From 1c0febee5d7cbb4d47a2c744cfacab7d2c8bff79 Mon Sep 17 00:00:00 2001 From: fumingwei Date: Thu, 17 Jun 2021 10:40:22 +0800 Subject: [PATCH] =?UTF-8?q?7400=20adapt:=E4=BF=AE=E6=94=B9tsg-diagnose=20r?= =?UTF-8?q?ole=E7=94=A8=E6=9D=A5=E9=80=82=E9=85=8Dtsg=207400?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...rt.conf => service_override_prestart.conf} | 0 ansible/roles/tsg-diagnose/tasks/main.yml | 17 ++- .../templates/tsg_7400_docker-compose.yml.j2 | 125 ++++++++++++++++++ ....yml.j2 => tsg_9140_docker-compose.yml.j2} | 0 ansible/tsg_7400_deploy.yml | 1 + 5 files changed, 139 insertions(+), 4 deletions(-) rename ansible/roles/tsg-diagnose/files/{prestart.conf => service_override_prestart.conf} (100%) create mode 100644 ansible/roles/tsg-diagnose/templates/tsg_7400_docker-compose.yml.j2 rename ansible/roles/tsg-diagnose/templates/{docker-compose.yml.j2 => tsg_9140_docker-compose.yml.j2} (100%) diff --git a/ansible/roles/tsg-diagnose/files/prestart.conf b/ansible/roles/tsg-diagnose/files/service_override_prestart.conf similarity index 100% rename from ansible/roles/tsg-diagnose/files/prestart.conf rename to ansible/roles/tsg-diagnose/files/service_override_prestart.conf diff --git a/ansible/roles/tsg-diagnose/tasks/main.yml b/ansible/roles/tsg-diagnose/tasks/main.yml index c7cfd5b5..c8c75cf2 100644 --- a/ansible/roles/tsg-diagnose/tasks/main.yml +++ b/ansible/roles/tsg-diagnose/tasks/main.yml @@ -16,18 +16,27 @@ dest: /opt/tsg/tsg-diagnose/etc/tsg-diagnose.config tags: template -- name: "Templates docker-compose.yml" +- name: "Templates docker-compose.yml - TSG-9140" template: - src: "{{role_path}}/templates/docker-compose.yml.j2" + src: "{{role_path}}/templates/tsg_9140_docker-compose.yml.j2" dest: /opt/tsg/tsg-diagnose/compose/docker-compose.yml tags: template + when: + - PROFILE_ID == '9000-NPB-P01R01' + +- name: "Templates docker-compose.yml - TSG-7400" + template: + src: "{{role_path}}/templates/tsg_7400_docker-compose.yml.j2" + dest: /opt/tsg/tsg-diagnose/compose/docker-compose.yml + tags: template + when: + - PROFILE_ID == '7400-MCN0-P01R01' - name: "tsg-diagnose:mkdir -p .badssl_cert_dict" file: path: /opt/tsg/tsg-diagnose/.badssl_cert_dict state: directory - - name: "tsg-diagnose: unarchive certs" unarchive: src: /tmp/ansible_deploy/tsg-diagnose-certs.tgz @@ -43,6 +52,6 @@ - name: "copy prestart file to tsg-diagnose.service.d" copy: - src: "{{ role_path }}/files/prestart.conf" + src: "{{ role_path }}/files/service_override_prestart.conf" dest: /usr/lib/systemd/system/tsg-diagnose.service.d/ mode: 0644 diff --git a/ansible/roles/tsg-diagnose/templates/tsg_7400_docker-compose.yml.j2 b/ansible/roles/tsg-diagnose/templates/tsg_7400_docker-compose.yml.j2 new file mode 100644 index 00000000..526bc93f --- /dev/null +++ b/ansible/roles/tsg-diagnose/templates/tsg_7400_docker-compose.yml.j2 @@ -0,0 +1,125 @@ +#for tsg-diagnose +version: '2.2' +services: + + badssl_server: + image: "badssl-tsg-diagnose:latest" + container_name: "badssl_tsg-diagnose" + tty: true + privileged: true + networks: + vlan_ssl_net: + ipv4_address: 192.0.2.130 + ipv6_address: fd00:a1bf:2c3d:ef5a:1e2f:3d4c:56ab:1010 + bridge_net: + ipv4_address: 192.51.100.2 + volumes: + - /opt/tsg/tsg-diagnose/.badssl_cert_dict:/badssl.com/unittest_certs + - /etc/localtime:/etc/localtime:ro + command: > + bash -c "ifconfig eth0 hw ether 02:42:c0:a8:fd:82 + && arp -i eth0 -s 192.0.2.3 02:42:C0:A8:FD:03 + && cp -r /badssl.com/unittest_certs/certs /badssl.com/unittest_certs/common /badssl.com + && make inside-docker + && nginx + && tail -f /dev/null" + + wpr_server: + image: "wpr-tsg-diagnose:latest" + container_name: "wpr_tsg-diagnose" + tty: true + privileged: true + networks: + vlan_ssl_net: + ipv4_address: 192.0.2.131 + ipv6_address: fd00:a1bf:2c3d:ef5a:1e2f:3d4c:56ab:1011 + bridge_net: + ipv4_address: 192.51.100.3 + volumes: + - /etc/localtime:/etc/localtime:ro + command: + - /bin/sh + - -c + - | + ifconfig eth0 hw ether 02:42:C0:A8:FD:83 + arp -i eth0 -s 192.0.2.3 02:42:C0:A8:FD:03 + /root/wpr/wpr replay --http_port=80 --https_port=443 --host=0.0.0.0 --quiet_mode /root/wpr/archive.wprgo & + tail -f /dev/null + + unittest_client: + image: "unittest-tsg-diagnose:latest" + container_name: "unittest_tsg-diagnose" + depends_on: + - badssl_server + - wpr_server + tty: true + privileged: true + networks: + vlan_unittest_net: + ipv4_address: 192.0.2.3 + ipv6_address: fd00:a1bf:2c3d:ef5b:6e7f:8d9c:abfe:1012 + bridge_net: + ipv4_address: 192.51.100.4 + volumes: + - /opt/tsg/tsg-diagnose/.badssl_cert_dict:/root/cafile_dict + - /opt/tsg/tsg-diagnose/result:/root/result_tsg_diagnose + - /opt/tsg/tsg-diagnose/etc:/root/etc_tsg_diagnose + - /etc/localtime:/etc/localtime:ro + command: + - /bin/sh + - -c + - | + /root/unittest/wait-for 192.51.100.2:443 -t 60 -- echo "badssl is up" + /root/unittest/wait-for 192.51.100.3:443 -t 60 -- echo "wpr is up" + ifconfig eth0 hw ether 02:42:C0:A8:FD:03 + arp -i eth0 -s 192.0.2.130 02:42:c0:a8:fd:82 + arp -i eth0 -s 192.0.2.131 02:42:C0:A8:FD:83 + mkdir -p /root/result_tsg_diagnose/unittest + mkdir -p /root/result_tsg_diagnose/conn_traffic_status + cp -rf /root/cafile_dict/certs/sets/current/gen/crt/ca-root.crt /usr/local/share/ca-certificates + update-ca-certificates + cat /root/unittest/badssl.test.hosts >> /etc/hosts + echo '0 2 * * * /usr/local/bin/python /root/unittest/clear_file_timeout.py' > /etc/crontabs/root + echo '0 2 * * * /usr/local/bin/python /root/unittest/clear_file_timeout.py -d /root/result_tsg_diagnose/conn_traffic_status' > /etc/crontabs/root + crond + python /root/unittest/tsg_diagnose.py -l -w NEZHA + + +networks: + bridge_net: + name: bridge_tsg-diagnose_net + driver: bridge + ipam: + config: + - subnet: 192.51.100.0/24 + gateway: 192.51.100.1 + + vlan_ssl_net: + name: vlan_tsg-diagnose_net + driver: macvlan + enable_ipv6: true + driver_opts: + parent: eth_dign_s + ipam: + config: + - subnet: 192.0.2.0/24 + ip_range: 192.0.2.128/25 + gateway: 192.0.2.129 + - subnet: fd00:a1bf:2c3d:ef5a::/63 + ip_range: fd00:a1bf:2c3d:ef5a::/64 + gateway: fd00:a1bf:2c3d:ef5a::1010 + + vlan_unittest_net: + name: vlan_unittest_tsg-diagnose_net + driver: macvlan + enable_ipv6: true + driver_opts: + parent: eth_dign_c + ipam: + config: + - subnet: 192.0.2.0/24 + ip_range: 192.0.2.0/25 + gateway: 192.0.2.1 + - subnet: fd00:a1bf:2c3d:ef5a::/63 + ip_range: fd00:a1bf:2c3d:ef5b::/64 + gateway: fd00:a1bf:2c3d:ef5a::1011 diff --git a/ansible/roles/tsg-diagnose/templates/docker-compose.yml.j2 b/ansible/roles/tsg-diagnose/templates/tsg_9140_docker-compose.yml.j2 similarity index 100% rename from ansible/roles/tsg-diagnose/templates/docker-compose.yml.j2 rename to ansible/roles/tsg-diagnose/templates/tsg_9140_docker-compose.yml.j2 diff --git a/ansible/tsg_7400_deploy.yml b/ansible/tsg_7400_deploy.yml index 464be33e..329aa26c 100644 --- a/ansible/tsg_7400_deploy.yml +++ b/ansible/tsg_7400_deploy.yml @@ -7,6 +7,7 @@ - {role: tsg-os-provision, tags: tsg-os-provision} - {role: system-init, tags: system-init} - {role: system-init-7400-mcn0, tags: system-init-7400-mcn0} + - {role: tsg-diagnose, tags: tsg-diagnose} - hosts: 7400-MCN123-P01R01 remote_user: root