From c2bd19a70ca4ed376deeb75157dd2b521a15257d Mon Sep 17 00:00:00 2001 From: jmli12 Date: Mon, 3 Mar 2025 09:54:53 +0800 Subject: [PATCH 01/19] =?UTF-8?q?=E6=9B=B4=E6=96=B0readme?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../baseplatform-compose/config.json | 2 +- .../baseplatform-compose/docker-compose.yml | 28 +++++++++---------- .../mysql-compose/docker-compose.yml | 1 - .../nacos-compose/docker-compose.yml | 15 ++-------- 4 files changed, 18 insertions(+), 28 deletions(-) diff --git a/install-compose/baseplatform-compose/config.json b/install-compose/baseplatform-compose/config.json index 2afc514..98ba3b4 100644 --- a/install-compose/baseplatform-compose/config.json +++ b/install-compose/baseplatform-compose/config.json @@ -19,7 +19,7 @@ "mongodb_host": "mongo", "mongodb_port": 27017, "mongodb_user": "root", - "mongodb_password": "70uUceCVL1gf", + "mongodb_password": "MONGO_PASSWORD", "redis_host": "redis-cache", "redis_port": 6379, "redis_pwd": "REDIS_PASSWORD", diff --git a/install-compose/baseplatform-compose/docker-compose.yml b/install-compose/baseplatform-compose/docker-compose.yml index e9d67b4..ff62e5e 100644 --- a/install-compose/baseplatform-compose/docker-compose.yml +++ b/install-compose/baseplatform-compose/docker-compose.yml @@ -36,20 +36,20 @@ services: networks: - docker_netaxe - base-web: - image: registry.cn-hangzhou.aliyuncs.com/netaxe/base-web:1.0 - container_name: base-web - environment: - TZ: Asia/Shanghai - volumes: - - /etc/localtime:/etc/localtime - ports: - - "32200:80" - depends_on: - - base-nginx - - base-backend - networks: - - docker_netaxe +# base-web: +# image: registry.cn-hangzhou.aliyuncs.com/netaxe/base-web:1.0 +# container_name: base-web +# environment: +# TZ: Asia/Shanghai +# volumes: +# - /etc/localtime:/etc/localtime +# ports: +# - "32200:80" +# depends_on: +# - base-nginx +# - base-backend +# networks: +# - docker_netaxe celery-default: image: registry.cn-hangzhou.aliyuncs.com/netaxe/base-backend:1.0 diff --git a/install-compose/mysql-compose/docker-compose.yml b/install-compose/mysql-compose/docker-compose.yml index 0da5909..0afbbc9 100644 --- a/install-compose/mysql-compose/docker-compose.yml +++ b/install-compose/mysql-compose/docker-compose.yml @@ -17,7 +17,6 @@ services: - ./my.cnf:/etc/mysql/my.cnf - ./data:/var/lib/mysql - ./init/:/docker-entrypoint-initdb.d/ -# command: ['--character-set-server=utf8mb4', '--collation-server=utf8mb4_bin'] command: [ '--default-authentication-plugin=mysql_native_password', '--character-set-server=utf8mb4', '--collation-server=utf8mb4_general_ci', diff --git a/install-compose/nacos-compose/docker-compose.yml b/install-compose/nacos-compose/docker-compose.yml index 63f5c68..9c8ff4f 100644 --- a/install-compose/nacos-compose/docker-compose.yml +++ b/install-compose/nacos-compose/docker-compose.yml @@ -11,21 +11,12 @@ services: restart: always environment: - PREFER_HOST_MODE=hostname - - NACOS_AUTH_ENABLE=true - - NACOS_AUTH_USER_AGENT_AUTH_WHITE_ENABLE=true + - NACOS_AUTH_ENABLE=true # 启用认证 + - NACOS_AUTH_USERNAME=admin # 设置强用户名 + - NACOS_AUTH_PASSWORD=NACOS_KEY # 设置强密码 - NACOS_AUTH_IDENTITY_KEY=NACOS_KEY - NACOS_AUTH_IDENTITY_VALUE=NACOS_KEY - NACOS_AUTH_TOKEN=NACOS_KEY - - # - NACOS_AUTH_IDENTITY_KEY=pgRb2c4ANvhIA14Z - # - NACOS_AUTH_IDENTITY_VALUE=pgRb2c4ANvhIA14Z - # - NACOS_AUTH_TOKEN=NStQdHM3WCU3RVYlMjRZdG04aUolMkM3JTJDQnhyUCU1RXFMJTIxaiUyOCUyM1JZ -# - SPRING_DATASOURCE_PLATFORM=mysql -# - MYSQL_SERVICE_HOST=mysql-server -# - MYSQL_SERVICE_PORT=3306 -# - MYSQL_SERVICE_DB_NAME=nacos -# - MYSQL_SERVICE_USER=root -# - MYSQL_SERVICE_PASSWORD=root_devnet@2022 #模式为单体模式 - MODE=standalone ports: -- Gitee From 3abe01529f730058101b599d59cd83cb473efc0e Mon Sep 17 00:00:00 2001 From: jmli12 Date: Mon, 3 Mar 2025 09:58:52 +0800 Subject: [PATCH 02/19] =?UTF-8?q?=E6=96=B0=E6=9E=84=E5=BB=BA=E9=83=A8?= =?UTF-8?q?=E7=BD=B2=E6=B5=8B=E8=AF=952?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- install-compose/main-compose/nginx.conf | 2 +- .../msggateway-compose/docker-compose.yml | 16 ++++++++-------- install-compose/nacos-compose/docker-compose.yml | 1 + 3 files changed, 10 insertions(+), 9 deletions(-) diff --git a/install-compose/main-compose/nginx.conf b/install-compose/main-compose/nginx.conf index 98f2db3..6ced9d4 100644 --- a/install-compose/main-compose/nginx.conf +++ b/install-compose/main-compose/nginx.conf @@ -73,7 +73,7 @@ server { add_header 'Access-Control-Allow-Methods' *; return 204; } - proxy_pass http://base-nginx:31100; + proxy_pass http://base-nginx:80; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; diff --git a/install-compose/msggateway-compose/docker-compose.yml b/install-compose/msggateway-compose/docker-compose.yml index 0831b18..b68b762 100644 --- a/install-compose/msggateway-compose/docker-compose.yml +++ b/install-compose/msggateway-compose/docker-compose.yml @@ -28,14 +28,14 @@ services: networks: - docker_netaxe - msggateway-web: - image: registry.cn-hangzhou.aliyuncs.com/netaxe/msggateway-web:1.0 - container_name: msggateway-web - ports: - - "32201:80" - networks: - - docker_netaxe - restart: always +# msggateway-web: +# image: registry.cn-hangzhou.aliyuncs.com/netaxe/msggateway-web:1.0 +# container_name: msggateway-web +# ports: +# - "32201:80" +# networks: +# - docker_netaxe +# restart: always msggateway-worker2: image: registry.cn-hangzhou.aliyuncs.com/netaxe/msggateway:1.0 diff --git a/install-compose/nacos-compose/docker-compose.yml b/install-compose/nacos-compose/docker-compose.yml index 9c8ff4f..d7b32cf 100644 --- a/install-compose/nacos-compose/docker-compose.yml +++ b/install-compose/nacos-compose/docker-compose.yml @@ -17,6 +17,7 @@ services: - NACOS_AUTH_IDENTITY_KEY=NACOS_KEY - NACOS_AUTH_IDENTITY_VALUE=NACOS_KEY - NACOS_AUTH_TOKEN=NACOS_KEY + # - NACOS_AUTH_USER_AGENT_AUTH_WHITE_ENABLE #模式为单体模式 - MODE=standalone ports: -- Gitee From eb61fa6b058825cc0e6dfd5a3a38768ecd83990d Mon Sep 17 00:00:00 2001 From: jmli12 Date: Mon, 3 Mar 2025 10:00:07 +0800 Subject: [PATCH 03/19] =?UTF-8?q?=E6=9B=B4=E6=96=B0prometheus=E9=85=8D?= =?UTF-8?q?=E7=BD=AE?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../prometheus-compose/config.yaml | 4 +- .../prometheus-compose/docker-compose.yml | 35 ++--------- .../prometheus-compose/prometheus.yml | 61 +++++-------------- 3 files changed, 21 insertions(+), 79 deletions(-) diff --git a/install-compose/prometheus-compose/config.yaml b/install-compose/prometheus-compose/config.yaml index ef69582..de8f472 100644 --- a/install-compose/prometheus-compose/config.yaml +++ b/install-compose/prometheus-compose/config.yaml @@ -1,7 +1,5 @@ server: Address: :4168 - #ServerRoot: public - #LogPath: ./logs gToken: # 是否支持多端登录 @@ -9,4 +7,4 @@ gToken: login: User: admin - Password: zuVc0FUdd1sB \ No newline at end of file + Password: REGIS_PASSWORD \ No newline at end of file diff --git a/install-compose/prometheus-compose/docker-compose.yml b/install-compose/prometheus-compose/docker-compose.yml index cc39f0a..ac49a32 100644 --- a/install-compose/prometheus-compose/docker-compose.yml +++ b/install-compose/prometheus-compose/docker-compose.yml @@ -3,31 +3,6 @@ networks: docker_netaxe: external: true services: -# prometheus: -# image: registry.cn-hangzhou.aliyuncs.com/netaxe/prometheus:v1 -# container_name: prometheus -# restart: always -# volumes: -# - /usr/share/zoneinfo/Asia/Shanghai:/etc/localtime -# - ./prometheus-data/prometheus.yml:/etc/prometheus/prometheus.yml -# - ./prometheus-data:/prometheus -# ports: -# - 39090:9090 -# command: [ '--web.enable-lifecycle','--storage.tsdb.retention.time=30d', '--web.config.file=/prometheus/web.yml' ] -# networks: -# - docker_netaxe -# pushgateway: -# container_name: pushgateway -# image: registry.cn-hangzhou.aliyuncs.com/netaxe/pushgateway:latest -# restart: always -# #ports: -# #- 39091:9091 -# command: -# - '--log.level=info' -# - '--web.enable-admin-api' -# - '--web.enable-lifecycle' -# networks: -# - docker_netaxe regis: image: artifacts.iflytek.com/docker-private/netops/regiscenter:2.0 container_name: regis @@ -37,10 +12,10 @@ services: ports: - 31468:4168 networks: - - compose_network + - docker_netaxe prometheus: - image: artifacts.iflytek.com/docker-private/netops/prometheus:v1 + image: registry.cn-hangzhou.aliyuncs.com/netaxe/prometheus:v1 container_name: prometheus restart: always volumes: @@ -52,10 +27,10 @@ services: ports: - 39090:9090 networks: - - compose_network + - docker_netaxe blackbox_exporter: - image: artifacts.iflytek.com/docker-private/netops/blackbox-exporter:master + image: registry.cn-hangzhou.aliyuncs.com/netaxe/blackbox-exporter:master container_name: blackbox_exporter volumes: - /usr/share/zoneinfo/Asia/Shanghai:/etc/localtime @@ -63,4 +38,4 @@ services: ports: - 9115:9115 networks: - - compose_network \ No newline at end of file + - docker_netaxe \ No newline at end of file diff --git a/install-compose/prometheus-compose/prometheus.yml b/install-compose/prometheus-compose/prometheus.yml index 7dfbb8c..60a2283 100644 --- a/install-compose/prometheus-compose/prometheus.yml +++ b/install-compose/prometheus-compose/prometheus.yml @@ -2,86 +2,55 @@ global: scrape_interval: 15s evaluation_interval: 15s external_labels: - monitor: '测试服务器' + monitor: '默认节点' scrape_configs: - - job_name: 'tcp_connect_15s' + - job_name: 'icmp_15s' scrape_interval: 1m metrics_path: /probe params: - module: [tcp_connect] + module: [ icmp_connect ] http_sd_configs: - - url: http://10.254.4.201:31468/regis/services + - url: http://SERVER_IP:31468/regis/services basic_auth: username: admin - password: zuVc0FUdd1sB + password: REGIS_PASSWORD relabel_configs: - - source_labels: ['__address__','port'] + - source_labels: [ '__address__' ] target_label: __param_target - regex: "(.*);(.*)" - replacement: "$1:$2" - action: replace - #- source_labels: ['__address__'] - # target_label: __param_target - - source_labels: ['__address__','port'] + - source_labels: [ '__address__' ] target_label: instance - regex: "(.*);(.*)" - replacement: "$1:$2" - action: replace - target_label: __address__ - replacement: 10.254.4.201:9115 - - source_labels: [env] - regex: .*tcp_connect_15s.* + replacement: blackbox.monitor.svc:9115 + - source_labels: [ env ] + regex: .*icmp_15s.* action: keep - - job_name: 'tcp_connect_all' + - job_name: 'tcp_15s' scrape_interval: 1m metrics_path: /probe params: module: [tcp_connect] http_sd_configs: - - url: http://10.254.4.201:31468/regis/services + - url: http://SERVER_IP:31468/regis/services basic_auth: username: admin - password: zuVc0FUdd1sB + password: REGIS_PASSWORD relabel_configs: - source_labels: ['__address__','port'] target_label: __param_target regex: "(.*);(.*)" replacement: "$1:$2" action: replace - #- source_labels: ['__address__'] - # target_label: __param_target - source_labels: ['__address__','port'] target_label: instance regex: "(.*);(.*)" replacement: "$1:$2" action: replace - target_label: __address__ - replacement: 10.254.4.201:9115 - - source_labels: [env] - regex: .*tcp_connect_all.* - action: keep - - job_name: 'icmp_connect_15s' - scrape_interval: 1m - metrics_path: /probe - params: - module: [icmp] - http_sd_configs: - - url: http://10.254.4.201:31468/regis/services - basic_auth: - username: admin - password: zuVc0FUdd1sB - relabel_configs: - - source_labels: ['__address__'] - target_label: __param_target - - source_labels: ['__address__'] - target_label: instance - - target_label: __address__ - replacement: 10.254.4.201:9115 + replacement: SERVER_IP:9115 - source_labels: [env] - regex: .*icmp_15s.* + regex: .*tcp_15s.* action: keep - # Prometheus的自身监控 将在采集到的时间序列数据上打上标签job=xx - job_name: 'prometheus' scrape_interval: 20s static_configs: -- Gitee From 85368a9b2710671ed1785f252433f81a9ff4675b Mon Sep 17 00:00:00 2001 From: jmli12 Date: Mon, 3 Mar 2025 10:52:15 +0800 Subject: [PATCH 04/19] =?UTF-8?q?=E6=96=B0=E6=9E=84=E5=BB=BA=E9=83=A8?= =?UTF-8?q?=E7=BD=B2=E6=B5=8B=E8=AF=953?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- install-compose/nacos-compose/docker-compose.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/install-compose/nacos-compose/docker-compose.yml b/install-compose/nacos-compose/docker-compose.yml index d7b32cf..649e152 100644 --- a/install-compose/nacos-compose/docker-compose.yml +++ b/install-compose/nacos-compose/docker-compose.yml @@ -12,8 +12,8 @@ services: environment: - PREFER_HOST_MODE=hostname - NACOS_AUTH_ENABLE=true # 启用认证 - - NACOS_AUTH_USERNAME=admin # 设置强用户名 - - NACOS_AUTH_PASSWORD=NACOS_KEY # 设置强密码 + - NACOS_AUTH_USERNAME=nacos # 设置强用户名 + - NACOS_AUTH_PASSWORD=NACOS_PASSWORD # 设置强密码 - NACOS_AUTH_IDENTITY_KEY=NACOS_KEY - NACOS_AUTH_IDENTITY_VALUE=NACOS_KEY - NACOS_AUTH_TOKEN=NACOS_KEY -- Gitee From b2b3de8f340f0e4b2775ce3e0efc959c5df14527 Mon Sep 17 00:00:00 2001 From: jmli12 Date: Tue, 18 Mar 2025 10:48:40 +0800 Subject: [PATCH 05/19] =?UTF-8?q?=E6=96=B0=E6=9E=84=E5=BB=BA=E9=83=A8?