refactor: Modify tsg-diagnose install role.
This commit is contained in:
fumingwei
@@ -1,78 +0,0 @@
|
||||
---
|
||||
apiVersion: "k8s.cni.cncf.io/v1"
|
||||
kind: NetworkAttachmentDefinition
|
||||
metadata:
|
||||
namespace: tsg-os-system
|
||||
name: br-dign-client
|
||||
spec:
|
||||
config: '{
|
||||
"cniVersion": "0.3.0",
|
||||
"type": "bridge",
|
||||
"bridge": "br_dign_c",
|
||||
"ipam": {
|
||||
"type": "host-local",
|
||||
"ranges": [
|
||||
[ {
|
||||
"subnet": "192.0.2.0/24",
|
||||
"rangeStart": "192.0.2.211",
|
||||
"rangeEnd": "192.0.2.220",
|
||||
"gateway": "192.0.2.1"
|
||||
} ]
|
||||
]
|
||||
}
|
||||
}'
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: DaemonSet
|
||||
metadata:
|
||||
namespace: tsg-os-system
|
||||
name: dign-client
|
||||
labels:
|
||||
app: dign-client
|
||||
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app: dign-client
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: dign-client
|
||||
annotations:
|
||||
k8s.v1.cni.cncf.io/networks: br-dign-client
|
||||
spec:
|
||||
containers:
|
||||
- name: dign-client
|
||||
image: "dign-client:latest"
|
||||
imagePullPolicy: Never
|
||||
workingDir: /opt/dign_client
|
||||
command: ["/bin/sh", "-c", "update-ca-certificates; tail -f /dev/null"]
|
||||
securityContext:
|
||||
privileged: true
|
||||
volumeMounts:
|
||||
- name: localtime-node
|
||||
mountPath: /etc/localtime
|
||||
readOnly: true
|
||||
- name: ca-cert-file
|
||||
mountPath: /usr/local/share/ca-certificates
|
||||
- name: log-path
|
||||
mountPath: /opt/dign_client/log
|
||||
- name: config-path
|
||||
mountPath: /opt/dign_client/etc/client.conf
|
||||
subPath: "client.conf"
|
||||
|
||||
volumes:
|
||||
- name: localtime-node
|
||||
hostPath:
|
||||
path: /etc/localtime
|
||||
- name: ca-cert-file
|
||||
hostPath:
|
||||
path: /opt/tsg/tsg-diagnose/etc/.certs_import/certs/sets/current/gen/crt
|
||||
- name: log-path
|
||||
hostPath:
|
||||
path: /opt/tsg/tsg-diagnose/log
|
||||
- name: config-path
|
||||
hostPath:
|
||||
path: /opt/tsg/tsg-diagnose/etc
|
||||
---
|
||||
|
||||
@@ -1,113 +0,0 @@
|
||||
---
|
||||
apiVersion: "k8s.cni.cncf.io/v1"
|
||||
kind: NetworkAttachmentDefinition
|
||||
metadata:
|
||||
namespace: tsg-os-system
|
||||
name: br-dign-server
|
||||
spec:
|
||||
config: '{
|
||||
"cniVersion": "0.3.0",
|
||||
"type": "bridge",
|
||||
"bridge": "br_dign_s",
|
||||
"ipam": {
|
||||
"type": "host-local",
|
||||
"ranges": [
|
||||
[ {
|
||||
"subnet": "192.0.2.0/24",
|
||||
"rangeStart": "192.0.2.201",
|
||||
"rangeEnd": "192.0.2.210",
|
||||
"gateway": "192.0.2.1"
|
||||
} ]
|
||||
]
|
||||
}
|
||||
}'
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: DaemonSet
|
||||
metadata:
|
||||
namespace: tsg-os-system
|
||||
name: dign-server
|
||||
labels:
|
||||
app: dign-server
|
||||
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app: dign-server
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: dign-server
|
||||
annotations:
|
||||
k8s.v1.cni.cncf.io/networks: br-dign-server
|
||||
|
||||
spec:
|
||||
containers:
