diff --git a/.kilocode/mcp.json b/.kilocode/mcp.json new file mode 120000 index 0000000..413e870 --- /dev/null +++ b/.kilocode/mcp.json @@ -0,0 +1 @@ +/mnt/fnsync/mcp/mcp_shared_config.json \ No newline at end of file diff --git a/.kilocode/mcp.json.backup b/.kilocode/mcp.json.backup new file mode 100644 index 0000000..8bafd83 --- /dev/null +++ b/.kilocode/mcp.json.backup @@ -0,0 +1,90 @@ +{ + "mcpServers": { + "context7": { + "command": "npx", + "args": [ + "-y", + "@upstash/context7-mcp" + ], + "env": { + "DEFAULT_MINIMUM_TOKENS": "" + } + }, + "filesystem": { + "command": "npx", + "args": [ + "-y", + "@modelcontextprotocol/server-filesystem", + "./" + ], + "disabled": false, + "alwaysAllow": [] + }, + "sequentialthinking": { + "command": "npx", + "args": [ + "-y", + "@modelcontextprotocol/server-sequential-thinking" + ], + "alwaysAllow": [ + "sequentialthinking" + ] + }, + "git": { + "command": "uvx", + "args": [ + "mcp-server-git", + "--repository", + "./" + ], + "alwaysAllow": [ + "git_status", + "git_diff_unstaged", + "git_diff", + "git_diff_staged", + "git_commit", + "git_add", + "git_reset", + "git_log", + "git_create_branch", + "git_checkout", + "git_show", + "git_branch" + ] + }, + "time": { + "command": "uvx", + "args": [ + "mcp-server-time" + ], + "alwaysAllow": [ + "get_current_time", + "convert_time" + ] + }, + "memory": { + "command": "npx", + "args": [ + "-y", + "@modelcontextprotocol/server-memory" + ], + "alwaysAllow": [ + "create_entities", + "create_relations", + "add_observations", + "delete_entities", + "delete_observations" + ] + }, + "tavily": { + "command": "npx", + "args": [ + "-y", + "tavily-mcp@0.2.3" + ], + "env": { + "TAVILY_API_KEY": "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" + } + } + } +} diff --git a/MCP_CONFIGURATION_SHARE.md b/MCP_CONFIGURATION_SHARE.md new file mode 100644 index 0000000..828f12a --- /dev/null +++ b/MCP_CONFIGURATION_SHARE.md @@ -0,0 +1,41 @@ +# MCP 配置共享方案 + +本项目实现了跨主机多个IDE之间共享MCP(Model Context Protocol)配置的解决方案,使用NFS卷实现跨主机同步。 + +## 配置结构 + +- `/root/.mcp/mcp_settings.json` - 主MCP配置文件(符号链接指向NFS卷) +- `/mnt/fnsync/mcp/mcp_shared_config.json` - NFS卷上的统一配置文件(权威源) +- `mcp_shared_config.json` - 指向NFS卷上配置文件的符号链接 +- `sync_mcp_config.sh` - 同步脚本,用于将统一配置复制到各个IDE +- `sync_all_mcp_configs.sh` - 完整同步脚本,同步到所有可能的IDE和AI助手 +- `.kilocode/mcp.json` - 指向共享配置的符号链接 +- 其他IDE和AI助手的配置文件 + +## 统一配置内容 + +合并了以下MCP服务器: + +### 标准服务器 +- context7: 提供库文档和代码示例 +- filesystem: 文件系统访问 +- sequentialthinking: 顺序思考工具 +- git: Git 操作 +- time: 时间相关操作 +- memory: 知识图谱和记忆管理 +- tavily: 网络搜索功能 + +## 使用方法 + +1. **更新配置**: 编辑 `/mnt/fnsync/mcp/mcp_shared_config.json` 文件以修改MCP服务器配置(或通过符号链接 `/root/.mcp/mcp_settings.json`) +2. **同步配置**: + - 运行 `./sync_mcp_config.sh` 同步到特定IDE + - 运行 `./sync_all_mcp_configs.sh` 同步到所有IDE和AI助手 +3. **验证配置**: 确认各IDE中的MCP功能正常工作 + +## 维护说明 + +- 所有MCP配置更改都应在 `/mnt/fnsync/mcp/mcp_shared_config.json` 中进行(这是权威源) +- `/root/.mcp/mcp_settings.json` 现在是符号链接,指向NFS卷上的统一配置 +- 由于使用NFS卷,配置更改会自动跨主机共享 +- 如果添加新的IDE,可以将其配置文件链接到或复制自 `/mnt/fnsync/mcp/mcp_shared_config.json` \ No newline at end of file diff --git a/README.md b/README.md index 9ef9b3b..b28938f 100644 --- a/README.md +++ b/README.md @@ -115,6 +115,74 @@ nomad job status nomad node status ``` +### ⚠️ 重要提示:网络访问注意事项 + +**Tailscale 网络访问**: +- 本项目中的 Nomad 和 Consul 服务通过 Tailscale 网络进行访问 +- 访问 Nomad (端口 4646) 和 Consul (端口 8500) 时,必须使用 Tailscale 分配的 IP 地址 +- 错误示例:`http://127.0.0.1:4646` 或 `http://localhost:8500` (无法连接) +- 正确示例:`http://100.x.x.x:4646` 或 `http://100.x.x.x:8500` (使用 Tailscale IP) + +**获取 Tailscale IP**: +```bash +# 查看当前节点的 Tailscale IP +tailscale ip -4 + +# 查看所有 Tailscale 网络中的节点 +tailscale status +``` + +**常见问题**: +- 如果遇到 "connection refused" 错误,请确认是否使用了正确的 Tailscale IP +- 确保 Tailscale 服务已启动并正常运行 +- 检查网络策略是否允许通过 Tailscale 接口访问相关端口 + +### 🔄 Nomad 集群领导者轮换与访问策略 + +**Nomad 集群领导者机制**: +- Nomad 使用 Raft 协议实现分布式一致性,集群中只有一个领导者节点 +- 领导者节点负责处理所有写入操作和协调集群状态 +- 当领导者节点故障时,集群会自动选举新的领导者 + +**领导者轮换时的访问策略**: + +1. **动态发现领导者**: +```bash +# 查询当前领导者节点 +curl -s http://<任意Nomad服务器IP>:4646/v1/status/leader +# 返回结果示例: "100.90.159.68:4647" + +# 使用返回的领导者地址进行API调用 +curl -s http://100.90.159.68:4646/v1/nodes +``` + +2. **负载均衡方案**: + - **DNS 负载均衡**:使用 Consul DNS 服务,通过 `nomad.service.consul` 解析到当前领导者 + - **代理层负载均衡**:在 Nginx/HAProxy 配置中添加健康检查,自动路由到活跃的领导者节点 + - **客户端重试机制**:在客户端代码中实现重试逻辑,当连接失败时尝试其他服务器节点 + +3. **推荐访问模式**: +```bash +# 使用领导者发现脚本 +#!/bin/bash +# 获取任意一个Nomad服务器IP +SERVER_IP="100.116.158.95" +# 查询当前领导者 +LEADER=$(curl -s http://${SERVER_IP}:4646/v1/status/leader | sed 's/"//g') +# 使用领导者地址执行命令 +nomad node status -address=http://${LEADER} +``` + +4. **高可用性配置**: + - 将所有 Nomad 服务器节点添加到客户端配置中 + - 客户端会自动连接到可用的服务器节点 + - 对于写入操作,客户端会自动重定向到领导者节点 + +**注意事项**: +- Nomad 集群领导者轮换是自动进行的,通常不需要人工干预 +- 在领导者选举期间,集群可能会短暂无法处理写入操作 +- 建议在应用程序中实现适当的重试逻辑,以处理领导者切换期间的临时故障 + ## 🛠️ 常用命令 | 命令 | 描述 | diff --git a/configs/dynamic/config.yml b/configs/dynamic/config.yml new file mode 100644 index 0000000..cf17870 --- /dev/null +++ b/configs/dynamic/config.yml @@ -0,0 +1,58 @@ +# Traefik动态配置文件 +# 这里可以添加动态路由、中间件等配置 + +# HTTP路由示例 +http: + routers: + # 测试路由 + test-router: + rule: "Host(`test.service.consul`)" + service: "test-service" + entryPoints: + - "https" + tls: + certResolver: "default" + + services: + # 测试服务 + test-service: + loadBalancer: + servers: + - url: "http://127.0.0.1:8080" + passHostHeader: true + + middlewares: + # 基本认证中间件 + basic-auth: + basicAuth: + users: + - "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/" + + # 安全头中间件 + security-headers: + headers: + sslRedirect: true + stsSeconds: 31536000 + stsIncludeSubdomains: true + stsPreload: true + forceSTSHeader: true + customFrameOptionsValue: "SAMEORIGIN" + contentTypeNosniff: true + browserXssFilter: true + +# TCP路由示例 +tcp: + routers: + # TCP测试路由 + tcp-test-router: + rule: "HostSNI(`*`)" + service: "tcp-test-service" + entryPoints: + - "https" + + services: + # TCP测试服务 + tcp-test-service: + loadBalancer: + servers: + - address: "127.0.0.1:8080" \ No newline at end of file diff --git a/configs/prometheus.yml b/configs/prometheus.yml new file mode 100644 index 0000000..7f181db --- /dev/null +++ b/configs/prometheus.yml @@ -0,0 +1,38 @@ +global: + scrape_interval: 15s + evaluation_interval: 15s + +rule_files: + # - "first_rules.yml" + # - "second_rules.yml" + +scrape_configs: + - job_name: 'prometheus' + static_configs: + - targets: ['localhost:9090'] + + - job_name: 'openfaas' + static_configs: + - targets: ['gateway:8080'] + metrics_path: /metrics + scrape_interval: 15s + scrape_timeout: 10s + + - job_name: 'nats' + static_configs: + - targets: ['nats:8222'] + metrics_path: /metrics + scrape_interval: 15s + scrape_timeout: 10s + + - job_name: 'node-exporter' + static_configs: + - targets: ['node-exporter:9100'] + scrape_interval: 15s + scrape_timeout: 10s + + - job_name: 'cadvisor' + static_configs: + - targets: ['cadvisor:8080'] + scrape_interval: 15s + scrape_timeout: 10s \ No newline at end of file diff --git a/configs/traefik.yml b/configs/traefik.yml new file mode 100644 index 0000000..768c4a9 --- /dev/null +++ b/configs/traefik.yml @@ -0,0 +1,63 @@ +# Traefik静态配置文件 +global: + sendAnonymousUsage: false + +# API和仪表板配置 +api: + dashboard: true + insecure: true # 仅用于测试,生产环境应使用安全配置 + +# 入口点配置 +entryPoints: + http: + address: ":80" + # 重定向HTTP到HTTPS + http: + redirections: + entryPoint: + to: https + scheme: https + https: + address: ":443" + api: + address: ":8080" + +# 提供者配置 +providers: + # 启用Consul Catalog提供者 + consulCatalog: + exposedByDefault: false + prefix: "traefik" + refreshInterval: 15s + requireConsistent: true + stale: false + watch: true + endpoint: + address: "http://127.0.0.1:8500" + scheme: "http" + connectAware: true + connectByDefault: false + + # 启用Nomad提供者 + nomad: + exposedByDefault: false + prefix: "traefik" + refreshInterval: 15s + stale: false + watch: true + endpoint: + address: "http://127.0.0.1:4646" + scheme: "http" + allowEmptyServices: true + +# 日志配置 +log: + level: "INFO" + format: "json" + +accessLog: + format: "json" + fields: + defaultMode: "keep" + headers: + defaultMode: "keep" \ No newline at end of file diff --git a/configuration/TELEGRAF_HANDOVER_DOCUMENT.md b/configuration/TELEGRAF_HANDOVER_DOCUMENT.md deleted file mode 100644 index 94eb71c..0000000 --- a/configuration/TELEGRAF_HANDOVER_DOCUMENT.md +++ /dev/null @@ -1,177 +0,0 @@ -# Nomad 集群 Telegraf 监控部署移交文档 - -## 📋 项目概述 - -**任务**: 为 Nomad 集群部署基于 Telegraf 的硬盘监控系统 -**目标**: 监控集群所有节点的硬盘使用率、系统性能等指标 -**监控栈**: Telegraf + InfluxDB 2.x + Grafana - -## 🎯 当前完成状态 - -### ✅ 已完成的工作 - -#### 1. 容器运行时迁移 -- **ch3 节点**: ✅ 成功清理 Docker,安装 Podman 4.9.3 + Compose 1.0.6 -- **ash2e 节点**: ✅ 完成 Docker 移除和 Podman 安装 - -#### 2. Telegraf 监控部署 -- **成功运行节点**: ash3c, semaphore, master, hcp1, hcp2, hcs (共6个节点) -- **监控数据**: 已开始向 InfluxDB 发送数据 -- **配置模式**: 使用远程配置 URL - -#### 3. 监控配置 -- **InfluxDB URL**: `http://influxdb1.tailnet-68f9.ts.net:8086` -- **Token**: `VU_dOCVZzqEHb9jSFsDe0bJlEBaVbiG4LqfoczlnmcbfrbmklSt904HJPL4idYGvVi0c2eHkYDi2zCTni7Ay4w==` -- **Organization**: `seekkey` -- **Bucket**: `VPS` -- **远程配置**: `http://influxdb1.tailnet-68f9.ts.net:8086/api/v2/telegrafs/0f8a73496790c000` - -## 🔄 待完成的工作 - -### 1. 剩余节点的 Telegraf 安装 -**状态**: 部分节点仍需处理 -**问题节点**: ch3, ch2, ash1d, syd - -**问题描述**: -- 这些节点在下载 InfluxData 仓库密钥时失败 -- 错误信息: `HTTPSConnection.__init__() got an unexpected keyword argument 'cert_file'` -- 原因: Python urllib3 版本兼容性问题 - -**解决方案**: -已创建简化安装脚本 `/root/mgmt/configuration/fix-telegraf-simple.sh`,包含以下步骤: -1. 直接下载 Telegraf 1.36.1 二进制文件 -2. 创建简化的启动脚本 -3. 部署为 `telegraf-simple.service` - -### 2. 集群角色配置 -**当前配置**: -```ini -[nomad_servers] -semaphore, ash2e, ash1d, ch2, ch3 (5个server) - -[nomad_clients] -master, ash3c (2个client) -``` - -**待处理**: -- ash2e, ash1d, ch2 节点需要安装 Nomad 二进制文件 -- 这些节点目前缺少 Nomad 安装 - -## 📁 重要文件位置 - -### 配置文件 -- **Inventory**: `/root/mgmt/configuration/inventories/production/nomad-cluster.ini` -- **全局配置**: `/root/mgmt/configuration/inventories/production/group_vars/all.yml` - -### Playbooks -- **Telegraf 部署**: `/root/mgmt/configuration/playbooks/setup-disk-monitoring.yml` -- **Docker 移除**: `/root/mgmt/configuration/playbooks/remove-docker-install-podman.yml` -- **Nomad 配置**: `/root/mgmt/configuration/playbooks/configure-nomad-tailscale.yml` - -### 模板文件 -- **Telegraf 主配置**: `/root/mgmt/configuration/templates/telegraf.conf.j2` -- **硬盘监控**: `/root/mgmt/configuration/templates/disk-monitoring.conf.j2` -- **系统监控**: `/root/mgmt/configuration/templates/system-monitoring.conf.j2` -- **环境变量**: `/root/mgmt/configuration/templates/telegraf-env.j2` - -### 修复脚本 -- **简化安装**: `/root/mgmt/configuration/fix-telegraf-simple.sh` -- **远程部署**: `/root/mgmt/configuration/deploy-telegraf-remote.sh` - -## 🔧 技术细节 - -### Telegraf 服务配置 -```ini -[Unit] -Description=Telegraf -After=network.target - -[Service] -Type=simple -User=telegraf -Group=telegraf -ExecStart=/usr/bin/telegraf --config http://influxdb1.tailnet-68f9.ts.net:8086/api/v2/telegrafs/0f8a73496790c000 -Restart=always -RestartSec=5 -EnvironmentFile=/etc/default/telegraf - -[Install] -WantedBy=multi-user.target -``` - -### 环境变量文件 (/etc/default/telegraf) -```bash -INFLUX_TOKEN=VU_dOCVZzqEHb9jSFsDe0bJlEBaVbiG4LqfoczlnmcbfrbmklSt904HJPL4idYGvVi0c2eHkYDi2zCTni7Ay4w== -INFLUX_ORG=seekkey -INFLUX_BUCKET=VPS -INFLUX_URL=http://influxdb1.tailnet-68f9.ts.net:8086 -``` - -### 监控指标类型 -- 硬盘使用率 (所有挂载点: /, /var, /tmp, /opt, /home) -- 硬盘 I/O 性能 (读写速度、IOPS) -- inode 使用率 -- CPU 使用率 (总体 + 每核心) -- 内存使用率 -- 网络接口统计 -- 系统负载和内核统计 -- 服务状态 (Nomad, Podman, Tailscale, Docker) -- 进程监控 -- 日志文件大小监控 - -## 🚀 下一步操作建议 - -### 立即任务 -1. **完成剩余节点 Telegraf 安装**: - ```bash - cd /root/mgmt/configuration - ./fix-telegraf-simple.sh - ``` - -2. **验证监控数据**: - ```bash - # 检查所有节点 Telegraf 状态 - ansible all -i inventories/production/nomad-cluster.ini -m shell -a "systemctl is-active telegraf" --limit '!mac-laptop,!win-laptop' - ``` - -3. **在 Grafana 中验证数据**: - - 确认 InfluxDB 中有来自所有节点的数据 - - 创建硬盘监控仪表板 - -### 后续优化 -1. **设置告警规则**: - - 硬盘使用率 > 80% 警告 - - 硬盘使用率 > 90% 严重告警 - -2. **优化监控配置**: - - 根据实际需求调整收集间隔 - - 添加更多自定义监控指标 - -3. **完成 Nomad 安装**: - - 在 ash2e, ash1d, ch2 节点安装 Nomad 二进制文件 - - 配置集群连接 - -## ❗ 已知问题 - -1. **仓库密钥下载失败**: - - 影响节点: ch3, ch2, ash1d, ash2e, ash3c, syd - - 解决方案: 使用简化安装脚本 - -2. **包管理器锁定冲突**: - - 多个节点同时执行 apt 操作导致锁定 - - 解决方案: 使用 serial: 1 逐个处理 - -3. **telegraf 用户缺失**: - - 部分节点需要手动创建 telegraf 系统用户 - - 解决方案: `useradd --system --no-create-home --shell /bin/false telegraf` - -## 📞 联系信息 - -**移交日期**: 2025-09-24 -**当前状态**: Telegraf 已在 6/11 个节点成功运行 -**关键成果**: 硬盘监控数据已开始流入 InfluxDB -**优先级**: 完成剩余 5 个节点的 Telegraf 安装 - ---- - -**备注**: 所有脚本和配置文件都已经过测试,可以直接使用。