升级EMQX的版本为5.8.8

2025-12-08 22:29:38 +08:00
parent baf9272e2d
commit 1d42f28c7e
7 changed files with 353 additions and 200 deletions
--- a/.idea/workspace.xml
+++ b/.idea/workspace.xml
@@ -4,50 +4,15 @@
    <option name="autoReloadType" value="SELECTIVE" />
  </component>
  <component name="ChangeListManager">
-    <list default="true" id="6047a167-18d5-4f8e-a170-63c3fd101bda" name="Changes" comment="uas-agent yaml">
+    <list default="true" id="6047a167-18d5-4f8e-a170-63c3fd101bda" name="Changes" comment="新增xa空能院项目，新增大量的更新内容">
-      <change afterPath="$PROJECT_DIR$/.run/agent-wdd运行.run.xml" afterDir="false" />
+      <change afterPath="$PROJECT_DIR$/.run/查询可删除Tag3580.run.xml" afterDir="false" />
      <change afterPath="$PROJECT_DIR$/agent-common/SplitProject/监管平台-Doris-k8s/doris-be-configmap.yaml" afterDir="false" />
      <change afterPath="$PROJECT_DIR$/agent-common/SplitProject/监管平台-Doris-k8s/doris-be-internal-service.yaml" afterDir="false" />
      <change afterPath="$PROJECT_DIR$/agent-common/SplitProject/监管平台-Doris-k8s/doris-be-service.yaml" afterDir="false" />
      <change afterPath="$PROJECT_DIR$/agent-common/SplitProject/监管平台-Doris-k8s/doris-be-statusfulset.yaml" afterDir="false" />
      <change afterPath="$PROJECT_DIR$/agent-common/SplitProject/监管平台-Doris-k8s/doris-fe-configmap.yaml" afterDir="false" />
      <change afterPath="$PROJECT_DIR$/agent-common/SplitProject/监管平台-Doris-k8s/doris-fe-internal-service.yaml" afterDir="false" />
      <change afterPath="$PROJECT_DIR$/agent-common/SplitProject/监管平台-Doris-k8s/doris-fe-service.yaml" afterDir="false" />
      <change afterPath="$PROJECT_DIR$/agent-common/SplitProject/监管平台-Doris-k8s/doris-fe-statusfulset.yaml" afterDir="false" />
      <change afterPath="$PROJECT_DIR$/agent-common/SplitProject/监管平台-Doris-k8s/修改pvc-然后statefulset中的image.txt" afterDir="false" />
      <change afterPath="$PROJECT_DIR$/agent-operator/image/HarborTagParser.go" afterDir="false" />
      <change afterPath="$PROJECT_DIR$/agent-operator/image/HarborTagParser.md" afterDir="false" />
      <change afterPath="$PROJECT_DIR$/agent-wdd/0-设计规范/初始设计稿.md" afterDir="false" />
      <change afterPath="$PROJECT_DIR$/agent-wdd/a_run/cmi-deploy-运行顺序.sh" afterDir="false" />
      <change beforePath="$PROJECT_DIR$/.idea/workspace.xml" beforeDir="false" afterPath="$PROJECT_DIR$/.idea/workspace.xml" afterDir="false" />
-      <change beforePath="$PROJECT_DIR$/.run/CmiiUpdater-35.70.run.xml" beforeDir="false" />
+      <change beforePath="$PROJECT_DIR$/agent-deploy/c_middle/CmiiEmqxTemplate.go" beforeDir="false" afterPath="$PROJECT_DIR$/agent-deploy/c_middle/CmiiEmqxTemplate.go" afterDir="false" />
      <change beforePath="$PROJECT_DIR$/.run/DCU全部CMII镜像.run.xml" beforeDir="false" afterPath="$PROJECT_DIR$/.run/DCU全部CMII镜像.run.xml" afterDir="false" />
      <change beforePath="$PROJECT_DIR$/.run/DEMO更新-3570.run.xml" beforeDir="false" />
      <change beforePath="$PROJECT_DIR$/.run/DEMO重启-3570.run.xml" beforeDir="false" />
      <change beforePath="$PROJECT_DIR$/.run/Middle镜像-35.70.run.xml" beforeDir="false" afterPath="$PROJECT_DIR$/.run/Middle镜像-35.70.run.xml" afterDir="false" />
      <change beforePath="$PROJECT_DIR$/.run/Middle镜像-ARM-11.8.run.xml" beforeDir="false" afterPath="$PROJECT_DIR$/.run/Middle镜像-ARM-11.8.run.xml" afterDir="false" />
