sql审计平台部署
其它数据库管理平台:Orchestrator部署
包链接:https://github.com/hhyo/Archery/tree/master
部署链接:https://github.com/hhyo/Archery/wiki
获取链接地址:下载包
[root@mcw01 opt]# ls
Archery-master containerd hadoop jdk-8u191-linux-x64.tar.gz master.zip
[root@mcw01 opt]# wget https://github.com/hhyo/Archery/archive/refs/heads/master.zip
此时已经安装了docker的。没有docker-compose. ,安装参考:https://www.cnblogs.com/machangwei-8/p/16864532.html
下载 Releases文件,解压后进入docker-compose文件夹 如果网络受限可访问码云地址: gitee
打开 docker-compose.yml 在 service.archery.image 区域确认你所需要的镜像版本,如果你使用私有镜像,此处应填私有镜像地址
#启动 docker compose -f docker-compose.yml up -d #表结构初始化 docker exec -ti archery /bin/bash cd /opt/archery source /opt/venv4archery/bin/activate python3 manage.py makemigrations sql python3 manage.py migrate #数据初始化 python3 manage.py dbshell<sql/fixtures/auth_group.sql python3 manage.py dbshell<src/init_sql/mysql_slow_query_review.sql #创建管理用户 python3 manage.py createsuperuser #重启服务 docker restart archery #日志查看和问题排查 docker logs archery -f --tail=10 logs/archery.log
部署报错:
[root@mcw01 docker-compose]# docker compose -f docker-compose.yml up -d [+] Running 2/3 ⠿ Container goinception Running 0.0s ⠿ Container redis Running 0.0s ⠋ Container mysql Starting 0.1s Error response from daemon: driver failed programming external connectivity on endpoint mysql (4bcc6a829b8af0baed8a4670f18f24c3c1eabe4a7957eacca56ff7636fad5839): Error starting userland proxy: listen tcp4 0.0.0.0:3306: bind: address already in use [root@mcw01 docker-compose]#
部署需要拉取这四个镜像
[root@mcw01 docker-compose]# docker compose -f docker-compose.yml up -d [+] Running 2/3 ⠿ Container goinception Running 0.0s ⠿ Container redis Running 0.0s ⠋ Container mysql Starting 0.1s Error response from daemon: driver failed programming external connectivity on endpoint mysql (4bcc6a829b8af0baed8a4670f18f24c3c1eabe4a7957eacca56ff7636fad5839): Error starting userland proxy: listen tcp4 0.0.0.0:3306: bind: address already in use [root@mcw01 docker-compose]#
停掉当前不用的数据库
systemctl stop mysqld
#启动
[root@mcw01 docker-compose]# docker compose -f docker-compose.yml up -d [+] Running 4/4 ⠿ Container goinception Running 0.0s ⠿ Container redis Healthy 1.4s ⠿ Container mysql Healthy 12.0s ⠿ Container archery Started 2.0s [root@mcw01 docker-compose]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 7ce2c1570022 hhyo/archery:v1.10.0 "bash /opt/archery/s…" 9 hours ago Up 18 seconds 0.0.0.0:9123->9123/tcp, :::9123->9123/tcp archery e47d0665abdc redis:5 "docker-entrypoint.s…" 9 hours ago Up 9 hours (healthy) 6379/tcp redis 11b701c9a8d8 hanchuanchuan/goinception "/usr/local/bin/dumb…" 9 hours ago Up 9 hours 0.0.0.0:4000->4000/tcp, :::4000->4000/tcp goinception 22e12659e764 mysql:5.7 "docker-entrypoint.s…" 9 hours ago Up 31 seconds (healthy) 0.0.0.0:3306->3306/tcp, :::3306->3306/tcp, 33060/tcp mysql [root@mcw01 docker-compose]#
#表结构初始化
