Add TLS function and Optimize existing functions

QingCloudAppcenter · Oct 8, 2022 · 3798cb7 · 3798cb7
1 parent bbc6630
commit 3798cb7
Show file tree

Hide file tree

Showing 16 changed files with 1,210 additions and 137 deletions.
diff --git a/.idea/inspectionProfiles/Project_Default.xml b/.idea/inspectionProfiles/Project_Default.xml
diff --git a/ansible/files/etc/confd/conf.d/etcdauth.sh.toml b/ansible/files/etc/confd/conf.d/etcdauth.sh.toml
diff --git a/ansible/files/etc/confd/conf.d/make.sh.toml b/ansible/files/etc/confd/conf.d/make.sh.toml
@@ -5,5 +5,5 @@ mode = "0700"
 keys = [
   "/",
 ]
-reload_cmd = "/opt/app/bin/make.sh; /opt/app/bin/ctl.sh update"
+reload_cmd = "/opt/app/bin/make.sh; /opt/app/bin/ctl.sh configureDomainName; /opt/app/bin/ctl.sh update"
 
diff --git a/ansible/files/etc/confd/conf.d/tls.sh.toml b/ansible/files/etc/confd/conf.d/tls.sh.toml
@@ -0,0 +1,9 @@
+[template]
+src = "tls.sh.tmpl"
+dest = "/opt/app/bin/tls.sh"
+mode = "0700"
+keys = [
+  "/",
+]
+
+
diff --git a/ansible/files/etc/confd/templates/01.header.sh.tmpl b/ansible/files/etc/confd/templates/01.header.sh.tmpl
@@ -6,10 +6,15 @@ set -e
 {{- $myRole := replace (getv "/host/role") "_" "-" -1 }}
 {{- $mySid := getv "/host/sid" }}
 {{- $myIp := getv "/host/ip" }}
+{{- $clusterDNS := getv "/env/cluster_DNS" ".etcdsvc.common" }}
+
 
 {{- $addedInstances := ls "/adding-hosts/etcd_node" }}
 {{- $deletedInstances := ls "/deleting-hosts/etcd_node" }}
 
+{{- $addedProxyInstances := ls "/adding-hosts/etcd_proxy" }}
+{{- $deletedProxyInstances := ls "/deleting-hosts/etcd_proxy" }}
+
 {{- $isAdded := eq (len ($addedInstances | filter (getv "/host/instance_id"))) 1 }}
 {{- $isDeleted := eq (len ($deletedInstances | filter (getv "/host/instance_id"))) 1 }}
 
@@ -28,8 +33,14 @@ map() {
   done
 }
 
+{{- $enableTLS := getv "/env/enable_TLS" }}
+
 buildEndpoint() {
-  echo -n http://${1#*=}:2379
+  {{- if eq "true" $enableTLS }}
+   echo -n https://${1#*=}:2379
+  {{- else }}
+   echo -n http://${1#*=}:2379
+  {{- end }}
 }
 
 allNodes="$(sort -V - << ALL_NODES_EOF
@@ -38,6 +49,14 @@ allNodes="$(sort -V - << ALL_NODES_EOF
 {{- end }}
 ALL_NODES_EOF
 )"
+allNodesDomain="$(sort -V - << ALL_NODES_EOF
+{{- range ls "/hosts/etcd_node" }}
+{{ getv (printf "/hosts/etcd_node/%s/sid" .) }}=etcd{{ getv (printf "/hosts/etcd_node/%s/sid" .) }}{{ $clusterDNS }}
+{{- end }}
+ALL_NODES_EOF
+)"
+
+
 
