gfwleak/tsg-tsg-os-buildimage
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feature:TSG-12553:新增容器hotfix功能

Browse Source
This commit is contained in:
fumingwei
2022-12-21 23:56:10 +08:00
parent 74d38d0ffb
commit ed863618c2
9 changed files with 143 additions and 56 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
ansible/roles/certstore/files/start.sh Normal file
View File

@@ -0,0 +1,23 @@
#!/bin/bash
prestart_scripts_dir="/etc/traffic-engine/hotfix/certstore/scripts"
prestart=$prestart_scripts_dir/prestart.sh
copyConfigmap2Dest(){
/usr/bin/cp /opt/tsg/config/cert_store.ini /opt/tsg/certstore/conf/cert_store.ini
/usr/bin/cp /opt/tsg/config/tsg_device_tag.json /opt/tsg/etc/tsg_device_tag.json
}
prestart(){
if [ -f "$prestart" ]; then
chmod 0755 $prestart
$prestart
fi
}
start(){
/opt/tsg/certstore/bin/certstore
}
copyConfigmap2Dest
prestart
start

6
ansible/roles/certstore/tasks/main.yml
View File

@@ -99,6 +99,12 @@
replace: 'daemonize no'
when: runtime_env == 'TSG-X-P0906' and PROFILE_ID == 'TSG-X-NXR620G40-R01-P0906-certstore'
- name: "copy start.sh to dest for container"
copy:
src: "{{ role_path }}/files/start.sh"
dest: /opt/tsg/scripts/
mode: 0755
when: runtime_env == 'TSG-X-P0906'
##################### certstore #####################
- name: "systemctl daemon-reload"

33
ansible/roles/sapp/files/start.sh Normal file
View File

@@ -0,0 +1,33 @@
#!/bin/bash
prestart_scripts_dir="/etc/traffic-engine/hotfix/firewall/scripts"
prestart=$prestart_scripts_dir/prestart.sh
copyConfigmap2Dest(){
/usr/bin/cp /opt/tsg/config/conflist.inf /opt/tsg/sapp/plug/conflist.inf
/usr/bin/cp /opt/tsg/config/gdev.conf /opt/tsg/sapp/etc/gdev.conf
/usr/bin/cp /opt/tsg/config/main.conf /opt/tsg/sapp/tsgconf/main.conf
/usr/bin/cp /opt/tsg/config/maat.conf /opt/tsg/sapp/tsgconf/maat.conf
/usr/bin/cp /opt/tsg/config/sapp.toml /opt/tsg/sapp/etc/sapp.toml
/usr/bin/cp /opt/tsg/config/kni.conf /opt/tsg/sapp/etc/kni/kni.conf
/usr/bin/cp /opt/tsg/config/wangw.conf /opt/tsg/sapp/etc/wannat/wangw.conf
/usr/bin/cp /opt/tsg/config/wire_graft.conf /opt/tsg/sapp/etc/wire_graft/wire_graft.conf
/usr/bin/cp /opt/tsg/config/tsg_conn_sketch.inf /opt/tsg/sapp/plug/business/tsg_conn_sketch/tsg_conn_sketch.inf
/usr/bin/cp /opt/tsg/config/send_raw_pkt.conf /opt/tsg/sapp/etc/send_raw_pkt.conf
/usr/bin/cp /opt/tsg/config/tsg_device_tag.json /opt/tsg/etc/tsg_device_tag.json
/usr/bin/cp /opt/tsg/config/app_sketch_local.inf /opt/tsg/sapp/plug/business/app_sketch_local/app_sketch_local.inf
/usr/bin/cp /opt/tsg/config/vlan_flipping_map.conf /opt/tsg/sapp/etc/vlan_flipping_map.conf
}
prestart(){
if [ -f "$prestart" ]; then
chmod 0755 $prestart
$prestart
fi
}
start(){
/opt/tsg/sapp/sapp
}
copyConfigmap2Dest
prestart
start

7
ansible/roles/sapp/tasks/main.yml
View File

@@ -169,6 +169,13 @@
mode: 0644
when: runtime_env != 'TSG-X-P0906'
- name: "copy start.sh to dest for container"
copy:
src: "{{ role_path }}/files/start.sh"
dest: /opt/tsg/scripts/
mode: 0755
when: runtime_env == 'TSG-X-P0906'
- name: "copy env conf to sapp.service.d"
copy:
src: "{{ role_path }}/templates/service_override_env.conf.j2"

23
ansible/roles/tfe/files/start.sh Normal file
View File

@@ -0,0 +1,23 @@
#!/bin/bash
prestart_scripts_dir="/etc/traffic-engine/hotfix/proxy/scripts"
prestart=$prestart_scripts_dir/prestart.sh
copyConfigmap2Dest(){
/usr/bin/cp /opt/tsg/config/tfe.conf /opt/tsg/tfe/conf/tfe/tfe.conf
/usr/bin/cp /opt/tsg/config/pangu_pxy.conf /opt/tsg/tfe/conf/pangu/pangu_pxy.conf
/usr/bin/cp /opt/tsg/config/tsg_device_tag.json /opt/tsg/etc/tsg_device_tag.json
}
prestart(){
if [ -f "$prestart" ]; then
chmod 0755 $prestart
$prestart
fi
}
start(){
/opt/tsg/tfe/bin/tfe
}
copyConfigmap2Dest
prestart
start

7
ansible/roles/tfe/tasks/main.yml
View File

@@ -136,6 +136,13 @@
- {src: "tfe-env-start.sh.j2", dest: "tfe-env-start.sh" }
- {src: "tfe-env-stop.sh.j2", dest: "tfe-env-stop.sh" }
- name: "copy start.sh to dest for container"
copy:
src: "{{ role_path }}/files/start.sh"
dest: /opt/tsg/scripts/
mode: 0755
when: runtime_env == 'TSG-X-P0906'
##################### tfe #####################
- name: "systemctl daemon-reload"
systemd:

77
ansible/roles/traffic-engine/files/helm/templates/traffic-engine.yaml
View File

