树莓派 3B+ 部署 TR-069 ACS(自动配置服务器)GenieACS 实录

📅 发布时间:2026/7/5 0:01:17 👁️ 浏览次数:
树莓派 3B+ 部署 TR-069 ACS(自动配置服务器)GenieACS 实录
树莓派 3B 部署 TR-069 ACS自动配置服务器GenieACS 实录**手头有一个吃灰的树莓派 3B部署GenieACS作为测试服务器使用。适用场景低负载测试环境≤30 台 CPE。不适合生产环境数百台以上。硬件关键限制RAM 仅 1GBGenieACS MongoDB 4.4 Redis Node.js 总占用易超 800MB → 极易 OOM。CPU 单核性能一般满载易过热。microSD 卡磨损严重 →必须使用外接 USB SSD。MongoDB 5.0 需要 ARMv8.2-A 指令集Pi 3B 不支持 →唯一稳定方案Docker MongoDB 4.4.18。电源必须官方 5V/3A 适配器 散热片 风扇温度控制在 80°C。系统信息验证示例cat/etc/os-release# Debian GNU/Linux 12 (bookworm)uname-m# aarch641. 系统准备1.1下载并刷写镜像下载官方Raspberry Pi OS (64-bit) Bookworm Lite推荐 Lite 版节省资源https://www.raspberrypi.com/software/2025-11-24-raspios-bookworm-arm64-lite.img.xz使用 Raspberry Pi Imager 烧录选择 OS → Raspberry Pi OS (64-bit) → Lite 版。高级设置齿轮图标设置主机名如pi-acs。启用 SSH使用密码认证。设置用户名/密码默认 pi/raspberry建议修改。配置 WiFiSSID 密码。区域设置语言/时区zh_CN.UTF-8 / Asia/Shanghai。烧录完成后插入 SD 卡开机即可通过 WiFi SSH 访问ssh pipi-acs.local或 IP。写入因为使用的系统是win7故写入使用树莓派镜像烧录器V1.7.51.2 SSH连接因为烧录前已经配置了连接wifissh访问使能等。插入SD卡启动树莓派连接显示器即可看到WIFI的ip使用SSH连接。也可以使用ip扫描工具扫描获取。扫描IP:SSH连接1.3更新系统与基础工具sudoaptupdatesudoaptfull-upgrade -ysudoaptinstall-ycurlhtopiotoplogrotateufwnanovimgitdocker.iodocker-composesudousermod-aGdocker$USER# 需重新登录生效sudoreboot2. 配置交换空间强烈推荐 1GBsudoswapoff -asudorm-f /swapfilesudofallocate -l 1G /swapfilesudochmod600/swapfilesudomkswap/swapfilesudoswapon/swapfileecho/swapfile none swap sw 0 0|sudotee-a /etc/fstabsudoswapon--showfree-h#显示如下NAME TYPE SIZE USED PRIO /swapfilefile1024M 0B -2 total usedfreeshared buff/cache available Mem: 906Mi 167Mi 591Mi3.3Mi 200Mi 739Mi Swap:1.0Gi 0B1.0Gi3. 存储优化必须优先使用 USB SSD 作为根分区刷镜像时选择。启用 TRIMsudosystemctlenablefstrim.timer4. 安装 Node.js 18.x LTSGenieACS 推荐curl-fsSL https://deb.nodesource.com/setup_18.x|sudo-Ebash-sudoaptinstall-y nodejsnode-v# 应显示 v18.x v18.20.8npm-v# 应显示 ~10.x 10.8.25. 安装 MongoDBDocker 4.4.18唯一稳定方案确保你的系统已安装前面已经安装DockerDocker Compose检查安装docker--versiondocker-compose--version#输出如下Docker version20.10.24dfsg1, build 297e128docker-composeversion1.29.2, build unknown配置国内源# 配置国内 Docker 镜像加速强烈推荐加速拉取sudomkdir-p /etc/dockersudotee/etc/docker/daemon.jsonEOF { registry-mirrors: [ https://docker.m.daocloud.io, https://mirror.ccs.tencentyun.com, https://registry.docker-cn.com ] } EOF重启 Docker 服务必须操作否则 daemon.json 不生效sudosystemctl restartdocker检查镜像加速是否生效dockerinfo|grep-A10Registry Mirrors#输出WARNING: No memory limit support WARNING: No swap limit support Registry Mirrors: https://docker.m.daocloud.io/ https://mirror.ccs.tencentyun.com/ https://registry.docker-cn.com/ Live Restore Enabled:false推荐使用 docker-compose便于管理、健康检查、数据持久化创建docker-compose.yml# 创建 docker-compose.yml 文件catdocker-compose.ymlEOF version: 3.8 services: mongodb: image: mongo:4.4.18 container_name: mongodb restart: unless-stopped ports: - 27017:27017 volumes: - ./mongodb_data:/data/db command: mongod --wiredTigerCacheSizeGB 0.25 # 限制内存使用 