diff --git a/deploy.yml b/deploy.yml index d8933fb..ab5c520 100644 --- a/deploy.yml +++ b/deploy.yml @@ -22,7 +22,7 @@ - certstore - cert-redis - telegraf_statistic - - tsg_device_tag +# - tsg_device_tag - hosts: adc_mcn1 remote_user: root @@ -60,6 +60,24 @@ - mrzcpd - tfe +- hosts: adc_mcn0 + remote_user: root + roles: + - tsg-diagnose + +- hosts: + - adc_mcn1 + - adc_mcn2 + - adc_mcn3 + remote_user: root + roles: + - tsg-diagnose_sync_ca + +- hosts: adc_mcn0 + remote_user: root + roles: + - tsg-diagnose_stop_sync + - hosts: server-as-tun-mode remote_user: root vars_files: @@ -80,4 +98,4 @@ - tfe - telegraf_statistic - proxy_status - - tsg_device_tag +# - tsg_device_tag diff --git a/install_config/group_vars/adc_global.yml b/install_config/group_vars/adc_global.yml index 624c262..51a19eb 100644 --- a/install_config/group_vars/adc_global.yml +++ b/install_config/group_vars/adc_global.yml @@ -78,6 +78,7 @@ tfe: mc_cache_eth: lo keykeeper: no_cache: 0 + mirror_enable: 1 ######################################## #Marsio Config @@ -87,3 +88,8 @@ mrzcpd: mrtunnat: lcore_id: 40,41,42,43 + +######################################### +#Tsg-app +tsg-app_enable: 1 + diff --git a/install_config/group_vars/server_as_tun_mode.yml b/install_config/group_vars/server_as_tun_mode.yml index a77a646..d680604 100644 --- a/install_config/group_vars/server_as_tun_mode.yml +++ b/install_config/group_vars/server_as_tun_mode.yml @@ -93,6 +93,7 @@ tfe: mc_cache_eth: lo keykeeper: no_cache: 0 + mirror_enable: 1 ######################################### #Marsio Config @@ -102,6 +103,10 @@ mrzcpd: mrtunnat: lcore_id: 38 +######################################### +#Tsg-app +tsg-app_enable: 0 + ######################################### #ATCA Config #下列配置只在tsg_access_type=4时生效 diff --git a/roles/cert-redis/files/cert-redis/6379/6379.conf b/roles/cert-redis/files/cert-redis/6379/6379.conf index d17e213..c5ea144 100644 --- a/roles/cert-redis/files/cert-redis/6379/6379.conf +++ b/roles/cert-redis/files/cert-redis/6379/6379.conf @@ -160,7 +160,7 @@ loglevel notice # Specify the log file name. Also the empty string can be used to force # Redis to log on the standard output. Note that if you use standard # output for logging but daemonize, logs will be sent to /dev/null -logfile "/home/tsg/cert-redis/6379/6379.log" +logfile "/opt/tsg/cert-redis/6379/6379.log" # To enable logging to the system logger, just set 'syslog-enabled' to yes, # and optionally update the other syslog parameters to suit your needs. @@ -244,7 +244,7 @@ dbfilename dump.rdb # The Append Only File will also be created inside this directory. # # Note that you must specify a directory here, not a file name. -dir /home/tsg/cert-redis/6379/ +dir /opt/tsg/cert-redis/6379/ ################################# REPLICATION ################################# diff --git a/roles/cert-redis/files/cert-redis/start-cert-redis b/roles/cert-redis/files/cert-redis/start-cert-redis index 3b2f836..56232f3 100755 --- a/roles/cert-redis/files/cert-redis/start-cert-redis +++ b/roles/cert-redis/files/cert-redis/start-cert-redis @@ -1,4 +1,4 @@ #!/bin/bash # -/usr/local/bin/redis-server /home/tsg/cert-redis/6379/6379.conf +/usr/local/bin/redis-server /opt/tsg/cert-redis/6379/6379.conf diff --git a/roles/cert-redis/tasks/main.yml b/roles/cert-redis/tasks/main.yml index 450fb4f..5433960 100644 --- a/roles/cert-redis/tasks/main.yml +++ b/roles/cert-redis/tasks/main.yml @@ -1,11 +1,11 @@ - name: "copy cert-redis to destination server" copy: src: "{{ role_path }}/files/" - dest: /home/tsg + dest: /opt/tsg mode: 0755 - name: "install cert-redis" - shell: cd /home/tsg/cert-redis;sh install.sh + shell: cd /opt/tsg/cert-redis;sh install.sh - name: "start cert-redis" systemd: diff --git a/roles/certstore/files/certstore-2.1.2.20200828.f507b3e-1.el7.x86_64.rpm b/roles/certstore/files/certstore-2.1.2.20200828.f507b3e-1.el7.x86_64.rpm deleted file mode 100644 index bb18166..0000000 Binary files a/roles/certstore/files/certstore-2.1.2.20200828.f507b3e-1.el7.x86_64.rpm and /dev/null differ diff --git a/roles/certstore/files/certstore-2.1.2.202009.87fcacf-1.el7.x86_64.rpm b/roles/certstore/files/certstore-2.1.2.202009.87fcacf-1.el7.x86_64.rpm new file mode 100644 index 0000000..efc9c2d Binary files /dev/null and b/roles/certstore/files/certstore-2.1.2.202009.87fcacf-1.el7.x86_64.rpm differ diff --git a/roles/certstore/tasks/main.yml b/roles/certstore/tasks/main.yml index 5d9b7af..2f444ee 100644 --- a/roles/certstore/tasks/main.yml +++ b/roles/certstore/tasks/main.yml @@ -3,20 +3,20 @@ src: "{{ role_path }}/files/" dest: "/tmp/ansible_deploy/" -- name: Ensures /home/tsg exists - file: path=/home/tsg state=directory +- name: Ensures /opt/tsg exists + file: path=/opt/tsg state=directory tags: mkdir - name: install certstore yum: name: - - /tmp/ansible_deploy/certstore-2.1.2.20200828.f507b3e-1.el7.x86_64.rpm + - /tmp/ansible_deploy/certstore-2.1.2.202009.87fcacf-1.el7.x86_64.rpm state: present - name: template certstore configure file template: src: "{{ role_path }}/templates/cert_store.ini.j2" - dest: /home/tsg/certstore/conf/cert_store.ini + dest: /opt/tsg/certstore/conf/cert_store.ini - name: "start certstore" systemd: diff --git a/roles/firewall/files/dns-2.0.6.d8317e9-2.el7.x86_64.rpm b/roles/firewall/files/dns-2.0.6.d8317e9-2.el7.x86_64.rpm deleted file mode 100644 index f1cc58d..0000000 Binary files a/roles/firewall/files/dns-2.0.6.d8317e9-2.el7.x86_64.rpm and /dev/null differ diff --git a/roles/firewall/files/dns-2.0.8.beb1d09-2.el7.x86_64.rpm b/roles/firewall/files/dns-2.0.8.beb1d09-2.el7.x86_64.rpm new file mode 100644 index 0000000..fb616e0 Binary files /dev/null and b/roles/firewall/files/dns-2.0.8.beb1d09-2.el7.x86_64.rpm differ diff --git a/roles/firewall/files/fw_dns_plug-3.0.0.0a5d574-2.el7.x86_64.rpm b/roles/firewall/files/fw_dns_plug-3.0.0.0a5d574-2.el7.x86_64.rpm deleted file mode 100644 index 4d1aca7..0000000 Binary files a/roles/firewall/files/fw_dns_plug-3.0.0.0a5d574-2.el7.x86_64.rpm and /dev/null differ diff --git a/roles/firewall/files/fw_dns_plug-3.0.1.453c533-2.el7.x86_64.rpm b/roles/firewall/files/fw_dns_plug-3.0.1.453c533-2.el7.x86_64.rpm new file mode 100644 index 0000000..6151b56 Binary files /dev/null and b/roles/firewall/files/fw_dns_plug-3.0.1.453c533-2.el7.x86_64.rpm differ diff --git a/roles/firewall/files/quic-1.1.6.d6755d8-2.el7.x86_64.rpm b/roles/firewall/files/quic-1.1.6.d6755d8-2.el7.x86_64.rpm deleted file mode 100644 index df8cdd3..0000000 Binary files a/roles/firewall/files/quic-1.1.6.d6755d8-2.el7.x86_64.rpm and /dev/null differ diff --git a/roles/firewall/files/quic-1.1.9.810857d-2.el7.x86_64.rpm b/roles/firewall/files/quic-1.1.9.810857d-2.el7.x86_64.rpm new file mode 100644 index 0000000..55c7e3e Binary files /dev/null and b/roles/firewall/files/quic-1.1.9.810857d-2.el7.x86_64.rpm differ diff --git a/roles/firewall/files/ssl-1.0.3.e8482a4-2.el7.x86_64.rpm b/roles/firewall/files/ssl-1.0.3.e8482a4-2.el7.x86_64.rpm deleted file mode 100644 index 19e48c1..0000000 Binary files a/roles/firewall/files/ssl-1.0.3.e8482a4-2.el7.x86_64.rpm and /dev/null differ diff --git a/roles/firewall/files/ssl-1.0.8.0068bd9-2.el7.x86_64.rpm b/roles/firewall/files/ssl-1.0.8.0068bd9-2.el7.x86_64.rpm new file mode 100644 index 0000000..066fede Binary files /dev/null and b/roles/firewall/files/ssl-1.0.8.0068bd9-2.el7.x86_64.rpm differ diff --git a/roles/firewall/tasks/main.yml b/roles/firewall/tasks/main.yml index 0293ab7..184b02c 100644 --- a/roles/firewall/tasks/main.yml +++ b/roles/firewall/tasks/main.yml @@ -13,9 +13,9 @@ fw_packages: - /tmp/ansible_deploy/capture_packet_plug-3.0.2.09f193c-2.el7.x86_64.rpm - /tmp/ansible_deploy/clotho-debug-1.0.0.