兼容Firewall版本, sapp和kni拆开

2020-01-08 20:02:59 +08:00
parent 90077d70ed
commit 04e3ef7f33
22 changed files with 70 additions and 88 deletions
--- a/env-prod-astana/group_vars/all.yml
+++ b/env-prod-astana/group_vars/all.yml
@@ -36,8 +36,6 @@ kni:
        tfe_node_count: 3
    watch_dog:
        switch: 1
    maat:
        readconf_mode: 2
    send_logger:
        switch: 1
    tfe_nodes:
--- a/env-stage-hy/group_vars/all.yml
+++ b/env-stage-hy/group_vars/all.yml
@@ -30,10 +30,6 @@ kni:
        tfe_node_count: 3
    watch_dog:
        switch: 1
    maat:
        readconf_mode: 2
    send_logger:
        switch: 1
    tfe_nodes:
        - tfe0:
              enabled: 1
--- a/env-stage-pc/group_vars/all.yml
+++ b/env-stage-pc/group_vars/all.yml
@@ -30,10 +30,6 @@ kni:
    tfe_node_count: 3
  watch_dog:
    switch: 1
  maat:
    readconf_mode: 2
  send_logger:
    switch: 1
  tfe_nodes:
    - tfe0:
        enabled: 1
--- a/env-stage-xxg/group_vars/all.yml
+++ b/env-stage-xxg/group_vars/all.yml
@@ -24,16 +24,15 @@ fs_remote:
    address: "192.168.100.1"
    port: 8125
 nic_transparent_mode:
    enable: 0
 kni:
    global:
        log_level: 30
        tfe_node_count: 3
    watch_dog:
        switch: 1
    maat:
        readconf_mode: 2
    send_logger:
        switch: 1
    tfe_nodes:
        - tfe0:
              enabled: 1
@@ -52,3 +51,5 @@ mrzcpd:
 mrtunnat:
    lcore_id: 46
 run_as_tun_mode: 1
--- a/roles/framework/files/kernel/kernel-ml-5.1.8-1.el7.elrepo.x86_64.rpm
+++ b/roles/framework/files/kernel/kernel-ml-5.1.8-1.el7.elrepo.x86_64.rpm
--- a/roles/framework/files/kernel/kernel-ml-devel-5.1.8-1.el7.elrepo.x86_64.rpm
+++ b/roles/framework/files/kernel/kernel-ml-devel-5.1.8-1.el7.elrepo.x86_64.rpm
--- a/roles/kernel-ml/files/kernel/kernel-ml-5.1.8-1.el7.elrepo.x86_64.rpm
+++ b/roles/kernel-ml/files/kernel/kernel-ml-5.1.8-1.el7.elrepo.x86_64.rpm
--- a/roles/kernel-ml/files/kernel/kernel-ml-devel-5.1.8-1.el7.elrepo.x86_64.rpm
+++ b/roles/kernel-ml/files/kernel/kernel-ml-devel-5.1.8-1.el7.elrepo.x86_64.rpm
--- a/roles/kni/files/kni-2.1.5.9e42ae3-1.el7.centos.x86_64.rpm
+++ b/roles/kni/files/kni-2.1.5.9e42ae3-1.el7.centos.x86_64.rpm
--- a/roles/kni/files/kni-3.0.0.4484554-1.el7.x86_64.rpm
+++ b/roles/kni/files/kni-3.0.0.4484554-1.el7.x86_64.rpm
--- a/roles/kni/files/kni-debuginfo-3.0.0.4484554-1.el7.x86_64.rpm
+++ b/roles/kni/files/kni-debuginfo-3.0.0.4484554-1.el7.x86_64.rpm
--- a/roles/kni/files/sapp-4.0.4.d31932a-1.el7.x86_64.rpm
+++ b/roles/kni/files/sapp-4.0.4.d31932a-1.el7.x86_64.rpm
--- a/roles/kni/tasks/main.yml
+++ b/roles/kni/tasks/main.yml
@@ -1,53 +1,17 @@
 ---
- name: "copy sapp and kni to destination server"
+- name: "copy kni to destination server"
  copy:
    src: "{{ role_path }}/files/"
    dest: /tmp/ansible_deploy/
 - name: "install sapp rpms from localhost"
  yum:
    name:
      - /tmp/ansible_deploy/sapp-4.0.4.d31932a-1.el7.x86_64.rpm
    state: present
 - name: "install kni rpms from localhost"
  yum:
    name:
-      - /tmp/ansible_deploy/kni-2.1.5.9e42ae3-1.el7.centos.x86_64.rpm
+      - /tmp/ansible_deploy/kni-3.0.0.4484554-1.el7.x86_64.rpm
    state: present
 - name: Template the sapp.toml
  template:
    src: "{{ role_path }}/templates/sapp.toml.j2"
    dest: /home/mesasoft/sapp_run/etc/sapp.toml
  tags: template
 - name: Template the project_list.conf
  template:
    src: "{{ role_path }}/templates/project_list.conf.j2"
    dest: /home/mesasoft/sapp_run/etc/project_list.conf
  tags: template
 - name: Template the conflist.inf
  template:
    src: "{{ role_path }}/templates/conflist.inf.j2"
    dest: /home/mesasoft/sapp_run/plug/conflist.inf
  tags: template
 - name: Template the gdev.conf
  template:
    src: "{{ role_path }}/templates/gdev.conf.j2"
    dest: /home/mesasoft/sapp_run/etc/gdev.conf
  tags: template
 - name: Template the kni.conf
  template:
    src: "{{ role_path }}/templates/kni.conf.j2"
    dest: /home/mesasoft/sapp_run/etc/kni/kni.conf
  tags: template
 - name: "enable sapp"
  systemd:
    name: sapp