|
||||
- name: dign-server-dns
|
||||
image: "dign-server-dns:latest"
|
||||
imagePullPolicy: Never
|
||||
command: ["/bin/sh", "-c", "echo 66.66.66.66 www.1testanswer-cname.com >> /etc/hosts; webproc --config /etc/dnsmasq.conf -- dnsmasq --no-daemon"]
|
||||
securityContext:
|
||||
privileged: true
|
||||
livenessProbe:
|
||||
exec:
|
||||
command:
|
||||
- ifconfig
|
||||
- net1
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
volumeMounts:
|
||||
- name: localtime-node
|
||||
mountPath: /etc/localtime
|
||||
readOnly: true
|
||||
- name: config-path
|
||||
mountPath: /etc/dnsmasq.conf
|
||||
subPath: dnsmasq.conf
|
||||
readOnly: true
|
||||
|
||||
- name: dign-server-web
|
||||
image: "dign-server-web:latest"
|
||||
imagePullPolicy: Never
|
||||
command: ["/bin/bash", "-c", "make inside-docker;nginx;tail -f /dev/null"]
|
||||
securityContext:
|
||||
privileged: true
|
||||
livenessProbe:
|
||||
exec:
|
||||
command:
|
||||
- ifconfig
|
||||
- net1
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
volumeMounts:
|
||||
- name: localtime-node
|
||||
mountPath: /etc/localtime
|
||||
readOnly: true
|
||||
- name: certs-path
|
||||
mountPath: /badssl.com/certs
|
||||
readOnly: true
|
||||
- name: common-path
|
||||
mountPath: /badssl.com/common
|
||||
readOnly: true
|
||||
|
||||
initContainers:
|
||||
- name: tsg-dign-init
|
||||
image: "dign-server-dns:latest"
|
||||
imagePullPolicy: Never
|
||||
command: ["/bin/sh","-c","i=1;while [ \"$i\" -le 64 ]; do ip_suffix=$(( i + 100 ));ifconfig net1:$i 192.0.2.$ip_suffix;i=$(( i + 1 ));done;"]
|
||||
securityContext:
|
||||
privileged: true
|
||||
|
||||
volumes:
|
||||
- name: localtime-node
|
||||
hostPath:
|
||||
path: /etc/localtime
|
||||
- name: config-path
|
||||
hostPath:
|
||||
path: /opt/tsg/tsg-diagnose/etc/
|
||||
- name: certs-path
|
||||
hostPath:
|
||||
path: /opt/tsg/tsg-diagnose/etc/.certs_import/certs
|
||||
- name: common-path
|
||||
hostPath:
|
||||
path: /opt/tsg/tsg-diagnose/etc/.certs_import/common
|
||||
---
|
||||
@@ -1,4 +0,0 @@
|
||||
[Service]
|
||||
ExecStartPre=/bin/sh -c "docker load < /opt/tsg/tsg-diagnose/images/server_web.tar"
|
||||
ExecStartPre=/bin/sh -c "docker load < /opt/tsg/tsg-diagnose/images/server_dns.tar"
|
||||
ExecStartPre=/bin/sh -c "docker load < /opt/tsg/tsg-diagnose/images/client.tar"
|
||||
@@ -1,14 +0,0 @@
|
||||
[Unit]
|
||||
Description=Tsg diagnose
|
||||
Requires=docker.service
|
||||
After=docker.service
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
RemainAfterExit=yes
|
||||
WorkingDirectory=/opt/tsg/tsg-diagnose/compose/%i
|
||||
ExecStart=/bin/sh -c "docker-compose down --remove-orphans; docker-compose up -d --remove-orphans"
|
||||
ExecStop=/bin/sh -c "docker-compose down --remove-orphans"
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
@@ -1,80 +1,35 @@
|
||||
#- name: "Install tsg-diagnose"
|
||||
# shell: rpm -i /tmp/rpm_download/{{ tsg_diagnose_rpm_version.tsg_diagnose }}*
|
||||
#
|
||||
- name: "download rpm packages: tsg-diagnose"
|
||||
- name: "Install rpm packages."
