OpenShift 4 - DevSecOps (1) - 安装 DevOps 环境
《OpenShift 4.x HOL教程汇总》
说明:本文已经在OpenShift 4.10环境中验证
本文创建的环境包含 RHACS、CI/CD Pipeline,Sonarqube,ArgoCD、Nexus、Gogs,可供《OpenShift 4 - DevSecOps - 在 DevSecOps 过程中,借助 RHACS 发现并修复安全隐患 (视频)》演示使用。
文章目录
- 安装 Ansible 及其相关依赖包
- 根据 Ansible Playbook 安装 DevSecOps Workshop 环境
- 参考
安装 Ansible 及其相关依赖包
- 执行命令安装 Ansible。
$ sudo dnf install ansible
$ ansible --version
ansible 2.9.27config file = /etc/ansible/ansible.cfgconfigured module search path = ['/home/lab-user/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']ansible python module location = /usr/lib/python3.6/site-packages/ansibleexecutable location = /usr/bin/ansiblepython version = 3.6.8 (default, Sep 9 2021, 07:49:02) [GCC 8.5.0 20210514 (Red Hat 8.5.0-3)]
- 安装 Ansible 模块和 Python 依赖包。
$ ansible-galaxy collection install community.kubernetes
$ pip3 install kubernetes openshift jmespath --user
根据 Ansible Playbook 安装 DevSecOps Workshop 环境
- 下载 devsecops-demo。
$ git clone https://github.com/liuxiaoyu-git/devsecops-demo
$ cd devsecops-demo/
- 在登录 OpenShift 后执行安装脚本。
$ oc login --token=TOKEN --server=https://OCP-API-SERVER
$ ./install.sh# INFO: Installing Demo
Using /etc/ansible/ansible.cfg as config file
[WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all'PLAY [Install the ACS Demo] ****************************************************************************************************************************************TASK [Gathering Facts] *********************************************************************************************************************************************
ok: [localhost]TASK [Install Gitops] **********************************************************************************************************************************************。。。。
PLAY RECAP *********************************************************************************************************************************************************
localhost : ok=73 changed=27 unreachable=0 failed=0 skipped=3 rescued=0 ignored=0
- 查看安装资源的状态,包括 gogs、nexus、sonarqube、ACS/Stackrox、ArgoCD等。
$ ./status.sh## GOGS Server - Username/Password: gogs/gogs ##
http://gogs-cicd.apps.cluster-fjprp.fjprp.sandbox1493.opentlc.com## Nexus Server - Username/Password: admin/admin123 ##
https://nexus-cicd.apps.cluster-fjprp.fjprp.sandbox1493.opentlc.com## Sonarqube Server - Username/Password: admin/admin ##
https://sonarqube-cicd.apps.cluster-fjprp.fjprp.sandbox1493.opentlc.com## Reports Server - Username/Password: reports/reports ##
http://reports-repo-cicd.apps.cluster-fjprp.fjprp.sandbox1493.opentlc.com## ACS/Stackrox Server - Username/Password: admin/stackrox ##
https://central-stackrox.apps.cluster-fjprp.fjprp.sandbox1493.opentlc.com## ArgoCD Server - Username/Password: admin/[DEX] ##
https://openshift-gitops-server-openshift-gitops.apps.cluster-fjprp.fjprp.sandbox1493.opentlc.com
- 可以在 OpenShift 控制台中的 Operator 中查看以下三个 Operator 安装到了所有命名空间中。
- 查看 cicd 项目中的 DevOps 资源。
