gfwleak/tsg-tsg-os-buildimage
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

bugfix:删除os的proid tsg-1808

Browse Source
This commit is contained in:
fumingwei
2022-08-29 19:29:03 +08:00
parent 11a39bba20
commit ccd227c75b
13 changed files with 24 additions and 920 deletions
Download Patch File Download Diff File Expand all files Collapse all files

71
.gitlab-ci.yml
View File

@@ -92,19 +92,6 @@ feature_branch_build_TSGXP0906:
- /^rel-.*$/i
- /^update-.*$/i
feature_branch_build_TSGXP1808:
image: $BUILD_BASED_IMAGE_ROCKYLINUX8
stage: build
extends: .build_tsg-buildimage
variables:
PROFILE_LIST: TSGXNXR620G40R01P1808
DALIY_BUILD_VERSION: 1
except:
- tags
- /^dev-.*$/i
- /^rel-.*$/i
- /^update-.*$/i
feature_branch_build_server_unlocked:
image: $BUILD_BASED_IMAGE_CENTOS7
stage: build
@@ -217,20 +204,6 @@ develop_build_TSGXP0906:
only:
- /^dev-.*$/i
develop_build_TSGXP1808:
image: $BUILD_BASED_IMAGE_ROCKYLINUX8
stage: build
extends: .build_tsg-buildimage
variables:
PROFILE_LIST: TSGXNXR620G40R01P1808
UPLOAD_TO_FILE_REPO: 1
PULP3_FILE_REPO_NAME: tsg-os-images-develop
PULP3_FILE_DIST_NAME: tsg-os-images-develop
DALIY_BUILD_VERSION: 1
FILE_REPO_PATH: install/develop/tsg-os-images
only:
- /^dev-.*$/i
develop_build_server_unlocked:
image: $BUILD_BASED_IMAGE_CENTOS7
stage: build
@@ -345,20 +318,6 @@ testing_build_TSGXP0906:
only:
- /^rel-.*$/i
testing_build_TSGXP1808:
image: $BUILD_BASED_IMAGE_ROCKYLINUX8
stage: build
extends: .build_tsg-buildimage
variables:
PROFILE_LIST: TSGXNXR620G40R01P1808
UPLOAD_TO_FILE_REPO: 1
PULP3_FILE_REPO_NAME: tsg-os-images-testing
PULP3_FILE_DIST_NAME: tsg-os-images-testing
FILE_REPO_PATH: install/testing/tsg-os-images
DALIY_BUILD_VERSION: 1
only:
- /^rel-.*$/i
testing_build_server_unlocked:
image: $BUILD_BASED_IMAGE_CENTOS7
stage: build
@@ -473,20 +432,6 @@ rc_build_TSGXP0906:
only:
- /^.*-rc.*$/i
rc_build_TSGXP1808:
image: $BUILD_BASED_IMAGE_ROCKYLINUX8
stage: build
extends: .build_tsg-buildimage
variables:
PROFILE_LIST: TSGXNXR620G40R01P1808
UPLOAD_TO_FILE_REPO: 1
DALIY_BUILD_VERSION: 0
PULP3_FILE_REPO_NAME: tsg-os-images-rc
PULP3_FILE_DIST_NAME: tsg-os-images-rc
FILE_REPO_PATH: install/rc/tsg-os-images
only:
- /^.*-rc.*$/i
rc_build_server_unlocked:
image: $BUILD_BASED_IMAGE_CENTOS7
stage: build
@@ -613,22 +558,6 @@ release_build_TSGXP0906:
except:
- /^.*-rc.*$/i
release_build_TSGXP1808:
image: $BUILD_BASED_IMAGE_ROCKYLINUX8
stage: build
extends: .build_tsg-buildimage
variables:
PROFILE_LIST: TSGXNXR620G40R01P1808
UPLOAD_TO_FILE_REPO: 1
DALIY_BUILD_VERSION: 0
PULP3_FILE_REPO_NAME: tsg-os-images-release
PULP3_FILE_DIST_NAME: tsg-os-images-release
FILE_REPO_PATH: install/release/tsg-os-images
only:
- tags
except:
- /^.*-rc.*$/i
release_build_server_unlocked:
image: $BUILD_BASED_IMAGE_CENTOS7
stage: build

106
ansible/HAL_deploy.yml
View File

@@ -153,7 +153,7 @@
- {role: docker, tags: docker}
- {role: tsg-diagnose, tags: tsg-diagnose}
- {role: tsg-exporter-proxy-TSGXP0804, tags: tsg-exporter-proxy-TSGXP0804}
- {role: vsys, tags: vsys}
- {role: traffic-engine, tags: traffic-engine}
- {role: system-init-TSG-X-P1403, tags: system-init-TSG-X-P1403}
- {role: system-init, tags: system-init}
- {role: tsg-os-provision-condition, tags: tsg-os-provision-condition}
@@ -169,20 +169,6 @@
- {role: tsg-os-provision, tags: tsg-os-provision}
- {role: container-tools-install, tags: container-tools-install}
- {role: tsg_sn, tags: tsg_sn}
- {role: framework, tags: framework}
- {role: mrzcpd, tags: mrzcpd}
- {role: sapp, tags: sapp}
- {role: tsg_master, tags: tsg_master}
- {role: kni, tags: kni}
- {role: firewall, tags: firewall}
- {role: tsg_app, tags: tsg_app}
- {role: redis, tags: redis}
- {role: certstore, tags: certstore}
- {role: tfe, tags: tfe}
- {role: telegraf_statistic, tags: telegraf_statistic}
- {role: wannat_wangw, tags: wannat_wangw}
- {role: wannat_common, tags: wannat_common}
- {role: wire_graft, tags: wire_graft}
- hosts: TSG-X-NXR620G40-R01-P0906-firewall
remote_user: root
@@ -239,96 +225,6 @@
- {role: container-tools-install, tags: container-tools-install}
- {role: telegraf_statistic, tags: telegraf_statistic}
- hosts: TSG-X-NXR620G40-R01-P1808
remote_user: root
vars_files:
- install_config/group_vars/HAL_TSGXNXR620G40R01P0906.yml
- install_config/group_vars/rpm_version.yml
roles:
- {role: k3s-install, tags: k3s-install}
- {role: tsg-os-provision, tags: tsg-os-provision}
- {role: tsg_device_tag, tags: tsg_device_tag}
- {role: tsg_sn, tags: tsg_sn}
- {role: framework, tags: framework}
- {role: mrzcpd, tags: mrzcpd}
- {role: redis, tags: redis}
- {role: exporter, tags: exporter}
- {role: docker, tags: docker}
- {role: tsg-diagnose, tags: tsg-diagnose}
- {role: tsg-exporter-proxy-TSGXP0804, tags: tsg-exporter-proxy-TSGXP0804}
- {role: traffic-engine, tags: traffic-engine}
- {role: system-init-TSG-X-P1403, tags: system-init-TSG-X-P1403}
- {role: system-init, tags: system-init}
- {role: tsg-os-provision-condition, tags: tsg-os-provision-condition}
- {role: hasp, tags: hasp}
- {role: OFED, tags: OFED}
- hosts: TSG-X-NXR620G40-R01-P1808-init
remote_user: root
vars_files:
- install_config/group_vars/HAL_TSGXNXR620G40R01P0906.yml
- install_config/group_vars/rpm_version.yml
roles:
- {role: tsg-os-provision, tags: tsg-os-provision}
- {role: container-tools-install, tags: container-tools-install}
- {role: tsg_sn, tags: tsg_sn}
- hosts: TSG-X-NXR620G40-R01-P1808-firewall
remote_user: root
vars_files:
- install_config/group_vars/HAL_TSGXNXR620G40R01P0906.yml
- install_config/group_vars/rpm_version.yml
roles:
- {role: tsg-os-provision, tags: tsg-os-provision}
- {role: container-tools-install, tags: container-tools-install}
- {role: framework, tags: framework}
- {role: mrzcpd, tags: mrzcpd}
- {role: sapp, tags: sapp}
- {role: tsg_master, tags: tsg_master}
- {role: kni, tags: kni}
- {role: firewall, tags: firewall}
- {role: tsg_app, tags: tsg_app}
- {role: wannat_wangw, tags: wannat_wangw}
- {role: wannat_common, tags: wannat_common}
- {role: wire_graft, tags: wire_graft}
- {role: hasp, tags: hasp}
- hosts: TSG-X-NXR620G40-R01-P1808-proxy
remote_user: root
vars_files:
- install_config/group_vars/HAL_TSGXNXR620G40R01P0906.yml
- install_config/group_vars/rpm_version.yml
roles:
- {role: tsg-os-provision, tags: tsg-os-provision}
- {role: container-tools-install, tags: container-tools-install}
- {role: framework, tags: framework}
- {role: mrzcpd, tags: mrzcpd}
- {role: tfe, tags: tfe}
- {role: hasp, tags: hasp}
- hosts: TSG-X-NXR620G40-R01-P1808-certstore
remote_user: root
vars_files:
- install_config/group_vars/HAL_TSGXNXR620G40R01P0906.yml
- install_config/group_vars/rpm_version.yml
roles:
- {role: tsg-os-provision, tags: tsg-os-provision}
- {role: container-tools-install, tags: container-tools-install}
- {role: framework, tags: framework}
- {role: redis, tags: redis}
- {role: certstore, tags: certstore}
- hosts: TSG-X-NXR620G40-R01-P1808-telegraf
remote_user: root
vars_files:
- install_config/group_vars/HAL_TSGXNXR620G40R01P0906.yml
- install_config/group_vars/rpm_version.yml
roles:
- {role: tsg-os-provision, tags: tsg-os-provision}
- {role: container-tools-install, tags: container-tools-install}
- {role: telegraf_statistic, tags: telegraf_statistic}
- hosts: server
remote_user: root
vars_files:

18
ansible/install_config/group_vars/HAL_7400MCN0P01R01.yml
View File

@@ -57,21 +57,3 @@ monitor:
enable_ipmi_exporter: 1
### TSG-server, TSG-7400-mcn0 TSG-7400-mcn123 TSG-9140
runtime_env: TSG-7400-mcn0
decoders:
DNS: yes
QUIC: yes
HTTP: yes
MAIL: yes
FTP: yes
SSL: yes
RTP: yes
SIP: yes
SSH: yes
RADIUS: yes
SOCKS: yes
STRATUM: yes
RDP: yes
BGP: yes
DTLS: yes
GTPC: yes

2
ansible/roles/certstore/tasks/main.yml
View File

@@ -93,7 +93,7 @@
path: "/etc/cert-redis.conf"
regexp: 'daemonize yes'
replace: 'daemonize no'
when: (runtime_env == 'TSG-X-P0906' and PROFILE_ID == 'TSG-X-NXR620G40-R01-P0906-certstore') or (runtime_env == 'TSG-X-P1808' and PROFILE_ID == 'TSG-X-NXR620G40-R01-P1808-certstore')
when: runtime_env == 'TSG-X-P0906' and PROFILE_ID == 'TSG-X-NXR620G40-R01-P0906-certstore'
- name: "copy zlog.conf to dest"
copy:

8
ansible/roles/container-tools-install/tasks/main.yml
View File

@@ -3,11 +3,11 @@
name: ansible
conf_file: "{{ rpm_repo_config_path }}"
state: present
when: PROFILE_ID == 'TSG-X-NXR620G40-R01-P0906-init' or PROFILE_ID == 'TSG-X-NXR620G40-R01-P1808-init'
when: PROFILE_ID == 'TSG-X-NXR620G40-R01-P0906-init'
- name: "Generate ansiblg.cfg after ansible upgrade in rockylinux8"
shell: ansible-config init --disabled > /etc/ansible/ansible.cfg
when: PROFILE_ID == 'TSG-X-NXR620G40-R01-P0906-init' or PROFILE_ID == 'TSG-X-NXR620G40-R01-P1808-init'
when: PROFILE_ID == 'TSG-X-NXR620G40-R01-P0906-init'
- name: 'change ansible hash_behaviour value replace to merge'
lineinfile:
@@ -15,11 +15,11 @@
backrefs: yes
regexp: "^(.*hash_behaviour.*=.*replace.*)$"
line: '\1\nhash_behaviour = merge'
when: PROFILE_ID == 'TSG-X-NXR620G40-R01-P0906-init' or PROFILE_ID == 'TSG-X-NXR620G40-R01-P1808-init'
when: PROFILE_ID == 'TSG-X-NXR620G40-R01-P0906-init'
- name: 'install psutil'
shell: pip3 install -i https://pypi.tuna.tsinghua.edu.cn/simple psutil
when: PROFILE_ID == 'TSG-X-NXR620G40-R01-P0906-init' or PROFILE_ID == 'TSG-X-NXR620G40-R01-P1808-init'
when: PROFILE_ID == 'TSG-X-NXR620G40-R01-P0906-init'
- name: "install tcpdump"
yum:

127
ansible/roles/tsg-os-provision/files/tasks/provision.yml.TSGXNXR620G40R01P0906
View File

@@ -34,132 +34,14 @@
workload_proxy_cpu_affinity: "{{ cpu_layout_obtained.tfe_affinity | join(',') }}"
workload_proxy_worker_thread: "{{ cpu_layout_obtained.tfe_affinity | length | int - 1 }}"
- name: "tsg-os-provision: rewrite sapp_cpu_affinity and sapp_worker_threads"
set_fact:
workload_firewall_cpu_affinity: "{{ (cpu_layout_obtained.sapp_affinity + cpu_layout_obtained.tfe_affinity) | join(',') }}"
workload_firewall_worker_threads: "{{ (cpu_layout_obtained.sapp_affinity + cpu_layout_obtained.tfe_affinity) | length }}"
when: proxy.enable == 0
######setting cpu affinity end######
######setting nic cpu affinity mask start######
- name: output cpu_layouts config to config .cpu_layouts.json
copy:
content: "{{ cpu_layouts| to_json }}"
dest: /opt/tsg/tsg-os-provision/.cpu_layouts.json
- name: "tsg-os-provision: obtain rps_mask"
shell: /opt/tsg/tsg-os-provision/scripts/obtain_rps_mask.py
register: result_exec_obtain_rps_mask
- name: "tsg-os-provision: check result_exec_obtain_rps_mask"
assert:
that:
- result_exec_obtain_rps_mask.rc == 0
- result_exec_obtain_rps_mask.failed == False
fail_msg: "error:{{ result_exec_obtain_rps_mask.stderr }},stdout:{{ result_exec_obtain_rps_mask.stdout_lines }}"
success_msg: "Successded: obtain rpm mask"
- name: "set rps_mask into tfe-env-config"
set_fact:
tfe_env_rps_info: "{{ result_exec_obtain_rps_mask.stdout | from_json }}"
- name: "output tfe_env_rps_info"
debug:
msg: "{{ tfe_env_rps_info }}"
######setting nic cpu affinity mask end######
######get isolate cpu core start######
- name: redirect proxy config to config .proxy.json
copy:
content: "{{ proxy | to_json }}"
dest: /opt/tsg/tsg-os-provision/.proxy.json
- name: "tsg-os-provision: execute obtain_isolate_cpu_range.py"
shell: /opt/tsg/tsg-os-provision/scripts/obtain_isolate_cpu_range.py
register: result_exec_obtain_isolate_cpu_range
- name: "tsg-os-provision: check result_exec_obtain_isolate_cpu_range"
assert:
that:
- result_exec_obtain_isolate_cpu_range.rc == 0
- result_exec_obtain_isolate_cpu_range.failed == False
fail_msg: "error:{{ result_exec_obtain_isolate_cpu_range.stderr }},stdout:{{ result_exec_obtain_isolate_cpu_range.stdout_lines }}"
success_msg: "Successded: obtain isolate cpu range"
- name: "set fact grub_cpu_isolate"
set_fact:
grub_cpu_isolate: "{{ result_exec_obtain_isolate_cpu_range.stdout }}"
######get isolate cpu core end######
- name: get /proc/cmdline
shell: cat /proc/cmdline
register: result_exec_cat_cmdline
# - name: need to reboot
# fail:
# msg: "Detected that the configuration of cpu isolate has changed, please run command \"provision-config-apply --reboot\" to reboot the machine that make the configuration take effect!"
# when:
# - result_exec_cat_cmdline is not search(grub_cpu_isolate)
# - enable_config_apply != '2'
- name: "set keep_alive_ip"
set_fact:
gdev_conf_keep_alive_ip: "{{ etherfabric_settings.keepalive.ip }}"
- name: "set cm_policy_server_ip and cm_policy_server_port"
set_fact:
cm_policy_server_ip: "{{cm.policy_server.address}}"
cm_policy_server_port: "{{ cm.policy_server.port }}"
# - name: "tsg-os-provision: execute obtain policy_and_log nic ip address"
# shell: ip addr show {{ network_setting.nic_policy_log.name }} | grep "inet " | awk '{ print $2 }' | awk -F "/" '{ print $1 }'
# register: result_exec_obtain_policy_and_log_nic_ip
- name: "tsg-os-provision: execute obtain policy_and_log nic ip address"
shell: grep "IPADDR" /etc/sysconfig/network-scripts/ifcfg-{{ network_setting.nic_policy_log.name }} | sed 's/IPADDR=//g'
register: result_exec_obtain_policy_and_log_nic_ip
- name: "tsg-os-provision: check result_exec_obtain_policy_and_log_nic_ip"
assert:
that:
- result_exec_obtain_policy_and_log_nic_ip.rc == 0
- result_exec_obtain_policy_and_log_nic_ip.failed == False
fail_msg: "error:{{ result_exec_obtain_policy_and_log_nic_ip.stderr }},stdout:{{ result_exec_obtain_policy_and_log_nic_ip.stdout_lines }}"
success_msg: "Successded: obtain policy_and_log nic ip address"
- name: "set fact policy_and_log_nic_ip"
set_fact:
policy_and_log_nic_ip: "{{ result_exec_obtain_policy_and_log_nic_ip.stdout }}"
- name: redirect proxy config to config policy_and_log_nic_ip
copy:
content: "policy_and_log_nic_ip: {{ policy_and_log_nic_ip }}"
dest: /opt/tsg/tsg-os-provision/.policy_and_log_nic_ip.yaml
# - name: "replace action: grub config isolate cpu"
# replace:
# path: "{{ item }}"
# regexp: 'isolcpus=\d+-+\d+'
# replace: 'isolcpus={{grub_cpu_isolate}}'
# with_items:
# - /boot/grub/grub.cfg
# - /etc/grub.d/40_onie_grub
- name: "tsg-os-provision: template mrglobal.conf file"
template:
src: "../templates/mrglobal.conf.j2"
dest: /opt/tsg/mrzcpd/etc/mrglobal.conf
tags: mrzcpd
- name: "tsg-os-provision: template tsg_workload_resource.yml file"
template:
src: "../templates/tsg_workload_resource.yml.j2"
dest: /opt/tsg/vsys1/workload_resource/tsg_workload_resource.yml
tags: vsys1
- name: "mkdir /opt/tsg/etc/"
file:
path: /opt/tsg/etc
@@ -202,9 +84,6 @@
src: /data/tsg-os-provision/provision.yml
dest: /data/tsg-os-provision/provision.yml.snapshot
# - name: load tsg images
# shell: /opt/tsg/vsys1/scripts/tsg-traffic-image-load.sh
- name: add porvision successed sign
file:
path: /data/tsg-os-provision/.provision_succeeded
@@ -233,9 +112,3 @@
name: mrapm_stream
state: restarted
when: enable_config_apply == '1'
- name: "tsg-os-provision: restart tsg-traffic-engine"
systemd:
name: tsg-traffic-engine
state: restarted
when: enable_config_apply == '1'