[root@mcw01 docker-compose]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 7ce2c1570022 hhyo/archery:v1.10.0 "bash /opt/archery/s…" 9 hours ago Up 18 seconds 0.0.0.0:9123->9123/tcp, :::9123->9123/tcp archery e47d0665abdc redis:5 "docker-entrypoint.s…" 9 hours ago Up 9 hours (healthy) 6379/tcp redis 11b701c9a8d8 hanchuanchuan/goinception "/usr/local/bin/dumb…" 9 hours ago Up 9 hours 0.0.0.0:4000->4000/tcp, :::4000->4000/tcp goinception 22e12659e764 mysql:5.7 "docker-entrypoint.s…" 9 hours ago Up 31 seconds (healthy) 0.0.0.0:3306->3306/tcp, :::3306->3306/tcp, 33060/tcp mysql [root@mcw01 docker-compose]# [root@mcw01 docker-compose]# docker exec -ti archery /bin/bash [root@7ce2c1570022 archery]# cd /opt/archery [root@7ce2c1570022 archery]# ls admin.sh CODE_OF_CONDUCT.md CONTRIBUTING.md docs keys local_settings.py manage.py media README.md sql src static supervisord.pid archery common debug.sh downloads LICENSE logs masking.sh __pycache__ requirements.txt sql_api startup.sh supervisord.conf [root@7ce2c1570022 archery]# ls .. archery microsoft venv4archery [root@7ce2c1570022 archery]# ls /opt/ archery microsoft venv4archery [root@7ce2c1570022 archery]# ls bin ls: cannot access bin: No such file or directory [root@7ce2c1570022 archery]# ls /opt/venv4archery/ bin cx_Oracle-doc include lib pyvenv.cfg share [root@7ce2c1570022 archery]# ls /opt/venv4archery/bin/ activate activate.nu django-admin f2py3 geomet jsonschema pasteurize pip3 __pycache__ python qr sshtunnel tqdm wheel-3.9 activate.csh activate.ps1 echo_supervisord_conf f2py3.9 gunicorn jws pidproxy pip-3.9 pyodps-pack python3 schemasync supervisorctl wheel wheel3.9 activate.fish activate_this.py f2py futurize jp.py normalizer pip pip3.9 pyou python3.9 sqlformat supervisord wheel3 [root@7ce2c1570022 archery]# [root@7ce2c1570022 archery]# [root@7ce2c1570022 archery]# source /opt/venv4archery/bin/activate (venv4archery) [root@7ce2c1570022 archery]# which python3 /opt/venv4archery/bin/python3 (venv4archery) [root@7ce2c1570022 archery]# which python /opt/venv4archery/bin/python (venv4archery) [root@7ce2c1570022 archery]# python3 manage.py makemigrations sql 2023-12-30 19:04:00,793 - environ.environ - INFO - /opt/archery/.env not found - if you're not configuring your environment separately, check this. Migrations for 'sql': sql/migrations/0001_initial.py - Create model SlowQuery - Create model SlowQueryHistory - Create model ArchiveConfig - Create model AuditEntry - Create model CloudAccessKey - Create model Config - Create model DataMaskingRules - Create model Instance - Create model InstanceTag - Create model Permission - Create model QueryLog - Create model ResourceGroup - Create model SqlWorkflow - Create model Tunnel - Create model WorkflowAuditDetail - Create model WorkflowLog - Create model WorkflowAuditSetting - Create model WorkflowAudit - Create model SqlWorkflowContent - Create model QueryPrivilegesApply - Create model ParamTemplate - Create model ParamHistory - Add field instance_tag to instance - Add field resource_group to instance - Add field tunnel to instance - Create model DataMaskingColumns - Create model ArchiveLog - Add field dest_instance to archiveconfig - Add field resource_group to archiveconfig - Add field src_instance to archiveconfig - Create model AliyunRdsConfig - Create model Users - Create model TwoFactorAuthConfig - Create model QueryPrivileges - Create model InstanceDatabase - Create model InstanceAccount (venv4archery) [root@7ce2c1570022 archery]# python3 manage.py migrate 2023-12-30 19:05:09,615 - environ.environ - INFO - /opt/archery/.env not found - if you're not configuring your environment separately, check this. Operations to perform: Apply all migrations: admin, auth, contenttypes, django_q, sessions, sql Running migrations: Applying contenttypes.0001_initial... OK Applying contenttypes.0002_remove_content_type_name... OK Applying auth.0001_initial... OK Applying auth.0002_alter_permission_name_max_length... OK Applying auth.0003_alter_user_email_max_length... OK Applying auth.0004_alter_user_username_opts... OK Applying auth.0005_alter_user_last_login_null... OK Applying auth.0006_require_contenttypes_0002... OK Applying auth.0007_alter_validators_add_error_messages... OK Applying auth.0008_alter_user_username_max_length... OK Applying auth.0009_alter_user_last_name_max_length... OK Applying auth.0010_alter_group_name_max_length... OK Applying auth.0011_update_proxy_permissions... OK Applying auth.0012_alter_user_first_name_max_length... OK Applying sql.0001_initial... OK Applying admin.0001_initial... OK Applying admin.0002_logentry_remove_auto_add... OK Applying admin.0003_logentry_add_action_flag_choices... OK Applying django_q.0001_initial... OK Applying django_q.0002_auto_20150630_1624... OK Applying django_q.0003_auto_20150708_1326... OK Applying django_q.0004_auto_20150710_1043... OK Applying django_q.0005_auto_20150718_1506... OK Applying django_q.0006_auto_20150805_1817... OK Applying django_q.0007_ormq... OK Applying django_q.0008_auto_20160224_1026... OK Applying django_q.0009_auto_20171009_0915... OK Applying django_q.0010_auto_20200610_0856... OK Applying django_q.0011_auto_20200628_1055... OK Applying django_q.0012_auto_20200702_1608... OK Applying django_q.0013_task_attempt_count... OK Applying django_q.0014_schedule_cluster... OK Applying sessions.0001_initial... OK (venv4archery) [root@7ce2c1570022 archery]#
#数据初始化
(venv4archery) [root@7ce2c1570022 archery]# ls admin.sh CODE_OF_CONDUCT.md CONTRIBUTING.md docs keys local_settings.py manage.py media README.md sql src static supervisord.pid archery common debug.sh downloads LICENSE logs masking.sh __pycache__ requirements.txt sql_api startup.sh supervisord.conf (venv4archery) [root@7ce2c1570022 archery]# ls sql admin.py binlog.py engines __init__.py instance.py models.py __pycache__ resource_group.py sql_optimize.py static tests.py utils archiver.py data_dictionary.py fixtures instance_account.py locale notify.py query_privileges.py slowlog.py sql_tuning.py templates urls.py views.py audit_log.py db_diagnostic.py form.py instance_database.py migrations plugins query.py sql_analyze.py sql_workflow.py templatetags user.py (venv4archery) [root@7ce2c1570022 archery]# ls sql/fixtures/ auth_group.sql (venv4archery) [root@7ce2c1570022 archery]# ls src/ charts docker docker-compose init_sql plugins script (venv4archery) [root@7ce2c1570022 archery]# ls src/init_sql/ del_permissions.sql v1.0_init.sql v1.2.0_v1.3.0.sql v1.4.2_v1.4.3.sql v1.5.3_v1.6.0.sql v1.6.5_v1.6.6.sql v1.7.10_v1.7.11.sql v1.7.4_v1.7.5.sql v1.8.4.sql goinception_param_template.sql v1.0_v1.1.0.sql v1.3.0_v1.3.2.sql v1.4.3_v1.4.5.sql v1.6.0_v1.6.1.sql v1.6.6_v1.6.7.sql v1.7.11_v1.7.12.sql v1.7.6_v1.7.7.sql v1.9.0.sql mysql_slow_query_review.sql v1.10.0.sql v1.3.6_v1.3.7.sql v1.4.5_v1.5.0.sql v1.6.1_v1.6.2.sql v1.6.7_v1.7.0.sql v1.7.1_v1.7.2.sql v1.7.7_v1.7.8.sql rds_param_template.sql v1.1.0_v1.2.0.sql v1.3.8_v1.4.0.sql v1.5.3_comment.sql v1.6.2_v1.6.3.sql v1.7.0_v1.7.1.sql v1.7.2_v1.7.3.sql v1.8.3.sql (venv4archery) [root@7ce2c1570022 archery]# ls src/init_sql/mysql_slow_query_review.sql src/init_sql/mysql_slow_query_review.sql (venv4archery) [root@7ce2c1570022 archery]# (venv4archery) [root@7ce2c1570022 archery]# (venv4archery) [root@7ce2c1570022 archery]# python3 manage.py dbshell<sql/fixtures/auth_group.sql 2023-12-30 19:07:55,192 - environ.environ - INFO - /opt/archery/.env not found - if you're not configuring your environment separately, check this. (venv4archery) [root@7ce2c1570022 archery]# python3 manage.py dbshell<src/init_sql/mysql_slow_query_review.sql 2023-12-30 19:08:15,485 - environ.environ - INFO - /opt/archery/.env not found - if you're not configuring your environment separately, check this. (venv4archery) [root@7ce2c1570022 archery]#
#创建管理用户
(venv4archery) [root@7ce2c1570022 archery]# python3 manage.py createsuperuser 2023-12-30 19:25:52,474 - environ.environ - INFO - /opt/archery/.env not found - if you're not configuring your environment separately, check this. 用户名: machangwei 电子邮件地址: 89xxx15@qq.com Password: 123456 Password (again): 密码长度太短。密码必须包含至少 9 个字符。 这个密码太常见了。 密码只包含数字。 Bypass password validation and create user anyway? [y/N]: y Superuser created successfully. (venv4archery) [root@7ce2c1570022 archery]#
#重启服务
Bypass password validation and create user anyway? [y/N]: y Superuser created successfully. (venv4archery) [root@7ce2c1570022 archery]# exit exit [root@mcw01 docker-compose]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 7ce2c1570022 hhyo/archery:v1.10.0 "bash /opt/archery/s…" 9 hours ago Up 39 minutes 0.0.0.0:9123->9123/tcp, :::9123->9123/tcp archery e47d0665abdc redis:5 "docker-entrypoint.s…" 9 hours ago Up 9 hours (healthy) 6379/tcp redis 11b701c9a8d8 hanchuanchuan/goinception "/usr/local/bin/dumb…" 9 hours ago Up 9 hours 0.0.0.0:4000->4000/tcp, :::4000->4000/tcp goinception 22e12659e764 mysql:5.7 "docker-entrypoint.s…" 9 hours ago Up 39 minutes (healthy) 0.0.0.0:3306->3306/tcp, :::3306->3306/tcp, 33060/tcp mysql [root@mcw01 docker-compose]# [root@mcw01 docker-compose]# [root@mcw01 docker-compose]# docker restart archery archery [root@mcw01 docker-compose]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 7ce2c1570022 hhyo/archery:v1.10.0 "bash /opt/archery/s…" 9 hours ago Up 10 seconds 0.0.0.0:9123->9123/tcp, :::9123->9123/tcp archery e47d0665abdc redis:5 "docker-entrypoint.s…" 9 hours ago Up 9 hours (healthy) 6379/tcp redis 11b701c9a8d8 hanchuanchuan/goinception "/usr/local/bin/dumb…" 9 hours ago Up 9 hours 0.0.0.0:4000->4000/tcp, :::4000->4000/tcp goinception 22e12659e764 mysql:5.7 "docker-entrypoint.s…" 9 hours ago Up 40 minutes (healthy) 0.0.0.0:3306->3306/tcp, :::3306->3306/tcp, 33060/tcp mysql [root@mcw01 docker-compose]#
#日志查看和问题排查
[root@mcw01 docker-compose]# docker logs archery -f --tail=10 [2023-12-30 19:32:24 +0800] [17] [INFO] Listening at: http://127.0.0.1:8888 (17) [2023-12-30 19:32:24 +0800] [17] [INFO] Using worker: sync [2023-12-30 19:32:24 +0800] [18] [INFO] Booting worker with pid: 18 [2023-12-30 19:32:24 +0800] [19] [INFO] Booting worker with pid: 19 [2023-12-30 19:32:24 +0800] [20] [INFO] Booting worker with pid: 20 [2023-12-30 19:32:24 +0800] [21] [INFO] Booting worker with pid: 21 2023-12-30 19:32:26,203 - environ.environ - INFO - /opt/archery/.env not found - if you're not configuring your environment separately, check this. 2023-12-30 19:32:26,587 - environ.environ - INFO - /opt/archery/.env not found - if you're not configuring your environment separately, check this. 2023-12-30 19:32:26,654 - environ.environ - INFO - /opt/archery/.env not found - if you're not configuring your environment separately, check this. 2023-12-30 19:32:26,798 - environ.environ - INFO - /opt/archery/.env not found - if you're not configuring your environment separately, check this.
[root@mcw01 docker-compose]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 7ce2c1570022 hhyo/archery:v1.10.0 "bash /opt/archery/s…" 10 hours ago Up 4 minutes 0.0.0.0:9123->9123/tcp, :::9123->9123/tcp archery e47d0665abdc redis:5 "docker-entrypoint.s…" 10 hours ago Up 10 hours (healthy) 6379/tcp redis 11b701c9a8d8 hanchuanchuan/goinception "/usr/local/bin/dumb…" 10 hours ago Up 10 hours 0.0.0.0:4000->4000/tcp, :::4000->4000/tcp goinception 22e12659e764 mysql:5.7 "docker-entrypoint.s…" 10 hours ago Up 44 minutes (healthy) 0.0.0.0:3306->3306/tcp, :::3306->3306/tcp, 33060/tcp mysql [root@mcw01 docker-compose]# [root@mcw01 docker-compose]# docker exec -ti archery /bin/bash [root@7ce2c1570022 archery]# ls admin.sh CODE_OF_CONDUCT.md CONTRIBUTING.md docs keys local_settings.py manage.py media README.md sql src static supervisord.pid archery common debug.sh downloads LICENSE logs masking.sh __pycache__ requirements.txt sql_api startup.sh supervisord.conf [root@7ce2c1570022 archery]# ls logs/ archery.log qcluster.log supervisord.log [root@7ce2c1570022 archery]# cast logs/archery.log bash: cast: command not found [root@7ce2c1570022 archery]# cat logs/archery.log [root@7ce2c1570022 archery]#
访问
[root@7ce2c1570022 archery]# ss -lntup|grep 9123 tcp LISTEN 0 128 *:9123 *:* users:(("nginx",pid=12,fd=7)) [root@7ce2c1570022 archery]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 18: eth0@if19: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether 02:42:ac:12:00:05 brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet 172.18.0.5/16 brd 172.18.255.255 scope global eth0 valid_lft forever preferred_lft forever [root@7ce2c1570022 archery]# exit exit [root@mcw01 docker-compose]# ss -lntup|grep 9123 tcp LISTEN 0 16384 *:9123 *:* users:(("docker-proxy",pid=119730,fd=4)) tcp LISTEN 0 16384 :::9123 :::* users:(("docker-proxy",pid=119734,fd=4)) [root@mcw01 docker-compose]# hostname -I 10.0.0.11 172.17.0.1 172.18.0.1 [root@mcw01 docker-compose]#
http://10.0.0.11:9123/
成功登录
浙公网安备 33010602011771号