      <change beforePath="$PROJECT_DIR$/.run/查询应用分支-3570.run.xml" beforeDir="false" afterPath="$PROJECT_DIR$/.run/DCU-RKE-35.80.run.xml" afterDir="false" />
      <change beforePath="$PROJECT_DIR$/.run/清理CMII镜像-35.80.run.xml" beforeDir="false" afterPath="$PROJECT_DIR$/.run/清理CMII镜像-35.80.run.xml" afterDir="false" />
      <change beforePath="$PROJECT_DIR$/.run/重启DEMO-3570.run.xml" beforeDir="false" />
      <change beforePath="$PROJECT_DIR$/.run/院内Harbor清理-35.70.run.xml" beforeDir="false" afterPath="$PROJECT_DIR$/.run/查询可删除Tag3580.run.xml" afterDir="false" />
      <change beforePath="$PROJECT_DIR$/agent-common/SplitProject/监管平台-Doris-k8s/doris-deployment.yaml" beforeDir="false" />
      <change beforePath="$PROJECT_DIR$/agent-common/SplitProject/监管平台-Doris-k8s/doris-pvc.yaml" beforeDir="false" afterPath="$PROJECT_DIR$/agent-common/SplitProject/监管平台-Doris-k8s/doris-pvc.yaml" afterDir="false" />
      <change beforePath="$PROJECT_DIR$/agent-common/logger/logger.go" beforeDir="false" afterPath="$PROJECT_DIR$/agent-common/logger/logger.go" afterDir="false" />
      <change beforePath="$PROJECT_DIR$/agent-common/real_project/CmiiImageListConfig.go" beforeDir="false" afterPath="$PROJECT_DIR$/agent-common/real_project/CmiiImageListConfig.go" afterDir="false" />
      <change beforePath="$PROJECT_DIR$/agent-common/real_project/cmii-uavms-pyfusion.yaml" beforeDir="false" afterPath="$PROJECT_DIR$/agent-common/real_project/cmii-uavms-pyfusion.yaml" afterDir="false" />
      <change beforePath="$PROJECT_DIR$/agent-deploy/d_app/CmiiImageConfig.go" beforeDir="false" afterPath="$PROJECT_DIR$/agent-deploy/d_app/CmiiImageConfig.go" afterDir="false" />
      <change beforePath="$PROJECT_DIR$/agent-deploy/d_app/FrontendConfigMap.go" beforeDir="false" afterPath="$PROJECT_DIR$/agent-deploy/d_app/FrontendConfigMap.go" afterDir="false" />
      <change beforePath="$PROJECT_DIR$/agent-operator/CmiiDeployOperator.go" beforeDir="false" afterPath="$PROJECT_DIR$/agent-operator/CmiiDeployOperator.go" afterDir="false" />
      <change beforePath="$PROJECT_DIR$/agent-operator/CmiiDeployOperator_test.go" beforeDir="false" afterPath="$PROJECT_DIR$/agent-operator/CmiiDeployOperator_test.go" afterDir="false" />
-      <change beforePath="$PROJECT_DIR$/agent-operator/CmiiImageSyncOperator.go" beforeDir="false" afterPath="$PROJECT_DIR$/agent-operator/CmiiImageSyncOperator.go" afterDir="false" />
+      <change beforePath="$PROJECT_DIR$/agent-wdd/a_run/cmi-deploy-运行顺序.sh" beforeDir="false" afterPath="$PROJECT_DIR$/agent-wdd/a_run/cmi-deploy-运行顺序.sh" afterDir="false" />
-      <change beforePath="$PROJECT_DIR$/agent-operator/CmiiImageSyncOperator_test.go" beforeDir="false" afterPath="$PROJECT_DIR$/agent-operator/CmiiImageSyncOperator_test.go" afterDir="false" />
+      <change beforePath="$PROJECT_DIR$/agent-wdd/build/agent-wdd_linux_amd64" beforeDir="false" afterPath="$PROJECT_DIR$/agent-wdd/build/agent-wdd_linux_amd64" afterDir="false" />
      <change beforePath="$PROJECT_DIR$/agent-operator/CmiiK8sOperator.go" beforeDir="false" afterPath="$PROJECT_DIR$/agent-operator/CmiiK8sOperator.go" afterDir="false" />
      <change beforePath="$PROJECT_DIR$/agent-operator/image/HarborOperator_test.go" beforeDir="false" afterPath="$PROJECT_DIR$/agent-operator/image/HarborOperator_test.go" afterDir="false" />
