update

2025-12-31 23:24:02 +08:00 · 2025-12-31 23:24:02 +08:00 · 8c7d64bbcf
commit 8c7d64bbcf
parent 4403423351
13 changed files with 25 additions and 61 deletions
--- a/deploy_xcontrol_dashboard.yml
+++ b/deploy_xcontrol_dashboard.yml
@ -8,4 +8,5 @@
    xcontrol_dashboard_blue_image: cloudneutral/dashboard
    xcontrol_dashboard_green_image: cloudneutral/dashboard
  roles:
+    - roles/vhosts/docker
    - roles/docker/XControl
--- a/group_vars/all.yml
+++ b/group_vars/all.yml
@ -1,5 +1,5 @@
 ansible_port: 22
-ansible_ssh_user: ubuntu
+ansible_ssh_user: root
 ansible_ssh_private_key_file: ~/.ssh/id_rsa
 ansible_host_key_checking: False

--- a/hosts/all
+++ b/hosts/all
@ -1,19 +0,0 @@
-[all]
-hw-node.svc.plus                  ansible_host=139.9.139.22     ansible_ssh_user=root
-cn-gateway.svc.plus               ansible_host=8.130.10.142     ansible_ssh_user=root
-us-gateway.svc.plus               ansible_host=52.196.108.28    ansible_ssh_user=ubuntu
-global-gateway.svc.plus           ansible_host=54.183.199.99    ansible_ssh_user=ubuntu
-canada-gateway.svc.plus           ansible_host=3.96.167.208     ansible_ssh_user=ubuntu
-vault.onwalk.net                  ansible_host=3.101.151.231    ansible_ssh_user=ubuntu
-ldap.svc.plus                     ansible_host=35.182.63.247    ansible_ssh_user=ubuntu
-keycloak.svc.plus                 ansible_host=3.99.126.158     ansible_ssh_user=ubuntu
-observability.onwalk.net          ansible_host=54.153.80.120    ansible_ssh_user=ubuntu
-argocd.svc.plus                   ansible_host=13.57.247.27     ansible_ssh_user=ubuntu
-
-[gateway]
-vpn-gateway.svc.plus              ansible_host=167.179.72.223   ansible_ssh_user=root
-
-[all:vars]
-ansible_port=22
-ansible_ssh_private_key_file=~/.ssh/id_rsa
-ansible_host_key_checking=False
--- a/hosts/gpu_k8s_cluster
+++ b/hosts/gpu_k8s_cluster
@ -1,10 +0,0 @@
-[all]
-k8s-1               ansible_host=13.158.69.227
-k8s-2               ansible_host=57.183.6.87
-k8s-3               ansible_host=43.207.133.165
-
-[all:vars]
-ansible_port=22
-ansible_ssh_user=ubuntu
-ansible_ssh_private_key_file=~/.ssh/id_rsa
-ansible_host_key_checking=False
--- a/hosts/k3s-cluster
+++ b/hosts/k3s-cluster
@ -1,12 +0,0 @@
-[all]
-cn-gateway.svc.plus         ansible_host=10.254.0.1
-cn-k3s-server.svc.plus      ansible_host=10.254.0.3
-cn-hw-node.svc.plus         ansible_host=10.254.0.4
-global-gateway.svc.plus     ansible_host=10.255.0.1
-global-k3s-server.svc.plus  ansible_host=10.255.0.3
-
-[all:vars]
-ansible_port=22
-ansible_ssh_user=ubuntu
-ansible_ssh_private_key_file=~/.ssh/id_rsa
-ansible_host_key_checking=False
--- a/hosts/vpn
+++ b/hosts/vpn
@ -1,2 +0,0 @@
-[vpn-gateway]
-xproxy.onwalk.net               ansible_host=43.206.158.21
--- a/inventory.ini
+++ b/inventory.ini
@ -1,6 +1,6 @@
 [web]
-cn-homepage.svc.plus        ansible_host=47.120.61.35
-global-homepage.svc.plus    ansible_host=167.179.72.223
+cn-console.svc.plus        ansible_host=47.120.61.35
+global-console.svc.plus    ansible_host=35.220.157.80 ansible_user=root

