安装部署

本文档详细介绍 IPAM 系统的各种安装部署方式。

系统要求

最低配置

组件	要求
CPU	2核
内存	4GB
磁盘	20GB
网络	内网访问

推荐配置

组件	要求
CPU	4核+
内存	8GB+
磁盘	50GB+ SSD
网络	千兆以太网

下载程序

服务端下载

平台	架构	下载链接
Linux	amd64	server_linux_amd64
Linux	arm64	server_linux_arm64
Windows	amd64	server_windows_amd64.exe
macOS	amd64	server_darwin_amd64
macOS	arm64	server_darwin_arm64

探针客户端下载

平台	架构	下载链接
Linux	amd64	probe_linux_amd64
Linux	arm64	probe_linux_arm64
Windows	amd64	probe_windows_amd64.exe

部署方式

1. 二进制部署（推荐）

下载并安装

# 创建安装目录
mkdir -p /opt/ipam
cd /opt/ipam

# 下载服务端（以 Linux amd64 为例）
wget https://download.liumou.site/ipam/server_linux_amd64 -O ipam-server
chmod +x ipam-server

# 生成配置文件模板
./ipam-server -g

# 编辑配置文件
vi config.toml

部署目录结构

/opt/ipam/
├── ipam-server          # 后端可执行文件
├── ipam-probe           # 探针客户端（可选）
├── config.toml          # 配置文件
└── logs/                # 日志目录

启动服务

# 直接启动
./ipam-server

# 或使用 systemd 管理（见下文）

2. Docker 部署

Docker Compose

version: '3.8'

services:
  db:
    image: mariadb:10.11
    environment:
      MYSQL_ROOT_PASSWORD: root_password
      MYSQL_DATABASE: ipam
      MYSQL_USER: ipam_user
      MYSQL_PASSWORD: ipam_password
    volumes:
      - db_data:/var/lib/mysql
    networks:
      - ipam-network

  app:
    image: liumou/ipam-server:latest
    ports:
      - "8080:8080"
    volumes:
      - ./config.toml:/app/config.toml
      - ./logs:/app/logs
    depends_on:
      - db
    networks:
      - ipam-network

volumes:
  db_data:

networks:
  ipam-network:
    driver: bridge

启动：

docker-compose up -d

3. systemd 服务部署

下载程序

mkdir -p /opt/ipam
cd /opt/ipam

# 下载服务端
wget https://download.liumou.site/ipam/server_linux_amd64 -O ipam-server
chmod +x ipam-server

# 生成配置文件模板
./ipam-server -g

# 编辑配置文件
vi config.toml

创建服务文件

sudo tee /etc/systemd/system/ipam.service > /dev/null <<EOF
[Unit]
Description=IPAM Server
After=network.target mysql.service

[Service]
Type=simple
User=ipam
Group=ipam
WorkingDirectory=/opt/ipam
ExecStart=/opt/ipam/ipam-server
Restart=on-failure
RestartSec=5
StandardOutput=journal
StandardError=journal

[Install]
WantedBy=multi-user.target
EOF

启动服务

# 创建用户
sudo useradd -r -s /bin/false ipam

# 设置权限
sudo chown -R ipam:ipam /opt/ipam

# 启动服务
sudo systemctl daemon-reload
sudo systemctl enable ipam
sudo systemctl start ipam

# 查看状态
sudo systemctl status ipam

Nginx 反向代理

配置示例

server {
    listen 80;
    server_name ipam.example.com;
    
    # 重定向到 HTTPS
    return 301 https://$server_name$request_uri;
}

server {
    listen 443 ssl http2;
    server_name ipam.example.com;
    
    # SSL 证书
    ssl_certificate /path/to/cert.pem;
    ssl_certificate_key /path/to/key.pem;
    
    # 前端静态文件（已嵌入到服务端，直接代理到后端）
    location / {
        proxy_pass http://localhost:8080;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_cache_bypass $http_upgrade;
    }
    
