feature: PaaS容器部署适配 (closed #10)

.gitignore

@@ -91,7 +91,6 @@ celerybeat-schedule
 # Environments
 .env
 .venv
-env/
 venv/
 ENV/
 
@@ -177,3 +176,6 @@ tests/postman/bkman
 # Thumbnails
 ._*
 
+
+.helm
+!env/

app_desc.yaml

@@ -0,0 +1,131 @@
+spec_version: 2
+app_version: "{{APP_VERSION}}"
+app:
+    region: default
+    bk_app_code: "bk_nodeman"
+    bk_app_name: "节点管理"
+    market:
+        category: 运维工具
+        introduction: 通过节点管理，可以对蓝鲸体系中的gse agent进行管理，包括状态查询、版本更新、配置管理、健康检查、进程管理等。
+        display_options:
+            width: 1300
+            height: 720
+            is_win_maximize: True
+            open_mode: "new_tab"
+modules:
+    default:
+        is_default: True
+        source_dir: src
+        language: Python
+        services:
+            - name: mysql
+            - name: bkrepo
+        env_variables:
+            - key: BKAPP_IS_V3_CONTAINER
+              value: "True"
+              description: 是否运行在V3容器版本
+            - key: PIP_VERSION
+              value: "20.2.3"
+              description: 固化pip版本
+            - key: STORAGE_TYPE
+              value: "BLUEKING_ARTIFACTORY"
+              description: 存储类型
+            - key: BKAPP_RUN_ENV
+              value: "ce"
+              description: 运行环境，app_desc 暂时只在社区版使用，为了简化部署在此声明配置
+            - key: GSE_ENABLE_SVR_DISCOVERY
+              value: "True"
+              description: 是否启用 gse svr 服务发现，启用后，默认接入点会通过zk的方式，自动更新gse svr信息
+
+        svc_discovery:
+            bk_saas:
+                - bk_app_code: "bk_iam"
+                - bk_app_code: "bk_nodeman"
+                  module_name: "backend"
+                - bk_app_code: "bk_nodeman"
+                  module_name: "default"
+        processes:
+            web:
+                command: gunicorn wsgi -w 4 -b :$PORT --access-logfile - --error-logfile - --access-logformat '[%(h)s] %({request_id}i)s %(u)s %(t)s "%(r)s" %(s)s %(D)s %(b)s "%(f)s" "%(a)s"'
+                plan: 4C2G5R
+                replicas: 5
+
+    backend:
+        is_default: False
+        source_dir: src
+        language: Python
+        services:
+            - name: rabbitmq
+            - name: redis
+            - name: bkrepo
+              shared_from: default
+            - name: mysql
+              shared_from: default
+        env_variables:
+            - key: BKAPP_IS_V3_CONTAINER
+              value: "True"
+              description: 是否运行在V3容器版本
+            - key: REDIS_MODE
+              value: "standalone"
+              description: 后台配置的Redis模式
+            - key: BACKEND_CONFIG
+              value: "True"
+              description: 是否启用后台配置，用于同一份代码区分SaaS和后台的差异化配置
+            - key: PIP_VERSION
+              value: "20.2.3"
+              description: 固化pip版本
+            - key: BKAPP_IS_PAAS_DEPLOY
+              value: "True"
+              description: 是否基于PaaS部署
+            - key: STORAGE_TYPE
+              value: "BLUEKING_ARTIFACTORY"
+              description: 存储类型
+            - key: BKAPP_RUN_ENV
+              value: "ce"
+              description: 运行环境，app_desc 暂时只在社区版使用，为了简化部署在此声明配置
+            - key: GSE_ENABLE_SVR_DISCOVERY
+              value: "True"
+              description: 是否启用 gse svr 服务发现，启用后，默认接入点会通过zk的方式，自动更新gse svr信息
+
+        svc_discovery:
+            bk_saas:
+                - bk_app_code: "bk_iam"
+                - bk_app_code: "bk_nodeman"
+                  module_name: "backend"
+                - bk_app_code: "bk_nodeman"
+                  module_name: "default"
+
+
+        processes:
+            backend-web:
+                command: gunicorn --timeout 300 -w 8 -b :$PORT -k gevent wsgi:application --access-logfile - --error-logfile - --access-logformat '[%(h)s] %({request_id}i)s %(u)s %(t)s "%(r)s" %(s)s %(D)s %(b)s "%(f)s" "%(a)s"'
+                plan: 4C2G5R
+                replicas: 5
+            celery-beat:
+                command: celery -A apps.backend beat -l info
+                plan: 4C2G5R
+                replicas: 1
+            dworker:
+                command: celery -A apps.backend worker -Q default --autoscale=8,2 --maxtasksperchild=50 -O fair --time-limit=1800
+                plan: 4C2G5R
+                replicas: 5
+            bworker:
+                command: celery -A apps.backend worker -Q backend  --autoscale=16,2 --maxtasksperchild=50 -O fair --time-limit=1800
+                plan: 4C2G5R
+                replicas: 5
+            baworker:
+                command: celery -A apps.backend worker -Q backend_additional_task -c 10 -O fair --time-limit=1800 --maxtasksperchild=50
+                plan: 4C2G5R
+                replicas: 5
+            pworker:
+                command: celery -A apps.backend worker -Q pipeline,pipeline_priority -n pipeline_worker@%h --maxtasksperchild=50 --autoscale=16,2 -O fair --time-limit=1800
+                plan: 4C2G5R
+                replicas: 5
+            psworker:
+                command: celery -A apps.backend worker -Q service_schedule,service_schedule_priority -n schedule_worker@%h --maxtasksperchild=50 -c 50 -P eventlet -O fair --time-limit=1800
+                plan: 4C2G5R
+                replicas: 5
+            paworker:
+                command: celery -A apps.backend worker -Q pipeline_additional_task,pipeline_additional_task_priority -n common_worker@%h -l info --autoscale=16,2 --maxtasksperchild=50 -O fair --time-limit=1800
+                plan: 4C2G5R
+                replicas: 5

