refactor: 更新项目结构和文档，移除不再使用的配置文件

- 修改README.md，更新项目特性和目录结构说明 - 重命名基础设施代码目录为tofu，并添加Docker Swarm配置目录 - 移除不再使用的Docker Compose和Traefik配置文件 - 更新Terraform配置，专注于Oracle Cloud支持，移除华为云相关配置 - 清理开发环境变量和示例文件
2025-09-20 16:49:32 +00:00
parent 7eb4a33523
commit 377f176501
45 changed files with 3278 additions and 69 deletions
--- a/configuration/playbooks/applications/gitea-runner-management.yml
+++ b/configuration/playbooks/applications/gitea-runner-management.yml
@@ -0,0 +1,95 @@
+---
+- name: Gitea Runner Management
+  hosts: hcp
+  become: yes
+  vars:
+    gitea_runner_user: "gitea-runner"
+    gitea_runner_data_dir: "/var/lib/gitea-runner"
+    gitea_runner_log_dir: "/var/log/gitea-runner"
+
+  tasks:
+    - name: Check gitea-runner service status
+      systemd:
+        name: gitea-runner
+      register: service_status
+
+    - name: Display service status
+      debug:
+        msg: |
+          Service: {{ service_status.status.ActiveState }}
+          Enabled: {{ service_status.status.UnitFileState }}
+          Main PID: {{ service_status.status.MainPID | default('N/A') }}
+
+    - name: Show recent logs
+      command: journalctl -u gitea-runner --no-pager -n 20
+      register: recent_logs
+      changed_when: false
+
+    - name: Display recent logs
+      debug:
+        var: recent_logs.stdout_lines
+
+    - name: Check runner registration
+      stat:
+        path: "{{ gitea_runner_data_dir }}/.runner"
+      register: runner_registered
+
+    - name: Display registration status
+      debug:
+        msg: "Runner registered: {{ runner_registered.stat.exists }}"
+
+    - name: Show runner configuration (if registered)
+      command: cat {{ gitea_runner_data_dir }}/.runner
+      register: runner_config
+      become_user: "{{ gitea_runner_user }}"
+      when: runner_registered.stat.exists
+      changed_when: false
+
+    - name: Display runner configuration
+      debug:
+        var: runner_config.stdout_lines
+      when: runner_registered.stat.exists
+
+    - name: Check Docker access for runner user
+      command: docker ps
+      become_user: "{{ gitea_runner_user }}"
+      register: docker_access
+      changed_when: false
+      failed_when: false
+
+    - name: Display Docker access status
+      debug:
+        msg: |
+          Docker access: {{ 'OK' if docker_access.rc == 0 else 'FAILED' }}
+          {% if docker_access.rc != 0 %}
+          Error: {{ docker_access.stderr }}
+          {% endif %}
+
+# 单独的任务用于管理服务
+- name: Service Management Tasks
+  hosts: hcp
+  become: yes
+  tasks:
+    - name: Start gitea-runner service
+      systemd:
+        name: gitea-runner
+        state: started
+      when: ansible_run_tags is defined and 'start' in ansible_run_tags
+
+    - name: Stop gitea-runner service
+      systemd:
+        name: gitea-runner
+        state: stopped
+      when: ansible_run_tags is defined and 'stop' in ansible_run_tags
+
+    - name: Restart gitea-runner service
+      systemd:
+        name: gitea-runner
+        state: restarted
+      when: ansible_run_tags is defined and 'restart' in ansible_run_tags
+
+    - name: Reload gitea-runner service
+      systemd:
+        name: gitea-runner
+        state: reloaded
+      when: ansible_run_tags is defined and 'reload' in ansible_run_tags
--- a/configuration/playbooks/applications/gitea-runner-setup.yml
+++ b/configuration/playbooks/applications/gitea-runner-setup.yml
@@ -0,0 +1,157 @@
+---
+- name: Setup Gitea Runner on HCP nodes
+  hosts: hcp
+  become: yes
+  vars:
+    gitea_runner_token: "vOrrQda6Qiet9YOj4waZVU5QgLig2J3rKp2RfoN7"
+    gitea_server_url: "http://gitea:3000"
+    gitea_runner_user: "gitea-runner"
+    gitea_runner_home: "/home/{{ gitea_runner_user }}"
+    gitea_runner_config_dir: "/etc/gitea-runner"
+    gitea_runner_data_dir: "/var/lib/gitea-runner"
+    gitea_runner_log_dir: "/var/log/gitea-runner"
+    gitea_runner_binary: "/usr/bin/act_runner"
+
+  tasks:
+    - name: Check if gitea-runner binary exists
+      stat:
+        path: "{{ gitea_runner_binary }}"
+      register: runner_binary
+
+    - name: Fail if act_runner binary not found
+      fail:
+        msg: "Act runner binary not found at {{ gitea_runner_binary }}. Please install it first."
