diff --git a/install-compose/abac-compose/docker-compose.yml b/install-compose/abac-compose/docker-compose.yml index 39c8335d9d1a46c08d7dd2b2508c71a941ce9135..78ac5f6dc22c1879ef883e06ec0a9888f1e023f0 100644 --- a/install-compose/abac-compose/docker-compose.yml +++ b/install-compose/abac-compose/docker-compose.yml @@ -26,15 +26,4 @@ services: networks: - docker_netaxe ports: - - "31104:80" - -# rbac-web: -# image: registry.cn-hangzhou.aliyuncs.com/netaxe/rbac-web:1.0 -# container_name: rbac-web -# restart: always -# depends_on: -# - rbac-backend -# ports: -# - "32204:80" -# networks: -# - docker_netaxe \ No newline at end of file + - "31104:80" \ No newline at end of file diff --git a/install-compose/apisix-compose/apisix_conf/config.yaml b/install-compose/apisix-compose/apisix_conf/config.yaml deleted file mode 100644 index 9cb733ed8da52127ebca958a5461e981b3d421b1..0000000000000000000000000000000000000000 --- a/install-compose/apisix-compose/apisix_conf/config.yaml +++ /dev/null @@ -1,61 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -apisix: - node_listen: 9080 # APISIX listening port - enable_ipv6: false - - allow_admin: # http://nginx.org/en/docs/http/ngx_http_access_module.html#allow - - 0.0.0.0/0 # We need to restrict ip access rules for security. 0.0.0.0/0 is for test. - - admin_key: - - name: "admin" - key: APISIX_ADMIN_KEY - role: admin # admin: manage all configuration data - - - name: "viewer" # viewer: only can view configuration data - key: APISIX_ADMIN_KEY - role: viewer - - enable_control: true - control: - ip: "0.0.0.0" - port: 9092 - -etcd: - host: # it's possible to define multiple etcd hosts addresses of the same etcd cluster. - - "http://etcd:2379" # multiple etcd address - prefix: "/apisix" # apisix configurations prefix - timeout: 30 # 30 seconds - -plugin_attr: - prometheus: - export_addr: - ip: "0.0.0.0" - port: 9091 - -discovery: - nacos: - host: - - "http://nacos:NACOS_PASSWORD@nacos:8848" - prefix: "/nacos/v1/" - fetch_interval: 30 # default 30 sec - weight: 100 # default 100 - timeout: - connect: 2000 # default 2000 ms - send: 2000 # default 2000 ms - read: 5000 # default 5000 ms diff --git a/install-compose/apisix-compose/dashboard_conf/conf.yaml b/install-compose/apisix-compose/dashboard_conf/conf.yaml deleted file mode 100644 index 7c62082bc707fb9747f6ad99d5adba500959da38..0000000000000000000000000000000000000000 --- a/install-compose/apisix-compose/dashboard_conf/conf.yaml +++ /dev/null @@ -1,104 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -conf: - listen: - host: 0.0.0.0 # `manager api` listening ip or host name - port: 9000 # `manager api` listening port - allow_list: # If we don't set any IP list, then any IP access is allowed by default. - - 0.0.0.0/0 - etcd: - endpoints: # supports defining multiple etcd host addresses for an etcd cluster - - "http://etcd:2379" - # yamllint disable rule:comments-indentation - # etcd basic auth info - # username: "root" # ignore etcd username if not enable etcd auth - # password: "123456" # ignore etcd password if not enable etcd auth - mtls: - key_file: "" # Path of your self-signed client side key - cert_file: "" # Path of your self-signed client side cert - ca_file: "" # Path of your self-signed ca cert, the CA is used to sign callers' certificates - # prefix: /apisix # apisix config's prefix in etcd, /apisix by default - log: - error_log: - level: warn # supports levels, lower to higher: debug, info, warn, error, panic, fatal - file_path: - logs/error.log # supports relative path, absolute path, standard output - # such as: logs/error.log, /tmp/logs/error.log, /dev/stdout, /dev/stderr - access_log: - file_path: - logs/access.log # supports relative path, absolute path, standard output - # such as: logs/access.log, /tmp/logs/access.log, /dev/stdout, /dev/stderr - # log example: 2020-12-09T16:38:09.039+0800 INFO filter/logging.go:46 /apisix/admin/routes/r1 {"status": 401, "host": "127.0.0.1:9000", "query": "asdfsafd=adf&a=a", "requestId": "3d50ecb8-758c-46d1-af5b-cd9d1c820156", "latency": 0, "remoteIP": "127.0.0.1", "method": "PUT", "errs": []} -authentication: - secret: - secret # secret for jwt token generation. - # NOTE: Highly recommended to modify this value to protect `manager api`. - # if it's default value, when `manager api` start, it will generate a random string to replace it. - expire_time: 3600 # jwt token expire time, in second - users: # yamllint enable rule:comments-indentation - - username: admin # username and password for login `manager api` - password: APISIX_ADMIN_PASSWORD - - username: user - password: user - -plugins: # plugin list (sorted in alphabetical order) - - api-breaker - - authz-keycloak - - basic-auth - - batch-requests - - consumer-restriction - - cors - # - dubbo-proxy - - echo - # - error-log-logger - # - example-plugin - - fault-injection - - grpc-transcode - - hmac-auth - - http-logger - - ip-restriction - - jwt-auth - - kafka-logger - - key-auth - - limit-conn - - limit-count - - limit-req - # - log-rotate - # - node-status - - openid-connect - - prometheus - - proxy-cache - - proxy-mirror - - proxy-rewrite - - redirect - - referer-restriction - - request-id - - request-validation - - response-rewrite - - serverless-post-function - - serverless-pre-function - # - skywalking - - sls-logger - - syslog - - tcp-logger - - udp-logger - - uri-blocker - - wolf-rbac - - zipkin - - server-info - - traffic-split diff --git a/install-compose/apisix-compose/docker-compose.yml b/install-compose/apisix-compose/docker-compose.yml deleted file mode 100644 index 4688abb0891b98323e5db1b0f4c359b293c982c9..0000000000000000000000000000000000000000 --- a/install-compose/apisix-compose/docker-compose.yml +++ /dev/null @@ -1,65 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -version: "3" -networks: - docker_netaxe: - external: true - -services: - apisix-dashboard: - image: registry.cn-hangzhou.aliyuncs.com/netaxe/apisix-dashboard:2.13-alpine - restart: always - volumes: - - ./dashboard_conf/conf.yaml:/usr/local/apisix-dashboard/conf/conf.yaml - depends_on: - - etcd - ports: - - "39000:9000" - networks: - - docker_netaxe - - apisix: - image: registry.cn-hangzhou.aliyuncs.com/netaxe/apisix:2.15.0-alpine - restart: always - volumes: - - ./apisix_log:/usr/local/apisix/logs - - ./apisix_conf/config.yaml:/usr/local/apisix/conf/config.yaml:ro - depends_on: - - etcd - ports: - - "9080:9080/tcp" - - "9091:9091/tcp" - - "9092:9092/tcp" - - "9443:9443/tcp" - networks: - - docker_netaxe - - etcd: - image: registry.cn-hangzhou.aliyuncs.com/netaxe/etcd:3.4.15 - restart: always - volumes: - - ./etcd_conf/data:/bitnami/etcd - environment: - ETCD_ENABLE_V2: "true" - ALLOW_NONE_AUTHENTICATION: "yes" - ETCD_ADVERTISE_CLIENT_URLS: "http://0.0.0.0:2379" - ETCD_LISTEN_CLIENT_URLS: "http://0.0.0.0:2379" -# ports: -# - "2379:2379/tcp" - networks: - - docker_netaxe \ No newline at end of file diff --git a/install-compose/apisix-compose/etcd_conf/etcd.conf.yml b/install-compose/apisix-compose/etcd_conf/etcd.conf.yml deleted file mode 100644 index 115295394a69813afda8b6ffcc94e352fb8ce91a..0000000000000000000000000000000000000000 --- a/install-compose/apisix-compose/etcd_conf/etcd.conf.yml +++ /dev/null @@ -1,157 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -# This is the configuration file for the etcd server. - -# Human-readable name for this member. -name: 'default' - -# Path to the data directory. -data-dir: - -# Path to the dedicated wal directory. -wal-dir: - -# Number of committed transactions to trigger a snapshot to disk. -snapshot-count: 10000 - -# Time (in milliseconds) of a heartbeat interval. -heartbeat-interval: 100 - -# Time (in milliseconds) for an election to timeout. -election-timeout: 1000 - -# Raise alarms when backend size exceeds the given quota. 0 means use the -# default quota. -quota-backend-bytes: 0 - -# List of comma separated URLs to listen on for peer traffic. -listen-peer-urls: http://localhost:2380 - -# List of comma separated URLs to listen on for client traffic. -listen-client-urls: http://localhost:2379 - -# Maximum number of snapshot files to retain (0 is unlimited). -max-snapshots: 5 - -# Maximum number of wal files to retain (0 is unlimited). -max-wals: 5 - -# Comma-separated white list of origins for CORS (cross-origin resource sharing). -cors: - -# List of this member's peer URLs to advertise to the rest of the cluster. -# The URLs needed to be a comma-separated list. -initial-advertise-peer-urls: http://localhost:2380 - -# List of this member's client URLs to advertise to the public. -# The URLs needed to be a comma-separated list. -advertise-client-urls: http://localhost:2379 - -# Discovery URL used to bootstrap the cluster. -discovery: - -# Valid values include 'exit', 'proxy' -discovery-fallback: 'proxy' - -# HTTP proxy to use for traffic to discovery service. -discovery-proxy: - -# DNS domain used to bootstrap initial cluster. -discovery-srv: - -# Initial