From 465020b89cba79c0eb607f62d77214669ec520fa Mon Sep 17 00:00:00 2001 From: Lu Qiuwen Date: Fri, 21 Jun 2019 13:27:23 +0800 Subject: [PATCH] =?UTF-8?q?=E5=A2=9E=E5=8A=A0tfe=E7=9A=84roles?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- hosts.hyadc | 21 ++--- roles/tfe/tasks/main.yml | 14 ++- roles/tfe/templates/pangu_pxy.conf.j2 | 119 ++++++++++++++++++++++++++ roles/tfe/templates/tfe.conf.j2 | 64 ++++++++++++++ site.retry | 1 - site.yml | 106 +++++++++++------------ vars/common.yml | 12 +++ vars/tfe.yml | 5 ++ 8 files changed, 269 insertions(+), 73 deletions(-) create mode 100644 roles/tfe/templates/pangu_pxy.conf.j2 create mode 100644 roles/tfe/templates/tfe.conf.j2 delete mode 100644 site.retry create mode 100644 vars/common.yml create mode 100644 vars/tfe.yml diff --git a/hosts.hyadc b/hosts.hyadc index cc3806f..b19588e 100644 --- a/hosts.hyadc +++ b/hosts.hyadc @@ -1,13 +1,8 @@ -[all:vars] -ansible_user=root - -[switch-blade] -202.43.148.184 ansible_port=51022 - -[master-blade] -192.168.10.37 - -[slave-blade] -#192.168.10.38 -#192.168.10.39 -192.168.10.40 +[all:vars] +ansible_user=root + +[blade-00] +192.168.10.37 + +[blade-03] +192.168.10.40 \ No newline at end of file diff --git a/roles/tfe/tasks/main.yml b/roles/tfe/tasks/main.yml index 0642515..979fd55 100644 --- a/roles/tfe/tasks/main.yml +++ b/roles/tfe/tasks/main.yml @@ -6,8 +6,18 @@ - name: "install tfe rpms" yum: - name: "/tmp/ansible_deploy/{{ packages }}" + name: "{{ packages }}" state: present vars: packages: - - tfe-debug-4.0.0.1a59abc-1.el7.x86_64.rpm \ No newline at end of file + - /tmp/ansible_deploy/tfe-debug-4.0.0.1a59abc-1.el7.x86_64.rpm + +- name: "template the tfe.conf" + template: + src: "{{ role_path }}/templates/tfe.conf.j2" + dest: /home/tsg/tfe/conf/tfe/tfe.conf + +- name: "template the pangu_pxy.conf" + template: + src: "{{ role_path }}/templates/pangu_pxy.conf.j2" + dest: /home/tsg/tfe/conf/pangu/pangu_pxy.conf \ No newline at end of file diff --git a/roles/tfe/templates/pangu_pxy.conf.j2 b/roles/tfe/templates/pangu_pxy.conf.j2 new file mode 100644 index 0000000..a4d1913 --- /dev/null +++ b/roles/tfe/templates/pangu_pxy.conf.j2 @@ -0,0 +1,119 @@ +[debug] +log_level=10 + +[log] +nic_name= {{ nic_mgr.name }} +entrance_id=0 +kafka_brokerlist= {{ log_kafkabrokers.address }} +kafka_topic=POLICY-EVENT-LOG + +#Addresses of minio. Format is defined by WiredLB. +#minio_ip_list=192.168.10.61-64; +minio_ip_list= {{ log_minio.address }} +minio_listen_port= {{ log_minio.port }} +#Maximum number of connections opened by per host. +#MAX_CONNECTION_PER_HOST=1 +#Maximum number of requests in a pipeline. +#MAX_CNNT_PIPELINE_NUM=20 +#Maximum parellel sessions(http and redis) is allowed to open. +#MAX_CURL_SESSION_NUM=100 +#Maximum time the request is allowed to take(seconds). +#MAX_CURL_TRANSFER_TIMEOUT_S=0 + +#Bucket name in minio. +cache_bucket_name=proxybucket +#Maximum size of memory used by tango_cache_client. Upload will fail if the current size of memory used exceeds this value. +max_used_memroy_size_mb=5120 +#Default TTL of objects, i.e. the time after which the object will expire(minumun 60s, i.e. 1 minute). +cache_default_ttl_second=3600 +#Whether to hash the object key before cache actions. GET/PUT may be faster if you open it. +cache_object_key_hash_switch=1 + +#Store way: 0-MINIO; 1-META in REDIS, object in minio; 2-META and small object in Redis, large object in minio; +cache_store_object_way=0 +#If