First commit, at K18-2 Control Center.

2020-10-24 12:08:31 +06:00
commit dc9336ae26
223 changed files with 7222 additions and 0 deletions
--- a/roles/firewall/files/capture_packet_plug-3.0.4.42574b7-2.el7.x86_64.rpm
+++ b/roles/firewall/files/capture_packet_plug-3.0.4.42574b7-2.el7.x86_64.rpm
--- a/roles/firewall/files/conn_telemetry-1.0.2.8d6da43-2.el7.x86_64.rpm
+++ b/roles/firewall/files/conn_telemetry-1.0.2.8d6da43-2.el7.x86_64.rpm
--- a/roles/firewall/files/dns-2.0.9.b639626-2.el7.x86_64.rpm
+++ b/roles/firewall/files/dns-2.0.9.b639626-2.el7.x86_64.rpm
--- a/roles/firewall/files/ftp-1.0.8.13d5fda-2.el7.x86_64.rpm
+++ b/roles/firewall/files/ftp-1.0.8.13d5fda-2.el7.x86_64.rpm
--- a/roles/firewall/files/fw_dns_plug-3.0.2.dab58fa-2.el7.x86_64.rpm
+++ b/roles/firewall/files/fw_dns_plug-3.0.2.dab58fa-2.el7.x86_64.rpm
--- a/roles/firewall/files/fw_ftp_plug-3.0.1.0a78573-2.el7.x86_64.rpm
+++ b/roles/firewall/files/fw_ftp_plug-3.0.1.0a78573-2.el7.x86_64.rpm
--- a/roles/firewall/files/fw_http_plug-3.0.1.0c7e082-2.el7.x86_64.rpm
+++ b/roles/firewall/files/fw_http_plug-3.0.1.0c7e082-2.el7.x86_64.rpm
--- a/roles/firewall/files/fw_mail_plug-3.0.1.02465eb-2.el7.x86_64.rpm
+++ b/roles/firewall/files/fw_mail_plug-3.0.1.02465eb-2.el7.x86_64.rpm
--- a/roles/firewall/files/fw_quic_plug-3.0.1.b790ee1-2.el7.x86_64.rpm
+++ b/roles/firewall/files/fw_quic_plug-3.0.1.b790ee1-2.el7.x86_64.rpm
--- a/roles/firewall/files/fw_ssl_plug-3.0.4.a0b19ee-2.el7.x86_64.rpm
+++ b/roles/firewall/files/fw_ssl_plug-3.0.4.a0b19ee-2.el7.x86_64.rpm
--- a/roles/firewall/files/http-2.0.5.c61ad9a-2.el7.x86_64.rpm
+++ b/roles/firewall/files/http-2.0.5.c61ad9a-2.el7.x86_64.rpm
--- a/roles/firewall/files/mail-1.0.9.c1d3bde-2.el7.x86_64.rpm
+++ b/roles/firewall/files/mail-1.0.9.c1d3bde-2.el7.x86_64.rpm
--- a/roles/firewall/files/quic-1.1.10.c2b90a0-2.el7.x86_64.rpm
+++ b/roles/firewall/files/quic-1.1.10.c2b90a0-2.el7.x86_64.rpm
--- a/roles/firewall/files/radius-1.0.2.7bddf74-2.el7.x86_64.rpm
+++ b/roles/firewall/files/radius-1.0.2.7bddf74-2.el7.x86_64.rpm
--- a/roles/firewall/files/ssl-1.0.9.69f3742-2.el7.x86_64.rpm
+++ b/roles/firewall/files/ssl-1.0.9.69f3742-2.el7.x86_64.rpm
--- a/roles/firewall/files/tsg_conn_sketch-2.0.6.abb4f4d-2.el7.x86_64.rpm
+++ b/roles/firewall/files/tsg_conn_sketch-2.0.6.abb4f4d-2.el7.x86_64.rpm
--- a/roles/firewall/files/tsg_master-3.3.0.5fcfdae-2.el7.x86_64.rpm
+++ b/roles/firewall/files/tsg_master-3.3.0.5fcfdae-2.el7.x86_64.rpm
--- a/roles/firewall/tasks/main.yml
+++ b/roles/firewall/tasks/main.yml
@@ -0,0 +1,47 @@
+---
+- name: "copy firewall rpms to destination server"
+  copy:
+    src: "{{ role_path }}/files/"
+    dest: /tmp/ansible_deploy/
+
+- name: "install firewall packages"
+  yum:
+    name: "{{ fw_packages }}"
+    state: present
+    skip_broken: yes
+  vars:
+    fw_packages:
+      - /tmp/ansible_deploy/capture_packet_plug-3.0.4.42574b7-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/conn_telemetry-1.0.2.8d6da43-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/dns-2.0.9.b639626-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/ftp-1.0.8.13d5fda-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/fw_dns_plug-3.0.2.dab58fa-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/fw_ftp_plug-3.0.1.0a78573-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/fw_http_plug-3.0.1.0c7e082-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/fw_mail_plug-3.0.1.02465eb-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/fw_quic_plug-3.0.1.b790ee1-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/fw_ssl_plug-3.0.4.a0b19ee-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/http-2.0.5.c61ad9a-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/mail-1.0.9.c1d3bde-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/quic-1.1.10.c2b90a0-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/ssl-1.0.9.69f3742-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/tsg_conn_sketch-2.0.6.abb4f4d-2.el7.x86_64.rpm
+
+- name: "Template the tsgconf/main.conf"
+  template:
+    src: "{{ role_path }}/templates/main.conf.j2"
+    dest: /home/mesasoft/sapp_run/tsgconf/main.conf
+  tags: template
+
+
+- name: "Template the tsgconf/maat.conf"
+  template:
+    src: "{{ role_path }}/templates/maat.conf.j2"
+    dest: /home/mesasoft/sapp_run/tsgconf/maat.conf
+  tags: template
+
+- name: "Template the conf/capture_packet_plug.conf.j2"
+  template:
+    src: "{{ role_path }}/templates/capture_packet_plug.conf.j2"
+    dest: /home/mesasoft/sapp_run/conf/capture_packet_plug.conf
+  tags: template
--- a/roles/firewall/templates/capture_packet_plug.conf.j2
+++ b/roles/firewall/templates/capture_packet_plug.conf.j2
@@ -0,0 +1,25 @@
+[MAAT]
+MAAT_MODE=2
+#EFFECTIVE_FLAG=
+STAT_SWITCH=1
+PERF_SWITCH=1
+TABLE_INFO=conf/capture_packet_tableinfo.conf
+STAT_FILE=capture_packet_maat.status
+EFFECT_INTERVAL_S=1
+REDIS_IP={{ maat_redis_server.address }}
+REDIS_PORT_NUM=1
+REDIS_PORT={{ maat_redis_server.port }}
+REDIS_INDEX=0
+JSON_CFG_FILE=conf/capture_packet_maat.json
+INC_CFG_DIR=capture_packet_rule/inc/index/
+FULL_CFG_DIR=capture_packet_rule/full/index/
+
+[LOG]
+NIC_NAME={{ nic_mgr.name }}