apps/backend/management/commands/copy_file_to_nginx.py

@@ -16,10 +16,15 @@
 from django.conf import settings
 from django.core.management.base import BaseCommand
 
+from apps.core.files.storage import constants as core_files_constants
 from apps.core.files.storage import get_storage
 from apps.node_man.models import AccessPoint
 from apps.utils import files
 
+from . import utils
+
+log_and_print = utils.get_log_and_print("copy_file_to_nginx(storage)")
+
 
 def copy_dir_files_to_storage(
     source_dir_path: str, target_dir_paths: Iterable[str], ignored_dir_names: Optional[List[str]] = None
@@ -31,6 +36,12 @@ def copy_dir_files_to_storage(
     :param ignored_dir_names: 忽略的目录名称
     :return:
     """
+
+    log_and_print(
+        f"source_dir_path -> {source_dir_path} \n target_dir_path -> {target_dir_paths} \n "
+        f"ignored_dir_names -> {ignored_dir_names}"
+    )
+
     storage = get_storage(file_overwrite=True)
     source_file_paths = files.fetch_file_paths_from_dir(dir_path=source_dir_path, ignored_dir_names=ignored_dir_names)
 
@@ -43,16 +54,41 @@ def copy_dir_files_to_storage(
                 storage.save(name=target_file_path, content=target_file_fs)
                 target_file_fs.seek(0)
 
+    # 如果使用了蓝鲸制品库，更新默认接入点的下载地址
+    if storage.storage_type == core_files_constants.StorageType.BLUEKING_ARTIFACTORY.value:
+        default_ap = AccessPoint.objects.all().first()
+        default_save_path = default_ap.nginx_path or settings.DOWNLOAD_PATH
+        if default_save_path.startswith("/"):
+            default_save_path = default_save_path[1:]
+        package_download_url = os.path.join(
+            storage.endpoint_url, "generic", storage.project_id, storage.bucket, default_save_path
+        )
+        log_and_print(f"storage_type -> {storage.storage_type}, init package_download_url -> {package_download_url}")
+
+        default_ap.package_inner_url = package_download_url
+        default_ap.package_outer_url = package_download_url
+        default_ap.save()
+
 
 class Command(BaseCommand):
     def handle(self, *args, **options):
         """
         拷贝scripts下的文件到nginx download下
         """
+
+        if not settings.BK_BACKEND_CONFIG:
+            log_and_print("command only work on settings.BK_BACKEND_CONFIG == True")
+            return
+
         # 接入点配置的nginx路径
-        nginx_paths = {ap.nginx_path for ap in AccessPoint.objects.all() if ap.nginx_path}
+        target_dir_paths = {ap.nginx_path for ap in AccessPoint.objects.all() if ap.nginx_path}
         # 默认nginx路径
-        nginx_paths.add(settings.DOWNLOAD_PATH)
+        target_dir_paths.add(settings.DOWNLOAD_PATH)
+
         copy_dir_files_to_storage(
-            source_dir_path=settings.BK_SCRIPTS_PATH, target_dir_paths=nginx_paths, ignored_dir_names=["__pycache__"]
+            source_dir_path=settings.BK_SCRIPTS_PATH,
+            target_dir_paths=target_dir_paths,
+            ignored_dir_names=["__pycache__"],
         )
+
+        log_and_print("success.")

