feature:TSG-13617:OS支持渲染shaping master的配置

2023-02-08 16:54:08 +08:00
parent 4b6b3ed01c
commit a7dbdbcf66
22 changed files with 134 additions and 10 deletions
--- a/ansible/roles/certstore/files/start.sh
+++ b/ansible/roles/certstore/files/start.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/bash -e
 prestart_scripts_dir="/etc/traffic-engine/hotfix/certstore/scripts"
 prestart=$prestart_scripts_dir/prestart.sh

--- a/ansible/roles/firewall/templates/main.conf.j2.j2
+++ b/ansible/roles/firewall/templates/main.conf.j2.j2
@@ -183,3 +183,23 @@ SIGNALING_ORIGIN=REDIS
 HOS_IP="{{ olap.hos_server.address }}"
 HOS_PORT={{ olap.hos_server.port }}
 {% endraw %}
+
+{% raw %}
+[SHAPING]
+SWARMKV_CLUSTER_NAME="tsg-shaping-vsys{{ vsys_id }}"
+SWARMKV_NODE_IP="0.0.0.0"
+SWARMKV_NODE_PORT=8551
+SWARMKV_CONSUL_IP="127.0.0.1"
+SWARMKV_CONSUL_PORT=8500
+
+SWARMKV_CLUSTER_ANNOUNCE_IP="127.0.0.1"
+SWARMKV_CLUSTER_ANNOUNCE_PORT=8551
+
+SWARMKV_HEALTH_CHECK_PORT=8552
+SWARMKV_HEALTH_CHECK_ANOUNCE_PORT=8552
+
+TELEGRAF_IP="127.0.0.1"
+TELEGRAF_PORT=8200
+SESSION_QUEUE_LEN_MAX=128
+PRIORITY_QUEUE_LEN_MAX=1024
+{% endraw %}
--- a/ansible/roles/sapp/files/start.sh
+++ b/ansible/roles/sapp/files/start.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/bash -e
 prestart_scripts_dir="/etc/traffic-engine/hotfix/firewall/scripts"
 prestart=$prestart_scripts_dir/prestart.sh

@@ -36,14 +36,21 @@ getServiceNodeport(){
 	export TOKEN=$(cat ${SERVICEACCOUNT}/token)
 	export CACERT=${SERVICEACCOUNT}/ca.crt
 	curl --cacert ${CACERT} --header "Authorization: Bearer ${TOKEN}" -X GET ${APISERVER}/api/v1/namespaces/${NAMESPACE}/services/${SERVICENAME} -o /tmp/service.txt
-	export CLUSTERANNOUNCEPORT=$(cat /tmp/service.txt | jq '.spec.ports[] | select(.name=="cluster-announce-port") | .nodePort')
-	export HEALTHCHECKANNOUNCEPORT=$(cat /tmp/service.txt | jq '.spec.ports[] | select(.name=="healthcheck-announce-port") | .nodePort')
-	echo "export CLUSTERANNOUNCEPORT=${CLUSTERANNOUNCEPORT}" > /etc/profile.d/announceinfo.sh
-	echo "export HEALTHCHECKANNOUNCEPORT=${HEALTHCHECKANNOUNCEPORT}" >> /etc/profile.d/announceinfo.sh
+	export CLUSTER_ANNOUNCE_PORT=$(cat /tmp/service.txt | jq '.spec.ports[] | select(.name=="cluster-announce-port") | .nodePort')
+	export HEALTH_CHECK_ANNOUNCE_PORT=$(cat /tmp/service.txt | jq '.spec.ports[] | select(.name=="healthcheck-announce-port") | .nodePort')
+	echo "export CLUSTER_ANNOUNCE_PORT=${CLUSTER_ANNOUNCE_PORT}" > /etc/profile.d/announceinfo.sh
+	echo "export HEALTH_CHECK_ANNOUNCE_PORT=${HEALTH_CHECK_ANNOUNCE_PORT}" >> /etc/profile.d/announceinfo.sh
 	chmod 0755 /etc/profile.d/announceinfo.sh
 }

