diff --git a/docs/GBS部署配置分析报告.docx b/docs/GBS部署配置分析报告.docx new file mode 100644 index 0000000..fce4096 --- /dev/null +++ b/docs/GBS部署配置分析报告.docx @@ -0,0 +1,187 @@ + GBS 部署配置分析报告 + safety-eval-service (安全评价业务服务) + 2026-06-26 +1 项目概览 + 属性 + 值 +项目名称 +safety-eval-service +中文名称 +重庆安全评价 +应用名称 (application.name) +jjb-saas-cq-anquan +网关前缀 (application.gateway) +cqanquan +Spring 应用名 +safety-eval-service +服务端口 +8095 +上下文路径 +/safety-eval +Java 版本 +1.8 (JDK 1.8.0_202) +Spring Boot 版本 +2.7.18 +架构 +DDD 分层(6 模块) +数据库 +jjb_saas_safety_eval +2 部署环境 + 项目 + 信息 +镜像地址 +jjb-registry-registry.cn-hangzhou.cr.aliyuncs.com/ali_img_ns/prod-aly-ota-dragon-jjb-saas-safety-eval:ota-20260626-1 +K8s 命名空间 +jjb-dragon +Master 节点 +192.168.20.100 +ACR 仓库 +jjb-registry-registry.cn-hangzhou.cr.aliyuncs.com +镜像拉取密钥 +image-pull-secret +Nacos 命名空间 +jjb-dragon +已有 K8s 服务数 +27 个(均为 ClusterIP 端口 80) +3 可确定填写的字段 +以下字段均可通过项目配置文件和现有环境分析确定填写值。 +3.1 路由信息(后端路由) + 字段 + 填写值 + 依据 +路由名称 +重庆安全评价-后端 +application.cn-name + 现有路由命名惯例 +系统编码 +jjb-saas-cq-anquan +application.name 属性 +Prefix (StripPrefix) +0 +项目配置 strip-prefix: 0,与现有全部后端路由一致 +路径 (Path) +/cqanquan/** +application.gateway = cqanquan,格式 /${gateway}/** +标识 (Uri) +http://jjb-saas-cq-anquan +现有路由均为 http:// 格式 +3.2 其他配置 + 字段 + 填写值 + 说明 +数据库名称 +jjb_saas_safety_eval +表单已预填,MySQL 中确认存在 +镜像密钥 +image-pull-secret +表单已预填,K8s 中确认存在 +应用类型 +后端部署 +已选中,正确 +3.3 部署参数 + 字段 + 填写值 + 说明 +JDK 版本 +jdk8 +已选中,与项目 Java 1.8 匹配 +启动参数 +保持现有内容 +k8s-nacos:8848 是 GBS 平台内部 Nacos 地址 +CPU +500 M +合理,与现有服务一致 +副本数 +1 +合理,开发测试阶段 +3.4 服务配置 + 字段 + 填写值 + 依据 +服务名称 +jjb-saas-cq-anquan +与 Uri 中服务名一致,遵循现有 K8s 命名惯例 +开放端口 +80 +现有 27 个 K8s Service 全部是 ClusterIP 80 端口 +4 需要 GBS 平台确认的字段 +以下字段无法仅通过项目配置和环境分析确定,需要 GBS 平台侧提供信息。 +4.1 心跳监控地址 +项目的 Actuator 健康端点为 /cqanquan/actuator/health,但 GBS 平台要求的填写格式不确定: + 可能需要完整 URL:http://jjb-saas-cq-anquan/cqanquan/actuator/health + 也可能只需路径部分:/cqanquan/actuator/health + 需确认 GBS 平台对心跳地址的格式规范 +4.2 移动端应用(复选框) +项目配置中存在前端路由(路径 /cqanquan/container/**,指向 http://jjb-saas-base),说明可能有前端容器页面。是否需要在此次部署中一并配置,取决于业务需求。 +若需要勾选,前端路由信息如下: + 字段 + 填写值 +路由名称 +重庆安全评价-前端 +系统编码 +jjb-saas-cq-anquan-container +Prefix (StripPrefix) +0 +路径 (Path) +/cqanquan/container/** +标识 (Uri) +http://jjb-saas-base +4.3 内存资源 +表单当前填写的 128M 对 Spring Boot + Dubbo + Nacos 客户端组合偏小。建议至少 256M,但具体配额需确认 GBS 平台的资源限制策略。 +4.4 开放端口:80 还是 8095 +容器内 Spring Boot 实际监听端口为 8095,但现有所有 K8s Service 的端口都映射为 80。K8s Service 会做端口转发(80 --> 8095)。如果 GBS 平台要求填容器内端口,则填 8095;如果填 Service 端口,则填 80。根据现有环境惯例,填 80 大概率是正确的。 +5 现有网关路由规律参考 +以下是从 MySQL 数据库 jjb-saas-gateway 的 route 表中提取的现有后端服务路由规律: + 字段 + 规律 + 示例 +systemCode +与服务名一致 +jjb-saas-auth +name +中文描述 +权限管理 +uri +http:// +http://jjb-saas-auth +path +/<路径前缀>/** +/auth/** +stripPrefix +0(绝大多数后端服务) +0 +filterAuthorizeName +token(需认证) +token +route_order +0(默认) +0 +6 项目关键配置文件 + 文件路径 + 关键配置 +application.yml +application.name=jjb-saas-cq-anquan, server.port=8095, context-path=/safety-eval +application-prod.yml +Nacos=prod-nacos:8848, MySQL=prod-mysql:3306 +nacos/jjb-saas-demo.yml +网关路由规则(path、uri、strip-prefix) +nacos/config-actuator.yml +健康端点 /cqanquan/actuator/health +nacos/config-port.yml +共享端口配置(port=80) +sdk-prod2.yml +SDK 路由注册配置 +7 镜像信息 + 属性 + 值 +镜像地址 +jjb-registry-registry.cn-hangzhou.cr.aliyuncs.com/ali_img_ns/prod-aly-ota-dragon-jjb-saas-safety-eval:ota-20260626-1 +镜像大小 +792 MB +Digest +sha256:44ee933704c3667ad538513c3aa1729ba3493f20e924a5a8b58759f1ec1ba65b +基础镜像 +centos:7 +JDK +Oracle JDK 1.8.0_202 +容器内 JAR 路径 +/opt/app.jar diff --git a/docs/build-tools/Dockerfile b/docs/build-tools/Dockerfile new file mode 100644 index 0000000..0732c55 --- /dev/null +++ b/docs/build-tools/Dockerfile @@ -0,0 +1,43 @@ +# ============================================================ +# GBS Java Application Dockerfile Template +# Based on: CentOS 7 + Oracle JDK 1.8.0_202 +# Usage: docker build -t : -f Dockerfile . +# ============================================================ +# Build context structure: +# . +# ├── Dockerfile +# ├── jdk1.8.0_202/ (JDK directory, copied from /opt/jdk1.8.0_202) +# └── target/ +# └── *.jar (application JAR file) +# ============================================================ + +FROM centos:7 + +# Set timezone to Asia/Shanghai +RUN ln -fs /usr/share/zoneinfo/Asia/Shanghai /etc/localtime + +# Copy JDK +COPY jdk1.8.0_202/ /opt/jdk1.8.0_202/ + +# Set Java environment variables +ENV JAVA_HOME=/opt/jdk1.8.0_202 +ENV PATH=$PATH:$JAVA_HOME/bin +ENV LANG=C.UTF-8 + +# Create log directory +RUN mkdir -p /opt/logs + +# Copy the built JAR file +COPY target/*.jar /opt/app.jar + +# Default entrypoint +# Runtime parameters can be overridden via K8s deployment or docker run -e +ENTRYPOINT ["/opt/jdk1.8.0_202/bin/java", \ + "-Dnacos.namespace=jjb-dragon", \ + "-Dnacos.url=prod-nacos:8848", \ + "-Dspring.profiles.active=prod", \ + "-Dmysql.password=Mysql@zcloud33080", \ + "-Dmysql.host=192.168.20.100", \ + "-Dmysql.port=33080", \ + "-Dmysql.username=root", \ + "-jar", "/opt/app.jar"] diff --git a/docs/build-tools/README.md b/docs/build-tools/README.md new file mode 100644 index 0000000..eb2f535 --- /dev/null +++ b/docs/build-tools/README.md @@ -0,0 +1,306 @@ +## GBS Java 应用 Docker 镜像打包操作流程 + +### 目录结构 + +``` +build-tools/ +├── README.md ← 本文档 +├── Dockerfile ← Dockerfile 模板(CentOS 7 + JDK 1.8.0_202) +├── build.sh ← Shell 构建脚本(在 master 节点上执行) +├── build_push.py ← Python 构建脚本(在本地 Windows 上执行,自动上传+构建+推送) +└── install_env.sh ← 构建环境一键安装脚本(在 master 节点上执行) +``` + +### 环境信息 + +| 项目 | 信息 | +|------|------| +| Master 节点 | 192.168.20.100 (root / Zcloud@zcloud100) | +| OS | CentOS 7 (已 EOL,yum 源已切换阿里云 vault) | +| JDK | Oracle JDK 1.8.0_202,路径 `/opt/jdk1.8.0_202` | +| Maven | Apache Maven 3.8.8,路径 `/opt/maven`,阿里云镜像 | +| Docker | 26.1.4,cgroupdriver=systemd,storage=overlay2 | +| ACR 仓库 | `jjb-registry-registry.cn-hangzhou.cr.aliyuncs.com` | +| ACR 命名空间 | `ali_img_ns` | +| K8s 命名空间 | `jjb-dragon` | + +### 镜像命名规则 + +完整镜像地址格式: + +``` +{ACR仓库}/{命名空间}/prod-aly-{环境前缀}-dragon-{应用名}:{环境前缀}-{日期}-{序号} +``` + +示例: + +``` +jjb-registry-registry.cn-hangzhou.cr.aliyuncs.com/ali_img_ns/prod-aly-ota-dragon-jjb-saas-safety-eval:ota-20260626-1 +``` + +各部分说明: + +- `prod-aly` — 固定前缀(生产环境-阿里云) +- `ota` — 环境前缀,对应不同业务模块 +- `dragon` — 项目代号 +- `jjb-saas-safety-eval` — 应用名称 +- `ota-20260626-1` — 标签:环境前缀-年月日-序号(同一天多次构建递增序号) + +--- + +### 方式一:本地一键构建(推荐) + +在本地 Windows 机器上执行 `build_push.py`,自动完成 JAR 上传 → Docker 构建 → ACR 推送。 + +**前置条件:** 本地已安装 Python 和 paramiko(`pip install paramiko`) + +**执行命令:** + +```bash +python build_push.py <应用名> <环境前缀> [序号] +``` + +**示例:** + +```bash +python build_push.py E:\projects\safety-eval-service\safety-eval-start\target\safety-eval-start-1.0-SNAPSHOT.jar jjb-saas-safety-eval ota 1 +``` + +**输出:** + +``` +Image Address: + jjb-registry-registry.cn-hangzhou.cr.aliyuncs.com/ali_img_ns/prod-aly-ota-dragon-jjb-saas-safety-eval:ota-20260626-1 +``` + +--- + +### 方式二:在 Master 节点上构建 + +SSH 登录 master 节点后,使用 `build.sh` 脚本构建。 + +**Step 1 — 上传 JAR 到 master 节点** + +在本地用 scp 或其他方式上传 JAR: + +```bash +scp safety-eval-start-1.0-SNAPSHOT.jar root@192.168.20.100:/tmp/ +``` + +**Step 2 — SSH 登录 master** + +```bash +ssh root@192.168.20.100 +# 密码: Zcloud@zcloud100 +``` + +**Step 3 — 执行构建脚本** + +```bash +source /etc/profile.d/java.sh +source /etc/profile.d/maven.sh +/opt/docker-templates/build.sh jjb-saas-safety-eval ota /tmp/safety-eval-start-1.0-SNAPSHOT.jar 1 +``` + +脚本会自动完成:准备构建上下文 → 复制 JDK → Docker build → Docker login ACR → Docker push。 + +--- + +### 方式三:手动分步操作 + +如果需要手动控制每一步: + +**Step 1 — 准备构建目录** + +```bash +BUILD_DIR=/tmp/manual-build +rm -rf $BUILD_DIR && mkdir -p $BUILD_DIR/target +``` + +**Step 2 — 复制 JDK 和 JAR** + +```bash +cp -r /opt/jdk1.8.0_202 $BUILD_DIR/ +cp /path/to/your-app.jar $BUILD_DIR/target/ +cp /opt/docker-templates/Dockerfile $BUILD_DIR/ +``` + +**Step 3 — Docker Build** + +```bash +docker build -t jjb-registry-registry.cn-hangzhou.cr.aliyuncs.com/ali_img_ns/prod-aly-ota-dragon-jjb-saas-safety-eval:ota-20260626-1 $BUILD_DIR +``` + +**Step 4 — 登录 ACR** + +```bash +echo 'idurCT!rIq9EzISD' | docker login --username=10952138@qq.com --password-stdin jjb-registry-registry.cn-hangzhou.cr.aliyuncs.com +``` + +**Step 5 — 推送镜像** + +```bash +docker push jjb-registry-registry.cn-hangzhou.cr.aliyuncs.com/ali_img_ns/prod-aly-ota-dragon-jjb-saas-safety-eval:ota-20260626-1 +``` + +**Step 6 — 清理** + +```bash +rm -rf $BUILD_DIR +``` + +--- + +### 从源码构建(Maven 打包 + Docker 构建) + +如果拿到的是 Java 源码而不是编译好的 JAR: + +```bash +source /etc/profile.d/java.sh +source /etc/profile.d/maven.sh + +# Maven 编译打包 +cd /path/to/project +mvn clean package -DskipTests + +# 然后用编译好的 JAR 走上面的构建流程 +/opt/docker-templates/build.sh target/xxx.jar 1 +``` + +Maven 已配置阿里云镜像(`maven.aliyun.com/repository/public`),依赖下载速度约 200-400 KB/s。 + +--- + +### K8s 部署命令 + +**创建新 Deployment:** + +```bash +/usr/bin/kubectl create deployment jjb-saas-safety-eval \ + --image=jjb-registry-registry.cn-hangzhou.cr.aliyuncs.com/ali_img_ns/prod-aly-ota-dragon-jjb-saas-safety-eval:ota-20260626-1 \ + -n jjb-dragon --replicas=1 +``` + +**更新已有 Deployment 的镜像:** + +```bash +/usr/bin/kubectl set image deployment/jjb-saas-safety-eval \ + jjb-saas-safety-eval=jjb-registry-registry.cn-hangzhou.cr.aliyuncs.com/ali_img_ns/prod-aly-ota-dragon-jjb-saas-safety-eval:ota-20260626-1 \ + -n jjb-dragon +``` + +**查看 Pod 状态:** + +```bash +/usr/bin/kubectl get pods -n jjb-dragon | grep safety-eval +``` + +**查看日志:** + +```bash +/usr/bin/kubectl logs -f deployment/jjb-saas-safety-eval -n jjb-dragon +``` + +**查看 Deployment 详情:** + +```bash +/usr/bin/kubectl describe deployment jjb-saas-safety-eval -n jjb-dragon +``` + +--- + +### 常用查询命令 + +**查看本地镜像:** + +```bash +docker images | grep jjb-saas-safety-eval +``` + +**查看镜像详情:** + +```bash +docker inspect jjb-registry-registry.cn-hangzhou.cr.aliyuncs.com/ali_img_ns/prod-aly-ota-dragon-jjb-saas-safety-eval:ota-20260626-1 +``` + +**查看镜像构建历史:** + +```bash +docker history jjb-registry-registry.cn-hangzhou.cr.aliyuncs.com/ali_img_ns/prod-aly-ota-dragon-jjb-saas-safety-eval:ota-20260626-1 +``` + +**本地测试运行:** + +```bash +docker run --rm -it --name safety-eval-test \ + -p 8080:8080 \ + jjb-registry-registry.cn-hangzhou.cr.aliyuncs.com/ali_img_ns/prod-aly-ota-dragon-jjb-saas-safety-eval:ota-20260626-1 +``` + +**列出 ACR 上所有已有镜像:** + +```bash +docker images --format '{{.Repository}}:{{.Tag}}' | grep 'ali_img_ns' +``` + +--- + +### 构建环境安装 + +首次使用新机器时,运行 `install_env.sh` 一键安装全部构建依赖: + +```bash +ssh root@192.168.20.100 +bash install_env.sh +``` + +该脚本会安装并配置:JDK 1.8.0_202、Maven 3.8.8(阿里云镜像)、Dockerfile 模板、yum vault 源、ACR 登录。 + +--- + +### Dockerfile 结构说明 + +镜像内部结构(从已有运行镜像逆向分析得出): + +``` +/ +├── opt/ +│ ├── jdk1.8.0_202/ ← Oracle JDK 1.8.0_202 +│ ├── app.jar ← 应用 JAR 包 +│ └── logs/ ← 日志目录 +``` + +容器启动命令(ENTRYPOINT): + +``` +/opt/jdk1.8.0_202/bin/java + -Dnacos.namespace=jjb-dragon + -Dnacos.url=prod-nacos:8848 + -Dspring.profiles.active=prod + -Dmysql.password=*** + -Dmysql.host=192.168.20.100 + -Dmysql.port=33080 + -Dmysql.username=root + -jar /opt/app.jar +``` + +运行时可通过 K8s deployment 的 `args` 或 `env` 字段覆盖以上参数。 + +--- + +### 故障排查 + +**问题:`yum install` 报错 404** +CentOS 7 已 EOL,确认 `/etc/yum.repos.d/CentOS-Base.repo` 使用 `centos-vault` 源(install_env.sh 会自动处理)。 + +**问题:Maven 下载依赖慢** +检查 `/root/.m2/settings.xml` 是否配置了阿里云镜像,mirrorOf 应为 `central`。 + +**问题:`docker push` 报 unauthorized** +重新登录 ACR:`echo 'idurCT!rIq9EzISD' | docker login --username=10952138@qq.com --password-stdin jjb-registry-registry.cn-hangzhou.cr.aliyuncs.com` + +**问题:K8s 拉取镜像失败 (ImagePullBackOff)** +确认 `jjb-dragon` namespace 下有 `image-pull-secret` 或 `image-pull-secret1`: +```bash +/usr/bin/kubectl get secret -n jjb-dragon | grep image-pull +``` diff --git a/docs/build-tools/build.sh b/docs/build-tools/build.sh new file mode 100644 index 0000000..16a508a --- /dev/null +++ b/docs/build-tools/build.sh @@ -0,0 +1,85 @@ +#!/bin/bash +# ============================================================ +# GBS Application Build & Push Script (Shell version) +# Run on master node: 192.168.20.100 +# +# Usage: +# ./build.sh [version-suffix] +# +# Example: +# ./build.sh jjb-saas-safety-eval ota /tmp/safety-eval.jar 1 +# +# Result image: +# jjb-registry-registry.cn-hangzhou.cr.aliyuncs.com/ali_img_ns/prod-aly-ota-dragon-jjb-saas-safety-eval:ota-20260626-1 +# ============================================================ + +set -e + +# ---- Parameters ---- +APP_NAME=${1:?"Usage: $0 [version-suffix]"} +ENV_PREFIX=${2:?"Usage: $0 [version-suffix]"} +JAR_FILE=${3:?"Usage: $0 [version-suffix]"} +VERSION_SUFFIX=${4:-1} + +# ---- Constants ---- +ACR_REGISTRY="jjb-registry-registry.cn-hangzhou.cr.aliyuncs.com" +ACR_NAMESPACE="ali_img_ns" +ACR_USER="10952138@qq.com" +ACR_PASS='idurCT!rIq9EzISD' +DATE_TAG=$(date +%Y%m%d) +IMAGE_TAG="${ENV_PREFIX}-${DATE_TAG}-${VERSION_SUFFIX}" +FULL_IMAGE="${ACR_REGISTRY}/${ACR_NAMESPACE}/prod-aly-${ENV_PREFIX}-dragon-${APP_NAME}:${IMAGE_TAG}" +SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)" + +# Source environment +source /etc/profile.d/java.sh 2>/dev/null || true +source /etc/profile.d/maven.sh 2>/dev/null || true + +echo "==========================================" +echo " GBS Docker Build & Push" +echo "==========================================" +echo "App: ${APP_NAME}" +echo "Tag: ${IMAGE_TAG}" +echo "JAR: ${JAR_FILE}" +echo "Image: ${FULL_IMAGE}" +echo "==========================================" + +# ---- Step 1: Verify JAR ---- +if [ ! -f "${JAR_FILE}" ]; then + echo "ERROR: JAR file not found: ${JAR_FILE}" + exit 1 +fi +echo "[1/4] JAR verified: $(ls -lh ${JAR_FILE} | awk '{print $5}')" + +# ---- Step 2: Prepare build context ---- +BUILD_DIR="/tmp/docker-build-${APP_NAME}-$$" +echo "[2/4] Preparing build context at ${BUILD_DIR}..." +mkdir -p ${BUILD_DIR}/target +cp -r /opt/jdk1.8.0_202 ${BUILD_DIR}/ +cp ${JAR_FILE} ${BUILD_DIR}/target/ +cp ${SCRIPT_DIR}/Dockerfile ${BUILD_DIR}/ +echo " Build context size: $(du -sh ${BUILD_DIR} | awk '{print $1}')" + +# ---- Step 3: Docker build ---- +echo "[3/4] Building Docker image..." +docker build -t "${FULL_IMAGE}" "${BUILD_DIR}" +echo " Image size: $(docker images --format '{{.Size}}' ${FULL_IMAGE})" + +# ---- Step 4: Push to ACR ---- +echo "[4/4] Pushing to ACR..." +echo "${ACR_PASS}" | docker login --username="${ACR_USER}" --password-stdin "${ACR_REGISTRY}" 2>/dev/null +docker push "${FULL_IMAGE}" + +# ---- Cleanup ---- +rm -rf "${BUILD_DIR}" + +echo "" +echo "==========================================" +echo " BUILD COMPLETE" +echo "==========================================" +echo "Image: ${FULL_IMAGE}" +echo "" +echo "Deploy to K8s:" +echo " /usr/bin/kubectl create deployment ${APP_NAME} --image=${FULL_IMAGE} -n jjb-dragon --replicas=1" +echo " /usr/bin/kubectl set image deployment/${APP_NAME} ${APP_NAME}=${FULL_IMAGE} -n jjb-dragon" +echo "==========================================" diff --git a/docs/build-tools/build_push.py b/docs/build-tools/build_push.py new file mode 100644 index 0000000..348c0a0 --- /dev/null +++ b/docs/build-tools/build_push.py @@ -0,0 +1,166 @@ +""" +GBS Application Build & Push Script (Python version) +Run from local Windows machine - handles SFTP upload + remote build + push. + +Usage: + python build_push.py [version-suffix] + +Example: + python build_push.py E:\\projects\\xxx\\target\\app.jar jjb-saas-safety-eval ota 1 + +Result image: + jjb-registry-registry.cn-hangzhou.cr.aliyuncs.com/ali_img_ns/prod-aly-ota-dragon-jjb-saas-safety-eval:ota-20260626-1 +""" + +import paramiko +import sys +import os +import time +from datetime import datetime + +# ---- Configuration ---- +MASTER = "192.168.20.100" +SSH_USER = "root" +SSH_PASSWD = "Zcloud@zcloud100" + +ACR_REGISTRY = "jjb-registry-registry.cn-hangzhou.cr.aliyuncs.com" +ACR_NAMESPACE = "ali_img_ns" +ACR_USER = "10952138@qq.com" +ACR_PASS = "idurCT!rIq9EzISD" + +SCRIPT_DIR = os.path.dirname(os.path.abspath(__file__)) +DOCKERFILE_PATH = os.path.join(SCRIPT_DIR, "Dockerfile") + + +def ssh_exec(client, cmd, timeout=600): + """Execute SSH command and print results.""" + print(f" > {cmd[:120]}{'...' if len(cmd) > 120 else ''}") + stdin, stdout, stderr = client.exec_command(cmd, timeout=timeout) + out = stdout.read().decode('utf-8', errors='replace') + err = stderr.read().decode('utf-8', errors='replace') + exit_code = stdout.channel.recv_exit_status() + if out.strip(): + for line in out.strip().split('\n')[-10:]: # last 10 lines + print(f" {line}") + if err.strip(): + important = [l for l in err.strip().split('\n') + if not any(x in l for x in ['Downloading', 'Downloaded', 'Extracting', 'Progress'])] + if important: + print(f" [stderr] {'; '.join(important[:5])}") + return out.strip(), err.strip(), exit_code + + +def main(): + if len(sys.argv) < 4: + print(__doc__) + sys.exit(1) + + jar_local = sys.argv[1] + app_name = sys.argv[2] + env_prefix = sys.argv[3] + version_suffix = sys.argv[4] if len(sys.argv) > 4 else "1" + + date_tag = datetime.now().strftime("%Y%m%d") + image_tag = f"{env_prefix}-{date_tag}-{version_suffix}" + full_image = f"{ACR_REGISTRY}/{ACR_NAMESPACE}/prod-aly-{env_prefix}-dragon-{app_name}:{image_tag}" + + if not os.path.exists(jar_local): + print(f"ERROR: JAR file not found: {jar_local}") + sys.exit(1) + + jar_size_mb = os.path.getsize(jar_local) / 1024 / 1024 + build_dir = f"/tmp/docker-build-{app_name}" + jar_name = os.path.basename(jar_local) + + print("=" * 60) + print(f" GBS Docker Build & Push (Remote)") + print("=" * 60) + print(f" JAR: {jar_local} ({jar_size_mb:.1f} MB)") + print(f" App: {app_name}") + print(f" Tag: {image_tag}") + print(f" Image: {full_image}") + print(f" Target: {MASTER}") + print("=" * 60) + + # ---- Connect ---- + client = paramiko.SSHClient() + client.set_missing_host_key_policy(paramiko.AutoAddPolicy()) + client.connect(MASTER, username=SSH_USER, password=SSH_PASSWD, timeout=30) + print("\n[1/5] SSH connected") + + # ---- Prepare remote dir ---- + ssh_exec(client, f"rm -rf {build_dir} && mkdir -p {build_dir}/target") + + # ---- Upload JAR ---- + print(f"\n[2/5] Uploading JAR ({jar_size_mb:.1f} MB)...") + sftp = client.open_sftp() + remote_jar = f"{build_dir}/target/{jar_name}" + start = time.time() + last_pct = -1 + + def progress(transferred, total): + nonlocal last_pct + pct = int(transferred * 100 / total) + if pct >= last_pct + 10: + last_pct = pct + mb = transferred / 1024 / 1024 + elapsed = time.time() - start + speed = mb / elapsed if elapsed > 0 else 0 + print(f" {pct}% ({mb:.1f} MB) - {speed:.1f} MB/s") + + sftp.put(jar_local, remote_jar, callback=progress) + elapsed = time.time() - start + print(f" Done in {elapsed:.1f}s ({jar_size_mb/elapsed:.1f} MB/s)") + sftp.close() + + # ---- Upload Dockerfile ---- + ssh_exec(client, f"cat > {build_dir}/Dockerfile", timeout=10) + with open(DOCKERFILE_PATH, 'r', encoding='utf-8') as f: + dockerfile_content = f.read() + stdin, stdout, stderr = client.exec_command(f"cat > {build_dir}/Dockerfile") + stdin.write(dockerfile_content) + stdin.channel.shutdown_write() + stdout.read() + + # ---- Copy JDK into context ---- + print("\n[3/5] Preparing build context...") + ssh_exec(client, f"cp -r /opt/jdk1.8.0_202 {build_dir}/", timeout=120) + ssh_exec(client, f"du -sh {build_dir}/") + + # ---- Docker build ---- + print("\n[4/5] Building Docker image...") + out, err, code = ssh_exec(client, f"docker build -t '{full_image}' {build_dir}", timeout=300) + if code != 0: + print("ERROR: Docker build failed!") + client.close() + sys.exit(1) + + # ---- Push to ACR ---- + print("\n[5/5] Pushing to ACR...") + ssh_exec(client, f"echo '{ACR_PASS}' | docker login --username={ACR_USER} --password-stdin {ACR_REGISTRY}") + out, err, code = ssh_exec(client, f"docker push '{full_image}'", timeout=600) + if code != 0: + print("ERROR: Docker push failed!") + client.close() + sys.exit(1) + + # ---- Verify & Cleanup ---- + ssh_exec(client, f"docker images | grep '{app_name}'") + ssh_exec(client, f"rm -rf {build_dir}") + client.close() + + # ---- Summary ---- + print("\n" + "=" * 60) + print(" BUILD COMPLETE") + print("=" * 60) + print(f"\n Image Address:\n {full_image}\n") + print(f" K8s Deploy:\n" + f" /usr/bin/kubectl create deployment {app_name} \\\n" + f" --image={full_image} -n jjb-dragon --replicas=1\n") + print(f" /usr/bin/kubectl set image deployment/{app_name} \\\n" + f" {app_name}={full_image} -n jjb-dragon\n") + print("=" * 60) + + +if __name__ == "__main__": + main() diff --git a/docs/build-tools/install_env.sh b/docs/build-tools/install_env.sh new file mode 100644 index 0000000..bbd1dc3 --- /dev/null +++ b/docs/build-tools/install_env.sh @@ -0,0 +1,216 @@ +#!/bin/bash +# ============================================================ +# GBS Master Node Build Environment Installation Script +# Run on: 192.168.20.100 (CentOS 7) +# +# Installs: +# - Oracle JDK 1.8.0_202 (extracted from existing Docker image) +# - Apache Maven 3.8.8 (with Alibaba Cloud mirror) +# - Dockerfile template +# - yum vault mirrors (CentOS 7 EOL fix) +# - ACR login +# +# Usage: +# bash install_env.sh +# ============================================================ + +set -e + +echo "==========================================" +echo " GBS Build Environment Setup" +echo " Host: $(hostname) ($(hostname -I 2>/dev/null || echo 'unknown'))" +echo "==========================================" + +# ---- Step 1: Extract JDK from existing Docker image ---- +echo "" +echo "[1/6] Installing JDK 1.8.0_202..." + +if [ -d "/opt/jdk1.8.0_202" ] && [ -x "/opt/jdk1.8.0_202/bin/java" ]; then + echo " JDK already installed, skipping." +else + # Find an image with JDK + IMAGE=$(docker images --format '{{.Repository}}:{{.Tag}}' | grep 'ali_img_ns' | head -1) + if [ -z "$IMAGE" ]; then + echo "ERROR: No suitable Docker image found with JDK!" + exit 1 + fi + echo " Extracting JDK from: $IMAGE" + docker rm -f jdk-extract-tmp 2>/dev/null || true + docker create --name jdk-extract-tmp "$IMAGE" /bin/true > /dev/null + docker cp jdk-extract-tmp:/opt/jdk1.8.0_202 /opt/jdk1.8.0_202 + docker rm jdk-extract-tmp > /dev/null + echo " JDK extracted to /opt/jdk1.8.0_202" +fi + +# Configure JAVA_HOME +cat > /etc/profile.d/java.sh << 'EOF' +export JAVA_HOME=/opt/jdk1.8.0_202 +export PATH=$JAVA_HOME/bin:$PATH +EOF +chmod +x /etc/profile.d/java.sh +source /etc/profile.d/java.sh +echo " $(java -version 2>&1 | head -1)" + +# ---- Step 2: Install Maven ---- +echo "" +echo "[2/6] Installing Maven 3.8.8..." + +if [ -x "/opt/maven/bin/mvn" ]; then + echo " Maven already installed, skipping." +else + MAVEN_VERSION="3.8.8" + MAVEN_URLS=( + "https://mirrors.aliyun.com/apache/maven/maven-3/${MAVEN_VERSION}/binaries/apache-maven-${MAVEN_VERSION}-bin.tar.gz" + "https://archive.apache.org/dist/maven/maven-3/${MAVEN_VERSION}/binaries/apache-maven-${MAVEN_VERSION}-bin.tar.gz" + ) + DOWNLOADED=0 + for url in "${MAVEN_URLS[@]}"; do + echo " Trying: $url" + if curl -fsSL -o /tmp/maven.tar.gz "$url" --connect-timeout 15 --max-time 300; then + DOWNLOADED=1 + break + fi + done + if [ $DOWNLOADED -eq 0 ]; then + echo "ERROR: Could not download Maven!" + exit 1 + fi + mkdir -p /opt/maven + tar -xzf /tmp/maven.tar.gz -C /opt/maven --strip-components=1 + rm -f /tmp/maven.tar.gz +fi + +# Configure Maven environment +cat > /etc/profile.d/maven.sh << 'EOF' +export MAVEN_HOME=/opt/maven +export PATH=$MAVEN_HOME/bin:$PATH +EOF +chmod +x /etc/profile.d/maven.sh +source /etc/profile.d/maven.sh + +# Configure Alibaba Maven mirror +mkdir -p /root/.m2 +cat > /root/.m2/settings.xml << 'XMLEOF' + + + /root/.m2/repository + + + aliyunmaven + Alibaba Cloud Maven Mirror + https://maven.aliyun.com/repository/public + central + + + + + alibaba-repos + + + aliyun-public + https://maven.aliyun.com/repository/public + true + true + + + aliyun-spring + https://maven.aliyun.com/repository/spring + true + true + + + + + aliyun-plugin + https://maven.aliyun.com/repository/public + true + true + + + + + + alibaba-repos + + +XMLEOF +cp /root/.m2/settings.xml /opt/maven/conf/settings.xml +echo " Maven $(mvn -version 2>&1 | head -1)" + +# ---- Step 3: Fix yum repos (CentOS 7 EOL) ---- +echo "" +echo "[3/6] Configuring yum vault mirrors..." + +cp /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.bak.$(date +%Y%m%d) 2>/dev/null || true +cat > /etc/yum.repos.d/CentOS-Base.repo << 'YUMEOF' +[base] +name=CentOS-7 - Base - vault.aliyun.com +baseurl=https://mirrors.aliyun.com/centos-vault/7.9.2009/os/x86_64/ +gpgcheck=1 +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 +enabled=1 + +[updates] +name=CentOS-7 - Updates - vault.aliyun.com +baseurl=https://mirrors.aliyun.com/centos-vault/7.9.2009/updates/x86_64/ +gpgcheck=1 +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 +enabled=1 + +[extras] +name=CentOS-7 - Extras - vault.aliyun.com +baseurl=https://mirrors.aliyun.com/centos-vault/7.9.2009/extras/x86_64/ +gpgcheck=1 +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 +enabled=1 +YUMEOF +yum clean all > /dev/null 2>&1 +yum makecache fast > /dev/null 2>&1 +echo " yum repos configured (aliyun centos-vault)" + +# ---- Step 4: Verify Docker ---- +echo "" +echo "[4/6] Verifying Docker..." +echo " Docker $(docker --version)" + +# ---- Step 5: Login to ACR ---- +echo "" +echo "[5/6] Logging in to ACR..." +echo 'idurCT!rIq9EzISD' | docker login --username=10952138@qq.com --password-stdin jjb-registry-registry.cn-hangzhou.cr.aliyuncs.com 2>&1 | grep -v WARNING + +# ---- Step 6: Install Dockerfile template ---- +echo "" +echo "[6/6] Installing Dockerfile template..." +SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)" +mkdir -p /opt/docker-templates +if [ -f "${SCRIPT_DIR}/Dockerfile" ]; then + cp "${SCRIPT_DIR}/Dockerfile" /opt/docker-templates/ + echo " Dockerfile copied to /opt/docker-templates/" +fi +if [ -f "${SCRIPT_DIR}/build.sh" ]; then + cp "${SCRIPT_DIR}/build.sh" /opt/docker-templates/ + chmod +x /opt/docker-templates/build.sh + echo " build.sh copied to /opt/docker-templates/" +fi + +# ---- Summary ---- +echo "" +echo "==========================================" +echo " INSTALLATION COMPLETE" +echo "==========================================" +echo "" +echo " Java: $(/opt/jdk1.8.0_202/bin/java -version 2>&1 | head -1)" +echo " Maven: $(/opt/maven/bin/mvn -version 2>&1 | head -1)" +echo " Docker: $(docker --version)" +echo "" +echo " JAVA_HOME=/opt/jdk1.8.0_202" +echo " MAVEN_HOME=/opt/maven" +echo " Dockerfile: /opt/docker-templates/Dockerfile" +echo " Build script: /opt/docker-templates/build.sh" +echo "" +echo " NOTE: Run 'source /etc/profile.d/java.sh' and" +echo " 'source /etc/profile.d/maven.sh' or re-login" +echo " to use java/mvn commands." +echo "==========================================" diff --git a/docs/sql/database-design.md b/docs/db/database-design.md similarity index 100% rename from docs/sql/database-design.md rename to docs/db/database-design.md diff --git a/docs/init-v2.sql b/docs/db/init-v2.sql similarity index 100% rename from docs/init-v2.sql rename to docs/db/init-v2.sql diff --git a/docs/sql/init.sql b/docs/db/init.sql similarity index 100% rename from docs/sql/init.sql rename to docs/db/init.sql diff --git a/docs/数据库规范.md b/docs/db/数据库规范.md similarity index 100% rename from docs/数据库规范.md rename to docs/db/数据库规范.md diff --git a/docs/数据库设计文档-v2.md b/docs/db/数据库设计文档-v2.md similarity index 100% rename from docs/数据库设计文档-v2.md rename to docs/db/数据库设计文档-v2.md diff --git a/docs/GBS前端开发规范.docx b/docs/dev/GBS前端开发规范.docx similarity index 100% rename from docs/GBS前端开发规范.docx rename to docs/dev/GBS前端开发规范.docx diff --git a/docs/Gbs后端开发规范.docx b/docs/dev/Gbs后端开发规范.docx similarity index 100% rename from docs/Gbs后端开发规范.docx rename to docs/dev/Gbs后端开发规范.docx diff --git a/docs/JAVA规范.md b/docs/dev/JAVA规范.md similarity index 100% rename from docs/JAVA规范.md rename to docs/dev/JAVA规范.md diff --git a/docs/settingsfjk.xml b/docs/dev/settingsfjk.xml similarity index 100% rename from docs/settingsfjk.xml rename to docs/dev/settingsfjk.xml diff --git a/docs/~$S部署配置分析报告.docx b/docs/~$S部署配置分析报告.docx new file mode 100644 index 0000000..fcd42e3 --- /dev/null +++ b/docs/~$S部署配置分析报告.docx @@ -0,0 +1 @@ + Administrator Administrator \ No newline at end of file diff --git a/safety-eval-start/src/main/resources/application-dev.yml b/safety-eval-start/src/main/resources/application-dev.yml index 9a0c59c..da2a9d1 100644 --- a/safety-eval-start/src/main/resources/application-dev.yml +++ b/safety-eval-start/src/main/resources/application-dev.yml @@ -67,7 +67,7 @@ dubbo: registry: address: nacos://192.168.20.100:30290 