StackStorm简介及其部署
StackStorm简介:
故障自愈作为运维领域的热门话题之一,各个公司都会投入大量的人力来开发不同的组件,如何正确、有序的调用不同组件以及避免相同功能组件的开发,是一件亟待解决的问题。 StackStrom 是一个基于事件流并自动执行的系统框架,基于此,可以让 外部系统产生的事件,有序的、可编排的集合到一起,作为一个完整的事件流去执行,从而解决一些高频次的运维难题。
StackStorm的工作步骤大体如下:
1. StackStorm Sensor感应并触发事件。
2. Rules Engine对事件进行规则匹配,如果匹配产生任务。
3. StackStorm Worker执行任务,一般是调用到外部系统。
4. StackStorm记录审计任务执行的细节。
5.任务执行结果返回给Rules Engine进行进一步处理。
StackStorm部署步骤:以下操作,整理自官方部署步骤https://docs.stackstorm.com/install/rhel7.html
本次部署环境如下:
系统:Centos7.7
内存:4G(官方说2G内容也可,我部署的时候内容使用率大概在60%,所以2G应该也是勉强的)
磁盘:50G
setenforce 0 yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm rpm --import https://www.mongodb.org/static/pgp/server-3.4.asc #使用<<符号来处理文件,EOT是一个标志符号,用来标志首尾位置。另外sh -c是指从-c后面的字符串读取命令,其实有点多余,可以直接执行cat部分的命令即可,无需在前面添加sh -c sh -c "cat <<EOT > /etc/yum.repos.d/mongodb-org-3.4.repo [mongodb-org-3.4] name=MongoDB Repository baseurl=https://repo.mongodb.org/yum/redhat/7/mongodb-org/3.4/x86_64/ gpgcheck=1 enabled=1 gpgkey=https://www.mongodb.org/static/pgp/server-3.4.asc EOT" yum install crudini mongodb-org rabbitmq-server postgresql-server postgresql-contrib postgresql-devel -y systemctl start mongod rabbitmq-server systemctl enable mongod rabbitmq-server #初始化postgresql postgresql-setup initdb #配置pgsql通过md5加密方式进行通讯 sed -i "s/\(host.*all.*all.*127.0.0.1\/32.*\)ident/\1md5/" /var/lib/pgsql/data/pg_hba.conf sed -i "s/\(host.*all.*all.*::1\/128.*\)ident/\1md5/" /var/lib/pgsql/data/pg_hba.conf systemctl start postgresql systemctl enable postgresql curl -s https://packagecloud.io/install/repositories/StackStorm/stable/script.rpm.sh | sudo bash yum install -y st2 st2mistral #如果服务应用在不同服务器上,只需要修改以下配置路径即可 #RabbitMQ connection at /etc/st2/st2.conf and /etc/mistral/mistral.conf #MongoDB at /etc/st2/st2.conf #PostgreSQL at /etc/mistral/mistral.conf DATASTORE_ENCRYPTION_KEYS_DIRECTORY="/etc/st2/keys" DATASTORE_ENCRYPTION_KEY_PATH="${DATASTORE_ENCRYPTION_KEYS_DIRECTORY}/datastore_key.json" mkdir -p ${DATASTORE_ENCRYPTION_KEYS_DIRECTORY} #生成一个加密密钥文件,并存放至指定位置 st2-generate-symmetric-crypto-key --key-path ${DATASTORE_ENCRYPTION_KEY_PATH} chgrp st2 ${DATASTORE_ENCRYPTION_KEYS_DIRECTORY} chmod o-r ${DATASTORE_ENCRYPTION_KEYS_DIRECTORY} chgrp st2 ${DATASTORE_ENCRYPTION_KEY_PATH} chmod o-r ${DATASTORE_ENCRYPTION_KEY_PATH} #设置密钥配置 crudini --set /etc/st2/st2.conf keyvalue encryption_key_path ${DATASTORE_ENCRYPTION_KEY_PATH} st2ctl restart-component st2api #同上,<< + 标志符,实现将后面的多行字符串重定向到前面的内容中。这里执行会提示could not change directory to "/root"。可能是因为切换到postgres用户导致的,没有影响+ cat << EHD | sudo -u postgres psql CREATE ROLE mistral WITH CREATEDB LOGIN ENCRYPTED PASSWORD 'StackStorm'; CREATE DATABASE mistral OWNER mistral; EHD #配置mistral数据库 /opt/stackstorm/mistral/bin/mistral-db-manage --config-file /etc/mistral/mistral.conf upgrade head /opt/stackstorm/mistral/bin/mistral-db-manage --config-file /etc/mistral/mistral.conf populate | grep -v -e openstack -e keystone -e ironicclient #可能会提示用户已存在 useradd stanley mkdir -p /home/stanley/.ssh chmod 0700 /home/stanley/.ssh ssh-keygen -f /home/stanley/.ssh/stanley_rsa -P "" sh -c 'cat /home/stanley/.ssh/stanley_rsa.pub >> /home/stanley/.ssh/authorized_keys' chown -R stanley:stanley /home/stanley/.ssh #配置stanley执行sudo免密 sh -c 'echo "stanley ALL=(ALL) NOPASSWD: SETENV: ALL" >> /etc/sudoers.d/st2' chmod 0440 /etc/sudoers.d/st2 #注释对应行? sed -i -r "s/^Defaults\s+\+?requiretty/# Defaults +requiretty/g" /etc/sudoers #会提示Failed to start st2chatops.service: Unit not found.