feat(infra): migrate MinIO object storage to gateway server
将 MinIO 对象存储从内网服务器(192.168.1.222)迁移至入口网关服务器
(192.168.1.200 / 14.215.128.96),作为独立基础设施部署。
变更内容:
backend/docker-compose.yml
- 移除 minio 和 minio-init 服务(不再随后端栈启动)
- admin-service 的 MINIO_ENDPOINT 改为 192.168.1.200,端口改为 9100
- 移除 admin-service 对 minio 服务的 depends_on 依赖
- 删除 minio_data docker volume 声明
infrastructure/minio/docker-compose.yml(新增)
- MinIO 独立部署配置
- S3 API : 9100(映射容器内 9000)
- Console : 9101(映射容器内 9001)
- 数据持久化到宿主机 /data/minio
infrastructure/minio/deploy.sh(新增)
- 支持 up / down / status / init / logs 命令
- up 时自动创建全部 7 个 bucket:
app-releases, kyc-documents, coupon-images,
issuer-documents, sar-reports, avatars, exports
- coupon-images / avatars 设为匿名可下载
部署说明:
# 在网关服务器上首次部署
cd infrastructure/minio && ./deploy.sh up
# 查看状态
./deploy.sh status
服务器现状:
genex-minio 已在 14.215.128.96 上运行,所有 bucket 已初始化。
admin-service 已重启并指向新地址,文件上传恢复正常。
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
parent
9ed0d7e739
commit
3b60fed078
|
|
@ -89,51 +89,9 @@ services:
|
||||||
networks:
|
networks:
|
||||||
- genex-network
|
- genex-network
|
||||||
|
|
||||||
# MinIO Object Storage (S3-compatible, multi-region replication support)
|
# MinIO has been migrated to the gateway server (192.168.1.200).
|
||||||
minio:
|
# Deployment: infrastructure/minio/deploy.sh
|
||||||
image: minio/minio:latest
|
# API endpoint: 192.168.1.200:9100 Console: 192.168.1.200:9101
|
||||||
container_name: genex-minio
|
|
||||||
environment:
|
|
||||||
MINIO_ROOT_USER: genex-admin
|
|
||||||
MINIO_ROOT_PASSWORD: genex-minio-secret
|
|
||||||
ports:
|
|
||||||
- "127.0.0.1:49000:9000" # S3 API
|
|
||||||
- "127.0.0.1:49001:9001" # Console UI
|
|
||||||
volumes:
|
|
||||||
- minio_data:/data
|
|
||||||
command: server /data --console-address ":9001"
|
|
||||||
healthcheck:
|
|
||||||
test: ["CMD", "mc", "ready", "local"]
|
|
||||||
interval: 10s
|
|
||||||
timeout: 5s
|
|
||||||
retries: 5
|
|
||||||
restart: unless-stopped
|
|
||||||
networks:
|
|
||||||
- genex-network
|
|
||||||
|
|
||||||
# MinIO bucket initialization
|
|
||||||
minio-init:
|
|
||||||
image: minio/mc:latest
|
|
||||||
container_name: genex-minio-init
|
|
||||||
depends_on:
|
|
||||||
minio:
|
|
||||||
condition: service_healthy
|
|
||||||
entrypoint: >
|
|
||||||
/bin/sh -c "
|
|
||||||
mc alias set genex http://minio:9000 genex-admin genex-minio-secret;
|
|
||||||
mc mb --ignore-existing genex/kyc-documents;
|
|
||||||
mc mb --ignore-existing genex/coupon-images;
|
|
||||||
mc mb --ignore-existing genex/issuer-documents;
|
|
||||||
mc mb --ignore-existing genex/sar-reports;
|
|
||||||
mc mb --ignore-existing genex/avatars;
|
|
||||||
mc mb --ignore-existing genex/exports;
|
|
||||||
mc mb --ignore-existing genex/app-releases;
|
|
||||||
mc anonymous set download genex/coupon-images;
|
|
||||||
mc anonymous set download genex/avatars;
|
|
||||||
echo 'MinIO buckets initialized';
|
|
||||||
"
|
|
||||||
networks:
|
|
||||||
- genex-network
|
|
||||||
|
|
||||||
# Debezium Kafka Connect (CDC - Change Data Capture)
|
# Debezium Kafka Connect (CDC - Change Data Capture)
|
||||||
# 版本说明: 必须使用 2.5.1+ (修复 DBZ-7316: searchWalPosition 不推进 confirmed_flush_lsn, 导致 WAL 无限积压)
|
# 版本说明: 必须使用 2.5.1+ (修复 DBZ-7316: searchWalPosition 不推进 confirmed_flush_lsn, 导致 WAL 无限积压)
|
||||||
|
|
@ -395,8 +353,8 @@ services:
|
||||||
- DB_USERNAME=genex
|
- DB_USERNAME=genex
|
||||||
- DB_PASSWORD=${DB_PASSWORD}
|
- DB_PASSWORD=${DB_PASSWORD}
|
||||||
- DB_NAME=genex
|
- DB_NAME=genex
|
||||||
- MINIO_ENDPOINT=minio
|
- MINIO_ENDPOINT=192.168.1.200 # Gateway server — MinIO runs on 192.168.1.200:9100
|
||||||
- MINIO_PORT=9000
|
- MINIO_PORT=9100
|
||||||
- MINIO_ACCESS_KEY=genex-admin
|
- MINIO_ACCESS_KEY=genex-admin
|
||||||
- MINIO_SECRET_KEY=genex-minio-secret
|
- MINIO_SECRET_KEY=genex-minio-secret
|
||||||
- MINIO_BUCKET=app-releases
|
- MINIO_BUCKET=app-releases
|
||||||
|
|
@ -404,8 +362,6 @@ services:
|
||||||
depends_on:
|
depends_on:
|
||||||
postgres:
|
postgres:
|
||||||
condition: service_healthy
|
condition: service_healthy
|
||||||
minio:
|
|
||||||
condition: service_healthy
|
|
||||||
networks:
|
networks:
|
||||||
- genex-network
|
- genex-network
|
||||||
|
|
||||||
|
|
@ -601,7 +557,6 @@ volumes:
|
||||||
postgres_data:
|
postgres_data:
|
||||||
redis_data:
|
redis_data:
|
||||||
kafka_data:
|
kafka_data:
|
||||||
minio_data:
|
|
||||||
|
|
||||||
networks:
|
networks:
|
||||||
genex-network:
|
genex-network:
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,72 @@
|
||||||
|
#!/bin/bash
|
||||||
|
# MinIO deployment script
|
||||||
|
# Target server: gateway server (192.168.1.200 / 14.215.128.96)
|
||||||
|
# API port : 9100 (S3-compatible)
|
||||||
|
# Console : 9101
|
||||||
|
#
|
||||||
|
# Usage: ./deploy.sh [up|down|status|init|logs]
|
||||||
|
|
||||||
|
set -e
|
||||||
|
|
||||||
|
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
||||||
|
|
||||||
|
# All buckets used by backend microservices
|
||||||
|
BUCKETS=(
|
||||||
|
app-releases # admin-service — APK/IPA packages
|
||||||
|
kyc-documents # compliance-service — KYC verification files
|
||||||
|
coupon-images # issuer-service — coupon artwork
|
||||||
|
issuer-documents # issuer-service — prospectus / legal docs
|
||||||
|
sar-reports # compliance-service — SAR export files
|
||||||
|
avatars # user-service — profile pictures
|
||||||
|
exports # clearing-service — finance report exports
|
||||||
|
)
|
||||||
|
|
||||||
|
# Buckets that should be publicly readable (no auth needed for download)
|
||||||
|
PUBLIC_BUCKETS=(coupon-images avatars)
|
||||||
|
|
||||||
|
_init_buckets() {
|
||||||
|
local user="${MINIO_ROOT_USER:-genex-admin}"
|
||||||
|
local pass="${MINIO_ROOT_PASSWORD:-genex-minio-secret}"
|
||||||
|
|
||||||
|
docker exec genex-minio mc alias set local http://localhost:9000 "$user" "$pass"
|
||||||
|
|
||||||
|
for bucket in "${BUCKETS[@]}"; do
|
||||||
|
docker exec genex-minio mc mb --ignore-existing "local/${bucket}"
|
||||||
|
echo " bucket ready: ${bucket}"
|
||||||
|
done
|
||||||
|
|
||||||
|
for bucket in "${PUBLIC_BUCKETS[@]}"; do
|
||||||
|
docker exec genex-minio mc anonymous set download "local/${bucket}"
|
||||||
|
echo " public download enabled: ${bucket}"
|
||||||
|
done
|
||||||
|
}
|
||||||
|
|
||||||
|
case "${1:-up}" in
|
||||||
|
up)
|
||||||
|
docker compose -f "$SCRIPT_DIR/docker-compose.yml" up -d
|
||||||
|
echo "Waiting for MinIO to be ready..."
|
||||||
|
sleep 4
|
||||||
|
_init_buckets
|
||||||
|
echo ""
|
||||||
|
echo "MinIO is running:"
|
||||||
|
echo " S3 API : http://192.168.1.200:9100"
|
||||||
|
echo " Console : http://192.168.1.200:9101"
|
||||||
|
;;
|
||||||
|
down)
|
||||||
|
docker compose -f "$SCRIPT_DIR/docker-compose.yml" down
|
||||||
|
;;
|
||||||
|
status)
|
||||||
|
docker compose -f "$SCRIPT_DIR/docker-compose.yml" ps
|
||||||
|
;;
|
||||||
|
init)
|
||||||
|
# Re-create buckets without restarting the container
|
||||||
|
_init_buckets
|
||||||
|
;;
|
||||||
|
logs)
|
||||||
|
docker compose -f "$SCRIPT_DIR/docker-compose.yml" logs -f
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
echo "Usage: $0 [up|down|status|init|logs]"
|
||||||
|
exit 1
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
@ -0,0 +1,19 @@
|
||||||
|
services:
|
||||||
|
minio:
|
||||||
|
image: minio/minio
|
||||||
|
container_name: genex-minio
|
||||||
|
restart: unless-stopped
|
||||||
|
ports:
|
||||||
|
- "9100:9000" # S3 API
|
||||||
|
- "9101:9001" # Console
|
||||||
|
volumes:
|
||||||
|
- /data/minio:/data
|
||||||
|
environment:
|
||||||
|
MINIO_ROOT_USER: ${MINIO_ROOT_USER:-genex-admin}
|
||||||
|
MINIO_ROOT_PASSWORD: ${MINIO_ROOT_PASSWORD:-genex-minio-secret}
|
||||||
|
command: server /data --console-address ':9001'
|
||||||
|
healthcheck:
|
||||||
|
test: ["CMD", "mc", "ready", "local"]
|
||||||
|
interval: 30s
|
||||||
|
timeout: 10s
|
||||||
|
retries: 3
|
||||||
Loading…
Reference in New Issue