搜索到
86
篇与
的结果
-
ArgoCD project 一、Project创建通过项目,可以配置对应用程序的访问控制策略。例如,可以指定哪些用户或团队有权在特定命名空间或集群中进行部署操作。提供了资源隔离的功能,确保不同项目之间的资源不会互相干扰。这有助于维护不同团队或应用程序之间的清晰界限。 最佳实践应该是为每个gitlab group在argoCD中创建对应的Project,便于各个组之间权限资源相互隔离。1.1webUI创建1.2CLI创建## argocd CLI # login argocd login argocd.idevops.site # list argocd proj list # remove argocd proj remove dev1 # create argocd proj create --help argocd proj create dev2 argocd proj list argocd proj add-source dev2 http://github.com/dev2/app.git1.3yaml创建示例文档: https://argo-cd.readthedocs.io/en/stable/operator-manual/project.yamlapiVersion: argoproj.io/v1alpha1 kind: AppProject metadata: name: dev3 namespace: argocd finalizers: - resources-finalizer.argocd.argoproj.io spec: description: Example Project sourceRepos: - 'https://github.com/dev3/app.git' destinations: - namespace: dev3 server: https://kubernetes.default.svc name: in-cluster # Deny all cluster-scoped resources from being created, except for Namespace clusterResourceWhitelist: - group: '' kind: Namespace # Allow all namespaced-scoped resources to be created, except for ResourceQuota, LimitRange, NetworkPolicy namespaceResourceBlacklist: - group: '' kind: ResourceQuota - group: '' kind: LimitRange - group: '' kind: NetworkPolicy # Deny all namespaced-scoped resources from being created, except for Deployment and StatefulSet namespaceResourceWhitelist: - group: 'apps' kind: Deployment - group: 'apps' kind: StatefulSet二、project配置 2.1webUI配置2.2yaml配置apiVersion: argoproj.io/v1alpha1 kind: AppProject metadata: name: dev1 namespace: argocd spec: clusterResourceBlacklist: - group: "" kind: "" clusterResourceWhitelist: - group: "" kind: Namespace description: dev1 group destinations: - name: in-cluster namespace: dev1 server: https://kubernetes.default.svc namespaceResourceWhitelist: - group: '*' kind: '*' roles: - jwtTokens: - iat: 1684030305 id: 12764563-0582-4d2d-afbc-ab2712c5c47e name: dev1-role policies: - p, proj:dev1:dev1-role, applications, get, dev1/*, allow - p, proj:dev1:dev1-role, applications, sync, dev1/*, allow - p, proj:dev1:dev1-role, applications, delete, dev1/*, deny sourceRepos: - http://gitlab.local.com/devops/** ## 根据项目组配置,允许该组下的所有repo - ""三、ProjectRoleProjectRole 是一种用于定义在特定项目 (Project) 范围内的访问控制策略的资源。它允许你对项目中的资源进行细粒度的权限管理,指定哪些用户或服务账户可以执行哪些操作。ProjectRole 主要用于增强安全性和隔离性,确保只有被授权的用户或系统组件可以对项目内的应用程序和资源进行特定操作。3.1创建role我们在demo项目下创建名为dev的角色,配置权限为:允许get sync操作权限,不允许delete操作。3.2创建JWT Tokenroot@k8s-01:~/argocd# argocd proj role create-token demo-project dev-role WARN[0000] Failed to invoke grpc call. Use flag --grpc-web in grpc calls. To avoid this warning message, use flag --grpc-web. Create token succeeded for proj:demo-project:dev-role. ID: 9c150b55-848f-436c-88db-fe61e95874fc Issued At: 2025-08-19T06:31:59Z Expires At: Never Token: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJhcmdvY2QiLCJzdWIiOiJwcm9qOmRlbW8tcHJvamVjdDpkZXYtcm9sZSIsIm5iZiI6MTc1NTU4NTExOSwiaWF0IjoxNzU1NTg1MTE5LCJqdGkiOiI5YzE1MGI1NS04NDhmLTQzNmMtODhkYi1mZTYxZTk1ODc0ZmMifQ.54fvz4OOOIo-wsK_hwclCmW0oSIJO1vz2Xgv4Axl08s3.3验证测试# 注销之前登录的admin账号 [root@tiaoban ~]# argocd logout argocd.local.com Logged out from 'argocd.local.com' # 使用token查看app列表 [root@tiaoban ~]# argocd app list --auth-token eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJhcmdvY2QiLCJzdWIiOiJwcm9qOmRlbW8tcHJvamVjdDpkZXYtcm9sZSIsIm5iZiI6MTcxOTExNTk0OSwiaWF0IjoxNzE5MTE1OTQ5LCJqdGkiOiI5MDg5OTc0OC1mYjg2LTRlZjktYjNmMC03MWY4MjBjZjEwZDYifQ.RCLx7U-2RdQ_BD5z8sBW3Ghh5RA6DnwU9VHvmU8EgQM WARN[0000] Failed to invoke grpc call. Use flag --grpc-web in grpc calls. To avoid this warning message, use flag --grpc-web. NAME CLUSTER NAMESPACE PROJECT STATUS HEALTH SYNCPOLICY CONDITIONS REPO PATH TARGET argocd/demo https://kubernetes.default.svc demo-project Synced Healthy Auto <none> http://gitlab.local.com/devops/argo-demo.git manifests HEAD # 使用token执行sync操作 [root@tiaoban ~]# argocd app sync argocd/demo --auth-token eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJhcmdvY2QiLCJzdWIiOiJwcm9qOmRlbW8tcHJvamVjdDpkZXYtcm9sZSIsIm5iZiI6MTcxOTExNTk0OSwiaWF0IjoxNzE5MTE1OTQ5LCJqdGkiOiI5MDg5OTc0OC1mYjg2LTRlZjktYjNmMC03MWY4MjBjZjEwZDYifQ.RCLx7U-2RdQ_BD5z8sBW3Ghh5RA6DnwU9VHvmU8EgQM WARN[0000] Failed to invoke grpc call. Use flag --grpc-web in grpc calls. To avoid this warning message, use flag --grpc-web. TIMESTAMP GROUP KIND NAMESPACE NAME STATUS HEALTH HOOK MESSAGE 2024-06-23T12:20:07+08:00 Service default myapp Synced Healthy 2024-06-23T12:20:07+08:00 apps Deployment default myapp Synced Healthy 2024-06-23T12:20:07+08:00 traefik.containo.us IngressRoute default myapp Synced 2024-06-23T12:20:07+08:00 traefik.containo.us IngressRoute default myapp Synced ingressroute.traefik.containo.us/myapp unchanged 2024-06-23T12:20:07+08:00 Service default myapp Synced Healthy service/myapp unchanged 2024-06-23T12:20:07+08:00 apps Deployment default myapp Synced Healthy deployment.apps/myapp unchanged Name: argocd/demo Project: demo-project Server: https://kubernetes.default.svc Namespace: URL: https://argocd.local.com/applications/argocd/demo Source: - Repo: http://gitlab.local.com/devops/argo-demo.git Target: HEAD Path: manifests SyncWindow: Sync Allowed Sync Policy: Automated Sync Status: Synced to HEAD (0ea8019) Health Status: Healthy Operation: Sync Sync Revision: 0ea801988a54f0ad73808454f2fce5030d3e28ef Phase: Succeeded Start: 2024-06-23 12:20:07 +0800 CST Finished: 2024-06-23 12:20:07 +0800 CST Duration: 0s Message: successfully synced (all tasks run) GROUP KIND NAMESPACE NAME STATUS HEALTH HOOK MESSAGE Service default myapp Synced Healthy service/myapp unchanged apps Deployment default myapp Synced Healthy deployment.apps/myapp unchanged traefik.containo.us IngressRoute default myapp Synced ingressroute.traefik.containo.us/myapp unchanged # 使用token删除应用,提示权限拒绝 [root@tiaoban ~]# argocd app delete argocd/demo --auth-token eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJhcmdvY2QiLCJzdWIiOiJwcm9qOmRlbW8tcHJvamVjdDpkZXYtcm9sZSIsIm5iZiI6MTcxOTExNTk0OSwiaWF0IjoxNzE5MTE1OTQ5LCJqdGkiOiI5MDg5OTc0OC1mYjg2LTRlZjktYjNmMC03MWY4MjBjZjEwZDYifQ.RCLx7U-2RdQ_BD5z8sBW3Ghh5RA6DnwU9VHvmU8EgQM WARN[0000] Failed to invoke grpc call. Use flag --grpc-web in grpc calls. To avoid this warning message, use flag --grpc-web. Are you sure you want to delete 'argocd/demo' and all its resources? [y/n] y FATA[0001] rpc error: code = PermissionDenied desc = permission denied: applications, delete, demo-project/demo, sub: proj:demo-project:dev-role, iat: 2024-06-23T04:12:29Z -
