diff --git a/ansible/roles/certstore/files/start.sh b/ansible/roles/certstore/files/start.sh index 9748f72f..2affd1bb 100644 --- a/ansible/roles/certstore/files/start.sh +++ b/ansible/roles/certstore/files/start.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/bin/bash -e prestart_scripts_dir="/etc/traffic-engine/hotfix/certstore/scripts" prestart=$prestart_scripts_dir/prestart.sh diff --git a/ansible/roles/firewall/templates/main.conf.j2.j2 b/ansible/roles/firewall/templates/main.conf.j2.j2 index 64fb7526..098a400a 100644 --- a/ansible/roles/firewall/templates/main.conf.j2.j2 +++ b/ansible/roles/firewall/templates/main.conf.j2.j2 @@ -183,3 +183,23 @@ SIGNALING_ORIGIN=REDIS HOS_IP="{{ olap.hos_server.address }}" HOS_PORT={{ olap.hos_server.port }} {% endraw %} + +{% raw %} +[SHAPING] +SWARMKV_CLUSTER_NAME="tsg-shaping-vsys{{ vsys_id }}" +SWARMKV_NODE_IP="0.0.0.0" +SWARMKV_NODE_PORT=8551 +SWARMKV_CONSUL_IP="127.0.0.1" +SWARMKV_CONSUL_PORT=8500 + +SWARMKV_CLUSTER_ANNOUNCE_IP="127.0.0.1" +SWARMKV_CLUSTER_ANNOUNCE_PORT=8551 + +SWARMKV_HEALTH_CHECK_PORT=8552 +SWARMKV_HEALTH_CHECK_ANOUNCE_PORT=8552 + +TELEGRAF_IP="127.0.0.1" +TELEGRAF_PORT=8200 +SESSION_QUEUE_LEN_MAX=128 +PRIORITY_QUEUE_LEN_MAX=1024 +{% endraw %} diff --git a/ansible/roles/sapp/files/start.sh b/ansible/roles/sapp/files/start.sh index 2681a6e1..c957d292 100644 --- a/ansible/roles/sapp/files/start.sh +++ b/ansible/roles/sapp/files/start.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/bin/bash -e prestart_scripts_dir="/etc/traffic-engine/hotfix/firewall/scripts" prestart=$prestart_scripts_dir/prestart.sh @@ -36,14 +36,21 @@ getServiceNodeport(){ export TOKEN=$(cat ${SERVICEACCOUNT}/token) export CACERT=${SERVICEACCOUNT}/ca.crt curl --cacert ${CACERT} --header "Authorization: Bearer ${TOKEN}" -X GET ${APISERVER}/api/v1/namespaces/${NAMESPACE}/services/${SERVICENAME} -o /tmp/service.txt - export CLUSTERANNOUNCEPORT=$(cat /tmp/service.txt | jq '.spec.ports[] | select(.name=="cluster-announce-port") | .nodePort') - export HEALTHCHECKANNOUNCEPORT=$(cat /tmp/service.txt | jq '.spec.ports[] | select(.name=="healthcheck-announce-port") | .nodePort') - echo "export CLUSTERANNOUNCEPORT=${CLUSTERANNOUNCEPORT}" > /etc/profile.d/announceinfo.sh - echo "export HEALTHCHECKANNOUNCEPORT=${HEALTHCHECKANNOUNCEPORT}" >> /etc/profile.d/announceinfo.sh + export CLUSTER_ANNOUNCE_PORT=$(cat /tmp/service.txt | jq '.spec.ports[] | select(.name=="cluster-announce-port") | .nodePort') + export HEALTH_CHECK_ANNOUNCE_PORT=$(cat /tmp/service.txt | jq '.spec.ports[] | select(.name=="healthcheck-announce-port") | .nodePort') + echo "export CLUSTER_ANNOUNCE_PORT=${CLUSTER_ANNOUNCE_PORT}" > /etc/profile.d/announceinfo.sh + echo "export HEALTH_CHECK_ANNOUNCE_PORT=${HEALTH_CHECK_ANNOUNCE_PORT}" >> /etc/profile.d/announceinfo.sh chmod 0755 /etc/profile.d/announceinfo.sh } +setShapingConfig(){ + sed -Ei "s|NODE_IP_LOCATION|${NODE_IP?}|g" /opt/tsg/sapp/tsgconf/main.conf + sed -Ei "s|CLUSTER_ANNOUNCE_PORT_LOCATION|${CLUSTER_ANNOUNCE_PORT?}|g" /opt/tsg/sapp/tsgconf/main.conf + sed -Ei "s|HEALTH_CHECK_ANNOUNCE_PORT_LOCATION|${HEALTH_CHECK_ANNOUNCE_PORT?