wooo/awoooi
1
1
Fork 0
Code Issues 2 Pull Requests 1 Actions 5 Packages Projects Releases Wiki Activity
Files
2a2cb16c135fd7e5b159d94de9b5ff04f6cf31f5
awoooi/scripts/ops/ollama188-retirement-gate.sh
Your Name d3e1b61096
All checks were successful
Code Review / ai-code-review (push) Successful in 11s
Details
fix(ops): persist 188 ollama localhost binding
2026-05-06 15:27:19 +08:00

177 lines
5.5 KiB
Bash
Executable File
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
#!/usr/bin/env bash
# 188 legacy Ollama 退場檢查。
# 這個腳本只讀取 repo、K8s 與主機日誌,不會停止或移除任何服務。
set -euo pipefail
ROOT_DIR="$(git rev-parse --show-toplevel 2>/dev/null || pwd)"
LEGACY_SSH="${LEGACY_SSH:-ollama@192.168.0.188}"
PROMETHEUS_SSH="${PROMETHEUS_SSH:-wooo@192.168.0.110}"
POST_SINCE="${POST_SINCE:-24 hours ago}"
HEALTH_SINCE="${HEALTH_SINCE:-5 minutes ago}"
failures=0
warnings=0
info() { printf '[INFO] %s\n' "$*"; }
warn() { printf '[WARN] %s\n' "$*"; warnings=$((warnings + 1)); }
fail() { printf '[FAIL] %s\n' "$*"; failures=$((failures + 1)); }
pass() { printf '[PASS] %s\n' "$*"; }
run_or_warn() {
local label="$1"
shift
if ! "$@"; then
warn "$label 無法完成,請確認本機是否有對應權限或網路"
return 1
fi
}
check_repo_runtime_refs() {
info "檢查 repo runtime 是否仍引用 188 Ollama"
local pattern='ollama_188|OLLAMA_188|Ollama188Provider|192\.168\.0\.188:11434'
local output
output="$(
cd "$ROOT_DIR" && rg -n "$pattern" \
apps/api/src apps/api/scripts scripts k8s ops \
-g '!scripts/ops/ollama188-retirement-gate.sh' \
-g '!scripts/ops/ollama188-localhost-containment.sh' \
-g '!scripts/ops/ollama188-systemd-localhost-fix.sh' 2>/dev/null || true
)"
if [[ -n "$output" ]]; then
printf '%s\n' "$output"
fail "runtime 仍有 188 Ollama 引用"
else
pass "runtime 已無 188 Ollama 引用"
fi
}
check_k8s_env() {
info "檢查 live K8s API Deployment env"
local ns env_output
for ns in awoooi-prod awoooi-dev; do
if ! env_output="$(kubectl -n "$ns" exec deploy/awoooi-api -- sh -lc 'env | sort | grep OLLAMA' 2>/dev/null)"; then
warn "$ns 無法讀取 live env"
continue
fi
printf -- '--- %s ---\n%s\n' "$ns" "$env_output"
if printf '%s\n' "$env_output" | grep -q '192.168.0.188:11434'; then
fail "$ns live env 仍指向 188 Ollama"
else
pass "$ns live env 已避開 188 Ollama"
fi
done
}
check_prometheus_config() {
info "檢查 live Prometheus 是否仍探測 188 Ollama"
local output
if ! output="$(ssh -o BatchMode=yes -o ConnectTimeout=5 "$PROMETHEUS_SSH" \
"docker exec prometheus sh -lc 'grep -R \"192.168.0.188:11434\" /etc/prometheus 2>/dev/null || true'" 2>/dev/null)"; then
warn "無法讀取 Prometheus live config"
return
fi
if [[ -n "$output" ]]; then
printf '%s\n' "$output"
fail "Prometheus live config 仍包含 188 Ollama target"
else
pass "Prometheus live config 已無 188 Ollama target"
fi
}
check_legacy_port_exposure() {
info "檢查 188 Ollama 是否仍對 LAN/gateway 開放"
local listen_output active_state host_line
if ! active_state="$(ssh -o BatchMode=yes -o ConnectTimeout=5 "$LEGACY_SSH" \
"systemctl is-active ollama || true" 2>/dev/null)"; then
warn "無法讀取 188 systemd 狀態"
active_state="unknown"
fi
if [[ "$active_state" != "active" ]]; then
fail "188 ollama.service 不是 active 狀態:$active_state"
else
pass "188 ollama.service active"
fi
if ! host_line="$(ssh -o BatchMode=yes -o ConnectTimeout=5 "$LEGACY_SSH" \
"grep 'OLLAMA_HOST' /etc/systemd/system/ollama.service.d/override.conf || true" 2>/dev/null)"; then
warn "無法讀取 188 OLLAMA_HOST 設定"
host_line=""
fi
printf '%s\n' "$host_line"
if printf '%s\n' "$host_line" | grep -q '0\.0\.0\.0'; then
fail "188 systemd override 仍設定 OLLAMA_HOST=0.0.0.0"
fi
if ! listen_output="$(ssh -o BatchMode=yes -o ConnectTimeout=5 "$LEGACY_SSH" \
"ss -lntp | grep ':11434' || true" 2>/dev/null)"; then
warn "無法讀取 188 listen 狀態"
return
fi
printf '%s\n' "$listen_output"
if printf '%s\n' "$listen_output" | grep -Eq '(\*:11434|0\.0\.0\.0:11434|\[::\]:11434)'; then
fail "188 Ollama 仍綁定 all interfaces可能被 gateway/NAT 打入"
return
fi
if curl -sS --max-time 3 http://192.168.0.188:11434/api/tags >/dev/null 2>&1; then
fail "本機仍可從 LAN 直連 192.168.0.188:11434"
else
pass "LAN 入口已關閉;若需本機使用,應只留 127.0.0.1:11434"
fi
}
check_legacy_inference_posts() {
info "檢查 188 Ollama 最近是否仍有推理 POSTPOST_SINCE=${POST_SINCE}"
local output
if ! output="$(ssh -o BatchMode=yes -o ConnectTimeout=5 "$LEGACY_SSH" \
"journalctl -u ollama --since \"$POST_SINCE\" --no-pager | grep -E 'POST[[:space:]]+\"/(api/(chat|generate)|v1/chat/completions)' || true" 2>/dev/null)"; then
warn "無法讀取 188 ollama journal"
return
fi
if [[ -n "$output" ]]; then
printf '%s\n' "$output" | tail -40
fail "188 Ollama 仍有推理 POST不可解除安裝"
else
pass "觀察窗口內沒有推理 POST"
fi
}
check_dev_health_noise() {
info "檢查 dev health check 是否還在打 188HEALTH_SINCE=${HEALTH_SINCE}"
local output
if ! output="$(ssh -o BatchMode=yes -o ConnectTimeout=5 "$LEGACY_SSH" \
"journalctl -u ollama --since \"$HEALTH_SINCE\" --no-pager | grep '192.168.0.121' || true" 2>/dev/null)"; then
warn "無法讀取 188 ollama journal"
return
fi
if [[ -n "$output" ]]; then
printf '%s\n' "$output" | tail -30
fail "awoooi-dev 或 mon1 仍在對 188 做 health check"
else
pass "近期未看到 mon1/dev 對 188 的 health check"
fi
}
check_repo_runtime_refs
check_k8s_env
check_prometheus_config
check_legacy_port_exposure
check_legacy_inference_posts
check_dev_health_noise
printf '\n結果failures=%s warnings=%s\n' "$failures" "$warnings"
if [[ "$failures" -gt 0 ]]; then
exit 1
fi
exit 0
Reference in New Issue View Git Blame Copy Permalink