7.3 KiB
IwoooS Docker / systemd / 主機服務配置只讀清冊
| 項目 | 內容 |
|---|---|
| 日期 | 2026-06-11 |
| 狀態 | repo_only_inventory_ready |
| 工具 | scripts/security/host-service-config-inventory.py |
| Snapshot | docs/security/host-service-config-inventory.snapshot.json |
| Schema | docs/schemas/host_service_config_inventory_v1.schema.json |
| runtime gate | 0 |
1. 目的
此清冊補齊高價值配置覆蓋矩陣中最低覆蓋的 docker_compose_systemd_host_config。本階段只從已提交 repo 檔案整理 Docker Compose、systemd / repair bot 白名單、Ansible service role 與 config backup coverage,不讀 live host,也不執行任何服務操作。
此清冊不是 host truth,也不是重啟批准;它只讓 P1-1 從「尚需 inventory」推進到「repo-only inventory ready」。
2026-06-14 已新增 docs/security/HOST-SERVICE-OWNER-REQUEST-DRAFT.md 與 docs/security/host-service-owner-request-draft.snapshot.json,將 9 個 surface 轉成 owner request draft。固定 request_draft_count=9、write_capable_request_draft_count=3、live_evidence_required_request_count=8、required_owner_field_count=12、blocked_action_count=14、request_sent_count=0、owner_response_received_count=0、runtime_gate_count=0。
此 artifact 只表示 owner request 的 required shape,不代表 request sent、recipient confirmed、owner response received / accepted、live host read、Docker Compose action、systemctl action、repair-bot execution、Ansible apply、secret collection、host write、production write 或 runtime gate。
2026-06-14 再新增 docs/security/HOST-SERVICE-OWNER-RESPONSE-ACCEPTANCE.md 與 docs/security/host-service-owner-response-acceptance.snapshot.json,將 9 份 request draft 轉成 owner response acceptance 只讀帳本。固定 acceptance_candidate_count=9、write_capable_acceptance_candidate_count=3、live_evidence_required_candidate_count=8、required_owner_field_count=12、reviewer_check_count=14、outcome_lane_count=7、blocked_action_count=20、owner_response_received_count=0、owner_response_accepted_count=0、runtime_gate_count=0。
此 artifact 只表示未來 owner 回覆可被收件、補件、隔離、拒收或進 reviewer review,不代表 live host read、SSH、Docker Compose、systemctl、repair-bot、Ansible、sudo、host write、production write 或 runtime gate。
2. 覆蓋摘要
| 指標 | 目前值 | 說明 |
|---|---|---|
| repo surface | 9 |
全部來源檔案存在 |
| host scope | 5 |
local_dev_only、192.168.0.110、192.168.0.188、110_188_120_121_cluster、multi_host |
| Docker Compose / reference | 5 |
local dev、110 monitoring、188 exporters、110 Sentry reference、110 Langfuse |
| host repair whitelist | 2 |
110 / 188 repair-bot |
| systemd restart surface | 1 |
188 repair-bot 內的 redis / nginx / ollama restart 白名單 |
| write-capable surface | 3 |
Ansible docker compose role、110 repair-bot、188 repair-bot |
| owner response required | 9 |
每個 surface 都需要 owner response |
| live evidence required | 8 |
local dev compose 之外仍需 owner-provided live hash / disposition |
| owner response received / accepted | 0 / 0 |
不得假性提高 |
| live evidence received | 0 |
不 SSH、不讀 live host |
| restart window / rollback owner accepted | 0 / 0 |
不得重啟 |
| runtime gate / action button | 0 / 0 |
不提供操作入口 |
| Docker/systemd 類別成熟度 | 42% -> 50% |
只代表 repo-only 清冊完成,不代表 runtime 可執行 |
3. 已納入 surface
| Surface | Host scope | 類型 | 下一步 |
|---|---|---|---|
local_dev_compose |
local_dev_only |
local dev compose | 確認不得作 production compose,補 dev secret placeholder policy |
monitoring_110_compose |
192.168.0.110 |
Docker Compose | 補 live compose hash、restart window、rollback owner、post-check 指標 |
monitoring_exporters_188_compose |
192.168.0.188 |
Docker Compose | 補 live compose hash、env source policy、restart window、rollback owner |
sentry_110_reference_compose |
192.168.0.110 |
reference compose | 確認實際 source-of-truth、official revision、backup path、rollback owner |
langfuse_110_compose |
192.168.0.110 |
Docker Compose | 補 live compose hash、secret placeholder disposition、restart window、rollback owner |
ansible_docker_compose_service_role |
multi_host |
Ansible executor role | 補使用範圍、allowed service_dir、check-mode、rollback owner、人工 gate |
repair_bot_110_whitelist |
192.168.0.110 |
repair whitelist | 補 authorized_keys binding、disable switch、audit log path、rollback owner、post-check |
repair_bot_188_whitelist |
192.168.0.188 |
repair whitelist | 補 systemd restart approval gate、sudoers boundary、disable switch、rollback owner、route smoke |
config_backup_host_capture |
110_188_120_121_cluster |
config backup capture | 補 latest backup status、restore drill owner、secret handling proof、retention owner |
4. 固定 0 / false 邊界
以下旗標必須維持 false:
runtime_execution_authorized=false
host_write_authorized=false
ssh_read_authorized=false
ssh_write_authorized=false
docker_compose_action_authorized=false
systemctl_action_authorized=false
service_restart_authorized=false
sudo_action_authorized=false
live_host_read_authorized=false
secret_value_collection_allowed=false
active_scan_authorized=false
repair_bot_execution_authorized=false
ansible_apply_authorized=false
action_buttons_allowed=false
5. 判讀規則
source_exists=true只代表 repo 內有檔案,不代表 live host 與 repo 一致。sha256是 repo file hash,不是 live file hash。- repair-bot 與 Ansible role 可見代表「需被管控」,不是可使用。
docker compose up -d、systemctl restart、sudo、repair-bot、Ansible apply 都必須等待 owner response、maintenance window、rollback owner 與 post-check 指標。- 此清冊不得收集 secret value;若需要 secret parity,只能收 secret name / owner / injection metadata。
6. 指令
python3 scripts/security/host-service-config-inventory.py \
--root . \
--output docs/security/host-service-config-inventory.snapshot.json
固定 committed snapshot 時間:
python3 scripts/security/host-service-config-inventory.py \
--root . \
--generated-at 2026-06-11T22:40:00+08:00 \
--output docs/security/host-service-config-inventory.snapshot.json
7. 完成度
| 工作 | 完成度 | 說明 |
|---|---|---|
| repo-only surface 註冊 | 100% |
9 個 surface 全部納入 snapshot |
| source existence / hash | 100% |
只讀 SHA256 與 line count 已固定 |
| owner response 收件 | 0% |
尚未收到或接受任何 owner response |
| live evidence collection | 0% |
未 SSH、未讀 live host、未 active scan |
| restart / apply gate | 0% |
未開啟 docker compose / systemctl / Ansible / repair-bot 操作 |
| owner request draft | 100% |
已新增 9 份 request draft、snapshot、文件與 guard;request sent / received / accepted 仍為 0 |
| owner response acceptance | 100% |
已新增 9 份 acceptance candidate、snapshot、文件與 guard;owner response received / accepted、live host read、restart / apply gate 仍為 0 |