ben/mgmt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Clean up repository: remove backup files and reorganize infrastructure components

Browse Source
This commit is contained in:
Houzhong Xu
2025-10-02 17:04:51 +00:00
parent e5aa00d6f9
commit 1c994f9f60
133 changed files with 1835 additions and 11296 deletions
Download Patch File Download Diff File Expand all files Collapse all files

104
ansible/consul-client-deployment.yml Normal file
View File

@@ -0,0 +1,104 @@
---
# Ansible Playbook: 部署 Consul Client 到所有 Nomad 节点
- name: Deploy Consul Client to Nomad nodes
hosts: nomad_clients:nomad_servers
become: yes
vars:
consul_version: "1.21.5"
consul_datacenter: "dc1"
consul_servers:
- "100.117.106.136:8300" # master (韩国)
- "100.122.197.112:8300" # warden (北京)
- "100.116.80.94:8300" # ash3c (美国)
tasks:
- name: Update APT cache
apt:
update_cache: yes
- name: Install consul via APT (假设源已存在)
apt:
name: consul={{ consul_version }}-*
state: present
update_cache: yes
register: consul_installed
- name: Create consul user (if not exists)
user:
name: consul
system: yes
shell: /bin/false
home: /opt/consul
create_home: yes
- name: Create consul directories
file:
path: "{{ item }}"
state: directory
owner: consul
group: consul
mode: '0755'
loop:
- /opt/consul
- /opt/consul/data
- /etc/consul.d
- /var/log/consul
- name: Get node Tailscale IP
shell: ip addr show tailscale0 | grep 'inet ' | awk '{print $2}' | cut -d'/' -f1
register: tailscale_ip
failed_when: tailscale_ip.stdout == ""
- name: Create consul client configuration
template:
src: templates/consul-client.hcl.j2
dest: /etc/consul.d/consul.hcl
owner: consul
group: consul
mode: '0644'
notify: restart consul
- name: Create consul systemd service
template:
src: templates/consul.service.j2
dest: /etc/systemd/system/consul.service
owner: root
group: root
mode: '0644'
notify: reload systemd
- name: Enable and start consul service
systemd:
name: consul
enabled: yes
state: started
notify: restart consul
- name: Wait for consul to be ready
uri:
url: "http://{{ tailscale_ip.stdout }}:8500/v1/status/leader"
status_code: 200
timeout: 5
register: consul_leader_status
until: consul_leader_status.status == 200
retries: 30
delay: 5
- name: Verify consul cluster membership
shell: consul members -status=alive -format=json | jq -r '.[].Name'
register: consul_members
changed_when: false
- name: Display cluster status
debug:
msg: "Node {{ inventory_hostname.split('.')[0] }} joined cluster with {{ consul_members.stdout_lines | length }} members"
handlers:
- name: reload systemd
systemd:
daemon_reload: yes
- name: restart consul
systemd:
name: consul
state: restarted

59
ansible/inventory/hosts.yml Normal file
View File

@@ -0,0 +1,59 @@
---
# Ansible Inventory for Consul Client Deployment
all:
children:
consul_servers:
hosts:
master.tailnet-68f9.ts.net:
ansible_host: 100.117.106.136
region: korea
warden.tailnet-68f9.ts.net:
ansible_host: 100.122.197.112
region: beijing
ash3c.tailnet-68f9.ts.net:
ansible_host: 100.116.80.94
region: usa
nomad_servers:
hosts:
# Nomad Server 节点也需要 Consul Client
semaphore.tailnet-68f9.ts.net:
ansible_host: 100.116.158.95
region: korea
ch3.tailnet-68f9.ts.net:
ansible_host: 100.86.141.112
region: switzerland
ash1d.tailnet-68f9.ts.net:
ansible_host: 100.81.26.3
region: usa
ash2e.tailnet-68f9.ts.net:
ansible_host: 100.103.147.94
region: usa
ch2.tailnet-68f9.ts.net:
ansible_host: 100.90.159.68
region: switzerland
de.tailnet-68f9.ts.net:
ansible_host: 100.120.225.29
region: germany
onecloud1.tailnet-68f9.ts.net:
ansible_host: 100.98.209.50
region: unknown
nomad_clients:
hosts:
# 需要部署 Consul Client 的节点
influxdb1.tailnet-68f9.ts.net:
ansible_host: "{{ influxdb1_ip }}" # 需要填入实际IP
region: beijing
browser.tailnet-68f9.ts.net:
ansible_host: "{{ browser_ip }}" # 需要填入实际IP
region: beijing
# hcp1 已经有 Consul Client可选择重新配置
# hcp1.tailnet-68f9.ts.net:
# ansible_host: 100.97.62.111
# region: beijing
vars:
ansible_user: root
ansible_ssh_private_key_file: ~/.ssh/id_rsa
consul_datacenter: dc1

61
ansible/templates/consul-client.hcl.j2 Normal file
View File

@@ -0,0 +1,61 @@
# Consul Client Configuration for {{ inventory_hostname }}
datacenter = "{{ consul_datacenter }}"
data_dir = "/opt/consul/data"
log_level = "INFO"
node_name = "{{ inventory_hostname.split('.')[0] }}"
bind_addr = "{{ tailscale_ip.stdout }}"
# Client mode (not server)
server = false
# Connect to Consul servers (指向三节点集群)
retry_join = [
"100.117.106.136", # master (韩国)
"100.122.197.112", # warden (北京)
"100.116.80.94" # ash3c (美国)
]
# Performance optimization
performance {
raft_multiplier = 5
}
# Ports configuration
ports {
grpc = 8502
http = 8500
dns = 8600
}
# Enable Connect for service mesh
connect {
enabled = true
}
# Cache configuration for performance
cache {
entry_fetch_max_burst = 42
entry_fetch_rate = 30
}
# Node metadata
node_meta = {
region = "{{ region | default('unknown') }}"
zone = "nomad-server"
}
# UI disabled for clients
ui_config {
enabled = false
}
# ACL configuration (if needed)
acl = {
enabled = false
default_policy = "allow"
}
# Logging
log_file = "/var/log/consul/consul.log"
log_rotate_duration = "24h"
log_rotate_max_files = 7

26
ansible/templates/consul.service.j2 Normal file
View File

@@ -0,0 +1,26 @@
[Unit]
Description=Consul Client
Documentation=https://www.consul.io/
Requires=network-online.target
After=network-online.target
ConditionFileNotEmpty=/etc/consul.d/consul.hcl
[Service]
Type=notify
User=consul
Group=consul
ExecStart=/usr/bin/consul agent -config-dir=/etc/consul.d
ExecReload=/bin/kill -HUP $MAINPID
KillMode=process
Restart=on-failure
LimitNOFILE=65536
# Security settings
NoNewPrivileges=yes
PrivateTmp=yes
ProtectHome=yes
ProtectSystem=strict
ReadWritePaths=/opt/consul /var/log/consul
[Install]
WantedBy=multi-user.target