# 添加源
curl -1sLf 'https://dl.cloudsmith.io/public/isc/stork/setup.deb.sh' | bash

# 获取版本
apt-cache madison isc-stork-server
apt-cache madison isc-stork-agent

# 安装服务端、代理
apt install isc-stork-server isc-stork-agent

services:
  postgres:
    image: postgres:16-alpine
    container_name: postgres
    restart: unless-stopped
    mem_limit: "512m"
    cpus: "0.5"
    environment:
      TZ: "Asia/Shanghai"
      POSTGRES_HOST_AUTH_METHOD: "trust"
      POSTGRES_PASSWORD: "postgres"
    ports:
      - "5432:5432"
    networks:
      - service
    healthcheck:
      test: ['CMD', 'pg_isready', '-U', 'postgres']
    volumes:
      - type: tmpfs
        target: /dev/shm
        tmpfs:
          # 128*2^20 bytes = 128Mb
          size: 134217728
      - /usr/local/src/postgres/data:/var/lib/postgresql/data
networks:
  service:
    external: true

postgres=# CREATE USER stork WITH PASSWORD 'stork';
CREATE ROLE
postgres=# CREATE DATABASE stork;
CREATE DATABASE
postgres=# GRANT ALL PRIVILEGES ON DATABASE stork TO stork;
GRANT
postgres=# \c stork
You are now connected to database "stork" as user "postgres".
stork=# GRANT ALL PRIVILEGES ON SCHEMA public TO stork;
GRANT
stork=# create extension pgcrypto;
CREATE EXTENSION

### database settings
### the address of a PostgreSQL database
STORK_DATABASE_HOST=127.0.0.1
### the port of a PostgreSQL database
STORK_DATABASE_PORT=5432
### the name of a database
STORK_DATABASE_NAME=stork
### the username for connecting to the database
STORK_DATABASE_USER_NAME=stork
### the SSL mode for connecting to the database
### possible values: disable, require, verify-ca, or verify-full
# STORK_DATABASE_SSLMODE=
### the location of the SSL certificate used by the server to connect to the database
# STORK_DATABASE_SSLCERT=
### the location of the SSL key used by the server to connect to the database
# STORK_DATABASE_SSLKEY=
### the location of the root certificate file used to verify the database server's certificate
# STORK_DATABASE_SSLROOTCERT=
### the password for the username connecting to the database
### empty password is set to avoid prompting a user for database password
STORK_DATABASE_PASSWORD=stork

systemctl enable isc-stork-server.service
systemctl start isc-stork-server.service
systemctl status isc-stork-server.service

# 添加源
curl -1sLf 'https://dl.cloudsmith.io/public/isc/stork/setup.deb.sh' | bash

# 获取版本
apt-cache madison isc-stork-agent

# 安装服务端、代理
apt install isc-stork-agent

root@debian:/etc/stork# stork-agent register
Enter the URL of the Stork server: http://10.64.35.31:8080
Enter the Stork server access token (optional): 
Enter IP address or FQDN of the host with Stork agent (for the Stork server connection) [debian]: 10.64.35.31
Enter port number that Stork Agent will listen on [8080]: 8085
INFO[2025-12-19 09:47:56]         register.go:95    Forced agent certificates regeneration.
INFO[2025-12-19 09:47:56]         register.go:398   =============================================================================
INFO[2025-12-19 09:47:56]         register.go:399   AGENT TOKEN: BBE994F89DBC15FF521492408A1C9182D0C4C7DE95EEC5FC4A6D70FA74B86C7E
INFO[2025-12-19 09:47:56]         register.go:400   =============================================================================
INFO[2025-12-19 09:47:56]         register.go:405   Machine will be automatically registered using the server token
INFO[2025-12-19 09:47:56]         register.go:406   Agent token is printed above for informational purposes only
INFO[2025-12-19 09:47:56]         register.go:407   User does not need to copy or verify the agent token during registration via the server token
INFO[2025-12-19 09:47:56]         register.go:408   It will be sent to the server but it is not directly used in this type of machine registration
INFO[2025-12-19 09:47:56]         register.go:416   Try to register agent in Stork Server
INFO[2025-12-19 09:47:56]         register.go:273   Machine registered
INFO[2025-12-19 09:47:56]         register.go:294   Stored agent-signed cert and CA cert
INFO[2025-12-19 09:47:56]            agent.go:109   Loaded server cert
INFO[2025-12-19 09:47:56]            agent.go:92    Loaded CA cert
INFO[2025-12-19 09:47:56]            agent.go:109   Loaded server cert
INFO[2025-12-19 09:47:56]            agent.go:92    Loaded CA cert
INFO[2025-12-19 09:47:56]         register.go:353   Machine ping over TLS: OK
INFO[2025-12-19 09:47:56]             main.go:314   Registration completed successfully

### the IP or hostname to listen on for incoming Stork server connections
STORK_AGENT_HOST=10.64.35.31

### the TCP port to listen on for incoming Stork server connections
STORK_AGENT_PORT=8085

### listen for commands from the Stork server only, but not for Prometheus requests
# STORK_AGENT_LISTEN_STORK_ONLY=true

### listen for Prometheus requests only, but not for commands from the Stork server
# STORK_AGENT_LISTEN_PROMETHEUS_ONLY=true

### settings for exporting stats to Prometheus
### the IP or hostname on which the agent exports Kea statistics to Prometheus
# STORK_AGENT_PROMETHEUS_KEA_EXPORTER_ADDRESS=
### the port on which the agent exports Kea statistics to Prometheus
# STORK_AGENT_PROMETHEUS_KEA_EXPORTER_PORT=
## enable or disable collecting per-subnet stats from Kea
# STORK_AGENT_PROMETHEUS_KEA_EXPORTER_PER_SUBNET_STATS=true
### the IP or hostname on which the agent exports BIND 9 statistics to Prometheus
# STORK_AGENT_PROMETHEUS_BIND9_EXPORTER_ADDRESS=
### the port on which the agent exports BIND 9 statistics to Prometheus
# STORK_AGENT_PROMETHEUS_BIND9_EXPORTER_PORT=

### Stork Server URL used by the agent to send REST commands to the server during agent registration
STORK_AGENT_SERVER_URL=http://10.64.35.31:8080

### skip TLS certificate verification when the Stork Agent connects
### to Kea over TLS and Kea uses self-signed certificates
# STORK_AGENT_SKIP_TLS_CERT_VERIFICATION=true

systemctl enable isc-stork-agent.service
systemctl start isc-stork-agent.service
systemctl status isc-stork-agent.service

# 查看日志
journalctl -u isc-stork-agent.service -f

usermod -aG _kea stork-agent
chmod 644 /etc/kea/kea-ctrl-agent.conf