From 09e8ca413cea6daf61e45edbae45456e7910b5ab Mon Sep 17 00:00:00 2001 From: fumingwei Date: Mon, 8 Jan 2024 19:09:27 +0800 Subject: [PATCH] =?UTF-8?q?feature:TSG-18563:=E4=BD=BF=E7=94=A8emptydir?= =?UTF-8?q?=E6=96=B9=E5=BC=8F=E8=A7=A3=E5=86=B3configmap=20readonly?= =?UTF-8?q?=E9=97=AE=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../files/helm/templates/_config.tpl | 43 +-------------- .../helm/templates/deployment-firewall.yaml | 54 ++++++++++++++++--- .../helm/templates/deployment-proxy.yaml | 53 ++++++++++-------- .../deployment-service-chaining.yaml | 40 ++++++++------ .../helm/templates/deployment-shaping.yaml | 36 +++++++------ 5 files changed, 126 insertions(+), 100 deletions(-) diff --git a/ansible/roles/traffic-engine/files/helm/templates/_config.tpl b/ansible/roles/traffic-engine/files/helm/templates/_config.tpl index 7b8f1054..08818352 100644 --- a/ansible/roles/traffic-engine/files/helm/templates/_config.tpl +++ b/ansible/roles/traffic-engine/files/helm/templates/_config.tpl @@ -122,42 +122,10 @@ enable_breakpad_upload=0 {{- end }} {{- end -}} -{{- define "traffic-engine.sce.copy-config-to-dest" -}} - cp /opt/tsg/config/sce.conf /opt/tsg/sce/conf - cp /opt/tsg/config/tsg_device_tag.json /opt/tsg/etc/tsg_device_tag.json -{{- end -}} - {{- define "traffic-engine.bfdd.prestart" -}} if [ -f "/etc/traffic-engine/hotfix/bfdd/scripts/prestart.sh" ]; then chmod 0755 /etc/traffic-engine/hotfix/bfdd/scripts/prestart.sh; /etc/traffic-engine/hotfix/bfdd/scripts/prestart.sh;fi {{- end -}} -{{- define "traffic-engine.firewall.copy-config-to-dest" -}} - cp /opt/tsg/config/conflist.inf /opt/tsg/sapp/plug/conflist.inf - cp /opt/tsg/config/gdev.conf /opt/tsg/sapp/etc/gdev.conf - cp /opt/tsg/config/main.conf /opt/tsg/sapp/tsgconf/main.conf - cp /opt/tsg/config/maat.conf /opt/tsg/sapp/tsgconf/maat.conf - cp /opt/tsg/config/sapp.toml /opt/tsg/sapp/etc/sapp.toml - cp /opt/tsg/config/send_raw_pkt.conf /opt/tsg/sapp/etc/send_raw_pkt.conf - cp /opt/tsg/config/tsg_device_tag.json /opt/tsg/etc/tsg_device_tag.json - cp /opt/tsg/config/vlan_flipping_map.conf /opt/tsg/sapp/etc/vlan_flipping_map.conf - cp /opt/tsg/config/firewall.inf /opt/tsg/sapp/plug/business/firewall/firewall.inf - cp /opt/tsg/config/necessary_plug_list.conf /opt/tsg/sapp/etc/necessary_plug_list.conf - cp /opt/tsg/config/http_main.conf /opt/tsg/sapp/conf/http/http_main.conf - cp /opt/tsg/config/mail.conf /opt/tsg/sapp/conf/mail/mail.conf - cp /opt/tsg/config/ssl_main.conf /opt/tsg/sapp/conf/ssl/ssl_main.conf - cp /opt/tsg/config/spec.toml /opt/tsg/sapp/stellar_plugin/spec.toml -{{- end -}} - -{{- define "traffic-engine.proxy.copy-config-to-dest" -}} - cp /opt/tsg/config/tfe.conf /opt/tsg/tfe/conf/tfe/tfe.conf - cp /opt/tsg/config/tsg_device_tag.json /opt/tsg/etc/tsg_device_tag.json -{{- end -}} - -{{- define "traffic-engine.certstore.copy-config-to-dest" -}} - cp /opt/tsg/config/cert_store.ini /opt/tsg/certstore/conf/cert_store.ini - cp /opt/tsg/config/tsg_device_tag.json /opt/tsg/etc/tsg_device_tag.json -{{- end -}} - {{- define "traffic-engine.certstore.prestart" -}} if [ -f "/etc/traffic-engine/hotfix/certstore/scripts/prestart.sh" ]; then chmod 0755 /etc/traffic-engine/hotfix/certstore/scripts/prestart.sh; /etc/traffic-engine/hotfix/certstore/scripts/prestart.sh;fi {{- end -}} @@ -175,10 +143,8 @@ export CACERT=${SERVICEACCOUNT}/ca.crt {{- define "public.serialize-node-annotations" -}} curl --cacert ${CACERT} --header "Authorization: Bearer ${TOKEN}" -X GET ${APISERVER}/api/v1/nodes/${NODE_NAME} -o /tmp/node-${NODE_NAME}.json export DEVICE_SN=$(cat /tmp/node-${NODE_NAME}.json | jq -r '.metadata.annotations."tsg-os/device-sn"') -mkdir -p /target_config/opt/tsg/etc -mkdir -p /target_config/etc/profile.d -echo "{\"sn\": \"$DEVICE_SN\"}" > /target_config/opt/tsg/etc/tsg_sn.json -echo "export device_id=${DEVICE_SN}" > /target_config/etc/profile.d/device_id.sh +echo "{\"sn\": \"$DEVICE_SN\"}" > /opt/tsg/shared-configs/tsg_sn.json +echo "export device_id=${DEVICE_SN}" > /opt/tsg/shared-configs/device_id.sh {{- end -}} @@ -199,11 +165,6 @@ echo "export device_id=${DEVICE_SN}" > /target_config/etc/profile.d/device_id.sh */}} -{{- define "traffic-engine.shaping.copy-config-to-dest" -}} - cp /opt/tsg/config/shaping.conf /opt/tsg/shaping_engine/conf - cp /opt/tsg/config/tsg_device_tag.json /opt/tsg/etc/tsg_device_tag.json -{{- end -}} - {{- define "traffic-engine.shaping.set-shaping-config" -}} sed -Ei "s|NODE_IP_LOCATION|${NODE_IP?}|g" /opt/tsg/shaping_engine/conf/shaping.conf sed -Ei "s|CLUSTER_ANNOUNCE_PORT_LOCATION|${CLUSTER_ANNOUNCE_PORT?}|g" /opt/tsg/shaping_engine/conf/shaping.conf diff --git a/ansible/roles/traffic-engine/files/helm/templates/deployment-firewall.yaml b/ansible/roles/traffic-engine/files/helm/templates/deployment-firewall.yaml index 15afbdf8..c50297ad 100644 --- a/ansible/roles/traffic-engine/files/helm/templates/deployment-firewall.yaml +++ b/ansible/roles/traffic-engine/files/helm/templates/deployment-firewall.yaml @@ -44,7 +44,6 @@ spec: - "-ec" - | ldconfig - {{ template "traffic-engine.firewall.copy-config-to-dest" . }} {{- include "traffic-engine.global.cm.read-server-ip" . | nindent 12 }} {{- if eq .Values.external_resources.cm.connectivity "local_cache" }} sed -Ei "s|CM_POLICY_LOCAL_CACHE_IP_LOCATION|${CM_POLICY_LOCAL_CACHE_IP?}|g" /opt/tsg/sapp/tsgconf/maat.conf @@ -94,10 +93,53 @@ spec: failureThreshold: 90 periodSeconds: 10 {{- end }} + volumeMounts: - name: shared-configs-volume mountPath: "/opt/tsg/etc/tsg_sn.json" - subPath: "opt/tsg/etc/tsg_sn.json" + subPath: "tsg_sn.json" + - name: shared-configs-volume + mountPath: "/opt/tsg/sapp/plug/conflist.inf" + subPath: "sapp/conflist.inf" + - name: shared-configs-volume + mountPath: "/opt/tsg/sapp/etc/gdev.conf" + subPath: "sapp/gdev.conf" + - name: shared-configs-volume + mountPath: "/opt/tsg/sapp/tsgconf/main.conf" + subPath: "sapp/main.conf" + - name: shared-configs-volume + mountPath: "/opt/tsg/sapp/tsgconf/maat.conf" + subPath: "sapp/maat.conf" + - name: shared-configs-volume + mountPath: "/opt/tsg/sapp/etc/sapp.toml" + subPath: "sapp/sapp.toml" + - name: shared-configs-volume + mountPath: "/opt/tsg/sapp/etc/send_raw_pkt.conf" + subPath: "sapp/send_raw_pkt.conf" + - name: shared-configs-volume + mountPath: "/opt/tsg/etc/tsg_device_tag.json" + subPath: "sapp/tsg_device_tag.json" + - name: shared-configs-volume + mountPath: "/opt/tsg/sapp/etc/vlan_flipping_map.conf" + subPath: "sapp/vlan_flipping_map.conf" + - name: shared-configs-volume + mountPath: "/opt/tsg/sapp/plug/business/firewall/firewall.inf" + subPath: "sapp/firewall.inf" + - name: shared-configs-volume + mountPath: "/opt/tsg/sapp/etc/necessary_plug_list.conf" + subPath: "sapp/necessary_plug_list.conf" + - name: shared-configs-volume + mountPath: "/opt/tsg/sapp/conf/http/http_main.conf" + subPath: "sapp/http_main.conf" + - name: shared-configs-volume + mountPath: "/opt/tsg/sapp/conf/mail/mail.conf" + subPath: "sapp/mail.conf" + - name: shared-configs-volume + mountPath: "/opt/tsg/sapp/conf/ssl/ssl_main.conf" + subPath: "sapp/ssl_main.conf" + - name: shared-configs-volume + mountPath: "/opt/tsg/sapp/stellar_plugin/spec.toml" + subPath: "sapp/spec.toml" - name: firewall-minidump mountPath: /run/sapp/crashreport - name: firewall-log @@ -172,7 +214,7 @@ spec: - "bash" - "-ec" - | - cp -r /opt/tsg/configs/* /opt/tsg/shared-configs + cp -r /opt/tsg/configs/* /opt/tsg/shared-configs/ {{- include "public.prepare-access-API" . | nindent 12 }} {{- include "public.serialize-node-annotations" . | nindent 12 }} securityContext: @@ -189,14 +231,14 @@ spec: volumeMounts: - name: shared-configs-volume mountPath: /opt/tsg/shared-configs - - name: app-configs-volume - mountPath: "/opt/tsg/config" + - name: sapp-configs-volume + mountPath: /opt/tsg/configs/sapp - name: localtime-node mountPath: /etc/localtime readOnly: true volumes: - - name: app-configs-volume + - name: sapp-configs-volume configMap: name: sapp-{{ .Release.Name }} - name: shared-configs-volume diff --git a/ansible/roles/traffic-engine/files/helm/templates/deployment-proxy.yaml b/ansible/roles/traffic-engine/files/helm/templates/deployment-proxy.yaml index 6074e0da..8329b50a 100644 --- a/ansible/roles/traffic-engine/files/helm/templates/deployment-proxy.yaml +++ b/ansible/roles/traffic-engine/files/helm/templates/deployment-proxy.yaml @@ -46,7 +46,6 @@ spec: - "-ec" - | ldconfig - {{ template "traffic-engine.proxy.copy-config-to-dest" . }} {{- include "traffic-engine.global.cm.read-server-ip" . | nindent 12 }} {{- if eq .Values.external_resources.cm.connectivity "local_cache" }} sed -Ei "s|CM_POLICY_LOCAL_CACHE_IP_LOCATION|${CM_POLICY_LOCAL_CACHE_IP?