parameters: - namespace: jjb-dragon + namespace: jjb-dragon-facade protocol: port: 20895 diff --git a/safety-eval-start/src/main/resources/application-local.yml b/safety-eval-start/src/main/resources/application-local.yml index 1280ba2..a066600 100644 --- a/safety-eval-start/src/main/resources/application-local.yml +++ b/safety-eval-start/src/main/resources/application-local.yml @@ -68,7 +68,7 @@ dubbo: registry: address: nacos://192.168.20.100:30290 parameters: - namespace: jjb-dragon + namespace: jjb-dragon-facade protocol: port: 20895 diff --git a/safety-eval-start/src/main/resources/application-prod.yml b/safety-eval-start/src/main/resources/application-prod.yml index 43f5142..d341a47 100644 --- a/safety-eval-start/src/main/resources/application-prod.yml +++ b/safety-eval-start/src/main/resources/application-prod.yml @@ -72,7 +72,7 @@ dubbo: registry: address: nacos://prod-nacos:8848 parameters: - namespace: jjb-dragon + namespace: jjb-dragon-facade protocol: port: 20895 diff --git a/safety-eval-start/src/main/resources/application.yml b/safety-eval-start/src/main/resources/application.yml index ed08df1..6dd5a57 100644 --- a/safety-eval-start/src/main/resources/application.yml +++ b/safety-eval-start/src/main/resources/application.yml @@ -16,11 +16,15 @@ server: spring: application: name: safety-eval-service - profiles: - active: local mvc: pathmatch: matching-strategy: ant_path_matcher + profiles: + active: local + config: + import: + - classpath:sdk-prod2.yml + # ---------- MyBatis Plus ---------- mybatis-plus: diff --git a/safety-eval-start/src/main/resources/nacos/config-actuator.yml b/safety-eval-start/src/main/resources/nacos/config-actuator.yml new file mode 100644 index 0000000..a538ab2 --- /dev/null +++ b/safety-eval-start/src/main/resources/nacos/config-actuator.yml @@ -0,0 +1,36 @@ +management: + endpoints: + web: + base-path: /${application.gateway}${application.version}/actuator + enabled-by-default: true + endpoint: + health: + enabled: true + info: + enabled: false + auditevents: + enabled: false + metrics: + enabled: false + loggers: + enabled: false + logfile: + enabled: false + httptrace: + enabled: false + env: + enabled: false + flyway: + enabled: false + liquidbase: + enabled: false + shutdown: + enabled: false + mappings: + enabled: false + scheduledtasks: + enabled: false + threaddump: + enabled: false + heapdump: + enabled: false \ No newline at end of file diff --git a/safety-eval-start/src/main/resources/nacos/config-cache.yml b/safety-eval-start/src/main/resources/nacos/config-cache.yml new file mode 100644 index 0000000..7d6ab7d --- /dev/null +++ b/safety-eval-start/src/main/resources/nacos/config-cache.yml @@ -0,0 +1,39 @@ +spring: + cache: + redis: + time-to-live: 1800s + + +# 二级缓存配置 +# 注:caffeine 不适用于数据量大,并且缓存命中率极低的业务场景,如用户维度的缓存。请慎重选择。 +l2cache: + config: + # 是否存储空值,默认true,防止缓存穿透 + allowNullValues: true + # 组合缓存配置 + composite: + # 是否全部启用一级缓存,默认false + l1AllOpen: false + # 一级缓存 + caffeine: + # 是否自动刷新过期缓存 true 是 false 否 + autoRefreshExpireCache: false + # 缓存刷新调度线程池的大小 + refreshPoolSize: 2 + # 缓存刷新的频率(秒) + refreshPeriod: 10 + # 写入后过期时间(秒) + expireAfterWrite: 180 + # 访问后过期时间(秒) + expireAfterAccess: 180 + # 初始化大小 + initialCapacity: 1 + # 最大缓存对象个数,超过此数量时之前放入的缓存将失效 + maximumSize: 3 + + # 二级缓存 + redis: + # 全局过期时间,单位毫秒,默认不过期 + defaultExpiration: 1800000 + # 缓存更新时通知其他节点的topic名称 默认 cache:redis:caffeine:topic + topic: cache:redis:caffeine:topic \ No newline at end of file diff --git a/safety-eval-start/src/main/resources/nacos/config-common.yml b/safety-eval-start/src/main/resources/nacos/config-common.yml new file mode 100644 index 0000000..810ccf5 --- /dev/null +++ b/safety-eval-start/src/main/resources/nacos/config-common.yml @@ -0,0 +1,44 @@ +common: + mysql: + host: 192.168.2.166 + port: 3306 + username: root + password: root + redis: + host: 10.43.253.4 + password: jjb123456 + port: 6379 + mq: + host: 10.43.163.23:9876 + xxl-job: + address: http://10.43.98.135:8080/xxl-job-admin/ + username: admin + password: jjb123456 + gateway: + network: + http: + #网关的外网访问地址 必须配置为HTTPS协议 + external: https://testdragon.cqjjb.cn + #网关的内网访问地址 固定配置为http://jjb-saas-gateway + intranet: http://10.43.250.65 + wx: + #webSocket外网地址 + external: wx://testdragon.cqjjb.cn + swagger: + #是否打开swagger 测试及UAT配置为true,生产环境配置为false + enabled: true + base: + # base应用访问外网访问地址 + host-url: http://10.43.12.158 + desk: + # desk工程的外网地址 + host-url: http://10.43.12.158 + login: + # login工程的外网访问地址 + host-url: http://10.43.12.158 + + #所有的前端域名配置 避免iframe跨域 + x-frame-options: ${common.desk.host-url}/ ${common.login.host-url}/ ${common.base.host-url}/ ${common.gateway.network.http.external}/ http://10.43.250.65/ + +k8s: + namespace: test-dragon \ No newline at end of file diff --git a/safety-eval-start/src/main/resources/nacos/config-job.yml b/safety-eval-start/src/main/resources/nacos/config-job.yml new file mode 100644 index 0000000..1428887 --- /dev/null +++ b/safety-eval-start/src/main/resources/nacos/config-job.yml @@ -0,0 +1,8 @@ +# JOB 配置 +xxl-job: + admin: + address: ${common.xxl-job.address} + username: ${common.xxl-job.username} + password: ${common.xxl-job.password} + executor: + app-name: ${spring.application.name} \ No newline at end of file diff --git a/safety-eval-start/src/main/resources/nacos/config-log.yml b/safety-eval-start/src/main/resources/nacos/config-log.yml new file mode 100644 index 0000000..9d8ab6c --- /dev/null +++ b/safety-eval-start/src/main/resources/nacos/config-log.yml @@ -0,0 +1,11 @@ +common: + log: + jjb-saas-system: + - com.jjb:info + jjb-saas-auth1: + - com.jjb:info + jjb-saas-user: + - com.jjb:info +gray: + log: + host: 192.168.1.1 diff --git