From 8e7b87cbd2c1c33f041d2dfa0ecf9a1bca657186 Mon Sep 17 00:00:00 2001 From: pmc <740076875@qq.com> Date: Mon, 18 May 2026 14:11:19 +0800 Subject: [PATCH] =?UTF-8?q?ci(deploy):=20k3s=20=E9=83=A8=E7=BD=B2=E5=90=8C?= =?UTF-8?q?=E6=AD=A5=E5=88=87=E6=8D=A2=20Redis=20=E8=87=B3=E7=81=AB?= =?UTF-8?q?=E5=B1=B1=E5=AE=9E=E4=BE=8B=20(dev=20+=20prod)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - deploy.yaml prod/dev 两段 REDIS_LOCATION 改为火山完整 URL,新增 REDIS_PASSWORD env - 新增一行 sed 替换 k8s/backend-deployment-prod.yaml 中的 REDIS_PASSWORD 占位 vAhRnAA6VMco - sed 源串保持不变以匹配 k8s yaml 模板里的占位 - 详见 qy_lty/docs/修改记录.md 2026-05-18 第二条 Co-Authored-By: Claude Opus 4.7 --- .gitea/workflows/deploy.yaml | 7 +++++-- qy_lty/docs/修改记录.md | 23 +++++++++++++++++++++++ 2 files changed, 28 insertions(+), 2 deletions(-) diff --git a/.gitea/workflows/deploy.yaml b/.gitea/workflows/deploy.yaml index 1292196..123eb03 100644 --- a/.gitea/workflows/deploy.yaml +++ b/.gitea/workflows/deploy.yaml @@ -30,7 +30,8 @@ jobs: echo "DOMAIN_API=qy-lty.airlabs.art" >> $GITHUB_ENV echo "DOMAIN_ADMIN=qy-lty-admin.airlabs.art" >> $GITHUB_ENV echo "DB_HOST=pgm-7xv4811oj11j86htzo.pg.rds.aliyuncs.com" >> $GITHUB_ENV - echo "REDIS_LOCATION=redis://r-7xvat0vez5clwbzk5vpd.redis.rds.aliyuncs.com:6379/0" >> $GITHUB_ENV + echo "REDIS_LOCATION=redis://zyc:Zyc188208@redis-shzlsczo52dft8mia.redis.volces.com:6379/3" >> $GITHUB_ENV + echo "REDIS_PASSWORD=Zyc188208" >> $GITHUB_ENV elif [[ "${{ github.ref_name }}" == "dev" ]]; then echo "IMAGE_TAG=dev-${BUILD_DATE}-${SHORT_SHA}" >> $GITHUB_ENV echo "CR_SERVER_ACTIVE=${{ secrets.CR_SERVER }}" >> $GITHUB_ENV @@ -41,7 +42,8 @@ jobs: echo "DOMAIN_API=qy-lty.test.airlabs.art" >> $GITHUB_ENV echo "DOMAIN_ADMIN=qy-lty-admin.test.airlabs.art" >> $GITHUB_ENV echo "DB_HOST=pgm-7xv4811oj11j86htzo.pg.rds.aliyuncs.com" >> $GITHUB_ENV - echo "REDIS_LOCATION=redis://r-7xvat0vez5clwbzk5vpd.redis.rds.aliyuncs.com:6379/0" >> $GITHUB_ENV + echo "REDIS_LOCATION=redis://zyc:Zyc188208@redis-shzlsczo52dft8mia.redis.volces.com:6379/3" >> $GITHUB_ENV + echo "REDIS_PASSWORD=Zyc188208" >> $GITHUB_ENV fi - name: Login to Container Registry @@ -127,6 +129,7 @@ jobs: # Replace Redis by environment sed -i "s|redis://r-7xvat0vez5clwbzk5vpd.redis.rds.aliyuncs.com:6379/0|${{ env.REDIS_LOCATION }}|g" k8s/backend-deployment-prod.yaml + sed -i "s|vAhRnAA6VMco|${{ env.REDIS_PASSWORD }}|g" k8s/backend-deployment-prod.yaml # All kubectl operations with retry for attempt in 1 2 3; do diff --git a/qy_lty/docs/修改记录.md b/qy_lty/docs/修改记录.md index 93518df..05ce1c0 100644 --- a/qy_lty/docs/修改记录.md +++ b/qy_lty/docs/修改记录.md @@ -23,6 +23,29 @@ +### [2026-05-18] CI/CD deploy.yaml Redis 同步切换为火山实例 + +承接同日上一条 [.env / settings.py Redis 切换](#2026-05-18-redis-切换为火山引擎实例--修复-channel_layers-不支持-acl-username) 完成线下 dev 环境后,需要让 CI 部署到 k3s 时也用同一套火山 Redis,否则 dev/prod 部署到线上后仍连旧阿里云实例(10054)。 + +- **文件路径**: + - `.gitea/workflows/deploy.yaml`(**修改** — 三处) +- **修改类型**: 配置切换 +- **修改内容**: + 1. 第 33 行(prod / main+master):REDIS_LOCATION 改为火山完整 URL,并**新增** `REDIS_PASSWORD=Zyc188208` 环境变量 + 2. 第 44 行(dev):同上 + 3. 第 129 行后**新增** 一行 sed:`sed -i "s|vAhRnAA6VMco|${{ env.REDIS_PASSWORD }}|g" k8s/backend-deployment-prod.yaml` +- **修改原因**: + - 原 deploy.yaml 只用 sed 替换了 `REDIS_LOCATION` 占位,没有替换 `REDIS_PASSWORD` 占位 —— 即便改 LOCATION 也会让 Django CACHES OPTIONS.PASSWORD 仍用阿里云旧密码 `vAhRnAA6VMco`,与火山实例密码 `Zyc188208` 不一致 + - prod 阿里云 Redis 已不可用,dev/prod 部署目标统一为火山实例(用户决定) +- **特别说明**: + - sed 源串 `redis://r-7xvat0vez5clwbzk5vpd...` 与 `vAhRnAA6VMco` 是 k8s/backend-deployment-prod.yaml 模板里的字面占位值,**保持不变**才能被 sed 匹配 + - 本次火山 Redis URL + 密码进入 deploy.yaml,进而进入 git 历史。已与用户确认接受此风险;要彻底走 secrets 注入需后续 rotate 密钥并改造 CI 变量管理 +- **验证**: + - 本地 daphne 已确认 `Cache Status: OK`(见上一条) + - 部署后线上验证项:pod 启动日志的 `Cache Status: OK` + `/api/v1/admin/login/` 不再 500 + +--- + ### [2026-05-18] Redis 切换为火山引擎实例 + 修复 CHANNEL_LAYERS 不支持 ACL username 原阿里云 Redis 实例(`r-7xvat0vez5clwbzk5vpd.redis.rds.aliyuncs.com:6379`)连接被远端 RST(10054),导致 `/api/v1/admin/login/` 等所有依赖 token / 缓存的接口报 `ConnectionError`。改用火山引擎 Redis 实例(`redis-shzlsczo52dft8mia.redis.volces.com:6379/3`,用户 `zyc`)。