ben
/
mgmt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
mgmt/backups/nomad-jobs-20251004-074411/README.md

100 lines
2.7 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Nomad Jobs 备份
**备份时间**: 2025-10-04 07:44:11
**备份原因**: 所有服务正常运行SSL证书已配置完成
## 当前运行状态
### ✅ 已部署并正常工作的服务
1. **Traefik** (`traefik-cloudflare-v1`)
- 文件: `components/traefik/jobs/traefik-cloudflare.nomad`
- 状态: 运行中SSL证书正常
- 域名: `*.git4ta.me`
- 证书: Let's Encrypt (Cloudflare DNS Challenge)
2. **Vault** (`vault-cluster`)
- 文件: `nomad-jobs/vault-cluster.nomad`
- 状态: 三节点集群运行中
- 节点: ch4, ash3c, warden
- 配置: 存储在 Consul KV `vault/config`
3. **Waypoint** (`waypoint-server`)
- 文件: `waypoint-server.nomad`
- 状态: 运行中
- 节点: hcp1
- Web UI: `https://waypoint.git4ta.me/auth/token`
### 🔧 关键配置
#### Traefik 配置要点
- 使用 Cloudflare DNS Challenge 获取 SSL 证书
- 证书存储: `/local/acme.json` (本地存储)
- 域名: `git4ta.me`
- 服务路由: consul, nomad, vault, waypoint
#### Vault 配置要点
- 三节点高可用集群
- 配置统一存储在 Consul KV
- 使用 `exec` driver
- 服务注册到 Consul
#### Waypoint 配置要点
- 使用 `raw_exec` driver
- HTTPS API: 9701, gRPC: 9702
- 已引导并获取认证 token
### 📋 服务端点
- `https://consul.git4ta.me` → Consul UI
- `https://traefik.git4ta.me` → Traefik Dashboard
- `https://nomad.git4ta.me` → Nomad UI
- `https://vault.git4ta.me` → Vault UI
- `https://waypoint.git4ta.me/auth/token` → Waypoint UI
### 🔑 重要凭据
#### Vault
- Unseal Keys: 存储在 Consul KV `vault/unseal-keys`
- Root Token: 存储在 Consul KV `vault/root-token`
- 详细文档: `/root/mgmt/README-Vault.md`
#### Waypoint
- Auth Token: 存储在 Consul KV `waypoint/auth-token`
- 详细文档: `/root/mgmt/README-Waypoint.md`
### 🚀 部署命令
```bash
# 部署 Traefik
nomad job run components/traefik/jobs/traefik-cloudflare.nomad
# 部署 Vault
nomad job run nomad-jobs/vault-cluster.nomad
# 部署 Waypoint
nomad job run waypoint-server.nomad
```
### 📝 注意事项
1. **证书管理**: 证书存储在 Traefik 容器的 `/local/acme.json`,容器重启会丢失
2. **Vault 配置**: 所有配置通过 Consul KV 动态加载,修改后需要重启 job
3. **网络配置**: 所有服务使用 Tailscale 网络地址
4. **备份策略**: 建议定期备份 Consul KV 中的配置和凭据
### 🔄 恢复步骤
如需恢复到此状态:
1. 恢复 Consul KV 配置
2. 按顺序部署: Traefik → Vault → Waypoint
3. 验证所有服务端点可访问
4. 检查 SSL 证书状态
---
**备份完成时间**: 2025-10-04 07:44:11
**备份者**: AI Assistant
**状态**: 所有服务正常运行 ✅
Reference in New Issue View Git Blame Copy Permalink