From e517da4d4fc70fe50a4653c64599a3df1cb9749f Mon Sep 17 00:00:00 2001
From: fumingwei <fumingwei@geedgenetworks.com>
Date: Tue, 30 Aug 2022 16:41:45 +0800
Subject: [PATCH] =?UTF-8?q?bugfix:=E5=B0=86tfe-env-stop.sh=E5=92=8Ctfe-env?=
 =?UTF-8?q?-start.sh=E6=89=93=E5=8C=85=E5=85=A5helm=E5=8C=85=E4=B8=AD,?=
 =?UTF-8?q?=E5=88=A0=E9=99=A40906=E5=AE=89=E8=A3=85tsg-os-provision-condit?=
 =?UTF-8?q?ion=20role,=E4=BF=AE=E6=94=B9helm=E5=8C=85=E7=9A=84=E5=AE=89?=
 =?UTF-8?q?=E8=A3=85=E7=9B=AE=E5=BD=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 ansible/HAL_deploy.yml                        |  1 -
 .../files/helm/conf/provision-init.sh         |  1 -
 .../files/helm/conf/tfe-env-start.sh          | 22 +++++++++++++++++++
 .../files/helm/conf/tfe-env-stop.sh           | 12 ++++++++++
 .../files/helm/templates/provision.yaml       |  2 ++
 .../files/helm/templates/traffic-engine.yaml  | 14 ++++++++----
 ansible/roles/traffic-engine/tasks/main.yml   |  8 +++----
 7 files changed, 50 insertions(+), 10 deletions(-)
 create mode 100644 ansible/roles/traffic-engine/files/helm/conf/tfe-env-start.sh
 create mode 100644 ansible/roles/traffic-engine/files/helm/conf/tfe-env-stop.sh

diff --git a/ansible/HAL_deploy.yml b/ansible/HAL_deploy.yml
index 24622088..64bdf640 100644
--- a/ansible/HAL_deploy.yml
+++ b/ansible/HAL_deploy.yml
@@ -157,7 +157,6 @@
     - {role: traffic-engine, tags: traffic-engine}
     - {role: system-init-TSG-X-P1403, tags: system-init-TSG-X-P1403}
     - {role: system-init, tags: system-init}
-    - {role: tsg-os-provision-condition, tags: tsg-os-provision-condition}
     - {role: hasp, tags: hasp}
     - {role: OFED, tags: OFED}
 
