*更新certsor版本为防火墙统一版本

*更新tfe版本为防火墙统一版本
*增加tfe.conf缓存中间证书配置项
*修改pang_pxy.conf中kafka的topic选项

roles/certstore/tasks/main.yml

@@ -23,7 +23,7 @@
 
 - name: install certstore
   unarchive:
-    src: "{{ role_path }}/files/certstore-base-online-20191217.tar.gz"
+    src: "{{ role_path }}/files/certstore-base-online-20200108.tar.gz"
     dest: /home/tsg
 
 - name: template certstore configure file

roles/tfe/tasks/main.yml

@@ -8,7 +8,7 @@
   yum:
     name:
       - /tmp/ansible_deploy/tfe-kmod-v1.0.4.20190923-1dkms.noarch.rpm
-      - /tmp/ansible_deploy/tfe-4.2.0.8cf9453-1.el7.x86_64.rpm
+      - /tmp/ansible_deploy/tfe-4.3.0.202001081429550800.92060ee-1.el7.x86_64.rpm
     state: present
   when: package_source == "local"
 

roles/tfe/templates/pangu_pxy.conf.j2

@@ -5,7 +5,7 @@ log_level=30
 nic_name= {{ nic_mgr.name }}
 entrance_id=0
 kafka_brokerlist= {{ log_kafkabrokers.address }}
-kafka_topic=POLICY-EVENT-LOG
+kafka_topic=PROXY-EVENT-LOG
 
 #Addresses of minio. Format is defined by WiredLB.
 #minio_ip_list=192.168.10.61-64;

roles/tfe/templates/tfe.conf.j2

@@ -26,6 +26,16 @@ stek_group_num=4
 stek_rotation_time=3600
 service_cache_expire_seconds=600
 
+# SSL mid cert cache
+# default 0
+mc_cache_enable=1
+# default eth0
+mc_cache_eth=ens1.100
+# default NULL
+mc_cache_broker_list=192.168.40.186:9092
+# default PXY-EXCH-INTERMEDIA-CERT
+mc_cache_topic=PXY-EXCH-INTERMEDIA-CERT
+
 [key_keeper]
 #Mode: debug - generate cert with ca_path, normal - generate cert with cert store
 #0 on cache 1 off cache