 [deepflow_agents]
 192.168.1.101               ansible_user=root  ansible_ssh_pass=pass101
--- a/roles/docker/XControl/defaults/main.yml
+++ b/roles/docker/XControl/defaults/main.yml
@ -67,10 +67,10 @@ xcontrol_account_xray_restart_command:
 xcontrol_account_agent_id: account-primary

 # Image overrides (optional)
-xcontrol_account_image: ghcr.io/cloud-neutral-toolkit/account:latest
-xcontrol_rag_image: manbuzhe2009/rag-server:latest
-xcontrol_dashboard_image: manbuzhe2009/dashboard:latest
-xcontrol_db_image: manbuzhe2009/postgres-runtime:latest
+xcontrol_account_image: cloudneutral/account:latest
+xcontrol_rag_image: cloudneutral/rag-server:latest
+xcontrol_dashboard_image: cloudneutral/dashboard:latest
+xcontrol_db_image: cloudneutral/postgres-runtime:latest
 xcontrol_dashboard_blue_image: "{{ xcontrol_dashboard_image }}"
 xcontrol_dashboard_green_image: "{{ xcontrol_dashboard_image }}"
 xcontrol_dashboard_active_color: blue
--- a/roles/docker/XControl/files/nginx/nginx.conf
+++ b/roles/docker/XControl/files/nginx/nginx.conf
@ -1,5 +1,6 @@
 events {}

 http {
+    include /etc/nginx/conf.d/*.conf;
    include /usr/local/openresty/nginx/conf/conf.d/*.conf;
 }
--- a/roles/docker/XControl/tasks/main.yml
+++ b/roles/docker/XControl/tasks/main.yml
@ -53,7 +53,9 @@

 - name: Bootstrap NGINX (80-only for ACME)
  become: true
-  command: docker compose --profile bootstrap -f {{ xcontrol_workspace }}/docker-compose.yaml up -d bootstrap-nginx
+  shell: 
+    docker compose --profile bootstrap -f {{ xcontrol_workspace }}/docker-compose.yaml up -d bootstrap-nginx
+    docker compose --profile bootstrap -f {{ xcontrol_workspace }}/docker-compose.yaml restart bootstrap-nginx || true
  args:
    chdir: "{{ xcontrol_workspace }}"

--- a/roles/docker/XControl/templates/docker-compose.yaml
+++ b/roles/docker/XControl/templates/docker-compose.yaml
@ -128,10 +128,11 @@ services:
    networks:
      - app
    healthcheck:
-      test: ["CMD-SHELL", "wget -qO- http://127.0.0.1/health || exit 1"]
-      interval: 5s
-      timeout: 2s
-      retries: 10
+      test: ["CMD", "wget", "-qO-", "http://localhost"]
+      interval: 10s
+      timeout: 3s
+      retries: 5
+      start_period: 5s

  certbot:
    profiles: ["bootstrap"]
--- a/roles/docker/XControl/templates/nginx/conf.d/bootstrap-nginx.conf
+++ b/roles/docker/XControl/templates/nginx/conf.d/bootstrap-nginx.conf
@ -2,13 +2,10 @@ server {
    listen 80;
    server_name {{ xcontrol_certbot_domains }};

-    location = /health {
-        return 200 "ok\n";
-    }
-
    location ^~ /.well-known/acme-challenge/ {
        root /var/www/certbot;
-        default_type "text/plain";
-        allow all;
    }
+
+    # 不 redirect！不要 https！
+    # certbot 需要纯 http 验证
 }
--- a/setup-nodejs.yml
+++ b/setup-nodejs.yml
@ -0,0 +1,5 @@
+- name: Setup Docker Engine
+  hosts: all
+  become: true
+  roles:
+    - roles/vhosts/nodejs/