diff --git a/ansible/ansible.cfg b/ansible/ansible.cfg new file mode 100644 index 0000000..cf055eb --- /dev/null +++ b/ansible/ansible.cfg @@ -0,0 +1,10 @@ +[defaults] +inventory = inventory/hosts.yml +host_key_checking = False +timeout = 30 +gathering = smart +fact_caching = memory + +[ssh_connection] +ssh_args = -o ControlMaster=auto -o ControlPersist=60s -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no +pipelining = True \ No newline at end of file diff --git a/ansible/fix-warden-zsh.yml b/ansible/fix-warden-zsh.yml new file mode 100644 index 0000000..c4373ed --- /dev/null +++ b/ansible/fix-warden-zsh.yml @@ -0,0 +1,198 @@ +--- +# Ansible Playbook: 修复 warden 节点的 zsh 配置 +- name: Fix zsh configuration on warden node + hosts: warden + become: yes + vars: + target_user: ben # 或者你想修复的用户名 + + tasks: + - name: 检查当前 shell + shell: echo $SHELL + register: current_shell + changed_when: false + + - name: 显示当前 shell + debug: + msg: "当前 shell: {{ current_shell.stdout }}" + + - name: 检查 zsh 是否已安装 + package: + name: zsh + state: present + + - name: 备份现有的 zsh 配置文件 + shell: | + if [ -f ~/.zshrc ]; then + cp ~/.zshrc ~/.zshrc.backup.$(date +%Y%m%d_%H%M%S) + echo "已备份 ~/.zshrc" + fi + if [ -f ~/.zsh_history ]; then + cp ~/.zsh_history ~/.zsh_history.backup.$(date +%Y%m%d_%H%M%S) + echo "已备份 ~/.zsh_history" + fi + register: backup_result + changed_when: backup_result.stdout != "" + + - name: 显示备份结果 + debug: + msg: "{{ backup_result.stdout_lines }}" + when: backup_result.stdout != "" + + - name: 检查 oh-my-zsh 是否存在 + stat: + path: ~/.oh-my-zsh + register: ohmyzsh_exists + + - name: 重新安装 oh-my-zsh (如果损坏) + shell: | + if [ -d ~/.oh-my-zsh ]; then + rm -rf ~/.oh-my-zsh + fi + sh -c "$(curl -fsSL https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)" "" --unattended + when: not ohmyzsh_exists.stat.exists or ansible_check_mode == false + + - name: 创建基本的 .zshrc 配置 + copy: + content: | + # Path to your oh-my-zsh installation. + export ZSH="$HOME/.oh-my-zsh" + + # Set name of the theme to load + ZSH_THEME="robbyrussell" + + # Which plugins would you like to load? + plugins=(git docker docker-compose kubectl) + + source $ZSH/oh-my-zsh.sh + + # User configuration + export PATH=$PATH:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin + + # Aliases + alias ll='ls -alF' + alias la='ls -A' + alias l='ls -CF' + alias ..='cd ..' + alias ...='cd ../..' + + # Nomad/Consul aliases + alias nomad-status='nomad status' + alias consul-members='consul members' + + # History settings + HISTSIZE=10000 + SAVEHIST=10000 + setopt HIST_IGNORE_DUPS + setopt HIST_IGNORE_SPACE + setopt HIST_VERIFY + setopt SHARE_HISTORY + dest: ~/.zshrc + owner: "{{ target_user }}" + group: "{{ target_user }}" + mode: '0644' + backup: yes + + - name: 设置 zsh 为默认 shell + user: + name: "{{ target_user }}" + shell: /usr/bin/zsh + + - name: 检查 zsh 配置语法 + shell: zsh -n ~/.zshrc + register: zsh_syntax_check + failed_when: zsh_syntax_check.rc != 0 + changed_when: false + + - name: 测试 zsh 启动 + shell: zsh -c "echo 'zsh 配置测试成功'" + register: zsh_test + changed_when: false + + - name: 显示修复结果 + debug: + msg: + - "zsh 配置修复完成" + - "语法检查: {{ 'PASS' if zsh_syntax_check.rc == 0 else 'FAIL' }}" + - "启动测试: {{ zsh_test.stdout }}" + + - name: 清理损坏的历史文件 + shell: | + if [ -f ~/.zsh_history ]; then + # 尝试修复历史文件 + strings ~/.zsh_history > ~/.zsh_history.clean + mv ~/.zsh_history.clean ~/.zsh_history + echo "已清理 zsh 历史文件" + fi + register: history_cleanup + changed_when: history_cleanup.stdout != "" + + - name: 修复 DNS 配置问题 + shell: | + # 备份现有DNS配置 + sudo cp /etc/resolv.conf /etc/resolv.conf.backup.