v1.1.10版本发布¶
堡垒机替换¶
OpsAny社区版v1.1.10发布了最新版本的堡垒机,将之前管控平台重堡垒机的功能全部重构,单独创建了独立的堡垒机平台。所以v1.1.10的更新相对于比较繁琐,需要细心操作,整理流程如下:
- 更新PaaS。
- 更新所有的SAAS。
- 替换Websocket镜像,重建Websocket容器。
- 更新ESB组件
- 修改Nginx配置,并重启容器。
新版本Websocket更新¶
1.更新opsany-paas代码
cd /opt/opsany-paas && git pull
2.重新修改配置文件,为最新的SAAS平台增加环境变量。
cd /opt/opsany-paas/install/
cp install.config.example install.config
3.添加环境变量到平台中
cd /opt/opsany-paas/saas/
python3 add_env.py
4.停止老的websocket,并删除老的websocket镜像
docker stop opsany-paas-websocket
docker rm opsany-paas-websocket
docker rmi opsany/opsany-paas-websocket:v3.2.6
5.修改websocket配置
cd /opt/opsany-paas/install/
source install.config
/bin/cp conf/settings_production.py.websocket ${INSTALL_PATH}/conf/
/bin/cp conf/settings_production.py.websocket.init ${INSTALL_PATH}/conf/
sed -i "s/WEBSOCKET_GUACD_HOST/${WEBSOCKET_GUACD_HOST}/g" ${INSTALL_PATH}/conf/settings_production.py.websocket
sed -i "s/REDIS_SERVER_IP/${REDIS_SERVER_IP}/g" ${INSTALL_PATH}/conf/settings_production.py.websocket
sed -i "s/REDIS_SERVER_PASSWORD/${REDIS_SERVER_PASSWORD}/g" ${INSTALL_PATH}/conf/settings_production.py.websocket
sed -i "s/MYSQL_SERVER_IP/${MYSQL_SERVER_IP}/g" ${INSTALL_PATH}/conf/settings_production.py.websocket
sed -i "s/MYSQL_OPSANY_PASSWORD/${MYSQL_OPSANY_PASSWORD}/g" ${INSTALL_PATH}/conf/settings_production.py.websocket
sed -i "s/dev.opsany.cn/${PAAS_PAAS_IP}/g" ${INSTALL_PATH}/conf/settings_production.py.websocket.init
6.配置数据库
mysql -h "${MYSQL_SERVER_IP}" -u root -p"${MYSQL_ROOT_PASSWORD}" -e "create database bastion DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;"
mysql -h "${MYSQL_SERVER_IP}" -u root -p"${MYSQL_ROOT_PASSWORD}" -e "grant all on bastion.* to bastion@'%' identified by "\"${MYSQL_OPSANY_BASTION_PASSWORD}\"";"
mysql -h "${MYSQL_SERVER_IP}" -u root -p"${MYSQL_ROOT_PASSWORD}" -e "grant all on bastion.* to opsany@'%' identified by "\"${MYSQL_OPSANY_PASSWORD}\"";"
7.启动Websocket容器
docker run -d --restart=always --name opsany-paas-websocket \
-p 8004:8004 -v ${INSTALL_PATH}/logs:/opt/opsany/logs \
-v ${INSTALL_PATH}/uploads:/opt/opsany/uploads \
-v ${INSTALL_PATH}/conf/settings_production.py.websocket:/opt/opsany/websocket/config/prod.py \
-v ${INSTALL_PATH}/conf/settings_production.py.websocket.init:/opt/opsany/websocket/config/__init__.py \
-v /etc/localtime:/etc/localtime:ro \
opsany/opsany-paas-websocket:v3.2.6
8.开发中心部署堡垒机
在导航菜单点击【开发中心】-【内置应用】-【上传部署新应用】,选择堡垒机的压缩包bastion-opsany-v1.0.0.tar.gz
9.修改Openresty配置
vim /opt/opsany/conf/nginx-conf.d/nginx_paas.conf
# CONTROL WebSocket 将/ws/control/修改为/ws/bastion/
location /ws/bastion/ {
proxy_pass http://CONTROL_WS;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
}
docker restart opsany-openresty