ben/mgmt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(监控): 添加Telegraf监控配置和磁盘监控脚本

Browse Source 
refactor(容器): 从Docker迁移到Podman并更新Nomad配置

fix(配置): 修复代理和别名配置问题

docs(文档): 更新配置文件和脚本注释

chore(清理): 移除不再使用的Consul和Docker相关文件
This commit is contained in:
Houzhong Xu
2025-09-24 03:46:30 +00:00
parent 3f45ad8361
commit d0e7f64c1d
92 changed files with 3552 additions and 7737 deletions
Download Patch File Download Diff File Expand all files Collapse all files

467
scripts/setup/setup-gitea-integration.sh
View File

@@ -1,467 +0,0 @@
#!/bin/bash
# Gitea 集成设置脚本
set -e
echo "🔗 设置 Gitea 集成..."
# 配置变量
GITEA_HOST="gitea"
GITEA_USER="ben"
GITEA_SSH_URL="git@${GITEA_HOST}"
REPO_NAME="mgmt"
GITEA_HTTP_URL="http://${GITEA_HOST}:3000"
# 检查 SSH 连接
echo "🔍 检查 Gitea SSH 连接..."
if ssh -o ConnectTimeout=5 -o BatchMode=yes "${GITEA_SSH_URL}" 2>&1 | grep -q "successfully authenticated"; then
echo "✅ SSH 连接正常"
else
echo "❌ SSH 连接失败,请检查:"
echo " 1. Gitea 服务是否运行"
echo " 2. SSH 密钥是否已添加到 Gitea"
echo " 3. 网络连接是否正常"
exit 1
fi
# 检查是否已经是 Git 仓库
if [ ! -d ".git" ]; then
echo "📦 初始化 Git 仓库..."
git init
git config user.name "${GITEA_USER}"
git config user.email "${GITEA_USER}@example.com"
else
echo "✅ Git 仓库已存在"
fi
# 检查远程仓库配置
if git remote get-url origin >/dev/null 2>&1; then
CURRENT_ORIGIN=$(git remote get-url origin)
echo " 当前远程仓库: $CURRENT_ORIGIN"
if [[ "$CURRENT_ORIGIN" != *"${GITEA_HOST}"* ]]; then
echo "🔄 更新远程仓库地址..."
git remote set-url origin "${GITEA_SSH_URL}:${GITEA_USER}/${REPO_NAME}.git"
fi
else
echo " 添加远程仓库..."
git remote add origin "${GITEA_SSH_URL}:${GITEA_USER}/${REPO_NAME}.git"
fi
# 创建 .gitignore
echo "📝 创建 .gitignore..."
cat > .gitignore << 'EOF'
# OpenTofu/Terraform
*.tfstate
*.tfstate.*
*.tfvars
!*.tfvars.example
.terraform/
.terraform.lock.hcl
crash.log
crash.*.log
# Ansible
*.retry
.vault_pass
host_vars/*/vault.yml
group_vars/*/vault.yml
# Docker
.env
docker-compose.override.yml
# IDE
.vscode/
.idea/
*.swp
*.swo
*~
# OS
.DS_Store
Thumbs.db
# Logs
*.log
logs/
# Temporary files
tmp/
temp/
.tmp/
# Backup files
backup-*/
*.bak
# Secrets
secrets/
*.pem
*.key
*.crt
!*.example.*
# Node modules (if any)
node_modules/
# Python
__pycache__/
*.pyc
*.pyo
*.pyd
.Python
env/
venv/
.venv/
pip-log.txt
pip-delete-this-directory.txt
.tox/
.coverage
.coverage.*
.cache
nosetests.xml
coverage.xml
*.cover
*.log
.git
.mypy_cache
.pytest_cache
.hypothesis
# Local development
.local/
local-*
EOF
# 创建 Gitea Actions 工作流
echo "🔄 创建 Gitea Actions 工作流..."
# 基础设施 CI/CD
cat > .gitea/workflows/infrastructure.yml << 'EOF'
name: Infrastructure CI/CD
on:
push:
branches: [ main, develop ]
paths:
- 'infrastructure/**'
- '.gitea/workflows/infrastructure.yml'
pull_request:
branches: [ main ]
paths:
- 'infrastructure/**'
jobs:
validate:
runs-on: ubuntu-latest
name: Validate Infrastructure
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup OpenTofu
uses: opentofu/setup-opentofu@v1
with:
tofu_version: 1.10.6
- name: Validate OpenTofu configurations
run: |
for dir in infrastructure/providers/*/; do
if [ -d "$dir" ]; then
echo "Validating $dir"
cd "$dir"
tofu init -backend=false
tofu validate
cd - > /dev/null
fi
done
- name: Check formatting
run: |
tofu fmt -check -recursive infrastructure/
- name: Security scan
run: |
# 这里可以添加 tfsec 或 checkov 扫描
echo "Security scan placeholder"
plan:
runs-on: ubuntu-latest
name: Plan Infrastructure
needs: validate
if: github.event_name == 'pull_request'
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup OpenTofu
uses: opentofu/setup-opentofu@v1
with:
tofu_version: 1.10.6
- name: Plan infrastructure changes
run: |
cd infrastructure/environments/dev
tofu init
tofu plan -var-file="terraform.tfvars" -out=tfplan
env:
# 这里需要配置云服务商的环境变量
TF_VAR_environment: dev
apply:
runs-on: ubuntu-latest
name: Apply Infrastructure
needs: validate
if: github.ref == 'refs/heads/main' && github.event_name == 'push'
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup OpenTofu
uses: opentofu/setup-opentofu@v1
with:
tofu_version: 1.10.6
- name: Apply infrastructure changes
run: |
cd infrastructure/environments/dev
tofu init
tofu apply -var-file="terraform.tfvars" -auto-approve
env:
TF_VAR_environment: dev
EOF
# 应用部署工作流
cat > .gitea/workflows/deploy.yml << 'EOF'
name: Application Deployment
on:
push:
branches: [ main ]
paths:
- 'configuration/**'
- 'containers/**'
- '.gitea/workflows/deploy.yml'
workflow_dispatch:
inputs:
environment:
description: 'Target environment'
required: true
default: 'dev'
type: choice
options:
- dev
- staging
- production
jobs:
ansible-check:
runs-on: ubuntu-latest
name: Ansible Syntax Check
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup Python
uses: actions/setup-python@v4
with:
python-version: '3.11'
- name: Install Ansible
run: |
pip install ansible ansible-core
ansible-galaxy collection install community.general
ansible-galaxy collection install ansible.posix
ansible-galaxy collection install community.docker
- name: Ansible syntax check
run: |
cd configuration
for playbook in playbooks/*/*.yml; do
if [ -f "$playbook" ]; then
echo "Checking $playbook"
ansible-playbook --syntax-check "$playbook"
fi
done
deploy:
runs-on: ubuntu-latest
name: Deploy Applications
needs: ansible-check
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup Python
uses: actions/setup-python@v4
with:
python-version: '3.11'
- name: Install Ansible
run: |
pip install ansible ansible-core
ansible-galaxy collection install community.general
ansible-galaxy collection install ansible.posix
ansible-galaxy collection install community.docker
- name: Deploy applications
run: |
cd configuration
ENV="${{ github.event.inputs.environment || 'dev' }}"
ansible-playbook -i "inventories/${ENV}/inventory.ini" playbooks/bootstrap/main.yml
env:
ANSIBLE_HOST_KEY_CHECKING: False
EOF
# Docker 构建工作流
cat > .gitea/workflows/docker.yml << 'EOF'
name: Docker Build and Deploy
on:
push:
branches: [ main ]
paths:
- 'containers/**'
- 'Dockerfile*'
- '.gitea/workflows/docker.yml'
jobs:
build:
runs-on: ubuntu-latest
name: Build Docker Images
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to Container Registry
uses: docker/login-action@v3
with:
registry: ${{ secrets.REGISTRY_URL }}
username: ${{ secrets.REGISTRY_USERNAME }}
password: ${{ secrets.REGISTRY_PASSWORD }}
- name: Build and push images
run: |
# 构建应用镜像
for dockerfile in containers/applications/*/Dockerfile; do
if [ -f "$dockerfile" ]; then
app_name=$(basename $(dirname "$dockerfile"))
echo "Building $app_name"
docker build -t "${{ secrets.REGISTRY_URL }}/$app_name:${{ github.sha }}" -f "$dockerfile" .
docker push "${{ secrets.REGISTRY_URL }}/$app_name:${{ github.sha }}"
fi
done
deploy-swarm:
runs-on: ubuntu-latest
name: Deploy to Docker Swarm
needs: build
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Deploy to Swarm
run: |
# 这里可以通过 SSH 连接到 Swarm 管理节点进行部署
echo "Deploy to Swarm placeholder"
EOF
# 创建项目配置文件
echo "⚙️ 创建项目配置文件..."
# Gitea 仓库配置
cat > .gitea/settings.yml << 'EOF'
# Gitea 仓库设置
repository:
name: mgmt
description: "基础设施管理项目 - OpenTofu + Ansible + Docker Swarm"
website: ""
default_branch: main
# 功能开关
has_issues: true
has_wiki: true
has_projects: true
has_actions: true
# 权限设置
private: false
allow_merge_commits: true
allow_squash_merge: true
allow_rebase_merge: true
delete_branch_on_merge: true
# Actions 设置
actions:
enabled: true
allow_fork_pull_request_run: true
default_actions_url: "https://gitea.com"
# 分支保护
branch_protection:
main:
enable_push: false
enable_push_whitelist: true
push_whitelist_usernames: ["ben"]
require_signed_commits: false
enable_merge_whitelist: true
merge_whitelist_usernames: ["ben"]
enable_status_check: true
status_check_contexts: ["validate", "plan"]
enable_approvals_whitelist: false
approvals_whitelist_usernames: []
block_on_rejected_reviews: true
dismiss_stale_approvals: true
require_signed_commits: false
EOF
# 添加所有文件到 Git
echo "📦 添加文件到 Git..."
git add .
# 检查是否有变更需要提交
if git diff --staged --quiet; then
echo " 没有新的变更需要提交"
else
echo "💾 提交变更..."
git commit -m "feat: 集成 OpenTofu + Ansible + Gitea CI/CD
- 重构项目目录结构
- 添加 OpenTofu 多云支持
- 配置 Ansible 自动化部署
- 集成 Gitea Actions CI/CD 流水线
- 添加 Docker Swarm 管理
- 完善监控和安全配置"
fi
# 推送到远程仓库
echo "🚀 推送到 Gitea..."
if git push -u origin main; then
echo "✅ 成功推送到 Gitea"
else
echo "⚠️ 推送失败,可能需要先在 Gitea 创建仓库"
echo " 请访问: ${GITEA_HTTP_URL}/repo/create"
echo " 创建名为 '${REPO_NAME}' 的仓库"
fi
echo ""
echo "🎉 Gitea 集成设置完成!"
echo ""
echo "📋 下一步操作:"
echo "1. 访问 Gitea: ${GITEA_HTTP_URL}/${GITEA_USER}/${REPO_NAME}"
echo "2. 配置 Actions Secrets (如果需要):"
echo " - REGISTRY_URL: 容器镜像仓库地址"
echo " - REGISTRY_USERNAME: 仓库用户名"
echo " - REGISTRY_PASSWORD: 仓库密码"
echo "3. 配置云服务商凭据 (通过 Secrets 或环境变量)"
echo "4. 测试 CI/CD 流水线"
echo ""
echo "🔗 有用的命令:"
echo " git status - 查看仓库状态"
echo " git log --oneline - 查看提交历史"
echo " git push - 推送变更"
echo " make help - 查看项目命令"

230
scripts/setup/setup-nomad-laptop.sh Executable file
View File

@@ -0,0 +1,230 @@
#!/bin/bash
# Nomad 笔记本设置脚本 - Mac/Linux 版本
# 用于将 Mac 或 Linux 笔记本加入 Nomad 集群作为 server
set -e
# 配置变量
NOMAD_VERSION="1.10.5"
NOMAD_DATACENTER="dc1"
NOMAD_ENCRYPT_KEY="NVOMDvXblgWfhtzFzOUIHnKEOrbXOkPrkIPbRGGf1YQ="
# 检测操作系统
OS=$(uname -s | tr '[:upper:]' '[:lower:]')
ARCH=$(uname -m)
case $ARCH in
x86_64) ARCH="amd64" ;;
arm64|aarch64) ARCH="arm64" ;;
*) echo "不支持的架构: $ARCH"; exit 1 ;;
esac
echo "🚀 开始设置 Nomad ($OS-$ARCH)..."
# 1. 检查 Tailscale
echo "📡 检查 Tailscale 连接..."
if ! command -v tailscale &> /dev/null; then
echo "❌ 请先安装 Tailscale"
exit 1
fi
TAILSCALE_IP=$(tailscale ip | head -1)
if [ -z "$TAILSCALE_IP" ]; then
echo "❌ Tailscale 未连接,请先运行: tailscale up"
exit 1
fi
echo "✅ Tailscale IP: $TAILSCALE_IP"
# 2. 安装 Nomad如果需要
if ! command -v nomad &> /dev/null; then
echo "📦 安装 Nomad $NOMAD_VERSION..."
if [[ "$OS" == "darwin" ]]; then
# macOS
if command -v brew &> /dev/null; then
brew install nomad
else
echo "❌ 请先安装 Homebrew 或手动安装 Nomad"
exit 1
fi
else
# Linux
NOMAD_URL="https://releases.hashicorp.com/nomad/${NOMAD_VERSION}/nomad_${NOMAD_VERSION}_${OS}_${ARCH}.zip"
curl -L "$NOMAD_URL" -o nomad.zip
unzip nomad.zip
sudo mv nomad /usr/local/bin/
rm nomad.zip
fi
fi
echo "✅ Nomad 版本: $(nomad version)"
# 3. 创建配置目录
echo "📁 创建配置目录..."
sudo mkdir -p /etc/nomad.d /opt/nomad/data
sudo chown -R $(whoami):$(id -gn) /etc/nomad.d /opt/nomad/data
# 4. 生成 Nomad 配置
echo "⚙️ 生成 Nomad 配置..."
cat > /etc/nomad.d/nomad.hcl << EOF
datacenter = "$NOMAD_DATACENTER"
data_dir = "/opt/nomad/data"
log_level = "INFO"
bind_addr = "$TAILSCALE_IP"
addresses {
http = "0.0.0.0"
rpc = "$TAILSCALE_IP"
serf = "$TAILSCALE_IP"
}
ports {
http = 4646
rpc = 4647
serf = 4648
}
server {
enabled = true
bootstrap_expect = 6
retry_join = [
"100.116.158.95", # semaphore
"100.117.106.136", # master (现在是 client)
"100.116.80.94" # ash3c (现在是 client)
]
encrypt = "$NOMAD_ENCRYPT_KEY"
}
client {
enabled = false
}
# 如果是 macOS可能需要 Docker 插件
plugin "podman" {
config {
volumes {
enabled = true
}
}
}
consul {
address = "$TAILSCALE_IP:8500"
}
EOF
echo "✅ 配置文件已生成: /etc/nomad.d/nomad.hcl"
# 5. 创建启动脚本macOS 不使用 systemd
if [[ "$OS" == "darwin" ]]; then
# macOS - 创建 LaunchDaemon
echo "🍎 创建 macOS LaunchDaemon..."
sudo tee /Library/LaunchDaemons/io.nomadproject.nomad.plist > /dev/null << EOF
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>io.nomadproject.nomad</string>
<key>ProgramArguments</key>
<array>
<string>/usr/local/bin/nomad</string>
<string>agent</string>
<string>-config=/etc/nomad.d/nomad.hcl</string>
</array>
<key>RunAtLoad</key>
<true/>
<key>KeepAlive</key>
<true/>
<key>StandardOutPath</key>
<string>/var/log/nomad.log</string>
<key>StandardErrorPath</key>
<string>/var/log/nomad.log</string>
</dict>
</plist>
EOF
# 加载并启动服务
sudo launchctl load /Library/LaunchDaemons/io.nomadproject.nomad.plist
sudo launchctl start io.nomadproject.nomad
else
# Linux - 创建 systemd 服务
echo "🐧 创建 systemd 服务..."
sudo tee /etc/systemd/system/nomad.service > /dev/null << EOF
[Unit]
Description=Nomad
Documentation=https://www.nomadproject.io/
Requires=network-online.target
After=network-online.target
[Service]
Type=notify
User=$(whoami)
Group=$(id -gn)
ExecStart=/usr/local/bin/nomad agent -config=/etc/nomad.d/nomad.hcl
ExecReload=/bin/kill -HUP \$MAINPID
KillMode=process
Restart=on-failure
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target
EOF
# 启动服务
sudo systemctl daemon-reload
sudo systemctl enable nomad
sudo systemctl start nomad
fi
# 6. 验证安装
echo "🔍 验证 Nomad 服务..."
sleep 5
if [[ "$OS" == "darwin" ]]; then
if sudo launchctl list | grep -q nomad; then
echo "✅ Nomad 服务已启动"
else
echo "❌ Nomad 服务启动失败"
exit 1
fi
else
if systemctl is-active --quiet nomad; then
echo "✅ Nomad 服务已启动"
else
echo "❌ Nomad 服务启动失败"
sudo systemctl status nomad
exit 1
fi
fi
# 7. 检查集群状态
echo "🌐 检查集群连接..."
sleep 10
if nomad server members 2>/dev/null | grep -q alive; then
echo "✅ 成功加入 Nomad 集群!"
nomad server members
else
echo "⚠️ 正在连接集群,请稍等..."
echo "可以运行以下命令检查状态:"
echo " nomad server members"
echo " nomad node status"
fi
echo ""
echo "🎉 设置完成!"
echo "📊 Web UI: http://$TAILSCALE_IP:4646"
echo "🔧 配置文件: /etc/nomad.d/nomad.hcl"
echo "📝 日志查看:"
if [[ "$OS" == "darwin" ]]; then
echo " tail -f /var/log/nomad.log"
else
echo " sudo journalctl -u nomad -f"
fi

212
scripts/setup/setup-nomad-windows.ps1 Normal file
View File

@@ -0,0 +1,212 @@
# Nomad Windows 设置脚本
# 用于将 Windows 笔记本加入 Nomad 集群作为 server
param(
[string]$NomadVersion = "1.10.5",
[string]$DataCenter = "dc1",
[string]$EncryptKey = "NVOMDvXblgWfhtzFzOUIHnKEOrbXOkPrkIPbRGGf1YQ="
)
# 需要管理员权限
if (-NOT ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")) {
Write-Host "❌ 此脚本需要管理员权限运行" -ForegroundColor Red
Write-Host "请以管理员身份运行 PowerShell" -ForegroundColor Yellow
exit 1
}
Write-Host "🚀 开始设置 Windows Nomad Server..." -ForegroundColor Green
# 1. 检查 Tailscale
Write-Host "📡 检查 Tailscale 连接..." -ForegroundColor Cyan
try {
$tailscaleIP = (tailscale ip) | Select-Object -First 1
if ([string]::IsNullOrEmpty($tailscaleIP)) {
throw "Tailscale IP 为空"
}
Write-Host "✅ Tailscale IP: $tailscaleIP" -ForegroundColor Green
} catch {
Write-Host "❌ Tailscale 未安装或未连接" -ForegroundColor Red
Write-Host "请先安装 Tailscale 并运行: tailscale up" -ForegroundColor Yellow
exit 1
}
# 2. 创建目录
Write-Host "📁 创建 Nomad 目录..." -ForegroundColor Cyan
$nomadDir = "C:\nomad"
$configDir = "$nomadDir\config"
$dataDir = "$nomadDir\data"
$binDir = "$nomadDir\bin"
New-Item -ItemType Directory -Force -Path $configDir | Out-Null
New-Item -ItemType Directory -Force -Path $dataDir | Out-Null
New-Item -ItemType Directory -Force -Path $binDir | Out-Null
# 3. 下载 Nomad如果需要
$nomadExe = "$binDir\nomad.exe"
if (-not (Test-Path $nomadExe)) {
Write-Host "📦 下载 Nomad $NomadVersion..." -ForegroundColor Cyan
$nomadUrl = "https://releases.hashicorp.com/nomad/$NomadVersion/nomad_${NomadVersion}_windows_amd64.zip"
$zipPath = "$env:TEMP\nomad.zip"
try {
Invoke-WebRequest -Uri $nomadUrl -OutFile $zipPath
Expand-Archive -Path $zipPath -DestinationPath $binDir -Force
Remove-Item $zipPath
Write-Host "✅ Nomad 下载完成" -ForegroundColor Green
} catch {
Write-Host "❌ 下载 Nomad 失败: $_" -ForegroundColor Red
exit 1
}
}
# 4. 添加到 PATH如果需要
$currentPath = [Environment]::GetEnvironmentVariable("PATH", "Machine")
if ($currentPath -notlike "*$binDir*") {
Write-Host "🔧 添加 Nomad 到系统 PATH..." -ForegroundColor Cyan
[Environment]::SetEnvironmentVariable("PATH", "$currentPath;$binDir", "Machine")
$env:PATH += ";$binDir"
}
# 5. 生成配置文件
Write-Host "⚙️ 生成 Nomad 配置..." -ForegroundColor Cyan
$configContent = @"
datacenter = "$DataCenter"
data_dir = "$($dataDir -replace '\\', '/')"
log_level = "INFO"
bind_addr = "$tailscaleIP"
addresses {
http = "0.0.0.0"
rpc = "$tailscaleIP"
serf = "$tailscaleIP"
}
ports {
http = 4646
rpc = 4647
serf = 4648
}
server {
enabled = true
bootstrap_expect = 6
retry_join = [
"100.116.158.95", # semaphore
"100.117.106.136", # master
"100.116.80.94" # ash3c
]
encrypt = "$EncryptKey"
}
client {
enabled = false
}
plugin "podman" {
config {
volumes {
enabled = true
}
}
}
consul {
address = "$tailscaleIP:8500"
}
"@
$configFile = "$configDir\nomad.hcl"
$configContent | Out-File -FilePath $configFile -Encoding UTF8
Write-Host "✅ 配置文件已生成: $configFile" -ForegroundColor Green
# 6. 创建 Windows 服务
Write-Host "🔧 创建 Windows 服务..." -ForegroundColor Cyan
# 先停止并删除现有服务(如果存在)
try {
Stop-Service -Name "Nomad" -ErrorAction SilentlyContinue
& sc.exe delete "Nomad" 2>$null
} catch {}
# 创建新服务
$serviceName = "Nomad"
$serviceDisplayName = "HashiCorp Nomad"
$serviceDescription = "HashiCorp Nomad Agent"
$serviceCommand = "`"$nomadExe`" agent -config=`"$configFile`""
try {
& sc.exe create $serviceName binPath= $serviceCommand DisplayName= $serviceDisplayName start= auto
& sc.exe description $serviceName $serviceDescription
# 配置服务恢复选项
& sc.exe failure $serviceName reset= 30 actions= restart/5000/restart/5000/restart/5000
Write-Host "✅ Windows 服务已创建" -ForegroundColor Green
} catch {
Write-Host "❌ 创建服务失败: $_" -ForegroundColor Red
exit 1
}
# 7. 启动服务
Write-Host "🚀 启动 Nomad 服务..." -ForegroundColor Cyan
try {
Start-Service -Name $serviceName
Write-Host "✅ Nomad 服务已启动" -ForegroundColor Green
} catch {
Write-Host "❌ 启动服务失败: $_" -ForegroundColor Red
Write-Host "检查服务状态: Get-Service Nomad" -ForegroundColor Yellow
exit 1
}
# 8. 验证安装
Write-Host "🔍 验证 Nomad 服务..." -ForegroundColor Cyan
Start-Sleep -Seconds 10
try {
$serviceStatus = Get-Service -Name $serviceName
if ($serviceStatus.Status -eq "Running") {
Write-Host "✅ Nomad 服务运行正常" -ForegroundColor Green
} else {
Write-Host "❌ Nomad 服务状态异常: $($serviceStatus.Status)" -ForegroundColor Red
}
} catch {
Write-Host "❌ 检查服务状态失败: $_" -ForegroundColor Red
}
# 9. 检查集群连接
Write-Host "🌐 检查集群连接..." -ForegroundColor Cyan
Start-Sleep -Seconds 15
try {
& $nomadExe server members
Write-Host "✅ 成功加入 Nomad 集群!" -ForegroundColor Green
} catch {
Write-Host "⚠️ 正在连接集群,请稍等..." -ForegroundColor Yellow
Write-Host "可以运行以下命令检查状态:" -ForegroundColor Cyan
Write-Host " nomad server members" -ForegroundColor White
Write-Host " nomad node status" -ForegroundColor White
}
# 10. 防火墙规则
Write-Host "🔥 配置防火墙规则..." -ForegroundColor Cyan
try {
New-NetFirewallRule -DisplayName "Nomad HTTP" -Direction Inbound -Protocol TCP -LocalPort 4646 -Action Allow -ErrorAction SilentlyContinue
New-NetFirewallRule -DisplayName "Nomad RPC" -Direction Inbound -Protocol TCP -LocalPort 4647 -Action Allow -ErrorAction SilentlyContinue
New-NetFirewallRule -DisplayName "Nomad Serf" -Direction Inbound -Protocol TCP -LocalPort 4648 -Action Allow -ErrorAction SilentlyContinue
Write-Host "✅ 防火墙规则已配置" -ForegroundColor Green
} catch {
Write-Host "⚠️ 防火墙规则配置可能失败,请手动检查" -ForegroundColor Yellow
}
Write-Host ""
Write-Host "🎉 Windows Nomad Server 设置完成!" -ForegroundColor Green
Write-Host "📊 Web UI: http://$tailscaleIP:4646" -ForegroundColor Cyan
Write-Host "🔧 配置文件: $configFile" -ForegroundColor Cyan
Write-Host "📝 服务管理:" -ForegroundColor Cyan
Write-Host " 启动: Start-Service Nomad" -ForegroundColor White
Write-Host " 停止: Stop-Service Nomad" -ForegroundColor White
Write-Host " 状态: Get-Service Nomad" -ForegroundColor White
Write-Host " 日志: Get-EventLog -LogName Application -Source Nomad" -ForegroundColor White

174
scripts/setup/setup-opentofu.sh
View File

@@ -1,174 +0,0 @@
#!/bin/bash
# OpenTofu 设置脚本
set -euo pipefail
# 颜色定义
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m' # No Color
# 日志函数
log_info() {
echo -e "${BLUE}[INFO]${NC} $1"
}
log_success() {
echo -e "${GREEN}[SUCCESS]${NC} $1"
}
log_warning() {
echo -e "${YELLOW}[WARNING]${NC} $1"
}
log_error() {
echo -e "${RED}[ERROR]${NC} $1"
}
# 检查 OpenTofu 是否已安装
check_opentofu() {
log_info "检查 OpenTofu 安装状态..."