cluster configuration for bootstrapping. -initial-cluster: - -# Initial cluster token for the etcd cluster during bootstrap. -initial-cluster-token: 'etcd-cluster' - -# Initial cluster state ('new' or 'existing'). -initial-cluster-state: 'new' - -# Reject reconfiguration requests that would cause quorum loss. -strict-reconfig-check: false - -# Accept etcd V2 client requests -enable-v2: true - -# Enable runtime profiling data via HTTP server -enable-pprof: true - -# Valid values include 'on', 'readonly', 'off' -proxy: 'off' - -# Time (in milliseconds) an endpoint will be held in a failed state. -proxy-failure-wait: 5000 - -# Time (in milliseconds) of the endpoints refresh interval. -proxy-refresh-interval: 30000 - -# Time (in milliseconds) for a dial to timeout. -proxy-dial-timeout: 1000 - -# Time (in milliseconds) for a write to timeout. -proxy-write-timeout: 5000 - -# Time (in milliseconds) for a read to timeout. -proxy-read-timeout: 0 - -client-transport-security: - # Path to the client server TLS cert file. - cert-file: - - # Path to the client server TLS key file. - key-file: - - # Enable client cert authentication. - client-cert-auth: false - - # Path to the client server TLS trusted CA cert file. - trusted-ca-file: - - # Client TLS using generated certificates - auto-tls: false - -peer-transport-security: - # Path to the peer server TLS cert file. - cert-file: - - # Path to the peer server TLS key file. - key-file: - - # Enable peer client cert authentication. - client-cert-auth: false - - # Path to the peer server TLS trusted CA cert file. - trusted-ca-file: - - # Peer TLS using generated certificates. - auto-tls: false - -# Enable debug-level logging for etcd. -debug: false - -logger: zap - -# Specify 'stdout' or 'stderr' to skip journald logging even when running under systemd. -log-outputs: [stderr] - -# Force to create a new one member cluster. -force-new-cluster: false - -auto-compaction-mode: periodic -auto-compaction-retention: "1" diff --git a/install-compose/baseplatform-compose/config.json b/install-compose/baseplatform-compose/config.json index fae6a6fa94250d19b4a0af134aa4e08dd795f679..082b83e0fbb00e1b49b0a9fa5046863b21b05299 100644 --- a/install-compose/baseplatform-compose/config.json +++ b/install-compose/baseplatform-compose/config.json @@ -19,7 +19,7 @@ "mongodb_host": "mongo", "mongodb_port": 27017, "mongodb_user": "root", - "mongodb_password": "70uUceCVL1gf", + "mongodb_password": "MONGO_PASSWORD", "redis_host": "redis-cache", "redis_port": 6379, "redis_pwd": "REDIS_PASSWORD", diff --git a/install-compose/baseplatform-compose/docker-compose.yml b/install-compose/baseplatform-compose/docker-compose.yml index e9d67b441ecdbc9b066448997e58a48f35efebbd..ff62e5ecf9019a47fc355014b7a342a8c19365f2 100644 --- a/install-compose/baseplatform-compose/docker-compose.yml +++ b/install-compose/baseplatform-compose/docker-compose.yml @@ -36,20 +36,20 @@ services: networks: - docker_netaxe - base-web: - image: registry.cn-hangzhou.aliyuncs.com/netaxe/base-web:1.0 - container_name: base-web - environment: - TZ: Asia/Shanghai - volumes: - - /etc/localtime:/etc/localtime - ports: - - "32200:80" - depends_on: - - base-nginx - - base-backend - networks: - - docker_netaxe +# base-web: +# image: registry.cn-hangzhou.aliyuncs.com/netaxe/base-web:1.0 +# container_name: base-web +# environment: +# TZ: Asia/Shanghai +# volumes: +# - /etc/localtime:/etc/localtime +# ports: +# - "32200:80" +# depends_on: +# - base-nginx +# - base-backend +# networks: +# - docker_netaxe celery-default: image: registry.cn-hangzhou.aliyuncs.com/netaxe/base-backend:1.0 diff --git a/install-compose/deploy.bak.sh b/install-compose/deploy.bak.sh index 03522ff8f21cff8cf995256ca067325da4deb198..7821e8e1e6ce3ad494d094a1378477e78d2911c2 100644 --- a/install-compose/deploy.bak.sh +++ b/install-compose/deploy.bak.sh @@ -134,12 +134,12 @@ curl -X POST 'http://127.0.0.1:8848/nacos/v1/auth/users/admin' -d "password=${de echo "------------------初始化nacos密码完成----------------------" # 安装main和rbac -echo "------------------开始rbac部署--------------" +echo "------------------开始abac部署--------------" cd $current_path -cd rbac-compose +cd abac-compose docker-compose pull docker-compose up -d -echo "------------------rbac状态------------------" +echo "------------------abac状态------------------" docker-compose ps sleep 10 diff --git a/install-compose/deploy.sh b/install-compose/deploy.sh index 389d6c89fe049df2489fc36901f015101fff5cd9..678b239dce41592a3f112cb86ec251e7395c4754 