A strategy-aware automatic expansion method of an application node
By automatically acquiring and generating the creation configuration, database permissions, and network policies for expansion nodes, the problem of cumbersome and time-consuming expansion processes in existing technologies is solved, achieving efficient, accurate, and secure automatic expansion of application nodes.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Applications(China)
- Current Assignee / Owner
- 重庆富民银行股份有限公司
- Filing Date
- 2026-03-30
- Publication Date
- 2026-06-19
AI Technical Summary
During the expansion of existing application nodes, virtual machine creation, database permission activation, and network policy configuration rely on manual step-by-step operations, which are cumbersome, time-consuming, and prone to errors, making it difficult to meet the business's need for rapid response.
By automatically acquiring existing node configuration information, generating configurations for creating expanded virtual machine nodes, and automatically generating database access authorization instructions and network policy scripts, the entire virtual machine creation process is automated, ensuring configuration consistency and accuracy.
It improves the efficiency and accuracy of application expansion, reduces manual intervention, achieves full-process automation and security, and avoids configuration errors caused by human oversight.
Smart Images

Figure CN122247862A_ABST
Abstract
Description
Technical Field
[0001] This specification relates to the field of computer processing technology, and in particular to a strategy-aware automatic scaling method for application nodes. Background Technology
[0002] As enterprises deepen their digital transformation, application systems in production environments are typically deployed in clusters with multiple virtual machine nodes. When business grows or resources become insufficient, it is necessary to expand the cluster, i.e., add new virtual machine nodes. Currently, adding a new virtual machine node involves a series of processes, including creating the virtual machine, system initialization, installing basic software, granting database permissions, configuring network policies, deploying the application, and joining the cluster. This involves multiple independent operation and maintenance platforms, including installation, database, network, and deployment, requiring multiple roles of operation and maintenance personnel to manually operate step by step, making the process cumbersome and time-consuming.
[0003] The existing expansion methods have the following drawbacks: First, configuration information is scattered and relies on manual sorting. Operation and maintenance personnel need to obtain information such as the IP address, hardware configuration, initialization script, and basic software list of existing nodes one by one, which is cumbersome and prone to errors. Second, database permission opening requires manual querying of the authorization information of existing nodes and manual generation of authorization instructions, which is a lengthy process and requires cross-departmental collaboration. Third, network policy configuration requires sorting out existing rules one by one and manually writing new rule scripts. The policy types are diverse, and manual operation is prone to omissions or configuration errors. Moreover, there is a lack of effective connection between the various links. The entire expansion process requires the intervention of multiple personnel, resulting in a long overall time consumption and making it difficult to meet the needs of rapid business response.
[0004] Therefore, there is an urgent need for a strategy-aware automatic scaling method for application nodes to reduce manual intervention and improve scaling efficiency and configuration accuracy. Summary of the Invention
[0005] In view of this, the present invention aims to propose a policy-aware automatic scaling method for application nodes to solve the problems of existing application cluster scaling processes, such as virtual machine creation, database permission opening, and network policy configuration, which rely on manual step-by-step operations, are cumbersome and time-consuming, and are prone to configuration errors due to human oversight, thereby achieving full automation and configuration consistency in the application node scaling process.
[0006] To achieve the above objectives, the present invention adopts the following technical solution: A policy-aware automatic scaling method for application nodes includes: S1. Obtain the configuration information of the existing virtual machine nodes of the target application; generate a creation configuration for expanding the virtual machine nodes based on the configuration information, and send the creation configuration to the installation system to complete the creation of the expanded virtual machine nodes; the creation configuration includes the IP address of the expanded virtual machine nodes; S2. Based on the IP address of the expanded virtual machine node, obtain the database access permission information of the existing virtual machine node of the target application; automatically generate a database access authorization instruction according to the database permission information, and send the database access authorization instruction to the database system for execution to enable the expanded virtual machine node to access the target database. S3. Obtain the network policy information of the existing virtual machine nodes of the target application; automatically generate a policy expansion script based on the network policy information and the IP address of the expanded virtual machine node, and send the policy expansion script to the network management system for execution to open the network communication permissions of the expanded virtual machine node. S4. Based on steps S1-S3, deploy and start the target application on the expanded virtual machine node to complete the node expansion.
