diff --git a/deploy.yml b/deploy.yml index 72c61b3..38037ae 100644 --- a/deploy.yml +++ b/deploy.yml @@ -31,4 +31,11 @@ - hosts: blade-mxn roles: - tsg-env-mxn - \ No newline at end of file + +- hosts: pc-as-tun-mode + roles: + - mrzcpd + - framework + - kni + - certstore + - tfe diff --git a/env-stage-pc/group_vars/all.yml b/env-stage-pc/group_vars/all.yml new file mode 100644 index 0000000..7e97e2b --- /dev/null +++ b/env-stage-pc/group_vars/all.yml @@ -0,0 +1,80 @@ +maat_redis_server: + address: "192.168.40.83" + port: 7002 + db: 0 + +dynamic_maat_redis_server: + address: "192.168.40.83" + port: 7002 + db: 0 + +cert_store_server: + address: "127.0.0.1" + port: 9991 + +log_kafkabrokers: + address: "192.168.40.85:9092" + +log_minio: + address: "192.168.40.85;" + port: 9000 + +fs_remote: + switch: 1 + address: "127.0.0.1" + port: 8125 + +kni: + global: + log_level: 30 + tfe_node_count: 3 + watch_dog: + switch: 1 + maat: + readconf_mode: 2 + send_logger: + switch: 1 + tfe_nodes: + - tfe0: + enabled: 1 + - tfe1: + enabled: 1 + - tfe2: + enabled: 1 +tfe: + nr_threads: 32 + keykeeper: + mode: "normal" + no_cache: 0 + +mrzcpd: + iocore: 47 + +mrtunnat: + lcore_id: 46 + +nic_mgr: + name: eth0 +nic_data_incoming: + name: tun_kni + address: 127.0.0.1 +nic_inner_ctrl: + name: lo +nic_to_tfe: + tfe0: + name: lo + tfe1: + name: lo + tfe2: + name: lo +nic_traffic_mirror: + name: lo + use_mrzcpd: 0 + +nic_transparent_mode: + enable: 1 + mode: pcap + internel_interface: "enp0s20f0u3" + external_interface: "enp0s20f0u4" + +run_as_tun_mode: 1 diff --git a/env-stage-pc/hosts b/env-stage-pc/hosts new file mode 100644 index 0000000..c6b8d1c --- /dev/null +++ b/env-stage-pc/hosts @@ -0,0 +1,6 @@ +[all:vars] +ansible_user=root +package_source=local + +[pc-as-tun-mode] +192.168.40.85 \ No newline at end of file diff --git a/env-stage-xxg/hosts b/env-stage-xxg/hosts index cfcd7e6..188df95 100644 --- a/env-stage-xxg/hosts +++ b/env-stage-xxg/hosts @@ -1,6 +1,6 @@ [all:vars] ansible_user=root -package_source=local +package_source=pulp [blade-mxn] 192.168.40.25 diff --git a/roles/kni/tasks/main.yml b/roles/kni/tasks/main.yml index 92c2ed8..4df718b 100644 --- a/roles/kni/tasks/main.yml +++ b/roles/kni/tasks/main.yml @@ -13,7 +13,7 @@ - name: "install kni rpms from localhost" yum: name: - - /tmp/ansible_deploy/kni-2.1.0.b0bbde4-1.el7.centos.x86_64.rpm + - /tmp/ansible_deploy/kni-2.1.3.660d2c0-1.el7.centos.x86_64.rpm state: present - name: Template the sapp.toml @@ -51,4 +51,3 @@ name: sapp enabled: yes daemon_reload: yes - diff --git a/roles/kni/templates/kni.conf.j2 b/roles/kni/templates/kni.conf.j2 index 765100a..989de04 100644 --- a/roles/kni/templates/kni.conf.j2 +++ b/roles/kni/templates/kni.conf.j2 @@ -3,7 +3,11 @@ log_path = ./log/kni/kni.log log_level = {{ kni.global.log_level }} tfe_node_count = {{ kni.global.tfe_node_count }} manage_eth = {{ nic_mgr.name }} +{% if run_as_tun_mode %} +deploy_mode = tun +{% else %} deploy_mode = normal +{% endif %} tun_name = tun_kni src_mac_addr = 00:0e:c6:d6:72:c1 dst_mac_addr = fe:65:b7:03:50:bd diff --git a/roles/kni/templates/sapp.toml.j2 b/roles/kni/templates/sapp.toml.j2 index 14c2a35..65f0ffb 100644 --- a/roles/kni/templates/sapp.toml.j2 +++ b/roles/kni/templates/sapp.toml.j2 @@ -20,16 +20,30 @@ BSD_packet_filter="" ### note, depolyment.mode options: [mirror, inline, transparent] [packet_io.depolyment] + {% if nic_transparent_mode.enable %} + mode=transparent + {% else %} mode=inline + {% endif %} ### note, interface.type options: [pag,pcap,marsio] [packet_io.internal.interface] + {% if nic_transparent_mode.enable %} + type={{nic_transparent_mode.mode}} + name={{nic_transparent_mode.internel_interface}} + {% else %} type=marsio name=vxlan_user + {% endif %} [packet_io.external.interface] + {% if nic_transparent_mode.enable %} + type={{nic_transparent_mode.mode}} + name={{nic_transparent_mode.external_interface}} + {% else %} type=pcap name=lo + {% endif %} [packet_io.polling] ### note, polling_priority = call sapp_recv_pkt every call polling_entry times, diff --git a/roles/mrzcpd/tasks/main.yml b/roles/mrzcpd/tasks/main.yml index b3c7bce..582b638 100644 --- a/roles/mrzcpd/tasks/main.yml +++ b/roles/mrzcpd/tasks/main.yml @@ -1,45 +1,61 @@ ---- -- name: "copy mrzcpd to destination server" - synchronize: - src: "{{ role_path }}/files/" - dest: "/tmp/ansible_deploy/" - -- name: "install mrzcpd" - yum: - name: /tmp/ansible_deploy/mrzcpd-4.3.14.79e262c-1.el7.x86_64.rpm - state: present - -- name: "update sysconfig/mrzcpd" - template: - src: "{{ role_path }}/templates/mrzcpd.j2" - dest: /etc/sysconfig/mrzcpd - -- name: "update mrglobal.conf - slave blade" - template: - src: "{{ role_path }}/templates/mrglobal.conf.traffic_mirror.j2" - dest: /opt/mrzcpd/etc/mrglobal.conf - when: nic_traffic_mirror is defined - -- name: "update mrglobal.conf - master blade" - template: - src: "{{ role_path }}/templates/mrglobal.conf.inline.j2" - dest: /opt/mrzcpd/etc/mrglobal.conf - when: nic_traffic_mirror is not defined - -- name: "update mrtunnat.conf - master blade" - template: - src: "{{ role_path }}/templates/mrtunnat.conf.inline.j2" - dest: /opt/mrzcpd/etc/mrtunnat.conf - when: nic_traffic_mirror is not defined - -- name: "enable mrenv" - systemd: - name: mrenv - enabled: yes - daemon_reload: yes - -- name: "enable mrzcpd" - systemd: - name: mrzcpd - enabled: yes - daemon_reload: yes +--- +- name: "copy mrzcpd to destination server" + synchronize: + src: "{{ role_path }}/files/" + dest: "/tmp/ansible_deploy/" + +- name: "install mrzcpd" + yum: + name: /tmp/ansible_deploy/mrzcpd-4.3.14.79e262c-1.el7.x86_64.rpm + state: present + +- name: "update sysconfig/mrzcpd" + template: + src: "{{ role_path }}/templates/mrzcpd.j2" + dest: /etc/sysconfig/mrzcpd + +- name: "update mrglobal.conf - slave blade" + template: + src: "{{ role_path }}/templates/mrglobal.conf.traffic_mirror.j2" + dest: /opt/mrzcpd/etc/mrglobal.conf + when: nic_traffic_mirror is defined + +- name: "update mrglobal.conf - master blade" + template: + src: "{{ role_path }}/templates/mrglobal.conf.inline.j2" + dest: /opt/mrzcpd/etc/mrglobal.conf + when: nic_traffic_mirror is not defined + +- name: "update mrtunnat.conf - master blade" + template: + src: "{{ role_path }}/templates/mrtunnat.conf.inline.j2" + dest: /opt/mrzcpd/etc/mrtunnat.conf + when: nic_traffic_mirror is not defined + +- name: "enable mrenv" + systemd: + name: mrenv + enabled: yes + daemon_reload: yes + when: nic_traffic_mirror.use_mrzcpd == 1 + +- name: "mask mrenv" + systemd: + name: mrenv + masked: yes + daemon_reload: yes + when: nic_traffic_mirror.use_mrzcpd == 0 + +- name: "enable mrzcpd" + systemd: + name: mrzcpd + enabled: yes + daemon_reload: yes + when: nic_traffic_mirror.use_mrzcpd == 1 + +- name: "mask mrzcpd" + systemd: + name: mrzcpd + masked: yes + daemon_reload: yes + when: nic_traffic_mirror.use_mrzcpd == 0 diff --git a/roles/tfe/tasks/main.yml b/roles/tfe/tasks/main.yml index 2cb11e7..8028703 100644 --- a/roles/tfe/tasks/main.yml +++ b/roles/tfe/tasks/main.yml @@ -40,6 +40,14 @@ name: tfe-env enabled: yes daemon_reload: yes + when: not run_as_tun_mode + +- name: "enable tfe-env-tun" + systemd: + name: tfe-env-tun-mode + enabled: yes + daemon_reload: yes + when: run_as_tun_mode - name: "enable tfe" systemd: diff --git a/roles/tfe/templates/tfe-env-config.j2 b/roles/tfe/templates/tfe-env-config.j2 index c49fd92..aa4a656 100644 --- a/roles/tfe/templates/tfe-env-config.j2 +++ b/roles/tfe/templates/tfe-env-config.j2 @@ -3,4 +3,9 @@ TFE_DEVICE_DATA_INCOMING={{nic_data_incoming.name}} TFE_LOCAL_MAC_DATA_INCOMING=fe:65:b7:03:50:bd TFE_PEER_MAC_DATA_INCOMING=aa:bb:cc:dd:ee:ff TFE_LOCAL_IP_DATA_INCOMING=172.16.241.2 -TFE_PEER_IP_DATA_INCOMING=172.16.241.1 \ No newline at end of file +TFE_PEER_IP_DATA_INCOMING=172.16.241.1 + +{% if run_as_tun_mode %} +TFE_WATCHDOG_DEVICE=lo +TFE_WATCHDOG_IP=127.0.0.1 +{% endif %} \ No newline at end of file diff --git a/roles/tfe/templates/tfe.conf.j2 b/roles/tfe/templates/tfe.conf.j2 index 3f9d52b..0087bd9 100644 --- a/roles/tfe/templates/tfe.conf.j2 +++ b/roles/tfe/templates/tfe.conf.j2 @@ -37,7 +37,7 @@ passthrough_all_tcp=0 [traffic_mirror] device= {{ nic_traffic_mirror.name }} -type = 1 +type = {{ nic_traffic_mirror.use_mrzcpd }} [ratelimit] #read_rate=200000