# supervisor-ops-Jenkins **Repository Path**: Triyaotu/supervisor-ops-Jenkins ## Basic Information - **Project Name**: supervisor-ops-Jenkins - **Description**: No description available - **Primary Language**: Unknown - **License**: Apache-2.0 - **Default Branch**: master - **Homepage**: None - **GVP Project**: No ## Statistics - **Stars**: 0 - **Forks**: 0 - **Created**: 2026-03-31 - **Last Updated**: 2026-03-31 ## Categories & Tags **Categories**: Uncategorized **Tags**: None ## README # 从零部署流程(/data/ops-status) ## 一、目标 - Jenkins 服务器作为采集与展示节点 - 两台生产服务器只提供只读状态查询 - 只显示 Supervisor 中 RUNNING 的服务与 uptime 目标生产机: - 生产服务器IP1 - 生产服务器IP2 --- ## 二、在两台生产机上执行 ### 1. 创建只读账号 ```bash useradd -m -s /bin/bash svc_supervisor_view mkdir -p /home/svc_supervisor_view/.ssh chmod 700 /home/svc_supervisor_view/.ssh chown -R svc_supervisor_view:svc_supervisor_view /home/svc_supervisor_view/.ssh ``` ### 2. 创建只读脚本 ```bash cat >/usr/local/bin/supervisor_status_readonly.sh <<'EOF' #!/bin/sh set -eu exec sudo /usr/bin/supervisorctl status EOF chmod 755 /usr/local/bin/supervisor_status_readonly.sh ``` ### 3. 限制 sudo 只允许查询状态 ```bash cat >/etc/sudoers.d/svc_supervisor_view <<'EOF' svc_supervisor_view ALL=(root) NOPASSWD: /usr/bin/supervisorctl status EOF chmod 440 /etc/sudoers.d/svc_supervisor_view visudo -cf /etc/sudoers.d/svc_supervisor_view ``` ### 4. 导入 Jenkins 机公钥并强制固定命令 把 Jenkins 机上的 `/data/ops-status/.ssh/id_ed25519.pub` 内容,写入两台生产机: ```bash cat >>/home/svc_supervisor_view/.ssh/authorized_keys <<'EOF' from="Jenkins服务器IP",no-agent-forwarding,no-port-forwarding,no-X11-forwarding,no-pty,no-user-rc,command="/usr/local/bin/supervisor_status_readonly.sh" ssh-ed25519 替换成你的公钥 EOF chmod 600 /home/svc_supervisor_view/.ssh/authorized_keys chown svc_supervisor_view:svc_supervisor_view /home/svc_supervisor_view/.ssh/authorized_keys ``` ### 5. 本机验证 ```bash sudo -u svc_supervisor_view /usr/local/bin/supervisor_status_readonly.sh ``` --- ## 三、在 Jenkins 服务器上执行 ### 1. 创建目录 ```bash mkdir -p /data/ops-status/web mkdir -p /data/ops-status/.ssh chmod 700 /data/ops-status/.ssh ``` ### 2. 生成 SSH 密钥 ```bash ssh-keygen -t ed25519 -f /data/ops-status/.ssh/id_ed25519 -N '' chmod 600 /data/ops-status/.ssh/id_ed25519 chmod 644 /data/ops-status/.ssh/id_ed25519.pub ``` ### 3. 收集主机指纹 ```bash touch /data/ops-status/.ssh/known_hosts ssh-keyscan -H 生产服务器IP1 >> /data/ops-status/.ssh/known_hosts ssh-keyscan -H 生产服务器IP2 >> /data/ops-status/.ssh/known_hosts chmod 600 /data/ops-status/.ssh/known_hosts ``` ### 4. 放置文件 把本目录里的文件放到: - `/data/ops-status/app.py` - `/data/ops-status/inventory.yml` - `/data/ops-status/web/index.html` - `/data/ops-status/web/widget.js` ### 5. 安装 Python 依赖 ```bash python3 -m venv /data/ops-status/.venv source /data/ops-status/.venv/bin/activate pip install -U pip pip install -r /data/ops-status/requirements.txt ``` ### 6. 本机验证 SSH ```bash ssh -i /data/ops-status/.ssh/id_ed25519 svc_supervisor_view@生产服务器IP1 ssh -i /data/ops-status/.ssh/id_ed25519 svc_supervisor_view@生产服务器IP2 ``` 预期:不会给你 shell,而是直接输出 `supervisorctl status` 结果后退出。 ### 7. 启动后端 开发测试: ```bash cd /data/ops-status source .venv/bin/activate python app.py ``` 生产托管: ```bash cp /data/ops-status/ops-status.service /etc/systemd/system/ops-status.service systemctl daemon-reload systemctl enable --now ops-status systemctl status ops-status ``` ### 8. 验证接口 ```bash curl http://127.0.0.1:18081/health curl http://127.0.0.1:18081/api/status ``` --- ## 四、Nginx ```bash cp /data/ops-status/ops-widget.conf /etc/nginx/conf.d/ops-widget.conf nginx -t systemctl reload nginx ``` 验证: ```bash curl http://127.0.0.1:8081/ops-api/health curl http://127.0.0.1:8081/ops-api/status curl -I http://127.0.0.1:8081/ops-widget/index.html curl -I http://127.0.0.1:8081/ ``` 浏览器访问: `http://Jenkins服务器IP:8081/` --- ## 五、上线后检查点 - 页面右下角有“状态”按钮 - 点击后弹出面板 - 仅显示 RUNNING 服务 - 每台主机下显示服务名与 uptime - 生产机上 `svc_supervisor_view` 不能登录交互 shell ---