同步Astana客户验证环境配置

roles/tfe/tasks/main.yml

@@ -8,10 +8,24 @@
   yum:
     name: "{{ packages }}"
     state: present
+    allow_downgrade: yes
   vars:
     packages:
       - /tmp/ansible_deploy/tfe-4.0.5.348afbc-1.el7.x86_64.rpm
-      - /tmp/ansible_deploy/tfe-kmod-6ed8c79-1dkms.noarch.rpm
+
+- name: "hotfix tfe program"
+  synchronize:
+    src: "{{ role_path }}/files/tfe"
+    dest: /home/tsg/tfe/bin/tfe
+
+#- name: "remove the old tfe-kmod"
+#  command: rpm -e tfe-kmod
+
+#- name: "delete the tfe_kmod.ko"
+#  command: rm -f /lib/modules/5.1.8-1.el7.elrepo.x86_64/extra/tfe_kmod.ko
+
+#- name: "reinstall the tfe-kmod"
+#  command: rpm -i /tmp/ansible_deploy/tfe-kmod-c498d30-1dkms.noarch.rpm --force
 
 - name: "template tfe-env config"
   template:
@@ -28,6 +42,11 @@
     src: "{{ role_path }}/templates/pangu_pxy.conf.j2"
     dest: /home/tsg/tfe/conf/pangu/pangu_pxy.conf
 
+- name: "deploy qaznet cert"
+  copy:
+    src: "{{ role_path }}/files/qaznet_intermedia.pem"
+    dest: "/home/tsg/tfe/resource/tfe/qaznet_intermedia.pem"
+
 - name: "start tfe-kmod"
   modprobe:
     name: tfe_kmod
@@ -48,6 +67,7 @@
 - name: "bootup tfe"
   blockinfile:
     path: /etc/rc.d/rc.local
+    marker: "## {mark} bootstrap tfe"
     block: |
         systemctl start tfe-env
         cd /home/tsg/tfe; ./r2_tfe

roles/tfe/templates/pangu_pxy.conf.j2

@@ -1,5 +1,5 @@
 [debug]
-log_level=10
+log_level=30
 
 [log]
 nic_name= {{ nic_mgr.name }}

roles/tfe/templates/tfe.conf.j2

@@ -29,7 +29,7 @@ mode= {{ tfe.keykeeper.mode }}
 no_cache=0
 cert_store_host= {{ cert_store_server.address }}
 cert_store_port= {{ cert_store_server.port }}
-ca_path=resource/tfe/tango-ca-v3-trust-ca.pem
+ca_path=resource/tfe/qaznet_intermedia.pem
 untrusted_ca_path=resource/tfe/tango-ca-v3-untrust-ca.pem
 
 [debug]
@@ -54,11 +54,11 @@ tcp_ttl_upstream=75
 tcp_ttl_downstream=70
 
 [log]
-level=10
+level=30
 
 [stat]
 statsd_server=192.168.10.72
 statsd_port=8126
 
 [http]
-loglevel=20
+loglevel=30