fix bug in deploy

NurSultan_deploy.yml

@@ -3,14 +3,22 @@
     - adc_mcn1
     - adc_mcn2
     - adc_mcn3
+    - packet_dump_server
   remote_user: root
   vars_files:
-    - install_config/group_vars/adc_global.yml
+    - NurSultan_install_config/group_vars/adc_global.yml
   roles:
     - framework
     #- kernel-ml
     - telegraf_collect
 
+- hosts: packet_dump_server
+  remote_user: root
+  vars_files:
+    - NurSultan_install_config/group_vars/adc_global.yml
+  roles:
+    - packet_dump
+
 - hosts: adc_mxn
   remote_user: root
   roles:
@@ -19,50 +27,56 @@
 - hosts: adc_mcn0
   remote_user: root
   vars_files:
-    - install_config/group_vars/adc_global.yml
-    - install_config/group_vars/adc_mcn0.yml
+    - NurSultan_install_config/group_vars/adc_global.yml
+    - NurSultan_install_config/group_vars/adc_mcn0.yml
   roles:
 #    - tsg-env-mcn0
+    - kernel-ml
     - mrzcpd
     - sapp
     - tsg_master
-#    - kni
+    - kni
     - firewall
 #    - tsg_app
     - http_healthcheck
-#    - packet_dump
-    - certstore
+    - redis
     - cert-redis
+    - certstore
     - telegraf_statistic
 #    - tsg_device_tag
 
 - hosts: adc_mcn1
   remote_user: root
   vars_files:
-    - install_config/group_vars/adc_global.yml
-    - install_config/group_vars/adc_mcn1.yml
+    - NurSultan_install_config/group_vars/adc_global.yml
+    - NurSultan_install_config/group_vars/adc_mcn1.yml
   roles:
 #    - tsg-env-mcn1
+    - kernel-ml
     - mrzcpd
     - tfe
 
 - hosts: adc_mcn2
   remote_user: root
   vars_files:
-    - install_config/group_vars/adc_global.yml
-    - install_config/group_vars/adc_mcn2.yml
+    - NurSultan_install_config/group_vars/adc_global.yml
+    - NurSultan_install_config/group_vars/adc_mcn2.yml
   roles:
 #    - tsg-env-mcn2
+    - kernel-ml
     - mrzcpd
     - tfe
 
 - hosts: adc_mcn3
   remote_user: root
   vars_files:
-    - install_config/group_vars/adc_global.yml
-    - install_config/group_vars/adc_mcn3.yml
+    - NurSultan_install_config/group_vars/adc_global.yml
+    - NurSultan_install_config/group_vars/adc_mcn3.yml
   roles:
 #    - tsg-env-mcn3
+    - redis
+    - maat-redis
+    - kernel-ml
     - mrzcpd
     - tfe
 
@@ -91,14 +105,14 @@
     - adc_mcn3
   remote_user: root
   vars_files:
-    - install_config/group_vars/adc_global.yml
+    - NurSultan_install_config/group_vars/adc_global.yml
   roles:
-    - reboot
+    #- reboot
 
 - hosts: server-as-tun-mode
   remote_user: root
   vars_files:
-    - install_config/group_vars/server_as_tun_mode.yml
+    - NurSultan_install_config/group_vars/server_as_tun_mode.yml
   roles:
     - kernel-ml
     - framework
@@ -110,9 +124,10 @@
     - firewall
     - tsg_app
     - http_healthcheck
-    - packet_dump
     - certstore
+    - redis
     - cert-redis
+    - maat-redis
     - tfe
     - telegraf_statistic
     - telegraf_collect
@@ -123,6 +138,6 @@
 - hosts: app_global
   remote_user: root
   vars_files:
-    - install_config/group_vars/app_global.yml
+    - NurSultan_install_config/group_vars/app_global.yml
   roles:
     - app_global

NurSultan_install_config/group_vars/adc_global.yml

@@ -1,6 +1,6 @@
 #########################################
 #####1: Inline_device;  2: Allot;  3: ADC_Tun_mode;
-tsg_access_type: 3
+tsg_access_type: 2
 #####2: ADC;
 tsg_running_type: 2
 
