Clean repository: organized structure and GitOps setup

- Organized root directory structure - Moved orphan files to proper locations - Updated .gitignore to ignore temporary files - Set up Gitea Runner for GitOps automation - Fixed Tailscale access issues - Added workflow for automated Nomad deployment
2025-10-09 06:13:45 +00:00
commit 89ee6f7967
306 changed files with 30781 additions and 0 deletions
--- a/deployment/terraform/environments/dev/instance_status.tf
+++ b/deployment/terraform/environments/dev/instance_status.tf
@@ -0,0 +1,91 @@
+# 查看Oracle云实例状态脚本
+# 用于查看美国区和韩国区的实例状态
+
+# 韩国区配置 - 使用默认provider
+# 美国区配置 - 使用us alias
+
+# 获取韩国区的所有实例
+data "oci_core_instances" "korea_instances" {
+  compartment_id = data.consul_keys.oracle_config.var.tenancy_ocid
+  
+  filter {
+    name   = "lifecycle_state"
+    values = ["RUNNING", "STOPPED", "STOPPING", "STARTING"]
+  }
+}
+
+# 获取美国区的所有实例
+data "oci_core_instances" "us_instances" {
+  provider       = oci.us
+  compartment_id = data.consul_keys.oracle_config_us.var.tenancy_ocid
+  
+  filter {
+    name   = "lifecycle_state"
+    values = ["RUNNING", "STOPPED", "STOPPING", "STARTING"]
+  }
+}
+
+# 获取韩国区实例的详细信息
+data "oci_core_instance" "korea_instance_details" {
+  count       = length(data.oci_core_instances.korea_instances.instances)
+  instance_id = data.oci_core_instances.korea_instances.instances[count.index].id
+}
+
+# 获取美国区实例的详细信息
+data "oci_core_instance" "us_instance_details" {
+  provider    = oci.us
+  count       = length(data.oci_core_instances.us_instances.instances)
+  instance_id = data.oci_core_instances.us_instances.instances[count.index].id
+}
+
+# 输出韩国区实例信息
+output "korea_instances" {
+  description = "韩国区实例状态"
+  value = {
+    count = length(data.oci_core_instances.korea_instances.instances)
+    instances = [
+      for instance in data.oci_core_instance.korea_instance_details : {
+        id           = instance.id
+        name         = instance.display_name
+        state        = instance.state
+        shape        = instance.shape
+        region       = "ap-chuncheon-1"
+        ad           = instance.availability_domain
+        public_ip    = instance.public_ip
+        private_ip   = instance.private_ip
+        time_created = instance.time_created
+      }
+    ]
+  }
+}
+
+# 输出美国区实例信息
+output "us_instances" {
+  description = "美国区实例状态"
+  value = {
+    count = length(data.oci_core_instances.us_instances.instances)
+    instances = [
+      for instance in data.oci_core_instance.us_instance_details : {
+        id           = instance.id
+        name         = instance.display_name
+        state        = instance.state
+        shape        = instance.shape
+        region       = "us-ashburn-1"
+        ad           = instance.availability_domain
+        public_ip    = instance.public_ip
+        private_ip   = instance.private_ip
+        time_created = instance.time_created
+      }
+    ]
+  }
+}
+
+# 输出总计信息
+output "summary" {
+  description = "实例总计信息"
+  value = {
+    total_instances = length(data.oci_core_instances.korea_instances.instances) + length(data.oci_core_instances.us_instances.instances)
+    korea_count    = length(data.oci_core_instances.korea_instances.instances)
+    us_count       = length(data.oci_core_instances.us_instances.instances)
+  }
+}
--- a/deployment/terraform/environments/dev/main.tf
+++ b/deployment/terraform/environments/dev/main.tf
@@ -0,0 +1,225 @@
+# 开发环境主配置文件
+
+# 引入共享版本配置
+terraform {
+  required_version = ">= 1.6"
+  
+  required_providers {
+    # Oracle Cloud Infrastructure
+    oci = {
+      source  = "oracle/oci"
+      version = "~> 7.20"
+    }
+    
+    # 其他常用提供商
+    random = {
+      source  = "hashicorp/random"
+      version = "~> 3.1"
+    }
+    
+    tls = {
+      source  = "hashicorp/tls"
+      version = "~> 4.0"
+    }
+    
+    local = {
+      source  = "hashicorp/local"
+      version = "~> 2.1"
+    }
+    
+    # Consul Provider
+    consul = {
+      source  = "hashicorp/consul"
+      version = "~> 2.22.0"
+    }
+    
+    # HashiCorp Vault Provider
+    vault = {
+      source  = "hashicorp/vault"
