更新 TFE 安装包/配置 -- by luwenpeng

2021-03-25 11:09:02 +08:00
parent 52bde4d275
commit f8b6a40925
11 changed files with 299 additions and 115 deletions
--- a/dockerfile/tfe/Dockerfile
+++ b/dockerfile/tfe/Dockerfile
@@ -39,9 +39,10 @@ RUN yum install -y \
  && pip3 install supervisor \
  && yum clean all

-COPY tfe-env.sh /opt/tsg/tfe/
-COPY tfe-4.3.30.202103111806030800.ce55dbd-1.el7.x86_64.rpm /root/
-RUN rpm -ivh /root/tfe-4.3.30.202103111806030800.ce55dbd-1.el7.x86_64.rpm && chmod o+x /opt/tsg/tfe/tfe-env.sh
+COPY tfe-4.3.30.202103251012260800.7e54768-1.el7.x86_64.rpm /tmp/
+COPY tfe-debuginfo-4.3.30.202103251012260800.7e54768-1.el7.x86_64.rpm /tmp/
+RUN rpm -ivh /tmp/tfe-4.3.30.202103251012260800.7e54768-1.el7.x86_64.rpm && rpm -ivh /tmp/tfe-debuginfo-4.3.30.202103251012260800.7e54768-1.el7.x86_64.rpm
+
 COPY supervisord.conf /etc/supervisord/

 WORKDIR /opt/tsg/tfe/
@@ -49,4 +50,4 @@ WORKDIR /opt/tsg/tfe/
 ENTRYPOINT ["/usr/local/bin/supervisord", "-n", "-c", "/etc/supervisord/supervisord.conf"]

 # docker run -it --cap-add=NET_ADMIN --cap-add=SYS_PTRACE --security-opt seccomp=unconfined --device /dev/net/tun:/dev/net/tun tfe:v1 /bin/bash
-# supervisorctl -c /etc/supervisord/supervisord.conf status
+# supervisorctl -c /etc/supervisord/supervisord.conf status
--- a/dockerfile/tfe/tfe-4.3.30.202103111806030800.ce55dbd-1.el7.x86_64.rpm
+++ b/dockerfile/tfe/tfe-4.3.30.202103111806030800.ce55dbd-1.el7.x86_64.rpm
--- a/dockerfile/tfe/tfe-4.3.30.202103251012260800.7e54768-1.el7.x86_64.rpm
+++ b/dockerfile/tfe/tfe-4.3.30.202103251012260800.7e54768-1.el7.x86_64.rpm
--- a/dockerfile/tfe/tfe-debuginfo-4.3.30.202103251012260800.7e54768-1.el7.x86_64.rpm
+++ b/dockerfile/tfe/tfe-debuginfo-4.3.30.202103251012260800.7e54768-1.el7.x86_64.rpm
--- a/dockerfile/tfe/tfe-env.sh
+++ b/dockerfile/tfe/tfe-env.sh
@@ -1,108 +0,0 @@
-#!/bin/bash
-
-INCOMING_DEVICE=tun_kni
-
-LOCAL_MAC_ADDR=fe:65:b7:00:00:01
-PEER_MAC_ADDR=aa:bb:cc:dd:ee:ff
-
-LOCAL_IP_ADDR=172.16.241.2
-PEER_IP_ADDR=172.16.241.1
-
-start_fun()
-{
-	# 创建虚拟网卡
-	/usr/sbin/ip tuntap add dev ${INCOMING_DEVICE} mode tun one_queue
-
-	# 设置网卡的 MAC
-	/usr/sbin/ip link set ${INCOMING_DEVICE} address ${LOCAL_MAC_ADDR}
-	# 设置网卡的状态
-	/usr/sbin/ip link set ${INCOMING_DEVICE} up
-	/usr/sbin/ip addr flush dev ${INCOMING_DEVICE}
-
-	# 设置网卡的 IPv4 地址
-	/usr/sbin/ip addr add ${LOCAL_IP_ADDR}/30 dev ${INCOMING_DEVICE}
-
-	# 刷新网卡的 ARP
-	# /usr/sbin/ip neigh flush dev ${INCOMING_DEVICE}
-	# 将 PEER 的 IP / MAC 加入到本地设备的 ARP 表中
-	#/usr/sbin/ip neigh add ${PEER_IP_ADDR} lladdr ${PEER_MAC_ADDR} dev ${INCOMING_DEVICE} nud permanent
-
-	###########################################################################
-	# policy route v4
-	###########################################################################
-
-	# 流入的流量走 100 号路由表
-	/usr/sbin/ip rule add iif ${INCOMING_DEVICE} tab 100
-	/usr/sbin/ip route add local default dev lo table 100
-	
-	# 流出的带 0x65 的流量走 101 号路由表
-	/usr/sbin/ip rule add fwmark 0x65 lookup 101
-	/usr/sbin/ip route add default dev ${INCOMING_DEVICE} via ${PEER_IP_ADDR} table 101
-
-	###########################################################################
-	# policy route v6
-	###########################################################################
-	
-	# 设置网卡的 IPv6 地址
-	/usr/sbin/ip addr add fd00::02/64 dev ${INCOMING_DEVICE}
-
-	/usr/sbin/ip -6 route add default via fd00::01
-
-	# 流入的流量走 102 号路由表
-	/usr/sbin/ip -6 rule add iif ${INCOMING_DEVICE} tab 102
-	/usr/sbin/ip -6 route add local default dev lo table 102
-
-	# 将 PEER 的 IP / MAC 加入到本地设备的 ARP 表中
-	#/usr/sbin/ip -6 neigh add fd00::01 lladdr ${PEER_MAC_ADDR} dev ${INCOMING_DEVICE} nud permanent
-
-	###########################################################################
-	# iptables netfilter
-	###########################################################################
-	iptables -A INPUT -i ${INCOMING_DEVICE} -m bpf --bytecode '14,48 0 0 0,84 0 0 240,21 0 10 64,48 0 0 9,21 0 8 6,40 0 0 6,69 6 0 8191,177 0 0 0,80 0 0 20,21 0 3 88,80 0 0 21,21 0 1 4,6 0 0 65535,6 0 0 0' -j NFQUEUE --queue-num 1
-}
-
-stop_fun()
-{
-	iptables -F
-
-	/usr/sbin/ip rule del iif ${INCOMING_DEVICE} tab 100
-	/usr/sbin/ip route del local default dev lo table 100
-
-	/usr/sbin/ip rule del fwmark 0x65 lookup 101
-	/usr/sbin/ip route del default dev ${INCOMING_DEVICE} via ${PEER_IP_ADDR} table 101
-
-	/usr/sbin/ip -6 rule del iif ${INCOMING_DEVICE} tab 102
-	/usr/sbin/ip -6 route del default via fd00::01
-	/usr/sbin/ip -6 route del local default dev lo table 102
-
-	/usr/sbin/ip addr del fd00::02/64 dev ${INCOMING_DEVICE}
-
-	/usr/sbin/ip link set ${INCOMING_DEVICE} down
-	
-	# 删除虚拟网卡
-	/usr/sbin/ip tuntap del dev ${INCOMING_DEVICE} mode tap
-}
-
-status_fun()
-{
-	iptables -L
-}
-
-case "$1" in
-	start)
-		start_fun
-		;;
-	stop)
-		stop_fun
-		;;
-	restart)
-		stop_fun
-		start_fun
-		;;
-	status)
-		status_fun
-		;;
-	*)
-	echo "Usage: $0 {start|stop|status|restart}"
-esac
-exit 0