+      when: not runner_binary.stat.exists
+
+    - name: Create gitea-runner user
+      user:
+        name: "{{ gitea_runner_user }}"
+        system: yes
+        shell: /bin/bash
+        home: "{{ gitea_runner_home }}"
+        create_home: yes
+        comment: "Gitea Runner Service User"
+
+    - name: Create gitea-runner directories
+      file:
+        path: "{{ item }}"
+        state: directory
+        owner: "{{ gitea_runner_user }}"
+        group: "{{ gitea_runner_user }}"
+        mode: '0755'
+      loop:
+        - "{{ gitea_runner_config_dir }}"
+        - "{{ gitea_runner_data_dir }}"
+        - "{{ gitea_runner_log_dir }}"
+
+    - name: Create gitea-runner configuration file
+      template:
+        src: gitea-runner-config.yml.j2
+        dest: "{{ gitea_runner_config_dir }}/config.yml"
+        owner: "{{ gitea_runner_user }}"
+        group: "{{ gitea_runner_user }}"
+        mode: '0600'
+      notify: restart gitea-runner
+
+    - name: Create gitea-runner systemd service file
+      template:
+        src: gitea-runner.service.j2
+        dest: /etc/systemd/system/gitea-runner.service
+        owner: root
+        group: root
+        mode: '0644'
+      notify:
+        - reload systemd
+        - restart gitea-runner
+
+    - name: Create gitea-runner environment file
+      template:
+        src: gitea-runner.env.j2
+        dest: /etc/default/gitea-runner
+        owner: root
+        group: root
+        mode: '0600'
+      notify: restart gitea-runner
+
+    - name: Create runner registration script
+      template:
+        src: register-runner.sh.j2
+        dest: "{{ gitea_runner_home }}/register-runner.sh"
+        owner: "{{ gitea_runner_user }}"
+        group: "{{ gitea_runner_user }}"
+        mode: '0755'
+
+    - name: Check if runner is already registered
+      stat:
+        path: "{{ gitea_runner_data_dir }}/.runner"
+      register: runner_registered
+
+    - name: Register gitea runner
+      command: "{{ gitea_runner_home }}/register-runner.sh"
+      become_user: "{{ gitea_runner_user }}"
+      when: not runner_registered.stat.exists
+      register: registration_result
+
+    - name: Display registration result
+      debug:
+        var: registration_result.stdout_lines
+      when: registration_result is defined and registration_result.stdout_lines is defined
+
+    - name: Create runner startup script
+      template:
+        src: start-runner.sh.j2
+        dest: "{{ gitea_runner_home }}/start-runner.sh"
+        owner: "{{ gitea_runner_user }}"
+        group: "{{ gitea_runner_user }}"
+        mode: '0755'
+
+    - name: Create logrotate configuration for gitea-runner
+      template:
+        src: gitea-runner.logrotate.j2
+        dest: /etc/logrotate.d/gitea-runner
+        owner: root
+        group: root
+        mode: '0644'
+
+    - name: Install Docker (required for runner)
+      package:
+        name: docker.io
+        state: present
+
+    - name: Add gitea-runner user to docker group