+      version = "~> 4.0"
+    }
+    
+    # Cloudflare Provider
+    cloudflare = {
+      source  = "cloudflare/cloudflare"
+      version = "~> 3.0"
+    }
+  }
+  
+  # 后端配置
+  backend "local" {
+    path = "terraform.tfstate"
+  }
+}
+
+# Consul Provider配置 - 使用Tailscale IP而非localhost
+provider "consul" {
+  address    = "100.116.158.95:8500"
+  scheme     = "http"
+  datacenter = "dc1"
+}
+
+# 从Consul获取Cloudflare配置
+data "consul_keys" "cloudflare_config" {
+  key {
+    name = "token"
+    path = "config/dev/cloudflare/token"
+  }
+}
+
+# Cloudflare Provider配置
+provider "cloudflare" {
+  api_token = data.consul_keys.cloudflare_config.var.token
+}
+
+# 从Consul获取Oracle Cloud配置
+data "consul_keys" "oracle_config" {
+  key {
+    name = "tenancy_ocid"
+    path = "config/dev/oracle/kr/tenancy_ocid"
+  }
+  key {
+    name = "user_ocid"
+    path = "config/dev/oracle/kr/user_ocid"
+  }
+  key {
+    name = "fingerprint"
+    path = "config/dev/oracle/kr/fingerprint"
+  }
+  key {
+    name = "private_key"
+    path = "config/dev/oracle/kr/private_key"
+  }
+}
+
+# 从Consul获取Oracle Cloud美国区域配置
+data "consul_keys" "oracle_config_us" {
+  key {
+    name = "tenancy_ocid"
+    path = "config/dev/oracle/us/tenancy_ocid"
+  }
+  key {
+    name = "user_ocid"
+    path = "config/dev/oracle/us/user_ocid"
+  }
+  key {
+    name = "fingerprint"
+    path = "config/dev/oracle/us/fingerprint"
+  }
+  key {
+    name = "private_key"
+    path = "config/dev/oracle/us/private_key"
+  }
+}
+
+# 使用从Consul获取的配置的OCI Provider
+provider "oci" {
+  tenancy_ocid     = data.consul_keys.oracle_config.var.tenancy_ocid
+  user_ocid        = data.consul_keys.oracle_config.var.user_ocid
+  fingerprint      = data.consul_keys.oracle_config.var.fingerprint
+  private_key      = file(var.oci_config.private_key_path)
+  region           = "ap-chuncheon-1"
+}
+
+# 美国区域的OCI Provider
+provider "oci" {
+  alias           = "us"
+  tenancy_ocid    = data.consul_keys.oracle_config_us.var.tenancy_ocid
+  user_ocid       = data.consul_keys.oracle_config_us.var.user_ocid
+  fingerprint     = data.consul_keys.oracle_config_us.var.fingerprint
+  private_key     = file(var.oci_config.private_key_path)
+  region          = "us-ashburn-1"
+}
+
+# Oracle Cloud 基础设施
+module "oracle_cloud" {
+  source = "../../providers/oracle-cloud"
+  
+  # 传递变量
+  environment    = var.environment
+  project_name   = var.project_name
+  owner          = var.owner
+  vpc_cidr       = var.vpc_cidr
+  availability_zones = var.availability_zones
+  common_tags    = var.common_tags
+  
+  # 使用从Consul获取的配置
+  oci_config = {
+    tenancy_ocid     = data.consul_keys.oracle_config.var.tenancy_ocid
+    user_ocid        = data.consul_keys.oracle_config.var.user_ocid
+    fingerprint      = data.consul_keys.oracle_config.var.fingerprint
+    private_key_path = var.oci_config.private_key_path
+    region           = "ap-chuncheon-1"
+    compartment_ocid = ""
+  }
+  
+  # 开发环境特定配置
+  instance_count = 1
+  instance_size  = "VM.Standard.E2.1.Micro"  # 免费层
+}
+
+# 输出
+output "oracle_cloud_outputs" {
+  description = "Oracle Cloud 基础设施输出"
+  value       = module.oracle_cloud
+}
+
+# Nomad 多数据中心集群
+module "nomad_cluster" {
+  source = "../../modules/nomad-cluster"
+  
+  # 部署控制变量 - 禁用所有计算资源创建
+  deploy_korea_node = false
+  deploy_us_node    = false  # 暂时禁用美国节点
+  
+  # Oracle Cloud 配置
+  oracle_config = {
+    tenancy_ocid     = data.consul_keys.oracle_config.var.tenancy_ocid
+    user_ocid        = data.consul_keys.oracle_config.var.user_ocid
+    fingerprint      = data.consul_keys.oracle_config.var.fingerprint
+    private_key_path = var.oci_config.private_key_path
+    region           = "ap-chuncheon-1"
+    compartment_ocid = ""
+  }
+  
+  # 通用配置
+  common_tags    = var.common_tags
+  ssh_public_key = var.ssh_public_key
+  
+  # Nomad 特定配置
+  nomad_version    = "1.7.7"
+  nomad_encrypt_key = var.nomad_encrypt_key
+  
+  # Oracle Cloud 特定配置
+  oracle_availability_domain = "Uocm:AP-CHUNCHEON-1-AD-1"
+  oracle_subnet_id = module.oracle_cloud.subnet_ids[0]  # 使用第一个子网
+  
+  # 依赖关系
+  depends_on = [module.oracle_cloud]
