jack/Deploy-Laboratory
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
8a54cac61f658a9d76b5741bce848dc18bc0e197
Deploy-Laboratory/scripts/01-08-deploy-nginx-tls-via-ylc61.sh
jack 8a54cac61f feat: CoreDNS IPv4 上游、03-03 Tomcat 修复、HAProxy 与验证脚本 
- Ansible: 部署时自动配置 CoreDNS forward 为 IPv4,避免 ACME 解析失败
- 01-01/01-07: 文档增加 CoreDNS 设置说明
- 03-03: Tomcat webapps.dist 复制、HTTP/HTTPS 双 Ingress、显式 Dashboard IngressRoute
- traefik-dashboard-acme: tomcat-acme.yaml、404 排查说明
- HAProxy: 健康检查与 PROXY 配置拆分,18080/18443 部署与验证脚本

Made-with: Cursor
2026-03-22 19:02:46 +08:00

50 lines
2.3 KiB
Bash
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
#!/usr/bin/env bash
# 经 ssh ylc61 在控制节点上一键部署 nginx TLS 矩阵M1M4test0104.jackadam.top
# 用法:./scripts/01-08-deploy-nginx-tls-via-ylc61.sh
# 前置:本机可 ssh 到 ylc61脚本会同步 ansible + SSH 密钥到 ylc61 后执行 playbook
set -euo pipefail
ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
REMOTE_HOST="${REMOTE_HOST:-ylc61}"
REMOTE_USER="${REMOTE_USER:-root}"
REMOTE_REPO="${REMOTE_REPO:-/root/实验室建设}"
SSH_OPTS="-o BatchMode=yes -o ConnectTimeout=10"
SSH_KEY="${ROOT_DIR}/.ssh/id_ed25519_k3s_192.168.2.61"
[[ -f "$SSH_KEY" ]] && SSH_OPTS="$SSH_OPTS -i $SSH_KEY"
SSH_CMD="ssh $SSH_OPTS ${REMOTE_USER}@${REMOTE_HOST}"
echo "=== 经 ${REMOTE_HOST} 部署 nginx TLS 矩阵 ==="
# 1. 同步 SSH 密钥到 ylc61ansible 连接各节点需此)
if [[ -d "${ROOT_DIR}/.ssh" ]]; then
echo "[1/3] 同步 SSH 密钥到 ${REMOTE_HOST}:~/.ssh/..."
$SSH_CMD "mkdir -p /root/.ssh && chmod 700 /root/.ssh"
for k in "${ROOT_DIR}"/.ssh/id_ed25519_k3s_192.168.2.61 "${ROOT_DIR}"/.ssh/id_ed25519_k3s_192.168.2.62 \
"${ROOT_DIR}"/.ssh/id_ed25519_k3s_192.168.2.63 "${ROOT_DIR}"/.ssh/id_ed25519_k3s_192.168.2.64; do
[[ -f "$k" ]] || continue
scp -q $SSH_OPTS "$k" "${k}.pub" "${REMOTE_USER}@${REMOTE_HOST}:/root/.ssh/" 2>/dev/null || true
done
$SSH_CMD "chmod 600 /root/.ssh/id_ed25519_k3s_* 2>/dev/null || true"
fi
# 2. 同步 ansible 到远程
if [[ -d "${ROOT_DIR}/ansible" ]]; then
echo "[2/3] 同步 ansible 到 ${REMOTE_HOST}:${REMOTE_REPO}..."
rsync -az -e "ssh $SSH_OPTS" --delete \
--exclude='.git' \
"${ROOT_DIR}/ansible/" \
"${REMOTE_USER}@${REMOTE_HOST}:${REMOTE_REPO}/ansible/" 2>/dev/null || {
echo " [INFO] rsync 不可用,改用 scp..."
$SSH_CMD "mkdir -p ${REMOTE_REPO}/ansible"
scp -r $SSH_OPTS "${ROOT_DIR}/ansible/"* "${REMOTE_USER}@${REMOTE_HOST}:${REMOTE_REPO}/ansible/"
}
else
echo "[2/3] 假定 ${REMOTE_HOST} 上已有 ${REMOTE_REPO}"
fi
echo "[3/3] 在 ${REMOTE_HOST} 上执行 ansible-playbook..."
$SSH_CMD "cd ${REMOTE_REPO} && ansible-playbook -i ansible/inventory.ini ansible/playbooks/nginx-matrix-tls-deploy.yml"
echo ""
echo "[OK] nginx TLS 矩阵已部署。验证:./scripts/01-08-verify-haproxy-openwrt.sh --https-hosts 'test01.jackadam.top,test02.jackadam.top,test03.jackadam.top,test04.jackadam.top'"
Reference in New Issue View Git Blame Copy Permalink