diff --git a/clear_redis_cache.yml b/clear_redis_cache.yml index a6e147e..64599e8 100644 --- a/clear_redis_cache.yml +++ b/clear_redis_cache.yml @@ -4,5 +4,3 @@ command: "killall certstore" - name: "clear redis cache" command: "redis-cli flushdb" - - name: "killall sapp" - command: "killall sapp" diff --git a/env-prod-astana/group_vars/all.yml b/env-prod-astana/group_vars/all.yml new file mode 100644 index 0000000..b16150a --- /dev/null +++ b/env-prod-astana/group_vars/all.yml @@ -0,0 +1,62 @@ +maat_redis_server: + address: "10.4.35.1" + port: 6379 + db: 0 + +dynamic_maat_redis_server: + address: "10.4.35.1" + port: 6379 + db: 1 + +cert_store_server: + address: "192.168.100.1" + port: 9991 + +log_kafkabrokers: + address: "10.4.35.7:9092,10.4.35.8:9092,10.4.35.9:9092,10.4.35.10:9092,10.4.35.11:9092" + +log_minio: + address: "10.4.35.1;" + port: 9000 + +fs_remote: + switch: 1 + address: "192.168.100.1" + port: 58125 + +nic_transparent_mode: + enable: 0 + +run_as_tun_mode: 0 +package_source: "local" + +kni: + global: + log_level: 10 + tfe_node_count: 3 + watch_dog: + switch: 1 + maat: + readconf_mode: 2 + send_logger: + switch: 1 + tfe_nodes: + - tfe0: + enabled: 1 + - tfe1: + enabled: 1 + - tfe2: + enabled: 1 +tfe: + nr_threads: 16 + keykeeper: + mode: "normal" + no_cache: 0 + +mrzcpd: + iocore: 55 + +mrtunnat: + lcore_id: 54 + + diff --git a/env-prod-astana/group_vars/blade-00.yml b/env-prod-astana/group_vars/blade-00.yml new file mode 100644 index 0000000..2c7bc37 --- /dev/null +++ b/env-prod-astana/group_vars/blade-00.yml @@ -0,0 +1,14 @@ +nic_mgr: + name: enp7s0 +nic_data_incoming: + name: ens1f4 + address: 127.0.0.1 +nic_inner_ctrl: + name: ens1.100 +nic_to_tfe: + tfe0: + name: ens1f5 + tfe1: + name: ens1f6 + tfe2: + name: ens1f7 diff --git a/env-prod-astana/group_vars/blade-01.yml b/env-prod-astana/group_vars/blade-01.yml new file mode 100644 index 0000000..efc5463 --- /dev/null +++ b/env-prod-astana/group_vars/blade-01.yml @@ -0,0 +1,11 @@ +nic_mgr: + name: enp7s0 +nic_data_incoming: + name: ens1f1 + mac: AA:BB:CC:DD:EE:FF + address: 127.0.0.1 +nic_inner_ctrl: + name: ens1.100 +nic_traffic_mirror: + name: ens1f2 + use_mrzcpd: 1 diff --git a/env-prod-astana/group_vars/blade-02.yml b/env-prod-astana/group_vars/blade-02.yml new file mode 100644 index 0000000..4c54026 --- /dev/null +++ b/env-prod-astana/group_vars/blade-02.yml @@ -0,0 +1,10 @@ +nic_mgr: + name: enp7s0 +nic_data_incoming: + name: ens8f1 + mac: AA:BB:CC:DD:EE:FF +nic_inner_ctrl: + name: ens8.100 +nic_traffic_mirror: + name: ens8f2 + use_mrzcpd: 1 diff --git a/env-prod-astana/group_vars/blade-03.yml b/env-prod-astana/group_vars/blade-03.yml new file mode 100644 index 0000000..4c54026 --- /dev/null +++ b/env-prod-astana/group_vars/blade-03.yml @@ -0,0 +1,10 @@ +nic_mgr: + name: enp7s0 +nic_data_incoming: + name: ens8f1 + mac: AA:BB:CC:DD:EE:FF +nic_inner_ctrl: + name: ens8.100 +nic_traffic_mirror: + name: ens8f2 + use_mrzcpd: 1 diff --git a/env-prod-astana/hosts.astana b/env-prod-astana/hosts similarity index 67% rename from env-prod-astana/hosts.astana rename to env-prod-astana/hosts index 9936e2c..2e3cda9 100644 --- a/env-prod-astana/hosts.astana +++ b/env-prod-astana/hosts @@ -1,76 +1,100 @@ -[all:vars] -ansible_user=root - -[blade-mxn] -10.4.164.23 -#10.4.164.24 -10.4.164.25 -10.4.164.26 -10.4.164.27 -10.4.164.28 -10.4.164.29 - -[blade-00] -10.4.39.9 -#10.4.39.13 -10.4.39.17 -10.4.39.21 -10.4.39.25 -10.4.39.29 -10.4.39.33 - -[blade-01] -10.4.39.10 -#10.4.39.14 -10.4.39.18 -10.4.39.22 -10.4.39.26 -10.4.39.30 -10.4.39.34 - -[blade-02] -10.4.39.11 -#10.4.39.15 -10.4.39.19 -10.4.39.23 -10.4.39.27 -10.4.39.31 -10.4.39.35 - -[blade-03] -10.4.39.12 -#10.4.39.16 -10.4.39.20 -10.4.39.24 -10.4.39.28 -10.4.39.32 -10.4.39.36 - -[astana-adc-3] -10.4.39.9 -10.4.39.10 -10.4.39.11 -10.4.39.12 - -[astana-adc-9] -10.4.39.33 -10.4.39.34 -10.4.39.35 -10.4.39.36 - -[control-blade-all:children] -blade-01 -blade-02 -blade-03 - -[certstore] -10.4.35.1 ansible_user=tsg - - -[Functional_Host:children] -blade-00 -blade-01 -blade-02 -blade-03 - - +[all:vars] +ansible_user=root + +[blade-mxn] +10.4.164.23 +#10.4.164.24 +10.4.164.25 +10.4.164.26 +10.4.164.27 +10.4.164.28 +10.4.164.29 + +[blade-00] +10.4.39.9 +#10.4.39.13 +10.4.39.17 +10.4.39.21 +10.4.39.25 +10.4.39.29 +10.4.39.33 + +[blade-01] +10.4.39.10 +#10.4.39.14 +10.4.39.18 +10.4.39.22 +10.4.39.26 +10.4.39.30 +10.4.39.34 + +[blade-02] +10.4.39.11 +#10.4.39.15 +10.4.39.19 +10.4.39.23 +10.4.39.27 +10.4.39.31 +10.4.39.35 + +[blade-03] +10.4.39.12 +#10.4.39.16 +10.4.39.20 +10.4.39.24 +10.4.39.28 +10.4.39.32 +10.4.39.36 + +[astana-adc-3] +10.4.164.23 +10.4.39.9 +10.4.39.10 +10.4.39.11 +10.4.39.12 + +[astana-adc-5] +10.4.164.25 +10.4.39.17 +10.4.39.18 +10.4.39.19 +10.4.39.20 + +[astana-adc-6] +10.4.164.26 +10.4.39.21 +10.4.39.22 +10.4.39.23 +10.4.39.24 + +[astana-adc-7] +10.4.164.27 +10.4.39.25 +10.4.39.26 +10.4.39.27 +10.4.39.28 + +[astana-adc-8] +10.4.164.28 +10.4.39.29 +10.4.39.30 +10.4.39.31 +10.4.39.32 + +[astana-adc-9] +10.4.164.29 +10.4.39.33 +10.4.39.34 +10.4.39.35 +10.4.39.36 + +[Functional_Host:children] +blade-00 +blade-01 +blade-02 +blade-03 + +[Slave_Host:children] +blade-01 +blade-02 +blade-03 diff --git a/rc.local b/rc.local new file mode 100644 index 0000000..a7e0ad2 --- /dev/null +++ b/rc.local @@ -0,0 +1,13 @@ +#!