From 35efbb1d647f855e780dbfa872290e2245cb3be2 Mon Sep 17 00:00:00 2001
From: fumingwei <fumingwei@geedgenetworks.com>
Date: Thu, 2 Jun 2022 09:16:57 +0800
Subject: 构建测试demo
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 demo/ansible/hosts                              |  2 +
 demo/ansible/provision.yml                      | 70 +++++++++++++++++++
 demo/ansible/tasks/provision.yml                | 18 +++++
 demo/ansible/templates/tsg-containerd-wr.yml.j2 | 91 +++++++++++++++++++++++++
 demo/provision.sh                               |  3 +
 demo/provision.yml                              | 67 ------------------
 6 files changed, 184 insertions(+), 67 deletions(-)
 create mode 100644 demo/ansible/hosts
 create mode 100644 demo/ansible/provision.yml
 create mode 100644 demo/ansible/tasks/provision.yml
 create mode 100644 demo/ansible/templates/tsg-containerd-wr.yml.j2
 create mode 100644 demo/provision.sh
 delete mode 100644 demo/provision.yml

diff --git a/demo/ansible/hosts b/demo/ansible/hosts
new file mode 100644
index 0000000..71c3838
--- /dev/null
+++ b/demo/ansible/hosts
@@ -0,0 +1,2 @@
+[provision]
+localhost ansible_connection=local
\ No newline at end of file
diff --git a/demo/ansible/provision.yml b/demo/ansible/provision.yml
new file mode 100644
index 0000000..f0ffe66
--- /dev/null
+++ b/demo/ansible/provision.yml
@@ -0,0 +1,70 @@
+version: 1
+
+vsys:
+  id: vsys1
+
+device:
+  tags:
+    - device_group: group-xxg-three
+    - data_center: center-xxg-three
+
+session_id_generator:
+  snowflake_worker_id_base: 3
+  snowflake_worker_id_offset: 2
+
+
+feature:
+  enable_stream_bypass_under_ddos: 1
+
+firewall:
+  enable: 1
+
+proxy:
+  enable: 1
+
+sessionrecord:
+  enable: 1
+  enable_dns_record: 1
+  enable_rtp_record: 1
+
+capturepacket:
+  enable: 1
+
+radius:
+  enable: 1
+
+gtp:
+  enable_gtp_c_record: 1
+  
+wannat:
+  enable: 1
+  nat_gateway_address: "192.168.40.134"
+  reachability_test_server_address: "192.168.40.134"
+
+ddossketch:
+  enable: 1
+
+app:
+  identify_by:
+    user_defined_signature: 1
+    builtin_app_engine: 1
+
+cm:
+  policy_server:
+    address: "192.168.44.72"
+    port: 7003
+
+olap:
+  kafka_broker:
+    address_list: ['192.168.44.11:9094','192.168.44.14:9094','192.168.44.15:9094']
+  hos_server:
+    address: "192.168.44.67"
+    port: 9098
+
+coredump:
+  format: core
+  collect: local
+  sentry_url: https://sentry.mesalab.cn/api/3/minidump/?sentry_key=e8e446bb3bd8435c97f4c01770ca7025
+
+app_behavior:
+  enable: 1
diff --git a/demo/ansible/tasks/provision.yml b/demo/ansible/tasks/provision.yml
new file mode 100644
index 0000000..4d566a5
--- /dev/null
+++ b/demo/ansible/tasks/provision.yml
@@ -0,0 +1,18 @@
+---
+- hosts: provision
+  tasks:
+    - name: create vsys workload resource directory
+      file:
+        path: /opt/tsg/{{vsys.id}}/containerd/workload-resouce
+        state: directory
+
+    - name: Template the tsg-containerd-wr.yml
+      template:
+        src: "../templates/tsg-containerd-wr.yml.j2"
+        dest: /opt/tsg/{{vsys.id}}/containerd/workload-resouce/tsg-containerd-wr.yml
+
+    - name: Apply configmap
+      shell: kubectl create configmap {{vsys.id}}-provision-config --from-file provision.yml
+
+    - name: Apply tsg-containerd-wr.yml
+      shell: kubectl apply -f /opt/tsg/{{vsys.id}}/containerd/workload-resouce/tsg-containerd-wr.yml
\ No newline at end of file
diff --git a/demo/ansible/templates/tsg-containerd-wr.yml.j2 b/demo/ansible/templates/tsg-containerd-wr.yml.j2
new file mode 100644
index 0000000..9b8566a
--- /dev/null
+++ b/demo/ansible/templates/tsg-containerd-wr.yml.j2
@@ -0,0 +1,91 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ vsys.id }}
+  labels:
+    app: {{ vsys.id }}
+
+spec:
+  selector:
+    matchLabels:
+      app: {{ vsys.id }}
+  template:
+    metadata:
+      labels:
+        app: {{ vsys.id }}
+
+    spec:
+      tolerations:
+      - key: node-role.kubernetes.io/control-plane
+        operator: Exists
+        effect: NoSchedule
+      - key: node-role.kubernetes.io/master
+        operator: Exists
+        effect: NoSchedule
+      containers:
+      - name: firewall
+        image: docker.io/library/tsg:firewall
+        imagePullPolicy: Never
+        command: ["/bin/bash", "-c", "tail -f /dev/null"]
+        securityContext:
+          privileged: true
+
+        volumeMounts:
+        - mountPath: /opt/tsg/mrzcpd
+          name: opt-tsg-mrzcpd
+          readOnly: false
+        - mountPath: /var/run/mrzcpd
+          name: var-run-mrzcpd
+          readOnly: false
+        - mountPath: /var/run/dpdk
+          name: var-run-dpdk
+          readOnly: false
+        - mountPath: /root/sys
+          name: root-sys
+          readOnly: false
+        - name: provision-config
+          mountPath: "/data/tsg-os-provision"
+          readOnly: true
+
+{% if proxy.enable == 1 %}
+      - name: proxy
+        image: docker.io/library/tsg:proxy
+        imagePullPolicy: Never
+        command: ["/bin/bash", "-c", "tail -f /dev/null"]
+        securityContext:
+          privileged: true
+
+        volumeMounts:
+        - mountPath: /opt/tsg/mrzcpd
+          name: opt-tsg-mrzcpd
+          readOnly: false
+        - mountPath: /var/run/mrzcpd
+          name: var-run-mrzcpd
+          readOnly: false
+        - mountPath: /var/run/dpdk
+          name: var-run-dpdk
+          readOnly: false
+        - mountPath: /root/sys
+          name: root-sys
+          readOnly: false
+        - name: provision-config
+          mountPath: "/data/tsg-os-provision"
+          readOnly: true
+{% endif %}
+
+      volumes:
+      - name: opt-tsg-mrzcpd
+        hostPath:
+          path: /opt/tsg/mrzcpd
+      - name: var-run-mrzcpd
+        hostPath:
+          path: /var/run/mrzcpd
+      - name: var-run-dpdk
+        hostPath:
+          path: /var/run/dpdk
+      - name: root-sys
+        hostPath:
+          path: /root/sys
+      - name: provision-config
+        configMap:
+          name: {{vsys.id}}-prosivion-config
\ No newline at end of file
diff --git a/demo/provision.sh b/demo/provision.sh
new file mode 100644
index 0000000..52f2d32
--- /dev/null
+++ b/demo/provision.sh
@@ -0,0 +1,3 @@
+#!/bin/bash -ex
+
+ansible-playbook  -i ansible/hosts  -e @ansible/provision.yml  ansible/tasks/provision.yml
\ No newline at end of file
diff --git a/demo/provision.yml b/demo/provision.yml
deleted file mode 100644
index ec96db3..0000000
--- a/demo/provision.yml
+++ /dev/null
@@ -1,67 +0,0 @@
-version: 1
-
-device:
-  tags:
-    - device_group: group-xxg-three
-    - data_center: center-xxg-three
-
-session_id_generator:
-  snowflake_worker_id_base: 3
-  snowflake_worker_id_offset: 2
-
-
-feature:
-  enable_stream_bypass_under_ddos: 1
-
-firewall:
-  enable: 1
-
-proxy:
-  enable: 1
-
-sessionrecord:
-  enable: 1
-  enable_dns_record: 1
-  enable_rtp_record: 1
-
-capturepacket:
-  enable: 1
-
-radius:
-  enable: 1
-
-gtp:
-  enable_gtp_c_record: 1
-  
-wannat:
-  enable: 1
-  nat_gateway_address: "192.168.40.134"
-  reachability_test_server_address: "192.168.40.134"
-
-ddossketch:
-  enable: 1
-
-app:
-  identify_by:
-    user_defined_signature: 1
-    builtin_app_engine: 1
-
-cm:
-  policy_server:
-    address: "192.168.44.72"
-    port: 7003
-
-olap:
-  kafka_broker:
-    address_list: ['192.168.44.11:9094','192.168.44.14:9094','192.168.44.15:9094']
-  hos_server:
-    address: "192.168.44.67"
-    port: 9098
-
-coredump:
-  format: core
-  collect: local
-  sentry_url: https://sentry.mesalab.cn/api/3/minidump/?sentry_key=e8e446bb3bd8435c97f4c01770ca7025
-
-app_behavior:
-  enable: 1
-- 
cgit v1.2.3