Blue Whale 6.0 Deployment

Basic package

1. Please confirm your deployment purpose before reading
2. This document is applicable to the multi-machine sub-module deployment scenario in the production environment. If you only need to experience the functions of this package, please refer to Single-machine deployment

The basic package includes: PaaS platform, configuration platform, operation platform, authority center, user management, node management, standard operation and maintenance, process service

1. Installation environment preparation

Before starting the installation, please refer to the environment preparation document to prepare the installation media and configure the system environment.

1.1 Prepare the machine

1. Recommended operating system: CentOS 7.6
2. Recommended machine configuration
   • Production environment: recommended 8-core 32G, hard disk 100G or more (the configuration can be adjusted according to the actual situation)
     • Number of machines: 3 (assuming the IPs are: 10.0.0.1, 10.0.0.2, 10.0.0.3)
3. Select one as the central control machine (assumed to be 10.0.0.1) for installation and deployment operations, and log in with the root account.

1.2 Get a certificate

•  Obtain the MAC address of the first intranet network card of the 3 machines through  ifconfig or  commandip addr
• Go to the certificate generation page of the Blue Whale official website ( download area|Tencent Blue Whale Zhiyun ), fill in the three MAC addresses separated by English semicolons in the input box according to the prompts, generate and download the certificate
• Upload the certificate package to the central control computer /data
  • Certificate package name: ssl_certificates.tar.gz

1.3 Download the installation package

Please go to  the download page of the Blue Whale official website  to download the basic package.

1.4 Decompress related resource packages

1. Decompress package (including related products of Blue Whale, such as PaaS platform, configuration platform, operation platform, etc., public components that Blue Whale depends on (MySQL, Redis, etc.), and Blue Whale deployment scripts)

   cd /data
   # 包名请根据实际情况填写
   tar xf bkce_basic_suite-6.1.2.tgz
   

2. Unzip the individual product packages

   cd /data/src/; for f in *gz;do tar xf $f; done
   

3. Unzip the certificate package

   install -d -m 755 /data/src/cert
   tar xf /data/ssl_certificates.tar.gz -C /data/src/cert/
   chmod 644 /data/src/cert/*
   

4. Copy the rpm package folder to the /opt/ directory

   cp -a /data/src/yum /opt
   

1.5 configure install.config

illustrate:

• gse and redis need to be deployed on the same machine.
• When there are multiple internal IPs, the first internal IP in the output of /sbin/ifconfig is used by default.
• Deployment requires the use of standard private addresses. If the enterprise environment uses non-standard private addresses, please refer to Environment preparation - non-standard private address processing method

# 请根据实际机器的 IP 进行替换第一列的示例 IP 地址，确保三个 IP 之间能互相通信
cat << EOF >/data/install/install.config
[basic]
10.0.0.1 iam,ssm,usermgr,gse,license,redis,consul,es7
10.0.0.2 paas,nginx,consul,mongodb,rabbitmq,appo,zk(config)
10.0.0.3 cmdb,job,mysql,appt,consul,nodeman(nodeman)
EOF

1.6 Execute password-free

cd /data/install
bash /data/install/configure_ssh_without_pass

start deployment

Initialize and check the environment

# 执行初始化环境操作
./bk_install common

# 校验环境和部署的配置
./health_check/check_bk_controller.sh

Deploy the PaaS platform

# 部署 PaaS 平台及其依赖服务
./bk_install paas

After the deployment of the PaaS platform is completed, you can access the PaaS platform of Blue Whale. If the domain name is not resolved during deployment, please refer to 3. Accessing Blue Whale.

deploy app_mgr

# 部署 SaaS 运行环境
./bk_install app_mgr

Deployment authority center and user management

# 部署权限中心 SaaS
./bk_install saas-o bk_iam
# 部署用户管理 SaaS
./bk_install saas-o bk_user_manage

Deploy CMDB

# 部署配置平台及其依赖服务
./bk_install cmdb

deploy jobs

# 部署作业平台后台模块及其依赖组件
./bk_install job

deploy bknodeman

# 部署节点管理后台模块、节点管理 SaaS 及其依赖组件
./bk_install bknodeman

Deploy standard operation and maintenance and process services

Execute the following commands in sequence to deploy related SaaS.