ArgoCD快速体验 一、gitlab仓库配置创建一个名为Argo Demo的仓库,在manifests目录下仅包含应用的yaml文件,文件内容如下apiVersion: apps/v1 kind: Deployment metadata: name: myapp namespace: default spec: selector: matchLabels: app: myapp template: metadata: labels: app: myapp spec: containers: - name: myapp image: ikubernetes/myapp:v1 resources: limits: memory: "128Mi" cpu: "500m" ports: - containerPort: 80 --- apiVersion: v1 kind: Service metadata: name: myapp namespace: default spec: type: ClusterIP selector: app: myapp ports: - port: 80 targetPort: 80 --- apiVersion: traefik.io/v1alpha1 kind: IngressRoute metadata: name: myapp namespace: default spec: entryPoints: - web routes: - match: Host(`myapp.test.com`) kind: Rule services: - name: myapp port: 80 gitlab仓库如下:二、vargocd配置 2.1添加仓库地址添加仓库地址,Settings → Repositories,点击 CONNECT REPO 按钮添加仓库,填写以下信息验证通过后显示如下,点击创建应用创建应用创建完后如下所示三、访问验证 3.1验证应用部署状态查看k8s创建的资源信息,发现已经成功创建了对应的资源root@k8s-01:~/argocd# kubectl get pod NAME READY STATUS RESTARTS AGE myapp-fd4fd598f-kkrck 1/1 Running 0 113s root@k8s-01:~/argocd# kubectl get svc NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 19d myapp ClusterIP 10.101.17.194 <none> 80/TCP 2m2s root@k8s-01:~/argocd# kubectl get ingressroute NAME AGE myapp 2m13s 访问web页面验证3.2版本更新接下来模拟配置变更,将镜像版本从v1改为v2Argo CD默认每180秒同步一次,查看argocd信息,发现已经自动同步了yaml文件,并且正在进行发布访问web页面状态,发现已经完成了发布工作。此时整个应用关联关系如下3.3版本回退点击history and rollback即可看到整个应用的所有发布记录,并且可以选择指定版本进行回退操作。再次访问发现已经回退到v1版本
-
ArgoCD部署 一、安装Argo CD 1.1创建nskubectl create namespace argocd1.2安装argocdkubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml注意事项:默认下载的是最新版argocd,安装argocd时,务必参阅支持的k8s版本列表,否则会出现安装失败pod运行异常的情况。 参考文档:https://argo-cd.readthedocs.io/en/stable/operator-manual/installation/#supported-versions 由于k8s集群版本为1.27.6。因此安装的argo cd版本为2.11.3,yaml文件地址:https://github.com/argoproj/argo-cd/blob/v2.11.3/manifests/install.yaml执行成功后会在argocd的namespace下创建如下资源。 root@k8s-01:~/argocd# kubectl get all -n argocd NAME READY STATUS RESTARTS AGE pod/argocd-application-controller-0 1/1 Running 0 4m9s pod/argocd-applicationset-controller-7c75857ff5-9lrzm 1/1 Running 0 4m9s pod/argocd-dex-server-7496f974df-p9ms2 1/1 Running 0 92s pod/argocd-notifications-controller-66f486587f-grsgd 1/1 Running 0 4m9s pod/argocd-redis-544dbfdbc5-sbvn8 1/1 Running 0 4m9s pod/argocd-repo-server-87d6bf9b7-txql5 1/1 Running 0 4m9s pod/argocd-server-b54fdb74d-jsfwr 1/1 Running 0 4m9s NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE service/argocd-applicationset-controller ClusterIP 10.108.48.9 <none> 7000/TCP,8080/TCP 4m9s service/argocd-dex-server ClusterIP 10.104.66.145 <none> 5556/TCP,5557/TCP,5558/TCP 4m9s service/argocd-metrics ClusterIP 10.110.242.240 <none> 8082/TCP 4m9s service/argocd-notifications-controller-metrics ClusterIP 10.108.2.224 <none> 9001/TCP 4m9s service/argocd-redis ClusterIP 10.111.74.193 <none> 6379/TCP 4m9s service/argocd-repo-server ClusterIP 10.111.94.151 <none> 8081/TCP,8084/TCP 4m9s service/argocd-server ClusterIP 10.102.209.251 <none> 80/TCP,443/TCP 4m9s service/argocd-server-metrics ClusterIP 10.99.167.144 <none> 8083/TCP 4m9s NAME READY UP-TO-DATE AVAILABLE AGE deployment.apps/argocd-applicationset-controller 1/1 1 1 4m9s deployment.apps/argocd-dex-server 1/1 1 1 4m9s deployment.apps/argocd-notifications-controller 1/1 1 1 4m9s