}|g" /opt/tsg/tfe/conf/tfe/tfe.conf @@ -83,11 +82,15 @@ spec: periodSeconds: 10 {{- end }} volumeMounts: - - name: tfe - mountPath: "/opt/tsg/config" - - name: config-volume + - name: shared-configs-volume mountPath: "/opt/tsg/etc/tsg_sn.json" - subPath: "opt/tsg/etc/tsg_sn.json" + subPath: "tsg_sn.json" + - name: shared-configs-volume + mountPath: "/opt/tsg/tfe/conf/tfe/tfe.conf" + subPath: "tfe/tfe.conf" + - name: shared-configs-volume + mountPath: "/opt/tsg/etc/tsg_device_tag.json" + subPath: "tfe/tsg_device_tag.json" - name: proxy-minidump mountPath: /run/tfe/crashreport - name: proxy-log @@ -106,7 +109,6 @@ spec: - "bash" - "-ec" - | - {{ template "traffic-engine.certstore.copy-config-to-dest" . }} {{- include "traffic-engine.global.cm.read-server-ip" . | nindent 12 }} {{- if eq .Values.external_resources.cm.connectivity "local_cache" }} sed -Ei "s|CM_POLICY_LOCAL_CACHE_IP_LOCATION|${CM_POLICY_LOCAL_CACHE_IP?}|g" /opt/tsg/certstore/conf/cert_store.ini @@ -128,11 +130,15 @@ spec: {{- end }} volumeMounts: {{ template "traffic-engine.mount.localtime" . }} - - name: certstore - mountPath: "/opt/tsg/config" - - name: config-volume + - name: shared-configs-volume mountPath: "/opt/tsg/etc/tsg_sn.json" - subPath: "opt/tsg/etc/tsg_sn.json" + subPath: "tsg_sn.json" + - name: shared-configs-volume + mountPath: "/opt/tsg/certstore/conf/cert_store.ini" + subPath: "certstore/cert_store.ini" + - name: shared-configs-volume + mountPath: "/opt/tsg/etc/tsg_device_tag.json" + subPath: "certstore/tsg_device_tag.json" - name: certstore-minidump mountPath: /run/certstore/crashreport - name: certstore-log @@ -160,15 +166,15 @@ spec: securityContext: privileged: true volumeMounts: - - name: telegraf + - name: telegraf-configs-volume mountPath: "/etc/telegraf/telegraf_proxy.conf" subPath: "telegraf_proxy.conf" - - name: config-volume + - name: shared-configs-volume mountPath: "/opt/tsg/etc/tsg_sn.json" - subPath: "opt/tsg/etc/tsg_sn.json" - - name: config-volume + subPath: "tsg_sn.json" + - name: shared-configs-volume mountPath: "/etc/profile.d/device_id.sh" - subPath: "etc/profile.d/device_id.sh" + subPath: "device_id.sh" {{ template "traffic-engine.mount.localtime" . }} - name: log-dir-hook @@ -284,6 +290,7 @@ spec: /usr/sbin/ip -6 rule add iif tap_c tab 102 /usr/sbin/ip -6 rule add iif tap_s tab 102 + cp -r /opt/tsg/configs/* /opt/tsg/shared-configs/ {{ include "public.prepare-access-API" . | nindent 12 }} {{- include "public.serialize-node-annotations" . | nindent 12 }} @@ -299,21 +306,25 @@ spec: fieldRef: fieldPath: spec.nodeName volumeMounts: - - name: config-volume - mountPath: /target_config + - name: shared-configs-volume + mountPath: /opt/tsg/shared-configs + - name: certstore-configs-volume + mountPath: /opt/tsg/configs/certstore + - name: tfe-configs-volume + mountPath: /opt/tsg/configs/tfe {{ template "traffic-engine.mount.localtime" . }} volumes: - - name: certstore + - name: certstore-configs-volume configMap: name: certstore-{{ .Release.Name }} - - name: tfe + - name: tfe-configs-volume configMap: name: tfe-{{ .Release.Name }} - - name: telegraf + - name: telegraf-configs-volume configMap: name: telegraf-{{ .Release.Name }} - - name: config-volume + - name: shared-configs-volume emptyDir: {} - name: proxy-minidump hostPath: diff --git a/ansible/roles/traffic-engine/files/helm/templates/deployment-service-chaining.yaml b/ansible/roles/traffic-engine/files/helm/templates/deployment-service-chaining.yaml index 883b2c91..5209525c 100644 --- a/ansible/roles/traffic-engine/files/helm/templates/deployment-service-chaining.yaml +++ b/ansible/roles/traffic-engine/files/helm/templates/deployment-service-chaining.yaml @@ -46,7 +46,6 @@ spec: - "-ec" - | ldconfig - {{ template "traffic-engine.sce.copy-config-to-dest" . }} {{- include "traffic-engine.global.cm.read-server-ip" . | nindent 12 }} {{- if eq .Values.external_resources.cm.connectivity "local_cache" }} sed -Ei "s|CM_POLICY_LOCAL_CACHE_IP_LOCATION|${CM_POLICY_LOCAL_CACHE_IP?}|g" /opt/tsg/sce/conf/sce.conf @@ -83,11 +82,15 @@ spec: periodSeconds: 10 {{- end }} volumeMounts: - - name: sce - mountPath: "/opt/tsg/config" - - name: config-volume + - name: shared-configs-volume mountPath: "/opt/tsg/etc/tsg_sn.json" - subPath: "opt/tsg/etc/tsg_sn.json" + subPath: "tsg_sn.json" + - name: shared-configs-volume + mountPath: "/opt/tsg/sce/conf/sce.conf" + subPath: "sce/sce.conf" + - name: shared-configs-volume + mountPath: "/opt/tsg/etc/tsg_device_tag.json" + subPath: "sce/tsg_device_tag.json" - name: sce-minidump mountPath: /run/sce/crashreport - name: sce-log @@ -121,9 +124,9 @@ spec: securityContext: privileged: true volumeMounts: - - name: config-volume + - name: shared-configs-volume mountPath: "/opt/tsg/etc/tsg_sn.json" - subPath: "opt/tsg/etc/tsg_sn.json" + subPath: "tsg_sn.json" - name: bfdd-minidump mountPath: /run/bfdd/crashreport - name: bfdd-log @@ -145,15 +148,15 @@ spec: securityContext: privileged: true volumeMounts: - - name: telegraf + - name: telegraf-configs-volume mountPath: "/etc/telegraf/telegraf_sce.conf" subPath: "telegraf_sce.conf" - - name: config-volume + - name: shared-configs-volume mountPath: "/opt/tsg/etc/tsg_sn.json" - subPath: "opt/tsg/etc/tsg_sn.json" - - name: config-volume + subPath: "tsg_sn.json" + - name: shared-configs-volume mountPath: "/etc/profile.d/device_id.sh" - subPath: "etc/profile.d/device_id.sh" + subPath: "device_id.sh" {{ template "traffic-engine.mount.localtime" . }} - name: log-dir-hook @@ -180,6 +183,7 @@ spec: - "bash" - "-ec" - | + cp -r /opt/tsg/configs/* /opt/tsg/shared-configs/ {{- include "public.prepare-access-API" . | nindent 12 }} {{- include "public.serialize-node-annotations" . | nindent 12 }} {{- if .Values.sce_config.vxlan_config.endpoint_nic }} @@ -204,18 +208,20 @@ spec: fieldRef: fieldPath: spec.nodeName volumeMounts: - - name: config-volume - mountPath: /target_config + - name: shared-configs-volume + mountPath: /opt/tsg/shared-configs + - name: sce-configs-volume + mountPath: /opt/tsg/configs/sce {{ template "traffic-engine.mount.localtime" . }} volumes: - - name: telegraf + - name: telegraf-configs-volume configMap: name: telegraf-{{ .Release.Name }} - - name: sce + - name: sce-configs-volume configMap: name: sce-{{ .Release.Name }} - - name: config-volume + - name: shared-configs-volume emptyDir: {} - name: sce-minidump hostPath: diff --git a/ansible/roles/traffic-engine/files/helm/templates/deployment-shaping.yaml b/ansible/roles/traffic-engine/files/helm/templates/deployment-shaping.yaml index b0a7f852..9b92bace 100644 --- a/ansible/roles/traffic-engine/files/helm/templates/deployment-shaping.yaml +++ b/ansible/roles/traffic-engine/files/helm/templates/deployment-shaping.yaml @@ -46,7 +46,6 @@ spec: - "-ec" - | ldconfig - {{ template "traffic-engine.shaping.copy-config-to-dest" . }} {{- include "traffic-engine.global.cm.read-server-ip" . | nindent 12 }} {{- if eq .Values.external_resources.cm.connectivity "local_cache" }} sed -Ei "s|CM_POLICY_LOCAL_CACHE_IP_LOCATION|${CM_POLICY_LOCAL_CACHE_IP?}|g" /opt/tsg/shaping_engine/conf/shaping.conf @@ -99,11 +98,15 @@ spec: securityContext: privileged: true volumeMounts: - - name: shaping - mountPath: "/opt/tsg/config" - - name: config-volume + - name: shared-configs-volume mountPath: "/opt/tsg/etc/tsg_sn.json" - subPath: "opt/tsg/etc/tsg_sn.json" + subPath: "tsg_sn.json" + - name: shared-configs-volume + mountPath: "/opt/tsg/shaping_engine/conf/shaping.conf" + subPath: "shaping/shaping.conf" + - name: shared-configs-volume + mountPath: "/opt/tsg/etc/tsg_device_tag.json" + subPath: "shaping/tsg_device_tag.json" - name: shaping-minidump mountPath: /run/shaping/crashreport - name: shaping-log @@ -124,15 +127,15 @@ spec: securityContext: privileged: true volumeMounts: - - name: telegraf + - name: telegraf-configs-volume mountPath: "/etc/telegraf/telegraf_shaping.conf" subPath: "telegraf_shaping.conf" - - name: config-volume + - name: shared-configs-volume mountPath: "/opt/tsg/etc/tsg_sn.json" - subPath: "opt/tsg/etc/tsg_sn.json" - - name: config-volume + subPath: "tsg_sn.json" + - name: shared-configs-volume mountPath: "/etc/profile.d/device_id.sh" - subPath: "etc/profile.d/device_id.sh" + subPath: "device_id.sh" {{ template "traffic-engine.mount.localtime" . }} - name: log-dir-hook @@ -157,6 +160,7 @@ spec: - "bash" - "-ec" - | + cp -r /opt/tsg/configs/* /opt/tsg/shared-configs/ {{- include "public.prepare-access-API" . | nindent 12 }} {{- include "public.serialize-node-annotations" . | nindent 12 }} securityContext: @@ -172,18 +176,20 @@ spec: fieldPath: spec.nodeName volumeMounts: - - name: config-volume - mountPath: /target_config + - name: shared-configs-volume + mountPath: /opt/tsg/shared-configs + - name: shaping-configs-volume + mountPath: /opt/tsg/configs/shaping {{ template "traffic-engine.mount.localtime" . }} volumes: - - name: telegraf + - name: telegraf-configs-volume configMap: name: telegraf-{{ .Release.Name }} - - name: shaping + - name: shaping-configs-volume configMap: name: shaping-{{ .Release.Name }} - - name: config-volume + - name: shared-configs-volume emptyDir: {} - name: shaping-minidump hostPath: