- 01-infra/nginx-configs: add MinIO /minio/ and /minio-console/ location blocks (port 9000 S3 API, port 9001 Console UI, path stripping via rewrite) - 03-apiservice: integrate MinIO minio-python SDK for file upload - requirements.txt: add minio==7.2.11 - app/core/config.py: add MINIO_ENDPOINT, ACCESS_KEY, SECRET_KEY, BUCKET_FINANCE, USE_SSL - app/services/minio_client.py: new — upload_file(), get_presigned_url(), delete_file() - app/routes/pages.py: replace local /data/uploads/ write with MinIO upload to finance bucket - docker-compose.yml: pass MinIO env vars to container - .env.example: document MinIO vars - 07-minio/.env.example: add MINIO_SVC_ACCESS_KEY/SECRET_KEY section - 07-minio/README.md: add Python minio SDK and Airflow DAG usage guide - CLAUDE.md: project context (servers, SSH, paths, service distribution) - document-obsidiant/: initial Obsidian docs for all services
402 lines
8.7 KiB
Markdown
402 lines
8.7 KiB
Markdown
---
|
|
tags:
|
|
- project/sriphat
|
|
- operations
|
|
- runbook
|
|
- deployment
|
|
- troubleshooting
|
|
created: 2026-05-07
|
|
status: active
|
|
---
|
|
|
|
# Operations Runbook
|
|
|
|
## Quick Reference — Service Status
|
|
|
|
```bash
|
|
# ดู containers ทั้งหมดที่รันอยู่
|
|
docker ps
|
|
|
|
# ดู resource usage
|
|
docker stats
|
|
|
|
# ดู logs แบบ realtime (ผ่าน Dozzle)
|
|
# https://ai.sriphat.com/dozzle
|
|
```
|
|
|
|
---
|
|
|
|
## First-Time Deployment
|
|
|
|
### Prerequisites
|
|
|
|
- Docker + Docker Compose installed
|
|
- RAM ≥ 8 GB
|
|
- Disk ≥ 50 GB
|
|
- Port 80, 443 accessible
|
|
|
|
### Step 1: Setup Network
|
|
|
|
```bash
|
|
# สร้าง Docker network ร่วม
|
|
docker network create shared_data_network
|
|
```
|
|
|
|
### Step 2: Configure Environment
|
|
|
|
```bash
|
|
# Copy และแก้ไขค่า
|
|
cp .env.example .env.global
|
|
nano .env.global
|
|
|
|
# Supabase env
|
|
cd 02-supabase
|
|
cp .env.example .env
|
|
nano .env
|
|
|
|
# API Service env
|
|
cd ../03-apiservice
|
|
cp .env.example .env
|
|
nano .env
|
|
|
|
# MinIO env
|
|
cd ../07-minio
|
|
cp .env.example .env
|
|
nano .env
|
|
```
|
|
|
|
### Step 3: Start Services (ตามลำดับ)
|
|
|
|
```bash
|
|
# 1. Infrastructure (Nginx + Keycloak + PostgreSQL + Redis)
|
|
cd 01-infra
|
|
docker compose --env-file ../.env.global up -d
|
|
|
|
# รอ PostgreSQL พร้อม (~30 วินาที)
|
|
sleep 30
|
|
|
|
# 2. Supabase
|
|
cd ../02-supabase
|
|
docker compose up -d
|
|
|
|
# รอ Supabase DB พร้อม (~60 วินาที)
|
|
sleep 60
|
|
|
|
# 3. API Service
|
|
cd ../03-apiservice
|
|
docker compose --env-file ../.env.global up --build -d
|
|
|
|
# 4. Airflow (ถ้าใช้งาน)
|
|
cd ../05-airflow
|
|
docker compose up airflow-init # รอให้ init เสร็จ
|
|
docker compose up -d
|
|
|
|
# 5. Analytics (Superset)
|
|
cd ../06-analytics
|
|
docker compose --env-file ../.env.global build
|
|
docker compose --env-file ../.env.global up -d
|
|
|
|
# 6. MinIO
|
|
cd ../07-minio
|
|
docker compose up -d
|
|
```
|
|
|
|
### Step 4: Verify Services
|
|
|
|
```bash
|
|
docker ps --format "table {{.Names}}\t{{.Status}}\t{{.Ports}}"
|
|
```
|
|
|
|
Expected containers:
|
|
- `nginx-proxy-manager` ✅
|
|
- `keycloak` ✅
|
|
- `postgres` ✅
|
|
- `redis` ✅
|
|
- `dozzle` ✅
|
|
- `sdp-supabase-db` ✅
|
|
- `sdp-supabase-studio` ✅
|
|
- `sdp-supabase-kong` ✅
|
|
- `sdp-supabase-auth` ✅
|
|
- `sdp-supabase-rest` ✅
|
|
- `sdp-realtime-dev` ✅
|
|
- `sdp-supabase-storage` ✅
|
|
- `sdp-supabase-pooler` ✅
|
|
- `sdp-supabase-analytics` ✅
|
|
- `sdp-supabase-meta` ✅
|
|
- `apiservice` ✅
|
|
- `superset` ✅
|
|
- `minio` ✅
|
|
|
|
---
|
|
|
|
## Post-Installation Setup
|
|
|
|
### Setup Keycloak
|
|
|
|
1. เข้า `https://ai.sriphat.com/keycloak/admin`
|
|
2. Login ด้วย `KEYCLOAK_ADMIN` credentials
|
|
3. สร้าง Realm: `sriphat`
|
|
4. สร้าง Clients:
|
|
- `apiservice` (API Service)
|
|
- `superset-client` (Apache Superset)
|
|
- `minio-client` (MinIO)
|
|
- `airflow-client` (Apache Airflow)
|
|
5. เชื่อมต่อ LDAP/AD (optional)
|
|
|
|
### Initialize API Service
|
|
|
|
```bash
|
|
# เข้า Admin UI
|
|
https://ai.sriphat.com/apiservice/admin/
|
|
|
|
# สร้าง API Client และ Generate Key
|
|
curl -X POST "https://ai.sriphat.com/apiservice/admin/api-keys/generate" \
|
|
-H "Cookie: session=<admin-session>" \
|
|
-d "client_id=1&permissions=feed.checkpoint:write&name=his-key"
|
|
```
|
|
|
|
### Setup Superset Data Sources
|
|
|
|
1. เข้า `https://ai.sriphat.com/superset`
|
|
2. Settings → Database Connections → Add
|
|
3. เพิ่ม PostgreSQL:
|
|
```
|
|
postgresql://postgres:<password>@postgres:5432/postgres
|
|
```
|
|
|
|
---
|
|
|
|
## Daily Operations
|
|
|
|
### Start All Services
|
|
|
|
```bash
|
|
# Infrastructure
|
|
cd 01-infra && docker compose --env-file ../.env.global up -d && cd ..
|
|
|
|
# Supabase
|
|
cd 02-supabase && docker compose up -d && cd ..
|
|
|
|
# API Service
|
|
cd 03-apiservice && docker compose --env-file ../.env.global up -d && cd ..
|
|
|
|
# Airflow
|
|
cd 05-airflow && docker compose up -d && cd ..
|
|
|
|
# Analytics
|
|
cd 06-analytics && docker compose --env-file ../.env.global up -d && cd ..
|
|
|
|
# MinIO
|
|
cd 07-minio && docker compose up -d && cd ..
|
|
```
|
|
|
|
### Stop All Services
|
|
|
|
```bash
|
|
cd 01-infra && docker compose down && cd ..
|
|
cd 02-supabase && docker compose down && cd ..
|
|
cd 03-apiservice && docker compose down && cd ..
|
|
cd 05-airflow && docker compose down && cd ..
|
|
cd 06-analytics && docker compose down && cd ..
|
|
cd 07-minio && docker compose down && cd ..
|
|
```
|
|
|
|
---
|
|
|
|
## Backup & Restore
|
|
|
|
### Backup PostgreSQL (Infra)
|
|
|
|
```bash
|
|
# Backup ทั้ง database
|
|
docker exec postgres pg_dumpall -U postgres > backup_all_$(date +%Y%m%d_%H%M).sql
|
|
|
|
# Backup เฉพาะ database
|
|
docker exec postgres pg_dump -U postgres postgres > backup_postgres_$(date +%Y%m%d).sql
|
|
docker exec postgres pg_dump -U postgres superset > backup_superset_$(date +%Y%m%d).sql
|
|
docker exec postgres pg_dump -U postgres airflow > backup_airflow_$(date +%Y%m%d).sql
|
|
```
|
|
|
|
### Backup Supabase PostgreSQL
|
|
|
|
```bash
|
|
docker exec sdp-supabase-db pg_dump -U postgres postgres > backup_supabase_$(date +%Y%m%d).sql
|
|
```
|
|
|
|
### Backup MinIO
|
|
|
|
```bash
|
|
# ใช้ mc mirror
|
|
mc mirror sriphat/ ./minio-backup-$(date +%Y%m%d)/
|
|
|
|
# หรือ tar data directory
|
|
tar -czf minio-backup-$(date +%Y%m%d).tar.gz 07-minio/data/
|
|
```
|
|
|
|
### Restore PostgreSQL
|
|
|
|
```bash
|
|
# Restore
|
|
docker exec -i postgres psql -U postgres postgres < backup_postgres_20260501.sql
|
|
```
|
|
|
|
---
|
|
|
|
## Update Services
|
|
|
|
```bash
|
|
# Pull latest images
|
|
cd 01-infra && docker compose --env-file ../.env.global pull && cd ..
|
|
cd 02-supabase && docker compose pull && cd ..
|
|
cd 06-analytics && docker compose --env-file ../.env.global pull && cd ..
|
|
cd 07-minio && docker compose pull && cd ..
