[agent-go] [Bastion] - swap firewall
This commit is contained in:
zeaslity
@@ -218,21 +218,9 @@ func (op *AgentOsOperator) shutdownFirewall() [][]string {
|
||||
return shutdownFunc
|
||||
}
|
||||
|
||||
func (op *AgentOsOperator) shutdownFirewallBastion() (bool, []string) {
|
||||
func (op *AgentOsOperator) DisableFirewallBastion() (bool, []string) {
|
||||
|
||||
shutdownFunc := [][]string{
|
||||
{"systemctl", "stop", "firewalld"},
|
||||
{"systemctl", "disable", "firewalld"},
|
||||
{"systemctl", "stop", "ufw"},
|
||||
{"systemctl", "disable", "ufw"},
|
||||
{"iptables", "-F"},
|
||||
}
|
||||
// 忽略错误
|
||||
_, resultLog := AllCompleteExecutor(shutdownFunc)
|
||||
|
||||
// centos
|
||||
|
||||
return true, resultLog
|
||||
return op.shutdownFirewallExec()
|
||||
}
|
||||
|
||||
func (op *AgentOsOperator) shutdownFirewallExec() (bool, []string) {
|
||||
@@ -269,6 +257,18 @@ func (op *AgentOsOperator) modifyHostnameExec(args []string) (bool, []string) {
|
||||
return ok, resultLog
|
||||
}
|
||||
|
||||
func (op *AgentOsOperator) modifySystemConfigExec() (bool, []string) {
|
||||
|
||||
// ssh config
|
||||
// system redirection
|
||||
|
||||
return true, nil
|
||||
}
|
||||
|
||||
func (op *AgentOsOperator) ModifySysConfigBastion() (bool, []string) {
|
||||
return op.modifySystemConfigExec()
|
||||
}
|
||||
|
||||
func (op *AgentOsOperator) enableSwap() [][]string {
|
||||
|
||||
enableSwapFunc := [][]string{
|
||||
@@ -317,8 +317,6 @@ func (op *AgentOsOperator) disableSwap() [][]string {
|
||||
|
||||
func (op *AgentOsOperator) disableSwapExec() (bool, []string) {
|
||||
|
||||
var resultLog []string
|
||||
|
||||
// 备份文件存在,pass
|
||||
if !BasicFileExists("/etc/fstab_back_wdd") {
|
||||
AllCommandExecutor([]string{
|
||||
@@ -329,7 +327,7 @@ func (op *AgentOsOperator) disableSwapExec() (bool, []string) {
|
||||
})
|
||||
}
|
||||
// 执行关闭操作
|
||||
_, lre := AllCompleteExecutor(
|
||||
AllCompleteExecutor(
|
||||
[][]string{
|
||||
{
|
||||
"swapoff",
|
||||
@@ -343,9 +341,12 @@ func (op *AgentOsOperator) disableSwapExec() (bool, []string) {
|
||||
},
|
||||
})
|
||||
|
||||
resultLog = append(resultLog, lre...)
|
||||
return true, nil
|
||||
}
|
||||
|
||||
return true, resultLog
|
||||
func (op *AgentOsOperator) DisableSwapBastion() (bool, []string) {
|
||||
|
||||
return op.disableSwapExec()
|
||||
}
|
||||
|
||||
func (op *AgentOsOperator) disableSELinuxExec() (bool, []string) {
|
||||
@@ -372,6 +373,10 @@ func (op *AgentOsOperator) disableSELinuxExec() (bool, []string) {
|
||||
return true, []string{}
|
||||
}
|
||||
|
||||
func (op *AgentOsOperator) DisableSelinuxBastion() (bool, []string) {
|
||||
return op.disableSELinuxExec()
|
||||
}
|
||||
|
||||
func (op *AgentOsOperator) installDefaultSSHKeyExec(funcArgs []string) (bool, []string) {
|
||||
|
||||
// ssh-keygen -t ed25519 -C "wdd@cmii.com"
|
||||
@@ -419,6 +424,55 @@ func (op *AgentOsOperator) installDefaultSSHKeyExec(funcArgs []string) (bool, []
|
||||
"[installDefaultSSHKeyExec] - authorized_keys don't contain the ssh-pub key !",
|
||||
}
|
||||
}
|
||||
func (op *AgentOsOperator) InstallDefaultSshBastion() (bool, []string) {
|
||||
// ssh-keygen -t ed25519 -C "wdd@cmii.com"
|
||||
// ssh-keygen -t rsa -P "" -f /root/.ssh/id_rsa -b 4096
|
||||
BasicCreateFolder("/root/.ssh/")
|
||||
|
||||
// check key exists
|
||||
if BasicFileExistAndNotNull("/root/.ssh/id_ed25519") {
|
||||
if BasicFileExistAndNotNull("/root/.ssh/id_ed25519.pub") {
|
||||
if BasicGrepItemInFile("wdd@cmii.com", "/root/.ssh/authorized_keys") {
|
||||
return true, nil
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// download standard private and public key
|
||||
if !BasicAppendOverwriteContentToFile(beans.Ed25519PrivateKey, "/root/.ssh/id_ed25519") {
|
||||
return false, []string{
|
||||
"[installDefaultSSHKeyExec] - error appending private ssh key to authorized_keys !",
|
||||
}
|
||||
}
|
||||
if !BasicAppendOverwriteContentToFile(beans.Ed25519PublicKey, "/root/.ssh/id_ed25519.pu") {
|
||||
return false, []string{
|
||||
"[installDefaultSSHKeyExec] - error appending public ssh key to authorized_keys !",
|
||||
}
|
||||
}
|
||||
|
||||
// write into authorized_keys
|
||||
if !BasicAppendSourceToFile("/root/.ssh/id_ed25519.pub", "/root/.ssh/authorized_keys") {
|
||||
return false, []string{
|
||||
"[installDefaultSSHKeyExec] - error appending ssh key to authorized_keys !",
|
||||
}
|
||||
}
|
||||
|
||||
AllCommandExecutor([]string{
|
||||
"chmod",
|
||||
"600",
|
||||
"/root/.ssh/id_ed25519",
|
||||
})
|
||||
|
||||
// check
|
||||
if BasicGrepItemInFile("wdd@cmii.com", "/root/.ssh/authorized_keys") {
|
||||
log.Info("installDefaultSSHKeyExec - authorized_keys contain the ssh-pub key !")
