feat: 重构项目脚本结构和文档

docs: 添加API和部署文档 refactor: 重新组织脚本目录结构 fix: 修复Nomad配置中的region设置 chore: 移除过期节点相关配置 test: 更新MCP服务器测试脚本 build: 更新Makefile以适配新脚本路径
2025-10-01 02:08:58 +00:00
parent 7ea230b072
commit e5aa00d6f9
119 changed files with 7847 additions and 203 deletions
--- a/infrastructure/configs/client/nomad-ash3c.hcl
+++ b/infrastructure/configs/client/nomad-ash3c.hcl
@@ -0,0 +1,60 @@
+datacenter = "dc1"
+data_dir = "/opt/nomad/data"
+plugin_dir = "/opt/nomad/plugins"
+log_level = "INFO"
+name = "us-ash3c"
+
+bind_addr = "100.116.80.94"
+
+addresses {
+  http = "100.116.80.94"
+  rpc  = "100.116.80.94"
+  serf = "100.116.80.94"
+}
+
+ports {
+  http = 4646
+  rpc  = 4647
+  serf = 4648
+}
+
+server {
+  enabled = false
+}
+
+client {
+  enabled = true
+  network_interface = "tailscale0"
+  # 配置七姐妹服务器地址
+  servers = [
+    "100.116.158.95:4647",  # bj-semaphore
+    "100.81.26.3:4647",     # ash1d
+    "100.103.147.94:4647",  # ash2e
+    "100.90.159.68:4647",   # ch2
+    "100.86.141.112:4647",  # ch3
+    "100.98.209.50:4647",   # bj-onecloud1
+    "100.120.225.29:4647"   # de
+  ]
+}
+
+
+plugin "nomad-driver-podman" {
+  config {
+    socket_path = "unix:///run/podman/podman.sock"
+    volumes {
+      enabled = true
+    }
+  }
+}
+
+consul {
+  address = "100.117.106.136:8500,100.116.80.94:8500,100.122.197.112:8500" # master, ash3c, warden
+}
+
+vault {
+  enabled = true
+  address = "http://100.117.106.136:8200,http://100.116.80.94:8200,http://100.122.197.112:8200" # master, ash3c, warden
+  token = "hvs.A5Fu4E1oHyezJapVllKPFsWg"
+  create_from_role = "nomad-cluster"
+  tls_skip_verify = true
+}
--- a/infrastructure/configs/client/nomad-master.hcl
+++ b/infrastructure/configs/client/nomad-master.hcl
@@ -2,6 +2,7 @@ datacenter = "dc1"
 data_dir = "/opt/nomad/data"
 plugin_dir = "/opt/nomad/plugins"
 log_level = "INFO"
+name = "kr-master"

 bind_addr = "100.117.106.136"

@@ -43,5 +44,13 @@ plugin "nomad-driver-podman" {
 }

 consul {
-  address = "100.117.106.136:8500"
+  address = "100.117.106.136:8500,100.116.80.94:8500,100.122.197.112:8500" # master, ash3c, warden
+}
+
+vault {
+  enabled = true
+  address = "http://100.117.106.136:8200,http://100.116.80.94:8200,http://100.122.197.112:8200" # master, ash3c, warden
+  token = "hvs.A5Fu4E1oHyezJapVllKPFsWg"
+  create_from_role = "nomad-cluster"
+  tls_skip_verify = true
 }
--- a/infrastructure/configs/client/nomad-warden.hcl
+++ b/infrastructure/configs/client/nomad-warden.hcl
@@ -2,13 +2,14 @@ datacenter = "dc1"
 data_dir = "/opt/nomad/data"
 plugin_dir = "/opt/nomad/plugins"
 log_level = "INFO"
+name = "bj-warden"

-bind_addr = "100.116.80.94"
+bind_addr = "100.122.197.112"

 addresses {
-  http = "100.116.80.94"
-  rpc  = "100.116.80.94"
-  serf = "100.116.80.94"
+  http = "100.122.197.112"
+  rpc  = "100.122.197.112"
+  serf = "100.122.197.112"
 }