[0007] The beneficial effects of this solution are as follows: In existing technologies, the application cluster expansion process relies on manual step-by-step operations for virtual machine creation, database permission granting, and network policy configuration. This process is cumbersome, time-consuming, and prone to configuration errors due to human oversight, thus hindering the efficiency and accuracy of application expansion. This solution automates the entire virtual machine creation process by automatically obtaining existing node configuration information to generate new node creation configurations, automatically granting database permissions based on the new node's IP address, and automatically generating and distributing network policy expansion scripts. This effectively improves the efficiency, accuracy, and security of application expansion.
[0008] Furthermore, in step S1, the configuration creation also includes information about the virtual local area network, resource pool, and availability zone to which the expanded virtual machine node belongs.
[0009] Beneficial effects: By adding virtual LAN, resource pool, and availability zone information in the configuration creation, it is ensured that the expanded virtual machine nodes are in the same network isolation domain and resource area as the existing nodes, avoiding application access abnormalities or performance issues caused by inconsistent network ownership or resource location.
[0010] Furthermore, step S1 also includes: The system receives a notification from the installation system indicating that the expansion virtual machine node has been successfully created; it sends a configuration collection request to the expansion virtual machine node to obtain the actual configuration information of the expansion virtual machine node; it compares the actual configuration information with the created configuration, and if the comparison is consistent, it confirms that the creation was successful; if they are inconsistent, it triggers a configuration repair process or a re-creation process.
[0011] Beneficial effects: By actively collecting the actual configuration of the expansion node and comparing it with the created configuration, the repair or re-creation process is triggered in a timely manner when the configuration drifts or the creation fails, which effectively ensures the accuracy and consistency of the expansion node configuration and ensures that all configurations meet expectations after the node is created.
[0012] Furthermore, step S2 also includes: Identify the type of the database system; based on the type of the database system, invoke the corresponding authorization instruction template; fill the IP address of the expanded virtual machine node and the database permission information into the authorization instruction template to generate a database access authorization instruction corresponding to the type of the database system.
[0013] Beneficial effects: By identifying the database system type and calling the corresponding authorization instruction template, authorization instructions adapted to different database syntaxes are automatically generated, solving the problem of incompatibility of authorization instruction formats in multi-type database environments and improving the versatility of the solution.
[0014] Furthermore, step S2 also includes: Obtain the database permission information of the existing virtual machine nodes of the target application; wherein, the database permission information of each existing virtual machine node includes the database identifier and table identifier that the node is authorized to access; Perform an intersection operation on the database permission information of the existing virtual machine nodes to obtain a common database identifier and a common table identifier; use the common database identifier and the common table identifier as the database permission information of the expanded virtual machine nodes.
[0015] Beneficial effects: By performing an intersection operation on the database permission information of existing nodes, a minimum common permission set is automatically generated as the authorization scope of new nodes, avoiding security risks or access anomalies caused by inconsistent permissions between nodes, and realizing automated security management of database permissions.
[0016] Furthermore, in step S3, the network policy information includes at least one of the following: firewall rules, security group rules, and access control lists.
[0017] Beneficial effects: By clearly defining the specific types of network policy information, the solution can be adapted to the policy formats of various network management and control systems, thereby improving the compatibility and coverage of automated network policy configuration.
[0018] Furthermore, step S3 also includes: Parse the firewall rules, security group rules, or access control lists, and extract the IP address field from them; Identify the IP address in the IP address field that belongs to the existing virtual machine node; replace the identified IP address of the existing virtual machine node with the IP address of the expanded virtual machine node; Generate a policy expansion script based on the firewall rules, security group rules, or access control lists after the IP address replacement.
[0019] Beneficial effects: By parsing existing network policies and automatically replacing the IP addresses to generate new policy scripts, the tedious operation of manually sorting out and writing rules one by one is avoided, which significantly improves the efficiency and accuracy of network policy configuration and effectively reduces the risk of network access failures caused by human error. Attached Figure Description
[0020] This specification will be further described by way of exemplary embodiments, which will be described in detail with reference to the accompanying drawings. These embodiments are not limiting; in these embodiments, the same reference numerals denote the same structures, wherein: Figure 1 This is an exemplary flowchart of a policy-aware automatic scaling method for application nodes; Figure 2 This is an exemplary technical architecture diagram of a policy-aware automatic scaling method for application nodes. Detailed Implementation
[0021] To more clearly illustrate the technical solutions of the embodiments in this specification, the accompanying drawings used in the description of the embodiments will be briefly introduced below. Obviously, the drawings described below are merely some examples or embodiments of this specification. For those skilled in the art, these drawings can be applied to other similar scenarios without creative effort. Unless obvious from the context or otherwise specified, the same reference numerals in the drawings represent the same structures or operations.
[0022] As indicated in this specification and claims, unless the context clearly indicates otherwise, the words "a," "an," "an," and / or "the" do not specifically refer to the singular and may also include the plural. Generally speaking, the terms "comprising" and "including" only indicate the inclusion of expressly identified steps and elements, which do not constitute an exclusive list, and the method or apparatus may also include other steps or elements.
[0023] Flowcharts are used in this specification to illustrate the operations performed by the system according to embodiments of this specification. It should be understood that the preceding or following operations are not necessarily performed in exact order. Instead, the steps can be processed in reverse order or simultaneously. Furthermore, other operations can be added to these processes, or one or more steps can be removed from them.
[0024] The following detailed explanation illustrates the specific implementation methods: Example 1: This disclosure provides a policy-aware automatic scaling method for application nodes, referring to... Figure 1 and Figure 2 This includes the following steps.
[0025] Step S1: Obtain the configuration information of the existing virtual machine nodes of the target application; generate the creation configuration for expanding the virtual machine nodes based on the configuration information, and send the creation configuration to the installation system to complete the creation of the expanded virtual machine nodes.
[0026] The configuration information of existing virtual machine nodes refers to the actual configuration parameters of the virtual machine nodes that already exist and are running in the target application. Examples include IP address, number of CPU cores, memory size, disk capacity, and operating system type.
[0027] The target application refers to the application that needs to be scaled up. In the production environment, the application is supported by multiple virtual machine nodes and provides services to the outside world through a cluster.
[0028] In this embodiment, the configuration information of the existing virtual machine nodes of the target application can be obtained in various ways. For example, by calling the application programming interface of the Configuration Management Database (CMDB), all virtual machine nodes associated with the target application identifier can be queried to obtain the configuration information of each virtual machine node; another example is to obtain the runtime configuration information of each virtual machine node in real time through the API interface provided by the cloud management platform.
[0029] The creation configuration for expanding virtual machine nodes refers to the configuration parameters generated for creating new virtual machine nodes. This creation configuration includes the IP address of the expanded virtual machine node.
[0030] Furthermore, the configuration creation also includes expanding the virtual LAN, resource pool, and availability zone information of the virtual machine nodes.
[0031] In this embodiment, by adding virtual LAN, resource pool, and availability zone information in the configuration creation, it can be ensured that the expanded virtual machine nodes are deployed in the same network isolation domain and resource area as the existing virtual machine nodes.
[0032] Virtual LANs are used to specify the network segment to which a node belongs, ensuring consistency in Layer 2 network communication and access policies between new and existing nodes; resource pools are used to limit the allocation of computing and storage resources from a specified set of physical or virtual resources to avoid performance interference caused by resource sharing; availability zones are used to deploy nodes in specific fault isolation areas, and combined with the distribution of existing nodes, can achieve high availability deployment across availability zones or low latency deployment within the same availability zone.
[0033] In this embodiment, by configuring the above information, it is possible to effectively avoid application access abnormalities or reliability degradation caused by network affiliation misalignment, improper resource allocation, or inconsistent fault domains.
