Discuss

Setupqcloudpaipanelvps

minlearn 仲裁员
板块:通用举报

在云主机上手动安装腾讯PAI面板

本文关键字:云主机上装管理面板

在前面,我们介绍过lnmp,sandstorm paas,还有黑群晖,docker管理面板,这些都是云OS上的面板扩展和APPSTACK扩展,分散在不同级别被实现,(像群晖这种是OS和面板一体的),包括这里要介绍的pai和未来可能要介绍的openfaas云函数面板,基本可以分为二类,一带无devops无隔离,没有明显的虚拟化APP打包特征,像宝塔,lnmp,pai,APP直接在baremetal上运行,一带devops,基于容器。像docker管理面板,openfaas。都可以做所有通用服务应用不限web,里面基于容器的技术也都类同,不过vs sandstorm paas,openfaas是用标准容器方法达成的(vs真正的用统一语言和统一微内核做的那套,容器是我们当代伪applvl的virtualappliance做得最完善的了。),更开放更devops。

所以谁说openfaas,sandstorm,lamp,dsm这样的规模的东西不是个os?openfaas cloud还有整合存储Minio,类似自建云函数+云存储的方案只不过个人难于负担存储部分只能寻求OD这样的替代。

好了不废话。

上次我们搞好了云主机装机的pebuilder.sh。这次来介绍云主机装机常用的服务器套件,一般这类产品有宝塔,wdcp,lnmp等,但是鉴于我们近期在研究云函数和serverless,这次我们找到了PAI,https://cloud.tencent.com/solution/pai,它在一台云主机上自动绑定一个cloudbase域名,并做了对小程序的自动鉴权(大约小程序对xxx.pai.cloudbase.com的域名自动鉴权,否则需要去小程序后台填自定义域名),集成了git拉取pai项目,自动certbot作ssl验证,当然,tx的servless产品主要有cloudbase(里面有云函数云存储云数据库)和wx ide。这个PAI并不能达到官方cloudbase提供的服务那么完整(自建云函数机制,支持云函数的event,context写法),也不能做到让wx ide完全无缝对接(比如管理PAI上的云函数),这货吧有点像nodejs做的容器和devops,目前它只是自动鉴权方面有点强而已。其它只是一个通用服务器和不使用云函等的小程序后端,没发现什么亮点。

这个PAI它不是一个镜像也不是一个软件,而是需要购买时绑定的。下面我们把它安装在任意云主机上,甚至不是tx cvm也可以。这样我们就失去了那个免费xxx.pai.cloudbase.com三级域名和自动鉴权的好处,但是实际上用自己的域名和自动鉴权也不费事。关键是我们想看看pai有哪些程序可用。直接给脚本:

基础

注意使用说明:云主机事先开5523,并域名绑好到这个云主机上。以便程序内自动申请证书等工作。

一些变量:

MIRROR_PATH="http://default-8g95m46n2bd18f80.service.tcloudbase.com/d/demos"
# the pai backend
SERVER_PATH=${MIRROR_PATH}/pai/agent/stable/pai_agent_framework
PAI_MATE_SERVER_ROOT_PATH=${MIRROR_PATH}/pai/mate
PAI_MATE_SERVER_PATH=${MIRROR_PATH}/pai/mate/stable/install
TOOLS_PATH=${MIRROR_PATH}/pai/tools

安装依赖

apt-get install git nginx gcc python3.6 python3-pip python3-virtualenv python-certbot-nginx golang -y

单独安装node语言件:

# install node.js
installNodejs() {

    echo "=====================node.js progress======================="
    msg=$(wget -q ${TOOLS_PATH}/node-v10.16.2-linux-x64.tar.xz
    tar -Jxvf node-v10.16.2-linux-x64.tar.xz -C /usr/local/
    ln -sf /usr/local/node-v10.16.2-linux-x64 /usr/local/node
    rm node-v10.16.2-linux-x64.tar.xz -f
    # for manual launch node in shell maybe in the later
    echo "export PATH=/usr/local/node/bin:$PATH" >> ${HOME}/.bashrc

    wget -q ${TOOLS_PATH}/pm2-3.5.1.tgz
    PATH=/usr/local/node/bin:$PATH npm install -g pm2-3.5.1.tgz
    PATH=/usr/local/node/bin:$PATH npm install -g serve-handler
    rm pm2-3.5.1.tgz -f

    wget -q ${TOOLS_PATH}/sqlite3-4.1.1.tgz
    PATH=/usr/local/node/bin:$PATH npm config set user 0
    PATH=/usr/local/node/bin:$PATH npm config set unsafe-perm true
    PATH=/usr/local/node/bin:$PATH npm install -g sqlite3-4.1.1.tgz
    rm sqlite3-4.1.1.tgz -f 2>&1)
    status=$?
    updateProgress 10 "$msg" "$status" "node.js"
}