a/safety-eval-start/src/main/resources/nacos/config-mq.yml b/safety-eval-start/src/main/resources/nacos/config-mq.yml new file mode 100644 index 0000000..9e1b0b3 --- /dev/null +++ b/safety-eval-start/src/main/resources/nacos/config-mq.yml @@ -0,0 +1,21 @@ +mq: + topic: springcloudStream-jjb-dragon-test + server: ${common.mq.host} +spring: + cloud: + stream: + bindings: + input: + destination: springcloudStream-jjb-dragon-test + group: ${spring.application.name}-${spring.profiles.active} + output: + destination: springcloudStream-jjb-dragon-test + group: ${spring.application.name}-${spring.profiles.active} + rocketmq: + binder: + name-server: ${common.mq.host} + group: ${spring.application.name}-${spring.profiles.active} + bindings: + input: + consumer: + tags: a \ No newline at end of file diff --git a/safety-eval-start/src/main/resources/nacos/config-mybatis.yml b/safety-eval-start/src/main/resources/nacos/config-mybatis.yml new file mode 100644 index 0000000..f756cb6 --- /dev/null +++ b/safety-eval-start/src/main/resources/nacos/config-mybatis.yml @@ -0,0 +1,11 @@ +mybatis-plus: + mapper-locations: classpath*:mapper/*.xml,classpath*:mapper/**/*Mapper.xml + type-handlers-package: com.jjb.saas.framework.datascope.handler + global-config: + banner: false + db-config: + id-type: assign_id + logic-delete-value: 1 + logic-not-delete-value: 0 + configuration: + log-impl: org.apache.ibatis.logging.nologging.NoLoggingImpl \ No newline at end of file diff --git a/safety-eval-start/src/main/resources/nacos/config-mysql.yml b/safety-eval-start/src/main/resources/nacos/config-mysql.yml new file mode 100644 index 0000000..4365a53 --- /dev/null +++ b/safety-eval-start/src/main/resources/nacos/config-mysql.yml @@ -0,0 +1,79 @@ +mysql: + db: ${spring.application.name} +spring: + shardingsphere: + druid: + username: admin + password: jjb123456 + allows: + denys: + props: + sql: + show: true + enabled: true + masterslave: + name: ms # 名字,任意,需要保证唯一 + master-data-source-name: master # 主库数据源 + slave-data-source-names: slave-1 # 从库数据源 + datasource: + names: master,slave-1 + master: + #url: jdbc:mysql://10.43.123.226:3306/${spring.application.name}?characterEncoding=UTF-8&useUnicode=true&useSSL=false&tinyInt1isBit=false&allowPublicKeyRetrieval=true&allowMultiQueries=true&serverTimezone=Asia/Shanghai + url: jdbc:mysql://${common.mysql.host}:${common.mysql.port}/${mysql.db}?characterEncoding=UTF-8&useUnicode=true&useSSL=false&tinyInt1isBit=false&allowPublicKeyRetrieval=true&allowMultiQueries=true&serverTimezone=Asia/Shanghai + username: ${common.mysql.username} + password: ${common.mysql.password} + type: com.alibaba.druid.pool.DruidDataSource + driver-class-name: com.mysql.cj.jdbc.Driver + initial-size: 6 + min-idle: 4 + maxActive: 40 + # 配置获取连接等待超时的时间 + maxWait: 60000 + # 配置间隔多久才进行一次检测,检测需要关闭的空闲连接,单位是毫秒 + timeBetweenEvictionRunsMillis: 60000 + # 配置一个连接在池中最小生存的时间,单位是毫秒 + minEvictableIdleTimeMillis: 300000 + #Oracle需要打开注释 + #validationQuery: SELECT 1 FROM DUAL + testWhileIdle: true + testOnBorrow: false + testOnReturn: false + # 打开PSCache,并且指定每个连接上PSCache的大小 + poolPreparedStatements: true + maxPoolPreparedStatementPerConnectionSize: 20 + # 配置监控统计拦截的filters,去掉后监控界面sql无法统计,'wall'用于防火墙 + filters: slf4j + # 通过connectProperties属性来打开mergeSql功能;慢SQL记录 + connectionProperties: druid.stat.mergeSql\=true;druid.stat.slowSqlMillis\=5000 + wall: + multi-statement-allow: true + slave-1: + # url: jdbc:mysql://10.43.123.226:3306/${spring.application.name}?characterEncoding=UTF-8&useUnicode=true&useSSL=false&tinyInt1isBit=false&allowPublicKeyRetrieval=true&allowMultiQueries=true&serverTimezone=Asia/Shanghai + url: jdbc:mysql://${common.mysql.host}:${common.mysql.port}/${mysql.db}?characterEncoding=UTF-8&useUnicode=true&useSSL=false&tinyInt1isBit=false&allowPublicKeyRetrieval=true&allowMultiQueries=true&serverTimezone=Asia/Shanghai + username: ${common.mysql.username} + password: ${common.mysql.password} + type: com.alibaba.druid.pool.DruidDataSource + driver-class-name: com.mysql.cj.jdbc.Driver + initial-size: 6 + min-idle: 4 + maxActive: 20 + # 配置获取连接等待超时的时间 + maxWait: 60000 + # 配置间隔多久才进行一次检测,检测需要关闭的空闲连接,单位是毫秒 + timeBetweenEvictionRunsMillis: 60000 + # 配置一个连接在池中最小生存的时间,单位是毫秒 + minEvictableIdleTimeMillis: 300000 + #Oracle需要打开注释 + #validationQuery: SELECT 1 FROM DUAL + testWhileIdle: true + testOnBorrow: false + testOnReturn: false + # 打开PSCache,并且指定每个连接上PSCache的大小 + poolPreparedStatements: true + maxPoolPreparedStatementPerConnectionSize: 20 + # 配置监控统计拦截的filters,去掉后监控界面sql无法统计,'wall'用于防火墙,stat已去掉 + filters: slf4j + # 通过connectProperties属性来打开mergeSql功能;慢SQL记录 + connectionProperties: druid.stat.mergeSql\=true;druid.stat.slowSqlMillis\=5000 + wall: + multi-statement-allow: true \ No newline at end of file diff --git a/safety-eval-start/src/main/resources/nacos/config-port.yml b/safety-eval-start/src/main/resources/nacos/config-port.yml new file mode 100644 index 0000000..0255ab3 --- /dev/null +++ b/safety-eval-start/src/main/resources/nacos/config-port.yml @@ -0,0 +1,3 @@ +server: + port: 80 +debug: true \ No newline at end of file diff --git a/safety-eval-start/src/main/resources/nacos/config-redis.yml b/safety-eval-start/src/main/resources/nacos/config-redis.yml new file mode 100644 index 0000000..0b4cc30 --- /dev/null +++ b/safety-eval-start/src/main/resources/nacos/config-redis.yml @@ -0,0 +1,14 @@ +spring: + redis: + host: ${common.redis.host} + password: ${common.redis.password} + port: ${common.redis.port} + timeout: 15000 + database: 0 + prefix: dragon + jedis: + pool: + max-active: 600 + max-idle: 300 + max-wait: 15000 + min-idle: 10 \ No newline at end of file diff --git a/safety-eval-start/src/main/resources/nacos/config-sdk.yml