feat: 优化一键部署脚本

ansible.log

@@ -17,3 +17,95 @@
     "community.general.sudosu": "Run tasks using sudo su -",
     "containers.podman.podman_unshare": "Run tasks using podman unshare"
 }
+2024-11-18 14:39:27,864 p=119976 u=fy n=ansible | [WARNING]: Could not match supplied host pattern, ignoring: frpclient
+
+2024-11-18 14:39:27,864 p=119976 u=fy n=ansible | playbook: script/ansible/frpc_playbook.yml
+2024-11-18 14:39:28,422 p=119979 u=fy n=ansible | {
+    "ansible.builtin.runas": "Run As user",
+    "ansible.builtin.su": "Substitute User",
+    "ansible.builtin.sudo": "Substitute User DO",
+    "ansible.netcommon.enable": "Switch to elevated permissions on a network device",
+    "community.general.doas": "Do As user",
+    "community.general.dzdo": "Centrify's Direct Authorize",
+    "community.general.ksu": "Kerberos substitute user",
+    "community.general.machinectl": "Systemd's machinectl privilege escalation",
+    "community.general.pbrun": "PowerBroker run",
+    "community.general.pfexec": "profile based execution",
+    "community.general.pmrun": "Privilege Manager run",
+    "community.general.run0": "Systemd's run0",
+    "community.general.sesu": "CA Privileged Access Manager",
+    "community.general.sudosu": "Run tasks using sudo su -",
+    "containers.podman.podman_unshare": "Run tasks using podman unshare"
+}
+2024-11-18 14:49:55,538 p=123727 u=fy n=ansible | playbook: script/ansible/deploy_playbook.yml
+2024-11-18 14:49:56,139 p=123734 u=fy n=ansible | {
+    "ansible.builtin.runas": "Run As user",
+    "ansible.builtin.su": "Substitute User",
+    "ansible.builtin.sudo": "Substitute User DO",
+    "ansible.netcommon.enable": "Switch to elevated permissions on a network device",
+    "community.general.doas": "Do As user",
+    "community.general.dzdo": "Centrify's Direct Authorize",
+    "community.general.ksu": "Kerberos substitute user",
+    "community.general.machinectl": "Systemd's machinectl privilege escalation",
+    "community.general.pbrun": "PowerBroker run",
+    "community.general.pfexec": "profile based execution",
+    "community.general.pmrun": "Privilege Manager run",
+    "community.general.run0": "Systemd's run0",
+    "community.general.sesu": "CA Privileged Access Manager",
+    "community.general.sudosu": "Run tasks using sudo su -",
+    "containers.podman.podman_unshare": "Run tasks using podman unshare"
+}
+2024-11-18 14:56:38,510 p=127588 u=fy n=ansible | playbook: script/ansible/deploy_playbook.yml
+2024-11-18 14:56:39,101 p=127621 u=fy n=ansible | {
+    "ansible.builtin.runas": "Run As user",
+    "ansible.builtin.su": "Substitute User",
+    "ansible.builtin.sudo": "Substitute User DO",
+    "ansible.netcommon.enable": "Switch to elevated permissions on a network device",
+    "community.general.doas": "Do As user",
+    "community.general.dzdo": "Centrify's Direct Authorize",
+    "community.general.ksu": "Kerberos substitute user",
+    "community.general.machinectl": "Systemd's machinectl privilege escalation",
+    "community.general.pbrun": "PowerBroker run",
+    "community.general.pfexec": "profile based execution",
+    "community.general.pmrun": "Privilege Manager run",
+    "community.general.run0": "Systemd's run0",
+    "community.general.sesu": "CA Privileged Access Manager",
+    "community.general.sudosu": "Run tasks using sudo su -",
+    "containers.podman.podman_unshare": "Run tasks using podman unshare"
+}
+2024-11-18 14:58:44,774 p=129006 u=fy n=ansible | playbook: script/ansible/deploy_playbook.yml
+2024-11-18 14:58:45,375 p=129013 u=fy n=ansible | {
+    "ansible.builtin.runas": "Run As user",
+    "ansible.builtin.su": "Substitute User",
+    "ansible.builtin.sudo": "Substitute User DO",
+    "ansible.netcommon.enable": "Switch to elevated permissions on a network device",
+    "community.general.doas": "Do As user",
+    "community.general.dzdo": "Centrify's Direct Authorize",
+    "community.general.ksu": "Kerberos substitute user",
+    "community.general.machinectl": "Systemd's machinectl privilege escalation",
+    "community.general.pbrun": "PowerBroker run",
+    "community.general.pfexec": "profile based execution",
+    "community.general.pmrun": "Privilege Manager run",
+    "community.general.run0": "Systemd's run0",
+    "community.general.sesu": "CA Privileged Access Manager",
+    "community.general.sudosu": "Run tasks using sudo su -",
+    "containers.podman.podman_unshare": "Run tasks using podman unshare"
+}
+2024-11-18 14:58:59,293 p=129116 u=fy n=ansible | playbook: script/ansible/deploy_playbook.yml
+2024-11-18 14:58:59,880 p=129122 u=fy n=ansible | {
+    "ansible.builtin.runas": "Run As user",
+    "ansible.builtin.su": "Substitute User",
+    "ansible.builtin.sudo": "Substitute User DO",
+    "ansible.netcommon.enable": "Switch to elevated permissions on a network device",
+    "community.general.doas": "Do As user",
+    "community.general.dzdo": "Centrify's Direct Authorize",
+    "community.general.ksu": "Kerberos substitute user",
+    "community.general.machinectl": "Systemd's machinectl privilege escalation",
+    "community.general.pbrun": "PowerBroker run",
+    "community.general.pfexec": "profile based execution",
+    "community.general.pmrun": "Privilege Manager run",
+    "community.general.run0": "Systemd's run0",
+    "community.general.sesu": "CA Privileged Access Manager",
+    "community.general.sudosu": "Run tasks using sudo su -",
+    "containers.podman.podman_unshare": "Run tasks using podman unshare"
+}