$ oc get all -n cicd
NAME READY STATUS RESTARTS AGE
pod/el-webhook-9f8f5d689-qj6xw 1/1 Running 2 (23m ago) 24m
pod/gogs-b5599944f-vx7h4 1/1 Running 0 26m
pod/gogs-postgresql-67b74f7d99-444f9 1/1 Running 0 26m
pod/init-gogs-ctnsb-pod-5zj29 0/1 Completed 0 24m
pod/nexus-68db449d94-ct7pd 1/1 Running 0 26m
pod/reports-repo-6c87bb8988-6nzg7 2/2 Running 0 26m
pod/sonarqube-6795dbdc79-5qm2j 1/1 Running 0 26mNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/el-webhook ClusterIP 172.30.227.13 <none> 8080/TCP,9000/TCP 24m
service/gogs ClusterIP 172.30.91.84 <none> 3000/TCP 26m
service/gogs-postgresql ClusterIP 172.30.75.218 <none> 5432/TCP 26m
service/nexus ClusterIP 172.30.209.22 <none> 8081/TCP 26m
service/reports-repo ClusterIP 172.30.188.139 <none> 8080/TCP 26m
service/sonarqube ClusterIP 172.30.242.248 <none> 9000/TCP 26mNAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/el-webhook 1/1 1 1 24m
deployment.apps/gogs 1/1 1 1 26m
deployment.apps/gogs-postgresql 1/1 1 1 26m
deployment.apps/nexus 1/1 1 1 26m
deployment.apps/reports-repo 1/1 1 1 26m
deployment.apps/sonarqube 1/1 1 1 26mNAME DESIRED CURRENT READY AGE
replicaset.apps/el-webhook-9f8f5d689 1 1 1 24m
replicaset.apps/gogs-b5599944f 1 1 1 26m
replicaset.apps/gogs-postgresql-67b74f7d99 1 1 1 26m
replicaset.apps/nexus-68db449d94 1 1 1 26m
replicaset.apps/reports-repo-6c87bb8988 1 1 1 26m
replicaset.apps/sonarqube-6795dbdc79 1 1 1 26mNAME HOST/PORT PATH SERVICES PORT TERMINATION WILDCARD
route.route.openshift.io/el-webhook el-webhook-cicd.apps.cluster-fjprp.fjprp.sandbox1493.opentlc.com el-webhook http-listener None
route.route.openshift.io/gogs gogs-cicd.apps.cluster-fjprp.fjprp.sandbox1493.opentlc.com gogs <all> None
route.route.openshift.io/nexus nexus-cicd.apps.cluster-fjprp.fjprp.sandbox1493.opentlc.com nexus 8081-tcp None
route.route.openshift.io/reports-repo reports-repo-cicd.apps.cluster-fjprp.fjprp.sandbox1493.opentlc.com reports-repo 8080-tcp None
route.route.openshift.io/sonarqube sonarqube-cicd.apps.cluster-fjprp.fjprp.sandbox1493.opentlc.com sonarqube 9000-tcp edge None
- 查看 devsecops-dev 项目中的应用资源。
$ oc get all -n devsecops-dev
NAME READY STATUS RESTARTS AGE
pod/spring-petclinic-566fd65d6c-zdvvc 1/1 Running 0 21mNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/spring-petclinic ClusterIP 172.30.181.212 <none> 8080/TCP,8443/TCP,8778/TCP 21mNAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/spring-petclinic 1/1 1 1 21mNAME DESIRED CURRENT READY AGE
replicaset.apps/spring-petclinic-566fd65d6c 1 1 1 21mNAME HOST/PORT PATH SERVICES PORT TERMINATION WILDCARD
route.route.openshift.io/spring-petclinic spring-petclinic-devsecops-dev.apps.cluster-fjprp.fjprp.sandbox1493.opentlc.com spring-petclinic 8080-tcp None
- 查看 devsecops-qa 项目中的应用资源。
$ oc get all -n devsecops-qa
NAME READY STATUS RESTARTS AGE
pod/spring-petclinic-566fd65d6c-mng7n 1/1 Running 0 22mNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/spring-petclinic ClusterIP 172.30.93.127 <none> 8080/TCP,8443/TCP,8778/TCP 22mNAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/spring-petclinic 1/1 1 1 22mNAME DESIRED CURRENT READY AGE
