标签:10.0 consul 配置 笔记 bk install CPU 模拟
目录
节点配置
node01: OS: "CentOS 7.6" CPU: "8 core" MEM: "16G" node02: OS: "CentOS 7.6" CPU: "8 core" MEM: "16G" node03: OS: "CentOS 7.6" CPU: "8 core" MEM: "16G"
部署配置优化
所有优化配置都在解压完蓝鲸安装包后进行
由于以上配置无法满足蓝鲸日志、监控和故障自愈部署配置需求,需要做部署前配置优化
优化内存和超时时间
1) 修改es的jvm的堆内存值
可以根据机器可用内存进行调整
sed -i 's/^JVM_MEM=.*/JVM_MEM=2/' /data/install/bin/install_es.sh
2) 修改saas模板的线程数
默认是CPU核心数 * 2,这里由于可用内存不足,修改成CPU核心数 * 1
sed -i 's/^workers = .*/workers = 8/' /data/src/paas_agent/paas_agent/etc/templates/docker/uwsgi.ini
3) 永久修改saas超时时间
有些时候节点性能问题,导致部署SaaS应用检测部署状态时间超出Timeout时间,所以进行超时优化设置,超时时间根据机器性能自定义调整
sed -i '$aEVENT_STATE_EXPIRE_SECONDS = 3600' /data/src/open_paas/support-files/templates/paas#conf#settings_production.py.tpl sed -i 's/^ EXECUTE_TIME_LIMIT:.*/ EXECUTE_TIME_LIMIT: 3600/' /data/src/paas_agent/support-files/templates/#etc#paas_agent_config.yaml.tpl
配置install.config
1) 总体install.config配置如下
10.0.0.1 iam,ssm,usermgr,gse,license,redis,consul,mysql 10.0.0.2 nginx,consul,mongodb,rabbitmq,appo 10.0.0.3 paas,cmdb,job,zk(config),appt,consul,nodeman(nodeman) [bkmonitorv3] 10.0.0.3 kafka(config),monitorv3(transfer) 10.0.0.2 influxdb(bkmonitorv3),monitorv3(influxdb-proxy),monitorv3(grafana) 10.0.0.1 es7,monitorv3(monitor) [bklog] 10.0.0.2 log(api),log(grafana) [fta] 10.0.0.2 fta,beanstalk
2) 替换install.config中的IP地址
YourIP=(172.16.1.21 172.16.1.22 172.16.1.23)
sed -i "s/10.0.0.1/${YourIP[0]}/g" /data/install/install.config
sed -i "s/10.0.0.2/${YourIP[1]}/g" /data/install/install.config
sed -i "s/10.0.0.3/${YourIP[2]}/g" /data/install/install.config
3) 在部署监控、日志、故障自愈的标准运维流程中,去掉勾选 生成install.config流程节点 4) 在部署监控的标准运维流程中,按照上面install.config的配置顺序填写deploy_ip
蓝鲸安装命令
./bk_install common && ./health_check/check_bk_controller.sh && ./bk_install paas && ./bk_install app_mgr && ./bk_install saas-o bk_iam && ./bk_install saas-o bk_user_manage && ./bk_install cmdb && ./bk_install job && ./bk_install bknodeman && ./bk_install saas-o bk_sops && ./bk_install saas-o bk_itsm && ./bkcli initdata topo && echo bkssm bkiam usermgr paas cmdb gse job consul | xargs -n 1 ./bkcli check
nginx配置consul basic认证
nginx添加basic认证配置
配置在service_name内容下方,或location配置里面 1) 开启本地认证
auth_basic "User Authentication";
2) 配置本地用户密码文件路径 建议绝对路径
auth_basic_user_file /usr/local/openresty/nginx/conf/conf.d/consul_pass.db;
3) 整体配置预览
upstream CONSUL_WEB {
server 127.0.0.1:8500 max_fails=1 fail_timeout=30s;
}
server {
listen 80;
server_name consul-106.ithours.com;
auth_basic "User Authentication";
auth_basic_user_file /usr/local/openresty/nginx/conf/conf.d/consul_pass.db;
access_log /data/bkce/logs/nginx/consul_web_access.log main;
error_log /data/bkce/logs/nginx/consul_web_error.log warn;
location / {
proxy_pass http://CONSUL_WEB;
proxy_pass_header Server;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_read_timeout 600;
proxy_next_upstream http_502 http_504 error timeout invalid_header;
}
}
4) 创建认证文件并配置用户密码 bkce-106为密码,根据实际修改
printf "consul:$(openssl passwd -crypt bkce-106)\n" > /usr/local/openresty/nginx/conf/conf.d/consul_pass.db
5) 重读nginx配置文件
/usr/local/openresty/nginx/sbin/nginx -s reload
awk使用实例
1) 查看当前系统所有 TCP 连接中各种状态的连接数
ss -n | awk '$1=="tcp" {S[$1" "$2]++} END {for(a in S) print a, S[a]}'
CPU使用率
#!/bin/bash
CPU_1=$(cat /proc/stat | grep 'cpu ' | awk '{print $2" "$3" "$4" "$5" "$6" "$7" "$8}')
SYS_IDLE_1=$(echo $CPU_1 | awk '{print $4}')
Total01=$(echo $CPU_1 | awk '{printf "%.f",$1+$2+$3+$4+$5+$6+$7}')
sleep 1
CPU_2=$(cat /proc/stat | grep 'cpu ' | awk '{print $2" "$3" "$4" "$5" "$6" "$7" "$8}')
SYS_IDLE_2=$(echo $CPU_2 | awk '{print $4}')
Total_2=$(echo $CPU_2 | awk '{printf "%.f",$1+$2+$3+$4+$5+$6+$7}')
SYS_IDLE=`expr $SYS_IDLE_2 - $SYS_IDLE_1`
Total=`expr $Total_2 - $Total01`
TT=`expr $SYS_IDLE \* 100`
SYS_USAGE=`expr $TT / $Total`
SYS_Rate=`expr 100 - $SYS_USAGE`
echo CPU_USAGE ${SYS_Rate}
shell 从1加到100
#!/bin/bash
if [[ $1 =~ ^[0-9]+$ && $2 =~ ^[0-9]+$ ]]; then
if [[ $1 < $2 ]]; then
n=$1
d=$2
elif [[ $2 < $1 ]]; then
n=$2
d=$1
fi
for ((m=$(($n+1));m<=$d;m++)); do
n=$(($n+$m))
done
echo ${n}
else
echo -e "请输入两个正整数参数"
fi
consul client加入集群和添加注册解析
这里以mysql slave注册解析为示例
加入集群配置
echo '{
"retry_join": ["10.0.6.17","10.0.6.23","10.0.6.70"]
}' > /etc/consul.d/auto_join.json
consul client自身信息配置
echo '{
"bind_addr": "10.0.7.1",
"log_level": "info",
"log_file": "/var/log/consul/consul.log",
"datacenter": "dc",
"data_dir": "/var/lib/consul",
"node_name": "agent-7-1",
"disable_update_check": true,
"enable_local_script_checks": true,
"encrypt": "T2dXR2hCbFpEM3h4d2FWTlNLOG1jUHdjbm9xQmwwaHU=",
"ports": {
"dns": 53,
"http": 8500
}
}' > /etc/consul.d/consul.json
encrypt加密配置要跟consul server端一致,建议从consul server复制配置文件过来,修改bind_addr和node_name即可
consul client dist(分发)配置
echo '{
"server": true,
"data_dir": "/var/lib/consul",
"log_level": "INFO"
}' > /etc/consul.d/consul.json-dist
consul client递归DNS解析配置
echo '{
"recursors": [
"114.114.114.114",
"8.8.8.8"
]
}' > /etc/consul.d/recursors.json
配置mysql注册到consul
echo '{
"service": {
"id": "mysql-slave-a28aa5e6-b616-11eb-aa92-005056a2697d",
"name": "mysql-slave",
"address": "10.0.7.1",
"port": 3306,
"check": {
"tcp": "10.0.7.1:3306",
"interval": "10s",
"timeout": "3s"
}
}
}' > /etc/consul.d/service/mysql-slave.json
id为唯一标识就行
配置consul client启动参数文件
echo 'CMD_OPTS="agent -config-dir=/etc/consul.d -config-dir=/etc/consul.d/service -data-dir=/var/lib/consul" #GOMAXPROCS=4' > /etc/sysconfig/consul
data-dir跟前面几个配置文件保持一致
修改配置文件权限
chown -R root:consul /etc/consul.d/*
配置consul client 启动文件
echo '[Unit] Description=Consul is a tool for service discovery and configuration. Consul is distributed, highly available, and extremely scalable. Documentation=http://www.consul.io After=network-online.target Wants=network-online.target [Service] User=consul Group=consul EnvironmentFile=-/etc/sysconfig/consul ExecStart=/usr/bin/consul $CMD_OPTS ExecReload=/bin/kill -HUP $MAINPID KillSignal=SIGINT [Install] WantedBy=multi-user.target' > /usr/lib/systemd/system/consul.service
启动consul服务
systemctl daemon-reload
systemctl restart consul
consul client跟server就缺少一个server.json配置文件,文件内容如下,仅做参考,不做client配置用
{
"server": true,
"bootstrap_expect": 3
}
标签:10.0,consul,配置,笔记,bk,install,CPU,模拟 来源: https://blog.csdn.net/weixin_49553825/article/details/117230513
本站声明: 1. iCode9 技术分享网(下文简称本站)提供的所有内容,仅供技术学习、探讨和分享; 2. 关于本站的所有留言、评论、转载及引用,纯属内容发起人的个人观点,与本站观点和立场无关; 3. 关于本站的所有言论和文字,纯属内容发起人的个人观点,与本站观点和立场无关; 4. 本站文章均是网友提供,不完全保证技术分享内容的完整性、准确性、时效性、风险性和版权归属;如您发现该文章侵犯了您的权益,可联系我们第一时间进行删除; 5. 本站为非盈利性的个人网站,所有内容不会用来进行牟利,也不会利用任何形式的广告来间接获益,纯粹是为了广大技术爱好者提供技术内容和技术思想的分享性交流网站。