7400 adapt:修改tsg-diagnose role用来适配tsg 7400

ansible/roles/tsg-diagnose/tasks/main.yml

@@ -16,18 +16,27 @@
     dest: /opt/tsg/tsg-diagnose/etc/tsg-diagnose.config
   tags: template
 
-- name: "Templates docker-compose.yml"
+- name: "Templates docker-compose.yml - TSG-9140"
   template:
-    src: "{{role_path}}/templates/docker-compose.yml.j2"
+    src: "{{role_path}}/templates/tsg_9140_docker-compose.yml.j2"
     dest: /opt/tsg/tsg-diagnose/compose/docker-compose.yml
   tags: template
+  when:
+    - PROFILE_ID == '9000-NPB-P01R01'
+
+- name: "Templates docker-compose.yml - TSG-7400"
+  template:
+    src: "{{role_path}}/templates/tsg_7400_docker-compose.yml.j2"
+    dest: /opt/tsg/tsg-diagnose/compose/docker-compose.yml
+  tags: template
+  when:
+    - PROFILE_ID == '7400-MCN0-P01R01'
 
 - name: "tsg-diagnose:mkdir -p .badssl_cert_dict"
   file:
     path: /opt/tsg/tsg-diagnose/.badssl_cert_dict
     state: directory
 
-
 - name: "tsg-diagnose: unarchive certs"
   unarchive:
     src: /tmp/ansible_deploy/tsg-diagnose-certs.tgz
@@ -43,6 +52,6 @@
 
 - name: "copy prestart file to tsg-diagnose.service.d"
   copy:
-    src: "{{ role_path }}/files/prestart.conf"
+    src: "{{ role_path }}/files/service_override_prestart.conf"
     dest: /usr/lib/systemd/system/tsg-diagnose.service.d/
     mode: 0644

