diff --git a/roles/certstore/files/certstore-base-online-20191217.tar.gz b/roles/certstore/files/certstore-base-online-20191217.tar.gz deleted file mode 100644 index e04a886..0000000 Binary files a/roles/certstore/files/certstore-base-online-20191217.tar.gz and /dev/null differ diff --git a/roles/certstore/files/certstore-base-online-20200108.tar.gz b/roles/certstore/files/certstore-base-online-20200108.tar.gz new file mode 100644 index 0000000..1e0fddc Binary files /dev/null and b/roles/certstore/files/certstore-base-online-20200108.tar.gz differ diff --git a/roles/certstore/tasks/main.yml b/roles/certstore/tasks/main.yml index 27d4754..7d3fd70 100644 --- a/roles/certstore/tasks/main.yml +++ b/roles/certstore/tasks/main.yml @@ -23,7 +23,7 @@ - name: install certstore unarchive: - src: "{{ role_path }}/files/certstore-base-online-20191217.tar.gz" + src: "{{ role_path }}/files/certstore-base-online-20200108.tar.gz" dest: /home/tsg - name: template certstore configure file diff --git a/roles/framework/files/maat/lib/libmaatframe.so.2.8 b/roles/framework/files/maat/lib/libmaatframe.so.2.8 index 5b8ba49..2f85e1c 100644 Binary files a/roles/framework/files/maat/lib/libmaatframe.so.2.8 and b/roles/framework/files/maat/lib/libmaatframe.so.2.8 differ diff --git a/roles/tfe/files/tfe-4.2.0.8cf9453-1.el7.x86_64.rpm b/roles/tfe/files/tfe-4.2.0.8cf9453-1.el7.x86_64.rpm deleted file mode 100644 index 22e496d..0000000 Binary files a/roles/tfe/files/tfe-4.2.0.8cf9453-1.el7.x86_64.rpm and /dev/null differ diff --git a/roles/tfe/files/tfe-4.3.0.202001081429550800.92060ee-1.el7.x86_64.rpm b/roles/tfe/files/tfe-4.3.0.202001081429550800.92060ee-1.el7.x86_64.rpm new file mode 100644 index 0000000..e91b3c0 Binary files /dev/null and b/roles/tfe/files/tfe-4.3.0.202001081429550800.92060ee-1.el7.x86_64.rpm differ diff --git a/roles/tfe/tasks/main.yml b/roles/tfe/tasks/main.yml index 4aa00c6..79aa928 100644 --- a/roles/tfe/tasks/main.yml +++ b/roles/tfe/tasks/main.yml @@ -8,7 +8,7 @@ yum: name: - /tmp/ansible_deploy/tfe-kmod-v1.0.4.20190923-1dkms.noarch.rpm - - /tmp/ansible_deploy/tfe-4.2.0.8cf9453-1.el7.x86_64.rpm + - /tmp/ansible_deploy/tfe-4.3.0.202001081429550800.92060ee-1.el7.x86_64.rpm state: present when: package_source == "local" diff --git a/roles/tfe/templates/pangu_pxy.conf.j2 b/roles/tfe/templates/pangu_pxy.conf.j2 index c30e985..46aa3c1 100644 --- a/roles/tfe/templates/pangu_pxy.conf.j2 +++ b/roles/tfe/templates/pangu_pxy.conf.j2 @@ -5,7 +5,7 @@ log_level=30 nic_name= {{ nic_mgr.name }} entrance_id=0 kafka_brokerlist= {{ log_kafkabrokers.address }} -kafka_topic=POLICY-EVENT-LOG +kafka_topic=PROXY-EVENT-LOG #Addresses of minio. Format is defined by WiredLB. #minio_ip_list=192.168.10.61-64; diff --git a/roles/tfe/templates/tfe.conf.j2 b/roles/tfe/templates/tfe.conf.j2 index 0cf257f..b51d09c 100644 --- a/roles/tfe/templates/tfe.conf.j2 +++ b/roles/tfe/templates/tfe.conf.j2 @@ -26,6 +26,16 @@ stek_group_num=4 stek_rotation_time=3600 service_cache_expire_seconds=600 +# SSL mid cert cache +# default 0 +mc_cache_enable=1 +# default eth0 +mc_cache_eth=ens1.100 +# default NULL +mc_cache_broker_list=192.168.40.186:9092 +# default PXY-EXCH-INTERMEDIA-CERT +mc_cache_topic=PXY-EXCH-INTERMEDIA-CERT + [key_keeper] #Mode: debug - generate cert with ca_path, normal - generate cert with cert store #0 on cache 1 off cache