61 lines
2.0 KiB
Markdown
61 lines
2.0 KiB
Markdown
# Scripts 总览
|
||
|
||
本目录集中维护 K3s 排障与恢复脚本。统一约定:**在仓库根目录执行**,使用 `./scripts/...` 路径调用。
|
||
|
||
## 目录
|
||
- `scripts/ssh/setup-k3s-workers-ssh.sh`
|
||
- 为 Ansible 自动化准备 SSH:为所有 k3s 节点配置 jack + root 公钥及每节点私钥(配合 `docs/01-07-节点初始化-ansible-实践.md`)
|
||
- `scripts/diag/entrypath/entrypath.sh`
|
||
- K3s 入口到 Traefik 回包链路诊断主命令
|
||
- `scripts/diag/netpol/check-net.sh`
|
||
- NetworkPolicy/连通性快速检查脚本(交互模式,自动输出日志)
|
||
- `scripts/diag/recovery/k3s-recovery-reset.sh`
|
||
- K3s 排障场景重置与恢复脚本
|
||
- `scripts/diag/firewalld/setup-k3s-firewalld-interfaces.sh`
|
||
- 一键写入 `flannel.1` / `cni0` 到 firewalld `trusted`(含持久化)
|
||
- `scripts/diag/ssh/setup-ssh-keys.sh`
|
||
- 交互式生成并下发 SSH 排障密钥
|
||
- `scripts/diag/ssh/test-ssh.sh`
|
||
- 验证 worker/client SSH key 登录与 sudo 可用性
|
||
|
||
## 从仓库根执行示例
|
||
|
||
`bas\1
|
||
|
||
\21) 初始化排障 SSH 密钥(可选)
|
||
./scripts/diag/ssh/setup-ssh-keys.sh
|
||
|
||
# 2) 验证 SSH(建议)
|
||
./scripts/diag/ssh/test-ssh.sh
|
||
|
||
# 3) 写入 firewalld 接口基线(推荐,Fedora/FCOS)
|
||
./scripts/diag/firewalld/setup-k3s-firewalld-interfaces.sh
|
||
|
||
# 4) 快速检查(交互)
|
||
./scripts/diag/netpol/check-net.sh
|
||
|
||
# 5) 执行完整入口链路诊断
|
||
./scripts/diag/entrypath/entrypath.sh run \
|
||
--worker-host root@192.168.2.62 \
|
||
--client-host root@192.168.2.63 \
|
||
--worker-ssh-key ~/.ssh/id_ed25519_k3s_diag_worker \
|
||
--client-ssh-key ~/.ssh/id_ed25519_k3s_diag_client \
|
||
--client-ip 192.168.2.63 \
|
||
--lb-ip 192.168.2.62 \
|
||
--remote-check y \
|
||
--capture-mode y \
|
||
--capture-seconds 15 \
|
||
--nft-trace-mode y \
|
||
--nft-trace-seconds 10 \
|
||
--return-trace-mode y \
|
||
--return-trace-seconds 12 \
|
||
--pod-netns-trace-mode y \
|
||
--pod-netns-trace-seconds 12 \
|
||
--non-interactive
|
||
`
|
||
|
||
## 说明文档
|
||
|
||
- 入口链路诊断详见 `scripts/diag/entrypath/README.md`
|
||
- 主文档入口详见 `docs/00-00-构建总览.md`
|