script/ansible/deploy_playbook.yml

@@ -2,7 +2,6 @@
 - hosts: all
   vars:
     deploy_path: /www/wwwroot/xiaoding
-    backup_dir: /www/wwwroot
     timestamp: "{{ ansible_date_time.year }}-{{ ansible_date_time.month }}-{{ ansible_date_time.day }}-{{ ansible_date_time.hour }}:{{ ansible_date_time.minute }}:{{ ansible_date_time.second }}"
     backup_file: "xiaoding_backup_{{ timestamp }}.tar.gz"
     project_archive: "owl-admin.tar.gz"
@@ -11,7 +10,7 @@
     - name: Create backup of existing deployment
       archive:
         path: "{{ deploy_path }}"
-        dest: "{{ backup_dir }}/{{ backup_file }}"
+        dest: "/tmp/{{ backup_file }}"
         format: gz
       ignore_errors: yes
 
@@ -55,18 +54,20 @@
         dest: "{{ deploy_path }}"
         remote_src: yes
 
-    - name: Run composer install
-      command:
-        cmd: composer install --no-dev
-        chdir: "{{ deploy_path }}"
+    - name: Copy .env file from root
+      copy:
+        src: /root/.env
+        dest: "{{ deploy_path }}/.env"
+        remote_src: yes
+      ignore_errors: yes
 
     - name: Set proper permissions
       file:
         path: "{{ deploy_path }}"
-        owner: www-data
-        group: www-data
+        owner: www
+        group: www
         recurse: yes
-        mode: '0755'
+        mode: '0777'
 
     - name: Clean up remote archive
       file:

script/ansible/frp/frpc.toml

@@ -1,8 +1,6 @@
 serverAddr = "47.96.151.43"
 serverPort = 7000
 
-
-
 [[proxies]]
 name = "tcp-redis"
 type = "tcp"
@@ -18,27 +16,14 @@ localPort = 80
 remotePort = 80
 
