diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index fd6d7285..82f6ce88 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -2,7 +2,7 @@ variables: GIT_STRATEGY: "clone" BUILD_BASED_IMAGE_CENTOS7: "git.mesalab.cn:7443/mesa_platform/build-env:master" - BUILD_BASED_IMAGE_ROCKYLINUX8: "git.mesalab.cn:7443/mesa_platform/build-env:rockylinux" + BUILD_BASED_IMAGE_ROCKYLINUX8: "git.mesalab.cn:7443/mesa_platform/build-env:rockylinux-dindind" .build_tsg-buildimage: script: @@ -79,6 +79,19 @@ feature_branch_build_TSGXP0804: - /^rel-.*$/i - /^update-.*$/i +feature_branch_build_TSGXP0906: + image: $BUILD_BASED_IMAGE_ROCKYLINUX8 + stage: build + extends: .build_tsg-buildimage + variables: + PROFILE_LIST: TSGXNXR620G40R01P0906 + DALIY_BUILD_VERSION: 1 + except: + - tags + - /^dev-.*$/i + - /^rel-.*$/i + - /^update-.*$/i + feature_branch_build_server_unlocked: image: $BUILD_BASED_IMAGE_CENTOS7 stage: build @@ -177,6 +190,20 @@ develop_build_TSGXP0804: only: - /^dev-.*$/i +develop_build_TSGXP0906: + image: $BUILD_BASED_IMAGE_ROCKYLINUX8 + stage: build + extends: .build_tsg-buildimage + variables: + PROFILE_LIST: TSGXNXR620G40R01P0906 + UPLOAD_TO_FILE_REPO: 1 + PULP3_FILE_REPO_NAME: tsg-os-images-develop + PULP3_FILE_DIST_NAME: tsg-os-images-develop + DALIY_BUILD_VERSION: 1 + FILE_REPO_PATH: install/develop/tsg-os-images + only: + - /^dev-.*$/i + develop_build_server_unlocked: image: $BUILD_BASED_IMAGE_CENTOS7 stage: build @@ -277,6 +304,20 @@ testing_build_TSGXP0804: only: - /^rel-.*$/i +testing_build_TSGXP0906: + image: $BUILD_BASED_IMAGE_ROCKYLINUX8 + stage: build + extends: .build_tsg-buildimage + variables: + PROFILE_LIST: TSGXNXR620G40R01P0906 + UPLOAD_TO_FILE_REPO: 1 + PULP3_FILE_REPO_NAME: tsg-os-images-testing + PULP3_FILE_DIST_NAME: tsg-os-images-testing + FILE_REPO_PATH: install/testing/tsg-os-images + DALIY_BUILD_VERSION: 1 + only: + - /^rel-.*$/i + testing_build_server_unlocked: image: $BUILD_BASED_IMAGE_CENTOS7 stage: build @@ -377,6 +418,20 @@ rc_build_TSGXP0804: only: - /^.*-rc.*$/i +rc_build_TSGXP0906: + image: $BUILD_BASED_IMAGE_ROCKYLINUX8 + stage: build + extends: .build_tsg-buildimage + variables: + PROFILE_LIST: TSGXNXR620G40R01P0906 + UPLOAD_TO_FILE_REPO: 1 + DALIY_BUILD_VERSION: 0 + PULP3_FILE_REPO_NAME: tsg-os-images-rc + PULP3_FILE_DIST_NAME: tsg-os-images-rc + FILE_REPO_PATH: install/rc/tsg-os-images + only: + - /^.*-rc.*$/i + rc_build_server_unlocked: image: $BUILD_BASED_IMAGE_CENTOS7 stage: build @@ -487,6 +542,22 @@ release_build_TSGXP0804: except: - /^.*-rc.*$/i +release_build_TSGXP0906: + image: $BUILD_BASED_IMAGE_ROCKYLINUX8 + stage: build + extends: .build_tsg-buildimage + variables: + PROFILE_LIST: TSGXNXR620G40R01P0906 + UPLOAD_TO_FILE_REPO: 1 + DALIY_BUILD_VERSION: 0 + PULP3_FILE_REPO_NAME: tsg-os-images-release + PULP3_FILE_DIST_NAME: tsg-os-images-release + FILE_REPO_PATH: install/release/tsg-os-images + only: + - tags + except: + - /^.*-rc.*$/i + release_build_server_unlocked: image: $BUILD_BASED_IMAGE_CENTOS7 stage: build diff --git a/ansible/HAL_deploy.yml b/ansible/HAL_deploy.yml index 8fb588cc..612fd32e 100644 --- a/ansible/HAL_deploy.yml +++ b/ansible/HAL_deploy.yml @@ -1,10 +1,3 @@ -- hosts: all - remote_user: root - vars_files: - - install_config/group_vars/rpm_version.yml - roles: - - {role: rpm_download, tags: rpm_download} - - hosts: 7400-MCN0-P01R01 remote_user: root vars_files: @@ -141,4 +134,115 @@ - {role: wire_graft, tags: wire_graft} - {role: tsg-os-provision-condition, tags: tsg-os-provision-condition} - {role: hasp, tags: hasp} - - {role: OFED, tags: OFED} \ No newline at end of file + - {role: OFED, tags: OFED} + +- hosts: TSG-X-NXR620G40-R01-P0906 + remote_user: root + vars_files: + - install_config/group_vars/HAL_TSGXNXR620G40R01P0906.yml + - install_config/group_vars/rpm_version.yml + roles: + - {role: k3s-install, tags: k3s-install} + - {role: tsg-os-provision, tags: tsg-os-provision} + - {role: tsg_device_tag, tags: tsg_device_tag} + - {role: tsg_sn, tags: tsg_sn} + - {role: framework, tags: framework} + - {role: mrzcpd, tags: mrzcpd} + - {role: redis, tags: redis} + - {role: exporter, tags: exporter} + - {role: docker, tags: docker} + - {role: tsg-diagnose, tags: tsg-diagnose} + - {role: tsg-exporter-proxy-TSGXP0804, tags: tsg-exporter-proxy-TSGXP0804} + - {role: vsys, tags: vsys} + - {role: system-init-TSG-X-P1403, tags: system-init-TSG-X-P1403} + - {role: system-init, tags: system-init} + - {role: tsg-os-provision-condition, tags: tsg-os-provision-condition} + - {role: hasp, tags: hasp} + - {role: OFED, tags: OFED} + +- hosts: TSG-X-NXR620G40-R01-P0906-init + remote_user: root + vars_files: + - install_config/group_vars/HAL_TSGXNXR620G40R01P0906.yml + - install_config/group_vars/rpm_version.yml + roles: + - {role: tsg-os-provision, tags: tsg-os-provision} + - {role: container-tools-install, tags: container-tools-install} + - {role: tsg_sn, tags: tsg_sn} + - {role: framework, tags: framework} + - {role: mrzcpd, tags: mrzcpd} + - {role: sapp, tags: sapp} + - {role: tsg_master, tags: tsg_master} + - {role: kni, tags: kni} + - {role: firewall, tags: firewall} + - {role: tsg_app, tags: tsg_app} + - {role: redis, tags: redis} + - {role: certstore, tags: certstore} + - {role: tfe, tags: tfe} + - {role: telegraf_statistic, tags: telegraf_statistic} + - {role: wannat_wangw, tags: wannat_wangw} + - {role: wannat_common, tags: wannat_common} + - {role: wire_graft, tags: wire_graft} + +- hosts: TSG-X-NXR620G40-R01-P0906-firewall + remote_user: root + vars_files: + - install_config/group_vars/HAL_TSGXNXR620G40R01P0906.yml + - install_config/group_vars/rpm_version.yml + roles: + - {role: tsg-os-provision, tags: tsg-os-provision} + - {role: container-tools-install, tags: container-tools-install} + - {role: framework, tags: framework} + - {role: mrzcpd, tags: mrzcpd} + - {role: sapp, tags: sapp} + - {role: tsg_master, tags: tsg_master} + - {role: kni, tags: kni} + - {role: firewall, tags: firewall} + - {role: tsg_app, tags: tsg_app} + - {role: wannat_wangw, tags: wannat_wangw} + - {role: wannat_common, tags: wannat_common} + - {role: wire_graft, tags: wire_graft} + - {role: hasp, tags: hasp} + +- hosts: TSG-X-NXR620G40-R01-P0906-proxy + remote_user: root + vars_files: + - install_config/group_vars/HAL_TSGXNXR620G40R01P0906.yml + - install_config/group_vars/rpm_version.yml + roles: + - {role: tsg-os-provision, tags: tsg-os-provision} + - {role: container-tools-install, tags: container-tools-install} + - {role: framework, tags: framework} + - {role: mrzcpd, tags: mrzcpd} + - {role: tfe, tags: tfe} + - {role: hasp, tags: hasp} + +- hosts: TSG-X-NXR620G40-R01-P0906-certstore + remote_user: root + vars_files: + - install_config/group_vars/HAL_TSGXNXR620G40R01P0906.yml + - install_config/group_vars/rpm_version.yml + roles: + - {role: tsg-os-provision, tags: tsg-os-provision} + - {role: container-tools-install, tags: container-tools-install} + - {role: framework, tags: framework} + - {role: redis, tags: redis} + - {role: certstore, tags: certstore} + +- hosts: TSG-X-NXR620G40-R01-P0906-telegraf + remote_user: root + vars_files: + - install_config/group_vars/HAL_TSGXNXR620G40R01P0906.yml + - install_config/group_vars/rpm_version.yml + roles: + - {role: tsg-os-provision, tags: tsg-os-provision} + - {role: container-tools-install, tags: container-tools-install} + - {role: telegraf_statistic, tags: telegraf_statistic} + + +- hosts: server + remote_user: root + vars_files: + - install_config/group_vars/rpm_version.yml + roles: + - {role: rpm_download, tags: rpm_download} diff --git a/ansible/install_config/group_vars/HAL_TSGXNXR620G40R01P0906.yml b/ansible/install_config/group_vars/HAL_TSGXNXR620G40R01P0906.yml new file mode 100644 index 00000000..71c726d4 --- /dev/null +++ b/ansible/install_config/group_vars/HAL_TSGXNXR620G40R01P0906.yml @@ -0,0 +1,62 @@ +control_and_policy: + nic_name: "{% raw %}{{ network_setting.nic_policy_log.name }}{% endraw %}" + +workload_zcpd: + cpu_affinity: "{% raw %}{{ workload_zcpd_cpu_affinity }}{% endraw %}" + hugepage_num_1G: 32 + +workload_firewall: + cpu_affinity: " " + worker_threads: 1 + send_only_threads_max: 0 + +workload_proxy: + enable_cpu_affinity: 0 + cpu_affinity: "{% raw %}{{ workload_proxy_cpu_affinity }}{% endraw %}" + worker_thread: "{% raw %}{{ workload_proxy_worker_thread }}{% endraw %}" + +dp_traffic_mirror: + nic_name: "{% raw %}{{ network_setting.nic_mirror.name }}{% endraw %}" + traffic_mirror_vlan_id: 0 + +dp_steering_firewall: + #deloyment value: mirror,inline, transparent. mirror = one arm + mirror, inline = one arm + series, transparent = two arm + series + deployment: inline + #encapsulation value: vlan, vxlan, raw, provision + encapsulation: vxlan + # capture_packet value: pcap, driver + capture_packet: driver + nic_internal: "{% raw %}{{ network_setting.nic_raw.name }}{% endraw %}" + enable_mirror: 1 + +dp_steering_proxy: + ###### location: value {local, foreign} + location: local + tun_mode: yes + node_list: + - nic_name: virtio_kni + +dp_certstore: + location: local + +dp_proxy: + nic_name_data_incoming: virtio_kni + mac_addr_data_incoming: 00:0e:c6:d6:72:c1 + enable_traffic_mirror: 1 + traffic_mirror_type: 1 + +prefix_path: + mrzcpd: /opt/tsg/mrzcpd + framework: /opt/tsg/framework + sapp: /opt/tsg/sapp + +monitor: + enable_redis_exporter: 0 + enable_ipmi_exporter: 0 + +diagnose: + virtual_server_nic: virtio_dign_s + virtual_client_nic: virtio_dign_c + +### TSG-server, TSG-7400-mcn0 TSG-7400-mcn123 TSG-9140 +runtime_env: TSG-X-P0906 \ No newline at end of file diff --git a/ansible/roles/OFED/tasks/main.yml b/ansible/roles/OFED/tasks/main.yml index 7543b084..aa5b2726 100644 --- a/ansible/roles/OFED/tasks/main.yml +++ b/ansible/roles/OFED/tasks/main.yml @@ -25,29 +25,29 @@ src: /tmp/OFED/MLNX_OFED_SRC-5.6-2.0.9.0.tgz dest: /tmp/OFED/unarchived/ remote_src: yes - when: runtime_env == 'TSG-X-P0804' + when: runtime_env == 'TSG-X-P0804' or runtime_env == 'TSG-X-P0906' - name: "Get linux kernel file path" shell: uname -r register: obtain_kernel_version - when: runtime_env == 'TSG-X-P0804' + when: runtime_env == 'TSG-X-P0804' or runtime_env == 'TSG-X-P0906' - name: "execute OFED installer" shell: /tmp/OFED/unarchived/MLNX_OFED_SRC-5.6-2.0.9.0/install.pl -k {{obtain_kernel_version.stdout}} --all --force environment: MAKEFLAGS : - when: runtime_env == 'TSG-X-P0804' + when: runtime_env == 'TSG-X-P0804' or runtime_env == 'TSG-X-P0906' - name: "unarchive MFT RPM" unarchive: src: /tmp/OFED/mft-4.20.0-34-x86_64-rpm.tgz dest: /tmp/OFED/unarchived/ remote_src: yes - when: runtime_env == 'TSG-X-P0804' + when: runtime_env == 'TSG-X-P0804' or runtime_env == 'TSG-X-P0906' - name: "execute MFT installer" shell: /tmp/OFED/unarchived/mft-4.20.0-34-x86_64-rpm/install.sh - when: runtime_env == 'TSG-X-P0804' + when: runtime_env == 'TSG-X-P0804' or runtime_env == 'TSG-X-P0906' ######TSG-X-P0804 install end ###### diff --git a/ansible/roles/certstore/tasks/main.yml b/ansible/roles/certstore/tasks/main.yml index 2e109e16..e1369f83 100644 --- a/ansible/roles/certstore/tasks/main.yml +++ b/ansible/roles/certstore/tasks/main.yml @@ -5,6 +5,15 @@ #- name: "Install certstore" # shell: rpm -i /tmp/rpm_download/{{ certstore_rpm_version.certstore }}* +- name: "download rpm packages: certstore" + yum: + name: + - "{{ certstore_rpm_version.certstore }}" + conf_file: "{{ rpm_repo_config_path }}" + state: present + download_only: yes + download_dir: "{{ path_download }}" + - name: "Get certstore rpm path" find: path: /tmp/rpm_download/ diff --git a/ansible/roles/container-tools-install/tasks/main.yml b/ansible/roles/container-tools-install/tasks/main.yml new file mode 100644 index 00000000..0cc75d2f --- /dev/null +++ b/ansible/roles/container-tools-install/tasks/main.yml @@ -0,0 +1,76 @@ +- name: "install ansible" + yum: + name: ansible + conf_file: "{{ rpm_repo_config_path }}" + state: present + when: PROFILE_ID == 'TSG-X-NXR620G40-R01-P0906-init' + +- name: "Generate ansiblg.cfg after ansible upgrade in rockylinux8" + shell: ansible-config init --disabled > /etc/ansible/ansible.cfg + when: PROFILE_ID == 'TSG-X-NXR620G40-R01-P0906-init' + +- name: 'change ansible hash_behaviour value replace to merge' + lineinfile: + path: /etc/ansible/ansible.cfg + backrefs: yes + regexp: "^(.*hash_behaviour.*=.*replace.*)$" + line: '\1\nhash_behaviour = merge' + when: PROFILE_ID == 'TSG-X-NXR620G40-R01-P0906-init' + +- name: 'install psutil' + shell: pip3 install -i https://pypi.tuna.tsinghua.edu.cn/simple psutil + when: PROFILE_ID == 'TSG-X-NXR620G40-R01-P0906-init' + +- name: "install tcpdump" + yum: + name: tcpdump + conf_file: "{{ rpm_repo_config_path }}" + state: present + +- name: "install numactl-libs" + yum: + name: numactl-libs + conf_file: "{{ rpm_repo_config_path }}" + state: present + +- name: "install iproute" + yum: + name: iproute + conf_file: "{{ rpm_repo_config_path }}" + state: present + +- name: "install iptables" + yum: + name: iptables + conf_file: "{{ rpm_repo_config_path }}" + state: present + +- name: "install procps" + yum: + name: procps + conf_file: "{{ rpm_repo_config_path }}" + state: present + +- name: "install net-tools" + yum: + name: net-tools + conf_file: "{{ rpm_repo_config_path }}" + state: present + +- name: "install ethtool" + yum: + name: ethtool + conf_file: "{{ rpm_repo_config_path }}" + state: present + +- name: "install gdb" + yum: + name: gdb + conf_file: "{{ rpm_repo_config_path }}" + state: present + +- name: "install ipmitool" + yum: + name: ipmitool + conf_file: "{{ rpm_repo_config_path }}" + state: present diff --git a/ansible/roles/exporter/tasks/main.yml b/ansible/roles/exporter/tasks/main.yml index b1c31303..a583c5b4 100644 --- a/ansible/roles/exporter/tasks/main.yml +++ b/ansible/roles/exporter/tasks/main.yml @@ -1,3 +1,14 @@ +- name: "download rpm packages: freeipmi" + yum: + name: "{{ item }}" + conf_file: "{{ rpm_repo_config_path }}" + state: latest + download_only: yes + download_dir: "{{ path_download }}" + with_items: + - freeipmi + - systemd-sysv + - name: "Get freeipmi rpm path" find: path: /tmp/rpm_download/ diff --git a/ansible/roles/firewall/tasks/main.yml b/ansible/roles/firewall/tasks/main.yml index 49854af8..32ad317d 100644 --- a/ansible/roles/firewall/tasks/main.yml +++ b/ansible/roles/firewall/tasks/main.yml @@ -1,4 +1,13 @@ --- +- name: "download rpm packages: firewall" + yum: + name: "{{ item.value }}" + conf_file: "{{ rpm_repo_config_path }}" + state: present + download_only: yes + download_dir: "{{ path_download }}" + with_dict: "{{ firewall_rpm_version }}" + - name: "Install firwall that are sapp plugins" shell: rpm -i /tmp/rpm_download/{{ item.value }}* --prefix {{ prefix_path.sapp }} with_dict: "{{ firewall_rpm_version }}" diff --git a/ansible/roles/framework/tasks/main.yml b/ansible/roles/framework/tasks/main.yml index 60b9c14a..ce577084 100644 --- a/ansible/roles/framework/tasks/main.yml +++ b/ansible/roles/framework/tasks/main.yml @@ -11,6 +11,15 @@ - rsyslog-kafka - librdkafka +- name: "download rpm packages: framework" + yum: + name: "{{ item.value }}" + state: present + conf_file: "{{ rpm_repo_config_path }}" + download_only: yes + download_dir: "{{ path_download }}" + with_dict: "{{ framework_rpm_version }}" + - name: "Install frameworks" shell: rpm -i /tmp/rpm_download/{{ item.value }}* --prefix {{ prefix_path.framework }} with_dict: "{{ framework_rpm_version }}" diff --git a/ansible/roles/hasp/tasks/main.yml b/ansible/roles/hasp/tasks/main.yml index aef92336..23a1b968 100644 --- a/ansible/roles/hasp/tasks/main.yml +++ b/ansible/roles/hasp/tasks/main.yml @@ -3,6 +3,15 @@ src: '{{ role_path }}/files/aksusbd-8.23-1.x86_64.rpm' dest: /tmp/ansible_deploy/ +- name: "download rpm packages: hasp_update" + yum: + name: + - "{{ hasp_update_rpm_version.hasp_update }}" + conf_file: "{{ rpm_repo_config_path }}" + state: present + download_only: yes + download_dir: "{{ path_download }}" + - name: "aksusbd rpm install: install aksusbd" yum: name: diff --git a/ansible/roles/http_healthcheck/tasks/main.yml b/ansible/roles/http_healthcheck/tasks/main.yml index 2f5994ab..c2a0b0c6 100644 --- a/ansible/roles/http_healthcheck/tasks/main.yml +++ b/ansible/roles/http_healthcheck/tasks/main.yml @@ -1,2 +1,10 @@ +- name: "download rpm packages: http_healthcheck" + yum: + name: "{{ http_healthcheck_rpm_version.http_healthcheck }}" + conf_file: "{{ rpm_repo_config_path }}" + state: present + download_only: yes + download_dir: "{{ path_download }}" + - name: "Install http_healthcheck that is sapp plugins" shell: rpm -i /tmp/rpm_download/{{ http_healthcheck_rpm_version.http_healthcheck }}* --prefix {{ prefix_path.sapp }} \ No newline at end of file diff --git a/ansible/roles/k3s-install/files/k3s b/ansible/roles/k3s-install/files/k3s new file mode 100644 index 00000000..ba018748 Binary files /dev/null and b/ansible/roles/k3s-install/files/k3s differ diff --git a/ansible/roles/k3s-install/files/k3s-install.sh b/ansible/roles/k3s-install/files/k3s-install.sh new file mode 100644 index 00000000..71cabbae --- /dev/null +++ b/ansible/roles/k3s-install/files/k3s-install.sh @@ -0,0 +1,969 @@ +#!/bin/sh +set -e +set -o noglob + +# Usage: +# curl ... | ENV_VAR=... sh - +# or +# ENV_VAR=... ./install.sh +# +# Example: +# Installing a server without traefik: +# curl ... | INSTALL_K3S_EXEC="--disable=traefik" sh - +# Installing an agent to point at a server: +# curl ... | K3S_TOKEN=xxx K3S_URL=https://server-url:6443 sh - +# +# Environment variables: +# - K3S_* +# Environment variables which begin with K3S_ will be preserved for the +# systemd service to use. Setting K3S_URL without explicitly setting +# a systemd exec command will default the command to "agent", and we +# enforce that K3S_TOKEN or K3S_CLUSTER_SECRET is also set. +# +# - INSTALL_K3S_SKIP_DOWNLOAD +# If set to true will not download k3s hash or binary. +# +# - INSTALL_K3S_FORCE_RESTART +# If set to true will always restart the K3s service +# +# - INSTALL_K3S_SYMLINK +# If set to 'skip' will not create symlinks, 'force' will overwrite, +# default will symlink if command does not exist in path. +# +# - INSTALL_K3S_SKIP_ENABLE +# If set to true will not enable or start k3s service. +# +# - INSTALL_K3S_SKIP_START +# If set to true will not start k3s service. +# +# - INSTALL_K3S_VERSION +# Version of k3s to download from github. Will attempt to download from the +# stable channel if not specified. +# +# - INSTALL_K3S_COMMIT +# Commit of k3s to download from temporary cloud storage. +# * (for developer & QA use) +# +# - INSTALL_K3S_BIN_DIR +# Directory to install k3s binary, links, and uninstall script to, or use +# /usr/local/bin as the default +# +# - INSTALL_K3S_BIN_DIR_READ_ONLY +# If set to true will not write files to INSTALL_K3S_BIN_DIR, forces +# setting INSTALL_K3S_SKIP_DOWNLOAD=true +# +# - INSTALL_K3S_SYSTEMD_DIR +# Directory to install systemd service and environment files to, or use +# /etc/systemd/system as the default +# +# - INSTALL_K3S_EXEC or script arguments +# Command with flags to use for launching k3s in the systemd service, if +# the command is not specified will default to "agent" if K3S_URL is set +# or "server" if not. The final systemd command resolves to a combination +# of EXEC and script args ($@). +# +# The following commands result in the same behavior: +# curl ... | INSTALL_K3S_EXEC="--disable=traefik" sh -s - +# curl ... | INSTALL_K3S_EXEC="server --disable=traefik" sh -s - +# curl ... | INSTALL_K3S_EXEC="server" sh -s - --disable=traefik +# curl ... | sh -s - server --disable=traefik +# curl ... | sh -s - --disable=traefik +# +# - INSTALL_K3S_NAME +# Name of systemd service to create, will default from the k3s exec command +# if not specified. If specified the name will be prefixed with 'k3s-'. +# +# - INSTALL_K3S_TYPE +# Type of systemd service to create, will default from the k3s exec command +# if not specified. +# +# - INSTALL_K3S_MIRROR +# For Chinese users, set INSTALL_K3S_MIRROR=cn to use the mirror address to accelerate +# k3s binary file download, and the default mirror address is mirror_k3s.rancher.cn +# +# - INSTALL_K3S_SELINUX_WARN +# If set to true will continue if k3s-selinux policy is not found. +# +# - INSTALL_K3S_SKIP_SELINUX_RPM +# If set to true will skip automatic installation of the k3s RPM. +# +# - INSTALL_K3S_CHANNEL_URL +# Channel URL for fetching k3s download URL. +# Defaults to 'https://update.k3s.io/v1-release/channels'. +# +# - INSTALL_K3S_CHANNEL +# Channel to use for fetching k3s download URL. +# Defaults to 'stable'. +# +# - INSTALL_K3S_REGISTRIES +# Setup a custom Registry or Mirror +# Defaults to null. + +GITHUB_URL=https://github.com/k3s-io/k3s/releases +STORAGE_URL=https://storage.googleapis.com/k3s-ci-builds +DOWNLOADER= +INSTALL_K3S_MIRROR_URL=${INSTALL_K3S_MIRROR_URL:-'https://rancher-mirror.rancher.cn'} + +# --- helper functions for logs --- +info() +{ + echo '[INFO] ' "$@" +} +warn() +{ + echo '[WARN] ' "$@" >&2 +} +fatal() +{ + echo '[ERROR] ' "$@" >&2 + exit 1 +} + +# --- fatal if no systemd or openrc --- +verify_system() { + if [ -x /sbin/openrc-run ]; then + HAS_OPENRC=true + return + fi + if [ -x /bin/systemctl ] || type systemctl > /dev/null 2>&1; then + HAS_SYSTEMD=true + return + fi + fatal 'Can not find systemd or openrc to use as a process supervisor for k3s' +} + +# --- add quotes to command arguments --- +quote() { + for arg in "$@"; do + printf '%s\n' "$arg" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/'/" + done +} + +# --- add indentation and trailing slash to quoted args --- +quote_indent() { + printf ' \\\n' + for arg in "$@"; do + printf '\t%s \\\n' "$(quote "$arg")" + done +} + +# --- escape most punctuation characters, except quotes, forward slash, and space --- +escape() { + printf '%s' "$@" | sed -e 's/\([][!#$%&()*;<=>?\_`{|}]\)/\\\1/g;' +} + +# --- escape double quotes --- +escape_dq() { + printf '%s' "$@" | sed -e 's/"/\\"/g' +} + +# --- ensures $K3S_URL is empty or begins with https://, exiting fatally otherwise --- +verify_k3s_url() { + case "${K3S_URL}" in + "") + ;; + https://*) + ;; + *) + fatal "Only https:// URLs are supported for K3S_URL (have ${K3S_URL})" + ;; + esac +} + +# --- Setup a custom Registry or Mirror +setup_registry() { + REGISTRIES_FILE="/etc/rancher/k3s/registries.yaml" + if [ "${INSTALL_K3S_REGISTRIES}" -a ! -f "$REGISTRIES_FILE" ]; then + INSTALL_K3S_REGISTRIES=`echo ${INSTALL_K3S_REGISTRIES} | awk '{gsub(/,/," "); print $0}'` + $SUDO mkdir -p `dirname $REGISTRIES_FILE` + $SUDO cat >> $REGISTRIES_FILE <> "$REGISTRIES_FILE" + done + fi +} + +# --- define needed environment variables --- +setup_env() { + # --- use command args if passed or create default --- + case "$1" in + # --- if we only have flags discover if command should be server or agent --- + (-*|"") + if [ -z "${K3S_URL}" ]; then + CMD_K3S=server + else + if [ -z "${K3S_TOKEN}" ] && [ -z "${K3S_TOKEN_FILE}" ] && [ -z "${K3S_CLUSTER_SECRET}" ]; then + fatal "Defaulted k3s exec command to 'agent' because K3S_URL is defined, but K3S_TOKEN, K3S_TOKEN_FILE or K3S_CLUSTER_SECRET is not defined." + fi + CMD_K3S=agent + fi + ;; + # --- command is provided --- + (*) + CMD_K3S=$1 + shift + ;; + esac + + verify_k3s_url + + CMD_K3S_EXEC="${CMD_K3S}$(quote_indent "$@")" + + # --- use systemd name if defined or create default --- + if [ -n "${INSTALL_K3S_NAME}" ]; then + SYSTEM_NAME=k3s-${INSTALL_K3S_NAME} + else + if [ "${CMD_K3S}" = server ]; then + SYSTEM_NAME=k3s + else + SYSTEM_NAME=k3s-${CMD_K3S} + fi + fi + + # --- check for invalid characters in system name --- + valid_chars=$(printf '%s' "${SYSTEM_NAME}" | sed -e 's/[][!#$%&()*;<=>?\_`{|}/[:space:]]/^/g;' ) + if [ "${SYSTEM_NAME}" != "${valid_chars}" ]; then + invalid_chars=$(printf '%s' "${valid_chars}" | sed -e 's/[^^]/ /g') + fatal "Invalid characters for system name: + ${SYSTEM_NAME} + ${invalid_chars}" + fi + + # --- use sudo if we are not already root --- + SUDO=sudo + if [ $(id -u) -eq 0 ]; then + SUDO= + fi + + # --- use systemd type if defined or create default --- + if [ -n "${INSTALL_K3S_TYPE}" ]; then + SYSTEMD_TYPE=${INSTALL_K3S_TYPE} + else + if [ "${CMD_K3S}" = server ]; then + SYSTEMD_TYPE=notify + else + SYSTEMD_TYPE=exec + fi + fi + + # --- use binary install directory if defined or create default --- + if [ -n "${INSTALL_K3S_BIN_DIR}" ]; then + BIN_DIR=${INSTALL_K3S_BIN_DIR} + else + # --- use /usr/local/bin if root can write to it, otherwise use /opt/bin if it exists + BIN_DIR=/usr/local/bin + if ! $SUDO sh -c "touch ${BIN_DIR}/k3s-ro-test && rm -rf ${BIN_DIR}/k3s-ro-test"; then + if [ -d /opt/bin ]; then + BIN_DIR=/opt/bin + fi + fi + fi + + # --- use systemd directory if defined or create default --- + if [ -n "${INSTALL_K3S_SYSTEMD_DIR}" ]; then + SYSTEMD_DIR="${INSTALL_K3S_SYSTEMD_DIR}" + else + SYSTEMD_DIR=/etc/systemd/system + fi + + # --- set related files from system name --- + SERVICE_K3S=${SYSTEM_NAME}.service + UNINSTALL_K3S_SH=${UNINSTALL_K3S_SH:-${BIN_DIR}/${SYSTEM_NAME}-uninstall.sh} + KILLALL_K3S_SH=${KILLALL_K3S_SH:-${BIN_DIR}/k3s-killall.sh} + + # --- use service or environment location depending on systemd/openrc --- + if [ "${HAS_SYSTEMD}" = true ]; then + FILE_K3S_SERVICE=${SYSTEMD_DIR}/${SERVICE_K3S} + FILE_K3S_ENV=${SYSTEMD_DIR}/${SERVICE_K3S}.env + elif [ "${HAS_OPENRC}" = true ]; then + $SUDO mkdir -p /etc/rancher/k3s + FILE_K3S_SERVICE=/etc/init.d/${SYSTEM_NAME} + FILE_K3S_ENV=/etc/rancher/k3s/${SYSTEM_NAME}.env + fi + + # --- get hash of config & exec for currently installed k3s --- + PRE_INSTALL_HASHES=$(get_installed_hashes) + + # --- if bin directory is read only skip download --- + if [ "${INSTALL_K3S_BIN_DIR_READ_ONLY}" = true ]; then + INSTALL_K3S_SKIP_DOWNLOAD=true + fi + + # --- setup channel values + if [ "${INSTALL_K3S_MIRROR}" = cn ]; then + INSTALL_K3S_CHANNEL_URL="${INSTALL_K3S_MIRROR_URL}/k3s/channels" + else + INSTALL_K3S_CHANNEL_URL=${INSTALL_K3S_CHANNEL_URL:-'https://update.k3s.io/v1-release/channels'} + fi + INSTALL_K3S_CHANNEL=${INSTALL_K3S_CHANNEL:-'stable'} +} + +# --- check if skip download environment variable set --- +can_skip_download() { + if [ "${INSTALL_K3S_SKIP_DOWNLOAD}" != true ]; then + return 1 + fi +} + +# --- verify an executable k3s binary is installed --- +verify_k3s_is_executable() { + if [ ! -x ${BIN_DIR}/k3s ]; then + fatal "Executable k3s binary not found at ${BIN_DIR}/k3s" + fi +} + +# --- set arch and suffix, fatal if architecture not supported --- +setup_verify_arch() { + if [ -z "$ARCH" ]; then + ARCH=$(uname -m) + fi + case $ARCH in + amd64) + ARCH=amd64 + SUFFIX= + ;; + x86_64) + ARCH=amd64 + SUFFIX= + ;; + arm64) + ARCH=arm64 + SUFFIX=-${ARCH} + ;; + s390x) + ARCH=s390x + SUFFIX=-${ARCH} + ;; + aarch64) + ARCH=arm64 + SUFFIX=-${ARCH} + ;; + arm*) + ARCH=arm + SUFFIX=-${ARCH}hf + ;; + *) + fatal "Unsupported architecture $ARCH" + esac +} + +# --- verify existence of network downloader executable --- +verify_downloader() { + # Return failure if it doesn't exist or is no executable + [ -x "$(command -v $1)" ] || return 1 + + # Set verified executable as our downloader program and return success + DOWNLOADER=$1 + return 0 +} + +# --- create temporary directory and cleanup when done --- +setup_tmp() { + TMP_DIR=$(mktemp -d -t k3s-install.XXXXXXXXXX) + TMP_HASH=${TMP_DIR}/k3s.hash + TMP_BIN=${TMP_DIR}/k3s.bin + cleanup() { + code=$? + set +e + trap - EXIT + rm -rf ${TMP_DIR} + exit $code + } + trap cleanup INT EXIT +} + +# --- use desired k3s version if defined or find version from channel --- +get_release_version() { + if [ -n "${INSTALL_K3S_COMMIT}" ]; then + VERSION_K3S="commit ${INSTALL_K3S_COMMIT}" + elif [ -n "${INSTALL_K3S_VERSION}" ]; then + VERSION_K3S=${INSTALL_K3S_VERSION} + else + info "Finding release for channel ${INSTALL_K3S_CHANNEL}" + version_url="${INSTALL_K3S_CHANNEL_URL}/${INSTALL_K3S_CHANNEL}" + case $DOWNLOADER in + curl) + if [ "${INSTALL_K3S_MIRROR}" = cn ]; then + VERSION_K3S=$(curl -s -S ${version_url}) + else + VERSION_K3S=$(curl -w '%{url_effective}' -L -s -S ${version_url} -o /dev/null | sed -e 's|.*/||') + fi + ;; + wget) + if [ "${INSTALL_K3S_MIRROR}" = cn ]; then + VERSION_K3S=$(wget -qO - ${version_url}) + else + VERSION_K3S=$(wget -SqO /dev/null ${version_url} 2>&1 | grep -i Location | sed -e 's|.