Merge branch 'tsg-version20.11.rc1-deploy-firewall' of https://git.mesalab.cn/tsg/tsg-scripts into tsg-version20.11.rc1-deploy-firewall

# Conflicts: # roles/firewall/tasks/main.yml
2020-10-16 09:55:34 +08:00
parent b2c9836677 44885b6f02
commit 27f242ec8f
21 changed files with 112 additions and 54 deletions
--- a/install_config/group_vars/adc_global.yml
+++ b/install_config/group_vars/adc_global.yml
@@ -46,10 +46,13 @@ capture_packet_log_level: 10
 tsg_log_level: 10
 tsg_master_log_level: 10
 kni_log_level: 10
-tfe_log_level: 10
-tfe_http_log_level: 10
-pangu_log_level: 10
-doh_log_level: 10
+
+#日志等级 DEBUG INFO FATAL
+tfe_log_level: DEBUG
+tfe_http_log_level: DEBUG
+pangu_log_level: DEBUG
+doh_log_level: DEBUG
+
 certstore_log_level: 10
 clotho_log_level: 10

--- a/install_config/group_vars/server_as_tun_mode.yml
+++ b/install_config/group_vars/server_as_tun_mode.yml
@@ -51,10 +51,14 @@ capture_packet_log_level: 10
 tsg_log_level: 10
 tsg_master_log_level: 10
 kni_log_level: 10
-tfe_log_level: 10
-tfe_http_log_level: 10
-pangu_log_level: 10
-doh_log_level: 10
+
+
+#日志等级 DEBUG INFO FATAL
+tfe_log_level: DEBUG
+tfe_http_log_level: DEBUG
+pangu_log_level: DEBUG
+doh_log_level: DEBUG
+
 certstore_log_level: 10
 clotho_log_level: 10

--- a/roles/app_global/files/app-sketch-global-1.0.2.20200918.ab44d17-1.el7.x86_64.rpm
+++ b/roles/app_global/files/app-sketch-global-1.0.2.20200918.ab44d17-1.el7.x86_64.rpm
--- a/roles/app_global/files/app-sketch-global-1.0.2.20200918.c702d02-1.el7.x86_64.rpm
+++ b/roles/app_global/files/app-sketch-global-1.0.2.20200918.c702d02-1.el7.x86_64.rpm
--- a/roles/app_global/tasks/main.yml
+++ b/roles/app_global/tasks/main.yml
@@ -7,7 +7,7 @@
  yum:
    name:
      - /tmp/ansible_deploy/emqx-centos7-v4.1.2.x86_64.rpm
-      - /tmp/ansible_deploy/app-sketch-global-1.0.2.20200918.c702d02-1.el7.x86_64.rpm
+      - /tmp/ansible_deploy/app-sketch-global-1.0.2.20200918.ab44d17-1.el7.x86_64.rpm
    state: present

 - name: "template the app_sketch_global.conf"
@@ -15,6 +15,11 @@
    src: "{{ role_path }}/templates/app_sketch_global.conf.j2"
    dest: /opt/tsg/app-sketch-global/conf/app_sketch_global.conf

+- name: "template the zlog.conf"
+  template:
+    src: "{{ role_path }}/templates/zlog.conf.j2"
+    dest: /opt/tsg/app-sketch-global/conf/zlog.conf
+
 - name: "Start emqx"
  systemd:
    name: emqx.service
--- a/roles/app_global/templates/app_sketch_global.conf.j2
+++ b/roles/app_global/templates/app_sketch_global.conf.j2
@@ -1,9 +1,14 @@
 [SYSTEM]
 #1:print on screen, 0:don't
 DEBUG_SWITCH = 1
-#10:DEBUG, 20:INFO, 30:FATAL
-RUN_LOG_LEVEL = {{ app_sketch_global_log_level }}
-RUN_LOG_PATH = ./logs
+RUN_LOG_PATH = "conf/zlog.conf"
+
+[breakpad]
+disable_coredump=0
+enable_breakpad=1
+breakpad_minidump_dir=/tmp/app-sketch-global/crashreport
+enable_breakpad_upload=0
+breakpad_upload_url=http://127.0.0.1/

 [CONFIG]
 #Number of running threads
--- a/roles/app_global/templates/zlog.conf.j2
+++ b/roles/app_global/templates/zlog.conf.j2
@@ -0,0 +1,12 @@
+[global]
+default format = "%d(%c), %V, %F, %U, %m%n"
+[levels]
+DEBUG=10
+INFO=20
+FATAL=30
+[rules]
+*.fatal        "./logs/error.log.%d(%F)";
+*.{{ app_sketch_global_log_level }}		"./logs/app_sketch_global.log.%d(%F)"
+
+
+
--- a/roles/certstore/files/certstore-2.1.2.202009.87fcacf-1.el7.x86_64.rpm
+++ b/roles/certstore/files/certstore-2.1.2.202009.87fcacf-1.el7.x86_64.rpm
--- a/roles/certstore/files/certstore-2.1.2.20200923.a36312c-1.el7.x86_64.rpm
+++ b/roles/certstore/files/certstore-2.1.2.20200923.a36312c-1.el7.x86_64.rpm
--- a/roles/certstore/tasks/main.yml
+++ b/roles/certstore/tasks/main.yml
@@ -10,7 +10,7 @@
 - name: install certstore
  yum:
    name:
-      - /tmp/ansible_deploy/certstore-2.1.2.202009.87fcacf-1.el7.x86_64.rpm
+      - /tmp/ansible_deploy/certstore-2.1.2.20200923.a36312c-1.el7.x86_64.rpm
    state: present

 - name: template certstore configure file
@@ -18,6 +18,11 @@
    src: "{{ role_path }}/templates/cert_store.ini.j2"
    dest: /opt/tsg/certstore/conf/cert_store.ini

+- name: template certstore zlog file
+  template:
+    src: "{{ role_path }}/templates/zlog.conf.j2"
+    dest: /opt/tsg/certstore/conf/zlog.conf
+
 - name: "start certstore"
  systemd:
    name: certstore.service
--- a/roles/certstore/templates/cert_store.ini.j2
+++ b/roles/certstore/templates/cert_store.ini.j2
@@ -1,9 +1,15 @@
 [SYSTEM]
 #1:print on screen, 0:don't
 DEBUG_SWITCH = 1
-#10:DEBUG, 20:INFO, 30:FATAL
-RUN_LOG_LEVEL = {{ certstore_log_level }}
-RUN_LOG_PATH = ./logs
+RUN_LOG_PATH = "conf/zlog.conf"
+
+[breakpad]
+disable_coredump=0
+enable_breakpad=1
+breakpad_minidump_dir=/tmp/certstore/crashreport
+enable_breakpad_upload=0
+breakpad_upload_url=http://127.0.0.1/
+
 [CONFIG]
 #Number of running threads
 thread-nu = 4
@@ -14,7 +20,8 @@ expire_after = 30
 #Local default root certificate path
 local_debug = 1
 ca_path = ./cert/tango-ca-v3-trust-ca.pem
-untrusted_ca_path = ./cert/mesalab-ca-untrust.pem
+untrusted_ca_path = ./cert/tango-ca-v3-untrust-ca.pem
+
 [MAAT]
 #Configure the load mode,
 #0: using the configuration distribution network
@@ -31,18 +38,21 @@ inc_cfg_dir=./rule/inc/index
 full_cfg_dir=./rule/full/index
 #Json file path when json schema is used
 pxy_obj_keyring=./conf/pxy_obj_keyring.json
+
 [LIBEVENT]
 #Local monitor port number, default is 9991
 port = 9991
+
 [CERTSTORE_REDIS]
 #The Redis server IP address and port number where the certificate is stored locally
 ip = 127.0.0.1
 port = 6379
+
 [MAAT_REDIS]
 #Maat monitors the Redsi server IP address and port number
 ip = {{ maat_redis_server.address }}
 port = {{ maat_redis_server.port }}
 dbindex =  {{ maat_redis_server.db }}
 [stat]
-statsd_server=192.168.100.1
-statsd_port=8126
+statsd_server=127.0.0.1
+statsd_port=58100
--- a/roles/certstore/templates/zlog.conf.j2
+++ b/roles/certstore/templates/zlog.conf.j2
@@ -0,0 +1,10 @@
+[global]
+default format = "%d(%c), %V, %F, %U, %m%n"
+[levels]
+DEBUG=10
+INFO=20
+FATAL=30
+[rules]
+*.fatal        "./logs/error.log.%d(%F)";
+*.{{ certstore_log_level }}        "./logs/certstore.log.%d(%F)"
+
--- a/roles/firewall/files/fw_ssl_plug-3.0.3.71f6bff-2.el7.x86_64.rpm
+++ b/roles/firewall/files/fw_ssl_plug-3.0.3.71f6bff-2.el7.x86_64.rpm
--- a/roles/tfe/files/tfe-4.3.10.fb02543-1.el7.x86_64.rpm
+++ b/roles/tfe/files/tfe-4.3.10.fb02543-1.el7.x86_64.rpm
--- a/roles/tfe/files/tfe-4.3.11.90ac86a-1.el7.x86_64.rpm
+++ b/roles/tfe/files/tfe-4.3.11.90ac86a-1.el7.x86_64.rpm
--- a/roles/tfe/tasks/main.yml
+++ b/roles/tfe/tasks/main.yml
@@ -27,6 +27,11 @@
    src: "{{ role_path }}/templates/tfe.conf.j2"
    dest: /opt/tsg/tfe/conf/tfe/tfe.conf

+- name: "template the zlog.conf"
+  template:
+    src: "{{ role_path }}/templates/zlog.conf.j2"
+    dest: /opt/tsg/tfe/conf/tfe/zlog.conf
+
 - name: "template the future.conf"
  template:
    src: "{{ role_path }}/templates/future.conf.j2"
--- a/roles/tfe/templates/doh.conf.j2
+++ b/roles/tfe/templates/doh.conf.j2
@@ -1,27 +1,13 @@
 [doh]
-# default 1
 enable=1

-[log]
-# default 10
-# RLOG_LV_DEBUG : 10
-# RLOG_LV_INFO  : 20
-# RLOG_LV_FATAL : 30
-log_level={{ doh_log_level }}
-
 [maat]
-# default TSG_OBJ_APP_ID
 table_appid=TSG_OBJ_APP_ID
-# default TSG_SECURITY_ADDR
 table_addr=TSG_SECURITY_ADDR
-# default TSG_FIELD_DOH_QNAME
 table_qname=TSG_FIELD_DOH_QNAME
-# default TSG_FIELD_HTTP_HOST
 table_host=TSG_FIELD_DOH_HOST

 [kafka]
-# default 0
 ENTRANCE_ID=0
-# default 1
 # if enable "en_sendlog", the iterm "tfe.conf [kafka] enable" must set 1
 en_sendlog=1
--- a/roles/tfe/templates/future.conf.j2
+++ b/roles/tfe/templates/future.conf.j2
@@ -1,9 +1,10 @@
 [STAT]
 no_stats=0
-statsd_server=192.168.100.1
-statsd_port=8100
+statsd_server=127.0.0.1
+statsd_port=58100
 histogram_bins=0.50,0.80,0.9,0.95
 statsd_cycle=5
 # FS_OUTPUT_STATSD=1, FS_OUTPUT_INFLUX_LINE=2
 statsd_format=2
-print_diff=1
+# printf diff Not available
+# print_diff=1
--- a/roles/tfe/templates/pangu_pxy.conf.j2
+++ b/roles/tfe/templates/pangu_pxy.conf.j2
@@ -1,5 +1,5 @@
 [debug]
-log_level={{ pangu_log_level }}
+enable_plugin=1

 [log]
 # default 1, if enable "en_sendlog", the iterm "tfe.conf [kafka] enable" must set 1
--- a/roles/tfe/templates/tfe.conf.j2
+++ b/roles/tfe/templates/tfe.conf.j2
@@ -6,7 +6,7 @@ enable_kni_v2=1
 # Only when (disable_coredump == 1 || (enable_breakpad == 1 && enable_breakpad_upload == 1)) is satisfied, the core will not be generated locally
 disable_coredump=0
 enable_breakpad=1
-enable_breakpad_upload=0
+enable_breakpad_upload=1
 breakpad_upload_url=http://sentry.mesalab.cn:9000/api/3/minidump/?sentry_key=e8e446bb3bd8435c97f4c01770ca7025
 # must be /run/tfe/crashreport，due to tmpfile limit
 breakpad_minidump_dir=/run/tfe/crashreport
@@ -35,8 +35,10 @@ watchdog_switch=1
 watchdog_port=2476

 [ssl]
-ssl_max_version=tls13
-ssl_min_version=ssl3
+ssl_ja3_debug=0
+# ssl version Not available, configured via TSG website
+# ssl_max_version=tls13
+# ssl_min_version=ssl3
 ssl_compression=1
 no_ssl2=1
 no_ssl3=0
@@ -48,7 +50,7 @@ no_cert_verify=0

 # session ticket
 no_session_ticket=0
-stek_group_num=4
+stek_group_num=4096
 stek_rotation_time=3600

 # session cache
@@ -68,12 +70,10 @@ service_cache_fail_time_window=30
 check_cert_crl=0
 {% if tsg_running_type == 2 %}
 trusted_cert_load_local=1
-#trusted_cert_file=resource/tfe/tls-ca-bundle.pem
 trusted_cert_file=resource/tfe/tsg_diagnose_ca.pem
 {% else %}
-trusted_cert_load_local=0
+trusted_cert_load_local=1
 trusted_cert_file=resource/tfe/tls-ca-bundle.pem
-#trusted_cert_file=resource/tfe/tsg_diagnose_ca.pem
 {% endif %}
 trusted_cert_dir=resource/tfe/trusted_storage

@@ -131,21 +131,14 @@ tcp_user_timeout=600
 tcp_ttl_upstream=75
 tcp_ttl_downstream=70

-[log]
-level={{ tfe_log_level }}
-location=log/tfe.log
-
 [stat]
-statsd_server=192.168.100.1
-statsd_port=8100
+statsd_server=127.0.0.1
+statsd_port=58100
 statsd_cycle=5
 # 1:FS_OUTPUT_STATSD; 2:FS_OUTPUT_INFLUX_LINE
 statsd_format=2
 histogram_bins=0.5,0.8,0.9,0.95

-[http]
-loglevel={{ tfe_http_log_level }}
-
 [traffic_mirror]
 {% if tsg_running_type != 2 %}
 enable={{ tfe.mirror_enable }}
@@ -159,7 +152,6 @@ device={{ nic_traffic_mirror.name }}
 type=1
 {% endif %}

-
 [kafka]
 enable=1
 NIC_NAME={{ nic_mgr.name }}
--- a/roles/tfe/templates/zlog.conf.j2
+++ b/roles/tfe/templates/zlog.conf.j2
@@ -0,0 +1,20 @@
+# kill -s SIGHUP "pid"
+
+[global]
+
+default format = "%d(%c), %V, %F, %U, %m%n"
+
+[levels]
+
+DEBUG=10
+INFO=20
+FATAL=30
+
+[rules]
+
+*.fatal                         "./log/error.log.%d(%F)";
+tfe.{{ tfe_log_level }}         "./log/tfe.log.%d(%F)";
+http.{{ tfe_http_log_level }}   "./log/http.log.%d(%F)";
+http2.{{ tfe_http_log_level }}  "./log/http2.log.%d(%F)";
+doh.{{ doh_log_level }}         "./log/doh_pxy.log.%d(%F)";
+pangu.{{ pangu_log_level }}     "./log/pangu_pxy.log.%d(%F)";