$(date +%Y%m%d_%H%M%S) + + # 添加备用DNS服务器 + echo "# 备用DNS服务器配置" | sudo tee -a /etc/resolv.conf + echo "nameserver 8.8.8.8" | sudo tee -a /etc/resolv.conf + echo "nameserver 8.8.4.4" | sudo tee -a /etc/resolv.conf + echo "nameserver 1.1.1.1" | sudo tee -a /etc/resolv.conf + + echo "已添加备用DNS服务器" + register: dns_fix + changed_when: dns_fix.stdout != "" + + - name: 测试 DNS 修复 + shell: nslookup github.com + register: dns_test + changed_when: false + + - name: 显示 DNS 测试结果 + debug: + msg: "{{ dns_test.stdout_lines }}" + + - name: 修复 zsh completion 权限问题 + shell: | + # 修复系统 completion 目录权限 + sudo chown -R root:root /usr/share/zsh/vendor-completions/ 2>/dev/null || true + sudo chown -R root:root /usr/share/bash-completion/ 2>/dev/null || true + sudo chown -R root:root /usr/share/fish/vendor_completions.d/ 2>/dev/null || true + sudo chown -R root:root /usr/local/share/zsh/site-functions/ 2>/dev/null || true + + # 设置正确的权限 + sudo chmod -R 755 /usr/share/zsh/vendor-completions/ 2>/dev/null || true + sudo chmod -R 755 /usr/share/bash-completion/ 2>/dev/null || true + sudo chmod -R 755 /usr/share/fish/vendor_completions.d/ 2>/dev/null || true + sudo chmod -R 755 /usr/local/share/zsh/site-functions/ 2>/dev/null || true + + # 修复 oh-my-zsh completion 目录权限(如果存在) + if [ -d ~/.oh-my-zsh ]; then + chmod -R 755 ~/.oh-my-zsh/completions + chmod -R 755 ~/.oh-my-zsh/plugins + chmod -R 755 ~/.oh-my-zsh/lib + echo "已修复 oh-my-zsh 目录权限" + fi + + # 重新生成 completion 缓存 + rm -f ~/.zcompdump* 2>/dev/null || true + echo "已修复系统 completion 目录权限并清理缓存" + register: completion_fix + changed_when: completion_fix.stdout != "" + + - name: 显示 completion 修复结果 + debug: + msg: "{{ completion_fix.stdout_lines }}" + when: completion_fix.stdout != "" + + - name: 测试 zsh completion 修复 + shell: zsh -c "autoload -U compinit && compinit -D && echo 'completion 系统修复成功'" + register: completion_test + changed_when: false + + - name: 重新加载 zsh 配置提示 + debug: + msg: + - "修复完成!请执行以下命令重新加载配置:" + - "source ~/.zshrc" + - "或者重新登录以使用新的 shell 配置" + - "completion 权限问题已修复" \ No newline at end of file diff --git a/ansible/inventory/hosts.yml b/ansible/inventory/hosts.yml new file mode 100644 index 0000000..7d39758 --- /dev/null +++ b/ansible/inventory/hosts.yml @@ -0,0 +1,10 @@ +--- +all: + children: + warden: + hosts: + warden: + ansible_host: 100.122.197.112 + ansible_user: ben + ansible_password: "3131" + ansible_become_password: "3131" \ No newline at end of file diff --git a/components/consul/jobs/consul-cluster.nomad b/components/consul/jobs/consul-cluster.nomad index 09f8f8a..d6f6e40 100644 --- a/components/consul/jobs/consul-cluster.nomad +++ b/components/consul/jobs/consul-cluster.nomad @@ -31,18 +31,18 @@ job "consul-cluster-nomad" { args = [ "agent", "-server", - "-bootstrap-expect=2", + "-bootstrap-expect=3", "-data-dir=/opt/nomad/data/consul", "-client=0.0.0.0", - "-bind={{ env "NOMAD_IP_http" }}", - "-advertise={{ env "NOMAD_IP_http" }}", + "-bind={{ env \"NOMAD_IP_http\" }}", + "-advertise={{ env \"NOMAD_IP_http\" }}", "-retry-join=ash3c.tailnet-68f9.ts.net:8301", "-retry-join=warden.tailnet-68f9.ts.net:8301", "-ui", "-http-port=8500", "-server-port=8300", "-serf-lan-port=8301", - "-serf-wan-port=8302", + "-serf-wan-port=8302" ] } @@ -85,8 +85,8 @@ job "consul-cluster-nomad" { "-server", "-data-dir=/opt/nomad/data/consul", "-client=0.0.0.0", - "-bind={{ env "NOMAD_IP_http" }}", - "-advertise={{ env "NOMAD_IP_http" }}", + "-bind={{ env \"NOMAD_IP_http\" }}", + "-advertise={{ env \"NOMAD_IP_http\" }}", "-retry-join=ch4.tailnet-68f9.ts.net:8301", "-retry-join=warden.tailnet-68f9.ts.net:8301", "-ui", @@ -136,8 +136,8 @@ job "consul-cluster-nomad" { "-server", "-data-dir=/opt/nomad/data/consul", "-client=0.0.0.0", - "-bind={{ env "NOMAD_IP_http" }}", - "-advertise={{ env "NOMAD_IP_http" }}", + "-bind={{ env \"NOMAD_IP_http\" }}", + "-advertise={{ env \"NOMAD_IP_http\" }}", "-retry-join=ch4.tailnet-68f9.ts.net:8301", "-retry-join=ash3c.tailnet-68f9.ts.net:8301", "-ui", diff --git a/deployment/ansible/ansible.cfg b/deployment/ansible/ansible.cfg index 4393516..4063258 100644 --- a/deployment/ansible/ansible.cfg +++ b/deployment/ansible/ansible.cfg @@ -1,6 +1,7 @@ [defaults] inventory = inventory.ini host_key_checking = False +forks = 8 timeout = 30 gathering = smart fact_caching = memory diff --git a/deployment/ansible/inventories/production/hosts b/deployment/ansible/inventories/production/hosts index 570c41f..a5696b6 100644 --- a/deployment/ansible/inventories/production/hosts +++ b/deployment/ansible/inventories/production/hosts @@ -2,7 +2,7 @@ # 服务器节点 (7个服务器节点) # ⚠️ 警告:能力越大,责任越大!服务器节点操作需极其谨慎! # ⚠️ 任何对服务器节点的操作都可能影响整个集群的稳定性! -semaphore ansible_host=semaphore.tailnet-68f9.ts.net ansible_user=root ansible_password=3131 ansible_become_password=3131 +semaphore ansible_host=127.0.0.1 ansible_user=root ansible_password=3131 ansible_become_password=3131 ansible_ssh_common_args="-o PreferredAuthentications=password -o PubkeyAuthentication=no" ash1d ansible_host=ash1d.tailnet-68f9.ts.net ansible_user=ben ansible_password=3131 ansible_become_password=3131 ash2e ansible_host=ash2e.tailnet-68f9.ts.net ansible_user=ben ansible_password=3131 ansible_become_password=3131 ch2 ansible_host=ch2.tailnet-68f9.ts.net ansible_user=ben ansible_password=3131 ansible_become_password=3131 @@ -31,3 +31,7 @@ mount_point=/mnt/fnsync # Ansible配置 ansible_ssh_common_args='-o StrictHostKeyChecking=no' +gitea ansible_host=gitea ansible_user=ben ansible_password=3131 ansible_become_password=3131 + +[gitea] +gitea ansible_host=gitea ansible_user=ben ansible_password=3131 ansible_become_password=3131 diff --git a/deployment/ansible/playbooks/cleanup-nomad-backups-thorough.yml b/deployment/ansible/playbooks/cleanup-nomad-backups-thorough.yml new file mode 100644 index 0000000..f5cab0e --- /dev/null +++ b/deployment/ansible/playbooks/cleanup-nomad-backups-thorough.yml @@ -0,0 +1,22 @@ +--- +- name: Thorough cleanup of Nomad configuration backup files + hosts: nomad_nodes + become: yes + tasks: + - name: Remove all backup files with various patterns + shell: | + find /etc/nomad.d/ -name "nomad.hcl.