deployment.apps/argocd-redis 1/1 1 1 4m9s deployment.apps/argocd-repo-server 1/1 1 1 4m9s deployment.apps/argocd-server 1/1 1 1 4m9s NAME DESIRED CURRENT READY AGE replicaset.apps/argocd-applicationset-controller-7c75857ff5 1 1 1 4m9s replicaset.apps/argocd-dex-server-7496f974df 1 1 1 4m9s replicaset.apps/argocd-notifications-controller-66f486587f 1 1 1 4m9s replicaset.apps/argocd-redis-544dbfdbc5 1 1 1 4m9s replicaset.apps/argocd-repo-server-87d6bf9b7 1 1 1 4m9s replicaset.apps/argocd-server-b54fdb74d 1 1 1 4m9s NAME READY AGE statefulset.apps/argocd-application-controller 1/1 4m9s root@k8s-01:~/argocd# 二、web访问argocd访问Argo server的方式有两种: 1. 通过web ui 2. 使用argocd 客户端工具2.1访问web ui(NodePort方式)通过kubectl edit -n argocd svc argocd-server将service的type类型从ClusterIP改为NodePort。改完后通过以下命令查看端口:root@k8s-01:~/argocd# kubectl get svc -n argocd NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE argocd-applicationset-controller ClusterIP 10.108.48.9 <none> 7000/TCP,8080/TCP 9m34s argocd-dex-server ClusterIP 10.104.66.145 <none> 5556/TCP,5557/TCP,5558/TCP 9m34s argocd-metrics ClusterIP 10.110.242.240 <none> 8082/TCP 9m34s argocd-notifications-controller-metrics ClusterIP 10.108.2.224 <none> 9001/TCP 9m34s argocd-redis ClusterIP 10.111.74.193 <none> 6379/TCP 9m34s argocd-repo-server ClusterIP 10.111.94.151 <none> 8081/TCP,8084/TCP 9m34s argocd-server ClusterIP 10.102.209.251 <none> 80/TCP,443/TCP 9m34s argocd-server-metrics ClusterIP 10.99.167.144 <none> 8083/TCP 9m34s root@k8s-01:~/argocd# root@k8s-01:~/argocd# root@k8s-01:~/argocd# root@k8s-01:~/argocd# root@k8s-01:~/argocd# kubectl edit -n argocd svc argocd-serve Error from server (NotFound): services "argocd-serve" not found root@k8s-01:~/argocd# kubectl edit -n argocd svc argocd-server service/argocd-server edited root@k8s-01:~/argocd# kubectl get svc -n argocd NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE argocd-applicationset-controller ClusterIP 10.108.48.9 <none> 7000/TCP,8080/TCP 12m argocd-dex-server ClusterIP 10.104.66.145 <none> 5556/TCP,5557/TCP,5558/TCP 12m argocd-metrics ClusterIP 10.110.242.240 <none> 8082/TCP 12m argocd-notifications-controller-metrics ClusterIP 10.108.2.224 <none> 9001/TCP 12m argocd-redis ClusterIP 10.111.74.193 <none> 6379/TCP 12m argocd-repo-server ClusterIP 10.111.94.151 <none> 8081/TCP,8084/TCP 12m argocd-server NodePort 10.102.209.251 <none> 80:31232/TCP,443:32542/TCP 12m argocd-server-metrics ClusterIP 10.99.167.144 <none> 8083/TCP 12m https://192.168.30.180:31232/2.2获取admin密码用户名为admin,密码通过以下方式获取。 root@k8s-01:~/argocd# kubectl get secrets argocd-initial-admin-secret -n argocd -o jsonpath="{.data.password}" | base64 -d DCg5oVXU8Xd-rNMW root@k8s-01:~/argocd# 2.3访问web ui(ingress方式)访问web ui必须使用https方式访问,以traefik为例,创建ingressroute资源 # 创建证书文件 root@k8s-01:~/argocd# kubectl get secrets argocd-initial-admin-secret -n argocd -o jsonpath="{.data.password}" | base64 -d DCg5oVXU8Xd-rNMWroot@kopenssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/CN=argocd.local.com"rgocd.local.com" ..+..........+......+..+...+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*...+......+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+.+...+.....+....+...+..+...+....+...+..................+...+...............+.....