feat: 重构基础设施配置与安全凭证管理

- 新增多个云服务商配置文件(OCI、阿里云)
- 重构Vault、Consul、Nomad等服务的部署配置
- 新增备份与恢复完美状态的脚本
- 更新安全凭证管理文档
- 优化Traefik动态配置
- 删除过时的脚本和配置文件

重构后的配置支持多区域部署，优化了服务发现和负载均衡机制，并完善了安全凭证的备份与恢复流程。

cloud_provider/terraform-alicloud-beijing/README.md

@@ -0,0 +1,79 @@
+# 阿里云北京区域 Terraform 配置
+
+## 概述
+这个目录包含阿里云北京区域的 Terraform 配置文件，主要用于 Supabase 部署。
+
+## 文件结构
+```
+terraform-alicloud-beijing/
+├── README.md                    # 本文档
+├── variables.tf                 # 变量定义
+├── terraform.tfvars            # 变量值配置
+├── alicloud-config.json        # 阿里云配置文件
+├── create_beijing_switch.tf    # 创建北京可用区I交换机
+└── check_supabase_status.tf    # 检查 Supabase 状态
+```
+
+## 配置信息
+
+### 区域信息
+- **区域**: cn-beijing (北京)
+- **VPC ID**: vpc-2ze1d10frat58rkmugz2d (bj_ipam)
+- **现有交换机**: vsw-2zert539m12zh3ipi5dlg (bj_k, cn-beijing-k)
+
+### 网络配置
+- **VPC CIDR**: 10.0.0.0/16
+- **现有交换机**: 10.0.0.0/24 (cn-beijing-k)
+- **新交换机**: 10.0.1.0/24 (cn-beijing-i)
+
+## 使用方法
+
+### 1. 创建北京可用区I交换机
+```bash
+cd /root/mgmt/cloud_provider/terraform-alicloud-beijing
+terraform init
+terraform plan -target=alicloud_vswitch.bj_i
+terraform apply -target=alicloud_vswitch.bj_i
+```
+
+### 2. 检查 Supabase 状态
+```bash
+terraform plan -target=data.alicloud_db_instances.all
+terraform apply
+terraform output db_instances_status
+terraform output creating_instances
+```
+
+### 3. 检查网络使用情况
+```bash
+terraform output network_usage
+```
+
+## 安全注意事项
+- 凭据信息已配置在 variables.tf 中
+- 建议在生产环境中使用环境变量或密钥管理系统
+- 定期轮换 AccessKey
+
+## 故障排除
+
+### 创建速度慢的可能原因
+1. **服务可用性**: Supabase 在北京区域可能服务有限
+2. **资源配额**: 检查 VPC 内资源配额
+3. **网络策略**: 可能需要特定安全组配置
+4. **权限问题**: 检查 AccessKey 权限
+
+### 检查命令
+```bash
+# 检查当前实例状态
+terraform output creating_instances
+
+# 检查网络配置
+terraform output network_usage
+
+# 查看详细状态
+terraform show
+```
+
+## 相关文档
+- [阿里云凭据配置](../../security/alicloud-credentials.md)
+- [网络分析报告](../../security/alicloud-network-analysis.md)

cloud_provider/terraform-alicloud-beijing/alicloud-config.json

@@ -0,0 +1,12 @@
+{
+  "current": "default",
+  "profiles": [
+    {
+      "name": "default",
+      "mode": "AK",
+      "access_key_id": "LTAI5tBRm7PbNFdaGZpUaLUJ",
+      "access_key_secret": "cYRaxAoE9I3MILlHRgUbowfxQzhj1D",
+      "region_id": "cn-hangzhou"
+    }
+  ]
+}