|
||||
yum:
|
||||
name:
|
||||
- "{{ tsg_diagnose_rpm_version.tsg_diagnose }}"
|
||||
name: "{{ tsg_diagnose_rpm_version.tsg_diagnose }}"
|
||||
conf_file: "{{ rpm_repo_config_path }}"
|
||||
state: present
|
||||
download_only: yes
|
||||
download_dir: "{{ path_download }}"
|
||||
|
||||
- name: "Get tsg_diagnose rpm path"
|
||||
find:
|
||||
path: /tmp/rpm_download/
|
||||
pattern: "{{ tsg_diagnose_rpm_version.tsg_diagnose }}*"
|
||||
register: tsg_diagnose_rpm_fullname
|
||||
|
||||
- name: "Install tsg_diagnose from local path"
|
||||
yum:
|
||||
name: "{{ tsg_diagnose_rpm_fullname.files[0].path }}"
|
||||
state: present
|
||||
disable_gpg_check: yes
|
||||
|
||||
- name: "Templates docker-compose.yml"
|
||||
template:
|
||||
src: "{{role_path}}/templates/docker-compose.yml.j2"
|
||||
dest: /opt/tsg/tsg-diagnose/compose/docker-compose.yml
|
||||
tags: template
|
||||
- name: "Enable sudo exec tsg-diagnose command."
|
||||
shell: sed -i -E 's/^(.*Defaults secure_path =.*)$/\1:\/opt\/tsg\/tsg-diagnose\/scripts/' /etc/sudoers
|
||||
|
||||
- name: "Set docker-compose.yaml server parent nic name."
|
||||
shell: sed -i 's/eth_vf_dign_s/{{ diagnose.virtual_server_nic }}/g' /opt/tsg/tsg-diagnose/compose/docker-compose.yml
|
||||
when: runtime_env != 'TSG-X-P0906'
|
||||
|
||||
- name: "copy tsg-diagnose.service file to dest"
|
||||
copy:
|
||||
src: "{{ role_path }}/files/tsg-diagnose.service"
|
||||
dest: /usr/lib/systemd/system/tsg-diagnose.service
|
||||
mode: 0644
|
||||
- name: "Set docker-compose.yaml client parent nic name."
|
||||
shell: sed -i 's/eth_vf_dign_c/{{ diagnose.virtual_client_nic }}/g' /opt/tsg/tsg-diagnose/compose/docker-compose.yml
|
||||
when: runtime_env != 'TSG-X-P0906'
|
||||
|
||||
- name: "Create /usr/lib/systemd/system/tsg-diagnose.service.d/ directory if it does not exist"
|
||||
file:
|
||||
path: "{{ item }}"
|
||||
state: directory
|
||||
mode: '0755'
|
||||
with_items:
|
||||
- /usr/lib/systemd/system/tsg-diagnose.service.d
|
||||
- name: "Set tsg-diagnose.service WantedBy to workload.target."
|
||||
shell: sed -i 's/WantedBy=multi-user.target/WantedBy=workload.target/g' /usr/lib/systemd/system/tsg-diagnose.service
|
||||
when: runtime_env != 'TSG-X-P0906'
|
||||
|
||||
- name: "copy prestart file to tsg-diagnose.service.d"
|
||||
copy:
|
||||
src: "{{ role_path }}/files/service_override_prestart.conf"
|
||||
dest: /usr/lib/systemd/system/tsg-diagnose.service.d/
|
||||
mode: 0644
|
||||
when: runtime_env != 'TSG-X-P0906'
|
||||
|
||||
- name: "replace action: replace service WantedBy from multi-user.target to workload.target"
|
||||
replace:
|
||||
path: "{{ item }}"
|
||||
regexp: 'WantedBy=multi-user.target'
|
||||
replace: 'WantedBy=workload.target'
|
||||
with_items:
|
||||
- /usr/lib/systemd/system/tsg-diagnose.service
|
||||
when: runtime_env != 'TSG-X-P0906'
|
||||
|
||||
- name: "add sudo secure_path"
|
||||
lineinfile:
|
||||
path: /etc/sudoers
|
||||
backrefs: yes
|
||||
regexp: "^(.*Defaults secure_path =.*)$"
|
||||
line: '\1:/opt/tsg/tsg-diagnose/scripts'
|
||||
- name: "Create k3s mainfest path."
