增加1,2,3板上mrzcpd, tfe-kmod及相关配置文件的自动部署。

roles/framework/tasks/main.yml

@@ -12,13 +12,12 @@
     packages:
       - /tmp/ansible_deploy/kernel/kernel-ml-5.1.8-1.el7.elrepo.x86_64.rpm
       - /tmp/ansible_deploy/kernel/kernel-ml-devel-5.1.8-1.el7.elrepo.x86_64.rpm
-      - /tmp/ansible_deploy/mrzcpd-4.3.9.497aaf5-1.el7.x86_64.rpm
-      - /tmp/ansible_deploy/framework/framework-debug-2.0.8-1.el7.centos.x86_64.rpm
       - /tmp/ansible_deploy/dkms/zlib-devel-1.2.7-18.el7.x86_64.rpm
       - /tmp/ansible_deploy/dkms/elfutils-libelf-devel-0.172-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/dkms/zlib-1.2.7-18.el7.x86_64.rpm
       - /tmp/ansible_deploy/dkms/which-2.20-7.el7.x86_64.rpm
       - /tmp/ansible_deploy/dkms/dkms-2.7.1-1.el7.noarch.rpm
+      - /tmp/ansible_deploy/framework/framework-debug-2.0.8-1.el7.centos.x86_64.rpm
 
 - name: "install/update rulescan header files"
   synchronize:

roles/mrzcpd/tasks/main.yml

@@ -0,0 +1,27 @@
+---
+- name: "copy mrzcpd to destination server"
+  synchronize:
+    src: "{{ role_path }}/files/"
+    dest: "/tmp/ansible_deploy/"
+  when: nic_traffic_mirror.use_mrzcpd
+
+- name: "install mrzcpd"
+  yum:
+    name: "{{ packages }}"
+    state: present
+  vars:
+    packages:
+    - /tmp/ansible_deploy/mrzcpd-4.3.9.497aaf5-1.el7.x86_64.rpm
+  when: nic_traffic_mirror.use_mrzcpd
+
+- name: "update sysconfig/mrzcpd"
+  template:
+    src: "{{ role_path }}/templates/mrzcpd.j2"
+    dest: /etc/sysconfig/mrzcpd
+  when: nic_traffic_mirror.use_mrzcpd
+
+- name: "update mrglobal.conf"
+  template:
+    src: "{{ role_path }}/templates/mrglobal.conf.traffic_mirror.j2"
+    dest: /opt/mrzcpd/etc/mrglobal.conf
+  when: nic_traffic_mirror.use_mrzcpd

roles/mrzcpd/templates/mrglobal.conf.traffic_mirror.j2

@@ -0,0 +1,27 @@
+[device]
+device={{nic_traffic_mirror.name}}
+sz_tunnel=8192
+sz_buffer=32
+
+[device:{{nic_traffic_mirror.name}}]
+jumbo_frame=1
+max_rx_pkt_len=15360
+clear_tx_flags=1
+promisc=1
+
+[service]
+iocore=55
+
+[eal]
+virtaddr=0x7d0000000000
+loglevel=7
+
+[keepalive]
+check_spinlock=1
+
+[pool]
+create_mode=3
+sz_direct_pktmbuf=4194304
+sz_indirect_pktmbuf=8192
+sz_cache=256
+sz_data=4096

roles/mrzcpd/templates/mrzcpd.j2

@@ -0,0 +1,3 @@
+MRZCPD_ROOT=/opt/mrzcpd
+HUGEPAGE_NUM_2M=16384
+DEFAULT_UIO_MODULE="igb_uio"

roles/netcfg-control-blade/templates/tsg-environment.j2

@@ -1,15 +0,0 @@
-
-# Device Name
-TSG_PF_DEVICE=ens1
-TSG_DEVICE_DATA_INCOMING=enp1s0
-TSG_DEVICE_DATA_3RD=enp1s1
-TSG_DEVICE_CTRL_MGR=ens1
-TSG_DEVICE_CTRL_LOG=enp1s2
-
-# Dataplane address
-TSG_LOCAL_MAC_DATA_INCOMING=FB:00:00:00:00:B1
-TSG_PEER_MAC_DATA_INCOMING=FA:00:00:00:00:AA
-TSG_LOCAL_IP_DATA_INCOMING=172.16.241.2
-TSG_PEER_IP_DATA_INCOMING=172.16.241.1
-TSG_LOCAL_IP6_DATA_INCOMING=fd08::02
-TSG_PEER_IP_DATA_INCOMING=fd08::02

