StackStorm簡介:
故障自愈作為運維領域的熱門話題之一,各個公司都會投入大量的人力來開發不同的組件,如何正確、有序的調用不同組件以及避免相同功能組件的開發,是一件亟待解決的問題。 StackStrom 是一個基於事件流並自動執行的系統框架,基於此,可以讓 外部系統產生的事件,有序的、可編排的集合到一起,作為一個完整的事件流去執行,從而解決一些高頻次的運維難題。
StackStorm的工作步驟大體如下:
1. StackStorm Sensor感應並觸發事件。
2. Rules Engine對事件進行規則匹配,如果匹配產生任務。
3. StackStorm Worker執行任務,一般是調用到外部系統。
4. StackStorm記錄審計任務執行的細節。
5.任務執行結果返回給Rules Engine進行進一步處理。
StackStorm部署步驟:以下操作,整理自官方部署步驟https://docs.stackstorm.com/install/rhel7.html
本次部署環境如下:
系統:Centos7.7
內存:4G(官方說2G內容也可,我部署的時候內容使用率大概在60%,所以2G應該也是勉強的)
磁盤:50G
setenforce 0 yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm rpm --import https://www.mongodb.org/static/pgp/server-3.4.asc #使用<<符號來處理文件,EOT是一個標志符號,用來標志首尾位置。另外sh -c是指從-c后面的字符串讀取命令,其實有點多余,可以直接執行cat部分的命令即可,無需在前面添加sh -c sh -c "cat <<EOT > /etc/yum.repos.d/mongodb-org-3.4.repo [mongodb-org-3.4] name=MongoDB Repository baseurl=https://repo.mongodb.org/yum/redhat/7/mongodb-org/3.4/x86_64/ gpgcheck=1 enabled=1 gpgkey=https://www.mongodb.org/static/pgp/server-3.4.asc EOT" yum install crudini mongodb-org rabbitmq-server postgresql-server postgresql-contrib postgresql-devel -y systemctl start mongod rabbitmq-server systemctl enable mongod rabbitmq-server #初始化postgresql postgresql-setup initdb #配置pgsql通過md5加密方式進行通訊 sed -i "s/\(host.*all.*all.*127.0.0.1\/32.*\)ident/\1md5/" /var/lib/pgsql/data/pg_hba.conf sed -i "s/\(host.*all.*all.*::1\/128.*\)ident/\1md5/" /var/lib/pgsql/data/pg_hba.conf systemctl start postgresql systemctl enable postgresql curl -s https://packagecloud.io/install/repositories/StackStorm/stable/script.rpm.sh | sudo bash yum install -y st2 st2mistral #如果服務應用在不同服務器上,只需要修改以下配置路徑即可 #RabbitMQ connection at /etc/st2/st2.conf and /etc/mistral/mistral.conf #MongoDB at /etc/st2/st2.conf #PostgreSQL at /etc/mistral/mistral.conf DATASTORE_ENCRYPTION_KEYS_DIRECTORY="/etc/st2/keys" DATASTORE_ENCRYPTION_KEY_PATH="${DATASTORE_ENCRYPTION_KEYS_DIRECTORY}/datastore_key.json" mkdir -p ${DATASTORE_ENCRYPTION_KEYS_DIRECTORY} #生成一個加密密鑰文件,並存放至指定位置 st2-generate-symmetric-crypto-key --key-path ${DATASTORE_ENCRYPTION_KEY_PATH} chgrp st2 ${DATASTORE_ENCRYPTION_KEYS_DIRECTORY} chmod o-r ${DATASTORE_ENCRYPTION_KEYS_DIRECTORY} chgrp st2 ${DATASTORE_ENCRYPTION_KEY_PATH} chmod o-r ${DATASTORE_ENCRYPTION_KEY_PATH} #設置密鑰配置 crudini --set /etc/st2/st2.conf keyvalue encryption_key_path ${DATASTORE_ENCRYPTION_KEY_PATH} st2ctl restart-component st2api #同上,<< + 標志符,實現將后面的多行字符串重定向到前面的內容中。這里執行會提示could not change directory to "/root"。可能是因為切換到postgres用戶導致的,沒有影響+ cat << EHD | sudo -u postgres psql CREATE ROLE mistral WITH CREATEDB LOGIN ENCRYPTED PASSWORD 'StackStorm'; CREATE DATABASE mistral OWNER mistral; EHD #配置mistral數據庫 /opt/stackstorm/mistral/bin/mistral-db-manage --config-file /etc/mistral/mistral.conf upgrade head /opt/stackstorm/mistral/bin/mistral-db-manage --config-file /etc/mistral/mistral.conf populate | grep -v -e openstack -e keystone -e ironicclient #可能會提示用戶已存在 useradd stanley mkdir -p /home/stanley/.ssh chmod 0700 /home/stanley/.ssh ssh-keygen -f /home/stanley/.ssh/stanley_rsa -P "" sh -c 'cat /home/stanley/.ssh/stanley_rsa.pub >> /home/stanley/.ssh/authorized_keys' chown -R stanley:stanley /home/stanley/.ssh #配置stanley執行sudo免密 sh -c 'echo "stanley ALL=(ALL) NOPASSWD: SETENV: ALL" >> /etc/sudoers.d/st2' chmod 0440 /etc/sudoers.d/st2 #注釋對應行? sed -i -r "s/^Defaults\s+\+?requiretty/# Defaults +requiretty/g" /etc/sudoers #會提示Failed to start st2chatops.service: Unit not found.和st2chatops is not running.沒影響 st2ctl start st2ctl reload st2 --version st2 action list --pack=core #會提示succeeded st2 run core.local -- date -R #會提示succeeded st2 execution list #會提示succeeded st2 run core.remote hosts='localhost' -- uname -a #安裝st2包,安裝完成會提示succeeded st2 pack install st2 #st2ctl相關的控制命令 #st2ctl start|stop|status|restart|restart-component|reload|clean yum -y install httpd-tools #添加賬號st2admin密碼Ch@ngeMe,用來登錄WEBUI echo 'Ch@ngeMe' | sudo htpasswd -i /etc/st2/htpasswd st2admin #[auth] enable = True 修改【auth】下的enable的值為True即可 vim /etc/st2/st2.conf st2ctl restart-component st2api #輸入上面的默認密碼Ch@ngeMe st2 login st2admin st2 action list rpm --import http://nginx.org/keys/nginx_signing.key sh -c "cat <<EOT > /etc/yum.repos.d/nginx.repo [nginx] name=nginx repo baseurl=http://nginx.org/packages/rhel/\\\$releasever/x86_64/ gpgcheck=1 enabled=1 EOT" sed -i 's/^\(enabled=1\)$/exclude=nginx\n\1/g' /etc/yum.repos.d/epel.repo yum install nginx st2web -y mkdir -p /etc/ssl/st2 openssl req -x509 -newkey rsa:2048 -keyout /etc/ssl/st2/st2.key -out /etc/ssl/st2/st2.crt \ -days 365 -nodes -subj "/C=US/ST=California/L=Palo Alto/O=StackStorm/OU=Information \ Technology/CN=$(hostname)" cp /usr/share/doc/st2/conf/nginx/st2.conf /etc/nginx/conf.d/ #取消nginx默認的web服務路徑 sed -i 's/default_server//g' /etc/nginx/nginx.conf systemctl restart nginx systemctl enable nginxsetenforce 0 yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm rpm --import https://www.mongodb.org/static/pgp/server-3.4.asc #使用<<符號來處理文件,EOT是一個標志符號,用來標志首尾位置。另外sh -c是指從-c后面的字符串讀取命令,其實有點多余,可以直接執行cat部分的命令即可,無需在前面添加sh -c sh -c "cat <<EOT > /etc/yum.repos.d/mongodb-org-3.4.repo [mongodb-org-3.4] name=MongoDB Repository baseurl=https://repo.mongodb.org/yum/redhat/7/mongodb-org/3.4/x86_64/ gpgcheck=1 enabled=1 gpgkey=https://www.mongodb.org/static/pgp/server-3.4.asc EOT" yum install crudini mongodb-org rabbitmq-server postgresql-server postgresql-contrib postgresql-devel -y systemctl start mongod rabbitmq-server systemctl enable mongod rabbitmq-server #初始化postgresql postgresql-setup initdb #配置pgsql通過md5加密方式進行通訊 sed -i "s/\(host.*all.*all.*127.0.0.1\/32.*\)ident/\1md5/" /var/lib/pgsql/data/pg_hba.conf sed -i "s/\(host.*all.*all.*::1\/128.*\)ident/\1md5/" /var/lib/pgsql/data/pg_hba.conf systemctl start postgresql systemctl enable postgresql curl -s https://packagecloud.io/install/repositories/StackStorm/stable/script.rpm.sh | sudo bash yum install -y st2 st2mistral #如果服務應用在不同服務器上,只需要修改以下配置路徑即可 #RabbitMQ connection at /etc/st2/st2.conf and /etc/mistral/mistral.conf #MongoDB at /etc/st2/st2.conf #PostgreSQL at /etc/mistral/mistral.conf DATASTORE_ENCRYPTION_KEYS_DIRECTORY="/etc/st2/keys" DATASTORE_ENCRYPTION_KEY_PATH="${DATASTORE_ENCRYPTION_KEYS_DIRECTORY}/datastore_key.json" mkdir -p ${DATASTORE_ENCRYPTION_KEYS_DIRECTORY} #生成一個加密密鑰文件,並存放至指定位置 st2-generate-symmetric-crypto-key --key-path ${DATASTORE_ENCRYPTION_KEY_PATH} chgrp st2 ${DATASTORE_ENCRYPTION_KEYS_DIRECTORY} chmod o-r ${DATASTORE_ENCRYPTION_KEYS_DIRECTORY} chgrp st2 ${DATASTORE_ENCRYPTION_KEY_PATH} chmod o-r ${DATASTORE_ENCRYPTION_KEY_PATH} #設置密鑰配置 crudini --set /etc/st2/st2.conf keyvalue encryption_key_path ${DATASTORE_ENCRYPTION_KEY_PATH} st2ctl restart-component st2api #同上,<< + 標志符,實現將后面的多行字符串重定向到前面的內容中。這里執行會提示could not change directory to "/root"。可能是因為切換到postgres用戶導致的,沒有影響+ cat << EHD | sudo -u postgres psql CREATE ROLE mistral WITH CREATEDB LOGIN ENCRYPTED PASSWORD 'StackStorm'; CREATE DATABASE mistral OWNER mistral; EHD #配置mistral數據庫 /opt/stackstorm/mistral/bin/mistral-db-manage --config-file /etc/mistral/mistral.conf upgrade head /opt/stackstorm/mistral/bin/mistral-db-manage --config-file /etc/mistral/mistral.conf populate | grep -v -e openstack -e keystone -e ironicclient #可能會提示用戶已存在 useradd stanley mkdir -p /home/stanley/.ssh chmod 0700 /home/stanley/.ssh ssh-keygen -f /home/stanley/.ssh/stanley_rsa -P "" sh -c 'cat /home/stanley/.ssh/stanley_rsa.pub >> /home/stanley/.ssh/authorized_keys' chown -R stanley:stanley /home/stanley/.ssh #配置stanley執行sudo免密 sh -c 'echo "stanley ALL=(ALL) NOPASSWD: SETENV: ALL" >> /etc/sudoers.d/st2' chmod 0440 /etc/sudoers.d/st2 #注釋對應行? sed -i -r "s/^Defaults\s+\+?requiretty/# Defaults +requiretty/g" /etc/sudoers #會提示Failed to start st2chatops.service: Unit not found.和st2chatops is not running.沒影響 st2ctl start st2ctl reload st2 --version st2 action list --pack=core #會提示succeeded st2 run core.local -- date -R #會提示succeeded st2 execution list #會提示succeeded st2 run core.remote hosts='localhost' -- uname -a #安裝st2包,安裝完成會提示succeeded st2 pack install st2 #st2ctl相關的控制命令 #st2ctl start|stop|status|restart|restart-component|reload|clean yum -y install httpd-tools #添加賬號st2admin密碼Ch@ngeMe,用來登錄WEBUI echo 'Ch@ngeMe' | sudo htpasswd -i /etc/st2/htpasswd st2admin #[auth] enable = True 修改【auth】下的enable的值為True即可 vim /etc/st2/st2.conf st2ctl restart-component st2api #輸入上面的默認密碼Ch@ngeMe st2 login st2admin st2 action list rpm --import http://nginx.org/keys/nginx_signing.key sh -c "cat <<EOT > /etc/yum.repos.d/nginx.repo [nginx] name=nginx repo baseurl=http://nginx.org/packages/rhel/\\\$releasever/x86_64/ gpgcheck=1 enabled=1 EOT" sed -i 's/^\(enabled=1\)$/exclude=nginx\n\1/g' /etc/yum.repos.d/epel.repo yum install nginx st2web -y mkdir -p /etc/ssl/st2 openssl req -x509 -newkey rsa:2048 -keyout /etc/ssl/st2/st2.key -out /etc/ssl/st2/st2.crt \ -days 365 -nodes -subj "/C=US/ST=California/L=Palo Alto/O=StackStorm/OU=Information \ Technology/CN=$(hostname)" cp /usr/share/doc/st2/conf/nginx/st2.conf /etc/nginx/conf.d/ #取消nginx默認的web服務路徑 sed -i 's/default_server//g' /etc/nginx/nginx.conf systemctl restart nginx systemctl enable nginx
瀏覽器訪問服務器IP即可,在登錄界面輸入賬號st2admin密碼Ch@ngeMe,登錄后界面如下
具體的使用方法,后續我再進行補充