 ports {
@@ -43,5 +44,13 @@ plugin "nomad-driver-podman" {
 }

 consul {
-  address = "100.116.80.94:8500"
+  address = "100.117.106.136:8500,100.116.80.94:8500,100.122.197.112:8500" # master, ash3c, warden
+}
+
+vault {
+  enabled = true
+  address = "http://100.117.106.136:8200,http://100.116.80.94:8200,http://100.122.197.112:8200" # master, ash3c, warden
+  token = "hvs.A5Fu4E1oHyezJapVllKPFsWg"
+  create_from_role = "nomad-cluster"
+  tls_skip_verify = true
 }
--- a/infrastructure/configs/dynamic/config.yml
+++ b/infrastructure/configs/dynamic/config.yml
@@ -1,58 +0,0 @@
-# Traefik动态配置文件
-# 这里可以添加动态路由、中间件等配置
-
-# HTTP路由示例
-http:
-  routers:
-    # 测试路由
-    test-router:
-      rule: "Host(`test.service.consul`)"
-      service: "test-service"
-      entryPoints:
-        - "https"
-      tls:
-        certResolver: "default"
-  
-  services:
-    # 测试服务
-    test-service:
-      loadBalancer:
-        servers:
-          - url: "http://127.0.0.1:8080"
-        passHostHeader: true
-
-  middlewares:
-    # 基本认证中间件
-    basic-auth:
-      basicAuth:
-        users:
-          - "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
-    
-    # 安全头中间件
-    security-headers:
-      headers:
-        sslRedirect: true
-        stsSeconds: 31536000
-        stsIncludeSubdomains: true
-        stsPreload: true
-        forceSTSHeader: true
-        customFrameOptionsValue: "SAMEORIGIN"
-        contentTypeNosniff: true
-        browserXssFilter: true
-
-# TCP路由示例
-tcp:
-  routers:
-    # TCP测试路由
-    tcp-test-router:
-      rule: "HostSNI(`*`)"
-      service: "tcp-test-service"
-      entryPoints:
-        - "https"
-  
-  services:
-    # TCP测试服务
-    tcp-test-service:
-      loadBalancer:
-        servers:
-          - address: "127.0.0.1:8080"
--- a/infrastructure/configs/server/nomad-ash1d.hcl
+++ b/infrastructure/configs/server/nomad-ash1d.hcl
@@ -0,0 +1,51 @@
+datacenter = "dc1"
+data_dir = "/opt/nomad/data"
+plugin_dir = "/opt/nomad/plugins"
+log_level = "INFO"
+name = "us-ash1d"
+
+bind_addr = "100.81.26.3"
+
+addresses {
+  http = "100.81.26.3"
+  rpc  = "100.81.26.3"
+  serf = "100.81.26.3"
+}
+
+ports {
+  http = 4646
+  rpc  = 4647
+  serf = 4648
+}
+
+server {
+  enabled = true
+  retry_join = ["us-ash1d", "ash2e", "ch2", "ch3", "onecloud1", "de"]
+}
+
+
+
+client {
+  enabled = false
+}
+
+plugin "nomad-driver-podman" {
+  config {
+    socket_path = "unix:///run/podman/podman.sock"
+    volumes {
+      enabled = true
+    }
+  }
+}
+
+consul {
+  address = "100.117.106.136:8500,100.116.80.94:8500,100.122.197.112:8500" # master, ash3c, warden
+}
+
+vault {
+  enabled = true
+  address = "http://100.117.106.136:8200,http://100.116.80.94:8200,http://100.122.197.112:8200" # master, ash3c, warden
+  token = "hvs.A5Fu4E1oHyezJapVllKPFsWg"
+  create_from_role = "nomad-cluster"
+  tls_skip_verify = true
+}
--- a/infrastructure/configs/server/nomad-ash2e.hcl
+++ b/infrastructure/configs/server/nomad-ash2e.hcl
@@ -0,0 +1,51 @@
+datacenter = "dc1"
+data_dir = "/opt/nomad/data"
+plugin_dir = "/opt/nomad/plugins"
+log_level = "INFO"
+name = "us-ash2e"
+
+bind_addr = "100.103.147.94"
+
+addresses {
+  http = "100.103.147.94"
+  rpc  = "100.103.147.94"
+  serf = "100.103.147.94"
+}
+
+ports {
+  http = 4646
+  rpc  = 4647
+  serf = 4648
+}
+
+server {
+  enabled = true
+  retry_join = ["us-ash2e", "ash1d", "ch2", "ch3", "onecloud1", "de"]
+}
+
+
+
+client {
+  enabled = false
+}
+
+plugin "nomad-driver-podman" {
+  config {
+    socket_path = "unix:///run/podman/podman.sock"
+    volumes {
+      enabled = true
+    }
+  }
+}
+
+consul {
+  address = "100.117.106.136:8500,100.116.80.94:8500,100.122.197.112:8500" # master, ash3c, warden
+}
+
+vault {
+  enabled = true
+  address = "http://100.117.106.136:8200,http://100.116.80.94:8200,http://100.122.197.112:8200" # master, ash3c, warden
+  token = "hvs.A5Fu4E1oHyezJapVllKPFsWg"
+  create_from_role = "nomad-cluster"
+  tls_skip_verify = true
+}
--- a/infrastructure/configs/server/nomad-ch2.hcl
+++ b/infrastructure/configs/server/nomad-ch2.hcl
@@ -0,0 +1,51 @@
+datacenter = "dc1"
+data_dir = "/opt/nomad/data"
+plugin_dir = "/opt/nomad/plugins"
+log_level = "INFO"
+name = "kr-ch2"
+
+bind_addr = "100.90.159.68"
+
+addresses {
+  http = "100.90.159.68"
+  rpc  = "100.90.159.68"
+  serf = "100.90.159.68"
+}
+
+ports {
+  http = 4646
+  rpc  = 4647
+  serf = 4648
+}
+
+server {
+  enabled = true
+  retry_join = ["kr-ch2", "ash1d", "ash2e", "ch3", "onecloud1", "de"]
+}
+
+
+
+client {
+  enabled = false
+}
+
+plugin "nomad-driver-podman" {
+  config {
+    socket_path = "unix:///run/podman/podman.sock"
+    volumes {
+      enabled = true
+    }
+  }
+}
+
+consul {#三个节点
