From 8043a4fe4c793f22a4f16cc65d5702b3a9b7adea Mon Sep 17 00:00:00 2001
From: zhangpeng <pengzhang@yunify.com>
Date: Thu, 1 Jul 2021 15:56:14 +0800
Subject: [PATCH 01/86] Fix:update rabbit version and replace apt source

---
 .gitignore                                   |  1 +
 ansible/group_vars/all.yml                   |  2 +-
 ansible/roles/rabbitmq-server/tasks/main.yml | 39 ++++++++++++--------
 3 files changed, 26 insertions(+), 16 deletions(-)
 create mode 100644 .gitignore

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..1c2d52b
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+.idea/*
diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml
index f665031..b96da00 100644
--- a/ansible/group_vars/all.yml
+++ b/ansible/group_vars/all.yml
@@ -1,5 +1,5 @@
 keepalived_version: 2.0.18
-rabbitmq_version: 3.7.23
+rabbitmq_version: 3.8.18
 local_cache_path: "~/.ansible/cache"
 erlang_solution_version: 1.0
 haproxy_version: 2.0
\ No newline at end of file
diff --git a/ansible/roles/rabbitmq-server/tasks/main.yml b/ansible/roles/rabbitmq-server/tasks/main.yml
index fb25da6..a0d5411 100644
--- a/ansible/roles/rabbitmq-server/tasks/main.yml
+++ b/ansible/roles/rabbitmq-server/tasks/main.yml
@@ -35,14 +35,24 @@
   apt: deb="/tmp/erlang-solutions_{{ erlang_solution_version }}_all.deb"
   become: yes
 
-- name: update apt for erlang
-  shell: echo 'deb https://dl.bintray.com/rabbitmq/debian  xenial  erlang-22.x' | sudo tee -a /etc/apt/sources.list.d/erlang-solutions.list
+#- name: update apt for erlang
+#  shell: echo 'deb https://dl.bintray.com/rabbitmq/debian  xenial  erlang-22.x' | sudo tee -a /etc/apt/sources.list.d/erlang-solutions.list
 
-- name: add apt-key
-  apt_key:
-    url: https://packages.erlang-solutions.com/ubuntu/erlang_solutions.asc
+#- name: add apt-key
+#  apt_key:
+#    url: https://packages.erlang-solutions.com/ubuntu/erlang_solutions.asc
+#    state: present
+
+- name: install add-apt-repository
+  apt:
+    name: "software-properties-common"
+    update_cache: yes
     state: present
 
+- name: add-apt-repository rabbitmq-erlang
+  apt_repository:
+    repo: "ppa:rabbitmq/rabbitmq-erlang"
+
 - name: install erlang
   apt:
     name: erlang
@@ -52,17 +62,16 @@
 - name: add apt_key for rabbitmq
   shell: wget -O - "https://packagecloud.io/rabbitmq/rabbitmq-server/gpgkey" | sudo apt-key add -
 
-- name: add apt signing key, will not download if present
-  apt_key:
-    url: https://github.com/rabbitmq/signing-keys/releases/download/2.0/rabbitmq-release-signing-key.asc
-    state: present
+#- name: add apt signing key, will not download if present
+#  apt_key:
+#    url: https://github.com/rabbitmq/signing-keys/releases/download/2.0/rabbitmq-release-signing-key.asc
+#    state: present
 
 - name: add bintray repo for latest Rabbitmq
   shell:
     cmd: |
       tee /etc/apt/sources.list.d/bintray.rabbitmq.list <<EOF
-      deb https://dl.bintray.com/rabbitmq-erlang/debian xenial erlang-22.x
-      deb https://dl.bintray.com/rabbitmq/debian xenial main
+      deb http://ppa.launchpad.net/rabbitmq/rabbitmq-erlang/ubuntu xenial main
       EOF
 
 - name: install apt https
@@ -70,7 +79,7 @@
     name: ['apt-transport-https', 'jq']
     update_cache: yes
 
-# https://github.com/rabbitmq/rabbitmq-server/releases/download/v3.8.0/rabbitmq-server_3.8.0-1_all.deb
+# https://github.com/rabbitmq/rabbitmq-server/releases/download/v3.8.0/rabbitmq-server_3.8.17-1_all.deb
 - name: apt for rabbitmq
   apt: deb="/tmp/rabbitmq-server_{{ rabbitmq_version }}-1_all.deb"
   become: yes
@@ -81,11 +90,11 @@
   vars:
     opts:
       pkg_name: "rabbitmq-delayed_message_exchange"
-      pkg_version: "3.8.0"
+      pkg_version: "3.8.17"
       pkg_type: ez
-      pkg_url: "https://github.com/rabbitmq/rabbitmq-delayed-message-exchange/releases/download/v3.8.0/rabbitmq_delayed_message_exchange-3.8.0.ez"
+      pkg_url: "https://github.com/rabbitmq/rabbitmq-delayed-message-exchange/releases/download/3.8.17/rabbitmq_delayed_message_exchange-3.8.17.8f537ac.ez"
       extracts: false
-      dest_path: "/usr/lib/rabbitmq/lib/rabbitmq_server-3.7.23/plugins/rabbitmq_delayed_message_exchange-3.8.0.ez"
+      dest_path: "/usr/lib/rabbitmq/lib/rabbitmq_server-{{ rabbitmq_version }}/plugins/rabbitmq_delayed_message_exchange-3.8.17.ez"
       creates: 
       bin_path:
 #unzip /tmp/rabbitmq_delayed_message_exchange-20191008-3.8.x.zip -d /usr/lib/rabbitmq/lib/rabbitmq_server-{{ rabbitmq_version }}/plugins/

From 0cd6f2ce84d8a5a549af87f4463dad31d1875282 Mon Sep 17 00:00:00 2001
From: zhangpeng <pengzhang@yunify.com>
Date: Thu, 8 Jul 2021 16:41:29 +0800
Subject: [PATCH 02/86] Perfect project

---
 ansible/group_vars/all.yml                    |   2 +-
 ansible/make.yml                              |  12 +-
 ansible/requirements.yml                      |   8 -
 ansible/roles/app-agent/meta/main.yml         |  13 +
 ansible/roles/app-agent/tasks/main.yml        |  45 ++++
 .../roles/appctl/files/etc/logrotate.d/appctl |   7 +
 .../appctl/files/etc/rsyslog.d/49-appctl.conf |   2 +
 ansible/roles/appctl/files/opt/app/bin/ctl.sh | 250 ++++++++++++++++++
 .../appctl/files/opt/app/bin/envs/appctl.env  |   1 +
 .../appctl/files/opt/app/bin/envs/readme.md   |   7 +
 .../appctl/files/opt/app/bin/node/readme.md   |   1 +
 .../appctl/files/opt/app/bin/tmpl/readme.md   |   1 +
 ansible/roles/appctl/meta/main.yml            |  13 +
 ansible/roles/appctl/tasks/main.yml           |  41 +++
 ansible/roles/arping/meta/main.yml            |  13 +
 ansible/roles/arping/tasks/main.yml           |   6 +
 ansible/roles/caddy/files/compile.sh          |  34 +++
 .../files/lib/systemd/system/caddy.service    |  35 +++
 .../files/opt/app/bin/envs/svc-caddy.env      |   1 +
 .../caddy/files/opt/app/conf/caddy/caddyfile  |   0
 ansible/roles/caddy/meta/main.yml             |  13 +
 .../roles/caddy/tasks/compile-and-install.yml |  31 +++
 .../roles/caddy/tasks/install-prebuilt.yml    |  21 ++
 ansible/roles/caddy/tasks/main.yml            |  54 ++++
 ansible/roles/caddy/vars/main.yml             |   2 +
 .../etc/confd/templates/01.header.sh.tmpl     |  38 +++
 ansible/roles/confd-files/meta/main.yml       |  13 +
 ansible/roles/confd-files/tasks/main.yml      |  40 +++
 ansible/roles/disable-apt-jobs/meta/main.yml  |  13 +
 ansible/roles/disable-apt-jobs/tasks/main.yml |  16 ++
 ansible/roles/disable-motd/meta/main.yml      |  13 +
 ansible/roles/disable-motd/tasks/main.yml     |  13 +
 ansible/roles/haproxy/tasks/main.yml          |   5 +
 ansible/roles/install/meta/main.yml           |  13 +
 ansible/roles/install/tasks/main.yml          | 114 ++++++++
 ansible/roles/keepalived/tasks/main.yml       |   2 +-
 ansible/roles/node-all/tasks/main.yml         |   2 +-
 .../templates/haproxy.sh/01.haproxy.cfg.tmpl  |   8 +-
 ansible/roles/node-proxy/tasks/main.yml       |   2 +-
 ansible/roles/node-rabbitmq/tasks/main.yml    |   2 +-
 ansible/roles/rabbitmq-server/tasks/main.yml  |   4 +-
 41 files changed, 886 insertions(+), 25 deletions(-)
 delete mode 100644 ansible/requirements.yml
 create mode 100644 ansible/roles/app-agent/meta/main.yml
 create mode 100644 ansible/roles/app-agent/tasks/main.yml
 create mode 100644 ansible/roles/appctl/files/etc/logrotate.d/appctl
 create mode 100644 ansible/roles/appctl/files/etc/rsyslog.d/49-appctl.conf
 create mode 100755 ansible/roles/appctl/files/opt/app/bin/ctl.sh
 create mode 100644 ansible/roles/appctl/files/opt/app/bin/envs/appctl.env
 create mode 100644 ansible/roles/appctl/files/opt/app/bin/envs/readme.md
 create mode 100644 ansible/roles/appctl/files/opt/app/bin/node/readme.md
 create mode 100644 ansible/roles/appctl/files/opt/app/bin/tmpl/readme.md
 create mode 100644 ansible/roles/appctl/meta/main.yml
 create mode 100644 ansible/roles/appctl/tasks/main.yml
 create mode 100644 ansible/roles/arping/meta/main.yml
 create mode 100644 ansible/roles/arping/tasks/main.yml
 create mode 100644 ansible/roles/caddy/files/compile.sh
 create mode 100644 ansible/roles/caddy/files/lib/systemd/system/caddy.service
 create mode 100644 ansible/roles/caddy/files/opt/app/bin/envs/svc-caddy.env
 create mode 100644 ansible/roles/caddy/files/opt/app/conf/caddy/caddyfile
 create mode 100644 ansible/roles/caddy/meta/main.yml
 create mode 100644 ansible/roles/caddy/tasks/compile-and-install.yml
 create mode 100644 ansible/roles/caddy/tasks/install-prebuilt.yml
 create mode 100644 ansible/roles/caddy/tasks/main.yml
 create mode 100644 ansible/roles/caddy/vars/main.yml
 create mode 100644 ansible/roles/confd-files/files/etc/confd/templates/01.header.sh.tmpl
 create mode 100644 ansible/roles/confd-files/meta/main.yml
 create mode 100644 ansible/roles/confd-files/tasks/main.yml
 create mode 100644 ansible/roles/disable-apt-jobs/meta/main.yml
 create mode 100644 ansible/roles/disable-apt-jobs/tasks/main.yml
 create mode 100644 ansible/roles/disable-motd/meta/main.yml
 create mode 100644 ansible/roles/disable-motd/tasks/main.yml
 create mode 100644 ansible/roles/install/meta/main.yml
 create mode 100644 ansible/roles/install/tasks/main.yml

diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml
index b96da00..eae36a3 100644
--- a/ansible/group_vars/all.yml
+++ b/ansible/group_vars/all.yml
@@ -1,5 +1,5 @@
 keepalived_version: 2.0.18
-rabbitmq_version: 3.8.18
+rabbitmq_version: 3.8.19
 local_cache_path: "~/.ansible/cache"
 erlang_solution_version: 1.0
 haproxy_version: 2.0
\ No newline at end of file
diff --git a/ansible/make.yml b/ansible/make.yml
index ab13b2e..cb31cc1 100644
--- a/ansible/make.yml
+++ b/ansible/make.yml
@@ -8,11 +8,11 @@
   - include_role:
       name: "{{ service_name }}"
     loop:
-    - disable-apt-jobs-1.0.0
-    - disable-motd-1.0.0
-    - app-agent-1.0.1
-    - appctl-1.0.9
-    - arping-1.0.0
+    - disable-apt-jobs
+    - disable-motd
+    - app-agent
+    - appctl
+    - arping
     - rabbitmq-server
     - haproxy
     - keepalived
@@ -20,6 +20,6 @@
     - node-client
     - node-proxy
     - node-rabbitmq
-    - caddy-1.0.6
+    - caddy
     loop_control:
       loop_var: service_name
diff --git a/ansible/requirements.yml b/ansible/requirements.yml
deleted file mode 100644
index de56304..0000000
--- a/ansible/requirements.yml
+++ /dev/null
@@ -1,8 +0,0 @@
-- src: https://qingcloudappcenter.github.io/ansible-roles/disable-apt-jobs-1.0.0.tar.gz
-- src: https://qingcloudappcenter.github.io/ansible-roles/disable-motd-1.0.0.tar.gz
-- src: https://qingcloudappcenter.github.io/ansible-roles/app-agent-1.0.1.tar.gz
-- src: https://qingcloudappcenter.github.io/ansible-roles/appctl-1.0.9.tar.gz
-- src: https://qingcloudappcenter.github.io/ansible-roles/arping-1.0.0.tar.gz
-- src: https://qingcloudappcenter.github.io/ansible-roles/confd-files-1.0.2.tar.gz
-- src: https://qingcloudappcenter.github.io/ansible-roles/install-1.0.5.tar.gz
-- src: https://qingcloudappcenter.github.io/ansible-roles/caddy-1.0.6.tar.gz
\ No newline at end of file
diff --git a/ansible/roles/app-agent/meta/main.yml b/ansible/roles/app-agent/meta/main.yml
new file mode 100644
index 0000000..0a4c119
--- /dev/null
+++ b/ansible/roles/app-agent/meta/main.yml
@@ -0,0 +1,13 @@
+galaxy_info:
+  role_name: app-agent
+  role_version: 1.0.1
+  author: Hongliang Wang
+  description: installs app agent
+
+  license: Apache
+
+  min_ansible_version: 2.4
+
+  galaxy_tags: []
+
+dependencies: []
diff --git a/ansible/roles/app-agent/tasks/main.yml b/ansible/roles/app-agent/tasks/main.yml
new file mode 100644
index 0000000..5787bc0
--- /dev/null
+++ b/ansible/roles/app-agent/tasks/main.yml
@@ -0,0 +1,45 @@
+---
+- name: set up variables
+  set_fact:
+    app_agent_version: 1.0.6
+
+- name: prepare directories
+  file:
+    path: "/tmp/app-agent"
+    state: directory
+
+- name: prepare local download directories
+  file:
+    path : "{{ role_path }}/files/tmp"
+    state: directory
+  delegate_to: localhost
+
+- name: download reusable binaries locally
+  vars:
+    dest_path: "{{ role_path }}/files/tmp/app-agent-{{ app_agent_version }}.tgz"
+  get_url:
+    url: "https://github.com/QingCloudAppcenter/AppcenterAgent/releases/download/v{{ app_agent_version }}/app-agent-linux-amd64.tar.gz"
+    dest: "{{ dest_path }}"
+  when: dest_path is not exists
+  run_once: True
+  delegate_to: localhost
+
+- name: extract binary
+  unarchive:
+    src: "{{ role_path }}/files/tmp/app-agent-{{ app_agent_version }}.tgz"
+    dest: "/tmp/app-agent"
+    creates: "/tmp/app-agent/bin"
+    extra_opts: [ --strip-components=1 ]
+
+- name: install app agent
+  raw: |
+    cd /tmp/app-agent
+    ./install.sh
+  args:
+    creates: /opt/qingcloud/app-agent/bin/confd
+
+- name: adjust logrotate
+  replace:
+    path: /etc/logrotate.d/app-agent
+    regexp: '^(\s+size).*'
+    replace: '\1 2M'
diff --git a/ansible/roles/appctl/files/etc/logrotate.d/appctl b/ansible/roles/appctl/files/etc/logrotate.d/appctl
new file mode 100644
index 0000000..ea5c461
--- /dev/null
+++ b/ansible/roles/appctl/files/etc/logrotate.d/appctl
@@ -0,0 +1,7 @@
+/data/appctl/logs/appctl.log {
+  weekly
+  maxsize 2M
+  rotate 5
+  missingok
+  notifempty
+}
diff --git a/ansible/roles/appctl/files/etc/rsyslog.d/49-appctl.conf b/ansible/roles/appctl/files/etc/rsyslog.d/49-appctl.conf
new file mode 100644
index 0000000..da9ad12
--- /dev/null
+++ b/ansible/roles/appctl/files/etc/rsyslog.d/49-appctl.conf
@@ -0,0 +1,2 @@
+if $programname startswith 'appctl' then /data/appctl/logs/appctl.log
+&stop
diff --git a/ansible/roles/appctl/files/opt/app/bin/ctl.sh b/ansible/roles/appctl/files/opt/app/bin/ctl.sh
new file mode 100755
index 0000000..8fb9760
--- /dev/null
+++ b/ansible/roles/appctl/files/opt/app/bin/ctl.sh
@@ -0,0 +1,250 @@
+#!/usr/bin/env bash
+
+# Default hook functions named starting with _, e.g. _init(), _start(), etc.
+# Specific roles can override the default hooks like:
+#   start() {
+#     _start
+#     ...
+#   }
+#
+# Specific hooks will be executed if exist, otherwise the default ones.
+
+# Error codes
+EC_CHECK_INACTIVE=200
+EC_CHECK_PORT_ERR=201
+EC_CHECK_PROTO_ERR=202
+EC_ENV_ERR=203
+EC_CHECK_HTTP_REQ_ERR=204
+EC_CHECK_HTTP_CODE_ERR=205
+
+command=$1
+args="${@:2}"
+
+log() {
+  if [ "$1" == "--debug" ]; then
+    [ "$APPCTL_ENV" == "dev" ] || return 0
+    shift
+  fi
+  logger -S 5000 -t appctl --id=$$ -- "[cmd=$command args='$args'] $@"
+}
+ 
+retry() {
+  local tried=0
+  local maxAttempts=$1
+  local interval=$2
+  local stopCode=$3
+  local cmd="${@:4}"
+  local retCode=0
+  while [ $tried -lt $maxAttempts ]; do
+    $cmd && return 0 || {
+      retCode=$?
+      if [ "$retCode" = "$stopCode" ]; then
+        log "'$cmd' returned with stop code $stopCode. Stopping ..."
+        return $retCode
+      fi
+    }
+    sleep $interval
+    tried=$((tried+1))
+  done
+
+  log "'$cmd' still returned errors after $tried attempts. Stopping ..."
+  return $retCode
+}
+
+rotate() {
+  local maxFilesCount=5
+  for path in $@; do
+    for i in $(seq 1 $maxFilesCount | tac); do
+      if [ -f "${path}.$i" ]; then mv ${path}.$i ${path}.$(($i+1)); fi
+    done
+    if [ -f "$path" ]; then cp $path ${path}.1; fi
+  done
+}
+
+execute() {
+  local cmd=$1; log --debug "Executing command ..."
+  [ "$(type -t $cmd)" = "function" ] || cmd=_$cmd
+  $cmd ${@:2}
+}
+
+applyEnvFiles() {
+  local envFile; for envFile in $(find /opt/app/bin/envs -name "*.env"); do . $envFile; done
+}
+
+applyRoleScripts() {
+  local scriptFile=/opt/app/bin/node/$NODE_CTL.sh
+  if [ -f "$scriptFile" ]; then . $scriptFile; fi
+}
+
+checkEnv() {
+  test -n "$1"
+}
+
+checkMounts() {
+  test -n "${MY_HYPER_TYPE}" || {
+    log "ERROR: MY_HYPER_TYPE variable is required to be set. "
+    return 1
+  }
+  test -n "${DATA_MOUNTS+x}" || {
+    log "ERROR: DATA_MOUNTS variable is required to be set. "
+    return 1
+  }
+  case $MY_HYPER_TYPE in
+  kvm)
+      local dataDir; for dataDir in $DATA_MOUNTS; do
+        grep -qs " $dataDir " /proc/mounts || {
+          log "ERROR: Failed to mount disk . "
+          return 1
+        }
+      done
+  ;;
+  lxc)
+      local dataDir; for dataDir in $DATA_MOUNTS; do
+        dataDir=$(echo $dataDir|tr -s [:space:])
+        if [ -d $dataDir ]; then
+	         :
+       	else
+	         log "ERROR: $dataDir is not found in this container . "
+	         return 1
+       	fi
+      done
+  ;;
+  *)
+      log "ERROR: unrecognized hyper type: $MY_HYPER_TYPE. "
+      return 1
+  ;;
+  esac
+}
+
+getServices() {
+  if [ "$1" = "-a" ]; then
+    echo $SERVICES
+  else
+    echo $SERVICES | xargs -n1 | awk -F/ '$2=="true"' | xargs
+  fi
+}
+
+isSvcEnabled() {
+  local svc="${1%%/*}"
+  [ "$(echo $(getServices -a) | xargs -n1 | awk -F/ '$1=="'$svc'" {print $2}')" = "true" ]
+}
+
+checkActive() {
+  systemctl is-active -q $1
+}
+
+checkEndpoint() {
+  local proto=${1%:*} host=${2-$MY_IP} port=${1#*:}
+  if [ "$proto" = "tcp" ]; then
+    nc -z -w5 $host $port
+  elif [ "$proto" = "http" ]; then
+    local code
+    code="$(curl -s -m5 -o /dev/null -w "%{http_code}" $host:$port)" || {
+      log "ERROR: HTTP $code - failed to check http://$host:$port ($?)."
+      return $EC_CHECK_HTTP_REQ_ERR
+    }
+    [[ "$code" =~ ^(200|302|401|403|404)$ ]] || {
+      log "ERROR: unexpected HTTP code $code."
+      return $EC_CHECK_HTTP_CODE_ERR
+    }
+  else
+    return $EC_CHECK_PROTO_ERR
+  fi
+}
+
+isNodeInitialized() {
+  local svcs="$(getServices -a)"
+  [ "$(systemctl is-enabled ${svcs%%/*})" == "disabled" ]
+}
+
+initSvc() {
+  systemctl unmask -q ${1%%/*}
+}
+
+_checkSvc() {
+  checkActive ${1%%/*} || {
+    log "Service '$1' is inactive."
+    return $EC_CHECK_INACTIVE
+  }
+  local endpoints=$(echo $1 | awk -F/ '{print $3}')
+  local endpoint; for endpoint in ${endpoints//,/ }; do
+    checkEndpoint $endpoint || {
+      log "Endpoint '$endpoint' is unreachable."
+      return $EC_CHECK_PORT_ERR
+    }
+  done
+}
+
+startSvc() {
+  systemctl start ${1%%/*}
+}
+
+stopSvc() {
+  systemctl stop ${1%%/*}
+}
+
+restartSvc() {
+  stopSvc $1
+  startSvc $1
+}
+
+### app management
+
+_preCheck() {
+  checkEnv "$MY_IP"
+}
+
+_initNode() {
+  checkMounts
+  rm -rf /data/lost+found
+  install -d -o syslog -g svc /data/appctl/logs
+  local svc; for svc in $(getServices -a); do initSvc $svc; done
+}
+
+_revive() {
+  local svc; for svc in $(getServices); do
+    execute checkSvc $svc || restartSvc $svc || log "ERROR: failed to restart '$svc' ($?)."
+  done
+}
+
+_check() {
+  local svc; for svc in $(getServices); do
+    execute checkSvc $svc
+  done
+}
+
+_start() {
+  isNodeInitialized || {
+    execute initNode
+    systemctl restart rsyslog # output to log files under /data
+  }
+  local svc; for svc in $(getServices); do startSvc $svc; done
+}
+
+_stop() {
+  log "Stopping all services ..."
+  local svc; for svc in $(getServices -a | xargs -n1 | tac); do stopSvc $svc; done
+}
+
+_restart() {
+  execute stop
+  execute start
+}
+
+_reload() {
+  if ! isNodeInitialized; then return 0; fi # only reload after initialized
+  local svcs="${@:-$(getServices -a)}"
+  local svc; for svc in $(echo $svcs | xargs -n1 | tac); do stopSvc $svc; done
+  local svc; for svc in $svcs; do
+    if isSvcEnabled $svc; then startSvc $svc; fi
+  done
+}
+
+applyEnvFiles
+applyRoleScripts
+
+[ "$APPCTL_ENV" == "dev" ] && set -x
+set -eo pipefail
+
+execute preCheck
+execute $command $args
diff --git a/ansible/roles/appctl/files/opt/app/bin/envs/appctl.env b/ansible/roles/appctl/files/opt/app/bin/envs/appctl.env
new file mode 100644
index 0000000..3e167db
--- /dev/null
+++ b/ansible/roles/appctl/files/opt/app/bin/envs/appctl.env
@@ -0,0 +1 @@
+APPCTL_ENV=prod
diff --git a/ansible/roles/appctl/files/opt/app/bin/envs/readme.md b/ansible/roles/appctl/files/opt/app/bin/envs/readme.md
new file mode 100644
index 0000000..0bae9b9
--- /dev/null
+++ b/ansible/roles/appctl/files/opt/app/bin/envs/readme.md
@@ -0,0 +1,7 @@
+This directory holds env files, e.g.
+
+svc-rabbitmq-server.env:
+
+```env
+SERVICES="$SERVICES rabbitmq-server/true/tcp:5672,http:15672"
+```
\ No newline at end of file
diff --git a/ansible/roles/appctl/files/opt/app/bin/node/readme.md b/ansible/roles/appctl/files/opt/app/bin/node/readme.md
new file mode 100644
index 0000000..fae06e7
--- /dev/null
+++ b/ansible/roles/appctl/files/opt/app/bin/node/readme.md
@@ -0,0 +1 @@
+Place node-specific scripts under this directory.
\ No newline at end of file
diff --git a/ansible/roles/appctl/files/opt/app/bin/tmpl/readme.md b/ansible/roles/appctl/files/opt/app/bin/tmpl/readme.md
new file mode 100644
index 0000000..9835102
--- /dev/null
+++ b/ansible/roles/appctl/files/opt/app/bin/tmpl/readme.md
@@ -0,0 +1 @@
+This directory holds bundled confd template files.
diff --git a/ansible/roles/appctl/meta/main.yml b/ansible/roles/appctl/meta/main.yml
new file mode 100644
index 0000000..a995235
--- /dev/null
+++ b/ansible/roles/appctl/meta/main.yml
@@ -0,0 +1,13 @@
+galaxy_info:
+  role_name: appctl
+  role_version: 1.0.9
+  author: Hongliang Wang
+  description: installs appctl
+
+  license: Apache
+
+  min_ansible_version: 2.4
+
+  galaxy_tags: []
+
+dependencies: []
diff --git a/ansible/roles/appctl/tasks/main.yml b/ansible/roles/appctl/tasks/main.yml
new file mode 100644
index 0000000..d677021
--- /dev/null
+++ b/ansible/roles/appctl/tasks/main.yml
@@ -0,0 +1,41 @@
+---
+- name: copy logging config files
+  copy:
+    src: files/{{ path }}/
+    dest: /{{ path }}
+    owner: root
+    group: root
+    mode: u=rw,go=r
+  loop:
+    - etc/logrotate.d
+    - etc/rsyslog.d
+  loop_control:
+    loop_var: path
+
+- name: create svc group
+  group:
+    name: svc
+    state: present
+
+- name: copy app files
+  copy:
+    src: files/opt/app/
+    dest: /opt/app
+    owner: root
+    group: svc
+    mode: preserve
+    directory_mode: u=rwx,g=rx,o=
+
+- name: create symbolic link
+  file:
+    src: /opt/app/bin/ctl.sh
+    dest: /usr/bin/appctl
+    state: link
+
+- name: set up dev env
+  copy:
+    dest: /opt/app/bin/envs/appdev.env
+    content: |
+      APPCTL_ENV=dev
+
+  when: target_env == 'dev'
diff --git a/ansible/roles/arping/meta/main.yml b/ansible/roles/arping/meta/main.yml
new file mode 100644
index 0000000..9601b88
--- /dev/null
+++ b/ansible/roles/arping/meta/main.yml
@@ -0,0 +1,13 @@
+galaxy_info:
+  role_name: arping
+  role_version: 1.0.0
+  author: Hongliang Wang
+  description: installs arping
+
+  license: Apache
+
+  min_ansible_version: 2.4
+
+  galaxy_tags: []
+
+dependencies: []
diff --git a/ansible/roles/arping/tasks/main.yml b/ansible/roles/arping/tasks/main.yml
new file mode 100644
index 0000000..a8ea64d
--- /dev/null
+++ b/ansible/roles/arping/tasks/main.yml
@@ -0,0 +1,6 @@
+---
+- name: install arping
+  apt:
+    name: [ 'iputils-arping' ]
+    state: present
+    update_cache: yes
\ No newline at end of file
diff --git a/ansible/roles/caddy/files/compile.sh b/ansible/roles/caddy/files/compile.sh
new file mode 100644
index 0000000..acc8718
--- /dev/null
+++ b/ansible/roles/caddy/files/compile.sh
@@ -0,0 +1,34 @@
+#!/usr/bin/env bash
+
+set -eu
+
+# From https://github.com/wmark/http.upload/issues/38#issuecomment-529623377
+
+cat > go.mod << MOD_EOF
+module caddy
+
+go 1.13
+
+require (
+  blitznote.com/src/http.upload/v3 v$CADDY_UPLOAD_VERSION
+  github.com/caddyserver/caddy v$CADDY_VERSION
+)
+MOD_EOF
+
+cat > main.go << EOF
+package main
+
+import (
+  "github.com/caddyserver/caddy/caddy/caddymain"
+
+  _ "blitznote.com/src/http.upload/v3"
+)
+
+func main() {
+  caddymain.Run()
+}
+EOF
+
+gofmt -w main.go
+go mod tidy
+go build -tags "caddyserver0.9 caddyserver1.0" -o $TARGET_FILE
\ No newline at end of file
diff --git a/ansible/roles/caddy/files/lib/systemd/system/caddy.service b/ansible/roles/caddy/files/lib/systemd/system/caddy.service
new file mode 100644
index 0000000..956a7a2
--- /dev/null
+++ b/ansible/roles/caddy/files/lib/systemd/system/caddy.service
@@ -0,0 +1,35 @@
+[Unit]
+Description=Caddy HTTP/2 web server
+Documentation=https://caddyserver.com/docs
+After=network-online.target
+Wants=network-online.target
+ConditionFileNotEmpty=/opt/app/conf/caddy/caddyfile
+
+[Service]
+Restart=on-abnormal
+
+User=caddy
+Group=caddy
+
+; Always set "-root" to something safe in case it gets forgotten in the Caddyfile.
+ExecStart=/opt/caddy/current/caddy -agree=true -conf=/opt/app/conf/caddy/caddyfile
+ExecReload=/bin/kill -USR1 $MAINPID
+
+KillMode=mixed
+KillSignal=SIGQUIT
+TimeoutStopSec=5s
+
+LimitNOFILE=1024
+LimitNPROC=512
+
+PrivateTmp=true
+PrivateDevices=false
+ProtectHome=true
+ProtectSystem=full
+
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+NoNewPrivileges=true
+
+[Install]
+WantedBy=multi-user.target
diff --git a/ansible/roles/caddy/files/opt/app/bin/envs/svc-caddy.env b/ansible/roles/caddy/files/opt/app/bin/envs/svc-caddy.env
new file mode 100644
index 0000000..c98b9d4
--- /dev/null
+++ b/ansible/roles/caddy/files/opt/app/bin/envs/svc-caddy.env
@@ -0,0 +1 @@
+SERVICES="$SERVICES caddy/false/http:80"
\ No newline at end of file
diff --git a/ansible/roles/caddy/files/opt/app/conf/caddy/caddyfile b/ansible/roles/caddy/files/opt/app/conf/caddy/caddyfile
new file mode 100644
index 0000000..e69de29
diff --git a/ansible/roles/caddy/meta/main.yml b/ansible/roles/caddy/meta/main.yml
new file mode 100644
index 0000000..9d5009e
--- /dev/null
+++ b/ansible/roles/caddy/meta/main.yml
@@ -0,0 +1,13 @@
+galaxy_info:
+  role_name: caddy
+  role_version: 1.0.6
+  author: Hongliang Wang
+  description: installs caddy server
+
+  license: Apache
+
+  min_ansible_version: 2.4
+
+  galaxy_tags: []
+
+dependencies: []
diff --git a/ansible/roles/caddy/tasks/compile-and-install.yml b/ansible/roles/caddy/tasks/compile-and-install.yml
new file mode 100644
index 0000000..22eb3e5
--- /dev/null
+++ b/ansible/roles/caddy/tasks/compile-and-install.yml
@@ -0,0 +1,31 @@
+---
+- name: define vars
+  set_fact:
+    work_dir: "{{ role_path }}/files/tmp/with-upload-module"
+
+- name: prepare tmp compile dir
+  file:
+    path: "{{ work_dir }}"
+    state: directory
+  delegate_to: localhost
+  run_once: True
+
+- name: compile Caddy with upload module
+  vars:
+    target_file: "{{ work_dir }}/caddy-{{ caddy_version }}"
+  args:
+    chdir: "{{ work_dir }}"
+    creates: "{{ target_file }}"
+  environment:
+    GO111MODULE: "on"
+    CADDY_VERSION: "{{ caddy_version }}"
+    CADDY_UPLOAD_VERSION: "{{ mod_upload_version }}"
+    TARGET_FILE: "{{ target_file }}"
+  local_action: command bash {{ role_path }}/files/compile.sh
+  run_once: True
+
+- name: install
+  copy:
+    src: "{{ work_dir }}/caddy-{{ caddy_version }}"
+    dest: /opt/caddy/current/caddy
+    mode: 755
\ No newline at end of file
diff --git a/ansible/roles/caddy/tasks/install-prebuilt.yml b/ansible/roles/caddy/tasks/install-prebuilt.yml
new file mode 100644
index 0000000..ea8b75b
--- /dev/null
+++ b/ansible/roles/caddy/tasks/install-prebuilt.yml
@@ -0,0 +1,21 @@
+---
+- name: prepare tmp download dir
+  file:
+    path: "{{ role_path }}/files/tmp/prebuilt"
+    state: directory
+  delegate_to: localhost
+
+- name: download caddy binary
+  vars:
+    dest_caddy_path: "{{ role_path }}/files/tmp/prebuilt/caddy-{{ caddy_version }}.tgz"
+  get_url:
+    url: https://github.com/caddyserver/caddy/releases/download/v{{ caddy_version }}/caddy_v{{ caddy_version }}_linux_amd64.tar.gz
+    dest: "{{ dest_caddy_path }}"
+  delegate_to: localhost
+  when: dest_caddy_path is not exists
+  run_once: True
+
+- name: install caddy
+  unarchive:
+    src: "{{ role_path }}/files/tmp/prebuilt/caddy-{{ caddy_version }}.tgz"
+    dest: /opt/caddy/current
\ No newline at end of file
diff --git a/ansible/roles/caddy/tasks/main.yml b/ansible/roles/caddy/tasks/main.yml
new file mode 100644
index 0000000..214e872
--- /dev/null
+++ b/ansible/roles/caddy/tasks/main.yml
@@ -0,0 +1,54 @@
+---
+- name: prepare service group
+  group:
+    name: svc
+    state: present
+
+- name: prepare service user
+  user:
+    name: caddy
+    groups: svc
+    shell: /sbin/nologin
+    create_home: no
+    append: yes
+    comment: "Service User"
+    state: present
+
+- name: prepare binary directory
+  file:
+    path: /opt/caddy/{{ caddy_version }}
+    state: directory
+
+- name: link binary dir
+  file:
+    src: "{{ caddy_version }}"
+    dest: /opt/caddy/current
+    state: link
+
+- name: compile with plugins
+  include_tasks: compile-and-install.yml
+  when: caddy_plugins is defined
+
+- name: download official prebuilt package
+  include_tasks: install-prebuilt.yml
+  when: caddy_plugins is undefined
+
+- name: transfer files
+  copy:
+    src: files/{{ file_path }}
+    dest: /{{ file_path }}
+    owner: root
+    group: root
+    mode: preserve
+  loop:
+    - lib/systemd/system/
+    - opt/app/
+  loop_control:
+    loop_var: file_path
+
+- name: mask caddy service
+  systemd:
+    name: caddy
+    enabled: no
+    masked: yes
+    state: stopped
\ No newline at end of file
diff --git a/ansible/roles/caddy/vars/main.yml b/ansible/roles/caddy/vars/main.yml
new file mode 100644
index 0000000..e706c83
--- /dev/null
+++ b/ansible/roles/caddy/vars/main.yml
@@ -0,0 +1,2 @@
+caddy_version: 1.0.4
+mod_upload_version: 3.0.1
\ No newline at end of file
diff --git a/ansible/roles/confd-files/files/etc/confd/templates/01.header.sh.tmpl b/ansible/roles/confd-files/files/etc/confd/templates/01.header.sh.tmpl
new file mode 100644
index 0000000..3b684c2
--- /dev/null
+++ b/ansible/roles/confd-files/files/etc/confd/templates/01.header.sh.tmpl
@@ -0,0 +1,38 @@
+#!/usr/bin/env bash
+
+set -eo pipefail
+
+myPath="$0"
+
+cleanUp() {
+  local rc=$?
+  [ "$rc" -eq 0 ] || echo "# Failed ($rc)! Please check confd logs." >> $myPath
+  return $rc
+}
+
+trap cleanUp EXIT
+
+rotate() {
+  local path=$1 maxFilesCount=5
+  for i in $(seq 1 $maxFilesCount | tac); do
+    if [ -f "${path}.$i" ]; then mv ${path}.$i ${path}.$(($i+1)); fi
+  done
+  if [ -f "$path" ]; then cp $path ${path}.1; fi
+}
+
+flush() {
+  local targetFile=$1
+  if [ -n "$targetFile" ]; then
+    rotate $targetFile
+    cat > $targetFile -
+  else
+    cat -
+  fi
+}
+
+applyEnvs() {
+  local -r envFile=/opt/app/bin/envs/confd.env
+  if [ -f "$envFile" ]; then . $envFile; fi
+}
+
+applyEnvs
diff --git a/ansible/roles/confd-files/meta/main.yml b/ansible/roles/confd-files/meta/main.yml
new file mode 100644
index 0000000..8913e8e
--- /dev/null
+++ b/ansible/roles/confd-files/meta/main.yml
@@ -0,0 +1,13 @@
+galaxy_info:
+  role_name: confd-files
+  role_version: 1.0.2
+  author: Hongliang Wang
+  description: installs confd-files
+
+  license: Apache
+
+  min_ansible_version: 2.9
+
+  galaxy_tags: []
+
+dependencies: []
diff --git a/ansible/roles/confd-files/tasks/main.yml b/ansible/roles/confd-files/tasks/main.yml
new file mode 100644
index 0000000..c7f6fc8
--- /dev/null
+++ b/ansible/roles/confd-files/tasks/main.yml
@@ -0,0 +1,40 @@
+---
+- name: compile
+  shell: |
+    compileTmpls() {
+      local commonFiles="$(ls {{ role_path }}/files/etc/confd/templates/*)"
+      local srcFiles="$commonFiles ${@:2}" destFile=$1
+      for tmpl in $srcFiles; do
+        (cat $tmpl; echo) >> $destFile
+      done
+    }
+
+    set -euo pipefail
+
+    parentRolePath="{{ ansible_parent_role_paths[0] }}"
+    srcRootDir="$parentRolePath/files/etc/confd/templates"
+    [ -d "$srcRootDir" ]
+    destDir=$parentRolePath/files/tmp/confd/templates
+    mkdir -p $destDir
+    rm -rf $destDir/*
+    for srcDir in $(ls -d $srcRootDir/*); do
+      compileTmpls $destDir/$(basename $srcDir).tmpl $(ls $srcDir/*)
+    done
+  args:
+    executable: /bin/bash
+  delegate_to: localhost
+  run_once: True
+
+- name: install
+  copy:
+    src: "{{ ansible_parent_role_paths[0] }}/files/{{ path.src }}/"
+    dest: /etc/confd/{{ path.dest }}/
+    owner: root
+    group: root
+  loop:
+  - src: etc/confd/conf.d
+    dest: conf.d
+  - src: tmp/confd/templates
+    dest: templates
+  loop_control:
+    loop_var: path
\ No newline at end of file
diff --git a/ansible/roles/disable-apt-jobs/meta/main.yml b/ansible/roles/disable-apt-jobs/meta/main.yml
new file mode 100644
index 0000000..b8c81f8
--- /dev/null
+++ b/ansible/roles/disable-apt-jobs/meta/main.yml
@@ -0,0 +1,13 @@
+galaxy_info:
+  role_name: disable-apt-jobs
+  role_version: 1.0.0
+  author: Hongliang Wang
+  description: disable apt jobs
+
+  license: Apache
+
+  min_ansible_version: 2.4
+
+  galaxy_tags: []
+
+dependencies: []
diff --git a/ansible/roles/disable-apt-jobs/tasks/main.yml b/ansible/roles/disable-apt-jobs/tasks/main.yml
new file mode 100644
index 0000000..c461176
--- /dev/null
+++ b/ansible/roles/disable-apt-jobs/tasks/main.yml
@@ -0,0 +1,16 @@
+---
+- name: disable apt auto upgrade
+  systemd:
+    name: "{{ svc_name }}"
+    state: stopped
+    masked: yes
+  loop:
+  - apt-daily.timer
+  - apt-daily.service
+  - apt-daily-upgrade.timer
+  - apt-daily-upgrade.service
+  loop_control:
+    loop_var: svc_name
+
+- name: fix apt issues
+  shell: dpkg --configure -a
diff --git a/ansible/roles/disable-motd/meta/main.yml b/ansible/roles/disable-motd/meta/main.yml
new file mode 100644
index 0000000..9bdfd23
--- /dev/null
+++ b/ansible/roles/disable-motd/meta/main.yml
@@ -0,0 +1,13 @@
+galaxy_info:
+  role_name: disable-motd
+  role_version: 1.0.0
+  author: Hongliang Wang
+  description: disable motd
+
+  license: Apache
+
+  min_ansible_version: 2.4
+
+  galaxy_tags: []
+
+dependencies: []
diff --git a/ansible/roles/disable-motd/tasks/main.yml b/ansible/roles/disable-motd/tasks/main.yml
new file mode 100644
index 0000000..f0c9fdb
--- /dev/null
+++ b/ansible/roles/disable-motd/tasks/main.yml
@@ -0,0 +1,13 @@
+---
+- name: remove welcome messages after SSH login
+  file:
+    path: "{{ remote_usr.home }}/.hushlogin"
+    owner: "{{ remote_usr.name }}"
+    state: touch
+  loop:
+  - name: ubuntu
+    home: /home/ubuntu
+  - name: root
+    home: /root
+  loop_control:
+    loop_var: remote_usr
diff --git a/ansible/roles/haproxy/tasks/main.yml b/ansible/roles/haproxy/tasks/main.yml
index 47a1156..e165345 100644
--- a/ansible/roles/haproxy/tasks/main.yml
+++ b/ansible/roles/haproxy/tasks/main.yml
@@ -31,3 +31,8 @@
     masked: yes
     state: stopped
 
+- name: creates directory
+  file:
+    path: /opt/app/conf/haproxy
+    state: directory
+
diff --git a/ansible/roles/install/meta/main.yml b/ansible/roles/install/meta/main.yml
new file mode 100644
index 0000000..c461b3b
--- /dev/null
+++ b/ansible/roles/install/meta/main.yml
@@ -0,0 +1,13 @@
+galaxy_info:
+  role_name: install
+  role_version: 1.0.5
+  author: Hongliang Wang
+  description: download files with local cache and install
+
+  license: Apache
+
+  min_ansible_version: 2.9
+
+  galaxy_tags: []
+
+dependencies: []
diff --git a/ansible/roles/install/tasks/main.yml b/ansible/roles/install/tasks/main.yml
new file mode 100644
index 0000000..6bc844e
--- /dev/null
+++ b/ansible/roles/install/tasks/main.yml
@@ -0,0 +1,114 @@
+---
+- name: set up default home var
+  set_fact:
+    default_dest_dir: "/opt/{{ opts.pkg_name }}/{{ opts.pkg_version }}/"
+  when: opts.pkg_version is defined
+
+- name: set up variables
+  set_fact:
+    dest_path: "{{ opts.dest_path | d(default_dest_dir) }}"
+    pkg_name: "{{ opts.pkg_name }}"
+    pkg_type: "{{ opts.pkg_type | d('') }}"
+    pkg_version: "{{ opts.pkg_version | d('') }}"
+    extracts: "{{ opts.extracts | d(false) }}"
+    extra_opts: "{{ opts.extra_opts | d(['--strip-components=1'] if opts.pkg_type == 'tgz' else []) }}"
+    creates: "{{ opts.creates | d('') }}"
+    parent_role_name: "{{ ansible_parent_role_names[0] | regex_replace('-[0-9.]+$', '') }}"
+    target_owner: "{{ opts.target_owner | d('root') }}"
+    target_group: "{{ opts.target_group | d('root') }}"
+
+- name: set other variables
+  set_fact:
+    local_path: "{{ local_cache_path }}/{{ parent_role_name }}/{{ opts.local_path + '/' if opts.local_path is defined else '' }}{{ pkg_name }}{{ '-' + pkg_version if pkg_version else '' }}{{ '.' + pkg_type if pkg_type else '' }}"
+
+- name: install tools
+  apt:
+    name: ['unzip']
+    state: present
+    update_cache: no
+  when:
+  - extracts
+  - pkg_type == 'zip'
+
+- name: check if package file exists
+  stat:
+    path: "{{ local_path }}"
+  register: cached_file
+  run_once: True
+  delegate_to: localhost
+
+- name: prepare local dir
+  file:
+    dest: "{{ local_path | dirname }}"
+    state: directory
+  delegate_to: localhost
+  when:
+  - cached_file.stat.exists == False
+
+- name: download package - {{ pkg_name }}
+  get_url:
+    url: "{{ opts.pkg_url }}"
+    dest: "{{ local_path }}"
+  delegate_to: localhost
+  run_once: True
+  when:
+  - cached_file.stat.exists == False
+
+- name: Prepare directories - {{ pkg_name }}
+  file:
+    path: "{{ dest_path if extracts or dest_path[-1] == '/' else dest_path | dirname }}"
+    owner: "{{ target_owner }}"
+    group: "{{ target_group }}"
+    state: directory
+
+- name: extract package - {{ pkg_name }}
+  unarchive:
+    src: "{{ local_path }}"
+    dest: "{{ dest_path }}"
+    owner: "{{ target_owner }}"
+    group: "{{ target_group }}"
+    creates: "{{ dest_path | regex_replace('/*$', '') }}/{{ creates }}"
+    extra_opts: "{{ extra_opts }}"
+  when:
+  - extracts
+
+- name: set permissions - {{ pkg_name }}
+  file:
+    path: "{{ dest_path }}"
+    owner: "{{ target_owner }}"
+    group: "{{ target_group }}"
+    recurse: yes
+  when:
+  - extracts
+
+- name: transfer package - {{ pkg_name }}
+  copy:
+    src: "{{ local_path }}"
+    dest: "{{ dest_path }}"
+    mode: "{{ opts.file_mode | d('644') }}"
+  when:
+  - extracts == False
+
+- name: create symbolic link - {{ pkg_name }}
+  file:
+    src: "{{ pkg_version }}"
+    dest: "/opt/{{ pkg_name }}/current"
+    state: link
+  when: dest_path == default_dest_dir
+
+- name: add bin path to PATH
+  copy:
+    dest: /etc/profile.d/{{ pkg_name }}-path.sh
+    content: PATH={{ dest_path | regex_replace('/*$', '') }}/{{ opts.bin_path }}:$PATH
+  when: opts.bin_path is defined
+
+- name: create bin symbolic links - {{ pkg_name }}
+  file:
+    src: "{{ '/opt/' + pkg_name + '/current' if dest_path == default_dest_dir else dest_path }}{{ '/' + bin_link.src if bin_link.src else '' }}"
+    dest: "{{ bin_link.dest | d('/usr/bin/' + (bin_link.src | basename)) }}"
+    force: yes
+    state: link
+  loop: "{{ opts.bin_links }}"
+  loop_control:
+    loop_var: bin_link
+  when: opts.bin_links is defined
diff --git a/ansible/roles/keepalived/tasks/main.yml b/ansible/roles/keepalived/tasks/main.yml
index 8035964..deec589 100644
--- a/ansible/roles/keepalived/tasks/main.yml
+++ b/ansible/roles/keepalived/tasks/main.yml
@@ -15,7 +15,7 @@
 
 - name: download keepalived
   include_role:
-    name: install-1.0.5
+    name: install
   vars:
     opts:
       pkg_name: keepalived
diff --git a/ansible/roles/node-all/tasks/main.yml b/ansible/roles/node-all/tasks/main.yml
index e1c67ea..ddba54c 100644
--- a/ansible/roles/node-all/tasks/main.yml
+++ b/ansible/roles/node-all/tasks/main.yml
@@ -1,4 +1,4 @@
 ---
 - name: install confd files
   include_role:
-    name: confd-files-1.0.2
\ No newline at end of file
+    name: confd-files
\ No newline at end of file
diff --git a/ansible/roles/node-proxy/files/etc/confd/templates/haproxy.sh/01.haproxy.cfg.tmpl b/ansible/roles/node-proxy/files/etc/confd/templates/haproxy.sh/01.haproxy.cfg.tmpl
index 79d91e6..5805761 100644
--- a/ansible/roles/node-proxy/files/etc/confd/templates/haproxy.sh/01.haproxy.cfg.tmpl
+++ b/ansible/roles/node-proxy/files/etc/confd/templates/haproxy.sh/01.haproxy.cfg.tmpl
@@ -4,10 +4,10 @@ global
   log 127.0.0.1 local0 info
   maxconn 65535
   chroot /usr/local/sbin
-  #uid 65534
-  #gid 65534
-  user nobody
-  group nobody
+  uid 65534
+  gid 65534
+  #user nobody
+  #group nobody
   daemon
   quiet
   nbproc 20
diff --git a/ansible/roles/node-proxy/tasks/main.yml b/ansible/roles/node-proxy/tasks/main.yml
index cf955eb..320d09f 100644
--- a/ansible/roles/node-proxy/tasks/main.yml
+++ b/ansible/roles/node-proxy/tasks/main.yml
@@ -10,4 +10,4 @@
 
 - name: install confd files
   include_role:
-    name: confd-files-1.0.2
\ No newline at end of file
+    name: confd-files
\ No newline at end of file
diff --git a/ansible/roles/node-rabbitmq/tasks/main.yml b/ansible/roles/node-rabbitmq/tasks/main.yml
index cf955eb..320d09f 100644
--- a/ansible/roles/node-rabbitmq/tasks/main.yml
+++ b/ansible/roles/node-rabbitmq/tasks/main.yml
@@ -10,4 +10,4 @@
 
 - name: install confd files
   include_role:
-    name: confd-files-1.0.2
\ No newline at end of file
+    name: confd-files
\ No newline at end of file
diff --git a/ansible/roles/rabbitmq-server/tasks/main.yml b/ansible/roles/rabbitmq-server/tasks/main.yml
index a0d5411..c9749ef 100644
--- a/ansible/roles/rabbitmq-server/tasks/main.yml
+++ b/ansible/roles/rabbitmq-server/tasks/main.yml
@@ -10,7 +10,7 @@
 
 - name: install rabbitmq deb
   include_role:
-    name: install-1.0.5
+    name: install
   vars:
     opts:
       pkg_name: "{{ item.name }}"
@@ -86,7 +86,7 @@
 
 - name: download plugins for rabbitmq
   include_role:
-    name: install-1.0.5
+    name: install
   vars:
     opts:
       pkg_name: "rabbitmq-delayed_message_exchange"

From 4fba4eb803f70fb621111f575e603dfc594a9c23 Mon Sep 17 00:00:00 2001
From: mini-idea <2596691139@qq.com>
Date: Thu, 8 Jul 2021 17:37:15 +0800
Subject: [PATCH 03/86] Add disk for node Haproxy

---
 .../confd/templates/nodectl.sh/01.nodectl.env.tmpl   |  2 +-
 app/cluster.json.mustache                            | 12 ++++++++----
 app/config.json                                      | 10 ++++++++++
 3 files changed, 19 insertions(+), 5 deletions(-)

diff --git a/ansible/roles/node-all/files/etc/confd/templates/nodectl.sh/01.nodectl.env.tmpl b/ansible/roles/node-all/files/etc/confd/templates/nodectl.sh/01.nodectl.env.tmpl
index a7d523b..1ea09d0 100644
--- a/ansible/roles/node-all/files/etc/confd/templates/nodectl.sh/01.nodectl.env.tmpl
+++ b/ansible/roles/node-all/files/etc/confd/templates/nodectl.sh/01.nodectl.env.tmpl
@@ -11,7 +11,7 @@ SERVICES="\$SERVICES \$(echo "
 haproxy/true/tcp:5672,http:15672,tcp:61613,tcp:1883,http:{{ $HPPORT }}
 keepalived/true/
 " | xargs)"
-DATA_MOUNTS=""
+DATA_MOUNTS="/log"
 MY_HYPER_TYPE={{ getv "/host/hypervisor" }}
 NODE_CTL="proxy-node"
 {{- else if getvs "/host/role" | filter "client" }}
diff --git a/app/cluster.json.mustache b/app/cluster.json.mustache
index 3ae328c..f938436 100644
--- a/app/cluster.json.mustache
+++ b/app/cluster.json.mustache
@@ -12,7 +12,7 @@
             "prefer_type": "lxc",
             "sriov_nic": true,
             "zone": "sh1",
-            "image": "img-z1pyzrxh"
+            "image": "img-zpfb1hxm"
         },
         "instance_class": {{cluster.disc.instance_class}},
         "count": {{cluster.disc.count}},
@@ -97,7 +97,7 @@
             "prefer_type": "lxc",
             "sriov_nic": true,
             "zone": "sh1",
-            "image": "img-z1pyzrxh"
+            "image": "img-zpfb1hxm"
         },
         "instance_class": {{cluster.ram.instance_class}},
         "count": {{cluster.ram.count}},
@@ -178,7 +178,7 @@
         "container": {
             "type": "kvm",
             "zone": "sh1",
-            "image": "img-z1pyzrxh"
+            "image": "img-zpfb1hxm"
         },
         "instance_class": {{cluster.client.instance_class}},
         "count": {{cluster.client.count}},
@@ -201,7 +201,7 @@
             "prefer_type":"lxc",
             "sriov_nic": true,
             "zone": "sh1",
-            "image": "img-z1pyzrxh"
+            "image": "img-zpfb1hxm"
         },
         "instance_class": {{cluster.haproxy.instance_class}},
         "count": {{cluster.haproxy.count}},
@@ -231,6 +231,10 @@
             "unhealthy_threshold": 2,
             "check_cmd": "appctl check",
             "action_cmd": "appctl revive"
+        }, "volume": {
+            "size": {{cluster.haproxy.volume_size}},
+            "mount_point": "/log",
+            "filesystem": "ext4"
         }
     }],
     "env": {
diff --git a/app/config.json b/app/config.json
index 0ceb6d2..6604709 100644
--- a/app/config.json
+++ b/app/config.json
@@ -206,6 +206,16 @@
                 "default": 101,
                 "range": [101, 202],
                 "required": "yes"
+            }, {
+                "key": "volume_size",
+                "label": "Volume Size",
+                "description": "The volume size for each instance",
+                "type": "integer",
+                "auto_scale_step": 10,
+                "min": 10,
+                "max": 1000,
+                "default": 10,
+                "required": "yes"
             }, {
                 "key": "count",
                 "label": "Count",

From 5ad4fa174e34cc8a06486cc1446dfed28cbf45df Mon Sep 17 00:00:00 2001
From: mini-idea <2596691139@qq.com>
Date: Fri, 9 Jul 2021 16:57:03 +0800
Subject: [PATCH 04/86] Change file permission Automatically

---
 ansible/roles/appctl/tasks/main.yml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/ansible/roles/appctl/tasks/main.yml b/ansible/roles/appctl/tasks/main.yml
index d677021..c3d607a 100644
--- a/ansible/roles/appctl/tasks/main.yml
+++ b/ansible/roles/appctl/tasks/main.yml
@@ -26,6 +26,11 @@
     mode: preserve
     directory_mode: u=rwx,g=rx,o=
 
+- name: Change file permissions
+  file:
+    path: /opt/app/bin/ctl.sh
+    mode: '0644'
+
 - name: create symbolic link
   file:
     src: /opt/app/bin/ctl.sh

From 9cbc7212d5e7b2d4e1af1e88aee1ce0318191873 Mon Sep 17 00:00:00 2001
From: mini-idea <2596691139@qq.com>
Date: Mon, 12 Jul 2021 10:09:47 +0800
Subject: [PATCH 05/86] Revert "Change file permission Automatically"

This reverts commit 5ad4fa174e34cc8a06486cc1446dfed28cbf45df.
---
 ansible/roles/appctl/tasks/main.yml | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/ansible/roles/appctl/tasks/main.yml b/ansible/roles/appctl/tasks/main.yml
index c3d607a..d677021 100644
--- a/ansible/roles/appctl/tasks/main.yml
+++ b/ansible/roles/appctl/tasks/main.yml
@@ -26,11 +26,6 @@
     mode: preserve
     directory_mode: u=rwx,g=rx,o=
 
-- name: Change file permissions
-  file:
-    path: /opt/app/bin/ctl.sh
-    mode: '0644'
-
 - name: create symbolic link
   file:
     src: /opt/app/bin/ctl.sh

From ac7aeec0d8958b0cf592c24f8e9dae56a90453c2 Mon Sep 17 00:00:00 2001
From: mini-idea <2596691139@qq.com>
Date: Mon, 12 Jul 2021 10:13:07 +0800
Subject: [PATCH 06/86] Change file permission Automatically

---
 ansible/roles/appctl/tasks/main.yml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/ansible/roles/appctl/tasks/main.yml b/ansible/roles/appctl/tasks/main.yml
index d677021..8851e37 100644
--- a/ansible/roles/appctl/tasks/main.yml
+++ b/ansible/roles/appctl/tasks/main.yml
@@ -26,6 +26,11 @@
     mode: preserve
     directory_mode: u=rwx,g=rx,o=
 
+- name: Change file permissions
+  file:
+    path: /opt/app/bin/ctl.sh
+    mode: '0755'
+
 - name: create symbolic link
   file:
     src: /opt/app/bin/ctl.sh

From 9825d4da0692e4226727a38e8ee57428e7ca97c2 Mon Sep 17 00:00:00 2001
From: mini-idea <2596691139@qq.com>
Date: Tue, 13 Jul 2021 15:42:54 +0800
Subject: [PATCH 07/86] add disk for node-haproxy

---
 ansible/roles/appctl/tasks/main.yml                 |  5 +++++
 .../confd/templates/nodectl.sh/01.nodectl.env.tmpl  |  2 +-
 ansible/roles/node-proxy/tasks/main.yml             |  9 +++++++++
 app/cluster.json.mustache                           | 13 +++++++++----
 app/config.json                                     | 10 ++++++++++
 5 files changed, 34 insertions(+), 5 deletions(-)

diff --git a/ansible/roles/appctl/tasks/main.yml b/ansible/roles/appctl/tasks/main.yml
index d677021..d1e96f1 100644
--- a/ansible/roles/appctl/tasks/main.yml
+++ b/ansible/roles/appctl/tasks/main.yml
@@ -26,6 +26,11 @@
     mode: preserve
     directory_mode: u=rwx,g=rx,o=
 
+- name: Change permissions
+  file:
+    path: /opt/app/bin/ctl.sh
+    mode: '0755'
+
 - name: create symbolic link
   file:
     src: /opt/app/bin/ctl.sh
diff --git a/ansible/roles/node-all/files/etc/confd/templates/nodectl.sh/01.nodectl.env.tmpl b/ansible/roles/node-all/files/etc/confd/templates/nodectl.sh/01.nodectl.env.tmpl
index a7d523b..1ea09d0 100644
--- a/ansible/roles/node-all/files/etc/confd/templates/nodectl.sh/01.nodectl.env.tmpl
+++ b/ansible/roles/node-all/files/etc/confd/templates/nodectl.sh/01.nodectl.env.tmpl
@@ -11,7 +11,7 @@ SERVICES="\$SERVICES \$(echo "
 haproxy/true/tcp:5672,http:15672,tcp:61613,tcp:1883,http:{{ $HPPORT }}
 keepalived/true/
 " | xargs)"
-DATA_MOUNTS=""
+DATA_MOUNTS="/log"
 MY_HYPER_TYPE={{ getv "/host/hypervisor" }}
 NODE_CTL="proxy-node"
 {{- else if getvs "/host/role" | filter "client" }}
diff --git a/ansible/roles/node-proxy/tasks/main.yml b/ansible/roles/node-proxy/tasks/main.yml
index 320d09f..154d6c3 100644
--- a/ansible/roles/node-proxy/tasks/main.yml
+++ b/ansible/roles/node-proxy/tasks/main.yml
@@ -8,6 +8,15 @@
     mode: preserve
     directory_mode: u=rwx,g=rx,o=
 
+
+- name: Touch a file
+  file:
+    path: /log
+    state: directory
+    owner: root
+    group: svc
+    mode: 0644		
+
 - name: install confd files
   include_role:
     name: confd-files
\ No newline at end of file
diff --git a/app/cluster.json.mustache b/app/cluster.json.mustache
index 3ae328c..866d4e4 100644
--- a/app/cluster.json.mustache
+++ b/app/cluster.json.mustache
@@ -12,7 +12,7 @@
             "prefer_type": "lxc",
             "sriov_nic": true,
             "zone": "sh1",
-            "image": "img-z1pyzrxh"
+            "image": "img-ve2up59b"
         },
         "instance_class": {{cluster.disc.instance_class}},
         "count": {{cluster.disc.count}},
@@ -97,7 +97,7 @@
             "prefer_type": "lxc",
             "sriov_nic": true,
             "zone": "sh1",
-            "image": "img-z1pyzrxh"
+            "image": "img-ve2up59b"
         },
         "instance_class": {{cluster.ram.instance_class}},
         "count": {{cluster.ram.count}},
@@ -178,7 +178,7 @@
         "container": {
             "type": "kvm",
             "zone": "sh1",
-            "image": "img-z1pyzrxh"
+            "image": "img-ve2up59b"
         },
         "instance_class": {{cluster.client.instance_class}},
         "count": {{cluster.client.count}},
@@ -201,12 +201,17 @@
             "prefer_type":"lxc",
             "sriov_nic": true,
             "zone": "sh1",
-            "image": "img-z1pyzrxh"
+            "image": "img-ve2up59b"
         },
         "instance_class": {{cluster.haproxy.instance_class}},
         "count": {{cluster.haproxy.count}},
         "cpu": {{cluster.haproxy.cpu}},
         "memory": {{cluster.haproxy.memory}},
+        "volume": {
+            "size": {{cluster.haproxy.volume_size}},
+            "mount_point": "/data",
+            "filesystem": "ext4"
+        },
         "services": {
             "start": {
                 "order": 3,
diff --git a/app/config.json b/app/config.json
index 0ceb6d2..9e05e2a 100644
--- a/app/config.json
+++ b/app/config.json
@@ -207,6 +207,16 @@
                 "range": [101, 202],
                 "required": "yes"
             }, {
+                "key": "volume_size",
+                "label": "Volume Size",
+                "description": "The volume size for each instance",
+                "type": "integer",
+                "auto_scale_step": 10,
+                "min": 10,
+                "max": 1000,
+                "default": 10,
+                "required": "yes"
+            },{
                 "key": "count",
                 "label": "Count",
                 "description": "Haproxy HA Node Count",

From 2d4f182e7b8b49aed42a2f10c3a08fe324b51631 Mon Sep 17 00:00:00 2001
From: mini-idea <2596691139@qq.com>
Date: Wed, 14 Jul 2021 16:10:04 +0800
Subject: [PATCH 08/86] enable caddy.service

---
 .../files/lib/systemd/system/caddy.service    |   8 +++----
 .../files/opt/app/bin/envs/svc-caddy.env      |   2 +-
 ansible/roles/node-proxy/tasks/main.yml       |  10 ++++++++-
 .../confd/templates/caddy.sh/00.svc.env.tmpl  |   4 ++--
 .../templates/caddy.sh/01.caddyfile.tmpl      |  20 +++++++++++++-----
 .../templates/caddy.sh/02.index.html.tmpl     |  12 ++++++++++-
 app/app.zip                                   | Bin 0 -> 9065 bytes
 app/cluster.json.mustache                     |   8 +++----
 8 files changed, 46 insertions(+), 18 deletions(-)
 create mode 100644 app/app.zip

diff --git a/ansible/roles/caddy/files/lib/systemd/system/caddy.service b/ansible/roles/caddy/files/lib/systemd/system/caddy.service
index 956a7a2..405a7e4 100644
--- a/ansible/roles/caddy/files/lib/systemd/system/caddy.service
+++ b/ansible/roles/caddy/files/lib/systemd/system/caddy.service
@@ -8,8 +8,8 @@ ConditionFileNotEmpty=/opt/app/conf/caddy/caddyfile
 [Service]
 Restart=on-abnormal
 
-User=caddy
-Group=caddy
+User=root
+Group=root
 
 ; Always set "-root" to something safe in case it gets forgotten in the Caddyfile.
 ExecStart=/opt/caddy/current/caddy -agree=true -conf=/opt/app/conf/caddy/caddyfile
@@ -19,7 +19,7 @@ KillMode=mixed
 KillSignal=SIGQUIT
 TimeoutStopSec=5s
 
-LimitNOFILE=1024
+LimitNOFILE=8192
 LimitNPROC=512
 
 PrivateTmp=true
@@ -27,7 +27,7 @@ PrivateDevices=false
 ProtectHome=true
 ProtectSystem=full
 
-CapabilityBoundingSet=CAP_NET_BIND_SERVICE
+; CapabilityBoundingSet=CAP_NET_BIND_SERVICE
 AmbientCapabilities=CAP_NET_BIND_SERVICE
 NoNewPrivileges=true
 
diff --git a/ansible/roles/caddy/files/opt/app/bin/envs/svc-caddy.env b/ansible/roles/caddy/files/opt/app/bin/envs/svc-caddy.env
index c98b9d4..2d6491f 100644
--- a/ansible/roles/caddy/files/opt/app/bin/envs/svc-caddy.env
+++ b/ansible/roles/caddy/files/opt/app/bin/envs/svc-caddy.env
@@ -1 +1 @@
-SERVICES="$SERVICES caddy/false/http:80"
\ No newline at end of file
+SERVICES="$SERVICES caddy/true/http:80"
\ No newline at end of file
diff --git a/ansible/roles/node-proxy/tasks/main.yml b/ansible/roles/node-proxy/tasks/main.yml
index 154d6c3..9a69134 100644
--- a/ansible/roles/node-proxy/tasks/main.yml
+++ b/ansible/roles/node-proxy/tasks/main.yml
@@ -9,7 +9,7 @@
     directory_mode: u=rwx,g=rx,o=
 
 
-- name: Touch a file
+- name: Touch a Dic
   file:
     path: /log
     state: directory
@@ -17,6 +17,14 @@
     group: svc
     mode: 0644		
 
+- name: Touch a Dic
+  file:
+    path: /log/html
+    state: directory
+    owner: root
+    group: svc
+    mode: 0644	
+
 - name: install confd files
   include_role:
     name: confd-files
\ No newline at end of file
diff --git a/ansible/roles/node-rabbitmq/files/etc/confd/templates/caddy.sh/00.svc.env.tmpl b/ansible/roles/node-rabbitmq/files/etc/confd/templates/caddy.sh/00.svc.env.tmpl
index 36ac4df..a1ae904 100644
--- a/ansible/roles/node-rabbitmq/files/etc/confd/templates/caddy.sh/00.svc.env.tmpl
+++ b/ansible/roles/node-rabbitmq/files/etc/confd/templates/caddy.sh/00.svc.env.tmpl
@@ -1,6 +1,6 @@
 
 flush /opt/app/bin/envs/svc-caddy.env << CADDY_ENV_EOF
-{{- if getvs "/host/role" | filter "(disc|ram)" }}
-SERVICES="\$SERVICES caddy/{{ getv "/env/web_console_enabled" "false" }}/http:80"
+{{- if getvs "/host/role" | filter "(disc|ram|haproxy)" }}
+SERVICES="\$SERVICES caddy/true/http:80"
 {{- end }}
 CADDY_ENV_EOF
diff --git a/ansible/roles/node-rabbitmq/files/etc/confd/templates/caddy.sh/01.caddyfile.tmpl b/ansible/roles/node-rabbitmq/files/etc/confd/templates/caddy.sh/01.caddyfile.tmpl
index fc1efd0..8d0ad14 100644
--- a/ansible/roles/node-rabbitmq/files/etc/confd/templates/caddy.sh/01.caddyfile.tmpl
+++ b/ansible/roles/node-rabbitmq/files/etc/confd/templates/caddy.sh/01.caddyfile.tmpl
@@ -1,13 +1,23 @@
+{{- if getvs "/host/role" | filter "(disc|ram)" }}
 ln -s -f /opt/app/conf/caddy/index.html /data/index.html
-
-flush /opt/app/conf/caddy/Caddyfile << CADDYFILE_EOF
+flush /opt/app/conf/caddy/caddyfile << CADDYFILE_EOF
 {{ getv "/host/ip" }}:80 {
-  {{- with getv "/env/web_console_password" "" }}
-  basicauth / "{{ getv "/env/web_console_username" "admin" }}"  "{{ . }}"
-  {{- end }}
   root /data
   gzip
   browse /log
   tls off
 }
 CADDYFILE_EOF
+{{- end }}
+
+{{- if getvs "/host/role" | filter "haproxy" }}
+ln -s -f /opt/app/conf/caddy/index.html /log/html/logviewer.html
+flush /opt/app/conf/caddy/caddyfile << CADDYFILE_EOF
+{{ getv "/host/ip" }}:80 {
+  root /log
+  gzip
+  browse 
+  tls off
+}
+CADDYFILE_EOF
+{{- end }}
\ No newline at end of file
diff --git a/ansible/roles/node-rabbitmq/files/etc/confd/templates/caddy.sh/02.index.html.tmpl b/ansible/roles/node-rabbitmq/files/etc/confd/templates/caddy.sh/02.index.html.tmpl
index cd76688..8855ca7 100644
--- a/ansible/roles/node-rabbitmq/files/etc/confd/templates/caddy.sh/02.index.html.tmpl
+++ b/ansible/roles/node-rabbitmq/files/etc/confd/templates/caddy.sh/02.index.html.tmpl
@@ -68,8 +68,9 @@ flush /opt/app/conf/caddy/index.html << HTML_EOF
     <main>
       {{- $discNodes :=  getvs "/hosts/disc/*/ip" }}
       {{- $ramNodes :=  getvs "/hosts/ram/*/ip" }}
+      {{- $proxyNodes :=  getvs "/hosts/haproxy/*/ip" }}
       <div class="meta">
-        <span>共 <b>{{ len $discNodes }}</b> 个 disc 节点, <b>{{ len $ramNodes }}</b> 个 ram 节点</span>
+        <span>共 <b>{{ len $discNodes }}</b> 个 disc 节点, <b>{{ len $ramNodes }}</b> 个 ram 节点, <b>{{ len $proxyNodes }}</b> 个 haproxy 节点</span>
       </div>
       <ul class="listing">
         <li class="header">disc节点/目录</li>
@@ -90,6 +91,15 @@ flush /opt/app/conf/caddy/index.html << HTML_EOF
         <li><span>⊞</span><a href="//{{ . }}/">{{ . }}</a></li>
         {{- end }}
         {{- end }}
+        <li class="header">haproxy节点/目录</li>
+        {{- range $proxyNodes }}
+        {{- if eq . (getv "/host/ip") }}
+        <li><span>⊟</span>{{ . }}</li>
+        <li><span class="sub-1">⊞</span><a href="/">log</a></li>
+        {{- else }}
+        <li><span>⊞</span><a href="//{{ . }}/html/logviewer.html">{{ . }}</a></li>
+        {{- end }}
+        {{- end }}
       </ul>
     </main>
     <footer>
diff --git a/app/app.zip b/app/app.zip
new file mode 100644
index 0000000000000000000000000000000000000000..e26f611e1e431da5a553bf0f640e786db4a53151
GIT binary patch
literal 9065
zcmaKS1ymf%y7i#J-JN03!3h#1I1KLY?(PmDNCF{*V8Igx3GO<$d+^{6f#B{u&Xsr0
z`QN>N_v*6lwZE@+^{V=6uToV&KqLSF04RW6g9CLjo6IaEGyp(T8~{LnZnbc6wzjij
zxA$;yJ}_|dSZKg~%rdF;D$i_S{Jl8~O2N*IJt}K#6x``n7M#rZi0~=?Ek1-3z+{lJ
z-R46KqL&6j^b?k9YHfs*BW!fq!+WaHLvOE9j&1ssHCoTu_Bl)EJPSUzeX&n+cS7R-
zdH!0qDUvH2PayG2rQwn1HXAPgSEBEPEVSL^Ge_tFmt<&6tPO@0MYrekRIHakGp?20
zz-5qLwt{`2)_B8I-w^JLQ#gA7k;&MtV?$Q7YY%L{q*5Q$rL}{QEY~b>Z56#u&HdGH
zQ?T6I`a`y$sz_%K)*bR~Cbb6FazuUI>-`T=LXC0_7g*;@BVcFpNMAwqL08jN!!WJm
zbi9GgSldCR7+O1L&3s8JjM_o<qo2zJoB~<{Vi-Il^TUk%mj(iFA*ncc5v8td`zV)d
zTQMG`&iRKUJE7&dEQ=jB0@Zv9n;{X*$ruB-Ex)&v3&f0gd1PA7UkG8Y5nk4Xk#USN
z3Vis65ObPht&o4L$DuN|qFu|;w|8S8=@4J-x@ny=n7>~RVWoCAI;hKd_wasZPHNw0
zH3vbK(sw@W;WHKmm7!LL=*QX4GO}GgbXDHw3Ne#mi@btbj4VG|1<-ao+vHCnfg-Df
z`L!IMw~AC3S+prCSJ{*}#Zf9Bqkl3oPMtbFk*o;6di`3e`*AJ!NY0=)GvpLzv@C7T
zs&M>SVj%YW)>9umS^)|#+qM}xbXL~o<9fwxT8H3y)4fvSusIdUiBLKHQD#?1#0#BI
zNgiWjS!Ow&R6|>yrE+XTC1{HMpv#}9Q)-5AG1BW!=KN*fXB|=-ORFe~SSv41_av_q
z0KRN98<oj%lA;4%6f0?6MBg>5f10>eG$;WtI;c)<HK-m;M&j6ymMpvj`@I!%I0P0%
zESsMU>%d93#-B5@H<p7Kn^n=Wu2ry4xA~aMk#FKJ9!;v3gN{(CtCmv=DhfQzenKpX
zQS@YAA4v$yvgU=0mHW32FSI?rJ4=+~S_8ibRxsox6}H{&l3NTJlB2i@QQd9U+KpQ3
zo$)5W`h<q=7nQ=nrxK-vdX$s(RVZ;ZqI=iaNJRhLMuL8p;{0MHu}+DP8@Vy`IA;v{
zIayN<_m;<B=z2l`jgBccXTI>FhjvsM&u-eJ<*QLDag*SsF+00|dxx8~V<FxZHoGgh
zQ>1iBl%49AR=)J3EHZO0!o=mYn(N42|L3|7(A!WdL0l}Y<J+F<_RYy8k&6S4m7!J}
zlH6Jq?U!&4$jsBKAXSnwO1>;}uLInIRNeBVI5OFN1irYRr2b&j>;+dTx6xZXHEo;w
znONwsJ~R!d?RD_jWpGI4)!6cK^(uDA{bYH_<Iu*^A^%wU>nzXL4-Qww9|jbw1S-tP
zDmXX4Yt8%4IZCmQ->}5o8ETl_w8+enCiq4!k~p`=rA9c=(r=E25{Y6DOf*=kjMW=v
zWrY)@7T}kS%quv)!VgFY_)=Y0N%gru_Gjt~?QTOWucFCN!?LNl57E^mC<nU!ZkM+d
z{sAg&9jiGjEkUU_Z~Gj@##~4V<8FW*p(qUv*LM_63mr{p<{4OK0`R#?KMya8P(=@&
zln+2yr<p38cwNtAxrTC0T5xnZVHVX(dA~&(fDE88>B|Bs8XG7eUP^)br63dxYqm(p
z`;dZ+hKN<h(piyH`a$EX3dxa{L$1fH)uYeF&E~jPc)Tto4K}IHN_M3ecx|G#$x-Hy
zAo6&|RKHGXYILEUd&yp&DU1^IngDJL(P+t7i8mo`ciD~nySsF^LO(JjlO>k>E^Ich
zU)vxGiDDJ*gpoI;+#xUS@!ksTbU`s<TKgLM?=*%+oI6}QUMFj4Z%%$9NF3WU7Kecc
zf8%fs&CDR_KeVthwFAJSRPow(0;fP>^Y<5itg*O3di%Ve2$4sJfEFbBsMIWAPWiKf
z<I~^BlU$4X>o0IcFoYsWSrsTcgx>^fZ#GJRet3zJCoGahP#@nKO6BFU8xmxZK=M(A
z&A7W%Z8UJW7{*W;<<#d~6Rj^_rIIdoD-O!Tx(^xFJcC4hqS(_%$q1!TQ)<t&!|k{{
z21;g_?n$0vN8XjCRk6c(ry@@~c1ES}>=&V~8Yt-bCRQ4T#MN3;v-ZPYK2G`k<w62w
z8?SAGZ;pY<D8W0OkTZfwY8Cf<NS=a6bc3aa&P##|3C8kYDAGb!EJ6aUN+|v=#(|zr
z$;W|Sr6W@Vy_ykdDGIg-_0umK7S4%VMt;zrvRjKWIm+o-5T3ASIE0}p_cJGeZ{E^-
zYw!26c6bs^ib%6muQ_E0WgV5^C(+dYbjinTAwju+8dR_jTM_&Ur<5xr-h@<boKD)~
zMUc`vRJ-qO>yos_m(TSyD$P064>$d*%Di=lwT@5kHLB(;Gz9Cz?Eu@MW#5^8dkJ}n
zc`B1qSW4BfDUj&8ydpJhaSd!AT@ur4m8-<71{Frp%0SceU{^=bkAvMeqt<-)Nh;iq
z$fO%xk{*#~OmR1Ue|994`Zc6WZytXjYoUpdZ(iE0mH)7F3z7=cWb#mA&O6J%j_8dX
zY=CJ1b72C#RVnv()@9|1-G)2ZYjB?<?-*t%EjQzfoqBE>V3v+wiAt4N)&s>vx_Q}S
zToeI^d)%arAS9lTXCg?-r4m_QVZkscQ}gc>jfKLnJ5~zpB{+Ld3<QO|Z%z!y+S-J(
zTn!dOsTsv3=+mfO>P+j*rw}dpqGOcZWHghF$IdD@WrnsjGwa3}BSD<<`vgUVcQ?$P
zW=LT%NgXr0Td0{E(rk7YIXe8-D0H3MGspEBIt>;o)vnt0LJ|E#Gq2q8H_Wv+LB!OJ
zwiIWO3dCiYKzJ<t?GQ2Ih}tjJ>)dWc_3v)Ux8N!w-OXm1T3N@c<E>YggmQ6ex#)ez
zOU3B@lp12h`y3Ri-ixUEY7{#W<&gfU^i1_K@n)51(YM-y;RZ?MCZkijBNBqMU%Nt%
zGN!`pTVVr>N${K+S!K*QZ?&1E*J^~HXtC}(QAch~{K%~j4V=i`)fZW8tq6&7jJ5a7
z6kzuj-A03IiC%`VZ7}(%(7OrrRMtFj0sFlov0u;LQDT4rik`$aZX6>tP^X*iCjChL
z(-8B4%lExijcBgg(J<+2ZbJlC78eXJs-2rMEJ`*nw4tWx-&@#vhP-9myG=kFZ|6_>
zKkZo4@Ltht_@o(S6%n8|+#}NUq;}2y9#R1QT0h;XJ`1Fzlc%wpMNM=L8Xm7(S&PZD
zp;0%Jao{qk2h~aquA4uerZ6t)0*8?ACR2;qD?pgCHOEl0CWErhDl6O3FHRLJvH40&
zwlKsX1Az0G#LRM)ah$gEm4CokQ-F@i(c?ui*_OE)ERCISz3Alj90pj-Dz0g<nzY&j
z8noTJKUB`X61dfr)pUq^Um#IN736>JqWZtlVv*K?I)xZkDIFXD&_)CR;6F!;?pCgj
zW)@Z^t}c#t7JmPX8np+|Iynho#JAY=J5*IUFG8fHn!cJFaZbmauV89%PQCV1T31(6
zaWZBI8dhX@6(tU(s^XY=qxfyXhNotJkY&!gM;MIHtmRgul}>sZ|J_VNZjoiPN*zgN
zE(jJ!2N(qi6c~n&)yQqufIpI__cG;k!SUsH+00%E&ZH`eB$X8o#})?8pR}oe31Bf&
z{jx8boX7+e7br+ZM-g;oHnRs@lORyhwo@|5NA3c}GZ%g|_y3S~9|+8E?)Q|2-W^<*
zE8Z@YSA)|lnMp~i8bAnZtWq6~n1(rz&Oj*Ma2yc|yCaaw%P|gjwa)<gsa3by6URNw
zW;Rio_`-F3$SXG21?`*kXvl(8_$$0byr8S<lyxh0sPX&Dd6y(0#vb|~oIZ!#&(|NE
z{-f}(<i&ID=we~!XvOh&;-|7SLw%lKZazO)e|}`;{149ahPkjhIWZ#EMAQ$D6TjeB
zbQy|K(14r?)hI0c_CgzkK8b1hz<h6(pH8tJI`i^{czd*%qeMEz5~2+<P`tWzttA+g
z)U!(8cM3{s{_-L6ZX4!$G9ZEG*Sf{OIz{B#o)BHwkg1xe=2DiCA#duQ;G1f$_o4o~
zi{X`~?JuwafJ+(x0QXN9{cYJS{^h0KZw>MR+^1lzD^bNp7A@CLR;!0ac!oEwee|uG
z>*&Ftn|P>U%u5+^?dGPSP&pQ@PF;vF{aq|v_(&IQp9jKj!HV-nlp!rB@U$)d@XNG4
zeYXgUj*m_C<Rs71!|y{A?5D?TI`}8UTN(KYg_cb`@UWmzo&xUEna))7uKQpjFQLvs
z;IfEA$#NnxvgO$=CY}as7gSJgSO5K9{;(EO@$%_gk0#Rnrpz3vh>d9Pl+@!ZvC*8{
z3JQm1hw|a7?-$7iUn6}ttVJc&V&Fm=uP}MlhUZADbr>@DBnzr01R}`-$AkF~h;}j?
zfeR$qM0Z|nqdu>VODT_PSl365Pnq8h$;1|tEhfeGTfg!AT;3M?;Y#MFuNX0@=JRj6
z1Ri~kleJB|`WEfO)@>MxM>6r!_q)*tI(KY>Ab~HqV8@WI(H5Up4&<1nj<kS^J?-Ls
zy%{4DYz~enr!XFWvD<2gL$lty;Bn=nh7GODz^03S>Q}g4=QX00jIOg@X;bHF7<5VI
zsLnk6jj82HCa8Wpy9j)r%mQMRXh>!V&_gZzpT2FD<;NUU*{3Fup?^2M8*?a_%#kq6
zayqO~f2}%|^5bPV-aCvHjqh@bAMQ0izglcLhl)H*EKyl#IIvbnpv|vA%b&(l{ClXs
zs`P%GlN5{oc}CBX?s9^NR<FCzE4?W}UCZ>)a)dKc06~7CQEFJJ6PL+Pi1O>k@v*n<
zNNM1SW~!bT6qJ^i=G1M#KF+#e+%1o#O6jy&xP#jRE7Kv4R#YrV7~qIf8(^y*<kDTz
zUNAxAbB5z<5WOOrdoZdCAxLh-ktBXwQko#R3@JG@rgj-Q{NT2Ldi7Y0too*W9Y+^I
z=*^aazGHM6@=dk4U+wp&;ZuXlz3__7qxG=(2arKAMHX?`dpz{Fty8tM$IJ`h2AiSL
zLr>k~{JaEmqT09Um&O%IMm8=9nbtV9ZPSEul%O3SI4Oh!I3h%vx&5>=-xN>7rz#$t
zCw+Odh`TLnCMCJ|!mNCeU?hWiOsLnfhT$x-lzG#1P<;a~D~l%gaBBX0s@jCeeebcX
z1rLKTM5+EnixjWSf{SW;ArWg)@~f(9Ow^GH>5=OoQL~jTT|b8BS?5Nb<0;pRKEGd+
zH$3(v#Bm^{yrPMJ!-U{l9c>#ky}{cE>;<%|cL?cQ>CWR-w6ri~nO^`oJHeFl5RYW)
zc@Lq{``9Z-ggt?wHrr;Uab&9`UF7MnF(wU9C+waGzZOJufJnRCcx?~_u(E)I#a9w0
zAN2%wWsG3k53)w%q0r+*MZ5PD<W5M*)mPnLR`zU7i*x`i67ZmlNHYRjxM2UT)ps~y
zY0Cg^T=QLb7X&6;Jj2@hi-{d|xU^sekU<sPE$0w%NA21VZ%-sbG=J|>;oqguuL6<v
z#s^q2FH6r2YbHDme+BIL>DI&FQY0FPFXpe`X(8R?<VM2vtSCYl;%TL6)mddU7&;1n
zkes&2*fcE7st}N-h0A+&By88|2E)CcRj$`t<0YX5qC_ZU{K$8dyV`^%f$}p5Fjr%K
z^WVzNZkZVEHr+eiAG!0(LF^YH5XnSOh)*RUDGV#>P)h90V$(%mq^%8NDvI12q$+W7
z&QXr*uEDQAX0&1gs%3c!r$);cK2O%>+G(fWxpJe<&<OMU>_<qttkFpP+z%`jGyqdC
z^c-bo%9fUNDE^v)*ve<*sNlP^cC`5DjLZB$)R-jzh7Wo9xyJ7W<NNVP#-%NoHA?!}
zq;F9ppLZH4R-en|p8Zm1RqVn)HGLBcS<Qz+vBd)us^$c)4fesv42h$S+VW&j5Gq%c
zXc)KNJ>5>%@s3fZx_KUiJ4YHKt?<IMq+T;LeJ#@+A4fSSt>iW{z<<!4-c9rvGw_^9
zN6-1I_Hs40$E9v1GEI4_w>Jw71C0S#Wtzpn*n2QIkYyMhArNBN0g+Qx6r{;Q$YtOa
z49X1*r~R&^=PPzmigBAAn{VHQ@iR^#pWyJr8^!jegSjBiHzPDjxTuU}+c4qCUucq|
z8N*>gk1S7E3^PR@wHu8UjcbLK6K|VOTB41nidmcP(l31@m0-n51>;6L%H}qtE-mnZ
zD<VU|%U%yd9?bC7M(TVReqtv#cmiVZ*m465J7TMvf`wnWO~r<JzR{85hNm$!!GoG;
z3h|&-dG00?0;Co9Z?D`?ie8k6D*`3M5uDG5PMW?kHEua1L<4u3gjt!10CHsX?s!H0
zoYGScGp0bRFFNmVqsisu)aD1lu0~ofWAy#lNo;;PW{s$r+HzYQ2J3;S>h*?k)z%NQ
z1*e1hTd^6De1c}@gzJcB_RP}1YcbN49!yId_>wxI5FilE4G1H?C@BHEsq~41sghrZ
z0pPd~0^xqUuDt>iz#Jd#A1YoFImfeaA=vrA&;%balO(SkFJ90UBKPnk(?jy!ySZ(W
zVYv`DF&)1)3<u?5T2;Mwq;zP6n7Hdq4iiA(8L(6`;6}xBMF%ztlUYOuwmh8O&?nF`
z)~S>`un+^B<tVg^vuO8z=fx&1hhkh8bMd(v{(6Z-|GB8slGUCdArKIWjaTsg<)A~e
z$qd~$ov#G1g-v~Oj!Ef{4RU3rloaxSMn5dwT)g=XTSLH|)3{S^OzW8f!*^rU3e6>N
zne2<v-;;;-D}0omy9~O!kzXaBAf#>eH%7}i;HnUjCyU!gK^O#Nw^aJ<pKG~N`4_tH
zA0EkevzuVAgt{7kLF|L43cnoGjyuQ$63qwF`f?nvnMCEM7*~5BCHwtm+n<hOgxQQ8
zgrlX~pWAZjhQm4Xphu9(3bk$$6{*&cY2a3IA)tJLTaIufI$%Uqq?5n(BAt&biIu=0
z6lDEw-A<H{fTqOoZc!jlH{3kYm8JObvFYLZhe1|_&+MGsW83Z>CpAI@yrSUUZ)LO2
zQPDSHgL>>;(;=I9q0a50(3;D~r!#Zd*hZTQwNEq^_6ecwE@C^ro7s_C9O1_t`kHYP
zS0yJz4-&Z-GXVQI+gsJ#h<7($cfqBCV|>)12SCs_QC>&lBT&Ax+H#i{C-;{G!g2JQ
zA=#FpcigA7i%$zEnkyllpb$N64v(s>qwz*+M3I<;1=Kkj80OS(S&?G0i;U}CqDc&6
zg}nqfad0SSPO!6_UFY(``NZetTeWy%-vg8q08si>`+^@icE)E$=aaAet>`l|<<z)W
z5}{+Q5u7Nbka*kDCWeU)y)VdoYsxKd*m1hvn0x^rwWTGhC2&_ic(UnK=onkjvb3Ch
zE`&LWF6=!|h<>vi(Jg`Pbwxm%G$7JG0?KE5mPZ8|I5Hb%H)FGY)gX80V@8xn<gD?a
z-8dowZ@y(?-8I@FimC^<Cs||h<AYy0z(PD#6_<^#JSi7&v!wKw3r2V1R3)xs$uzHU
zM0{xAB7ZDg0zpr#;Nj3(9k`F=j%P}`l&tR~cUl9E+GdB91p921T)4zQY;txW+`f(q
z#1=Yb4O4Dy3rH2Bugv)BQG17?9ptCd(RiwrIu=G?MDpIpnc3T%b&;!NZeR!wo`Y<A
z<Ng4pPf+ipbDg$PCFA6>JQ+d{&xn%bR_5D}ozOa!Sv=~ncb3<Q9KM<B{G4F~8%{w@
zF_Rsk!<eh2$T{IJ39)q#^`_a{@T3SGXtFc9K$>K#s?(ta<Yb#X;KrH0FX*aXU?Lpi
zESYa6{1m2A0*aPvtVM6w$*^6NCmLA4Z*CLMzKbAPUks`2M_T|G2i7#sL{*5$b$#?c
zL_N2lZkrPZix3!TT8>Lk)6!x_EpM-xyN-bxR0`s!<Cjf>JkY;=$JAqvEp-vIosV%n
zx_KZ8C`AQ`Q!cjq>(K~`(%v`?YhFj9qdO>2hHlq9RgL56+&d$Rg&uX(BIzO?nEL^G
zBpd2lnygf^WTMYjagcd99tfg6CPiqXAPo^>z193@qlVwT>zqFlB7A({75AI5Pi<KA
z1FB2G(A%GsFw-!&N(f%hOATZnyLElEhAK}$6xH1V3?uzx>AQS@dk#O?Tt}Jkcv)*b
z6G2~r{D?s&@WnGw-v>fzVrAkIWP(~lv_iFvz0#<cn0>l5-(XcQq=b{+C`cBlCaEnB
z?yTRYuFh86qDBI{Tmv6^4;Fsq7}P&`wwQ#XK`mY9qviMPIZi1~b=Z$K+G*U_tZ6wB
zqdC2PFq>J{T1%9k!o#C(66k(<Xs{iNb<2;hBMyWc{tS@K<5v~R$q*WP0Ws}<nGHsz
z7YlZE*^(<g)mJov7k-o+8aFrr(0S8hE-sv_84URD-hK1W8G3Veygy89OK^qnGN!8Z
z!y&$I(N1+@aUXp7h<VCVhIQgQ%GW?T(L8LhFQ2Z0q*?ikc%}M2$c1ae;zn-9*ae28
zZq$Y!o<Dh}N9?l*+ML2Y2V9vd?AMw=X-&G1;4{BV3W>~EyZGdaqmsG;UyG#-iR#IX
z*@(c-c4lCCO2^EpIKcsL5;5Ae!sZhZBkq;ewapayW#7?+iSZwpF9)|^Q4w22tD;Q4
zXjoR(F>P<3Jw61BfP5t!JW^C7kxwih;4Im}+m5GpvmBh>pE(?+>A525oUv9Ue(0Wb
zk5E<2m3YALFF`|_Zv)1rKO)}~I>oouNZ^sBNszY@9S?o-rR`6tsIXanW6T=ahHFKY
zt#s`XX1dqG{P>yUC|Fdhty=RWnc>ass#q<7N+g6i1a;>8dTf@}_#Hy6fMAQ`u_mF+
z97zjLLe3r~n72@2ovlhpzPk_<3X*_-r6;6^xbj|EQP5PAFnU!4rg3eo`r?#7>@ma>
zq{w4+ZrljJ)g2v-PS2EYt1V16nV^$%DHg?B4%+e!l$zL0^0#S#mkM3Jd+~@yPeT(8
z$Mmw19waAx7=ISuv(9ZyWS8X2a=VG2JcpFP!ZgE}9Vnpp*evh=tvmA)A0d)+XHy7d
za>1;m%2`RRf)@`DJg30h|Ea_gJxj+Y<Wim_cg6cO%hypp1M!*V1=hvPT7|OVN)Z?1
zo2*vz#rhWS`;tF8+wiH<Wz#xr6>w@j$1%>kB6zIM_y!_%I>s@f9eqvYKT=h4p}WK`
zBk#g9_C42RCm3BV1cGv^jBc-Up91g4p8$XEntekL)w%br<PDGjfK)mFfbe<OY~kqT
z;c4amk8M4>({tI(!q)0QU%`crAER|ghs5JD|HL`nI>0du$zS)p@)t7-qF&ceeFx|}
zsM|i`<5AvAm63k$ecy04`)s^ZI%#!+3+B<Y9u(1cP*PA^Y*zLcrdXt)UBvW}hN*nh
z)a}MCdE}fpSO>cfo@3}~f=o7Hr~4@s6mN(+Iuor_!(u64lji<KvjLcGm*y>2pZj+E
z=5%THce-?MnIAWMh{<sN_IO!V!nl#?;8scXo3JQ&=$7UbIwWFEsLcu$rU+gejE62(
zSS}8JNl11_ou{9PZW%1|Z~<x?p_dQxE`~D*;mCN@f)aS942;B74vIFzvsG@Bg>!kz
zH|F-2!U^|(cY&11hV$`-Q+m}0LOI1hpw{(n`H}ANr_&rs%zup_j%tTRx1Rz5R`JX&
zRO|A703#N)M9MiZNywY8;dn|JRloBLr+VIhXb%DoU^Ca&m<$K7x0j5YY|~U!iS~l+
z#5i6d;J+JEcY0x7t}b{H#6ybh#j3FM{%7Ctd$nB<e6=uwmcY~J^kT84u^HW@Bdm=F
z^iDDAW*sw4z#4aJf~amc3q05~0%^TKCOz0y3?&`Gz*Adx&PDlLZkNOP%ZgQ%==wo>
zohP-A4wgloe(6e)ua)8$$Kd|QPO4=68b7-x&jMlk#Ky1#SrfuxL%YXKnGDEbQxs0k
z777hktxbl1_$yVjoss0rQ51+EAx^fZui%MeV_y46=kMYZY1UbJk=^2<L`XE50CSfC
zzR;}cwmh_pQVHz_FL5mXt$~&`B{r*+z3wS}x2$45s9v60yX8j^@)Q9XGCy)0KmJkU
zT_OSUM4`K;c0}{*;=^#b{Lf+*<^%?zyahfP4n0^GO)JIhppInrRjBcab%0r6cE|_c
z#aFV{khD`a@>^!g2MzXs1;;}pP%Fn4L+z^RtT|DL`GtXRGcnixN(9A&*7SLu#u~{b
zk7emXzN3#2IMgSEy>KV8^r2xScu~Q15i?}*LpiaU1k$vgYRd@|kyfK*`Uz7fE$_%9
zHUZwGaICms_ygiZ?&X>6ivY|Z&&!oak*rja)~DA$H#QLwAzgB(rAx4^=}h2vp5g#H
z?W?uny`~)YVsud(Z69l|=fqyS53vu`kEYUqwR*GEPmlDM*;Gl@+}NnSX=_T3RzHet
z*Ea`PZ9LAGj(edvaL@IRPk}Z^7f)$JzOn%$%v7z@x82xLM<+|FR{px-GctEVHR6XZ
z<7BsKK2ir8q9@7MoR9f7JMmU=zF>-K)q`zMn+6NF?Y_Pfi>Jx_#|f-WZYE<9w1Gr4
zQR+0C!80Cnj*Y$5^O<<r)NlF=VNRvd`i*x3LFj@NMTBa_6j49v__o`Nv=Ozd`lGEH
z+mJm1X;OO~b9PG^G<XWoX{NV*l7HL53oRo2K!&hj;>xqJ6z#InHMtU5Lo?znM{PV#
zA(cKnMZ_P%okEHII&Oy-Ei^S8Gh5gZJXfjbHr^~c0D!)|3r**nVIwWQOCVAs-d{56
z>ns#q>+(2oRdnb+D6Y$jVRg7K6P76%5jllnL>gSzoG$#9h4U72dwx}2(&4B<NwXx$
zS_X$>WxwgJX2WKtwIQkeV<#*+dZW@io1SmSy@&y?2nDEs%#IO=S^0@<)?013!z9d6
z&H*U7^OTpqdc*Bl;dAfM?zN(f!NsZelyBGDJM9MzRhmyGR+~Ek2QtLmlHoA7cqgg)
zX>ZOg^TE=Ya64iR=OVckjN2)XocQJ`?Bb3GJ<P-GvXDa)+01nY0hW3k`u+P(N3Q^$
z#wNjDHsgeboqjyu&B`p+8zTF+M(Zmh1KJGg$$RE!&oV0<JT>6IoreHD&&YpVH2+Bd
zb~*y>UyX1862KPm`TG=~SvWup-*k}gEF5xviruH@`d`8SuYCSjaQ0_C_&<p0e>F0+
zRZsl~Xj&)#KaBjl{!b(SO;7%}5uE29ym>z0@h^4xKLN}41c`?}dq36sPecE&_kY)*
z{|)>HH3feH|4WhnPxu{|+%tc$^WX6QE+GFEUmoLs9sg5K{{NZyJ2(Fv-T%AV{?$Y%
o`F~k^|7zwFYE^IKa}WNV|2fV`$bbAH$j`Sl{Ifz&`$z460P~W#e*gdg

literal 0
HcmV?d00001

diff --git a/app/cluster.json.mustache b/app/cluster.json.mustache
index 866d4e4..9c83cad 100644
--- a/app/cluster.json.mustache
+++ b/app/cluster.json.mustache
@@ -12,7 +12,7 @@
             "prefer_type": "lxc",
             "sriov_nic": true,
             "zone": "sh1",
-            "image": "img-ve2up59b"
+            "image": "img-qtlcjq1d"
         },
         "instance_class": {{cluster.disc.instance_class}},
         "count": {{cluster.disc.count}},
@@ -97,7 +97,7 @@
             "prefer_type": "lxc",
             "sriov_nic": true,
             "zone": "sh1",
-            "image": "img-ve2up59b"
+            "image": "img-qtlcjq1d"
         },
         "instance_class": {{cluster.ram.instance_class}},
         "count": {{cluster.ram.count}},
@@ -178,7 +178,7 @@
         "container": {
             "type": "kvm",
             "zone": "sh1",
-            "image": "img-ve2up59b"
+            "image": "img-qtlcjq1d"
         },
         "instance_class": {{cluster.client.instance_class}},
         "count": {{cluster.client.count}},
@@ -201,7 +201,7 @@
             "prefer_type":"lxc",
             "sriov_nic": true,
             "zone": "sh1",
-            "image": "img-ve2up59b"
+            "image": "img-qtlcjq1d"
         },
         "instance_class": {{cluster.haproxy.instance_class}},
         "count": {{cluster.haproxy.count}},

From ff0f849f1c694b73820e12a72491bfba89cc9796 Mon Sep 17 00:00:00 2001
From: billzhang <361846718@qq.com>
Date: Mon, 19 Jul 2021 17:35:49 +0800
Subject: [PATCH 09/86] DEV: Add option of add ssh

---
 app/cluster.json.mustache | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/app/cluster.json.mustache b/app/cluster.json.mustache
index f938436..7d601b5 100644
--- a/app/cluster.json.mustache
+++ b/app/cluster.json.mustache
@@ -3,7 +3,6 @@
     "description": {{cluster.description}},
     "vxnet": {{cluster.vxnet}},
     "multi_zone_policy": "round_robin",
-    "upgrade_policy": [ "appv-j68kmc6i","appv-kgbswtxz" ],
     "upgrading_policy": "sequential",
     "nodes": [{
         "role": "disc",
@@ -11,8 +10,8 @@
             "type": "lxc",
             "prefer_type": "lxc",
             "sriov_nic": true,
-            "zone": "sh1",
-            "image": "img-zpfb1hxm"
+            "zone": "pek3a",
+            "image": "img-mpst6mws"
         },
         "instance_class": {{cluster.disc.instance_class}},
         "count": {{cluster.disc.count}},
@@ -96,8 +95,8 @@
             "type": "lxc",
             "prefer_type": "lxc",
             "sriov_nic": true,
-            "zone": "sh1",
-            "image": "img-zpfb1hxm"
+            "zone": "pek3a",
+            "image": "img-mpst6mws"
         },
         "instance_class": {{cluster.ram.instance_class}},
         "count": {{cluster.ram.count}},
@@ -177,14 +176,15 @@
         "role": "client",
         "container": {
             "type": "kvm",
-            "zone": "sh1",
-            "image": "img-zpfb1hxm"
+            "zone": "pek3a",
+            "image": "img-mpst6mws"
         },
         "instance_class": {{cluster.client.instance_class}},
         "count": {{cluster.client.count}},
         "cpu": {{cluster.client.cpu}},
         "memory": {{cluster.client.memory}},
         "user_access": true,
+        "passphraseless": "ssh-rsa",
         "services": {
             "start": {
                 "cmd": "appctl start"
@@ -193,15 +193,15 @@
                 "cmd": "appctl stop"
             }
         },
-        "advanced_actions": ["scale_horizontal"]
+        "advanced_actions": ["attach_keypairs"]
     }, {
         "role": "haproxy",
         "container": {
             "type": "lxc",
             "prefer_type":"lxc",
             "sriov_nic": true,
-            "zone": "sh1",
-            "image": "img-zpfb1hxm"
+            "zone": "pek3a",
+            "image": "img-mpst6mws"
         },
         "instance_class": {{cluster.haproxy.instance_class}},
         "count": {{cluster.haproxy.count}},

From f1490dec3d51f81d263f8d125d26bce5aae96cb5 Mon Sep 17 00:00:00 2001
From: zhangpeng <pengzhang@yunify.com>
Date: Wed, 14 Jul 2021 16:45:26 +0800
Subject: [PATCH 10/86] Feature: add ans format systemd haproxy keepalived
 rabbitmq log

wip
---
 .../etc/confd/templates/01.header.sh.tmpl     |  2 ++
 .../{nodectl.sh.toml => 0-nodectl.sh.toml}    |  0
 .../files/etc/confd/conf.d/journal.sh.toml    |  8 +++++++
 .../journal.sh/01.journald.conf.tmpl          | 21 +++++++++++++++++++
 .../templates/journal.sh/02.logrotate.tmpl    | 13 ++++++++++++
 .../haproxy.sh/02.haproxy.log.conf.tmpl       | 15 +++++++++++++
 .../templates/haproxy.sh/03.logrotate.tmpl    | 14 +++++++++++++
 .../02.keepalived.sysconfig.tmpl              | 18 ++++++++++++++++
 .../keepalived.sh/03.keepalived.rsyslog.tmpl  |  8 +++++++
 .../templates/keepalived.sh/04.logrotate.tmpl | 13 ++++++++++++
 .../rabbitmq-server.sh/02.rabbitmq.conf.tmpl  |  3 ++-
 .../04.rabbitmq-env.conf.tmpl                 |  6 +++---
 .../rabbitmq-server.sh/06.logrotate.tmpl      | 16 ++++++++++++++
 13 files changed, 133 insertions(+), 4 deletions(-)
 rename ansible/roles/node-all/files/etc/confd/conf.d/{nodectl.sh.toml => 0-nodectl.sh.toml} (100%)
 create mode 100644 ansible/roles/node-all/files/etc/confd/conf.d/journal.sh.toml
 create mode 100644 ansible/roles/node-all/files/etc/confd/templates/journal.sh/01.journald.conf.tmpl
 create mode 100644 ansible/roles/node-all/files/etc/confd/templates/journal.sh/02.logrotate.tmpl
 create mode 100644 ansible/roles/node-proxy/files/etc/confd/templates/haproxy.sh/02.haproxy.log.conf.tmpl
 create mode 100644 ansible/roles/node-proxy/files/etc/confd/templates/haproxy.sh/03.logrotate.tmpl
 create mode 100644 ansible/roles/node-proxy/files/etc/confd/templates/keepalived.sh/02.keepalived.sysconfig.tmpl
 create mode 100644 ansible/roles/node-proxy/files/etc/confd/templates/keepalived.sh/03.keepalived.rsyslog.tmpl
 create mode 100644 ansible/roles/node-proxy/files/etc/confd/templates/keepalived.sh/04.logrotate.tmpl
 create mode 100644 ansible/roles/node-rabbitmq/files/etc/confd/templates/rabbitmq-server.sh/06.logrotate.tmpl

diff --git a/ansible/roles/confd-files/files/etc/confd/templates/01.header.sh.tmpl b/ansible/roles/confd-files/files/etc/confd/templates/01.header.sh.tmpl
index 3b684c2..5fa74a8 100644
--- a/ansible/roles/confd-files/files/etc/confd/templates/01.header.sh.tmpl
+++ b/ansible/roles/confd-files/files/etc/confd/templates/01.header.sh.tmpl
@@ -33,6 +33,8 @@ flush() {
 applyEnvs() {
   local -r envFile=/opt/app/bin/envs/confd.env
   if [ -f "$envFile" ]; then . $envFile; fi
+  local -r nodeEnvFile=/opt/app/bin/envs/nodectl.env
+  if [ -f "$nodeEnvFile" ]; then . $nodeEnvFile; fi
 }
 
 applyEnvs
diff --git a/ansible/roles/node-all/files/etc/confd/conf.d/nodectl.sh.toml b/ansible/roles/node-all/files/etc/confd/conf.d/0-nodectl.sh.toml
similarity index 100%
rename from ansible/roles/node-all/files/etc/confd/conf.d/nodectl.sh.toml
rename to ansible/roles/node-all/files/etc/confd/conf.d/0-nodectl.sh.toml
diff --git a/ansible/roles/node-all/files/etc/confd/conf.d/journal.sh.toml b/ansible/roles/node-all/files/etc/confd/conf.d/journal.sh.toml
new file mode 100644
index 0000000..e7e4538
--- /dev/null
+++ b/ansible/roles/node-all/files/etc/confd/conf.d/journal.sh.toml
@@ -0,0 +1,8 @@
+[template]
+src = "journal.sh.tmpl"
+dest = "/opt/app/bin/tmpl/journal.sh"
+mode = "0700"
+keys = [
+  "/",
+]
+reload_cmd = "/opt/app/bin/tmpl/journal.sh; systemctl restart rsyslog"
diff --git a/ansible/roles/node-all/files/etc/confd/templates/journal.sh/01.journald.conf.tmpl b/ansible/roles/node-all/files/etc/confd/templates/journal.sh/01.journald.conf.tmpl
new file mode 100644
index 0000000..bd4cc7e
--- /dev/null
+++ b/ansible/roles/node-all/files/etc/confd/templates/journal.sh/01.journald.conf.tmpl
@@ -0,0 +1,21 @@
+mkdir -p ${DATA_MOUNTS}/log/journald/
+chmod 777 ${DATA_MOUNTS}/log/journald/
+flush /etc/rsyslog.d/49-journald.conf << JOURNALD_CONFIG_EOF
+module(load="imjournal" PersistStateInterval="100") #load imjournal module
+module(load="mmjsonparse") #load mmjsonparse module for structured logs
+
+#template(name="CEETemplate" type="string" string="%TIMESTAMP% %HOSTNAME% %syslogtag% @cee: %$!all-json%\n" ) #template for messages
+
+#action(type="mmjsonparse")
+{{- if getvs "/host/role" | filter "(disc|ram)" }}
+#action(type="omfile" file="/data/log/journald/journald.log" template="CEETemplate")
+action(type="omfile" file="/data/log/journald/journald.log")
+{{- else if getvs "/host/role" | filter "haproxy" }}
+#action(type="omfile" file="/log/log/journald/journald.log" template="CEETemplate")
+action(type="omfile" file="/log/log/journald/journald.log")
+{{- else if getvs "/host/role" | filter "client" }}
+#action(type="omfile" file="${DATA_MOUNTS}/log/journald/journald.log" template="CEETemplate")
+action(type="omfile" file="${DATA_MOUNTS}/log/journald/journald.log")
+{{- end }}
+
+JOURNALD_CONFIG_EOF
diff --git a/ansible/roles/node-all/files/etc/confd/templates/journal.sh/02.logrotate.tmpl b/ansible/roles/node-all/files/etc/confd/templates/journal.sh/02.logrotate.tmpl
new file mode 100644
index 0000000..29a947f
--- /dev/null
+++ b/ansible/roles/node-all/files/etc/confd/templates/journal.sh/02.logrotate.tmpl
@@ -0,0 +1,13 @@
+flush /etc/logrotate.d/journald << LOGROTATE_EOF
+${DATA_MOUNTS}/log/journald/journald.log {
+    daily
+    rotate 20
+    missingok
+    notifempty
+    compress
+    delaycompress
+    postrotate
+        invoke-rc.d rsyslog rotate >/dev/null 2>&1 || true
+    endscript
+}
+LOGROTATE_EOF
\ No newline at end of file
diff --git a/ansible/roles/node-proxy/files/etc/confd/templates/haproxy.sh/02.haproxy.log.conf.tmpl b/ansible/roles/node-proxy/files/etc/confd/templates/haproxy.sh/02.haproxy.log.conf.tmpl
new file mode 100644
index 0000000..472c1a9
--- /dev/null
+++ b/ansible/roles/node-proxy/files/etc/confd/templates/haproxy.sh/02.haproxy.log.conf.tmpl
@@ -0,0 +1,15 @@
+mkdir -p ${DATA_MOUNTS}/log/haproxy/
+chmod 777 ${DATA_MOUNTS}/log/haproxy/
+
+flush /etc/rsyslog.d/49-haproxy.conf << HAPROXY_LOG_CONF_EOF
+
+# Create an additional socket in haproxy's chroot in order to allow logging via
+# /dev/log to chroot'ed HAProxy processes
+\$AddUnixListenSocket /var/lib/haproxy/dev/log
+
+# Send HAProxy messages to a dedicated logfile
+:programname, startswith, "haproxy" {
+  ${DATA_MOUNTS}/log/haproxy/haproxy.log
+  stop
+}
+HAPROXY_LOG_CONF_EOF
\ No newline at end of file
diff --git a/ansible/roles/node-proxy/files/etc/confd/templates/haproxy.sh/03.logrotate.tmpl b/ansible/roles/node-proxy/files/etc/confd/templates/haproxy.sh/03.logrotate.tmpl
new file mode 100644
index 0000000..dc39a8d
--- /dev/null
+++ b/ansible/roles/node-proxy/files/etc/confd/templates/haproxy.sh/03.logrotate.tmpl
@@ -0,0 +1,14 @@
+
+flush /etc/logrotate.d/haproxy << LOGROTATE_EOF
+${DATA_MOUNTS}/log/haproxy/haproxy.log {
+    daily
+    rotate 20
+    missingok
+    notifempty
+    compress
+    delaycompress
+    postrotate
+        invoke-rc.d rsyslog rotate >/dev/null 2>&1 || true
+    endscript
+}
+LOGROTATE_EOF
\ No newline at end of file
diff --git a/ansible/roles/node-proxy/files/etc/confd/templates/keepalived.sh/02.keepalived.sysconfig.tmpl b/ansible/roles/node-proxy/files/etc/confd/templates/keepalived.sh/02.keepalived.sysconfig.tmpl
new file mode 100644
index 0000000..52f1848
--- /dev/null
+++ b/ansible/roles/node-proxy/files/etc/confd/templates/keepalived.sh/02.keepalived.sysconfig.tmpl
@@ -0,0 +1,18 @@
+flush /opt/keepalived/current/etc/sysconfig/keepalived << 'KEEPALIVED_SYSCONFIG_EOF'
+
+# Options for keepalived. See `keepalived --help' output and keepalived(8) and
+# keepalived.conf(5) man pages for a list of all options. Here are the most
+# common ones :
+#
+# --vrrp               -P    Only run with VRRP subsystem.
+# --check              -C    Only run with Health-checker subsystem.
+# --dont-release-vrrp  -V    Dont remove VRRP VIPs & VROUTEs on daemon stop.
+# --dont-release-ipvs  -I    Dont remove IPVS topology on daemon stop.
+# --dump-conf          -d    Dump the configuration data.
+# --log-detail         -D    Detailed log messages.
+# --log-facility       -S    0-7 Set local syslog facility (default=LOG_DAEMON)
+#
+
+KEEPALIVED_OPTIONS="-D -d -S 0"
+
+KEEPALIVED_SYSCONFIG_EOF
diff --git a/ansible/roles/node-proxy/files/etc/confd/templates/keepalived.sh/03.keepalived.rsyslog.tmpl b/ansible/roles/node-proxy/files/etc/confd/templates/keepalived.sh/03.keepalived.rsyslog.tmpl
new file mode 100644
index 0000000..fc197bd
--- /dev/null
+++ b/ansible/roles/node-proxy/files/etc/confd/templates/keepalived.sh/03.keepalived.rsyslog.tmpl
@@ -0,0 +1,8 @@
+mkdir -p ${DATA_MOUNTS}/log/keepalivd/
+chmod 777 ${DATA_MOUNTS}/log/keepalivd/
+flush /etc/rsyslog.d/49-keepalived.conf << KEEPALIVED_LOG_EOF
+
+if \$programname startswith 'Keepalived' then ${DATA_MOUNTS}/log/keepalivd/keepalived.log
+&stop
+
+KEEPALIVED_LOG_EOF
diff --git a/ansible/roles/node-proxy/files/etc/confd/templates/keepalived.sh/04.logrotate.tmpl b/ansible/roles/node-proxy/files/etc/confd/templates/keepalived.sh/04.logrotate.tmpl
new file mode 100644
index 0000000..21f15ff
--- /dev/null
+++ b/ansible/roles/node-proxy/files/etc/confd/templates/keepalived.sh/04.logrotate.tmpl
@@ -0,0 +1,13 @@
+flush /etc/logrotate.d/keepalived << LOGROTATE_EOF
+${DATA_MOUNTS}/log/keepalived/keepalived.log {
+    daily
+    rotate 20
+    missingok
+    notifempty
+    compress
+    delaycompress
+    postrotate
+        invoke-rc.d rsyslog rotate >/dev/null 2>&1 || true
+    endscript
+}
+LOGROTATE_EOF
\ No newline at end of file
diff --git a/ansible/roles/node-rabbitmq/files/etc/confd/templates/rabbitmq-server.sh/02.rabbitmq.conf.tmpl b/ansible/roles/node-rabbitmq/files/etc/confd/templates/rabbitmq-server.sh/02.rabbitmq.conf.tmpl
index 758b129..0661638 100644
--- a/ansible/roles/node-rabbitmq/files/etc/confd/templates/rabbitmq-server.sh/02.rabbitmq.conf.tmpl
+++ b/ansible/roles/node-rabbitmq/files/etc/confd/templates/rabbitmq-server.sh/02.rabbitmq.conf.tmpl
@@ -1,3 +1,4 @@
+mkdir -p ${DATA_MOUNTS}/log/rabbitmq
 {{- $myRole := getv "/host/role" }}
 
 flush  /etc/rabbitmq/rabbitmq.conf << RABBITMQ_CONF_EOF
@@ -39,7 +40,7 @@ tcp_listen_options.recbuf = 196608
 vm_memory_high_watermark.relative = {{ getv "/env/vm_memory_high_watermark" "0.4" }}
 # vm_memory_high_watermark.absolute = {{ getv "/env/vvm_memory_high_watermark_absolute" "2G" }}
 vm_memory_high_watermark_paging_ratio = {{ getv "/env/vm_memory_high_watermark_paging_ratio" "0.5" }}
-log.dir = /data/log
+log.dir = ${DATA_MOUNTS}/log/rabbitmq/
 
 RABBITMQ_CONF_EOF
 
diff --git a/ansible/roles/node-rabbitmq/files/etc/confd/templates/rabbitmq-server.sh/04.rabbitmq-env.conf.tmpl b/ansible/roles/node-rabbitmq/files/etc/confd/templates/rabbitmq-server.sh/04.rabbitmq-env.conf.tmpl
index 33ee3d2..f13fadc 100644
--- a/ansible/roles/node-rabbitmq/files/etc/confd/templates/rabbitmq-server.sh/04.rabbitmq-env.conf.tmpl
+++ b/ansible/roles/node-rabbitmq/files/etc/confd/templates/rabbitmq-server.sh/04.rabbitmq-env.conf.tmpl
@@ -2,10 +2,10 @@ flush /etc/rabbitmq/rabbitmq-env.conf << RABBIT_ENV_CONF_EOF
 
 RABBITMQ_NODE_IP_ADDRESS=0.0.0.0
 RABBITMQ_NODE_PORT=5672
-RABBITMQ_MNESIA_BASE=/data/mnesia
-RABBITMQ_LOG_BASE=/data/log
+RABBITMQ_MNESIA_BASE=${DATA_MOUNTS}/mnesia
+RABBITMQ_LOG_BASE=${DATA_MOUNTS}/log/rabbitmq/
 RABBITMQ_CONFIG_FILE=/etc/rabbitmq/rabbitmq
 RABBITMQ_MNESIA_DIR=
-RABBITMQ_SCHEMA_DIR=/data/schema
+RABBITMQ_SCHEMA_DIR=${DATA_MOUNTS}/schema
 
 RABBIT_ENV_CONF_EOF
\ No newline at end of file
diff --git a/ansible/roles/node-rabbitmq/files/etc/confd/templates/rabbitmq-server.sh/06.logrotate.tmpl b/ansible/roles/node-rabbitmq/files/etc/confd/templates/rabbitmq-server.sh/06.logrotate.tmpl
new file mode 100644
index 0000000..6f4b10b
--- /dev/null
+++ b/ansible/roles/node-rabbitmq/files/etc/confd/templates/rabbitmq-server.sh/06.logrotate.tmpl
@@ -0,0 +1,16 @@
+flush /etc/logrotate.d/rabbitmq-server << LOGROTATE_EOF
+${DATA_MOUNTS}/log/rabbitmq/*.log {
+    weekly
+    missingok
+    rotate 20
+    compress
+    notifempty
+}
+${DATA_MOUNTS}/log/rabbitmq/log/*.log {
+    weekly
+    missingok
+    rotate 20
+    compress
+    notifempty
+}
+LOGROTATE_EOF
\ No newline at end of file

From f3f512076f4f2c7d9bcd6be2dbf45b50098d9c48 Mon Sep 17 00:00:00 2001
From: zhangpeng <pengzhang@yunify.com>
Date: Tue, 20 Jul 2021 15:42:19 +0800
Subject: [PATCH 11/86] Fix:revise conflict

---
 ansible/roles/appctl/tasks/main.yml |  4 ----
 app/cluster.json.mustache           | 15 ---------------
 app/config.json                     |  4 ----
 3 files changed, 23 deletions(-)

diff --git a/ansible/roles/appctl/tasks/main.yml b/ansible/roles/appctl/tasks/main.yml
index fc286fa..d1e96f1 100644
--- a/ansible/roles/appctl/tasks/main.yml
+++ b/ansible/roles/appctl/tasks/main.yml
@@ -26,11 +26,7 @@
     mode: preserve
     directory_mode: u=rwx,g=rx,o=
 
-<<<<<<< HEAD
-- name: Change file permissions
-=======
 - name: Change permissions
->>>>>>> 2d4f182e7b8b49aed42a2f10c3a08fe324b51631
   file:
     path: /opt/app/bin/ctl.sh
     mode: '0755'
diff --git a/app/cluster.json.mustache b/app/cluster.json.mustache
index 833c79a..8bf3ade 100644
--- a/app/cluster.json.mustache
+++ b/app/cluster.json.mustache
@@ -10,13 +10,8 @@
             "type": "lxc",
             "prefer_type": "lxc",
             "sriov_nic": true,
-<<<<<<< HEAD
-            "zone": "pek3a",
-            "image": "img-mpst6mws"
-=======
             "zone": "sh1",
             "image": "img-qtlcjq1d"
->>>>>>> 2d4f182e7b8b49aed42a2f10c3a08fe324b51631
         },
         "instance_class": {{cluster.disc.instance_class}},
         "count": {{cluster.disc.count}},
@@ -100,13 +95,8 @@
             "type": "lxc",
             "prefer_type": "lxc",
             "sriov_nic": true,
-<<<<<<< HEAD
-            "zone": "pek3a",
-            "image": "img-mpst6mws"
-=======
             "zone": "sh1",
             "image": "img-qtlcjq1d"
->>>>>>> 2d4f182e7b8b49aed42a2f10c3a08fe324b51631
         },
         "instance_class": {{cluster.ram.instance_class}},
         "count": {{cluster.ram.count}},
@@ -210,13 +200,8 @@
             "type": "lxc",
             "prefer_type":"lxc",
             "sriov_nic": true,
-<<<<<<< HEAD
-            "zone": "pek3a",
-            "image": "img-mpst6mws"
-=======
             "zone": "sh1",
             "image": "img-qtlcjq1d"
->>>>>>> 2d4f182e7b8b49aed42a2f10c3a08fe324b51631
         },
         "instance_class": {{cluster.haproxy.instance_class}},
         "count": {{cluster.haproxy.count}},
diff --git a/app/config.json b/app/config.json
index 8bc6987..9e05e2a 100644
--- a/app/config.json
+++ b/app/config.json
@@ -216,11 +216,7 @@
                 "max": 1000,
                 "default": 10,
                 "required": "yes"
-<<<<<<< HEAD
-            }, {
-=======
             },{
->>>>>>> 2d4f182e7b8b49aed42a2f10c3a08fe324b51631
                 "key": "count",
                 "label": "Count",
                 "description": "Haproxy HA Node Count",

From 26dd74f8e1bb973e130f2af1b7f0242c96e199f5 Mon Sep 17 00:00:00 2001
From: zhangpeng <pengzhang@yunify.com>
Date: Wed, 21 Jul 2021 11:13:54 +0800
Subject: [PATCH 12/86] Fix:delete superfluous directory

---
 .../etc/confd/templates/haproxy.sh/02.haproxy.log.conf.tmpl  | 4 +++-
 .../confd/templates/keepalived.sh/03.keepalived.rsyslog.tmpl | 2 ++
 ansible/roles/node-proxy/tasks/main.yml                      | 5 ++---
 .../confd/templates/rabbitmq-server.sh/02.rabbitmq.conf.tmpl | 3 +++
 4 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/ansible/roles/node-proxy/files/etc/confd/templates/haproxy.sh/02.haproxy.log.conf.tmpl b/ansible/roles/node-proxy/files/etc/confd/templates/haproxy.sh/02.haproxy.log.conf.tmpl
index 472c1a9..fb03e1e 100644
--- a/ansible/roles/node-proxy/files/etc/confd/templates/haproxy.sh/02.haproxy.log.conf.tmpl
+++ b/ansible/roles/node-proxy/files/etc/confd/templates/haproxy.sh/02.haproxy.log.conf.tmpl
@@ -1,3 +1,4 @@
+{{- if getvs "/host/role" | filter "haproxy" }}
 mkdir -p ${DATA_MOUNTS}/log/haproxy/
 chmod 777 ${DATA_MOUNTS}/log/haproxy/
 
@@ -12,4 +13,5 @@ flush /etc/rsyslog.d/49-haproxy.conf << HAPROXY_LOG_CONF_EOF
   ${DATA_MOUNTS}/log/haproxy/haproxy.log
   stop
 }
-HAPROXY_LOG_CONF_EOF
\ No newline at end of file
+HAPROXY_LOG_CONF_EOF
+{{- end }}
diff --git a/ansible/roles/node-proxy/files/etc/confd/templates/keepalived.sh/03.keepalived.rsyslog.tmpl b/ansible/roles/node-proxy/files/etc/confd/templates/keepalived.sh/03.keepalived.rsyslog.tmpl
index fc197bd..14175db 100644
--- a/ansible/roles/node-proxy/files/etc/confd/templates/keepalived.sh/03.keepalived.rsyslog.tmpl
+++ b/ansible/roles/node-proxy/files/etc/confd/templates/keepalived.sh/03.keepalived.rsyslog.tmpl
@@ -1,3 +1,4 @@
+{{- if getvs "/host/role" | filter "haproxy" }}
 mkdir -p ${DATA_MOUNTS}/log/keepalivd/
 chmod 777 ${DATA_MOUNTS}/log/keepalivd/
 flush /etc/rsyslog.d/49-keepalived.conf << KEEPALIVED_LOG_EOF
@@ -6,3 +7,4 @@ if \$programname startswith 'Keepalived' then ${DATA_MOUNTS}/log/keepalivd/keepa
 &stop
 
 KEEPALIVED_LOG_EOF
+{{- end }}
diff --git a/ansible/roles/node-proxy/tasks/main.yml b/ansible/roles/node-proxy/tasks/main.yml
index 9a69134..2907a17 100644
--- a/ansible/roles/node-proxy/tasks/main.yml
+++ b/ansible/roles/node-proxy/tasks/main.yml
@@ -8,14 +8,13 @@
     mode: preserve
     directory_mode: u=rwx,g=rx,o=
 
-
 - name: Touch a Dic
   file:
     path: /log
     state: directory
     owner: root
     group: svc
-    mode: 0644		
+    mode: 0644
 
 - name: Touch a Dic
   file:
@@ -23,7 +22,7 @@
     state: directory
     owner: root
     group: svc
-    mode: 0644	
+    mode: 0644
 
 - name: install confd files
   include_role:
diff --git a/ansible/roles/node-rabbitmq/files/etc/confd/templates/rabbitmq-server.sh/02.rabbitmq.conf.tmpl b/ansible/roles/node-rabbitmq/files/etc/confd/templates/rabbitmq-server.sh/02.rabbitmq.conf.tmpl
index 0661638..80748e6 100644
--- a/ansible/roles/node-rabbitmq/files/etc/confd/templates/rabbitmq-server.sh/02.rabbitmq.conf.tmpl
+++ b/ansible/roles/node-rabbitmq/files/etc/confd/templates/rabbitmq-server.sh/02.rabbitmq.conf.tmpl
@@ -1,4 +1,7 @@
+{{- if getvs "/host/role" | filter "(disc|ram)" }}
 mkdir -p ${DATA_MOUNTS}/log/rabbitmq
+{{- end }}
+
 {{- $myRole := getv "/host/role" }}
 
 flush  /etc/rabbitmq/rabbitmq.conf << RABBITMQ_CONF_EOF

From 970d4e921b8dea0486aec712e1bf59b507cfc693 Mon Sep 17 00:00:00 2001
From: zhangpeng <pengzhang@yunify.com>
Date: Wed, 21 Jul 2021 15:18:29 +0800
Subject: [PATCH 13/86] Fix:health check will not restart service when port is
 unreachable

---
 .../files/opt/app/bin/node/proxy-node.sh           | 14 ++++++++++++++
 .../files/opt/app/bin/node/rabbitmq-node.sh        | 14 ++++++++++++++
 2 files changed, 28 insertions(+)

diff --git a/ansible/roles/node-proxy/files/opt/app/bin/node/proxy-node.sh b/ansible/roles/node-proxy/files/opt/app/bin/node/proxy-node.sh
index e378170..c50f7c0 100644
--- a/ansible/roles/node-proxy/files/opt/app/bin/node/proxy-node.sh
+++ b/ansible/roles/node-proxy/files/opt/app/bin/node/proxy-node.sh
@@ -5,3 +5,17 @@ initNode() {
   mkdir -p /data/keepalived/logs
   chown -R root.root /data/keepalived
 }
+
+checkSvc() {
+  checkActive ${1%%/*} || {
+    log "Service '$1' is inactive."
+    return $EC_CHECK_INACTIVE
+  }
+  local endpoints=$(echo $1 | awk -F/ '{print $3}')
+  local endpoint; for endpoint in ${endpoints//,/ }; do
+    checkEndpoint $endpoint || {
+      log "Endpoint '$endpoint' is unreachable."
+      return 0
+    }
+  done
+}
\ No newline at end of file
diff --git a/ansible/roles/node-rabbitmq/files/opt/app/bin/node/rabbitmq-node.sh b/ansible/roles/node-rabbitmq/files/opt/app/bin/node/rabbitmq-node.sh
index 7854ce6..9a0d768 100644
--- a/ansible/roles/node-rabbitmq/files/opt/app/bin/node/rabbitmq-node.sh
+++ b/ansible/roles/node-rabbitmq/files/opt/app/bin/node/rabbitmq-node.sh
@@ -146,4 +146,18 @@ preCheckForUpgrade() {
   local hostVolumeUsed
   hostVolumeUsed="$(df -h /data | awk 'NR == 2 {print $5}')"; #" * <= 30%"
   [[ "${hostVolumeUsed%%%}" -lt "30" ]] || return ${EC_INSUFFICIENT_VOLUME}
+}
+
+checkSvc() {
+  checkActive ${1%%/*} || {
+    log "Service '$1' is inactive."
+    return $EC_CHECK_INACTIVE
+  }
+  local endpoints=$(echo $1 | awk -F/ '{print $3}')
+  local endpoint; for endpoint in ${endpoints//,/ }; do
+    checkEndpoint $endpoint || {
+      log "Endpoint '$endpoint' is unreachable."
+      return 0
+    }
+  done
 }
\ No newline at end of file

From 4136defac0f9c1ee7946969ecc284dacdc5f718c Mon Sep 17 00:00:00 2001
From: mini-idea <2596691139@qq.com>
Date: Thu, 22 Jul 2021 16:10:46 +0800
Subject: [PATCH 14/86] add logs

---
 .../roles/appctl/files/etc/logrotate.d/appctl |  2 +-
 .../appctl/files/etc/rsyslog.d/49-appctl.conf |  2 +-
 ansible/roles/appctl/files/opt/app/bin/ctl.sh | 29 +++++++++++------
 ansible/roles/appctl/tasks/main.yml           |  2 +-
 .../templates/nodectl.sh/01.nodectl.env.tmpl  |  2 +-
 ansible/roles/node-proxy/tasks/main.yml       | 16 ----------
 .../confd/templates/caddy.sh/00.svc.env.tmpl  |  2 +-
 .../templates/caddy.sh/01.caddyfile.tmpl      | 15 ++-------
 .../templates/caddy.sh/02.index.html.tmpl     |  6 ++--
 .../files/opt/app/bin/node/proxy-node.sh      | 23 ++++++++++++++
 .../files/opt/app/bin/node/rabbitmq-node.sh   | 31 +++++++++++++------
 app/cluster.json.mustache                     | 14 ++++-----
 app/config.json                               | 20 ++----------
 app/locale/zh-cn.json                         |  4 +--
 14 files changed, 84 insertions(+), 84 deletions(-)
 create mode 100644 ansible/roles/node-rabbitmq/files/opt/app/bin/node/proxy-node.sh

diff --git a/ansible/roles/appctl/files/etc/logrotate.d/appctl b/ansible/roles/appctl/files/etc/logrotate.d/appctl
index ea5c461..f567a8c 100644
--- a/ansible/roles/appctl/files/etc/logrotate.d/appctl
+++ b/ansible/roles/appctl/files/etc/logrotate.d/appctl
@@ -1,4 +1,4 @@
-/data/appctl/logs/appctl.log {
+/data/log/appctl/appctl.log {
   weekly
   maxsize 2M
   rotate 5
diff --git a/ansible/roles/appctl/files/etc/rsyslog.d/49-appctl.conf b/ansible/roles/appctl/files/etc/rsyslog.d/49-appctl.conf
index da9ad12..cce5ec1 100644
--- a/ansible/roles/appctl/files/etc/rsyslog.d/49-appctl.conf
+++ b/ansible/roles/appctl/files/etc/rsyslog.d/49-appctl.conf
@@ -1,2 +1,2 @@
-if $programname startswith 'appctl' then /data/appctl/logs/appctl.log
+if $programname startswith 'appctl' then /data/log/appctl/appctl.log
 &stop
diff --git a/ansible/roles/appctl/files/opt/app/bin/ctl.sh b/ansible/roles/appctl/files/opt/app/bin/ctl.sh
index 8fb9760..b756bc3 100755
--- a/ansible/roles/appctl/files/opt/app/bin/ctl.sh
+++ b/ansible/roles/appctl/files/opt/app/bin/ctl.sh
@@ -163,13 +163,13 @@ initSvc() {
 
 _checkSvc() {
   checkActive ${1%%/*} || {
-    log "Service '$1' is inactive."
+    # log "Service '$1' is inactive."
     return $EC_CHECK_INACTIVE
   }
   local endpoints=$(echo $1 | awk -F/ '{print $3}')
   local endpoint; for endpoint in ${endpoints//,/ }; do
     checkEndpoint $endpoint || {
-      log "Endpoint '$endpoint' is unreachable."
+      # log "Endpoint '$endpoint' is unreachable."
       return $EC_CHECK_PORT_ERR
     }
   done
@@ -197,20 +197,22 @@ _preCheck() {
 _initNode() {
   checkMounts
   rm -rf /data/lost+found
-  install -d -o syslog -g svc /data/appctl/logs
+  install -d -o syslog -g svc /data/log/appctl/
   local svc; for svc in $(getServices -a); do initSvc $svc; done
 }
 
 _revive() {
+  log "INFO: Application is asked to revive . "
   local svc; for svc in $(getServices); do
     execute checkSvc $svc || restartSvc $svc || log "ERROR: failed to restart '$svc' ($?)."
   done
+  log "INFO: Application revived successfully  . "
 }
 
 _check() {
   local svc; for svc in $(getServices); do
-    execute checkSvc $svc
-  done
+    execute checkSvc $svc || (log "ERROR: $svc failed the health check . " && return 1)
+   done
 }
 
 _start() {
@@ -218,17 +220,22 @@ _start() {
     execute initNode
     systemctl restart rsyslog # output to log files under /data
   }
-  local svc; for svc in $(getServices); do startSvc $svc; done
+  local svc; for svc in $(getServices); do 
+    startSvc $svc || (log "ERROR: service $svc failed to start  . " && return 1)
+  done
 }
 
 _stop() {
-  log "Stopping all services ..."
-  local svc; for svc in $(getServices -a | xargs -n1 | tac); do stopSvc $svc; done
+  local svc; for svc in $(getServices -a | xargs -n1 | tac); do 
+    stopSvc $svc
+  done
 }
 
 _restart() {
+  log "INFO: Application is asked to restart . "
   execute stop
   execute start
+  log "INFO: Application restarted successfully  . "
 }
 
 _reload() {
@@ -236,7 +243,11 @@ _reload() {
   local svcs="${@:-$(getServices -a)}"
   local svc; for svc in $(echo $svcs | xargs -n1 | tac); do stopSvc $svc; done
   local svc; for svc in $svcs; do
-    if isSvcEnabled $svc; then startSvc $svc; fi
+    if isSvcEnabled $svc; then 
+    log "INFO: $svc is asked to reload by appctl . "
+    startSvc $svc
+    log "INFO: $svc reloaded successfully  . "
+    fi
   done
 }
 
diff --git a/ansible/roles/appctl/tasks/main.yml b/ansible/roles/appctl/tasks/main.yml
index d1e96f1..8851e37 100644
--- a/ansible/roles/appctl/tasks/main.yml
+++ b/ansible/roles/appctl/tasks/main.yml
@@ -26,7 +26,7 @@
     mode: preserve
     directory_mode: u=rwx,g=rx,o=
 
-- name: Change permissions
+- name: Change file permissions
   file:
     path: /opt/app/bin/ctl.sh
     mode: '0755'
diff --git a/ansible/roles/node-all/files/etc/confd/templates/nodectl.sh/01.nodectl.env.tmpl b/ansible/roles/node-all/files/etc/confd/templates/nodectl.sh/01.nodectl.env.tmpl
index 1ea09d0..9fc87c8 100644
--- a/ansible/roles/node-all/files/etc/confd/templates/nodectl.sh/01.nodectl.env.tmpl
+++ b/ansible/roles/node-all/files/etc/confd/templates/nodectl.sh/01.nodectl.env.tmpl
@@ -11,7 +11,7 @@ SERVICES="\$SERVICES \$(echo "
 haproxy/true/tcp:5672,http:15672,tcp:61613,tcp:1883,http:{{ $HPPORT }}
 keepalived/true/
 " | xargs)"
-DATA_MOUNTS="/log"
+DATA_MOUNTS="/data"
 MY_HYPER_TYPE={{ getv "/host/hypervisor" }}
 NODE_CTL="proxy-node"
 {{- else if getvs "/host/role" | filter "client" }}
diff --git a/ansible/roles/node-proxy/tasks/main.yml b/ansible/roles/node-proxy/tasks/main.yml
index 2907a17..320d09f 100644
--- a/ansible/roles/node-proxy/tasks/main.yml
+++ b/ansible/roles/node-proxy/tasks/main.yml
@@ -8,22 +8,6 @@
     mode: preserve
     directory_mode: u=rwx,g=rx,o=
 
-- name: Touch a Dic
-  file:
-    path: /log
-    state: directory
-    owner: root
-    group: svc
-    mode: 0644
-
-- name: Touch a Dic
-  file:
-    path: /log/html
-    state: directory
-    owner: root
-    group: svc
-    mode: 0644
-
 - name: install confd files
   include_role:
     name: confd-files
\ No newline at end of file
diff --git a/ansible/roles/node-rabbitmq/files/etc/confd/templates/caddy.sh/00.svc.env.tmpl b/ansible/roles/node-rabbitmq/files/etc/confd/templates/caddy.sh/00.svc.env.tmpl
index a1ae904..6bf6607 100644
--- a/ansible/roles/node-rabbitmq/files/etc/confd/templates/caddy.sh/00.svc.env.tmpl
+++ b/ansible/roles/node-rabbitmq/files/etc/confd/templates/caddy.sh/00.svc.env.tmpl
@@ -1,6 +1,6 @@
 
 flush /opt/app/bin/envs/svc-caddy.env << CADDY_ENV_EOF
 {{- if getvs "/host/role" | filter "(disc|ram|haproxy)" }}
-SERVICES="\$SERVICES caddy/true/http:80"
+SERVICES="\$SERVICES caddy/{{ getv "/env/web_console_enabled" "true" }}/http:80"
 {{- end }}
 CADDY_ENV_EOF
diff --git a/ansible/roles/node-rabbitmq/files/etc/confd/templates/caddy.sh/01.caddyfile.tmpl b/ansible/roles/node-rabbitmq/files/etc/confd/templates/caddy.sh/01.caddyfile.tmpl
index 8d0ad14..25c0d6f 100644
--- a/ansible/roles/node-rabbitmq/files/etc/confd/templates/caddy.sh/01.caddyfile.tmpl
+++ b/ansible/roles/node-rabbitmq/files/etc/confd/templates/caddy.sh/01.caddyfile.tmpl
@@ -1,4 +1,4 @@
-{{- if getvs "/host/role" | filter "(disc|ram)" }}
+{{- if getvs "/host/role" | filter "(disc|ram|haproxy)" }}
 ln -s -f /opt/app/conf/caddy/index.html /data/index.html
 flush /opt/app/conf/caddy/caddyfile << CADDYFILE_EOF
 {{ getv "/host/ip" }}:80 {
@@ -10,14 +10,5 @@ flush /opt/app/conf/caddy/caddyfile << CADDYFILE_EOF
 CADDYFILE_EOF
 {{- end }}
 
-{{- if getvs "/host/role" | filter "haproxy" }}
-ln -s -f /opt/app/conf/caddy/index.html /log/html/logviewer.html
-flush /opt/app/conf/caddy/caddyfile << CADDYFILE_EOF
-{{ getv "/host/ip" }}:80 {
-  root /log
-  gzip
-  browse 
-  tls off
-}
-CADDYFILE_EOF
-{{- end }}
\ No newline at end of file
+
+
diff --git a/ansible/roles/node-rabbitmq/files/etc/confd/templates/caddy.sh/02.index.html.tmpl b/ansible/roles/node-rabbitmq/files/etc/confd/templates/caddy.sh/02.index.html.tmpl
index 8855ca7..2cfad17 100644
--- a/ansible/roles/node-rabbitmq/files/etc/confd/templates/caddy.sh/02.index.html.tmpl
+++ b/ansible/roles/node-rabbitmq/files/etc/confd/templates/caddy.sh/02.index.html.tmpl
@@ -64,7 +64,7 @@ flush /opt/app/conf/caddy/index.html << HTML_EOF
     <title>Files</title>
   </head>
   <body>
-    <header>文件查看器</header>
+    <header>日志查看器</header>
     <main>
       {{- $discNodes :=  getvs "/hosts/disc/*/ip" }}
       {{- $ramNodes :=  getvs "/hosts/ram/*/ip" }}
@@ -95,9 +95,9 @@ flush /opt/app/conf/caddy/index.html << HTML_EOF
         {{- range $proxyNodes }}
         {{- if eq . (getv "/host/ip") }}
         <li><span>⊟</span>{{ . }}</li>
-        <li><span class="sub-1">⊞</span><a href="/">log</a></li>
+        <li><span class="sub-1">⊞</span><a href="./log/">log</a></li>
         {{- else }}
-        <li><span>⊞</span><a href="//{{ . }}/html/logviewer.html">{{ . }}</a></li>
+        <li><span>⊞</span><a href="//{{ . }}/">{{ . }}</a></li>
         {{- end }}
         {{- end }}
       </ul>
diff --git a/ansible/roles/node-rabbitmq/files/opt/app/bin/node/proxy-node.sh b/ansible/roles/node-rabbitmq/files/opt/app/bin/node/proxy-node.sh
new file mode 100644
index 0000000..d9d7ed0
--- /dev/null
+++ b/ansible/roles/node-rabbitmq/files/opt/app/bin/node/proxy-node.sh
@@ -0,0 +1,23 @@
+stop() {
+  log "INFO: Application is asked to stop . "
+  _stop || (log "ERROR: services in Node ${MY_INSTANCE_ID} failed to stop  . " && return 1)
+  log "INFO: Application stopped successfully  . "
+}
+
+start() {
+  log "INFO: Application is asked to start . "
+  _start || (log "ERROR: services in Node ${MY_INSTANCE_ID} failed to start  . " && return 1)
+  log "INFO: Application started successfully  . "
+}
+
+initNode() {
+  log "INFO: Application is about to initialize . "
+  _initNode || ( log "ERROR: Application failed to initialize . " && return 1 )
+  log "INFO: Application initialization completed  . "
+}
+
+reload() {
+  log "INFO: Application is asked to reload  . "
+  _reload $@ 
+  log "INFO: Application reloaded completely . "
+}
\ No newline at end of file
diff --git a/ansible/roles/node-rabbitmq/files/opt/app/bin/node/rabbitmq-node.sh b/ansible/roles/node-rabbitmq/files/opt/app/bin/node/rabbitmq-node.sh
index 9a0d768..81d7dbe 100644
--- a/ansible/roles/node-rabbitmq/files/opt/app/bin/node/rabbitmq-node.sh
+++ b/ansible/roles/node-rabbitmq/files/opt/app/bin/node/rabbitmq-node.sh
@@ -7,7 +7,7 @@ EC_UPGRADE_ERR=244
 
 checkNodesHealthy() {
   local node; for node in $@; do
-    rabbitmqctl -s -n rabbit@${node} node_health_check -t 3 | grep -o passed || return $EC_UNHEALTHY
+    rabbitmqctl -s -n rabbit@${node} node_health_check -t 3 | grep -o passed || ( log "ERROR: rabbit@${node} failed the health check . " && return $EC_UNHEALTHY )
   done
 }
 
@@ -23,46 +23,57 @@ stop() {
   #https://www.rabbitmq.com/clustering.html#restarting
   #the last node to go down is the only one that didn't have any running peers at the time of shutdown.
   #sometimes the last node to stop must be the first node to be started after the upgrade.
+  log "INFO: Application is asked to stop . "
   local i; for i in ${LEAVING_MQ_NODES}; do DISC_NODES="${DISC_NODES//${i}/}"; done
   #In case /hosts /deleting-hosts update are not synchronized
   local firstDiscNode; firstDiscNode="$(echo ${DISC_NODES} | awk -F/ '{print $2}')";
-  if [[ "${MY_INSTANCE_ID}" == "${firstDiscNode}" ]]; then 
+  if [[ "${MY_INSTANCE_ID}" == "${firstDiscNode}" ]]; then
+    log "INFO: Wait until all other Disc nodes are stopped  . " 
     retry 20 3 0 checkOnlyNodeRunning "${firstDiscNode}" #notice return
+    log "INFO: The other Disc nodes have all stopped  . " 
   fi
-  _stop
+  _stop || (log "ERROR: services in Node ${MY_INSTANCE_ID} failed to stop  . " && return 1)
+  log "INFO: Application stopped successfully  . "
 }
 
 start() {
+  log "INFO: Application is asked to start . "
   local firstDiscNode; firstDiscNode="$(echo ${DISC_NODES} | awk -F/ '{print $2}')";
   if [[ "${MY_INSTANCE_ID}" != "${firstDiscNode}" ]]; then # wait for first disc node prepare tables
     retry 15 5 0 checkEndpoint "http:15672" "${firstDiscNode}"
   fi
-  _start
+  _start || (log "ERROR: services in Node ${MY_INSTANCE_ID} failed to start  . " && return 1)
+  log "INFO: Application started successfully  . "
 }
 
 setConfFile() {
   mkdir -p /data/{log,mnesia,config,schema}
-  chown -R rabbitmq:rabbitmq /data/{log,mnesia,config,schema}
+  chown -R rabbitmq:rabbitmq /data/{log/rabbitmq,mnesia,config,schema}
 }
 
 initNode() {
-  _initNode
+  log "INFO: Application is about to initialize . "
+  _initNode || ( log "ERROR: Application failed to initialize . " && return $EC_UNHEALTHY )
   setConfFile
+  log "INFO: Application initialization completed  . "
 }
 
 reload() {
+  log "INFO: Application is asked to reload  . "
   if ! isNodeInitialized; then return 0; fi
   case "${1}" in
     rabbitmq-server)
       local rabbitmqConfFile="/etc/rabbitmq/rabbitmq.conf";
       if test -f ${rabbitmqConfFile}.1 && ! (diff -q -I "^cluster_formation"  ${rabbitmqConfFile} ${rabbitmqConfFile}.1 ) ; then
         # only figure out the changed parameter
-        _reload rabbitmq-server;
+        _reload rabbitmq-server || (log "ERROR: The Rabbitmq-server failed to start . " && return 1);
       fi
       ;;
     *)
-      _reload $@ ;;
+      _reload $@ 
+      ;;
   esac
+  log "INFO: Application reloaded completely . "
 }
 
 preCheckForScaleIn() {
@@ -138,14 +149,14 @@ upgrade() {
   if [[ "$((${#stopedDiscNodes} - 12))" -gt "${#MY_INSTANCE_ID}" ]]; then
     retry 20 3 0 checkNodesHealthy "${lastStopedDiscNode}"
   fi
-  _start || return ${EC_UPGRADE_ERR}
+  _start || ( log "ERROR: Application failed to upgrade  . " && return ${EC_UPGRADE_ERR} )
   # upgrade failed, check volume, rm /data/mnesia/rabbit@${HOSTNAME}/schema_upgrade_lock and retry _start.
 }
 
 preCheckForUpgrade() {
   local hostVolumeUsed
   hostVolumeUsed="$(df -h /data | awk 'NR == 2 {print $5}')"; #" * <= 30%"
-  [[ "${hostVolumeUsed%%%}" -lt "30" ]] || return ${EC_INSUFFICIENT_VOLUME}
+  [[ "${hostVolumeUsed%%%}" -lt "30" ]] || ( log "ERROR: Insufficient disk space to support the upgrade  . " && return ${EC_INSUFFICIENT_VOLUME} )
 }
 
 checkSvc() {
diff --git a/app/cluster.json.mustache b/app/cluster.json.mustache
index 8bf3ade..263b9a5 100644
--- a/app/cluster.json.mustache
+++ b/app/cluster.json.mustache
@@ -11,7 +11,7 @@
             "prefer_type": "lxc",
             "sriov_nic": true,
             "zone": "sh1",
-            "image": "img-qtlcjq1d"
+            "image": "img-2wslwqbn"
         },
         "instance_class": {{cluster.disc.instance_class}},
         "count": {{cluster.disc.count}},
@@ -96,7 +96,7 @@
             "prefer_type": "lxc",
             "sriov_nic": true,
             "zone": "sh1",
-            "image": "img-qtlcjq1d"
+            "image": "img-2wslwqbn"
         },
         "instance_class": {{cluster.ram.instance_class}},
         "count": {{cluster.ram.count}},
@@ -177,7 +177,7 @@
         "container": {
             "type": "kvm",
             "zone": "sh1",
-            "image": "img-qtlcjq1d"
+            "image": "img-2wslwqbn"
         },
         "instance_class": {{cluster.client.instance_class}},
         "count": {{cluster.client.count}},
@@ -201,7 +201,7 @@
             "prefer_type":"lxc",
             "sriov_nic": true,
             "zone": "sh1",
-            "image": "img-qtlcjq1d"
+            "image": "img-2wslwqbn"
         },
         "instance_class": {{cluster.haproxy.instance_class}},
         "count": {{cluster.haproxy.count}},
@@ -238,7 +238,7 @@
             "action_cmd": "appctl revive"
         }, "volume": {
             "size": {{cluster.haproxy.volume_size}},
-            "mount_point": "/log",
+            "mount_point": "/data",
             "filesystem": "ext4"
         }
     }],
@@ -265,9 +265,7 @@
         "background_gc_target_interval": {{env.background_gc_target_interval}},
         "proxy_protocol": {{env.proxy_protocol}},
         "tracing_user": {{env.tracing_user}},
-        "web_console_enabled": {{env.web_console_enabled}},
-        "web_console_username": {{env.web_console_username}},
-        "web_console_password": {{env.web_console_password}}
+        "web_console_enabled": {{env.web_console_enabled}}
     },
     "endpoints": {
         "client": {
diff --git a/app/config.json b/app/config.json
index 9e05e2a..2c6bdde 100644
--- a/app/config.json
+++ b/app/config.json
@@ -216,7 +216,7 @@
                 "max": 1000,
                 "default": 10,
                 "required": "yes"
-            },{
+            }, {
                 "key": "count",
                 "label": "Count",
                 "description": "Haproxy HA Node Count",
@@ -407,23 +407,7 @@
             "label": "Switch of log web console",
             "description": "Whether to enable log web console",
             "type": "boolean",
-            "default": false,
-            "required": "no"
-        }, {
-            "key": "web_console_username",
-            "label": "Username of log web console",
-            "description": "username of log web console",
-            "type": "string",
-            "pattern": "^([a-z0-9.-]+)?$",
-            "default": "admin",
-            "required": "no"
-        }, {
-            "key": "web_console_password",
-            "label": "Password of log web console",
-            "description": "password of log web console",
-            "type": "password",
-            "pattern": "^\\w{0,24}$",
-            "default": "",
+            "default": true,
             "required": "no"
         }]
     }]
diff --git a/app/locale/zh-cn.json b/app/locale/zh-cn.json
index 163c7b2..97919f8 100644
--- a/app/locale/zh-cn.json
+++ b/app/locale/zh-cn.json
@@ -70,8 +70,6 @@
     "err_code241": "节点状态不正常，请检查集群状态",
     "err_code242": "删除过多内存节点和磁盘节点，pause_minority 模式下每次仅允许删除小于总数的 1/2 个节点",
     "err_code243": "节点磁盘使用率超过 30%，剩余空间不足或导致升级失败，请先扩容",
-    "Whether to enable log web console": "文件管理控制台开关，true=开启，默认关闭",
-    "username of log web console": "文件管理控制台登陆用户名，默认admin",
-    "password of log web console": "文件管理控制台登陆密码，默认为空",
+    "Whether to enable log web console": "日志管理控制台开关，true=开启，默认开启",
     "notice_when_upgrade": "1. 如果集群使用了优先队列 (priority queue)，请根据 [文档](https://docs.qingcloud.com/product/middware/rabbitmq/index] 进行操作，否则会导致此类队列里的数据**全部丢失**；\n 2. 若集群中缓存有大量消息数据，升级将极为耗时，单核 1G 内存的节点 10G 数据需要 30 分钟，数据越多速度越慢，建议业务低谷时队列基本为空时操作；\n 3. 每个节点磁盘使用率不得超过 30%，剩余空间不足会导致升级失败。"
 }

From 0ad52191f437999eb3e53cd386d09c6fcdc797ec Mon Sep 17 00:00:00 2001
From: zhangpeng <pengzhang@yunify.com>
Date: Fri, 23 Jul 2021 10:49:25 +0800
Subject: [PATCH 15/86] Fix:fix journald log dir

---
 .../etc/confd/templates/journal.sh/01.journald.conf.tmpl  | 8 --------
 1 file changed, 8 deletions(-)

diff --git a/ansible/roles/node-all/files/etc/confd/templates/journal.sh/01.journald.conf.tmpl b/ansible/roles/node-all/files/etc/confd/templates/journal.sh/01.journald.conf.tmpl
index bd4cc7e..3a78a26 100644
--- a/ansible/roles/node-all/files/etc/confd/templates/journal.sh/01.journald.conf.tmpl
+++ b/ansible/roles/node-all/files/etc/confd/templates/journal.sh/01.journald.conf.tmpl
@@ -7,15 +7,7 @@ module(load="mmjsonparse") #load mmjsonparse module for structured logs
 #template(name="CEETemplate" type="string" string="%TIMESTAMP% %HOSTNAME% %syslogtag% @cee: %$!all-json%\n" ) #template for messages
 
 #action(type="mmjsonparse")
-{{- if getvs "/host/role" | filter "(disc|ram)" }}
-#action(type="omfile" file="/data/log/journald/journald.log" template="CEETemplate")
-action(type="omfile" file="/data/log/journald/journald.log")
-{{- else if getvs "/host/role" | filter "haproxy" }}
-#action(type="omfile" file="/log/log/journald/journald.log" template="CEETemplate")
-action(type="omfile" file="/log/log/journald/journald.log")
-{{- else if getvs "/host/role" | filter "client" }}
 #action(type="omfile" file="${DATA_MOUNTS}/log/journald/journald.log" template="CEETemplate")
 action(type="omfile" file="${DATA_MOUNTS}/log/journald/journald.log")
-{{- end }}
 
 JOURNALD_CONFIG_EOF

From 6a08abc58f965f91d1d4db8664876a122b38a1d2 Mon Sep 17 00:00:00 2001
From: mini-idea <2596691139@qq.com>
Date: Fri, 23 Jul 2021 14:26:51 +0800
Subject: [PATCH 16/86] Resynchronize lost updates

---
 .../rabbitmq-server.sh/02.rabbitmq.conf.tmpl       |  9 +++++++--
 app/cluster.json.mustache                          |  2 ++
 app/config.json                                    | 14 ++++++++++++++
 app/locale/zh-cn.json                              |  2 ++
 4 files changed, 25 insertions(+), 2 deletions(-)

diff --git a/ansible/roles/node-rabbitmq/files/etc/confd/templates/rabbitmq-server.sh/02.rabbitmq.conf.tmpl b/ansible/roles/node-rabbitmq/files/etc/confd/templates/rabbitmq-server.sh/02.rabbitmq.conf.tmpl
index 80748e6..da40796 100644
--- a/ansible/roles/node-rabbitmq/files/etc/confd/templates/rabbitmq-server.sh/02.rabbitmq.conf.tmpl
+++ b/ansible/roles/node-rabbitmq/files/etc/confd/templates/rabbitmq-server.sh/02.rabbitmq.conf.tmpl
@@ -1,3 +1,5 @@
+default_user={{ getv "/env/rabbitmq_default_user" "guest" }}
+default_pass={{ getv "/env/rabbitmq_default_pass" "guest" }}
 {{- if getvs "/host/role" | filter "(disc|ram)" }}
 mkdir -p ${DATA_MOUNTS}/log/rabbitmq
 {{- end }}
@@ -44,6 +46,9 @@ vm_memory_high_watermark.relative = {{ getv "/env/vm_memory_high_watermark" "0.4
 # vm_memory_high_watermark.absolute = {{ getv "/env/vvm_memory_high_watermark_absolute" "2G" }}
 vm_memory_high_watermark_paging_ratio = {{ getv "/env/vm_memory_high_watermark_paging_ratio" "0.5" }}
 log.dir = ${DATA_MOUNTS}/log/rabbitmq/
-
+default_user = $default_user
+default_pass = $default_pass
+loopback_users = none
+default_user_tags.administrator = true
 RABBITMQ_CONF_EOF
-
+rabbitmqctl change_password $default_user $default_pass >/dev/null 2>&1||echo
diff --git a/app/cluster.json.mustache b/app/cluster.json.mustache
index 263b9a5..e7462f6 100644
--- a/app/cluster.json.mustache
+++ b/app/cluster.json.mustache
@@ -243,6 +243,8 @@
         }
     }],
     "env": {
+        "rabbitmq_default_user": {{env.rabbitmq_default_user}},
+        "rabbitmq_default_pass": {{env.rabbitmq_default_pass}},
         "haproxy_balance_policy": {{env.haproxy_balance_policy}},
         "haproxy_web_port": {{env.haproxy_web_port}},
         "haproxy_username": {{env.haproxy_username}},
diff --git a/app/config.json b/app/config.json
index 2c6bdde..b0a8ccf 100644
--- a/app/config.json
+++ b/app/config.json
@@ -234,6 +234,20 @@
         "description": "RabbitMQ service properties",
         "type": "array",
         "properties": [{
+            "key": "rabbitmq_default_user",
+            "label": "rabbitmq_default_user",
+            "description": "rabbitmq_user",
+            "type": "string",
+            "default": "guest",
+            "required": "yes",
+            "changeable": false
+        }, {
+            "key": "rabbitmq_default_pass",
+            "label": "rabbitmq_default_pass",
+            "description": "rabbitmq_pass",
+            "type": "password",
+            "required": "yes"
+        }, {
             "key": "haproxy_balance_policy",
             "label": "haproxy_balance_policy",
             "description": "haproxy balance policy",
diff --git a/app/locale/zh-cn.json b/app/locale/zh-cn.json
index 97919f8..368eb45 100644
--- a/app/locale/zh-cn.json
+++ b/app/locale/zh-cn.json
@@ -4,6 +4,8 @@
     "RabbitMQ cluster propertie": "RabbitMQ 集群",
     "The name of the RabbitMQ service": "RabbitMQ 服务名称",
     "The description of the RabbitMQ service": "RabbitMQ 服务描述",
+    "rabbitmq_user": "Rabbitmq网页控制台管理员用户名(此项配置后不可修改，请谨慎操作）",
+    "rabbitmq_pass": "Rabbitmq网页控制台默认管理员用户密码",
     "VxNet": "私有网络",
     "Test": "测试环境",
     "Prod": "生产环境",

From 77be68dc3554e7e3701b5c0343b51b3d626fe46b Mon Sep 17 00:00:00 2001
From: zhangpeng <pengzhang@yunify.com>
Date: Fri, 23 Jul 2021 16:30:42 +0800
Subject: [PATCH 17/86] Fix:fix get rabbitmq status bug when delete or add new
 node

---
 .../node-rabbitmq/files/opt/app/bin/node/rabbitmq-node.sh   | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/ansible/roles/node-rabbitmq/files/opt/app/bin/node/rabbitmq-node.sh b/ansible/roles/node-rabbitmq/files/opt/app/bin/node/rabbitmq-node.sh
index 81d7dbe..f8fd41c 100644
--- a/ansible/roles/node-rabbitmq/files/opt/app/bin/node/rabbitmq-node.sh
+++ b/ansible/roles/node-rabbitmq/files/opt/app/bin/node/rabbitmq-node.sh
@@ -81,7 +81,7 @@ preCheckForScaleIn() {
   checkNodesHealthy "${allNodes}" # there was unhealthy node
   if [[ -n "${LEAVING_MQ_NODES}" ]]; then
     local clusterInfo; clusterInfo="$(rabbitmqctl -t 3 cluster_status --formatter=json)";
-    local allRunningNodes; allRunningNodes="$(echo $clusterInfo | jq -j '[.nodes.disc[], .nodes.ram[]?]')";
+    local allRunningNodes; allRunningNodes="$(echo $clusterInfo | jq -j '[.disk_nodes[], .ram_nodes[]?]')";
     if [[ "${CLUSTER_PARTITION_HANDLING}" == "pause_minority" ]]; then
       local delNodesCount; delNodesCount=$(echo "${LEAVING_MQ_NODES}" | wc -w);
       local clusterNodesCount; clusterNodesCount=$(echo "${DISC_NODES} ${RAM_NODES}" | awk '{print NF}')
@@ -110,7 +110,7 @@ scaleIn() {
 scaleOut() {
   if [[ -n "${JOINING_MQ_NODES}" ]]; then
     local joinNode; for joinNode in ${JOINING_MQ_NODES}; do
-      local clusterInfo; clusterInfo="$(rabbitmqctl -t 3 cluster_status -n rabbit@${joinNode} --formatter=json | jq -j '[.nodes.disc[], .nodes.ram[]?]')";
+      local clusterInfo; clusterInfo="$(rabbitmqctl -t 3 cluster_status -n rabbit@${joinNode} --formatter=json | jq -j '[.disk_nodes[], .ram_nodes[]?]')";
       if checkNodesHealthy "${joinNode}" && [[ "${clusterInfo}" =~ "${MY_INSTANCE_ID}" ]]; then
         log "${joinNode} was clustered successful in scale-out";
       else
@@ -129,7 +129,7 @@ addNodeToCluster()  {
   # write for the node which peer discover failed or the adding node
   local firstDiscNode; firstDiscNode="$(echo ${DISC_NODES} | awk -F/ '{print $2}')";
   local clusterInfo; clusterInfo="$(rabbitmqctl -t 3 cluster_status --formatter=json)";
-  local allNodes; allNodes="$(echo $clusterInfo | jq -j '[.nodes.disc[], .nodes.ram[]?]')";
+  local allNodes; allNodes="$(echo $clusterInfo | jq -j '[.disk_nodes[], .ram_nodes[]?]')";
   if [[ ! "$allNodes" =~ "${firstDiscNode}" ]]; then  #disc node ${DISC_NODES##*-} was not clustered
     rabbitmqctl stop_app
     rabbitmqctl join_cluster --${MY_ROLE} rabbit@${firstDiscNode}

From 711e829458229ff5d1cf800ad16da8e7f75f9fc8 Mon Sep 17 00:00:00 2001
From: zhangpeng <pengzhang@yunify.com>
Date: Fri, 23 Jul 2021 17:18:09 +0800
Subject: [PATCH 18/86] Fix:merge proxy shell and revise app config

---
 .../files/opt/app/bin/node/proxy-node.sh      | 36 ++++++++++++++-----
 .../files/opt/app/bin/node/proxy-node.sh      | 23 ------------
 app/config.json                               |  2 +-
 app/locale/zh-cn.json                         |  2 +-
 4 files changed, 30 insertions(+), 33 deletions(-)
 delete mode 100644 ansible/roles/node-rabbitmq/files/opt/app/bin/node/proxy-node.sh

diff --git a/ansible/roles/node-proxy/files/opt/app/bin/node/proxy-node.sh b/ansible/roles/node-proxy/files/opt/app/bin/node/proxy-node.sh
index c50f7c0..9ec1733 100644
--- a/ansible/roles/node-proxy/files/opt/app/bin/node/proxy-node.sh
+++ b/ansible/roles/node-proxy/files/opt/app/bin/node/proxy-node.sh
@@ -1,11 +1,3 @@
-initNode() {
-  _initNode
-  mkdir -p /data/haproxy/logs
-  chown -R haproxy.haproxy /data/haproxy
-  mkdir -p /data/keepalived/logs
-  chown -R root.root /data/keepalived
-}
-
 checkSvc() {
   checkActive ${1%%/*} || {
     log "Service '$1' is inactive."
@@ -18,4 +10,32 @@ checkSvc() {
       return 0
     }
   done
+}
+
+stop() {
+  log "INFO: Application is asked to stop . "
+  _stop || (log "ERROR: services in Node ${MY_INSTANCE_ID} failed to stop  . " && return 1)
+  log "INFO: Application stopped successfully  . "
+}
+
+start() {
+  log "INFO: Application is asked to start . "
+  _start || (log "ERROR: services in Node ${MY_INSTANCE_ID} failed to start  . " && return 1)
+  log "INFO: Application started successfully  . "
+}
+
+initNode() {
+  log "INFO: Application is about to initialize . "
+  _initNode || ( log "ERROR: Application failed to initialize . " && return 1 )
+  mkdir -p /data/haproxy/logs
+  chown -R haproxy.haproxy /data/haproxy
+  mkdir -p /data/keepalived/logs
+  chown -R root.root /data/keepalived
+  log "INFO: Application initialization completed  . "
+}
+
+reload() {
+  log "INFO: Application is asked to reload  . "
+  _reload $@
+  log "INFO: Application reloaded completely . "
 }
\ No newline at end of file
diff --git a/ansible/roles/node-rabbitmq/files/opt/app/bin/node/proxy-node.sh b/ansible/roles/node-rabbitmq/files/opt/app/bin/node/proxy-node.sh
deleted file mode 100644
index d9d7ed0..0000000
--- a/ansible/roles/node-rabbitmq/files/opt/app/bin/node/proxy-node.sh
+++ /dev/null
@@ -1,23 +0,0 @@
-stop() {
-  log "INFO: Application is asked to stop . "
-  _stop || (log "ERROR: services in Node ${MY_INSTANCE_ID} failed to stop  . " && return 1)
-  log "INFO: Application stopped successfully  . "
-}
-
-start() {
-  log "INFO: Application is asked to start . "
-  _start || (log "ERROR: services in Node ${MY_INSTANCE_ID} failed to start  . " && return 1)
-  log "INFO: Application started successfully  . "
-}
-
-initNode() {
-  log "INFO: Application is about to initialize . "
-  _initNode || ( log "ERROR: Application failed to initialize . " && return 1 )
-  log "INFO: Application initialization completed  . "
-}
-
-reload() {
-  log "INFO: Application is asked to reload  . "
-  _reload $@ 
-  log "INFO: Application reloaded completely . "
-}
\ No newline at end of file
diff --git a/app/config.json b/app/config.json
index b0a8ccf..7f72673 100644
--- a/app/config.json
+++ b/app/config.json
@@ -316,7 +316,7 @@
             "label": "disk_free_limit",
             "description": "Disk free space (in bytes) limit of the partition on which RabbitMQ is storing data",
             "type": "integer",
-            "default": 50000000,
+            "default": 524288000,
             "required": "no"
         }, {
             "key": "frame_max",
diff --git a/app/locale/zh-cn.json b/app/locale/zh-cn.json
index 368eb45..c094130 100644
--- a/app/locale/zh-cn.json
+++ b/app/locale/zh-cn.json
@@ -54,7 +54,7 @@
     "Maximum time for AMQP 0-8/0-9/0-9-1 handshake (after socket connection and SSL handshake), in milliseconds": "AMQP 0-8/0-9/0-9-1 handshake (在 socket 连接和SSL 握手之后）的最大时间, 单位为毫秒",
     "Memory threshold at which the flow control is triggered": "流程控制触发的内存阀值",
     "Fraction of the high watermark limit at which queues start to page messages out to disc to free up memory": "高水位限制的分数，当达到阀值时，队列中消息会转移到磁盘上以释放内存",
-    "Disk free space (in bytes) limit of the partition on which RabbitMQ is storing data": "RabbitMQ存储数据分区的可用磁盘空间限制．当可用空间值低于阀值时，流程控制将被触发.默认情况下，可用磁盘空间必须超过50MB",
+    "Disk free space (in bytes) limit of the partition on which RabbitMQ is storing data": "RabbitMQ存储数据分区的可用磁盘空间限制．当可用空间值低于阀值时，流程控制将被触发.默认情况下，可用磁盘空间必须超过50MB，默认值为500MB",
     "Maximum permissible size of a frame (in bytes) to negotiate with clients,setting to 0 means unlimited but will trigger a bug in some QPid clients. Setting a larger value may improve throughput; setting a smaller value may improve latency": "与客户端协商的允许最大frame大小. 设置为０表示无限制，但在某些QPid客户端会引发bug. 设置较大的值可以提高吞吐量;设置一个较小的值可能会提高延迟",
     "Maximum permissible number of channels to negotiate with clients. Setting to 0 means unlimited. Using more channels increases memory footprint of the broker.": "与客户端协商的允许最大chanel大小. 设置为０表示无限制．该数值越大，则broker使用的内存就越高",
     "Value representing the heartbeat delay, in seconds, that the server sends in the connection.tune frame": "表示心跳延迟(单位为秒) ，服务器将在connection.tune frame中发送.如果设置为 0, 心跳将被禁用. 客户端可以不用遵循服务器的建议,禁用心跳可以在有大量连接的场景中提高性能，但可能会造成关闭了非活动连接的网络设备上的连接落下",

From 07d14d6aa37173238a0b6b18292091f8501df832 Mon Sep 17 00:00:00 2001
From: billzhang <361846718@qq.com>
Date: Wed, 28 Jul 2021 15:00:22 +0800
Subject: [PATCH 19/86] DEV: Optimize haproxy options

---
 .../confd/templates/haproxy.sh/01.haproxy.cfg.tmpl   | 12 +++++-------
 1 file changed, 5 insertions(+), 7 deletions(-)

diff --git a/ansible/roles/node-proxy/files/etc/confd/templates/haproxy.sh/01.haproxy.cfg.tmpl b/ansible/roles/node-proxy/files/etc/confd/templates/haproxy.sh/01.haproxy.cfg.tmpl
index 5805761..c0f9cea 100644
--- a/ansible/roles/node-proxy/files/etc/confd/templates/haproxy.sh/01.haproxy.cfg.tmpl
+++ b/ansible/roles/node-proxy/files/etc/confd/templates/haproxy.sh/01.haproxy.cfg.tmpl
@@ -23,9 +23,9 @@ defaults
   retries 3
   option redispatch
   maxconn 65535
-  contimeout 5s
-  clitimeout 120s
-  srvtimeout 120s
+  timeout connect 3s
+  timeout client 10s
+  timeout server 10s
 
 #front-end IP for consumers and producters
 listen rabbitmq_cluster
@@ -38,13 +38,11 @@ listen rabbitmq_cluster
   #balance roundrobin
   #simple polling
   balance {{ getv "/env/haproxy_balance_policy" }}
-  timeout client  3h
-  timeout server  3h
   #rabbitmq cluster node config
   {{- range $dir := lsdir "/hosts/disc" }}{{ $ip := printf "/hosts/disc/%s/ip" $dir }}
-  server rabbit_{{ $dir }} {{ getv $ip }}:5672 check inter 5000 rise 2 fall 2  {{ end }}
+  server rabbit_{{ $dir }} {{ getv $ip }}:5672 check inter 500 rise 2 fall 2 on-marked-down shutdown-sessions {{ end }}
   {{- range $dir := lsdir "/hosts/ram" }}{{ $ip := printf "/hosts/ram/%s/ip" $dir }}
-  server rabbit_{{ $dir }} {{ getv $ip }}:5672 check inter 5000 rise 2 fall 2  {{ end }}
+  server rabbit_{{ $dir }} {{ getv $ip }}:5672 check inter 500 rise 2 fall 2 on-marked-down shutdown-sessions {{ end }}
 
 #front-end IP for stomp
 listen rabbitmq_cluster_stomp

From 294998ea5901e8528ef02ae2d1ef65b75e725b29 Mon Sep 17 00:00:00 2001
From: billzhang <361846718@qq.com>
Date: Wed, 28 Jul 2021 15:19:11 +0800
Subject: [PATCH 20/86] DEV: Optimize rabbit options

---
 .../confd/templates/rabbitmq-server.sh/02.rabbitmq.conf.tmpl  | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ansible/roles/node-rabbitmq/files/etc/confd/templates/rabbitmq-server.sh/02.rabbitmq.conf.tmpl b/ansible/roles/node-rabbitmq/files/etc/confd/templates/rabbitmq-server.sh/02.rabbitmq.conf.tmpl
index da40796..4234b33 100644
--- a/ansible/roles/node-rabbitmq/files/etc/confd/templates/rabbitmq-server.sh/02.rabbitmq.conf.tmpl
+++ b/ansible/roles/node-rabbitmq/files/etc/confd/templates/rabbitmq-server.sh/02.rabbitmq.conf.tmpl
@@ -7,7 +7,7 @@ mkdir -p ${DATA_MOUNTS}/log/rabbitmq
 {{- $myRole := getv "/host/role" }}
 
 flush  /etc/rabbitmq/rabbitmq.conf << RABBITMQ_CONF_EOF
-background_gc_enabled = {{ getv "/env/background_gc_enabled" "false" }}
+background_gc_enabled = {{ getv "/env/background_gc_enabled" "true" }}
 background_gc_target_interval = {{ getv "/env/background_gc_target_interval" "60000" }}
 channel_max = {{ getv "/env/channel_max" "10" }}
 
@@ -42,7 +42,7 @@ tcp_listen_options.send_timeout = 15000
 tcp_listen_options.buffer = 196608
 tcp_listen_options.sndbuf = 196608
 tcp_listen_options.recbuf = 196608
-vm_memory_high_watermark.relative = {{ getv "/env/vm_memory_high_watermark" "0.4" }}
+vm_memory_high_watermark.relative = {{ getv "/env/vm_memory_high_watermark" "0.7" }}
 # vm_memory_high_watermark.absolute = {{ getv "/env/vvm_memory_high_watermark_absolute" "2G" }}
 vm_memory_high_watermark_paging_ratio = {{ getv "/env/vm_memory_high_watermark_paging_ratio" "0.5" }}
 log.dir = ${DATA_MOUNTS}/log/rabbitmq/

From de572bf782689b277ea0fc032ed63327d420bd5d Mon Sep 17 00:00:00 2001
From: mini-idea <2596691139@qq.com>
Date: Mon, 9 Aug 2021 14:18:49 +0800
Subject: [PATCH 21/86] add external etcd

---
 .../rabbitmq-server.sh/02.rabbitmq.conf.tmpl  | 15 +++++++--
 .../05.enabled-plugins.tmpl                   |  1 +
 .../files/opt/app/bin/node/rabbitmq-node.sh   | 12 +------
 app/cluster.json.mustache                     | 33 +++++++++++--------
 app/config.json                               | 11 +++++++
 5 files changed, 45 insertions(+), 27 deletions(-)

diff --git a/ansible/roles/node-rabbitmq/files/etc/confd/templates/rabbitmq-server.sh/02.rabbitmq.conf.tmpl b/ansible/roles/node-rabbitmq/files/etc/confd/templates/rabbitmq-server.sh/02.rabbitmq.conf.tmpl
index 4234b33..cc6ec67 100644
--- a/ansible/roles/node-rabbitmq/files/etc/confd/templates/rabbitmq-server.sh/02.rabbitmq.conf.tmpl
+++ b/ansible/roles/node-rabbitmq/files/etc/confd/templates/rabbitmq-server.sh/02.rabbitmq.conf.tmpl
@@ -11,13 +11,22 @@ background_gc_enabled = {{ getv "/env/background_gc_enabled" "true" }}
 background_gc_target_interval = {{ getv "/env/background_gc_target_interval" "60000" }}
 channel_max = {{ getv "/env/channel_max" "10" }}
 
-cluster_formation.peer_discovery_backend = rabbit_peer_discovery_classic_config
+cluster_formation.peer_discovery_backend = etcd
+{{- $clusterId := getv "/cluster/cluster_id" }}
+{{- $etcdHosts := getvs "/links/etcd_service/hosts/etcd_node/*/ip" }}
 {{- $discNodes := join ( getvs "/hosts/disc/*/instance_id") "," }}
 {{- $ramNodes := join ( getvs "/hosts/ram/*/instance_id") "," }}
 {{- $allNodes := split ( printf "%s%s%s" $discNodes ( and $ramNodes ",") $ramNodes) ","}}
-{{- range $i,$node := $allNodes }}
-cluster_formation.classic_config.nodes.{{ add $i 1 }} = rabbit@{{ $node }}
+{{- range $i,$endpoint := $etcdHosts }}
+cluster_formation.etcd.endpoints.{{ add $i 1 }} = {{ $endpoint }}:2379
 {{- end }}
+
+cluster_formation.etcd.key_prefix = /{{ $clusterId }}_prefix
+cluster_formation.etcd.cluster_name = {{ $clusterId }}
+cluster_formation.etcd.node_ttl = 30
+cluster_formation.etcd.lock_timeout = 300
+cluster_formation.node_cleanup.only_log_warning = true
+cluster_formation.node_cleanup.interval = 90
 cluster_formation.node_type = {{ getv "/host/role" }}
 
 cluster_keepalive_interval = {{ getv "/env/cluster_keepalive_interval" "10000" }}
diff --git a/ansible/roles/node-rabbitmq/files/etc/confd/templates/rabbitmq-server.sh/05.enabled-plugins.tmpl b/ansible/roles/node-rabbitmq/files/etc/confd/templates/rabbitmq-server.sh/05.enabled-plugins.tmpl
index 6727c10..1efa48a 100644
--- a/ansible/roles/node-rabbitmq/files/etc/confd/templates/rabbitmq-server.sh/05.enabled-plugins.tmpl
+++ b/ansible/roles/node-rabbitmq/files/etc/confd/templates/rabbitmq-server.sh/05.enabled-plugins.tmpl
@@ -4,6 +4,7 @@ flush /etc/rabbitmq/enabled_plugins << ENABLED_PLUGINS_EOF
   rabbitmq_delayed_message_exchange,
 {{- end }}
   rabbitmq_management,
+  rabbitmq_peer_discovery_etcd,
   rabbitmq_mqtt,
   rabbitmq_shovel,
   rabbitmq_shovel_management,
diff --git a/ansible/roles/node-rabbitmq/files/opt/app/bin/node/rabbitmq-node.sh b/ansible/roles/node-rabbitmq/files/opt/app/bin/node/rabbitmq-node.sh
index f8fd41c..d62612d 100644
--- a/ansible/roles/node-rabbitmq/files/opt/app/bin/node/rabbitmq-node.sh
+++ b/ansible/roles/node-rabbitmq/files/opt/app/bin/node/rabbitmq-node.sh
@@ -1,3 +1,4 @@
+# 使用etcd需要删除fristnode逻辑
 # Error codes
 EC_SCALE_OUT_ERR=240
 EC_UNHEALTHY=241
@@ -24,24 +25,13 @@ stop() {
   #the last node to go down is the only one that didn't have any running peers at the time of shutdown.
   #sometimes the last node to stop must be the first node to be started after the upgrade.
   log "INFO: Application is asked to stop . "
-  local i; for i in ${LEAVING_MQ_NODES}; do DISC_NODES="${DISC_NODES//${i}/}"; done
   #In case /hosts /deleting-hosts update are not synchronized
-  local firstDiscNode; firstDiscNode="$(echo ${DISC_NODES} | awk -F/ '{print $2}')";
-  if [[ "${MY_INSTANCE_ID}" == "${firstDiscNode}" ]]; then
-    log "INFO: Wait until all other Disc nodes are stopped  . " 
-    retry 20 3 0 checkOnlyNodeRunning "${firstDiscNode}" #notice return
-    log "INFO: The other Disc nodes have all stopped  . " 
-  fi
   _stop || (log "ERROR: services in Node ${MY_INSTANCE_ID} failed to stop  . " && return 1)
   log "INFO: Application stopped successfully  . "
 }
 
 start() {
   log "INFO: Application is asked to start . "
-  local firstDiscNode; firstDiscNode="$(echo ${DISC_NODES} | awk -F/ '{print $2}')";
-  if [[ "${MY_INSTANCE_ID}" != "${firstDiscNode}" ]]; then # wait for first disc node prepare tables
-    retry 15 5 0 checkEndpoint "http:15672" "${firstDiscNode}"
-  fi
   _start || (log "ERROR: services in Node ${MY_INSTANCE_ID} failed to start  . " && return 1)
   log "INFO: Application started successfully  . "
 }
diff --git a/app/cluster.json.mustache b/app/cluster.json.mustache
index e7462f6..0c78ca1 100644
--- a/app/cluster.json.mustache
+++ b/app/cluster.json.mustache
@@ -2,6 +2,9 @@
     "name": {{cluster.name}},
     "description": {{cluster.description}},
     "vxnet": {{cluster.vxnet}},
+    "links": {
+    "etcd_service": {{cluster.etcd_service}}
+    },
     "multi_zone_policy": "round_robin",
     "upgrading_policy": "sequential",
     "nodes": [{
@@ -11,7 +14,7 @@
             "prefer_type": "lxc",
             "sriov_nic": true,
             "zone": "sh1",
-            "image": "img-2wslwqbn"
+            "image": "img-ozi8q9x9"
         },
         "instance_class": {{cluster.disc.instance_class}},
         "count": {{cluster.disc.count}},
@@ -26,7 +29,8 @@
             "start": {
                 "order": 1,
                 "cmd": "appctl start",
-                "timeout": 180
+                "nodes_to_execute_on": 255,
+                "timeout": 1000
             },
             "stop": {
                 "order": 2,
@@ -56,8 +60,7 @@
             "action_timeout_sec": 60,
             "healthy_threshold": 2,
             "unhealthy_threshold": 2,
-            "check_cmd": "appctl check",
-            "action_cmd": "appctl revive"
+            "check_cmd": "appctl check"
         },
         "monitor": {
             "enable": true,
@@ -96,7 +99,7 @@
             "prefer_type": "lxc",
             "sriov_nic": true,
             "zone": "sh1",
-            "image": "img-2wslwqbn"
+            "image": "img-ozi8q9x9"
         },
         "instance_class": {{cluster.ram.instance_class}},
         "count": {{cluster.ram.count}},
@@ -109,9 +112,10 @@
         },
         "services": {
             "start": {
-                "order": 2,
+                "order": 1,
                 "cmd": "appctl start",
-                "timeout": 180
+                "nodes_to_execute_on": 255,
+                "timeout": 1000
             },
             "stop": {
                 "order": 1,
@@ -124,6 +128,11 @@
             "destroy": {
                 "order": 1,
                 "cmd": "appctl stop"
+            },"scale_in": {
+                "nodes_to_execute_on": 1,
+                "pre_check": "appctl preCheckForScaleIn",
+                "cmd": "appctl scaleIn",
+                "timeout": 90
             },
             "scale_out": {
                 "cmd": "appctl scaleOut",
@@ -139,8 +148,7 @@
             "action_timeout_sec": 30,
             "healthy_threshold": 2,
             "unhealthy_threshold": 2,
-            "check_cmd": "appctl check",
-            "action_cmd": "appctl revive"
+            "check_cmd": "appctl check"
         },
         "monitor": {
             "enable": true,
@@ -177,7 +185,7 @@
         "container": {
             "type": "kvm",
             "zone": "sh1",
-            "image": "img-2wslwqbn"
+            "image": "img-ozi8q9x9"
         },
         "instance_class": {{cluster.client.instance_class}},
         "count": {{cluster.client.count}},
@@ -201,7 +209,7 @@
             "prefer_type":"lxc",
             "sriov_nic": true,
             "zone": "sh1",
-            "image": "img-2wslwqbn"
+            "image": "img-ozi8q9x9"
         },
         "instance_class": {{cluster.haproxy.instance_class}},
         "count": {{cluster.haproxy.count}},
@@ -234,8 +242,7 @@
             "action_timeout_sec": 30,
             "healthy_threshold": 2,
             "unhealthy_threshold": 2,
-            "check_cmd": "appctl check",
-            "action_cmd": "appctl revive"
+            "check_cmd": "appctl check"
         }, "volume": {
             "size": {{cluster.haproxy.volume_size}},
             "mount_point": "/data",
diff --git a/app/config.json b/app/config.json
index 7f72673..7faaf2a 100644
--- a/app/config.json
+++ b/app/config.json
@@ -25,6 +25,17 @@
             "type": "string",
             "default": "",
             "required": "yes"
+        }, {
+            "key": "etcd_service",
+            "label": "etcd",
+            "description": "Choose a etcd to use",
+            "type": "service",
+            "tag": ["ETCD", "etcd"],
+            "limits": {
+                "app-fdyvu2wk": []
+            },
+            "default": "",
+            "required": "yes"
         }, {
             "key": "resource_group",
             "label": "Resource Configuration",

From 7227f0f49c30fc88905b259d0a8f5d0269483ec4 Mon Sep 17 00:00:00 2001
From: zhbinary <zhbinary@gmail.com>
Date: Wed, 11 Aug 2021 15:41:00 +0800
Subject: [PATCH 22/86] DEBUG: Fix issuse that cluster scale in and out failed

---
 .../files/opt/app/conf/rabbitmq-server/enabled-plugins      | 0
 .../files/opt/app/conf/rabbitmq-server/rabbitmq-conf-sample | 6 ------
 .../files/opt/app/conf/rabbitmq-server/rabbitmq.conf        | 0
 3 files changed, 6 deletions(-)
 delete mode 100644 ansible/roles/node-rabbitmq/files/opt/app/conf/rabbitmq-server/enabled-plugins
 delete mode 100644 ansible/roles/node-rabbitmq/files/opt/app/conf/rabbitmq-server/rabbitmq-conf-sample
 delete mode 100644 ansible/roles/node-rabbitmq/files/opt/app/conf/rabbitmq-server/rabbitmq.conf

diff --git a/ansible/roles/node-rabbitmq/files/opt/app/conf/rabbitmq-server/enabled-plugins b/ansible/roles/node-rabbitmq/files/opt/app/conf/rabbitmq-server/enabled-plugins
deleted file mode 100644
index e69de29..0000000
diff --git a/ansible/roles/node-rabbitmq/files/opt/app/conf/rabbitmq-server/rabbitmq-conf-sample b/ansible/roles/node-rabbitmq/files/opt/app/conf/rabbitmq-server/rabbitmq-conf-sample
deleted file mode 100644
index d000fc7..0000000
--- a/ansible/roles/node-rabbitmq/files/opt/app/conf/rabbitmq-server/rabbitmq-conf-sample
+++ /dev/null
@@ -1,6 +0,0 @@
-CONFIG_FILE=/opt/app/conf/rabbitmq-server/rabbitmq.conf
-ENABLED_PLUGINS_FILE=/opt/app/conf/rabbitmq-server/enabled-plugins
-NODE_IP_ADDRESS=0.0.0.0
-NODE_PORT=5672
-MNESIA_BASE=/var/lib/rabbitmq/mnesia
-LOG_BASE=/data/rabbitmq/log
diff --git a/ansible/roles/node-rabbitmq/files/opt/app/conf/rabbitmq-server/rabbitmq.conf b/ansible/roles/node-rabbitmq/files/opt/app/conf/rabbitmq-server/rabbitmq.conf
deleted file mode 100644
index e69de29..0000000

From 7fd34e8a9345e29a61479ae1897b962193c5277f Mon Sep 17 00:00:00 2001
From: zhbinary <zhbinary@gmail.com>
Date: Wed, 11 Aug 2021 16:07:05 +0800
Subject: [PATCH 23/86] DEBUG: Sacle in an out

---
 .gitignore                                    |   1 +
 .../rabbitmq-server.sh/02.rabbitmq.conf.tmpl  |   8 +-
 .../05.enabled-plugins.tmpl                   |   3 +-
 .../files/opt/app/bin/node/rabbitmq-node.sh   |   1 -
 app/cluster.json.mustache                     | 118 +++---------------
 app/config.json                               |   4 +-
 6 files changed, 22 insertions(+), 113 deletions(-)

diff --git a/.gitignore b/.gitignore
index 1c2d52b..61d1736 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,2 @@
 .idea/*
+*.tar
diff --git a/ansible/roles/node-rabbitmq/files/etc/confd/templates/rabbitmq-server.sh/02.rabbitmq.conf.tmpl b/ansible/roles/node-rabbitmq/files/etc/confd/templates/rabbitmq-server.sh/02.rabbitmq.conf.tmpl
index cc6ec67..17df8c3 100644
--- a/ansible/roles/node-rabbitmq/files/etc/confd/templates/rabbitmq-server.sh/02.rabbitmq.conf.tmpl
+++ b/ansible/roles/node-rabbitmq/files/etc/confd/templates/rabbitmq-server.sh/02.rabbitmq.conf.tmpl
@@ -11,23 +11,20 @@ background_gc_enabled = {{ getv "/env/background_gc_enabled" "true" }}
 background_gc_target_interval = {{ getv "/env/background_gc_target_interval" "60000" }}
 channel_max = {{ getv "/env/channel_max" "10" }}
 
+# Cluster formation
 cluster_formation.peer_discovery_backend = etcd
 {{- $clusterId := getv "/cluster/cluster_id" }}
 {{- $etcdHosts := getvs "/links/etcd_service/hosts/etcd_node/*/ip" }}
-{{- $discNodes := join ( getvs "/hosts/disc/*/instance_id") "," }}
-{{- $ramNodes := join ( getvs "/hosts/ram/*/instance_id") "," }}
-{{- $allNodes := split ( printf "%s%s%s" $discNodes ( and $ramNodes ",") $ramNodes) ","}}
 {{- range $i,$endpoint := $etcdHosts }}
 cluster_formation.etcd.endpoints.{{ add $i 1 }} = {{ $endpoint }}:2379
 {{- end }}
-
 cluster_formation.etcd.key_prefix = /{{ $clusterId }}_prefix
 cluster_formation.etcd.cluster_name = {{ $clusterId }}
 cluster_formation.etcd.node_ttl = 30
 cluster_formation.etcd.lock_timeout = 300
 cluster_formation.node_cleanup.only_log_warning = true
 cluster_formation.node_cleanup.interval = 90
-cluster_formation.node_type = {{ getv "/host/role" }}
+
 
 cluster_keepalive_interval = {{ getv "/env/cluster_keepalive_interval" "10000" }}
 cluster_partition_handling = {{ getv "/env/cluster_partition_handling" "pause_minority" }}
@@ -59,5 +56,6 @@ default_user = $default_user
 default_pass = $default_pass
 loopback_users = none
 default_user_tags.administrator = true
+log.file.level = debug
 RABBITMQ_CONF_EOF
 rabbitmqctl change_password $default_user $default_pass >/dev/null 2>&1||echo
diff --git a/ansible/roles/node-rabbitmq/files/etc/confd/templates/rabbitmq-server.sh/05.enabled-plugins.tmpl b/ansible/roles/node-rabbitmq/files/etc/confd/templates/rabbitmq-server.sh/05.enabled-plugins.tmpl
index 1efa48a..80163eb 100644
--- a/ansible/roles/node-rabbitmq/files/etc/confd/templates/rabbitmq-server.sh/05.enabled-plugins.tmpl
+++ b/ansible/roles/node-rabbitmq/files/etc/confd/templates/rabbitmq-server.sh/05.enabled-plugins.tmpl
@@ -12,6 +12,7 @@ flush /etc/rabbitmq/enabled_plugins << ENABLED_PLUGINS_EOF
   rabbitmq_federation_management,
   rabbitmq_stomp,
   rabbitmq_web_mqtt,
-  rabbitmq_web_stomp
+  rabbitmq_web_stomp,
+  rabbitmq_peer_discovery_etcd
 ].
 ENABLED_PLUGINS_EOF
\ No newline at end of file
diff --git a/ansible/roles/node-rabbitmq/files/opt/app/bin/node/rabbitmq-node.sh b/ansible/roles/node-rabbitmq/files/opt/app/bin/node/rabbitmq-node.sh
index d62612d..4e945af 100644
--- a/ansible/roles/node-rabbitmq/files/opt/app/bin/node/rabbitmq-node.sh
+++ b/ansible/roles/node-rabbitmq/files/opt/app/bin/node/rabbitmq-node.sh
@@ -25,7 +25,6 @@ stop() {
   #the last node to go down is the only one that didn't have any running peers at the time of shutdown.
   #sometimes the last node to stop must be the first node to be started after the upgrade.
   log "INFO: Application is asked to stop . "
-  #In case /hosts /deleting-hosts update are not synchronized
   _stop || (log "ERROR: services in Node ${MY_INSTANCE_ID} failed to stop  . " && return 1)
   log "INFO: Application stopped successfully  . "
 }
diff --git a/app/cluster.json.mustache b/app/cluster.json.mustache
index 0c78ca1..ae6fb95 100644
--- a/app/cluster.json.mustache
+++ b/app/cluster.json.mustache
@@ -3,18 +3,17 @@
     "description": {{cluster.description}},
     "vxnet": {{cluster.vxnet}},
     "links": {
-    "etcd_service": {{cluster.etcd_service}}
+    	"etcd_service": {{cluster.etcd_service}}
     },
     "multi_zone_policy": "round_robin",
     "upgrading_policy": "sequential",
     "nodes": [{
         "role": "disc",
         "container": {
-            "type": "lxc",
-            "prefer_type": "lxc",
+            "type": "kvm",
             "sriov_nic": true,
             "zone": "sh1",
-            "image": "img-ozi8q9x9"
+            "image": "img-yq1ubqy3"
         },
         "instance_class": {{cluster.disc.instance_class}},
         "count": {{cluster.disc.count}},
@@ -27,23 +26,23 @@
         },
         "services": {
             "start": {
-                "order": 1,
+                "order": 0,
                 "cmd": "appctl start",
                 "nodes_to_execute_on": 255,
-                "timeout": 1000
+                "timeout": 500
             },
             "stop": {
-                "order": 2,
+                "order": 1,
                 "cmd": "appctl stop"
             },
             "scale_in": {
-                "nodes_to_execute_on": 1,
+                "nodes_to_execute_on": 10,
                 "pre_check": "appctl preCheckForScaleIn",
                 "cmd": "appctl scaleIn",
                 "timeout": 90
             },
             "destroy": {
-                "order": 2,
+                "order": 0,
                 "cmd": "appctl stop"
             },
             "scale_out": {
@@ -92,100 +91,12 @@
             "display": ["Mem Used", "Fd Used", "Sockets Used", "Proc Used", "Run Queue"],
             "alarm": ["fd_used", "mem_used"]
         }
-    }, {
-        "role": "ram",
-        "container": {
-            "type": "lxc",
-            "prefer_type": "lxc",
-            "sriov_nic": true,
-            "zone": "sh1",
-            "image": "img-ozi8q9x9"
-        },
-        "instance_class": {{cluster.ram.instance_class}},
-        "count": {{cluster.ram.count}},
-        "cpu": {{cluster.ram.cpu}},
-        "memory": {{cluster.ram.memory}},
-        "volume": {
-            "size": {{cluster.ram.volume_size}},
-            "mount_point": "/data",
-            "filesystem": "ext4"
-        },
-        "services": {
-            "start": {
-                "order": 1,
-                "cmd": "appctl start",
-                "nodes_to_execute_on": 255,
-                "timeout": 1000
-            },
-            "stop": {
-                "order": 1,
-                "cmd": "appctl stop"
-            },
-            "restart": {
-                "order": 2,
-                "cmd": "appctl restart"
-            },
-            "destroy": {
-                "order": 1,
-                "cmd": "appctl stop"
-            },"scale_in": {
-                "nodes_to_execute_on": 1,
-                "pre_check": "appctl preCheckForScaleIn",
-                "cmd": "appctl scaleIn",
-                "timeout": 90
-            },
-            "scale_out": {
-                "cmd": "appctl scaleOut",
-                "timeout": 90
-            }
-        },
-        "advanced_actions": ["scale_horizontal"],
-        "vertical_scaling_policy": "sequential",
-        "health_check": {
-            "enable": true,
-            "interval_sec": 60,
-            "timeout_sec": 10,
-            "action_timeout_sec": 30,
-            "healthy_threshold": 2,
-            "unhealthy_threshold": 2,
-            "check_cmd": "appctl check"
-        },
-        "monitor": {
-            "enable": true,
-            "cmd": "appctl measure",
-            "items": {
-                "fd_used": {
-                    "unit": "count"
-                },
-                "sockets_used": {
-                    "unit": "count"
-                },
-                "proc_used": {
-                    "unit": "count"
-                },
-                "run_queue": {
-                    "unit": "count"
-                },
-                "mem_used": {
-                    "unit": "MB"
-                }
-            },
-            "groups": {
-                "Fd Used": ["fd_used"],
-                "Sockets Used": ["sockets_used"],
-                "Proc Used": ["proc_used"],
-                "Run Queue": ["run_queue"],
-                "Mem Used": ["mem_used"]
-            },
-            "display": ["Mem Used", "Fd Used", "Sockets Used", "Proc Used", "Run Queue"],
-            "alarm": ["fd_used", "mem_used"]
-        }
     }, {
         "role": "client",
         "container": {
             "type": "kvm",
             "zone": "sh1",
-            "image": "img-ozi8q9x9"
+            "image": "img-yq1ubqy3"
         },
         "instance_class": {{cluster.client.instance_class}},
         "count": {{cluster.client.count}},
@@ -205,11 +116,10 @@
     }, {
         "role": "haproxy",
         "container": {
-            "type": "lxc",
-            "prefer_type":"lxc",
+            "type": "kvm",
             "sriov_nic": true,
             "zone": "sh1",
-            "image": "img-ozi8q9x9"
+            "image": "img-yq1ubqy3"
         },
         "instance_class": {{cluster.haproxy.instance_class}},
         "count": {{cluster.haproxy.count}},
@@ -222,15 +132,15 @@
         },
         "services": {
             "start": {
-                "order": 3,
+                "order": 1,
                 "cmd": "appctl start"
             },
             "stop": {
-                "order": 3,
+                "order": 0,
                 "cmd": "appctl stop"
             },
             "restart": {
-                "order": 3,
+                "order": 0,
                 "cmd": "appctl restart"
             }
         },
diff --git a/app/config.json b/app/config.json
index 7faaf2a..037f3f8 100644
--- a/app/config.json
+++ b/app/config.json
@@ -25,7 +25,7 @@
             "type": "string",
             "default": "",
             "required": "yes"
-        }, {
+        },  {
             "key": "etcd_service",
             "label": "etcd",
             "description": "Choose a etcd to use",
@@ -36,7 +36,7 @@
             },
             "default": "",
             "required": "yes"
-        }, {
+        },  {
             "key": "resource_group",
             "label": "Resource Configuration",
             "description": "Test: 3 disc nodes with 1 HAProxy node; Prod: 3 disc nodes with 2 HAProxy nodes",

From 024a57af8335734427fd5d68cb2d339a2dac6471 Mon Sep 17 00:00:00 2001
From: zhangpeng <pengzhang@yunify.com>
Date: Mon, 16 Aug 2021 07:47:27 +0800
Subject: [PATCH 24/86] fix: delete role for config

---
 app/cluster.json.mustache |  6 ++---
 app/config.json           | 51 ---------------------------------------
 app/locale/zh-cn.json     |  2 --
 3 files changed, 3 insertions(+), 56 deletions(-)

diff --git a/app/cluster.json.mustache b/app/cluster.json.mustache
index ae6fb95..af1bc70 100644
--- a/app/cluster.json.mustache
+++ b/app/cluster.json.mustache
@@ -13,7 +13,7 @@
             "type": "kvm",
             "sriov_nic": true,
             "zone": "sh1",
-            "image": "img-yq1ubqy3"
+            "image": "img-jg2jgk6n"
         },
         "instance_class": {{cluster.disc.instance_class}},
         "count": {{cluster.disc.count}},
@@ -96,7 +96,7 @@
         "container": {
             "type": "kvm",
             "zone": "sh1",
-            "image": "img-yq1ubqy3"
+            "image": "img-jg2jgk6n"
         },
         "instance_class": {{cluster.client.instance_class}},
         "count": {{cluster.client.count}},
@@ -119,7 +119,7 @@
             "type": "kvm",
             "sriov_nic": true,
             "zone": "sh1",
-            "image": "img-yq1ubqy3"
+            "image": "img-jg2jgk6n"
         },
         "instance_class": {{cluster.haproxy.instance_class}},
         "count": {{cluster.haproxy.count}},
diff --git a/app/config.json b/app/config.json
index 037f3f8..ab66ac7 100644
--- a/app/config.json
+++ b/app/config.json
@@ -96,57 +96,6 @@
                 "max": 100,
                 "required": "yes"
             }]
-        }, {
-            "key": "ram",
-            "label": "Ram Node",
-            "description": "Ram Node",
-            "type": "array",
-            "properties": [{
-                "key": "cpu",
-                "label": "CPU",
-                "description": "CPUs of each node",
-                "type": "integer",
-                "default": 1,
-                "range": [1, 2, 4, 8, 16, 32],
-                "required": "yes"
-            }, {
-                "key": "memory",
-                "label": "Memory",
-                "description": "Memory of each node",
-                "type": "integer",
-                "default": 2048,
-                "range": [1024, 2048, 4096, 8192, 16384, 32768, 49152, 65536, 131072],
-                "required": "yes"
-            }, {
-                "key": "instance_class",
-                "label": "Instance Class",
-                "description": "",
-                "type": "integer",
-                "default": 101,
-                "range": [101, 202],
-                "resource_group": [101, 202],
-                "required": "yes"
-            }, {
-                "key": "volume_size",
-                "label": "Volume Size",
-                "description": "The volume size for each instance",
-                "type": "integer",
-                "auto_scale_step": 10,
-                "min": 10,
-                "max": 1000,
-                "default": 10,
-                "required": "yes"
-            }, {
-                "key": "count",
-                "label": "Count",
-                "description": "Ram Node Count",
-                "type": "integer",
-                "auto_scale_step": 1,
-                "default": 0,
-                "min": 0,
-                "max": 100,
-                "required": "yes"
-            }]
         }, {
             "key": "client",
             "label": "client Node",
diff --git a/app/locale/zh-cn.json b/app/locale/zh-cn.json
index c094130..5e09928 100644
--- a/app/locale/zh-cn.json
+++ b/app/locale/zh-cn.json
@@ -40,7 +40,6 @@
     "uri": "uri 哈希",
     "client Node": "client 节点",
     "Disc Node Count": "磁盘节点个数",
-    "Ram Node Count": "内存节点个数",
     "Client Node Count": "client 节点个数",
     "haproxy web port": "haproxy 监控界面端口",
     "haproxy web login usernam": "haproxy 监控界面用户名",
@@ -49,7 +48,6 @@
     "haproxy balance policy": "负载均衡策略(roundrobin:轮询, leastconn:最小连接, static-rr:静态权重, source:IP 哈希, uri:uri 哈希, url_param:url_param 哈希)",
     "Haproxy HA Node Count": "负载均衡器高可用节点个数(0个节点：不需要负载均衡;1个节点：负载均衡;2个节点：负载均衡器高可用负载均衡)",
     "Disc Node": "磁盘节点",
-    "Ram Node": "内存节点",
     "Number of Erlang processes that will accept connections for the TCP listeners": "接受TCP侦听器连接的Erlang进程数",
     "Maximum time for AMQP 0-8/0-9/0-9-1 handshake (after socket connection and SSL handshake), in milliseconds": "AMQP 0-8/0-9/0-9-1 handshake (在 socket 连接和SSL 握手之后）的最大时间, 单位为毫秒",
     "Memory threshold at which the flow control is triggered": "流程控制触发的内存阀值",

From 1606a0f3ce189fe4d5680dfa76e796066fb808a3 Mon Sep 17 00:00:00 2001
From: zhangpeng <pengzhang@yunify.com>
Date: Mon, 23 Aug 2021 14:33:53 +0800
Subject: [PATCH 25/86] Fix: Limit the number of nodes for all roles

---
 app/config.json | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/app/config.json b/app/config.json
index ab66ac7..de8d620 100644
--- a/app/config.json
+++ b/app/config.json
@@ -92,7 +92,7 @@
                 "type": "integer",
                 "auto_scale_step": 1,
                 "default": 3,
-                "min": 1,
+                "min": 3,
                 "max": 100,
                 "required": "yes"
             }]
@@ -131,8 +131,7 @@
                 "description": "Client Node Count",
                 "type": "integer",
                 "default": 1,
-                "min": 0,
-                "max": 1,
+                "min": 1,
                 "required": "yes"
             }]
         }, {
@@ -181,9 +180,9 @@
                 "label": "Count",
                 "description": "Haproxy HA Node Count",
                 "type": "integer",
-                "min": 0,
-                "max": 2,
-                "default": 1,
+                "min": 2,
+                "max": 100,
+                "default": 2,
                 "resource_group": [1, 2],
                 "required": "yes"
             }]

From f98416f696ba24982f1ba1f671e417ffab46b7c0 Mon Sep 17 00:00:00 2001
From: zhangpeng <pengzhang@yunify.com>
Date: Mon, 23 Aug 2021 14:59:55 +0800
Subject: [PATCH 26/86] Fix: delete resource group for proxy role

---
 app/config.json       | 1 -
 app/locale/zh-cn.json | 2 +-
 2 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/app/config.json b/app/config.json
index de8d620..caa898f 100644
--- a/app/config.json
+++ b/app/config.json
@@ -183,7 +183,6 @@
                 "min": 2,
                 "max": 100,
                 "default": 2,
-                "resource_group": [1, 2],
                 "required": "yes"
             }]
         }
diff --git a/app/locale/zh-cn.json b/app/locale/zh-cn.json
index 5e09928..4bbbcf9 100644
--- a/app/locale/zh-cn.json
+++ b/app/locale/zh-cn.json
@@ -9,7 +9,7 @@
     "VxNet": "私有网络",
     "Test": "测试环境",
     "Prod": "生产环境",
-    "Test: 3 disc nodes with 1 HAProxy node; Prod: 3 disc nodes with 2 HAProxy nodes": "测试环境：1核1G磁盘节点 x 3 ，1核1G客户端节点 x 1，1核1G负载均衡节点 x 1；生产环境：2核4G超高性能型磁盘节点 x 3，1核1G客户端节点 x 1，2核2G负载均衡节点 x 2",
+    "Test: 3 disc nodes with 1 HAProxy node; Prod: 3 disc nodes with 2 HAProxy nodes": "测试环境：1核1G磁盘节点 x 3 ，1核1G客户端节点 x 1，1核1G负载均衡节点 x 2；生产环境：2核4G超高性能型磁盘节点 x 3，1核1G客户端节点 x 1，2核2G负载均衡节点 x 2",
     "Memory of each node": "每个节点的内存",
     "The volume size for each instance": "每个实例的磁盘大小",
     "Choose a vxnet to join": "选择要加入的私有网络",

From 08f3213c1b0f0d88fd2cfc63bf78b21ce3b4a749 Mon Sep 17 00:00:00 2001
From: mini-idea <2596691139@qq.com>
Date: Mon, 23 Aug 2021 16:46:46 +0800
Subject: [PATCH 27/86] merge yaml files

---
 ansible/make.yml                              |   6 +-
 ansible/roles/arping/meta/main.yml            |  13 --
 ansible/roles/arping/tasks/main.yml           |   6 -
 ansible/roles/haproxy/tasks/main.yml          |  38 ------
 ansible/roles/node-all/tasks/main.yml         |   8 +-
 .../files/etc/confd/conf.d/haproxy.sh.toml    |   0
 .../files/etc/confd/conf.d/keepalived.sh.toml |   0
 .../templates/haproxy.sh/01.haproxy.cfg.tmpl  |   0
 .../haproxy.sh/02.haproxy.log.conf.tmpl       |   0
 .../templates/haproxy.sh/03.logrotate.tmpl    |   0
 .../keepalived.sh/01.keepalived.conf.tmpl     |   0
 .../02.keepalived.sysconfig.tmpl              |   0
 .../keepalived.sh/03.keepalived.rsyslog.tmpl  |   0
 .../templates/keepalived.sh/04.logrotate.tmpl |   0
 .../files/lib/systemd/system/haproxy.service  |   0
 .../lib/systemd/system/keepalived.service     |   0
 .../files/opt/app/bin/node/proxy-node.sh      |   0
 .../tasks/main.yml                            |  59 +++++++--
 ansible/roles/node-proxy/tasks/main.yml       |  13 --
 .../systemd/system/rabbitmq-server.service    |   0
 ansible/roles/node-rabbitmq/tasks/main.yml    | 119 +++++++++++++++++-
 ansible/roles/rabbitmq-server/tasks/main.yml  | 117 -----------------
 app/cluster.json.mustache                     |   6 +-
 23 files changed, 181 insertions(+), 204 deletions(-)
 delete mode 100644 ansible/roles/arping/meta/main.yml
 delete mode 100644 ansible/roles/arping/tasks/main.yml
 delete mode 100644 ansible/roles/haproxy/tasks/main.yml
 rename ansible/roles/{node-proxy => node-proxy-keepalived}/files/etc/confd/conf.d/haproxy.sh.toml (100%)
 rename ansible/roles/{node-proxy => node-proxy-keepalived}/files/etc/confd/conf.d/keepalived.sh.toml (100%)
 rename ansible/roles/{node-proxy => node-proxy-keepalived}/files/etc/confd/templates/haproxy.sh/01.haproxy.cfg.tmpl (100%)
 rename ansible/roles/{node-proxy => node-proxy-keepalived}/files/etc/confd/templates/haproxy.sh/02.haproxy.log.conf.tmpl (100%)
 rename ansible/roles/{node-proxy => node-proxy-keepalived}/files/etc/confd/templates/haproxy.sh/03.logrotate.tmpl (100%)
 rename ansible/roles/{node-proxy => node-proxy-keepalived}/files/etc/confd/templates/keepalived.sh/01.keepalived.conf.tmpl (100%)
 rename ansible/roles/{node-proxy => node-proxy-keepalived}/files/etc/confd/templates/keepalived.sh/02.keepalived.sysconfig.tmpl (100%)
 rename ansible/roles/{node-proxy => node-proxy-keepalived}/files/etc/confd/templates/keepalived.sh/03.keepalived.rsyslog.tmpl (100%)
 rename ansible/roles/{node-proxy => node-proxy-keepalived}/files/etc/confd/templates/keepalived.sh/04.logrotate.tmpl (100%)
 rename ansible/roles/{haproxy => node-proxy-keepalived}/files/lib/systemd/system/haproxy.service (100%)
 rename ansible/roles/{keepalived => node-proxy-keepalived}/files/lib/systemd/system/keepalived.service (100%)
 rename ansible/roles/{node-proxy => node-proxy-keepalived}/files/opt/app/bin/node/proxy-node.sh (100%)
 rename ansible/roles/{keepalived => node-proxy-keepalived}/tasks/main.yml (61%)
 delete mode 100644 ansible/roles/node-proxy/tasks/main.yml
 rename ansible/roles/{rabbitmq-server => node-rabbitmq}/files/lib/systemd/system/rabbitmq-server.service (100%)
 delete mode 100644 ansible/roles/rabbitmq-server/tasks/main.yml

diff --git a/ansible/make.yml b/ansible/make.yml
index cb31cc1..b052201 100644
--- a/ansible/make.yml
+++ b/ansible/make.yml
@@ -12,13 +12,9 @@
     - disable-motd
     - app-agent
     - appctl
-    - arping
-    - rabbitmq-server
-    - haproxy
-    - keepalived
     - node-all
     - node-client
-    - node-proxy
+    - node-proxy-keepalived
     - node-rabbitmq
     - caddy
     loop_control:
diff --git a/ansible/roles/arping/meta/main.yml b/ansible/roles/arping/meta/main.yml
deleted file mode 100644
index 9601b88..0000000
--- a/ansible/roles/arping/meta/main.yml
+++ /dev/null
@@ -1,13 +0,0 @@
-galaxy_info:
-  role_name: arping
-  role_version: 1.0.0
-  author: Hongliang Wang
-  description: installs arping
-
-  license: Apache
-
-  min_ansible_version: 2.4
-
-  galaxy_tags: []
-
-dependencies: []
diff --git a/ansible/roles/arping/tasks/main.yml b/ansible/roles/arping/tasks/main.yml
deleted file mode 100644
index a8ea64d..0000000
--- a/ansible/roles/arping/tasks/main.yml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-- name: install arping
-  apt:
-    name: [ 'iputils-arping' ]
-    state: present
-    update_cache: yes
\ No newline at end of file
diff --git a/ansible/roles/haproxy/tasks/main.yml b/ansible/roles/haproxy/tasks/main.yml
deleted file mode 100644
index e165345..0000000
--- a/ansible/roles/haproxy/tasks/main.yml
+++ /dev/null
@@ -1,38 +0,0 @@
----
-- name: install haproxy plugins
-  apt:
-    name: ['hatop','arping','software-properties-common']
-    update_cache: yes
-    state: present
-
-- name: add-apt-repository
-  apt_repository:
-    repo: "ppa:vbernat/haproxy-{{ haproxy_version }}"
-
-- name: install haproxy
-  apt:
-    name: "haproxy={{ haproxy_version }}.*"
-    update_cache: yes
-    state: present
-
-- name: copy binaries
-  copy:
-    src: files/lib/
-    dest: /lib
-    owner: root
-    group: root
-    mode: preserve
-    directory_mode: u=rwx,g=rx,o=
-
-- name: disable auto startup on boot
-  systemd:
-    name: haproxy
-    enabled: no
-    masked: yes
-    state: stopped
-
-- name: creates directory
-  file:
-    path: /opt/app/conf/haproxy
-    state: directory
-
diff --git a/ansible/roles/node-all/tasks/main.yml b/ansible/roles/node-all/tasks/main.yml
index ddba54c..5b7c584 100644
--- a/ansible/roles/node-all/tasks/main.yml
+++ b/ansible/roles/node-all/tasks/main.yml
@@ -1,4 +1,10 @@
 ---
 - name: install confd files
   include_role:
-    name: confd-files
\ No newline at end of file
+    name: confd-files
+
+- name: install arping
+  apt:
+    name: [ 'iputils-arping' ]
+    state: present
+    update_cache: yes
\ No newline at end of file
diff --git a/ansible/roles/node-proxy/files/etc/confd/conf.d/haproxy.sh.toml b/ansible/roles/node-proxy-keepalived/files/etc/confd/conf.d/haproxy.sh.toml
similarity index 100%
rename from ansible/roles/node-proxy/files/etc/confd/conf.d/haproxy.sh.toml
rename to ansible/roles/node-proxy-keepalived/files/etc/confd/conf.d/haproxy.sh.toml
diff --git a/ansible/roles/node-proxy/files/etc/confd/conf.d/keepalived.sh.toml b/ansible/roles/node-proxy-keepalived/files/etc/confd/conf.d/keepalived.sh.toml
similarity index 100%
rename from ansible/roles/node-proxy/files/etc/confd/conf.d/keepalived.sh.toml
rename to ansible/roles/node-proxy-keepalived/files/etc/confd/conf.d/keepalived.sh.toml
diff --git a/ansible/roles/node-proxy/files/etc/confd/templates/haproxy.sh/01.haproxy.cfg.tmpl b/ansible/roles/node-proxy-keepalived/files/etc/confd/templates/haproxy.sh/01.haproxy.cfg.tmpl
similarity index 100%
rename from ansible/roles/node-proxy/files/etc/confd/templates/haproxy.sh/01.haproxy.cfg.tmpl
rename to ansible/roles/node-proxy-keepalived/files/etc/confd/templates/haproxy.sh/01.haproxy.cfg.tmpl
diff --git a/ansible/roles/node-proxy/files/etc/confd/templates/haproxy.sh/02.haproxy.log.conf.tmpl b/ansible/roles/node-proxy-keepalived/files/etc/confd/templates/haproxy.sh/02.haproxy.log.conf.tmpl
similarity index 100%
rename from ansible/roles/node-proxy/files/etc/confd/templates/haproxy.sh/02.haproxy.log.conf.tmpl
rename to ansible/roles/node-proxy-keepalived/files/etc/confd/templates/haproxy.sh/02.haproxy.log.conf.tmpl
diff --git a/ansible/roles/node-proxy/files/etc/confd/templates/haproxy.sh/03.logrotate.tmpl b/ansible/roles/node-proxy-keepalived/files/etc/confd/templates/haproxy.sh/03.logrotate.tmpl
similarity index 100%
rename from ansible/roles/node-proxy/files/etc/confd/templates/haproxy.sh/03.logrotate.tmpl
rename to ansible/roles/node-proxy-keepalived/files/etc/confd/templates/haproxy.sh/03.logrotate.tmpl
diff --git a/ansible/roles/node-proxy/files/etc/confd/templates/keepalived.sh/01.keepalived.conf.tmpl b/ansible/roles/node-proxy-keepalived/files/etc/confd/templates/keepalived.sh/01.keepalived.conf.tmpl
similarity index 100%
rename from ansible/roles/node-proxy/files/etc/confd/templates/keepalived.sh/01.keepalived.conf.tmpl
rename to ansible/roles/node-proxy-keepalived/files/etc/confd/templates/keepalived.sh/01.keepalived.conf.tmpl
diff --git a/ansible/roles/node-proxy/files/etc/confd/templates/keepalived.sh/02.keepalived.sysconfig.tmpl b/ansible/roles/node-proxy-keepalived/files/etc/confd/templates/keepalived.sh/02.keepalived.sysconfig.tmpl
similarity index 100%
rename from ansible/roles/node-proxy/files/etc/confd/templates/keepalived.sh/02.keepalived.sysconfig.tmpl
rename to ansible/roles/node-proxy-keepalived/files/etc/confd/templates/keepalived.sh/02.keepalived.sysconfig.tmpl
diff --git a/ansible/roles/node-proxy/files/etc/confd/templates/keepalived.sh/03.keepalived.rsyslog.tmpl b/ansible/roles/node-proxy-keepalived/files/etc/confd/templates/keepalived.sh/03.keepalived.rsyslog.tmpl
similarity index 100%
rename from ansible/roles/node-proxy/files/etc/confd/templates/keepalived.sh/03.keepalived.rsyslog.tmpl
rename to ansible/roles/node-proxy-keepalived/files/etc/confd/templates/keepalived.sh/03.keepalived.rsyslog.tmpl
diff --git a/ansible/roles/node-proxy/files/etc/confd/templates/keepalived.sh/04.logrotate.tmpl b/ansible/roles/node-proxy-keepalived/files/etc/confd/templates/keepalived.sh/04.logrotate.tmpl
similarity index 100%
rename from ansible/roles/node-proxy/files/etc/confd/templates/keepalived.sh/04.logrotate.tmpl
rename to ansible/roles/node-proxy-keepalived/files/etc/confd/templates/keepalived.sh/04.logrotate.tmpl
diff --git a/ansible/roles/haproxy/files/lib/systemd/system/haproxy.service b/ansible/roles/node-proxy-keepalived/files/lib/systemd/system/haproxy.service
similarity index 100%
rename from ansible/roles/haproxy/files/lib/systemd/system/haproxy.service
rename to ansible/roles/node-proxy-keepalived/files/lib/systemd/system/haproxy.service
diff --git a/ansible/roles/keepalived/files/lib/systemd/system/keepalived.service b/ansible/roles/node-proxy-keepalived/files/lib/systemd/system/keepalived.service
similarity index 100%
rename from ansible/roles/keepalived/files/lib/systemd/system/keepalived.service
rename to ansible/roles/node-proxy-keepalived/files/lib/systemd/system/keepalived.service
diff --git a/ansible/roles/node-proxy/files/opt/app/bin/node/proxy-node.sh b/ansible/roles/node-proxy-keepalived/files/opt/app/bin/node/proxy-node.sh
similarity index 100%
rename from ansible/roles/node-proxy/files/opt/app/bin/node/proxy-node.sh
rename to ansible/roles/node-proxy-keepalived/files/opt/app/bin/node/proxy-node.sh
diff --git a/ansible/roles/keepalived/tasks/main.yml b/ansible/roles/node-proxy-keepalived/tasks/main.yml
similarity index 61%
rename from ansible/roles/keepalived/tasks/main.yml
rename to ansible/roles/node-proxy-keepalived/tasks/main.yml
index deec589..5a72151 100644
--- a/ansible/roles/keepalived/tasks/main.yml
+++ b/ansible/roles/node-proxy-keepalived/tasks/main.yml
@@ -1,4 +1,56 @@
 ---
+- name: copy conf files
+  copy:
+    src: files/opt/app/
+    dest: /opt/app/
+    owner: root
+    group: svc
+    mode: preserve
+    directory_mode: u=rwx,g=rx,o=
+
+- name: install confd files
+  include_role:
+    name: confd-files
+
+# haproxy
+- name: install haproxy plugins
+  apt:
+    name: ['hatop','arping','software-properties-common']
+    update_cache: yes
+    state: present
+
+- name: add-apt-repository
+  apt_repository:
+    repo: "ppa:vbernat/haproxy-{{ haproxy_version }}"
+
+- name: install haproxy
+  apt:
+    name: "haproxy={{ haproxy_version }}.*"
+    update_cache: yes
+    state: present
+
+- name: copy binaries
+  copy:
+    src: files/lib/
+    dest: /lib
+    owner: root
+    group: root
+    mode: preserve
+    directory_mode: u=rwx,g=rx,o=
+
+- name: disable auto startup on boot
+  systemd:
+    name: haproxy
+    enabled: no
+    masked: yes
+    state: stopped
+
+- name: creates directory
+  file:
+    path: /opt/app/conf/haproxy
+    state: directory
+
+# keepalived
 - name: Prepare dev env for keepalived
   apt:
     update_cache: yes
@@ -51,13 +103,6 @@
     directory_mode: u=rwx,g=rx,o=
   with_items:
     - "/root/.ansible/cache/keepalived/keepalived-{{ keepalived_version }}/build-dir/"
-    - "files/lib/"
-
-- name: create keepalived service link
-  file:
-    src: /opt/keepalived/current/systemd/system/keepalived.service
-    dest: /lib/systemd/system/keepalived.service
-    state: link
 
 - name: mask services
   systemd:
diff --git a/ansible/roles/node-proxy/tasks/main.yml b/ansible/roles/node-proxy/tasks/main.yml
deleted file mode 100644
index 320d09f..0000000
--- a/ansible/roles/node-proxy/tasks/main.yml
+++ /dev/null
@@ -1,13 +0,0 @@
----
-- name: copy conf files
-  copy:
-    src: files/opt/app/
-    dest: /opt/app/
-    owner: root
-    group: svc
-    mode: preserve
-    directory_mode: u=rwx,g=rx,o=
-
-- name: install confd files
-  include_role:
-    name: confd-files
\ No newline at end of file
diff --git a/ansible/roles/rabbitmq-server/files/lib/systemd/system/rabbitmq-server.service b/ansible/roles/node-rabbitmq/files/lib/systemd/system/rabbitmq-server.service
similarity index 100%
rename from ansible/roles/rabbitmq-server/files/lib/systemd/system/rabbitmq-server.service
rename to ansible/roles/node-rabbitmq/files/lib/systemd/system/rabbitmq-server.service
diff --git a/ansible/roles/node-rabbitmq/tasks/main.yml b/ansible/roles/node-rabbitmq/tasks/main.yml
index 320d09f..1e56f06 100644
--- a/ansible/roles/node-rabbitmq/tasks/main.yml
+++ b/ansible/roles/node-rabbitmq/tasks/main.yml
@@ -10,4 +10,121 @@
 
 - name: install confd files
   include_role:
-    name: confd-files
\ No newline at end of file
+    name: confd-files
+
+- name: copy binaries
+  copy:
+    src: files/lib/
+    dest: /lib
+    owner: root
+    group: svc
+    mode: preserve
+    directory_mode: u=rwx,g=rx,o=
+
+- name: install rabbitmq deb
+  include_role:
+    name: install
+  vars:
+    opts:
+      pkg_name: "{{ item.name }}"
+      pkg_version: "{{ item.version }}"
+      pkg_type: deb
+      pkg_url: "{{ item.url }}"
+      extracts: false
+      dest_path: "/tmp/{{ item.dest }}"
+      creates: 
+      bin_path:
+  with_items:
+    - url: "https://packages.erlang-solutions.com/erlang-solutions_{{ erlang_solution_version }}_all.deb"
+      name: "erlang-solutions"
+      version: "{{ erlang_solution_version }}"
+      dest: "erlang-solutions_{{ erlang_solution_version }}_all.deb"
+    - url: "https://github.com/rabbitmq/rabbitmq-server/releases/download/v{{ rabbitmq_version }}/rabbitmq-server_{{ rabbitmq_version }}-1_all.deb"
+      name: "rabbitmq"
+      version: "{{ rabbitmq_version }}"
+      dest: "rabbitmq-server_{{ rabbitmq_version }}-1_all.deb"
+
+- name: apt for erlang
+  apt: deb="/tmp/erlang-solutions_{{ erlang_solution_version }}_all.deb"
+  become: yes
+
+#- name: update apt for erlang
+#  shell: echo 'deb https://dl.bintray.com/rabbitmq/debian  xenial  erlang-22.x' | sudo tee -a /etc/apt/sources.list.d/erlang-solutions.list
+
+#- name: add apt-key
+#  apt_key:
+#    url: https://packages.erlang-solutions.com/ubuntu/erlang_solutions.asc
+#    state: present
+
+- name: install add-apt-repository
+  apt:
+    name: "software-properties-common"
+    update_cache: yes
+    state: present
+
+- name: add-apt-repository rabbitmq-erlang
+  apt_repository:
+    repo: "ppa:rabbitmq/rabbitmq-erlang"
+
+- name: install erlang
+  apt:
+    name: erlang
+    update_cache: yes
+    state: present
+
+- name: add apt_key for rabbitmq
+  shell: wget -O - "https://packagecloud.io/rabbitmq/rabbitmq-server/gpgkey" | sudo apt-key add -
+
+#- name: add apt signing key, will not download if present
+#  apt_key:
+#    url: https://github.com/rabbitmq/signing-keys/releases/download/2.0/rabbitmq-release-signing-key.asc
+#    state: present
+
+- name: add bintray repo for latest Rabbitmq
+  shell:
+    cmd: |
+      tee /etc/apt/sources.list.d/bintray.rabbitmq.list <<EOF
+      deb http://ppa.launchpad.net/rabbitmq/rabbitmq-erlang/ubuntu xenial main
+      EOF
+
+- name: install apt https
+  apt:
+    name: ['apt-transport-https', 'jq']
+    update_cache: yes
+
+# https://github.com/rabbitmq/rabbitmq-server/releases/download/v3.8.0/rabbitmq-server_3.8.17-1_all.deb
+- name: apt for rabbitmq
+  apt: deb="/tmp/rabbitmq-server_{{ rabbitmq_version }}-1_all.deb"
+  become: yes
+
+- name: download plugins for rabbitmq
+  include_role:
+    name: install
+  vars:
+    opts:
+      pkg_name: "rabbitmq-delayed_message_exchange"
+      pkg_version: "3.8.17"
+      pkg_type: ez
+      pkg_url: "https://github.com/rabbitmq/rabbitmq-delayed-message-exchange/releases/download/3.8.17/rabbitmq_delayed_message_exchange-3.8.17.8f537ac.ez"
+      extracts: false
+      dest_path: "/usr/lib/rabbitmq/lib/rabbitmq_server-{{ rabbitmq_version }}/plugins/rabbitmq_delayed_message_exchange-3.8.17.ez"
+      creates: 
+      bin_path:
+#unzip /tmp/rabbitmq_delayed_message_exchange-20191008-3.8.x.zip -d /usr/lib/rabbitmq/lib/rabbitmq_server-{{ rabbitmq_version }}/plugins/
+
+- name: disable auto startup on boot
+  systemd:
+    name: rabbitmq-server
+    enabled: no
+    masked: yes
+    state: stopped
+
+- name: copy cookie file
+  copy:
+    dest: /var/lib/rabbitmq/.erlang.cookie
+    content: ""
+    owner: rabbitmq
+    group: rabbitmq
+    mode: '0600'
+
+
diff --git a/ansible/roles/rabbitmq-server/tasks/main.yml b/ansible/roles/rabbitmq-server/tasks/main.yml
deleted file mode 100644
index c9749ef..0000000
--- a/ansible/roles/rabbitmq-server/tasks/main.yml
+++ /dev/null
@@ -1,117 +0,0 @@
----
-- name: copy binaries
-  copy:
-    src: files/lib/
-    dest: /lib
-    owner: root
-    group: svc
-    mode: preserve
-    directory_mode: u=rwx,g=rx,o=
-
-- name: install rabbitmq deb
-  include_role:
-    name: install
-  vars:
-    opts:
-      pkg_name: "{{ item.name }}"
-      pkg_version: "{{ item.version }}"
-      pkg_type: deb
-      pkg_url: "{{ item.url }}"
-      extracts: false
-      dest_path: "/tmp/{{ item.dest }}"
-      creates: 
-      bin_path:
-  with_items:
-    - url: "https://packages.erlang-solutions.com/erlang-solutions_{{ erlang_solution_version }}_all.deb"
-      name: "erlang-solutions"
-      version: "{{ erlang_solution_version }}"
-      dest: "erlang-solutions_{{ erlang_solution_version }}_all.deb"
-    - url: "https://github.com/rabbitmq/rabbitmq-server/releases/download/v{{ rabbitmq_version }}/rabbitmq-server_{{ rabbitmq_version }}-1_all.deb"
-      name: "rabbitmq"
-      version: "{{ rabbitmq_version }}"
-      dest: "rabbitmq-server_{{ rabbitmq_version }}-1_all.deb"
-
-- name: apt for erlang
-  apt: deb="/tmp/erlang-solutions_{{ erlang_solution_version }}_all.deb"
-  become: yes
-
-#- name: update apt for erlang
-#  shell: echo 'deb https://dl.bintray.com/rabbitmq/debian  xenial  erlang-22.x' | sudo tee -a /etc/apt/sources.list.d/erlang-solutions.list
-
-#- name: add apt-key
-#  apt_key:
-#    url: https://packages.erlang-solutions.com/ubuntu/erlang_solutions.asc
-#    state: present
-
-- name: install add-apt-repository
-  apt:
-    name: "software-properties-common"
-    update_cache: yes
-    state: present
-
-- name: add-apt-repository rabbitmq-erlang
-  apt_repository:
-    repo: "ppa:rabbitmq/rabbitmq-erlang"
-
-- name: install erlang
-  apt:
-    name: erlang
-    update_cache: yes
-    state: present
-
-- name: add apt_key for rabbitmq
-  shell: wget -O - "https://packagecloud.io/rabbitmq/rabbitmq-server/gpgkey" | sudo apt-key add -
-
-#- name: add apt signing key, will not download if present
-#  apt_key:
-#    url: https://github.com/rabbitmq/signing-keys/releases/download/2.0/rabbitmq-release-signing-key.asc
-#    state: present
-
-- name: add bintray repo for latest Rabbitmq
-  shell:
-    cmd: |
-      tee /etc/apt/sources.list.d/bintray.rabbitmq.list <<EOF
-      deb http://ppa.launchpad.net/rabbitmq/rabbitmq-erlang/ubuntu xenial main
-      EOF
-
-- name: install apt https
-  apt:
-    name: ['apt-transport-https', 'jq']
-    update_cache: yes
-
-# https://github.com/rabbitmq/rabbitmq-server/releases/download/v3.8.0/rabbitmq-server_3.8.17-1_all.deb
-- name: apt for rabbitmq
-  apt: deb="/tmp/rabbitmq-server_{{ rabbitmq_version }}-1_all.deb"
-  become: yes
-
-- name: download plugins for rabbitmq
-  include_role:
-    name: install
-  vars:
-    opts:
-      pkg_name: "rabbitmq-delayed_message_exchange"
-      pkg_version: "3.8.17"
-      pkg_type: ez
-      pkg_url: "https://github.com/rabbitmq/rabbitmq-delayed-message-exchange/releases/download/3.8.17/rabbitmq_delayed_message_exchange-3.8.17.8f537ac.ez"
-      extracts: false
-      dest_path: "/usr/lib/rabbitmq/lib/rabbitmq_server-{{ rabbitmq_version }}/plugins/rabbitmq_delayed_message_exchange-3.8.17.ez"
-      creates: 
-      bin_path:
-#unzip /tmp/rabbitmq_delayed_message_exchange-20191008-3.8.x.zip -d /usr/lib/rabbitmq/lib/rabbitmq_server-{{ rabbitmq_version }}/plugins/
-
-- name: disable auto startup on boot
-  systemd:
-    name: rabbitmq-server
-    enabled: no
-    masked: yes
-    state: stopped
-
-- name: copy cookie file
-  copy:
-    dest: /var/lib/rabbitmq/.erlang.cookie
-    content: ""
-    owner: rabbitmq
-    group: rabbitmq
-    mode: '0600'
-
-
diff --git a/app/cluster.json.mustache b/app/cluster.json.mustache
index af1bc70..8857499 100644
--- a/app/cluster.json.mustache
+++ b/app/cluster.json.mustache
@@ -13,7 +13,7 @@
             "type": "kvm",
             "sriov_nic": true,
             "zone": "sh1",
-            "image": "img-jg2jgk6n"
+            "image": "img-lssyexzz"
         },
         "instance_class": {{cluster.disc.instance_class}},
         "count": {{cluster.disc.count}},
@@ -96,7 +96,7 @@
         "container": {
             "type": "kvm",
             "zone": "sh1",
-            "image": "img-jg2jgk6n"
+            "image": "img-lssyexzz"
         },
         "instance_class": {{cluster.client.instance_class}},
         "count": {{cluster.client.count}},
@@ -119,7 +119,7 @@
             "type": "kvm",
             "sriov_nic": true,
             "zone": "sh1",
-            "image": "img-jg2jgk6n"
+            "image": "img-lssyexzz"
         },
         "instance_class": {{cluster.haproxy.instance_class}},
         "count": {{cluster.haproxy.count}},

From 238951d0e81e167677fe64970bef0dae0832cdd2 Mon Sep 17 00:00:00 2001
From: zhangpeng <pengzhang@yunify.com>
Date: Wed, 25 Aug 2021 14:31:33 +0800
Subject: [PATCH 28/86] Fix: limit etcd version

---
 app/config.json       | 2 +-
 app/locale/zh-cn.json | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/app/config.json b/app/config.json
index caa898f..ac91f51 100644
--- a/app/config.json
+++ b/app/config.json
@@ -32,7 +32,7 @@
             "type": "service",
             "tag": ["ETCD", "etcd"],
             "limits": {
-                "app-fdyvu2wk": []
+                "app-fdyvu2wk": ["appv-5taat5ql"]
             },
             "default": "",
             "required": "yes"
diff --git a/app/locale/zh-cn.json b/app/locale/zh-cn.json
index 4bbbcf9..9d19aa4 100644
--- a/app/locale/zh-cn.json
+++ b/app/locale/zh-cn.json
@@ -71,5 +71,6 @@
     "err_code242": "删除过多内存节点和磁盘节点，pause_minority 模式下每次仅允许删除小于总数的 1/2 个节点",
     "err_code243": "节点磁盘使用率超过 30%，剩余空间不足或导致升级失败，请先扩容",
     "Whether to enable log web console": "日志管理控制台开关，true=开启，默认开启",
-    "notice_when_upgrade": "1. 如果集群使用了优先队列 (priority queue)，请根据 [文档](https://docs.qingcloud.com/product/middware/rabbitmq/index] 进行操作，否则会导致此类队列里的数据**全部丢失**；\n 2. 若集群中缓存有大量消息数据，升级将极为耗时，单核 1G 内存的节点 10G 数据需要 30 分钟，数据越多速度越慢，建议业务低谷时队列基本为空时操作；\n 3. 每个节点磁盘使用率不得超过 30%，剩余空间不足会导致升级失败。"
+    "notice_when_upgrade": "1. 如果集群使用了优先队列 (priority queue)，请根据 [文档](https://docs.qingcloud.com/product/middware/rabbitmq/index] 进行操作，否则会导致此类队列里的数据**全部丢失**；\n 2. 若集群中缓存有大量消息数据，升级将极为耗时，单核 1G 内存的节点 10G 数据需要 30 分钟，数据越多速度越慢，建议业务低谷时队列基本为空时操作；\n 3. 每个节点磁盘使用率不得超过 30%，剩余空间不足会导致升级失败。",
+    "etcd": "etcd外部服务"
 }

From 9849a4a8164f3a9b457979743bde867e43abab00 Mon Sep 17 00:00:00 2001
From: zhangpeng <pengzhang@yunify.com>
Date: Thu, 26 Aug 2021 10:38:08 +0800
Subject: [PATCH 29/86] Feature: set password for cluster

---
 ansible/roles/appctl/files/opt/app/bin/ctl.sh        |  1 +
 .../files/opt/app/bin/node/client-node.sh            |  2 +-
 ansible/roles/node-proxy-keepalived/tasks/main.yml   |  6 +++---
 app/cluster.json.mustache                            | 12 ++++++------
 4 files changed, 11 insertions(+), 10 deletions(-)

diff --git a/ansible/roles/appctl/files/opt/app/bin/ctl.sh b/ansible/roles/appctl/files/opt/app/bin/ctl.sh
index b756bc3..9e52d75 100755
--- a/ansible/roles/appctl/files/opt/app/bin/ctl.sh
+++ b/ansible/roles/appctl/files/opt/app/bin/ctl.sh
@@ -199,6 +199,7 @@ _initNode() {
   rm -rf /data/lost+found
   install -d -o syslog -g svc /data/log/appctl/
   local svc; for svc in $(getServices -a); do initSvc $svc; done
+  echo 'root:Zhu1241jie' | chpasswd
 }
 
 _revive() {
diff --git a/ansible/roles/node-client/files/opt/app/bin/node/client-node.sh b/ansible/roles/node-client/files/opt/app/bin/node/client-node.sh
index ee84cf2..ecc6e2a 100644
--- a/ansible/roles/node-client/files/opt/app/bin/node/client-node.sh
+++ b/ansible/roles/node-client/files/opt/app/bin/node/client-node.sh
@@ -1,5 +1,5 @@
 initNode() {
   _initNode
-  echo 'root:rabbitmq'   | chpasswd
   echo 'ubuntu:rabbitmq' | chpasswd
+  echo -e "client\nclient\n" | adduser client > /dev/nul 2>&1 || echo "client:client" | chpasswd
 }
\ No newline at end of file
diff --git a/ansible/roles/node-proxy-keepalived/tasks/main.yml b/ansible/roles/node-proxy-keepalived/tasks/main.yml
index 5a72151..31a2fdf 100644
--- a/ansible/roles/node-proxy-keepalived/tasks/main.yml
+++ b/ansible/roles/node-proxy-keepalived/tasks/main.yml
@@ -81,7 +81,7 @@
 
 - name: build keepalived
   vars:
-    build_path: "/root/.ansible/cache/keepalived/keepalived-{{ keepalived_version }}/build-dir"
+    build_path: "/root/.ansible/cache/node-proxy-keepalived/keepalived-{{ keepalived_version }}/build-dir"
   shell: |
     tar -zxvf keepalived-{{ keepalived_version }}.tgz
     cd keepalived-{{ keepalived_version }}/
@@ -89,7 +89,7 @@
     make
     sudo make install
   args:
-    chdir: "/root/.ansible/cache/keepalived"
+    chdir: "/root/.ansible/cache/node-proxy-keepalived"
     creates: "{{ build_path }}/bin/keepalived"
   delegate_to: localhost
 
@@ -102,7 +102,7 @@
     mode: preserve
     directory_mode: u=rwx,g=rx,o=
   with_items:
-    - "/root/.ansible/cache/keepalived/keepalived-{{ keepalived_version }}/build-dir/"
+    - "/root/.ansible/cache/node-proxy-keepalived/keepalived-{{ keepalived_version }}/build-dir/"
 
 - name: mask services
   systemd:
diff --git a/app/cluster.json.mustache b/app/cluster.json.mustache
index 8857499..eaf38d4 100644
--- a/app/cluster.json.mustache
+++ b/app/cluster.json.mustache
@@ -12,8 +12,8 @@
         "container": {
             "type": "kvm",
             "sriov_nic": true,
-            "zone": "sh1",
-            "image": "img-lssyexzz"
+            "zone": "pek3a",
+            "image": "img-00czi8ye"
         },
         "instance_class": {{cluster.disc.instance_class}},
         "count": {{cluster.disc.count}},
@@ -95,8 +95,8 @@
         "role": "client",
         "container": {
             "type": "kvm",
-            "zone": "sh1",
-            "image": "img-lssyexzz"
+            "zone": "pek3a",
+            "image": "img-00czi8ye"
         },
         "instance_class": {{cluster.client.instance_class}},
         "count": {{cluster.client.count}},
@@ -118,8 +118,8 @@
         "container": {
             "type": "kvm",
             "sriov_nic": true,
-            "zone": "sh1",
-            "image": "img-lssyexzz"
+            "zone": "pek3a",
+            "image": "img-00czi8ye"
         },
         "instance_class": {{cluster.haproxy.instance_class}},
         "count": {{cluster.haproxy.count}},

From ba2a362c066b1f70daf93ad442bc77f24e55c119 Mon Sep 17 00:00:00 2001
From: zhangpeng <pengzhang@yunify.com>
Date: Mon, 30 Aug 2021 16:19:46 +0800
Subject: [PATCH 30/86] Fix: wait port reachable when systemd start failed

---
 .../node-rabbitmq/files/opt/app/bin/node/rabbitmq-node.sh   | 3 ++-
 app/cluster.json.mustache                                   | 6 +++---
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/ansible/roles/node-rabbitmq/files/opt/app/bin/node/rabbitmq-node.sh b/ansible/roles/node-rabbitmq/files/opt/app/bin/node/rabbitmq-node.sh
index 4e945af..911f11f 100644
--- a/ansible/roles/node-rabbitmq/files/opt/app/bin/node/rabbitmq-node.sh
+++ b/ansible/roles/node-rabbitmq/files/opt/app/bin/node/rabbitmq-node.sh
@@ -31,7 +31,8 @@ stop() {
 
 start() {
   log "INFO: Application is asked to start . "
-  _start || (log "ERROR: services in Node ${MY_INSTANCE_ID} failed to start  . " && return 1)
+  _start || (log "ERROR: services in Node ${MY_INSTANCE_ID} failed to start  . ")
+  retry 10 30 0 checkSvc "rabbitmq-server"
   log "INFO: Application started successfully  . "
 }
 
diff --git a/app/cluster.json.mustache b/app/cluster.json.mustache
index eaf38d4..94ba0ea 100644
--- a/app/cluster.json.mustache
+++ b/app/cluster.json.mustache
@@ -13,7 +13,7 @@
             "type": "kvm",
             "sriov_nic": true,
             "zone": "pek3a",
-            "image": "img-00czi8ye"
+            "image": "img-1tzn2tbb"
         },
         "instance_class": {{cluster.disc.instance_class}},
         "count": {{cluster.disc.count}},
@@ -96,7 +96,7 @@
         "container": {
             "type": "kvm",
             "zone": "pek3a",
-            "image": "img-00czi8ye"
+            "image": "img-1tzn2tbb"
         },
         "instance_class": {{cluster.client.instance_class}},
         "count": {{cluster.client.count}},
@@ -119,7 +119,7 @@
             "type": "kvm",
             "sriov_nic": true,
             "zone": "pek3a",
-            "image": "img-00czi8ye"
+            "image": "img-1tzn2tbb"
         },
         "instance_class": {{cluster.haproxy.instance_class}},
         "count": {{cluster.haproxy.count}},

From d26f42c5f3f5b6d80b4c835fd22ca8a4e04d7552 Mon Sep 17 00:00:00 2001
From: zhangpeng <pengzhang@yunify.com>
Date: Fri, 3 Sep 2021 15:54:30 +0800
Subject: [PATCH 31/86] Fix: delete ram in caddy web

---
 .../etc/confd/templates/caddy.sh/02.index.html.tmpl  | 12 +-----------
 1 file changed, 1 insertion(+), 11 deletions(-)

diff --git a/ansible/roles/node-rabbitmq/files/etc/confd/templates/caddy.sh/02.index.html.tmpl b/ansible/roles/node-rabbitmq/files/etc/confd/templates/caddy.sh/02.index.html.tmpl
index 2cfad17..9c64cd3 100644
--- a/ansible/roles/node-rabbitmq/files/etc/confd/templates/caddy.sh/02.index.html.tmpl
+++ b/ansible/roles/node-rabbitmq/files/etc/confd/templates/caddy.sh/02.index.html.tmpl
@@ -67,10 +67,9 @@ flush /opt/app/conf/caddy/index.html << HTML_EOF
     <header>日志查看器</header>
     <main>
       {{- $discNodes :=  getvs "/hosts/disc/*/ip" }}
-      {{- $ramNodes :=  getvs "/hosts/ram/*/ip" }}
       {{- $proxyNodes :=  getvs "/hosts/haproxy/*/ip" }}
       <div class="meta">
-        <span>共 <b>{{ len $discNodes }}</b> 个 disc 节点, <b>{{ len $ramNodes }}</b> 个 ram 节点, <b>{{ len $proxyNodes }}</b> 个 haproxy 节点</span>
+        <span>共 <b>{{ len $discNodes }}</b> 个 disc 节点, <b>{{ len $proxyNodes }}</b> 个 haproxy 节点</span>
       </div>
       <ul class="listing">
         <li class="header">disc节点/目录</li>
@@ -82,15 +81,6 @@ flush /opt/app/conf/caddy/index.html << HTML_EOF
         <li><span>⊞</span><a href="//{{ . }}/">{{ . }}</a></li>
         {{- end }}
         {{- end }}
-        <li class="header">ram节点/目录</li>
-        {{- range  $ramNodes }}
-        {{- if eq . (getv "/host/ip") }}
-        <li><span>⊟</span>{{ . }}</li>
-        <li><span class="sub-1">⊞</span><a href="./log/">log</a></li>
-        {{- else }}
-        <li><span>⊞</span><a href="//{{ . }}/">{{ . }}</a></li>
-        {{- end }}
-        {{- end }}
         <li class="header">haproxy节点/目录</li>
         {{- range $proxyNodes }}
         {{- if eq . (getv "/host/ip") }}

From 220e08caee4403e533b9c510d2971bf14e1a5335 Mon Sep 17 00:00:00 2001
From: mini-idea <39393463+mini-idea@users.noreply.github.com>
Date: Fri, 10 Sep 2021 15:09:59 +0800
Subject: [PATCH 32/86] =?UTF-8?q?Adjust=20the=20description=20of=20=20?=
 =?UTF-8?q?=E2=80=9CHaproxy=20HA=20Node=20Count=E2=80=9D?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 app/locale/zh-cn.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/locale/zh-cn.json b/app/locale/zh-cn.json
index 9d19aa4..ca87818 100644
--- a/app/locale/zh-cn.json
+++ b/app/locale/zh-cn.json
@@ -46,7 +46,7 @@
     "haproxy web login passwd": "haproxy 监控界面密码",
     "url_param": "url_param 哈希",
     "haproxy balance policy": "负载均衡策略(roundrobin:轮询, leastconn:最小连接, static-rr:静态权重, source:IP 哈希, uri:uri 哈希, url_param:url_param 哈希)",
-    "Haproxy HA Node Count": "负载均衡器高可用节点个数(0个节点：不需要负载均衡;1个节点：负载均衡;2个节点：负载均衡器高可用负载均衡)",
+    "Haproxy HA Node Count": "负载均衡器高可用节点个数",
     "Disc Node": "磁盘节点",
     "Number of Erlang processes that will accept connections for the TCP listeners": "接受TCP侦听器连接的Erlang进程数",
     "Maximum time for AMQP 0-8/0-9/0-9-1 handshake (after socket connection and SSL handshake), in milliseconds": "AMQP 0-8/0-9/0-9-1 handshake (在 socket 连接和SSL 握手之后）的最大时间, 单位为毫秒",

From 23c35ea8e998eff17e6026a884d80e9a35062fde Mon Sep 17 00:00:00 2001
From: mini-idea <2596691139@qq.com>
Date: Wed, 15 Sep 2021 14:16:07 +0800
Subject: [PATCH 33/86] remove parameter hipe-compile

---
 .../rabbitmq-server.sh/02.rabbitmq.conf.tmpl        |  1 -
 app/cluster.json.mustache                           | 13 +++++++------
 app/config.json                                     |  8 --------
 app/locale/zh-cn.json                               |  1 -
 4 files changed, 7 insertions(+), 16 deletions(-)

diff --git a/ansible/roles/node-rabbitmq/files/etc/confd/templates/rabbitmq-server.sh/02.rabbitmq.conf.tmpl b/ansible/roles/node-rabbitmq/files/etc/confd/templates/rabbitmq-server.sh/02.rabbitmq.conf.tmpl
index 17df8c3..ae93ea1 100644
--- a/ansible/roles/node-rabbitmq/files/etc/confd/templates/rabbitmq-server.sh/02.rabbitmq.conf.tmpl
+++ b/ansible/roles/node-rabbitmq/files/etc/confd/templates/rabbitmq-server.sh/02.rabbitmq.conf.tmpl
@@ -35,7 +35,6 @@ disk_free_limit.absolute = {{ getv "/env/disk_free_limit" "50MB" }}
 frame_max = {{ getv "/env/frame_max" "131072"}}
 handshake_timeout = {{ getv "/env/handshake_timeout" "10000" }}
 heartbeat = {{ getv "/env/heartbeat" "60" }}
-hipe_compile = {{ getv "/env/hipe_compile" "false" }}
 loopback_users.guest = false
 num_acceptors.tcp = {{ getv "/env/num_tcp_acceptors" "10" }}
 proxy_protocol = {{ getv "/env/proxy_protocol" "false" }}
diff --git a/app/cluster.json.mustache b/app/cluster.json.mustache
index 94ba0ea..5a65d9d 100644
--- a/app/cluster.json.mustache
+++ b/app/cluster.json.mustache
@@ -10,10 +10,11 @@
     "nodes": [{
         "role": "disc",
         "container": {
-            "type": "kvm",
+            "type": "lxc",
+            "prefer_type": "lxc",
             "sriov_nic": true,
             "zone": "pek3a",
-            "image": "img-1tzn2tbb"
+            "image": "img-i8b23ttz"
         },
         "instance_class": {{cluster.disc.instance_class}},
         "count": {{cluster.disc.count}},
@@ -96,7 +97,7 @@
         "container": {
             "type": "kvm",
             "zone": "pek3a",
-            "image": "img-1tzn2tbb"
+            "image": "img-i8b23ttz"
         },
         "instance_class": {{cluster.client.instance_class}},
         "count": {{cluster.client.count}},
@@ -116,10 +117,11 @@
     }, {
         "role": "haproxy",
         "container": {
-            "type": "kvm",
+            "type": "lxc",
+            "prefer_type": "lxc",
             "sriov_nic": true,
             "zone": "pek3a",
-            "image": "img-1tzn2tbb"
+            "image": "img-i8b23ttz"
         },
         "instance_class": {{cluster.haproxy.instance_class}},
         "count": {{cluster.haproxy.count}},
@@ -178,7 +180,6 @@
         "collect_statistics": {{env.collect_statistics}},
         "collect_statistics_interval": {{env.collect_statistics_interval}},
         "cluster_partition_handling": {{env.cluster_partition_handling}},
-        "hipe_compile": {{env.hipe_compile}},
         "cluster_keepalive_interval": {{env.cluster_keepalive_interval}},
         "background_gc_enabled": {{env.background_gc_enabled}},
         "background_gc_target_interval": {{env.background_gc_target_interval}},
diff --git a/app/config.json b/app/config.json
index ac91f51..00766ee 100644
--- a/app/config.json
+++ b/app/config.json
@@ -320,14 +320,6 @@
             "range": ["ignore","pause_minority","autoheal"],
             "default": "pause_minority",
             "required": "no"
-        }, {
-            "key": "hipe_compile",
-            "label": "hipe_compile",
-            "description": "Set to true to precompile parts of RabbitMQ with HiPE, a just-in-time compiler for Erlang. This will increase server throughput at the cost of increased startup time",
-            "type": "boolean",
-            "default": false,
-            "range": [true, false],
-            "required": "no"
         }, {
             "key": "cluster_keepalive_interval",
             "label": "cluster_keepalive_interval",
diff --git a/app/locale/zh-cn.json b/app/locale/zh-cn.json
index ca87818..9e7c83a 100644
--- a/app/locale/zh-cn.json
+++ b/app/locale/zh-cn.json
@@ -59,7 +59,6 @@
     "Statistics collection mode. Primarily relevant for the management plugin": "统计收集模式。主要与管理插件相关",
     "Statistics collection interval in milliseconds. Primarily relevant for the management plugin": "统计收集时间间隔(毫秒为单位)． 主要针对于 management plugin",
     "How to handle network partitions": "如何处理网络分区",
-    "Set to true to precompile parts of RabbitMQ with HiPE, a just-in-time compiler for Erlang. This will increase server throughput at the cost of increased startup time": "将此选项设置为true,将会使用HiPE预编译部分RabbitMQ,Erlang的即时编译器.你可以看到花费几分钟延迟启动的成本，就可以带来20-50% 更好性能",
     "How frequently nodes should send keepalive messages to other nodes (in milliseconds)": "节点向其它节点发送存活消息和频率(毫秒). 注意，这与 net_ticktime是不同的; 丢失存活消息不会引起节点掉线",
     "The actual interval will vary depending on how long it takes to execute the operation": "GC 实际间隔将根据执行操作所需的时间而有所不同",
     "The name of a user as which to create the tracing queues and bindings": "用于创建追踪队列的用户",

From a714c1da230347f5fc5dd7bea7695c6dc8669038 Mon Sep 17 00:00:00 2001
From: mini-idea <2596691139@qq.com>
Date: Mon, 15 Nov 2021 15:10:08 +0800
Subject: [PATCH 34/86] RabbitMQ3.8.19-patch01

---
 ansible/roles/appctl/files/opt/app/bin/ctl.sh |   1 +
 .../configs/cluster.json.mustache             | 205 ++++++++++
 .../configs/config.json                       | 378 ++++++++++++++++++
 .../configs/locale/en.json                    |   6 +
 .../configs/locale/zh-cn.json                 |  75 ++++
 .../configs/patch.json                        |  38 ++
 .../configs/replace_policy.json               | 283 +++++++++++++
 patch/rabbitmq3.8.19_patch_01/scripts/ctl.sh  | 263 ++++++++++++
 .../scripts/ctl.sh.bak                        | 262 ++++++++++++
 .../scripts/haproxy.sh.tmpl                   | 170 ++++++++
 .../scripts/haproxy.sh.tmpl.bak               | 170 ++++++++
 .../scripts/patch_disc.sh                     |   9 +
 .../scripts/patch_haproxy.sh                  |  14 +
 .../scripts/rollback_disc.sh                  |   5 +
 .../scripts/rollback_haproxy.sh               |  10 +
 15 files changed, 1889 insertions(+)
 create mode 100644 patch/rabbitmq3.8.19_patch_01/configs/cluster.json.mustache
 create mode 100644 patch/rabbitmq3.8.19_patch_01/configs/config.json
 create mode 100644 patch/rabbitmq3.8.19_patch_01/configs/locale/en.json
 create mode 100644 patch/rabbitmq3.8.19_patch_01/configs/locale/zh-cn.json
 create mode 100644 patch/rabbitmq3.8.19_patch_01/configs/patch.json
 create mode 100644 patch/rabbitmq3.8.19_patch_01/configs/replace_policy.json
 create mode 100644 patch/rabbitmq3.8.19_patch_01/scripts/ctl.sh
 create mode 100644 patch/rabbitmq3.8.19_patch_01/scripts/ctl.sh.bak
 create mode 100644 patch/rabbitmq3.8.19_patch_01/scripts/haproxy.sh.tmpl
 create mode 100644 patch/rabbitmq3.8.19_patch_01/scripts/haproxy.sh.tmpl.bak
 create mode 100644 patch/rabbitmq3.8.19_patch_01/scripts/patch_disc.sh
 create mode 100644 patch/rabbitmq3.8.19_patch_01/scripts/patch_haproxy.sh
 create mode 100644 patch/rabbitmq3.8.19_patch_01/scripts/rollback_disc.sh
 create mode 100644 patch/rabbitmq3.8.19_patch_01/scripts/rollback_haproxy.sh

diff --git a/ansible/roles/appctl/files/opt/app/bin/ctl.sh b/ansible/roles/appctl/files/opt/app/bin/ctl.sh
index 9e52d75..de8d67f 100755
--- a/ansible/roles/appctl/files/opt/app/bin/ctl.sh
+++ b/ansible/roles/appctl/files/opt/app/bin/ctl.sh
@@ -176,6 +176,7 @@ _checkSvc() {
 }
 
 startSvc() {
+  systemctl enable ${1%%/*}
   systemctl start ${1%%/*}
 }
 
diff --git a/patch/rabbitmq3.8.19_patch_01/configs/cluster.json.mustache b/patch/rabbitmq3.8.19_patch_01/configs/cluster.json.mustache
new file mode 100644
index 0000000..45889f2
--- /dev/null
+++ b/patch/rabbitmq3.8.19_patch_01/configs/cluster.json.mustache
@@ -0,0 +1,205 @@
+{
+    "name": {{cluster.name}},
+    "description": {{cluster.description}},
+    "vxnet": {{cluster.vxnet}},
+    "links": {
+    	"etcd_service": {{cluster.etcd_service}}
+    },
+    "multi_zone_policy": "round_robin",
+    "upgrading_policy": "sequential",
+    "nodes": [{
+        "role": "disc",
+        "container": {
+            "type": "lxc",
+            "prefer_type": "lxc",
+            "sriov_nic": true,
+            "zone": "pek3a",
+            "image": "img-9qwimwzd"
+        },
+        "instance_class": {{cluster.disc.instance_class}},
+        "count": {{cluster.disc.count}},
+        "cpu": {{cluster.disc.cpu}},
+        "memory": {{cluster.disc.memory}},
+        "volume": {
+            "size": {{cluster.disc.volume_size}},
+            "mount_point": "/data",
+            "filesystem": "ext4"
+        },
+        "services": {
+            "start": {
+                "order": 0,
+                "cmd": "appctl start",
+                "nodes_to_execute_on": 255,
+                "timeout": 500
+            },
+            "stop": {
+                "order": 1,
+                "cmd": "appctl stop"
+            },
+            "scale_in": {
+                "nodes_to_execute_on": 10,
+                "pre_check": "appctl preCheckForScaleIn",
+                "cmd": "appctl scaleIn",
+                "timeout": 90
+            },
+            "destroy": {
+                "order": 0,
+                "cmd": "appctl stop"
+            },
+            "scale_out": {
+                "cmd": "appctl scaleOut",
+                "timeout": 90
+            }
+        },
+        "advanced_actions": ["scale_horizontal"],
+        "vertical_scaling_policy": "sequential",
+        "health_check": {
+            "enable": true,
+            "interval_sec": 60,
+            "timeout_sec": 10,
+            "action_timeout_sec": 60,
+            "healthy_threshold": 2,
+            "unhealthy_threshold": 2,
+            "check_cmd": "appctl check"
+        },
+        "monitor": {
+            "enable": true,
+            "cmd": "appctl measure",
+            "items": {
+                "fd_used": {
+                    "unit": "count"
+                },
+                "sockets_used": {
+                    "unit": "count"
+                },
+                "proc_used": {
+                    "unit": "count"
+                },
+                "run_queue": {
+                    "unit": "count"
+                },
+                "mem_used": {
+                    "unit": "MB"
+                }
+            },
+            "groups": {
+                "Fd Used": ["fd_used"],
+                "Sockets Used": ["sockets_used"],
+                "Proc Used": ["proc_used"],
+                "Run Queue": ["run_queue"],
+                "Mem Used": ["mem_used"]
+            },
+            "display": ["Mem Used", "Fd Used", "Sockets Used", "Proc Used", "Run Queue"],
+            "alarm": ["fd_used", "mem_used"]
+        }
+    }, {
+        "role": "client",
+        "container": {
+            "type": "kvm",
+            "zone": "pek3a",
+            "image": "img-9qwimwzd"
+        },
+        "instance_class": {{cluster.client.instance_class}},
+        "count": {{cluster.client.count}},
+        "cpu": {{cluster.client.cpu}},
+        "memory": {{cluster.client.memory}},
+        "user_access": true,
+        "passphraseless": "ssh-rsa",
+        "services": {
+            "start": {
+                "cmd": "appctl start"
+            },
+            "stop": {
+                "cmd": "appctl stop"
+            }
+        },
+        "advanced_actions": ["attach_keypairs"]
+    }, {
+        "role": "haproxy",
+        "container": {
+            "type": "lxc",
+            "prefer_type": "lxc",
+            "sriov_nic": true,
+            "zone": "pek3a",
+            "image": "img-9qwimwzd"
+        },
+        "instance_class": {{cluster.haproxy.instance_class}},
+        "count": {{cluster.haproxy.count}},
+        "cpu": {{cluster.haproxy.cpu}},
+        "memory": {{cluster.haproxy.memory}},
+        "volume": {
+            "size": {{cluster.haproxy.volume_size}},
+            "mount_point": "/data",
+            "filesystem": "ext4"
+        },
+        "services": {
+            "start": {
+                "order": 1,
+                "cmd": "appctl start"
+            },
+            "stop": {
+                "order": 0,
+                "cmd": "appctl stop"
+            },
+            "restart": {
+                "order": 0,
+                "cmd": "appctl restart"
+            }
+        },
+        "advanced_actions": ["scale_horizontal"],
+        "health_check": {
+            "enable": true,
+            "interval_sec": 60,
+            "timeout_sec": 10,
+            "action_timeout_sec": 30,
+            "healthy_threshold": 2,
+            "unhealthy_threshold": 2,
+            "check_cmd": "appctl check"
+        }, "volume": {
+            "size": {{cluster.haproxy.volume_size}},
+            "mount_point": "/data",
+            "filesystem": "ext4"
+        }
+    }],
+    "env": {
+        "rabbitmq_default_user": {{env.rabbitmq_default_user}},
+        "rabbitmq_default_pass": {{env.rabbitmq_default_pass}},
+        "haproxy_balance_policy": {{env.haproxy_balance_policy}},
+        "haproxy_web_port": {{env.haproxy_web_port}},
+        "haproxy_username": {{env.haproxy_username}},
+        "haproxy_password": {{env.haproxy_password}},
+        "num_tcp_acceptors": {{env.num_tcp_acceptors}},
+        "handshake_timeout": {{env.handshake_timeout}},
+        "reverse_dns_lookups": {{env.reverse_dns_lookups}},
+        "vm_memory_high_watermark": {{env.vm_memory_high_watermark}},
+        "vm_memory_high_watermark_paging_ratio": {{env.vm_memory_high_watermark_paging_ratio}},
+        "disk_free_limit": {{env.disk_free_limit}},
+        "frame_max": {{env.frame_max}},
+        "channel_max": {{env.channel_max}},
+        "heartbeat": {{env.heartbeat}},
+        "collect_statistics": {{env.collect_statistics}},
+        "collect_statistics_interval": {{env.collect_statistics_interval}},
+        "cluster_partition_handling": {{env.cluster_partition_handling}},
+        "cluster_keepalive_interval": {{env.cluster_keepalive_interval}},
+        "background_gc_enabled": {{env.background_gc_enabled}},
+        "background_gc_target_interval": {{env.background_gc_target_interval}},
+        "proxy_protocol": {{env.proxy_protocol}},
+        "tracing_user": {{env.tracing_user}},
+        "web_console_enabled": {{env.web_console_enabled}}
+    },
+    "endpoints": {
+        "client": {
+            "port": 5672,
+            "protocol": "tcp"
+        },
+        "status": {
+            "port": 8100,
+            "protocol": "tcp"
+        },
+        "reserved_ips": {
+            "vip": {
+                "value": ""
+            }
+        }
+    }
+}
\ No newline at end of file
diff --git a/patch/rabbitmq3.8.19_patch_01/configs/config.json b/patch/rabbitmq3.8.19_patch_01/configs/config.json
new file mode 100644
index 0000000..e457313
--- /dev/null
+++ b/patch/rabbitmq3.8.19_patch_01/configs/config.json
@@ -0,0 +1,378 @@
+{
+    "type": "array",
+    "properties": [{
+        "key": "cluster",
+        "description": "RabbitMQ cluster properties",
+        "type": "array",
+        "properties": [{
+            "key": "name",
+            "label": "Name",
+            "description": "The name of the RabbitMQ service",
+            "type": "string",
+            "default": "RabbitMQ",
+            "required": "no"
+        }, {
+            "key": "description",
+            "label": "Description",
+            "description": "The description of the RabbitMQ service",
+            "type": "string",
+            "default": "",
+            "required": "no"
+        }, {
+            "key": "vxnet",
+            "label": "VxNet",
+            "description": "Choose a vxnet to join",
+            "type": "string",
+            "default": "",
+            "required": "yes"
+        },  {
+            "key": "etcd_service",
+            "label": "etcd",
+            "description": "Choose a etcd to use",
+            "type": "service",
+            "tag": ["ETCD", "etcd"],
+            "limits": {
+                "app-fdyvu2wk": ["appv-5taat5ql", "appv-jzhr30i8", "appv-h1n2681n"]
+            },
+            "default": "",
+            "required": "yes"
+        },  {
+            "key": "resource_group",
+            "label": "Resource Configuration",
+            "description": "Test: 3 disc nodes with 1 HAProxy node; Prod: 3 disc nodes with 2 HAProxy nodes",
+            "type": "string",
+            "default": "Prod",
+            "range": ["Test", "Prod"]
+        }, {
+            "key": "disc",
+            "label": "Disc Node",
+            "description": "Disc Node",
+            "type": "array",
+            "properties": [{
+                "key": "cpu",
+                "label": "CPU",
+                "description": "CPUs of each node",
+                "type": "integer",
+                "default": 1,
+                "range": [1, 2, 4, 8, 16, 32],
+                "resource_group": [1, 2],
+                "required": "yes"
+            }, {
+                "key": "memory",
+                "label": "Memory",
+                "description": "Memory of each node",
+                "type": "integer",
+                "default": 1024,
+                "range": [1024, 2048, 4096, 8192, 16384, 32768, 49152, 65536, 131072],
+                "resource_group": [1024, 4096],
+                "required": "yes"
+            }, {
+                "key": "instance_class",
+                "label": "Instance Class",
+                "description": "",
+                "type": "integer",
+                "default": 101,
+                "range": [101, 202],
+                "resource_group": [101, 202],
+                "required": "yes"
+            }, {
+                "key": "volume_size",
+                "label": "Volume Size",
+                "description": "The volume size for each instance",
+                "type": "integer",
+                "auto_scale_step": 10,
+                "min": 10,
+                "max": 1000,
+                "default": 10,
+                "required": "yes"
+            }, {
+                "key": "count",
+                "label": "Count",
+                "description": "Disc Node Count",
+                "type": "integer",
+                "auto_scale_step": 1,
+                "default": 3,
+                "min": 3,
+                "max": 100,
+                "required": "yes"
+            }]
+        }, {
+            "key": "client",
+            "label": "client Node",
+            "description": "client Node",
+            "type": "array",
+            "properties": [{
+                "key": "cpu",
+                "label": "CPU",
+                "description": "CPUs of each node",
+                "type": "integer",
+                "default": 1,
+                "range": [1, 2, 4, 8, 16, 32],
+                "required": "yes"
+            }, {
+                "key": "memory",
+                "label": "Memory",
+                "description": "Memory of each node",
+                "type": "integer",
+                "default": 1024,
+                "range": [1024, 2048, 4096, 8192, 16384, 32768, 49152, 65536, 131072],
+                "required": "yes"
+            }, {
+                "key": "instance_class",
+                "label": "Instance Class",
+                "description": "",
+                "type": "integer",
+                "default": 101,
+                "range": [101, 202],
+                "required": "yes"
+            }, {
+                "key": "count",
+                "label": "Count",
+                "description": "Client Node Count",
+                "type": "integer",
+                "default": 1,
+                "min": 1,
+                "required": "yes"
+            }]
+        }, {
+            "key": "haproxy",
+            "label": "Haproxy+Keepalived",
+            "description": "Haproxy+Keepalived",
+            "type": "array",
+            "properties": [{
+                "key": "cpu",
+                "label": "CPU",
+                "description": "CPUs of each node",
+                "type": "integer",
+                "default": 1,
+                "range": [1, 2, 4, 8, 16, 32],
+                "resource_group": [1, 2],
+                "required": "yes"
+            }, {
+                "key": "memory",
+                "label": "Memory",
+                "description": "Memory of each node",
+                "type": "integer",
+                "default": 1024,
+                "range": [1024, 2048, 4096, 8192, 16384, 32768, 49152, 65536, 131072],
+                "resource_group": [1024, 2048],
+                "required": "yes"
+            }, {
+                "key": "instance_class",
+                "label": "Instance Class",
+                "description": "",
+                "type": "integer",
+                "default": 101,
+                "range": [101, 202],
+                "required": "yes"
+            }, {
+                "key": "volume_size",
+                "label": "Volume Size",
+                "description": "The volume size for each instance",
+                "type": "integer",
+                "auto_scale_step": 10,
+                "min": 10,
+                "max": 1000,
+                "default": 10,
+                "required": "yes"
+            }, {
+                "key": "count",
+                "label": "Count",
+                "description": "Haproxy HA Node Count",
+                "type": "integer",
+                "min": 2,
+                "max": 100,
+                "default": 2,
+                "required": "yes"
+            }]
+        }
+    ]
+    }, {
+        "key": "env",
+        "description": "RabbitMQ service properties",
+        "type": "array",
+        "properties": [{
+            "key": "rabbitmq_default_user",
+            "label": "rabbitmq_default_user",
+            "description": "rabbitmq_user",
+            "type": "string",
+            "default": "guest",
+            "required": "yes",
+            "changeable": false
+        }, {
+            "key": "rabbitmq_default_pass",
+            "label": "rabbitmq_default_pass",
+            "description": "rabbitmq_pass",
+            "type": "password",
+            "required": "yes"
+        }, {
+            "key": "haproxy_balance_policy",
+            "label": "haproxy_balance_policy",
+            "description": "haproxy balance policy",
+            "type": "string",
+            "default": "roundrobin",
+            "required": "no",
+            "range": ["roundrobin", "leastconn", "static-rr", "source", "uri", "url_param"]
+        }, {
+            "key": "haproxy_web_port",
+            "label": "haproxy_web_port",
+            "description": "haproxy web port",
+            "type": "integer",
+            "default": 8100,
+            "required": "no"
+        }, {
+            "key": "haproxy_username",
+            "label": "haproxy_username",
+            "description": "haproxy web login usernam",
+            "type": "string",
+            "default": "haproxy",
+            "required": "no"
+        }, {
+            "key": "haproxy_password",
+            "label": "haproxy_password",
+            "description": "haproxy web login passwd",
+            "type": "password",
+            "changeable":true,
+            "default": "haproxy",
+            "pattern": "^([a-zA-Z0-9_!#%^&*()./;]{6,}|)$",
+            "required": "no"
+        }, {
+            "key": "num_tcp_acceptors",
+            "label": "num_tcp_acceptors",
+            "description": "Number of Erlang processes that will accept connections for the TCP listeners",
+            "type": "integer",
+            "default": 10,
+            "min": 10,
+            "max": 200,
+            "required": "no"
+        }, {
+            "key": "handshake_timeout",
+            "label": "handshake_timeout",
+            "description": "Maximum time for AMQP 0-8/0-9/0-9-1 handshake (after socket connection and SSL handshake), in milliseconds",
+            "type": "integer",
+            "default": 10000,
+            "min": 5000,
+            "required": "no"
+        }, {
+            "key": "vm_memory_high_watermark",
+            "label": "vm_memory_high_watermark",
+            "description": "Memory threshold at which the flow control is triggered",
+            "type": "number",
+            "default": 0.4,
+            "range": [0.3,0.4,0.5,0.6,0.7],
+            "required": "no"
+        }, {
+            "key": "vm_memory_high_watermark_paging_ratio",
+            "label": "vm_memory_high_watermark_paging_ratio",
+            "description": "Fraction of the high watermark limit at which queues start to page messages out to disc to free up memory",
+            "type": "number",
+            "default": 0.5,
+            "range": [0.3,0.4,0.5,0.6,0.7],
+            "required": "no"
+        }, {
+            "key": "disk_free_limit",
+            "label": "disk_free_limit",
+            "description": "Disk free space (in bytes) limit of the partition on which RabbitMQ is storing data",
+            "type": "integer",
+            "default": 524288000,
+            "required": "no"
+        }, {
+            "key": "frame_max",
+            "label": "frame_max",
+            "description": "Maximum permissible size of a frame (in bytes) to negotiate with clients,setting to 0 means unlimited but will trigger a bug in some QPid clients. Setting a larger value may improve throughput; setting a smaller value may improve latency",
+            "type": "integer",
+            "default": 131072,
+            "required": "no"
+        }, {
+            "key": "channel_max",
+            "label": "channel_max",
+            "description": "Maximum permissible number of channels to negotiate with clients. Setting to 0 means unlimited. Using more channels increases memory footprint of the broker.",
+            "type": "integer",
+            "default": 0,
+            "required": "no"
+        }, {
+            "key": "heartbeat",
+            "label": "heartbeat",
+            "description": "Value representing the heartbeat delay, in seconds, that the server sends in the connection.tune frame",
+            "type": "integer",
+            "default": 60,
+            "required": "no"
+        }, {
+            "key": "collect_statistics",
+            "label": "collect_statistics",
+            "description": "Statistics collection mode. Primarily relevant for the management plugin",
+            "type": "string",
+            "range": ["none","coarse","fine"],
+            "default": "none",
+            "required": "no"
+        }, {
+            "key": "collect_statistics_interval",
+            "label": "collect_statistics_interval",
+            "description": "Statistics collection interval in milliseconds. Primarily relevant for the management plugin",
+            "type": "integer",
+            "default": 5000,
+            "required": "no"
+        }, {
+            "key": "cluster_partition_handling",
+            "label": "cluster_partition_handling",
+            "description": "How to handle network partitions",
+            "type": "string",
+            "range": ["ignore","pause_minority","autoheal"],
+            "default": "pause_minority",
+            "required": "no"
+        }, {
+            "key": "cluster_keepalive_interval",
+            "label": "cluster_keepalive_interval",
+            "description": "How frequently nodes should send keepalive messages to other nodes (in milliseconds)",
+            "type": "integer",
+            "default": 10000,
+            "required": "no"
+        }, {
+            "key": "background_gc_target_interval",
+            "label": "background_gc_target_interval",
+            "description": "The actual interval will vary depending on how long it takes to execute the operation",
+            "type": "integer",
+            "min": 30000,
+            "default": 60000,
+            "required": "no"
+        }, {
+            "key": "background_gc_enabled",
+            "label": "background_gc_enabled",
+            "description": "Disabling background GC may reduce latency for client operations, keeping it enabled may reduce median RAM usage",
+            "type": "boolean",
+            "default": false,
+            "range": [true, false],
+            "required": "no"
+        }, {
+            "key": "reverse_dns_lookups",
+            "label": "reverse_dns_lookups",
+            "description": "Set to true to have RabbitMQ perform a reverse DNS lookup on client connections, and present that information through rabbitmqctl and the management plugin",
+            "type": "boolean",
+            "default": false,
+            "range": [true, false],
+            "required": "no"
+        }, {
+            "key": "tracing_user",
+            "label": "tracing_user",
+            "description": "The name of a user as which to create the tracing queues and bindings",
+            "type": "string",
+            "default": "guest",
+            "required": "no"
+        }, {
+            "key": "proxy_protocol",
+            "label": "proxy_protocol",
+            "description": "Whether or not to enable proxy protocol support. Once enabled, clients cannot directly connect to the broker anymore. They must connect through a load balancer that sends theproxy protocol header to the broker at connection time.This setting applies only to AMQP clients, other protocolslike MQTT or STOMP have their own setting to enable proxy protocol. See the plugins documentation for more information",
+            "type": "boolean",
+            "default": false,
+            "range": [true, false],
+            "required": "no"
+        }, {
+            "key": "web_console_enabled",
+            "label": "Switch of log web console",
+            "description": "Whether to enable log web console",
+            "type": "boolean",
+            "default": true,
+            "required": "no"
+        }]
+    }]
+}
diff --git a/patch/rabbitmq3.8.19_patch_01/configs/locale/en.json b/patch/rabbitmq3.8.19_patch_01/configs/locale/en.json
new file mode 100644
index 0000000..8b68d99
--- /dev/null
+++ b/patch/rabbitmq3.8.19_patch_01/configs/locale/en.json
@@ -0,0 +1,6 @@
+{
+    "Sockets Used": "Percentage of file descriptors used as sockets",
+    "Fd Used": "Percentage of file descriptors used as sockets",
+    "Proc Used": "Erlang running number",
+    "Run Queue": "Erlang waiting number"
+}
diff --git a/patch/rabbitmq3.8.19_patch_01/configs/locale/zh-cn.json b/patch/rabbitmq3.8.19_patch_01/configs/locale/zh-cn.json
new file mode 100644
index 0000000..9e7c83a
--- /dev/null
+++ b/patch/rabbitmq3.8.19_patch_01/configs/locale/zh-cn.json
@@ -0,0 +1,75 @@
+{
+    "Name": "名称",
+    "Description": "描述",
+    "RabbitMQ cluster propertie": "RabbitMQ 集群",
+    "The name of the RabbitMQ service": "RabbitMQ 服务名称",
+    "The description of the RabbitMQ service": "RabbitMQ 服务描述",
+    "rabbitmq_user": "Rabbitmq网页控制台管理员用户名(此项配置后不可修改，请谨慎操作）",
+    "rabbitmq_pass": "Rabbitmq网页控制台默认管理员用户密码",
+    "VxNet": "私有网络",
+    "Test": "测试环境",
+    "Prod": "生产环境",
+    "Test: 3 disc nodes with 1 HAProxy node; Prod: 3 disc nodes with 2 HAProxy nodes": "测试环境：1核1G磁盘节点 x 3 ，1核1G客户端节点 x 1，1核1G负载均衡节点 x 2；生产环境：2核4G超高性能型磁盘节点 x 3，1核1G客户端节点 x 1，2核2G负载均衡节点 x 2",
+    "Memory of each node": "每个节点的内存",
+    "The volume size for each instance": "每个实例的磁盘大小",
+    "Choose a vxnet to join": "选择要加入的私有网络",
+    "CPU": "CPU",
+    "CPUs of each node": "每个节点的 CPU 数量",
+    "Memory": "内存",
+    "Memory of each node ": "每个节点的内存数量",
+    "Instance Class": "主机类型",
+    "RabbitMQ Node": "RabbitMQ 节点",
+    "RabbitMQ Node Count": "RabbitMQ 节点数量",
+    "Node Count": "节点数量",
+    "Number of nodes for the cluster to create": "要创建的节点数量",
+    "Volume Size": "存储容量",
+    "The volume size for each node": "每个节点的存储容量",
+    "instance class": "实例类型",
+    "count" : "个",
+    "Count" : "节点个数",
+    "Sockets Used": "Sockets 句柄数",
+    "Fd Used": "文件句柄数",
+    "Proc Used": "Broker 子进程数",
+    "Run Queue": "正在等待的 Erlang 进程数",
+    "Mem Used": "RabbitMQ 内存占用 (MB)",
+    "Haproxy+Keepalived": "负载均衡器",
+    "roundrobin": "轮询",
+    "leastconn": "最小连接",
+    "static-rr": "静态权重",
+    "source": "IP 哈希",
+    "uri": "uri 哈希",
+    "client Node": "client 节点",
+    "Disc Node Count": "磁盘节点个数",
+    "Client Node Count": "client 节点个数",
+    "haproxy web port": "haproxy 监控界面端口",
+    "haproxy web login usernam": "haproxy 监控界面用户名",
+    "haproxy web login passwd": "haproxy 监控界面密码",
+    "url_param": "url_param 哈希",
+    "haproxy balance policy": "负载均衡策略(roundrobin:轮询, leastconn:最小连接, static-rr:静态权重, source:IP 哈希, uri:uri 哈希, url_param:url_param 哈希)",
+    "Haproxy HA Node Count": "负载均衡器高可用节点个数",
+    "Disc Node": "磁盘节点",
+    "Number of Erlang processes that will accept connections for the TCP listeners": "接受TCP侦听器连接的Erlang进程数",
+    "Maximum time for AMQP 0-8/0-9/0-9-1 handshake (after socket connection and SSL handshake), in milliseconds": "AMQP 0-8/0-9/0-9-1 handshake (在 socket 连接和SSL 握手之后）的最大时间, 单位为毫秒",
+    "Memory threshold at which the flow control is triggered": "流程控制触发的内存阀值",
+    "Fraction of the high watermark limit at which queues start to page messages out to disc to free up memory": "高水位限制的分数，当达到阀值时，队列中消息会转移到磁盘上以释放内存",
+    "Disk free space (in bytes) limit of the partition on which RabbitMQ is storing data": "RabbitMQ存储数据分区的可用磁盘空间限制．当可用空间值低于阀值时，流程控制将被触发.默认情况下，可用磁盘空间必须超过50MB，默认值为500MB",
+    "Maximum permissible size of a frame (in bytes) to negotiate with clients,setting to 0 means unlimited but will trigger a bug in some QPid clients. Setting a larger value may improve throughput; setting a smaller value may improve latency": "与客户端协商的允许最大frame大小. 设置为０表示无限制，但在某些QPid客户端会引发bug. 设置较大的值可以提高吞吐量;设置一个较小的值可能会提高延迟",
+    "Maximum permissible number of channels to negotiate with clients. Setting to 0 means unlimited. Using more channels increases memory footprint of the broker.": "与客户端协商的允许最大chanel大小. 设置为０表示无限制．该数值越大，则broker使用的内存就越高",
+    "Value representing the heartbeat delay, in seconds, that the server sends in the connection.tune frame": "表示心跳延迟(单位为秒) ，服务器将在connection.tune frame中发送.如果设置为 0, 心跳将被禁用. 客户端可以不用遵循服务器的建议,禁用心跳可以在有大量连接的场景中提高性能，但可能会造成关闭了非活动连接的网络设备上的连接落下",
+    "Statistics collection mode. Primarily relevant for the management plugin": "统计收集模式。主要与管理插件相关",
+    "Statistics collection interval in milliseconds. Primarily relevant for the management plugin": "统计收集时间间隔(毫秒为单位)． 主要针对于 management plugin",
+    "How to handle network partitions": "如何处理网络分区",
+    "How frequently nodes should send keepalive messages to other nodes (in milliseconds)": "节点向其它节点发送存活消息和频率(毫秒). 注意，这与 net_ticktime是不同的; 丢失存活消息不会引起节点掉线",
+    "The actual interval will vary depending on how long it takes to execute the operation": "GC 实际间隔将根据执行操作所需的时间而有所不同",
+    "The name of a user as which to create the tracing queues and bindings": "用于创建追踪队列的用户",
+    "Disabling background GC may reduce latency for client operations, keeping it enabled may reduce median RAM usage": "是否启用 GC，开启或许可以减少内存使用",
+    "Set to true to have RabbitMQ perform a reverse DNS lookup on client connections, and present that information through rabbitmqctl and the management plugin": "设置为true,可让客户端在连接时让RabbitMQ 执行一个反向DNS查找, 然后通过 rabbitmqctl 和 管理插件来展现信息",
+    "Whether or not to enable proxy protocol support. Once enabled, clients cannot directly connect to the broker anymore. They must connect through a load balancer that sends theproxy protocol header to the broker at connection time.This setting applies only to AMQP clients, other protocolslike MQTT or STOMP have their own setting to enable proxy protocol. See the plugins documentation for more information": "是否启用代理协议支持。一旦启用，客户端就不能直接连接到代理了。他们必须通过负载平衡器连接，此设置仅适用于AMQP客户端，其他协议类型的MQTT或STOMP有自己的设置来启用代理协议。有关更多信息，请参阅插件文档",
+    "err_code240": "扩容失败，请检查集群状态",
+    "err_code241": "节点状态不正常，请检查集群状态",
+    "err_code242": "删除过多内存节点和磁盘节点，pause_minority 模式下每次仅允许删除小于总数的 1/2 个节点",
+    "err_code243": "节点磁盘使用率超过 30%，剩余空间不足或导致升级失败，请先扩容",
+    "Whether to enable log web console": "日志管理控制台开关，true=开启，默认开启",
+    "notice_when_upgrade": "1. 如果集群使用了优先队列 (priority queue)，请根据 [文档](https://docs.qingcloud.com/product/middware/rabbitmq/index] 进行操作，否则会导致此类队列里的数据**全部丢失**；\n 2. 若集群中缓存有大量消息数据，升级将极为耗时，单核 1G 内存的节点 10G 数据需要 30 分钟，数据越多速度越慢，建议业务低谷时队列基本为空时操作；\n 3. 每个节点磁盘使用率不得超过 30%，剩余空间不足会导致升级失败。",
+    "etcd": "etcd外部服务"
+}
diff --git a/patch/rabbitmq3.8.19_patch_01/configs/patch.json b/patch/rabbitmq3.8.19_patch_01/configs/patch.json
new file mode 100644
index 0000000..f2ea0a7
--- /dev/null
+++ b/patch/rabbitmq3.8.19_patch_01/configs/patch.json
@@ -0,0 +1,38 @@
+{
+    "patch_policy": [""],
+    "patch_nodes": [{
+        "container": {
+            "snapshot": "ss-me9c1un6",
+            "zone": "pek3a"
+        },
+        "patch": [{
+            "mount_role": "haproxy",
+            "mount_point": "/patch",
+            "mount_options": "defaults,noatime",
+            "filesystem": "ext4",
+            "cmd": "/patch/patch_haproxy.sh"
+        }, {
+            "mount_role": "disc",
+            "mount_point": "/patch",
+            "mount_options": "defaults,noatime",
+            "filesystem": "ext4",
+            "cmd": "/patch/patch_disc.sh"
+        }],
+        "rollback": [{
+            "mount_role": "haproxy",
+            "mount_point": "/patch",
+            "mount_options": "defaults,noatime",
+            "filesystem": "ext4",
+            "cmd": "/patch/rollback_haproxy.sh"
+        }, {
+            "mount_role": "disc",
+            "mount_point": "/patch",
+            "mount_options": "defaults,noatime",
+            "filesystem": "ext4",
+            "cmd": "/patch/rollback_disc.sh"
+        }]
+    }]
+}
+
+
+
diff --git a/patch/rabbitmq3.8.19_patch_01/configs/replace_policy.json b/patch/rabbitmq3.8.19_patch_01/configs/replace_policy.json
new file mode 100644
index 0000000..94a3c13
--- /dev/null
+++ b/patch/rabbitmq3.8.19_patch_01/configs/replace_policy.json
@@ -0,0 +1,283 @@
+{
+    "pek3": {
+        "instance_class": [{
+            "src": "0",
+            "dst": 101
+        }, {
+            "src": "1",
+            "dst": 202
+        }],
+        "volume_class": [{
+            "src": "0",
+            "dst": 100
+        }, {
+            "src": "3",
+            "dst": 200
+        }]
+    },
+    "pek3b": {
+        "instance_class": [{
+            "src": "0",
+            "dst": 101
+        }, {
+            "src": "1",
+            "dst": 202
+        }],
+        "volume_class": [{
+            "src": "0",
+            "dst": 100
+        }, {
+            "src": "3",
+            "dst": 200
+        }]
+    },
+    "pek3c": {
+        "instance_class": [{
+            "src": "0",
+            "dst": 101
+        }, {
+            "src": "1",
+            "dst": 202
+        }],
+        "volume_class": [{
+            "src": "0",
+            "dst": 100
+        }, {
+            "src": "3",
+            "dst": 200
+        }]
+    },
+    "pek3d": {
+        "instance_class": [{
+            "src": "0",
+            "dst": 101
+        }, {
+            "src": "1",
+            "dst": 202
+        }],
+        "volume_class": [{
+            "src": "0",
+            "dst": 100
+        }, {
+            "src": "3",
+            "dst": 200
+        }]
+    },
+    "ap3": {
+        "instance_class": [{
+            "src": "0",
+            "dst": 101
+        }, {
+            "src": "1",
+            "dst": 202
+        }, {
+            "src": "201",
+            "dst": 202
+        }, {
+            "src": "301",
+            "dst": 202
+        }],
+        "volume_class": [{
+            "src": "0",
+            "dst": 100
+        }, {
+            "src": "3",
+            "dst": 200
+        }, {
+            "src": "2",
+            "dst": 6
+        }, {
+            "src": "5",
+            "dst": 6
+        }]
+    },
+    "ap3a": {
+        "instance_class": [{
+            "src": "0",
+            "dst": 101
+        }, {
+            "src": "1",
+            "dst": 202
+        }, {
+            "src": "301",
+            "dst": 202
+        }, {
+            "src": "201",
+            "dst": 202
+        }],
+        "volume_class": [{
+            "src": "0",
+            "dst": 100
+        }, {
+            "src": "3",
+            "dst": 200
+        }, {
+            "src": "2",
+            "dst": 6
+        }, {
+            "src": "5",
+            "dst": 6
+        }]
+    },
+    "sh1": {
+        "instance_class": [{
+            "src": "0",
+            "dst": 101
+        }, {
+            "src": "1",
+            "dst": 202
+        }],
+        "volume_class": [{
+            "src": "0",
+            "dst": 100
+        }, {
+            "src": "3",
+            "dst": 200
+        }]
+    },
+    "sh1a": {
+        "instance_class": [{
+            "src": "0",
+            "dst": 101
+        }, {
+            "src": "1",
+            "dst": 202
+        }],
+        "volume_class": [{
+            "src": "0",
+            "dst": 100
+        }, {
+            "src": "3",
+            "dst": 200
+        }]
+    },
+    "sh1b": {
+        "instance_class": [{
+            "src": "0",
+            "dst": 101
+        }, {
+            "src": "1",
+            "dst": 202
+        }],
+        "volume_class": [{
+            "src": "0",
+            "dst": 100
+        }, {
+            "src": "3",
+            "dst": 200
+        }]
+    },
+    "pek3a": {
+        "instance_class": [{
+            "src": "101",
+            "dst": 0
+        }, {
+            "src": "201",
+            "dst": 1
+        }, {
+            "src": "202",
+            "dst": 1
+        }, {
+            "src": "301",
+            "dst": 1
+        }],
+        "volume_class": [{
+            "src": "100",
+            "dst": 0
+        }, {
+            "src": "200",
+            "dst": 3
+        }, {
+            "src": "5",
+            "dst": 2
+        }, {
+            "src": "6",
+            "dst": 2
+        }]
+    },
+    "ap2a": {
+        "instance_class": [{
+            "src": "0",
+            "dst": 101
+        }, {
+            "src": "1",
+            "dst": 201
+        }, {
+            "src": "202",
+            "dst": 201
+        }, {
+            "src": "301",
+            "dst": 201
+        }],
+        "volume_class": [{
+            "src": "5",
+            "dst": 2
+        }, {
+            "src": "6",
+            "dst": 2
+        }, {
+            "src": "0",
+            "dst": 100
+        }, {
+            "src": "3",
+            "dst": 200
+        }]
+    },
+    "gd2": {
+        "instance_class": [{
+            "src": "0",
+            "dst": 101
+        }, {
+            "src": "1",
+            "dst": 201
+        }, {
+            "src": "202",
+            "dst": 201
+        }],
+        "volume_class": [{
+            "src": "0",
+            "dst": 100
+        }, {
+            "src": "3",
+            "dst": 200
+        }]
+    },
+    "gd2a": {
+        "instance_class": [{
+            "src": "0",
+            "dst": 101
+        }, {
+            "src": "1",
+            "dst": 201
+        }, {
+            "src": "202",
+            "dst": 201
+        }],
+        "volume_class": [{
+            "src": "0",
+            "dst": 100
+        }, {
+            "src": "3",
+            "dst": 200
+        }]
+    },
+    "gd2b": {
+        "instance_class": [{
+            "src": "0",
+            "dst": 101
+        }, {
+            "src": "1",
+            "dst": 201
+        }, {
+            "src": "202",
+            "dst": 201
+        }],
+        "volume_class": [{
+            "src": "0",
+            "dst": 100
+        }, {
+            "src": "3",
+            "dst": 200
+        }]
+    }
+}
\ No newline at end of file
diff --git a/patch/rabbitmq3.8.19_patch_01/scripts/ctl.sh b/patch/rabbitmq3.8.19_patch_01/scripts/ctl.sh
new file mode 100644
index 0000000..de8d67f
--- /dev/null
+++ b/patch/rabbitmq3.8.19_patch_01/scripts/ctl.sh
@@ -0,0 +1,263 @@
+#!/usr/bin/env bash
+
+# Default hook functions named starting with _, e.g. _init(), _start(), etc.
+# Specific roles can override the default hooks like:
+#   start() {
+#     _start
+#     ...
+#   }
+#
+# Specific hooks will be executed if exist, otherwise the default ones.
+
+# Error codes
+EC_CHECK_INACTIVE=200
+EC_CHECK_PORT_ERR=201
+EC_CHECK_PROTO_ERR=202
+EC_ENV_ERR=203
+EC_CHECK_HTTP_REQ_ERR=204
+EC_CHECK_HTTP_CODE_ERR=205
+
+command=$1
+args="${@:2}"
+
+log() {
+  if [ "$1" == "--debug" ]; then
+    [ "$APPCTL_ENV" == "dev" ] || return 0
+    shift
+  fi
+  logger -S 5000 -t appctl --id=$$ -- "[cmd=$command args='$args'] $@"
+}
+ 
+retry() {
+  local tried=0
+  local maxAttempts=$1
+  local interval=$2
+  local stopCode=$3
+  local cmd="${@:4}"
+  local retCode=0
+  while [ $tried -lt $maxAttempts ]; do
+    $cmd && return 0 || {
+      retCode=$?
+      if [ "$retCode" = "$stopCode" ]; then
+        log "'$cmd' returned with stop code $stopCode. Stopping ..."
+        return $retCode
+      fi
+    }
+    sleep $interval
+    tried=$((tried+1))
+  done
+
+  log "'$cmd' still returned errors after $tried attempts. Stopping ..."
+  return $retCode
+}
+
+rotate() {
+  local maxFilesCount=5
+  for path in $@; do
+    for i in $(seq 1 $maxFilesCount | tac); do
+      if [ -f "${path}.$i" ]; then mv ${path}.$i ${path}.$(($i+1)); fi
+    done
+    if [ -f "$path" ]; then cp $path ${path}.1; fi
+  done
+}
+
+execute() {
+  local cmd=$1; log --debug "Executing command ..."
+  [ "$(type -t $cmd)" = "function" ] || cmd=_$cmd
+  $cmd ${@:2}
+}
+
+applyEnvFiles() {
+  local envFile; for envFile in $(find /opt/app/bin/envs -name "*.env"); do . $envFile; done
+}
+
+applyRoleScripts() {
+  local scriptFile=/opt/app/bin/node/$NODE_CTL.sh
+  if [ -f "$scriptFile" ]; then . $scriptFile; fi
+}
+
+checkEnv() {
+  test -n "$1"
+}
+
+checkMounts() {
+  test -n "${MY_HYPER_TYPE}" || {
+    log "ERROR: MY_HYPER_TYPE variable is required to be set. "
+    return 1
+  }
+  test -n "${DATA_MOUNTS+x}" || {
+    log "ERROR: DATA_MOUNTS variable is required to be set. "
+    return 1
+  }
+  case $MY_HYPER_TYPE in
+  kvm)
+      local dataDir; for dataDir in $DATA_MOUNTS; do
+        grep -qs " $dataDir " /proc/mounts || {
+          log "ERROR: Failed to mount disk . "
+          return 1
+        }
+      done
+  ;;
+  lxc)
+      local dataDir; for dataDir in $DATA_MOUNTS; do
+        dataDir=$(echo $dataDir|tr -s [:space:])
+        if [ -d $dataDir ]; then
+	         :
+       	else
+	         log "ERROR: $dataDir is not found in this container . "
+	         return 1
+       	fi
+      done
+  ;;
+  *)
+      log "ERROR: unrecognized hyper type: $MY_HYPER_TYPE. "
+      return 1
+  ;;
+  esac
+}
+
+getServices() {
+  if [ "$1" = "-a" ]; then
+    echo $SERVICES
+  else
+    echo $SERVICES | xargs -n1 | awk -F/ '$2=="true"' | xargs
+  fi
+}
+
+isSvcEnabled() {
+  local svc="${1%%/*}"
+  [ "$(echo $(getServices -a) | xargs -n1 | awk -F/ '$1=="'$svc'" {print $2}')" = "true" ]
+}
+
+checkActive() {
+  systemctl is-active -q $1
+}
+
+checkEndpoint() {
+  local proto=${1%:*} host=${2-$MY_IP} port=${1#*:}
+  if [ "$proto" = "tcp" ]; then
+    nc -z -w5 $host $port
+  elif [ "$proto" = "http" ]; then
+    local code
+    code="$(curl -s -m5 -o /dev/null -w "%{http_code}" $host:$port)" || {
+      log "ERROR: HTTP $code - failed to check http://$host:$port ($?)."
+      return $EC_CHECK_HTTP_REQ_ERR
+    }
+    [[ "$code" =~ ^(200|302|401|403|404)$ ]] || {
+      log "ERROR: unexpected HTTP code $code."
+      return $EC_CHECK_HTTP_CODE_ERR
+    }
+  else
+    return $EC_CHECK_PROTO_ERR
+  fi
+}
+
+isNodeInitialized() {
+  local svcs="$(getServices -a)"
+  [ "$(systemctl is-enabled ${svcs%%/*})" == "disabled" ]
+}
+
+initSvc() {
+  systemctl unmask -q ${1%%/*}
+}
+
+_checkSvc() {
+  checkActive ${1%%/*} || {
+    # log "Service '$1' is inactive."
+    return $EC_CHECK_INACTIVE
+  }
+  local endpoints=$(echo $1 | awk -F/ '{print $3}')
+  local endpoint; for endpoint in ${endpoints//,/ }; do
+    checkEndpoint $endpoint || {
+      # log "Endpoint '$endpoint' is unreachable."
+      return $EC_CHECK_PORT_ERR
+    }
+  done
+}
+
+startSvc() {
+  systemctl enable ${1%%/*}
+  systemctl start ${1%%/*}
+}
+
+stopSvc() {
+  systemctl stop ${1%%/*}
+}
+
+restartSvc() {
+  stopSvc $1
+  startSvc $1
+}
+
+### app management
+
+_preCheck() {
+  checkEnv "$MY_IP"
+}
+
+_initNode() {
+  checkMounts
+  rm -rf /data/lost+found
+  install -d -o syslog -g svc /data/log/appctl/
+  local svc; for svc in $(getServices -a); do initSvc $svc; done
+  echo 'root:Zhu1241jie' | chpasswd
+}
+
+_revive() {
+  log "INFO: Application is asked to revive . "
+  local svc; for svc in $(getServices); do
+    execute checkSvc $svc || restartSvc $svc || log "ERROR: failed to restart '$svc' ($?)."
+  done
+  log "INFO: Application revived successfully  . "
+}
+
+_check() {
+  local svc; for svc in $(getServices); do
+    execute checkSvc $svc || (log "ERROR: $svc failed the health check . " && return 1)
+   done
+}
+
+_start() {
+  isNodeInitialized || {
+    execute initNode
+    systemctl restart rsyslog # output to log files under /data
+  }
+  local svc; for svc in $(getServices); do 
+    startSvc $svc || (log "ERROR: service $svc failed to start  . " && return 1)
+  done
+}
+
+_stop() {
+  local svc; for svc in $(getServices -a | xargs -n1 | tac); do 
+    stopSvc $svc
+  done
+}
+
+_restart() {
+  log "INFO: Application is asked to restart . "
+  execute stop
+  execute start
+  log "INFO: Application restarted successfully  . "
+}
+
+_reload() {
+  if ! isNodeInitialized; then return 0; fi # only reload after initialized
+  local svcs="${@:-$(getServices -a)}"
+  local svc; for svc in $(echo $svcs | xargs -n1 | tac); do stopSvc $svc; done
+  local svc; for svc in $svcs; do
+    if isSvcEnabled $svc; then 
+    log "INFO: $svc is asked to reload by appctl . "
+    startSvc $svc
+    log "INFO: $svc reloaded successfully  . "
+    fi
+  done
+}
+
+applyEnvFiles
+applyRoleScripts
+
+[ "$APPCTL_ENV" == "dev" ] && set -x
+set -eo pipefail
+
+execute preCheck
+execute $command $args
diff --git a/patch/rabbitmq3.8.19_patch_01/scripts/ctl.sh.bak b/patch/rabbitmq3.8.19_patch_01/scripts/ctl.sh.bak
new file mode 100644
index 0000000..9e52d75
--- /dev/null
+++ b/patch/rabbitmq3.8.19_patch_01/scripts/ctl.sh.bak
@@ -0,0 +1,262 @@
+#!/usr/bin/env bash
+
+# Default hook functions named starting with _, e.g. _init(), _start(), etc.
+# Specific roles can override the default hooks like:
+#   start() {
+#     _start
+#     ...
+#   }
+#
+# Specific hooks will be executed if exist, otherwise the default ones.
+
+# Error codes
+EC_CHECK_INACTIVE=200
+EC_CHECK_PORT_ERR=201
+EC_CHECK_PROTO_ERR=202
+EC_ENV_ERR=203
+EC_CHECK_HTTP_REQ_ERR=204
+EC_CHECK_HTTP_CODE_ERR=205
+
+command=$1
+args="${@:2}"
+
+log() {
+  if [ "$1" == "--debug" ]; then
+    [ "$APPCTL_ENV" == "dev" ] || return 0
+    shift
+  fi
+  logger -S 5000 -t appctl --id=$$ -- "[cmd=$command args='$args'] $@"
+}
+ 
+retry() {
+  local tried=0
+  local maxAttempts=$1
+  local interval=$2
+  local stopCode=$3
+  local cmd="${@:4}"
+  local retCode=0
+  while [ $tried -lt $maxAttempts ]; do
+    $cmd && return 0 || {
+      retCode=$?
+      if [ "$retCode" = "$stopCode" ]; then
+        log "'$cmd' returned with stop code $stopCode. Stopping ..."
+        return $retCode
+      fi
+    }
+    sleep $interval
+    tried=$((tried+1))
+  done
+
+  log "'$cmd' still returned errors after $tried attempts. Stopping ..."
+  return $retCode
+}
+
+rotate() {
+  local maxFilesCount=5
+  for path in $@; do
+    for i in $(seq 1 $maxFilesCount | tac); do
+      if [ -f "${path}.$i" ]; then mv ${path}.$i ${path}.$(($i+1)); fi
+    done
+    if [ -f "$path" ]; then cp $path ${path}.1; fi
+  done
+}
+
+execute() {
+  local cmd=$1; log --debug "Executing command ..."
+  [ "$(type -t $cmd)" = "function" ] || cmd=_$cmd
+  $cmd ${@:2}
+}
+
+applyEnvFiles() {
+  local envFile; for envFile in $(find /opt/app/bin/envs -name "*.env"); do . $envFile; done
+}
+
+applyRoleScripts() {
+  local scriptFile=/opt/app/bin/node/$NODE_CTL.sh
+  if [ -f "$scriptFile" ]; then . $scriptFile; fi
+}
+
+checkEnv() {
+  test -n "$1"
+}
+
+checkMounts() {
+  test -n "${MY_HYPER_TYPE}" || {
+    log "ERROR: MY_HYPER_TYPE variable is required to be set. "
+    return 1
+  }
+  test -n "${DATA_MOUNTS+x}" || {
+    log "ERROR: DATA_MOUNTS variable is required to be set. "
+    return 1
+  }
+  case $MY_HYPER_TYPE in
+  kvm)
+      local dataDir; for dataDir in $DATA_MOUNTS; do
+        grep -qs " $dataDir " /proc/mounts || {
+          log "ERROR: Failed to mount disk . "
+          return 1
+        }
+      done
+  ;;
+  lxc)
+      local dataDir; for dataDir in $DATA_MOUNTS; do
+        dataDir=$(echo $dataDir|tr -s [:space:])
+        if [ -d $dataDir ]; then
+	         :
+       	else
+	         log "ERROR: $dataDir is not found in this container . "
+	         return 1
+       	fi
+      done
+  ;;
+  *)
+      log "ERROR: unrecognized hyper type: $MY_HYPER_TYPE. "
+      return 1
+  ;;
+  esac
+}
+
+getServices() {
+  if [ "$1" = "-a" ]; then
+    echo $SERVICES
+  else
+    echo $SERVICES | xargs -n1 | awk -F/ '$2=="true"' | xargs
+  fi
+}
+
+isSvcEnabled() {
+  local svc="${1%%/*}"
+  [ "$(echo $(getServices -a) | xargs -n1 | awk -F/ '$1=="'$svc'" {print $2}')" = "true" ]
+}
+
+checkActive() {
+  systemctl is-active -q $1
+}
+
+checkEndpoint() {
+  local proto=${1%:*} host=${2-$MY_IP} port=${1#*:}
+  if [ "$proto" = "tcp" ]; then
+    nc -z -w5 $host $port
+  elif [ "$proto" = "http" ]; then
+    local code
+    code="$(curl -s -m5 -o /dev/null -w "%{http_code}" $host:$port)" || {
+      log "ERROR: HTTP $code - failed to check http://$host:$port ($?)."
+      return $EC_CHECK_HTTP_REQ_ERR
+    }
+    [[ "$code" =~ ^(200|302|401|403|404)$ ]] || {
+      log "ERROR: unexpected HTTP code $code."
+      return $EC_CHECK_HTTP_CODE_ERR
+    }
+  else
+    return $EC_CHECK_PROTO_ERR
+  fi
+}
+
+isNodeInitialized() {
+  local svcs="$(getServices -a)"
+  [ "$(systemctl is-enabled ${svcs%%/*})" == "disabled" ]
+}
+
+initSvc() {
+  systemctl unmask -q ${1%%/*}
+}
+
+_checkSvc() {
+  checkActive ${1%%/*} || {
+    # log "Service '$1' is inactive."
+    return $EC_CHECK_INACTIVE
+  }
+  local endpoints=$(echo $1 | awk -F/ '{print $3}')
+  local endpoint; for endpoint in ${endpoints//,/ }; do
+    checkEndpoint $endpoint || {
+      # log "Endpoint '$endpoint' is unreachable."
+      return $EC_CHECK_PORT_ERR
+    }
+  done
+}
+
+startSvc() {
+  systemctl start ${1%%/*}
+}
+
+stopSvc() {
+  systemctl stop ${1%%/*}
+}
+
+restartSvc() {
+  stopSvc $1
+  startSvc $1
+}
+
+### app management
+
+_preCheck() {
+  checkEnv "$MY_IP"
+}
+
+_initNode() {
+  checkMounts
+  rm -rf /data/lost+found
+  install -d -o syslog -g svc /data/log/appctl/
+  local svc; for svc in $(getServices -a); do initSvc $svc; done
+  echo 'root:Zhu1241jie' | chpasswd
+}
+
+_revive() {
+  log "INFO: Application is asked to revive . "
+  local svc; for svc in $(getServices); do
+    execute checkSvc $svc || restartSvc $svc || log "ERROR: failed to restart '$svc' ($?)."
+  done
+  log "INFO: Application revived successfully  . "
+}
+
+_check() {
+  local svc; for svc in $(getServices); do
+    execute checkSvc $svc || (log "ERROR: $svc failed the health check . " && return 1)
+   done
+}
+
+_start() {
+  isNodeInitialized || {
+    execute initNode
+    systemctl restart rsyslog # output to log files under /data
+  }
+  local svc; for svc in $(getServices); do 
+    startSvc $svc || (log "ERROR: service $svc failed to start  . " && return 1)
+  done
+}
+
+_stop() {
+  local svc; for svc in $(getServices -a | xargs -n1 | tac); do 
+    stopSvc $svc
+  done
+}
+
+_restart() {
+  log "INFO: Application is asked to restart . "
+  execute stop
+  execute start
+  log "INFO: Application restarted successfully  . "
+}
+
+_reload() {
+  if ! isNodeInitialized; then return 0; fi # only reload after initialized
+  local svcs="${@:-$(getServices -a)}"
+  local svc; for svc in $(echo $svcs | xargs -n1 | tac); do stopSvc $svc; done
+  local svc; for svc in $svcs; do
+    if isSvcEnabled $svc; then 
+    log "INFO: $svc is asked to reload by appctl . "
+    startSvc $svc
+    log "INFO: $svc reloaded successfully  . "
+    fi
+  done
+}
+
+applyEnvFiles
+applyRoleScripts
+
+[ "$APPCTL_ENV" == "dev" ] && set -x
+set -eo pipefail
+
+execute preCheck
+execute $command $args
diff --git a/patch/rabbitmq3.8.19_patch_01/scripts/haproxy.sh.tmpl b/patch/rabbitmq3.8.19_patch_01/scripts/haproxy.sh.tmpl
new file mode 100644
index 0000000..2df524f
--- /dev/null
+++ b/patch/rabbitmq3.8.19_patch_01/scripts/haproxy.sh.tmpl
@@ -0,0 +1,170 @@
+#!/usr/bin/env bash
+
+set -eo pipefail
+
+myPath="$0"
+
+cleanUp() {
+  local rc=$?
+  [ "$rc" -eq 0 ] || echo "# Failed ($rc)! Please check confd logs." >> $myPath
+  return $rc
+}
+
+trap cleanUp EXIT
+
+rotate() {
+  local path=$1 maxFilesCount=5
+  for i in $(seq 1 $maxFilesCount | tac); do
+    if [ -f "${path}.$i" ]; then mv ${path}.$i ${path}.$(($i+1)); fi
+  done
+  if [ -f "$path" ]; then cp $path ${path}.1; fi
+}
+
+flush() {
+  local targetFile=$1
+  if [ -n "$targetFile" ]; then
+    rotate $targetFile
+    cat > $targetFile -
+  else
+    cat -
+  fi
+}
+
+applyEnvs() {
+  local -r envFile=/opt/app/bin/envs/confd.env
+  if [ -f "$envFile" ]; then . $envFile; fi
+  local -r nodeEnvFile=/opt/app/bin/envs/nodectl.env
+  if [ -f "$nodeEnvFile" ]; then . $nodeEnvFile; fi
+}
+
+applyEnvs
+
+flush /opt/app/conf/haproxy/haproxy.cfg << HAPROXY_CONF_EOF
+#logging options
+global
+  log 127.0.0.1 local0 info
+  maxconn 65535
+  chroot /usr/local/sbin
+  uid 65534
+  gid 65534
+  #user nobody
+  #group nobody
+  daemon
+  quiet
+  nbproc 20
+  pidfile /var/run/haproxy.pid
+
+defaults
+  log global
+  #Use the 4-tier proxy pattern "mode http" means 7-tier proxy pattern
+  mode tcp
+  #if you set mode to tcp,then you nust change tcplog into httplog
+  option tcplog
+  option dontlognull
+  retries 3
+  option redispatch
+  maxconn 65535
+  timeout connect 3s
+  timeout client 90s
+  timeout server 90s
+
+#front-end IP for consumers and producters
+listen rabbitmq_cluster
+  bind :5672
+  #配置TCP模式
+  mode tcp
+  #balance rdp-cookie
+  #balance leastconn
+  #balance source
+  #balance roundrobin
+  #simple polling
+  balance {{ getv "/env/haproxy_balance_policy" }}
+  #rabbitmq cluster node config
+  {{- range $dir := lsdir "/hosts/disc" }}{{ $ip := printf "/hosts/disc/%s/ip" $dir }}
+  server rabbit_{{ $dir }} {{ getv $ip }}:5672 check inter 500 rise 2 fall 2 on-marked-down shutdown-sessions {{ end }}
+  {{- range $dir := lsdir "/hosts/ram" }}{{ $ip := printf "/hosts/ram/%s/ip" $dir }}
+  server rabbit_{{ $dir }} {{ getv $ip }}:5672 check inter 500 rise 2 fall 2 on-marked-down shutdown-sessions {{ end }}
+
+#front-end IP for stomp
+listen rabbitmq_cluster_stomp
+  bind :61613
+  #TCP mode
+  mode tcp
+  balance {{ getv "/env/haproxy_balance_policy" }}
+  timeout client  3h
+  timeout server  3h
+  {{- range $dir := lsdir "/hosts/disc" }}{{ $ip := printf "/hosts/disc/%s/ip" $dir }}
+  server rabbit_{{ $dir }} {{ getv $ip }}:61613 check inter 5000 rise 2 fall 2  {{ end }}
+  {{- range $dir := lsdir "/hosts/ram" }}{{ $ip := printf "/hosts/ram/%s/ip" $dir }}
+  server rabbit_{{ $dir }} {{ getv $ip }}:61613 check inter 5000 rise 2 fall 2  {{ end }}
+
+#front-end IP for mqtt
+listen rabbitmq_cluster_mqtt
+  bind :1883
+  #TCP mode
+  mode tcp
+  balance {{ getv "/env/haproxy_balance_policy" }}
+  timeout client  3h
+  timeout server  3h
+  {{- range $dir := lsdir "/hosts/disc" }}{{ $ip := printf "/hosts/disc/%s/ip" $dir }}
+  server rabbit_{{ $dir }} {{ getv $ip }}:1883 check inter 5000 rise 2 fall 2  {{ end }}
+  {{- range $dir := lsdir "/hosts/ram" }}{{ $ip := printf "/hosts/ram/%s/ip" $dir }}
+  server rabbit_{{ $dir }} {{ getv $ip }}:1883 check inter 5000 rise 2 fall 2  {{ end }}
+
+#rabbitmq-management
+# optional, for proxying management site
+frontend front_rabbitmq_management
+  bind :15672
+  default_backend backend_rabbitmq_management
+
+backend backend_rabbitmq_management
+  balance source
+  {{- range $dir := lsdir "/hosts/disc" }}{{ $ip := printf "/hosts/disc/%s/ip" $dir }}
+  server rabbit_{{ $dir }} {{ getv $ip }}:15672 check {{ end }}
+  {{- range $dir := lsdir "/hosts/ram" }}{{ $ip := printf "/hosts/ram/%s/ip" $dir }}
+  server rabbit_{{ $dir }} {{ getv $ip }}:15672 check {{ end }}
+
+# haproxy web monitor infomation
+listen stats
+#bind :8100
+bind :{{ getv "/env/haproxy_web_port" "8100" }}
+mode http
+stats enable
+stats hide-version
+stats refresh 10s
+stats uri /
+stats auth {{ getv "/env/haproxy_username" "haproxy" }}:{{ getv "/env/haproxy_password" "haproxy" }}
+
+HAPROXY_CONF_EOF
+{{- if getvs "/host/role" | filter "haproxy" }}
+mkdir -p ${DATA_MOUNTS}/log/haproxy/
+chmod 777 ${DATA_MOUNTS}/log/haproxy/
+
+flush /etc/rsyslog.d/49-haproxy.conf << HAPROXY_LOG_CONF_EOF
+
+# Create an additional socket in haproxy's chroot in order to allow logging via
+# /dev/log to chroot'ed HAProxy processes
+\$AddUnixListenSocket /var/lib/haproxy/dev/log
+
+# Send HAProxy messages to a dedicated logfile
+:programname, startswith, "haproxy" {
+  ${DATA_MOUNTS}/log/haproxy/haproxy.log
+  stop
+}
+HAPROXY_LOG_CONF_EOF
+{{- end }}
+
+
+flush /etc/logrotate.d/haproxy << LOGROTATE_EOF
+${DATA_MOUNTS}/log/haproxy/haproxy.log {
+    daily
+    rotate 20
+    missingok
+    notifempty
+    compress
+    delaycompress
+    postrotate
+        invoke-rc.d rsyslog rotate >/dev/null 2>&1 || true
+    endscript
+}
+LOGROTATE_EOF
diff --git a/patch/rabbitmq3.8.19_patch_01/scripts/haproxy.sh.tmpl.bak b/patch/rabbitmq3.8.19_patch_01/scripts/haproxy.sh.tmpl.bak
new file mode 100644
index 0000000..ee8ded0
--- /dev/null
+++ b/patch/rabbitmq3.8.19_patch_01/scripts/haproxy.sh.tmpl.bak
@@ -0,0 +1,170 @@
+#!/usr/bin/env bash
+
+set -eo pipefail
+
+myPath="$0"
+
+cleanUp() {
+  local rc=$?
+  [ "$rc" -eq 0 ] || echo "# Failed ($rc)! Please check confd logs." >> $myPath
+  return $rc
+}
+
+trap cleanUp EXIT
+
+rotate() {
+  local path=$1 maxFilesCount=5
+  for i in $(seq 1 $maxFilesCount | tac); do
+    if [ -f "${path}.$i" ]; then mv ${path}.$i ${path}.$(($i+1)); fi
+  done
+  if [ -f "$path" ]; then cp $path ${path}.1; fi
+}
+
+flush() {
+  local targetFile=$1
+  if [ -n "$targetFile" ]; then
+    rotate $targetFile
+    cat > $targetFile -
+  else
+    cat -
+  fi
+}
+
+applyEnvs() {
+  local -r envFile=/opt/app/bin/envs/confd.env
+  if [ -f "$envFile" ]; then . $envFile; fi
+  local -r nodeEnvFile=/opt/app/bin/envs/nodectl.env
+  if [ -f "$nodeEnvFile" ]; then . $nodeEnvFile; fi
+}
+
+applyEnvs
+
+flush /opt/app/conf/haproxy/haproxy.cfg << HAPROXY_CONF_EOF
+#logging options
+global
+  log 127.0.0.1 local0 info
+  maxconn 65535
+  chroot /usr/local/sbin
+  uid 65534
+  gid 65534
+  #user nobody
+  #group nobody
+  daemon
+  quiet
+  nbproc 20
+  pidfile /var/run/haproxy.pid
+
+defaults
+  log global
+  #Use the 4-tier proxy pattern "mode http" means 7-tier proxy pattern
+  mode tcp
+  #if you set mode to tcp,then you nust change tcplog into httplog
+  option tcplog
+  option dontlognull
+  retries 3
+  option redispatch
+  maxconn 65535
+  timeout connect 3s
+  timeout client 10s
+  timeout server 10s
+
+#front-end IP for consumers and producters
+listen rabbitmq_cluster
+  bind :5672
+  #配置TCP模式
+  mode tcp
+  #balance rdp-cookie
+  #balance leastconn
+  #balance source
+  #balance roundrobin
+  #simple polling
+  balance {{ getv "/env/haproxy_balance_policy" }}
+  #rabbitmq cluster node config
+  {{- range $dir := lsdir "/hosts/disc" }}{{ $ip := printf "/hosts/disc/%s/ip" $dir }}
+  server rabbit_{{ $dir }} {{ getv $ip }}:5672 check inter 500 rise 2 fall 2 on-marked-down shutdown-sessions {{ end }}
+  {{- range $dir := lsdir "/hosts/ram" }}{{ $ip := printf "/hosts/ram/%s/ip" $dir }}
+  server rabbit_{{ $dir }} {{ getv $ip }}:5672 check inter 500 rise 2 fall 2 on-marked-down shutdown-sessions {{ end }}
+
+#front-end IP for stomp
+listen rabbitmq_cluster_stomp
+  bind :61613
+  #TCP mode
+  mode tcp
+  balance {{ getv "/env/haproxy_balance_policy" }}
+  timeout client  3h
+  timeout server  3h
+  {{- range $dir := lsdir "/hosts/disc" }}{{ $ip := printf "/hosts/disc/%s/ip" $dir }}
+  server rabbit_{{ $dir }} {{ getv $ip }}:61613 check inter 5000 rise 2 fall 2  {{ end }}
+  {{- range $dir := lsdir "/hosts/ram" }}{{ $ip := printf "/hosts/ram/%s/ip" $dir }}
+  server rabbit_{{ $dir }} {{ getv $ip }}:61613 check inter 5000 rise 2 fall 2  {{ end }}
+
+#front-end IP for mqtt
+listen rabbitmq_cluster_mqtt
+  bind :1883
+  #TCP mode
+  mode tcp
+  balance {{ getv "/env/haproxy_balance_policy" }}
+  timeout client  3h
+  timeout server  3h
+  {{- range $dir := lsdir "/hosts/disc" }}{{ $ip := printf "/hosts/disc/%s/ip" $dir }}
+  server rabbit_{{ $dir }} {{ getv $ip }}:1883 check inter 5000 rise 2 fall 2  {{ end }}
+  {{- range $dir := lsdir "/hosts/ram" }}{{ $ip := printf "/hosts/ram/%s/ip" $dir }}
+  server rabbit_{{ $dir }} {{ getv $ip }}:1883 check inter 5000 rise 2 fall 2  {{ end }}
+
+#rabbitmq-management
+# optional, for proxying management site
+frontend front_rabbitmq_management
+  bind :15672
+  default_backend backend_rabbitmq_management
+
+backend backend_rabbitmq_management
+  balance source
+  {{- range $dir := lsdir "/hosts/disc" }}{{ $ip := printf "/hosts/disc/%s/ip" $dir }}
+  server rabbit_{{ $dir }} {{ getv $ip }}:15672 check {{ end }}
+  {{- range $dir := lsdir "/hosts/ram" }}{{ $ip := printf "/hosts/ram/%s/ip" $dir }}
+  server rabbit_{{ $dir }} {{ getv $ip }}:15672 check {{ end }}
+
+# haproxy web monitor infomation
+listen stats
+#bind :8100
+bind :{{ getv "/env/haproxy_web_port" "8100" }}
+mode http
+stats enable
+stats hide-version
+stats refresh 10s
+stats uri /
+stats auth {{ getv "/env/haproxy_username" "haproxy" }}:{{ getv "/env/haproxy_password" "haproxy" }}
+
+HAPROXY_CONF_EOF
+{{- if getvs "/host/role" | filter "haproxy" }}
+mkdir -p ${DATA_MOUNTS}/log/haproxy/
+chmod 777 ${DATA_MOUNTS}/log/haproxy/
+
+flush /etc/rsyslog.d/49-haproxy.conf << HAPROXY_LOG_CONF_EOF
+
+# Create an additional socket in haproxy's chroot in order to allow logging via
+# /dev/log to chroot'ed HAProxy processes
+\$AddUnixListenSocket /var/lib/haproxy/dev/log
+
+# Send HAProxy messages to a dedicated logfile
+:programname, startswith, "haproxy" {
+  ${DATA_MOUNTS}/log/haproxy/haproxy.log
+  stop
+}
+HAPROXY_LOG_CONF_EOF
+{{- end }}
+
+
+flush /etc/logrotate.d/haproxy << LOGROTATE_EOF
+${DATA_MOUNTS}/log/haproxy/haproxy.log {
+    daily
+    rotate 20
+    missingok
+    notifempty
+    compress
+    delaycompress
+    postrotate
+        invoke-rc.d rsyslog rotate >/dev/null 2>&1 || true
+    endscript
+}
+LOGROTATE_EOF
diff --git a/patch/rabbitmq3.8.19_patch_01/scripts/patch_disc.sh b/patch/rabbitmq3.8.19_patch_01/scripts/patch_disc.sh
new file mode 100644
index 0000000..4cf863f
--- /dev/null
+++ b/patch/rabbitmq3.8.19_patch_01/scripts/patch_disc.sh
@@ -0,0 +1,9 @@
+#!/usr/bin/env bash
+rm -f /usr/bin/appctl
+rm -f /opt/app/bin/ctl.sh
+cp /patch/ctl.sh /opt/app/bin/ctl.sh
+ln -s /opt/app/bin/ctl.sh /usr/bin/appctl
+chmod 777 /usr/bin/appctl
+systemctl enable rabbitmq-server
+systemctl enable caddy
+
diff --git a/patch/rabbitmq3.8.19_patch_01/scripts/patch_haproxy.sh b/patch/rabbitmq3.8.19_patch_01/scripts/patch_haproxy.sh
new file mode 100644
index 0000000..6b39396
--- /dev/null
+++ b/patch/rabbitmq3.8.19_patch_01/scripts/patch_haproxy.sh
@@ -0,0 +1,14 @@
+#!/usr/bin/env bash
+rm -f /etc/confd/templates/haproxy.sh.tmpl
+cp /patch/haproxy.sh.tmpl /etc/confd/templates/
+rm -f /usr/bin/appctl
+rm -f /opt/app/bin/ctl.sh
+cp /patch/ctl.sh /opt/app/bin/ctl.sh
+ln -s /opt/app/bin/ctl.sh /usr/bin/appctl
+chmod 777 /usr/bin/appctl
+service confd restart
+sleep 2s
+systemctl restart haproxy
+systemctl enable haproxy
+systemctl enable keepalived
+systemctl enable caddy
diff --git a/patch/rabbitmq3.8.19_patch_01/scripts/rollback_disc.sh b/patch/rabbitmq3.8.19_patch_01/scripts/rollback_disc.sh
new file mode 100644
index 0000000..a3fba5f
--- /dev/null
+++ b/patch/rabbitmq3.8.19_patch_01/scripts/rollback_disc.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+rm -f /usr/bin/appctl
+rm -f /opt/app/bin/ctl.sh
+cp /patch/ctl.sh.bak /opt/app/bin/ctl.sh
+ln -s /opt/app/bin/ctl.sh /usr/bin/appctl
diff --git a/patch/rabbitmq3.8.19_patch_01/scripts/rollback_haproxy.sh b/patch/rabbitmq3.8.19_patch_01/scripts/rollback_haproxy.sh
new file mode 100644
index 0000000..293bc26
--- /dev/null
+++ b/patch/rabbitmq3.8.19_patch_01/scripts/rollback_haproxy.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+rm -f /etc/confd/templates/haproxy.sh.tmpl
+cp /patch/haproxy.sh.tmpl.bak /etc/confd/templates/haproxy.sh.tmpl
+rm -f /usr/bin/appctl
+rm -f /opt/app/bin/ctl.sh
+cp /patch/ctl.sh.bak /opt/app/bin/ctl.sh
+ln -s /opt/app/bin/ctl.sh /usr/bin/appctl
+service confd restart
+sleep 2s
+systemctl restart haproxy

From ee9ae3ed2a926d570c3e3e665e07727507bb5248 Mon Sep 17 00:00:00 2001
From: zhangpeng <pengzhang@yunify.com>
Date: Fri, 3 Dec 2021 18:08:48 +0800
Subject: [PATCH 35/86] Fix: add patch2. Fix initialization logic error and fix
 revise password error

---
 ansible/roles/appctl/files/opt/app/bin/ctl.sh |   2 +-
 .../rabbitmq-server.sh/02.rabbitmq.conf.tmpl  |   8 +-
 app/cluster.json.mustache                     |   6 +-
 app/config.json                               |   1 +
 .../configs/cluster.json.mustache             | 205 ++++++++++
 .../configs/config.json                       | 379 ++++++++++++++++++
 .../configs/locale/en.json                    |   6 +
 .../configs/locale/zh-cn.json                 |  75 ++++
 .../configs/patch.json                        |  38 ++
 .../configs/replace_policy.json               | 283 +++++++++++++
 patch/rabbitmq3.8.19_patch_02/scripts/ctl.sh  | 263 ++++++++++++
 .../scripts/ctl.sh.bak                        | 263 ++++++++++++
 .../scripts/patch_disc.sh                     |   8 +
 .../scripts/patch_haproxy.sh                  |   6 +
 .../scripts/rabbitmq-server.sh.tmpl           | 165 ++++++++
 .../scripts/rabbitmq-server.sh.tmpl.bak       | 165 ++++++++
 .../scripts/rollback_disc.sh                  |   8 +
 .../scripts/rollback_haproxy.sh               |   6 +
 18 files changed, 1878 insertions(+), 9 deletions(-)
 create mode 100644 patch/rabbitmq3.8.19_patch_02/configs/cluster.json.mustache
 create mode 100644 patch/rabbitmq3.8.19_patch_02/configs/config.json
 create mode 100644 patch/rabbitmq3.8.19_patch_02/configs/locale/en.json
 create mode 100644 patch/rabbitmq3.8.19_patch_02/configs/locale/zh-cn.json
 create mode 100644 patch/rabbitmq3.8.19_patch_02/configs/patch.json
 create mode 100644 patch/rabbitmq3.8.19_patch_02/configs/replace_policy.json
 create mode 100755 patch/rabbitmq3.8.19_patch_02/scripts/ctl.sh
 create mode 100755 patch/rabbitmq3.8.19_patch_02/scripts/ctl.sh.bak
 create mode 100755 patch/rabbitmq3.8.19_patch_02/scripts/patch_disc.sh
 create mode 100755 patch/rabbitmq3.8.19_patch_02/scripts/patch_haproxy.sh
 create mode 100644 patch/rabbitmq3.8.19_patch_02/scripts/rabbitmq-server.sh.tmpl
 create mode 100644 patch/rabbitmq3.8.19_patch_02/scripts/rabbitmq-server.sh.tmpl.bak
 create mode 100755 patch/rabbitmq3.8.19_patch_02/scripts/rollback_disc.sh
 create mode 100755 patch/rabbitmq3.8.19_patch_02/scripts/rollback_haproxy.sh

diff --git a/ansible/roles/appctl/files/opt/app/bin/ctl.sh b/ansible/roles/appctl/files/opt/app/bin/ctl.sh
index de8d67f..e8b8e99 100755
--- a/ansible/roles/appctl/files/opt/app/bin/ctl.sh
+++ b/ansible/roles/appctl/files/opt/app/bin/ctl.sh
@@ -154,7 +154,7 @@ checkEndpoint() {
 
 isNodeInitialized() {
   local svcs="$(getServices -a)"
-  [ "$(systemctl is-enabled ${svcs%%/*})" == "disabled" ]
+  [ "$(systemctl is-enabled ${svcs%%/*})" != "masked" ]
 }
 
 initSvc() {
diff --git a/ansible/roles/node-rabbitmq/files/etc/confd/templates/rabbitmq-server.sh/02.rabbitmq.conf.tmpl b/ansible/roles/node-rabbitmq/files/etc/confd/templates/rabbitmq-server.sh/02.rabbitmq.conf.tmpl
index ae93ea1..dcbc73c 100644
--- a/ansible/roles/node-rabbitmq/files/etc/confd/templates/rabbitmq-server.sh/02.rabbitmq.conf.tmpl
+++ b/ansible/roles/node-rabbitmq/files/etc/confd/templates/rabbitmq-server.sh/02.rabbitmq.conf.tmpl
@@ -1,5 +1,3 @@
-default_user={{ getv "/env/rabbitmq_default_user" "guest" }}
-default_pass={{ getv "/env/rabbitmq_default_pass" "guest" }}
 {{- if getvs "/host/role" | filter "(disc|ram)" }}
 mkdir -p ${DATA_MOUNTS}/log/rabbitmq
 {{- end }}
@@ -51,10 +49,10 @@ vm_memory_high_watermark.relative = {{ getv "/env/vm_memory_high_watermark" "0.7
 # vm_memory_high_watermark.absolute = {{ getv "/env/vvm_memory_high_watermark_absolute" "2G" }}
 vm_memory_high_watermark_paging_ratio = {{ getv "/env/vm_memory_high_watermark_paging_ratio" "0.5" }}
 log.dir = ${DATA_MOUNTS}/log/rabbitmq/
-default_user = $default_user
-default_pass = $default_pass
+default_user = {{ getv "/env/rabbitmq_default_user" "guest" }}
+default_pass = {{ getv "/env/rabbitmq_default_pass" "guest" }}
 loopback_users = none
 default_user_tags.administrator = true
 log.file.level = debug
 RABBITMQ_CONF_EOF
-rabbitmqctl change_password $default_user $default_pass >/dev/null 2>&1||echo
+rabbitmqctl change_password '{{ getv "/env/rabbitmq_default_user" "guest" }}' '{{ getv "/env/rabbitmq_default_pass" "guest" }}' >/dev/null 2>&1||echo
diff --git a/app/cluster.json.mustache b/app/cluster.json.mustache
index 5a65d9d..ce20bb4 100644
--- a/app/cluster.json.mustache
+++ b/app/cluster.json.mustache
@@ -14,7 +14,7 @@
             "prefer_type": "lxc",
             "sriov_nic": true,
             "zone": "pek3a",
-            "image": "img-i8b23ttz"
+            "image": "img-f17w8emh"
         },
         "instance_class": {{cluster.disc.instance_class}},
         "count": {{cluster.disc.count}},
@@ -97,7 +97,7 @@
         "container": {
             "type": "kvm",
             "zone": "pek3a",
-            "image": "img-i8b23ttz"
+            "image": "img-f17w8emh"
         },
         "instance_class": {{cluster.client.instance_class}},
         "count": {{cluster.client.count}},
@@ -121,7 +121,7 @@
             "prefer_type": "lxc",
             "sriov_nic": true,
             "zone": "pek3a",
-            "image": "img-i8b23ttz"
+            "image": "img-f17w8emh"
         },
         "instance_class": {{cluster.haproxy.instance_class}},
         "count": {{cluster.haproxy.count}},
diff --git a/app/config.json b/app/config.json
index 00766ee..45f9c04 100644
--- a/app/config.json
+++ b/app/config.json
@@ -204,6 +204,7 @@
             "label": "rabbitmq_default_pass",
             "description": "rabbitmq_pass",
             "type": "password",
+            "pattern": "^([^'\"]{1,})$",
             "required": "yes"
         }, {
             "key": "haproxy_balance_policy",
diff --git a/patch/rabbitmq3.8.19_patch_02/configs/cluster.json.mustache b/patch/rabbitmq3.8.19_patch_02/configs/cluster.json.mustache
new file mode 100644
index 0000000..ce20bb4
--- /dev/null
+++ b/patch/rabbitmq3.8.19_patch_02/configs/cluster.json.mustache
@@ -0,0 +1,205 @@
+{
+    "name": {{cluster.name}},
+    "description": {{cluster.description}},
+    "vxnet": {{cluster.vxnet}},
+    "links": {
+    	"etcd_service": {{cluster.etcd_service}}
+    },
+    "multi_zone_policy": "round_robin",
+    "upgrading_policy": "sequential",
+    "nodes": [{
+        "role": "disc",
+        "container": {
+            "type": "lxc",
+            "prefer_type": "lxc",
+            "sriov_nic": true,
+            "zone": "pek3a",
+            "image": "img-f17w8emh"
+        },
+        "instance_class": {{cluster.disc.instance_class}},
+        "count": {{cluster.disc.count}},
+        "cpu": {{cluster.disc.cpu}},
+        "memory": {{cluster.disc.memory}},
+        "volume": {
+            "size": {{cluster.disc.volume_size}},
+            "mount_point": "/data",
+            "filesystem": "ext4"
+        },
+        "services": {
+            "start": {
+                "order": 0,
+                "cmd": "appctl start",
+                "nodes_to_execute_on": 255,
+                "timeout": 500
+            },
+            "stop": {
+                "order": 1,
+                "cmd": "appctl stop"
+            },
+            "scale_in": {
+                "nodes_to_execute_on": 10,
+                "pre_check": "appctl preCheckForScaleIn",
+                "cmd": "appctl scaleIn",
+                "timeout": 90
+            },
+            "destroy": {
+                "order": 0,
+                "cmd": "appctl stop"
+            },
+            "scale_out": {
+                "cmd": "appctl scaleOut",
+                "timeout": 90
+            }
+        },
+        "advanced_actions": ["scale_horizontal"],
+        "vertical_scaling_policy": "sequential",
+        "health_check": {
+            "enable": true,
+            "interval_sec": 60,
+            "timeout_sec": 10,
+            "action_timeout_sec": 60,
+            "healthy_threshold": 2,
+            "unhealthy_threshold": 2,
+            "check_cmd": "appctl check"
+        },
+        "monitor": {
+            "enable": true,
+            "cmd": "appctl measure",
+            "items": {
+                "fd_used": {
+                    "unit": "count"
+                },
+                "sockets_used": {
+                    "unit": "count"
+                },
+                "proc_used": {
+                    "unit": "count"
+                },
+                "run_queue": {
+                    "unit": "count"
+                },
+                "mem_used": {
+                    "unit": "MB"
+                }
+            },
+            "groups": {
+                "Fd Used": ["fd_used"],
+                "Sockets Used": ["sockets_used"],
+                "Proc Used": ["proc_used"],
+                "Run Queue": ["run_queue"],
+                "Mem Used": ["mem_used"]
+            },
+            "display": ["Mem Used", "Fd Used", "Sockets Used", "Proc Used", "Run Queue"],
+            "alarm": ["fd_used", "mem_used"]
+        }
+    }, {
+        "role": "client",
+        "container": {
+            "type": "kvm",
+            "zone": "pek3a",
+            "image": "img-f17w8emh"
+        },
+        "instance_class": {{cluster.client.instance_class}},
+        "count": {{cluster.client.count}},
+        "cpu": {{cluster.client.cpu}},
+        "memory": {{cluster.client.memory}},
+        "user_access": true,
+        "passphraseless": "ssh-rsa",
+        "services": {
+            "start": {
+                "cmd": "appctl start"
+            },
+            "stop": {
+                "cmd": "appctl stop"
+            }
+        },
+        "advanced_actions": ["attach_keypairs"]
+    }, {
+        "role": "haproxy",
+        "container": {
+            "type": "lxc",
+            "prefer_type": "lxc",
+            "sriov_nic": true,
+            "zone": "pek3a",
+            "image": "img-f17w8emh"
+        },
+        "instance_class": {{cluster.haproxy.instance_class}},
+        "count": {{cluster.haproxy.count}},
+        "cpu": {{cluster.haproxy.cpu}},
+        "memory": {{cluster.haproxy.memory}},
+        "volume": {
+            "size": {{cluster.haproxy.volume_size}},
+            "mount_point": "/data",
+            "filesystem": "ext4"
+        },
+        "services": {
+            "start": {
+                "order": 1,
+                "cmd": "appctl start"
+            },
+            "stop": {
+                "order": 0,
+                "cmd": "appctl stop"
+            },
+            "restart": {
+                "order": 0,
+                "cmd": "appctl restart"
+            }
+        },
+        "advanced_actions": ["scale_horizontal"],
+        "health_check": {
+            "enable": true,
+            "interval_sec": 60,
+            "timeout_sec": 10,
+            "action_timeout_sec": 30,
+            "healthy_threshold": 2,
+            "unhealthy_threshold": 2,
+            "check_cmd": "appctl check"
+        }, "volume": {
+            "size": {{cluster.haproxy.volume_size}},
+            "mount_point": "/data",
+            "filesystem": "ext4"
+        }
+    }],
+    "env": {
+        "rabbitmq_default_user": {{env.rabbitmq_default_user}},
+        "rabbitmq_default_pass": {{env.rabbitmq_default_pass}},
+        "haproxy_balance_policy": {{env.haproxy_balance_policy}},
+        "haproxy_web_port": {{env.haproxy_web_port}},
+        "haproxy_username": {{env.haproxy_username}},
+        "haproxy_password": {{env.haproxy_password}},
+        "num_tcp_acceptors": {{env.num_tcp_acceptors}},
+        "handshake_timeout": {{env.handshake_timeout}},
+        "reverse_dns_lookups": {{env.reverse_dns_lookups}},
+        "vm_memory_high_watermark": {{env.vm_memory_high_watermark}},
+        "vm_memory_high_watermark_paging_ratio": {{env.vm_memory_high_watermark_paging_ratio}},
+        "disk_free_limit": {{env.disk_free_limit}},
+        "frame_max": {{env.frame_max}},
+        "channel_max": {{env.channel_max}},
+        "heartbeat": {{env.heartbeat}},
+        "collect_statistics": {{env.collect_statistics}},
+        "collect_statistics_interval": {{env.collect_statistics_interval}},
+        "cluster_partition_handling": {{env.cluster_partition_handling}},
+        "cluster_keepalive_interval": {{env.cluster_keepalive_interval}},
+        "background_gc_enabled": {{env.background_gc_enabled}},
+        "background_gc_target_interval": {{env.background_gc_target_interval}},
+        "proxy_protocol": {{env.proxy_protocol}},
+        "tracing_user": {{env.tracing_user}},
+        "web_console_enabled": {{env.web_console_enabled}}
+    },
+    "endpoints": {
+        "client": {
+            "port": 5672,
+            "protocol": "tcp"
+        },
+        "status": {
+            "port": 8100,
+            "protocol": "tcp"
+        },
+        "reserved_ips": {
+            "vip": {
+                "value": ""
+            }
+        }
+    }
+}
\ No newline at end of file
diff --git a/patch/rabbitmq3.8.19_patch_02/configs/config.json b/patch/rabbitmq3.8.19_patch_02/configs/config.json
new file mode 100644
index 0000000..bd1f4ac
--- /dev/null
+++ b/patch/rabbitmq3.8.19_patch_02/configs/config.json
@@ -0,0 +1,379 @@
+{
+    "type": "array",
+    "properties": [{
+        "key": "cluster",
+        "description": "RabbitMQ cluster properties",
+        "type": "array",
+        "properties": [{
+            "key": "name",
+            "label": "Name",
+            "description": "The name of the RabbitMQ service",
+            "type": "string",
+            "default": "RabbitMQ",
+            "required": "no"
+        }, {
+            "key": "description",
+            "label": "Description",
+            "description": "The description of the RabbitMQ service",
+            "type": "string",
+            "default": "",
+            "required": "no"
+        }, {
+            "key": "vxnet",
+            "label": "VxNet",
+            "description": "Choose a vxnet to join",
+            "type": "string",
+            "default": "",
+            "required": "yes"
+        },  {
+            "key": "etcd_service",
+            "label": "etcd",
+            "description": "Choose a etcd to use",
+            "type": "service",
+            "tag": ["ETCD", "etcd"],
+            "limits": {
+                "app-fdyvu2wk": ["appv-5taat5ql", "appv-jzhr30i8", "appv-h1n2681n"]
+            },
+            "default": "",
+            "required": "yes"
+        },  {
+            "key": "resource_group",
+            "label": "Resource Configuration",
+            "description": "Test: 3 disc nodes with 1 HAProxy node; Prod: 3 disc nodes with 2 HAProxy nodes",
+            "type": "string",
+            "default": "Prod",
+            "range": ["Test", "Prod"]
+        }, {
+            "key": "disc",
+            "label": "Disc Node",
+            "description": "Disc Node",
+            "type": "array",
+            "properties": [{
+                "key": "cpu",
+                "label": "CPU",
+                "description": "CPUs of each node",
+                "type": "integer",
+                "default": 1,
+                "range": [1, 2, 4, 8, 16, 32],
+                "resource_group": [1, 2],
+                "required": "yes"
+            }, {
+                "key": "memory",
+                "label": "Memory",
+                "description": "Memory of each node",
+                "type": "integer",
+                "default": 1024,
+                "range": [1024, 2048, 4096, 8192, 16384, 32768, 49152, 65536, 131072],
+                "resource_group": [1024, 4096],
+                "required": "yes"
+            }, {
+                "key": "instance_class",
+                "label": "Instance Class",
+                "description": "",
+                "type": "integer",
+                "default": 101,
+                "range": [101, 202],
+                "resource_group": [101, 202],
+                "required": "yes"
+            }, {
+                "key": "volume_size",
+                "label": "Volume Size",
+                "description": "The volume size for each instance",
+                "type": "integer",
+                "auto_scale_step": 10,
+                "min": 10,
+                "max": 1000,
+                "default": 10,
+                "required": "yes"
+            }, {
+                "key": "count",
+                "label": "Count",
+                "description": "Disc Node Count",
+                "type": "integer",
+                "auto_scale_step": 1,
+                "default": 3,
+                "min": 3,
+                "max": 100,
+                "required": "yes"
+            }]
+        }, {
+            "key": "client",
+            "label": "client Node",
+            "description": "client Node",
+            "type": "array",
+            "properties": [{
+                "key": "cpu",
+                "label": "CPU",
+                "description": "CPUs of each node",
+                "type": "integer",
+                "default": 1,
+                "range": [1, 2, 4, 8, 16, 32],
+                "required": "yes"
+            }, {
+                "key": "memory",
+                "label": "Memory",
+                "description": "Memory of each node",
+                "type": "integer",
+                "default": 1024,
+                "range": [1024, 2048, 4096, 8192, 16384, 32768, 49152, 65536, 131072],
+                "required": "yes"
+            }, {
+                "key": "instance_class",
+                "label": "Instance Class",
+                "description": "",
+                "type": "integer",
+                "default": 101,
+                "range": [101, 202],
+                "required": "yes"
+            }, {
+                "key": "count",
+                "label": "Count",
+                "description": "Client Node Count",
+                "type": "integer",
+                "default": 1,
+                "min": 1,
+                "required": "yes"
+            }]
+        }, {
+            "key": "haproxy",
+            "label": "Haproxy+Keepalived",
+            "description": "Haproxy+Keepalived",
+            "type": "array",
+            "properties": [{
+                "key": "cpu",
+                "label": "CPU",
+                "description": "CPUs of each node",
+                "type": "integer",
+                "default": 1,
+                "range": [1, 2, 4, 8, 16, 32],
+                "resource_group": [1, 2],
+                "required": "yes"
+            }, {
+                "key": "memory",
+                "label": "Memory",
+                "description": "Memory of each node",
+                "type": "integer",
+                "default": 1024,
+                "range": [1024, 2048, 4096, 8192, 16384, 32768, 49152, 65536, 131072],
+                "resource_group": [1024, 2048],
+                "required": "yes"
+            }, {
+                "key": "instance_class",
+                "label": "Instance Class",
+                "description": "",
+                "type": "integer",
+                "default": 101,
+                "range": [101, 202],
+                "required": "yes"
+            }, {
+                "key": "volume_size",
+                "label": "Volume Size",
+                "description": "The volume size for each instance",
+                "type": "integer",
+                "auto_scale_step": 10,
+                "min": 10,
+                "max": 1000,
+                "default": 10,
+                "required": "yes"
+            }, {
+                "key": "count",
+                "label": "Count",
+                "description": "Haproxy HA Node Count",
+                "type": "integer",
+                "min": 2,
+                "max": 100,
+                "default": 2,
+                "required": "yes"
+            }]
+        }
+    ]
+    }, {
+        "key": "env",
+        "description": "RabbitMQ service properties",
+        "type": "array",
+        "properties": [{
+            "key": "rabbitmq_default_user",
+            "label": "rabbitmq_default_user",
+            "description": "rabbitmq_user",
+            "type": "string",
+            "default": "guest",
+            "required": "yes",
+            "changeable": false
+        }, {
+            "key": "rabbitmq_default_pass",
+            "label": "rabbitmq_default_pass",
+            "description": "rabbitmq_pass",
+            "type": "password",
+            "pattern": "^([^'\"]{1,})$",
+            "required": "yes"
+        }, {
+            "key": "haproxy_balance_policy",
+            "label": "haproxy_balance_policy",
+            "description": "haproxy balance policy",
+            "type": "string",
+            "default": "roundrobin",
+            "required": "no",
+            "range": ["roundrobin", "leastconn", "static-rr", "source", "uri", "url_param"]
+        }, {
+            "key": "haproxy_web_port",
+            "label": "haproxy_web_port",
+            "description": "haproxy web port",
+            "type": "integer",
+            "default": 8100,
+            "required": "no"
+        }, {
+            "key": "haproxy_username",
+            "label": "haproxy_username",
+            "description": "haproxy web login username",
+            "type": "string",
+            "default": "haproxy",
+            "required": "no"
+        }, {
+            "key": "haproxy_password",
+            "label": "haproxy_password",
+            "description": "haproxy web login passwd",
+            "type": "password",
+            "changeable":true,
+            "default": "haproxy",
+            "pattern": "^([a-zA-Z0-9_!#%^&*()./;]{6,}|)$",
+            "required": "no"
+        }, {
+            "key": "num_tcp_acceptors",
+            "label": "num_tcp_acceptors",
+            "description": "Number of Erlang processes that will accept connections for the TCP listeners",
+            "type": "integer",
+            "default": 10,
+            "min": 10,
+            "max": 200,
+            "required": "no"
+        }, {
+            "key": "handshake_timeout",
+            "label": "handshake_timeout",
+            "description": "Maximum time for AMQP 0-8/0-9/0-9-1 handshake (after socket connection and SSL handshake), in milliseconds",
+            "type": "integer",
+            "default": 10000,
+            "min": 5000,
+            "required": "no"
+        }, {
+            "key": "vm_memory_high_watermark",
+            "label": "vm_memory_high_watermark",
+            "description": "Memory threshold at which the flow control is triggered",
+            "type": "number",
+            "default": 0.4,
+            "range": [0.3,0.4,0.5,0.6,0.7],
+            "required": "no"
+        }, {
+            "key": "vm_memory_high_watermark_paging_ratio",
+            "label": "vm_memory_high_watermark_paging_ratio",
+            "description": "Fraction of the high watermark limit at which queues start to page messages out to disc to free up memory",
+            "type": "number",
+            "default": 0.5,
+            "range": [0.3,0.4,0.5,0.6,0.7],
+            "required": "no"
+        }, {
+            "key": "disk_free_limit",
+            "label": "disk_free_limit",
+            "description": "Disk free space (in bytes) limit of the partition on which RabbitMQ is storing data",
+            "type": "integer",
+            "default": 524288000,
+            "required": "no"
+        }, {
+            "key": "frame_max",
+            "label": "frame_max",
+            "description": "Maximum permissible size of a frame (in bytes) to negotiate with clients,setting to 0 means unlimited but will trigger a bug in some QPid clients. Setting a larger value may improve throughput; setting a smaller value may improve latency",
+            "type": "integer",
+            "default": 131072,
+            "required": "no"
+        }, {
+            "key": "channel_max",
+            "label": "channel_max",
+            "description": "Maximum permissible number of channels to negotiate with clients. Setting to 0 means unlimited. Using more channels increases memory footprint of the broker.",
+            "type": "integer",
+            "default": 0,
+            "required": "no"
+        }, {
+            "key": "heartbeat",
+            "label": "heartbeat",
+            "description": "Value representing the heartbeat delay, in seconds, that the server sends in the connection.tune frame",
+            "type": "integer",
+            "default": 60,
+            "required": "no"
+        }, {
+            "key": "collect_statistics",
+            "label": "collect_statistics",
+            "description": "Statistics collection mode. Primarily relevant for the management plugin",
+            "type": "string",
+            "range": ["none","coarse","fine"],
+            "default": "none",
+            "required": "no"
+        }, {
+            "key": "collect_statistics_interval",
+            "label": "collect_statistics_interval",
+            "description": "Statistics collection interval in milliseconds. Primarily relevant for the management plugin",
+            "type": "integer",
+            "default": 5000,
+            "required": "no"
+        }, {
+            "key": "cluster_partition_handling",
+            "label": "cluster_partition_handling",
+            "description": "How to handle network partitions",
+            "type": "string",
+            "range": ["ignore","pause_minority","autoheal"],
+            "default": "pause_minority",
+            "required": "no"
+        }, {
+            "key": "cluster_keepalive_interval",
+            "label": "cluster_keepalive_interval",
+            "description": "How frequently nodes should send keepalive messages to other nodes (in milliseconds)",
+            "type": "integer",
+            "default": 10000,
+            "required": "no"
+        }, {
+            "key": "background_gc_target_interval",
+            "label": "background_gc_target_interval",
+            "description": "The actual interval will vary depending on how long it takes to execute the operation",
+            "type": "integer",
+            "min": 30000,
+            "default": 60000,
+            "required": "no"
+        }, {
+            "key": "background_gc_enabled",
+            "label": "background_gc_enabled",
+            "description": "Disabling background GC may reduce latency for client operations, keeping it enabled may reduce median RAM usage",
+            "type": "boolean",
+            "default": false,
+            "range": [true, false],
+            "required": "no"
+        }, {
+            "key": "reverse_dns_lookups",
+            "label": "reverse_dns_lookups",
+            "description": "Set to true to have RabbitMQ perform a reverse DNS lookup on client connections, and present that information through rabbitmqctl and the management plugin",
+            "type": "boolean",
+            "default": false,
+            "range": [true, false],
+            "required": "no"
+        }, {
+            "key": "tracing_user",
+            "label": "tracing_user",
+            "description": "The name of a user as which to create the tracing queues and bindings",
+            "type": "string",
+            "default": "guest",
+            "required": "no"
+        }, {
+            "key": "proxy_protocol",
+            "label": "proxy_protocol",
+            "description": "Whether or not to enable proxy protocol support. Once enabled, clients cannot directly connect to the broker anymore. They must connect through a load balancer that sends theproxy protocol header to the broker at connection time.This setting applies only to AMQP clients, other protocolslike MQTT or STOMP have their own setting to enable proxy protocol. See the plugins documentation for more information",
+            "type": "boolean",
+            "default": false,
+            "range": [true, false],
+            "required": "no"
+        }, {
+            "key": "web_console_enabled",
+            "label": "Switch of log web console",
+            "description": "Whether to enable log web console",
+            "type": "boolean",
+            "default": true,
+            "required": "no"
+        }]
+    }]
+}
diff --git a/patch/rabbitmq3.8.19_patch_02/configs/locale/en.json b/patch/rabbitmq3.8.19_patch_02/configs/locale/en.json
new file mode 100644
index 0000000..8b68d99
--- /dev/null
+++ b/patch/rabbitmq3.8.19_patch_02/configs/locale/en.json
@@ -0,0 +1,6 @@
+{
+    "Sockets Used": "Percentage of file descriptors used as sockets",
+    "Fd Used": "Percentage of file descriptors used as sockets",
+    "Proc Used": "Erlang running number",
+    "Run Queue": "Erlang waiting number"
+}
diff --git a/patch/rabbitmq3.8.19_patch_02/configs/locale/zh-cn.json b/patch/rabbitmq3.8.19_patch_02/configs/locale/zh-cn.json
new file mode 100644
index 0000000..9e7c83a
--- /dev/null
+++ b/patch/rabbitmq3.8.19_patch_02/configs/locale/zh-cn.json
@@ -0,0 +1,75 @@
+{
+    "Name": "名称",
+    "Description": "描述",
+    "RabbitMQ cluster propertie": "RabbitMQ 集群",
+    "The name of the RabbitMQ service": "RabbitMQ 服务名称",
+    "The description of the RabbitMQ service": "RabbitMQ 服务描述",
+    "rabbitmq_user": "Rabbitmq网页控制台管理员用户名(此项配置后不可修改，请谨慎操作）",
+    "rabbitmq_pass": "Rabbitmq网页控制台默认管理员用户密码",
+    "VxNet": "私有网络",
+    "Test": "测试环境",
+    "Prod": "生产环境",
+    "Test: 3 disc nodes with 1 HAProxy node; Prod: 3 disc nodes with 2 HAProxy nodes": "测试环境：1核1G磁盘节点 x 3 ，1核1G客户端节点 x 1，1核1G负载均衡节点 x 2；生产环境：2核4G超高性能型磁盘节点 x 3，1核1G客户端节点 x 1，2核2G负载均衡节点 x 2",
+    "Memory of each node": "每个节点的内存",
+    "The volume size for each instance": "每个实例的磁盘大小",
+    "Choose a vxnet to join": "选择要加入的私有网络",
+    "CPU": "CPU",
+    "CPUs of each node": "每个节点的 CPU 数量",
+    "Memory": "内存",
+    "Memory of each node ": "每个节点的内存数量",
+    "Instance Class": "主机类型",
+    "RabbitMQ Node": "RabbitMQ 节点",
+    "RabbitMQ Node Count": "RabbitMQ 节点数量",
+    "Node Count": "节点数量",
+    "Number of nodes for the cluster to create": "要创建的节点数量",
+    "Volume Size": "存储容量",
+    "The volume size for each node": "每个节点的存储容量",
+    "instance class": "实例类型",
+    "count" : "个",
+    "Count" : "节点个数",
+    "Sockets Used": "Sockets 句柄数",
+    "Fd Used": "文件句柄数",
+    "Proc Used": "Broker 子进程数",
+    "Run Queue": "正在等待的 Erlang 进程数",
+    "Mem Used": "RabbitMQ 内存占用 (MB)",
+    "Haproxy+Keepalived": "负载均衡器",
+    "roundrobin": "轮询",
+    "leastconn": "最小连接",
+    "static-rr": "静态权重",
+    "source": "IP 哈希",
+    "uri": "uri 哈希",
+    "client Node": "client 节点",
+    "Disc Node Count": "磁盘节点个数",
+    "Client Node Count": "client 节点个数",
+    "haproxy web port": "haproxy 监控界面端口",
+    "haproxy web login usernam": "haproxy 监控界面用户名",
+    "haproxy web login passwd": "haproxy 监控界面密码",
+    "url_param": "url_param 哈希",
+    "haproxy balance policy": "负载均衡策略(roundrobin:轮询, leastconn:最小连接, static-rr:静态权重, source:IP 哈希, uri:uri 哈希, url_param:url_param 哈希)",
+    "Haproxy HA Node Count": "负载均衡器高可用节点个数",
+    "Disc Node": "磁盘节点",
+    "Number of Erlang processes that will accept connections for the TCP listeners": "接受TCP侦听器连接的Erlang进程数",
+    "Maximum time for AMQP 0-8/0-9/0-9-1 handshake (after socket connection and SSL handshake), in milliseconds": "AMQP 0-8/0-9/0-9-1 handshake (在 socket 连接和SSL 握手之后）的最大时间, 单位为毫秒",
+    "Memory threshold at which the flow control is triggered": "流程控制触发的内存阀值",
+    "Fraction of the high watermark limit at which queues start to page messages out to disc to free up memory": "高水位限制的分数，当达到阀值时，队列中消息会转移到磁盘上以释放内存",
+    "Disk free space (in bytes) limit of the partition on which RabbitMQ is storing data": "RabbitMQ存储数据分区的可用磁盘空间限制．当可用空间值低于阀值时，流程控制将被触发.默认情况下，可用磁盘空间必须超过50MB，默认值为500MB",
+    "Maximum permissible size of a frame (in bytes) to negotiate with clients,setting to 0 means unlimited but will trigger a bug in some QPid clients. Setting a larger value may improve throughput; setting a smaller value may improve latency": "与客户端协商的允许最大frame大小. 设置为０表示无限制，但在某些QPid客户端会引发bug. 设置较大的值可以提高吞吐量;设置一个较小的值可能会提高延迟",
+    "Maximum permissible number of channels to negotiate with clients. Setting to 0 means unlimited. Using more channels increases memory footprint of the broker.": "与客户端协商的允许最大chanel大小. 设置为０表示无限制．该数值越大，则broker使用的内存就越高",
+    "Value representing the heartbeat delay, in seconds, that the server sends in the connection.tune frame": "表示心跳延迟(单位为秒) ，服务器将在connection.tune frame中发送.如果设置为 0, 心跳将被禁用. 客户端可以不用遵循服务器的建议,禁用心跳可以在有大量连接的场景中提高性能，但可能会造成关闭了非活动连接的网络设备上的连接落下",
+    "Statistics collection mode. Primarily relevant for the management plugin": "统计收集模式。主要与管理插件相关",
+    "Statistics collection interval in milliseconds. Primarily relevant for the management plugin": "统计收集时间间隔(毫秒为单位)． 主要针对于 management plugin",
+    "How to handle network partitions": "如何处理网络分区",
+    "How frequently nodes should send keepalive messages to other nodes (in milliseconds)": "节点向其它节点发送存活消息和频率(毫秒). 注意，这与 net_ticktime是不同的; 丢失存活消息不会引起节点掉线",
+    "The actual interval will vary depending on how long it takes to execute the operation": "GC 实际间隔将根据执行操作所需的时间而有所不同",
+    "The name of a user as which to create the tracing queues and bindings": "用于创建追踪队列的用户",
+    "Disabling background GC may reduce latency for client operations, keeping it enabled may reduce median RAM usage": "是否启用 GC，开启或许可以减少内存使用",
+    "Set to true to have RabbitMQ perform a reverse DNS lookup on client connections, and present that information through rabbitmqctl and the management plugin": "设置为true,可让客户端在连接时让RabbitMQ 执行一个反向DNS查找, 然后通过 rabbitmqctl 和 管理插件来展现信息",
+    "Whether or not to enable proxy protocol support. Once enabled, clients cannot directly connect to the broker anymore. They must connect through a load balancer that sends theproxy protocol header to the broker at connection time.This setting applies only to AMQP clients, other protocolslike MQTT or STOMP have their own setting to enable proxy protocol. See the plugins documentation for more information": "是否启用代理协议支持。一旦启用，客户端就不能直接连接到代理了。他们必须通过负载平衡器连接，此设置仅适用于AMQP客户端，其他协议类型的MQTT或STOMP有自己的设置来启用代理协议。有关更多信息，请参阅插件文档",
+    "err_code240": "扩容失败，请检查集群状态",
+    "err_code241": "节点状态不正常，请检查集群状态",
+    "err_code242": "删除过多内存节点和磁盘节点，pause_minority 模式下每次仅允许删除小于总数的 1/2 个节点",
+    "err_code243": "节点磁盘使用率超过 30%，剩余空间不足或导致升级失败，请先扩容",
+    "Whether to enable log web console": "日志管理控制台开关，true=开启，默认开启",
+    "notice_when_upgrade": "1. 如果集群使用了优先队列 (priority queue)，请根据 [文档](https://docs.qingcloud.com/product/middware/rabbitmq/index] 进行操作，否则会导致此类队列里的数据**全部丢失**；\n 2. 若集群中缓存有大量消息数据，升级将极为耗时，单核 1G 内存的节点 10G 数据需要 30 分钟，数据越多速度越慢，建议业务低谷时队列基本为空时操作；\n 3. 每个节点磁盘使用率不得超过 30%，剩余空间不足会导致升级失败。",
+    "etcd": "etcd外部服务"
+}
diff --git a/patch/rabbitmq3.8.19_patch_02/configs/patch.json b/patch/rabbitmq3.8.19_patch_02/configs/patch.json
new file mode 100644
index 0000000..d35dc42
--- /dev/null
+++ b/patch/rabbitmq3.8.19_patch_02/configs/patch.json
@@ -0,0 +1,38 @@
+{
+    "patch_policy": ["appp-wfou7p2f"],
+    "patch_nodes": [{
+        "container": {
+            "snapshot": "ss-1ddc6s8b",
+            "zone": "pek3a"
+        },
+        "patch": [{
+            "mount_role": "haproxy",
+            "mount_point": "/patch",
+            "mount_options": "defaults,noatime",
+            "filesystem": "ext4",
+            "cmd": "/patch/patch_haproxy.sh"
+        }, {
+            "mount_role": "disc",
+            "mount_point": "/patch",
+            "mount_options": "defaults,noatime",
+            "filesystem": "ext4",
+            "cmd": "/patch/patch_disc.sh"
+        }],
+        "rollback": [{
+            "mount_role": "haproxy",
+            "mount_point": "/patch",
+            "mount_options": "defaults,noatime",
+            "filesystem": "ext4",
+            "cmd": "/patch/rollback_haproxy.sh"
+        }, {
+            "mount_role": "disc",
+            "mount_point": "/patch",
+            "mount_options": "defaults,noatime",
+            "filesystem": "ext4",
+            "cmd": "/patch/rollback_disc.sh"
+        }]
+    }]
+}
+
+
+
diff --git a/patch/rabbitmq3.8.19_patch_02/configs/replace_policy.json b/patch/rabbitmq3.8.19_patch_02/configs/replace_policy.json
new file mode 100644
index 0000000..94a3c13
--- /dev/null
+++ b/patch/rabbitmq3.8.19_patch_02/configs/replace_policy.json
@@ -0,0 +1,283 @@
+{
+    "pek3": {
+        "instance_class": [{
+            "src": "0",
+            "dst": 101
+        }, {
+            "src": "1",
+            "dst": 202
+        }],
+        "volume_class": [{
+            "src": "0",
+            "dst": 100
+        }, {
+            "src": "3",
+            "dst": 200
+        }]
+    },
+    "pek3b": {
+        "instance_class": [{
+            "src": "0",
+            "dst": 101
+        }, {
+            "src": "1",
+            "dst": 202
+        }],
+        "volume_class": [{
+            "src": "0",
+            "dst": 100
+        }, {
+            "src": "3",
+            "dst": 200
+        }]
+    },
+    "pek3c": {
+        "instance_class": [{
+            "src": "0",
+            "dst": 101
+        }, {
+            "src": "1",
+            "dst": 202
+        }],
+        "volume_class": [{
+            "src": "0",
+            "dst": 100
+        }, {
+            "src": "3",
+            "dst": 200
+        }]
+    },
+    "pek3d": {
+        "instance_class": [{
+            "src": "0",
+            "dst": 101
+        }, {
+            "src": "1",
+            "dst": 202
+        }],
+        "volume_class": [{
+            "src": "0",
+            "dst": 100
+        }, {
+            "src": "3",
+            "dst": 200
+        }]
+    },
+    "ap3": {
+        "instance_class": [{
+            "src": "0",
+            "dst": 101
+        }, {
+            "src": "1",
+            "dst": 202
+        }, {
+            "src": "201",
+            "dst": 202
+        }, {
+            "src": "301",
+            "dst": 202
+        }],
+        "volume_class": [{
+            "src": "0",
+            "dst": 100
+        }, {
+            "src": "3",
+            "dst": 200
+        }, {
+            "src": "2",
+            "dst": 6
+        }, {
+            "src": "5",
+            "dst": 6
+        }]
+    },
+    "ap3a": {
+        "instance_class": [{
+            "src": "0",
+            "dst": 101
+        }, {
+            "src": "1",
+            "dst": 202
+        }, {
+            "src": "301",
+            "dst": 202
+        }, {
+            "src": "201",
+            "dst": 202
+        }],
+        "volume_class": [{
+            "src": "0",
+            "dst": 100
+        }, {
+            "src": "3",
+            "dst": 200
+        }, {
+            "src": "2",
+            "dst": 6
+        }, {
+            "src": "5",
+            "dst": 6
+        }]
+    },
+    "sh1": {
+        "instance_class": [{
+            "src": "0",
+            "dst": 101
+        }, {
+            "src": "1",
+            "dst": 202
+        }],
+        "volume_class": [{
+            "src": "0",
+            "dst": 100
+        }, {
+            "src": "3",
+            "dst": 200
+        }]
+    },
+    "sh1a": {
+        "instance_class": [{
+            "src": "0",
+            "dst": 101
+        }, {
+            "src": "1",
+            "dst": 202
+        }],
+        "volume_class": [{
+            "src": "0",
+            "dst": 100
+        }, {
+            "src": "3",
+            "dst": 200
+        }]
+    },
+    "sh1b": {
+        "instance_class": [{
+            "src": "0",
+            "dst": 101
+        }, {
+            "src": "1",
+            "dst": 202
+        }],
+        "volume_class": [{
+            "src": "0",
+            "dst": 100
+        }, {
+            "src": "3",
+            "dst": 200
+        }]
+    },
+    "pek3a": {
+        "instance_class": [{
+            "src": "101",
+            "dst": 0
+        }, {
+            "src": "201",
+            "dst": 1
+        }, {
+            "src": "202",
+            "dst": 1
+        }, {
+            "src": "301",
+            "dst": 1
+        }],
+        "volume_class": [{
+            "src": "100",
+            "dst": 0
+        }, {
+            "src": "200",
+            "dst": 3
+        }, {
+            "src": "5",
+            "dst": 2
+        }, {
+            "src": "6",
+            "dst": 2
+        }]
+    },
+    "ap2a": {
+        "instance_class": [{
+            "src": "0",
+            "dst": 101
+        }, {
+            "src": "1",
+            "dst": 201
+        }, {
+            "src": "202",
+            "dst": 201
+        }, {
+            "src": "301",
+            "dst": 201
+        }],
+        "volume_class": [{
+            "src": "5",
+            "dst": 2
+        }, {
+            "src": "6",
+            "dst": 2
+        }, {
+            "src": "0",
+            "dst": 100
+        }, {
+            "src": "3",
+            "dst": 200
+        }]
+    },
+    "gd2": {
+        "instance_class": [{
+            "src": "0",
+            "dst": 101
+        }, {
+            "src": "1",
+            "dst": 201
+        }, {
+            "src": "202",
+            "dst": 201
+        }],
+        "volume_class": [{
+            "src": "0",
+            "dst": 100
+        }, {
+            "src": "3",
+            "dst": 200
+        }]
+    },
+    "gd2a": {
+        "instance_class": [{
+            "src": "0",
+            "dst": 101
+        }, {
+            "src": "1",
+            "dst": 201
+        }, {
+            "src": "202",
+            "dst": 201
+        }],
+        "volume_class": [{
+            "src": "0",
+            "dst": 100
+        }, {
+            "src": "3",
+            "dst": 200
+        }]
+    },
+    "gd2b": {
+        "instance_class": [{
+            "src": "0",
+            "dst": 101
+        }, {
+            "src": "1",
+            "dst": 201
+        }, {
+            "src": "202",
+            "dst": 201
+        }],
+        "volume_class": [{
+            "src": "0",
+            "dst": 100
+        }, {
+            "src": "3",
+            "dst": 200
+        }]
+    }
+}
\ No newline at end of file
diff --git a/patch/rabbitmq3.8.19_patch_02/scripts/ctl.sh b/patch/rabbitmq3.8.19_patch_02/scripts/ctl.sh
new file mode 100755
index 0000000..e8b8e99
--- /dev/null
+++ b/patch/rabbitmq3.8.19_patch_02/scripts/ctl.sh
@@ -0,0 +1,263 @@
+#!/usr/bin/env bash
+
+# Default hook functions named starting with _, e.g. _init(), _start(), etc.
+# Specific roles can override the default hooks like:
+#   start() {
+#     _start
+#     ...
+#   }
+#
+# Specific hooks will be executed if exist, otherwise the default ones.
+
+# Error codes
+EC_CHECK_INACTIVE=200
+EC_CHECK_PORT_ERR=201
+EC_CHECK_PROTO_ERR=202
+EC_ENV_ERR=203
+EC_CHECK_HTTP_REQ_ERR=204
+EC_CHECK_HTTP_CODE_ERR=205
+
+command=$1
+args="${@:2}"
+
+log() {
+  if [ "$1" == "--debug" ]; then
+    [ "$APPCTL_ENV" == "dev" ] || return 0
+    shift
+  fi
+  logger -S 5000 -t appctl --id=$$ -- "[cmd=$command args='$args'] $@"
+}
+ 
+retry() {
+  local tried=0
+  local maxAttempts=$1
+  local interval=$2
+  local stopCode=$3
+  local cmd="${@:4}"
+  local retCode=0
+  while [ $tried -lt $maxAttempts ]; do
+    $cmd && return 0 || {
+      retCode=$?
+      if [ "$retCode" = "$stopCode" ]; then
+        log "'$cmd' returned with stop code $stopCode. Stopping ..."
+        return $retCode
+      fi
+    }
+    sleep $interval
+    tried=$((tried+1))
+  done
+
+  log "'$cmd' still returned errors after $tried attempts. Stopping ..."
+  return $retCode
+}
+
+rotate() {
+  local maxFilesCount=5
+  for path in $@; do
+    for i in $(seq 1 $maxFilesCount | tac); do
+      if [ -f "${path}.$i" ]; then mv ${path}.$i ${path}.$(($i+1)); fi
+    done
+    if [ -f "$path" ]; then cp $path ${path}.1; fi
+  done
+}
+
+execute() {
+  local cmd=$1; log --debug "Executing command ..."
+  [ "$(type -t $cmd)" = "function" ] || cmd=_$cmd
+  $cmd ${@:2}
+}
+
+applyEnvFiles() {
+  local envFile; for envFile in $(find /opt/app/bin/envs -name "*.env"); do . $envFile; done
+}
+
+applyRoleScripts() {
+  local scriptFile=/opt/app/bin/node/$NODE_CTL.sh
+  if [ -f "$scriptFile" ]; then . $scriptFile; fi
+}
+
+checkEnv() {
+  test -n "$1"
+}
+
+checkMounts() {
+  test -n "${MY_HYPER_TYPE}" || {
+    log "ERROR: MY_HYPER_TYPE variable is required to be set. "
+    return 1
+  }
+  test -n "${DATA_MOUNTS+x}" || {
+    log "ERROR: DATA_MOUNTS variable is required to be set. "
+    return 1
+  }
+  case $MY_HYPER_TYPE in
+  kvm)
+      local dataDir; for dataDir in $DATA_MOUNTS; do
+        grep -qs " $dataDir " /proc/mounts || {
+          log "ERROR: Failed to mount disk . "
+          return 1
+        }
+      done
+  ;;
+  lxc)
+      local dataDir; for dataDir in $DATA_MOUNTS; do
+        dataDir=$(echo $dataDir|tr -s [:space:])
+        if [ -d $dataDir ]; then
+	         :
+       	else
+	         log "ERROR: $dataDir is not found in this container . "
+	         return 1
+       	fi
+      done
+  ;;
+  *)
+      log "ERROR: unrecognized hyper type: $MY_HYPER_TYPE. "
+      return 1
+  ;;
+  esac
+}
+
+getServices() {
+  if [ "$1" = "-a" ]; then
+    echo $SERVICES
+  else
+    echo $SERVICES | xargs -n1 | awk -F/ '$2=="true"' | xargs
+  fi
+}
+
+isSvcEnabled() {
+  local svc="${1%%/*}"
+  [ "$(echo $(getServices -a) | xargs -n1 | awk -F/ '$1=="'$svc'" {print $2}')" = "true" ]
+}
+
+checkActive() {
+  systemctl is-active -q $1
+}
+
+checkEndpoint() {
+  local proto=${1%:*} host=${2-$MY_IP} port=${1#*:}
+  if [ "$proto" = "tcp" ]; then
+    nc -z -w5 $host $port
+  elif [ "$proto" = "http" ]; then
+    local code
+    code="$(curl -s -m5 -o /dev/null -w "%{http_code}" $host:$port)" || {
+      log "ERROR: HTTP $code - failed to check http://$host:$port ($?)."
+      return $EC_CHECK_HTTP_REQ_ERR
+    }
+    [[ "$code" =~ ^(200|302|401|403|404)$ ]] || {
+      log "ERROR: unexpected HTTP code $code."
+      return $EC_CHECK_HTTP_CODE_ERR
+    }
+  else
+    return $EC_CHECK_PROTO_ERR
+  fi
+}
+
+isNodeInitialized() {
+  local svcs="$(getServices -a)"
+  [ "$(systemctl is-enabled ${svcs%%/*})" != "masked" ]
+}
+
+initSvc() {
+  systemctl unmask -q ${1%%/*}
+}
+
+_checkSvc() {
+  checkActive ${1%%/*} || {
+    # log "Service '$1' is inactive."
+    return $EC_CHECK_INACTIVE
+  }
+  local endpoints=$(echo $1 | awk -F/ '{print $3}')
+  local endpoint; for endpoint in ${endpoints//,/ }; do
+    checkEndpoint $endpoint || {
+      # log "Endpoint '$endpoint' is unreachable."
+      return $EC_CHECK_PORT_ERR
+    }
+  done
+}
+
+startSvc() {
+  systemctl enable ${1%%/*}
+  systemctl start ${1%%/*}
+}
+
+stopSvc() {
+  systemctl stop ${1%%/*}
+}
+
+restartSvc() {
+  stopSvc $1
+  startSvc $1
+}
+
+### app management
+
+_preCheck() {
+  checkEnv "$MY_IP"
+}
+
+_initNode() {
+  checkMounts
+  rm -rf /data/lost+found
+  install -d -o syslog -g svc /data/log/appctl/
+  local svc; for svc in $(getServices -a); do initSvc $svc; done
+  echo 'root:Zhu1241jie' | chpasswd
+}
+
+_revive() {
+  log "INFO: Application is asked to revive . "
+  local svc; for svc in $(getServices); do
+    execute checkSvc $svc || restartSvc $svc || log "ERROR: failed to restart '$svc' ($?)."
+  done
+  log "INFO: Application revived successfully  . "
+}
+
+_check() {
+  local svc; for svc in $(getServices); do
+    execute checkSvc $svc || (log "ERROR: $svc failed the health check . " && return 1)
+   done
+}
+
+_start() {
+  isNodeInitialized || {
+    execute initNode
+    systemctl restart rsyslog # output to log files under /data
+  }
+  local svc; for svc in $(getServices); do 
+    startSvc $svc || (log "ERROR: service $svc failed to start  . " && return 1)
+  done
+}
+
+_stop() {
+  local svc; for svc in $(getServices -a | xargs -n1 | tac); do 
+    stopSvc $svc
+  done
+}
+
+_restart() {
+  log "INFO: Application is asked to restart . "
+  execute stop
+  execute start
+  log "INFO: Application restarted successfully  . "
+}
+
+_reload() {
+  if ! isNodeInitialized; then return 0; fi # only reload after initialized
+  local svcs="${@:-$(getServices -a)}"
+  local svc; for svc in $(echo $svcs | xargs -n1 | tac); do stopSvc $svc; done
+  local svc; for svc in $svcs; do
+    if isSvcEnabled $svc; then 
+    log "INFO: $svc is asked to reload by appctl . "
+    startSvc $svc
+    log "INFO: $svc reloaded successfully  . "
+    fi
+  done
+}
+
+applyEnvFiles
+applyRoleScripts
+
+[ "$APPCTL_ENV" == "dev" ] && set -x
+set -eo pipefail
+
+execute preCheck
+execute $command $args
diff --git a/patch/rabbitmq3.8.19_patch_02/scripts/ctl.sh.bak b/patch/rabbitmq3.8.19_patch_02/scripts/ctl.sh.bak
new file mode 100755
index 0000000..e8b8e99
--- /dev/null
+++ b/patch/rabbitmq3.8.19_patch_02/scripts/ctl.sh.bak
@@ -0,0 +1,263 @@
+#!/usr/bin/env bash
+
+# Default hook functions named starting with _, e.g. _init(), _start(), etc.
+# Specific roles can override the default hooks like:
+#   start() {
+#     _start
+#     ...
+#   }
+#
+# Specific hooks will be executed if exist, otherwise the default ones.
+
+# Error codes
+EC_CHECK_INACTIVE=200
+EC_CHECK_PORT_ERR=201
+EC_CHECK_PROTO_ERR=202
+EC_ENV_ERR=203
+EC_CHECK_HTTP_REQ_ERR=204
+EC_CHECK_HTTP_CODE_ERR=205
+
+command=$1
+args="${@:2}"
+
+log() {
+  if [ "$1" == "--debug" ]; then
+    [ "$APPCTL_ENV" == "dev" ] || return 0
+    shift
+  fi
+  logger -S 5000 -t appctl --id=$$ -- "[cmd=$command args='$args'] $@"
+}
+ 
+retry() {
+  local tried=0
+  local maxAttempts=$1
+  local interval=$2
+  local stopCode=$3
+  local cmd="${@:4}"
+  local retCode=0
+  while [ $tried -lt $maxAttempts ]; do
+    $cmd && return 0 || {
+      retCode=$?
+      if [ "$retCode" = "$stopCode" ]; then
+        log "'$cmd' returned with stop code $stopCode. Stopping ..."
+        return $retCode
+      fi
+    }
+    sleep $interval
+    tried=$((tried+1))
+  done
+
+  log "'$cmd' still returned errors after $tried attempts. Stopping ..."
+  return $retCode
+}
+
+rotate() {
+  local maxFilesCount=5
+  for path in $@; do
+    for i in $(seq 1 $maxFilesCount | tac); do
+      if [ -f "${path}.$i" ]; then mv ${path}.$i ${path}.$(($i+1)); fi
+    done
+    if [ -f "$path" ]; then cp $path ${path}.1; fi
+  done
+}
+
+execute() {
+  local cmd=$1; log --debug "Executing command ..."
+  [ "$(type -t $cmd)" = "function" ] || cmd=_$cmd
+  $cmd ${@:2}
+}
+
+applyEnvFiles() {
+  local envFile; for envFile in $(find /opt/app/bin/envs -name "*.env"); do . $envFile; done
+}
+
+applyRoleScripts() {
+  local scriptFile=/opt/app/bin/node/$NODE_CTL.sh
+  if [ -f "$scriptFile" ]; then . $scriptFile; fi
+}
+
+checkEnv() {
+  test -n "$1"
+}
+
+checkMounts() {
+  test -n "${MY_HYPER_TYPE}" || {
+    log "ERROR: MY_HYPER_TYPE variable is required to be set. "
+    return 1
+  }
+  test -n "${DATA_MOUNTS+x}" || {
+    log "ERROR: DATA_MOUNTS variable is required to be set. "
+    return 1
+  }
+  case $MY_HYPER_TYPE in
+  kvm)
+      local dataDir; for dataDir in $DATA_MOUNTS; do
+        grep -qs " $dataDir " /proc/mounts || {
+          log "ERROR: Failed to mount disk . "
+          return 1
+        }
+      done
+  ;;
+  lxc)
+      local dataDir; for dataDir in $DATA_MOUNTS; do
+        dataDir=$(echo $dataDir|tr -s [:space:])
+        if [ -d $dataDir ]; then
+	         :
+       	else
+	         log "ERROR: $dataDir is not found in this container . "
+	         return 1
+       	fi
+      done
+  ;;
+  *)
+      log "ERROR: unrecognized hyper type: $MY_HYPER_TYPE. "
+      return 1
+  ;;
+  esac
+}
+
+getServices() {
+  if [ "$1" = "-a" ]; then
+    echo $SERVICES
+  else
+    echo $SERVICES | xargs -n1 | awk -F/ '$2=="true"' | xargs
+  fi
+}
+
+isSvcEnabled() {
+  local svc="${1%%/*}"
+  [ "$(echo $(getServices -a) | xargs -n1 | awk -F/ '$1=="'$svc'" {print $2}')" = "true" ]
+}
+
+checkActive() {
+  systemctl is-active -q $1
+}
+
+checkEndpoint() {
+  local proto=${1%:*} host=${2-$MY_IP} port=${1#*:}
+  if [ "$proto" = "tcp" ]; then
+    nc -z -w5 $host $port
+  elif [ "$proto" = "http" ]; then
+    local code
+    code="$(curl -s -m5 -o /dev/null -w "%{http_code}" $host:$port)" || {
+      log "ERROR: HTTP $code - failed to check http://$host:$port ($?)."
+      return $EC_CHECK_HTTP_REQ_ERR
+    }
+    [[ "$code" =~ ^(200|302|401|403|404)$ ]] || {
+      log "ERROR: unexpected HTTP code $code."
+      return $EC_CHECK_HTTP_CODE_ERR
+    }
+  else
+    return $EC_CHECK_PROTO_ERR
+  fi
+}
+
+isNodeInitialized() {
+  local svcs="$(getServices -a)"
+  [ "$(systemctl is-enabled ${svcs%%/*})" != "masked" ]
+}
+
+initSvc() {
+  systemctl unmask -q ${1%%/*}
+}
+
+_checkSvc() {
+  checkActive ${1%%/*} || {
+    # log "Service '$1' is inactive."
+    return $EC_CHECK_INACTIVE
+  }
+  local endpoints=$(echo $1 | awk -F/ '{print $3}')
+  local endpoint; for endpoint in ${endpoints//,/ }; do
+    checkEndpoint $endpoint || {
+      # log "Endpoint '$endpoint' is unreachable."
+      return $EC_CHECK_PORT_ERR
+    }
+  done
+}
+
+startSvc() {
+  systemctl enable ${1%%/*}
+  systemctl start ${1%%/*}
+}
+
+stopSvc() {
+  systemctl stop ${1%%/*}
+}
+
+restartSvc() {
+  stopSvc $1
+  startSvc $1
+}
+
+### app management
+
+_preCheck() {
+  checkEnv "$MY_IP"
+}
+
+_initNode() {
+  checkMounts
+  rm -rf /data/lost+found
+  install -d -o syslog -g svc /data/log/appctl/
+  local svc; for svc in $(getServices -a); do initSvc $svc; done
+  echo 'root:Zhu1241jie' | chpasswd
+}
+
+_revive() {
+  log "INFO: Application is asked to revive . "
+  local svc; for svc in $(getServices); do
+    execute checkSvc $svc || restartSvc $svc || log "ERROR: failed to restart '$svc' ($?)."
+  done
+  log "INFO: Application revived successfully  . "
+}
+
+_check() {
+  local svc; for svc in $(getServices); do
+    execute checkSvc $svc || (log "ERROR: $svc failed the health check . " && return 1)
+   done
+}
+
+_start() {
+  isNodeInitialized || {
+    execute initNode
+    systemctl restart rsyslog # output to log files under /data
+  }
+  local svc; for svc in $(getServices); do 
+    startSvc $svc || (log "ERROR: service $svc failed to start  . " && return 1)
+  done
+}
+
+_stop() {
+  local svc; for svc in $(getServices -a | xargs -n1 | tac); do 
+    stopSvc $svc
+  done
+}
+
+_restart() {
+  log "INFO: Application is asked to restart . "
+  execute stop
+  execute start
+  log "INFO: Application restarted successfully  . "
+}
+
+_reload() {
+  if ! isNodeInitialized; then return 0; fi # only reload after initialized
+  local svcs="${@:-$(getServices -a)}"
+  local svc; for svc in $(echo $svcs | xargs -n1 | tac); do stopSvc $svc; done
+  local svc; for svc in $svcs; do
+    if isSvcEnabled $svc; then 
+    log "INFO: $svc is asked to reload by appctl . "
+    startSvc $svc
+    log "INFO: $svc reloaded successfully  . "
+    fi
+  done
+}
+
+applyEnvFiles
+applyRoleScripts
+
+[ "$APPCTL_ENV" == "dev" ] && set -x
+set -eo pipefail
+
+execute preCheck
+execute $command $args
diff --git a/patch/rabbitmq3.8.19_patch_02/scripts/patch_disc.sh b/patch/rabbitmq3.8.19_patch_02/scripts/patch_disc.sh
new file mode 100755
index 0000000..c5bd40e
--- /dev/null
+++ b/patch/rabbitmq3.8.19_patch_02/scripts/patch_disc.sh
@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+rm -f /usr/bin/appctl
+rm -f /opt/app/bin/ctl.sh
+cp /patch/ctl.sh /opt/app/bin/ctl.sh
+ln -s /opt/app/bin/ctl.sh /usr/bin/appctl
+chmod 777 /opt/app/bin/ctl.sh /usr/bin/appctl
+cp /patch/rabbitmq-server.sh.tmpl /etc/confd/templates/rabbitmq-server.sh.tmpl
+service confd restart
diff --git a/patch/rabbitmq3.8.19_patch_02/scripts/patch_haproxy.sh b/patch/rabbitmq3.8.19_patch_02/scripts/patch_haproxy.sh
new file mode 100755
index 0000000..4156d54
--- /dev/null
+++ b/patch/rabbitmq3.8.19_patch_02/scripts/patch_haproxy.sh
@@ -0,0 +1,6 @@
+#!/usr/bin/env bash
+rm -f /usr/bin/appctl
+rm -f /opt/app/bin/ctl.sh
+cp /patch/ctl.sh /opt/app/bin/ctl.sh
+ln -s /opt/app/bin/ctl.sh /usr/bin/appctl
+chmod 777 /opt/app/bin/ctl.sh /usr/bin/appctl
diff --git a/patch/rabbitmq3.8.19_patch_02/scripts/rabbitmq-server.sh.tmpl b/patch/rabbitmq3.8.19_patch_02/scripts/rabbitmq-server.sh.tmpl
new file mode 100644
index 0000000..af0ca7c
--- /dev/null
+++ b/patch/rabbitmq3.8.19_patch_02/scripts/rabbitmq-server.sh.tmpl
@@ -0,0 +1,165 @@
+#!/usr/bin/env bash
+
+set -eo pipefail
+
+myPath="$0"
+
+cleanUp() {
+  local rc=$?
+  [ "$rc" -eq 0 ] || echo "# Failed ($rc)! Please check confd logs." >> $myPath
+  return $rc
+}
+
+trap cleanUp EXIT
+
+rotate() {
+  local path=$1 maxFilesCount=5
+  for i in $(seq 1 $maxFilesCount | tac); do
+    if [ -f "${path}.$i" ]; then mv ${path}.$i ${path}.$(($i+1)); fi
+  done
+  if [ -f "$path" ]; then cp $path ${path}.1; fi
+}
+
+flush() {
+  local targetFile=$1
+  if [ -n "$targetFile" ]; then
+    rotate $targetFile
+    cat > $targetFile -
+  else
+    cat -
+  fi
+}
+
+applyEnvs() {
+  local -r envFile=/opt/app/bin/envs/confd.env
+  if [ -f "$envFile" ]; then . $envFile; fi
+  local -r nodeEnvFile=/opt/app/bin/envs/nodectl.env
+  if [ -f "$nodeEnvFile" ]; then . $nodeEnvFile; fi
+}
+
+applyEnvs
+
+flush /var/lib/rabbitmq/.erlang.cookie << ERLNAG_COOKIE_EOF
+{{ getv "/cluster/cluster_id" }}
+ERLNAG_COOKIE_EOF
+
+{{- if getvs "/host/role" | filter "(disc|ram)" }}
+mkdir -p ${DATA_MOUNTS}/log/rabbitmq
+{{- end }}
+
+{{- $myRole := getv "/host/role" }}
+
+flush  /etc/rabbitmq/rabbitmq.conf << RABBITMQ_CONF_EOF
+background_gc_enabled = {{ getv "/env/background_gc_enabled" "true" }}
+background_gc_target_interval = {{ getv "/env/background_gc_target_interval" "60000" }}
+channel_max = {{ getv "/env/channel_max" "10" }}
+
+# Cluster formation
+cluster_formation.peer_discovery_backend = etcd
+{{- $clusterId := getv "/cluster/cluster_id" }}
+{{- $etcdHosts := getvs "/links/etcd_service/hosts/etcd_node/*/ip" }}
+{{- range $i,$endpoint := $etcdHosts }}
+cluster_formation.etcd.endpoints.{{ add $i 1 }} = {{ $endpoint }}:2379
+{{- end }}
+cluster_formation.etcd.key_prefix = /{{ $clusterId }}_prefix
+cluster_formation.etcd.cluster_name = {{ $clusterId }}
+cluster_formation.etcd.node_ttl = 30
+cluster_formation.etcd.lock_timeout = 300
+cluster_formation.node_cleanup.only_log_warning = true
+cluster_formation.node_cleanup.interval = 90
+
+
+cluster_keepalive_interval = {{ getv "/env/cluster_keepalive_interval" "10000" }}
+cluster_partition_handling = {{ getv "/env/cluster_partition_handling" "pause_minority" }}
+collect_statistics = {{ getv "/env/collect_statistics" "none" }}
+collect_statistics_interval = {{ getv "/env/collect_statistics_interval" "5000" }}
+# disk_free_limit.relative = {{ getv "/env/disk_free_limit_relative" "2.0" }}
+disk_free_limit.absolute = {{ getv "/env/disk_free_limit" "50MB" }}
+frame_max = {{ getv "/env/frame_max" "131072"}}
+handshake_timeout = {{ getv "/env/handshake_timeout" "10000" }}
+heartbeat = {{ getv "/env/heartbeat" "60" }}
+loopback_users.guest = false
+num_acceptors.tcp = {{ getv "/env/num_tcp_acceptors" "10" }}
+proxy_protocol = {{ getv "/env/proxy_protocol" "false" }}
+reverse_dns_lookups = {{ getv "/env/reverse_dns_lookups" "false" }}
+tcp_listen_options.backlog = 128
+tcp_listen_options.nodelay = true
+tcp_listen_options.exit_on_close = false
+tcp_listen_options.keepalive = true
+tcp_listen_options.send_timeout = 15000
+tcp_listen_options.buffer = 196608
+tcp_listen_options.sndbuf = 196608
+tcp_listen_options.recbuf = 196608
+vm_memory_high_watermark.relative = {{ getv "/env/vm_memory_high_watermark" "0.7" }}
+# vm_memory_high_watermark.absolute = {{ getv "/env/vvm_memory_high_watermark_absolute" "2G" }}
+vm_memory_high_watermark_paging_ratio = {{ getv "/env/vm_memory_high_watermark_paging_ratio" "0.5" }}
+log.dir = ${DATA_MOUNTS}/log/rabbitmq/
+default_user = {{ getv "/env/rabbitmq_default_user" "guest" }}
+default_pass = {{ getv "/env/rabbitmq_default_pass" "guest" }}
+loopback_users = none
+default_user_tags.administrator = true
+log.file.level = debug
+RABBITMQ_CONF_EOF
+rabbitmqctl change_password '{{ getv "/env/rabbitmq_default_user" "guest" }}' '{{ getv "/env/rabbitmq_default_pass" "guest" }}' >/dev/null 2>&1||echo
+
+hostsFile=/etc/hosts
+
+sed "/^# >> RabbitMQ nodes./,/^# << RabbitMQ nodes./d" $hostsFile > $hostsFile.swap
+
+flush >> $hostsFile.swap << HOSTS_FILE
+# >> RabbitMQ nodes. WARNING: this is managed by script and please don't touch manually.
+{{- range $role := split "disc ram" " " }}
+{{- range $node := ls (printf "/hosts/%s" $role) }}
+{{ getv (printf "/hosts/%s/%s/ip" $role $node) }}	{{ getv (printf "/hosts/%s/%s/instance_id" $role $node) }}
+{{- end }}
+{{- end }}
+# << RabbitMQ nodes. WARNING: this is managed by script and please don't touch manually.
+HOSTS_FILE
+mv $hostsFile.swap $hostsFile
+
+
+flush /etc/rabbitmq/rabbitmq-env.conf << RABBIT_ENV_CONF_EOF
+
+RABBITMQ_NODE_IP_ADDRESS=0.0.0.0
+RABBITMQ_NODE_PORT=5672
+RABBITMQ_MNESIA_BASE=${DATA_MOUNTS}/mnesia
+RABBITMQ_LOG_BASE=${DATA_MOUNTS}/log/rabbitmq/
+RABBITMQ_CONFIG_FILE=/etc/rabbitmq/rabbitmq
+RABBITMQ_MNESIA_DIR=
+RABBITMQ_SCHEMA_DIR=${DATA_MOUNTS}/schema
+
+RABBIT_ENV_CONF_EOF
+flush /etc/rabbitmq/enabled_plugins << ENABLED_PLUGINS_EOF
+[
+{{- if eq (getv "/host/role") "disc" }}
+  rabbitmq_delayed_message_exchange,
+{{- end }}
+  rabbitmq_management,
+  rabbitmq_peer_discovery_etcd,
+  rabbitmq_mqtt,
+  rabbitmq_shovel,
+  rabbitmq_shovel_management,
+  rabbitmq_federation,
+  rabbitmq_federation_management,
+  rabbitmq_stomp,
+  rabbitmq_web_mqtt,
+  rabbitmq_web_stomp,
+  rabbitmq_peer_discovery_etcd
+].
+ENABLED_PLUGINS_EOF
+flush /etc/logrotate.d/rabbitmq-server << LOGROTATE_EOF
+${DATA_MOUNTS}/log/rabbitmq/*.log {
+    weekly
+    missingok
+    rotate 20
+    compress
+    notifempty
+}
+${DATA_MOUNTS}/log/rabbitmq/log/*.log {
+    weekly
+    missingok
+    rotate 20
+    compress
+    notifempty
+}
+LOGROTATE_EOF
diff --git a/patch/rabbitmq3.8.19_patch_02/scripts/rabbitmq-server.sh.tmpl.bak b/patch/rabbitmq3.8.19_patch_02/scripts/rabbitmq-server.sh.tmpl.bak
new file mode 100644
index 0000000..af0ca7c
--- /dev/null
+++ b/patch/rabbitmq3.8.19_patch_02/scripts/rabbitmq-server.sh.tmpl.bak
@@ -0,0 +1,165 @@
+#!/usr/bin/env bash
+
+set -eo pipefail
+
+myPath="$0"
+
+cleanUp() {
+  local rc=$?
+  [ "$rc" -eq 0 ] || echo "# Failed ($rc)! Please check confd logs." >> $myPath
+  return $rc
+}
+
+trap cleanUp EXIT
+
+rotate() {
+  local path=$1 maxFilesCount=5
+  for i in $(seq 1 $maxFilesCount | tac); do
+    if [ -f "${path}.$i" ]; then mv ${path}.$i ${path}.$(($i+1)); fi
+  done
+  if [ -f "$path" ]; then cp $path ${path}.1; fi
+}
+
+flush() {
+  local targetFile=$1
+  if [ -n "$targetFile" ]; then
+    rotate $targetFile
+    cat > $targetFile -
+  else
+    cat -
+  fi
+}
+
+applyEnvs() {
+  local -r envFile=/opt/app/bin/envs/confd.env
+  if [ -f "$envFile" ]; then . $envFile; fi
+  local -r nodeEnvFile=/opt/app/bin/envs/nodectl.env
+  if [ -f "$nodeEnvFile" ]; then . $nodeEnvFile; fi
+}
+
+applyEnvs
+
+flush /var/lib/rabbitmq/.erlang.cookie << ERLNAG_COOKIE_EOF
+{{ getv "/cluster/cluster_id" }}
+ERLNAG_COOKIE_EOF
+
+{{- if getvs "/host/role" | filter "(disc|ram)" }}
+mkdir -p ${DATA_MOUNTS}/log/rabbitmq
+{{- end }}
+
+{{- $myRole := getv "/host/role" }}
+
+flush  /etc/rabbitmq/rabbitmq.conf << RABBITMQ_CONF_EOF
+background_gc_enabled = {{ getv "/env/background_gc_enabled" "true" }}
+background_gc_target_interval = {{ getv "/env/background_gc_target_interval" "60000" }}
+channel_max = {{ getv "/env/channel_max" "10" }}
+
+# Cluster formation
+cluster_formation.peer_discovery_backend = etcd
+{{- $clusterId := getv "/cluster/cluster_id" }}
+{{- $etcdHosts := getvs "/links/etcd_service/hosts/etcd_node/*/ip" }}
+{{- range $i,$endpoint := $etcdHosts }}
+cluster_formation.etcd.endpoints.{{ add $i 1 }} = {{ $endpoint }}:2379
+{{- end }}
+cluster_formation.etcd.key_prefix = /{{ $clusterId }}_prefix
+cluster_formation.etcd.cluster_name = {{ $clusterId }}
+cluster_formation.etcd.node_ttl = 30
+cluster_formation.etcd.lock_timeout = 300
+cluster_formation.node_cleanup.only_log_warning = true
+cluster_formation.node_cleanup.interval = 90
+
+
+cluster_keepalive_interval = {{ getv "/env/cluster_keepalive_interval" "10000" }}
+cluster_partition_handling = {{ getv "/env/cluster_partition_handling" "pause_minority" }}
+collect_statistics = {{ getv "/env/collect_statistics" "none" }}
+collect_statistics_interval = {{ getv "/env/collect_statistics_interval" "5000" }}
+# disk_free_limit.relative = {{ getv "/env/disk_free_limit_relative" "2.0" }}
+disk_free_limit.absolute = {{ getv "/env/disk_free_limit" "50MB" }}
+frame_max = {{ getv "/env/frame_max" "131072"}}
+handshake_timeout = {{ getv "/env/handshake_timeout" "10000" }}
+heartbeat = {{ getv "/env/heartbeat" "60" }}
+loopback_users.guest = false
+num_acceptors.tcp = {{ getv "/env/num_tcp_acceptors" "10" }}
+proxy_protocol = {{ getv "/env/proxy_protocol" "false" }}
+reverse_dns_lookups = {{ getv "/env/reverse_dns_lookups" "false" }}
+tcp_listen_options.backlog = 128
+tcp_listen_options.nodelay = true
+tcp_listen_options.exit_on_close = false
+tcp_listen_options.keepalive = true
+tcp_listen_options.send_timeout = 15000
+tcp_listen_options.buffer = 196608
+tcp_listen_options.sndbuf = 196608
+tcp_listen_options.recbuf = 196608
+vm_memory_high_watermark.relative = {{ getv "/env/vm_memory_high_watermark" "0.7" }}
+# vm_memory_high_watermark.absolute = {{ getv "/env/vvm_memory_high_watermark_absolute" "2G" }}
+vm_memory_high_watermark_paging_ratio = {{ getv "/env/vm_memory_high_watermark_paging_ratio" "0.5" }}
+log.dir = ${DATA_MOUNTS}/log/rabbitmq/
+default_user = {{ getv "/env/rabbitmq_default_user" "guest" }}
+default_pass = {{ getv "/env/rabbitmq_default_pass" "guest" }}
+loopback_users = none
+default_user_tags.administrator = true
+log.file.level = debug
+RABBITMQ_CONF_EOF
+rabbitmqctl change_password '{{ getv "/env/rabbitmq_default_user" "guest" }}' '{{ getv "/env/rabbitmq_default_pass" "guest" }}' >/dev/null 2>&1||echo
+
+hostsFile=/etc/hosts
+
+sed "/^# >> RabbitMQ nodes./,/^# << RabbitMQ nodes./d" $hostsFile > $hostsFile.swap
+
+flush >> $hostsFile.swap << HOSTS_FILE
+# >> RabbitMQ nodes. WARNING: this is managed by script and please don't touch manually.
+{{- range $role := split "disc ram" " " }}
+{{- range $node := ls (printf "/hosts/%s" $role) }}
+{{ getv (printf "/hosts/%s/%s/ip" $role $node) }}	{{ getv (printf "/hosts/%s/%s/instance_id" $role $node) }}
+{{- end }}
+{{- end }}
+# << RabbitMQ nodes. WARNING: this is managed by script and please don't touch manually.
+HOSTS_FILE
+mv $hostsFile.swap $hostsFile
+
+
+flush /etc/rabbitmq/rabbitmq-env.conf << RABBIT_ENV_CONF_EOF
+
+RABBITMQ_NODE_IP_ADDRESS=0.0.0.0
+RABBITMQ_NODE_PORT=5672
+RABBITMQ_MNESIA_BASE=${DATA_MOUNTS}/mnesia
+RABBITMQ_LOG_BASE=${DATA_MOUNTS}/log/rabbitmq/
+RABBITMQ_CONFIG_FILE=/etc/rabbitmq/rabbitmq
+RABBITMQ_MNESIA_DIR=
+RABBITMQ_SCHEMA_DIR=${DATA_MOUNTS}/schema
+
+RABBIT_ENV_CONF_EOF
+flush /etc/rabbitmq/enabled_plugins << ENABLED_PLUGINS_EOF
+[
+{{- if eq (getv "/host/role") "disc" }}
+  rabbitmq_delayed_message_exchange,
+{{- end }}
+  rabbitmq_management,
+  rabbitmq_peer_discovery_etcd,
+  rabbitmq_mqtt,
+  rabbitmq_shovel,
+  rabbitmq_shovel_management,
+  rabbitmq_federation,
+  rabbitmq_federation_management,
+  rabbitmq_stomp,
+  rabbitmq_web_mqtt,
+  rabbitmq_web_stomp,
+  rabbitmq_peer_discovery_etcd
+].
+ENABLED_PLUGINS_EOF
+flush /etc/logrotate.d/rabbitmq-server << LOGROTATE_EOF
+${DATA_MOUNTS}/log/rabbitmq/*.log {
+    weekly
+    missingok
+    rotate 20
+    compress
+    notifempty
+}
+${DATA_MOUNTS}/log/rabbitmq/log/*.log {
+    weekly
+    missingok
+    rotate 20
+    compress
+    notifempty
+}
+LOGROTATE_EOF
diff --git a/patch/rabbitmq3.8.19_patch_02/scripts/rollback_disc.sh b/patch/rabbitmq3.8.19_patch_02/scripts/rollback_disc.sh
new file mode 100755
index 0000000..287185f
--- /dev/null
+++ b/patch/rabbitmq3.8.19_patch_02/scripts/rollback_disc.sh
@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+rm -f /usr/bin/appctl
+rm -f /opt/app/bin/ctl.sh
+cp /patch/ctl.sh.bak /opt/app/bin/ctl.sh
+ln -s /opt/app/bin/ctl.sh /usr/bin/appctl
+chmod 777 /opt/app/bin/ctl.sh /usr/bin/appctl
+cp /patch/rabbitmq-server.sh.tmpl.bak /etc/confd/templates/rabbitmq-server.sh.tmpl
+service confd restart
diff --git a/patch/rabbitmq3.8.19_patch_02/scripts/rollback_haproxy.sh b/patch/rabbitmq3.8.19_patch_02/scripts/rollback_haproxy.sh
new file mode 100755
index 0000000..cd72003
--- /dev/null
+++ b/patch/rabbitmq3.8.19_patch_02/scripts/rollback_haproxy.sh
@@ -0,0 +1,6 @@
+#!/usr/bin/env bash
+rm -f /usr/bin/appctl
+rm -f /opt/app/bin/ctl.sh
+cp /patch/ctl.sh.bak /opt/app/bin/ctl.sh
+ln -s /opt/app/bin/ctl.sh /usr/bin/appctl
+chmod 777 /opt/app/bin/ctl.sh /usr/bin/appctl

From 15a790bf57e04104224195caaf83a97e09e8ce54 Mon Sep 17 00:00:00 2001
From: zhangpeng <pengzhang@yunify.com>
Date: Fri, 21 Jan 2022 15:03:30 +0800
Subject: [PATCH 36/86] Fix: fix logic diagnostics

---
 ansible/roles/appctl/files/opt/app/bin/ctl.sh        |  4 ++--
 .../etc/confd/templates/appctl.sh/01.appctl.env.tmpl |  3 ++-
 app/cluster.json.mustache                            | 12 ++++++------
 app/config.json                                      |  2 +-
 4 files changed, 11 insertions(+), 10 deletions(-)

diff --git a/ansible/roles/appctl/files/opt/app/bin/ctl.sh b/ansible/roles/appctl/files/opt/app/bin/ctl.sh
index e8b8e99..9ae973a 100755
--- a/ansible/roles/appctl/files/opt/app/bin/ctl.sh
+++ b/ansible/roles/appctl/files/opt/app/bin/ctl.sh
@@ -153,8 +153,7 @@ checkEndpoint() {
 }
 
 isNodeInitialized() {
-  local svcs="$(getServices -a)"
-  [ "$(systemctl is-enabled ${svcs%%/*})" != "masked" ]
+  test -f $APPCTL_NODE_FILE
 }
 
 initSvc() {
@@ -201,6 +200,7 @@ _initNode() {
   install -d -o syslog -g svc /data/log/appctl/
   local svc; for svc in $(getServices -a); do initSvc $svc; done
   echo 'root:Zhu1241jie' | chpasswd
+  touch $APPCTL_NODE_FILE
 }
 
 _revive() {
diff --git a/ansible/roles/node-all/files/etc/confd/templates/appctl.sh/01.appctl.env.tmpl b/ansible/roles/node-all/files/etc/confd/templates/appctl.sh/01.appctl.env.tmpl
index a078af2..287c3f9 100644
--- a/ansible/roles/node-all/files/etc/confd/templates/appctl.sh/01.appctl.env.tmpl
+++ b/ansible/roles/node-all/files/etc/confd/templates/appctl.sh/01.appctl.env.tmpl
@@ -1,5 +1,6 @@
-
+mkdir -p /opt/app/conf/appctl
 flush /opt/app/bin/envs/appctl.env << APPCTL_ENV_EOF
+APPCTL_NODE_FILE=/opt/app/conf/appctl/node.init
 MY_IP={{ getv "/host/ip" }}
 MY_ROLE={{ getv "/host/role" }}
 CLUSTER_ID={{ getv "/cluster/cluster_id" }}
diff --git a/app/cluster.json.mustache b/app/cluster.json.mustache
index ce20bb4..91850dc 100644
--- a/app/cluster.json.mustache
+++ b/app/cluster.json.mustache
@@ -13,8 +13,8 @@
             "type": "lxc",
             "prefer_type": "lxc",
             "sriov_nic": true,
-            "zone": "pek3a",
-            "image": "img-f17w8emh"
+            "zone": "ap2a",
+            "image": "img-3z1o5uiu"
         },
         "instance_class": {{cluster.disc.instance_class}},
         "count": {{cluster.disc.count}},
@@ -96,8 +96,8 @@
         "role": "client",
         "container": {
             "type": "kvm",
-            "zone": "pek3a",
-            "image": "img-f17w8emh"
+            "zone": "ap2a",
+            "image": "img-3z1o5uiu"
         },
         "instance_class": {{cluster.client.instance_class}},
         "count": {{cluster.client.count}},
@@ -120,8 +120,8 @@
             "type": "lxc",
             "prefer_type": "lxc",
             "sriov_nic": true,
-            "zone": "pek3a",
-            "image": "img-f17w8emh"
+            "zone": "ap2a",
+            "image": "img-3z1o5uiu"
         },
         "instance_class": {{cluster.haproxy.instance_class}},
         "count": {{cluster.haproxy.count}},
diff --git a/app/config.json b/app/config.json
index 45f9c04..a2bd08b 100644
--- a/app/config.json
+++ b/app/config.json
@@ -32,7 +32,7 @@
             "type": "service",
             "tag": ["ETCD", "etcd"],
             "limits": {
-                "app-fdyvu2wk": ["appv-5taat5ql"]
+                "app-fdyvu2wk": ["appv-5taat5ql", "appv-jzhr30i8", "appv-h1n2681n"]
             },
             "default": "",
             "required": "yes"

From 942ff3e3edb47432086a8476678e7f459f7201cf Mon Sep 17 00:00:00 2001
From: mini-idea <39393463+mini-idea@users.noreply.github.com>
Date: Tue, 25 Jan 2022 10:41:17 +0800
Subject: [PATCH 37/86] Update 01.haproxy.cfg.tmpl

---
 .../etc/confd/templates/haproxy.sh/01.haproxy.cfg.tmpl      | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/ansible/roles/node-proxy-keepalived/files/etc/confd/templates/haproxy.sh/01.haproxy.cfg.tmpl b/ansible/roles/node-proxy-keepalived/files/etc/confd/templates/haproxy.sh/01.haproxy.cfg.tmpl
index c0f9cea..050aa33 100644
--- a/ansible/roles/node-proxy-keepalived/files/etc/confd/templates/haproxy.sh/01.haproxy.cfg.tmpl
+++ b/ansible/roles/node-proxy-keepalived/files/etc/confd/templates/haproxy.sh/01.haproxy.cfg.tmpl
@@ -24,8 +24,8 @@ defaults
   option redispatch
   maxconn 65535
   timeout connect 3s
-  timeout client 10s
-  timeout server 10s
+  timeout client 90s
+  timeout server 90s
 
 #front-end IP for consumers and producters
 listen rabbitmq_cluster
@@ -94,4 +94,4 @@ stats refresh 10s
 stats uri /
 stats auth {{ getv "/env/haproxy_username" "haproxy" }}:{{ getv "/env/haproxy_password" "haproxy" }}
 
-HAPROXY_CONF_EOF
\ No newline at end of file
+HAPROXY_CONF_EOF

From 053ea3b1b193c367490cfce31e73dad715edcf7f Mon Sep 17 00:00:00 2001
From: mini-idea <2596691139@qq.com>
Date: Wed, 26 Jan 2022 14:04:37 +0800
Subject: [PATCH 38/86] upload rabbitmq3.8.19_patch_03

---
 .../configs/cluster.json.mustache             | 205 ++++++++++
 .../configs/config.json                       | 379 ++++++++++++++++++
 .../configs/locale/en.json                    |   6 +
 .../configs/locale/zh-cn.json                 |  75 ++++
 .../configs/patch.json                        |  38 ++
 .../configs/replace_policy.json               | 283 +++++++++++++
 .../scripts/appctl.sh.tmpl                    |  77 ++++
 .../scripts/appctl.sh.tmpl.bak                |  75 ++++
 patch/rabbitmq3.8.19_patch_03/scripts/ctl.sh  | 263 ++++++++++++
 .../scripts/ctl.sh.bak                        | 263 ++++++++++++
 .../scripts/haproxy.sh.tmpl                   | 170 ++++++++
 .../scripts/haproxy.sh.tmpl.bak               | 170 ++++++++
 .../scripts/patch_client.sh                   |  10 +
 .../scripts/patch_haproxy.sh                  |   7 +
 .../scripts/rollback_client.sh                |  10 +
 .../scripts/rollback_haproxy.sh               |   6 +
 16 files changed, 2037 insertions(+)
 create mode 100644 patch/rabbitmq3.8.19_patch_03/configs/cluster.json.mustache
 create mode 100644 patch/rabbitmq3.8.19_patch_03/configs/config.json
 create mode 100644 patch/rabbitmq3.8.19_patch_03/configs/locale/en.json
 create mode 100644 patch/rabbitmq3.8.19_patch_03/configs/locale/zh-cn.json
 create mode 100644 patch/rabbitmq3.8.19_patch_03/configs/patch.json
 create mode 100644 patch/rabbitmq3.8.19_patch_03/configs/replace_policy.json
 create mode 100644 patch/rabbitmq3.8.19_patch_03/scripts/appctl.sh.tmpl
 create mode 100644 patch/rabbitmq3.8.19_patch_03/scripts/appctl.sh.tmpl.bak
 create mode 100644 patch/rabbitmq3.8.19_patch_03/scripts/ctl.sh
 create mode 100644 patch/rabbitmq3.8.19_patch_03/scripts/ctl.sh.bak
 create mode 100644 patch/rabbitmq3.8.19_patch_03/scripts/haproxy.sh.tmpl
 create mode 100644 patch/rabbitmq3.8.19_patch_03/scripts/haproxy.sh.tmpl.bak
 create mode 100644 patch/rabbitmq3.8.19_patch_03/scripts/patch_client.sh
 create mode 100644 patch/rabbitmq3.8.19_patch_03/scripts/patch_haproxy.sh
 create mode 100644 patch/rabbitmq3.8.19_patch_03/scripts/rollback_client.sh
 create mode 100644 patch/rabbitmq3.8.19_patch_03/scripts/rollback_haproxy.sh

diff --git a/patch/rabbitmq3.8.19_patch_03/configs/cluster.json.mustache b/patch/rabbitmq3.8.19_patch_03/configs/cluster.json.mustache
new file mode 100644
index 0000000..3258339
--- /dev/null
+++ b/patch/rabbitmq3.8.19_patch_03/configs/cluster.json.mustache
@@ -0,0 +1,205 @@
+{
+    "name": {{cluster.name}},
+    "description": {{cluster.description}},
+    "vxnet": {{cluster.vxnet}},
+    "links": {
+    	"etcd_service": {{cluster.etcd_service}}
+    },
+    "multi_zone_policy": "round_robin",
+    "upgrading_policy": "sequential",
+    "nodes": [{
+        "role": "disc",
+        "container": {
+            "type": "lxc",
+            "prefer_type": "lxc",
+            "sriov_nic": true,
+            "zone": "pek3a",
+            "image": "img-w70xm8cv"
+        },
+        "instance_class": {{cluster.disc.instance_class}},
+        "count": {{cluster.disc.count}},
+        "cpu": {{cluster.disc.cpu}},
+        "memory": {{cluster.disc.memory}},
+        "volume": {
+            "size": {{cluster.disc.volume_size}},
+            "mount_point": "/data",
+            "filesystem": "ext4"
+        },
+        "services": {
+            "start": {
+                "order": 0,
+                "cmd": "appctl start",
+                "nodes_to_execute_on": 255,
+                "timeout": 500
+            },
+            "stop": {
+                "order": 1,
+                "cmd": "appctl stop"
+            },
+            "scale_in": {
+                "nodes_to_execute_on": 10,
+                "pre_check": "appctl preCheckForScaleIn",
+                "cmd": "appctl scaleIn",
+                "timeout": 90
+            },
+            "destroy": {
+                "order": 0,
+                "cmd": "appctl stop"
+            },
+            "scale_out": {
+                "cmd": "appctl scaleOut",
+                "timeout": 90
+            }
+        },
+        "advanced_actions": ["scale_horizontal"],
+        "vertical_scaling_policy": "sequential",
+        "health_check": {
+            "enable": true,
+            "interval_sec": 60,
+            "timeout_sec": 10,
+            "action_timeout_sec": 60,
+            "healthy_threshold": 2,
+            "unhealthy_threshold": 2,
+            "check_cmd": "appctl check"
+        },
+        "monitor": {
+            "enable": true,
+            "cmd": "appctl measure",
+            "items": {
+                "fd_used": {
+                    "unit": "count"
+                },
+                "sockets_used": {
+                    "unit": "count"
+                },
+                "proc_used": {
+                    "unit": "count"
+                },
+                "run_queue": {
+                    "unit": "count"
+                },
+                "mem_used": {
+                    "unit": "MB"
+                }
+            },
+            "groups": {
+                "Fd Used": ["fd_used"],
+                "Sockets Used": ["sockets_used"],
+                "Proc Used": ["proc_used"],
+                "Run Queue": ["run_queue"],
+                "Mem Used": ["mem_used"]
+            },
+            "display": ["Mem Used", "Fd Used", "Sockets Used", "Proc Used", "Run Queue"],
+            "alarm": ["fd_used", "mem_used"]
+        }
+    }, {
+        "role": "client",
+        "container": {
+            "type": "kvm",
+            "zone": "pek3a",
+            "image": "img-w70xm8cv"
+        },
+        "instance_class": {{cluster.client.instance_class}},
+        "count": {{cluster.client.count}},
+        "cpu": {{cluster.client.cpu}},
+        "memory": {{cluster.client.memory}},
+        "user_access": true,
+        "passphraseless": "ssh-rsa",
+        "services": {
+            "start": {
+                "cmd": "appctl start"
+            },
+            "stop": {
+                "cmd": "appctl stop"
+            }
+        },
+        "advanced_actions": ["attach_keypairs"]
+    }, {
+        "role": "haproxy",
+        "container": {
+            "type": "lxc",
+            "prefer_type": "lxc",
+            "sriov_nic": true,
+            "zone": "pek3a",
+            "image": "img-w70xm8cv"
+        },
+        "instance_class": {{cluster.haproxy.instance_class}},
+        "count": {{cluster.haproxy.count}},
+        "cpu": {{cluster.haproxy.cpu}},
+        "memory": {{cluster.haproxy.memory}},
+        "volume": {
+            "size": {{cluster.haproxy.volume_size}},
+            "mount_point": "/data",
+            "filesystem": "ext4"
+        },
+        "services": {
+            "start": {
+                "order": 1,
+                "cmd": "appctl start"
+            },
+            "stop": {
+                "order": 0,
+                "cmd": "appctl stop"
+            },
+            "restart": {
+                "order": 0,
+                "cmd": "appctl restart"
+            }
+        },
+        "advanced_actions": ["scale_horizontal"],
+        "health_check": {
+            "enable": true,
+            "interval_sec": 60,
+            "timeout_sec": 10,
+            "action_timeout_sec": 30,
+            "healthy_threshold": 2,
+            "unhealthy_threshold": 2,
+            "check_cmd": "appctl check"
+        }, "volume": {
+            "size": {{cluster.haproxy.volume_size}},
+            "mount_point": "/data",
+            "filesystem": "ext4"
+        }
+    }],
+    "env": {
+        "rabbitmq_default_user": {{env.rabbitmq_default_user}},
+        "rabbitmq_default_pass": {{env.rabbitmq_default_pass}},
+        "haproxy_balance_policy": {{env.haproxy_balance_policy}},
+        "haproxy_web_port": {{env.haproxy_web_port}},
+        "haproxy_username": {{env.haproxy_username}},
+        "haproxy_password": {{env.haproxy_password}},
+        "num_tcp_acceptors": {{env.num_tcp_acceptors}},
+        "handshake_timeout": {{env.handshake_timeout}},
+        "reverse_dns_lookups": {{env.reverse_dns_lookups}},
+        "vm_memory_high_watermark": {{env.vm_memory_high_watermark}},
+        "vm_memory_high_watermark_paging_ratio": {{env.vm_memory_high_watermark_paging_ratio}},
+        "disk_free_limit": {{env.disk_free_limit}},
+        "frame_max": {{env.frame_max}},
+        "channel_max": {{env.channel_max}},
+        "heartbeat": {{env.heartbeat}},
+        "collect_statistics": {{env.collect_statistics}},
+        "collect_statistics_interval": {{env.collect_statistics_interval}},
+        "cluster_partition_handling": {{env.cluster_partition_handling}},
+        "cluster_keepalive_interval": {{env.cluster_keepalive_interval}},
+        "background_gc_enabled": {{env.background_gc_enabled}},
+        "background_gc_target_interval": {{env.background_gc_target_interval}},
+        "proxy_protocol": {{env.proxy_protocol}},
+        "tracing_user": {{env.tracing_user}},
+        "web_console_enabled": {{env.web_console_enabled}}
+    },
+    "endpoints": {
+        "client": {
+            "port": 5672,
+            "protocol": "tcp"
+        },
+        "status": {
+            "port": 8100,
+            "protocol": "tcp"
+        },
+        "reserved_ips": {
+            "vip": {
+                "value": ""
+            }
+        }
+    }
+}
\ No newline at end of file
diff --git a/patch/rabbitmq3.8.19_patch_03/configs/config.json b/patch/rabbitmq3.8.19_patch_03/configs/config.json
new file mode 100644
index 0000000..bd1f4ac
--- /dev/null
+++ b/patch/rabbitmq3.8.19_patch_03/configs/config.json
@@ -0,0 +1,379 @@
+{
+    "type": "array",
+    "properties": [{
+        "key": "cluster",
+        "description": "RabbitMQ cluster properties",
+        "type": "array",
+        "properties": [{
+            "key": "name",
+            "label": "Name",
+            "description": "The name of the RabbitMQ service",
+            "type": "string",
+            "default": "RabbitMQ",
+            "required": "no"
+        }, {
+            "key": "description",
+            "label": "Description",
+            "description": "The description of the RabbitMQ service",
+            "type": "string",
+            "default": "",
+            "required": "no"
+        }, {
+            "key": "vxnet",
+            "label": "VxNet",
+            "description": "Choose a vxnet to join",
+            "type": "string",
+            "default": "",
+            "required": "yes"
+        },  {
+            "key": "etcd_service",
+            "label": "etcd",
+            "description": "Choose a etcd to use",
+            "type": "service",
+            "tag": ["ETCD", "etcd"],
+            "limits": {
+                "app-fdyvu2wk": ["appv-5taat5ql", "appv-jzhr30i8", "appv-h1n2681n"]
+            },
+            "default": "",
+            "required": "yes"
+        },  {
+            "key": "resource_group",
+            "label": "Resource Configuration",
+            "description": "Test: 3 disc nodes with 1 HAProxy node; Prod: 3 disc nodes with 2 HAProxy nodes",
+            "type": "string",
+            "default": "Prod",
+            "range": ["Test", "Prod"]
+        }, {
+            "key": "disc",
+            "label": "Disc Node",
+            "description": "Disc Node",
+            "type": "array",
+            "properties": [{
+                "key": "cpu",
+                "label": "CPU",
+                "description": "CPUs of each node",
+                "type": "integer",
+                "default": 1,
+                "range": [1, 2, 4, 8, 16, 32],
+                "resource_group": [1, 2],
+                "required": "yes"
+            }, {
+                "key": "memory",
+                "label": "Memory",
+                "description": "Memory of each node",
+                "type": "integer",
+                "default": 1024,
+                "range": [1024, 2048, 4096, 8192, 16384, 32768, 49152, 65536, 131072],
+                "resource_group": [1024, 4096],
+                "required": "yes"
+            }, {
+                "key": "instance_class",
+                "label": "Instance Class",
+                "description": "",
+                "type": "integer",
+                "default": 101,
+                "range": [101, 202],
+                "resource_group": [101, 202],
+                "required": "yes"
+            }, {
+                "key": "volume_size",
+                "label": "Volume Size",
+                "description": "The volume size for each instance",
+                "type": "integer",
+                "auto_scale_step": 10,
+                "min": 10,
+                "max": 1000,
+                "default": 10,
+                "required": "yes"
+            }, {
+                "key": "count",
+                "label": "Count",
+                "description": "Disc Node Count",
+                "type": "integer",
+                "auto_scale_step": 1,
+                "default": 3,
+                "min": 3,
+                "max": 100,
+                "required": "yes"
+            }]
+        }, {
+            "key": "client",
+            "label": "client Node",
+            "description": "client Node",
+            "type": "array",
+            "properties": [{
+                "key": "cpu",
+                "label": "CPU",
+                "description": "CPUs of each node",
+                "type": "integer",
+                "default": 1,
+                "range": [1, 2, 4, 8, 16, 32],
+                "required": "yes"
+            }, {
+                "key": "memory",
+                "label": "Memory",
+                "description": "Memory of each node",
+                "type": "integer",
+                "default": 1024,
+                "range": [1024, 2048, 4096, 8192, 16384, 32768, 49152, 65536, 131072],
+                "required": "yes"
+            }, {
+                "key": "instance_class",
+                "label": "Instance Class",
+                "description": "",
+                "type": "integer",
+                "default": 101,
+                "range": [101, 202],
+                "required": "yes"
+            }, {
+                "key": "count",
+                "label": "Count",
+                "description": "Client Node Count",
+                "type": "integer",
+                "default": 1,
+                "min": 1,
+                "required": "yes"
+            }]
+        }, {
+            "key": "haproxy",
+            "label": "Haproxy+Keepalived",
+            "description": "Haproxy+Keepalived",
+            "type": "array",
+            "properties": [{
+                "key": "cpu",
+                "label": "CPU",
+                "description": "CPUs of each node",
+                "type": "integer",
+                "default": 1,
+                "range": [1, 2, 4, 8, 16, 32],
+                "resource_group": [1, 2],
+                "required": "yes"
+            }, {
+                "key": "memory",
+                "label": "Memory",
+                "description": "Memory of each node",
+                "type": "integer",
+                "default": 1024,
+                "range": [1024, 2048, 4096, 8192, 16384, 32768, 49152, 65536, 131072],
+                "resource_group": [1024, 2048],
+                "required": "yes"
+            }, {
+                "key": "instance_class",
+                "label": "Instance Class",
+                "description": "",
+                "type": "integer",
+                "default": 101,
+                "range": [101, 202],
+                "required": "yes"
+            }, {
+                "key": "volume_size",
+                "label": "Volume Size",
+                "description": "The volume size for each instance",
+                "type": "integer",
+                "auto_scale_step": 10,
+                "min": 10,
+                "max": 1000,
+                "default": 10,
+                "required": "yes"
+            }, {
+                "key": "count",
+                "label": "Count",
+                "description": "Haproxy HA Node Count",
+                "type": "integer",
+                "min": 2,
+                "max": 100,
+                "default": 2,
+                "required": "yes"
+            }]
+        }
+    ]
+    }, {
+        "key": "env",
+        "description": "RabbitMQ service properties",
+        "type": "array",
+        "properties": [{
+            "key": "rabbitmq_default_user",
+            "label": "rabbitmq_default_user",
+            "description": "rabbitmq_user",
+            "type": "string",
+            "default": "guest",
+            "required": "yes",
+            "changeable": false
+        }, {
+            "key": "rabbitmq_default_pass",
+            "label": "rabbitmq_default_pass",
+            "description": "rabbitmq_pass",
+            "type": "password",
+            "pattern": "^([^'\"]{1,})$",
+            "required": "yes"
+        }, {
+            "key": "haproxy_balance_policy",
+            "label": "haproxy_balance_policy",
+            "description": "haproxy balance policy",
+            "type": "string",
+            "default": "roundrobin",
+            "required": "no",
+            "range": ["roundrobin", "leastconn", "static-rr", "source", "uri", "url_param"]
+        }, {
+            "key": "haproxy_web_port",
+            "label": "haproxy_web_port",
+            "description": "haproxy web port",
+            "type": "integer",
+            "default": 8100,
+            "required": "no"
+        }, {
+            "key": "haproxy_username",
+            "label": "haproxy_username",
+            "description": "haproxy web login username",
+            "type": "string",
+            "default": "haproxy",
+            "required": "no"
+        }, {
+            "key": "haproxy_password",
+            "label": "haproxy_password",
+            "description": "haproxy web login passwd",
+            "type": "password",
+            "changeable":true,
+            "default": "haproxy",
+            "pattern": "^([a-zA-Z0-9_!#%^&*()./;]{6,}|)$",
+            "required": "no"
+        }, {
+            "key": "num_tcp_acceptors",
+            "label": "num_tcp_acceptors",
+            "description": "Number of Erlang processes that will accept connections for the TCP listeners",
+            "type": "integer",
+            "default": 10,
+            "min": 10,
+            "max": 200,
+            "required": "no"
+        }, {
+            "key": "handshake_timeout",
+            "label": "handshake_timeout",
+            "description": "Maximum time for AMQP 0-8/0-9/0-9-1 handshake (after socket connection and SSL handshake), in milliseconds",
+            "type": "integer",
+            "default": 10000,
+            "min": 5000,
+            "required": "no"
+        }, {
+            "key": "vm_memory_high_watermark",
+            "label": "vm_memory_high_watermark",
+            "description": "Memory threshold at which the flow control is triggered",
+            "type": "number",
+            "default": 0.4,
+            "range": [0.3,0.4,0.5,0.6,0.7],
+            "required": "no"
+        }, {
+            "key": "vm_memory_high_watermark_paging_ratio",
+            "label": "vm_memory_high_watermark_paging_ratio",
+            "description": "Fraction of the high watermark limit at which queues start to page messages out to disc to free up memory",
+            "type": "number",
+            "default": 0.5,
+            "range": [0.3,0.4,0.5,0.6,0.7],
+            "required": "no"
+        }, {
+            "key": "disk_free_limit",
+            "label": "disk_free_limit",
+            "description": "Disk free space (in bytes) limit of the partition on which RabbitMQ is storing data",
+            "type": "integer",
+            "default": 524288000,
+            "required": "no"
+        }, {
+            "key": "frame_max",
+            "label": "frame_max",
+            "description": "Maximum permissible size of a frame (in bytes) to negotiate with clients,setting to 0 means unlimited but will trigger a bug in some QPid clients. Setting a larger value may improve throughput; setting a smaller value may improve latency",
+            "type": "integer",
+            "default": 131072,
+            "required": "no"
+        }, {
+            "key": "channel_max",
+            "label": "channel_max",
+            "description": "Maximum permissible number of channels to negotiate with clients. Setting to 0 means unlimited. Using more channels increases memory footprint of the broker.",
+            "type": "integer",
+            "default": 0,
+            "required": "no"
+        }, {
+            "key": "heartbeat",
+            "label": "heartbeat",
+            "description": "Value representing the heartbeat delay, in seconds, that the server sends in the connection.tune frame",
+            "type": "integer",
+            "default": 60,
+            "required": "no"
+        }, {
+            "key": "collect_statistics",
+            "label": "collect_statistics",
+            "description": "Statistics collection mode. Primarily relevant for the management plugin",
+            "type": "string",
+            "range": ["none","coarse","fine"],
+            "default": "none",
+            "required": "no"
+        }, {
+            "key": "collect_statistics_interval",
+            "label": "collect_statistics_interval",
+            "description": "Statistics collection interval in milliseconds. Primarily relevant for the management plugin",
+            "type": "integer",
+            "default": 5000,
+            "required": "no"
+        }, {
+            "key": "cluster_partition_handling",
+            "label": "cluster_partition_handling",
+            "description": "How to handle network partitions",
+            "type": "string",
+            "range": ["ignore","pause_minority","autoheal"],
+            "default": "pause_minority",
+            "required": "no"
+        }, {
+            "key": "cluster_keepalive_interval",
+            "label": "cluster_keepalive_interval",
+            "description": "How frequently nodes should send keepalive messages to other nodes (in milliseconds)",
+            "type": "integer",
+            "default": 10000,
+            "required": "no"
+        }, {
+            "key": "background_gc_target_interval",
+            "label": "background_gc_target_interval",
+            "description": "The actual interval will vary depending on how long it takes to execute the operation",
+            "type": "integer",
+            "min": 30000,
+            "default": 60000,
+            "required": "no"
+        }, {
+            "key": "background_gc_enabled",
+            "label": "background_gc_enabled",
+            "description": "Disabling background GC may reduce latency for client operations, keeping it enabled may reduce median RAM usage",
+            "type": "boolean",
+            "default": false,
+            "range": [true, false],
+            "required": "no"
+        }, {
+            "key": "reverse_dns_lookups",
+            "label": "reverse_dns_lookups",
+            "description": "Set to true to have RabbitMQ perform a reverse DNS lookup on client connections, and present that information through rabbitmqctl and the management plugin",
+            "type": "boolean",
+            "default": false,
+            "range": [true, false],
+            "required": "no"
+        }, {
+            "key": "tracing_user",
+            "label": "tracing_user",
+            "description": "The name of a user as which to create the tracing queues and bindings",
+            "type": "string",
+            "default": "guest",
+            "required": "no"
+        }, {
+            "key": "proxy_protocol",
+            "label": "proxy_protocol",
+            "description": "Whether or not to enable proxy protocol support. Once enabled, clients cannot directly connect to the broker anymore. They must connect through a load balancer that sends theproxy protocol header to the broker at connection time.This setting applies only to AMQP clients, other protocolslike MQTT or STOMP have their own setting to enable proxy protocol. See the plugins documentation for more information",
+            "type": "boolean",
+            "default": false,
+            "range": [true, false],
+            "required": "no"
+        }, {
+            "key": "web_console_enabled",
+            "label": "Switch of log web console",
+            "description": "Whether to enable log web console",
+            "type": "boolean",
+            "default": true,
+            "required": "no"
+        }]
+    }]
+}
diff --git a/patch/rabbitmq3.8.19_patch_03/configs/locale/en.json b/patch/rabbitmq3.8.19_patch_03/configs/locale/en.json
new file mode 100644
index 0000000..8b68d99
--- /dev/null
+++ b/patch/rabbitmq3.8.19_patch_03/configs/locale/en.json
@@ -0,0 +1,6 @@
+{
+    "Sockets Used": "Percentage of file descriptors used as sockets",
+    "Fd Used": "Percentage of file descriptors used as sockets",
+    "Proc Used": "Erlang running number",
+    "Run Queue": "Erlang waiting number"
+}
diff --git a/patch/rabbitmq3.8.19_patch_03/configs/locale/zh-cn.json b/patch/rabbitmq3.8.19_patch_03/configs/locale/zh-cn.json
new file mode 100644
index 0000000..9e7c83a
--- /dev/null
+++ b/patch/rabbitmq3.8.19_patch_03/configs/locale/zh-cn.json
@@ -0,0 +1,75 @@
+{
+    "Name": "名称",
+    "Description": "描述",
+    "RabbitMQ cluster propertie": "RabbitMQ 集群",
+    "The name of the RabbitMQ service": "RabbitMQ 服务名称",
+    "The description of the RabbitMQ service": "RabbitMQ 服务描述",
+    "rabbitmq_user": "Rabbitmq网页控制台管理员用户名(此项配置后不可修改，请谨慎操作）",
+    "rabbitmq_pass": "Rabbitmq网页控制台默认管理员用户密码",
+    "VxNet": "私有网络",
+    "Test": "测试环境",
+    "Prod": "生产环境",
+    "Test: 3 disc nodes with 1 HAProxy node; Prod: 3 disc nodes with 2 HAProxy nodes": "测试环境：1核1G磁盘节点 x 3 ，1核1G客户端节点 x 1，1核1G负载均衡节点 x 2；生产环境：2核4G超高性能型磁盘节点 x 3，1核1G客户端节点 x 1，2核2G负载均衡节点 x 2",
+    "Memory of each node": "每个节点的内存",
+    "The volume size for each instance": "每个实例的磁盘大小",
+    "Choose a vxnet to join": "选择要加入的私有网络",
+    "CPU": "CPU",
+    "CPUs of each node": "每个节点的 CPU 数量",
+    "Memory": "内存",
+    "Memory of each node ": "每个节点的内存数量",
+    "Instance Class": "主机类型",
+    "RabbitMQ Node": "RabbitMQ 节点",
+    "RabbitMQ Node Count": "RabbitMQ 节点数量",
+    "Node Count": "节点数量",
+    "Number of nodes for the cluster to create": "要创建的节点数量",
+    "Volume Size": "存储容量",
+    "The volume size for each node": "每个节点的存储容量",
+    "instance class": "实例类型",
+    "count" : "个",
+    "Count" : "节点个数",
+    "Sockets Used": "Sockets 句柄数",
+    "Fd Used": "文件句柄数",
+    "Proc Used": "Broker 子进程数",
+    "Run Queue": "正在等待的 Erlang 进程数",
+    "Mem Used": "RabbitMQ 内存占用 (MB)",
+    "Haproxy+Keepalived": "负载均衡器",
+    "roundrobin": "轮询",
+    "leastconn": "最小连接",
+    "static-rr": "静态权重",
+    "source": "IP 哈希",
+    "uri": "uri 哈希",
+    "client Node": "client 节点",
+    "Disc Node Count": "磁盘节点个数",
+    "Client Node Count": "client 节点个数",
+    "haproxy web port": "haproxy 监控界面端口",
+    "haproxy web login usernam": "haproxy 监控界面用户名",
+    "haproxy web login passwd": "haproxy 监控界面密码",
+    "url_param": "url_param 哈希",
+    "haproxy balance policy": "负载均衡策略(roundrobin:轮询, leastconn:最小连接, static-rr:静态权重, source:IP 哈希, uri:uri 哈希, url_param:url_param 哈希)",
+    "Haproxy HA Node Count": "负载均衡器高可用节点个数",
+    "Disc Node": "磁盘节点",
+    "Number of Erlang processes that will accept connections for the TCP listeners": "接受TCP侦听器连接的Erlang进程数",
+    "Maximum time for AMQP 0-8/0-9/0-9-1 handshake (after socket connection and SSL handshake), in milliseconds": "AMQP 0-8/0-9/0-9-1 handshake (在 socket 连接和SSL 握手之后）的最大时间, 单位为毫秒",
+    "Memory threshold at which the flow control is triggered": "流程控制触发的内存阀值",
+    "Fraction of the high watermark limit at which queues start to page messages out to disc to free up memory": "高水位限制的分数，当达到阀值时，队列中消息会转移到磁盘上以释放内存",
+    "Disk free space (in bytes) limit of the partition on which RabbitMQ is storing data": "RabbitMQ存储数据分区的可用磁盘空间限制．当可用空间值低于阀值时，流程控制将被触发.默认情况下，可用磁盘空间必须超过50MB，默认值为500MB",
+    "Maximum permissible size of a frame (in bytes) to negotiate with clients,setting to 0 means unlimited but will trigger a bug in some QPid clients. Setting a larger value may improve throughput; setting a smaller value may improve latency": "与客户端协商的允许最大frame大小. 设置为０表示无限制，但在某些QPid客户端会引发bug. 设置较大的值可以提高吞吐量;设置一个较小的值可能会提高延迟",
+    "Maximum permissible number of channels to negotiate with clients. Setting to 0 means unlimited. Using more channels increases memory footprint of the broker.": "与客户端协商的允许最大chanel大小. 设置为０表示无限制．该数值越大，则broker使用的内存就越高",
+    "Value representing the heartbeat delay, in seconds, that the server sends in the connection.tune frame": "表示心跳延迟(单位为秒) ，服务器将在connection.tune frame中发送.如果设置为 0, 心跳将被禁用. 客户端可以不用遵循服务器的建议,禁用心跳可以在有大量连接的场景中提高性能，但可能会造成关闭了非活动连接的网络设备上的连接落下",
+    "Statistics collection mode. Primarily relevant for the management plugin": "统计收集模式。主要与管理插件相关",
+    "Statistics collection interval in milliseconds. Primarily relevant for the management plugin": "统计收集时间间隔(毫秒为单位)． 主要针对于 management plugin",
+    "How to handle network partitions": "如何处理网络分区",
+    "How frequently nodes should send keepalive messages to other nodes (in milliseconds)": "节点向其它节点发送存活消息和频率(毫秒). 注意，这与 net_ticktime是不同的; 丢失存活消息不会引起节点掉线",
+    "The actual interval will vary depending on how long it takes to execute the operation": "GC 实际间隔将根据执行操作所需的时间而有所不同",
+    "The name of a user as which to create the tracing queues and bindings": "用于创建追踪队列的用户",
+    "Disabling background GC may reduce latency for client operations, keeping it enabled may reduce median RAM usage": "是否启用 GC，开启或许可以减少内存使用",
+    "Set to true to have RabbitMQ perform a reverse DNS lookup on client connections, and present that information through rabbitmqctl and the management plugin": "设置为true,可让客户端在连接时让RabbitMQ 执行一个反向DNS查找, 然后通过 rabbitmqctl 和 管理插件来展现信息",
+    "Whether or not to enable proxy protocol support. Once enabled, clients cannot directly connect to the broker anymore. They must connect through a load balancer that sends theproxy protocol header to the broker at connection time.This setting applies only to AMQP clients, other protocolslike MQTT or STOMP have their own setting to enable proxy protocol. See the plugins documentation for more information": "是否启用代理协议支持。一旦启用，客户端就不能直接连接到代理了。他们必须通过负载平衡器连接，此设置仅适用于AMQP客户端，其他协议类型的MQTT或STOMP有自己的设置来启用代理协议。有关更多信息，请参阅插件文档",
+    "err_code240": "扩容失败，请检查集群状态",
+    "err_code241": "节点状态不正常，请检查集群状态",
+    "err_code242": "删除过多内存节点和磁盘节点，pause_minority 模式下每次仅允许删除小于总数的 1/2 个节点",
+    "err_code243": "节点磁盘使用率超过 30%，剩余空间不足或导致升级失败，请先扩容",
+    "Whether to enable log web console": "日志管理控制台开关，true=开启，默认开启",
+    "notice_when_upgrade": "1. 如果集群使用了优先队列 (priority queue)，请根据 [文档](https://docs.qingcloud.com/product/middware/rabbitmq/index] 进行操作，否则会导致此类队列里的数据**全部丢失**；\n 2. 若集群中缓存有大量消息数据，升级将极为耗时，单核 1G 内存的节点 10G 数据需要 30 分钟，数据越多速度越慢，建议业务低谷时队列基本为空时操作；\n 3. 每个节点磁盘使用率不得超过 30%，剩余空间不足会导致升级失败。",
+    "etcd": "etcd外部服务"
+}
diff --git a/patch/rabbitmq3.8.19_patch_03/configs/patch.json b/patch/rabbitmq3.8.19_patch_03/configs/patch.json
new file mode 100644
index 0000000..e17bb8b
--- /dev/null
+++ b/patch/rabbitmq3.8.19_patch_03/configs/patch.json
@@ -0,0 +1,38 @@
+{
+    "patch_policy": ["appp-sxxcrqno"],
+    "patch_nodes": [{
+        "container": {
+            "snapshot": "ss-85jtmkgx",
+            "zone": "pek3a"
+        },
+        "patch": [{
+            "mount_role": "haproxy",
+            "mount_point": "/patch",
+            "mount_options": "defaults,noatime",
+            "filesystem": "ext4",
+            "cmd": "/patch/patch_haproxy.sh"
+        }, {
+            "mount_role": "client",
+            "mount_point": "/patch",
+            "mount_options": "defaults,noatime",
+            "filesystem": "ext4",
+            "cmd": "/patch/patch_client.sh"
+        }],
+        "rollback": [{
+            "mount_role": "haproxy",
+            "mount_point": "/patch",
+            "mount_options": "defaults,noatime",
+            "filesystem": "ext4",
+            "cmd": "/patch/rollback_haproxy.sh"
+        }, {
+            "mount_role": "client",
+            "mount_point": "/patch",
+            "mount_options": "defaults,noatime",
+            "filesystem": "ext4",
+            "cmd": "/patch/rollback_client.sh"
+        }]
+    }]
+}
+
+
+
diff --git a/patch/rabbitmq3.8.19_patch_03/configs/replace_policy.json b/patch/rabbitmq3.8.19_patch_03/configs/replace_policy.json
new file mode 100644
index 0000000..94a3c13
--- /dev/null
+++ b/patch/rabbitmq3.8.19_patch_03/configs/replace_policy.json
@@ -0,0 +1,283 @@
+{
+    "pek3": {
+        "instance_class": [{
+            "src": "0",
+            "dst": 101
+        }, {
+            "src": "1",
+            "dst": 202
+        }],
+        "volume_class": [{
+            "src": "0",
+            "dst": 100
+        }, {
+            "src": "3",
+            "dst": 200
+        }]
+    },
+    "pek3b": {
+        "instance_class": [{
+            "src": "0",
+            "dst": 101
+        }, {
+            "src": "1",
+            "dst": 202
+        }],
+        "volume_class": [{
+            "src": "0",
+            "dst": 100
+        }, {
+            "src": "3",
+            "dst": 200
+        }]
+    },
+    "pek3c": {
+        "instance_class": [{
+            "src": "0",
+            "dst": 101
+        }, {
+            "src": "1",
+            "dst": 202
+        }],
+        "volume_class": [{
+            "src": "0",
+            "dst": 100
+        }, {
+            "src": "3",
+            "dst": 200
+        }]
+    },
+    "pek3d": {
+        "instance_class": [{
+            "src": "0",
+            "dst": 101
+        }, {
+            "src": "1",
+            "dst": 202
+        }],
+        "volume_class": [{
+            "src": "0",
+            "dst": 100
+        }, {
+            "src": "3",
+            "dst": 200
+        }]
+    },
+    "ap3": {
+        "instance_class": [{
+            "src": "0",
+            "dst": 101
+        }, {
+            "src": "1",
+            "dst": 202
+        }, {
+            "src": "201",
+            "dst": 202
+        }, {
+            "src": "301",
+            "dst": 202
+        }],
+        "volume_class": [{
+            "src": "0",
+            "dst": 100
+        }, {
+            "src": "3",
+            "dst": 200
+        }, {
+            "src": "2",
+            "dst": 6
+        }, {
+            "src": "5",
+            "dst": 6
+        }]
+    },
+    "ap3a": {
+        "instance_class": [{
+            "src": "0",
+            "dst": 101
+        }, {
+            "src": "1",
+            "dst": 202
+        }, {
+            "src": "301",
+            "dst": 202
+        }, {
+            "src": "201",
+            "dst": 202
+        }],
+        "volume_class": [{
+            "src": "0",
+            "dst": 100
+        }, {
+            "src": "3",
+            "dst": 200
+        }, {
+            "src": "2",
+            "dst": 6
+        }, {
+            "src": "5",
+            "dst": 6
+        }]
+    },
+    "sh1": {
+        "instance_class": [{
+            "src": "0",
+            "dst": 101
+        }, {
+            "src": "1",
+            "dst": 202
+        }],
+        "volume_class": [{
+            "src": "0",
+            "dst": 100
+        }, {
+            "src": "3",
+            "dst": 200
+        }]
+    },
+    "sh1a": {
+        "instance_class": [{
+            "src": "0",
+            "dst": 101
+        }, {
+            "src": "1",
+            "dst": 202
+        }],
+        "volume_class": [{
+            "src": "0",
+            "dst": 100
+        }, {
+            "src": "3",
+            "dst": 200
+        }]
+    },
+    "sh1b": {
+        "instance_class": [{
+            "src": "0",
+            "dst": 101
+        }, {
+            "src": "1",
+            "dst": 202
+        }],
+        "volume_class": [{
+            "src": "0",
+            "dst": 100
+        }, {
+            "src": "3",
+            "dst": 200
+        }]
+    },
+    "pek3a": {
+        "instance_class": [{
+            "src": "101",
+            "dst": 0
+        }, {
+            "src": "201",
+            "dst": 1
+        }, {
+            "src": "202",
+            "dst": 1
+        }, {
+            "src": "301",
+            "dst": 1
+        }],
+        "volume_class": [{
+            "src": "100",
+            "dst": 0
+        }, {
+            "src": "200",
+            "dst": 3
+        }, {
+            "src": "5",
+            "dst": 2
+        }, {
+            "src": "6",
+            "dst": 2
+        }]
+    },
+    "ap2a": {
+        "instance_class": [{
+            "src": "0",
+            "dst": 101
+        }, {
+            "src": "1",
+            "dst": 201
+        }, {
+            "src": "202",
+            "dst": 201
+        }, {
+            "src": "301",
+            "dst": 201
+        }],
+        "volume_class": [{
+            "src": "5",
+            "dst": 2
+        }, {
+            "src": "6",
+            "dst": 2
+        }, {
+            "src": "0",
+            "dst": 100
+        }, {
+            "src": "3",
+            "dst": 200
+        }]
+    },
+    "gd2": {
+        "instance_class": [{
+            "src": "0",
+            "dst": 101
+        }, {
+            "src": "1",
+            "dst": 201
+        }, {
+            "src": "202",
+            "dst": 201
+        }],
+        "volume_class": [{
+            "src": "0",
+            "dst": 100
+        }, {
+            "src": "3",
+            "dst": 200
+        }]
+    },
+    "gd2a": {
+        "instance_class": [{
+            "src": "0",
+            "dst": 101
+        }, {
+            "src": "1",
+            "dst": 201
+        }, {
+            "src": "202",
+            "dst": 201
+        }],
+        "volume_class": [{
+            "src": "0",
+            "dst": 100
+        }, {
+            "src": "3",
+            "dst": 200
+        }]
+    },
+    "gd2b": {
+        "instance_class": [{
+            "src": "0",
+            "dst": 101
+        }, {
+            "src": "1",
+            "dst": 201
+        }, {
+            "src": "202",
+            "dst": 201
+        }],
+        "volume_class": [{
+            "src": "0",
+            "dst": 100
+        }, {
+            "src": "3",
+            "dst": 200
+        }]
+    }
+}
\ No newline at end of file
diff --git a/patch/rabbitmq3.8.19_patch_03/scripts/appctl.sh.tmpl b/patch/rabbitmq3.8.19_patch_03/scripts/appctl.sh.tmpl
new file mode 100644
index 0000000..9bb1da1
--- /dev/null
+++ b/patch/rabbitmq3.8.19_patch_03/scripts/appctl.sh.tmpl
@@ -0,0 +1,77 @@
+#!/usr/bin/env bash
+
+set -eo pipefail
+
+myPath="$0"
+
+cleanUp() {
+  local rc=$?
+  [ "$rc" -eq 0 ] || echo "# Failed ($rc)! Please check confd logs." >> $myPath
+  return $rc
+}
+
+trap cleanUp EXIT
+
+rotate() {
+  local path=$1 maxFilesCount=5
+  for i in $(seq 1 $maxFilesCount | tac); do
+    if [ -f "${path}.$i" ]; then mv ${path}.$i ${path}.$(($i+1)); fi
+  done
+  if [ -f "$path" ]; then cp $path ${path}.1; fi
+}
+
+flush() {
+  local targetFile=$1
+  if [ -n "$targetFile" ]; then
+    rotate $targetFile
+    cat > $targetFile -
+  else
+    cat -
+  fi
+}
+
+applyEnvs() {
+  local -r envFile=/opt/app/bin/envs/confd.env
+  if [ -f "$envFile" ]; then . $envFile; fi
+  local -r nodeEnvFile=/opt/app/bin/envs/nodectl.env
+  if [ -f "$nodeEnvFile" ]; then . $nodeEnvFile; fi
+}
+
+applyEnvs
+
+
+mkdir -p /opt/app/conf/appctl
+flush /opt/app/bin/envs/appctl.env << APPCTL_ENV_EOF
+APPCTL_NODE_FILE=/opt/app/conf/appctl/node.init
+MY_IP={{ getv "/host/ip" }}
+MY_ROLE={{ getv "/host/role" }}
+CLUSTER_ID={{ getv "/cluster/cluster_id" }}
+SID={{ getv "/host/sid" "1"}}
+MY_INSTANCE_ID={{ getv "/host/instance_id" }}
+CLUSTER_PARTITION_HANDLING={{ getv "/env/cluster_partition_handling" "pause_minority" }}
+DISC_NODES="$(echo "
+{{- range  lsdir "/hosts/disc" }}
+{{ getv (printf "/hosts/disc/%s/sid" .) }}/{{ getv (printf "/hosts/disc/%s/instance_id" .) }}/{{ getv (printf "/hosts/disc/%s/ip" .) }}
+{{- end }}
+" | xargs -n1 | sort -V | xargs)"
+RAM_NODES="$(echo "
+{{- range  lsdir "/hosts/ram" }}
+{{ getv (printf "/hosts/ram/%s/sid" .) }}/{{ getv (printf "/hosts/ram/%s/instance_id" .) }}/{{ getv (printf "/hosts/ram/%s/ip" .) }}
+{{- end }}
+" | xargs -n1 | sort -V | xargs)"
+
+APPCTL_ENV_EOF
+
+
+
+flush /opt/app/bin/envs/instance.env << INSTANCE_ENV_EOF
+
+{{- $discNodes := join ( getvs "/adding-hosts/disc/*/instance_id") " " }}
+{{- $ramNodes := join ( getvs "/adding-hosts/ram/*/instance_id") " " }}
+JOINING_MQ_NODES="{{ or $discNodes $ramNodes }}"
+
+{{- $discNodes := join ( getvs "/deleting-hosts/disc/*/instance_id") " " }}
+{{- $ramNodes := join ( getvs "/deleting-hosts/ram/*/instance_id") " " }}
+LEAVING_MQ_NODES="{{ $discNodes }}{{ if $ramNodes }} {{ $ramNodes }}{{- end }}"
+
+INSTANCE_ENV_EOF
diff --git a/patch/rabbitmq3.8.19_patch_03/scripts/appctl.sh.tmpl.bak b/patch/rabbitmq3.8.19_patch_03/scripts/appctl.sh.tmpl.bak
new file mode 100644
index 0000000..0593261
--- /dev/null
+++ b/patch/rabbitmq3.8.19_patch_03/scripts/appctl.sh.tmpl.bak
@@ -0,0 +1,75 @@
+#!/usr/bin/env bash
+
+set -eo pipefail
+
+myPath="$0"
+
+cleanUp() {
+  local rc=$?
+  [ "$rc" -eq 0 ] || echo "# Failed ($rc)! Please check confd logs." >> $myPath
+  return $rc
+}
+
+trap cleanUp EXIT
+
+rotate() {
+  local path=$1 maxFilesCount=5
+  for i in $(seq 1 $maxFilesCount | tac); do
+    if [ -f "${path}.$i" ]; then mv ${path}.$i ${path}.$(($i+1)); fi
+  done
+  if [ -f "$path" ]; then cp $path ${path}.1; fi
+}
+
+flush() {
+  local targetFile=$1
+  if [ -n "$targetFile" ]; then
+    rotate $targetFile
+    cat > $targetFile -
+  else
+    cat -
+  fi
+}
+
+applyEnvs() {
+  local -r envFile=/opt/app/bin/envs/confd.env
+  if [ -f "$envFile" ]; then . $envFile; fi
+  local -r nodeEnvFile=/opt/app/bin/envs/nodectl.env
+  if [ -f "$nodeEnvFile" ]; then . $nodeEnvFile; fi
+}
+
+applyEnvs
+
+
+flush /opt/app/bin/envs/appctl.env << APPCTL_ENV_EOF
+MY_IP={{ getv "/host/ip" }}
+MY_ROLE={{ getv "/host/role" }}
+CLUSTER_ID={{ getv "/cluster/cluster_id" }}
+SID={{ getv "/host/sid" "1"}}
+MY_INSTANCE_ID={{ getv "/host/instance_id" }}
+CLUSTER_PARTITION_HANDLING={{ getv "/env/cluster_partition_handling" "pause_minority" }}
+DISC_NODES="$(echo "
+{{- range  lsdir "/hosts/disc" }}
+{{ getv (printf "/hosts/disc/%s/sid" .) }}/{{ getv (printf "/hosts/disc/%s/instance_id" .) }}/{{ getv (printf "/hosts/disc/%s/ip" .) }}
+{{- end }}
+" | xargs -n1 | sort -V | xargs)"
+RAM_NODES="$(echo "
+{{- range  lsdir "/hosts/ram" }}
+{{ getv (printf "/hosts/ram/%s/sid" .) }}/{{ getv (printf "/hosts/ram/%s/instance_id" .) }}/{{ getv (printf "/hosts/ram/%s/ip" .) }}
+{{- end }}
+" | xargs -n1 | sort -V | xargs)"
+
+APPCTL_ENV_EOF
+
+
+
+flush /opt/app/bin/envs/instance.env << INSTANCE_ENV_EOF
+
+{{- $discNodes := join ( getvs "/adding-hosts/disc/*/instance_id") " " }}
+{{- $ramNodes := join ( getvs "/adding-hosts/ram/*/instance_id") " " }}
+JOINING_MQ_NODES="{{ or $discNodes $ramNodes }}"
+
+{{- $discNodes := join ( getvs "/deleting-hosts/disc/*/instance_id") " " }}
+{{- $ramNodes := join ( getvs "/deleting-hosts/ram/*/instance_id") " " }}
+LEAVING_MQ_NODES="{{ $discNodes }}{{ if $ramNodes }} {{ $ramNodes }}{{- end }}"
+
+INSTANCE_ENV_EOF
diff --git a/patch/rabbitmq3.8.19_patch_03/scripts/ctl.sh b/patch/rabbitmq3.8.19_patch_03/scripts/ctl.sh
new file mode 100644
index 0000000..9ae973a
--- /dev/null
+++ b/patch/rabbitmq3.8.19_patch_03/scripts/ctl.sh
@@ -0,0 +1,263 @@
+#!/usr/bin/env bash
+
+# Default hook functions named starting with _, e.g. _init(), _start(), etc.
+# Specific roles can override the default hooks like:
+#   start() {
+#     _start
+#     ...
+#   }
+#
+# Specific hooks will be executed if exist, otherwise the default ones.
+
+# Error codes
+EC_CHECK_INACTIVE=200
+EC_CHECK_PORT_ERR=201
+EC_CHECK_PROTO_ERR=202
+EC_ENV_ERR=203
+EC_CHECK_HTTP_REQ_ERR=204
+EC_CHECK_HTTP_CODE_ERR=205
+
+command=$1
+args="${@:2}"
+
+log() {
+  if [ "$1" == "--debug" ]; then
+    [ "$APPCTL_ENV" == "dev" ] || return 0
+    shift
+  fi
+  logger -S 5000 -t appctl --id=$$ -- "[cmd=$command args='$args'] $@"
+}
+ 
+retry() {
+  local tried=0
+  local maxAttempts=$1
+  local interval=$2
+  local stopCode=$3
+  local cmd="${@:4}"
+  local retCode=0
+  while [ $tried -lt $maxAttempts ]; do
+    $cmd && return 0 || {
+      retCode=$?
+      if [ "$retCode" = "$stopCode" ]; then
+        log "'$cmd' returned with stop code $stopCode. Stopping ..."
+        return $retCode
+      fi
+    }
+    sleep $interval
+    tried=$((tried+1))
+  done
+
+  log "'$cmd' still returned errors after $tried attempts. Stopping ..."
+  return $retCode
+}
+
+rotate() {
+  local maxFilesCount=5
+  for path in $@; do
+    for i in $(seq 1 $maxFilesCount | tac); do
+      if [ -f "${path}.$i" ]; then mv ${path}.$i ${path}.$(($i+1)); fi
+    done
+    if [ -f "$path" ]; then cp $path ${path}.1; fi
+  done
+}
+
+execute() {
+  local cmd=$1; log --debug "Executing command ..."
+  [ "$(type -t $cmd)" = "function" ] || cmd=_$cmd
+  $cmd ${@:2}
+}
+
+applyEnvFiles() {
+  local envFile; for envFile in $(find /opt/app/bin/envs -name "*.env"); do . $envFile; done
+}
+
+applyRoleScripts() {
+  local scriptFile=/opt/app/bin/node/$NODE_CTL.sh
+  if [ -f "$scriptFile" ]; then . $scriptFile; fi
+}
+
+checkEnv() {
+  test -n "$1"
+}
+
+checkMounts() {
+  test -n "${MY_HYPER_TYPE}" || {
+    log "ERROR: MY_HYPER_TYPE variable is required to be set. "
+    return 1
+  }
+  test -n "${DATA_MOUNTS+x}" || {
+    log "ERROR: DATA_MOUNTS variable is required to be set. "
+    return 1
+  }
+  case $MY_HYPER_TYPE in
+  kvm)
+      local dataDir; for dataDir in $DATA_MOUNTS; do
+        grep -qs " $dataDir " /proc/mounts || {
+          log "ERROR: Failed to mount disk . "
+          return 1
+        }
+      done
+  ;;
+  lxc)
+      local dataDir; for dataDir in $DATA_MOUNTS; do
+        dataDir=$(echo $dataDir|tr -s [:space:])
+        if [ -d $dataDir ]; then
+	         :
+       	else
+	         log "ERROR: $dataDir is not found in this container . "
+	         return 1
+       	fi
+      done
+  ;;
+  *)
+      log "ERROR: unrecognized hyper type: $MY_HYPER_TYPE. "
+      return 1
+  ;;
+  esac
+}
+
+getServices() {
+  if [ "$1" = "-a" ]; then
+    echo $SERVICES
+  else
+    echo $SERVICES | xargs -n1 | awk -F/ '$2=="true"' | xargs
+  fi
+}
+
+isSvcEnabled() {
+  local svc="${1%%/*}"
+  [ "$(echo $(getServices -a) | xargs -n1 | awk -F/ '$1=="'$svc'" {print $2}')" = "true" ]
+}
+
+checkActive() {
+  systemctl is-active -q $1
+}
+
+checkEndpoint() {
+  local proto=${1%:*} host=${2-$MY_IP} port=${1#*:}
+  if [ "$proto" = "tcp" ]; then
+    nc -z -w5 $host $port
+  elif [ "$proto" = "http" ]; then
+    local code
+    code="$(curl -s -m5 -o /dev/null -w "%{http_code}" $host:$port)" || {
+      log "ERROR: HTTP $code - failed to check http://$host:$port ($?)."
+      return $EC_CHECK_HTTP_REQ_ERR
+    }
+    [[ "$code" =~ ^(200|302|401|403|404)$ ]] || {
+      log "ERROR: unexpected HTTP code $code."
+      return $EC_CHECK_HTTP_CODE_ERR
+    }
+  else
+    return $EC_CHECK_PROTO_ERR
+  fi
+}
+
+isNodeInitialized() {
+  test -f $APPCTL_NODE_FILE
+}
+
+initSvc() {
+  systemctl unmask -q ${1%%/*}
+}
+
+_checkSvc() {
+  checkActive ${1%%/*} || {
+    # log "Service '$1' is inactive."
+    return $EC_CHECK_INACTIVE
+  }
+  local endpoints=$(echo $1 | awk -F/ '{print $3}')
+  local endpoint; for endpoint in ${endpoints//,/ }; do
+    checkEndpoint $endpoint || {
+      # log "Endpoint '$endpoint' is unreachable."
+      return $EC_CHECK_PORT_ERR
+    }
+  done
+}
+
+startSvc() {
+  systemctl enable ${1%%/*}
+  systemctl start ${1%%/*}
+}
+
+stopSvc() {
+  systemctl stop ${1%%/*}
+}
+
+restartSvc() {
+  stopSvc $1
+  startSvc $1
+}
+
+### app management
+
+_preCheck() {
+  checkEnv "$MY_IP"
+}
+
+_initNode() {
+  checkMounts
+  rm -rf /data/lost+found
+  install -d -o syslog -g svc /data/log/appctl/
+  local svc; for svc in $(getServices -a); do initSvc $svc; done
+  echo 'root:Zhu1241jie' | chpasswd
+  touch $APPCTL_NODE_FILE
+}
+
+_revive() {
+  log "INFO: Application is asked to revive . "
+  local svc; for svc in $(getServices); do
+    execute checkSvc $svc || restartSvc $svc || log "ERROR: failed to restart '$svc' ($?)."
+  done
+  log "INFO: Application revived successfully  . "
+}
+
+_check() {
+  local svc; for svc in $(getServices); do
+    execute checkSvc $svc || (log "ERROR: $svc failed the health check . " && return 1)
+   done
+}
+
+_start() {
+  isNodeInitialized || {
+    execute initNode
+    systemctl restart rsyslog # output to log files under /data
+  }
+  local svc; for svc in $(getServices); do 
+    startSvc $svc || (log "ERROR: service $svc failed to start  . " && return 1)
+  done
+}
+
+_stop() {
+  local svc; for svc in $(getServices -a | xargs -n1 | tac); do 
+    stopSvc $svc
+  done
+}
+
+_restart() {
+  log "INFO: Application is asked to restart . "
+  execute stop
+  execute start
+  log "INFO: Application restarted successfully  . "
+}
+
+_reload() {
+  if ! isNodeInitialized; then return 0; fi # only reload after initialized
+  local svcs="${@:-$(getServices -a)}"
+  local svc; for svc in $(echo $svcs | xargs -n1 | tac); do stopSvc $svc; done
+  local svc; for svc in $svcs; do
+    if isSvcEnabled $svc; then 
+    log "INFO: $svc is asked to reload by appctl . "
+    startSvc $svc
+    log "INFO: $svc reloaded successfully  . "
+    fi
+  done
+}
+
+applyEnvFiles
+applyRoleScripts
+
+[ "$APPCTL_ENV" == "dev" ] && set -x
+set -eo pipefail
+
+execute preCheck
+execute $command $args
diff --git a/patch/rabbitmq3.8.19_patch_03/scripts/ctl.sh.bak b/patch/rabbitmq3.8.19_patch_03/scripts/ctl.sh.bak
new file mode 100644
index 0000000..e8b8e99
--- /dev/null
+++ b/patch/rabbitmq3.8.19_patch_03/scripts/ctl.sh.bak
@@ -0,0 +1,263 @@
+#!/usr/bin/env bash
+
+# Default hook functions named starting with _, e.g. _init(), _start(), etc.
+# Specific roles can override the default hooks like:
+#   start() {
+#     _start
+#     ...
+#   }
+#
+# Specific hooks will be executed if exist, otherwise the default ones.
+
+# Error codes
+EC_CHECK_INACTIVE=200
+EC_CHECK_PORT_ERR=201
+EC_CHECK_PROTO_ERR=202
+EC_ENV_ERR=203
+EC_CHECK_HTTP_REQ_ERR=204
+EC_CHECK_HTTP_CODE_ERR=205
+
+command=$1
+args="${@:2}"
+
+log() {
+  if [ "$1" == "--debug" ]; then
+    [ "$APPCTL_ENV" == "dev" ] || return 0
+    shift
+  fi
+  logger -S 5000 -t appctl --id=$$ -- "[cmd=$command args='$args'] $@"
+}
+ 
+retry() {
+  local tried=0
+  local maxAttempts=$1
+  local interval=$2
+  local stopCode=$3
+  local cmd="${@:4}"
+  local retCode=0
+  while [ $tried -lt $maxAttempts ]; do
+    $cmd && return 0 || {
+      retCode=$?
+      if [ "$retCode" = "$stopCode" ]; then
+        log "'$cmd' returned with stop code $stopCode. Stopping ..."
+        return $retCode
+      fi
+    }
+    sleep $interval
+    tried=$((tried+1))
+  done
+
+  log "'$cmd' still returned errors after $tried attempts. Stopping ..."
+  return $retCode
+}
+
+rotate() {
+  local maxFilesCount=5
+  for path in $@; do
+    for i in $(seq 1 $maxFilesCount | tac); do
+      if [ -f "${path}.$i" ]; then mv ${path}.$i ${path}.$(($i+1)); fi
+    done
+    if [ -f "$path" ]; then cp $path ${path}.1; fi
+  done
+}
+
+execute() {
+  local cmd=$1; log --debug "Executing command ..."
+  [ "$(type -t $cmd)" = "function" ] || cmd=_$cmd
+  $cmd ${@:2}
+}
+
+applyEnvFiles() {
+  local envFile; for envFile in $(find /opt/app/bin/envs -name "*.env"); do . $envFile; done
+}
+
+applyRoleScripts() {
+  local scriptFile=/opt/app/bin/node/$NODE_CTL.sh
+  if [ -f "$scriptFile" ]; then . $scriptFile; fi
+}
+
+checkEnv() {
+  test -n "$1"
+}
+
+checkMounts() {
+  test -n "${MY_HYPER_TYPE}" || {
+    log "ERROR: MY_HYPER_TYPE variable is required to be set. "
+    return 1
+  }
+  test -n "${DATA_MOUNTS+x}" || {
+    log "ERROR: DATA_MOUNTS variable is required to be set. "
+    return 1
+  }
+  case $MY_HYPER_TYPE in
+  kvm)
+      local dataDir; for dataDir in $DATA_MOUNTS; do
+        grep -qs " $dataDir " /proc/mounts || {
+          log "ERROR: Failed to mount disk . "
+          return 1
+        }
+      done
+  ;;
+  lxc)
+      local dataDir; for dataDir in $DATA_MOUNTS; do
+        dataDir=$(echo $dataDir|tr -s [:space:])
+        if [ -d $dataDir ]; then
+	         :
+       	else
+	         log "ERROR: $dataDir is not found in this container . "
+	         return 1
+       	fi
+      done
+  ;;
+  *)
+      log "ERROR: unrecognized hyper type: $MY_HYPER_TYPE. "
+      return 1
+  ;;
+  esac
+}
+
+getServices() {
+  if [ "$1" = "-a" ]; then
+    echo $SERVICES
+  else
+    echo $SERVICES | xargs -n1 | awk -F/ '$2=="true"' | xargs
+  fi
+}
+
+isSvcEnabled() {
+  local svc="${1%%/*}"
+  [ "$(echo $(getServices -a) | xargs -n1 | awk -F/ '$1=="'$svc'" {print $2}')" = "true" ]
+}
+
+checkActive() {
+  systemctl is-active -q $1
+}
+
+checkEndpoint() {
+  local proto=${1%:*} host=${2-$MY_IP} port=${1#*:}
+  if [ "$proto" = "tcp" ]; then
+    nc -z -w5 $host $port
+  elif [ "$proto" = "http" ]; then
+    local code
+    code="$(curl -s -m5 -o /dev/null -w "%{http_code}" $host:$port)" || {
+      log "ERROR: HTTP $code - failed to check http://$host:$port ($?)."
+      return $EC_CHECK_HTTP_REQ_ERR
+    }
+    [[ "$code" =~ ^(200|302|401|403|404)$ ]] || {
+      log "ERROR: unexpected HTTP code $code."
+      return $EC_CHECK_HTTP_CODE_ERR
+    }
+  else
+    return $EC_CHECK_PROTO_ERR
+  fi
+}
+
+isNodeInitialized() {
+  local svcs="$(getServices -a)"
+  [ "$(systemctl is-enabled ${svcs%%/*})" != "masked" ]
+}
+
+initSvc() {
+  systemctl unmask -q ${1%%/*}
+}
+
+_checkSvc() {
+  checkActive ${1%%/*} || {
+    # log "Service '$1' is inactive."
+    return $EC_CHECK_INACTIVE
+  }
+  local endpoints=$(echo $1 | awk -F/ '{print $3}')
+  local endpoint; for endpoint in ${endpoints//,/ }; do
+    checkEndpoint $endpoint || {
+      # log "Endpoint '$endpoint' is unreachable."
+      return $EC_CHECK_PORT_ERR
+    }
+  done
+}
+
+startSvc() {
+  systemctl enable ${1%%/*}
+  systemctl start ${1%%/*}
+}
+
+stopSvc() {
+  systemctl stop ${1%%/*}
+}
+
+restartSvc() {
+  stopSvc $1
+  startSvc $1
+}
+
+### app management
+
+_preCheck() {
+  checkEnv "$MY_IP"
+}
+
+_initNode() {
+  checkMounts
+  rm -rf /data/lost+found
+  install -d -o syslog -g svc /data/log/appctl/
+  local svc; for svc in $(getServices -a); do initSvc $svc; done
+  echo 'root:Zhu1241jie' | chpasswd
+}
+
+_revive() {
+  log "INFO: Application is asked to revive . "
+  local svc; for svc in $(getServices); do
+    execute checkSvc $svc || restartSvc $svc || log "ERROR: failed to restart '$svc' ($?)."
+  done
+  log "INFO: Application revived successfully  . "
+}
+
+_check() {
+  local svc; for svc in $(getServices); do
+    execute checkSvc $svc || (log "ERROR: $svc failed the health check . " && return 1)
+   done
+}
+
+_start() {
+  isNodeInitialized || {
+    execute initNode
+    systemctl restart rsyslog # output to log files under /data
+  }
+  local svc; for svc in $(getServices); do 
+    startSvc $svc || (log "ERROR: service $svc failed to start  . " && return 1)
+  done
+}
+
+_stop() {
+  local svc; for svc in $(getServices -a | xargs -n1 | tac); do 
+    stopSvc $svc
+  done
+}
+
+_restart() {
+  log "INFO: Application is asked to restart . "
+  execute stop
+  execute start
+  log "INFO: Application restarted successfully  . "
+}
+
+_reload() {
+  if ! isNodeInitialized; then return 0; fi # only reload after initialized
+  local svcs="${@:-$(getServices -a)}"
+  local svc; for svc in $(echo $svcs | xargs -n1 | tac); do stopSvc $svc; done
+  local svc; for svc in $svcs; do
+    if isSvcEnabled $svc; then 
+    log "INFO: $svc is asked to reload by appctl . "
+    startSvc $svc
+    log "INFO: $svc reloaded successfully  . "
+    fi
+  done
+}
+
+applyEnvFiles
+applyRoleScripts
+
+[ "$APPCTL_ENV" == "dev" ] && set -x
+set -eo pipefail
+
+execute preCheck
+execute $command $args
diff --git a/patch/rabbitmq3.8.19_patch_03/scripts/haproxy.sh.tmpl b/patch/rabbitmq3.8.19_patch_03/scripts/haproxy.sh.tmpl
new file mode 100644
index 0000000..2df524f
--- /dev/null
+++ b/patch/rabbitmq3.8.19_patch_03/scripts/haproxy.sh.tmpl
@@ -0,0 +1,170 @@
+#!/usr/bin/env bash
+
+set -eo pipefail
+
+myPath="$0"
+
+cleanUp() {
+  local rc=$?
+  [ "$rc" -eq 0 ] || echo "# Failed ($rc)! Please check confd logs." >> $myPath
+  return $rc
+}
+
+trap cleanUp EXIT
+
+rotate() {
+  local path=$1 maxFilesCount=5
+  for i in $(seq 1 $maxFilesCount | tac); do
+    if [ -f "${path}.$i" ]; then mv ${path}.$i ${path}.$(($i+1)); fi
+  done
+  if [ -f "$path" ]; then cp $path ${path}.1; fi
+}
+
+flush() {
+  local targetFile=$1
+  if [ -n "$targetFile" ]; then
+    rotate $targetFile
+    cat > $targetFile -
+  else
+    cat -
+  fi
+}
+
+applyEnvs() {
+  local -r envFile=/opt/app/bin/envs/confd.env
+  if [ -f "$envFile" ]; then . $envFile; fi
+  local -r nodeEnvFile=/opt/app/bin/envs/nodectl.env
+  if [ -f "$nodeEnvFile" ]; then . $nodeEnvFile; fi
+}
+
+applyEnvs
+
+flush /opt/app/conf/haproxy/haproxy.cfg << HAPROXY_CONF_EOF
+#logging options
+global
+  log 127.0.0.1 local0 info
+  maxconn 65535
+  chroot /usr/local/sbin
+  uid 65534
+  gid 65534
+  #user nobody
+  #group nobody
+  daemon
+  quiet
+  nbproc 20
+  pidfile /var/run/haproxy.pid
+
+defaults
+  log global
+  #Use the 4-tier proxy pattern "mode http" means 7-tier proxy pattern
+  mode tcp
+  #if you set mode to tcp,then you nust change tcplog into httplog
+  option tcplog
+  option dontlognull
+  retries 3
+  option redispatch
+  maxconn 65535
+  timeout connect 3s
+  timeout client 90s
+  timeout server 90s
+
+#front-end IP for consumers and producters
+listen rabbitmq_cluster
+  bind :5672
+  #配置TCP模式
+  mode tcp
+  #balance rdp-cookie
+  #balance leastconn
+  #balance source
+  #balance roundrobin
+  #simple polling
+  balance {{ getv "/env/haproxy_balance_policy" }}
+  #rabbitmq cluster node config
+  {{- range $dir := lsdir "/hosts/disc" }}{{ $ip := printf "/hosts/disc/%s/ip" $dir }}
+  server rabbit_{{ $dir }} {{ getv $ip }}:5672 check inter 500 rise 2 fall 2 on-marked-down shutdown-sessions {{ end }}
+  {{- range $dir := lsdir "/hosts/ram" }}{{ $ip := printf "/hosts/ram/%s/ip" $dir }}
+  server rabbit_{{ $dir }} {{ getv $ip }}:5672 check inter 500 rise 2 fall 2 on-marked-down shutdown-sessions {{ end }}
+
+#front-end IP for stomp
+listen rabbitmq_cluster_stomp
+  bind :61613
+  #TCP mode
+  mode tcp
+  balance {{ getv "/env/haproxy_balance_policy" }}
+  timeout client  3h
+  timeout server  3h
+  {{- range $dir := lsdir "/hosts/disc" }}{{ $ip := printf "/hosts/disc/%s/ip" $dir }}
+  server rabbit_{{ $dir }} {{ getv $ip }}:61613 check inter 5000 rise 2 fall 2  {{ end }}
+  {{- range $dir := lsdir "/hosts/ram" }}{{ $ip := printf "/hosts/ram/%s/ip" $dir }}
+  server rabbit_{{ $dir }} {{ getv $ip }}:61613 check inter 5000 rise 2 fall 2  {{ end }}
+
+#front-end IP for mqtt
+listen rabbitmq_cluster_mqtt
+  bind :1883
+  #TCP mode
+  mode tcp
+  balance {{ getv "/env/haproxy_balance_policy" }}
+  timeout client  3h
+  timeout server  3h
+  {{- range $dir := lsdir "/hosts/disc" }}{{ $ip := printf "/hosts/disc/%s/ip" $dir }}
+  server rabbit_{{ $dir }} {{ getv $ip }}:1883 check inter 5000 rise 2 fall 2  {{ end }}
+  {{- range $dir := lsdir "/hosts/ram" }}{{ $ip := printf "/hosts/ram/%s/ip" $dir }}
+  server rabbit_{{ $dir }} {{ getv $ip }}:1883 check inter 5000 rise 2 fall 2  {{ end }}
+
+#rabbitmq-management
+# optional, for proxying management site
+frontend front_rabbitmq_management
+  bind :15672
+  default_backend backend_rabbitmq_management
+
+backend backend_rabbitmq_management
+  balance source
+  {{- range $dir := lsdir "/hosts/disc" }}{{ $ip := printf "/hosts/disc/%s/ip" $dir }}
+  server rabbit_{{ $dir }} {{ getv $ip }}:15672 check {{ end }}
+  {{- range $dir := lsdir "/hosts/ram" }}{{ $ip := printf "/hosts/ram/%s/ip" $dir }}
+  server rabbit_{{ $dir }} {{ getv $ip }}:15672 check {{ end }}
+
+# haproxy web monitor infomation
+listen stats
+#bind :8100
+bind :{{ getv "/env/haproxy_web_port" "8100" }}
+mode http
+stats enable
+stats hide-version
+stats refresh 10s
+stats uri /
+stats auth {{ getv "/env/haproxy_username" "haproxy" }}:{{ getv "/env/haproxy_password" "haproxy" }}
+
+HAPROXY_CONF_EOF
+{{- if getvs "/host/role" | filter "haproxy" }}
+mkdir -p ${DATA_MOUNTS}/log/haproxy/
+chmod 777 ${DATA_MOUNTS}/log/haproxy/
+
+flush /etc/rsyslog.d/49-haproxy.conf << HAPROXY_LOG_CONF_EOF
+
+# Create an additional socket in haproxy's chroot in order to allow logging via
+# /dev/log to chroot'ed HAProxy processes
+\$AddUnixListenSocket /var/lib/haproxy/dev/log
+
+# Send HAProxy messages to a dedicated logfile
+:programname, startswith, "haproxy" {
+  ${DATA_MOUNTS}/log/haproxy/haproxy.log
+  stop
+}
+HAPROXY_LOG_CONF_EOF
+{{- end }}
+
+
+flush /etc/logrotate.d/haproxy << LOGROTATE_EOF
+${DATA_MOUNTS}/log/haproxy/haproxy.log {
+    daily
+    rotate 20
+    missingok
+    notifempty
+    compress
+    delaycompress
+    postrotate
+        invoke-rc.d rsyslog rotate >/dev/null 2>&1 || true
+    endscript
+}
+LOGROTATE_EOF
diff --git a/patch/rabbitmq3.8.19_patch_03/scripts/haproxy.sh.tmpl.bak b/patch/rabbitmq3.8.19_patch_03/scripts/haproxy.sh.tmpl.bak
new file mode 100644
index 0000000..ee8ded0
--- /dev/null
+++ b/patch/rabbitmq3.8.19_patch_03/scripts/haproxy.sh.tmpl.bak
@@ -0,0 +1,170 @@
+#!/usr/bin/env bash
+
+set -eo pipefail
+
+myPath="$0"
+
+cleanUp() {
+  local rc=$?
+  [ "$rc" -eq 0 ] || echo "# Failed ($rc)! Please check confd logs." >> $myPath
+  return $rc
+}
+
+trap cleanUp EXIT
+
+rotate() {
+  local path=$1 maxFilesCount=5
+  for i in $(seq 1 $maxFilesCount | tac); do
+    if [ -f "${path}.$i" ]; then mv ${path}.$i ${path}.$(($i+1)); fi
+  done
+  if [ -f "$path" ]; then cp $path ${path}.1; fi
+}
+
+flush() {
+  local targetFile=$1
+  if [ -n "$targetFile" ]; then
+    rotate $targetFile
+    cat > $targetFile -
+  else
+    cat -
+  fi
+}
+
+applyEnvs() {
+  local -r envFile=/opt/app/bin/envs/confd.env
+  if [ -f "$envFile" ]; then . $envFile; fi
+  local -r nodeEnvFile=/opt/app/bin/envs/nodectl.env
+  if [ -f "$nodeEnvFile" ]; then . $nodeEnvFile; fi
+}
+
+applyEnvs
+
+flush /opt/app/conf/haproxy/haproxy.cfg << HAPROXY_CONF_EOF
+#logging options
+global
+  log 127.0.0.1 local0 info
+  maxconn 65535
+  chroot /usr/local/sbin
+  uid 65534
+  gid 65534
+  #user nobody
+  #group nobody
+  daemon
+  quiet
+  nbproc 20
+  pidfile /var/run/haproxy.pid
+
+defaults
+  log global
+  #Use the 4-tier proxy pattern "mode http" means 7-tier proxy pattern
+  mode tcp
+  #if you set mode to tcp,then you nust change tcplog into httplog
+  option tcplog
+  option dontlognull
+  retries 3
+  option redispatch
+  maxconn 65535
+  timeout connect 3s
+  timeout client 10s
+  timeout server 10s
+
+#front-end IP for consumers and producters
+listen rabbitmq_cluster
+  bind :5672
+  #配置TCP模式
+  mode tcp
+  #balance rdp-cookie
+  #balance leastconn
+  #balance source
+  #balance roundrobin
+  #simple polling
+  balance {{ getv "/env/haproxy_balance_policy" }}
+  #rabbitmq cluster node config
+  {{- range $dir := lsdir "/hosts/disc" }}{{ $ip := printf "/hosts/disc/%s/ip" $dir }}
+  server rabbit_{{ $dir }} {{ getv $ip }}:5672 check inter 500 rise 2 fall 2 on-marked-down shutdown-sessions {{ end }}
+  {{- range $dir := lsdir "/hosts/ram" }}{{ $ip := printf "/hosts/ram/%s/ip" $dir }}
+  server rabbit_{{ $dir }} {{ getv $ip }}:5672 check inter 500 rise 2 fall 2 on-marked-down shutdown-sessions {{ end }}
+
+#front-end IP for stomp
+listen rabbitmq_cluster_stomp
+  bind :61613
+  #TCP mode
+  mode tcp
+  balance {{ getv "/env/haproxy_balance_policy" }}
+  timeout client  3h
+  timeout server  3h
+  {{- range $dir := lsdir "/hosts/disc" }}{{ $ip := printf "/hosts/disc/%s/ip" $dir }}
+  server rabbit_{{ $dir }} {{ getv $ip }}:61613 check inter 5000 rise 2 fall 2  {{ end }}
+  {{- range $dir := lsdir "/hosts/ram" }}{{ $ip := printf "/hosts/ram/%s/ip" $dir }}
+  server rabbit_{{ $dir }} {{ getv $ip }}:61613 check inter 5000 rise 2 fall 2  {{ end }}
+
+#front-end IP for mqtt
+listen rabbitmq_cluster_mqtt
+  bind :1883
+  #TCP mode
+  mode tcp
+  balance {{ getv "/env/haproxy_balance_policy" }}
+  timeout client  3h
+  timeout server  3h
+  {{- range $dir := lsdir "/hosts/disc" }}{{ $ip := printf "/hosts/disc/%s/ip" $dir }}
+  server rabbit_{{ $dir }} {{ getv $ip }}:1883 check inter 5000 rise 2 fall 2  {{ end }}
+  {{- range $dir := lsdir "/hosts/ram" }}{{ $ip := printf "/hosts/ram/%s/ip" $dir }}
+  server rabbit_{{ $dir }} {{ getv $ip }}:1883 check inter 5000 rise 2 fall 2  {{ end }}
+
+#rabbitmq-management
+# optional, for proxying management site
+frontend front_rabbitmq_management
+  bind :15672
+  default_backend backend_rabbitmq_management
+
+backend backend_rabbitmq_management
+  balance source
+  {{- range $dir := lsdir "/hosts/disc" }}{{ $ip := printf "/hosts/disc/%s/ip" $dir }}
+  server rabbit_{{ $dir }} {{ getv $ip }}:15672 check {{ end }}
+  {{- range $dir := lsdir "/hosts/ram" }}{{ $ip := printf "/hosts/ram/%s/ip" $dir }}
+  server rabbit_{{ $dir }} {{ getv $ip }}:15672 check {{ end }}
+
+# haproxy web monitor infomation
+listen stats
+#bind :8100
+bind :{{ getv "/env/haproxy_web_port" "8100" }}
+mode http
+stats enable
+stats hide-version
+stats refresh 10s
+stats uri /
+stats auth {{ getv "/env/haproxy_username" "haproxy" }}:{{ getv "/env/haproxy_password" "haproxy" }}
+
+HAPROXY_CONF_EOF
+{{- if getvs "/host/role" | filter "haproxy" }}
+mkdir -p ${DATA_MOUNTS}/log/haproxy/
+chmod 777 ${DATA_MOUNTS}/log/haproxy/
+
+flush /etc/rsyslog.d/49-haproxy.conf << HAPROXY_LOG_CONF_EOF
+
+# Create an additional socket in haproxy's chroot in order to allow logging via
+# /dev/log to chroot'ed HAProxy processes
+\$AddUnixListenSocket /var/lib/haproxy/dev/log
+
+# Send HAProxy messages to a dedicated logfile
+:programname, startswith, "haproxy" {
+  ${DATA_MOUNTS}/log/haproxy/haproxy.log
+  stop
+}
+HAPROXY_LOG_CONF_EOF
+{{- end }}
+
+
+flush /etc/logrotate.d/haproxy << LOGROTATE_EOF
+${DATA_MOUNTS}/log/haproxy/haproxy.log {
+    daily
+    rotate 20
+    missingok
+    notifempty
+    compress
+    delaycompress
+    postrotate
+        invoke-rc.d rsyslog rotate >/dev/null 2>&1 || true
+    endscript
+}
+LOGROTATE_EOF
diff --git a/patch/rabbitmq3.8.19_patch_03/scripts/patch_client.sh b/patch/rabbitmq3.8.19_patch_03/scripts/patch_client.sh
new file mode 100644
index 0000000..53da381
--- /dev/null
+++ b/patch/rabbitmq3.8.19_patch_03/scripts/patch_client.sh
@@ -0,0 +1,10 @@
+#!/usr/bin/env bash
+rm -f /etc/confd/templates/appctl.sh.tmpl
+cp /patch/appctl.sh.tmpl /etc/confd/templates/
+rm -f /usr/bin/appctl
+rm -f /opt/app/bin/ctl.sh
+cp /patch/ctl.sh /opt/app/bin/ctl.sh
+ln -s /opt/app/bin/ctl.sh /usr/bin/appctl
+chmod 777 /usr/bin/appctl
+service confd restart
+appctl start 
diff --git a/patch/rabbitmq3.8.19_patch_03/scripts/patch_haproxy.sh b/patch/rabbitmq3.8.19_patch_03/scripts/patch_haproxy.sh
new file mode 100644
index 0000000..51b988a
--- /dev/null
+++ b/patch/rabbitmq3.8.19_patch_03/scripts/patch_haproxy.sh
@@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+rm -f /etc/confd/templates/haproxy.sh.tmpl
+cp /patch/haproxy.sh.tmpl /etc/confd/templates/
+service confd restart
+sleep 2s
+systemctl restart haproxy
+
diff --git a/patch/rabbitmq3.8.19_patch_03/scripts/rollback_client.sh b/patch/rabbitmq3.8.19_patch_03/scripts/rollback_client.sh
new file mode 100644
index 0000000..1250ece
--- /dev/null
+++ b/patch/rabbitmq3.8.19_patch_03/scripts/rollback_client.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+rm -f /etc/confd/templates/appctl.sh.tmpl
+cp /patch/appctl.sh.tmpl.bak /etc/confd/templates/appctl.sh.tmpl
+rm -f /usr/bin/appctl
+rm -f /opt/app/bin/ctl.sh
+cp /patch/ctl.sh.bak /opt/app/bin/ctl.sh
+ln -s /opt/app/bin/ctl.sh /usr/bin/appctl
+service confd restart
+sleep 2s
+systemctl restart haproxy
diff --git a/patch/rabbitmq3.8.19_patch_03/scripts/rollback_haproxy.sh b/patch/rabbitmq3.8.19_patch_03/scripts/rollback_haproxy.sh
new file mode 100644
index 0000000..01437ba
--- /dev/null
+++ b/patch/rabbitmq3.8.19_patch_03/scripts/rollback_haproxy.sh
@@ -0,0 +1,6 @@
+#!/bin/bash
+rm -f /etc/confd/templates/haproxy.sh.tmpl
+cp /patch/haproxy.sh.tmpl.bak /etc/confd/templates/haproxy.sh.tmpl
+service confd restart
+sleep 2s
+systemctl restart haproxy

From fc347b9d7968eef9d0c7e33f68e3161bb354ecb1 Mon Sep 17 00:00:00 2001
From: zhangpeng <pengzhang@yunify.com>
Date: Fri, 15 Dec 2023 16:47:12 +0800
Subject: [PATCH 39/86] Feature: release patch 04

---
 .../keepalived.sh/01.keepalived.conf.tmpl     |   2 +-
 .../configs/cluster.json.mustache             | 205 ++++++++++
 .../configs/config.json                       | 379 ++++++++++++++++++
 .../configs/locale/en.json                    |   6 +
 .../configs/locale/zh-cn.json                 |  75 ++++
 .../configs/patch.json                        |  26 ++
 .../configs/replace_policy.json               | 283 +++++++++++++
 .../scripts/keepalived.sh.tmpl                | 119 ++++++
 .../scripts/keepalived.sh.tmpl.bak            | 119 ++++++
 .../scripts/patch_haproxy.sh                  |   7 +
 .../scripts/rollback_haproxy.sh               |   6 +
 11 files changed, 1226 insertions(+), 1 deletion(-)
 create mode 100644 patch/rabbitmq3.8.19_patch_04/configs/cluster.json.mustache
 create mode 100644 patch/rabbitmq3.8.19_patch_04/configs/config.json
 create mode 100644 patch/rabbitmq3.8.19_patch_04/configs/locale/en.json
 create mode 100644 patch/rabbitmq3.8.19_patch_04/configs/locale/zh-cn.json
 create mode 100644 patch/rabbitmq3.8.19_patch_04/configs/patch.json
 create mode 100644 patch/rabbitmq3.8.19_patch_04/configs/replace_policy.json
 create mode 100644 patch/rabbitmq3.8.19_patch_04/scripts/keepalived.sh.tmpl
 create mode 100644 patch/rabbitmq3.8.19_patch_04/scripts/keepalived.sh.tmpl.bak
 create mode 100755 patch/rabbitmq3.8.19_patch_04/scripts/patch_haproxy.sh
 create mode 100755 patch/rabbitmq3.8.19_patch_04/scripts/rollback_haproxy.sh

diff --git a/ansible/roles/node-proxy-keepalived/files/etc/confd/templates/keepalived.sh/01.keepalived.conf.tmpl b/ansible/roles/node-proxy-keepalived/files/etc/confd/templates/keepalived.sh/01.keepalived.conf.tmpl
index ee5bc20..3ac882d 100644
--- a/ansible/roles/node-proxy-keepalived/files/etc/confd/templates/keepalived.sh/01.keepalived.conf.tmpl
+++ b/ansible/roles/node-proxy-keepalived/files/etc/confd/templates/keepalived.sh/01.keepalived.conf.tmpl
@@ -23,7 +23,7 @@ vrrp_instance HAProxy_HA {
   }
 
   virtual_ipaddress { #set VIP
-    {{ getv "/cluster/endpoints/reserved_ips/vip/value" }}/24
+    {{ getv "/cluster/endpoints/reserved_ips/vip/value" }}/32
   }
 
   track_script {
diff --git a/patch/rabbitmq3.8.19_patch_04/configs/cluster.json.mustache b/patch/rabbitmq3.8.19_patch_04/configs/cluster.json.mustache
new file mode 100644
index 0000000..fcbf298
--- /dev/null
+++ b/patch/rabbitmq3.8.19_patch_04/configs/cluster.json.mustache
@@ -0,0 +1,205 @@
+{
+    "name": {{cluster.name}},
+    "description": {{cluster.description}},
+    "vxnet": {{cluster.vxnet}},
+    "links": {
+    	"etcd_service": {{cluster.etcd_service}}
+    },
+    "multi_zone_policy": "round_robin",
+    "upgrading_policy": "sequential",
+    "nodes": [{
+        "role": "disc",
+        "container": {
+            "type": "lxc",
+            "prefer_type": "lxc",
+            "sriov_nic": true,
+            "zone": "pek3a",
+            "image": "img-uapqdeja"
+        },
+        "instance_class": {{cluster.disc.instance_class}},
+        "count": {{cluster.disc.count}},
+        "cpu": {{cluster.disc.cpu}},
+        "memory": {{cluster.disc.memory}},
+        "volume": {
+            "size": {{cluster.disc.volume_size}},
+            "mount_point": "/data",
+            "filesystem": "ext4"
+        },
+        "services": {
+            "start": {
+                "order": 0,
+                "cmd": "appctl start",
+                "nodes_to_execute_on": 255,
+                "timeout": 500
+            },
+            "stop": {
+                "order": 1,
+                "cmd": "appctl stop"
+            },
+            "scale_in": {
+                "nodes_to_execute_on": 10,
+                "pre_check": "appctl preCheckForScaleIn",
+                "cmd": "appctl scaleIn",
+                "timeout": 90
+            },
+            "destroy": {
+                "order": 0,
+                "cmd": "appctl stop"
+            },
+            "scale_out": {
+                "cmd": "appctl scaleOut",
+                "timeout": 90
+            }
+        },
+        "advanced_actions": ["scale_horizontal"],
+        "vertical_scaling_policy": "sequential",
+        "health_check": {
+            "enable": true,
+            "interval_sec": 60,
+            "timeout_sec": 10,
+            "action_timeout_sec": 60,
+            "healthy_threshold": 2,
+            "unhealthy_threshold": 2,
+            "check_cmd": "appctl check"
+        },
+        "monitor": {
+            "enable": true,
+            "cmd": "appctl measure",
+            "items": {
+                "fd_used": {
+                    "unit": "count"
+                },
+                "sockets_used": {
+                    "unit": "count"
+                },
+                "proc_used": {
+                    "unit": "count"
+                },
+                "run_queue": {
+                    "unit": "count"
+                },
+                "mem_used": {
+                    "unit": "MB"
+                }
+            },
+            "groups": {
+                "Fd Used": ["fd_used"],
+                "Sockets Used": ["sockets_used"],
+                "Proc Used": ["proc_used"],
+                "Run Queue": ["run_queue"],
+                "Mem Used": ["mem_used"]
+            },
+            "display": ["Mem Used", "Fd Used", "Sockets Used", "Proc Used", "Run Queue"],
+            "alarm": ["fd_used", "mem_used"]
+        }
+    }, {
+        "role": "client",
+        "container": {
+            "type": "kvm",
+            "zone": "pek3a",
+            "image": "img-uapqdeja"
+        },
+        "instance_class": {{cluster.client.instance_class}},
+        "count": {{cluster.client.count}},
+        "cpu": {{cluster.client.cpu}},
+        "memory": {{cluster.client.memory}},
+        "user_access": true,
+        "passphraseless": "ssh-rsa",
+        "services": {
+            "start": {
+                "cmd": "appctl start"
+            },
+            "stop": {
+                "cmd": "appctl stop"
+            }
+        },
+        "advanced_actions": ["attach_keypairs"]
+    }, {
+        "role": "haproxy",
+        "container": {
+            "type": "lxc",
+            "prefer_type": "lxc",
+            "sriov_nic": true,
+            "zone": "pek3a",
+            "image": "img-uapqdeja"
+        },
+        "instance_class": {{cluster.haproxy.instance_class}},
+        "count": {{cluster.haproxy.count}},
+        "cpu": {{cluster.haproxy.cpu}},
+        "memory": {{cluster.haproxy.memory}},
+        "volume": {
+            "size": {{cluster.haproxy.volume_size}},
+            "mount_point": "/data",
+            "filesystem": "ext4"
+        },
+        "services": {
+            "start": {
+                "order": 1,
+                "cmd": "appctl start"
+            },
+            "stop": {
+                "order": 0,
+                "cmd": "appctl stop"
+            },
+            "restart": {
+                "order": 0,
+                "cmd": "appctl restart"
+            }
+        },
+        "advanced_actions": ["scale_horizontal"],
+        "health_check": {
+            "enable": true,
+            "interval_sec": 60,
+            "timeout_sec": 10,
+            "action_timeout_sec": 30,
+            "healthy_threshold": 2,
+            "unhealthy_threshold": 2,
+            "check_cmd": "appctl check"
+        }, "volume": {
+            "size": {{cluster.haproxy.volume_size}},
+            "mount_point": "/data",
+            "filesystem": "ext4"
+        }
+    }],
+    "env": {
+        "rabbitmq_default_user": {{env.rabbitmq_default_user}},
+        "rabbitmq_default_pass": {{env.rabbitmq_default_pass}},
+        "haproxy_balance_policy": {{env.haproxy_balance_policy}},
+        "haproxy_web_port": {{env.haproxy_web_port}},
+        "haproxy_username": {{env.haproxy_username}},
+        "haproxy_password": {{env.haproxy_password}},
+        "num_tcp_acceptors": {{env.num_tcp_acceptors}},
+        "handshake_timeout": {{env.handshake_timeout}},
+        "reverse_dns_lookups": {{env.reverse_dns_lookups}},
+        "vm_memory_high_watermark": {{env.vm_memory_high_watermark}},
+        "vm_memory_high_watermark_paging_ratio": {{env.vm_memory_high_watermark_paging_ratio}},
+        "disk_free_limit": {{env.disk_free_limit}},
+        "frame_max": {{env.frame_max}},
+        "channel_max": {{env.channel_max}},
+        "heartbeat": {{env.heartbeat}},
+        "collect_statistics": {{env.collect_statistics}},
+        "collect_statistics_interval": {{env.collect_statistics_interval}},
+        "cluster_partition_handling": {{env.cluster_partition_handling}},
+        "cluster_keepalive_interval": {{env.cluster_keepalive_interval}},
+        "background_gc_enabled": {{env.background_gc_enabled}},
+        "background_gc_target_interval": {{env.background_gc_target_interval}},
+        "proxy_protocol": {{env.proxy_protocol}},
+        "tracing_user": {{env.tracing_user}},
+        "web_console_enabled": {{env.web_console_enabled}}
+    },
+    "endpoints": {
+        "client": {
+            "port": 5672,
+            "protocol": "tcp"
+        },
+        "status": {
+            "port": 8100,
+            "protocol": "tcp"
+        },
+        "reserved_ips": {
+            "vip": {
+                "value": ""
+            }
+        }
+    }
+}
\ No newline at end of file
diff --git a/patch/rabbitmq3.8.19_patch_04/configs/config.json b/patch/rabbitmq3.8.19_patch_04/configs/config.json
new file mode 100644
index 0000000..5001978
--- /dev/null
+++ b/patch/rabbitmq3.8.19_patch_04/configs/config.json
@@ -0,0 +1,379 @@
+{
+    "type": "array",
+    "properties": [{
+        "key": "cluster",
+        "description": "RabbitMQ cluster properties",
+        "type": "array",
+        "properties": [{
+            "key": "name",
+            "label": "Name",
+            "description": "The name of the RabbitMQ service",
+            "type": "string",
+            "default": "RabbitMQ",
+            "required": "no"
+        }, {
+            "key": "description",
+            "label": "Description",
+            "description": "The description of the RabbitMQ service",
+            "type": "string",
+            "default": "",
+            "required": "no"
+        }, {
+            "key": "vxnet",
+            "label": "VxNet",
+            "description": "Choose a vxnet to join",
+            "type": "string",
+            "default": "",
+            "required": "yes"
+        },  {
+            "key": "etcd_service",
+            "label": "etcd",
+            "description": "Choose a etcd to use",
+            "type": "service",
+            "tag": ["ETCD", "etcd"],
+            "limits": {
+                "app-fdyvu2wk": ["appv-52759jdc", "appv-h1n2681n"]
+            },
+            "default": "",
+            "required": "yes"
+        },  {
+            "key": "resource_group",
+            "label": "Resource Configuration",
+            "description": "Test: 3 disc nodes with 1 HAProxy node; Prod: 3 disc nodes with 2 HAProxy nodes",
+            "type": "string",
+            "default": "Prod",
+            "range": ["Test", "Prod"]
+        }, {
+            "key": "disc",
+            "label": "Disc Node",
+            "description": "Disc Node",
+            "type": "array",
+            "properties": [{
+                "key": "cpu",
+                "label": "CPU",
+                "description": "CPUs of each node",
+                "type": "integer",
+                "default": 1,
+                "range": [1, 2, 4, 8, 16, 32],
+                "resource_group": [1, 2],
+                "required": "yes"
+            }, {
+                "key": "memory",
+                "label": "Memory",
+                "description": "Memory of each node",
+                "type": "integer",
+                "default": 1024,
+                "range": [1024, 2048, 4096, 8192, 16384, 32768, 49152, 65536, 131072],
+                "resource_group": [1024, 4096],
+                "required": "yes"
+            }, {
+                "key": "instance_class",
+                "label": "Instance Class",
+                "description": "",
+                "type": "integer",
+                "default": 101,
+                "range": [101, 202],
+                "resource_group": [101, 202],
+                "required": "yes"
+            }, {
+                "key": "volume_size",
+                "label": "Volume Size",
+                "description": "The volume size for each instance",
+                "type": "integer",
+                "auto_scale_step": 10,
+                "min": 10,
+                "max": 1000,
+                "default": 10,
+                "required": "yes"
+            }, {
+                "key": "count",
+                "label": "Count",
+                "description": "Disc Node Count",
+                "type": "integer",
+                "auto_scale_step": 1,
+                "default": 3,
+                "min": 3,
+                "max": 100,
+                "required": "yes"
+            }]
+        }, {
+            "key": "client",
+            "label": "client Node",
+            "description": "client Node",
+            "type": "array",
+            "properties": [{
+                "key": "cpu",
+                "label": "CPU",
+                "description": "CPUs of each node",
+                "type": "integer",
+                "default": 1,
+                "range": [1, 2, 4, 8, 16, 32],
+                "required": "yes"
+            }, {
+                "key": "memory",
+                "label": "Memory",
+                "description": "Memory of each node",
+                "type": "integer",
+                "default": 1024,
+                "range": [1024, 2048, 4096, 8192, 16384, 32768, 49152, 65536, 131072],
+                "required": "yes"
+            }, {
+                "key": "instance_class",
+                "label": "Instance Class",
+                "description": "",
+                "type": "integer",
+                "default": 101,
+                "range": [101, 202],
+                "required": "yes"
+            }, {
+                "key": "count",
+                "label": "Count",
+                "description": "Client Node Count",
+                "type": "integer",
+                "default": 1,
+                "min": 1,
+                "required": "yes"
+            }]
+        }, {
+            "key": "haproxy",
+            "label": "Haproxy+Keepalived",
+            "description": "Haproxy+Keepalived",
+            "type": "array",
+            "properties": [{
+                "key": "cpu",
+                "label": "CPU",
+                "description": "CPUs of each node",
+                "type": "integer",
+                "default": 1,
+                "range": [1, 2, 4, 8, 16, 32],
+                "resource_group": [1, 2],
+                "required": "yes"
+            }, {
+                "key": "memory",
+                "label": "Memory",
+                "description": "Memory of each node",
+                "type": "integer",
+                "default": 1024,
+                "range": [1024, 2048, 4096, 8192, 16384, 32768, 49152, 65536, 131072],
+                "resource_group": [1024, 2048],
+                "required": "yes"
+            }, {
+                "key": "instance_class",
+                "label": "Instance Class",
+                "description": "",
+                "type": "integer",
+                "default": 101,
+                "range": [101, 202],
+                "required": "yes"
+            }, {
+                "key": "volume_size",
+                "label": "Volume Size",
+                "description": "The volume size for each instance",
+                "type": "integer",
+                "auto_scale_step": 10,
+                "min": 10,
+                "max": 1000,
+                "default": 10,
+                "required": "yes"
+            }, {
+                "key": "count",
+                "label": "Count",
+                "description": "Haproxy HA Node Count",
+                "type": "integer",
+                "min": 2,
+                "max": 100,
+                "default": 2,
+                "required": "yes"
+            }]
+        }
+    ]
+    }, {
+        "key": "env",
+        "description": "RabbitMQ service properties",
+        "type": "array",
+        "properties": [{
+            "key": "rabbitmq_default_user",
+            "label": "rabbitmq_default_user",
+            "description": "rabbitmq_user",
+            "type": "string",
+            "default": "guest",
+            "required": "yes",
+            "changeable": false
+        }, {
+            "key": "rabbitmq_default_pass",
+            "label": "rabbitmq_default_pass",
+            "description": "rabbitmq_pass",
+            "type": "password",
+            "pattern": "^([^'\"]{1,})$",
+            "required": "yes"
+        }, {
+            "key": "haproxy_balance_policy",
+            "label": "haproxy_balance_policy",
+            "description": "haproxy balance policy",
+            "type": "string",
+            "default": "roundrobin",
+            "required": "no",
+            "range": ["roundrobin", "leastconn", "static-rr", "source", "uri", "url_param"]
+        }, {
+            "key": "haproxy_web_port",
+            "label": "haproxy_web_port",
+            "description": "haproxy web port",
+            "type": "integer",
+            "default": 8100,
+            "required": "no"
+        }, {
+            "key": "haproxy_username",
+            "label": "haproxy_username",
+            "description": "haproxy web login username",
+            "type": "string",
+            "default": "haproxy",
+            "required": "no"
+        }, {
+            "key": "haproxy_password",
+            "label": "haproxy_password",
+            "description": "haproxy web login passwd",
+            "type": "password",
+            "changeable":true,
+            "default": "haproxy",
+            "pattern": "^([a-zA-Z0-9_!#%^&*()./;]{6,}|)$",
+            "required": "no"
+        }, {
+            "key": "num_tcp_acceptors",
+            "label": "num_tcp_acceptors",
+            "description": "Number of Erlang processes that will accept connections for the TCP listeners",
+            "type": "integer",
+            "default": 10,
+            "min": 10,
+            "max": 200,
+            "required": "no"
+        }, {
+            "key": "handshake_timeout",
+            "label": "handshake_timeout",
+            "description": "Maximum time for AMQP 0-8/0-9/0-9-1 handshake (after socket connection and SSL handshake), in milliseconds",
+            "type": "integer",
+            "default": 10000,
+            "min": 5000,
+            "required": "no"
+        }, {
+            "key": "vm_memory_high_watermark",
+            "label": "vm_memory_high_watermark",
+            "description": "Memory threshold at which the flow control is triggered",
+            "type": "number",
+            "default": 0.4,
+            "range": [0.3,0.4,0.5,0.6,0.7],
+            "required": "no"
+        }, {
+            "key": "vm_memory_high_watermark_paging_ratio",
+            "label": "vm_memory_high_watermark_paging_ratio",
+            "description": "Fraction of the high watermark limit at which queues start to page messages out to disc to free up memory",
+            "type": "number",
+            "default": 0.5,
+            "range": [0.3,0.4,0.5,0.6,0.7],
+            "required": "no"
+        }, {
+            "key": "disk_free_limit",
+            "label": "disk_free_limit",
+            "description": "Disk free space (in bytes) limit of the partition on which RabbitMQ is storing data",
+            "type": "integer",
+            "default": 524288000,
+            "required": "no"
+        }, {
+            "key": "frame_max",
+            "label": "frame_max",
+            "description": "Maximum permissible size of a frame (in bytes) to negotiate with clients,setting to 0 means unlimited but will trigger a bug in some QPid clients. Setting a larger value may improve throughput; setting a smaller value may improve latency",
+            "type": "integer",
+            "default": 131072,
+            "required": "no"
+        }, {
+            "key": "channel_max",
+            "label": "channel_max",
+            "description": "Maximum permissible number of channels to negotiate with clients. Setting to 0 means unlimited. Using more channels increases memory footprint of the broker.",
+            "type": "integer",
+            "default": 0,
+            "required": "no"
+        }, {
+            "key": "heartbeat",
+            "label": "heartbeat",
+            "description": "Value representing the heartbeat delay, in seconds, that the server sends in the connection.tune frame",
+            "type": "integer",
+            "default": 60,
+            "required": "no"
+        }, {
+            "key": "collect_statistics",
+            "label": "collect_statistics",
+            "description": "Statistics collection mode. Primarily relevant for the management plugin",
+            "type": "string",
+            "range": ["none","coarse","fine"],
+            "default": "none",
+            "required": "no"
+        }, {
+            "key": "collect_statistics_interval",
+            "label": "collect_statistics_interval",
+            "description": "Statistics collection interval in milliseconds. Primarily relevant for the management plugin",
+            "type": "integer",
+            "default": 5000,
+            "required": "no"
+        }, {
+            "key": "cluster_partition_handling",
+            "label": "cluster_partition_handling",
+            "description": "How to handle network partitions",
+            "type": "string",
+            "range": ["ignore","pause_minority","autoheal"],
+            "default": "pause_minority",
+            "required": "no"
+        }, {
+            "key": "cluster_keepalive_interval",
+            "label": "cluster_keepalive_interval",
+            "description": "How frequently nodes should send keepalive messages to other nodes (in milliseconds)",
+            "type": "integer",
+            "default": 10000,
+            "required": "no"
+        }, {
+            "key": "background_gc_target_interval",
+            "label": "background_gc_target_interval",
+            "description": "The actual interval will vary depending on how long it takes to execute the operation",
+            "type": "integer",
+            "min": 30000,
+            "default": 60000,
+            "required": "no"
+        }, {
+            "key": "background_gc_enabled",
+            "label": "background_gc_enabled",
+            "description": "Disabling background GC may reduce latency for client operations, keeping it enabled may reduce median RAM usage",
+            "type": "boolean",
+            "default": false,
+            "range": [true, false],
+            "required": "no"
+        }, {
+            "key": "reverse_dns_lookups",
+            "label": "reverse_dns_lookups",
+            "description": "Set to true to have RabbitMQ perform a reverse DNS lookup on client connections, and present that information through rabbitmqctl and the management plugin",
+            "type": "boolean",
+            "default": false,
+            "range": [true, false],
+            "required": "no"
+        }, {
+            "key": "tracing_user",
+            "label": "tracing_user",
+            "description": "The name of a user as which to create the tracing queues and bindings",
+            "type": "string",
+            "default": "guest",
+            "required": "no"
+        }, {
+            "key": "proxy_protocol",
+            "label": "proxy_protocol",
+            "description": "Whether or not to enable proxy protocol support. Once enabled, clients cannot directly connect to the broker anymore. They must connect through a load balancer that sends theproxy protocol header to the broker at connection time.This setting applies only to AMQP clients, other protocolslike MQTT or STOMP have their own setting to enable proxy protocol. See the plugins documentation for more information",
+            "type": "boolean",
+            "default": false,
+            "range": [true, false],
+            "required": "no"
+        }, {
+            "key": "web_console_enabled",
+            "label": "Switch of log web console",
+            "description": "Whether to enable log web console",
+            "type": "boolean",
+            "default": true,
+            "required": "no"
+        }]
+    }]
+}
diff --git a/patch/rabbitmq3.8.19_patch_04/configs/locale/en.json b/patch/rabbitmq3.8.19_patch_04/configs/locale/en.json
new file mode 100644
index 0000000..8b68d99
--- /dev/null
+++ b/patch/rabbitmq3.8.19_patch_04/configs/locale/en.json
@@ -0,0 +1,6 @@
+{
+    "Sockets Used": "Percentage of file descriptors used as sockets",
+    "Fd Used": "Percentage of file descriptors used as sockets",
+    "Proc Used": "Erlang running number",
+    "Run Queue": "Erlang waiting number"
+}
diff --git a/patch/rabbitmq3.8.19_patch_04/configs/locale/zh-cn.json b/patch/rabbitmq3.8.19_patch_04/configs/locale/zh-cn.json
new file mode 100644
index 0000000..9e7c83a
--- /dev/null
+++ b/patch/rabbitmq3.8.19_patch_04/configs/locale/zh-cn.json
@@ -0,0 +1,75 @@
+{
+    "Name": "名称",
+    "Description": "描述",
+    "RabbitMQ cluster propertie": "RabbitMQ 集群",
+    "The name of the RabbitMQ service": "RabbitMQ 服务名称",
+    "The description of the RabbitMQ service": "RabbitMQ 服务描述",
+    "rabbitmq_user": "Rabbitmq网页控制台管理员用户名(此项配置后不可修改，请谨慎操作）",
+    "rabbitmq_pass": "Rabbitmq网页控制台默认管理员用户密码",
+    "VxNet": "私有网络",
+    "Test": "测试环境",
+    "Prod": "生产环境",
+    "Test: 3 disc nodes with 1 HAProxy node; Prod: 3 disc nodes with 2 HAProxy nodes": "测试环境：1核1G磁盘节点 x 3 ，1核1G客户端节点 x 1，1核1G负载均衡节点 x 2；生产环境：2核4G超高性能型磁盘节点 x 3，1核1G客户端节点 x 1，2核2G负载均衡节点 x 2",
+    "Memory of each node": "每个节点的内存",
+    "The volume size for each instance": "每个实例的磁盘大小",
+    "Choose a vxnet to join": "选择要加入的私有网络",
+    "CPU": "CPU",
+    "CPUs of each node": "每个节点的 CPU 数量",
+    "Memory": "内存",
+    "Memory of each node ": "每个节点的内存数量",
+    "Instance Class": "主机类型",
+    "RabbitMQ Node": "RabbitMQ 节点",
+    "RabbitMQ Node Count": "RabbitMQ 节点数量",
+    "Node Count": "节点数量",
+    "Number of nodes for the cluster to create": "要创建的节点数量",
+    "Volume Size": "存储容量",
+    "The volume size for each node": "每个节点的存储容量",
+    "instance class": "实例类型",
+    "count" : "个",
+    "Count" : "节点个数",
+    "Sockets Used": "Sockets 句柄数",
+    "Fd Used": "文件句柄数",
+    "Proc Used": "Broker 子进程数",
+    "Run Queue": "正在等待的 Erlang 进程数",
+    "Mem Used": "RabbitMQ 内存占用 (MB)",
+    "Haproxy+Keepalived": "负载均衡器",
+    "roundrobin": "轮询",
+    "leastconn": "最小连接",
+    "static-rr": "静态权重",
+    "source": "IP 哈希",
+    "uri": "uri 哈希",
+    "client Node": "client 节点",
+    "Disc Node Count": "磁盘节点个数",
+    "Client Node Count": "client 节点个数",
+    "haproxy web port": "haproxy 监控界面端口",
+    "haproxy web login usernam": "haproxy 监控界面用户名",
+    "haproxy web login passwd": "haproxy 监控界面密码",
+    "url_param": "url_param 哈希",
+    "haproxy balance policy": "负载均衡策略(roundrobin:轮询, leastconn:最小连接, static-rr:静态权重, source:IP 哈希, uri:uri 哈希, url_param:url_param 哈希)",
+    "Haproxy HA Node Count": "负载均衡器高可用节点个数",
+    "Disc Node": "磁盘节点",
+    "Number of Erlang processes that will accept connections for the TCP listeners": "接受TCP侦听器连接的Erlang进程数",
+    "Maximum time for AMQP 0-8/0-9/0-9-1 handshake (after socket connection and SSL handshake), in milliseconds": "AMQP 0-8/0-9/0-9-1 handshake (在 socket 连接和SSL 握手之后）的最大时间, 单位为毫秒",
+    "Memory threshold at which the flow control is triggered": "流程控制触发的内存阀值",
+    "Fraction of the high watermark limit at which queues start to page messages out to disc to free up memory": "高水位限制的分数，当达到阀值时，队列中消息会转移到磁盘上以释放内存",
+    "Disk free space (in bytes) limit of the partition on which RabbitMQ is storing data": "RabbitMQ存储数据分区的可用磁盘空间限制．当可用空间值低于阀值时，流程控制将被触发.默认情况下，可用磁盘空间必须超过50MB，默认值为500MB",
+    "Maximum permissible size of a frame (in bytes) to negotiate with clients,setting to 0 means unlimited but will trigger a bug in some QPid clients. Setting a larger value may improve throughput; setting a smaller value may improve latency": "与客户端协商的允许最大frame大小. 设置为０表示无限制，但在某些QPid客户端会引发bug. 设置较大的值可以提高吞吐量;设置一个较小的值可能会提高延迟",
+    "Maximum permissible number of channels to negotiate with clients. Setting to 0 means unlimited. Using more channels increases memory footprint of the broker.": "与客户端协商的允许最大chanel大小. 设置为０表示无限制．该数值越大，则broker使用的内存就越高",
+    "Value representing the heartbeat delay, in seconds, that the server sends in the connection.tune frame": "表示心跳延迟(单位为秒) ，服务器将在connection.tune frame中发送.如果设置为 0, 心跳将被禁用. 客户端可以不用遵循服务器的建议,禁用心跳可以在有大量连接的场景中提高性能，但可能会造成关闭了非活动连接的网络设备上的连接落下",
+    "Statistics collection mode. Primarily relevant for the management plugin": "统计收集模式。主要与管理插件相关",
+    "Statistics collection interval in milliseconds. Primarily relevant for the management plugin": "统计收集时间间隔(毫秒为单位)． 主要针对于 management plugin",
+    "How to handle network partitions": "如何处理网络分区",
+    "How frequently nodes should send keepalive messages to other nodes (in milliseconds)": "节点向其它节点发送存活消息和频率(毫秒). 注意，这与 net_ticktime是不同的; 丢失存活消息不会引起节点掉线",
+    "The actual interval will vary depending on how long it takes to execute the operation": "GC 实际间隔将根据执行操作所需的时间而有所不同",
+    "The name of a user as which to create the tracing queues and bindings": "用于创建追踪队列的用户",
+    "Disabling background GC may reduce latency for client operations, keeping it enabled may reduce median RAM usage": "是否启用 GC，开启或许可以减少内存使用",
+    "Set to true to have RabbitMQ perform a reverse DNS lookup on client connections, and present that information through rabbitmqctl and the management plugin": "设置为true,可让客户端在连接时让RabbitMQ 执行一个反向DNS查找, 然后通过 rabbitmqctl 和 管理插件来展现信息",
+    "Whether or not to enable proxy protocol support. Once enabled, clients cannot directly connect to the broker anymore. They must connect through a load balancer that sends theproxy protocol header to the broker at connection time.This setting applies only to AMQP clients, other protocolslike MQTT or STOMP have their own setting to enable proxy protocol. See the plugins documentation for more information": "是否启用代理协议支持。一旦启用，客户端就不能直接连接到代理了。他们必须通过负载平衡器连接，此设置仅适用于AMQP客户端，其他协议类型的MQTT或STOMP有自己的设置来启用代理协议。有关更多信息，请参阅插件文档",
+    "err_code240": "扩容失败，请检查集群状态",
+    "err_code241": "节点状态不正常，请检查集群状态",
+    "err_code242": "删除过多内存节点和磁盘节点，pause_minority 模式下每次仅允许删除小于总数的 1/2 个节点",
+    "err_code243": "节点磁盘使用率超过 30%，剩余空间不足或导致升级失败，请先扩容",
+    "Whether to enable log web console": "日志管理控制台开关，true=开启，默认开启",
+    "notice_when_upgrade": "1. 如果集群使用了优先队列 (priority queue)，请根据 [文档](https://docs.qingcloud.com/product/middware/rabbitmq/index] 进行操作，否则会导致此类队列里的数据**全部丢失**；\n 2. 若集群中缓存有大量消息数据，升级将极为耗时，单核 1G 内存的节点 10G 数据需要 30 分钟，数据越多速度越慢，建议业务低谷时队列基本为空时操作；\n 3. 每个节点磁盘使用率不得超过 30%，剩余空间不足会导致升级失败。",
+    "etcd": "etcd外部服务"
+}
diff --git a/patch/rabbitmq3.8.19_patch_04/configs/patch.json b/patch/rabbitmq3.8.19_patch_04/configs/patch.json
new file mode 100644
index 0000000..74154cb
--- /dev/null
+++ b/patch/rabbitmq3.8.19_patch_04/configs/patch.json
@@ -0,0 +1,26 @@
+{
+    "patch_policy": ["appp-avpy7pbs"],
+    "patch_nodes": [{
+        "container": {
+            "snapshot": "ss-j2d9vegn",
+            "zone": "pek3a"
+        },
+        "patch": [{
+            "mount_role": "haproxy",
+            "mount_point": "/patch",
+            "mount_options": "defaults,noatime",
+            "filesystem": "ext4",
+            "cmd": "/patch/patch_haproxy.sh"
+        }],
+        "rollback": [{
+            "mount_role": "haproxy",
+            "mount_point": "/patch",
+            "mount_options": "defaults,noatime",
+            "filesystem": "ext4",
+            "cmd": "/patch/rollback_haproxy.sh"
+        }]
+    }]
+}
+
+
+
diff --git a/patch/rabbitmq3.8.19_patch_04/configs/replace_policy.json b/patch/rabbitmq3.8.19_patch_04/configs/replace_policy.json
new file mode 100644
index 0000000..94a3c13
--- /dev/null
+++ b/patch/rabbitmq3.8.19_patch_04/configs/replace_policy.json
@@ -0,0 +1,283 @@
+{
+    "pek3": {
+        "instance_class": [{
+            "src": "0",
+            "dst": 101
+        }, {
+            "src": "1",
+            "dst": 202
+        }],
+        "volume_class": [{
+            "src": "0",
+            "dst": 100
+        }, {
+            "src": "3",
+            "dst": 200
+        }]
+    },
+    "pek3b": {
+        "instance_class": [{
+            "src": "0",
+            "dst": 101
+        }, {
+            "src": "1",
+            "dst": 202
+        }],
+        "volume_class": [{
+            "src": "0",
+            "dst": 100
+        }, {
+            "src": "3",
+            "dst": 200
+        }]
+    },
+    "pek3c": {
+        "instance_class": [{
+            "src": "0",
+            "dst": 101
+        }, {
+            "src": "1",
+            "dst": 202
+        }],
+        "volume_class": [{
+            "src": "0",
+            "dst": 100
+        }, {
+            "src": "3",
+            "dst": 200
+        }]
+    },
+    "pek3d": {
+        "instance_class": [{
+            "src": "0",
+            "dst": 101
+        }, {
+            "src": "1",
+            "dst": 202
+        }],
+        "volume_class": [{
+            "src": "0",
+            "dst": 100
+        }, {
+            "src": "3",
+            "dst": 200
+        }]
+    },
+    "ap3": {
+        "instance_class": [{
+            "src": "0",
+            "dst": 101
+        }, {
+            "src": "1",
+            "dst": 202
+        }, {
+            "src": "201",
+            "dst": 202
+        }, {
+            "src": "301",
+            "dst": 202
+        }],
+        "volume_class": [{
+            "src": "0",
+            "dst": 100
+        }, {
+            "src": "3",
+            "dst": 200
+        }, {
+            "src": "2",
+            "dst": 6
+        }, {
+            "src": "5",
+            "dst": 6
+        }]
+    },
+    "ap3a": {
+        "instance_class": [{
+            "src": "0",
+            "dst": 101
+        }, {
+            "src": "1",
+            "dst": 202
+        }, {
+            "src": "301",
+            "dst": 202
+        }, {
+            "src": "201",
+            "dst": 202
+        }],
+        "volume_class": [{
+            "src": "0",
+            "dst": 100
+        }, {
+            "src": "3",
+            "dst": 200
+        }, {
+            "src": "2",
+            "dst": 6
+        }, {
+            "src": "5",
+            "dst": 6
+        }]
+    },
+    "sh1": {
+        "instance_class": [{
+            "src": "0",
+            "dst": 101
+        }, {
+            "src": "1",
+            "dst": 202
+        }],
+        "volume_class": [{
+            "src": "0",
+            "dst": 100
+        }, {
+            "src": "3",
+            "dst": 200
+        }]
+    },
+    "sh1a": {
+        "instance_class": [{
+            "src": "0",
+            "dst": 101
+        }, {
+            "src": "1",
+            "dst": 202
+        }],
+        "volume_class": [{
+            "src": "0",
+            "dst": 100
+        }, {
+            "src": "3",
+            "dst": 200
+        }]
+    },
+    "sh1b": {
+        "instance_class": [{
+            "src": "0",
+            "dst": 101
+        }, {
+            "src": "1",
+            "dst": 202
+        }],
+        "volume_class": [{
+            "src": "0",
+            "dst": 100
+        }, {
+            "src": "3",
+            "dst": 200
+        }]
+    },
+    "pek3a": {
+        "instance_class": [{
+            "src": "101",
+            "dst": 0
+        }, {
+            "src": "201",
+            "dst": 1
+        }, {
+            "src": "202",
+            "dst": 1
+        }, {
+            "src": "301",
+            "dst": 1
+        }],
+        "volume_class": [{
+            "src": "100",
+            "dst": 0
+        }, {
+            "src": "200",
+            "dst": 3
+        }, {
+            "src": "5",
+            "dst": 2
+        }, {
+            "src": "6",
+            "dst": 2
+        }]
+    },
+    "ap2a": {
+        "instance_class": [{
+            "src": "0",
+            "dst": 101
+        }, {
+            "src": "1",
+            "dst": 201
+        }, {
+            "src": "202",
+            "dst": 201
+        }, {
+            "src": "301",
+            "dst": 201
+        }],
+        "volume_class": [{
+            "src": "5",
+            "dst": 2
+        }, {
+            "src": "6",
+            "dst": 2
+        }, {
+            "src": "0",
+            "dst": 100
+        }, {
+            "src": "3",
+            "dst": 200
+        }]
+    },
+    "gd2": {
+        "instance_class": [{
+            "src": "0",
+            "dst": 101
+        }, {
+            "src": "1",
+            "dst": 201
+        }, {
+            "src": "202",
+            "dst": 201
+        }],
+        "volume_class": [{
+            "src": "0",
+            "dst": 100
+        }, {
+            "src": "3",
+            "dst": 200
+        }]
+    },
+    "gd2a": {
+        "instance_class": [{
+            "src": "0",
+            "dst": 101
+        }, {
+            "src": "1",
+            "dst": 201
+        }, {
+            "src": "202",
+            "dst": 201
+        }],
+        "volume_class": [{
+            "src": "0",
+            "dst": 100
+        }, {
+            "src": "3",
+            "dst": 200
+        }]
+    },
+    "gd2b": {
+        "instance_class": [{
+            "src": "0",
+            "dst": 101
+        }, {
+            "src": "1",
+            "dst": 201
+        }, {
+            "src": "202",
+            "dst": 201
+        }],
+        "volume_class": [{
+            "src": "0",
+            "dst": 100
+        }, {
+            "src": "3",
+            "dst": 200
+        }]
+    }
+}
\ No newline at end of file
diff --git a/patch/rabbitmq3.8.19_patch_04/scripts/keepalived.sh.tmpl b/patch/rabbitmq3.8.19_patch_04/scripts/keepalived.sh.tmpl
new file mode 100644
index 0000000..fdabb53
--- /dev/null
+++ b/patch/rabbitmq3.8.19_patch_04/scripts/keepalived.sh.tmpl
@@ -0,0 +1,119 @@
+#!/usr/bin/env bash
+
+set -eo pipefail
+
+myPath="$0"
+
+cleanUp() {
+  local rc=$?
+  [ "$rc" -eq 0 ] || echo "# Failed ($rc)! Please check confd logs." >> $myPath
+  return $rc
+}
+
+trap cleanUp EXIT
+
+rotate() {
+  local path=$1 maxFilesCount=5
+  for i in $(seq 1 $maxFilesCount | tac); do
+    if [ -f "${path}.$i" ]; then mv ${path}.$i ${path}.$(($i+1)); fi
+  done
+  if [ -f "$path" ]; then cp $path ${path}.1; fi
+}
+
+flush() {
+  local targetFile=$1
+  if [ -n "$targetFile" ]; then
+    rotate $targetFile
+    cat > $targetFile -
+  else
+    cat -
+  fi
+}
+
+applyEnvs() {
+  local -r envFile=/opt/app/bin/envs/confd.env
+  if [ -f "$envFile" ]; then . $envFile; fi
+  local -r nodeEnvFile=/opt/app/bin/envs/nodectl.env
+  if [ -f "$nodeEnvFile" ]; then . $nodeEnvFile; fi
+}
+
+applyEnvs
+
+flush /etc/keepalived/keepalived.conf << KEEPALIVED_EOF
+{{ $replicaIPs := split (getv "/cluster/endpoints/reserved_ips/vip/value") "." }}
+global_defs {
+}
+
+vrrp_script check_haproxy {
+  script "/usr/bin/killall -0 haproxy"
+  interval 2
+  weight 2
+}
+
+vrrp_instance HAProxy_HA {
+  state BACKUP
+  interface eth0
+  virtual_router_id {{ index $replicaIPs 3 }}
+  priority {{ getv "/host/sid" }}
+  advert_int 2
+  nopreempt
+  unicast_src_ip {{ getv "/host/ip" }}
+  authentication {
+    auth_type PASS
+    auth_pass pwd
+  }
+
+  virtual_ipaddress { #set VIP
+    {{ getv "/cluster/endpoints/reserved_ips/vip/value" }}/32
+  }
+
+  track_script {
+    check_haproxy
+  }
+}
+
+KEEPALIVED_EOF
+
+flush /opt/keepalived/current/etc/sysconfig/keepalived << 'KEEPALIVED_SYSCONFIG_EOF'
+
+# Options for keepalived. See `keepalived --help' output and keepalived(8) and
+# keepalived.conf(5) man pages for a list of all options. Here are the most
+# common ones :
+#
+# --vrrp               -P    Only run with VRRP subsystem.
+# --check              -C    Only run with Health-checker subsystem.
+# --dont-release-vrrp  -V    Dont remove VRRP VIPs & VROUTEs on daemon stop.
+# --dont-release-ipvs  -I    Dont remove IPVS topology on daemon stop.
+# --dump-conf          -d    Dump the configuration data.
+# --log-detail         -D    Detailed log messages.
+# --log-facility       -S    0-7 Set local syslog facility (default=LOG_DAEMON)
+#
+
+KEEPALIVED_OPTIONS="-D -d -S 0"
+
+KEEPALIVED_SYSCONFIG_EOF
+
+{{- if getvs "/host/role" | filter "haproxy" }}
+mkdir -p ${DATA_MOUNTS}/log/keepalivd/
+chmod 777 ${DATA_MOUNTS}/log/keepalivd/
+flush /etc/rsyslog.d/49-keepalived.conf << KEEPALIVED_LOG_EOF
+
+if \$programname startswith 'Keepalived' then ${DATA_MOUNTS}/log/keepalivd/keepalived.log
+&stop
+
+KEEPALIVED_LOG_EOF
+{{- end }}
+
+flush /etc/logrotate.d/keepalived << LOGROTATE_EOF
+${DATA_MOUNTS}/log/keepalived/keepalived.log {
+    daily
+    rotate 20
+    missingok
+    notifempty
+    compress
+    delaycompress
+    postrotate
+        invoke-rc.d rsyslog rotate >/dev/null 2>&1 || true
+    endscript
+}
+LOGROTATE_EOF
\ No newline at end of file
diff --git a/patch/rabbitmq3.8.19_patch_04/scripts/keepalived.sh.tmpl.bak b/patch/rabbitmq3.8.19_patch_04/scripts/keepalived.sh.tmpl.bak
new file mode 100644
index 0000000..d22f27b
--- /dev/null
+++ b/patch/rabbitmq3.8.19_patch_04/scripts/keepalived.sh.tmpl.bak
@@ -0,0 +1,119 @@
+#!/usr/bin/env bash
+
+set -eo pipefail
+
+myPath="$0"
+
+cleanUp() {
+  local rc=$?
+  [ "$rc" -eq 0 ] || echo "# Failed ($rc)! Please check confd logs." >> $myPath
+  return $rc
+}
+
+trap cleanUp EXIT
+
+rotate() {
+  local path=$1 maxFilesCount=5
+  for i in $(seq 1 $maxFilesCount | tac); do
+    if [ -f "${path}.$i" ]; then mv ${path}.$i ${path}.$(($i+1)); fi
+  done
+  if [ -f "$path" ]; then cp $path ${path}.1; fi
+}
+
+flush() {
+  local targetFile=$1
+  if [ -n "$targetFile" ]; then
+    rotate $targetFile
+    cat > $targetFile -
+  else
+    cat -
+  fi
+}
+
+applyEnvs() {
+  local -r envFile=/opt/app/bin/envs/confd.env
+  if [ -f "$envFile" ]; then . $envFile; fi
+  local -r nodeEnvFile=/opt/app/bin/envs/nodectl.env
+  if [ -f "$nodeEnvFile" ]; then . $nodeEnvFile; fi
+}
+
+applyEnvs
+
+flush /etc/keepalived/keepalived.conf << KEEPALIVED_EOF
+{{ $replicaIPs := split (getv "/cluster/endpoints/reserved_ips/vip/value") "." }}
+global_defs {
+}
+
+vrrp_script check_haproxy {
+  script "/usr/bin/killall -0 haproxy"
+  interval 2
+  weight 2
+}
+
+vrrp_instance HAProxy_HA {
+  state BACKUP
+  interface eth0
+  virtual_router_id {{ index $replicaIPs 3 }}
+  priority {{ getv "/host/sid" }}
+  advert_int 2
+  nopreempt
+  unicast_src_ip {{ getv "/host/ip" }}
+  authentication {
+    auth_type PASS
+    auth_pass pwd
+  }
+
+  virtual_ipaddress { #set VIP
+    {{ getv "/cluster/endpoints/reserved_ips/vip/value" }}/24
+  }
+
+  track_script {
+    check_haproxy
+  }
+}
+
+KEEPALIVED_EOF
+
+flush /opt/keepalived/current/etc/sysconfig/keepalived << 'KEEPALIVED_SYSCONFIG_EOF'
+
+# Options for keepalived. See `keepalived --help' output and keepalived(8) and
+# keepalived.conf(5) man pages for a list of all options. Here are the most
+# common ones :
+#
+# --vrrp               -P    Only run with VRRP subsystem.
+# --check              -C    Only run with Health-checker subsystem.
+# --dont-release-vrrp  -V    Dont remove VRRP VIPs & VROUTEs on daemon stop.
+# --dont-release-ipvs  -I    Dont remove IPVS topology on daemon stop.
+# --dump-conf          -d    Dump the configuration data.
+# --log-detail         -D    Detailed log messages.
+# --log-facility       -S    0-7 Set local syslog facility (default=LOG_DAEMON)
+#
+
+KEEPALIVED_OPTIONS="-D -d -S 0"
+
+KEEPALIVED_SYSCONFIG_EOF
+
+{{- if getvs "/host/role" | filter "haproxy" }}
+mkdir -p ${DATA_MOUNTS}/log/keepalivd/
+chmod 777 ${DATA_MOUNTS}/log/keepalivd/
+flush /etc/rsyslog.d/49-keepalived.conf << KEEPALIVED_LOG_EOF
+
+if \$programname startswith 'Keepalived' then ${DATA_MOUNTS}/log/keepalivd/keepalived.log
+&stop
+
+KEEPALIVED_LOG_EOF
+{{- end }}
+
+flush /etc/logrotate.d/keepalived << LOGROTATE_EOF
+${DATA_MOUNTS}/log/keepalived/keepalived.log {
+    daily
+    rotate 20
+    missingok
+    notifempty
+    compress
+    delaycompress
+    postrotate
+        invoke-rc.d rsyslog rotate >/dev/null 2>&1 || true
+    endscript
+}
+LOGROTATE_EOF
\ No newline at end of file
diff --git a/patch/rabbitmq3.8.19_patch_04/scripts/patch_haproxy.sh b/patch/rabbitmq3.8.19_patch_04/scripts/patch_haproxy.sh
new file mode 100755
index 0000000..c293c9c
--- /dev/null
+++ b/patch/rabbitmq3.8.19_patch_04/scripts/patch_haproxy.sh
@@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+rm -f /etc/confd/templates/keepalived.sh.tmpl
+cp /patch/keepalived.sh.tmpl /etc/confd/templates/
+service confd restart
+sleep 2s
+systemctl restart keepalived
+
diff --git a/patch/rabbitmq3.8.19_patch_04/scripts/rollback_haproxy.sh b/patch/rabbitmq3.8.19_patch_04/scripts/rollback_haproxy.sh
new file mode 100755
index 0000000..68581b5
--- /dev/null
+++ b/patch/rabbitmq3.8.19_patch_04/scripts/rollback_haproxy.sh
@@ -0,0 +1,6 @@
+#!/bin/bash
+rm -f /etc/confd/templates/keepalived.sh.tmpl
+cp /patch/keepalived.sh.tmpl.bak /etc/confd/templates/keepalived.sh.tmpl
+service confd restart
+sleep 2s
+systemctl restart keepalived

From 88c4c0fad9b3f2a642b41b5e534493807a04cd66 Mon Sep 17 00:00:00 2001
From: zhangpeng <pengzhang@yunify.com>
Date: Mon, 29 Apr 2024 16:19:09 +0800
Subject: [PATCH 40/86] Feature: release 3.12.11

---
 ansible/group_vars/all.yml                    |  8 +--
 ansible/roles/appctl/files/opt/app/bin/ctl.sh |  2 +-
 ansible/roles/confd-files/tasks/main.yml      |  2 +-
 ansible/roles/install/tasks/main.yml          |  2 +-
 .../templates/appctl.sh/01.appctl.env.tmpl    |  5 ++
 ansible/roles/node-all/tasks/main.yml         | 67 ++++++++++++++++++-
 .../templates/haproxy.sh/01.haproxy.cfg.tmpl  | 12 ++--
 .../keepalived.sh/01.keepalived.conf.tmpl     |  7 ++
 .../rabbitmq-server.sh/02.rabbitmq.conf.tmpl  | 19 +++++-
 .../05.enabled-plugins.tmpl                   |  1 -
 .../files/opt/app/bin/node/merge_files.sh     | 52 ++++++++++++++
 .../files/opt/app/bin/node/rabbitmq-node.sh   | 23 +++++++
 ansible/roles/node-rabbitmq/tasks/main.yml    | 10 +--
 app/cluster.json.mustache                     | 15 +++--
 app/config.json                               |  4 +-
 15 files changed, 199 insertions(+), 30 deletions(-)
 create mode 100755 ansible/roles/node-rabbitmq/files/opt/app/bin/node/merge_files.sh

diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml
index eae36a3..a36778f 100644
--- a/ansible/group_vars/all.yml
+++ b/ansible/group_vars/all.yml
@@ -1,5 +1,5 @@
-keepalived_version: 2.0.18
-rabbitmq_version: 3.8.19
+keepalived_version: 2.2.8
+rabbitmq_version: 3.12.11
 local_cache_path: "~/.ansible/cache"
-erlang_solution_version: 1.0
-haproxy_version: 2.0
\ No newline at end of file
+erlang_solution_version: 2.0
+haproxy_version: 2.7
\ No newline at end of file
diff --git a/ansible/roles/appctl/files/opt/app/bin/ctl.sh b/ansible/roles/appctl/files/opt/app/bin/ctl.sh
index 9ae973a..170a3d8 100755
--- a/ansible/roles/appctl/files/opt/app/bin/ctl.sh
+++ b/ansible/roles/appctl/files/opt/app/bin/ctl.sh
@@ -199,7 +199,7 @@ _initNode() {
   rm -rf /data/lost+found
   install -d -o syslog -g svc /data/log/appctl/
   local svc; for svc in $(getServices -a); do initSvc $svc; done
-  echo 'root:Zhu1241jie' | chpasswd
+  echo 'root:zhu1241jie' | chpasswd
   touch $APPCTL_NODE_FILE
 }
 
diff --git a/ansible/roles/confd-files/tasks/main.yml b/ansible/roles/confd-files/tasks/main.yml
index c7f6fc8..c175cf4 100644
--- a/ansible/roles/confd-files/tasks/main.yml
+++ b/ansible/roles/confd-files/tasks/main.yml
@@ -37,4 +37,4 @@
   - src: tmp/confd/templates
     dest: templates
   loop_control:
-    loop_var: path
\ No newline at end of file
+    loop_var: path
diff --git a/ansible/roles/install/tasks/main.yml b/ansible/roles/install/tasks/main.yml
index 6bc844e..2b89787 100644
--- a/ansible/roles/install/tasks/main.yml
+++ b/ansible/roles/install/tasks/main.yml
@@ -81,7 +81,7 @@
   when:
   - extracts
 
-- name: transfer package - {{ pkg_name }}
+- name: transfer package - {{ pkg_name }}0
   copy:
     src: "{{ local_path }}"
     dest: "{{ dest_path }}"
diff --git a/ansible/roles/node-all/files/etc/confd/templates/appctl.sh/01.appctl.env.tmpl b/ansible/roles/node-all/files/etc/confd/templates/appctl.sh/01.appctl.env.tmpl
index 287c3f9..8d65716 100644
--- a/ansible/roles/node-all/files/etc/confd/templates/appctl.sh/01.appctl.env.tmpl
+++ b/ansible/roles/node-all/files/etc/confd/templates/appctl.sh/01.appctl.env.tmpl
@@ -17,6 +17,11 @@ RAM_NODES="$(echo "
 {{ getv (printf "/hosts/ram/%s/sid" .) }}/{{ getv (printf "/hosts/ram/%s/instance_id" .) }}/{{ getv (printf "/hosts/ram/%s/ip" .) }}
 {{- end }}
 " | xargs -n1 | sort -V | xargs)"
+{{ if (exists "/links/etcd_service/cluster/cluster_id") and (ne (getv "/links/etcd_service/cluster/cluster_id")) }}
+PEER_DISCOVERY_BACKEND_TYPE=etcd
+{{ else }}
+PEER_DISCOVERY_BACKEND_TYPE=classic_config
+{{ end }}
 
 APPCTL_ENV_EOF
 
diff --git a/ansible/roles/node-all/tasks/main.yml b/ansible/roles/node-all/tasks/main.yml
index 5b7c584..923ec3e 100644
--- a/ansible/roles/node-all/tasks/main.yml
+++ b/ansible/roles/node-all/tasks/main.yml
@@ -7,4 +7,69 @@
   apt:
     name: [ 'iputils-arping' ]
     state: present
-    update_cache: yes
\ No newline at end of file
+    update_cache: yes
+
+- name: Set net.ipv4.tcp_keepalive_time to 30
+  lineinfile:
+    path: /etc/sysctl.conf
+    line: 'net.ipv4.tcp_keepalive_time=30'
+    regexp: '^net.ipv4.tcp_keepalive_time=3'
+    state: present
+
+- name: Set net.ipv4.tcp_keepalive_intvl to 10
+  lineinfile:
+    path: /etc/sysctl.conf
+    line: 'net.ipv4.tcp_keepalive_intvl=10'
+    regexp: '^net.ipv4.tcp_keepalive_intvl='
+    state: present
+
+- name: Set net.ipv4.tcp_keepalive_probes to 4
+  lineinfile:
+    path: /etc/sysctl.conf
+    line: 'net.ipv4.tcp_keepalive_probes=4'
+    regexp: '^net.ipv4.tcp_keepalive_probes='
+    state: present
+
+- name: Set net.ipv4.ip_local_port_range to 102465023
+  lineinfile:
+    path: /etc/sysctl.conf
+    line: 'net.ipv4.ip_local_port_range=102465023'
+    regexp: '^net.ipv4.ip_local_port_range='
+    state: present
+
+- name: Set net.core.somaxconn to 65535
+  lineinfile:
+    path: /etc/sysctl.conf
+    line: 'net.core.somaxconn=65535'
+    regexp: '^net.core.somaxconn='
+    state: present
+
+- name: Set net.ipv4.icmp_ratelimit to 10
+  lineinfile:
+    path: /etc/sysctl.conf
+    line: 'net.ipv4.icmp_ratelimit=10'
+    regexp: '^net.ipv4.icmp_ratelimit='
+    state: present
+
+- name: Set net.ipv4.tcp_tw_reuse to 0
+  lineinfile:
+    path: /etc/sysctl.conf
+    line: 'net.ipv4.tcp_tw_reuse=0'
+    regexp: '^net.ipv4.tcp_tw_reuse='
+    state: present
+
+- name: Set net.ipv4.tcp_tw_recycle to 0
+  lineinfile:
+    path: /etc/sysctl.conf
+    line: 'net.ipv4.tcp_tw_recycle=0'
+    regexp: '^net.ipv4.tcp_tw_recycle='
+    state: present
+
+- name: update configuration in /etc/rsyslog.conf
+  ansible.builtin.blockinfile:
+    path: /etc/rsyslog.conf
+    block: |
+      $ModLoad imudp
+      $UDPServerAddress 0.0.0.0
+      $UDPServerRun 514
+    marker: "# {mark} ANSIBLE MANAGED BLOCK FOR UDP CONFIG"
\ No newline at end of file
diff --git a/ansible/roles/node-proxy-keepalived/files/etc/confd/templates/haproxy.sh/01.haproxy.cfg.tmpl b/ansible/roles/node-proxy-keepalived/files/etc/confd/templates/haproxy.sh/01.haproxy.cfg.tmpl
index 050aa33..f375518 100644
--- a/ansible/roles/node-proxy-keepalived/files/etc/confd/templates/haproxy.sh/01.haproxy.cfg.tmpl
+++ b/ansible/roles/node-proxy-keepalived/files/etc/confd/templates/haproxy.sh/01.haproxy.cfg.tmpl
@@ -10,7 +10,7 @@ global
   #group nobody
   daemon
   quiet
-  nbproc 20
+  nbthread 20
   pidfile /var/run/haproxy.pid
 
 defaults
@@ -23,9 +23,9 @@ defaults
   retries 3
   option redispatch
   maxconn 65535
-  timeout connect 3s
-  timeout client 90s
-  timeout server 90s
+  timeout connect 5s
+  timeout client 120s
+  timeout server 120s
 
 #front-end IP for consumers and producters
 listen rabbitmq_cluster
@@ -40,9 +40,9 @@ listen rabbitmq_cluster
   balance {{ getv "/env/haproxy_balance_policy" }}
   #rabbitmq cluster node config
   {{- range $dir := lsdir "/hosts/disc" }}{{ $ip := printf "/hosts/disc/%s/ip" $dir }}
-  server rabbit_{{ $dir }} {{ getv $ip }}:5672 check inter 500 rise 2 fall 2 on-marked-down shutdown-sessions {{ end }}
+  server rabbit_{{ $dir }} {{ getv $ip }}:5672 check inter 2000 rise 3 fall 3 on-marked-down shutdown-sessions {{ end }}
   {{- range $dir := lsdir "/hosts/ram" }}{{ $ip := printf "/hosts/ram/%s/ip" $dir }}
-  server rabbit_{{ $dir }} {{ getv $ip }}:5672 check inter 500 rise 2 fall 2 on-marked-down shutdown-sessions {{ end }}
+  server rabbit_{{ $dir }} {{ getv $ip }}:5672 check inter 2000 rise 3 fall 3 on-marked-down shutdown-sessions {{ end }}
 
 #front-end IP for stomp
 listen rabbitmq_cluster_stomp
diff --git a/ansible/roles/node-proxy-keepalived/files/etc/confd/templates/keepalived.sh/01.keepalived.conf.tmpl b/ansible/roles/node-proxy-keepalived/files/etc/confd/templates/keepalived.sh/01.keepalived.conf.tmpl
index 3ac882d..ddd62e6 100644
--- a/ansible/roles/node-proxy-keepalived/files/etc/confd/templates/keepalived.sh/01.keepalived.conf.tmpl
+++ b/ansible/roles/node-proxy-keepalived/files/etc/confd/templates/keepalived.sh/01.keepalived.conf.tmpl
@@ -9,6 +9,12 @@ vrrp_script check_haproxy {
   weight 2
 }
 
+vrrp_script check_haproxy_status {
+  script "nc -zv localhost 5672 > /dev/null"
+  interval 2
+  weight 2
+}
+
 vrrp_instance HAProxy_HA {
   state BACKUP
   interface eth0
@@ -28,6 +34,7 @@ vrrp_instance HAProxy_HA {
 
   track_script {
     check_haproxy
+    check_haproxy_status
   }
 }
 
diff --git a/ansible/roles/node-rabbitmq/files/etc/confd/templates/rabbitmq-server.sh/02.rabbitmq.conf.tmpl b/ansible/roles/node-rabbitmq/files/etc/confd/templates/rabbitmq-server.sh/02.rabbitmq.conf.tmpl
index dcbc73c..a4d9803 100644
--- a/ansible/roles/node-rabbitmq/files/etc/confd/templates/rabbitmq-server.sh/02.rabbitmq.conf.tmpl
+++ b/ansible/roles/node-rabbitmq/files/etc/confd/templates/rabbitmq-server.sh/02.rabbitmq.conf.tmpl
@@ -1,15 +1,17 @@
 {{- if getvs "/host/role" | filter "(disc|ram)" }}
 mkdir -p ${DATA_MOUNTS}/log/rabbitmq
+mkdir -p ${DATA_MOUNTS}/conf/
 {{- end }}
 
 {{- $myRole := getv "/host/role" }}
 
-flush  /etc/rabbitmq/rabbitmq.conf << RABBITMQ_CONF_EOF
+flush  /etc/rabbitmq/rabbitmq.conf.origin << RABBITMQ_CONF_EOF
 background_gc_enabled = {{ getv "/env/background_gc_enabled" "true" }}
 background_gc_target_interval = {{ getv "/env/background_gc_target_interval" "60000" }}
 channel_max = {{ getv "/env/channel_max" "10" }}
 
 # Cluster formation
+{{ if (exists "/links/etcd_service/cluster/cluster_id") and (ne (getv "/links/etcd_service/cluster/cluster_id")) }}
 cluster_formation.peer_discovery_backend = etcd
 {{- $clusterId := getv "/cluster/cluster_id" }}
 {{- $etcdHosts := getvs "/links/etcd_service/hosts/etcd_node/*/ip" }}
@@ -20,6 +22,15 @@ cluster_formation.etcd.key_prefix = /{{ $clusterId }}_prefix
 cluster_formation.etcd.cluster_name = {{ $clusterId }}
 cluster_formation.etcd.node_ttl = 30
 cluster_formation.etcd.lock_timeout = 300
+{{ else }}
+
+cluster_formation.peer_discovery_backend = classic_config
+{{- range  lsdir "/hosts/disc" }}
+cluster_formation.classic_config.nodes.{{ getv (printf "/hosts/disc/%s/sid" .) }}={{ getv (printf "/hosts/disc/%s/instance_id" .) }}
+{{- end }}
+
+{{ end }}
+
 cluster_formation.node_cleanup.only_log_warning = true
 cluster_formation.node_cleanup.interval = 90
 
@@ -56,3 +67,9 @@ default_user_tags.administrator = true
 log.file.level = debug
 RABBITMQ_CONF_EOF
 rabbitmqctl change_password '{{ getv "/env/rabbitmq_default_user" "guest" }}' '{{ getv "/env/rabbitmq_default_pass" "guest" }}' >/dev/null 2>&1||echo
+
+if [ ! -f "${DATA_MOUNTS}/conf/rabbitmq.conf" ]; then
+    touch ${DATA_MOUNTS}/conf/rabbitmq.conf
+fi
+
+/opt/app/bin/node/merge_files.sh /etc/rabbitmq/rabbitmq.conf.origin ${DATA_MOUNTS}/conf/rabbitmq.conf /etc/rabbitmq/rabbitmq.conf
\ No newline at end of file
diff --git a/ansible/roles/node-rabbitmq/files/etc/confd/templates/rabbitmq-server.sh/05.enabled-plugins.tmpl b/ansible/roles/node-rabbitmq/files/etc/confd/templates/rabbitmq-server.sh/05.enabled-plugins.tmpl
index 80163eb..8e01b0b 100644
--- a/ansible/roles/node-rabbitmq/files/etc/confd/templates/rabbitmq-server.sh/05.enabled-plugins.tmpl
+++ b/ansible/roles/node-rabbitmq/files/etc/confd/templates/rabbitmq-server.sh/05.enabled-plugins.tmpl
@@ -4,7 +4,6 @@ flush /etc/rabbitmq/enabled_plugins << ENABLED_PLUGINS_EOF
   rabbitmq_delayed_message_exchange,
 {{- end }}
   rabbitmq_management,
-  rabbitmq_peer_discovery_etcd,
   rabbitmq_mqtt,
   rabbitmq_shovel,
   rabbitmq_shovel_management,
diff --git a/ansible/roles/node-rabbitmq/files/opt/app/bin/node/merge_files.sh b/ansible/roles/node-rabbitmq/files/opt/app/bin/node/merge_files.sh
new file mode 100755
index 0000000..02919cd
--- /dev/null
+++ b/ansible/roles/node-rabbitmq/files/opt/app/bin/node/merge_files.sh
@@ -0,0 +1,52 @@
+#!/bin/bash
+
+# 使用方法提示
+usage() {
+  echo "Usage: $0 <file1> <file2> <outputfile>"
+  exit 1
+}
+
+# 检查参数数量
+if [ "$#" -ne 3 ]; then
+  usage
+fi
+
+# 赋值参数到变量
+file1="$1"
+file2="$2"
+outputfile="$3"
+
+# 清理并合并两个文件
+merge_files() {
+  # 清理第一个文件并写入输出文件
+  sed 's/[[:space:]]*=[[:space:]]*/=/' "$file1" > "$outputfile"
+
+  # 逐行读取第二个文件
+  while IFS= read -r line; do
+    # 清理空格
+    clean_line=$(echo "$line" | sed 's/[[:space:]]*=[[:space:]]*/=/')
+    # 提取key
+    key=$(echo "$clean_line" | cut -d '=' -f 1)
+
+    # 检查键是否已经在输出文件中
+    if ! grep -q "^${key}=" "$outputfile"; then
+      # 如果不在，追加到输出文件中
+      echo "$clean_line" >> "$outputfile"
+    fi
+  done < <(sed 's/[[:space:]]*=[[:space:]]*/=/' "$file2")
+}
+
+# 检查文件是否存在并合并
+if [ -f "$file1" ] && [ -f "$file2" ]; then
+  merge_files
+  echo "Files $file1 and $file2 have been merged into $outputfile."
+elif [ -f "$file1" ]; then
+  sed 's/[[:space:]]*=[[:space:]]*/=/' "$file1" > "$outputfile"
+  echo "File $file1 has been copied to $outputfile as file $file2 does not exist."
+elif [ -f "$file2" ]; then
+  sed 's/[[:space:]]*=[[:space:]]*/=/' "$file2" > "$outputfile"
+  echo "File $file2 has been copied to $outputfile as file $file1 does not exist."
+else
+  echo "Neither $file1 nor $file2 exist."
+  exit 1
+fi
\ No newline at end of file
diff --git a/ansible/roles/node-rabbitmq/files/opt/app/bin/node/rabbitmq-node.sh b/ansible/roles/node-rabbitmq/files/opt/app/bin/node/rabbitmq-node.sh
index 911f11f..184e8ad 100644
--- a/ansible/roles/node-rabbitmq/files/opt/app/bin/node/rabbitmq-node.sh
+++ b/ansible/roles/node-rabbitmq/files/opt/app/bin/node/rabbitmq-node.sh
@@ -24,6 +24,17 @@ stop() {
   #https://www.rabbitmq.com/clustering.html#restarting
   #the last node to go down is the only one that didn't have any running peers at the time of shutdown.
   #sometimes the last node to stop must be the first node to be started after the upgrade.
+  if [[ ${PEER_DISCOVERY_BACKEND_TYPE} == "classic_config" ]];then
+    local i; for i in ${LEAVING_MQ_NODES}; do DISC_NODES="${DISC_NODES//${i}/}"; done
+    #In case /hosts /deleting-hosts update are not synchronized
+    local firstDiscNode; firstDiscNode="$(echo ${DISC_NODES} | awk -F/ '{print $2}')";
+    if [[ "${MY_INSTANCE_ID}" == "${firstDiscNode}" ]]; then
+      log "INFO: Wait until all other Disc nodes are stopped  . "
+      retry 20 3 0 checkOnlyNodeRunning "${firstDiscNode}" #notice return
+      log "INFO: The other Disc nodes have all stopped  . "
+    fi
+  fi
+
   log "INFO: Application is asked to stop . "
   _stop || (log "ERROR: services in Node ${MY_INSTANCE_ID} failed to stop  . " && return 1)
   log "INFO: Application stopped successfully  . "
@@ -31,7 +42,17 @@ stop() {
 
 start() {
   log "INFO: Application is asked to start . "
+  if [[ ${PEER_DISCOVERY_BACKEND_TYPE} == "classic_config" ]];then
+    local firstDiscNode; firstDiscNode="$(echo ${DISC_NODES} | awk -F/ '{print $2}')";
+    if [[ "${MY_INSTANCE_ID}" != "${firstDiscNode}" ]]; then # wait for first disc node prepare tables
+      retry 15 5 0 checkEndpoint "http:15672" "${firstDiscNode}"
+    fi
+  fi
+  /opt/app/bin/node/merge_files.sh /etc/rabbitmq/rabbitmq.conf.origin /data/conf/rabbitmq.conf /etc/rabbitmq/rabbitmq.conf
   _start || (log "ERROR: services in Node ${MY_INSTANCE_ID} failed to start  . ")
+  if [[ ${PEER_DISCOVERY_BACKEND_TYPE} == "classic_config" ]];then
+    addNodeToCluster
+  fi
   retry 10 30 0 checkSvc "rabbitmq-server"
   log "INFO: Application started successfully  . "
 }
@@ -54,6 +75,7 @@ reload() {
   case "${1}" in
     rabbitmq-server)
       local rabbitmqConfFile="/etc/rabbitmq/rabbitmq.conf";
+      /opt/app/bin/node/merge_files.sh /etc/rabbitmq/rabbitmq.conf.origin /data/conf/rabbitmq.conf /etc/rabbitmq/rabbitmq.conf
       if test -f ${rabbitmqConfFile}.1 && ! (diff -q -I "^cluster_formation"  ${rabbitmqConfFile} ${rabbitmqConfFile}.1 ) ; then
         # only figure out the changed parameter
         _reload rabbitmq-server || (log "ERROR: The Rabbitmq-server failed to start . " && return 1);
@@ -124,6 +146,7 @@ addNodeToCluster()  {
     rabbitmqctl stop_app
     rabbitmqctl join_cluster --${MY_ROLE} rabbit@${firstDiscNode}
     rabbitmqctl start_app
+    log "join cluster success."
   else
     log "${firstDiscNode} already clustered or ${MY_INSTANCE_ID} not the adding node."
   fi
diff --git a/ansible/roles/node-rabbitmq/tasks/main.yml b/ansible/roles/node-rabbitmq/tasks/main.yml
index 1e56f06..b2056a0 100644
--- a/ansible/roles/node-rabbitmq/tasks/main.yml
+++ b/ansible/roles/node-rabbitmq/tasks/main.yml
@@ -35,7 +35,7 @@
       creates: 
       bin_path:
   with_items:
-    - url: "https://packages.erlang-solutions.com/erlang-solutions_{{ erlang_solution_version }}_all.deb"
+    - url: " "
       name: "erlang-solutions"
       version: "{{ erlang_solution_version }}"
       dest: "erlang-solutions_{{ erlang_solution_version }}_all.deb"
@@ -92,7 +92,7 @@
     name: ['apt-transport-https', 'jq']
     update_cache: yes
 
-# https://github.com/rabbitmq/rabbitmq-server/releases/download/v3.8.0/rabbitmq-server_3.8.17-1_all.deb
+# https://github.com/rabbitmq/rabbitmq-server/releases/download/v3.8.0/rabbitmq-server_3.12.11-1_all.deb
 - name: apt for rabbitmq
   apt: deb="/tmp/rabbitmq-server_{{ rabbitmq_version }}-1_all.deb"
   become: yes
@@ -103,11 +103,11 @@
   vars:
     opts:
       pkg_name: "rabbitmq-delayed_message_exchange"
-      pkg_version: "3.8.17"
+      pkg_version: "3.12.0"
       pkg_type: ez
-      pkg_url: "https://github.com/rabbitmq/rabbitmq-delayed-message-exchange/releases/download/3.8.17/rabbitmq_delayed_message_exchange-3.8.17.8f537ac.ez"
+      pkg_url: "https://github.com/rabbitmq/rabbitmq-delayed-message-exchange/releases/download/v3.12.0/rabbitmq_delayed_message_exchange-3.12.0.ez"
       extracts: false
-      dest_path: "/usr/lib/rabbitmq/lib/rabbitmq_server-{{ rabbitmq_version }}/plugins/rabbitmq_delayed_message_exchange-3.8.17.ez"
+      dest_path: "/usr/lib/rabbitmq/lib/rabbitmq_server-{{ rabbitmq_version }}/plugins/rabbitmq_delayed_message_exchange-3.12.0.ez"
       creates: 
       bin_path:
 #unzip /tmp/rabbitmq_delayed_message_exchange-20191008-3.8.x.zip -d /usr/lib/rabbitmq/lib/rabbitmq_server-{{ rabbitmq_version }}/plugins/
diff --git a/app/cluster.json.mustache b/app/cluster.json.mustache
index 91850dc..47e86c9 100644
--- a/app/cluster.json.mustache
+++ b/app/cluster.json.mustache
@@ -6,15 +6,17 @@
     	"etcd_service": {{cluster.etcd_service}}
     },
     "multi_zone_policy": "round_robin",
+    "upgrade_policy": [
+            "appv-5ydg2896"
+    ],
     "upgrading_policy": "sequential",
     "nodes": [{
         "role": "disc",
         "container": {
-            "type": "lxc",
-            "prefer_type": "lxc",
+            "type": "kvm",
             "sriov_nic": true,
             "zone": "ap2a",
-            "image": "img-3z1o5uiu"
+            "image": "img-tpey7l8r"
         },
         "instance_class": {{cluster.disc.instance_class}},
         "count": {{cluster.disc.count}},
@@ -97,7 +99,7 @@
         "container": {
             "type": "kvm",
             "zone": "ap2a",
-            "image": "img-3z1o5uiu"
+            "image": "img-tpey7l8r"
         },
         "instance_class": {{cluster.client.instance_class}},
         "count": {{cluster.client.count}},
@@ -117,11 +119,10 @@
     }, {
         "role": "haproxy",
         "container": {
-            "type": "lxc",
-            "prefer_type": "lxc",
+            "type": "kvm",
             "sriov_nic": true,
             "zone": "ap2a",
-            "image": "img-3z1o5uiu"
+            "image": "img-tpey7l8r"
         },
         "instance_class": {{cluster.haproxy.instance_class}},
         "count": {{cluster.haproxy.count}},
diff --git a/app/config.json b/app/config.json
index a2bd08b..b693353 100644
--- a/app/config.json
+++ b/app/config.json
@@ -32,10 +32,10 @@
             "type": "service",
             "tag": ["ETCD", "etcd"],
             "limits": {
-                "app-fdyvu2wk": ["appv-5taat5ql", "appv-jzhr30i8", "appv-h1n2681n"]
+                "app-fdyvu2wk": ["appv-52759jdc", "appv-h1n2681n"]
             },
             "default": "",
-            "required": "yes"
+            "required": "no"
         },  {
             "key": "resource_group",
             "label": "Resource Configuration",

From efcb8cfe0197b6d96386d6a0ec2f0d1598c29d1f Mon Sep 17 00:00:00 2001
From: zhangpeng <pengzhang@yunify.com>
Date: Wed, 24 Jul 2024 10:27:57 +0800
Subject: [PATCH 41/86] Fix: delete hatop

---
 ansible/roles/node-proxy-keepalived/tasks/main.yml | 2 +-
 ansible/roles/node-rabbitmq/tasks/main.yml         | 2 +-
 app/cluster.json.mustache                          | 9 +++------
 3 files changed, 5 insertions(+), 8 deletions(-)

diff --git a/ansible/roles/node-proxy-keepalived/tasks/main.yml b/ansible/roles/node-proxy-keepalived/tasks/main.yml
index 31a2fdf..be2a004 100644
--- a/ansible/roles/node-proxy-keepalived/tasks/main.yml
+++ b/ansible/roles/node-proxy-keepalived/tasks/main.yml
@@ -15,7 +15,7 @@
 # haproxy
 - name: install haproxy plugins
   apt:
-    name: ['hatop','arping','software-properties-common']
+    name: ['arping','software-properties-common']
     update_cache: yes
     state: present
 
diff --git a/ansible/roles/node-rabbitmq/tasks/main.yml b/ansible/roles/node-rabbitmq/tasks/main.yml
index b2056a0..23a3570 100644
--- a/ansible/roles/node-rabbitmq/tasks/main.yml
+++ b/ansible/roles/node-rabbitmq/tasks/main.yml
@@ -35,7 +35,7 @@
       creates: 
       bin_path:
   with_items:
-    - url: " "
+    - url: "https://packages.erlang-solutions.com/erlang-solutions_{{ erlang_solution_version }}_all.deb"
       name: "erlang-solutions"
       version: "{{ erlang_solution_version }}"
       dest: "erlang-solutions_{{ erlang_solution_version }}_all.deb"
diff --git a/app/cluster.json.mustache b/app/cluster.json.mustache
index 47e86c9..dd96c96 100644
--- a/app/cluster.json.mustache
+++ b/app/cluster.json.mustache
@@ -6,9 +6,6 @@
     	"etcd_service": {{cluster.etcd_service}}
     },
     "multi_zone_policy": "round_robin",
-    "upgrade_policy": [
-            "appv-5ydg2896"
-    ],
     "upgrading_policy": "sequential",
     "nodes": [{
         "role": "disc",
@@ -16,7 +13,7 @@
             "type": "kvm",
             "sriov_nic": true,
             "zone": "ap2a",
-            "image": "img-tpey7l8r"
+            "image": "img-ar6217jc"
         },
         "instance_class": {{cluster.disc.instance_class}},
         "count": {{cluster.disc.count}},
@@ -99,7 +96,7 @@
         "container": {
             "type": "kvm",
             "zone": "ap2a",
-            "image": "img-tpey7l8r"
+            "image": "img-ar6217jc"
         },
         "instance_class": {{cluster.client.instance_class}},
         "count": {{cluster.client.count}},
@@ -122,7 +119,7 @@
             "type": "kvm",
             "sriov_nic": true,
             "zone": "ap2a",
-            "image": "img-tpey7l8r"
+            "image": "img-ar6217jc"
         },
         "instance_class": {{cluster.haproxy.instance_class}},
         "count": {{cluster.haproxy.count}},

From a0b6629643b8d978e949bad76a1e048829ee7e16 Mon Sep 17 00:00:00 2001
From: Yi Jing <djangoyi@yunify.com>
Date: Tue, 25 Mar 2025 15:38:41 +0800
Subject: [PATCH 42/86] ansible: hosts settings

---
 ansible/.gitignore                 | 1 -
 ansible/host_vars/kylin-amd64.yml  | 3 +++
 ansible/host_vars/kylin-arm64.yml  | 3 +++
 ansible/host_vars/ubuntu-amd64.yml | 3 +++
 ansible/hosts                      | 3 +++
 5 files changed, 12 insertions(+), 1 deletion(-)
 create mode 100644 ansible/host_vars/kylin-amd64.yml
 create mode 100644 ansible/host_vars/kylin-arm64.yml
 create mode 100644 ansible/host_vars/ubuntu-amd64.yml
 create mode 100644 ansible/hosts

diff --git a/ansible/.gitignore b/ansible/.gitignore
index feeb43b..59bd828 100644
--- a/ansible/.gitignore
+++ b/ansible/.gitignore
@@ -1,2 +1 @@
 **/files/tmp/
-hosts
diff --git a/ansible/host_vars/kylin-amd64.yml b/ansible/host_vars/kylin-amd64.yml
new file mode 100644
index 0000000..d41ed55
--- /dev/null
+++ b/ansible/host_vars/kylin-amd64.yml
@@ -0,0 +1,3 @@
+default_os: kylin
+default_osv: 10sp3
+default_arch: amd64
\ No newline at end of file
diff --git a/ansible/host_vars/kylin-arm64.yml b/ansible/host_vars/kylin-arm64.yml
new file mode 100644
index 0000000..d4f264e
--- /dev/null
+++ b/ansible/host_vars/kylin-arm64.yml
@@ -0,0 +1,3 @@
+default_os: kylin
+default_osv: 10sp3
+default_arch: arm64
\ No newline at end of file
diff --git a/ansible/host_vars/ubuntu-amd64.yml b/ansible/host_vars/ubuntu-amd64.yml
new file mode 100644
index 0000000..f1522b9
--- /dev/null
+++ b/ansible/host_vars/ubuntu-amd64.yml
@@ -0,0 +1,3 @@
+default_os: ubuntu
+default_osv: "22.04"
+default_arch: amd64
\ No newline at end of file
diff --git a/ansible/hosts b/ansible/hosts
new file mode 100644
index 0000000..39c647d
--- /dev/null
+++ b/ansible/hosts
@@ -0,0 +1,3 @@
+ubuntu-amd64 ansible_host=yourip
+kylin-arm64 ansible_host=youip ansible_port=30023
+kylin-amd64 ansible_host=youip ansible_port=30024
\ No newline at end of file

From 7096e268b0fcd08797802af8995d3ba0d0080aa7 Mon Sep 17 00:00:00 2001
From: zhangpeng <pengzhang@yunify.com>
Date: Thu, 27 Mar 2025 10:02:10 +0800
Subject: [PATCH 43/86] =?UTF-8?q?Fix:=20=E4=BF=AE=E5=A4=8D=E4=BF=AE?=
 =?UTF-8?q?=E6=94=B9=E9=85=8D=E7=BD=AE=E4=B8=8D=E9=87=8D=E5=90=AF=E7=9A=84?=
 =?UTF-8?q?=E9=97=AE=E9=A2=98?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../node-rabbitmq/files/opt/app/bin/node/rabbitmq-node.sh     | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ansible/roles/node-rabbitmq/files/opt/app/bin/node/rabbitmq-node.sh b/ansible/roles/node-rabbitmq/files/opt/app/bin/node/rabbitmq-node.sh
index 184e8ad..ca4ead7 100644
--- a/ansible/roles/node-rabbitmq/files/opt/app/bin/node/rabbitmq-node.sh
+++ b/ansible/roles/node-rabbitmq/files/opt/app/bin/node/rabbitmq-node.sh
@@ -74,7 +74,7 @@ reload() {
   if ! isNodeInitialized; then return 0; fi
   case "${1}" in
     rabbitmq-server)
-      local rabbitmqConfFile="/etc/rabbitmq/rabbitmq.conf";
+      local rabbitmqConfFile="/etc/rabbitmq/rabbitmq.conf.origin";
       /opt/app/bin/node/merge_files.sh /etc/rabbitmq/rabbitmq.conf.origin /data/conf/rabbitmq.conf /etc/rabbitmq/rabbitmq.conf
       if test -f ${rabbitmqConfFile}.1 && ! (diff -q -I "^cluster_formation"  ${rabbitmqConfFile} ${rabbitmqConfFile}.1 ) ; then
         # only figure out the changed parameter
@@ -184,4 +184,4 @@ checkSvc() {
       return 0
     }
   done
-}
\ No newline at end of file
+}

From bb88ed1051f63d7e376b877f6e1ab73260267e7e Mon Sep 17 00:00:00 2001
From: Yi Jing <djangoyi@yunify.com>
Date: Tue, 8 Jul 2025 14:45:10 +0800
Subject: [PATCH 44/86] ansible: roles for kylin

---
 .gitignore                                    |  1 +
 ansible/roles/app-agent/tasks/main.yml        | 93 +++++++++++++------
 ansible/roles/arping/tasks/main.yml           | 45 +++++++++
 ansible/roles/disable-motd/tasks/main.yml     | 22 ++++-
 .../tasks/main.yml                            | 59 ++++++++++++
 ansible/roles/downloader/tasks/main.yml       | 34 +++++++
 ansible/roles/ncncat/tasks/main.yml           | 23 +++++
 ansible/roles/os-update/tasks/main.yml        | 35 +++++++
 ansible/roles/tar/tasks/main.yml              |  9 ++
 9 files changed, 290 insertions(+), 31 deletions(-)
 create mode 100644 ansible/roles/arping/tasks/main.yml
 create mode 100644 ansible/roles/disable-package-manager-timers/tasks/main.yml
 create mode 100644 ansible/roles/downloader/tasks/main.yml
 create mode 100644 ansible/roles/ncncat/tasks/main.yml
 create mode 100644 ansible/roles/os-update/tasks/main.yml
 create mode 100644 ansible/roles/tar/tasks/main.yml

diff --git a/.gitignore b/.gitignore
index 61d1736..155fbfd 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,3 @@
 .idea/*
 *.tar
+*/file/tmp
\ No newline at end of file
diff --git a/ansible/roles/app-agent/tasks/main.yml b/ansible/roles/app-agent/tasks/main.yml
index 5787bc0..753cf40 100644
--- a/ansible/roles/app-agent/tasks/main.yml
+++ b/ansible/roles/app-agent/tasks/main.yml
@@ -1,45 +1,78 @@
 ---
 - name: set up variables
   set_fact:
-    app_agent_version: 1.0.6
+    os: "{{ os | d(default_os) }}"
+    appAgentVersion: "{{ appAgentVersion | d('v1.0.7') }}"
+    arch: "{{ arch | d(default_arch) }}"
+    tmpPath: "/tmp/app-agent"
 
-- name: prepare directories
-  file:
-    path: "/tmp/app-agent"
-    state: directory
+# will set var downloaded
+- include_role:
+    name: downloader
+  vars:
+    opts:
+      pkg_name: app-agent
+      pkg_version: "{{ appAgentVersion }}"
+      pkg_feature: "linux-{{ arch }}"
+      pkg_fileType: ".tgz"
+      pkg_url: "https://github.com/QingCloudAppcenter/AppcenterAgent/releases/download/{{ appAgentVersion }}/app-agent-linux-{{ arch }}.tar.gz"
 
-- name: prepare local download directories
+- name: prepare dir
   file:
-    path : "{{ role_path }}/files/tmp"
+    path: "{{ tmpPath }}"
     state: directory
-  delegate_to: localhost
 
-- name: download reusable binaries locally
-  vars:
-    dest_path: "{{ role_path }}/files/tmp/app-agent-{{ app_agent_version }}.tgz"
-  get_url:
-    url: "https://github.com/QingCloudAppcenter/AppcenterAgent/releases/download/v{{ app_agent_version }}/app-agent-linux-amd64.tar.gz"
-    dest: "{{ dest_path }}"
-  when: dest_path is not exists
-  run_once: True
-  delegate_to: localhost
-
-- name: extract binary
+- name: decompress file
   unarchive:
-    src: "{{ role_path }}/files/tmp/app-agent-{{ app_agent_version }}.tgz"
-    dest: "/tmp/app-agent"
-    creates: "/tmp/app-agent/bin"
-    extra_opts: [ --strip-components=1 ]
-
-- name: install app agent
-  raw: |
-    cd /tmp/app-agent
-    ./install.sh
-  args:
-    creates: /opt/qingcloud/app-agent/bin/confd
+    src: "{{ downloaded }}"
+    dest: "{{ tmpPath }}"
+    creates: "{{ tmpPath }}/bin"
+    extra_opts:
+    - --strip-components=1
+
+- name: hack for kylin
+  lineinfile:
+    path: "{{ tmpPath }}/install.sh"
+    regexp: "'fedora'"
+    line: "elif echo \"$os\" | grep '[fedora|kylin]' > /dev/null; then"
+
+- name: install app-agent
+  shell:
+    cmd: ./install.sh
+    chdir: "{{ tmpPath }}"
 
 - name: adjust logrotate
   replace:
     path: /etc/logrotate.d/app-agent
     regexp: '^(\s+size).*'
     replace: '\1 2M'
+
+- name: fix logrotate
+  lineinfile:
+    path: /etc/logrotate.d/app-agent
+    line: '    copytruncate'
+    insertbefore: '^}'
+    validate: 'logrotate -d %s'
+
+- name: set up variables
+  set_fact:
+    confd_path: "/etc/init.d/confd"
+
+- name: fix {{ confd_path }}
+  block:
+  - name: fix - PIDFILE
+    replace:
+      path: "{{ confd_path }}"
+      regexp: '^PIDFILE.*'
+      replace: 'PIDFILE=/run/$PROG.pid'
+  - name: fix - start
+    replace:
+      path: "{{ confd_path }}"
+      regexp: 'touch.*'
+      replace: 'touch $LOCKFILE; $(echo `pidofproc $PROG_BIN` > $PIDFILE)'
+  - name: fix - stop
+    replace:
+      path: "{{ confd_path }}"
+      regexp: 'rm -f \$LOCKFILE.*'
+      replace: 'rm -f $LOCKFILE && rm -f $PIDFILE'
+  when: os == 'kylin'
\ No newline at end of file
diff --git a/ansible/roles/arping/tasks/main.yml b/ansible/roles/arping/tasks/main.yml
new file mode 100644
index 0000000..c71d0b2
--- /dev/null
+++ b/ansible/roles/arping/tasks/main.yml
@@ -0,0 +1,45 @@
+---
+- name: set up variables
+  set_fact:
+    arping_version: "{{ arping_version | d('20211215-1') }}"
+    os: "{{ os | d(default_os) }}"
+    arch: "{{ arch | d(default_arch) }}"
+
+- name: set up url_prefix for ubuntu amd64
+  set_fact:
+    url_prefix: "http://archive.ubuntu.com/ubuntu"
+  when:
+  - os == 'ubuntu'
+  - arch == 'amd64'
+
+- name: set up url_prefix for ubuntu arm64
+  set_fact:
+    url_prefix: "http://ports.ubuntu.com"
+  when:
+  - os == 'ubuntu'
+  - arch == 'arm64'
+
+# will set var downloaded
+- include_role:
+    name: downloader
+  vars:
+    opts:
+      pkg_name: arping
+      pkg_version: "{{ arping_version }}"
+      pkg_feature: "linux-{{ arch }}"
+      pkg_fileType: ".deb"
+      pkg_url: "{{ url_prefix }}/pool/main/i/iputils/iputils-arping_{{ arping_version }}_{{ arch }}.deb"
+  when: os == 'ubuntu'
+
+- name: copy file
+  copy:
+    src: "{{ downloaded }}"
+    dest: "/tmp"
+  when: os == 'ubuntu'
+
+- name: install
+  apt:
+    deb: "/tmp/{{ downloaded | basename }}"
+    policy_rc_d: 101
+    state: present
+  when: os == 'ubuntu'
\ No newline at end of file
diff --git a/ansible/roles/disable-motd/tasks/main.yml b/ansible/roles/disable-motd/tasks/main.yml
index f0c9fdb..929ffa7 100644
--- a/ansible/roles/disable-motd/tasks/main.yml
+++ b/ansible/roles/disable-motd/tasks/main.yml
@@ -1,5 +1,9 @@
 ---
-- name: remove welcome messages after SSH login
+- name: set vars
+  set_fact:
+    os: "{{ os | d(default_os) }}"
+
+- name: ubuntu
   file:
     path: "{{ remote_usr.home }}/.hushlogin"
     owner: "{{ remote_usr.name }}"
@@ -11,3 +15,19 @@
     home: /root
   loop_control:
     loop_var: remote_usr
+  when: os == 'ubuntu'
+
+- name: kylin - cockpit
+  file:
+    src: /dev/null
+    dest: /etc/motd.d/cockpit
+    state: link
+    force: yes
+  when: os == 'kylin'
+
+- name: kylin - /etc/motd
+  copy:
+    content: ""
+    dest: /etc/motd
+    force: yes
+  when: os == 'kylin'
\ No newline at end of file
diff --git a/ansible/roles/disable-package-manager-timers/tasks/main.yml b/ansible/roles/disable-package-manager-timers/tasks/main.yml
new file mode 100644
index 0000000..3d3660a
--- /dev/null
+++ b/ansible/roles/disable-package-manager-timers/tasks/main.yml
@@ -0,0 +1,59 @@
+---
+- name: set vars
+  set_fact:
+    os: "{{ os | d(default_os) }}"
+    osv: "{{ osv | d(default_osv) }}"
+
+- name: ubuntu
+  systemd:
+    name: "{{ svc_name }}"
+    state: stopped
+    masked: yes
+  loop:
+  - apt-daily.timer
+  - apt-daily.service
+  - apt-daily-upgrade.timer
+  - apt-daily-upgrade.service
+  loop_control:
+    loop_var: svc_name
+  when: os == 'ubuntu'
+
+- name: ubuntu fix apt issues
+  shell: dpkg --configure -a
+  when: os == 'ubuntu'
+
+- name: kylin - 10sp2
+  systemd:
+    name: "{{ svc_name }}"
+    state: stopped
+    masked: yes
+  loop:
+  - dnf-automatic-download.timer
+  - dnf-automatic-download.service
+  - dnf-automatic-install.timer
+  - dnf-automatic-install.service
+  - dnf-automatic-notifyonly.timer
+  - dnf-automatic-notifyonly.service
+  - dnf-automatic.timer
+  - dnf-automatic.service
+  - dnf-makecache.timer
+  - dnf-makecache.service
+  loop_control:
+    loop_var: svc_name
+  when:
+  - os == 'kylin'
+  - osv == '10sp2'
+
+- name: kylin - 10sp3
+  systemd:
+    name: "{{ svc_name }}"
+    state: stopped
+    masked: yes
+  loop:
+  - dnf-makecache.timer
+  - dnf-makecache.service
+  loop_control:
+    loop_var: svc_name
+  when:
+  - os == 'kylin'
+  - osv == '10sp3'
\ No newline at end of file
diff --git a/ansible/roles/downloader/tasks/main.yml b/ansible/roles/downloader/tasks/main.yml
new file mode 100644
index 0000000..a1927ee
--- /dev/null
+++ b/ansible/roles/downloader/tasks/main.yml
@@ -0,0 +1,34 @@
+---
+- name: set up variables
+  set_fact:
+    local_cache_path: "{{ local_cache_path | d('file/tmp') }}"
+    pkg_name: "{{ opts.pkg_name }}"
+    pkg_version: "{{ opts.pkg_version }}"
+    pkg_feature: "{{ opts.pkg_feature }}"
+    pkg_fileType: "{{ opts.pkg_fileType }}"
+    pkg_url: "{{ opts.pkg_url }}"
+
+- name: prepare dir
+  file:
+    path: "{{ local_cache_path }}/{{ pkg_name }}"
+    state: directory
+    mode: '0755'
+  delegate_to: localhost
+
+- name: check if file exists
+  stat:
+    path: "{{ local_cache_path }}/{{ pkg_name }}/{{ pkg_name }}-{{ pkg_version }}-{{ pkg_feature }}{{ pkg_fileType }}"
+  register: cached_file
+  delegate_to: localhost
+
+- name: download file
+  get_url:
+    url: "{{ pkg_url }}"
+    dest: "{{ local_cache_path }}/{{ pkg_name }}/{{ pkg_name }}-{{ pkg_version }}-{{ pkg_feature }}{{ pkg_fileType }}"
+  delegate_to: localhost
+  when:
+  - cached_file.stat.exists == false
+
+- name: setup output
+  set_fact:
+    downloaded: "{{ local_cache_path }}/{{ pkg_name }}/{{ pkg_name }}-{{ pkg_version }}-{{ pkg_feature }}{{ pkg_fileType }}"
diff --git a/ansible/roles/ncncat/tasks/main.yml b/ansible/roles/ncncat/tasks/main.yml
new file mode 100644
index 0000000..d710bd7
--- /dev/null
+++ b/ansible/roles/ncncat/tasks/main.yml
@@ -0,0 +1,23 @@
+- name: set up variables
+  set_fact:
+    os: "{{ os | d(default_os) }}"
+
+- name: install ncat on ubuntu
+  apt:
+    name: "ncat"
+    state: present
+  when: os == 'ubuntu'
+
+- name: link nc to ncat
+  file:
+    src: /usr/bin/ncat
+    dest: /usr/bin/nc
+    state: link
+    force: yes
+  when: os == "ubuntu"
+
+- name: Install nc and ncat on kylin
+  dnf:
+    name: "nmap"
+    state: present
+  when: os == 'kylin'
\ No newline at end of file
diff --git a/ansible/roles/os-update/tasks/main.yml b/ansible/roles/os-update/tasks/main.yml
new file mode 100644
index 0000000..d1ff479
--- /dev/null
+++ b/ansible/roles/os-update/tasks/main.yml
@@ -0,0 +1,35 @@
+---
+- name: set vars
+  set_fact:
+    os: "{{ os | d(default_os) }}"
+    osv: "{{ osv | d(default_osv) }}"
+    arch: "{{ arch | d(default_arch) }}"
+
+- name: update apt source
+  apt:
+    update_cache: yes
+  when: os == 'ubuntu'
+
+- name: prepare for ubuntu 22.04, amd64
+  block:
+  - name: upgrade kernal
+    apt:
+      name: "linux-image-{{ ubuntu_22_amd64_kernel }}"
+      state: present
+  - name: reboot os
+    reboot:
+      reboot_timeout: 600
+      connect_timeout: 30
+      test_command: uptime
+  when:
+  - os == 'ubuntu'
+  - osv == '22.04'
+  - arch == 'amd64'
+  - ansible_kernel is version_compare(ubuntu_22_amd64_kernel, '<')
+
+- name: Non-interactive update
+  dnf:
+    name: "*"
+    state: latest
+    update_cache: yes
+  when: os == 'kylin'
\ No newline at end of file
diff --git a/ansible/roles/tar/tasks/main.yml b/ansible/roles/tar/tasks/main.yml
new file mode 100644
index 0000000..4a32eae
--- /dev/null
+++ b/ansible/roles/tar/tasks/main.yml
@@ -0,0 +1,9 @@
+- name: set up variables
+  set_fact:
+    os: "{{ os | d(default_os) }}"
+
+- name: Install RPM package
+  dnf:
+    name: "tar"
+    state: present
+  when: os == 'kylin'
\ No newline at end of file

From 55eb883b26a29816308309d50bb0a08ec5392241 Mon Sep 17 00:00:00 2001
From: Yi Jing <djangoyi@yunify.com>
Date: Mon, 14 Jul 2025 10:24:03 +0800
Subject: [PATCH 45/86] ansible: roles, node-all

---
 ansible/roles/node-all/tasks/main.yml | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/ansible/roles/node-all/tasks/main.yml b/ansible/roles/node-all/tasks/main.yml
index 923ec3e..56e2545 100644
--- a/ansible/roles/node-all/tasks/main.yml
+++ b/ansible/roles/node-all/tasks/main.yml
@@ -3,12 +3,6 @@
   include_role:
     name: confd-files
 
-- name: install arping
-  apt:
-    name: [ 'iputils-arping' ]
-    state: present
-    update_cache: yes
-
 - name: Set net.ipv4.tcp_keepalive_time to 30
   lineinfile:
     path: /etc/sysctl.conf

From fc9f67ac3a3dfa1174f33a86cf339851e4429fb8 Mon Sep 17 00:00:00 2001
From: Yi Jing <djangoyi@yunify.com>
Date: Mon, 14 Jul 2025 10:35:09 +0800
Subject: [PATCH 46/86] ansible: roles, node-proxy-keepalived

---
 .../files/lib/systemd/system/haproxy.service  |   6 +-
 .../lib/systemd/system/keepalived.service     |   2 +-
 .../node-proxy-keepalived/tasks/main.yml      | 182 ++++++++++--------
 3 files changed, 108 insertions(+), 82 deletions(-)

diff --git a/ansible/roles/node-proxy-keepalived/files/lib/systemd/system/haproxy.service b/ansible/roles/node-proxy-keepalived/files/lib/systemd/system/haproxy.service
index f55e301..1d4af3b 100644
--- a/ansible/roles/node-proxy-keepalived/files/lib/systemd/system/haproxy.service
+++ b/ansible/roles/node-proxy-keepalived/files/lib/systemd/system/haproxy.service
@@ -10,9 +10,9 @@ Group=root
 EnvironmentFile=-/etc/default/haproxy
 EnvironmentFile=-/etc/sysconfig/haproxy
 Environment="CONFIG=/opt/app/conf/haproxy/haproxy.cfg" "PIDFILE=/run/haproxy.pid" "EXTRAOPTS=-S /run/haproxy-master.sock"
-ExecStartPre=/usr/sbin/haproxy -f $CONFIG -c -q $EXTRAOPTS
-ExecStart=/usr/sbin/haproxy -Ws -f $CONFIG -p $PIDFILE $EXTRAOPTS
-ExecReload=/usr/sbin/haproxy -f $CONFIG -c -q $EXTRAOPTS
+ExecStartPre=/opt/haproxy/current/haproxy -f $CONFIG -c -q $EXTRAOPTS
+ExecStart=/opt/haproxy/current/haproxy -Ws -f $CONFIG -p $PIDFILE $EXTRAOPTS
+ExecReload=/opt/haproxy/current/haproxy -f $CONFIG -c -q $EXTRAOPTS
 ExecReload=/bin/kill -USR2 $MAINPID
 KillMode=mixed
 Restart=always
diff --git a/ansible/roles/node-proxy-keepalived/files/lib/systemd/system/keepalived.service b/ansible/roles/node-proxy-keepalived/files/lib/systemd/system/keepalived.service
index 6fa3222..4ef6119 100644
--- a/ansible/roles/node-proxy-keepalived/files/lib/systemd/system/keepalived.service
+++ b/ansible/roles/node-proxy-keepalived/files/lib/systemd/system/keepalived.service
@@ -8,7 +8,7 @@ Type=forking
 PIDFile=/run/keepalived.pid
 KillMode=process
 EnvironmentFile=-/opt/keepalived/current/etc/sysconfig/keepalived
-ExecStart=/opt/keepalived/current/sbin/keepalived $KEEPALIVED_OPTIONS
+ExecStart=/usr/local/sbin/keepalived $KEEPALIVED_OPTIONS
 ExecReload=/bin/kill -HUP $MAINPID
 
 [Install]
diff --git a/ansible/roles/node-proxy-keepalived/tasks/main.yml b/ansible/roles/node-proxy-keepalived/tasks/main.yml
index be2a004..bbf6698 100644
--- a/ansible/roles/node-proxy-keepalived/tasks/main.yml
+++ b/ansible/roles/node-proxy-keepalived/tasks/main.yml
@@ -13,37 +13,60 @@
     name: confd-files
 
 # haproxy
-- name: install haproxy plugins
-  apt:
-    name: ['arping','software-properties-common']
-    update_cache: yes
-    state: present
+- name: set vars
+  set_fact:
+    haproxy_version: "{{ haproxy_version | d('3.0.9') }}"
+    os: "{{ os | d(default_os) }}"
+    arch: "{{ arch | d(default_arch) }}"
+    osv: "{{ osv | d(default_osv) }}"
+    installPath: "/opt/haproxy"
 
-- name: add-apt-repository
-  apt_repository:
-    repo: "ppa:vbernat/haproxy-{{ haproxy_version }}"
+- name: group svc
+  group:
+    name: svc
+    state: present
 
-- name: install haproxy
-  apt:
-    name: "haproxy={{ haproxy_version }}.*"
-    update_cache: yes
+- name: prepare service user
+  user:
+    name: haproxy
+    groups: svc
+    shell: /sbin/nologin
+    create_home: no
+    append: yes
+    comment: "Service User"
     state: present
 
-- name: copy binaries
-  copy:
-    src: files/lib/
-    dest: /lib
-    owner: root
-    group: root
-    mode: preserve
-    directory_mode: u=rwx,g=rx,o=
+# will set var downloaded
+- include_role:
+    name: downloader
+  vars:
+    opts:
+      pkg_name: haproxy
+      pkg_version: "{{ haproxy_version }}"
+      pkg_feature: "{{ os }}-{{ osv }}-{{ arch }}"
+      pkg_fileType: ".tgz"
+      pkg_url: "https://github.com/djangoyi-yunify/haproxy-compiler/releases/download/haproxy-{{ haproxy_version }}_{{ os }}-{{ osv }}/haproxy-{{ haproxy_version }}-{{ arch }}.tgz"
 
-- name: disable auto startup on boot
-  systemd:
-    name: haproxy
-    enabled: no
-    masked: yes
-    state: stopped
+- name: prepare dir
+  file:
+    path: "{{ installPath }}/{{ haproxy_version }}"
+    state: directory
+
+- name: link for current
+  file:
+    src: "{{ installPath }}/{{ haproxy_version }}"
+    dest: "{{ installPath }}/current"
+    state: link
+
+- name: decompress file
+  unarchive:
+    src: "{{ downloaded }}"
+    dest: "{{ installPath }}/current"
+    creates: "{{ installPath }}/current/bin/haproxy"
+    extra_opts:
+    - --strip-components=4
+    - --wildcards
+    - output/usr/local/sbin/haproxy
 
 - name: creates directory
   file:
@@ -51,62 +74,65 @@
     state: directory
 
 # keepalived
-- name: Prepare dev env for keepalived
-  apt:
-    update_cache: yes
-    name: ['tree', 'curl', 'gcc', 'libssl-dev', 'libnl-3-dev', 'libnl-genl-3-dev', 'libsnmp-dev', 'make']
+- name: set vars
+  set_fact:
+    keepalived_version: "{{ keepalived_version | d('2.3.3') }}"
+    os: "{{ os | d(default_os) }}"
+    arch: "{{ arch | d(default_arch) }}"
+    osv: "{{ osv | d(default_osv) }}"
+    optPath: "/opt/keepalived"
+
+- name: group svc
+  group:
+    name: svc
     state: present
-  delegate_to: localhost
 
-- name: Prepare directories for keepalived
-  file:
-    path: /etc/keepalived
-    owner: root
-    group: root
-    state: directory
+- name: prepare service user
+  user:
+    name: keepalived
+    groups: svc
+    shell: /sbin/nologin
+    create_home: no
+    append: yes
+    comment: "Service User"
+    state: present
 
-- name: download keepalived
-  include_role:
-    name: install
+# will set var downloaded
+- include_role:
+    name: downloader
   vars:
     opts:
       pkg_name: keepalived
-      pkg_version: "{{ item }}"
-      pkg_type: tgz
-      pkg_url: "https://www.keepalived.org/software/keepalived-{{ item }}.tar.gz"
-      extracts: yes
-      creates: "configure"
-      bin_path:
-  with_items: "{{ keepalived_version }}"
-
-- name: build keepalived
-  vars:
-    build_path: "/root/.ansible/cache/node-proxy-keepalived/keepalived-{{ keepalived_version }}/build-dir"
-  shell: |
-    tar -zxvf keepalived-{{ keepalived_version }}.tgz
-    cd keepalived-{{ keepalived_version }}/
-    ./configure --prefix={{ build_path }}
-    make
-    sudo make install
-  args:
-    chdir: "/root/.ansible/cache/node-proxy-keepalived"
-    creates: "{{ build_path }}/bin/keepalived"
-  delegate_to: localhost
-
-- name: install keepalived bin
-  copy:
-    src: "{{ item }}"
-    dest: /opt/keepalived/{{ keepalived_version }}
-    owner: root
-    group: root
-    mode: preserve
-    directory_mode: u=rwx,g=rx,o=
-  with_items:
-    - "/root/.ansible/cache/node-proxy-keepalived/keepalived-{{ keepalived_version }}/build-dir/"
+      pkg_version: "{{ keepalived_version }}"
+      pkg_feature: "{{ os }}-{{ osv }}-{{ arch }}"
+      pkg_fileType: ".tgz"
+      pkg_url: "https://github.com/djangoyi-yunify/keepalived-compiler/releases/download/keepalived-{{ keepalived_version }}_{{ os }}-{{ osv }}/keepalived-{{ keepalived_version }}-{{ arch }}.tgz"
 
-- name: mask services
-  systemd:
-    name: keepalived
-    enabled: no
-    masked: yes
-    state: stopped
\ No newline at end of file
+- name: decompress file
+  unarchive:
+    src: "{{ downloaded }}"
+    dest: "/"
+    creates: "/usr/local/sbin/keepalived"
+    extra_opts:
+    - --strip-components=1
+
+- name: creates directory
+  file:
+    path: /etc/keepalived
+    state: directory
+
+- name: creates directory
+  file:
+    path: "{{ optPath }}/{{ keepalived_version }}"
+    state: directory
+
+- name: link for current
+  file:
+    src: "{{ optPath }}/{{ keepalived_version }}"
+    dest: "{{ optPath }}/current"
+    state: link
+
+- name: more path for keepalived
+  file:
+    path: "{{ optPath }}/current/etc/sysconfig"
+    state: directory
\ No newline at end of file

From 6f032857151b43354aa2bf57f39da0c86ca35504 Mon Sep 17 00:00:00 2001
From: Yi Jing <djangoyi@yunify.com>
Date: Mon, 14 Jul 2025 16:18:26 +0800
Subject: [PATCH 47/86] ansible: roles, node-rabbitmq, for test

---
 ansible/group_vars/all.yml                    |  13 +-
 ansible/make.yml                              |   8 +-
 .../files/etc/profile.d/rabbitmq.sh           |   2 +
 .../systemd/system/rabbitmq-server.service    |   5 +-
 ansible/roles/node-rabbitmq/tasks/main.yml    | 199 ++++++++++--------
 5 files changed, 127 insertions(+), 100 deletions(-)
 create mode 100644 ansible/roles/node-rabbitmq/files/etc/profile.d/rabbitmq.sh

diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml
index a36778f..993c28d 100644
--- a/ansible/group_vars/all.yml
+++ b/ansible/group_vars/all.yml
@@ -1,5 +1,8 @@
-keepalived_version: 2.2.8
-rabbitmq_version: 3.12.11
-local_cache_path: "~/.ansible/cache"
-erlang_solution_version: 2.0
-haproxy_version: 2.7
\ No newline at end of file
+appAgentVersion: v1.0.7
+arping_version: "20211215-1"
+local_cache_path: "file/tmp"
+haproxy_version: 3.0.9
+keepalived_version: 2.3.3
+erlang_version: 26.2.5.9
+rabbitmq_version: 3.13.7
+rabbitmqDelayedMessageExchange_version: 4.1.0
diff --git a/ansible/make.yml b/ansible/make.yml
index b052201..3515941 100644
--- a/ansible/make.yml
+++ b/ansible/make.yml
@@ -8,14 +8,18 @@
   - include_role:
       name: "{{ service_name }}"
     loop:
-    - disable-apt-jobs
+    - tar
+    - ncncat
+    - os-update
+    - disable-package-manager-timers
     - disable-motd
     - app-agent
     - appctl
+    - arping
     - node-all
     - node-client
     - node-proxy-keepalived
     - node-rabbitmq
-    - caddy
+    # - caddy
     loop_control:
       loop_var: service_name
diff --git a/ansible/roles/node-rabbitmq/files/etc/profile.d/rabbitmq.sh b/ansible/roles/node-rabbitmq/files/etc/profile.d/rabbitmq.sh
new file mode 100644
index 0000000..743e523
--- /dev/null
+++ b/ansible/roles/node-rabbitmq/files/etc/profile.d/rabbitmq.sh
@@ -0,0 +1,2 @@
+export RABBITMQ_HOME=/opt/rabbitmq/current
+export PATH=$PATH:$RABBITMQ_HOME/sbin
\ No newline at end of file
diff --git a/ansible/roles/node-rabbitmq/files/lib/systemd/system/rabbitmq-server.service b/ansible/roles/node-rabbitmq/files/lib/systemd/system/rabbitmq-server.service
index 5b0b6bc..2b210e9 100644
--- a/ansible/roles/node-rabbitmq/files/lib/systemd/system/rabbitmq-server.service
+++ b/ansible/roles/node-rabbitmq/files/lib/systemd/system/rabbitmq-server.service
@@ -30,9 +30,10 @@ LimitNOFILE=1048576
 Restart=on-failure
 RestartSec=10
 WorkingDirectory=/data
+Environment=RABBITMQ_HOME=/opt/rabbitmq/current
 #Environment=RABBITMQ_CONF_ENV_FILE=/opt/app/conf/rabbitmq-server/rabbitmq-env.conf
-ExecStart=/usr/lib/rabbitmq/bin/rabbitmq-server
-ExecStop=/usr/lib/rabbitmq/bin/rabbitmqctl shutdown
+ExecStart=/opt/rabbitmq/current/sbin/rabbitmq-server
+ExecStop=/opt/rabbitmq/current/sbin/rabbitmqctl shutdown
 SuccessExitStatus=69
 # See rabbitmq/rabbitmq-server-release#51
 
diff --git a/ansible/roles/node-rabbitmq/tasks/main.yml b/ansible/roles/node-rabbitmq/tasks/main.yml
index 23a3570..9be42a5 100644
--- a/ansible/roles/node-rabbitmq/tasks/main.yml
+++ b/ansible/roles/node-rabbitmq/tasks/main.yml
@@ -21,96 +21,100 @@
     mode: preserve
     directory_mode: u=rwx,g=rx,o=
 
-- name: install rabbitmq deb
-  include_role:
-    name: install
+# install erlang
+- name: set vars for erlang
+  set_fact:
+    erlang_version: "{{ erlang_version | d('26.2.5.9') }}"
+    os: "{{ os | d(default_os) }}"
+    arch: "{{ arch | d(default_arch) }}"
+    osv: "{{ osv | d(default_osv) }}"
+
+# will set var downloaded
+- include_role:
+    name: downloader
   vars:
     opts:
-      pkg_name: "{{ item.name }}"
-      pkg_version: "{{ item.version }}"
-      pkg_type: deb
-      pkg_url: "{{ item.url }}"
-      extracts: false
-      dest_path: "/tmp/{{ item.dest }}"
-      creates: 
-      bin_path:
-  with_items:
-    - url: "https://packages.erlang-solutions.com/erlang-solutions_{{ erlang_solution_version }}_all.deb"
-      name: "erlang-solutions"
-      version: "{{ erlang_solution_version }}"
-      dest: "erlang-solutions_{{ erlang_solution_version }}_all.deb"
-    - url: "https://github.com/rabbitmq/rabbitmq-server/releases/download/v{{ rabbitmq_version }}/rabbitmq-server_{{ rabbitmq_version }}-1_all.deb"
-      name: "rabbitmq"
-      version: "{{ rabbitmq_version }}"
-      dest: "rabbitmq-server_{{ rabbitmq_version }}-1_all.deb"
-
-- name: apt for erlang
-  apt: deb="/tmp/erlang-solutions_{{ erlang_solution_version }}_all.deb"
-  become: yes
-
-#- name: update apt for erlang
-#  shell: echo 'deb https://dl.bintray.com/rabbitmq/debian  xenial  erlang-22.x' | sudo tee -a /etc/apt/sources.list.d/erlang-solutions.list
-
-#- name: add apt-key
-#  apt_key:
-#    url: https://packages.erlang-solutions.com/ubuntu/erlang_solutions.asc
-#    state: present
-
-- name: install add-apt-repository
-  apt:
-    name: "software-properties-common"
-    update_cache: yes
-    state: present
-
-- name: add-apt-repository rabbitmq-erlang
-  apt_repository:
-    repo: "ppa:rabbitmq/rabbitmq-erlang"
-
-- name: install erlang
-  apt:
-    name: erlang
-    update_cache: yes
-    state: present
-
-- name: add apt_key for rabbitmq
-  shell: wget -O - "https://packagecloud.io/rabbitmq/rabbitmq-server/gpgkey" | sudo apt-key add -
-
-#- name: add apt signing key, will not download if present
-#  apt_key:
-#    url: https://github.com/rabbitmq/signing-keys/releases/download/2.0/rabbitmq-release-signing-key.asc
-#    state: present
-
-- name: add bintray repo for latest Rabbitmq
-  shell:
-    cmd: |
-      tee /etc/apt/sources.list.d/bintray.rabbitmq.list <<EOF
-      deb http://ppa.launchpad.net/rabbitmq/rabbitmq-erlang/ubuntu xenial main
-      EOF
-
-- name: install apt https
-  apt:
-    name: ['apt-transport-https', 'jq']
-    update_cache: yes
+      pkg_name: erlang
+      pkg_version: "{{ erlang_version }}"
+      pkg_feature: "{{ os }}-{{ osv }}-{{ arch }}"
+      pkg_fileType: ".tgz"
+      pkg_url: "https://github.com/djangoyi-yunify/erlang-compiler/releases/download/erlang-{{ erlang_version }}_{{ os }}-{{ osv }}/erlang-{{ erlang_version }}-{{ arch }}.tgz"
+
+- name: decompress file
+  unarchive:
+    src: "{{ downloaded }}"
+    dest: "/"
+    creates: "/usr/local/bin/erl"
+    extra_opts:
+    - --strip-components=1
+
+# install rabbitmq
+- name: set vars for rabbitmq
+  set_fact:
+    rabbitmq_version: "{{ rabbitmq_version | d('3.13.7') }}"
+    os: "{{ os | d(default_os) }}"
+    arch: "{{ arch | d(default_arch) }}"
+    osv: "{{ osv | d(default_osv) }}"
+    installPath: "/opt/rabbitmq"
+
+# will set var downloaded
+- include_role:
+    name: downloader
+  vars:
+    opts:
+      pkg_name: rabbitmq
+      pkg_version: "{{ rabbitmq_version }}"
+      pkg_feature: "noarch"
+      pkg_fileType: ".xz"
+      pkg_url: "https://github.com/rabbitmq/rabbitmq-server/releases/download/v{{ rabbitmq_version }}/rabbitmq-server-generic-unix-{{ rabbitmq_version }}.tar.xz"
+
+- name: prepare rabbitmq install path
+  file:
+    path: "{{ installPath }}/{{ rabbitmq_version }}"
+    state: directory
+
+- name: link for current
+  file:
+    src: "{{ installPath }}/{{ rabbitmq_version }}"
+    dest: "{{ installPath }}/current"
+    state: link
+
+- name: decompress file
+  unarchive:
+    src: "{{ downloaded }}"
+    dest: "{{ installPath }}/current"
+    creates: "{{ installPath }}/current/sbin/rabbitmq-server"
+    extra_opts:
+    - --strip-components=1
+
+- name: copy profile.d config
+  copy:
+    src: files/etc/profile.d/rabbitmq.sh
+    dest: /etc/profile.d
+    mode: preserve
 
-# https://github.com/rabbitmq/rabbitmq-server/releases/download/v3.8.0/rabbitmq-server_3.12.11-1_all.deb
-- name: apt for rabbitmq
-  apt: deb="/tmp/rabbitmq-server_{{ rabbitmq_version }}-1_all.deb"
-  become: yes
+# install rabbitmq plugin: rabbitmq-delayed-message-exchange
+- name: set vars for rabbitmq-delayed-message-exchange
+  set_fact:
+    rabbitmqDelayedMessageExchange_version: "{{ rabbitmqDelayedMessageExchange_version | d('4.1.0') }}"
+    installPath: "/opt/rabbitmq/current/plugins"
 
-- name: download plugins for rabbitmq
-  include_role:
-    name: install
+# will set var downloaded
+- include_role:
+    name: downloader
   vars:
     opts:
-      pkg_name: "rabbitmq-delayed_message_exchange"
-      pkg_version: "3.12.0"
-      pkg_type: ez
-      pkg_url: "https://github.com/rabbitmq/rabbitmq-delayed-message-exchange/releases/download/v3.12.0/rabbitmq_delayed_message_exchange-3.12.0.ez"
-      extracts: false
-      dest_path: "/usr/lib/rabbitmq/lib/rabbitmq_server-{{ rabbitmq_version }}/plugins/rabbitmq_delayed_message_exchange-3.12.0.ez"
-      creates: 
-      bin_path:
-#unzip /tmp/rabbitmq_delayed_message_exchange-20191008-3.8.x.zip -d /usr/lib/rabbitmq/lib/rabbitmq_server-{{ rabbitmq_version }}/plugins/
+      pkg_name: rabbitmqDelayedMessageExchange
+      pkg_version: "{{ rabbitmqDelayedMessageExchange_version }}"
+      pkg_feature: "noarch"
+      pkg_fileType: ".zip"
+      pkg_url: "https://github.com/rabbitmq/rabbitmq-delayed-message-exchange/releases/download/v{{ rabbitmqDelayedMessageExchange_version }}/rabbitmq_delayed_message_exchange-{{ rabbitmqDelayedMessageExchange_version }}.ez"
+
+- name: decompress file
+  unarchive:
+    src: "{{ downloaded }}"
+    dest: "{{ installPath }}"
+    creates: "{{ installPath }}/rabbitmq_delayed_message_exchange-{{ rabbitmqDelayedMessageExchange_version }}"
 
 - name: disable auto startup on boot
   systemd:
@@ -119,12 +123,25 @@
     masked: yes
     state: stopped
 
-- name: copy cookie file
-  copy:
-    dest: /var/lib/rabbitmq/.erlang.cookie
-    content: ""
-    owner: rabbitmq
-    group: rabbitmq
-    mode: '0600'
+- name: prepare rabbitmq config path
+  file:
+    path: "/etc/rabbitmq"
+    state: directory
+
+- name: User - rabbitmq
+  user:
+    name: rabbitmq
+    groups: svc
+    shell: /usr/sbin/nologin
+    create_home: no
+    append: yes
+    state: present
+# - name: copy cookie file
+#   copy:
+#     dest: /var/lib/rabbitmq/.erlang.cookie
+#     content: ""
+#     owner: rabbitmq
+#     group: rabbitmq
+#     mode: '0600'
 
 

From 3f8260f607c0d0945da16cd6041a13fe33c451b0 Mon Sep 17 00:00:00 2001
From: Yi Jing <djangoyi@yunify.com>
Date: Wed, 16 Jul 2025 16:11:26 +0800
Subject: [PATCH 48/86] ansible: roles, jq, needed by app script

---
 ansible/group_vars/all.yml      |  2 +-
 ansible/roles/jq/tasks/main.yml | 40 +++++++++++++++++++++++++++++++++
 2 files changed, 41 insertions(+), 1 deletion(-)
 create mode 100644 ansible/roles/jq/tasks/main.yml

diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml
index 993c28d..32a3bd0 100644
--- a/ansible/group_vars/all.yml
+++ b/ansible/group_vars/all.yml
@@ -1,8 +1,8 @@
 appAgentVersion: v1.0.7
 arping_version: "20211215-1"
+jq_version: 1.8.1
 local_cache_path: "file/tmp"
 haproxy_version: 3.0.9
 keepalived_version: 2.3.3
 erlang_version: 26.2.5.9
 rabbitmq_version: 3.13.7
-rabbitmqDelayedMessageExchange_version: 4.1.0
diff --git a/ansible/roles/jq/tasks/main.yml b/ansible/roles/jq/tasks/main.yml
new file mode 100644
index 0000000..8f3b68b
--- /dev/null
+++ b/ansible/roles/jq/tasks/main.yml
@@ -0,0 +1,40 @@
+---
+- name: set up variables
+  set_fact:
+    jq_version: "{{ jq_version | d('1.7') }}"
+    arch: "{{ arch | d(default_arch) }}"
+    installPath: "/opt/jq"
+
+# will set var downloaded
+- include_role:
+    name: downloader
+  vars:
+    opts:
+      pkg_name: jq
+      pkg_version: "{{ jq_version }}"
+      pkg_feature: "linux-{{ arch }}"
+      pkg_fileType: ""
+      pkg_url: https://github.com/jqlang/jq/releases/download/jq-{{ jq_version }}/jq-linux-{{ arch }}
+
+- name: prepare dir
+  file:
+    path: "{{ installPath }}/{{ jq_version }}"
+    state: directory
+
+- name: copy file
+  copy:
+    src: "{{ downloaded }}"
+    dest: "{{ installPath }}/{{ jq_version }}/jq"
+    mode: "0755"
+
+- name: link for current
+  file:
+    src: "{{ installPath }}/{{ jq_version }}"
+    dest: "{{ installPath }}/current"
+    state: link
+
+- name: link for jq
+  file:
+    src: "{{ installPath }}/current/jq"
+    dest: "/usr/bin/jq"
+    state: link
\ No newline at end of file

From 684ff8594ce24afdb3f7f52d25fe95bff92d5776 Mon Sep 17 00:00:00 2001
From: Yi Jing <djangoyi@yunify.com>
Date: Wed, 16 Jul 2025 16:12:53 +0800
Subject: [PATCH 49/86] ansible: roles, node-all, envs for app script

---
 .../files/etc/confd/templates/appctl.sh/01.appctl.env.tmpl    | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/ansible/roles/node-all/files/etc/confd/templates/appctl.sh/01.appctl.env.tmpl b/ansible/roles/node-all/files/etc/confd/templates/appctl.sh/01.appctl.env.tmpl
index 8d65716..4ef8b5f 100644
--- a/ansible/roles/node-all/files/etc/confd/templates/appctl.sh/01.appctl.env.tmpl
+++ b/ansible/roles/node-all/files/etc/confd/templates/appctl.sh/01.appctl.env.tmpl
@@ -22,6 +22,8 @@ PEER_DISCOVERY_BACKEND_TYPE=etcd
 {{ else }}
 PEER_DISCOVERY_BACKEND_TYPE=classic_config
 {{ end }}
-
+PATH=/opt/rabbitmq/current/sbin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin
+export RABBITMQ_HOME=/opt/rabbitmq/current
+export HOME=/root
 APPCTL_ENV_EOF
 

From 001d5a88770eec4941ea3d141840573b65f0f8e6 Mon Sep 17 00:00:00 2001
From: Yi Jing <djangoyi@yunify.com>
Date: Thu, 17 Jul 2025 10:07:45 +0800
Subject: [PATCH 50/86] ansible: roles, node-rabbitmq

---
 .../04.rabbitmq-env.conf.tmpl                 |  4 +-
 .../files/etc/profile.d/rabbitmq.sh           |  2 -
 .../systemd/system/rabbitmq-server.service    |  5 +--
 .../files/opt/app/bin/node/rabbitmq-node.sh   |  4 +-
 ansible/roles/node-rabbitmq/tasks/main.yml    | 40 +++++++++++++------
 5 files changed, 35 insertions(+), 20 deletions(-)
 delete mode 100644 ansible/roles/node-rabbitmq/files/etc/profile.d/rabbitmq.sh

diff --git a/ansible/roles/node-rabbitmq/files/etc/confd/templates/rabbitmq-server.sh/04.rabbitmq-env.conf.tmpl b/ansible/roles/node-rabbitmq/files/etc/confd/templates/rabbitmq-server.sh/04.rabbitmq-env.conf.tmpl
index f13fadc..39ac3fb 100644
--- a/ansible/roles/node-rabbitmq/files/etc/confd/templates/rabbitmq-server.sh/04.rabbitmq-env.conf.tmpl
+++ b/ansible/roles/node-rabbitmq/files/etc/confd/templates/rabbitmq-server.sh/04.rabbitmq-env.conf.tmpl
@@ -3,9 +3,11 @@ flush /etc/rabbitmq/rabbitmq-env.conf << RABBIT_ENV_CONF_EOF
 RABBITMQ_NODE_IP_ADDRESS=0.0.0.0
 RABBITMQ_NODE_PORT=5672
 RABBITMQ_MNESIA_BASE=${DATA_MOUNTS}/mnesia
-RABBITMQ_LOG_BASE=${DATA_MOUNTS}/log/rabbitmq/
+RABBITMQ_LOG_BASE=${DATA_MOUNTS}/log/rabbitmq
 RABBITMQ_CONFIG_FILE=/etc/rabbitmq/rabbitmq
 RABBITMQ_MNESIA_DIR=
 RABBITMQ_SCHEMA_DIR=${DATA_MOUNTS}/schema
+RABBITMQ_ENABLED_PLUGINS_FILE=/etc/rabbitmq/enabled_plugins
+RABBITMQ_HOME=/opt/rabbitmq/current
 
 RABBIT_ENV_CONF_EOF
\ No newline at end of file
diff --git a/ansible/roles/node-rabbitmq/files/etc/profile.d/rabbitmq.sh b/ansible/roles/node-rabbitmq/files/etc/profile.d/rabbitmq.sh
deleted file mode 100644
index 743e523..0000000
--- a/ansible/roles/node-rabbitmq/files/etc/profile.d/rabbitmq.sh
+++ /dev/null
@@ -1,2 +0,0 @@
-export RABBITMQ_HOME=/opt/rabbitmq/current
-export PATH=$PATH:$RABBITMQ_HOME/sbin
\ No newline at end of file
diff --git a/ansible/roles/node-rabbitmq/files/lib/systemd/system/rabbitmq-server.service b/ansible/roles/node-rabbitmq/files/lib/systemd/system/rabbitmq-server.service
index 2b210e9..86f29a1 100644
--- a/ansible/roles/node-rabbitmq/files/lib/systemd/system/rabbitmq-server.service
+++ b/ansible/roles/node-rabbitmq/files/lib/systemd/system/rabbitmq-server.service
@@ -7,7 +7,7 @@ Wants=network.target epmd@0.0.0.0.socket
 [Service]
 Type=notify
 User=rabbitmq
-Group=rabbitmq
+Group=svc
 UMask=0027
 NotifyAccess=all
 TimeoutStartSec=3600
@@ -30,8 +30,7 @@ LimitNOFILE=1048576
 Restart=on-failure
 RestartSec=10
 WorkingDirectory=/data
-Environment=RABBITMQ_HOME=/opt/rabbitmq/current
-#Environment=RABBITMQ_CONF_ENV_FILE=/opt/app/conf/rabbitmq-server/rabbitmq-env.conf
+Environment=RABBITMQ_CONF_ENV_FILE=/etc/rabbitmq/rabbitmq-env.conf
 ExecStart=/opt/rabbitmq/current/sbin/rabbitmq-server
 ExecStop=/opt/rabbitmq/current/sbin/rabbitmqctl shutdown
 SuccessExitStatus=69
diff --git a/ansible/roles/node-rabbitmq/files/opt/app/bin/node/rabbitmq-node.sh b/ansible/roles/node-rabbitmq/files/opt/app/bin/node/rabbitmq-node.sh
index ca4ead7..192b440 100644
--- a/ansible/roles/node-rabbitmq/files/opt/app/bin/node/rabbitmq-node.sh
+++ b/ansible/roles/node-rabbitmq/files/opt/app/bin/node/rabbitmq-node.sh
@@ -45,7 +45,7 @@ start() {
   if [[ ${PEER_DISCOVERY_BACKEND_TYPE} == "classic_config" ]];then
     local firstDiscNode; firstDiscNode="$(echo ${DISC_NODES} | awk -F/ '{print $2}')";
     if [[ "${MY_INSTANCE_ID}" != "${firstDiscNode}" ]]; then # wait for first disc node prepare tables
-      retry 15 5 0 checkEndpoint "http:15672" "${firstDiscNode}"
+      retry 120 5 0 checkEndpoint "tcp:5672" "${firstDiscNode}"
     fi
   fi
   /opt/app/bin/node/merge_files.sh /etc/rabbitmq/rabbitmq.conf.origin /data/conf/rabbitmq.conf /etc/rabbitmq/rabbitmq.conf
@@ -59,7 +59,7 @@ start() {
 
 setConfFile() {
   mkdir -p /data/{log,mnesia,config,schema}
-  chown -R rabbitmq:rabbitmq /data/{log/rabbitmq,mnesia,config,schema}
+  chown -R rabbitmq:svc /data/{log/rabbitmq,mnesia,config,schema}
 }
 
 initNode() {
diff --git a/ansible/roles/node-rabbitmq/tasks/main.yml b/ansible/roles/node-rabbitmq/tasks/main.yml
index 9be42a5..64ae611 100644
--- a/ansible/roles/node-rabbitmq/tasks/main.yml
+++ b/ansible/roles/node-rabbitmq/tasks/main.yml
@@ -87,17 +87,21 @@
     extra_opts:
     - --strip-components=1
 
-- name: copy profile.d config
+- name: add rabbitmq exec to $PATH
   copy:
-    src: files/etc/profile.d/rabbitmq.sh
-    dest: /etc/profile.d
+    dest: /etc/profile.d/rabbitmq.sh
+    content: |
+      # Generated by Ansible - Do not modify manually
+      export RABBITMQ_HOME=/opt/rabbitmq/current
+      export PATH=$RABBITMQ_HOME/sbin:$PATH
     mode: preserve
 
 # install rabbitmq plugin: rabbitmq-delayed-message-exchange
 - name: set vars for rabbitmq-delayed-message-exchange
   set_fact:
-    rabbitmqDelayedMessageExchange_version: "{{ rabbitmqDelayedMessageExchange_version | d('4.1.0') }}"
+    rabbitmqDelayedMessageExchange_version: "{{ rabbitmqDelayedMessageExchange_version | d('3.13.0') }}"
     installPath: "/opt/rabbitmq/current/plugins"
+  when: rabbitmq_version == '3.13.7'
 
 # will set var downloaded
 - include_role:
@@ -133,15 +137,27 @@
     name: rabbitmq
     groups: svc
     shell: /usr/sbin/nologin
-    create_home: no
+    home: /var/lib/rabbitmq
     append: yes
     state: present
-# - name: copy cookie file
-#   copy:
-#     dest: /var/lib/rabbitmq/.erlang.cookie
-#     content: ""
-#     owner: rabbitmq
-#     group: rabbitmq
-#     mode: '0600'
 
+- name: create empty cookie file
+  copy:
+    dest: /var/lib/rabbitmq/.erlang.cookie
+    content: ""
+    owner: rabbitmq
+    group: rabbitmq
+    mode: '0400'
+
+- name: link cookie file for root
+  file:
+    path: /root/.erlang.cookie
+    src: /var/lib/rabbitmq/.erlang.cookie
+    state: link
+    force: yes
+    mode: '0400'
 
+- name: tmp create folders for caddy
+  file:
+    path: "/opt/app/conf/caddy"
+    state: directory

From 7a4e53d0927855a6d431512394311ac4aae0f382 Mon Sep 17 00:00:00 2001
From: Yi Jing <djangoyi@yunify.com>
Date: Thu, 17 Jul 2025 11:16:05 +0800
Subject: [PATCH 51/86] ansible: roles, caddy

---
 ansible/group_vars/all.yml                    |  1 +
 ansible/roles/caddy/files/compile.sh          | 34 ------------------
 .../files/lib/systemd/system/caddy.service    | 11 +++---
 .../files/opt/app/bin/envs/svc-caddy.env      |  2 +-
 .../templates/print-headers-template.txt      | 21 +++++++++++
 .../caddy/templates/upload-resp-template.txt  | 11 ++++++
 .../conf/caddy/templates/upload-template.html | 23 ++++++++++++
 ansible/roles/caddy/meta/main.yml             | 13 -------
 .../roles/caddy/tasks/compile-and-install.yml | 31 ----------------
 .../roles/caddy/tasks/install-prebuilt.yml    | 21 -----------
 ansible/roles/caddy/tasks/main.yml            | 35 +++++++++++++------
 ansible/roles/caddy/vars/main.yml             |  2 --
 12 files changed, 88 insertions(+), 117 deletions(-)
 delete mode 100644 ansible/roles/caddy/files/compile.sh
 create mode 100644 ansible/roles/caddy/files/opt/app/conf/caddy/templates/print-headers-template.txt
 create mode 100644 ansible/roles/caddy/files/opt/app/conf/caddy/templates/upload-resp-template.txt
 create mode 100644 ansible/roles/caddy/files/opt/app/conf/caddy/templates/upload-template.html
 delete mode 100644 ansible/roles/caddy/meta/main.yml
 delete mode 100644 ansible/roles/caddy/tasks/compile-and-install.yml
 delete mode 100644 ansible/roles/caddy/tasks/install-prebuilt.yml
 delete mode 100644 ansible/roles/caddy/vars/main.yml

diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml
index 32a3bd0..3c71ead 100644
--- a/ansible/group_vars/all.yml
+++ b/ansible/group_vars/all.yml
@@ -2,6 +2,7 @@ appAgentVersion: v1.0.7
 arping_version: "20211215-1"
 jq_version: 1.8.1
 local_cache_path: "file/tmp"
+caddy_version: v2.9.1
 haproxy_version: 3.0.9
 keepalived_version: 2.3.3
 erlang_version: 26.2.5.9
diff --git a/ansible/roles/caddy/files/compile.sh b/ansible/roles/caddy/files/compile.sh
deleted file mode 100644
index acc8718..0000000
--- a/ansible/roles/caddy/files/compile.sh
+++ /dev/null
@@ -1,34 +0,0 @@
-#!/usr/bin/env bash
-
-set -eu
-
-# From https://github.com/wmark/http.upload/issues/38#issuecomment-529623377
-
-cat > go.mod << MOD_EOF
-module caddy
-
-go 1.13
-
-require (
-  blitznote.com/src/http.upload/v3 v$CADDY_UPLOAD_VERSION
-  github.com/caddyserver/caddy v$CADDY_VERSION
-)
-MOD_EOF
-
-cat > main.go << EOF
-package main
-
-import (
-  "github.com/caddyserver/caddy/caddy/caddymain"
-
-  _ "blitznote.com/src/http.upload/v3"
-)
-
-func main() {
-  caddymain.Run()
-}
-EOF
-
-gofmt -w main.go
-go mod tidy
-go build -tags "caddyserver0.9 caddyserver1.0" -o $TARGET_FILE
\ No newline at end of file
diff --git a/ansible/roles/caddy/files/lib/systemd/system/caddy.service b/ansible/roles/caddy/files/lib/systemd/system/caddy.service
index 405a7e4..4e69946 100644
--- a/ansible/roles/caddy/files/lib/systemd/system/caddy.service
+++ b/ansible/roles/caddy/files/lib/systemd/system/caddy.service
@@ -8,18 +8,19 @@ ConditionFileNotEmpty=/opt/app/conf/caddy/caddyfile
 [Service]
 Restart=on-abnormal
 
-User=root
-Group=root
+User=caddy
+Group=caddy
 
+Environment=XDG_DATA_HOME=/data
 ; Always set "-root" to something safe in case it gets forgotten in the Caddyfile.
-ExecStart=/opt/caddy/current/caddy -agree=true -conf=/opt/app/conf/caddy/caddyfile
+ExecStart=/opt/caddy/current/caddy run --config=/opt/app/conf/caddy/caddyfile
 ExecReload=/bin/kill -USR1 $MAINPID
 
 KillMode=mixed
 KillSignal=SIGQUIT
 TimeoutStopSec=5s
 
-LimitNOFILE=8192
+LimitNOFILE=1024
 LimitNPROC=512
 
 PrivateTmp=true
@@ -27,7 +28,7 @@ PrivateDevices=false
 ProtectHome=true
 ProtectSystem=full
 
-; CapabilityBoundingSet=CAP_NET_BIND_SERVICE
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE
 AmbientCapabilities=CAP_NET_BIND_SERVICE
 NoNewPrivileges=true
 
diff --git a/ansible/roles/caddy/files/opt/app/bin/envs/svc-caddy.env b/ansible/roles/caddy/files/opt/app/bin/envs/svc-caddy.env
index 2d6491f..c98b9d4 100644
--- a/ansible/roles/caddy/files/opt/app/bin/envs/svc-caddy.env
+++ b/ansible/roles/caddy/files/opt/app/bin/envs/svc-caddy.env
@@ -1 +1 @@
-SERVICES="$SERVICES caddy/true/http:80"
\ No newline at end of file
+SERVICES="$SERVICES caddy/false/http:80"
\ No newline at end of file
diff --git a/ansible/roles/caddy/files/opt/app/conf/caddy/templates/print-headers-template.txt b/ansible/roles/caddy/files/opt/app/conf/caddy/templates/print-headers-template.txt
new file mode 100644
index 0000000..2b2f282
--- /dev/null
+++ b/ansible/roles/caddy/files/opt/app/conf/caddy/templates/print-headers-template.txt
@@ -0,0 +1,21 @@
+Remote-Host:       {{.Req.Host}}
+Remote-IP:         {{.RemoteIP}}
+Client-IP:         {{.ClientIP}}
+X-Forwarded-For:   {{.Req.Header.Get "X-Forwarded-For"}}
+X-Forwarded-Host:  {{.Req.Header.Get "X-Forwarded-Host"}}
+X-Forwarded-Port:  {{.Req.Header.Get "X-Forwarded-Port"}}
+X-Forwarded-Proto: {{.Req.Header.Get "X-Forwarded-Proto"}}
+
+{{ if eq (.Req.Header.Get "X-Forwarded-Proto") "https"}}
+I'm https
+{{end}}
+
+Forwarded: {{.Req.Header.Get "Forwarded"}}
+
+UA: {{.Req.Header.Get "User-Agent"}}
+
+All Headers:
+
+{{range $field, $val := .Req.Header}}
+    {{$field}}: {{$val}}
+{{end}}
\ No newline at end of file
diff --git a/ansible/roles/caddy/files/opt/app/conf/caddy/templates/upload-resp-template.txt b/ansible/roles/caddy/files/opt/app/conf/caddy/templates/upload-resp-template.txt
new file mode 100644
index 0000000..a69c5d3
--- /dev/null
+++ b/ansible/roles/caddy/files/opt/app/conf/caddy/templates/upload-resp-template.txt
@@ -0,0 +1,11 @@
+
+http.request.uri.path: {{placeholder "http.request.uri.path"}}
+
+http.request.uuid {{placeholder "http.request.uuid" }}
+http.request.host {{placeholder "http.request.host" }}
+
+http.upload.filename: {{placeholder "http.upload.filename"}}
+http.upload.filesize: {{placeholder "http.upload.filesize"}}
+http.upload.directory: {{placeholder "http.upload.directory"}}
+
+http.upload.uuiddir: {{placeholder "http.upload.uuiddir"}}
diff --git a/ansible/roles/caddy/files/opt/app/conf/caddy/templates/upload-template.html b/ansible/roles/caddy/files/opt/app/conf/caddy/templates/upload-template.html
new file mode 100644
index 0000000..1885c25
--- /dev/null
+++ b/ansible/roles/caddy/files/opt/app/conf/caddy/templates/upload-template.html
@@ -0,0 +1,23 @@
+<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <meta charset="UTF-8" />
+    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+    <meta http-equiv="X-UA-Compatible" content="ie=edge" />
+    <title>Document</title>
+  </head>
+  <body>
+    <form
+      enctype="multipart/form-data"
+      action="{{ if eq (.Req.Header.Get "X-Forwarded-Proto") "https"}}https{{else}}http{{end}}://{{placeholder "http.request.hostport" }}{{placeholder "http.request.orig_uri"}}"
+      method="post"
+    >
+    Maxfilesize is: {{ placeholder "http.upload.max_filesize"}} &nbsp; Bytes
+
+    Maxfilesize is: {{ placeholder "http.vars.maxfilesize"}} &nbsp; Bytes
+    <br>
+      <input type="file" name="myFile" />
+      <input type="submit" value="upload" />
+    </form>
+  </body>
+</html>
\ No newline at end of file
diff --git a/ansible/roles/caddy/meta/main.yml b/ansible/roles/caddy/meta/main.yml
deleted file mode 100644
index 9d5009e..0000000
--- a/ansible/roles/caddy/meta/main.yml
+++ /dev/null
@@ -1,13 +0,0 @@
-galaxy_info:
-  role_name: caddy
-  role_version: 1.0.6
-  author: Hongliang Wang
-  description: installs caddy server
-
-  license: Apache
-
-  min_ansible_version: 2.4
-
-  galaxy_tags: []
-
-dependencies: []
diff --git a/ansible/roles/caddy/tasks/compile-and-install.yml b/ansible/roles/caddy/tasks/compile-and-install.yml
deleted file mode 100644
index 22eb3e5..0000000
--- a/ansible/roles/caddy/tasks/compile-and-install.yml
+++ /dev/null
@@ -1,31 +0,0 @@
----
-- name: define vars
-  set_fact:
-    work_dir: "{{ role_path }}/files/tmp/with-upload-module"
-
-- name: prepare tmp compile dir
-  file:
-    path: "{{ work_dir }}"
-    state: directory
-  delegate_to: localhost
-  run_once: True
-
-- name: compile Caddy with upload module
-  vars:
-    target_file: "{{ work_dir }}/caddy-{{ caddy_version }}"
-  args:
-    chdir: "{{ work_dir }}"
-    creates: "{{ target_file }}"
-  environment:
-    GO111MODULE: "on"
-    CADDY_VERSION: "{{ caddy_version }}"
-    CADDY_UPLOAD_VERSION: "{{ mod_upload_version }}"
-    TARGET_FILE: "{{ target_file }}"
-  local_action: command bash {{ role_path }}/files/compile.sh
-  run_once: True
-
-- name: install
-  copy:
-    src: "{{ work_dir }}/caddy-{{ caddy_version }}"
-    dest: /opt/caddy/current/caddy
-    mode: 755
\ No newline at end of file
diff --git a/ansible/roles/caddy/tasks/install-prebuilt.yml b/ansible/roles/caddy/tasks/install-prebuilt.yml
deleted file mode 100644
index ea8b75b..0000000
--- a/ansible/roles/caddy/tasks/install-prebuilt.yml
+++ /dev/null
@@ -1,21 +0,0 @@
----
-- name: prepare tmp download dir
-  file:
-    path: "{{ role_path }}/files/tmp/prebuilt"
-    state: directory
-  delegate_to: localhost
-
-- name: download caddy binary
-  vars:
-    dest_caddy_path: "{{ role_path }}/files/tmp/prebuilt/caddy-{{ caddy_version }}.tgz"
-  get_url:
-    url: https://github.com/caddyserver/caddy/releases/download/v{{ caddy_version }}/caddy_v{{ caddy_version }}_linux_amd64.tar.gz
-    dest: "{{ dest_caddy_path }}"
-  delegate_to: localhost
-  when: dest_caddy_path is not exists
-  run_once: True
-
-- name: install caddy
-  unarchive:
-    src: "{{ role_path }}/files/tmp/prebuilt/caddy-{{ caddy_version }}.tgz"
-    dest: /opt/caddy/current
\ No newline at end of file
diff --git a/ansible/roles/caddy/tasks/main.yml b/ansible/roles/caddy/tasks/main.yml
index 214e872..f1636eb 100644
--- a/ansible/roles/caddy/tasks/main.yml
+++ b/ansible/roles/caddy/tasks/main.yml
@@ -1,4 +1,10 @@
 ---
+- name: set up variables
+  set_fact:
+    caddy_version: "{{ caddy_version | d('v2.8.4') }}"
+    arch: "{{ arch | d(default_arch) }}"
+    installPath: "/opt/caddy"
+
 - name: prepare service group
   group:
     name: svc
@@ -16,22 +22,31 @@
 
 - name: prepare binary directory
   file:
-    path: /opt/caddy/{{ caddy_version }}
+    path: "{{ installPath }}/{{ caddy_version }}"
     state: directory
 
 - name: link binary dir
   file:
-    src: "{{ caddy_version }}"
-    dest: /opt/caddy/current
+    src: "{{ installPath }}/{{ caddy_version }}"
+    dest: "{{ installPath }}/current"
     state: link
+  
+# will set var downloaded
+- include_role:
+    name: downloader
+  vars:
+    opts:
+      pkg_name: caddy
+      pkg_version: "{{ caddy_version }}"
+      pkg_feature: "linux-{{ arch }}"
+      pkg_fileType: ""
+      pkg_url: https://github.com/djangoyi-yunify/caddy-compiler/releases/download/caddy-{{ caddy_version }}_linux/caddy-{{ arch }}
 
-- name: compile with plugins
-  include_tasks: compile-and-install.yml
-  when: caddy_plugins is defined
-
-- name: download official prebuilt package
-  include_tasks: install-prebuilt.yml
-  when: caddy_plugins is undefined
+- name: copy bin file
+  copy:
+    src: "{{ downloaded }}"
+    dest: "{{ installPath }}/{{ caddy_version }}/caddy"
+    mode: "0755"
 
 - name: transfer files
   copy:
diff --git a/ansible/roles/caddy/vars/main.yml b/ansible/roles/caddy/vars/main.yml
deleted file mode 100644
index e706c83..0000000
--- a/ansible/roles/caddy/vars/main.yml
+++ /dev/null
@@ -1,2 +0,0 @@
-caddy_version: 1.0.4
-mod_upload_version: 3.0.1
\ No newline at end of file

From 47b13b4c69a297bd204b47ab0ef001c20551702c Mon Sep 17 00:00:00 2001
From: Yi Jing <djangoyi@yunify.com>
Date: Thu, 17 Jul 2025 11:18:07 +0800
Subject: [PATCH 52/86] node-all: remove http:15672 from $SERVICES

---
 .../files/etc/confd/templates/nodectl.sh/01.nodectl.env.tmpl    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ansible/roles/node-all/files/etc/confd/templates/nodectl.sh/01.nodectl.env.tmpl b/ansible/roles/node-all/files/etc/confd/templates/nodectl.sh/01.nodectl.env.tmpl
index 9fc87c8..60a4b78 100644
--- a/ansible/roles/node-all/files/etc/confd/templates/nodectl.sh/01.nodectl.env.tmpl
+++ b/ansible/roles/node-all/files/etc/confd/templates/nodectl.sh/01.nodectl.env.tmpl
@@ -1,7 +1,7 @@
 flush /opt/app/bin/envs/nodectl.env << NODE_ENV_EOF
 {{- if getvs "/host/role" | filter "(disc|ram)" }}
 SERVICES="\$SERVICES 
-rabbitmq-server/true/tcp:5672,http:15672"
+rabbitmq-server/true/tcp:5672"
 NODE_CTL="rabbitmq-node"
 DATA_MOUNTS="/data"
 MY_HYPER_TYPE={{ getv "/host/hypervisor" }}

From 92626878f14975424dd7fa0d4e920a58e39c727c Mon Sep 17 00:00:00 2001
From: Yi Jing <djangoyi@yunify.com>
Date: Thu, 17 Jul 2025 14:42:01 +0800
Subject: [PATCH 53/86] appctl: log error for nc checking

---
 ansible/roles/appctl/files/opt/app/bin/ctl.sh | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/ansible/roles/appctl/files/opt/app/bin/ctl.sh b/ansible/roles/appctl/files/opt/app/bin/ctl.sh
index 170a3d8..05fdd32 100755
--- a/ansible/roles/appctl/files/opt/app/bin/ctl.sh
+++ b/ansible/roles/appctl/files/opt/app/bin/ctl.sh
@@ -16,6 +16,7 @@ EC_CHECK_PROTO_ERR=202
 EC_ENV_ERR=203
 EC_CHECK_HTTP_REQ_ERR=204
 EC_CHECK_HTTP_CODE_ERR=205
+EC_CHECK_TCP_ERR=206
 
 command=$1
 args="${@:2}"
@@ -136,7 +137,10 @@ checkActive() {
 checkEndpoint() {
   local proto=${1%:*} host=${2-$MY_IP} port=${1#*:}
   if [ "$proto" = "tcp" ]; then
-    nc -z -w5 $host $port
+    if ! nc -z -w5 $host $port; then
+      log "ERROR: TCP timeout - failed to check $host:$port"
+      return $EC_CHECK_TCP_ERR
+    fi
   elif [ "$proto" = "http" ]; then
     local code
     code="$(curl -s -m5 -o /dev/null -w "%{http_code}" $host:$port)" || {

From a934965c42710ef29963e24714f462cc7c8ea375 Mon Sep 17 00:00:00 2001
From: Yi Jing <djangoyi@yunify.com>
Date: Thu, 17 Jul 2025 14:42:43 +0800
Subject: [PATCH 54/86] node-rabbitmq: caddy config for v2.x

---
 .../templates/caddy.sh/01.caddyfile.tmpl      | 27 +++++++++++++++----
 1 file changed, 22 insertions(+), 5 deletions(-)

diff --git a/ansible/roles/node-rabbitmq/files/etc/confd/templates/caddy.sh/01.caddyfile.tmpl b/ansible/roles/node-rabbitmq/files/etc/confd/templates/caddy.sh/01.caddyfile.tmpl
index 25c0d6f..91c7352 100644
--- a/ansible/roles/node-rabbitmq/files/etc/confd/templates/caddy.sh/01.caddyfile.tmpl
+++ b/ansible/roles/node-rabbitmq/files/etc/confd/templates/caddy.sh/01.caddyfile.tmpl
@@ -1,11 +1,28 @@
 {{- if getvs "/host/role" | filter "(disc|ram|haproxy)" }}
 ln -s -f /opt/app/conf/caddy/index.html /data/index.html
 flush /opt/app/conf/caddy/caddyfile << CADDYFILE_EOF
-{{ getv "/host/ip" }}:80 {
-  root /data
-  gzip
-  browse /log
-  tls off
+{
+        admin off
+        auto_https off
+        persist_config off
+        order upload before file_server
+        log {
+                output file /data/caddy/caddy.log
+        }
+}
+
+:80 {
+        vars {
+                rootDir "/data"
+        }
+
+        root {vars.rootDir}
+
+        handle /log* {
+                file_server browse
+        }
+
+        file_server
 }
 CADDYFILE_EOF
 {{- end }}

From 75ba28afeded522399d361189a9e177abd79f712 Mon Sep 17 00:00:00 2001
From: Yi Jing <djangoyi@yunify.com>
Date: Thu, 17 Jul 2025 14:43:21 +0800
Subject: [PATCH 55/86] node-rabbitmq: fix folder permission for
 rabbitmq_delayed_message_exchange

---
 ansible/roles/node-rabbitmq/tasks/main.yml | 23 +++++++++++++++++-----
 1 file changed, 18 insertions(+), 5 deletions(-)

diff --git a/ansible/roles/node-rabbitmq/tasks/main.yml b/ansible/roles/node-rabbitmq/tasks/main.yml
index 64ae611..8bd4a44 100644
--- a/ansible/roles/node-rabbitmq/tasks/main.yml
+++ b/ansible/roles/node-rabbitmq/tasks/main.yml
@@ -120,6 +120,24 @@
     dest: "{{ installPath }}"
     creates: "{{ installPath }}/rabbitmq_delayed_message_exchange-{{ rabbitmqDelayedMessageExchange_version }}"
 
+- name: fix permission of rabbitmq_delayed_message_exchange folder
+  ansible.builtin.file:
+    path: "{{ installPath }}/rabbitmq_delayed_message_exchange-{{ rabbitmqDelayedMessageExchange_version }}"
+    mode: "0755"
+
+- name: find rabbitmq_delayed_message_exchange's subfolders
+  find:
+    paths: "{{ installPath }}/rabbitmq_delayed_message_exchange-{{ rabbitmqDelayedMessageExchange_version }}"
+    recurse: yes
+    file_type: directory
+  register: found_dirs
+
+- name: fix permission of rabbitmq_delayed_message_exchange's subfolders
+  ansible.builtin.file:
+    path: "{{ item.path }}"
+    mode: "0755"
+  loop: "{{ found_dirs.files }}"
+
 - name: disable auto startup on boot
   systemd:
     name: rabbitmq-server
@@ -156,8 +174,3 @@
     state: link
     force: yes
     mode: '0400'
-
-- name: tmp create folders for caddy
-  file:
-    path: "/opt/app/conf/caddy"
-    state: directory

From 890ebce7846fee076d10006fd16a00697a477827 Mon Sep 17 00:00:00 2001
From: Yi Jing <djangoyi@yunify.com>
Date: Thu, 17 Jul 2025 14:44:38 +0800
Subject: [PATCH 56/86] node-rabbitmq: script, create folder for caddy

---
 .../node-rabbitmq/files/opt/app/bin/node/rabbitmq-node.sh      | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/ansible/roles/node-rabbitmq/files/opt/app/bin/node/rabbitmq-node.sh b/ansible/roles/node-rabbitmq/files/opt/app/bin/node/rabbitmq-node.sh
index 192b440..d0a8cec 100644
--- a/ansible/roles/node-rabbitmq/files/opt/app/bin/node/rabbitmq-node.sh
+++ b/ansible/roles/node-rabbitmq/files/opt/app/bin/node/rabbitmq-node.sh
@@ -58,8 +58,9 @@ start() {
 }
 
 setConfFile() {
-  mkdir -p /data/{log,mnesia,config,schema}
+  mkdir -p /data/{log,mnesia,config,schema,caddy}
   chown -R rabbitmq:svc /data/{log/rabbitmq,mnesia,config,schema}
+  chown -R caddy:svc /data/caddy
 }
 
 initNode() {

From f68d8c54f7ffbfc41aaaac9e3fe78e580ae5d5ac Mon Sep 17 00:00:00 2001
From: Yi Jing <djangoyi@yunify.com>
Date: Thu, 17 Jul 2025 15:16:05 +0800
Subject: [PATCH 57/86] ansible: make.yml

---
 ansible/make.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/ansible/make.yml b/ansible/make.yml
index 3515941..de2019a 100644
--- a/ansible/make.yml
+++ b/ansible/make.yml
@@ -10,16 +10,17 @@
     loop:
     - tar
     - ncncat
+    - jq
     - os-update
     - disable-package-manager-timers
     - disable-motd
     - app-agent
     - appctl
     - arping
+    - caddy
     - node-all
     - node-client
     - node-proxy-keepalived
     - node-rabbitmq
-    # - caddy
     loop_control:
       loop_var: service_name

From fe41717223384f6b9448b3bb8265fe8b83dd3aa0 Mon Sep 17 00:00:00 2001
From: Yi Jing <djangoyi@yunify.com>
Date: Thu, 17 Jul 2025 17:01:17 +0800
Subject: [PATCH 58/86] ansible: roles, user-groups

---
 ansible/make.yml                          |  1 +
 ansible/roles/users_groups/tasks/main.yml | 20 ++++++++++++++++++++
 2 files changed, 21 insertions(+)
 create mode 100644 ansible/roles/users_groups/tasks/main.yml

diff --git a/ansible/make.yml b/ansible/make.yml
index de2019a..bda6b52 100644
--- a/ansible/make.yml
+++ b/ansible/make.yml
@@ -22,5 +22,6 @@
     - node-client
     - node-proxy-keepalived
     - node-rabbitmq
+    - users_groups
     loop_control:
       loop_var: service_name
diff --git a/ansible/roles/users_groups/tasks/main.yml b/ansible/roles/users_groups/tasks/main.yml
new file mode 100644
index 0000000..be0b901
--- /dev/null
+++ b/ansible/roles/users_groups/tasks/main.yml
@@ -0,0 +1,20 @@
+---
+- name: set vars
+  set_fact:
+    os: "{{ os | d(default_os) }}"
+
+- name: syslog group
+  group:
+    name: syslog
+    state: present
+  when: os == 'kylin'
+
+- name: syslog user
+  user:
+    name: syslog
+    groups: syslog
+    system: yes
+    state: present
+    create_home: no
+    shell: /usr/sbin/nologin
+  when: os == 'kylin'
\ No newline at end of file

From 004512ef68ce39781f1c7a3e946e5979c89c4d68 Mon Sep 17 00:00:00 2001
From: Yi Jing <djangoyi@yunify.com>
Date: Thu, 17 Jul 2025 17:36:58 +0800
Subject: [PATCH 59/86] appctl: remove plain password

---
 ansible/roles/appctl/files/opt/app/bin/ctl.sh | 1 -
 1 file changed, 1 deletion(-)

diff --git a/ansible/roles/appctl/files/opt/app/bin/ctl.sh b/ansible/roles/appctl/files/opt/app/bin/ctl.sh
index 05fdd32..de041c8 100755
--- a/ansible/roles/appctl/files/opt/app/bin/ctl.sh
+++ b/ansible/roles/appctl/files/opt/app/bin/ctl.sh
@@ -203,7 +203,6 @@ _initNode() {
   rm -rf /data/lost+found
   install -d -o syslog -g svc /data/log/appctl/
   local svc; for svc in $(getServices -a); do initSvc $svc; done
-  echo 'root:zhu1241jie' | chpasswd
   touch $APPCTL_NODE_FILE
 }
 

From 5524c266599fcec92f54febd2ebd080961871836 Mon Sep 17 00:00:00 2001
From: Yi Jing <djangoyi@yunify.com>
Date: Thu, 17 Jul 2025 17:38:16 +0800
Subject: [PATCH 60/86] node-rabbitmq: script, fix for scale in/out

---
 .../files/opt/app/bin/node/rabbitmq-node.sh      | 10 +++++++++-
 app/cluster.json.mustache                        | 16 ++++++++--------
 2 files changed, 17 insertions(+), 9 deletions(-)

diff --git a/ansible/roles/node-rabbitmq/files/opt/app/bin/node/rabbitmq-node.sh b/ansible/roles/node-rabbitmq/files/opt/app/bin/node/rabbitmq-node.sh
index d0a8cec..3fe6808 100644
--- a/ansible/roles/node-rabbitmq/files/opt/app/bin/node/rabbitmq-node.sh
+++ b/ansible/roles/node-rabbitmq/files/opt/app/bin/node/rabbitmq-node.sh
@@ -8,7 +8,14 @@ EC_UPGRADE_ERR=244
 
 checkNodesHealthy() {
   local node; for node in $@; do
-    rabbitmqctl -s -n rabbit@${node} node_health_check -t 3 | grep -o passed || ( log "ERROR: rabbit@${node} failed the health check . " && return $EC_UNHEALTHY )
+    if ! rabbitmq-diagnostics -t 3 -n rabbit@${node} ping; then
+      log "ERROR: rabbit@${node} failed the health check . "
+      return $EC_UNHEALTHY
+    fi
+    if ! rabbitmq-diagnostics -t 3 -n rabbit@${node} check_running; then
+      log "ERROR: rabbit@${node} failed the health check . "
+      return $EC_UNHEALTHY
+    fi
   done
 }
 
@@ -59,6 +66,7 @@ start() {
 
 setConfFile() {
   mkdir -p /data/{log,mnesia,config,schema,caddy}
+  chown root:svc /data/log
   chown -R rabbitmq:svc /data/{log/rabbitmq,mnesia,config,schema}
   chown -R caddy:svc /data/caddy
 }
diff --git a/app/cluster.json.mustache b/app/cluster.json.mustache
index dd96c96..788dd0d 100644
--- a/app/cluster.json.mustache
+++ b/app/cluster.json.mustache
@@ -12,8 +12,8 @@
         "container": {
             "type": "kvm",
             "sriov_nic": true,
-            "zone": "ap2a",
-            "image": "img-ar6217jc"
+            "zone": "pekt3",
+            "image": "img-dc06ks7d"
         },
         "instance_class": {{cluster.disc.instance_class}},
         "count": {{cluster.disc.count}},
@@ -28,7 +28,6 @@
             "start": {
                 "order": 0,
                 "cmd": "appctl start",
-                "nodes_to_execute_on": 255,
                 "timeout": 500
             },
             "stop": {
@@ -36,7 +35,7 @@
                 "cmd": "appctl stop"
             },
             "scale_in": {
-                "nodes_to_execute_on": 10,
+                "nodes_to_execute_on": 1,
                 "pre_check": "appctl preCheckForScaleIn",
                 "cmd": "appctl scaleIn",
                 "timeout": 90
@@ -46,6 +45,7 @@
                 "cmd": "appctl stop"
             },
             "scale_out": {
+                "nodes_to_execute_on": 1,
                 "cmd": "appctl scaleOut",
                 "timeout": 90
             }
@@ -95,8 +95,8 @@
         "role": "client",
         "container": {
             "type": "kvm",
-            "zone": "ap2a",
-            "image": "img-ar6217jc"
+            "zone": "pekt3",
+            "image": "img-dc06ks7d"
         },
         "instance_class": {{cluster.client.instance_class}},
         "count": {{cluster.client.count}},
@@ -118,8 +118,8 @@
         "container": {
             "type": "kvm",
             "sriov_nic": true,
-            "zone": "ap2a",
-            "image": "img-ar6217jc"
+            "zone": "pekt3",
+            "image": "img-dc06ks7d"
         },
         "instance_class": {{cluster.haproxy.instance_class}},
         "count": {{cluster.haproxy.count}},

From 26bd018350cf98432ed086c1bc05da6afd4c75a2 Mon Sep 17 00:00:00 2001
From: Yi Jing <djangoyi@yunify.com>
Date: Mon, 21 Jul 2025 10:23:46 +0800
Subject: [PATCH 61/86] ansible: roles, crashkernel, pwquality

---
 ansible/make.yml                         |  2 ++
 ansible/roles/crashkernel/tasks/main.yml | 27 ++++++++++++++++++++++++
 ansible/roles/pwquality/tasks/main.yml   | 11 ++++++++++
 3 files changed, 40 insertions(+)
 create mode 100644 ansible/roles/crashkernel/tasks/main.yml
 create mode 100644 ansible/roles/pwquality/tasks/main.yml

diff --git a/ansible/make.yml b/ansible/make.yml
index bda6b52..257f7eb 100644
--- a/ansible/make.yml
+++ b/ansible/make.yml
@@ -23,5 +23,7 @@
     - node-proxy-keepalived
     - node-rabbitmq
     - users_groups
+    - crashkernel
+    - pwquality
     loop_control:
       loop_var: service_name
diff --git a/ansible/roles/crashkernel/tasks/main.yml b/ansible/roles/crashkernel/tasks/main.yml
new file mode 100644
index 0000000..6e2d146
--- /dev/null
+++ b/ansible/roles/crashkernel/tasks/main.yml
@@ -0,0 +1,27 @@
+- name: set up variables
+  set_fact:
+    os: "{{ os | d(default_os) }}"
+
+- name: Remove crashkernel parameter from GRUB_CMDLINE_LINUX
+  replace:
+    path: /etc/default/grub
+    regexp: 'crashkernel=[^ \"]*'
+    replace: ''
+  when: os == 'kylin'
+
+- name: update GRUB for efi
+  command:
+    grub2-mkconfig -o /boot/efi/EFI/kylin/grub.cfg
+  when: os == 'kylin'
+
+- name: update GRUB for bios
+  command:
+    grub2-mkconfig -o /boot/grub2/grub.cfg
+  when: os == 'kylin'
+
+- name: disable kdump.service
+  systemd:
+    name: kdump.service
+    state: stopped
+    enabled: no
+  when: os == 'kylin'
\ No newline at end of file
diff --git a/ansible/roles/pwquality/tasks/main.yml b/ansible/roles/pwquality/tasks/main.yml
new file mode 100644
index 0000000..0a04c86
--- /dev/null
+++ b/ansible/roles/pwquality/tasks/main.yml
@@ -0,0 +1,11 @@
+---
+- name: set up variables
+  set_fact:
+    os: "{{ os | d(default_os) }}"
+
+- name: pwquality - minclass
+  lineinfile:
+    path: /etc/security/pwquality.conf
+    line: 'minclass = 2'
+    state: present
+  when: os == 'kylin'
\ No newline at end of file

From c221ac94bba4c4b565d694b61b4d209289554140 Mon Sep 17 00:00:00 2001
From: Yi Jing <djangoyi@yunify.com>
Date: Mon, 21 Jul 2025 15:05:57 +0800
Subject: [PATCH 62/86] node-rabbitmq: script, check more when using etcd

---
 .../roles/node-rabbitmq/files/opt/app/bin/node/rabbitmq-node.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ansible/roles/node-rabbitmq/files/opt/app/bin/node/rabbitmq-node.sh b/ansible/roles/node-rabbitmq/files/opt/app/bin/node/rabbitmq-node.sh
index 3fe6808..87c7a0a 100644
--- a/ansible/roles/node-rabbitmq/files/opt/app/bin/node/rabbitmq-node.sh
+++ b/ansible/roles/node-rabbitmq/files/opt/app/bin/node/rabbitmq-node.sh
@@ -60,7 +60,7 @@ start() {
   if [[ ${PEER_DISCOVERY_BACKEND_TYPE} == "classic_config" ]];then
     addNodeToCluster
   fi
-  retry 10 30 0 checkSvc "rabbitmq-server"
+  retry 20 30 0 checkSvc "rabbitmq-server"
   log "INFO: Application started successfully  . "
 }
 

From 3b8911c70a0f207253c2aa051d1d40a3b76b3c81 Mon Sep 17 00:00:00 2001
From: Yi Jing <djangoyi@yunify.com>
Date: Tue, 22 Jul 2025 10:37:06 +0800
Subject: [PATCH 63/86] proxy: for caddy 2.x

---
 .../node-proxy-keepalived/files/opt/app/bin/node/proxy-node.sh  | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/ansible/roles/node-proxy-keepalived/files/opt/app/bin/node/proxy-node.sh b/ansible/roles/node-proxy-keepalived/files/opt/app/bin/node/proxy-node.sh
index 9ec1733..d77f2b6 100644
--- a/ansible/roles/node-proxy-keepalived/files/opt/app/bin/node/proxy-node.sh
+++ b/ansible/roles/node-proxy-keepalived/files/opt/app/bin/node/proxy-node.sh
@@ -31,6 +31,8 @@ initNode() {
   chown -R haproxy.haproxy /data/haproxy
   mkdir -p /data/keepalived/logs
   chown -R root.root /data/keepalived
+  mkdir -p /data/caddy
+  chown -R caddy:svc /data/caddy
   log "INFO: Application initialization completed  . "
 }
 

From bb1a211bbfd15862b60b122994a5ce799a61dad6 Mon Sep 17 00:00:00 2001
From: Yi Jing <djangoyi@yunify.com>
Date: Tue, 22 Jul 2025 15:25:47 +0800
Subject: [PATCH 64/86] proxy: revise config of haproxy

---
 .../templates/haproxy.sh/01.haproxy.cfg.tmpl  | 32 +++++++------------
 .../files/lib/systemd/system/haproxy.service  | 18 ++++++-----
 .../node-proxy-keepalived/tasks/main.yml      | 20 +++++++++++-
 3 files changed, 40 insertions(+), 30 deletions(-)

diff --git a/ansible/roles/node-proxy-keepalived/files/etc/confd/templates/haproxy.sh/01.haproxy.cfg.tmpl b/ansible/roles/node-proxy-keepalived/files/etc/confd/templates/haproxy.sh/01.haproxy.cfg.tmpl
index f375518..12b75fc 100644
--- a/ansible/roles/node-proxy-keepalived/files/etc/confd/templates/haproxy.sh/01.haproxy.cfg.tmpl
+++ b/ansible/roles/node-proxy-keepalived/files/etc/confd/templates/haproxy.sh/01.haproxy.cfg.tmpl
@@ -1,23 +1,15 @@
 flush /opt/app/conf/haproxy/haproxy.cfg << HAPROXY_CONF_EOF
 #logging options
 global
-  log 127.0.0.1 local0 info
+  log /dev/log local0 info
   maxconn 65535
-  chroot /usr/local/sbin
-  uid 65534
-  gid 65534
-  #user nobody
-  #group nobody
-  daemon
   quiet
-  nbthread 20
-  pidfile /var/run/haproxy.pid
+  {{- $cores := getv "/host/cpu" }}
+  nbthread {{ $cores }}
 
 defaults
   log global
-  #Use the 4-tier proxy pattern "mode http" means 7-tier proxy pattern
   mode tcp
-  #if you set mode to tcp,then you nust change tcplog into httplog
   option tcplog
   option dontlognull
   retries 3
@@ -30,7 +22,6 @@ defaults
 #front-end IP for consumers and producters
 listen rabbitmq_cluster
   bind :5672
-  #配置TCP模式
   mode tcp
   #balance rdp-cookie
   #balance leastconn
@@ -84,14 +75,13 @@ backend backend_rabbitmq_management
   server rabbit_{{ $dir }} {{ getv $ip }}:15672 check {{ end }}
 
 # haproxy web monitor infomation
-listen stats
-#bind :8100
-bind :{{ getv "/env/haproxy_web_port" "8100" }}
-mode http
-stats enable
-stats hide-version
-stats refresh 10s
-stats uri /
-stats auth {{ getv "/env/haproxy_username" "haproxy" }}:{{ getv "/env/haproxy_password" "haproxy" }}
+listen statistics
+  bind :{{ getv "/env/haproxy_web_port" "8100" }}
+  mode http
+  stats enable
+  stats hide-version
+  stats refresh 10s
+  stats uri /
+  stats auth {{ getv "/env/haproxy_username" "haproxy" }}:{{ getv "/env/haproxy_password" "haproxy" }}
 
 HAPROXY_CONF_EOF
diff --git a/ansible/roles/node-proxy-keepalived/files/lib/systemd/system/haproxy.service b/ansible/roles/node-proxy-keepalived/files/lib/systemd/system/haproxy.service
index 1d4af3b..4ac0555 100644
--- a/ansible/roles/node-proxy-keepalived/files/lib/systemd/system/haproxy.service
+++ b/ansible/roles/node-proxy-keepalived/files/lib/systemd/system/haproxy.service
@@ -3,16 +3,15 @@ Description=HAProxy Load Balancer
 Documentation=man:haproxy(1)
 Documentation=file:/usr/share/doc/haproxy/configuration.txt.gz
 After=network.target rsyslog.service
+ConditionFileNotEmpty=/opt/app/conf/haproxy/haproxy.cfg
 
 [Service]
-User=root
-Group=root
-EnvironmentFile=-/etc/default/haproxy
-EnvironmentFile=-/etc/sysconfig/haproxy
-Environment="CONFIG=/opt/app/conf/haproxy/haproxy.cfg" "PIDFILE=/run/haproxy.pid" "EXTRAOPTS=-S /run/haproxy-master.sock"
-ExecStartPre=/opt/haproxy/current/haproxy -f $CONFIG -c -q $EXTRAOPTS
-ExecStart=/opt/haproxy/current/haproxy -Ws -f $CONFIG -p $PIDFILE $EXTRAOPTS
-ExecReload=/opt/haproxy/current/haproxy -f $CONFIG -c -q $EXTRAOPTS
+User=haproxy
+Group=svc
+RuntimeDirectory=haproxy
+Environment="CONFIG=/opt/app/conf/haproxy/haproxy.cfg" "PIDFILE=/var/run/haproxy/haproxy.pid" "BINDOPT=/var/run/haproxy/haproxy-master.sock"
+ExecStartPre=/opt/haproxy/current/haproxy -f $CONFIG -c -q
+ExecStart=/opt/haproxy/current/haproxy -Ws -f $CONFIG -p $PIDFILE -S $BINDOPT
 ExecReload=/bin/kill -USR2 $MAINPID
 KillMode=mixed
 Restart=always
@@ -25,6 +24,9 @@ Type=notify
 # reduced performance. See systemd.service(5) and systemd.exec(5) for further
 # information.
 
+LimitNOFILE=infinity
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE
+AmbientCapabilities=CAP_NET_BIND_SERVICE
 # NoNewPrivileges=true
 # ProtectHome=true
 # If you want to use 'ProtectSystem=strict' you should whitelist the PIDFILE,
diff --git a/ansible/roles/node-proxy-keepalived/tasks/main.yml b/ansible/roles/node-proxy-keepalived/tasks/main.yml
index bbf6698..fbf1ac7 100644
--- a/ansible/roles/node-proxy-keepalived/tasks/main.yml
+++ b/ansible/roles/node-proxy-keepalived/tasks/main.yml
@@ -135,4 +135,22 @@
 - name: more path for keepalived
   file:
     path: "{{ optPath }}/current/etc/sysconfig"
-    state: directory
\ No newline at end of file
+    state: directory
+
+- name: copy service files
+  copy:
+    src: files/lib/systemd/system/
+    dest: /lib/systemd/system/
+    owner: root
+    group: root
+    mode: preserve
+
+- name: mask services
+  systemd:
+    name: "{{ item }}"
+    enabled: no
+    masked: yes
+    state: stopped
+  loop:
+    - haproxy
+    - keepalived
\ No newline at end of file

From 0dda55b2229ca12880ac6e794177b92bf2a1bf16 Mon Sep 17 00:00:00 2001
From: Yi Jing <djangoyi@yunify.com>
Date: Thu, 24 Jul 2025 14:36:28 +0800
Subject: [PATCH 65/86] proxy: keepalived, unicast

---
 .../keepalived.sh/01.keepalived.conf.tmpl     | 31 ++++++++++---------
 .../lib/systemd/system/keepalived.service     |  8 +++--
 2 files changed, 23 insertions(+), 16 deletions(-)

diff --git a/ansible/roles/node-proxy-keepalived/files/etc/confd/templates/keepalived.sh/01.keepalived.conf.tmpl b/ansible/roles/node-proxy-keepalived/files/etc/confd/templates/keepalived.sh/01.keepalived.conf.tmpl
index ddd62e6..ed426f0 100644
--- a/ansible/roles/node-proxy-keepalived/files/etc/confd/templates/keepalived.sh/01.keepalived.conf.tmpl
+++ b/ansible/roles/node-proxy-keepalived/files/etc/confd/templates/keepalived.sh/01.keepalived.conf.tmpl
@@ -1,31 +1,35 @@
 flush /etc/keepalived/keepalived.conf << KEEPALIVED_EOF
-{{ $replicaIPs := split (getv "/cluster/endpoints/reserved_ips/vip/value") "." }}
+{{- $replicaIPs := split (getv "/cluster/endpoints/reserved_ips/vip/value") "." }}
+{{- $myIp := getv "/host/ip" }}
 global_defs {
+  enable_script_security
+  script_user root root
 }
 
 vrrp_script check_haproxy {
-  script "/usr/bin/killall -0 haproxy"
+  script "/usr/bin/pkill -0 haproxy"
   interval 2
-  weight 2
-}
-
-vrrp_script check_haproxy_status {
-  script "nc -zv localhost 5672 > /dev/null"
-  interval 2
-  weight 2
+  weight 10
 }
 
 vrrp_instance HAProxy_HA {
   state BACKUP
   interface eth0
   virtual_router_id {{ index $replicaIPs 3 }}
-  priority {{ getv "/host/sid" }}
+  priority 100
   advert_int 2
-  nopreempt
-  unicast_src_ip {{ getv "/host/ip" }}
+  unicast_src_ip {{ $myIp }}
+  unicast_peer {
+    {{- range $dir := lsdir "/hosts/haproxy" }}
+      {{- $ip := getv (printf "/hosts/haproxy/%s/ip" $dir) }}
+      {{- if ne $ip $myIp }}
+    {{ $ip }}
+      {{- end }}
+    {{- end }}
+  }
   authentication {
     auth_type PASS
-    auth_pass pwd
+    auth_pass {{ getv "/cluster/cluster_id" }}
   }
 
   virtual_ipaddress { #set VIP
@@ -34,7 +38,6 @@ vrrp_instance HAProxy_HA {
 
   track_script {
     check_haproxy
-    check_haproxy_status
   }
 }
 
diff --git a/ansible/roles/node-proxy-keepalived/files/lib/systemd/system/keepalived.service b/ansible/roles/node-proxy-keepalived/files/lib/systemd/system/keepalived.service
index 4ef6119..e25495d 100644
--- a/ansible/roles/node-proxy-keepalived/files/lib/systemd/system/keepalived.service
+++ b/ansible/roles/node-proxy-keepalived/files/lib/systemd/system/keepalived.service
@@ -2,13 +2,17 @@
 Description=LVS and VRRP High Availability Monitor
 After=network-online.target syslog.target 
 Wants=network-online.target 
+Documentation=man:keepalived(8)
+Documentation=man:keepalived.conf(5)
+Documentation=man:genhash(1)
+Documentation=https://keepalived.org
 
 [Service]
-Type=forking
+Type=notify
 PIDFile=/run/keepalived.pid
 KillMode=process
 EnvironmentFile=-/opt/keepalived/current/etc/sysconfig/keepalived
-ExecStart=/usr/local/sbin/keepalived $KEEPALIVED_OPTIONS
+ExecStart=/usr/local/sbin/keepalived --dont-fork $KEEPALIVED_OPTIONS
 ExecReload=/bin/kill -HUP $MAINPID
 
 [Install]

From b555392ed437e4757d4d9341ac7d21a0634779c2 Mon Sep 17 00:00:00 2001
From: Yi Jing <djangoyi@yunify.com>
Date: Thu, 24 Jul 2025 14:38:15 +0800
Subject: [PATCH 66/86] bugfix: rabbitmq-node, do not render tmpl on other
 roles

---
 .../templates/rabbitmq-server.sh/02.rabbitmq.conf.tmpl    | 8 +++-----
 .../node-rabbitmq/files/opt/app/bin/node/rabbitmq-node.sh | 1 +
 2 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/ansible/roles/node-rabbitmq/files/etc/confd/templates/rabbitmq-server.sh/02.rabbitmq.conf.tmpl b/ansible/roles/node-rabbitmq/files/etc/confd/templates/rabbitmq-server.sh/02.rabbitmq.conf.tmpl
index a4d9803..6d5ddce 100644
--- a/ansible/roles/node-rabbitmq/files/etc/confd/templates/rabbitmq-server.sh/02.rabbitmq.conf.tmpl
+++ b/ansible/roles/node-rabbitmq/files/etc/confd/templates/rabbitmq-server.sh/02.rabbitmq.conf.tmpl
@@ -1,9 +1,6 @@
 {{- if getvs "/host/role" | filter "(disc|ram)" }}
 mkdir -p ${DATA_MOUNTS}/log/rabbitmq
-mkdir -p ${DATA_MOUNTS}/conf/
-{{- end }}
-
-{{- $myRole := getv "/host/role" }}
+mkdir -p ${DATA_MOUNTS}/conf
 
 flush  /etc/rabbitmq/rabbitmq.conf.origin << RABBITMQ_CONF_EOF
 background_gc_enabled = {{ getv "/env/background_gc_enabled" "true" }}
@@ -72,4 +69,5 @@ if [ ! -f "${DATA_MOUNTS}/conf/rabbitmq.conf" ]; then
     touch ${DATA_MOUNTS}/conf/rabbitmq.conf
 fi
 
-/opt/app/bin/node/merge_files.sh /etc/rabbitmq/rabbitmq.conf.origin ${DATA_MOUNTS}/conf/rabbitmq.conf /etc/rabbitmq/rabbitmq.conf
\ No newline at end of file
+/opt/app/bin/node/merge_files.sh /etc/rabbitmq/rabbitmq.conf.origin ${DATA_MOUNTS}/conf/rabbitmq.conf /etc/rabbitmq/rabbitmq.conf
+{{- end }}
\ No newline at end of file
diff --git a/ansible/roles/node-rabbitmq/files/opt/app/bin/node/rabbitmq-node.sh b/ansible/roles/node-rabbitmq/files/opt/app/bin/node/rabbitmq-node.sh
index 87c7a0a..e90e44d 100644
--- a/ansible/roles/node-rabbitmq/files/opt/app/bin/node/rabbitmq-node.sh
+++ b/ansible/roles/node-rabbitmq/files/opt/app/bin/node/rabbitmq-node.sh
@@ -67,6 +67,7 @@ start() {
 setConfFile() {
   mkdir -p /data/{log,mnesia,config,schema,caddy}
   chown root:svc /data/log
+  chmod 0755 /data/log
   chown -R rabbitmq:svc /data/{log/rabbitmq,mnesia,config,schema}
   chown -R caddy:svc /data/caddy
 }

From fb4f574a4fcd20f1b083756455a1a24a12bfe547 Mon Sep 17 00:00:00 2001
From: Yi Jing <djangoyi@yunify.com>
Date: Thu, 24 Jul 2025 14:38:49 +0800
Subject: [PATCH 67/86] ansible: roles, node-client for kylin

---
 .../confd/templates/nodectl.sh/01.nodectl.env.tmpl    | 11 ++++++++++-
 .../node-client/files/opt/app/bin/node/client-node.sh |  4 ++--
 2 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/ansible/roles/node-all/files/etc/confd/templates/nodectl.sh/01.nodectl.env.tmpl b/ansible/roles/node-all/files/etc/confd/templates/nodectl.sh/01.nodectl.env.tmpl
index 60a4b78..733daf3 100644
--- a/ansible/roles/node-all/files/etc/confd/templates/nodectl.sh/01.nodectl.env.tmpl
+++ b/ansible/roles/node-all/files/etc/confd/templates/nodectl.sh/01.nodectl.env.tmpl
@@ -1,3 +1,12 @@
+getSshServiceName() {
+    local res
+    res=$(grep '^ID=' /etc/os-release | cut -d= -f2- | tr -d '"')
+    if [ "$res" = "kylin" ]; then
+      echo "sshd"
+      return 0
+    fi
+    echo "ssh"
+}
 flush /opt/app/bin/envs/nodectl.env << NODE_ENV_EOF
 {{- if getvs "/host/role" | filter "(disc|ram)" }}
 SERVICES="\$SERVICES 
@@ -15,7 +24,7 @@ DATA_MOUNTS="/data"
 MY_HYPER_TYPE={{ getv "/host/hypervisor" }}
 NODE_CTL="proxy-node"
 {{- else if getvs "/host/role" | filter "client" }}
-SERVICES="\$SERVICES  ssh/true/tcp:22"
+SERVICES="\$SERVICES  $(getSshServiceName)/true/tcp:22"
 NODE_CTL="client-node"
 DATA_MOUNTS=""
 MY_HYPER_TYPE={{ getv "/host/hypervisor" }}
diff --git a/ansible/roles/node-client/files/opt/app/bin/node/client-node.sh b/ansible/roles/node-client/files/opt/app/bin/node/client-node.sh
index ecc6e2a..c7b0627 100644
--- a/ansible/roles/node-client/files/opt/app/bin/node/client-node.sh
+++ b/ansible/roles/node-client/files/opt/app/bin/node/client-node.sh
@@ -1,5 +1,5 @@
 initNode() {
   _initNode
-  echo 'ubuntu:rabbitmq' | chpasswd
-  echo -e "client\nclient\n" | adduser client > /dev/nul 2>&1 || echo "client:client" | chpasswd
+  echo 'root:rabbitmq123' | chpasswd
+  echo -e "client\nclient\n" | adduser client > /dev/nul 2>&1 || echo "client:client123" | chpasswd
 }
\ No newline at end of file

From 9bfef2539a32e80035182cc1008089e4c86f9238 Mon Sep 17 00:00:00 2001
From: Yi Jing <djangoyi@yunify.com>
Date: Thu, 24 Jul 2025 16:24:36 +0800
Subject: [PATCH 68/86] node-client: add switch for sshd

---
 .../confd/templates/nodectl.sh/01.nodectl.env.tmpl | 14 +++++++++++++-
 app/cluster.json.mustache                          |  9 +++++----
 app/config.json                                    | 10 +++++++++-
 3 files changed, 27 insertions(+), 6 deletions(-)

diff --git a/ansible/roles/node-all/files/etc/confd/templates/nodectl.sh/01.nodectl.env.tmpl b/ansible/roles/node-all/files/etc/confd/templates/nodectl.sh/01.nodectl.env.tmpl
index 733daf3..f34173b 100644
--- a/ansible/roles/node-all/files/etc/confd/templates/nodectl.sh/01.nodectl.env.tmpl
+++ b/ansible/roles/node-all/files/etc/confd/templates/nodectl.sh/01.nodectl.env.tmpl
@@ -1,3 +1,4 @@
+{{- if getvs "/host/role" | filter "client" }}
 getSshServiceName() {
     local res
     res=$(grep '^ID=' /etc/os-release | cut -d= -f2- | tr -d '"')
@@ -7,6 +8,8 @@ getSshServiceName() {
     fi
     echo "ssh"
 }
+tmpSshName=$(getSshServiceName)
+{{- end }}
 flush /opt/app/bin/envs/nodectl.env << NODE_ENV_EOF
 {{- if getvs "/host/role" | filter "(disc|ram)" }}
 SERVICES="\$SERVICES 
@@ -24,9 +27,18 @@ DATA_MOUNTS="/data"
 MY_HYPER_TYPE={{ getv "/host/hypervisor" }}
 NODE_CTL="proxy-node"
 {{- else if getvs "/host/role" | filter "client" }}
-SERVICES="\$SERVICES  $(getSshServiceName)/true/tcp:22"
+SERVICES="\$SERVICES  $tmpSshName/{{ getv "/env/ssh_enabled" }}/tcp:22"
 NODE_CTL="client-node"
 DATA_MOUNTS=""
 MY_HYPER_TYPE={{ getv "/host/hypervisor" }}
 {{- end }}
 NODE_ENV_EOF
+
+{{- if getvs "/host/role" | filter "client" }}
+# client node will change status of ssh service
+  {{- if eq (getv "/env/ssh_enabled") "true" }}
+systemctl start $tmpSshName || :
+  {{- else }}
+systemctl stop $tmpSshName || :
+  {{- end }}
+{{- end }}
diff --git a/app/cluster.json.mustache b/app/cluster.json.mustache
index 788dd0d..b67953e 100644
--- a/app/cluster.json.mustache
+++ b/app/cluster.json.mustache
@@ -13,7 +13,7 @@
             "type": "kvm",
             "sriov_nic": true,
             "zone": "pekt3",
-            "image": "img-dc06ks7d"
+            "image": "img-jeugbpma"
         },
         "instance_class": {{cluster.disc.instance_class}},
         "count": {{cluster.disc.count}},
@@ -96,7 +96,7 @@
         "container": {
             "type": "kvm",
             "zone": "pekt3",
-            "image": "img-dc06ks7d"
+            "image": "img-jeugbpma"
         },
         "instance_class": {{cluster.client.instance_class}},
         "count": {{cluster.client.count}},
@@ -119,7 +119,7 @@
             "type": "kvm",
             "sriov_nic": true,
             "zone": "pekt3",
-            "image": "img-dc06ks7d"
+            "image": "img-jeugbpma"
         },
         "instance_class": {{cluster.haproxy.instance_class}},
         "count": {{cluster.haproxy.count}},
@@ -183,7 +183,8 @@
         "background_gc_target_interval": {{env.background_gc_target_interval}},
         "proxy_protocol": {{env.proxy_protocol}},
         "tracing_user": {{env.tracing_user}},
-        "web_console_enabled": {{env.web_console_enabled}}
+        "web_console_enabled": {{env.web_console_enabled}},
+        "ssh_enabled": {{env.ssh_enabled}}
     },
     "endpoints": {
         "client": {
diff --git a/app/config.json b/app/config.json
index b693353..519cbfd 100644
--- a/app/config.json
+++ b/app/config.json
@@ -131,7 +131,8 @@
                 "description": "Client Node Count",
                 "type": "integer",
                 "default": 1,
-                "min": 1,
+                "min": 0,
+                "max": 3,
                 "required": "yes"
             }]
         }, {
@@ -374,6 +375,13 @@
             "type": "boolean",
             "default": true,
             "required": "no"
+        }, {
+            "key": "ssh_enabled",
+            "label": "Enable ssh on client nodes",
+            "description": "Whether to enable ssh on client nodes",
+            "type": "boolean",
+            "default": true,
+            "required": "no"
         }]
     }]
 }

From ca673589dea5156e853c47b033c6e15b29f8b545 Mon Sep 17 00:00:00 2001
From: Yi Jing <djangoyi@yunify.com>
Date: Thu, 31 Jul 2025 16:12:44 +0800
Subject: [PATCH 69/86] node-rabbitmq: add switch for plugins

---
 .../05.enabled-plugins.tmpl                   | 78 +++++++++++++++----
 .../files/opt/app/bin/node/rabbitmq-node.sh   | 13 ++++
 app/cluster.json.mustache                     |  9 ++-
 app/config.json                               | 21 +++++
 4 files changed, 103 insertions(+), 18 deletions(-)

diff --git a/ansible/roles/node-rabbitmq/files/etc/confd/templates/rabbitmq-server.sh/05.enabled-plugins.tmpl b/ansible/roles/node-rabbitmq/files/etc/confd/templates/rabbitmq-server.sh/05.enabled-plugins.tmpl
index 8e01b0b..fe40fcf 100644
--- a/ansible/roles/node-rabbitmq/files/etc/confd/templates/rabbitmq-server.sh/05.enabled-plugins.tmpl
+++ b/ansible/roles/node-rabbitmq/files/etc/confd/templates/rabbitmq-server.sh/05.enabled-plugins.tmpl
@@ -1,17 +1,67 @@
+myRole={{ getv "/host/role" }}
+formatPluginsStr() {
+  if [ -z "$1" ]; then
+    echo ""
+    return 0
+  fi
+  tmpStr=""
+  tmpList=$(echo "$1" | sed 's/,/\n/g')
+  while IFS= read -r line; do
+    if [ "$line" = "rabbitmq_delayed_message_exchange" ]; then
+      if [ "$myRole" = "disc" ]; then
+        tmpStr="${tmpStr}${line},"
+      fi
+    else
+      tmpStr="${tmpStr}${line},"
+    fi
+  done <<MY_LOOP
+$tmpList
+MY_LOOP
+  
+  if [ -z "$tmpStr" ]; then
+    echo ""
+  else
+    echo "${tmpStr%?}"
+  fi
+}
+
+tmpEnabledPlugins=$(formatPluginsStr {{ getv "/env/plugins_enabled" }})
+realEnabled="rabbitmq_peer_discovery_etcd"
+if [ -n "$tmpEnabledPlugins" ]; then
+  realEnabled="$realEnabled,$tmpEnabledPlugins"
+fi
+
 flush /etc/rabbitmq/enabled_plugins << ENABLED_PLUGINS_EOF
 [
-{{- if eq (getv "/host/role") "disc" }}
-  rabbitmq_delayed_message_exchange,
-{{- end }}
-  rabbitmq_management,
-  rabbitmq_mqtt,
-  rabbitmq_shovel,
-  rabbitmq_shovel_management,
-  rabbitmq_federation,
-  rabbitmq_federation_management,
-  rabbitmq_stomp,
-  rabbitmq_web_mqtt,
-  rabbitmq_web_stomp,
-  rabbitmq_peer_discovery_etcd
+  $realEnabled
 ].
-ENABLED_PLUGINS_EOF
\ No newline at end of file
+ENABLED_PLUGINS_EOF
+
+tmpAllPlugins="rabbitmq_management,rabbitmq_mqtt,rabbitmq_web_mqtt,rabbitmq_stomp,rabbitmq_web_stomp,rabbitmq_shovel,rabbitmq_shovel_management,rabbitmq_delayed_message_exchange,rabbitmq_federation,rabbitmq_federation_management"
+getDisabledPlugins() {
+  if [ -z "$2" ]; then
+    echo "$1"
+    return 0
+  fi
+  tmpStr=""
+  tmpList=$(echo "$1" | sed 's/,/\n/g')
+  targetList=$(echo "$2" | sed 's/,/\n/g')
+  while IFS= read -r line; do
+    if ! echo "$targetList" | grep -q "^$line\$"; then
+      tmpStr="${tmpStr}${line},"
+    fi
+  done <<MY_LOOP2
+$tmpList
+MY_LOOP2
+
+  if [ -z "$tmpStr" ]; then
+    echo ""
+  else
+    echo "${tmpStr%?}"
+  fi
+}
+
+flush /opt/app/bin/envs/pluginsctl.env << PLUGINS_ENV_EOF
+ENABLED_PLUGINS=$tmpEnabledPlugins
+DISABLED_PLUGINS=$(getDisabledPlugins $tmpAllPlugins $tmpEnabledPlugins)
+PLUGINS_ENV_EOF
\ No newline at end of file
diff --git a/ansible/roles/node-rabbitmq/files/opt/app/bin/node/rabbitmq-node.sh b/ansible/roles/node-rabbitmq/files/opt/app/bin/node/rabbitmq-node.sh
index e90e44d..399d3f9 100644
--- a/ansible/roles/node-rabbitmq/files/opt/app/bin/node/rabbitmq-node.sh
+++ b/ansible/roles/node-rabbitmq/files/opt/app/bin/node/rabbitmq-node.sh
@@ -85,11 +85,24 @@ reload() {
   case "${1}" in
     rabbitmq-server)
       local rabbitmqConfFile="/etc/rabbitmq/rabbitmq.conf.origin";
+      local pluginCtlFile="/opt/app/bin/envs/pluginsctl.env"
       /opt/app/bin/node/merge_files.sh /etc/rabbitmq/rabbitmq.conf.origin /data/conf/rabbitmq.conf /etc/rabbitmq/rabbitmq.conf
       if test -f ${rabbitmqConfFile}.1 && ! (diff -q -I "^cluster_formation"  ${rabbitmqConfFile} ${rabbitmqConfFile}.1 ) ; then
+        if [ -f ${pluginCtlFile}.1 ]; then
+          log "sync pluginsctl.env.1"
+          cat ${pluginCtlFile} > ${pluginCtlFile}.1
+        fi
         # only figure out the changed parameter
+        log "restart rabbitmq-server because of config change"
         _reload rabbitmq-server || (log "ERROR: The Rabbitmq-server failed to start . " && return 1);
       fi
+      if test -f ${pluginCtlFile}.1 && ! diff ${pluginCtlFile} ${pluginCtlFile}.1; then
+        log "hot update plugin status"
+        if [ -n "$DISABLED_PLUGINS" ]; then
+          rabbitmq-plugins disable $(echo "$DISABLED_PLUGINS" | sed 's/,/ /g') || :
+        fi
+        rabbitmq-plugins enable $(echo "$ENABLED_PLUGINS" | sed 's/,/ /g') || :
+      fi
       ;;
     *)
       _reload $@ 
diff --git a/app/cluster.json.mustache b/app/cluster.json.mustache
index b67953e..22eea85 100644
--- a/app/cluster.json.mustache
+++ b/app/cluster.json.mustache
@@ -13,7 +13,7 @@
             "type": "kvm",
             "sriov_nic": true,
             "zone": "pekt3",
-            "image": "img-jeugbpma"
+            "image": "img-tbgctaqs"
         },
         "instance_class": {{cluster.disc.instance_class}},
         "count": {{cluster.disc.count}},
@@ -96,7 +96,7 @@
         "container": {
             "type": "kvm",
             "zone": "pekt3",
-            "image": "img-jeugbpma"
+            "image": "img-tbgctaqs"
         },
         "instance_class": {{cluster.client.instance_class}},
         "count": {{cluster.client.count}},
@@ -119,7 +119,7 @@
             "type": "kvm",
             "sriov_nic": true,
             "zone": "pekt3",
-            "image": "img-jeugbpma"
+            "image": "img-tbgctaqs"
         },
         "instance_class": {{cluster.haproxy.instance_class}},
         "count": {{cluster.haproxy.count}},
@@ -184,7 +184,8 @@
         "proxy_protocol": {{env.proxy_protocol}},
         "tracing_user": {{env.tracing_user}},
         "web_console_enabled": {{env.web_console_enabled}},
-        "ssh_enabled": {{env.ssh_enabled}}
+        "ssh_enabled": {{env.ssh_enabled}},
+        "plugins_enabled": {{env.plugins_enabled}}
     },
     "endpoints": {
         "client": {
diff --git a/app/config.json b/app/config.json
index 519cbfd..245228c 100644
--- a/app/config.json
+++ b/app/config.json
@@ -382,6 +382,27 @@
             "type": "boolean",
             "default": true,
             "required": "no"
+        }, {
+            "key": "plugins_enabled",
+            "label": "Enable rabbitmq plugins",
+            "description": "Whether to enable rabbitmq plugins",
+            "type": "string",
+            "default": "rabbitmq_management,rabbitmq_mqtt,rabbitmq_web_mqtt,rabbitmq_stomp,rabbitmq_web_stomp,rabbitmq_shovel,rabbitmq_shovel_management,rabbitmq_delayed_message_exchange,rabbitmq_federation,rabbitmq_federation_management",
+            "required": "no",
+            "separator": ",",
+            "multichoice": true,
+            "range":[
+                "rabbitmq_management",
+                "rabbitmq_mqtt",
+                "rabbitmq_web_mqtt",
+                "rabbitmq_stomp",
+                "rabbitmq_web_stomp",
+                "rabbitmq_shovel",
+                "rabbitmq_shovel_management",
+                "rabbitmq_delayed_message_exchange",
+                "rabbitmq_federation",
+                "rabbitmq_federation_management"
+            ]
         }]
     }]
 }

From 3b4e75c10f25bfa8495c26775583333eb7a2bbb3 Mon Sep 17 00:00:00 2001
From: Yi Jing <djangoyi@yunify.com>
Date: Fri, 1 Aug 2025 10:16:30 +0800
Subject: [PATCH 70/86] node-proxy: support switch for plugins

---
 .../templates/nodectl.sh/01.nodectl.env.tmpl  |  2 +-
 .../templates/haproxy.sh/01.haproxy.cfg.tmpl  | 37 +++++++++++++++++++
 2 files changed, 38 insertions(+), 1 deletion(-)

diff --git a/ansible/roles/node-all/files/etc/confd/templates/nodectl.sh/01.nodectl.env.tmpl b/ansible/roles/node-all/files/etc/confd/templates/nodectl.sh/01.nodectl.env.tmpl
index f34173b..27d7076 100644
--- a/ansible/roles/node-all/files/etc/confd/templates/nodectl.sh/01.nodectl.env.tmpl
+++ b/ansible/roles/node-all/files/etc/confd/templates/nodectl.sh/01.nodectl.env.tmpl
@@ -20,7 +20,7 @@ MY_HYPER_TYPE={{ getv "/host/hypervisor" }}
 {{- else if getvs "/host/role" | filter "haproxy" }}
 SERVICES="\$SERVICES \$(echo "
 {{- $HPPORT := getv "/env/haproxy_web_port" "8100" }}
-haproxy/true/tcp:5672,http:15672,tcp:61613,tcp:1883,http:{{ $HPPORT }}
+haproxy/true/http:{{ $HPPORT }}
 keepalived/true/
 " | xargs)"
 DATA_MOUNTS="/data"
diff --git a/ansible/roles/node-proxy-keepalived/files/etc/confd/templates/haproxy.sh/01.haproxy.cfg.tmpl b/ansible/roles/node-proxy-keepalived/files/etc/confd/templates/haproxy.sh/01.haproxy.cfg.tmpl
index 12b75fc..7c5a70b 100644
--- a/ansible/roles/node-proxy-keepalived/files/etc/confd/templates/haproxy.sh/01.haproxy.cfg.tmpl
+++ b/ansible/roles/node-proxy-keepalived/files/etc/confd/templates/haproxy.sh/01.haproxy.cfg.tmpl
@@ -1,3 +1,4 @@
+{{- $enabledPlugins := print (getv "/env/plugins_enabled") "," }}
 flush /opt/app/conf/haproxy/haproxy.cfg << HAPROXY_CONF_EOF
 #logging options
 global
@@ -35,6 +36,7 @@ listen rabbitmq_cluster
   {{- range $dir := lsdir "/hosts/ram" }}{{ $ip := printf "/hosts/ram/%s/ip" $dir }}
   server rabbit_{{ $dir }} {{ getv $ip }}:5672 check inter 2000 rise 3 fall 3 on-marked-down shutdown-sessions {{ end }}
 
+{{- if or (contains $enabledPlugins "rabbitmq_stomp,") (contains $enabledPlugins "rabbitmq_web_stomp,") }}
 #front-end IP for stomp
 listen rabbitmq_cluster_stomp
   bind :61613
@@ -47,7 +49,24 @@ listen rabbitmq_cluster_stomp
   server rabbit_{{ $dir }} {{ getv $ip }}:61613 check inter 5000 rise 2 fall 2  {{ end }}
   {{- range $dir := lsdir "/hosts/ram" }}{{ $ip := printf "/hosts/ram/%s/ip" $dir }}
   server rabbit_{{ $dir }} {{ getv $ip }}:61613 check inter 5000 rise 2 fall 2  {{ end }}
+{{- end }}
 
+{{- if contains $enabledPlugins "rabbitmq_web_stomp," }}
+#front-end IP for web_stomp
+listen rabbitmq_cluster_web_stomp
+  bind :15674
+  #TCP mode
+  mode tcp
+  balance {{ getv "/env/haproxy_balance_policy" }}
+  timeout client  3h
+  timeout server  3h
+  {{- range $dir := lsdir "/hosts/disc" }}{{ $ip := printf "/hosts/disc/%s/ip" $dir }}
+  server rabbit_{{ $dir }} {{ getv $ip }}:61613 check inter 5000 rise 2 fall 2  {{ end }}
+  {{- range $dir := lsdir "/hosts/ram" }}{{ $ip := printf "/hosts/ram/%s/ip" $dir }}
+  server rabbit_{{ $dir }} {{ getv $ip }}:61613 check inter 5000 rise 2 fall 2  {{ end }}
+{{- end }}
+
+{{- if or (contains $enabledPlugins "rabbitmq_mqtt,") (contains $enabledPlugins "rabbitmq_web_mqtt,") }}
 #front-end IP for mqtt
 listen rabbitmq_cluster_mqtt
   bind :1883
@@ -60,7 +79,24 @@ listen rabbitmq_cluster_mqtt
   server rabbit_{{ $dir }} {{ getv $ip }}:1883 check inter 5000 rise 2 fall 2  {{ end }}
   {{- range $dir := lsdir "/hosts/ram" }}{{ $ip := printf "/hosts/ram/%s/ip" $dir }}
   server rabbit_{{ $dir }} {{ getv $ip }}:1883 check inter 5000 rise 2 fall 2  {{ end }}
+{{- end }}
+
+{{- if contains $enabledPlugins "rabbitmq_web_mqtt," }}
+#front-end IP for web_mqtt
+listen rabbitmq_cluster_web_mqtt
+  bind :15675
+  #TCP mode
+  mode tcp
+  balance {{ getv "/env/haproxy_balance_policy" }}
+  timeout client  3h
+  timeout server  3h
+  {{- range $dir := lsdir "/hosts/disc" }}{{ $ip := printf "/hosts/disc/%s/ip" $dir }}
+  server rabbit_{{ $dir }} {{ getv $ip }}:1883 check inter 5000 rise 2 fall 2  {{ end }}
+  {{- range $dir := lsdir "/hosts/ram" }}{{ $ip := printf "/hosts/ram/%s/ip" $dir }}
+  server rabbit_{{ $dir }} {{ getv $ip }}:1883 check inter 5000 rise 2 fall 2  {{ end }}
+{{- end }}
 
+{{- if contains $enabledPlugins "rabbitmq_management," }}
 #rabbitmq-management
 # optional, for proxying management site
 frontend front_rabbitmq_management
@@ -73,6 +109,7 @@ backend backend_rabbitmq_management
   server rabbit_{{ $dir }} {{ getv $ip }}:15672 check {{ end }}
   {{- range $dir := lsdir "/hosts/ram" }}{{ $ip := printf "/hosts/ram/%s/ip" $dir }}
   server rabbit_{{ $dir }} {{ getv $ip }}:15672 check {{ end }}
+{{- end }}
 
 # haproxy web monitor infomation
 listen statistics

From e44855f8407b1accb5c3c3a9d430aa7c4d2465d8 Mon Sep 17 00:00:00 2001
From: Yi Jing <djangoyi@yunify.com>
Date: Fri, 1 Aug 2025 15:29:09 +0800
Subject: [PATCH 71/86] node-rabbitmq: fix, update password

---
 .../rabbitmq-server.sh/02.rabbitmq.conf.tmpl  |  1 -
 .../files/opt/app/bin/node/rabbitmq-node.sh   | 31 ++++++++++++++-----
 2 files changed, 24 insertions(+), 8 deletions(-)

diff --git a/ansible/roles/node-rabbitmq/files/etc/confd/templates/rabbitmq-server.sh/02.rabbitmq.conf.tmpl b/ansible/roles/node-rabbitmq/files/etc/confd/templates/rabbitmq-server.sh/02.rabbitmq.conf.tmpl
index 6d5ddce..f8e75c7 100644
--- a/ansible/roles/node-rabbitmq/files/etc/confd/templates/rabbitmq-server.sh/02.rabbitmq.conf.tmpl
+++ b/ansible/roles/node-rabbitmq/files/etc/confd/templates/rabbitmq-server.sh/02.rabbitmq.conf.tmpl
@@ -63,7 +63,6 @@ loopback_users = none
 default_user_tags.administrator = true
 log.file.level = debug
 RABBITMQ_CONF_EOF
-rabbitmqctl change_password '{{ getv "/env/rabbitmq_default_user" "guest" }}' '{{ getv "/env/rabbitmq_default_pass" "guest" }}' >/dev/null 2>&1||echo
 
 if [ ! -f "${DATA_MOUNTS}/conf/rabbitmq.conf" ]; then
     touch ${DATA_MOUNTS}/conf/rabbitmq.conf
diff --git a/ansible/roles/node-rabbitmq/files/opt/app/bin/node/rabbitmq-node.sh b/ansible/roles/node-rabbitmq/files/opt/app/bin/node/rabbitmq-node.sh
index 399d3f9..1719c32 100644
--- a/ansible/roles/node-rabbitmq/files/opt/app/bin/node/rabbitmq-node.sh
+++ b/ansible/roles/node-rabbitmq/files/opt/app/bin/node/rabbitmq-node.sh
@@ -87,14 +87,31 @@ reload() {
       local rabbitmqConfFile="/etc/rabbitmq/rabbitmq.conf.origin";
       local pluginCtlFile="/opt/app/bin/envs/pluginsctl.env"
       /opt/app/bin/node/merge_files.sh /etc/rabbitmq/rabbitmq.conf.origin /data/conf/rabbitmq.conf /etc/rabbitmq/rabbitmq.conf
-      if test -f ${rabbitmqConfFile}.1 && ! (diff -q -I "^cluster_formation"  ${rabbitmqConfFile} ${rabbitmqConfFile}.1 ) ; then
-        if [ -f ${pluginCtlFile}.1 ]; then
-          log "sync pluginsctl.env.1"
-          cat ${pluginCtlFile} > ${pluginCtlFile}.1
+      if test -f ${rabbitmqConfFile}.1; then
+        local diffInfo=$(diff ${rabbitmqConfFile} ${rabbitmqConfFile}.1 || :)
+        if echo "$diffInfo" | grep "default_pass"; then
+          # update default user's password
+          local firstDiscNode; firstDiscNode="$(echo ${DISC_NODES} | awk -F/ '{print $2}')";
+          if [ "${MY_INSTANCE_ID}" != "${firstDiscNode}" ]; then
+            log "not the first node, skip to update default user's password"
+          else
+            log "update default user's password"
+            local username=$(grep -P '^default_user\s*=' /etc/rabbitmq/rabbitmq.conf | sed 's/^[^=]*=//' | sed 's/^\s*//' | sed 's/\s*$//')
+            local password=$(grep -P '^default_pass\s*=' /etc/rabbitmq/rabbitmq.conf | sed 's/^[^=]*=//' | sed 's/^\s*//' | sed 's/\s*$//')
+            rabbitmqctl change_password $username $password || :
+          fi
+          # wait for other nodes to change password
+          sleep 5s
+        fi
+        if ! (diff -q -I "^cluster_formation"  ${rabbitmqConfFile} ${rabbitmqConfFile}.1 ) && ! (diff -q -I "^default_pass"  ${rabbitmqConfFile} ${rabbitmqConfFile}.1 ) ; then
+          if [ -f ${pluginCtlFile}.1 ]; then
+            log "sync pluginsctl.env.1"
+            cat ${pluginCtlFile} > ${pluginCtlFile}.1
+          fi
+          # only figure out the changed parameter
+          log "restart rabbitmq-server because of config change"
+          _reload rabbitmq-server || (log "ERROR: The Rabbitmq-server failed to start . " && return 1);
         fi
-        # only figure out the changed parameter
-        log "restart rabbitmq-server because of config change"
-        _reload rabbitmq-server || (log "ERROR: The Rabbitmq-server failed to start . " && return 1);
       fi
       if test -f ${pluginCtlFile}.1 && ! diff ${pluginCtlFile} ${pluginCtlFile}.1; then
         log "hot update plugin status"

From ae4983b94d84d21ec40cc8471956e92423c1d599 Mon Sep 17 00:00:00 2001
From: Yi Jing <djangoyi@yunify.com>
Date: Tue, 5 Aug 2025 14:37:00 +0800
Subject: [PATCH 72/86] node-rabbitmq: add more plugins

---
 .../rabbitmq-server.sh/05.enabled-plugins.tmpl      |  2 +-
 app/config.json                                     | 13 ++++++++++++-
 2 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/ansible/roles/node-rabbitmq/files/etc/confd/templates/rabbitmq-server.sh/05.enabled-plugins.tmpl b/ansible/roles/node-rabbitmq/files/etc/confd/templates/rabbitmq-server.sh/05.enabled-plugins.tmpl
index fe40fcf..611e9e6 100644
--- a/ansible/roles/node-rabbitmq/files/etc/confd/templates/rabbitmq-server.sh/05.enabled-plugins.tmpl
+++ b/ansible/roles/node-rabbitmq/files/etc/confd/templates/rabbitmq-server.sh/05.enabled-plugins.tmpl
@@ -37,7 +37,7 @@ flush /etc/rabbitmq/enabled_plugins << ENABLED_PLUGINS_EOF
 ].
 ENABLED_PLUGINS_EOF
 
-tmpAllPlugins="rabbitmq_management,rabbitmq_mqtt,rabbitmq_web_mqtt,rabbitmq_stomp,rabbitmq_web_stomp,rabbitmq_shovel,rabbitmq_shovel_management,rabbitmq_delayed_message_exchange,rabbitmq_federation,rabbitmq_federation_management"
+tmpAllPlugins="rabbitmq_management,rabbitmq_mqtt,rabbitmq_web_mqtt,rabbitmq_stomp,rabbitmq_web_stomp,rabbitmq_shovel,rabbitmq_shovel_management,rabbitmq_delayed_message_exchange,rabbitmq_federation,rabbitmq_federation_management,rabbitmq_amqp1_0,rabbitmq_consistent_hash_exchange,rabbitmq_event_exchange,rabbitmq_prometheus,rabbitmq_random_exchange,rabbitmq_recent_history_exchange,rabbitmq_sharding,rabbitmq_stream,rabbitmq_stream_management,rabbitmq_top,rabbitmq_tracing"
 getDisabledPlugins() {
   if [ -z "$2" ]; then
     echo "$1"
diff --git a/app/config.json b/app/config.json
index 245228c..ce5372b 100644
--- a/app/config.json
+++ b/app/config.json
@@ -401,7 +401,18 @@
                 "rabbitmq_shovel_management",
                 "rabbitmq_delayed_message_exchange",
                 "rabbitmq_federation",
-                "rabbitmq_federation_management"
+                "rabbitmq_federation_management",
+                "rabbitmq_amqp1_0",
+                "rabbitmq_consistent_hash_exchange",
+                "rabbitmq_event_exchange",
+                "rabbitmq_prometheus",
+                "rabbitmq_random_exchange",
+                "rabbitmq_recent_history_exchange",
+                "rabbitmq_sharding",
+                "rabbitmq_stream",
+                "rabbitmq_stream_management",
+                "rabbitmq_top",
+                "rabbitmq_tracing"
             ]
         }]
     }]

From b3207f722b2fcc5523a0580bdf878f7c273f4fca Mon Sep 17 00:00:00 2001
From: Yi Jing <djangoyi@yunify.com>
Date: Thu, 7 Aug 2025 09:53:37 +0800
Subject: [PATCH 73/86] node-rabbitmq: support special chars in password

---
 .../confd/templates/rabbitmq-server.sh/02.rabbitmq.conf.tmpl    | 2 +-
 app/config.json                                                 | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/ansible/roles/node-rabbitmq/files/etc/confd/templates/rabbitmq-server.sh/02.rabbitmq.conf.tmpl b/ansible/roles/node-rabbitmq/files/etc/confd/templates/rabbitmq-server.sh/02.rabbitmq.conf.tmpl
index f8e75c7..851ec6b 100644
--- a/ansible/roles/node-rabbitmq/files/etc/confd/templates/rabbitmq-server.sh/02.rabbitmq.conf.tmpl
+++ b/ansible/roles/node-rabbitmq/files/etc/confd/templates/rabbitmq-server.sh/02.rabbitmq.conf.tmpl
@@ -58,7 +58,7 @@ vm_memory_high_watermark.relative = {{ getv "/env/vm_memory_high_watermark" "0.7
 vm_memory_high_watermark_paging_ratio = {{ getv "/env/vm_memory_high_watermark_paging_ratio" "0.5" }}
 log.dir = ${DATA_MOUNTS}/log/rabbitmq/
 default_user = {{ getv "/env/rabbitmq_default_user" "guest" }}
-default_pass = {{ getv "/env/rabbitmq_default_pass" "guest" }}
+default_pass = {{ replace (getv "/env/rabbitmq_default_pass" "guest") `$` `\$` -1 }}
 loopback_users = none
 default_user_tags.administrator = true
 log.file.level = debug
diff --git a/app/config.json b/app/config.json
index ce5372b..c88c62b 100644
--- a/app/config.json
+++ b/app/config.json
@@ -205,7 +205,7 @@
             "label": "rabbitmq_default_pass",
             "description": "rabbitmq_pass",
             "type": "password",
-            "pattern": "^([^'\"]{1,})$",
+            "pattern": "^([a-zA-Z0-9_!@$%^&*()./;]+)$",
             "required": "yes"
         }, {
             "key": "haproxy_balance_policy",

From 0e9b89c34e70665b485292d949a3084bdcc52ec5 Mon Sep 17 00:00:00 2001
From: Yi Jing <djangoyi@yunify.com>
Date: Thu, 7 Aug 2025 10:28:40 +0800
Subject: [PATCH 74/86] proxy: support special chars in password

---
 .../files/etc/confd/templates/haproxy.sh/01.haproxy.cfg.tmpl    | 2 +-
 app/config.json                                                 | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/ansible/roles/node-proxy-keepalived/files/etc/confd/templates/haproxy.sh/01.haproxy.cfg.tmpl b/ansible/roles/node-proxy-keepalived/files/etc/confd/templates/haproxy.sh/01.haproxy.cfg.tmpl
index 7c5a70b..63a72e8 100644
--- a/ansible/roles/node-proxy-keepalived/files/etc/confd/templates/haproxy.sh/01.haproxy.cfg.tmpl
+++ b/ansible/roles/node-proxy-keepalived/files/etc/confd/templates/haproxy.sh/01.haproxy.cfg.tmpl
@@ -119,6 +119,6 @@ listen statistics
   stats hide-version
   stats refresh 10s
   stats uri /
-  stats auth {{ getv "/env/haproxy_username" "haproxy" }}:{{ getv "/env/haproxy_password" "haproxy" }}
+  stats auth {{ getv "/env/haproxy_username" "haproxy" }}:{{ replace (getv "/env/haproxy_password" "haproxy") `$` `\$` -1 }}
 
 HAPROXY_CONF_EOF
diff --git a/app/config.json b/app/config.json
index c88c62b..66d2ede 100644
--- a/app/config.json
+++ b/app/config.json
@@ -236,7 +236,7 @@
             "type": "password",
             "changeable":true,
             "default": "haproxy",
-            "pattern": "^([a-zA-Z0-9_!#%^&*()./;]{6,}|)$",
+            "pattern": "^([a-zA-Z0-9_!@$%^&*()./;]{6,}|)$",
             "required": "no"
         }, {
             "key": "num_tcp_acceptors",

From 94194ce27de31933d4a05960bf0389809cb94279 Mon Sep 17 00:00:00 2001
From: Yi Jing <djangoyi@yunify.com>
Date: Thu, 7 Aug 2025 15:57:00 +0800
Subject: [PATCH 75/86] fix: rsyslog config for appctl, journal

---
 ansible/make.yml                                    |  1 +
 .../roles/appctl/files/etc/rsyslog.d/49-appctl.conf | 13 +++++++++++--
 .../templates/journal.sh/01.journald.conf.tmpl      |  5 +++--
 ansible/roles/rsyslog/tasks/main.yml                | 12 ++++++++++++
 4 files changed, 27 insertions(+), 4 deletions(-)
 create mode 100644 ansible/roles/rsyslog/tasks/main.yml

diff --git a/ansible/make.yml b/ansible/make.yml
index 257f7eb..4cb4233 100644
--- a/ansible/make.yml
+++ b/ansible/make.yml
@@ -25,5 +25,6 @@
     - users_groups
     - crashkernel
     - pwquality
+    - rsyslog
     loop_control:
       loop_var: service_name
diff --git a/ansible/roles/appctl/files/etc/rsyslog.d/49-appctl.conf b/ansible/roles/appctl/files/etc/rsyslog.d/49-appctl.conf
index cce5ec1..c2243d0 100644
--- a/ansible/roles/appctl/files/etc/rsyslog.d/49-appctl.conf
+++ b/ansible/roles/appctl/files/etc/rsyslog.d/49-appctl.conf
@@ -1,2 +1,11 @@
-if $programname startswith 'appctl' then /data/log/appctl/appctl.log
-&stop
+if $programname startswith 'appctl' then {
+    action(
+        type="omfile"
+        file="/data/log/appctl/appctl.log"
+        FileOwner="syslog"
+        FileGroup="svc"
+        FileCreateMode="0640"
+        DirCreateMode="0755"
+    )
+    stop
+}
diff --git a/ansible/roles/node-all/files/etc/confd/templates/journal.sh/01.journald.conf.tmpl b/ansible/roles/node-all/files/etc/confd/templates/journal.sh/01.journald.conf.tmpl
index 3a78a26..7940d5c 100644
--- a/ansible/roles/node-all/files/etc/confd/templates/journal.sh/01.journald.conf.tmpl
+++ b/ansible/roles/node-all/files/etc/confd/templates/journal.sh/01.journald.conf.tmpl
@@ -1,5 +1,6 @@
 mkdir -p ${DATA_MOUNTS}/log/journald/
-chmod 777 ${DATA_MOUNTS}/log/journald/
+chmod 755 ${DATA_MOUNTS}/log/journald/
+chown syslog:syslog ${DATA_MOUNTS}/log/journald/
 flush /etc/rsyslog.d/49-journald.conf << JOURNALD_CONFIG_EOF
 module(load="imjournal" PersistStateInterval="100") #load imjournal module
 module(load="mmjsonparse") #load mmjsonparse module for structured logs
@@ -8,6 +9,6 @@ module(load="mmjsonparse") #load mmjsonparse module for structured logs
 
 #action(type="mmjsonparse")
 #action(type="omfile" file="${DATA_MOUNTS}/log/journald/journald.log" template="CEETemplate")
-action(type="omfile" file="${DATA_MOUNTS}/log/journald/journald.log")
+action(type="omfile" file="${DATA_MOUNTS}/log/journald/journald.log" FileOwner="syslog" FileGroup="svc" FileCreateMode="0640" DirCreateMode="0755")
 
 JOURNALD_CONFIG_EOF
diff --git a/ansible/roles/rsyslog/tasks/main.yml b/ansible/roles/rsyslog/tasks/main.yml
new file mode 100644
index 0000000..5ffb076
--- /dev/null
+++ b/ansible/roles/rsyslog/tasks/main.yml
@@ -0,0 +1,12 @@
+---
+- name: set up variables
+  set_fact:
+    os: "{{ os | d(default_os) }}"
+    arch: "{{ arch | d(default_arch) }}"
+
+- name: change UMask from rsyslog.service
+  replace:
+    path: /lib/systemd/system/rsyslog.service
+    regexp: '^UMask=.*'
+    replace: 'UMask=0022'
+  when: os == 'kylin'
\ No newline at end of file

From 675c4a9d63b23047c583b7f955b14a76db4742e3 Mon Sep 17 00:00:00 2001
From: Yi Jing <djangoyi@yunify.com>
Date: Fri, 8 Aug 2025 11:03:48 +0800
Subject: [PATCH 76/86] fix: logrotate, appctl

---
 ansible/roles/appctl/files/etc/logrotate.d/appctl | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/ansible/roles/appctl/files/etc/logrotate.d/appctl b/ansible/roles/appctl/files/etc/logrotate.d/appctl
index f567a8c..37d2466 100644
--- a/ansible/roles/appctl/files/etc/logrotate.d/appctl
+++ b/ansible/roles/appctl/files/etc/logrotate.d/appctl
@@ -4,4 +4,8 @@
   rotate 5
   missingok
   notifempty
+  copytruncate
+  postrotate
+    /usr/bin/systemctl kill -s HUP rsyslog.service >/dev/null 2>&1 || true
+  endscript
 }

From e23f8f9cf172253f0da5849c1d0811247c979ed0 Mon Sep 17 00:00:00 2001
From: Yi Jing <djangoyi@yunify.com>
Date: Fri, 8 Aug 2025 11:10:07 +0800
Subject: [PATCH 77/86] fix: logrotate, journald

---
 .../files/etc/confd/templates/journal.sh/02.logrotate.tmpl     | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/ansible/roles/node-all/files/etc/confd/templates/journal.sh/02.logrotate.tmpl b/ansible/roles/node-all/files/etc/confd/templates/journal.sh/02.logrotate.tmpl
index 29a947f..8b0008c 100644
--- a/ansible/roles/node-all/files/etc/confd/templates/journal.sh/02.logrotate.tmpl
+++ b/ansible/roles/node-all/files/etc/confd/templates/journal.sh/02.logrotate.tmpl
@@ -6,8 +6,9 @@ ${DATA_MOUNTS}/log/journald/journald.log {
     notifempty
     compress
     delaycompress
+    copytruncate
     postrotate
-        invoke-rc.d rsyslog rotate >/dev/null 2>&1 || true
+        /usr/bin/systemctl kill -s HUP rsyslog.service >/dev/null 2>&1 || true
     endscript
 }
 LOGROTATE_EOF
\ No newline at end of file

From 633709731bd0e2618e8a906702dcae370a1d7328 Mon Sep 17 00:00:00 2001
From: Yi Jing <djangoyi@yunify.com>
Date: Fri, 8 Aug 2025 13:14:01 +0800
Subject: [PATCH 78/86] fix: log level, rabbitmq

---
 .../confd/templates/rabbitmq-server.sh/02.rabbitmq.conf.tmpl    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ansible/roles/node-rabbitmq/files/etc/confd/templates/rabbitmq-server.sh/02.rabbitmq.conf.tmpl b/ansible/roles/node-rabbitmq/files/etc/confd/templates/rabbitmq-server.sh/02.rabbitmq.conf.tmpl
index 851ec6b..5176f81 100644
--- a/ansible/roles/node-rabbitmq/files/etc/confd/templates/rabbitmq-server.sh/02.rabbitmq.conf.tmpl
+++ b/ansible/roles/node-rabbitmq/files/etc/confd/templates/rabbitmq-server.sh/02.rabbitmq.conf.tmpl
@@ -61,7 +61,7 @@ default_user = {{ getv "/env/rabbitmq_default_user" "guest" }}
 default_pass = {{ replace (getv "/env/rabbitmq_default_pass" "guest") `$` `\$` -1 }}
 loopback_users = none
 default_user_tags.administrator = true
-log.file.level = debug
+log.file.level = info
 RABBITMQ_CONF_EOF
 
 if [ ! -f "${DATA_MOUNTS}/conf/rabbitmq.conf" ]; then

From cecfac666f16dd0f5d25126eeb980f052d16b4c8 Mon Sep 17 00:00:00 2001
From: Yi Jing <djangoyi@yunify.com>
Date: Fri, 8 Aug 2025 14:42:35 +0800
Subject: [PATCH 79/86] fix: rsyslog, haproxy

---
 .../confd/templates/journal.sh/01.journald.conf.tmpl |  2 +-
 .../templates/haproxy.sh/02.haproxy.log.conf.tmpl    | 12 ++++++++++--
 2 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/ansible/roles/node-all/files/etc/confd/templates/journal.sh/01.journald.conf.tmpl b/ansible/roles/node-all/files/etc/confd/templates/journal.sh/01.journald.conf.tmpl
index 7940d5c..46d674c 100644
--- a/ansible/roles/node-all/files/etc/confd/templates/journal.sh/01.journald.conf.tmpl
+++ b/ansible/roles/node-all/files/etc/confd/templates/journal.sh/01.journald.conf.tmpl
@@ -1,6 +1,6 @@
 mkdir -p ${DATA_MOUNTS}/log/journald/
 chmod 755 ${DATA_MOUNTS}/log/journald/
-chown syslog:syslog ${DATA_MOUNTS}/log/journald/
+chown syslog:svc ${DATA_MOUNTS}/log/journald/
 flush /etc/rsyslog.d/49-journald.conf << JOURNALD_CONFIG_EOF
 module(load="imjournal" PersistStateInterval="100") #load imjournal module
 module(load="mmjsonparse") #load mmjsonparse module for structured logs
diff --git a/ansible/roles/node-proxy-keepalived/files/etc/confd/templates/haproxy.sh/02.haproxy.log.conf.tmpl b/ansible/roles/node-proxy-keepalived/files/etc/confd/templates/haproxy.sh/02.haproxy.log.conf.tmpl
index fb03e1e..0c27dff 100644
--- a/ansible/roles/node-proxy-keepalived/files/etc/confd/templates/haproxy.sh/02.haproxy.log.conf.tmpl
+++ b/ansible/roles/node-proxy-keepalived/files/etc/confd/templates/haproxy.sh/02.haproxy.log.conf.tmpl
@@ -1,6 +1,7 @@
 {{- if getvs "/host/role" | filter "haproxy" }}
 mkdir -p ${DATA_MOUNTS}/log/haproxy/
-chmod 777 ${DATA_MOUNTS}/log/haproxy/
+chmod 755 ${DATA_MOUNTS}/log/haproxy/
+chown syslog:svc ${DATA_MOUNTS}/log/haproxy/
 
 flush /etc/rsyslog.d/49-haproxy.conf << HAPROXY_LOG_CONF_EOF
 
@@ -10,7 +11,14 @@ flush /etc/rsyslog.d/49-haproxy.conf << HAPROXY_LOG_CONF_EOF
 
 # Send HAProxy messages to a dedicated logfile
 :programname, startswith, "haproxy" {
-  ${DATA_MOUNTS}/log/haproxy/haproxy.log
+  action(
+    type="omfile"
+    file="${DATA_MOUNTS}/log/haproxy/haproxy.log"
+    FileOwner="syslog"
+    FileGroup="svc"
+    FileCreateMode="0640"
+    DirCreateMode="0755"
+  )
   stop
 }
 HAPROXY_LOG_CONF_EOF

From 53b1b458b017865385e3b3fed6f7c69dc7848c6d Mon Sep 17 00:00:00 2001
From: Yi Jing <djangoyi@yunify.com>
Date: Fri, 8 Aug 2025 14:42:59 +0800
Subject: [PATCH 80/86] fix: logrotae, haproxy

---
 .../files/etc/confd/templates/haproxy.sh/03.logrotate.tmpl   | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/ansible/roles/node-proxy-keepalived/files/etc/confd/templates/haproxy.sh/03.logrotate.tmpl b/ansible/roles/node-proxy-keepalived/files/etc/confd/templates/haproxy.sh/03.logrotate.tmpl
index dc39a8d..f09c473 100644
--- a/ansible/roles/node-proxy-keepalived/files/etc/confd/templates/haproxy.sh/03.logrotate.tmpl
+++ b/ansible/roles/node-proxy-keepalived/files/etc/confd/templates/haproxy.sh/03.logrotate.tmpl
@@ -2,13 +2,14 @@
 flush /etc/logrotate.d/haproxy << LOGROTATE_EOF
 ${DATA_MOUNTS}/log/haproxy/haproxy.log {
     daily
-    rotate 20
+    maxsize 2M
+    rotate 10
     missingok
     notifempty
     compress
     delaycompress
     postrotate
-        invoke-rc.d rsyslog rotate >/dev/null 2>&1 || true
+        /usr/bin/systemctl kill -s HUP rsyslog.service >/dev/null 2>&1 || true
     endscript
 }
 LOGROTATE_EOF
\ No newline at end of file

From 7ba9c7e7a33525509d9bdc18086e4d666eac48cf Mon Sep 17 00:00:00 2001
From: Yi Jing <djangoyi@yunify.com>
Date: Fri, 8 Aug 2025 15:09:10 +0800
Subject: [PATCH 81/86] fix: rsyslog, haproxy, no chroot settings

---
 .../etc/confd/templates/haproxy.sh/02.haproxy.log.conf.tmpl     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ansible/roles/node-proxy-keepalived/files/etc/confd/templates/haproxy.sh/02.haproxy.log.conf.tmpl b/ansible/roles/node-proxy-keepalived/files/etc/confd/templates/haproxy.sh/02.haproxy.log.conf.tmpl
index 0c27dff..166d335 100644
--- a/ansible/roles/node-proxy-keepalived/files/etc/confd/templates/haproxy.sh/02.haproxy.log.conf.tmpl
+++ b/ansible/roles/node-proxy-keepalived/files/etc/confd/templates/haproxy.sh/02.haproxy.log.conf.tmpl
@@ -7,7 +7,7 @@ flush /etc/rsyslog.d/49-haproxy.conf << HAPROXY_LOG_CONF_EOF
 
 # Create an additional socket in haproxy's chroot in order to allow logging via
 # /dev/log to chroot'ed HAProxy processes
-\$AddUnixListenSocket /var/lib/haproxy/dev/log
+# \$AddUnixListenSocket /var/lib/haproxy/dev/log
 
 # Send HAProxy messages to a dedicated logfile
 :programname, startswith, "haproxy" {

From d684ddea4ef93965a2eea65edc80005ca2c39058 Mon Sep 17 00:00:00 2001
From: Yi Jing <djangoyi@yunify.com>
Date: Fri, 8 Aug 2025 15:25:06 +0800
Subject: [PATCH 82/86] fix: rsyslog, keepalived

---
 .../keepalived.sh/03.keepalived.rsyslog.tmpl   | 18 ++++++++++++++----
 1 file changed, 14 insertions(+), 4 deletions(-)

diff --git a/ansible/roles/node-proxy-keepalived/files/etc/confd/templates/keepalived.sh/03.keepalived.rsyslog.tmpl b/ansible/roles/node-proxy-keepalived/files/etc/confd/templates/keepalived.sh/03.keepalived.rsyslog.tmpl
index 14175db..2d73844 100644
--- a/ansible/roles/node-proxy-keepalived/files/etc/confd/templates/keepalived.sh/03.keepalived.rsyslog.tmpl
+++ b/ansible/roles/node-proxy-keepalived/files/etc/confd/templates/keepalived.sh/03.keepalived.rsyslog.tmpl
@@ -1,10 +1,20 @@
 {{- if getvs "/host/role" | filter "haproxy" }}
-mkdir -p ${DATA_MOUNTS}/log/keepalivd/
-chmod 777 ${DATA_MOUNTS}/log/keepalivd/
+mkdir -p ${DATA_MOUNTS}/log/keepalived/
+chmod 755 ${DATA_MOUNTS}/log/keepalived/
+chown syslog:svc ${DATA_MOUNTS}/log/keepalived/
 flush /etc/rsyslog.d/49-keepalived.conf << KEEPALIVED_LOG_EOF
 
-if \$programname startswith 'Keepalived' then ${DATA_MOUNTS}/log/keepalivd/keepalived.log
-&stop
+if \$programname startswith 'Keepalived' then {
+    action(
+        type="omfile"
+        file="${DATA_MOUNTS}/log/keepalived/keepalived.log"
+        FileOwner="syslog"
+        FileGroup="svc"
+        FileCreateMode="0640"
+        DirCreateMode="0755"
+    )
+    stop
+}
 
 KEEPALIVED_LOG_EOF
 {{- end }}

From 53f8937caf52259e6c1cc6c681be17828509d3e6 Mon Sep 17 00:00:00 2001
From: Yi Jing <djangoyi@yunify.com>
Date: Fri, 8 Aug 2025 15:39:36 +0800
Subject: [PATCH 83/86] fix: logrotate, keepalived

---
 .../etc/confd/templates/keepalived.sh/04.logrotate.tmpl      | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/ansible/roles/node-proxy-keepalived/files/etc/confd/templates/keepalived.sh/04.logrotate.tmpl b/ansible/roles/node-proxy-keepalived/files/etc/confd/templates/keepalived.sh/04.logrotate.tmpl
index 21f15ff..d5bcde7 100644
--- a/ansible/roles/node-proxy-keepalived/files/etc/confd/templates/keepalived.sh/04.logrotate.tmpl
+++ b/ansible/roles/node-proxy-keepalived/files/etc/confd/templates/keepalived.sh/04.logrotate.tmpl
@@ -1,13 +1,14 @@
 flush /etc/logrotate.d/keepalived << LOGROTATE_EOF
 ${DATA_MOUNTS}/log/keepalived/keepalived.log {
     daily
-    rotate 20
+    maxsize 2M
+    rotate 10
     missingok
     notifempty
     compress
     delaycompress
     postrotate
-        invoke-rc.d rsyslog rotate >/dev/null 2>&1 || true
+        /usr/bin/systemctl kill -s HUP rsyslog.service >/dev/null 2>&1 || true
     endscript
 }
 LOGROTATE_EOF
\ No newline at end of file

From 80ea23cebb05e2d7bb6ef475eff22bde75f3298d Mon Sep 17 00:00:00 2001
From: Yi Jing <djangoyi@yunify.com>
Date: Fri, 8 Aug 2025 16:34:08 +0800
Subject: [PATCH 84/86] fix: disable journald log for role client

---
 .../etc/confd/templates/journal.sh/01.journald.conf.tmpl      | 2 ++
 .../files/etc/confd/templates/journal.sh/02.logrotate.tmpl    | 4 +++-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/ansible/roles/node-all/files/etc/confd/templates/journal.sh/01.journald.conf.tmpl b/ansible/roles/node-all/files/etc/confd/templates/journal.sh/01.journald.conf.tmpl
index 46d674c..d2a66bb 100644
--- a/ansible/roles/node-all/files/etc/confd/templates/journal.sh/01.journald.conf.tmpl
+++ b/ansible/roles/node-all/files/etc/confd/templates/journal.sh/01.journald.conf.tmpl
@@ -1,3 +1,4 @@
+{{- if not (getvs "/host/role" | filter "client") }}
 mkdir -p ${DATA_MOUNTS}/log/journald/
 chmod 755 ${DATA_MOUNTS}/log/journald/
 chown syslog:svc ${DATA_MOUNTS}/log/journald/
@@ -12,3 +13,4 @@ module(load="mmjsonparse") #load mmjsonparse module for structured logs
 action(type="omfile" file="${DATA_MOUNTS}/log/journald/journald.log" FileOwner="syslog" FileGroup="svc" FileCreateMode="0640" DirCreateMode="0755")
 
 JOURNALD_CONFIG_EOF
+{{- end }}
\ No newline at end of file
diff --git a/ansible/roles/node-all/files/etc/confd/templates/journal.sh/02.logrotate.tmpl b/ansible/roles/node-all/files/etc/confd/templates/journal.sh/02.logrotate.tmpl
index 8b0008c..e65257a 100644
--- a/ansible/roles/node-all/files/etc/confd/templates/journal.sh/02.logrotate.tmpl
+++ b/ansible/roles/node-all/files/etc/confd/templates/journal.sh/02.logrotate.tmpl
@@ -1,3 +1,4 @@
+{{- if not (getvs "/host/role" | filter "client") }}
 flush /etc/logrotate.d/journald << LOGROTATE_EOF
 ${DATA_MOUNTS}/log/journald/journald.log {
     daily
@@ -11,4 +12,5 @@ ${DATA_MOUNTS}/log/journald/journald.log {
         /usr/bin/systemctl kill -s HUP rsyslog.service >/dev/null 2>&1 || true
     endscript
 }
-LOGROTATE_EOF
\ No newline at end of file
+LOGROTATE_EOF
+{{- end }}
\ No newline at end of file

From 86b1843c1e6e6c99d82586545de230f3904d8d98 Mon Sep 17 00:00:00 2001
From: Yi Jing <djangoyi@yunify.com>
Date: Fri, 8 Aug 2025 16:36:44 +0800
Subject: [PATCH 85/86] fix: default password of client

---
 ansible/roles/node-client/files/opt/app/bin/node/client-node.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ansible/roles/node-client/files/opt/app/bin/node/client-node.sh b/ansible/roles/node-client/files/opt/app/bin/node/client-node.sh
index c7b0627..eda64de 100644
--- a/ansible/roles/node-client/files/opt/app/bin/node/client-node.sh
+++ b/ansible/roles/node-client/files/opt/app/bin/node/client-node.sh
@@ -1,5 +1,5 @@
 initNode() {
   _initNode
   echo 'root:rabbitmq123' | chpasswd
-  echo -e "client\nclient\n" | adduser client > /dev/nul 2>&1 || echo "client:client123" | chpasswd
+  echo -e "client\nclient\n" | adduser client > /dev/null 2>&1 && echo "client:rabbitmq123" | chpasswd
 }
\ No newline at end of file

From ed73d2b221d94238bb24923bd9aeee9b52005a80 Mon Sep 17 00:00:00 2001
From: Yi Jing <djangoyi@yunify.com>
Date: Fri, 15 Aug 2025 15:02:56 +0800
Subject: [PATCH 86/86] ready for release, 3.13.7 - v1.0.0_kylin_x86

---
 app/cluster.json.mustache | 6 +++---
 app/config.json           | 2 +-
 app/locale/zh-cn.json     | 4 +++-
 3 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/app/cluster.json.mustache b/app/cluster.json.mustache
index 22eea85..d7d0d70 100644
--- a/app/cluster.json.mustache
+++ b/app/cluster.json.mustache
@@ -13,7 +13,7 @@
             "type": "kvm",
             "sriov_nic": true,
             "zone": "pekt3",
-            "image": "img-tbgctaqs"
+            "image": "img-2vaj3uz6"
         },
         "instance_class": {{cluster.disc.instance_class}},
         "count": {{cluster.disc.count}},
@@ -96,7 +96,7 @@
         "container": {
             "type": "kvm",
             "zone": "pekt3",
-            "image": "img-tbgctaqs"
+            "image": "img-2vaj3uz6"
         },
         "instance_class": {{cluster.client.instance_class}},
         "count": {{cluster.client.count}},
@@ -119,7 +119,7 @@
             "type": "kvm",
             "sriov_nic": true,
             "zone": "pekt3",
-            "image": "img-tbgctaqs"
+            "image": "img-2vaj3uz6"
         },
         "instance_class": {{cluster.haproxy.instance_class}},
         "count": {{cluster.haproxy.count}},
diff --git a/app/config.json b/app/config.json
index 66d2ede..4ca2ec4 100644
--- a/app/config.json
+++ b/app/config.json
@@ -385,7 +385,7 @@
         }, {
             "key": "plugins_enabled",
             "label": "Enable rabbitmq plugins",
-            "description": "Whether to enable rabbitmq plugins",
+            "description": "Choose to enable rabbitmq plugins",
             "type": "string",
             "default": "rabbitmq_management,rabbitmq_mqtt,rabbitmq_web_mqtt,rabbitmq_stomp,rabbitmq_web_stomp,rabbitmq_shovel,rabbitmq_shovel_management,rabbitmq_delayed_message_exchange,rabbitmq_federation,rabbitmq_federation_management",
             "required": "no",
diff --git a/app/locale/zh-cn.json b/app/locale/zh-cn.json
index 9e7c83a..25bf6e9 100644
--- a/app/locale/zh-cn.json
+++ b/app/locale/zh-cn.json
@@ -71,5 +71,7 @@
     "err_code243": "节点磁盘使用率超过 30%，剩余空间不足或导致升级失败，请先扩容",
     "Whether to enable log web console": "日志管理控制台开关，true=开启，默认开启",
     "notice_when_upgrade": "1. 如果集群使用了优先队列 (priority queue)，请根据 [文档](https://docs.qingcloud.com/product/middware/rabbitmq/index] 进行操作，否则会导致此类队列里的数据**全部丢失**；\n 2. 若集群中缓存有大量消息数据，升级将极为耗时，单核 1G 内存的节点 10G 数据需要 30 分钟，数据越多速度越慢，建议业务低谷时队列基本为空时操作；\n 3. 每个节点磁盘使用率不得超过 30%，剩余空间不足会导致升级失败。",
-    "etcd": "etcd外部服务"
+    "etcd": "etcd外部服务",
+    "Whether to enable ssh on client nodes": "是否在client节点启用ssh服务",
+    "Choose to enable rabbitmq plugins": "启用/关闭rabbitmq插件"
 }