update

deploy.yml

@@ -22,7 +22,7 @@
     - certstore
     - cert-redis
     - telegraf_statistic
-    - tsg_device_tag
+#    - tsg_device_tag
 
 - hosts: adc_mcn1
   remote_user: root
@@ -60,6 +60,24 @@
     - mrzcpd
     - tfe
 
+- hosts: adc_mcn0
+  remote_user: root
+  roles:
+    - tsg-diagnose
+
+- hosts: 
+    - adc_mcn1
+    - adc_mcn2
+    - adc_mcn3
+  remote_user: root
+  roles:
+    - tsg-diagnose_sync_ca
+    
+- hosts: adc_mcn0
+  remote_user: root
+  roles:
+    - tsg-diagnose_stop_sync
+
 - hosts: server-as-tun-mode
   remote_user: root
   vars_files:
@@ -80,4 +98,4 @@
     - tfe
     - telegraf_statistic
     - proxy_status
-    - tsg_device_tag
+#    - tsg_device_tag

install_config/group_vars/adc_global.yml

@@ -78,6 +78,7 @@ tfe:
   mc_cache_eth: lo 
   keykeeper:
     no_cache: 0
+  mirror_enable: 1
 
 ########################################
 #Marsio Config
@@ -87,3 +88,8 @@ mrzcpd:
 
 mrtunnat:
   lcore_id: 40,41,42,43
+
+#########################################
+#Tsg-app
+tsg-app_enable: 1
+

install_config/group_vars/server_as_tun_mode.yml

@@ -93,6 +93,7 @@ tfe:
   mc_cache_eth: lo 
   keykeeper:
     no_cache: 0
+  mirror_enable: 1
 
 #########################################
 #Marsio Config
@@ -102,6 +103,10 @@ mrzcpd:
 mrtunnat:
   lcore_id: 38
 
+#########################################
+#Tsg-app
+tsg-app_enable: 0
+
 #########################################
 #ATCA Config
 #下列配置只在tsg_access_type=4时生效

roles/cert-redis/files/cert-redis/6379/6379.conf

@@ -160,7 +160,7 @@ loglevel notice
 # Specify the log file name. Also the empty string can be used to force
 # Redis to log on the standard output. Note that if you use standard
 # output for logging but daemonize, logs will be sent to /dev/null
-logfile "/home/tsg/cert-redis/6379/6379.log"
+logfile "/opt/tsg/cert-redis/6379/6379.log"
 
 # To enable logging to the system logger, just set 'syslog-enabled' to yes,
 # and optionally update the other syslog parameters to suit your needs.
@@ -244,7 +244,7 @@ dbfilename dump.rdb
 # The Append Only File will also be created inside this directory.
 #
 # Note that you must specify a directory here, not a file name.
-dir /home/tsg/cert-redis/6379/
+dir /opt/tsg/cert-redis/6379/
 
 ################################# REPLICATION #################################
 

roles/cert-redis/files/cert-redis/start-cert-redis

@@ -1,4 +1,4 @@
 #!/bin/bash
 #
 
-/usr/local/bin/redis-server /home/tsg/cert-redis/6379/6379.conf
+/usr/local/bin/redis-server /opt/tsg/cert-redis/6379/6379.conf

roles/cert-redis/tasks/main.yml

@@ -1,11 +1,11 @@
 - name: "copy cert-redis to destination server"
   copy:
     src: "{{ role_path }}/files/"
-    dest: /home/tsg
+    dest: /opt/tsg
     mode: 0755
 
 - name: "install cert-redis"
-  shell: cd /home/tsg/cert-redis;sh install.sh
+  shell: cd /opt/tsg/cert-redis;sh install.sh
 
 - name: "start cert-redis"
   systemd:

roles/certstore/tasks/main.yml

@@ -3,20 +3,20 @@
     src: "{{ role_path }}/files/"
     dest: "/tmp/ansible_deploy/"
 
-- name: Ensures /home/tsg exists
-  file: path=/home/tsg state=directory
+- name: Ensures /opt/tsg exists
+  file: path=/opt/tsg state=directory
   tags: mkdir
 
 - name: install certstore
   yum:
     name:
-      - /tmp/ansible_deploy/certstore-2.1.2.20200828.f507b3e-1.el7.x86_64.rpm
+      - /tmp/ansible_deploy/certstore-2.1.2.202009.87fcacf-1.el7.x86_64.rpm
     state: present
 
 - name: template certstore configure file
   template:
     src: "{{ role_path }}/templates/cert_store.ini.j2"
-    dest: /home/tsg/certstore/conf/cert_store.ini
+    dest: /opt/tsg/certstore/conf/cert_store.ini
 
 - name: "start certstore"
   systemd:

roles/firewall/tasks/main.yml

@@ -13,9 +13,9 @@
     fw_packages:
       - /tmp/ansible_deploy/capture_packet_plug-3.0.2.09f193c-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/clotho-debug-1.0.0.-1.el7.x86_64.rpm
-      - /tmp/ansible_deploy/dns-2.0.6.d8317e9-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/dns-2.0.8.beb1d09-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/ftp-1.0.6.2710506-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/fw_dns_plug-3.0.0.0a5d574-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/fw_dns_plug-3.0.1.453c533-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/fw_ftp_plug-3.0.0.7a867ea-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/fw_http_plug-3.0.0.1ca1c65-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/fw_mail_plug-3.0.0.3b4e481-2.el7.x86_64.rpm
@@ -23,10 +23,13 @@
       - /tmp/ansible_deploy/fw_ssl_plug-3.0.1.7ea9976-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/http-2.0.3.9218b4b-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/mail-1.0.7.9e3be05-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/quic-1.1.6.d6755d8-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/ssl-1.0.3.e8482a4-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/quic-1.1.9.810857d-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/ssl-1.0.8.0068bd9-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/tsg_conn_record-1.0.2.2afb19a-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/tsg_conn_sketch-2.0.v2.0_alpha.af621ca-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/app_control_plug-1.0.2.a724506-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/app_sketch_local-1.0.2.fd63c68-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/app_master-1.0.4.d189dee-2.el7.x86_64.rpm
 
