From d148c607d8ff0e64cf3cfd2afa778daed9d778ac Mon Sep 17 00:00:00 2001 From: fumingwei Date: Tue, 9 Jan 2024 17:55:00 +0800 Subject: [PATCH] =?UTF-8?q?bugfix:TSG-18563:traffic-engine=20configmap?= =?UTF-8?q?=E6=96=87=E4=BB=B6=E5=90=8D=E5=AD=97=E6=96=B0=E5=A2=9Econfigmap?= =?UTF-8?q?=E5=89=8D=E7=BC=80,=E4=BC=98=E5=8C=96public.prepare-access-API?= =?UTF-8?q?=E8=B0=83=E7=94=A8=E6=96=B9=E5=BC=8F?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../files/helm/templates/_config.tpl | 35 +++++++++++++------ ...ertstore.yaml => configmap-certstore.yaml} | 0 .../{sapp.yaml => configmap-sapp.yaml} | 0 .../{sce.yaml => configmap-sce.yaml} | 0 .../{shaping.yaml => configmap-shaping.yaml} | 0 ...{telegraf.yaml => configmap-telegraf.yaml} | 0 .../{tfe.yaml => configmap-tfe.yaml} | 0 .../helm/templates/deployment-firewall.yaml | 7 ++-- .../helm/templates/deployment-proxy.yaml | 6 ++-- .../deployment-service-chaining.yaml | 3 +- .../helm/templates/deployment-shaping.yaml | 4 +-- 11 files changed, 38 insertions(+), 17 deletions(-) rename ansible/roles/traffic-engine/files/helm/templates/{certstore.yaml => configmap-certstore.yaml} (100%) rename ansible/roles/traffic-engine/files/helm/templates/{sapp.yaml => configmap-sapp.yaml} (100%) rename ansible/roles/traffic-engine/files/helm/templates/{sce.yaml => configmap-sce.yaml} (100%) rename ansible/roles/traffic-engine/files/helm/templates/{shaping.yaml => configmap-shaping.yaml} (100%) rename ansible/roles/traffic-engine/files/helm/templates/{telegraf.yaml => configmap-telegraf.yaml} (100%) rename ansible/roles/traffic-engine/files/helm/templates/{tfe.yaml => configmap-tfe.yaml} (100%) diff --git a/ansible/roles/traffic-engine/files/helm/templates/_config.tpl b/ansible/roles/traffic-engine/files/helm/templates/_config.tpl index 9ddbe3b5..d8c9e7bf 100644 --- a/ansible/roles/traffic-engine/files/helm/templates/_config.tpl +++ b/ansible/roles/traffic-engine/files/helm/templates/_config.tpl @@ -122,7 +122,10 @@ enable_breakpad_upload=0 {{- end }} {{- end -}} - +{{/* +Set up the environment to enable API access. +The template should be invoked in command line. +*/}} {{- define "public.prepare-access-API" -}} export APISERVER=https://kubernetes.default.svc export SERVICEACCOUNT=/var/run/secrets/kubernetes.io/serviceaccount @@ -131,7 +134,11 @@ export TOKEN=$(cat ${SERVICEACCOUNT}/token) export CACERT=${SERVICEACCOUNT}/ca.crt {{- end -}} - +{{/* +Read the node annotations information and serialize it into a file. +The template should be invoked from the command line. +The template requires "public.prepare-access-API". +*/}} {{- define "public.serialize-node-annotations" -}} curl --cacert ${CACERT} --header "Authorization: Bearer ${TOKEN}" -X GET ${APISERVER}/api/v1/nodes/${NODE_NAME} -o /tmp/node-${NODE_NAME}.json export DEVICE_SN=$(cat /tmp/node-${NODE_NAME}.json | jq -r '.metadata.annotations."tsg-os/device-sn"') @@ -139,6 +146,10 @@ echo "{\"sn\": \"$DEVICE_SN\"}" > /opt/tsg/shared-configs/tsg_sn.json echo "export device_id=${DEVICE_SN}" > /opt/tsg/shared-configs/device_id.sh {{- end -}} +{{/* +The volumes related to "mrzcpd". +The volumes will be mounted by "traffic-engine.mount.mrzcpd". +*/}} {{- define "traffic-engine.volume.mrzcpd" -}} - name: opt-tsg-mrzcpd hostPath: @@ -159,6 +170,10 @@ echo "export device_id=${DEVICE_SN}" > /opt/tsg/shared-configs/device_id.sh type: File {{- end -}} +{{/* +The volumeMounts related to "mrzcpd". +Requires "traffic-engine.volume.mrzcpd" +*/}} {{- define "traffic-engine.mount.mrzcpd" -}} - name: opt-tsg-mrzcpd mountPath: /opt/tsg/mrzcpd @@ -194,14 +209,15 @@ echo "export device_id=${DEVICE_SN}" > /opt/tsg/shared-configs/device_id.sh {{- end }} {{- end -}} +{{/* +Read cm service ip and set it up as an environment variable. +Requires "public.prepare-access-API" +*/}} {{- define "traffic-engine.global.cm.read-server-ip" -}} -{{- if eq .Values.external_resources.cm.connectivity "local_cache" }} -{{ include "public.prepare-access-API" . }} curl --cacert ${CACERT} --header "Authorization: Bearer ${TOKEN}" -X GET ${APISERVER}/api/v1/namespaces/tsg-os-system/services/${CM_CACHE_SERVICE_NAME} -o /tmp/cm-cache.txt export CM_POLICY_LOCAL_CACHE_IP=$(cat /tmp/cm-cache.txt | jq -r '.spec.clusterIP') echo "export CM_POLICY_LOCAL_CACHE_IP=${CM_POLICY_LOCAL_CACHE_IP}" > /etc/profile.d/cm-local-cache.sh chmod 0755 /etc/profile.d/cm-local-cache.sh -{{- end }} {{- end -}} {{- define "traffic-engine.global.sd.server-ip" -}} @@ -224,16 +240,15 @@ chmod 0755 /etc/profile.d/cm-local-cache.sh {{- end }} {{- end -}} +{{/* +Read sd service ip and set it up as an environment variable. +Requires "public.prepare-access-API" +*/}} {{- define "traffic-engine.global.sd.read-server-ip" -}} -{{- if eq .Values.external_resources.sd.enable .Values.define_enable_val_yes }} -{{- if eq .Values.external_resources.sd.connectivity "local_cache" }} -{{ include "public.prepare-access-API" . }} curl --cacert ${CACERT} --header "Authorization: Bearer ${TOKEN}" -X GET ${APISERVER}/api/v1/namespaces/tsg-os-system/services/${SD_CACHE_SERVICE_NAME} -o /tmp/sd-cache.txt export SD_POLICY_LOCAL_CACHE_IP=$(cat /tmp/sd-cache.txt | jq -r '.spec.clusterIP') echo "export SD_POLICY_LOCAL_CACHE_IP=${SD_POLICY_LOCAL_CACHE_IP}" > /etc/profile.d/sd-local-cache.sh chmod 0755 /etc/profile.d/sd-local-cache.sh -{{- end }} -{{- end }} {{- end -}} {{- define "public.sync-host-timezone.volume" -}} diff --git a/ansible/roles/traffic-engine/files/helm/templates/certstore.yaml b/ansible/roles/traffic-engine/files/helm/templates/configmap-certstore.yaml similarity index 100% rename from ansible/roles/traffic-engine/files/helm/templates/certstore.yaml rename to ansible/roles/traffic-engine/files/helm/templates/configmap-certstore.yaml diff --git a/ansible/roles/traffic-engine/files/helm/templates/sapp.yaml b/ansible/roles/traffic-engine/files/helm/templates/configmap-sapp.yaml similarity index 100% rename from ansible/roles/traffic-engine/files/helm/templates/sapp.yaml rename to ansible/roles/traffic-engine/files/helm/templates/configmap-sapp.yaml diff --git a/ansible/roles/traffic-engine/files/helm/templates/sce.yaml b/ansible/roles/traffic-engine/files/helm/templates/configmap-sce.yaml similarity index 100% rename from ansible/roles/traffic-engine/files/helm/templates/sce.yaml rename to ansible/roles/traffic-engine/files/helm/templates/configmap-sce.yaml diff --git a/ansible/roles/traffic-engine/files/helm/templates/shaping.yaml b/ansible/roles/traffic-engine/files/helm/templates/configmap-shaping.yaml similarity index 100% rename from ansible/roles/traffic-engine/files/helm/templates/shaping.yaml rename to ansible/roles/traffic-engine/files/helm/templates/configmap-shaping.yaml diff --git a/ansible/roles/traffic-engine/files/helm/templates/telegraf.yaml b/ansible/roles/traffic-engine/files/helm/templates/configmap-telegraf.yaml similarity index 100% rename from ansible/roles/traffic-engine/files/helm/templates/telegraf.yaml rename to ansible/roles/traffic-engine/files/helm/templates/configmap-telegraf.yaml diff --git a/ansible/roles/traffic-engine/files/helm/templates/tfe.yaml b/ansible/roles/traffic-engine/files/helm/templates/configmap-tfe.yaml similarity index 100% rename from ansible/roles/traffic-engine/files/helm/templates/tfe.yaml rename to ansible/roles/traffic-engine/files/helm/templates/configmap-tfe.yaml diff --git a/ansible/roles/traffic-engine/files/helm/templates/deployment-firewall.yaml b/ansible/roles/traffic-engine/files/helm/templates/deployment-firewall.yaml index 1fecbb5b..478f5d47 100644 --- a/ansible/roles/traffic-engine/files/helm/templates/deployment-firewall.yaml +++ b/ansible/roles/traffic-engine/files/helm/templates/deployment-firewall.yaml @@ -44,12 +44,15 @@ spec: - "-ec" - | ldconfig - {{- include "traffic-engine.global.cm.read-server-ip" . | nindent 12 }} + {{- if or (eq .Values.external_resources.cm.connectivity "local_cache") (and (eq .Values.external_resources.sd.enable .Values.define_enable_val_yes) (eq .Values.external_resources.sd.connectivity "local_cache")) }} + {{- include "public.prepare-access-API" . | nindent 12 }} + {{- end }} {{- if eq .Values.external_resources.cm.connectivity "local_cache" }} + {{- include "traffic-engine.global.cm.read-server-ip" . | nindent 12 }} sed -Ei "s|CM_POLICY_LOCAL_CACHE_IP_LOCATION|${CM_POLICY_LOCAL_CACHE_IP?}|g" /opt/tsg/sapp/tsgconf/maat.conf {{- end }} - {{- include "traffic-engine.global.sd.read-server-ip" . | nindent 12 }} {{- if eq .Values.external_resources.sd.connectivity "local_cache" }} + {{- include "traffic-engine.global.sd.read-server-ip" . | nindent 12 }} sed -Ei "s|SD_POLICY_LOCAL_CACHE_IP_LOCATION|${SD_POLICY_LOCAL_CACHE_IP?}|g" /opt/tsg/sapp/tsgconf/maat.conf {{- end }} {{- if eq .Values.debug.firewall.enable_prestart_script .Values.define_enable_val_yes }} diff --git a/ansible/roles/traffic-engine/files/helm/templates/deployment-proxy.yaml b/ansible/roles/traffic-engine/files/helm/templates/deployment-proxy.yaml index 78a2d5fe..51a9bc38 100644 --- a/ansible/roles/traffic-engine/files/helm/templates/deployment-proxy.yaml +++ b/ansible/roles/traffic-engine/files/helm/templates/deployment-proxy.yaml @@ -46,8 +46,9 @@ spec: - "-ec" - | ldconfig - {{- include "traffic-engine.global.cm.read-server-ip" . | nindent 12 }} {{- if eq .Values.external_resources.cm.connectivity "local_cache" }} + {{- include "public.prepare-access-API" . | nindent 12 }} + {{- include "traffic-engine.global.cm.read-server-ip" . | nindent 12 }} sed -Ei "s|CM_POLICY_LOCAL_CACHE_IP_LOCATION|${CM_POLICY_LOCAL_CACHE_IP?