-1.el7.x86_64.rpm - - /tmp/ansible_deploy/dns-2.0.6.d8317e9-2.el7.x86_64.rpm + - /tmp/ansible_deploy/dns-2.0.8.beb1d09-2.el7.x86_64.rpm - /tmp/ansible_deploy/ftp-1.0.6.2710506-2.el7.x86_64.rpm - - /tmp/ansible_deploy/fw_dns_plug-3.0.0.0a5d574-2.el7.x86_64.rpm + - /tmp/ansible_deploy/fw_dns_plug-3.0.1.453c533-2.el7.x86_64.rpm - /tmp/ansible_deploy/fw_ftp_plug-3.0.0.7a867ea-2.el7.x86_64.rpm - /tmp/ansible_deploy/fw_http_plug-3.0.0.1ca1c65-2.el7.x86_64.rpm - /tmp/ansible_deploy/fw_mail_plug-3.0.0.3b4e481-2.el7.x86_64.rpm @@ -23,10 +23,13 @@ - /tmp/ansible_deploy/fw_ssl_plug-3.0.1.7ea9976-2.el7.x86_64.rpm - /tmp/ansible_deploy/http-2.0.3.9218b4b-2.el7.x86_64.rpm - /tmp/ansible_deploy/mail-1.0.7.9e3be05-2.el7.x86_64.rpm - - /tmp/ansible_deploy/quic-1.1.6.d6755d8-2.el7.x86_64.rpm - - /tmp/ansible_deploy/ssl-1.0.3.e8482a4-2.el7.x86_64.rpm + - /tmp/ansible_deploy/quic-1.1.9.810857d-2.el7.x86_64.rpm + - /tmp/ansible_deploy/ssl-1.0.8.0068bd9-2.el7.x86_64.rpm - /tmp/ansible_deploy/tsg_conn_record-1.0.2.2afb19a-2.el7.x86_64.rpm - /tmp/ansible_deploy/tsg_conn_sketch-2.0.v2.0_alpha.af621ca-2.el7.x86_64.rpm + - /tmp/ansible_deploy/app_control_plug-1.0.2.a724506-2.el7.x86_64.rpm + - /tmp/ansible_deploy/app_sketch_local-1.0.2.fd63c68-2.el7.x86_64.rpm + - /tmp/ansible_deploy/app_master-1.0.4.d189dee-2.el7.x86_64.rpm - name: "Template the tsgconf/main.conf" template: diff --git a/roles/framework/files/libMESA_field_stat2-2.9.0.16ecf3b-2.el7.x86_64.rpm b/roles/framework/files/libMESA_field_stat2-2.9.0.16ecf3b-2.el7.x86_64.rpm deleted file mode 100644 index 9f38da2..0000000 Binary files a/roles/framework/files/libMESA_field_stat2-2.9.0.16ecf3b-2.el7.x86_64.rpm and /dev/null differ diff --git a/roles/framework/files/libMESA_field_stat2-2.9.1.d80b5fb-2.el7.x86_64.rpm b/roles/framework/files/libMESA_field_stat2-2.9.1.d80b5fb-2.el7.x86_64.rpm new file mode 100644 index 0000000..cacced0 Binary files /dev/null and b/roles/framework/files/libMESA_field_stat2-2.9.1.d80b5fb-2.el7.x86_64.rpm differ diff --git a/roles/framework/files/libmaatframe-3.0.3.5931b44-2.el7.x86_64.rpm b/roles/framework/files/libmaatframe-3.0.3.5931b44-2.el7.x86_64.rpm deleted file mode 100644 index 23f3990..0000000 Binary files a/roles/framework/files/libmaatframe-3.0.3.5931b44-2.el7.x86_64.rpm and /dev/null differ diff --git a/roles/framework/files/libmaatframe-3.0.7.34de556-2.el7.x86_64.rpm b/roles/framework/files/libmaatframe-3.0.7.34de556-2.el7.x86_64.rpm new file mode 100644 index 0000000..6b5dc73 Binary files /dev/null and b/roles/framework/files/libmaatframe-3.0.7.34de556-2.el7.x86_64.rpm differ diff --git a/roles/framework/files/libtsglua-1.0.7.0864e4a-2.el7.x86_64.rpm b/roles/framework/files/libtsglua-1.0.7.0864e4a-2.el7.x86_64.rpm new file mode 100644 index 0000000..756eaae Binary files /dev/null and b/roles/framework/files/libtsglua-1.0.7.0864e4a-2.el7.x86_64.rpm differ diff --git a/roles/framework/tasks/main.yml b/roles/framework/tasks/main.yml index beafcd5..feb4eef 100644 --- a/roles/framework/tasks/main.yml +++ b/roles/framework/tasks/main.yml @@ -11,18 +11,19 @@ vars: packages: - /tmp/ansible_deploy/libMESA_field_stat-1.0.1.852c2df-1.el7.x86_64.rpm - - /tmp/ansible_deploy/libMESA_field_stat2-2.9.0.16ecf3b-2.el7.x86_64.rpm + - /tmp/ansible_deploy/libMESA_field_stat2-2.9.1.d80b5fb-2.el7.x86_64.rpm - /tmp/ansible_deploy/libMESA_handle_logger-1.0.9.304259e-2.el7.x86_64.rpm - /tmp/ansible_deploy/libMESA_htable-3.10.11.6275308-1.el7.x86_64.rpm - /tmp/ansible_deploy/libMESA_prof_load-1.0.5.bf755de-1.el7.x86_64.rpm - /tmp/ansible_deploy/libWiredLB-2.0.3.c7d131b-1.el7.x86_64.rpm - /tmp/ansible_deploy/libcjson-1.7.8.542ad7f-1.el7.x86_64.rpm - /tmp/ansible_deploy/libdocumentanalyze-2.0.4.efdfc29-1.el7.x86_64.rpm - - /tmp/ansible_deploy/libmaatframe-3.0.3.5931b44-2.el7.x86_64.rpm + - /tmp/ansible_deploy/libmaatframe-3.0.7.34de556-2.el7.x86_64.rpm - /tmp/ansible_deploy/librulescan-2.2.0.900d2b3-2.el7.x86_64.rpm - /tmp/ansible_deploy/libwiredcfg-2.0.2.7ce1eea-1.el7.x86_64.rpm - /tmp/ansible_deploy/lz4-1.7.5-3.el7.x86_64.rpm - /tmp/ansible_deploy/librdkafka-0.11.4-1.el7.x86_64.rpm + - /tmp/ansible_deploy/libtsglua-1.0.7.0864e4a-2.el7.x86_64.rpm - name: "mkdir /etc/ld.so.conf.d/" file: diff --git a/roles/kni/files/kni-20.07-1.el7.x86_64.rpm b/roles/kni/files/kni-20.07-1.el7.x86_64.rpm deleted file mode 100644 index 2cefa0c..0000000 Binary files a/roles/kni/files/kni-20.07-1.el7.x86_64.rpm and /dev/null differ diff --git a/roles/kni/files/kni-20.09-1.el7.x86_64.rpm b/roles/kni/files/kni-20.09-1.el7.x86_64.rpm new file mode 100644 index 0000000..ce67e4c Binary files /dev/null and b/roles/kni/files/kni-20.09-1.el7.x86_64.rpm differ diff --git a/roles/kni/tasks/main.yml b/roles/kni/tasks/main.yml index df94d99..de68b06 100644 --- a/roles/kni/tasks/main.yml +++ b/roles/kni/tasks/main.yml @@ -7,7 +7,7 @@ - name: "install kni rpms from localhost" yum: name: - - /tmp/ansible_deploy/kni-20.07-1.el7.x86_64.rpm + - /tmp/ansible_deploy/kni-20.09-1.el7.x86_64.rpm state: present - name: Template the kni.conf diff --git a/roles/mrzcpd/templates/adc_inline/mrglobal.conf.adc_inline.j2 b/roles/mrzcpd/templates/adc_inline/mrglobal.conf.adc_inline.j2 index 0b724a5..9a28a58 100644 --- a/roles/mrzcpd/templates/adc_inline/mrglobal.conf.adc_inline.j2 +++ b/roles/mrzcpd/templates/adc_inline/mrglobal.conf.adc_inline.j2 @@ -10,7 +10,7 @@ jumbo_frame=1 max_rx_pkt_len=15360 clear_tx_flags=1 vlan-filter=1 -vlan-id-allow=1000,1001 +vlan-id-allow=1000,1001,4000,4001 [device:{{nic_to_tfe.tfe0.name}}] jumbo_frame=1 diff --git a/roles/mrzcpd/templates/adc_inline/mrtunnat.conf.adc_inline.j2 b/roles/mrzcpd/templates/adc_inline/mrtunnat.conf.adc_inline.j2 index 00b42b5..e690909 100644 --- a/roles/mrzcpd/templates/adc_inline/mrtunnat.conf.adc_inline.j2 +++ b/roles/mrzcpd/templates/adc_inline/mrtunnat.conf.adc_inline.j2 @@ -16,3 +16,6 @@ enable=1 c_router_vlan_id_0=1000 i_router_vlan_id_0=1001 en_mac_flipping_0=0 +c_router_vlan_id_1=4000 +i_router_vlan_id_1=4001 +en_mac_flipping_1=0 diff --git a/roles/mrzcpd/templates/adc_tun_mode/mrglobal.conf.adc_tun_mode.j2 b/roles/mrzcpd/templates/adc_tun_mode/mrglobal.conf.adc_tun_mode.j2 index 3c2fba9..032a1c4 100644 --- a/roles/mrzcpd/templates/adc_tun_mode/mrglobal.conf.adc_tun_mode.j2 +++ b/roles/mrzcpd/templates/adc_tun_mode/mrglobal.conf.adc_tun_mode.j2 @@ -8,7 +8,7 @@ jumbo_frame=1 max_rx_pkt_len=15360 clear_tx_flags=1 vlan-filter=1 -vlan-id-allow=1000,1001,2000,2001 +vlan-id-allow=1000,1001,2000,2001,4000,4001 vlan-pvid=0 vlan-pvid-mode=2 promisc=1 diff --git a/roles/mrzcpd/templates/adc_tun_mode/mrtunnat.conf.adc_tun_mode.j2 b/roles/mrzcpd/templates/adc_tun_mode/mrtunnat.conf.adc_tun_mode.j2 index c30d086..19a709a 100644 --- a/roles/mrzcpd/templates/adc_tun_mode/mrtunnat.conf.adc_tun_mode.j2 +++ b/roles/mrzcpd/templates/adc_tun_mode/mrtunnat.conf.adc_tun_mode.j2 @@ -19,3 +19,6 @@ en_mac_flipping_0=0 c_router_vlan_id_1=2000 i_router_vlan_id_1=2001 en_mac_flipping_1=0 +c_router_vlan_id_2=4000 +i_router_vlan_id_2=4001 +en_mac_flipping_2=0 diff --git a/roles/mrzcpd/templates/allot_access/mrglobal.conf.allot_access.j2 b/roles/mrzcpd/templates/allot_access/mrglobal.conf.allot_access.j2 index c39f28e..48ba1e8 100644 --- a/roles/mrzcpd/templates/allot_access/mrglobal.conf.allot_access.j2 +++ b/roles/mrzcpd/templates/allot_access/mrglobal.conf.allot_access.j2 @@ -8,7 +8,7 @@ jumbo_frame=1 max_rx_pkt_len=15360 clear_tx_flags=1 vlan-filter=1 -vlan-id-allow={{ AllotAccess.virturlID_1 }},{{ AllotAccess.virturlID_2 }} +vlan-id-allow={{ AllotAccess.virturlID_1 }},{{ AllotAccess.virturlID_2 }},4000,4001,1000,1001 vlan-pvid=0 vlan-pvid-mode=2 promisc=1 diff --git a/roles/mrzcpd/templates/allot_access/mrtunnat.conf.allot_access.j2 b/roles/mrzcpd/templates/allot_access/mrtunnat.conf.allot_access.j2 index 8e6f9cb..7c25a5d 100644 --- a/roles/mrzcpd/templates/allot_access/mrtunnat.conf.allot_access.j2 +++ b/roles/mrzcpd/templates/allot_access/mrtunnat.conf.allot_access.j2 @@ -16,4 +16,10 @@ enable=1 c_router_vlan_id_0={{ AllotAccess.virturlID_1 }} i_router_vlan_id_0={{ AllotAccess.virturlID_2 }} en_mac_flipping_0=1 +c_router_vlan_id_1=1000 +i_router_vlan_id_1=1001 +en_mac_flipping_1=0 +c_router_vlan_id_2=4000 +i_router_vlan_id_2=4001 +en_mac_flipping_2=0 diff --git a/roles/sapp/files/maat_redis_tool b/roles/sapp/files/maat_redis_tool new file mode 100755 index 0000000..9e797bb Binary files /dev/null and b/roles/sapp/files/maat_redis_tool differ diff --git a/roles/sapp/files/sapp-4.0.20.b59c12a-2.el7.x86_64.rpm b/roles/sapp/files/sapp-4.0.20.b59c12a-2.el7.x86_64.rpm deleted file mode 100644 index 24e21af..0000000 Binary files a/roles/sapp/files/sapp-4.0.20.b59c12a-2.el7.x86_64.rpm and /dev/null differ diff --git a/roles/sapp/files/sapp-4.1.7.4f2839a-2.el7.x86_64.rpm b/roles/sapp/files/sapp-4.1.7.4f2839a-2.el7.x86_64.rpm new file mode 100644 index 0000000..7abeffa Binary files /dev/null and b/roles/sapp/files/sapp-4.1.7.4f2839a-2.el7.x86_64.rpm differ diff --git a/roles/sapp/tasks/main.yml b/roles/sapp/tasks/main.yml index cdbdbe7..ba53c0c 100644 --- a/roles/sapp/tasks/main.yml +++ b/roles/sapp/tasks/main.yml @@ -4,10 +4,15 @@ src: "{{ role_path }}/files/" dest: /tmp/ansible_deploy/ +- name: "copy maat_redis_tool to destination server" + copy: + src: "{{ role_path }}/files/maat_redis_tool" + dest: /usr/local/bin + - name: "install sapp rpms from localhost" yum: name: - - /tmp/ansible_deploy/sapp-4.0.20.b59c12a-2.el7.x86_64.rpm + - /tmp/ansible_deploy/sapp-4.1.7.4f2839a-2.el7.x86_64.rpm state: present skip_broken: yes diff --git a/roles/sapp/templates/conflist.inf.j2 b/roles/sapp/templates/conflist.inf.j2 index 18bc41e..292d735 100644 --- a/roles/sapp/templates/conflist.inf.j2 +++ b/roles/sapp/templates/conflist.inf.j2 @@ -10,6 +10,9 @@ #./plug/platform/http_healthcheck/http_healthcheck.inf {% endif %} ./plug/platform/tsg_master/tsg_master.inf +{% if tsg-app_enable == 1 %} +./plug/platform/app_master/app_master.inf +{% endif %} [protocol] ./plug/protocol/ssl/ssl.inf @@ -30,3 +33,7 @@ ./plug/business/tsg_conn_record/tsg_conn_record.inf ./plug/business/tsg_conn_sketch/tsg_conn_sketch.inf ./plug/business/capture_packet_plug/capture_packet_plug.inf +{% if tsg-app_enable == 1 %} +./plug/business/app_sketch_local/app_sketch_local.inf +./plug/business/app_control_plug/app_control_plug.inf +{% endif %} diff --git a/roles/tfe/files/tfe-4.3.10.fb02543-1.el7.x86_64.rpm b/roles/tfe/files/tfe-4.3.10.fb02543-1.el7.x86_64.rpm new file mode 100644 index 0000000..3cd49f8 Binary files /dev/null and b/roles/tfe/files/tfe-4.3.10.fb02543-1.el7.x86_64.rpm differ diff --git a/roles/tfe/files/tfe-4.3.9.4d7957e-1.el7.x86_64.rpm b/roles/tfe/files/tfe-4.3.9.4d7957e-1.el7.x86_64.rpm deleted file mode 100644 index 634b2e5..0000000 Binary files a/roles/tfe/files/tfe-4.3.9.4d7957e-1.el7.x86_64.rpm and /dev/null differ diff --git a/roles/tfe/tasks/main.yml b/roles/tfe/tasks/main.yml index d702f76..d0123be 100644 --- a/roles/tfe/tasks/main.yml +++ b/roles/tfe/tasks/main.yml @@ -14,7 +14,7 @@ yum: name: - /tmp/ansible_deploy/tfe-kmod-v1.0.5.20200408-1dkms.noarch.rpm - - /tmp/ansible_deploy/tfe-4.3.9.4d7957e-1.el7.x86_64.rpm + - /tmp/ansible_deploy/tfe-4.3.10.fb02543-1.el7.x86_64.rpm state: present - name: "template tfe-env config" diff --git a/roles/tfe/templates/doh.conf.j2 b/roles/tfe/templates/doh.conf.j2 old mode 100644 new mode 100755 index 69398af..bc38918 --- a/roles/tfe/templates/doh.conf.j2 +++ b/roles/tfe/templates/doh.conf.j2 @@ -23,4 +23,5 @@ table_host=TSG_FIELD_DOH_HOST # default 0 ENTRANCE_ID=0 # default 1 +# if enable "en_sendlog", the iterm "tfe.conf [kafka] enable" must set 1 en_sendlog=1 diff --git a/roles/tfe/templates/future.conf.j2 b/roles/tfe/templates/future.conf.j2 old mode 100644 new mode 100755 index d0d7c07..f83d5ec --- a/roles/tfe/templates/future.conf.j2 +++ b/roles/tfe/templates/future.conf.j2 @@ -1,5 +1,9 @@ [STAT] no_stats=0 -statsd_server=127.0.0.1 +statsd_server=192.168.100.1 statsd_port=8100 histogram_bins=0.50,0.80,0.9,0.95 +statsd_cycle=5 +# FS_OUTPUT_STATSD=1, FS_OUTPUT_INFLUX_LINE=2 +statsd_format=2 +print_diff=1 diff --git a/roles/tfe/templates/tfe.conf.j2 b/roles/tfe/templates/tfe.conf.j2 index 390c621..fffc9cc 100644 --- a/roles/tfe/templates/tfe.conf.j2 +++ b/roles/tfe/templates/tfe.conf.j2 @@ -1,76 +1,121 @@ [system] nr_worker_threads={{ tfe.nr_threads }} -enable_breakpad=0 -enable_breakpad_upload=0 -breakpad_minidump_dir=/run/tfe/crashreport/ -breakpad_upload_url=http://127.0.0.1:9000/ -disable_coredump=0 +enable_kni_v1=0 +enable_kni_v2=1 +# Only when (disable_coredump == 1 || (enable_breakpad == 1 && enable_breakpad_upload == 1)) is satisfied, the core will not be generated locally +disable_coredump=0 +enable_breakpad=1 +enable_breakpad_upload=0 +breakpad_upload_url=http://sentry.mesalab.cn:9000/api/3/minidump/?sentry_key=e8e446bb3bd8435c97f4c01770ca7025 +# must be /run/tfe/crashreport,due to tmpfile limit +breakpad_minidump_dir=/run/tfe/crashreport + +# ask for at least (1 + nr_worker_threads) masks +# the first mask for acceptor thread +# the others mask for worker thread +enable_cpu_affinity=1 +cpu_affinity_mask=1-9 +# LEAST_CONN = 0; ROUND_ROBIN = 1 +load_balance=1 [kni] +# kni v1 +#uxdomain=/var/run/.tfe_kni_acceptor_handler +# kni v2 +#scm_socket_file=/var/run/.tfe_kmod_scm_socket + +# send cmsg +send_switch=1 ip=192.168.100.1 cmsg_port=2475 + +# watch dog watchdog_switch=1 watchdog_port=2476 [ssl] ssl_max_version=tls13 ssl_min_version=ssl3 -no_session_cache=0 +ssl_compression=1 +no_ssl2=1 +no_ssl3=0 +no_tls10=0 +no_tls11=0 +no_tls12=0 +default_ciphers=ALL:-aNULL +no_cert_verify=0 + +# session ticket no_session_ticket=0 -log_master_key=0 +stek_group_num=4 +stek_rotation_time=3600 + +# session cache +no_session_cache=0 +session_cache_slots=4194304 +session_cache_expire_seconds=1800 + +# service cache +service_cache_slots=4194304 +service_cache_expire_seconds=300 +service_cache_fail_as_pinning_cnt=4 +service_cache_fail_as_proto_err_cnt=5 +service_cache_succ_as_app_not_pinning_cnt=0 +service_cache_fail_time_window=30 + +# cert +check_cert_crl=0 trusted_cert_load_local=1 trusted_cert_file=resource/tfe/tls-ca-bundle.pem trusted_cert_dir=resource/tfe/trusted_storage -key_log_file=log/sslkeylog.log -no_alpn=0 -stek_group_num=4 -stek_rotation_time=3600 -service_cache_expire_seconds=600 -# SSL mid cert cache -# default 0 +# master key +log_master_key=0 +key_log_file=log/sslkeylog.log + +# mid cert cache mc_cache_enable=1 -# default eth0 mc_cache_eth={{ nic_inner_ctrl.name }} -# default NULL mc_cache_broker_list={{ log_kafkabrokers.address }} -# default PXY-EXCH-INTERMEDIA-CERT mc_cache_topic=PXY-EXCH-INTERMEDIA-CERT [key_keeper] #Mode: debug - generate cert with ca_path, normal - generate cert with cert store #0 on cache 1 off cache -mode= normal no_cache=0 -cert_store_host= {{ cert_store_server.address }} -cert_store_port= {{ cert_store_server.port }} +mode=normal +cert_store_host={{ cert_store_server.address }} +cert_store_port={{ cert_store_server.port }} ca_path=resource/tfe/tango-ca-v3-trust-ca.pem untrusted_ca_path=resource/tfe/tango-ca-v3-untrust-ca.pem -# health_check only for "mode=normal" -# default 1 +hash_slot_size=131072 +hash_expire_seconds=300 +cert_expire_time=24 + +# health_check only for "mode=normal" default 1 enable_health_check=1 [debug] +# 1 : enforce tcp passthrough +# 0 : Whether to passthrough depends on the tcp_options in cmsg passthrough_all_tcp=0 -[traffic_mirror] -{% if tsg_running_type != 2 %} -device=lo -type=0 -{% else %} -device={{ nic_traffic_mirror.name }} -type=1 -{% endif %} - - [ratelimit] -#read_rate=200000 -#read_burst=200000 -#write_rate=200000 -#write_burst=200000 +read_rate=0 +read_burst=0 +write_rate=0 +write_burst=0 [tcp] +# read rcv_buff/snd_buff options from tfe conf +sz_rcv_buffer=-1 +sz_snd_buffer=-1 + +# 1 : use tcp_options in tfe.conf +# 0 : use tcp_options in cmsg +enable_overwrite=0 +tcp_nodelay=1 so_keepalive=1 tcp_keepcnt=8 tcp_keepintvl=15 @@ -81,45 +126,66 @@ tcp_ttl_downstream=70 [log] level={{ tfe_log_level }} +location=log/tfe.log [stat] -statsd_server=127.0.0.1 +statsd_server=192.168.100.1 statsd_port=8100 statsd_cycle=5 -# FS_OUTPUT_STATSD=1, FS_OUTPUT_INFLUX_LINE=2 +# 1:FS_OUTPUT_STATSD; 2:FS_OUTPUT_INFLUX_LINE statsd_format=2 +histogram_bins=0.5,0.8,0.9,0.95 [http] loglevel={{ tfe_http_log_level }} +[traffic_mirror] +{% if tsg_running_type != 2 %} +enable={{ tfe.mirror_enable }} +device=lo +# 0:TRAFFIC_MIRROR_ETHDEV_AF_PACKET; 1:TRAFFIC_MIRROR_ETHDEV_MARSIO +type=0 +{% else %} +enable={{ tfe.mirror_enable }} +device={{ nic_traffic_mirror.name }} +# 0:TRAFFIC_MIRROR_ETHDEV_AF_PACKET; 1:TRAFFIC_MIRROR_ETHDEV_MARSIO +type=1 +{% endif %} + + [kafka] enable=1 -nic_name={{ nic_mgr.name }} +NIC_NAME={{ nic_mgr.name }} kafka_brokerlist={{ log_kafkabrokers.address }} kafka_topic=PROXY-EVENT-LOG device_id_filepath=/opt/tsg/etc/tsg_sn.json [maat] -# 0:json 1: redis 2: iris +# 0:json 1:redis 2:iris maat_input_mode=1 +stat_switch=1 +perf_switch=1 table_info=resource/pangu/table_info.conf -json_cfg_file=resource/pangu/pangu_http.json -stat_file=log/pangu_scan.status -full_cfg_dir=pangu_policy/full/index/ -inc_cfg_dir=pangu_policy/inc/index/ +accept_path=/opt/tsg/etc/tsg_device_tag.json +stat_file=log/pangu_scan.fs2 +effect_interval_s=1 +deferred_load_on=0 +# Pangu uses accept_tags to support the effective range of the device. +# Traffic mirroring does not need to support the effective range of the device, +# but pangu and traffic mirroring use the same maat configuration file. +# Therefore, there is no need to set accept_tags in tfe.conf, +# just set accept_tags in the tfe_resource_init() code +# accept_tags={"tags":[{"tag":"device_id","value":"device_1"}]} + +# json mode conf iterm +json_cfg_file=resource/pangu/pangu_http.json + +# redis mode conf iterm maat_redis_server={{ maat_redis_server.address }} maat_redis_port_range={{ maat_redis_server.port }} maat_redis_db_index={{ maat_redis_server.db }} -effect_interval_s=1 -#accept_tags={"tags":[{"tag":"location","value":"Astana"}]} -accept_path=/opt/tsg/etc/tsg_device_tag.json - -[dynamic_maat] -maat_input_mode=1 -table_info=resource/pangu/dynamic_maat_table_info.conf -maat_redis_server={{ dynamic_maat_redis_server.address }} -maat_redis_port_range={{ dynamic_maat_redis_server.port }} -maat_redis_db_index={{ dynamic_maat_redis_server.db }} -effect_interval_s=1 +# iris mode conf iterm +full_cfg_dir=pangu_policy/full/index/ +inc_cfg_dir=pangu_policy/inc/index/ diff --git a/roles/tsg-app/files/app_control_plug-1.0.2.a724506-2.el7.x86_64.rpm b/roles/tsg-app/files/app_control_plug-1.0.2.a724506-2.el7.x86_64.rpm new file mode 100644 index 0000000..ab9886f Binary files /dev/null and b/roles/tsg-app/files/app_control_plug-1.0.2.a724506-2.el7.x86_64.rpm differ diff --git a/roles/tsg-app/files/app_master-1.0.4.d189dee-2.el7.x86_64.rpm b/roles/tsg-app/files/app_master-1.0.4.d189dee-2.el7.x86_64.rpm new file mode 100644 index 0000000..712d511 Binary files /dev/null and b/roles/tsg-app/files/app_master-1.0.4.d189dee-2.el7.x86_64.rpm differ diff --git a/roles/tsg-app/files/app_sketch_local-1.0.2.fd63c68-2.el7.x86_64.rpm b/roles/tsg-app/files/app_sketch_local-1.0.2.fd63c68-2.el7.x86_64.rpm new file mode 100644 index 0000000..0c29244 Binary files /dev/null and b/roles/tsg-app/files/app_sketch_local-1.0.2.fd63c68-2.el7.x86_64.rpm differ diff --git a/roles/tsg-app/tasks/main.yml b/roles/tsg-app/tasks/main.yml new file mode 100644 index 0000000..73e2900 --- /dev/null +++ b/roles/tsg-app/tasks/main.yml @@ -0,0 +1,17 @@ +--- +- name: "copy tsg-app rpms to destination server" + copy: + src: "{{ role_path }}/files/" + dest: /tmp/ansible_deploy/ + +- name: "install tsg-app packages" + yum: + name: "{{ app_packages }}" + state: present + skip_broken: yes + vars: + app_packages: + - /tmp/ansible_deploy/app_control_plug-1.0.2.a724506-2.el7.x86_64.rpm + - /tmp/ansible_deploy/app_sketch_local-1.0.2.fd63c68-2.el7.x86_64.rpm + - /tmp/ansible_deploy/app_master-1.0.4.d189dee-2.el7.x86_64.rpm + when: tsg-app_enable == 1 diff --git a/roles/tsg-diagnose/files/install_docker.zip