      <change beforePath="$PROJECT_DIR$/agent-operator/image/ImageOperator.go" beforeDir="false" afterPath="$PROJECT_DIR$/agent-operator/image/ImageOperator.go" afterDir="false" />
      <change beforePath="$PROJECT_DIR$/agent-wdd/cmd/Base.go" beforeDir="false" afterPath="$PROJECT_DIR$/agent-wdd/cmd/Base.go" afterDir="false" />
      <change beforePath="$PROJECT_DIR$/agent-wdd/cmd/beans/SshSysConfig.go" beforeDir="false" afterPath="$PROJECT_DIR$/agent-wdd/cmd/beans/SshSysConfig.go" afterDir="false" />
      <change beforePath="$PROJECT_DIR$/agent-wdd/host_info/Config.go" beforeDir="false" afterPath="$PROJECT_DIR$/agent-wdd/host_info/Config.go" afterDir="false" />
      <change beforePath="$PROJECT_DIR$/agent-wdd/main.go" beforeDir="false" afterPath="$PROJECT_DIR$/agent-wdd/main.go" afterDir="false" />
    </list>
    <option name="SHOW_DIALOG" value="false" />
    <option name="HIGHLIGHT_CONFLICTS" value="true" />
@@ -99,6 +64,8 @@
    "Go Test.3580-cmii镜像.executor": "Run",
    "Go Test.DCU-RKE-35.80.executor": "Run",
    "Go Test.DCU全部CMII镜像.executor": "Run",
    "Go Test.TestCmiiEnvDeploy_WddSuperCluster in wdd.io/agent-operator (1).executor": "Run",
    "Go Test.TestCmiiEnvDeploy_WddSuperCluster in wdd.io/agent-operator.executor": "Run",
    "Go Test.TestCmiiEnvDeploy_XiongAnKongNengYuan in wdd.io/agent-operator.executor": "Run",
    "Go Test.TestCmiiEnvDeploy_ZhejiangErjiPingTai in wdd.io/agent-operator.executor": "Run",
    "Go Test.TestHarborOperator_ArtifactListAll in wdd.io/agent-operator/image (1).executor": "Run",
@@ -132,8 +99,8 @@
      <recent name="C:\Users\wddsh\Documents\IdeaProjects\WddSuperAgent\agent-common\real_project\pre_pro" />
    </key>
  </component>
-  <component name="RunManager" selected="Go Test.DCU-RKE-35.80">
+  <component name="RunManager" selected="Go Test.TestCmiiEnvDeploy_WddSuperCluster in wdd.io/agent-operator (1)">
-    <configuration name="TestCmiiEnvDeploy_XiongAnKongNengYuan in wdd.io/agent-operator" type="GoTestRunConfiguration" factoryName="Go Test" temporary="true" nameIsGenerated="true">
+    <configuration name="TestCmiiEnvDeploy_WddSuperCluster in wdd.io/agent-operator (1)" type="GoTestRunConfiguration" factoryName="Go Test" temporary="true" nameIsGenerated="true">
      <module name="WddSuperAgent" />
      <working_directory value="$PROJECT_DIR$/agent-operator" />
      <kind value="PACKAGE" />
@@ -141,7 +108,18 @@
      <directory value="$PROJECT_DIR$" />
      <filePath value="$PROJECT_DIR$" />
      <framework value="gotest" />
-      <pattern value="^\QTestCmiiEnvDeploy_XiongAnKongNengYuan\E$" />
+      <pattern value="^\QTestCmiiEnvDeploy_WddSuperCluster\E$" />
      <method v="2" />
    </configuration>
    <configuration name="TestCmiiEnvDeploy_WddSuperCluster in wdd.io/agent-operator" type="GoTestRunConfiguration" factoryName="Go Test" temporary="true" nameIsGenerated="true">
      <module name="WddSuperAgent" />
      <working_directory value="$PROJECT_DIR$/agent-operator" />
      <kind value="PACKAGE" />
      <package value="wdd.io/agent-operator" />
      <directory value="$PROJECT_DIR$" />
      <filePath value="$PROJECT_DIR$" />
      <framework value="gotest" />
      <pattern value="^\QTestCmiiEnvDeploy_WddSuperCluster\E$" />
      <method v="2" />
    </configuration>
    <configuration name="TestCmiiEnvDeploy_XiongAnKongNengYuan in wdd.io/agent-operator" type="GoTestRunConfiguration" factoryName="Go Test" temporary="true" nameIsGenerated="true">
