jack/Deploy-Laboratory
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
8a54cac61f658a9d76b5741bce848dc18bc0e197
Deploy-Laboratory/scripts/02-verify-nginx-matrix-individual.sh
jack 8a54cac61f feat: CoreDNS IPv4 上游、03-03 Tomcat 修复、HAProxy 与验证脚本 
- Ansible: 部署时自动配置 CoreDNS forward 为 IPv4,避免 ACME 解析失败
- 01-01/01-07: 文档增加 CoreDNS 设置说明
- 03-03: Tomcat webapps.dist 复制、HTTP/HTTPS 双 Ingress、显式 Dashboard IngressRoute
- traefik-dashboard-acme: tomcat-acme.yaml、404 排查说明
- HAProxy: 健康检查与 PROXY 配置拆分,18080/18443 部署与验证脚本

Made-with: Cursor
2026-03-22 19:02:46 +08:00

107 lines
5.1 KiB
Bash
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
#!/usr/bin/env bash
# 02 系列逐个验证:清理 → 逐个部署 02-0102-04 → TLS 矩阵 → onecloud 验证
# 用法:./scripts/02-verify-nginx-matrix-individual.sh
# 前置ssh ylc61、ssh onecloud 可用OpenWrt HAProxy 18080/18443 已部署
set -euo pipefail
ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
REMOTE_HOST="${REMOTE_HOST:-ylc61}"
REMOTE_USER="${REMOTE_USER:-root}"
REMOTE_REPO="${REMOTE_REPO:-/root/实验室建设}"
VERIFY_HOST="${VERIFY_HOST:-onecloud}"
OPENWRT_IP="${OPENWRT_IP:-192.168.2.1}"
HTTP_PORT="${HTTP_PORT:-18080}"
HTTPS_PORT="${HTTPS_PORT:-18443}"
KUBECONFIG="${KUBECONFIG:-/etc/rancher/k3s/k3s.yaml}"
SSH_OPTS="-o BatchMode=yes -o ConnectTimeout=10"
SSH_KEY="${ROOT_DIR}/.ssh/id_ed25519_k3s_192.168.2.61"
[[ -f "$SSH_KEY" ]] && SSH_OPTS="$SSH_OPTS -i $SSH_KEY"
SSH_YLC="ssh $SSH_OPTS ${REMOTE_USER}@${REMOTE_HOST}"
echo "=== 02 系列 nginx 矩阵逐个验证(${REMOTE_HOST} + ${VERIFY_HOST}==="
# 1. 同步 SSH 密钥与 nginx-matrix 到 ylc61
echo "[0] 同步 SSH 密钥与 ansible 到 ${REMOTE_HOST}..."
if [[ -d "${ROOT_DIR}/.ssh" ]]; then
$SSH_YLC "mkdir -p /root/.ssh && chmod 700 /root/.ssh"
for k in "${ROOT_DIR}"/.ssh/id_ed25519_k3s_192.168.2.61 "${ROOT_DIR}"/.ssh/id_ed25519_k3s_192.168.2.62 \
"${ROOT_DIR}"/.ssh/id_ed25519_k3s_192.168.2.63 "${ROOT_DIR}"/.ssh/id_ed25519_k3s_192.168.2.64; do
[[ -f "$k" ]] || continue
scp -q $SSH_OPTS "$k" "${k}.pub" "${REMOTE_USER}@${REMOTE_HOST}:/root/.ssh/" 2>/dev/null || true
done
$SSH_YLC "chmod 600 /root/.ssh/id_ed25519_k3s_* 2>/dev/null || true"
fi
$SSH_YLC "mkdir -p ${REMOTE_REPO}/ansible/files"
rsync -az -e "ssh $SSH_OPTS" --delete "${ROOT_DIR}/ansible/files/nginx-matrix/" \
"${REMOTE_USER}@${REMOTE_HOST}:${REMOTE_REPO}/ansible/files/nginx-matrix/" 2>/dev/null || {
scp -r $SSH_OPTS "${ROOT_DIR}/ansible/files/nginx-matrix/"* \
"${REMOTE_USER}@${REMOTE_HOST}:${REMOTE_REPO}/ansible/files/nginx-matrix/"
}
# 2. 清理所有 nginx 相关资源
echo "[1] 清理 nginx 矩阵path-based + TLS..."
