runtime: mode: "d" # r=R-Mode, d=D-Mode # 可直接使用 center /api/project/bootstrap/export 导出的引导密文文件挂载启动。 project_bootstrap: cipher_text: "" # 直接填入密文(JSON/Base64 JSON) cipher_text_file: "/root/wdd/rmdc-watchdog/bootstrap-cipher.json" # 优先项:挂载的引导密文文件路径,例如 /etc/rmdc-watchdog/bootstrap/project-bootstrap.cipher.json d_mode: auto_discover_on_start: true node_request_timeout_sec: 8 exec_poll_timeout_sec: 90 exec_poll_interval_ms: 1200 # node_tls 由 center 下发的项目引导密文自动注入,禁止在本地手动配置。 nodes: - name: "node-3.31" inner_ip: "192.168.3.31" node_port: 8349 role: "worker" - name: "node-3.32" inner_ip: "192.168.3.32" node_port: 8349 role: "worker" - name: "node-3.33" inner_ip: "192.168.3.33" node_port: 8349 role: "worker" database: sqlite: path: "/root/wdd/rmdc-watchdog/watchdog.db" server: port: "8080" debug: true tls: cert_file: "/etc/rmdc-watchdog/tls/server.crt" key_file: "/etc/rmdc-watchdog/tls/server.key" mtls: client_ca_file: "/etc/rmdc-watchdog/tls/ca.crt" trusted_client_cns: - "rmdc-watchdog-agent" tier_one_auth: time_offset_allowed: 30 # 授权文件(AuthorizationFile/AuthorizationCode)的运行态都存入数据库。 # 该路径仅用于离线交付时导出“授权码字符串”(Base64),为空时不会自动写文件。 authorization: export_code_file: "" mqtt: broker: tcp://192.168.40.80:31883 username: admin password: odD8#Ve7.B keep_alive: 60 connect_timeout: 30 reconnect_interval: 5 qos: 1 clean_session: false registration: enable_totp_verification: true enable_server_totp_verification: true retry_interval: 30 max_retries: 5 kubernetes: kube_config_path: "C:\\Users\\wddsh\\Documents\\IdeaProjects\\RMDC\\rmdc-watchdog\\configs\\wdd-rmdc-kubeconfig.yaml" use_in_cluster: false security: bootstrap_token_ttl_sec: 300 bootstrap_token_header: "X-Bootstrap-Token" bootstrap_token_issue_prefix: "bt" clock_forward_threshold_sec: 7200 replay_persistence_enabled: true cors_allow_origins: - "https://ops.example.com" rate_limit_enabled: true rate_limit_global_rps: 100 rate_limit_ip_rps: 30 rate_limit_burst: 60