StackStorm简介及其部署

StackStorm简介:

故障自愈作为运维领域的热门话题之一,各个公司都会投入大量的人力来开发不同的组件,如何正确、有序的调用不同组件以及避免相同功能组件的开发,是一件亟待解决的问题。 StackStrom 是一个基于事件流并自动执行的系统框架,基于此,可以让 外部系统产生的事件,有序的、可编排的集合到一起,作为一个完整的事件流去执行,从而解决一些高频次的运维难题。

StackStorm的工作步骤大体如下:
1. StackStorm Sensor感应并触发事件。
2. Rules Engine对事件进行规则匹配,如果匹配产生任务。
3. StackStorm Worker执行任务,一般是调用到外部系统。
4. StackStorm记录审计任务执行的细节。
5.任务执行结果返回给Rules Engine进行进一步处理。

StackStorm部署步骤:以下操作,整理自官方部署步骤https://docs.stackstorm.com/install/rhel7.html

本次部署环境如下:

系统:Centos7.7

内存:4G(官方说2G内容也可,我部署的时候内容使用率大概在60%,所以2G应该也是勉强的)

磁盘:50G

setenforce 0
yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
rpm --import https://www.mongodb.org/static/pgp/server-3.4.asc

#使用<<符号来处理文件,EOT是一个标志符号,用来标志首尾位置。另外sh -c是指从-c后面的字符串读取命令,其实有点多余,可以直接执行cat部分的命令即可,无需在前面添加sh -c
sh -c "cat <<EOT > /etc/yum.repos.d/mongodb-org-3.4.repo
[mongodb-org-3.4]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/7/mongodb-org/3.4/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-3.4.asc
EOT"

yum install crudini mongodb-org rabbitmq-server postgresql-server postgresql-contrib postgresql-devel -y 
systemctl start mongod rabbitmq-server
systemctl enable mongod rabbitmq-server
#初始化postgresql
postgresql-setup initdb
#配置pgsql通过md5加密方式进行通讯
sed -i "s/\(host.*all.*all.*127.0.0.1\/32.*\)ident/\1md5/" /var/lib/pgsql/data/pg_hba.conf
sed -i "s/\(host.*all.*all.*::1\/128.*\)ident/\1md5/" /var/lib/pgsql/data/pg_hba.conf
systemctl start postgresql
systemctl enable postgresql
curl -s https://packagecloud.io/install/repositories/StackStorm/stable/script.rpm.sh | sudo bash
yum install -y st2 st2mistral
#如果服务应用在不同服务器上,只需要修改以下配置路径即可
#RabbitMQ connection at /etc/st2/st2.conf and /etc/mistral/mistral.conf
#MongoDB at /etc/st2/st2.conf
#PostgreSQL at /etc/mistral/mistral.conf
DATASTORE_ENCRYPTION_KEYS_DIRECTORY="/etc/st2/keys"
DATASTORE_ENCRYPTION_KEY_PATH="${DATASTORE_ENCRYPTION_KEYS_DIRECTORY}/datastore_key.json"
mkdir -p ${DATASTORE_ENCRYPTION_KEYS_DIRECTORY}
#生成一个加密密钥文件,并存放至指定位置
st2-generate-symmetric-crypto-key --key-path ${DATASTORE_ENCRYPTION_KEY_PATH}
chgrp st2 ${DATASTORE_ENCRYPTION_KEYS_DIRECTORY}
chmod o-r ${DATASTORE_ENCRYPTION_KEYS_DIRECTORY}
chgrp st2 ${DATASTORE_ENCRYPTION_KEY_PATH}
chmod o-r ${DATASTORE_ENCRYPTION_KEY_PATH}
#设置密钥配置
crudini --set /etc/st2/st2.conf keyvalue encryption_key_path ${DATASTORE_ENCRYPTION_KEY_PATH}
st2ctl restart-component st2api

#同上,<< + 标志符,实现将后面的多行字符串重定向到前面的内容中。这里执行会提示could not change directory to "/root"。可能是因为切换到postgres用户导致的,没有影响+
cat << EHD | sudo -u postgres psql
CREATE ROLE mistral WITH CREATEDB LOGIN ENCRYPTED PASSWORD 'StackStorm';
CREATE DATABASE mistral OWNER mistral;
EHD

