From fdebac13329152082473e4b753ccdde3abb44330 Mon Sep 17 00:00:00 2001 From: fumingwei Date: Thu, 29 Sep 2022 15:56:58 +0800 Subject: [PATCH] =?UTF-8?q?feature:TSG-12014:=E4=BF=AE=E6=94=B9=E8=87=AA?= =?UTF-8?q?=E6=A3=80=E9=93=BE=E8=B7=AFcni=E7=94=B1macvlan=E6=94=B9?= =?UTF-8?q?=E5=A4=96bridge?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ansible/roles/mrzcpd/tasks/main.yml | 7 +++++++ .../templates/service_add_dev_to_bridge.conf | 3 +++ .../files/30-add_dign_br_iptable_rule.sh | 15 +++++++++++++++ .../roles/tsg-diagnose/files/dign-client.yaml | 19 +++++-------------- .../roles/tsg-diagnose/files/dign-server.yaml | 12 +++++------- ansible/roles/tsg-diagnose/tasks/main.yml | 7 +++++++ 6 files changed, 42 insertions(+), 21 deletions(-) create mode 100644 ansible/roles/mrzcpd/templates/service_add_dev_to_bridge.conf create mode 100644 ansible/roles/tsg-diagnose/files/30-add_dign_br_iptable_rule.sh diff --git a/ansible/roles/mrzcpd/tasks/main.yml b/ansible/roles/mrzcpd/tasks/main.yml index c297ef40..800ef605 100644 --- a/ansible/roles/mrzcpd/tasks/main.yml +++ b/ansible/roles/mrzcpd/tasks/main.yml @@ -133,6 +133,13 @@ when: - runtime_env == 'TSG-X-P0906' +- name: "copy add_dev_to_bridge to mrzcpd.service.d" + copy: + src: "{{ role_path }}/templates/service_add_dev_to_bridge.conf" + dest: /usr/lib/systemd/system/mrzcpd.service.d/ + mode: 0644 + when: runtime_env == 'TSG-X-P0906' + ##################### mrzcpd ##################### - name: "enable mrenv" systemd: diff --git a/ansible/roles/mrzcpd/templates/service_add_dev_to_bridge.conf b/ansible/roles/mrzcpd/templates/service_add_dev_to_bridge.conf new file mode 100644 index 00000000..5c558077 --- /dev/null +++ b/ansible/roles/mrzcpd/templates/service_add_dev_to_bridge.conf @@ -0,0 +1,3 @@ +[Service] +ExecStartPost=/usr/sbin/ip link set dev virtio_dign_c master br_dign_c +ExecStartPost=/usr/sbin/ip link set dev virtio_dign_s master br_dign_s diff --git a/ansible/roles/tsg-diagnose/files/30-add_dign_br_iptable_rule.sh b/ansible/roles/tsg-diagnose/files/30-add_dign_br_iptable_rule.sh new file mode 100644 index 00000000..a92c76f1 --- /dev/null +++ b/ansible/roles/tsg-diagnose/files/30-add_dign_br_iptable_rule.sh @@ -0,0 +1,15 @@ +#!/usr/bin/env bash + +interface=$1 +event=$2 + +if [[ $interface == "br_dign_c" ]] && [[ $event == "up" ]] +then + iptables -t raw -I PREROUTING -i br_dign_c -j NOTRACK +fi + +if [[ $interface == "br_dign_s" ]] && [[ $event == "up" ]] +then + iptables -t raw -I PREROUTING -i br_dign_s -j NOTRACK +fi + diff --git a/ansible/roles/tsg-diagnose/files/dign-client.yaml b/ansible/roles/tsg-diagnose/files/dign-client.yaml index 98f4eb26..531a942b 100644 --- a/ansible/roles/tsg-diagnose/files/dign-client.yaml +++ b/ansible/roles/tsg-diagnose/files/dign-client.yaml @@ -2,13 +2,12 @@ apiVersion: "k8s.cni.cncf.io/v1" kind: NetworkAttachmentDefinition metadata: - name: macvlan-client + name: br-dign-client spec: config: '{ "cniVersion": "0.3.0", - "type": "macvlan", - "master": "virtio_dign_c", - "mode": "bridge", + "type": "bridge", + "bridge": "br_dign_c", "ipam": { "type": "host-local", "ranges": [ @@ -23,14 +22,13 @@ spec: }' --- apiVersion: apps/v1 -kind: Deployment +kind: DaemonSet metadata: name: dign-client labels: app: dign-client spec: - replicas: 1 selector: matchLabels: app: dign-client @@ -39,7 +37,7 @@ spec: labels: app: dign-client annotations: - k8s.v1.cni.cncf.io/networks: macvlan-client + k8s.v1.cni.cncf.io/networks: br-dign-client spec: containers: - name: dign-client @@ -47,13 +45,6 @@ spec: imagePullPolicy: Never workingDir: /opt/dign_client command: ["/bin/sh", "-c", "update-ca-certificates; tail -f /dev/null"] - livenessProbe: - exec: - command: - - ifconfig - - net1 - initialDelaySeconds: 5 - periodSeconds: 5 securityContext: privileged: true volumeMounts: diff --git a/ansible/roles/tsg-diagnose/files/dign-server.yaml b/ansible/roles/tsg-diagnose/files/dign-server.yaml index 68a6a3f7..60de4183 100644 --- a/ansible/roles/tsg-diagnose/files/dign-server.yaml +++ b/ansible/roles/tsg-diagnose/files/dign-server.yaml @@ -2,13 +2,12 @@ apiVersion: "k8s.cni.cncf.io/v1" kind: NetworkAttachmentDefinition metadata: - name: macvlan-server + name: br-dign-server spec: config: '{ "cniVersion": "0.3.0", - "type": "macvlan", - "master": "virtio_dign_s", - "mode": "bridge", + "type": "bridge", + "bridge": "br_dign_s", "ipam": { "type": "host-local", "ranges": [ @@ -23,14 +22,13 @@ spec: }' --- apiVersion: apps/v1 -kind: Deployment +kind: DaemonSet metadata: name: dign-server labels: app: dign-server spec: - replicas: 1 selector: matchLabels: app: dign-server @@ -39,7 +37,7 @@ spec: labels: app: dign-server annotations: - k8s.v1.cni.cncf.io/networks: macvlan-server + k8s.v1.cni.cncf.io/networks: br-dign-server spec: containers: diff --git a/ansible/roles/tsg-diagnose/tasks/main.yml b/ansible/roles/tsg-diagnose/tasks/main.yml index 48314834..19b1819a 100644 --- a/ansible/roles/tsg-diagnose/tasks/main.yml +++ b/ansible/roles/tsg-diagnose/tasks/main.yml @@ -72,3 +72,10 @@ - dign-client.yaml - dign-server.yaml when: runtime_env == 'TSG-X-P0906' + +- name: "copy iptables shell to dispatcher.d" + copy: + src: "{{ role_path }}/files/30-add_dign_br_iptable_rule.sh" + dest: /etc/NetworkManager/dispatcher.d/ + mode: 0755 + when: runtime_env == 'TSG-X-P0906'