mirror of
https://github.com/TeaOSLab/EdgeAPI.git
synced 2025-11-04 07:50:25 +08:00
创建集群时自动创建缓存策略和WAF策略
This commit is contained in:
GoEdgeLab
@@ -156,6 +156,44 @@ func (this *HTTPCachePolicyDAO) CreateCachePolicy(tx *dbs.Tx, isOn bool, name st
|
||||
return types.Int64(op.Id), nil
|
||||
}
|
||||
|
||||
// CreateDefaultCachePolicy 创建默认的缓存策略
|
||||
func (this *HTTPCachePolicyDAO) CreateDefaultCachePolicy(tx *dbs.Tx, name string) (int64, error) {
|
||||
var capacity = &shared.SizeCapacity{
|
||||
Count: 64,
|
||||
Unit: shared.SizeCapacityUnitGB,
|
||||
}
|
||||
capacityJSON, err := capacity.AsJSON()
|
||||
if err != nil {
|
||||
return 0, err
|
||||
}
|
||||
|
||||
var maxSize = &shared.SizeCapacity{
|
||||
Count: 256,
|
||||
Unit: shared.SizeCapacityUnitMB,
|
||||
}
|
||||
if err != nil {
|
||||
return 0, err
|
||||
}
|
||||
maxSizeJSON, err := maxSize.AsJSON()
|
||||
if err != nil {
|
||||
return 0, err
|
||||
}
|
||||
|
||||
var storageOptions = &serverconfigs.HTTPFileCacheStorage{
|
||||
Dir: "/opt/cache",
|
||||
}
|
||||
storageOptionsJSON, err := json.Marshal(storageOptions)
|
||||
if err != nil {
|
||||
return 0, err
|
||||
}
|
||||
|
||||
policyId, err := this.CreateCachePolicy(tx, true, "\""+name+"\"缓存策略", "默认创建的缓存策略", capacityJSON, 0, maxSizeJSON, serverconfigs.CachePolicyStorageFile, storageOptionsJSON)
|
||||
if err != nil {
|
||||
return 0, err
|
||||
}
|
||||
return policyId, nil
|
||||
}
|
||||
|
||||
// UpdateCachePolicy 修改缓存策略
|
||||
func (this *HTTPCachePolicyDAO) UpdateCachePolicy(tx *dbs.Tx, policyId int64, isOn bool, name string, description string, capacityJSON []byte, maxKeys int64, maxSizeJSON []byte, storageType string, storageOptionsJSON []byte) error {
|
||||
if policyId <= 0 {
|
||||
|
||||
@@ -7,6 +7,7 @@ import (
|
||||
_ "github.com/go-sql-driver/mysql"
|
||||
"github.com/iwind/TeaGo/Tea"
|
||||
"github.com/iwind/TeaGo/dbs"
|
||||
"github.com/iwind/TeaGo/lists"
|
||||
"github.com/iwind/TeaGo/maps"
|
||||
"github.com/iwind/TeaGo/types"
|
||||
)
|
||||
@@ -113,8 +114,73 @@ func (this *HTTPFirewallPolicyDAO) CreateFirewallPolicy(tx *dbs.Tx, userId int64
|
||||
return types.Int64(op.Id), err
|
||||
}
|
||||
|
||||
// CreateDefaultFirewallPolicy 创建默认的WAF策略
|
||||
func (this *HTTPFirewallPolicyDAO) CreateDefaultFirewallPolicy(tx *dbs.Tx, name string) (int64, error) {
|
||||
policyId, err := this.CreateFirewallPolicy(tx, 0, 0, true, "\""+name+"\"WAF策略", "默认创建的WAF策略", nil, nil)
|
||||
if err != nil {
|
||||
return 0, err
|
||||
}
|
||||
|
||||
// 初始化
|
||||
var groupCodes = []string{}
|
||||
|
||||
templatePolicy := firewallconfigs.HTTPFirewallTemplate()
|
||||
for _, group := range templatePolicy.AllRuleGroups() {
|
||||
groupCodes = append(groupCodes, group.Code)
|
||||
}
|
||||
|
||||
inboundConfig := &firewallconfigs.HTTPFirewallInboundConfig{IsOn: true}
|
||||
outboundConfig := &firewallconfigs.HTTPFirewallOutboundConfig{IsOn: true}
|
||||
if templatePolicy.Inbound != nil {
|
||||
for _, group := range templatePolicy.Inbound.Groups {
|
||||
isOn := lists.ContainsString(groupCodes, group.Code)
|
||||
group.IsOn = isOn
|
||||
|
||||
groupId, err := SharedHTTPFirewallRuleGroupDAO.CreateGroupFromConfig(tx, group)
|
||||
if err != nil {
|
||||
return 0, err
|
||||
}
|
||||
inboundConfig.GroupRefs = append(inboundConfig.GroupRefs, &firewallconfigs.HTTPFirewallRuleGroupRef{
|
||||
IsOn: true,
|
||||
GroupId: groupId,
|
||||
})
|
||||
}
|
||||
}
|
||||
if templatePolicy.Outbound != nil {
|
||||
for _, group := range templatePolicy.Outbound.Groups {
|
||||
isOn := lists.ContainsString(groupCodes, group.Code)
|
||||
group.IsOn = isOn
|
||||
|
||||
groupId, err := SharedHTTPFirewallRuleGroupDAO.CreateGroupFromConfig(tx, group)