+  address = "100.117.106.136:8500,100.116.80.94:8500,100.122.197.112:8500" # master, ash3c, warden
+}
+
+vault {#三个节点
+  enabled = true
+  address = "http://100.117.106.136:8200,http://100.116.80.94:8200,http://100.122.197.112:8200" # master, ash3c, warden
+  token = "hvs.A5Fu4E1oHyezJapVllKPFsWg"
+  create_from_role = "nomad-cluster"
+  tls_skip_verify = true
+}
--- a/infrastructure/configs/server/nomad-ch3.hcl
+++ b/infrastructure/configs/server/nomad-ch3.hcl
@@ -0,0 +1,51 @@
+datacenter = "dc1"
+data_dir = "/opt/nomad/data"
+plugin_dir = "/opt/nomad/plugins"
+log_level = "INFO"
+name = "kr-ch3"
+
+bind_addr = "100.86.141.112"
+
+addresses {
+  http = "100.86.141.112"
+  rpc  = "100.86.141.112"
+  serf = "100.86.141.112"
+}
+
+ports {
+  http = 4646
+  rpc  = 4647
+  serf = 4648
+}
+
+server {
+  enabled = true
+  data_dir = "/opt/nomad/data"
+}
+
+
+
+client {
+  enabled = false
+}
+
+plugin "nomad-driver-podman" {
+  config {
+    socket_path = "unix:///run/podman/podman.sock"
+    volumes {
+      enabled = true
+    }
+  }
+}
+
+consul {#三个节点
+  address = "100.117.106.136:8500,100.116.80.94:8500,100.122.197.112:8500" # master, ash3c, warden
+}
+
+vault {#三个节点
+  enabled = true
+  address = "http://100.117.106.136:8200,http://100.116.80.94:8200,http://100.122.197.112:8200" # master, ash3c, warden
+  token = "hvs.A5Fu4E1oHyezJapVllKPFsWg"
+  create_from_role = "nomad-cluster"
+  tls_skip_verify = true
+}
--- a/infrastructure/configs/server/nomad-de.hcl
+++ b/infrastructure/configs/server/nomad-de.hcl
@@ -0,0 +1,50 @@
+datacenter = "dc1"
+data_dir = "/opt/nomad/data"
+plugin_dir = "/opt/nomad/plugins"
+log_level = "INFO"
+name = "de"
+
+bind_addr = "100.120.225.29"
+
+addresses {
+  http = "100.120.225.29"
+  rpc  = "100.120.225.29"
+  serf = "100.120.225.29"
+}
+
+ports {
+  http = 4646
+  rpc  = 4647
+  serf = 4648
+}
+
+server {
+  enabled = true
+}
+
+
+
+client {
+  enabled = false
+}
+
+plugin "nomad-driver-podman" {
+  config {
+    socket_path = "unix:///run/podman/podman.sock"
+    volumes {
+      enabled = true
+    }
+  }
+}
+
+consul {#三个节点
+  address = "100.117.106.136:8500,100.116.80.94:8500,100.122.197.112:8500" # master, ash3c, warden
+}
+
+vault {#三个节点
+  enabled = true
+  address = "http://100.117.106.136:8200,http://100.116.80.94:8200,http://100.122.197.112:8200" # master, ash3c, warden
+  token = "hvs.A5Fu4E1oHyezJapVllKPFsWg"
+  create_from_role = "nomad-cluster"
+  tls_skip_verify = true
+}
--- a/infrastructure/configs/server/nomad-onecloud1.hcl
+++ b/infrastructure/configs/server/nomad-onecloud1.hcl
@@ -0,0 +1,50 @@
+datacenter = "dc1"
+data_dir = "/opt/nomad/data"
+plugin_dir = "/opt/nomad/plugins"
+log_level = "INFO"
+name = "onecloud1"
+
+bind_addr = "100.98.209.50"
+
+addresses {
+  http = "100.98.209.50"
+  rpc  = "100.98.209.50"
+  serf = "100.98.209.50"
+}
+
+ports {
+  http = 4646
+  rpc  = 4647
+  serf = 4648
+}
+
+server {
+  enabled = true
+}
+
+
+
+client {
+  enabled = false
+}
+
+plugin "nomad-driver-podman" {
+  config {
+    socket_path = "unix:///run/podman/podman.sock"
+    volumes {
+      enabled = true
+    }
+  }
+}
+
+consul {
+  address = "100.117.106.136:8500,100.116.80.94:8500,100.122.197.112:8500" # master, ash3c, warden
+}
+
+vault {
+  enabled = true
+  address = "http://100.117.106.136:8200,http://100.116.80.94:8200,http://100.122.197.112:8200" # master, ash3c, warden
+  token = "hvs.A5Fu4E1oHyezJapVllKPFsWg"
+  create_from_role = "nomad-cluster"
+  tls_skip_verify = true
+}
--- a/infrastructure/configs/server/nomad-semaphore.hcl
+++ b/infrastructure/configs/server/nomad-semaphore.hcl
@@ -0,0 +1,51 @@
+datacenter = "dc1"
+data_dir = "/opt/nomad/data"
+plugin_dir = "/opt/nomad/plugins"
+log_level = "INFO"
+name = "semaphore"
+
+bind_addr = "100.116.158.95"
+
+addresses {
+  http = "100.116.158.95"
+  rpc  = "100.116.158.95"
+  serf = "100.116.158.95"
+}
+
+ports {
+  http = 4646
+  rpc  = 4647
+  serf = 4648
+}
+
+server {
+  enabled = true
+  bootstrap_expect = 3
+}
+
+
+
+client {
+  enabled = false
+}
+
+plugin "nomad-driver-podman" {
+  config {
+    socket_path = "unix:///run/podman/podman.sock"
+    volumes {
+      enabled = true
+    }
+  }
+}
+
+consul {
+  address = "100.117.106.136:8500,100.116.80.94:8500,100.122.197.112:8500" # master, ash3c, warden
+}
+
+vault {
+  enabled = true
+  address = "http://100.117.106.136:8200,http://100.116.80.94:8200,http://100.122.197.112:8200" # master, ash3c, warden
+  token = "hvs.A5Fu4E1oHyezJapVllKPFsWg"
+  create_from_role = "nomad-cluster"
+  tls_skip_verify = true
+}
--- a/infrastructure/jobs/traefik.nomad
+++ b/infrastructure/jobs/traefik.nomad
@@ -3,7 +3,6 @@ job "traefik" {
  type        = "service"

