这里主要是将原来cloud-config.txt中cd git source root,faasd install替换成,经分析source/cmd/install.go后得到的几个静态文件,并将它们直接放进代码中,这样可以免除编译代码直接全部静态资源加脚本逻辑处理。
注意几处,1,/var/lib/faasd的权限一定要设成0755,而不是cmd/install.go中指定的0644。否则containerd启动不了,它要写hosts文件,以调用docker cni。2,结尾服务启动时,须留足充足的时间让images都下载完,只有下载完镜像才会启动网卡的。加了一些关于镜像和虚拟网卡是否准备完毕和唤起的判断,重点是离线镜像。
由于影响脚本失败的地方和可变因素主要来自镜像的拉取(及之后cni网络唤起,faasd up建立cni有一定机率让openfaas0网络出现很慢。),故设置了预拉取离线镜像并判断(本来之前计划是预配置cni,但与镜像部分结合紧密,且后来考虑到镜像拉取如果OK,cni过程应该无须再考虑)。使得onedrive+om可代替docker register仓库(github也有一个git bundle create offline-repos master,这对应我在《在openfaas面板上安装onemanager》文尾把git和docker仓库静态化的设想)。
# install faasd installOpenfaasd() { [[ $(systemctl is-active faasd-provider) == "activating" ]] && systemctl stop faasd-provider [[ $(systemctl is-active faasd) == "activating" ]] && systemctl stop faasd ps -ef|grep faasd|awk '{print $2}'|xargs kill -9 rm -rf ${INSTALL_DIR}/bin/faas* rm -rf /var/lib/faasd /var/lib/faasd-provider echo "=====faasd install+start progress(this may finally fail due to incorrect folder permissions or network issues,you can maunal fix it later with systemctl restart faasd)=====" msg=$( # begin if [ ! -f "/tmp/faas-cli" ]; then wget --no-check-certificate -qO- ${OPENFAAS_PATH}/faasd/0.9.5/faasd > /tmp/faasd fi cp /tmp/faasd ${INSTALL_DIR}/bin/faasd && chmod a+x ${INSTALL_DIR}/bin/faasd && ln -sf ${INSTALL_DIR}/bin/faasd /usr/local/bin/faasd #export GOPATH=$HOME # ...... #systemctl status -l faasd-provider --no-pager #systemctl status -l faasd --no-pager mkdir -p /var/lib/faasd && chmod 0755 /var/lib/faasd && mkdir -p /var/lib/faasd-provider && chmod 0755 /var/lib/faasd-provider && mkdir -p /var/lib/faasd/secrets rm -rf /var/lib/faasd/docker-compose.yaml cat << 'EOF' > /var/lib/faasd/docker-compose.yaml version: "3.7" services: basic-auth-plugin: image: "docker.io/openfaas/basic-auth-plugin:0.18.18ARCH_SUFFIX" environment: - port=8080 - secret_mount_path=/run/secrets - user_filename=basic-auth-user - pass_filename=basic-auth-password volumes: # we assume cwd == /var/lib/faasd - type: bind source: ./secrets/basic-auth-password target: /run/secrets/basic-auth-password - type: bind source: ./secrets/basic-auth-user target: /run/secrets/basic-auth-user cap_add: - CAP_NET_RAW nats: image: docker.io/library/nats-streaming:0.11.2 command: - "/nats-streaming-server" - "-m" - "8222" - "--store=memory" - "--cluster_id=faas-cluster" # ports: # - "" prometheus: image: docker.io/prom/prometheus:v2.14.0 volumes: - type: bind source: ./prometheus.yml target: /etc/prometheus/prometheus.yml cap_add: - CAP_NET_RAW ports: - "" gateway: image: "docker.io/openfaas/gateway:0.18.18ARCH_SUFFIX" environment: - basic_auth=true - functions_provider_url=http://faasd-provider:8081/ - direct_functions=false - read_timeout=60s - write_timeout=60s - upstream_timeout=65s - faas_nats_address=nats - faas_nats_port=4222 - auth_proxy_url=http://basic-auth-plugin:8080/validate - auth_proxy_pass_body=false - secret_mount_path=/run/secrets - scale_from_zero=true volumes: # we assume cwd == /var/lib/faasd - type: bind source: ./secrets/basic-auth-password target: /run/secrets/basic-auth-password - type: bind source: ./secrets/basic-auth-user target: /run/secrets/basic-auth-user