diff --git a/NurSultan_install_config/group_vars/adc_global.yml b/NurSultan_install_config/group_vars/adc_global.yml index 714132b..2de720d 100644 --- a/NurSultan_install_config/group_vars/adc_global.yml +++ b/NurSultan_install_config/group_vars/adc_global.yml @@ -126,3 +126,5 @@ sapp_prometheus_enable: 1 sapp_prometheus_port: 9273 sapp_prometheus_url_path: "/metrics" +#ping_test: +# target: [10.4.56.128,10.4.57.128,10.4.56.129,10.4.57.129,10.4.56.130,10.4.57.130,10.4.56.131,10.4.57.131,10.4.58.132,10.4.59.132,10.4.58.133,10.4.59.133,10.4.58.134,10.4.59.134,10.4.58.136 10.4.59.136,10.4.58.137,10.4.59.137] diff --git a/roles/adc_exporter_ping/files/ping_exporter b/roles/adc_exporter_ping/files/ping_exporter new file mode 100755 index 0000000..a2915fd Binary files /dev/null and b/roles/adc_exporter_ping/files/ping_exporter differ diff --git a/roles/adc_exporter_ping/tasks/main.yml b/roles/adc_exporter_ping/tasks/main.yml new file mode 100644 index 0000000..e951705 --- /dev/null +++ b/roles/adc_exporter_ping/tasks/main.yml @@ -0,0 +1,23 @@ +- name: "mkdir /opt/adc-exporter/" + file: + path: /opt/adc-exporter/ + state: directory + +- name: "copy ping_exporter" + copy: + src: '{{ role_path }}/files/ping_exporter' + dest: /opt/adc-exporter/ping_exporter + mode: 0755 + +- name: "templates ping_exporter.service" + template: + src: "{{role_path}}/templates/adc-exporter-ping.service.j2" + dest: /usr/lib/systemd/system/adc-exporter-ping.service + tags: template + +- name: 'adc-exporter-ping service start' + systemd: + name: adc-exporter-ping + enabled: yes + daemon_reload: yes + state: restarted diff --git a/roles/adc_exporter_ping/templates/adc-exporter-ping.service.j2 b/roles/adc_exporter_ping/templates/adc-exporter-ping.service.j2 new file mode 100644 index 0000000..ebaf8e4 --- /dev/null +++ b/roles/adc_exporter_ping/templates/adc-exporter-ping.service.j2 @@ -0,0 +1,11 @@ +[Unit] +Description=Ping Exporter +After=network.target + +[Service] +Type=simple +ExecStart=/opt/adc-exporter/ping_exporter {{ ping_test.target|join(" ")}} --ping.size=512 --ping.interval=0.5s +Restart=always + +[Install] +WantedBy=multi-user.target diff --git a/roles/adc_exporter_proxy/templates/nginx.conf.j2 b/roles/adc_exporter_proxy/templates/nginx.conf.j2 index fbec5e7..646282e 100644 --- a/roles/adc_exporter_proxy/templates/nginx.conf.j2 +++ b/roles/adc_exporter_proxy/templates/nginx.conf.j2 @@ -144,5 +144,9 @@ http { location /metrics/blade/mcn0/maat_redis { proxy_pass http://192.168.100.1:9121/metrics; } + + location /metrics/blade/mcn0/ping_exporter { + proxy_pass http://192.168.100.1:9427/metrics; + } } } diff --git a/roles/switch_rule/files/saved_startup b/roles/switch_rule/files/saved_startup new file mode 100755 index 0000000..8eded30 --- /dev/null +++ b/roles/switch_rule/files/saved_startup @@ -0,0 +1,347 @@ +# TestPoint History +load ./Config/libertyTrail/testpoint_startup + +add vlan port 1 0 + +create vlan 100 +add vlan port 100 0,11,37,39,41,43 +set port config 11 pvid 100 +set port config 