feat: add hs-net make

wip: hs-net upsert.sh

internal/controller/maker/hsnet.go

@@ -6,11 +6,13 @@ import (
 	"path/filepath"
 
 	"gitea.loveuer.com/yizhisec/pkg3/logger"
+	"yizhisec.com/hsv2/forge/pkg/archiver"
+	"yizhisec.com/hsv2/forge/pkg/resource"
 )
 
 func (m *maker) HSNet(ctx context.Context) error {
 	const (
-		service = `[Unit]
+		_service = `[Unit]
 Description=hs-net Container Service
 Documentation=https://docs.containerd.io
 After=network.target containerd.service
@@ -18,6 +20,7 @@ After=network.target containerd.service
 [Service]
 # 启动前清理旧容器
 # ExecStartPre=-/usr/local/bin/k0s ctr -n hs-net task kill hs-net
+ExecStartPre=-/usr/local/bin/k0s ctr namespace create hs-net
 ExecStartPre=-/usr/local/bin/k0s ctr -n hs-net container rm  hs-net
 
 # 拉取最新镜像（按需启用/注释）
@@ -63,19 +66,187 @@ ExecStopPost=/usr/local/bin/k0s ctr -n hs-net container rm hs-net
 
 [Install]
 WantedBy=multi-user.target`
+		_conf_out = `log:
+  level: info
+controller:
+  protocol: https
+  registerHost: hs-gateway-register-controller
+  host: hs-gateway-controller
+  port: 443
+  tokenFilePath: /etc/yizhisec/token
+  registerRetry: 30
+wg:
+  private_key: qPfOaNKrV11kzaGQiNQNyiu6wMQGUpIM+/xqboVAnng=
+  private_network: 246.0.0.1/8
+  listen_port: 23209
+  mtu: 1300
+  obf_key: 0
+  keep_alive: 61
+  tun_name: wg_tun
+yosGuard:
+  host: __ip__
+  port: 7788
+mqtt:
+  protocol: tls
+  host: mqtt.yizhisec.com
+  port: '443'
+  cert: /yizhisec/hs_net/conf/ssl/mqtt.client.crt
+  key: /yizhisec/hs_net/conf/ssl/mqtt.client.key
+  keep_alive: 60
+paseto_key: TtKVnSzEHO3jRv/GWg3f5k3H1OVfMnPZ1Ke9E6MSCXk=
+resource_server: hs-gateway-controller
+dns_cache:
+  Address: 127.0.0.1:9028
+gatewayVersionFile: /etc/yizhisec/gateway_version.json
+lastVersion: null
+workDir: /yizhisec/hs_net/workspace
+eth_names: []
+tag: ''
+cluster_mock: ''
+openobserve_uri: ''
+tcp_mode_disable: false
+`
+		_conf_in = `{
+  "LogLevel": "info",
+  "LogFile": "/yizhisec/hs_net/workspace/log/wireguard",
+  "DnsVirtNetwork": null,
+  "DnsVirtNetworkV6": null,
+  "Foreground": false,
+  "WithPprof": false,
+  "DnsCache": {
+    "Address": "127.0.0.1:9028"
+  },
+  "log": {
+    "level": "info"
+  },
+  "yosGuard": {
+    "host": "__ip__",
+    "port": 7788
+  },
+  "controller": {
+    "protocol": "https",
+    "host": "hs-gateway-controller",
+    "registerHost": "hs-gateway-register-controller",
+    "port": 443,
+    "registerRetry": 30,
+    "tokenFilePath": "/etc/yizhisec/token"
+  },
+  "wg": {
+    "private_key": "qPfOaNKrV11kzaGQiNQNyiu6wMQGUpIM+/xqboVAnng=",
+    "private_network": "246.0.0.1/8",
+    "listen_port": 23209,
+    "mtu": 1380,
+    "obf_key": 0,
+    "keep_alive": 60,
+    "tun_name": "wg_tun"
+  },
+  "mqtt": {
+    "protocol": "tls",
+    "host": "mqtt.yizhisec.com",
+    "port": 443,
+    "cert": "/yizhisec/hs_net/conf/ssl/mqtt.client.crt",
+    "key": "/yizhisec/hs_net/conf/ssl/mqtt.client.key",
+    "keep_alive": 60
+  },
+  "paseto_key": "TtKVnSzEHO3jRv/GWg3f5k3H1OVfMnPZ1Ke9E6MSCXk=",
+  "resource_server": "hs-gateway-controller",
+  "gatewayVersionFile": "/etc/yizhisec/gateway_version.json",
+  "lastVersion": null,
+  "workDir": "/yizhisec/hs_net/workspace",
+  "dns_cache": {
+    "Address": "127.0.0.1:9028"
+  }
+}
+`
+
+		_url = "https://artifactory.yizhisec.com/artifactory/yizhisec-release/hs_net/release/2.1.0-std/package.tar.gz"
 	)
 	var (
-		err      error
+		err     error
-		location = filepath.Join(m.workdir, "dependency", "hs-net")
+		workdir = filepath.Join(m.workdir, "dependency", "hs_net")
 	)
 
-	if err = os.MkdirAll(location, 0755); err != nil {
+	logger.Info("☑️ MakeHSNet: 开始构建 hs-net, workdir = %s", workdir)
-		logger.Error("MakeHSNet: 创建目录失败s")
+
-		logger.Debug("MakeHSNet: 创建目录失败: %s", err.Error())
+	if err = os.MkdirAll(workdir, 0755); err != nil {
+		logger.Debug("❌ MakeHSNet: 创建目录失败: %s", err.Error())
 		return err
 	}
 
-	logger.Fatal("MakeHSNet: 构建 hs-net 失败!!!(怎么完善,怎么完善,怎么完善???)")
+	if err = archiver.DownloadAndExtract(ctx, _url, workdir); err != nil {
+		logger.Debug("❌ MakeHSNet: 下载和解压失败: %s", err.Error())
+		return err
+	}
+
+	// mv workdir/package/server workdir/
+	// mv workdir/package/server_aes workdir/
+	if err = os.Rename(filepath.Join(workdir, "package", "server"), filepath.Join(workdir, "server")); err != nil {
+		logger.Debug("❌ MakeHSNet: 重命名文件失败: %s", err.Error())
+		return err
+	}
+	if err = os.Rename(filepath.Join(workdir, "package", "server_aes"), filepath.Join(workdir, "server_aes")); err != nil {
+		logger.Debug("❌ MakeHSNet: 重命名文件失败: %s", err.Error())
+		return err
+	}
+
+	// write down conf_out to server.conf
+	if err = os.WriteFile(filepath.Join(workdir, "server.conf"), []byte(_conf_out), 0644); err != nil {
+		logger.Debug("❌ MakeHSNet: 写入配置文件失败: %s", err.Error())
+		return err
+	}
+
+	// write down conf_in to conf/server.conf
+	if err = os.MkdirAll(filepath.Join(workdir, "conf", "ssl"), 0755); err != nil {
+		logger.Debug("❌ MakeHSNet: 创建目录失败: %s", err.Error())
+		return err
+	}
+	if err = os.WriteFile(filepath.Join(workdir, "conf", "server.conf"), []byte(_conf_in), 0644); err != nil {
+		logger.Debug("❌ MakeHSNet: 写入配置文件失败: %s", err.Error())
+		return err
+	}
+
+	// write resource.SSLMQTTClientCrt
+	if err = os.WriteFile(filepath.Join(workdir, "conf", "ssl", "mqtt.client.crt"), resource.SSLMQTTClientCrt, 0644); err != nil {
+		logger.Debug("❌ MakeHSNet: 写入配置文件失败: %s", err.Error())
+		return err
+	}
+	if err = os.WriteFile(filepath.Join(workdir, "conf", "ssl", "mqtt.client.key"), resource.SSLMQTTClientKey, 0644); err != nil {
+		logger.Debug("❌ MakeHSNet: 写入配置文件失败: %s", err.Error())
+		return err
+	}
+
+	// mkdir workspace
+	if err = os.MkdirAll(filepath.Join(workdir, "workspace"), 0755); err != nil {
+		logger.Debug("❌ MakeHSNet: 创建目录失败: %s", err.Error())
+		return err
+	}
+
+	// new empty file lastVersion.txt
+	if err = os.WriteFile(filepath.Join(workdir, "lastVersion.txt"), []byte{}, 0644); err != nil {
+		logger.Debug("❌ MakeHSNet: 创建空文件失败: %s", err.Error())
+		return err
+	}
+
+	imgName := "hub.yizhisec.com/hybridscope/hsnet:release_2.1.0-std"
+	imgPath := filepath.Join(workdir, "hs-net.tar")
+	logger.Debug("☑️ MakeHSNet: 构建镜像 %s 到 %s", imgName, imgPath)
+	if err = m.Image(ctx, imgName, WithImageSave(imgPath), WithImageForcePull(true)); err != nil {
+		logger.Debug("❌ MakeHSNet: 构建镜像失败: %s", err.Error())
+		return err
+	}
+	logger.Debug("✅ MakeHSNet: 构建镜像 %s 到 %s 成功", imgName, imgPath)
+
+	// write hs-net.service
+	if err = os.WriteFile(filepath.Join(workdir, "hs-net.service"), []byte(_service), 0644); err != nil {
+		logger.Debug("❌ MakeHSNet: 写入服务文件失败: %s", err.Error())
+		return err
+	}
+
+	// todo upsert.sh
+	// todo /etc/yizhisec/token
+	// todo mkdir /mnt/huge
+
+	logger.Info("✅ MakeHSNet: 构建 hs-net 成功, workdir = %s", workdir)
 
 	return nil
 }

pkg/resource/resource.go

@@ -86,6 +86,12 @@ var (
 	//go:embed ssl/mqtt.server.key
 	SSLMQTTServerKey string
 
+	//go:embed ssl/mqtt.client.crt
+	SSLMQTTClientCrt []byte
+
+	//go:embed ssl/mqtt.client.key
+	SSLMQTTClientKey []byte
+
 	//go:embed ssl/server.crt
 	SSLServerCrt string
 

pkg/resource/ssl/mqtt.client.crt

@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE-----
+MIIBvDCCAWOgAwIBAgIBATAKBggqhkjOPQQDAjBNMQswCQYDVQQGEwJDTjESMBAG
+A1UECAwJR3Vhbmdkb25nMRIwEAYDVQQHDAlHdWFuZ3pob3UxFjAUBgNVBAoMDVlp
+WmhpIFJvb3QgQ0EwHhcNMjMxMjEwMTU0MzU0WhcNMzMxMjA3MTU0MzU0WjBhMQsw
+CQYDVQQGEwJDTjESMBAGA1UECAwJR3Vhbmdkb25nMRIwEAYDVQQHDAlHdWFuZ3po
+b3UxDjAMBgNVBAoMBVlpWmhpMRowGAYDVQQDDBFtcXR0Lnlpemhpc2VjLmNvbTBZ
+MBMGByqGSM49AgEGCCqGSM49AwEHA0IABGOtQocjlPkUHD5opIt/V4tIQw0QSjJL
+G9q+OkUEWil40ZNc9au3zbl78lZfZqiT92+s4qWSl0LNoLQEJ06WXxOjIDAeMBwG
+A1UdEQQVMBOCEW1xdHQueWl6aGlzZWMuY29tMAoGCCqGSM49BAMCA0cAMEQCICOs
+mhP29LIAuJJtYYsMwi21oGZlhI5pXVXu/R0VbLpDAiBvYkEq3A9UA5jRYwq2YXo4
+fEbcPuEWU0LFZ6RN4dTebA==
+-----END CERTIFICATE-----

pkg/resource/ssl/mqtt.client.key

@@ -0,0 +1,8 @@
+-----BEGIN EC PARAMETERS-----
+BggqhkjOPQMBBw==
+-----END EC PARAMETERS-----
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEICWabo6fxyjFq2CgDjLCvecNWLoNPWVxL5oM3ugG08NxoAoGCCqGSM49
+AwEHoUQDQgAEY61ChyOU+RQcPmiki39Xi0hDDRBKMksb2r46RQRaKXjRk1z1q7fN
+uXvyVl9mqJP3b6zipZKXQs2gtAQnTpZfEw==
+-----END EC PRIVATE KEY-----