690420:2332 Refactor QNAP service

2026-04-20 23:32:30 +07:00
parent 2e89761b0f
commit e2753e4eac
13 changed files with 1569 additions and 13 deletions
@@ -0,0 +1,293 @@
+# Quick Start Guide: Infrastructure Operations & Deployment Automation
+
+**Purpose**: Get started with the Infrastructure Operations & Deployment Automation feature  
+**Date**: 2026-04-20  
+**Target Audience**: DevOps Engineers, System Administrators
+
+## Prerequisites
+
+### Hardware Requirements
+- QNAP NAS (192.168.10.8) with Docker support
+- ASUSTOR NAS (192.168.10.9) with Docker support
+- SSH access between NAS devices configured
+- Minimum 100GB storage for backups
+
+### Software Requirements
+- Docker 20.10+
+- Docker Compose 2.0+
+- Bash 5.0+ or PowerShell 7.2+
+- Git client
+- SSH key authentication
+
+### Network Requirements
+- Static IP addresses for both NAS devices
+- Open ports: 22 (SSH), 80/443 (HTTP/HTTPS), 8080 (applications)
+- VPN or secure network connection for remote access
+
+## Initial Setup
+
+### 1. Repository Configuration
+
+```bash
+# Clone the repository
+git clone https://git.np-dms.work/np-dms/lcbp3.git
+cd lcbp3
+
+# Switch to the infrastructure branch
+git checkout 002-infra-ops
+```
+
+### 2. SSH Key Authentication
+
+Ensure SSH keys are configured between QNAP and ASUSTOR:
+
+```bash
+# Test SSH connectivity
+ssh admin@192.168.10.8 "docker --version"
+ssh admin@192.168.10.9 "docker --version"
+```
+
+### 3. Environment Configuration
+
+Copy and configure environment files:
+
+```bash
+# QNAP environments
+cp specs/04-Infrastructure-OPS/04-00-docker-compose/QNAP/app/.env.example \
+   specs/04-Infrastructure-OPS/04-00-docker-compose/QNAP/app/.env
+
+# ASUSTOR environments
+cp specs/04-Infrastructure-OPS/04-00-docker-compose/ASUSTOR/registry/.env.example \
+   specs/04-Infrastructure-OPS/04-00-docker-compose/ASUSTOR/registry/.env
+```
+
+Edit the `.env` files with your specific configurations:
+- Database passwords
+- SSL certificate paths
+- Backup storage locations
+- Monitoring endpoints
+
+## Core Services Deployment
+
+### 1. Database Services (QNAP)
+
+```bash
+# Navigate to QNAP database directory
+cd specs/04-Infrastructure-OPS/04-00-docker-compose/QNAP/mariadb
+
+# Deploy MariaDB with phpMyAdmin
+docker-compose -f docker-compose-lcbp3-db.yml up -d
+
+# Verify deployment
+docker-compose -f docker-compose-lcbp3-db.yml ps
+```
+
+### 2. Application Services (QNAP)
+
+```bash
+# Navigate to QNAP app directory
+cd specs/04-Infrastructure-OPS/04-00-docker-compose/QNAP/app
+
+# Deploy backend, frontend, and ClamAV
+docker-compose -f docker-compose-app.yml up -d
+
+# Verify deployment
+docker-compose -f docker-compose-app.yml ps
+```
+
+### 3. Reverse Proxy (QNAP)
+
+```bash
+# Navigate to Nginx Proxy Manager directory
+cd specs/04-Infrastructure-OPS/04-00-docker-compose/QNAP/npm
+
+# Deploy reverse proxy
+docker-compose -f docker-compose.yml up -d
+
+# Access Nginx Proxy Manager
+# URL: http://192.168.10.8:81
+# Default: admin@example.com / changeme
+```
+
+### 4. Monitoring Stack (ASUSTOR)
+
+```bash
+# Navigate to ASUSTOR monitoring directory
+cd specs/04-Infrastructure-OPS/04-00-docker-compose/ASUSTOR/monitoring
+
+# Deploy Prometheus, Grafana, and supporting services
+docker-compose -f docker-compose.yml up -d
+
+# Verify deployment
+docker-compose -f docker-compose.yml ps
+```
+
+## SSL Certificate Setup
+
+### 1. Initial Certificate Generation
+
+```bash
+# On QNAP, generate Let's Encrypt certificates
+cd specs/04-Infrastructure-OPS/04-00-docker-compose/QNAP/npm
+
+# Run certbot for initial certificate
+docker-compose exec npm certbot --nginx -d your-domain.com
+```
+
+### 2. Automated Renewal
+
+Add to crontab for automatic renewal:
+
+```bash
+# Edit crontab
+crontab -e
+
+# Add renewal task (runs daily at 2 AM)