if command -v tofu &> /dev/null; then
local version=$(tofu version | head -n1)
log_success "OpenTofu 已安装: $version"
return 0
else
log_error "OpenTofu 未安装"
return 1
fi
}
# 检查配置文件
check_config() {
log_info "检查配置文件..."
local config_file="tofu/environments/dev/terraform.tfvars"
if [[ ! -f "$config_file" ]]; then
log_error "配置文件不存在: $config_file"
log_info "请复制 terraform.tfvars.example 并填入实际配置"
return 1
fi
# 检查是否包含示例值
if grep -q "your_tenancy_id_here\|your_user_id_here\|your:key:fingerprint:here" "$config_file"; then
log_warning "配置文件包含示例值,请填入实际的 Oracle Cloud 配置"
log_info "需要配置以下项目:"
echo " - tenancy_ocid: Oracle Cloud 租户 OCID"
echo " - user_ocid: 用户 OCID"
echo " - fingerprint: API 密钥指纹"
echo " - private_key_path: 私钥文件路径"
echo " - compartment_ocid: 区间 OCID"
return 1
fi
log_success "配置文件检查通过"
return 0
}
# 初始化 OpenTofu
init_opentofu() {
log_info "初始化 OpenTofu..."
cd tofu/environments/dev
# 清理旧的状态文件
if [[ -d ".terraform" ]]; then
log_info "清理旧的 .terraform 目录..."
rm -rf .terraform
fi
# 初始化
if tofu init; then
log_success "OpenTofu 初始化成功"
else
log_error "OpenTofu 初始化失败"
return 1
fi
cd - > /dev/null
}
# 验证配置
validate_config() {
log_info "验证 OpenTofu 配置..."
cd tofu/environments/dev
if tofu validate; then
log_success "配置验证通过"
else
log_error "配置验证失败"
return 1
fi
cd - > /dev/null
}
# 生成计划
plan_infrastructure() {
log_info "生成基础设施计划..."
cd tofu/environments/dev
if tofu plan -var-file="terraform.tfvars" -out=tfplan; then
log_success "计划生成成功"
log_info "计划文件已保存为 tfplan"
else
log_error "计划生成失败"
return 1
fi
cd - > /dev/null
}
# 显示帮助信息
show_help() {
echo "OpenTofu 设置脚本"
echo ""
echo "用法: $0 [选项]"
echo ""
echo "选项:"
echo " init - 初始化 OpenTofu"
echo " validate - 验证配置"
echo " plan - 生成执行计划"
echo " check - 检查环境和配置"
echo " help - 显示此帮助信息"
echo ""
echo "示例:"
echo " $0 check # 检查环境"
echo " $0 init # 初始化项目"
echo " $0 plan # 生成计划"
}
# 主函数
main() {
case "${1:-help}" in
"check")
check_opentofu
check_config
;;
"init")
check_opentofu || exit 1
check_config || exit 1
init_opentofu
;;
"validate")
validate_config
;;
"plan")
check_opentofu || exit 1
check_config || exit 1
plan_infrastructure
;;
"help"|*)
show_help
;;
esac
}
# 运行主函数
main "$@"