 - name: "Template the tsgconf/main.conf"
   template:

roles/framework/tasks/main.yml

@@ -11,18 +11,19 @@
   vars:
     packages:
       - /tmp/ansible_deploy/libMESA_field_stat-1.0.1.852c2df-1.el7.x86_64.rpm
-      - /tmp/ansible_deploy/libMESA_field_stat2-2.9.0.16ecf3b-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/libMESA_field_stat2-2.9.1.d80b5fb-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/libMESA_handle_logger-1.0.9.304259e-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/libMESA_htable-3.10.11.6275308-1.el7.x86_64.rpm
       - /tmp/ansible_deploy/libMESA_prof_load-1.0.5.bf755de-1.el7.x86_64.rpm
       - /tmp/ansible_deploy/libWiredLB-2.0.3.c7d131b-1.el7.x86_64.rpm
       - /tmp/ansible_deploy/libcjson-1.7.8.542ad7f-1.el7.x86_64.rpm
       - /tmp/ansible_deploy/libdocumentanalyze-2.0.4.efdfc29-1.el7.x86_64.rpm
-      - /tmp/ansible_deploy/libmaatframe-3.0.3.5931b44-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/libmaatframe-3.0.7.34de556-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/librulescan-2.2.0.900d2b3-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/libwiredcfg-2.0.2.7ce1eea-1.el7.x86_64.rpm
       - /tmp/ansible_deploy/lz4-1.7.5-3.el7.x86_64.rpm
       - /tmp/ansible_deploy/librdkafka-0.11.4-1.el7.x86_64.rpm
+      - /tmp/ansible_deploy/libtsglua-1.0.7.0864e4a-2.el7.x86_64.rpm
 
 - name: "mkdir /etc/ld.so.conf.d/"
   file:

roles/kni/tasks/main.yml

@@ -7,7 +7,7 @@
 - name: "install kni rpms from localhost"
   yum:
     name:
-      - /tmp/ansible_deploy/kni-20.07-1.el7.x86_64.rpm
+      - /tmp/ansible_deploy/kni-20.09-1.el7.x86_64.rpm
     state: present
 
 - name: Template the kni.conf

roles/mrzcpd/templates/adc_inline/mrglobal.conf.adc_inline.j2

@@ -10,7 +10,7 @@ jumbo_frame=1
 max_rx_pkt_len=15360
 clear_tx_flags=1
 vlan-filter=1
-vlan-id-allow=1000,1001
+vlan-id-allow=1000,1001,4000,4001
 
 [device:{{nic_to_tfe.tfe0.name}}]
 jumbo_frame=1

roles/mrzcpd/templates/adc_inline/mrtunnat.conf.adc_inline.j2

@@ -16,3 +16,6 @@ enable=1
 c_router_vlan_id_0=1000
 i_router_vlan_id_0=1001
 en_mac_flipping_0=0
+c_router_vlan_id_1=4000
+i_router_vlan_id_1=4001
+en_mac_flipping_1=0

roles/mrzcpd/templates/adc_tun_mode/mrglobal.conf.adc_tun_mode.j2

@@ -8,7 +8,7 @@ jumbo_frame=1
 max_rx_pkt_len=15360
 clear_tx_flags=1
 vlan-filter=1
-vlan-id-allow=1000,1001,2000,2001
+vlan-id-allow=1000,1001,2000,2001,4000,4001
 vlan-pvid=0
 vlan-pvid-mode=2
 promisc=1

roles/mrzcpd/templates/adc_tun_mode/mrtunnat.conf.adc_tun_mode.j2

@@ -19,3 +19,6 @@ en_mac_flipping_0=0
 c_router_vlan_id_1=2000
 i_router_vlan_id_1=2001
 en_mac_flipping_1=0
+c_router_vlan_id_2=4000
+i_router_vlan_id_2=4001
+en_mac_flipping_2=0

roles/mrzcpd/templates/allot_access/mrglobal.conf.allot_access.j2

@@ -8,7 +8,7 @@ jumbo_frame=1
 max_rx_pkt_len=15360
 clear_tx_flags=1
 vlan-filter=1
-vlan-id-allow={{ AllotAccess.virturlID_1 }},{{ AllotAccess.virturlID_2 }}
+vlan-id-allow={{ AllotAccess.virturlID_1 }},{{ AllotAccess.virturlID_2 }},4000,4001,1000,1001
 vlan-pvid=0
 vlan-pvid-mode=2
 promisc=1

roles/mrzcpd/templates/allot_access/mrtunnat.conf.allot_access.j2

@@ -16,4 +16,10 @@ enable=1
 c_router_vlan_id_0={{ AllotAccess.virturlID_1 }}
 i_router_vlan_id_0={{ AllotAccess.virturlID_2 }}
 en_mac_flipping_0=1
+c_router_vlan_id_1=1000
+i_router_vlan_id_1=1001
+en_mac_flipping_1=0
+c_router_vlan_id_2=4000
+i_router_vlan_id_2=4001
+en_mac_flipping_2=0
 

roles/sapp/tasks/main.yml

@@ -4,10 +4,15 @@
     src: "{{ role_path }}/files/"
     dest: /tmp/ansible_deploy/
 
+- name: "copy maat_redis_tool to destination server"
+  copy:
+    src: "{{ role_path }}/files/maat_redis_tool"
+    dest: /usr/local/bin
+
 - name: "install sapp rpms from localhost"
   yum:
     name:
-      - /tmp/ansible_deploy/sapp-4.0.20.b59c12a-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/sapp-4.1.7.4f2839a-2.el7.x86_64.rpm
     state: present
     skip_broken: yes
 

roles/sapp/templates/conflist.inf.j2

@@ -10,6 +10,9 @@
 #./plug/platform/http_healthcheck/http_healthcheck.inf
 {% endif %}
 ./plug/platform/tsg_master/tsg_master.inf
+{% if tsg-app_enable == 1 %}
+./plug/platform/app_master/app_master.inf
+{% endif %}
 
 [protocol]
 ./plug/protocol/ssl/ssl.inf
@@ -30,3 +33,7 @@
 ./plug/business/tsg_conn_record/tsg_conn_record.inf
 ./plug/business/tsg_conn_sketch/tsg_conn_sketch.inf
 ./plug/business/capture_packet_plug/capture_packet_plug.inf
+{% if tsg-app_enable == 1 %}
+./plug/business/app_sketch_local/app_sketch_local.inf
+./plug/business/app_control_plug/app_control_plug.inf
+{% endif %}

roles/tfe/tasks/main.yml

@@ -14,7 +14,7 @@
   yum:
     name:
       - /tmp/ansible_deploy/tfe-kmod-v1.0.5.20200408-1dkms.noarch.rpm
-      - /tmp/ansible_deploy/tfe-4.3.9.4d7957e-1.el7.x86_64.rpm
+      - /tmp/ansible_deploy/tfe-4.3.10.fb02543-1.el7.x86_64.rpm
     state: present
 
