105 lines
5.4 KiB
Markdown
105 lines
5.4 KiB
Markdown
# IwoooS Docker / systemd / 主機服務配置只讀清冊
|
||
|
||
| 項目 | 內容 |
|
||
|------|------|
|
||
| 日期 | 2026-06-11 |
|
||
| 狀態 | `repo_only_inventory_ready` |
|
||
| 工具 | `scripts/security/host-service-config-inventory.py` |
|
||
| Snapshot | `docs/security/host-service-config-inventory.snapshot.json` |
|
||
| Schema | `docs/schemas/host_service_config_inventory_v1.schema.json` |
|
||
| runtime gate | `0` |
|
||
|
||
## 1. 目的
|
||
|
||
此清冊補齊高價值配置覆蓋矩陣中最低覆蓋的 `docker_compose_systemd_host_config`。本階段只從已提交 repo 檔案整理 Docker Compose、systemd / repair bot 白名單、Ansible service role 與 config backup coverage,不讀 live host,也不執行任何服務操作。
|
||
|
||
此清冊不是 host truth,也不是重啟批准;它只讓 P1-1 從「尚需 inventory」推進到「repo-only inventory ready」。
|
||
|
||
## 2. 覆蓋摘要
|
||
|
||
| 指標 | 目前值 | 說明 |
|
||
|------|--------|------|
|
||
| repo surface | `9` | 全部來源檔案存在 |
|
||
| host scope | `5` | `local_dev_only`、`192.168.0.110`、`192.168.0.188`、`110_188_120_121_cluster`、`multi_host` |
|
||
| Docker Compose / reference | `5` | local dev、110 monitoring、188 exporters、110 Sentry reference、110 Langfuse |
|
||
| host repair whitelist | `2` | 110 / 188 repair-bot |
|
||
| systemd restart surface | `1` | 188 repair-bot 內的 redis / nginx / ollama restart 白名單 |
|
||
| write-capable surface | `3` | Ansible docker compose role、110 repair-bot、188 repair-bot |
|
||
| owner response required | `9` | 每個 surface 都需要 owner response |
|
||
| live evidence required | `8` | local dev compose 之外仍需 owner-provided live hash / disposition |
|
||
| owner response received / accepted | `0 / 0` | 不得假性提高 |
|
||
| live evidence received | `0` | 不 SSH、不讀 live host |
|
||
| restart window / rollback owner accepted | `0 / 0` | 不得重啟 |
|
||
| runtime gate / action button | `0 / 0` | 不提供操作入口 |
|
||
| Docker/systemd 類別成熟度 | `42% -> 50%` | 只代表 repo-only 清冊完成,不代表 runtime 可執行 |
|
||
|
||
## 3. 已納入 surface
|
||
|
||
| Surface | Host scope | 類型 | 下一步 |
|
||
|---------|------------|------|--------|
|
||
| `local_dev_compose` | `local_dev_only` | local dev compose | 確認不得作 production compose,補 dev secret placeholder policy |
|
||
| `monitoring_110_compose` | `192.168.0.110` | Docker Compose | 補 live compose hash、restart window、rollback owner、post-check 指標 |
|
||
| `monitoring_exporters_188_compose` | `192.168.0.188` | Docker Compose | 補 live compose hash、env source policy、restart window、rollback owner |
|
||
| `sentry_110_reference_compose` | `192.168.0.110` | reference compose | 確認實際 source-of-truth、official revision、backup path、rollback owner |
|
||
| `langfuse_110_compose` | `192.168.0.110` | Docker Compose | 補 live compose hash、secret placeholder disposition、restart window、rollback owner |
|
||
| `ansible_docker_compose_service_role` | `multi_host` | Ansible executor role | 補使用範圍、allowed service_dir、check-mode、rollback owner、人工 gate |
|
||
| `repair_bot_110_whitelist` | `192.168.0.110` | repair whitelist | 補 authorized_keys binding、disable switch、audit log path、rollback owner、post-check |
|
||
| `repair_bot_188_whitelist` | `192.168.0.188` | repair whitelist | 補 systemd restart approval gate、sudoers boundary、disable switch、rollback owner、route smoke |
|
||
| `config_backup_host_capture` | `110_188_120_121_cluster` | config backup capture | 補 latest backup status、restore drill owner、secret handling proof、retention owner |
|
||
|
||
## 4. 固定 0 / false 邊界
|
||
|
||
以下旗標必須維持 `false`:
|
||
|
||
```text
|
||
runtime_execution_authorized=false
|
||
host_write_authorized=false
|
||
ssh_read_authorized=false
|
||
ssh_write_authorized=false
|
||
docker_compose_action_authorized=false
|
||
systemctl_action_authorized=false
|
||
service_restart_authorized=false
|
||
sudo_action_authorized=false
|
||
live_host_read_authorized=false
|
||
secret_value_collection_allowed=false
|
||
active_scan_authorized=false
|
||
repair_bot_execution_authorized=false
|
||
ansible_apply_authorized=false
|
||
action_buttons_allowed=false
|
||
```
|
||
|
||
## 5. 判讀規則
|
||
|
||
1. `source_exists=true` 只代表 repo 內有檔案,不代表 live host 與 repo 一致。
|
||
2. `sha256` 是 repo file hash,不是 live file hash。
|
||
3. repair-bot 與 Ansible role 可見代表「需被管控」,不是可使用。
|
||
4. `docker compose up -d`、`systemctl restart`、`sudo`、repair-bot、Ansible apply 都必須等待 owner response、maintenance window、rollback owner 與 post-check 指標。
|
||
5. 此清冊不得收集 secret value;若需要 secret parity,只能收 secret name / owner / injection metadata。
|
||
|
||
## 6. 指令
|
||
|
||
```bash
|
||
python3 scripts/security/host-service-config-inventory.py \
|
||
--root . \
|
||
--output docs/security/host-service-config-inventory.snapshot.json
|
||
```
|
||
|
||
固定 committed snapshot 時間:
|
||
|
||
```bash
|
||
python3 scripts/security/host-service-config-inventory.py \
|
||
--root . \
|
||
--generated-at 2026-06-11T22:40:00+08:00 \
|
||
--output docs/security/host-service-config-inventory.snapshot.json
|
||
```
|
||
|
||
## 7. 完成度
|
||
|
||
| 工作 | 完成度 | 說明 |
|
||
|------|--------|------|
|
||
| repo-only surface 註冊 | `100%` | 9 個 surface 全部納入 snapshot |
|
||
| source existence / hash | `100%` | 只讀 SHA256 與 line count 已固定 |
|
||
| owner response 收件 | `0%` | 尚未收到或接受任何 owner response |
|
||
| live evidence collection | `0%` | 未 SSH、未讀 live host、未 active scan |
|
||
| restart / apply gate | `0%` | 未開啟 docker compose / systemctl / Ansible / repair-bot 操作 |
|