# 部署标准运维 SaaS
./bk_install saas-o bk_sops

# 部署流程管理 SaaS
./bk_install saas-o bk_itsm

Load blue whale related maintenance commands

source ~/.bashrc

Initialize the blue whale business topology

./bkcli initdata topo

Detect related service status

cd /data/install/
echo bkssm bkiam usermgr paas cmdb gse job consul | xargs -n 1 ./bkcli check

Deploy lesscode (optional)

1. Go to the S-mart market to download  the visual development platform

2. Place the package in  /data the directory of the central control and extract it to  /data/src the directory

   tar -xf /data/lesscode-ce-0.0.11.tar.gz -C /data/src
   

3. Add lesscode module distribution

   # 请注意替换示例 IP 为实际部署的机器 IP
   cat << EOF >>/data/install/install.config
   [lesscode]
   10.0.0.1 lesscode
   EOF
   

4. start deployment

   ./bk_install lesscode
   

Deploy bkiam_search_engine (optional)

1. Added bkiam_search_engine module distribution

   # 请注意替换示例 IP 为实际部署的机器 IP
   cat << EOF >>/data/install/install.config
   [iam_search_engine]
   10.0.0.3 iam_search_engine
   EOF
   

2. Obtain the app_token of the authority center, and use the obtained app_token as the secret of bkiam_search_engine

   echo BK_IAM_SAAS_APP_SECRET=$(mysql --login-path=mysql-default -e "use open_paas; select * from paas_app where code='bk_iam'\G"| awk '/auth_token/{print $2}') >> /data/install/bin/03-userdef/bkiam_search_engine.env
   

3. Render bkiam_search_engine variable

   ./bkcli install bkenv
   ./bkcli sync common
   

4. start deployment

   ./bk_install bkiam_search_engine
   

Deploy paas_plugin (optional)

1. The beta version does not currently include
2. paas_plugin depends on elasticsearch

# 增加 es7 模块
# 请注意替换示例 IP 为实际部署的机器 IP
cat  << EOF >>/data/install/install.config
10.0.0.3 es7
EOF

./bk_install paas_plugin

Deploy API automated testing tools (optional)

The beta version does not currently include

1. Synchronize the installation directory file to the specified machine (the default is the machine where the nginx module is located)

   ./bkcli sync bkapi
   

2. Deploy API automated testing tools

   ./bkcli install bkapi
   

3. Run the API automated testing tool

   # 如果不带<module>,默认检查所有模块的api
   ./bkcli check bkapi
   
   # 单模块检查
   ## 目前支持的模块 bk_cmdb, bk_job, bk_gse, bk_itsm, bk_monitorv3, bk_paas, bk_sops, bk_user_manage
   ## 因需要检查所有的 api，花费的时间较长，请耐心等待
   ./bkcli check bkapi bk_job
   

3. Visit the Blue Whale

3.1 Configure local hosts

The operations described below may overwrite the existing hosts, please confirm whether a backup is required before performing the operation.

1. Windows configuration

   Notepad++Open the file with a text editor such as :

   C:\Windows\System32\drivers\etc\hosts

   Copy the following content into the above file, and replace the following IP with an IP that can be accessed by the local browser, and then save it.

   10.0.0.2 paas.bktencent.com cmdb.bktencent.com job.bktencent.com jobapi.bktencent.com bkapi_check.bktencent.com
   10.0.0.3 nodeman.bktencent.com
   

   Note:  10.0.0.2 is the machine where the nginx module is located, and 10.0.0.3 is the machine where the nodeman module is located. The IP needs to be replaced with an IP that can be accessed by the local browser.

   Query the way the module is distributed on the machine:

   grep -E "nginx|nodeman" /data/install/install.config
   

   Note: If you cannot save the file, please right-click the file hosts and find "Properties" -> "Security", then select the user name you logged in, click Edit, and check "Write".

2. Linux/MacOS configuration

   Copy the following content to  /etc/hosts , and replace the following IP with the IP that can be accessed by the local browser, and then save it.

   10.0.0.2 paas.bktencent.com cmdb.bktencent.com job.bktencent.com jobapi.bktencent.com bkapi_check.bktencent.com
   10.0.0.3 nodeman.bktencent.com
   

3.2 Get administrator account name and password

On any machine, execute the following command to obtain the administrator account and password.

grep -E "BK_PAAS_ADMIN_USERNAME|BK_PAAS_ADMIN_PASSWORD" /data/install/bin/04-final/usermgr.env

3.3 Visit Blue Whale and get started

Default blue whale workbench entrance: http://paas.bktencent.com

• You can refer to Blue Whale Quick Start and related  product white papers

• Advanced Options: Monitoring Log Package Deployment