b/safety-eval-start/src/main/resources/nacos/config-sdk.yml new file mode 100644 index 0000000..e352c19 --- /dev/null +++ b/safety-eval-start/src/main/resources/nacos/config-sdk.yml @@ -0,0 +1,19 @@ +sdk: + server: + symmetry-url: jjb-saas-application/application/applications/server/secure/ + app-key: jjb-saas-dragon + client: + security: + gateway: ${gateway.network.http.external} + appKey: ${sdk.client.app-key} + desensitization: + symmetric-key: 1234567887654321 + logging: + gateway: ${sdk.client.security.gateway} + appKey: ${sdk.client.security.app-key} + clientLoggingEnable: true + level: debug + username: user + password: 123456 + showConsoleLog: true + formatConsoleLogJson: true \ No newline at end of file diff --git a/safety-eval-start/src/main/resources/nacos/config-spring.yml b/safety-eval-start/src/main/resources/nacos/config-spring.yml new file mode 100644 index 0000000..284ddb4 --- /dev/null +++ b/safety-eval-start/src/main/resources/nacos/config-spring.yml @@ -0,0 +1,89 @@ +spring: + zipkin: + #zipkin服务所在地址 + base-url: http://jjb-saas-zipkin/ + sender: + type: web #使用http的方式传输数据 + #配置采样百分比 + sleuth: + sampler: + probability: 1 # 将采样比例设置为 1.0,也就是全部都需要。默认是0.1也就是10%,一般情况下,10%就够用了 + web: + resources: + cache: + cachecontrol: + no-store: false + max-age: 10000 + no-cache: false + autoconfigure: + exclude: com.alibaba.druid.spring.boot.autoconfigure.DruidDataSourceAutoConfigure + main: + allow-bean-definition-overriding: true + mvc: + pathmatch: + matching-strategy: ant_path_matcher + messages: + basename: i18n.message + encoding: UTF-8 + flyway: + # 是否启用flyway + enabled: true + # 编码格式,默认UTF-8 + encoding: UTF-8 + # 迁移sql脚本文件存放路径,默认db/migration + locations: classpath:db/migration + # 迁移sql脚本文件名称的前缀,默认V + sql-migration-prefix: V + # 迁移sql脚本文件名称的分隔符,默认2个下划线__ + sql-migration-separator: __ + # 迁移sql脚本文件名称的后缀 + sql-migration-suffixes: .sql + # 迁移时是否进行校验,默认true + validate-on-migrate: true + # 当迁移发现数据库非空且存在没有元数据的表时,自动执行基准迁移,新建schema_version表 + baseline-on-migrate: true +server: + tomcat: + max-http-post-size: 200MB + connection-timeout: 180000 +fastjson: + parser: + safeMode: true +mvc: + pathmatch: + matching-strategy: ANT_PATH_MATCHER +thymeleaf: + prefix: classpath:/templates/ + cache: false +dubbo: + application: + name: ${spring.application.name} + registry: + timeout: 20000 + address: nacos://${spring.cloud.nacos.config.server-addr}?namespace=${spring.cloud.nacos.config.namespace}-facade + check: false + filter: providerContextFilter + protocol: + port: -1 + name: dubbo + consumer: + timeout: 20000 + check: false + filter: consumerContextFilter +logging: + config: classpath:jjb-saas-logback-spring.xml + level: + com.alibaba.nacos.client.naming: OFF + com.alibaba.nacos.client.config.impl: OFF + com.alibaba.nacos.common.remote.client: OFF + +datapermssion: + tenantcondition: + defaultversion: NEWERSION + +easy-retry: + server: + host: http://jjb-saas-config + port: 1788 + + diff --git a/safety-eval-start/src/main/resources/nacos/jjb-saas-demo.yml b/safety-eval-start/src/main/resources/nacos/jjb-saas-demo.yml new file mode 100644 index 0000000..536d952 --- /dev/null +++ b/safety-eval-start/src/main/resources/nacos/jjb-saas-demo.yml @@ -0,0 +1,18 @@ +sdk: + client: + app-key: e6ab3c9abda747b39d7cc12b6dc0f5a0 + gateway: + url: ${common.gateway.network.http.intranet} +swagger: + enabled: ${common.swagger.enabled} + title: 例子 + description: 这是例子项目 + version: ${application.version} + group-name: 例子 +springfox: + documentation: + swagger-ui: + base-url: ${application.gateway} + swagger: + v2: + path: /${application.gateway}/v2/api-docs \ No newline at end of file diff --git a/safety-eval-start/src/main/resources/sdk-prod2.yml b/safety-eval-start/src/main/resources/sdk-prod2.yml new file mode 100644 index 0000000..52bb380 --- /dev/null +++ b/safety-eval-start/src/main/resources/sdk-prod2.yml @@ -0,0 +1,51 @@ +sdk: + server: + app-key: 8790123e6cf1441d9e618346e9c7a17f + client: + gateway: + url: ${common.gateway.network.http.external} + route: + - client: + system-code: ${application.name} + name: ${application.cn-name}-后端 + group-code: public_api + service: + system-code: ${application.name} + name: ${application.cn-name}-后端 + group-code: public_api + strip-prefix: 0 + uri: http://${application.name} + path: /${application.gateway}/** + - client: + system-code: ${application.name}-container + name: ${application.cn-name}-前端 + group-code: public_api + service: + system-code: ${application.name}-container + name: ${application.cn-name}-前端 + group-code: public_api + strip-prefix: 0 + uri: http://jjb-saas-base + path: /${application.gateway}/container/** + order: -2 +openapi: + appId: 2070081274042777600 + appKey: dd367066994a4e93a49e847f26462f60 + appSecret: 9dc007e9-54a1-46d2-af11-589ad117454f + appPublicKey: 3059301306072a8648ce3d020106082a811ccf5501822d03420004023c307eab0553b42f6bc983c299ca2f61f4779846742572a0022c3fd33260997281fd57202bad8e9b9b55da8bda311acc1ac49873ba70f583e0245a7c9fa3aa + appPrivateKey: 3059301306072a8648ce3d020106082a811ccf5501822d0342000446043bd54674d84483cf64b72afa7e6b01b8ca2932a59317ff456c7c047636e39f7a1f00379f79cfba280446195e5b0c2bc34727dac6fd3a8206f2d856ed84d4 + encryptType: SM2 + platform: + - name: default + openPublicKey: 3059301306072a8648ce3d020106082a811ccf5501822d03420004023c307eab0553b42f6bc983c299ca2f61f4779846742572a0022c3fd33260997281fd57202bad8e9b9b55da8bda311acc1ac49873ba70f583e0245a7c9fa3aa + url: ${common.gateway.network.http.intranet} + protocol: HTTP + defaultPlatform: true + ##ciphertext plaintext + type: plaintext + apiPlatform: + - name: default + #多个可以逗号隔开 + apiCode: test:01 + #多个可以逗号隔开,可以为空 + tenantIds: 1838408702262321152