CACHE_STORE_OBJECT_WAY is 2 and the size of a object is not bigger than this value, object will be stored in redis. +redis_cache_object_size=1024000 +#Configs of WiredLB for Minios load balancer. +#WIREDLB_OVERRIDE=1 +wiredlb_health_port=42310 +#If CACHE_STORE_OBJECT_WAY is not 0, we will use redis to store meta and object. +redis_cluster_ip_list=192.168.10.62-63; +redis_cluster_port_range=6379 +#wired load balancer configuration + +wiredlb_override=1 +wiredlb_topic=MinioFileLog +wiredlb_datacenter=k18consul-tse +wiredlb_health_port=52102 +wiredlb_group=FileLog + +log_fsstat_appname=tango_log_file +log_fsstat_filepath=./tango_log_file.fs +log_fsstat_interval=10 +log_fsstat_trig=1 +log_fsstat_dst_ip=10.4.20.202 +log_fsstat_dst_port=8125 +[maat] +# 0:json 1: redis 2: iris +maat_input_mode=1 +table_info=resource/pangu/table_info.conf +json_cfg_file=resource/pangu/pangu_http.json +stat_file=log/pangu_scan.status +full_cfg_dir=pangu_policy/full/index/ +inc_cfg_dir=pangu_policy/inc/index/ + +maat_redis_server={{ maat_redis_server.address }} +maat_redis_port_range={{ maat_redis_server.port }} +maat_redis_db_index={{ maat_redis_server.db }} +effect_interval_s=1 +#accept_tags={"tags":[{"tag":"location","value":"Astana"}]} + +[dynamic_maat] +maat_input_mode=1 +table_info=resource/pangu/dynamic_maat_table_info.conf +maat_redis_server=127.0.0.1 +maat_redis_port_range=6380-6389 +maat_redis_db_index=0 +effect_interval_s=1 + +[tango_cache] +enable_cache=0 +minio_ip_list=192.168.10.61-64; +minio_listen_port=9000 + +#max_connection_per_host=1 +max_cnnt_pipeline_num=20 +#max_curl_session_num=100 + +cache_bucket_name=proxybucket +max_used_memory_size_mb=10240 +cache_default_ttl_second=3600 +cache_object_key_hash_switch=1 + +#1-minio,2-redis +#Store way: 0-MINIO; 1-META in REDIS, object in minio; 2-META and small object in Redis, large object in minio; +cache_store_object_way=0 +#If CACHE_STORE_OBJECT_WAY is 2 and the size of a object is not bigger than this value, object will be stored in redis. +redis_cache_object_size=102400 +#If CACHE_STORE_OBJECT_WAY is not 0, we will use redis to store meta and object. +redis_cluster_ip_list=192.168.10.62-63; +redis_cluster_port_range=6379 +#wired load balancer configuration +wiredlb_override=1 +wiredlb_topic=MinioCache +wiredlb_datacenter=k18consul-tse +wiredlb_health_port=52101 +wiredlb_group=TangoCache + +cache_undefined_obj=1 +query_undefined_obj=0 +statsd_server=192.168.10.72 +statsd_port=8126 +histogram_bins=0.20,0.40,0.6,0.8 + +log_fsstat_appname=tango_cache +log_fsstat_filepath=./tango_cache_client.fs +log_fsstat_interval=10 +log_fsstat_trig=1 +log_fsstat_dst_ip=10.4.20.201 +log_fsstat_dst_port=8125 diff --git a/roles/tfe/templates/tfe.conf.j2 b/roles/tfe/templates/tfe.conf.j2 new file mode 100644 index 0000000..28bd57a --- /dev/null +++ b/roles/tfe/templates/tfe.conf.j2 @@ -0,0 +1,64 @@ +[system] +nr_worker_threads={{ tfe.nr_threads }} + +[kni] +ip=192.168.100.1 +scm_port=2475 +watchdog_switch=1 +watchdog_port=2476 + +[ssl] +ssl_max_version=tls13 +ssl_min_version=ssl3 +no_session_cache=0 +no_session_ticket=0 +log_master_key=0 +trusted_cert_load_local=1 +trusted_cert_file=resource/tfe/tls-ca-bundle.pem +trusted_cert_dir=resource/tfe/trusted_storage +key_log_file=log/sslkeylog.log +no_alpn=0 +stek_group_num=4 +stek_rotation_time=3600 +service_cache_expire_seconds=600 + +[key_keeper] +#Mode: debug - generate cert with ca_path, normal - generate cert with cert store +#0 on cache 1 off cache +mode= {{ tfe.keykeeper.mode }} +no_cache=0 +cert_store_host= {{ cert_store_server.address }} +cert_store_port= {{ cert_store_server.port }} +ca_path=resource/tfe/tango-ca-v3-trust-ca.pem +untrusted_ca_path=resource/tfe/tango-ca-v3-untrust-ca.pem + +[debug] +passthrough_all_tcp=0 + +[traffic_mirror] +device= {{ nic_traffic_mirror.name }} + +[ratelimit] +#read_rate=200000 +#read_burst=200000 +#write_rate=200000 +#write_burst=200000 + +[tcp] +so_keepalive=1 +tcp_keepcnt=8 +tcp_keepintvl=15 +tcp_keepidle=30 +tcp_user_timeout=30 +tcp_ttl_upstream=75 +tcp_ttl_downstream=70 + +[log] +level=10 + +[stat] +statsd_server=192.168.10.72 +statsd_port=8126 + +[http] +loglevel=20 \ No newline at end of file diff --git a/site.retry b/site.retry deleted file mode 100644 index fb75a95..0000000 --- a/site.retry +++ /dev/null @@ -1 +0,0 @@ -192.168.10.40 diff --git a/site.yml b/site.yml index 7cd8801..0e9d9de 100644 --- a/site.yml +++ b/site.yml @@ -1,63 +1,55 @@ -vars: - - maat_redis_server: - - address: 192.168.11.243 - - port: 6379 - - db: 4 - - cert_store_server: - - address: 192.168.10.8 - - port: 9991 - - log_kafkabrokers: - - address: "0.0.0.0:9092" - - log_minio: - - address: "10.4.35.42-46;" - - port: 9000 - +- hosts: blade-03 roles: - - framework - -- hosts: blade-00 - - roles: - - framework - - sapp - - kni - -- hosts: blade-01 - - roles: - - net-ctrlblade - - tfe-kmod - tfe - - vars: - nic_mgr: - - name: eth0 - nic_data_incoming: - - name: eth3 - - address: 172.16.254.1 - - mac: AA:BB:CC:DD:EE:FF - - peer: 172.16.254.254 - nic_traffic_mirror: - - name: eth4 - -- hosts: blade-02 - - net-ctrlblade - - tfe-kmod - - tfe - nic_mgr: - - name: eth0 - nic_data_incoming: + vars_files: + - "vars/common.yml" + - "vars/tfe.yml" + vars: + - nic_mgr: + name: eth0 + - nic_data_incoming: name: eth3 - inet_addr: 172.16.254.2 - inet6_addr: fd00::1 - gw_inet_addr: 172.16.254.254 - gw_ether_addr: BB:CC:DD:EE:FF:AA - nic_traffic_mirror: + address: 172.16.254.1 + mac: AA:BB:CC:DD:EE:FF + peer: 172.16.254.254 + - nic_traffic_mirror: name: eth4 -- hosts: blade-03 - - net-ctrlblade - - tfe-kmod - - tfe -- hosts: blade-04 - - net-ctrlblade - - tfe-kmod - - tfe + +# - hosts: blade-00 +# - roles: +# - framework +# - sapp +# - kni + +# - hosts: blade-01 +# - roles: +# - framework +# - tfe-kmod +# - tfe +# - vars: +# nic_mgr: +# - name: eth0 +# nic_data_incoming: +# - name: eth3 +# - address: 172.16.254.1 +# - mac: AA:BB:CC:DD:EE:FF +# - peer: 172.16.254.254 +# nic_traffic_mirror: +# - name: eth4 + +# - hosts: blade-02 +# - net-ctrlblade +# - tfe-kmod +# - tfe +# nic_mgr: +# - name: eth0 +# nic_data_incoming: +# name: eth3 +# inet_addr: 172.16.254.2 +# inet6_addr: fd00::1 +# gw_inet_addr: 172.16.254.254 +# gw_ether_addr: BB:CC:DD:EE:FF:AA +# nic_traffic_mirror: +# name: eth4 \ No newline at end of file diff --git a/vars/common.yml b/vars/common.yml new file mode 100644 index 0000000..11862e3 --- /dev/null +++ b/vars/common.yml @@ -0,0 +1,12 @@ +- maat_redis_server: + address: 192.168.11.243 + port: 6379 + db: 4 +- cert_store_server: + address: 192.168.10.8 + port: 9991 +- log_kafkabrokers: + address: "0.0.0.0:9092" +- log_minio: + address: "10.4.35.42-46;" + port: 9000 \ No newline at end of file diff --git a/vars/tfe.yml b/vars/tfe.yml new file mode 100644 index 0000000..318f685 --- /dev/null +++ b/vars/tfe.yml @@ -0,0 +1,5 @@ +- tfe: + nr_threads: 16 + keykeeper: + mode: "normal" + no_cache : 0 \ No newline at end of file