healthcheck: test: [CMD, mongo, --eval, db.adminCommand({ping:1})] interval: 10s timeout: 5s retries: 5 EOF启动mkdir-p ~/mongodb_datadocker-composeup -ddockerps|grepmongodbdockerexec-it mongodb mongo --evaldb.adminCommand({ping:1})# 应返回 { ok : 1 }#返回信息connecting to: mongodb://127.0.0.1:27017/?compressorsdisabledgssapiServiceNamemongodb Implicit session: session{id:UUID(ea92330d-4093-4268-b4d0-ef82e80a8463)}MongoDB server version:4.4.18{ok:1}6. 安装并优化 Redis128MB 内存限制sudoaptinstall-y redis-serversudosystemctlenable--now redis-serversudocp/etc/redis/redis.conf /etc/redis/redis.conf.backupsudotee/etc/redis/redis.confEOF bind 127.0.0.1 port 6379 daemonize yes supervised systemd maxmemory 128mb maxmemory-policy allkeys-lru save appendonly no tcp-keepalive 60 timeout 0 maxclients 100 loglevel notice logfile /var/log/redis/redis.log EOFsudomkdir-p /var/log/redissudochownredis:redis /var/log/redissudosystemctl restart redis-server redis-cliping# 应返回 PONGredis-cli info memory|grepused_memory_human7. 安装 GenieACS固定版本 1.2.13避免最新版不稳定sudonpminstall-g genieacs1.2.13npmlist -g|grepgenieacswhichgenieacs-cwmp genieacs-fs genieacs-nbi genieacs-ui#输出/usr/bin/genieacs-cwmp /usr/bin/genieacs-fs /usr/bin/genieacs-nbi /usr/bin/genieacs-ui8. 创建专用用户与目录sudouseradd-r -s /bin/false genieacssudomkdir-p /opt/genieacs/{config,logs,uploads,backups}sudochown-R genieacs:genieacs /opt/genieacssudochmod750/opt/genieacs/configsudochmod755/opt/genieacs/{logs,uploads,backups}# 验证目录结构ls-la /opt/genieacs/#输出total24drwxr-xr-x6genieacs genieacs4096Jan2812:14.drwxr-xr-x4root root4096Jan2812:14..drwxr-xr-x2genieacs genieacs4096Jan2812:14 backups drwxr-x---2genieacs genieacs4096Jan2812:14 config drwxr-xr-x2genieacs genieacs4096Jan2812:14 logs drwxr-xr-x2genieacs genieacs4096Jan2812:14 uploads9. 环境变量文件/opt/genieacs/genieacs.envGENIEACS_UI_JWT_SECRET$(openssl rand -hex32)sudotee/opt/genieacs/genieacs.envEOF MONGODB_CONNECTION_URLmongodb://127.0.0.1:27017/genieacs REDIS_URLredis://127.0.0.1:6379/0 CWMP_PORT7547 FS_PORT7567 NBI_PORT7557 UI_PORT3000 GENIEACS_UI_JWT_SECRET$GENIEACS_UI_JWT_SECRETDEBUGgenieacs:* CWMP_WORKER_PROCESSES1 # 限制并发适合 Pi 3B EOFsudochowngenieacs:genieacs /opt/genieacs/genieacs.envsudochmod600/opt/genieacs/genieacs.env10. Systemd 服务文件10.1 genieacs-cwmp.service 核心 CWMP 服务sudo tee /etc/systemd/system/genieacs-cwmp.service EOF [Unit] DescriptionGenieACS CWMP Server Afternetwork.target docker.service redis-server.service Requiresdocker.service redis-server.service [Service] Typesimple Usergenieacs Groupgenieacs EnvironmentFile/opt/genieacs/genieacs.env WorkingDirectory/opt/genieacs ExecStart/usr/bin/genieacs-cwmp Restarton-failure RestartSec10 MemoryMax300M MemorySwapMax500M CPUQuota80% [Install] WantedBymulti-user.target EOF10.2 genieacs-fs.service 文件服务sudotee/etc/systemd/system/genieacs-fs.serviceEOF [Unit] DescriptionGenieACS FS Server Afternetwork.target docker.service redis-server.service Requiresdocker.service redis-server.service [Service] Typesimple Usergenieacs Groupgenieacs EnvironmentFile/opt/genieacs/genieacs.env WorkingDirectory/opt/genieacs ExecStart/usr/bin/genieacs-fs Restarton-failure RestartSec10 MemoryMax250M MemorySwapMax400M CPUQuota60% [Install] WantedBymulti-user.target EOF10.3 genieacs-nbi.service 北向接口服务sudotee/etc/systemd/system/genieacs-nbi.serviceEOF [Unit] DescriptionGenieACS NBI Server Afternetwork.target docker.service redis-server.service Requiresdocker.service redis-server.service [Service] Typesimple Usergenieacs Groupgenieacs EnvironmentFile/opt/genieacs/genieacs.env WorkingDirectory/opt/genieacs ExecStart/usr/bin/genieacs-nbi Restarton-failure RestartSec10 MemoryMax300M MemorySwapMax500M CPUQuota70% [Install] WantedBymulti-user.target EOF10.4 genieacs-ui.service Web UI 服务sudotee/etc/systemd/system/genieacs-ui.serviceEOF [Unit] DescriptionGenieACS UI Server Afternetwork.target docker.service redis-server.service Requiresdocker.service redis-server.service [Service] Typesimple Usergenieacs Groupgenieacs EnvironmentFile/opt/genieacs/genieacs.env WorkingDirectory/opt/genieacs ExecStart/usr/bin/genieacs-ui Restarton-failure RestartSec10 MemoryMax200M MemorySwapMax300M CPUQuota50% [Install] WantedBymulti-user.target EOF10.5 加载并启动所有服务推荐顺序加载并启动# 重新加载 systemdsudosystemctl daemon-reload# 启用开机自启sudosystemctlenablegenieacs-cwmp.service genieacs-fs.service genieacs-nbi.service genieacs-ui.service# 启动服务sudosystemctl start genieacs-cwmp.service genieacs-fs.service genieacs-nbi.service genieacs-ui.service10.6 检查状态推荐执行sudosystemctl status genieacs-cwmp genieacs-fs genieacs-nbi genieacs-ui#或者一次性查看sudosystemctl status genieacs-*.service11. 防火墙与安全sudoufw allow7547/tcp# CWMPsudoufw allow7567/tcp# FSsudoufw allow7557/tcp# NBIsudoufw allow3000/tcp# UI生产环境建议关闭或加 HTTPSsudoufw allow22/tcp# SSHsudoufwenable安全建议立即修改 UI 默认密码admin/admin。生产环境启用 HTTPSNginx 反向代理 Let’s Encrypt。限制 JWT 密钥有效期定期轮换。监控安装vnstat、prometheus-node-exporter或使用htopvcgencmd measure_temp。12. 测试与监控UI 访问http://Pi-IP:3000初始化向导全部勾选 → ABRACADABRA!初始化向导说明这个向导会帮您设置初始配置各个选项的含义Users, roles and permissions- 创建默认用户、角色和权限Presets and provisions- 创建设备预设和配置模板Devices predefined search filters- 创建设备搜索过滤器Device details page- 创建设备详情页视图Devices listing page- 创建设备列表页视图Overview page- 创建仪表盘概览页完整配置全部勾选点击“ABRACADABRA!”使用默认admin/admin登录CPE Connection Request URLhttp://Pi-IP:7547/监控命令htopdockerstats mongodbsudojournalctl -u genieacs-* -fwatch-n5vcgencmd measure_temp# 监控温度free-hdockerexecmongodb mongo --evaldb.stats()性能提示内存紧张时可临时停止 UI 服务sudo systemctl stop genieacs-ui。定期重启sudo reboot避免内存泄漏。监控日志/opt/genieacs/logs、/var/log/redis、/var/log/syslog。已验证该方案在 Pi 3B 上低负载稳定运行。如遇问题请提供具体错误日志journalctl / docker logs。额外推荐使用 Docker Compose 统一管理服务GenieACS 也可容器化。添加温度报警脚本超过 80°C 发送通知。