diff --git a/setup/setup_centos.sh b/setup/setup_centos.sh index e7e6af67..326ba7ca 100644 --- a/setup/setup_centos.sh +++ b/setup/setup_centos.sh @@ -53,10 +53,15 @@ if [[ "$TEST_MODE" == "--test" ]]; then check "Redis" redis-cli ping check "Tomcat 9 서비스" systemctl is-active tomcat9 check "Tomcat HTTP" bash -c 'curl -sf http://localhost:8080/ -o /dev/null' + check "Ollama 서비스" systemctl is-active ollama + check "Ollama API" bash -c 'curl -sf http://localhost:11434/api/version -o /dev/null' + check "Ollama 모델 존재" bash -c 'ollama list 2>/dev/null | grep -v NAME | grep -q .' check "GUARDiA 서비스" systemctl is-active guardia-itsm check "GUARDiA HTTP" bash -c 'curl -sf http://localhost:8001/ -o /dev/null' check "GUARDiA 로그인 API" bash -c 'curl -sf -X POST http://localhost:8001/api/auth/login \ -H "Content-Type: application/json" -d "{\"username\":\"admin\",\"password\":\"1111\"}" -o /dev/null' + check "Fail2ban" systemctl is-active fail2ban + check "Chrony NTP" chronyc tracking check "Nginx" nginx -t check "Python UTF-8" bash -c 'PYTHONIOENCODING=utf-8 python3.11 -c "print(\"OK\")" > /dev/null' @@ -290,17 +295,109 @@ if systemctl is-active firewalld &>/dev/null; then fi ok "Nginx 완료" -# ── 10. 서비스 상태 확인 ───────────────────────────────────── +# ── 10. Ollama (온프레미스 sLLM) ────────────────────────────── echo "" -echo "[10/10] 서비스 상태 확인..." -for svc in tomcat9 guardia-itsm nginx postgresql redis; do +echo "[10/13] Ollama (온프레미스 sLLM 서버) 설치..." +OLLAMA_INSTALL="${OLLAMA_INSTALL:-online}" +OLLAMA_MODELS="${OLLAMA_MODELS:-llama3.1:8b}" + +if [[ "$OLLAMA_INSTALL" == "skip" ]]; then + warn "Ollama 설치 건너뜀 (OLLAMA_INSTALL=skip)" +else + if [[ "$OLLAMA_INSTALL" == "offline" ]]; then + BIN_PATH="${OLLAMA_BIN_PATH:-/tmp/ollama}" + [[ -f "$BIN_PATH" ]] || fail "오프라인: OLLAMA_BIN_PATH에 바이너리 필요" + cp "$BIN_PATH" /usr/local/bin/ollama && chmod +x /usr/local/bin/ollama + else + curl -fsSL https://ollama.com/install.sh | sh \ + || { warn "Ollama 설치 실패 — 수동 설치 필요"; OLLAMA_INSTALL=failed; } + fi + if [[ "$OLLAMA_INSTALL" != "failed" ]]; then + systemctl enable ollama 2>/dev/null || true + systemctl start ollama 2>/dev/null || true + sleep 3 + if [[ "$OLLAMA_INSTALL" == "online" ]]; then + for model in $OLLAMA_MODELS; do + ollama pull "$model" 2>&1 | tail -3 \ + || warn "모델 $model 다운로드 실패 — 나중에: ollama pull $model" + done + fi + ok "Ollama 설치 완료 (http://localhost:11434)" + fi +fi + +# ── 11. 