|
||||
shell: mkdir -p /var/lib/rancher/k3s/server/manifests/
|
||||
when: runtime_env == 'TSG-X-P0906'
|
||||
|
||||
- name: "copy k3s resouce file to k3s manifests directory"
|
||||
copy:
|
||||
src: "{{ role_path }}/files/{{ item }}"
|
||||
dest: /var/lib/rancher/k3s/server/manifests/
|
||||
with_items:
|
||||
- dign-client.yaml
|
||||
- dign-server.yaml
|
||||
shell: cp /opt/tsg/tsg-diagnose/k8s-resource/* /var/lib/rancher/k3s/server/manifests/
|
||||
when: runtime_env == 'TSG-X-P0906'
|
||||
|
||||
- name: "Set service function config mount path."
|
||||
shell: sed -i 's/\/opt\/tsg\/tsg-diagnose\/share/\/opt\/tsg\/clixon\/share/g' /var/lib/rancher/k3s/server/manifests/tsg-diagnose-client.yaml
|
||||
when: runtime_env == 'TSG-X-P0906'
|
||||
|
||||
- name: "copy iptables shell to dispatcher.d"
|
||||
@@ -83,10 +38,3 @@
|
||||
dest: /etc/NetworkManager/dispatcher.d/
|
||||
mode: 0755
|
||||
when: runtime_env == 'TSG-X-P0906'
|
||||
|
||||
- name: "modify k3s command"
|
||||
shell: sed -i 's/kubectl exec -it daemonset\/dign-client/kubectl exec -n tsg-os-system -it daemonset\/dign-client/g' {{ item }}
|
||||
with_items:
|
||||
- /opt/tsg/tsg-diagnose/scripts/tsg-diagnose-oneshot
|
||||
- /opt/tsg/tsg-diagnose/scripts/tsg-diagnose-periodical
|
||||
when: runtime_env == 'TSG-X-P0906'
|
||||
|
||||
@@ -1,125 +0,0 @@
|
||||
#for tsg-diagnose
|
||||
version: '2.2'
|
||||
services:
|
||||
|
||||
server_web:
|
||||
image: "dign-server-web:latest"
|
||||
container_name: "dign-server-web"
|
||||
tty: true
|
||||
privileged: true
|
||||
networks:
|
||||
server_macvlan_net:
|
||||
ipv4_address: 192.0.2.130
|
||||
ipv6_address: fd00:a1bf:2c3d:ef5a:1e2f:3d4c:56ab:1010
|
||||
bridge_direct_net:
|
||||
ipv4_address: 192.51.100.2
|
||||
volumes:
|
||||
- /opt/tsg/tsg-diagnose/etc/.certs_import:/badssl.com/certs_import
|
||||
- /etc/localtime:/etc/localtime:ro
|
||||
command: >
|
||||
bash -c "ifconfig eth0 hw ether 02:42:c0:a8:fd:82
|
||||
&& arp -i eth0 -s 192.0.2.3 02:42:C0:A8:FD:03
|
||||
&& cp -r /badssl.com/certs_import/certs /badssl.com/certs_import/common /badssl.com
|
||||
&& make inside-docker
|
||||
&& nginx
|
||||
&& tail -f /dev/null"
|
||||
|
||||
|
||||
server_dns:
|
||||
image: "dign-server-dns:latest"
|
||||
container_name: "dign-server-dns"
|
||||
tty: true
|
||||
privileged: true
|
||||
networks:
|
||||
server_macvlan_net:
|
||||
ipv4_address: 192.0.2.135
|
||||
ipv6_address: fd00:a1bf:2c3d:ef5a:1e2f:3d4c:56ab:1015
|
||||
bridge_direct_net:
|
||||
ipv4_address: 192.51.100.5
|
||||
volumes:
|
||||
- /opt/tsg/tsg-diagnose/etc/dnsmasq.conf:/etc/dnsmasq.conf
|
||||
- /etc/localtime:/etc/localtime:ro
|
||||
entrypoint: /bin/sh
|
||||
command:
|
||||
- -c
|
||||
- |
|