11 mask 0,37,39,41,43 +set port config 0,11,39,37,41,43 learning on + +create vlan 200 +add vlan port 200 0,37,39,9,10,41,43 +set port config 0 mask 9..44 +set port config 37 mask 0..36,38..44 +set port config 39 mask 0..38,40..44 +set port config 41 mask 0..40,42..44 +set port config 43 mask 0..44 +set port config 0,39,37,41,43 learning on + +create vlan 4000 +add vlan port 4000 43 +create vlan 4001 +add vlan port 4001 43 + +create lag +add lag 9261 9,10 +add vlan port 200 9261 +set port config 9261 pvid 200 +set port config 9261 parser_cfg L4 +set port config 9261 learning on +set port config 9261 mask 0,11..44 + +create vlan all +create lag +add vlan port all 43 +add lag 9293 1,2,3,4 +add vlan port all 9293 +set port config 9293 parser_cfg L4 +set port config 9293 learning on +set port config 9293 mask 0,11..44 +set vlan tagging all 1,2,3,4 tag +set vlan tagging 1 1,2,3,4 untag + +create lag +add lag 9325 5,6,7,8 +add vlan port all 9325 +set port config 9325 parser_cfg L4 +set port config 9325 learning on +set port config 9325 mask 0,11..44 +set vlan tagging all 5,6,7,8 tag +set vlan tagging 1 5,6,7,8 untag + +set port 37,39,41,43 powerdown +set port 37,39,41,43 up +set port 1..36 up + +set port config 11 parser_cfg L4 +set port config 37..44 parser_cfg L4 + +set port config 11..36 max_frame_size 15360 +set switch reserved_mac all switch + +set switch config hashing l234 use_smac on +set switch config hashing l234 use_dmac on +set switch config hashing l234 use_l34 on +set switch config hashing l34 use_dip on +set switch config hashing l34 use_sip on +set switch config hashing l234 symmetric on +set switch config hashing l34 symmetric on + + +set port config 9261,9293,9325 max_frame_size 15360 +create acl 1 + +# Redirect all ARP request to ens1f2 +create acl-rule 1 40 +add acl-rule condition 1 40 src-port 1 +add acl-rule condition 1 40 ethtype 0x0806 +add acl-rule action 1 40 redirect 7214 + +create acl-rule 1 41 +add acl-rule condition 1 41 src-port 2 +add acl-rule condition 1 41 ethtype 0x0806 +add acl-rule action 1 41 redirect 7214 + +create acl-rule 1 42 +add acl-rule condition 1 42 src-port 3 +add acl-rule condition 1 42 ethtype 0x0806 +add acl-rule action 1 42 redirect 7214 + +create acl-rule 1 43 +add acl-rule condition 1 43 src-port 4 +add acl-rule condition 1 43 ethtype 0x0806 +add acl-rule action 1 43 redirect 7214 + +# Redirect all ICMPv4 to ens1f2 -- 10.0.0.0/8 +create acl-rule 1 44 +add acl-rule condition 1 44 src-port 1 +add acl-rule condition 1 44 protocol 0x1/0xff +add acl-rule condition 1 44 sip 10.0.0.0/8 +add acl-rule condition 1 44 dip 10.0.0.0/8 +add acl-rule action 1 44 redirect 7214 + +create acl-rule 1 45 +add acl-rule condition 1 45 src-port 2 +add acl-rule condition 1 45 protocol 0x1/0xff3 +add acl-rule condition 1 45 sip 10.0.0.0/8 +add acl-rule condition 1 45 dip 10.0.0.0/8 +add acl-rule action 1 45 redirect 7214 + +create acl-rule 1 46 +add acl-rule condition 1 46 src-port 3 +add acl-rule condition 1 46 protocol 0x1/0xff +add acl-rule