@@ -10,15 +10,21 @@ Deploy_finished_reboot: 0
 
 ########################################
 #IP Config
+maat_redis_city_server:
+  address: "10.4.62.253"
+  port: 7002
+
 maat_redis_server:
   address: "192.168.100.4"
   port: 7002
+  port_num: 1
   db: 0
 
 dynamic_maat_redis_server:
   address: "192.168.100.4"
   port: 7002
-  db: 0
+  port_num: 1
+  db: 1
 
 cert_store_server:
   address: "192.168.100.1"
@@ -27,6 +33,9 @@ cert_store_server:
 log_kafkabrokers:
   address: "10.4.61.10:9092,10.4.61.11:9092,10.4.61.12:9092,10.4.61.13:9092,10.4.61.14:9092,10.4.61.15:9092,10.4.61.16:9092,10.4.61.17:9092,10.4.61.18:9092,10.4.61.19:9092,10.4.61.20:9092"
 
+telegraf_kafkabrokers:
+  address: "\"10.4.61.10:9092\",\"10.4.61.11:9092\",\"10.4.61.12:9092\",\"10.4.61.13:9092\",\"10.4.61.14:9092\",\"10.4.61.15:9092\",\"10.4.61.16:9092\",\"10.4.61.17:9092\",\"10.4.61.18:9092\",\"10.4.61.19:9092\",\"10.4.61.20:9092\""
+
 monitor_outputs_influxdb:
   url: "http://127.0.0.1:58086"
 
@@ -37,15 +46,15 @@ log_minio:
 #########################################
 #Log Level Config
 #日志等级 10:DEBUG 20:INFO 30:FATAL
-fw_ftp_log_level: 30
-fw_mail_log_level: 30
-fw_http_log_level: 30
-fw_dns_log_level: 30
-fw_quic_log_level: 30
-capture_packet_log_level: 30
-tsg_log_level: 30
-tsg_master_log_level: 30
-kni_log_level: 30
+fw_ftp_log_level: 10
+fw_mail_log_level: 10
+fw_http_log_level: 10
+fw_dns_log_level: 10
+fw_quic_log_level: 10
+capture_packet_log_level: 10
+tsg_log_level: 10
+tsg_master_log_level: 10
+kni_log_level: 10
 
 #日志等级 DEBUG INFO FATAL
 tfe_log_level: FATAL
@@ -54,7 +63,7 @@ pangu_log_level: FATAL
 doh_log_level: FATAL
 
 certstore_log_level: 30
-packet_dump_log_level: 30
+packet_dump_log_level: 10
 
 #######################################
 #Sapp Performance Config
@@ -108,4 +117,7 @@ app_control_plug_log_level: 10
 
 breakpad_upload_url: http://127.0.0.1/
 
+data_center: Nur-sultan
 tsg_master_entrance_id: 4
+nic_mgr: 
+   name: em1

NurSultan_install_config/group_vars/adc_mcn0.yml

@@ -29,11 +29,13 @@ inline_device_config:
 #########################################
 #Allot接入相关配置
 AllotAccess:
-  virturlInterface_1: ens1f2.103
-  virturlInterface_2: ens1f2.104
-  virturlID_1: 103
-  virturlID_2: 104
-  vvipv4_mask: 24
-  vvipv6_mask: 64
+  #virturlInterface_1: ens1f2.103
+  #virturlInterface_2: ens1f2.104
+  virturlID_1: 1201
+  virturlID_2: 1202
+  virturlID_3: 1301
+  virturlID_4: 1302
+  #vvipv4_mask: 24
+  #vvipv6_mask: 64
 
-bladename: mcn0
+bladename: mcn0

NurSultan_install_config/hosts

@@ -33,12 +33,15 @@
 
 #[app_global]
 #[server-as-tun-mode]
+#p
 #[adc_mxn]
 [adc_mcn0]
-10.4.51.2
+10.4.51.[1:78]
 [adc_mcn1]
-10.4.52.2
+10.4.52.[1:78]
 [adc_mcn2]
-10.4.53.2
+10.4.53.[1:78]
 [adc_mcn3]
-10.4.54.2
+10.4.54.[1:78]
+[packet_dump_server]
+10.4.61.3

roles/cert-redis/files/cert-redis.conf

@@ -160,7 +160,7 @@ loglevel notice
 # Specify the log file name. Also the empty string can be used to force
 # Redis to log on the standard output. Note that if you use standard
 # output for logging but daemonize, logs will be sent to /dev/null
-logfile "/opt/tsg/cert-redis/6379/6379.log"
+#logfile "/opt/tsg/cert-redis/6379/6379.log"
 