}|g" /opt/tsg/sapp/tsgconf/main.conf +} + copyConfigmap2Dest getServiceNodeport +setShapingConfig prestart start diff --git a/ansible/roles/sapp/tasks/main.yml b/ansible/roles/sapp/tasks/main.yml index 3d58add7..65360be8 100644 --- a/ansible/roles/sapp/tasks/main.yml +++ b/ansible/roles/sapp/tasks/main.yml @@ -203,6 +203,33 @@ - /usr/lib/systemd/system/sapp.service when: runtime_env != 'TSG-X-P0906' +- name: "mkdir -p /opt/tsg/sapp/bin" + file: + path: /opt/tsg/sapp/bin + state: directory + when: runtime_env != 'TSG-X-P0906' + +- name: "copy set_shaping_addr.sh file to dest" + template: + src: "{{ role_path }}/templates/set_shaping_addr.sh.j2" + dest: /opt/tsg/sapp/bin/set_shaping_addr.sh + mode: 0755 + when: runtime_env != 'TSG-X-P0906' + +- name: "copy set_shaping_addr.sh file to dest" + template: + src: "{{ role_path }}/templates/set_shaping_addr.sh.j2" + dest: /opt/tsg/sapp/bin/set_shaping_addr.sh + mode: 0755 + when: runtime_env != 'TSG-X-P0906' + +- name: "copy startpre file to sapp.service.d" + copy: + src: "{{ role_path }}/templates/service_startpre.conf.j2" + dest: /usr/lib/systemd/system/sapp.service.d/service_startpre.conf + mode: 0644 + when: runtime_env != 'TSG-X-P0906' + - name: 'delete r2,r3' file: path: "/opt/tsg/sapp/{{ item }}" diff --git a/ansible/roles/sapp/templates/conflist.inf.j2.j2 b/ansible/roles/sapp/templates/conflist.inf.j2.j2 index cec1bb2b..8bf7977c 100644 --- a/ansible/roles/sapp/templates/conflist.inf.j2.j2 +++ b/ansible/roles/sapp/templates/conflist.inf.j2.j2 @@ -20,6 +20,9 @@ {% if ddossketch.enable == 1 %} ./plug/platform/tsg_ddos_sketch/tsg_ddos_sketch.inf {% endif %} +{% if shaping.enable == 1 %} +./plug/platform/shaping_master/shaping_master.inf +{% endif %} {% endraw %} [protocol] diff --git a/ansible/roles/sapp/templates/service_startpre.conf.j2 b/ansible/roles/sapp/templates/service_startpre.conf.j2 new file mode 100644 index 00000000..75b1d1a2 --- /dev/null +++ b/ansible/roles/sapp/templates/service_startpre.conf.j2 @@ -0,0 +1,2 @@ +[Service] +ExecStartPre=/opt/tsg/consul/bin/set_shaping_addr.sh \ No newline at end of file diff --git a/ansible/roles/sapp/templates/set_shaping_addr.sh.j2 b/ansible/roles/sapp/templates/set_shaping_addr.sh.j2 new file mode 100644 index 00000000..82a6a7df --- /dev/null +++ b/ansible/roles/sapp/templates/set_shaping_addr.sh.j2 @@ -0,0 +1,5 @@ +#!/bin/sh -ex +HOST_IP=$(ip a show {{ control_and_policy.nic_name }} | grep inet | grep -v inet6 | awk '{print $2}' | awk -F '/' '{print $1}') +echo "Log and policy nic ipv4 address:$HOST_IP" +sed -i "s/^SWARMKV_CONSUL_IP.*$/SWARMKV_CONSUL_IP=\"$HOST_IP\"/g" /opt/tsg/sapp/tsgconf/main.conf +sed -i "s/^SWARMKV_CLUSTER_ANNOUNCE_IP.*$/SWARMKV_CLUSTER_ANNOUNCE_IP=\"$HOST_IP\"/g" /opt/tsg/sapp/tsgconf/main.conf diff --git a/ansible/roles/tfe/files/start.sh b/ansible/roles/tfe/files/start.sh index 084ac92f..7e14d2a4 100644 --- a/ansible/roles/tfe/files/start.sh +++ b/ansible/roles/tfe/files/start.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/bin/bash -e prestart_scripts_dir="/etc/traffic-engine/hotfix/proxy/scripts" prestart=$prestart_scripts_dir/prestart.sh diff --git a/ansible/roles/traffic-engine/files/helm/conf/conflist.inf b/ansible/roles/traffic-engine/files/helm/conf/conflist.inf index d236f2db..ad38f2be 100644 --- a/ansible/roles/traffic-engine/files/helm/conf/conflist.inf +++ b/ansible/roles/traffic-engine/files/helm/conf/conflist.inf @@ -14,6 +14,9 @@ {{- if eq .Values.ddos_event.enable .Values.define_enable_val_yes }} ./plug/platform/tsg_ddos_sketch/tsg_ddos_sketch.inf {{- end }} +{{- if eq .Values.shaping.enable .Values.define_enable_val_yes }} +./plug/platform/shaping_master/shaping_master.inf +{{- end }} [protocol] {{- if eq .Values.decoders.SOCKS .Values.define_enable_val_yes }} diff --git a/ansible/roles/traffic-engine/files/helm/conf/main.conf b/ansible/roles/traffic-engine/files/helm/conf/main.conf index 7ded33dc..43338481 100644 --- a/ansible/roles/traffic-engine/files/helm/conf/main.conf +++ b/ansible/roles/traffic-engine/files/helm/conf/main.conf @@ -145,3 +145,23 @@ SIGNALING_ORIGIN=REDIS HOS_IP="{{- include "traffic-engine.config.hos-address" . }}" HOS_PORT={{- include "traffic-engine.config.hos-port" . }} + +{{- if eq .Values.shaping.enable .Values.define_enable_val_yes }} +[SHAPING] +SWARMKV_CLUSTER_NAME="tsg-shaping-vsys{{ .Values.vsys_id }}" +SWARMKV_NODE_IP="0.0.0.0" +SWARMKV_NODE_PORT=8551 +SWARMKV_CONSUL_IP="NODE_IP_LOCATION" +SWARMKV_CONSUL_PORT=30085 + +SWARMKV_CLUSTER_ANNOUNCE_IP="NODE_IP_LOCATION" +SWARMKV_CLUSTER_ANNOUNCE_PORT=CLUSTER_ANNOUNCE_PORT_LOCATION + +SWARMKV_HEALTH_CHECK_PORT=8552 +SWARMKV_HEALTH_CHECK_ANOUNCE_PORT=HEALTH_CHECK_ANNOUNCE_PORT_LOCATION + +TELEGRAF_IP="127.0.0.1" +TELEGRAF_PORT=8200 +SESSION_QUEUE_LEN_MAX=128 +PRIORITY_QUEUE_LEN_MAX=1024 +{{- end }} diff --git a/ansible/roles/traffic-engine/files/helm/templates/traffic-engine.yaml b/ansible/roles/traffic-engine/files/helm/templates/traffic-engine.yaml index 2ab69f4c..1e39e147 100644 --- a/ansible/roles/traffic-engine/files/helm/templates/traffic-engine.yaml +++ b/ansible/roles/traffic-engine/files/helm/templates/traffic-engine.yaml @@ -55,6 +55,10 @@ spec: fieldPath: status.hostIP - name: SERVICENAME value: traffic-engine-announce-vsys-{{ .Values.vsys_id }} + - name: NODE_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP securityContext: privileged: true livenessProbe: diff --git a/ansible/roles/traffic-engine/files/helm/values.yaml b/ansible/roles/traffic-engine/files/helm/values.yaml index c5d5f0d2..a8cdae49 100644 --- a/ansible/roles/traffic-engine/files/helm/values.yaml +++ b/ansible/roles/traffic-engine/files/helm/values.yaml @@ -209,4 +209,7 @@ service: healthcheckAnnounce: 8552 nodePort: clusterAnnounce: null - healthcheckAnnounce: null \ No newline at end of file + healthcheckAnnounce: null + +shaping: + enable: yes diff --git a/ansible/roles/tsg-os-provision/files/config_sample/provision.default.yml.7400MCN0P01R01 b/ansible/roles/tsg-os-provision/files/config_sample/provision.default.yml.7400MCN0P01R01 index dac7a033..efe814d0 100644 --- a/ansible/roles/tsg-os-provision/files/config_sample/provision.default.yml.7400MCN0P01R01 +++ b/ansible/roles/tsg-os-provision/files/config_sample/provision.default.yml.7400MCN0P01R01 @@ -88,3 +88,6 @@ consul_agent: encrypt: "XN0I7fHIY1+yLWm2PjegZ7U93nI/tmzNvtmBtZLuIfo=" datacenter: "dc1" node_name: "" + +shaping: + enable: 1 diff --git a/ansible/roles/tsg-os-provision/files/config_sample/provision.default.yml.9000NPBP01R01 b/ansible/roles/tsg-os-provision/files/config_sample/provision.default.yml.9000NPBP01R01 index b58db298..4203fb97 100644 --- a/ansible/roles/tsg-os-provision/files/config_sample/provision.default.yml.9000NPBP01R01 +++ b/ansible/roles/tsg-os-provision/files/config_sample/provision.default.yml.9000NPBP01R01 @@ -86,4 +86,7 @@ consul_agent: mode: "server" encrypt: "XN0I7fHIY1+yLWm2PjegZ7U93nI/tmzNvtmBtZLuIfo=" datacenter: "dc1" - node_name: "" \ No newline at end of file + node_name: "" + +shaping: + enable: 1 \ No newline at end of file diff --git a/ansible/roles/tsg-os-provision/files/config_sample/provision.default.yml.SERVER b/ansible/roles/tsg-os-provision/files/config_sample/provision.default.yml.SERVER index b156bfa5..acc20156 100644 --- a/ansible/roles/tsg-os-provision/files/config_sample/provision.default.yml.SERVER +++ b/ansible/roles/tsg-os-provision/files/config_sample/provision.default.yml.SERVER @@ -83,3 +83,6 @@ consul_agent: encrypt: "XN0I7fHIY1+yLWm2PjegZ7U93nI/tmzNvtmBtZLuIfo=" datacenter: "dc1" node_name: "" + +shaping: + enable: 1 \ No newline at end of file diff --git a/ansible/roles/tsg-os-provision/files/config_sample/provision.default.yml.TSGXNXR620G40R01P0804 b/ansible/roles/tsg-os-provision/files/config_sample/provision.default.yml.TSGXNXR620G40R01P0804 index 3751cb2f..b43026bd 100644 --- a/ansible/roles/tsg-os-provision/files/config_sample/provision.default.yml.TSGXNXR620G40R01P0804 +++ b/ansible/roles/tsg-os-provision/files/config_sample/provision.default.yml.TSGXNXR620G40R01P0804 @@ -96,3 +96,6 @@ consul_agent: encrypt: "XN0I7fHIY1+yLWm2PjegZ7U93nI/tmzNvtmBtZLuIfo=" datacenter: "dc1" node_name: "" + +shaping: + enable: 1 diff --git a/ansible/roles/tsg-os-provision/files/config_sample/provision.default.yml.TSGXNXR620G40R01P1403 b/ansible/roles/tsg-os-provision/files/config_sample/provision.default.yml.TSGXNXR620G40R01P1403 index a00f6169..5dcd9e36 100644 --- a/ansible/roles/tsg-os-provision/files/config_sample/provision.default.yml.TSGXNXR620G40R01P1403 +++ b/ansible/roles/tsg-os-provision/files/config_sample/provision.default.yml.TSGXNXR620G40R01P1403 @@ -94,4 +94,7 @@ consul_agent: mode: "server" encrypt: "XN0I7fHIY1+yLWm2PjegZ7U93nI/tmzNvtmBtZLuIfo=" datacenter: "dc1" - node_name: "" \ No newline at end of file + node_name: "" + +shaping: + enable: 1 diff --git a/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.7400MCN0P01R01 b/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.7400MCN0P01R01 index 9b48264c..ae45fa51 100644 --- a/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.7400MCN0P01R01 +++ b/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.7400MCN0P01R01 @@ -115,3 +115,6 @@ consul_agent: port: 8301 - address: 222.222.222.222 port: 8301 + +shaping: + enable: 1 diff --git a/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.9000NPBP01R01 b/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.9000NPBP01R01 index 39e4172c..435cbb81 100644 --- a/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.9000NPBP01R01 +++ b/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.9000NPBP01R01 @@ -79,3 +79,6 @@ consul_agent: port: 8301 - address: 222.222.222.222 port: 8301 + +shaping: + enable: 1 diff --git a/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.SERVER b/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.SERVER index a7fb178e..7e5ab7a7 100644 --- a/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.SERVER +++ b/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.SERVER @@ -85,3 +85,6 @@ consul_agent: port: 8301 - address: 222.222.222.222 port: 8301 + +shaping: + enable: 1 diff --git a/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.TSGXNXR620G40R01P0804 b/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.TSGXNXR620G40R01P0804 index 9148f895..76b97e66 100644 --- a/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.TSGXNXR620G40R01P0804 +++ b/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.TSGXNXR620G40R01P0804 @@ -94,3 +94,6 @@ consul_agent: port: 8301 - address: 222.222.222.222 port: 8301 + +shaping: + enable: 1 diff --git a/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.TSGXNXR620G40R01P1403 b/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.TSGXNXR620G40R01P1403 index 6dac6932..16cddb75 100644 --- a/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.TSGXNXR620G40R01P1403 +++ b/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.TSGXNXR620G40R01P1403 @@ -85,3 +85,6 @@ consul_agent: port: 8301 - address: 222.222.222.222 port: 8301 + +shaping: + enable: 1