+BROKER_LIST={{ log_kafkabrokers.address }}
+FIELD_FILE=conf/capture_packet_log_field.conf
+
+[SYSTEM]
+LOG_LEVEL={{ capture_packet_log_level }}
+LOG_PATH=./tsglog/capture_packet_plug/capture_packet
+
--- a/roles/firewall/templates/maat.conf.j2
+++ b/roles/firewall/templates/maat.conf.j2
@@ -0,0 +1,32 @@
+[STATIC]
+###0:location 1:json 2:redis
+MAAT_MODE=2
+STAT_SWITCH=1
+PERF_SWITCH=1
+TABLE_INFO=tsgconf/tsg_static_tableinfo.conf
+STAT_FILE=tsg_static_maat.status
+EFFECT_INTERVAL_S=1
+REDIS_IP={{ maat_redis_server.address }}
+REDIS_PORT_NUM=1
+REDIS_PORT=7002
+REDIS_INDEX=0
+JSON_CFG_FILE=tsgconf/tsg_maat.json
+INC_CFG_DIR=tsgrule/inc/index/
+FULL_CFG_DIR=tsgrule/full/index/
+
+[DYNAMIC]
+###0:location 1:json 2:redis
+MAAT_MODE=2
+STAT_SWITCH=1
+PERF_SWITCH=1
+TABLE_INFO=tsgconf/tsg_dynamic_tableinfo.conf
+STAT_FILE=tsg_dynamic_maat.status
+EFFECT_INTERVAL_S=1
+REDIS_IP={{ dynamic_maat_redis_server.address }}
+REDIS_PORT_NUM=1
+REDIS_PORT=7002
+REDIS_INDEX=1
+JSON_CFG_FILE=tsgconf/tsg_maat.json
+INC_CFG_DIR=tsgrule/inc/index/
+FULL_CFG_DIR=tsgrule/full/index/
+
--- a/roles/firewall/templates/main.conf.j2
+++ b/roles/firewall/templates/main.conf.j2
@@ -0,0 +1,57 @@
+[FTP_PLUG]
+LOG_PATH="./tsglog/fw_ftp_plug/fw_ftp_plug"
+LOG_LEVEL={{ fw_ftp_log_level }}
+TIMEOUT=600
+
+[MAIL_PLUG]
+LOG_PATH="./tsglog/fw_mail_plug/fw_mail_plug"
+LOG_LEVEL={{ fw_mail_log_level }}
+TIMEOUT=600
+
+[HTTP_PLUG]
+LOG_PATH="./tsglog/fw_http_plug/fw_http_plug"
+LOG_LEVEL={{ fw_http_log_level }}
+
+[DNS_PLUG]
+LOG_PATH="./tsglog/fw_dns_plug/fw_dns_plug"
+LOG_LEVEL={{ fw_dns_log_level }}
+
+[QUIC_PLUG]
+LOG_PATH="./tsglog/fw_quic_plug/fw_quic_plug"
+LOG_LEVEL={{ fw_quic_log_level }}
+
+[MAAT]
+PROFILE="./tsgconf/maat.conf"
+SUBSCRIBER_ID_TABLE="TSG_OBJ_SUBSCRIBER_ID"
+CB_SUBSCRIBER_IP_TABLE="TSG_DYN_SUBSCRIBER_IP"
+IP_ADDR_TABLE="TSG_SECURITY_ADDR"
+
+[TSG_LOG]
+MODE=1
+NIC_NAME="{{ nic_mgr.name }}"
+MAX_SERVICE=1
+LOG_LEVEL={{ tsg_log_level }}
+LOG_PATH="./tsglog/tsglog"
+BROKER_LIST="{{ log_kafkabrokers.address }}"
+COMMON_FIELD_FILE="tsgconf/tsg_log_field.conf"
+
+[STATISTIC]
+CYCLE=5
+TELEGRAF_PORT=8100
+TELEGRAF_IP="127.0.0.1"
+OUTPUT_PATH="./tsg_statistic.log"
+APP_NAME="statistic"
+
+[FIELD_STAT]
+CYCLE=5
+TELEGRAF_PORT=8100
+TELEGRAF_IP="127.0.0.1"
+OUTPUT_PATH="./tsg_stat.log"
+APP_NAME="tsg_master"
+
+[SYSTEM]
+ENTRANCE_ID={{ tsg_master_entrance_id }}
+LOG_LEVEL={{ tsg_master_log_level }}
+LOG_PATH="./tsglog/tsg_master"
+POLICY_PRIORITY_LABEL="POLICY_PRIORITY"
+DEVICE_ID_COMMAND="hostname | awk -F'-' '{print $3}'| awk -F'ADC' '{print $2}'"