AgentSkillsCN

ordo-server-deployment

Ordo 服务器部署与配置指南。涵盖 HTTP/gRPC 配置、环境变量、Nomad 部署、Docker、监控指标、审计日志以及多租户配置。适用于生产环境部署、运维管理、监控与告警。

SKILL.md
--- frontmatter
name: ordo-server-deployment
description: Ordo server deployment and configuration guide. Includes HTTP/gRPC configuration, environment variables, Nomad deployment, Docker, monitoring metrics, audit logging, multi-tenancy configuration. Use for production deployment, operations management, monitoring and alerting.

Ordo Server Deployment and Configuration

Quick Start

bash
# Build
cargo build --release

# Basic startup
./target/release/ordo-server

# Startup with persistence
./target/release/ordo-server --rules-dir ./rules

# Full configuration
./target/release/ordo-server \
    --http-addr 0.0.0.0:8080 \
    --grpc-addr 0.0.0.0:50051 \
    --rules-dir ./rules \
    --audit-dir ./audit \
    --log-level info

Environment Variables

VariableDescriptionDefault
ORDO_HTTP_ADDRHTTP address0.0.0.0:8080
ORDO_GRPC_ADDRgRPC address0.0.0.0:50051
ORDO_UDS_PATHUnix Socket path-
ORDO_DISABLE_HTTPDisable HTTPfalse
ORDO_DISABLE_GRPCDisable gRPCfalse
ORDO_LOG_LEVELLog levelinfo
ORDO_RULES_DIRRules persistence directory-
ORDO_MAX_VERSIONSMax version count10
ORDO_AUDIT_DIRAudit log directory-
ORDO_AUDIT_SAMPLE_RATEAudit sample rate (0-100)10
ORDO_DEBUG_MODEDebug modefalse

Multi-tenancy Configuration

VariableDescriptionDefault
ORDO_MULTI_TENANCY_ENABLEDEnable multi-tenancyfalse
ORDO_DEFAULT_TENANTDefault tenant IDdefault
ORDO_DEFAULT_TENANT_QPSDefault QPS limit-
ORDO_DEFAULT_TENANT_BURSTDefault burst limit-
ORDO_DEFAULT_TENANT_TIMEOUT_MSExecution timeout (ms)100
ORDO_TENANTS_DIRTenant config directory-

Signature Verification Configuration

VariableDescriptionDefault
ORDO_SIGNATURE_ENABLEDEnable signature verificationfalse
ORDO_SIGNATURE_REQUIREReject unsigned rulesfalse
ORDO_SIGNATURE_TRUSTED_KEYSTrusted public keys (comma-separated)-
ORDO_SIGNATURE_TRUSTED_KEYS_FILEPublic key file path-
ORDO_SIGNATURE_ALLOW_UNSIGNED_LOCALAllow unsigned local rulestrue

Docker Deployment

Dockerfile

dockerfile
FROM rust:1.75 as builder
WORKDIR /app
COPY . .
RUN cargo build --release

FROM debian:bookworm-slim
COPY --from=builder /app/target/release/ordo-server /usr/local/bin/
EXPOSE 8080 50051
CMD ["ordo-server"]

Run Container

bash
docker run -d \
    -p 8080:8080 \
    -p 50051:50051 \
    -v $(pwd)/rules:/app/rules \
    -e ORDO_RULES_DIR=/app/rules \
    -e RUST_LOG=info \
    ghcr.io/pama-lee/ordo-server:latest

Nomad Deployment

Production Configuration

hcl
job "ordo-server" {
  datacenters = ["dc1"]
  type = "service"
  
  update {
    max_parallel     = 1
    min_healthy_time = "10s"
    healthy_deadline = "3m"
    auto_revert      = true
  }
  
  group "ordo" {
    count = 1
    
    network {
      port "http" { static = 8080 }
      port "grpc" { static = 50051 }
    }
    
    service {
      name     = "ordo-http"
      port     = "http"
      provider = "nomad"
      
      check {
        name     = "http-health"
        type     = "http"
        path     = "/health"
        interval = "10s"
        timeout  = "3s"
      }
    }
    
    task "ordo-server" {
      driver = "docker"
      
      config {
        image = "ghcr.io/pama-lee/ordo-server:latest"
        ports = ["http", "grpc"]
      }
      
      env {
        RUST_LOG = "info"
      }
      
      resources {
        cpu    = 500
        memory = 256
      }
    }
  }
}

Deployment Commands

bash
cd deploy/nomad
nomad job run ordo-server.nomad
nomad job status ordo-server

API Endpoints

HTTP API

EndpointMethodDescription
/healthGETHealth check
/metricsGETPrometheus metrics
/api/v1/rulesetsGETList all rules
/api/v1/rulesets/:nameGET/PUT/DELETEManage rules
/api/v1/execute/:namePOSTExecute rule
/api/v1/rulesets/:name/versionsGETVersion history
/api/v1/rulesets/:name/rollbackPOSTRollback version

Execute Rule

bash
curl -X POST http://localhost:8080/api/v1/execute/discount-check \
    -H "Content-Type: application/json" \
    -d '{"input": {"user": {"vip": true}, "order": {"amount": 500}}}'

Monitoring Metrics

Prometheus Metrics

code
ordo_info{version="0.2.0"} 1
ordo_uptime_seconds 3600
ordo_rules_total 12
ordo_executions_total{ruleset="payment-check",result="success"} 1000
ordo_execution_duration_seconds_bucket{ruleset="payment-check",le="0.001"} 950
ordo_execution_duration_seconds_sum{ruleset="payment-check"} 1.5

Grafana Dashboard Queries

promql
# QPS
rate(ordo_executions_total[5m])

# Average latency
rate(ordo_execution_duration_seconds_sum[5m]) / rate(ordo_executions_total[5m])

# P99 latency
histogram_quantile(0.99, rate(ordo_execution_duration_seconds_bucket[5m]))

# Error rate
rate(ordo_executions_total{result="error"}[5m]) / rate(ordo_executions_total[5m])

Audit Logging

Enable Audit

bash
./ordo-server --audit-dir ./audit --audit-sample-rate 10

Log Format (JSON Lines)

json
{"timestamp":"2024-01-08T10:00:00.123Z","level":"INFO","event":"server_started","version":"0.2.0"}
{"timestamp":"2024-01-08T10:00:01.456Z","level":"INFO","event":"rule_created","rule_name":"payment"}
{"timestamp":"2024-01-08T10:00:02.789Z","level":"INFO","event":"rule_executed","rule_name":"payment","duration_us":1500}

Dynamic Sample Rate Adjustment

bash
# Get current sample rate
curl http://localhost:8080/api/v1/config/audit-sample-rate

# Update sample rate
curl -X PUT http://localhost:8080/api/v1/config/audit-sample-rate \
    -H "Content-Type: application/json" \
    -d '{"sample_rate": 50}'

CLI Tools

Key Generation

bash
./ordo-keygen --output keys/
# Generates: keys/private.key, keys/public.key

Rule Signing

bash
./ordo-sign --key keys/private.key --input rule.json --output rule.signed.json

Signature Verification

bash
./ordo-verify --key keys/public.key --input rule.signed.json

Key Files

  • crates/ordo-server/src/config.rs - Server configuration
  • crates/ordo-server/src/api.rs - HTTP API
  • crates/ordo-server/src/grpc.rs - gRPC service
  • crates/ordo-server/src/metrics.rs - Prometheus metrics
  • crates/ordo-server/src/audit.rs - Audit logging
  • deploy/nomad/ - Nomad deployment configuration