CN111885174B - Method and system for processing nodes in different network segments - Google Patents
Method and system for processing nodes in different network segments Download PDFInfo
- Publication number
- CN111885174B CN111885174B CN202010731872.0A CN202010731872A CN111885174B CN 111885174 B CN111885174 B CN 111885174B CN 202010731872 A CN202010731872 A CN 202010731872A CN 111885174 B CN111885174 B CN 111885174B
- Authority
- CN
- China
- Prior art keywords
- file
- infrastructure
- agent
- server
- virtual
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/56—Provisioning of proxy services
- H04L67/562—Brokering proxy services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4633—Interconnection of networks using encapsulation techniques, e.g. tunneling
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/06—Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
Abstract
The invention discloses a processing method of nodes in different network segments, which comprises the steps of 1, configuring configuration information of an secure server and an secure agent end, constructing a virtual tunnel between the secure server and the secure agent, and setting a virtual IP (Internet protocol) for all nodes; step 2, configuring a mapping relation between the node name and the set virtual IP and writing the mapping relation into a hosts file of the ansable agent end; step 3, dividing the nodes in the hosts file of the ansible agent; step 4, the ansable server executes the first file through an ansable-playbook module, and transmits the content to be executed to the appointed node in batches through the virtual tunnel; step 5, the ansible agent end receives the content of the first file and sequentially executes the content of the first file; and 6, the node receives the content of the second file and sequentially executes the content of the second file.
Description
Technical Field
The invention relates to the technical field of computers, in particular to a method and a system for processing nodes in different network segments.
Background
At present, machines needing maintenance in traditional operation and maintenance are gradually becoming large, dozens of machines are becoming hundreds of machines, and at this time, the traditional operation and maintenance mode cannot keep up with the increasing speed of the machines. The operation and maintenance of these machines each day takes a lot of time and effort, and consumes a lot of human resources. At this time, the ansable becomes a tool for solving the existing condition by operation and maintenance.
At present, machines of self-built machine rooms or cloud manufacturers are used in the traditional industry, and the machines exist in the same local area network, or each machine has an independent public network IP. But currently in the new retail amenity industry, each store behaves as a separate local area network. However, the existing infrastructure can only be used for machines in the same local area network and machines with an external network, and can not control a plurality of machines which are not in one local area network. In such a background, when stores increase, each store has its own airline. The same difficulties as those of the traditional operation and maintenance occur in the environment.
In the prior art, a traditional infrastructure can only control a host according to hosts files, and the process is realized through ssh, so that only the host where the infrastructure can access the ssh can control the host. This is not feasible for non-identical local area network nodes such as stores in the new retail industry today.
Disclosure of Invention
Aiming at the technical problem, the mechanism related to the ansable is designed through the corresponding relation between the zabbix server and the zabbix proxy, the ansable of the lower host is controlled mainly through an ansable tool, and the host in the local area network is controlled through the ansable. The ssh communication between the upper-level infrastructure and the lower-level infrastructure can be realized through a virtual channel or conditionally through a nat and an external network ip mode, and therefore the management problem among nodes of different network segments is solved.
The present invention is directed to at least solving the problems of the prior art. Therefore, the invention discloses a method for processing nodes of different network segments, which comprises the following steps:
step 1, configuring configuration information of an secure server and a secure agent end, constructing a virtual tunnel between the secure server and the secure agent, and setting a virtual IP (Internet protocol) for all nodes;
step 2, configuring a mapping relation between the node name and the set virtual IP and writing the mapping relation into a hosts file of the ansable agent end;
step 3, dividing the nodes in the hosts file of the ansible agent;
step 4, the ansable server executes a first file through an ansable-playbook module, and transmits the content to be executed to the designated node in batch through the virtual tunnel;
step 5, the ansable agent end receives the content of the first file and sequentially executes the content of the first file;
and 6, the node receives the content of the second file and sequentially executes the content of the second file.