/bin/bash +# THIS FILE IS ADDED FOR COMPATIBILITY PURPOSES +# +# It is highly advisable to create own systemd services or udev rules +# to run scripts during boot instead of using this file. +# +# In contrast to previous versions due to parallel execution during boot +# this script will NOT be run after all other services. +# +# Please note that you must run 'chmod +x /etc/rc.d/rc.local' to ensure +# that this script will be executed during boot. + +touch /var/lock/subsys/local diff --git a/remove_ansible_block.yml b/remove_ansible_block.yml deleted file mode 100644 index 7d8e531..0000000 --- a/remove_ansible_block.yml +++ /dev/null @@ -1,6 +0,0 @@ -- hosts: all - tasks: - - name: "remove all ansible manange block" - blockinfile: - dest: "/etc/rc.d/rc.local" - state: absent diff --git a/roles/certstore/tasks/main.yml b/roles/certstore/tasks/main.yml index bbc7878..371d3aa 100644 --- a/roles/certstore/tasks/main.yml +++ b/roles/certstore/tasks/main.yml @@ -4,18 +4,18 @@ src: "{{ role_path }}/files/" dest: "/tmp/ansible_deploy/" -- name: "install redis" - yum: - name: - - /tmp/ansible_deploy/jemalloc-3.6.0-1.el7.x86_64.rpm - - /tmp/ansible_deploy/redis-3.2.12-2.el7.x86_64.rpm - state: present +#- name: "install redis" +# yum: +# name: +# - /tmp/ansible_deploy/jemalloc-3.6.0-1.el7.x86_64.rpm +# - /tmp/ansible_deploy/redis-3.2.12-2.el7.x86_64.rpm +# state: present -- name: "enable redis" - systemd: - name: redis - enabled: yes - state: started +#- name: "enable redis" +# systemd: +# name: redis +# enabled: yes +# state: started - name: Ensures /home/tsg exists file: path=/home/tsg state=directory diff --git a/roles/mrzcpd/files/mrzcpd-4.3.15.7b8ad9e-1.el7.x86_64.rpm b/roles/mrzcpd/files/mrzcpd-4.3.15.7b8ad9e-1.el7.x86_64.rpm new file mode 100644 index 0000000..4efb1cd Binary files /dev/null and b/roles/mrzcpd/files/mrzcpd-4.3.15.7b8ad9e-1.el7.x86_64.rpm differ diff --git a/roles/mrzcpd/tasks/main.yml b/roles/mrzcpd/tasks/main.yml index 582b638..6d7a116 100644 --- a/roles/mrzcpd/tasks/main.yml +++ b/roles/mrzcpd/tasks/main.yml @@ -6,7 +6,7 @@ - name: "install mrzcpd" yum: - name: /tmp/ansible_deploy/mrzcpd-4.3.14.79e262c-1.el7.x86_64.rpm + name: /tmp/ansible_deploy/mrzcpd-4.3.15.7b8ad9e-1.el7.x86_64.rpm state: present - name: "update sysconfig/mrzcpd" @@ -37,25 +37,38 @@ name: mrenv enabled: yes daemon_reload: yes - when: nic_traffic_mirror.use_mrzcpd == 1 -- name: "mask mrenv" - systemd: - name: mrenv - masked: yes - daemon_reload: yes - when: nic_traffic_mirror.use_mrzcpd == 0 +#- name: "mask mrenv" +# systemd: +# name: mrenv +# masked: yes +# daemon_reload: yes +# when: nic_traffic_mirror.use_mrzcpd == 0 - name: "enable mrzcpd" systemd: name: mrzcpd - enabled: yes + enabled: 1 daemon_reload: yes - when: nic_traffic_mirror.use_mrzcpd == 1 -- name: "mask mrzcpd" +- name: "enable mrtunnat on master" systemd: - name: mrzcpd - masked: yes + name: mrtunnat + enabled: 1 daemon_reload: yes - when: nic_traffic_mirror.use_mrzcpd == 0 + when: nic_traffic_mirror is not defined + +- name: "disable mrtunnat on slave" + systemd: + name: mrtunnat + enabled: 0 + daemon_reload: yes + when: nic_traffic_mirror is defined + + +#- name: "mask mrzcpd" +# systemd: +# name: mrzcpd +# masked: yes +# daemon_reload: yes +# when: nic_traffic_mirror.use_mrzcpd == 0 diff --git a/roles/mrzcpd/templates/mrglobal.conf.inline.j2 b/roles/mrzcpd/templates/mrglobal.conf.inline.j2 index 1ee36b6..10b534d 100644 --- a/roles/mrzcpd/templates/mrglobal.conf.inline.j2 +++ b/roles/mrzcpd/templates/mrglobal.conf.inline.j2 @@ -17,7 +17,7 @@ jumbo_frame=1 max_rx_pkt_len=15360 clear_tx_flags=1 vlan-filter=1 -vlan-id-allow=1301,1302,2301,2302,1501,1502,2501,2502,1601,1602,2601,2602,1701,1702,2701,2702,1801,1802,2801,2802,1901,1902,2901,2902 +vlan-id-allow=3811,3812,3813,3814,3821,3822,3823,3824,3831,3832,3833,3834,3841,3842,3843,3844 vlan-pvid=0 vlan-pvid-mode=0 diff --git a/roles/mrzcpd/templates/mrglobal.conf.traffic_mirror.j2 b/roles/mrzcpd/templates/mrglobal.conf.traffic_mirror.j2 index ce34535..06dd785 100644 --- a/roles/mrzcpd/templates/mrglobal.conf.traffic_mirror.j2 +++ b/roles/mrzcpd/templates/mrglobal.conf.traffic_mirror.j2 @@ -1,7 +1,7 @@ [device] -device={{nic_traffic_mirror.name}} +device=fake sz_tunnel=8192 -sz_buffer=32 +sz_buffer=0 [device:{{nic_traffic_mirror.name}}] jumbo_frame=1 @@ -24,4 +24,4 @@ create_mode=3 sz_direct_pktmbuf=4194304 sz_indirect_pktmbuf=8192 sz_cache=256 -sz_data=4096 \ No newline at end of file +sz_data=4096 diff --git a/roles/mrzcpd/templates/mrtunnat.conf.inline.j2 b/roles/mrzcpd/templates/mrtunnat.conf.inline.j2 index 2e2b67c..3883aba 100644 --- a/roles/mrzcpd/templates/mrtunnat.conf.inline.j2 +++ b/roles/mrzcpd/templates/mrtunnat.conf.inline.j2 @@ -9,30 +9,23 @@ expire_time=60 reverse_tunnel=0 use_recent_tunnel=0 use_tuple4_as_sskey=1 +ctrlzone_addr_info_type=2 [vlan_flipping] enable=1 -c_router_vlan_id_0=1301 -i_router_vlan_id_0=1302 -c_router_vlan_id_1=2301 -i_router_vlan_id_1=2302 -c_router_vlan_id_2=1501 -i_router_vlan_id_2=1502 -c_router_vlan_id_3=2501 -i_router_vlan_id_3=2502 -c_router_vlan_id_4=1601 -i_router_vlan_id_4=1602 -c_router_vlan_id_5=2601 -i_router_vlan_id_5=2602 -c_router_vlan_id_6=1701 -i_router_vlan_id_6=1702 -c_router_vlan_id_7=2701 -i_router_vlan_id_7=2702 -c_router_vlan_id_8=1801 -i_router_vlan_id_8=1802 -c_router_vlan_id_9=2801 -i_router_vlan_id_9=2802 -c_router_vlan_id_10=1901 -i_router_vlan_id_10=1902 -c_router_vlan_id_11=2901 -i_router_vlan_id_11=2902 +c_router_vlan_id_0=3811 +i_router_vlan_id_0=3812 +c_router_vlan_id_1=3813 +i_router_vlan_id_1=3814 +c_router_vlan_id_2=3821 +i_router_vlan_id_2=3822 +c_router_vlan_id_3=3823 +i_router_vlan_id_3=3824 +c_router_vlan_id_4=3831 +i_router_vlan_id_4=3832 +c_router_vlan_id_5=3833 +i_router_vlan_id_5=3834 +c_router_vlan_id_6=3841 +i_router_vlan_id_6=3842 +c_router_vlan_id_7=3843 +i_router_vlan_id_7=3844 diff --git a/roles/tfe/tasks/main.yml b/roles/tfe/tasks/main.yml index f6eb7a5..1893f71 100644 --- a/roles/tfe/tasks/main.yml +++ b/roles/tfe/tasks/main.yml @@ -30,11 +30,27 @@ src: "{{ role_path }}/templates/tfe.conf.j2" dest: /opt/tsg/tfe/conf/tfe/tfe.conf +- name: "template the future.conf" + template: + src: "{{ role_path }}/templates/future.conf.j2" + dest: /opt/tsg/tfe/conf/tfe/future.conf + - name: "template the pangu_pxy.conf" template: src: "{{ role_path }}/templates/pangu_pxy.conf.j2" dest: /opt/tsg/tfe/conf/pangu/pangu_pxy.conf +- name: "create a override conf - first step, create dir" + file: + path: /etc/systemd/system/tfe.service.d/ + state: directory + mode: '0755' + +- name: "create a override conf - second step, copy a override service file" + template: + src: "{{ role_path }}/templates/require-mrzcpd.conf.j2" + dest: /etc/systemd/system/tfe.service.d/require-mrzcpd.conf + - name: "enable tfe-env" systemd: name: tfe-env diff --git a/roles/tfe/templates/future.conf.j2 b/roles/tfe/templates/future.conf.j2 new file mode 100644 index 0000000..078a6fc --- /dev/null +++ b/roles/tfe/templates/future.conf.j2 @@ -0,0 +1,5 @@ +[STAT] +no_stats=0 +statsd_server={{ fs_remote.address }} +statsd_port={{ fs_remote.port }} +histogram_bins=0.50,0.80,0.9,0.95 diff --git a/roles/tfe/templates/pangu_pxy.conf.j2 b/roles/tfe/templates/pangu_pxy.conf.j2 index 73f988e..c30e985 100644 --- a/roles/tfe/templates/pangu_pxy.conf.j2 +++ b/roles/tfe/templates/pangu_pxy.conf.j2 @@ -107,8 +107,8 @@ wiredlb_group=TangoCache cache_undefined_obj=1 query_undefined_obj=0 -statsd_server=192.168.10.72 -statsd_port=8126 +statsd_server={{fs_remote.address}} +statsd_port={{fs_remote.port}} histogram_bins=0.20,0.40,0.6,0.8 log_fsstat_appname=tango_cache @@ -121,4 +121,4 @@ log_fsstat_dst_port=8125 [traffic_mirror] table_info=resource/pangu/table_info_traffic_mirror.conf -stat_file=log/traffic_mirror.status \ No newline at end of file +stat_file=log/traffic_mirror.status diff --git a/roles/tfe/templates/require-mrzcpd.conf.j2 b/roles/tfe/templates/require-mrzcpd.conf.j2 new file mode 100644 index 0000000..49e7c1b --- /dev/null +++ b/roles/tfe/templates/require-mrzcpd.conf.j2 @@ -0,0 +1,3 @@ +[Unit] +Requires=tfe-env.service mrzcpd.service +After=tfe-env.service mrzcpd.service diff --git a/roles/tfe/templates/tfe.conf.j2 b/roles/tfe/templates/tfe.conf.j2 index 0087bd9..0cf257f 100644 --- a/roles/tfe/templates/tfe.conf.j2 +++ b/roles/tfe/templates/tfe.conf.j2 @@ -1,5 +1,9 @@ [system] nr_worker_threads={{ tfe.nr_threads }} +enable_breakpad=1 +enable_breakpad_upload=0 +breakpad_minidump_dir=/run/tfe/crashreport/ +breakpad_upload_url=http://127.0.0.1:9000/ [kni] ip=192.168.100.1 @@ -36,8 +40,8 @@ untrusted_ca_path=resource/tfe/tango-ca-v3-untrust-ca.pem passthrough_all_tcp=0 [traffic_mirror] -device= {{ nic_traffic_mirror.name }} -type = {{ nic_traffic_mirror.use_mrzcpd }} +device={{ nic_traffic_mirror.name }} +type=0 [ratelimit] #read_rate=200000 diff --git a/tsg-201907-uninstall.yml b/tsg-201907-uninstall.yml new file mode 100644 index 0000000..3cc027a --- /dev/null +++ b/tsg-201907-uninstall.yml @@ -0,0 +1,48 @@ +- hosts: all + tasks: + - name: "empty rc.local" + copy: + src: rc.local + dest: /etc/rc.d/rc.local + mode: 755 + +- hosts: Functional_Host + tasks: + - name: "remove framework rpms" + yum: + name: framework + state: absent + - name: "remove framework files" + file: + path: /opt/MESA/ + state: absent + force: 1 + +- hosts: blade-00 + tasks: + - name: "remove certstore" + file: + path: /home/tsg/certstore-base/ + state: absent + force: 1 + + - name: "remove kni" + file: + path: /home/tsg/kni/ + state: absent + force: 1 + +- hosts: Slave_Host + tasks: + - name: "remove tfe rpms" + yum: + name: + - tfe + - tfe-kmod + state: absent + + - name: "remove tfe" + file: + path: /home/tsg/tfe + state: absent + force: 1 diff --git a/tsg-clear-coredumps.yml b/tsg-clear-coredumps.yml new file mode 100644 index 0000000..5eec48e --- /dev/null +++ b/tsg-clear-coredumps.yml @@ -0,0 +1,30 @@ +- hosts: blade-00 + tasks: + - name: "blade incpt - find corefiles to delete" + find: + paths: + - / + - /home/tsg/certstore-base/ + - /home/mesasoft/sapp_run/ + patterns: core.* + register: blade_incpt_corefiles_to_delete + + - name: "blade incpt cleanup coredump" + file: + state: absent + path: '{{ item.path }}' + with_items: "{{ blade_incpt_corefiles_to_delete.files }}" + +- hosts: blade-01:blade-02:blade-03 + tasks: + - name: "find corefiles to delete" + find: + paths: /opt/tsg/tfe/ + patterns: core.* + register: ctrl_corefiles_to_delete + + - name: "cleanup coredump" + file: + state: absent + path: '{{ item.path }}' + with_items: "{{ ctrl_corefiles_to_delete.files }}" diff --git a/tsg-reboot.yml b/tsg-reboot.yml new file mode 100644 index 0000000..2999e5f --- /dev/null +++ b/tsg-reboot.yml @@ -0,0 +1,9 @@ +#- hosts: all +# tasks: +# - name: "reboot all" +# reboot: + +- hosts: Functional_Host + tasks: + - name: "reboot all compute blade" + reboot: diff --git a/tsg-restart.yml b/tsg-restart.yml new file mode 100644 index 0000000..227714a --- /dev/null +++ b/tsg-restart.yml @@ -0,0 +1,15 @@ +- hosts: blade-00:blade-01:blade-02:blade-03 + tasks: + - name: "restart mrzcpd" + systemd: + name: mrzcpd + daemon_reload: 1 + state: restarted + +#- hosts: blade-01:blade-02:blade-03 +# tasks: +# - name: "restart tfe" +# systemd: +# name: tfe +# daemon_reload: 1 +# state: restarted