b/roles/tsg-diagnose/files/install_docker.zip new file mode 100644 index 0000000..7725529 Binary files /dev/null and b/roles/tsg-diagnose/files/install_docker.zip differ diff --git a/roles/tsg-diagnose/files/tsg-diagnose-20.09-1.el7.x86_64.rpm b/roles/tsg-diagnose/files/tsg-diagnose-20.09-1.el7.x86_64.rpm new file mode 100644 index 0000000..4d62b8e Binary files /dev/null and b/roles/tsg-diagnose/files/tsg-diagnose-20.09-1.el7.x86_64.rpm differ diff --git a/roles/tsg-diagnose/tasks/main.yml b/roles/tsg-diagnose/tasks/main.yml new file mode 100644 index 0000000..3176f19 --- /dev/null +++ b/roles/tsg-diagnose/tasks/main.yml @@ -0,0 +1,38 @@ +- name: "Tsg-diagnose:copy file to device" + copy: + src: '{{ role_path }}/files/' + dest: /tmp/ansible_deploy/ + +- name: "unarchive install_docker.zip" + unarchive: + src: /tmp/ansible_deploy/install_docker.zip + dest: /tmp/ansible_deploy/ + remote_src: yes + +- name: "exec docker install shell" + shell: cd /tmp/ansible_deploy/install_docker; sh setup_docker.sh + +- name: 'Docker service start and enable' + systemd: + name: docker + enabled: yes + state: started + daemon_reload: yes + +- name: "Install tsg-diagnose rpm package" + yum: + name: + - "/tmp/ansible_deploy/tsg-diagnose-20.09-1.el7.x86_64.rpm" + state: present + +- name: "tsg-diagnose init certs" + shell: /bin/sh /opt/tsg/tsg-diagnose/deploy/init_certs/init_badssl_certs.sh + +- name: 'Tsg-diagnose service start' + systemd: + name: tsg-diagnose + enabled: yes + daemon_reload: yes + +- name: "tsg-diagnose init rsync deamon" + shell: /bin/sh /opt/tsg/tsg-diagnose/deploy/rsync/init_rsyncd.sh diff --git a/roles/tsg-diagnose_stop_sync/tasks/main.yml b/roles/tsg-diagnose_stop_sync/tasks/main.yml new file mode 100644 index 0000000..1633c16 --- /dev/null +++ b/roles/tsg-diagnose_stop_sync/tasks/main.yml @@ -0,0 +1,3 @@ +- name: "tsg-diagnose: stop rsync deamon process" + shell: killall -9 rsync + diff --git a/roles/tsg-diagnose_sync_ca/tasks/main.yml b/roles/tsg-diagnose_sync_ca/tasks/main.yml new file mode 100644 index 0000000..cc13196 --- /dev/null +++ b/roles/tsg-diagnose_sync_ca/tasks/main.yml @@ -0,0 +1,6 @@ +- name: "tsg-diagnose: rsync badssl ca certs" + shell: rsync -avzP --delete 192.168.100.1::blade0toother /tmp/sync/ + +- name: "tsg-diagnose: add badssl ca file to tfe tls-ca-bundle" + shell: cat /tmp/sync/ca-root.crt >> /opt/tsg/tfe/resource/tfe/tls-ca-bundle.pem + diff --git a/roles/tsg_master/files/tsg_master-3.1.2.7002e1b-2.el7.x86_64.rpm b/roles/tsg_master/files/tsg_master-3.1.2.7002e1b-2.el7.x86_64.rpm deleted file mode 100644 index afd1fc3..0000000 Binary files a/roles/tsg_master/files/tsg_master-3.1.2.7002e1b-2.el7.x86_64.rpm and /dev/null differ diff --git a/roles/tsg_master/files/tsg_master-3.2.8.e57ad7f-2.el7.x86_64.rpm b/roles/tsg_master/files/tsg_master-3.2.8.e57ad7f-2.el7.x86_64.rpm new file mode 100644 index 0000000..e23c375 Binary files /dev/null and b/roles/tsg_master/files/tsg_master-3.2.8.e57ad7f-2.el7.x86_64.rpm differ diff --git a/roles/tsg_master/tasks/main.yml b/roles/tsg_master/tasks/main.yml index ff68425..c0c6d41 100644 --- a/roles/tsg_master/tasks/main.yml +++ b/roles/tsg_master/tasks/main.yml @@ -6,6 +6,6 @@ - name: "install tsg_master from localhost" yum: name: - - /tmp/ansible_deploy/tsg_master-3.1.2.7002e1b-2.el7.x86_64.rpm + - /tmp/ansible_deploy/tsg_master-3.2.8.e57ad7f-2.el7.x86_64.rpm state: present skip_broken: yes diff --git a/uninstall/roles/package_list/20.09.yml b/uninstall/roles/package_list/20.09.yml new file mode 100644 index 0000000..8c275c1 --- /dev/null +++ b/uninstall/roles/package_list/20.09.yml @@ -0,0 +1,93 @@ +#################### +#marsio +mrzcpd: mrzcpd-4.3.25.d88306e-1.el7.x86_64 + +#################### +#kernel +origin_kernel: CentOS Linux (3.10.0-693.el7.x86_64) 7 (Core) +#默认为CentOS 7.4内核,如果系统版本变更,请手动更改origin_kernel值 + +kernel_ml: kernel-ml-5.1.8-1.el7.elrepo.x86_64 +kernel_ml_devel: kernel-ml-devel-5.1.8-1.el7.elrepo.x86_64 +dkms: dkms-2.7.1-1.el7.noarch +elfutils_libelf_devel: elfutils-libelf-devel-0.168-8.el7.x86_64 +pkgconfig: pkgconfig-0.27.1-4.el7.x86_64 +zlib_devel: zlib-devel-1.2.7-17.el7.x86_64 + +#################### +#framework +libcjson: libcjson-1.7.8.542ad7f-1.x86_64 +libdocument: libdocumentanalyze-2.0.4.efdfc29-1.x86_64 +libmaatframe: libmaatframe-3.0.7.34de556-1.x86_64 +libMESA_field_stat: libMESA_field_stat-1.0.1.852c2df-1.x86_64 +libMESA_field_stat2: libMESA_field_stat2-2.9.1.d80b5fb-1.x86_64 +libMESA_handle_logger: libMESA_handle_logger-1.0.9.304259e-1.x86_64 +libMESA_htable: libMESA_htable-3.10.11.6275308-1.x86_64 +libMESA_prof_load: libMESA_prof_load-1.0.5.bf755de-1.x86_64 +librdkafka: librdkafka-0.11.4-1.el7.x86_64 +librulescan: librulescan-2.2.0.900d2b3-1.x86_64 +libwiredcfg: libwiredcfg-2.0.2.7ce1eea-1.x86_64 +libWiredLB: libWiredLB-2.0.3.c7d131b-1.x86_64 +lz4: lz4-1.7.5-3.el7.x86_64 +libtsglua: libtsglua-1.0.7.0864e4a-1.x86_64 + +#################### +#sapp +sapp: sapp-4.1.7.4f2839a-1.x86_64 + +#################### +#tsg_master +tsg_master: tsg_master-3.2.8.e57ad7f-1.x86_64 + +#################### +#kni +kni: kni-20.09-1.el7.x86_64 + +#################### +#firewall +capture_packet_plug: capture_packet_plug-3.0.2.09f193c-1.x86_64 +dns: dns-2.0.8.beb1d09-1.x86_64 +ftp: ftp-1.0.6.2710506-1.x86_64 +http: http-2.0.3.9218b4b-1.x86_64 +quic: quic-1.1.9.810857d-1.x86_64 +ssl: ssl-1.0.8.0068bd9-1.x86_64 +mail: mail-1.0.7.9e3be05-1.x86_64 +fw_dns: fw_dns_plug-3.0.1.453c533-1.x86_64 +fw_ftp: fw_ftp_plug-3.0.0.7a867ea-1.x86_64 +fw_http: fw_http_plug-3.0.0.1ca1c65-1.x86_64 +fw_quic: fw_quic_plug-3.0.0.b06d39c-1.x86_64 +fw_ssl: fw_ssl_plug-3.0.1.7ea9976-1.x86_64 +fw_mail: fw_mail_plug-3.0.0.3b4e481-1.x86_64 +tsg_conn_record: tsg_conn_record-1.0.2.2afb19a-1.x86_64 +tsg_conn_sketch: tsg_conn_sketch-2.0.v2.0_alpha.af621ca-1.x86_64 + +#################### +#Tsg_app +app_sketch_local: app_sketch_local-1.0.2.fd63c68-1.x86_64 +app_control_plug: app_control_plug-1.0.2.a724506-1.x86_64 +app_master: app_master-1.0.4.d189dee-1.x86_64 + +#################### +#tfe +tfe: tfe-4.3.10.fb02543-1.el7.x86_64 +tfe_kmod: tfe-kmod-v1.0.5.20200408-1dkms.noarch + +#################### +#http_healthcheck +http_healthcheck: http_healthcheck-20.04-1.el7.x86_64 + +##################### +#clotho +clotho: clotho-debug-1.0.0.