4b24ecd67f
C1: _ssh_execute 直接接收 key_path 參數,不反查 LAYER_SSH_CONFIG
C2: PlaybookService.create() proxy,Router 不再穿透呼叫 _repository
C3: CD Step 1b sed 替換 IMAGE_TAG_PLACEHOLDER,消除失敗中斷風險
M3: repair-bot 110/188 regex 統一 [a-z0-9][a-z0-9-]{0,30},禁止底線
m1: defaultMode 0400 加八進位說明注釋
m2: _ssh_execute 用 deadline 計算剩餘 timeout
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
86 lines
2.3 KiB
Bash
Executable File
86 lines
2.3 KiB
Bash
Executable File
#!/bin/bash
|
||
# scripts/repair-bot/repair-bot-188.sh
|
||
# 修復機器人白名單腳本 — 188 主機 (主服務主機)
|
||
# 2026-04-05 Claude Code: Sprint 3 Host Auto-Repair
|
||
#
|
||
# 安全設計:
|
||
# - SSH authorized_keys 的 command= 指向此腳本
|
||
# - Docker Compose 類: docker compose up -d
|
||
# - Systemd 類: sudo systemctl restart
|
||
#
|
||
# 部署位置: /home/ollama/bin/repair-bot-188.sh (on 192.168.0.188)
|
||
# 使用者: ollama
|
||
|
||
LOG="${HOME}/.repair-bot.log"
|
||
log() { echo "[$(date '+%Y-%m-%d %H:%M:%S')] $*" | tee -a "$LOG"; }
|
||
|
||
# 白名單: component → 修復方式
|
||
declare -A COMPOSE_DIRS=(
|
||
["openclaw"]="/home/ollama/clawbot-v5"
|
||
["minio"]="/home/ollama/minio"
|
||
["signoz"]="/home/ollama/signoz/deploy/docker"
|
||
)
|
||
|
||
declare -A SYSTEMD_SERVICES=(
|
||
["redis"]="redis-server"
|
||
["nginx"]="nginx"
|
||
["ollama"]="ollama"
|
||
)
|
||
|
||
CMD="${SSH_ORIGINAL_COMMAND:-}"
|
||
log "repair-bot-188 invoked: CMD=$CMD"
|
||
|
||
if [[ "$CMD" =~ ^repair:([a-z0-9][a-z0-9-]{0,30})$ ]]; then # M3: 統一 Python 端 regex,禁止底線
|
||
COMPONENT="${BASH_REMATCH[1]}"
|
||
|
||
# Docker Compose 類
|
||
DIR="${COMPOSE_DIRS[$COMPONENT]}"
|
||
if [ -n "$DIR" ]; then
|
||
if [ ! -d "$DIR" ]; then
|
||
log "DENIED: directory not found '$DIR'"
|
||
echo "REPAIR_DENIED:dir_not_found:$DIR"
|
||
exit 1
|
||
fi
|
||
log "EXECUTING: cd $DIR && docker compose up -d"
|
||
cd "$DIR" && docker compose up -d 2>&1 | tail -5
|
||
EXIT_CODE=$?
|
||
if [ $EXIT_CODE -eq 0 ]; then
|
||
log "REPAIR_OK: $COMPONENT"
|
||
echo "REPAIR_OK:$COMPONENT"
|
||
else
|
||
log "REPAIR_FAIL: $COMPONENT (exit $EXIT_CODE)"
|
||
echo "REPAIR_FAIL:$COMPONENT:exit_$EXIT_CODE"
|
||
exit 1
|
||
fi
|
||
exit 0
|
||
fi
|
||
|
||
# Systemd 類
|
||
SVC="${SYSTEMD_SERVICES[$COMPONENT]}"
|
||
if [ -n "$SVC" ]; then
|
||
log "EXECUTING: sudo systemctl restart $SVC"
|
||
sudo systemctl restart "$SVC" 2>&1
|
||
EXIT_CODE=$?
|
||
if [ $EXIT_CODE -eq 0 ]; then
|
||
log "REPAIR_OK: $COMPONENT"
|
||
echo "REPAIR_OK:$COMPONENT"
|
||
else
|
||
log "REPAIR_FAIL: $COMPONENT (exit $EXIT_CODE)"
|
||
echo "REPAIR_FAIL:$COMPONENT:exit_$EXIT_CODE"
|
||
exit 1
|
||
fi
|
||
exit 0
|
||
fi
|
||
|
||
log "DENIED: unknown component '$COMPONENT'"
|
||
echo "REPAIR_DENIED:unknown_component:$COMPONENT"
|
||
exit 1
|
||
|
||
elif [ "$CMD" = "health" ]; then
|
||
echo "REPAIR_BOT_HEALTHY:188"
|
||
else
|
||
log "DENIED: invalid command '$CMD'"
|
||
echo "REPAIR_DENIED:invalid_command"
|
||
exit 1
|
||
fi
|