diff --git a/ansible/roles/vsys/files/tsg-images-load.service b/ansible/roles/vsys/files/tsg-images-load.service deleted file mode 100644 index ddd9e9ed..00000000 --- a/ansible/roles/vsys/files/tsg-images-load.service +++ /dev/null @@ -1,14 +0,0 @@ -[Unit] -Description=Tsg container images loading -DefaultDependencies=no -Conflicts=shutdown.target -Requires=k3s.service -After=local-fs.target k3s.service -Before=sysinit.target shutdown.target systemd-update-done.service -ConditionNeedsUpdate=|/etc -ConditionFileNotEmpty=|/usr - -[Service] -ExecStart=/bin/sh -c "/opt/tsg/vsys1/scripts/tsg-traffic-image-load.sh" -Type=oneshot -RemainAfterExit=yes \ No newline at end of file diff --git a/ansible/roles/vsys/files/tsg-traffic-engine.service b/ansible/roles/vsys/files/tsg-traffic-engine.service deleted file mode 100644 index fa82049f..00000000 --- a/ansible/roles/vsys/files/tsg-traffic-engine.service +++ /dev/null @@ -1,13 +0,0 @@ -[Unit] -Description=Tsg vsys1 -Requires=k3s.service mrzcpd.service -After=k3s.service mrzcpd.service - -[Service] -Type=oneshot -RemainAfterExit=yes -ExecStart=/bin/sh -c "/opt/tsg/vsys1/scripts/tsg-traffic-engine.sh start" -ExecStop=/bin/sh -c "/opt/tsg/vsys1/scripts/tsg-traffic-engine.sh stop" - -[Install] -WantedBy=workload.target diff --git a/ansible/roles/vsys/files/tsg-traffic-engine.sh b/ansible/roles/vsys/files/tsg-traffic-engine.sh deleted file mode 100644 index af53b033..00000000 --- a/ansible/roles/vsys/files/tsg-traffic-engine.sh +++ /dev/null @@ -1,98 +0,0 @@ -#!/bin/bash -IMAGES_RELEASE_VAR="default" -DOCKER_IMAGES_VER="default" -IMAGES_REPO_LIST=("tsg-firewall" "tsg-proxy" "tsg-certstore" "tsg-telegraf" "tsg-init") -CONFIGMAP_NAME="vsys1-provision" -COMMAND_K3S="/usr/local/bin/k3s" -WR_PATH="/opt/tsg/vsys1/workload_resource/tsg_workload_resource.yml" -PROVISION_PATH="/data/tsg-os-provision/provision.yml" -APPEND_PROVISION_PATH="/opt/tsg/tsg-os-provision/.policy_and_log_nic_ip.yaml" - -TRAFFIC_ENGINE_ACTION=$1 - - -os_release_var_obtain(){ - HOST_OS_RELEASE_VAR=$(awk -F= '$1=="VERSION" { print $2 ;}' /etc/os-release | sed 's/\"//g' | cut -d ' ' -f1) - if [ "${DOCKER_IMAGES_VER}" == "default" ]; then - IMAGES_RELEASE_VAR=${HOST_OS_RELEASE_VAR} - else - IMAGES_RELEASE_VAR=${DOCKER_IMAGES_VER} - fi - echo "Need to import container images version:${IMAGES_RELEASE_VAR}" -} - -image_check_loaded_and_load(){ - IMAGES_REF=$(${COMMAND_K3S} ctr image list | awk '{print $1}') - for IMAGE_REPO in ${IMAGES_REPO_LIST[@]}; do - if [[ "${IMAGES_REF}" =~ "${IMAGE_REPO}:${IMAGES_RELEASE_VAR}" ]]; then - echo "Contaimer iamage loaded, repo name:${IMAGE_REPO}, tag:${IMAGES_RELEASE_VAR}" - else - IMAGE_PATH="/opt/tsg/images/${IMAGE_REPO}-${IMAGES_RELEASE_VAR}-docker.tar" - echo "Container images not load, repo name:${IMAGE_REPO}, tag:${IMAGES_RELEASE_VAR}" - if [ ! -f ${IMAGE_PATH} ]; then - echo "Containers images ${IMAGE_PATH} is not exsit! exit now" - exit 1 - fi - ${COMMAND_K3S} ctr image import ${IMAGE_PATH} - fi - done -} - -configmap_delete(){ - ${COMMAND_K3S} kubectl delete configmap ${CONFIGMAP_NAME} -} - -configmap_check_running_and_create(){ - QUERY_CONFIGMAP_RESULT=$(${COMMAND_K3S} kubectl get configmap | awk '{print $1}') - if [[ "${QUERY_CONFIGMAP_RESULT}" =~ "${CONFIGMAP_NAME}" ]]; then - echo "configmap:${CONFIGMAP_NAME} is running" - configmap_delete - else - echo "configmap:${CONFIGMAP_NAME} is not running" - fi - ${COMMAND_K3S} kubectl create configmap ${CONFIGMAP_NAME} --from-file=${PROVISION_PATH} --from-file=${APPEND_PROVISION_PATH} -} - -wr_create(){ - ${COMMAND_K3S} kubectl apply -f ${WR_PATH} -} - -wr_delete(){ - ${COMMAND_K3S} kubectl delete -f ${WR_PATH} -} - -traffic_engine_start(){ - os_release_var_obtain - image_check_loaded_and_load - configmap_check_running_and_create - wr_create -} - -traffic_engine_stop(){ - wr_delete - configmap_delete -} - -traffic_engine_status(){ - echo "Configmap list:" - ${COMMAND_K3S} kubectl get configmap - echo -e "\n" - echo "Daemonset list:" - ${COMMAND_K3S} kubectl get daemonset - echo -e "\n" - echo "Pod list:" - ${COMMAND_K3S} kubectl get pod - echo -e "\n" -} - -if [ "${TRAFFIC_ENGINE_ACTION}" == "start" ]; then - traffic_engine_start -fi - -if [ "${TRAFFIC_ENGINE_ACTION}" == "stop" ]; then - traffic_engine_stop -fi - -if [ "${TRAFFIC_ENGINE_ACTION}" == "status" ]; then - traffic_engine_status -fi \ No newline at end of file diff --git a/ansible/roles/vsys/tasks/main.yml b/ansible/roles/vsys/tasks/main.yml deleted file mode 100644 index 17e23abb..00000000 --- a/ansible/roles/vsys/tasks/main.yml +++ /dev/null @@ -1,51 +0,0 @@ -- name: "create directory for workload resource" - file: - path: "{{ item }}" - state: directory - with_items: - - /usr/lib/systemd/system/tsg-traffic-engine.service.d/ - - /opt/tsg/vsys1/workload_resource/ - - /usr/lib/systemd/system/tsg-images-load.service.d/ - - /opt/tsg/vsys1/scripts/ - -- name: "copy vsys1 service file to dest" - copy: - src: "{{ role_path }}/files/tsg-traffic-engine.service" - dest: "/usr/lib/systemd/system/" - mode: 0644 - -#- name: "copy images load service file to dest" -# copy: -# src: "{{ role_path }}/files/tsg-images-load.service" -# dest: "/usr/lib/systemd/system/tsg-images-load.service" -# mode: 0644 - -- name: 'tsg-traffic-engine service enable' - systemd: - name: tsg-traffic-engine - enabled: yes - - -- name: "templates tsg_workload_resource.yml" - template: - src: "{{role_path}}/templates/tsg_workload_resource.yml.j2.j2" - dest: /opt/tsg/tsg-os-provision/templates/tsg_workload_resource.yml.j2 - tags: template - -- name: "copy slice file to tsg-traffic-engine.service.d" - copy: - src: "{{ role_path }}/templates/service_override_slice.conf.j2" - dest: /usr/lib/systemd/system/tsg-traffic-engine.service.d/service_override_slice.conf - mode: 0644 - -# - name: "templates tsg-traffic-image-load.sh.j2" -# template: -# src: "{{role_path}}/templates/tsg-traffic-image-load.sh.j2" -# dest: /opt/tsg/vsys1/scripts/tsg-traffic-image-load.sh -# mode: 0755 - -- name: "copy tsg-traffic-engine.sh to dest" - copy: - src: "{{role_path}}/files/tsg-traffic-engine.sh" - dest: /opt/tsg/vsys1/scripts/tsg-traffic-engine.sh - mode: 0755 diff --git a/ansible/roles/vsys/templates/service_override_slice.conf.j2 b/ansible/roles/vsys/templates/service_override_slice.conf.j2 deleted file mode 100644 index db248c50..00000000 --- a/ansible/roles/vsys/templates/service_override_slice.conf.j2 +++ /dev/null @@ -1,2 +0,0 @@ -[Service] -Slice=workload.slice \ No newline at end of file diff --git a/ansible/roles/vsys/templates/tsg-traffic-image-load.sh.j2 b/ansible/roles/vsys/templates/tsg-traffic-image-load.sh.j2 deleted file mode 100644 index 0bf9e891..00000000 --- a/ansible/roles/vsys/templates/tsg-traffic-image-load.sh.j2 +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/bash -ex - -#fileLoadImageSucceeded="/data/tsg-os-provision/.images_load_succeeded" -#if [ -f $fileLoadImageSucceeded ]; then -# rm $fileLoadImageSucceeded -#fi - -/usr/local/bin/k3s ctr image import /opt/tsg/images/tsg-firewall-{{os_release_ver}}-docker.tar -/usr/local/bin/k3s ctr image import /opt/tsg/images/tsg-proxy-{{os_release_ver}}-docker.tar -/usr/local/bin/k3s ctr image import /opt/tsg/images/tsg-certstore-{{os_release_ver}}-docker.tar -/usr/local/bin/k3s ctr image import /opt/tsg/images/tsg-telegraf-{{os_release_ver}}-docker.tar -/usr/local/bin/k3s ctr image import /opt/tsg/images/tsg-init-{{os_release_ver}}-docker.tar -#touch $fileLoadImageSucceeded \ No newline at end of file diff --git a/ansible/roles/vsys/templates/tsg_workload_resource.yml.j2.j2 b/ansible/roles/vsys/templates/tsg_workload_resource.yml.j2.j2 deleted file mode 100644 index 88cad9a7..00000000 --- a/ansible/roles/vsys/templates/tsg_workload_resource.yml.j2.j2 +++ /dev/null @@ -1,238 +0,0 @@ -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: traffic-engine - labels: - app: traffic-engine - -spec: - selector: - matchLabels: - app: traffic-engine - template: - metadata: - labels: - app: traffic-engine - - spec: - tolerations: - - key: node-role.kubernetes.io/control-plane - operator: Exists - effect: NoSchedule - - key: node-role.kubernetes.io/master - operator: Exists - effect: NoSchedule - containers: - - name: firewall - image: docker.io/library/tsg-firewall:{{os_release_ver}} - imagePullPolicy: Never - workingDir: /opt/tsg/sapp - command: ["/opt/tsg/sapp/sapp"] - securityContext: - privileged: true - livenessProbe: - tcpSocket: - port: 9273 - failureThreshold: 1 - timeoutSeconds: 10 - startupProbe: - tcpSocket: - port: 9273 - failureThreshold: 90 - periodSeconds: 10 - volumeMounts: - - name: opt-tsg-mrzcpd - mountPath: /opt/tsg/mrzcpd - readOnly: false - - name: var-run-mrzcpd - mountPath: /var/run/mrzcpd - readOnly: false - - name: var-run-dpdk - mountPath: /var/run/dpdk - readOnly: false - - name: root-sys - mountPath: /root/sys - readOnly: false - - name: config-volume - mountPath: "/opt/tsg/sapp/plug/conflist.inf" - subPath: "opt/tsg/sapp/plug/conflist.inf" - - name: config-volume - mountPath: "/opt/tsg/sapp/etc/gdev.conf" - subPath: "opt/tsg/sapp/etc/gdev.conf" - - name: config-volume - mountPath: "/opt/tsg/sapp/tsgconf/main.conf" - subPath: "opt/tsg/sapp/tsgconf/main.conf" - - name: config-volume - mountPath: "/opt/tsg/sapp/tsgconf/maat.conf" - subPath: "opt/tsg/sapp/tsgconf/maat.conf" - - name: config-volume - mountPath: "/opt/tsg/sapp/plug/business/tsg_conn_sketch/tsg_conn_sketch.inf" - subPath: "opt/tsg/sapp/plug/business/tsg_conn_sketch/tsg_conn_sketch.inf" - - name: config-volume - mountPath: "/opt/tsg/sapp/etc/sapp.toml" - subPath: "opt/tsg/sapp/etc/sapp.toml" - - name: config-volume - mountPath: "/opt/tsg/sapp/etc/send_raw_pkt.conf" - subPath: "opt/tsg/sapp/etc/send_raw_pkt.conf" - - name: config-volume - mountPath: "/opt/tsg/sapp/etc/kni/kni.conf" - subPath: "opt/tsg/sapp/etc/kni/kni.conf" - - name: config-volume - mountPath: "/opt/tsg/sapp/etc/wannat/wangw.conf" - subPath: "opt/tsg/sapp/etc/wannat/wangw.conf" - - name: config-volume - mountPath: "/opt/tsg/sapp/etc/wire_graft/wire_graft.conf" - subPath: "opt/tsg/sapp/etc/wire_graft/wire_graft.conf" - - name: config-volume - mountPath: "/opt/tsg/etc/tsg_sn.json" - subPath: "opt/tsg/etc/tsg_sn.json" - - name: firewall-minidump - mountPath: /run/sapp/crashreport - -{% raw %}{% if proxy.enable == 1 %} -{% endraw %} - - name: proxy - image: docker.io/library/tsg-proxy:{{os_release_ver}} - imagePullPolicy: Never - workingDir: /opt/tsg/tfe - command: ["/bin/bash", "-c", "sleep 1;/opt/tsg/tfe/bin/tfe"] - securityContext: - privileged: true - resources: - limits: - memory: "20Gi" - requests: - memory: "10Gi" - livenessProbe: - tcpSocket: - port: 9001 - failureThreshold: 1 - timeoutSeconds: 10 - startupProbe: - tcpSocket: - port: 9001 - failureThreshold: 30 - periodSeconds: 10 - volumeMounts: - - name: opt-tsg-mrzcpd - mountPath: /opt/tsg/mrzcpd - readOnly: false - - name: var-run-mrzcpd - mountPath: /var/run/mrzcpd - readOnly: false - - name: var-run-dpdk - mountPath: /var/run/dpdk - readOnly: false - - name: root-sys - mountPath: /root/sys - readOnly: false - - name: config-volume - mountPath: "/opt/tsg/tfe/conf/tfe/tfe.conf" - subPath: "opt/tsg/tfe/conf/tfe/tfe.conf" - - name: config-volume - mountPath: "/opt/tsg/tfe/conf/pangu/pangu_pxy.conf" - subPath: "opt/tsg/tfe/conf/pangu/pangu_pxy.conf" - - name: config-volume - mountPath: "/opt/tsg/etc/tsg_sn.json" - subPath: "opt/tsg/etc/tsg_sn.json" - - name: proxy-minidump - mountPath: /run/tfe/crashreport -{% raw %}{% endif %} -{% endraw %} - - - name: certstore - image: docker.io/library/tsg-certstore:{{os_release_ver}} - imagePullPolicy: Never - workingDir: /opt/tsg/certstore - command: ["/opt/tsg/certstore/bin/certstore"] - securityContext: - privileged: true - resources: - limits: - memory: "10Gi" - requests: - memory: "5Gi" - volumeMounts: - - name: config-volume - mountPath: "/opt/tsg/certstore/conf/cert_store.ini" - subPath: "opt/tsg/certstore/conf/cert_store.ini" - - name: config-volume - mountPath: "/opt/tsg/etc/tsg_sn.json" - subPath: "opt/tsg/etc/tsg_sn.json" - - name: certstore-minidump - mountPath: /run/certstore/crashreport - - - name: cert-redis - image: docker.io/library/tsg-certstore:{{os_release_ver}} - imagePullPolicy: Never - command: ["/bin/bash","-c","/usr/bin/redis-server /etc/cert-redis.conf"] - securityContext: - privileged: true - resources: - limits: - memory: "10Gi" - requests: - memory: "5Gi" - - - name: telegraf - image: docker.io/library/tsg-telegraf:{{os_release_ver}} - imagePullPolicy: Never - command: ["/bin/bash","-c","/usr/bin/telegraf -config /etc/telegraf/telegraf_statistic.conf -config-directory /etc/telegraf/telegraf_statistic.d"] - securityContext: - privileged: true - resources: - limits: - memory: "1Gi" - volumeMounts: - - name: config-volume - mountPath: "/etc/telegraf/telegraf_statistic.conf" - subPath: "etc/telegraf/telegraf_statistic.conf" - - name: config-volume - mountPath: "/opt/tsg/etc/tsg_sn.json" - subPath: "opt/tsg/etc/tsg_sn.json" - - name: config-volume - mountPath: "/etc/default/telegraf" - subPath: "etc/default/telegraf" - - initContainers: - - name: tsg-init - image: docker.io/library/tsg-init:{{os_release_ver}} - imagePullPolicy: Never - command: ["/bin/bash","-c","ansible-playbook -i /opt/tsg/tsg-os-provision/hosts /opt/tsg/tsg-os-provision/tasks/provision.yml ; mount -o remount,rw /sys"] - securityContext: - privileged: true - volumeMounts: - - name: config-volume - mountPath: /target_config - - name: provision - mountPath: /data/tsg-os-provision - readOnly: true - - volumes: - - name: opt-tsg-mrzcpd - hostPath: - path: /opt/tsg/mrzcpd - - name: var-run-mrzcpd - hostPath: - path: /var/run/mrzcpd - - name: var-run-dpdk - hostPath: - path: /var/run/dpdk - - name: root-sys - hostPath: - path: /root/sys - - name: provision - configMap: - name: vsys1-provision - - name: config-volume - emptyDir: {} - - name: firewall-minidump - hostPath: - path: /run/sapp/crashreport - - name: proxy-minidump - hostPath: - path: /run/tfe/crashreport - - name: certstore-minidump - hostPath: - path: /run/certstore/crashreport -