gfwleak/solutions-tsg-scripts
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

1.add app_control_log_level

Browse Source
This commit is contained in:
fumingwei
2020-11-18 16:28:57 +06:00
parent 471625d86f
commit 50cea1e901
16 changed files with 853 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
Aktau_install_config/group_vars/adc_global.yml
View File

@@ -51,6 +51,7 @@ fw_mail_log_level: 10
fw_http_log_level: 10
fw_dns_log_level: 10
fw_quic_log_level: 10
app_control_log_level: 10
capture_packet_log_level: 10
tsg_log_level: 10
tsg_master_log_level: 10

127
Aktau_install_config/group_vars/adc_global.yml-bak Normal file
View File

@@ -0,0 +1,127 @@
#########################################
#####1: Inline_device; 2: Allot; 3: ADC_Tun_mode;
tsg_access_type: 2
#####2: ADC;
tsg_running_type: 2
########################################
#Deploy_finished_reboot
Deploy_finished_reboot: 0
########################################
#IP Config
maat_redis_city_server:
address: "10.1.62.253"
port: 7002
maat_redis_server:
address: "192.168.100.1"
port: 7002
port_num: 1
db: 0
dynamic_maat_redis_server:
address: "192.168.100.1"
port: 7002
port_num: 1
db: 1
cert_store_server:
address: "192.168.100.1"
port: 9991
log_kafkabrokers:
address: "10.1.61.4:9092,10.1.61.5:9092,10.1.61.6:9092"
telegraf_kafkabrokers:
address: "\"10.1.61.4:9092\",\"10.1.61.5:9092\",\"10.1.61.6:9092\""
monitor_outputs_influxdb:
url: "http://127.0.0.1:58086"
log_minio:
address: "10.1.62.253"
port: 9090
#########################################
#Log Level Config
#日志等级 10:DEBUG 20:INFO 30:FATAL
fw_ftp_log_level: 10
fw_mail_log_level: 10
fw_http_log_level: 10
fw_dns_log_level: 10
fw_quic_log_level: 10
capture_packet_log_level: 10
tsg_log_level: 10
tsg_master_log_level: 10
kni_log_level: 10
#日志等级 DEBUG INFO FATAL
tfe_log_level: FATAL
tfe_http_log_level: FATAL
pangu_log_level: FATAL
doh_log_level: FATAL
certstore_log_level: FATAL
packet_dump_log_level: 10
#######################################
#Sapp Performance Config
#Sapp工作在ADC计算板0时建议使用如下30+8的配置以保证更高的处理性能
sapp:
worker_threads: 42
send_only_threads_max: 1
bind_mask: 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43
inbound_route_dir: 1
########################################
#Kni Config
kni:
global:
tfe_node_count: 3
watch_dog:
switch: 1
maat:
readconf_mode: 2
send_logger:
switch: 1
tfe_nodes:
tfe0_enabled: 1
tfe1_enabled: 1
tfe2_enabled: 1
########################################
#Tfe Config
tfe:
nr_threads: 32
mirror_enable: 1
########################################
#Marsio Config
#marsio工作在ADC计算板时建议使用如下配置以保证更高的处理性能
mrzcpd:
iocore: 52,53,54,55
mrtunnat:
lcore_id: 48,49,50,51
#########################################
#Tsg_app
tsg_app_enable: 0
app_global_ip: "1.1.1.1"
applog_level: 10
app_master_log_level: 10
app_sketch_local_log_level: 10
app_control_plug_log_level: 10
breakpad_upload_url: http://10.4.63.4:9000/api/2/minidump/?sentry_key=3556bac347c74585a994eb6823faf5c6
data_center: Aktau
tsg_master_entrance_id: 1
nic_mgr:
name: em1
sapp_prometheus_enable: 1
sapp_prometheus_port: 9273
sapp_prometheus_url_path: "/metrics"