|
||||
return true, nil
|
||||
}
|
||||
|
||||
return false, []string{
|
||||
"[installDefaultSSHKeyExec] - authorized_keys don't contain the ssh-pub key !",
|
||||
}
|
||||
}
|
||||
|
||||
func (op *AgentOsOperator) removeDocker() [][]string {
|
||||
|
||||
@@ -1162,11 +1216,7 @@ func (op *AgentOsOperator) installDockerComposeExec() (bool, []string) {
|
||||
if !ok {
|
||||
return false, resultLog
|
||||
}
|
||||
|
||||
log.Debug("docker-compose下载成功!")
|
||||
if !BasicFileExistAndNotNull("/usr/local/bin/docker-compose") {
|
||||
return false, []string{"docker-compose 下载失败!"}
|
||||
}
|
||||
|
||||
AllCompleteExecutor([][]string{
|
||||
{
|
||||
@@ -1181,8 +1231,36 @@ func (op *AgentOsOperator) installDockerComposeExec() (bool, []string) {
|
||||
}
|
||||
|
||||
func (op *AgentOsOperator) InstallDockerComposeBastion() (bool, []string) {
|
||||
|
||||
log.Info("准备安装docker-compose => 版本为 2.18.0 !")
|
||||
|
||||
var DockerComposeFile string
|
||||
if strings.HasPrefix(op.AgentArch, "amd") {
|
||||
DockerComposeFile = op.OssOfflinePrefix + "docker-compose-linux-x86_64-v2.18.0"
|
||||
} else if strings.HasPrefix(op.AgentArch, "arm64") {
|
||||
DockerComposeFile = op.OssOfflinePrefix + "docker-compose-linux-aarch64-v2.18.0"
|
||||
}
|
||||
|
||||
// check file exits
|
||||
if !BasicFileExistInFolder(DockerComposeFile) {
|
||||
sprintf := fmt.Sprintf("docker-compose 离线安装文件不存在! => %s", DockerComposeFile)
|
||||
return false, []string{
|
||||
sprintf,
|
||||
}
|
||||
}
|
||||
|
||||
AllCompleteExecutor([][]string{
|
||||
{
|
||||
"chmod", "+x", "/usr/local/bin/docker-compose",
|
||||
},
|
||||
{
|
||||
"ln", "-s", "/usr/local/bin/docker-compose", "/usr/bin/docker-compose",
|
||||
},
|
||||
})
|
||||
log.Info("docker-compose安装成功!")
|
||||
|
||||
return true, []string{
|
||||
"[installDockerComposeFromLocalExec] - docker-compose offline installation from local success!",
|
||||
"[InstallDockerComposeBastion] - docker-compose offline installation from local success!",
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1298,6 +1376,13 @@ func (op *AgentOsOperator) modifyDockerConfig(args []string) [][]string {
|
||||
|
||||
return modifyDockerConfigFunc
|
||||
}
|
||||
func (op *AgentOsOperator) ModifyDockerConfigBastion() (bool, []string) {
|
||||
|
||||
argList := []string{
|
||||
"127.0.0.1",
|
||||
}
|
||||
return op.modifyDockerConfigExec(argList)
|
||||
}
|
||||
|
||||
func (op *AgentOsOperator) modifyDockerConfigExec(args []string) (bool, []string) {
|
||||
|
||||
@@ -1723,6 +1808,8 @@ func (op *AgentOsOperator) checkHarborInstallExec() (bool, []string) {
|
||||
"[install harbor] - script do not support for aarch64 version of harbor installation !",
|
||||
}
|
||||
}
|
||||
|
||||
return true, nil
|
||||
}
|
||||
|
||||
// installHarborExec install harbor offline
|
||||
|
||||
Reference in New Issue
Block a user