兼容Firewall版本, sapp和kni拆开

env-prod-astana/group_vars/all.yml

@@ -36,8 +36,6 @@ kni:
         tfe_node_count: 3
     watch_dog:
         switch: 1
-    maat:
-        readconf_mode: 2
     send_logger:
         switch: 1
     tfe_nodes:

env-stage-hy/group_vars/all.yml

@@ -30,10 +30,6 @@ kni:
         tfe_node_count: 3
     watch_dog:
         switch: 1
-    maat:
-        readconf_mode: 2
-    send_logger:
-        switch: 1
     tfe_nodes:
         - tfe0:
               enabled: 1

env-stage-pc/group_vars/all.yml

@@ -30,10 +30,6 @@ kni:
     tfe_node_count: 3
   watch_dog:
     switch: 1
-  maat:
-    readconf_mode: 2
-  send_logger:
-    switch: 1
   tfe_nodes:
     - tfe0:
         enabled: 1

env-stage-xxg/group_vars/all.yml

@@ -24,16 +24,15 @@ fs_remote:
     address: "192.168.100.1"
     port: 8125
 
+nic_transparent_mode:
+    enable: 0
+
 kni:
     global:
         log_level: 30
         tfe_node_count: 3
     watch_dog:
         switch: 1
-    maat:
-        readconf_mode: 2
-    send_logger:
-        switch: 1
     tfe_nodes:
         - tfe0:
               enabled: 1
@@ -52,3 +51,5 @@ mrzcpd:
 
 mrtunnat:
     lcore_id: 46
+
+run_as_tun_mode: 1

roles/kni/tasks/main.yml

@@ -1,53 +1,17 @@
 ---
-- name: "copy sapp and kni to destination server"
+- name: "copy kni to destination server"
   copy:
     src: "{{ role_path }}/files/"
     dest: /tmp/ansible_deploy/
 
-- name: "install sapp rpms from localhost"
-  yum:
-    name:
-      - /tmp/ansible_deploy/sapp-4.0.4.d31932a-1.el7.x86_64.rpm
-    state: present
-
 - name: "install kni rpms from localhost"
   yum:
     name:
-      - /tmp/ansible_deploy/kni-2.1.5.9e42ae3-1.el7.centos.x86_64.rpm
+      - /tmp/ansible_deploy/kni-3.0.0.4484554-1.el7.x86_64.rpm
     state: present
 
-- name: Template the sapp.toml
-  template:
-    src: "{{ role_path }}/templates/sapp.toml.j2"
-    dest: /home/mesasoft/sapp_run/etc/sapp.toml
-  tags: template
-
-- name: Template the project_list.conf
-  template:
-    src: "{{ role_path }}/templates/project_list.conf.j2"
-    dest: /home/mesasoft/sapp_run/etc/project_list.conf
-  tags: template
-
-- name: Template the conflist.inf
-  template:
-    src: "{{ role_path }}/templates/conflist.inf.j2"
-    dest: /home/mesasoft/sapp_run/plug/conflist.inf
-  tags: template
-
-- name: Template the gdev.conf
-  template:
-    src: "{{ role_path }}/templates/gdev.conf.j2"
-    dest: /home/mesasoft/sapp_run/etc/gdev.conf
-  tags: template
-
 - name: Template the kni.conf
   template:
     src: "{{ role_path }}/templates/kni.conf.j2"
     dest: /home/mesasoft/sapp_run/etc/kni/kni.conf
   tags: template
-
-- name: "enable sapp"
-  systemd:
-    name: sapp
-    enabled: yes
-    daemon_reload: yes

roles/kni/templates/conflist.inf.j2

@@ -1,8 +0,0 @@
-[platform]
-./plug/platform/g_device_plug/g_device_plug.inf
-
-[protocol]
-./plug/protocol/http/http.inf
-
-[business]
-./plug/business/kni/kni.inf

