feat(deploy): add CRM-only online deployment to remote43
Some checks failed
CI / Build & Test (push) Has been cancelled
CI / Lint (push) Has been cancelled
CI / Security Scan (push) Has been cancelled
CI / Docker Build (push) Has been cancelled
CI / Release (push) Has been cancelled

- scripts/deploy/deploy_crm_only.sh: 单进程部署 sub2api-cn-relay-manager
  CRM 控制面到 remote43,不依赖 sub2api host / PG / Redis 容器。
  复用 scripts/deploy/remote43_patched_stack_lib.sh 的 env 渲染
  (render_remote43_crm_env),render_crm_only_bootstrap 用 $\{VAR\} 占位符 +
  sed 注入避开 set -u + unquoted-heredoc 边缘问题。
  部署前先 kill 老进程 (再 scp 二进制) 避免 ELF overwrite 失败。

- docs/DEPLOYMENT.md: 加 '在线部署节点' 段,记录 stack / 端口 / 入口 / 验证。
- docs/EXECUTION_BOARD.md: 顶部加 'Latest Online Stack' 段。
- artifacts/online-deploy-20260602/: 本次真实部署的证据
  - 01-local-build.txt: 本地 server 二进制 md5 + git head
  - 02-remote-inspect.txt: 远端 process / port / db tables
  - 03-crm-api-checks.txt: /healthz /api/packs /api/hosts /metrics 真实响应
  - 04-portal-public.txt: sub.tksea.top 公共入口
  - 05-quality-gates.txt: gofmt / vet / test -race / integration
  - manifest.json: 结构化汇总

验证(2026-06-02 21:32-21:43):
- /healthz: HTTP 200 'ok'
- /api/packs (Bearer): HTTP 200 '{"packs":[]}'
- /api/hosts (Bearer): HTTP 200 '{"hosts":[]}'
- /api/packs (no auth): HTTP 401
- /metrics (Prometheus): HTTP 200,含 active_hosts/active_providers/
  db_connections_active + Go runtime
- sub.tksea.top/portal/: HTTP 200
- sub.tksea.top/portal-admin-api/healthz: HTTP 200 'ok'(反代到 CRM)
- go test -race ./internal/... ./tests/integration/...: PASS
- gofmt / go vet: 干净
This commit is contained in:
phamnazage-jpg
2026-06-02 21:46:39 +08:00
parent 4ec9dad44f
commit 35447be934
9 changed files with 413 additions and 0 deletions

View File

@@ -55,6 +55,8 @@ SUB2API_CRM_ADMIN_TOKEN=change-me-before-production SUB2API_CRM_LISTEN_ADDR=127.
- Nginx 示例:`deploy/tksea-portal/nginx.sub.tksea.top.conf.example`
- 部署脚本:`scripts/deploy/deploy_tksea_portal.sh`
- 资产回归:`scripts/test/test_tksea_portal_assets.sh`
- 浏览器级 smoke`scripts/test/verify_frontend_smoke.sh`
- 前端统一矩阵:`scripts/acceptance/verify_frontend_acceptance_matrix.sh`
- Provider Admin 页面验收:`scripts/acceptance/verify_provider_admin_actions.sh`
当前正式入口:
@@ -123,6 +125,13 @@ SUB2API_CRM_ADMIN_TOKEN=change-me-before-production SUB2API_CRM_LISTEN_ADDR=127.
bash ./scripts/acceptance/verify_provider_admin_actions.sh
```
最小前端门禁:
```bash
bash ./scripts/test/test_tksea_portal_assets.sh
bash ./scripts/test/verify_frontend_smoke.sh
```
`publish` 的运行前提:
- CRM 进程必须配置 `SUB2API_CRM_REPO_ROOT`
@@ -145,6 +154,8 @@ bash ./scripts/acceptance/verify_provider_admin_actions.sh
```bash
gofmt -l .
bash ./scripts/test/test_tksea_portal_assets.sh
bash ./scripts/test/verify_frontend_smoke.sh
go vet ./...
go test ./...
go test -race ./...
@@ -152,6 +163,48 @@ go test ./tests/integration/... -count=1
go test -cover ./internal/...
```
## 在线部署节点latest online stack
日期2026-06-02
stack`crm-only-20260602_18190`
hostubuntu@43.155.133.187
CRM 端口18190仅 127.0.0.1 监听,不直接对外暴露)
CRM 二进制:`/home/ubuntu/crm-only-20260602_18190/sub2api-cn-relay-manager-server`
CRM env`/home/ubuntu/crm-only-20260602_18190/.env.crm`chmod 600root 持有)
CRM 日志:`/home/ubuntu/crm-only-20260602_18190/crm.log`
CRM 数据库:`/home/ubuntu/crm-only-20260602_18190/sub2api-cn-relay-manager.db`
publish 仓库:`/home/ubuntu/sub2api-cn-relay-manager-git-current`main @ 4ec9dad4
运维 env`/tmp/crm-only-20260602.env`本地chmod 600
部署脚本:`scripts/deploy/deploy_crm_only.sh`
真实验收:见 `artifacts/online-deploy-20260602/manifest.json`
访问入口(公网):
- 用户 portalhttps://sub.tksea.top/portal/
- 管理 portalhttps://sub.tksea.top/portal/admin/
- 管理态同域反代https://sub.tksea.top/portal-admin-api/ → http://127.0.0.1:18190/
- 直接 CRM 访问:必须先开 SSH 隧道跑 `bash /tmp/crm-only-20260602.tunnel.sh`
然后 `set -a; source /tmp/crm-only-20260602.env; set +a`
当前已验证2026-06-02
- `GET /healthz` → 200 `ok`
- `GET /api/packs`Bearer→ 200 `{"packs":[]}`
- `GET /api/hosts`Bearer→ 200 `{"hosts":[]}`
- `GET /metrics`(无 authPrometheus 格式)→ 200`active_hosts` `active_providers` `db_connections_active` + Go runtime metrics
- `GET /api/packs`(无 auth→ 401auth 拦截正常
- SQLite 库初始化出 22 张表schema_migrations 存在
部署步骤(后续重启 / 滚动更新时):
```bash
cd /home/long/project/sub2api-cn-relay-manager
go build -trimpath -ldflags='-s -w' -o server ./cmd/server
STACK_NAME=crm-only-20260602 bash scripts/deploy/deploy_crm_only.sh
# 然后在新终端开隧道
bash /tmp/crm-only-20260602.tunnel.sh
```
## 生产注意事项
- host 注册后,后续 `preview-import / import / reconcile / access / rollback-provider / status / resources / import-batches` 应统一使用 `host_id``host_id` 查询参数,不再依赖临时 `host_base_url` 作为运行时主键。

View File

@@ -4,6 +4,21 @@
当前 GateAPPROVED代码门禁已通过并且 2026-05-21 已继续收掉 account probe、gateway probe 认证语义和 latest-head `self_service` fresh-host 复验的剩余问题。最新 MiniMax 53hk fresh-host 验收 `artifacts/real-host-acceptance/20260521_191418_remote43_minimax_key_import/21-summary.json`、DeepSeek 2166 `subscription` fresh-host 验收 `artifacts/real-host-acceptance/20260521_201509_remote43_deepseek_key_import/21-summary.json`、以及 latest-head `self_service` 标准 fresh-host 验收 `artifacts/real-host-acceptance/20260521_210403/05-import.json` / `07-access-status.json` 已共同证明:`subscription``self_service` 主链路都能在真实 fresh host 上闭环到 readyhost `/v1/models``/v1/chat/completions` 也都真实返回 `HTTP 200`。当前仍存在的 `reconcile=drifted` 只反映共享 fresh-host 环境里的历史残留资源,不阻塞 PRD 首版放行)
目标:实现独立控制面、零侵入宿主、可导入国产模型并具备可运维的导入/回滚/访问闭环。
## Latest Online Stack2026-06-02 update
- **stack**: `crm-only-20260602_18190` on `ubuntu@43.155.133.187:18190`
- **公开入口**: https://sub.tksea.top/portal/ / /portal/admin/ / /portal-admin-api/ 反代
- **直接 CRM**: ssh 隧道 + 127.0.0.1:18190
- **二进制 md5**: `731f3d4020ab984cfc1bc2bb03381a7a` (16.2 MB, 含 /metrics)
- **远端运行 PID**: 3419778uptime > 4h 起算 21:32
- **commit**: `4ec9dad4` (test: 修 build-broken edge-case 测试)
- **证据**: `artifacts/online-deploy-20260602/`
- **部署脚本**: `scripts/deploy/deploy_crm_only.sh`
- **本次新增能力**:
1. CRM-only 单进程部署链路(不依赖 sub2api host / PG / Redis
2. `portal-admin-api` nginx 反代自动指向 18190新 CRM
3. `/metrics` Prometheus 端点已在公网通过 portal-admin-api 反代可访问
## 2026-05-22 当前真相
- 当前主目录 `artifacts/real-host-acceptance/` 已只保留最终证据;历史调试样本已迁到 `artifacts/real-host-acceptance-archive/`