+setShapingConfig(){
+	sed -Ei "s|NODE_IP_LOCATION|${NODE_IP?}|g" /opt/tsg/sapp/tsgconf/main.conf
+	sed -Ei "s|CLUSTER_ANNOUNCE_PORT_LOCATION|${CLUSTER_ANNOUNCE_PORT?}|g" /opt/tsg/sapp/tsgconf/main.conf
+	sed -Ei "s|HEALTH_CHECK_ANNOUNCE_PORT_LOCATION|${HEALTH_CHECK_ANNOUNCE_PORT?}|g" /opt/tsg/sapp/tsgconf/main.conf	
+}
+
 copyConfigmap2Dest
 getServiceNodeport
+setShapingConfig
 prestart
 start
--- a/ansible/roles/sapp/tasks/main.yml
+++ b/ansible/roles/sapp/tasks/main.yml
@@ -203,6 +203,33 @@
    - /usr/lib/systemd/system/sapp.service
  when: runtime_env != 'TSG-X-P0906' 

+- name: "mkdir -p /opt/tsg/sapp/bin"
+  file:
+    path: /opt/tsg/sapp/bin
+    state: directory
+  when: runtime_env != 'TSG-X-P0906'
+
+- name: "copy set_shaping_addr.sh file to dest"
+  template:
+    src: "{{ role_path }}/templates/set_shaping_addr.sh.j2"
+    dest: /opt/tsg/sapp/bin/set_shaping_addr.sh
+    mode: 0755
+  when: runtime_env != 'TSG-X-P0906'
+
+- name: "copy set_shaping_addr.sh file to dest"
+  template:
+    src: "{{ role_path }}/templates/set_shaping_addr.sh.j2"
+    dest: /opt/tsg/sapp/bin/set_shaping_addr.sh
+    mode: 0755
+  when: runtime_env != 'TSG-X-P0906'  
+
+- name: "copy startpre file to sapp.service.d"
+  copy:
+    src: "{{ role_path }}/templates/service_startpre.conf.j2"
+    dest: /usr/lib/systemd/system/sapp.service.d/service_startpre.conf
+    mode: 0644
+  when: runtime_env != 'TSG-X-P0906'
+
 - name: 'delete r2,r3'
  file:
    path: "/opt/tsg/sapp/{{ item }}"
--- a/ansible/roles/sapp/templates/conflist.inf.j2.j2
+++ b/ansible/roles/sapp/templates/conflist.inf.j2.j2
@@ -20,6 +20,9 @@
 {% if ddossketch.enable == 1 %}
 ./plug/platform/tsg_ddos_sketch/tsg_ddos_sketch.inf
 {% endif %}
+{% if shaping.enable == 1 %}
+./plug/platform/shaping_master/shaping_master.inf
+{% endif %}
 {% endraw %}

 [protocol]
--- a/ansible/roles/sapp/templates/service_startpre.conf.j2
+++ b/ansible/roles/sapp/templates/service_startpre.conf.j2
@@ -0,0 +1,2 @@
+[Service]
+ExecStartPre=/opt/tsg/consul/bin/set_shaping_addr.sh
--- a/ansible/roles/sapp/templates/set_shaping_addr.sh.j2
+++ b/ansible/roles/sapp/templates/set_shaping_addr.sh.j2
@@ -0,0 +1,5 @@
+#!/bin/sh -ex
+HOST_IP=$(ip a show {{ control_and_policy.nic_name }} | grep inet | grep -v inet6 | awk '{print $2}' | awk -F '/' '{print $1}')
+echo "Log and policy nic ipv4 address:$HOST_IP"
+sed -i "s/^SWARMKV_CONSUL_IP.*$/SWARMKV_CONSUL_IP=\"$HOST_IP\"/g" /opt/tsg/sapp/tsgconf/main.conf
+sed -i "s/^SWARMKV_CLUSTER_ANNOUNCE_IP.*$/SWARMKV_CLUSTER_ANNOUNCE_IP=\"$HOST_IP\"/g" /opt/tsg/sapp/tsgconf/main.conf
--- a/ansible/roles/tfe/files/start.sh
+++ b/ansible/roles/tfe/files/start.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/bash -e
 prestart_scripts_dir="/etc/traffic-engine/hotfix/proxy/scripts"
 prestart=$prestart_scripts_dir/prestart.sh

--- a/ansible/roles/traffic-engine/files/helm/conf/conflist.inf
+++ b/ansible/roles/traffic-engine/files/helm/conf/conflist.inf
@@ -14,6 +14,9 @@
 {{- if eq .Values.ddos_event.enable .Values.define_enable_val_yes }}
 ./plug/platform/tsg_ddos_sketch/tsg_ddos_sketch.inf
 {{- end }}
+{{- if eq .Values.shaping.enable .Values.define_enable_val_yes }}
+./plug/platform/shaping_master/shaping_master.inf
+{{- end }}

 [protocol]
 {{- if eq .Values.decoders.SOCKS .Values.define_enable_val_yes }}
--- a/ansible/roles/traffic-engine/files/helm/conf/main.conf
+++ b/ansible/roles/traffic-engine/files/helm/conf/main.conf
@@ -145,3 +145,23 @@ SIGNALING_ORIGIN=REDIS

 HOS_IP="{{- include "traffic-engine.config.hos-address" . }}"
 HOS_PORT={{- include "traffic-engine.config.hos-port" . }}
+
+{{- if eq .Values.shaping.enable .Values.define_enable_val_yes }}
+[SHAPING]
+SWARMKV_CLUSTER_NAME="tsg-shaping-vsys{{ .Values.vsys_id }}"
+SWARMKV_NODE_IP="0.0.0.0"
+SWARMKV_NODE_PORT=8551
+SWARMKV_CONSUL_IP="NODE_IP_LOCATION"
+SWARMKV_CONSUL_PORT=30085
+
+SWARMKV_CLUSTER_ANNOUNCE_IP="NODE_IP_LOCATION"
+SWARMKV_CLUSTER_ANNOUNCE_PORT=CLUSTER_ANNOUNCE_PORT_LOCATION
+
+SWARMKV_HEALTH_CHECK_PORT=8552
+SWARMKV_HEALTH_CHECK_ANOUNCE_PORT=HEALTH_CHECK_ANNOUNCE_PORT_LOCATION
+
+TELEGRAF_IP="127.0.0.1"
+TELEGRAF_PORT=8200
+SESSION_QUEUE_LEN_MAX=128
+PRIORITY_QUEUE_LEN_MAX=1024
+{{- end }}
--- a/ansible/roles/traffic-engine/files/helm/templates/traffic-engine.yaml
+++ b/ansible/roles/traffic-engine/files/helm/templates/traffic-engine.yaml
@@ -55,6 +55,10 @@ spec:
              fieldPath: status.hostIP
        - name: SERVICENAME
          value: traffic-engine-announce-vsys-{{ .Values.vsys_id }}
+        - name: NODE_IP
+          valueFrom:
+            fieldRef:
+              fieldPath: status.hostIP
        securityContext:
          privileged: true
        livenessProbe:
--- a/ansible/roles/traffic-engine/files/helm/values.yaml
+++ b/ansible/roles/traffic-engine/files/helm/values.yaml
@@ -209,4 +209,7 @@ service:
    healthcheckAnnounce: 8552
  nodePort:
    clusterAnnounce: null
-    healthcheckAnnounce: null
+    healthcheckAnnounce: null
+
+shaping:
+  enable: yes
--- a/ansible/roles/tsg-os-provision/files/config_sample/provision.default.yml.7400MCN0P01R01
+++ b/ansible/roles/tsg-os-provision/files/config_sample/provision.default.yml.7400MCN0P01R01
@@ -88,3 +88,6 @@ consul_agent:
  encrypt: "XN0I7fHIY1+yLWm2PjegZ7U93nI/tmzNvtmBtZLuIfo="
  datacenter: "dc1"
  node_name: ""
+
+shaping:
+  enable: 1
--- a/ansible/roles/tsg-os-provision/files/config_sample/provision.default.yml.9000NPBP01R01
+++ b/ansible/roles/tsg-os-provision/files/config_sample/provision.default.yml.9000NPBP01R01
