feature: P-Agent 安装 IPv6 场景适配 (closed #1290)

apps/backend/agent/solution_maker.py

@@ -141,9 +141,12 @@ def __init__(
             )
 
     def get_http_proxy_url(self) -> str:
+        jump_server: models.Host = self.gse_servers_info["jump_server"]
+        jump_server_lan_ip: str = jump_server.inner_ip or jump_server.inner_ipv6
+        if basic.is_v6(jump_server_lan_ip):
+            jump_server_lan_ip = f"[{jump_server_lan_ip}]"
         return "http://{jump_server_lan_ip}:{jump_server_port}".format(
-            jump_server_lan_ip=self.gse_servers_info["jump_server"].inner_ip,
-            jump_server_port=settings.BK_NODEMAN_NGINX_PROXY_PASS_PORT,
+            jump_server_lan_ip=jump_server_lan_ip, jump_server_port=settings.BK_NODEMAN_NGINX_PROXY_PASS_PORT
         )
 
     def get_setup_type_alias(self):
@@ -155,9 +158,12 @@ def get_package_url(self) -> str:
         :return:
         """
         if ExecutionSolutionTools.need_jump_server(self.host):
+            jump_server: models.Host = self.gse_servers_info["jump_server"]
+            jump_server_lan_ip: str = jump_server.inner_ip or jump_server.inner_ipv6
+            if basic.is_v6(jump_server_lan_ip):
+                jump_server_lan_ip = f"[{jump_server_lan_ip}]"
             return "http://{jump_server_lan_ip}:{proxy_nginx_pass_port}".format(
-                jump_server_lan_ip=self.gse_servers_info["jump_server"].inner_ip,
-                proxy_nginx_pass_port=settings.BK_NODEMAN_NGINX_DOWNLOAD_PORT,
+                jump_server_lan_ip=jump_server_lan_ip, proxy_nginx_pass_port=settings.BK_NODEMAN_NGINX_DOWNLOAD_PORT
             )
         else:
             return self.gse_servers_info["package_url"]
@@ -710,10 +716,7 @@ def get_run_cmd_base_params(self) -> typing.List[str]:
             # 代理机器配置
             f"-HPP '{settings.BK_NODEMAN_NGINX_PROXY_PASS_PORT}'",
             # 代理机器主机信息
-            f"-I {self.gse_servers_info['jump_server'].inner_ip}",
-            f"-I6 {self.gse_servers_info['jump_server'].inner_ipv6}"
-            if self.gse_servers_info["jump_server"].inner_ipv6
-            else "",
+            f"-I {self.gse_servers_info['jump_server'].inner_ip or self.gse_servers_info['jump_server'].inner_ipv6}",
         ]
 
         # 通道特殊配置

apps/backend/agent/tools.py

@@ -88,7 +88,7 @@ def fetch_gse_servers_info(
         bt_file_server_hosts = upstream_servers["btfileserver"]
         data_server_hosts = upstream_servers["dataserver"]
         task_server_hosts = upstream_servers["taskserver"]
-        package_url = gen_nginx_download_url(jump_server.inner_ip)
+        package_url = gen_nginx_download_url(jump_server.inner_ip or jump_server.inner_ipv6)
         default_callback_url = (
             settings.BKAPP_NODEMAN_CALLBACK_URL
             if host.node_type == constants.NodeType.AGENT
@@ -111,7 +111,7 @@ def fetch_gse_servers_info(
         callback_url = host_ap.outer_callback_url or settings.BKAPP_NODEMAN_OUTER_CALLBACK_URL
     else:
         # PAGENT的场景
-        proxy_ips = list(set([proxy.inner_ip for proxy in proxies]))
+        proxy_ips = list(set([proxy.inner_ip or proxy.inner_ipv6 for proxy in proxies]))
         bt_file_server_hosts = proxy_ips
         data_server_hosts = proxy_ips
         task_server_hosts = proxy_ips

apps/backend/components/collections/agent_new/install.py

@@ -395,7 +395,7 @@ def execute_job_commands(self, sub_inst_id, installation_tool: InstallationTools
         )
         self.log_info(
             sub_inst_ids=sub_inst_id,
-            log_content=_("已选择 {inner_ip} 作为本次安装的跳板机").format(inner_ip=jump_server.inner_ip),
+            log_content=_("已选择 {inner_ip} 作为本次安装的跳板机").format(inner_ip=jump_server.inner_ip or jump_server.inner_ipv6),
         )
         path = os.path.join(settings.BK_SCRIPTS_PATH, constants.SetupScriptFileName.SETUP_PAGENT_PY.value)
         with open(path, encoding="utf-8") as fh:
@@ -453,8 +453,8 @@ def execute_job_commands(self, sub_inst_id, installation_tool: InstallationTools
                         "2. Proxy是否已正确完成所有安装步骤且状态正常。 \n"
                         "3. 点击上面链接跳转到作业平台查看任务执行情况。\n"
                     ).format(
-                        host_inner_ip=host.inner_ip,
-                        jump_server_ip=jump_server.inner_ip,
+                        host_inner_ip=host.inner_ip or host.inner_ipv6,
+                        jump_server_ip=jump_server.inner_ip or host.inner_ipv6,
                         download_port=settings.BK_NODEMAN_NGINX_DOWNLOAD_PORT,
                         proxy_pass_port=settings.BK_NODEMAN_NGINX_PROXY_PASS_PORT,
                     ),

dev_log/2.2.32/crayon_202211292126.yaml

@@ -0,0 +1,3 @@
+---
+feature:
+  - "P-Agent 安装 IPv6 场景适配 (closed #1290)"

script_tools/agent_tools/agent2/setup_agent.sh

@@ -371,7 +371,7 @@ unregister_agent_id () {
             fi
         fi
     else
-        log unregister_agent_id FAILED "gse_agent file not exists in $AGENT_SETUP_PATH/bin"
+        warn unregister_agent_id - "gse_agent file not exists in $AGENT_SETUP_PATH/bin"
     fi
 }
 
@@ -555,8 +555,8 @@ check_deploy_result () {
     local ret=0
 
     AGENT_PID=$( get_pid_by_comm_path gse_agent "$AGENT_SETUP_PATH/bin/gse_agent" "WORKER")
-    is_port_connected_by_pid "$AGENT_PID" "$IO_PORT" || { fail check_deploy_result FAILED "agent(PID:$AGENT_PID) is not connect to gse server"; ((ret++)); }
-    is_port_connected_by_pid "$AGENT_PID" "$DATA_PORT" || { fail check_deploy_result FAILED "agent(PID:$AGENT_PID) is not connect to gse server"; ((ret++)); }
+    is_port_connected_by_pid "$AGENT_PID" "$IO_PORT" || { fail check_deploy_result FAILED "agent(PID:$AGENT_PID, PORT:$IO_PORT) is not connect to gse server"; ((ret++)); }
+    is_port_connected_by_pid "$AGENT_PID" "$DATA_PORT" || { fail check_deploy_result FAILED "agent(PID:$AGENT_PID, PORT:$DATA_PORT) is not connect to gse server"; ((ret++)); }
 
     [ $ret -eq 0 ] && log check_deploy_result DONE "gse agent has been deployed successfully"
 }

script_tools/agent_tools/agent2/setup_proxy.sh

@@ -185,7 +185,7 @@ is_port_connected_by_pid () {
         sleep 1
         stat -L -c %i /proc/"$pid"/fd/* 2>/dev/null \
             | grep -qwFf - \
-                <( awk -v p="$port" 'BEGIN{ check=sprintf(":%04X01$", p)} $3$4 ~ check {print $10}' /proc/net/tcp) \
+                <( awk -v p="$port" 'BEGIN{ check=sprintf(":%04X01$", p)} $3$4 ~ check {print $10}' /proc/net/tcp*) \
                 && return 0
     done
     return 1
@@ -361,7 +361,7 @@ unregister_agent_id () {
             fi
         fi
     else
-        log unregister_agent_id FAILED "gse_agent file not exists in $AGENT_SETUP_PATH/bin"
+        warn unregister_agent_id - "gse_agent file not exists in $AGENT_SETUP_PATH/bin"
     fi
 }
 
@@ -456,9 +456,9 @@ remove_proxy () {
     log remove_proxy - "trying to remove old proxy directory(${AGENT_SETUP_PATH}/${PROXY_CLEAN_UP_DIRS[@]})"
 
     if [[ "$REMOVE" == "TRUE" ]]; then
-        unregister_agent_id
+        unregister_agent_id SKIP
         clean_up_proxy_directory
-        log remove_agent DONE "agent removed"
+        log remove_proxy DONE "proxy removed"
         exit 0
     else
         clean_up_proxy_directory
@@ -554,11 +554,11 @@ check_deploy_result () {
 
     is_port_listen_by_pid "$AGENT_PID" "$IO_PORT"  || { fail check_deploy_result FAILED "port $IO_PORT is not listen"; ((ret++)); }
     # is_port_listen_by_pid "$AGENT_PID" $(seq "$BT_PORT_START" "$BT_PORT_END") || { fail check_deploy_result FAILED "bt port is not listen"; ((ret++)); }
-    is_port_connected_by_pid "$AGENT_PID" "$IO_PORT" || { fail check_deploy_result FAILED "agent(PID:$AGENT_PID) is not connect to gse server"; ((ret++)); }
+    is_port_connected_by_pid "$AGENT_PID" "$IO_PORT" || { fail check_deploy_result FAILED "agent(PID:$AGENT_PID, PORT:$IO_PORT) is not connect to gse server"; ((ret++)); }
 
