iOS 开发选 Core ML 还是 Forge,移动端推理框架深度对比
2026/6/1 15:25:40
#!/bin/bash set -e SAFELINE_DIR="/data/safeline" MGT_PORT="9443" POSTGRES_PASSWORD="SafelineDBPass123" DNS1="223.5.5.5" DNS2="119.29.29.29" DNS3="8.8.8.8" echo "========== 1. 检查系统 ==========" cat /etc/os-release || true uname -a echo "========== 2. 检查 CPU 指令集 ==========" if lscpu | grep -qi ssse3; then echo "CPU 支持 ssse3,满足雷池 x86_64 基础要求" else echo "错误:CPU 不支持 ssse3,x86_64 架构下不建议继续安装雷池" exit 1 fi echo "========== 3. 处理 DNS 配置,避免 tengine IPv6 resolver 报错 ==========" if [ -f /etc/resolv.conf ]; then echo "当前 /etc/resolv.conf 内容:" cat /etc/resolv.conf || true fi NEED_FIX_DNS=0 if grep -qE 'fe80::|%[a-zA-Z0-9_.:-]+' /etc/resolv.conf 2>/dev/null; then NEED_FIX_DNS=1 fi if [ "${NEED_FIX_DNS}" -eq 1 ]; then echo "检测到 /etc/resolv.conf 中存在 IPv6 Link-local DNS 或带 %网卡名 的 DNS,开始修复..." cp -a /etc/resolv.conf "/etc/resolv.conf.bak.$(date +%F_%H%M%S)" || true cat > /etc/resolv.conf << EOF nameserver ${DNS1} nameserver ${DNS2} nameserver ${DNS3} EOF echo "已临时写入 IPv4 DNS:" cat /etc/resolv.conf if command -v nmcli >/dev/null 2>&1 && systemctl is-active --quiet NetworkManager; then echo "检测到 NetworkManager 正在运行,尝试关闭自动 IPv6 DNS..." DEFAULT_CON=$(nmcli -t -f NAME,DEVICE con show --active | awk -F: 'NR==1{print $1}') if [ -n "${DEFAULT_CON}" ]; then echo "当前活动连接:${DEFAULT_CON}" nmcli con mod "${DEFAULT_CON}" ipv4.ignore-auto-dns yes || true nmcli con mod "${DEFAULT_CON}" ipv4.dns "${DNS1} ${DNS2} ${DNS3}" || true nmcli con mod "${DEFAULT_CON}" ipv6.ignore-auto-dns yes || true nmcli con up "${DEFAULT_CON}" || true cat > /etc/resolv.conf << EOF nameserver ${DNS1} nameserver ${DNS2} nameserver ${DNS3} EOF echo "NetworkManager DNS 配置已处理。" else echo "未找到活动 NetworkManager 连接,跳过 nmcli 配置。" fi fi else echo "未检测到异常 IPv6 Link-local DNS,跳过 DNS 修复。" fi echo "最终 /etc/resolv.conf 内容:" cat /etc/resolv.conf || true if grep -qE 'fe80::|%[a-zA-Z0-9_.:-]+' /etc/resolv.conf 2>/dev/null; then echo "错误:/etc/resolv.conf 中仍存在 fe80:: 或 %网卡名 DNS,可能继续导致 tengine 启动失败。" echo "请手动检查 /etc/resolv.conf。" exit 1 fi echo "========== 4. 清理旧版 Docker 组件 ==========" dnf remove -y docker \ docker-client \ docker-client-latest \ docker-common \ docker-latest \ docker-latest-logrotate \ docker-logrotate \ docker-engine \ podman-docker \ runc || true echo "========== 5. 安装 Docker CE ==========" dnf install -y https://mirrors.aliyun.com/docker-ce/linux/rhel/9.9/x86_64/stable/Packages/containerd.io-2.2.4-1.el9.x86_64.rpm dnf install -y https://mirrors.aliyun.com/docker-ce/linux/rhel/9.9/x86_64/stable/Packages/docker-ce-cli-29.5.2-1.el9.x86_64.rpm dnf install -y https://mirrors.aliyun.com/docker-ce/linux/rhel/9.9/x86_64/stable/Packages/docker-ce-29.5.2-1.el9.x86_64.rpm dnf install -y https://mirrors.aliyun.com/docker-ce/linux/rhel/9.9/x86_64/stable/Packages/docker-compose-plugin-5.1.4-1.el9.x86_64.rpm echo "========== 6. 启动 Docker 服务 ==========" systemctl daemon-reload systemctl enable --now containerd systemctl enable --now docker echo "========== 7. 修复 Docker iptables 链异常 ==========" systemctl restart docker if ! iptables -t filter -L 2>/dev/null | grep -q "DOCKER"; then echo "警告:未检测到 Docker iptables 链,后续创建 Docker 网络可能失败。" echo "当前 iptables 版本:" iptables -V || true else echo "Docker iptables 链检测正常。" fi echo "========== 8. 验证 Docker 版本 ==========" docker version docker compose version echo "========== 9. 创建雷池安装目录 ==========" mkdir -p "${SAFELINE_DIR}" cd "${SAFELINE_DIR}" echo "========== 10. 下载雷池镜像包 ==========" if [ ! -f image.tar.gz ]; then wget -O image.tar.gz "https://demo.waf-ce.chaitin.cn/image.tar.gz" else echo "image.tar.gz 已存在,跳过下载" fi echo "========== 11. 创建 .env 配置文件 ==========" cat > .env << EOF SAFELINE_DIR=${SAFELINE_DIR} IMAGE_TAG=latest MGT_PORT=${MGT_PORT} POSTGRES_PASSWORD=${POSTGRES_PASSWORD} SUBNET_PREFIX=172.22.222 IMAGE_PREFIX=swr.cn-east-3.myhuaweicloud.com/chaitin-safeline ARCH_SUFFIX= RELEASE= REGION= MGT_PROXY=0 EOF echo "========== 12. 下载雷池 compose.yaml ==========" if [ ! -f compose.yaml ]; then wget -O compose.yaml "https://waf-ce.chaitin.cn/release/latest/compose.yaml" else echo "compose.yaml 已存在,跳过下载" fi echo "========== 13. 清理可能残留的雷池网络 ==========" docker network rm safeline-ce 2>/dev/null || true echo "========== 15. 启动雷池 ==========" docker compose up -d echo "========== 16. 查看容器状态 ==========" docker compose ps SERVER_IP=$(hostname -I | awk '{print $1}') sleep 10 docker exec safeline-mgt resetadmin echo "================================================" echo "雷池 WAF 安装完成" echo "控制台地址:https://${SERVER_IP}:${MGT_PORT}" echo "================================================"