+}
+
+# Cloudflare 连通性测试
+data "cloudflare_zones" "available" {
+  filter {
+    status = "active"
+  }
+}
+
+data "cloudflare_accounts" "available" {}
+
+# 输出 Cloudflare 连通性测试结果
+output "cloudflare_connectivity_test" {
+  description = "Cloudflare API 连通性测试结果"
+  value = {
+    zones_count = length(data.cloudflare_zones.available.zones)
+    accounts_count = length(data.cloudflare_accounts.available.accounts)
+    zones = [for zone in data.cloudflare_zones.available.zones : {
+      name = zone.name
+      id   = zone.id
+    }]
+    accounts = [for account in data.cloudflare_accounts.available.accounts : {
+      name = account.name
+      id   = account.id
+    }]
+  }
+}
--- a/deployment/terraform/environments/dev/variables.tf
+++ b/deployment/terraform/environments/dev/variables.tf
@@ -0,0 +1,169 @@
+# 开发环境变量定义
+
+variable "environment" {
+  description = "环境名称"
+  type        = string
+  default     = "dev"
+}
+
+variable "project_name" {
+  description = "项目名称"
+  type        = string
+  default     = "mgmt"
+}
+
+variable "owner" {
+  description = "项目所有者"
+  type        = string
+  default     = "ben"
+}
+
+variable "cloud_providers" {
+  description = "要启用的云服务商列表"
+  type        = list(string)
+  default     = ["oracle"]
+}
+
+variable "vpc_cidr" {
+  description = "VPC CIDR 块"
+  type        = string
+  default     = "10.0.0.0/16"
+}
+
+variable "availability_zones" {
+  description = "可用区列表"
+  type        = list(string)
+  default     = ["a", "b"]
+}
+
+variable "common_tags" {
+  description = "通用标签"
+  type        = map(string)
+  default = {
+    Environment = "dev"
+    Project     = "mgmt"
+    ManagedBy   = "terraform"
+  }
+}
+
+# Oracle Cloud 配置
+variable "oci_config" {
+  description = "Oracle Cloud 配置"
+  type = object({
+    tenancy_ocid     = string
+    user_ocid        = string
+    fingerprint      = string
+    private_key_path = string
+    region           = string
+    compartment_ocid = optional(string)
+  })
+  default = {
+    tenancy_ocid     = ""
+    user_ocid        = ""
+    fingerprint      = ""
+    private_key_path = ""
+    region           = "ap-seoul-1"
+    compartment_ocid = ""
+  }
+}
+
+# 华为云配置
+variable "huawei_config" {
+  description = "华为云配置"
+  type = object({
+    access_key = string
+    secret_key = string
+    region     = string
+    project_id = optional(string)
+  })
+  default = {
+    access_key = ""
+    secret_key = ""
+    region     = "cn-north-4"
+    project_id = ""
+  }
+  sensitive = true
+}
+
+# Google Cloud 配置
+variable "gcp_config" {
+  description = "Google Cloud 配置"
+  type = object({
+    project_id       = string
+    region           = string
+    zone             = string
+    credentials_file = string
+  })
+  default = {
+    project_id       = ""
+    region           = "asia-northeast3"
+    zone             = "asia-northeast3-a"
+    credentials_file = ""
+  }
+}
+
+# AWS 配置
+variable "aws_config" {
+  description = "AWS 配置"
+  type = object({
+    region     = string
+    access_key = string
+    secret_key = string
+  })
+  default = {
+    region     = "ap-northeast-2"
+    access_key = ""
+    secret_key = ""
+  }
+  sensitive = true
+}
+
+# DigitalOcean 配置
+variable "do_config" {
+  description = "DigitalOcean 配置"
+  type = object({
+    token  = string
+    region = string
+  })
+  default = {
+    token  = ""
+    region = "sgp1"
+  }
+  sensitive = true
+}
+
+# HashiCorp Vault 配置 - 使用Tailscale IP而非localhost
+variable "vault_config" {
+  description = "HashiCorp Vault 配置"
+  type = object({
+    address = string
+    token   = string
+  })
+  default = {
+    address = "http://100.116.158.95:8200"
+    token   = ""
+  }
+  sensitive = true
+}
+
+variable "vault_token" {
+  description = "Vault 访问令牌"
+  type        = string
+  default     = ""
+  sensitive   = true
+}
+
+# SSH 公钥配置
+variable "ssh_public_key" {
+  description = "SSH 公钥，用于访问云实例"
+  type        = string
+  default     = ""
+}
+
+# Nomad 配置
+variable "nomad_encrypt_key" {
+  description = "Nomad 集群加密密钥"
+  type        = string
+  default     = ""
+  sensitive   = true
+}