1
Aktubinsk_install_config/group_vars/adc_global.yml
View File

@@ -51,6 +51,7 @@ fw_mail_log_level: 10
fw_http_log_level: 10
fw_dns_log_level: 10
fw_quic_log_level: 10
app_control_log_level: 10
capture_packet_log_level: 10
tsg_log_level: 10
tsg_master_log_level: 10

1
Almaty_install_config/group_vars/adc_global.yml
View File

@@ -51,6 +51,7 @@ fw_mail_log_level: 10
fw_http_log_level: 10
fw_dns_log_level: 10
fw_quic_log_level: 10
app_control_log_level: 10
capture_packet_log_level: 10
tsg_log_level: 10
tsg_master_log_level: 10

1
Atyrau_install_config/group_vars/adc_global.yml
View File

@@ -51,6 +51,7 @@ fw_mail_log_level: 10
fw_http_log_level: 10
fw_dns_log_level: 10
fw_quic_log_level: 10
app_control_log_level: 10
capture_packet_log_level: 10
tsg_log_level: 10
tsg_master_log_level: 10

165
Deploy_test.yml Normal file
View File

@@ -0,0 +1,165 @@
- hosts:
- adc_mcn0
- adc_mcn1
- adc_mcn2
- adc_mcn3
- packet_dump_server
remote_user: root
vars_files:
- Almaty_install_config/group_vars/adc_global.yml
roles:
- framework
- hosts: packet_dump_server
remote_user: root
vars_files:
- Almaty_install_config/group_vars/adc_global.yml
roles:
- packet_dump
- hosts: adc_mxn
remote_user: root
roles:
# - tsg-env-mxn
- hosts: adc_mcn0
remote_user: root
vars_files:
- Almaty_install_config/group_vars/adc_global.yml
- Almaty_install_config/group_vars/adc_mcn0.yml
roles:
# - tsg-env-mcn0
- kernel-ml
- mrzcpd
- sapp
- tsg_master
- kni
- firewall
# - tsg_app
- http_healthcheck
- redis
- cert-redis
- maat-redis
- certstore
- telegraf_statistic
- app_proto_identify
# - tsg_device_tag
- hosts: adc_mcn1
remote_user: root
vars_files:
- Almaty_install_config/group_vars/adc_global.yml
- Almaty_install_config/group_vars/adc_mcn1.yml
roles:
# - tsg-env-mcn1
- kernel-ml
- mrzcpd
- tfe
- hosts: adc_mcn2
remote_user: root
vars_files:
- Almaty_install_config/group_vars/adc_global.yml
- Almaty_install_config/group_vars/adc_mcn2.yml
roles:
# - tsg-env-mcn2
- kernel-ml
- mrzcpd
- tfe
- hosts: adc_mcn3
remote_user: root
vars_files:
- Almaty_install_config/group_vars/adc_global.yml
- Almaty_install_config/group_vars/adc_mcn3.yml
roles:
- kernel-ml
# - tsg-env-mcn3
- mrzcpd
- tfe
- hosts: adc_mcn0
remote_user: root
roles:
- docker-env
- tsg-diagnose
- hosts:
- adc_mcn1
- adc_mcn2
- adc_mcn3
remote_user: root
roles:
- tsg-diagnose_sync_ca
- hosts: adc_mcn0
remote_user: root
roles:
- tsg-diagnose_stop_sync
- hosts:
- adc_mcn0
- adc_mcn1
- adc_mcn2
- adc_mcn3
remote_user: root
vars_files:
- Almaty_install_config/group_vars/adc_global.yml
roles:
#- reboot
- hosts:
- adc_mxn
- adc_mcn0
- adc_mcn1
- adc_mcn2
- adc_mcn3
remote_user: root
roles:
- adc_exporter
- hosts: adc_mxn
remote_user: root
roles:
- adc_exporter_proxy
- hosts:
- adc_mcn0
- adc_mcn1
- adc_mcn2
- adc_mcn3
remote_user: root
roles:
- switch_control
- hosts: server-as-tun-mode
remote_user: root
vars_files:
- Almaty_install_config/group_vars/server_as_tun_mode.yml
roles:
- kernel-ml
- framework
- mrzcpd
- tsg-env-tun-mode
- sapp
- tsg_master
- kni
- firewall
- tsg_app
- http_healthcheck
- certstore
- redis
- cert-redis
- maat-redis
- tfe
- telegraf_statistic
- proxy_status
# - tsg_device_tag
- reboot
- hosts: app_global
remote_user: root
vars_files:
- Almaty_install_config/group_vars/app_global.yml
roles:
- app_global