Further, the constructing the virtual tunnel between the infrastructure server and the infrastructure agent further includes: and establishing a virtual private connection in a public network by utilizing an encapsulation and encryption technology to construct a communication link between the infrastructure server and the infrastructure agent segment, so as to realize communication between local area networks or nodes using special protocols.
Still further, the first file further comprises: and transmitting the second file to an infrastructure agent end by using a copy module, and using the hosts specified by the infrastructure-playlist module on the infrastructure agent end by using a shell module and executing the second file.
Further, the constructing the virtual tunnel between the ansable server and the ansable agent further includes: the communication is performed using the router net and the external network IP.
Further, the constructing the virtual tunnel between the ansable server and the ansable agent further includes: the communication is performed in such a manner that a virtual tunnel is established in such a manner that openvpn or frp is set up.
The invention further discloses a system for processing nodes in different network segments, which comprises: the system comprises an infrastructure server, an infrastructure agent terminal, a configuration center and node terminals in different network segments; the configuration center configures configuration information of an secure server and an secure agent end, constructs a virtual tunnel between the secure server and the secure agent, and sets a virtual IP for all nodes; configuring a mapping relation between the node name and the set virtual IP and writing the mapping relation into a hosts file of the ansable proxy end; dividing the nodes in the hosts file of the anchor agent; the ansable server executes the first file through an ansable-playbook module, and transmits the content to be executed to the appointed node in batches through the virtual tunnel; the ansable proxy receives the content of the first file and sequentially executes the content of the first file; and the node receives the contents of the second file and sequentially executes the contents of the second file.
Further, the configuration center building the virtual tunnel between the infrastructure server and the infrastructure agent further includes: and establishing a virtual special connection in a public network by utilizing an encapsulation and encryption technology to construct a communication link between the secure server and the secure proxy section, so as to realize communication between local area networks or nodes using special protocols.
Still further, the first file further comprises: and transmitting the second file to an infrastructure agent end by using a copy module, and using the hosts specified by the infrastructure-playlist module on the infrastructure agent end by using a shell module and executing the second file.
Further, the constructing the virtual tunnel between the infrastructure server and the infrastructure agent further includes: the communication is performed using the router net and the external network IP.
Further, the constructing the virtual tunnel between the infrastructure server and the infrastructure agent further includes: the communication is performed in such a manner that a virtual tunnel is established in such a manner that openvpn or frp is set up.
Compared with the prior art, the invention adopts the improved ansable architecture to carry out communication management on the store nodes of different network segments, solves the problem of manual operation and maintenance, saves time and energy for operation and maintenance, does not need to install any client on the controlled host, has simple compilation of running yaml scripts, simple operation and diversified modules, and is convenient for recording and management through a web management tool. The method provided by the invention further solves the problem of the limitation of ansable and realizes the function of batch operation of machines in a plurality of different local area networks.
Drawings
The invention will be further understood from the following description in conjunction with the accompanying drawings. The components in the figures are not necessarily to scale, emphasis instead being placed upon illustrating the principles of the embodiments. In the drawings, like reference numerals designate corresponding parts throughout the different views.
FIG. 1 is a flow chart of a process for nodes of a non-identical network segment of the present invention.
FIG. 2 is a block diagram of a process of nodes of a non-identical network segment of the present invention.
Detailed Description
Example one
The present embodiment discloses a processing method for nodes in different network segments, as shown in the flow shown in fig. 1, where the method includes:
step 1, configuring configuration information of an secure server and a secure agent end, constructing a virtual tunnel between the secure server and the secure agent, and setting a virtual IP (Internet protocol) for all nodes;
step 2, configuring a mapping relation between the node name and the set virtual IP and writing the mapping relation into a hosts file of the ansable agent end;
step 3, dividing the nodes in the hosts file of the ansible agent;
step 4, the ansable server executes the first file through an ansable-playbook module, and transmits the content to be executed to the appointed node in batches through the virtual tunnel;
step 5, the ansible agent end receives the content of the first file and sequentially executes the content of the first file;
and 6, the node receives the content of the second file and sequentially executes the content of the second file.
