From ab6285ef593e01b5bc77b18e7394ba1f18dab01f Mon Sep 17 00:00:00 2001 From: fumingwei Date: Mon, 27 May 2024 17:41:30 +0800 Subject: [PATCH] refactor: Modify tsg-diagnose install role. --- .../roles/tsg-diagnose/files/dign-client.yaml | 78 ----------- .../roles/tsg-diagnose/files/dign-server.yaml | 113 ---------------- .../files/service_override_prestart.conf | 4 - .../tsg-diagnose/files/tsg-diagnose.service | 14 -- ansible/roles/tsg-diagnose/tasks/main.yml | 90 +++---------- .../templates/docker-compose.yml.j2 | 125 ------------------ 6 files changed, 19 insertions(+), 405 deletions(-) delete mode 100644 ansible/roles/tsg-diagnose/files/dign-client.yaml delete mode 100644 ansible/roles/tsg-diagnose/files/dign-server.yaml delete mode 100644 ansible/roles/tsg-diagnose/files/service_override_prestart.conf delete mode 100644 ansible/roles/tsg-diagnose/files/tsg-diagnose.service delete mode 100644 ansible/roles/tsg-diagnose/templates/docker-compose.yml.j2 diff --git a/ansible/roles/tsg-diagnose/files/dign-client.yaml b/ansible/roles/tsg-diagnose/files/dign-client.yaml deleted file mode 100644 index fd6f4a37..00000000 --- a/ansible/roles/tsg-diagnose/files/dign-client.yaml +++ /dev/null @@ -1,78 +0,0 @@ ---- -apiVersion: "k8s.cni.cncf.io/v1" -kind: NetworkAttachmentDefinition -metadata: - namespace: tsg-os-system - name: br-dign-client -spec: - config: '{ - "cniVersion": "0.3.0", - "type": "bridge", - "bridge": "br_dign_c", - "ipam": { - "type": "host-local", - "ranges": [ - [ { - "subnet": "192.0.2.0/24", - "rangeStart": "192.0.2.211", - "rangeEnd": "192.0.2.220", - "gateway": "192.0.2.1" - } ] - ] - } - }' ---- -apiVersion: apps/v1 -kind: DaemonSet -metadata: - namespace: tsg-os-system - name: dign-client - labels: - app: dign-client - -spec: - selector: - matchLabels: - app: dign-client - template: - metadata: - labels: - app: dign-client - annotations: - k8s.v1.cni.cncf.io/networks: br-dign-client - spec: - containers: - - name: dign-client - image: "dign-client:latest" - imagePullPolicy: Never - workingDir: /opt/dign_client - command: ["/bin/sh", "-c", "update-ca-certificates; tail -f /dev/null"] - securityContext: - privileged: true - volumeMounts: - - name: localtime-node - mountPath: /etc/localtime - readOnly: true - - name: ca-cert-file - mountPath: /usr/local/share/ca-certificates - - name: log-path - mountPath: /opt/dign_client/log - - name: config-path - mountPath: /opt/dign_client/etc/client.conf - subPath: "client.conf" - - volumes: - - name: localtime-node - hostPath: - path: /etc/localtime - - name: ca-cert-file - hostPath: - path: /opt/tsg/tsg-diagnose/etc/.certs_import/certs/sets/current/gen/crt - - name: log-path - hostPath: - path: /opt/tsg/tsg-diagnose/log - - name: config-path - hostPath: - path: /opt/tsg/tsg-diagnose/etc ---- - diff --git a/ansible/roles/tsg-diagnose/files/dign-server.yaml b/ansible/roles/tsg-diagnose/files/dign-server.yaml deleted file mode 100644 index f65d1d68..00000000 --- a/ansible/roles/tsg-diagnose/files/dign-server.yaml +++ /dev/null @@ -1,113 +0,0 @@ ---- -apiVersion: "k8s.cni.cncf.io/v1" -kind: NetworkAttachmentDefinition -metadata: - namespace: tsg-os-system - name: br-dign-server -spec: - config: '{ - "cniVersion": "0.3.0", - "type": "bridge", - "bridge": "br_dign_s", - "ipam": { - "type": "host-local", - "ranges": [ - [ { - "subnet": "192.0.2.0/24", - "rangeStart": "192.0.2.201", - "rangeEnd": "192.0.2.210", - "gateway": "192.0.2.1" - } ] - ] - } - }' ---- -apiVersion: apps/v1 -kind: DaemonSet -metadata: - namespace: tsg-os-system - name: dign-server - labels: - app: dign-server - -spec: - selector: - matchLabels: - app: dign-server - template: - metadata: - labels: - app: dign-server - annotations: - k8s.v1.cni.cncf.io/networks: br-dign-server - - spec: - containers: - - name: dign-server-dns - image: "dign-server-dns:latest" - imagePullPolicy: Never - command: ["/bin/sh", "-c", "echo 66.66.66.66 www.1testanswer-cname.com >> /etc/hosts; webproc --config /etc/dnsmasq.conf -- dnsmasq --no-daemon"] - securityContext: - privileged: true - livenessProbe: - exec: - command: - - ifconfig - - net1 - initialDelaySeconds: 5 - periodSeconds: 5 - volumeMounts: - - name: localtime-node - mountPath: /etc/localtime - readOnly: true - - name: config-path - mountPath: /etc/dnsmasq.conf - subPath: dnsmasq.conf - readOnly: true - - - name: dign-server-web - image: "dign-server-web:latest" - imagePullPolicy: Never - command: ["/bin/bash", "-c", "make inside-docker;nginx;tail -f /dev/null"] - securityContext: - privileged: true - livenessProbe: - exec: - command: - - ifconfig - - net1 - initialDelaySeconds: 5 - periodSeconds: 5 - volumeMounts: - - name: localtime-node - mountPath: /etc/localtime - readOnly: true - - name: certs-path - mountPath: /badssl.com/certs - readOnly: true - - name: common-path - mountPath: /badssl.com/common - readOnly: true - - initContainers: - - name: tsg-dign-init - image: "dign-server-dns:latest" - imagePullPolicy: Never - command: ["/bin/sh","-c","i=1;while [ \"$i\" -le 64 ]; do ip_suffix=$(( i + 100 ));ifconfig net1:$i 192.0.2.$ip_suffix;i=$(( i + 1 ));done;"] - securityContext: - privileged: true - - volumes: - - name: localtime-node - hostPath: - path: /etc/localtime - - name: config-path - hostPath: - path: /opt/tsg/tsg-diagnose/etc/ - - name: certs-path - hostPath: - path: /opt/tsg/tsg-diagnose/etc/.certs_import/certs - - name: common-path - hostPath: - path: /opt/tsg/tsg-diagnose/etc/.certs_import/common ---- \ No newline at end of file diff --git a/ansible/roles/tsg-diagnose/files/service_override_prestart.conf b/ansible/roles/tsg-diagnose/files/service_override_prestart.conf deleted file mode 100644 index b087eade..00000000 --- a/ansible/roles/tsg-diagnose/files/service_override_prestart.conf +++ /dev/null @@ -1,4 +0,0 @@ -[Service] -ExecStartPre=/bin/sh -c "docker load < /opt/tsg/tsg-diagnose/images/server_web.tar" -ExecStartPre=/bin/sh -c "docker load < /opt/tsg/tsg-diagnose/images/server_dns.tar" -ExecStartPre=/bin/sh -c "docker load < /opt/tsg/tsg-diagnose/images/client.tar" \ No newline at end of file diff --git a/ansible/roles/tsg-diagnose/files/tsg-diagnose.service b/ansible/roles/tsg-diagnose/files/tsg-diagnose.service deleted file mode 100644 index 540e4b2f..00000000 --- a/ansible/roles/tsg-diagnose/files/tsg-diagnose.service +++ /dev/null @@ -1,14 +0,0 @@ -[Unit] -Description=Tsg diagnose -Requires=docker.service -After=docker.service - -[Service] -Type=oneshot -RemainAfterExit=yes -WorkingDirectory=/opt/tsg/tsg-diagnose/compose/%i -ExecStart=/bin/sh -c "docker-compose down --remove-orphans; docker-compose up -d --remove-orphans" -ExecStop=/bin/sh -c "docker-compose down --remove-orphans" - -[Install] -WantedBy=multi-user.target diff --git a/ansible/roles/tsg-diagnose/tasks/main.yml b/ansible/roles/tsg-diagnose/tasks/main.yml index 5fdac9ab..60642201 100644 --- a/ansible/roles/tsg-diagnose/tasks/main.yml +++ b/ansible/roles/tsg-diagnose/tasks/main.yml @@ -1,80 +1,35 @@ -#- name: "Install tsg-diagnose" -# shell: rpm -i /tmp/rpm_download/{{ tsg_diagnose_rpm_version.tsg_diagnose }}* -# -- name: "download rpm packages: tsg-diagnose" +- name: "Install rpm packages." yum: - name: - - "{{ tsg_diagnose_rpm_version.tsg_diagnose }}" + name: "{{ tsg_diagnose_rpm_version.tsg_diagnose }}" conf_file: "{{ rpm_repo_config_path }}" state: present - download_only: yes - download_dir: "{{ path_download }}" - -- name: "Get tsg_diagnose rpm path" - find: - path: /tmp/rpm_download/ - pattern: "{{ tsg_diagnose_rpm_version.tsg_diagnose }}*" - register: tsg_diagnose_rpm_fullname - -- name: "Install tsg_diagnose from local path" - yum: - name: "{{ tsg_diagnose_rpm_fullname.files[0].path }}" - state: present disable_gpg_check: yes -- name: "Templates docker-compose.yml" - template: - src: "{{role_path}}/templates/docker-compose.yml.j2" - dest: /opt/tsg/tsg-diagnose/compose/docker-compose.yml - tags: template +- name: "Enable sudo exec tsg-diagnose command." + shell: sed -i -E 's/^(.*Defaults secure_path =.*)$/\1:\/opt\/tsg\/tsg-diagnose\/scripts/' /etc/sudoers + +- name: "Set docker-compose.yaml server parent nic name." + shell: sed -i 's/eth_vf_dign_s/{{ diagnose.virtual_server_nic }}/g' /opt/tsg/tsg-diagnose/compose/docker-compose.yml when: runtime_env != 'TSG-X-P0906' -- name: "copy tsg-diagnose.service file to dest" - copy: - src: "{{ role_path }}/files/tsg-diagnose.service" - dest: /usr/lib/systemd/system/tsg-diagnose.service - mode: 0644 +- name: "Set docker-compose.yaml client parent nic name." + shell: sed -i 's/eth_vf_dign_c/{{ diagnose.virtual_client_nic }}/g' /opt/tsg/tsg-diagnose/compose/docker-compose.yml when: runtime_env != 'TSG-X-P0906' -- name: "Create /usr/lib/systemd/system/tsg-diagnose.service.d/ directory if it does not exist" - file: - path: "{{ item }}" - state: directory - mode: '0755' - with_items: - - /usr/lib/systemd/system/tsg-diagnose.service.d +- name: "Set tsg-diagnose.service WantedBy to workload.target." + shell: sed -i 's/WantedBy=multi-user.target/WantedBy=workload.target/g' /usr/lib/systemd/system/tsg-diagnose.service when: runtime_env != 'TSG-X-P0906' -- name: "copy prestart file to tsg-diagnose.service.d" - copy: - src: "{{ role_path }}/files/service_override_prestart.conf" - dest: /usr/lib/systemd/system/tsg-diagnose.service.d/ - mode: 0644 - when: runtime_env != 'TSG-X-P0906' - -- name: "replace action: replace service WantedBy from multi-user.target to workload.target" - replace: - path: "{{ item }}" - regexp: 'WantedBy=multi-user.target' - replace: 'WantedBy=workload.target' - with_items: - - /usr/lib/systemd/system/tsg-diagnose.service - when: runtime_env != 'TSG-X-P0906' - -- name: "add sudo secure_path" - lineinfile: - path: /etc/sudoers - backrefs: yes - regexp: "^(.*Defaults secure_path =.*)$" - line: '\1:/opt/tsg/tsg-diagnose/scripts' +- name: "Create k3s mainfest path." + shell: mkdir -p /var/lib/rancher/k3s/server/manifests/ + when: runtime_env == 'TSG-X-P0906' - name: "copy k3s resouce file to k3s manifests directory" - copy: - src: "{{ role_path }}/files/{{ item }}" - dest: /var/lib/rancher/k3s/server/manifests/ - with_items: - - dign-client.yaml - - dign-server.yaml + shell: cp /opt/tsg/tsg-diagnose/k8s-resource/* /var/lib/rancher/k3s/server/manifests/ + when: runtime_env == 'TSG-X-P0906' + +- name: "Set service function config mount path." + shell: sed -i 's/\/opt\/tsg\/tsg-diagnose\/share/\/opt\/tsg\/clixon\/share/g' /var/lib/rancher/k3s/server/manifests/tsg-diagnose-client.yaml when: runtime_env == 'TSG-X-P0906' - name: "copy iptables shell to dispatcher.d" @@ -83,10 +38,3 @@ dest: /etc/NetworkManager/dispatcher.d/ mode: 0755 when: runtime_env == 'TSG-X-P0906' - -- name: "modify k3s command" - shell: sed -i 's/kubectl exec -it daemonset\/dign-client/kubectl exec -n tsg-os-system -it daemonset\/dign-client/g' {{ item }} - with_items: - - /opt/tsg/tsg-diagnose/scripts/tsg-diagnose-oneshot - - /opt/tsg/tsg-diagnose/scripts/tsg-diagnose-periodical - when: runtime_env == 'TSG-X-P0906' diff --git