-1.el7.x86_64 + +##################### +#certstore +certstore: certstore-2.1.2.202009.87fcacf-1.el7.x86_64 + +##################### +#telegraf +telegraf_statistic: telegraf-1.13.0-1.x86_64 + +##################### +#tsg-diagnose +tsg-diagnose: tsg-diagnose-20.09-1.el7.x86_64 diff --git a/uninstall/roles/uninstall_adc_mcn0/tasks/certredis_after_20.09.yml b/uninstall/roles/uninstall_adc_mcn0/tasks/certredis_after_20.09.yml new file mode 100644 index 0000000..49d6e27 --- /dev/null +++ b/uninstall/roles/uninstall_adc_mcn0/tasks/certredis_after_20.09.yml @@ -0,0 +1,13 @@ +- name: stop cert-redis + systemd: + name: cert-redis + state: stopped + enabled: no + when: uninstall.certredis == 1 + ignore_errors: true + +- name: remove cert-redis files + file: + path: /opt/tsg/cert-redis + state: absent + when: remove.certredis == 1 diff --git a/uninstall/roles/uninstall_adc_mcn0/tasks/certredis_before_20.09.yml b/uninstall/roles/uninstall_adc_mcn0/tasks/certredis_before_20.09.yml new file mode 100644 index 0000000..a63754b --- /dev/null +++ b/uninstall/roles/uninstall_adc_mcn0/tasks/certredis_before_20.09.yml @@ -0,0 +1,13 @@ +- name: stop cert-redis + systemd: + name: cert-redis + state: stopped + enabled: no + when: uninstall.certredis == 1 + ignore_errors: true + +- name: remove cert-redis files + file: + path: /home/tsg/cert-redis + state: absent + when: remove.certredis == 1 diff --git a/uninstall/roles/uninstall_adc_mcn0/tasks/certstore_after_20.09.yml b/uninstall/roles/uninstall_adc_mcn0/tasks/certstore_after_20.09.yml new file mode 100644 index 0000000..42f00c4 --- /dev/null +++ b/uninstall/roles/uninstall_adc_mcn0/tasks/certstore_after_20.09.yml @@ -0,0 +1,42 @@ +- name: stop certstore + systemd: + name: certstore + state: stopped + enabled: no + when: + - backup.certstore == 1 + - uninstall.certstore == 1 + ignore_errors: true + +- name: create backup_dest_path + file: + path: "{{ backup_dest_path }}" + state: directory + when: backup.certstore == 1 + +- name: backup /opt/tsg/certstore to destination path + archive: + path: /opt/tsg/certstore + dest: "{{ backup_dest_path }}/certstore_{{ uninstall_version }}_{{ date }}.zip" + format: zip + when: backup.certstore == 1 + +- name: uninstall certstore + yum: + name: + - "{{ certstore }}" + state: absent + when: uninstall.certstore == 1 + +- name: remove certstore files + file: + path: /opt/tsg/certstore + state: absent + when: remove.certstore == 1 + +- name: remove certstore.service + file: + path: /usr/lib/systemd/system/certstore.service + state: absent + when: remove.certstore == 1 + diff --git a/uninstall/roles/uninstall_adc_mcn0/tasks/certstore_before_20.09.yml b/uninstall/roles/uninstall_adc_mcn0/tasks/certstore_before_20.09.yml new file mode 100644 index 0000000..b874377 --- /dev/null +++ b/uninstall/roles/uninstall_adc_mcn0/tasks/certstore_before_20.09.yml @@ -0,0 +1,42 @@ +- name: stop certstore + systemd: + name: certstore + state: stopped + enabled: no + when: + - backup.certstore == 1 + - uninstall.certstore == 1 + ignore_errors: true + +- name: create backup_dest_path + file: + path: "{{ backup_dest_path }}" + state: directory + when: backup.certstore == 1 + +- name: backup /home/tsg/certstore to destination path + archive: + path: /home/tsg/certstore + dest: "{{ backup_dest_path }}/certstore_{{ uninstall_version }}_{{ date }}.zip" + format: zip + when: backup.certstore == 1 + +- name: uninstall certstore + yum: + name: + - "{{ certstore }}" + state: absent + when: uninstall.certstore == 1 + +- name: remove certstore files + file: + path: /home/tsg/certstore + state: absent + when: remove.certstore == 1 + +- name: remove certstore.service + file: + path: /usr/lib/systemd/system/certstore.service + state: absent + when: remove.certstore == 1 + diff --git a/uninstall/roles/uninstall_adc_mcn0/tasks/framework_after_20.09.yml b/uninstall/roles/uninstall_adc_mcn0/tasks/framework_after_20.09.yml new file mode 100644 index 0000000..064e64b --- /dev/null +++ b/uninstall/roles/uninstall_adc_mcn0/tasks/framework_after_20.09.yml @@ -0,0 +1,38 @@ +- name: create backup_dest_path + file: + path: "{{ backup_dest_path }}" + state: directory + when: backup.framework == 1 + +- name: backup /home/tsg/certstore to destination path + archive: + path: /opt/MESA + dest: "{{ backup_dest_path }}/opt_MESA_{{ uninstall_version }}_{{ date }}.zip" + format: zip + when: backup.framework == 1 + +- name: uninstall framework + yum: + name: + - "{{ libcjson }}" + - "{{ libdocument }}" + - "{{ libmaatframe }}" + - "{{ libMESA_field_stat }}" + - "{{ libMESA_field_stat2 }}" + - "{{ libMESA_handle_logger }}" + - "{{ libMESA_htable }}" + - "{{ libMESA_prof_load }}" + - "{{ librdkafka }}" + - "{{ librulescan }}" + - "{{ libwiredcfg }}" + - "{{ libWiredLB }}" + - "{{ lz4 }}" + - "{{ libtsglua }}" + state: absent + when: uninstall.framework == 1 + +- name: remove framework files + file: + path: /opt/MESA + state: absent + when: remove.framework == 1 diff --git a/uninstall/roles/uninstall_adc_mcn0/tasks/framework_before_20.09.yml b/uninstall/roles/uninstall_adc_mcn0/tasks/framework_before_20.09.yml new file mode 100644 index 0000000..4cd6777 --- /dev/null +++ b/uninstall/roles/uninstall_adc_mcn0/tasks/framework_before_20.09.yml @@ -0,0 +1,37 @@ +- name: create backup_dest_path + file: + path: "{{ backup_dest_path }}" + state: directory + when: backup.framework == 1 + +- name: backup /home/tsg/certstore to destination path + archive: + path: /opt/MESA + dest: "{{ backup_dest_path }}/opt_MESA_{{ uninstall_version }}_{{ date }}.zip" + format: zip + when: backup.framework == 1 + +- name: uninstall framework + yum: + name: + - "{{ libcjson }}" + - "{{ libdocument }}" + - "{{ libmaatframe }}" + - "{{ libMESA_field_stat }}" + - "{{ libMESA_field_stat2 }}" + - "{{ libMESA_handle_logger }}" + - "{{ libMESA_htable }}" + - "{{ libMESA_prof_load }}" + - "{{ librdkafka }}" + - "{{ librulescan }}" + - "{{ libwiredcfg }}" + - "{{ libWiredLB }}" + - "{{ lz4 }}" + state: absent + when: uninstall.framework == 1 + +- name: remove framework files + file: + path: /opt/MESA + state: absent + when: remove.framework == 1 diff --git a/uninstall/roles/uninstall_adc_mcn0/tasks/main.yml b/uninstall/roles/uninstall_adc_mcn0/tasks/main.yml index 6417634..2bfd22b 100644 --- a/uninstall/roles/uninstall_adc_mcn0/tasks/main.yml +++ b/uninstall/roles/uninstall_adc_mcn0/tasks/main.yml @@ -131,6 +131,29 @@ state: absent when: remove.kni == 1 +#################### +#Tsg-app +- name: stop sapp + systemd: + name: sapp + state: stopped + enabled: no + when: + - uninstall_version >= 20.09 + - uninstall.tsg_app == 1 + ignore_errors: true + +- name: uninstall tsg_app + yum: + name: + - "{{ app_sketch_local }}" + - "{{ app_control_plug }}" + - "{{ app_master }}" + state: absent + when: + - uninstall_version >= 20.09 + - uninstall.tsg_app == 1 + #################### #Uninstall tsg_master - name: stop sapp @@ -303,63 +326,24 @@ #################### #Uninstall Certstore -- name: stop certstore - systemd: - name: certstore - state: stopped - enabled: no - when: - - backup.certstore == 1 - - uninstall.certstore == 1 - ignore_errors: true +- name: uninstall certstore before 20.09 + include: certstore_before_20.09.yml + when: uninstall_version < 20.09 -- name: create backup_dest_path - file: - path: "{{ backup_dest_path }}" - state: directory - when: backup.certstore == 1 - -- name: backup /home/tsg/certstore to destination path - archive: - path: /home/tsg/certstore - dest: "{{ backup_dest_path }}/certstore_{{ uninstall_version }}_{{ date }}.zip" - format: zip - when: backup.certstore == 