feature:修改init容器执行命令方式

2023-03-24 17:33:28 +08:00
parent 584de2f389
commit 404f581999
6 changed files with 70 additions and 90 deletions
--- a/ansible/roles/traffic-engine/files/helm/conf/provision-init.sh
+++ b/ansible/roles/traffic-engine/files/helm/conf/provision-init.sh
@@ -1,22 +0,0 @@
-#!/bin/bash -ex
-
-mkdir -p /target_config/opt/tsg/etc
-mkdir -p /target_config/etc/default
-chmod 0755 /opt/tsg/tsg-os-provision/scripts/obtain_sn.sh
-/opt/tsg/tsg-os-provision/scripts/obtain_sn.sh
-{{ if eq .Values.proxy.enable .Values.define_enable_val_yes }}
-ip tuntap add dev tap0 mode tap multi_queue
-/opt/tsg/tfe/tfe-env-start.sh
-{{- end }}
-mount -o remount,rw /sys
-
-{{ if .Values.sce_config.endpoint_nic }}
-ip tuntap add dev {{ .Values.sce_config.endpoint_nic }} mode tap
-ip link set dev {{ .Values.sce_config.endpoint_nic }} up
-ip route add {{ .Values.sce_config.endpoint_netip }}/{{ .Values.sce_config.endpoint_mask }} dev {{ .Values.sce_config.endpoint_nic }} table 10
-{{ if .Values.sce_config.endpoint_gateway }}
-ip route add default via {{ .Values.sce_config.endpoint_gateway }} table 10
-{{- end }}
-ip a a {{ .Values.sce_config.endpoint_ip }}/{{ .Values.sce_config.endpoint_mask }} dev {{ .Values.sce_config.endpoint_nic }} noprefixroute
-ip rule add dport 3784 table 10
-{{- end }}
--- a/ansible/roles/traffic-engine/files/helm/conf/tfe-env-start.sh
+++ b/ansible/roles/traffic-engine/files/helm/conf/tfe-env-start.sh
@@ -1,22 +0,0 @@
-#!/bin/bash -ex
-
-/usr/sbin/ip link set tap0 address fe:65:b7:03:50:bd
-/usr/sbin/ip link set tap0 up
-/usr/sbin/ip addr flush dev tap0
-/usr/sbin/ip addr add 172.16.241.2/30 dev tap0
-/usr/sbin/ip neigh flush dev tap0
-/usr/sbin/ip neigh add 172.16.241.1 lladdr 00:0e:c6:d6:72:c1 dev tap0 nud permanent
-/usr/sbin/ip6tables -A INPUT -i tap0 -m bpf --bytecode '17,48 0 0 0,84 0 0 240,21 0 13 96,48 0 0 6,21 0 11 6,40 0 0 4,37 0 9 24,48 0 0 52,84 0 0 240,116 0 0 2,53 0 5 24,48 0 0 60,21 0 3 88,48 0 0 61,21 0 1 4,6 0 0 65535,6 0 0 0' -j NFQUEUE --queue-num 1
-/usr/sbin/iptables -A INPUT -i tap0 -m bpf --bytecode '18,48 0 0 0,84 0 0 240,21 0 14 64,48 0 0 9,21 0 12 6,40 0 0 6,69 10 0 8191,177 0 0 0,80 0 0 12,84 0 0 240,116 0 0 2,53 0 5 24,80 0 0 20,21 0 3 88,80 0 0 21,21 0 1 4,6 0 0 65535,6 0 0 0' -j NFQUEUE --queue-num 1
-
-
-/usr/sbin/ip rule add iif tap0 tab 100
-/usr/sbin/ip route add local default dev lo table 100
-/usr/sbin/ip rule add fwmark 0x65 lookup 101
-/usr/sbin/ip route add default dev tap0 via 172.16.241.1 table 101
-
-/usr/sbin/ip addr add fd00::02/64 dev tap0
-/usr/sbin/ip -6 route add default via fd00::01
-/usr/sbin/ip -6 rule add iif tap0 tab 102
-/usr/sbin/ip -6 route add local default dev lo table 102
-/usr/sbin/ip -6 neigh add fd00::01 lladdr 00:0e:c6:d6:72:c1 dev tap0 nud permanent
--- a/ansible/roles/traffic-engine/files/helm/conf/tfe-env-stop.sh
+++ b/ansible/roles/traffic-engine/files/helm/conf/tfe-env-stop.sh
@@ -1,12 +0,0 @@
-#!/bin/bash -ex
-/usr/sbin/ip6tables -D INPUT -i tap0 -m bpf --bytecode '17,48 0 0 0,84 0 0 240,21 0 13 96,48 0 0 6,21 0 11 6,40 0 0 4,37 0 9 24,48 0 0 52,84 0 0 240,116 0 0 2,53 0 5 24,48 0 0 60,21 0 3 88,48 0 0 61,21 0 1 4,6 0 0 65535,6 0 0 0' -j NFQUEUE --queue-num 1
-/usr/sbin/iptables -D INPUT -i tap0 -m bpf --bytecode '18,48 0 0 0,84 0 0 240,21 0 14 64,48 0 0 9,21 0 12 6,40 0 0 6,69 10 0 8191,177 0 0 0,80 0 0 12,84 0 0 240,116 0 0 2,53 0 5 24,80 0 0 20,21 0 3 88,80 0 0 21,21 0 1 4,6 0 0 65535,6 0 0 0' -j NFQUEUE --queue-num 1
-/usr/sbin/ip rule del iif tap0 tab 100
