From 3a29e6221dd3a80a1a4293b4bfa0da9f9fb5a22d Mon Sep 17 00:00:00 2001 From: zhaoyupeng Date: Fri, 28 Nov 2025 19:39:26 +0800 Subject: [PATCH] feat: add hs-net make wip: hs-net upsert.sh --- internal/controller/maker/hsnet.go | 185 +++++++++++++++++++++++++++-- pkg/resource/resource.go | 6 + pkg/resource/ssl/mqtt.client.crt | 12 ++ pkg/resource/ssl/mqtt.client.key | 8 ++ 4 files changed, 204 insertions(+), 7 deletions(-) create mode 100644 pkg/resource/ssl/mqtt.client.crt create mode 100644 pkg/resource/ssl/mqtt.client.key diff --git a/internal/controller/maker/hsnet.go b/internal/controller/maker/hsnet.go index 64cf31b..8a24b19 100644 --- a/internal/controller/maker/hsnet.go +++ b/internal/controller/maker/hsnet.go @@ -6,11 +6,13 @@ import ( "path/filepath" "gitea.loveuer.com/yizhisec/pkg3/logger" + "yizhisec.com/hsv2/forge/pkg/archiver" + "yizhisec.com/hsv2/forge/pkg/resource" ) func (m *maker) HSNet(ctx context.Context) error { const ( - service = `[Unit] + _service = `[Unit] Description=hs-net Container Service Documentation=https://docs.containerd.io After=network.target containerd.service @@ -18,6 +20,7 @@ After=network.target containerd.service [Service] # 启动前清理旧容器 # ExecStartPre=-/usr/local/bin/k0s ctr -n hs-net task kill hs-net +ExecStartPre=-/usr/local/bin/k0s ctr namespace create hs-net ExecStartPre=-/usr/local/bin/k0s ctr -n hs-net container rm hs-net # 拉取最新镜像(按需启用/注释) @@ -63,19 +66,187 @@ ExecStopPost=/usr/local/bin/k0s ctr -n hs-net container rm hs-net [Install] WantedBy=multi-user.target` + _conf_out = `log: + level: info +controller: + protocol: https + registerHost: hs-gateway-register-controller + host: hs-gateway-controller + port: 443 + tokenFilePath: /etc/yizhisec/token + registerRetry: 30 +wg: + private_key: qPfOaNKrV11kzaGQiNQNyiu6wMQGUpIM+/xqboVAnng= + private_network: 246.0.0.1/8 + listen_port: 23209 + mtu: 1300 + obf_key: 0 + keep_alive: 61 + tun_name: wg_tun +yosGuard: + host: __ip__ + port: 7788 +mqtt: + protocol: tls + host: mqtt.yizhisec.com + port: '443' + cert: /yizhisec/hs_net/conf/ssl/mqtt.client.crt + key: /yizhisec/hs_net/conf/ssl/mqtt.client.key + keep_alive: 60 +paseto_key: TtKVnSzEHO3jRv/GWg3f5k3H1OVfMnPZ1Ke9E6MSCXk= +resource_server: hs-gateway-controller +dns_cache: + Address: 127.0.0.1:9028 +gatewayVersionFile: /etc/yizhisec/gateway_version.json +lastVersion: null +workDir: /yizhisec/hs_net/workspace +eth_names: [] +tag: '' +cluster_mock: '' +openobserve_uri: '' +tcp_mode_disable: false +` + _conf_in = `{ + "LogLevel": "info", + "LogFile": "/yizhisec/hs_net/workspace/log/wireguard", + "DnsVirtNetwork": null, + "DnsVirtNetworkV6": null, + "Foreground": false, + "WithPprof": false, + "DnsCache": { + "Address": "127.0.0.1:9028" + }, + "log": { + "level": "info" + }, + "yosGuard": { + "host": "__ip__", + "port": 7788 + }, + "controller": { + "protocol": "https", + "host": "hs-gateway-controller", + "registerHost": "hs-gateway-register-controller", + "port": 443, + "registerRetry": 