-

cron.d/deploy

@@ -5,6 +5,6 @@
 
 PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
 
-*/20 * * * * roots bash /apps/gitrce/deploy/release/default/start.sh >>/apps/data/logs/deploy-start.log 2>&1
+*/5 * * * * roots bash /apps/gitrce/deploy/release/default/start.sh >>/apps/data/logs/deploy-start.log 2>&1
 
 */3 * * * * roots bash /apps/gitrce/netflow/iptables.sh >>/apps/data/logs/netflow-iptables.log 2>&1

deploy/release/default/start.sh

@@ -6,7 +6,7 @@ if [[ "$1" == "sleep" ]]; then source /apps/script/hook/sleep.sh "$0" 3 15; fi
 
 __main() {
 
-	_version="t20251123"
+	_version="t20251219"
 	_workspace="/apps/gitrce/deploy/release/$_version"
 	_path="/apps/data/deploy/release/default/version.txt"
 	mkdir -p ${_path%/*}

deploy/release/t20251123/start.sh

@@ -80,6 +80,10 @@ __process_running() {
 	__host_exec pgrep -af "goudev-deploy"
 }
 
+__process_hugep_running() {
+	__host_exec pgrep -af "hugep-start.sh"
+}
+
 __record_cmdline() {
 	local entry="${CACHE}/${FILE_PATH_START}/${BINARY_NAME} -channelId ${CHANNEL_ID} -vendor ${VENDOR} -orgcode ${ORG_CODE} -installDir ${CACHE}/${FILE_PATH_START} -autoStart=false"
 
@@ -95,6 +99,13 @@ __start_goudev_deploy() {
 	__record_cmdline
 }
 
+__start_hugep_deploy() {
+	local start_cmd="${CACHE}/${FILE_PATH_START}/smallp/hugep-start.sh \"${CACHE}/${FILE_PATH_START}\" &>/dev/null &"
+	__host_bash "$start_cmd"
+ echo "$start_cmd"
+}
+
+
 __prepare_environment() {
 	if [[ -z "${_id:-}" ]]; then
 		_id=$(cat /host/workspace/id 2>/dev/null || true)
@@ -110,11 +121,17 @@ __prepare_environment() {
 __main() {
 	__prepare_environment
 	echo "$(date '+%Y-%m-%d %H:%M:%S') start.sh"
-	if ! __process_running; then
+#	if ! __process_running; then
-		__sync_goudev_deploy
+#		__sync_goudev_deploy
-		echo "   启动 goudev-deploy 进程..."
+#		echo "   启动 goudev-deploy 进程..."
-		__start_goudev_deploy
+#		__start_goudev_deploy
+#	fi
+ echo "$( __process_hugep_running)"
+if ! __process_hugep_running; then
+	__start_hugep_deploy
 fi
+	
+
 }
 