*" -not -name "nomad.hcl" -delete + find /etc/nomad.d/ -name "*.bak" -delete + find /etc/nomad.d/ -name "*.backup*" -delete + find /etc/nomad.d/ -name "*.~" -delete + find /etc/nomad.d/ -name "*.broken" -delete + ignore_errors: yes + + - name: List remaining files in /etc/nomad.d/ + command: ls -la /etc/nomad.d/ + register: remaining_files + changed_when: false + + - name: Display remaining files + debug: + var: remaining_files.stdout_lines diff --git a/deployment/ansible/playbooks/cleanup-nomad-backups.yml b/deployment/ansible/playbooks/cleanup-nomad-backups.yml new file mode 100644 index 0000000..54688c5 --- /dev/null +++ b/deployment/ansible/playbooks/cleanup-nomad-backups.yml @@ -0,0 +1,25 @@ +--- +- name: Cleanup Nomad configuration backup files + hosts: nomad_nodes + become: yes + tasks: + - name: Remove backup files from /etc/nomad.d/ + file: + path: "{{ item }}" + state: absent + loop: + - "/etc/nomad.d/*.bak" + - "/etc/nomad.d/*.backup" + - "/etc/nomad.d/*.~" + - "/etc/nomad.d/*.broken" + - "/etc/nomad.d/nomad.hcl.*" + ignore_errors: yes + + - name: List remaining files in /etc/nomad.d/ + command: ls -la /etc/nomad.d/ + register: remaining_files + changed_when: false + + - name: Display remaining files + debug: + var: remaining_files.stdout_lines diff --git a/nomad-configs/README.md b/nomad-configs/README.md new file mode 100644 index 0000000..a3b4a95 --- /dev/null +++ b/nomad-configs/README.md @@ -0,0 +1,48 @@ +# Nomad配置管理 + +## 目录结构 +``` +nomad-configs/ +├── templates/ +│ └── nomad-client.hcl.j2 # 配置模板 +├── nodes/ +│ ├── warden.hcl # 各节点配置文件 +│ ├── hcp1.hcl +│ ├── onecloud1.hcl +│ ├── influxdb1.hcl +│ ├── ash3c.hcl +│ ├── ch4.hcl +│ └── browser.hcl +├── scripts/ +│ └── deploy.sh # 部署脚本 +└── README.md +``` + +## 节点列表 +- onecloud1 (down) +- hcp1 (down) +- influxdb1 (ready) +- ash3c (ready) +- ch4 (ready) +- warden (ready) - 成功模板 +- browser (ready) + +## 使用方法 + +### 部署单个节点 +```bash +cd /root/mgmt/nomad-configs +./scripts/deploy.sh warden +``` + +### 部署所有节点 +```bash +for node in onecloud1 hcp1 influxdb1 ash3c ch4 warden browser; do + ./scripts/deploy.sh $node +done +``` + +## 配置说明 +- 基于warden的成功配置 +- 只替换节点名和FQDN +- 保持配置一致性 diff --git a/nomad-configs/nodes/influxdb1.hcl b/nomad-configs/nodes/influxdb1.hcl index a5a2514..61b8bfb 100644 --- a/nomad-configs/nodes/influxdb1.hcl +++ b/nomad-configs/nodes/influxdb1.hcl @@ -83,11 +83,11 @@ plugin "nomad-driver-podman" { } consul { - enabled = false + address = "ch4.tailnet-68f9.ts.net:8500,ash3c.tailnet-68f9.ts.net:8500,warden.tailnet-68f9.ts.net:8500" server_service_name = "nomad" client_service_name = "nomad-client" auto_advertise = true - server_auto_join = true + server_auto_join = false client_auto_join = true } diff --git a/nomad-configs/nodes/onecloud1-dual.hcl b/nomad-configs/nodes/onecloud1-dual.hcl new file mode 100644 index 0000000..de97c09 --- /dev/null +++ b/nomad-configs/nodes/onecloud1-dual.hcl @@ -0,0 +1,130 @@ +datacenter = "dc1" +data_dir = "/opt/nomad/data" +plugin_dir = "/opt/nomad/plugins" +log_level = "INFO" +name = "onecloud1" + +bind_addr = "onecloud1.tailnet-68f9.ts.net" + +addresses { + http = "onecloud1.tailnet-68f9.ts.net" + rpc = "onecloud1.tailnet-68f9.ts.net" + serf = "onecloud1.tailnet-68f9.ts.net" +} + +advertise { + http = "onecloud1.tailnet-68f9.ts.net:4646" + rpc = "onecloud1.tailnet-68f9.ts.net:4647" + serf = "onecloud1.tailnet-68f9.ts.net:4648" +} + +ports { + http = 4646 + rpc = 4647 + serf = 4648 +} + +server { + enabled = true + bootstrap_expect = 3 + server_join { + retry_join = [ + "semaphore.tailnet-68f9.ts.net:4648", + "ash1d.tailnet-68f9.ts.net:4648", + "ash2e.tailnet-68f9.ts.net:4648", + "ch2.tailnet-68f9.ts.net:4648", + "ch3.tailnet-68f9.ts.net:4648", + "onecloud1.tailnet-68f9.ts.net:4648", + "de.tailnet-68f9.ts.net:4648", + "hcp1.tailnet-68f9.ts.net:4648" + ] + } +} + +client { +\nconsul { + address = "ch4.tailnet-68f9.ts.net:8500,ash3c.tailnet-68f9.ts.net:8500,warden.tailnet-68f9.ts.net:8500" + server_service_name = "nomad" + client_service_name = "nomad-client" + auto_advertise = true + server_auto_join = true + client_auto_join = true +} + + enabled = true + network_interface = "tailscale0" + + # 配置七仙女服务器地址,使用完整FQDN + servers = [ + "semaphore.tailnet-68f9.ts.net:4647", + "ash1d.tailnet-68f9.ts.net:4647", + "ash2e.tailnet-68f9.ts.net:4647", + "ch2.tailnet-68f9.ts.net:4647", + "ch3.tailnet-68f9.ts.net:4647", + "onecloud1.tailnet-68f9.ts.net:4647", + "de.tailnet-68f9.ts.net:4647" + ] + + # 配置host volumes + host_volume "fnsync" { + path = "/mnt/fnsync" + read_only = false + } + + host_volume "vault-storage" { + path = "/opt/nomad/data/vault-storage" + read_only = false + } + + # 禁用Docker驱动,只使用Podman + options { + "driver.raw_exec.enable" = "1" + "driver.exec.enable" = "1" + } + + # 配置节点元数据 + meta { + consul = "true" + consul_version = "1.21.5" + consul_server = "true" + } + + # 激进的垃圾清理策略 + gc_interval = "5m" + gc_disk_usage_threshold = 80 + gc_inode_usage_threshold = 70 +} + +plugin "nomad-driver-podman" { + config { + socket_path = "unix:///run/podman/podman.sock" + volumes { + enabled = true + } + } +} + +consul { + enabled = false + server_service_name = "nomad" + client_service_name = "nomad-client" + auto_advertise = true + server_auto_join = true + client_auto_join = true +} + +vault { + enabled = true + address = "http://master.tailnet-68f9.ts.net:8200,http://ash3c.tailnet-68f9.ts.net:8200,http://onecloud1.tailnet-68f9.ts.net:8200" + token = "hvs.A5Fu4E1oHyezJapVllKPFsWg" + create_from_role = "nomad-cluster" + tls_skip_verify = true +} + +telemetry { + collection_interval = "1s" + disable_hostname = false + prometheus_metrics = true + publish_allocation_metrics = true + publish_node_metrics = true +} \ No newline at end of file diff --git a/nomad-configs/scripts/cleanup_backups.sh b/nomad-configs/scripts/cleanup_backups.sh new file mode 100755 index 0000000..5812c8c --- /dev/null +++ b/nomad-configs/scripts/cleanup_backups.sh @@ -0,0 +1,13 @@ +#!/bin/bash + +# 清理所有节点的Nomad配置备份文件 +NODES=("hcp1" "influxdb1" "ash3c" "ch4" "warden" "browser" "ash1d" "ash2e" "ch2" "ch3" "de" "semaphore" "onecloud1") + +for NODE_NAME in "${NODES[@]}"; do + echo "清理节点 ${NODE_NAME} 的备份配置文件" + ssh ben@${NODE_NAME} "echo '3131' | sudo -S find /etc/nomad.d/ -name '*.bak' -o -name '*.backup' -o -name '*.~' -o -name '*.broken' | xargs -r sudo rm -f" + echo "节点 ${NODE_NAME} 清理完成" + echo "---" +done + +echo "所有节点备份配置文件清理完成!" diff --git a/nomad-configs/scripts/deploy-all.sh b/nomad-configs/scripts/deploy-all.sh new file mode 100755 index 0000000..c6957cd --- /dev/null +++ b/nomad-configs/scripts/deploy-all.sh @@ -0,0 +1,26 @@ +#!