$SSH_YLC "KUBECONFIG=${KUBECONFIG} kubectl delete deployment,svc -n default nginx-m1 nginx-m2 nginx-m3 nginx-m4 --ignore-not-found=true"
$SSH_YLC "KUBECONFIG=${KUBECONFIG} kubectl delete ingress -n default nginx-m1 nginx-m3 nginx-m1-http nginx-m3-http --ignore-not-found=true"
$SSH_YLC "KUBECONFIG=${KUBECONFIG} kubectl delete ingressroute -n default nginx-m2 nginx-m4 nginx-m2-http nginx-m4-http --ignore-not-found=true"
$SSH_YLC "KUBECONFIG=${KUBECONFIG} kubectl delete middleware -n default stripprefix-m1 stripprefix-m2 stripprefix-m3 stripprefix-m4 --ignore-not-found=true"
$SSH_YLC "KUBECONFIG=${KUBECONFIG} kubectl delete configmap -n default nginx-m1-html nginx-m2-html nginx-m3-html nginx-m4-html --ignore-not-found=true"
sleep 2
# 3. 逐个部署 02-0102-04 并验证
MATRIX=(
"01-control-ingress.yaml:demo-m1:M1"
"02-control-ingressroute.yaml:demo-m2:M2"
"03-worker-ingress.yaml:demo-m3:M3"
"04-worker-ingressroute.yaml:demo-m4:M4"
)
for item in "${MATRIX[@]}"; do
file="${item%%:*}"
rest="${item#*:}"
path="${rest%%:*}"
expect="${rest##*:}"
echo "[2] 部署 ${file}${path}${expect}..."
$SSH_YLC "KUBECONFIG=${KUBECONFIG} kubectl apply -f ${REMOTE_REPO}/ansible/files/nginx-matrix/${file}"
$SSH_YLC "KUBECONFIG=${KUBECONFIG} kubectl wait --for=condition=ready pod -l app=nginx-m${expect#M} -n default --timeout=120s"
code=$(ssh $SSH_OPTS "$VERIFY_HOST" "curl -s -o /dev/null -w '%{http_code}' --max-time 10 'http://${OPENWRT_IP}:${HTTP_PORT}/${path}/' 2>/dev/null" || echo "000")
body=$(ssh $SSH_OPTS "$VERIFY_HOST" "curl -s --max-time 10 'http://${OPENWRT_IP}:${HTTP_PORT}/${path}/' 2>/dev/null" || echo "")
if [[ "$code" != "200" ]]; then
echo " [FAIL] /${path}/ 返回 ${code}" >&2
exit 1
fi
if [[ "$body" != *"$expect"* ]]; then
echo " [FAIL] /${path}/ body 不含 ${expect}" >&2
exit 1
fi
echo " [OK] /${path}/ 200 含 ${expect}"
done
# 4. 部署 TLS 矩阵
echo "[3] 部署 nginx TLS 矩阵..."
"${ROOT_DIR}/scripts/01-08-deploy-nginx-tls-via-ylc61.sh"
# 5. 验证 HTTPStest0104
echo "[4] 经 ${VERIFY_HOST} 验证 HTTPStest0104.jackadam.top:${HTTPS_PORT}..."
HTTPS_HOSTS="test01.jackadam.top,test02.jackadam.top,test03.jackadam.top,test04.jackadam.top"
IFS=',' read -ra HOSTS <<< "$HTTPS_HOSTS"
for i in "${!HOSTS[@]}"; do
host="${HOSTS[$i]}"
expect="M$((i+1))"
code=$(ssh $SSH_OPTS "$VERIFY_HOST" "curl -s -o /dev/null -w '%{http_code}' --max-time 10 'https://${host}:${HTTPS_PORT}/' --resolve '${host}:${HTTPS_PORT}:${OPENWRT_IP}' 2>/dev/null" || echo "000")
body=$(ssh $SSH_OPTS "$VERIFY_HOST" "curl -s --max-time 10 'https://${host}:${HTTPS_PORT}/' --resolve '${host}:${HTTPS_PORT}:${OPENWRT_IP}' 2>/dev/null" || echo "")
if [[ "$code" != "200" ]]; then
echo " [FAIL] https://${host}:${HTTPS_PORT}/ 返回 ${code}" >&2
exit 1
fi
if [[ "$body" != *"$expect"* ]]; then
echo " [FAIL] https://${host}:${HTTPS_PORT}/ body 不含 ${expect}" >&2
exit 1
fi
echo " [OK] https://${host}:${HTTPS_PORT}/ 200 含 ${expect}"
done
echo ""
echo "[PASS] 02 系列 nginx 矩阵逐个验证通过02-0102-04 HTTP path + TLS domain"
Reference in New Issue View Git Blame Copy Permalink