@@ -207,14 +185,23 @@
      <item itemvalue="Go Test.CMII镜像同步-11.8-ARM" />
      <item itemvalue="Go Test.Middle镜像-35.70" />
      <item itemvalue="Go Test.Middle镜像-ARM-11.8" />
      <item itemvalue="Go Test.TestCmiiEnvDeploy_WddSuperCluster in wdd.io/agent-operator (1)" />
      <item itemvalue="Go Test.TestCmiiEnvDeploy_WddSuperCluster in wdd.io/agent-operator" />
      <item itemvalue="Go Test.TestCmiiEnvDeploy_ZhejiangErjiPingTai in wdd.io/agent-operator" />
      <item itemvalue="PowerShell.one-build-and-upload.ps1" />
      <item itemvalue="PowerShell.one-build-and-upload.ps1 (1)" />
    </list>
    <recent_temporary>
      <list>
        <item itemvalue="Go Test.TestCmiiEnvDeploy_WddSuperCluster in wdd.io/agent-operator (1)" />
        <item itemvalue="Go Test.TestCmiiEnvDeploy_WddSuperCluster in wdd.io/agent-operator" />
      </list>
    </recent_temporary>
  </component>
  <component name="SharedIndexes">
    <attachedChunks>
      <set>
-        <option value="bundled-js-predefined-d6986cc7102b-3aa1da707db6-JavaScript-IU-252.27397.103" />
+        <option value="bundled-js-predefined-d6986cc7102b-a71380e98a7c-JavaScript-IU-252.28238.7" />
      </set>
    </attachedChunks>
  </component>
@@ -288,7 +275,16 @@
      <workItem from="1760849473290" duration="4000" />
      <workItem from="1762225804520" duration="7913000" />
      <workItem from="1762323414681" duration="29000" />
-      <workItem from="1762324079620" duration="6822000" />
+      <workItem from="1762324079620" duration="8508000" />
      <workItem from="1762480815262" duration="464000" />
      <workItem from="1762481666180" duration="2275000" />
      <workItem from="1762761070202" duration="5077000" />
      <workItem from="1763951884672" duration="210000" />
      <workItem from="1764571049911" duration="299000" />
      <workItem from="1765026295225" duration="1612000" />
      <workItem from="1765195480348" duration="861000" />
      <workItem from="1765196757955" duration="1945000" />
      <workItem from="1765203811685" duration="290000" />
    </task>
    <task id="LOCAL-00001" summary="git">
      <option name="closed" value="true" />
@@ -306,7 +302,15 @@
      <option name="project" value="LOCAL" />
      <updated>1747276548488</updated>
    </task>
-    <option name="localTasksCounter" value="3" />
+    <task id="LOCAL-00003" summary="新增xa空能院项目，新增大量的更新内容">
      <option name="closed" value="true" />
      <created>1762332282382</created>
      <option name="number" value="00003" />
      <option name="presentableId" value="LOCAL-00003" />
      <option name="project" value="LOCAL" />
      <updated>1762332282382</updated>
    </task>
    <option name="localTasksCounter" value="4" />
    <servers />
  </component>
  <component name="TypeScriptGeneratedFilesManager">
@@ -315,7 +319,8 @@
  <component name="VcsManagerConfiguration">
    <MESSAGE value="git" />
    <MESSAGE value="uas-agent yaml" />
-    <option name="LAST_COMMIT_MESSAGE" value="uas-agent yaml" />
+    <MESSAGE value="新增xa空能院项目，新增大量的更新内容" />
    <option name="LAST_COMMIT_MESSAGE" value="新增xa空能院项目，新增大量的更新内容" />
  </component>
  <component name="VgoProject">
    <settings-migrated>true</settings-migrated>
--- a/.run/查询可删除Tag3580.run.xml
+++ b/.run/查询可删除Tag3580.run.xml
@@ -0,0 +1,15 @@
 <component name="ProjectRunConfigurationManager">
