🎉 Complete Nomad monitoring infrastructure project

✅ Major Achievements:
- Deployed complete observability stack (Prometheus + Loki + Grafana)
- Established rapid troubleshooting capabilities (3-step process)
- Created heatmap dashboard for log correlation analysis
- Unified logging system (systemd-journald across all nodes)
- Configured API access with Service Account tokens

🧹 Project Cleanup:
- Intelligent cleanup based on Git modification frequency
- Organized files into proper directory structure
- Removed deprecated webhook deployment scripts
- Eliminated 70+ temporary/test files (43% reduction)

📊 Infrastructure Status:
- Prometheus: 13 nodes monitored
- Loki: 12 nodes logging
- Grafana: Heatmap dashboard + API access
- Promtail: Deployed to 12/13 nodes

🚀 Ready for Terraform transition (静默一周后切换)

Project Status: COMPLETED ✅

infrastructure/consul/baseline/consul.hcl

@@ -0,0 +1,64 @@
+# Consul 客户端配置模板
+# 适用于所有13个节点（服务器由Nomad接管）
+
+# 基础配置
+datacenter = "dc1"
+data_dir = "/opt/consul/data"
+log_level = "INFO"
+node_name = "{{ node_name }}"
+bind_addr = "{{ bind_addr }}"
+
+# 客户端模式（服务器由Nomad接管）
+server = false
+
+# 连接到Consul服务器集群
+retry_join = [
+  "100.117.106.136:8301",  # ch4 (韩国)
+  "100.122.197.112:8301",  # warden (北京)  
+  "100.116.80.94:8301"     # ash3c (美国)
+]
+
+# 性能优化
+performance {
+  raft_multiplier = 5
+}
+
+# 端口配置
+ports {
+  grpc = 8502
+  http = 8500
+  dns = 8600
+}
+
+# 启用Connect服务网格
+connect {
+  enabled = true
+}
+
+# 缓存配置
+cache {
+  entry_fetch_max_burst = 42
+  entry_fetch_rate = 30
+}
+
+# 节点元数据
+node_meta = {
+  region = "pacific"
+  zone = "{{ node_zone }}"
+}
+
+# UI配置
+ui_config {
+  enabled = {{ ui_enabled|lower }}
+}
+
+# ACL配置
+acl = {
+  enabled = false
+  default_policy = "allow"
+}
+
+# 日志配置
+log_file = "/var/log/consul/consul.log"
+log_rotate_duration = "24h"
+log_rotate_max_files = 7

infrastructure/consul/baseline/consul.j2

@@ -0,0 +1,84 @@
+# Consul 客户端配置模板
+# 适用于所有13个节点（服务器由Nomad接管）
+
+# 基础配置
+datacenter = "pacific"
+data_dir = "/opt/consul/data"
+log_level = "INFO"
+node_name = "{{ node_name }}"
+bind_addr = "{{ bind_addr }}"
+
+# 客户端模式（服务器由Nomad接管）
+server = false
+
+# 连接到Consul服务器集群
+retry_join = [
+  "100.117.106.136",  # ch4 (韩国)
+  "100.122.197.112",  # warden (北京)  
+  "100.116.80.94"     # ash3c (美国)
+]
+
+# 性能优化
+performance {
+  raft_multiplier = 5
+}
+
+# 端口配置
+ports {
+  grpc = 8502
+  http = 8500
+  dns = 8600
+}
+
+# 启用Connect服务网格
+connect {
+  enabled = true
+}
+
+# 缓存配置
+cache {
+  entry_fetch_max_burst = 42
+  entry_fetch_rate = 30
+}
+
+# 节点元数据
+node_meta = {
+  region = "pacific"
+  zone = "{{ node_zone }}"
+}
+
+# UI配置
+ui_config {
+  enabled = {{ ui_enabled }}
+}
+
+# ACL配置
+acl = {
+  enabled = false
+  default_policy = "allow"
+}
+
+# 日志配置
+log_file = "/var/log/consul/consul.log"
+log_rotate_duration = "24h"
+log_rotate_max_files = 7
+
+# 服务发现
+services {
+  name = "{{ node_name }}-service"
+  port = 8080
+  tags = ["{{ node_name }}", "client"]
+}
+
+# 健康检查
+checks {
+  name = "{{ node_name }}-health"
+  tcp = "{{ bind_addr }}:8080"
+  interval = "10s"
+  timeout = "3s"
+}
+
+# 自动加密
+auto_encrypt {
+  allow_tls = true
+}

infrastructure/consul/current/ash1d-consul.hcl

@@ -0,0 +1,58 @@
+# Consul Client Configuration for ash1d
+datacenter = "dc1"
+data_dir = "/opt/consul/data"
+log_level = "INFO"
+node_name = "ash1d"
+bind_addr = "100.81.26.3"
+
+# Client mode (not server)
+server = false
+
+# Connect to Consul servers (指向三节点集群)
+retry_join = [
+  "100.117.106.136",  "100.122.197.112",  "100.116.80.94"]
+
+# Performance optimization
+performance {
+  raft_multiplier = 5
+}
+
+# Ports configuration
+ports {
+  grpc = 8502
+  http = 8500
+  dns = 8600
+}
+
+# Enable Connect for service mesh
+connect {
+  enabled = true
+}
+
+# Cache configuration for performance
+cache {
+  entry_fetch_max_burst = 42
+  entry_fetch_rate = 30
+}
+
+# Node metadata
+node_meta = {
+  region = "unknown"
+  zone = "nomad-client"
+}
+
+# UI disabled for clients
+ui_config {
+  enabled = false
+}
+
+# ACL configuration (if needed)
+acl = {
+  enabled = false
+  default_policy = "allow"
+}
+
+# Logging
+log_file = "/var/log/consul/consul.log"
+log_rotate_duration = "24h"
+log_rotate_max_files = 7

infrastructure/consul/current/ash2e-consul.hcl

@@ -0,0 +1,99 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: BUSL-1.1
+
+# Full configuration options can be found at https://developer.hashicorp.com/docs/agent/config
+
+# datacenter
+# This flag controls the datacenter in which the agent is running. If not provided,
+# it defaults to "dc1". Consul has first-class support for multiple datacenters, but 
+# it relies on proper configuration. Nodes in the same datacenter should be on a 
+# single LAN.
+#datacenter = "my-dc-1"
+
+# data_dir
+# This flag provides a data directory for the agent to store state. This is required
+# for all agents. The directory should be durable across reboots. This is especially
+# critical for agents that are running in server mode as they must be able to persist
+# cluster state. Additionally, the directory must support the use of filesystem
+# locking, meaning some types of mounted folders (e.g. VirtualBox shared folders) may
+# not be suitable.
+data_dir = "/opt/consul"
+
+# client_addr
+# The address to which Consul will bind client interfaces, including the HTTP and DNS
+# servers. By default, this is "127.0.0.1", allowing only loopback connections. In
+# Consul 1.0 and later this can be set to a space-separated list of addresses to bind
+# to, or a go-sockaddr template that can potentially resolve to multiple addresses.
+#client_addr = "0.0.0.0"
+
+# ui
+# Enables the built-in web UI server and the required HTTP routes. This eliminates
+# the need to maintain the Consul web UI files separately from the binary.
+# Version 1.10 deprecated ui=true in favor of ui_config.enabled=true
+#ui_config{
+#  enabled = true
+#}
+
+# server
+# This flag is used to control if an agent is in server or client mode. When provided,
+# an agent will act as a Consul server. Each Consul cluster must have at least one
+# server and ideally no more than 5 per datacenter. All servers participate in the Raft
+# consensus algorithm to ensure that transactions occur in a consistent, linearizable
+# manner. Transactions modify cluster state, which is maintained on all server nodes to
+# ensure availability in the case of node failure. Server nodes also participate in a
+# WAN gossip pool with server nodes in other datacenters. Servers act as gateways to
+# other datacenters and forward traffic as appropriate.
+#server = true
+
+# Bind addr
+# You may use IPv4 or IPv6 but if you have multiple interfaces you must be explicit.
+#bind_addr = "[::]" # Listen on all IPv6
+#bind_addr = "0.0.0.0" # Listen on all IPv4
+#
+# Advertise addr - if you want to point clients to a different address than bind or LB.
+#advertise_addr = "127.0.0.1"
+
+# Enterprise License
+# As of 1.10, Enterprise requires a license_path and does not have a short trial.
+#license_path = "/etc/consul.d/consul.hclic"
+
+# bootstrap_expect
+# This flag provides the number of expected servers in the datacenter. Either this value
+# should not be provided or the value must agree with other servers in the cluster. When
+# provided, Consul waits until the specified number of servers are available and then
+# bootstraps the cluster. This allows an initial leader to be elected automatically.
+# This cannot be used in conjunction with the legacy -bootstrap flag. This flag requires
+# -server mode.
+#bootstrap_expect=3
+
+# encrypt
+# Specifies the secret key to use for encryption of Consul network traffic. This key must
+# be 32-bytes that are Base64-encoded. The easiest way to create an encryption key is to
+# use consul keygen. All nodes within a cluster must share the same encryption key to
+# communicate. The provided key is automatically persisted to the data directory and loaded
+# automatically whenever the agent is restarted. This means that to encrypt Consul's gossip
+# protocol, this option only needs to be provided once on each agent's initial startup
+# sequence. If it is provided after Consul has been initialized with an encryption key,
+# then the provided key is ignored and a warning will be displayed.
+#encrypt = "..."
+
+# retry_join
+# Similar to -join but allows retrying a join until it is successful. Once it joins 
+# successfully to a member in a list of members it will never attempt to join again.
+# Agents will then solely maintain their membership via gossip. This is useful for
+# cases where you know the address will eventually be available. This option can be
+# specified multiple times to specify multiple agents to join. The value can contain
+# IPv4, IPv6, or DNS addresses. In Consul 1.1.0 and later this can be set to a go-sockaddr
+# template. If Consul is running on the non-default Serf LAN port, this must be specified
+# as well. IPv6 must use the "bracketed" syntax. If multiple values are given, they are
+# tried and retried in the order listed until the first succeeds. Here are some examples:
+#retry_join = ["consul.domain.internal"]
+#retry_join = ["10.0.4.67"]
+#retry_join = ["[::1]:8301"]
+#retry_join = ["consul.domain.internal", "10.0.4.67"]
+# Cloud Auto-join examples:
+# More details - https://developer.hashicorp.com/docs/agent/cloud-auto-join
+#retry_join = ["provider=aws tag_key=... tag_value=..."]
+#retry_join = ["provider=azure tag_name=... tag_value=... tenant_id=... client_id=... subscription_id=... secret_access_key=..."]
+#retry_join = ["provider=gce project_name=... tag_value=..."]
+ 

