wooo/awoooi
1
1
Fork 0
Code Issues 2 Pull Requests 1 Actions 2 Packages Projects Releases Wiki Activity
Files
2a2cb16c135fd7e5b159d94de9b5ff04f6cf31f5
awoooi/docs/runbooks/disaster-recovery/DR-Nginx.md
OG T 43edff184d feat(dr): Sprint C — Host rsync 備份 + DR SOP 文件 
C-1 Velero: 已確認運作中(daily-awoooi-prod schedule, 13d, MinIO Available)

C-2 Host rsync 備份:
  scripts/ops/backup-from-110.sh — 188 每日凌晨 1:00 rsync 備份 110
    - Harbor registry data(最高優先)
    - Gitea repos
    - bitan-pharmacy.git(若存在)
    - 成功寫入 /var/run/backup-110.last_success 供 Prometheus 監控
    - 失敗時 Telegram 告警
  ops/monitoring/alerts-unified.yml — 新增 HostBackupFailed 告警規則

C-3 DR SOP 文件:
  docs/runbooks/disaster-recovery/DR-K8s-awoooi.md  (<15分鐘)
  docs/runbooks/disaster-recovery/DR-Nginx.md        (<5分鐘)
  docs/runbooks/disaster-recovery/DR-Harbor.md       (<30分鐘)
  docs/runbooks/disaster-recovery/DR-Bitan.md        (<5分鐘)
  docs/runbooks/disaster-recovery/DR-Stock.md        (<5分鐘)

部署備份腳本說明 (需手動執行):
  scp scripts/ops/backup-from-110.sh ollama@192.168.0.188:~/bin/backup-from-110.sh
  ssh ollama@192.168.0.188 "chmod +x ~/bin/backup-from-110.sh && mkdir -p /backup/110/{harbor,gitea}"
  ssh ollama@192.168.0.188 "echo '0 1 * * * /home/ollama/bin/backup-from-110.sh' | crontab -"

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-11 03:04:18 +08:00

1.8 KiB
Raw Blame History

DR-Nginx — Nginx 設定錯誤回滾 SOP

目標時間: < 5 分鐘
觸發場景: nginx conf 錯誤導致 reload 失敗,或手動修改造成設定漂移
工具: Ansible, git
最後更新: 2026-04-11 (Claude Sonnet 4.6 Asia/Taipei)

場景 Anginx conf 語法錯誤(最常見)

# 在 MacBook 執行
# 1. 確認問題
ssh wooo@192.168.0.188 "sudo nginx -t 2>&1"

# 2. 用 Ansible 從 Git 重新部署正確版本
cd /Users/ogt/awoooi
ansible-playbook -i infra/ansible/inventory/hosts.yml \
  infra/ansible/playbooks/nginx-sync.yml \
  --tags 188

# 3. 驗收
curl -s -o /dev/null -w '%{http_code}' https://awoooi.wooo.work
# 期望: 200

場景 B需要回滾到前一版本

# 查看最近 nginx conf 變更
git log --oneline -- infra/ansible/roles/nginx/templates/188-all-sites.conf.j2 | head -5

# 回滾到前一個 commit
git revert HEAD --no-edit  # 或 git checkout <commit-hash> -- <file>
git push gitea main

# 立即用 Ansible 套用回滾版本
ansible-playbook -i infra/ansible/inventory/hosts.yml \
  infra/ansible/playbooks/nginx-sync.yml \
  --tags 188

場景 C188 nginx 完全無法啟動,需要 110 接管

# 在 192.168.0.110 或 188 強制 keepalived failover
# (僅在 188 完全失效時使用)
ssh wooo@192.168.0.110 "sudo systemctl status keepalived"

# 若 110 已自動接管 VIP:200確認
ssh wooo@192.168.0.110 "ip addr show | grep 192.168.0.200"
# 期望:顯示 VIP 已在 110

# 確認對外服務正常(透過 VIP
curl -s -o /dev/null -w '%{http_code}' https://awoooi.wooo.work

預防

  • 所有 nginx conf 變更必須透過 infra/ansible/playbooks/nginx-sync.yml 部署
  • 禁止直接 SSH 到 188 修改 /etc/nginx/sites-enabled/
  • Ansible 會自動 backup: true(在部署前備份 .bak.TIMESTAMP
Reference in New Issue View Git Blame Copy Permalink