installNodejs

pai前后端基础支持

后端5523会透出管理页面,/data/pai-mate-workspace中的应用代理到nginx 3000,first time renew也是为了生成一个/etc/letsencrypt/renewal/下的模板文件供certbot-renew.service服务使用。 安装中,请保证certbot renew务必成功。否则后面的二个pai服务绝对启动不了。但如果成功,基本安装就能很好完成。

confignginx() {

    echo "=====================certbot renew progress======================="
    systemctl enable nginx.service
    systemctl start nginx

    cp -f /lib/systemd/system/certbot.service /etc/systemd/system/certbot-renew.service
    cp -f /lib/systemd/system/certbot.timer /etc/systemd/system/certbot-renew.timer

    # sed -i "s/renew/renew --nginx/g" /etc/systemd/system/certbot-renew.service

    msg=$(
    #first time renew
    certbot certonly --standalone --agree-tos --non-interactive -m ${EMAIL_NAME} -d ${DOMAIN_NAME} --pre-hook "systemctl stop nginx"

    systemctl daemon-reload 
    systemctl enable certbot-renew.service
    systemctl start certbot-renew.service
    systemctl start certbot-renrew.timer 2>&1)
    status=$?
    updateProgress 40 "$msg" "$status" "certbot renew"


    echo "=====================nginx reconfig progress======================="
    # add nginx conf
    rm -rf /etc/nginx/conf.d/default.conf
    cat << 'EOF' > /etc/nginx/conf.d/default.conf

server {
    listen 443 http2 ssl;
    listen [::]:443 http2 ssl;

    server_name DOMAIN_NAME;

    ssl on;
    ssl_certificate /etc/letsencrypt/live/DOMAIN_NAME/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/DOMAIN_NAME/privkey.pem;
    ssl_session_timeout 5m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
    ssl_prefer_server_ciphers on;

    location / {
        proxy_redirect off;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_pass http://localhost:3000;
    }
}

server {
    listen 80;
    server_name DOMAIN_NAME;

    if ($host = DOMAIN_NAME) {
        return 301 https://$host$request_uri;
    }

    return 404;
}
EOF

    sed -i "s#DOMAIN_NAME#${DOMAIN_NAME}#g" /etc/nginx/conf.d/default.conf

    # restart nginx
    msg=$(systemctl reload nginx.service 
    systemctl restart nginx 2>&1)
    status=$?
    updateProgress 50 "$msg" "$status" "nginx reconfig"

}

confignginx

安装pai,paimate

installPai() {

    echo "=====================paimate install progress======================="
    mkdir -p ${HOME}/pai
    echo "export PATH=/usr/local/node/bin:$PATH" > ${HOME}/pai/pai-mate-env
    
    rm -rf /data/logs
    sudo mkdir /data/logs

    echo "Start installing PAI Mate!"
    echo ${PAI_MATE_SERVER_PATH}
    echo ${DOMAIN_NAME}

    INSTALL_DIR="${HOME}/pai-mate"

    # prepare directory
    mkdir -p ${INSTALL_DIR}

    msg=$(# download package
    wget -qO- ${PAI_MATE_SERVER_PATH}/pai-mate-latest.tar.xz > ${INSTALL_DIR}/pai-mate-latest.tar.xz

    # unzip
    tar -Jxvf ${INSTALL_DIR}/pai-mate-latest.tar.xz  -C ${INSTALL_DIR}
    mv ${INSTALL_DIR}/pai-mate-latest.tar.xz ${INSTALL_DIR}/pai-mate-latest.tar.xz.old

    cd ${INSTALL_DIR}

    # config
    echo "UPDATE_PATH: ${PAI_MATE_SERVER_PATH}" > config.yml
    echo "DOMAIN_NAME: ${DOMAIN_NAME}" >> config.yml
    echo "CERT_PATH: /etc/letsencrypt/live/${DOMAIN_NAME}/fullchain.pem" >> config.yml
    echo "KEY_PATH: /etc/letsencrypt/live/${DOMAIN_NAME}/privkey.pem" >> config.yml

    # prepare
    source ${HOME}/pai/pai-mate-env # get node/npm binary path
    #npm install --production --unsafe-perm=true --allow-root
    # download from cos
    wget -qO- ${PAI_MATE_SERVER_ROOT_PATH}/libs/node_modules.tar.xz | tar -Jxf -
    npm run migrate:latest

    # prepare workspace
    mkdir -p /data/pai_mate_workspaces

    # systemd service start
    rm -rf /etc/systemd/system/tencentcloud-pai-mate.service
    cat << 'EOF' > /etc/systemd/system/tencentcloud-pai-mate.service

