177 lines
7.5 KiB
Go
177 lines
7.5 KiB
Go
package maker
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"os"
|
|
"path/filepath"
|
|
"strings"
|
|
|
|
"gitea.loveuer.com/yizhisec/pkg3/logger"
|
|
"yizhisec.com/hsv2/forge/internal/opt"
|
|
"yizhisec.com/hsv2/forge/pkg/resource"
|
|
)
|
|
|
|
func (m *maker) AppNginx(ctx context.Context, version string, vendor string, replica int, inlcudeImage bool) error {
|
|
const (
|
|
_upsert = `#!/bin/bash
|
|
|
|
kubectl create configmap nginx-main --namespace hsv2 --from-file=nginx.conf=./conf/nginx.conf --dry-run=client -o yaml | kubectl apply -f -
|
|
kubectl create configmap nginx-user --namespace hsv2 --from-file=user.conf=./conf/user.conf --dry-run=client -o yaml | kubectl apply -f -
|
|
kubectl create configmap nginx-gateway --namespace hsv2 --from-file=gateway.conf=./conf/gateway.conf --dry-run=client -o yaml | kubectl apply -f -
|
|
kubectl create configmap nginx-web --namespace hsv2 --from-file=web.conf=./conf/web.conf --dry-run=client -o yaml | kubectl apply -f -
|
|
kubectl create configmap nginx-client --namespace hsv2 --from-file=client.conf=./conf/client.conf --dry-run=client -o yaml | kubectl apply -f -
|
|
kubectl create configmap nginx-common --namespace hsv2 --from-file=common.conf=./conf/common.conf --dry-run=client -o yaml | kubectl apply -f -
|
|
%s
|
|
|
|
kubectl create configmap ssl-ca-crt --namespace hsv2 --from-file=ca.crt=./ssl/ca.crt --dry-run=client -o yaml | kubectl apply -f -
|
|
kubectl create configmap ssl-ffdhe2048 --namespace hsv2 --from-file=ffdhe2048.txt=./ssl/ffdhe2048.txt --dry-run=client -o yaml | kubectl apply -f -
|
|
|
|
kubectl create configmap ssl-server-crt --namespace hsv2 --from-file=server.crt=./ssl/server.crt --dry-run=client -o yaml | kubectl apply -f -
|
|
kubectl create configmap ssl-server-key --namespace hsv2 --from-file=server.key=./ssl/server.key --dry-run=client -o yaml | kubectl apply -f -
|
|
|
|
kubectl create configmap ssl-mqtt-crt --namespace hsv2 --from-file=mqtt.server.crt=./ssl/mqtt.server.crt --dry-run=client -o yaml | kubectl apply -f -
|
|
kubectl create configmap ssl-mqtt-key --namespace hsv2 --from-file=mqtt.server.key=./ssl/mqtt.server.key --dry-run=client -o yaml | kubectl apply -f -
|
|
|
|
kubectl create configmap ssl-client-server-crt --namespace hsv2 --from-file=client.server.crt=./ssl/client.server.crt --dry-run=client -o yaml | kubectl apply -f -
|
|
kubectl create configmap ssl-client-server-key --namespace hsv2 --from-file=client.server.key=./ssl/client.server.key --dry-run=client -o yaml | kubectl apply -f -
|
|
|
|
kubectl create configmap ssl-web-server-crt --namespace hsv2 --from-file=web.server.crt=./ssl/web.server.crt --dry-run=client -o yaml | kubectl apply -f -
|
|
kubectl create configmap ssl-web-server-key --namespace hsv2 --from-file=web.server.key=./ssl/web.server.key --dry-run=client -o yaml | kubectl apply -f -
|
|
|
|
kubectl apply -f deployment.yaml
|
|
kubectl rollout restart deployment nginx-deployment -n hsv2`
|
|
)
|
|
var (
|
|
err error
|
|
workdir = filepath.Join(m.workdir, "app", "nginx")
|
|
applySeafile = "kubectl create configmap nginx-seafile --namespace hsv2 --from-file=seafile.conf=./conf/seafile.conf --dry-run=client -o yaml | kubectl apply -f -"
|
|
)
|
|
|
|
logger.Info("☑️ maker.AppNginx: 开始构建 nginx, version = %s, vendor = %s, workdir = %s", version, vendor, workdir)
|
|
|
|
logger.Debug("☑️ maker.AppNginx: 创建工作目录 = %s", workdir)
|
|
_ = os.RemoveAll(workdir)
|
|
if err = os.MkdirAll(workdir, 0755); err != nil {
|
|
return err
|
|
}
|
|
logger.Debug("✅ maker.AppNginx: 创建工作目录成功 = %s", workdir)
|
|
|
|
if inlcudeImage {
|
|
logger.Debug("☑️ maker.AppNginx: start pull image = %s", opt.IMAGE_NGINX)
|
|
if err = m.Image(ctx, opt.IMAGE_NGINX, WithImageSave(filepath.Join(workdir, "nginx.tar"))); err != nil {
|
|
logger.Debug("❌ maker.AppNginx: 拉取镜像失败: %v", err)
|
|
return err
|
|
}
|
|
logger.Debug("✅ maker.AppNginx: pull image success = %s", opt.IMAGE_NGINX)
|
|
|
|
tag := strings.Split(opt.IMAGE_NGINX, ":")[1]
|
|
logger.Debug("☑️ maker.AppNginx: write tag.txt = %s", tag)
|
|
if err = os.WriteFile(filepath.Join(workdir, "tag.txt"), []byte(tag), 0644); err != nil {
|
|
logger.Debug("❌ maker.AppNginx: 写入 tag.txt 失败: %v", err)
|
|
return err
|
|
}
|
|
}
|
|
|
|
// 子目录: conf 与 ssl
|
|
confDir := filepath.Join(workdir, "conf")
|
|
sslDir := filepath.Join(workdir, "ssl")
|
|
|
|
logger.Debug(" ☑️ maker.AppNginx: 创建 conf 与 ssl 子目录")
|
|
if err = os.MkdirAll(confDir, 0755); err != nil {
|
|
logger.Debug("❌ maker.AppNginx: 创建 conf 目录失败: %v", err)
|
|
return err
|
|
}
|
|
if err = os.MkdirAll(sslDir, 0755); err != nil {
|
|
logger.Debug("❌ maker.AppNginx: 创建 ssl 目录失败: %v", err)
|
|
return err
|
|
}
|
|
logger.Debug("✅ maker.AppNginx: 创建 conf 与 ssl 子目录成功")
|
|
|
|
// 写入 nginx 配置文件到 conf 子目录(列表 + for 循环)
|
|
logger.Debug(" ☑️ maker.AppNginx: 写入 nginx 配置文件到 conf 子目录")
|
|
confFiles := []struct {
|
|
name string
|
|
content []byte
|
|
}{
|
|
{"nginx.conf", resource.NGINXMain},
|
|
{"user.conf", resource.NGINXUser},
|
|
{"gateway.conf", resource.NGINXGateway},
|
|
{"web.conf", resource.NGINXWeb},
|
|
{"client.conf", resource.NGINXClient},
|
|
{"common.conf", resource.NGINXCommon},
|
|
}
|
|
|
|
// vendor != elink, append seafile conf
|
|
if vendor != "elink" {
|
|
confFiles = append(confFiles, struct {
|
|
name string
|
|
content []byte
|
|
}{
|
|
"seafile.conf", resource.NGINXSeafile,
|
|
})
|
|
}
|
|
|
|
for _, f := range confFiles {
|
|
dest := filepath.Join(confDir, f.name)
|
|
if err = os.WriteFile(dest, f.content, 0644); err != nil {
|
|
logger.Debug("❌ maker.AppNginx: 写入 %s 失败: %v", f.name, err)
|
|
return err
|
|
}
|
|
logger.Debug("✅ maker.AppNginx: 写入 %s 成功, dest = %s", f.name, dest)
|
|
}
|
|
logger.Debug("✅ maker.AppNginx: 写入 nginx 配置文件成功")
|
|
|
|
// 写入 ssl 文件到 ssl 子目录
|
|
logger.Debug(" ☑️ maker.AppNginx: 写入 SSL 证书与密钥到 ssl 子目录")
|
|
sslFiles := []struct{ name, content string }{
|
|
{"ffdhe2048.txt", resource.SSLFFDHE2048},
|
|
{"ca.crt", resource.SSLCaCrt},
|
|
{"server.crt", resource.SSLServerCrt},
|
|
{"server.key", resource.SSLServerKey},
|
|
{"mqtt.server.crt", resource.SSLMQTTServerCrt},
|
|
{"mqtt.server.key", resource.SSLMQTTServerKey},
|
|
{"client.server.crt", resource.SSLClientServerCrt},
|
|
{"client.server.key", resource.SSLClientServerKey},
|
|
{"web.server.crt", resource.SSLWebServerCrt},
|
|
{"web.server.key", resource.SSLWebServerKey},
|
|
}
|
|
for _, f := range sslFiles {
|
|
dest := filepath.Join(sslDir, f.name)
|
|
if err = os.WriteFile(dest, []byte(f.content), 0644); err != nil {
|
|
logger.Debug("❌ maker.AppNginx: 写入 %s 失败: %v", f.name, err)
|
|
return err
|
|
}
|
|
logger.Debug("✅ maker.AppNginx: 写入 %s 成功, dest = %s", f.name, dest)
|
|
}
|
|
|
|
// write nginx deployment yaml
|
|
dest := filepath.Join(workdir, "deployment.yaml")
|
|
content := []byte(fmt.Sprintf(resource.YAMLAppNGINX, replica))
|
|
if err = os.WriteFile(dest, content, 0644); err != nil {
|
|
logger.Debug("❌ maker.AppNginx: 写入 deployment.yaml 失败: %v", err)
|
|
return err
|
|
}
|
|
logger.Debug("✅ maker.AppNginx: 写入 deployment.yaml 成功, dest = %s", dest)
|
|
|
|
// write nginx upsert script
|
|
dest = filepath.Join(workdir, "upsert.sh")
|
|
if vendor == "elink" {
|
|
applySeafile = ""
|
|
}
|
|
content = []byte(fmt.Sprintf(_upsert, applySeafile))
|
|
if err = os.WriteFile(dest, content, 0755); err != nil {
|
|
logger.Debug("❌ maker.AppNginx: 写入 upsert.sh 失败: %v", err)
|
|
return err
|
|
}
|
|
logger.Debug("✅ maker.AppNginx: 写入 upsert.sh 成功, dest = %s", dest)
|
|
|
|
if err = os.WriteFile(filepath.Join(workdir, "version.txt"), []byte(version), 0644); err != nil {
|
|
logger.Debug("❌ maker.AppNginx: 写入 version.txt 失败: %v", err)
|
|
return err
|
|
}
|
|
|
|
logger.Info("✅ maker.AppNginx: nginx 构建完成, version = %s, vendor = %s", version, vendor)
|
|
return nil
|
|
}
|