  <configuration default="false" name="查询可删除Tag3580" type="GoTestRunConfiguration" factoryName="Go Test">
    <module name="WddSuperAgent" />
    <target name="dev-35.80" />
    <working_directory value="$PROJECT_DIR$/agent-operator/image" />
    <root_directory value="$PROJECT_DIR$/agent-operator" />
    <kind value="PACKAGE" />
    <package value="wdd.io/agent-operator/image" />
    <directory value="$PROJECT_DIR$" />
    <filePath value="$PROJECT_DIR$" />
    <framework value="gotest" />
    <pattern value="^\QTestHarborOperator_ArtifactListAll\E$" />
    <method v="2" />
  </configuration>
 </component>
--- a/agent-deploy/c_middle/CmiiEmqxTemplate.go
+++ b/agent-deploy/c_middle/CmiiEmqxTemplate.go
@@ -1,11 +1,13 @@
 package c_middle
 const CmiiEmqxTemplate = `
 ---
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: helm-emqxs
  namespace: {{ .Namespace }}
 ---
 apiVersion: v1
 kind: ConfigMap
@@ -20,62 +22,141 @@ metadata:
    app.kubernetes.io/managed-by: octopus-control
    app.kubernetes.io/version: {{ .TagVersion }}
 data:
-  EMQX_CLUSTER__K8S__APISERVER: "https://kubernetes.default.svc.cluster.local:443"
+  # 集群相关
  EMQX_NAME: "helm-emqxs"
  EMQX_CLUSTER__DISCOVERY: "k8s"
  EMQX_CLUSTER__K8S__APISERVER: "https://kubernetes.default.svc.cluster.local:443"
  EMQX_CLUSTER__K8S__APP_NAME: "helm-emqxs"
  EMQX_CLUSTER__K8S__SERVICE_NAME: "helm-emqxs-headless"
  EMQX_CLUSTER__K8S__ADDRESS_TYPE: "dns"
-  EMQX_CLUSTER__K8S__namespace: "{{ .Namespace }}"
+  EMQX_CLUSTER__K8S__NAMESPACE: "{{ .Namespace }}"
  EMQX_CLUSTER__K8S__SUFFIX: "svc.cluster.local"
-  EMQX_ALLOW_ANONYMOUS: "false"
+  # 关闭匿名，默认 ACL 不匹配拒绝
-  EMQX_ACL_NOMATCH: "deny"
+  EMQX_AUTH__ALLOW_ANONYMOUS: "false"
  EMQX_AUTHZ__NO_MATCH: "deny"
  # Dashboard 初始管理员密码（只在第一次启动时生效）
  EMQX_DASHBOARD__DEFAULT_PASSWORD: "{{ .EmqxPassword }}"
 ---
 apiVersion: v1
 kind: ConfigMap
 metadata:
-  name: helm-emqxs-cm
+  name: helm-emqxs-init-script
  namespace: {{ .Namespace }}
  labels:
    cmii.type: middleware
    cmii.app: helm-emqxs
    cmii.emqx.architecture: cluster
    helm.sh/chart: emqx-1.1.0
    app.kubernetes.io/managed-by: octopus-control
    app.kubernetes.io/version: {{ .TagVersion }}
 data:
-  emqx_auth_mnesia.conf: |-
+  init-mqtt-user.sh: |
-    auth.mnesia.password_hash = sha256
+    #!/bin/sh
    set -e
    DASHBOARD_USER="admin"
    DASHBOARD_PASS="{{ .EmqxPassword }}"
    MQTT_USER="admin"
    MQTT_PASS="{{ .EmqxPassword }}"
    # 等待 EMQX 本地 API 就绪
    EMQX_API="http://localhost:18083/api/v5"
    echo "等待 EMQX API 就绪..."
    for i in $(seq 1 120); do
      if curl -s -f -m 5 "${EMQX_API}/status" > /dev/null 2>&1; then
        echo "EMQX API 已就绪"
        break
      fi
      echo "等待中... ($i/120)"
      sleep 5
    done
    # 修改 Dashboard 管理员密码
    echo "修改 Dashboard 管理员密码..."
    /opt/emqx/bin/emqx ctl admins passwd "${DASHBOARD_USER}" "${DASHBOARD_PASS}" || echo "密码可能已设置"
    echo "Dashboard 密码设置完成"
    # 获取 Dashboard Token
    echo "获取 Dashboard Token..."
    TOKEN=$(curl -s -X POST "${EMQX_API}/login" \
      -H 'Content-Type: application/json' \
      -d "{\"username\":\"${DASHBOARD_USER}\",\"password\":\"${DASHBOARD_PASS}\"}" \
      | grep -o '"token":"[^"]*' | cut -d'"' -f4)
    if [ -z "$TOKEN" ]; then
      echo "ERROR: 无法获取 Token"
      exit 1
    fi
    echo "Token 获取成功"
    # 创建内置数据库认证器（使用 listeners 作用域）
    echo "检查并创建内置数据库认证器..."
