From 8c7d64bbcf58c80cfa7a43b44bd66b0005c0c2e0 Mon Sep 17 00:00:00 2001 From: Haitao Pan Date: Wed, 31 Dec 2025 23:24:02 +0800 Subject: [PATCH] update --- deploy_xcontrol_dashboard.yml | 1 + group_vars/all.yml | 2 +- hosts/all | 19 ------------------- hosts/gpu_k8s_cluster | 10 ---------- hosts/k3s-cluster | 12 ------------ hosts/vpn | 2 -- inventory.ini | 4 ++-- roles/docker/XControl/defaults/main.yml | 8 ++++---- roles/docker/XControl/files/nginx/nginx.conf | 1 + roles/docker/XControl/tasks/main.yml | 4 +++- .../XControl/templates/docker-compose.yaml | 9 +++++---- .../nginx/conf.d/bootstrap-nginx.conf | 9 +++------ setup-nodejs.yml | 5 +++++ 13 files changed, 25 insertions(+), 61 deletions(-) delete mode 100644 hosts/all delete mode 100644 hosts/gpu_k8s_cluster delete mode 100644 hosts/k3s-cluster delete mode 100644 hosts/vpn create mode 100644 setup-nodejs.yml diff --git a/deploy_xcontrol_dashboard.yml b/deploy_xcontrol_dashboard.yml index e00d7e7..fb4124a 100644 --- a/deploy_xcontrol_dashboard.yml +++ b/deploy_xcontrol_dashboard.yml @@ -8,4 +8,5 @@ xcontrol_dashboard_blue_image: cloudneutral/dashboard xcontrol_dashboard_green_image: cloudneutral/dashboard roles: + - roles/vhosts/docker - roles/docker/XControl diff --git a/group_vars/all.yml b/group_vars/all.yml index f04e15a..976cf0f 100644 --- a/group_vars/all.yml +++ b/group_vars/all.yml @@ -1,5 +1,5 @@ ansible_port: 22 -ansible_ssh_user: ubuntu +ansible_ssh_user: root ansible_ssh_private_key_file: ~/.ssh/id_rsa ansible_host_key_checking: False diff --git a/hosts/all b/hosts/all deleted file mode 100644 index c8aba05..0000000 --- a/hosts/all +++ /dev/null @@ -1,19 +0,0 @@ -[all] -hw-node.svc.plus ansible_host=139.9.139.22 ansible_ssh_user=root -cn-gateway.svc.plus ansible_host=8.130.10.142 ansible_ssh_user=root -us-gateway.svc.plus ansible_host=52.196.108.28 ansible_ssh_user=ubuntu -global-gateway.svc.plus ansible_host=54.183.199.99 ansible_ssh_user=ubuntu -canada-gateway.svc.plus ansible_host=3.96.167.208 ansible_ssh_user=ubuntu -vault.onwalk.net ansible_host=3.101.151.231 ansible_ssh_user=ubuntu -ldap.svc.plus ansible_host=35.182.63.247 ansible_ssh_user=ubuntu -keycloak.svc.plus ansible_host=3.99.126.158 ansible_ssh_user=ubuntu -observability.onwalk.net ansible_host=54.153.80.120 ansible_ssh_user=ubuntu -argocd.svc.plus ansible_host=13.57.247.27 ansible_ssh_user=ubuntu - -[gateway] -vpn-gateway.svc.plus ansible_host=167.179.72.223 ansible_ssh_user=root - -[all:vars] -ansible_port=22 -ansible_ssh_private_key_file=~/.ssh/id_rsa -ansible_host_key_checking=False diff --git a/hosts/gpu_k8s_cluster b/hosts/gpu_k8s_cluster deleted file mode 100644 index 36e0b65..0000000 --- a/hosts/gpu_k8s_cluster +++ /dev/null @@ -1,10 +0,0 @@ -[all] -k8s-1 ansible_host=13.158.69.227 -k8s-2 ansible_host=57.183.6.87 -k8s-3 ansible_host=43.207.133.165 - -[all:vars] -ansible_port=22 -ansible_ssh_user=ubuntu -ansible_ssh_private_key_file=~/.ssh/id_rsa -ansible_host_key_checking=False diff --git a/hosts/k3s-cluster b/hosts/k3s-cluster deleted file mode 100644 index 117c650..0000000 --- a/hosts/k3s-cluster +++ /dev/null @@ -1,12 +0,0 @@ -[all] -cn-gateway.svc.plus ansible_host=10.254.0.1 -cn-k3s-server.svc.plus ansible_host=10.254.0.3 -cn-hw-node.svc.plus ansible_host=10.254.0.4 -global-gateway.svc.plus ansible_host=10.255.0.1 -global-k3s-server.svc.plus ansible_host=10.255.0.3 - -[all:vars] -ansible_port=22 -ansible_ssh_user=ubuntu -ansible_ssh_private_key_file=~/.ssh/id_rsa -ansible_host_key_checking=False diff --git a/hosts/vpn b/hosts/vpn deleted file mode 100644 index 24ab9dd..0000000 --- a/hosts/vpn +++ /dev/null @@ -1,2 +0,0 @@ -[vpn-gateway] -xproxy.onwalk.net ansible_host=43.206.158.21 diff --git a/inventory.ini b/inventory.ini index 36298ee..e0dd46e 100644 --- a/inventory.ini +++ b/inventory.ini @@ -1,6 +1,6 @@ [web] -cn-homepage.svc.plus ansible_host=47.120.61.35 -global-homepage.svc.plus ansible_host=167.179.72.223 +cn-console.svc.plus ansible_host=47.120.61.35 +global-console.svc.plus ansible_host=35.220.157.80 ansible_user=root [deepflow_agents] 192.168.1.101 ansible_user=root ansible_ssh_pass=pass101 diff --git a/roles/docker/XControl/defaults/main.yml b/roles/docker/XControl/defaults/main.yml index 9095800..b57f018 100644 --- a/roles/docker/XControl/defaults/main.yml +++ b/roles/docker/XControl/defaults/main.yml @@ -67,10 +67,10 @@ xcontrol_account_xray_restart_command: xcontrol_account_agent_id: account-primary # Image overrides (optional) -xcontrol_account_image: ghcr.io/cloud-neutral-toolkit/account:latest -xcontrol_rag_image: manbuzhe2009/rag-server:latest -xcontrol_dashboard_image: manbuzhe2009/dashboard:latest -xcontrol_db_image: manbuzhe2009/postgres-runtime:latest +xcontrol_account_image: cloudneutral/account:latest +xcontrol_rag_image: cloudneutral/rag-server:latest +xcontrol_dashboard_image: cloudneutral/dashboard:latest +xcontrol_db_image: cloudneutral/postgres-runtime:latest xcontrol_dashboard_blue_image: "{{ xcontrol_dashboard_image }}" xcontrol_dashboard_green_image: "{{ xcontrol_dashboard_image }}" xcontrol_dashboard_active_color: blue diff --git a/roles/docker/XControl/files/nginx/nginx.conf b/roles/docker/XControl/files/nginx/nginx.conf index c6c98b5..79d0ea0 100644 --- a/roles/docker/XControl/files/nginx/nginx.conf +++ b/roles/docker/XControl/files/nginx/nginx.conf @@ -1,5 +1,6 @@ events {} http { + include /etc/nginx/conf.d/*.conf; include /usr/local/openresty/nginx/conf/conf.d/*.conf; } diff --git a/roles/docker/XControl/tasks/main.yml b/roles/docker/XControl/tasks/main.yml index 8c10436..fc06a2d 100644 --- a/roles/docker/XControl/tasks/main.yml +++ b/roles/docker/XControl/tasks/main.yml @@ -53,7 +53,9 @@ - name: Bootstrap NGINX (80-only for ACME) become: true - command: docker compose --profile bootstrap -f {{ xcontrol_workspace }}/docker-compose.yaml up -d bootstrap-nginx + shell: + docker compose --profile bootstrap -f {{ xcontrol_workspace }}/docker-compose.yaml up -d bootstrap-nginx + docker compose --profile bootstrap -f {{ xcontrol_workspace }}/docker-compose.yaml restart bootstrap-nginx || true args: chdir: "{{ xcontrol_workspace }}" diff --git a/roles/docker/XControl/templates/docker-compose.yaml b/roles/docker/XControl/templates/docker-compose.yaml index 4b424c8..3d6d354 100644 --- a/roles/docker/XControl/templates/docker-compose.yaml +++ b/roles/docker/XControl/templates/docker-compose.yaml @@ -128,10 +128,11 @@ services: networks: - app healthcheck: - test: ["CMD-SHELL", "wget -qO- http://127.0.0.1/health || exit 1"] - interval: 5s - timeout: 2s - retries: 10 + test: ["CMD", "wget", "-qO-", "http://localhost"] + interval: 10s + timeout: 3s + retries: 5 + start_period: 5s certbot: profiles: ["bootstrap"] diff --git a/roles/docker/XControl/templates/nginx/conf.d/bootstrap-nginx.conf b/roles/docker/XControl/templates/nginx/conf.d/bootstrap-nginx.conf index 9ef45e2..c9b1cf9 100644 --- a/roles/docker/XControl/templates/nginx/conf.d/bootstrap-nginx.conf +++ b/roles/docker/XControl/templates/nginx/conf.d/bootstrap-nginx.conf @@ -2,13 +2,10 @@ server { listen 80; server_name {{ xcontrol_certbot_domains }}; - location = /health { - return 200 "ok\n"; - } - location ^~ /.well-known/acme-challenge/ { root /var/www/certbot; - default_type "text/plain"; - allow all; } + + # 不 redirect!不要 https! + # certbot 需要纯 http 验证 } diff --git a/setup-nodejs.yml b/setup-nodejs.yml new file mode 100644 index 0000000..0d997f5 --- /dev/null +++ b/setup-nodejs.yml @@ -0,0 +1,5 @@ +- name: Setup Docker Engine + hosts: all + become: true + roles: + - roles/vhosts/nodejs/