  update {
-    strategy     = "canary"
    max_parallel = 1
    min_healthy_time = "10s"
    healthy_deadline = "3m"
@@ -11,7 +10,14 @@ job "traefik" {
  }

  group "traefik" {
-    count = 3
+    count = 1  # 先在warden节点部署一个实例
+
+    # 约束只在warden节点运行
+    constraint {
+      attribute = "${node.unique.name}"
+      operator  = "="
+      value     = "bj-warden"
+    }

    restart {
      attempts = 3
@@ -33,21 +39,66 @@ job "traefik" {
    }

    task "traefik" {
-      driver = "podman"
+      driver = "exec"
+
+      # 下载Traefik v3二进制文件
+      artifact {
+        source = "https://github.com/traefik/traefik/releases/download/v3.1.5/traefik_v3.1.5_linux_amd64.tar.gz"
+        destination = "local/"
+        mode = "file"
+        options {
+          archive = "true"
+        }
+      }
+
+      # 动态配置文件模板
+      template {
+        data = <<EOF
+# Traefik动态配置 - 从Consul获取服务
+http:
+  routers:
+    consul-master:
+      rule: "Host(`consul-master.service.consul`)"
+      service: consul-master
+      entryPoints: ["http"]
+  
+  services:
+    consul-master:
+      loadBalancer:
+        servers:
+{{ range nomadService "consul" }}
+{{ if contains .Tags "http" }}
+          - url: "http://{{ .Address }}:{{ .Port }}"
+{{ end }}
+{{ end }}
+
+# Consul Catalog配置
+providers:
+  consulCatalog:
+    exposedByDefault: false
+    prefix: "traefik"
+    refreshInterval: 15s
+    endpoint:
+      address: "http://{{ with nomadService "consul" }}{{ range . }}{{ if contains .Tags "http" }}{{ .Address }}:{{ .Port }}{{ end }}{{ end }}{{ end }}"
+    connectAware: true
+    connectByDefault: false
+EOF
+        destination = "local/dynamic.yml"
+        change_mode = "restart"
+      }