= =?UTF-8?q?=E7=BD=B2=E6=B5=8B=E8=AF=954?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- install-compose/redis-compose/docker-compose.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/install-compose/redis-compose/docker-compose.yml b/install-compose/redis-compose/docker-compose.yml index 3f85140..0229163 100644 --- a/install-compose/redis-compose/docker-compose.yml +++ b/install-compose/redis-compose/docker-compose.yml @@ -8,7 +8,9 @@ services: container_name: redis-cache ports: - "36379:6379" - command: "redis-server --requirepass REDIS_PASSWORD" + command: "redis-server --requirepass REDIS_PASSWORD --appendonly yes --maxmemory 10gb --maxmemory-policy allkeys-lru" + volumes: + - ./data:/data networks: - docker_netaxe \ No newline at end of file -- Gitee From fa88ee6613156ae5f8317562d7d4e3f8eb47c279 Mon Sep 17 00:00:00 2001 From: jmli12 Date: Tue, 18 Mar 2025 17:58:34 +0800 Subject: [PATCH 06/19] =?UTF-8?q?=E6=96=B0=E6=9E=84=E5=BB=BA=E9=83=A8?= =?UTF-8?q?=E7=BD=B2=E6=B5=8B=E8=AF=955?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- install-compose/abac-compose/docker-compose.yml | 13 +------------ install-compose/deploy.bak.sh | 6 +++--- install-compose/undeploy.sh | 2 +- install-compose/update.sh | 8 ++++---- 4 files changed, 9 insertions(+), 20 deletions(-) diff --git a/install-compose/abac-compose/docker-compose.yml b/install-compose/abac-compose/docker-compose.yml index 9041740..daf52dd 100644 --- a/install-compose/abac-compose/docker-compose.yml +++ b/install-compose/abac-compose/docker-compose.yml @@ -25,15 +25,4 @@ services: networks: - docker_netaxe ports: - - "31104:80" - -# rbac-web: -# image: registry.cn-hangzhou.aliyuncs.com/netaxe/rbac-web:1.0 -# container_name: rbac-web -# restart: always -# depends_on: -# - rbac-backend -# ports: -# - "32204:80" -# networks: -# - docker_netaxe \ No newline at end of file + - "31104:80" \ No newline at end of file diff --git a/install-compose/deploy.bak.sh b/install-compose/deploy.bak.sh index 03522ff..7821e8e 100644 --- a/install-compose/deploy.bak.sh +++ b/install-compose/deploy.bak.sh @@ -134,12 +134,12 @@ curl -X POST 'http://127.0.0.1:8848/nacos/v1/auth/users/admin' -d "password=${de echo "------------------初始化nacos密码完成----------------------" # 安装main和rbac -echo "------------------开始rbac部署--------------" +echo "------------------开始abac部署--------------" cd $current_path -cd rbac-compose +cd abac-compose docker-compose pull docker-compose up -d -echo "------------------rbac状态------------------" +echo "------------------abac状态------------------" docker-compose ps sleep 10 diff --git a/install-compose/undeploy.sh b/install-compose/undeploy.sh index 19c151d..fe6dd57 100644 --- a/install-compose/undeploy.sh +++ b/install-compose/undeploy.sh @@ -72,7 +72,7 @@ echo "------------------prometheus状态---------------------" docker-compose ps sleep 10 -# 卸载main和rbac +# 卸载main和abac echo "------------------开始权限中心卸载--------------" cd $current_path cd abac-compose diff --git a/install-compose/update.sh b/install-compose/update.sh index 7f1c3d2..333474e 100644 --- a/install-compose/update.sh +++ b/install-compose/update.sh @@ -9,12 +9,12 @@ if [ $? -ne 0 ]; then fi -# 更新main和rbac -echo "------------------开始rbac更新--------------" +# 更新main和abac +echo "------------------开始abac更新--------------" cd $current_path -cd rbac-compose +cd abac-compose docker-compose down -v && docker-compose pull && docker-compose up -d -echo "------------------rbac状态------------------" +echo "------------------abac状态------------------" docker-compose ps sleep 10 -- Gitee From 1a16cbd6d5cef3442230e6cb427e5bf405d15977 Mon Sep 17 00:00:00 2001 From: jmli12 Date: Sun, 23 Mar 2025 22:37:51 +0800 Subject: [PATCH 07/19] =?UTF-8?q?=E6=96=B0=E6=9E=84=E5=BB=BA=E9=83=A8?= =?UTF-8?q?=E7=BD=B2=E6=B5=8B=E8=AF=955?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../apisix-compose/apisix_conf/config.yaml | 61 ------- .../apisix-compose/dashboard_conf/conf.yaml | 104 ------------ .../apisix-compose/docker-compose.yml | 65 -------- .../apisix-compose/etcd_conf/etcd.conf.yml | 157 ------------------ install-compose/deploy.sh | 36 ++-- install-compose/main-compose/nginx.conf | 8 +- .../msggateway-compose/docker-compose.yml | 94 +++++------ 7 files changed, 66 insertions(+), 459 deletions(-) delete mode 100644 install-compose/apisix-compose/apisix_conf/config.yaml delete mode 100644 install-compose/apisix-compose/dashboard_conf/conf.yaml delete mode 100644 install-compose/apisix-compose/docker-compose.yml delete mode 100644 install-compose/apisix-compose/etcd_conf/etcd.conf.yml diff --git a/install-compose/apisix-compose/apisix_conf/config.yaml b/install-compose/apisix-compose/apisix_conf/config.yaml deleted file mode 100644 index 9cb733e..0000000 --- a/install-compose/apisix-compose/apisix_conf/config.yaml +++ /dev/null @@ -1,61 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -apisix: - node_listen: 9080 # APISIX listening port - enable_ipv6: false - - allow_admin: # http://nginx.org/en/docs/http/ngx_http_access_module.html#allow - - 0.0.0.0/0 # We need to restrict ip access rules for security. 0.0.0.0/0 is for test. - - admin_key: - - name: "admin" - key: APISIX_ADMIN_KEY - role: admin # admin: manage all configuration data - - - name: "viewer" # viewer: only can view configuration data - key: APISIX_ADMIN_KEY - role: viewer - - enable_control: true - control: - ip: "0.0.0.0" - port: 9092 - -etcd: - host: # it's possible to define multiple etcd hosts addresses of the same etcd cluster. - - "http://etcd:2379" # multiple etcd address - prefix: "/apisix" # apisix configurations prefix - timeout: 30 # 30 seconds - -plugin_attr: - prometheus: - export_addr: - ip: "0.0.0.0" - port: 9091 - -discovery: - nacos: - host: - - "http://nacos:NACOS_PASSWORD@nacos:8848" - prefix: "/nacos/v1/" - fetch_interval: 30 # default 30 sec - weight: 100 # default 100 - timeout: - connect: 2000 # default 2000 ms - send: 2000 # default 2000 ms - read: 5000 # default 5000 ms diff --git a/install-compose/apisix-compose/dashboard_conf/conf.yaml b/install-compose/apisix-compose/dashboard_conf/conf.yaml deleted file mode 100644 index 7c62082..0000000 --- a/install-compose/apisix-compose/dashboard_conf/conf.yaml +++ /dev/null @@ -1,104 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -conf: - listen: - host: 0.0.0.0 # `manager api` listening ip or host name - port: 9000 # `manager api` listening port - allow_list: # If we don't set any IP