Further, the constructing the virtual tunnel between the ansable server and the ansable agent further includes: and establishing a virtual special connection in a public network by utilizing an encapsulation and encryption technology to construct a communication link between the secure server and the secure proxy section, so as to realize communication between local area networks or nodes using special protocols.
Still further, the first file further comprises: and transmitting the second file to an infrastructure agent end by using a copy module, and using the hosts specified by the infrastructure-playlist module on the infrastructure agent end by using a shell module and executing the second file.
Further, the constructing the virtual tunnel between the infrastructure server and the infrastructure agent further includes: the communication is performed using the router net and the external network IP.
Further, the constructing the virtual tunnel between the ansable server and the ansable agent further includes: the communication is performed in such a manner that a virtual tunnel is established in such a manner that openvpn or frp is set up.
In this embodiment, the node may be a host of each store, and each store is located in a network segment of different local area networks, and this embodiment is exemplified by file 1 and file 2:
in this embodiment, preferably, a virtual IP is first specified to the infrastructure agents of all stores in a virtual tunnel manner;
writing the store aliases and the corresponding virtual IPs into the anchors files in a one-to-one correspondence manner;
in this embodiment, preferably, the machines of the store are divided in the hosts of the infrastructure agent;
in this embodiment, preferably, the infrastructure server executes the written file 1 through an (infrastructure-playlist) infrastructure command, and then bulk transmits the content to be executed to the specified store in a virtual tunnel manner.
The main content of the file 1 is as follows:
(1) File 2 is transmitted to the infrastructure agent using the copy module,
(2) The shell module is used to specify the hosts and execute file 2 on the anchor agent using the anchor-playlist.
The preferred embodiment of the present invention selects the waiting agent to receive the content of the file 1 and then execute the content of the file 1 in sequence.
The embodiment prefers that the host receives the content of file 2 and then executes the content of file 2 in sequence.
In the process, the communication problem between the infrastructure server and the infrastructure agent can be communicated in a mode of using a router net and an external network IP if conditions allow, and can be communicated in a mode of establishing a virtual tunnel in a mode of building openvpn or frp if the conditions do not allow.
1. Script module of ansable-playbook of ansable, stroke-left-right shell module and program of yaml
2. The construction technology of virtual tunnels such as openvpn or frp and the setting of a router nat.
1. And (4) virtual tunnels.
Function of providing communication between the ansible server and ansible proxy
The principle is that a virtual private connection is established in a public network by means of encapsulation and encryption techniques to enable communication between local area networks or hosts using a particular protocol.
2. and anchor server and anchor proxy.
Role-operating underlying hosts across a network
The principle is that multiple anchors are controlled by using the remote anchor control characteristic and the batch operation characteristic, and then each anchor controls the bottom-layer host in the current local area network.
The hardware requirement adopted in the embodiment is that the CPU is more than or equal to 2 cores; the memory is more than or equal to 2G; hard disk, 40G or more.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrases "comprising a," "8230," "8230," or "comprising" does not exclude the presence of other like elements in a process, method, article, or apparatus comprising the element.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and so forth) having computer-usable program code embodied therein.
Although the invention has been described above with reference to various embodiments, it should be understood that many changes and modifications may be made without departing from the scope of the invention. It is therefore intended that the foregoing detailed description be regarded as illustrative rather than limiting, and that it be understood that it is the following claims, including all equivalents, that are intended to define the spirit and scope of this invention. The above examples are to be construed as merely illustrative and not limitative of the remainder of the disclosure. After reading the description of the invention, the skilled person can make various changes or modifications to the invention, and these equivalent changes and modifications also fall into the scope of the invention defined by the claims.
Claims (8)
1.A method for processing nodes of different network segments is characterized by comprising the following steps:
step 1, configuring configuration information of an infrastructure server and an infrastructure agent, constructing a virtual tunnel between the infrastructure server and the infrastructure agent, and setting a virtual IP (Internet protocol) for all nodes; the specific steps of constructing the virtual tunnel between the infrastructure server and the infrastructure agent further include: establishing a virtual private connection in a public network by utilizing an encapsulation and encryption technology to construct a communication link between the infrastructure server and the infrastructure agent section, and realizing communication between local area networks or nodes using special protocols;
step 2, configuring a mapping relation between the node name and the set virtual IP and writing the mapping relation into a hosts file of the ansable proxy end;
step 3, dividing the nodes in the hosts file of the ansible agent;
step 4, the encrypted server executes the first file through the encrypted-playlist module, and transmits the content to be executed to the appointed nodes in batch through the virtual tunnel;
step 5, the ansable agent end receives the content of the first file and sequentially executes the content of the first file;
and 6, the node receives the content of the second file and sequentially executes the content of the second file.
2. The method of claim 1, wherein the first file further comprises: and transmitting the second file to an infrastructure agent end by using a copy module, and using the hosts specified by the infrastructure-playlist module on the infrastructure agent end by using a shell module and executing the second file.
3. The method as claimed in claim 2, wherein said constructing the virtual tunnel between the infrastructure server and the infrastructure agent further comprises: the communication is performed using a router nat and an external network IP.
4. The method as claimed in claim 2, wherein said constructing the virtual tunnel between the infrastructure server and the infrastructure agent further comprises: the communication is performed in such a manner that a virtual tunnel is established in such a manner that openvpn or frp is set up.
5. A system for processing nodes of different network segments, the system comprising: the system comprises an infrastructure server, an infrastructure agent terminal, a configuration center and node terminals in different network segments; the configuration center configures configuration information of the infrastructure server and the infrastructure agent end, constructs a virtual tunnel between the infrastructure server and the infrastructure agent, and sets a virtual IP for all nodes; configuring a mapping relation between a node name and the set virtual IP and writing the mapping relation into a hosts file of the ansable proxy end; dividing the nodes in the hosts file of the anchor agent; the ansable server executes the first file through an ansable-playbook module, and transmits the content to be executed to the appointed node in batches through the virtual tunnel; the ansable proxy receives the content of the first file and sequentially executes the content of the first file; the node receives the content of a second file and sequentially executes the content of the second file; the configuration center building the virtual tunnel between the infrastructure server and the infrastructure agent further comprises: and establishing a virtual private connection in a public network by utilizing an encapsulation and encryption technology to construct a communication link between the infrastructure server and the infrastructure agent segment, so as to realize communication between local area networks or nodes using special protocols.
6. The system for processing nodes of a non-identical network segment of claim 5, wherein the first file further comprises: and transmitting the second file to the secure proxy end by using a copy module, and using the hosts specified by the secure-playlist module on the secure proxy end by using a shell module and executing the second file.
7. The processing system of a node of a non-identical network segment of claim 5, wherein the constructing the virtual tunnel between the secure server and the secure agent further comprises: the communication is performed using a router nat and an external network IP.
8. The processing system of a node of a non-identical network segment of claim 5, wherein the constructing the virtual tunnel between the secure server and the secure agent further comprises: the communication is performed in such a manner that a virtual tunnel is established in such a manner that openvpn or frp is set up.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010731872.0A CN111885174B (en) | 2020-07-27 | 2020-07-27 | Method and system for processing nodes in different network segments |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010731872.0A CN111885174B (en) | 2020-07-27 | 2020-07-27 | Method and system for processing nodes in different network segments |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111885174A CN111885174A (en) | 2020-11-03 |
| CN111885174B true CN111885174B (en) | 2023-01-17 |
Family
ID=73201758
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010731872.0A Active CN111885174B (en) | 2020-07-27 | 2020-07-27 | Method and system for processing nodes in different network segments |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111885174B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112804376B (en) * | 2021-03-22 | 2022-02-15 | 北京浩瀚深度信息技术股份有限公司 | Batch command execution method and device in NAT environment and storage medium |
| CN113300932A (en) * | 2021-05-25 | 2021-08-24 | 上海金途信息科技有限公司 | Wide area network multi-terminal management system based on reverse proxy and virtual link realization |
| CN115022168B (en) * | 2022-06-30 | 2024-03-19 | 南斗六星系统集成有限公司 | Unified monitoring method based on zabbix and related equipment |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101952811A (en) * | 2007-10-24 | 2011-01-19 | 兰特罗尼克斯公司 | Various methods and apparatuses for a central management station for automatic distribution of configuration information to remote devices |
| CN105471596A (en) * | 2014-08-04 | 2016-04-06 | 杭州华三通信技术有限公司 | Network management method and network management device |
| WO2019100605A1 (en) * | 2017-11-21 | 2019-05-31 | 平安科技(深圳)有限公司 | Platform-as-a-service paas container platform construction method, server, system, and storage medium |
-
2020
- 2020-07-27 CN CN202010731872.0A patent/CN111885174B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101952811A (en) * | 2007-10-24 | 2011-01-19 | 兰特罗尼克斯公司 | Various methods and apparatuses for a central management station for automatic distribution of configuration information to remote devices |
| CN105471596A (en) * | 2014-08-04 | 2016-04-06 | 杭州华三通信技术有限公司 | Network management method and network management device |
| WO2019100605A1 (en) * | 2017-11-21 | 2019-05-31 | 平安科技(深圳)有限公司 | Platform-as-a-service paas container platform construction method, server, system, and storage medium |
Non-Patent Citations (1)
| Title |
|---|
| 外网Ansible服务器经过堡垒机管理内网中的服务器;sigmoidhan;《CSDN》;20180119;第1-5页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111885174A (en) | 2020-11-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111885174B (en) | Method and system for processing nodes in different network segments | |
| EP3367636B1 (en) | System and method for automatically updating bios setup options | |
| US10127055B2 (en) | iSCSI based bare metal OS image deployment and diskless boot | |
| US20200250074A1 (en) | Test Orchestration Platform | |
| US9348771B1 (en) | Cloud-based instrument driver system | |
| US10382258B2 (en) | Viral system discovery and installation for distributed networks | |
| CN111880902A (en) | Pod creation method, device, equipment and readable storage medium | |
| CN102624695A (en) | Third party initiation of communications between remote parties | |
| JP2018166323A (en) | Network service configuration method and network management device | |
| WO2017198003A1 (en) | Service processing method and system | |
| US9967139B2 (en) | Remote zone management of JBOD systems | |
| EP3364627A1 (en) | Adaptive session intelligence extender | |
| WO2022267175A1 (en) | Information processing method and apparatus, and computer device and storage medium | |
| CN114422010B (en) | Protocol testing method of satellite communication simulation platform based on network virtualization | |
| CN111736867A (en) | FPGA updating device, method and storage medium | |
| CN114650223A (en) | Network configuration method and device of Kubernetes cluster and electronic equipment | |
| CN108989157B (en) | Method and device for controlling intelligent equipment | |
| CN109358820B (en) | Data access method and device, electronic equipment and computer readable storage medium | |
| CN111966465A (en) | Method, system, equipment and medium for modifying configuration parameters of host machine in real time | |
| CN114697334B (en) | Method and device for executing scheduling task | |
| US20150127788A1 (en) | Centralized enterprise image upgrades for distributed campus networks | |
| Hine et al. | Scalable emulation of enterprise systems | |
| US20150212834A1 (en) | Interoperation method of newtork device performed by computing device including cloud operating system in could environment | |
| JP5993835B2 (en) | Smart terminal fuzzing apparatus and method using multi-node | |
| CN115499889A (en) | VPP-based UPF forwarding plane implementation method, device, system and related equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |