feat: 重构基础设施配置与安全凭证管理
- 新增多个云服务商配置文件(OCI、阿里云) - 重构Vault、Consul、Nomad等服务的部署配置 - 新增备份与恢复完美状态的脚本 - 更新安全凭证管理文档 - 优化Traefik动态配置 - 删除过时的脚本和配置文件 重构后的配置支持多区域部署,优化了服务发现和负载均衡机制,并完善了安全凭证的备份与恢复流程。
This commit is contained in:
@@ -6,34 +6,51 @@
|
||||
```bash
|
||||
# 查看所有Oracle Cloud配置
|
||||
consul kv get -recurse config/oracle-cloud/
|
||||
consul kv get -recurse config/oracle-cloud-kr-chuncheon/
|
||||
|
||||
# 获取具体配置
|
||||
# 获取美国节点配置
|
||||
consul kv get config/oracle-cloud/user
|
||||
consul kv get config/oracle-cloud/fingerprint
|
||||
consul kv get config/oracle-cloud/tenancy
|
||||
consul kv get config/oracle-cloud/region
|
||||
consul kv get config/oracle-cloud/key_file
|
||||
|
||||
# 获取韩国节点配置
|
||||
consul kv get config/oracle-cloud-kr-chuncheon/user
|
||||
consul kv get config/oracle-cloud-kr-chuncheon/fingerprint
|
||||
consul kv get config/oracle-cloud-kr-chuncheon/tenancy
|
||||
consul kv get config/oracle-cloud-kr-chuncheon/region
|
||||
consul kv get config/oracle-cloud-kr-chuncheon/key_file
|
||||
```
|
||||
|
||||
### 存储在Vault中 (更安全)
|
||||
```bash
|
||||
# 查看Oracle Cloud配置
|
||||
# 查看美国节点配置
|
||||
vault kv get secret/oracle-cloud
|
||||
|
||||
# 查看私钥
|
||||
vault kv get secret/oracle-cloud/private-key
|
||||
|
||||
# 查看韩国节点配置
|
||||
vault kv get secret/oracle-cloud-kr-chuncheon
|
||||
vault kv get secret/oracle-cloud-kr-chuncheon/private-key
|
||||
```
|
||||
|
||||
## 📝 配置内容
|
||||
|
||||
### 基本信息
|
||||
### 美国节点 (us-ashburn-1)
|
||||
- **User OCID**: `ocid1.user.oc1..aaaaaaaappc7zxue4dlrsjljg4fwl6wcc5smetreuvpqn72heiyvjeeqanqq`
|
||||
- **Fingerprint**: `73:80:50:35:b6:1d:e3:fc:68:f8:e3:e8:0b:df:79:e3`
|
||||
- **Tenancy OCID**: `ocid1.tenancy.oc1..aaaaaaaayyhuf6swf2ho4s5acdpee6zssst6j7nkiri4kyfdusxzn3e7p32q`
|
||||
- **Region**: `us-ashburn-1`
|
||||
|
||||
### 韩国节点 (ap-chuncheon-1)
|
||||
- **User OCID**: `ocid1.user.oc1..aaaaaaaaqoa2my3fwh3jbayachyylqyneiveydrjliu2qz65ijlc57ehplha`
|
||||
- **Fingerprint**: `b1:6e:4e:5a:b6:1c:34:bf:b1:73:76:f6:9f:27:6d:99`
|
||||
- **Tenancy OCID**: `ocid1.tenancy.oc1..aaaaaaaawfv2wd54ly75ppfjgdgap7rtd3vhtziz25dwx23xo4rbkxnxlapq`
|
||||
- **Region**: `ap-chuncheon-1`
|
||||
|
||||
### 私钥
|
||||
- **存储位置**: Vault `secret/oracle-cloud/private-key`
|
||||
- **美国节点**: Vault `secret/oracle-cloud/private-key`
|
||||
- **韩国节点**: Vault `secret/oracle-cloud-kr-chuncheon/private-key`
|
||||
- **格式**: PEM格式私钥
|
||||
- **用途**: Oracle Cloud API认证
|
||||
|
||||
@@ -67,5 +84,6 @@ curl -H "X-Vault-Token: $VAULT_TOKEN" \
|
||||
|
||||
## 🏷️ 标签
|
||||
- 云提供商: Oracle Cloud Infrastructure
|
||||
- 区域: us-ashburn-1
|
||||
- 区域: us-ashburn-1, ap-chuncheon-1
|
||||
- 存储方式: Consul KV + Vault
|
||||
- 节点数量: 2个区域
|
||||
|
||||
@@ -1,46 +0,0 @@
|
||||
# Vault Keys and Tokens
|
||||
|
||||
## 🔑 Unseal Keys (5个)
|
||||
|
||||
```
|
||||
Unseal Key 1: AzvGBl4DKDVMlA4eaKCziB2vGsaRFR5lTel3MIO3H6Ym
|
||||
Unseal Key 2: 9gi5x7pctTp84NZNQJNDK+XXwBze41UR4J8m9HMyV33c
|
||||
Unseal Key 3: kKmNVr3UQ7v2TosOOQJmvvUs8r68wm+N4k7SoerZ5Xqp
|
||||
Unseal Key 4: dopmiAQGjMvcPWtj4/89oMa0vt7YMHPiktspmLNfoR/R
|
||||
Unseal Key 5: 9cf34x2neGESGAq8pSpmbiXUPbh2PXWn3J0OIDKy3Svl
|
||||
```
|
||||
|
||||
## 🎫 Root Token
|
||||
|
||||
```
|
||||
hvs.nLqetAjsC2xTXmY4WQyFmPWg
|
||||
```
|
||||
|
||||
## 📝 使用说明
|
||||
|
||||
### 解封Vault (需要3个keys)
|
||||
```bash
|
||||
export VAULT_ADDR="https://vault.git-4ta.live"
|
||||
vault operator unseal <key1>
|
||||
vault operator unseal <key2>
|
||||
vault operator unseal <key3>
|
||||
```
|
||||
|
||||
### 登录Vault
|
||||
```bash
|
||||
vault login hvs.nLqetAjsC2xTXmY4WQyFmPWg
|
||||
```
|
||||
|
||||
### 访问Vault UI
|
||||
```
|
||||
https://vault.git-4ta.live/ui/
|
||||
```
|
||||
|
||||
## 📅 创建时间
|
||||
2025-10-12 09:22 UTC
|
||||
|
||||
## 🏷️ 标签
|
||||
- Vault版本: 1.20.4
|
||||
- 存储类型: Consul
|
||||
- HA模式: 启用
|
||||
- 集群名称: vault-cluster
|
||||
Reference in New Issue
Block a user