitmq

9.7: uninstall BlueKing agent unsuccessfully. Hint: component call exception

After the server is installed, the business is assigned to another place. If you want to uninstall unsuccessfully, you need to reassign the host to BlueKing service and reinstall agent.

9.8: after BlueKing server restarts, all app cannot be accessed, and paas_agent does not show running status.

Run the command:

View log / data/bkce/logs/paas_agent/agent.log

. / bkcec stop nginx

. / bkcec start nginx

. / bkcec stop appt

. / bkcec start appt

. / bkcec stop appo

. / bkcec start appo

Then re-up and down the uam, re-up and down the app, the problem was solved.

9.9:bkdata server detect_cron prompt status is abnormal

Reason: the format of the crontab scheduled task is not standard, there are many @ signs, delete the @ sign, and execute the following command to solve the problem

Workon monitor

Supervisorctl-c / data/bkce/etc/supervisor-bkdata-monitor.conf restart detect_cron

9.10: failed to configure automated app deployment, the log shows an error and cannot find the pip source

Do the following on the appt and appo servers to install pippacks in the online pip environment ahead of time

Pip download django-celery==3.1.16, and then upload to the / data/bkce/paas_agent/support-files/pkgs/ directory

Confirm that the dependent package version information in / data/bkcd/pass_agent/apps/projects/cc-automation/code/cc-automation/requirements.txt is corresponding.

Install the dependency package in app's virtual environment:

Cd / data/bkce/paas_agent/apps/Envs/cc-automation/bin

Source activate

Pip insall-r / data/bkce/pass_agent/apps/projects/cc-automation/code/cc-automation/requirements.txt-- no-index-- find-links= file:///data/bkce/ paas_agent/support-files/pkgs/

Pip list

Deactivate

10. How to add whitelist to a SaaS application

Official document: https://bk.tencent.com/s-mart/community/question/569

11. Uninstall the Agent of each node manually

Log in to each control node server and do the following

Stop gse_agent:

[root@node1 ~] # / usr/local/gse/agent/bin/gsectl stop

Stop collector:

[root@node1] # cd / usr/local/gse/plugins/bin/ & &. / stop.sh basereport

Delete GSE related directories

[root@node1] # rm-rf / usr/local/gse/ / var/log/gse/ / var/run/gse/ / var/lib/gse/

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.