1. 环境准备与基础组件安装在开始部署GenieACS之前我们需要先准备好基础环境。我推荐使用Ubuntu 20.04 LTS或CentOS 8作为操作系统这两个版本都有长期支持稳定性较好。实际操作中我发现Ubuntu的包管理更友好而CentOS的稳定性更强大家可以根据自己的熟悉程度选择。首先更新系统软件包是个好习惯# Ubuntu sudo apt update sudo apt upgrade -y # CentOS sudo yum update -yNode.js是GenieACS的核心依赖这里有个小技巧不要直接安装系统仓库中的Node.js版本因为GenieACS对Node.js版本有特定要求。我建议安装Node.js 14.x或16.x版本这两个版本在实际使用中表现最稳定。安装Node.js的推荐方法# 使用NodeSource仓库安装 curl -fsSL https://deb.nodesource.com/setup_16.x | sudo -E bash - sudo apt-get install -y nodejs安装完成后验证一下版本node -v npm -vMongoDB是另一个关键组件这里有个坑需要注意GenieACS官方推荐使用MongoDB 4.4版本但最新版6.0可能会有兼容性问题。我实测发现MongoDB 5.0是最佳选择。MongoDB安装步骤# Ubuntu wget -qO - https://www.mongodb.org/static/pgp/server-5.0.asc | sudo apt-key add - echo deb [ archamd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/5.0 multiverse | sudo tee /etc/apt/sources.list.d/mongodb-org-5.0.list sudo apt update sudo apt install -y mongodb-org # CentOS cat EOF | sudo tee /etc/yum.repos.d/mongodb-org-5.0.repo [mongodb-org-5.0] nameMongoDB Repository baseurlhttps://repo.mongodb.org/yum/redhat/\$releasever/mongodb-org/5.0/x86_64/ gpgcheck1 enabled1 gpgkeyhttps://www.mongodb.org/static/pgp/server-5.0.asc EOF sudo yum install -y mongodb-org启动MongoDB并设置开机自启sudo systemctl start mongod sudo systemctl enable mongod sudo systemctl status mongod2. GenieACS核心服务安装与配置安装完基础组件后我们就可以开始安装GenieACS了。这里有个经验之谈建议使用npm全局安装特定版本而不是最新版。我测试过1.2.x系列版本最稳定。安装命令sudo npm install -g genieacs1.2.9接下来需要创建专用用户和目录结构这是安全最佳实践sudo useradd --system --no-create-home --user-group genieacs sudo mkdir -p /opt/genieacs/ext sudo chown genieacs:genieacs /opt/genieacs/ext sudo mkdir /var/log/genieacs sudo chown genieacs:genieacs /var/log/genieacs环境配置文件是关键我建议创建/opt/genieacs/genieacs.env文件内容如下GENIEACS_CWMP_ACCESS_LOG_FILE/var/log/genieacs/genieacs-cwmp-access.log GENIEACS_NBI_ACCESS_LOG_FILE/var/log/genieacs/genieacs-nbi-access.log GENIEACS_FS_ACCESS_LOG_FILE/var/log/genieacs/genieacs-fs-access.log GENIEACS_UI_ACCESS_LOG_FILE/var/log/genieacs/genieacs-ui-access.log GENIEACS_DEBUG_FILE/var/log/genieacs/genieacs-debug.yaml NODE_OPTIONS--enable-source-maps GENIEACS_EXT_DIR/opt/genieacs/ext GENIEACS_UI_JWT_SECRETyour_secure_secret_here设置文件权限sudo chown genieacs:genieacs /opt/genieacs/genieacs.env sudo chmod 600 /opt/genieacs/genieacs.env3. 四大核心服务配置详解GenieACS由四个核心服务组成每个都需要单独配置。我在实际部署中发现很多人会忽略服务间的依赖关系这里特别说明一下启动顺序CWMP → FS → NBI → UI。3.1 CWMP服务配置CWMP服务是与CPE设备通信的核心默认监听7547端口。创建/etc/systemd/system/genieacs-cwmp.service文件[Unit] DescriptionGenieACS CWMP Afternetwork.target mongod.service Requiresmongod.service [Service] Usergenieacs EnvironmentFile/opt/genieacs/genieacs.env ExecStart$(which genieacs-cwmp) Restartalways RestartSec10 [Install] WantedBymulti-user.target3.2 NBI服务配置北向接口服务默认监听7557端口用于外部系统集成。