+0 2 * * * cd /path/to/npm && docker-compose exec npm certbot renew
+```
+
+## Backup Configuration
+
+### 1. Initial Backup Setup
+
+```bash
+# Navigate to backup scripts directory
+cd specs/04-Infrastructure-OPS/04-02-backup-recovery
+
+# Configure backup destinations
+cp backup-config.example.yml backup-config.yml
+
+# Edit backup-config.yml with your storage locations
+nano backup-config.yml
+```
+
+### 2. Automated Backup Schedule
+
+```bash
+# Add backup cron job (runs daily at 1 AM)
+0 1 * * * /path/to/backup-scripts/daily-backup.sh
+
+# Add backup validation (runs weekly on Sunday at 3 AM)
+0 3 * * 0 /path/to/backup-scripts/validate-backups.sh
+```
+
+## Monitoring Configuration
+
+### 1. Grafana Dashboard Access
+
+1. Access Grafana: `http://192.168.10.9:3000`
+2. Default credentials: `admin / admin` (change on first login)
+3. Import dashboards from `specs/04-Infrastructure-OPS/04-03-monitoring/dashboards/`
+
+### 2. Alert Configuration
+
+1. Access AlertManager: `http://192.168.10.9:9093`
+2. Configure notification channels (email, Slack, etc.)
+3. Test alert rules to ensure notifications work
+
+## Blue-Green Deployment
+
+### 1. Environment Setup
+
+```bash
+# Create blue environment (current production)
+cd specs/04-Infrastructure-OPS/04-00-docker-compose/QNAP/app
+docker-compose -f docker-compose-app.yml -p app-blue up -d
+
+# Create green environment (new version)
+docker-compose -f docker-compose-app.yml -p app-green up -d
+```
+
+### 2. Traffic Switching
+
+```bash
+# Switch traffic to green environment
+# Update Nginx Proxy Manager upstream configuration
+# Point to green environment containers
+# Test green environment functionality
+```
+
+### 3. Rollback Procedure
+
+```bash
+# If issues detected, rollback to blue
+# Update Nginx Proxy Manager upstream configuration
+# Point back to blue environment containers
+# Stop green environment containers
+```
+
+## Security Hardening
+
+### 1. Container Security Scan
+
+```bash
+# Install Trivy
+curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin
+
+# Scan all running containers
+trivy image --severity HIGH,CRITICAL $(docker ps --format "table {{.Image}}" | tail -n +2)
+```
+
+### 2. Security Policy Validation
+
+```bash
+# Run security validation script
+cd specs/04-Infrastructure-OPS/04-06-security-operations
+./validate-security-policies.sh
+```
+
+## Troubleshooting
+
+### Common Issues
+
+1. **Container won't start**
+   ```bash
+   # Check logs
+   docker-compose logs [service-name]
+   
+   # Check resource usage
+   docker stats
+   ```
+
+2. **Backup failures**
+   ```bash
+   # Check backup logs
+   tail -f /var/log/backup.log
+   
+   # Test connectivity to backup storage
+   ping backup-storage-host
+   ```
+
+3. **Monitoring alerts not working**
+   ```bash
+   # Check Prometheus targets
+   curl http://192.168.10.9:9090/api/v1/targets
+   
+   # Test AlertManager
+   curl http://192.168.10.9:9093/api/v1/alerts
+   ```
+
+### Health Checks
+
+```bash
+# Check all services health
+curl -f http://192.168.10.8:3000/health || echo "Backend unhealthy"
+curl -f http://192.168.10.8/health || echo "Frontend unhealthy"
+curl -f http://192.168.10.9:9090/-/healthy || echo "Prometheus unhealthy"
+```
+
+## Next Steps
+
+1. **Configure automated monitoring alerts** for your specific thresholds
+2. **Set up backup retention policies** based on your compliance requirements
+3. **Implement disaster recovery testing** on a regular schedule
+4. **Configure log aggregation** for centralized monitoring
+5. **Set up automated security scanning** in your CI/CD pipeline
+
+## Support
+
+For issues and questions:
+- Check the troubleshooting section above
+- Review logs in `/var/log/` directories
+- Consult the full documentation in `specs/04-Infrastructure-OPS/`
+- Contact the infrastructure team for escalated issues