diff --git a/.DS_Store b/.DS_Store new file mode 100644 index 0000000..f27c20a Binary files /dev/null and b/.DS_Store differ diff --git a/deploy.yml b/deploy.yml index 92a4304..3ab14c2 100644 --- a/deploy.yml +++ b/deploy.yml @@ -15,6 +15,7 @@ - clotho - certstore - cert-redis + - telegraf_statistic - hosts: blade-01 roles: @@ -53,3 +54,4 @@ - certstore - cert-redis - tfe + - telegraf_statistic diff --git a/install_config/group_vars/all.yml b/install_config/group_vars/all.yml index fce91b7..5947356 100644 --- a/install_config/group_vars/all.yml +++ b/install_config/group_vars/all.yml @@ -1,6 +1,10 @@ -######################################## +######################################### +#####0: Pcap; 1: Inline_device; 2: Allot; 3: ADC_Tun_mode; 4: ATCA; tsg_access_type: 0 +#####0: Tun_mode; 1: ADC; +tsg_runnning_type: 0 + ######################################## maat_redis_server: address: "192.168.40.168" @@ -67,6 +71,12 @@ mrzcpd: mrtunnat: lcore_id: 38 +nic_data_incoming: + name: enp1s0 + +VlanFlipping: + vlanID_1: 100 + vlanID_2: 101 ######################################## tsg_tun_mode: ethname: eth0 diff --git a/roles/.DS_Store b/roles/.DS_Store new file mode 100644 index 0000000..b3d2c07 Binary files /dev/null and b/roles/.DS_Store differ diff --git a/roles/clotho/templates/clotho.conf.j2 b/roles/clotho/templates/clotho.conf.j2 index 00d2316..399d0a3 100644 --- a/roles/clotho/templates/clotho.conf.j2 +++ b/roles/clotho/templates/clotho.conf.j2 @@ -2,7 +2,7 @@ BROKER_LIST={{ log_kafkabrokers.address }} [SYSTEM] -{% if tsg_access_type == 0 %} +{% if tsg_running_type == 0 %} NIC_NAME={{ tsg_tun_mode.ethname }} {% else %} NIC_NAME={{ nic_mgr.name }} diff --git a/roles/firewall/files/fw_http_plug-1.0.15.9cf2c79-2.el7.x86_64.rpm b/roles/firewall/files/fw_http_plug-1.0.15.9cf2c79-2.el7.x86_64.rpm new file mode 100755 index 0000000..be0b0e8 Binary files /dev/null and b/roles/firewall/files/fw_http_plug-1.0.15.9cf2c79-2.el7.x86_64.rpm differ diff --git a/roles/firewall/files/fw_http_plug-debuginfo-1.0.15.9cf2c79-2.el7.x86_64.rpm b/roles/firewall/files/fw_http_plug-debuginfo-1.0.15.9cf2c79-2.el7.x86_64.rpm deleted file mode 100755 index d49e501..0000000 Binary files a/roles/firewall/files/fw_http_plug-debuginfo-1.0.15.9cf2c79-2.el7.x86_64.rpm and /dev/null differ diff --git a/roles/firewall/tasks/main.yml b/roles/firewall/tasks/main.yml index acafa78..7421448 100644 --- a/roles/firewall/tasks/main.yml +++ b/roles/firewall/tasks/main.yml @@ -20,7 +20,7 @@ - /tmp/ansible_deploy/fw_ftp_plug-1.0.4.4a87a1e-2.el7.x86_64.rpm - /tmp/ansible_deploy/fw_ssl_plug-1.0.3.30fcf35-2.el7.x86_64.rpm - /tmp/ansible_deploy/fw_mail_plug-1.0.4.03e1b53-2.el7.x86_64.rpm - - /tmp/ansible_deploy/fw_http_plug-debuginfo-1.0.15.9cf2c79-2.el7.x86_64.rpm + - /tmp/ansible_deploy/fw_http_plug-1.0.15.9cf2c79-2.el7.x86_64.rpm - /tmp/ansible_deploy/capture_packet_plug-debug-1.0.0.-1.el7.x86_64.rpm - /tmp/ansible_deploy/clotho-debug-1.0.0.-1.el7.x86_64.rpm diff --git a/roles/firewall/templates/capture_packet_plug.conf.j2 b/roles/firewall/templates/capture_packet_plug.conf.j2 index aefa19f..8b4fd1c 100644 --- a/roles/firewall/templates/capture_packet_plug.conf.j2 +++ b/roles/firewall/templates/capture_packet_plug.conf.j2 @@ -15,7 +15,7 @@ INC_CFG_DIR=capture_packet_rule/inc/index/ FULL_CFG_DIR=capture_packet_rule/full/index/ [LOG] -{% if tsg_access_type == 0 %} +{% if tsg_runnning_type == 0 %} NIC_NAME={{ tsg_tun_mode.ethname }} {% else %} NIC_NAME={{ nic_mgr.name }} diff --git a/roles/firewall/templates/main.conf.j2 b/roles/firewall/templates/main.conf.j2 index 4538399..9077021 100644 --- a/roles/firewall/templates/main.conf.j2 +++ b/roles/firewall/templates/main.conf.j2 @@ -24,7 +24,7 @@ IP_ADDR_TABLE=TSG_SECURITY_ADDR [TSG_LOG] MODE=1 -{% if tsg_access_type == 0 %} +{% if tsg_running_type == 0 %} NIC_NAME={{ tsg_tun_mode.ethname }} {% else %} NIC_NAME={{ nic_mgr.name }} @@ -36,7 +36,7 @@ BROKER_LIST={{ log_kafkabrokers.address }} COMMON_FIELD_FILE=tsgconf/tsg_log_field.conf [STATISTIC] -CYCLE=0 +CYCLE=1 TELEGRAF_PORT=8100 TELEGRAF_IP=127.0.0.1 OUTPUT_PATH=./tsg_statistic.log diff --git a/roles/framework/.DS_Store b/roles/framework/.DS_Store new file mode 100644 index 0000000..0070367 Binary files /dev/null and b/roles/framework/.DS_Store differ diff --git a/roles/kni/templates/kni.conf.j2 b/roles/kni/templates/kni.conf.j2 index 9d0ba36..0d867c7 100644 --- a/roles/kni/templates/kni.conf.j2 +++ b/roles/kni/templates/kni.conf.j2 @@ -2,12 +2,12 @@ log_path = ./log/kni/kni.log log_level = {{ kni.global.log_level }} tfe_node_count = {{ kni.global.tfe_node_count }} -{% if tsg_access_type == 0 %} +{% if tsg_running_type == 0 %} manage_eth = {{ tsg_tun_mode.ethname }} {% else %} manage_eth = {{ nic_mgr.name }} {% endif %} -{% if tsg_access_type == 0 %} +{% if tsg_running_type == 0 %} deploy_mode = tun {% else %} deploy_mode = normal @@ -15,7 +15,7 @@ deploy_mode = normal tun_name = tun_kni src_mac_addr = 00:0e:c6:d6:72:c1 dst_mac_addr = fe:65:b7:03:50:bd -{% if tsg_access_type == 0 %} +{% if tsg_running_type == 0 %} {% else %} [tfe0] enabled = 1 @@ -34,7 +34,7 @@ ip_addr = 192.168.100.4 {% endif %} [tfe_cmsg_receiver] -{% if tsg_access_type == 0 %} +{% if tsg_running_type == 0 %} listen_eth = {{ tsg_tun_mode.tun_name }} {% else %} listen_eth = {{ nic_inner_ctrl.name }} @@ -43,7 +43,7 @@ listen_port = 2475 [watch_dog] switch = {{ kni.watch_dog.switch }} -{% if tsg_access_type == 0 %} +{% if tsg_running_type == 0 %} listen_eth = {{ tsg_tun_mode.tun_name }} {% else %} listen_eth = {{ nic_inner_ctrl.name }} diff --git a/roles/mrzcpd/.DS_Store b/roles/mrzcpd/.DS_Store new file mode 100644 index 0000000..9c4f059 Binary files /dev/null and b/roles/mrzcpd/.DS_Store differ diff --git a/roles/mrzcpd/tasks/main.yml b/roles/mrzcpd/tasks/main.yml index 68bf3cc..29bc6af 100644 --- a/roles/mrzcpd/tasks/main.yml +++ b/roles/mrzcpd/tasks/main.yml @@ -52,6 +52,15 @@ - nic_traffic_mirror is not defined - tsg_access_type == 3 + +- name: "update mrglobal.conf.ATCA_40G - blade00" + template: + src: "{{ role_path }}/templates/mrglobal.conf.ATCA_40G.j2" + dest: /opt/mrzcpd/etc/mrglobal.conf + when: + - nic_traffic_mirror is not defined + - tsg_access_type == 4 + - name: "update mrtunnat.conf.inline - blade00" template: src: "{{ role_path }}/templates/mrtunnat.conf.inline.j2" @@ -76,24 +85,38 @@ - nic_traffic_mirror is not defined - tsg_access_type == 3 +- name: "update mrtunnat.conf.ATCA_40G - blade00" + template: + src: "{{ role_path }}/templates/mrtunnat.conf.ATCA_40G.j2" + dest: /opt/mrzcpd/etc/mrtunnat.conf + when: + - nic_traffic_mirror is not defined + - tsg_access_type == 4 + - name: "enable mrenv" systemd: name: mrenv enabled: yes daemon_reload: yes + when: + - tsg_access_type != 0 - name: "enable mrzcpd" systemd: name: mrzcpd enabled: yes daemon_reload: yes + when: + - tsg_access_type != 0 - name: "enable mrtunnat on master" systemd: name: mrtunnat enabled: yes daemon_reload: yes - when: nic_traffic_mirror is not defined + when: + - nic_traffic_mirror is not defined + - tsg_access_type != 0 - name: "disable mrtunnat on slave" systemd: diff --git a/roles/mrzcpd/templates/mrglobal.conf.ATCA_40G.j2 b/roles/mrzcpd/templates/mrglobal.conf.ATCA_40G.j2 new file mode 100644 index 0000000..3f02cb8 --- /dev/null +++ b/roles/mrzcpd/templates/mrglobal.conf.ATCA_40G.j2 @@ -0,0 +1,45 @@ +[device] +device={{nic_data_incoming.name}},vxlan_user,vxlan_fwd +sz_tunnel=8192 +sz_buffer=0 + +[device:{{nic_data_incoming.name}}] +jumbo_frame=1 +max_rx_pkt_len=4096 +clear_tx_flags=1 +vlan-filter=1 +vlan-strip=1 +vlan-id-allow={{ VlanFlipping.vlanID_1 }},{{ VlanFlipping.vlanID_2 }} +vlan-pvid=0 +vlan-pvid-mode=2 + +[service] +# lcore id for i/o service, use comma to split +iocore={{ mrzcpd.iocore }} +distmode=2 +hashmode=0 + +[eal] +virtaddr=0x7f40c4a00000 +loglevel=7 + +[keepalive] +check_spinlock=0 + +[ctrlzone] +ctrlzone0=tunnat,64 + +[pool] +create_mode=3 +sz_direct_pktmbuf=4194304 +sz_indirect_pktmbuf=8192 +sz_cache=256 +sz_data=4096 + +[forward] +nr_forward_rule=4 +forward_rule_0=pv,{{nic_data_incoming.name}},{{nic_data_incoming.name}} +forward_rule_1=vp,{{nic_data_incoming.name}},{{nic_data_incoming.name}} +forward_rule_2=vv,vxlan_fwd,vxlan_user +forward_rule_3=vv,vxlan_user,vxlan_fwd + diff --git a/roles/mrzcpd/templates/mrtunnat.conf.ATCA_40G.j2 b/roles/mrzcpd/templates/mrtunnat.conf.ATCA_40G.j2 new file mode 100644 index 0000000..8513cc7 --- /dev/null +++ b/roles/mrzcpd/templates/mrtunnat.conf.ATCA_40G.j2 @@ -0,0 +1,19 @@ +[tunnat] +lcore_id={{ mrtunnat.lcore_id }} +appsym=tunnat +phydev={{nic_data_incoming.name}} +virtdev=vxlan_fwd +nr_max_sessions=524280 +nr_slots=1048576 +expire_time=60 +reverse_tunnel=0 +use_recent_tunnel=0 +use_tuple4_as_sskey=1 +ctrlzone_addr_info_type=2 + +[vlan_flipping] +enable=1 +c_router_vlan_id_0={{ VlanFlipping.vlanID_1 }} +i_router_vlan_id_0={{ VlanFlipping.vlanID_2 }} +en_mac_flipping_0=0 + diff --git a/roles/sapp/.DS_Store b/roles/sapp/.DS_Store new file mode 100644 index 0000000..9c4f059 Binary files /dev/null and b/roles/sapp/.DS_Store differ diff --git a/roles/sapp/tasks/main.yml b/roles/sapp/tasks/main.yml index 7f76b3a..9261321 100644 --- a/roles/sapp/tasks/main.yml +++ b/roles/sapp/tasks/main.yml @@ -40,6 +40,13 @@ dest: /home/mesasoft/sapp_run/etc/gdev.conf when: tsg_access_type == 1 + +- name: "copy sapp.service destination server" + copy: + src: "{{ role_path }}/files/sapp.service" + dest: /usr/lib/systemd/system/ + mode: 0755 + - name: "enable sapp" systemd: name: sapp diff --git a/roles/sapp/templates/sapp.toml.j2 b/roles/sapp/templates/sapp.toml.j2 index d8c18e4..dc037df 100644 --- a/roles/sapp/templates/sapp.toml.j2 +++ b/roles/sapp/templates/sapp.toml.j2 @@ -9,13 +9,13 @@ instance_name = "sapp4" [CPU] -{% if tsg_access_type == 0 %} +{% if tsg_running_type == 0 %} worker_threads=1 {% else %} worker_threads={{ sapp.worker_threads }} {% endif %} ### note, bind_mask, if you do not want to bind thread to special CPU core, keep it empty as [] -{% if tsg_access_type == 0 %} +{% if tsg_running_type == 0 %} bind_mask=[] {% else %} bind_mask=[{{ sapp.bind_mask }}] diff --git a/roles/telegraf/tasks/main.yml b/roles/telegraf/tasks/main.yml deleted file mode 100644 index 973e80f..0000000 --- a/roles/telegraf/tasks/main.yml +++ /dev/null @@ -1,22 +0,0 @@ -- name: "copy telegraf.rpm to destination server" - copy: - src: "{{ role_path }}/files/" - dest: /tmp - -- name: "install telegraf" - yum: - name: - - /tmp/telegraf-1.13.0-1.x86_64.rpm - state: present - -- name: "Templates telegraf.conf" - template: - src: "{{role_path}}/templates/telegraf.conf.j2" - dest: /etc/telegraf/telegraf.conf - tags: template - -- name: "Start telegraf" - systemd: - name: telegraf.service - state: restarted - enabled: yes diff --git a/roles/telegraf/files/telegraf-1.13.0-1.x86_64.rpm b/roles/telegraf_statistic/files/telegraf-1.13.0-1.x86_64.rpm similarity index 100% rename from roles/telegraf/files/telegraf-1.13.0-1.x86_64.rpm rename to roles/telegraf_statistic/files/telegraf-1.13.0-1.x86_64.rpm diff --git a/roles/telegraf_statistic/files/telegraf_statistic.service b/roles/telegraf_statistic/files/telegraf_statistic.service new file mode 100755 index 0000000..5d67868 --- /dev/null +++ b/roles/telegraf_statistic/files/telegraf_statistic.service @@ -0,0 +1,16 @@ +[Unit] +Description=Statistic information +Documentation=https://github.com/influxdata/telegraf +After=network.target + +[Service] +EnvironmentFile=-/etc/default/telegraf +User=telegraf +ExecStart=/usr/bin/telegraf -config /etc/telegraf/telegraf_statistic.conf -config-directory /etc/telegraf/telegraf_statistic.d $TELEGRAF_OPTS +ExecReload=/bin/kill -HUP $MAINPID +Restart=on-failure +RestartForceExitStatus=SIGPIPE +KillMode=control-group + +[Install] +WantedBy=multi-user.target diff --git a/roles/telegraf_statistic/tasks/main.yml b/roles/telegraf_statistic/tasks/main.yml new file mode 100644 index 0000000..dd143e2 --- /dev/null +++ b/roles/telegraf_statistic/tasks/main.yml @@ -0,0 +1,28 @@ +- name: "copy telegraf.rpm to destination server" + copy: + src: "{{ role_path }}/files/telegraf-1.13.0-1.x86_64.rpm" + dest: /tmp + +- name: "install telegraf" + yum: + name: + - /tmp/telegraf-1.13.0-1.x86_64.rpm + state: present + +- name: "Templates telegraf.conf" + template: + src: "{{role_path}}/templates/telegraf_statistic.conf.j2" + dest: /etc/telegraf/telegraf_statistic.conf + tags: template + +- name: "copy telegraf_statistic.service to destination server" + copy: + src: "{{ role_path }}/files/telegraf_statistic.service" + dest: /usr/lib/systemd/system + chmod: 0755 + +- name: "Start telegraf" + systemd: + name: telegraf_statistic.service + state: started + enabled: yes diff --git a/roles/telegraf_statistic/templates/telegraf_statistic.conf.j2 b/roles/telegraf_statistic/templates/telegraf_statistic.conf.j2 new file mode 100755 index 0000000..c89150b --- /dev/null +++ b/roles/telegraf_statistic/templates/telegraf_statistic.conf.j2 @@ -0,0 +1,29 @@ +[global_tags] +[agent] + interval = "30s" + round_interval = true + metric_batch_size = 1000 + metric_buffer_limit = 10000 + collection_jitter = "0s" + flush_interval = "10s" + flush_jitter = "0s" + precision = "" + debug = false + quiet = false + logfile = "" + hostname = "" + omit_hostname = false + [[outputs.file]] + files = ["stdout", "/tmp/metrics.out"] + data_format = "json" + [[outputs.kafka]] + brokers = ["{{ log_kafkabrokers.address }}"] + topic = "TRAFFIC-METRICS-LOG" + data_format = "json" + [[outputs.prometheus_client]] + listen = ":9273" + path = "/metrics" + [[inputs.tcp_listener]] + [[inputs.udp_listener]] +ServiceAddress= ":8100" +data_format = "influx" diff --git a/roles/tfe/templates/pangu_pxy.conf.j2 b/roles/tfe/templates/pangu_pxy.conf.j2 index eb279b2..1e442f9 100644 --- a/roles/tfe/templates/pangu_pxy.conf.j2 +++ b/roles/tfe/templates/pangu_pxy.conf.j2 @@ -2,7 +2,7 @@ log_level=30 [log] -{% if tsg_access_type == 0 %} +{% if tsg_running_type == 0 %} nic_name={{ tsg_tun_mode.ethname }} {% else %} nic_name={{ nic_mgr.name }} diff --git a/roles/tfe/templates/tfe-env-config.j2 b/roles/tfe/templates/tfe-env-config.j2 index 700742b..4c163f6 100644 --- a/roles/tfe/templates/tfe-env-config.j2 +++ b/roles/tfe/templates/tfe-env-config.j2 @@ -1,4 +1,4 @@ -{% if tsg_access_type == 0 %} +{% if tsg_running_type == 0 %} TFE_DEVICE_DATA_INCOMING=tun_kni {% else %} TFE_DEVICE_DATA_INCOMING={{ nic_data_incoming.name }} @@ -8,7 +8,7 @@ TFE_PEER_MAC_DATA_INCOMING=aa:bb:cc:dd:ee:ff TFE_LOCAL_IP_DATA_INCOMING=172.16.241.2 TFE_PEER_IP_DATA_INCOMING=172.16.241.1 -{% if tsg_access_type == 0 %} +{% if tsg_running_type == 0 %} TFE_WATCHDOG_DEVICE={{ tsg_tun_mode.tun_name }} TFE_WATCHDOG_IP=192.168.100.1 {% endif %} diff --git a/roles/tfe/templates/tfe.conf.j2 b/roles/tfe/templates/tfe.conf.j2 index 5dfe34d..a6bb455 100644 --- a/roles/tfe/templates/tfe.conf.j2 +++ b/roles/tfe/templates/tfe.conf.j2 @@ -31,7 +31,7 @@ service_cache_expire_seconds=600 # default 0 mc_cache_enable=1 # default eth0 -{% if tsg_access_type == 0 %} +{% if tsg_running_type == 0 %} mc_cache_eth={{ tsg_tun_mode.tun_name }} {% else %} mc_cache_eth={{ nic_inner_ctrl.name }} @@ -56,7 +56,7 @@ enable_health_check=0 passthrough_all_tcp=0 [traffic_mirror] -{% if tsg_access_type == 0 %} +{% if tsg_running_type == 0 %} device=lo {% else %} device={{ nic_traffic_mirror.name }}