100644 --- a/install-compose/deploy.sh +++ b/install-compose/deploy.sh @@ -120,14 +120,14 @@ curl -X POST 'http://127.0.0.1:8848/nacos/v1/auth/users/admin' -d "password=${de echo "------------------初始化nacos密码完成----------------------" -# 安装apisix etcd -echo "------------------开始apisix etcd部署------------------" -cd $current_path -cd apisix-compose -mkdir -m 777 -p etcd_conf/data -docker-compose up -d -echo "------------------apisix etcd状态---------------------" -docker-compose ps +## 安装apisix etcd +#echo "------------------开始apisix etcd部署------------------" +#cd $current_path +#cd apisix-compose +#mkdir -m 777 -p etcd_conf/data +#docker-compose up -d +#echo "------------------apisix etcd状态---------------------" +#docker-compose ps # 安装main和rbac @@ -140,15 +140,6 @@ echo "------------------权限中心状态------------------" docker-compose ps sleep 10 -echo "------------------开始前端服务部署--------------" -cd $current_path -cd main-compose -docker-compose pull -docker-compose up -d -echo "------------------前端服务状态------------------" -docker-compose ps -sleep 10 - # 安装基础平台 echo "------------------开始管控平台部署--------------" cd $current_path @@ -177,9 +168,64 @@ docker-compose pull docker-compose up -d echo "------------------告警中心状态------------------" docker-compose ps +sleep 10 echo "------------------部署完成------------------------" +# 安装工作台 +echo "------------------开始工作台部署--------------" +cd $current_path +cd workbench-compose +docker-compose pull +docker-compose up -d +echo "------------------工作台状态------------------" +docker-compose ps +sleep 10 + +# 安装地址管理IPAM +echo "------------------开始地址管理IPAM部署--------------" +cd $current_path +cd ipam-compose +docker-compose pull +docker-compose up -d +echo "------------------地址管理IPAM状态------------------" +docker-compose ps +sleep 10 + +# 安装grafana +echo "------------------开始grafana部署--------------" +cd $current_path +cd grafana-compose +docker volume create grafana-data +docker-compose pull +ssh-keygen -t rsa -b 4096 -m PEM -f grafana.key -N "" +openssl rsa -in grafana.key -pubout -outform PEM -out public-key.pem +docker-compose up -d +echo "------------------地址管理grafana状态------------------" +docker-compose ps +sleep 10 + + +# 安装前端服务 +echo "------------------开始前端服务部署--------------" +cd $current_path +cd main-compose +docker-compose pull +docker-compose up -d +echo "------------------前端服务状态------------------" +docker-compose ps +sleep 10 + + + + +echo "------------------刷新权限------------------" +curl "http://127.0.0.1:31104/abac-api/authority/auth_policy/?reload=1" +echo "------------------刷新权限成功------------------" +sleep 10 + + +echo "------------------所有服务部署完成------------------------" echo "请记住初始化密码" echo "IP: $iface_ip" echo "密码: $default_key" \ No newline at end of file diff --git a/install-compose/grafana-compose/docker-compose.yml b/install-compose/grafana-compose/docker-compose.yml new file mode 100644 index 0000000000000000000000000000000000000000..430b0e14ac5b676d5eb0c45672fee2c3c151347f --- /dev/null +++ b/install-compose/grafana-compose/docker-compose.yml @@ -0,0 +1,30 @@ +version: "3.2" +networks: + docker_netaxe: + external: true +services: + grafana: + image: registry.cn-hangzhou.aliyuncs.com/netaxe/grafana:11.1.2 + container_name: grafana + restart: always + privileged: true + environment: + GF_SECURITY_ALLOW_EMBEDDING: true + GF_AUTH_JWT_ENABLED: true + GF_AUTH_JWT_URL_LOGIN: true + GF_AUTH_JWT_HEADER_NAME: X-AUTH-TOKEN + GF_AUTH_JWT_KEY_FILE: /etc/grafana/public-key.pem + GF_AUTH_JWT_EMAIL_CLAIM: sub + GF_AUTH_JWT_USERNAME_CLAIM: user + + volumes: + - ./public-key.pem:/etc/grafana/public-key.pem + - grafana-data:/var/lib/grafana + # - ./grafana.ini:/usr/share/grafana/conf/defaults.ini + ports: + - 3000:3000 + networks: + - docker_netaxe +volumes: + grafana-data: + external: true \ No newline at end of file diff --git a/install-compose/ipam-compose/config.json b/install-compose/ipam-compose/config.json index 5524cf1f2747fec774635c505259a8c4242f2eed..b924527266e1af42876df3b964344cbfb59db350 100644 --- a/install-compose/ipam-compose/config.json +++ b/install-compose/ipam-compose/config.json @@ -23,6 +23,7 @@ "redis_host": "redis-cache", "redis_port": 6379, "redis_pwd": "REDIS_PASSWORD", + "redis_num": 12, "mysql_host": "mysql-server", "mysql_port": "3306", "mysql_user": "root", diff --git a/install-compose/ipam-compose/docker-compose.yml b/install-compose/ipam-compose/docker-compose.yml index f02e48553c5e5299f5b85dc40093c04b7c6940b1..afc01940305b8ae4c15fae9098d858f22584ac54 