보안·운영 도구 ─────────────────────────────────────── +echo "" +echo "[11/13] 보안·운영 도구 (Fail2ban / Chrony / JDK 다중 버전 / Logrotate)..." + +# Fail2ban +if [[ "$OS_VER" -ge 8 ]]; then + dnf install -y fail2ban 2>/dev/null || warn "fail2ban 설치 실패" +else + yum install -y fail2ban 2>/dev/null || warn "fail2ban 설치 실패" +fi +if command -v fail2ban-server &>/dev/null; then + cat > /etc/fail2ban/jail.local << 'F2BEOF' +[sshd] +enabled = true +maxretry = 5 +bantime = 3600 +findtime = 600 +F2BEOF + systemctl enable fail2ban; systemctl start fail2ban + ok "Fail2ban 설치 완료" +fi + +# Chrony NTP +if [[ "$OS_VER" -ge 8 ]]; then + dnf install -y chrony 2>/dev/null || true +else + yum install -y chrony 2>/dev/null || true +fi +systemctl enable chronyd 2>/dev/null || true +systemctl start chronyd 2>/dev/null || true +ok "Chrony NTP 설정 완료" + +# JDK 8/11 (레거시 WAS 지원) +if [[ "$OS_VER" -ge 8 ]]; then + dnf install -y java-11-openjdk 2>/dev/null || warn "JDK 11 설치 실패" + dnf install -y java-1.8.0-openjdk 2>/dev/null || warn "JDK 8 설치 실패" +else + yum install -y java-11-openjdk java-1.8.0-openjdk 2>/dev/null || true +fi +ok "JDK 다중 버전 설치 완료 (alternatives --config java 로 전환)" + +# Logrotate for Tomcat +cat > /etc/logrotate.d/tomcat9 << 'LREOF' +/app/tomcat/logs/catalina.out { + daily + rotate 14 + compress + delaycompress + missingok + notifempty +} +/app/tomcat/logs/*.log { + weekly + rotate 8 + compress + missingok +} +LREOF +ok "Logrotate 설정 완료 (catalina.out 14일 보관)" + +# ── 12. 서비스 상태 확인 ───────────────────────────────────── +echo "" +echo "[12/13] 서비스 상태 확인..." +for svc in tomcat9 ollama guardia-itsm nginx postgresql redis; do systemctl is-active "$svc" &>/dev/null && ok "$svc 실행 중" || warn "$svc 미실행" done echo "" echo "==================================================" -ok "GUARDiA ITSM 설치 완료 — CentOS" +ok "GUARDiA ITSM 설치 완료 — CentOS [13/13]" info "GUARDiA URL: http://$(hostname -I | awk '{print $1}')" info "Tomcat URL: http://$(hostname -I | awk '{print $1}'):8080 (내부 전용)" +info "Ollama URL: http://localhost:11434 (내부 전용)" info "검증: sudo bash $0 --test" echo "==================================================" diff --git a/setup/setup_rhel.sh b/setup/setup_rhel.sh index 87d6dce4..b58fbbc2 100644 --- a/setup/setup_rhel.sh +++ b/setup/setup_rhel.sh @@ -48,10 +48,15 @@ if [[ "$TEST_MODE" == "--test" ]]; then check "Redis" redis-cli ping check "Tomcat 9 서비스" systemctl is-active tomcat9 check "Tomcat HTTP" bash -c 'curl -sf http://localhost:8080/ -o /dev/null' + check "Ollama 서비스" systemctl is-active ollama + check "Ollama API" bash -c 'curl -sf http://localhost:11434/api/version -o /dev/null' + check "Ollama 모델 존재" bash -c 'ollama list 2>/dev/null | grep -v NAME | grep -q .' check "GUARDiA 서비스" systemctl is-active guardia-itsm check "GUARDiA HTTP" bash -c 'curl -sf http://localhost:8001/ -o /dev/null' check "GUARDiA 로그인 API" bash -c 'curl -sf -X POST http://localhost:8001/api/auth/login \ -H "Content-Type: application/json" -d "{\"username\":\"admin\",\"password\":\"1111\"}" -o /dev/null' + check "Fail2ban" systemctl