cap_add: - CAP_NET_RAW depends_on: - basic-auth-plugin - nats - prometheus ports: - "8080:8080" queue-worker: image: docker.io/openfaas/queue-worker:0.11.2 environment: - faas_nats_address=nats - faas_nats_port=4222 - gateway_invoke=true - faas_gateway_address=gateway - ack_wait=5m5s - max_inflight=1 - write_debug=false - basic_auth=true - secret_mount_path=/run/secrets volumes: # we assume cwd == /var/lib/faasd - type: bind source: ./secrets/basic-auth-password target: /run/secrets/basic-auth-password - type: bind source: ./secrets/basic-auth-user target: /run/secrets/basic-auth-user cap_add: - CAP_NET_RAW depends_on: - nats EOF sed -i "s#ARCH_SUFFIX##g" /var/lib/faasd/docker-compose.yaml rm -rf /var/lib/faasd/prometheus.yml cat << 'EOF' > /var/lib/faasd/prometheus.yml # my global config global: scrape_interval: 15s # Set the scrape interval to every 15 seconds. Default is every 1 minute. evaluation_interval: 15s # Evaluate rules every 15 seconds. The default is every 1 minute. # scrape_timeout is set to the global default (10s). # Alertmanager configuration alerting: alertmanagers: - static_configs: - targets: # - alertmanager:9093 # Load rules once and periodically evaluate them according to the global 'evaluation_interval'. rule_files: # - "first_rules.yml" # - "second_rules.yml" # A scrape configuration containing exactly one endpoint to scrape: # Here it's Prometheus itself. scrape_configs: - job_name: 'prometheus' static_configs: - targets: ['localhost:9090'] - job_name: 'gateway' static_configs: - targets: ['gateway:8082'] EOF rm -rf /var/lib/faasd/resolv.conf cat << 'EOF' > /var/lib/faasd/resolv.conf nameserver EOF rm -rf /var/lib/faasd-provider/resolv.conf cat << 'EOF' > /var/lib/faasd-provider/resolv.conf nameserver EOF rm -rf /var/lib/faasd/secrets/basic-auth-user cat << 'EOF' > /var/lib/faasd/secrets/basic-auth-user admin EOF rm -rf /var/lib/faasd/secrets/basic-auth-password cat << 'EOF' > /var/lib/faasd/secrets/basic-auth-password PLEASECORRECTME EOF sed -i "s#PLEASECORRECTME#${PASS_INIT}#g" /var/lib/faasd/secrets/basic-auth-password rm -rf /etc/systemd/system/faasd-provider.service cat << 'EOF' > /etc/systemd/system/faasd-provider.service [Unit] Description=faasd-provider [Service] MemoryLimit=500M Environment="secret_mount_path=/var/lib/faasd/secrets" Environment="basic_auth=true" ExecStart=/usr/local/bin/faasd provider Restart=on-failure RestartSec=10s WorkingDirectory=/var/lib/faasd-provider # add # User=root [Install] WantedBy=multi-user.target EOF rm -rf /etc/systemd/system/faasd.service cat << 'EOF' > /etc/systemd/system/faasd.service [Unit] Description=faasd After=faasd-provider.service [Service] MemoryLimit=500M ExecStart=/usr/local/bin/faasd up Restart=on-failure RestartSec=10s WorkingDirectory=/var/lib/faasd # add # User=root [Install] WantedBy=multi-user.target EOF # in saftey,first downloads image and import them offline by advance if [ ! -f "/tmp/faasd-containers.tar.gz" ]; then wget --no-check-certificate -qO- ${OPENFAAS_PATH}/faasd/0.9.5/faasd-containers.tar.gz > /tmp/faasd-containers.tar.gz && tar -xf /tmp/faasd-containers.tar.gz -C /tmp fi ctr --address=/run/containerd/containerd.sock image import /tmp/faasd-containers/basic-auth-plugin-0.18.18.tar ctr --address=/run/containerd/containerd.sock image import /tmp/faasd-containers/nats-streaming-0.11.2.tar ctr --address=/run/containerd/containerd.sock image import /tmp/faasd-containers/gateway-0.18.18.tar ctr --address=/run/containerd/containerd.sock image import /tmp/faasd-containers/queue-worker-0.11.2.tar ctr --address=/run/containerd/containerd.sock image import /tmp/faasd-containers/prometheus-v2.14.0.tar systemctl daemon-reload && systemctl enable faasd-provider faasd systemctl start faasd-provider --no-pager systemctl start faasd --no-pager 2>&1) status=$? updateProgress 65 "$msg" "$status" "faasd install+start" # then, wait extra 30 for cni taking effort sleep 30 # finally check to ensure every container services and cni network being ready for i in 1 2 3; do [[ ! -z "$(ctr image list|grep basic-auth-plugin)" ]] && break;sleep 3;echo "checking basic-auth ($i),if failed at 3,it may require a reboot"; done for i in 1 2 3; do [[ ! -z "$(ctr image list|grep nats)" ]] && break;sleep 3;echo "checking nats ($i),if failed at 3,it may require a reboot"; done for i in 1 2 3; do [[ ! -z "$(ctr image list|grep prometheus)" ]] && break;sleep 3;echo "checking prometheus ($i),if failed at 3,it may require a reboot"; done for i in 1 2 3; do [[ ! -z "$(ctr image list|grep gateway)" ]] && break;sleep 3;echo "checking gateway ($i),failed at 3,it may require a reboot"; done for i in 1 2 3; do [[ ! -z "$(ctr image list|grep queue-worker)" ]] && break;sleep 3;echo "checking queueworker ($i),if failed at 3,it may require a reboot"; done for i in 1 2 3 4 5; do [[ ! -z "$(brctl show|grep openfaas0)" ]] && break;sleep 3;echo "checking openfaas0 ($i),if failed at 5,it may require a reboot"; done echo "=====================faas-cli install+login progress=======================" msg=$( #begin if [ ! -f "/tmp/faas-cli" ]; then wget --no-check-certificate -qO- ${OPENFAAS_PATH}/faas-cli/0.12.9/faas-cli > /tmp/faas-cli fi cp /tmp/faas-cli ${INSTALL_DIR}/bin/faas-cli && chmod a+x ${INSTALL_DIR}/bin/faas-cli && ln -sf ${INSTALL_DIR}/bin/faas-cli /usr/local/bin/faas && ln -sf ${INSTALL_DIR}/bin/faas-cli /usr/local/bin/faas-cli mkdir -p /var/lib/faasd/.docker ln -sf ~/.docker/config.json /var/lib/faasd/.docker/config.json sleep 5 && journalctl -u faasd --no-pager cat /var/lib/faasd/secrets/basic-auth-password | /usr/local/bin/faas-cli login --password-stdin 2>&1) status=$? updateProgress 70 "$msg" "$status" "faas-cli install+login" }
# install paiserver installPai() { [[ $(systemctl is-active tencentcloud-pai-mate) == "activating" ]] && systemctl stop tencentcloud-pai-mate [[ $(systemctl is-active tencentcloud-pai-mate-update) == "activating" ]] && systemctl stop tencentcloud-pai-mate-update [[ $(systemctl is-active tencentcloud-pai-agent) == "activating" ]] && systemctl stop tencentcloud-pai-agent rm -rf ${INSTALL_DIR}/pai ${INSTALL_DIR}/pai-mate echo "=====================paimate install+start progress=======================" msg=$( # prepare directory mkdir -p ${INSTALL_DIR}/pai-mate # prepare mkdir -p ${INSTALL_DIR}/pai echo "export PATH=/root/.local/pai-mate/bin:$PATH" > ${INSTALL_DIR}/pai/pai-mate-env