list, then any IP access is allowed by default. - - 0.0.0.0/0 - etcd: - endpoints: # supports defining multiple etcd host addresses for an etcd cluster - - "http://etcd:2379" - # yamllint disable rule:comments-indentation - # etcd basic auth info - # username: "root" # ignore etcd username if not enable etcd auth - # password: "123456" # ignore etcd password if not enable etcd auth - mtls: - key_file: "" # Path of your self-signed client side key - cert_file: "" # Path of your self-signed client side cert - ca_file: "" # Path of your self-signed ca cert, the CA is used to sign callers' certificates - # prefix: /apisix # apisix config's prefix in etcd, /apisix by default - log: - error_log: - level: warn # supports levels, lower to higher: debug, info, warn, error, panic, fatal - file_path: - logs/error.log # supports relative path, absolute path, standard output - # such as: logs/error.log, /tmp/logs/error.log, /dev/stdout, /dev/stderr - access_log: - file_path: - logs/access.log # supports relative path, absolute path, standard output - # such as: logs/access.log, /tmp/logs/access.log, /dev/stdout, /dev/stderr - # log example: 2020-12-09T16:38:09.039+0800 INFO filter/logging.go:46 /apisix/admin/routes/r1 {"status": 401, "host": "127.0.0.1:9000", "query": "asdfsafd=adf&a=a", "requestId": "3d50ecb8-758c-46d1-af5b-cd9d1c820156", "latency": 0, "remoteIP": "127.0.0.1", "method": "PUT", "errs": []} -authentication: - secret: - secret # secret for jwt token generation. - # NOTE: Highly recommended to modify this value to protect `manager api`. - # if it's default value, when `manager api` start, it will generate a random string to replace it. - expire_time: 3600 # jwt token expire time, in second - users: # yamllint enable rule:comments-indentation - - username: admin # username and password for login `manager api` - password: APISIX_ADMIN_PASSWORD - - username: user - password: user - -plugins: # plugin list (sorted in alphabetical order) - - api-breaker - - authz-keycloak - - basic-auth - - batch-requests - - consumer-restriction - - cors - # - dubbo-proxy - - echo - # - error-log-logger - # - example-plugin - - fault-injection - - grpc-transcode - - hmac-auth - - http-logger - - ip-restriction - - jwt-auth - - kafka-logger - - key-auth - - limit-conn - - limit-count - - limit-req - # - log-rotate - # - node-status - - openid-connect - - prometheus - - proxy-cache - - proxy-mirror - - proxy-rewrite - - redirect - - referer-restriction - - request-id - - request-validation - - response-rewrite - - serverless-post-function - - serverless-pre-function - # - skywalking - - sls-logger - - syslog - - tcp-logger - - udp-logger - - uri-blocker - - wolf-rbac - - zipkin - - server-info - - traffic-split diff --git a/install-compose/apisix-compose/docker-compose.yml b/install-compose/apisix-compose/docker-compose.yml deleted file mode 100644 index 4688abb..0000000 --- a/install-compose/apisix-compose/docker-compose.yml +++ /dev/null @@ -1,65 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -version: "3" -networks: - docker_netaxe: - external: true - -services: - apisix-dashboard: - image: registry.cn-hangzhou.aliyuncs.com/netaxe/apisix-dashboard:2.13-alpine - restart: always - volumes: - - ./dashboard_conf/conf.yaml:/usr/local/apisix-dashboard/conf/conf.yaml - depends_on: - - etcd - ports: - - "39000:9000" - networks: - - docker_netaxe - - apisix: - image: registry.cn-hangzhou.aliyuncs.com/netaxe/apisix:2.15.0-alpine - restart: always - volumes: - - ./apisix_log:/usr/local/apisix/logs - - ./apisix_conf/config.yaml:/usr/local/apisix/conf/config.yaml:ro - depends_on: - - etcd - ports: - - "9080:9080/tcp" - - "9091:9091/tcp" - - "9092:9092/tcp" - - "9443:9443/tcp" - networks: - - docker_netaxe - - etcd: - image: registry.cn-hangzhou.aliyuncs.com/netaxe/etcd:3.4.15 - restart: always - volumes: - - ./etcd_conf/data:/bitnami/etcd - environment: - ETCD_ENABLE_V2: "true" - ALLOW_NONE_AUTHENTICATION: "yes" - ETCD_ADVERTISE_CLIENT_URLS: "http://0.0.0.0:2379" - ETCD_LISTEN_CLIENT_URLS: "http://0.0.0.0:2379" -# ports: -# - "2379:2379/tcp" - networks: - - docker_netaxe \ No newline at end of file diff --git a/install-compose/apisix-compose/etcd_conf/etcd.conf.yml b/install-compose/apisix-compose/etcd_conf/etcd.conf.yml deleted file mode 100644 index 1152953..0000000 --- a/install-compose/apisix-compose/etcd_conf/etcd.conf.yml +++ /dev/null @@ -1,157 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -# This is the configuration file for the etcd server. - -# Human-readable name for this member. -name: 'default' - -# Path to the data directory. -data-dir: - -# Path to the dedicated wal directory. -wal-dir: - -# Number of committed transactions to trigger a snapshot to disk. -snapshot-count: 10000 - -# Time (in milliseconds) of a heartbeat interval. -heartbeat-interval: 100 - -# Time (in milliseconds) for an election to timeout. -election-timeout: 1000 - -# Raise alarms when backend size exceeds the given quota. 0 means use the -# default quota. -quota-backend-bytes: 0 - -# List of comma separated URLs to listen on for peer traffic. -listen-peer-urls: http://localhost:2380 - -# List of comma separated URLs to listen on for client traffic. -listen-client-urls: http://localhost:2379 - -# Maximum number of snapshot files to retain (0 is unlimited). -max-snapshots: 5 - -# Maximum number of wal files to retain (0 is unlimited). -max-wals: 5 - -# Comma-separated white list of origins for CORS (cross-origin resource sharing). -cors: - -# List of this member's peer URLs to advertise to the rest of the cluster. -# The URLs needed to be a comma-separated list. -initial-advertise-peer-urls: http://localhost:2380 - -# List of this member's client URLs to advertise to the public. -# The URLs needed to be a comma-separated list. -advertise-client-urls: http://localhost:2379 - -# Discovery URL used to bootstrap the cluster. -discovery: - -# Valid values include 'exit', 'proxy' -discovery-fallback: 'proxy' - -# HTTP proxy to use for traffic to discovery service. -discovery-proxy: - -# DNS domain used to bootstrap initial cluster. -discovery-srv: - -# Initial cluster configuration for bootstrapping. -initial-cluster: - -# Initial cluster token for the etcd cluster during bootstrap. -initial-cluster-token: 'etcd-cluster' - -# Initial cluster state ('new' or 'existing'). -initial-cluster-state: 'new' - -# Reject reconfiguration requests that would cause quorum