[Unit]
Description=Tencent Cloud Pai Mate
After=network.target

[Service]
Type=simple
Restart=always
RestartSec=1
User=root
Environment=PATH=/usr/local/node/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
WorkingDirectory=/root/pai-mate
ExecStart=/root/pai-mate/bin/start.sh

[Install]
WantedBy=multi-user.target
EOF

    rm -rf /etc/systemd/system/tencentcloud-pai-mate-update.service
    cat << 'EOF' > /etc/systemd/system/tencentcloud-pai-mate-update.service

[Unit]
Description=Tencent Cloud Pai Mate Update
After=network.target

[Service]
Type=oneshot
User=root
Environment=PATH=/usr/local/node/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
WorkingDirectory=/root/pai-mate
ExecStart=/root/pai-mate/bin/update.sh
EOF

    rm -rf /etc/systemd/system/tencentcloud-pai-mate-update.timer
    cat << 'EOF' > /etc/systemd/system/tencentcloud-pai-mate-update.timer

[Unit]
Description=Tencent Cloud Pai Mate Update

[Timer]
OnCalendar=daily
RandomizedDelaySec=5minutes
Persistent=true

[Install]
WantedBy=timers.target
EOF

    chmod +x ${INSTALL_DIR}/bin/*
    systemctl daemon-reload
    systemctl enable tencentcloud-pai-mate.service
    systemctl start tencentcloud-pai-mate.service
    systemctl start tencentcloud-pai-mate-update.timer 2>&1)

    status=$?
    updateProgress 90 "$msg" "$status" "paimate install"


    echo "=====================pai install progress======================="
    CONFIG_INSTALL_DIR=${HOME}/pai/etc
    BINARY_INSTALL_DIR=${HOME}/pai/bin

    mkdir -p ${CONFIG_INSTALL_DIR}
    mkdir -p ${BINARY_INSTALL_DIR}

    echo "server_path: ${SERVER_PATH}" > ${CONFIG_INSTALL_DIR}/pai.yml
    echo "domain_name: ${DOMAIN_NAME}" >> ${CONFIG_INSTALL_DIR}/pai.yml

    msg=$(# Note: `agent` binary will update and run this time. `baker` binay will be run next time.
    # cannot overwrite binay, error: text busy
    # mv -f "${BINARY_INSTALL_DIR}/pai_agent" "${BINARY_INSTALL_DIR}/pai_agent.old"
    # mv -f "${BINARY_INSTALL_DIR}/pai_baker" "${BINARY_INSTALL_DIR}/pai_baker.old"
    wget -q "${SERVER_PATH}/bin/pai_agent" > "${BINARY_INSTALL_DIR}/pai_agent"
    # curl "${SERVER_PATH}/bin/pai_baker" -sSf > "${BINARY_INSTALL_DIR}/pai_baker"
    chmod +x "${BINARY_INSTALL_DIR}/pai_agent"
    # chmod +x "${BINARY_INSTALL_DIR}/pai_baker"

    rm -rf /etc/systemd/system/tencentcloud-pai-agent.service
    cat << 'EOF' > /etc/systemd/system/tencentcloud-pai-agent.service

[Unit]
Description=Tencent Cloud Pai Agent
After=network.target

[Service]
Type=simple
Restart=always
RestartSec=1
User=root
ExecStart=/root/pai/bin/pai_agent

[Install]
WantedBy=multi-user.target
EOF

    rm -rf /etc/systemd/system/tencentcloud-pai-baker.timer
    cat << 'EOF' > /etc/systemd/system/tencentcloud-pai-baker.timer

[Unit]
Description=Tencent Cloud Pai Baker

[Timer]
OnCalendar=daily
RandomizedDelaySec=5minutes
#OnCalendar=*-*-* *:*:00
Persistent=true

[Install]
WantedBy=timers.target
EOF

    systemctl daemon-reload
    systemctl enable tencentcloud-pai-agent.service
    systemctl start tencentcloud-pai-agent.service 2>&1)
    # systemctl restart tencentcloud-pai-baker.timer 
    status=$?
    updateProgress 100 "$msg" "$status" "pai install"


}

installPai

安装完成后,打开域名:5523,用你的云主机帐号,最好root登录。其它就没有什么了,/root/pai,/root/pai-mate是程序目录 /data是数据,,测试了下,只有一个当前应用能起作用(鸡肋?)。,,并没有太深入去了解这个工程的细节。只是追求能做到可用即可。恩恩


我们的下一文,打造yet another cloudbase:在云主机上安装cloudide(jupyter)为pai面板所用


(此处不设回复,扫码到微信参与留言,或直接点击到原文)

minlearn.org,tg: minlearn_1keydd,本人长期接有偿付费dd。不会D的,和要定制镜像的都可以t我