1、增加cert-redis的安装包及task

2、同步修改deploy.yml
3、为tsgconf/main.conf增加一个kafka的动态配置
4、修改tfe.conf中mc_default_eth的动态配置变量
5、原certstore中的r2、r3文件含有dos字符，修复该问题

adc_tera_access/group_vars/all.yml

@@ -60,7 +60,6 @@ kni:
               enabled: 1
 tfe:
     nr_threads: 16
-    mc_cache_eth: ens1.100
     keykeeper:
         mode: "normal"
         no_cache: 0

deploy.yml

@@ -11,6 +11,7 @@
     - kni
     - firewall
     - certstore
+    - cert-redis
 
 - hosts: blade-01
   roles:

roles/cert-redis/files/cert-redis/cert-redis.service

@@ -0,0 +1,16 @@
+[Unit]
+Description=Redis persistent key-value database
+After=network.target
+After=network-online.target
+Wants=network-online.target
+
+[Service]
+ExecStart=/usr/local/bin/start-cert-redis
+ExecStop=killall redis-server
+Type=forking
+RuntimeDirectory=redis
+RuntimeDirectoryMode=0755
+
+[Install]
+WantedBy=multi-user.target
+

roles/cert-redis/files/cert-redis/install.sh

@@ -0,0 +1,6 @@
+#!/bin/bash
+#
+cp -rf redis-server /usr/local/bin/
+cp -rf redis-cli /usr/local/bin
+cp -rf cert-redis.service /usr/lib/systemd/system/
+cp -rf start-cert-redis /usr/local/bin

roles/cert-redis/files/cert-redis/start-cert-redis

@@ -0,0 +1,4 @@
+#!/bin/bash
+#
+
+/usr/local/bin/redis-server /home/ceiec/cert-redis/6379/6379.conf

roles/cert-redis/tasks/main.yml

@@ -0,0 +1,15 @@
+- name: "copy cert-redis to destination server"
+  copy:
+    src: "{{ role_path }}/files/"
+    dest: /home/tsg
+    mode: 0755
+
+- name: "install cert-redis"
+  shell: cd /home/tsg/cert-redis;sh install.sh
+
+- name: "start cert-redis"
+  systemd:
+    name: cert-redis.service
+    state: started
+    daemon_reload: yes
+    enabled: yes

roles/certstore/tasks/main.yml

@@ -4,26 +4,13 @@
     src: "{{ role_path }}/files/"
     dest: "/tmp/ansible_deploy/"
 
-#- name: "install redis"
-#  yum:
-#    name:
-#      - /tmp/ansible_deploy/jemalloc-3.6.0-1.el7.x86_64.rpm
-#      - /tmp/ansible_deploy/redis-3.2.12-2.el7.x86_64.rpm
-#    state: present
-
-#- name: "enable redis"
-#  systemd:
-#    name: redis
-#    enabled: yes
-#    state: started
-
 - name: Ensures /home/tsg exists
   file: path=/home/tsg state=directory
   tags: mkdir
 
 - name: install certstore
   unarchive:
-    src: "{{ role_path }}/files/certstore-base-online-20200108.tar.gz"
+    src: "{{ role_path }}/files/certstore-base-online-20200119.tar.gz"
     dest: /home/tsg
 
 - name: template certstore configure file

roles/sapp/tasks/main.yml

@@ -34,6 +34,12 @@
     dest: /home/mesasoft/sapp_run/etc/gdev.conf
   tags: template
   
+- name: Template the tsgconf/main.conf
+  template:
+    src: "{{ role_path }}/templates/main.conf.j2"
+    dest: /home/mesasoft/sapp_run/tsgconf/main.conf
+  tags: template
+
 - name: "enable sapp"
   systemd:
     name: sapp

roles/sapp/templates/main.conf.j2

@@ -0,0 +1,47 @@
+[FTP_PLUG]
+LOG_PATH=./tsglog/fw_ftp_plug/fw_ftp_plug
+LOG_LEVEL=10
+TIMEOUT=600
+[MAIL_PLUG]
+LOG_PATH=./tsglog/fw_mail_plug/fw_mail_plug
+LOG_LEVEL=10
+TIMEOUT=600
+[HTTP_PLUG]
+LOG_PATH=./tsglog/fw_http_plug/fw_http_plug
+LOG_LEVEL=10
+[DNS_PLUG]
+LOG_PATH=./tsglog/fw_dns_plug/fw_dns_plug
+LOG_LEVEL=10
+[MAAT]
+PROFILE=./tsgconf/maat.conf
+IP_ADDR_TABLE=TSG_OBJ_IP_ADDR
+SUBSCRIBER_ID_TABLE=TSG_OBJ_SUBSCRIBER_ID
+CB_SUBSCRIBER_IP_TABLE=TSG_DYN_SUBSCRIBER_IP
+
+[TSG_LOG]
+MODE=1
+NIC_NAME=enp8s0
+MAX_SERVICE=1
+LOG_LEVEL=10
+LOG_PATH=./tsglog/tsglog
+BROKER_LIST={{ log_kafkabrokers.address }}
+COMMON_FIELD_FILE=tsgconf/tsg_log_field.conf
+
+[STATISTIC]
+CYCLE=0
+TELEGRAF_PORT=8100
+TELEGRAF_IP=127.0.0.1
+OUTPUT_PATH=./tsg_statistic.log
+APP_NAME=statistic
+
+[FIELD_STAT]
+CYCLE=3
+TELEGRAF_PORT=8125
+TELEGRAF_IP=127.0.0.1
+OUTPUT_PATH=./tsg_stat.log
+APP_NAME=tsg_master
+
+[SYSTEM]
+LOG_LEVEL=10
+LOG_PATH=./tsglog/tsg_master
+POLICY_PRIORITY_LABEL=POLICY_PRIORITY

roles/tfe/templates/tfe.conf.j2

@@ -30,7 +30,7 @@ service_cache_expire_seconds=600
 # default 0
 mc_cache_enable=1
 # default eth0
-mc_cache_eth={{ tfe.mc_cache_eth }}
+mc_cache_eth={{ nic_inner_ctrl.name }}
 # default NULL
 mc_cache_broker_list={{ log_kafkabrokers.address }}
 # default PXY-EXCH-INTERMEDIA-CERT