apps/backend/tests/management/commands/test_copy_file_to_nginx.py

@@ -30,6 +30,7 @@ class CopyFileToNginxTestCase(CustomBaseTestCase):
         settings: {
             "BK_SCRIPTS_PATH": BK_SCRIPTS_PATH,
             "STORAGE_TYPE": core_files_constants.StorageType.FILE_SYSTEM.value,
+            "BK_BACKEND_CONFIG": True,
         },
     }
 
@@ -69,6 +70,7 @@ class BkRepoCopyFileToNginxTestCase(CopyFileToNginxTestCase):
             "BKREPO_ENDPOINT_URL": "http://127.0.0.1",
             "BK_SCRIPTS_PATH": BK_SCRIPTS_PATH,
             "STORAGE_TYPE": core_files_constants.StorageType.BLUEKING_ARTIFACTORY.value,
+            "BK_BACKEND_CONFIG": True,
         },
     }
 

apps/node_man/handlers/debug.py

@@ -93,7 +93,7 @@ def subscription_details(self, subscription_id):
                 "task_actions": task.actions,
                 "is_auto_trigger": task.is_auto_trigger,
                 "create_time": task.create_time,
-                "details": f"{settings.BK_NODEMAN_URL}/api/debug/fetch_task_details?"
+                "details": f"{settings.BK_NODEMAN_HOST}/api/debug/fetch_task_details?"
                 f"subscription_id={subscription_id}&task_id={task.id}",
             }
 
@@ -171,7 +171,7 @@ def fetch_subscriptions_by_host(self, bk_host_id):
             result.append(
                 {
                     "subscription_id": record.subscription_id,
-                    "subscription_detail": f"{settings.BK_NODEMAN_URL}/api/debug/fetch_subscription_details?"
+                    "subscription_detail": f"{settings.BK_NODEMAN_HOST}/api/debug/fetch_subscription_details?"
                     f"subscription_id={record.subscription_id}",
                 }
             )

apps/node_man/handlers/iam.py

@@ -40,7 +40,7 @@ class IamHandler(APIModel):
     ]
 
     if settings.USE_IAM:
-        _iam = IAM(settings.APP_CODE, settings.SECRET_KEY, settings.BK_IAM_HOST, settings.BK_IAM_ESB_PAAS_HOST)
+        _iam = IAM(settings.APP_CODE, settings.SECRET_KEY, settings.BK_IAM_INNER_HOST, settings.BK_PAAS_INNER_HOST)
     else:
         _iam = object
 
@@ -322,7 +322,7 @@ def fetch_redirect_url(self, params, username):
                         apply_info["related_resource_types"][0]["instances"] = instances
             data["actions"].append(apply_info)
         ok, message, result = IamHandler._iam._client.get_apply_url(bk_token="", bk_username=username, data=data)
-        return result or settings.BK_IAM_URL
+        return result or settings.BK_IAM_SAAS_HOST
 
     @staticmethod
     def return_resource_instance_creator(resource_id, instance_id, instance_name, creator):

apps/node_man/iam_provider.py

@@ -575,7 +575,7 @@ class IamRegister(object):
     ]
 
     def __init__(self):
-        self._iam = IAM(settings.APP_CODE, settings.SECRET_KEY, settings.BK_IAM_HOST, settings.BK_PAAS_INNER_HOST)
+        self._iam = IAM(settings.APP_CODE, settings.SECRET_KEY, settings.BK_IAM_INNER_HOST, settings.BK_PAAS_INNER_HOST)
 
     def register_system(self):
         # ***需要将placeholder改为内网访问地址***

apps/node_man/periodic_tasks/__init__.py

@@ -19,5 +19,9 @@
 from .sync_proc_status_task import sync_proc_status_task  # noqa
 from .update_proxy_file import update_proxy_file  # noqa
 
+# 是否启用 gse svr 服务发现，启用后，默认接入点会通过zk的方式，自动更新gse svr信息
+if getattr(settings, "GSE_ENABLE_SVR_DISCOVERY", False):
+    from .gse_svr_discovery import gse_svr_discovery  # noqa
+
 if getattr(settings, "CONFIG_POLICY_BY_TENCENT_VPC", False):
     from .configuration_policy import configuration_policy  # noqa