diff --git a/ansible/roles/traffic-engine/files/helm/conf/provision-init.sh b/ansible/roles/traffic-engine/files/helm/conf/provision-init.sh
index c3bd8525..9c5cf6ce 100644
--- a/ansible/roles/traffic-engine/files/helm/conf/provision-init.sh
+++ b/ansible/roles/traffic-engine/files/helm/conf/provision-init.sh
@@ -10,7 +10,6 @@ ifconfig ctrl_mock $NODE_IP/32
 ifconfig ctrl_mock mtu 2000
 {{ if eq .Values.proxy.enable .Values.define_enable_val_yes }}
 ip tuntap add dev tap0 mode tap multi_queue
-chmod 0755 /opt/tsg/tfe/tfe-env-start.sh
 /opt/tsg/tfe/tfe-env-start.sh
 {{- end }}
 mount -o remount,rw /sys
\ No newline at end of file
diff --git a/ansible/roles/traffic-engine/files/helm/conf/tfe-env-start.sh b/ansible/roles/traffic-engine/files/helm/conf/tfe-env-start.sh
new file mode 100644
index 00000000..9763cc99
--- /dev/null
+++ b/ansible/roles/traffic-engine/files/helm/conf/tfe-env-start.sh
@@ -0,0 +1,22 @@
+#!/bin/bash -ex
+
+/usr/sbin/ip link set tap0 address fe:65:b7:03:50:bd
+/usr/sbin/ip link set tap0 up
+/usr/sbin/ip addr flush dev tap0
+/usr/sbin/ip addr add 172.16.241.2/30 dev tap0
+/usr/sbin/ip neigh flush dev tap0
+/usr/sbin/ip neigh add 172.16.241.1 lladdr 00:0e:c6:d6:72:c1 dev tap0 nud permanent
+/usr/sbin/ip6tables -A INPUT -i tap0 -m bpf --bytecode '17,48 0 0 0,84 0 0 240,21 0 13 96,48 0 0 6,21 0 11 6,40 0 0 4,37 0 9 24,48 0 0 52,84 0 0 240,116 0 0 2,53 0 5 24,48 0 0 60,21 0 3 88,48 0 0 61,21 0 1 4,6 0 0 65535,6 0 0 0' -j NFQUEUE --queue-num 1
+/usr/sbin/iptables -A INPUT -i tap0 -m bpf --bytecode '18,48 0 0 0,84 0 0 240,21 0 14 64,48 0 0 9,21 0 12 6,40 0 0 6,69 10 0 8191,177 0 0 0,80 0 0 12,84 0 0 240,116 0 0 2,53 0 5 24,80 0 0 20,21 0 3 88,80 0 0 21,21 0 1 4,6 0 0 65535,6 0 0 0' -j NFQUEUE --queue-num 1
+
+
+/usr/sbin/ip rule add iif tap0 tab 100
+/usr/sbin/ip route add local default dev lo table 100
+/usr/sbin/ip rule add fwmark 0x65 lookup 101
+/usr/sbin/ip route add default dev tap0 via 172.16.241.1 table 101
+
+/usr/sbin/ip addr add fd00::02/64 dev tap0
+/usr/sbin/ip -6 route add default via fd00::01
+/usr/sbin/ip -6 rule add iif tap0 tab 102
+/usr/sbin/ip -6 route add local default dev lo table 102
+/usr/sbin/ip -6 neigh add fd00::01 lladdr 00:0e:c6:d6:72:c1 dev tap0 nud permanent
diff --git a/ansible/roles/traffic-engine/files/helm/conf/tfe-env-stop.sh b/ansible/roles/traffic-engine/files/helm/conf/tfe-env-stop.sh
new file mode 100644
index 00000000..468889c8
--- /dev/null
+++ b/ansible/roles/traffic-engine/files/helm/conf/tfe-env-stop.sh
@@ -0,0 +1,12 @@
+#!/bin/bash -ex
+/usr/sbin/ip6tables -D INPUT -i tap0 -m bpf --bytecode '17,48 0 0 0,84 0 0 240,21 0 13 96,48 0 0 6,21 0 11 6,40 0 0 4,37 0 9 24,48 0 0 52,84 0 0 240,116 0 0 2,53 0 5 24,48 0 0 60,21 0 3 88,48 0 0 61,21 0 1 4,6 0 0 65535,6 0 0 0' -j NFQUEUE --queue-num 1
+/usr/sbin/iptables -D INPUT -i tap0 -m bpf --bytecode '18,48 0 0 0,84 0 0 240,21 0 14 64,48 0 0 9,21 0 12 6,40 0 0 6,69 10 0 8191,177 0 0 0,80 0 0 12,84 0 0 240,116 0 0 2,53 0 5 24,80 0 0 20,21 0 3 88,80 0 0 21,21 0 1 4,6 0 0 65535,6 0 0 0' -j NFQUEUE --queue-num 1
+/usr/sbin/ip rule del iif tap0 tab 100
+/usr/sbin/ip route del local default dev lo table 100
+/usr/sbin/ip rule del fwmark 0x65 lookup 101
+/usr/sbin/ip route del default dev tap0 via 172.16.241.1 table 101
+/usr/sbin/ip -6 rule del iif tap0 tab 102
+/usr/sbin/ip -6 route del default via fd00::01
+/usr/sbin/ip -6 route del local default dev lo table 102
+/usr/sbin/ip addr del fd00::02/64 dev tap0
+/usr/sbin/ip link set tap0 down
diff --git a/ansible/roles/traffic-engine/files/helm/templates/provision.yaml b/ansible/roles/traffic-engine/files/helm/templates/provision.yaml
index f475ce43..7e853e5e 100644
--- a/ansible/roles/traffic-engine/files/helm/templates/provision.yaml
+++ b/ansible/roles/traffic-engine/files/helm/templates/provision.yaml
@@ -5,3 +5,5 @@ metadata:
   namespace: default
 data:
   provision-init.sh: {{ tpl (.Files.Get "conf/provision-init.sh") . | quote }}
+  tfe-env-start.sh: {{ tpl (.Files.Get "conf/tfe-env-start.sh") . | quote }}
+  tfe-env-stop.sh: {{ tpl (.Files.Get "conf/tfe-env-stop.sh") . | quote }}
diff --git a/ansible/roles/traffic-engine/files/helm/templates/traffic-engine.yaml b/ansible/roles/traffic-engine/files/helm/templates/traffic-engine.yaml
index d98576b1..e466b2c9 100644
--- a/ansible/roles/traffic-engine/files/helm/templates/traffic-engine.yaml
+++ b/ansible/roles/traffic-engine/files/helm/templates/traffic-engine.yaml
@@ -150,14 +150,14 @@ spec:
       - name: cert-redis
         image: docker.io/library/tsg-certstore:{{ .Chart.AppVersion }}
         imagePullPolicy: Never
-        command: ["/bin/bash","-c","/usr/bin/redis-server /etc/cert-redis.conf"]
+        command: ["/usr/bin/redis-server", "/etc/cert-redis.conf"]
         securityContext:
           privileged: true
 
       - name: telegraf
         image: docker.io/library/tsg-telegraf:{{ .Chart.AppVersion }}
         imagePullPolicy: Never
-        command: ["/bin/bash","-c","/usr/bin/telegraf -config /etc/telegraf/telegraf_statistic.conf -config-directory /etc/telegraf/telegraf_statistic.d"]
+        command: ["/usr/bin/telegraf", "-config", "/etc/telegraf/telegraf_statistic.conf", "-config-directory", "/etc/telegraf/telegraf_statistic.d"]
         securityContext:
           privileged: true
         volumeMounts:
@@ -175,7 +175,7 @@ spec:
       - name: tsg-init
         image: docker.io/library/tsg-init:{{ .Chart.AppVersion }}
         imagePullPolicy: Never
-        command: ["/bin/bash","-c","/opt/tsg/provision-init.sh"]
+        command: ["/opt/tsg/provision-init.sh"]
         securityContext:
           privileged: true
         env:
@@ -186,7 +186,13 @@ spec:
         volumeMounts:
         - name: provisioninit
           mountPath: "/opt/tsg/provision-init.sh"
-          subPath: "provision-init.sh"
+          subPath: "provision-init.sh" 
+        - name: provisioninit
+          mountPath: "/opt/tsg/tfe/tfe-env-start.sh"
+          subPath: "tfe-env-start.sh"       
+        - name: provisioninit
+          mountPath: "/opt/tsg/tfe/tfe-env-stop.sh"
+          subPath: "tfe-env-stop.sh"
         - name: config-volume
           mountPath: /target_config 
 
diff --git a/ansible/roles/traffic-engine/tasks/main.yml b/ansible/roles/traffic-engine/tasks/main.yml
index e257db8f..f3d9c6c4 100644
--- a/ansible/roles/traffic-engine/tasks/main.yml
+++ b/ansible/roles/traffic-engine/tasks/main.yml
@@ -1,7 +1,7 @@
 ---
-- name: "create /opt/tsg/packages/charts/"
+- name: "create /var/lib/rancher/k3s/server/static/charts/"
   file:
-    path: /opt/tsg/packages/charts/
+    path: /var/lib/rancher/k3s/server/static/charts/
     state: directory
 
 - name: "create unarchive directory"
@@ -22,12 +22,12 @@
 - name: "install helm: copy helm to dest"
   copy:
     src: "/tmp/helm/linux-amd64/helm"
-    dest: /usr/local/bin/helm
+    dest: /usr/bin/helm
     mode: 0755
     remote_src: yes
 
 - name: "create charts packages"
-  shell: helm package --app-version {{os_release_ver}}  -d /opt/tsg/packages/charts/  /tmp/traffic-engine/helm
+  shell: helm package --app-version {{os_release_ver}}  -d /var/lib/rancher/k3s/server/static/charts/  /tmp/traffic-engine/helm
 
 - name: "copy kubeconfig.sh to destination"
   copy: