tsg-diagnose 修改绑定网卡

2021-05-20 11:18:24 +08:00
parent f056e3b21e
commit c108906d68
2 changed files with 131 additions and 0 deletions
--- a/tsg-9140-scripts/roles/tsg-diagnose/tasks/main.yml
+++ b/tsg-9140-scripts/roles/tsg-diagnose/tasks/main.yml
@@ -16,6 +16,12 @@
    dest: /opt/tsg/tsg-diagnose/etc/tsg-diagnose.config
  tags: template

+- name: "Templates docker-compose.yml"
+  template:
+    src: "{{role_path}}/templates/docker-compose.yml.j2"
+    dest: /opt/tsg/tsg-diagnose/compose/docker-compose.yml
+  tags: template
+
 - name: "tsg-diagnose:mkdir -p .badssl_cert_dict"
  file:
    path: /opt/tsg/tsg-diagnose/.badssl_cert_dict
--- a/tsg-9140-scripts/roles/tsg-diagnose/templates/docker-compose.yml.j2
+++ b/tsg-9140-scripts/roles/tsg-diagnose/templates/docker-compose.yml.j2
@@ -0,0 +1,125 @@
+#for tsg-diagnose
+version: '2.2'
+services:
+
+  badssl_server:
+    image: "badssl-tsg-diagnose:latest"
+    container_name: "badssl_tsg-diagnose"
+    tty: true
+    privileged: true
+    networks:
+      vlan_ssl_net:
+        ipv4_address: 192.0.2.130
+        ipv6_address: fd00:a1bf:2c3d:ef5a:1e2f:3d4c:56ab:1010
+      bridge_net:
+        ipv4_address: 192.51.100.2
+    volumes:
+     - /opt/tsg/tsg-diagnose/.badssl_cert_dict:/badssl.com/unittest_certs
+     - /etc/localtime:/etc/localtime:ro
+    command: >
+      bash -c "ifconfig eth0 hw ether 02:42:c0:a8:fd:82
+      && arp -i eth0 -s 192.0.2.3 02:42:C0:A8:FD:03 
+      && cp -r /badssl.com/unittest_certs/certs /badssl.com/unittest_certs/common /badssl.com
+      && make inside-docker
+      && nginx
+      && tail -f /dev/null"
+
+  wpr_server:
+    image: "wpr-tsg-diagnose:latest"
+    container_name: "wpr_tsg-diagnose"
+    tty: true
+    privileged: true
+    networks:
+      vlan_ssl_net:
+        ipv4_address: 192.0.2.131
+        ipv6_address: fd00:a1bf:2c3d:ef5a:1e2f:3d4c:56ab:1011
+      bridge_net:
+        ipv4_address: 192.51.100.3
+    volumes:
+     - /etc/localtime:/etc/localtime:ro
+    command: 
+      - /bin/sh
+      - -c
+      - |
+        ifconfig eth0 hw ether 02:42:C0:A8:FD:83
+        arp -i eth0 -s 192.0.2.3 02:42:C0:A8:FD:03
+        /root/wpr/wpr replay --http_port=80 --https_port=443 --host=0.0.0.0 --quiet_mode /root/wpr/archive.wprgo & 
+        tail -f /dev/null
+        
+  unittest_client:
+    image: "unittest-tsg-diagnose:latest"
+    container_name: "unittest_tsg-diagnose"
+    depends_on: 
+      - badssl_server
+      - wpr_server
+    tty: true
+    privileged: true
+    networks:
+      vlan_unittest_net:
+        ipv4_address: 192.0.2.3
+        ipv6_address: fd00:a1bf:2c3d:ef5b:6e7f:8d9c:abfe:1012
+      bridge_net:
+        ipv4_address: 192.51.100.4
+    volumes:
+     - /opt/tsg/tsg-diagnose/.badssl_cert_dict:/root/cafile_dict
+     - /opt/tsg/tsg-diagnose/result:/root/result_tsg_diagnose
+     - /opt/tsg/tsg-diagnose/etc:/root/etc_tsg_diagnose
+     - /etc/localtime:/etc/localtime:ro
+    command: 
+      - /bin/sh
+      - -c
+      - |
+        /root/unittest/wait-for 192.51.100.2:443 -t 60 -- echo "badssl is up"
+        /root/unittest/wait-for 192.51.100.3:443 -t 60 -- echo "wpr is up"
+        ifconfig eth0 hw ether 02:42:C0:A8:FD:03
+        arp -i eth0 -s 192.0.2.130 02:42:c0:a8:fd:82
+        arp -i eth0 -s 192.0.2.131 02:42:C0:A8:FD:83
+        mkdir -p /root/result_tsg_diagnose/unittest
+        mkdir -p /root/result_tsg_diagnose/conn_traffic_status
+        cp -rf /root/cafile_dict/certs/sets/current/gen/crt/ca-root.crt /usr/local/share/ca-certificates
+        update-ca-certificates
+        cat /root/unittest/badssl.test.hosts >> /etc/hosts
+        echo '0      2       *       *       *       /usr/local/bin/python /root/unittest/clear_file_timeout.py' > /etc/crontabs/root
+        echo '0      2       *       *       *       /usr/local/bin/python /root/unittest/clear_file_timeout.py -d /root/result_tsg_diagnose/conn_traffic_status' > /etc/crontabs/root
+        crond
+        python /root/unittest/tsg_diagnose.py -l -w NEZHA
+
+
+networks: 
+  bridge_net:
+    name: bridge_tsg-diagnose_net
+    driver: bridge
+    ipam:
+      config:
+        - subnet: 192.51.100.0/24
+          gateway: 192.51.100.1
+
+  vlan_ssl_net: 
+    name: vlan_tsg-diagnose_net
+    driver: macvlan
+    enable_ipv6: true
+    driver_opts: 
+      parent: enp1s2f1
+    ipam: 
+      config: 
+        - subnet: 192.0.2.0/24
+          ip_range: 192.0.2.128/25  
+          gateway: 192.0.2.129
+        - subnet: fd00:a1bf:2c3d:ef5a::/63
+          ip_range: fd00:a1bf:2c3d:ef5a::/64
+          gateway: fd00:a1bf:2c3d:ef5a::1010
+
+  vlan_unittest_net: 
+    name: vlan_unittest_tsg-diagnose_net
+    driver: macvlan
+    enable_ipv6: true
+    driver_opts:
+      parent: enp1s2f2
+    ipam:
+      config:
+        - subnet: 192.0.2.0/24
+          ip_range: 192.0.2.0/25
+          gateway: 192.0.2.1
+        - subnet: fd00:a1bf:2c3d:ef5a::/63
+          ip_range: fd00:a1bf:2c3d:ef5b::/64
+          gateway: fd00:a1bf:2c3d:ef5a::1011