loss. -strict-reconfig-check: false - -# Accept etcd V2 client requests -enable-v2: true - -# Enable runtime profiling data via HTTP server -enable-pprof: true - -# Valid values include 'on', 'readonly', 'off' -proxy: 'off' - -# Time (in milliseconds) an endpoint will be held in a failed state. -proxy-failure-wait: 5000 - -# Time (in milliseconds) of the endpoints refresh interval. -proxy-refresh-interval: 30000 - -# Time (in milliseconds) for a dial to timeout. -proxy-dial-timeout: 1000 - -# Time (in milliseconds) for a write to timeout. -proxy-write-timeout: 5000 - -# Time (in milliseconds) for a read to timeout. -proxy-read-timeout: 0 - -client-transport-security: - # Path to the client server TLS cert file. - cert-file: - - # Path to the client server TLS key file. - key-file: - - # Enable client cert authentication. - client-cert-auth: false - - # Path to the client server TLS trusted CA cert file. - trusted-ca-file: - - # Client TLS using generated certificates - auto-tls: false - -peer-transport-security: - # Path to the peer server TLS cert file. - cert-file: - - # Path to the peer server TLS key file. - key-file: - - # Enable peer client cert authentication. - client-cert-auth: false - - # Path to the peer server TLS trusted CA cert file. - trusted-ca-file: - - # Peer TLS using generated certificates. - auto-tls: false - -# Enable debug-level logging for etcd. -debug: false - -logger: zap - -# Specify 'stdout' or 'stderr' to skip journald logging even when running under systemd. -log-outputs: [stderr] - -# Force to create a new one member cluster. -force-new-cluster: false - -auto-compaction-mode: periodic -auto-compaction-retention: "1" diff --git a/install-compose/deploy.sh b/install-compose/deploy.sh index 389d6c8..87565ee 100644 --- a/install-compose/deploy.sh +++ b/install-compose/deploy.sh @@ -120,14 +120,14 @@ curl -X POST 'http://127.0.0.1:8848/nacos/v1/auth/users/admin' -d "password=${de echo "------------------初始化nacos密码完成----------------------" -# 安装apisix etcd -echo "------------------开始apisix etcd部署------------------" -cd $current_path -cd apisix-compose -mkdir -m 777 -p etcd_conf/data -docker-compose up -d -echo "------------------apisix etcd状态---------------------" -docker-compose ps +## 安装apisix etcd +#echo "------------------开始apisix etcd部署------------------" +#cd $current_path +#cd apisix-compose +#mkdir -m 777 -p etcd_conf/data +#docker-compose up -d +#echo "------------------apisix etcd状态---------------------" +#docker-compose ps # 安装main和rbac @@ -140,15 +140,6 @@ echo "------------------权限中心状态------------------" docker-compose ps sleep 10 -echo "------------------开始前端服务部署--------------" -cd $current_path -cd main-compose -docker-compose pull -docker-compose up -d -echo "------------------前端服务状态------------------" -docker-compose ps -sleep 10 - # 安装基础平台 echo "------------------开始管控平台部署--------------" cd $current_path @@ -177,6 +168,17 @@ docker-compose pull docker-compose up -d echo "------------------告警中心状态------------------" docker-compose ps +sleep 10 + +echo "------------------开始前端服务部署--------------" +cd $current_path +cd main-compose +docker-compose pull +docker-compose up -d +echo "------------------前端服务状态------------------" +docker-compose ps +sleep 10 + echo "------------------部署完成------------------------" diff --git a/install-compose/main-compose/nginx.conf b/install-compose/main-compose/nginx.conf index 6ced9d4..afcd546 100644 --- a/install-compose/main-compose/nginx.conf +++ b/install-compose/main-compose/nginx.conf @@ -25,7 +25,7 @@ server { add_header 'Access-Control-Allow-Methods' *; return 204; } - proxy_pass http://apisix:9080/base_platform/media; + proxy_pass http://base-nginx:80/base_platform/media; } location /abac-api { if ($request_method = 'OPTIONS') { @@ -37,7 +37,7 @@ server { add_header 'Access-Control-Allow-Methods' *; return 204; } - proxy_pass http://apisix:9080/abac-api; + proxy_pass http://abac-nginx:80/abac-api; } location /base_platform { if ($request_method = 'OPTIONS') { @@ -49,7 +49,7 @@ server { add_header 'Access-Control-Allow-Methods' *; return 204; } - proxy_pass http://apisix:9080/base_platform; + proxy_pass http://base-nginx:80/base_platform; } location /alert_gateway { if ($request_method = 'OPTIONS') { @@ -61,7 +61,7 @@ server { add_header 'Access-Control-Allow-Methods' *; return 204; } - proxy_pass http://apisix:9080/alert_gateway; + proxy_pass http://alertgateway-backend:8000/alert_gateway; } location /base_platform/ws/{ if ($request_method = 'OPTIONS') { diff --git a/install-compose/msggateway-compose/docker-compose.yml b/install-compose/msggateway-compose/docker-compose.yml index b68b762..9c78f97 100644 --- a/install-compose/msggateway-compose/docker-compose.yml +++ b/install-compose/msggateway-compose/docker-compose.yml @@ -28,14 +28,6 @@ services: networks: - docker_netaxe -# msggateway-web: -# image: registry.cn-hangzhou.aliyuncs.com/netaxe/msggateway-web:1.0 -# container_name: msggateway-web -# ports: -# - "32201:80" -# networks: -# - docker_netaxe -# restart: always msggateway-worker2: image: registry.cn-hangzhou.aliyuncs.com/netaxe/msggateway:1.0 @@ -48,46 +40,46 @@ services: networks: - docker_netaxe - msggateway-worker3: - image: registry.cn-hangzhou.aliyuncs.com/netaxe/msggateway:1.0 - container_name: msggateway-worker3 - restart: always - command: python3 worker.py default - volumes: - - ./config.json:/app/config/config.json - - ./logs:/app/logs - networks: - - docker_netaxe - - msggateway-worker4: - image: registry.cn-hangzhou.aliyuncs.com/netaxe/msggateway:1.0 - container_name: msggateway-worker4 - restart: always - command: python3 worker.py default - volumes: - - ./config.json:/app/config/config.json - - ./logs:/app/logs - networks: - - docker_netaxe - - msggateway-worker5: - image: registry.cn-hangzhou.aliyuncs.com/netaxe/msggateway:1.0 - container_name: msggateway-worker5 - restart: always - command: python3 worker.py default - volumes: - - ./config.json:/app/config/config.json - - ./logs:/app/logs - networks: - - docker_netaxe - - msggateway-worker6: - image: registry.cn-hangzhou.aliyuncs.com/netaxe/msggateway:1.0 - container_name: msggateway-worker6 - restart: always - command: python3 worker.py default - volumes: - - ./config.json:/app/config/config.json - - ./logs:/app/logs - networks: - - docker_netaxe +# msggateway-worker3: +# image: registry.cn-hangzhou.aliyuncs.com/netaxe/msggateway:1.0 +# container_name: msggateway-worker3 +# restart: always +# command: python3 worker.py default +# volumes: +# - ./config.json:/app/config/config.json +# - ./logs:/app/logs +# networks: +# - docker_netaxe +# +# msggateway-worker4: +# image: registry.cn-hangzhou.aliyuncs.com/netaxe/msggateway:1.0 +# container_name: msggateway-worker4 +# restart: always +# command: python3 worker.py default +# volumes: +# - ./config.json:/app/config/config.json +# - ./logs:/app/logs +# networks: +# - docker_netaxe +# +# msggateway-worker5: +# image: registry.cn-hangzhou.aliyuncs.com/netaxe/msggateway:1.0 +# container_name: msggateway-worker5 +# restart: always +# command: python3 worker.py default +# volumes: +# - ./config.json:/app/config/config.json +# - ./logs:/app/logs +# networks: +# - docker_netaxe +# +# msggateway-worker6: +# image: registry.cn-hangzhou.aliyuncs.com/netaxe/msggateway:1.0 +# container_name: msggateway-worker6 +# restart: always +# command: python3 worker.py default +# volumes: +# - ./config.json:/app/config/config.json +# - ./logs:/app/logs +# networks: +# - docker_netaxe -- Gitee From 835ad3ba529948b102f5da036f7a65fe4353fe36 Mon Sep 17 00:00:00 2001 From: xhweng2 Date: Mon, 31 Mar 2025 13:58:30 +0800 Subject: [PATCH 08/19] =?UTF-8?q?feat:=E6=B7=BB=E5=8A=A0workbench?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- install-compose/deploy.sh | 18 +++++++++++ .../prometheus-compose/config.yaml | 31 ------------------- install-compose/workbench-compose/config.json | 15 +++++++++ .../workbench-compose/docker-compose.yml | 18 +++++++++++ 4 files changed, 51 insertions(+), 31 deletions(-) delete mode 100644 install-compose/prometheus-compose/config.yaml create mode 100644 install-compose/workbench-compose/config.json create mode 100644 install-compose/workbench-compose/docker-compose.yml diff --git a/install-compose/deploy.sh b/install-compose/deploy.sh index 389d6c8..661611b 100644 --- a/install-compose/deploy.sh +++ b/install-compose/deploy.sh @@ -180,6 +180,24 @@ docker-compose ps echo "------------------部署完成------------------------" +# 安装工作台 +echo "------------------开始工作台部署--------------" +cd $current_path +cd workbench-compose +docker-compose pull +docker-compose up -d +echo "------------------工作台状态------------------" +docker-compose ps + +echo "------------------部署完成------------------------" + + +echo "------------------刷新权限------------------" +curl "http://127.0.0.1:31104/abac-api/authority/auth_policy/?reload=1" +echo "------------------刷新权限成功------------------" + + + echo "请记住初始化密码" echo "IP: $iface_ip" echo "密码: $default_key" \ No newline at end of file diff --git a/install-compose/prometheus-compose/config.yaml b/install-compose/prometheus-compose/config.yaml deleted file mode 100644 index 097667b..0000000 --- a/install-compose/prometheus-compose/config.yaml +++ /dev/null @@ -1,31 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -server: - Address: :4168 - #ServerRoot: public - #LogPath: ./logs - -gToken: - # 是否支持多端登录 - MultiLogin: true - -login: - User: admin - Password: zuVc0FUdd1sB - - diff --git a/install-compose/workbench-compose/config.json b/install-compose/workbench-compose/config.json new file mode 100644 index 0000000..e5e0719 --- /dev/null +++ b/install-compose/workbench-compose/config.json @@ -0,0 +1,15 @@ +{ + "url_prefix": "/workbench", + "mysql_host": "mysql-server", + "mysql_port": "3306", + "mysql_user": "root", + "mysql_password": "MYSQL_PASSWORD", + "database": "workbench", + "user_info_url": "http://SERVER_IP:31104/abac-api/userInfo/", + "grafana_alive_url": "", + "grafana_alive_token": "", + "grafana_flow_url": "", + "grafana_flow_token": "", + "grafana_dashboard_url": "", + "grafana_dashboard_token": "" +} diff --git a/install-compose/workbench-compose/docker-compose.yml b/install-compose/workbench-compose/docker-compose.yml new file mode 100644 index 0000000..0b9f32a --- /dev/null +++ b/install-compose/workbench-compose/docker-compose.yml @@ -0,0 +1,18 @@ +version: "3.2" +networks: + docker_netaxe: + external: true + +services: + workbench-backend: + image: registry.cn-hangzhou.aliyuncs.com/netaxe/workbench-backend:1.0 + container_name: workbench-backend + restart: always + volumes: + - ./config.json:/config/config.json + - ./menu.json:/config/menu.json + - ./logs:/app/logs + command: supervisord -n -c /app/supervisord_backend.conf + networks: + - docker_netaxe + -- Gitee From 7d51f4a8220e368893b83af96a061d9d58d8f5f6 Mon Sep 17 00:00:00 2001 From: xhweng2 Date: Mon, 31 Mar 2025 14:01:44 +0800 Subject: [PATCH 09/19] =?UTF-8?q?feat:=E6=B7=BB=E5=8A=A0workbench?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- install-compose/main-compose/nginx.conf | 28 +++++++++++++++++-- .../{config.yaml => config.yaml} | 0 .../workbench-compose/docker-compose.yml | 2 ++ 3 files changed, 28 insertions(+), 2 deletions(-) rename install-compose/prometheus-compose/{config.yaml => config.yaml} (100%) diff --git a/install-compose/main-compose/nginx.conf b/install-compose/main-compose/nginx.conf index afcd546..a55248c 100644 --- a/install-compose/main-compose/nginx.conf +++ b/install-compose/main-compose/nginx.conf @@ -39,7 +39,31 @@ server { } proxy_pass http://abac-nginx:80/abac-api; } - location /base_platform { + location /base_platform/media { + if ($request_method = 'OPTIONS') { + #允许跨域请求的域,* 代表所有 + add_header 'Access-Control-Allow-Origin' *; + #允许请求的header + add_header 'Access-Control-Allow-Headers' *; + #允许请求的方法,比如 GET,POST,PUT,DELETE + add_header 'Access-Control-Allow-Methods' *; + return 204; + } + proxy_pass http://base-nginx:80/base_platform/media; + } + location /ipam-api { + if ($request_method = 'OPTIONS') { + #允许跨域请求的域,* 代表所有 + add_header 'Access-Control-Allow-Origin' *; + #允许请求的header + add_header 'Access-Control-Allow-Headers' *; + #允许请求的方法,比如 GET,POST,PUT,DELETE + add_header 'Access-Control-Allow-Methods' *; + return 204; + } + proxy_pass http://ipam-nginx:80/ipam; + } + location /workbench { if ($request_method = 'OPTIONS') { #允许跨域请求的域,* 代表所有 add_header 'Access-Control-Allow-Origin' *; @@ -49,7 +73,7 @@ server { add_header 'Access-Control-Allow-Methods' *; return 204; } - proxy_pass http://base-nginx:80/base_platform; + proxy_pass http://workbench-backend:8000/workbench; } location /alert_gateway { if ($request_method = 'OPTIONS') { diff --git a/install-compose/prometheus-compose/config.yaml b/install-compose/prometheus-compose/config.yaml similarity index 100% rename from install-compose/prometheus-compose/config.yaml rename