condition 1 46 sip 10.0.0.0/8 +add acl-rule condition 1 46 dip 10.0.0.0/8 +add acl-rule action 1 46 redirect 7214 + +create acl-rule 1 47 +add acl-rule condition 1 47 src-port 4 +add acl-rule condition 1 47 protocol 0x1/0xff +add acl-rule condition 1 47 sip 10.0.0.0/8 +add acl-rule condition 1 47 dip 10.0.0.0/8 +add acl-rule action 1 47 redirect 7214 + +# Redirect all ICMPv4 to ens1f2 -- 192.168.0.0/16 +create acl-rule 1 48 +add acl-rule condition 1 48 src-port 1 +add acl-rule condition 1 48 protocol 0x1/0xff +add acl-rule condition 1 48 sip 192.168.0.0/16 +add acl-rule condition 1 48 dip 192.168.0.0/16 +add acl-rule action 1 48 redirect 7214 + +create acl-rule 1 49 +add acl-rule condition 1 49 src-port 2 +add acl-rule condition 1 49 protocol 0x1/0xff3 +add acl-rule condition 1 49 sip 192.168.0.0/16 +add acl-rule condition 1 49 dip 192.168.0.0/16 +add acl-rule action 1 49 redirect 7214 + +create acl-rule 1 50 +add acl-rule condition 1 50 src-port 3 +add acl-rule condition 1 50 protocol 0x1/0xff +add acl-rule condition 1 50 sip 192.168.0.0/16 +add acl-rule condition 1 50 dip 192.168.0.0/16 +add acl-rule action 1 50 redirect 7214 + +create acl-rule 1 51 +add acl-rule condition 1 51 src-port 4 +add acl-rule condition 1 51 protocol 0x1/0xff +add acl-rule condition 1 51 sip 192.168.0.0/16 +add acl-rule condition 1 51 dip 192.168.0.0/16 +add acl-rule action 1 51 redirect 7214 + +# Redirect all TCP with port 51218, for health check - 192.168.0.0/24 +create acl-rule 1 60 +add acl-rule condition 1 60 src-port 1 +add acl-rule condition 1 60 protocol 0x6/0xff +add acl-rule condition 1 60 sip 192.168.0.0/16 +add acl-rule condition 1 60 dip 192.168.0.0/16 +add acl-rule condition 1 60 l4-dst-port 51218/0xffff +add acl-rule action 1 60 redirect 7214 + +create acl-rule 1 61 +add acl-rule condition 1 61 src-port 2 +add acl-rule condition 1 61 protocol 0x6/0xff +add acl-rule condition 1 61 sip 192.168.0.0/16 +add acl-rule condition 1 61 dip 192.168.0.0/16 +add acl-rule condition 1 61 l4-dst-port 51218/0xffff +add acl-rule action 1 61 redirect 7214 + +create acl-rule 1 62 +add acl-rule condition 1 62 src-port 3 +add acl-rule condition 1 62 protocol 0x6/0xff +add acl-rule condition 1 62 sip 192.168.0.0/16 +add acl-rule condition 1 62 dip 192.168.0.0/16 +add acl-rule condition 1 62 l4-dst-port 51218/0xffff +add acl-rule action 1 62 redirect 7214 + +create acl-rule 1 63 +add acl-rule condition 1 63 src-port 4 +add acl-rule condition 1 63 protocol 0x6/0xff +add acl-rule condition 1 63 sip 192.168.0.0/16 +add acl-rule condition 1 63 dip 192.168.0.0/16 +add acl-rule condition 1 63 l4-dst-port 51218/0xffff +add acl-rule action 1 63 redirect 7214 + +# Redirect all TCP with port 51218, for health check - 10.0.0.0/8 +create acl-rule 1 64 +add acl-rule condition 1 64 src-port 1 +add acl-rule condition 1 64 protocol 0x6/0xff +add acl-rule condition 1 64 sip 10.0.0.0/8 +add acl-rule condition 1 64 dip 10.0.0.0/8 +add acl-rule condition 1 64 l4-dst-port 51218/0xffff +add acl-rule action 1 64 redirect 7214 + +create acl-rule 1 65 +add acl-rule condition 1 65 src-port 2 +add acl-rule condition 1 65 protocol 0x6/0xff +add acl-rule condition 1 65 sip 10.0.0.0/8 +add acl-rule condition 1 65 dip 10.0.0.0/8 +add acl-rule condition 1 65 l4-dst-port 51218/0xffff +add acl-rule action 1 65 redirect 7214 + +create acl-rule 1 66 +add acl-rule condition 1 66 src-port 3 +add acl-rule condition 1 66 protocol 0x6/0xff +add acl-rule condition 1 66 sip 10.0.0.0/8 +add acl-rule condition 1 66 dip 10.0.0.0/8 +add acl-rule condition 1 66 l4-dst-port 51218/0xffff +add acl-rule action 1 66 redirect 7214 + +create acl-rule 1 67 +add acl-rule condition 1 67 src-port 4 +add acl-rule condition 1 67 protocol 0x6/0xff +add acl-rule condition 1 67 sip 10.0.0.0/8 +add acl-rule condition 1 67 dip 10.0.0.0/8 +add acl-rule condition 1 67 l4-dst-port 51218/0xffff +add acl-rule action 1 67 redirect 7214 + +# Redirect all ICMPv6 link-scope packets +create acl-rule 1 70 +add acl-rule condition 1 70 src-port 1 +add acl-rule condition 1 70 frame-type ipv6 +add acl-rule condition 1 70 ttl 255 +add acl-rule action 1 70 redirect 7214 + +create acl-rule 1 71 +add acl-rule condition 1 71 src-port 2 +add acl-rule condition 1 71 frame-type ipv6 +add acl-rule condition 1 71 ttl 255 +add acl-rule action 1 71 redirect 7214 + +create acl-rule 1 72 +add acl-rule condition 1 72 src-port 3 +add acl-rule condition 1 72 frame-type ipv6 +add acl-rule condition 1 72 ttl 255 +add acl-rule action 1 72 redirect 7214 + +create acl-rule 1 73 +add acl-rule condition 1 73 src-port 4 +add acl-rule condition 1 73 frame-type ipv6 +add acl-rule condition 1 73 ttl 255 +add acl-rule action 1 73 redirect 7214 + +create acl-rule 1 74 +add acl-rule condition 1 74 src-port 1 +add acl-rule condition 1 74 frame-type ipv6 +add acl-rule condition 1 74 sip fc00::/7 +add acl-rule condition 1 74 dip fc00::/7 +add acl-rule action 1 74 redirect 7214 + +create acl-rule 1 75 +add acl-rule condition 1 75 src-port 2 +add acl-rule condition 1 75 frame-type ipv6 +add acl-rule condition 1 75 sip fc00::/7 +add acl-rule condition 1 75 dip fc00::/7 +add acl-rule action 1 75 redirect 7214 + +create acl-rule 1 76 +add acl-rule condition 1 76 src-port 3 +add acl-rule condition 1 76 frame-type ipv6 +add acl-rule condition 1 76 sip fc00::/7 +add acl-rule condition 1 76 dip fc00::/7 +add acl-rule action 1 76 redirect 7214 + +create acl-rule 1 77 +add acl-rule condition 1 77 src-port 4 +add acl-rule condition 1 77 frame-type ipv6 +add acl-rule condition 1 77 sip fc00::/7 +add acl-rule condition 1 77 dip fc00::/7 +add acl-rule action 1 77 redirect 7214 + +create acl-rule 1 80 +add acl-rule condition 1 80 src-glort 0x5801 +add acl-rule action 1 80 redirect 9293 + +create acl-rule 1 90 +add acl-rule condition 1 90 src-glort 0x5803 +add acl-rule condition 1 90 vlan 4000 +add acl-rule action 1 90 redirect 7220 +add acl-rule action 1 90 vlan 1 + +create acl-rule 1 91 +add acl-rule condition 1 91 src-glort 0x5803 +add acl-rule condition 1 91 vlan 4001 +add acl-rule