 # To enable logging to the system logger, just set 'syslog-enabled' to yes,
 # and optionally update the other syslog parameters to suit your needs.
@@ -244,7 +244,7 @@ dbfilename dump.rdb
 # The Append Only File will also be created inside this directory.
 #
 # Note that you must specify a directory here, not a file name.
-dir /opt/tsg/cert-redis/6379/
+#dir /opt/tsg/cert-redis/6379/
 
 ################################# REPLICATION #################################
 

roles/cert-redis/files/cert-redis.service

@@ -0,0 +1,12 @@
+[Unit]
+Description=Redis persistent key-value database
+After=network.target
+
+[Service]
+ExecStart=/usr/bin/redis-server /etc/cert-redis.conf --supervised systemd
+ExecStop=/usr/libexec/redis-shutdown cert-redis
+Type=notify
+
+[Install]
+WantedBy=multi-user.target
+

roles/cert-redis/files/cert-redis/cert-redis.service

@@ -1,16 +0,0 @@
-[Unit]
-Description=Redis persistent key-value database
-After=network.target
-After=network-online.target
-Wants=network-online.target
-
-[Service]
-ExecStart=/usr/local/bin/start-cert-redis
-ExecStop=killall redis-server
-Type=forking
-RuntimeDirectory=redis
-RuntimeDirectoryMode=0755
-
-[Install]
-WantedBy=multi-user.target
-

roles/cert-redis/files/cert-redis/install.sh

@@ -1,6 +0,0 @@
-#!/bin/bash
-#
-cp -rf redis-server /usr/local/bin/
-cp -rf redis-cli /usr/local/bin
-cp -rf cert-redis.service /usr/lib/systemd/system/
-cp -rf start-cert-redis /usr/local/bin

roles/cert-redis/files/cert-redis/start-cert-redis

@@ -1,4 +0,0 @@
-#!/bin/bash
-#
-
-/usr/local/bin/redis-server /opt/tsg/cert-redis/6379/6379.conf

roles/cert-redis/tasks/main.yml

@@ -1,11 +1,11 @@
-- name: "copy cert-redis to destination server"
+- name: "copy cert-redis file to dest"
   copy:
     src: "{{ role_path }}/files/"
-    dest: /opt/tsg
-    mode: 0755
-
-- name: "install cert-redis"
-  shell: cd /opt/tsg/cert-redis;sh install.sh
+    dest: "{{ item.dest }}"
+    mode: "{{ item.mode }}"
+  with_items:
+    - { src: "cert-redis.conf" , dest: "/etc" , mode: "0644" } 
+    - { src: "cert-redis.service" , dest: "/usr/lib/systemd/system" , mode: "0644" }
 
 - name: "start cert-redis"
   systemd:

roles/firewall/templates/capture_packet_plug.conf.j2

@@ -7,12 +7,15 @@ TABLE_INFO=conf/capture_packet_tableinfo.conf
 STAT_FILE=capture_packet_maat.status
 EFFECT_INTERVAL_S=1
 REDIS_IP={{ maat_redis_server.address }}
-REDIS_PORT_NUM=1
+REDIS_PORT_NUM={{ maat_redis_server.port_num }}
 REDIS_PORT={{ maat_redis_server.port }}
-REDIS_INDEX=0
+REDIS_INDEX={{ maat_redis_server.db }}
 JSON_CFG_FILE=conf/capture_packet_maat.json
 INC_CFG_DIR=capture_packet_rule/inc/index/
 FULL_CFG_DIR=capture_packet_rule/full/index/
+EFFECTIVE_RANGE_FILE=/opt/tsg/etc/tsg_device_tag.json
+
+ACCEPT_TAGS={"tags":[{"tag":"data_center","value":"{{ data_center }}"}]}
 
 [LOG]
 NIC_NAME={{ nic_mgr.name }}

roles/firewall/templates/maat.conf.j2

@@ -7,12 +7,13 @@ TABLE_INFO=tsgconf/tsg_static_tableinfo.conf
 STAT_FILE=tsg_static_maat.status
 EFFECT_INTERVAL_S=1
 REDIS_IP={{ maat_redis_server.address }}
-REDIS_PORT_NUM=1
-REDIS_PORT=7002
-REDIS_INDEX=0
+REDIS_PORT_NUM={{ maat_redis_server.port_num }}
+REDIS_PORT={{ maat_redis_server.port }}
+REDIS_INDEX={{ maat_redis_server.db }}
 JSON_CFG_FILE=tsgconf/tsg_maat.json
 INC_CFG_DIR=tsgrule/inc/index/
 FULL_CFG_DIR=tsgrule/full/index/
+EFFECTIVE_RANGE_FILE=/opt/tsg/etc/tsg_device_tag.json
 
 [DYNAMIC]
 ###0:location 1:json 2:redis
@@ -23,10 +24,13 @@ TABLE_INFO=tsgconf/tsg_dynamic_tableinfo.conf
 STAT_FILE=tsg_dynamic_maat.status
 EFFECT_INTERVAL_S=1
 REDIS_IP={{ dynamic_maat_redis_server.address }}
-REDIS_PORT_NUM=1
-REDIS_PORT=7002
-REDIS_INDEX=1
+REDIS_PORT_NUM={{ maat_redis_server.port_num }}
+REDIS_PORT={{ maat_redis_server.port }}
+REDIS_INDEX={{ maat_redis_server.db }}
 JSON_CFG_FILE=tsgconf/tsg_maat.json
 INC_CFG_DIR=tsgrule/inc/index/
 FULL_CFG_DIR=tsgrule/full/index/
+EFFECTIVE_RANGE_FILE=/opt/tsg/etc/tsg_device_tag.json
 
+[MAAT]
+ACCEPT_TAGS={"tags":[{"tag":"data_center","value":"{{ data_center }}"}]}

roles/firewall/templates/main.conf.j2

@@ -54,4 +54,4 @@ ENTRANCE_ID={{ tsg_master_entrance_id }}
 LOG_LEVEL={{ tsg_master_log_level }}
 LOG_PATH="./tsglog/tsg_master"
 POLICY_PRIORITY_LABEL="POLICY_PRIORITY"
-DEVICE_ID_COMMAND="hostname | awk -F'-' '{print $3}'| awk -F'ADC' '{print $2}'"
+DEVICE_ID_COMMAND="hostname | awk -F'-' '{print $3}'| awk -F'adc' '{print $2}'"

roles/kni/tasks/main.yml

@@ -7,7 +7,7 @@
 - name: "install kni rpms from localhost"
   yum:
     name:
-      - /tmp/ansible_deploy/kni-20.10.20201019.3f20d93-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/kni-20.10.20201024.a43de2a-2.el7.x86_64.rpm
     state: present
 #    skip_broken: yes
 

roles/maat-redis/files/maat-redis.service

@@ -0,0 +1,12 @@
+[Unit]
+Description=Redis persistent key-value database
+After=network.target
+
+[Service]
+ExecStart=/usr/bin/redis-server /etc/maat-redis.conf --supervised systemd
+ExecStop=/usr/libexec/redis-shutdown maat-redis
+Type=notify
+
+[Install]
+WantedBy=multi-user.target
+

roles/maat-redis/tasks/main.yml

@@ -0,0 +1,18 @@
+- name: "copy maat-redis file to dest"
+  copy:
+    src: "{{ role_path }}/files/maat-redis.service"
+    dest: "/usr/lib/systemd/system"
+    mode: 0644
+
+- name: "Template the kni.conf"
+  template:
+    src: "{{ role_path }}/templates/maat-redis.conf.j2"
+    dest: /etc/maat-redis.conf
+  tags: template
+
+- name: "start maat-redis"
+  systemd:
+    name: maat-redis.service
+    state: started
+    daemon_reload: yes
+    enabled: yes