+      user:
+        name: "{{ gitea_runner_user }}"
+        groups: docker
+        append: yes
+
+    - name: Start and enable Docker service
+      systemd:
+        name: docker
+        state: started
+        enabled: yes
+
+    - name: Start and enable gitea-runner service
+      systemd:
+        name: gitea-runner
+        state: started
+        enabled: yes
+        daemon_reload: yes
+
+    - name: Check gitea-runner service status
+      systemd:
+        name: gitea-runner
+      register: service_status
+
+    - name: Display service status
+      debug:
+        msg: "Gitea Runner service is {{ service_status.status.ActiveState }}"
+
+  handlers:
+    - name: reload systemd
+      systemd:
+        daemon_reload: yes
+
+    - name: restart gitea-runner
+      systemd:
+        name: gitea-runner
+        state: restarted
--- a/configuration/playbooks/applications/templates/gitea-runner-config.yml.j2
+++ b/configuration/playbooks/applications/templates/gitea-runner-config.yml.j2
@@ -0,0 +1,50 @@
+# Gitea Runner Configuration
+log:
+  level: info
+  file: {{ gitea_runner_log_dir }}/runner.log
+
+runner:
+  # Runner name (will be auto-generated if not specified)
+  name: "{{ inventory_hostname }}-runner"
+  
+  # Runner capacity (number of concurrent jobs)
+  capacity: 2
+  
+  # Runner timeout
+  timeout: 3600
+  
+  # Runner labels (for job targeting)
+  labels:
+    - "ubuntu-latest:docker://ubuntu:22.04"
+    - "ubuntu-20.04:docker://ubuntu:20.04"
+    - "ubuntu-18.04:docker://ubuntu:18.04"
+    - "node:docker://node:18"
+    - "python:docker://python:3.11"
+    - "ansible:docker://quay.io/ansible/ansible-runner:latest"
+    - "opentofu:docker://opentofu/opentofu:latest"
+
+cache:
+  enabled: true
+  dir: {{ gitea_runner_data_dir }}/cache
+  host: ""
+  port: 0
+
+container:
+  # Docker network for runner containers
+  network: "gitea-runner"
+  
+  # Enable privileged containers (needed for Docker-in-Docker)
+  privileged: false
+  
+  # Container options
+  options: "--rm --pull=always"
+  
+  # Valid platforms
+  valid_volumes:
+    - "/tmp"
+    - "{{ gitea_runner_data_dir }}"
+  
+  docker_host: "unix:///var/run/docker.sock"
+
+host:
+  workdir_parent: {{ gitea_runner_data_dir }}/work
--- a/configuration/playbooks/applications/templates/gitea-runner.env.j2
+++ b/configuration/playbooks/applications/templates/gitea-runner.env.j2
@@ -0,0 +1,18 @@
+# Gitea Runner Environment Variables
+
+# Gitea server configuration
+GITEA_INSTANCE_URL={{ gitea_server_url }}
+GITEA_RUNNER_REGISTRATION_TOKEN={{ gitea_runner_token }}
+
+# Runner configuration
+GITEA_RUNNER_NAME={{ inventory_hostname }}-runner
+GITEA_RUNNER_LABELS=ubuntu-latest,ubuntu-20.04,ubuntu-18.04,node,python,ansible,opentofu
+
+# Docker configuration
+DOCKER_HOST=unix:///var/run/docker.sock
+
+# Logging
+GITEA_RUNNER_LOG_LEVEL=info
+
+# Security
+GITEA_RUNNER_SECURITY_PRIVILEGED=false
--- a/configuration/playbooks/applications/templates/gitea-runner.logrotate.j2
