158 lines
3.5 KiB
Markdown
158 lines
3.5 KiB
Markdown
# Waypoint 配置和使用指南
|
||
|
||
## 服务信息
|
||
|
||
- **服务器地址**: `hcp1.tailnet-68f9.ts.net:9702` (gRPC)
|
||
- **HTTP API**: `hcp1.tailnet-68f9.ts.net:9701` (HTTPS)
|
||
- **Web UI**: `https://waypoint.git4ta.me/auth/token`
|
||
|
||
## 认证信息
|
||
|
||
### 认证 Token
|
||
```
|
||
3K4wQUdH1dfES7e2KRygoJ745wgjDCG6X7LmLCAseEs3a5jrK185Yk4ZzYQUDvwEacPTfaF5hbUW1E3JNA7fvMthHWrkAFyRZoocmjCqj72YfJRzXW7KsurdSoMoKpEVJyiWRxPAg3VugzUx
|
||
```
|
||
|
||
### Token 存储位置
|
||
- **Consul KV**: `waypoint/auth-token`
|
||
- **获取命令**: `consul kv get waypoint/auth-token`
|
||
|
||
## 访问方式
|
||
|
||
### 1. Web UI 访问
|
||
```
|
||
https://waypoint.git4ta.me/auth/token
|
||
```
|
||
使用上述认证 token 进行登录。
|
||
|
||
### 2. CLI 访问
|
||
```bash
|
||
# 创建上下文
|
||
waypoint context create \
|
||
-server-addr=hcp1.tailnet-68f9.ts.net:9702 \
|
||
-server-tls-skip-verify \
|
||
-set-default waypoint-server
|
||
|
||
# 验证连接
|
||
waypoint server info
|
||
```
|
||
|
||
### 3. 使用认证 Token
|
||
```bash
|
||
# 设置环境变量
|
||
export WAYPOINT_TOKEN="3K4wQUdH1dfES7e2KRygoJ745wgjDCG6X7LmLCAseEs3a5jrK185Yk4ZzYQUDvwEacPTfaF5hbUW1E3JNA7fvMthHWrkAFyRZoocmjCqj72YfJRzXW7KsurdSoMoKpEVJyiWRxPAg3VugzUx"
|
||
|
||
# 或者使用 -server-auth-token 参数
|
||
waypoint server info -server-auth-token="$WAYPOINT_TOKEN"
|
||
```
|
||
|
||
## 服务配置
|
||
|
||
### Nomad 作业配置
|
||
- **文件**: `/root/mgmt/waypoint-server.nomad`
|
||
- **节点**: `hcp1.tailnet-68f9.ts.net`
|
||
- **数据库**: `/opt/waypoint/waypoint.db`
|
||
- **gRPC 端口**: 9702
|
||
- **HTTP 端口**: 9701
|
||
|
||
### Traefik 路由配置
|
||
- **域名**: `waypoint.git4ta.me`
|
||
- **后端**: `https://hcp1.tailnet-68f9.ts.net:9701`
|
||
- **TLS**: 跳过证书验证 (`insecureSkipVerify: true`)
|
||
|
||
## 常用命令
|
||
|
||
### 服务器管理
|
||
```bash
|
||
# 检查服务器状态
|
||
waypoint server info
|
||
|
||
# 获取服务器 cookie
|
||
waypoint server cookie
|
||
|
||
# 创建快照备份
|
||
waypoint server snapshot
|
||
```
|
||
|
||
### 项目管理
|
||
```bash
|
||
# 列出所有项目
|
||
waypoint list projects
|
||
|
||
# 初始化新项目
|
||
waypoint init
|
||
|
||
# 部署应用
|
||
waypoint up
|
||
|
||
# 查看部署状态
|
||
waypoint list deployments
|
||
```
|
||
|
||
### 应用管理
|
||
```bash
|
||
# 列出应用
|
||
waypoint list apps
|
||
|
||
# 查看应用日志
|
||
waypoint logs -app=<app-name>
|
||
|
||
# 执行应用命令
|
||
waypoint exec -app=<app-name> <command>
|
||
```
|
||
|
||
## 故障排除
|
||
|
||
### 1. 连接问题
|
||
```bash
|
||
# 检查服务器是否运行
|
||
nomad job status waypoint-server
|
||
|
||
# 检查端口是否监听
|
||
netstat -tlnp | grep 970
|
||
```
|
||
|
||
### 2. 认证问题
|
||
```bash
|
||
# 重新引导服务器(会生成新 token)
|
||
nomad job stop waypoint-server
|
||
ssh hcp1.tailnet-68f9.ts.net "rm -f /opt/waypoint/waypoint.db"
|
||
nomad job run /root/mgmt/waypoint-server.nomad
|
||
waypoint server bootstrap -server-addr=hcp1.tailnet-68f9.ts.net:9702 -server-tls-skip-verify
|
||
```
|
||
|
||
### 3. Web UI 访问问题
|
||
- 确保使用正确的路径: `/auth/token`
|
||
- 检查 Traefik 路由配置
|
||
- 验证 SSL 证书是否有效
|
||
|
||
## 集成配置
|
||
|
||
### 与 Nomad 集成
|
||
```bash
|
||
# 配置 Nomad 作为运行时平台
|
||
waypoint config source-set -type=nomad nomad-platform \
|
||
addr=http://localhost:4646
|
||
```
|
||
|
||
### 与 Vault 集成
|
||
```bash
|
||
# 配置 Vault 集成
|
||
waypoint config source-set -type=vault vault-secrets \
|
||
addr=http://localhost:8200 \
|
||
token=<vault-token>
|
||
```
|
||
|
||
## 安全注意事项
|
||
|
||
1. **Token 保护**: 认证 token 具有完全访问权限,请妥善保管
|
||
2. **网络访问**: 服务器监听所有接口,确保防火墙配置正确
|
||
3. **TLS 验证**: 当前配置跳过 TLS 验证,生产环境建议启用
|
||
4. **备份**: 定期备份 `/opt/waypoint/waypoint.db` 数据库文件
|
||
|
||
## 更新日志
|
||
|
||
- **2025-10-04**: 初始部署和配置
|
||
- **2025-10-04**: 获取认证 token 并存储到 Consul KV
|
||
- **2025-10-04**: 配置 Traefik 路由和 Web UI 访问
|