jack/Deploy-Laboratory
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
8a54cac61f658a9d76b5741bce848dc18bc0e197
Deploy-Laboratory/scripts/README.md
jack 8a54cac61f feat: CoreDNS IPv4 上游、03-03 Tomcat 修复、HAProxy 与验证脚本 
- Ansible: 部署时自动配置 CoreDNS forward 为 IPv4,避免 ACME 解析失败
- 01-01/01-07: 文档增加 CoreDNS 设置说明
- 03-03: Tomcat webapps.dist 复制、HTTP/HTTPS 双 Ingress、显式 Dashboard IngressRoute
- traefik-dashboard-acme: tomcat-acme.yaml、404 排查说明
- HAProxy: 健康检查与 PROXY 配置拆分,18080/18443 部署与验证脚本

Made-with: Cursor
2026-03-22 19:02:46 +08:00

72 lines
3.3 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# Scripts 总览
本目录集中维护 K3s 排障与恢复脚本。统一约定:**在仓库根目录执行**,使用 `./scripts/...` 路径调用。
## 目录
- `scripts/01-08-deploy-openwrt-haproxy.sh`
- 一键部署uhttpd 改回 80/443IPv4+IPv6HAProxy 部署到 18080/18443默认 haproxy-tls
- `scripts/01-08-deploy-nginx-tls-via-ylc61.sh`
- 经 ssh ylc61 在控制节点上一键部署 nginx TLS 矩阵M1M4test0104同步 ansible + SSH 密钥后执行 playbook
- `scripts/03-verify-traefik-dashboard-acme.sh`
- 03-03 配置验证:核对 traefik-dashboard-acme 模板合并 03-01+03-02 要素;检查当前 ACME可选 `--apply` 尝试应用(会触发 Traefik 重启)
- `scripts/02-verify-nginx-matrix-individual.sh`
- 02 系列逐个验证:清理 → 逐个部署 02-0102-04path-based→ TLS 矩阵 → onecloud 验证 HTTP path + HTTPS domain验证通过后需手动更新 `docs/00-02-验证矩阵.md`
- `scripts/01-08-verify-haproxy-openwrt.sh`
- 家庭私网默认调用主脚本18080/18443、onecloud 第三方验证(见 `docs/01-08-openwrt-haproxy.md`
- `scripts/01-08-verify-haproxy.sh`
- **核心**:校验 `ansible/files/01-08-haproxy/*.cfg` 在 OpenWrt 上 `haproxy -c` 通过;`--cfg-only` 仅做语法校验、不 curl。完整流程另经 ssh onecloud 验证 HTTP/HTTPS可选 `--deploy-matrix http|tls``--https-hosts`;验证通过可更新验证矩阵
- `scripts/ssh/setup-k3s-workers-ssh.sh`
- 为 Ansible 自动化准备 SSH为所有 k3s 节点配置 jack + root 公钥及每节点私钥(配合 `docs/01-07-节点初始化-ansible-实践.md`
- `scripts/diag/entrypath/entrypath.sh`
- K3s 入口到 Traefik 回包链路诊断主命令
- `scripts/diag/netpol/check-net.sh`
- NetworkPolicy/连通性快速检查脚本(交互模式,自动输出日志)
- `scripts/diag/recovery/k3s-recovery-reset.sh`
- K3s 排障场景重置与恢复脚本
- `scripts/diag/firewalld/setup-k3s-firewalld-interfaces.sh`
- 一键写入 `flannel.1` / `cni0` 到 firewalld `trusted`(含持久化)
- `scripts/diag/ssh/setup-ssh-keys.sh`
- 交互式生成并下发 SSH 排障密钥
- `scripts/diag/ssh/test-ssh.sh`
- 验证 worker/client SSH key 登录与 sudo 可用性
## 从仓库根执行示例
```bash
# 1) 初始化排障 SSH 密钥(可选)
./scripts/diag/ssh/setup-ssh-keys.sh
# 2) 验证 SSH建议
./scripts/diag/ssh/test-ssh.sh
# 3) 写入 firewalld 接口基线推荐Fedora/FCOS
./scripts/diag/firewalld/setup-k3s-firewalld-interfaces.sh
# 4) 快速检查(交互)
./scripts/diag/netpol/check-net.sh
# 5) 执行完整入口链路诊断
./scripts/diag/entrypath/entrypath.sh run \
--worker-host root@192.168.2.62 \
--client-host root@192.168.2.63 \
--worker-ssh-key ~/.ssh/id_ed25519_k3s_diag_worker \
--client-ssh-key ~/.ssh/id_ed25519_k3s_diag_client \
--client-ip 192.168.2.63 \
--lb-ip 192.168.2.62 \
--remote-check y \
--capture-mode y \
--capture-seconds 15 \
--nft-trace-mode y \
--nft-trace-seconds 10 \
--return-trace-mode y \
--return-trace-seconds 12 \
--pod-netns-trace-mode y \
--pod-netns-trace-seconds 12 \
--non-interactive
```
## 说明文档
- 入口链路诊断详见 `scripts/diag/entrypath/README.md`
- 主文档入口详见 `docs/00-00-构建总览.md`
Reference in New Issue View Git Blame Copy Permalink