diff --git a/install_config/group_vars/all.yml b/install_config/group_vars/all.yml index 442e8be..bffd0f9 100644 --- a/install_config/group_vars/all.yml +++ b/install_config/group_vars/all.yml @@ -60,7 +60,6 @@ tfe: nr_threads: 32 mc_cache_eth: lo keykeeper: - mode: "normal" no_cache: 0 ######################################## diff --git a/roles/firewall/files/capture_packet_plug-3.0.2.09f193c-2.el7.x86_64.rpm b/roles/firewall/files/capture_packet_plug-3.0.2.09f193c-2.el7.x86_64.rpm new file mode 100644 index 0000000..71e7a48 Binary files /dev/null and b/roles/firewall/files/capture_packet_plug-3.0.2.09f193c-2.el7.x86_64.rpm differ diff --git a/roles/firewall/files/capture_packet_plug-debug-1.0.0.-1.el7.x86_64.rpm b/roles/firewall/files/capture_packet_plug-debug-1.0.0.-1.el7.x86_64.rpm deleted file mode 100644 index 0876b5d..0000000 Binary files a/roles/firewall/files/capture_packet_plug-debug-1.0.0.-1.el7.x86_64.rpm and /dev/null differ diff --git a/roles/firewall/files/dns-2.0.2.5effe72-2.el7.x86_64.rpm b/roles/firewall/files/dns-2.0.2.5effe72-2.el7.x86_64.rpm deleted file mode 100644 index dcf47d0..0000000 Binary files a/roles/firewall/files/dns-2.0.2.5effe72-2.el7.x86_64.rpm and /dev/null differ diff --git a/roles/firewall/files/dns-2.0.6.d8317e9-2.el7.x86_64.rpm b/roles/firewall/files/dns-2.0.6.d8317e9-2.el7.x86_64.rpm new file mode 100644 index 0000000..f1cc58d Binary files /dev/null and b/roles/firewall/files/dns-2.0.6.d8317e9-2.el7.x86_64.rpm differ diff --git a/roles/firewall/files/ftp-1.0.4.5d3a283-2.el7.x86_64.rpm b/roles/firewall/files/ftp-1.0.4.5d3a283-2.el7.x86_64.rpm deleted file mode 100755 index e0f5a90..0000000 Binary files a/roles/firewall/files/ftp-1.0.4.5d3a283-2.el7.x86_64.rpm and /dev/null differ diff --git a/roles/firewall/files/ftp-1.0.6.2710506-2.el7.x86_64.rpm b/roles/firewall/files/ftp-1.0.6.2710506-2.el7.x86_64.rpm new file mode 100644 index 0000000..01cd8a8 Binary files /dev/null and b/roles/firewall/files/ftp-1.0.6.2710506-2.el7.x86_64.rpm differ diff --git a/roles/firewall/files/fw_dns_plug-3.0.0.0a5d574-2.el7.x86_64.rpm b/roles/firewall/files/fw_dns_plug-3.0.0.0a5d574-2.el7.x86_64.rpm new file mode 100644 index 0000000..4d1aca7 Binary files /dev/null and b/roles/firewall/files/fw_dns_plug-3.0.0.0a5d574-2.el7.x86_64.rpm differ diff --git a/roles/firewall/files/fw_dns_plug-debug-1.0.3.ea8e0f6-1.el7.centos.x86_64.rpm b/roles/firewall/files/fw_dns_plug-debug-1.0.3.ea8e0f6-1.el7.centos.x86_64.rpm deleted file mode 100644 index 73504d3..0000000 Binary files a/roles/firewall/files/fw_dns_plug-debug-1.0.3.ea8e0f6-1.el7.centos.x86_64.rpm and /dev/null differ diff --git a/roles/firewall/files/fw_ftp_plug-1.1.0.74c9a05-2.el7.x86_64.rpm b/roles/firewall/files/fw_ftp_plug-1.1.0.74c9a05-2.el7.x86_64.rpm deleted file mode 100644 index 4f8f7df..0000000 Binary files a/roles/firewall/files/fw_ftp_plug-1.1.0.74c9a05-2.el7.x86_64.rpm and /dev/null differ diff --git a/roles/firewall/files/fw_ftp_plug-3.0.0.7a867ea-2.el7.x86_64.rpm b/roles/firewall/files/fw_ftp_plug-3.0.0.7a867ea-2.el7.x86_64.rpm new file mode 100644 index 0000000..cc78802 Binary files /dev/null and b/roles/firewall/files/fw_ftp_plug-3.0.0.7a867ea-2.el7.x86_64.rpm differ diff --git a/roles/firewall/files/fw_http_plug-1.2.0.a7e63c0-2.el7.x86_64.rpm b/roles/firewall/files/fw_http_plug-1.2.0.a7e63c0-2.el7.x86_64.rpm deleted file mode 100644 index d4a9845..0000000 Binary files a/roles/firewall/files/fw_http_plug-1.2.0.a7e63c0-2.el7.x86_64.rpm and /dev/null differ diff --git a/roles/firewall/files/fw_http_plug-3.0.0.1ca1c65-2.el7.x86_64.rpm b/roles/firewall/files/fw_http_plug-3.0.0.1ca1c65-2.el7.x86_64.rpm