|
||||
if err != nil {
|
||||
return 0, err
|
||||
}
|
||||
outboundConfig.GroupRefs = append(outboundConfig.GroupRefs, &firewallconfigs.HTTPFirewallRuleGroupRef{
|
||||
IsOn: true,
|
||||
GroupId: groupId,
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
inboundConfigJSON, err := json.Marshal(inboundConfig)
|
||||
if err != nil {
|
||||
return 0, err
|
||||
}
|
||||
|
||||
outboundConfigJSON, err := json.Marshal(outboundConfig)
|
||||
if err != nil {
|
||||
return 0, err
|
||||
}
|
||||
|
||||
err = this.UpdateFirewallPolicyInboundAndOutbound(tx, policyId, inboundConfigJSON, outboundConfigJSON, false)
|
||||
if err != nil {
|
||||
return 0, err
|
||||
}
|
||||
return policyId, nil
|
||||
}
|
||||
|
||||
// UpdateFirewallPolicyInboundAndOutbound 修改策略的Inbound和Outbound
|
||||
func (this *HTTPFirewallPolicyDAO) UpdateFirewallPolicyInboundAndOutbound(tx *dbs.Tx, policyId int64, inboundJSON []byte, outboundJSON []byte) error {
|
||||
func (this *HTTPFirewallPolicyDAO) UpdateFirewallPolicyInboundAndOutbound(tx *dbs.Tx, policyId int64, inboundJSON []byte, outboundJSON []byte, shouldNotify bool) error {
|
||||
if policyId <= 0 {
|
||||
return errors.New("invalid policyId")
|
||||
}
|
||||
@@ -135,7 +201,11 @@ func (this *HTTPFirewallPolicyDAO) UpdateFirewallPolicyInboundAndOutbound(tx *db
|
||||
return err
|
||||
}
|
||||
|
||||
return this.NotifyUpdate(tx, policyId)
|
||||
if shouldNotify {
|
||||
return this.NotifyUpdate(tx, policyId)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// UpdateFirewallPolicyInbound 修改策略的Inbound
|
||||
|
||||
@@ -109,7 +109,7 @@ func (this *HTTPFirewallPolicyService) CreateHTTPFirewallPolicy(ctx context.Cont
|
||||
return nil, err
|
||||
}
|
||||
|
||||
err = models.SharedHTTPFirewallPolicyDAO.UpdateFirewallPolicyInboundAndOutbound(tx, policyId, inboundConfigJSON, outboundConfigJSON)
|
||||
err = models.SharedHTTPFirewallPolicyDAO.UpdateFirewallPolicyInboundAndOutbound(tx, policyId, inboundConfigJSON, outboundConfigJSON, false)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@@ -155,7 +155,7 @@ func (this *HTTPFirewallPolicyService) CreateEmptyHTTPFirewallPolicy(ctx context
|
||||
return nil, err
|
||||
}
|
||||
|
||||
err = models.SharedHTTPFirewallPolicyDAO.UpdateFirewallPolicyInboundAndOutbound(tx, policyId, inboundConfigJSON, outboundConfigJSON)
|
||||
err = models.SharedHTTPFirewallPolicyDAO.UpdateFirewallPolicyInboundAndOutbound(tx, policyId, inboundConfigJSON, outboundConfigJSON, false)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@@ -308,7 +308,7 @@ func (this *HTTPFirewallPolicyService) UpdateHTTPFirewallPolicyGroups(ctx contex
|
||||
|
||||
tx := this.NullTx()
|
||||
|
||||
err = models.SharedHTTPFirewallPolicyDAO.UpdateFirewallPolicyInboundAndOutbound(tx, req.HttpFirewallPolicyId, req.InboundJSON, req.OutboundJSON)
|
||||
err = models.SharedHTTPFirewallPolicyDAO.UpdateFirewallPolicyInboundAndOutbound(tx, req.HttpFirewallPolicyId, req.InboundJSON, req.OutboundJSON, true)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@@ -624,7 +624,7 @@ func (this *HTTPFirewallPolicyService) ImportHTTPFirewallPolicy(ctx context.Cont
|
||||
return nil, err
|
||||
}
|
||||
|
||||
err = models.SharedHTTPFirewallPolicyDAO.UpdateFirewallPolicyInboundAndOutbound(tx, req.HttpFirewallPolicyId, inboundJSON, outboundJSON)
|
||||
err = models.SharedHTTPFirewallPolicyDAO.UpdateFirewallPolicyInboundAndOutbound(tx, req.HttpFirewallPolicyId, inboundJSON, outboundJSON, true)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
@@ -30,6 +30,7 @@ func (this *NodeClusterService) CreateNodeCluster(ctx context.Context, req *pb.C
|
||||
return nil, err
|
||||
}
|
||||
|
||||
// 系统服务
|
||||
systemServices := map[string]maps.Map{}