建议按照上述步骤顺序执行,确保每个步骤完成后再进行下一步。 \ No newline at end of file diff --git a/configuration/deploy-monitoring.sh b/configuration/deploy-monitoring.sh deleted file mode 100755 index dbc68df..0000000 --- a/configuration/deploy-monitoring.sh +++ /dev/null @@ -1,46 +0,0 @@ -#!/bin/bash -# Nomad 集群硬盘监控部署脚本 -# 使用现有的 InfluxDB + Grafana 监控栈 - -echo "🚀 开始部署 Nomad 集群硬盘监控..." - -# 检查配置文件 -if [[ ! -f "inventories/production/group_vars/all.yml" ]]; then - echo "❌ 配置文件不存在,请先配置 InfluxDB 连接信息" - exit 1 -fi - -# 显示配置信息 -echo "📋 当前监控配置:" -grep -E "influxdb_|disk_usage_|collection_interval" inventories/production/group_vars/all.yml - -echo "" -read -p "🤔 确认配置正确吗?(y/N): " confirm -if [[ $confirm != [yY] ]]; then - echo "❌ 部署取消,请修改配置后重试" - exit 1 -fi - -# 部署到所有节点 -echo "📦 开始安装 Telegraf 到所有节点..." -ansible-playbook -i inventories/production/nomad-cluster.ini playbooks/setup-disk-monitoring.yml - -# 检查部署结果 -if [[ $? -eq 0 ]]; then - echo "✅ 硬盘监控部署完成!" - echo "" - echo "📊 监控信息:" - echo "- 数据将发送到你现有的 InfluxDB" - echo "- 可以在 Grafana 中创建仪表板查看数据" - echo "- 已禁用本地日志文件以节省硬盘空间" - echo "- 监控数据每30秒收集一次" - echo "" - echo "🔧 下一步:" - echo "1. 在 Grafana 中创建 Nomad 集群监控仪表板" - echo "2. 设置硬盘使用率告警规则" - echo "3. 可以运行以下命令检查监控状态:" - echo " ansible all -i inventories/production/nomad-cluster.ini -m shell -a 'systemctl status telegraf'" -else - echo "❌ 部署失败,请检查错误信息" - exit 1 -fi \ No newline at end of file diff --git a/configuration/deploy-telegraf-remote.sh b/configuration/deploy-telegraf-remote.sh deleted file mode 100755 index 4b20096..0000000 --- a/configuration/deploy-telegraf-remote.sh +++ /dev/null @@ -1,40 +0,0 @@ -#!/bin/bash -# 使用远程 InfluxDB 2.x 配置快速部署 Telegraf 监控 - -echo "🚀 使用 InfluxDB 2.x 远程配置部署 Telegraf 监控..." - -# 设置变量 -INFLUX_TOKEN="VU_dOCVZzqEHb9jSFsDe0bJlEBaVbiG4LqfoczlnmcbfrbmklSt904HJPL4idYGvVi0c2eHkYDi2zCTni7Ay4w==" -TELEGRAF_CONFIG_URL="http://influxdb1.tailnet-68f9.ts.net:8086/api/v2/telegrafs/0f8a73496790c000" - -# 检查网络连接 -echo "🔍 检查 InfluxDB 连接..." -if curl -s --max-time 5 "http://influxdb1.tailnet-68f9.ts.net:8086/health" > /dev/null; then - echo "✅ InfluxDB 连接正常" -else - echo "❌ 无法连接到 InfluxDB,请检查网络" - exit 1 -fi - -# 使用远程配置部署 -echo "📦 开始部署到所有节点..." -ansible-playbook -i inventories/production/nomad-cluster.ini playbooks/setup-disk-monitoring.yml \ - -e "use_remote_config=true" \ - -e "telegraf_config_url=$TELEGRAF_CONFIG_URL" \ - -e "influxdb_token=$INFLUX_TOKEN" - -# 检查部署结果 -if [[ $? -eq 0 ]]; then - echo "✅ Telegraf 监控部署完成!" - echo "" - echo "📊 配置信息:" - echo "- 使用远程配置: $TELEGRAF_CONFIG_URL" - echo "- InfluxDB 服务器: influxdb1.tailnet-68f9.ts.net:8086" - echo "- 已禁用本地日志文件" - echo "" - echo "🔧 验证部署:" - echo "ansible all -i inventories/production/nomad-cluster.ini -m shell -a 'systemctl status telegraf --no-pager'" -else - echo "❌ 部署失败,请检查错误信息" - exit 1 -fi \ No newline at end of file diff --git a/configuration/fix-telegraf-install.sh b/configuration/fix-telegraf-install.sh deleted file mode 100755 index 164b868..0000000 --- a/configuration/fix-telegraf-install.sh +++ /dev/null @@ -1,53 +0,0 @@ -#!/bin/bash -# 简化的 Telegraf 安装脚本 - 使用 Ubuntu 官方仓库 - -echo "🚀 使用简化方案安装 Telegraf..." - -# 定义失败的节点(需要手动处理) -FAILED_NODES="ch3,ch2,ash1d,ash2e,ash3c,syd" - -echo "📦 第一步:在失败的节点安装 Telegraf(Ubuntu 官方版本)..." -ansible $FAILED_NODES -i inventories/production/nomad-cluster.ini -m apt -a "name=telegraf state=present update_cache=yes" --become - -if [[ $? -eq 0 ]]; then - echo "✅ Telegraf 安装成功" -else - echo "❌ 安装失败,尝试手动方式..." - # 手动安装方式 - ansible $FAILED_NODES -i inventories/production/nomad-cluster.ini -m shell -a "apt update && apt install -y telegraf" --become -fi - -echo "🔧 第二步:配置 Telegraf 使用远程配置..." - -# 创建环境变量文件 -ansible $FAILED_NODES -i inventories/production/nomad-cluster.ini -m copy -a "content='INFLUX_TOKEN=VU_dOCVZzqEHb9jSFsDe0bJlEBaVbiG4LqfoczlnmcbfrbmklSt904HJPL4idYGvVi0c2eHkYDi2zCTni7Ay4w== -INFLUX_ORG=nomad -INFLUX_BUCKET=nomad_monitoring -INFLUX_URL=http://influxdb1.tailnet-68f9.ts.net:8086' dest=/etc/default/telegraf owner=root group=root mode=0600" --become - -# 创建 systemd 服务文件 -ansible $FAILED_NODES -i inventories/production/nomad-cluster.ini -m copy -a "content='[Unit] -Description=Telegraf - 节点监控服务 -Documentation=https://github.com/influxdata/telegraf -After=network.target - -[Service] -Type=notify -User=telegraf -Group=telegraf -ExecStart=/usr/bin/telegraf --config http://influxdb1.tailnet-68f9.ts.net:8086/api/v2/telegrafs/0f8a73496790c000 -ExecReload=/bin/kill -HUP \$MAINPID -KillMode=control-group -Restart=on-failure -RestartSec=5 -TimeoutStopSec=20 -EnvironmentFile=/etc/default/telegraf - -[Install] -WantedBy=multi-user.target' dest=/etc/systemd/system/telegraf.service owner=root group=root mode=0644" --become - -echo "🔄 第三步:启动服务..." -ansible $FAILED_NODES -i inventories/production/nomad-cluster.ini -m systemd -a "daemon_reload=yes name=telegraf state=started enabled=yes" --become - -echo "✅ 检查结果..." -ansible $FAILED_NODES -i inventories/production/nomad-cluster.ini -m shell -a "systemctl status telegraf --no-pager -l | head -5" --become \ No newline at end of file diff --git a/configuration/fix-telegraf-simple.sh b/configuration/fix-telegraf-simple.sh deleted file mode 100755 index 8a6ed69..0000000 --- a/configuration/fix-telegraf-simple.sh +++ /dev/null @@ -1,52 +0,0 @@ -#!/bin/bash -# 直接使用远程配置运行 Telegraf 的简化方案 - -echo "🚀 创建简化的 Telegraf 服务..." - -# 失败的节点 -FAILED_NODES="ch3,ch2,ash1d,ash2e,syd" - -echo "📥 第一步:下载并安装 Telegraf 二进制文件..." -ansible $FAILED_NODES -i inventories/production/nomad-cluster.ini -m shell -a " -cd /tmp && -curl -L https://dl.influxdata.com/telegraf/releases/telegraf-1.36.1_linux_amd64.tar.gz -o telegraf.tar.gz && -tar -xzf telegraf.tar.gz && -sudo cp telegraf-1.36.1/usr/bin/telegraf /usr/bin/ && -sudo chmod +x /usr/bin/telegraf && -telegraf version -" --become - -echo "🔧 第二步:创建简化的启动脚本..." -ansible $FAILED_NODES -i inventories/production/nomad-cluster.ini -m copy -a "content='#!/bin/bash -export INFLUX_TOKEN=VU_dOCVZzqEHb9jSFsDe0bJlEBaVbiG4LqfoczlnmcbfrbmklSt904HJPL4idYGvVi0c2eHkYDi2zCTni7Ay4w== -export INFLUX_ORG=seekkey -export INFLUX_BUCKET=VPS -export INFLUX_URL=http://influxdb1.tailnet-68f9.ts.net:8086 - -/usr/bin/telegraf --config http://influxdb1.tailnet-68f9.ts.net:8086/api/v2/telegrafs/0f8a73496790c000 -' dest=/usr/local/bin/telegraf-start.sh owner=root group=root mode=0755" --become - -echo "🔄 第三步:停止旧服务并启动新的简化服务..." -ansible $FAILED_NODES -i inventories/production/nomad-cluster.ini -m systemd -a "name=telegraf state=stopped enabled=no" --become || true - -# 创建简化的 systemd 服务 -ansible $FAILED_NODES -i inventories/production/nomad-cluster.ini -m copy -a "content='[Unit] -Description=Telegraf (Simplified) -After=network.target - -[Service] -Type=simple -User=telegraf -Group=telegraf -ExecStart=/usr/local/bin/telegraf-start.sh -Restart=always -RestartSec=5 - -[Install] -WantedBy=multi-user.target' dest=/etc/systemd/system/telegraf-simple.service owner=root group=root mode=0644" --become - -echo "🚀 第四步:启动简化服务..." -ansible $FAILED_NODES -i inventories/production/nomad-cluster.ini -m systemd -a "daemon_reload=yes name=telegraf-simple state=started enabled=yes" --become - -echo "✅ 检查结果..." -ansible $FAILED_NODES -i inventories/production/nomad-cluster.ini -m shell -a "systemctl status telegraf-simple --no-pager -l | head -10" --become \ No newline at end of file diff --git a/configuration/nfs-volume.hcl b/configuration/nfs-volume.hcl deleted file mode 100644 index 3cc3920..0000000 --- a/configuration/nfs-volume.hcl +++ /dev/null @@ -1,45 +0,0 @@ -# NFS CSI Volume 配置 -type = "csi" -id = "nfs-fnsync" -name = "nfs-fnsync" -external_id = "nfs-fnsync" - -# 插件配置 -plugin_id = "nfs" -capacity_min = "1GiB" -capacity_max = "100GiB" - -# 挂载选项 -mount_options { - fs_type = "nfs4" - mount_flags = ["rw", "relatime", "vers=4.2"] -} - -# 访问模式 -access_mode = "single-node-writer" -attachment_mode = "file-system" - -# 拓扑约束 -topology_request { - preferred { - topology { - segments = { - "rack" = "rack-1" - } - } - } - - required { - topology { - segments = { - "datacenter" = "dc1" - } - } - } -} - -# 参数配置 -parameters { - server = "snail" - share = "/fs/1000/nfs/Fnsync" -} \ No newline at end of file diff --git a/configuration/pipefail b/configuration/pipefail deleted file mode 100644 index 2950718..0000000 --- a/configuration/pipefail +++ /dev/null @@ -1,394 +0,0 @@ -'!'=3491531 -'#'=0 -'$'=3491516 -'*'=( ) -'?'=0 --=569JNRXghiks -0=/usr/bin/zsh -@=( ) -ADDR=( 'PATH=/root/.trae-server/sdks/workspaces/cced0550/versions/node/current\x3a/root/.trae-server/sdks/versions/node/current\x3a' ) -AGNOSTER_AWS_BG=green -AGNOSTER_AWS_FG=black -AGNOSTER_AWS_PROD_BG=red -AGNOSTER_AWS_PROD_FG=yellow -AGNOSTER_BZR_CLEAN_BG=green -AGNOSTER_BZR_CLEAN_FG=black -AGNOSTER_BZR_DIRTY_BG=yellow -AGNOSTER_BZR_DIRTY_FG=black -AGNOSTER_CONTEXT_BG=black -AGNOSTER_CONTEXT_FG=default -AGNOSTER_DIR_BG=blue -AGNOSTER_DIR_FG=black -AGNOSTER_GIT_BRANCH_STATUS=true -AGNOSTER_GIT_CLEAN_BG=green -AGNOSTER_GIT_CLEAN_FG=black -AGNOSTER_GIT_DIRTY_BG=yellow -AGNOSTER_GIT_DIRTY_FG=black -AGNOSTER_GIT_INLINE=false -AGNOSTER_HG_CHANGED_BG=yellow -AGNOSTER_HG_CHANGED_FG=black -AGNOSTER_HG_CLEAN_BG=green -AGNOSTER_HG_CLEAN_FG=black -AGNOSTER_HG_NEWFILE_BG=red -AGNOSTER_HG_NEWFILE_FG=white -AGNOSTER_STATUS_BG=black -AGNOSTER_STATUS_FG=default -AGNOSTER_STATUS_JOB_FG=cyan -AGNOSTER_STATUS_RETVAL_FG=red -AGNOSTER_STATUS_RETVAL_NUMERIC=false -AGNOSTER_STATUS_ROOT_FG=yellow -AGNOSTER_VENV_BG=blue -AGNOSTER_VENV_FG=black -ANTHROPIC_AUTH_TOKEN=sk-M0YtRnZNHJkqFP7DjrNsf3jVDe4INKqiBGN0YgQcisudOYbp -ANTHROPIC_BASE_URL=https://anyrouter.top -ARCH=x86_64 -ARGC=0 -BG -BROWSER=/root/.trae-server/bin/stable-0643ffaa788ad4dd46eaa12cec109ac40595c816/bin/helpers/browser.sh -BUFFER='' -CDPATH='' -COLORTERM=truecolor -COLUMNS=104 -CPUTYPE=x86_64 -CURRENT_BG=NONE -CURRENT_DEFAULT_FG=default -CURRENT_FG=black -CURSOR='' -DBUS_SESSION_BUS_ADDRESS='unix:path=/run/user/0/bus' -DISTRO_COMMIT=0643ffaa788ad4dd46eaa12cec109ac40595c816 -DISTRO_QUALITY=stable -DISTRO_VERSION=1.100.3 -DISTRO_VSCODIUM_RELEASE='' -DOWNLOAD_RETRY_COUNT=0 -EDITOR=vim -EGID=0 -EPOCHREALTIME -EPOCHSECONDS -EUID=0 -EXTRACT_RETRY_COUNT=0 -FG -FIGNORE='' -FPATH=/root/.oh-my-zsh/plugins/z:/root/.oh-my-zsh/plugins/web-search:/root/.oh-my-zsh/plugins/vscode:/root/.oh-my-zsh/plugins/tmux:/root/.oh-my-zsh/plugins/systemd:/root/.oh-my-zsh/plugins/sudo:/root/.oh-my-zsh/plugins/history-substring-search:/root/.oh-my-zsh/plugins/extract:/root/.oh-my-zsh/plugins/command-not-found:/root/.oh-my-zsh/plugins/colored-man-pages:/root/.oh-my-zsh/custom/plugins/zsh-completions:/root/.oh-my-zsh/custom/plugins/zsh-syntax-highlighting:/root/.oh-my-zsh/custom/plugins/zsh-autosuggestions:/root/.oh-my-zsh/plugins/gcloud:/root/.oh-my-zsh/plugins/aws:/root/.oh-my-zsh/plugins/helm:/root/.oh-my-zsh/plugins/kubectl:/root/.oh-my-zsh/plugins/terraform:/root/.oh-my-zsh/plugins/ansible:/root/.oh-my-zsh/plugins/docker-compose:/root/.oh-my-zsh/plugins/docker:/root/.oh-my-zsh/plugins/git:/root/.oh-my-zsh/functions:/root/.oh-my-zsh/completions:/root/.oh-my-zsh/custom/functions:/root/.oh-my-zsh/custom/completions:/root/.oh-my-zsh/cache/completions:/usr/local/share/zsh/site-functions:/usr/share/zsh/vendor-functions:/usr/share/zsh/vendor-completions:/usr/share/zsh/functions/Calendar:/usr/share/zsh/functions/Chpwd:/usr/share/zsh/functions/Completion:/usr/share/zsh/functions/Completion/AIX:/usr/share/zsh/functions/Completion/BSD:/usr/share/zsh/functions/Completion/Base:/usr/share/zsh/functions/Completion/Cygwin:/usr/share/zsh/functions/Completion/Darwin:/usr/share/zsh/functions/Completion/Debian:/usr/share/zsh/functions/Completion/Linux:/usr/share/zsh/functions/Completion/Mandriva:/usr/share/zsh/functions/Completion/Redhat:/usr/share/zsh/functions/Completion/Solaris:/usr/share/zsh/functions/Completion/Unix:/usr/share/zsh/functions/Completion/X:/usr/share/zsh/functions/Completion/Zsh:/usr/share/zsh/functions/Completion/openSUSE:/usr/share/zsh/functions/Exceptions:/usr/share/zsh/functions/MIME:/usr/share/zsh/functions/Math:/usr/share/zsh/functions/Misc:/usr/share/zsh/functions/Newuser:/usr/share/zsh/functions/Prompts:/usr/share/zsh/functions/TCP:/usr/share/zsh/functions/VCS_Info:/usr/share/zsh/functions/VCS_Info/Backends:/usr/share/zsh/functions/Zftp:/usr/share/zsh/functions/Zle:/root/.oh-my-zsh/custom/plugins/zsh-completions/src -FUNCNEST=500 -FX -GID=0 -GIT_ASKPASS=/root/.trae-server/bin/stable-0643ffaa788ad4dd46eaa12cec109ac40595c816/extensions/git/dist/askpass.sh -GIT_PAGER='' -HISTCHARS='!^#' -HISTCMD=1888 -HISTFILE=/root/.zsh_history -HISTORY_SUBSTRING_SEARCH_ENSURE_UNIQUE='' -HISTORY_SUBSTRING_SEARCH_FUZZY='' -HISTORY_SUBSTRING_SEARCH_GLOBBING_FLAGS=i -HISTORY_SUBSTRING_SEARCH_HIGHLIGHT_FOUND='bg=magenta,fg=white,bold' -HISTORY_SUBSTRING_SEARCH_HIGHLIGHT_NOT_FOUND='bg=red,fg=white,bold' -HISTORY_SUBSTRING_SEARCH_PREFIXED='' -HISTSIZE=10000 -HOME=/root -HOST=semaphore -IFS=$' \t\n\C-@' -ITEM='PATH=/root/.trae-server/sdks/workspaces/cced0550/versions/node/current\x3a/root/.trae-server/sdks/versions/node/current\x3a' -KEYBOARD_HACK='' -KEYTIMEOUT=40 -LANG=C.UTF-8 -LANGUAGE=en_US.UTF-8 -LC_ALL=C.UTF-8 -LESS=-R -LINENO=77 -LINES=40 -LISTMAX=100 -LOGNAME=root -LSCOLORS=Gxfxcxdxbxegedabagacad -LS_COLORS='rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:mi=00:su=37;41:sg=30;43:ca=00:tw=30;42:ow=34;42:st=37;44:ex=01;32:*.tar=01;31:*.tgz=01;31:*.arc=01;31:*.arj=01;31:*.taz=01;31:*.lha=01;31:*.lz4=01;31:*.lzh=01;31:*.lzma=01;31:*.tlz=01;31:*.txz=01;31:*.tzo=01;31:*.t7z=01;31:*.zip=01;31:*.z=01;31:*.dz=01;31:*.gz=01;31:*.lrz=01;31:*.lz=01;31:*.lzo=01;31:*.xz=01;31:*.zst=01;31:*.tzst=01;31:*.bz2=01;31:*.bz=01;31:*.tbz=01;31:*.tbz2=01;31:*.tz=01;31:*.deb=01;31:*.rpm=01;31:*.jar=01;31:*.war=01;31:*.ear=01;31:*.sar=01;31:*.rar=01;31:*.alz=01;31:*.ace=01;31:*.zoo=01;31:*.cpio=01;31:*.7z=01;31:*.rz=01;31:*.cab=01;31:*.wim=01;31:*.swm=01;31:*.dwm=01;31:*.esd=01;31:*.avif=01;35:*.jpg=01;35:*.jpeg=01;35:*.mjpg=01;35:*.mjpeg=01;35:*.gif=01;35:*.bmp=01;35:*.pbm=01;35:*.pgm=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=01;35:*.png=01;35:*.svg=01;35:*.svgz=01;35:*.mng=01;35:*.pcx=01;35:*.mov=01;35:*.mpg=01;35:*.mpeg=01;35:*.m2v=01;35:*.mkv=01;35:*.webm=01;35:*.webp=01;35:*.ogm=01;35:*.mp4=01;35:*.m4v=01;35:*.mp4v=01;35:*.vob=01;35:*.qt=01;35:*.nuv=01;35:*.wmv=01;35:*.asf=01;35:*.rm=01;35:*.rmvb=01;35:*.flc=01;35:*.avi=01;35:*.fli=01;35:*.flv=01;35:*.gl=01;35:*.dl=01;35:*.xcf=01;35:*.xwd=01;35:*.yuv=01;35:*.cgm=01;35:*.emf=01;35:*.ogv=01;35:*.ogx=01;35:*.aac=00;36:*.au=00;36:*.flac=00;36:*.m4a=00;36:*.mid=00;36:*.midi=00;36:*.mka=00;36:*.mp3=00;36:*.mpc=00;36:*.ogg=00;36:*.ra=00;36:*.wav=00;36:*.oga=00;36:*.opus=00;36:*.spx=00;36:*.xspf=00;36:*~=00;90:*#=00;90:*.bak=00;90:*.old=00;90:*.orig=00;90:*.part=00;90:*.rej=00;90:*.swp=00;90:*.tmp=00;90:*.dpkg-dist=00;90:*.dpkg-old=00;90:*.ucf-dist=00;90:*.ucf-new=00;90:*.ucf-old=00;90:*.rpmnew=00;90:*.rpmorig=00;90:*.rpmsave=00;90:' -MACHTYPE=x86_64 -MAILCHECK=60 -MAILPATH='' -MANAGER_LOGS_DIR=/root/.trae-server/manager-logs/1758782495499_337482 -MANPATH='' -MATCH='' -MBEGIN='' -MEND='' -MODULE_PATH=/usr/lib/x86_64-linux-gnu/zsh/5.9 -MOTD_SHOWN=pam -NEWLINE=$'\n' -NOMAD_ADDR=http://100.81.26.3:4646 -NULLCMD=cat -OLDPWD=/root/mgmt -OPTARG='' -OPTIND=1 -OSTYPE=linux-gnu -OS_RELEASE_ID=debian -PAGER='' -PATH=/root/.trae-server/sdks/workspaces/cced0550/versions/node/current:/root/.trae-server/sdks/versions/node/current:/root/.trae-server/sdks/workspaces/cced0550/versions/node/current:/root/.trae-server/sdks/versions/node/current:/root/.trae-server/bin/stable-0643ffaa788ad4dd46eaa12cec109ac40595c816/bin/remote-cli:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin -PLATFORM=linux -POWERLEVEL9K_INSTANT_PROMPT=off -PPID=2438215 -PROMPT2='%_> ' -PROMPT3='?# ' -PROMPT4='+%N:%i> ' -PROMPT=$'\n(TraeAI-3) %~ [%?] $ ' -PS1=$'\n(TraeAI-3) %~ [%?] $ ' -PS2='%_> ' -PS3='?# ' -PS4='+%N:%i> ' -PSVAR='' -PWD=/root/mgmt/configuration -RANDOM=6724 -READNULLCMD=/usr/bin/pager -REMOTE_VERSION=1058011568130_8 -SAVEHIST=10000 -SCRIPT_ID=f227a05726be7c5a36752917 -SECONDS=1076 -SEGMENT_SEPARATOR= -SERVER_APP_NAME=Trae -SERVER_APP_QUALITY=dev -SERVER_APP_VERSION='' -SERVER_ARCH=x64 -SERVER_DATA_DIR=/root/.trae-server -SERVER_DIR=/root/.trae-server/bin/stable-0643ffaa788ad4dd46eaa12cec109ac40595c816 -SERVER_DOWNLOAD_PREFIX=https://lf-cdn.trae.com.cn/obj/trae-com-cn/pkg/server/releases/stable/0643ffaa788ad4dd46eaa12cec109ac40595c816/linux/ -SERVER_EXTENSIONS_DIR=/root/.trae-server/extensions -SERVER_HOST=127.0.0.1 -SERVER_INITIAL_EXTENSIONS='--install-extension gitpod.gitpod-remote-ssh' -SERVER_LISTEN_FLAG='--port=0' -SERVER_LOGFILE=/root/.trae-server/.stable-0643ffaa788ad4dd46eaa12cec109ac40595c816.log -SERVER_LOGS_DIR=/root/.trae-server/logs -SERVER_PACKAGE_NAME=Trae-linux-x64-1058011568130_8.tar.gz -SERVER_PIDFILE=/root/.trae-server/.stable-0643ffaa788ad4dd46eaa12cec109ac40595c816.pid -SERVER_SCRIPT=/root/.trae-server/bin/stable-0643ffaa788ad4dd46eaa12cec109ac40595c816/index_trae.js -SERVER_SCRIPT_PRODUCT=/root/.trae-server/bin/stable-0643ffaa788ad4dd46eaa12cec109ac40595c816/product.json -SERVER_TOKENFILE=/root/.trae-server/.stable-0643ffaa788ad4dd46eaa12cec109ac40595c816.token -SHELL=/usr/bin/zsh -SHLVL=2 -SHORT_HOST=semaphore -SPROMPT='zsh: correct '\''%R'\'' to '\''%r'\'' [nyae]? ' -SSH_CLIENT='100.86.9.29 49793 22' -SSH_CONNECTION='100.86.9.29 49793 100.116.158.95 22' -TERM=xterm-256color -TERM_PRODUCT=Trae -TERM_PROGRAM=vscode -TERM_PROGRAM_VERSION=1.100.3 -TIMEFMT='%J %U user %S system %P cpu %*E total' -TMPPREFIX=/tmp/zsh -TMP_DIR=/run/user/0 -TRAE_AI_SHELL_ID=3 -TRAE_DETECT_REGION=CN -TRAE_REMOTE_EXTENSION_REGION=cn -TRAE_REMOTE_SKIP_REMOTE_CHECK='' -TRAE_RESOLVE_TYPE=ssh -TRY_BLOCK_ERROR=-1 -TRY_BLOCK_INTERRUPT=-1 -TTY=/dev/pts/8 -TTYIDLE=-1 -UID=0 -USER=root -USERNAME=root -USER_ZDOTDIR=/root -VARNAME=PATH -VENDOR=debian -VSCODE_GIT_ASKPASS_EXTRA_ARGS='' -VSCODE_GIT_ASKPASS_MAIN=/root/.trae-server/bin/stable-0643ffaa788ad4dd46eaa12cec109ac40595c816/extensions/git/dist/askpass-main.js -VSCODE_GIT_ASKPASS_NODE=/root/.trae-server/bin/stable-0643ffaa788ad4dd46eaa12cec109ac40595c816/node -VSCODE_GIT_IPC_HANDLE=/run/user/0/vscode-git-7caaecb415.sock -VSCODE_INJECTION=1 -VSCODE_IPC_HOOK_CLI=/run/user/0/vscode-ipc-47deaf2b-9a7a-4554-a972-d6b4aa5bb388.sock -VSCODE_SHELL_INTEGRATION=1 -VSCODE_STABLE='' -VSCODE_ZDOTDIR=/tmp/root-trae-zsh -WATCH -WORDCHARS='' -XDG_RUNTIME_DIR=/run/user/0 -XDG_SESSION_CLASS=user -XDG_SESSION_ID=1636 -XDG_SESSION_TYPE=tty -ZDOTDIR=/root -ZSH=/root/.oh-my-zsh -ZSHZ=( [CHOWN]=zf_chown [DIRECTORY_REMOVED]=0 [FUNCTIONS]=$'_zshz_usage\n _zshz_add_or_remove_path\n _zshz_update_datafile\n _zshz_legacy_complete\n _zshz_printv\n _zshz_find_common_root\n _zshz_output\n _zshz_find_matches\n zshz\n _zshz_precmd\n _zshz_chpwd\n _zshz' [MV]=zf_mv [PRINTV]=1 [RM]=zf_rm [USE_FLOCK]=1 ) -ZSHZ_EXCLUDE_DIRS=( ) -ZSH_ARGZERO=/usr/bin/zsh -ZSH_AUTOSUGGEST_ACCEPT_WIDGETS=( forward-char end-of-line vi-forward-char vi-end-of-line vi-add-eol ) -ZSH_AUTOSUGGEST_CLEAR_WIDGETS=( history-search-forward history-search-backward history-beginning-search-forward history-beginning-search-backward history-beginning-search-forward-end history-beginning-search-backward-end history-substring-search-up history-substring-search-down up-line-or-beginning-search down-line-or-beginning-search up-line-or-history down-line-or-history accept-line copy-earlier-word ) -ZSH_AUTOSUGGEST_COMPLETIONS_PTY_NAME=zsh_autosuggest_completion_pty -ZSH_AUTOSUGGEST_EXECUTE_WIDGETS=( ) -ZSH_AUTOSUGGEST_HIGHLIGHT_STYLE='fg=8' -ZSH_AUTOSUGGEST_IGNORE_WIDGETS=( 'orig-*' beep run-help set-local-history which-command yank yank-pop 'zle-*' ) -ZSH_AUTOSUGGEST_ORIGINAL_WIDGET_PREFIX=autosuggest-orig- -ZSH_AUTOSUGGEST_PARTIAL_ACCEPT_WIDGETS=( forward-word emacs-forward-word vi-forward-word vi-forward-word-end vi-forward-blank-word vi-forward-blank-word-end vi-find-next-char vi-find-next-char-skip ) -ZSH_AUTOSUGGEST_STRATEGY=( history completion ) -ZSH_AUTOSUGGEST_USE_ASYNC='' -ZSH_CACHE_DIR=/root/.oh-my-zsh/cache -ZSH_COMPDUMP=/root/.zcompdump-semaphore-5.9 -ZSH_CUSTOM=/root/.oh-my-zsh/custom -ZSH_EVAL_CONTEXT=toplevel -ZSH_HIGHLIGHT_DIRS_BLACKLIST=( ) -ZSH_HIGHLIGHT_HIGHLIGHTERS=( main brackets pattern cursor ) -ZSH_HIGHLIGHT_PATTERNS=( ) -ZSH_HIGHLIGHT_REGEXP=( ) -ZSH_HIGHLIGHT_REVISION=HEAD -ZSH_HIGHLIGHT_STYLES=( [arg0]='fg=green' [assign]=none [autodirectory]='fg=green,underline' [back-dollar-quoted-argument]='fg=cyan' [back-double-quoted-argument]='fg=cyan' [back-quoted-argument]=none [back-quoted-argument-delimiter]='fg=magenta' [bracket-error]='fg=red,bold' [bracket-level-1]='fg=blue,bold' [bracket-level-2]='fg=green,bold' [bracket-level-3]='fg=magenta,bold' [bracket-level-4]='fg=yellow,bold' [bracket-level-5]='fg=cyan,bold' [command-substitution]=none [command-substitution-delimiter]='fg=magenta' [commandseparator]=none [comment]='fg=black,bold' [cursor]=standout [cursor-matchingbracket]=standout [default]=none [dollar-double-quoted-argument]='fg=cyan' [dollar-quoted-argument]='fg=yellow' [double-hyphen-option]=none [double-quoted-argument]='fg=yellow' [global-alias]='fg=cyan' [globbing]='fg=blue' [history-expansion]='fg=blue' [line]='' [named-fd]=none [numeric-fd]=none [path]=underline [path_pathseparator]='' [path_prefix_pathseparator]='' [precommand]='fg=green,underline' [process-substitution]=none [process-substitution-delimiter]='fg=magenta' [rc-quote]='fg=cyan' [redirection]='fg=yellow' [reserved-word]='fg=yellow' [root]=standout [single-hyphen-option]=none [single-quoted-argument]='fg=yellow' [suffix-alias]='fg=green,underline' [unknown-token]='fg=red,bold' ) -ZSH_HIGHLIGHT_VERSION=0.8.1-dev -ZSH_NAME=zsh -ZSH_PATCHLEVEL=debian/5.9-4+b7 -ZSH_SUBSHELL=1 -ZSH_THEME=agnoster -ZSH_THEME_GIT_PROMPT_CLEAN='' -ZSH_THEME_GIT_PROMPT_DIRTY='*' -ZSH_THEME_GIT_PROMPT_PREFIX='git:(' -ZSH_THEME_GIT_PROMPT_SUFFIX=')' -ZSH_THEME_RUBY_PROMPT_PREFIX='(' -ZSH_THEME_RUBY_PROMPT_SUFFIX=')' -ZSH_THEME_RVM_PROMPT_OPTIONS='i v g' -ZSH_THEME_TERM_TAB_TITLE_IDLE='%15<..<%~%<<' -ZSH_THEME_TERM_TITLE_IDLE='%n@%m:%~' -ZSH_TMUX_AUTOCONNECT=true -ZSH_TMUX_AUTONAME_SESSION=false -ZSH_TMUX_AUTOQUIT=false -ZSH_TMUX_AUTOREFRESH=false -ZSH_TMUX_AUTOSTART=false -ZSH_TMUX_AUTOSTART_ONCE=true -ZSH_TMUX_CONFIG=/root/.tmux.conf -ZSH_TMUX_DETACHED=false -ZSH_TMUX_FIXTERM=true -ZSH_TMUX_FIXTERM_WITHOUT_256COLOR=screen -ZSH_TMUX_FIXTERM_WITH_256COLOR=screen-256color -ZSH_TMUX_ITERM2=false -ZSH_TMUX_TERM=screen-256color -ZSH_TMUX_UNICODE=false -ZSH_VERSION=5.9 -_=set -_OMZ_ASYNC_FDS=( ) -_OMZ_ASYNC_OUTPUT=( ) -_OMZ_ASYNC_PIDS=( ) -_ZSH_AUTOSUGGEST_ASYNC_FD='' -_ZSH_AUTOSUGGEST_BIND_COUNTS=( [accept-and-hold]=1 [accept-and-infer-next-history]=1 [accept-and-menu-complete]=1 [accept-line]=1 [accept-line-and-down-history]=1 [accept-search]=1 [argument-base]=1 [auto-suffix-remove]=1 [auto-suffix-retain]=1 [autosuggest-capture-completion]=1 [backward-char]=1 [backward-delete-char]=1 [backward-delete-word]=1 [backward-kill-line]=1 [backward-kill-word]=1 [backward-word]=1 [beginning-of-buffer-or-history]=1 [beginning-of-history]=1 [beginning-of-line]=1 [beginning-of-line-hist]=1 [bracketed-paste]=1 [capitalize-word]=1 [clear-screen]=1 [complete-word]=1 [copy-prev-shell-word]=1 [copy-prev-word]=1 [copy-region-as-kill]=1 [deactivate-region]=1 [delete-char]=1 [delete-char-or-list]=1 [delete-word]=1 [describe-key-briefly]=1 [digit-argument]=1 [down-case-word]=1 [down-history]=1 [down-line]=1 [down-line-or-beginning-search]=1 [down-line-or-history]=1 [down-line-or-search]=1 [edit-command-line]=1 [emacs-backward-word]=1 [emacs-forward-word]=1 [end-of-buffer-or-history]=1 [end-of-history]=1 [end-of-line]=1 [end-of-line-hist]=1 [end-of-list]=1 [exchange-point-and-mark]=1 [execute-last-named-cmd]=1 [execute-named-cmd]=1 [expand-cmd-path]=1 [expand-history]=1 [expand-or-complete]=1 [expand-or-complete-prefix]=1 [expand-word]=1 [forward-char]=1 [forward-word]=1 [get-line]=1 [gosmacs-transpose-chars]=1 [history-beginning-search-backward]=1 [history-beginning-search-forward]=1 [history-incremental-pattern-search-backward]=1 [history-incremental-pattern-search-forward]=1 [history-incremental-search-backward]=1 [history-incremental-search-forward]=1 [history-search-backward]=1 [history-search-forward]=1 [history-substring-search-down]=1 [history-substring-search-up]=1 [infer-next-history]=1 [insert-last-word]=1 [kill-buffer]=1 [kill-line]=1 [kill-region]=1 [kill-whole-line]=1 [kill-word]=1 [list-choices]=1 [list-expand]=1 [magic-space]=1 [menu-complete]=1 [menu-expand-or-complete]=1 [menu-select]=1 [neg-argument]=1 [overwrite-mode]=1 [pound-insert]=1 [push-input]=1 [push-line]=1 [push-line-or-edit]=1 [put-replace-selection]=1 [quote-line]=1 [quote-region]=1 [quoted-insert]=1 [read-command]=1 [recursive-edit]=1 [redisplay]=1 [redo]=1 [reset-prompt]=1 [reverse-menu-complete]=1 [select-a-blank-word]=1 [select-a-shell-word]=1 [select-a-word]=1 [select-in-blank-word]=1 [select-in-shell-word]=1 [select-in-word]=1 [self-insert]=1 [self-insert-unmeta]=1 [send-break]=1 [set-mark-command]=1 [spell-word]=1 [split-undo]=1 [sudo-command-line]=1 [transpose-chars]=1 [transpose-words]=1 [undefined-key]=1 [undo]=1 [universal-argument]=1 [up-case-word]=1 [up-history]=1 [up-line]=1 [up-line-or-beginning-search]=1 [up-line-or-history]=1 [up-line-or-search]=1 [user:zle-line-finish]=1 [vi-add-eol]=1 [vi-add-next]=1 [vi-backward-blank-word]=1 [vi-backward-blank-word-end]=1 [vi-backward-char]=1 [vi-backward-delete-char]=1 [vi-backward-kill-word]=1 [vi-backward-word]=1 [vi-backward-word-end]=1 [vi-beginning-of-line]=1 [vi-caps-lock-panic]=1 [vi-change]=1 [vi-change-eol]=1 [vi-change-whole-line]=1 [vi-cmd-mode]=1 [vi-delete]=1 [vi-delete-char]=1 [vi-digit-or-beginning-of-line]=1 [vi-down-case]=1 [vi-down-line-or-history]=1 [vi-end-of-line]=1 [vi-fetch-history]=1 [vi-find-next-char]=1 [vi-find-next-char-skip]=1 [vi-find-prev-char]=1 [vi-find-prev-char-skip]=1 [vi-first-non-blank]=1 [vi-forward-blank-word]=1 [vi-forward-blank-word-end]=1 [vi-forward-char]=1 [vi-forward-word]=1 [vi-forward-word-end]=1 [vi-goto-column]=1 [vi-goto-mark]=1 [vi-goto-mark-line]=1 [vi-history-search-backward]=1 [vi-history-search-forward]=1 [vi-indent]=1 [vi-insert]=1 [vi-insert-bol]=1 [vi-join]=1 [vi-kill-eol]=1 [vi-kill-line]=1 [vi-match-bracket]=1 [vi-open-line-above]=1 [vi-open-line-below]=1 [vi-oper-swap-case]=1 [vi-pound-insert]=1 [vi-put-after]=1 [vi-put-before]=1 [vi-quoted-insert]=1 [vi-repeat-change]=1 [vi-repeat-find]=1 [vi-repeat-search]=1 [vi-replace]=1 [vi-replace-chars]=1 [vi-rev-repeat-find]=1 [vi-rev-repeat-search]=1 [vi-set-buffer]=1 [vi-set-mark]=1 [vi-substitute]=1 [vi-swap-case]=1 [vi-undo-change]=1 [vi-unindent]=1 [vi-up-case]=1 [vi-up-line-or-history]=1 [vi-yank]=1 [vi-yank-eol]=1 [vi-yank-whole-line]=1 [visual-line-mode]=1 [visual-mode]=1 [what-cursor-position]=1 [where-is]=1 ) -_ZSH_AUTOSUGGEST_BUILTIN_ACTIONS=( clear fetch suggest accept execute enable disable toggle ) -_ZSH_AUTOSUGGEST_CHILD_PID=3538664 -_ZSH_HIGHLIGHT_PRIOR_BUFFER='' -_ZSH_HIGHLIGHT_PRIOR_CURSOR=0 -_ZSH_TMUX_FIXED_CONFIG=/root/.oh-my-zsh/plugins/tmux/tmux.only.conf -__colored_man_pages_dir=/root/.oh-my-zsh/plugins/colored-man-pages -__vsc_current_command='set -o pipefail' -__vsc_env_keys=( ) -__vsc_env_values=( ) -__vsc_in_command_execution=1 -__vsc_nonce=8569aa72-4f06-40f4-a830-4084a537236a -__vsc_prior_prompt2='%_> ' -__vsc_prior_prompt=$'\n(TraeAI-3) %~ [%?] $ ' -__vsc_use_aa=1 -__vscode_shell_env_reporting='' -_comp_assocs=( '' ) -_comp_dumpfile=/root/.zcompdump -_comp_options -_comp_setup -_compautos -_comps -_history_substring_search_match_index=0 -_history_substring_search_matches=( ) -_history_substring_search_query='' -_history_substring_search_query_highlight='' -_history_substring_search_query_parts=( ) -_history_substring_search_raw_match_index=0 -_history_substring_search_raw_matches=( ) -_history_substring_search_refresh_display='' -_history_substring_search_result='' -_history_substring_search_unique_filter=( ) -_history_substring_search_zsh_5_9=1 -_lastcomp -_patcomps -_postpatcomps -_services -_zsh_highlight__highlighter_brackets_cache=( ) -_zsh_highlight__highlighter_cursor_cache=( ) -_zsh_highlight__highlighter_main_cache=( '0 2 fg=green memo=zsh-syntax-highlighting' '3 6 none memo=zsh-syntax-highlighting' '7 11 underline memo=zsh-syntax-highlighting' '11 12 none memo=zsh-syntax-highlighting' '13 17 fg=green memo=zsh-syntax-highlighting' '18 20 none memo=zsh-syntax-highlighting' '21 57 none memo=zsh-syntax-highlighting' '21 57 fg=yellow memo=zsh-syntax-highlighting' '58 62 underline memo=zsh-syntax-highlighting' ) -_zsh_highlight__highlighter_pattern_cache=( ) -_zsh_highlight_main__command_type_cache=( ) -aliases -argv=( ) -bg -bg_bold -bg_no_bold -bold_color -builtins -cdpath=( ) -chpwd_functions=( _zshz_chpwd ) -color=( [00]=none [01]=bold [02]=faint [03]=italic [04]=underline [05]=blink [07]=reverse [08]=conceal [22]=normal [23]=no-italic [24]=no-underline [25]=no-blink [27]=no-reverse [28]=no-conceal [30]=black [31]=red [32]=green [33]=yellow [34]=blue [35]=magenta [36]=cyan [37]=white [39]=default [40]=bg-black [41]=bg-red [42]=bg-green [43]=bg-yellow [44]=bg-blue [45]=bg-magenta [46]=bg-cyan [47]=bg-white [49]=bg-default [bg-black]=40 [bg-blue]=44 [bg-cyan]=46 [bg-default]=49 [bg-gray]=40 [bg-green]=42 [bg-grey]=40 [bg-magenta]=45 [bg-red]=41 [bg-white]=47 [bg-yellow]=43 [black]=30 [blink]=05 [blue]=34 [bold]=01 [conceal]=08 [cyan]=36 [default]=39 [faint]=02 [fg-black]=30 [fg-blue]=34 [fg-cyan]=36 [fg-default]=39 [fg-gray]=30 [fg-green]=32 [fg-grey]=30 [fg-magenta]=35 [fg-red]=31 [fg-white]=37 [fg-yellow]=33 [gray]=30 [green]=32 [grey]=30 [italic]=03 [magenta]=35 [no-blink]=25 [no-conceal]=28 [no-italic]=23 [no-reverse]=27 [no-underline]=24 [none]=00 [normal]=22 [red]=31 [reverse]=07 [underline]=04 [white]=37 [yellow]=33 ) -colour=( [00]=none [01]=bold [02]=faint [03]=italic [04]=underline [05]=blink [07]=reverse [08]=conceal [22]=normal [23]=no-italic [24]=no-underline [25]=no-blink [27]=no-reverse [28]=no-conceal [30]=black [31]=red [32]=green [33]=yellow [34]=blue [35]=magenta [36]=cyan [37]=white [39]=default [40]=bg-black [41]=bg-red [42]=bg-green [43]=bg-yellow [44]=bg-blue [45]=bg-magenta [46]=bg-cyan [47]=bg-white [49]=bg-default [bg-black]=40 [bg-blue]=44 [bg-cyan]=46 [bg-default]=49 [bg-gray]=40 [bg-green]=42 [bg-grey]=40 [bg-magenta]=45 [bg-red]=41 [bg-white]=47 [bg-yellow]=43 [black]=30 [blink]=05 [blue]=34 [bold]=01 [conceal]=08 [cyan]=36 [default]=39 [faint]=02 [fg-black]=30 [fg-blue]=34 [fg-cyan]=36 [fg-default]=39 [fg-gray]=30 [fg-green]=32 [fg-grey]=30 [fg-magenta]=35 [fg-red]=31 [fg-white]=37 [fg-yellow]=33 [gray]=30 [green]=32 [grey]=30 [italic]=03 [magenta]=35 [no-blink]=25 [no-conceal]=28 [no-italic]=23 [no-reverse]=27 [no-underline]=24 [none]=00 [normal]=22 [red]=31 [reverse]=07 [underline]=04 [white]=37 [yellow]=33 ) -commands -comppostfuncs=( ) -compprefuncs=( ) -d=/usr/share/zsh/functions/Zle -debian_missing_features=( ) -dirstack -dis_aliases -dis_builtins -dis_functions -dis_functions_source -dis_galiases -dis_patchars -dis_reswords -dis_saliases -envVarsToReport=( '' ) -epochtime -errnos -fg -fg_bold -fg_no_bold -fignore=( ) -fpath=( /root/.oh-my-zsh/plugins/z /root/.oh-my-zsh/plugins/web-search /root/.oh-my-zsh/plugins/vscode /root/.oh-my-zsh/plugins/tmux /root/.oh-my-zsh/plugins/systemd /root/.oh-my-zsh/plugins/sudo /root/.oh-my-zsh/plugins/history-substring-search /root/.oh-my-zsh/plugins/extract /root/.oh-my-zsh/plugins/command-not-found /root/.oh-my-zsh/plugins/colored-man-pages /root/.oh-my-zsh/custom/plugins/zsh-completions /root/.oh-my-zsh/custom/plugins/zsh-syntax-highlighting /root/.oh-my-zsh/custom/plugins/zsh-autosuggestions /root/.oh-my-zsh/plugins/gcloud /root/.oh-my-zsh/plugins/aws /root/.oh-my-zsh/plugins/helm /root/.oh-my-zsh/plugins/kubectl /root/.oh-my-zsh/plugins/terraform /root/.oh-my-zsh/plugins/ansible /root/.oh-my-zsh/plugins/docker-compose /root/.oh-my-zsh/plugins/docker /root/.oh-my-zsh/plugins/git /root/.oh-my-zsh/functions /root/.oh-my-zsh/completions /root/.oh-my-zsh/custom/functions /root/.oh-my-zsh/custom/completions /root/.oh-my-zsh/cache/completions /usr/local/share/zsh/site-functions /usr/share/zsh/vendor-functions /usr/share/zsh/vendor-completions /usr/share/zsh/functions/Calendar /usr/share/zsh/functions/Chpwd /usr/share/zsh/functions/Completion /usr/share/zsh/functions/Completion/AIX /usr/share/zsh/functions/Completion/BSD /usr/share/zsh/functions/Completion/Base /usr/share/zsh/functions/Completion/Cygwin /usr/share/zsh/functions/Completion/Darwin /usr/share/zsh/functions/Completion/Debian /usr/share/zsh/functions/Completion/Linux /usr/share/zsh/functions/Completion/Mandriva /usr/share/zsh/functions/Completion/Redhat /usr/share/zsh/functions/Completion/Solaris /usr/share/zsh/functions/Completion/Unix /usr/share/zsh/functions/Completion/X /usr/share/zsh/functions/Completion/Zsh /usr/share/zsh/functions/Completion/openSUSE /usr/share/zsh/functions/Exceptions /usr/share/zsh/functions/MIME /usr/share/zsh/functions/Math /usr/share/zsh/functions/Misc /usr/share/zsh/functions/Newuser /usr/share/zsh/functions/Prompts /usr/share/zsh/functions/TCP /usr/share/zsh/functions/VCS_Info /usr/share/zsh/functions/VCS_Info/Backends /usr/share/zsh/functions/Zftp /usr/share/zsh/functions/Zle /root/.oh-my-zsh/custom/plugins/zsh-completions/src ) -funcfiletrace -funcsourcetrace -funcstack -functions -functions_source -functrace -galiases -histchars='!