From c108906d689c5c354a207c5eb187d992aad7bbb3 Mon Sep 17 00:00:00 2001 From: fumingwei Date: Thu, 20 May 2021 11:18:24 +0800 Subject: [PATCH] =?UTF-8?q?tsg-diagnose=20=E4=BF=AE=E6=94=B9=E7=BB=91?= =?UTF-8?q?=E5=AE=9A=E7=BD=91=E5=8D=A1?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../roles/tsg-diagnose/tasks/main.yml | 6 + .../templates/docker-compose.yml.j2 | 125 ++++++++++++++++++ 2 files changed, 131 insertions(+) create mode 100644 tsg-9140-scripts/roles/tsg-diagnose/templates/docker-compose.yml.j2 diff --git a/tsg-9140-scripts/roles/tsg-diagnose/tasks/main.yml b/tsg-9140-scripts/roles/tsg-diagnose/tasks/main.yml index 144deb4c..f8e98aa3 100644 --- a/tsg-9140-scripts/roles/tsg-diagnose/tasks/main.yml +++ b/tsg-9140-scripts/roles/tsg-diagnose/tasks/main.yml @@ -16,6 +16,12 @@ dest: /opt/tsg/tsg-diagnose/etc/tsg-diagnose.config tags: template +- name: "Templates docker-compose.yml" + template: + src: "{{role_path}}/templates/docker-compose.yml.j2" + dest: /opt/tsg/tsg-diagnose/compose/docker-compose.yml + tags: template + - name: "tsg-diagnose:mkdir -p .badssl_cert_dict" file: path: /opt/tsg/tsg-diagnose/.badssl_cert_dict diff --git a/tsg-9140-scripts/roles/tsg-diagnose/templates/docker-compose.yml.j2 b/tsg-9140-scripts/roles/tsg-diagnose/templates/docker-compose.yml.j2 new file mode 100644 index 00000000..6609e713 --- /dev/null +++ b/tsg-9140-scripts/roles/tsg-diagnose/templates/docker-compose.yml.j2 @@ -0,0 +1,125 @@ +#for tsg-diagnose +version: '2.2' +services: + + badssl_server: + image: "badssl-tsg-diagnose:latest" + container_name: "badssl_tsg-diagnose" + tty: true + privileged: true + networks: + vlan_ssl_net: + ipv4_address: 192.0.2.130 + ipv6_address: fd00:a1bf:2c3d:ef5a:1e2f:3d4c:56ab:1010 + bridge_net: + ipv4_address: 192.51.100.2 + volumes: + - /opt/tsg/tsg-diagnose/.badssl_cert_dict:/badssl.com/unittest_certs + - /etc/localtime:/etc/localtime:ro + command: > + bash -c "ifconfig eth0 hw ether 02:42:c0:a8:fd:82 + && arp -i eth0 -s 192.0.2.3 02:42:C0:A8:FD:03 + && cp -r /badssl.com/unittest_certs/certs /badssl.com/unittest_certs/common /badssl.com + && make inside-docker + && nginx + && tail -f /dev/null" + + wpr_server: + image: "wpr-tsg-diagnose:latest" + container_name: "wpr_tsg-diagnose" + tty: true + privileged: true + networks: + vlan_ssl_net: + ipv4_address: 192.0.2.131 + ipv6_address: fd00:a1bf:2c3d:ef5a:1e2f:3d4c:56ab:1011 + bridge_net: + ipv4_address: 192.51.100.3 + volumes: + - /etc/localtime:/etc/localtime:ro + command: + - /bin/sh + - -c + - | + ifconfig eth0 hw ether 02:42:C0:A8:FD:83 + arp -i eth0 -s 192.0.2.3 02:42:C0:A8:FD:03 + /root/wpr/wpr replay --http_port=80 --https_port=443 --host=0.0.0.0 --quiet_mode /root/wpr/archive.wprgo & + tail -f /dev/null + + unittest_client: + image: "unittest-tsg-diagnose:latest" + container_name: "unittest_tsg-diagnose" + depends_on: + - badssl_server + - wpr_server + tty: true + privileged: true + networks: + vlan_unittest_net: + ipv4_address: 192.0.2.3 + ipv6_address: fd00:a1bf:2c3d:ef5b:6e7f:8d9c:abfe:1012 + bridge_net: + ipv4_address: 192.51.100.4 + volumes: + - /opt/tsg/tsg-diagnose/.badssl_cert_dict:/root/cafile_dict + - /opt/tsg/tsg-diagnose/result:/root/result_tsg_diagnose + - /opt/tsg/tsg-diagnose/etc:/root/etc_tsg_diagnose + - /etc/localtime:/etc/localtime:ro + command: + - /bin/sh + - -c + - | + /root/unittest/wait-for 192.51.100.2:443 -t 60 -- echo "badssl is up" + /root/unittest/wait-for 192.51.100.3:443 -t 60 -- echo "wpr is up" + ifconfig eth0 hw ether 02:42:C0:A8:FD:03 + arp -i eth0 -s 192.0.2.130 02:42:c0:a8:fd:82 + arp -i eth0 -s 192.0.2.131 02:42:C0:A8:FD:83 + mkdir -p /root/result_tsg_diagnose/unittest + mkdir -p /root/result_tsg_diagnose/conn_traffic_status + cp -rf /root/cafile_dict/certs/sets/current/gen/crt/ca-root.crt /usr/local/share/ca-certificates + update-ca-certificates + cat /root/unittest/badssl.test.hosts >> /etc/hosts + echo '0 2 * * * /usr/local/bin/python /root/unittest/clear_file_timeout.py' > /etc/crontabs/root + echo '0 2 * * * /usr/local/bin/python /root/unittest/clear_file_timeout.py -d /root/result_tsg_diagnose/conn_traffic_status' > /etc/crontabs/root + crond + python /root/unittest/tsg_diagnose.py -l -w NEZHA + + +networks: + bridge_net: + name: bridge_tsg-diagnose_net + driver: bridge + ipam: + config: + - subnet: 192.51.100.0/24 + gateway: 192.51.100.1 + + vlan_ssl_net: + name: vlan_tsg-diagnose_net + driver: macvlan + enable_ipv6: true + driver_opts: + parent: enp1s2f1 + ipam: + config: + - subnet: 192.0.2.0/24 + ip_range: 192.0.2.128/25 + gateway: 192.0.2.129 + - subnet: fd00:a1bf:2c3d:ef5a::/63 + ip_range: fd00:a1bf:2c3d:ef5a::/64 + gateway: fd00:a1bf:2c3d:ef5a::1010 + + vlan_unittest_net: + name: vlan_unittest_tsg-diagnose_net + driver: macvlan + enable_ipv6: true + driver_opts: + parent: enp1s2f2 + ipam: + config: + - subnet: 192.0.2.0/24 + ip_range: 192.0.2.0/25 + gateway: 192.0.2.1 + - subnet: fd00:a1bf:2c3d:ef5a::/63 + ip_range: fd00:a1bf:2c3d:ef5b::/64 + gateway: fd00:a1bf:2c3d:ef5a::1011