cloud_provider/terraform-alicloud-beijing/main.tf

@@ -0,0 +1,119 @@
+# 阿里云北京区域主配置文件
+
+terraform {
+  required_providers {
+    alicloud = {
+      source  = "aliyun/alicloud"
+      version = "1.260.1"
+    }
+  }
+}
+
+provider "alicloud" {
+  access_key = var.access_key
+  secret_key = var.secret_key
+  region     = var.region
+}
+
+# 创建北京可用区I的交换机
+resource "alicloud_vswitch" "bj_i" {
+  vpc_id     = var.vpc_id
+  cidr_block = "10.0.1.0/24"                # 使用不同的网段
+  zone_id    = "cn-beijing-i"               # 北京可用区I
+  vswitch_name = "${var.project_name}-${var.environment}-bj-i-supabase"
+  
+  tags = merge(var.common_tags, {
+    Name = "${var.project_name}-${var.environment}-bj-i-supabase"
+    Purpose = "Supabase deployment"
+  })
+}
+
+# 获取所有 RDS 实例（包括所有状态）
+data "alicloud_db_instances" "all" {
+  # 不限制状态，获取所有实例
+}
+
+# 注意：alicloud_db_instance 是资源类型，不是数据源
+# 我们只使用 alicloud_db_instances 数据源来获取实例列表
+
+# 检查 VPC 和交换机使用情况
+data "alicloud_vpcs" "all" {}
+
+data "alicloud_vswitches" "all" {}
+
+# 输出新创建的交换机信息
+output "new_vswitch_id" {
+  value = alicloud_vswitch.bj_i.id
+  description = "新创建的北京可用区I交换机ID"
+}
+
+output "new_vswitch_name" {
+  value = alicloud_vswitch.bj_i.vswitch_name
+  description = "新创建的北京可用区I交换机名称"
+}
+
+# 输出所有数据库实例状态
+output "db_instances_status" {
+  value = {
+    for instance in data.alicloud_db_instances.all.instances : instance.id => {
+      name           = instance.db_instance_description
+      status         = instance.db_instance_status
+      engine         = instance.engine
+      engine_version = instance.engine_version
+      create_time    = instance.create_time
+      expire_time    = instance.expire_time
+      vpc_id         = instance.vpc_id
+      vswitch_id     = instance.vswitch_id
+    }
+  }
+  description = "所有数据库实例状态"
+}
+
+# 检查是否有正在创建的实例
+output "creating_instances" {
+  value = [
+    for instance in data.alicloud_db_instances.all.instances : {
+      id     = instance.id
+      name   = instance.db_instance_description
+      status = instance.db_instance_status
+      create_time = instance.create_time
+    } if contains(["Creating", "DBInstanceClassChanging", "Transing", "Pending"], instance.db_instance_status)
+  ]
+  description = "正在创建的数据库实例"
+}
+
+# 输出所有实例状态（用于调试）
+output "all_instances_debug" {
+  value = [
+    for instance in data.alicloud_db_instances.all.instances : {
+      id     = instance.id
+      name   = instance.db_instance_description
+      status = instance.db_instance_status
+      create_time = instance.create_time
+      engine = instance.engine
+    }
+  ]
+  description = "所有数据库实例状态（调试用）"
+}
+
+# 输出网络使用情况
+output "network_usage" {
+  value = {
+    vpcs = {
+      for vpc in data.alicloud_vpcs.all.vpcs : vpc.id => {
+        name = vpc.vpc_name
+        cidr = vpc.cidr_block
+        status = vpc.status
+      }
+    }
+    vswitches = {
+      for vswitch in data.alicloud_vswitches.all.vswitches : vswitch.id => {
+        name = vswitch.vswitch_name
+        vpc_id = vswitch.vpc_id
+        zone_id = vswitch.zone_id
+        status = vswitch.status
+      }
+    }
+  }
+  description = "网络资源使用情况"
+}

cloud_provider/terraform-alicloud-beijing/variables.tf

@@ -0,0 +1,50 @@
+# 阿里云北京区域变量定义
+
+variable "access_key" {
+  description = "阿里云 AccessKey ID"
+  type        = string
+  default     = "LTAI5tBRm7PbNFdaGZpUaLUJ"
+  sensitive   = true
+}
+
+variable "secret_key" {
+  description = "阿里云 AccessKey Secret"
+  type        = string
+  default     = "cYRaxAoE9I3MILlHRgUbowfxQzhj1D"
+  sensitive   = true
+}
+
+variable "region" {
+  description = "阿里云区域"
+  type        = string
+  default     = "cn-beijing"
+}
+
+variable "vpc_id" {
+  description = "VPC ID"
+  type        = string
+  default     = "vpc-2ze1d10frat58rkmugz2d"
+}
+
+variable "project_name" {
+  description = "项目名称"
+  type        = string
+  default     = "mgmt"
+}
+
+variable "environment" {
+  description = "环境名称"
+  type        = string
+  default     = "dev"
+}
+
+variable "common_tags" {
+  description = "通用标签"
+  type        = map(string)
+  default = {
+    Project     = "mgmt"
+    Environment = "dev"
+    Owner       = "ben"
+    ManagedBy   = "terraform"
+  }
+}

cloud_provider/terraform-oci-kr-chuncheon/main.tf

@@ -0,0 +1,57 @@
+# 韩国春川节点 Oracle Cloud 配置
+terraform {
+  required_providers {
+    oci = {
+      source  = "oracle/oci"
+      version = "~> 7.20.0"
+    }
+  }
+}
+
+# 韩国春川区域 OCI Provider
+provider "oci" {
+  tenancy_ocid     = "ocid1.tenancy.oc1..aaaaaaaawfv2wd54ly75ppfjgdgap7rtd3vhtziz25dwx23xo4rbkxnxlapq"
+  user_ocid        = "ocid1.user.oc1..aaaaaaaaqoa2my3fwh3jbayachyylqyneiveydrjliu2qz65ijlc57ehplha"
+  fingerprint      = "b1:6e:4e:5a:b6:1c:34:bf:b1:73:76:f6:9f:27:6d:99"
+  private_key_path = "./oci_api_key_kr.pem"
+  region           = "ap-chuncheon-1"
+}
+
+# 获取可用性域
+data "oci_identity_availability_domains" "kr_chuncheon_ads" {
+  compartment_id = var.tenancy_ocid
+}
+
+# 获取实例列表
+data "oci_core_instances" "kr_instances" {
+  compartment_id = var.tenancy_ocid
+}
+
+# 获取启动卷列表
+data "oci_core_boot_volumes" "kr_boot_volumes" {
+  compartment_id = var.tenancy_ocid
+  availability_domain = data.oci_identity_availability_domains.kr_chuncheon_ads.availability_domains[0].name
+}
+
+# 获取存储卷列表
+data "oci_core_volumes" "kr_volumes" {
+  compartment_id = var.tenancy_ocid
+  availability_domain = data.oci_identity_availability_domains.kr_chuncheon_ads.availability_domains[0].name
+}
+
+# 输出信息
+output "kr_chuncheon_availability_domains" {
+  value = data.oci_identity_availability_domains.kr_chuncheon_ads.availability_domains
+}
+
+output "kr_instances" {
+  value = data.oci_core_instances.kr_instances.instances
+}
+
+output "kr_boot_volumes" {
+  value = data.oci_core_boot_volumes.kr_boot_volumes.boot_volumes
+}
+
+output "kr_volumes" {
+  value = data.oci_core_volumes.kr_volumes.volumes
+}

cloud_provider/terraform-oci-kr-chuncheon/oci_config

@@ -0,0 +1,6 @@
+[DEFAULT]
+user=ocid1.user.oc1..aaaaaaaaqoa2my3fwh3jbayachyylqyneiveydrjliu2qz65ijlc57ehplha
+fingerprint=b1:6e:4e:5a:b6:1c:34:bf:b1:73:76:f6:9f:27:6d:99
+tenancy=ocid1.tenancy.oc1..aaaaaaaawfv2wd54ly75ppfjgdgap7rtd3vhtziz25dwx23xo4rbkxnxlapq
+region=ap-chuncheon-1
+key_file=./oci_api_key_kr.pem

cloud_provider/terraform-oci-kr-chuncheon/variables.tf

@@ -0,0 +1,31 @@
+# 韩国春川节点变量定义
+
+variable "tenancy_ocid" {
+  description = "Tenancy OCID"
+  type        = string
+  default     = "ocid1.tenancy.oc1..aaaaaaaawfv2wd54ly75ppfjgdgap7rtd3vhtziz25dwx23xo4rbkxnxlapq"
+}
+
+variable "user_ocid" {
+  description = "User OCID"
+  type        = string
+  default     = "ocid1.user.oc1..aaaaaaaaqoa2my3fwh3jbayachyylqyneiveydrjliu2qz65ijlc57ehplha"
+}
+
+variable "fingerprint" {
+  description = "API Key Fingerprint"
+  type        = string
+  default     = "e6:c6:e7:a3:e5:62:37:1b:ad:bb:17:db:73:5c:eb:e0"
+}
+
+variable "region" {
+  description = "Oracle Cloud Region"
+  type        = string
+  default     = "ap-chuncheon-1"
+}
+
+variable "compartment_ocid" {
+  description = "Compartment OCID"
+  type        = string
+  default     = "ocid1.tenancy.oc1..aaaaaaaawfv2wd54ly75ppfjgdgap7rtd3vhtziz25dwx23xo4rbkxnxlapq"
+}

cloud_provider/terraform-oci-us-ashburn/ash1d-health.tf

@@ -0,0 +1,43 @@
+# ash1d 健康检查和重启配置
+
+# 获取 ash1d 实例的详细信息
+data "oci_core_instance" "ash1d_detail" {
+  provider    = oci.us_check
+  instance_id = "ocid1.instance.oc1.iad.anuwcljtkbqyulqcr3ekof6jr5mnmja2gl7vfmwf6s4nnsch6t5osfhwhhfq"
+}
+
+# 获取实例的 VNIC 信息
+data "oci_core_vnic_attachments" "ash1d_vnics" {
+  provider       = oci.us_check
+  compartment_id = var.tenancy_ocid
+  instance_id    = "ocid1.instance.oc1.iad.anuwcljtkbqyulqcr3ekof6jr5mnmja2gl7vfmwf6s4nnsch6t5osfhwhhfq"
+}
+
+# 输出 ash1d 详细健康信息
+output "ash1d_health_status" {
+  value = {
+    instance_id = data.oci_core_instance.ash1d_detail.id
+    display_name = data.oci_core_instance.ash1d_detail.display_name
+    state = data.oci_core_instance.ash1d_detail.state
+    time_created = data.oci_core_instance.ash1d_detail.time_created
+    fault_domain = data.oci_core_instance.ash1d_detail.fault_domain
+    launch_mode = data.oci_core_instance.ash1d_detail.launch_mode
+    boot_volume_id = data.oci_core_instance.ash1d_detail.boot_volume_id
+    # 网络信息
+    vnics_count = length(data.oci_core_vnic_attachments.ash1d_vnics.vnic_attachments)
+  }
+  description = "ash1d 实例详细健康状态 - 检查是否需要重启"
+}
+
+# 创建一个变量来控制是否重启
+variable "reboot_ash1d" {
+  description = "设置为 true 来重启 ash1d"
+  type        = bool
+  default     = false
+}
+
+# 输出重启命令（手动执行）
+output "ash1d_reboot_command" {
+  value = "oci compute instance action --instance-id ocid1.instance.oc1.iad.anuwcljtkbqyulqcr3ekof6jr5mnmja2gl7vfmwf6s4nnsch6t5osfhwhhfq --action SOFTRESET"
+  description = "手动执行此命令来重启 ash1d（软重启，不会丢失数据）"
+}

cloud_provider/terraform-oci-us-ashburn/main.tf

@@ -0,0 +1,81 @@
+# 查看美国区 Oracle Cloud 资源
+terraform {
+  required_providers {
+    oci = {
+      source  = "oracle/oci"
+      version = "~> 7.0"
+    }
+  }
+}
+
+# 直接配置美国区域 Provider - 不依赖 Consul
+provider "oci" {
+  alias            = "us_check"
+  tenancy_ocid     = var.tenancy_ocid
+  user_ocid        = var.user_ocid
+  fingerprint      = var.fingerprint
+  private_key_path = "./oci_api_key.pem"
+  region           = "us-ashburn-1"
+}
+
+# 获取美国区域的所有实例
+data "oci_core_instances" "us_instances" {
+  provider       = oci.us_check
+  compartment_id = var.tenancy_ocid
+}
+
+# 获取美国区域的所有磁盘卷
+data "oci_core_volumes" "us_volumes" {
+  provider       = oci.us_check
+  compartment_id = var.tenancy_ocid
+}
+
+# 获取美国区域的所有启动卷
+data "oci_core_boot_volumes" "us_boot_volumes" {
+  provider            = oci.us_check
+  availability_domain = "TZXJ:US-ASHBURN-AD-1"
+  compartment_id      = var.tenancy_ocid
+}
+
+# 输出所有实例信息
+output "us_instances_status" {
+  value = {
+    for instance in data.oci_core_instances.us_instances.instances : 
+    instance.display_name => {
+      id    = instance.id
+      state = instance.state
+      shape = instance.shape
+      availability_domain = instance.availability_domain
+      time_created = instance.time_created
+    }
+  }
+  description = "美国区域所有实例状态"
+}
+
+# 输出磁盘状态 - 关键信息！
+output "us_volumes_status" {
+  value = {
+    for volume in data.oci_core_volumes.us_volumes.volumes :
+    volume.display_name => {
+      id    = volume.id
+      state = volume.state
+      size_in_gbs = volume.size_in_gbs
+      time_created = volume.time_created
+    }
+  }
+  description = "美国区域所有数据磁盘状态"
+}
+
+# 输出启动磁盘状态 - 更关键！
+output "us_boot_volumes_status" {
+  value = {
+    for boot_volume in data.oci_core_boot_volumes.us_boot_volumes.boot_volumes :
+    boot_volume.display_name => {
+      id    = boot_volume.id
+      state = boot_volume.state
+      size_in_gbs = boot_volume.size_in_gbs
+      time_created = boot_volume.time_created
+    }
+  }
+  description = "美国区域所有启动磁盘状态"
+}

cloud_provider/terraform-oci-us-ashburn/oci_config

@@ -0,0 +1,6 @@
+[DEFAULT]
+user=ocid1.user.oc1..aaaaaaaappc7zxue4dlrsjljg4fwl6wcc5smetreuvpqn72heiyvjeeqanqq
+fingerprint=73:80:50:35:b6:1d:e3:fc:68:f8:e3:e8:0b:df:79:e3
+tenancy=ocid1.tenancy.oc1..aaaaaaaayyhuf6swf2ho4s5acdpee6zssst6j7nkiri4kyfdusxzn3e7p32q
+region=us-ashburn-1
+key_file=./oci_api_key.pem

cloud_provider/terraform-oci-us-ashburn/variables.tf

@@ -0,0 +1,14 @@
+variable "tenancy_ocid" {
+  description = "Oracle Cloud 租户 OCID"
+  type        = string
+}
+
+variable "user_ocid" {
+  description = "Oracle Cloud 用户 OCID"
+  type        = string
+}
+
+variable "fingerprint" {
+  description = "API 密钥指纹"
+  type        = string
+}