和st2chatops is not running.没影响 st2ctl start st2ctl reload st2 --version st2 action list --pack=core #会提示succeeded st2 run core.local -- date -R #会提示succeeded st2 execution list #会提示succeeded st2 run core.remote hosts='localhost' -- uname -a #安装st2包,安装完成会提示succeeded st2 pack install st2 #st2ctl相关的控制命令 #st2ctl start|stop|status|restart|restart-component|reload|clean yum -y install httpd-tools #添加账号st2admin密码Ch@ngeMe,用来登录WEBUI echo 'Ch@ngeMe' | sudo htpasswd -i /etc/st2/htpasswd st2admin #[auth] enable = True 修改【auth】下的enable的值为True即可 vim /etc/st2/st2.conf st2ctl restart-component st2api #输入上面的默认密码Ch@ngeMe st2 login st2admin st2 action list rpm --import http://nginx.org/keys/nginx_signing.key sh -c "cat <<EOT > /etc/yum.repos.d/nginx.repo [nginx] name=nginx repo baseurl=http://nginx.org/packages/rhel/\\\$releasever/x86_64/ gpgcheck=1 enabled=1 EOT" sed -i 's/^\(enabled=1\)$/exclude=nginx\n\1/g' /etc/yum.repos.d/epel.repo yum install nginx st2web -y mkdir -p /etc/ssl/st2 openssl req -x509 -newkey rsa:2048 -keyout /etc/ssl/st2/st2.key -out /etc/ssl/st2/st2.crt \ -days 365 -nodes -subj "/C=US/ST=California/L=Palo Alto/O=StackStorm/OU=Information \ Technology/CN=$(hostname)" cp /usr/share/doc/st2/conf/nginx/st2.conf /etc/nginx/conf.d/ #取消nginx默认的web服务路径 sed -i 's/default_server//g' /etc/nginx/nginx.conf systemctl restart nginx systemctl enable nginxsetenforce 0 yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm rpm --import https://www.mongodb.org/static/pgp/server-3.4.asc #使用<<符号来处理文件,EOT是一个标志符号,用来标志首尾位置。另外sh -c是指从-c后面的字符串读取命令,其实有点多余,可以直接执行cat部分的命令即可,无需在前面添加sh -c sh -c "cat <<EOT > /etc/yum.repos.d/mongodb-org-3.4.repo [mongodb-org-3.4] name=MongoDB Repository baseurl=https://repo.mongodb.org/yum/redhat/7/mongodb-org/3.4/x86_64/ gpgcheck=1 enabled=1 gpgkey=https://www.mongodb.org/static/pgp/server-3.4.asc EOT" yum install crudini mongodb-org rabbitmq-server postgresql-server postgresql-contrib postgresql-devel -y systemctl start mongod rabbitmq-server systemctl enable mongod rabbitmq-server #初始化postgresql postgresql-setup initdb #配置pgsql通过md5加密方式进行通讯 sed -i "s/\(host.*all.*all.*127.0.0.1\/32.*\)ident/\1md5/" /var/lib/pgsql/data/pg_hba.conf sed -i "s/\(host.*all.*all.*::1\/128.