gfwleak/tsg-tsg-os-buildimage
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feature:删除多余的role:vsys

Browse Source
This commit is contained in:
fumingwei
2022-09-01 17:18:12 +08:00
parent 40bad0d563
commit fff654dfc0
7 changed files with 0 additions and 429 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
ansible/roles/vsys/files/tsg-images-load.service
View File

@@ -1,14 +0,0 @@
[Unit]
Description=Tsg container images loading
DefaultDependencies=no
Conflicts=shutdown.target
Requires=k3s.service
After=local-fs.target k3s.service
Before=sysinit.target shutdown.target systemd-update-done.service
ConditionNeedsUpdate=|/etc
ConditionFileNotEmpty=|/usr
[Service]
ExecStart=/bin/sh -c "/opt/tsg/vsys1/scripts/tsg-traffic-image-load.sh"
Type=oneshot
RemainAfterExit=yes

13
ansible/roles/vsys/files/tsg-traffic-engine.service
View File

@@ -1,13 +0,0 @@
[Unit]
Description=Tsg vsys1
Requires=k3s.service mrzcpd.service
After=k3s.service mrzcpd.service
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/bin/sh -c "/opt/tsg/vsys1/scripts/tsg-traffic-engine.sh start"
ExecStop=/bin/sh -c "/opt/tsg/vsys1/scripts/tsg-traffic-engine.sh stop"
[Install]
WantedBy=workload.target

98
ansible/roles/vsys/files/tsg-traffic-engine.sh
View File

@@ -1,98 +0,0 @@
#!/bin/bash
IMAGES_RELEASE_VAR="default"
DOCKER_IMAGES_VER="default"
IMAGES_REPO_LIST=("tsg-firewall" "tsg-proxy" "tsg-certstore" "tsg-telegraf" "tsg-init")
CONFIGMAP_NAME="vsys1-provision"
COMMAND_K3S="/usr/local/bin/k3s"
WR_PATH="/opt/tsg/vsys1/workload_resource/tsg_workload_resource.yml"
PROVISION_PATH="/data/tsg-os-provision/provision.yml"
APPEND_PROVISION_PATH="/opt/tsg/tsg-os-provision/.policy_and_log_nic_ip.yaml"
TRAFFIC_ENGINE_ACTION=$1
os_release_var_obtain(){
HOST_OS_RELEASE_VAR=$(awk -F= '$1=="VERSION" { print $2 ;}' /etc/os-release | sed 's/\"//g' | cut -d ' ' -f1)
if [ "${DOCKER_IMAGES_VER}" == "default" ]; then
IMAGES_RELEASE_VAR=${HOST_OS_RELEASE_VAR}
else
IMAGES_RELEASE_VAR=${DOCKER_IMAGES_VER}
fi
echo "Need to import container images version:${IMAGES_RELEASE_VAR}"
}
image_check_loaded_and_load(){
IMAGES_REF=$(${COMMAND_K3S} ctr image list | awk '{print $1}')
for IMAGE_REPO in ${IMAGES_REPO_LIST[@]}; do
if [[ "${IMAGES_REF}" =~ "${IMAGE_REPO}:${IMAGES_RELEASE_VAR}" ]]; then
echo "Contaimer iamage loaded, repo name:${IMAGE_REPO}, tag:${IMAGES_RELEASE_VAR}"
else
IMAGE_PATH="/opt/tsg/images/${IMAGE_REPO}-${IMAGES_RELEASE_VAR}-docker.tar"
echo "Container images not load, repo name:${IMAGE_REPO}, tag:${IMAGES_RELEASE_VAR}"
if [ ! -f ${IMAGE_PATH} ]; then
echo "Containers images ${IMAGE_PATH} is not exsit! exit now"
exit 1
fi
${COMMAND_K3S} ctr image import ${IMAGE_PATH}
fi
done
}
configmap_delete(){
${COMMAND_K3S} kubectl delete configmap ${CONFIGMAP_NAME}
}
configmap_check_running_and_create(){
QUERY_CONFIGMAP_RESULT=$(${COMMAND_K3S} kubectl get configmap | awk '{print $1}')
if [[ "${QUERY_CONFIGMAP_RESULT}" =~ "${CONFIGMAP_NAME}" ]]; then
echo "configmap:${CONFIGMAP_NAME} is running"
configmap_delete
else
echo "configmap:${CONFIGMAP_NAME} is not running"
fi
${COMMAND_K3S} kubectl create configmap ${CONFIGMAP_NAME} --from-file=${PROVISION_PATH} --from-file=${APPEND_PROVISION_PATH}
}
wr_create(){
${COMMAND_K3S} kubectl apply -f ${WR_PATH}
}
wr_delete(){
${COMMAND_K3S} kubectl delete -f ${WR_PATH}
}
traffic_engine_start(){
os_release_var_obtain
image_check_loaded_and_load
configmap_check_running_and_create
wr_create
}
traffic_engine_stop(){
wr_delete
configmap_delete
}
traffic_engine_status(){
echo "Configmap list:"
${COMMAND_K3S} kubectl get configmap
echo -e "\n"
echo "Daemonset list:"
${COMMAND_K3S} kubectl get daemonset
echo -e "\n"
echo "Pod list:"
${COMMAND_K3S} kubectl get pod
echo -e "\n"
}
if [ "${TRAFFIC_ENGINE_ACTION}" == "start" ]; then
traffic_engine_start
fi
if [ "${TRAFFIC_ENGINE_ACTION}" == "stop" ]; then
traffic_engine_stop
fi
if [ "${TRAFFIC_ENGINE_ACTION}" == "status" ]; then
traffic_engine_status
fi

51
ansible/roles/vsys/tasks/main.yml
View File

@@ -1,51 +0,0 @@
- name: "create directory for workload resource"
file:
path: "{{ item }}"
state: directory
with_items:
- /usr/lib/systemd/system/tsg-traffic-engine.service.d/
- /opt/tsg/vsys1/workload_resource/
- /usr/lib/systemd/system/tsg-images-load.service.d/
- /opt/tsg/vsys1/scripts/
- name: "copy vsys1 service file to dest"
copy:
src: "{{ role_path }}/files/tsg-traffic-engine.service"
dest: "/usr/lib/systemd/system/"
mode: 0644
#- name: "copy images load service file to dest"
# copy:
# src: "{{ role_path }}/files/tsg-images-load.service"
# dest: "/usr/lib/systemd/system/tsg-images-load.service"
# mode: 0644
- name: 'tsg-traffic-engine service enable'
systemd:
name: tsg-traffic-engine
enabled: yes
- name: "templates tsg_workload_resource.yml"
template:
src: "{{role_path}}/templates/tsg_workload_resource.yml.j2.j2"
dest: /opt/tsg/tsg-os-provision/templates/tsg_workload_resource.yml.j2
tags: template
- name: "copy slice file to tsg-traffic-engine.service.d"
copy:
src: "{{ role_path }}/templates/service_override_slice.conf.j2"
dest: /usr/lib/systemd/system/tsg-traffic-engine.service.d/service_override_slice.conf
mode: 0644
# - name: "templates tsg-traffic-image-load.sh.j2"
# template:
# src: "{{role_path}}/templates/tsg-traffic-image-load.sh.j2"
# dest: /opt/tsg/vsys1/scripts/tsg-traffic-image-load.sh
# mode: 0755
- name: "copy tsg-traffic-engine.sh to dest"
copy:
src: "{{role_path}}/files/tsg-traffic-engine.sh"
dest: /opt/tsg/vsys1/scripts/tsg-traffic-engine.sh
mode: 0755

2
ansible/roles/vsys/templates/service_override_slice.conf.j2
View File

@@ -1,2 +0,0 @@
[Service]
Slice=workload.slice

13
ansible/roles/vsys/templates/tsg-traffic-image-load.sh.j2
View File

@@ -1,13 +0,0 @@
#!/bin/bash -ex
#fileLoadImageSucceeded="/data/tsg-os-provision/.images_load_succeeded"
#if [ -f $fileLoadImageSucceeded ]; then
# rm $fileLoadImageSucceeded
#fi
/usr/local/bin/k3s ctr image import /opt/tsg/images/tsg-firewall-{{os_release_ver}}-docker.tar
/usr/local/bin/k3s ctr image import /opt/tsg/images/tsg-proxy-{{os_release_ver}}-docker.tar
/usr/local/bin/k3s ctr image import /opt/tsg/images/tsg-certstore-{{os_release_ver}}-docker.tar
/usr/local/bin/k3s ctr image import /opt/tsg/images/tsg-telegraf-{{os_release_ver}}-docker.tar
/usr/local/bin/k3s ctr image import /opt/tsg/images/tsg-init-{{os_release_ver}}-docker.tar
#touch $fileLoadImageSucceeded

238
ansible/roles/vsys/templates/tsg_workload_resource.yml.j2.j2
View File

@@ -1,238 +0,0 @@
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: traffic-engine
labels:
app: traffic-engine
spec:
selector:
matchLabels:
app: traffic-engine
template:
metadata:
labels:
app: traffic-engine
spec:
tolerations:
- key: node-role.kubernetes.io/control-plane
operator: Exists
effect: NoSchedule
- key: node-role.kubernetes.io/master
operator: Exists
effect: NoSchedule
containers:
- name: firewall
image: docker.io/library/tsg-firewall:{{os_release_ver}}
imagePullPolicy: Never
workingDir: /opt/tsg/sapp
command: ["/opt/tsg/sapp/sapp"]
securityContext:
privileged: true
livenessProbe:
tcpSocket:
port: 9273
failureThreshold: 1
timeoutSeconds: 10
startupProbe:
tcpSocket:
port: 9273
failureThreshold: 90
periodSeconds: 10
volumeMounts:
- name: opt-tsg-mrzcpd
mountPath: /opt/tsg/mrzcpd
readOnly: false
- name: var-run-mrzcpd
mountPath: /var/run/mrzcpd
readOnly: false
- name: var-run-dpdk
mountPath: /var/run/dpdk
readOnly: false
- name: root-sys
mountPath: /root/sys
readOnly: false
- name: config-volume
mountPath: "/opt/tsg/sapp/plug/conflist.inf"
subPath: "opt/tsg/sapp/plug/conflist.inf"
- name: config-volume
mountPath: "/opt/tsg/sapp/etc/gdev.conf"
subPath: "opt/tsg/sapp/etc/gdev.conf"
- name: config-volume
mountPath: "/opt/tsg/sapp/tsgconf/main.conf"
subPath: "opt/tsg/sapp/tsgconf/main.conf"
- name: config-volume
mountPath: "/opt/tsg/sapp/tsgconf/maat.conf"
subPath: "opt/tsg/sapp/tsgconf/maat.conf"
- name: config-volume
mountPath: "/opt/tsg/sapp/plug/business/tsg_conn_sketch/tsg_conn_sketch.inf"
subPath: "opt/tsg/sapp/plug/business/tsg_conn_sketch/tsg_conn_sketch.inf"
- name: config-volume
mountPath: "/opt/tsg/sapp/etc/sapp.toml"
subPath: "opt/tsg/sapp/etc/sapp.toml"
- name: config-volume
mountPath: "/opt/tsg/sapp/etc/send_raw_pkt.conf"
subPath: "opt/tsg/sapp/etc/send_raw_pkt.conf"
- name: config-volume
mountPath: "/opt/tsg/sapp/etc/kni/kni.conf"
subPath: "opt/tsg/sapp/etc/kni/kni.conf"
- name: config-volume
mountPath: "/opt/tsg/sapp/etc/wannat/wangw.conf"
subPath: "opt/tsg/sapp/etc/wannat/wangw.conf"
- name: config-volume
mountPath: "/opt/tsg/sapp/etc/wire_graft/wire_graft.conf"
subPath: "opt/tsg/sapp/etc/wire_graft/wire_graft.conf"
- name: config-volume
mountPath: "/opt/tsg/etc/tsg_sn.json"
subPath: "opt/tsg/etc/tsg_sn.json"
- name: firewall-minidump
mountPath: /run/sapp/crashreport
{% raw %}{% if proxy.enable == 1 %}
{% endraw %}
- name: proxy
image: docker.io/library/tsg-proxy:{{os_release_ver}}
imagePullPolicy: Never
workingDir: /opt/tsg/tfe
command: ["/bin/bash", "-c", "sleep 1;/opt/tsg/tfe/bin/tfe"]
securityContext:
privileged: true
resources:
limits:
memory: "20Gi"
requests:
memory: "10Gi"
livenessProbe:
tcpSocket:
port: 9001
failureThreshold: 1
timeoutSeconds: 10
startupProbe:
tcpSocket:
port: 9001
failureThreshold: 30
periodSeconds: 10
volumeMounts:
- name: opt-tsg-mrzcpd
mountPath: /opt/tsg/mrzcpd
readOnly: false
- name: var-run-mrzcpd
mountPath: /var/run/mrzcpd
readOnly: false
- name: var-run-dpdk
mountPath: /var/run/dpdk
readOnly: false
- name: root-sys
mountPath: /root/sys
readOnly: false
- name: config-volume
mountPath: "/opt/tsg/tfe/conf/tfe/tfe.conf"
subPath: "opt/tsg/tfe/conf/tfe/tfe.conf"
- name: config-volume
mountPath: "/opt/tsg/tfe/conf/pangu/pangu_pxy.conf"
subPath: "opt/tsg/tfe/conf/pangu/pangu_pxy.conf"
- name: config-volume
mountPath: "/opt/tsg/etc/tsg_sn.json"
subPath: "opt/tsg/etc/tsg_sn.json"
- name: proxy-minidump
mountPath: /run/tfe/crashreport
{% raw %}{% endif %}
{% endraw %}
- name: certstore
image: docker.io/library/tsg-certstore:{{os_release_ver}}
imagePullPolicy: Never
workingDir: /opt/tsg/certstore
command: ["/opt/tsg/certstore/bin/certstore"]
securityContext:
privileged: true
resources:
limits:
memory: "10Gi"
requests:
memory: "5Gi"
volumeMounts:
- name: config-volume
mountPath: "/opt/tsg/certstore/conf/cert_store.ini"
subPath: "opt/tsg/certstore/conf/cert_store.ini"
- name: config-volume
mountPath: "/opt/tsg/etc/tsg_sn.json"
subPath: "opt/tsg/etc/tsg_sn.json"
- name: certstore-minidump
mountPath: /run/certstore/crashreport
- name: cert-redis
image: docker.io/library/tsg-certstore:{{os_release_ver}}
imagePullPolicy: Never
command: ["/bin/bash","-c","/usr/bin/redis-server /etc/cert-redis.conf"]
securityContext:
privileged: true
resources:
limits:
memory: "10Gi"
requests:
memory: "5Gi"
- name: telegraf
image: docker.io/library/tsg-telegraf:{{os_release_ver}}
imagePullPolicy: Never
command: ["/bin/bash","-c","/usr/bin/telegraf -config /etc/telegraf/telegraf_statistic.conf -config-directory /etc/telegraf/telegraf_statistic.d"]
securityContext:
privileged: true
resources:
limits:
memory: "1Gi"
volumeMounts:
- name: config-volume
mountPath: "/etc/telegraf/telegraf_statistic.conf"
subPath: "etc/telegraf/telegraf_statistic.conf"
- name: config-volume
mountPath: "/opt/tsg/etc/tsg_sn.json"
subPath: "opt/tsg/etc/tsg_sn.json"
- name: config-volume
mountPath: "/etc/default/telegraf"
subPath: "etc/default/telegraf"
initContainers:
- name: tsg-init
image: docker.io/library/tsg-init:{{os_release_ver}}
imagePullPolicy: Never
command: ["/bin/bash","-c","ansible-playbook -i /opt/tsg/tsg-os-provision/hosts /opt/tsg/tsg-os-provision/tasks/provision.yml ; mount -o remount,rw /sys"]
securityContext:
privileged: true
volumeMounts:
- name: config-volume
mountPath: /target_config
- name: provision
mountPath: /data/tsg-os-provision
readOnly: true
volumes:
- name: opt-tsg-mrzcpd
hostPath:
path: /opt/tsg/mrzcpd
- name: var-run-mrzcpd
hostPath:
path: /var/run/mrzcpd
- name: var-run-dpdk
hostPath:
path: /var/run/dpdk
- name: root-sys
hostPath:
path: /root/sys
- name: provision
configMap:
name: vsys1-provision
- name: config-volume
emptyDir: {}
- name: firewall-minidump
hostPath:
path: /run/sapp/crashreport
- name: proxy-minidump
hostPath:
path: /run/tfe/crashreport
- name: certstore-minidump
hostPath:
path: /run/certstore/crashreport