    # 为 tcp:default listener 添加认证器
    echo "为 listener tcp:default 配置认证器..."
    curl -s -X POST "${EMQX_API}/authentication/tcp:default" \
      -H "Authorization: Bearer ${TOKEN}" \
      -H 'Content-Type: application/json' \
      -d '{
      "mechanism": "password_based",
      "backend": "built_in_database",
      "user_id_type": "username",
      "password_hash_algorithm": {
        "name": "sha256",
        "salt_position": "suffix"
      }
    }' 2>/dev/null || echo "tcp:default 认证器可能已存在"
    # 为 ws:default listener 添加认证器
    echo "为 listener ws:default 配置认证器..."
    curl -s -X POST "${EMQX_API}/authentication/ws:default" \
      -H "Authorization: Bearer ${TOKEN}" \
      -H 'Content-Type: application/json' \
      -d '{
      "mechanism": "password_based",
      "backend": "built_in_database",
      "user_id_type": "username",
      "password_hash_algorithm": {
        "name": "sha256",
        "salt_position": "suffix"
      }
    }' 2>/dev/null || echo "ws:default 认证器可能已存在"
    # 等待认证器创建完成
    sleep 2
    # 创建 MQTT 用户
    echo "创建 MQTT 用户: ${MQTT_USER}..."
    curl -s -X POST "${EMQX_API}/authentication/password_based:built_in_database/users?listener_id=tcp:default" \
      -H "Authorization: Bearer ${TOKEN}" \
      -H 'Content-Type: application/json' \
      -d "{\"user_id\":\"${MQTT_USER}\",\"password\":\"${MQTT_PASS}\",\"is_superuser\":true}" \
      2>/dev/null || echo "用户可能已存在，尝试更新..."
    # 尝试更新密码
    curl -s -X PUT "${EMQX_API}/authentication/password_based:built_in_database/users/${MQTT_USER}?listener_id=tcp:default" \
      -H "Authorization: Bearer ${TOKEN}" \
      -H 'Content-Type: application/json' \
      -d "{\"password\":\"${MQTT_PASS}\",\"is_superuser\":true}" \
      2>/dev/null || true
    echo "MQTT 用户创建/更新完成"
    # 创建授权规则
    echo "配置授权规则..."
    # 创建内置数据库授权源
    curl -s -X POST "${EMQX_API}/authorization/sources" \
      -H "Authorization: Bearer ${TOKEN}" \
      -H 'Content-Type: application/json' \
      -d '{
      "type": "built_in_database",
      "enable": true
    }' 2>/dev/null || echo "授权源可能已存在"
    sleep 2
    # 为 admin 用户添加授权规则（使用数组格式）
    echo "为 ${MQTT_USER} 用户添加 ACL 规则..."
    curl -s -X POST "${EMQX_API}/authorization/sources/built_in_database/rules/users" \
      -H "Authorization: Bearer ${TOKEN}" \
      -H 'Content-Type: application/json' \
      -d "[{\"username\":\"${MQTT_USER}\",\"rules\":[{\"action\":\"all\",\"permission\":\"allow\",\"topic\":\"#\"}]}]" \
      2>/dev/null && echo "ACL 规则创建成功" || echo "规则可能已存在，尝试更新..."
    # 尝试更新规则（PUT 请求需要单个对象，不是数组）
    curl -s -X PUT "${EMQX_API}/authorization/sources/built_in_database/rules/users/${MQTT_USER}" \
      -H "Authorization: Bearer ${TOKEN}" \
      -H 'Content-Type: application/json' \
      -d "{\"rules\":[{\"action\":\"all\",\"permission\":\"allow\",\"topic\":\"#\"}]}" \
      2>/dev/null && echo "ACL 规则更新成功" || true
    echo "ACL 规则配置完成"
    echo "初始化完成！MQTT 用户: ${MQTT_USER}"
    echo "可通过以下方式连接:"
    echo " - MQTT: localhost:1883"
    echo " - WebSocket: localhost:8083"
    echo " - Dashboard: http://localhost:18083"
    echo " - 用户名: ${MQTT_USER}"
    # clientid 认证数据
    auth.client.1.clientid = admin
    auth.client.1.password = {{ .EmqxPassword }}
    auth.client.2.clientid = cmlc
    auth.client.2.password = {{ .EmqxPassword }}
    ## username 认证数据
    auth.user.1.username = admin
    auth.user.1.password = {{ .EmqxPassword }}
    auth.user.2.username = cmlc
    auth.user.2.password = {{ .EmqxPassword }}
  acl.conf: |-
    {allow, {user, "admin"}, pubsub, ["admin/#"]}.
    {allow, {user, "dashboard"}, subscribe, ["$SYS/#"]}.
    {allow, {ipaddr, "127.0.0.1"}, pubsub, ["$SYS/#", "#"]}.
    {deny, all, subscribe, ["$SYS/#", {eq, "#"}]}.
    {allow, all}.
  loaded_plugins: |-
    {emqx_auth_mnesia,true}.
    {emqx_auth_mnesia,true}.
    {emqx_management, true}.
    {emqx_recon, true}.
    {emqx_retainer, false}.
    {emqx_dashboard, true}.
    {emqx_telemetry, true}.
    {emqx_rule_engine, true}.
    {emqx_bridge_mqtt, false}.
 ---
 apiVersion: apps/v1
 kind: StatefulSet
@@ -109,16 +190,28 @@ spec:
        app.kubernetes.io/managed-by: octopus-control
        app.kubernetes.io/version: {{ .TagVersion }}
    spec:
-      affinity: {}
+      affinity:
        nodeAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            nodeSelectorTerms:
              - matchExpressions:
                  - key: uavcloud.env
                    operator: In
                    values:
                      {{- if .TenantEnv }}
                      - {{ .TenantEnv }}
                      {{- else }}
                      - {{ .Namespace }}
                      {{- end }}
      imagePullSecrets:
      - name: harborsecret
      serviceAccountName: helm-emqxs
      containers:
      - name: helm-emqxs
        {{- if .HarborPort }}
-          image: {{ .HarborIPOrCustomImagePrefix }}:{{ .HarborPort }}/cmii/emqx:5.5.1
+        image: {{ .HarborIPOrCustomImagePrefix }}:{{ .HarborPort }}/cmii/emqx:5.8.8
        {{- else }}
-          image: {{ .HarborIPOrCustomImagePrefix }}emqx:5.5.1
+        image: {{ .HarborIPOrCustomImagePrefix }}emqx:5.8.8
        {{- end }}
        imagePullPolicy: Always
        ports:
@@ -139,37 +232,45 @@ spec:
        envFrom:
        - configMapRef:
            name: helm-emqxs-env
        # 添加生命周期钩子
        lifecycle:
          postStart:
            exec:
              command:
              - /bin/sh
              - -c
              - |
                # 后台执行初始化脚本，避免阻塞容器启动
                nohup /bin/sh /scripts/init-mqtt-user.sh > /tmp/init.log 2>&1 &
        # 添加健康检查，确保 initContainer 执行时 API 已就绪
        livenessProbe:
          httpGet:
            path: /status
            port: 18083
          initialDelaySeconds: 60
          periodSeconds: 30
        readinessProbe:
          httpGet:
            path: /status
            port: 18083
          initialDelaySeconds: 10
          periodSeconds: 5
        resources: {}
        volumeMounts:
        # 5.x 默认 data 目录，包含所有持久化数据
        - name: emqx-data
-              mountPath: "/opt/emqx/data/mnesia"
+          mountPath: "/opt/emqx/data"
              readOnly: false
            - name: helm-emqxs-cm
              mountPath: "/opt/emqx/etc/plugins/emqx_auth_mnesia.conf"
              subPath: emqx_auth_mnesia.conf
              readOnly: false
 #            - name: helm-emqxs-cm
 #              mountPath: "/opt/emqx/etc/acl.conf"
 #              subPath: "acl.conf"
 #              readOnly: false
            - name: helm-emqxs-cm
              mountPath: "/opt/emqx/data/loaded_plugins"
              subPath: loaded_plugins
          readOnly: false
        - name: init-script
          mountPath: /scripts
      volumes:
      - name: emqx-data
          persistentVolumeClaim:
        claimName: helm-emqxs
-        - name: helm-emqxs-cm
+      - name: init-script
        configMap:
-            name: helm-emqxs-cm
+          name: helm-emqxs-init-script
-            items:
+          defaultMode: 0755
-              - key: emqx_auth_mnesia.conf
+
