diff --git a/roles/framework/tasks/main.yml b/roles/framework/tasks/main.yml index 5f42ab6..c43ac03 100644 --- a/roles/framework/tasks/main.yml +++ b/roles/framework/tasks/main.yml @@ -12,13 +12,12 @@ packages: - /tmp/ansible_deploy/kernel/kernel-ml-5.1.8-1.el7.elrepo.x86_64.rpm - /tmp/ansible_deploy/kernel/kernel-ml-devel-5.1.8-1.el7.elrepo.x86_64.rpm - - /tmp/ansible_deploy/mrzcpd-4.3.9.497aaf5-1.el7.x86_64.rpm - - /tmp/ansible_deploy/framework/framework-debug-2.0.8-1.el7.centos.x86_64.rpm - /tmp/ansible_deploy/dkms/zlib-devel-1.2.7-18.el7.x86_64.rpm - /tmp/ansible_deploy/dkms/elfutils-libelf-devel-0.172-2.el7.x86_64.rpm - /tmp/ansible_deploy/dkms/zlib-1.2.7-18.el7.x86_64.rpm - /tmp/ansible_deploy/dkms/which-2.20-7.el7.x86_64.rpm - /tmp/ansible_deploy/dkms/dkms-2.7.1-1.el7.noarch.rpm + - /tmp/ansible_deploy/framework/framework-debug-2.0.8-1.el7.centos.x86_64.rpm - name: "install/update rulescan header files" synchronize: diff --git a/roles/framework/files/mrzcpd-4.3.9.497aaf5-1.el7.x86_64.rpm b/roles/mrzcpd/files/mrzcpd-4.3.9.497aaf5-1.el7.x86_64.rpm similarity index 100% rename from roles/framework/files/mrzcpd-4.3.9.497aaf5-1.el7.x86_64.rpm rename to roles/mrzcpd/files/mrzcpd-4.3.9.497aaf5-1.el7.x86_64.rpm diff --git a/roles/mrzcpd/tasks/main.yml b/roles/mrzcpd/tasks/main.yml new file mode 100644 index 0000000..4add0b9 --- /dev/null +++ b/roles/mrzcpd/tasks/main.yml @@ -0,0 +1,27 @@ +--- +- name: "copy mrzcpd to destination server" + synchronize: + src: "{{ role_path }}/files/" + dest: "/tmp/ansible_deploy/" + when: nic_traffic_mirror.use_mrzcpd + +- name: "install mrzcpd" + yum: + name: "{{ packages }}" + state: present + vars: + packages: + - /tmp/ansible_deploy/mrzcpd-4.3.9.497aaf5-1.el7.x86_64.rpm + when: nic_traffic_mirror.use_mrzcpd + +- name: "update sysconfig/mrzcpd" + template: + src: "{{ role_path }}/templates/mrzcpd.j2" + dest: /etc/sysconfig/mrzcpd + when: nic_traffic_mirror.use_mrzcpd + +- name: "update mrglobal.conf" + template: + src: "{{ role_path }}/templates/mrglobal.conf.traffic_mirror.j2" + dest: /opt/mrzcpd/etc/mrglobal.conf + when: nic_traffic_mirror.use_mrzcpd \ No newline at end of file diff --git a/roles/mrzcpd/templates/mrglobal.conf.traffic_mirror.j2 b/roles/mrzcpd/templates/mrglobal.conf.traffic_mirror.j2 new file mode 100644 index 0000000..500c9b2 --- /dev/null +++ b/roles/mrzcpd/templates/mrglobal.conf.traffic_mirror.j2 @@ -0,0 +1,27 @@ +[device] +device={{nic_traffic_mirror.name}} +sz_tunnel=8192 +sz_buffer=32 + +[device:{{nic_traffic_mirror.name}}] +jumbo_frame=1 +max_rx_pkt_len=15360 +clear_tx_flags=1 +promisc=1 + +[service] +iocore=55 + +[eal] +virtaddr=0x7d0000000000 +loglevel=7 + +[keepalive] +check_spinlock=1 + +[pool] +create_mode=3 +sz_direct_pktmbuf=4194304 +sz_indirect_pktmbuf=8192 +sz_cache=256 +sz_data=4096 \ No newline at end of file diff --git a/roles/mrzcpd/templates/mrzcpd.j2 b/roles/mrzcpd/templates/mrzcpd.j2 new file mode 100644 index 0000000..192a400 --- /dev/null +++ b/roles/mrzcpd/templates/mrzcpd.j2 @@ -0,0 +1,3 @@ +MRZCPD_ROOT=/opt/mrzcpd +HUGEPAGE_NUM_2M=16384 +DEFAULT_UIO_MODULE="igb_uio" \ No newline at end of file diff --git a/roles/netcfg-control-blade/templates/tsg-environment.j2 b/roles/netcfg-control-blade/templates/tsg-environment.j2 deleted file mode 100644 index abc0c86..0000000 --- a/roles/netcfg-control-blade/templates/tsg-environment.j2 +++ /dev/null @@ -1,15 +0,0 @@ - -# Device Name -TSG_PF_DEVICE=ens1 -TSG_DEVICE_DATA_INCOMING=enp1s0 -TSG_DEVICE_DATA_3RD=enp1s1 -TSG_DEVICE_CTRL_MGR=ens1 -TSG_DEVICE_CTRL_LOG=enp1s2 - -# Dataplane address -TSG_LOCAL_MAC_DATA_INCOMING=FB:00:00:00:00:B1 -TSG_PEER_MAC_DATA_INCOMING=FA:00:00:00:00:AA -TSG_LOCAL_IP_DATA_INCOMING=172.16.241.2 -TSG_PEER_IP_DATA_INCOMING=172.16.241.1 -TSG_LOCAL_IP6_DATA_INCOMING=fd08::02 -TSG_PEER_IP_DATA_INCOMING=fd08::02 diff --git a/roles/netcfg-control-blade/templates/tsg-netcfg-control-blade.service.j2 b/roles/netcfg-control-blade/templates/tsg-netcfg-control-blade.service.j2 deleted file mode 100644 index 2160f43..0000000 --- a/roles/netcfg-control-blade/templates/tsg-netcfg-control-blade.service.j2 +++ /dev/null @@ -1,38 +0,0 @@ -[Unit] -Description=Tango Secure Gateway - Control Blade Network Configuration - -[Service] -EnvironmentFile=/etc/sysconfig/tsg-environment -Type=oneshot - -# start vfs and set incoming mac address -ExecStartPre=/usr/bin/bash -c "echo 3 > /sys/class/net/${TSG_PF_DEVICE}/device/sriov_numvfs" - -# dataincoming interface -ExecStartPre=/usr/sbin/ip link set ${TSG_DEVICE_DATA_INCOMING} address ${TSG_LOCAL_MAC_DATA_INCOMING} -ExecStartPre=/usr/sbin/ip link set ${TSG_DEVICE_DATA_INCOMING} up -ExecStartPre=/usr/sbin/ip addr flush dev ${TSG_DEVICE_DATA_INCOMING} -ExecStartPre=/usr/sbin/ip addr add ${TSG_LOCAL_IP_DATA_INCOMING}/30 dev ${TSG_DEVICE_DATA_INCOMING} -ExecStartPre=/usr/sbin/ip neigh replace ${TSG_PEER_IP_DATA_INCOMING} laddr ${TSG_PEER_MAC_DATA_INCOMING} - -# policy route -ExecStartPre=/usr/sbin/ip rule add iif ${TSG_DEVICE_DATA_INCOMING} tab 100 -ExecStartPre=/usr/sbin/ip route add local default dev lo table 100 -ExecStartPre=/usr/sbin/ip rule add fwmark 0x65 lookup ${TSG_DEVICE_DATA_INCOMING} table 101 -ExecStartPre=/usr/sbin/ip route add default dev ${TSG_DEVICE_DATA_INCOMING} via ${TSG_PEER_IP_DATA_INCOMING} table 