 stableNodes="$(sort -V - << STABLE_NODES_EOF
 {{- range ls "/hosts/etcd_node" }}
@@ -51,3 +70,41 @@ STABLE_NODES_EOF
 )"
 stableEndpointLines=$(map buildEndpoint "$stableNodes")
 stableEndpoints=$(echo $stableEndpointLines | tr " " ",")
+
+
+stableNodesDomainName="$(sort -V - << STABLE_NODES_EOF
+{{- range ls "/hosts/etcd_node" }}
+  {{- if not (len ($addedInstances | filter .)) }}
+    {{- if not (len ($deletedInstances | filter .)) }}
+      {{ getv (printf "/hosts/etcd_node/%s/sid" .) }}=etcd{{ getv (printf "/hosts/etcd_node/%s/sid" .) }}{{ $clusterDNS }}
+    {{- end }}
+  {{- end }}
+{{- end }}
+STABLE_NODES_EOF
+)"
+
+
+hostsDomainName="$(sort -V - << STABLE_NODES_EOF
+{{- range ls "/hosts/etcd_node" }}
+  {{- if not (len ($addedInstances | filter .)) }}
+    {{- if not (len ($deletedInstances | filter .)) }}
+      {{ getv (printf "/hosts/etcd_node/%s/ip" .) }}  etcd{{ getv (printf "/hosts/etcd_node/%s/sid" .) }}{{ $clusterDNS }}
+    {{- end }}
+  {{- end }}
+{{- end }}
+STABLE_NODES_EOF
+)"
+
+
+proxyHostsDomainName="$(sort -V - << STABLE_NODES_EOF
+{{- range ls "/hosts/etcd_proxy" }}
+        {{ getv (printf "/hosts/etcd_proxy/%s/ip" .) }}  proxy{{ getv (printf "/hosts/etcd_proxy/%s/sid" .) }}{{ $clusterDNS }}
+{{- end }}
+STABLE_NODES_EOF
+)"
+
+
+
+
+
+
diff --git a/ansible/files/etc/confd/templates/02.app.env.tmpl b/ansible/files/etc/confd/templates/02.app.env.tmpl
@@ -5,29 +5,65 @@ addedNodes="$(sort -V - << ADDED_NODES_ASC_EOF
 {{- end }}
 ADDED_NODES_ASC_EOF
 )"
+addedNodesDomain="$(sort -V - << ADDED_NODES_ASC_EOF
+{{- range $addedInstances }}
+{{ getv (printf "/adding-hosts/etcd_node/%s/sid" .) }}=etcd{{ getv (printf "/hosts/etcd_node/%s/sid" .) }}{{ $clusterDNS }}
+{{- end }}
+ADDED_NODES_ASC_EOF
+)"
+addedNodesHostsDomainName="$(sort -V - << ADDED_NODES_ASC_EOF
+{{- range $addedInstances }}
+{{ getv (printf "/adding-hosts/etcd_node/%s/ip" .) }}  etcd{{ getv (printf "/hosts/etcd_node/%s/sid" .) }}{{ $clusterDNS }}
+{{- end }}
+ADDED_NODES_ASC_EOF
+)"
 deletedNodes="$(sort -Vr - << DELETED_NODES_DESC_EOF
 {{- range $deletedInstances }}
 {{ getv (printf "/deleting-hosts/etcd_node/%s/sid" .) }}={{ getv (printf "/deleting-hosts/etcd_node/%s/ip" .) }}
 {{- end }}
 DELETED_NODES_DESC_EOF
 )"
+deletedNodesDomain="$(sort -Vr - << DELETED_NODES_DESC_EOF
+{{- range $deletedInstances }}
+{{ getv (printf "/deleting-hosts/etcd_node/%s/sid" .) }}=etcd{{ getv (printf "/hosts/etcd_node/%s/sid" .) }}{{ $clusterDNS }}
+{{- end }}
+DELETED_NODES_DESC_EOF
+)"
+deletedNodesHostsDomain="$(sort -Vr - << DELETED_NODES_DESC_EOF
+{{- range $deletedInstances }}
+{{ getv (printf "/deleting-hosts/etcd_node/%s/ip" .) }}  etcd{{ getv (printf "/hosts/etcd_node/%s/sid" .) }}{{ $clusterDNS }}
+{{- end }}
+DELETED_NODES_DESC_EOF
+)"
 {{- end }}
 
 changedVariables=$(updateAndCompareFile /opt/app/bin/.env << APP_ENV_FILE
 CLUSTER_ID={{ getv "/cluster/cluster_id" }}
 ETCD_COMPACT_INTERVAL={{ getv "/env/etcautocompact" "0" }}
 ETCD_QUOTA_BYTES={{ getv "/env/etcd.quota.backend.bytes" "2147483648" }}
+ETCD_HEARTBEAT_INTERVAL={{ getv "/env/etcdheartbeatinterval" "100" }}
+ETCD_ELECTION_TIMEOUT={{ getv "/env/etcdelectiontimeout" "1000" }}
 ETCD_AUTO_COMPACTION_MODE="periodic"
 # ETCD_MAX_REQUEST_BYTES=1572864
 ETCD_ENABLE_V2="true"
+ETCD_ENABLE_TLS={{ $enableTLS }}
 MY_ROLE={{ $myRole }}
 MY_SID={{ $mySid }}
 MY_IP={{ getv "/host/ip" }}
+ETCD_CLUSTER_DNS={{ $clusterDNS }}
 STABLE_NODES="$(echo $stableNodes)"
+STABLE_NODES_DOMAIN_NAME="$(echo $stableNodesDomainName)"
+HOSTS_DOMAIN_NAME="$(echo $hostsDomainName)"
+PROXY_HOSTS_DOMAIN_NAME="$(echo $proxyHostsDomainName)"
 {{- if eq $myRole "etcd-node" }}
 ADDED_NODES="$(echo $addedNodes)"
+ADDED_NODES_DOMAIN="$(echo $addedNodesDomain)"
+ADDED_NODES_HOSTS_DOMAIN="$(echo $addedNodesHostsDomainName)"
 DELETED_NODES="$(echo $deletedNodes)"
+DELETED_NODES_DOMAIN="$(echo $deletedNodesDomain)"
+DELETED_NODES_HOSTS_DOMAIN="$(echo $deletedNodesHostsDomain)"
 ALL_NODES="$(echo $allNodes)"
+ALL_NODES_DOMAIN="$(echo $allNodesDomain)"
 IS_ADDED={{ $isAdded }}
 IS_DELETED={{ $isDeleted }}
 {{- end }}

diff --git a/ansible/files/etc/confd/templates/etcdauth.sh.tmpl b/ansible/files/etc/confd/templates/etcdauth.sh.tmpl
diff --git a/ansible/files/etc/confd/templates/tls.sh.tmpl b/ansible/files/etc/confd/templates/tls.sh.tmpl
@@ -0,0 +1 @@
+ENABLE_TLS={{ getv "/env/enable_TLS" "false" }}
diff --git a/ansible/files/opt/app/bin/common.sh b/ansible/files/opt/app/bin/common.sh
@@ -16,6 +16,9 @@ EC_MEMBER_EXISTS=15        # scale: member still exists
 EC_REPAIR_ILLEGAL_NODE=16  # repair: source node is outside cluster
 EC_UNHEALTHY=17            # check: cluster is unhealthy
 EC_NO_MEMBER_ID=18         # member: failed to find ID
+EC_NO_CA=19                # ca: failed to CA
+EC_REPAIR_FAILED=20        # repair: failed to repair
+EC_REPAIR_IP_FAILED=21        # repair: Normal node input error or Abnormal node input error
 
 workingDir=/var/lib/etcd
 appctlDir=$workingDir/appctl  # Log Dir