@@ -37,7 +37,7 @@ spec:
image: "{{ .Values.image.firewall.repository }}:{{ .Values.image.firewall.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.firewall.pullPolicy }}
workingDir: /opt/tsg/sapp
command: ["/opt/tsg/sapp/sapp"]
command: ["/opt/tsg/scripts/start.sh"]
ports:
- containerPort: 9273
env:
@@ -75,46 +75,7 @@ spec:
mountPath: /root/sys
readOnly: false
- name: sapp
mountPath: "/opt/tsg/sapp/plug/conflist.inf"
subPath: "conflist.inf"
- name: sapp
mountPath: "/opt/tsg/sapp/etc/gdev.conf"
subPath: "gdev.conf"
- name: sapp
mountPath: "/opt/tsg/sapp/tsgconf/main.conf"
subPath: "main.conf"
- name: sapp
mountPath: "/opt/tsg/sapp/tsgconf/maat.conf"
subPath: "maat.conf"
- name: sapp
mountPath: "/opt/tsg/sapp/plug/business/tsg_conn_sketch/tsg_conn_sketch.inf"
subPath: "tsg_conn_sketch.inf"
- name: sapp
mountPath: "/opt/tsg/sapp/etc/sapp.toml"
subPath: "sapp.toml"
- name: sapp
mountPath: "/opt/tsg/sapp/etc/send_raw_pkt.conf"
subPath: "send_raw_pkt.conf"
{{- if and (eq .Values.proxy.enable .Values.define_enable_val_yes) (ge (len .Values.tfe_affinity) 1) }}
- name: sapp
mountPath: "/opt/tsg/sapp/etc/kni/kni.conf"
subPath: "kni.conf"
{{- end }}
- name: sapp
mountPath: "/opt/tsg/sapp/etc/wannat/wangw.conf"
subPath: "wangw.conf"
- name: sapp
mountPath: "/opt/tsg/sapp/etc/wire_graft/wire_graft.conf"
subPath: "wire_graft.conf"
- name: sapp
mountPath: "/opt/tsg/sapp/etc/vlan_flipping_map.conf"
subPath: "vlan_flipping_map.conf"
- name: sapp
mountPath: "/opt/tsg/etc/tsg_device_tag.json"
subPath: "tsg_device_tag.json"
- name: sapp
mountPath: "/opt/tsg/sapp/plug/business/app_sketch_local/app_sketch_local.inf"
subPath: "app_sketch_local.inf"
mountPath: "/opt/tsg/config"
- name: config-volume
mountPath: "/opt/tsg/etc/tsg_sn.json"
subPath: "opt/tsg/etc/tsg_sn.json"
@@ -125,13 +86,15 @@ spec:
- name: localtime-node
mountPath: /etc/localtime
readOnly: true
- name: hotfix-firewall
mountPath: /etc/traffic-engine/hotfix/firewall
{{- if and (eq .Values.proxy.enable .Values.define_enable_val_yes) (ge (len .Values.tfe_affinity) 1) }}
- name: proxy
image: "{{ .Values.image.proxy.repository }}:{{ .Values.image.proxy.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.proxy.pullPolicy }}
workingDir: /opt/tsg/tfe
command: ["/opt/tsg/tfe/bin/tfe"]
command: ["/opt/tsg/scripts/start.sh"]
ports:
- containerPort: 9001
env:
@@ -157,14 +120,7 @@ spec:
periodSeconds: 10
volumeMounts:
- name: tfe
mountPath: "/opt/tsg/tfe/conf/tfe/tfe.conf"
subPath: "tfe.conf"
- name: tfe
mountPath: "/opt/tsg/tfe/conf/pangu/pangu_pxy.conf"
subPath: "pangu_pxy.conf"
- name: tfe
mountPath: "/opt/tsg/etc/tsg_device_tag.json"
subPath: "tsg_device_tag.json"
mountPath: "/opt/tsg/config"
- name: config-volume
mountPath: "/opt/tsg/etc/tsg_sn.json"
subPath: "opt/tsg/etc/tsg_sn.json"
@@ -175,24 +131,22 @@ spec:
- name: localtime-node
mountPath: /etc/localtime
readOnly: true
- name: hotfix-proxy
mountPath: /etc/traffic-engine/hotfix/proxy
{{- end }}
- name: certstore
image: "{{ .Values.image.certstore.repository }}:{{ .Values.image.certstore.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.certstore.pullPolicy }}
workingDir: /opt/tsg/certstore
command: ["/opt/tsg/certstore/bin/certstore"]
command: ["/opt/tsg/scripts/start.sh"]
securityContext:
privileged: true
ports:
- containerPort: 9002
volumeMounts:
- name: certstore
mountPath: "/opt/tsg/certstore/conf/cert_store.ini"
subPath: "cert_store.ini"
- name: certstore
mountPath: "/opt/tsg/etc/tsg_device_tag.json"
subPath: "tsg_device_tag.json"
mountPath: "/opt/tsg/config"
- name: config-volume
mountPath: "/opt/tsg/etc/tsg_sn.json"
subPath: "opt/tsg/etc/tsg_sn.json"
@@ -203,6 +157,8 @@ spec:
- name: localtime-node
mountPath: /etc/localtime
readOnly: true
- name: hotfix-certstore
mountPath: /etc/traffic-engine/hotfix/certstore
- name: cert-redis
image: "{{ .Values.image.certRedis.repository }}:{{ .Values.image.certRedis.tag | default .Chart.AppVersion }}"
@@ -339,3 +295,12 @@ spec:
- name: localtime-node
hostPath:
path: /etc/localtime
- name: hotfix-firewall
hostPath:
path: /etc/traffic-engine/hotfix/firewall
- name: hotfix-proxy
hostPath:
path: /etc/traffic-engine/hotfix/proxy
- name: hotfix-certstore
hostPath:
path: /etc/traffic-engine/hotfix/certstore

2
ansible/roles/traffic-engine/files/hotfix/prestart.sh Normal file
View File

@@ -0,0 +1,2 @@
#!/bin/bash
echo "Stage: prestart. Someting to do!"

21
ansible/roles/traffic-engine/tasks/main.yml
View File

@@ -44,3 +44,24 @@
copy:
src: "{{ role_path }}/files/sudoers.d/00-kubconfig"
dest: /etc/sudoers.d/
- name: "mkdir hotfix directory"
file:
path: "{{ item }}"
state: directory
with_items:
- /etc/traffic-engine/hotfix/firewall/scripts
- /etc/traffic-engine/hotfix/firewall/files
- /etc/traffic-engine/hotfix/proxy/scripts
- /etc/traffic-engine/hotfix/proxy/files
- /etc/traffic-engine/hotfix/certstore/scripts
- /etc/traffic-engine/hotfix/certstore/files
- name: "copy prestart.sh"
copy:
src: '{{ role_path }}/files/hotfix/prestart.sh'
dest: '{{ item }}'
with_items:
- /etc/traffic-engine/hotfix/firewall/scripts/
- /etc/traffic-engine/hotfix/proxy/scripts/
- /etc/traffic-engine/hotfix/certstore/scripts/