1
Karaganda_install_config/group_vars/adc_global.yml
View File

@@ -51,6 +51,7 @@ fw_mail_log_level: 10
fw_http_log_level: 10
fw_dns_log_level: 10
fw_quic_log_level: 10
app_control_log_level: 10
capture_packet_log_level: 10
tsg_log_level: 10
tsg_master_log_level: 10

1
Kyzylorda_install_config/group_vars/adc_global.yml
View File

@@ -51,6 +51,7 @@ fw_mail_log_level: 10
fw_http_log_level: 10
fw_dns_log_level: 10
fw_quic_log_level: 10
app_control_log_level: 10
capture_packet_log_level: 10
tsg_log_level: 10
tsg_master_log_level: 10

59
NurSultan_install_config/hosts.ok Normal file
View File

@@ -0,0 +1,59 @@
###################
# For example #
###################
#变量device_id根据设备序号设置即可
#变量vvipv4_1、vvipv4_2、vvipv6_1、vvipv6_2为Allot相关配置其他环境可不填或直接删除变量
#
#20.09版本新增APP部署
#[app_global]
#0.0.0.0
#[server-as-tun-mode]
#1.1.1.1 device_id=device_1
#
#[adc_mxn]
#10.3.72.1
#10.3.72.2
#
#[adc_mcn0]
#10.3.73.1 device_id=device_1 vvipv4_1=10.3.61.1 vvipv4_2=10.3.62.1 vvipv6_1=fc00::61:1 vvipv6_2=fc00::62:1
#10.3.73.2 device_id=device_2 vvipv4_1=10.3.61.2 vvipv4_2=10.3.62.2 vvipv6_1=fc00::61:2 vvipv6_2=fc00::62:2
#
#[adc_mcn1]
#10.3.74.1 device_id=device_1
#10.3.74.2 device_id=device_2
#
#[adc_mcn2]
#10.3.75.1 device_id=device_1
#10.3.75.2 device_id=device_2
#
#[adc_mcn3]
#10.3.76.1 device_id=device_1
#10.3.76.2 device_id=device_2
#[app_global]
#[server-as-tun-mode]
#broken warning:
#10.4.52.71
[adc_mxn]
10.4.55.[1:20]
10.4.55.[23:52]
10.4.55.[55:78]
[adc_mcn0]
10.4.51.[1:20]
10.4.51.[23:52]
10.4.51.[55:78]
[adc_mcn1]
10.4.52.[1:20]
10.4.52.[23:52]
10.4.52.[55:78]
[adc_mcn2]
10.4.53.[1:20]
10.4.53.[23:52]
10.4.53.[55:78]
[adc_mcn3]
10.4.54.[1:20]
10.4.54.[23:52]
10.4.54.[55:78]
[packet_dump_server]
10.4.61.3