1 - -- name: uninstall certstore - yum: - name: - - "{{ certstore }}" - state: absent - when: uninstall.certstore == 1 - -- name: remove certstore files - file: - path: /home/tsg/certstore - state: absent - when: remove.certstore == 1 - -- name: remove certstore.service - file: - path: /usr/lib/systemd/system/certstore.service - state: absent - when: remove.certstore == 1 +- name: uninstall certstore after 20.09 + include: certstore_after_20.09.yml + when: uninstall_version >= 20.09 #################### #Uninstall cert-redis -- name: stop cert-redis - systemd: - name: cert-redis - state: stopped - enabled: no - when: uninstall.certredis == 1 - ignore_errors: true +- name: uninstall certredis before 20.09 + include: certredis_before_20.09.yml + when: uninstall_version < 20.09 + +- name: uninstall certredis after 20.09 + include: certredis_after_20.09.yml + when: uninstall_version >= 20.09 -- name: remove cert-redis files - file: - path: /home/tsg/cert-redis - state: absent - when: remove.certredis == 1 #################### #Uninstall clotho @@ -407,43 +391,13 @@ #################### #Uninstall framework -- name: create backup_dest_path - file: - path: "{{ backup_dest_path }}" - state: directory - when: backup.framework == 1 +- name: uninstall framework before 20.09 + include: framework_before_20.09.yml + when: uninstall_version < 20.09 -- name: backup /home/tsg/certstore to destination path - archive: - path: /opt/MESA - dest: "{{ backup_dest_path }}/opt_MESA_{{ uninstall_version }}_{{ date }}.zip" - format: zip - when: backup.framework == 1 - -- name: uninstall framework - yum: - name: - - "{{ libcjson }}" - - "{{ libdocument }}" - - "{{ libmaatframe }}" - - "{{ libMESA_field_stat }}" - - "{{ libMESA_field_stat2 }}" - - "{{ libMESA_handle_logger }}" - - "{{ libMESA_htable }}" - - "{{ libMESA_prof_load }}" - - "{{ librdkafka }}" - - "{{ librulescan }}" - - "{{ libwiredcfg }}" - - "{{ libWiredLB }}" - - "{{ lz4 }}" - state: absent - when: uninstall.framework == 1 - -- name: remove framework files - file: - path: /opt/MESA - state: absent - when: remove.framework == 1 +- name: uninstall framework after 20.09 + include: framework_after_20.09.yml + when: uninstall_version >= 20.09 #################### #Uninstall telegraf_statistic @@ -474,6 +428,27 @@ state: absent when: remove.telegraf_statistic == 1 +#################### +#Tsg-diagnose +- name: stop docker + systemd: + name: docker + state: stopped + enabled: no + when: + - uninstall.tsg_diagnose == 1 + - uninstall_version >= 20.09 + ignore_errors: true + +- name: uninstall tsg_diagnose + yum: + name: + - "{{ tsg_diagnose }}" + state: absent + when: + - uninstall.tsg_diagnose == 1 + - uninstall_version >= 20.09 + #################### #Remove other tsg files - name: remove /home/mesasoft diff --git a/uninstall/roles/uninstall_server/tasks/certredis_after_20.09.yml b/uninstall/roles/uninstall_server/tasks/certredis_after_20.09.yml new file mode 100644 index 0000000..49d6e27 --- /dev/null +++ b/uninstall/roles/uninstall_server/tasks/certredis_after_20.09.yml @@ -0,0 +1,13 @@ +- name: stop cert-redis + systemd: + name: cert-redis + state: stopped + enabled: no + when: uninstall.certredis == 1 + ignore_errors: true + +- name: remove cert-redis files + file: + path: /opt/tsg/cert-redis + state: absent + when: remove.certredis == 1 diff --git a/uninstall/roles/uninstall_server/tasks/certredis_before_20.09.yml b/uninstall/roles/uninstall_server/tasks/certredis_before_20.09.yml new file mode 100644 index 0000000..a63754b --- /dev/null +++ b/uninstall/roles/uninstall_server/tasks/certredis_before_20.09.yml @@ -0,0 +1,13 @@ +- name: stop cert-redis + systemd: + name: cert-redis + state: stopped + enabled: no + when: uninstall.certredis == 1 + ignore_errors: true + +- name: remove cert-redis files + file: + path: /home/tsg/cert-redis + state: absent + when: remove.certredis == 1 diff --git a/uninstall/roles/uninstall_server/tasks/certstore_after_20.09.yml b/uninstall/roles/uninstall_server/tasks/certstore_after_20.09.yml new file mode 100644 index 0000000..42f00c4 --- /dev/null +++ b/uninstall/roles/uninstall_server/tasks/certstore_after_20.09.yml @@ -0,0 +1,42 @@ +- name: stop certstore + systemd: + name: certstore + state: stopped + enabled: no + when: + - backup.certstore == 1 + - uninstall.certstore == 1 + ignore_errors: true + +- name: create backup_dest_path + file: + path: "{{ backup_dest_path }}" + state: directory + when: backup.certstore == 1 + +- name: backup /opt/tsg/certstore to destination path + archive: + path: /opt/tsg/certstore + dest: "{{ backup_dest_path }}/certstore_{{ uninstall_version }}_{{ date }}.zip" + format: zip + when: backup.certstore == 1 + +- name: uninstall certstore + yum: + name: + - "{{ certstore }}" + state: absent + when: uninstall.certstore == 1 + +- name: remove certstore files + file: + path: /opt/tsg/certstore + state: absent + when: remove.certstore == 1 + +- name: remove certstore.service + file: + path: /usr/lib/systemd/system/certstore.service + state: absent + when: remove.certstore == 1 + diff --git a/uninstall/roles/uninstall_server/tasks/certstore_before_20.09.yml b/uninstall/roles/uninstall_server/tasks/certstore_before_20.09.yml new file mode 100644 index 0000000..b874377 --- /dev/null +++ b/uninstall/roles/uninstall_server/tasks/certstore_before_20.09.yml @@ -0,0 +1,42 @@ +- name: stop certstore + systemd: + name: certstore + state: stopped + enabled: no + when: + - backup.certstore == 1 + - uninstall.certstore == 1 + ignore_errors: true + +- name: create backup_dest_path + file: + path: "{{ backup_dest_path }}" + state: directory + when: backup.certstore == 1 + +- name: backup /home/tsg/certstore to destination path + archive: + path: /home/tsg/certstore + dest: "{{ backup_dest_path }}/certstore_{{ uninstall_version }}_{{ date }}.zip" + format: zip + when: backup.certstore == 1 + +- name: uninstall certstore + yum: + name: + - "{{ certstore }}" + state: absent + when: uninstall.certstore == 1 + +- name: remove certstore files + file: + path: /home/tsg/certstore + state: absent + when: remove.certstore == 1 + +- name: remove certstore.service + file: + path: /usr/lib/systemd/system/certstore.service + state: absent + when: remove.certstore == 1 + diff --git a/uninstall/roles/uninstall_server/tasks/framework_after_20.09.yml b/uninstall/roles/uninstall_server/tasks/framework_after_20.09.yml new file mode 100644 index 0000000..064e64b --- /dev/null +++ b/uninstall/roles/uninstall_server/tasks/framework_after_20.09.yml @@ -0,0 +1,38 @@ +- name: create backup_dest_path + file: + path: "{{ backup_dest_path }}" + state: directory + when: backup.framework == 1 + +- name: backup /home/tsg/certstore to destination path + archive: + path: /opt/MESA + dest: "{{ backup_dest_path }}/opt_MESA_{{ uninstall_version }}_{{ date }}.zip" + format: zip + when: backup.framework == 1 + +- name: uninstall framework + yum: + name: + - "{{ libcjson }}" + - "{{ libdocument }}" + - "{{ libmaatframe }}" + - "{{ libMESA_field_stat }}" + - "{{ libMESA_field_stat2 }}" + - "{{ libMESA_handle_logger }}" + - "{{ libMESA_htable }}" + - "{{ libMESA_prof_load }}" + - "{{ librdkafka }}" + - "{{ librulescan }}" + - "{{ libwiredcfg }}" + - "{{ libWiredLB }}" + - "{{ lz4 }}" + - "{{ libtsglua }}" + state: absent + when: uninstall.framework == 1 + +- name: remove framework files + file: + path: /opt/MESA + state: absent + when: remove.framework == 1 diff --git a/uninstall/roles/uninstall_server/tasks/framework_before_20.09.yml b/uninstall/roles/uninstall_server/tasks/framework_before_20.09.yml new file mode 100644 index 0000000..ba9b710 --- /dev/null +++ b/uninstall/roles/uninstall_server/tasks/framework_before_20.09.yml @@ -0,0 +1,37 @@ +- name: create backup_dest_path + file: + path: "{{ backup_dest_path }}" + state: directory + when: backup.framework == 1 + +- name: backup /opt/MESA to destination path + archive: + path: /opt/MESA + dest: "{{ backup_dest_path }}/opt_MESA_{{ uninstall_version }}_{{ date }}.zip" + format: zip + when: backup.framework == 1 + +- name: uninstall framework + yum: + name: + - "{{ libcjson }}" + - "{{ libdocument }}" + - "{{ libmaatframe }}" + - "{{ libMESA_field_stat }}" + - "{{ libMESA_field_stat2 }}" + - "{{ libMESA_handle_logger }}" + - "{{ libMESA_htable }}" + - "{{ libMESA_prof_load }}" + - "{{ librdkafka }}" + - "{{ librulescan }}" + - "{{ libwiredcfg }}" + - "{{ libWiredLB }}" + - "{{ lz4 }}" + state: absent + when: uninstall.framework == 1 + +- name: remove framework files + file: + path: /opt/MESA + state: absent + when: remove.framework == 1 diff --git a/uninstall/roles/uninstall_server/tasks/main.yml b/uninstall/roles/uninstall_server/tasks/main.yml index 9579f84..91c7c7e 100644 --- a/uninstall/roles/uninstall_server/tasks/main.yml +++ b/uninstall/roles/uninstall_server/tasks/main.yml @@ -130,6 +130,28 @@ path: /home/mesasoft/sapp_run/etc/kni/ state: absent when: remove.kni == 1 +#################### +#Tsg-app +- name: stop sapp + systemd: + name: sapp + state: stopped + enabled: no + when: + - uninstall_version >= 20.09 + - uninstall.tsg_app == 1 + ignore_errors: true + +- name: uninstall tsg_app + yum: + name: + - "{{ app_sketch_local }}" + - "{{ app_control_plug }}" + - "{{ app_master }}" + state: absent + when: + - uninstall_version >= 20.09 + - uninstall.tsg_app == 1 #################### #Uninstall tsg_master @@ -369,63 +391,23 @@ #################### #Uninstall Certstore -- name: stop certstore - systemd: - name: certstore - state: stopped - enabled: no - when: - - backup.certstore == 1 - - uninstall.certstore == 1 - ignore_errors: true +- name: uninstall certstore before 20.09 + include: certstore_before_20.09.yml + when: uninstall_version < 20.09 -- name: create backup_dest_path - file: - path: "{{ backup_dest_path }}" - state: directory - when: backup.certstore == 1 - -- name: backup /home/tsg/certstore to destination path - archive: - path: /home/tsg/certstore - dest: "{{ backup_dest_path }}/certstore_{{ uninstall_version }}_{{ date }}.zip" - format: zip - when: backup.certstore == 1 - -- name: uninstall certstore - yum: - name: - - "{{ certstore }}" - state: absent - when: uninstall.certstore == 1 - -- name: remove certstore files - file: - path: /home/tsg/certstore - state: absent - when: remove.certstore == 1 - -- name: remove certstore.service - file: - path: /usr/lib/systemd/system/certstore.service - state: absent - when: remove.certstore == 1 +- name: uninstall certstore after 20.09 + include: certstore_after_20.09.yml + when: uninstall_version >= 20.09 #################### #Uninstall cert-redis -- name: stop cert-redis - systemd: - name: cert-redis - state: stopped - enabled: no - when: uninstall.certredis == 1 - ignore_errors: true +- name: uninstall certredis before 20.09 + include: certredis_before_20.09.yml + when: uninstall_version < 20.09 -- name: remove cert-redis files - file: - path: /home/tsg/cert-redis - state: absent - when: remove.certredis == 1 +- name: uninstall certredis after 20.09 + include: certredis_after_20.09.yml + when: uninstall_version >= 20.09 #################### #Uninstall clotho @@ -473,43 +455,13 @@ #################### #Uninstall framework -- name: create backup_dest_path - file: - path: "{{ backup_dest_path }}" - state: directory - when: backup.framework == 1 +- name: uninstall framework before 20.09 + include: framework_before_20.09.yml + when: uninstall_version < 20.09 -- name: backup /home/tsg/certstore to destination path - archive: - path: /opt/MESA - dest: "{{ backup_dest_path }}/opt_MESA_{{ uninstall_version }}_{{ date }}.zip" - format: zip - when: backup.framework == 1 - -- name: uninstall framework - yum: - name: - - "{{ libcjson }}" - - "{{ libdocument }}" - - "{{ libmaatframe }}" - - "{{ libMESA_field_stat }}" - - "{{ libMESA_field_stat2 }}" - - "{{ libMESA_handle_logger }}" - - "{{ libMESA_htable }}" - - "{{ libMESA_prof_load }}" - - "{{ librdkafka }}" - - "{{ librulescan }}" - - "{{ libwiredcfg }}" - - "{{ libWiredLB }}" - - "{{ lz4 }}" - state: absent - when: uninstall.framework == 1 - -- name: remove framework files - file: - path: /opt/MESA - state: absent - when: remove.framework == 1 +- name: uninstall framework after 20.09 + include: framework_after_20.09.yml + when: uninstall_version >= 20.09 #################### #Uninstall telegraf_statistic diff --git a/uninstall/uninstall_config/group_vars/uninstall_vars.yml b/uninstall/uninstall_config/group_vars/uninstall_vars.yml index b4c72ac..e47f214 100644 --- a/uninstall/uninstall_config/group_vars/uninstall_vars.yml +++ b/uninstall/uninstall_config/group_vars/uninstall_vars.yml @@ -1,12 +1,12 @@ #################### #Uninstall the target TSG version -#Support 20.08 / 20.07 / 20.07.rc1 / 20.06.1 -uninstall_version: 20.08 +#Support 20.09 / 20.08 / 20.07 / 20.07.rc1 / 20.06.1 +uninstall_version: 20.09 #################### #Backup backup_dest_path: /root/backup_data -date: 20200914 +date: 20200921 backup: marsio: 1 tfe: 1 @@ -35,6 +35,8 @@ uninstall: http_healthcheck: 1 telegraf_statistic: 1 tsg_env_tun_mode: 0 + tsg_app: 1 + tsg_diagnose: 1 #################### #Remove list diff --git a/uninstall/uninstall_tsg.yml b/uninstall/uninstall_tsg.yml index d65ae90..f474533 100644 --- a/uninstall/uninstall_tsg.yml +++ b/uninstall/uninstall_tsg.yml @@ -4,7 +4,7 @@ - uninstall_server vars_files: - uninstall_config/group_vars/uninstall_vars.yml - - roles/package_list/20.08.yml + - roles/package_list/20.09.yml - hosts: uninstall_adc_mcn0 remote_user: root @@ -12,7 +12,7 @@ - uninstall_adc_mcn0 vars_files: - uninstall_config/group_vars/uninstall_vars.yml - - roles/package_list/20.08.yml + - roles/package_list/20.09.yml - hosts: uninstall_adc_mcn123 remote_user: root @@ -20,4 +20,4 @@ - uninstall_adc_mcn123 vars_files: - uninstall_config/group_vars/uninstall_vars.yml - - roles/package_list/20.08.yml + - roles/package_list/20.09.yml