roles/netcfg-control-blade/templates/tsg-netcfg-control-blade.service.j2

@@ -1,38 +0,0 @@
-[Unit]
-Description=Tango Secure Gateway - Control Blade Network Configuration
-
-[Service]
-EnvironmentFile=/etc/sysconfig/tsg-environment
-Type=oneshot
-
-# start vfs and set incoming mac address
-ExecStartPre=/usr/bin/bash -c "echo 3 > /sys/class/net/${TSG_PF_DEVICE}/device/sriov_numvfs"
-
-# dataincoming interface
-ExecStartPre=/usr/sbin/ip link set ${TSG_DEVICE_DATA_INCOMING} address ${TSG_LOCAL_MAC_DATA_INCOMING}
-ExecStartPre=/usr/sbin/ip link set ${TSG_DEVICE_DATA_INCOMING} up
-ExecStartPre=/usr/sbin/ip addr flush dev ${TSG_DEVICE_DATA_INCOMING}
-ExecStartPre=/usr/sbin/ip addr add ${TSG_LOCAL_IP_DATA_INCOMING}/30 dev ${TSG_DEVICE_DATA_INCOMING}
-ExecStartPre=/usr/sbin/ip neigh replace ${TSG_PEER_IP_DATA_INCOMING} laddr ${TSG_PEER_MAC_DATA_INCOMING}
-
-# policy route
-ExecStartPre=/usr/sbin/ip rule add iif ${TSG_DEVICE_DATA_INCOMING} tab 100
-ExecStartPre=/usr/sbin/ip route add local default dev lo table 100
-ExecStartPre=/usr/sbin/ip rule add fwmark 0x65 lookup ${TSG_DEVICE_DATA_INCOMING} table 101
-ExecStartPre=/usr/sbin/ip route add default dev ${TSG_DEVICE_DATA_INCOMING} via ${TSG_PEER_IP_DATA_INCOMING} table 101
-
-# policy route v6
-
-
-# all works are done in execstartpre, this is only a fake target
-ExecStart=/bin/true
-
-# stop, disable VFs
-ExecStop=/usr/bin/bash -c "echo 0 > /sys/class/net/${TSG_PF_DEVICE}/device/sriov_numvfs"
-ExecStop=/usr/sbin/ip link set ${TSG_DEVICE_DATA_INCOMING} down
-
-# stop, remove ip rule and table
-
-
-[Install]
-WantedBy=multi-user.target

roles/tfe/tasks/main.yml

@@ -10,7 +10,13 @@
     state: present
   vars:
     packages:
-      - /tmp/ansible_deploy/tfe-debug-4.0.0.1a59abc-1.el7.x86_64.rpm
+      - /tmp/ansible_deploy/tfe-4.0.0.acfad0f-1.el7.x86_64.rpm
+      - /tmp/ansible_deploy/tfe-kmod-6ed8c79-1dkms.noarch.rpm
+
+- name: "template tfe-env config"
+  template:
+    src: "{{ role_path }}/templates/tfe-env-config.j2"
+    dest: /etc/sysconfig/tfe-env-config
 
 - name: "template the tfe.conf"
   template:
@@ -20,4 +26,16 @@
 - name: "template the pangu_pxy.conf"
   template:
     src: "{{ role_path }}/templates/pangu_pxy.conf.j2"
-    dest: /home/tsg/tfe/conf/pangu/pangu_pxy.conf
+    dest: /home/tsg/tfe/conf/pangu/pangu_pxy.conf
+
+- name: "add tfe-kmod to boot"
+  modprobe:
+    name: tfe_kmod
+    state: present
+
+- name: "enable tfe-env"
+  systemd:
+    name: tfe-env
+    enabled: no
+    daemon_reload: yes
+    state: restarted

roles/tfe/templates/tfe-env-config.j2

@@ -0,0 +1,6 @@
+
+TFE_DEVICE_DATA_INCOMING={{nic_data_incoming.name}}
+TFE_LOCAL_MAC_DATA_INCOMING=fe:65:b7:00:00:01
+TFE_PEER_MAC_DATA_INCOMING=aa:bb:cc:dd:ee:ff
+TFE_LOCAL_IP_DATA_INCOMING=172.16.241.2
+TFE_PEER_IP_DATA_INCOMING=172.16.241.1