100644 --- a/install-compose/ipam-compose/docker-compose.yml +++ b/install-compose/ipam-compose/docker-compose.yml @@ -33,16 +33,16 @@ services: ports: - "31103:80" - # 前端 - ipam-web: - container_name: ipam-web - image: registry.cn-hangzhou.aliyuncs.com/netaxe/ipam-web:1.0 - environment: - TZ: Asia/Shanghai - volumes: - - /etc/localtime:/etc/localtime - ports: - - "32203:80" - networks: - - docker_netaxe - restart: always +# # 前端 +# ipam-web: +# container_name: ipam-web +# image: registry.cn-hangzhou.aliyuncs.com/netaxe/ipam-web:1.0 +# environment: +# TZ: Asia/Shanghai +# volumes: +# - /etc/localtime:/etc/localtime +# ports: +# - "32203:80" +# networks: +# - docker_netaxe +# restart: always diff --git a/install-compose/main-compose/nginx.conf b/install-compose/main-compose/nginx.conf index 98f2db3d61dfa8f01734004bacdb345f4d1ba96b..c2685a65ddbf2856201c7d560cd6d879b7c0baf3 100644 --- a/install-compose/main-compose/nginx.conf +++ b/install-compose/main-compose/nginx.conf @@ -25,7 +25,7 @@ server { add_header 'Access-Control-Allow-Methods' *; return 204; } - proxy_pass http://apisix:9080/base_platform/media; + proxy_pass http://base-nginx:80/base_platform/media; } location /abac-api { if ($request_method = 'OPTIONS') { @@ -37,7 +37,7 @@ server { add_header 'Access-Control-Allow-Methods' *; return 204; } - proxy_pass http://apisix:9080/abac-api; + proxy_pass http://abac-nginx:80/abac-api; } location /base_platform { if ($request_method = 'OPTIONS') { @@ -49,7 +49,31 @@ server { add_header 'Access-Control-Allow-Methods' *; return 204; } - proxy_pass http://apisix:9080/base_platform; + proxy_pass http://base-nginx:80/base_platform; + } + location /ipam-api { + if ($request_method = 'OPTIONS') { + #允许跨域请求的域,* 代表所有 + add_header 'Access-Control-Allow-Origin' *; + #允许请求的header + add_header 'Access-Control-Allow-Headers' *; + #允许请求的方法,比如 GET,POST,PUT,DELETE + add_header 'Access-Control-Allow-Methods' *; + return 204; + } + proxy_pass http://ipam-nginx:80/ipam; + } + location /workbench { + if ($request_method = 'OPTIONS') { + #允许跨域请求的域,* 代表所有 + add_header 'Access-Control-Allow-Origin' *; + #允许请求的header + add_header 'Access-Control-Allow-Headers' *; + #允许请求的方法,比如 GET,POST,PUT,DELETE + add_header 'Access-Control-Allow-Methods' *; + return 204; + } + proxy_pass http://workbench-backend:8000/workbench; } location /alert_gateway { if ($request_method = 'OPTIONS') { @@ -61,7 +85,29 @@ server { add_header 'Access-Control-Allow-Methods' *; return 204; } - proxy_pass http://apisix:9080/alert_gateway; + proxy_pass http://alertgateway-backend:8000/alert_gateway; + } + location /workbench/ws/{ + if ($request_method = 'OPTIONS') { + #允许跨域请求的域,* 代表所有 + add_header 'Access-Control-Allow-Origin' *; + #允许请求的header + add_header 'Access-Control-Allow-Headers' *; + #允许请求的方法,比如 GET,POST,PUT,DELETE + add_header 'Access-Control-Allow-Methods' *; + return 204; + } + proxy_pass http://workbench-backend:8000; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_redirect off; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Host $server_name; + fastcgi_param HTTP_X_FORWARDED_FOR $http_x_forwarded_for; + real_ip_header X-Forwarded-For; } location /base_platform/ws/{ if ($request_method = 'OPTIONS') { @@ -73,7 +119,7 @@ server { add_header 'Access-Control-Allow-Methods' *; return 204; } - proxy_pass http://base-nginx:31100; + proxy_pass http://base-nginx:80; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; diff --git a/install-compose/msggateway-compose/docker-compose.yml b/install-compose/msggateway-compose/docker-compose.yml index 0831b18040df98216a53b7d68031e4f38468ee39..9c78f970e689dadb8ec2dcc12bc1654bb7a009e9 100644 --- a/install-compose/msggateway-compose/docker-compose.yml +++ b/install-compose/msggateway-compose/docker-compose.yml @@ -28,14 +28,6 @@ services: networks: - docker_netaxe - msggateway-web: - image: registry.cn-hangzhou.aliyuncs.com/netaxe/msggateway-web:1.0 - container_name: msggateway-web - ports: - - "32201:80" - networks: - - docker_netaxe - restart: always msggateway-worker2: image: registry.cn-hangzhou.aliyuncs.com/netaxe/msggateway:1.0 @@ -48,46 +40,46 @@ services: networks: - docker_netaxe - msggateway-worker3: - image: registry.cn-hangzhou.aliyuncs.com/netaxe/msggateway:1.0 - container_name: msggateway-worker3 - restart: always - command: python3 worker.py default - volumes: - - ./config.json:/app/config/config.json - - ./logs:/app/logs - networks: - - docker_netaxe - - msggateway-worker4: - image: registry.cn-hangzhou.aliyuncs.com/netaxe/msggateway:1.0 - container_name: msggateway-worker4 - restart: always - command: python3 worker.py default - volumes: - - ./config.json:/app/config/config.json - - ./logs:/app/logs - networks: - - docker_netaxe - - msggateway-worker5: - image: registry.cn-hangzhou.aliyuncs.com/netaxe/msggateway:1.0 - container_name: msggateway-worker5 - restart: always - command: python3 worker.py default - volumes: - - ./config.json:/app/config/config.json - - ./logs:/app/logs - networks: - - docker_netaxe - - msggateway-worker6: - image: registry.cn-hangzhou.aliyuncs.com/netaxe/msggateway:1.0 - container_name: msggateway-worker6 - restart: always - command: python3 worker.py default - volumes: - - ./config.json:/app/config/config.json - - ./logs:/app/logs - networks: - - docker_netaxe +# msggateway-worker3: +# image: registry.cn-hangzhou.aliyuncs.com/netaxe/msggateway:1.0 +# container_name: msggateway-worker3 +# restart: always +# command: python3 worker.py default +# volumes: +# - ./config.json:/app/config/config.json +# - ./logs:/app/logs +# networks: +# - docker_netaxe +# +# msggateway-worker4: +# image: registry.cn-hangzhou.aliyuncs.com/netaxe/msggateway:1.0 +# container_name: msggateway-worker4 +# restart: always +# command: python3 worker.py default +# volumes: +# - ./config.json:/app/config/config.json +# - ./logs:/app/logs +# networks: +# - docker_netaxe +# +# msggateway-worker5: +# image: registry.cn-hangzhou.aliyuncs.com/netaxe/msggateway:1.0 +# container_name: msggateway-worker5 +# restart: always +# command: python3 worker.py default +# volumes: +# - ./config.json:/app/config/config.json +# - ./logs:/app/logs +# networks: +# - docker_netaxe +# +# msggateway-worker6: +# image: registry.cn-hangzhou.aliyuncs.com/netaxe/msggateway:1.0 +# container_name: msggateway-worker6 +# restart: always +# command: python3 worker.py default +# volumes: +# - ./config.json:/app/config/config.json +# - ./logs:/app/logs +# networks: +# - docker_netaxe diff --git a/install-compose/mysql-compose/docker-compose.yml b/install-compose/mysql-compose/docker-compose.yml index 0da59091bfa5d8084fb371423e489980a73b3438..0afbbc9100817fc0c35995a15d1a714c3c8bc850 100644 --- a/install-compose/mysql-compose/docker-compose.yml +++ b/install-compose/mysql-compose/docker-compose.yml @@ -17,7 +17,6 @@ services: - ./my.cnf:/etc/mysql/my.cnf - ./data:/var/lib/mysql - ./init/:/docker-entrypoint-initdb.d/ -# command: ['--character-set-server=utf8mb4', '--collation-server=utf8mb4_bin'] command: [ '--default-authentication-plugin=mysql_native_password', '--character-set-server=utf8mb4', '--collation-server=utf8mb4_general_ci', diff --git a/install-compose/mysql-compose/init/netaxe.sql b/install-compose/mysql-compose/init/netaxe.sql index 5f2105de5ca0fcd98603621c80cafa4abc8040e6..a4892ed43b23c63d4e9d585515da33bd9663f037 100644 --- a/install-compose/mysql-compose/init/netaxe.sql +++ b/install-compose/mysql-compose/init/netaxe.sql @@ -14,6 +14,10 @@ CREATE DATABASE IF NOT EXISTS neteye DEFAULT CHARACTER SET utf8mb4 DEFAULT COLLATE utf8mb4_general_ci; +CREATE DATABASE IF NOT EXISTS workbench +DEFAULT CHARACTER SET utf8mb4 +DEFAULT COLLATE utf8mb4_general_ci; + create user netaxe@localhost identified by 'netaxe_pwd'; grant all on *.* to netaxe@'%' identified by 'netaxe_pwd'; grant all on *.* to netaxe@localhost identified by 'netaxe_pwd'; diff --git a/install-compose/nacos-compose/docker-compose.yml b/install-compose/nacos-compose/docker-compose.yml index 63f5c6899ba41c5a78072e78e84b4a6ffc4b9b4b..649e152d58cb2e98bdb15df2d354b3af18133532 100644 --- a/install-compose/nacos-compose/docker-compose.yml +++ b/install-compose/nacos-compose/docker-compose.yml @@ -11,21 +11,13 @@ services: restart: always environment: - PREFER_HOST_MODE=hostname - - NACOS_AUTH_ENABLE=true - - NACOS_AUTH_USER_AGENT_AUTH_WHITE_ENABLE=true + - NACOS_AUTH_ENABLE=true # 启用认证 + - NACOS_AUTH_USERNAME=nacos # 设置强用户名 + - NACOS_AUTH_PASSWORD=NACOS_PASSWORD # 设置强密码 - NACOS_AUTH_IDENTITY_KEY=NACOS_KEY - NACOS_AUTH_IDENTITY_VALUE=NACOS_KEY - NACOS_AUTH_TOKEN=NACOS_KEY - - # - NACOS_AUTH_IDENTITY_KEY=pgRb2c4ANvhIA14Z - # - NACOS_AUTH_IDENTITY_VALUE=pgRb2c4ANvhIA14Z - # - NACOS_AUTH_TOKEN=NStQdHM3WCU3RVYlMjRZdG04aUolMkM3JTJDQnhyUCU1RXFMJTIxaiUyOCUyM1JZ -# - SPRING_DATASOURCE_PLATFORM=mysql -# - MYSQL_SERVICE_HOST=mysql-server -# - MYSQL_SERVICE_PORT=3306 -# - MYSQL_SERVICE_DB_NAME=nacos -# - MYSQL_SERVICE_USER=root -# - MYSQL_SERVICE_PASSWORD=root_devnet@2022 + # - NACOS_AUTH_USER_AGENT_AUTH_WHITE_ENABLE #模式为单体模式 - MODE=standalone ports: diff --git a/install-compose/prometheus-compose/config.yaml b/install-compose/prometheus-compose/config.yaml index 097667bd0a0f0f36dda3aec715561817eeca1783..024a09d22190584cbf66ad1564f5addf24e89af0 100644 --- a/install-compose/prometheus-compose/config.yaml +++ b/install-compose/prometheus-compose/config.yaml @@ -1,20 +1,3 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - server: Address: :4168 #ServerRoot: public @@ -26,6 +9,4 @@ gToken: login: User: admin - Password: zuVc0FUdd1sB - - + Password: REGIS_PASSWORD \ No newline at end of file diff --git a/install-compose/prometheus-compose/docker-compose.yml b/install-compose/prometheus-compose/docker-compose.yml index cc39f0ab1f80b3d2f5660913acdb7b47b593ee5d..837b5c8265769222490ad873d995cce2c21fa01a 100644 --- a/install-compose/prometheus-compose/docker-compose.yml +++ b/install-compose/prometheus-compose/docker-compose.yml @@ -3,33 +3,8 @@ networks: docker_netaxe: external: true services: -# prometheus: -# image: registry.cn-hangzhou.aliyuncs.com/netaxe/prometheus:v1 -# container_name: prometheus -# restart: always -# volumes: -# - /usr/share/zoneinfo/Asia/Shanghai:/etc/localtime -# - ./prometheus-data/prometheus.yml:/etc/prometheus/prometheus.yml -# - ./prometheus-data:/prometheus -# ports: -# - 39090:9090 -# command: [ '--web.enable-lifecycle','--storage.tsdb.retention.time=30d', '--web.config.file=/prometheus/web.yml' ] -# networks: -# - docker_netaxe -# pushgateway: -# container_name: pushgateway -# image: registry.cn-hangzhou.aliyuncs.com/netaxe/pushgateway:latest -# restart: always -# #ports: -# #- 39091:9091 -# command: -# - '--log.level=info' -# - '--web.enable-admin-api' -# - '--web.enable-lifecycle' -# networks: -# - docker_netaxe regis: - image: artifacts.iflytek.com/docker-private/netops/regiscenter:2.0 + image: registry.cn-hangzhou.aliyuncs.com/netaxe/regiscenter:2.0 container_name: regis privileged: true volumes: @@ -37,10 +12,10 @@ services: ports: - 31468:4168 networks: - - compose_network + - docker_netaxe prometheus: - image: artifacts.iflytek.com/docker-private/netops/prometheus:v1 + image: registry.cn-hangzhou.aliyuncs.com/netaxe/prometheus:v1 container_name: prometheus restart: always volumes: @@ -52,10 +27,10 @@ services: ports: - 39090:9090 networks: - - compose_network + - docker_netaxe blackbox_exporter: - image: artifacts.iflytek.com/docker-private/netops/blackbox-exporter:master + image: registry.cn-hangzhou.aliyuncs.com/netaxe/blackbox-exporter:master container_name: blackbox_exporter volumes: - /usr/share/zoneinfo/Asia/Shanghai:/etc/localtime @@ -63,4 +38,5 @@ services: ports: - 9115:9115 networks: - - compose_network \ No newline at end of file + - docker_netaxe + diff --git a/install-compose/prometheus-compose/prometheus.yml b/install-compose/prometheus-compose/prometheus.yml index 7dfbb8ccf3fbedc5f08bbb406c0d328a75ee6b06..60a2283b4bd9f8723aaf218654c2444b31415b80 100644 --- a/install-compose/prometheus-compose/prometheus.yml +++ b/install-compose/prometheus-compose/prometheus.yml @@ -2,86 +2,55 @@ global: scrape_interval: 15s evaluation_interval: 15s external_labels: - monitor: '测试服务器' + monitor: '默认节点' scrape_configs: - - job_name: 'tcp_connect_15s' + - job_name: 'icmp_15s' scrape_interval: 1m metrics_path: /probe params: - module: [tcp_connect] + module: [ icmp_connect ] http_sd_configs: - - url: http://10.254.4.201:31468/regis/services + - url: http://SERVER_IP:31468/regis/services basic_auth: username: admin - password: zuVc0FUdd1sB + password: REGIS_PASSWORD relabel_configs: - - source_labels: ['__address__','port'] + - source_labels: [ '__address__' ] target_label: __param_target - regex: "(.*);(.*)" - replacement: "$1:$2" - action: replace - #- source_labels: ['__address__'] - # target_label: __param_target - - source_labels: ['__address__','port'] + - source_labels: [ '__address__' ] target_label: instance - regex: "(.*);(.*)" - replacement: "$1:$2" - action: replace - target_label: __address__ - replacement: 10.254.4.201:9115 - - source_labels: [env] - regex: .*tcp_connect_15s.* + replacement: blackbox.monitor.svc:9115 + - source_labels: [ env ] + regex: .*icmp_15s.