^#' -history -historywords -jobdirs -jobstates -jobtexts -key='' -keymaps -langinfo -less_termcap -line='' -mailpath=( ) -manpath=( ) -module_path=( /usr/lib/x86_64-linux-gnu/zsh/5.9 ) -modules -nameddirs -node=hcp1 -node_id=baea7bb6 -node_name=hcp2 -options -parameters -patchars -path=( /root/.trae-server/sdks/workspaces/cced0550/versions/node/current /root/.trae-server/sdks/versions/node/current /root/.trae-server/sdks/workspaces/cced0550/versions/node/current /root/.trae-server/sdks/versions/node/current /root/.trae-server/bin/stable-0643ffaa788ad4dd46eaa12cec109ac40595c816/bin/remote-cli /usr/local/sbin /usr/local/bin /usr/sbin /usr/bin /sbin /bin ) -pipestatus=( 0 ) -plugins=( git docker docker-compose ansible terraform kubectl helm aws gcloud zsh-autosuggestions zsh-syntax-highlighting zsh-completions colored-man-pages command-not-found extract history-substring-search sudo systemd tmux vscode web-search z ) -podman_status=false -precmd_functions=( _omz_async_request omz_termsupport_precmd _zsh_autosuggest_start _zsh_highlight_main__precmd_hook _zshz_precmd __vsc_precmd ) -preexec_functions=( omz_termsupport_preexec _zsh_highlight_preexec_hook __vsc_preexec ) -prompt=$'\n(TraeAI-3) %~ [%?] $ ' -psvar=( ) -reset_color -reswords -ret=0 -saliases -signals=( EXIT HUP INT QUIT ILL TRAP IOT BUS FPE KILL USR1 SEGV USR2 PIPE ALRM TERM STKFLT CHLD CONT STOP TSTP TTIN TTOU URG XCPU XFSZ VTALRM PROF WINCH POLL PWR SYS ZERR DEBUG ) -status=0 -sysparams -termcap -terminfo -userdirs -usergroups -vsc_aa_env=( ) -vscode_base_dir=/root/.trae-server -watch -widgets -zle_bracketed_paste=( $'\C-[[?2004h' $'\C-[[?2004l' ) -zsh_eval_context=( toplevel ) -zsh_highlight__memo_feature=1 -zsh_highlight__pat_static_bug=false -zsh_scheduled_events diff --git a/configuration/podman-remote-static-linux_amd64 b/configuration/podman-remote-static-linux_amd64 deleted file mode 100755 index 86532f8..0000000 Binary files a/configuration/podman-remote-static-linux_amd64 and /dev/null differ diff --git a/configuration/proxy.env b/configuration/proxy.env deleted file mode 100644 index 73b1421..0000000 --- a/configuration/proxy.env +++ /dev/null @@ -1,30 +0,0 @@ -# Proxy Configuration for istoreos.tailnet-68f9.ts.net:1082 -# This file contains proxy environment variables for the management system - -# HTTP/HTTPS Proxy Settings -export http_proxy=http://istoreos.tailnet-68f9.ts.net:1082 -export https_proxy=http://istoreos.tailnet-68f9.ts.net:1082 -export HTTP_PROXY=http://istoreos.tailnet-68f9.ts.net:1082 -export HTTPS_PROXY=http://istoreos.tailnet-68f9.ts.net:1082 - -# No Proxy Settings (local networks and services) -export no_proxy=localhost,127.0.0.1,::1,.local,.tailnet-68f9.ts.net -export NO_PROXY=localhost,127.0.0.1,::1,.local,.tailnet-68f9.ts.net - -# Additional proxy settings for various tools -export ALL_PROXY=http://istoreos.tailnet-68f9.ts.net:1082 -export all_proxy=http://istoreos.tailnet-68f9.ts.net:1082 - -# Docker proxy settings -export DOCKER_BUILDKIT=1 -export BUILDKIT_PROGRESS=plain - -# Git proxy settings -export GIT_HTTP_PROXY=http://istoreos.tailnet-68f9.ts.net:1082 -export GIT_HTTPS_PROXY=http://istoreos.tailnet-68f9.ts.net:1082 - -# Curl proxy settings -export CURL_PROXY=http://istoreos.tailnet-68f9.ts.net:1082 - -# Wget proxy settings -export WGET_PROXY=http://istoreos.tailnet-68f9.ts.net:1082 diff --git a/docs/consul-provider-integration.md b/docs/consul-provider-integration.md new file mode 100644 index 0000000..b348188 --- /dev/null +++ b/docs/consul-provider-integration.md @@ -0,0 +1,179 @@ +# Terraform Consul Provider 集成指南 + +本指南说明如何使用Terraform Consul Provider直接从Consul获取Oracle Cloud配置,无需手动保存私钥到临时文件。 + +## 集成概述 + +我们已经将Terraform Consul Provider集成到现有的Terraform配置中,实现了以下功能: + +1. 直接从Consul获取Oracle Cloud配置(包括tenancy_ocid、user_ocid、fingerprint和private_key) +2. 自动将从Consul获取的私钥保存到临时文件 +3. 使用从Consul获取的配置初始化OCI Provider +4. 支持多个区域(韩国和美国)的配置 + +## 配置结构 + +### 1. Consul中的配置存储 + +Oracle Cloud配置存储在Consul的以下路径中: + +- 韩国区域:`config/dev/oracle/kr/` + - `tenancy_ocid` + - `user_ocid` + - `fingerprint` + - `private_key` + +- 美国区域:`config/dev/oracle/us/` + - `tenancy_ocid` + - `user_ocid` + - `fingerprint` + - `private_key` + +### 2. Terraform配置 + +#### Provider配置 + +```hcl +# Consul Provider配置 +provider "consul" { + address = "localhost:8500" + scheme = "http" + datacenter = "dc1" +} +``` + +#### 数据源配置 + +```hcl +# 从Consul获取Oracle Cloud配置 +data "consul_keys" "oracle_config" { + key { + name = "tenancy_ocid" + path = "config/dev/oracle/kr/tenancy_ocid" + } + key { + name = "user_ocid" + path = "config/dev/oracle/kr/user_ocid" + } + key { + name = "fingerprint" + path = "config/dev/oracle/kr/fingerprint" + } + key { + name = "private_key" + path = "config/dev/oracle/kr/private_key" + } +} +``` + +#### 私钥文件创建 + +```hcl +# 将从Consul获取的私钥保存到临时文件 +resource "local_file" "oci_kr_private_key" { + content = data.consul_keys.oracle_config.var.private_key + filename = "/tmp/oci_kr_private_key.pem" +} +``` + +#### OCI Provider配置 + +```hcl +# 使用从Consul获取的配置的OCI Provider +provider "oci" { + tenancy_ocid = data.consul_keys.oracle_config.var.tenancy_ocid + user_ocid = data.consul_keys.oracle_config.var.user_ocid + fingerprint = data.consul_keys.oracle_config.var.fingerprint + private_key_path = local_file.oci_kr_private_key.filename + region = "ap-chuncheon-1" +} +``` + +## 使用方法 + +### 1. 确保Consul正在运行 + +```bash +# 检查Consul是否运行 +pgrep consul +``` + +### 2. 确保Oracle Cloud配置已存储在Consul中 + +```bash +# 检查韩国区域配置 +consul kv get config/dev/oracle/kr/tenancy_ocid +consul kv get config/dev/oracle/kr/user_ocid +consul kv get config/dev/oracle/kr/fingerprint +consul kv get config/dev/oracle/kr/private_key + +# 检查美国区域配置 +consul kv get config/dev/oracle/us/tenancy_ocid +consul kv get config/dev/oracle/us/user_ocid +consul kv get config/dev/oracle/us/fingerprint +consul kv get config/dev/oracle/us/private_key +``` + +### 3. 初始化Terraform + +```bash +cd /root/mgmt/tofu/environments/dev +terraform init -upgrade +``` + +### 4. 运行测试脚本 + +```bash +# 从项目根目录运行 +/root/mgmt/test_consul_provider.sh +``` + +### 5. 使用Consul配置运行Terraform + +```bash +cd /root/mgmt/tofu/environments/dev +terraform plan -var-file=consul.tfvars +terraform apply -var-file=consul.tfvars +``` + +## 优势 + +使用Consul Provider直接从Consul获取配置有以下优势: + +1. **更高的安全性**:私钥不再需要存储在磁盘上的配置文件中,而是直接从Consul获取 +2. **更简洁的配置**:无需手动创建临时文件,Terraform自动处理 +3. **声明式风格**:完全符合Terraform的声明式配置风格 +4. **更好的维护性**:配置集中存储在Consul中,便于管理和更新 +5. **多环境支持**:可以轻松支持多个环境(dev、staging、production)的配置 + +## 故障排除 + +### 1. Consul连接问题 + +如果无法连接到Consul,请检查: + +- Consul服务是否正在运行 +- Consul地址和端口是否正确(默认为localhost:8500) +- 网络连接是否正常 + +### 2. 配置获取问题 + +如果无法从Consul获取配置,请检查: + +- 配置是否已正确存储在Consul中 +- 路径是否正确 +- 权限是否足够 + +### 3. Terraform初始化问题 + +如果Terraform初始化失败,请检查: + +- Terraform版本是否符合要求(>=1.6) +- 网络连接是否正常 +- Provider源是否可访问 + +## 版本信息 + +- Terraform: >=1.6 +- Consul Provider: ~2.22.0 +- OCI Provider: ~5.0 \ No newline at end of file diff --git a/docs/vault/ansible_vault_integration.md b/docs/vault/ansible_vault_integration.md new file mode 100644 index 0000000..c1c2ff0 --- /dev/null +++ b/docs/vault/ansible_vault_integration.md @@ -0,0 +1,268 @@ +# Ansible与HashiCorp Vault集成指南 + +本文档介绍如何将Ansible与HashiCorp Vault集成,以安全地管理和使用敏感信息。 + +## 1. 安装必要的Python包 + +首先,需要安装Ansible的Vault集成包: + +```bash +pip install hvac +``` + +## 2. 配置Ansible使用Vault + +### 2.1 创建Vault连接配置 + +创建一个Vault连接配置文件 `vault_config.yml`: + +```yaml +vault_addr: http://localhost:8200 +vault_role_id: "your-approle-role-id" +vault_secret_id: "your-approle-secret-id" +``` + +### 2.2 创建Vault查询角色 + +在Vault中创建一个专用于Ansible的AppRole: + +```bash +# 启用AppRole认证 +vault auth enable approle + +# 创建策略 +cat > ansible-policy.hcl < +``` + +### 4.2 启用密钥引擎 + +```bash +# 启用KV v2密钥引擎 +vault secrets enable -version=2 kv + +# 启用AWS密钥引擎(如需要) +vault secrets enable aws + +# 启用数据库密钥引擎(如需要) +vault secrets enable database +``` + +### 4.3 配置访问策略 + +```bash +# 创建策略文件 +cat > nomad-server-policy.hcl <| |---->| | +| (基础设施管理) | | (应用部署流程) | | (容器编排) | ++----------------+ +----------------+ +----------------+ + | + v + +----------------+ + | Ansible | + | | + | (配置管理) | + +----------------+ +``` + +## 3. Waypoint 实施价值分析 + +### 3.1 潜在优势 + +#### 3.1.1 开发体验提升 +- **简化接口**: 开发人员通过统一接口部署应用,无需了解底层平台细节 +- **本地开发一致性**: 开发环境与生产环境使用相同的部署流程 +- **快速反馈**: 部署结果和日志集中可见 + +#### 3.1.2 运维效率提升 +- **标准化部署流程**: 跨团队和项目的一致部署方法 +- **减少平台特定脚本**: 减少为不同平台维护的自定义脚本 +- **集中式部署管理**: 通过UI或CLI集中管理所有应用部署 + +#### 3.1.3 多云策略支持 +- **平台无关的部署**: 相同的Waypoint配置可用于不同云平台 +- **简化云迁移**: 更容易在不同云提供商之间迁移应用 +- **混合云支持**: 统一管理跨多个云平台的部署 + +#### 3.1.4 与现有HashiCorp生态系统集成 +- **Nomad集成**: 原生支持Nomad作为部署平台 +- **Consul集成**: 服务发现和配置管理 +- **Vault集成**: 安全获取部署所需的密钥和证书 + +### 3.2 潜在挑战 + +#### 3.2.1 实施成本 +- **学习曲线**: 团队需要学习新工具 +- **迁移工作**: 现有部署流程需要适配到Waypoint +- **维护开销**: 额外的基础设施组件需要维护 + +#### 3.2.2 与现有流程的重叠 +- **与Gitea Actions重叠**: 部分功能与现有CI/CD流程重叠 +- **工具链复杂性**: 添加新工具可能增加整体复杂性 + +#### 3.2.3 成熟度考量 +- **相对较新的项目**: 与其他HashiCorp产品相比,Waypoint相对较新 +- **社区规模**: 社区和生态系统仍在发展中 +- **插件生态**: 某些特定平台的插件可能不够成熟 + +## 4. 实施方案 + +### 4.1 部署架构 +建议将Waypoint服务器部署在与Nomad和Consul相同的环境中: + +``` ++-------------------+ +-------------------+ +-------------------+ +| warden | | ash3c | | master | +| | | | | | +| +-------------+ | | +-------------+ | | +-------------+ | +| | Consul | | | | Consul | | | | Consul | | +| +-------------+ | | +-------------+ | | +-------------+ | +| | | | | | +| +-------------+ | | +-------------+ | | +-------------+ | +| | Nomad | | | | Nomad | | | | Nomad | | +| +-------------+ | | +-------------+ | | +-------------+ | +| | | | | | +| +-------------+ | | +-------------+ | | +-------------+ | +| | Vault | | | | Vault | | | | Vault | | +| +-------------+ | | +-------------+ | | +-------------+ | +| | | | | | +| +-------------+ | | | | | +| | Waypoint | | | | | | +| +-------------+ | | | | | ++-------------------+ +-------------------+ +-------------------+ +``` + +### 4.2 资源需求 +Waypoint服务器建议配置: +- CPU: 2核 +- 内存: 2GB +- 存储: 10GB + +### 4.3 网络配置 +- Waypoint API端口: 9702 +- Waypoint UI端口: 9701 +- 配置TLS加密所有通信 + +## 5. 实施计划 + +### 5.1 试点阶段 +1. **环境准备** + - 在单个节点上部署Waypoint服务器 + - 配置与Nomad、Consul和Vault的集成 + +2. **选择试点项目** + - 选择一个非关键应用作为试点 + - 创建Waypoint配置文件 + - 实施构建、部署和发布流程 + +3. **评估结果** + - 收集开发和运维反馈 + - 评估部署效率提升 + - 识别潜在问题和改进点 + +### 5.2 扩展阶段 +1. **扩展到更多应用** + - 逐步将更多应用迁移到Waypoint + - 创建标准化的Waypoint模板 + - 建立最佳实践文档 + +2. **团队培训** + - 为开发和运维团队提供Waypoint培训 + - 创建内部知识库和示例 + +3. **与CI/CD集成** + - 将Waypoint集成到现有Gitea Actions流水线 + - 实现自动触发部署 + +### 5.3 完全集成阶段 +1. **扩展到所有环境** + - 在开发、测试和生产环境中统一使用Waypoint + - 实现环境特定配置管理 + +2. **高级功能实施** + - 配置自动回滚策略 + - 实现蓝绿部署和金丝雀发布 + - 集成监控和告警 + +3. **持续优化** + - 定期评估和优化部署流程 + - 跟踪Waypoint更新和新功能 + +## 6. 实施时间表 + +| 阶段 | 任务 | 时间估计 | +|------|------|----------| +| 准备 | 环境准备和Waypoint服务器部署 | 2天 | +| 试点 | 试点项目实施 | 5天 | +| 试点 | 评估和调整 | 3天 | +| 扩展 | 扩展到更多应用 | 10天 | +| 扩展 | 团队培训 | 2天 | +| 扩展 | CI/CD集成 | 3天 | +| 集成 | 扩展到所有环境 | 5天 | +| 集成 | 高级功能实施 | 5天 | +| **总计** | | **35天** | + +## 7. 成本效益分析 + +### 7.1 实施成本 +- **基础设施成本**: 低(利用现有节点) +- **许可成本**: 无(开源版本) +- **人力成本**: 中(学习和迁移工作) +- **维护成本**: 低(与现有HashiCorp产品集成) + +### 7.2 预期收益 +- **开发效率提升**: 预计减少20-30%的部署相关工作 +- **部署一致性**: 减少50%的环境特定问题 +- **上线时间缩短**: 预计缩短15-25%的应用上线时间 +- **运维负担减轻**: 减少跨平台部署脚本维护 + +### 7.3 投资回报周期 +- 预计在实施后3-6个月内开始看到明显收益 +- 完全投资回报预计在9-12个月内实现 + +## 8. 结论和建议 + +### 8.1 是否实施Waypoint的决策因素 + +#### 支持实施的因素 +- 项目已经使用HashiCorp生态系统(Nomad、Consul) +- 多云环境需要统一的部署流程 +- 需要简化开发人员的部署体验 +- 应用部署流程需要标准化 + +#### 不支持实施的因素 +- 现有CI/CD流程已经满足需求 +- 团队资源有限,难以支持额外工具的学习和维护 +- 应用部署需求相对简单,不需要高级发布策略 + +### 8.2 建议实施路径 + +基于对项目现状的分析,我们建议采取**渐进式实施**策略: + +1. **先实施Vault**: 优先解决安全问题,实施Vault进行密钥管理 +2. **小规模试点Waypoint**: 在非关键应用上试点Waypoint,评估实际价值 +3. **基于试点结果决定**: 根据试点结果决定是否扩大Waypoint的使用范围 + +### 8.3 最终建议 + +虽然Waypoint提供了统一的应用部署体验和多云支持,但考虑到项目已有相对成熟的GitOps工作流和CI/CD流程,Waypoint的实施优先级应低于Vault。 + +建议先完成Vault的实施,解决当前的安全问题,然后在资源允许的情况下,通过小规模试点评估Waypoint的实际价值。这种渐进式方法可以降低风险,同时确保资源投入到最有价值的改进上。 + +如果试点结果显示Waypoint能显著提升开发效率和部署一致性,再考虑更广泛的实施。 \ No newline at end of file diff --git a/docs/waypoint/waypoint_integration_examples.md b/docs/waypoint/waypoint_integration_examples.md new file mode 100644 index 0000000..396acd7 --- /dev/null +++ b/docs/waypoint/waypoint_integration_examples.md @@ -0,0 +1,712 @@ +# Waypoint 集成示例 + +本文档提供了将Waypoint与现有基础设施和工具集成的具体示例。 + +## 1. 