 - name: "template tfe-env config"

roles/tfe/templates/doh.conf.j2

@@ -23,4 +23,5 @@ table_host=TSG_FIELD_DOH_HOST
 # default 0
 ENTRANCE_ID=0
 # default 1
+# if enable "en_sendlog", the iterm "tfe.conf [kafka] enable" must set 1
 en_sendlog=1

roles/tfe/templates/future.conf.j2

@@ -1,5 +1,9 @@
 [STAT]
 no_stats=0
-statsd_server=127.0.0.1
+statsd_server=192.168.100.1
 statsd_port=8100
 histogram_bins=0.50,0.80,0.9,0.95
+statsd_cycle=5
+# FS_OUTPUT_STATSD=1, FS_OUTPUT_INFLUX_LINE=2
+statsd_format=2
+print_diff=1

roles/tfe/templates/tfe.conf.j2

@@ -1,76 +1,121 @@
 [system]
 nr_worker_threads={{ tfe.nr_threads }}
-enable_breakpad=0
-enable_breakpad_upload=0
-breakpad_minidump_dir=/run/tfe/crashreport/
-breakpad_upload_url=http://127.0.0.1:9000/
-disable_coredump=0
+enable_kni_v1=0
+enable_kni_v2=1
 
+# Only when (disable_coredump == 1 || (enable_breakpad == 1 && enable_breakpad_upload == 1)) is satisfied, the core will not be generated locally
+disable_coredump=0
+enable_breakpad=1
+enable_breakpad_upload=0
+breakpad_upload_url=http://sentry.mesalab.cn:9000/api/3/minidump/?sentry_key=e8e446bb3bd8435c97f4c01770ca7025
+# must be /run/tfe/crashreport，due to tmpfile limit
+breakpad_minidump_dir=/run/tfe/crashreport
+
+# ask for at least (1 + nr_worker_threads) masks
+# the first  mask for acceptor thread
+# the others mask for worker   thread
+enable_cpu_affinity=1
+cpu_affinity_mask=1-9
+# LEAST_CONN = 0; ROUND_ROBIN = 1
+load_balance=1
 
 [kni]
+# kni v1
+#uxdomain=/var/run/.tfe_kni_acceptor_handler
+# kni v2
+#scm_socket_file=/var/run/.tfe_kmod_scm_socket
+
+# send cmsg
+send_switch=1
 ip=192.168.100.1
 cmsg_port=2475
+
+# watch dog
 watchdog_switch=1
 watchdog_port=2476
 
 [ssl]
 ssl_max_version=tls13
 ssl_min_version=ssl3
-no_session_cache=0
+ssl_compression=1
+no_ssl2=1
+no_ssl3=0
+no_tls10=0
+no_tls11=0
+no_tls12=0
+default_ciphers=ALL:-aNULL
+no_cert_verify=0
+
+# session ticket
 no_session_ticket=0
-log_master_key=0
+stek_group_num=4
+stek_rotation_time=3600
+
+# session cache
+no_session_cache=0
+session_cache_slots=4194304
+session_cache_expire_seconds=1800
+
+# service cache
+service_cache_slots=4194304
+service_cache_expire_seconds=300
+service_cache_fail_as_pinning_cnt=4
+service_cache_fail_as_proto_err_cnt=5
+service_cache_succ_as_app_not_pinning_cnt=0
+service_cache_fail_time_window=30
+
+# cert
+check_cert_crl=0
 trusted_cert_load_local=1
 trusted_cert_file=resource/tfe/tls-ca-bundle.pem
 trusted_cert_dir=resource/tfe/trusted_storage
-key_log_file=log/sslkeylog.log
-no_alpn=0
-stek_group_num=4
-stek_rotation_time=3600
-service_cache_expire_seconds=600
 
-# SSL mid cert cache
-# default 0
+# master key
+log_master_key=0
+key_log_file=log/sslkeylog.log
+
+# mid cert cache
 mc_cache_enable=1
-# default eth0
 mc_cache_eth={{ nic_inner_ctrl.name }}
-# default NULL
 mc_cache_broker_list={{ log_kafkabrokers.address }}
-# default PXY-EXCH-INTERMEDIA-CERT
 mc_cache_topic=PXY-EXCH-INTERMEDIA-CERT
 
 [key_keeper]
 #Mode: debug - generate cert with ca_path, normal - generate cert with cert store
 #0 on cache 1 off cache
-mode= normal
 no_cache=0
-cert_store_host= {{ cert_store_server.address }}
-cert_store_port= {{ cert_store_server.port }}
+mode=normal
+cert_store_host={{ cert_store_server.address }}
+cert_store_port={{ cert_store_server.port }}
 ca_path=resource/tfe/tango-ca-v3-trust-ca.pem
 untrusted_ca_path=resource/tfe/tango-ca-v3-untrust-ca.pem
-# health_check only for "mode=normal"
-# default 1
+hash_slot_size=131072
+hash_expire_seconds=300
+cert_expire_time=24
+
+# health_check only for "mode=normal" default 1
 enable_health_check=1
 
 [debug]
+# 1 : enforce tcp passthrough
+# 0 : Whether to passthrough depends on the tcp_options in cmsg
 passthrough_all_tcp=0
 
-[traffic_mirror]
-{% if tsg_running_type != 2 %}
-device=lo
-type=0
-{% else %}
-device={{ nic_traffic_mirror.name }}
-type=1
-{% endif %}
-
-
 [ratelimit]
-#read_rate=200000
-#read_burst=200000
-#write_rate=200000
-#write_burst=200000
+read_rate=0
+read_burst=0
+write_rate=0
+write_burst=0
 
 [tcp]
+# read rcv_buff/snd_buff options from tfe conf
+sz_rcv_buffer=-1
+sz_snd_buffer=-1
+
+# 1 : use tcp_options in tfe.conf
+# 0 : use tcp_options in cmsg
+enable_overwrite=0
+tcp_nodelay=1
 so_keepalive=1
 tcp_keepcnt=8
 tcp_keepintvl=15
@@ -81,45 +126,66 @@ tcp_ttl_downstream=70
 
 [log]
 level={{ tfe_log_level }}
+location=log/tfe.log
 
 [stat]
-statsd_server=127.0.0.1
+statsd_server=192.168.100.1
 statsd_port=8100
 statsd_cycle=5
-# FS_OUTPUT_STATSD=1, FS_OUTPUT_INFLUX_LINE=2
+# 1:FS_OUTPUT_STATSD; 2:FS_OUTPUT_INFLUX_LINE
 statsd_format=2
+histogram_bins=0.5,0.8,0.9,0.95
 
 [http]
 loglevel={{ tfe_http_log_level }}
 
+[traffic_mirror]
+{% if tsg_running_type != 2 %}
+enable={{ tfe.mirror_enable }}
+device=lo
+# 0:TRAFFIC_MIRROR_ETHDEV_AF_PACKET; 1:TRAFFIC_MIRROR_ETHDEV_MARSIO
+type=0
+{% else %}
+enable={{ tfe.mirror_enable }}
+device={{ nic_traffic_mirror.name }}
+# 0:TRAFFIC_MIRROR_ETHDEV_AF_PACKET; 1:TRAFFIC_MIRROR_ETHDEV_MARSIO
+type=1
+{% endif %}
+
+
 [kafka]
 enable=1
-nic_name={{ nic_mgr.name }}
+NIC_NAME={{ nic_mgr.name }}
 kafka_brokerlist={{ log_kafkabrokers.address }}
 kafka_topic=PROXY-EVENT-LOG
 device_id_filepath=/opt/tsg/etc/tsg_sn.json
 