source ${INSTALL_DIR}/pai/pai-mate-env # get node/npm binary path # prepare workspace mkdir -p ${DATA_DIR}/pai_mate_workspaces # download package if [ ! -f "/tmp/pai-mate-latest.tar.xz" ]; then wget --no-check-certificate -qO- ${PAI_MATE_SERVER_PATH}/pai-mate-latest.tar.xz > /tmp/pai-mate-latest.tar.xz fi # unzip tar -Jxf /tmp/pai-mate-latest.tar.xz -C ${INSTALL_DIR}/pai-mate mv /tmp/pai-mate-latest.tar.xz /tmp/pai-mate-latest.tar.xz.old cd ${INSTALL_DIR}/pai-mate # config echo "UPDATE_PATH: ${PAI_MATE_SERVER_PATH}" > config.yml echo "DOMAIN_NAME: ${DOMAIN_NAME}" >> config.yml echo "CERT_PATH: /etc/letsencrypt/live/${DOMAIN_NAME}/fullchain.pem" >> config.yml echo "KEY_PATH: /etc/letsencrypt/live/${DOMAIN_NAME}/privkey.pem" >> config.yml #npm install --production --unsafe-perm=true --allow-root npm run migrate:latest # systemd service start rm -rf /etc/systemd/system/tencentcloud-pai-mate.service cat << 'EOF' > /etc/systemd/system/tencentcloud-pai-mate.service [Unit] Description=Tencent Cloud Pai Mate After=network.target [Service] Type=simple Restart=always RestartSec=1 User=root Environment=PATH=/root/.local/pai-mate/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin WorkingDirectory=/root/.local/pai-mate ExecStart=/root/.local/pai-mate/bin/start.sh [Install] WantedBy=multi-user.target EOF rm -rf /etc/systemd/system/tencentcloud-pai-mate-update.service cat << 'EOF' > /etc/systemd/system/tencentcloud-pai-mate-update.service [Unit] Description=Tencent Cloud Pai Mate Update After=network.target [Service] Type=oneshot User=root Environment=PATH=/root/.local/pai-mate/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin WorkingDirectory=/root/.local/pai-mate ExecStart=/root/.local/pai-mate/bin/update.sh EOF rm -rf /etc/systemd/system/tencentcloud-pai-mate-update.timer cat << 'EOF' > /etc/systemd/system/tencentcloud-pai-mate-update.timer [Unit] Description=Tencent Cloud Pai Mate Update [Timer] OnCalendar=daily RandomizedDelaySec=5minutes Persistent=true [Install] WantedBy=timers.target EOF chmod +x ${INSTALL_DIR}/pai-mate/bin/* systemctl daemon-reload systemctl enable tencentcloud-pai-mate.service systemctl start tencentcloud-pai-mate.service systemctl start tencentcloud-pai-mate-update.timer 2>&1) status=$? updateProgress 90 "$msg" "$status" "paimate install+start" echo "=====================pai install+start progress=======================" msg=$(#begin mkdir -p ${INSTALL_DIR}/pai/etc mkdir -p ${INSTALL_DIR}/pai/bin echo "server_path: ${SERVER_PATH}" > ${INSTALL_DIR}/pai/etc/pai.yml echo "domain_name: ${DOMAIN_NAME}" >> ${INSTALL_DIR}/pai/etc/pai.yml # Note: `agent` binary will update and run this time. `baker` binay will be run next time. # cannot overwrite binay, error: text busy # mv -f "${INSTALL_DIR}/pai/bin/pai_agent" "${INSTALL_DIR}/pai/bin/pai_agent.old" # mv -f "${INSTALL_DIR}/pai/bin/pai_baker" "${INSTALL_DIR}/pai/bin/pai_baker.old" wget --no-check-certificate -qO- "${SERVER_PATH}/bin/pai_agent" > "${INSTALL_DIR}/pai/bin/pai_agent" # curl "${SERVER_PATH}/bin/pai_baker" -sSf > "${INSTALL_DIR}/pai/bin/pai_baker" chmod +x "${INSTALL_DIR}/pai/bin/pai_agent" # chmod +x "${INSTALL_DIR}/pai/bin/pai_baker" rm -rf /etc/systemd/system/tencentcloud-pai-agent.service cat << 'EOF' > /etc/systemd/system/tencentcloud-pai-agent.service [Unit] Description=Tencent Cloud Pai Agent After=network.target [Service] Type=simple Restart=always RestartSec=1 User=root ExecStart=/root/.local/pai/bin/pai_agent [Install] WantedBy=multi-user.target EOF rm -rf /etc/systemd/system/tencentcloud-pai-baker.timer cat << 'EOF' > /etc/systemd/system/tencentcloud-pai-baker.timer [Unit] Description=Tencent Cloud Pai Baker [Timer] OnCalendar=daily RandomizedDelaySec=5minutes #OnCalendar=*-*-* *:*:00 Persistent=true [Install] WantedBy=timers.target EOF systemctl daemon-reload systemctl enable tencentcloud-pai-agent.service systemctl start tencentcloud-pai-agent.service 2>&1) # systemctl restart tencentcloud-pai-baker.timer status=$? updateProgress 100 "$msg" "$status" "pai install+start" } if [ $PANEL_TYPE == "0" ]; then installOpenfaasd else installPai fi
# install codeserver installCodeserver() { [[ $(systemctl is-active code-server) == "activating" ]] && systemctl stop code-server rm -rf ${INSTALL_DIR}/bin/code-server ${INSTALL_DIR}/lib/code-server-3.5.0 ${CONFIG_DIR}/code-server echo "=====================codeserver install+start progress=======================" msg=$(# begin mkdir -p ${INSTALL_DIR}/lib/code-server-3.5.0 ${INSTALL_DIR}/bin ${CONFIG_DIR}/code-server if [ ! -f "/tmp/code-server-3.5.0-linux-amd64.tar.gz" ]; then wget --no-check-certificate -qO- ${CODE_SERVER_PATH}/v3.5.0/code-server-3.5.0-linux-amd64.tar.gz > /tmp/code-server-3.5.0-linux-amd64.tar.gz fi tar -xf /tmp/code-server-3.5.0-linux-amd64.tar.gz -C ${INSTALL_DIR}/lib/code-server-3.5.0 --strip-components=1 ln -s ${INSTALL_DIR}/lib/code-server-3.5.0/bin/code-server /usr/local/bin/code-server # systemd service start rm -rf ${CONFIG_DIR}/code-server/config.yaml cat << 'EOF' > ${CONFIG_DIR}/code-server/config.yaml bind-addr: auth: password password: PLEASECORRECTME cert: false EOF sed -i "s#PLEASECORRECTME#${PASS_INIT}#g" ${CONFIG_DIR}/code-server/config.yaml # systemd service start rm -rf /etc/systemd/system/code-server.service cat << 'EOF' > /etc/systemd/system/code-server.service [Unit] Description=code-server After=network.target [Service] Type=exec ExecStart=/usr/local/bin/code-server Restart=always User=root [Install] WantedBy=default.target EOF systemctl daemon-reload && systemctl enable code-server systemctl start code-server 2>&1) status=$? updateProgress 100 "$msg" "$status" "code-server install+start" } installCodeserver echo "=====================finished .....=====================" if [ $PANEL_TYPE == "0" ]; then echo "the final admin panel url you can access(login with user name admin and passwd given): https://${DOMAIN_NAME}/faasd/,password is '$(cat /var/lib/faasd/secrets/basic-auth-password)',thevscodewebide server at:https://${DOMAIN_NAME}/codeserver/,password is ${PASS_INIT},thank you!!" else echo "the final admin panel url you can access(login with your valid cvm account): https://${DOMAIN_NAME}/pai/,datadir is ${DATA_DIR},thevscodewebide server at:https://${DOMAIN_NAME}/codeserver/,password is ${PASS_INIT},thank you!!" fi # count time endTime=$(date +%s) echo 'Total Time Spent: '$((endTime-beginTime))'s'