101 - -# policy route v6 - - -# all works are done in execstartpre, this is only a fake target -ExecStart=/bin/true - -# stop, disable VFs -ExecStop=/usr/bin/bash -c "echo 0 > /sys/class/net/${TSG_PF_DEVICE}/device/sriov_numvfs" -ExecStop=/usr/sbin/ip link set ${TSG_DEVICE_DATA_INCOMING} down - -# stop, remove ip rule and table - - -[Install] -WantedBy=multi-user.target diff --git a/roles/tfe/files/tfe-4.0.0.acfad0f-1.el7.x86_64.rpm b/roles/tfe/files/tfe-4.0.0.acfad0f-1.el7.x86_64.rpm new file mode 100644 index 0000000..48e334e Binary files /dev/null and b/roles/tfe/files/tfe-4.0.0.acfad0f-1.el7.x86_64.rpm differ diff --git a/roles/tfe/files/tfe-debug-4.0.0.1a59abc-1.el7.x86_64.rpm b/roles/tfe/files/tfe-debug-4.0.0.1a59abc-1.el7.x86_64.rpm deleted file mode 100644 index bce5604..0000000 Binary files a/roles/tfe/files/tfe-debug-4.0.0.1a59abc-1.el7.x86_64.rpm and /dev/null differ diff --git a/roles/tfe/files/tfe-kmod-6ed8c79-1dkms.noarch.rpm b/roles/tfe/files/tfe-kmod-6ed8c79-1dkms.noarch.rpm new file mode 100644 index 0000000..0fb5ae5 Binary files /dev/null and b/roles/tfe/files/tfe-kmod-6ed8c79-1dkms.noarch.rpm differ diff --git a/roles/tfe/tasks/main.yml b/roles/tfe/tasks/main.yml index 979fd55..90670f7 100644 --- a/roles/tfe/tasks/main.yml +++ b/roles/tfe/tasks/main.yml @@ -10,7 +10,13 @@ state: present vars: packages: - - /tmp/ansible_deploy/tfe-debug-4.0.0.1a59abc-1.el7.x86_64.rpm + - /tmp/ansible_deploy/tfe-4.0.0.acfad0f-1.el7.x86_64.rpm + - /tmp/ansible_deploy/tfe-kmod-6ed8c79-1dkms.noarch.rpm + +- name: "template tfe-env config" + template: + src: "{{ role_path }}/templates/tfe-env-config.j2" + dest: /etc/sysconfig/tfe-env-config - name: "template the tfe.conf" template: @@ -20,4 +26,16 @@ - name: "template the pangu_pxy.conf" template: src: "{{ role_path }}/templates/pangu_pxy.conf.j2" - dest: /home/tsg/tfe/conf/pangu/pangu_pxy.conf \ No newline at end of file + dest: /home/tsg/tfe/conf/pangu/pangu_pxy.conf + +- name: "add tfe-kmod to boot" + modprobe: + name: tfe_kmod + state: present + +- name: "enable tfe-env" + systemd: + name: tfe-env + enabled: no + daemon_reload: yes + state: restarted \ No newline at end of file diff --git a/roles/tfe/templates/tfe-env-config.j2 b/roles/tfe/templates/tfe-env-config.j2 new file mode 100644 index 0000000..1fd1f68 --- /dev/null +++ b/roles/tfe/templates/tfe-env-config.j2 @@ -0,0 +1,6 @@ + +TFE_DEVICE_DATA_INCOMING={{nic_data_incoming.name}} +TFE_LOCAL_MAC_DATA_INCOMING=fe:65:b7:00:00:01 +TFE_PEER_MAC_DATA_INCOMING=aa:bb:cc:dd:ee:ff +TFE_LOCAL_IP_DATA_INCOMING=172.16.241.2 +TFE_PEER_IP_DATA_INCOMING=172.16.241.1 \ No newline at end of file