 [[proxies]]
-name = "test_htts2http"
+name = "xiaoding_htts2http"
 type = "https"
 customDomains = [
-"xiaodingliu.niusenyun.com",
-"xiaodingbackend.niusenyun.com",
-"saasjing.niusenyun.com",
-"massagejing.niusenyun.com",
-"saasyin.niusenyun.com",
-"mallyin.niusenyun.com",
-"saas.niusenyun.com",
-"saast.niusenyun.com",
-"mall.niusenyun.com",
-"mallt.niusenyun.com",
-"massaget.niusenyun.com",
-"massage.niusenyun.com",
-"xdyin.niusenyun.com",
-"xdjhyuser.niusenyun.com",
-"xdt.niusenyun.com"
+"msj.xiaodingyun.cn",
+"msjadmin.xiaodingyun.cn",
+# 往下面增加你的域名即可
 ]
 
-
 [proxies.plugin]
 type = "https2http"
 localAddr = "127.0.0.1:80"

script/ansible/ssl.md

@@ -8,7 +8,7 @@ apt update
 apt install -y socat curl wget
 
 # 安装acme.sh
-curl https://get.acme.sh | sh -s email=mall@niusenyun.com
+curl https://get.acme.sh | sh -s email=xiaoding@xiaodingyun.cn
 
 # 重新加载环境变量
 source ~/.bashrc
@@ -21,12 +21,12 @@ source ~/.bashrc
 rm -f /root/frp/cert.pem /root/frp/key.pem
 
 # 移除acme.sh中的证书记录
-acme.sh --remove -d niusenyun.com
-acme.sh --remove -d "*.niusenyun.com"
+acme.sh --remove -d xiaodingyun.cn  
+acme.sh --remove -d "*.xiaodingyun.cn  "
 
 # 清除acme.sh的域名配置
-rm -rf ~/.acme.sh/niusenyun.com
-rm -rf ~/.acme.sh/*.niusenyun.com
+rm -rf ~/.acme.sh/xiaodingyun.cn  
+rm -rf ~/.acme.sh/*.xiaodingyun.cn  
 ```
 
 ## 3. 申请证书
@@ -35,31 +35,23 @@ rm -rf ~/.acme.sh/*.niusenyun.com
 
 ```bash
 # 设置腾讯云API密钥（需要先在腾讯云控制台获取SecretId和SecretKey）
-export DP_Id="82be64b0a33311efbcaf475f4b5bfbc8"
-export DP_Key="d2087abec1f643329e6b7e0635043705"
+export DP_Id="9ec5c5a0a57611ef9fa21fb4ee2b819c"
+export DP_Key="84d361f9997546c5b16e821121a3337f"
 # 设置腾讯云DNS API的标识符
-userId:67371376616d0500c5162a87
-secretId:82be64b0a33311efbcaf475f4b5bfbc8
-secretKey:d2087abec1f643329e6b7e0635043705
+https://console.cloud.tencent.com/taidc/api
+userId:673adf0c2ab3a41d61c2f385
+secretId:9ec5c5a0a57611ef9fa21fb4ee2b819c
+secretKey:84d361f9997546c5b16e821121a3337f
 ```
 
 ### 3.2 查看DNS解析记录
 
 ```bash
-# 使用腾讯云API获取解析记录
-curl -X POST https://dnspod.tencentcloudapi.com \
-  -H "Authorization: SECRET_ID" \
-  -H "Content-Type: application/json" \
-  -d '{
-    "Domain": "niusenyun.com",
-    "Subdomain": "_acme-challenge"
-  }'
-
 # 或者使用dig命令查询
-dig TXT _acme-challenge.niusenyun.com @8.8.8.8
+dig TXT _acme-challenge.xiaodingyun.cn   @8.8.8.8
 