+++ b/configuration/playbooks/applications/templates/gitea-runner.logrotate.j2
@@ -0,0 +1,12 @@
+{{ gitea_runner_log_dir }}/*.log {
+    daily
+    missingok
+    rotate 30
+    compress
+    delaycompress
+    notifempty
+    create 644 {{ gitea_runner_user }} {{ gitea_runner_user }}
+    postrotate
+        systemctl reload gitea-runner || true
+    endscript
+}
--- a/configuration/playbooks/applications/templates/gitea-runner.service.j2
+++ b/configuration/playbooks/applications/templates/gitea-runner.service.j2
@@ -0,0 +1,39 @@
+[Unit]
+Description=Gitea Actions Runner
+Documentation=https://docs.gitea.io/en-us/actions/
+After=network.target docker.service
+Wants=docker.service
+
+[Service]
+Type=simple
+User={{ gitea_runner_user }}
+Group={{ gitea_runner_user }}
+WorkingDirectory={{ gitea_runner_data_dir }}
+ExecStart={{ gitea_runner_binary }} daemon --config {{ gitea_runner_config_dir }}/config.yml
+ExecReload=/bin/kill -HUP $MAINPID
+KillMode=mixed
+KillSignal=SIGINT
+TimeoutStopSec=5
+Restart=always
+RestartSec=10
+StartLimitInterval=0
+
+# Security settings
+NoNewPrivileges=yes
+PrivateTmp=yes
+ProtectSystem=strict
+ProtectHome=yes
+ReadWritePaths={{ gitea_runner_data_dir }} {{ gitea_runner_log_dir }} /var/run/docker.sock
+ProtectKernelTunables=yes
+ProtectKernelModules=yes
+ProtectControlGroups=yes
+
+# Environment
+EnvironmentFile=-/etc/default/gitea-runner
+
+# Logging
+StandardOutput=append:{{ gitea_runner_log_dir }}/gitea-runner.log
+StandardError=append:{{ gitea_runner_log_dir }}/gitea-runner-error.log
+
+[Install]
+WantedBy=multi-user.target
--- a/configuration/playbooks/applications/templates/register-runner.sh.j2
+++ b/configuration/playbooks/applications/templates/register-runner.sh.j2
@@ -0,0 +1,46 @@
+#!/bin/bash
+# Gitea Runner Registration Script
+
+set -e
+
+echo "🚀 注册 Gitea Runner..."
+
+# 配置变量
+GITEA_URL="{{ gitea_server_url }}"
+REGISTRATION_TOKEN="{{ gitea_runner_token }}"
+RUNNER_NAME="{{ inventory_hostname }}-runner"
+RUNNER_LABELS="ubuntu-latest,ubuntu-20.04,ubuntu-18.04,node,python,ansible,opentofu"
+
+# 切换到数据目录
+cd {{ gitea_runner_data_dir }}
+
+# 检查是否已经注册
+if [ -f ".runner" ]; then
+    echo "✅ Runner 已经注册"
+    exit 0
+fi
+
+echo "📝 注册 Runner: $RUNNER_NAME"
+echo "🔗 Gitea URL: $GITEA_URL"
+echo "🏷️  Labels: $RUNNER_LABELS"
+
+# 注册 Runner
+{{ gitea_runner_binary }} register \
+    --instance "$GITEA_URL" \
+    --token "$REGISTRATION_TOKEN" \
+    --name "$RUNNER_NAME" \
+    --labels "$RUNNER_LABELS"
+
+if [ $? -eq 0 ]; then
+    echo "✅ Runner 注册成功！"
+    
+    # 设置文件权限
+    chown {{ gitea_runner_user }}:{{ gitea_runner_user }} .runner .credentials
+    chmod 600 .runner .credentials
+    
+    echo "📋 Runner 信息:"
+    cat .runner
+else
+    echo "❌ Runner 注册失败"
+    exit 1
+fi
--- a/configuration/playbooks/applications/templates/start-runner.sh.j2
+++ b/configuration/playbooks/applications/templates/start-runner.sh.j2
@@ -0,0 +1,20 @@
+#!/bin/bash
+# Gitea Runner Startup Script
+
+set -e
+
+echo "🚀 启动 Gitea Runner..."