     DATA_PID=$( get_pid_by_comm_path gse_data "$AGENT_SETUP_PATH/bin/gse_data" "WORKER" )
     is_port_listen_by_pid "$DATA_PID" "$DATA_PORT"  || { fail check_deploy_result FAILED "port $DATA_PORT is not listen"; ((ret++)); }
-    is_port_connected_by_pid "$DATA_PID" "$DATA_PORT" || { fail check_deploy_result FAILED "gse_data(PID:$DATA_PID) is not connect to gse server"; ((ret++)); }
+    is_port_connected_by_pid "$DATA_PID" "$DATA_PORT" || { fail check_deploy_result FAILED "gse_data(PID:$DATA_PID, PORT:$DATA_PORT) is not connect to gse server"; ((ret++)); }
 
     [ $ret -eq 0 ] && log check_deploy_result DONE "gse proxy has been deployed successfully"
 }

script_tools/setup_pagent.py

@@ -6,17 +6,19 @@
 
 import argparse
 import base64
+import ipaddress
 import json
 import os
 import re
 import socket
 import sys
 import time
 import traceback
+from functools import partial
 from io import StringIO
 from pathlib import Path
 from subprocess import Popen
-from typing import Any, Dict, List
+from typing import Any, Dict, List, Optional
 
 PRIVATE_KEY_MERGED_TEXT = """
 %%PRIVATE_KEY_MERGED_TEXT%%
@@ -45,6 +47,29 @@
 JOB_PRIVATE_KEY_RE = re.compile(r"^(-{5}BEGIN .*? PRIVATE KEY-{5})(.*?)(-{5}END .*? PRIVATE KEY-{5}.?)$")
 
 
+def is_ip(ip: str, _version: Optional[int] = None) -> bool:
+    """
+    判断是否为合法 IP
+    :param ip:
+    :param _version: 是否为合法版本，缺省表示 both
+    :return:
+    """
+    try:
+        ip_address = ipaddress.ip_address(ip)
+    except ValueError:
+        return False
+    if _version is None:
+        return True
+    return ip_address.version == _version
+
+
+# 判断是否为合法 IPv6
+is_v6 = partial(is_ip, _version=6)
+
+# 判断是否为合法 IPv4
+is_v4 = partial(is_ip, _version=4)
+
+
 def arg_parser() -> argparse.ArgumentParser:
     """Commandline argument parser"""
     parser = argparse.ArgumentParser(description="p-agent setup scripts")
@@ -277,7 +302,7 @@ def execute_shell_solution(
 
 
 def is_port_listen(ip: str, port: int) -> bool:
-    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+    s = socket.socket((socket.AF_INET, socket.AF_INET6)[is_v6(ip)], socket.SOCK_STREAM)
     r = s.connect_ex((ip, port))
 
     if r == 0:

script_tools/start_nginx.sh.tpl

@@ -26,16 +26,14 @@ fi
 
 ipv6_valid_ip () {
     local ip=$1
-    if [[ "${ip}" =~ ^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))$ ]]; then
-        return 0
-    else
-        return 1
-    fi
+    regex='^([0-9a-fA-F]{0,4}:){1,7}[0-9a-fA-F]{0,4}$'
+    awk '$0 !~ /'"$regex"'/{print "not an ipv6=>"$0;exit 1}' <<< "$1"
 }
+
 nginx_dns_list=()
 for dns_ip in ${DNS_LIST[@]}; do
     if ipv6_valid_ip $dns_ip; then
-        nginx_dns_list+=(["${dns_ip}"])
+        nginx_dns_list+=(["$dns_ip"])
     else
         nginx_dns_list+=("$dns_ip")
     fi
@@ -89,11 +87,11 @@ is_port_listen_by_pid () {
         for port in "$@"; do
             stat -L -c %%i /proc/"$pid"/fd/* 2>/dev/null | grep -qwFf - \
             <( awk -v p="$port" 'BEGIN{ check=sprintf(":%%04X0A$", p)} $2$4 ~ check {print $10}' \
-            /proc/net/tcp) || ((ret+=1))
+            /proc/net/tcp*) || ((ret+=1))
         done
     done
     return "$ret"
 }
 pid=$(cat /opt/nginx-portable/logs/nginx.pid);
 is_port_listen_by_pid "$pid" %(bk_nodeman_nginx_download_port)s %(bk_nodeman_nginx_proxy_pass_port)s
-exit $?
+exit $?