      config {
-        image = "traefik:latest"
-        ports = ["http", "https", "api"]
-        volumes = [
-          "/var/run/docker.sock:/var/run/docker.sock:ro",  # 如果需要与Docker集成
-          "/root/mgmt/configs/traefik.yml:/etc/traefik/traefik.yml:ro",
-          "/root/mgmt/configs/dynamic:/etc/traefik/dynamic:ro"
+        command = "local/traefik"
+        args = [
+          "--configfile=/root/mgmt/infrastructure/routes/traefik.yml",
+          "--providers.file.filename=local/dynamic.yml",
+          "--providers.file.watch=true"
        ]
      }

      env {
        NOMAD_ADDR = "http://${attr.unique.network.ip-address}:4646"
-        CONSUL_HTTP_ADDR = "http://${attr.unique.network.ip-address}:8500"
+        # Consul地址将通过template动态获取
      }

      resources {
@@ -56,14 +107,15 @@ job "traefik" {
      }

      service {
-        name = "traefik"
+        name = "traefik-warden"
        port = "http"
        tags = [
          "traefik.enable=true",
-          "traefik.http.routers.api.rule=Host(`traefik.service.consul`)",
-          "traefik.http.routers.api.service=api@internal",
-          "traefik.http.routers.api.entrypoints=api",
-          "traefik.http.services.api.loadbalancer.server.port=8080"
+          "traefik.http.routers.traefik-warden.rule=Host(`traefik.warden.consul`)",
+          "traefik.http.routers.traefik-warden.service=api@internal",
+          "traefik.http.routers.traefik-warden.entrypoints=api",
+          "traefik.http.services.traefik-warden.loadbalancer.server.port=8080",
+          "warden"
        ]
        
        check {
--- a/infrastructure/monitor/prometheus.yml
+++ b/infrastructure/monitor/prometheus.yml
--- a/infrastructure/opentofu/modules/nomad-cluster/templates/nomad-userdata.sh
+++ b/infrastructure/opentofu/modules/nomad-cluster/templates/nomad-userdata.sh
@@ -67,7 +67,7 @@ log "检测到 IP 地址: $BIND_ADDR"
 log "创建 Nomad 配置文件..."
 cat > /etc/nomad.d/nomad.hcl << EOF
 datacenter = "${datacenter}"
-region     = "global"
+region     = "dc1"
 data_dir   = "/opt/nomad/data"