roles/mrzcpd/templates/allot_access/mrglobal.conf.allot_access.j2

@@ -8,7 +8,7 @@ jumbo_frame=1
 max_rx_pkt_len=15360
 clear_tx_flags=1
 vlan-filter=1
-vlan-id-allow={{ AllotAccess.virturlID_1 }},{{ AllotAccess.virturlID_2 }},4000,4001,1000,1001
+vlan-id-allow={{ AllotAccess.virturlID_1 }},{{ AllotAccess.virturlID_2 }},{{ AllotAccess.virturlID_3 }},{{ AllotAccess.virturlID_4 }},4000,4001
 vlan-pvid=0
 vlan-pvid-mode=2
 promisc=1

roles/mrzcpd/templates/allot_access/mrtunnat.conf.allot_access.j2

@@ -16,9 +16,9 @@ enable=1
 c_router_vlan_id_0={{ AllotAccess.virturlID_1 }}
 i_router_vlan_id_0={{ AllotAccess.virturlID_2 }}
 en_mac_flipping_0=1
-c_router_vlan_id_1=1000
-i_router_vlan_id_1=1001
-en_mac_flipping_1=0
+c_router_vlan_id_1={{ AllotAccess.virturlID_3 }}
+i_router_vlan_id_1={{ AllotAccess.virturlID_4 }}
+en_mac_flipping_1=1
 c_router_vlan_id_2=4000
 i_router_vlan_id_2=4001
 en_mac_flipping_2=0

roles/packet_dump/tasks/main.yml

@@ -1,6 +1,6 @@
 - name: "copy packet_dump rpm to destination server"
   copy:
-    src: "{{ role_path }}/files/packet_dump-1.0.4.82e85d1-2.el7.x86_64.rpm"
+    src: "{{ role_path }}/files/packet_dump-1.0.6.2ea75d5-2.el7.x86_64.rpm"
     dest: /tmp/ansible_deploy/
 
 - name: "copy  packet_dump.service to destination server"
@@ -12,7 +12,7 @@
 - name: "install packet_dump rpm from localhost"
   yum:
     name:
-      - /tmp/ansible_deploy/packet_dump-1.0.4.82e85d1-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/packet_dump-1.0.6.2ea75d5-2.el7.x86_64.rpm
     state: present
 
 - name: "Template the packet_dump.conf"

roles/packet_dump/templates/packet_dump.conf.j2

@@ -5,10 +5,12 @@ BROKER_LIST={{ log_kafkabrokers.address }}
 NIC_NAME={{ nic_mgr.name }}
 LOG_LEVEL={{ packet_dump_log_level }}
 LOG_PATH=log/packet_dump
+PCAPNG_FILEPATH_PREFIX=/troubleshooting/
+PCAPNG_BASEPATH_PREFIX=/var/www/html/
 
 [breakpad]
-disable_coredump=0
+disable_coredump=1
 enable_breakpad=1
 breakpad_minidump_dir=/tmp/packet_dump/crashreport
-enable_breakpad_upload=0
+enable_breakpad_upload=1
 breakpad_upload_url={{ breakpad_upload_url }}

roles/redis/tasks/main.yml

@@ -0,0 +1,12 @@
+- name: "redis rpm install:copy file to device"
+  copy:
+    src: '{{ role_path }}/files/'
+    dest: /tmp/ansible_deploy/
+
+
+- name: "redis rpm install:install redis"
+  yum:
+    name:
+      - "/tmp/ansible_deploy/jemalloc-3.6.0-1.el7.x86_64.rpm"
+      - "/tmp/ansible_deploy/redis40u-4.0.14-1.ius.centos7.x86_64.rpm"
+    state: present

roles/sapp/tasks/main.yml

@@ -40,6 +40,12 @@
     dest: /home/mesasoft/sapp_run/plug/conflist.inf
   tags: template
 
+- name: Template the sapp_log.conf
+  template:
+    src: "{{ role_path }}/templates/sapp_log.conf.j2"
+    dest: /home/mesasoft/sapp_run/etc/sapp_log.conf
+  tags: template
+
 - name: Template the gdev.conf
   template:
     src: "{{ role_path }}/templates/gdev.conf.j2"

roles/sapp/templates/sapp.toml.j2

@@ -66,9 +66,9 @@ BSD_packet_filter=""
 