* action: keep - - job_name: 'tcp_connect_all' + - job_name: 'tcp_15s' scrape_interval: 1m metrics_path: /probe params: module: [tcp_connect] http_sd_configs: - - url: http://10.254.4.201:31468/regis/services + - url: http://SERVER_IP:31468/regis/services basic_auth: username: admin - password: zuVc0FUdd1sB + password: REGIS_PASSWORD relabel_configs: - source_labels: ['__address__','port'] target_label: __param_target regex: "(.*);(.*)" replacement: "$1:$2" action: replace - #- source_labels: ['__address__'] - # target_label: __param_target - source_labels: ['__address__','port'] target_label: instance regex: "(.*);(.*)" replacement: "$1:$2" action: replace - target_label: __address__ - replacement: 10.254.4.201:9115 - - source_labels: [env] - regex: .*tcp_connect_all.* - action: keep - - job_name: 'icmp_connect_15s' - scrape_interval: 1m - metrics_path: /probe - params: - module: [icmp] - http_sd_configs: - - url: http://10.254.4.201:31468/regis/services - basic_auth: - username: admin - password: zuVc0FUdd1sB - relabel_configs: - - source_labels: ['__address__'] - target_label: __param_target - - source_labels: ['__address__'] - target_label: instance - - target_label: __address__ - replacement: 10.254.4.201:9115 + replacement: SERVER_IP:9115 - source_labels: [env] - regex: .*icmp_15s.* + regex: .*tcp_15s.* action: keep - # Prometheus的自身监控 将在采集到的时间序列数据上打上标签job=xx - job_name: 'prometheus' scrape_interval: 20s static_configs: diff --git a/install-compose/redis-compose/docker-compose.yml b/install-compose/redis-compose/docker-compose.yml index 3f85140b9568972784ddc066ea4b7d5cf64d2924..022916376f103469700078bbded0e6bee9a68bf1 100644 --- a/install-compose/redis-compose/docker-compose.yml +++ b/install-compose/redis-compose/docker-compose.yml @@ -8,7 +8,9 @@ services: container_name: redis-cache ports: - "36379:6379" - command: "redis-server --requirepass REDIS_PASSWORD" + command: "redis-server --requirepass REDIS_PASSWORD --appendonly yes --maxmemory 10gb --maxmemory-policy allkeys-lru" + volumes: + - ./data:/data networks: - docker_netaxe \ No newline at end of file diff --git a/install-compose/undeploy.sh b/install-compose/undeploy.sh index 19c151d67840cb5b9808f505b5a50edd815d756e..fe6dd5776680bdb0eb83abc91f1a87ef4021b798 100644 --- a/install-compose/undeploy.sh +++ b/install-compose/undeploy.sh @@ -72,7 +72,7 @@ echo "------------------prometheus状态---------------------" docker-compose ps sleep 10 -# 卸载main和rbac +# 卸载main和abac echo "------------------开始权限中心卸载--------------" cd $current_path cd abac-compose diff --git a/install-compose/update.sh b/install-compose/update.sh index 7f1c3d2753869c42867744ab5b8ea116e3ab7376..333474e53086f0ac74f1f36baa90ba699e8b7ba0 100644 --- a/install-compose/update.sh +++ b/install-compose/update.sh @@ -9,12 +9,12 @@ if [ $? -ne 0 ]; then fi -# 更新main和rbac -echo "------------------开始rbac更新--------------" +# 更新main和abac +echo "------------------开始abac更新--------------" cd $current_path -cd rbac-compose +cd abac-compose docker-compose down -v && docker-compose pull && docker-compose up -d -echo "------------------rbac状态------------------" +echo "------------------abac状态------------------" docker-compose ps sleep 10 diff --git a/install-compose/workbench-compose/config.json b/install-compose/workbench-compose/config.json new file mode 100644 index 0000000000000000000000000000000000000000..e5e071900f01d24630481f6dcad34ea4f06d86ff --- /dev/null +++ b/install-compose/workbench-compose/config.json @@ -0,0 +1,15 @@ +{ + "url_prefix": "/workbench", + "mysql_host": "mysql-server", + "mysql_port": "3306", + "mysql_user": "root", + "mysql_password": "MYSQL_PASSWORD", + "database": "workbench", + "user_info_url": "http://SERVER_IP:31104/abac-api/userInfo/", + "grafana_alive_url": "", + "grafana_alive_token": "", + "grafana_flow_url": "", + "grafana_flow_token": "", + "grafana_dashboard_url": "", + "grafana_dashboard_token": "" +} diff --git a/install-compose/workbench-compose/docker-compose.yml b/install-compose/workbench-compose/docker-compose.yml new file mode 100644 index 0000000000000000000000000000000000000000..90b829c9d9b0b2aa56e802024a81e54d18878509 --- /dev/null +++ b/install-compose/workbench-compose/docker-compose.yml @@ -0,0 +1,20 @@ +version: "3.2" +networks: + docker_netaxe: + external: true + +services: + workbench-backend: + image: registry.cn-hangzhou.aliyuncs.com/netaxe/workbench-backend:1.0 + container_name: workbench-backend + restart: always + volumes: + - ./config.json:/app/config/config.json + - ./menu.json:/config/menu.json + - ./logs:/app/logs + command: supervisord -n -c /app/supervisord_backend.conf + ports: + - "31105:8000" + networks: + - docker_netaxe +