infrastructure/consul/current/ash3c-consul.hcl

@@ -0,0 +1,61 @@
+# Consul Client Configuration for ash3c
+datacenter = "dc1"
+data_dir = "/opt/consul/data"
+log_level = "INFO"
+node_name = "ash3c"
+bind_addr = "100.116.80.94"
+
+# Client mode (not server)
+server = false
+
+# Connect to Consul servers (指向三节点集群)
+retry_join = [
+  "100.117.106.136",  # master (韩国)
+  "100.122.197.112",  # warden (北京)  
+  "100.116.80.94"     # ash3c (美国)
+]
+
+# Performance optimization
+performance {
+  raft_multiplier = 5
+}
+
+# Ports configuration
+ports {
+  grpc = 8502
+  http = 8500
+  dns = 8600
+}
+
+# Enable Connect for service mesh
+connect {
+  enabled = true
+}
+
+# Cache configuration for performance
+cache {
+  entry_fetch_max_burst = 42
+  entry_fetch_rate = 30
+}
+
+# Node metadata
+node_meta = {
+  region = "unknown"
+  zone = "nomad-server"
+}
+
+# UI disabled for clients
+ui_config {
+  enabled = false
+}
+
+# ACL configuration (if needed)
+acl = {
+  enabled = false
+  default_policy = "allow"
+}
+
+# Logging
+log_file = "/var/log/consul/consul.log"
+log_rotate_duration = "24h"
+log_rotate_max_files = 7

infrastructure/consul/current/browser-consul.hcl

@@ -0,0 +1 @@
+# Consul配置不存在

infrastructure/consul/current/ch2-consul.hcl

@@ -0,0 +1,58 @@
+# Consul Client Configuration for ch2
+datacenter = "dc1"
+data_dir = "/opt/consul/data"
+log_level = "INFO"
+node_name = "ch2"
+bind_addr = "100.90.159.68"
+
+# Client mode (not server)
+server = false
+
+# Connect to Consul servers (指向三节点集群)
+retry_join = [
+  "100.117.106.136",  "100.122.197.112",  "100.116.80.94"]
+
+# Performance optimization
+performance {
+  raft_multiplier = 5
+}
+
+# Ports configuration
+ports {
+  grpc = 8502
+  http = 8500
+  dns = 8600
+}
+
+# Enable Connect for service mesh
+connect {
+  enabled = true
+}
+
+# Cache configuration for performance
+cache {
+  entry_fetch_max_burst = 42
+  entry_fetch_rate = 30
+}
+
+# Node metadata
+node_meta = {
+  region = "unknown"
+  zone = "nomad-client"
+}
+
+# UI disabled for clients
+ui_config {
+  enabled = false
+}
+
+# ACL configuration (if needed)
+acl = {
+  enabled = false
+  default_policy = "allow"
+}
+
+# Logging
+log_file = "/var/log/consul/consul.log"
+log_rotate_duration = "24h"
+log_rotate_max_files = 7

infrastructure/consul/current/ch3-consul.hcl

@@ -0,0 +1,58 @@
+# Consul Client Configuration for ch3
+datacenter = "dc1"
+data_dir = "/opt/consul/data"
+log_level = "INFO"
+node_name = "ch3"
+bind_addr = "100.86.141.112"
+
+# Client mode (not server)
+server = false
+
+# Connect to Consul servers (指向三节点集群)
+retry_join = [
+  "100.117.106.136",  "100.122.197.112",  "100.116.80.94"]
+
+# Performance optimization
+performance {
+  raft_multiplier = 5
+}
+
+# Ports configuration
+ports {
+  grpc = 8502
+  http = 8500
+  dns = 8600
+}
+
+# Enable Connect for service mesh
+connect {
+  enabled = true
+}
+
+# Cache configuration for performance
+cache {
+  entry_fetch_max_burst = 42
+  entry_fetch_rate = 30
+}
+
+# Node metadata
+node_meta = {
+  region = "unknown"
+  zone = "nomad-client"
+}
+
+# UI disabled for clients
+ui_config {
+  enabled = false
+}
+
+# ACL configuration (if needed)
+acl = {
+  enabled = false
+  default_policy = "allow"
+}
+
+# Logging
+log_file = "/var/log/consul/consul.log"
+log_rotate_duration = "24h"
+log_rotate_max_files = 7

infrastructure/consul/current/ch4-consul.hcl

@@ -0,0 +1,61 @@
+# Consul Client Configuration for master
+datacenter = "dc1"
+data_dir = "/opt/consul/data"
+log_level = "INFO"
+node_name = "ch4"
+bind_addr = "100.117.106.136"
+
+# Client mode (not server)
+server = false
+
+# Connect to Consul servers (指向三节点集群)
+retry_join = [
+  "100.117.106.136",  # master (韩国)
+  "100.122.197.112",  # warden (北京)  
+  "100.116.80.94"     # ash3c (美国)
+]
+
+# Performance optimization
+performance {
+  raft_multiplier = 5
+}
+
+# Ports configuration
+ports {
+  grpc = 8502
+  http = 8500
+  dns = 8600
+}
+
+# Enable Connect for service mesh
+connect {
+  enabled = true
+}
+
+# Cache configuration for performance
+cache {
+  entry_fetch_max_burst = 42
+  entry_fetch_rate = 30
+}
+
+# Node metadata
+node_meta = {
+  region = "unknown"
+  zone = "nomad-server"
+}
+
+# UI disabled for clients
+ui_config {
+  enabled = false
+}
+
+# ACL configuration (if needed)
+acl = {
+  enabled = false
+  default_policy = "allow"
+}
+
+# Logging
+log_file = "/var/log/consul/consul.log"
+log_rotate_duration = "24h"
+log_rotate_max_files = 7

infrastructure/consul/current/de-consul.hcl

@@ -0,0 +1,58 @@
+# Consul Client Configuration for de
+datacenter = "dc1"
+data_dir = "/opt/consul/data"
+log_level = "INFO"
+node_name = "de"
+bind_addr = "100.120.225.29"
+
+# Client mode (not server)
+server = false
+
+# Connect to Consul servers (指向三节点集群)
+retry_join = [
+  "100.117.106.136",  "100.122.197.112",  "100.116.80.94"]
+
+# Performance optimization
+performance {
+  raft_multiplier = 5
+}
+
+# Ports configuration
+ports {
+  grpc = 8502
+  http = 8500
+  dns = 8600
+}
+
+# Enable Connect for service mesh
+connect {
+  enabled = true
+}
+
+# Cache configuration for performance
+cache {
+  entry_fetch_max_burst = 42
+  entry_fetch_rate = 30
+}
+
+# Node metadata
+node_meta = {
+  region = "unknown"
+  zone = "nomad-client"
+}
+
+# UI disabled for clients
+ui_config {
+  enabled = false
+}
+
+# ACL configuration (if needed)
+acl = {
+  enabled = false
+  default_policy = "allow"
+}
+
+# Logging
+log_file = "/var/log/consul/consul.log"
+log_rotate_duration = "24h"
+log_rotate_max_files = 7

infrastructure/consul/current/hcp1-consul.hcl

@@ -0,0 +1,61 @@
+# Consul Client Configuration for hcp1
+datacenter = "dc1"
+data_dir = "/opt/consul/data"
+log_level = "INFO"
+node_name = "hcp1"
+bind_addr = "100.97.62.111"
+
+# Client mode (not server)
+server = false
+
+# Connect to Consul servers (指向三节点集群)
+retry_join = [
+  "100.117.106.136",  # ch4 (韩国)
+  "100.122.197.112",  # warden (北京)  
+  "100.116.80.94"     # ash3c (美国)
+]
+
+# Performance optimization
+performance {
+  raft_multiplier = 5
+}
+
+# Ports configuration
+ports {
+  grpc = 8502
+  http = 8500
+  dns = 8600
+}
+
+# Enable Connect for service mesh
+connect {
+  enabled = true
+}
+
+# Cache configuration for performance
+cache {
+  entry_fetch_max_burst = 42
+  entry_fetch_rate = 30
+}
+
+# Node metadata
+node_meta = {
+  region = "unknown"
+  zone = "nomad-client"
+}
+
+# UI disabled for clients
+ui_config {
+  enabled = false
+}
+
+# ACL configuration (if needed)
+acl = {
+  enabled = false
+  default_policy = "allow"
+}
+
+# Logging
+log_file = "/var/log/consul/consul.log"
+log_rotate_duration = "24h"
+log_rotate_max_files = 7