30, + "tokenFilePath": "/etc/yizhisec/token" + }, + "wg": { + "private_key": "qPfOaNKrV11kzaGQiNQNyiu6wMQGUpIM+/xqboVAnng=", + "private_network": "246.0.0.1/8", + "listen_port": 23209, + "mtu": 1380, + "obf_key": 0, + "keep_alive": 60, + "tun_name": "wg_tun" + }, + "mqtt": { + "protocol": "tls", + "host": "mqtt.yizhisec.com", + "port": 443, + "cert": "/yizhisec/hs_net/conf/ssl/mqtt.client.crt", + "key": "/yizhisec/hs_net/conf/ssl/mqtt.client.key", + "keep_alive": 60 + }, + "paseto_key": "TtKVnSzEHO3jRv/GWg3f5k3H1OVfMnPZ1Ke9E6MSCXk=", + "resource_server": "hs-gateway-controller", + "gatewayVersionFile": "/etc/yizhisec/gateway_version.json", + "lastVersion": null, + "workDir": "/yizhisec/hs_net/workspace", + "dns_cache": { + "Address": "127.0.0.1:9028" + } +} +` + + _url = "https://artifactory.yizhisec.com/artifactory/yizhisec-release/hs_net/release/2.1.0-std/package.tar.gz" ) var ( - err error - location = filepath.Join(m.workdir, "dependency", "hs-net") + err error + workdir = filepath.Join(m.workdir, "dependency", "hs_net") ) - if err = os.MkdirAll(location, 0755); err != nil { - logger.Error("MakeHSNet: 创建目录失败s") - logger.Debug("MakeHSNet: 创建目录失败: %s", err.Error()) + logger.Info("☑️ MakeHSNet: 开始构建 hs-net, workdir = %s", workdir) + + if err = os.MkdirAll(workdir, 0755); err != nil { + logger.Debug("❌ MakeHSNet: 创建目录失败: %s", err.Error()) return err } - logger.Fatal("MakeHSNet: 构建 hs-net 失败!!!(怎么完善,怎么完善,怎么完善???)") + if err = archiver.DownloadAndExtract(ctx, _url, workdir); err != nil { + logger.Debug("❌ MakeHSNet: 下载和解压失败: %s", err.Error()) + return err + } + + // mv workdir/package/server workdir/ + // mv workdir/package/server_aes workdir/ + if err = os.Rename(filepath.Join(workdir, "package", "server"), filepath.Join(workdir, "server")); err != nil { + logger.Debug("❌ MakeHSNet: 重命名文件失败: %s", err.Error()) + return err + } + if err = os.Rename(filepath.Join(workdir, "package", "server_aes"), filepath.Join(workdir, "server_aes")); err != nil { + logger.Debug("❌ MakeHSNet: 重命名文件失败: %s", err.Error()) + return err + } + + // write down conf_out to server.conf + if err = os.WriteFile(filepath.Join(workdir, "server.conf"), []byte(_conf_out), 0644); err != nil { + logger.Debug("❌ MakeHSNet: 写入配置文件失败: %s", err.Error()) + return err + } + + // write down conf_in to conf/server.conf + if err = os.MkdirAll(filepath.Join(workdir, "conf", "ssl"), 0755); err != nil { + logger.Debug("❌ MakeHSNet: 创建目录失败: %s", err.Error()) + return err + } + if err = os.WriteFile(filepath.Join(workdir, "conf", "server.conf"), []byte(_conf_in), 0644); err != nil { + logger.Debug("❌ MakeHSNet: 写入配置文件失败: %s", err.Error()) + return err + } + + // write resource.SSLMQTTClientCrt + if err = os.WriteFile(filepath.Join(workdir, "conf", "ssl", "mqtt.client.crt"), resource.SSLMQTTClientCrt, 0644); err != nil { + logger.Debug("❌ MakeHSNet: 写入配置文件失败: %s", err.Error()) + return err + } + if err = os.WriteFile(filepath.Join(workdir, "conf", "ssl", "mqtt.client.key"), resource.SSLMQTTClientKey, 0644); err != nil { + logger.Debug("❌ MakeHSNet: 写入配置文件失败: %s", err.Error()) + return err + } + + // mkdir workspace + if err = os.MkdirAll(filepath.Join(workdir, "workspace"), 0755); err != nil { + logger.Debug("❌ MakeHSNet: 创建目录失败: %s", err.Error()) + return err + } + + // new empty file lastVersion.txt + if err = os.WriteFile(filepath.Join(workdir, "lastVersion.txt"), []byte{}, 0644); err != nil { + logger.Debug("❌ MakeHSNet: 创建空文件失败: %s", err.Error()) + return err + } + + imgName := "hub.yizhisec.com/hybridscope/hsnet:release_2.1.0-std" + imgPath := filepath.Join(workdir, "hs-net.tar") + logger.Debug("☑️ MakeHSNet: 构建镜像 %s 到 %s", imgName, imgPath) + if err = m.Image(ctx, imgName, WithImageSave(imgPath), WithImageForcePull(true)); err != nil { + logger.Debug("❌ MakeHSNet: 构建镜像失败: %s", err.Error()) + return err + } + logger.Debug("✅ MakeHSNet: 构建镜像 %s 到 %s 成功", imgName, imgPath) + + // write hs-net.service + if err = os.WriteFile(filepath.Join(workdir, "hs-net.service"), []byte(_service), 0644); err != nil { + logger.Debug("❌ MakeHSNet: 写入服务文件失败: %s", err.Error()) + return err + } + + // todo upsert.sh + // todo /etc/yizhisec/token + // todo mkdir /mnt/huge + + logger.Info("✅ MakeHSNet: 构建 hs-net 成功, workdir = %s", workdir) return nil } diff --git a/pkg/resource/resource.go b/pkg/resource/resource.go index 3f95bbd..359bb65 100644 --- a/pkg/resource/resource.go +++ b/pkg/resource/resource.go @@ -86,6 +86,12 @@ var ( //go:embed ssl/mqtt.server.key SSLMQTTServerKey string + //go:embed ssl/mqtt.client.crt + SSLMQTTClientCrt []byte + + //go:embed ssl/mqtt.client.key + SSLMQTTClientKey []byte + //go:embed ssl/server.crt SSLServerCrt string diff --git a/pkg/resource/ssl/mqtt.client.crt b/pkg/resource/ssl/mqtt.client.crt new file mode 100644 index 0000000..be33d43 --- /dev/null +++ b/pkg/resource/ssl/mqtt.client.crt @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIBvDCCAWOgAwIBAgIBATAKBggqhkjOPQQDAjBNMQswCQYDVQQGEwJDTjESMBAG +A1UECAwJR3Vhbmdkb25nMRIwEAYDVQQHDAlHdWFuZ3pob3UxFjAUBgNVBAoMDVlp +WmhpIFJvb3QgQ0EwHhcNMjMxMjEwMTU0MzU0WhcNMzMxMjA3MTU0MzU0WjBhMQsw +CQYDVQQGEwJDTjESMBAGA1UECAwJR3Vhbmdkb25nMRIwEAYDVQQHDAlHdWFuZ3po +b3UxDjAMBgNVBAoMBVlpWmhpMRowGAYDVQQDDBFtcXR0Lnlpemhpc2VjLmNvbTBZ +MBMGByqGSM49AgEGCCqGSM49AwEHA0IABGOtQocjlPkUHD5opIt/V4tIQw0QSjJL +G9q+OkUEWil40ZNc9au3zbl78lZfZqiT92+s4qWSl0LNoLQEJ06WXxOjIDAeMBwG +A1UdEQQVMBOCEW1xdHQueWl6aGlzZWMuY29tMAoGCCqGSM49BAMCA0cAMEQCICOs +mhP29LIAuJJtYYsMwi21oGZlhI5pXVXu/R0VbLpDAiBvYkEq3A9UA5jRYwq2YXo4 +fEbcPuEWU0LFZ6RN4dTebA== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/pkg/resource/ssl/mqtt.client.key b/pkg/resource/ssl/mqtt.client.key new file mode 100644 index 0000000..7dae95f --- /dev/null +++ b/pkg/resource/ssl/mqtt.client.key @@ -0,0 +1,8 @@ +-----BEGIN EC PARAMETERS----- +BggqhkjOPQMBBw== +-----END EC PARAMETERS----- +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEICWabo6fxyjFq2CgDjLCvecNWLoNPWVxL5oM3ugG08NxoAoGCCqGSM49 +AwEHoUQDQgAEY61ChyOU+RQcPmiki39Xi0hDDRBKMksb2r46RQRaKXjRk1z1q7fN +uXvyVl9mqJP3b6zipZKXQs2gtAQnTpZfEw== +-----END EC PRIVATE KEY----- \ No newline at end of file