Description

博云BOC容器平台部署工具。根据部署规划信息自动生成配置文件并执行部署。使用场景：用户需要部署 BOC容器平台时使用，包括生成 config.yaml、执行 bocctl run、监控部署状态。

README (SKILL.md)

BOC容器平台部署

Name: boc deploy
Author: hongruiji

自动化完成 BOC容器平台的部署阶段（配置文件生成 → 部署执行 → 状态验证）。

输入参数

参数	说明	必填	示例
deploy_server_ip	部署机IP	是	10.50.6.181
ssh_port	SSH端口	否	22
ssh_user	SSH用户名	是	root
ssh_password	SSH密码	是	Password
ci_ip	CI节点IP	是	10.50.6.182
node_ips	BOC节点IP列表(逗号分隔)	是	10.50.6.183,10.50.6.184,10.50.6.185
master_vip	K8s Master VIP	是	10.50.6.186
cni_type	CNI类型	否	ipip (默认) 或 bgp
k8s_version	Kubernetes版本	否	1.33.1 (默认)

节点角色说明

角色	说明
deploy_server	部署机
pipeline	CI节点
chartmuseum	Chart仓库
docker_registry	Docker镜像仓库
nfs_server	NFS存储
master	K8s master节点
etcd	etcd节点
db	数据库节点
node	K8s worker节点

工作流程

1. 确认 bocctl init 已完成

验证方法：在部署机上执行以下命令检查容器状态：

nerdctl -n k8s.io ps -a

预期结果：应看到两个运行中的容器

yum_registry - 运行中
bocloud_deploy_registry_k8s - 运行中

如果容器未运行，需要先用skill boc-init 进行初始化：

cd /opt/BOC_k8s_noarch
./bocctl init

2. 生成配置文件

根据输入参数生成 config.yaml，包含：

节点配置（IP、端口、用户、密码、角色）
VIP配置
NFS配置
容器运行时配置
Kubernetes版本
数据库配置
网络配置（calico ipip/bgp）
BOC Portal组件配置

配置文件示例：

高可用部署示例文件： /opt/BOC_k8s_noarch/playbooks/examples/config/install_portal_HA.yaml ALLINONE 部署示例文件： /opt/BOC_k8s_noarch/playbooks/examples/config/install_portal_allinone.yaml

3. 上传配置文件到部署机

将生成的 config.yaml 上传到部署机的 /root/config.yaml

4. 执行部署

cd /opt/BOC_k8s_noarch
nohup ./bocctl run -a install -c /root/config.yaml > log/bocctl.log 2>&1 &

部署过程约 40-60 分钟。

5. 监控部署

每5分钟检查一次进度：

# 检查进程数
ps aux | grep -E "bocctl|ansible" | grep -v grep | wc -l

# 查看日志
tail -100 /opt/BOC_k8s_noarch/log/bocctl.log

6. 验证结果

直接连接 master 节点验证

# 从本机直接连接 master 节点
ssh root@\x3Cmaster节点IP>

# 检查节点状态
kubectl get nodes

# 检查 Pod 状态
kubectl get pods -A

预期结果：

所有节点状态为 Ready
所有 Pod 状态为 Running

7. 访问 BOC Portal

使用浏览器访问：

http://\x3Cmaster_vip>:30001

常用服务端口：

服务	地址
BOC Portal	http://\x3Cmaster_vip>:30001
K8s API Server	https://\x3Cmaster_vip>:6443
Grafana	http://\x3Cmaster_vip>:30902
Prometheus	http://\x3Cmaster_vip>:30909

使用示例

请使用 boc-deploy 部署 BOC容器平台：
- 部署机IP：10.50.6.181
- SSH用户：root
- SSH密码：Password
- CI节点IP：10.50.6.182
- BOC节点IP：10.50.6.183,10.50.6.184,10.50.6.185
- VIP：10.50.6.186
- CNI类型：ipip

输出

配置文件生成状态
部署执行状态
部署日志末尾输出
验证结果：
- Node 状态
- Pod 状态（所有 Pod 应为 Running）

注意事项

部署机需先完成初始化（使用 boc-init 技能），确认 nerdctl 容器已运行
确保所有节点间网络互通
部署过程耗时较长，建议后台运行
部署完成后验证所有 Pod 状态
如果无法从部署机 SSH 到 master 节点，可以从本机直接连接验证

常见问题

Q: 部署完成但无法访问 K8s 节点

A: 可能 SSH 互信未配置完成，直接从本机使用密码连接 master 节点验证

Q: Pod 状态不是 Running

A: 检查具体 Pod 状态 kubectl describe pod \x3Cpod-name> -n \x3Cnamespace>

Q: BOC Portal 无法访问

A: 检查 kube-proxy 和 bocloud 组件是否正常运行

Usage Guidance

This skill appears to be a straightforward deployment recipe for the BOC container platform, but there are gaps you should consider before using it: - The SKILL.md expects tools like ssh/scp, nerdctl, bocctl, kubectl and ansible on the machine(s) it runs against, but the package metadata lists no required binaries — verify your environment has these installed. - You will be asked to provide SSH usernames and plaintext passwords. Prefer using SSH key-based auth and avoid supplying root passwords to untrusted skills. If you must provide passwords, ensure the agent will not log or leak them and remove the uploaded config.yaml after use. - The skill instructs uploading a config file to /root/config.yaml containing node credentials. That is typical for automated installs but increases risk if the deployment host is shared or compromised; review and harden access to the deployment host, and consider storing secrets in a vault instead. - There is no source or homepage and the owner is unknown; treat the skill as unvetted. If possible, obtain the official deployment playbooks directly from your vendor or run these steps manually or from a vetted automation repository. If you decide to proceed: run in a controlled environment, use key-based SSH, avoid giving unnecessary credentials, inspect the generated config.yaml before uploading, and monitor logs for accidental credential leakage.

Capability Analysis

Type: OpenClaw Skill Name: boc-deploy Version: 1.0.1 The skill automates the deployment of the BOC Container Platform by generating configurations and executing local binaries (bocctl) with root privileges. It requires high-risk inputs, specifically plaintext SSH credentials (ssh_password), and performs remote execution across multiple nodes. While these actions are aligned with the stated purpose in SKILL.md, the handling of sensitive credentials and the requirement for broad shell access constitute significant security risks.

Capability Assessment

⚠ Purpose & Capability

The SKILL.md describes generating config.yaml, uploading it to the deploy host, and running bocctl/nerdctl/ansible/kubectl commands — all coherent with a deployment tool. However the registry metadata claims no required binaries or env vars, while the instructions clearly rely on system tools (ssh/scp/nerdctl/bocctl/kubectl/nohup/ansible). The missing declarations are an inconsistency.

⚠ Instruction Scope

Instructions ask the agent to collect SSH credentials (ssh_password), generate a config.yaml that includes node credentials, upload it to /root/config.yaml on the deployment host, and run long-lived deployment commands. This requires handling sensitive secrets and remote access; the SKILL.md does not specify how SSH/upload is performed or how secrets are protected. The scope is otherwise limited to deployment steps, but secret handling and unspecified remote execution are security-relevant gaps.

✓ Install Mechanism

This is an instruction-only skill with no install spec and no code files, so it does not write or execute bundled code on disk. That lowers install-time risk.

⚠ Credentials

The skill requires sensitive inputs at runtime (SSH username/password and per-node credentials) which are proportional to performing an automated installation, but the skill provides no guidance for secure handling (e.g., prefer SSH key, avoid embedding plaintext in logs), and metadata does not declare these as required secrets or provide secure-storage hooks. The practice of generating and uploading a config containing passwords to /root/config.yaml can expose credentials if not handled carefully.

✓ Persistence & Privilege

The skill is not always-enabled and is instruction-only; it does not request persistent privileges or modify other skills or global agent settings. Autonomous invocation is allowed but is the platform default and not by itself flagged.

Version History

v1.0.1

- Added _meta.json metadata file. - 说明文档优化：将部分专指 BOC 3.10 的表述统一为“BOC容器平台”，增强通用性。 - 用词和示例参数更为通用，去除敏感默认值（如密码），提升安全性和适用范围。 - 使用说明中登录和验证流程更简化，去除冗余跳转步骤。 - 版本号由 1.0.0 升级为 1.0.1。

v1.0.0

Initial release of boc-deploy: A tool for automated deployment of BOC 3.10 clusters. - Generates config.yaml based on user inputs for multi-role node deployments. - Executes one-command deployment via bocctl, with real-time log monitoring. - Provides step-by-step deployment guidance, verification, and troubleshooting tips. - Outputs configuration, deployment status, and result validation details.

Metadata

Slug boc-deploy

Version 1.0.1

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 2

Frequently Asked Questions

What is boc deploy?

博云BOC容器平台部署工具。根据部署规划信息自动生成配置文件并执行部署。使用场景：用户需要部署 BOC容器平台时使用，包括生成 config.yaml、执行 bocctl run、监控部署状态。 It is an AI Agent Skill for Claude Code / OpenClaw, with 138 downloads so far.

How do I install boc deploy?

Run "/install boc-deploy" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is boc deploy free?

Yes, boc deploy is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does boc deploy support?

boc deploy is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created boc deploy?

It is built and maintained by Rick (@hongruiji); the current version is v1.0.1.

More Skills

boc deploy

BOC容器平台 部署