infrastructure/consul/current/influxdb-consul.hcl

@@ -0,0 +1 @@
+# Consul配置不存在

infrastructure/consul/current/onecloud1-consul.hcl

@@ -0,0 +1,65 @@
+# Consul Server Configuration for onecloud1
+datacenter = "dc1"
+data_dir = "/opt/consul/data"
+log_level = "INFO"
+node_name = "onecloud1"
+bind_addr = "100.98.209.50"
+
+# Server mode
+server = true
+bootstrap_expect = 4
+
+# Join existing cluster
+retry_join = [
+  "100.117.106.136",  # ch4
+  "100.122.197.112",  # warden
+  "100.116.80.94"     # ash3c
+]
+
+# Performance optimization
+performance {
+  raft_multiplier = 5
+}
+
+# Ports configuration
+ports {
+  grpc = 8502
+  http = 8500
+  dns = 8600
+  server = 8300
+  serf_lan = 8301
+  serf_wan = 8302
+}
+
+# Enable Connect for service mesh
+connect {
+  enabled = true
+}
+
+# Cache configuration for performance
+cache {
+  entry_fetch_max_burst = 42
+  entry_fetch_rate = 30
+}
+
+# Node metadata
+node_meta = {
+  region = "unknown"
+  zone = "nomad-client"
+}
+
+# UI enabled for servers
+ui_config {
+  enabled = true
+}
+
+# ACL configuration (if needed)
+acl = {
+  enabled = false
+  default_policy = "allow"
+}
+
+# Logging
+log_file = "/var/log/consul/consul.log"
+log_rotate_duration = "24h"
+log_rotate_max_files = 7

infrastructure/consul/current/semaphore-consul.hcl

@@ -0,0 +1,62 @@
+# Consul Client Configuration for ash1d
+datacenter = "dc1"
+data_dir = "/opt/consul/data"
+log_level = "INFO"
+node_name = "semaphore"
+bind_addr = "100.116.158.95"
+
+# Client mode (not server)
+server = false
+
+# Connect to Consul servers (指向三节点集群)
+retry_join = [
+  "100.117.106.136",  # master (韩国)
+  "100.122.197.112",  # warden (北京)  
+  "100.116.80.94"     # ash3c (美国)
+]
+
+# Performance optimization
+performance {
+  raft_multiplier = 5
+}
+
+# Ports configuration
+ports {
+  grpc = 8502
+  http = 8500
+  dns = 8600
+}
+
+# Enable Connect for service mesh
+connect {
+  enabled = true
+}
+
+# Cache configuration for performance
+cache {
+  entry_fetch_max_burst = 42
+  entry_fetch_rate = 30
+}
+
+# Node metadata
+node_meta = {
+  region = "unknown"
+  zone = "nomad-server"
+}
+
+# UI disabled for clients
+ui_config {
+  enabled = false
+}
+
+# ACL configuration (if needed)
+acl = {
+  enabled = false
+  default_policy = "allow"
+}
+
+# Logging
+log_file = "/var/log/consul/consul.log"
+log_rotate_duration = "24h"
+log_rotate_max_files = 7
+

infrastructure/consul/current/warden-consul.hcl

@@ -0,0 +1,61 @@
+# Consul Client Configuration for warden
+datacenter = "dc1"
+data_dir = "/opt/consul/data"
+log_level = "INFO"
+node_name = "warden"
+bind_addr = "100.122.197.112"
+
+# Client mode (not server)
+server = false
+
+# Connect to Consul servers (指向三节点集群)
+retry_join = [
+  "100.117.106.136",  # master (韩国)
+  "100.122.197.112",  # warden (北京)  
+  "100.116.80.94"     # ash3c (美国)
+]
+
+# Performance optimization
+performance {
+  raft_multiplier = 5
+}
+
+# Ports configuration
+ports {
+  grpc = 8502
+  http = 8500
+  dns = 8600
+}
+
+# Enable Connect for service mesh
+connect {
+  enabled = true
+}
+
+# Cache configuration for performance
+cache {
+  entry_fetch_max_burst = 42
+  entry_fetch_rate = 30
+}
+
+# Node metadata
+node_meta = {
+  region = "unknown"
+  zone = "nomad-server"
+}
+
+# UI disabled for clients
+ui_config {
+  enabled = false
+}
+
+# ACL configuration (if needed)
+acl = {
+  enabled = false
+  default_policy = "allow"
+}
+
+# Logging
+log_file = "/var/log/consul/consul.log"
+log_rotate_duration = "24h"
+log_rotate_max_files = 7

infrastructure/consul/deploy-consul-ansible.yml

@@ -0,0 +1,56 @@
+---
+- name: 批量部署Consul配置到所有节点
+  hosts: all
+  become: yes
+  serial: 8  # 并行处理8个节点
+  
+  vars:
+    consul_config_dir: "/etc/consul.d"
+    consul_service_name: "consul"
+    
+  tasks:
+    - name: 检查节点类型
+      set_fact:
+        node_type: "{{ 'server' if inventory_hostname in ['ch4', 'ash3c', 'warden'] else 'client' }}"
+        ui_enabled: "{{ 'true' if inventory_hostname in ['ch4', 'ash3c', 'warden'] else 'false' }}"
+        node_zone: "{{ 'server' if inventory_hostname in ['ch4', 'ash3c', 'warden'] else 'client' }}"
+    
+    - name: 生成Consul配置文件
+      template:
+        src: consul.j2
+        dest: "{{ consul_config_dir }}/consul.hcl"
+        owner: consul
+        group: consul
+        mode: '0644'
+        backup: yes
+      vars:
+        node_name: "{{ inventory_hostname }}"
+        bind_addr: "{{ ansible_host }}"
+        node_zone: "{{ node_zone }}"
+        ui_enabled: "{{ ui_enabled }}"
+    
+    - name: 验证Consul配置文件
+      command: consul validate {{ consul_config_dir }}/consul.hcl
+      register: consul_validate
+      failed_when: consul_validate.rc != 0
+    
+    - name: 重启Consul服务
+      systemd:
+        name: "{{ consul_service_name }}"
+        state: restarted
+        enabled: yes
+    
+    - name: 等待Consul服务启动
+      wait_for:
+        port: 8500
+        host: "{{ ansible_host }}"
+        timeout: 30
+    
+    - name: 检查Consul服务状态
+      systemd:
+        name: "{{ consul_service_name }}"
+      register: consul_status
+    
+    - name: 显示部署结果
+      debug:
+        msg: "{{ inventory_hostname }} ({{ node_type }}) Consul服务状态: {{ consul_status.status.ActiveState }}"