 bind_addr = "$BIND_ADDR"
--- a/infrastructure/opentofu/modules/nomad-cluster/templates/nomad-userdata.sh.backup.20250930_131511
+++ b/infrastructure/opentofu/modules/nomad-cluster/templates/nomad-userdata.sh.backup.20250930_131511
@@ -0,0 +1,228 @@
+#!/bin/bash
+# Nomad 多数据中心节点自动配置脚本
+# 数据中心: ${datacenter}
+
+set -e
+
+# 日志函数
+log() {
+    echo "[$(date '+%Y-%m-%d %H:%M:%S')] $1" | tee -a /var/log/nomad-setup.log
+}
+
+log "开始配置 Nomad 节点 - 数据中心: ${datacenter}"
+
+# 更新系统
+log "更新系统包..."
+apt-get update -y
+apt-get upgrade -y
+
+# 安装必要的包
+log "安装必要的包..."
+apt-get install -y \
+    curl \
+    wget \
+    unzip \
+    jq \
+    podman \
+    htop \
+    net-tools \
+    vim
+
+# 启动 Podman
+log "启动 Podman 服务..."
+systemctl enable podman
+systemctl start podman
+usermod -aG podman ubuntu
+
+# 安装 Nomad
+log "安装 Nomad ${nomad_version}..."
+cd /tmp
+wget -q https://releases.hashicorp.com/nomad/${nomad_version}/nomad_${nomad_version}_linux_amd64.zip
+unzip nomad_${nomad_version}_linux_amd64.zip
+mv nomad /usr/local/bin/
+chmod +x /usr/local/bin/nomad
+
+# 创建 Nomad 用户和目录
+log "创建 Nomad 用户和目录..."
+useradd --system --home /etc/nomad.d --shell /bin/false nomad
+mkdir -p /opt/nomad/data
+mkdir -p /etc/nomad.d
+mkdir -p /var/log/nomad
+chown -R nomad:nomad /opt/nomad /etc/nomad.d /var/log/nomad
+
+# 获取本机 IP 地址
+if [ "${bind_addr}" = "auto" ]; then
+    # 尝试多种方法获取 IP
+    BIND_ADDR=$(curl -s http://169.254.169.254/latest/meta-data/local-ipv4 2>/dev/null || \
+                curl -s http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip -H "Metadata-Flavor: Google" 2>/dev/null || \
+                ip route get 8.8.8.8 | awk '{print $7; exit}' || \
+                hostname -I | awk '{print $1}')
+else
+    BIND_ADDR="${bind_addr}"
+fi
+
+log "检测到 IP 地址: $BIND_ADDR"
+
+# 创建 Nomad 配置文件
+log "创建 Nomad 配置文件..."
+cat > /etc/nomad.d/nomad.hcl << EOF
+datacenter = "${datacenter}"
+region     = "dc1"
+data_dir   = "/opt/nomad/data"
+
+bind_addr = "$BIND_ADDR"
+
+%{ if server_enabled }
+server {
+  enabled          = true
+  bootstrap_expect = ${bootstrap_expect}
+  encrypt          = "${nomad_encrypt_key}"
+}
+%{ endif }
+
+%{ if client_enabled }
+client {
+  enabled = true
+  
+  host_volume "podman-sock" {
+    path      = "/run/podman/podman.sock"
+    read_only = false
+  }
+}
+%{ endif }
+
+ui {
+  enabled = true
+}
+
+addresses {
+  http = "0.0.0.0"
+  rpc  = "$BIND_ADDR"
+  serf = "$BIND_ADDR"
+}
+
+ports {
+  http = 4646
+  rpc  = 4647
+  serf = 4648
+}
+
+plugin "podman" {
+  config {
+    volumes {
+      enabled = true
+    }
+  }
+}
+
+telemetry {
+  collection_interval        = "10s"
+  disable_hostname          = false
+  prometheus_metrics        = true
+  publish_allocation_metrics = true
+  publish_node_metrics      = true
+}
+
+log_level = "INFO"
+log_file  = "/var/log/nomad/nomad.log"
+EOF
+
+# 创建 systemd 服务文件
+log "创建 systemd 服务文件..."
+cat > /etc/systemd/system/nomad.service << EOF
+[Unit]
+Description=Nomad
+Documentation=https://www.nomadproject.io/
+Requires=network-online.target
+After=network-online.target
+ConditionFileNotEmpty=/etc/nomad.d/nomad.hcl
+
+[Service]
+Type=notify
+User=nomad
+Group=nomad
+ExecStart=/usr/local/bin/nomad agent -config=/etc/nomad.d/nomad.hcl
+ExecReload=/bin/kill -HUP \$MAINPID
+KillMode=process
+Restart=on-failure
+LimitNOFILE=65536
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
+# 启动 Nomad 服务
+log "启动 Nomad 服务..."
+systemctl daemon-reload
+systemctl enable nomad
+systemctl start nomad
+
+# 等待服务启动
+log "等待 Nomad 服务启动..."
+sleep 10
+
+# 验证安装
+log "验证 Nomad 安装..."
+if systemctl is-active --quiet nomad; then