replicaset.apps/spring-petclinic-566fd65d6c 1 1 1 22mNAME HOST/PORT PATH SERVICES PORT TERMINATION WILDCARD
route.route.openshift.io/spring-petclinic spring-petclinic-devsecops-qa.apps.cluster-fjprp.fjprp.sandbox1493.opentlc.com spring-petclinic 8080-tcp None
- 查看 stackrox 项目中的 ACS/Stackrox 资源。
$ oc get all -n stackrox
NAME READY STATUS RESTARTS AGE
pod/admission-control-6f6fd7c7f7-5bsbj 1/1 Running 0 23m
pod/admission-control-6f6fd7c7f7-ndt9n 1/1 Running 0 23m
pod/admission-control-6f6fd7c7f7-s9dns 1/1 Running 0 23m
pod/central-6b96668d45-rq5wz 1/1 Running 0 24m
pod/collector-27qg7 2/2 Running 0 23m
pod/collector-bq4kz 2/2 Running 0 23m
pod/collector-n5qcb 2/2 Running 0 23m
pod/collector-rq6sw 2/2 Running 0 23m
pod/collector-vr2tt 2/2 Running 0 23m
pod/collector-xxbmb 2/2 Running 0 23m
pod/scanner-7d77d75f6c-n8x7b 1/1 Running 0 24m
pod/scanner-7d77d75f6c-rqjzh 1/1 Running 0 24m
pod/scanner-db-77dd49d98-6jnbp 1/1 Running 0 24m
pod/sensor-59587d6fc9-n645r 1/1 Running 0 23mNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/admission-control ClusterIP 172.30.154.95 <none> 443/TCP 23m
service/central ClusterIP 172.30.191.135 <none> 443/TCP 24m
service/scanner ClusterIP 172.30.81.169 <none> 8080/TCP,8443/TCP 24m
service/scanner-db ClusterIP 172.30.118.98 <none> 5432/TCP 24m
service/sensor ClusterIP 172.30.75.139 <none> 443/TCP 23m
service/sensor-webhook ClusterIP 172.30.232.229 <none> 443/TCP 23mNAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE
daemonset.apps/collector 6 6 6 6 6 <none> 23mNAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/admission-control 3/3 3 3 23m
deployment.apps/central 1/1 1 1 24m
deployment.apps/scanner 2/2 2 2 24m
deployment.apps/scanner-db 1/1 1 1 24m
deployment.apps/sensor 1/1 1 1 23mNAME DESIRED CURRENT READY AGE
replicaset.apps/admission-control-6f6fd7c7f7 3 3 3 23m
replicaset.apps/central-6b96668d45 1 1 1 24m
replicaset.apps/scanner-7d77d75f6c 2 2 2 24m
replicaset.apps/scanner-db-77dd49d98 1 1 1 24m
replicaset.apps/sensor-59587d6fc9 1 1 1 23mNAME REFERENCE TARGETS MINPODS MAXPODS REPLICAS AGE
horizontalpodautoscaler.autoscaling/scanner Deployment/scanner 0%/150% 2 5 2 24mNAME HOST/PORT PATH SERVICES PORT TERMINATION WILDCARD
route.route.openshift.io/central central-stackrox.apps.cluster-fjprp.fjprp.sandbox1493.opentlc.com central https passthrough None
route.route.openshift.io/central-mtls central.stackrox central https passthrough None
参考
https://github.com/liuxiaoyu-git/devsecops-demo
OpenShift 4 - DevSecOps (1) - 安装 DevOps 环境相关推荐
- OpenShift 4 - DevSecOps (4) - 实现一个 CICD Pipeline,并用 RHACS 发现安全隐患
<OpenShift 4.x HOL教程汇总> 本文在 OpenShift 4.10 环境中进行验证. 文章目录 准备环境 安装 RHACS 环境 安装 Gitea,导入 Git Repo ...
- OpenShift / RHEL / DevSecOps 汇总目录
文章目录 OpenShift / RHEL / DevSecOps 汇总目录 OpenShift 入门 OpenShift 安装 免费线上环境 CRC单机环境 MicroShift Online安装 ...