infrastructure/consul/deploy-consul-configs.sh

@@ -0,0 +1,200 @@
+#!/bin/bash
+
+# Consul配置批量部署脚本
+set -e
+
+CONSUL_DIR="/root/mgmt/infrastructure/consul"
+BASELINE_DIR="$CONSUL_DIR/baseline"
+DEPLOYED_DIR="$CONSUL_DIR/deployed"
+LOGS_DIR="$CONSUL_DIR/logs"
+
+# 节点配置映射
+declare -A NODE_IPS
+NODE_IPS[ch4]="100.117.106.136"
+NODE_IPS[ash3c]="100.116.80.94"
+NODE_IPS[warden]="100.122.197.112"
+NODE_IPS[ash1d]="100.98.209.50"
+NODE_IPS[ash2e]="100.98.209.51"
+NODE_IPS[ch2]="100.117.106.135"
+NODE_IPS[ch3]="100.117.106.137"
+NODE_IPS[de]="100.98.209.52"
+NODE_IPS[onecloud1]="100.98.209.53"
+NODE_IPS[semaphore]="100.98.209.54"
+NODE_IPS[browser]="100.116.112.45"
+NODE_IPS[hcp1]="100.116.112.46"
+NODE_IPS[influxdb]="100.116.112.47"
+NODE_IPS[brother]="100.116.112.48"
+
+# 服务器节点列表
+SERVER_NODES=("ch4" "ash3c" "warden")
+CLIENT_NODES=("ash1d" "ash2e" "ch2" "ch3" "de" "onecloud1" "semaphore" "browser" "hcp1" "influxdb")
+
+# 颜色输出
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+BLUE='\033[0;34m'
+NC='\033[0m'
+
+log() {
+    echo -e "${BLUE}[$(date '+%Y-%m-%d %H:%M:%S')]${NC} $1"
+}
+
+error() {
+    echo -e "${RED}[ERROR]${NC} $1" >&2
+}
+
+success() {
+    echo -e "${GREEN}[SUCCESS]${NC} $1"
+}
+
+warning() {
+    echo -e "${YELLOW}[WARNING]${NC} $1"
+}
+
+# 创建必要目录
+create_dirs() {
+    mkdir -p "$LOGS_DIR" "$DEPLOYED_DIR"
+}
+
+# 生成节点配置
+generate_config() {
+    local node=$1
+    local node_type=$2
+    local bind_addr=${NODE_IPS[$node]}
+    
+    if [ -z "$bind_addr" ]; then
+        error "未找到节点 $node 的IP地址"
+        return 1
+    fi
+    
+    local template_file
+    if [ "$node_type" = "server" ]; then
+        template_file="$BASELINE_DIR/consul-server.hcl"
+    else
+        template_file="$BASELINE_DIR/consul-client.hcl"
+    fi
+    
+    local output_file="$DEPLOYED_DIR/${node}-consul.hcl"
+    
+    log "生成 $node 的Consul配置"
+    
+    # 替换模板变量
+    sed "s/{{NODE_NAME}}/$node/g; s/{{BIND_ADDR}}/$bind_addr/g; s/{{ENCRYPT_KEY}}/placeholder/g" "$template_file" > "$output_file"
+    
+    success "配置生成完成: $output_file"
+}
+
+# 部署配置到节点
+deploy_config() {
+    local node=$1
+    local config_file="$DEPLOYED_DIR/${node}-consul.hcl"
+    
+    log "部署 $node 的Consul配置"
+    
+    # 备份现有配置
+    sshpass -p '3131' ssh -o StrictHostKeyChecking=no -o ConnectTimeout=10 ben@"$node.tailnet-68f9.ts.net" "
+        if [ -f /etc/consul.d/consul.hcl ]; then
+            echo '3131' | sudo -S cp /etc/consul.d/consul.hcl /etc/consul.d/consul.hcl.backup.\$(date +%Y%m%d_%H%M%S)
+        fi
+    " 2>/dev/null || warning "无法备份 $node 的现有配置"
+    
+    # 上传新配置
+    sshpass -p '3131' scp -o StrictHostKeyChecking=no -o ConnectTimeout=10 "$config_file" ben@"$node.tailnet-68f9.ts.net":/tmp/consul-new.hcl
+    
+    # 替换配置文件
+    sshpass -p '3131' ssh -o StrictHostKeyChecking=no -o ConnectTimeout=10 ben@"$node.tailnet-68f9.ts.net" "
+        echo '3131' | sudo -S mkdir -p /etc/consul.d
+        echo '3131' | sudo -S cp /tmp/consul-new.hcl /etc/consul.d/consul.hcl
+        echo '3131' | sudo -S chown consul:consul /etc/consul.d/consul.hcl
+        echo '3131' | sudo -S chmod 644 /etc/consul.d/consul.hcl
+        rm -f /tmp/consul-new.hcl
+    "
+    
+    success "配置部署完成: $node"
+}
+
+# 重启Consul服务
+restart_consul() {
+    local node=$1
+    
+    log "重启 $node 的Consul服务"
+    
+    sshpass -p '3131' ssh -o StrictHostKeyChecking=no -o ConnectTimeout=10 ben@"$node.tailnet-68f9.ts.net" "
+        echo '3131' | sudo -S systemctl restart consul
+        sleep 3
+        echo '3131' | sudo -S systemctl status consul --no-pager
+    "
+    
+    success "Consul服务重启完成: $node"
+}
+
+# 主函数
+main() {
+    local target_node=${1:-"all"}
+    
+    log "开始批量部署Consul配置"
+    log "目标节点: $target_node"
+    
+    create_dirs
+    
+    # 处理服务器节点
+    if [ "$target_node" = "all" ] || [ "$target_node" = "servers" ]; then
+        log "处理服务器节点"
+        for node in "${SERVER_NODES[@]}"; do
+            generate_config "$node" "server"
+            deploy_config "$node"
+            restart_consul "$node"
+        done
+    fi
+    
+    # 处理客户端节点
+    if [ "$target_node" = "all" ] || [ "$target_node" = "clients" ]; then
+        log "处理客户端节点"
+        for node in "${CLIENT_NODES[@]}"; do
+            generate_config "$node" "client"
+            deploy_config "$node"
+            restart_consul "$node"
+        done
+    fi
+    
+    # 处理特定节点
+    if [ "$target_node" != "all" ] && [ "$target_node" != "servers" ] && [ "$target_node" != "clients" ]; then
+        local node_type="client"
+        for server_node in "${SERVER_NODES[@]}"; do
+            if [ "$target_node" = "$server_node" ]; then
+                node_type="server"
+                break
+            fi
+        done
+        
+        generate_config "$target_node" "$node_type"
+        deploy_config "$target_node"
+        restart_consul "$target_node"
+    fi
+    
+    success "Consul配置批量部署完成！"
+}
+
+# 显示帮助
+show_help() {
+    echo "使用方法: $0 [节点名|all|servers|clients]"
+    echo ""
+    echo "参数:"
+    echo "  all      - 部署所有节点 (默认)"
+    echo "  servers  - 只部署服务器节点"
+    echo "  clients  - 只部署客户端节点"
+    echo "  节点名   - 部署特定节点"
+    echo ""
+    echo "示例:"
+    echo "  $0              # 部署所有节点"
+    echo "  $0 servers      # 只部署服务器节点"
+    echo "  $0 ch4          # 只部署ch4节点"
+}
+
+if [ "$1" = "-h" ] || [ "$1" = "--help" ]; then
+    show_help
+    exit 0
+fi
+
+main "$@"

infrastructure/consul/jinja2-output/ash1d-config.json

@@ -0,0 +1,6 @@
+{
+    "node_name": "ash1d",
+    "bind_addr": "100.81.26.3",
+    "node_zone": "client",
+    "ui_enabled": false
+}

infrastructure/consul/jinja2-output/ash1d-consul.hcl

@@ -0,0 +1,81 @@
+# Consul 客户端配置模板
+# 适用于所有13个节点（服务器由Nomad接管）
+
+# 基础配置
+datacenter = "pacific"
+data_dir = "/opt/consul/data"
+log_level = "INFO"
+node_name = "ash1d"
+bind_addr = "100.81.26.3"
+
+# 客户端模式（服务器由Nomad接管）
+server = false
+
+# 连接到Consul服务器集群
+retry_join = [
+  "100.117.106.136",  # ch4 (韩国)
+  "100.122.197.112",  # warden (北京)  
+  "100.116.80.94"     # ash3c (美国)
+]
+
+# 性能优化
+performance {
+  raft_multiplier = 5
+}
+
+# 端口配置
+ports {
+  grpc = 8502
+  http = 8500
+  dns = 8600
+}
+
+# 启用Connect服务网格
+connect {
+  enabled = true
+}
+
+# 缓存配置
+cache {
+  entry_fetch_max_burst = 42
+  entry_fetch_rate = 30
+}
+
+# 节点元数据
+node_meta = {
+  region = "pacific"
+  zone = "client"
+}
+
+# UI配置
+ui_config {
+  enabled = False
+}
+
+# ACL配置
+acl = {
+  enabled = false
+  default_policy = "allow"
+}
+
+# 日志配置
+log_file = "/var/log/consul/consul.log"
+log_rotate_duration = "24h"
+log_rotate_max_files = 7
+
+# 服务发现
+services {
+  name = "ash1d-service"
+  port = 8080
+  tags = ["ash1d", "client"]
+}
+
+# 健康检查
+checks {
+  name = "ash1d-health"
+  tcp = "100.81.26.3:8080"
+  interval = "10s"
+  timeout = "3s"
+}
+
+# 自动加密

infrastructure/consul/jinja2-output/ash2e-config.json

@@ -0,0 +1,6 @@
+{
+    "node_name": "ash2e",
+    "bind_addr": "100.81.26.4",
+    "node_zone": "client",
+    "ui_enabled": false
+}

infrastructure/consul/jinja2-output/ash2e-consul.hcl

@@ -0,0 +1,81 @@
+# Consul 客户端配置模板
+# 适用于所有13个节点（服务器由Nomad接管）
+
+# 基础配置
+datacenter = "pacific"
+data_dir = "/opt/consul/data"
+log_level = "INFO"
+node_name = "ash2e"
+bind_addr = "100.81.26.4"
+
+# 客户端模式（服务器由Nomad接管）
+server = false
+
+# 连接到Consul服务器集群
+retry_join = [
+  "100.117.106.136",  # ch4 (韩国)
+  "100.122.197.112",  # warden (北京)  
+  "100.116.80.94"     # ash3c (美国)
+]
+
+# 性能优化
+performance {
+  raft_multiplier = 5
+}
+
+# 端口配置
+ports {
+  grpc = 8502
+  http = 8500
+  dns = 8600
+}
+
+# 启用Connect服务网格
+connect {
+  enabled = true
+}
+
+# 缓存配置
+cache {
+  entry_fetch_max_burst = 42
+  entry_fetch_rate = 30
+}
+
+# 节点元数据
+node_meta = {
+  region = "pacific"
+  zone = "client"
+}
+
+# UI配置
+ui_config {
+  enabled = False
+}
+
+# ACL配置
+acl = {
+  enabled = false
+  default_policy = "allow"
+}
+
+# 日志配置
+log_file = "/var/log/consul/consul.log"
+log_rotate_duration = "24h"
+log_rotate_max_files = 7
+
+# 服务发现
+services {
+  name = "ash2e-service"
+  port = 8080
+  tags = ["ash2e", "client"]
+}
+
+# 健康检查
+checks {
+  name = "ash2e-health"
+  tcp = "100.81.26.4:8080"
+  interval = "10s"
+  timeout = "3s"
+}
+
+# 自动加密

infrastructure/consul/jinja2-output/ash3c-config.json

@@ -0,0 +1,6 @@
+{
+    "node_name": "ash3c",
+    "bind_addr": "100.116.80.94",
+    "node_zone": "server",
+    "ui_enabled": true
+}

infrastructure/consul/jinja2-output/ash3c-consul.hcl

@@ -0,0 +1,81 @@
+# Consul 客户端配置模板
+# 适用于所有13个节点（服务器由Nomad接管）
+
+# 基础配置
+datacenter = "pacific"
+data_dir = "/opt/consul/data"
+log_level = "INFO"
+node_name = "ash3c"
+bind_addr = "100.116.80.94"
+
+# 客户端模式（服务器由Nomad接管）
+server = false
+
+# 连接到Consul服务器集群
+retry_join = [
+  "100.117.106.136",  # ch4 (韩国)
+  "100.122.197.112",  # warden (北京)  
+  "100.116.80.94"     # ash3c (美国)
+]
+
+# 性能优化
+performance {
+  raft_multiplier = 5
+}
+
+# 端口配置
+ports {
+  grpc = 8502
+  http = 8500
+  dns = 8600
+}
+
+# 启用Connect服务网格
+connect {
+  enabled = true
+}
+
+# 缓存配置
+cache {
+  entry_fetch_max_burst = 42
+  entry_fetch_rate = 30
+}
+
+# 节点元数据
+node_meta = {
+  region = "pacific"
+  zone = "server"
+}
+
+# UI配置
+ui_config {
+  enabled = true
+}
+
+# ACL配置
+acl = {
+  enabled = false
+  default_policy = "allow"
+}
+
+# 日志配置
+log_file = "/var/log/consul/consul.log"
+log_rotate_duration = "24h"
+log_rotate_max_files = 7
+
+# 服务发现
+services {
+  name = "ash3c-service"
+  port = 8080
+  tags = ["ash3c", "client"]
+}
+
+# 健康检查
+checks {
+  name = "ash3c-health"
+  tcp = "100.116.80.94:8080"
+  interval = "10s"
+  timeout = "3s"
+}
+
+# 自动加密

infrastructure/consul/jinja2-output/browser-config.json

@@ -0,0 +1,6 @@
+{
+    "node_name": "browser",
+    "bind_addr": "100.116.112.45",
+    "node_zone": "client",
+    "ui_enabled": false
+}

infrastructure/consul/jinja2-output/browser-consul.hcl

@@ -0,0 +1,81 @@
+# Consul 客户端配置模板
+# 适用于所有13个节点（服务器由Nomad接管）
+
+# 基础配置
+datacenter = "pacific"
+data_dir = "/opt/consul/data"
+log_level = "INFO"
+node_name = "browser"
+bind_addr = "100.116.112.45"
+
+# 客户端模式（服务器由Nomad接管）
+server = false
+
+# 连接到Consul服务器集群
+retry_join = [
+  "100.117.106.136",  # ch4 (韩国)
+  "100.122.197.112",  # warden (北京)  
+  "100.116.80.94"     # ash3c (美国)
+]
+
+# 性能优化
+performance {
+  raft_multiplier = 5
+}
+
+# 端口配置
+ports {
+  grpc = 8502
+  http = 8500
+  dns = 8600
+}
+
+# 启用Connect服务网格
+connect {
+  enabled = true
+}
+
+# 缓存配置
+cache {
+  entry_fetch_max_burst = 42
+  entry_fetch_rate = 30
+}
+
+# 节点元数据
+node_meta = {
+  region = "pacific"
+  zone = "client"
+}
+
+# UI配置
+ui_config {
+  enabled = False
+}
+
+# ACL配置
+acl = {
+  enabled = false
+  default_policy = "allow"
+}
+
+# 日志配置
+log_file = "/var/log/consul/consul.log"
+log_rotate_duration = "24h"
+log_rotate_max_files = 7
+
+# 服务发现
+services {
+  name = "browser-service"
+  port = 8080
+  tags = ["browser", "client"]
+}
+
+# 健康检查
+checks {
+  name = "browser-health"
+  tcp = "100.116.112.45:8080"
+  interval = "10s"
+  timeout = "3s"
+}
+
+# 自动加密

infrastructure/consul/jinja2-output/ch2-config.json

@@ -0,0 +1,6 @@
+{
+    "node_name": "ch2",
+    "bind_addr": "100.117.106.135",
+    "node_zone": "client",
+    "ui_enabled": false
+}

infrastructure/consul/jinja2-output/ch2-consul.hcl

@@ -0,0 +1,81 @@
+# Consul 客户端配置模板
+# 适用于所有13个节点（服务器由Nomad接管）
+
+# 基础配置
+datacenter = "pacific"
+data_dir = "/opt/consul/data"
+log_level = "INFO"
+node_name = "ch2"
+bind_addr = "100.117.106.135"
+
+# 客户端模式（服务器由Nomad接管）
+server = false
+
+# 连接到Consul服务器集群
+retry_join = [
+  "100.117.106.136",  # ch4 (韩国)
+  "100.122.197.112",  # warden (北京)  
+  "100.116.80.94"     # ash3c (美国)
+]
+
+# 性能优化
+performance {
+  raft_multiplier = 5
+}
+
+# 端口配置
+ports {
+  grpc = 8502
+  http = 8500
+  dns = 8600
+}
+
+# 启用Connect服务网格
+connect {
+  enabled = true
+}
+
+# 缓存配置
+cache {
+  entry_fetch_max_burst = 42
+  entry_fetch_rate = 30
+}
+
+# 节点元数据
+node_meta = {
+  region = "pacific"
+  zone = "client"
+}
+
+# UI配置
+ui_config {
+  enabled = False
+}
+
+# ACL配置
+acl = {
+  enabled = false
+  default_policy = "allow"
+}
+
+# 日志配置
+log_file = "/var/log/consul/consul.log"
+log_rotate_duration = "24h"
+log_rotate_max_files = 7
+
+# 服务发现
+services {
+  name = "ch2-service"
+  port = 8080
+  tags = ["ch2", "client"]
+}
+
+# 健康检查
+checks {
+  name = "ch2-health"
+  tcp = "100.117.106.135:8080"
+  interval = "10s"
+  timeout = "3s"
+}
+
+# 自动加密

infrastructure/consul/jinja2-output/ch3-config.json

@@ -0,0 +1,6 @@
+{
+    "node_name": "ch3",
+    "bind_addr": "100.117.106.137",
+    "node_zone": "client",
+    "ui_enabled": false
+}

infrastructure/consul/jinja2-output/ch3-consul.hcl

@@ -0,0 +1,81 @@
+# Consul 客户端配置模板
+# 适用于所有13个节点（服务器由Nomad接管）
+
+# 基础配置
+datacenter = "pacific"
+data_dir = "/opt/consul/data"
+log_level = "INFO"
+node_name = "ch3"
+bind_addr = "100.117.106.137"
+
+# 客户端模式（服务器由Nomad接管）
+server = false
+
+# 连接到Consul服务器集群
+retry_join = [
+  "100.117.106.136",  # ch4 (韩国)
+  "100.122.197.112",  # warden (北京)  
+  "100.116.80.94"     # ash3c (美国)
+]
+
+# 性能优化
+performance {
+  raft_multiplier = 5
+}
+
+# 端口配置
+ports {
+  grpc = 8502
+  http = 8500
+  dns = 8600
+}
+
+# 启用Connect服务网格
+connect {
+  enabled = true
+}
+
+# 缓存配置
+cache {
+  entry_fetch_max_burst = 42
+  entry_fetch_rate = 30
+}
+
+# 节点元数据
+node_meta = {
+  region = "pacific"
+  zone = "client"
+}
+
+# UI配置
+ui_config {
+  enabled = False
+}
+
+# ACL配置
+acl = {
+  enabled = false
+  default_policy = "allow"
+}
+
+# 日志配置
+log_file = "/var/log/consul/consul.log"
+log_rotate_duration = "24h"
+log_rotate_max_files = 7
+
+# 服务发现
+services {
+  name = "ch3-service"
+  port = 8080
+  tags = ["ch3", "client"]
+}
+
+# 健康检查
+checks {
+  name = "ch3-health"
+  tcp = "100.117.106.137:8080"
+  interval = "10s"
+  timeout = "3s"
+}
+
+# 自动加密

infrastructure/consul/jinja2-output/ch4-config.json

@@ -0,0 +1,6 @@
+{
+    "node_name": "ch4",
+    "bind_addr": "100.117.106.134",
+    "node_zone": "server",
+    "ui_enabled": true
+}

infrastructure/consul/jinja2-output/ch4-consul.hcl

@@ -0,0 +1,81 @@
+# Consul 客户端配置模板
+# 适用于所有13个节点（服务器由Nomad接管）
+
+# 基础配置
+datacenter = "pacific"
+data_dir = "/opt/consul/data"
+log_level = "INFO"
+node_name = "ch4"
+bind_addr = "100.117.106.134"
+
+# 客户端模式（服务器由Nomad接管）
+server = false
+
+# 连接到Consul服务器集群
+retry_join = [
+  "100.117.106.136",  # ch4 (韩国)
+  "100.122.197.112",  # warden (北京)  
+  "100.116.80.94"     # ash3c (美国)
+]
+
+# 性能优化
+performance {
+  raft_multiplier = 5
+}
+
+# 端口配置
+ports {
+  grpc = 8502
+  http = 8500
+  dns = 8600
+}
+
+# 启用Connect服务网格
+connect {
+  enabled = true
+}
+
+# 缓存配置
+cache {
+  entry_fetch_max_burst = 42
+  entry_fetch_rate = 30
+}
+
+# 节点元数据
+node_meta = {
+  region = "pacific"
+  zone = "server"
+}
+
+# UI配置
+ui_config {
+  enabled = true
+}
+
+# ACL配置
+acl = {
+  enabled = false
+  default_policy = "allow"
+}
+
+# 日志配置
+log_file = "/var/log/consul/consul.log"
+log_rotate_duration = "24h"
+log_rotate_max_files = 7
+
+# 服务发现
+services {
+  name = "ch4-service"
+  port = 8080
+  tags = ["ch4", "client"]
+}
+
+# 健康检查
+checks {
+  name = "ch4-health"
+  tcp = "100.117.106.134:8080"
+  interval = "10s"
+  timeout = "3s"
+}
+
+# 自动加密

infrastructure/consul/jinja2-output/de-config.json

@@ -0,0 +1,6 @@
+{
+    "node_name": "de",
+    "bind_addr": "100.98.209.52",
+    "node_zone": "client",
+    "ui_enabled": false
+}

infrastructure/consul/jinja2-output/de-consul.hcl

@@ -0,0 +1,81 @@
+# Consul 客户端配置模板
+# 适用于所有13个节点（服务器由Nomad接管）
+
+# 基础配置
+datacenter = "pacific"
+data_dir = "/opt/consul/data"
+log_level = "INFO"
+node_name = "de"
+bind_addr = "100.98.209.52"
+
+# 客户端模式（服务器由Nomad接管）
+server = false
+
+# 连接到Consul服务器集群
+retry_join = [
+  "100.117.106.136",  # ch4 (韩国)
+  "100.122.197.112",  # warden (北京)  
+  "100.116.80.94"     # ash3c (美国)
+]
+
+# 性能优化
+performance {
+  raft_multiplier = 5
+}
+
+# 端口配置
+ports {
+  grpc = 8502
+  http = 8500
+  dns = 8600
+}
+
+# 启用Connect服务网格
+connect {
+  enabled = true
+}
+
+# 缓存配置
+cache {
+  entry_fetch_max_burst = 42
+  entry_fetch_rate = 30
+}
+
+# 节点元数据
+node_meta = {
+  region = "pacific"
+  zone = "client"
+}
+
+# UI配置
+ui_config {
+  enabled = False
+}
+
+# ACL配置
+acl = {
+  enabled = false
+  default_policy = "allow"
+}
+
+# 日志配置
+log_file = "/var/log/consul/consul.log"
+log_rotate_duration = "24h"
+log_rotate_max_files = 7
+
+# 服务发现
+services {
+  name = "de-service"
+  port = 8080
+  tags = ["de", "client"]
+}
+
+# 健康检查
+checks {
+  name = "de-health"
+  tcp = "100.98.209.52:8080"
+  interval = "10s"
+  timeout = "3s"
+}
+
+# 自动加密

infrastructure/consul/jinja2-output/hcp1-config.json

@@ -0,0 +1,6 @@
+{
+    "node_name": "hcp1",
+    "bind_addr": "100.116.112.46",
+    "node_zone": "client",
+    "ui_enabled": false
+}

infrastructure/consul/jinja2-output/hcp1-consul.hcl

@@ -0,0 +1,81 @@
+# Consul 客户端配置模板
+# 适用于所有13个节点（服务器由Nomad接管）
+
+# 基础配置
+datacenter = "pacific"
+data_dir = "/opt/consul/data"
+log_level = "INFO"
+node_name = "hcp1"
+bind_addr = "100.116.112.46"
+
+# 客户端模式（服务器由Nomad接管）
+server = false
+
+# 连接到Consul服务器集群
+retry_join = [
+  "100.117.106.136",  # ch4 (韩国)
+  "100.122.197.112",  # warden (北京)  
+  "100.116.80.94"     # ash3c (美国)
+]
+
+# 性能优化
+performance {
+  raft_multiplier = 5
+}
+
+# 端口配置
+ports {
+  grpc = 8502
+  http = 8500
+  dns = 8600
+}
+
+# 启用Connect服务网格
+connect {
+  enabled = true
+}
+
+# 缓存配置
+cache {
+  entry_fetch_max_burst = 42
+  entry_fetch_rate = 30
+}
+
+# 节点元数据
+node_meta = {
+  region = "pacific"
+  zone = "client"
+}
+
+# UI配置
+ui_config {
+  enabled = False
+}
+
+# ACL配置
+acl = {
+  enabled = false
+  default_policy = "allow"
+}
+
+# 日志配置
+log_file = "/var/log/consul/consul.log"
+log_rotate_duration = "24h"
+log_rotate_max_files = 7
+
+# 服务发现
+services {
+  name = "hcp1-service"
+  port = 8080
+  tags = ["hcp1", "client"]
+}
+
+# 健康检查
+checks {
+  name = "hcp1-health"
+  tcp = "100.116.112.46:8080"
+  interval = "10s"
+  timeout = "3s"
+}
+
+# 自动加密

infrastructure/consul/jinja2-output/influxdb-config.json

@@ -0,0 +1,6 @@
+{
+    "node_name": "influxdb",
+    "bind_addr": "100.116.112.47",
+    "node_zone": "client",
+    "ui_enabled": false
+}

infrastructure/consul/jinja2-output/influxdb-consul.hcl

@@ -0,0 +1,81 @@
+# Consul 客户端配置模板
+# 适用于所有13个节点（服务器由Nomad接管）
+
+# 基础配置
+datacenter = "pacific"
+data_dir = "/opt/consul/data"
+log_level = "INFO"
+node_name = "influxdb"
+bind_addr = "100.116.112.47"
+
+# 客户端模式（服务器由Nomad接管）
+server = false
+
+# 连接到Consul服务器集群
+retry_join = [
+  "100.117.106.136",  # ch4 (韩国)
+  "100.122.197.112",  # warden (北京)  
+  "100.116.80.94"     # ash3c (美国)
+]
+
+# 性能优化
+performance {
+  raft_multiplier = 5
+}
+
+# 端口配置
+ports {
+  grpc = 8502
+  http = 8500
+  dns = 8600
+}
+
+# 启用Connect服务网格
+connect {
+  enabled = true
+}
+
+# 缓存配置
+cache {
+  entry_fetch_max_burst = 42
+  entry_fetch_rate = 30
+}
+
+# 节点元数据
+node_meta = {
+  region = "pacific"
+  zone = "client"
+}
+
+# UI配置
+ui_config {
+  enabled = False
+}
+
+# ACL配置
+acl = {
+  enabled = false
+  default_policy = "allow"
+}
+
+# 日志配置
+log_file = "/var/log/consul/consul.log"
+log_rotate_duration = "24h"
+log_rotate_max_files = 7
+
+# 服务发现
+services {
+  name = "influxdb-service"
+  port = 8080
+  tags = ["influxdb", "client"]
+}
+
+# 健康检查
+checks {
+  name = "influxdb-health"
+  tcp = "100.116.112.47:8080"
+  interval = "10s"
+  timeout = "3s"
+}
+
+# 自动加密

infrastructure/consul/jinja2-output/onecloud1-config.json

@@ -0,0 +1,6 @@
+{
+    "node_name": "onecloud1",
+    "bind_addr": "100.98.209.53",
+    "node_zone": "client",
+    "ui_enabled": false
+}

infrastructure/consul/jinja2-output/onecloud1-consul.hcl

@@ -0,0 +1,81 @@
+# Consul 客户端配置模板
+# 适用于所有13个节点（服务器由Nomad接管）
+
+# 基础配置
+datacenter = "pacific"
+data_dir = "/opt/consul/data"
+log_level = "INFO"
+node_name = "onecloud1"
+bind_addr = "100.98.209.53"
+
+# 客户端模式（服务器由Nomad接管）
+server = false
+
+# 连接到Consul服务器集群
+retry_join = [
+  "100.117.106.136",  # ch4 (韩国)
+  "100.122.197.112",  # warden (北京)  
+  "100.116.80.94"     # ash3c (美国)
+]
+
+# 性能优化
+performance {
+  raft_multiplier = 5
+}
+
+# 端口配置
+ports {
+  grpc = 8502
+  http = 8500
+  dns = 8600
+}
+
+# 启用Connect服务网格
+connect {
+  enabled = true
+}
+
+# 缓存配置
+cache {
+  entry_fetch_max_burst = 42
+  entry_fetch_rate = 30
+}
+
+# 节点元数据
+node_meta = {
+  region = "pacific"
+  zone = "client"
+}
+
+# UI配置
+ui_config {
+  enabled = False
+}
+
+# ACL配置
+acl = {
+  enabled = false
+  default_policy = "allow"
+}
+
+# 日志配置
+log_file = "/var/log/consul/consul.log"
+log_rotate_duration = "24h"
+log_rotate_max_files = 7
+
+# 服务发现
+services {
+  name = "onecloud1-service"
+  port = 8080
+  tags = ["onecloud1", "client"]
+}
+
+# 健康检查
+checks {
+  name = "onecloud1-health"
+  tcp = "100.98.209.53:8080"
+  interval = "10s"
+  timeout = "3s"
+}
+
+# 自动加密

infrastructure/consul/jinja2-output/semaphore-config.json

@@ -0,0 +1,6 @@
+{
+    "node_name": "semaphore",
+    "bind_addr": "100.98.209.54",
+    "node_zone": "client",
+    "ui_enabled": false
+}

infrastructure/consul/jinja2-output/semaphore-consul.hcl

@@ -0,0 +1,81 @@
+# Consul 客户端配置模板
+# 适用于所有13个节点（服务器由Nomad接管）
+
+# 基础配置
+datacenter = "pacific"
+data_dir = "/opt/consul/data"
+log_level = "INFO"
+node_name = "semaphore"
+bind_addr = "100.98.209.54"
+
+# 客户端模式（服务器由Nomad接管）
+server = false
+
+# 连接到Consul服务器集群
+retry_join = [
+  "100.117.106.136",  # ch4 (韩国)
+  "100.122.197.112",  # warden (北京)  
+  "100.116.80.94"     # ash3c (美国)
+]
+
+# 性能优化
+performance {
+  raft_multiplier = 5
+}
+
+# 端口配置
+ports {
+  grpc = 8502
+  http = 8500
+  dns = 8600
+}
+
+# 启用Connect服务网格
+connect {
+  enabled = true
+}
+
+# 缓存配置
+cache {
+  entry_fetch_max_burst = 42
+  entry_fetch_rate = 30
+}
+
+# 节点元数据
+node_meta = {
+  region = "pacific"
+  zone = "client"
+}
+
+# UI配置
+ui_config {
+  enabled = False
+}
+
+# ACL配置
+acl = {
+  enabled = false
+  default_policy = "allow"
+}
+
+# 日志配置
+log_file = "/var/log/consul/consul.log"
+log_rotate_duration = "24h"
+log_rotate_max_files = 7
+
+# 服务发现
+services {
+  name = "semaphore-service"
+  port = 8080
+  tags = ["semaphore", "client"]
+}
+
+# 健康检查
+checks {
+  name = "semaphore-health"
+  tcp = "100.98.209.54:8080"
+  interval = "10s"
+  timeout = "3s"
+}
+
+# 自动加密

infrastructure/consul/jinja2-output/warden-config.json

@@ -0,0 +1,6 @@
+{
+    "node_name": "warden",
+    "bind_addr": "100.122.197.112",
+    "node_zone": "server",
+    "ui_enabled": true
+}

infrastructure/consul/jinja2-output/warden-consul.hcl

@@ -0,0 +1,81 @@
+# Consul 客户端配置模板
+# 适用于所有13个节点（服务器由Nomad接管）
+
+# 基础配置
+datacenter = "pacific"
+data_dir = "/opt/consul/data"
+log_level = "INFO"
+node_name = "warden"
+bind_addr = "100.122.197.112"
+
+# 客户端模式（服务器由Nomad接管）
+server = false
+
+# 连接到Consul服务器集群
+retry_join = [
+  "100.117.106.136",  # ch4 (韩国)
+  "100.122.197.112",  # warden (北京)  
+  "100.116.80.94"     # ash3c (美国)
+]
+
+# 性能优化
+performance {
+  raft_multiplier = 5
+}
+
+# 端口配置
+ports {
+  grpc = 8502
+  http = 8500
+  dns = 8600
+}
+
+# 启用Connect服务网格
+connect {
+  enabled = true
+}
+
+# 缓存配置
+cache {
+  entry_fetch_max_burst = 42
+  entry_fetch_rate = 30
+}
+
+# 节点元数据
+node_meta = {
+  region = "pacific"
+  zone = "server"
+}
+
+# UI配置
+ui_config {
+  enabled = true
+}
+
+# ACL配置
+acl = {
+  enabled = false
+  default_policy = "allow"
+}
+
+# 日志配置
+log_file = "/var/log/consul/consul.log"
+log_rotate_duration = "24h"
+log_rotate_max_files = 7
+
+# 服务发现
+services {
+  name = "warden-service"
+  port = 8080
+  tags = ["warden", "client"]
+}
+
+# 健康检查
+checks {
+  name = "warden-health"
+  tcp = "100.122.197.112:8080"
+  interval = "10s"
+  timeout = "3s"
+}
+
+# 自动加密

infrastructure/consul/templates/consul.j2

@@ -0,0 +1,64 @@
+# Consul 客户端配置模板
+# 适用于所有13个节点（服务器由Nomad接管）
+
+# 基础配置
+datacenter = "dc1"
+data_dir = "/opt/consul/data"
+log_level = "INFO"
+node_name = "{{ node_name }}"
+bind_addr = "{{ bind_addr }}"
+
+# 客户端模式（服务器由Nomad接管）
+server = false
+
+# 连接到Consul服务器集群
+retry_join = [
+  "100.117.106.136:8301",  # ch4 (韩国)
+  "100.122.197.112:8301",  # warden (北京)  
+  "100.116.80.94:8301"     # ash3c (美国)
+]
+
+# 性能优化
+performance {
+  raft_multiplier = 5
+}
+
+# 端口配置
+ports {
+  grpc = 8502
+  http = 8500
+  dns = 8600
+}
+
+# 启用Connect服务网格
+connect {
+  enabled = true
+}
+
+# 缓存配置
+cache {
+  entry_fetch_max_burst = 42
+  entry_fetch_rate = 30
+}
+
+# 节点元数据
+node_meta = {
+  region = "pacific"
+  zone = "{{ node_zone }}"
+}
+
+# UI配置
+ui_config {
+  enabled = {{ ui_enabled|lower }}
+}
+
+# ACL配置
+acl = {
+  enabled = false
+  default_policy = "allow"
+}
+
+# 日志配置
+log_file = "/var/log/consul/consul.log"
+log_rotate_duration = "24h"
+log_rotate_max_files = 7

infrastructure/consul/test-jinja2.sh

@@ -0,0 +1,142 @@
+#!/bin/bash
+
+# Jinja2模板测试脚本
+set -e
+
+TEMPLATE_FILE="infrastructure/consul/baseline/consul.j2"
+OUTPUT_DIR="infrastructure/consul/jinja2-output"
+
+# 节点配置
+declare -A NODE_CONFIGS
+NODE_CONFIGS[ch4]="100.117.106.134:server:true"
+NODE_CONFIGS[ash3c]="100.116.80.94:server:true"
+NODE_CONFIGS[warden]="100.122.197.112:server:true"
+NODE_CONFIGS[ash1d]="100.81.26.3:client:false"
+NODE_CONFIGS[ash2e]="100.81.26.4:client:false"
+NODE_CONFIGS[ch2]="100.117.106.135:client:false"
+NODE_CONFIGS[ch3]="100.117.106.137:client:false"
+NODE_CONFIGS[de]="100.98.209.52:client:false"
+NODE_CONFIGS[onecloud1]="100.98.209.53:client:false"
+NODE_CONFIGS[semaphore]="100.98.209.54:client:false"
+NODE_CONFIGS[browser]="100.116.112.45:client:false"
+NODE_CONFIGS[hcp1]="100.116.112.46:client:false"
+NODE_CONFIGS[influxdb]="100.116.112.47:client:false"
+
+# 颜色输出
+GREEN='\033[0;32m'
+BLUE='\033[0;34m'
+RED='\033[0;31m'
+NC='\033[0m'
+
+log() {
+    echo -e "${BLUE}[$(date '+%H:%M:%S')]${NC} $1"
+}
+
+success() {
+    echo -e "${GREEN}[SUCCESS]${NC} $1"
+}
+
+error() {
+    echo -e "${RED}[ERROR]${NC} $1"
+}
+
+# 创建输出目录
+mkdir -p "$OUTPUT_DIR"
+
+# 测试Jinja2模板
+test_jinja2_template() {
+    local node=$1
+    local config=${NODE_CONFIGS[$node]}
+    
+    if [ -z "$config" ]; then
+        error "未找到节点 $node 的配置"
+        return 1
+    fi
+    
+    # 解析配置
+    IFS=':' read -r bind_addr node_zone ui_enabled <<< "$config"
+    
+    log "测试节点: $node"
+    log "绑定地址: $bind_addr"
+    log "节点区域: $node_zone"
+    log "UI启用: $ui_enabled"
+    
+    # 创建JSON配置文件
+    local json_file="$OUTPUT_DIR/${node}-config.json"
+    cat > "$json_file" << JSON
+{
+    "node_name": "$node",
+    "bind_addr": "$bind_addr",
+    "node_zone": "$node_zone",
+    "ui_enabled": $ui_enabled
+}
+JSON
+    
+    # 使用Jinja2渲染模板
+    local output_file="$OUTPUT_DIR/${node}-consul.hcl"
+    
+    if command -v jinja2 >/dev/null 2>&1; then
+        jinja2 "$TEMPLATE_FILE" "$json_file" > "$output_file"
+    else
+        # 使用Python脚本
+        python3 -c "
+import json
+from jinja2 import Template
+
+with open('$json_file', 'r') as f:
+    data = json.load(f)
+
+with open('$TEMPLATE_FILE', 'r') as f:
+    template = Template(f.read())
+
+with open('$output_file', 'w') as f:
+    f.write(template.render(**data))
+"
+    fi
+    
+    success "Jinja2模板渲染完成: $output_file"
+    
+    # 显示前10行验证
+    echo "--- 验证前10行 ---"
+    head -10 "$output_file"
+    echo "--- 验证完成 ---"
+    echo ""
+}
+
+# 主函数
+main() {
+    local target_node=${1:-"ch4"}
+    
+    log "开始Jinja2模板测试"
+    log "目标节点: $target_node"
+    
+    if [ "$target_node" = "all" ]; then
+        log "测试所有节点"
+        for node in "${!NODE_CONFIGS[@]}"; do
+            test_jinja2_template "$node"
+        done
+    else
+        test_jinja2_template "$target_node"
+    fi
+    
+    success "Jinja2模板测试完成！"
+    log "输出目录: $OUTPUT_DIR"
+}
+
+# 显示帮助
+show_help() {
+    echo "使用方法: $0 [节点名|all]"
+    echo ""
+    echo "示例:"
+    echo "  $0 ch4        # 测试ch4节点"
+    echo "  $0 all        # 测试所有节点"
+    echo ""
+    echo "支持的节点: ${!NODE_CONFIGS[@]}"
+}
+
+if [ "$1" = "-h" ] || [ "$1" = "--help" ]; then
+    show_help
+    exit 0
+fi
+
+main "$@"