    # API 代理
    location /api {
        proxy_pass http://localhost:8080;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_cache_bypass $http_upgrade;
    }
}

数据库配置

MySQL/MariaDB

-- 创建数据库
CREATE DATABASE ipam CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;

-- 创建用户
CREATE USER 'ipam_user'@'%' IDENTIFIED BY 'strong_password';

-- 授权
GRANT ALL PRIVILEGES ON ipam.* TO 'ipam_user'@'%';

FLUSH PRIVILEGES;

性能优化

# my.cnf
[mysqld]
character-set-server=utf8mb4
collation-server=utf8mb4_unicode_ci
max_connections=200
innodb_buffer_pool_size=512M
innodb_log_file_size=128M
query_cache_type=1
query_cache_size=64M

探针客户端部署

下载探针

cd /opt/ipam

# 下载探针客户端（以 Linux amd64 为例）
wget https://download.liumou.site/ipam/probe_linux_amd64 -O ipam-probe
chmod +x ipam-probe

创建 systemd 服务

sudo tee /etc/systemd/system/ipam-probe.service > /dev/null <<EOF
[Unit]
Description=IPAM Probe
After=network.target

[Service]
Type=simple
ExecStart=/opt/ipam/ipam-probe -server http://localhost:8080 -apikey YOUR_API_KEY -subnet 192.168.1.0/24
Restart=on-failure
RestartSec=10

[Install]
WantedBy=multi-user.target
EOF

# 启动服务
sudo systemctl daemon-reload
sudo systemctl enable ipam-probe
sudo systemctl start ipam-probe

备份策略

自动备份脚本

#!/bin/bash
# backup.sh

BACKUP_DIR="/backup/ipam"
DATE=$(date +%Y%m%d_%H%M%S)
DB_NAME="ipam"
DB_USER="ipam_user"
DB_PASS="password"

# 创建备份目录
mkdir -p $BACKUP_DIR

# 备份数据库
mysqldump -u$DB_USER -p$DB_PASS $DB_NAME > $BACKUP_DIR/ipam_db_$DATE.sql

# 备份配置文件
tar czf $BACKUP_DIR/ipam_config_$DATE.tar.gz /opt/ipam/config.toml

# 保留最近 30 天的备份
find $BACKUP_DIR -name "*.sql" -mtime +30 -delete
find $BACKUP_DIR -name "*.tar.gz" -mtime +30 -delete

定时任务

# 每天凌晨 2 点执行备份
0 2 * * * /opt/ipam/backup.sh >> /var/log/ipam_backup.log 2>&1

监控与日志

日志配置

[monitoring]
enabled = true
interval = 30
gateway_timeout = 5
ip_timeout = 3
max_concurrent = 100
enable_host_scanning = false  # 分布式部署时保持 false

日志轮转

# /etc/logrotate.d/ipam
/opt/ipam/logs/*.log {
    daily
    rotate 30
    compress
    delaycompress
    missingok
    notifempty
    create 0644 ipam ipam
}

安全建议

1. 修改默认密码：首次登录后立即修改所有默认账户密码
2. 使用 HTTPS：生产环境必须使用 HTTPS
3. 防火墙配置：仅开放必要的端口
4. 定期更新：及时更新系统和依赖
5. 访问控制：限制管理后台访问IP
6. 审计日志：启用操作审计功能

故障排查

服务无法启动

# 检查日志
journalctl -u ipam -f

# 检查端口占用
netstat -tlnp | grep 8080

# 检查配置文件
cat /opt/ipam/config.toml

数据库连接失败

# 测试数据库连接
mysql -u ipam_user -p -h localhost ipam

# 检查数据库服务
systemctl status mysql

探针无法连接

# 检查探针日志
journalctl -u ipam-probe -f

# 验证 API 密钥
curl -H "X-API-Key: YOUR_API_KEY" http://localhost:8080/api/probe/validate-api-key

# 检查网络连通性
ping ipam-server