*/||') + fi + ;; + *) + fatal "Incorrect downloader executable '$DOWNLOADER'" + ;; + esac + fi + info "Using ${VERSION_K3S} as release" +} + +# --- download from github url --- +download() { + [ $# -eq 2 ] || fatal 'download needs exactly 2 arguments' + + case $DOWNLOADER in + curl) + curl -o $1 -sfL $2 + ;; + wget) + wget -qO $1 $2 + ;; + *) + fatal "Incorrect executable '$DOWNLOADER'" + ;; + esac + + # Abort if download command failed + [ $? -eq 0 ] || fatal 'Download failed' +} + +# --- download hash from github url --- +download_hash() { + if [ -n "${INSTALL_K3S_COMMIT}" ]; then + HASH_URL=${STORAGE_URL}/k3s${SUFFIX}-${INSTALL_K3S_COMMIT}.sha256sum + elif [ "${INSTALL_K3S_MIRROR}" = cn ]; then + VERSION_K3S=$( echo ${VERSION_K3S} | sed 's/+/-/g' ) + HASH_URL=${INSTALL_K3S_MIRROR_URL}/k3s/${VERSION_K3S}/sha256sum-${ARCH}.txt + else + HASH_URL=${GITHUB_URL}/download/${VERSION_K3S}/sha256sum-${ARCH}.txt + fi + info "Downloading hash ${HASH_URL}" + download ${TMP_HASH} ${HASH_URL} + HASH_EXPECTED=$(grep " k3s${SUFFIX}$" ${TMP_HASH}) + HASH_EXPECTED=${HASH_EXPECTED%%[[:blank:]]*} +} + +# --- check hash against installed version --- +installed_hash_matches() { + if [ -x ${BIN_DIR}/k3s ]; then + HASH_INSTALLED=$(sha256sum ${BIN_DIR}/k3s) + HASH_INSTALLED=${HASH_INSTALLED%%[[:blank:]]*} + if [ "${HASH_EXPECTED}" = "${HASH_INSTALLED}" ]; then + return + fi + fi + return 1 +} + +# --- download binary from github url --- +download_binary() { + if [ -n "${INSTALL_K3S_COMMIT}" ]; then + BIN_URL=${STORAGE_URL}/k3s${SUFFIX}-${INSTALL_K3S_COMMIT} + elif [ "${INSTALL_K3S_MIRROR}" = cn ]; then + VERSION_K3S=$( echo ${VERSION_K3S} | sed 's/+/-/g' ) + BIN_URL=${INSTALL_K3S_MIRROR_URL}/k3s/${VERSION_K3S}/k3s${SUFFIX} + else + BIN_URL=${GITHUB_URL}/download/${VERSION_K3S}/k3s${SUFFIX} + fi + info "Downloading binary ${BIN_URL}" + download ${TMP_BIN} ${BIN_URL} +} + +# --- verify downloaded binary hash --- +verify_binary() { + info "Verifying binary download" + HASH_BIN=$(sha256sum ${TMP_BIN}) + HASH_BIN=${HASH_BIN%%[[:blank:]]*} + if [ "${HASH_EXPECTED}" != "${HASH_BIN}" ]; then + fatal "Download sha256 does not match ${HASH_EXPECTED}, got ${HASH_BIN}" + fi +} + +# --- setup permissions and move binary to system directory --- +setup_binary() { + chmod 755 ${TMP_BIN} + info "Installing k3s to ${BIN_DIR}/k3s" + $SUDO chown root:root ${TMP_BIN} + $SUDO mv -f ${TMP_BIN} ${BIN_DIR}/k3s +} + +# --- setup selinux policy --- +setup_selinux() { + case ${INSTALL_K3S_CHANNEL} in + *testing) + rpm_channel=testing + ;; + *latest) + rpm_channel=latest + ;; + *) + rpm_channel=stable + ;; + esac + + rpm_site="rpm.rancher.io" + if [ "${rpm_channel}" = "testing" ]; then + rpm_site="rpm-testing.rancher.io" + fi + + [ -r /etc/os-release ] && . /etc/os-release + if [ "${ID_LIKE%%[ ]*}" = "suse" ]; then + rpm_target=sle + rpm_site_infix=microos + package_installer=zypper + elif [ "${VERSION_ID%%.*}" = "7" ]; then + rpm_target=el7 + rpm_site_infix=centos/7 + package_installer=yum + else + rpm_target=el8 + rpm_site_infix=centos/8 + package_installer=yum + fi + + if [ "${package_installer}" = "yum" ] && [ -x /usr/bin/dnf ]; then + package_installer=dnf + fi + + policy_hint="please install: + ${package_installer} install -y container-selinux + ${package_installer} install -y https://${rpm_site}/k3s/${rpm_channel}/common/${rpm_site_infix}/noarch/k3s-selinux-0.4-1.${rpm_target}.noarch.rpm +" + + if [ "$INSTALL_K3S_SKIP_SELINUX_RPM" = true ] || can_skip_download || [ ! -d /usr/share/selinux ]; then + info "Skipping installation of SELinux RPM" + elif [ "${ID_LIKE:-}" != coreos ] && [ "${VARIANT_ID:-}" != coreos ]; then + install_selinux_rpm ${rpm_site} ${rpm_channel} ${rpm_target} ${rpm_site_infix} + fi + + policy_error=fatal + if [ "$INSTALL_K3S_SELINUX_WARN" = true ] || [ "${ID_LIKE:-}" = coreos ] || [ "${VARIANT_ID:-}" = coreos ]; then + policy_error=warn + fi + + if ! $SUDO chcon -u system_u -r object_r -t container_runtime_exec_t ${BIN_DIR}/k3s >/dev/null 2>&1; then + if $SUDO grep '^\s*SELINUX=enforcing' /etc/selinux/config >/dev/null 2>&1; then + $policy_error "Failed to apply container_runtime_exec_t to ${BIN_DIR}/k3s, ${policy_hint}" + fi + elif [ ! -f /usr/share/selinux/packages/k3s.pp ]; then + if [ -x /usr/sbin/transactional-update ]; then + warn "Please reboot your machine to activate the changes and avoid data loss." + else + $policy_error "Failed to find the k3s-selinux policy, ${policy_hint}" + fi + fi +} + +install_selinux_rpm() { + if [ -r /etc/redhat-release ] || [ -r /etc/centos-release ] || [ -r /etc/oracle-release ] || [ "${ID_LIKE%%[ ]*}" = "suse" ]; then + repodir=/etc/yum.repos.d + if [ -d /etc/zypp/repos.d ]; then + repodir=/etc/zypp/repos.d + fi + set +o noglob + $SUDO rm -f ${repodir}/rancher-k3s-common*.repo + set -o noglob + if [ -r /etc/redhat-release ] && [ "${3}" = "el7" ]; then + $SUDO yum install -y yum-utils + $SUDO yum-config-manager --enable rhel-7-server-extras-rpms + fi + $SUDO tee ${repodir}/rancher-k3s-common.repo >/dev/null << EOF +[rancher-k3s-common-${2}] +name=Rancher K3s Common (${2}) +baseurl=https://${1}/k3s/${2}/common/${4}/noarch +enabled=1 +gpgcheck=1 +repo_gpgcheck=0 +gpgkey=https://${1}/public.key +EOF + case ${3} in + sle) + rpm_installer="zypper --gpg-auto-import-keys" + if [ "${TRANSACTIONAL_UPDATE=false}" != "true" ] && [ -x /usr/sbin/transactional-update ]; then + rpm_installer="transactional-update --no-selfupdate -d run ${rpm_installer}" + : "${INSTALL_K3S_SKIP_START:=true}" + fi + ;; + *) + rpm_installer="yum" + ;; + esac + if [ "${rpm_installer}" = "yum" ] && [ -x /usr/bin/dnf ]; then + rpm_installer=dnf + fi + # shellcheck disable=SC2086 + $SUDO ${rpm_installer} install -y "k3s-selinux" + fi + return +} + +# --- download and verify k3s --- +download_and_verify() { + if can_skip_download; then + info 'Skipping k3s download and verify' + verify_k3s_is_executable + return + fi + + setup_verify_arch + verify_downloader curl || verify_downloader wget || fatal 'Can not find curl or wget for downloading files' + setup_tmp + get_release_version + download_hash + + if installed_hash_matches; then + info 'Skipping binary downloaded, installed k3s matches hash' + return + fi + + download_binary + verify_binary + setup_binary +} + +# --- add additional utility links --- +create_symlinks() { + [ "${INSTALL_K3S_BIN_DIR_READ_ONLY}" = true ] && return + [ "${INSTALL_K3S_SYMLINK}" = skip ] && return + + for cmd in kubectl crictl ctr; do + if [ ! -e ${BIN_DIR}/${cmd} ] || [ "${INSTALL_K3S_SYMLINK}" = force ]; then + which_cmd=$(command -v ${cmd} 2>/dev/null || true) + if [ -z "${which_cmd}" ] || [ "${INSTALL_K3S_SYMLINK}" = force ]; then + info "Creating ${BIN_DIR}/${cmd} symlink to k3s" + $SUDO ln -sf k3s ${BIN_DIR}/${cmd} + else + info "Skipping ${BIN_DIR}/${cmd} symlink to k3s, command exists in PATH at ${which_cmd}" + fi + else + info "Skipping ${BIN_DIR}/${cmd} symlink to k3s, already exists" + fi + done +} + +# --- create killall script --- +create_killall() { + [ "${INSTALL_K3S_BIN_DIR_READ_ONLY}" = true ] && return + info "Creating killall script ${KILLALL_K3S_SH}" + $SUDO tee ${KILLALL_K3S_SH} >/dev/null << \EOF +#!/bin/sh +[ $(id -u) -eq 0 ] || exec sudo $0 $@ + +for bin in /var/lib/rancher/k3s/data/**/bin/; do + [ -d $bin ] && export PATH=$PATH:$bin:$bin/aux +done + +set -x + +for service in /etc/systemd/system/k3s*.service; do + [ -s $service ] && systemctl stop $(basename $service) +done + +for service in /etc/init.d/k3s*; do + [ -x $service ] && $service stop +done + +pschildren() { + ps -e -o ppid= -o pid= | \ + sed -e 's/^\s*//g; s/\s\s*/\t/g;' | \ + grep -w "^$1" | \ + cut -f2 +} + +pstree() { + for pid in $@; do + echo $pid + for child in $(pschildren $pid); do + pstree $child + done + done +} + +killtree() { + kill -9 $( + { set +x; } 2>/dev/null; + pstree $@; + set -x; + ) 2>/dev/null +} + +getshims() { + ps -e -o pid= -o args= | sed -e 's/^ *//; s/\s\s*/\t/;' | grep -w 'k3s/data/[^/]*/bin/containerd-shim' | cut -f1 +} + +killtree $({ set +x; } 2>/dev/null; getshims; set -x) + +do_unmount_and_remove() { + set +x + while read -r _ path _; do + case "$path" in $1*) echo "$path" ;; esac + done < /proc/self/mounts | sort -r | xargs -r -t -n 1 sh -c 'umount "$0" && rm -rf "$0"' + set -x +} + +do_unmount_and_remove '/run/k3s' +do_unmount_and_remove '/var/lib/rancher/k3s' +do_unmount_and_remove '/var/lib/kubelet/pods' +do_unmount_and_remove '/var/lib/kubelet/plugins' +do_unmount_and_remove '/run/netns/cni-' + +# Remove CNI namespaces +ip netns show 2>/dev/null | grep cni- | xargs -r -t -n 1 ip netns delete + +# Delete network interface(s) that match 'master cni0' +ip link show 2>/dev/null | grep 'master cni0' | while read ignore iface ignore; do + iface=${iface%%@*} + [ -z "$iface" ] || ip link delete $iface +done +ip link delete cni0 +ip link delete flannel.1 +ip link delete flannel-v6.1 +rm -rf /var/lib/cni/ +iptables-save | grep -v KUBE- | grep -v CNI- | grep -v flannel | iptables-restore +ip6tables-save | grep -v KUBE- | grep -v CNI- | grep -v flannel | ip6tables-restore +EOF + $SUDO chmod 755 ${KILLALL_K3S_SH} + $SUDO chown root:root ${KILLALL_K3S_SH} +} + +# --- create uninstall script --- +create_uninstall() { + [ "${INSTALL_K3S_BIN_DIR_READ_ONLY}" = true ] && return + info "Creating uninstall script ${UNINSTALL_K3S_SH}" + $SUDO tee ${UNINSTALL_K3S_SH} >/dev/null << EOF +#!/bin/sh +set -x +[ \$(id -u) -eq 0 ] || exec sudo \$0 \$@ + +${KILLALL_K3S_SH} + +if command -v systemctl; then + systemctl disable ${SYSTEM_NAME} + systemctl reset-failed ${SYSTEM_NAME} + systemctl daemon-reload +fi +if command -v rc-update; then + rc-update delete ${SYSTEM_NAME} default +fi + +rm -f ${FILE_K3S_SERVICE} +rm -f ${FILE_K3S_ENV} + +remove_uninstall() { + rm -f ${UNINSTALL_K3S_SH} +} +trap remove_uninstall EXIT + +if (ls ${SYSTEMD_DIR}/k3s*.service || ls /etc/init.d/k3s*) >/dev/null 2>&1; then + set +x; echo 'Additional k3s services installed, skipping uninstall of k3s'; set -x + exit +fi + +for cmd in kubectl crictl ctr; do + if [ -L ${BIN_DIR}/\$cmd ]; then + rm -f ${BIN_DIR}/\$cmd + fi +done + +rm -rf /etc/rancher/k3s +rm -rf /run/k3s +rm -rf /run/flannel +rm -rf /var/lib/rancher/k3s +rm -rf /var/lib/kubelet +rm -f ${BIN_DIR}/k3s +rm -f ${KILLALL_K3S_SH} + +if type yum >/dev/null 2>&1; then + yum remove -y k3s-selinux + rm -f /etc/yum.repos.d/rancher-k3s-common*.repo +elif type zypper >/dev/null 2>&1; then + uninstall_cmd="zypper remove -y k3s-selinux" + if [ "\${TRANSACTIONAL_UPDATE=false}" != "true" ] && [ -x /usr/sbin/transactional-update ]; then + uninstall_cmd="transactional-update --no-selfupdate -d run \$uninstall_cmd" + fi + \$uninstall_cmd + rm -f /etc/zypp/repos.d/rancher-k3s-common*.repo +fi +EOF + $SUDO chmod 755 ${UNINSTALL_K3S_SH} + $SUDO chown root:root ${UNINSTALL_K3S_SH} +} + +# --- disable current service if loaded -- +systemd_disable() { + $SUDO systemctl disable ${SYSTEM_NAME} >/dev/null 2>&1 || true + $SUDO rm -f /etc/systemd/system/${SERVICE_K3S} || true + $SUDO rm -f /etc/systemd/system/${SERVICE_K3S}.env || true +} + +# --- capture current env and create file containing k3s_ variables --- +create_env_file() { + info "env: Creating environment file ${FILE_K3S_ENV}" + $SUDO touch ${FILE_K3S_ENV} + $SUDO chmod 0600 ${FILE_K3S_ENV} + sh -c export | while read x v; do echo $v; done | grep -E '^(K3S|CONTAINERD)_' | $SUDO tee ${FILE_K3S_ENV} >/dev/null + sh -c export | while read x v; do echo $v; done | grep -Ei '^(NO|HTTP|HTTPS)_PROXY' | $SUDO tee -a ${FILE_K3S_ENV} >/dev/null +} + +# --- write systemd service file --- +create_systemd_service_file() { + info "systemd: Creating service file ${FILE_K3S_SERVICE}" + $SUDO tee ${FILE_K3S_SERVICE} >/dev/null << EOF +[Unit] +Description=Lightweight Kubernetes +Documentation=https://k3s.io +Wants=network-online.target +After=network-online.target + +[Install] +WantedBy=multi-user.target + +[Service] +Type=${SYSTEMD_TYPE} +EnvironmentFile=-/etc/default/%N +EnvironmentFile=-/etc/sysconfig/%N +EnvironmentFile=-${FILE_K3S_ENV} +KillMode=process +Delegate=yes +# Having non-zero Limit*s causes performance problems due to accounting overhead +# in the kernel. We recommend using cgroups to do container-local accounting. +LimitNOFILE=1048576 +LimitNPROC=infinity +LimitCORE=infinity +TasksMax=infinity +TimeoutStartSec=0 +Restart=always +RestartSec=5s +ExecStartPre=/bin/sh -xc '! /usr/bin/systemctl is-enabled --quiet nm-cloud-setup.service' +ExecStartPre=-/sbin/modprobe br_netfilter +ExecStartPre=-/sbin/modprobe overlay +ExecStart=${BIN_DIR}/k3s \\ + ${CMD_K3S_EXEC} + +EOF +} + +# --- write openrc service file --- +create_openrc_service_file() { + LOG_FILE=/var/log/${SYSTEM_NAME}.log + + info "openrc: Creating service file ${FILE_K3S_SERVICE}" + $SUDO tee ${FILE_K3S_SERVICE} >/dev/null << EOF +#!/sbin/openrc-run + +depend() { + after network-online + want cgroups +} + +start_pre() { + rm -f /tmp/k3s.* +} + +supervisor=supervise-daemon +name=${SYSTEM_NAME} +command="${BIN_DIR}/k3s" +command_args="$(escape_dq "${CMD_K3S_EXEC}") + >>${LOG_FILE} 2>&1" + +output_log=${LOG_FILE} +error_log=${LOG_FILE} + +pidfile="/var/run/${SYSTEM_NAME}.pid" +respawn_delay=5 +respawn_max=0 + +set -o allexport +if [ -f /etc/environment ]; then source /etc/environment; fi +if [ -f ${FILE_K3S_ENV} ]; then source ${FILE_K3S_ENV}; fi +set +o allexport +EOF + $SUDO chmod 0755 ${FILE_K3S_SERVICE} + + $SUDO tee /etc/logrotate.d/${SYSTEM_NAME} >/dev/null << EOF +${LOG_FILE} { + missingok + notifempty + copytruncate +} +EOF +} + +# --- write systemd or openrc service file --- +create_service_file() { + [ "${HAS_SYSTEMD}" = true ] && create_systemd_service_file + [ "${HAS_OPENRC}" = true ] && create_openrc_service_file + return 0 +} + +# --- get hashes of the current k3s bin and service files +get_installed_hashes() { + $SUDO sha256sum ${BIN_DIR}/k3s ${FILE_K3S_SERVICE} ${FILE_K3S_ENV} 2>&1 || true +} + +# --- enable and start systemd service --- +systemd_enable() { + info "systemd: Enabling ${SYSTEM_NAME} unit" + $SUDO systemctl enable ${FILE_K3S_SERVICE} >/dev/null + $SUDO systemctl daemon-reload >/dev/null +} + +systemd_start() { + info "systemd: Starting ${SYSTEM_NAME}" + $SUDO systemctl restart ${SYSTEM_NAME} +} + +# --- enable and start openrc service --- +openrc_enable() { + info "openrc: Enabling ${SYSTEM_NAME} service for default runlevel" + $SUDO rc-update add ${SYSTEM_NAME} default >/dev/null +} + +openrc_start() { + info "openrc: Starting ${SYSTEM_NAME}" + $SUDO ${FILE_K3S_SERVICE} restart +} + +# --- startup systemd or openrc service --- +service_enable_and_start() { + if [ -f "/proc/cgroups" ] && [ "$(grep memory /proc/cgroups | while read -r n n n enabled; do echo $enabled; done)" -eq 0 ]; + then + info 'Failed to find memory cgroup, you may need to add "cgroup_memory=1 cgroup_enable=memory" to your linux cmdline (/boot/cmdline.txt on a Raspberry Pi)' + fi + + [ "${INSTALL_K3S_SKIP_ENABLE}" = true ] && return + + [ "${HAS_SYSTEMD}" = true ] && systemd_enable + [ "${HAS_OPENRC}" = true ] && openrc_enable + + [ "${INSTALL_K3S_SKIP_START}" = true ] && return + + POST_INSTALL_HASHES=$(get_installed_hashes) + if [ "${PRE_INSTALL_HASHES}" = "${POST_INSTALL_HASHES}" ] && [ "${INSTALL_K3S_FORCE_RESTART}" != true ]; then + info 'No change detected so skipping service start' + return + fi + + [ "${HAS_SYSTEMD}" = true ] && systemd_start + [ "${HAS_OPENRC}" = true ] && openrc_start + return 0 +} + +# --- re-evaluate args to include env command --- +eval set -- $(escape "${INSTALL_K3S_EXEC}") $(quote "$@") + +# --- run the install process -- +{ + verify_system + setup_env "$@" + download_and_verify + setup_selinux + create_symlinks + create_killall + create_uninstall + systemd_disable + create_env_file + create_service_file + service_enable_and_start +} \ No newline at end of file diff --git a/ansible/roles/k3s-install/files/k3s.sh b/ansible/roles/k3s-install/files/k3s.sh new file mode 100644 index 00000000..02efc415 --- /dev/null +++ b/ansible/roles/k3s-install/files/k3s.sh @@ -0,0 +1 @@ +export PATH=/usr/local/bin:$PATH diff --git a/ansible/roles/k3s-install/tasks/main.yml b/ansible/roles/k3s-install/tasks/main.yml new file mode 100644 index 00000000..7ae22875 --- /dev/null +++ b/ansible/roles/k3s-install/tasks/main.yml @@ -0,0 +1,25 @@ +- name: "prepare install k3s" + shell: sed -ie "s/SELINUX=.*/SELINUX=disabled/g" /etc/selinux/config + +#- name: "execute k3s install" +# shell: curl -sfL https://rancher-mirror.rancher.cn/k3s/k3s-install.sh | INSTALL_K3S_MIRROR=cn INSTALL_K3S_SKIP_ENABLE=true sh - +- name: "copy k3s to destination" + copy: + src: "{{ role_path }}/files/k3s" + dest: /usr/local/bin/ + mode: 0755 + +- name: "execute k3s install" + shell: curl -sfL https://get.k3s.io | INSTALL_K3S_SKIP_DOWNLOAD=true INSTALL_K3S_SKIP_ENABLE=true sh - + +- name: "enable k3s" + systemd: + name: k3s + enabled: yes + + +- name: "copy k3s.sh to destination" + copy: + src: "{{ role_path }}/files/k3s.sh" + dest: /etc/profile.d/ + mode: 0755 diff --git a/ansible/roles/kni/tasks/main.yml b/ansible/roles/kni/tasks/main.yml index 027727f2..179c5de1 100644 --- a/ansible/roles/kni/tasks/main.yml +++ b/ansible/roles/kni/tasks/main.yml @@ -1,4 +1,12 @@ --- +- name: "download rpm packages: kni" + yum: + name: + - "{{ kni_rpm_version.kni }}" + conf_file: "{{ rpm_repo_config_path }}" + state: present + download_only: yes + download_dir: "{{ path_download }}" - name: "Install kni that is sapp plugin with prefix option" shell: rpm -i /tmp/rpm_download/{{ kni_rpm_version.kni }}* --prefix {{ prefix_path.sapp }} @@ -8,11 +16,11 @@ src: "{{ role_path }}/templates/kni.conf.j2" dest: /opt/tsg/sapp/etc/kni/kni.conf tags: template - when: runtime_env != 'TSG-X-P0804' + when: runtime_env != 'TSG-X-P0804' and runtime_env != 'TSG-X-P0906' - name: Template the kni.conf template: src: "{{ role_path }}/templates/kni.conf.j2" dest: /opt/tsg/tsg-os-provision/templates/kni.conf.j2 tags: template - when: runtime_env == 'TSG-X-P0804' + when: runtime_env == 'TSG-X-P0804' or runtime_env == 'TSG-X-P0906' diff --git a/ansible/roles/kni/templates/kni.conf.j2 b/ansible/roles/kni/templates/kni.conf.j2 index 84170412..68d14907 100644 --- a/ansible/roles/kni/templates/kni.conf.j2 +++ b/ansible/roles/kni/templates/kni.conf.j2 @@ -8,7 +8,11 @@ tfe_node_count = 1 tfe_node_count = {{ dp_steering_proxy.node_count }} {% endif %} manage_eth = {{ control_and_policy.nic_name }} +{% if dp_steering_proxy.tun_mode is defined %} +deploy_mode = tun +{% else %} deploy_mode = normal +{% endif %} tun_name = tun_kni src_mac_addr = 00:0e:c6:d6:72:c1 dst_mac_addr = fe:65:b7:03:50:bd diff --git a/ansible/roles/mrzcpd/tasks/main.yml b/ansible/roles/mrzcpd/tasks/main.yml index 1e84c3e4..84bc2224 100644 --- a/ansible/roles/mrzcpd/tasks/main.yml +++ b/ansible/roles/mrzcpd/tasks/main.yml @@ -1,4 +1,12 @@ --- +- name: "download rpm packages: mrzcpd" + yum: + name: "{{ mrzcpd_rpm_version.mrzcpd }}" + conf_file: "{{ rpm_repo_config_path }}" + state: present + download_only: yes + download_dir: "{{ path_download }}" + - name: "Install mrzcpd rpm package" shell: rpm -i /tmp/rpm_download/{{ mrzcpd_rpm_version.mrzcpd }}* --prefix {{ prefix_path.mrzcpd }} @@ -89,7 +97,7 @@ src: "{{ role_path }}/templates/mrglobal.conf.j2.j2.TSGXNXR620G40R01P0804" dest: /opt/tsg/tsg-os-provision/templates/mrglobal.conf.j2 when: - - runtime_env == 'TSG-X-P0804' + - runtime_env == 'TSG-X-P0804' or runtime_env == 'TSG-X-P0906' - name: "replace action: replace service WantedBy from multi-user.target to workload.target" replace: diff --git a/ansible/roles/mrzcpd/templates/mrglobal.conf.j2.j2.TSGXNXR620G40R01P0804 b/ansible/roles/mrzcpd/templates/mrglobal.conf.j2.j2.TSGXNXR620G40R01P0804 index d118b88c..872ef3d9 100644 --- a/ansible/roles/mrzcpd/templates/mrglobal.conf.j2.j2.TSGXNXR620G40R01P0804 +++ b/ansible/roles/mrzcpd/templates/mrglobal.conf.j2.j2.TSGXNXR620G40R01P0804 @@ -72,4 +72,11 @@ create_mode=3 sz_direct_pktmbuf=4194304 sz_indirect_pktmbuf=8192 sz_cache=256 -sz_data=4096 \ No newline at end of file +sz_data=4096 + +{% if runtime_env == 'TSG-X-P0906' %} +[ctrlmsg] +listen_addr={% raw %}{{ ansible_cni0.ipv4.address }} +{% endraw %} +listen_port=46789 +{% endif %} \ No newline at end of file diff --git a/ansible/roles/sapp/tasks/main.yml b/ansible/roles/sapp/tasks/main.yml index 3785de0e..c63ce749 100644 --- a/ansible/roles/sapp/tasks/main.yml +++ b/ansible/roles/sapp/tasks/main.yml @@ -1,4 +1,12 @@ --- +- name: "download rpm packages: sapp and tcpdump_mesa" + yum: + name: "{{ item.value }}" + conf_file: "{{ rpm_repo_config_path }}" + state: present + download_only: yes + download_dir: "{{ path_download }}" + with_dict: "{{ sapp_rpm_version }}" - name: "Create directory /opt/tsg/framework and /opt/tsg/sapp if they not exist" file: @@ -56,14 +64,14 @@ src: "{{ role_path }}/templates/send_raw_pkt.conf.j2" dest: /opt/tsg/sapp/etc/send_raw_pkt.conf tags: template - when: runtime_env != 'TSG-X-P1403' and runtime_env != 'TSG-X-P0804' + when: runtime_env != 'TSG-X-P1403' and runtime_env != 'TSG-X-P0804' and runtime_env != 'TSG-X-P0906' - name: Template the send_raw_pkt.conf template: src: "{{ role_path }}/templates/send_raw_pkt.conf.j2" dest: /opt/tsg/tsg-os-provision/templates/send_raw_pkt.conf.j2 tags: template - when: runtime_env == 'TSG-X-P1403' or runtime_env == 'TSG-X-P0804' + when: runtime_env == 'TSG-X-P1403' or runtime_env == 'TSG-X-P0804' or runtime_env == 'TSG-X-P0906' - name: Template the conflist.inf - tsg_server template: @@ -111,7 +119,7 @@ dest: /opt/tsg/sapp/etc/vlan_flipping_map.conf tags: template when: - - runtime_env == 'TSG-X-P1403' or runtime_env == 'TSG-X-P0804' + - runtime_env == 'TSG-X-P1403' or runtime_env == 'TSG-X-P0804' or runtime_env == 'TSG-X-P0906' - name: Template the sapp_log.conf template: diff --git a/ansible/roles/system-init/tasks/main.yml b/ansible/roles/system-init/tasks/main.yml index dc599c50..81834ea7 100644 --- a/ansible/roles/system-init/tasks/main.yml +++ b/ansible/roles/system-init/tasks/main.yml @@ -61,7 +61,7 @@ - name: "update initramfs" shell: dracut --force -v /boot/initramfs-5.4.159-1.el7.elrepo.x86_64.img 5.4.159-1.el7.elrepo.x86_64 - when: runtime_env != 'TSG-X-P1403' and runtime_env != 'TSG-X-P0804' + when: runtime_env != 'TSG-X-P1403' and runtime_env != 'TSG-X-P0804' and runtime_env != 'TSG-X-P0906' - name: "Export MLX5_GLUE_PATH" lineinfile: @@ -70,7 +70,7 @@ - name: "Generate ansiblg.cfg after ansible upgrade in rockylinux8" shell: ansible-config init --disabled > /etc/ansible/ansible.cfg - when: runtime_env == 'TSG-X-P0804' + when: runtime_env == 'TSG-X-P0804' or runtime_env == 'TSG-X-P0906' - name: 'change ansible hash_behaviour value replace to merge' lineinfile: @@ -78,3 +78,14 @@ backrefs: yes regexp: "^(.*hash_behaviour.*=.*replace.*)$" line: '\1\nhash_behaviour = merge' + +- name: 'install psutil' + shell: pip3.8 install -i https://pypi.tuna.tsinghua.edu.cn/simple psutil + when: runtime_env == 'TSG-X-P0804' or runtime_env == 'TSG-X-P0906' + +- name: "add sudo secure_path" + lineinfile: + path: /etc/sudoers + backrefs: yes + regexp: "^(.*Defaults secure_path =.*)$" + line: '\1:/opt/tsg/tsg-os-provision' diff --git a/ansible/roles/tfe/tasks/main.yml b/ansible/roles/tfe/tasks/main.yml index 52fc7239..632eec4d 100644 --- a/ansible/roles/tfe/tasks/main.yml +++ b/ansible/roles/tfe/tasks/main.yml @@ -1,4 +1,13 @@ --- +- name: "download rpm packages: tfe" + yum: + name: "{{ item.value }}" + conf_file: "{{ rpm_repo_config_path }}" + state: present + download_only: yes + download_dir: "{{ path_download }}" + with_dict: "{{ tfe_rpm_version }}" + - name: "copy tfe program to destination server" copy: src: "{{ role_path }}/files/" @@ -110,7 +119,17 @@ src: "{{ role_path }}/files/service_override_Requires.conf" dest: "/usr/lib/systemd/system/tfe-env.service.d/" mode: 0644 - when: runtime_env == 'TSG-X-P0804' + when: runtime_env == 'TSG-X-P0804' or runtime_env == 'TSG-X-P0906' + +- name: "template tfe-env shell to dest" + template: + src: "{{ role_path }}/templates/{{ item.src }}" + dest: "/opt/tsg/tfe/{{ item.dest }}" + mode: 0755 + when: runtime_env == 'TSG-X-P0906' + with_items: + - {src: "tfe-env-start.sh.j2", dest: "tfe-env-start.sh" } + - {src: "tfe-env-stop.sh.j2", dest: "tfe-env-stop.sh" } ##################### tfe ##################### - name: "systemctl daemon-reload" diff --git a/ansible/roles/tfe/templates/tfe-env-start.sh.j2 b/ansible/roles/tfe/templates/tfe-env-start.sh.j2 new file mode 100644 index 00000000..3b47fffa --- /dev/null +++ b/ansible/roles/tfe/templates/tfe-env-start.sh.j2 @@ -0,0 +1,22 @@ +#!/bin/bash -ex + +/usr/sbin/ip link set tun_kni address fe:65:b7:03:50:bd +/usr/sbin/ip link set tun_kni up +/usr/sbin/ip addr flush dev tun_kni +/usr/sbin/ip addr add 172.16.241.2/30 dev tun_kni +/usr/sbin/ip neigh flush dev tun_kni +/usr/sbin/ip neigh add 172.16.241.1 lladdr 00:0e:c6:d6:72:c1 dev tun_kni nud permanent +/usr/sbin/ip6tables -A INPUT -i tun_kni -m bpf --bytecode '17,48 0 0 0,84 0 0 240,21 0 13 96,48 0 0 6,21 0 11 6,40 0 0 4,37 0 9 24,48 0 0 52,84 0 0 240,116 0 0 2,53 0 5 24,48 0 0 60,21 0 3 88,48 0 0 61,21 0 1 4,6 0 0 65535,6 0 0 0' -j NFQUEUE --queue-num 1 +/usr/sbin/iptables -A INPUT -i tun_kni -m bpf --bytecode '18,48 0 0 0,84 0 0 240,21 0 14 64,48 0 0 9,21 0 12 6,40 0 0 6,69 10 0 8191,177 0 0 0,80 0 0 12,84 0 0 240,116 0 0 2,53 0 5 24,80 0 0 20,21 0 3 88,80 0 0 21,21 0 1 4,6 0 0 65535,6 0 0 0' -j NFQUEUE --queue-num 1 + + +/usr/sbin/ip rule add iif tun_kni tab 100 +/usr/sbin/ip route add local default dev lo table 100 +/usr/sbin/ip rule add fwmark 0x65 lookup 101 +/usr/sbin/ip route add default dev tun_kni via 172.16.241.1 table 101 + +/usr/sbin/ip addr add fd00::02/64 dev tun_kni +/usr/sbin/ip -6 route add default via fd00::01 +/usr/sbin/ip -6 rule add iif tun_kni tab 102 +/usr/sbin/ip -6 route add local default dev lo table 102 +/usr/sbin/ip -6 neigh add fd00::01 lladdr 00:0e:c6:d6:72:c1 dev tun_kni nud permanent diff --git a/ansible/roles/tfe/templates/tfe-env-stop.sh.j2 b/ansible/roles/tfe/templates/tfe-env-stop.sh.j2 new file mode 100644 index 00000000..d0052e35 --- /dev/null +++ b/ansible/roles/tfe/templates/tfe-env-stop.sh.j2 @@ -0,0 +1,12 @@ +#!/bin/bash -ex +/usr/sbin/ip6tables -D INPUT -i tun_kni -m bpf --bytecode '17,48 0 0 0,84 0 0 240,21 0 13 96,48 0 0 6,21 0 11 6,40 0 0 4,37 0 9 24,48 0 0 52,84 0 0 240,116 0 0 2,53 0 5 24,48 0 0 60,21 0 3 88,48 0 0 61,21 0 1 4,6 0 0 65535,6 0 0 0' -j NFQUEUE --queue-num 1 +/usr/sbin/iptables -D INPUT -i tun_kni -m bpf --bytecode '18,48 0 0 0,84 0 0 240,21 0 14 64,48 0 0 9,21 0 12 6,40 0 0 6,69 10 0 8191,177 0 0 0,80 0 0 12,84 0 0 240,116 0 0 2,53 0 5 24,80 0 0 20,21 0 3 88,80 0 0 21,21 0 1 4,6 0 0 65535,6 0 0 0' -j NFQUEUE --queue-num 1 +/usr/sbin/ip rule del iif tun_kni tab 100 +/usr/sbin/ip route del local default dev lo table 100 +/usr/sbin/ip rule del fwmark 0x65 lookup 101 +/usr/sbin/ip route del default dev tun_kni via 172.16.241.1 table 101 +/usr/sbin/ip -6 rule del iif tun_kni tab 102 +/usr/sbin/ip -6 route del default via fd00::01 +/usr/sbin/ip -6 route del local default dev lo table 102 +/usr/sbin/ip addr del fd00::02/64 dev tun_kni +/usr/sbin/ip link set tun_kni down diff --git a/ansible/roles/tsg-diagnose/tasks/main.yml b/ansible/roles/tsg-diagnose/tasks/main.yml index 276fdab9..57b800c8 100644 --- a/ansible/roles/tsg-diagnose/tasks/main.yml +++ b/ansible/roles/tsg-diagnose/tasks/main.yml @@ -1,6 +1,15 @@ #- name: "Install tsg-diagnose" # shell: rpm -i /tmp/rpm_download/{{ tsg_diagnose_rpm_version.tsg_diagnose }}* # +- name: "download rpm packages: tsg-diagnose" + yum: + name: + - "{{ tsg_diagnose_rpm_version.tsg_diagnose }}" + conf_file: "{{ rpm_repo_config_path }}" + state: present + download_only: yes + download_dir: "{{ path_download }}" + - name: "Get tsg_diagnose rpm path" find: path: /tmp/rpm_download/ diff --git a/ansible/roles/tsg-os-provision-condition/tasks/main.yml b/ansible/roles/tsg-os-provision-condition/tasks/main.yml index adeec6a1..e8a6c509 100644 --- a/ansible/roles/tsg-os-provision-condition/tasks/main.yml +++ b/ansible/roles/tsg-os-provision-condition/tasks/main.yml @@ -77,3 +77,17 @@ - tfe-env - tfe when: runtime_env == 'TSG-X-P0804' + +- name: "add condition into service depend provision result TSG-X-P0906" + copy: + src: "{{ role_path }}/files/service_add_ConditionPathExists.conf" + dest: "/usr/lib/systemd/system/{{ item }}.service.d/" + mode: 0644 + with_items: + - mrapm_device + - mrapm_stream + - mrenv + - mrzcpd + - telegraf_statistic + - tsg-traffic-engine + when: runtime_env == 'TSG-X-P0906' diff --git a/ansible/roles/tsg-os-provision/files/service/tsg-os-provision.service.TSGXP0906 b/ansible/roles/tsg-os-provision/files/service/tsg-os-provision.service.TSGXP0906 new file mode 100644 index 00000000..034090fe --- /dev/null +++ b/ansible/roles/tsg-os-provision/files/service/tsg-os-provision.service.TSGXP0906 @@ -0,0 +1,13 @@ +[Unit] +Description=Tsg os provision +DefaultDependencies=no +Conflicts=shutdown.target +After=local-fs.target +Before=sysinit.target shutdown.target systemd-update-done.service +ConditionNeedsUpdate=|/etc +ConditionFileNotEmpty=|/usr + +[Service] +ExecStart=/bin/sh -c "/opt/tsg/tsg-os-provision/scripts/provision.sh 0" +Type=oneshot +RemainAfterExit=yes \ No newline at end of file diff --git a/ansible/roles/tsg-os-provision/files/tasks/provision.yml.TSGXNXR620G40R01P0906 b/ansible/roles/tsg-os-provision/files/tasks/provision.yml.TSGXNXR620G40R01P0906 new file mode 100644 index 00000000..f0eb1608 --- /dev/null +++ b/ansible/roles/tsg-os-provision/files/tasks/provision.yml.TSGXNXR620G40R01P0906 @@ -0,0 +1,241 @@ +--- +- hosts: provision + tasks: + - name: Load default config file variable + include_vars: + file: /opt/tsg/tsg-os-provision/provision.default.yml + + - name: Load general config file variable + include_vars: + file: /data/tsg-os-provision/provision.yml + + - name: Load provision.yml.d config file variable + include_vars: + dir: /data/tsg-os-provision/provision.yml.d/ + ignore_unknown_extensions: yes + extensions: + - 'yml' + - 'yaml' + +######setting cpu affinity start###### + - name: obtain cpu layout info + set_fact: + cpu_layout_obtained: "{{ item }}" + loop: "{{ cpu_layouts }}" + when: + - ansible_facts.processor[2] is search(item.match.model_name) + - ansible_facts.processor_count == item.match.sockets + + - name: set cpu affinity variable + set_fact: + workload_firewall_cpu_affinity: "{{ cpu_layout_obtained.sapp_affinity | join(',') }}" + workload_zcpd_cpu_affinity: "{{ cpu_layout_obtained.mrzcpd_affinity | join(',')}}" + workload_firewall_worker_threads: "{{ cpu_layout_obtained.sapp_affinity | length }}" + workload_proxy_cpu_affinity: "{{ cpu_layout_obtained.tfe_affinity | join(',') }}" + workload_proxy_worker_thread: "{{ cpu_layout_obtained.tfe_affinity | length | int - 1 }}" + + - name: "tsg-os-provision: rewrite sapp_cpu_affinity and sapp_worker_threads" + set_fact: + workload_firewall_cpu_affinity: "{{ (cpu_layout_obtained.sapp_affinity + cpu_layout_obtained.tfe_affinity) | join(',') }}" + workload_firewall_worker_threads: "{{ (cpu_layout_obtained.sapp_affinity + cpu_layout_obtained.tfe_affinity) | length }}" + when: proxy.enable == 0 + +######setting cpu affinity end###### + +######setting nic cpu affinity mask start###### + - name: output cpu_layouts config to config .cpu_layouts.json + copy: + content: "{{ cpu_layouts| to_json }}" + dest: /opt/tsg/tsg-os-provision/.cpu_layouts.json + + - name: "tsg-os-provision: obtain rps_mask" + shell: /opt/tsg/tsg-os-provision/scripts/obtain_rps_mask.py + register: result_exec_obtain_rps_mask + + - name: "tsg-os-provision: check result_exec_obtain_rps_mask" + assert: + that: + - result_exec_obtain_rps_mask.rc == 0 + - result_exec_obtain_rps_mask.failed == False + fail_msg: "error:{{ result_exec_obtain_rps_mask.stderr }},stdout:{{ result_exec_obtain_rps_mask.stdout_lines }}" + success_msg: "Successded: obtain rpm mask" + + - name: "set rps_mask into tfe-env-config" + set_fact: + tfe_env_rps_info: "{{ result_exec_obtain_rps_mask.stdout | from_json }}" + + - name: "output tfe_env_rps_info" + debug: + msg: "{{ tfe_env_rps_info }}" + +######setting nic cpu affinity mask end###### + +######get isolate cpu core start###### + - name: redirect proxy config to config .proxy.json + copy: + content: "{{ proxy | to_json }}" + dest: /opt/tsg/tsg-os-provision/.proxy.json + + - name: "tsg-os-provision: execute obtain_isolate_cpu_range.py" + shell: /opt/tsg/tsg-os-provision/scripts/obtain_isolate_cpu_range.py + register: result_exec_obtain_isolate_cpu_range + + - name: "tsg-os-provision: check result_exec_obtain_isolate_cpu_range" + assert: + that: + - result_exec_obtain_isolate_cpu_range.rc == 0 + - result_exec_obtain_isolate_cpu_range.failed == False + fail_msg: "error:{{ result_exec_obtain_isolate_cpu_range.stderr }},stdout:{{ result_exec_obtain_isolate_cpu_range.stdout_lines }}" + success_msg: "Successded: obtain isolate cpu range" + + - name: "set fact grub_cpu_isolate" + set_fact: + grub_cpu_isolate: "{{ result_exec_obtain_isolate_cpu_range.stdout }}" + +######get isolate cpu core end###### + + - name: get /proc/cmdline + shell: cat /proc/cmdline + register: result_exec_cat_cmdline + + - name: need to reboot + fail: + msg: "Detected that the configuration of cpu isolate has changed, please run command \"provision-config-apply --reboot\" to reboot the machine that make the configuration take effect!" + when: + - result_exec_cat_cmdline is not search(grub_cpu_isolate) + - enable_config_apply != '2' + + - name: "set keep_alive_ip" + set_fact: + gdev_conf_keep_alive_ip: "{{ etherfabric_settings.keepalive.ip }}" + + - name: "set cm_policy_server_ip and cm_policy_server_port" + set_fact: + cm_policy_server_ip: "{{cm.policy_server.address}}" + cm_policy_server_port: "{{ cm.policy_server.port }}" + + - name: "tsg-os-provision: execute obtain policy_and_log nic ip address" + shell: ip addr show {{ network_setting.nic_policy_log.name }} | grep "inet " | awk '{ print $2 }' | awk -F "/" '{ print $1 }' + register: result_exec_obtain_policy_and_log_nic_ip + + - name: "tsg-os-provision: check result_exec_obtain_policy_and_log_nic_ip" + assert: + that: + - result_exec_obtain_policy_and_log_nic_ip.rc == 0 + - result_exec_obtain_policy_and_log_nic_ip.failed == False + fail_msg: "error:{{ result_exec_obtain_policy_and_log_nic_ip.stderr }},stdout:{{ result_exec_obtain_policy_and_log_nic_ip.stdout_lines }}" + success_msg: "Successded: obtain policy_and_log nic ip address" + + - name: "set fact policy_and_log_nic_ip" + set_fact: + policy_and_log_nic_ip: "{{ result_exec_obtain_policy_and_log_nic_ip.stdout }}" + + - name: redirect proxy config to config policy_and_log_nic_ip + copy: + content: "policy_and_log_nic_ip: {{ policy_and_log_nic_ip }}" + dest: /opt/tsg/tsg-os-provision/.policy_and_log_nic_ip.yaml + + - name: "replace action: grub config isolate cpu" + replace: + path: "{{ item }}" + regexp: 'isolcpus=\d+-+\d+' + replace: 'isolcpus={{grub_cpu_isolate}}' + with_items: + - /boot/grub/grub.cfg + - /etc/grub.d/40_onie_grub + + - name: "tsg-os-provision: template mrglobal.conf file" + template: + src: "../templates/mrglobal.conf.j2" + dest: /opt/tsg/mrzcpd/etc/mrglobal.conf + tags: mrzcpd + + - name: "tsg-os-provision: template tsg_workload_resource.yml file" + template: + src: "../templates/tsg_workload_resource.yml.j2" + dest: /opt/tsg/vsys1/workload_resource/tsg_workload_resource.yml + tags: vsys1 + + - name: "mkdir /opt/tsg/etc/" + file: + path: /opt/tsg/etc + state: directory + + - name: "tsg-os-provision: obtain sn and write sn to tsg_sn.json" + shell: /opt/tsg/tsg-os-provision/scripts/obtain_sn.sh + register: result_exec_obtain_sn_and_write_sn_in_file + + - name: "tsg-os-provision: check result_exec_obtain_sn_and_write_sn_in_file" + assert: + that: + - result_exec_obtain_sn_and_write_sn_in_file.rc == 0 + - result_exec_obtain_sn_and_write_sn_in_file.failed == False + fail_msg: "error:{{ result_exec_obtain_sn_and_write_sn_in_file.stderr }},stdout:{{ result_exec_obtain_sn_and_write_sn_in_file.stdout_lines }}" + success_msg: "Successded: obtain the sn and write sn into tsg_sn.json" + + - name: "tsg-os-provision: template the tsg_device_tag" + template: + src: "../templates/tsg_device_tag.json.j2" + dest: /opt/tsg/etc/tsg_device_tag.json + tags: tsg_device_tag + + - name: 'tsg-os-provision: execute command - systemctl daemon-reload' + systemd: + daemon_reload: yes + + - name: "tsg-os-provision: coredump setup override - mkdir" + file: + path: /usr/lib/systemd/coredump.conf.d/ + state: directory + + - name: "tsg-os-provision: coredump setup override - override" + template: + src: "../templates/coredump_setup_override.conf.j2" + dest: /usr/lib/systemd/coredump.conf.d/coredump_setup_override.conf + + - name: "tsg-os-provision: snapshot the stage2 config files" + copy: + src: /data/tsg-os-provision/provision.yml + dest: /data/tsg-os-provision/provision.yml.snapshot + +# - name: load tsg images +# shell: /opt/tsg/vsys1/scripts/tsg-traffic-image-load.sh + + - name: add porvision successed sign + file: + path: /data/tsg-os-provision/.provision_succeeded + state: touch + + - name: "tsg-os-provision: restart mrenv" + systemd: + name: mrenv + state: restarted + when: enable_config_apply == '1' + + - name: "tsg-os-provision: restart mrzcpd" + systemd: + name: mrzcpd + state: restarted + when: enable_config_apply == '1' + + - name: "tsg-os-provision: restart mrapm_device" + systemd: + name: mrapm_device + state: restarted + when: enable_config_apply == '1' + + - name: "tsg-os-provision: restart mrapm_stream" + systemd: + name: mrapm_stream + state: restarted + when: enable_config_apply == '1' + + - name: exec image load + shell: /opt/tsg/vsys1/scripts/tsg-traffic-image-load.sh + when: enable_config_apply == '1' + + - name: "tsg-os-provision: restart tsg-traffic-engine" + systemd: + name: tsg-traffic-engine + state: restarted + when: enable_config_apply == '1' \ No newline at end of file diff --git a/ansible/roles/tsg-os-provision/files/tasks/provision.yml.TSGXNXR620G40R01P0906-init b/ansible/roles/tsg-os-provision/files/tasks/provision.yml.TSGXNXR620G40R01P0906-init new file mode 100644 index 00000000..2e0e4ae5 --- /dev/null +++ b/ansible/roles/tsg-os-provision/files/tasks/provision.yml.TSGXNXR620G40R01P0906-init @@ -0,0 +1,218 @@ +--- +- hosts: provision + tasks: + - name: Load default config file variable + include_vars: + file: /opt/tsg/tsg-os-provision/provision.default.yml + + - name: Load general config file variable + include_vars: + file: /data/tsg-os-provision/provision.yml + + - name: Load specified file variable + include_vars: + file: /data/tsg-os-provision/.policy_and_log_nic_ip.yaml + +######setting cpu affinity start###### + - name: obtain cpu layout info + set_fact: + cpu_layout_obtained: "{{ item }}" + loop: "{{ cpu_layouts }}" + when: + - ansible_facts.processor[2] is search(item.match.model_name) + - ansible_facts.processor_count == item.match.sockets + + - name: set cpu affinity variable + set_fact: + workload_firewall_cpu_affinity: "{{ cpu_layout_obtained.sapp_affinity | join(',') }}" + workload_zcpd_cpu_affinity: "{{ cpu_layout_obtained.mrzcpd_affinity | join(',')}}" + workload_firewall_worker_threads: "{{ cpu_layout_obtained.sapp_affinity | length }}" + workload_proxy_cpu_affinity: "{{ cpu_layout_obtained.tfe_affinity | join(',') }}" + workload_proxy_worker_thread: "{{ cpu_layout_obtained.tfe_affinity | length | int - 1 }}" + + - name: "tsg-os-provision: rewrite sapp_cpu_affinity and sapp_worker_threads" + set_fact: + workload_firewall_cpu_affinity: "{{ (cpu_layout_obtained.sapp_affinity + cpu_layout_obtained.tfe_affinity) | join(',') }}" + workload_firewall_worker_threads: "{{ (cpu_layout_obtained.sapp_affinity + cpu_layout_obtained.tfe_affinity) | length }}" + when: proxy.enable == 0 + +######setting cpu affinity end###### + +######setting nic cpu affinity mask start###### + - name: output cpu_layouts config to config .cpu_layouts.json + copy: + content: "{{ cpu_layouts| to_json }}" + dest: /opt/tsg/tsg-os-provision/.cpu_layouts.json + + - name: "tsg-os-provision: obtain rps_mask" + shell: /opt/tsg/tsg-os-provision/scripts/obtain_rps_mask.py + register: result_exec_obtain_rps_mask + + - name: "tsg-os-provision: check result_exec_obtain_rps_mask" + assert: + that: + - result_exec_obtain_rps_mask.rc == 0 + - result_exec_obtain_rps_mask.failed == False + fail_msg: "error:{{ result_exec_obtain_rps_mask.stderr }},stdout:{{ result_exec_obtain_rps_mask.stdout_lines }}" + success_msg: "Successded: obtain rpm mask" + + - name: "set rps_mask into tfe-env-config" + set_fact: + tfe_env_rps_info: "{{ result_exec_obtain_rps_mask.stdout | from_json }}" + + - name: "output tfe_env_rps_info" + debug: + msg: "{{ tfe_env_rps_info }}" + +######setting nic cpu affinity mask end###### + +######get isolate cpu core start###### + - name: redirect proxy config to config .proxy.json + copy: + content: "{{ proxy | to_json }}" + dest: /opt/tsg/tsg-os-provision/.proxy.json + + - name: "tsg-os-provision: execute obtain_isolate_cpu_range.py" + shell: /opt/tsg/tsg-os-provision/scripts/obtain_isolate_cpu_range.py + register: result_exec_obtain_isolate_cpu_range + + - name: "tsg-os-provision: check result_exec_obtain_isolate_cpu_range" + assert: + that: + - result_exec_obtain_isolate_cpu_range.rc == 0 + - result_exec_obtain_isolate_cpu_range.failed == False + fail_msg: "error:{{ result_exec_obtain_isolate_cpu_range.stderr }},stdout:{{ result_exec_obtain_isolate_cpu_range.stdout_lines }}" + success_msg: "Successded: obtain isolate cpu range" + + - name: "set fact grub_cpu_isolate" + set_fact: + grub_cpu_isolate: "{{ result_exec_obtain_isolate_cpu_range.stdout }}" + + - name: "set fact policy_and_log nic name" + set_fact: + network_setting: + nic_policy_log: + name: "ctrl_mock" + +######get isolate cpu core end###### + + - name: "set keep_alive_ip" + set_fact: + gdev_conf_keep_alive_ip: "{{ etherfabric_settings.keepalive.ip }}" + + - name: "set cm_policy_server_ip and cm_policy_server_port" + set_fact: + cm_policy_server_ip: "{{cm.policy_server.address}}" + cm_policy_server_port: "{{ cm.policy_server.port }}" + + - name: "mkdir /opt/tsg/exporter/" + file: + path: "{{ item }}" + state: directory + with_items: + - /target_config/opt/tsg/sapp/plug + - /target_config/opt/tsg/sapp/etc + - /target_config/opt/tsg/sapp/tsgconf + - /target_config/opt/tsg/sapp/plug/business/tsg_conn_sketch + - /target_config/opt/tsg/sapp/etc/kni + - /target_config/opt/tsg/sapp/etc/wannat + - /target_config/opt/tsg/tfe/conf/tfe + - /target_config/opt/tsg/tfe/conf/pangu + - /target_config/opt/tsg/certstore/conf + - /target_config/etc/telegraf + - /target_config/opt/tsg/etc + - /target_config/etc/default + + - name: "get sn" + shell: /opt/tsg/tsg-os-provision/scripts/obtain_sn.sh + + - name: "tsg-os-provision: Template the conflist.inf" + template: + src: ../templates/conflist.inf.j2 + dest: /target_config/opt/tsg/sapp/plug/conflist.inf + tags: sapp + + - name: "tsg-os-provision: template gdev.conf file" + template: + src: "../templates/gdev.conf.j2" + dest: /target_config/opt/tsg/sapp/etc/gdev.conf + tags: sapp + + - name: "tsg-os-provision: Template the tsgconf/main.conf" + template: + src: "../templates/main.conf.j2" + dest: /target_config/opt/tsg/sapp/tsgconf/main.conf + tags: firewall + + - name: "tsg-os-provision: Template the tsgconf/maat.conf" + template: + src: "../templates/maat.conf.j2" + dest: /target_config/opt/tsg/sapp/tsgconf/maat.conf + tags: firewall + + - name: "tsg-os-provision: Template the tsg_conn_sketch.inf" + template: + src: "../templates/tsg_conn_sketch.inf.j2" + dest: /target_config/opt/tsg/sapp/plug/business/tsg_conn_sketch/tsg_conn_sketch.inf + tags: firewall + + - name: "tsg-os-provision: Template the sapp.toml" + template: + src: "../templates/sapp.toml.j2" + dest: /target_config/opt/tsg/sapp/etc/sapp.toml + tags: sapp + + - name: "tsg-os-provision: Template the send_raw_pkt.conf" + template: + src: "../templates/send_raw_pkt.conf.j2" + dest: /target_config/opt/tsg/sapp/etc/send_raw_pkt.conf + tags: sapp + + - name: "tsg-os-provision: template the kni.conf" + template: + src: "../templates/kni.conf.j2" + dest: /target_config/opt/tsg/sapp/etc/kni/kni.conf + tags: sapp + + - name: "tsg-os-provision: template wannat wangw.conf file" + template: + src: "../templates/wangw.conf.j2" + dest: /target_config/opt/tsg/sapp/etc/wannat/wangw.conf + tags: wangw + + - name: "tsg-os-provision: template the tfe.conf" + template: + src: "../templates/tfe.conf.j2" + dest: /target_config/opt/tsg/tfe/conf/tfe/tfe.conf + tags: tfe + when: proxy.enable == 1 + + - name: "tsg-os-provision: template the pangu_pxy.conf" + template: + src: "../templates/pangu_pxy.conf.j2" + dest: /target_config/opt/tsg/tfe/conf/pangu/pangu_pxy.conf + tags: tfe + when: proxy.enable == 1 + + - name: "tsg-os-provision: template certstore configure file" + template: + src: "../templates/cert_store.ini.j2" + dest: /target_config/opt/tsg/certstore/conf/cert_store.ini + tags: certstore + + - name: "tsg-os-provision: Templates telegraf.conf" + template: + src: "../templates/telegraf_statistic.conf.j2" + dest: /target_config/etc/telegraf/telegraf_statistic.conf + tags: telegraf_statistic + + - name: "create tap device ctrl_mock" + shell: ip tuntap add mode tap ctrl_mock; ifconfig ctrl_mock up; ifconfig ctrl_mock {{ policy_and_log_nic_ip }}/32 + + - name: "create tap device tun_kni" + shell: ip tuntap add mode tap tun_kni + when: proxy.enable == 1 + + - name: "execute tfe-env shell" + shell: /opt/tsg/tfe/tfe-env-start.sh + when: proxy.enable == 1 \ No newline at end of file diff --git a/ansible/roles/tsg-os-provision/tasks/main.yml b/ansible/roles/tsg-os-provision/tasks/main.yml index 11c34fff..4449e471 100644 --- a/ansible/roles/tsg-os-provision/tasks/main.yml +++ b/ansible/roles/tsg-os-provision/tasks/main.yml @@ -82,7 +82,21 @@ src: "{{ role_path }}/files/tasks/provision.yml.TSGXNXR620G40R01P0804" dest: /opt/tsg/tsg-os-provision/tasks/provision.yml mode: 0644 - when: runtime_env == 'TSG-X-P0804' + when: runtime_env == 'TSG-X-P0804' or runtime_env == 'TSG-X-P0906' + +- name: "tsg-os-provision: copy tasks file that excutes provision to dest - tsg-x p0906" + copy: + src: "{{ role_path }}/files/tasks/provision.yml.TSGXNXR620G40R01P0906" + dest: /opt/tsg/tsg-os-provision/tasks/provision.yml + mode: 0644 + when: runtime_env == 'TSG-X-P0906' and PROFILE_ID == 'TSG-X-NXR620G40-R01-P0906' + +- name: "tsg-os-provision: copy tasks file that excutes provision to dest - tsg-x p0906 init" + copy: + src: "{{ role_path }}/files/tasks/provision.yml.TSGXNXR620G40R01P0906-init" + dest: /opt/tsg/tsg-os-provision/tasks/provision.yml + mode: 0644 + when: runtime_env == 'TSG-X-P0906' and PROFILE_ID == 'TSG-X-NXR620G40-R01-P0906-init' - name: "tsg-os-provision: copy provision.yml.sample file to dest - tsg9140" copy: @@ -131,7 +145,7 @@ src: "{{ role_path }}/files/config_sample/provision.default.yml.TSGXNXR620G40R01P0804" dest: /opt/tsg/tsg-os-provision/provision.default.yml mode: 0644 - when: runtime_env == 'TSG-X-P0804' + when: runtime_env == 'TSG-X-P0804' or runtime_env == 'TSG-X-P0906' - name: "tsg-os-provision: copy provision.yml.sample to dest - tsg7400 mcn0" copy: @@ -166,7 +180,7 @@ src: "{{ role_path }}/files/config_sample/provision.yml.sample.TSGXNXR620G40R01P0804" dest: /opt/tsg/tsg-os-provision/provision.yml.sample mode: 0644 - when: runtime_env == 'TSG-X-P0804' + when: runtime_env == 'TSG-X-P0804' or runtime_env == 'TSG-X-P0906' - name: "tsg-os-provision: copy provision.sh file to dest" copy: @@ -236,18 +250,27 @@ - { "src": tsg-os-provision.service.TSGXP1403, "dest": tsg-os-provision.service } when: runtime_env == 'TSG-X-P1403' or runtime_env == 'TSG-X-P0804' +- name: "install tsg-os-provision.service -- TSG-X-P0906" + copy: + src: "{{ role_path }}/files/service/{{ item.src }}" + dest: /usr/lib/systemd/system/{{ item.dest }} + mode: 0644 + with_items: + - { "src": tsg-os-provision.service.TSGXP0906, "dest": tsg-os-provision.service } + when: runtime_env == 'TSG-X-P0906' + - name: "replace action: add service into sysinit.target --TSG-X-P1403" shell: ln -vfs --relative /usr/lib/systemd/system/{{item}} /usr/lib/systemd/system/sysinit.target.wants/{{item}} with_items: - tsg-os-provision.service - when: runtime_env == 'TSG-X-P1403' or runtime_env == 'TSG-X-P0804' + when: runtime_env == 'TSG-X-P1403' or runtime_env == 'TSG-X-P0804' or runtime_env == 'TSG-X-P0906' - name: "tsg-os-provision: copy tsg-start.sh to dest - TSG-X-P1403" copy: src: "{{ role_path }}/files/script/provision-config-apply" dest: /opt/tsg/tsg-os-provision/ mode: 0755 - when: runtime_env == 'TSG-X-P1403' or runtime_env == 'TSG-X-P0804' + when: runtime_env == 'TSG-X-P1403' or runtime_env == 'TSG-X-P0804' or runtime_env == 'TSG-X-P0906' - name: "tsg-os-provision: obtain_rps_mask and obtain_cpu_core_range to dest - TSG-X-P0804" copy: @@ -257,7 +280,7 @@ with_items: - obtain_rps_mask.py - obtain_isolate_cpu_range.py - when: runtime_env == 'TSG-X-P0804' + when: runtime_env == 'TSG-X-P0804' or runtime_env == 'TSG-X-P0906' ######TSG-X-P1403 end###### @@ -271,10 +294,3 @@ src: "{{ role_path }}/files/script/tsg-os-provision.sh" dest: /etc/profile.d/ mode: 0755 - -- name: "add sudo secure_path" - lineinfile: - path: /etc/sudoers - backrefs: yes - regexp: "^(.*Defaults secure_path =.*)$" - line: '\1:/opt/tsg/tsg-os-provision' diff --git a/ansible/roles/tsg_app/tasks/main.yml b/ansible/roles/tsg_app/tasks/main.yml index 7de3be61..136be3cb 100644 --- a/ansible/roles/tsg_app/tasks/main.yml +++ b/ansible/roles/tsg_app/tasks/main.yml @@ -1,3 +1,11 @@ --- +- name: "download rpm packages: app_skecth_local" + yum: + name: "{{ tsg_app_rpm_version.app_sketch_local }}" + conf_file: "{{ rpm_repo_config_path }}" + state: present + download_only: yes + download_dir: "{{ path_download }}" + - name: "Install app_sketch_local that is sapp plugins" shell: rpm -i /tmp/rpm_download/{{ tsg_app_rpm_version.app_sketch_local }}* --prefix {{ prefix_path.sapp }} diff --git a/ansible/roles/tsg_master/tasks/main.yml b/ansible/roles/tsg_master/tasks/main.yml index 650537ba..26b244e9 100644 --- a/ansible/roles/tsg_master/tasks/main.yml +++ b/ansible/roles/tsg_master/tasks/main.yml @@ -1,2 +1,11 @@ +- name: "download rpm packages: tsg_master" + yum: + name: + - "{{ tsg_master_rpm_version.tsg_master }}" + conf_file: "{{ rpm_repo_config_path }}" + state: present + download_only: yes + download_dir: "{{ path_download }}" + - name: "Install tsg_master that is sapp plugins" shell: rpm -i /tmp/rpm_download/{{ tsg_master_rpm_version.tsg_master }}* --prefix {{ prefix_path.sapp }} diff --git a/ansible/roles/tsg_sn/files/obtain_sn.sh.TSGXP0906-init b/ansible/roles/tsg_sn/files/obtain_sn.sh.TSGXP0906-init new file mode 100644 index 00000000..113c4f16 --- /dev/null +++ b/ansible/roles/tsg_sn/files/obtain_sn.sh.TSGXP0906-init @@ -0,0 +1,10 @@ +#!/bin/bash -x + +sn=`ipmitool fru list |grep 'Product Serial' | awk '{ print $4}'` +if [ -z "$sn" ];then + echo "{\"sn\": \"unknown\"}" > /target_config/opt/tsg/etc/tsg_sn.json + echo "device_id=\"unknown\"" > /target_config/etc/default/telegraf + exit 0 +fi +echo "{\"sn\": \"$sn\"}" > /target_config/opt/tsg/etc/tsg_sn.json +echo "device_id=\"$sn\"" > /target_config/etc/default/telegraf diff --git a/ansible/roles/tsg_sn/tasks/main.yml b/ansible/roles/tsg_sn/tasks/main.yml index a616fc1f..8b711aa1 100644 --- a/ansible/roles/tsg_sn/tasks/main.yml +++ b/ansible/roles/tsg_sn/tasks/main.yml @@ -28,4 +28,12 @@ src: "{{ role_path }}/files/obtain_sn.sh.TSGXP1403" dest: /opt/tsg/tsg-os-provision/scripts/obtain_sn.sh mode: 0755 - when: runtime_env == 'TSG-X-P1403' or runtime_env == 'TSG-X-P0804' \ No newline at end of file + when: runtime_env == 'TSG-X-P1403' or runtime_env == 'TSG-X-P0804' or runtime_env == 'TSG-X-P0906' + + +- name: "deploy obtain sn - tsg-x-p0906" + copy: + src: "{{ role_path }}/files/obtain_sn.sh.TSGXP0906-init" + dest: /opt/tsg/tsg-os-provision/scripts/obtain_sn.sh + mode: 0755 + when: runtime_env == 'TSG-X-P0906' and PROFILE_ID == 'TSG-X-NXR620G40-R01-P0906-init' \ No newline at end of file diff --git a/ansible/roles/vsys/files/tsg-images-load.service b/ansible/roles/vsys/files/tsg-images-load.service new file mode 100644 index 00000000..ddd9e9ed --- /dev/null +++ b/ansible/roles/vsys/files/tsg-images-load.service @@ -0,0 +1,14 @@ +[Unit] +Description=Tsg container images loading +DefaultDependencies=no +Conflicts=shutdown.target +Requires=k3s.service +After=local-fs.target k3s.service +Before=sysinit.target shutdown.target systemd-update-done.service +ConditionNeedsUpdate=|/etc +ConditionFileNotEmpty=|/usr + +[Service] +ExecStart=/bin/sh -c "/opt/tsg/vsys1/scripts/tsg-traffic-image-load.sh" +Type=oneshot +RemainAfterExit=yes \ No newline at end of file diff --git a/ansible/roles/vsys/files/tsg-traffic-engine.service b/ansible/roles/vsys/files/tsg-traffic-engine.service new file mode 100644 index 00000000..76dfd180 --- /dev/null +++ b/ansible/roles/vsys/files/tsg-traffic-engine.service @@ -0,0 +1,13 @@ +[Unit] +Description=Tsg vsys1 +Requires=k3s.service mrzcpd.service +After=k3s.service mrzcpd.service + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=/bin/sh -c "/opt/tsg/vsys1/scripts/tsg-traffic-image-load.sh;\ + k3s kubectl create configmap vsys1-provision --from-file=/data/tsg-os-provision/provision.yml --from-file=/opt/tsg/tsg-os-provision/.policy_and_log_nic_ip.yaml;\ + k3s kubectl apply -f /opt/tsg/vsys1/workload_resource/tsg_workload_resource.yml" +ExecStop=/bin/sh -c "k3s kubectl delete -f /opt/tsg/vsys1/workload_resource/tsg_workload_resource.yml;\ + k3s kubectl delete configmap vsys1-provision" diff --git a/ansible/roles/vsys/tasks/main.yml b/ansible/roles/vsys/tasks/main.yml new file mode 100644 index 00000000..6be47ab4 --- /dev/null +++ b/ansible/roles/vsys/tasks/main.yml @@ -0,0 +1,45 @@ +- name: "create directory for workload resource" + file: + path: "{{ item }}" + state: directory + with_items: + - /usr/lib/systemd/system/tsg-traffic-engine.service.d/ + - /opt/tsg/vsys1/workload_resource/ + - /usr/lib/systemd/system/tsg-images-load.service.d/ + - /opt/tsg/vsys1/scripts/ + +- name: "copy vsys1 service file to dest" + copy: + src: "{{ role_path }}/files/tsg-traffic-engine.service" + dest: "/usr/lib/systemd/system/" + mode: 0644 + +#- name: "copy images load service file to dest" +# copy: +# src: "{{ role_path }}/files/tsg-images-load.service" +# dest: "/usr/lib/systemd/system/tsg-images-load.service" +# mode: 0644 + +- name: 'tsg-traffic-engine service enable' + systemd: + name: tsg-traffic-engine + enabled: yes + + +- name: "templates tsg_workload_resource.yml" + template: + src: "{{role_path}}/templates/tsg_workload_resource.yml.j2.j2" + dest: /opt/tsg/tsg-os-provision/templates/tsg_workload_resource.yml.j2 + tags: template + +- name: "copy slice file to tsg-traffic-engine.service.d" + copy: + src: "{{ role_path }}/templates/service_override_slice.conf.j2" + dest: /usr/lib/systemd/system/tsg-traffic-engine.service.d/service_override_slice.conf + mode: 0644 + +- name: "templates tsg-traffic-image-load.sh.j2" + template: + src: "{{role_path}}/templates/tsg-traffic-image-load.sh.j2" + dest: /opt/tsg/vsys1/scripts/tsg-traffic-image-load.sh + mode: 0755 diff --git a/ansible/roles/vsys/templates/service_override_slice.conf.j2 b/ansible/roles/vsys/templates/service_override_slice.conf.j2 new file mode 100644 index 00000000..db248c50 --- /dev/null +++ b/ansible/roles/vsys/templates/service_override_slice.conf.j2 @@ -0,0 +1,2 @@ +[Service] +Slice=workload.slice \ No newline at end of file diff --git a/ansible/roles/vsys/templates/tsg-traffic-image-load.sh.j2 b/ansible/roles/vsys/templates/tsg-traffic-image-load.sh.j2 new file mode 100644 index 00000000..39a5da70 --- /dev/null +++ b/ansible/roles/vsys/templates/tsg-traffic-image-load.sh.j2 @@ -0,0 +1,13 @@ +#!/bin/bash -ex + +#fileLoadImageSucceeded="/data/tsg-os-provision/.images_load_succeeded" +#if [ -f $fileLoadImageSucceeded ]; then +# rm $fileLoadImageSucceeded +#fi + +/usr/local/bin/k3s ctr image import /opt/tsg/images/tsg-container-firewall-{{os_release_ver}}-images.tar +/usr/local/bin/k3s ctr image import /opt/tsg/images/tsg-container-proxy-{{os_release_ver}}-images.tar +/usr/local/bin/k3s ctr image import /opt/tsg/images/tsg-container-certstore-{{os_release_ver}}-images.tar +/usr/local/bin/k3s ctr image import /opt/tsg/images/tsg-container-telegraf-{{os_release_ver}}-images.tar +/usr/local/bin/k3s ctr image import /opt/tsg/images/tsg-container-init-{{os_release_ver}}-images.tar +#touch $fileLoadImageSucceeded \ No newline at end of file diff --git a/ansible/roles/vsys/templates/tsg_workload_resource.yml.j2.j2 b/ansible/roles/vsys/templates/tsg_workload_resource.yml.j2.j2 new file mode 100644 index 00000000..69e90b91 --- /dev/null +++ b/ansible/roles/vsys/templates/tsg_workload_resource.yml.j2.j2 @@ -0,0 +1,174 @@ +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: tsg + labels: + app: tsg + +spec: + selector: + matchLabels: + app: tsg + template: + metadata: + labels: + app: tsg + + spec: + tolerations: + - key: node-role.kubernetes.io/control-plane + operator: Exists + effect: NoSchedule + - key: node-role.kubernetes.io/master + operator: Exists + effect: NoSchedule + containers: + - name: firewall + image: docker.io/library/tsg-firewall:{{os_release_ver}} + imagePullPolicy: Never + workingDir: /opt/tsg/sapp + command: ["/bin/bash", "-c", "./sapp"] + securityContext: + privileged: true + volumeMounts: + - name: opt-tsg-mrzcpd + mountPath: /opt/tsg/mrzcpd + readOnly: false + - name: var-run-mrzcpd + mountPath: /var/run/mrzcpd + readOnly: false + - name: var-run-dpdk + mountPath: /var/run/dpdk + readOnly: false + - name: root-sys + mountPath: /root/sys + readOnly: false + - name: switch-partion + mountPath: "/opt/tsg/sapp/plug/conflist.inf" + subPath: "opt/tsg/sapp/plug/conflist.inf" + - name: switch-partion + mountPath: "/opt/tsg/sapp/etc/gdev.conf" + subPath: "opt/tsg/sapp/etc/gdev.conf" + - name: switch-partion + mountPath: "/opt/tsg/sapp/tsgconf/main.conf" + subPath: "opt/tsg/sapp/tsgconf/main.conf" + - name: switch-partion + mountPath: "/opt/tsg/sapp/tsgconf/maat.conf" + subPath: "opt/tsg/sapp/tsgconf/maat.conf" + - name: switch-partion + mountPath: "/opt/tsg/sapp/plug/business/tsg_conn_sketch/tsg_conn_sketch.inf" + subPath: "opt/tsg/sapp/plug/business/tsg_conn_sketch/tsg_conn_sketch.inf" + - name: switch-partion + mountPath: "/opt/tsg/sapp/etc/sapp.toml" + subPath: "opt/tsg/sapp/etc/sapp.toml" + - name: switch-partion + mountPath: "/opt/tsg/sapp/etc/send_raw_pkt.conf" + subPath: "opt/tsg/sapp/etc/send_raw_pkt.conf" + - name: switch-partion + mountPath: "/opt/tsg/sapp/etc/kni/kni.conf" + subPath: "opt/tsg/sapp/etc/kni/kni.conf" + - name: switch-partion + mountPath: "/opt/tsg/sapp/etc/wannat/wangw.conf" + subPath: "opt/tsg/sapp/etc/wannat/wangw.conf" + - name: switch-partion + mountPath: "/opt/tsg/etc/tsg_sn.json" + subPath: "opt/tsg/etc/tsg_sn.json" + +{% raw %}{% if proxy.enable == 1 %} +{% endraw %} + - name: proxy + image: docker.io/library/tsg-proxy:{{os_release_ver}} + imagePullPolicy: Never + workingDir: /opt/tsg/tfe + command: ["/bin/bash", "-c", "./bin/tfe"] + securityContext: + privileged: true + volumeMounts: + - name: opt-tsg-mrzcpd + mountPath: /opt/tsg/mrzcpd + readOnly: false + - name: var-run-mrzcpd + mountPath: /var/run/mrzcpd + readOnly: false + - name: var-run-dpdk + mountPath: /var/run/dpdk + readOnly: false + - name: root-sys + mountPath: /root/sys + readOnly: false + - name: switch-partion + mountPath: "/opt/tsg/tfe/conf/tfe/tfe.conf" + subPath: "opt/tsg/tfe/conf/tfe/tfe.conf" + - name: switch-partion + mountPath: "/opt/tsg/tfe/conf/pangu/pangu_pxy.conf" + subPath: "opt/tsg/tfe/conf/pangu/pangu_pxy.conf" + - name: switch-partion + mountPath: "/opt/tsg/etc/tsg_sn.json" + subPath: "opt/tsg/etc/tsg_sn.json" +{% raw %}{% endif %} +{% endraw %} + + - name: certstore + image: docker.io/library/tsg-certstore:{{os_release_ver}} + imagePullPolicy: Never + workingDir: /opt/tsg/certstore + command: ["/bin/bash", "-c", "/usr/bin/redis-server /etc/cert-redis.conf;./bin/certstore"] + securityContext: + privileged: true + volumeMounts: + - name: switch-partion + mountPath: "/opt/tsg/certstore/conf/cert_store.ini" + subPath: "opt/tsg/certstore/conf/cert_store.ini" + - name: switch-partion + mountPath: "/opt/tsg/etc/tsg_sn.json" + subPath: "opt/tsg/etc/tsg_sn.json" + + - name: telegraf + image: docker.io/library/tsg-telegraf:{{os_release_ver}} + imagePullPolicy: Never + command: ["/bin/bash", "-c", "/usr/bin/telegraf -config /etc/telegraf/telegraf_statistic.conf -config-directory /etc/telegraf/telegraf_statistic.d"] + securityContext: + privileged: true + volumeMounts: + - name: switch-partion + mountPath: "/etc/telegraf/telegraf_statistic.conf" + subPath: "etc/telegraf/telegraf_statistic.conf" + - name: switch-partion + mountPath: "/opt/tsg/etc/tsg_sn.json" + subPath: "opt/tsg/etc/tsg_sn.json" + - name: switch-partion + mountPath: "/etc/default/telegraf" + subPath: "etc/default/telegraf" + + initContainers: + - name: tsg-init + image: docker.io/library/tsg-init:{{os_release_ver}} + imagePullPolicy: Never + command: ["sh", "-c", "ansible-playbook -i /opt/tsg/tsg-os-provision/hosts /opt/tsg/tsg-os-provision/tasks/provision.yml"] + securityContext: + privileged: true + volumeMounts: + - name: switch-partion + mountPath: /target_config + - name: provision + mountPath: /data/tsg-os-provision + readOnly: true + + volumes: + - name: opt-tsg-mrzcpd + hostPath: + path: /opt/tsg/mrzcpd + - name: var-run-mrzcpd + hostPath: + path: /var/run/mrzcpd + - name: var-run-dpdk + hostPath: + path: /var/run/dpdk + - name: root-sys + hostPath: + path: /root/sys + - name: provision + configMap: + name: vsys1-provision + - name: switch-partion + emptyDir: {} diff --git a/ansible/roles/wannat_wangw/tasks/main.yml b/ansible/roles/wannat_wangw/tasks/main.yml index 822ba2ae..d78f5578 100644 --- a/ansible/roles/wannat_wangw/tasks/main.yml +++ b/ansible/roles/wannat_wangw/tasks/main.yml @@ -1,4 +1,13 @@ --- +- name: "download rpm packages: wannat wangw" + yum: + name: "{{ item.value }}" + conf_file: "{{ rpm_repo_config_path }}" + state: present + download_only: yes + download_dir: "{{ path_download }}" + with_dict: "{{ wannat_wangw_rpm_version }}" + - name: "Install wangw plugins" shell: rpm -i /tmp/rpm_download/{{ item.rpm_version }}* --prefix {{ item.prefix }} with_items: diff --git a/ansible/roles/wire_graft/tasks/main.yml b/ansible/roles/wire_graft/tasks/main.yml index 8c4aea59..2f865a67 100644 --- a/ansible/roles/wire_graft/tasks/main.yml +++ b/ansible/roles/wire_graft/tasks/main.yml @@ -1,4 +1,13 @@ --- +- name: "download rpm packages: wire_graft" + yum: + name: "{{ item.value }}" + conf_file: "{{ rpm_repo_config_path }}" + state: present + download_only: yes + download_dir: "{{ path_download }}" + with_dict: "{{ wire_graft_rpm_version }}" + - name: "Install wire_graft that is sapp plugins" shell: rpm -i /tmp/rpm_download/{{ item.rpm_version }}* --prefix {{ item.prefix }} with_items: diff --git a/installer/distro-setup.sh b/installer/distro-setup.sh index 0d723f95..b21588fa 100755 --- a/installer/distro-setup.sh +++ b/installer/distro-setup.sh @@ -81,7 +81,7 @@ EOF2 echo "HOSTNAME=localhost" > /etc/sysconfig/network # Disable selinux -sed -ie "s/SELINUX=/SELINUX=disabled/g" /etc/selinux/config +sed -ie "s/SELINUX=.*/SELINUX=disabled/g" /etc/selinux/config ldconfig exit 0 diff --git a/make/Makefile.7400MCN0P01R01 b/make/Makefile.7400MCN0P01R01 index ca427eff..a8285b61 100644 --- a/make/Makefile.7400MCN0P01R01 +++ b/make/Makefile.7400MCN0P01R01 @@ -52,7 +52,7 @@ sysroot-ansible: sysroot-verfile sysroot-base cp $(CONFDIR)/resolv.conf $(TARGET_SYSROOT_DIR)/etc/ -r cp $(TARGET_SYSROOT_DIR)/etc/hosts $(TARGET_SYSROOT_DIR)/tmp/ -r cp /etc/hosts $(TARGET_SYSROOT_DIR)/etc/ -r - $(TOOLSDIR)/ansible-HAL $(PROFILE_ID) $(PROJECTDIR) $(TARGET_SYSROOT_DIR) /tmp/yum-CentOS-7.conf + $(TOOLSDIR)/ansible-HAL $(PROFILE_ID) $(PROJECTDIR) $(TARGET_SYSROOT_DIR) /tmp/yum-CentOS-7.conf $(OS_RELEASE_VER) cp $(TARGET_SYSROOT_DIR)/tmp/hosts $(TARGET_SYSROOT_DIR)/etc/ -r sysroot-cleanup: diff --git a/make/Makefile.7400MCN123P01R01 b/make/Makefile.7400MCN123P01R01 index e2ae57e4..c5202836 100644 --- a/make/Makefile.7400MCN123P01R01 +++ b/make/Makefile.7400MCN123P01R01 @@ -52,7 +52,7 @@ sysroot-ansible: sysroot-verfile sysroot-base cp $(CONFDIR)/resolv.conf $(TARGET_SYSROOT_DIR)/etc/ -r cp $(TARGET_SYSROOT_DIR)/etc/hosts $(TARGET_SYSROOT_DIR)/tmp/ -r cp /etc/hosts $(TARGET_SYSROOT_DIR)/etc/ -r - $(TOOLSDIR)/ansible-HAL $(PROFILE_ID) $(PROJECTDIR) $(TARGET_SYSROOT_DIR) /tmp/yum-CentOS-7.conf + $(TOOLSDIR)/ansible-HAL $(PROFILE_ID) $(PROJECTDIR) $(TARGET_SYSROOT_DIR) /tmp/yum-CentOS-7.conf $(OS_RELEASE_VER) cp $(TARGET_SYSROOT_DIR)/tmp/hosts $(TARGET_SYSROOT_DIR)/etc/ -r sysroot-cleanup: diff --git a/make/Makefile.9000NPBP01R01 b/make/Makefile.9000NPBP01R01 index ea5f009b..af10dffa 100644 --- a/make/Makefile.9000NPBP01R01 +++ b/make/Makefile.9000NPBP01R01 @@ -52,7 +52,7 @@ sysroot-ansible: sysroot-verfile sysroot-base cp $(CONFDIR)/resolv.conf $(TARGET_SYSROOT_DIR)/etc/ -r cp $(TARGET_SYSROOT_DIR)/etc/hosts $(TARGET_SYSROOT_DIR)/tmp/ -r cp /etc/hosts $(TARGET_SYSROOT_DIR)/etc/ -r - $(TOOLSDIR)/ansible-HAL $(PROFILE_ID) $(PROJECTDIR) $(TARGET_SYSROOT_DIR) /tmp/yum-CentOS-7.conf + $(TOOLSDIR)/ansible-HAL $(PROFILE_ID) $(PROJECTDIR) $(TARGET_SYSROOT_DIR) /tmp/yum-CentOS-7.conf $(OS_RELEASE_VER) cp $(TARGET_SYSROOT_DIR)/tmp/hosts $(TARGET_SYSROOT_DIR)/etc/ -r sysroot-cleanup: diff --git a/make/Makefile.TSGXNXR620G40R01P0804 b/make/Makefile.TSGXNXR620G40R01P0804 index 6c5b7c1b..576fa11f 100644 --- a/make/Makefile.TSGXNXR620G40R01P0804 +++ b/make/Makefile.TSGXNXR620G40R01P0804 @@ -53,7 +53,7 @@ sysroot-ansible: sysroot-verfile sysroot-base cp $(CONFDIR)/resolv.conf $(TARGET_SYSROOT_DIR)/etc/ -r cp $(TARGET_SYSROOT_DIR)/etc/hosts $(TARGET_SYSROOT_DIR)/tmp/ -r cp /etc/hosts $(TARGET_SYSROOT_DIR)/etc/ -r - $(TOOLSDIR)/ansible-HAL $(PROFILE_ID) $(PROJECTDIR) $(TARGET_SYSROOT_DIR) /tmp/yum-RockyLinux-8.conf + $(TOOLSDIR)/ansible-HAL $(PROFILE_ID) $(PROJECTDIR) $(TARGET_SYSROOT_DIR) /tmp/yum-RockyLinux-8.conf $(OS_RELEASE_VER) cp $(TARGET_SYSROOT_DIR)/tmp/hosts $(TARGET_SYSROOT_DIR)/etc/ -r umount $(TARGET_SYSROOT_DIR)/proc diff --git a/make/Makefile.TSGXNXR620G40R01P0906 b/make/Makefile.TSGXNXR620G40R01P0906 new file mode 100644 index 00000000..7f58dae9 --- /dev/null +++ b/make/Makefile.TSGXNXR620G40R01P0906 @@ -0,0 +1,223 @@ + +PROFILE_ID := TSG-X-NXR620G40-R01-P0906 +SUPPORTED_MACHINE_ID := TSG-X-NXR620G40-R01-P0906 +KERNEL_ARGS := crashkernel=512M default_hugepagesz=1G hugepagesz=1G hugepages=16 intel_iommu=on iommu=pt mitigations=off psi=1 isolcpus=1-76 +GRUB_SERIAL_COMMAND := +SIZE_PART_SYSROOT := 16384M +SIZE_PART_UPDATE := 16384M + +PROFILE_ID_IN_SHORT := $(subst -,$e,$(PROFILE_ID)) +CHROOT_PKG := tsg-os-${OS_RELEASE_VER}-${PROFILE_ID_IN_SHORT}-chroot.tar.bz2 +CHROOT_BIN := tsg-os-${OS_RELEASE_VER}-${PROFILE_ID_IN_SHORT}-ONIE.bin + +TARGET_BUILD_DIR := $(BUILDDIR_BASE)/$(PROFILE_ID) +TARGET_INSTALLER_DIR := $(TARGET_BUILD_DIR)/installer +TARGET_SYSROOT_DIR := $(TARGET_BUILD_DIR)/sysroot + +TARGET_CONTAINER_IMAGE_DIR := $(TARGET_BUILD_DIR)/container_images +CONTAINER_DOCKERFILE := $(TARGET_CONTAINER_IMAGE_DIR)/Dockerfile + +CONTAINER_FIREWALL_NAME := firewall +TARGET_CONTAINER_FIREWALL_SYSROOT_DIR := $(TARGET_BUILD_DIR)/$(CONTAINER_FIREWALL_NAME)-container_sysroot +CONTAINER_FIREWALL_PKG := tsg-container-$(CONTAINER_FIREWALL_NAME)-${OS_RELEASE_VER}-${PROFILE_ID_IN_SHORT}-images.tar.xz +CONTAINER_FIREWALL_TAR := tsg-container-$(CONTAINER_FIREWALL_NAME)-${OS_RELEASE_VER}-images.tar + +CONTAINER_PROXY_NAME := proxy +TARGET_CONTAINER_RPOXY_SYSROOT_DIR := $(TARGET_BUILD_DIR)/$(CONTAINER_PROXY_NAME)-container_sysroot +CONTAINER_RPOXY_PKG := tsg-container-$(CONTAINER_PROXY_NAME)-${OS_RELEASE_VER}-${PROFILE_ID_IN_SHORT}-images.tar.xz +CONTAINER_RPOXY_TAR := tsg-container-$(CONTAINER_PROXY_NAME)-${OS_RELEASE_VER}-images.tar + +CONTAINER_CERTSTORE_NAME := certstore +TARGET_CONTAINER_CERTSTORE_SYSROOT_DIR := $(TARGET_BUILD_DIR)/$(CONTAINER_CERTSTORE_NAME)-container_sysroot +CONTAINER_CERTSTORE_PKG := tsg-container-$(CONTAINER_CERTSTORE_NAME)-${OS_RELEASE_VER}-${PROFILE_ID_IN_SHORT}-images.tar.xz +CONTAINER_CERTSTORE_TAR := tsg-container-$(CONTAINER_CERTSTORE_NAME)-${OS_RELEASE_VER}-images.tar + +CONTAINER_TELEGRAF_NAME := telegraf +TARGET_CONTAINER_TELEGRAF_SYSROOT_DIR := $(TARGET_BUILD_DIR)/$(CONTAINER_TELEGRAF_NAME)-container_sysroot +CONTAINER_TELEGRAF_PKG := tsg-container-$(CONTAINER_TELEGRAF_NAME)-${OS_RELEASE_VER}-${PROFILE_ID_IN_SHORT}-images.tar.xz +CONTAINER_TELEGRAF_TAR := tsg-container-$(CONTAINER_TELEGRAF_NAME)-${OS_RELEASE_VER}-images.tar + +CONTAINER_INIT_NAME := init +TARGET_CONTAINER_INIT_SYSROOT_DIR := $(TARGET_BUILD_DIR)/$(CONTAINER_INIT_NAME)-container_sysroot +CONTAINER_INIT_PKG := tsg-container-$(CONTAINER_INIT_NAME)-${OS_RELEASE_VER}-${PROFILE_ID_IN_SHORT}-images.tar.xz +CONTAINER_INIT_TAR := tsg-container-$(CONTAINER_INIT_NAME)-${OS_RELEASE_VER}-images.tar + +.PHONY: all builddir installer sysroot-base sysroot-cleanup sysroot-archive sysroot-binary container-sysroot-base container-sysroot-ansible container-images-generate add-images-into-sysroot container-sysroot-cleanup clean + +all: sysroot-binary + +builddir: + mkdir -p $(TARGET_BUILD_DIR) + +installer: builddir + rm -rf $(TARGET_INSTALLER_DIR) + mkdir -p $(TARGET_INSTALLER_DIR) + cp $(INSTALLERDIR)/install.sh $(TARGET_INSTALLER_DIR)/install.sh + cp $(INSTALLERDIR)/distro-setup.sh $(TARGET_INSTALLER_DIR)/distro-setup.sh + chmod +x $(TARGET_INSTALLER_DIR)/install.sh + chmod +x $(TARGET_INSTALLER_DIR)/distro-setup.sh + + sed -i -e "s/%%DISTR0_VER%%/$(OS_RELEASE_VER)/" $(TARGET_INSTALLER_DIR)/install.sh + sed -i -e "s/%%MACHINE_ID%%/$(SUPPORTED_MACHINE_ID)/" $(TARGET_INSTALLER_DIR)/install.sh + sed -i -e "s/%%CHROOT_PKG%%/$(CHROOT_PKG)/" $(TARGET_INSTALLER_DIR)/install.sh + sed -i -e "s/%%KERNAL_ARGS%%/$(KERNEL_ARGS)/" $(TARGET_INSTALLER_DIR)/install.sh + sed -i -e "s/%%GRUB_SERIAL_COMMAND%%/$(GRUB_SERIAL_COMMAND)/" $(TARGET_INSTALLER_DIR)/install.sh + sed -i -e "s/%%SIZE_PART_SYSROOT%%/$(SIZE_PART_SYSROOT)/" $(TARGET_INSTALLER_DIR)/install.sh + sed -i -e "s/%%SIZE_PART_UPDATE%%/$(SIZE_PART_UPDATE)/" $(TARGET_INSTALLER_DIR)/install.sh + + sed -i '/sapp-pr:/d;/tfe-pr:/d' $(PROJECTDIR)/ansible/install_config/group_vars/rpm_version.yml + +sysroot-base: builddir + $(TOOLSDIR)/mk-base-image $(CONFDIR)/yum-RockyLinux-8.conf $(TARGET_SYSROOT_DIR) $(PROJECTDIR) $(PROFILE_ID) + +container-sysroot-base: builddir sysroot-verfile sysroot-ansible + rm -rf $(TARGET_CONTAINER_FIREWALL_SYSROOT_DIR) + rm -rf $(TARGET_CONTAINER_RPOXY_SYSROOT_DIR) + rm -rf $(TARGET_CONTAINER_CERTSTORE_SYSROOT_DIR) + rm -rf $(TARGET_CONTAINER_TELEGRAF_SYSROOT_DIR) + rm -rf $(TARGET_CONTAINER_INIT_SYSROOT_DIR) + + mkdir -p $(TARGET_CONTAINER_FIREWALL_SYSROOT_DIR) + mkdir -p $(TARGET_CONTAINER_RPOXY_SYSROOT_DIR) + mkdir -p $(TARGET_CONTAINER_CERTSTORE_SYSROOT_DIR) + mkdir -p $(TARGET_CONTAINER_TELEGRAF_SYSROOT_DIR) + mkdir -p $(TARGET_CONTAINER_INIT_SYSROOT_DIR) + + mkdir -p $(TARGET_CONTAINER_IMAGE_DIR) + + tar -Jxf $(PROJECTDIR)/package/rocky-8.6-docker.tar.xz -C $(TARGET_CONTAINER_FIREWALL_SYSROOT_DIR) + tar -Jxf $(PROJECTDIR)/package/rocky-8.6-docker.tar.xz -C $(TARGET_CONTAINER_RPOXY_SYSROOT_DIR) + tar -Jxf $(PROJECTDIR)/package/rocky-8.6-docker.tar.xz -C $(TARGET_CONTAINER_CERTSTORE_SYSROOT_DIR) + tar -Jxf $(PROJECTDIR)/package/rocky-8.6-docker.tar.xz -C $(TARGET_CONTAINER_TELEGRAF_SYSROOT_DIR) + tar -Jxf $(PROJECTDIR)/package/rocky-8.6-docker.tar.xz -C $(TARGET_CONTAINER_INIT_SYSROOT_DIR) + #curl -SL https://raw.githubusercontent.com/rocky-linux/sig-cloud-instance-images/Rocky-8.5-x86_64/rocky-8.5-docker-x86_64.tar.xz | tar -Jx -C $(TARGET_CONTAINER_SYSROOT_DIR) + +sysroot-verfile: sysroot-base + sed -i -e "s/^NAME=.*/NAME=\"TSG-OS\"/" $(TARGET_SYSROOT_DIR)/usr/lib/os-release + sed -i -e "s/^VERSION=.*/VERSION=\"$(OS_RELEASE_VER) ($(PROFILE_ID_IN_SHORT))\"/" $(TARGET_SYSROOT_DIR)/usr/lib/os-release + sed -i -e "s/^PRETTY_NAME=.*/PRETTY_NAME=\"TSG-OS $(OS_RELEASE_VER) ($(PROFILE_ID_IN_SHORT))\"/" $(TARGET_SYSROOT_DIR)/usr/lib/os-release + +sysroot-ansible: sysroot-verfile sysroot-base + cp $(CONFDIR)/yum-RockyLinux-8.conf $(TARGET_SYSROOT_DIR)/tmp/ -r + cp $(CONFDIR)/resolv.conf $(TARGET_SYSROOT_DIR)/etc/ -r + cp $(TARGET_SYSROOT_DIR)/etc/hosts $(TARGET_SYSROOT_DIR)/tmp/ -r + cp /etc/hosts $(TARGET_SYSROOT_DIR)/etc/ -r + $(TOOLSDIR)/ansible-HAL $(PROFILE_ID) $(PROJECTDIR) $(TARGET_SYSROOT_DIR) /tmp/yum-RockyLinux-8.conf $(OS_RELEASE_VER) + cp $(TARGET_SYSROOT_DIR)/tmp/hosts $(TARGET_SYSROOT_DIR)/etc/ -r + +container-sysroot-ansible: container-sysroot-base + cp $(CONFDIR)/yum-RockyLinux-8.conf $(TARGET_CONTAINER_FIREWALL_SYSROOT_DIR)/tmp/ -r + cp $(CONFDIR)/resolv.conf $(TARGET_CONTAINER_FIREWALL_SYSROOT_DIR)/etc/ -r + cp $(TARGET_CONTAINER_FIREWALL_SYSROOT_DIR)/etc/hosts $(TARGET_CONTAINER_FIREWALL_SYSROOT_DIR)/tmp/ -r + cp /etc/hosts $(TARGET_CONTAINER_FIREWALL_SYSROOT_DIR)/etc/ -r + $(TOOLSDIR)/ansible-HAL $(PROFILE_ID)-$(CONTAINER_FIREWALL_NAME) $(PROJECTDIR) $(TARGET_CONTAINER_FIREWALL_SYSROOT_DIR) /tmp/yum-RockyLinux-8.conf $(OS_RELEASE_VER) + cp $(TARGET_CONTAINER_FIREWALL_SYSROOT_DIR)/tmp/hosts $(TARGET_CONTAINER_FIREWALL_SYSROOT_DIR)/etc/ -r + + cp $(CONFDIR)/yum-RockyLinux-8.conf $(TARGET_CONTAINER_RPOXY_SYSROOT_DIR)/tmp/ -r + cp $(CONFDIR)/resolv.conf $(TARGET_CONTAINER_RPOXY_SYSROOT_DIR)/etc/ -r + cp $(TARGET_CONTAINER_RPOXY_SYSROOT_DIR)/etc/hosts $(TARGET_CONTAINER_RPOXY_SYSROOT_DIR)/tmp/ -r + cp /etc/hosts $(TARGET_CONTAINER_RPOXY_SYSROOT_DIR)/etc/ -r + $(TOOLSDIR)/ansible-HAL $(PROFILE_ID)-$(CONTAINER_PROXY_NAME) $(PROJECTDIR) $(TARGET_CONTAINER_RPOXY_SYSROOT_DIR) /tmp/yum-RockyLinux-8.conf $(OS_RELEASE_VER) + cp $(TARGET_CONTAINER_RPOXY_SYSROOT_DIR)/tmp/hosts $(TARGET_CONTAINER_RPOXY_SYSROOT_DIR)/etc/ -r + + cp $(CONFDIR)/yum-RockyLinux-8.conf $(TARGET_CONTAINER_CERTSTORE_SYSROOT_DIR)/tmp/ -r + cp $(CONFDIR)/resolv.conf $(TARGET_CONTAINER_CERTSTORE_SYSROOT_DIR)/etc/ -r + cp $(TARGET_CONTAINER_CERTSTORE_SYSROOT_DIR)/etc/hosts $(TARGET_CONTAINER_CERTSTORE_SYSROOT_DIR)/tmp/ -r + cp /etc/hosts $(TARGET_CONTAINER_CERTSTORE_SYSROOT_DIR)/etc/ -r + $(TOOLSDIR)/ansible-HAL $(PROFILE_ID)-$(CONTAINER_CERTSTORE_NAME) $(PROJECTDIR) $(TARGET_CONTAINER_CERTSTORE_SYSROOT_DIR) /tmp/yum-RockyLinux-8.conf $(OS_RELEASE_VER) + cp $(TARGET_CONTAINER_CERTSTORE_SYSROOT_DIR)/tmp/hosts $(TARGET_CONTAINER_CERTSTORE_SYSROOT_DIR)/etc/ -r + + cp $(CONFDIR)/yum-RockyLinux-8.conf $(TARGET_CONTAINER_TELEGRAF_SYSROOT_DIR)/tmp/ -r + cp $(CONFDIR)/resolv.conf $(TARGET_CONTAINER_TELEGRAF_SYSROOT_DIR)/etc/ -r + cp $(TARGET_CONTAINER_TELEGRAF_SYSROOT_DIR)/etc/hosts $(TARGET_CONTAINER_TELEGRAF_SYSROOT_DIR)/tmp/ -r + cp /etc/hosts $(TARGET_CONTAINER_TELEGRAF_SYSROOT_DIR)/etc/ -r + $(TOOLSDIR)/ansible-HAL $(PROFILE_ID)-$(CONTAINER_TELEGRAF_NAME) $(PROJECTDIR) $(TARGET_CONTAINER_TELEGRAF_SYSROOT_DIR) /tmp/yum-RockyLinux-8.conf $(OS_RELEASE_VER) + cp $(TARGET_CONTAINER_TELEGRAF_SYSROOT_DIR)/tmp/hosts $(TARGET_CONTAINER_TELEGRAF_SYSROOT_DIR)/etc/ -r + + cp $(CONFDIR)/yum-RockyLinux-8.conf $(TARGET_CONTAINER_INIT_SYSROOT_DIR)/tmp/ -r + cp $(CONFDIR)/resolv.conf $(TARGET_CONTAINER_INIT_SYSROOT_DIR)/etc/ -r + cp $(TARGET_CONTAINER_INIT_SYSROOT_DIR)/etc/hosts $(TARGET_CONTAINER_INIT_SYSROOT_DIR)/tmp/ -r + cp /etc/hosts $(TARGET_CONTAINER_INIT_SYSROOT_DIR)/etc/ -r + $(TOOLSDIR)/ansible-HAL $(PROFILE_ID)-$(CONTAINER_INIT_NAME) $(PROJECTDIR) $(TARGET_CONTAINER_INIT_SYSROOT_DIR) /tmp/yum-RockyLinux-8.conf $(OS_RELEASE_VER) + cp $(TARGET_CONTAINER_INIT_SYSROOT_DIR)/tmp/hosts $(TARGET_CONTAINER_INIT_SYSROOT_DIR)/etc/ -r + +container-sysroot-cleanup: + cp $(TARGET_CONTAINER_FIREWALL_SYSROOT_DIR)/tmp/ks-script-* $(TARGET_CONTAINER_FIREWALL_SYSROOT_DIR) + rm -rf $(TARGET_CONTAINER_FIREWALL_SYSROOT_DIR)/tmp/* + rm -rf $(TARGET_CONTAINER_FIREWALL_SYSROOT_DIR)/dev/* + mv $(TARGET_CONTAINER_FIREWALL_SYSROOT_DIR)/ks-script-* $(TARGET_CONTAINER_FIREWALL_SYSROOT_DIR)/tmp + + cp $(TARGET_CONTAINER_RPOXY_SYSROOT_DIR)/tmp/ks-script-* $(TARGET_CONTAINER_RPOXY_SYSROOT_DIR) + rm -rf $(TARGET_CONTAINER_RPOXY_SYSROOT_DIR)/tmp/* + rm -rf $(TARGET_CONTAINER_RPOXY_SYSROOT_DIR)/dev/* + mv $(TARGET_CONTAINER_RPOXY_SYSROOT_DIR)/ks-script-* $(TARGET_CONTAINER_RPOXY_SYSROOT_DIR)/tmp + + cp $(TARGET_CONTAINER_CERTSTORE_SYSROOT_DIR)/tmp/ks-script-* $(TARGET_CONTAINER_CERTSTORE_SYSROOT_DIR) + rm -rf $(TARGET_CONTAINER_CERTSTORE_SYSROOT_DIR)/tmp/* + rm -rf $(TARGET_CONTAINER_CERTSTORE_SYSROOT_DIR)/dev/* + mv $(TARGET_CONTAINER_CERTSTORE_SYSROOT_DIR)/ks-script-* $(TARGET_CONTAINER_CERTSTORE_SYSROOT_DIR)/tmp + + cp $(TARGET_CONTAINER_TELEGRAF_SYSROOT_DIR)/tmp/ks-script-* $(TARGET_CONTAINER_TELEGRAF_SYSROOT_DIR) + rm -rf $(TARGET_CONTAINER_TELEGRAF_SYSROOT_DIR)/tmp/* + rm -rf $(TARGET_CONTAINER_TELEGRAF_SYSROOT_DIR)/dev/* + mv $(TARGET_CONTAINER_TELEGRAF_SYSROOT_DIR)/ks-script-* $(TARGET_CONTAINER_TELEGRAF_SYSROOT_DIR)/tmp + + cp $(TARGET_CONTAINER_INIT_SYSROOT_DIR)/tmp/ks-script-* $(TARGET_CONTAINER_INIT_SYSROOT_DIR) + rm -rf $(TARGET_CONTAINER_INIT_SYSROOT_DIR)/tmp/* + rm -rf $(TARGET_CONTAINER_INIT_SYSROOT_DIR)/dev/* + mv $(TARGET_CONTAINER_INIT_SYSROOT_DIR)/ks-script-* $(TARGET_CONTAINER_INIT_SYSROOT_DIR)/tmp + +container-images-generate: container-sysroot-ansible container-sysroot-cleanup + tar -Jcf $(TARGET_CONTAINER_IMAGE_DIR)/$(CONTAINER_FIREWALL_PKG) -C $(TARGET_CONTAINER_FIREWALL_SYSROOT_DIR) . + echo -e "FROM scratch\nADD $(CONTAINER_FIREWALL_PKG) /\n\nCMD ["/bin/bash"]\n" > $(CONTAINER_DOCKERFILE) + docker build -t tsg-${CONTAINER_FIREWALL_NAME}:$(OS_RELEASE_VER) -f $(CONTAINER_DOCKERFILE) $(TARGET_CONTAINER_IMAGE_DIR) + docker save tsg-${CONTAINER_FIREWALL_NAME}:$(OS_RELEASE_VER) > $(TARGET_CONTAINER_IMAGE_DIR)/$(CONTAINER_FIREWALL_TAR) + docker rmi tsg-${CONTAINER_FIREWALL_NAME}:$(OS_RELEASE_VER) + + tar -Jcf $(TARGET_CONTAINER_IMAGE_DIR)/$(CONTAINER_RPOXY_PKG) -C $(TARGET_CONTAINER_RPOXY_SYSROOT_DIR) . + echo -e "FROM scratch\nADD $(CONTAINER_RPOXY_PKG) /\n\nCMD ["/bin/bash"]\n" > $(CONTAINER_DOCKERFILE) + docker build -t tsg-$(CONTAINER_PROXY_NAME):$(OS_RELEASE_VER) -f $(CONTAINER_DOCKERFILE) $(TARGET_CONTAINER_IMAGE_DIR) + docker save tsg-$(CONTAINER_PROXY_NAME):$(OS_RELEASE_VER) > $(TARGET_CONTAINER_IMAGE_DIR)/$(CONTAINER_RPOXY_TAR) + docker rmi tsg-$(CONTAINER_PROXY_NAME):$(OS_RELEASE_VER) + + tar -Jcf $(TARGET_CONTAINER_IMAGE_DIR)/$(CONTAINER_CERTSTORE_PKG) -C $(TARGET_CONTAINER_CERTSTORE_SYSROOT_DIR) . + echo -e "FROM scratch\nADD $(CONTAINER_CERTSTORE_PKG) /\n\nCMD ["/bin/bash"]\n" > $(CONTAINER_DOCKERFILE) + docker build -t tsg-$(CONTAINER_CERTSTORE_NAME):$(OS_RELEASE_VER) -f $(CONTAINER_DOCKERFILE) $(TARGET_CONTAINER_IMAGE_DIR) + docker save tsg-$(CONTAINER_CERTSTORE_NAME):$(OS_RELEASE_VER) > $(TARGET_CONTAINER_IMAGE_DIR)/$(CONTAINER_CERTSTORE_TAR) + docker rmi tsg-$(CONTAINER_CERTSTORE_NAME):$(OS_RELEASE_VER) + + tar -Jcf $(TARGET_CONTAINER_IMAGE_DIR)/$(CONTAINER_TELEGRAF_PKG) -C $(TARGET_CONTAINER_TELEGRAF_SYSROOT_DIR) . + echo -e "FROM scratch\nADD $(CONTAINER_TELEGRAF_PKG) /\n\nCMD ["/bin/bash"]\n" > $(CONTAINER_DOCKERFILE) + docker build -t tsg-$(CONTAINER_TELEGRAF_NAME):$(OS_RELEASE_VER) -f $(CONTAINER_DOCKERFILE) $(TARGET_CONTAINER_IMAGE_DIR) + docker save tsg-$(CONTAINER_TELEGRAF_NAME):$(OS_RELEASE_VER) > $(TARGET_CONTAINER_IMAGE_DIR)/$(CONTAINER_TELEGRAF_TAR) + docker rmi tsg-$(CONTAINER_TELEGRAF_NAME):$(OS_RELEASE_VER) + + tar -Jcf $(TARGET_CONTAINER_IMAGE_DIR)/$(CONTAINER_INIT_PKG) -C $(TARGET_CONTAINER_INIT_SYSROOT_DIR) . + echo -e "FROM scratch\nADD $(CONTAINER_INIT_PKG) /\n\nCMD ["/bin/bash"]\n" > $(CONTAINER_DOCKERFILE) + docker build -t tsg-$(CONTAINER_INIT_NAME):$(OS_RELEASE_VER) -f $(CONTAINER_DOCKERFILE) $(TARGET_CONTAINER_IMAGE_DIR) + docker save tsg-$(CONTAINER_INIT_NAME):$(OS_RELEASE_VER) > $(TARGET_CONTAINER_IMAGE_DIR)/$(CONTAINER_INIT_TAR) + docker rmi tsg-$(CONTAINER_INIT_NAME):$(OS_RELEASE_VER) + +sysroot-cleanup: + rm -rf $(TARGET_SYSROOT_DIR)/tmp/* + rm -rf $(TARGET_SYSROOT_DIR)/dev/* + +add-images-into-sysroot: container-images-generate + mkdir -p $(TARGET_SYSROOT_DIR)/opt/tsg/images/ + cp $(TARGET_CONTAINER_IMAGE_DIR)/$(CONTAINER_FIREWALL_TAR) $(TARGET_SYSROOT_DIR)/opt/tsg/images/ + cp $(TARGET_CONTAINER_IMAGE_DIR)/$(CONTAINER_RPOXY_TAR) $(TARGET_SYSROOT_DIR)/opt/tsg/images/ + cp $(TARGET_CONTAINER_IMAGE_DIR)/$(CONTAINER_CERTSTORE_TAR) $(TARGET_SYSROOT_DIR)/opt/tsg/images/ + cp $(TARGET_CONTAINER_IMAGE_DIR)/$(CONTAINER_TELEGRAF_TAR) $(TARGET_SYSROOT_DIR)/opt/tsg/images/ + cp $(TARGET_CONTAINER_IMAGE_DIR)/$(CONTAINER_INIT_TAR) $(TARGET_SYSROOT_DIR)/opt/tsg/images/ + +sysroot-archive: installer add-images-into-sysroot sysroot-cleanup + cp $(TARGET_CONTAINER_INIT_SYSROOT_DIR)/etc/sysctl.d/80-tfe.conf $(TARGET_SYSROOT_DIR)/etc/sysctl.d/ + tar --exclude=*~ --exclude-backups --owner=root --group=root -c -C $(TARGET_SYSROOT_DIR) . | pbzip2 -p9 > $(TARGET_INSTALLER_DIR)/$(CHROOT_PKG) + +sysroot-binary: sysroot-archive + mkdir -p $(TARGET_BUILD_DIR)/cook-bits + $(TOOLSDIR)/cook-bits $(TARGET_BUILD_DIR) $(TARGET_BUILD_DIR)/cook-bits $(IMAGEDIR_BASE)/$(CHROOT_BIN) + sha256sum $(IMAGEDIR_BASE)/$(CHROOT_BIN) | awk '{print $$1}' > $(IMAGEDIR_BASE)/$(CHROOT_BIN).sha256sum.txt + +clean: + rm -rf $(TARGET_BUILD_DIR) \ No newline at end of file diff --git a/make/Makefile.TSGXNXR620G40R01P1403 b/make/Makefile.TSGXNXR620G40R01P1403 index 5372abe2..4048163e 100644 --- a/make/Makefile.TSGXNXR620G40R01P1403 +++ b/make/Makefile.TSGXNXR620G40R01P1403 @@ -53,7 +53,7 @@ sysroot-ansible: sysroot-verfile sysroot-base cp $(CONFDIR)/resolv.conf $(TARGET_SYSROOT_DIR)/etc/ -r cp $(TARGET_SYSROOT_DIR)/etc/hosts $(TARGET_SYSROOT_DIR)/tmp/ -r cp /etc/hosts $(TARGET_SYSROOT_DIR)/etc/ -r - $(TOOLSDIR)/ansible-HAL $(PROFILE_ID) $(PROJECTDIR) $(TARGET_SYSROOT_DIR) /tmp/yum-CentOS-7.conf + $(TOOLSDIR)/ansible-HAL $(PROFILE_ID) $(PROJECTDIR) $(TARGET_SYSROOT_DIR) /tmp/yum-CentOS-7.conf $(OS_RELEASE_VER) cp $(TARGET_SYSROOT_DIR)/tmp/hosts $(TARGET_SYSROOT_DIR)/etc/ -r umount $(TARGET_SYSROOT_DIR)/proc diff --git a/package/rocky-8.6-docker.tar.xz b/package/rocky-8.6-docker.tar.xz new file mode 100644 index 00000000..ed7fee87 Binary files /dev/null and b/package/rocky-8.6-docker.tar.xz differ diff --git a/tools/ansible-HAL b/tools/ansible-HAL index 4ef40a01..63a140b6 100644 --- a/tools/ansible-HAL +++ b/tools/ansible-HAL @@ -4,6 +4,7 @@ PROFILE_ID=$1 PROJECTDIR=$2 TARGET_SYSROOT_DIR=$3 YUM_CONF_PATH=$4 +OS_RELEASE_VER=$5 echo "----------------------------- Ansible Stage 1 ----------------------------" echo "$PROFILE_ID" @@ -11,4 +12,4 @@ echo "$PROFILE_ID" echo "[$PROFILE_ID]" > $PROJECTDIR/ansible/install_config/hosts echo "$TARGET_SYSROOT_DIR ansible_connection=chroot" >> $PROJECTDIR/ansible/install_config/hosts -ansible-playbook -i $PROJECTDIR/ansible/install_config/hosts $PROJECTDIR/ansible/HAL_deploy.yml -e "rpm_repo_config_path=$YUM_CONF_PATH PROFILE_ID=$PROFILE_ID path_download=/tmp/rpm_download" +ansible-playbook -i $PROJECTDIR/ansible/install_config/hosts $PROJECTDIR/ansible/HAL_deploy.yml -e "rpm_repo_config_path=$YUM_CONF_PATH PROFILE_ID=$PROFILE_ID path_download=/tmp/rpm_download os_release_ver=$OS_RELEASE_VER" diff --git a/tools/mk-base-image b/tools/mk-base-image index bc0fd036..7ad95d25 100755 --- a/tools/mk-base-image +++ b/tools/mk-base-image @@ -10,69 +10,66 @@ yum_config=$1 target=$2 projectdir=$3 profile_id=$4 + +setopt="group_package_types=mandatory,default,optional" + case $profile_id in - "TSG-X-NXR620G40-R01-P0804") + "TSG-X-NXR620G40-R01-P0804" | "TSG-X-NXR620G40-R01-P0906" ) kernel_version="5.17.15-1.el8.x86_64" + append_package_to_install="$projectdir/package/kernel-ml-core-$kernel_version.rpm + $projectdir/package/kernel-ml-modules-$kernel_version.rpm + $projectdir/package/kernel-ml-$kernel_version.rpm + $projectdir/package/kernel-ml-devel-$kernel_version.rpm" ;; "TSG-X-NXR620G40-R01-P1403") kernel_version="3.10.0-1160.59.1.el7.x86_64" + append_package_to_install="kernel-3.10.0-1160.59.1.el7.x86_64 + kernel-devel-3.10.0-1160.59.1.el7.x86_64" ;; "7400-MCN0-P01R01" | "7400-MCN123-P01R01" |"9000-NPB-P01R01") kernel_version="5.4.159-1.el7.elrepo.x86_64" + append_package_to_install="$projectdir/package/kernel-lt-$kernel_version.rpm + $projectdir/package/kernel-lt-devel-$kernel_version.rpm" ;; *) kernel_version="error_profile_id" - echo "Set kernel_version failed, profile_id: $profile_id" + echo "Set kernel_version failed, error profile_id: $profile_id" + exit 1 + ;; +esac + +case $profile_id in + "TSG-X-NXR620G40-R01-P0804" | "TSG-X-NXR620G40-R01-P0906" ) + base_package_to_install="@base @core @debugging @anaconda-tools @additional-devel @guest-agents @system-tools + @hardware-monitoring @network-file-system-client @performance @remote-system-management adcli certmonger + ipa-client clevis-dracut clevis-udisks2 krb5-pkinit krb5-workstation sssd-polkit-rules krb5-pkinit luksmeta + nscd nss-pam-ldapd grub2 epel-release efibootmgr ansible yum-utils ipmitool OpenIPMI docker-ce docker-ce-cli + containerd.io lrzsz python3 watchdog pcm git tmux fish kernel kernel-devel kernel-tools-libs kernel-modules + kernel-tools kernel-core rpm-build libtool kernel-rpm-macros python36-devel tcsh kernel-modules-extra gcc-gfortran + libdb-devel fuse-devel python3-Cython cmake perl-generators libstdc++-devel libmnl-devel bison flex gcc-c++ + python3-docutils libnsl" + + ;; + "TSG-X-NXR620G40-R01-P1403" | "7400-MCN0-P01R01" | "7400-MCN123-P01R01" |"9000-NPB-P01R01") + base_package_to_install="@base @core @debugging @directory-client @guest-agents + @hardware-monitoring @network-file-system-client @performance @remote-system-management + grub2 epel-release efibootmgr ansible yum-utils ipmitool docker-ce docker-ce-cli + containerd.io lrzsz python3 vconfig watchdog pcm git tmux fish" + ;; + *) + base_package_to_install="error_profile_id" + echo "Set base_package_to_install failed, error profile_id: $profile_id" exit 1 ;; esac set -ex -package_to_install_CentOS7="@base @core @debugging @directory-client @guest-agents - @hardware-monitoring @network-file-system-client @performance @remote-system-management - grub2 epel-release efibootmgr ansible yum-utils ipmitool docker-ce docker-ce-cli containerd.io lrzsz python3 vconfig watchdog pcm git tmux fish" - -package_to_install_RockyLinux85="@base @core @debugging @anaconda-tools @additional-devel @guest-agents @system-tools - @hardware-monitoring @network-file-system-client @performance @remote-system-management - adcli certmonger ipa-client clevis-dracut clevis-udisks2 krb5-pkinit krb5-workstation sssd-polkit-rules krb5-pkinit luksmeta nscd nss-pam-ldapd - grub2 epel-release efibootmgr ansible yum-utils ipmitool OpenIPMI docker-ce docker-ce-cli containerd.io lrzsz python3 watchdog pcm git tmux fish kernel kernel-devel - kernel-tools-libs kernel-modules kernel-tools kernel-core rpm-build libtool kernel-rpm-macros python36-devel tcsh kernel-modules-extra gcc-gfortran - libdb-devel fuse-devel python3-Cython cmake perl-generators libstdc++-devel libmnl-devel bison flex gcc-c++ python3-docutils libnsl" - -if [ $profile_id != "TSG-X-NXR620G40-R01-P0804" ];then - locak_package_to_install_CentOS7="$projectdir/package/kernel-lt-$kernel_version.rpm - $projectdir/package/kernel-lt-devel-$kernel_version.rpm" -else - local_package_to_install="$projectdir/package/kernel-ml-core-$kernel_version.rpm - $projectdir/package/kernel-ml-modules-$kernel_version.rpm - $projectdir/package/kernel-ml-$kernel_version.rpm - $projectdir/package/kernel-ml-devel-$kernel_version.rpm" -fi - -kernel_package_to_install="kernel-3.10.0-1160.59.1.el7.x86_64 kernel-devel-3.10.0-1160.59.1.el7.x86_64" - -setopt="group_package_types=mandatory,default,optional" - yum -c "$yum_config" --installroot="$target" -y makecache -case $profile_id in - "TSG-X-NXR620G40-R01-P0804") - yum -c "$yum_config" --installroot="$target" -y --setopt=$setopt install $package_to_install_RockyLinux85 - yum -c "$yum_config" --installroot="$target" -y --setopt=$setopt install $local_package_to_install - ;; - "TSG-X-NXR620G40-R01-P1403") - yum -c "$yum_config" --installroot="$target" -y --setopt=$setopt install $package_to_install_CentOS7 - yum -c "$yum_config" --installroot="$target" -y --setopt=$setopt install $kernel_package_to_install - ;; - "7400-MCN0-P01R01" | "7400-MCN123-P01R01" |"9000-NPB-P01R01") - yum -c "$yum_config" --installroot="$target" -y --setopt=$setopt install $package_to_install_CentOS7 - yum -c "$yum_config" --installroot="$target" -y --setopt=$setopt localinstall $locak_package_to_install_CentOS7 - ;; - *) - echo "Error profile id, profile_id: $profile_id" - exit 1 - ;; -esac + +yum -c "$yum_config" --installroot="$target" -y --setopt=$setopt install $base_package_to_install +yum -c "$yum_config" --installroot="$target" -y --setopt=$setopt install $append_package_to_install + #if [ $profile_id == "TSG-X-NXR620G40-R01-P0804" ];then # kernel_version=$(ls $target/boot/vmlinuz-*.x86_64 | grep -oP "^$target/boot/vmlinuz-\K.*")