gfwleak/solutions-tsg-scripts
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

增加TUN与双臂模式的部署支持

Browse Source
This commit is contained in:
Lu Qiuwen
2019-09-26 16:10:41 +08:00
parent f123e488f8
commit 0885700e69
11 changed files with 190 additions and 51 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
deploy.yml
View File

@@ -31,4 +31,11 @@
- hosts: blade-mxn - hosts: blade-mxn
roles: roles:
- tsg-env-mxn - tsg-env-mxn
- hosts: pc-as-tun-mode
roles:
- mrzcpd
- framework
- kni
- certstore
- tfe

80
env-stage-pc/group_vars/all.yml Normal file
View File

@@ -0,0 +1,80 @@
maat_redis_server:
address: "192.168.40.83"
port: 7002
db: 0
dynamic_maat_redis_server:
address: "192.168.40.83"
port: 7002
db: 0
cert_store_server:
address: "127.0.0.1"
port: 9991
log_kafkabrokers:
address: "192.168.40.85:9092"
log_minio:
address: "192.168.40.85;"
port: 9000
fs_remote:
switch: 1
address: "127.0.0.1"
port: 8125
kni:
global:
log_level: 30
tfe_node_count: 3
watch_dog:
switch: 1
maat:
readconf_mode: 2
send_logger:
switch: 1
tfe_nodes:
- tfe0:
enabled: 1
- tfe1:
enabled: 1
- tfe2:
enabled: 1
tfe:
nr_threads: 32
keykeeper:
mode: "normal"
no_cache: 0
mrzcpd:
iocore: 47
mrtunnat:
lcore_id: 46
nic_mgr:
name: eth0
nic_data_incoming:
name: tun_kni
address: 127.0.0.1
nic_inner_ctrl:
name: lo
nic_to_tfe:
tfe0:
name: lo
tfe1:
name: lo
tfe2:
name: lo
nic_traffic_mirror:
name: lo
use_mrzcpd: 0
nic_transparent_mode:
enable: 1
mode: pcap
internel_interface: "enp0s20f0u3"
external_interface: "enp0s20f0u4"
run_as_tun_mode: 1

6
env-stage-pc/hosts Normal file
View File

@@ -0,0 +1,6 @@
[all:vars]
ansible_user=root
package_source=local
[pc-as-tun-mode]
192.168.40.85

2
env-stage-xxg/hosts
View File

@@ -1,6 +1,6 @@
[all:vars] [all:vars]
ansible_user=root ansible_user=root
package_source=local package_source=pulp
[blade-mxn] [blade-mxn]
192.168.40.25 192.168.40.25

3
roles/kni/tasks/main.yml
View File

@@ -13,7 +13,7 @@
- name: "install kni rpms from localhost" - name: "install kni rpms from localhost"
yum: yum:
name: name:
- /tmp/ansible_deploy/kni-2.1.0.b0bbde4-1.el7.centos.x86_64.rpm - /tmp/ansible_deploy/kni-2.1.3.660d2c0-1.el7.centos.x86_64.rpm
state: present state: present
- name: Template the sapp.toml - name: Template the sapp.toml
@@ -51,4 +51,3 @@
name: sapp name: sapp
enabled: yes enabled: yes
daemon_reload: yes daemon_reload: yes

4
roles/kni/templates/kni.conf.j2
View File

@@ -3,7 +3,11 @@ log_path = ./log/kni/kni.log
log_level = {{ kni.global.log_level }} log_level = {{ kni.global.log_level }}
tfe_node_count = {{ kni.global.tfe_node_count }} tfe_node_count = {{ kni.global.tfe_node_count }}
manage_eth = {{ nic_mgr.name }} manage_eth = {{ nic_mgr.name }}
{% if run_as_tun_mode %}
deploy_mode = tun
{% else %}
deploy_mode = normal deploy_mode = normal
{% endif %}
tun_name = tun_kni tun_name = tun_kni
src_mac_addr = 00:0e:c6:d6:72:c1 src_mac_addr = 00:0e:c6:d6:72:c1
dst_mac_addr = fe:65:b7:03:50:bd dst_mac_addr = fe:65:b7:03:50:bd

14
roles/kni/templates/sapp.toml.j2
View File

@@ -20,16 +20,30 @@ BSD_packet_filter=""
### note, depolyment.mode options: [mirror, inline, transparent] ### note, depolyment.mode options: [mirror, inline, transparent]
[packet_io.depolyment] [packet_io.depolyment]
{% if nic_transparent_mode.enable %}
mode=transparent
{% else %}
mode=inline mode=inline
{% endif %}
### note, interface.type options: [pag,pcap,marsio] ### note, interface.type options: [pag,pcap,marsio]
[packet_io.internal.interface] [packet_io.internal.interface]
{% if nic_transparent_mode.enable %}
type={{nic_transparent_mode.mode}}
name={{nic_transparent_mode.internel_interface}}
{% else %}
type=marsio type=marsio
name=vxlan_user name=vxlan_user
{% endif %}
[packet_io.external.interface] [packet_io.external.interface]
{% if nic_transparent_mode.enable %}
type={{nic_transparent_mode.mode}}
name={{nic_transparent_mode.external_interface}}
{% else %}
type=pcap type=pcap
name=lo name=lo
{% endif %}
[packet_io.polling] [packet_io.polling]
### note, polling_priority = call sapp_recv_pkt every call polling_entry times, ### note, polling_priority = call sapp_recv_pkt every call polling_entry times,

106
roles/mrzcpd/tasks/main.yml
View File

@@ -1,45 +1,61 @@
--- ---
- name: "copy mrzcpd to destination server" - name: "copy mrzcpd to destination server"
synchronize: synchronize:
src: "{{ role_path }}/files/" src: "{{ role_path }}/files/"
dest: "/tmp/ansible_deploy/" dest: "/tmp/ansible_deploy/"
- name: "install mrzcpd" - name: "install mrzcpd"
yum: yum:
name: /tmp/ansible_deploy/mrzcpd-4.3.14.79e262c-1.el7.x86_64.rpm name: /tmp/ansible_deploy/mrzcpd-4.3.14.79e262c-1.el7.x86_64.rpm
state: present state: present
- name: "update sysconfig/mrzcpd" - name: "update sysconfig/mrzcpd"
template: template:
src: "{{ role_path }}/templates/mrzcpd.j2" src: "{{ role_path }}/templates/mrzcpd.j2"
dest: /etc/sysconfig/mrzcpd dest: /etc/sysconfig/mrzcpd
- name: "update mrglobal.conf - slave blade" - name: "update mrglobal.conf - slave blade"
template: template:
src: "{{ role_path }}/templates/mrglobal.conf.traffic_mirror.j2" src: "{{ role_path }}/templates/mrglobal.conf.traffic_mirror.j2"
dest: /opt/mrzcpd/etc/mrglobal.conf dest: /opt/mrzcpd/etc/mrglobal.conf
when: nic_traffic_mirror is defined when: nic_traffic_mirror is defined
- name: "update mrglobal.conf - master blade" - name: "update mrglobal.conf - master blade"
template: template:
src: "{{ role_path }}/templates/mrglobal.conf.inline.j2" src: "{{ role_path }}/templates/mrglobal.conf.inline.j2"
dest: /opt/mrzcpd/etc/mrglobal.conf dest: /opt/mrzcpd/etc/mrglobal.conf
when: nic_traffic_mirror is not defined when: nic_traffic_mirror is not defined
- name: "update mrtunnat.conf - master blade" - name: "update mrtunnat.conf - master blade"
template: template:
src: "{{ role_path }}/templates/mrtunnat.conf.inline.j2" src: "{{ role_path }}/templates/mrtunnat.conf.inline.j2"
dest: /opt/mrzcpd/etc/mrtunnat.conf dest: /opt/mrzcpd/etc/mrtunnat.conf
when: nic_traffic_mirror is not defined when: nic_traffic_mirror is not defined
- name: "enable mrenv" - name: "enable mrenv"
systemd: systemd:
name: mrenv name: mrenv
enabled: yes enabled: yes
daemon_reload: yes daemon_reload: yes
when: nic_traffic_mirror.use_mrzcpd == 1
- name: "enable mrzcpd"
systemd: - name: "mask mrenv"
name: mrzcpd systemd:
enabled: yes name: mrenv
daemon_reload: yes masked: yes
daemon_reload: yes
when: nic_traffic_mirror.use_mrzcpd == 0
- name: "enable mrzcpd"
systemd:
name: mrzcpd
enabled: yes
daemon_reload: yes
when: nic_traffic_mirror.use_mrzcpd == 1
- name: "mask mrzcpd"
systemd:
name: mrzcpd
masked: yes
daemon_reload: yes
when: nic_traffic_mirror.use_mrzcpd == 0

8
roles/tfe/tasks/main.yml
View File

@@ -40,6 +40,14 @@
name: tfe-env name: tfe-env
enabled: yes enabled: yes
daemon_reload: yes daemon_reload: yes
when: not run_as_tun_mode
- name: "enable tfe-env-tun"
systemd:
name: tfe-env-tun-mode
enabled: yes
daemon_reload: yes
when: run_as_tun_mode
- name: "enable tfe" - name: "enable tfe"
systemd: systemd:

7
roles/tfe/templates/tfe-env-config.j2
View File

@@ -3,4 +3,9 @@ TFE_DEVICE_DATA_INCOMING={{nic_data_incoming.name}}
TFE_LOCAL_MAC_DATA_INCOMING=fe:65:b7:03:50:bd TFE_LOCAL_MAC_DATA_INCOMING=fe:65:b7:03:50:bd
TFE_PEER_MAC_DATA_INCOMING=aa:bb:cc:dd:ee:ff TFE_PEER_MAC_DATA_INCOMING=aa:bb:cc:dd:ee:ff
TFE_LOCAL_IP_DATA_INCOMING=172.16.241.2 TFE_LOCAL_IP_DATA_INCOMING=172.16.241.2
TFE_PEER_IP_DATA_INCOMING=172.16.241.1 TFE_PEER_IP_DATA_INCOMING=172.16.241.1
{% if run_as_tun_mode %}
TFE_WATCHDOG_DEVICE=lo
TFE_WATCHDOG_IP=127.0.0.1
{% endif %}

2
roles/tfe/templates/tfe.conf.j2
View File

@@ -37,7 +37,7 @@ passthrough_all_tcp=0
[traffic_mirror] [traffic_mirror]
device= {{ nic_traffic_mirror.name }} device= {{ nic_traffic_mirror.name }}
type = 1 type = {{ nic_traffic_mirror.use_mrzcpd }}
[ratelimit] [ratelimit]
#read_rate=200000 #read_rate=200000