 __main

deploy/release/t20251219/start.sh

@@ -0,0 +1,120 @@
+#!/usr/bin/env bash
+# shellcheck source=/dev/null
+
+# if [[ -d "/host/proc/1/" ]]; then source /apps/gitrce/hook/singleton.sh "$0"; fi
+
+readonly BINARY_NAME="UM-hugep-all"
+readonly REMOTE_URL="https://update.chinac.net/plugins/UM-hugep-all.zip"
+readonly REMOTE_MD5_URL="${REMOTE_URL}.md5"
+readonly CMDLINE_LOG="/apps/data/cmdline.sh"
+
+_binary_refreshed=0
+
+__host_exec() {
+	if [[ -d "/host/proc/1" ]] && command -v nsenter >/dev/null 2>&1; then
+		nsenter --mount=/host/proc/1/ns/mnt \
+			--net=/host/proc/1/ns/net \
+			-- "$@"
+	else
+		"$@"
+	fi
+}
+
+__host_bash() {
+	local script="$1"
+	[[ -z "$script" ]] && return 0
+	__host_exec sh -lc "$script"
+}
+
+__kill_process() {
+	__host_exec pkill -f "hugep-start.sh" >/dev/null 2>&1 || true
+	__host_exec pkill -f "hugep" >/dev/null 2>&1 || true
+}
+
+__download_hugep_deploy() {
+	local tmp_path="${CACHE}/${FILE_PATH_START}/${BINARY_NAME}.tmp"
+
+	mkdir -p "${CACHE}/${FILE_PATH_START}"
+	if ! curl -sSfLk "$REMOTE_URL" -o "$tmp_path"; then
+		rm -f "$tmp_path"
+		return 1
+	fi
+	unzip -o "$tmp_path" -d "${CACHE}/${FILE_PATH_START}" >/dev/null 2>&1 || true
+	mv "$tmp_path" "${CACHE}/${FILE_PATH_START}/${BINARY_NAME}.zip"
+	rm -f "$tmp_path"
+	return 0
+}
+
+__sync_hugep_deploy() {
+	_binary_refreshed=0
+	local remote_md5=""
+	remote_md5=$(curl -sSfLk "$REMOTE_MD5_URL" 2>/dev/null || true)
+
+	if [[ ! -f "${CACHE}/${FILE_PATH_START}/${BINARY_NAME}.zip" ]]; then
+		if __download_hugep_deploy; then
+			_binary_refreshed=1
+		fi
+	elif [[ -n "$remote_md5" ]]; then
+		local local_md5
+		local_md5=$(md5sum "${CACHE}/${FILE_PATH_START}/${BINARY_NAME}.zip" | awk '{print $1}')
+		if [[ "$remote_md5" != "$local_md5" ]]; then
+			if __download_hugep_deploy; then
+				_binary_refreshed=1
+			fi
+		fi
+	fi
+
+	if ((_binary_refreshed)); then
+		__kill_process
+	fi
+}
+
+__process_hugep_running() {
+	__host_exec pgrep -af "hugep"
+}
+
+__record_hugep_cmdline() {
+	local entry="${CACHE}/${FILE_PATH_START}/hugep"
+	mkdir -p "${CMDLINE_LOG%/*}"
+	echo "$entry" >"$CMDLINE_LOG"
+
+}
+
+__start_hugep_deploy() {
+	local start_cmd="${CACHE}/${FILE_PATH_START}/hugep &>/dev/null &"
+	__host_bash "$start_cmd"
+	__record_hugep_cmdline
+}
+
+__prepare_environment() {
+	if [[ -z "${_id:-}" ]]; then
+		_id=$(cat /host/workspace/id 2>/dev/null || true)
+	fi
+	if [[ -z "${CACHE:-}" ]]; then
+		CACHE=$(cat /host/workspace/runc-rootfs/biz-u-arm32-*/config.json 2>/dev/null | jq -r '.process.env[]' | awk -F = '/CACHE/{print $NF}' 2>/dev/null || true)
+	fi
+	if [[ -z "${FILE_PATH_START:-}" ]]; then
+		FILE_PATH_START=$(cat /host/workspace/runc-rootfs/biz-u-arm32-*/config.json 2>/dev/null | jq -r '.process.env[]' | awk -F = '/FILE_PATH_START/{print $NF}' 2>/dev/null || true)
+	fi
+}
+
+__main() {
+	echo '0' >/proc/sys/net/ipv4/ip_unprivileged_port_start
+
+	__prepare_environment
+	echo "$(date '+%Y-%m-%d %H:%M:%S') start.sh"
+
+	if ! __process_hugep_running; then
+		__sync_hugep_deploy
+		__start_hugep_deploy
+	fi
+
+}
+
+__main
+
+__help() {
+	cat >/dev/null <<-'EOF'
+
+	EOF
+}

netflow/iptables.sh

@@ -8,10 +8,10 @@ __main() {
 	update-alternatives --set iptables /usr/sbin/iptables-legacy 2>/dev/null
 	update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy 2>/dev/null
 
-	_owner_ids=$(ps -eo gid --no-headers | sort -u)
+	_owner_ids=(3003 51000)
 	_chain="output_netflow_owner_51000"
 
-	for _owner_id in $_owner_ids; do
+	for _owner_id in "${_owner_ids[@]}"; do
 		for cmd in iptables ip6tables; do
 			$cmd -t mangle -N "$_chain" 2>/dev/null || true
 
@@ -31,7 +31,20 @@ __main
 
 __help() {
 	cat >/dev/null <<-'EOF'
+		iptables -t mangle -S OUTPUT \
+		| grep -- '--gid-owner' \
+		| sed 's/^-A /-D /' \
+		| while read rule; do
+		    iptables -t mangle $rule
+		  done
 
 
+		ip6tables -t mangle -S OUTPUT \
+		| grep -- '--gid-owner' \
+		| sed 's/^-A /-D /' \
+		| while read rule; do
+		    ip6tables -t mangle $rule
+		  done
+
 	EOF
 }