@@ -86,4 +86,7 @@ consul_agent:
  mode: "server"
  encrypt: "XN0I7fHIY1+yLWm2PjegZ7U93nI/tmzNvtmBtZLuIfo="
  datacenter: "dc1"
-  node_name: ""
+  node_name: ""
+
+shaping:
+  enable: 1
--- a/ansible/roles/tsg-os-provision/files/config_sample/provision.default.yml.SERVER
+++ b/ansible/roles/tsg-os-provision/files/config_sample/provision.default.yml.SERVER
@@ -83,3 +83,6 @@ consul_agent:
  encrypt: "XN0I7fHIY1+yLWm2PjegZ7U93nI/tmzNvtmBtZLuIfo="
  datacenter: "dc1"
  node_name: ""
+
+shaping:
+  enable: 1
--- a/ansible/roles/tsg-os-provision/files/config_sample/provision.default.yml.TSGXNXR620G40R01P0804
+++ b/ansible/roles/tsg-os-provision/files/config_sample/provision.default.yml.TSGXNXR620G40R01P0804
@@ -96,3 +96,6 @@ consul_agent:
  encrypt: "XN0I7fHIY1+yLWm2PjegZ7U93nI/tmzNvtmBtZLuIfo="
  datacenter: "dc1"
  node_name: ""
+
+shaping:
+  enable: 1
--- a/ansible/roles/tsg-os-provision/files/config_sample/provision.default.yml.TSGXNXR620G40R01P1403
+++ b/ansible/roles/tsg-os-provision/files/config_sample/provision.default.yml.TSGXNXR620G40R01P1403
@@ -94,4 +94,7 @@ consul_agent:
  mode: "server"
  encrypt: "XN0I7fHIY1+yLWm2PjegZ7U93nI/tmzNvtmBtZLuIfo="
  datacenter: "dc1"
-  node_name: ""
+  node_name: ""
+
+shaping:
+  enable: 1
--- a/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.7400MCN0P01R01
+++ b/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.7400MCN0P01R01
@@ -115,3 +115,6 @@ consul_agent:
      port: 8301
    - address: 222.222.222.222
      port: 8301
+
+shaping:
+  enable: 1
--- a/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.9000NPBP01R01
+++ b/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.9000NPBP01R01
@@ -79,3 +79,6 @@ consul_agent:
      port: 8301
    - address: 222.222.222.222
      port: 8301
+
+shaping:
+  enable: 1
--- a/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.SERVER
+++ b/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.SERVER
@@ -85,3 +85,6 @@ consul_agent:
      port: 8301
    - address: 222.222.222.222
      port: 8301
+
+shaping:
+  enable: 1
--- a/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.TSGXNXR620G40R01P0804
+++ b/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.TSGXNXR620G40R01P0804
@@ -94,3 +94,6 @@ consul_agent:
      port: 8301
    - address: 222.222.222.222
      port: 8301
+
+shaping:
+  enable: 1
--- a/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.TSGXNXR620G40R01P1403
+++ b/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.TSGXNXR620G40R01P1403
@@ -85,3 +85,6 @@ consul_agent:
      port: 8301
    - address: 222.222.222.222
      port: 8301
+
+shaping:
+  enable: 1