与Nomad集成 + +### 1.1 基本Nomad部署配置 + +```hcl +app "api-service" { + build { + use "docker" { + dockerfile = "Dockerfile" + disable_entrypoint = true + } + } + + deploy { + use "nomad" { + // Nomad集群地址 + address = "http://nomad-server:4646" + + // 部署配置 + datacenter = "dc1" + namespace = "default" + + // 资源配置 + resources { + cpu = 500 + memory = 256 + } + + // 服务配置 + service_provider = "consul" { + service_name = "api-service" + tags = ["api", "v1"] + + check { + type = "http" + path = "/health" + interval = "10s" + timeout = "2s" + } + } + } + } +} +``` + +### 1.2 高级Nomad配置 + +```hcl +app "web-app" { + deploy { + use "nomad" { + // 基本配置... + + // 存储卷配置 + volume_mount { + volume = "app-data" + destination = "/data" + read_only = false + } + + // 网络配置 + network { + mode = "bridge" + port "http" { + static = 8080 + to = 80 + } + } + + // 环境变量 + env { + NODE_ENV = "production" + } + + // 健康检查 + health_check { + timeout = "5m" + check { + name = "http-check" + route = "/health" + method = "GET" + code = 200 + } + } + } + } +} +``` + +## 2. 与Vault集成 + +### 2.1 从Vault获取静态密钥 + +```hcl +app "database-service" { + deploy { + use "nomad" { + // 基本配置... + + env { + // 从Vault获取数据库凭据 + DB_USERNAME = dynamic("vault", { + path = "kv/data/database/creds" + key = "username" + }) + + DB_PASSWORD = dynamic("vault", { + path = "kv/data/database/creds" + key = "password" + }) + } + } + } +} +``` + +### 2.2 使用Vault动态密钥 + +```hcl +app "api-service" { + deploy { + use "nomad" { + // 基本配置... + + template { + destination = "secrets/db-creds.txt" + data = < 0.01" + } + } + } +} +``` + +## 7. 自定义插件示例 + +### 7.1 自定义构建器插件 + +```go +// custom_builder.go +package main + +import ( + "context" + sdk "github.com/hashicorp/waypoint-plugin-sdk" +) + +// CustomBuilder 实现自定义构建逻辑 +type CustomBuilder struct { + config BuildConfig +} + +type BuildConfig struct { + Command string `hcl:"command"` +} + +// ConfigSet 设置配置 +func (b *CustomBuilder) ConfigSet(config interface{}) error { + c, ok := config.(*BuildConfig) + if !ok { + return fmt.Errorf("invalid configuration") + } + b.config = *c + return nil +} + +// BuildFunc 执行构建 +func (b *CustomBuilder) BuildFunc() interface{} { + return b.build +} + +func (b *CustomBuilder) build(ctx context.Context, ui terminal.UI) (*Binary, error) { + // 执行自定义构建命令 + cmd := exec.CommandContext(ctx, "sh", "-c", b.config.Command) + cmd.Stdout = ui.Output() + cmd.Stderr = ui.Error() + + if err := cmd.Run(); err != nil { + return nil, err + } + + return &Binary{ + Source: "custom", + }, nil +} + +// 注册插件 +func main() { + sdk.Main(sdk.WithComponents(&CustomBuilder{})) +} +``` + +### 7.2 使用自定义插件 + +```hcl +app "custom-app" { + build { + use "custom" { + command = "make build" + } + } + + deploy { + use "nomad" { + // 部署配置... + } + } +} +``` + +## 8. 监控和可观测性集成 + +### 8.1 Prometheus集成 + +```hcl +app "monitored-app" { + deploy { + use "nomad" { + // 基本配置... + + // Prometheus注解 + service_provider = "consul" { + service_name = "monitored-app" + + meta { + "prometheus.io/scrape" = "true" + "prometheus.io/path" = "/metrics" + "prometheus.io/port" = "8080" + } + } + } + } +} +``` + +### 8.2 与ELK堆栈集成 + +```hcl +app "logging-app" { + deploy { + use "nomad" { + // 基本配置... + + // 日志配置 + logging { + type = "fluentd" + config { + fluentd_address = "fluentd.service.consul:24224" + tag = "app.${nomad.namespace}.${app.name}" + } + } + } + } +} +``` + +## 9. 本地开发工作流 + +### 9.1 本地开发配置 + +```hcl +app "dev-app" { + build { + use "docker" {} + } + + deploy { + use "docker" { + service_port = 3000 + + // 开发环境特定配置 + env { + NODE_ENV = "development" + DEBUG = "true" + } + + // 挂载源代码目录 + binds { + source = abspath("./src") + destination = "/app/src" + } + } + } +} +``` + +### 9.2 本地与远程环境切换 + +```hcl +variable "environment" { + type = string + default = "local" +} + +app "fullstack-app" { + build { + use "docker" {} + } + + deploy { + // 根据环境变量选择部署方式 + use dynamic { + value = var.environment + + // 本地开发 + local { + use "docker" { + // 本地Docker配置... + } + } + + // 开发环境 + dev { + use "nomad" { + // 开发环境Nomad配置... + } + } + + // 生产环境 + prod { + use "nomad" { + // 生产环境Nomad配置... + } + } + } + } +} +``` + +## 10. 多应用协调 + +### 10.1 依赖管理 + +```hcl +project = "microservices" + +app "database" { + // 数据库服务配置... +} + +app "backend" { + // 后端API配置... + + // 声明依赖关系 + depends_on = ["database"] +} + +app "frontend" { + // 前端配置... + + // 声明依赖关系 + depends_on = ["backend"] +} +``` + +### 10.2 共享配置 + +```hcl +// 定义共享变量 +variable "version" { + type = string + default = "1.0.0" +} + +variable "environment" { + type = string + default = "development" +} + +// 共享函数 +function "service_name" { + params = [name] + result = "${var.environment}-${name}" +} + +// 应用配置 +app "api" { + build { + use "docker" { + tag = "${var.version}" + } + } + + deploy { + use "nomad" { + service_provider = "consul" { + service_name = service_name("api") + } + + env { + APP_VERSION = var.version + ENVIRONMENT = var.environment + } + } + } +} \ No newline at end of file diff --git a/docs/waypoint/waypoint_setup_guide.md b/docs/waypoint/waypoint_setup_guide.md new file mode 100644 index 0000000..f5a203f --- /dev/null +++ b/docs/waypoint/waypoint_setup_guide.md @@ -0,0 +1,331 @@ +# Waypoint 部署和配置指南 + +本文档提供了在现有基础设施上部署和配置HashiCorp Waypoint的详细步骤。 + +## 1. 前置准备 + +### 1.1 创建数据目录 + +在Waypoint服务器节点上创建数据目录: + +```bash +sudo mkdir -p /opt/waypoint/data +sudo chown -R nomad:nomad /opt/waypoint +``` + +### 1.2 安装Waypoint CLI + +在开发机器和CI/CD服务器上安装Waypoint CLI: + +```bash +curl -fsSL https://releases.hashicorp.com/waypoint/0.11.0/waypoint_0.11.0_linux_amd64.zip -o waypoint.zip +unzip waypoint.zip +sudo mv waypoint /usr/local/bin/ +``` + +## 2. 部署Waypoint服务器 + +### 2.1 使用Nomad部署 + +将`waypoint-server.nomad`文件提交到Nomad: + +```bash +nomad job run waypoint-server.nomad +``` + +### 2.2 验证部署状态 + +```bash +# 检查Nomad任务状态 +nomad job status waypoint-server + +# 检查Waypoint UI是否可访问 +curl -I http://warden:9701 +``` + +## 3. 初始化Waypoint + +### 3.1 连接到Waypoint服务器 + +```bash +# 连接CLI到服务器 +waypoint context create \ + -server-addr=warden:9703 \ + -server-tls-skip-verify \ + -set-default my-waypoint-server +``` + +### 3.2 验证连接 + +```bash +waypoint context verify +waypoint server info +``` + +## 4. 配置Waypoint + +### 4.1 配置Nomad作为运行时平台 + +```bash +# 确认Nomad连接 +waypoint config source-set -type=nomad nomad-platform \ + addr=http://localhost:4646 +``` + +### 4.2 配置与Vault的集成 + +```bash +# 配置Vault集成 +waypoint config source-set -type=vault vault-secrets \ + addr=http://localhost:8200 \ + token= +``` + +## 5. 创建第一个Waypoint项目 + +### 5.1 创建项目配置文件 + +在应用代码目录中创建`waypoint.hcl`文件: + +```hcl +project = "example-app" + +app "web" { + build { + use "docker" { + dockerfile = "Dockerfile" + } + } + + deploy { + use "nomad" { + datacenter = "dc1" + namespace = "default" + + service_provider = "consul" { + service_name = "web" + } + } + } +} +``` + +### 5.2 初始化和部署项目 + +```bash +# 初始化项目 +cd /path/to/app +waypoint init + +# 部署应用 +waypoint up +``` + +## 6. 与现有工具集成 + +### 6.1 与Gitea Actions集成 + +创建一个Gitea Actions工作流文件`.gitea/workflows/waypoint.yml`: + +```yaml +name: Waypoint Deploy + +on: + push: + branches: [ main ] + +jobs: + deploy: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + + - name: Install Waypoint + run: | + curl -fsSL https://releases.hashicorp.com/waypoint/0.11.0/waypoint_0.11.0_linux_amd64.zip -o waypoint.zip + unzip waypoint.zip + sudo mv waypoint /usr/local/bin/ + + - name: Configure Waypoint + run: | + waypoint context create \ + -server-addr=${{ secrets.WAYPOINT_SERVER_ADDR }} \ + -server-auth-token=${{ secrets.WAYPOINT_AUTH_TOKEN }} \ + -set-default ci-context + + - name: Deploy Application + run: waypoint up -app=web +``` + +### 6.2 与Vault集成 + +在`waypoint.hcl`中使用Vault获取敏感配置: + +```hcl +app "web" { + deploy { + use "nomad" { + # 其他配置... + + env { + DB_PASSWORD = dynamic("vault", { + path = "kv/data/app/db" + key = "password" + }) + } + } + } +} +``` + +## 7. 高级配置 + +### 7.1 配置蓝绿部署 + +```hcl +app "web" { + deploy { + use "nomad" { + # 基本配置... + } + } + + release { + use "nomad-bluegreen" { + service = "web" + datacenter = "dc1" + namespace = "default" + traffic_step = 25 + confirm_step = true + } + } +} +``` + +### 7.2 配置金丝雀发布 + +```hcl +app "web" { + deploy { + use "nomad" { + # 基本配置... + } + } + + release { + use "nomad-canary" { + service = "web" + datacenter = "dc1" + namespace = "default" + + canary { + percentage = 10 + duration = "5m" + } + } + } +} +``` + +### 7.3 配置自动回滚 + +```hcl +app "web" { + deploy { + use "nomad" { + # 基本配置... + + health_check { + timeout = "5m" + check { + name = "http-check" + route = "/health" + method = "GET" + code = 200 + } + } + } + } +} +``` + +## 8. 监控和日志 + +### 8.1 查看部署状态 + +```bash +# 查看所有应用 +waypoint list projects + +# 查看特定应用的部署 +waypoint list deployments -app=web + +# 查看部署详情 +waypoint deployment inspect +``` + +### 8.2 查看应用日志 + +```bash +# 查看应用日志 +waypoint logs -app=web +``` + +## 9. 备份和恢复 + +### 9.1 备份Waypoint数据 + +```bash +# 备份数据目录 +tar -czf waypoint-backup.tar.gz /opt/waypoint/data +``` + +### 9.2 恢复Waypoint数据 + +```bash +# 停止Waypoint服务 +nomad job stop waypoint-server + +# 恢复数据 +rm -rf /opt/waypoint/data/* +tar -xzf waypoint-backup.tar.gz -C / + +# 重启服务 +nomad job run waypoint-server.nomad +``` + +## 10. 故障排除 + +### 10.1 常见问题 + +1. **连接问题**: + - 检查Waypoint服务器是否正常运行 + - 验证网络连接和防火墙规则 + +2. **部署失败**: + - 检查Nomad集群状态 + - 查看详细的部署日志: `waypoint logs -app= -deploy=` + +3. **权限问题**: + - 确保Waypoint有足够的权限访问Nomad和Vault + +### 10.2 调试命令 + +```bash +# 检查Waypoint服务器状态 +waypoint server info + +# 验证Nomad连接 +waypoint config source-get nomad-platform + +# 启用调试日志 +WAYPOINT_LOG=debug waypoint up +``` + +## 11. 最佳实践 + +1. **模块化配置**: 将通用配置抽取到可重用的Waypoint插件中 +2. **环境变量**: 使用环境变量区分不同环境的配置 +3. **版本控制**: 将`waypoint.hcl`文件纳入版本控制 +4. **自动化测试**: 在部署前添加自动化测试步骤 +5. **监控集成**: 将部署状态与监控系统集成 \ No newline at end of file diff --git a/jobs/openfaas-functions.nomad b/jobs/openfaas-functions.nomad new file mode 100644 index 0000000..7235635 --- /dev/null +++ b/jobs/openfaas-functions.nomad @@ -0,0 +1,86 @@ +job "openfaas-functions" { + datacenters = ["dc1"] + type = "service" + + group "hello-world" { + count = 1 + + constraint { + attribute = "${node.unique.name}" + operator = "regexp" + value = "(master|ash3c|hcp)" + } + + task "hello-world" { + driver = "podman" + + config { + image = "functions/hello-world:latest" + ports = ["http"] + env = { + "fprocess" = "node index.js" + } + } + + resources { + network { + mbits = 10 + port "http" { static = 8080 } + } + } + + service { + name = "hello-world" + port = "http" + tags = ["openfaas-function"] + check { + type = "http" + path = "/" + interval = "10s" + timeout = "2s" + } + } + } + } + + group "figlet" { + count = 1 + + constraint { + attribute = "${node.unique.name}" + operator = "regexp" + value = "(master|ash3c|hcp)" + } + + task "figlet" { + driver = "podman" + + config { + image = "functions/figlet:latest" + ports = ["http"] + env = { + "fprocess" = "figlet" + } + } + + resources { + network { + mbits = 10 + port "http" { static = 8080 } + } + } + + service { + name = "figlet" + port = "http" + tags = ["openfaas-function"] + check { + type = "http" + path = "/" + interval = "10s" + timeout = "2s" + } + } + } + } +} \ No newline at end of file diff --git a/jobs/openfaas.nomad b/jobs/openfaas.nomad new file mode 100644 index 0000000..9c491c3 --- /dev/null +++ b/jobs/openfaas.nomad @@ -0,0 +1,176 @@ +job "openfaas" { + datacenters = ["dc1"] + type = "service" + + group "openfaas-gateway" { + count = 1 + + constraint { + attribute = "${node.unique.name}" + operator = "regexp" + value = "(master|ash3c|hcp)" + } + + task "openfaas-gateway" { + driver = "podman" + + config { + image = "ghcr.io/openfaas/gateway:0.2.35" + ports = ["http", "ui"] + env = { + "functions_provider_url" = "http://${NOMAD_IP_http}:8080" + "read_timeout" = "60s" + "write_timeout" = "60s" + "upstream_timeout" = "60s" + "direct_functions" = "true" + "faas_nats_address" = "nats://localhost:4222" + "faas_nats_streaming" = "true" + "basic_auth" = "true" + "secret_mount_path" = "/run/secrets" + "scale_from_zero" = "true" + } + } + + resources { + network { + mbits = 10 + port "http" { static = 8080 } + port "ui" { static = 8081 } + } + } + + service { + name = "openfaas-gateway" + port = "http" + check { + type = "http" + path = "/healthz" + interval = "10s" + timeout = "2s" + } + } + } + } + + group "nats" { + count = 1 + + constraint { + attribute = "${node.unique.name}" + operator = "regexp" + value = "(master|ash3c|hcp)" + } + + task "nats" { + driver = "podman" + + config { + image = "nats-streaming:0.25.3" + ports = ["nats"] + args = [ + "-p", + "4222", + "-m", + "8222", + "-hbi", + "5s", + "-hbt", + "5s", + "-hbf", + "2", + "-SD", + "-cid", + "openfaas" + ] + } + + resources { + network { + mbits = 10 + port "nats" { static = 4222 } + } + } + + service { + name = "nats" + port = "nats" + check { + type = "tcp" + interval = "10s" + timeout = "2s" + } + } + } + } + + group "queue-worker" { + count = 1 + + constraint { + attribute = "${node.unique.name}" + operator = "regexp" + value = "(master|ash3c|hcp)" + } + + task "queue-worker" { + driver = "podman" + + config { + image = "ghcr.io/openfaas/queue-worker:0.12.2" + env = { + "gateway_url" = "http://${NOMAD_IP_http}:8080" + "faas_nats_address" = "nats://localhost:4222" + "faas_nats_streaming" = "true" + "ack_wait" = "5m" + "write_debug" = "true" + } + } + + resources { + network { + mbits = 10 + } + } + } + } + + group "prometheus" { + count = 1 + + constraint { + attribute = "${node.unique.name}" + operator = "regexp" + value = "(master|ash3c|hcp)" + } + + task "prometheus" { + driver = "podman" + + config { + image = "prom/prometheus:v2.35.0" + ports = ["prometheus"] + volumes = [ + "/opt/openfaas/prometheus.yml:/etc/prometheus/prometheus.yml" + ] + } + + resources { + network { + mbits = 10 + port "prometheus" { static = 9090 } + } + } + + service { + name = "prometheus" + port = "prometheus" + check { + type = "http" + path = "/-/healthy" + interval = "10s" + timeout = "2s" + } + } + } + } +} \ No newline at end of file diff --git a/jobs/traefik.nomad b/jobs/traefik.nomad new file mode 100644 index 0000000..3baa3d1 --- /dev/null +++ b/jobs/traefik.nomad @@ -0,0 +1,78 @@ +job "traefik" { + datacenters = ["dc1"] + type = "service" + + update { + strategy = "canary" + max_parallel = 1 + min_healthy_time = "10s" + healthy_deadline = "3m" + auto_revert = true + } + + group "traefik" { + count = 3 + + restart { + attempts = 3 + interval = "30m" + delay = "15s" + mode = "fail" + } + + network { + port "http" { + static = 80 + } + port "https" { + static = 443 + } + port "api" { + static = 8080 + } + } + + task "traefik" { + driver = "podman" + + config { + image = "traefik:latest" + ports = ["http", "https", "api"] + volumes = [ + "/var/run/docker.sock:/var/run/docker.sock:ro", # 如果需要与Docker集成 + "/root/mgmt/configs/traefik.yml:/etc/traefik/traefik.yml:ro", + "/root/mgmt/configs/dynamic:/etc/traefik/dynamic:ro" + ] + } + + env { + NOMAD_ADDR = "http://${attr.unique.network.ip-address}:4646" + CONSUL_HTTP_ADDR = "http://${attr.unique.network.ip-address}:8500" + } + + resources { + cpu = 200 + memory = 256 + } + + service { + name = "traefik" + port = "http" + tags = [ + "traefik.enable=true", + "traefik.http.routers.api.rule=Host(`traefik.service.consul`)", + "traefik.http.routers.api.service=api@internal", + "traefik.http.routers.api.entrypoints=api", + "traefik.http.services.api.loadbalancer.server.port=8080" + ] + + check { + type = "http" + path = "/ping" + interval = "10s" + timeout = "2s" + } + } + } + } +} \ No newline at end of file diff --git a/mcp_shared_config.json b/mcp_shared_config.json new file mode 120000 index 0000000..413e870 --- /dev/null +++ b/mcp_shared_config.json @@ -0,0 +1 @@ +/mnt/fnsync/mcp/mcp_shared_config.json \ No newline at end of file diff --git a/scripts/nomad-leader-discovery.sh b/scripts/nomad-leader-discovery.sh new file mode 100755 index 0000000..0b46576 --- /dev/null +++ b/scripts/nomad-leader-discovery.sh @@ -0,0 +1,193 @@ +#!/bin/bash + +# Nomad 集群领导者发现与访问脚本 +# 此脚本自动发现当前 Nomad 集群领导者并执行相应命令 + +# 默认服务器列表(可根据实际情况修改) +SERVERS=( + "100.116.158.95" # bj-semaphore.global + "100.81.26.3" # ash1d.global + "100.103.147.94" # ash2e.global + "100.90.159.68" # ch2.global + "100.86.141.112" # ch3.global + "100.98.209.50" # bj-onecloud1.global + "100.120.225.29" # de.global +) + +# 超时设置(秒) +TIMEOUT=5 + +# 颜色输出 +RED='\033[0;31m' +GREEN='\033[0;32m' +YELLOW='\033[1;33m' +NC='\033[0m' # No Color + +# 打印帮助信息 +function show_help() { + echo "Nomad 集群领导者发现与访问脚本" + echo "" + echo "用法: $0 [选项] [nomad命令]" + echo "" + echo "选项:" + echo " -h, --help 显示此帮助信息" + echo " -s, --server IP 指定初始服务器IP" + echo " -t, --timeout SECS 设置超时时间(默认: $TIMEOUT 秒)" + echo " -l, --list-servers 列出所有配置的服务器" + echo " -c, --check-leader 仅检查领导者,不执行命令" + echo "" + echo "示例:" + echo " $0 node status # 使用自动发现的领导者查看节点状态" + echo " $0 -s 100.116.158.95 job status # 指定初始服务器查看作业状态" + echo " $0 -c # 仅检查当前领导者" + echo "" +} + +# 列出所有配置的服务器 +function list_servers() { + echo -e "${YELLOW}配置的服务器列表:${NC}" + for server in "${SERVERS[@]}"; do + echo " - $server" + done +} + +# 发现领导者 +function discover_leader() { + local initial_server=$1 + + # 如果指定了初始服务器,先尝试使用它 + if [ -n "$initial_server" ]; then + echo -e "${YELLOW}尝试从服务器 $initial_server 发现领导者...${NC}" >&2 + leader=$(curl -s --max-time $TIMEOUT "http://${initial_server}:4646/v1/status/leader" 2>/dev/null | sed 's/"//g') + if [ -n "$leader" ] && [ "$leader" != "" ]; then + # 将RPC端口(4647)替换为HTTP端口(4646) + leader=$(echo "$leader" | sed 's/:4647$/:4646/') + echo -e "${GREEN}发现领导者: $leader${NC}" >&2 + echo "$leader" + return 0 + fi + echo -e "${RED}无法从 $initial_server 获取领导者信息${NC}" >&2 + fi + + # 遍历所有服务器尝试发现领导者 + echo -e "${YELLOW}遍历所有服务器寻找领导者...${NC}" >&2 + for server in "${SERVERS[@]}"; do + echo -n " 检查 $server ... " >&2 + leader=$(curl -s --max-time $TIMEOUT "http://${server}:4646/v1/status/leader" 2>/dev/null | sed 's/"//g') + if [ -n "$leader" ] && [ "$leader" != "" ]; then + # 将RPC端口(4647)替换为HTTP端口(4646) + leader=$(echo "$leader" | sed 's/:4647$/:4646/') + echo -e "${GREEN}成功${NC}" >&2 + echo -e "${GREEN}发现领导者: $leader${NC}" >&2 + echo "$leader" + return 0 + else + echo -e "${RED}失败${NC}" >&2 + fi + done + + echo -e "${RED}无法发现领导者,请检查集群状态${NC}" >&2 + return 1 +} + +# 解析命令行参数 +INITIAL_SERVER="" +CHECK_LEADER_ONLY=false +NOMAD_COMMAND=() + +while [[ $# -gt 0 ]]; do + case $1 in + -h|--help) + show_help + exit 0 + ;; + -s|--server) + INITIAL_SERVER="$2" + shift 2 + ;; + -t|--timeout) + TIMEOUT="$2" + shift 2 + ;; + -l|--list-servers) + list_servers + exit 0 + ;; + -c|--check-leader) + CHECK_LEADER_ONLY=true + shift + ;; + *) + NOMAD_COMMAND+=("$1") + shift + ;; + esac +done + +# 主逻辑 +echo -e "${YELLOW}Nomad 集群领导者发现与访问脚本${NC}" >&2 +echo "==================================" >&2 + +# 发现领导者 +LEADER=$(discover_leader "$INITIAL_SERVER") +if [ $? -ne 0 ]; then + exit 1 +fi + +# 提取领导者IP和端口 +LEADER_IP=$(echo "$LEADER" | cut -d':' -f1) +LEADER_PORT=$(echo "$LEADER" | cut -d':' -f2) + +# 如果仅检查领导者,则退出 +if [ "$CHECK_LEADER_ONLY" = true ]; then + echo -e "${GREEN}当前领导者: $LEADER${NC}" >&2 + exit 0 +fi + +# 如果没有指定命令,显示交互式菜单 +if [ ${#NOMAD_COMMAND[@]} -eq 0 ]; then + echo -e "${YELLOW}未指定命令,请选择要执行的操作:${NC}" >&2 + echo "1) 查看节点状态" >&2 + echo "2) 查看作业状态" >&2 + echo "3) 查看服务器成员" >&2 + echo "4) 查看集群状态" >&2 + echo "5) 自定义命令" >&2 + echo "0) 退出" >&2 + + read -p "请输入选项 (0-5): " choice + + case $choice in + 1) NOMAD_COMMAND=("node" "status") ;; + 2) NOMAD_COMMAND=("job" "status") ;; + 3) NOMAD_COMMAND=("server" "members") ;; + 4) NOMAD_COMMAND=("operator" "raft" "list-peers") ;; + 5) + read -p "请输入完整的 Nomad 命令: " -a NOMAD_COMMAND + ;; + 0) exit 0 ;; + *) + echo -e "${RED}无效选项${NC}" >&2 + exit 1 + ;; + esac +fi + +# 执行命令 +echo -e "${YELLOW}执行命令: nomad ${NOMAD_COMMAND[*]} -address=http://${LEADER}${NC}" >&2 +nomad "${NOMAD_COMMAND[@]}" -address="http://${LEADER}" + +# 检查命令执行结果 +if [ $? -eq 0 ]; then + echo -e "${GREEN}命令执行成功${NC}" >&2 +else + echo -e "${RED}命令执行失败,可能需要重新发现领导者${NC}" >&2 + echo -e "${YELLOW}尝试重新发现领导者...${NC}" >&2 + NEW_LEADER=$(discover_leader) + if [ $? -eq 0 ] && [ "$NEW_LEADER" != "$LEADER" ]; then + echo -e "${YELLOW}领导者已更改,重新执行命令...${NC}" >&2 + nomad "${NOMAD_COMMAND[@]}" -address="http://${NEW_LEADER}" + else + echo -e "${RED}无法恢复,请检查集群状态${NC}" >&2 + exit 1 + fi +fi \ No newline at end of file diff --git a/scripts/test-traefik-deployment.sh b/scripts/test-traefik-deployment.sh new file mode 100644 index 0000000..6762610 --- /dev/null +++ b/scripts/test-traefik-deployment.sh @@ -0,0 +1,275 @@ +#!/bin/bash + +# Traefik部署测试脚本 +# 用于测试Traefik在Nomad集群中的部署和功能 + +set -e + +# 颜色定义 +RED='\033[0;31m' +GREEN='\033[0;32m' +YELLOW='\033[1;33m' +NC='\033[0m' # No Color + +# 日志函数 +log_info() { + echo -e "${GREEN}[INFO]${NC} $1" +} + +log_warn() { + echo -e "${YELLOW}[WARN]${NC} $1" +} + +log_error() { + echo -e "${RED}[ERROR]${NC} $1" +} + +# 检查Nomad集群状态 +check_nomad_cluster() { + log_info "检查Nomad集群状态..." + + # 使用我们之前创建的领导者发现脚本 + if [ -f "/root/mgmt/scripts/nomad-leader-discovery.sh" ]; then + chmod +x /root/mgmt/scripts/nomad-leader-discovery.sh + LEADER_INFO=$(/root/mgmt/scripts/nomad-leader-discovery.sh -c 2>&1) + log_info "Nomad领导者信息: $LEADER_INFO" + else + log_warn "未找到Nomad领导者发现脚本,使用默认方式检查" + nomad server members 2>/dev/null || log_error "无法连接到Nomad集群" + fi +} + +# 检查Consul集群状态 +check_consul_cluster() { + log_info "检查Consul集群状态..." + + consul members 2>/dev/null || log_error "无法连接到Consul集群" + + # 检查Consul领导者 + CONSUL_LEADER=$(curl -s http://127.0.0.1:8500/v1/status/leader) + if [ -n "$CONSUL_LEADER" ]; then + log_info "Consul领导者: $CONSUL_LEADER" + else + log_error "无法获取Consul领导者信息" + fi +} + +# 部署Traefik +deploy_traefik() { + log_info "部署Traefik..." + + # 检查作业文件是否存在 + if [ ! -f "/root/mgmt/jobs/traefik.nomad" ]; then + log_error "Traefik作业文件不存在: /root/mgmt/jobs/traefik.nomad" + exit 1 + fi + + # 部署作业 + nomad run /root/mgmt/jobs/traefik.nomad + + # 等待部署完成 + log_info "等待Traefik部署完成..." + sleep 10 + + # 检查作业状态 + nomad status traefik +} + +# 检查Traefik状态 +check_traefik_status() { + log_info "检查Traefik状态..." + + # 检查作业状态 + JOB_STATUS=$(nomad job status traefik -json | jq -r '.Status') + if [ "$JOB_STATUS" == "running" ]; then + log_info "Traefik作业状态: $JOB_STATUS" + else + log_error "Traefik作业状态异常: $JOB_STATUS" + return 1 + fi + + # 检查分配状态 + ALLOCATIONS=$(nomad job allocs traefik | tail -n +3 | head -n -1 | awk '{print $1}') + for alloc in $ALLOCATIONS; do + alloc_status=$(nomad alloc status $alloc -json | jq -r '.ClientStatus') + if [ "$alloc_status" == "running" ]; then + log_info "分配 $alloc 状态: $alloc_status" + else + log_error "分配 $alloc 状态异常: $alloc_status" + fi + done + + # 检查服务注册 + log_info "检查Consul中的服务注册..." + consul catalog services | grep traefik && log_info "Traefik服务已注册到Consul" || log_warn "Traefik服务未注册到Consul" +} + +# 测试Traefik功能 +test_traefik_functionality() { + log_info "测试Traefik功能..." + + # 获取Traefik服务地址 + TRAEFIK_ADDR=$(consul catalog service traefik | jq -r '.