[0034] In this embodiment, the generation of the creation configuration for expanding virtual machine nodes based on the configuration information can be achieved by template copying and parameter replacement. Specifically, the obtained existing virtual machine node configuration information is used as a configuration template. This template is copied, and the IP addresses in the template are replaced with newly allocated IP addresses, and the hostnames are replaced with new hostnames generated according to preset rules. The generated creation configuration is sent to the installation system according to the interface protocol and data format required by the installation system, and the installation system performs virtual machine creation and initialization operations based on this configuration.
[0035] Furthermore, step S1 also includes: Receive the notification from the installation system that the expansion virtual machine node has been created; send a configuration collection request to the expansion virtual machine node to obtain the actual configuration information of the expansion virtual machine node; compare the actual configuration information with the created configuration; if they match, the creation is confirmed to be successful; if they do not match, the configuration repair process or re-creation process is triggered.
[0036] In this embodiment, there are several ways to obtain the actual configuration information of the expanded virtual machine. For example, it can be achieved by remotely executing commands via SSH. Specifically, after confirming that the expanded virtual machine node has started and is network reachable, the node is logged in via the SSH protocol using a preset authentication method (such as a key pair), and system commands are executed sequentially to collect various configuration information. After the collection commands are completed, the command output results are received and parsed, and the parsed data is formatted into structured configuration information, which serves as the actual configuration information of the expanded virtual machine node.
[0037] The system commands for collecting various configuration information are as follows: execute lscpu to get the number of CPU cores, execute free -m to get the memory size, execute df -h to get the disk capacity, execute ip addr show to get the IP address and network configuration, execute cat / etc / os-release to get the operating system type and version, execute hostname to get the hostname, and execute rpm -qa or dpkg -l to get the list of installed software.
[0038] In this embodiment, after obtaining the actual configuration information of the expanded virtual machine, the actual configuration information is compared with the creation configuration field by field. Specifically, the actual configuration information and the creation configuration are parsed into key-value pairs. For numeric fields (such as the number of CPU cores and memory size), the values are compared to see if they are equal; for string fields (such as the operating system type and hostname), the strings are compared to see if they are completely identical; for list fields (such as the list of installed software), the list elements are compared to see if they are completely identical.
[0039] In this embodiment, by actively collecting the actual configuration of the expansion node and comparing it with the created configuration, the repair or re-damage process is triggered in a timely manner when the configuration is inconsistent, which effectively ensures the accuracy and consistency of the expansion node configuration.
[0040] Step S2: Based on the IP address of the expanded virtual machine node, obtain the database access permission information of the existing virtual machine node of the target application; according to the database permission information, automatically generate a database access authorization instruction and send the database access authorization instruction to the database system for execution to enable the expanded virtual machine node to access the target database.
[0041] Database permission information refers to the records of permissions granted to the target application's existing virtual machine nodes to access the database. This includes, for example, the database identifier, table identifier, access account, and permission level (such as read, write, read-write, etc.).
[0042] In this embodiment, since the expanded virtual machine node has just been created and database permissions have not yet been granted, the database permission information of the existing virtual machine node is actually obtained as a reference for expanding the virtual machine node.
[0043] In this embodiment, the database permission information of the existing virtual machine nodes of the target application can be obtained by querying authorization records through the database system. Specifically, the authorization records of the existing nodes are queried by logging into the database system (such as MySQL, Oracle, PostgreSQL, etc.); the query results are returned as the databases, tables and permission levels that each existing virtual machine node is authorized to access; and these authorization records are summarized as the database permission information of the existing virtual machine nodes.
[0044] In this embodiment, the automatic generation of database access authorization instructions based on database permission information can be achieved using a template-based instruction generation method.
[0045] In this embodiment, step S2 further includes: Identify the type of database system; based on the type of database system, call the corresponding authorization instruction template; fill in the IP address and database permission information of the expanded virtual machine node into the authorization instruction template to generate a database access authorization instruction corresponding to the type of database system.
