From b1e207ffae75f0d97192b4766b6e4ebebbd80875 Mon Sep 17 00:00:00 2001
From: OG T <ogt@WOOOMacMiniM4.local>
Date: Thu, 9 Apr 2026 20:27:46 +0800
Subject: [PATCH] =?UTF-8?q?fix(host=5Faggregator):=20E2E=E9=A9=97=E8=AD=89?=
 =?UTF-8?q?=E5=BE=8C=E4=BF=AE=E6=AD=A3=20HOST=5FCONFIGS=20=E2=80=94=20Olla?=
 =?UTF-8?q?ma=E4=BD=8D=E7=BD=AE+NodePort+Nginx?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

從 K3s Pod 內 Python socket 實測確認後修正:
- 110: 加 Prometheus(9090) Grafana(3002)，移除 GH Runner(3000 refused)
- 112: 移除 SSH:22 (K3s Pod NetworkPolicy 未開)
- 120: 移除 awoooi NodePort(只在121不在120)
- 188: 移除 Ollama(在111非188) 和 Nginx:443(Pod內打不通)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 apps/api/src/services/host_aggregator.py | 23 ++++++++++-------------
 1 file changed, 10 insertions(+), 13 deletions(-)

diff --git a/apps/api/src/services/host_aggregator.py b/apps/api/src/services/host_aggregator.py
index a41ce475..e8d6249a 100644
--- a/apps/api/src/services/host_aggregator.py
+++ b/apps/api/src/services/host_aggregator.py
@@ -276,44 +276,41 @@ async def _http_probe(
 
 # Service definitions: (name, port, probe_type, path_or_none)
 # probe_type: "tcp" | "http" | "https"
-# 2026-04-09 Claude Sonnet 4.6: 修正 HOST_CONFIGS probe 端點
-# - 110: Harbor→tcp(5000), Docker 2375→Gitea tcp(3001)
-# - 120: K3s 6443 https→tcp(401 被誤判 down), Traefik 80 closed→刪除
-# - 188: OpenClaw 8089→8088 (實際端口)
+# 2026-04-09 Claude Sonnet 4.6: 修正 HOST_CONFIGS probe 端點 (E2E 驗證後最終版)
+# 所有端點均從 K3s Pod 內 Python socket 實測確認可達
 HOST_CONFIGS = {
     "192.168.0.110": {
         "name": "DevOps 金庫",
         "role": HostRole.DEVOPS,
         "services": [
-            ("Harbor", 5000, "tcp", None),    # http /api/v2/ 回 HTML，改 tcp
-            ("Gitea", 3001, "tcp", None),      # CI/CD 主倉，取代 Docker 2375
-            ("GH Runner", 3000, "tcp", None),
+            ("Harbor", 5000, "tcp", None),     # tcp 可達
+            ("Gitea", 3001, "tcp", None),       # CI/CD 主倉，tcp 可達
+            ("Prometheus", 9090, "http", "/-/healthy"),  # 實測可達
+            ("Grafana", 3002, "http", "/api/health"),    # 實測可達
         ],
     },
     "192.168.0.112": {
         "name": "Kali Security",
         "role": HostRole.SECURITY,
         "services": [
-            ("Scanner API", 8080, "http", "/health"),
-            ("Nmap", 22, "tcp", None),  # SSH port as proxy
+            ("Scanner API", 8080, "http", "/health"),  # 實測可達
         ],
     },
     "192.168.0.120": {
         "name": "K3s Master",
         "role": HostRole.K3S,
         "services": [
-            ("K3s API", 6443, "tcp", None),    # https /healthz 回 401 被誤判，改 tcp
-            ("awoooi-prod", 32335, "tcp", None),
+            ("K3s API", 6443, "tcp", None),  # tcp 可達 (https /healthz 401 誤判)
         ],
     },
+    # NOTE: NodePort 32335 只在 192.168.0.121，不在 120
+    # 拓撲圖顯示歸屬 120(master)，但 probe 用 121
     "192.168.0.188": {
         "name": "AI+Web 中心",
         "role": HostRole.AI_WEB,
         "services": [
-            ("Nginx", 443, "https", "/"),
             ("PostgreSQL", 5432, "tcp", None),
             ("Redis", 6380, "tcp", None),
-            ("Ollama", 11434, "http", "/api/tags"),
             ("OpenClaw", 8088, "http", "/health"),  # 修正: 8089→8088
             ("SigNoz", 3301, "http", "/api/v1/health"),
         ],