im-service, push-service, update-service, license-service were missing the
SPRING_DATASOURCE_URL/USERNAME/PASSWORD environment overrides that tenant-service
and file-service already had. Without these, all services connected to the
hardcoded production database (39.107.53.187) instead of the local private MySQL,
causing mutations in the private deployment to affect the public platform.
im-service also gets SPRING_DATA_REDIS_* overrides to replace the hardcoded
redisdev.xuqinmin.com Redis connection.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
WARN items include expected behaviors (login skipped in migrate mode,
JWT checks, etc.) — not just unstarted services. All services are
started by default. Changed footer to say '预期降级' instead.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- /api/private/migrate/import → /api/private/deployment/migrate/import
- replace -sf with -s + HTTP status check to surface real error message
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Docker writes data/mysql and data/redis as root; re-extracting
over them causes tar permission errors and aborts the script.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- cp nginx conf to itself caused error; file is already in place
- migration key prompt changed from silent to visible (read -rp)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Rename deploy-szyx.sh → deploy.sh, remove all customer-specific branding
- Migrate mode: prompt for pmk_ key, call public platform export API,
pipe to private import API — no MySQL credentials needed
- Remove bcrypt dependency (no longer used in script logic)
- Update install.sh and verify.sh references
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Issues found during P5-01 acceptance testing on WSL2:
configure.sh: sync MySQL/Redis host/port into config/xuqm.env (was
only writing to .env, leaving xuqm.env with hardcoded 127.0.0.1).
install.sh: add docker login step before compose up; reads
REGISTRY_USER/REGISTRY_PASSWORD from .env; --skip-registry-login
flag for offline bundles or pre-authenticated environments.
healthcheck.sh: move docs-site from required to optional container
list (image may not exist in all ACR namespaces); add localhost
fallback URL for actuator/health when CONSOLE_DOMAIN is not set;
add PRIVATE mode verification via /api/private/deployment/status.
scripts/migrate-tenant.sh (new): migrates a single tenant from the
public platform MySQL to the private deployment. Exports t_tenant,
t_app, t_feature_service with explicit column names to survive
schema-order differences; supports --dry-run, --reset-password,
managed/external destination MySQL, and restarts tenant-service
after applying.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- docker-compose.yml: add SPRING_DATASOURCE_* and SPRING_DATA_REDIS_*
environment vars for tenant-service and file-service; these override
hardcoded production URLs in application.yml at startup.
docs-site depends_on marked required:false so nginx starts even when
docs-site image is unavailable.
- config/nginx/conf.d/xuqm.conf: add routing for /api/ and /actuator/
to tenant-service:9001, /file/ to file-service:8086, /ops to ops-web;
add client_max_body_size 100m and proxy headers.
Discovered and verified during P5-01 WSL2 acceptance testing.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
