feat: 添加MCP服务器测试套件和Kali Linux测试支持

refactor(consul): 将Consul集群作业文件移动到components目录 refactor(vault): 将Vault集群作业文件移动到components目录 refactor(nomad): 将Nomad NFS卷作业文件移动到components目录 fix(ssh): 修复浏览器主机的SSH密钥认证配置 fix(ansible): 更新Ansible配置以支持SSH密钥认证 test: 添加全面的MCP服务器测试脚本和报告 test: 添加Kali Linux测试套件和健康检查 test: 添加自动化测试运行脚本 docs: 更新README以包含测试说明和经验教训 docs: 添加Vault部署指南和测试文档 chore: 更新Makefile添加测试相关命令
2025-09-29 14:00:22 +00:00
parent f72b17a34f
commit c0064b2cad
72 changed files with 6326 additions and 109 deletions
--- a/components/nomad/jobs/install-podman-driver.nomad
+++ b/components/nomad/jobs/install-podman-driver.nomad
@@ -0,0 +1,110 @@
+job "install-podman-driver" {
+  datacenters = ["dc1"]
+  type = "system"  # 在所有节点上运行
+
+  group "install" {
+    task "install-podman" {
+      driver = "exec"
+      
+      config {
+        command = "bash"
+        args = [
+          "-c",
+          <<-EOF
+            set -euo pipefail
+            export PATH="/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin"
+
+            # 依赖工具
+            if ! command -v jq >/dev/null 2>&1 || ! command -v unzip >/dev/null 2>&1 || ! command -v wget >/dev/null 2>&1; then
+              echo "Installing dependencies (jq unzip wget)..."
+              sudo -n apt update -y || true
+              sudo -n apt install -y jq unzip wget || true
+            fi
+
+            # 安装 Podman（若未安装）
+            if ! command -v podman >/dev/null 2>&1; then
+              echo "Installing Podman..."
+              sudo -n apt update -y || true
+              sudo -n apt install -y podman || true
+              sudo -n systemctl enable podman || true
+            else
+              echo "Podman already installed"
+            fi
+
+            # 启用并启动 podman.socket，确保 Nomad 可访问
+            sudo -n systemctl enable --now podman.socket || true
+            if getent group podman >/dev/null 2>&1; then
+              sudo -n usermod -aG podman nomad || true
+            fi
+
+            # 安装 Nomad Podman 驱动插件（始终确保存在）
+            PODMAN_DRIVER_VERSION="0.6.1"
+            PLUGIN_DIR="/opt/nomad/data/plugins"
+            sudo -n mkdir -p "${PLUGIN_DIR}" || true
+            cd /tmp
+            if [ ! -x "${PLUGIN_DIR}/nomad-driver-podman" ]; then
+              echo "Installing nomad-driver-podman ${PODMAN_DRIVER_VERSION}..."
+              wget -q "https://releases.hashicorp.com/nomad-driver-podman/${PODMAN_DRIVER_VERSION}/nomad-driver-podman_${PODMAN_DRIVER_VERSION}_linux_amd64.zip"
+              unzip -o "nomad-driver-podman_${PODMAN_DRIVER_VERSION}_linux_amd64.zip"
+              sudo -n mv -f nomad-driver-podman "${PLUGIN_DIR}/"
+              sudo -n chmod +x "${PLUGIN_DIR}/nomad-driver-podman"
+              sudo -n chown -R nomad:nomad "${PLUGIN_DIR}"
+              rm -f "nomad-driver-podman_${PODMAN_DRIVER_VERSION}_linux_amd64.zip"
+            else
+              echo "nomad-driver-podman already present in ${PLUGIN_DIR}"
+            fi
+
+            # 更新 /etc/nomad.d/nomad.hcl 的 plugin_dir 设置
+            if [ -f /etc/nomad.d/nomad.hcl ]; then
+              if grep -q "^plugin_dir\s*=\s*\"" /etc/nomad.d/nomad.hcl; then
+                sudo -n sed -i 's#^plugin_dir\s*=\s*\".*\"#plugin_dir = "/opt/nomad/data/plugins"#' /etc/nomad.d/nomad.hcl || true
+              else
+                echo 'plugin_dir = "/opt/nomad/data/plugins"' | sudo -n tee -a /etc/nomad.d/nomad.hcl >/dev/null || true
+              fi
+            fi
+
+            # 重启 Nomad 服务以加载插件
+            sudo -n systemctl restart nomad || true
+            echo "Waiting for Nomad to restart..."
+            sleep 15
+
+            # 检查 Podman 驱动是否被 Nomad 检测到
+            if /usr/local/bin/nomad node status -self -json 2>/dev/null | jq -r '.Drivers.podman.Detected' | grep -q "true"; then
+              echo "Podman driver successfully loaded"
+              exit 0
+            fi
+
+            echo "Podman driver not detected yet, retrying once after socket restart..."
+            sudo -n systemctl restart podman.socket || true
+            sleep 5
+            if /usr/local/bin/nomad node status -self -json 2>/dev/null | jq -r '.Drivers.podman.Detected' | grep -q "true"; then
+              echo "Podman driver successfully loaded after socket restart"
+              exit 0
+            else
+              echo "Podman driver still not detected; manual investigation may be required"
+              exit 1
+            fi
+          EOF
+        ]
+      }
+      
+      resources {
+        cpu = 200
+        memory = 256
+      }
+      
+      // 以root权限运行
+      // user = "root"
+      # 使用 nomad 用户运行任务，避免客户端策略禁止 root
+      user = "nomad"
+      
+      # 确保任务成功完成
+      restart {
+        attempts = 1
+        interval = "24h"
+        delay = "60s"
+        mode = "fail"
+      }
+    }
+  }
+}
--- a/components/nomad/jobs/nomad-nfs-volume.nomad
+++ b/components/nomad/jobs/nomad-nfs-volume.nomad
@@ -0,0 +1,34 @@
+job "nfs-volume-example" {
+  datacenters = ["dc1"]
+  type = "service"
+
+  group "nfs-app" {
+    count = 1
+
+    volume "nfs-shared" {
+      type      = "host"
+      source    = "nfs-shared"
+      read_only = false
+    }
+
+    task "app" {
+      driver = "podman"
+
+      config {
+        image = "alpine:latest"
+        args = ["tail", "-f", "/dev/null"]
+      }
+
+      volume_mount {
+        volume      = "nfs-shared"
+        destination = "/shared"
+        read_only   = false
+      }
+
+      resources {
+        cpu    = 100
+        memory = 64
+      }
+    }
+  }
+}