a/ansible/roles/tsg-diagnose/templates/docker-compose.yml.j2 b/ansible/roles/tsg-diagnose/templates/docker-compose.yml.j2 deleted file mode 100644 index 82dc336a..00000000 --- a/ansible/roles/tsg-diagnose/templates/docker-compose.yml.j2 +++ /dev/null @@ -1,125 +0,0 @@ -#for tsg-diagnose -version: '2.2' -services: - - server_web: - image: "dign-server-web:latest" - container_name: "dign-server-web" - tty: true - privileged: true - networks: - server_macvlan_net: - ipv4_address: 192.0.2.130 - ipv6_address: fd00:a1bf:2c3d:ef5a:1e2f:3d4c:56ab:1010 - bridge_direct_net: - ipv4_address: 192.51.100.2 - volumes: - - /opt/tsg/tsg-diagnose/etc/.certs_import:/badssl.com/certs_import - - /etc/localtime:/etc/localtime:ro - command: > - bash -c "ifconfig eth0 hw ether 02:42:c0:a8:fd:82 - && arp -i eth0 -s 192.0.2.3 02:42:C0:A8:FD:03 - && cp -r /badssl.com/certs_import/certs /badssl.com/certs_import/common /badssl.com - && make inside-docker - && nginx - && tail -f /dev/null" - - - server_dns: - image: "dign-server-dns:latest" - container_name: "dign-server-dns" - tty: true - privileged: true - networks: - server_macvlan_net: - ipv4_address: 192.0.2.135 - ipv6_address: fd00:a1bf:2c3d:ef5a:1e2f:3d4c:56ab:1015 - bridge_direct_net: - ipv4_address: 192.51.100.5 - volumes: - - /opt/tsg/tsg-diagnose/etc/dnsmasq.conf:/etc/dnsmasq.conf - - /etc/localtime:/etc/localtime:ro - entrypoint: /bin/sh - command: - - -c - - | - ifconfig eth0 hw ether 02:42:C0:A8:FD:85 - arp -i eth0 -s 192.0.2.3 02:42:C0:A8:FD:03 - echo 66.66.66.66 www.1testanswer-cname.com >> /etc/hosts - webproc --config /etc/dnsmasq.conf -- dnsmasq --no-daemon & - tail -f /dev/null - - client: - image: "dign-client:latest" - container_name: "dign-client" - depends_on: - - server_web - - server_dns - tty: true - privileged: true - networks: - client_macvlan_net: - ipv4_address: 192.0.2.3 - ipv6_address: fd00:a1bf:2c3d:ef5b:6e7f:8d9c:abfe:1012 - bridge_direct_net: - ipv4_address: 192.51.100.4 - volumes: - - /opt/tsg/tsg-diagnose/etc/.certs_import:/opt/dign_client/etc/certs_import - - /opt/tsg/tsg-diagnose/log:/opt/dign_client/log - - /opt/tsg/tsg-diagnose/etc/client.conf:/opt/dign_client/etc/client.conf - - /etc/localtime:/etc/localtime:ro - command: - - /bin/sh - - -c - - | - /opt/dign_client/bin/wait-for 192.51.100.2:443 -t 60 -- echo "server web is up" - /opt/dign_client/bin/wait-for 192.51.100.5:8080 -t 60 -- echo "server dns is up" - ifconfig eth0 hw ether 02:42:C0:A8:FD:03 - arp -i eth0 -s 192.0.2.130 02:42:c0:a8:fd:82 - arp -i eth0 -s 192.0.2.131 02:42:C0:A8:FD:83 - arp -i eth0 -s 192.0.2.135 02:42:C0:A8:FD:85 - mkdir -p /opt/dign_client/log - cp -rf /opt/dign_client/etc/certs_import/certs/sets/current/gen/crt/ca-root.crt /usr/local/share/ca-certificates - update-ca-certificates - cat /opt/dign_client/etc/hosts >> /etc/hosts - tail -f /dev/null - - -networks: - bridge_direct_net: - name: dign-direct-bridge - driver: bridge - ipam: - config: - - subnet: 192.51.100.0/24 - gateway: 192.51.100.1 - - server_macvlan_net: - name: dign-server-macvlan - driver: macvlan - enable_ipv6: true - driver_opts: - parent: {{ diagnose.virtual_server_nic }} - ipam: - config: - - subnet: 192.0.2.0/24 - ip_range: 192.0.2.128/25 - gateway: 192.0.2.129 - - subnet: fd00:a1bf:2c3d:ef5a::/63 - ip_range: fd00:a1bf:2c3d:ef5a::/64 - gateway: fd00:a1bf:2c3d:ef5a::1010 - - client_macvlan_net: - name: dign-client-macvlan - driver: macvlan - enable_ipv6: true - driver_opts: - parent: {{ diagnose.virtual_client_nic }} - ipam: - config: - - subnet: 192.0.2.0/24 - ip_range: 192.0.2.0/25 - gateway: 192.0.2.1 - - subnet: fd00:a1bf:2c3d:ef5a::/63 - ip_range: fd00:a1bf:2c3d:ef5b::/64 - gateway: fd00:a1bf:2c3d:ef5a::1011