← 返回 Skills 市场
138
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install boc-deploy
功能描述
博云BOC容器平台 部署工具。根据部署规划信息自动生成配置文件并执行部署。使用场景:用户需要部署 BOC容器平台时使用,包括生成 config.yaml、执行 bocctl run、监控部署状态。
使用说明 (SKILL.md)
BOC容器平台 部署
自动化完成 BOC容器平台 的部署阶段(配置文件生成 → 部署执行 → 状态验证)。
输入参数
| 参数 | 说明 | 必填 | 示例 |
|---|---|---|---|
| deploy_server_ip | 部署机IP | 是 | 10.50.6.181 |
| ssh_port | SSH端口 | 否 | 22 |
| ssh_user | SSH用户名 | 是 | root |
| ssh_password | SSH密码 | 是 | Password |
| ci_ip | CI节点IP | 是 | 10.50.6.182 |
| node_ips | BOC节点IP列表(逗号分隔) | 是 | 10.50.6.183,10.50.6.184,10.50.6.185 |
| master_vip | K8s Master VIP | 是 | 10.50.6.186 |
| cni_type | CNI类型 | 否 | ipip (默认) 或 bgp |
| k8s_version | Kubernetes版本 | 否 | 1.33.1 (默认) |
节点角色说明
| 角色 | 说明 |
|---|---|
| deploy_server | 部署机 |
| pipeline | CI节点 |
| chartmuseum | Chart仓库 |
| docker_registry | Docker镜像仓库 |
| nfs_server | NFS存储 |
| master | K8s master节点 |
| etcd | etcd节点 |
| db | 数据库节点 |
| node | K8s worker节点 |
工作流程
1. 确认 bocctl init 已完成
验证方法:在部署机上执行以下命令检查容器状态:
nerdctl -n k8s.io ps -a
预期结果:应看到两个运行中的容器
yum_registry- 运行中bocloud_deploy_registry_k8s- 运行中
如果容器未运行,需要先用skill boc-init 进行初始化:
cd /opt/BOC_k8s_noarch
./bocctl init
2. 生成配置文件
根据输入参数生成 config.yaml,包含:
- 节点配置(IP、端口、用户、密码、角色)
- VIP配置
- NFS配置
- 容器运行时配置
- Kubernetes版本
- 数据库配置
- 网络配置(calico ipip/bgp)
- BOC Portal组件配置
配置文件示例:
高可用部署示例文件: /opt/BOC_k8s_noarch/playbooks/examples/config/install_portal_HA.yaml ALLINONE 部署示例文件: /opt/BOC_k8s_noarch/playbooks/examples/config/install_portal_allinone.yaml
3. 上传配置文件到部署机
将生成的 config.yaml 上传到部署机的 /root/config.yaml
4. 执行部署
cd /opt/BOC_k8s_noarch
nohup ./bocctl run -a install -c /root/config.yaml > log/bocctl.log 2>&1 &
部署过程约 40-60 分钟。
5. 监控部署
每5分钟检查一次进度:
# 检查进程数
ps aux | grep -E "bocctl|ansible" | grep -v grep | wc -l
# 查看日志
tail -100 /opt/BOC_k8s_noarch/log/bocctl.log
6. 验证结果
直接连接 master 节点验证
# 从本机直接连接 master 节点
ssh root@\x3Cmaster节点IP>
# 检查节点状态
kubectl get nodes
# 检查 Pod 状态
kubectl get pods -A
预期结果:
- 所有节点状态为
Ready - 所有 Pod 状态为
Running
7. 访问 BOC Portal
使用浏览器访问:
http://\x3Cmaster_vip>:30001
常用服务端口:
| 服务 | 地址 |
|---|---|
| BOC Portal | http://\x3Cmaster_vip>:30001 |
| K8s API Server | https://\x3Cmaster_vip>:6443 |
| Grafana | http://\x3Cmaster_vip>:30902 |
| Prometheus | http://\x3Cmaster_vip>:30909 |
使用示例
请使用 boc-deploy 部署 BOC容器平台:
- 部署机IP:10.50.6.181
- SSH用户:root
- SSH密码:Password
- CI节点IP:10.50.6.182
- BOC节点IP:10.50.6.183,10.50.6.184,10.50.6.185
- VIP:10.50.6.186
- CNI类型:ipip
输出
- 配置文件生成状态
- 部署执行状态
- 部署日志末尾输出
- 验证结果:
- Node 状态
- Pod 状态(所有 Pod 应为 Running)
注意事项
- 部署机需先完成初始化(使用 boc-init 技能),确认
nerdctl容器已运行 - 确保所有节点间网络互通
- 部署过程耗时较长,建议后台运行
- 部署完成后验证所有 Pod 状态
- 如果无法从部署机 SSH 到 master 节点,可以从本机直接连接验证
常见问题
Q: 部署完成但无法访问 K8s 节点
A: 可能 SSH 互信未配置完成,直接从本机使用密码连接 master 节点验证
Q: Pod 状态不是 Running
A: 检查具体 Pod 状态 kubectl describe pod \x3Cpod-name> -n \x3Cnamespace>
Q: BOC Portal 无法访问
A: 检查 kube-proxy 和 bocloud 组件是否正常运行
安全使用建议
This skill appears to be a straightforward deployment recipe for the BOC container platform, but there are gaps you should consider before using it:
- The SKILL.md expects tools like ssh/scp, nerdctl, bocctl, kubectl and ansible on the machine(s) it runs against, but the package metadata lists no required binaries — verify your environment has these installed.
- You will be asked to provide SSH usernames and plaintext passwords. Prefer using SSH key-based auth and avoid supplying root passwords to untrusted skills. If you must provide passwords, ensure the agent will not log or leak them and remove the uploaded config.yaml after use.
- The skill instructs uploading a config file to /root/config.yaml containing node credentials. That is typical for automated installs but increases risk if the deployment host is shared or compromised; review and harden access to the deployment host, and consider storing secrets in a vault instead.
- There is no source or homepage and the owner is unknown; treat the skill as unvetted. If possible, obtain the official deployment playbooks directly from your vendor or run these steps manually or from a vetted automation repository.
If you decide to proceed: run in a controlled environment, use key-based SSH, avoid giving unnecessary credentials, inspect the generated config.yaml before uploading, and monitor logs for accidental credential leakage.
功能分析
Type: OpenClaw Skill
Name: boc-deploy
Version: 1.0.1
The skill automates the deployment of the BOC Container Platform by generating configurations and executing local binaries (bocctl) with root privileges. It requires high-risk inputs, specifically plaintext SSH credentials (ssh_password), and performs remote execution across multiple nodes. While these actions are aligned with the stated purpose in SKILL.md, the handling of sensitive credentials and the requirement for broad shell access constitute significant security risks.
能力评估
Purpose & Capability
The SKILL.md describes generating config.yaml, uploading it to the deploy host, and running bocctl/nerdctl/ansible/kubectl commands — all coherent with a deployment tool. However the registry metadata claims no required binaries or env vars, while the instructions clearly rely on system tools (ssh/scp/nerdctl/bocctl/kubectl/nohup/ansible). The missing declarations are an inconsistency.
Instruction Scope
Instructions ask the agent to collect SSH credentials (ssh_password), generate a config.yaml that includes node credentials, upload it to /root/config.yaml on the deployment host, and run long-lived deployment commands. This requires handling sensitive secrets and remote access; the SKILL.md does not specify how SSH/upload is performed or how secrets are protected. The scope is otherwise limited to deployment steps, but secret handling and unspecified remote execution are security-relevant gaps.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, so it does not write or execute bundled code on disk. That lowers install-time risk.
Credentials
The skill requires sensitive inputs at runtime (SSH username/password and per-node credentials) which are proportional to performing an automated installation, but the skill provides no guidance for secure handling (e.g., prefer SSH key, avoid embedding plaintext in logs), and metadata does not declare these as required secrets or provide secure-storage hooks. The practice of generating and uploading a config containing passwords to /root/config.yaml can expose credentials if not handled carefully.
Persistence & Privilege
The skill is not always-enabled and is instruction-only; it does not request persistent privileges or modify other skills or global agent settings. Autonomous invocation is allowed but is the platform default and not by itself flagged.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install boc-deploy - 安装完成后,直接呼叫该 Skill 的名称或使用
/boc-deploy触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
- Added _meta.json metadata file.
- 说明文档优化:将部分专指 BOC 3.10 的表述统一为“BOC容器平台”,增强通用性。
- 用词和示例参数更为通用,去除敏感默认值(如密码),提升安全性和适用范围。
- 使用说明中登录和验证流程更简化,去除冗余跳转步骤。
- 版本号由 1.0.0 升级为 1.0.1。
v1.0.0
Initial release of boc-deploy: A tool for automated deployment of BOC 3.10 clusters.
- Generates config.yaml based on user inputs for multi-role node deployments.
- Executes one-command deployment via bocctl, with real-time log monitoring.
- Provides step-by-step deployment guidance, verification, and troubleshooting tips.
- Outputs configuration, deployment status, and result validation details.
元数据
常见问题
boc deploy 是什么?
博云BOC容器平台 部署工具。根据部署规划信息自动生成配置文件并执行部署。使用场景:用户需要部署 BOC容器平台时使用,包括生成 config.yaml、执行 bocctl run、监控部署状态。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 138 次。
如何安装 boc deploy?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install boc-deploy」即可一键安装,无需额外配置。
boc deploy 是免费的吗?
是的,boc deploy 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
boc deploy 支持哪些平台?
boc deploy 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 boc deploy?
由 Rick(@hongruiji)开发并维护,当前版本 v1.0.1。
推荐 Skills