update

2025-12-31 23:24:02 +08:00 · 2025-12-31 23:24:02 +08:00 · 8c7d64bbcf
commit 8c7d64bbcf
parent 4403423351
13 changed files with 25 additions and 61 deletions
--- a/deploy_xcontrol_dashboard.yml
+++ b/deploy_xcontrol_dashboard.yml
@ -8,4 +8,5 @@
    xcontrol_dashboard_blue_image: cloudneutral/dashboard
    xcontrol_dashboard_green_image: cloudneutral/dashboard
  roles:
    - roles/vhosts/docker
    - roles/docker/XControl
--- a/group_vars/all.yml
+++ b/group_vars/all.yml
@ -1,5 +1,5 @@
 ansible_port: 22
-ansible_ssh_user: ubuntu
+ansible_ssh_user: root
 ansible_ssh_private_key_file: ~/.ssh/id_rsa
 ansible_host_key_checking: False
--- a/hosts/all
+++ b/hosts/all
@ -1,19 +0,0 @@
 [all]
 hw-node.svc.plus                  ansible_host=139.9.139.22     ansible_ssh_user=root
 cn-gateway.svc.plus               ansible_host=8.130.10.142     ansible_ssh_user=root
 us-gateway.svc.plus               ansible_host=52.196.108.28    ansible_ssh_user=ubuntu
 global-gateway.svc.plus           ansible_host=54.183.199.99    ansible_ssh_user=ubuntu
 canada-gateway.svc.plus           ansible_host=3.96.167.208     ansible_ssh_user=ubuntu
 vault.onwalk.net                  ansible_host=3.101.151.231    ansible_ssh_user=ubuntu
 ldap.svc.plus                     ansible_host=35.182.63.247    ansible_ssh_user=ubuntu
 keycloak.svc.plus                 ansible_host=3.99.126.158     ansible_ssh_user=ubuntu
 observability.onwalk.net          ansible_host=54.153.80.120    ansible_ssh_user=ubuntu
 argocd.svc.plus                   ansible_host=13.57.247.27     ansible_ssh_user=ubuntu
 [gateway]
 vpn-gateway.svc.plus              ansible_host=167.179.72.223   ansible_ssh_user=root
 [all:vars]
 ansible_port=22
 ansible_ssh_private_key_file=~/.ssh/id_rsa
 ansible_host_key_checking=False
--- a/hosts/gpu_k8s_cluster
+++ b/hosts/gpu_k8s_cluster
@ -1,10 +0,0 @@
 [all]
 k8s-1               ansible_host=13.158.69.227
 k8s-2               ansible_host=57.183.6.87
 k8s-3               ansible_host=43.207.133.165
 [all:vars]
 ansible_port=22
 ansible_ssh_user=ubuntu
 ansible_ssh_private_key_file=~/.ssh/id_rsa
 ansible_host_key_checking=False
--- a/hosts/k3s-cluster
+++ b/hosts/k3s-cluster
@ -1,12 +0,0 @@
 [all]
 cn-gateway.svc.plus         ansible_host=10.254.0.1
 cn-k3s-server.svc.plus      ansible_host=10.254.0.3
 cn-hw-node.svc.plus         ansible_host=10.254.0.4
 global-gateway.svc.plus     ansible_host=10.255.0.1
 global-k3s-server.svc.plus  ansible_host=10.255.0.3
 [all:vars]
 ansible_port=22
 ansible_ssh_user=ubuntu
 ansible_ssh_private_key_file=~/.ssh/id_rsa
 ansible_host_key_checking=False
--- a/hosts/vpn
+++ b/hosts/vpn
@ -1,2 +0,0 @@
 [vpn-gateway]
 xproxy.onwalk.net               ansible_host=43.206.158.21
--- a/inventory.ini
+++ b/inventory.ini
@ -1,6 +1,6 @@
 [web]
-cn-homepage.svc.plus        ansible_host=47.120.61.35
+cn-console.svc.plus        ansible_host=47.120.61.35
-global-homepage.svc.plus    ansible_host=167.179.72.223
+global-console.svc.plus    ansible_host=35.220.157.80 ansible_user=root