|
||||
if len(req.SystemServicesJSON) > 0 {
|
||||
err = json.Unmarshal(req.SystemServicesJSON, &systemServices)
|
||||
@@ -40,6 +41,24 @@ func (this *NodeClusterService) CreateNodeCluster(ctx context.Context, req *pb.C
|
||||
|
||||
var clusterId int64
|
||||
err = this.RunTx(func(tx *dbs.Tx) error {
|
||||
// 缓存策略
|
||||
if req.HttpCachePolicyId <= 0 {
|
||||
policyId, err := models.SharedHTTPCachePolicyDAO.CreateDefaultCachePolicy(tx, req.Name)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
req.HttpCachePolicyId = policyId
|
||||
}
|
||||
|
||||
// WAF策略
|
||||
if req.HttpFirewallPolicyId <= 0 {
|
||||
policyId, err := models.SharedHTTPFirewallPolicyDAO.CreateDefaultFirewallPolicy(tx, req.Name)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
req.HttpFirewallPolicyId = policyId
|
||||
}
|
||||
|
||||
clusterId, err = models.SharedNodeClusterDAO.CreateCluster(tx, adminId, req.Name, req.NodeGrantId, req.InstallDir, req.DnsDomainId, req.DnsName, req.HttpCachePolicyId, req.HttpFirewallPolicyId, systemServices)
|
||||
if err != nil {
|
||||
return err
|
||||
|
||||
File diff suppressed because one or more lines are too long
@@ -3,6 +3,7 @@ package setup
|
||||
import (
|
||||
"encoding/json"
|
||||
teaconst "github.com/TeaOSLab/EdgeAPI/internal/const"
|
||||
"github.com/TeaOSLab/EdgeAPI/internal/db/models"
|
||||
"github.com/TeaOSLab/EdgeAPI/internal/errors"
|
||||
"github.com/TeaOSLab/EdgeCommon/pkg/dnsconfigs"
|
||||
"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs"
|
||||
@@ -225,6 +226,40 @@ func (this *SQLExecutor) checkCluster(db *dbs.DB) error {
|
||||
return err
|
||||
}
|
||||
|
||||
// 默认缓存策略
|
||||
models.SharedHTTPCachePolicyDAO = models.NewHTTPCachePolicyDAO()
|
||||
models.SharedHTTPCachePolicyDAO.Instance = db
|
||||
policyId, err := models.SharedHTTPCachePolicyDAO.CreateDefaultCachePolicy(nil, "默认集群")
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
_, err = db.Exec("UPDATE edgeNodeClusters SET cachePolicyId=?", policyId)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
// 默认WAf策略
|
||||
models.SharedHTTPFirewallPolicyDAO = models.NewHTTPFirewallPolicyDAO()
|
||||
models.SharedHTTPFirewallPolicyDAO.Instance = db
|
||||
|
||||
models.SharedHTTPFirewallRuleGroupDAO = models.NewHTTPFirewallRuleGroupDAO()
|
||||
models.SharedHTTPFirewallRuleGroupDAO.Instance = db
|
||||
|
||||
models.SharedHTTPFirewallRuleSetDAO = models.NewHTTPFirewallRuleSetDAO()
|
||||
models.SharedHTTPFirewallRuleSetDAO.Instance = db
|
||||
|
||||
models.SharedHTTPFirewallRuleDAO = models.NewHTTPFirewallRuleDAO()
|
||||
models.SharedHTTPFirewallRuleDAO.Instance = db
|
||||
|
||||
policyId, err = models.SharedHTTPFirewallPolicyDAO.CreateDefaultFirewallPolicy(nil, "默认集群")
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
_, err = db.Exec("UPDATE edgeNodeClusters SET httpFirewallPolicyId=?", policyId)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
|
||||
@@ -18,6 +18,24 @@ func TestSQLExecutor_Run(t *testing.T) {
|
||||
t.Log("ok")
|
||||
}
|
||||
|
||||
func TestSQLExecutor_checkCluster(t *testing.T) {
|
||||
executor := NewSQLExecutor(&dbs.DBConfig{
|
||||
Driver: "mysql",
|
||||
Prefix: "edge",
|
||||
Dsn: "root:123456@tcp(127.0.0.1:3306)/db_edge_new?charset=utf8mb4&multiStatements=true",
|
||||
})
|
||||
db, err := dbs.NewInstanceFromConfig(executor.dbConfig)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
err = executor.checkCluster(db)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
t.Log("ok")
|
||||
}
|
||||
|
||||
func TestSQLExecutor_checkMetricItems(t *testing.T) {
|
||||
executor := NewSQLExecutor(&dbs.DBConfig{
|
||||
Driver: "mysql",
|
||||
|
||||
Reference in New Issue
Block a user