+
+# 切换到数据目录
+cd {{ gitea_runner_data_dir }}
+
+# 检查注册状态
+if [ ! -f ".runner" ]; then
+    echo "❌ Runner 未注册，请先运行注册脚本"
+    exit 1
+fi
+
+echo "✅ Runner 已注册，启动守护进程..."
+
+# 启动 Runner
+exec {{ gitea_runner_binary }} daemon --config {{ gitea_runner_config_dir }}/config.yml
--- a/configuration/roles/gitea-runner/templates/gitea-runner-config.yml.j2
+++ b/configuration/roles/gitea-runner/templates/gitea-runner-config.yml.j2
@@ -0,0 +1,50 @@
+# Gitea Runner Configuration
+log:
+  level: info
+  file: {{ gitea_runner_log_dir }}/runner.log
+
+runner:
+  # Runner name (will be auto-generated if not specified)
+  name: "{{ inventory_hostname }}-runner"
+  
+  # Runner capacity (number of concurrent jobs)
+  capacity: 2
+  
+  # Runner timeout
+  timeout: 3600
+  
+  # Runner labels (for job targeting)
+  labels:
+    - "ubuntu-latest:docker://ubuntu:22.04"
+    - "ubuntu-20.04:docker://ubuntu:20.04"
+    - "ubuntu-18.04:docker://ubuntu:18.04"
+    - "node:docker://node:18"
+    - "python:docker://python:3.11"
+    - "ansible:docker://quay.io/ansible/ansible-runner:latest"
+    - "opentofu:docker://opentofu/opentofu:latest"
+
+cache:
+  enabled: true
+  dir: {{ gitea_runner_data_dir }}/cache
+  host: ""
+  port: 0
+
+container:
+  # Docker network for runner containers
+  network: "gitea-runner"
+  
+  # Enable privileged containers (needed for Docker-in-Docker)
+  privileged: false
+  
+  # Container options
+  options: "--rm --pull=always"
+  
+  # Valid platforms
+  valid_volumes:
+    - "/tmp"
+    - "{{ gitea_runner_data_dir }}"
+  
+  docker_host: "unix:///var/run/docker.sock"
+
+host:
+  workdir_parent: {{ gitea_runner_data_dir }}/work
--- a/configuration/roles/gitea-runner/templates/gitea-runner.env.j2
+++ b/configuration/roles/gitea-runner/templates/gitea-runner.env.j2
@@ -0,0 +1,18 @@
+# Gitea Runner Environment Variables
+
+# Gitea server configuration
+GITEA_INSTANCE_URL={{ gitea_server_url }}
+GITEA_RUNNER_REGISTRATION_TOKEN={{ gitea_runner_token }}
+
+# Runner configuration
+GITEA_RUNNER_NAME={{ inventory_hostname }}-runner
+GITEA_RUNNER_LABELS=ubuntu-latest,ubuntu-20.04,ubuntu-18.04,node,python,ansible,opentofu
+
+# Docker configuration
+DOCKER_HOST=unix:///var/run/docker.sock
+
+# Logging
+GITEA_RUNNER_LOG_LEVEL=info
+
+# Security
+GITEA_RUNNER_SECURITY_PRIVILEGED=false
--- a/configuration/roles/gitea-runner/templates/gitea-runner.logrotate.j2
+++ b/configuration/roles/gitea-runner/templates/gitea-runner.logrotate.j2
@@ -0,0 +1,12 @@
+{{ gitea_runner_log_dir }}/*.log {
+    daily
+    missingok
+    rotate 30
+    compress
+    delaycompress
+    notifempty
+    create 644 {{ gitea_runner_user }} {{ gitea_runner_user }}
+    postrotate
+        systemctl reload gitea-runner || true
+    endscript
+}
--- a/configuration/roles/gitea-runner/templates/gitea-runner.service.j2
