Docker¶
从 v1.0.0 (alpha/beta) 开始,Luban 多集群管理要求 Kubernetes >= 1.12 以上版本的集群使用。
Warning
若系统未安装docker, 请参考文档进行安装 https://docs.docker.com/get-docker/
使用docker-compose快速启动¶
配置文件示例
-
拷贝源码etc目录下的config_example.yaml配置文件命名为 config.yaml
-
若使用ldap方式登录,请在配置文件中定义ldap搜索域及管理员账号密码
-
需要在当前目录创建luban-data/files,用于存储录像文件
mkdir -p ./luban-data/files
version: "3"
services:
luban-fe:
image: registry.cn-hangzhou.aliyuncs.com/dnsjia/luban-fe:latest
restart: always
ports:
- "80:80"
depends_on:
- luban-backend1
networks:
- luban_network
luban-backend1:
image: registry.cn-hangzhou.aliyuncs.com/dnsjia/luban:latest
environment:
- TZ=Asia/Shanghai
restart: always
expose:
- "8999"
volumes:
- ./etc/config.yaml:/apps/luban/etc/config.yaml
- ./luban-data:/luban-data
- /etc/localtime:/etc/localtime
- /etc/machine-id:/etc/machine-id
depends_on:
- luban-mysql
- luban-redis
- luban-guacd
networks:
- luban_network
luban-mysql:
image: registry.cn-hangzhou.aliyuncs.com/dnsjia/mysql:5.7
restart: always
expose:
- "3306"
environment:
MYSQL_DATABASE: luban
MYSQL_USER: luban
MYSQL_PASSWORD: luban
MYSQL_ROOT_PASSWORD: luban
MYSQL_CHARSET: utf8mb4
MYSQL_COLLATION: utf8mb4_general_ci
volumes:
- ./mysql-data:/var/lib/mysql
- /etc/localtime:/etc/localtime
networks:
- luban_network
luban-redis:
image: registry.cn-hangzhou.aliyuncs.com/dnsjia/redis:latest
restart: always
expose:
- "6379"
volumes:
#- redis.conf:/etc/redis/redis.conf
- ./redis-data:/data
networks:
- luban_network
luban-guacd:
image: registry.cn-hangzhou.aliyuncs.com/dnsjia/guacd:latest
restart: always
expose:
- "4822"
volumes:
- ./luban-data:/luban-data
networks:
- luban_network
networks:
luban_network:
http:
mode: 'private' # Change to "develop" to skip authentication for development mode, change to "private" authentication
listen: 8999
rpc: 40737
jwt: "luban"
# mysql configuration
mysql:
path: 'luban-mysql:3306'
db-name: 'luban'
username: 'luban'
password: 'luban'
max-idle-conns: 10
max-open-conns: 100
conn-max-idle-time: 60
conn-max-life-time: 600
log-mode: false
log-zap: "Error" # Error/Warn/Info/Silent
redis:
addr: 'luban-redis:6379'
db: 0
username: ''
password: ''
poolSize: 10
dialTimeout:
readTimeout:
writeTimeout:
ldap:
enable: true
host: 172.16.10.134
port: 389
baseDn: "ou=infra,dc=xxxx,dc=com"
# AD: manange@example.org
bindUser: "cn=admin,dc=xxxx,dc=com"
bindPass: "123456"
# openldap: (&(uid=%s))
# AD: (&(sAMAccountName=%s))
#authFilter: "(&(uid=%s))"
authFilter: "(&(objectClass=*)(cn=%s))"
attributes:
nickname: "displayName"
email: "mail"
phone: "mobile"
uid: "uidNumber"
coverAttributes: false
autoRegist: true
tls: false
startTLS: false
log:
# stdout, stderr, file
format: 'file'
level: 'INFO'
director: './logs'
# casbin configuration
casbin:
model-path: './etc/rbac_model.conf'
# cloudSync Task
schedule:
ecs: "00 */30 * * *"
# dingding qrcode
dingtalk:
appid: ''
secret: ''
url: 'https://oapi.dingtalk.com'
# 允许登录的邮箱后缀 test@luban.com [luban.com]
allow-suffix: 'luban.com'
giraffe:
token: '951ebc8e-15f1-48d3-af2d-b28def327067'
# giraffe gateway
addr: '127.0.0.1:45459'
monitor:
# docker监控使用
prometheus: 'http://192.168.10.167:9090'
# 对外暴露的端口号
cadvisor-expose-port: '58080'
guacamole:
# guacd is server-side proxy
guacd-addr: 'luban-guacd:4822'
# 存储传输文件的目录
drive-path: '/luban-data/files'
# 会话录制
recording-path: '/luban-data/recording'
# 文本会话记录
typescript-path: '/luban-data/text-recording'
asynq:
# 重试次数
max-retry: 5
# 任务超时时间 Minute
timeout: 30
# 任务保留时间 Hour 30*24=720
retention: 720
system:
# 是否开启自动创建表, 生产环境建议设置为 false
auto-migrate-db: false
sshd:
enable: true
addr: 0.0.0.0:18999
key: ~/.ssh/id_rsa
smtp:
host: "smtp.exmail.qq.com"
# tls 465, default 25
port: 465
user: ""
pass: ""
from: ""
tls: true
insecure-skip-verify: true
deploy:
webhook: 'https://oapi.dingtalk.com/robot/send?access_token=your dingtalk robot token'
dms:
access-key: ""
secret-key: ""
region-id: "cn-hangzhou"
# 租户id
tid:
[request_definition]
r = sub, obj, act
[policy_definition]
p = sub, obj, act
[role_definition]
g = _, _
[policy_effect]
e = some(where (p.eft == allow))
[matchers]
m = r.sub == p.sub && ParamsMatch(r.obj,p.obj) && r.act == p.act
如何修改资产同步周期
# cloudSync Task
schedule:
ecs: "00 */30 * * *"
Danger
./mysql-data 为鲁班数据库目录,删除后将导致数据丢失
mkdir -p ./mysql-data
启动¶
docker-compose -f docker-compose.yaml up -d
执行docker ps 查看容器状态¶
docker ps -a
导入SQL¶
全量更新SQL: https://docs.dnsjia.com/upgrade/sql/v2.8.0.sql
Success
使用 docker logs luban 查看日志,若显示以下内容则表明安装成功
- 默认账号密码:
admin/luban123.
当前使用config的默认值, 配置路径为etc/config.yaml
asynq: pid=1 2023/04/14 07:08:19.433033 INFO: Scheduler starting
asynq: pid=1 2023/04/14 07:08:19.433058 INFO: Scheduler timezone is set to UTC
asynq: pid=1 2023/04/14 07:08:19.433236 INFO: Starting processing
恭喜你安装成功, 快来体验一下吧?
