Files
geo/deploy/OFFLINE_PACKAGE.md
T
root 98f73c5bea feat(objectstorage): add Aliyun OSS support and auto-detect provider in deploy workflows
Introduces Aliyun OSS as an alternative to MinIO; deploy scripts and CI
workflows now read object_storage.provider from config and conditionally
include or skip MinIO resources in both Docker Compose and k3s paths.
Also adds ops scheduler domain and its migration tables.

Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
2026-05-20 10:25:02 +08:00

60 lines
2.0 KiB
Markdown

# geo-rankly offline package
This directory is self-contained. It deploys containers, not host binaries.
On a Docker host with Docker Compose v2:
```bash
bash deploy.sh compose
```
`compose` is the default, so this is equivalent:
```bash
bash deploy.sh
```
`deploy.sh compose` loads `images.tar`, creates `.env` from `.env.example` when missing, and starts the stack with:
```bash
docker compose -f docker-compose.yaml -f docker-compose.offline.yaml --env-file .env up -d
```
Object storage is selected from `config.yaml` / `config.yml`, with `config.local.yaml` / `config.local.yml` as an override:
- `object_storage.provider: minio` or `mino` deploys MinIO and `minio-init`
- `object_storage.provider: aliyun`, `aliyun_oss`, `aliyun-oss`, or `oss` skips MinIO and uses the Aliyun OSS config from the same config files
Runtime services connect to Postgres through PgBouncer in `session` pooling mode. The one-shot `migrate` job still connects directly to `postgres` and `monitoring-postgres` so DDL and seed work do not go through the pooler.
On a k3s host:
```bash
bash deploy.sh k3s
```
This imports `images.tar` into k3s containerd and applies `k3s/` with Kustomize.
Default ports are NAS-friendly:
- tenant web: `18080`
- tenant API: `18081`
- ops web: `18082`
- ops API: `18090`
- RabbitMQ management: `15673`
- MinIO console: `19001`
Edit `.env` before rerunning `bash deploy.sh` if you need real API keys, stronger secrets, or different ports.
For multi-container / multi-Pod login password encryption, put the same RSA private key in every replica's config override:
- tenant API: copy `config.local.yaml.example` to `config.local.yaml`, then fill `auth.password_cipher.private_key_pem`
- ops API: copy `ops-config.local.yaml.example` to `ops-config.local.yaml`, then fill `auth.password_cipher.private_key_pem`
Generate keys with:
```bash
openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out login-password-rsa.pem
openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out ops-login-password-rsa.pem
```