*\)ident/\1md5/" /var/lib/pgsql/data/pg_hba.conf systemctl start postgresql systemctl enable postgresql curl -s https://packagecloud.io/install/repositories/StackStorm/stable/script.rpm.sh | sudo bash yum install -y st2 st2mistral #如果服务应用在不同服务器上,只需要修改以下配置路径即可 #RabbitMQ connection at /etc/st2/st2.conf and /etc/mistral/mistral.conf #MongoDB at /etc/st2/st2.conf #PostgreSQL at /etc/mistral/mistral.conf DATASTORE_ENCRYPTION_KEYS_DIRECTORY="/etc/st2/keys" DATASTORE_ENCRYPTION_KEY_PATH="${DATASTORE_ENCRYPTION_KEYS_DIRECTORY}/datastore_key.json" mkdir -p ${DATASTORE_ENCRYPTION_KEYS_DIRECTORY} #生成一个加密密钥文件,并存放至指定位置 st2-generate-symmetric-crypto-key --key-path ${DATASTORE_ENCRYPTION_KEY_PATH} chgrp st2 ${DATASTORE_ENCRYPTION_KEYS_DIRECTORY} chmod o-r ${DATASTORE_ENCRYPTION_KEYS_DIRECTORY} chgrp st2 ${DATASTORE_ENCRYPTION_KEY_PATH} chmod o-r ${DATASTORE_ENCRYPTION_KEY_PATH} #设置密钥配置 crudini --set /etc/st2/st2.conf keyvalue encryption_key_path ${DATASTORE_ENCRYPTION_KEY_PATH} st2ctl restart-component st2api #同上,<< + 标志符,实现将后面的多行字符串重定向到前面的内容中。这里执行会提示could not change directory to "/root"。可能是因为切换到postgres用户导致的,没有影响+ cat << EHD | sudo -u postgres psql CREATE ROLE mistral WITH CREATEDB LOGIN ENCRYPTED PASSWORD 'StackStorm'; CREATE DATABASE mistral OWNER mistral; EHD #配置mistral数据库 /opt/stackstorm/mistral/bin/mistral-db-manage --config-file /etc/mistral/mistral.conf upgrade head /opt/stackstorm/mistral/bin/mistral-db-manage --config-file /etc/mistral/mistral.conf populate | grep -v -e openstack -e keystone -e ironicclient #可能会提示用户已存在 useradd stanley mkdir -p /home/stanley/.ssh chmod 0700 /home/stanley/.ssh ssh-keygen -f /home/stanley/.ssh/stanley_rsa -P "" sh -c 'cat /home/stanley/.ssh/stanley_rsa.pub >> /home/stanley/.ssh/authorized_keys' chown -R stanley:stanley /home/stanley/.ssh #配置stanley执行sudo免密 sh -c 'echo "stanley ALL=(ALL) NOPASSWD: SETENV: ALL" >> /etc/sudoers.d/st2' chmod 0440 /etc/sudoers.d/st2 #注释对应行? sed -i -r "s/^Defaults\s+\+?requiretty/# Defaults +requiretty/g" /etc/sudoers #会提示Failed to start st2chatops.service: Unit not found.和st2chatops is not running.没影响 st2ctl start st2ctl reload st2 --version st2 action list --pack=core #会提示succeeded st2 run core.local -- date -R #会提示succeeded st2 execution list #会提示succeeded st2 run core.remote hosts='localhost' -- uname -a #安装st2包,安装完成会提示succeeded st2 pack install st2 #st2ctl相关的控制命令 #st2ctl start|stop|status|restart|restart-component|reload|clean yum -y install httpd-tools #添加账号st2admin密码Ch@ngeMe,用来登录WEBUI echo 'Ch@ngeMe' | sudo htpasswd -i /etc/st2/htpasswd st2admin #[auth] enable = True 修改【auth】下的enable的值为True即可 vim /etc/st2/st2.conf st2ctl restart-component st2api #输入上面的默认密码Ch@ngeMe st2 login st2admin st2 action list rpm --import http://nginx.org/keys/nginx_signing.key sh -c "cat <<EOT > /etc/yum.repos.d/nginx.repo [nginx] name=nginx repo baseurl=http://nginx.org/packages/rhel/\\\$releasever/x86_64/ gpgcheck=1 enabled=1 EOT" sed -i 's/^\(enabled=1\)$/exclude=nginx\n\1/g' /etc/yum.repos.d/epel.repo yum install nginx st2web -y mkdir -p /etc/ssl/st2 openssl req -x509 -newkey rsa:2048 -keyout /etc/ssl/st2/st2.key -out /etc/ssl/st2/st2.crt \ -days 365 -nodes -subj "/C=US/ST=California/L=Palo Alto/O=StackStorm/OU=Information \ Technology/CN=$(hostname)" cp /usr/share/doc/st2/conf/nginx/st2.conf /etc/nginx/conf.d/ #取消nginx默认的web服务路径 sed -i 's/default_server//g' /etc/nginx/nginx.conf systemctl restart nginx systemctl enable nginx
浏览器访问服务器IP即可,在登录界面输入账号st2admin密码Ch@ngeMe,登录后界面如下
具体的使用方法,后续我再进行补充