#配置mistral数据库
/opt/stackstorm/mistral/bin/mistral-db-manage --config-file /etc/mistral/mistral.conf upgrade head
/opt/stackstorm/mistral/bin/mistral-db-manage --config-file /etc/mistral/mistral.conf populate | grep -v -e openstack -e keystone -e ironicclient
#可能会提示用户已存在
useradd stanley
mkdir -p /home/stanley/.ssh
chmod 0700 /home/stanley/.ssh
ssh-keygen -f /home/stanley/.ssh/stanley_rsa -P ""
sh -c 'cat /home/stanley/.ssh/stanley_rsa.pub >> /home/stanley/.ssh/authorized_keys'
chown -R stanley:stanley /home/stanley/.ssh
#配置stanley执行sudo免密
sh -c 'echo "stanley    ALL=(ALL)       NOPASSWD: SETENV: ALL" >> /etc/sudoers.d/st2'
chmod 0440 /etc/sudoers.d/st2
#注释对应行?
sed -i -r "s/^Defaults\s+\+?requiretty/# Defaults +requiretty/g" /etc/sudoers
#会提示Failed to start st2chatops.service: Unit not found.和st2chatops is not running.没影响
st2ctl start
st2ctl reload
st2 --version
st2 action list --pack=core
#会提示succeeded
st2 run core.local -- date -R
#会提示succeeded
st2 execution list
#会提示succeeded
st2 run core.remote hosts='localhost' -- uname -a
#安装st2包,安装完成会提示succeeded
st2 pack install st2
#st2ctl相关的控制命令
#st2ctl start|stop|status|restart|restart-component|reload|clean
yum -y install httpd-tools
#添加账号st2admin密码Ch@ngeMe,用来登录WEBUI
echo 'Ch@ngeMe' | sudo htpasswd -i /etc/st2/htpasswd st2admin
#[auth]     enable = True    修改【auth】下的enable的值为True即可
vim /etc/st2/st2.conf
st2ctl restart-component st2api
#输入上面的默认密码Ch@ngeMe
st2 login st2admin
st2 action list
rpm --import http://nginx.org/keys/nginx_signing.key

sh -c "cat <<EOT > /etc/yum.repos.d/nginx.repo
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/rhel/\\\$releasever/x86_64/
gpgcheck=1
enabled=1
EOT"

sed -i 's/^\(enabled=1\)$/exclude=nginx\n\1/g' /etc/yum.repos.d/epel.repo
yum install nginx st2web -y
mkdir -p /etc/ssl/st2

openssl req -x509 -newkey rsa:2048 -keyout /etc/ssl/st2/st2.key -out /etc/ssl/st2/st2.crt \
-days 365 -nodes -subj "/C=US/ST=California/L=Palo Alto/O=StackStorm/OU=Information \
Technology/CN=$(hostname)"

cp /usr/share/doc/st2/conf/nginx/st2.conf /etc/nginx/conf.d/
#取消nginx默认的web服务路径
sed -i 's/default_server//g' /etc/nginx/nginx.conf
systemctl restart nginx
systemctl enable nginxsetenforce 0
yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
rpm --import https://www.mongodb.org/static/pgp/server-3.4.asc

#使用<<符号来处理文件,EOT是一个标志符号,用来标志首尾位置。另外sh -c是指从-c后面的字符串读取命令,其实有点多余,可以直接执行cat部分的命令即可,无需在前面添加sh -c
sh -c "cat <<EOT > /etc/yum.repos.d/mongodb-org-3.4.repo
[mongodb-org-3.4]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/7/mongodb-org/3.4/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-3.4.asc
EOT"

yum install crudini mongodb-org rabbitmq-server postgresql-server postgresql-contrib postgresql-devel -y 
systemctl start mongod rabbitmq-server
systemctl enable mongod rabbitmq-server
#初始化postgresql
postgresql-setup initdb
#配置pgsql通过md5加密方式进行通讯
sed -i "s/\(host.*all.*all.*127.0.0.1\/32.*\)ident/\1md5/" /var/lib/pgsql/data/pg_hba.conf
sed -i "s/\(host.*all.*all.*::1\/128.*\)ident/\1md5/" /var/lib/pgsql/data/pg_hba.conf
systemctl start postgresql
systemctl enable postgresql
curl -s https://packagecloud.io/install/repositories/StackStorm/stable/script.rpm.sh | sudo bash
yum install -y st2 st2mistral
#如果服务应用在不同服务器上,只需要修改以下配置路径即可
#RabbitMQ connection at /etc/st2/st2.conf and /etc/mistral/mistral.conf
#MongoDB at /etc/st2/st2.conf
#PostgreSQL at /etc/mistral/mistral.conf
DATASTORE_ENCRYPTION_KEYS_DIRECTORY="/etc/st2/keys"
DATASTORE_ENCRYPTION_KEY_PATH="${DATASTORE_ENCRYPTION_KEYS_DIRECTORY}/datastore_key.json"
mkdir -p ${DATASTORE_ENCRYPTION_KEYS_DIRECTORY}
#生成一个加密密钥文件,并存放至指定位置
st2-generate-symmetric-crypto-key --key-path ${DATASTORE_ENCRYPTION_KEY_PATH}
chgrp st2 ${DATASTORE_ENCRYPTION_KEYS_DIRECTORY}
chmod o-r ${DATASTORE_ENCRYPTION_KEYS_DIRECTORY}
chgrp st2 ${DATASTORE_ENCRYPTION_KEY_PATH}
chmod o-r ${DATASTORE_ENCRYPTION_KEY_PATH}
#设置密钥配置
crudini --set /etc/st2/st2.conf keyvalue encryption_key_path ${DATASTORE_ENCRYPTION_KEY_PATH}
st2ctl restart-component st2api