to install-compose/prometheus-compose/config.yaml diff --git a/install-compose/workbench-compose/docker-compose.yml b/install-compose/workbench-compose/docker-compose.yml index 0b9f32a..ab1a4b9 100644 --- a/install-compose/workbench-compose/docker-compose.yml +++ b/install-compose/workbench-compose/docker-compose.yml @@ -13,6 +13,8 @@ services: - ./menu.json:/config/menu.json - ./logs:/app/logs command: supervisord -n -c /app/supervisord_backend.conf + ports: + - "31105:8000" networks: - docker_netaxe -- Gitee From 7447466a945f18765c601b10b3fabb8fb8374862 Mon Sep 17 00:00:00 2001 From: xhweng2 Date: Mon, 31 Mar 2025 14:19:57 +0800 Subject: [PATCH 10/19] =?UTF-8?q?feat:=E4=BF=AE=E6=AD=A3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- install-compose/main-compose/nginx.conf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/install-compose/main-compose/nginx.conf b/install-compose/main-compose/nginx.conf index a55248c..0adcc5f 100644 --- a/install-compose/main-compose/nginx.conf +++ b/install-compose/main-compose/nginx.conf @@ -39,7 +39,7 @@ server { } proxy_pass http://abac-nginx:80/abac-api; } - location /base_platform/media { + location /base_platform { if ($request_method = 'OPTIONS') { #允许跨域请求的域,* 代表所有 add_header 'Access-Control-Allow-Origin' *; @@ -49,7 +49,7 @@ server { add_header 'Access-Control-Allow-Methods' *; return 204; } - proxy_pass http://base-nginx:80/base_platform/media; + proxy_pass http://base-nginx:80/base_platform; } location /ipam-api { if ($request_method = 'OPTIONS') { -- Gitee From 39418083f086c9f91fa5b3bb65267deb4a9d3862 Mon Sep 17 00:00:00 2001 From: xhweng2 Date: Mon, 31 Mar 2025 14:23:28 +0800 Subject: [PATCH 11/19] =?UTF-8?q?feat:=E8=A1=A5=E5=85=85ipam?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- install-compose/deploy.sh | 31 +++++++++++++++++++++---------- 1 file changed, 21 insertions(+), 10 deletions(-) diff --git a/install-compose/deploy.sh b/install-compose/deploy.sh index 3db1ce3..b40dc0a 100644 --- a/install-compose/deploy.sh +++ b/install-compose/deploy.sh @@ -170,16 +170,6 @@ echo "------------------告警中心状态------------------" docker-compose ps sleep 10 -echo "------------------开始前端服务部署--------------" -cd $current_path -cd main-compose -docker-compose pull -docker-compose up -d -echo "------------------前端服务状态------------------" -docker-compose ps -sleep 10 - - echo "------------------部署完成------------------------" # 安装工作台 @@ -190,6 +180,27 @@ docker-compose pull docker-compose up -d echo "------------------工作台状态------------------" docker-compose ps +sleep 10 + +# 安装地址管理IPAM +echo "------------------开始地址管理IPAM部署--------------" +cd $current_path +cd ipam-compose +docker-compose pull +docker-compose up -d +echo "------------------地址管理IPAM状态------------------" +docker-compose ps +sleep 10 + +# 安装前端服务 +echo "------------------开始前端服务部署--------------" +cd $current_path +cd main-compose +docker-compose pull +docker-compose up -d +echo "------------------前端服务状态------------------" +docker-compose ps +sleep 10 echo "------------------部署完成------------------------" -- Gitee From 53ffc38e56a246be92835cac7ec34ff5908f1edc Mon Sep 17 00:00:00 2001 From: xhweng2 Date: Mon, 31 Mar 2025 15:02:04 +0800 Subject: [PATCH 12/19] =?UTF-8?q?feat:=E4=BC=98=E5=8C=96workbench=E6=8C=82?= =?UTF-8?q?=E8=BD=BD?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- install-compose/workbench-compose/docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install-compose/workbench-compose/docker-compose.yml b/install-compose/workbench-compose/docker-compose.yml index ab1a4b9..90b829c 100644 --- a/install-compose/workbench-compose/docker-compose.yml +++ b/install-compose/workbench-compose/docker-compose.yml @@ -9,7 +9,7 @@ services: container_name: workbench-backend restart: always volumes: - - ./config.json:/config/config.json + - ./config.json:/app/config/config.json - ./menu.json:/config/menu.json - ./logs:/app/logs command: supervisord -n -c /app/supervisord_backend.conf -- Gitee From 4e5a4a00abceeeb9e147822542c6c949a552a763 Mon Sep 17 00:00:00 2001 From: xhweng2 Date: Mon, 31 Mar 2025 15:07:15 +0800 Subject: [PATCH 13/19] =?UTF-8?q?feat:=E8=A1=A5=E5=85=85ws?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- install-compose/main-compose/nginx.conf | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/install-compose/main-compose/nginx.conf b/install-compose/main-compose/nginx.conf index 0adcc5f..c2685a6 100644 --- a/install-compose/main-compose/nginx.conf +++ b/install-compose/main-compose/nginx.conf @@ -87,6 +87,28 @@ server { } proxy_pass http://alertgateway-backend:8000/alert_gateway; } + location /workbench/ws/{ + if ($request_method = 'OPTIONS') { + #允许跨域请求的域,* 代表所有 + add_header 'Access-Control-Allow-Origin' *; + #允许请求的header + add_header 'Access-Control-Allow-Headers' *; + #允许请求的方法,比如 GET,POST,PUT,DELETE + add_header 'Access-Control-Allow-Methods' *; + return 204; + } + proxy_pass http://workbench-backend:8000; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_redirect off; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Host $server_name; + fastcgi_param HTTP_X_FORWARDED_FOR $http_x_forwarded_for; + real_ip_header X-Forwarded-For; + } location /base_platform/ws/{ if ($request_method = 'OPTIONS') { #允许跨域请求的域,* 代表所有 -- Gitee From 40cbe770acf3e19800e974a69c7bcf458cc08917 Mon Sep 17 00:00:00 2001 From: xhweng2 Date: Mon, 31 Mar 2025 15:23:02 +0800 Subject: [PATCH 14/19] =?UTF-8?q?feat:=E6=9B=B4=E6=96=B0workbench=E5=BA=93?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- install-compose/mysql-compose/init/netaxe.sql | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/install-compose/mysql-compose/init/netaxe.sql b/install-compose/mysql-compose/init/netaxe.sql index 5f2105d..a4892ed 100644 --- a/install-compose/mysql-compose/init/netaxe.sql +++ b/install-compose/mysql-compose/init/netaxe.sql @@ -14,6 +14,10 @@ CREATE DATABASE IF NOT EXISTS neteye DEFAULT CHARACTER SET utf8mb4 DEFAULT COLLATE utf8mb4_general_ci; +CREATE DATABASE IF NOT EXISTS workbench +DEFAULT CHARACTER SET utf8mb4 +DEFAULT COLLATE utf8mb4_general_ci; + create user netaxe@localhost identified by 'netaxe_pwd'; grant all on *.* to netaxe@'%' identified by 'netaxe_pwd'; grant all on *.* to netaxe@localhost identified by 'netaxe_pwd'; -- Gitee From a9d8ebdae3b3168e101b697d022ee0efe5d9140e Mon Sep 17 00:00:00 2001 From: xhweng2 Date: Tue, 1 Apr 2025 10:25:13 +0800 Subject: [PATCH 15/19] =?UTF-8?q?feat:=E6=9B=B4=E6=96=B0ipam=E9=93=BE?