/bin/bash + +# 批量部署所有节点配置 +# 用法: ./deploy-all.sh + +NODES=("influxdb1" "ash3c" "ch4" "browser") + +echo "开始批量部署Nomad配置..." + +for node in "${NODES[@]}"; do + echo "部署配置到节点: $node" + + # 下载配置文件 + ssh ben@$node.tailnet-68f9.ts.net "curl -s 'https://gitea.tailnet-68f9.ts.net/ben/mgmt/raw/branch/main/nomad-configs/nodes/${node}.hcl' > /tmp/${node}.hcl && echo '3131' | sudo -S cp /tmp/${node}.hcl /etc/nomad.d/nomad.hcl" + + # 创建必要的目录 + ssh ben@$node.tailnet-68f9.ts.net "echo '3131' | sudo -S mkdir -p /opt/nomad/data/vault-storage" + + # 重启Nomad服务 + ssh ben@$node.tailnet-68f9.ts.net "echo '3131' | sudo -S systemctl restart nomad" + + echo "节点 $node 部署完成" + echo "---" +done + +echo "所有节点部署完成!" diff --git a/nomad-configs/scripts/deploy.sh b/nomad-configs/scripts/deploy.sh new file mode 100755 index 0000000..f02ffc4 --- /dev/null +++ b/nomad-configs/scripts/deploy.sh @@ -0,0 +1,31 @@ +#!/bin/bash + +# Nomad配置部署脚本 +# 用法: ./deploy.sh + +NODE_NAME=$1 +NODE_FQDN="${NODE_NAME}.tailnet-68f9.ts.net" + +if [ -z "$NODE_NAME" ]; then + echo "用法: $0 " + echo "可用节点: onecloud1, hcp1, influxdb1, ash3c, ch4, warden, browser" + exit 1 +fi + +echo "部署配置到节点: $NODE_NAME ($NODE_FQDN)" + +# 生成配置文件 +sed "s/warden\.tailnet-68f9\.ts\.net/$NODE_FQDN/g" templates/nomad-client.hcl.j2 | \ +sed "s/name = \"warden\"/name = \"$NODE_NAME\"/" > nodes/${NODE_NAME}.hcl + +echo "配置文件已生成: nodes/${NODE_NAME}.hcl" + +# 部署到节点 +echo "部署到节点..." +ssh ben@$NODE_FQDN "echo '3131' | sudo -S tee /etc/nomad.d/nomad.hcl" < nodes/${NODE_NAME}.hcl + +# 重启服务 +echo "重启Nomad服务..." +ssh ben@$NODE_FQDN "echo '3131' | sudo -S systemctl restart nomad" + +echo "部署完成!" diff --git a/nomad-configs/scripts/deploy_servers.sh b/nomad-configs/scripts/deploy_servers.sh new file mode 100755 index 0000000..7d48278 --- /dev/null +++ b/nomad-configs/scripts/deploy_servers.sh @@ -0,0 +1,13 @@ +#!/bin/bash + +SERVERS=("ash1d" "ash2e" "ch2" "ch3" "de" "semaphore" "hcp1" "onecloud1") +REPO_URL="https://gitea.tailnet-68f9.ts.net/ben/mgmt/raw/branch/main/nomad-configs/servers" + +for SERVER_NAME in "${SERVERS[@]}"; do + echo "部署服务器配置到: ${SERVER_NAME}" + ssh ben@${SERVER_NAME} "curl -s \"${REPO_URL}/${SERVER_NAME}.hcl\" > /tmp/${SERVER_NAME}.hcl && echo '3131' | sudo -S cp /tmp/${SERVER_NAME}.hcl /etc/nomad.d/nomad.hcl && echo '3131' | sudo -S systemctl restart nomad" + echo "服务器 ${SERVER_NAME} 部署完成" + echo "---" +done + +echo "所有Nomad服务器配置部署完成!" diff --git a/nomad-configs/templates/nomad-client.hcl.j2 b/nomad-configs/templates/nomad-client.hcl.j2 new file mode 100644 index 0000000..8b282da --- /dev/null +++ b/nomad-configs/templates/nomad-client.hcl.j2 @@ -0,0 +1,108 @@ +datacenter = "dc1" +data_dir = "/opt/nomad/data" +plugin_dir = "/opt/nomad/plugins" +log_level = "INFO" +name = "warden" + +bind_addr = "warden.tailnet-68f9.ts.net" + +addresses { + http = "warden.tailnet-68f9.ts.net" + rpc = "warden.tailnet-68f9.ts.net" + serf = "warden.tailnet-68f9.ts.net" +} + +advertise { + http = "warden.tailnet-68f9.ts.net:4646" + rpc = "warden.tailnet-68f9.ts.net:4647" + serf = "warden.tailnet-68f9.ts.net:4648" +} + +ports { + http = 4646 + rpc = 4647 + serf = 4648 +} + +server { + enabled = false +} + +client { + enabled = true + network_interface = "tailscale0" + + # 配置七仙女服务器地址,使用完整FQDN + servers = [ + "semaphore.tailnet-68f9.ts.net:4647", + "ash1d.tailnet-68f9.ts.net:4647", + "ash2e.tailnet-68f9.ts.net:4647", + "ch2.tailnet-68f9.ts.net:4647", + "ch3.tailnet-68f9.ts.net:4647", + "onecloud1.tailnet-68f9.ts.net:4647", + "de.tailnet-68f9.ts.net:4647" + ] + + # 配置host volumes + host_volume "fnsync" { + path = "/mnt/fnsync" + read_only = false + } + + host_volume "vault-storage" { + path = "/opt/nomad/data/vault-storage" + read_only = false + } + + # 禁用Docker驱动,只使用Podman + options { + "driver.raw_exec.enable" = "1" + "driver.exec.enable" = "1" + } + + # 配置节点元数据 + meta { + consul = "true" + consul_version = "1.21.5" + consul_server = "true" + } + + # 激进的垃圾清理策略 + gc_interval = "5m" + gc_disk_usage_threshold = 80 + gc_inode_usage_threshold = 70 +} + +plugin "nomad-driver-podman" { + config { + socket_path = "unix:///run/podman/podman.sock" + volumes { + enabled = true + } + } +} + +consul { + enabled = false + server_service_name = "nomad" + client_service_name = "nomad-client" + auto_advertise = true + server_auto_join = true + client_auto_join = true +} + +vault { + enabled = true + address = "http://master.tailnet-68f9.ts.net:8200,http://ash3c.tailnet-68f9.ts.net:8200,http://warden.tailnet-68f9.ts.net:8200" + token = "hvs.A5Fu4E1oHyezJapVllKPFsWg" + create_from_role = "nomad-cluster" + tls_skip_verify = true +} + +telemetry { + collection_interval = "1s" + disable_hostname = false + prometheus_metrics = true + publish_allocation_metrics = true + publish_node_metrics = true +} \ No newline at end of file diff --git a/nomad-jobs/consul-cluster/consul-cluster.nomad b/nomad-jobs/consul-cluster/consul-cluster.nomad new file mode 100644 index 0000000..6346a56 --- /dev/null +++ b/nomad-jobs/consul-cluster/consul-cluster.nomad @@ -0,0 +1,212 @@ +job "consul-cluster-nomad" { + datacenters = ["dc1"] + type = "service" + + group "consul-ch4" { + constraint { + attribute = "${node.unique.name}" + value = "ch4" + } + + network { + port "http" { + static = 8500 + } + port "server" { + static = 8300 + } + port "serf-lan" { + static = 8301 + } + port "serf-wan" { + static = 8302 + } + } + + task "consul" { + driver = "exec" + + config { + command = "consul" + args = [ + "agent", + "-server", + "-bootstrap-expect=3", + "-data-dir=/opt/nomad/data/consul", + "-client=0.0.0.0", + "-bind=100.117.106.136", + "-advertise=100.117.106.136", + "-retry-join=ash3c.tailnet-68f9.ts.net:8301", + "-retry-join=warden.tailnet-68f9.ts.net:8301", + "-retry-join=onecloud1.tailnet-68f9.ts.net:8301", + "-ui", + "-http-port=8500", + "-server-port=8300", + "-serf-lan-port=8301", + "-serf-wan-port=8302" + ] + } + + resources { + cpu = 300 + memory = 512 + } + } + } + + group "consul-ash3c" { + constraint { + attribute = "${node.unique.name}" + value = "ash3c" + } + + network { + port "http" { + static = 8500 + } + port "server" { + static = 8300 + } + port "serf-lan" { + static = 8301 + } + port "serf-wan" { + static = 8302 + } + } + + task "consul" { + driver = "exec" + + config { + command = "consul" + args = [ + "agent", + "-server", + "-data-dir=/opt/nomad/data/consul", + "-client=0.0.0.0", + "-bind=100.116.80.94", + "-advertise=100.116.80.94", + "-retry-join=ch4.tailnet-68f9.ts.net:8301", + "-retry-join=warden.tailnet-68f9.ts.net:8301", + "-retry-join=onecloud1.tailnet-68f9.ts.net:8301", + "-ui", + "-http-port=8500", + "-server-port=8300", + "-serf-lan-port=8301", + "-serf-wan-port=8302" + ] + } + + resources { + cpu = 300 + memory = 512 + } + } + } + + group "consul-warden" { + constraint { + attribute = "${node.unique.name}" + value = "warden" + } + + network { + port "http" { + static = 8500 + } + port "server" { + static = 8300 + } + port "serf-lan" { + static = 8301 + } + port "serf-wan" { + static = 8302 + } + } + + task "consul" { + driver = "exec" + + config { + command = "consul" + args = [ + "agent", + "-server", + "-data-dir=/opt/nomad/data/consul", + "-client=0.0.0.0", + "-bind=100.122.197.112", + "-advertise=100.122.197.112", + "-retry-join=ch4.tailnet-68f9.ts.net:8301", + "-retry-join=ash3c.tailnet-68f9.ts.net:8301", + "-retry-join=onecloud1.tailnet-68f9.ts.net:8301", + "-ui", + "-http-port=8500", + "-server-port=8300", + "-serf-lan-port=8301", + "-serf-wan-port=8302" + ] + } + + resources { + cpu = 300 + memory = 512 + } + } + } + + group "consul-onecloud1" { + constraint { + attribute = "${node.unique.name}" + value = "onecloud1" + } + + network { + port "http" { + static = 8500 + } + port "server" { + static = 8300 + } + port "serf-lan" { + static = 8301 + } + port "serf-wan" { + static = 8302 + } + } + + task "consul" { + driver = "exec" + + config { + command = "consul" + args = [ + "agent", + "-server", + "-data-dir=/opt/nomad/data/consul", + "-client=0.0.0.0", + "-bind=100.98.209.50", + "-advertise=100.98.209.50", + "-retry-join=ch4.tailnet-68f9.ts.net:8301", + "-retry-join=ash3c.tailnet-68f9.ts.net:8301", + "-retry-join=warden.tailnet-68f9.ts.net:8301", + "-ui", + "-http-port=8500", + "-server-port=8300", + "-serf-lan-port=8301", + "-serf-wan-port=8302" + ] + } + + resources { + cpu = 300 + memory = 512 + } + } + } +} + + + diff --git a/nomad-jobs/traefik-cloudflare/traefik-cloudflare-v3.nomad b/nomad-jobs/traefik-cloudflare/traefik-cloudflare-v3.nomad new file mode 100644 index 0000000..2f54756 --- /dev/null +++ b/nomad-jobs/traefik-cloudflare/traefik-cloudflare-v3.nomad @@ -0,0 +1,249 @@ +job "traefik-cloudflare-v3" { + datacenters = ["dc1"] + type = "service" + + group "traefik" { + count = 1 + + constraint { + attribute = "${node.unique.name}" + value = "hcp1" + } + + volume "traefik-certs" { + type = "host" + read_only = false + source = "traefik-certs" + } + + network { + mode = "host" + port "http" { + static = 80 + } + port "https" { + static = 443 + } + port "traefik" { + static = 8080 + } + } + + task "traefik" { + driver = "exec" + + config { + command = "/usr/local/bin/traefik" + args = [ + "--configfile=/local/traefik.yml" + ] + } + + env { + CLOUDFLARE_EMAIL = "locksmithknight@gmail.com" + CLOUDFLARE_DNS_API_TOKEN = "0aPWoLaQ59l0nyL1jIVzZaEx2e41Gjgcfhn3ztJr" + CLOUDFLARE_ZONE_API_TOKEN = "0aPWoLaQ59l0nyL1jIVzZaEx2e41Gjgcfhn3ztJr" + } + + volume_mount { + volume = "traefik-certs" + destination = "/opt/traefik/certs" + read_only = false + } + + template { + data = <