-/usr/sbin/ip route del local default dev lo table 100
-/usr/sbin/ip rule del fwmark 0x65 lookup 101
-/usr/sbin/ip route del default dev tap0 via 172.16.241.1 table 101
-/usr/sbin/ip -6 rule del iif tap0 tab 102
-/usr/sbin/ip -6 route del default via fd00::01
-/usr/sbin/ip -6 route del local default dev lo table 102
-/usr/sbin/ip addr del fd00::02/64 dev tap0
-/usr/sbin/ip link set tap0 down
--- a/ansible/roles/traffic-engine/files/helm/templates/_config.tpl
+++ b/ansible/roles/traffic-engine/files/helm/templates/_config.tpl
@@ -202,3 +202,57 @@ enable_breakpad_upload=0
            if [ -f "/etc/traffic-engine/hotfix/certstore/scripts/prestart.sh" ]; then chmod 0755 /etc/traffic-engine/hotfix/certstore/scripts/prestart.sh; /etc/traffic-engine/hotfix/certstore/scripts/prestart.sh;fi
 {{- end -}}

+
+{{- define "traffic-engine.init" -}}
+            mkdir -p /target_config/opt/tsg/etc
+            mkdir -p /target_config/etc/default
+            chmod 0755 /opt/tsg/tsg-os-provision/scripts/obtain_sn.sh
+            /opt/tsg/tsg-os-provision/scripts/obtain_sn.sh
+{{ if eq .Values.proxy.enable .Values.define_enable_val_yes }}
+            ip tuntap add dev tap0 mode tap multi_queue
+            /usr/sbin/ip link set tap0 address fe:65:b7:03:50:bd
+            /usr/sbin/ip link set tap0 up
+            /usr/sbin/ip addr flush dev tap0
+            /usr/sbin/ip addr add 172.16.241.2/30 dev tap0
+            /usr/sbin/ip neigh flush dev tap0
+            /usr/sbin/ip neigh add 172.16.241.1 lladdr 00:0e:c6:d6:72:c1 dev tap0 nud permanent
+            /usr/sbin/ip6tables -A INPUT -i tap0 -m bpf --bytecode '17,48 0 0 0,84 0 0 240,21 0 13 96,48 0 0 6,21 0 11 6,40 0 0 4,37 0 9 24,48 0 0 52,84 0 0 240,116 0 0 2,53 0 5 24,48 0 0 60,21 0 3 88,48 0 0 61,21 0 1 4,6 0 0 65535,6 0 0 0' -j NFQUEUE --queue-num 1
+            /usr/sbin/iptables -A INPUT -i tap0 -m bpf --bytecode '18,48 0 0 0,84 0 0 240,21 0 14 64,48 0 0 9,21 0 12 6,40 0 0 6,69 10 0 8191,177 0 0 0,80 0 0 12,84 0 0 240,116 0 0 2,53 0 5 24,80 0 0 20,21 0 3 88,80 0 0 21,21 0 1 4,6 0 0 65535,6 0 0 0' -j NFQUEUE --queue-num 1
+            /usr/sbin/ip rule add iif tap0 tab 100
+            /usr/sbin/ip route add local default dev lo table 100
+            /usr/sbin/ip rule add fwmark 0x65 lookup 101
+            /usr/sbin/ip route add default dev tap0 via 172.16.241.1 table 101
+            /usr/sbin/ip addr add fd00::02/64 dev tap0
+            /usr/sbin/ip -6 route add default via fd00::01
+            /usr/sbin/ip -6 rule add iif tap0 tab 102
+            /usr/sbin/ip -6 route add local default dev lo table 102
+            /usr/sbin/ip -6 neigh add fd00::01 lladdr 00:0e:c6:d6:72:c1 dev tap0 nud permanent
+{{- end }}
+            mount -o remount,rw /sys
+{{ if .Values.sce_config.endpoint_nic }}
+            ip tuntap add dev {{ .Values.sce_config.endpoint_nic }} mode tap
+            ip link set dev {{ .Values.sce_config.endpoint_nic }} up
+            ip route add {{ .Values.sce_config.endpoint_netip }}/{{ .Values.sce_config.endpoint_mask }} dev {{ .Values.sce_config.endpoint_nic }} table 10
+{{ if .Values.sce_config.endpoint_gateway }}
+            ip route add default via {{ .Values.sce_config.endpoint_gateway }} table 10
+{{- end }}
+            ip a a {{ .Values.sce_config.endpoint_ip }}/{{ .Values.sce_config.endpoint_mask }} dev {{ .Values.sce_config.endpoint_nic }} noprefixroute
+            ip rule add dport 3784 table 10
+{{- end }}
+{{- end -}}
+
+{{/*
