simonzhangsz/omc_api
1
0
Fork 0
Code Activity

chore: docker部署安装脚本

Browse Source
This commit is contained in:
TsMask
2024-12-13 14:18:31 +08:00
parent 62bfc47a0a
commit da42adef91
8 changed files with 185 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
docker/Dockerfile
View File

@@ -62,7 +62,7 @@ RUN apt-get update && \
nginx openssh-server \
&& ssh-keygen -A \
&& adduser --disabled-password --gecos "" omcuser \
&& echo 'omcuser:password' | chpasswd \
&& echo 'omcuser:a9tU53r' | chpasswd \
&& mkdir -p /home/omcuser/.ssh \
&& chmod 700 /home/omcuser/.ssh \
&& touch /home/omcuser/.ssh/authorized_keys \
@@ -85,7 +85,7 @@ COPY --from=build-golang /docker/logs /var/log/omc
COPY --from=build-golang /docker/nginx/cert /etc/nginx/cert
COPY --from=build-golang /docker/nginx/nginx.conf /etc/nginx/nginx.conf
EXPOSE 33030 33033 33040 33060 80 22
EXPOSE 22 80 443 33030 33443 33033 33060
CMD ["/bin/sh", "-c", "service ssh start && service nginx start && /usr/local/bin/omc --env ${APPENV} -c /usr/local/etc/omc/omc.yaml"]

23
docker/README.md
View File

@@ -26,13 +26,25 @@ probject
| /var/log | 网管相关日志输出 |
| /tmp/omc | 存放从网元拉取到本地的文件 |
端口声明
| 端口 | 说明 |
| ----- | ----------------------------- |
| 22 | 网管 容器内部 SSH 服务 |
| 80 | 网管 Nginx HTTP 服务 |
| 443 | 网管 Nginx HTTP2 服务 |
| 33030 | 网管后台 API HTTP 服务 |
| 33443 | 网管后台 API HTTP2 服务 |
| 33033 | 网管信令跟踪 UDP 协议接收服务 |
| 33060 | 网管性能分析监控 metrics 服务 |
## 编译
- `VERSION` 变量是后端程序打包版本号注入
```sh
docker build --build-arg VERSION="241211" -t omc:2.2412.1 .
docker build --build-arg VERSION="241212" -t omc:2.2412.1 .
```
@@ -47,12 +59,13 @@ docker run -d \
--restart=always \
-p 8822:22 \
-p 8880:80 \
-p 8884:443 \
-p 8830:33030 \
-p 8833:33033 \
-p 8840:33040 \
-p 8860:33060 \
-v /home/manager/probject/omc_api/docker/omc:/usr/local/etc/omc \
-v /home/manager/probject/omc_api/docker/omc/logs:/var/log \
-v /home/manager/probject/omc_api/docker/omc/tmp:/tmp/omc \
-v /home/manager/probject/omc_api/docker/omc/nginx/cert:/etc/nginx/cert \
-v /home/manager/probject/omc_api/docker/omc/nginx/nginx.conf:/etc/nginx/nginx.conf \
-e TZ="Asia/Shanghai" \
@@ -86,5 +99,9 @@ docker load -i redis_7.2.5.tar
docker load -i mysql_8.0.39.tar
docker load -i omc_2.2412.1.tar
sudo bash omc.sh install
sudo bash omc-docker.sh install
mkdir omc-r2.2412.1-ub22-cloud
tar -czvf omc-r2.2412.1-ub22-cloud.tgz omc-r2.2412.1-ub22-cloud/
tar -xzvf omc-r2.2412.1-ub22-cloud.tgz
```

33
docker/omc.sh → docker/omc-docker.sh
View File

@@ -6,7 +6,7 @@ REDIS_CONTAINER_NAME="omc_redis"
# usage
usage() {
echo "Usage: bash omc.sh [install|uninstall|restart|start|stop]"
echo "Usage: bash omc-docker.sh [install|uninstall|restart|start|stop]"
exit 1
}
@@ -22,9 +22,17 @@ install(){
echo "Container time zone (Asia/Shanghai):"
read OMC_TZ
OMC_TZ=${OMC_TZ:-"Asia/Shanghai"}
echo "Container service port (80):"
read OMC_PORT
OMC_PORT=${OMC_PORT:-"80"}
echo "Container service http port (80):"
read OMC_HTTP_PORT
OMC_HTTP_PORT=${OMC_HTTP_PORT:-"80"}
echo "Container service https port (443):"
read OMC_HTTPS_PORT
OMC_HTTPS_PORT=${OMC_HTTPS_PORT:-"443"}
echo "Container name ($OMC_CONTAINER_NAME):"
read OMC_CONTAINER_NAME
OMC_CONTAINER_NAME=${OMC_CONTAINER_NAME:-"omc"}
echo "==> Checking Docker version $OMC_CONTAINER_NAME"
sed -i "s/^OMC_CONTAINER_NAME=.*/OMC_CONTAINER_NAME=\"$OMC_CONTAINER_NAME\"/" ./omc-docker.sh
echo "===================== Install container omc service ====================="
echo "==> Checking Docker version"
@@ -34,7 +42,6 @@ install(){
echo "Docker is not available or sudo privileges are not granted."
exit 1
fi
echo ""
echo "==> Created service network"
NETWORK="omcnet"
@@ -53,13 +60,17 @@ install(){
mysql_container=$(docker ps --filter "name=$MYSQL_CONTAINER_NAME" --format "{{.Names}}")
if [[ -z "$mysql_container" ]]; then
echo "MySQL container is not running. Installing MySQL container..."
docker load --input $(pwd)/tar/mysql_8.0.39.tar
MYSQL_IMAGE="mysql:8.0.39"
MYSQL_ROOT_PASSWORD="1000omc@kp!"
SQL_FILE_PATH="$(pwd)/sql/install/omc_db.sql"
MYSQL_DATA=/usr/local/etc/$MYSQL_CONTAINER_NAME/data
mkdir -p $MYSQL_DATA
docker run --privileged=true --restart=always -e TZ="$OMC_TZ" \
-e MYSQL_ROOT_PASSWORD=$MYSQL_ROOT_PASSWORD \
-v $SQL_FILE_PATH:/docker-entrypoint-initdb.d/database.sql \
-v $MYSQL_DATA:/var/lib/mysql \
--network $NETWORK \
--name $MYSQL_CONTAINER_NAME \
-d $MYSQL_IMAGE
@@ -74,8 +85,11 @@ install(){
docker load --input $(pwd)/tar/redis_7.2.5.tar
REDIS_IMAGE="redis:7.2.5"
REDIS_PASSWORD="helloearth"
REDIS_DATA=/usr/local/etc/$REDIS_CONTAINER_NAME/data
mkdir -p $REDIS_DATA
docker run --privileged=true --restart=always -e TZ="$OMC_TZ" \
-e REDIS_PASSWORD=$REDIS_PASSWORD \
-v $REDIS_DATA:/data \
--network $NETWORK \
--name $REDIS_CONTAINER_NAME \
-d $REDIS_IMAGE
@@ -98,15 +112,17 @@ install(){
docker run --privileged=true --restart=always -m 512M \
-v /usr/local/etc/omc:/usr/local/etc/omc \
-v /usr/local/etc/omc/logs:/var/log \
-v /usr/local/etc/omc/tmp:/tmp/omc \
-v /usr/local/etc/omc/nginx/cert:/etc/nginx/cert \
-v /usr/local/etc/omc/nginx/nginx.conf:/etc/nginx/nginx.conf \
-e TZ=$OMC_TZ \
-p $OMC_PORT:80 \
-p $OMC_HTTP_PORT:80 \
-p $OMC_HTTPS_PORT:443 \
--network $NETWORK \
--name $OMC_CONTAINER_NAME \
-d $OMC_IMAGE
echo "Running service $OMC_CONTAINER_NAME container port $OMC_PORT"
echo "Running service $OMC_CONTAINER_NAME container http port $OMC_PORT / https port $OMC_HTTPS_PORT"
}
# uninstall
@@ -125,12 +141,15 @@ case "$1" in
uninstall
;;
"restart")
echo "restart container $OMC_CONTAINER_NAME"
docker restart $OMC_CONTAINER_NAME
;;
"start")
echo "start container $OMC_CONTAINER_NAME"
docker start $OMC_CONTAINER_NAME
;;
"stop")
echo "stop container $OMC_CONTAINER_NAME"
docker stop $OMC_CONTAINER_NAME
;;
*)

18
docker/omc/nginx/cert/omc-server.crt Normal file
View File

@@ -0,0 +1,18 @@
-----BEGIN CERTIFICATE-----
MIIC2jCCAcKgAwIBAgIBAzANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQKEwlHbyBP
TUMgQ0EwHhcNMjQwMTA5MDcxMjU1WhcNMzQwMTA2MDcxMjU1WjAVMRMwEQYDVQQK
EwpPTUMgU2VydmVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApSTG
HNOWScYVHHiGw9z8q2u3ZMUaOFBm6+F4p4PrpM1h3FtHmYv5IWr5kqoMgCU/FmPG
HrSqDzrm+J4QMdguq40Jd4QOadiDg5oyLIM6Su32sjtG/y5an3abtY9hNCoWDdpy
kNRb1i9NQ2uTSBHm1lTVWutZWgm7D9jES8JB2byDwAOONwGlqAw6buxUlIP2vCtn
SpMF8Mqdypnw8K17DLXpP+D8Exw4mjOmJEVOGnw/pinjDCHm9SEiFtagdXIWliwl
DgbyVeSE70JhaGV2bGlmldV2sN2qPvG/W99pCeObxNcCko9JdJqsDVQTiOTY6uaH
o/GdDnzZh4TbbDutDQIDAQABozYwNDAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAww
CgYIKwYBBQUHAwEwDQYDVR0OBAYEBAECAwQwDQYJKoZIhvcNAQELBQADggEBAJY6
eI54wSn+kNteFEdoFS2jVM+GAMS0x4blX2wzNro6HqhlYC6oJ8TxRS6V22ugWLFX
M/pcqV5FA1XCSibYdwscdaoUSUYc6inlkHxrbfSryiQqXAkEv8Ote3dqtOu7Z0BY
PkykdMrCUXn5ksYgoTa7G1CdAiaKMeuTz801l1g8AIOpNV1+Xhi29TKA134VDW9S
2aDcD6jEs63rqKx/knStli0F58N0kOKjmmt45stP90o5NsshAMumzP0xhfwC94Gg
eBXg6ThM3nuOBQyzPEtUZioRKKV4XmgZF/F4ePCnS4ST9ft09kx7UcR9MVzGIHov
whwVw6o5O7h1xQr6Pjw=
-----END CERTIFICATE-----

27
docker/omc/nginx/cert/omc-server.key Normal file
View File

@@ -0,0 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEApSTGHNOWScYVHHiGw9z8q2u3ZMUaOFBm6+F4p4PrpM1h3FtH
mYv5IWr5kqoMgCU/FmPGHrSqDzrm+J4QMdguq40Jd4QOadiDg5oyLIM6Su32sjtG
/y5an3abtY9hNCoWDdpykNRb1i9NQ2uTSBHm1lTVWutZWgm7D9jES8JB2byDwAOO
NwGlqAw6buxUlIP2vCtnSpMF8Mqdypnw8K17DLXpP+D8Exw4mjOmJEVOGnw/pinj
DCHm9SEiFtagdXIWliwlDgbyVeSE70JhaGV2bGlmldV2sN2qPvG/W99pCeObxNcC
ko9JdJqsDVQTiOTY6uaHo/GdDnzZh4TbbDutDQIDAQABAoIBAHxE49+lSJ5TNGes
Op0AmhHUiLiHqWde+VPe4xALMTNeaZmMBqEAt4PyH8PBuo5jeMm8YsWQZbf4Nv42
0zDu4I+vHcSV1tLHXo+VZNQiG6du0gjkmlRD6WW9twY00oySbu4Vx8g8RK80AQwO
01GURwRZ6gL0vtQGJoGSOIRZtXvGLltVR52OfkgNMjNepwtJvMV7PW5xYwEcnx+i
sZD/6hl49Qv5g4dCCGrnr8Garx9+cUkVP/ipkBnjyKACfzYQhoauo03Rv4iuNdy6
QD9KB95ALHq66vYXF72YW75JQhQ3C1qGcghNn68RIlufSnA7D7J9VCG5VSXfVrk2
a5Xw2HECgYEAzaXU75hl87fmf88X+8M6+OuaMnnLAwIadbcecakkO4bgzNF1SYwv
dbZ608LvdUt+BYVU43CCX3//a/MI+Ncp5sk85TLsXUxXGWonO1zXpa3+BAEXJe1n
xnWVdytWMeoyzhBZ/Vkx7/NAu5WSViXgQ3trB0Wr3OGw3Nksb4Son8cCgYEAzZQc
SlglEiU+Z+BsCV07FEkU6xgsmxQQuptPuGcm713Ik8c8a5KAyjbhpp+oBvn8v69i
hVGHcFmZYeazBL39dC4/6E/wDOVEwN2fY8oYBnrPvoz7FUTvObRjZakrgVj+XAjS
lg9RuMm1tYPFR52V5BTngJ9Rkj/AewxWnGMDtIsCgYEAng1i/5ZQXSUs+XPwCeY9
b8yb4Ulr9u7p6SkJM+/8UefS5HfjPdiJLV5HPnOm2K5ht9qGqJrzCHT2mT/b2Gx9
3ssxizI9KWOf2X+VkXFEqCh2fxtbcCHrTUNX0ZQ0Ff7adzdoAmhIEhQR31oQczd/
Cj5Tvu4ULZoj9UjQdxEtDEcCgYAYrW3T8s7IZdYe7A6r9RgRcFBlhCpel0MG03v3
W9KNq0lXi/QRya1SGNJviPzHkZyoeeourMHAV9EUsnfM2u2g06hyP55GPgNJz5DB
jtHhfT6Q1iWRwQuidqfz3SHOzhsCe0CkKMSblQMN/fphhWYn0eaURwuoraRyYOHI
tg4MzwKBgGImdyBx/l6bkWa4GywZ9iw5RDe7KYN9UclnBcHDkIELXskp8bTbwpBy
m/IyLC5eLOzdK7c2Odtd3LP/AG5fYPAzQ5S6YmSDPp1JEKODbg51wcMJpLSvG2Q/
P5paV/ZAKbxgXpilBrjSejM/QLYqD8756z5lgo5biR7bGkBA+nkj
-----END RSA PRIVATE KEY-----

101
docker/omc/nginx/nginx.conf
View File

@@ -64,23 +64,13 @@ http {
listen 80;
listen [::]:80;
server_name localhost;
#if ($scheme = "http") {
# return 301 https://$host$request_uri;
#}
# 修改允许最大请求体大小为100MB
client_max_body_size 100M;
# 持久连接的超时时间默认60s
keepalive_timeout 180s;
#access_log /var/log/nginx/host.access.log main;
# ssl_certificate /etc/nginx/cert/www.x.cn_chain.crt;
# ssl_certificate_key /etc/nginx/cert/www.x.cn.key;
# ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
# ssl_session_timeout 5m;
# ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
# ssl_prefer_server_ciphers on;
# ssl_dhparam /etc/nginx/cert/dhparams.pem;
# OMC
location / {
root /usr/local/bin/web;
@@ -91,12 +81,6 @@ http {
}
location /omc-api/ {
proxy_pass http://127.0.0.1:33030/;
proxy_connect_timeout 180s; # 默认60s
proxy_send_timeout 180s; # 默认60s
proxy_read_timeout 180s; # 默认60s
proxy_cache_bypass $http_upgrade;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
@@ -106,13 +90,15 @@ http {
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_connect_timeout 180s;
proxy_send_timeout 180s;
proxy_read_timeout 180s;
proxy_pass http://127.0.0.1:33030/;
}
location /api/rest/ {
# 添加斜杠并重定向
#rewrite ^([^.]*[^/])$ $1/ permanent;
proxy_pass http://127.0.0.1:33030/api/rest/;
proxy_cache_bypass $http_upgrade;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
@@ -122,6 +108,8 @@ http {
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_pass http://127.0.0.1:33030/api/rest/;
}
#error_page 404 /404.html;
@@ -130,7 +118,72 @@ http {
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/local/etc/omc/frontend;
return 301 http://$host$request_uri;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name localhost;
client_max_body_size 100M;
keepalive_timeout 180s;
ssl_certificate /etc/nginx/cert/omc-server.crt;
ssl_certificate_key /etc/nginx/cert/omc-server.key;
ssl_session_timeout 5m;
ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
# OMC
location / {
root /usr/local/bin/web;
#root /usr/local/etc/omc/frontend;
try_files $uri $uri/ /index.html;
index index.html index.htm;
}
location /omc-api/ {
proxy_cache_bypass $http_upgrade;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_connect_timeout 180s;
proxy_send_timeout 180s;
proxy_read_timeout 180s;
proxy_pass https://127.0.0.1:33443/;
}
location /api/rest/ {
proxy_cache_bypass $http_upgrade;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_pass https://127.0.0.1:33443/api/rest/;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
return 301 https://$host$request_uri;
}
}
}

9
docker/omc/omc.yaml
View File

@@ -16,6 +16,15 @@ rest:
- ipv4: 0.0.0.0
ipv6:
port: 33030
scheme: http
- ipv4: 0.0.0.0
ipv6:
port: 33443
scheme: https
clientAuthType: 0
caFile: /etc/nginx/cert/omc-ca.crt
certFile: /etc/nginx/cert/omc-server.crt
keyFile: /etc/nginx/cert/omc-server.key
webServer:
enabled: false

1
docker/omc/tmp/README.md Normal file
View File

@@ -0,0 +1 @@
# OMC tmp Dir