#同上,<< + 标志符,实现将后面的多行字符串重定向到前面的内容中。这里执行会提示could not change directory to "/root"。可能是因为切换到postgres用户导致的,没有影响+
cat << EHD | sudo -u postgres psql
CREATE ROLE mistral WITH CREATEDB LOGIN ENCRYPTED PASSWORD 'StackStorm';
CREATE DATABASE mistral OWNER mistral;
EHD

#配置mistral数据库
/opt/stackstorm/mistral/bin/mistral-db-manage --config-file /etc/mistral/mistral.conf upgrade head
/opt/stackstorm/mistral/bin/mistral-db-manage --config-file /etc/mistral/mistral.conf populate | grep -v -e openstack -e keystone -e ironicclient
#可能会提示用户已存在
useradd stanley
mkdir -p /home/stanley/.ssh
chmod 0700 /home/stanley/.ssh
ssh-keygen -f /home/stanley/.ssh/stanley_rsa -P ""
sh -c 'cat /home/stanley/.ssh/stanley_rsa.pub >> /home/stanley/.ssh/authorized_keys'
chown -R stanley:stanley /home/stanley/.ssh
#配置stanley执行sudo免密
sh -c 'echo "stanley    ALL=(ALL)       NOPASSWD: SETENV: ALL" >> /etc/sudoers.d/st2'
chmod 0440 /etc/sudoers.d/st2
#注释对应行?
sed -i -r "s/^Defaults\s+\+?requiretty/# Defaults +requiretty/g" /etc/sudoers
#会提示Failed to start st2chatops.service: Unit not found.和st2chatops is not running.没影响
st2ctl start
st2ctl reload
st2 --version
st2 action list --pack=core
#会提示succeeded
st2 run core.local -- date -R
#会提示succeeded
st2 execution list
#会提示succeeded
st2 run core.remote hosts='localhost' -- uname -a
#安装st2包,安装完成会提示succeeded
st2 pack install st2
#st2ctl相关的控制命令
#st2ctl start|stop|status|restart|restart-component|reload|clean
yum -y install httpd-tools
#添加账号st2admin密码Ch@ngeMe,用来登录WEBUI
echo 'Ch@ngeMe' | sudo htpasswd -i /etc/st2/htpasswd st2admin
#[auth]     enable = True    修改【auth】下的enable的值为True即可
vim /etc/st2/st2.conf
st2ctl restart-component st2api
#输入上面的默认密码Ch@ngeMe
st2 login st2admin
st2 action list
rpm --import http://nginx.org/keys/nginx_signing.key

sh -c "cat <<EOT > /etc/yum.repos.d/nginx.repo
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/rhel/\\\$releasever/x86_64/
gpgcheck=1
enabled=1
EOT"

sed -i 's/^\(enabled=1\)$/exclude=nginx\n\1/g' /etc/yum.repos.d/epel.repo
yum install nginx st2web -y
mkdir -p /etc/ssl/st2

openssl req -x509 -newkey rsa:2048 -keyout /etc/ssl/st2/st2.key -out /etc/ssl/st2/st2.crt \
-days 365 -nodes -subj "/C=US/ST=California/L=Palo Alto/O=StackStorm/OU=Information \
Technology/CN=$(hostname)"

cp /usr/share/doc/st2/conf/nginx/st2.conf /etc/nginx/conf.d/
#取消nginx默认的web服务路径
sed -i 's/default_server//g' /etc/nginx/nginx.conf
systemctl restart nginx
systemctl enable nginx

 浏览器访问服务器IP即可,在登录界面输入账号st2admin密码Ch@ngeMe,登录后界面如下

 

 具体的使用方法,后续我再进行补充

posted on 2020-05-26 17:35  标配的小号  阅读(2713)  评论(0编辑  收藏  举报

导航