ansible/roles/tsg-diagnose/templates/tsg_7400_docker-compose.yml.j2

@@ -0,0 +1,125 @@
+#for tsg-diagnose
+version: '2.2'
+services:
+
+  badssl_server:
+    image: "badssl-tsg-diagnose:latest"
+    container_name: "badssl_tsg-diagnose"
+    tty: true
+    privileged: true
+    networks:
+      vlan_ssl_net:
+        ipv4_address: 192.0.2.130
+        ipv6_address: fd00:a1bf:2c3d:ef5a:1e2f:3d4c:56ab:1010
+      bridge_net:
+        ipv4_address: 192.51.100.2
+    volumes:
+     - /opt/tsg/tsg-diagnose/.badssl_cert_dict:/badssl.com/unittest_certs
+     - /etc/localtime:/etc/localtime:ro
+    command: >
+      bash -c "ifconfig eth0 hw ether 02:42:c0:a8:fd:82
+      && arp -i eth0 -s 192.0.2.3 02:42:C0:A8:FD:03 
+      && cp -r /badssl.com/unittest_certs/certs /badssl.com/unittest_certs/common /badssl.com
+      && make inside-docker
+      && nginx
+      && tail -f /dev/null"
+
+  wpr_server:
+    image: "wpr-tsg-diagnose:latest"
+    container_name: "wpr_tsg-diagnose"
+    tty: true
+    privileged: true
+    networks:
+      vlan_ssl_net:
+        ipv4_address: 192.0.2.131
+        ipv6_address: fd00:a1bf:2c3d:ef5a:1e2f:3d4c:56ab:1011
+      bridge_net:
+        ipv4_address: 192.51.100.3
+    volumes:
+     - /etc/localtime:/etc/localtime:ro
+    command: 
+      - /bin/sh
+      - -c
+      - |
+        ifconfig eth0 hw ether 02:42:C0:A8:FD:83
+        arp -i eth0 -s 192.0.2.3 02:42:C0:A8:FD:03
+        /root/wpr/wpr replay --http_port=80 --https_port=443 --host=0.0.0.0 --quiet_mode /root/wpr/archive.wprgo & 
+        tail -f /dev/null
+        
+  unittest_client:
+    image: "unittest-tsg-diagnose:latest"
+    container_name: "unittest_tsg-diagnose"
+    depends_on: 
+      - badssl_server
+      - wpr_server
+    tty: true
+    privileged: true
+    networks:
+      vlan_unittest_net:
+        ipv4_address: 192.0.2.3
+        ipv6_address: fd00:a1bf:2c3d:ef5b:6e7f:8d9c:abfe:1012
+      bridge_net:
+        ipv4_address: 192.51.100.4
+    volumes:
+     - /opt/tsg/tsg-diagnose/.badssl_cert_dict:/root/cafile_dict
+     - /opt/tsg/tsg-diagnose/result:/root/result_tsg_diagnose
+     - /opt/tsg/tsg-diagnose/etc:/root/etc_tsg_diagnose
+     - /etc/localtime:/etc/localtime:ro
+    command: 
+      - /bin/sh
+      - -c
+      - |
+        /root/unittest/wait-for 192.51.100.2:443 -t 60 -- echo "badssl is up"
+        /root/unittest/wait-for 192.51.100.3:443 -t 60 -- echo "wpr is up"
+        ifconfig eth0 hw ether 02:42:C0:A8:FD:03
+        arp -i eth0 -s 192.0.2.130 02:42:c0:a8:fd:82
+        arp -i eth0 -s 192.0.2.131 02:42:C0:A8:FD:83
+        mkdir -p /root/result_tsg_diagnose/unittest
+        mkdir -p /root/result_tsg_diagnose/conn_traffic_status
+        cp -rf /root/cafile_dict/certs/sets/current/gen/crt/ca-root.crt /usr/local/share/ca-certificates
+        update-ca-certificates
+        cat /root/unittest/badssl.test.hosts >> /etc/hosts
+        echo '0      2       *       *       *       /usr/local/bin/python /root/unittest/clear_file_timeout.py' > /etc/crontabs/root
+        echo '0      2       *       *       *       /usr/local/bin/python /root/unittest/clear_file_timeout.py -d /root/result_tsg_diagnose/conn_traffic_status' > /etc/crontabs/root
+        crond
+        python /root/unittest/tsg_diagnose.py -l -w NEZHA
+
+
+networks: 
+  bridge_net:
+    name: bridge_tsg-diagnose_net
+    driver: bridge
+    ipam:
+      config:
+        - subnet: 192.51.100.0/24
+          gateway: 192.51.100.1
+
+  vlan_ssl_net: 
+    name: vlan_tsg-diagnose_net
+    driver: macvlan
+    enable_ipv6: true
+    driver_opts: 
+      parent: eth_dign_s
+    ipam: 
+      config: 
+        - subnet: 192.0.2.0/24
+          ip_range: 192.0.2.128/25  
+          gateway: 192.0.2.129
+        - subnet: fd00:a1bf:2c3d:ef5a::/63
+          ip_range: fd00:a1bf:2c3d:ef5a::/64
+          gateway: fd00:a1bf:2c3d:ef5a::1010
+
+  vlan_unittest_net: 
+    name: vlan_unittest_tsg-diagnose_net
+    driver: macvlan
+    enable_ipv6: true
+    driver_opts:
+      parent: eth_dign_c
+    ipam:
+      config:
+        - subnet: 192.0.2.0/24
+          ip_range: 192.0.2.0/25
+          gateway: 192.0.2.1
+        - subnet: fd00:a1bf:2c3d:ef5a::/63
+          ip_range: fd00:a1bf:2c3d:ef5b::/64
+          gateway: fd00:a1bf:2c3d:ef5a::1011

ansible/tsg_7400_deploy.yml

@@ -7,6 +7,7 @@
     - {role: tsg-os-provision, tags: tsg-os-provision}
     - {role: system-init, tags: system-init}
     - {role: system-init-7400-mcn0, tags: system-init-7400-mcn0}
+    - {role: tsg-diagnose, tags: tsg-diagnose}
 
 - hosts: 7400-MCN123-P01R01
   remote_user: root