                path: emqx_auth_mnesia.conf
              - key: acl.conf
                path: acl.conf
              - key: loaded_plugins
                path: loaded_plugins
 ---
 kind: Role
 apiVersion: rbac.authorization.k8s.io/v1
@@ -177,14 +278,14 @@ metadata:
  name: helm-emqxs
  namespace: {{ .Namespace }}
 rules:
-  - apiGroups:
+- apiGroups: [""]
      - ""
  resources:
  - endpoints
  verbs:
  - get
  - watch
  - list
 ---
 kind: RoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
@@ -199,6 +300,7 @@ roleRef:
  kind: Role
  name: helm-emqxs
  apiGroup: rbac.authorization.k8s.io
 ---
 apiVersion: v1
 kind: Service
@@ -231,6 +333,7 @@ spec:
    name: mqtt-websocket
    targetPort: 8083
    nodePort: {{ .EmqxWebSocketNodePort }}
 ---
 apiVersion: v1
 kind: Service
--- a/agent-deploy/d_app/CmiiImageConfig.go
+++ b/agent-deploy/d_app/CmiiImageConfig.go
@@ -170,7 +170,7 @@ var MiddlewareAmd64 = []string{
 	"ossrs/srs:v5.0.195",
 	"ossrs/srs:v4.0-r3",
 	"emqx/emqx:4.4.19",
-	"emqx/emqx:5.5.1",
+	"harbor.cdcyy.com.cn/cmii/emqx:5.5.8",
 	"nacos/nacos-server:v2.1.2",
 	"nacos/nacos-server:v2.1.2-slim",
 	"library/mongo:5.0",
@@ -186,6 +186,7 @@ var MiddlewareAmd64 = []string{
 	"jerrychina2020/rke-tools:v0.175-linux",
 	"jerrychina2020/rke-tools:v0.175",
 	"library/busybox:latest",
 	"harbor.cdcyy.com.cn/cmii/busybox:1.37",
 	"harbor.cdcyy.com.cn/cmii/doris.be-ubuntu:2.1.6",
 	"harbor.cdcyy.com.cn/cmii/doris.fe-ubuntu:2.1.6",
 	"harbor.cdcyy.com.cn/cmii/doris.k8s-operator:1.3.1",
--- a/agent-operator/CmiiDeployOperator_test.go
+++ b/agent-operator/CmiiDeployOperator_test.go
@@ -38,6 +38,27 @@ func TestCmiiEnvDeploy(t *testing.T) {
 }
 func TestCmiiEnvDeploy_WddSuperCluster(t *testing.T) {
 	// RDMC项目的部署文件
 	commonEnv := &z_dep.CommonEnvironmentConfig{
 		WebIP:                       "192.168.40.50",
 		WebPort:                     "8088",
 		HarborIPOrCustomImagePrefix: image2.CmiiHarborPrefix,
 		HarborPort:                  "",
 		Namespace:                   "wdd-rmdc",
 		TagVersion:                  "base-1.0",
 		TenantEnv:                   "",
 		MinioPublicIP:               "",
 		MinioInnerIP:                "helm-minio",
 		NFSServerIP:                 "192.168.0.6",
 		ApplyFilePrefix:             "",
 	}
 	CmiiEnvDeployOffline(commonEnv, true, real_project.CmiiUas21XAImageList)
 }
 func TestCmiiEnvDeploy_XiongAnKongNengYuan(t *testing.T) {
 	// 雄安空能院 2025年8月7日
--- a/agent-wdd/a_run/cmi-deploy-运行顺序.sh
+++ b/agent-wdd/a_run/cmi-deploy-运行顺序.sh
@@ -1,12 +1,13 @@
 #!/usr/bin/env bash
-
+## https://cdn.dl.k8s.io/release/v1.30.14/bin/linux/amd64/kubectl
 ##
 # 下载安装最新的agent-wdd
 # 检查agent-wdd是否正常输出指令，若无则程序退出
-# 执行获取信息指令 info all
+# 执行获取信息指令 agent-wdd info all
 # 执行系统初始化操作
@@ -21,6 +22,11 @@
 # 能联网 在线安装 docker
 # 能联网 离线安装docker，指定离线安装
 # 不能联网 离线安装docker
-# 交互模式
+#
 agent-wdd base ssh config
 agent-wdd base ssh key
--- a/agent-wdd/cmd/Base.go
+++ b/agent-wdd/cmd/Base.go
@@ -45,6 +45,8 @@ var (
 	// https://download.docker.com/linux/static/stable/ 官方下载地址
 	// https://github.com/docker/compose/releases?page=8&tags=2.18.0
 	// https://cdn.dl.k8s.io/release/v1.30.14/bin/linux/amd64/kubectl
 	dockerLocalInstallPath        = "/root/wdd/docker-amd64-20.10.15.tgz"           // 本地安装docker的文件路径
 	dockerComposeLocalInstallPath = "/root/wdd/docker-compose-v2.18.0-linux-amd64"  // 本地安装docker compose的文件路径
 	harborLocalInstallPath        = "/root/wdd/harbor-offline-installer-v2.9.0.tgz" // 本地安装harbor的文件路径