 [deepflow_agents]
 192.168.1.101               ansible_user=root  ansible_ssh_pass=pass101
--- a/roles/docker/XControl/defaults/main.yml
+++ b/roles/docker/XControl/defaults/main.yml
@ -67,10 +67,10 @@ xcontrol_account_xray_restart_command:
 xcontrol_account_agent_id: account-primary
 # Image overrides (optional)
-xcontrol_account_image: ghcr.io/cloud-neutral-toolkit/account:latest
+xcontrol_account_image: cloudneutral/account:latest
-xcontrol_rag_image: manbuzhe2009/rag-server:latest
+xcontrol_rag_image: cloudneutral/rag-server:latest
-xcontrol_dashboard_image: manbuzhe2009/dashboard:latest
+xcontrol_dashboard_image: cloudneutral/dashboard:latest
-xcontrol_db_image: manbuzhe2009/postgres-runtime:latest
+xcontrol_db_image: cloudneutral/postgres-runtime:latest
 xcontrol_dashboard_blue_image: "{{ xcontrol_dashboard_image }}"
 xcontrol_dashboard_green_image: "{{ xcontrol_dashboard_image }}"
 xcontrol_dashboard_active_color: blue
--- a/roles/docker/XControl/files/nginx/nginx.conf
+++ b/roles/docker/XControl/files/nginx/nginx.conf
@ -1,5 +1,6 @@
 events {}
 http {
    include /etc/nginx/conf.d/*.conf;
    include /usr/local/openresty/nginx/conf/conf.d/*.conf;
 }
--- a/roles/docker/XControl/tasks/main.yml
+++ b/roles/docker/XControl/tasks/main.yml
@ -53,7 +53,9 @@
 - name: Bootstrap NGINX (80-only for ACME)
  become: true
-  command: docker compose --profile bootstrap -f {{ xcontrol_workspace }}/docker-compose.yaml up -d bootstrap-nginx
+  shell: 
    docker compose --profile bootstrap -f {{ xcontrol_workspace }}/docker-compose.yaml up -d bootstrap-nginx
    docker compose --profile bootstrap -f {{ xcontrol_workspace }}/docker-compose.yaml restart bootstrap-nginx || true
  args:
    chdir: "{{ xcontrol_workspace }}"
--- a/roles/docker/XControl/templates/docker-compose.yaml
+++ b/roles/docker/XControl/templates/docker-compose.yaml
@ -128,10 +128,11 @@ services:
    networks:
      - app
    healthcheck:
-      test: ["CMD-SHELL", "wget -qO- http://127.0.0.1/health || exit 1"]
+      test: ["CMD", "wget", "-qO-", "http://localhost"]
-      interval: 5s
+      interval: 10s
-      timeout: 2s
+      timeout: 3s
-      retries: 10
+      retries: 5
      start_period: 5s
  certbot:
    profiles: ["bootstrap"]
--- a/roles/docker/XControl/templates/nginx/conf.d/bootstrap-nginx.conf
+++ b/roles/docker/XControl/templates/nginx/conf.d/bootstrap-nginx.conf
@ -2,13 +2,10 @@ server {
    listen 80;
    server_name {{ xcontrol_certbot_domains }};
    location = /health {
        return 200 "ok\n";
    }
    location ^~ /.well-known/acme-challenge/ {
        root /var/www/certbot;
        default_type "text/plain";
        allow all;
    }
    # 不 redirect！不要 https！
    # certbot 需要纯 http 验证
 }
--- a/setup-nodejs.yml
+++ b/setup-nodejs.yml
@ -0,0 +1,5 @@
 - name: Setup Docker Engine
  hosts: all
  become: true
  roles:
    - roles/vhosts/nodejs/
		`@ -1,2 +0,0 @@`
			`[vpn-gateway]`
			`xproxy.onwalk.net ansible_host=43.206.158.21`