feat: 添加MCP服务器测试套件和Kali Linux测试支持

refactor(consul): 将Consul集群作业文件移动到components目录 refactor(vault): 将Vault集群作业文件移动到components目录 refactor(nomad): 将Nomad NFS卷作业文件移动到components目录 fix(ssh): 修复浏览器主机的SSH密钥认证配置 fix(ansible): 更新Ansible配置以支持SSH密钥认证 test: 添加全面的MCP服务器测试脚本和报告 test: 添加Kali Linux测试套件和健康检查 test: 添加自动化测试运行脚本 docs: 更新README以包含测试说明和经验教训 docs: 添加Vault部署指南和测试文档 chore: 更新Makefile添加测试相关命令
2025-09-29 14:00:22 +00:00
parent f72b17a34f
commit c0064b2cad
72 changed files with 6326 additions and 109 deletions
--- a/components/vault/jobs/vault-cluster-exec.nomad
+++ b/components/vault/jobs/vault-cluster-exec.nomad
@@ -0,0 +1,211 @@
+job "vault-cluster-exec" {
+  datacenters = ["dc1"]
+  type = "service"
+
+  group "vault-master" {
+    count = 1
+
+    constraint {
+      attribute = "${node.unique.name}"
+      value = "kr-master"
+    }
+
+    network {
+      port "api" {
+        static = 8200
+      }
+      port "cluster" {
+        static = 8201
+      }
+    }
+
+    task "vault" {
+      driver = "exec"
+
+      config {
+        command = "vault"
+        args = [
+          "server",
+          "-config=/opt/nomad/data/vault/config/vault.hcl"
+        ]
+      }
+
+      template {
+        data = <<EOH
+storage "consul" {
+  address = "127.0.0.1:8500"
+  path    = "vault/"
+}
+
+listener "tcp" {
+  address     = "0.0.0.0:8200"
+  tls_disable = 1  # 生产环境应启用TLS
+}
+
+api_addr = "http://{{ env "NOMAD_IP_api" }}:8200"
+cluster_addr = "http://{{ env "NOMAD_IP_cluster" }}:8201"
+
+ui = true
+disable_mlock = true
+EOH
+        destination = "/opt/nomad/data/vault/config/vault.hcl"
+      }
+
+      resources {
+        cpu    = 500
+        memory = 1024
+      }
+
+      service {
+        name = "vault"
+        port = "api"
+        
+        check {
+          name     = "vault-health"
+          type     = "http"
+          path     = "/v1/sys/health"
+          interval = "10s"
+          timeout  = "2s"
+        }
+      }
+    }
+  }
+
+  group "vault-ash3c" {
+    count = 1
+
+    constraint {
+      attribute = "${node.unique.name}"
+      value = "us-ash3c"
+    }
+
+    network {
+      port "api" {
+        static = 8200
+      }
+      port "cluster" {
+        static = 8201
+      }
+    }
+
+    task "vault" {
+      driver = "exec"
+
+      config {
+        command = "vault"
+        args = [
+          "server",
+          "-config=/opt/nomad/data/vault/config/vault.hcl"
+        ]
+      }
+
+      template {
+        data = <<EOH
+storage "consul" {
+  address = "127.0.0.1:8500"
+  path    = "vault/"
+}
+
+listener "tcp" {
+  address     = "0.0.0.0:8200"
+  tls_disable = 1  # 生产环境应启用TLS
+}
+
+api_addr = "http://{{ env "NOMAD_IP_api" }}:8200"
+cluster_addr = "http://{{ env "NOMAD_IP_cluster" }}:8201"
+
+ui = true
+disable_mlock = true
+EOH
+        destination = "/opt/nomad/data/vault/config/vault.hcl"
+      }
+
+      resources {
+        cpu    = 500
+        memory = 1024
+      }
+
+      service {
+        name = "vault"
+        port = "api"
+        
+        check {
+          name     = "vault-health"
+          type     = "http"
+          path     = "/v1/sys/health"
+          interval = "10s"
+          timeout  = "2s"
+        }
+      }
+    }
+  }
+
+  group "vault-warden" {
+    count = 1
+
+    constraint {
+      attribute = "${node.unique.name}"
+      value = "bj-warden"
+    }
+
+    network {
+      port "api" {
+        static = 8200
+      }
+      port "cluster" {
+        static = 8201
+      }
+    }
+
+    task "vault" {
+      driver = "exec"
+
+      config {
+        command = "vault"
+        args = [
+          "server",
+          "-config=/opt/nomad/data/vault/config/vault.hcl"
+        ]
+      }
+
+      template {
+        data = <<EOH
+storage "consul" {
+  address = "127.0.0.1:8500"
+  path    = "vault/"
+}
+
+listener "tcp" {
+  address     = "0.0.0.0:8200"
+  tls_disable = 1  # 生产环境应启用TLS
+}
+
+api_addr = "http://{{ env "NOMAD_IP_api" }}:8200"
+cluster_addr = "http://{{ env "NOMAD_IP_cluster" }}:8201"
+
+ui = true
+disable_mlock = true
+EOH
+        destination = "/opt/nomad/data/vault/config/vault.hcl"
+      }
+
+      resources {
+        cpu    = 500
+        memory = 1024
+      }
+
+      service {
+        name = "vault"
+        port = "api"
+        
+        check {
+          name     = "vault-health"
+          type     = "http"
+          path     = "/v1/sys/health"
+          interval = "10s"
+          timeout  = "2s"
+        }
+      }
+    }
+  }
+}
--- a/components/vault/jobs/vault-cluster-podman.nomad
+++ b/components/vault/jobs/vault-cluster-podman.nomad
@@ -0,0 +1,94 @@
+job "vault-cluster" {
+  datacenters = ["dc1"]
+  type = "service"
+
+  group "vault-servers" {
+    count = 3
+
+    constraint {
+      attribute = "${node.unique.name}"
+      operator  = "regexp"
+      value     = "(warden|ash3c|master)"
+    }
+
+    task "vault" {
+      driver = "podman"
+
+      config {
+        image = "hashicorp/vault:latest"
+        ports = ["api", "cluster"]
+        
+        # 确保容器在退出时不会自动重启
+        command = "vault"
+        args = [
+          "server",
+          "-config=/vault/config/vault.hcl"
+        ]
+        
+        # 容器网络设置
+        network_mode = "host"
+        
+        # 安全设置
+        cap_add = ["IPC_LOCK"]
+      }
+
+      template {
+        data = <<EOH
+storage "consul" {
+  address = "127.0.0.1:8500"
+  path    = "vault/"
+  token   = "{{ with secret "consul/creds/vault" }}{{ .Data.token }}{{ end }}"
+}
+
+listener "tcp" {
+  address     = "0.0.0.0:8200"
+  tls_disable = 1  # 生产环境应启用TLS
+}
+
+api_addr = "http://{{ env "NOMAD_IP_api" }}:8200"
+cluster_addr = "http://{{ env "NOMAD_IP_cluster" }}:8201"
+
+ui = true
+disable_mlock = true
+EOH
+        destination = "vault/config/vault.hcl"
+      }
+
+      volume_mount {
+        volume      = "vault-data"
+        destination = "/vault/data"
+        read_only   = false
+      }
+
+      resources {
+        cpu    = 500
+        memory = 1024
+        
+        network {
+          mbits = 10
+          port "api" { static = 8200 }
+          port "cluster" { static = 8201 }
+        }
+      }
+
+      service {
+        name = "vault"
+        port = "api"
+        
+        check {
+          name     = "vault-health"
+          type     = "http"
+          path     = "/v1/sys/health"
+          interval = "10s"
+          timeout  = "2s"
+        }
+      }
+    }
+
+    volume "vault-data" {
+      type      = "host"
+      read_only = false
+      source    = "vault-data"
+    }
+  }
+}