new file mode 100644 index 0000000..73e73d7 Binary files /dev/null and b/roles/firewall/files/fw_http_plug-3.0.0.1ca1c65-2.el7.x86_64.rpm differ diff --git a/roles/firewall/files/fw_mail_plug-1.1.0.a42c5a0-2.el7.x86_64.rpm b/roles/firewall/files/fw_mail_plug-1.1.0.a42c5a0-2.el7.x86_64.rpm deleted file mode 100644 index d49eada..0000000 Binary files a/roles/firewall/files/fw_mail_plug-1.1.0.a42c5a0-2.el7.x86_64.rpm and /dev/null differ diff --git a/roles/firewall/files/fw_mail_plug-3.0.0.3b4e481-2.el7.x86_64.rpm b/roles/firewall/files/fw_mail_plug-3.0.0.3b4e481-2.el7.x86_64.rpm new file mode 100644 index 0000000..2e11d37 Binary files /dev/null and b/roles/firewall/files/fw_mail_plug-3.0.0.3b4e481-2.el7.x86_64.rpm differ diff --git a/roles/firewall/files/fw_quic_plug-1.0.1.e8cded4-2.el7.x86_64.rpm b/roles/firewall/files/fw_quic_plug-1.0.1.e8cded4-2.el7.x86_64.rpm deleted file mode 100644 index faa95cf..0000000 Binary files a/roles/firewall/files/fw_quic_plug-1.0.1.e8cded4-2.el7.x86_64.rpm and /dev/null differ diff --git a/roles/firewall/files/fw_quic_plug-3.0.0.b06d39c-2.el7.x86_64.rpm b/roles/firewall/files/fw_quic_plug-3.0.0.b06d39c-2.el7.x86_64.rpm new file mode 100644 index 0000000..a9ecf90 Binary files /dev/null and b/roles/firewall/files/fw_quic_plug-3.0.0.b06d39c-2.el7.x86_64.rpm differ diff --git a/roles/firewall/files/fw_ssl_plug-1.0.3.30fcf35-2.el7.x86_64.rpm b/roles/firewall/files/fw_ssl_plug-1.0.3.30fcf35-2.el7.x86_64.rpm deleted file mode 100644 index 3fffca4..0000000 Binary files a/roles/firewall/files/fw_ssl_plug-1.0.3.30fcf35-2.el7.x86_64.rpm and /dev/null differ diff --git a/roles/firewall/files/fw_ssl_plug-3.0.0.3a29c3f-2.el7.x86_64.rpm b/roles/firewall/files/fw_ssl_plug-3.0.0.3a29c3f-2.el7.x86_64.rpm new file mode 100644 index 0000000..830c3e4 Binary files /dev/null and b/roles/firewall/files/fw_ssl_plug-3.0.0.3a29c3f-2.el7.x86_64.rpm differ diff --git a/roles/firewall/files/http-2.0.1.e8f12ee-2.el7.x86_64.rpm b/roles/firewall/files/http-2.0.1.e8f12ee-2.el7.x86_64.rpm deleted file mode 100644 index 5d10ae6..0000000 Binary files a/roles/firewall/files/http-2.0.1.e8f12ee-2.el7.x86_64.rpm and /dev/null differ diff --git a/roles/firewall/files/http-2.0.3.9218b4b-2.el7.x86_64.rpm b/roles/firewall/files/http-2.0.3.9218b4b-2.el7.x86_64.rpm new file mode 100644 index 0000000..231a672 Binary files /dev/null and b/roles/firewall/files/http-2.0.3.9218b4b-2.el7.x86_64.rpm differ diff --git a/roles/firewall/files/mail-1.0.3.cbc6034-2.el7.x86_64.rpm b/roles/firewall/files/mail-1.0.3.cbc6034-2.el7.x86_64.rpm deleted file mode 100644 index f24a0ac..0000000 Binary files a/roles/firewall/files/mail-1.0.3.cbc6034-2.el7.x86_64.rpm and /dev/null differ diff --git a/roles/firewall/files/mail-1.0.7.9e3be05-2.el7.x86_64.rpm b/roles/firewall/files/mail-1.0.7.9e3be05-2.el7.x86_64.rpm new file mode 100644 index 0000000..1ec20c3 Binary files /dev/null and b/roles/firewall/files/mail-1.0.7.9e3be05-2.el7.x86_64.rpm differ diff --git a/roles/firewall/files/quic-1.1.4.9c2e0ba-2.el7.x86_64.rpm b/roles/firewall/files/quic-1.1.4.9c2e0ba-2.el7.x86_64.rpm deleted file mode 100644 index ccd6241..0000000 Binary files a/roles/firewall/files/quic-1.1.4.9c2e0ba-2.el7.x86_64.rpm and /dev/null differ diff --git a/roles/firewall/files/quic-1.1.6.d6755d8-2.el7.x86_64.rpm b/roles/firewall/files/quic-1.1.6.d6755d8-2.el7.x86_64.rpm new file mode 100644 index 0000000..df8cdd3 Binary files /dev/null and b/roles/firewall/files/quic-1.1.6.d6755d8-2.el7.x86_64.rpm differ diff --git a/roles/firewall/files/ssl-1.0.0.73e5273-2.el7.x86_64.rpm b/roles/firewall/files/ssl-1.0.0.73e5273-2.el7.x86_64.rpm deleted file mode 100644 index 6d0a2b4..0000000 Binary files a/roles/firewall/files/ssl-1.0.0.73e5273-2.el7.x86_64.rpm and /dev/null differ diff --git a/roles/firewall/files/ssl-1.0.3.e8482a4-2.el7.x86_64.rpm b/roles/firewall/files/ssl-1.0.3.e8482a4-2.el7.x86_64.rpm new file mode 100644 index 0000000..19e48c1 Binary files /dev/null and b/roles/firewall/files/ssl-1.0.3.e8482a4-2.el7.x86_64.rpm differ diff --git a/roles/firewall/files/tsg_conn_sketch-2.0.v2.0_alpha.af621ca-2.el7.x86_64.rpm b/roles/firewall/files/tsg_conn_sketch-2.0.v2.0_alpha.af621ca-2.el7.x86_64.rpm new file mode 100644 index 0000000..af3776f Binary files /dev/null and b/roles/firewall/files/tsg_conn_sketch-2.0.v2.0_alpha.af621ca-2.el7.x86_64.rpm differ diff --git a/roles/firewall/tasks/main.yml b/roles/firewall/tasks/main.yml index a6c4c00..c2c86eb 100644 --- a/roles/firewall/tasks/main.yml +++ b/roles/firewall/tasks/main.yml @@ -11,21 +11,22 @@ skip_broken: yes vars: fw_packages: - - /tmp/ansible_deploy/dns-2.0.2.5effe72-2.el7.x86_64.rpm - - /tmp/ansible_deploy/ftp-1.0.4.5d3a283-2.el7.x86_64.rpm - - /tmp/ansible_deploy/http-2.0.1.e8f12ee-2.el7.x86_64.rpm - - /tmp/ansible_deploy/mail-1.0.3.cbc6034-2.el7.x86_64.rpm - - /tmp/ansible_deploy/ssl-1.0.0.73e5273-2.el7.x86_64.rpm - - /tmp/ansible_deploy/tsg_conn_record-1.0.0.2155660-1.el7.centos.x86_64.rpm - - /tmp/ansible_deploy/fw_dns_plug-debug-1.0.3.ea8e0f6-1.el7.centos.x86_64.rpm - - /tmp/ansible_deploy/fw_ftp_plug-1.1.0.74c9a05-2.el7.x86_64.rpm - - /tmp/ansible_deploy/fw_ssl_plug-1.0.3.30fcf35-2.el7.x86_64.rpm - - /tmp/ansible_deploy/fw_mail_plug-1.1.0.a42c5a0-2.el7.x86_64.rpm - - /tmp/ansible_deploy/fw_http_plug-1.2.0.a7e63c0-2.el7.x86_64.rpm - - /tmp/ansible_deploy/capture_packet_plug-debug-1.0.0.-1.el7.x86_64.rpm + - /tmp/ansible_deploy/capture_packet_plug-3.0.2.09f193c-2.el7.x86_64.rpm - /tmp/ansible_deploy/clotho-debug-1.0.0.-1.el7.x86_64.rpm - - /tmp/ansible_deploy/quic-1.1.4.9c2e0ba-2.el7.x86_64.rpm - - /tmp/ansible_deploy/fw_quic_plug-1.0.1.e8cded4-2.el7.x86_64.rpm + - /tmp/ansible_deploy/dns-2.0.6.d8317e9-2.el7.x86_64.rpm + - /tmp/ansible_deploy/ftp-1.0.6.2710506-2.el7.x86_64.rpm + - /tmp/ansible_deploy/fw_dns_plug-3.0.0.0a5d574-2.el7.x86_64.rpm + - /tmp/ansible_deploy/fw_ftp_plug-3.0.0.7a867ea-2.el7.x86_64.rpm + - /tmp/ansible_deploy/fw_http_plug-3.0.0.1ca1c65-2.el7.x86_64.rpm + - /tmp/ansible_deploy/fw_mail_plug-3.0.0.3b4e481-2.el7.x86_64.rpm + - /tmp/ansible_deploy/fw_quic_plug-3.0.0.b06d39c-2.el7.x86_64.rpm + - /tmp/ansible_deploy/fw_ssl_plug-3.0.0.3a29c3f-2.el7.x86_64.rpm + - /tmp/ansible_deploy/http-2.0.3.9218b4b-2.el7.x86_64.rpm + - /tmp/ansible_deploy/mail-1.0.7.9e3be05-2.el7.x86_64.rpm + - /tmp/ansible_deploy/quic-1.1.6.d6755d8-2.el7.x86_64.rpm + - /tmp/ansible_deploy/ssl-1.0.3.e8482a4-2.el7.x86_64.rpm + - /tmp/ansible_deploy/tsg_conn_record-1.0.0.2155660-1.el7.centos.x86_64.rpm + - /tmp/ansible_deploy/tsg_conn_sketch-2.0.v2.0_alpha.af621ca-2.el7.x86_64.rpm - name: "Template the tsgconf/main.conf" template: diff --git a/roles/framework/files/libmaatframe-2.9.2.7519c63-2.el7.x86_64.rpm b/roles/framework/files/libmaatframe-2.9.2.7519c63-2.el7.x86_64.rpm deleted file mode 100644 index 0668dd4..0000000 Binary files a/roles/framework/files/libmaatframe-2.9.2.7519c63-2.el7.x86_64.rpm and /dev/null differ diff --git a/roles/framework/files/libmaatframe-3.0.2.dc1fced-2.el7.x86_64.rpm b/roles/framework/files/libmaatframe-3.0.2.dc1fced-2.el7.x86_64.rpm new file mode 100644 index 0000000..8bacf7c Binary files /dev/null and b/roles/framework/files/libmaatframe-3.0.2.dc1fced-2.el7.x86_64.rpm differ diff --git a/roles/framework/tasks/main.yml b/roles/framework/tasks/main.yml