- OpenShift 4 - DevSecOps Workshop (1) - 安装 Workshop 环境
<OpenShift 4.x HOL教程汇总> 说明:本文已经在OpenShift 4.8环境中验证 <OpenShift 4 - DevSecOps Workshop 系列视频 & ...
- OpenShift 4 - 用 Quay Operator 安装 Quay 环境(4.10 修正)
<OpenShift 4.x HOL教程汇总> 说明:本文已经在OpenShift 4.10 环境中验证 由于新版 Quay 需要使用 OpenShift Data Foundation ...
- OpenShift 4 - DevSecOps Workshop (10) - 向Stage环境部署应用镜像
<OpenShift 4.x HOL教程汇总> 说明:本文已经在OpenShift 4.8环境中验证 <OpenShift 4 - DevSecOps Workshop 系列视频 & ...
- OpenShift 4 - DevSecOps Workshop (9) - 向Dev环境部署应用镜像
<OpenShift 4.x HOL教程汇总> 说明:本文已经在OpenShift 4.8环境中验证 <OpenShift 4 - DevSecOps Workshop 系列视频 & ...
- [OpenShift 4 - DevSecOps Workshop (16) - 使用 VSCode 编辑运行 Tekton Pipeline 资源
<OpenShift 4.x HOL教程汇总> 说明:本文已经在OpenShift 4.8环境中验证 <OpenShift 4 - DevSecOps Workshop 系列视频 & ...
- OpenShift 4 - DevSecOps Workshop (15) - 利用OpenShift GitOps向多个目标部署应用
<OpenShift 4.x HOL教程汇总> 说明:本文已经在OpenShift 4.8环境中验证 <OpenShift 4 - DevSecOps Workshop 系列视频 & ...
- OpenShift 4 - DevSecOps (3) - 用 RHACS 精细化管理云原生应用安全
<OpenShift 4.x HOL教程汇总> 本文在 OpenShift 4.10 环境中进行验证. 在基于 DevSecOps 的应用发布过程中,我们可以使用 RHACS 的策略对镜像 ...
最新文章
- jenkins报错Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password) 的处理
- CMM (软件工程与集成产品开发)
- 异步SOCKET与同步SOCKET
- 分布式消息队列 Kafka
- 成绩排序(信息学奥赛一本通-T1178)
- GitHub年度报告出炉:中国开源贡献仅次美国、Python成第二热门语言
- 新浪病毒NMGameX_AutoRun引起全公司所有打印共享器无法使用
- Linux 添加计划任务
- 怎么在谷歌浏览器中安装.crx扩展名的离线Chrome插件?
- Android Fragment手柄后退按钮按下[重复]
- cad怎么表示出一个孔_怎么训练出一个NB的Prophet模型
- offset must be non-negative and no greater than buffer length (0)(tensorflow.keras)
- 度量相似性数学建模_数学之美读书笔记
- linux awk,sort,uniq,wc,cut命令详解
- shell学习总结(1-4)
- ES Java REST Client 官方文档
- 独家对话阿里巴巴副总裁华先胜: 基础科研的突破,是大浪的源头
- python导入py文件报错
- 【博文汇总】Java程序设计语言
- 如何进行方向性论文调研
热门文章
- c if 判断select已经选择的值_「Linux」——select和epoll详解
- android 设备注册,i2c_设备注册流程
- 手机照片局部放大镜_手机摄影,竟然有3种对焦方式,想拍出专业水准,你必须了解...
- 俯视角场景搭配潮流色彩,诠释海报唯美视角
- UI设计实例|界面设计中,版式实战运用以及设计思路
- 错过就找不到了 Java API文档 免费下载!!!
- PyQT项目优化---添加多线程数控制
- ++i和i++哪个效率更高
- Intel Hyperscan简介
- 如何选指数基金?何时买入指数基金?长投温度如何计算?