+.+...+......+.........+..+...+.+.....+.+......+..+.............+............+..+....+.....+....+....................+..........+.....+...+...+.+.........+.....+......+.+..+.......+......+........+.+.....+.............+..+.............+.....+.+......+......+.....+.........+.+..+............+....+..+...+.+...+..+..........+...........+...+....+......+......+...+.....+.+..+........................+.+..+.............+..+.+.........+...+..+......+.+.....+.+..............+......+....+...+...........+..........+..+.........+...+.............+..+.+.....+......+...+......+....+......+.........+.....+.+..+.........................+..+............+.+...+......+...........+....+...+........+...+.+.....+......+...+.........+...+.......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ..........+...+..........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+....+.....+.+.........+.....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ----- root@k8s-01:~/argocd# kubectl create secret tls argocd-tls --cert=tls.crt --key=tls.key -n argocd secret/argocd-tls created root@k8s-01:~/argocd# kubectl describe secrets argocd-tls -n argocd Name: argocd-tls Namespace: argocd Labels: <none> Annotations: <none> Type: kubernetes.io/tls Data ==== tls.crt: 1131 bytes tls.key: 1704 bytes #创建ingress资源 root@k8s-01:~/argocd# cat ingress.yaml apiVersion: traefik.io/v1alpha1 kind: ServersTransport metadata: name: argocd-transport namespace: argocd spec: serverName: "argocd.local.com" insecureSkipVerify: true --- apiVersion: traefik.io/v1alpha1 kind: IngressRoute metadata: name: argocd-tls namespace: argocd spec: entryPoints: - websecure routes: - match: Host(`argocd.local.com`) kind: Rule services: - name: argocd-server port: 443 serversTransport: argocd-transport tls: secretName: argocd-tls root@k8s-01:~/argocd# kubectl apply -f ingress.yaml serverstransport.traefik.io/argocd-transport created ingressroute.traefik.io/argocd-tls created添加hosts解析记录 192.168.30.180 argocd.local.com三、客户端工具访问argocd 3.1下载argocd客户端工具root@k8s-01:~/argocd# ls argocd-linux-amd64 ingress.yaml install.yaml tls.crt tls.key root@k8s-01:~/argocd# mv argocd-linux-amd64 /usr/local/bin/argocd root@k8s-01:~/argocd# chmod u+x /usr/local/bin/argocd root@k8s-01:~/argocd# argocd version argocd: v2.11.3+3f344d5 BuildDate: 2024-06-06T08:42:00Z GitCommit: 3f344d54a4e0bbbb4313e1c19cfe1e544b162598 GitTreeState: clean GoVersion: go1.21.9 Compiler: gc Platform: linux/amd64 FATA[0000] Argo CD server address unspecified 3.2客户端工具登录argocdroot@k8s-01:~/argocd# argocd login argocd.local.com:30443 --username admin --password DCg5oVXU8Xd-rNMW WARNING: server certificate had error: tls: failed to verify certificate: x509: certificate relies on legacy Common Name field, use SANs instead. Proceed insecurely (y/n)? y WARN[0020] Failed to invoke grpc call. Use flag --grpc-web in grpc calls. To avoid this warning message, use flag --grpc-web. 'admin:login' logged in successfully Context 'argocd.local.com:30443' updated 3.3修改密码root@k8s-01:~/argocd# argocd account update-password --account admin --current-password DCg5oVXU8Xd-rNMW --new-password '30044844Abc@' WARN[0000] Failed to invoke grpc call. Use flag --grpc-web in grpc calls. To avoid this warning message, use flag --grpc-web. Password updated Context 'argocd.local.com:30443' updated