[0046] An authorization instruction template refers to a pre-configured instruction format framework that conforms to the syntax specifications of a specific database system. This specific database can be MySQL, Oracle, or similar databases.
[0047] For example, taking a MySQL database as an example, the default authorization command template is: "GRANT {privileges} ON {database}.{table} TO '{user}'@'{ip}';".
[0048] The {privileges}, {database}, {table}, {user}, and {ip} are placeholders to be filled, representing the permission type, database name, table name, access account, and client IP address, respectively.
[0049] By extracting the permission type, database name, table name, access account, and IP address of the expanded virtual machine node from the existing virtual machine node database permission information and filling them into the corresponding placeholders, a database access authorization instruction that conforms to the syntax specification of the database system can be generated.
[0050] In this embodiment, by pre-setting authorization instruction templates for different database types and calling the corresponding templates to generate instructions based on the identified database system type, the compatibility issues caused by differences in authorization syntax among various databases such as MySQL, Oracle, and SQL Server are effectively resolved. The template-based generation method shields the syntax differences between different database systems, eliminating the need to develop separate instruction generation logic for each database. This significantly improves the versatility and scalability of the solution in multi-database mixed environments and reduces system maintenance costs.
[0051] Furthermore, step S2 also includes: Obtain the database permission information of the existing virtual machine nodes of the target application; wherein, the database permission information of each existing virtual machine node includes the database identifier and table identifier that the node is authorized to access.
[0052] Perform an intersection operation on the database permission information of the existing virtual machine nodes to obtain the common database identifier and the common table identifier; use the common database identifier and the common table identifier as the database permission information for expanding the virtual machine nodes.
[0053] A public database identifier refers to the database name or ID that is authorized to be accessed by all existing virtual machine nodes of the target application; that is, the database portion of the database access permissions shared by these nodes.
[0054] A public table identifier refers to the name or ID of a data table that is authorized for access by all existing virtual machine nodes within a public database.
[0055] For example, a target application has three existing nodes, and their database permission information is as follows: Node A: Can access tables table1 and table2 in database db1, and table3 in database db2.
[0056] Node B: Can access tables table1, table2, and table3 in database db1, and table3 in database db2.
[0057] Node C: Can access tables table1 and table2 in database db1, and table4 in database db3.
[0058] After performing an intersection operation on the above permission information, the resulting public database identifier is "db1", and the public table identifiers are "table1" and "table2". That is, all existing virtual machine nodes are authorized to access tables table1 and table2 of the db1 database. Therefore, these two tables are used as the database permission information for expanding virtual machine nodes to ensure that the expanded virtual machine nodes obtain the minimum set of public permissions shared by all existing virtual machine nodes.
[0059] In this embodiment, by performing an intersection operation on the database permission information of existing virtual machine nodes, the common database identifier and common table identifier are used as the permission range of the expansion node. This solves the problem of difficulty in determining the permissions of new nodes when the permissions of existing nodes are inconsistent. The intersection strategy automatically filters out the minimum set of permissions commonly possessed by all nodes, avoiding the security risks of excessive permissions and preventing access anomalies caused by insufficient permissions, thus achieving automated security management of database permissions.
[0060] Step S3: Obtain the network policy information of the existing virtual machine nodes of the target application; based on the network policy information and the IP address of the expanded virtual machine node, automatically generate a policy expansion script and send the policy expansion script to the network management system for execution to open the network communication permissions of the expanded virtual machine node.
[0061] In this embodiment, step S3 specifically includes: Parse firewall rules, security group rules, or access control lists, and extract the IP address field from them.
[0062] Identify the IP addresses belonging to existing virtual machine nodes in the IP address field; replace the identified IP addresses of existing virtual machine nodes with the IP addresses of the expanded virtual machine nodes.
[0063] Generate a policy expansion script based on the firewall rules, security group rules, or access control lists after the IP address replacement.
[0064] Network policy information refers to the set of access control rules granted to the existing virtual machine nodes of the target application at the network layer, which are used to specify the communication permissions between the node and the external network or other nodes.