 [STREAM]
     [stream.tcp]
-    max=200000
+    max=100000
     timeout=30
-    syn_mandatory=1
+    syn_mandatory=0
     reorder_pkt_max=5
     analyse_option_enabled=1
         [stream.tcp.inject]
@@ -81,7 +81,7 @@ BSD_packet_filter=""
         signature_seed2=13
 	
     [stream.udp]
-    max=10000
+    max=100000
     timeout=60
 
 [PROFILING]

roles/sapp/templates/sapp_log.conf.j2

@@ -0,0 +1,14 @@
+[global]
+default format = "%d(%c), %V, %U, %m%n"
+[levels]
+DEBUG=10
+INFO=20
+FATAL=30
+[formats]
+other = "%d(%c), %V, %F, %U, %m%n"
+plugin = "%d(%c), %m%n"
+[rules]
+__log_runtimelog.info    "./log/runtimelog.%d(%F)"
+__log_runtimelog_plugin.fatal    >stdout; plugin
+__log_runtimelog_plugin.info    "./log/plugin.log"; plugin
+!.fatal    "./log/%c.%d(%F)"; other

roles/telegraf_statistic/templates/telegraf_statistic.conf.j2

@@ -42,7 +42,7 @@
    stats = ["sum"]
 
 [[outputs.kafka]]
-   brokers = ["{{ log_kafkabrokers.address }}"]
+   brokers = [ {{ telegraf_kafkabrokers.address }} ]
    fieldpass = [ "*_conn_num", "*_bytes", "*_in_packets",  "*_out_packets", "intercept", "hit_share", "tcp_links", "udp_links", "success_log", "failed_log", "bypass", "drop_log","pinning_num","*pinning_num","intcp_*_num"]
    topic = "TRAFFIC-METRICS-LOG"
    data_format = "json"
@@ -56,4 +56,4 @@
 
 [[outputs.influxdb]]
    urls = ["{{ monitor_outputs_influxdb.url }}"]
-   database = "tsg_stat"
+   database = "tsg_stat"

roles/tsg-diagnose-verify-succ/tasks/main.yml

@@ -0,0 +1,11 @@
+---
+- name: "register tsg-diagnose exec result"
+  shell: docker exec -it unittest_tsg-diagnose /bin/sh -c 'python3 /root/unittest/tsg_diagnose.py'
+  register: tsgdiagnoseresults
+
+- name: assert
+  assert:
+    that:
+      - tsgdiagnoseresults.stdout.find('FAIL') == -1
+    fail_msg: "FAIL"
+    success_msg: "PASS"

roles/tsg-diagnose-verify-succ/tasks/main.yml.bak

@@ -0,0 +1,9 @@
+---
+- name: "register tsg-diagnose exec result"
+  shell: docker exec -it unittest_tsg-diagnose /bin/sh -c 'python3 /root/unittest/tsg_diagnose.py'
+  register: tsgdiagnoseresults
+
+- name: "check the results"
+  fail:
+    msg: fail
+  when: tsgdiagnoseresults.stdout.find('FAIL') != -1

roles/tsg-diagnose/tasks/main.yml

@@ -24,9 +24,24 @@
     name:
       - "/tmp/ansible_deploy/tsg-diagnose-20.10.01.7041374-1.el7.x86_64.rpm"
     state: present
-  
-- name: "tsg-diagnose init certs"
-  shell: /bin/sh /opt/tsg/tsg-diagnose/deploy/init_certs/init_badssl_certs.sh
+
+- name: "Templates tsg-diagnose.config"
+  template:
+    src: "{{role_path}}/templates/tsg-diagnose.config.j2"
+    dest: /opt/tsg/tsg-diagnose/etc/tsg-diagnose.config
+  tags: template
+
+- name: "tsg-diagnose:mkdir -p .badssl_cert_dict"
+  file:
+    path: /opt/tsg/tsg-diagnose/.badssl_cert_dict
+    state: directory
+
+
+- name: "tsg-diagnose: unarchive certs"
+  unarchive:
+    src: /tmp/ansible_deploy/tsg-diagnose-certs.tgz
+    dest: /opt/tsg/tsg-diagnose/.badssl_cert_dict
+    remote_src: yes
 
 - name: "copy memory limit file to tsg-diagnose.service.d"
   copy:

roles/tsg-diagnose/templates/tsg-diagnose.config.j2

@@ -0,0 +1,135 @@
+[test_securityPolicy_bypass]
+# enabled = 1 run this case
+enabled = 1
+#Connection TIMEOUT, in seconds
+conn_timeout = 1
+#max_recv_speed_large  byte/s
+max_recv_speed_large = 6553600
+
+[test_securityPolicy_intercept]
+enabled = 1
+conn_timeout = 1
+max_recv_speed_large = 6553600
+
+[test_securityPolicy_intercept_certerrExpired]
+enabled = 1
+conn_timeout = 1
+max_recv_speed_large = 6553600
+
+[test_securityPolicy_intercept_certerrSelf_signed]
+enabled = 1
+conn_timeout = 1
+max_recv_speed_large = 6553600
+
+[test_securityPolicy_intercept_certerrUntrusted_root]
+enabled = 1
+conn_timeout = 1
+max_recv_speed_large = 6553600
+
+[test_proxyPolicy_ssl_redirect]
+enabled = 1
+conn_timeout = 1
+max_recv_speed_large = 6553600
+
+[test_proxyPolicy_ssl_block]
+enabled = 1
+conn_timeout = 1
+max_recv_speed_large = 6553600
+
+[test_proxyPolicy_ssl_replace]
+enabled = 1
+conn_timeout = 1
+max_recv_speed_large = 6553600
+
+[test_proxyPolicy_ssl_hijack]
+enabled = 1
+conn_timeout = 1
+max_recv_speed_large = 6553600
+
+[test_proxyPolicy_ssl_insert]
+enabled = 1
+conn_timeout = 1
+max_recv_speed_large = 6553600
+
+[test_proxyPolicy_http_redirect]
+enabled = 1
+conn_timeout = 1
+max_recv_speed_large = 6553600
+
+[test_proxyPolicy_http_block]
+enabled = 1
+conn_timeout = 1
+max_recv_speed_large = 6553600
+
+[test_proxyPolicy_http_replace]
+enabled = 1
+conn_timeout = 1
+max_recv_speed_large = 6553600
+
+[test_proxyPolicy_http_hijack]
+enabled = 1
+conn_timeout = 1
+max_recv_speed_large = 6553600
+
+[test_proxyPolicy_http_insert]
+enabled = 1
+conn_timeout = 1
+max_recv_speed_large = 6553600
+
+[test_https_con_traffic_1k]
+enabled = 1
+conn_timeout = 1
+max_recv_speed_large = 6553600
+
+[test_https_con_traffic_4k]
+enabled = 1
+conn_timeout = 1
+max_recv_speed_large = 6553600
+
+[test_https_con_traffic_16k]
+enabled = 1
+conn_timeout = 1
+max_recv_speed_large = 6553600
+
+[test_https_con_traffic_64k]
+enabled = 1
+conn_timeout = 1
+max_recv_speed_large = 6553600
+
+[test_https_con_traffic_256k]
+enabled = 1
+conn_timeout = 1
+max_recv_speed_large = 6553600
+
+[test_https_con_traffic_1M]
+enabled = 1
+conn_timeout = 1
+max_recv_speed_large = 6553600
+
+[test_https_con_traffic_4M]
+enabled = 1
+conn_timeout = 1
+max_recv_speed_large = 6553600
+
+[test_https_con_traffic_16M]
+enabled = 1
+conn_timeout = 4
+max_recv_speed_large = 6553600
+
+[test_https_con_traffic_64M]
+enabled = 1
+conn_timeout = 12
+max_recv_speed_large = 6553600
+
+[start_time_random_delay_range]
+enabled = 1
+#Left_edge is the left edge of the randomly generated time in seconds
+left_edge = 0
+#Left_edge is the right edge of the randomly generated time in seconds
+right_edge = 30
+
+[telegraf]
+host = 192.51.100.1
+port = 58100
+tags_key = app_name
+tags_value = tsg-diagnose