+    log "✅ Nomad 服务运行正常"
+    log "📊 节点信息:"
+    /usr/local/bin/nomad node status -self || true
+else
+    log "❌ Nomad 服务启动失败"
+    systemctl status nomad --no-pager || true
+    journalctl -u nomad --no-pager -n 20 || true
+fi
+
+# 配置防火墙（如果需要）
+log "配置防火墙规则..."
+if command -v ufw >/dev/null 2>&1; then
+    ufw allow 4646/tcp  # HTTP API
+    ufw allow 4647/tcp  # RPC
+    ufw allow 4648/tcp  # Serf
+    ufw allow 22/tcp    # SSH
+fi
+
+# 创建有用的别名和脚本
+log "创建管理脚本..."
+cat > /usr/local/bin/nomad-status << 'EOF'
+#!/bin/bash
+echo "=== Nomad 服务状态 ==="
+systemctl status nomad --no-pager
+
+echo -e "\n=== Nomad 集群成员 ==="
+nomad server members 2>/dev/null || echo "无法连接到集群"
+
+echo -e "\n=== Nomad 节点状态 ==="
+nomad node status 2>/dev/null || echo "无法获取节点状态"
+
+echo -e "\n=== 最近日志 ==="
+journalctl -u nomad --no-pager -n 5
+EOF
+
+chmod +x /usr/local/bin/nomad-status
+
+# 添加到 ubuntu 用户的 bashrc
+echo 'alias ns="nomad-status"' >> /home/ubuntu/.bashrc
+echo 'alias nomad-logs="journalctl -u nomad -f"' >> /home/ubuntu/.bashrc
+
+log "🎉 Nomad 节点配置完成！"
+log "📍 数据中心: ${datacenter}"
+log "🌐 IP 地址: $BIND_ADDR"
+log "🔗 Web UI: http://$BIND_ADDR:4646"
+log "📝 使用 'nomad-status' 或 'ns' 命令查看状态"
+
+# 输出重要信息到 motd
+cat > /etc/update-motd.d/99-nomad << EOF
+#!/bin/bash
+echo ""
+echo "🚀 Nomad 节点信息:"
+echo "   数据中心: ${datacenter}"
+echo "   IP 地址: $BIND_ADDR"
+echo "   Web UI: http://$BIND_ADDR:4646"
+echo "   状态检查: nomad-status"
+echo ""
+EOF
+
+chmod +x /etc/update-motd.d/99-nomad
+
+log "节点配置脚本执行完成"
--- a/infrastructure/opentofu/modules/nomad-cluster/templates/nomad-userdata.sh.backup.20250930_131639
+++ b/infrastructure/opentofu/modules/nomad-cluster/templates/nomad-userdata.sh.backup.20250930_131639
@@ -0,0 +1,228 @@
+#!/bin/bash
+# Nomad 多数据中心节点自动配置脚本
+# 数据中心: ${datacenter}
+
+set -e
+
+# 日志函数
+log() {
+    echo "[$(date '+%Y-%m-%d %H:%M:%S')] $1" | tee -a /var/log/nomad-setup.log
+}
+
+log "开始配置 Nomad 节点 - 数据中心: ${datacenter}"
+
+# 更新系统
+log "更新系统包..."
+apt-get update -y
+apt-get upgrade -y
+
+# 安装必要的包
+log "安装必要的包..."
+apt-get install -y \
+    curl \
+    wget \
+    unzip \
+    jq \
+    podman \
+    htop \
+    net-tools \
+    vim
+
+# 启动 Podman
+log "启动 Podman 服务..."
+systemctl enable podman
+systemctl start podman
+usermod -aG podman ubuntu
+
+# 安装 Nomad
+log "安装 Nomad ${nomad_version}..."
+cd /tmp
+wget -q https://releases.hashicorp.com/nomad/${nomad_version}/nomad_${nomad_version}_linux_amd64.zip
+unzip nomad_${nomad_version}_linux_amd64.zip
+mv nomad /usr/local/bin/
+chmod +x /usr/local/bin/nomad
+
+# 创建 Nomad 用户和目录
+log "创建 Nomad 用户和目录..."
+useradd --system --home /etc/nomad.d --shell /bin/false nomad
+mkdir -p /opt/nomad/data
+mkdir -p /etc/nomad.d
+mkdir -p /var/log/nomad
+chown -R nomad:nomad /opt/nomad /etc/nomad.d /var/log/nomad
+
+# 获取本机 IP 地址
+if [ "${bind_addr}" = "auto" ]; then
+    # 尝试多种方法获取 IP
+    BIND_ADDR=$(curl -s http://169.254.169.254/latest/meta-data/local-ipv4 2>/dev/null || \
+                curl -s http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip -H "Metadata-Flavor: Google" 2>/dev/null || \
+                ip route get 8.8.8.8 | awk '{print $7; exit}' || \
+                hostname -I | awk '{print $1}')
+else
+    BIND_ADDR="${bind_addr}"
+fi
+
+log "检测到 IP 地址: $BIND_ADDR"
+
+# 创建 Nomad 配置文件
+log "创建 Nomad 配置文件..."
+cat > /etc/nomad.d/nomad.hcl << EOF
+datacenter = "${datacenter}"
+region     = "dc1"
+data_dir   = "/opt/nomad/data"
+
+bind_addr = "$BIND_ADDR"
+
+%{ if server_enabled }
+server {
+  enabled          = true
+  bootstrap_expect = ${bootstrap_expect}
+  encrypt          = "${nomad_encrypt_key}"
+}