[0065] In this embodiment, network policy information includes at least one of the following: firewall rules, security group rules, and access control lists.
[0066] In this embodiment, the network management system queries the network policies associated with all existing virtual machine nodes under the target application through the application programming interface, including firewall rules, security group rules, and access control lists. If the network management system does not store the association between the application and the node, it sends policy query requests to the firewall device or security group management platform one by one according to the IP address of the existing virtual machine node to obtain all access control rules related to the IP address.
[0067] Additionally, pre-stored application network policy templates or historical policy records can be read from the Configuration Management Database (CMDB) as supplementary verification; the acquired multi-party policy information is integrated and deduplicated to form complete network policy information for each existing virtual machine node.
[0068] A policy-based expansion script is a set of executable instructions used on a target network management system to grant network communication permissions to expanded virtual machine nodes. The script contains several network policy rules, each of which replaces the source IP address of the existing virtual machine node with the IP address of the expanded virtual machine node, while all other elements (target IP address, port, protocol, and action) remain unchanged.
[0069] In this embodiment, the format of the policy expansion script is compatible with the target network management system. It can be a command-line script (such as the iptables command set), API call parameters (such as cloud platform security group rules in JSON format), or a configuration file (such as a firewall policy configuration file). After receiving the script, the network management system can directly parse and execute it to complete the implementation of the network policy.
[0070] Step S4: Based on steps S1-S3, deploy and start the target application on the expanded virtual machine node to complete the node expansion.
[0071] In this embodiment, by automatically triggering application deployment after the creation of the expanded virtual machine node, the opening of database permissions, and the configuration of network policies, it is ensured that the new node has a complete operating environment and access permissions before joining the cluster, avoiding application startup failure or runtime abnormalities caused by unmet preconditions, and realizing closed-loop automation of the expansion process.
[0072] The basic concepts have been described above. Obviously, for those skilled in the art, the detailed disclosure above is merely illustrative and does not constitute a limitation of this specification. Although not explicitly stated herein, those skilled in the art may make various modifications, improvements, and corrections to this specification. Such modifications, improvements, and corrections are suggested in this specification and therefore remain within the spirit and scope of the exemplary embodiments described herein.
[0073] Furthermore, unless expressly stated in the claims, the order of processing elements and sequences, the use of numbers and letters, or other names described in this specification are not intended to limit the order of the processes and methods described herein. Although various examples have been discussed in the foregoing disclosure of some embodiments of the invention that are currently considered useful, it should be understood that such details are for illustrative purposes only, and the appended claims are not limited to the disclosed embodiments; rather, the claims are intended to cover all modifications and equivalent combinations that conform to the spirit and scope of the embodiments described herein. For example, while the system components described above can be implemented using hardware devices, they can also be implemented solely using software solutions, such as installing the described system on existing servers or mobile devices.
[0074] Similarly, it should be noted that, in order to simplify the description disclosed herein and thus aid in the understanding of one or more embodiments of the invention, the foregoing description of embodiments in this specification may sometimes combine multiple features into a single embodiment, drawing, or description thereof. However, this method of disclosure does not imply that the subject matter of this specification requires more features than those mentioned in the claims. In fact, the embodiments contain fewer features than all the features of a single embodiment disclosed above.
[0075] In some embodiments, numbers describing the quantity of components and attributes are used. It should be understood that such numbers used in the description of embodiments are modified in some examples with the terms "approximately," "approximately," or "generally." Unless otherwise stated, "approximately," "approximately," or "generally" indicates that the numbers are allowed to vary by ±20%. Accordingly, in some embodiments, the numerical parameters used in the specification and claims are approximate values, which may be changed depending on the characteristics required by individual embodiments. In some embodiments, numerical parameters should take into account specified significant digits and employ a general method of digit reservation. Although the numerical ranges and parameters used to confirm their breadth of range in some embodiments of this specification are approximate values, in specific embodiments, such values are set as precisely as feasible.
[0076] For each patent, patent application, patent application publication, and other material, such as articles, books, specifications, publications, and documents, referenced in this specification, the entire contents of which are incorporated herein by reference. This excludes historical application documents that are inconsistent with or conflict with the content of this specification, as well as documents that limit the broadest scope of the claims in this specification (currently or subsequently appended to this specification). It should be noted that in the event of any inconsistency or conflict between the descriptions, definitions, and / or terminology used in the supplementary materials to this specification and the content of this specification, the descriptions, definitions, and / or terminology used in this specification shall prevail.
[0077] Finally, it should be understood that the embodiments described in this specification are merely illustrative of the principles of the embodiments described herein. Other variations may also fall within the scope of this specification. Therefore, alternative configurations of the embodiments described herein are intended to be illustrative rather than limiting, and are considered consistent with the teachings of this specification. Accordingly, the embodiments described herein are not limited to those explicitly introduced and described herein.
Claims
1. A strategy-aware automatic scaling method for application nodes, characterized in that, include: S1. Obtain the configuration information of the existing virtual machine nodes of the target application; generate a creation configuration for expanding the virtual machine nodes based on the configuration information, and send the creation configuration to the installation system to complete the creation of the expanded virtual machine nodes; the creation configuration includes the IP address of the expanded virtual machine nodes; S2. Based on the IP address of the expanded virtual machine node, obtain the database access permission information of the existing virtual machine node of the target application; automatically generate a database access authorization instruction according to the database permission information, and send the database access authorization instruction to the database system for execution to enable the expanded virtual machine node to access the target database. S3. Obtain the network policy information of the existing virtual machine nodes of the target application; automatically generate a policy expansion script based on the network policy information and the IP address of the expanded virtual machine node, and send the policy expansion script to the network management system for execution to open the network communication permissions of the expanded virtual machine node. S4. Based on steps S1-S3, deploy and start the target application on the expanded virtual machine node to complete the node expansion.
2. The application node strategy-aware automatic scaling method according to claim 1, characterized in that, In step S1, the configuration creation also includes information about the virtual local area network, resource pool, and availability zone to which the expanded virtual machine node belongs.
3. The application node strategy-aware automatic scaling method according to claim 2, characterized in that, Step S1 further includes: The system receives a notification from the installation system indicating that the expansion virtual machine node has been successfully created; it sends a configuration collection request to the expansion virtual machine node to obtain the actual configuration information of the expansion virtual machine node; it compares the actual configuration information with the created configuration, and if the comparison is consistent, it confirms that the creation was successful; if they are inconsistent, it triggers a configuration repair process or a re-creation process.
4. The application node strategy-aware automatic scaling method according to claim 3, characterized in that, Step S2 further includes: Identify the type of the database system; based on the type of the database system, invoke the corresponding authorization instruction template; fill the IP address of the expanded virtual machine node and the database permission information into the authorization instruction template to generate a database access authorization instruction corresponding to the type of the database system.
5. The application node strategy-aware automatic scaling method according to claim 4, characterized in that, Step S2 further includes: Obtain the database permission information of the existing virtual machine nodes of the target application; wherein, the database permission information of each existing virtual machine node includes the database identifier and table identifier that the node is authorized to access; Perform an intersection operation on the database permission information of the existing virtual machine nodes to obtain a common database identifier and a common table identifier; use the common database identifier and the common table identifier as the database permission information of the expanded virtual machine nodes.
6. The application node strategy-aware automatic scaling method according to claim 1, characterized in that, In step S3, the network policy information includes at least one of the following: firewall rules, security group rules, and access control lists.
7. The application node strategy-aware automatic scaling method according to claim 6, characterized in that, Step S3 further includes: Parse the firewall rules, security group rules, or access control lists, and extract the IP address field from them; Identify the IP address in the IP address field that belongs to the existing virtual machine node; replace the identified IP address of the existing virtual machine node with the IP address of the expanded virtual machine node; Generate a policy expansion script based on the firewall rules, security group rules, or access control lists after the IP address replacement.