    enabled: yes
    daemon_reload: yes
--- a/roles/kni/templates/conflist.inf.j2
+++ b/roles/kni/templates/conflist.inf.j2
@@ -1,8 +0,0 @@
 [platform]
 ./plug/platform/g_device_plug/g_device_plug.inf
 [protocol]
 ./plug/protocol/http/http.inf
 [business]
 ./plug/business/kni/kni.inf
--- a/roles/kni/templates/kni.conf.j2
+++ b/roles/kni/templates/kni.conf.j2
@@ -39,35 +39,9 @@ keepalive_idle = 2
 keepalive_intvl = 1
 keepalive_cnt = 3
 [static_maat]
 readconf_mode = {{ kni.maat.readconf_mode }}
 tableinfo_path = ./etc/kni/static_maat_tableinfo.conf
 maatjson_path = ./etc/kni/maat_test.json
 redis_ip = {{ maat_redis_server.address }}
 redis_port = {{ maat_redis_server.port }}
 redis_index = {{ maat_redis_server.db }}
 [dynamic_maat]
 readconf_mode = {{ kni.maat.readconf_mode }}
 tableinfo_path = ./etc/kni/dynamic_maat_tableinfo.conf
 maatjson_path = ./etc/kni/maat_test.json
 redis_ip = {{ dynamic_maat_redis_server.address }}
 redis_port = {{ dynamic_maat_redis_server.port }}
 redis_index = {{ dynamic_maat_redis_server.db }}
 [send_logger]
 switch = {{ kni.send_logger.switch }}
 kafka_topic = SESSION-RECORD-LOG
 kafka_brokerlist = {{ log_kafkabrokers.address }}
 [marsio]
 appsym = knifw
 [kafka]
 queue.buffering.max.messages = 1000000
 topic.metadata.refresh.interval.ms = 600000
 security.protocol = MG
 [dup_traffic]
 switch = 1
 action = 2
@@ -99,4 +73,5 @@ remote_switch = {{ fs_remote.switch }}
 remote_ip = {{ fs_remote.address }}
 remote_port = {{ fs_remote.port }}
 local_path = ./fs2_kni.status
-stat_cycle = 2
+stat_cycle = 1
 print_mode = 1
--- a/roles/sapp/files/sapp-4.0.5.3385992-1.el7.x86_64.rpm
+++ b/roles/sapp/files/sapp-4.0.5.3385992-1.el7.x86_64.rpm
--- a/roles/sapp/tasks/main.yml
+++ b/roles/sapp/tasks/main.yml
@@ -0,0 +1,41 @@
 ---
 - name: "copy sapp to destination server"
  copy:
    src: "{{ role_path }}/files/"
    dest: /tmp/ansible_deploy/
 - name: "install sapp rpms from localhost"
  yum:
    name:
      - /tmp/ansible_deploy/sapp-4.0.5.3385992-1.el7.x86_64.rpm
    state: present
 - name: Template the sapp.toml
  template:
    src: "{{ role_path }}/templates/sapp.toml.j2"
    dest: /home/mesasoft/sapp_run/etc/sapp.toml
  tags: template
 - name: Template the project_list.conf
  template:
    src: "{{ role_path }}/templates/project_list.conf.j2"
    dest: /home/mesasoft/sapp_run/etc/project_list.conf
  tags: template
 - name: Template the conflist.inf
  template:
    src: "{{ role_path }}/templates/conflist.inf.j2"
    dest: /home/mesasoft/sapp_run/plug/conflist.inf
  tags: template
 - name: Template the gdev.conf
  template:
    src: "{{ role_path }}/templates/gdev.conf.j2"
    dest: /home/mesasoft/sapp_run/etc/gdev.conf
  tags: template
 - name: "enable sapp"
  systemd:
    name: sapp
    enabled: yes
    daemon_reload: yes
--- a/roles/sapp/templates/conflist.inf.j2
+++ b/roles/sapp/templates/conflist.inf.j2
@@ -0,0 +1,19 @@
 [platform]
 ./plug/platform/g_device_plug/g_device_plug.inf
 ./plug/platform/tsg_master/tsg_master.inf
 [protocol]
 ./plug/protocol/ssl/ssl.inf
 ./plug/protocol/http/http.inf
 ./plug/protocol/dns/dns.inf
 ./plug/protocol/mail/mail.inf
 ./plug/protocol/ftp/ftp.inf
 [business]
 ./plug/business/kni/kni.inf
 ./plug/business/fw_ssl/fw_ssl.inf
 ./plug/business/fw_http_plug/fw_http_plug.inf
 ./plug/business/fw_dns_plug/fw_dns_plug.inf
 ./plug/business/fw_mail_plug/fw_mail_plug.inf
 ./plug/business/fw_ftp_plug/fw_ftp_plug.inf
 ./plug/business/tsg_conn_record/tsg_conn_record.inf
--- a/roles/sapp/templates/gdev.conf.j2
+++ b/roles/sapp/templates/gdev.conf.j2
--- a/roles/sapp/templates/project_list.conf.j2
+++ b/roles/sapp/templates/project_list.conf.j2
@@ -1,4 +1,4 @@
 tcp_flow_stat           struct
 udp_flow_stat           struct
 tcp_deduce_flow_stat    struct
-kni_http_tag            struct
+POLICY_PRIORITY	struct
--- a/roles/sapp/templates/sapp.toml.j2
+++ b/roles/sapp/templates/sapp.toml.j2
--- a/roles/tfe/files/tfe-kmod-v1.0.4.20190923-1dkms.noarch.rpm
+++ b/roles/tfe/files/tfe-kmod-v1.0.4.20190923-1dkms.noarch.rpm