is-active fail2ban + check "Chrony NTP" chronyc tracking check "Nginx" nginx -t check "SELinux httpd_can_network_connect" bash -c 'getsebool httpd_can_network_connect | grep -q on' check "Python UTF-8" bash -c 'PYTHONIOENCODING=utf-8 python3.11 -c "print(\"OK\")" > /dev/null' @@ -292,9 +297,83 @@ firewall-cmd --permanent --add-service=https 2>/dev/null || true firewall-cmd --reload 2>/dev/null || true ok "Nginx + SELinux 완료" +# ── 11. Ollama (온프레미스 sLLM) ───────────────────────────── +echo "" +echo "[11/13] Ollama (온프레미스 sLLM 서버) 설치..." +OLLAMA_INSTALL="${OLLAMA_INSTALL:-online}" +OLLAMA_MODELS="${OLLAMA_MODELS:-llama3.1:8b}" + +if [[ "$OLLAMA_INSTALL" == "skip" ]]; then + warn "Ollama 설치 건너뜀 (OLLAMA_INSTALL=skip)" +else + if [[ "$OLLAMA_INSTALL" == "offline" ]]; then + BIN_PATH="${OLLAMA_BIN_PATH:-/tmp/ollama}" + [[ -f "$BIN_PATH" ]] || fail "오프라인: OLLAMA_BIN_PATH에 바이너리 필요" + cp "$BIN_PATH" /usr/local/bin/ollama && chmod +x /usr/local/bin/ollama + else + curl -fsSL https://ollama.com/install.sh | sh \ + || { warn "Ollama 설치 실패 — 수동 설치 필요"; OLLAMA_INSTALL=failed; } + fi + if [[ "$OLLAMA_INSTALL" != "failed" ]]; then + # SELinux: Ollama 포트 허용 + semanage port -a -t http_port_t -p tcp 11434 2>/dev/null || true + systemctl enable ollama 2>/dev/null || true + systemctl start ollama 2>/dev/null || true + sleep 3 + if [[ "$OLLAMA_INSTALL" == "online" ]]; then + for model in $OLLAMA_MODELS; do + ollama pull "$model" 2>&1 | tail -3 \ + || warn "모델 $model 다운로드 실패 — 나중에: ollama pull $model" + done + fi + ok "Ollama 설치 완료 (http://localhost:11434)" + fi +fi + +# ── 12. 보안·운영 도구 ─────────────────────────────────────── +echo "" +echo "[12/13] 보안·운영 도구 (Fail2ban / Chrony / JDK 다중 버전 / Logrotate)..." + +dnf install -y fail2ban 2>/dev/null || warn "fail2ban 설치 실패" +if command -v fail2ban-server &>/dev/null; then + cat > /etc/fail2ban/jail.local << 'F2BEOF' +[sshd] +enabled = true +maxretry = 5 +bantime = 3600 +findtime = 600 +F2BEOF + systemctl enable fail2ban; systemctl start fail2ban + ok "Fail2ban 설치 완료" +fi + +dnf install -y chrony 2>/dev/null || true +systemctl enable chronyd; systemctl start chronyd +ok "Chrony NTP 설정 완료" + +dnf install -y java-11-openjdk java-1.8.0-openjdk 2>/dev/null || warn "JDK 8/11 설치 실패" +ok "JDK 다중 버전 설치 완료" + +cat > /etc/logrotate.d/tomcat9 << 'LREOF' +/app/tomcat/logs/catalina.out { + daily + rotate 14 + compress + delaycompress + missingok + notifempty +} +LREOF +ok "Logrotate 설정 완료" + +# 서비스 상태 +for svc in tomcat9 ollama guardia-itsm nginx postgresql redis fail2ban chronyd; do + systemctl is-active "$svc" &>/dev/null && ok "$svc 실행 중" || warn "$svc 미실행" +done + echo "" echo "==================================================" -ok "GUARDiA ITSM 설치 완료 — RHEL ${RHEL_VER}" +ok "GUARDiA ITSM 설치 완료 — RHEL ${RHEL_VER} [13/13]" echo "" info "접속 URL: http://$(hostname -I | awk '{print $1}')" info "설치 로그: $LOG_FILE" diff --git a/setup/setup_target_server.sh b/setup/setup_target_server.sh index 43faaf83..8ab7c5e8 100644 --- a/setup/setup_target_server.sh +++ b/setup/setup_target_server.sh @@ -233,6 +233,7 @@ CONNEOF chmod 600 /etc/guardia/connection_info.txt ok "GUARDiA 연결 정보 저장: /etc/guardia/connection_info.txt" +info "(참고: 대상 서버에는 Ollama 불필요 — GUARDiA 서버에서만 설치합니다)" echo "" echo "==================================================" diff --git a/setup/setup_ubuntu.sh b/setup/setup_ubuntu.sh index 08e4b1db..c9adfd51 100644 --- a/setup/setup_ubuntu.sh +++ b/setup/setup_ubuntu.sh @@ -51,10 +51,15 @@ if [[ "$TEST_MODE" == "--test" ]]; then check "Redis" redis-cli ping check "Tomcat 9 서비스" systemctl is-active tomcat9 check "Tomcat HTTP" bash -c 'curl -sf http://localhost:8080/ -o /dev/null' + check "Ollama 서비스" systemctl is-active ollama + check "Ollama API" bash -c 'curl -sf http://localhost:11434/api/version -o /dev/null' + check "Ollama 모델 존재" bash -c 'ollama list 2>/dev/null | grep -v NAME | grep -q .' check "GUARDiA 서비스" systemctl is-active guardia-itsm check "GUARDiA HTTP" bash -c 'curl -sf http://localhost:8001/ -o /dev/null' check "GUARDiA 로그인 API" bash -c 'curl -sf -X POST http://localhost:8001/api/auth/login \ -H "Content-Type: application/json" -d "{\"username\":\"admin\",\"password\":\"1111\"}" -o /dev/null' + check "Fail2ban 실행" systemctl is-active fail2ban + check "Chrony NTP" chronyc tracking check "Nginx 설정" nginx -t check "Python UTF-8 인코딩" bash -c 'PYTHONIOENCODING=utf-8 python3.11 -c "print(\"OK\")" > /dev/null' @@ -293,41 +298,139 @@ ok "Nginx 설정 완료" # ── 9. 방화벽 ──────────────────────────────────────────── echo "" -echo "[9/10] 방화벽 설정..." +echo "[9/13] Ollama (온프레미스 sLLM 서버) 설치..." +# Ollama: GUARDiA AI 기능의 핵심 — 없으면 챗봇/RCA/티켓분류 모두 비작동 +OLLAMA_INSTALL="${OLLAMA_INSTALL:-online}" # online | offline | skip +OLLAMA_MODELS="${OLLAMA_MODELS:-llama3.1:8b}" + +if [[ "$OLLAMA_INSTALL" == "skip" ]]; then + warn "Ollama 설치 건너뜀 (OLLAMA_INSTALL=skip) — 나중에 수동 설치 필요" +else + if [[ "$OLLAMA_INSTALL" == "offline" ]]; then + # 오프라인: OLLAMA_BIN_PATH 에서 바이너리 복사 + BIN_PATH="${OLLAMA_BIN_PATH:-/tmp/ollama}" + [[ -f "$BIN_PATH" ]] || fail "오프라인 설치: OLLAMA_BIN_PATH에 바이너리를 놓으세요." + cp "$BIN_PATH" /usr/local/bin/ollama && chmod +x /usr/local/bin/ollama + ok "Ollama 오프라인 바이너리 설치 완료" + else + # 온라인: 공식 설치 스크립트 + curl -fsSL https://ollama.com/install.sh | sh \ + || { warn "Ollama 온라인 설치 실패 — 나중에 수동으로 설치하세요"; OLLAMA_INSTALL=failed; } + fi + + if [[ "$OLLAMA_INSTALL" != "failed" ]]; then + # systemd 서비스 활성화 (설치 시 자동 생성됨) + systemctl enable ollama 2>/dev/null || true + systemctl start ollama 2>/dev/null || true + sleep 3 + + # 모델 다운로드 (온라인 환경만 — 오프라인은 수동으로 ollama pull) + if [[ "$OLLAMA_INSTALL" == "online" ]]; then + for model in $OLLAMA_MODELS; do + info "모델 다운로드: $model (시간이 걸릴 수 있습니다...)" + ollama pull "$model" 2>&1 | tail -3 || warn "모델 $model 다운로드 실패 — 나중에 수동 실행: ollama pull $model" + done + fi + ok "Ollama 설치 완료 (http://localhost:11434)" + fi +fi + +# ── 10. 보안·운영 도구 설치 ────────────────────────────── +echo "" +echo "[10/13] 보안·운영 도구 (Fail2ban / NTP / JDK 다중 버전 / Logrotate)..." + +# Fail2ban — SSH 무차별 대입 방지 +apt-get install -y -qq fail2ban +cat > /etc/fail2ban/jail.local << 'F2BEOF' +[sshd] +enabled = true +maxretry = 5 +bantime = 3600 +findtime = 600 +F2BEOF +systemctl enable fail2ban +systemctl start fail2ban +ok "Fail2ban 설치 완료 (SSH 5회 실패 시 1시간 차단)" + +# NTP/Chrony — 감사 로그 타임스탬프 정합성 +apt-get install -y -qq chrony +systemctl enable chrony +systemctl start chrony +chronyc makestep 2>/dev/null || true +ok "Chrony NTP 설정 완료" + +# JDK 8 추가 설치 — 레거시 WAS(Tomcat 7/8) 지원용 +apt-get install -y -qq openjdk-8-jdk 2>/dev/null || warn "JDK 8 설치 실패 (저장소 없음 — 무시)" +apt-get install -y -qq openjdk-11-jdk 2>/dev/null || warn "JDK 11 설치 실패 (저장소 없음 — 무시)" +ok "JDK 다중 버전 설치 완료 (java -version 으로 JDK 17 기본 확인, alternatives --config java 로 전환)" + +# Logrotate — Tomcat catalina.out 무제한 증가 방지 +cat > /etc/logrotate.d/tomcat9 << 'LREOF' +/app/tomcat/logs/catalina.out { + daily + rotate 14 + compress + delaycompress + missingok + notifempty + sharedscripts + postrotate + /bin/kill -HUP $(cat /app/tomcat/temp/tomcat.pid 2>/dev/null) 2>/dev/null || true + endscript +} +/app/tomcat/logs/*.log { + weekly + rotate 8 + compress + missingok + notifempty +} +LREOF +ok "Logrotate 설정 완료 (catalina.out 14일 보관)" + +# ── 11. 방화벽 설정 ────────────────────────────────────── +echo "" +echo "[11/13] 방화벽 설정..." if command -v ufw &>/dev/null; then ufw allow 22/tcp 2>/dev/null || true ufw allow 80/tcp 2>/dev/null || true ufw allow 443/tcp 2>/dev/null || true - # 8080(Tomcat) 외부 직접 노출은 기본 차단 (Nginx 통해서만) + # 8080(Tomcat), 11434(Ollama) 외부 직접 노출 차단 ufw --force enable 2>/dev/null || true - ok "UFW 방화벽 설정 완료 (22/80/443 허용, 8080 내부 전용)" + ok "UFW 방화벽 설정 완료 (22/80/443 허용, 8080/11434 내부 전용)" fi -# ── 10. 최종 상태 확인 ─────────────────────────────────── +# ── 12. 최종 상태 확인 ─────────────────────────────────── echo "" -echo "[10/10] 서비스 상태 확인..." -for svc in tomcat9 guardia-itsm nginx postgresql redis-server; do +echo "[12/13] 서비스 상태 확인..." +for svc in tomcat9 ollama guardia-itsm nginx postgresql redis-server fail2ban chrony; do if systemctl is-active "$svc" &>/dev/null; then ok "$svc 실행 중" else - warn "$svc 미실행 — 수동 확인 필요: systemctl status $svc" + warn "$svc 미실행 — 수동 확인: systemctl status $svc" fi done +# Ollama 모델 목록 출력 +if command -v ollama &>/dev/null && systemctl is-active ollama &>/dev/null; then + info "Ollama 모델 목록: $(ollama list 2>/dev/null | tail -n +2 | awk '{print $1}' | tr '\n' ' ')" +fi + echo "" echo "==================================================" -ok "GUARDiA ITSM 설치 완료!" +ok "GUARDiA ITSM 설치 완료! [13/13 단계]" echo "" info "GUARDiA URL: http://$(hostname -I | awk '{print $1}')" info "Tomcat URL: http://$(hostname -I | awk '{print $1}'):8080 (내부 전용)" +info "Ollama URL: http://localhost:11434 (내부 전용)" info "설치 로그: $LOG_FILE" -info "서비스 상태: systemctl status guardia-itsm tomcat9" echo "" warn "보안 필수 조치:" warn " 1. $ENV_FILE 의 SECRET_KEY 변경" warn " 2. PostgreSQL 비밀번호 변경" -warn " 3. Tomcat opsagent 비밀번호 변경 (${TOMCAT_CONF}/tomcat-users.xml)" +warn " 3. Tomcat opsagent 비밀번호 변경" warn " 4. HTTPS(Let's Encrypt) 설정 권장" echo "" -info "설치 검증: sudo bash $0 --test" +info "Ollama 모델 추가: ollama pull codellama:7b" +info "설치 검증: sudo bash $0 --test" echo "==================================================" diff --git a/setup/setup_windows.ps1 b/setup/setup_windows.ps1 index bb9a166f..4b20a6d0 100644 --- a/setup/setup_windows.ps1 +++ b/setup/setup_windows.ps1 @@ -68,6 +68,14 @@ if ($Test) { $out = & python -c "print('OK')" 2>&1 if ("$out" -notmatch "OK") { throw "인코딩 오류: $out" } } + Check-Item "Ollama 실행" { + $r = Invoke-WebRequest "http://localhost:11434/api/version" -UseBasicParsing -TimeoutSec 5 + if ($r.StatusCode -ne 200) { throw "Ollama 응답 없음" } + } + Check-Item "Ollama 모델 존재" { + $out = ollama list 2>&1 + if ($out -notmatch "\S") { throw "모델 없음" } + } Check-Item "Nginx 설정" { nginx -t 2>&1 } Write-Host "" @@ -318,23 +326,80 @@ server { } "@ | Out-File -FilePath $nginxConf -Encoding utf8 +# ── Ollama (온프레미스 sLLM) ────────────────────────────────── +Write-Host "" +Write-Host "[9/10] Ollama (온프레미스 sLLM 서버) 설치..." + +$OllamaInstall = if ($env:OLLAMA_INSTALL) { $env:OLLAMA_INSTALL } else { "online" } +$OllamaModels = if ($env:OLLAMA_MODELS) { $env:OLLAMA_MODELS } else { "llama3.1:8b" } + +if ($OllamaInstall -eq "skip") { + Write-Warn "Ollama 설치 건너뜀 (OLLAMA_INSTALL=skip) — 수동 설치 필요" +} else { + $ollamaExe = "$env:LocalAppData\Programs\Ollama\ollama.exe" + if ($OllamaInstall -eq "offline") { + $binPath = if ($env:OLLAMA_BIN_PATH) { $env:OLLAMA_BIN_PATH } else { "$env:TEMP\ollama-setup.exe" } + if (Test-Path $binPath) { + & $binPath /S 2>$null + } else { Write-Warn "오프라인: OLLAMA_BIN_PATH에 설치파일 필요" } + } else { + try { + choco install ollama -y --no-progress 2>&1 | Out-Null + if (-not (Get-Command ollama -ErrorAction SilentlyContinue)) { + # Chocolatey 실패 시 공식 설치파일 다운로드 + $ollamaSetup = "$env:TEMP\OllamaSetup.exe" + Invoke-WebRequest "https://ollama.com/download/OllamaSetup.exe" ` + -OutFile $ollamaSetup -UseBasicParsing -TimeoutSec 120 + & $ollamaSetup /S + Start-Sleep -Seconds 5 + } + Write-OK "Ollama 설치 완료" + } catch { + Write-Warn "Ollama 설치 실패: $_ — 수동 설치: https://ollama.com/download" + $OllamaInstall = "failed" + } + } + + if ($OllamaInstall -ne "failed") { + # NSSM 서비스로 등록 (또는 기본 설치된 서비스 사용) + $env:Path = [System.Environment]::GetEnvironmentVariable("Path","Machine") + ";" + + [System.Environment]::GetEnvironmentVariable("Path","User") + Start-Sleep -Seconds 3 + + # 모델 다운로드 (온라인 환경) + if ($OllamaInstall -eq "online" -and (Get-Command ollama -ErrorAction SilentlyContinue)) { + foreach ($model in $OllamaModels.Split(" ")) { + Write-Host " 모델 다운로드: $model (시간이 걸릴 수 있습니다...)" + ollama pull $model 2>&1 | Select-Object -Last 3 | ForEach-Object { Write-Host " $_" } + } + } + Write-OK "Ollama 준비 완료 (http://localhost:11434)" + } +} + # ── 방화벽 규칙 ────────────────────────────────────────────── New-NetFirewallRule -DisplayName "GUARDiA HTTP" -Direction Inbound -Protocol TCP -LocalPort 80 -Action Allow 2>$null New-NetFirewallRule -DisplayName "GUARDiA HTTPS" -Direction Inbound -Protocol TCP -LocalPort 443 -Action Allow 2>$null -Write-OK "방화벽 규칙 추가 완료" +# Ollama/Tomcat은 내부 전용 — 외부 노출 차단 +New-NetFirewallRule -DisplayName "Block Ollama External" -Direction Inbound -Protocol TCP -LocalPort 11434 -Action Block -RemoteAddress 0.0.0.0/0 2>$null +New-NetFirewallRule -DisplayName "Block Tomcat External" -Direction Inbound -Protocol TCP -LocalPort 8080 -Action Block -RemoteAddress 0.0.0.0/0 2>$null +Write-OK "방화벽 규칙 추가 완료 (80/443 허용, 8080/11434 내부 전용)" Write-Host "" Write-Host "==================================================" -Write-OK "GUARDiA ITSM 설치 완료 — Windows Server" +Write-OK "GUARDiA ITSM 설치 완료 — Windows Server [10/10]" Write-Host "" -Write-Info "접속 URL: http://$(Get-NetIPAddress -AddressFamily IPv4 -InterfaceAlias 'Ethernet*' | Select-Object -First 1 | ForEach-Object { $_.IPAddress })" -Write-Info "설치 로그: $LogFile" -Write-Info "서비스 상태: Get-Service guardia-itsm" -Write-Info "검증: .\setup_windows.ps1 -Test" +$serverIp = (Get-NetIPAddress -AddressFamily IPv4 | Where-Object { $_.InterfaceAlias -notlike "*Loopback*" } | Select-Object -First 1).IPAddress +Write-Info "GUARDiA URL: http://$serverIp" +Write-Info "Tomcat URL: http://${serverIp}:8080 (내부 전용)" +Write-Info "Ollama URL: http://localhost:11434 (내부 전용)" +Write-Info "설치 로그: $LogFile" +Write-Info "검증: .\setup_windows.ps1 -Test" Write-Host "" Write-Warn "보안 필수 조치:" Write-Warn " 1. $envFile 의 SECRET_KEY 변경" Write-Warn " 2. PostgreSQL postgres 계정 비밀번호 변경" +Write-Warn " 3. Tomcat opsagent 비밀번호 변경" Write-Host "==================================================" Stop-Transcript | Out-Null