1、orion-ops简介
Orion-ops是一款由国内开发者主导的一站式、轻量级、开源的自动化运维及自动化部署平台。
orion-ops 是基于 Java+Vue 开发、遵循 Apache-2.0 开源协议的一站式自动化运维与部署平台,以多环境管理为核心,集成机器管理、Web 终端、批量操作、监控报警、应用发布流水线等功能,支持 Docker 快速部署,适配各类企业轻量化运维治理场景。
2、核心功能
机器管理与监控:支持 SSH 机器接入、标签分组;提供 CPU / 内存 / 磁盘 / 网络等指标监控与告警,Agent 一键安装升级,保障机器状态可视可控。
Web 终端与文件管理:内置 Web SSH 终端,支持操作日志、录屏回放、管理员强制下线与实时监视;Web SFTP 支持批量上传下载、断点续传、打包传输,带实时速率与进度显示。
批量操作与调度:支持多机器并行执行命令、批量文件分发;基于 Cron 表达式的定时任务,可自动执行命令或文件操作,提升批量运维效率。
应用构建与发布:环境隔离机制确保开发 / 测试 / 生产配置独立;支持自定义 SSH 命令实现构建发布流程,适配任意项目类型;环境变量支持占位符自动替换,兼容 properties/json/yml/xml 等格式。
操作流水线与审计:可视化编排构建 - 测试 - 发布流程,全链路操作日志记录,便于追溯与合规审计。
官方部署地址: https://visor.orionsec.cn/quickstart/test-image.html
3、拉取orion-visor镜像
bash
docker pull registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-ui:latest
docker pull registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-service:latest
docker pull registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-mysql:latest
docker pull registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-redis:latest
docker pull registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-guacd:latest
docker pull registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-adminer:latest5、拉取代码
bash
cd /data
git clone https://github.com/lijiahangmax/orion-ops-pro或者自行编辑
bash
version: '3.3'
# latest = 2.5.6
# 支持以下源
# lijiahangmax/*
# ghcr.io/dromara/*
# registry.cn-hangzhou.aliyuncs.com/orionsec/*
services:
ui:
image: registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-ui:latest
ports:
- ${SERVICE_PORT:-1081}:80
environment:
NGINX_SERVICE_HOST: ${NGINX_SERVICE_HOST:-service}
NGINX_SERVICE_PORT: ${NGINX_SERVICE_PORT:-9200}
restart: unless-stopped
depends_on:
service:
condition: service_healthy
networks:
- orion-visor-net
service:
image: registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-service:latest
privileged: true
ports:
- "9200:9200"
environment:
SPRING_PROFILES_ACTIVE: ${SPRING_PROFILES_ACTIVE:-prod}
MYSQL_HOST: ${MYSQL_HOST:-mysql}
MYSQL_PORT: ${MYSQL_PORT:-3306}
MYSQL_DATABASE: ${MYSQL_DATABASE:-orion_visor}
MYSQL_USER: ${MYSQL_USER:-root}
MYSQL_PASSWORD: ${MYSQL_PASSWORD:-Data@123456}
REDIS_HOST: ${REDIS_HOST:-redis}
REDIS_PASSWORD: ${REDIS_PASSWORD:-Data@123456}
REDIS_DATABASE: ${REDIS_DATABASE:-0}
REDIS_DATA_VERSION: ${REDIS_DATA_VERSION:-1}
INFLUXDB_ENABLED: ${INFLUXDB_ENABLED:-true}
INFLUXDB_HOST: ${INFLUXDB_HOST:-influxdb}
INFLUXDB_PORT: ${INFLUXDB_PORT:-8086}
INFLUXDB_ORG: ${INFLUXDB_ORG:-orion-visor}
INFLUXDB_BUCKET: ${INFLUXDB_BUCKET:-metrics}
INFLUXDB_TOKEN: ${INFLUXDB_TOKEN:-Data@123456}
GUACD_HOST: ${GUACD_HOST:-guacd}
GUACD_PORT: ${GUACD_PORT:-4822}
GUACD_DRIVE_PATH: ${GUACD_DRIVE_PATH:-/drive}
SECRET_KEY: ${SECRET_KEY:-uQeacXV8b3isvKLK}
API_EXPOSE_TOKEN: ${API_EXPOSE_TOKEN:-pmqeHOyZaumHm0Wt}
API_IP_HEADERS: ${API_IP_HEADERS:-X-Forwarded-For,X-Real-IP}
API_HOST: ${API_HOST:-0.0.0.0}
API_CORS: ${API_CORS:-true}
DEMO_MODE: ${DEMO_MODE:-false}
volumes:
- ${VOLUME_BASE:-/data/orion-visor-space/docker-volumes}/service/root-orion:/root/orion
ulimits:
nofile:
soft: 65536
hard: 65536
restart: unless-stopped
healthcheck:
test: [ "CMD", "curl", "http://127.0.0.1:9200/orion-visor/api/server/bootstrap/health" ]
interval: 15s
timeout: 5s
retries: 15
start_period: 30s
depends_on:
mysql:
condition: service_healthy
redis:
condition: service_healthy
influxdb:
condition: service_healthy
networks:
- orion-visor-net
mysql:
image: registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-mysql:latest
privileged: true
ports:
- "3307:3306"
environment:
MYSQL_DATABASE: ${MYSQL_DATABASE:-orion_visor}
MYSQL_USER: ${MYSQL_USER:-orion}
MYSQL_PASSWORD: ${MYSQL_PASSWORD:-Data@123456}
MYSQL_ROOT_PASSWORD: ${MYSQL_ROOT_PASSWORD:-Data@123456}
volumes:
- ${VOLUME_BASE:-/data/orion-visor-space/docker-volumes}/mysql/var-lib-mysql:/var/lib/mysql
- ${VOLUME_BASE:-/data/orion-visor-space/docker-volumes}/mysql/var-lib-mysql-files:/var/lib/mysql-files
restart: unless-stopped
healthcheck:
test: [ "CMD", "bash", "-c", "cat < /dev/null > /dev/tcp/127.0.0.1/3306" ]
interval: 15s
timeout: 5s
retries: 10
start_period: 10s
networks:
- orion-visor-net
redis:
image: registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-redis:latest
privileged: true
ports:
- "6380:6379"
environment:
REDIS_PASSWORD: ${REDIS_PASSWORD:-Data@123456}
volumes:
- ${VOLUME_BASE:-/data/orion-visor-space/docker-volumes}/redis/data:/data
command: sh -c "redis-server /usr/local/redis.conf --requirepass $${REDIS_PASSWORD}"
restart: unless-stopped
healthcheck:
test: [ "CMD", "redis-cli", "--raw", "incr", "ping" ]
interval: 15s
timeout: 5s
retries: 10
start_period: 10s
networks:
- orion-visor-net
influxdb:
image: registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-influxdb:latest
privileged: true
ports:
- "8086:8086"
environment:
DOCKER_INFLUXDB_INIT_MODE: setup
DOCKER_INFLUXDB_INIT_USERNAME: ${INFLUXDB_ADMIN_USERNAME:-admin}
DOCKER_INFLUXDB_INIT_PASSWORD: ${INFLUXDB_ADMIN_PASSWORD:-Data@123456}
DOCKER_INFLUXDB_INIT_ADMIN_TOKEN: ${INFLUXDB_TOKEN:-Data@123456}
DOCKER_INFLUXDB_INIT_ORG: ${INFLUXDB_ORG:-orion-visor}
DOCKER_INFLUXDB_INIT_BUCKET: ${INFLUXDB_BUCKET:-metrics}
volumes:
- ${VOLUME_BASE:-/data/orion-visor-space/docker-volumes}/influxdb/data:/var/lib/influxdb2
- ${VOLUME_BASE:-/data/orion-visor-space/docker-volumes}/influxdb/config:/etc/influxdb2
restart: unless-stopped
healthcheck:
test: [ "CMD", "bash", "-c", "cat < /dev/null > /dev/tcp/127.0.0.1/8086" ]
interval: 15s
timeout: 5s
retries: 10
start_period: 10s
networks:
- orion-visor-net
guacd:
image: registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-guacd:latest
ports:
- "4822:4822"
environment:
GUACD_LOG_LEVEL: info
GUACD_LOG_FILE: /var/log/guacd.log
volumes:
- ${VOLUME_BASE:-/data/orion-visor-space/docker-volumes}/guacd/drive:${GUACD_DRIVE_PATH:-/drive}
- ${VOLUME_BASE:-/data/orion-visor-space/docker-volumes}/guacd/var-logs:/var/log
- ${VOLUME_BASE:-/data/orion-visor-space/docker-volumes}/guacd/local-guacamole-lib:/usr/local/guacamole/lib
- ${VOLUME_BASE:-/data/orion-visor-space/docker-volumes}/guacd/local-guacamole-extensions:/usr/local/guacamole/extensions
restart: unless-stopped
healthcheck:
test: [ "CMD", "nc", "-vz", "localhost", "4822" ]
interval: 15s
timeout: 5s
retries: 10
start_period: 10s
networks:
- orion-visor-net
adminer:
image: registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-adminer:latest
ports:
- "8081:8080"
environment:
ADMINER_DEFAULT_SERVER: ${MYSQL_HOST:-mysql}
depends_on:
mysql:
condition: service_healthy
networks:
- orion-visor-net
networks:
orion-visor-net:
driver: bridge6、启动orion-visor容器
bash
cd /data/orion-ops-pro/
docker-compose up -d
docker-compose ps
docker logs -f orion-ops-pro_ui_17、访问Orion-Ops服务
浏览器访问: http://172.16.17.201:1081
默认登录账号信息为: 账号:admin 密码:admin
🔗 演示地址: https://dv.orionsec.cn/
🔏 演示账号: admin/admin
Orion-ops是一个功能集成度很高的一体化运维平台。与Jenkins这类专注于CI/CD流水线的工具,或Prometheus这类专注监控的系统不同,它的优势在于将主机管理、文件操作、监控、任务调度和基础的应用发布功能整合在一个统一的Web界面中,适合希望用一套系统解决常见运维操作的中小团队。