 [maat]
-# 0:json 1: redis 2: iris
+# 0:json 1:redis 2:iris
 maat_input_mode=1
+stat_switch=1
+perf_switch=1
 table_info=resource/pangu/table_info.conf
-json_cfg_file=resource/pangu/pangu_http.json
-stat_file=log/pangu_scan.status
-full_cfg_dir=pangu_policy/full/index/
-inc_cfg_dir=pangu_policy/inc/index/
+accept_path=/opt/tsg/etc/tsg_device_tag.json
+stat_file=log/pangu_scan.fs2
+effect_interval_s=1
+deferred_load_on=0
 
+# Pangu uses accept_tags to support the effective range of the device.
+# Traffic mirroring does not need to support the effective range of the device,
+# but pangu and traffic mirroring use the same maat configuration file.
+# Therefore, there is no need to set accept_tags in tfe.conf,
+# just set accept_tags in the tfe_resource_init() code
+# accept_tags={"tags":[{"tag":"device_id","value":"device_1"}]}
+
+# json mode conf iterm
+json_cfg_file=resource/pangu/pangu_http.json
+
+# redis mode conf iterm
 maat_redis_server={{ maat_redis_server.address }}
 maat_redis_port_range={{ maat_redis_server.port }}
 maat_redis_db_index={{ maat_redis_server.db }}
-effect_interval_s=1
-#accept_tags={"tags":[{"tag":"location","value":"Astana"}]}
-accept_path=/opt/tsg/etc/tsg_device_tag.json
-
-[dynamic_maat]
-maat_input_mode=1
-table_info=resource/pangu/dynamic_maat_table_info.conf
-maat_redis_server={{ dynamic_maat_redis_server.address }}
-maat_redis_port_range={{ dynamic_maat_redis_server.port }}
-maat_redis_db_index={{ dynamic_maat_redis_server.db }}
-effect_interval_s=1
 
+# iris mode conf iterm
+full_cfg_dir=pangu_policy/full/index/
+inc_cfg_dir=pangu_policy/inc/index/

roles/tsg-app/tasks/main.yml

@@ -0,0 +1,17 @@
+---
+- name: "copy tsg-app rpms to destination server"
+  copy:
+    src: "{{ role_path }}/files/"
+    dest: /tmp/ansible_deploy/
+
+- name: "install tsg-app packages"
+  yum:
+    name: "{{ app_packages }}"
+    state: present
+    skip_broken: yes
+  vars:
+    app_packages:
+      - /tmp/ansible_deploy/app_control_plug-1.0.2.a724506-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/app_sketch_local-1.0.2.fd63c68-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/app_master-1.0.4.d189dee-2.el7.x86_64.rpm
+  when: tsg-app_enable == 1

roles/tsg-diagnose/tasks/main.yml

@@ -0,0 +1,38 @@
+- name: "Tsg-diagnose:copy file to device"
+  copy:
+    src: '{{ role_path }}/files/'
+    dest: /tmp/ansible_deploy/
+    
+- name: "unarchive install_docker.zip"
+  unarchive:
+    src: /tmp/ansible_deploy/install_docker.zip
+    dest: /tmp/ansible_deploy/
+    remote_src: yes
+
+- name: "exec docker install shell"
+  shell: cd /tmp/ansible_deploy/install_docker; sh setup_docker.sh
+
+- name: 'Docker service start and enable'
+  systemd:
+    name: docker
+    enabled: yes
+    state: started
+    daemon_reload: yes
+
+- name: "Install tsg-diagnose rpm package"
+  yum:
+    name:
+      - "/tmp/ansible_deploy/tsg-diagnose-20.09-1.el7.x86_64.rpm"
+    state: present
+  
+- name: "tsg-diagnose init certs"
+  shell: /bin/sh /opt/tsg/tsg-diagnose/deploy/init_certs/init_badssl_certs.sh
+
+- name: 'Tsg-diagnose service start'
+  systemd:
+    name: tsg-diagnose
+    enabled: yes
+    daemon_reload: yes
+
+- name: "tsg-diagnose init rsync deamon"
+  shell: /bin/sh /opt/tsg/tsg-diagnose/deploy/rsync/init_rsyncd.sh

roles/tsg-diagnose_stop_sync/tasks/main.yml

@@ -0,0 +1,3 @@
+- name: "tsg-diagnose:  stop rsync deamon process"
+  shell: killall -9 rsync
+

roles/tsg-diagnose_sync_ca/tasks/main.yml

@@ -0,0 +1,6 @@
+- name: "tsg-diagnose: rsync badssl ca certs"
+  shell: rsync -avzP --delete 192.168.100.1::blade0toother /tmp/sync/
+
+- name: "tsg-diagnose: add badssl ca file to tfe tls-ca-bundle"
+  shell: cat  /tmp/sync/ca-root.crt >> /opt/tsg/tfe/resource/tfe/tls-ca-bundle.pem
+

roles/tsg_master/tasks/main.yml

@@ -6,6 +6,6 @@
 - name: "install tsg_master from localhost"
   yum:
     name:
-      - /tmp/ansible_deploy/tsg_master-3.1.2.7002e1b-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/tsg_master-3.2.8.e57ad7f-2.el7.x86_64.rpm
     state: present
     skip_broken: yes

uninstall/roles/package_list/20.09.yml

@@ -0,0 +1,93 @@
+####################
+#marsio
+mrzcpd: mrzcpd-4.3.25.d88306e-1.el7.x86_64
+
+####################
+#kernel
+origin_kernel: CentOS Linux (3.10.0-693.el7.x86_64) 7 (Core)
+#默认为CentOS 7.4内核，如果系统版本变更，请手动更改origin_kernel值
+
+kernel_ml: kernel-ml-5.1.8-1.el7.elrepo.x86_64
+kernel_ml_devel: kernel-ml-devel-5.1.8-1.el7.elrepo.x86_64
+dkms: dkms-2.7.1-1.el7.noarch
+elfutils_libelf_devel: elfutils-libelf-devel-0.168-8.el7.x86_64
+pkgconfig: pkgconfig-0.27.1-4.el7.x86_64
+zlib_devel: zlib-devel-1.2.7-17.el7.x86_64
+
+####################
+#framework
+libcjson: libcjson-1.7.8.542ad7f-1.x86_64
+libdocument: libdocumentanalyze-2.0.4.efdfc29-1.x86_64
+libmaatframe: libmaatframe-3.0.7.34de556-1.x86_64 
+libMESA_field_stat: libMESA_field_stat-1.0.1.852c2df-1.x86_64
+libMESA_field_stat2: libMESA_field_stat2-2.9.1.d80b5fb-1.x86_64
+libMESA_handle_logger: libMESA_handle_logger-1.0.9.304259e-1.x86_64
+libMESA_htable: libMESA_htable-3.10.11.6275308-1.x86_64
+libMESA_prof_load: libMESA_prof_load-1.0.5.bf755de-1.x86_64
+librdkafka: librdkafka-0.11.4-1.el7.x86_64
+librulescan: librulescan-2.2.0.900d2b3-1.x86_64
+libwiredcfg: libwiredcfg-2.0.2.7ce1eea-1.x86_64
+libWiredLB: libWiredLB-2.0.3.c7d131b-1.x86_64
+lz4: lz4-1.7.5-3.el7.x86_64
+libtsglua: libtsglua-1.0.7.0864e4a-1.x86_64
+
+####################
+#sapp
+sapp: sapp-4.1.7.4f2839a-1.x86_64
+
+####################
+#tsg_master
+tsg_master: tsg_master-3.2.8.e57ad7f-1.x86_64
+
+####################
+#kni
+kni: kni-20.09-1.el7.x86_64
+
+####################
+#firewall
+capture_packet_plug: capture_packet_plug-3.0.2.09f193c-1.x86_64
+dns: dns-2.0.8.beb1d09-1.x86_64
+ftp: ftp-1.0.6.2710506-1.x86_64
+http: http-2.0.3.9218b4b-1.x86_64
+quic: quic-1.1.9.810857d-1.x86_64
+ssl: ssl-1.0.8.0068bd9-1.x86_64
+mail: mail-1.0.7.9e3be05-1.x86_64
+fw_dns: fw_dns_plug-3.0.1.453c533-1.x86_64
+fw_ftp: fw_ftp_plug-3.0.0.7a867ea-1.x86_64
+fw_http: fw_http_plug-3.0.0.1ca1c65-1.x86_64
+fw_quic: fw_quic_plug-3.0.0.b06d39c-1.x86_64
+fw_ssl: fw_ssl_plug-3.0.1.7ea9976-1.x86_64
+fw_mail: fw_mail_plug-3.0.0.3b4e481-1.x86_64
+tsg_conn_record: tsg_conn_record-1.0.2.2afb19a-1.x86_64
+tsg_conn_sketch: tsg_conn_sketch-2.0.v2.0_alpha.af621ca-1.x86_64
+
+####################
+#Tsg_app
+app_sketch_local: app_sketch_local-1.0.2.fd63c68-1.x86_64
+app_control_plug: app_control_plug-1.0.2.a724506-1.x86_64
+app_master: app_master-1.0.4.d189dee-1.x86_64
+
+####################
+#tfe
+tfe: tfe-4.3.10.fb02543-1.el7.x86_64
+tfe_kmod: tfe-kmod-v1.0.5.20200408-1dkms.noarch
+
+####################
+#http_healthcheck
+http_healthcheck: http_healthcheck-20.04-1.el7.x86_64
+
+#####################
+#clotho
+clotho: clotho-debug-1.0.0.-1.el7.x86_64
+
+#####################
+#certstore
+certstore: certstore-2.1.2.202009.87fcacf-1.el7.x86_64
+
+#####################
+#telegraf 
+telegraf_statistic: telegraf-1.13.0-1.x86_64
+
+#####################
+#tsg-diagnose
+tsg-diagnose: tsg-diagnose-20.09-1.el7.x86_64

uninstall/roles/uninstall_adc_mcn0/tasks/certredis_after_20.09.yml

@@ -0,0 +1,13 @@
+- name: stop cert-redis
+  systemd:
+    name: cert-redis
+    state: stopped
+    enabled: no
+  when: uninstall.certredis == 1
+  ignore_errors: true
+
+- name: remove cert-redis files
+  file:
+    path: /opt/tsg/cert-redis
+    state: absent
+  when: remove.certredis == 1

uninstall/roles/uninstall_adc_mcn0/tasks/certredis_before_20.09.yml

@@ -0,0 +1,13 @@
+- name: stop cert-redis
+  systemd:
+    name: cert-redis
+    state: stopped
+    enabled: no
+  when: uninstall.certredis == 1
+  ignore_errors: true
+
+- name: remove cert-redis files
+  file:
+    path: /home/tsg/cert-redis
+    state: absent
+  when: remove.certredis == 1

uninstall/roles/uninstall_adc_mcn0/tasks/certstore_after_20.09.yml

@@ -0,0 +1,42 @@
+- name: stop certstore
+  systemd:
+    name: certstore
+    state: stopped
+    enabled: no
+  when:
+    - backup.certstore == 1
+    - uninstall.certstore == 1
+  ignore_errors: true
+
+- name: create backup_dest_path
+  file:
+    path: "{{ backup_dest_path }}"
+    state: directory
+  when: backup.certstore == 1
+
+- name: backup /opt/tsg/certstore to destination path
+  archive:
+    path: /opt/tsg/certstore
+    dest: "{{ backup_dest_path }}/certstore_{{ uninstall_version }}_{{ date }}.zip"
+    format: zip
+  when: backup.certstore == 1
+
+- name: uninstall certstore
+  yum:
+    name:
+      - "{{ certstore }}"
+    state: absent
+  when: uninstall.certstore == 1
+
+- name: remove certstore files
+  file:
+    path: /opt/tsg/certstore
+    state: absent
+  when: remove.certstore == 1
+
+- name: remove certstore.service
+  file:
+    path: /usr/lib/systemd/system/certstore.service
+    state: absent
+  when: remove.certstore == 1
+

uninstall/roles/uninstall_adc_mcn0/tasks/certstore_before_20.09.yml

@@ -0,0 +1,42 @@
+- name: stop certstore
+  systemd:
+    name: certstore
+    state: stopped
+    enabled: no
+  when:
+    - backup.certstore == 1
+    - uninstall.certstore == 1
+  ignore_errors: true
+
+- name: create backup_dest_path
+  file:
+    path: "{{ backup_dest_path }}"
+    state: directory
+  when: backup.certstore == 1
+
+- name: backup /home/tsg/certstore to destination path
+  archive:
+    path: /home/tsg/certstore
+    dest: "{{ backup_dest_path }}/certstore_{{ uninstall_version }}_{{ date }}.zip"
+    format: zip
+  when: backup.certstore == 1
+
+- name: uninstall certstore
+  yum:
+    name:
+      - "{{ certstore }}"
+    state: absent
+  when: uninstall.certstore == 1
+
+- name: remove certstore files
+  file:
+    path: /home/tsg/certstore
+    state: absent
+  when: remove.certstore == 1
+
+- name: remove certstore.service
+  file:
+    path: /usr/lib/systemd/system/certstore.service
+    state: absent
+  when: remove.certstore == 1
+

uninstall/roles/uninstall_adc_mcn0/tasks/framework_after_20.09.yml

@@ -0,0 +1,38 @@
+- name: create backup_dest_path
+  file:
+    path: "{{ backup_dest_path }}"
+    state: directory
+  when: backup.framework == 1
+
+- name: backup /home/tsg/certstore to destination path
+  archive:
+    path: /opt/MESA
+    dest: "{{ backup_dest_path }}/opt_MESA_{{ uninstall_version }}_{{ date }}.zip"
+    format: zip
+  when: backup.framework == 1
+
+- name: uninstall framework
+  yum:
+    name:
+      - "{{ libcjson }}"
+      - "{{ libdocument }}"
+      - "{{ libmaatframe }}"
+      - "{{ libMESA_field_stat }}"
+      - "{{ libMESA_field_stat2 }}"
+      - "{{ libMESA_handle_logger }}"
+      - "{{ libMESA_htable }}"
+      - "{{ libMESA_prof_load }}"
+      - "{{ librdkafka }}"
+      - "{{ librulescan }}"
+      - "{{ libwiredcfg }}"
+      - "{{ libWiredLB }}"
+      - "{{ lz4 }}"
+      - "{{ libtsglua }}"
+    state: absent
+  when: uninstall.framework == 1
+
+- name: remove framework files
+  file:
+    path: /opt/MESA
+    state: absent
+  when: remove.framework == 1

uninstall/roles/uninstall_adc_mcn0/tasks/framework_before_20.09.yml

@@ -0,0 +1,37 @@
+- name: create backup_dest_path
+  file:
+    path: "{{ backup_dest_path }}"
+    state: directory
+  when: backup.framework == 1
+
+- name: backup /home/tsg/certstore to destination path
+  archive:
+    path: /opt/MESA
+    dest: "{{ backup_dest_path }}/opt_MESA_{{ uninstall_version }}_{{ date }}.zip"
+    format: zip
+  when: backup.framework == 1
+
+- name: uninstall framework
+  yum:
+    name:
+      - "{{ libcjson }}"
+      - "{{ libdocument }}"
+      - "{{ libmaatframe }}"
+      - "{{ libMESA_field_stat }}"
+      - "{{ libMESA_field_stat2 }}"
+      - "{{ libMESA_handle_logger }}"
+      - "{{ libMESA_htable }}"
+      - "{{ libMESA_prof_load }}"
+      - "{{ librdkafka }}"
+      - "{{ librulescan }}"
+      - "{{ libwiredcfg }}"
+      - "{{ libWiredLB }}"
+      - "{{ lz4 }}"
+    state: absent
+  when: uninstall.framework == 1
+
+- name: remove framework files
+  file:
+    path: /opt/MESA
+    state: absent
+  when: remove.framework == 1

uninstall/roles/uninstall_adc_mcn0/tasks/main.yml

@@ -131,6 +131,29 @@
     state: absent
   when: remove.kni == 1
 
+####################
+#Tsg-app
+- name: stop sapp
+  systemd:
+    name: sapp
+    state: stopped
+    enabled: no
+  when:
+    - uninstall_version >= 20.09
+    - uninstall.tsg_app == 1
+  ignore_errors: true
+
+- name: uninstall tsg_app
+  yum:
+    name:
+      - "{{ app_sketch_local }}"
+      - "{{ app_control_plug }}"
+      - "{{ app_master }}"
+    state: absent
+  when:
+    - uninstall_version >= 20.09
+    - uninstall.tsg_app == 1
+
 ####################
 #Uninstall tsg_master
 - name: stop sapp
@@ -303,63 +326,24 @@
 
 ####################
 #Uninstall Certstore
-- name: stop certstore
-  systemd:
-    name: certstore
-    state: stopped
-    enabled: no
-  when: 
-    - backup.certstore == 1
-    - uninstall.certstore == 1
-  ignore_errors: true
+- name: uninstall certstore before 20.09
+  include: certstore_before_20.09.yml
+  when: uninstall_version < 20.09
 
-- name: create backup_dest_path
-  file:
-    path: "{{ backup_dest_path }}"
-    state: directory
-  when: backup.certstore == 1
-  
-- name: backup /home/tsg/certstore to destination path
-  archive:
-    path: /home/tsg/certstore
-    dest: "{{ backup_dest_path }}/certstore_{{ uninstall_version }}_{{ date }}.zip"
-    format: zip
-  when: backup.certstore == 1
-
-- name: uninstall certstore
-  yum:
-    name:
-      - "{{ certstore }}"
-    state: absent
-  when: uninstall.certstore == 1
-
-- name: remove certstore files
-  file:
-    path: /home/tsg/certstore
-    state: absent
-  when: remove.certstore == 1
-
-- name: remove certstore.service
-  file:
-    path: /usr/lib/systemd/system/certstore.service
-    state: absent
-  when: remove.certstore == 1
+- name: uninstall certstore after 20.09
+  include: certstore_after_20.09.yml
+  when: uninstall_version >= 20.09
 
 ####################
 #Uninstall cert-redis
-- name: stop cert-redis
-  systemd:
-    name: cert-redis
-    state: stopped
-    enabled: no
-  when: uninstall.certredis == 1 
-  ignore_errors: true
+- name: uninstall certredis before 20.09
+  include: certredis_before_20.09.yml
+  when: uninstall_version < 20.09
+
+- name: uninstall certredis after 20.09
+  include: certredis_after_20.09.yml
+  when: uninstall_version >= 20.09
 
-- name: remove cert-redis files
-  file:
-    path: /home/tsg/cert-redis
-    state: absent
-  when: remove.certredis == 1
 
 ####################
 #Uninstall clotho
@@ -407,43 +391,13 @@
 
 ####################
 #Uninstall framework
-- name: create backup_dest_path
-  file:
-    path: "{{ backup_dest_path }}"
-    state: directory
-  when: backup.framework == 1
+- name: uninstall framework before 20.09
+  include: framework_before_20.09.yml
+  when: uninstall_version < 20.09
 
-- name: backup /home/tsg/certstore to destination path
-  archive:
-    path: /opt/MESA
-    dest: "{{ backup_dest_path }}/opt_MESA_{{ uninstall_version }}_{{ date }}.zip"
-    format: zip
-  when: backup.framework == 1
-
-- name: uninstall framework
-  yum:
-    name:
-      - "{{ libcjson }}"
-      - "{{ libdocument }}"
-      - "{{ libmaatframe }}"
-      - "{{ libMESA_field_stat }}"
-      - "{{ libMESA_field_stat2 }}"
-      - "{{ libMESA_handle_logger }}"
-      - "{{ libMESA_htable }}"
-      - "{{ libMESA_prof_load }}"
-      - "{{ librdkafka }}"
-      - "{{ librulescan }}"
-      - "{{ libwiredcfg }}"
-      - "{{ libWiredLB }}"
-      - "{{ lz4 }}"
-    state: absent
-  when: uninstall.framework == 1
-
-- name: remove framework files
-  file:
-    path: /opt/MESA
-    state: absent
-  when: remove.framework == 1
+- name: uninstall framework after 20.09
+  include: framework_after_20.09.yml
+  when: uninstall_version >= 20.09
 
 ####################
 #Uninstall telegraf_statistic
@@ -474,6 +428,27 @@
     state: absent 
   when: remove.telegraf_statistic == 1
 
+####################
+#Tsg-diagnose
+- name: stop docker
+  systemd:
+    name: docker
+    state: stopped
+    enabled: no
+  when:
+    - uninstall.tsg_diagnose == 1
+    - uninstall_version >= 20.09
+  ignore_errors: true
+
+- name: uninstall tsg_diagnose
+  yum:
+    name:
+      - "{{ tsg_diagnose }}"
+    state: absent
+  when: 
+    - uninstall.tsg_diagnose == 1
+    - uninstall_version >= 20.09
+
 ####################
 #Remove other tsg files
 - name: remove /home/mesasoft

uninstall/roles/uninstall_server/tasks/certredis_after_20.09.yml

@@ -0,0 +1,13 @@
+- name: stop cert-redis
+  systemd:
+    name: cert-redis
+    state: stopped
+    enabled: no
+  when: uninstall.certredis == 1
+  ignore_errors: true
+
+- name: remove cert-redis files
+  file:
+    path: /opt/tsg/cert-redis
+    state: absent
+  when: remove.certredis == 1

uninstall/roles/uninstall_server/tasks/certredis_before_20.09.yml

@@ -0,0 +1,13 @@
+- name: stop cert-redis
+  systemd:
+    name: cert-redis
+    state: stopped
+    enabled: no
+  when: uninstall.certredis == 1
+  ignore_errors: true
+
+- name: remove cert-redis files
+  file:
+    path: /home/tsg/cert-redis
+    state: absent
+  when: remove.certredis == 1

uninstall/roles/uninstall_server/tasks/certstore_after_20.09.yml

@@ -0,0 +1,42 @@
+- name: stop certstore
+  systemd:
+    name: certstore
+    state: stopped
+    enabled: no
+  when:
+    - backup.certstore == 1
+    - uninstall.certstore == 1
+  ignore_errors: true
+
+- name: create backup_dest_path
+  file:
+    path: "{{ backup_dest_path }}"
+    state: directory
+  when: backup.certstore == 1
+
+- name: backup /opt/tsg/certstore to destination path
+  archive:
+    path: /opt/tsg/certstore
+    dest: "{{ backup_dest_path }}/certstore_{{ uninstall_version }}_{{ date }}.zip"
+    format: zip
+  when: backup.certstore == 1
+
+- name: uninstall certstore
+  yum:
+    name:
+      - "{{ certstore }}"
+    state: absent
+  when: uninstall.certstore == 1
+
+- name: remove certstore files
+  file:
+    path: /opt/tsg/certstore
+    state: absent
+  when: remove.certstore == 1
+
+- name: remove certstore.service
+  file:
+    path: /usr/lib/systemd/system/certstore.service
+    state: absent
+  when: remove.certstore == 1
+

uninstall/roles/uninstall_server/tasks/certstore_before_20.09.yml

@@ -0,0 +1,42 @@
+- name: stop certstore
+  systemd:
+    name: certstore
+    state: stopped
+    enabled: no
+  when:
+    - backup.certstore == 1
+    - uninstall.certstore == 1
+  ignore_errors: true
+
+- name: create backup_dest_path
+  file:
+    path: "{{ backup_dest_path }}"
+    state: directory
+  when: backup.certstore == 1
+
+- name: backup /home/tsg/certstore to destination path
+  archive:
+    path: /home/tsg/certstore
+    dest: "{{ backup_dest_path }}/certstore_{{ uninstall_version }}_{{ date }}.zip"
+    format: zip
+  when: backup.certstore == 1
+
+- name: uninstall certstore
+  yum:
+    name:
+      - "{{ certstore }}"
+    state: absent
+  when: uninstall.certstore == 1
+
+- name: remove certstore files
+  file:
+    path: /home/tsg/certstore
+    state: absent
+  when: remove.certstore == 1
+
+- name: remove certstore.service
+  file:
+    path: /usr/lib/systemd/system/certstore.service
+    state: absent
+  when: remove.certstore == 1
+

uninstall/roles/uninstall_server/tasks/framework_after_20.09.yml

@@ -0,0 +1,38 @@
+- name: create backup_dest_path
+  file:
+    path: "{{ backup_dest_path }}"
+    state: directory
+  when: backup.framework == 1
+
+- name: backup /home/tsg/certstore to destination path
+  archive:
+    path: /opt/MESA
+    dest: "{{ backup_dest_path }}/opt_MESA_{{ uninstall_version }}_{{ date }}.zip"
+    format: zip
+  when: backup.framework == 1
+
+- name: uninstall framework
+  yum:
+    name:
+      - "{{ libcjson }}"
+      - "{{ libdocument }}"
+      - "{{ libmaatframe }}"
+      - "{{ libMESA_field_stat }}"
+      - "{{ libMESA_field_stat2 }}"
+      - "{{ libMESA_handle_logger }}"
+      - "{{ libMESA_htable }}"
+      - "{{ libMESA_prof_load }}"
+      - "{{ librdkafka }}"
+      - "{{ librulescan }}"
+      - "{{ libwiredcfg }}"
+      - "{{ libWiredLB }}"
+      - "{{ lz4 }}"
+      - "{{ libtsglua }}"
+    state: absent
+  when: uninstall.framework == 1
+
+- name: remove framework files
+  file:
+    path: /opt/MESA
+    state: absent
+  when: remove.framework == 1

uninstall/roles/uninstall_server/tasks/framework_before_20.09.yml

@@ -0,0 +1,37 @@
+- name: create backup_dest_path
+  file:
+    path: "{{ backup_dest_path }}"
+    state: directory
+  when: backup.framework == 1
+
+- name: backup /opt/MESA to destination path
+  archive:
+    path: /opt/MESA
+    dest: "{{ backup_dest_path }}/opt_MESA_{{ uninstall_version }}_{{ date }}.zip"
+    format: zip
+  when: backup.framework == 1
+
+- name: uninstall framework
+  yum:
+    name:
+      - "{{ libcjson }}"
+      - "{{ libdocument }}"
+      - "{{ libmaatframe }}"
+      - "{{ libMESA_field_stat }}"
+      - "{{ libMESA_field_stat2 }}"
+      - "{{ libMESA_handle_logger }}"
+      - "{{ libMESA_htable }}"
+      - "{{ libMESA_prof_load }}"
+      - "{{ librdkafka }}"
+      - "{{ librulescan }}"
+      - "{{ libwiredcfg }}"
+      - "{{ libWiredLB }}"
+      - "{{ lz4 }}"
+    state: absent
+  when: uninstall.framework == 1
+
+- name: remove framework files
+  file:
+    path: /opt/MESA
+    state: absent
+  when: remove.framework == 1

uninstall/roles/uninstall_server/tasks/main.yml

@@ -130,6 +130,28 @@
     path: /home/mesasoft/sapp_run/etc/kni/
     state: absent
   when: remove.kni == 1
+####################
+#Tsg-app
+- name: stop sapp
+  systemd:
+    name: sapp
+    state: stopped
+    enabled: no
+  when:
+    - uninstall_version >= 20.09
+    - uninstall.tsg_app == 1
+  ignore_errors: true
+
+- name: uninstall tsg_app
+  yum:
+    name:
+      - "{{ app_sketch_local }}"
+      - "{{ app_control_plug }}"
+      - "{{ app_master }}"
+    state: absent
+  when:
+    - uninstall_version >= 20.09 
+    - uninstall.tsg_app == 1
 
 ####################
 #Uninstall tsg_master
@@ -369,63 +391,23 @@
 
 ####################
 #Uninstall Certstore
-- name: stop certstore
-  systemd:
-    name: certstore
-    state: stopped
-    enabled: no
-  when: 
-    - backup.certstore == 1
-    - uninstall.certstore == 1
-  ignore_errors: true
+- name: uninstall certstore before 20.09
+  include: certstore_before_20.09.yml
+  when: uninstall_version < 20.09
 
-- name: create backup_dest_path
-  file:
-    path: "{{ backup_dest_path }}"
-    state: directory
-  when: backup.certstore == 1
-  
-- name: backup /home/tsg/certstore to destination path
-  archive:
-    path: /home/tsg/certstore
-    dest: "{{ backup_dest_path }}/certstore_{{ uninstall_version }}_{{ date }}.zip"
-    format: zip
-  when: backup.certstore == 1
-
-- name: uninstall certstore
-  yum:
-    name:
-      - "{{ certstore }}"
-    state: absent
-  when: uninstall.certstore == 1
-
-- name: remove certstore files
-  file:
-    path: /home/tsg/certstore
-    state: absent
-  when: remove.certstore == 1
-
-- name: remove certstore.service
-  file:
-    path: /usr/lib/systemd/system/certstore.service
-    state: absent
-  when: remove.certstore == 1
+- name: uninstall certstore after 20.09
+  include: certstore_after_20.09.yml
+  when: uninstall_version >= 20.09
 
 ####################
 #Uninstall cert-redis
-- name: stop cert-redis
-  systemd:
-    name: cert-redis
-    state: stopped
-    enabled: no
-  when: uninstall.certredis == 1 
-  ignore_errors: true
+- name: uninstall certredis before 20.09
+  include: certredis_before_20.09.yml
+  when: uninstall_version < 20.09
 
-- name: remove cert-redis files
-  file:
-    path: /home/tsg/cert-redis
-    state: absent
-  when: remove.certredis == 1
+- name: uninstall certredis after 20.09
+  include: certredis_after_20.09.yml
+  when: uninstall_version >= 20.09
 
 ####################
 #Uninstall clotho
@@ -473,43 +455,13 @@
 
 ####################
 #Uninstall framework
-- name: create backup_dest_path
-  file:
-    path: "{{ backup_dest_path }}"
-    state: directory
-  when: backup.framework == 1
+- name: uninstall framework before 20.09
+  include: framework_before_20.09.yml
+  when: uninstall_version < 20.09
 
-- name: backup /home/tsg/certstore to destination path
-  archive:
-    path: /opt/MESA
-    dest: "{{ backup_dest_path }}/opt_MESA_{{ uninstall_version }}_{{ date }}.zip"
-    format: zip
-  when: backup.framework == 1
-
-- name: uninstall framework
-  yum:
-    name:
-      - "{{ libcjson }}"
-      - "{{ libdocument }}"
-      - "{{ libmaatframe }}"
-      - "{{ libMESA_field_stat }}"
-      - "{{ libMESA_field_stat2 }}"
-      - "{{ libMESA_handle_logger }}"
-      - "{{ libMESA_htable }}"
-      - "{{ libMESA_prof_load }}"
-      - "{{ librdkafka }}"
-      - "{{ librulescan }}"
-      - "{{ libwiredcfg }}"
-      - "{{ libWiredLB }}"
-      - "{{ lz4 }}"
-    state: absent
-  when: uninstall.framework == 1
-
-- name: remove framework files
-  file:
-    path: /opt/MESA
-    state: absent
-  when: remove.framework == 1
+- name: uninstall framework after 20.09
+  include: framework_after_20.09.yml
+  when: uninstall_version >= 20.09 
 
 ####################
 #Uninstall telegraf_statistic

uninstall/uninstall_config/group_vars/uninstall_vars.yml

@@ -1,12 +1,12 @@
 ####################
 #Uninstall the target TSG version
-#Support 20.08 / 20.07 / 20.07.rc1 / 20.06.1
-uninstall_version: 20.08
+#Support 20.09 / 20.08 / 20.07 / 20.07.rc1 / 20.06.1
+uninstall_version: 20.09
 
 ####################
 #Backup
 backup_dest_path: /root/backup_data
-date: 20200914
+date: 20200921
 backup:
   marsio: 1
   tfe: 1
@@ -35,6 +35,8 @@ uninstall:
   http_healthcheck: 1
   telegraf_statistic: 1
   tsg_env_tun_mode: 0
+  tsg_app: 1
+  tsg_diagnose: 1
 
 ####################
 #Remove list

uninstall/uninstall_tsg.yml

@@ -4,7 +4,7 @@
    - uninstall_server
   vars_files:
     - uninstall_config/group_vars/uninstall_vars.yml
-    - roles/package_list/20.08.yml
+    - roles/package_list/20.09.yml
 
 - hosts: uninstall_adc_mcn0
   remote_user: root
@@ -12,7 +12,7 @@
    - uninstall_adc_mcn0
   vars_files:
     - uninstall_config/group_vars/uninstall_vars.yml
-    - roles/package_list/20.08.yml
+    - roles/package_list/20.09.yml
 
 - hosts: uninstall_adc_mcn123
   remote_user: root
@@ -20,4 +20,4 @@
    - uninstall_adc_mcn123
   vars_files:
     - uninstall_config/group_vars/uninstall_vars.yml
-    - roles/package_list/20.08.yml
+    - roles/package_list/20.09.yml