action 1 91 redirect 7213 +add acl-rule action 1 91 vlan 1 + +create acl-rule 1 100 +add acl-rule condition 1 100 src-glort 0x5803 +add acl-rule action 1 100 redirect 9293 + +create acl-rule 1 101 +add acl-rule condition 1 101 src-port 1 +add acl-rule action 1 101 redirect 7216 +create acl-rule 1 102 +add acl-rule condition 1 102 src-port 2 +add acl-rule action 1 102 redirect 7216 +create acl-rule 1 103 +add acl-rule condition 1 103 src-port 3 +add acl-rule action 1 103 redirect 7216 +create acl-rule 1 104 +add acl-rule condition 1 104 src-port 4 +add acl-rule action 1 104 redirect 7216 + +create acl-rule 1 200 +add acl-rule condition 1 200 src-glort 0x5804 +add acl-rule action 1 200 redirect 6189 +create acl-rule 1 201 +add acl-rule condition 1 201 src-glort 0x5805 +add acl-rule action 1 201 redirect 5165 +create acl-rule 1 202 +add acl-rule condition 1 202 src-glort 0x5806 +add acl-rule action 1 202 redirect 4141 +create acl-rule 1 203 +add acl-rule condition 1 203 src-glort 0x5000 +add acl-rule action 1 203 redirect 7217 +create acl-rule 1 204 +add acl-rule condition 1 204 src-glort 0x4800 +add acl-rule action 1 204 redirect 7218 +create acl-rule 1 205 +add acl-rule condition 1 205 src-glort 0x4000 +add acl-rule action 1 205 redirect 7219 + +create acl-rule 1 301 +add acl-rule condition 1 301 src-glort 0x5807 +add acl-rule action 1 301 redirect 7216 +add acl-rule action 1 301 vlan 4000 + +create acl-rule 1 302 +add acl-rule condition 1 302 src-glort 0x5800 +add acl-rule action 1 302 redirect 7216 +add acl-rule action 1 302 vlan 4001 + +create acl-rule 1 401 +add acl-rule condition 1 401 src-glort 0x5001 +add acl-rule action 1 401 redirect 9325 +create acl-rule 1 402 +add acl-rule condition 1 402 src-glort 0x4801 +add acl-rule action 1 402 redirect 9325 +create acl-rule 1 403 +add acl-rule condition 1 403 src-glort 0x4001 +add acl-rule action 1 403 redirect 9325 + +apply acl +remote listen diff --git a/roles/switch_rule/tasks/main.yml b/roles/switch_rule/tasks/main.yml new file mode 100644 index 0000000..ac02628 --- /dev/null +++ b/roles/switch_rule/tasks/main.yml @@ -0,0 +1,5 @@ +- name: "copy switch_rule" + copy: + src: '{{ role_path }}/files/saved_startup' + dest: /usr/local/testpoint/perl/Config/libertyTrail/saved_startup + mode: 0755 diff --git a/roles/tsg_master/tasks/main.yml b/roles/tsg_master/tasks/main.yml index 971054e..0bdf91b 100644 --- a/roles/tsg_master/tasks/main.yml +++ b/roles/tsg_master/tasks/main.yml @@ -6,6 +6,6 @@ - name: "install tsg_master from localhost" yum: name: - - /tmp/ansible_deploy/tsg_master-3.3.11.e24de3c-2.el7.x86_64.rpm + - /tmp/ansible_deploy/tsg_master-3.3.12.099a9a4-2.el7.x86_64.rpm state: present skip_broken: yes diff --git a/tasks/reboot/reboot_adc_mcn_by_ssh.yml b/tasks/reboot/reboot_adc_mcn_by_ssh.yml index df3fc23..d901da3 100644 --- a/tasks/reboot/reboot_adc_mcn_by_ssh.yml +++ b/tasks/reboot/reboot_adc_mcn_by_ssh.yml @@ -9,4 +9,5 @@ - ssh 192.168.100.2 reboot - ssh 192.168.100.3 reboot - ssh 192.168.100.4 reboot + - reboot