49
NurSultan_install_config/hosts.test Normal file
View File

@@ -0,0 +1,49 @@
###################
# For example #
###################
#变量device_id根据设备序号设置即可
#变量vvipv4_1、vvipv4_2、vvipv6_1、vvipv6_2为Allot相关配置其他环境可不填或直接删除变量
#
#20.09版本新增APP部署
#[app_global]
#0.0.0.0
#[server-as-tun-mode]
#1.1.1.1 device_id=device_1
#
#[adc_mxn]
#10.3.72.1
#10.3.72.2
#
#[adc_mcn0]
#10.3.73.1 device_id=device_1 vvipv4_1=10.3.61.1 vvipv4_2=10.3.62.1 vvipv6_1=fc00::61:1 vvipv6_2=fc00::62:1
#10.3.73.2 device_id=device_2 vvipv4_1=10.3.61.2 vvipv4_2=10.3.62.2 vvipv6_1=fc00::61:2 vvipv6_2=fc00::62:2
#
#[adc_mcn1]
#10.3.74.1 device_id=device_1
#10.3.74.2 device_id=device_2
#
#[adc_mcn2]
#10.3.75.1 device_id=device_1
#10.3.75.2 device_id=device_2
#
#[adc_mcn3]
#10.3.76.1 device_id=device_1
#10.3.76.2 device_id=device_2
#[app_global]
#[server-as-tun-mode]
#broken warning:
#10.4.52.71
[adc_mxn]
10.4.55.19
[adc_mcn0]
10.4.51.19
[adc_mcn1]
10.4.52.19
[adc_mcn2]
10.4.53.19
[adc_mcn3]
10.4.54.19
[packet_dump_server]
10.4.61.3

1
Taldykurgan_install_config/group_vars/adc_global.yml
View File

@@ -51,6 +51,7 @@ fw_mail_log_level: 10
fw_http_log_level: 10
fw_dns_log_level: 10
fw_quic_log_level: 10
app_control_log_level: 10
capture_packet_log_level: 10
tsg_log_level: 10
tsg_master_log_level: 10

1
Uralsk_install_config/group_vars/adc_global.yml
View File

@@ -51,6 +51,7 @@ fw_mail_log_level: 10
fw_http_log_level: 10
fw_dns_log_level: 10
fw_quic_log_level: 10
app_control_log_level: 10
capture_packet_log_level: 10
tsg_log_level: 10
tsg_master_log_level: 10

172
adc_deploy.yml Normal file
View File

@@ -0,0 +1,172 @@
- hosts:
- adc_mcn0
- adc_mcn1
- adc_mcn2
- adc_mcn3
- packet_dump_server
remote_user: root
vars_files:
- group_vars/adc_global_general.yml
- '{{ config_path }}/group_vars/adc_global.yml'
roles:
- framework
- hosts: packet_dump_server
remote_user: root
vars_files:
- group_vars/adc_global_general.yml
- '{{ config_path }}/group_vars/adc_global.yml'
roles:
- packet_dump
- hosts: adc_mxn
remote_user: root
roles:
# - tsg-env-mxn
- hosts: adc_mcn0
remote_user: root
vars_files:
- group_vars/adc_global_general.yml
- '{{ config_path }}/group_vars/adc_global.yml'
- '{{ config_path }}/group_vars/adc_mcn0.yml'
roles:
# - tsg-env-mcn0
- kernel-ml
- mrzcpd
- sapp
- tsg_master
- kni
- firewall
# - tsg_app
- http_healthcheck
- redis
- cert-redis
- maat-redis
- certstore
- telegraf_statistic
- app_proto_identify
# - tsg_device_tag
- hosts: adc_mcn1
remote_user: root
vars_files:
- group_vars/adc_global_general.yml
- '{{ config_path }}/group_vars/adc_global.yml'
- '{{ config_path }}/group_vars/adc_mcn1.yml'
roles:
# - tsg-env-mcn1
- kernel-ml
- mrzcpd
- tfe
- hosts: adc_mcn2
remote_user: root
vars_files:
- group_vars/adc_global_general.yml
- '{{ config_path }}/group_vars/adc_global.yml'
- '{{ config_path }}/group_vars/adc_mcn2.yml'
roles:
# - tsg-env-mcn2
- kernel-ml
- mrzcpd
- tfe
- hosts: adc_mcn3
remote_user: root
vars_files:
- group_vars/adc_global_general.yml
- '{{ config_path }}/group_vars/adc_global.yml'
- '{{ config_path }}/group_vars/adc_mcn3.yml'
roles:
- kernel-ml
# - tsg-env-mcn3
- mrzcpd
- tfe
- hosts: adc_mcn0
remote_user: root
roles:
- docker-env
- tsg-diagnose
- hosts:
- adc_mcn1
- adc_mcn2
- adc_mcn3
remote_user: root
roles:
- tsg-diagnose_sync_ca
- hosts: adc_mcn0
remote_user: root
roles:
- tsg-diagnose_stop_sync
- hosts:
- adc_mcn0
- adc_mcn1
- adc_mcn2
- adc_mcn3
remote_user: root
vars_files:
- group_vars/adc_global_general.yml
- '{{ config_path }}/group_vars/adc_global.yml'
roles:
#- reboot
- hosts:
- adc_mxn
- adc_mcn0
- adc_mcn1
- adc_mcn2
- adc_mcn3
remote_user: root
roles:
- adc_exporter
- hosts: adc_mxn
remote_user: root
roles:
- adc_exporter_proxy
- hosts:
- adc_mcn0
- adc_mcn1
- adc_mcn2
- adc_mcn3
remote_user: root
roles:
- switch_control
- hosts: server-as-tun-mode
remote_user: root
vars_files:
- '{{ config_path }}/group_vars/server_as_tun_mode.yml'
roles:
- kernel-ml
- framework
- mrzcpd
- tsg-env-tun-mode
- sapp
- tsg_master
- kni
- firewall
- tsg_app
- http_healthcheck
- certstore
- redis
- cert-redis
- maat-redis
- tfe
- telegraf_statistic
- proxy_status
# - tsg_device_tag
- reboot
- hosts: app_global
remote_user: root
vars_files:
- '{{ config_path }}/group_vars/app_global.yml'
roles:
- app_global

169
adc_deploy.yml.edit Normal file
View File

@@ -0,0 +1,169 @@
- hosts:
- adc_mcn1
- adc_mcn2
- adc_mcn3
remote_user: root
vars_files:
- group_vars/adc_global_general.yml
- '{{ config_path }}/group_vars/adc_global.yml'
roles:
- framework
- hosts: packet_dump_server
remote_user: root
vars_files:
- group_vars/adc_global_general.yml
- '{{ config_path }}/group_vars/adc_global.yml'
roles:
- framework
- packet_dump
- hosts: adc_mcn0
remote_user: root
vars_files:
- group_vars/adc_global_general.yml
- '{{ config_path }}/group_vars/adc_global.yml'
- '{{ config_path }}/group_vars/adc_mcn0.yml'
roles:
# - tsg-env-mcn0
- framework
- kernel-ml
- mrzcpd
- sapp
- tsg_master
- kni
- firewall
# - tsg_app
- http_healthcheck
- redis
- cert-redis
- maat-redis
- certstore
- telegraf_statistic
- app_proto_identify
# - tsg_device_tag
- hosts: adc_mcn1
remote_user: root
vars_files:
- group_vars/adc_global_general.yml
- '{{ config_path }}/group_vars/adc_global.yml'
- '{{ config_path }}/group_vars/adc_mcn1.yml'
roles:
# - tsg-env-mcn1
- framework
- kernel-ml
- mrzcpd
- tfe
- hosts: adc_mcn2
remote_user: root
vars_files:
- group_vars/adc_global_general.yml
- '{{ config_path }}/group_vars/adc_global.yml'
- '{{ config_path }}/group_vars/adc_mcn2.yml'
roles:
# - tsg-env-mcn2
- kernel-ml
- mrzcpd
- tfe
- hosts: adc_mcn3
remote_user: root
vars_files:
- group_vars/adc_global_general.yml
- '{{ config_path }}/group_vars/adc_global.yml'
- '{{ config_path }}/group_vars/adc_mcn3.yml'
roles:
- kernel-ml
# - tsg-env-mcn3
- mrzcpd
- tfe
- hosts: adc_mcn0
remote_user: root
roles:
- docker-env
- tsg-diagnose
- hosts:
- adc_mcn1
- adc_mcn2
- adc_mcn3
remote_user: root
roles:
- tsg-diagnose_sync_ca
- hosts: adc_mcn0
remote_user: root
roles:
- tsg-diagnose_stop_sync
- hosts:
- adc_mcn0
- adc_mcn1
- adc_mcn2
- adc_mcn3
remote_user: root
vars_files:
- group_vars/adc_global_general.yml
- '{{ config_path }}/group_vars/adc_global.yml'
roles:
#- reboot
- hosts:
- adc_mxn
- adc_mcn0
- adc_mcn1
- adc_mcn2
- adc_mcn3
remote_user: root
roles:
- adc_exporter
- hosts: adc_mxn
remote_user: root
roles:
- adc_exporter_proxy
- hosts:
- adc_mcn0
- adc_mcn1
- adc_mcn2
- adc_mcn3
remote_user: root
roles:
- switch_control
- hosts: server-as-tun-mode
remote_user: root
vars_files:
- '{{ config_path }}/group_vars/server_as_tun_mode.yml'
roles:
- kernel-ml
- framework
- mrzcpd
- tsg-env-tun-mode
- sapp
- tsg_master
- kni
- firewall
- tsg_app
- http_healthcheck
- certstore
- redis
- cert-redis
- maat-redis
- tfe
- telegraf_statistic
- proxy_status
# - tsg_device_tag
- reboot
- hosts: app_global
remote_user: root
vars_files:
- '{{ config_path }}/group_vars/app_global.yml'
roles:
- app_global

11
deploy_sapp_firewall_kni.yml Normal file
View File

@@ -0,0 +1,11 @@
- hosts: adc_mcn0
remote_user: root
vars_files:
- '{{ config_path }}/group_vars/adc_global.yml'
- '{{ config_path }}/group_vars/adc_mcn0.yml'
roles:
- sapp
- tsg_master
- kni
- firewall

93
group_vars/adc_global_general.yml Normal file
View File

@@ -0,0 +1,93 @@
#########################################
#####1: Inline_device; 2: Allot; 3: ADC_Tun_mode;
tsg_access_type: 2
#####2: ADC;
tsg_running_type: 2
########################################
#Deploy_finished_reboot
Deploy_finished_reboot: 0
########################################
#IP Config
maat_redis_server:
address: "192.168.100.1"
port: 7002
port_num: 1
db: 0
dynamic_maat_redis_server:
address: "192.168.100.1"
port: 7002
port_num: 1
db: 1
cert_store_server:
address: "192.168.100.1"
port: 9991
#########################################
#Log Level Config
#日志等级 10:DEBUG 20:INFO 30:FATAL
fw_ftp_log_level: 10
fw_mail_log_level: 10
fw_http_log_level: 10
fw_dns_log_level: 10
fw_quic_log_level: 10
app_control_log_level: 10
capture_packet_log_level: 10
tsg_log_level: 10
tsg_master_log_level: 10
kni_log_level: 10
#日志等级 DEBUG INFO FATAL
tfe_log_level: FATAL
tfe_http_log_level: FATAL
pangu_log_level: FATAL
doh_log_level: FATAL
certstore_log_level: FATAL
packet_dump_log_level: 10
#######################################
#Sapp Performance Config
#Sapp工作在ADC计算板0时建议使用如下30+8的配置以保证更高的处理性能
sapp:
worker_threads: 42
send_only_threads_max: 1
bind_mask: 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43
inbound_route_dir: 1
########################################
#Kni Config
kni:
global:
tfe_node_count: 3
watch_dog:
switch: 1
maat:
readconf_mode: 2
send_logger:
switch: 1
tfe_nodes:
tfe0_enabled: 1
tfe1_enabled: 1
tfe2_enabled: 1
########################################
#Tfe Config
tfe:
nr_threads: 32
mirror_enable: 1
########################################
#Marsio Config
#marsio工作在ADC计算板时建议使用如下配置以保证更高的处理性能
mrzcpd:
iocore: 52,53,54,55
mrtunnat:
lcore_id: 48,49,50,51
#########################################
#Tsg_app