= =?UTF-8?q?=E6=8E=A5redis=E7=9A=84num?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- install-compose/ipam-compose/config.json | 1 + 1 file changed, 1 insertion(+) diff --git a/install-compose/ipam-compose/config.json b/install-compose/ipam-compose/config.json index 5524cf1..b924527 100644 --- a/install-compose/ipam-compose/config.json +++ b/install-compose/ipam-compose/config.json @@ -23,6 +23,7 @@ "redis_host": "redis-cache", "redis_port": 6379, "redis_pwd": "REDIS_PASSWORD", + "redis_num": 12, "mysql_host": "mysql-server", "mysql_port": "3306", "mysql_user": "root", -- Gitee From 53cfccbed64819fc640127438559bae202ad2ebf Mon Sep 17 00:00:00 2001 From: xhweng2 Date: Tue, 1 Apr 2025 10:38:31 +0800 Subject: [PATCH 16/19] =?UTF-8?q?feat:=E6=9B=B4=E6=96=B0ipam=E7=BB=84?= =?UTF-8?q?=E4=BB=B6=E4=BC=98=E5=8C=96?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../ipam-compose/docker-compose.yml | 26 +++++++++---------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/install-compose/ipam-compose/docker-compose.yml b/install-compose/ipam-compose/docker-compose.yml index f02e485..afc0194 100644 --- a/install-compose/ipam-compose/docker-compose.yml +++ b/install-compose/ipam-compose/docker-compose.yml @@ -33,16 +33,16 @@ services: ports: - "31103:80" - # 前端 - ipam-web: - container_name: ipam-web - image: registry.cn-hangzhou.aliyuncs.com/netaxe/ipam-web:1.0 - environment: - TZ: Asia/Shanghai - volumes: - - /etc/localtime:/etc/localtime - ports: - - "32203:80" - networks: - - docker_netaxe - restart: always +# # 前端 +# ipam-web: +# container_name: ipam-web +# image: registry.cn-hangzhou.aliyuncs.com/netaxe/ipam-web:1.0 +# environment: +# TZ: Asia/Shanghai +# volumes: +# - /etc/localtime:/etc/localtime +# ports: +# - "32203:80" +# networks: +# - docker_netaxe +# restart: always -- Gitee From 0edb4dbe45d8b8e5747831a74e9436f708adacbb Mon Sep 17 00:00:00 2001 From: jmli12 Date: Tue, 1 Apr 2025 10:51:28 +0800 Subject: [PATCH 17/19] =?UTF-8?q?=E6=96=B0=E6=9E=84=E5=BB=BA=E9=83=A8?= =?UTF-8?q?=E7=BD=B2=E6=B5=8B=E8=AF=955?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- install-compose/prometheus-compose/docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install-compose/prometheus-compose/docker-compose.yml b/install-compose/prometheus-compose/docker-compose.yml index ac49a32..0d69751 100644 --- a/install-compose/prometheus-compose/docker-compose.yml +++ b/install-compose/prometheus-compose/docker-compose.yml @@ -4,7 +4,7 @@ networks: external: true services: regis: - image: artifacts.iflytek.com/docker-private/netops/regiscenter:2.0 + image: registry.cn-hangzhou.aliyuncs.com/netaxe/regiscenter:2.0 container_name: regis privileged: true volumes: -- Gitee From 2b21952b5a999f80f356218f5a77053efb0f226a Mon Sep 17 00:00:00 2001 From: xhweng2 Date: Tue, 1 Apr 2025 11:18:49 +0800 Subject: [PATCH 18/19] =?UTF-8?q?=E6=9B=B4=E6=96=B0=E5=88=B7=E6=96=B0?= =?UTF-8?q?=E6=9D=83=E9=99=90=E4=BB=A5=E5=90=8E=E7=9A=84=E7=AD=89=E5=BE=85?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- install-compose/deploy.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/install-compose/deploy.sh b/install-compose/deploy.sh index b40dc0a..9182db8 100644 --- a/install-compose/deploy.sh +++ b/install-compose/deploy.sh @@ -202,15 +202,16 @@ echo "------------------前端服务状态------------------" docker-compose ps sleep 10 -echo "------------------部署完成------------------------" + echo "------------------刷新权限------------------" curl "http://127.0.0.1:31104/abac-api/authority/auth_policy/?reload=1" echo "------------------刷新权限成功------------------" +sleep 10 - +echo "------------------所有服务部署完成------------------------" echo "请记住初始化密码" echo "IP: $iface_ip" echo "密码: $default_key" \ No newline at end of file -- Gitee From a5aa1186c09328446ab63f5bf5a417cd4b36623e Mon Sep 17 00:00:00 2001 From: jmli12 Date: Tue, 1 Apr 2025 16:58:38 +0800 Subject: [PATCH 19/19] =?UTF-8?q?=E5=A2=9E=E5=8A=A0grafana=E9=83=A8?= =?UTF-8?q?=E7=BD=B2?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- install-compose/deploy.sh | 14 +++++++++ .../grafana-compose/docker-compose.yml | 30 +++++++++++++++++++ .../prometheus-compose/docker-compose.yml | 3 +- 3 files changed, 46 insertions(+), 1 deletion(-) create mode 100644 install-compose/grafana-compose/docker-compose.yml diff --git a/install-compose/deploy.sh b/install-compose/deploy.sh index b40dc0a..579edc0 100644 --- a/install-compose/deploy.sh +++ b/install-compose/deploy.sh @@ -192,6 +192,20 @@ echo "------------------地址管理IPAM状态------------------" docker-compose ps sleep 10 +# 安装grafana +echo "------------------开始grafana部署--------------" +cd $current_path +cd grafana-compose +docker volume create grafana-data +docker-compose pull +ssh-keygen -t rsa -b 4096 -m PEM -f grafana.key -N "" +openssl rsa -in grafana.key -pubout -outform PEM -out public-key.pem +docker-compose up -d +echo "------------------地址管理grafana状态------------------" +docker-compose ps +sleep 10 + + # 安装前端服务 echo "------------------开始前端服务部署--------------" cd $current_path diff --git a/install-compose/grafana-compose/docker-compose.yml b/install-compose/grafana-compose/docker-compose.yml new file mode 100644 index 0000000..430b0e1 --- /dev/null +++ b/install-compose/grafana-compose/docker-compose.yml @@ -0,0 +1,30 @@ +version: "3.2" +networks: + docker_netaxe: + external: true +services: + grafana: + image: registry.cn-hangzhou.aliyuncs.com/netaxe/grafana:11.1.2 + container_name: grafana + restart: always + privileged: true + environment: + GF_SECURITY_ALLOW_EMBEDDING: true + GF_AUTH_JWT_ENABLED: true + GF_AUTH_JWT_URL_LOGIN: true + GF_AUTH_JWT_HEADER_NAME: X-AUTH-TOKEN + GF_AUTH_JWT_KEY_FILE: /etc/grafana/public-key.pem + GF_AUTH_JWT_EMAIL_CLAIM: sub + GF_AUTH_JWT_USERNAME_CLAIM: user + + volumes: + - ./public-key.pem:/etc/grafana/public-key.pem + - grafana-data:/var/lib/grafana + # - ./grafana.ini:/usr/share/grafana/conf/defaults.ini + ports: + - 3000:3000 + networks: + - docker_netaxe +volumes: + grafana-data: + external: true \ No newline at end of file diff --git a/install-compose/prometheus-compose/docker-compose.yml b/install-compose/prometheus-compose/docker-compose.yml index 0d69751..837b5c8 100644 --- a/install-compose/prometheus-compose/docker-compose.yml +++ b/install-compose/prometheus-compose/docker-compose.yml @@ -38,4 +38,5 @@ services: ports: - 9115:9115 networks: - - docker_netaxe \ No newline at end of file + - docker_netaxe + -- Gitee