infrastructure/consul/test-output/ash1d-consul.hcl

@@ -0,0 +1,84 @@
+# Consul 客户端配置模板
+# 适用于所有13个节点（服务器由Nomad接管）
+
+# 基础配置
+datacenter = "pacific"
+data_dir = "/opt/consul/data"
+log_level = "INFO"
+node_name = "ash1d"
+bind_addr = "100.81.26.3"
+
+# 客户端模式（服务器由Nomad接管）
+server = false
+
+# 连接到Consul服务器集群
+retry_join = [
+  "100.117.106.136",  # ch4 (韩国)
+  "100.122.197.112",  # warden (北京)  
+  "100.116.80.94"     # ash3c (美国)
+]
+
+# 性能优化
+performance {
+  raft_multiplier = 5
+}
+
+# 端口配置
+ports {
+  grpc = 8502
+  http = 8500
+  dns = 8600
+}
+
+# 启用Connect服务网格
+connect {
+  enabled = true
+}
+
+# 缓存配置
+cache {
+  entry_fetch_max_burst = 42
+  entry_fetch_rate = 30
+}
+
+# 节点元数据
+node_meta = {
+  region = "pacific"
+  zone = "client"
+}
+
+# UI配置
+ui_config {
+  enabled = false
+}
+
+# ACL配置
+acl = {
+  enabled = false
+  default_policy = "allow"
+}
+
+# 日志配置
+log_file = "/var/log/consul/consul.log"
+log_rotate_duration = "24h"
+log_rotate_max_files = 7
+
+# 服务发现
+services {
+  name = "ash1d-service"
+  port = 8080
+  tags = ["ash1d", "client"]
+}
+
+# 健康检查
+checks {
+  name = "ash1d-health"
+  tcp = "100.81.26.3:8080"
+  interval = "10s"
+  timeout = "3s"
+}
+
+# 自动加密
+auto_encrypt {
+  allow_tls = true
+}

infrastructure/consul/test-output/ch4-consul.hcl

@@ -0,0 +1,84 @@
+# Consul 客户端配置模板
+# 适用于所有13个节点（服务器由Nomad接管）
+
+# 基础配置
+datacenter = "pacific"
+data_dir = "/opt/consul/data"
+log_level = "INFO"
+node_name = "ch4"
+bind_addr = "100.117.106.134"
+
+# 客户端模式（服务器由Nomad接管）
+server = false
+
+# 连接到Consul服务器集群
+retry_join = [
+  "100.117.106.136",  # ch4 (韩国)
+  "100.122.197.112",  # warden (北京)  
+  "100.116.80.94"     # ash3c (美国)
+]
+
+# 性能优化
+performance {
+  raft_multiplier = 5
+}
+
+# 端口配置
+ports {
+  grpc = 8502
+  http = 8500
+  dns = 8600
+}
+
+# 启用Connect服务网格
+connect {
+  enabled = true
+}
+
+# 缓存配置
+cache {
+  entry_fetch_max_burst = 42
+  entry_fetch_rate = 30
+}
+
+# 节点元数据
+node_meta = {
+  region = "pacific"
+  zone = "server"
+}
+
+# UI配置
+ui_config {
+  enabled = true
+}
+
+# ACL配置
+acl = {
+  enabled = false
+  default_policy = "allow"
+}
+
+# 日志配置
+log_file = "/var/log/consul/consul.log"
+log_rotate_duration = "24h"
+log_rotate_max_files = 7
+
+# 服务发现
+services {
+  name = "ch4-service"
+  port = 8080
+  tags = ["ch4", "client"]
+}
+
+# 健康检查
+checks {
+  name = "ch4-health"
+  tcp = "100.117.106.134:8080"
+  interval = "10s"
+  timeout = "3s"
+}
+
+# 自动加密
+auto_encrypt {
+  allow_tls = true
+}

infrastructure/consul/test-template.sh

@@ -0,0 +1,109 @@
+#!/bin/bash
+
+# Consul模板变量替换测试脚本
+set -e
+
+TEMPLATE_FILE="infrastructure/consul/baseline/consul.hcl"
+OUTPUT_DIR="infrastructure/consul/test-output"
+
+# 节点配置
+declare -A NODE_CONFIGS
+NODE_CONFIGS[ch4]="100.117.106.134:server:true"
+NODE_CONFIGS[ash3c]="100.116.80.94:server:true"
+NODE_CONFIGS[warden]="100.122.197.112:server:true"
+NODE_CONFIGS[ash1d]="100.81.26.3:client:false"
+NODE_CONFIGS[ash2e]="100.81.26.4:client:false"
+NODE_CONFIGS[ch2]="100.117.106.135:client:false"
+NODE_CONFIGS[ch3]="100.117.106.137:client:false"
+NODE_CONFIGS[de]="100.98.209.52:client:false"
+NODE_CONFIGS[onecloud1]="100.98.209.53:client:false"
+NODE_CONFIGS[semaphore]="100.98.209.54:client:false"
+NODE_CONFIGS[browser]="100.116.112.45:client:false"
+NODE_CONFIGS[hcp1]="100.116.112.46:client:false"
+NODE_CONFIGS[influxdb]="100.116.112.47:client:false"
+
+# 颜色输出
+GREEN='\033[0;32m'
+BLUE='\033[0;34m'
+NC='\033[0m'
+
+log() {
+    echo -e "${BLUE}[$(date '+%H:%M:%S')]${NC} $1"
+}
+
+success() {
+    echo -e "${GREEN}[SUCCESS]${NC} $1"
+}
+
+# 创建输出目录
+mkdir -p "$OUTPUT_DIR"
+
+# 测试模板替换
+test_template_replacement() {
+    local node=$1
+    local config=${NODE_CONFIGS[$node]}
+    
+    if [ -z "$config" ]; then
+        echo "错误: 未找到节点 $node 的配置"
+        return 1
+    fi
+    
+    # 解析配置
+    IFS=':' read -r bind_addr node_zone ui_enabled <<< "$config"
+    
+    log "测试节点: $node"
+    log "绑定地址: $bind_addr"
+    log "节点区域: $node_zone"
+    log "UI启用: $ui_enabled"
+    
+    # 替换模板变量
+    local output_file="$OUTPUT_DIR/${node}-consul.hcl"
+    
+    sed "s/{{NODE_NAME}}/$node/g; s/{{BIND_ADDR}}/$bind_addr/g; s/{{NODE_ZONE}}/$node_zone/g; s/{{UI_ENABLED}}/$ui_enabled/g" "$TEMPLATE_FILE" > "$output_file"
+    
+    success "模板替换完成: $output_file"
+    
+    # 显示前10行验证
+    echo "--- 验证前10行 ---"
+    head -10 "$output_file"
+    echo "--- 验证完成 ---"
+    echo ""
+}
+
+# 主函数
+main() {
+    local target_node=${1:-"ch4"}
+    
+    log "开始模板变量替换测试"
+    log "目标节点: $target_node"
+    
+    if [ "$target_node" = "all" ]; then
+        log "测试所有节点"
+        for node in "${!NODE_CONFIGS[@]}"; do
+            test_template_replacement "$node"
+        done
+    else
+        test_template_replacement "$target_node"
+    fi
+    
+    success "模板测试完成！"
+    log "输出目录: $OUTPUT_DIR"
+}
+
+# 显示帮助
+show_help() {
+    echo "使用方法: $0 [节点名|all]"
+    echo ""
+    echo "示例:"
+    echo "  $0 ch4        # 测试ch4节点"
+    echo "  $0 all        # 测试所有节点"
+    echo ""
+    echo "支持的节点: ${!NODE_CONFIGS[@]}"
+}
+
+if [ "$1" = "-h" ] || [ "$1" = "--help" ]; then
+    show_help
+    exit 0
+fi
+
+main "$@"