+%{ endif }
+
+%{ if client_enabled }
+client {
+  enabled = true
+  
+  host_volume "podman-sock" {
+    path      = "/run/podman/podman.sock"
+    read_only = false
+  }
+}
+%{ endif }
+
+ui {
+  enabled = true
+}
+
+addresses {
+  http = "0.0.0.0"
+  rpc  = "$BIND_ADDR"
+  serf = "$BIND_ADDR"
+}
+
+ports {
+  http = 4646
+  rpc  = 4647
+  serf = 4648
+}
+
+plugin "podman" {
+  config {
+    volumes {
+      enabled = true
+    }
+  }
+}
+
+telemetry {
+  collection_interval        = "10s"
+  disable_hostname          = false
+  prometheus_metrics        = true
+  publish_allocation_metrics = true
+  publish_node_metrics      = true
+}
+
+log_level = "INFO"
+log_file  = "/var/log/nomad/nomad.log"
+EOF
+
+# 创建 systemd 服务文件
+log "创建 systemd 服务文件..."
+cat > /etc/systemd/system/nomad.service << EOF
+[Unit]
+Description=Nomad
+Documentation=https://www.nomadproject.io/
+Requires=network-online.target
+After=network-online.target
+ConditionFileNotEmpty=/etc/nomad.d/nomad.hcl
+
+[Service]
+Type=notify
+User=nomad
+Group=nomad
+ExecStart=/usr/local/bin/nomad agent -config=/etc/nomad.d/nomad.hcl
+ExecReload=/bin/kill -HUP \$MAINPID
+KillMode=process
+Restart=on-failure
+LimitNOFILE=65536
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
+# 启动 Nomad 服务
+log "启动 Nomad 服务..."
+systemctl daemon-reload
+systemctl enable nomad
+systemctl start nomad
+
+# 等待服务启动
+log "等待 Nomad 服务启动..."
+sleep 10
+
+# 验证安装
+log "验证 Nomad 安装..."
+if systemctl is-active --quiet nomad; then
+    log "✅ Nomad 服务运行正常"
+    log "📊 节点信息:"
+    /usr/local/bin/nomad node status -self || true
+else
+    log "❌ Nomad 服务启动失败"
+    systemctl status nomad --no-pager || true
+    journalctl -u nomad --no-pager -n 20 || true
+fi
+
+# 配置防火墙（如果需要）
+log "配置防火墙规则..."
+if command -v ufw >/dev/null 2>&1; then
+    ufw allow 4646/tcp  # HTTP API
+    ufw allow 4647/tcp  # RPC
+    ufw allow 4648/tcp  # Serf
+    ufw allow 22/tcp    # SSH
+fi
+
+# 创建有用的别名和脚本
+log "创建管理脚本..."
+cat > /usr/local/bin/nomad-status << 'EOF'
+#!/bin/bash
+echo "=== Nomad 服务状态 ==="
+systemctl status nomad --no-pager
+
+echo -e "\n=== Nomad 集群成员 ==="
+nomad server members 2>/dev/null || echo "无法连接到集群"
+
+echo -e "\n=== Nomad 节点状态 ==="
+nomad node status 2>/dev/null || echo "无法获取节点状态"
+
+echo -e "\n=== 最近日志 ==="
+journalctl -u nomad --no-pager -n 5
+EOF
+
+chmod +x /usr/local/bin/nomad-status
+
+# 添加到 ubuntu 用户的 bashrc
+echo 'alias ns="nomad-status"' >> /home/ubuntu/.bashrc
+echo 'alias nomad-logs="journalctl -u nomad -f"' >> /home/ubuntu/.bashrc
+
+log "🎉 Nomad 节点配置完成！"
+log "📍 数据中心: ${datacenter}"
+log "🌐 IP 地址: $BIND_ADDR"
+log "🔗 Web UI: http://$BIND_ADDR:4646"
+log "📝 使用 'nomad-status' 或 'ns' 命令查看状态"
+
+# 输出重要信息到 motd
+cat > /etc/update-motd.d/99-nomad << EOF
+#!/bin/bash
+echo ""
+echo "🚀 Nomad 节点信息:"
+echo "   数据中心: ${datacenter}"
+echo "   IP 地址: $BIND_ADDR"
+echo "   Web UI: http://$BIND_ADDR:4646"
+echo "   状态检查: nomad-status"
+echo ""
+EOF
+
+chmod +x /etc/update-motd.d/99-nomad
+
+log "节点配置脚本执行完成"
--- a/infrastructure/configs/traefik.yml
+++ b/infrastructure/configs/traefik.yml
@@ -24,21 +24,12 @@ entryPoints:

 # 提供者配置
 providers:
-  # 启用Consul Catalog提供者
-  consulCatalog:
-    exposedByDefault: false
-    prefix: "traefik"
-    refreshInterval: 15s
-    requireConsistent: true
-    stale: false
+  # 启用文件提供者用于动态配置
+  file:
+    directory: "/etc/traefik/dynamic"
    watch: true
-    endpoint:
-      address: "http://127.0.0.1:8500"
-      scheme: "http"
-    connectAware: true
-    connectByDefault: false
  
-  # 启用Nomad提供者
+  # Nomad提供者 - 使用静态地址因为Nomad API相对稳定
  nomad:
    exposedByDefault: false
    prefix: "traefik"