|
|
|
|
# Rebuild API Service (มี code changes)
|
|
cd 03-apiservice
|
|
docker compose --env-file ../.env.global build
|
|
docker compose --env-file ../.env.global up -d
|
|
```
|
|
|
|
---
|
|
|
|
## Troubleshooting
|
|
|
|
### PostgreSQL ไม่ start / connection refused
|
|
|
|
```bash
|
|
# ตรวจสอบ health
|
|
docker exec postgres pg_isready -U postgres
|
|
|
|
# ดู logs
|
|
docker logs postgres --tail 50
|
|
|
|
# Check schemas
|
|
docker exec postgres psql -U postgres -c "\dn"
|
|
```
|
|
|
|
### Keycloak ไม่ start
|
|
|
|
```bash
|
|
# ดู logs (มักเกิดจาก PostgreSQL ยังไม่พร้อม)
|
|
docker logs keycloak --tail 50
|
|
|
|
# Restart หลัง PostgreSQL พร้อม
|
|
docker restart keycloak
|
|
```
|
|
|
|
### API Service ไม่ connect database
|
|
|
|
```bash
|
|
# ตรวจสอบ network
|
|
docker network inspect shared_data_network
|
|
|
|
# ตรวจสอบ env vars
|
|
docker exec apiservice env | grep DB_
|
|
|
|
# Test connection จาก container
|
|
docker exec apiservice python -c "import psycopg2; psycopg2.connect(host='postgres', user='postgres', password='<pass>')"
|
|
```
|
|
|
|
### Supabase services unhealthy
|
|
|
|
```bash
|
|
# ตรวจสอบทุก container
|
|
docker ps --filter "name=sdp-"
|
|
|
|
# Restart ตามลำดับ dependency
|
|
docker restart sdp-supabase-db
|
|
sleep 10
|
|
docker restart sdp-supabase-analytics
|
|
sleep 10
|
|
docker restart sdp-supabase-kong
|
|
docker restart sdp-supabase-auth
|
|
docker restart sdp-supabase-rest
|
|
```
|
|
|
|
### Airflow worker ไม่ pick tasks
|
|
|
|
```bash
|
|
# ตรวจสอบ Redis connectivity
|
|
docker exec airflow-worker redis-cli -h redis ping
|
|
|
|
# ตรวจสอบ worker
|
|
docker logs airflow-worker --tail 50
|
|
|
|
# Restart worker
|
|
docker restart airflow-worker
|
|
```
|
|
|
|
### Nginx 502 Bad Gateway
|
|
|
|
```bash
|
|
# ตรวจสอบว่า backend container ทำงานอยู่
|
|
docker ps | grep <service-name>
|
|
|
|
# ตรวจสอบ logs
|
|
docker logs nginx-proxy-manager --tail 50
|
|
docker logs <service-name> --tail 50
|
|
|
|
# ตรวจสอบ network
|
|
docker network inspect shared_data_network | grep -A5 <service-name>
|
|
```
|
|
|
|
### MinIO ไม่ accessible
|
|
|
|
```bash
|
|
# Health check
|
|
curl -f http://localhost:9000/minio/health/live
|
|
|
|
# Logs
|
|
docker logs minio --tail 50
|
|
|
|
# Disk space
|
|
df -h
|
|
```
|
|
|
|
---
|
|
|
|
## Monitoring
|
|
|
|
### Dozzle (Docker Logs)
|
|
|
|
**URL:** `https://ai.sriphat.com/dozzle`
|
|
|
|
Dozzle monitor ทั้ง:
|
|
- Main server (local)
|
|
- Remote agent: `192.168.100.9:7007`
|
|
|
|
### Container Health
|
|
|
|
```bash
|
|
# ดู health status
|
|
docker ps --format "table {{.Names}}\t{{.Status}}\t{{.Health}}"
|
|
|
|
# ดู resource usage
|
|
docker stats --format "table {{.Name}}\t{{.CPUPerc}}\t{{.MemUsage}}"
|
|
```
|
|
|
|
---
|
|
|
|
## Access Points Summary
|
|
|
|
| Service | URL | Credentials |
|
|
|---------|-----|-------------|
|
|
| Nginx Proxy | `http://192.168.100.9:8020` | — |
|
|
| Keycloak Admin | `https://ai.sriphat.com/keycloak/admin` | `KEYCLOAK_ADMIN` |
|
|
| Supabase Studio | `https://ai.sriphat.com/supabase` | DB credentials |
|
|
| Supabase API | `https://ai.sriphat.com/supabase-api` | ANON_KEY / SERVICE_ROLE_KEY |
|
|
| API Service | `https://ai.sriphat.com/apiservice` | Admin credentials |
|
|
| Airflow | `https://ai.sriphat.com/airflow` | Airflow admin |
|
|
| Superset | `https://ai.sriphat.com/superset` | `SUPERSET_ADMIN_*` |
|
|
| MinIO Console | `https://ai.sriphat.com/minio-console` | `MINIO_ROOT_*` |
|
|
| MinIO API | `https://ai.sriphat.com/minio` | S3 credentials |
|
|
| Dozzle | `https://ai.sriphat.com/dozzle` | — (no auth default) |
|
|
|
|
---
|
|
|
|
## Related
|
|
|
|
- [[00-Project-Overview]]
|
|
- [[01-Infrastructure]]
|
|
- [[07-Security-Strategy]]
|