deploy(M00-E): 补充EMQX检查模板

scripts/setup/README.md

@@ -11,6 +11,7 @@
 | `deploy-business.sh` | 克隆/更新仓库并生成 dry-run release manifest。 |
 | `domain-https.sh` | 检查固定 API 域名、Nginx 模板、站点启用状态、TLS 和健康端点。 |
 | `certbot.sh` | 检查 Certbot、证书文件、续期配置和 `certbot.timer`，输出人工签发/续期命令。 |
+| `emqx.sh` | 检查 EMQX、mosquitto-clients、systemd、1883/18083 端口和 ACL/授权模板。 |
 | `backup.sh` | 生成 manifest-only 备份记录。 |
 | `restore.sh` | 输出人工恢复要求，不自动改动生产数据。 |
 | `rollback.sh` | 列出 release 回滚点。 |

scripts/setup/emqx.sh

@@ -0,0 +1,57 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+# shellcheck source=lib.sh
+. "${SCRIPT_DIR}/lib.sh"
+
+qipai_emqx_status() {
+  local acl_template authz_template
+  acl_template="${SCRIPT_DIR}/../../deploy/emqx/acl.conf.template"
+  authz_template="${SCRIPT_DIR}/../../deploy/emqx/authorization.hocon.template"
+
+  qipai_info "EMQX target: native Ubuntu Apt package, no Docker"
+  qipai_info "MQTT broker host: 101.42.38.246"
+  qipai_info "MQTT protocol: MQTT 3.1.1 compatible, QoS 1 baseline"
+  qipai_info "MQTTX on server: forbidden"
+  qipai_info "ACL template: ${acl_template}"
+  qipai_info "Authorization template: ${authz_template}"
+
+  if command -v emqx >/dev/null 2>&1; then
+    qipai_pass "emqx command exists: $(command -v emqx)"
+    emqx version 2>/dev/null || true
+  else
+    qipai_warn "emqx command not found"
+  fi
+
+  if command -v mosquitto_pub >/dev/null 2>&1; then
+    qipai_pass "mosquitto-clients available"
+  else
+    qipai_warn "mosquitto-clients not installed"
+  fi
+
+  if command -v systemctl >/dev/null 2>&1; then
+    systemctl is-enabled --quiet emqx 2>/dev/null && qipai_pass "emqx service enabled" || qipai_warn "emqx service not enabled or missing"
+    systemctl is-active --quiet emqx 2>/dev/null && qipai_pass "emqx service active" || qipai_warn "emqx service inactive or missing"
+  else
+    qipai_warn "systemctl not available; service check skipped"
+  fi
+
+  for port in 1883 18083; do
+    if command -v ss >/dev/null 2>&1; then
+      ss -ltn "( sport = :${port} )" | grep -q ":${port}" && qipai_pass "port ${port} is listening" || qipai_warn "port ${port} is not listening"
+    else
+      qipai_warn "ss not available; port ${port} check skipped"
+    fi
+  done
+
+  [ -f "$acl_template" ] && qipai_pass "ACL template exists" || qipai_warn "ACL template not found"
+  [ -f "$authz_template" ] && qipai_pass "authorization template exists" || qipai_warn "authorization template not found"
+
+  qipai_info "manual install summary:"
+  qipai_info "see deploy/emqx/install-ubuntu24-amd64.md"
+}
+
+if [ "${1:-}" = "--run" ]; then
+  qipai_emqx_status
+fi

scripts/setup/lib.sh

@@ -1,7 +1,7 @@
 #!/usr/bin/env bash
 set -euo pipefail
 
-QIPAI_DEPLOY_VERSION="${QIPAI_DEPLOY_VERSION:-0.1.2-m00-certbot-check}"
+QIPAI_DEPLOY_VERSION="${QIPAI_DEPLOY_VERSION:-0.1.3-m00-emqx-check}"
 APP_ROOT="${APP_ROOT:-/opt/apps}"
 QIPAI_REPO_URL="${QIPAI_REPO_URL:-ssh://git@127.0.0.1:2222/panda/qipai.git}"
 QIPAI_PUBLIC_REPO_URL="${QIPAI_PUBLIC_REPO_URL:-ssh://git@git.txyundm.cn:2222/panda/qipai.git}"