}|g" /opt/tsg/tfe/conf/tfe/tfe.conf {{- end }} {{- if eq .Values.debug.proxy.enable_prestart_script .Values.define_enable_val_yes }} @@ -122,8 +123,9 @@ spec: - "bash" - "-ec" - | - {{- include "traffic-engine.global.cm.read-server-ip" . | nindent 12 }} {{- if eq .Values.external_resources.cm.connectivity "local_cache" }} + {{- include "public.prepare-access-API" . | nindent 12 }} + {{- include "traffic-engine.global.cm.read-server-ip" . | nindent 12 }} sed -Ei "s|CM_POLICY_LOCAL_CACHE_IP_LOCATION|${CM_POLICY_LOCAL_CACHE_IP?}|g" /opt/tsg/certstore/conf/cert_store.ini {{- end }} exec /opt/tsg/certstore/bin/certstore diff --git a/ansible/roles/traffic-engine/files/helm/templates/deployment-service-chaining.yaml b/ansible/roles/traffic-engine/files/helm/templates/deployment-service-chaining.yaml index 0b5722ff..b081c1d1 100644 --- a/ansible/roles/traffic-engine/files/helm/templates/deployment-service-chaining.yaml +++ b/ansible/roles/traffic-engine/files/helm/templates/deployment-service-chaining.yaml @@ -46,8 +46,9 @@ spec: - "-ec" - | ldconfig - {{- include "traffic-engine.global.cm.read-server-ip" . | nindent 12 }} {{- if eq .Values.external_resources.cm.connectivity "local_cache" }} + {{- include "public.prepare-access-API" . | nindent 12 }} + {{- include "traffic-engine.global.cm.read-server-ip" . | nindent 12 }} sed -Ei "s|CM_POLICY_LOCAL_CACHE_IP_LOCATION|${CM_POLICY_LOCAL_CACHE_IP?}|g" /opt/tsg/sce/conf/sce.conf {{- end }} {{- if eq .Values.debug.service_chaining.enable_prestart_script .Values.define_enable_val_yes }} diff --git a/ansible/roles/traffic-engine/files/helm/templates/deployment-shaping.yaml b/ansible/roles/traffic-engine/files/helm/templates/deployment-shaping.yaml index 163048a9..2b9c1f03 100644 --- a/ansible/roles/traffic-engine/files/helm/templates/deployment-shaping.yaml +++ b/ansible/roles/traffic-engine/files/helm/templates/deployment-shaping.yaml @@ -46,11 +46,11 @@ spec: - "-ec" - | ldconfig - {{- include "traffic-engine.global.cm.read-server-ip" . | nindent 12 }} + {{- include "public.prepare-access-API" . | nindent 12 }} {{- if eq .Values.external_resources.cm.connectivity "local_cache" }} + {{- include "traffic-engine.global.cm.read-server-ip" . | nindent 12 }} sed -Ei "s|CM_POLICY_LOCAL_CACHE_IP_LOCATION|${CM_POLICY_LOCAL_CACHE_IP?}|g" /opt/tsg/shaping_engine/conf/shaping.conf {{- end }} - {{- include "public.prepare-access-API" . | nindent 12 }} curl --cacert ${CACERT} --header "Authorization: Bearer ${TOKEN}" -X GET ${APISERVER}/api/v1/namespaces/${NAMESPACE}/services/${SERVICENAME} -o /tmp/service.txt export CLUSTER_ANNOUNCE_PORT=$(cat /tmp/service.txt | jq '.spec.ports[] | select(.name=="cluster-announce-port") | .nodePort') export HEALTH_CHECK_ANNOUNCE_PORT=$(cat /tmp/service.txt | jq '.spec.ports[] | select(.name=="healthcheck-announce-port") | .nodePort')