[0].ServiceAddress' 2>/dev/null) + if [ -z "$TRAEFIK_ADDR" ]; then + log_warn "无法从Consul获取Traefik地址,使用本地地址" + TRAEFIK_ADDR="127.0.0.1" + fi + + # 测试API端点 + log_info "测试Traefik API端点..." + if curl -s http://$TRAEFIK_ADDR:8080/ping > /dev/null; then + log_info "Traefik API端点响应正常" + else + log_error "Traefik API端点无响应" + fi + + # 测试仪表板 + log_info "测试Traefik仪表板..." + if curl -s http://$TRAEFIK_ADDR:8080/dashboard/ > /dev/null; then + log_info "Traefik仪表板可访问" + else + log_error "无法访问Traefik仪表板" + fi + + # 测试HTTP入口点 + log_info "测试HTTP入口点..." + if curl -s -I http://$TRAEFIK_ADDR:80 | grep -q "Location: https://"; then + log_info "HTTP到HTTPS重定向正常工作" + else + log_warn "HTTP到HTTPS重定向可能未正常工作" + fi +} + +# 创建测试服务 +create_test_service() { + log_info "创建测试服务..." + + # 创建一个简单的测试服务作业文件 + cat > /tmp/test-service.nomad << EOF +job "test-web" { + datacenters = ["dc1"] + type = "service" + + group "web" { + count = 1 + + network { + port "http" { + to = 8080 + } + } + + task "nginx" { + driver = "podman" + + config { + image = "nginx:alpine" + ports = ["http"] + } + + resources { + cpu = 100 + memory = 64 + } + + service { + name = "test-web" + port = "http" + tags = [ + "traefik.enable=true", + "traefik.http.routers.test-web.rule=Host(`test-web.service.consul`)", + "traefik.http.routers.test-web.entrypoints=https" + ] + + check { + type = "http" + path = "/" + interval = "10s" + timeout = "2s" + } + } + } + } +} +EOF + + # 部署测试服务 + nomad run /tmp/test-service.nomad + + # 等待服务启动 + sleep 15 + + # 测试服务是否可通过Traefik访问 + log_info "测试服务是否可通过Traefik访问..." + if curl -s -H "Host: test-web.service.consul" http://$TRAEFIK_ADDR:80 | grep -q "Welcome to nginx"; then + log_info "测试服务可通过Traefik正常访问" + else + log_error "无法通过Traefik访问测试服务" + fi +} + +# 清理测试资源 +cleanup_test_resources() { + log_info "清理测试资源..." + + # 停止测试服务 + nomad job stop test-web 2>/dev/null || true + nomad job purge test-web 2>/dev/null || true + + # 停止Traefik + nomad job stop traefik 2>/dev/null || true + nomad job purge traefik 2>/dev/null || true + + # 删除临时文件 + rm -f /tmp/test-service.nomad + + log_info "清理完成" +} + +# 主函数 +main() { + case "${1:-all}" in + "check") + check_nomad_cluster + check_consul_cluster + ;; + "deploy") + deploy_traefik + ;; + "status") + check_traefik_status + ;; + "test") + test_traefik_functionality + ;; + "test-service") + create_test_service + ;; + "cleanup") + cleanup_test_resources + ;; + "all") + check_nomad_cluster + check_consul_cluster + deploy_traefik + check_traefik_status + test_traefik_functionality + create_test_service + log_info "所有测试完成" + ;; + *) + echo "用法: $0 {check|deploy|status|test|test-service|cleanup|all}" + echo " check - 检查集群状态" + echo " deploy - 部署Traefik" + echo " status - 检查Traefik状态" + echo " test - 测试Traefik功能" + echo " test-service - 创建并测试示例服务" + echo " cleanup - 清理测试资源" + echo " all - 执行所有步骤(默认)" + exit 1 + ;; + esac +} + +# 执行主函数 +main "$@" \ No newline at end of file diff --git a/sync_all_mcp_configs.sh b/sync_all_mcp_configs.sh new file mode 100755 index 0000000..79b6259 --- /dev/null +++ b/sync_all_mcp_configs.sh @@ -0,0 +1,89 @@ +#!/bin/bash + +# 链接所有MCP配置文件的脚本 +# 该脚本将所有IDE和AI助手的MCP配置链接到NFS共享的配置文件 + +NFS_CONFIG="/mnt/fnsync/mcp/mcp_shared_config.json" + +echo "链接所有MCP配置文件到NFS共享配置..." + +# 检查NFS配置文件是否存在 +if [ ! -f "$NFS_CONFIG" ]; then + echo "错误: NFS配置文件不存在: $NFS_CONFIG" + exit 1 +fi + +echo "✓ 使用NFS共享配置作为基准: $NFS_CONFIG" + +# 定义所有可能的MCP配置位置 +CONFIGS=( + # Kilo Code IDE + "../.trae-cn-server/data/User/globalStorage/kilocode.kilo-code/settings/mcp_settings.json" + "../.trae-server/data/User/globalStorage/kilocode.kilo-code/settings/mcp_settings.json" + "../.trae-aicc/data/User/globalStorage/kilocode.kilo-code/settings/mcp_settings.json" + + # Tencent CodeBuddy + "$HOME/.codebuddy-server/data/User/globalStorage/tencent.planning-genie/settings/codebuddy_mcp_settings.json" + "$HOME/.codebuddy/data/User/globalStorage/tencent.planning-genie/settings/codebuddy_mcp_settings.json" + # 新增的CodeBuddy-CN + "$HOME/.codebuddy-server-cn/data/User/globalStorage/tencent.planning-genie/settings/codebuddy_mcp_settings.json" + + # Claude相关 + "$HOME/.claude.json" + "$HOME/.claude.json.backup" + "$HOME/.config/claude/settings/mcp_settings.json" + + # Cursor + "$HOME/.cursor-server/data/User/globalStorage/xxx.cursor/settings/mcp_settings.json" + + # Qoder + "$HOME/.qoder-server/data/User/globalStorage/xxx.qoder/settings/mcp_settings.json" + + # Cline + "$HOME/.codebuddy-server/data/User/globalStorage/rooveterinaryinc.roo-cline/settings/mcp_settings.json" + "$HOME/Cline/settings/mcp_settings.json" + + # Kiro + "$HOME/.kiro-server/data/User/globalStorage/xxx.kiro/settings/mcp_settings.json" + + # Qwen + "$HOME/.qwen/settings/mcp_settings.json" + + # VSCodium + "$HOME/.vscodium-server/data/User/globalStorage/xxx.vscodium/settings/mcp_settings.json" + + # Other potential locations + ".kilocode/mcp.json" + "$HOME/.config/Qoder/SharedClientCache/mcp.json" + "$HOME/.trae-server/data/Machine/mcp.json" + "$HOME/.trae-cn-server/data/Machine/mcp.json" + "$HOME/.codegeex/agent/configs/user_mcp_config.json" + "$HOME/.codegeex/agent/configs/mcp_config.json" +) + +# 链接到每个配置位置 +for config_path in "${CONFIGS[@]}"; do + if [ -n "$config_path" ]; then + config_dir=$(dirname "$config_path") + if [ -d "$config_dir" ]; then + # 如果目标文件已存在,先备份 + if [ -f "$config_path" ]; then + mv "$config_path" "${config_path}.backup" + echo "✓ 原配置文件已备份: ${config_path}.backup" + fi + + # 创建符号链接 + ln -s "$NFS_CONFIG" "$config_path" 2>/dev/null + if [ $? -eq 0 ]; then + echo "✓ 已创建链接到: $config_path" + else + echo "✗ 创建链接失败: $config_path" + fi + else + echo "✗ 目录不存在: $config_dir" + fi + fi +done + +echo "所有MCP配置链接完成!" +echo "所有IDE和AI助手现在都使用NFS共享的MCP配置文件: $NFS_CONFIG" \ No newline at end of file diff --git a/tofu/environments/dev/main.tf b/tofu/environments/dev/main.tf index ad7d76c..bafe77e 100644 --- a/tofu/environments/dev/main.tf +++ b/tofu/environments/dev/main.tf @@ -8,13 +8,7 @@ terraform { # Oracle Cloud Infrastructure oci = { source = "oracle/oci" - version = "~> 5.0" - } - - # 华为云 - huaweicloud = { - source = "huaweicloud/huaweicloud" - version = "~> 1.60" + version = "~> 7.20" } # 其他常用提供商 @@ -32,6 +26,18 @@ terraform { source = "hashicorp/local" version = "~> 2.1" } + + # Consul Provider + consul = { + source = "hashicorp/consul" + version = "~> 2.22.0" + } + + # HashiCorp Vault Provider + vault = { + source = "hashicorp/vault" + version = "~> 4.0" + } } # 后端配置 @@ -40,21 +46,87 @@ terraform { } } -# Oracle Cloud 提供商配置 -provider "oci" { - tenancy_ocid = var.oci_config.tenancy_ocid - user_ocid = var.oci_config.user_ocid - fingerprint = var.oci_config.fingerprint - private_key_path = var.oci_config.private_key_path - region = var.oci_config.region +# 将从Consul获取的私钥保存到临时文件 +resource "local_file" "oci_kr_private_key" { + content = data.consul_keys.oracle_config.var.private_key + filename = "/tmp/oci_kr_private_key.pem" } -# 华为云提供商配置 (仅在需要时配置) -provider "huaweicloud" { - access_key = var.huawei_config.access_key - secret_key = var.huawei_config.secret_key - region = var.huawei_config.region - alias = "huawei" +resource "local_file" "oci_us_private_key" { + content = data.consul_keys.oracle_config_us.var.private_key + filename = "/tmp/oci_us_private_key.pem" +} + +# Consul Provider配置 +provider "consul" { + address = "localhost:8500" + scheme = "http" + datacenter = "dc1" +} + +# Vault Provider配置 +provider "vault" { + address = var.vault_config.address + token = var.vault_token +} + +# 从Consul获取Oracle Cloud配置 +data "consul_keys" "oracle_config" { + key { + name = "tenancy_ocid" + path = "config/dev/oracle/kr/tenancy_ocid" + } + key { + name = "user_ocid" + path = "config/dev/oracle/kr/user_ocid" + } + key { + name = "fingerprint" + path = "config/dev/oracle/kr/fingerprint" + } + key { + name = "private_key" + path = "config/dev/oracle/kr/private_key" + } +} + +# 从Consul获取Oracle Cloud美国区域配置 +data "consul_keys" "oracle_config_us" { + key { + name = "tenancy_ocid" + path = "config/dev/oracle/us/tenancy_ocid" + } + key { + name = "user_ocid" + path = "config/dev/oracle/us/user_ocid" + } + key { + name = "fingerprint" + path = "config/dev/oracle/us/fingerprint" + } + key { + name = "private_key" + path = "config/dev/oracle/us/private_key" + } +} + +# 使用从Consul获取的配置的OCI Provider +provider "oci" { + tenancy_ocid = data.consul_keys.oracle_config.var.tenancy_ocid + user_ocid = data.consul_keys.oracle_config.var.user_ocid + fingerprint = data.consul_keys.oracle_config.var.fingerprint + private_key_path = local_file.oci_kr_private_key.filename + region = "ap-chuncheon-1" +} + +# 美国区域的OCI Provider +provider "oci" { + alias = "us" + tenancy_ocid = data.consul_keys.oracle_config_us.var.tenancy_ocid + user_ocid = data.consul_keys.oracle_config_us.var.user_ocid + fingerprint = data.consul_keys.oracle_config_us.var.fingerprint + private_key_path = local_file.oci_us_private_key.filename + region = "us-ashburn-1" } # Oracle Cloud 基础设施 @@ -68,7 +140,15 @@ module "oracle_cloud" { vpc_cidr = var.vpc_cidr availability_zones = var.availability_zones common_tags = var.common_tags - oci_config = var.oci_config + + # 使用从Consul获取的配置 + oci_config = { + tenancy_ocid = data.consul_keys.oracle_config.var.tenancy_ocid + user_ocid = data.consul_keys.oracle_config.var.user_ocid + fingerprint = data.consul_keys.oracle_config.var.fingerprint + private_key_path = local_file.oci_kr_private_key.filename + region = "ap-chuncheon-1" + } # 开发环境特定配置 instance_count = 1 @@ -79,31 +159,8 @@ module "oracle_cloud" { } } -# 华为云基础设施 (可选) -module "huawei_cloud" { - source = "../../providers/huawei-cloud" - count = contains(var.cloud_providers, "huawei") ? 1 : 0 - - environment = var.environment - project_name = var.project_name - owner = var.owner - vpc_cidr = "10.1.0.0/16" # 不同的 CIDR 避免冲突 - availability_zones = var.availability_zones - common_tags = var.common_tags - huawei_config = var.huawei_config - - providers = { - huaweicloud = huaweicloud.huawei - } -} - # 输出 output "oracle_cloud_outputs" { description = "Oracle Cloud 基础设施输出" value = module.oracle_cloud -} - -output "huawei_cloud_outputs" { - description = "华为云基础设施输出" - value = length(module.huawei_cloud) > 0 ? module.huawei_cloud[0] : null } \ No newline at end of file diff --git a/tofu/environments/dev/variables.tf b/tofu/environments/dev/variables.tf index 21de37d..fe64430 100644 --- a/tofu/environments/dev/variables.tf +++ b/tofu/environments/dev/variables.tf @@ -130,4 +130,25 @@ variable "do_config" { region = "sgp1" } sensitive = true +} + +# HashiCorp Vault 配置 +variable "vault_config" { + description = "HashiCorp Vault 配置" + type = object({ + address = string + token = string + }) + default = { + address = "http://localhost:8200" + token = "" + } + sensitive = true +} + +variable "vault_token" { + description = "Vault 访问令牌" + type = string + default = "" + sensitive = true } \ No newline at end of file diff --git a/tofu/environments/production/nomad-multi-dc.tf b/tofu/environments/production/nomad-multi-dc.tf index 4bbaf94..27447e6 100644 --- a/tofu/environments/production/nomad-multi-dc.tf +++ b/tofu/environments/production/nomad-multi-dc.tf @@ -7,7 +7,7 @@ terraform { required_providers { oci = { source = "oracle/oci" - version = "~> 5.0" + version = "~> 7.20" } huaweicloud = { source = "huaweicloud/huaweicloud" diff --git a/tofu/modules/nomad-cluster/main.tf b/tofu/modules/nomad-cluster/main.tf index d157397..d33a4a3 100644 --- a/tofu/modules/nomad-cluster/main.tf +++ b/tofu/modules/nomad-cluster/main.tf @@ -5,7 +5,7 @@ terraform { required_providers { oci = { source = "oracle/oci" - version = "~> 5.0" + version = "~> 7.20" } huaweicloud = { source = "huaweicloud/huaweicloud" diff --git a/tofu/providers/oracle-cloud/main.tf b/tofu/providers/oracle-cloud/main.tf index bc6d73b..cb8fd2e 100644 --- a/tofu/providers/oracle-cloud/main.tf +++ b/tofu/providers/oracle-cloud/main.tf @@ -4,7 +4,7 @@ terraform { required_providers { oci = { source = "oracle/oci" - version = "~> 5.0" + version = "~> 7.20" } } } diff --git a/tofu/shared/versions.tf b/tofu/shared/versions.tf index 145d54c..f388241 100644 --- a/tofu/shared/versions.tf +++ b/tofu/shared/versions.tf @@ -6,7 +6,7 @@ terraform { # Oracle Cloud Infrastructure oci = { source = "oracle/oci" - version = "~> 5.0" + version = "7.20.0" } # 华为云 @@ -36,17 +36,23 @@ terraform { # 其他常用提供商 random = { source = "hashicorp/random" - version = "~> 3.1" + version = "3.7.2" } tls = { source = "hashicorp/tls" - version = "~> 4.0" + version = "4.1.0" } local = { source = "hashicorp/local" - version = "~> 2.1" + version = "2.5.3" + } + + # HashiCorp Vault + vault = { + source = "hashicorp/vault" + version = "~> 4.0" } }