roles/kni/templates/kni.conf.j2

@@ -39,35 +39,9 @@ keepalive_idle = 2
 keepalive_intvl = 1
 keepalive_cnt = 3
 
-[static_maat]
-readconf_mode = {{ kni.maat.readconf_mode }}
-tableinfo_path = ./etc/kni/static_maat_tableinfo.conf
-maatjson_path = ./etc/kni/maat_test.json
-redis_ip = {{ maat_redis_server.address }}
-redis_port = {{ maat_redis_server.port }}
-redis_index = {{ maat_redis_server.db }}
-
-[dynamic_maat]
-readconf_mode = {{ kni.maat.readconf_mode }}
-tableinfo_path = ./etc/kni/dynamic_maat_tableinfo.conf
-maatjson_path = ./etc/kni/maat_test.json
-redis_ip = {{ dynamic_maat_redis_server.address }}
-redis_port = {{ dynamic_maat_redis_server.port }}
-redis_index = {{ dynamic_maat_redis_server.db }}
-
-[send_logger]
-switch = {{ kni.send_logger.switch }}
-kafka_topic = SESSION-RECORD-LOG
-kafka_brokerlist = {{ log_kafkabrokers.address }}
-
 [marsio]
 appsym = knifw
 
-[kafka]
-queue.buffering.max.messages = 1000000
-topic.metadata.refresh.interval.ms = 600000
-security.protocol = MG
-
 [dup_traffic]
 switch = 1
 action = 2
@@ -99,4 +73,5 @@ remote_switch = {{ fs_remote.switch }}
 remote_ip = {{ fs_remote.address }}
 remote_port = {{ fs_remote.port }}
 local_path = ./fs2_kni.status
-stat_cycle = 2
+stat_cycle = 1
+print_mode = 1

roles/sapp/tasks/main.yml

@@ -0,0 +1,41 @@
+---
+- name: "copy sapp to destination server"
+  copy:
+    src: "{{ role_path }}/files/"
+    dest: /tmp/ansible_deploy/
+
+- name: "install sapp rpms from localhost"
+  yum:
+    name:
+      - /tmp/ansible_deploy/sapp-4.0.5.3385992-1.el7.x86_64.rpm
+    state: present
+
+- name: Template the sapp.toml
+  template:
+    src: "{{ role_path }}/templates/sapp.toml.j2"
+    dest: /home/mesasoft/sapp_run/etc/sapp.toml
+  tags: template
+
+- name: Template the project_list.conf
+  template:
+    src: "{{ role_path }}/templates/project_list.conf.j2"
+    dest: /home/mesasoft/sapp_run/etc/project_list.conf
+  tags: template
+
+- name: Template the conflist.inf
+  template:
+    src: "{{ role_path }}/templates/conflist.inf.j2"
+    dest: /home/mesasoft/sapp_run/plug/conflist.inf
+  tags: template
+
+- name: Template the gdev.conf
+  template:
+    src: "{{ role_path }}/templates/gdev.conf.j2"
+    dest: /home/mesasoft/sapp_run/etc/gdev.conf
+  tags: template
+  
+- name: "enable sapp"
+  systemd:
+    name: sapp
+    enabled: yes
+    daemon_reload: yes

roles/sapp/templates/conflist.inf.j2

@@ -0,0 +1,19 @@
+[platform]
+./plug/platform/g_device_plug/g_device_plug.inf
+./plug/platform/tsg_master/tsg_master.inf
+
+[protocol]
+./plug/protocol/ssl/ssl.inf
+./plug/protocol/http/http.inf
+./plug/protocol/dns/dns.inf
+./plug/protocol/mail/mail.inf
+./plug/protocol/ftp/ftp.inf
+
+[business]
+./plug/business/kni/kni.inf
+./plug/business/fw_ssl/fw_ssl.inf
+./plug/business/fw_http_plug/fw_http_plug.inf
+./plug/business/fw_dns_plug/fw_dns_plug.inf
+./plug/business/fw_mail_plug/fw_mail_plug.inf
+./plug/business/fw_ftp_plug/fw_ftp_plug.inf
+./plug/business/tsg_conn_record/tsg_conn_record.inf

roles/sapp/templates/project_list.conf.j2

@@ -1,4 +1,4 @@
 tcp_flow_stat           struct
 udp_flow_stat           struct
 tcp_deduce_flow_stat    struct
-kni_http_tag            struct
+POLICY_PRIORITY	struct