创建/etc/systemd/system/genieacs-nbi.service文件[Unit] DescriptionGenieACS NBI Afternetwork.target mongod.service genieacs-cwmp.service Requiresmongod.service genieacs-cwmp.service [Service] Usergenieacs EnvironmentFile/opt/genieacs/genieacs.env ExecStart$(which genieacs-nbi) Restartalways RestartSec10 [Install] WantedBymulti-user.target3.3 FS服务配置文件服务用于固件分发等场景创建/etc/systemd/system/genieacs-fs.service文件[Unit] DescriptionGenieACS FS Afternetwork.target mongod.service genieacs-cwmp.service Requiresmongod.service genieacs-cwmp.service [Service] Usergenieacs EnvironmentFile/opt/genieacs/genieacs.env ExecStart$(which genieacs-fs) Restartalways RestartSec10 [Install] WantedBymulti-user.target3.4 UI服务配置Web界面服务监听3000端口创建/etc/systemd/system/genieacs-ui.service文件[Unit] DescriptionGenieACS UI Afternetwork.target mongod.service genieacs-cwmp.service genieacs-nbi.service Requiresmongod.service genieacs-cwmp.service genieacs-nbi.service [Service] Usergenieacs EnvironmentFile/opt/genieacs/genieacs.env ExecStart$(which genieacs-ui) Restartalways RestartSec10 [Install] WantedBymulti-user.target启动所有服务sudo systemctl daemon-reload sudo systemctl enable --now genieacs-cwmp sudo systemctl enable --now genieacs-nbi sudo systemctl enable --now genieacs-fs sudo systemctl enable --now genieacs-ui4. 防火墙与网络配置很多部署失败都是因为网络配置问题。我建议先关闭防火墙测试确认服务正常后再配置精细规则。Ubuntu关闭防火墙sudo ufw disableCentOS关闭防火墙sudo systemctl stop firewalld sudo systemctl disable firewalld如果必须开启防火墙需要放行以下端口7547 (CWMP)7557 (NBI)3000 (UI)27017 (MongoDB)配置示例# Ubuntu sudo ufw allow 7547/tcp sudo ufw allow 7557/tcp sudo ufw allow 3000/tcp sudo ufw enable # CentOS sudo firewall-cmd --permanent --add-port7547/tcp sudo firewall-cmd --permanent --add-port7557/tcp sudo firewall-cmd --permanent --add-port3000/tcp sudo firewall-cmd --reload5. 常见问题排查在部署过程中我遇到过几个典型问题这里分享解决方案问题1服务启动失败状态码203/EXEC这通常是因为Node.js路径问题。解决方法sudo ln -s $(which node) /usr/bin/node sudo ln -s $(which npm) /usr/bin/npm systemctl restart genieacs-*问题2MongoDB连接失败检查MongoDB是否运行sudo systemctl status mongod如果未运行查看日志journalctl -u mongod -n 50 --no-pager问题3Web界面无法访问首先检查服务是否运行sudo systemctl status genieacs-ui然后检查端口监听ss -tulnp | grep 3000如果没有监听检查日志journalctl -u genieacs-ui -n 50 --no-pager6. 进阶配置与优化基础部署完成后可以进行一些优化配置提升性能和安全性。日志轮转配置创建/etc/logrotate.d/genieacs文件/var/log/genieacs/*.log /var/log/genieacs/*.yaml { daily rotate 30 compress delaycompress missingok notifempty create 640 genieacs genieacs sharedscripts postrotate systemctl kill -s HUP genieacs-cwmp.service /dev/null 21 || true systemctl kill -s HUP genieacs-nbi.service /dev/null 21 || true systemctl kill -s HUP genieacs-fs.service /dev/null 21 || true systemctl kill -s HUP genieacs-ui.service /dev/null 21 || true endscript }性能调优修改genieacs.env添加以下参数NODE_OPTIONS--max-old-space-size2048 GENIEACS_CWMP_WORKERS4 GENIEACS_NBI_WORKERS4安全加固修改默认admin密码启用HTTPS配置IP访问限制定期备份MongoDB数据备份命令示例mongodump --archive --gzip --dbgenieacs | sudo tee /backup/genieacs-$(date %Y%m%d).gz /dev/null