+#tfe-env-stop.sh
+#!/bin/bash -ex
+/usr/sbin/ip6tables -D INPUT -i tap0 -m bpf --bytecode '17,48 0 0 0,84 0 0 240,21 0 13 96,48 0 0 6,21 0 11 6,40 0 0 4,37 0 9 24,48 0 0 52,84 0 0 240,116 0 0 2,53 0 5 24,48 0 0 60,21 0 3 88,48 0 0 61,21 0 1 4,6 0 0 65535,6 0 0 0' -j NFQUEUE --queue-num 1
+/usr/sbin/iptables -D INPUT -i tap0 -m bpf --bytecode '18,48 0 0 0,84 0 0 240,21 0 14 64,48 0 0 9,21 0 12 6,40 0 0 6,69 10 0 8191,177 0 0 0,80 0 0 12,84 0 0 240,116 0 0 2,53 0 5 24,80 0 0 20,21 0 3 88,80 0 0 21,21 0 1 4,6 0 0 65535,6 0 0 0' -j NFQUEUE --queue-num 1
+/usr/sbin/ip rule del iif tap0 tab 100
+/usr/sbin/ip route del local default dev lo table 100
+/usr/sbin/ip rule del fwmark 0x65 lookup 101
+/usr/sbin/ip route del default dev tap0 via 172.16.241.1 table 101
+/usr/sbin/ip -6 rule del iif tap0 tab 102
+/usr/sbin/ip -6 route del default via fd00::01
+/usr/sbin/ip -6 route del local default dev lo table 102
+/usr/sbin/ip addr del fd00::02/64 dev tap0
+/usr/sbin/ip link set tap0 down
+*/}}
--- a/ansible/roles/traffic-engine/files/helm/templates/provision.yaml
+++ b/ansible/roles/traffic-engine/files/helm/templates/provision.yaml
@@ -1,9 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: provisioninit-{{ .Release.Name }}
-  namespace: default
-data:
-  provision-init.sh: {{ tpl (.Files.Get "conf/provision-init.sh") . | quote }}
-  tfe-env-start.sh: {{ tpl (.Files.Get "conf/tfe-env-start.sh") . | quote }}
-  tfe-env-stop.sh: {{ tpl (.Files.Get "conf/tfe-env-stop.sh") . | quote }}
--- a/ansible/roles/traffic-engine/files/helm/templates/traffic-engine.yaml
+++ b/ansible/roles/traffic-engine/files/helm/templates/traffic-engine.yaml
@@ -16,7 +16,7 @@ spec:
    metadata:
      labels:
        app: traffic-engine-{{ .Release.Name }}
-        vsysId: {{ .Values.vsys_id }}
+        vsysId: "{{ .Values.vsys_id }}"
        serviceFunction: {{ .Values.nic_raw_name }}
      annotations:
        configHash: "{{ .Values.configHash }}"
@@ -200,7 +200,7 @@ spec:

      - name: telegraf
        image: "docker.io/library/tsg-telegraf:{{ .Chart.AppVersion }}"
-        imagePullPolicy: {{ .Values.image.telegraf.pullPolicy }}
+        imagePullPolicy: Never
        command: ["/usr/bin/telegraf", "-config", "/etc/telegraf/telegraf_statistic.conf", "-config-directory", "/etc/telegraf/telegraf_statistic.d"]
        securityContext:
          privileged: true
@@ -221,7 +221,7 @@ spec:
 {{- if eq .Values.shaping.enable .Values.define_enable_val_yes }}
      - name: telegraf-shaping
        image: "docker.io/library/tsg-telegraf:{{ .Chart.AppVersion }}"
-        imagePullPolicy: {{ .Values.image.telegraf.pullPolicy }}
+        imagePullPolicy: Never
        command: ["/usr/bin/telegraf", "-config", "/etc/telegraf/telegraf_shaping.conf", "-config-directory", "/etc/telegraf/telegraf_statistic.d"]
        securityContext:
          privileged: true
@@ -253,8 +253,8 @@ spec:
          value: "9004"

      - name: minidump-hook
-        image: "{{ .Values.image.tsgInit.repository }}:{{ .Values.image.tsgInit.tag | default .Chart.AppVersion }}"
-        imagePullPolicy: {{ .Values.image.tsgInit.pullPolicy }}
+        image: "docker.io/library/tsg-init:{{ .Chart.AppVersion }}"
+        imagePullPolicy: Never
        command: ["/bin/sh", "-c", "while true; do touch /run/sapp/crashreport/.minidump; touch /run/tfe/crashreport/.minidump; touch /run/certstore/crashreport/.minidump; sleep 600; done"]
        volumeMounts:
        - name: firewall-minidump
@@ -267,7 +267,7 @@ spec:
 {{- if and (eq .Values.sce.enable .Values.define_enable_val_yes) (.Values.sce_config.endpoint_nic) }}
      - name: telegraf-sce
        image: "docker.io/library/tsg-telegraf:{{ .Chart.AppVersion }}"
-        imagePullPolicy: {{ .Values.image.telegraf.pullPolicy }}
+        imagePullPolicy: Never
        command: ["/usr/bin/telegraf", "-config", "/etc/telegraf/telegraf_sce.conf", "-config-directory", "/etc/telegraf/telegraf_statistic.d"]
        securityContext:
          privileged: true
@@ -392,7 +392,11 @@ spec:
      - name: tsg-init
        image: "docker.io/library/tsg-init:{{ .Chart.AppVersion }}"
        imagePullPolicy: Never
-        command: ["/opt/tsg/provision-init.sh"]
+        command:
+          - "bash"
+          - "-ec"
+          - |
+            {{ template "traffic-engine.init" }}
        securityContext:
          privileged: true
        env:
@@ -401,15 +405,6 @@ spec:
            fieldRef:
              fieldPath: status.hostIP
        volumeMounts:
-        - name: provisioninit
-          mountPath: "/opt/tsg/provision-init.sh"
-          subPath: "provision-init.sh" 
-        - name: provisioninit
-          mountPath: "/opt/tsg/tfe/tfe-env-start.sh"
-          subPath: "tfe-env-start.sh"       
-        - name: provisioninit
-          mountPath: "/opt/tsg/tfe/tfe-env-stop.sh"
-          subPath: "tfe-env-stop.sh"
        - name: config-volume
          mountPath: /target_config 
        - name: localtime-node
@@ -444,27 +439,23 @@ spec:
      - name: sce
        configMap:
          name: sce-{{ .Release.Name }}
-      - name: provisioninit
-        configMap:
-          defaultMode: 493
-          name: provisioninit-{{ .Release.Name }}
      - name: config-volume
        emptyDir: {}
      - name: firewall-minidump
        hostPath:
-          path: /var/crashreport/traffic-engine/traffic-engine-{{ .Release.Name }}/tsg-firewall:{{ .Values.image.proxy.tag | default .Chart.AppVersion }}/
+          path: /var/crashreport/traffic-engine/traffic-engine-{{ .Release.Name }}/tsg-firewall:{{ .Chart.AppVersion }}/
      - name: proxy-minidump
        hostPath:
-          path: /var/crashreport/traffic-engine/traffic-engine-{{ .Release.Name }}/tsg-proxy:{{ .Values.image.proxy.tag | default .Chart.AppVersion }}/
+          path: /var/crashreport/traffic-engine/traffic-engine-{{ .Release.Name }}/tsg-proxy:{{ .Chart.AppVersion }}/
      - name: sce-minidump
        hostPath:
-          path: /var/crashreport/traffic-engine/traffic-engine-{{ .Release.Name }}/tsg-sce:{{ .Values.image.sce.tag | default .Chart.AppVersion }}/
+          path: /var/crashreport/traffic-engine/traffic-engine-{{ .Release.Name }}/tsg-sce:{{ .Chart.AppVersion }}/
      - name: bfdd-minidump
        hostPath:
-          path: /var/crashreport/traffic-engine/traffic-engine-{{ .Release.Name }}/tsg-bfdd:{{ .Values.image.bfdd.tag | default .Chart.AppVersion }}/
+          path: /var/crashreport/traffic-engine/traffic-engine-{{ .Release.Name }}/tsg-bfdd:{{ .Chart.AppVersion }}/
      - name: certstore-minidump
        hostPath:
-          path: /var/crashreport/traffic-engine/traffic-engine-{{ .Release.Name }}/tsg-certstore:{{ .Values.image.proxy.tag | default .Chart.AppVersion }}/
+          path: /var/crashreport/traffic-engine/traffic-engine-{{ .Release.Name }}/tsg-certstore:{{ .Chart.AppVersion }}/
      - name: firewall-log
        hostPath: 
          path: /var/log/traffic-engine/traffic-engine-{{ .Release.Name }}/sapp/