||||
ifconfig eth0 hw ether 02:42:C0:A8:FD:85
|
||||
arp -i eth0 -s 192.0.2.3 02:42:C0:A8:FD:03
|
||||
echo 66.66.66.66 www.1testanswer-cname.com >> /etc/hosts
|
||||
webproc --config /etc/dnsmasq.conf -- dnsmasq --no-daemon &
|
||||
tail -f /dev/null
|
||||
|
||||
client:
|
||||
image: "dign-client:latest"
|
||||
container_name: "dign-client"
|
||||
depends_on:
|
||||
- server_web
|
||||
- server_dns
|
||||
tty: true
|
||||
privileged: true
|
||||
networks:
|
||||
client_macvlan_net:
|
||||
ipv4_address: 192.0.2.3
|
||||
ipv6_address: fd00:a1bf:2c3d:ef5b:6e7f:8d9c:abfe:1012
|
||||
bridge_direct_net:
|
||||
ipv4_address: 192.51.100.4
|
||||
volumes:
|
||||
- /opt/tsg/tsg-diagnose/etc/.certs_import:/opt/dign_client/etc/certs_import
|
||||
- /opt/tsg/tsg-diagnose/log:/opt/dign_client/log
|
||||
- /opt/tsg/tsg-diagnose/etc/client.conf:/opt/dign_client/etc/client.conf
|
||||
- /etc/localtime:/etc/localtime:ro
|
||||
command:
|
||||
- /bin/sh
|
||||
- -c
|
||||
- |
|
||||
/opt/dign_client/bin/wait-for 192.51.100.2:443 -t 60 -- echo "server web is up"
|
||||
/opt/dign_client/bin/wait-for 192.51.100.5:8080 -t 60 -- echo "server dns is up"
|
||||
ifconfig eth0 hw ether 02:42:C0:A8:FD:03
|
||||
arp -i eth0 -s 192.0.2.130 02:42:c0:a8:fd:82
|
||||
arp -i eth0 -s 192.0.2.131 02:42:C0:A8:FD:83
|
||||
arp -i eth0 -s 192.0.2.135 02:42:C0:A8:FD:85
|
||||
mkdir -p /opt/dign_client/log
|
||||
cp -rf /opt/dign_client/etc/certs_import/certs/sets/current/gen/crt/ca-root.crt /usr/local/share/ca-certificates
|
||||
update-ca-certificates
|
||||
cat /opt/dign_client/etc/hosts >> /etc/hosts
|
||||
tail -f /dev/null
|
||||
|
||||
|
||||
networks:
|
||||
bridge_direct_net:
|
||||
name: dign-direct-bridge
|
||||
driver: bridge
|
||||
ipam:
|
||||
config:
|
||||
- subnet: 192.51.100.0/24
|
||||
gateway: 192.51.100.1
|
||||
|
||||
server_macvlan_net:
|
||||
name: dign-server-macvlan
|
||||
driver: macvlan
|
||||
enable_ipv6: true
|
||||
driver_opts:
|
||||
parent: {{ diagnose.virtual_server_nic }}
|
||||
ipam:
|
||||
config:
|
||||
- subnet: 192.0.2.0/24
|
||||
ip_range: 192.0.2.128/25
|
||||
gateway: 192.0.2.129
|
||||
- subnet: fd00:a1bf:2c3d:ef5a::/63
|
||||
ip_range: fd00:a1bf:2c3d:ef5a::/64
|
||||
gateway: fd00:a1bf:2c3d:ef5a::1010
|
||||
|
||||
client_macvlan_net:
|
||||
name: dign-client-macvlan
|
||||
driver: macvlan
|
||||
enable_ipv6: true
|
||||
driver_opts:
|
||||
parent: {{ diagnose.virtual_client_nic }}
|
||||
ipam:
|
||||
config:
|
||||
- subnet: 192.0.2.0/24
|
||||
ip_range: 192.0.2.0/25
|
||||
gateway: 192.0.2.1
|
||||
- subnet: fd00:a1bf:2c3d:ef5a::/63
|
||||
ip_range: fd00:a1bf:2c3d:ef5b::/64
|
||||
gateway: fd00:a1bf:2c3d:ef5a::1011
|
||||
Reference in New Issue
Block a user