feature:TSG-12014:修改自检链路cni由macvlan改外bridge

ansible/roles/mrzcpd/tasks/main.yml

@@ -133,6 +133,13 @@
   when:
     - runtime_env == 'TSG-X-P0906'
 
+- name: "copy add_dev_to_bridge to mrzcpd.service.d"
+  copy:
+    src: "{{ role_path }}/templates/service_add_dev_to_bridge.conf"
+    dest: /usr/lib/systemd/system/mrzcpd.service.d/
+    mode: 0644
+  when: runtime_env == 'TSG-X-P0906'
+
 ##################### mrzcpd #####################
 - name: "enable mrenv"
   systemd:

ansible/roles/mrzcpd/templates/service_add_dev_to_bridge.conf

@@ -0,0 +1,3 @@
+[Service]
+ExecStartPost=/usr/sbin/ip link set dev virtio_dign_c master br_dign_c
+ExecStartPost=/usr/sbin/ip link set dev virtio_dign_s master br_dign_s

ansible/roles/tsg-diagnose/files/30-add_dign_br_iptable_rule.sh

@@ -0,0 +1,15 @@
+#!/usr/bin/env bash
+
+interface=$1
+event=$2
+
+if [[ $interface == "br_dign_c" ]] && [[ $event == "up" ]]
+then
+	iptables -t raw -I PREROUTING -i br_dign_c -j NOTRACK
+fi
+
+if [[ $interface == "br_dign_s" ]] && [[ $event == "up" ]]
+then
+	iptables -t raw -I PREROUTING -i br_dign_s -j NOTRACK
+fi
+

ansible/roles/tsg-diagnose/files/dign-client.yaml

@@ -2,13 +2,12 @@
 apiVersion: "k8s.cni.cncf.io/v1"
 kind: NetworkAttachmentDefinition
 metadata:
-  name: macvlan-client
+  name: br-dign-client
 spec:
   config: '{
             "cniVersion": "0.3.0",
-            "type": "macvlan",
-            "master": "virtio_dign_c",
-            "mode": "bridge",
+            "type": "bridge",
+            "bridge": "br_dign_c",
             "ipam": {
                 "type": "host-local",
                 "ranges": [
@@ -23,14 +22,13 @@ spec:
         }'
 ---
 apiVersion: apps/v1
-kind: Deployment
+kind: DaemonSet
 metadata:
   name: dign-client
   labels:
     app: dign-client
 
 spec:
-  replicas: 1
   selector:
     matchLabels:
       app: dign-client
@@ -39,7 +37,7 @@ spec:
       labels:
         app: dign-client
       annotations:
-        k8s.v1.cni.cncf.io/networks: macvlan-client
+        k8s.v1.cni.cncf.io/networks: br-dign-client
     spec:
       containers:
       - name: dign-client
@@ -47,13 +45,6 @@ spec:
         imagePullPolicy: Never
         workingDir: /opt/dign_client
         command: ["/bin/sh", "-c", "update-ca-certificates; tail -f /dev/null"]
-        livenessProbe:
-          exec:
-            command:
-            - ifconfig
-            - net1
-          initialDelaySeconds: 5
-          periodSeconds: 5
         securityContext:
           privileged: true
         volumeMounts:

ansible/roles/tsg-diagnose/files/dign-server.yaml

@@ -2,13 +2,12 @@
 apiVersion: "k8s.cni.cncf.io/v1"
 kind: NetworkAttachmentDefinition
 metadata:
-  name: macvlan-server
+  name: br-dign-server
 spec:
   config: '{
             "cniVersion": "0.3.0",
-            "type": "macvlan",
-            "master": "virtio_dign_s",
-            "mode": "bridge",
+            "type": "bridge",
+            "bridge": "br_dign_s",
             "ipam": {
                 "type": "host-local",
                 "ranges": [
@@ -23,14 +22,13 @@ spec:
         }'
 ---
 apiVersion: apps/v1
-kind: Deployment
+kind: DaemonSet
 metadata:
   name: dign-server
   labels:
     app: dign-server
 
 spec:
-  replicas: 1
   selector:
     matchLabels:
       app: dign-server
@@ -39,7 +37,7 @@ spec:
       labels:
         app: dign-server
       annotations:
-        k8s.v1.cni.cncf.io/networks: macvlan-server
+        k8s.v1.cni.cncf.io/networks: br-dign-server
 
     spec:
       containers:

ansible/roles/tsg-diagnose/tasks/main.yml

@@ -72,3 +72,10 @@
     - dign-client.yaml
     - dign-server.yaml
   when: runtime_env == 'TSG-X-P0906'
+
+- name: "copy iptables shell to dispatcher.d"
+  copy:
+    src: "{{ role_path }}/files/30-add_dign_br_iptable_rule.sh"
+    dest: /etc/NetworkManager/dispatcher.d/
+    mode: 0755
+  when: runtime_env == 'TSG-X-P0906'