56 lines
2.9 KiB
Markdown
56 lines
2.9 KiB
Markdown
Convex Self‑Hosted — Configurar env e testar provisionamento (Arquivo)
|
||
|
||
Nota: este documento foi arquivado. O fluxo atual de deploy/ops está em `docs/operations.md`.
|
||
|
||
Pré‑requisitos
|
||
- Rodar na VPS com Docker.
|
||
- Projeto em `/srv/apps/sistema`.
|
||
- Admin Key do Convex (já obtida):
|
||
`convex-self-hosted|011c148069bd37e4a3f1c10b41b19459427a20e6d7ba81f53b659861f7658cd4985c8936e9`
|
||
|
||
1) Exportar variáveis da sessão (URL + Admin Key)
|
||
export CONVEX_SELF_HOSTED_URL="https://convex.esdrasrenan.com.br"
|
||
export CONVEX_SELF_HOSTED_ADMIN_KEY='convex-self-hosted|011c148069bd37e4a3f1c10b41b19459427a20e6d7ba81f53b659861f7658cd4985c8936e9'
|
||
|
||
2) Definir MACHINE_PROVISIONING_SECRET no Convex (obrigatório)
|
||
docker run --rm -it \
|
||
-v /srv/apps/sistema:/app -w /app \
|
||
-e CONVEX_SELF_HOSTED_URL -e CONVEX_SELF_HOSTED_ADMIN_KEY \
|
||
oven/bun:1 bash -lc "set -euo pipefail; \
|
||
bun install --frozen-lockfile; \
|
||
unset CONVEX_DEPLOYMENT; \
|
||
bun x convex env set MACHINE_PROVISIONING_SECRET '71daa9ef54cb224547e378f8121ca898b614446c142a132f73c2221b4d53d7d6' -y; \
|
||
bun x convex env list"
|
||
|
||
3) (Opcional) Definir MACHINE_TOKEN_TTL_MS (padrão 30 dias)
|
||
docker run --rm -it \
|
||
-v /srv/apps/sistema:/app -w /app \
|
||
-e CONVEX_SELF_HOSTED_URL -e CONVEX_SELF_HOSTED_ADMIN_KEY \
|
||
oven/bun:1 bash -lc "set -euo pipefail; \
|
||
bun install --frozen-lockfile; \
|
||
unset CONVEX_DEPLOYMENT; \
|
||
bun x convex env set MACHINE_TOKEN_TTL_MS '2592000000' -y; \
|
||
bun x convex env list"
|
||
|
||
4) (Opcional) Definir FLEET_SYNC_SECRET
|
||
docker run --rm -it \
|
||
-v /srv/apps/sistema:/app -w /app \
|
||
-e CONVEX_SELF_HOSTED_URL -e CONVEX_SELF_HOSTED_ADMIN_KEY \
|
||
oven/bun:1 bash -lc "set -euo pipefail; \
|
||
bun install --frozen-lockfile; \
|
||
unset CONVEX_DEPLOYMENT; \
|
||
bun x convex env set FLEET_SYNC_SECRET '' -y; \
|
||
bun x convex env list"
|
||
|
||
5) Testar registro (gera machineToken) — substitua o hostname se quiser
|
||
HOST="vm-teste-$(date +%s)"; \
|
||
curl -sS -o resp.json -w "%{http_code}\n" -X POST 'https://tickets.esdrasrenan.com.br/api/machines/register' \
|
||
-H 'Content-Type: application/json' \
|
||
-d '{"provisioningSecret":"71daa9ef54cb224547e378f8121ca898b614446c142a132f73c2221b4d53d7d6","tenantId":"tenant-atlas","hostname":"'"$HOST"'","os":{"name":"Linux","version":"6.1.0","architecture":"x86_64"},"macAddresses":["AA:BB:CC:DD:EE:FF"],"serialNumbers":[],"metadata":{"inventario":{"cpu":"i7","ramGb":16}},"registeredBy":"manual-test"}'; \
|
||
echo; tail -c 400 resp.json || true
|
||
|
||
6) (Opcional) Enviar heartbeat com o token retornado
|
||
TOKEN=$(node -e 'try{const j=require("fs").readFileSync("resp.json","utf8");process.stdout.write(JSON.parse(j).machineToken||"");}catch(e){process.stdout.write("")}' ); \
|
||
[ -n "$TOKEN" ] && curl -sS -o /dev/null -w "%{http_code}\n" -X POST 'https://tickets.esdrasrenan.com.br/api/machines/heartbeat' \
|
||
-H 'Content-Type: application/json' \
|
||
-d '{"machineToken":"'"$TOKEN"'","status":"online","metrics":{"cpuPct":12,"memFreePct":61}}'
|