ec013f662d
- ai_slo_watchdog_job: 改用 trust_drift_detector 纯统计 lib 避免与 governance_agent 每小时自检查重复触发 Telegram - infra/ansible: 建立 110 nginx proxy 转发到 GCP-A/B 端口 11435 -> 34.143.170.20:11434 (GCP-A) 端口 11436 -> 34.21.145.224:11434 (GCP-B) - docs/runbooks: DEPLOY-GCP-OLLAMA-PROXY.md 完整部署指南 - ops/nginx: 手动部署脚本供 110 直接执行 ADR-110 三层容灾启用前提:先部署 proxy,再改 ConfigMap
122 lines
3.4 KiB
Bash
Executable File
122 lines
3.4 KiB
Bash
Executable File
#!/bin/bash
|
|
# GCP Ollama Nginx Proxy 部署腳本 (110 手動執行)
|
|
# ADR-110 三層容災 — 讓 K3s 透過內網存取 GCP Ollama
|
|
# 執行: ssh wooo@192.168.0.110 'sudo bash -s' < deploy-ollama-proxy-110.sh
|
|
|
|
set -euo pipefail
|
|
|
|
echo "🚀 部署 GCP Ollama Nginx Proxy (110)..."
|
|
|
|
# 配置內容
|
|
NGINX_CONF="/etc/nginx/sites-enabled/110-ollama-proxy.conf"
|
|
|
|
# 備份現有配置
|
|
if [ -f "$NGINX_CONF" ]; then
|
|
echo "📦 備份現有配置..."
|
|
cp "$NGINX_CONF" "${NGINX_CONF}.backup.$(date +%Y%m%d%H%M%S)"
|
|
fi
|
|
|
|
# 寫入 nginx 配置
|
|
echo "📝 寫入 nginx 配置..."
|
|
cat > "$NGINX_CONF" << 'EOF'
|
|
# 110 Ollama GCP Proxy — ADR-110 三層容災
|
|
# 讓 K3s 叢集內可透過內網 110 存取 GCP 外網 Ollama
|
|
|
|
# ============================================================
|
|
# Ollama GCP-A Primary (port 11435 → 34.143.170.20:11434)
|
|
# ============================================================
|
|
server {
|
|
listen 11435;
|
|
listen [::]:11435;
|
|
server_name _;
|
|
|
|
access_log /var/log/nginx/ollama-gcp-a-access.log;
|
|
error_log /var/log/nginx/ollama-gcp-a-error.log warn;
|
|
|
|
location / {
|
|
proxy_pass http://34.143.170.20:11434;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
|
|
# Ollama 推理可能較慢,給較長超時
|
|
proxy_connect_timeout 10s;
|
|
proxy_send_timeout 300s;
|
|
proxy_read_timeout 300s;
|
|
|
|
# 支援 streaming response
|
|
proxy_buffering off;
|
|
proxy_cache off;
|
|
}
|
|
|
|
# 健康檢查端點
|
|
location /nginx-health {
|
|
access_log off;
|
|
return 200 "Ollama GCP-A Proxy OK\n";
|
|
add_header Content-Type text/plain;
|
|
}
|
|
}
|
|
|
|
# ============================================================
|
|
# Ollama GCP-B Secondary (port 11436 → 34.21.145.224:11434)
|
|
# ============================================================
|
|
server {
|
|
listen 11436;
|
|
listen [::]:11436;
|
|
server_name _;
|
|
|
|
access_log /var/log/nginx/ollama-gcp-b-access.log;
|
|
error_log /var/log/nginx/ollama-gcp-b-error.log warn;
|
|
|
|
location / {
|
|
proxy_pass http://34.21.145.224:11434;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
|
|
proxy_connect_timeout 10s;
|
|
proxy_send_timeout 300s;
|
|
proxy_read_timeout 300s;
|
|
|
|
proxy_buffering off;
|
|
proxy_cache off;
|
|
}
|
|
|
|
location /nginx-health {
|
|
access_log off;
|
|
return 200 "Ollama GCP-B Proxy OK\n";
|
|
add_header Content-Type text/plain;
|
|
}
|
|
}
|
|
EOF
|
|
|
|
# 測試 nginx 配置
|
|
echo "🧪 測試 nginx 配置..."
|
|
nginx -t
|
|
|
|
# 重載 nginx
|
|
echo "🔄 重載 nginx..."
|
|
systemctl reload nginx
|
|
|
|
# 驗證端口監聽
|
|
echo "🔍 驗證端口監聽..."
|
|
sleep 2
|
|
ss -tlnp | grep -E '11435|11436' || true
|
|
|
|
# 本地測試
|
|
echo "🌐 本地測試 proxy..."
|
|
echo "測試 GCP-A proxy (11435)..."
|
|
curl -s -o /dev/null -w "%{http_code}" http://127.0.0.1:11435/api/tags || echo "連線失敗"
|
|
echo ""
|
|
|
|
echo "測試 GCP-B proxy (11436)..."
|
|
curl -s -o /dev/null -w "%{http_code}" http://127.0.0.1:11436/api/tags || echo "連線失敗"
|
|
echo ""
|
|
|
|
echo "✅ 部署完成!"
|
|
echo ""
|
|
echo "下一步:"
|
|
echo "1. 從 K3s node 測試: curl http://192.168.0.110:11435/api/tags"
|
|
echo "2. 修改 K8s ConfigMap 指向 110:11435/11436"
|
|
echo "3. 重啟 awoooi-api deployment"
|