 # 等待解析生效检查
-nslookup -type=TXT _acme-challenge.niusenyun.com
+nslookup -type=TXT _acme-challenge.xiaodingyun.cn  
 ```
 
 ### 3.3 验证DNS记录
@@ -67,19 +59,8 @@ nslookup -type=TXT _acme-challenge.niusenyun.com
 在申请证书之前，可以先验证DNS记录是否正确设置：
 
 ```bash
-# 手动添加DNS TXT记录
-# 主域名验证
-记录类型: TXT
-主机记录: _acme-challenge
-记录值: uF1OMd8vv7Yfvn5lxmR328NyXT1yzEDD0h8C8dwmOkw
-
-# 泛域名验证
-记录类型: TXT
-主机记录: _acme-challenge
-记录值: uF1OMd8vv7Yfvn5lxmR328NyXT1yzEDD0h8C8dwmOkw
-
 # 验证DNS记录是否生效
-dig _acme-challenge.niusenyun.com TXT
+dig _acme-challenge.xiaodingyun.cn   TXT
 
 # 等待DNS记录生效（通常需要等待1-5分钟）
 ```
@@ -101,19 +82,35 @@ sudo ip link set dev [网卡名] down
 sudo ip link set dev [网卡名] up
 
 # 验证网络连接
-ping -c 4 niusenyun.com
+ping -c 4 xiaodingyun.cn  
 ```
 
 ### 3.5 申请证书
+```bash
+apt-get install idn
+```
 
 ```bash
 # 使用DNS方式验证域名所有权（腾讯云DNS）
-acme.sh --issue --dns dns_dp -d niusenyun.com -d '*.niusenyun.com' --force
+# 先清理已有证书
+acme.sh --remove -d xiaodingyun.cn 
+acme.sh --remove -d "*.xiaodingyun.cn"
+rm -rf ~/.acme.sh/xiaodingyun.cn*
+
+# 重新申请证书（添加debug参数）
+acme.sh --issue --dns dns_dp -d xiaodingyun.cn  -d "*.xiaodingyun.cn" --force
 
-# 说明：dns_dp 是腾讯云DNS API的标识符
+# 说明：
+# dns_dp 是腾讯云DNS API的标识符
 # --force 参数用于强制重新申请证书
+# --debug 参数用于显示详细的调试信息
 ```
 
+### 3.6 根据提示操作
+
+Adding TXT value: KXPGUraeHDzW0v4MuJ4pwmIbzo6RYz1uyI0E4Tou1bA for domain: _acme-challenge.xiaodingyun.cn
+ 
+
 ## 4. 安装证书到frp指定目录
 
 ```bash
@@ -121,7 +118,7 @@ acme.sh --issue --dns dns_dp -d niusenyun.com -d '*.niusenyun.com' --force
 mkdir -p /root/frp
 
 # 安装证书到指定目录（PEM格式）
-acme.sh --install-cert -d niusenyun.com \
+acme.sh --install-cert -d xiaodingyun.cn   \
 --key-file /root/frp/key.pem \
 --fullchain-file /root/frp/cert.pem \
 --reloadcmd "systemctl restart frpc"
@@ -148,7 +145,7 @@ crontab -l
 
 ## 注意事项
 
-1. 已配置域名为：niusenyun.com（包含泛域名 *.niusenyun.com）
+1. 已配置域名为：xiaodingyun.cn  （包含泛域名 *.xiaodingyun.cn  ）
 2. 替换`your-secret-id`和`your-secret-key`为腾讯云API密钥（在腾讯云控制台 -> 访问密钥 -> API密钥管理中获取）
 3. 确保域名已正确解析到服务器IP
 4. DNS记录生效可能需要一些时间，如果证书申请失败，请等待几分钟后重试
@@ -165,4 +162,4 @@ acme.sh --log
 ls -l /root/frp/cert.pem /root/frp/key.pem
 
 # 检查DNS记录
-dig _acme-challenge.niusenyun.com TXT
+dig _acme-challenge.xiaodingyun.cn   TXT