+++ b/configuration/roles/gitea-runner/templates/gitea-runner.service.j2
@@ -0,0 +1,39 @@
+[Unit]
+Description=Gitea Actions Runner
+Documentation=https://docs.gitea.io/en-us/actions/
+After=network.target docker.service
+Wants=docker.service
+
+[Service]
+Type=simple
+User={{ gitea_runner_user }}
+Group={{ gitea_runner_user }}
+WorkingDirectory={{ gitea_runner_data_dir }}
+ExecStart={{ gitea_runner_binary }} daemon --config {{ gitea_runner_config_dir }}/config.yml
+ExecReload=/bin/kill -HUP $MAINPID
+KillMode=mixed
+KillSignal=SIGINT
+TimeoutStopSec=5
+Restart=always
+RestartSec=10
+StartLimitInterval=0
+
+# Security settings
+NoNewPrivileges=yes
+PrivateTmp=yes
+ProtectSystem=strict
+ProtectHome=yes
+ReadWritePaths={{ gitea_runner_data_dir }} {{ gitea_runner_log_dir }} /var/run/docker.sock
+ProtectKernelTunables=yes
+ProtectKernelModules=yes
+ProtectControlGroups=yes
+
+# Environment
+EnvironmentFile=-/etc/default/gitea-runner
+
+# Logging
+StandardOutput=append:{{ gitea_runner_log_dir }}/gitea-runner.log
+StandardError=append:{{ gitea_runner_log_dir }}/gitea-runner-error.log
+
+[Install]
+WantedBy=multi-user.target
--- a/configuration/roles/gitea-runner/templates/register-runner.sh.j2
+++ b/configuration/roles/gitea-runner/templates/register-runner.sh.j2
@@ -0,0 +1,46 @@
+#!/bin/bash
+# Gitea Runner Registration Script
+
+set -e
+
+echo "🚀 注册 Gitea Runner..."
+
+# 配置变量
+GITEA_URL="{{ gitea_server_url }}"
+REGISTRATION_TOKEN="{{ gitea_runner_token }}"
+RUNNER_NAME="{{ inventory_hostname }}-runner"
+RUNNER_LABELS="ubuntu-latest,ubuntu-20.04,ubuntu-18.04,node,python,ansible,opentofu"
+
+# 切换到数据目录
+cd {{ gitea_runner_data_dir }}
+
+# 检查是否已经注册
+if [ -f ".runner" ]; then
+    echo "✅ Runner 已经注册"
+    exit 0
+fi
+
+echo "📝 注册 Runner: $RUNNER_NAME"
+echo "🔗 Gitea URL: $GITEA_URL"
+echo "🏷️  Labels: $RUNNER_LABELS"
+
+# 注册 Runner
+{{ gitea_runner_binary }} register \
+    --instance "$GITEA_URL" \
+    --token "$REGISTRATION_TOKEN" \
+    --name "$RUNNER_NAME" \
+    --labels "$RUNNER_LABELS"
+
+if [ $? -eq 0 ]; then
+    echo "✅ Runner 注册成功！"
+    
+    # 设置文件权限
+    chown {{ gitea_runner_user }}:{{ gitea_runner_user }} .runner .credentials
+    chmod 600 .runner .credentials
+    
+    echo "📋 Runner 信息:"
+    cat .runner
+else
+    echo "❌ Runner 注册失败"
+    exit 1
+fi
--- a/configuration/roles/gitea-runner/templates/start-runner.sh.j2
+++ b/configuration/roles/gitea-runner/templates/start-runner.sh.j2
@@ -0,0 +1,20 @@
+#!/bin/bash
+# Gitea Runner Startup Script
+
+set -e
+
+echo "🚀 启动 Gitea Runner..."
+
+# 切换到数据目录
+cd {{ gitea_runner_data_dir }}
+
+# 检查注册状态
+if [ ! -f ".runner" ]; then
+    echo "❌ Runner 未注册，请先运行注册脚本"
+    exit 1
+fi
+
+echo "✅ Runner 已注册，启动守护进程..."
+
+# 启动 Runner
+exec {{ gitea_runner_binary }} daemon --config {{ gitea_runner_config_dir }}/config.yml