Fix SSH client configuration for gitea connection

2025-10-09 05:47:05 +00:00
parent 8f732a8f1c
commit e986e7c9b2
22 changed files with 1218 additions and 11 deletions
--- a/nomad-configs/README.md
+++ b/nomad-configs/README.md
@@ -0,0 +1,48 @@
+# Nomad配置管理
+
+## 目录结构
+```
+nomad-configs/
+├── templates/
+│   └── nomad-client.hcl.j2    # 配置模板
+├── nodes/
+│   ├── warden.hcl            # 各节点配置文件
+│   ├── hcp1.hcl
+│   ├── onecloud1.hcl
+│   ├── influxdb1.hcl
+│   ├── ash3c.hcl
+│   ├── ch4.hcl
+│   └── browser.hcl
+├── scripts/
+│   └── deploy.sh             # 部署脚本
+└── README.md
+```
+
+## 节点列表
+- onecloud1 (down)
+- hcp1 (down)
+- influxdb1 (ready)
+- ash3c (ready)
+- ch4 (ready)
+- warden (ready) - 成功模板
+- browser (ready)
+
+## 使用方法
+
+### 部署单个节点
+```bash
+cd /root/mgmt/nomad-configs
+./scripts/deploy.sh warden
+```
+
+### 部署所有节点
+```bash
+for node in onecloud1 hcp1 influxdb1 ash3c ch4 warden browser; do
+    ./scripts/deploy.sh $node
+done
+```
+
+## 配置说明
+- 基于warden的成功配置
+- 只替换节点名和FQDN
+- 保持配置一致性
--- a/nomad-configs/nodes/influxdb1.hcl
+++ b/nomad-configs/nodes/influxdb1.hcl
@@ -83,11 +83,11 @@ plugin "nomad-driver-podman" {
 }

 consul {
-  enabled = false
+  address = "ch4.tailnet-68f9.ts.net:8500,ash3c.tailnet-68f9.ts.net:8500,warden.tailnet-68f9.ts.net:8500"
  server_service_name = "nomad"
  client_service_name = "nomad-client"
  auto_advertise = true
-  server_auto_join = true
+  server_auto_join = false
  client_auto_join = true
 }

--- a/nomad-configs/nodes/onecloud1-dual.hcl
+++ b/nomad-configs/nodes/onecloud1-dual.hcl
@@ -0,0 +1,130 @@
+datacenter = "dc1"
+data_dir = "/opt/nomad/data"
+plugin_dir = "/opt/nomad/plugins"
+log_level = "INFO"
+name = "onecloud1"
+
+bind_addr = "onecloud1.tailnet-68f9.ts.net"
+
+addresses {
+  http = "onecloud1.tailnet-68f9.ts.net"
+  rpc  = "onecloud1.tailnet-68f9.ts.net"
+  serf = "onecloud1.tailnet-68f9.ts.net"
+}
+
+advertise {
+  http = "onecloud1.tailnet-68f9.ts.net:4646"
+  rpc  = "onecloud1.tailnet-68f9.ts.net:4647"
+  serf = "onecloud1.tailnet-68f9.ts.net:4648"
+}
+
+ports {
+  http = 4646
+  rpc  = 4647
+  serf = 4648
+}
+
+server {
+  enabled = true
+  bootstrap_expect = 3
+  server_join {
+    retry_join = [
+      "semaphore.tailnet-68f9.ts.net:4648",
+      "ash1d.tailnet-68f9.ts.net:4648",
+      "ash2e.tailnet-68f9.ts.net:4648",
+      "ch2.tailnet-68f9.ts.net:4648",
+      "ch3.tailnet-68f9.ts.net:4648",
+      "onecloud1.tailnet-68f9.ts.net:4648",
+      "de.tailnet-68f9.ts.net:4648",
+      "hcp1.tailnet-68f9.ts.net:4648"
+    ]
+  }
+}
+
+client {
+\nconsul {
+  address = "ch4.tailnet-68f9.ts.net:8500,ash3c.tailnet-68f9.ts.net:8500,warden.tailnet-68f9.ts.net:8500"
+  server_service_name = "nomad"
+  client_service_name = "nomad-client"
+  auto_advertise = true
+  server_auto_join = true
+  client_auto_join = true
+}
+
+  enabled = true
+  network_interface = "tailscale0"
+  
+  # 配置七仙女服务器地址，使用完整FQDN
+  servers = [
+    "semaphore.tailnet-68f9.ts.net:4647",
+    "ash1d.tailnet-68f9.ts.net:4647",
+    "ash2e.tailnet-68f9.ts.net:4647",
+    "ch2.tailnet-68f9.ts.net:4647",
+    "ch3.tailnet-68f9.ts.net:4647",
+    "onecloud1.tailnet-68f9.ts.net:4647",
+    "de.tailnet-68f9.ts.net:4647"
+  ]
+  
+  # 配置host volumes
+  host_volume "fnsync" {
+    path = "/mnt/fnsync"
+    read_only = false
+  }
+  
+  host_volume "vault-storage" {
+    path = "/opt/nomad/data/vault-storage"
+    read_only = false
+  }
+  
+  # 禁用Docker驱动，只使用Podman
+  options {
+    "driver.raw_exec.enable" = "1"
+    "driver.exec.enable" = "1"
+  }
+  
+  # 配置节点元数据
+  meta {
+    consul = "true"
+    consul_version = "1.21.5"
+    consul_server = "true"
+  }
+  
+  # 激进的垃圾清理策略
+  gc_interval = "5m"
+  gc_disk_usage_threshold = 80
+  gc_inode_usage_threshold = 70
+}
+
+plugin "nomad-driver-podman" {
+  config {
+    socket_path = "unix:///run/podman/podman.sock"
+    volumes {
+      enabled = true
+    }
+  }
+}
+
+consul {
+  enabled = false
+  server_service_name = "nomad"
+  client_service_name = "nomad-client"
+  auto_advertise = true
+  server_auto_join = true
+  client_auto_join = true
+}
+
+vault {
+  enabled = true
+  address = "http://master.tailnet-68f9.ts.net:8200,http://ash3c.tailnet-68f9.ts.net:8200,http://onecloud1.tailnet-68f9.ts.net:8200"
+  token = "hvs.A5Fu4E1oHyezJapVllKPFsWg"
+  create_from_role = "nomad-cluster"
+  tls_skip_verify = true
+}
+
+telemetry {
+  collection_interval = "1s"
+  disable_hostname = false
+  prometheus_metrics = true
+  publish_allocation_metrics = true
+  publish_node_metrics = true
+}
--- a/nomad-configs/scripts/cleanup_backups.sh
+++ b/nomad-configs/scripts/cleanup_backups.sh
@@ -0,0 +1,13 @@
+#!/bin/bash
+
+# 清理所有节点的Nomad配置备份文件
+NODES=("hcp1" "influxdb1" "ash3c" "ch4" "warden" "browser" "ash1d" "ash2e" "ch2" "ch3" "de" "semaphore" "onecloud1")
+
+for NODE_NAME in "${NODES[@]}"; do
+  echo "清理节点 ${NODE_NAME} 的备份配置文件"
+  ssh ben@${NODE_NAME} "echo '3131' | sudo -S find /etc/nomad.d/ -name '*.bak' -o -name '*.backup' -o -name '*.~' -o -name '*.broken' | xargs -r sudo rm -f"
+  echo "节点 ${NODE_NAME} 清理完成"
+  echo "---"
+done
+
+echo "所有节点备份配置文件清理完成！"
--- a/nomad-configs/scripts/deploy-all.sh
+++ b/nomad-configs/scripts/deploy-all.sh
@@ -0,0 +1,26 @@
+#!/bin/bash
+
+# 批量部署所有节点配置
+# 用法: ./deploy-all.sh
+
+NODES=("influxdb1" "ash3c" "ch4" "browser")
+
+echo "开始批量部署Nomad配置..."
+
+for node in "${NODES[@]}"; do
+    echo "部署配置到节点: $node"
+    
+    # 下载配置文件
+    ssh ben@$node.tailnet-68f9.ts.net "curl -s 'https://gitea.tailnet-68f9.ts.net/ben/mgmt/raw/branch/main/nomad-configs/nodes/${node}.hcl' > /tmp/${node}.hcl && echo '3131' | sudo -S cp /tmp/${node}.hcl /etc/nomad.d/nomad.hcl"
+    
+    # 创建必要的目录
+    ssh ben@$node.tailnet-68f9.ts.net "echo '3131' | sudo -S mkdir -p /opt/nomad/data/vault-storage"
+    
+    # 重启Nomad服务
+    ssh ben@$node.tailnet-68f9.ts.net "echo '3131' | sudo -S systemctl restart nomad"
+    
+    echo "节点 $node 部署完成"
+    echo "---"
+done
+
+echo "所有节点部署完成！"
--- a/nomad-configs/scripts/deploy.sh
+++ b/nomad-configs/scripts/deploy.sh
@@ -0,0 +1,31 @@
+#!/bin/bash
+
+# Nomad配置部署脚本
+# 用法: ./deploy.sh <node_name>
+
+NODE_NAME=$1
+NODE_FQDN="${NODE_NAME}.tailnet-68f9.ts.net"
+
+if [ -z "$NODE_NAME" ]; then
+    echo "用法: $0 <node_name>"
+    echo "可用节点: onecloud1, hcp1, influxdb1, ash3c, ch4, warden, browser"
+    exit 1
+fi
+
+echo "部署配置到节点: $NODE_NAME ($NODE_FQDN)"
+
+# 生成配置文件
+sed "s/warden\.tailnet-68f9\.ts\.net/$NODE_FQDN/g" templates/nomad-client.hcl.j2 | \
+sed "s/name = \"warden\"/name = \"$NODE_NAME\"/" > nodes/${NODE_NAME}.hcl
+
+echo "配置文件已生成: nodes/${NODE_NAME}.hcl"
+
+# 部署到节点
+echo "部署到节点..."
+ssh ben@$NODE_FQDN "echo '3131' | sudo -S tee /etc/nomad.d/nomad.hcl" < nodes/${NODE_NAME}.hcl
+
+# 重启服务
+echo "重启Nomad服务..."
+ssh ben@$NODE_FQDN "echo '3131' | sudo -S systemctl restart nomad"
+
+echo "部署完成！"
--- a/nomad-configs/scripts/deploy_servers.sh
+++ b/nomad-configs/scripts/deploy_servers.sh
@@ -0,0 +1,13 @@
+#!/bin/bash
+
+SERVERS=("ash1d" "ash2e" "ch2" "ch3" "de" "semaphore" "hcp1" "onecloud1")
+REPO_URL="https://gitea.tailnet-68f9.ts.net/ben/mgmt/raw/branch/main/nomad-configs/servers"
+
+for SERVER_NAME in "${SERVERS[@]}"; do
+  echo "部署服务器配置到: ${SERVER_NAME}"
+  ssh ben@${SERVER_NAME} "curl -s \"${REPO_URL}/${SERVER_NAME}.hcl\" > /tmp/${SERVER_NAME}.hcl && echo '3131' | sudo -S cp /tmp/${SERVER_NAME}.hcl /etc/nomad.d/nomad.hcl && echo '3131' | sudo -S systemctl restart nomad"
+  echo "服务器 ${SERVER_NAME} 部署完成"
+  echo "---"
+done
+
+echo "所有Nomad服务器配置部署完成！"
--- a/nomad-configs/templates/nomad-client.hcl.j2
+++ b/nomad-configs/templates/nomad-client.hcl.j2
@@ -0,0 +1,108 @@
+datacenter = "dc1"
+data_dir = "/opt/nomad/data"
+plugin_dir = "/opt/nomad/plugins"
+log_level = "INFO"
+name = "warden"
+
+bind_addr = "warden.tailnet-68f9.ts.net"
+
+addresses {
+  http = "warden.tailnet-68f9.ts.net"
+  rpc  = "warden.tailnet-68f9.ts.net"
+  serf = "warden.tailnet-68f9.ts.net"
+}
+
+advertise {
+  http = "warden.tailnet-68f9.ts.net:4646"
+  rpc  = "warden.tailnet-68f9.ts.net:4647"
+  serf = "warden.tailnet-68f9.ts.net:4648"
+}
+
+ports {
+  http = 4646
+  rpc  = 4647
+  serf = 4648
+}
+
+server {
+  enabled = false
+}
+
+client {
+  enabled = true
+  network_interface = "tailscale0"
+  
+  # 配置七仙女服务器地址，使用完整FQDN
+  servers = [
+    "semaphore.tailnet-68f9.ts.net:4647",
+    "ash1d.tailnet-68f9.ts.net:4647",
+    "ash2e.tailnet-68f9.ts.net:4647",
+    "ch2.tailnet-68f9.ts.net:4647",
+    "ch3.tailnet-68f9.ts.net:4647",
+    "onecloud1.tailnet-68f9.ts.net:4647",
+    "de.tailnet-68f9.ts.net:4647"
+  ]
+  
+  # 配置host volumes
+  host_volume "fnsync" {
+    path = "/mnt/fnsync"
+    read_only = false
+  }
+  
+  host_volume "vault-storage" {
+    path = "/opt/nomad/data/vault-storage"
+    read_only = false
+  }
+  
+  # 禁用Docker驱动，只使用Podman
+  options {
+    "driver.raw_exec.enable" = "1"
+    "driver.exec.enable" = "1"
+  }
+  
+  # 配置节点元数据
+  meta {
+    consul = "true"
+    consul_version = "1.21.5"
+    consul_server = "true"
+  }
+  
+  # 激进的垃圾清理策略
+  gc_interval = "5m"
+  gc_disk_usage_threshold = 80
+  gc_inode_usage_threshold = 70
+}
+
+plugin "nomad-driver-podman" {
+  config {
+    socket_path = "unix:///run/podman/podman.sock"
+    volumes {
+      enabled = true
+    }
+  }
+}
+
+consul {
+  enabled = false
+  server_service_name = "nomad"
+  client_service_name = "nomad-client"
+  auto_advertise = true
+  server_auto_join = true
+  client_auto_join = true
+}
+
+vault {
+  enabled = true
+  address = "http://master.tailnet-68f9.ts.net:8200,http://ash3c.tailnet-68f9.ts.net:8200,http://warden.tailnet-68f9.ts.net:8200"
+  token = "hvs.A5Fu4E1oHyezJapVllKPFsWg"
+  create_from_role = "nomad-cluster"
+  tls_skip_verify = true
+}
+
+telemetry {
+  collection_interval = "1s"
+  disable_hostname = false
+  prometheus_metrics = true
+  publish_allocation_metrics = true
+  publish_node_metrics = true
+}