diff --git a/deploy/one-click/README.md b/deploy/one-click/README.md index 23b08609c..b0c3ec954 100644 --- a/deploy/one-click/README.md +++ b/deploy/one-click/README.md @@ -146,7 +146,7 @@ cp env.example .env sudo ./install.sh ``` -The default installation path is `/usr/local/services/cubetoolbox`. +The one-click installation path is fixed at `/usr/local/services/cubetoolbox`. New one-click installations are managed by systemd only: @@ -284,7 +284,7 @@ Other common parameters: CUBE_PROXY_HTTPS_PORT=443 CUBE_PROXY_HTTP_PORT=80 # Deprecated: CUBE_PROXY_HOST_PORT is ignored; configure CUBE_PROXY_HTTP_PORT instead. -CUBE_PROXY_CERT_DIR="${ONE_CLICK_INSTALL_PREFIX}/cubeproxy/certs" +CUBE_PROXY_CERT_DIR=/usr/local/services/cubetoolbox/cubeproxy/certs CUBE_PROXY_DNS_ANSWER_IP="${CUBE_SANDBOX_NODE_IP}" WEB_UI_ENABLE=1 WEB_UI_IMAGE=cube-sandbox-image.tencentcloudcr.com/opensource/openresty:1.21.4.1-6-alpine-fat diff --git a/deploy/one-click/README_zh.md b/deploy/one-click/README_zh.md index d1d4adfaf..65e2aa77c 100644 --- a/deploy/one-click/README_zh.md +++ b/deploy/one-click/README_zh.md @@ -135,7 +135,7 @@ cp env.example .env sudo ./install.sh ``` -默认会安装到 `/usr/local/services/cubetoolbox`。 +one-click 固定安装到 `/usr/local/services/cubetoolbox`。 新的 one-click 安装统一只使用 systemd 托管: @@ -271,7 +271,7 @@ CUBE_PROXY_DNS_ENABLE=1 CUBE_PROXY_HTTPS_PORT=443 CUBE_PROXY_HTTP_PORT=80 # 已废弃:CUBE_PROXY_HOST_PORT 会被忽略;如需调整启动后检查端口,请配置 CUBE_PROXY_HTTP_PORT。 -CUBE_PROXY_CERT_DIR="${ONE_CLICK_INSTALL_PREFIX}/cubeproxy/certs" +CUBE_PROXY_CERT_DIR=/usr/local/services/cubetoolbox/cubeproxy/certs CUBE_PROXY_DNS_ANSWER_IP="${CUBE_SANDBOX_NODE_IP}" WEB_UI_ENABLE=1 WEB_UI_IMAGE=cube-sandbox-image.tencentcloudcr.com/opensource/openresty:1.21.4.1-6-alpine-fat diff --git a/deploy/one-click/USER_GUIDE_zh.md b/deploy/one-click/USER_GUIDE_zh.md index ac6226b3d..dda942f07 100644 --- a/deploy/one-click/USER_GUIDE_zh.md +++ b/deploy/one-click/USER_GUIDE_zh.md @@ -34,7 +34,7 @@ cp env.example .env sudo ./install.sh ``` -默认安装目录: +固定安装目录: ```bash /usr/local/services/cubetoolbox diff --git a/deploy/one-click/deploy-manual.sh b/deploy/one-click/deploy-manual.sh index 0ee638916..70cd916d6 100644 --- a/deploy/one-click/deploy-manual.sh +++ b/deploy/one-click/deploy-manual.sh @@ -11,8 +11,6 @@ Usage: sudo ./deploy-manual.sh /path/to/cube-manual-update-*.tar.gz Environment overrides: - ONE_CLICK_TOOLBOX_ROOT Toolbox root, default: /usr/local/services/cubetoolbox - ONE_CLICK_INSTALL_PREFIX Install prefix, default: same as toolbox root ONE_CLICK_RUNTIME_DIR Runtime dir, default: /var/run/cube-sandbox-one-click ONE_CLICK_LOG_DIR Log dir, default: /var/log/cube-sandbox-one-click ONE_CLICK_MANUAL_PACKAGE_TAR @@ -92,8 +90,7 @@ main() { package_tar="$(resolve_package_path "${1:-}")" || die "manual update package not specified" ensure_file "${package_tar}" - local toolbox_root="${ONE_CLICK_TOOLBOX_ROOT:-/usr/local/services/cubetoolbox}" - local install_prefix="${ONE_CLICK_INSTALL_PREFIX:-${toolbox_root}}" + local install_prefix="${CUBE_SANDBOX_INSTALL_ROOT}" local runtime_dir="${ONE_CLICK_RUNTIME_DIR:-/var/run/cube-sandbox-one-click}" local log_dir="${ONE_CLICK_LOG_DIR:-/var/log/cube-sandbox-one-click}" local backup_dir="${install_prefix}/.backup/manual-update-$(date +%Y%m%d-%H%M%S)" @@ -149,8 +146,6 @@ main() { restart_core_services "${role}" if [[ "${ONE_CLICK_SKIP_QUICKCHECK:-0}" != "1" ]]; then - ONE_CLICK_TOOLBOX_ROOT="${install_prefix}" \ - ONE_CLICK_RUNTIME_ENV_FILE="${runtime_env_file}" \ ONE_CLICK_RUNTIME_DIR="${runtime_dir}" \ ONE_CLICK_LOG_DIR="${log_dir}" \ "${install_prefix}/scripts/one-click/quickcheck.sh" diff --git a/deploy/one-click/down.sh b/deploy/one-click/down.sh index 448f09fc2..fa80da3c8 100755 --- a/deploy/one-click/down.sh +++ b/deploy/one-click/down.sh @@ -12,8 +12,7 @@ fi require_root -TOOLBOX_ROOT="${ONE_CLICK_TOOLBOX_ROOT:-/usr/local/services/cubetoolbox}" -INSTALL_PREFIX="${ONE_CLICK_INSTALL_PREFIX:-${TOOLBOX_ROOT}}" +INSTALL_PREFIX="${CUBE_SANDBOX_INSTALL_ROOT}" ensure_dir "${INSTALL_PREFIX}" ROLE_FILE="${INSTALL_PREFIX}/.one-click.env" diff --git a/deploy/one-click/env.example b/deploy/one-click/env.example index 3b4d04fd2..15d05ebda 100644 --- a/deploy/one-click/env.example +++ b/deploy/one-click/env.example @@ -39,8 +39,6 @@ ONE_CLICK_CUBE_SHIM_BUILD_MODE=local # ONE_CLICK_GUEST_IMAGE_RESERVED_BYTES=33554432 # Target-machine install options. -# New installations are always managed by systemd; there is no systemd/non-systemd mode switch. -ONE_CLICK_INSTALL_PREFIX=/usr/local/services/cubetoolbox ONE_CLICK_RUN_QUICKCHECK=1 # quickcheck waits for each runtime signal (systemd units, health endpoints, # sockets, runtime files, node registration) to become ready within this overall @@ -123,7 +121,7 @@ CUBE_PROXY_HTTPS_PORT=443 # The systemd post-start TCP listener check follows this HTTP proxy port. CUBE_PROXY_HTTP_PORT=80 # Deprecated: CUBE_PROXY_HOST_PORT is ignored; configure CUBE_PROXY_HTTP_PORT instead. -CUBE_PROXY_CERT_DIR="${ONE_CLICK_INSTALL_PREFIX}/cubeproxy/certs" +CUBE_PROXY_CERT_DIR=/usr/local/services/cubetoolbox/cubeproxy/certs CUBE_PROXY_REDIS_IP=127.0.0.1 # TLS cert/key file names under CUBE_PROXY_CERT_DIR. Defaults match the files # auto-generated by mkcert (cube.app+3.pem / cube.app+3-key.pem). When you diff --git a/deploy/one-click/install.sh b/deploy/one-click/install.sh index 7f16214ad..0c77d11e4 100755 --- a/deploy/one-click/install.sh +++ b/deploy/one-click/install.sh @@ -94,8 +94,7 @@ warn_default_external_credentials() { fi } -TOOLBOX_ROOT="${ONE_CLICK_TOOLBOX_ROOT:-/usr/local/services/cubetoolbox}" -INSTALL_PREFIX="${ONE_CLICK_INSTALL_PREFIX:-${TOOLBOX_ROOT}}" +INSTALL_PREFIX="${CUBE_SANDBOX_INSTALL_ROOT}" # Resolve install vs upgrade mode and, for upgrades, run preflight + backup and # build the config-preserving merged env BEFORE any destructive change. The @@ -782,7 +781,7 @@ stop_existing_systemd_deployment() { stop_existing_legacy_deployment() { # Legacy bridge for upgrading pre-systemd one-click installs. # New installs are systemd-only; this path only stops old nohup/pidfile deployments - # before the install prefix is replaced. + # before the install root is replaced. local installed_role="$1" local legacy_stop_script="" @@ -794,18 +793,14 @@ stop_existing_legacy_deployment() { if [[ -n "${legacy_stop_script}" ]]; then log "stopping legacy pre-systemd deployment under ${INSTALL_PREFIX}" - ONE_CLICK_TOOLBOX_ROOT="${INSTALL_PREFIX}" \ - ONE_CLICK_RUNTIME_ENV_FILE="${INSTALL_PREFIX}/.one-click.env" \ - "${legacy_stop_script}" || true + "${legacy_stop_script}" || true fi } install_systemd_units() { local install_units_script="${INSTALL_PREFIX}/scripts/systemd/install-units.sh" ensure_file "${install_units_script}" - ONE_CLICK_TOOLBOX_ROOT="${INSTALL_PREFIX}" \ - ONE_CLICK_RUNTIME_ENV_FILE="${INSTALL_PREFIX}/.one-click.env" \ - "${install_units_script}" + "${install_units_script}" } start_systemd_target() { @@ -950,28 +945,24 @@ if [[ "${INSTALL_MODE}" == "upgrade" ]]; then fi fi -if [[ "${INSTALL_PREFIX%/}" == "${TOOLBOX_ROOT%/}" ]]; then - rm -rf \ - "${INSTALL_PREFIX}/network-agent" \ - "${INSTALL_PREFIX}/CubeAPI" \ - "${INSTALL_PREFIX}/CubeMaster" \ - "${INSTALL_PREFIX}/Cubelet" \ - "${INSTALL_PREFIX}/cubeproxy" \ - "${INSTALL_PREFIX}/coredns" \ - "${INSTALL_PREFIX}/webui" \ - "${INSTALL_PREFIX}/support" \ - "${INSTALL_PREFIX}/systemd" \ - "${INSTALL_PREFIX}/cube-shim" \ - "${INSTALL_PREFIX}/cube-kernel-scf" \ - "${INSTALL_PREFIX}/cube-image" \ - "${INSTALL_PREFIX}/scripts" \ - "${INSTALL_PREFIX}/sql" \ - "${INSTALL_PREFIX}/.one-click.env" -else - # Full wipe of a custom prefix, but preserve any upgrade backup directory so - # the config snapshot survives for recovery/rollback. - wipe_custom_install_prefix_contents "${INSTALL_PREFIX}" -fi +assert_safe_install_prefix "${INSTALL_PREFIX}" +rm -rf \ + "${INSTALL_PREFIX}/network-agent" \ + "${INSTALL_PREFIX}/CubeAPI" \ + "${INSTALL_PREFIX}/CubeMaster" \ + "${INSTALL_PREFIX}/Cubelet" \ + "${INSTALL_PREFIX}/cubeproxy" \ + "${INSTALL_PREFIX}/coredns" \ + "${INSTALL_PREFIX}/webui" \ + "${INSTALL_PREFIX}/support" \ + "${INSTALL_PREFIX}/systemd" \ + "${INSTALL_PREFIX}/cube-shim" \ + "${INSTALL_PREFIX}/cube-kernel-scf" \ + "${INSTALL_PREFIX}/cube-image" \ + "${INSTALL_PREFIX}/cube-egress" \ + "${INSTALL_PREFIX}/scripts" \ + "${INSTALL_PREFIX}/sql" \ + "${INSTALL_PREFIX}/.one-click.env" mkdir -p "${INSTALL_PREFIX}" if [[ "${DEPLOY_ROLE}" == "compute" ]]; then @@ -1154,9 +1145,7 @@ check_runtime_file_paths_not_directories start_systemd_target if [[ "${ONE_CLICK_RUN_QUICKCHECK:-1}" == "1" ]]; then - ONE_CLICK_TOOLBOX_ROOT="${INSTALL_PREFIX}" \ - ONE_CLICK_RUNTIME_ENV_FILE="${RUNTIME_ENV_FILE}" \ - "${INSTALL_PREFIX}/scripts/one-click/quickcheck.sh" + "${INSTALL_PREFIX}/scripts/one-click/quickcheck.sh" fi log "install complete (role=${DEPLOY_ROLE})" diff --git a/deploy/one-click/lib/common.sh b/deploy/one-click/lib/common.sh index 10934a807..15b9ec17c 100755 --- a/deploy/one-click/lib/common.sh +++ b/deploy/one-click/lib/common.sh @@ -6,6 +6,10 @@ ONE_CLICK_LIB_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" ONE_CLICK_DIR="$(cd "${ONE_CLICK_LIB_DIR}/.." && pwd)" +if [[ "${CUBE_SANDBOX_INSTALL_ROOT:-}" != "/usr/local/services/cubetoolbox" ]]; then + CUBE_SANDBOX_INSTALL_ROOT="/usr/local/services/cubetoolbox" +fi +readonly CUBE_SANDBOX_INSTALL_ROOT log() { echo "[one-click] $*" >&2 @@ -647,10 +651,9 @@ patch_cubelet_config_template() { # --------------------------------------------------------------------------- # assert_safe_install_prefix: refuse to perform a destructive full wipe of an -# obviously unsafe install prefix. Guards against a mis-set -# ONE_CLICK_INSTALL_PREFIX (e.g. "/" or "/usr", or a foreign dir like -# "/usr/local" / "/var/lib") turning the custom-prefix wipe into a -# system-destroying `rm -rf`. Beyond the root/system/top-level denylist, a +# obviously unsafe install root. Guards against a bad caller accidentally +# pointing a wipe at "/" or "/usr", or a foreign dir like "/usr/local" / +# "/var/lib", turning the wipe into a system-destroying `rm -rf`. Beyond the root/system/top-level denylist, a # non-empty existing prefix is only wiped when it is a recognised CubeSandbox # install (presence of a marker artifact such as .one-click.env / CubeMaster) # or effectively empty. A lone '.backup' left over from an interrupted upgrade @@ -659,14 +662,14 @@ patch_cubelet_config_template() { assert_safe_install_prefix() { local prefix="$1" - [[ -n "${prefix}" ]] || die "refusing to wipe an empty install prefix" - [[ "${prefix}" == /* ]] || die "refusing to wipe a non-absolute install prefix: ${prefix}" - [[ ! -L "${prefix}" ]] || die "refusing to wipe a symlink install prefix: ${prefix}" + [[ -n "${prefix}" ]] || die "refusing to wipe an empty install root" + [[ "${prefix}" == /* ]] || die "refusing to wipe a non-absolute install root: ${prefix}" + [[ ! -L "${prefix}" ]] || die "refusing to wipe a symlink install root: ${prefix}" # Normalize: drop a single trailing slash (but keep "/" detectable). local norm="${prefix%/}" [[ -n "${norm}" ]] || die "refusing to wipe the filesystem root: ${prefix}" - [[ ! -L "${norm}" ]] || die "refusing to wipe a symlink install prefix: ${prefix}" + [[ ! -L "${norm}" ]] || die "refusing to wipe a symlink install root: ${prefix}" case "${norm}" in /usr|/bin|/sbin|/lib|/lib64|/etc|/var|/boot|/dev|/proc|/sys|/run|/root|/home|/opt) @@ -682,7 +685,7 @@ assert_safe_install_prefix() { # top-level directories cannot be wiped wholesale. local trimmed="${norm#/}" if [[ "${trimmed}" != */* ]]; then - die "refusing to wipe a top-level directory: ${prefix} (install prefix must be at least two levels deep)" + die "refusing to wipe a top-level directory: ${prefix} (install root must be at least two levels deep)" fi # Content sanity check: the custom-prefix wipe deletes every top-level entry @@ -703,7 +706,7 @@ _assert_no_top_level_symlinks() { local symlink symlink="$(find "${dir}" -mindepth 1 -maxdepth 1 -type l -print -quit 2>/dev/null || true)" if [[ -n "${symlink}" ]]; then - die "refusing to wipe custom install prefix ${display}: contains top-level symlink (${symlink}); move it away and retry" + die "refusing to wipe install root ${display}: contains top-level symlink (${symlink}); move it away and retry" fi } @@ -722,7 +725,7 @@ _assert_cube_prefix_marker_or_empty() { local stray stray="$(find "${dir}" -mindepth 1 -maxdepth 1 ! -name '.backup' -print -quit 2>/dev/null || true)" if [[ -n "${stray}" ]]; then - die "refusing to wipe custom install prefix ${display}: directory is not empty and contains no CubeSandbox installation markers (.one-click.env / CubeMaster / CubeAPI / Cubelet). Point ONE_CLICK_INSTALL_PREFIX at a dedicated CubeSandbox prefix, or remove the foreign content first." + die "refusing to wipe install root ${display}: directory is not empty and contains no CubeSandbox installation markers (.one-click.env / CubeMaster / CubeAPI / Cubelet). Remove the foreign content first." fi fi } @@ -740,14 +743,14 @@ wipe_custom_install_prefix_contents() { fi before="$(stat -c '%d:%i' -- "${norm}")" \ - || die "failed to stat install prefix before wipe: ${prefix}" + || die "failed to stat install root before wipe: ${prefix}" ( - cd -- "${norm}" || die "failed to enter install prefix: ${prefix}" + cd -- "${norm}" || die "failed to enter install root: ${prefix}" after="$(stat -c '%d:%i' -- .)" \ - || die "failed to stat install prefix after cd: ${prefix}" + || die "failed to stat install root after cd: ${prefix}" [[ "${before}" == "${after}" ]] \ - || die "install prefix changed while preparing to wipe: ${prefix}" + || die "install root changed while preparing to wipe: ${prefix}" # Re-run the marker/empty check against the pinned cwd. This closes the # gap between path validation and destructive deletion. @@ -862,6 +865,8 @@ def parse(path): # database (configured via the WebUI), and the DB master key is auto-bootstrapped # by CubeAPI, so AGENTHUB_SECRET_KEY is obsolete too. DEPRECATED_KEYS = { + "ONE_CLICK_INSTALL_PREFIX", + "ONE_CLICK_TOOLBOX_ROOT", "AGENTHUB_DEEPSEEK_API_KEY", "OPENCLAW_DEEPSEEK_API_KEY", "AGENTHUB_LLM_API_KEY", @@ -877,6 +882,19 @@ DEPRECATED_KEYS = { "CUBE_API_DATABASE_URL", } +LEGACY_CUBE_PROXY_CERT_DIR_DEFAULTS = { + '"${ONE_CLICK_INSTALL_PREFIX}/cubeproxy/certs"', + "'${ONE_CLICK_INSTALL_PREFIX}/cubeproxy/certs'", + "${ONE_CLICK_INSTALL_PREFIX}/cubeproxy/certs", +} + + +def normalize_legacy_value(key, val, tmpl_val): + if key == "CUBE_PROXY_CERT_DIR" and val in LEGACY_CUBE_PROXY_CERT_DIR_DEFAULTS: + return tmpl_val, True + return val, False + + new_defaults = parse(new_example) old_values = parse(old_runtime) old_baseline_vals = parse(old_baseline) if old_baseline else {} @@ -887,6 +905,7 @@ added = [] updated_default = [] preserved = [] explicit = [] +migrated_legacy = [] dropped = [] out_lines = [] @@ -912,7 +931,9 @@ for line in template: chosen = new_overrides[key] explicit.append(key) elif key in old_values: - ov = old_values[key] + ov, migrated = normalize_legacy_value(key, old_values[key], tmpl_val) + if migrated: + migrated_legacy.append((key, old_values[key], ov)) if (has_baseline and key in old_baseline_vals and ov == old_baseline_vals[key] and ov != tmpl_val): chosen = tmpl_val @@ -965,6 +986,9 @@ for k, ov, nv in updated_default: report.append("[preserved] kept your customized values: %d" % len(preserved)) for k, v in preserved: report.append(" = %s=%s" % (k, redact(k, v))) +report.append("[migrated-legacy] legacy defaults rewritten to new fixed defaults: %d" % len(migrated_legacy)) +for k, ov, nv in migrated_legacy: + report.append(" ^ %s: %s -> %s" % (k, redact(k, ov), redact(k, nv))) report.append("[explicit] taken from new .env overrides: %d" % len(explicit)) for k in explicit: report.append(" ! %s" % k) @@ -979,8 +1003,8 @@ with open(diff_file, "w", encoding="utf-8") as fh: fh.write("\n".join(report) + "\n") sys.stderr.write( - "[one-click] env merge: +%d new, ~%d default-updated, =%d preserved, >%d kept-extra, -%d dropped%s\n" % ( - len(added), len(updated_default), len(preserved), len(extra), len(dropped), + "[one-click] env merge: +%d new, ~%d default-updated, =%d preserved, ^%d migrated-legacy, >%d kept-extra, -%d dropped%s\n" % ( + len(added), len(updated_default), len(preserved), len(migrated_legacy), len(extra), len(dropped), "" if has_baseline else " (two-way fallback: no baseline)")) PY } diff --git a/deploy/one-click/scripts/cube-diag/check-procs.sh b/deploy/one-click/scripts/cube-diag/check-procs.sh index 55834bd23..953d9cf65 100755 --- a/deploy/one-click/scripts/cube-diag/check-procs.sh +++ b/deploy/one-click/scripts/cube-diag/check-procs.sh @@ -55,7 +55,6 @@ Options: Environment variables: ONE_CLICK_DEPLOY_ROLE control (default) or compute - ONE_CLICK_TOOLBOX_ROOT Installation root (default: /usr/local/services/cubetoolbox) ONE_CLICK_RUNTIME_DIR PID file directory (default: /var/run/cube-sandbox-one-click) NETWORK_AGENT_HEALTH_ADDR network-agent health address (default: 127.0.0.1:19090) CUBE_API_HEALTH_ADDR cube-api health address (default: 127.0.0.1:3000) @@ -78,8 +77,8 @@ Examples: EOF } -# ── Config (override via env) ────────────────────────────────────────────────── -TOOLBOX_ROOT="${ONE_CLICK_TOOLBOX_ROOT:-/usr/local/services/cubetoolbox}" +# ── Config ───────────────────────────────────────────────────────────────────── +TOOLBOX_ROOT="/usr/local/services/cubetoolbox" RUNTIME_DIR="${ONE_CLICK_RUNTIME_DIR:-/var/run/cube-sandbox-one-click}" NA_HEALTH_ADDR="${NETWORK_AGENT_HEALTH_ADDR:-127.0.0.1:19090}" CUBE_API_HEALTH_ADDR="${CUBE_API_HEALTH_ADDR:-127.0.0.1:3000}" diff --git a/deploy/one-click/scripts/cube-diag/collect-logs.sh b/deploy/one-click/scripts/cube-diag/collect-logs.sh index 874c4ea53..9743f0307 100755 --- a/deploy/one-click/scripts/cube-diag/collect-logs.sh +++ b/deploy/one-click/scripts/cube-diag/collect-logs.sh @@ -70,7 +70,6 @@ Options: --help Show this help message and exit Environment variables: - ONE_CLICK_TOOLBOX_ROOT Installation root (default: /usr/local/services/cubetoolbox) ONE_CLICK_LOG_DIR Runtime log directory (default: /var/log/cube-sandbox-one-click) ONE_CLICK_RUNTIME_DIR PID file directory (default: /var/run/cube-sandbox-one-click) CUBE_DATA_LOG_DIR Structured log root (default: /data/log) @@ -96,7 +95,7 @@ EOF # ── Config ───────────────────────────────────────────────────────────────────── -TOOLBOX_ROOT="${ONE_CLICK_TOOLBOX_ROOT:-/usr/local/services/cubetoolbox}" +TOOLBOX_ROOT="/usr/local/services/cubetoolbox" RUNTIME_LOG_DIR="${ONE_CLICK_LOG_DIR:-/var/log/cube-sandbox-one-click}" RUNTIME_PID_DIR="${ONE_CLICK_RUNTIME_DIR:-/var/run/cube-sandbox-one-click}" DATA_LOG_DIR="${CUBE_DATA_LOG_DIR:-/data/log}" diff --git a/deploy/one-click/scripts/one-click/common.sh b/deploy/one-click/scripts/one-click/common.sh index 9741d8d7f..0c89b96f8 100755 --- a/deploy/one-click/scripts/one-click/common.sh +++ b/deploy/one-click/scripts/one-click/common.sh @@ -2,7 +2,7 @@ set -euo pipefail ONE_CLICK_RUNTIME_SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" -TOOLBOX_ROOT="${ONE_CLICK_TOOLBOX_ROOT:-/usr/local/services/cubetoolbox}" +TOOLBOX_ROOT="/usr/local/services/cubetoolbox" ENV_FILE="${ONE_CLICK_RUNTIME_ENV_FILE:-${TOOLBOX_ROOT}/.one-click.env}" if [[ -f "${ENV_FILE}" ]]; then diff --git a/deploy/one-click/scripts/one-click/quickcheck.sh b/deploy/one-click/scripts/one-click/quickcheck.sh index 263d4316b..6a674efad 100755 --- a/deploy/one-click/scripts/one-click/quickcheck.sh +++ b/deploy/one-click/scripts/one-click/quickcheck.sh @@ -281,7 +281,6 @@ quickcheck_main() { require_cmd curl require_cmd grep - local TOOLBOX_ROOT="${ONE_CLICK_TOOLBOX_ROOT:-/usr/local/services/cubetoolbox}" local MASTER_ADDR MASTER_ADDR="$(resolve_control_plane_cubemaster_addr)" local NA_HEALTH_ADDR="${NETWORK_AGENT_HEALTH_ADDR:-127.0.0.1:19090}" diff --git a/deploy/one-click/scripts/one-click/up.sh b/deploy/one-click/scripts/one-click/up.sh index 5cac91916..b8fb8b574 100755 --- a/deploy/one-click/scripts/one-click/up.sh +++ b/deploy/one-click/scripts/one-click/up.sh @@ -5,8 +5,6 @@ SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" # shellcheck source=./common.sh source "${SCRIPT_DIR}/common.sh" -TOOLBOX_ROOT="${ONE_CLICK_TOOLBOX_ROOT:-/usr/local/services/cubetoolbox}" - NETWORK_AGENT_BIN="${TOOLBOX_ROOT}/network-agent/bin/network-agent" NETWORK_AGENT_CFG="${TOOLBOX_ROOT}/network-agent/network-agent.yaml" NETWORK_AGENT_STATE_DIR="/data/cubelet/network-agent/state" diff --git a/deploy/one-click/scripts/systemd/common.sh b/deploy/one-click/scripts/systemd/common.sh index 3b65eeec7..8402e5ca1 100755 --- a/deploy/one-click/scripts/systemd/common.sh +++ b/deploy/one-click/scripts/systemd/common.sh @@ -4,7 +4,7 @@ set -euo pipefail SYSTEMD_HELPER_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" -TOOLBOX_ROOT="${ONE_CLICK_TOOLBOX_ROOT:-/usr/local/services/cubetoolbox}" +TOOLBOX_ROOT="/usr/local/services/cubetoolbox" ENV_FILE="${ONE_CLICK_RUNTIME_ENV_FILE:-${TOOLBOX_ROOT}/.one-click.env}" UNIT_SOURCE_DIR="${ONE_CLICK_SYSTEMD_UNIT_SOURCE_DIR:-${TOOLBOX_ROOT}/systemd}" UNIT_INSTALL_DIR="${ONE_CLICK_SYSTEMD_UNIT_INSTALL_DIR:-/etc/systemd/system}" diff --git a/deploy/one-click/smoke.sh b/deploy/one-click/smoke.sh index 80bbf8173..d347c58e5 100755 --- a/deploy/one-click/smoke.sh +++ b/deploy/one-click/smoke.sh @@ -12,10 +12,7 @@ fi require_root -TOOLBOX_ROOT="${ONE_CLICK_TOOLBOX_ROOT:-/usr/local/services/cubetoolbox}" -INSTALL_PREFIX="${ONE_CLICK_INSTALL_PREFIX:-${TOOLBOX_ROOT}}" +INSTALL_PREFIX="${CUBE_SANDBOX_INSTALL_ROOT}" ensure_file "${INSTALL_PREFIX}/scripts/one-click/quickcheck.sh" -ONE_CLICK_TOOLBOX_ROOT="${INSTALL_PREFIX}" \ -ONE_CLICK_RUNTIME_ENV_FILE="${INSTALL_PREFIX}/.one-click.env" \ - "${INSTALL_PREFIX}/scripts/one-click/quickcheck.sh" +"${INSTALL_PREFIX}/scripts/one-click/quickcheck.sh" diff --git a/deploy/one-click/tests/test_env_merge.sh b/deploy/one-click/tests/test_env_merge.sh index 7dd2a00ec..9150a133b 100755 --- a/deploy/one-click/tests/test_env_merge.sh +++ b/deploy/one-click/tests/test_env_merge.sh @@ -50,13 +50,12 @@ assert_not_contains() { write_new_example() { cat > "$1" <<'EOF' # sample env template -ONE_CLICK_INSTALL_PREFIX=/usr/local/services/cubetoolbox ONE_CLICK_DEPLOY_ROLE=control CUBE_PVM_ENABLE=0 CUBE_SANDBOX_MYSQL_PORT=3306 CUBE_SANDBOX_REDIS_PASSWORD=ceuhvu123 WEB_UI_IMAGE=registry/openresty:1.21.4.1-6 -CUBE_PROXY_CERT_DIR="${ONE_CLICK_INSTALL_PREFIX}/cubeproxy/certs" +CUBE_PROXY_CERT_DIR=/usr/local/services/cubetoolbox/cubeproxy/certs DATABASE_URL=mysql://cube:cube_pass@127.0.0.1:3306/cube_mvp NEW_FEATURE_FLAG=on # CUBE_SANDBOX_NODE_IP=10.0.0.10 @@ -149,14 +148,12 @@ EOF merge_env_three_way "${new}" "${old}" "" "" "${out}" "${diff}" 2>/dev/null - # ${} expansion in an untouched key is kept verbatim (not expanded/mangled) - assert_contains "${out}" 'CUBE_PROXY_CERT_DIR="${ONE_CLICK_INSTALL_PREFIX}/cubeproxy/certs"' + assert_value "${out}" CUBE_PROXY_CERT_DIR "/usr/local/services/cubetoolbox/cubeproxy/certs" assert_value "${out}" DATABASE_URL "mysql://u:p@host:3306/db2" # WEIRD_KEY is old-only -> appended verbatim, value with '=' intact assert_value "${out}" WEIRD_KEY "a=b=c" - # The merged file must remain valid shell that sources cleanly and expands ${} - # using the (preserved) ONE_CLICK_INSTALL_PREFIX line from the template itself. + # The merged file must remain valid shell that sources cleanly. ( set -a # shellcheck disable=SC1090 @@ -215,6 +212,70 @@ EOF assert_contains "${diff}" "two-way-fallback" } +test_two_way_migrates_legacy_cube_proxy_cert_dir_default() { + local new="${TMP_DIR}/new_proxy_default.example" old="${TMP_DIR}/old_proxy_default.env" + local out="${TMP_DIR}/out_proxy_default.env" diff="${TMP_DIR}/diff_proxy_default.txt" + write_new_example "${new}" + cat > "${old}" <<'EOF' +ONE_CLICK_INSTALL_PREFIX=/usr/local/services/cubetoolbox +CUBE_PROXY_CERT_DIR="${ONE_CLICK_INSTALL_PREFIX}/cubeproxy/certs" +EOF + + merge_env_three_way "${new}" "${old}" "" "" "${out}" "${diff}" 2>/dev/null + + assert_not_contains "${out}" "ONE_CLICK_INSTALL_PREFIX=" + assert_value "${out}" CUBE_PROXY_CERT_DIR "/usr/local/services/cubetoolbox/cubeproxy/certs" + assert_contains "${diff}" "[migrated-legacy]" + assert_contains "${diff}" 'CUBE_PROXY_CERT_DIR: "${ONE_CLICK_INSTALL_PREFIX}/cubeproxy/certs" -> /usr/local/services/cubetoolbox/cubeproxy/certs' + ( + set -a + # shellcheck disable=SC1090 + source "${out}" + set +a + [[ "${CUBE_PROXY_CERT_DIR}" == "/usr/local/services/cubetoolbox/cubeproxy/certs" ]] \ + || { echo "unexpected cert dir: ${CUBE_PROXY_CERT_DIR}" >&2; exit 1; } + ) || fail "legacy CUBE_PROXY_CERT_DIR default was not migrated to fixed path" +} + +test_two_way_migrates_single_quoted_legacy_cube_proxy_cert_dir_default() { + local new="${TMP_DIR}/new_proxy_single_default.example" old="${TMP_DIR}/old_proxy_single_default.env" + local out="${TMP_DIR}/out_proxy_single_default.env" diff="${TMP_DIR}/diff_proxy_single_default.txt" + write_new_example "${new}" + cat > "${old}" <<'EOF' +ONE_CLICK_INSTALL_PREFIX=/usr/local/services/cubetoolbox +CUBE_PROXY_CERT_DIR='${ONE_CLICK_INSTALL_PREFIX}/cubeproxy/certs' +EOF + + merge_env_three_way "${new}" "${old}" "" "" "${out}" "${diff}" 2>/dev/null + + assert_not_contains "${out}" "ONE_CLICK_INSTALL_PREFIX=" + assert_value "${out}" CUBE_PROXY_CERT_DIR "/usr/local/services/cubetoolbox/cubeproxy/certs" + assert_contains "${diff}" "[migrated-legacy]" + assert_contains "${diff}" "CUBE_PROXY_CERT_DIR: '\${ONE_CLICK_INSTALL_PREFIX}/cubeproxy/certs' -> /usr/local/services/cubetoolbox/cubeproxy/certs" + ( + set -a + # shellcheck disable=SC1090 + source "${out}" + set +a + [[ "${CUBE_PROXY_CERT_DIR}" == "/usr/local/services/cubetoolbox/cubeproxy/certs" ]] \ + || { echo "unexpected cert dir: ${CUBE_PROXY_CERT_DIR}" >&2; exit 1; } + ) || fail "single-quoted legacy CUBE_PROXY_CERT_DIR default was not migrated to fixed path" +} + +test_two_way_preserves_custom_cube_proxy_cert_dir() { + local new="${TMP_DIR}/new_proxy_custom.example" old="${TMP_DIR}/old_proxy_custom.env" + local out="${TMP_DIR}/out_proxy_custom.env" diff="${TMP_DIR}/diff_proxy_custom.txt" + write_new_example "${new}" + cat > "${old}" <<'EOF' +CUBE_PROXY_CERT_DIR=/custom/certs +EOF + + merge_env_three_way "${new}" "${old}" "" "" "${out}" "${diff}" 2>/dev/null + + assert_value "${out}" CUBE_PROXY_CERT_DIR "/custom/certs" + assert_contains "${diff}" "[preserved]" +} + test_new_dotenv_overrides_take_priority() { local new="${TMP_DIR}/new9.example" old="${TMP_DIR}/old9.env" dotenv="${TMP_DIR}/new9.env" local out="${TMP_DIR}/out9.env" diff="${TMP_DIR}/diff9.txt" @@ -298,12 +359,14 @@ OPENCLAW_DEFAULT_MODEL=deepseek/deepseek-v4-flash AGENTHUB_LLM_CREDENTIAL_MODE=egress AGENTHUB_SECRET_KEY=base64key CUBE_API_DATABASE_URL=mysql://old:pass@host:3306/db +ONE_CLICK_INSTALL_PREFIX=/opt/cube +ONE_CLICK_TOOLBOX_ROOT=/opt/cube MY_CUSTOM_KEEP=stays EOF merge_env_three_way "${new}" "${old}" "" "" "${out}" "${diff}" 2>/dev/null - # All 13 DEPRECATED_KEYS must be removed from the merged runtime env. + # All DEPRECATED_KEYS must be removed from the merged runtime env. for k in \ AGENTHUB_DEEPSEEK_API_KEY OPENCLAW_DEEPSEEK_API_KEY \ AGENTHUB_LLM_API_KEY OPENCLAW_LLM_API_KEY \ @@ -311,7 +374,8 @@ EOF AGENTHUB_LLM_BASE_URL OPENCLAW_LLM_BASE_URL \ AGENTHUB_LLM_MODEL OPENCLAW_DEFAULT_MODEL \ AGENTHUB_LLM_CREDENTIAL_MODE \ - AGENTHUB_SECRET_KEY CUBE_API_DATABASE_URL; do + AGENTHUB_SECRET_KEY CUBE_API_DATABASE_URL \ + ONE_CLICK_INSTALL_PREFIX ONE_CLICK_TOOLBOX_ROOT; do if grep -q "^${k}=" "${out}"; then fail "obsolete key ${k} should have been dropped from ${out}" fi @@ -415,6 +479,9 @@ test_preserves_shell_sensitive_values test_keeps_old_only_host_keys test_preserves_comments_and_structure test_two_way_fallback_without_baseline +test_two_way_migrates_legacy_cube_proxy_cert_dir_default +test_two_way_migrates_single_quoted_legacy_cube_proxy_cert_dir_default +test_two_way_preserves_custom_cube_proxy_cert_dir test_new_dotenv_overrides_take_priority test_version_lt test_diff_report_redacts_secrets diff --git a/deploy/one-click/tests/test_install_mode.sh b/deploy/one-click/tests/test_install_mode.sh index 3bee257e4..93c0f8b05 100755 --- a/deploy/one-click/tests/test_install_mode.sh +++ b/deploy/one-click/tests/test_install_mode.sh @@ -131,6 +131,21 @@ test_parse_args_unknown_is_ignored() { [[ -z "${CLI_MODE}" ]] || fail "unknown args should not set CLI_MODE" } +test_install_root_readonly() { + ( source "${ONE_CLICK_DIR}/lib/common.sh" ) >/dev/null 2>&1 \ + || fail "common.sh should tolerate being sourced after CUBE_SANDBOX_INSTALL_ROOT is readonly" + + if ( CUBE_SANDBOX_INSTALL_ROOT=/tmp/cube ) >/dev/null 2>&1; then + fail "CUBE_SANDBOX_INSTALL_ROOT should be readonly" + fi + + local env_file="${TMP_DIR}/override-root.env" + printf '%s\n' 'CUBE_SANDBOX_INSTALL_ROOT=/tmp/cube' > "${env_file}" + if ( load_env_file "${env_file}" ) >/dev/null 2>&1; then + fail "load_env_file should reject CUBE_SANDBOX_INSTALL_ROOT overrides" + fi +} + test_assert_safe_install_prefix() { for bad in "/" "/usr" "/etc" "/home" "relative/path" "/toplevel"; do if ( assert_safe_install_prefix "${bad}" ) >/dev/null 2>&1; then @@ -142,9 +157,8 @@ test_assert_safe_install_prefix() { ( assert_safe_install_prefix "${TMP_DIR}/opt/cube/custom/" ) >/dev/null 2>&1 \ || fail "assert_safe_install_prefix should accept a deep prefix with trailing slash" - # Content sanity check: a non-empty prefix with no CubeSandbox marker is - # foreign (e.g. a mis-set ONE_CLICK_INSTALL_PREFIX=/usr/local) and must be - # refused so the wipe does not rm -rf unrelated content. + # Content sanity check: a non-empty install root with no CubeSandbox marker is + # foreign and must be refused so the wipe does not rm -rf unrelated content. local foreign="${TMP_DIR}/foreign" mkdir -p "${foreign}/somedir" : > "${foreign}/notes.txt" @@ -406,14 +420,16 @@ test_install_sh_wires_upgrade_flow() { # in both = and space forms) and CLI values are re-applied after .env load. assert_contains "${f}" 'one_click_parse_args "$@"' assert_contains "${f}" "apply_cli_overrides" - # custom-prefix wipe is guarded against unsafe install prefixes - assert_contains "${f}" 'wipe_custom_install_prefix_contents "${INSTALL_PREFIX}"' + # The install root is fixed; custom-prefix wipe is no longer part of install.sh. + assert_contains "${f}" 'INSTALL_PREFIX="${CUBE_SANDBOX_INSTALL_ROOT}"' + assert_contains "${f}" 'assert_safe_install_prefix "${INSTALL_PREFIX}"' + if grep -Fq 'wipe_custom_install_prefix_contents "${INSTALL_PREFIX}"' "${f}"; then + fail "install.sh should not invoke custom-prefix wipe" + fi # env.example baseline is installed for future three-way merges assert_contains "${f}" 'cp -f "${SCRIPT_DIR}/env.example" "${INSTALL_PREFIX}/env.example"' # upgrade writes the merged env as the runtime env assert_contains "${f}" 'cp -f "${MERGED_ENV}" "${RUNTIME_ENV_FILE}"' - # full-wipe branch delegates to the helper that preserves the upgrade backup. - assert_contains "${ONE_CLICK_DIR}/lib/common.sh" "! -name '.backup'" # on upgrade, CIDR host-conflict detection is skipped (M2) assert_contains "${f}" 'check_cidr_preflight "${CUBE_SANDBOX_NETWORK_CIDR}" "${cidr_skip_conflict}" "CUBE_SANDBOX_NETWORK_CIDR"' assert_contains "${f}" 'check_cidr_preflight "192.168.0.0/18" "${cidr_skip_conflict}" "default CubeSandbox network CIDR"' @@ -429,6 +445,7 @@ test_assume_yes_existing_is_upgrade test_parse_args_space_and_equals_forms test_parse_args_missing_value_fails test_parse_args_unknown_is_ignored +test_install_root_readonly test_assert_safe_install_prefix test_wipe_custom_install_prefix_contents test_control_plane_validators diff --git a/deploy/one-click/tests/test_package_layout.sh b/deploy/one-click/tests/test_package_layout.sh index 488ad8ac9..e3112248d 100755 --- a/deploy/one-click/tests/test_package_layout.sh +++ b/deploy/one-click/tests/test_package_layout.sh @@ -134,6 +134,65 @@ test_tke_addons_network_config_key() { fi } +# 3d) Reinstall first removes packaged component directories, then lays the new +# package down. Guard that list against drifting when build-release-bundle.sh +# adds a new top-level package component. +extract_package_root_dirs() { + { grep -oE '\$\{PACKAGE_ROOT\}/[^"[:space:]]+' "${BUNDLE_SH}" | + sed -E 's#.*\$\{PACKAGE_ROOT\}/([^/"]+).*#\1#' | + sort -u; } || true +} + +extract_reinstall_cleanup_dirs() { + { sed -n '/^rm -rf \\/,/^$/p' "${ONE_CLICK_DIR}/install.sh" | + grep -oE '\$\{INSTALL_PREFIX\}/[^"[:space:]]+' | + sed -E 's#.*\$\{INSTALL_PREFIX\}/([^/"]+).*#\1#' | + sort -u; } || true +} + +is_reinstall_cleanup_exception() { + case "$1" in + # Runtime data/object directories are intentionally preserved across reinstall. + cube-snapshot|cube-vs) + return 0 + ;; + # The bundled Tencent Cloud deployer may hold local terraform state if an + # operator runs it from an installed tree instead of the extracted bundle. + terraform) + return 0 + ;; + *) + return 1 + ;; + esac +} + +test_reinstall_cleanup_tracks_packaged_components() { + local packaged cleaned dir + local missing=() + packaged="$(extract_package_root_dirs)" + cleaned="$(extract_reinstall_cleanup_dirs)" + + if [[ -z "${packaged}" ]]; then + fail "could not extract package-root directories from build-release-bundle.sh" + fi + if [[ -z "${cleaned}" ]]; then + fail "could not extract reinstall cleanup directories from install.sh" + fi + + while IFS= read -r dir; do + [[ -n "${dir}" ]] || continue + is_reinstall_cleanup_exception "${dir}" && continue + if ! grep -qxF "${dir}" <<<"${cleaned}"; then + missing+=("${dir}") + fi + done <<<"${packaged}" + + if [[ "${#missing[@]}" -gt 0 ]]; then + fail "install.sh reinstall cleanup is missing packaged component dir(s): ${missing[*]}" + fi +} + # 4) The build entrypoints AND every shipped Terraform deployer script must at # least be syntactically valid — a cheap, cloud-free guard so a broken script # fails here instead of only when a user runs it from the bundle. @@ -150,6 +209,7 @@ test_component_build_inputs_exist test_image_names_match test_webui_nginx_placeholders test_tke_addons_network_config_key +test_reinstall_cleanup_tracks_packaged_components test_terraform_deployer_files_present test_build_scripts_parse diff --git a/deploy/one-click/tests/test_runtime_file_safety.sh b/deploy/one-click/tests/test_runtime_file_safety.sh index 09827bc89..29083df8a 100644 --- a/deploy/one-click/tests/test_runtime_file_safety.sh +++ b/deploy/one-click/tests/test_runtime_file_safety.sh @@ -17,7 +17,8 @@ cleanup() { } trap cleanup EXIT -export ONE_CLICK_TOOLBOX_ROOT="${TMP_DIR}/toolbox" +: > "${TMP_DIR}/empty-runtime.env" +export ONE_CLICK_RUNTIME_ENV_FILE="${TMP_DIR}/empty-runtime.env" export ONE_CLICK_RUNTIME_DIR="${TMP_DIR}/run" export ONE_CLICK_LOG_DIR="${TMP_DIR}/log" diff --git a/docs/guide/multi-node-deploy.md b/docs/guide/multi-node-deploy.md index bc234f375..a0d0a8bda 100644 --- a/docs/guide/multi-node-deploy.md +++ b/docs/guide/multi-node-deploy.md @@ -151,7 +151,6 @@ Compute nodes use the same `.env` file format. The following variables are speci | `CUBE_SANDBOX_NODE_IP` | `10.0.0.10` | **Required.** This node's primary network interface IP | | `CUBE_SANDBOX_NETWORK_CIDR` | `192.168.0.0/18` (from `config.toml`) | cubevs local network CIDR. Should match the control-plane value. IPv4 CIDR format (e.g., `10.100.0.0/18`), mask range /8–/30. Auto-detected for host network conflicts at install time. | | `CUBE_SANDBOX_NETWORK_CIDR_SKIP_CONFLICT_CHECK` | `0` | Set to `1` to skip CIDR conflict detection (not recommended). | -| `ONE_CLICK_INSTALL_PREFIX` | `/usr/local/services/cubetoolbox` | Installation directory | | `ONE_CLICK_RUN_QUICKCHECK` | `1` | Run health check after installation | For the full configuration reference (build-time options, database, proxy, etc.), see [Self-Build Deployment — Configuration Reference](./self-build-deploy.md#configuration-reference). diff --git a/docs/guide/self-build-deploy.md b/docs/guide/self-build-deploy.md index 642b9b058..6822ea860 100644 --- a/docs/guide/self-build-deploy.md +++ b/docs/guide/self-build-deploy.md @@ -132,7 +132,7 @@ sudo ./install.sh The install script will: 1. Optionally configure a Docker registry mirror (if `ONE_CLICK_ENABLE_TENCENT_DOCKER_MIRROR=1`) -2. Extract the sandbox package to `/usr/local/services/cubetoolbox` (configurable) +2. Extract the sandbox package to the fixed install root `/usr/local/services/cubetoolbox` 3. Create required log and data directories 4. Symlink CubeShim binaries to `/usr/local/bin/` 5. Install bundled `mkcert` (if not already present), generate TLS certificates for `cube.app` @@ -287,7 +287,6 @@ You can also point to prebuilt binaries to skip compilation: | `CUBE_SANDBOX_NODE_IP` | auto-detected from `eth0` | Node's primary network interface IP. Auto-detected if unset; set explicitly if your interface differs. | | `CUBE_SANDBOX_NETWORK_CIDR` | `192.168.0.0/18` | cubevs local network CIDR for sandbox IP allocation. IPv4 CIDR format (e.g., `10.100.0.0/18`), mask range /8–/30. Conflicts with host interfaces, routes, or resolver nameservers abort installation during preflight. Uses the fixed default when unset. | | `CUBE_SANDBOX_NETWORK_CIDR_SKIP_CONFLICT_CHECK` | `0` | Set to `1` to skip CIDR conflict detection for the default or custom sandbox CIDR (not recommended). | -| `ONE_CLICK_INSTALL_PREFIX` | `/usr/local/services/cubetoolbox` | Installation directory | | `ONE_CLICK_RUN_QUICKCHECK` | `1` | Run health check after installation | | `ONE_CLICK_RUNTIME_DIR` | `/var/run/cube-sandbox-one-click` | PID and runtime files directory | | `ONE_CLICK_LOG_DIR` | `/var/log/cube-sandbox-one-click` | Process stdout/stderr log directory | @@ -337,7 +336,7 @@ You can also point to prebuilt binaries to skip compilation: ## Installed Directory Structure -After installation, the deployment is located at `/usr/local/services/cubetoolbox/` (default): +After installation, the deployment is located at `/usr/local/services/cubetoolbox/`: ``` /usr/local/services/cubetoolbox/ diff --git a/docs/zh/guide/multi-node-deploy.md b/docs/zh/guide/multi-node-deploy.md index ea739561a..64c9c1c22 100644 --- a/docs/zh/guide/multi-node-deploy.md +++ b/docs/zh/guide/multi-node-deploy.md @@ -151,7 +151,6 @@ sudo ./down.sh | `CUBE_SANDBOX_NODE_IP` | `10.0.0.10` | **必须修改。** 当前节点主网卡 IP | | `CUBE_SANDBOX_NETWORK_CIDR` | `192.168.0.0/18`(取自 `config.toml`) | cubevs 本地网络 CIDR。需与控制节点一致。格式为 IPv4 CIDR(如 `10.100.0.0/18`),掩码范围 /8~/30。安装时自动检测宿主机冲突。 | | `CUBE_SANDBOX_NETWORK_CIDR_SKIP_CONFLICT_CHECK` | `0` | 设为 `1` 跳过冲突检测(不推荐)。 | -| `ONE_CLICK_INSTALL_PREFIX` | `/usr/local/services/cubetoolbox` | 安装目录 | | `ONE_CLICK_RUN_QUICKCHECK` | `1` | 安装后是否执行健康检查 | 完整配置参考(构建选项、数据库、代理等)请参阅[本地构建部署 — 配置参考](./self-build-deploy.md#配置参考)。 diff --git a/docs/zh/guide/self-build-deploy.md b/docs/zh/guide/self-build-deploy.md index b97d689e9..48ba0679d 100644 --- a/docs/zh/guide/self-build-deploy.md +++ b/docs/zh/guide/self-build-deploy.md @@ -132,7 +132,7 @@ sudo ./install.sh 安装脚本会依次执行: 1. 可选配置 Docker 镜像加速(如 `ONE_CLICK_ENABLE_TENCENT_DOCKER_MIRROR=1`) -2. 解压沙箱包到 `/usr/local/services/cubetoolbox`(可配置) +2. 解压沙箱包到固定安装根 `/usr/local/services/cubetoolbox` 3. 创建日志和数据目录 4. 将 CubeShim 二进制文件软链接到 `/usr/local/bin/` 5. 安装内置的 `mkcert`(若系统尚无此命令),为 `cube.app` 域名生成 TLS 证书 @@ -287,7 +287,6 @@ sudo ./down.sh | `CUBE_SANDBOX_NODE_IP` | 自动从 `eth0` 探测 | 节点主网卡 IP 地址。未设置时自动探测;若网卡名称不同请显式指定。 | | `CUBE_SANDBOX_NETWORK_CIDR` | `192.168.0.0/18` | cubevs 本地网络 CIDR,用于沙箱 IP 分配。格式为 IPv4 CIDR(如 `10.100.0.0/18`),掩码范围 /8~/30。若与宿主机网卡、路由或 DNS 解析器地址冲突,安装前置检测会直接中止安装。未设置时使用固定默认值。 | | `CUBE_SANDBOX_NETWORK_CIDR_SKIP_CONFLICT_CHECK` | `0` | 设为 `1` 可跳过默认或自定义沙箱 CIDR 的冲突检测(不推荐)。 | -| `ONE_CLICK_INSTALL_PREFIX` | `/usr/local/services/cubetoolbox` | 安装目录 | | `ONE_CLICK_RUN_QUICKCHECK` | `1` | 安装后是否执行健康检查 | | `ONE_CLICK_RUNTIME_DIR` | `/var/run/cube-sandbox-one-click` | PID 和运行时文件目录 | | `ONE_CLICK_LOG_DIR` | `/var/log/cube-sandbox-one-click` | 进程标准输出/错误日志目录 | @@ -337,7 +336,7 @@ sudo ./down.sh ## 安装后目录结构 -安装完成后,部署目录位于 `/usr/local/services/cubetoolbox/`(默认): +安装完成后,部署目录位于 `/usr/local/services/cubetoolbox/`: ``` /usr/local/services/cubetoolbox/