index ed8fb4b..f6f1ea4 100644 --- a/roles/framework/tasks/main.yml +++ b/roles/framework/tasks/main.yml @@ -18,7 +18,7 @@ - /tmp/ansible_deploy/libWiredLB-2.0.3.c7d131b-1.el7.x86_64.rpm - /tmp/ansible_deploy/libcjson-1.7.8.542ad7f-1.el7.x86_64.rpm - /tmp/ansible_deploy/libdocumentanalyze-2.0.4.efdfc29-1.el7.x86_64.rpm - - /tmp/ansible_deploy/libmaatframe-2.9.2.7519c63-2.el7.x86_64.rpm + - /tmp/ansible_deploy/libmaatframe-3.0.2.dc1fced-2.el7.x86_64.rpm - /tmp/ansible_deploy/librulescan-2.2.0.900d2b3-2.el7.x86_64.rpm - /tmp/ansible_deploy/libwiredcfg-2.0.2.7ce1eea-1.el7.x86_64.rpm - /tmp/ansible_deploy/lz4-1.7.5-3.el7.x86_64.rpm diff --git a/roles/kni/files/kni-20.06-1.el7.x86_64.rpm b/roles/kni/files/kni-20.06-1.el7.x86_64.rpm deleted file mode 100644 index 0adb767..0000000 Binary files a/roles/kni/files/kni-20.06-1.el7.x86_64.rpm and /dev/null differ diff --git a/roles/kni/files/kni-20.07-1.el7.x86_64.rpm b/roles/kni/files/kni-20.07-1.el7.x86_64.rpm new file mode 100644 index 0000000..2cefa0c Binary files /dev/null and b/roles/kni/files/kni-20.07-1.el7.x86_64.rpm differ diff --git a/roles/kni/tasks/main.yml b/roles/kni/tasks/main.yml index d2b8ab0..df94d99 100644 --- a/roles/kni/tasks/main.yml +++ b/roles/kni/tasks/main.yml @@ -7,7 +7,7 @@ - name: "install kni rpms from localhost" yum: name: - - /tmp/ansible_deploy/kni-20.06-1.el7.x86_64.rpm + - /tmp/ansible_deploy/kni-20.07-1.el7.x86_64.rpm state: present - name: Template the kni.conf diff --git a/roles/mrzcpd/files/mrzcpd-4.3.21.26314ca-1.el7.x86_64.rpm b/roles/mrzcpd/files/mrzcpd-4.3.25.d88306e-1.el7.x86_64.rpm similarity index 81% rename from roles/mrzcpd/files/mrzcpd-4.3.21.26314ca-1.el7.x86_64.rpm rename to roles/mrzcpd/files/mrzcpd-4.3.25.d88306e-1.el7.x86_64.rpm index 29d0bca..a784468 100644 Binary files a/roles/mrzcpd/files/mrzcpd-4.3.21.26314ca-1.el7.x86_64.rpm and b/roles/mrzcpd/files/mrzcpd-4.3.25.d88306e-1.el7.x86_64.rpm differ diff --git a/roles/mrzcpd/tasks/main.yml b/roles/mrzcpd/tasks/main.yml index 4755904..c15a3b4 100644 --- a/roles/mrzcpd/tasks/main.yml +++ b/roles/mrzcpd/tasks/main.yml @@ -6,7 +6,7 @@ - name: "install mrzcpd" yum: - name: /tmp/ansible_deploy/mrzcpd-4.3.21.26314ca-1.el7.x86_64.rpm + name: /tmp/ansible_deploy/mrzcpd-4.3.25.d88306e-1.el7.x86_64.rpm state: present - name: "update sysconfig/mrzcpd" diff --git a/roles/mrzcpd/templates/mrglobal.conf.ATCA_40G.j2 b/roles/mrzcpd/templates/mrglobal.conf.ATCA_40G.j2 index c5f5b4e..951c9ac 100644 --- a/roles/mrzcpd/templates/mrglobal.conf.ATCA_40G.j2 +++ b/roles/mrzcpd/templates/mrglobal.conf.ATCA_40G.j2 @@ -1,7 +1,7 @@ [device] device={{nic_data_incoming.vf0_name}},{{ nic_data_incoming.vf1_name }},vxlan_user,vxlan_fwd sz_tunnel=8192 -sz_buffer=0 +sz_buffer=32 [device:{{nic_data_incoming.vf0_name}}] mtu=4096 @@ -22,12 +22,15 @@ vlan-id-allow=4095 vlan-pvid=0 vlan-pvid-mode=2 hw_strip_crc=1 +sz_tunnel=8192 +sz_buffer=0 [service] # lcore id for i/o service, use comma to split iocore={{ mrzcpd.iocore }} distmode=2 hashmode=0 +idle_threshold=10000 [eal] virtaddr=0x7f40c4a00000 diff --git a/roles/mrzcpd/templates/mrtunnat.conf.ATCA_40G.j2 b/roles/mrzcpd/templates/mrtunnat.conf.ATCA_40G.j2 index c2f658c..4663143 100644 --- a/roles/mrzcpd/templates/mrtunnat.conf.ATCA_40G.j2 +++ b/roles/mrzcpd/templates/mrtunnat.conf.ATCA_40G.j2 @@ -11,6 +11,7 @@ use_recent_tunnel=0 use_link_info_table=1 use_tuple4_as_sskey=0 ctrlzone_addr_info_type=2 +idle_threshold=10000 [vlan_flipping] enable=1 diff --git a/roles/sapp/files/sapp-4.0.14.91cbc1b-x86_64.rpm b/roles/sapp/files/sapp-4.0.14.91cbc1b-x86_64.rpm deleted file mode 100755 index f0ca673..0000000 Binary files a/roles/sapp/files/sapp-4.0.14.91cbc1b-x86_64.rpm and /dev/null differ diff --git a/roles/sapp/files/sapp-4.0.18.bb2effd-x86_64...rpm b/roles/sapp/files/sapp-4.0.18.bb2effd-x86_64...rpm new file mode 100755 index 0000000..5b3893b Binary files /dev/null and b/roles/sapp/files/sapp-4.0.18.bb2effd-x86_64...rpm differ diff --git a/roles/sapp/tasks/main.yml b/roles/sapp/tasks/main.yml index 6c1c181..36aa5b5 100644 --- a/roles/sapp/tasks/main.yml +++ b/roles/sapp/tasks/main.yml @@ -7,7 +7,7 @@ - name: "install sapp rpms from localhost" yum: name: - - /tmp/ansible_deploy/sapp-4.0.14.91cbc1b-x86_64.rpm + - /tmp/ansible_deploy/sapp-4.0.18.bb2effd-x86_64...rpm state: present skip_broken: yes diff --git a/roles/sapp/templates/conflist.inf.j2 b/roles/sapp/templates/conflist.inf.j2 index 11b7d71..84a13e4 100644 --- a/roles/sapp/templates/conflist.inf.j2 +++ b/roles/sapp/templates/conflist.inf.j2 @@ -25,5 +25,7 @@ ./plug/business/fw_dns_plug/fw_dns_plug.inf ./plug/business/fw_mail_plug/fw_mail_plug.inf ./plug/business/fw_ftp_plug/fw_ftp_plug.inf +./plug/business/fw_quic_plug/fw_quic_plug.inf ./plug/business/tsg_conn_record/tsg_conn_record.inf +./plug/business/tsg_conn_sketch/tsg_conn_sketch.inf ./plug/business/capture_packet_plug/capture_packet_plug.inf diff --git a/roles/tfe/files/tfe-4.3.5.0db794c-1.el7.x86_64.rpm b/roles/tfe/files/tfe-4.3.5.0db794c-1.el7.x86_64.rpm deleted file mode 100644 index 28234cf..0000000 Binary files a/roles/tfe/files/tfe-4.3.5.0db794c-1.el7.x86_64.rpm and /dev/null differ diff --git a/roles/tfe/files/tfe-4.3.7.39bff00-1.el7.x86_64.rpm b/roles/tfe/files/tfe-4.3.7.39bff00-1.el7.x86_64.rpm new file mode 100644 index 0000000..9aecf93 Binary files /dev/null and b/roles/tfe/files/tfe-4.3.7.39bff00-1.el7.x86_64.rpm differ diff --git a/roles/tfe/tasks/main.yml b/roles/tfe/tasks/main.yml index 5356aa2..64af311 100644 --- a/roles/tfe/tasks/main.yml +++ b/roles/tfe/tasks/main.yml @@ -14,7 +14,7 @@ yum: name: - /tmp/ansible_deploy/tfe-kmod-v1.0.5.20200408-1dkms.noarch.rpm - - /tmp/ansible_deploy/tfe-4.3.5.0db794c-1.el7.x86_64.rpm + - /tmp/ansible_deploy/tfe-4.3.7.39bff00-1.el7.x86_64.rpm state: present - name: "template tfe-env config" @@ -37,6 +37,16 @@ src: "{{ role_path }}/templates/pangu_pxy.conf.j2" dest: /opt/tsg/tfe/conf/pangu/pangu_pxy.conf +- name: "create conf/doh/" + file: + path: /opt/tsg/tfe/conf/doh/ + state: directory + +- name: "template the doh.conf" + template: + src: "{{ role_path }}/templates/doh.conf.j2" + dest: /opt/tsg/tfe/conf/doh/doh.conf + - name: "create a override conf - first step, create dir" file: path: /etc/systemd/system/tfe.service.d/ diff --git a/roles/tfe/templates/doh.conf.j2 b/roles/tfe/templates/doh.conf.j2 new file mode 100644 index 0000000..300e584 --- /dev/null +++ b/roles/tfe/templates/doh.conf.j2 @@ -0,0 +1,26 @@ +[doh] +# default 1 +enable=1 + +[log] +# default 10 +# RLOG_LV_DEBUG : 10 +# RLOG_LV_INFO : 20 +# RLOG_LV_FATAL : 30 +log_level=10 + +[maat] +# default TSG_OBJ_APP_ID +table_appid=TSG_OBJ_APP_ID +# default TSG_SECURITY_ADDR +table_addr=TSG_SECURITY_ADDR +# default TSG_FIELD_DOH_QNAME +table_qname=TSG_FIELD_DOH_QNAME +# default TSG_FIELD_HTTP_HOST +table_host=TSG_FIELD_DOH_HOST + +[kafka] +# default 0 +ENTRANCE_ID=0 +# default 1 +en_sendlog=1 diff --git a/roles/tfe/templates/pangu_pxy.conf.j2 b/roles/tfe/templates/pangu_pxy.conf.j2 index 8790677..26d8d15 100644 --- a/roles/tfe/templates/pangu_pxy.conf.j2 +++ b/roles/tfe/templates/pangu_pxy.conf.j2 @@ -1,129 +1,107 @@ -[debug] -log_level=30 - -[log] -{% if tsg_running_type == 0 or 1 %} -nic_name={{ server.ethname }} -{% else %} -nic_name={{ nic_mgr.name }} -{% endif %} -entrance_id=0 -device_id_filepath=/opt/tsg/etc/tsg_sn.json -kafka_brokerlist= {{ log_kafkabrokers.address }} -kafka_topic=PROXY-EVENT-LOG - -#Addresses of minio. Format is defined by WiredLB. -#minio_ip_list=192.168.10.61-64; -minio_ip_list= {{ log_minio.address }} -minio_listen_port= {{ log_minio.port }} -#Maximum number of connections opened by per host. -#MAX_CONNECTION_PER_HOST=1 -#Maximum number of requests in a pipeline. -#MAX_CNNT_PIPELINE_NUM=20 -#Maximum parellel sessions(http and redis) is allowed to open. -#MAX_CURL_SESSION_NUM=100 -#Maximum time the request is allowed to take(seconds). -#MAX_CURL_TRANSFER_TIMEOUT_S=0 - -#Bucket name in minio. -cache_bucket_name=proxybucket -#Maximum size of memory used by tango_cache_client. Upload will fail if the current size of memory used exceeds this value. -max_used_memroy_size_mb=5120 -#Default TTL of objects, i.e. the time after which the object will expire(minumun 60s, i.e. 1 minute). -cache_default_ttl_second=3600 -#Whether to hash the object key before cache actions. GET/PUT may be faster if you open it. -cache_object_key_hash_switch=1 - -#Store way: 0-MINIO; 1-META in REDIS, object in minio; 2-META and small object in Redis, large object in minio; -cache_store_object_way=0 -#If CACHE_STORE_OBJECT_WAY is 2 and the size of a object is not bigger than this value, object will be stored in redis. -redis_cache_object_size=1024000 -#Configs of WiredLB for Minios load balancer. -#WIREDLB_OVERRIDE=1 -wiredlb_health_port=42310 -#If CACHE_STORE_OBJECT_WAY is not 0, we will use redis to store meta and object. -redis_cluster_ip_list=192.168.10.62-63; -redis_cluster_port_range=6379 -#wired load balancer configuration - -wiredlb_override=1 -wiredlb_topic=MinioFileLog -wiredlb_datacenter=k18consul-tse -wiredlb_health_port=52102 -wiredlb_group=FileLog - -log_fsstat_appname=tango_log_file -log_fsstat_filepath=./tango_log_file.fs -log_fsstat_interval=10 -log_fsstat_trig=1 -log_fsstat_dst_ip=10.4.20.202 -log_fsstat_dst_port=8125 -[maat] -# 0:json 1: redis 2: iris -maat_input_mode=1 -table_info=resource/pangu/table_info.conf -json_cfg_file=resource/pangu/pangu_http.json -stat_file=log/pangu_scan.status -full_cfg_dir=pangu_policy/full/index/ -inc_cfg_dir=pangu_policy/inc/index/ - -maat_redis_server={{ maat_redis_server.address }} -maat_redis_port_range={{ maat_redis_server.port }} -maat_redis_db_index={{ maat_redis_server.db }} -effect_interval_s=1 -#accept_tags={"tags":[{"tag":"location","value":"Astana"}]} - -[dynamic_maat] -maat_input_mode=1 -table_info=resource/pangu/dynamic_maat_table_info.conf -maat_redis_server={{ dynamic_maat_redis_server.address }} -maat_redis_port_range={{ dynamic_maat_redis_server.port }} -maat_redis_db_index={{ dynamic_maat_redis_server.db }} -effect_interval_s=1 - -[tango_cache] -enable_cache=0 -minio_ip_list=192.168.10.61-64; -minio_listen_port=9000 - -#max_connection_per_host=1 -max_cnnt_pipeline_num=20 -#max_curl_session_num=100 - -cache_bucket_name=proxybucket -max_used_memory_size_mb=10240 -cache_default_ttl_second=3600 -cache_object_key_hash_switch=1 - -#1-minio,2-redis -#Store way: 0-MINIO; 1-META in REDIS, object in minio; 2-META and small object in Redis, large object in minio; -cache_store_object_way=0 -#If CACHE_STORE_OBJECT_WAY is 2 and the size of a object is not bigger than this value, object will be stored in redis. -redis_cache_object_size=102400 -#If CACHE_STORE_OBJECT_WAY is not 0, we will use redis to store meta and object. -redis_cluster_ip_list=192.168.10.62-63; -redis_cluster_port_range=6379 -#wired load balancer configuration -wiredlb_override=1 -wiredlb_topic=MinioCache -wiredlb_datacenter=k18consul-tse -wiredlb_health_port=52101 -wiredlb_group=TangoCache - -cache_undefined_obj=1 -query_undefined_obj=0 -statsd_server={{fs_remote.address}} -statsd_port={{fs_remote.port}} -histogram_bins=0.20,0.40,0.6,0.8 - -log_fsstat_appname=tango_cache -log_fsstat_filepath=./tango_cache_client.fs -log_fsstat_interval=10 -log_fsstat_trig=1 -log_fsstat_dst_ip=10.4.20.201 -log_fsstat_dst_port=8125 - - -[traffic_mirror] -table_info=resource/pangu/table_info_traffic_mirror.conf -stat_file=log/traffic_mirror.status +[debug] +log_level=10 + +[log] +entrance_id=0 + +#Addresses of minio. Format is defined by WiredLB. +#minio_ip_list=192.168.10.61-64; +minio_ip_list= {{ log_minio.address }} +minio_listen_port= {{ log_minio.port }} +#Maximum number of connections opened by per host. +#MAX_CONNECTION_PER_HOST=1 +#Maximum number of requests in a pipeline. +#MAX_CNNT_PIPELINE_NUM=20 +#Maximum parellel sessions(http and redis) is allowed to open. +#MAX_CURL_SESSION_NUM=100 +#Maximum time the request is allowed to take(seconds). +#MAX_CURL_TRANSFER_TIMEOUT_S=0 + +#Bucket name in minio. +cache_bucket_name=proxybucket +#Maximum size of memory used by tango_cache_client. Upload will fail if the current size of memory used exceeds this value. +max_used_memroy_size_mb=5120 +#Default TTL of objects, i.e. the time after which the object will expire(minumun 60s, i.e. 1 minute). +cache_default_ttl_second=3600 +#Whether to hash the object key before cache actions. GET/PUT may be faster if you open it. +cache_object_key_hash_switch=1 + +#Store way: 0-MINIO; 1-META in REDIS, object in minio; 2-META and small object in Redis, large object in minio; +cache_store_object_way=0 +#If CACHE_STORE_OBJECT_WAY is 2 and the size of a object is not bigger than this value, object will be stored in redis. +redis_cache_object_size=1024000 +#Configs of WiredLB for Minios load balancer. +#WIREDLB_OVERRIDE=1 +wiredlb_health_port=42310 +#If CACHE_STORE_OBJECT_WAY is not 0, we will use redis to store meta and object. +redis_cluster_ip_list=192.168.10.62-63; +redis_cluster_port_range=6379 +#wired load balancer configuration + +wiredlb_override=1 +wiredlb_topic=MinioFileLog +wiredlb_datacenter=k18consul-tse +wiredlb_health_port=52102 +wiredlb_group=FileLog + +log_fsstat_appname=tango_log_file +log_fsstat_filepath=./tango_log_file.fs +log_fsstat_interval=10 +log_fsstat_trig=1 +log_fsstat_dst_ip=10.4.20.202 +log_fsstat_dst_port=8125 + +[ratelimit] +enable=0 +token_name=ratelimit +redis_server={{ maat_redis_server.address }} +redis_port={{ maat_redis_server.port }} +redis_db_index=6 + +[tango_cache] +enable_cache=0 +minio_ip_list=192.168.10.61-64; +minio_listen_port=9000 + +#max_connection_per_host=1 +max_cnnt_pipeline_num=20 +#max_curl_session_num=100 + +cache_bucket_name=proxybucket +max_used_memory_size_mb=10240 +cache_default_ttl_second=3600 +cache_object_key_hash_switch=1 + +#1-minio,2-redis +#Store way: 0-MINIO; 1-META in REDIS, object in minio; 2-META and small object in Redis, large object in minio; +cache_store_object_way=0 +#If CACHE_STORE_OBJECT_WAY is 2 and the size of a object is not bigger than this value, object will be stored in redis. +redis_cache_object_size=102400 +#If CACHE_STORE_OBJECT_WAY is not 0, we will use redis to store meta and object. +redis_cluster_ip_list=192.168.10.62-63; +redis_cluster_port_range=6379 +#wired load balancer configuration +wiredlb_override=1 +wiredlb_topic=MinioCache +wiredlb_datacenter=k18consul-tse +wiredlb_health_port=52101 +wiredlb_group=TangoCache + +cache_undefined_obj=1 +query_undefined_obj=0 +statsd_server=192.168.10.72 +statsd_port=8126 +histogram_bins=0.20,0.40,0.6,0.8 + +log_fsstat_appname=tango_cache +log_fsstat_filepath=./tango_cache_client.fs +log_fsstat_interval=10 +log_fsstat_trig=1 +log_fsstat_dst_ip=10.4.20.201 +log_fsstat_dst_port=8125 + + +[traffic_mirror] +table_info=resource/pangu/table_info_traffic_mirror.conf +stat_file=log/traffic_mirror.status + diff --git a/roles/tfe/templates/tfe.conf.j2 b/roles/tfe/templates/tfe.conf.j2 index 02beb08..cafdcc8 100644 --- a/roles/tfe/templates/tfe.conf.j2 +++ b/roles/tfe/templates/tfe.conf.j2 @@ -1,14 +1,15 @@ [system] nr_worker_threads={{ tfe.nr_threads }} -enable_breakpad=1 +enable_breakpad=0 enable_breakpad_upload=0 breakpad_minidump_dir=/run/tfe/crashreport/ breakpad_upload_url=http://127.0.0.1:9000/ disable_coredump=0 + [kni] ip=192.168.100.1 -scm_port=2475 +cmsg_port=2475 watchdog_switch=1 watchdog_port=2476 @@ -44,15 +45,17 @@ mc_cache_topic=PXY-EXCH-INTERMEDIA-CERT [key_keeper] #Mode: debug - generate cert with ca_path, normal - generate cert with cert store #0 on cache 1 off cache -mode= {{ tfe.keykeeper.mode }} +mode= normal no_cache=0 cert_store_host= {{ cert_store_server.address }} cert_store_port= {{ cert_store_server.port }} ca_path=resource/tfe/tango-ca-v3-trust-ca.pem untrusted_ca_path=resource/tfe/tango-ca-v3-untrust-ca.pem -enable_health_check=0 +# health_check only for "mode=normal" +# default 1 +enable_health_check=1 -[debug] +[debug] passthrough_all_tcp=0 [traffic_mirror] @@ -84,6 +87,44 @@ level=10 [stat] statsd_server={{ fs_remote.address }} statsd_port={{ fs_remote.port }} +statsd_cycle=5 +# FS_OUTPUT_STATSD=1, FS_OUTPUT_INFLUX_LINE=2 +statsd_format=2 [http] loglevel=10 + +[kafka] +enable=1 +{% if tsg_running_type == 0 or 1 %} +nic_name={{ server.ethname }} +{% else %} +nic_name={{ nic_mgr.name }} +{% endif %} +kafka_brokerlist={{ log_kafkabrokers.address }} +kafka_topic=PROXY-EVENT-LOG +device_id_filepath=/opt/tsg/etc/tsg_sn.json + +[maat] +# 0:json 1: redis 2: iris +maat_input_mode=1 +table_info=resource/pangu/table_info.conf +json_cfg_file=resource/pangu/pangu_http.json +stat_file=log/pangu_scan.status +full_cfg_dir=pangu_policy/full/index/ +inc_cfg_dir=pangu_policy/inc/index/ + +maat_redis_server={{ maat_redis_server.address }} +maat_redis_port_range={{ maat_redis_server.port }} +maat_redis_db_index={{ maat_redis_server.db }} +effect_interval_s=1 +#accept_tags={"tags":[{"tag":"location","value":"Astana"}]} + +[dynamic_maat] +maat_input_mode=1 +table_info=resource/pangu/dynamic_maat_table_info.conf +maat_redis_server={{ dynamic_maat_redis_server.address }} +maat_redis_port_range={{ dynamic_maat_redis_server.port }} +maat_redis_db_index={{ dynamic_maat_redis_server.db }} +effect_interval_s=1 + diff --git a/roles/tsg_master/files/tsg_master-1.3.3.65833d7-2.el7.x86_64.rpm b/roles/tsg_master/files/tsg_master-1.3.3.65833d7-2.el7.x86_64.rpm deleted file mode 100644 index 0c7893c..0000000 Binary files a/roles/tsg_master/files/tsg_master-1.3.3.65833d7-2.el7.x86_64.rpm and /dev/null differ diff --git a/roles/tsg_master/files/tsg_master-3.0.3.3c9cf15-2.el7.x86_64.rpm b/roles/tsg_master/files/tsg_master-3.0.3.3c9cf15-2.el7.x86_64.rpm new file mode 100644 index 0000000..5322b69 Binary files /dev/null and b/roles/tsg_master/files/tsg_master-3.0.3.3c9cf15-2.el7.x86_64.rpm differ diff --git a/roles/tsg_master/tasks/main.yml b/roles/tsg_master/tasks/main.yml index 3e75555..ef33686 100644 --- a/roles/tsg_master/tasks/main.yml +++ b/roles/tsg_master/tasks/main.yml @@ -6,6 +6,6 @@ - name: "install tsg_master from localhost" yum: name: - - /tmp/ansible_deploy/tsg_master-1.3.3.65833d7-2.el7.x86_64.rpm + - /tmp/ansible_deploy/tsg_master-3.0.3.3c9cf15-2.el7.x86_64.rpm state: present skip_broken: yes