203
ansible/roles/tsg-os-provision/files/tasks/provision.yml.TSGXNXR620G40R01P0906-init
View File

@@ -1,220 +1,19 @@
---
- hosts: provision
tasks:
- name: Load default config file variable
include_vars:
file: /opt/tsg/tsg-os-provision/provision.default.yml
- name: Load general config file variable
include_vars:
file: /data/tsg-os-provision/provision.yml
- name: Load specified file variable
include_vars:
file: /data/tsg-os-provision/.policy_and_log_nic_ip.yaml
######setting cpu affinity start######
- name: obtain cpu layout info
set_fact:
cpu_layout_obtained: "{{ item }}"
loop: "{{ cpu_layouts }}"
when:
- ansible_facts.processor[2] is search(item.match.model_name)
- ansible_facts.processor_count == item.match.sockets
- name: set cpu affinity variable
set_fact:
workload_firewall_cpu_affinity: "{{ cpu_layout_obtained.sapp_affinity | join(',') }}"
workload_zcpd_cpu_affinity: "{{ cpu_layout_obtained.mrzcpd_affinity | join(',')}}"
workload_firewall_worker_threads: "{{ cpu_layout_obtained.sapp_affinity | length }}"
workload_proxy_cpu_affinity: "{{ cpu_layout_obtained.tfe_affinity | join(',') }}"
workload_proxy_worker_thread: "{{ cpu_layout_obtained.tfe_affinity | length | int - 1 }}"
- name: "tsg-os-provision: rewrite sapp_cpu_affinity and sapp_worker_threads"
set_fact:
workload_firewall_cpu_affinity: "{{ (cpu_layout_obtained.sapp_affinity + cpu_layout_obtained.tfe_affinity) | join(',') }}"
workload_firewall_worker_threads: "{{ (cpu_layout_obtained.sapp_affinity + cpu_layout_obtained.tfe_affinity) | length }}"
when: proxy.enable == 0
######setting cpu affinity end######
######setting nic cpu affinity mask start######
- name: output cpu_layouts config to config .cpu_layouts.json
copy:
content: "{{ cpu_layouts| to_json }}"
dest: /opt/tsg/tsg-os-provision/.cpu_layouts.json
- name: "tsg-os-provision: obtain rps_mask"
shell: /opt/tsg/tsg-os-provision/scripts/obtain_rps_mask.py
register: result_exec_obtain_rps_mask
- name: "tsg-os-provision: check result_exec_obtain_rps_mask"
assert:
that:
- result_exec_obtain_rps_mask.rc == 0
- result_exec_obtain_rps_mask.failed == False
fail_msg: "error:{{ result_exec_obtain_rps_mask.stderr }},stdout:{{ result_exec_obtain_rps_mask.stdout_lines }}"
success_msg: "Successded: obtain rpm mask"
- name: "set rps_mask into tfe-env-config"
set_fact:
tfe_env_rps_info: "{{ result_exec_obtain_rps_mask.stdout | from_json }}"
- name: "output tfe_env_rps_info"
debug:
msg: "{{ tfe_env_rps_info }}"
######setting nic cpu affinity mask end######
######get isolate cpu core start######
- name: redirect proxy config to config .proxy.json
copy:
content: "{{ proxy | to_json }}"
dest: /opt/tsg/tsg-os-provision/.proxy.json
- name: "tsg-os-provision: execute obtain_isolate_cpu_range.py"
shell: /opt/tsg/tsg-os-provision/scripts/obtain_isolate_cpu_range.py
register: result_exec_obtain_isolate_cpu_range
- name: "tsg-os-provision: check result_exec_obtain_isolate_cpu_range"
assert:
that:
- result_exec_obtain_isolate_cpu_range.rc == 0
- result_exec_obtain_isolate_cpu_range.failed == False
fail_msg: "error:{{ result_exec_obtain_isolate_cpu_range.stderr }},stdout:{{ result_exec_obtain_isolate_cpu_range.stdout_lines }}"
success_msg: "Successded: obtain isolate cpu range"
- name: "set fact grub_cpu_isolate"
set_fact:
grub_cpu_isolate: "{{ result_exec_obtain_isolate_cpu_range.stdout }}"
- name: "set fact policy_and_log nic name"
set_fact:
network_setting:
nic_policy_log:
name: "ctrl_mock"
######get isolate cpu core end######
- name: "set keep_alive_ip"
set_fact:
gdev_conf_keep_alive_ip: "{{ etherfabric_settings.keepalive.ip }}"
- name: "set cm_policy_server_ip and cm_policy_server_port"
set_fact:
cm_policy_server_ip: "{{cm.policy_server.address}}"
cm_policy_server_port: "{{ cm.policy_server.port }}"
- name: "mkdir /opt/tsg/exporter/"
file:
path: "{{ item }}"
state: directory
with_items:
- /target_config/opt/tsg/sapp/plug
- /target_config/opt/tsg/sapp/etc
- /target_config/opt/tsg/sapp/tsgconf
- /target_config/opt/tsg/sapp/plug/business/tsg_conn_sketch
- /target_config/opt/tsg/sapp/etc/kni
- /target_config/opt/tsg/sapp/etc/wannat
- /target_config/opt/tsg/tfe/conf/tfe
- /target_config/opt/tsg/tfe/conf/pangu
- /target_config/opt/tsg/certstore/conf
- /target_config/opt/tsg/sapp/etc/wire_graft
- /target_config/etc/telegraf
- /target_config/opt/tsg/etc
- /target_config/etc/default
- name: "get sn"
shell: /opt/tsg/tsg-os-provision/scripts/obtain_sn.sh
- name: "tsg-os-provision: Template the conflist.inf"
template:
src: ../templates/conflist.inf.j2
dest: /target_config/opt/tsg/sapp/plug/conflist.inf
tags: sapp
- name: "tsg-os-provision: template gdev.conf file"
template:
src: "../templates/gdev.conf.j2"
dest: /target_config/opt/tsg/sapp/etc/gdev.conf
tags: sapp
- name: "tsg-os-provision: Template the tsgconf/main.conf"
template:
src: "../templates/main.conf.j2"
dest: /target_config/opt/tsg/sapp/tsgconf/main.conf
tags: firewall
- name: "tsg-os-provision: Template the tsgconf/maat.conf"
template:
src: "../templates/maat.conf.j2"
dest: /target_config/opt/tsg/sapp/tsgconf/maat.conf
tags: firewall
- name: "tsg-os-provision: Template the tsg_conn_sketch.inf"
template:
src: "../templates/tsg_conn_sketch.inf.j2"
dest: /target_config/opt/tsg/sapp/plug/business/tsg_conn_sketch/tsg_conn_sketch.inf
tags: firewall
- name: "tsg-os-provision: Template the sapp.toml"
template:
src: "../templates/sapp.toml.j2"
dest: /target_config/opt/tsg/sapp/etc/sapp.toml
tags: sapp
- name: "tsg-os-provision: Template the send_raw_pkt.conf"
template:
src: "../templates/send_raw_pkt.conf.j2"
dest: /target_config/opt/tsg/sapp/etc/send_raw_pkt.conf
tags: sapp
- name: "tsg-os-provision: template the kni.conf"
template:
src: "../templates/kni.conf.j2"
dest: /target_config/opt/tsg/sapp/etc/kni/kni.conf
tags: sapp
- name: "tsg-os-provision: template wannat wangw.conf file"
template:
src: "../templates/wangw.conf.j2"
dest: /target_config/opt/tsg/sapp/etc/wannat/wangw.conf
tags: wangw
- name: "tsg-os-provision: template wire_graft.conf file"
template:
src: "../templates/wire_graft.conf.j2"
dest: /target_config/opt/tsg/sapp/etc/wire_graft/wire_graft.conf
tags: wire_graft
- name: "tsg-os-provision: template the tfe.conf"
template:
src: "../templates/tfe.conf.j2"
dest: /target_config/opt/tsg/tfe/conf/tfe/tfe.conf
tags: tfe
when: proxy.enable == 1
- name: "tsg-os-provision: template the pangu_pxy.conf"
template:
src: "../templates/pangu_pxy.conf.j2"
dest: /target_config/opt/tsg/tfe/conf/pangu/pangu_pxy.conf
tags: tfe
when: proxy.enable == 1
- name: "tsg-os-provision: template certstore configure file"
template:
src: "../templates/cert_store.ini.j2"
dest: /target_config/opt/tsg/certstore/conf/cert_store.ini
tags: certstore
- name: "tsg-os-provision: Templates telegraf.conf"
template:
src: "../templates/telegraf_statistic.conf.j2"
dest: /target_config/etc/telegraf/telegraf_statistic.conf
tags: telegraf_statistic
- name: "create tap device ctrl_mock"
shell: ip tuntap add mode tap ctrl_mock; ifconfig ctrl_mock up; ifconfig ctrl_mock {{ policy_and_log_nic_ip }}/32; ifconfig ctrl_mock mtu 2000
shell: ip tuntap add mode tap ctrl_mock; ifconfig ctrl_mock up; ifconfig ctrl_mock $NODE_IP/32; ifconfig ctrl_mock mtu 2000
- name: "create tap device tap0"
shell: ip tuntap add dev tap0 mode tap multi_queue

114
ansible/roles/tsg-os-provision/files/tasks/provision.yml.TSGXNXR620G40R01P1808
View File

@@ -1,114 +0,0 @@
---
- hosts: provision
tasks:
- name: Load default config file variable
include_vars:
file: /opt/tsg/tsg-os-provision/provision.default.yml
- name: Load general config file variable
include_vars:
file: /data/tsg-os-provision/provision.yml
- name: Load provision.yml.d config file variable
include_vars:
dir: /data/tsg-os-provision/provision.yml.d/
ignore_unknown_extensions: yes
extensions:
- 'yml'
- 'yaml'
######setting cpu affinity start######
- name: obtain cpu layout info
set_fact:
cpu_layout_obtained: "{{ item }}"
loop: "{{ cpu_layouts }}"
when:
- ansible_facts.processor[2] is search(item.match.model_name)
- ansible_facts.processor_count == item.match.sockets
- name: set cpu affinity variable
set_fact:
workload_firewall_cpu_affinity: "{{ cpu_layout_obtained.sapp_affinity | join(',') }}"
workload_zcpd_cpu_affinity: "{{ cpu_layout_obtained.mrzcpd_affinity | join(',')}}"
workload_firewall_worker_threads: "{{ cpu_layout_obtained.sapp_affinity | length }}"
workload_proxy_cpu_affinity: "{{ cpu_layout_obtained.tfe_affinity | join(',') }}"
workload_proxy_worker_thread: "{{ cpu_layout_obtained.tfe_affinity | length | int - 1 }}"
######setting cpu affinity end######
- name: "tsg-os-provision: template mrglobal.conf file"
template:
src: "../templates/mrglobal.conf.j2"
dest: /opt/tsg/mrzcpd/etc/mrglobal.conf
tags: mrzcpd
- name: "mkdir /opt/tsg/etc/"
file:
path: /opt/tsg/etc
state: directory
- name: "tsg-os-provision: obtain sn and write sn to tsg_sn.json"
shell: /opt/tsg/tsg-os-provision/scripts/obtain_sn.sh
register: result_exec_obtain_sn_and_write_sn_in_file
- name: "tsg-os-provision: check result_exec_obtain_sn_and_write_sn_in_file"
assert:
that:
- result_exec_obtain_sn_and_write_sn_in_file.rc == 0
- result_exec_obtain_sn_and_write_sn_in_file.failed == False
fail_msg: "error:{{ result_exec_obtain_sn_and_write_sn_in_file.stderr }},stdout:{{ result_exec_obtain_sn_and_write_sn_in_file.stdout_lines }}"
success_msg: "Successded: obtain the sn and write sn into tsg_sn.json"
- name: "tsg-os-provision: template the tsg_device_tag"
template:
src: "../templates/tsg_device_tag.json.j2"
dest: /opt/tsg/etc/tsg_device_tag.json
tags: tsg_device_tag
- name: 'tsg-os-provision: execute command - systemctl daemon-reload'
systemd:
daemon_reload: yes
- name: "tsg-os-provision: coredump setup override - mkdir"
file:
path: /usr/lib/systemd/coredump.conf.d/
state: directory
- name: "tsg-os-provision: coredump setup override - override"
template:
src: "../templates/coredump_setup_override.conf.j2"
dest: /usr/lib/systemd/coredump.conf.d/coredump_setup_override.conf
- name: "tsg-os-provision: snapshot the stage2 config files"
copy:
src: /data/tsg-os-provision/provision.yml
dest: /data/tsg-os-provision/provision.yml.snapshot
- name: add porvision successed sign
file:
path: /data/tsg-os-provision/.provision_succeeded
state: touch
- name: "tsg-os-provision: restart mrenv"
systemd:
name: mrenv
state: restarted
when: enable_config_apply == '1'
- name: "tsg-os-provision: restart mrzcpd"
systemd:
name: mrzcpd
state: restarted
when: enable_config_apply == '1'
- name: "tsg-os-provision: restart mrapm_device"
systemd:
name: mrapm_device
state: restarted
when: enable_config_apply == '1'
- name: "tsg-os-provision: restart mrapm_stream"
systemd:
name: mrapm_stream
state: restarted
when: enable_config_apply == '1'

24
ansible/roles/tsg-os-provision/files/tasks/provision.yml.TSGXNXR620G40R01P1808-init
View File

@@ -1,24 +0,0 @@
---
- hosts: provision
tasks:
- name: "mkdir /opt/tsg/exporter/"
file:
path: "{{ item }}"
state: directory
with_items:
- /target_config/opt/tsg/etc
- /target_config/etc/default
- name: "get sn"
shell: /opt/tsg/tsg-os-provision/scripts/obtain_sn.sh
- name: "create tap device ctrl_mock"
shell: ip tuntap add mode tap ctrl_mock; ifconfig ctrl_mock up; ifconfig ctrl_mock $NODE_IP/32; ifconfig ctrl_mock mtu 2000
- name: "create tap device tap0"
shell: ip tuntap add dev tap0 mode tap multi_queue
when: proxy.enable == 1
- name: "execute tfe-env shell"
shell: /opt/tsg/tfe/tfe-env-start.sh
when: proxy.enable == 1