-
ArgoCD简介 一、ArgoCD简介Argo CD 是 Kubernetes 生态中非常受欢迎的 GitOps 工具。Argo CD 可以整合我们的代码仓库,轻松定义一组应用程序,并在多 Kubernetes 集群中轻松部署我们定义的应用程序,部署完成之后 Argo CD 可以持续监控应用的状态,根据我们对应用的声明捕捉偏移,进行持续的部署。二、工作流程 1. Argo CD 从 Git Repo 拉取应用的配置,部署在 Kubernetes 集群中。 2. 当有人新增功能时,提交一个 Pull Requests 到 Git Repo 修改应用的部署配置,等待合并。 3. 在 Pull Requests 合并之后,通过 Webhook 触发 Argo CD 执行更新操作。 4. 应用得到更新,发送通知三、架构组件 在 Argo CD 的处理逻辑中,定义了四个组件: 1. Event Source,接入各种事件消息 2. Sensor,将消息转换为触发的动作 3. Eventbus,消息订阅路由系统 4. Trigger,触发外部的实际动作对于运维人员,需要了解的主要是两点: Argo CD 可以处理什么事件? AMQP、AWS SNS、AWS SQS、Cron Schedules、GCP PubSub、GitHub、GitLab、HDFS、File Based Events、Kafka、Minio、NATS、MQTT、K8s Resources、Slack、NetApp StorageGrid、Webhooks、Stripe、NSQ、Emitter、Redis、Azure Events Hub Argo CD 可以处理执行哪些动作? Argo Workflows、Standard K8s Objects、HTTP Requests、AWS Lambda、NATS Messages、Kafka Messages、Slack Notifications、Argo Rollouts CR、Custom / Build Your Own Triggers、Apache OpenWhisk四、ArgoCD部署方式
-
thingsboard 安装部署 一、安装 Java (OpenJDK 17)#ThingsBoard 3.x+ 需要 Java 11 或更高版本。Rocky Linux 9 仓库默认提供 OpenJDK 17。 sudo dnf install -y java-17-openjdk-devel #验证安装 java -version二、安装postgresql#如果有服务端的话 安装客户端即可 sudo dnf install postgresql #ThingsBoard 使用 PostgreSQL 作为主数据库。Rocky Linux 9 默认仓库提供较新版本的 PostgreSQL(如 13 或更高)。 #安装 PostgreSQL Server & Client sudo dnf install -y postgresql-server postgresql-contrib #初始化数据库(如果尚未初始化) sudo postgresql-setup --initdb --unit postgresql #启动并启用 PostgreSQL 服务 sudo systemctl enable postgresql sudo systemctl start postgresql 三、创建 ThingsBoard 数据库和用户[root@localhost ~]# psql -h 192.168.30.23 -p 5432 -U postgres Password for user postgres: psql (13.20, server 12.22) Type "help" for help. postgres=# CREATE USER thingsboard WITH PASSWORD 'axing123456'; CREATE ROLE postgres=# CREATE DATABASE thingsboard WITH OWNER thingsboard; CREATE DATABASE postgres=# GRANT ALL PRIVILEGES ON DATABASE thingsboard TO thingsboard; GRANT postgres=# \q -- 创建一个名为 thingsboard 的新用户(role),并设置密码(请替换 'PUT_YOUR_STRONG_PASSWORD_HERE' 为强密码!) CREATE USER thingsboard WITH PASSWORD 'PUT_YOUR_STRONG_PASSWORD_HERE'; -- 创建一个名为 thingsboard 的新数据库,并指定所有者(owner)为刚刚创建的 thingsboard 用户 CREATE DATABASE thingsboard WITH OWNER thingsboard; -- 授予新用户所有权限 (通常 CREATE USER 和 CREATE DATABASE 已隐含足够权限,此步可选但推荐) GRANT ALL PRIVILEGES ON DATABASE thingsboard TO thingsboard; -- 退出 psql \q四、配置 ThingsBoard 存储库#下载地址 https://github.com/thingsboard/thingsboard/releases/tag/v3.9 #安装 [root@rabbit3 ~]# ls anaconda-ks.cfg mq redis.tar thingsboard-3.9.rpm [root@rabbit3 ~]# sudo dnf install -y ./thingsboard-3.9.rpm 五、初始化数据库 Schema#执行 vi /usr/share/thingsboard/conf/thingsboard.yml 修改postgresql连接地址和账号密码[root@rabbit3 ~]# sudo /usr/share/thingsboard/bin/install/install.sh --loadDemo OpenJDK 64-Bit Server VM warning: Option UseBiasedLocking was deprecated in version 15.0 and will likely be removed in a future release. ______ __ _ ____ __ /_ __/ / /_ (_) ____ ____ _ _____ / __ ) ____ ____ _ _____ ____/ / / / / __ \ / / / __ \ / __ `/ / ___/ / __ | / __ \ / __ `/ / ___/ / __ / / / / / / / / / / / / / / /_/ / (__ ) / /_/ / / /_/ // /_/ / / / / /_/ / /_/ /_/ /_/ /_/ /_/ /_/ \__, / /____/ /_____/ \____/ \__,_/ /_/ \__,_/ /____/ =================================================== :: ThingsBoard :: (v3.9.0) =================================================== Starting ThingsBoard Installation... Installing DataBase schema for entities... Installing SQL DataBase schema part: schema-entities.sql Installing SQL DataBase schema indexes part: schema-entities-idx.sql Installing SQL DataBase schema PostgreSQL specific indexes part: schema-entities-idx-psql-addon.sql Installing SQL DataBase schema views and functions: schema-views-and-functions.sql Successfully executed query: DROP VIEW IF EXISTS device_info_view CASCADE; Successfully executed query: CREATE OR REPLACE VIEW device_info_view AS SELECT * FROM device_info_active_attribute_view; Installing DataBase schema for timeseries... Installing SQL DataBase schema part: schema-ts-psql.sql Successfully executed query: CREATE TABLE IF NOT EXISTS ts_kv_indefinite PARTITION OF ts_kv DEFAULT; Loading system data... Creating JWT admin settings... Loading system widgets Loading system SCADA symbols Creating default notification configs for system admin Creating default notification configs for all tenants Loading system images and resources... Loading demo data... Installation finished successfully! ThingsBoard installed successfully! [root@rabbit3 ~]# sudo systemctl enable thingsboard sudo systemctl start thingsboard #查看状态 [root@rabbit3 ~]# sudo systemctl status thingsboard ● thingsboard.service - thingsboard Loaded: loaded (/usr/lib/systemd/system/thingsboard.service; enabled; preset: disabled) Active: active (running) since Thu 2025-08-14 10:05:16 CST; 3s ago Main PID: 7315 (thingsboard.jar) Tasks: 25 (limit: 48682) Memory: 209.7M CPU: 7.018s CGroup: /system.slice/thingsboard.service ├─7315 /bin/bash /usr/share/thingsboard/bin/thingsboard.jar └─7330 /usr/bin/java -Dsun.misc.URLClassPath.disableJarChecking=true -Dplatform=rpm -Dinstall.data_dir=/usr/share/thingsboard/data "-Xlog:gc*,heap*,age*,safepoint=debug:file=/var/log/thingsboard/gc.log:time,uptime,l> Aug 14 10:05:16 rabbit3 thingsboard.jar[7330]: OpenJDK 64-Bit Server VM warning: Option UseBiasedLocking was deprecated in version 15.0 and will likely be removed in a future release. Aug 14 10:05:18 rabbit3 thingsboard.jar[7330]: ______ __ _ ____ __ Aug 14 10:05:18 rabbit3 thingsboard.jar[7330]: /_ __/ / /_ (_) ____ ____ _ _____ / __ ) ____ ____ _ _____ ____/ / Aug 14 10:05:18 rabbit3 thingsboard.jar[7330]: / / / __ \ / / / __ \ / __ `/ / ___/ / __ | / __ \ / __ `/ / ___/ / __ / Aug 14 10:05:18 rabbit3 thingsboard.jar[7330]: / / / / / / / / / / / / / /_/ / (__ ) / /_/ / / /_/ // /_/ / / / / /_/ / Aug 14 10:05:18 rabbit3 thingsboard.jar[7330]: /_/ /_/ /_/ /_/ /_/ /_/ \__, / /____/ /_____/ \____/ \__,_/ /_/ \__,_/ Aug 14 10:05:18 rabbit3 thingsboard.jar[7330]: /____/ Aug 14 10:05:18 rabbit3 thingsboard.jar[7330]: =================================================== Aug 14 10:05:18 rabbit3 thingsboard.jar[7330]: :: ThingsBoard :: (v3.9.0) Aug 14 10:05:18 rabbit3 thingsboard.jar[7330]: =================================================== 六、访问webhttp://192.168.30.26:8080/ 系统管理员: Username: tenant@thingsboard.org Password: tenant 租户管理员: Username: customer@thingsboard.org Password: customer (重要!) 首次登录后立即更改这些默认密码!#日志查看 sudo tail -f /var/log/thingsboard/thingsboard.log