26
ansible/roles/tsg-os-provision/tasks/main.yml
View File

@@ -91,13 +91,6 @@
mode: 0644
when: runtime_env == 'TSG-X-P0906' and PROFILE_ID == 'TSG-X-NXR620G40-R01-P0906'
- name: "tsg-os-provision: copy tasks file that excutes provision to dest - tsg-x p1808"
copy:
src: "{{ role_path }}/files/tasks/provision.yml.TSGXNXR620G40R01P1808"
dest: /opt/tsg/tsg-os-provision/tasks/provision.yml
mode: 0644
when: runtime_env == 'TSG-X-P0906' and PROFILE_ID == 'TSG-X-NXR620G40-R01-P1808'
- name: "tsg-os-provision: copy tasks file that excutes provision to dest - tsg-x p0906 init"
copy:
src: "{{ role_path }}/files/tasks/provision.yml.TSGXNXR620G40R01P0906-init"
@@ -105,13 +98,6 @@
mode: 0644
when: runtime_env == 'TSG-X-P0906' and PROFILE_ID == 'TSG-X-NXR620G40-R01-P0906-init'
- name: "tsg-os-provision: copy tasks file that excutes provision to dest - tsg-x p1808 init"
copy:
src: "{{ role_path }}/files/tasks/provision.yml.TSGXNXR620G40R01P1808-init"
dest: /opt/tsg/tsg-os-provision/tasks/provision.yml
mode: 0644
when: runtime_env == 'TSG-X-P0906' and PROFILE_ID == 'TSG-X-NXR620G40-R01-P1808-init'
- name: "tsg-os-provision: copy provision.yml.sample file to dest - tsg9140"
copy:
src: "{{ role_path }}/files/config_sample/provision.yml.sample.9000NPBP01R01"
@@ -159,7 +145,7 @@
src: "{{ role_path }}/files/config_sample/provision.default.yml.TSGXNXR620G40R01P0804"
dest: /opt/tsg/tsg-os-provision/provision.default.yml
mode: 0644
when: runtime_env == 'TSG-X-P0804' or runtime_env == 'TSG-X-P0906' or runtime_env == 'TSG-X-P1808'
when: runtime_env == 'TSG-X-P0804' or runtime_env == 'TSG-X-P0906'
- name: "tsg-os-provision: copy provision.yml.sample to dest - tsg7400 mcn0"
copy:
@@ -194,7 +180,7 @@
src: "{{ role_path }}/files/config_sample/provision.yml.sample.TSGXNXR620G40R01P0804"
dest: /opt/tsg/tsg-os-provision/provision.yml.sample
mode: 0644
when: runtime_env == 'TSG-X-P0804' or runtime_env == 'TSG-X-P0906' or runtime_env == 'TSG-X-P1808'
when: runtime_env == 'TSG-X-P0804' or runtime_env == 'TSG-X-P0906'
- name: "tsg-os-provision: copy provision.sh file to dest"
copy:
@@ -271,20 +257,20 @@
mode: 0644
with_items:
- { "src": tsg-os-provision.service.TSGXP0906, "dest": tsg-os-provision.service }
when: runtime_env == 'TSG-X-P0906' or runtime_env == 'TSG-X-P1808'
when: runtime_env == 'TSG-X-P0906'
- name: "replace action: add service into sysinit.target --TSG-X-P1403"
shell: ln -vfs --relative /usr/lib/systemd/system/{{item}} /usr/lib/systemd/system/sysinit.target.wants/{{item}}
with_items:
- tsg-os-provision.service
when: runtime_env == 'TSG-X-P1403' or runtime_env == 'TSG-X-P0804' or runtime_env == 'TSG-X-P0906' or runtime_env == 'TSG-X-P1808'
when: runtime_env == 'TSG-X-P1403' or runtime_env == 'TSG-X-P0804' or runtime_env == 'TSG-X-P0906'
- name: "tsg-os-provision: copy provision-config-apply to dest - TSG-X-P1403"
copy:
src: "{{ role_path }}/files/script/provision-config-apply"
dest: /opt/tsg/tsg-os-provision/
mode: 0755
when: runtime_env == 'TSG-X-P1403' or runtime_env == 'TSG-X-P0804' or runtime_env == 'TSG-X-P0906' or runtime_env == 'TSG-X-P1808'
when: runtime_env == 'TSG-X-P1403' or runtime_env == 'TSG-X-P0804' or runtime_env == 'TSG-X-P0906'
- name: "tsg-os-provision: obtain_rps_mask and obtain_cpu_core_range to dest - TSG-X-P0804"
copy:
@@ -294,7 +280,7 @@
with_items:
- obtain_rps_mask.py
- obtain_isolate_cpu_range.py
when: runtime_env == 'TSG-X-P0804' or runtime_env == 'TSG-X-P0906' or runtime_env == 'TSG-X-P1808'
when: runtime_env == 'TSG-X-P0804' or runtime_env == 'TSG-X-P0906'
######TSG-X-P1403 end######

14
make/Makefile.TSGXNXR620G40R01P0906
View File

@@ -203,15 +203,15 @@ sysroot-cleanup:
rm -rf $(TARGET_SYSROOT_DIR)/dev/*
add-images-into-sysroot: container-images-generate
mkdir -p $(TARGET_SYSROOT_DIR)/opt/tsg/images/
cp $(TARGET_CONTAINER_IMAGE_DIR)/$(CONTAINER_FIREWALL_TAR) $(TARGET_SYSROOT_DIR)/opt/tsg/images/
cp $(TARGET_CONTAINER_IMAGE_DIR)/$(CONTAINER_RPOXY_TAR) $(TARGET_SYSROOT_DIR)/opt/tsg/images/
cp $(TARGET_CONTAINER_IMAGE_DIR)/$(CONTAINER_CERTSTORE_TAR) $(TARGET_SYSROOT_DIR)/opt/tsg/images/
cp $(TARGET_CONTAINER_IMAGE_DIR)/$(CONTAINER_TELEGRAF_TAR) $(TARGET_SYSROOT_DIR)/opt/tsg/images/
cp $(TARGET_CONTAINER_IMAGE_DIR)/$(CONTAINER_INIT_TAR) $(TARGET_SYSROOT_DIR)/opt/tsg/images/
mkdir -p $(TARGET_SYSROOT_DIR)/var/lib/rancher/k3s/agent/images/
cp $(TARGET_CONTAINER_IMAGE_DIR)/$(CONTAINER_FIREWALL_TAR) $(TARGET_SYSROOT_DIR)/var/lib/rancher/k3s/agent/images/
cp $(TARGET_CONTAINER_IMAGE_DIR)/$(CONTAINER_RPOXY_TAR) $(TARGET_SYSROOT_DIR)/var/lib/rancher/k3s/agent/images/
cp $(TARGET_CONTAINER_IMAGE_DIR)/$(CONTAINER_CERTSTORE_TAR) $(TARGET_SYSROOT_DIR)/var/lib/rancher/k3s/agent/images/
cp $(TARGET_CONTAINER_IMAGE_DIR)/$(CONTAINER_TELEGRAF_TAR) $(TARGET_SYSROOT_DIR)/var/lib/rancher/k3s/agent/images/
cp $(TARGET_CONTAINER_IMAGE_DIR)/$(CONTAINER_INIT_TAR) $(TARGET_SYSROOT_DIR)/var/lib/rancher/k3s/agent/images/
sysroot-archive: installer add-images-into-sysroot sysroot-cleanup
cp $(TARGET_CONTAINER_INIT_SYSROOT_DIR)/etc/sysctl.d/80-tfe.conf $(TARGET_SYSROOT_DIR)/etc/sysctl.d/
cp $(TARGET_CONTAINER_RPOXY_SYSROOT_DIR)/etc/sysctl.d/80-tfe.conf $(TARGET_SYSROOT_DIR)/etc/sysctl.d/
tar --exclude=*~ --exclude-backups --owner=root --group=root -c -C $(TARGET_SYSROOT_DIR) . | pbzip2 -p9 > $(TARGET_INSTALLER_DIR)/$(CHROOT_PKG)
sysroot-binary: sysroot-archive

223
make/Makefile.TSGXNXR620G40R01P1808
View File

@@ -1,223 +0,0 @@
PROFILE_ID := TSG-X-NXR620G40-R01-P1808
SUPPORTED_MACHINE_ID := TSG-X-NXR620G40-R01-P1808
KERNEL_ARGS := crashkernel=512M default_hugepagesz=1G hugepagesz=1G hugepages=16 intel_iommu=on iommu=pt mitigations=off psi=1
GRUB_SERIAL_COMMAND :=
SIZE_PART_SYSROOT := 16384M
SIZE_PART_UPDATE := 16384M
PROFILE_ID_IN_SHORT := $(subst -,$e,$(PROFILE_ID))
CHROOT_PKG := tsg-os-${OS_RELEASE_VER}-${PROFILE_ID_IN_SHORT}-chroot.tar.bz2
CHROOT_BIN := tsg-os-${OS_RELEASE_VER}-${PROFILE_ID_IN_SHORT}-ONIE.bin
TARGET_BUILD_DIR := $(BUILDDIR_BASE)/$(PROFILE_ID)
TARGET_INSTALLER_DIR := $(TARGET_BUILD_DIR)/installer
TARGET_SYSROOT_DIR := $(TARGET_BUILD_DIR)/sysroot
TARGET_CONTAINER_IMAGE_DIR := $(TARGET_BUILD_DIR)/container_images
CONTAINER_DOCKERFILE := $(TARGET_CONTAINER_IMAGE_DIR)/Dockerfile
CONTAINER_FIREWALL_NAME := firewall
TARGET_CONTAINER_FIREWALL_SYSROOT_DIR := $(TARGET_BUILD_DIR)/$(CONTAINER_FIREWALL_NAME)-container_sysroot
CONTAINER_FIREWALL_PKG := tsg-$(CONTAINER_FIREWALL_NAME)-${OS_RELEASE_VER}-${PROFILE_ID_IN_SHORT}-docker.tar.xz
CONTAINER_FIREWALL_TAR := tsg-$(CONTAINER_FIREWALL_NAME)-${OS_RELEASE_VER}-docker.tar
CONTAINER_PROXY_NAME := proxy
TARGET_CONTAINER_RPOXY_SYSROOT_DIR := $(TARGET_BUILD_DIR)/$(CONTAINER_PROXY_NAME)-container_sysroot
CONTAINER_RPOXY_PKG := tsg-$(CONTAINER_PROXY_NAME)-${OS_RELEASE_VER}-${PROFILE_ID_IN_SHORT}-docker.tar.gz
CONTAINER_RPOXY_TAR := tsg-$(CONTAINER_PROXY_NAME)-${OS_RELEASE_VER}-docker.tar
CONTAINER_CERTSTORE_NAME := certstore
TARGET_CONTAINER_CERTSTORE_SYSROOT_DIR := $(TARGET_BUILD_DIR)/$(CONTAINER_CERTSTORE_NAME)-container_sysroot
CONTAINER_CERTSTORE_PKG := tsg-$(CONTAINER_CERTSTORE_NAME)-${OS_RELEASE_VER}-${PROFILE_ID_IN_SHORT}-docker.tar.gz
CONTAINER_CERTSTORE_TAR := tsg-$(CONTAINER_CERTSTORE_NAME)-${OS_RELEASE_VER}-docker.tar
CONTAINER_TELEGRAF_NAME := telegraf
TARGET_CONTAINER_TELEGRAF_SYSROOT_DIR := $(TARGET_BUILD_DIR)/$(CONTAINER_TELEGRAF_NAME)-container_sysroot
CONTAINER_TELEGRAF_PKG := tsg-$(CONTAINER_TELEGRAF_NAME)-${OS_RELEASE_VER}-${PROFILE_ID_IN_SHORT}-docker.tar.gz
CONTAINER_TELEGRAF_TAR := tsg-$(CONTAINER_TELEGRAF_NAME)-${OS_RELEASE_VER}-docker.tar
CONTAINER_INIT_NAME := init
TARGET_CONTAINER_INIT_SYSROOT_DIR := $(TARGET_BUILD_DIR)/$(CONTAINER_INIT_NAME)-container_sysroot
CONTAINER_INIT_PKG := tsg-$(CONTAINER_INIT_NAME)-${OS_RELEASE_VER}-${PROFILE_ID_IN_SHORT}-docker.tar.gz
CONTAINER_INIT_TAR := tsg-$(CONTAINER_INIT_NAME)-${OS_RELEASE_VER}-docker.tar
.PHONY: all builddir installer sysroot-base sysroot-cleanup sysroot-archive sysroot-binary container-sysroot-base container-sysroot-ansible container-images-generate add-images-into-sysroot container-sysroot-cleanup clean
all: sysroot-binary
builddir:
mkdir -p $(TARGET_BUILD_DIR)
installer: builddir
rm -rf $(TARGET_INSTALLER_DIR)
mkdir -p $(TARGET_INSTALLER_DIR)
cp $(INSTALLERDIR)/install.sh $(TARGET_INSTALLER_DIR)/install.sh
cp $(INSTALLERDIR)/distro-setup.sh $(TARGET_INSTALLER_DIR)/distro-setup.sh
chmod +x $(TARGET_INSTALLER_DIR)/install.sh
chmod +x $(TARGET_INSTALLER_DIR)/distro-setup.sh
sed -i -e "s/%%DISTR0_VER%%/$(OS_RELEASE_VER)/" $(TARGET_INSTALLER_DIR)/install.sh
sed -i -e "s/%%MACHINE_ID%%/$(SUPPORTED_MACHINE_ID)/" $(TARGET_INSTALLER_DIR)/install.sh
sed -i -e "s/%%CHROOT_PKG%%/$(CHROOT_PKG)/" $(TARGET_INSTALLER_DIR)/install.sh
sed -i -e "s/%%KERNAL_ARGS%%/$(KERNEL_ARGS)/" $(TARGET_INSTALLER_DIR)/install.sh
sed -i -e "s/%%GRUB_SERIAL_COMMAND%%/$(GRUB_SERIAL_COMMAND)/" $(TARGET_INSTALLER_DIR)/install.sh
sed -i -e "s/%%SIZE_PART_SYSROOT%%/$(SIZE_PART_SYSROOT)/" $(TARGET_INSTALLER_DIR)/install.sh
sed -i -e "s/%%SIZE_PART_UPDATE%%/$(SIZE_PART_UPDATE)/" $(TARGET_INSTALLER_DIR)/install.sh
sed -i '/sapp-pr:/d;/tfe-pr:/d' $(PROJECTDIR)/ansible/install_config/group_vars/rpm_version.yml
sysroot-base: builddir
$(TOOLSDIR)/mk-base-image $(CONFDIR)/yum-RockyLinux-8.conf $(TARGET_SYSROOT_DIR) $(PROJECTDIR) $(PROFILE_ID)
container-sysroot-base: builddir sysroot-verfile sysroot-ansible
rm -rf $(TARGET_CONTAINER_FIREWALL_SYSROOT_DIR)
rm -rf $(TARGET_CONTAINER_RPOXY_SYSROOT_DIR)
rm -rf $(TARGET_CONTAINER_CERTSTORE_SYSROOT_DIR)
rm -rf $(TARGET_CONTAINER_TELEGRAF_SYSROOT_DIR)
rm -rf $(TARGET_CONTAINER_INIT_SYSROOT_DIR)
mkdir -p $(TARGET_CONTAINER_FIREWALL_SYSROOT_DIR)
mkdir -p $(TARGET_CONTAINER_RPOXY_SYSROOT_DIR)
mkdir -p $(TARGET_CONTAINER_CERTSTORE_SYSROOT_DIR)
mkdir -p $(TARGET_CONTAINER_TELEGRAF_SYSROOT_DIR)
mkdir -p $(TARGET_CONTAINER_INIT_SYSROOT_DIR)
mkdir -p $(TARGET_CONTAINER_IMAGE_DIR)
tar -Jxf $(PROJECTDIR)/package/rocky-8.6-docker.tar.xz -C $(TARGET_CONTAINER_FIREWALL_SYSROOT_DIR)
tar -Jxf $(PROJECTDIR)/package/rocky-8.6-docker.tar.xz -C $(TARGET_CONTAINER_RPOXY_SYSROOT_DIR)
tar -Jxf $(PROJECTDIR)/package/rocky-8.6-docker.tar.xz -C $(TARGET_CONTAINER_CERTSTORE_SYSROOT_DIR)
tar -Jxf $(PROJECTDIR)/package/rocky-8.6-docker.tar.xz -C $(TARGET_CONTAINER_TELEGRAF_SYSROOT_DIR)
tar -Jxf $(PROJECTDIR)/package/rocky-8.6-docker.tar.xz -C $(TARGET_CONTAINER_INIT_SYSROOT_DIR)
#curl -SL https://raw.githubusercontent.com/rocky-linux/sig-cloud-instance-images/Rocky-8.5-x86_64/rocky-8.5-docker-x86_64.tar.xz | tar -Jx -C $(TARGET_CONTAINER_SYSROOT_DIR)
sysroot-verfile: sysroot-base
sed -i -e "s/^NAME=.*/NAME=\"TSG-OS\"/" $(TARGET_SYSROOT_DIR)/usr/lib/os-release
sed -i -e "s/^VERSION=.*/VERSION=\"$(OS_RELEASE_VER) ($(PROFILE_ID_IN_SHORT))\"/" $(TARGET_SYSROOT_DIR)/usr/lib/os-release
sed -i -e "s/^PRETTY_NAME=.*/PRETTY_NAME=\"TSG-OS $(OS_RELEASE_VER) ($(PROFILE_ID_IN_SHORT))\"/" $(TARGET_SYSROOT_DIR)/usr/lib/os-release
sysroot-ansible: sysroot-verfile sysroot-base
cp $(CONFDIR)/yum-RockyLinux-8.conf $(TARGET_SYSROOT_DIR)/tmp/ -r
cp $(CONFDIR)/resolv.conf $(TARGET_SYSROOT_DIR)/etc/ -r
cp $(TARGET_SYSROOT_DIR)/etc/hosts $(TARGET_SYSROOT_DIR)/tmp/ -r
cp /etc/hosts $(TARGET_SYSROOT_DIR)/etc/ -r
$(TOOLSDIR)/ansible-HAL $(PROFILE_ID) $(PROJECTDIR) $(TARGET_SYSROOT_DIR) /tmp/yum-RockyLinux-8.conf $(OS_RELEASE_VER)
cp $(TARGET_SYSROOT_DIR)/tmp/hosts $(TARGET_SYSROOT_DIR)/etc/ -r
container-sysroot-ansible: container-sysroot-base
cp $(CONFDIR)/yum-RockyLinux-8.conf $(TARGET_CONTAINER_FIREWALL_SYSROOT_DIR)/tmp/ -r
cp $(CONFDIR)/resolv.conf $(TARGET_CONTAINER_FIREWALL_SYSROOT_DIR)/etc/ -r
cp $(TARGET_CONTAINER_FIREWALL_SYSROOT_DIR)/etc/hosts $(TARGET_CONTAINER_FIREWALL_SYSROOT_DIR)/tmp/ -r
cp /etc/hosts $(TARGET_CONTAINER_FIREWALL_SYSROOT_DIR)/etc/ -r
$(TOOLSDIR)/ansible-HAL $(PROFILE_ID)-$(CONTAINER_FIREWALL_NAME) $(PROJECTDIR) $(TARGET_CONTAINER_FIREWALL_SYSROOT_DIR) /tmp/yum-RockyLinux-8.conf $(OS_RELEASE_VER)
cp $(TARGET_CONTAINER_FIREWALL_SYSROOT_DIR)/tmp/hosts $(TARGET_CONTAINER_FIREWALL_SYSROOT_DIR)/etc/ -r
cp $(CONFDIR)/yum-RockyLinux-8.conf $(TARGET_CONTAINER_RPOXY_SYSROOT_DIR)/tmp/ -r
cp $(CONFDIR)/resolv.conf $(TARGET_CONTAINER_RPOXY_SYSROOT_DIR)/etc/ -r
cp $(TARGET_CONTAINER_RPOXY_SYSROOT_DIR)/etc/hosts $(TARGET_CONTAINER_RPOXY_SYSROOT_DIR)/tmp/ -r
cp /etc/hosts $(TARGET_CONTAINER_RPOXY_SYSROOT_DIR)/etc/ -r
$(TOOLSDIR)/ansible-HAL $(PROFILE_ID)-$(CONTAINER_PROXY_NAME) $(PROJECTDIR) $(TARGET_CONTAINER_RPOXY_SYSROOT_DIR) /tmp/yum-RockyLinux-8.conf $(OS_RELEASE_VER)
cp $(TARGET_CONTAINER_RPOXY_SYSROOT_DIR)/tmp/hosts $(TARGET_CONTAINER_RPOXY_SYSROOT_DIR)/etc/ -r
cp $(CONFDIR)/yum-RockyLinux-8.conf $(TARGET_CONTAINER_CERTSTORE_SYSROOT_DIR)/tmp/ -r
cp $(CONFDIR)/resolv.conf $(TARGET_CONTAINER_CERTSTORE_SYSROOT_DIR)/etc/ -r
cp $(TARGET_CONTAINER_CERTSTORE_SYSROOT_DIR)/etc/hosts $(TARGET_CONTAINER_CERTSTORE_SYSROOT_DIR)/tmp/ -r
cp /etc/hosts $(TARGET_CONTAINER_CERTSTORE_SYSROOT_DIR)/etc/ -r
$(TOOLSDIR)/ansible-HAL $(PROFILE_ID)-$(CONTAINER_CERTSTORE_NAME) $(PROJECTDIR) $(TARGET_CONTAINER_CERTSTORE_SYSROOT_DIR) /tmp/yum-RockyLinux-8.conf $(OS_RELEASE_VER)
cp $(TARGET_CONTAINER_CERTSTORE_SYSROOT_DIR)/tmp/hosts $(TARGET_CONTAINER_CERTSTORE_SYSROOT_DIR)/etc/ -r
cp $(CONFDIR)/yum-RockyLinux-8.conf $(TARGET_CONTAINER_TELEGRAF_SYSROOT_DIR)/tmp/ -r
cp $(CONFDIR)/resolv.conf $(TARGET_CONTAINER_TELEGRAF_SYSROOT_DIR)/etc/ -r
cp $(TARGET_CONTAINER_TELEGRAF_SYSROOT_DIR)/etc/hosts $(TARGET_CONTAINER_TELEGRAF_SYSROOT_DIR)/tmp/ -r
cp /etc/hosts $(TARGET_CONTAINER_TELEGRAF_SYSROOT_DIR)/etc/ -r
$(TOOLSDIR)/ansible-HAL $(PROFILE_ID)-$(CONTAINER_TELEGRAF_NAME) $(PROJECTDIR) $(TARGET_CONTAINER_TELEGRAF_SYSROOT_DIR) /tmp/yum-RockyLinux-8.conf $(OS_RELEASE_VER)
cp $(TARGET_CONTAINER_TELEGRAF_SYSROOT_DIR)/tmp/hosts $(TARGET_CONTAINER_TELEGRAF_SYSROOT_DIR)/etc/ -r
cp $(CONFDIR)/yum-RockyLinux-8.conf $(TARGET_CONTAINER_INIT_SYSROOT_DIR)/tmp/ -r
cp $(CONFDIR)/resolv.conf $(TARGET_CONTAINER_INIT_SYSROOT_DIR)/etc/ -r
cp $(TARGET_CONTAINER_INIT_SYSROOT_DIR)/etc/hosts $(TARGET_CONTAINER_INIT_SYSROOT_DIR)/tmp/ -r
cp /etc/hosts $(TARGET_CONTAINER_INIT_SYSROOT_DIR)/etc/ -r
$(TOOLSDIR)/ansible-HAL $(PROFILE_ID)-$(CONTAINER_INIT_NAME) $(PROJECTDIR) $(TARGET_CONTAINER_INIT_SYSROOT_DIR) /tmp/yum-RockyLinux-8.conf $(OS_RELEASE_VER)
cp $(TARGET_CONTAINER_INIT_SYSROOT_DIR)/tmp/hosts $(TARGET_CONTAINER_INIT_SYSROOT_DIR)/etc/ -r
container-sysroot-cleanup:
cp $(TARGET_CONTAINER_FIREWALL_SYSROOT_DIR)/tmp/ks-script-* $(TARGET_CONTAINER_FIREWALL_SYSROOT_DIR)
rm -rf $(TARGET_CONTAINER_FIREWALL_SYSROOT_DIR)/tmp/*
rm -rf $(TARGET_CONTAINER_FIREWALL_SYSROOT_DIR)/dev/*
mv $(TARGET_CONTAINER_FIREWALL_SYSROOT_DIR)/ks-script-* $(TARGET_CONTAINER_FIREWALL_SYSROOT_DIR)/tmp
cp $(TARGET_CONTAINER_RPOXY_SYSROOT_DIR)/tmp/ks-script-* $(TARGET_CONTAINER_RPOXY_SYSROOT_DIR)
rm -rf $(TARGET_CONTAINER_RPOXY_SYSROOT_DIR)/tmp/*
rm -rf $(TARGET_CONTAINER_RPOXY_SYSROOT_DIR)/dev/*
mv $(TARGET_CONTAINER_RPOXY_SYSROOT_DIR)/ks-script-* $(TARGET_CONTAINER_RPOXY_SYSROOT_DIR)/tmp
cp $(TARGET_CONTAINER_CERTSTORE_SYSROOT_DIR)/tmp/ks-script-* $(TARGET_CONTAINER_CERTSTORE_SYSROOT_DIR)
rm -rf $(TARGET_CONTAINER_CERTSTORE_SYSROOT_DIR)/tmp/*
rm -rf $(TARGET_CONTAINER_CERTSTORE_SYSROOT_DIR)/dev/*
mv $(TARGET_CONTAINER_CERTSTORE_SYSROOT_DIR)/ks-script-* $(TARGET_CONTAINER_CERTSTORE_SYSROOT_DIR)/tmp
cp $(TARGET_CONTAINER_TELEGRAF_SYSROOT_DIR)/tmp/ks-script-* $(TARGET_CONTAINER_TELEGRAF_SYSROOT_DIR)
rm -rf $(TARGET_CONTAINER_TELEGRAF_SYSROOT_DIR)/tmp/*
rm -rf $(TARGET_CONTAINER_TELEGRAF_SYSROOT_DIR)/dev/*
mv $(TARGET_CONTAINER_TELEGRAF_SYSROOT_DIR)/ks-script-* $(TARGET_CONTAINER_TELEGRAF_SYSROOT_DIR)/tmp
cp $(TARGET_CONTAINER_INIT_SYSROOT_DIR)/tmp/ks-script-* $(TARGET_CONTAINER_INIT_SYSROOT_DIR)
rm -rf $(TARGET_CONTAINER_INIT_SYSROOT_DIR)/tmp/*
rm -rf $(TARGET_CONTAINER_INIT_SYSROOT_DIR)/dev/*
mv $(TARGET_CONTAINER_INIT_SYSROOT_DIR)/ks-script-* $(TARGET_CONTAINER_INIT_SYSROOT_DIR)/tmp
container-images-generate: container-sysroot-ansible container-sysroot-cleanup
tar -Jcf $(TARGET_CONTAINER_IMAGE_DIR)/$(CONTAINER_FIREWALL_PKG) -C $(TARGET_CONTAINER_FIREWALL_SYSROOT_DIR) .
echo -e "FROM scratch\nADD $(CONTAINER_FIREWALL_PKG) /\n\nCMD ["/bin/bash"]\n" > $(CONTAINER_DOCKERFILE)
docker build -t tsg-${CONTAINER_FIREWALL_NAME}:$(OS_RELEASE_VER) -f $(CONTAINER_DOCKERFILE) $(TARGET_CONTAINER_IMAGE_DIR)
docker save tsg-${CONTAINER_FIREWALL_NAME}:$(OS_RELEASE_VER) > $(TARGET_CONTAINER_IMAGE_DIR)/$(CONTAINER_FIREWALL_TAR)
docker rmi tsg-${CONTAINER_FIREWALL_NAME}:$(OS_RELEASE_VER)
tar -Jcf $(TARGET_CONTAINER_IMAGE_DIR)/$(CONTAINER_RPOXY_PKG) -C $(TARGET_CONTAINER_RPOXY_SYSROOT_DIR) .
echo -e "FROM scratch\nADD $(CONTAINER_RPOXY_PKG) /\n\nCMD ["/bin/bash"]\n" > $(CONTAINER_DOCKERFILE)
docker build -t tsg-$(CONTAINER_PROXY_NAME):$(OS_RELEASE_VER) -f $(CONTAINER_DOCKERFILE) $(TARGET_CONTAINER_IMAGE_DIR)
docker save tsg-$(CONTAINER_PROXY_NAME):$(OS_RELEASE_VER) > $(TARGET_CONTAINER_IMAGE_DIR)/$(CONTAINER_RPOXY_TAR)
docker rmi tsg-$(CONTAINER_PROXY_NAME):$(OS_RELEASE_VER)
tar -Jcf $(TARGET_CONTAINER_IMAGE_DIR)/$(CONTAINER_CERTSTORE_PKG) -C $(TARGET_CONTAINER_CERTSTORE_SYSROOT_DIR) .
echo -e "FROM scratch\nADD $(CONTAINER_CERTSTORE_PKG) /\n\nCMD ["/bin/bash"]\n" > $(CONTAINER_DOCKERFILE)
docker build -t tsg-$(CONTAINER_CERTSTORE_NAME):$(OS_RELEASE_VER) -f $(CONTAINER_DOCKERFILE) $(TARGET_CONTAINER_IMAGE_DIR)
docker save tsg-$(CONTAINER_CERTSTORE_NAME):$(OS_RELEASE_VER) > $(TARGET_CONTAINER_IMAGE_DIR)/$(CONTAINER_CERTSTORE_TAR)
docker rmi tsg-$(CONTAINER_CERTSTORE_NAME):$(OS_RELEASE_VER)
tar -Jcf $(TARGET_CONTAINER_IMAGE_DIR)/$(CONTAINER_TELEGRAF_PKG) -C $(TARGET_CONTAINER_TELEGRAF_SYSROOT_DIR) .
echo -e "FROM scratch\nADD $(CONTAINER_TELEGRAF_PKG) /\n\nCMD ["/bin/bash"]\n" > $(CONTAINER_DOCKERFILE)
docker build -t tsg-$(CONTAINER_TELEGRAF_NAME):$(OS_RELEASE_VER) -f $(CONTAINER_DOCKERFILE) $(TARGET_CONTAINER_IMAGE_DIR)
docker save tsg-$(CONTAINER_TELEGRAF_NAME):$(OS_RELEASE_VER) > $(TARGET_CONTAINER_IMAGE_DIR)/$(CONTAINER_TELEGRAF_TAR)
docker rmi tsg-$(CONTAINER_TELEGRAF_NAME):$(OS_RELEASE_VER)
tar -Jcf $(TARGET_CONTAINER_IMAGE_DIR)/$(CONTAINER_INIT_PKG) -C $(TARGET_CONTAINER_INIT_SYSROOT_DIR) .
echo -e "FROM scratch\nADD $(CONTAINER_INIT_PKG) /\n\nCMD ["/bin/bash"]\n" > $(CONTAINER_DOCKERFILE)
docker build -t tsg-$(CONTAINER_INIT_NAME):$(OS_RELEASE_VER) -f $(CONTAINER_DOCKERFILE) $(TARGET_CONTAINER_IMAGE_DIR)
docker save tsg-$(CONTAINER_INIT_NAME):$(OS_RELEASE_VER) > $(TARGET_CONTAINER_IMAGE_DIR)/$(CONTAINER_INIT_TAR)
docker rmi tsg-$(CONTAINER_INIT_NAME):$(OS_RELEASE_VER)
sysroot-cleanup:
rm -rf $(TARGET_SYSROOT_DIR)/tmp/*
rm -rf $(TARGET_SYSROOT_DIR)/dev/*
add-images-into-sysroot: container-images-generate
mkdir -p $(TARGET_SYSROOT_DIR)/var/lib/rancher/k3s/agent/images/
cp $(TARGET_CONTAINER_IMAGE_DIR)/$(CONTAINER_FIREWALL_TAR) $(TARGET_SYSROOT_DIR)/var/lib/rancher/k3s/agent/images/
cp $(TARGET_CONTAINER_IMAGE_DIR)/$(CONTAINER_RPOXY_TAR) $(TARGET_SYSROOT_DIR)/var/lib/rancher/k3s/agent/images/
cp $(TARGET_CONTAINER_IMAGE_DIR)/$(CONTAINER_CERTSTORE_TAR) $(TARGET_SYSROOT_DIR)/var/lib/rancher/k3s/agent/images/
cp $(TARGET_CONTAINER_IMAGE_DIR)/$(CONTAINER_TELEGRAF_TAR) $(TARGET_SYSROOT_DIR)/var/lib/rancher/k3s/agent/images/
cp $(TARGET_CONTAINER_IMAGE_DIR)/$(CONTAINER_INIT_TAR) $(TARGET_SYSROOT_DIR)/var/lib/rancher/k3s/agent/images/
sysroot-archive: installer add-images-into-sysroot sysroot-cleanup
cp $(TARGET_CONTAINER_RPOXY_SYSROOT_DIR)/etc/sysctl.d/80-tfe.conf $(TARGET_SYSROOT_DIR)/etc/sysctl.d/
tar --exclude=*~ --exclude-backups --owner=root --group=root -c -C $(TARGET_SYSROOT_DIR) . | pbzip2 -p9 > $(TARGET_INSTALLER_DIR)/$(CHROOT_PKG)
sysroot-binary: sysroot-archive
mkdir -p $(TARGET_BUILD_DIR)/cook-bits
$(TOOLSDIR)/cook-bits $(TARGET_BUILD_DIR) $(TARGET_BUILD_DIR)/cook-bits $(IMAGEDIR_BASE)/$(CHROOT_BIN)
sha256sum $(IMAGEDIR_BASE)/$(CHROOT_BIN) | awk '{print $$1}' > $(IMAGEDIR_BASE)/$(CHROOT_BIN).sha256sum.txt
clean:
rm -rf $(TARGET_BUILD_DIR)

4
tools/mk-base-image
View File

@@ -14,7 +14,7 @@ profile_id=$4
setopt="group_package_types=mandatory,default,optional"
case $profile_id in
"TSG-X-NXR620G40-R01-P0804" | "TSG-X-NXR620G40-R01-P0906" | "TSG-X-NXR620G40-R01-P1808" )
"TSG-X-NXR620G40-R01-P0804" | "TSG-X-NXR620G40-R01-P0906" )
kernel_version="5.17.15-1.el8.x86_64"
append_package_to_install="$projectdir/package/kernel-ml-core-$kernel_version.rpm
$projectdir/package/kernel-ml-modules-$kernel_version.rpm
@@ -39,7 +39,7 @@ case $profile_id in
esac
case $profile_id in
"TSG-X-NXR620G40-R01-P0804" | "TSG-X-NXR620G40-R01-P0906" | "TSG-X-NXR620G40-R01-P1808" )
"TSG-X-NXR620G40-R01-P0804" | "TSG-X-NXR620G40-R01-P0906" )
base_package_to_install="@base @core @debugging @anaconda-tools @additional-devel @guest-agents @system-tools
@hardware-monitoring @network-file-system-client @performance @remote-system-management adcli certmonger
ipa-client clevis-dracut clevis-udisks2 krb5-pkinit krb5-workstation sssd-polkit-rules krb5-pkinit luksmeta