First commit, at K18-2 Control Center.

roles/sapp/files/memory.conf

@@ -0,0 +1,2 @@
+[Service]
+MemoryMax=100G

roles/sapp/tasks/main.yml

@@ -0,0 +1,60 @@
+---
+- name: "copy sapp to destination server"
+  copy:
+    src: "{{ role_path }}/files/"
+    dest: /tmp/ansible_deploy/
+
+- name: "copy maat_redis_tool to destination server"
+  copy:
+    src: "{{ role_path }}/files/maat_redis_tool"
+    dest: /usr/local/bin
+    mode: 0755
+
+- name: "install sapp rpms from localhost"
+  yum:
+    name:
+      - /tmp/ansible_deploy/sapp-4.1.13.ed89137-2.el7.x86_64.rpm
+    state: present
+    skip_broken: yes
+
+- name: "mkdir tsgconf"
+  file:
+    path: /home/mesasoft/sapp_run/tsgconf
+    state: directory
+
+- name: Template the sapp.toml
+  template:
+    src: "{{ role_path }}/templates/sapp.toml.j2"
+    dest: /home/mesasoft/sapp_run/etc/sapp.toml
+  tags: template
+
+- name: Template the project_list.conf
+  template:
+    src: "{{ role_path }}/templates/project_list.conf.j2"
+    dest: /home/mesasoft/sapp_run/etc/project_list.conf
+  tags: template
+
+- name: Template the conflist.inf
+  template:
+    src: "{{ role_path }}/templates/conflist.inf.j2"
+    dest: /home/mesasoft/sapp_run/plug/conflist.inf
+  tags: template
+
+- name: Template the gdev.conf
+  template:
+    src: "{{ role_path }}/templates/gdev.conf.j2"
+    dest: /home/mesasoft/sapp_run/etc/gdev.conf
+  when: tsg_access_type == 1
+  
+
+- name: "Template sapp.service destination server"
+  template:
+    src: "{{ role_path }}/templates/sapp.service.j2"
+    dest: /usr/lib/systemd/system/sapp.service
+    mode: 0755
+
+- name: "enable sapp"
+  systemd:
+    name: sapp
+    enabled: yes
+    daemon_reload: yes

roles/sapp/templates/conflist.inf.j2

@@ -0,0 +1,40 @@
+[platform]
+{% if tsg_access_type == 1 %}
+./plug/platform/g_device_plug/g_device_plug.inf
+#./plug/platform/http_healthcheck/http_healthcheck.inf
+{% elif tsg_access_type == 2 %}
+#./plug/platform/g_device_plug/g_device_plug.inf
+./plug/platform/http_healthcheck/http_healthcheck.inf
+{% else %}
+#./plug/platform/g_device_plug/g_device_plug.inf
+#./plug/platform/http_healthcheck/http_healthcheck.inf
+{% endif %}
+./plug/platform/tsg_master/tsg_master.inf
+{% if tsg_app_enable == 1 %}
+./plug/platform/app_proto_identify/app_proto_identify.inf
+./plug/platform/app_master/app_master.inf
+{% endif %}
+
+[protocol]
+./plug/protocol/ssl/ssl.inf
+./plug/protocol/http/http.inf
+./plug/protocol/dns/dns.inf
+./plug/protocol/mail/mail.inf
+./plug/protocol/ftp/ftp.inf
+./plug/protocol/quic/quic.inf
+
+[business]
+./plug/business/tsg_conn_sketch/tsg_conn_sketch.inf
+./plug/business/capture_packet_plug/capture_packet_plug.inf
+./plug/business/kni/kni.inf
+./plug/business/fw_ssl_plug/fw_ssl_plug.inf
+./plug/business/fw_http_plug/fw_http_plug.inf
+./plug/business/fw_dns_plug/fw_dns_plug.inf
+./plug/business/fw_mail_plug/fw_mail_plug.inf
+./plug/business/fw_ftp_plug/fw_ftp_plug.inf
+./plug/business/fw_quic_plug/fw_quic_plug.inf
+./plug/business/conn_telemetry/conn_telemetry.inf
+{% if tsg_app_enable == 1 %}
+./plug/business/app_sketch_local/app_sketch_local.inf
+./plug/business/app_control_plug/app_control_plug.inf
+{% endif %}

roles/sapp/templates/gdev.conf.j2

@@ -0,0 +1,11 @@
+[Module]
+{% if tsg_running_type == 2 %}
+pcapdevice={{ nic_data_incoming.name }}
+sendto_gdev_card={{ nic_data_incoming.name }}
+sendto_gdev_ip={{ inline_device_config.keepalive_ip }}
+{% else %}
+pcapdevice={{ inline_device_config.data_incoming }}
+sendto_gdev_card={{ inline_device_config.data_incoming }}
+sendto_gdev_ip={{ inline_device_config.keepalive_ip }}
+{% endif %}
+gdev_status_switch=1

roles/sapp/templates/project_list.conf.j2

@@ -0,0 +1,20 @@
+tcp_flow_stat           struct
+udp_flow_stat           struct
+tcp_deduce_flow_stat    struct
+POLICY_PRIORITY	struct
+ESTABLISH_LATENCY	long
+MAIL_IDENTIFY	int
+TSG_MASTER_INTERNAL_LABEL	struct
+APP_ID_LABEL	struct
+BASIC_PROTO_LABEL	struct
+USER_DEFINED_ATTRIBUTE	struct
+SKETCH_TRANS_LAYER_CTX_LABEL    struct
+SKETCH_PROTO_CTX_LABEL   struct
+common_link_info_c2s	struct
+common_link_info_s2c	struct
+common_link_info struct
+JA3_FINGERPRINT_LABEL	struct
+DKPT_PRO_V2	struct
+DPKT_PROJECT_V2	struct
+PPROJECT_PRO_V2	struct
+DPKT_BHSTAT_PROJECT	struct

roles/sapp/templates/sapp.service.j2

@@ -0,0 +1,13 @@
+[Unit]
+Description=sapp service
+{% if tsg_running_type != 0 %}
+Requires=mrzcpd.service
+After=mrzcpd.service
+{% endif %}
+[Service]
+WorkingDirectory=/home/mesasoft/sapp_run
+ExecStart=/home/mesasoft/sapp_run/sapp
+Restart=always
+RestartSec=5s
+[Install]
+WantedBy=multi-user.target

roles/sapp/templates/sapp.toml.j2

@@ -0,0 +1,150 @@
+###################################################################################################
+# NOTE:
+#    The format of this file is toml (https://github.com/cktan/tomlc99)
+#    to make vim editor display colorful and human readable, 
+#    you can create a symbolic links named sapp.ini to sapp.toml, ln -sf sapp.toml sapp.ini
+###################################################################################################
+
+[SYSTEM]
+instance_name = "sapp4"
+
+[CPU]
+{% if tsg_access_type == 0 %}
+worker_threads=1
+{% else %}
+worker_threads={{ sapp.worker_threads }}
+{% endif %}
+send_only_threads_max={{ sapp.send_only_threads_max }}
+### note, bind_mask, if you do not want to bind thread to special CPU core, keep it empty as []
+{% if tsg_access_type == 0 %}
+bind_mask=[]
+{% else %}
+bind_mask=[{{ sapp.bind_mask }}]
+{% endif %}
+
+[PACKET_IO]
+{% if tsg_access_type == 4 %}
+### note, used to represent inbound or outbound direction value,
+##### because it comes from other device, so it needs to be specified manually,
+##### if inbound_route_dir=1, then outbound_route_dir=0, vice versa,
+##### in other words, outbound_route_dir = 1 ^ inbound_route_dir;
+inbound_route_dir={{ sapp.inbound_route_dir }}
+{% endif %}
+### note, BSD_packet_filter, if you do not want to set any filter rule, keep it empty as ""
+BSD_packet_filter=""
+   
+### note, depolyment.mode options: [mirror, inline, transparent]
+    [packet_io.depolyment]
+    {% if tsg_access_type == 0 %}
+    mode=transparent
+    {% else %}
+    mode=inline
+    {% endif %}
+
+### note, interface.type options: [pag,pcap,marsio]
+    [packet_io.internal.interface]
+    {% if tsg_access_type == 0 %}
+    type=pcap
+    name={{packet_io.internal_interface}}
+    {% else %}
+    type=marsio
+    name=vxlan_user
+    {% endif %}
+
+    [packet_io.external.interface]
+    {% if tsg_access_type == 0 %}
+    type=pcap
+    name={{packet_io.external_interface}}
+    {% else %}
+    type=pcap
+    name=lo
+    {% endif %}
+
+    [packet_io.polling]
+### note, polling_priority = call sapp_recv_pkt every call polling_entry times,     
+    polling_priority=1
+
+[STREAM]
+    [stream.tcp]
+    max=200000
+    timeout=30
+    syn_mandatory=1
+    reorder_pkt_max=5
+    analyse_option_enabled=1
+        [stream.tcp.inject]
+        link_mss=1460
+	  
+        [stream.tcp.inject.rst]
+        number=3
+        signature_enabled=1
+        signature_seed1=65535
+        signature_seed2=13
+	
+    [stream.udp]
+    max=10000
+    timeout=60
+
+[PROFILING]
+    [profiling.pkt_latency]
+    enabled=0
+### note, threshold unit is microseconds (us)
+    threshold=1000000
+	
+    [profiling.sanity_check]
+    raw_pkt_broken_enabled=0
+    symbol_conflict_enabled=0
+  
+    [profiling.log]
+    level=20
+    interval=5
+    
+        [profiling.log.local]
+        enabled=1
+### note, if "file_truncate_open_enabled=1", file will be truncated, otherwise open the file for appending.	 
+        file_truncate_enabled = 1
+        log_file_name = "fs2_sysinfo.log"
+        log_conf_name = "etc/sapp_log.conf"
+        [profiling.log.remote]
+        enabled=1
+        server_ip=127.0.0.1
+        server_port=8100
+
+        [profiling.log.remote.field_stat2]
+### note, is valid when "remote_send_out_type=field_stat2"	 
+### note, metric_type option value: [default, json]
+        metric_type = default
+        app_name=sapp
+     
+[TOOLS]
+    [tools.pkt_dump]
+    enabled=0
+### note, mode options value:[storage, udp_socket]
+    mode=udp_socket
+    BSD_packet_filter=""
+   
+        [tools.pkt_dump.threads]
+### note, if you want enable pkt dump in all thread, set dump_thread_all_enabled=1, then 'dump_thread_id' is obsoleted.
+###       if dump_thread_all_enabled=0, then use dump_thread_id to specify separate specified thread index.
+        all_threads_enabled=1
+   
+### note, dump_thread_id start from 0, max is CPU.worker_threads-1
+        dump_thread_id=[0,1,2,3,4]
+   
+        [tools.pkt_dump.udp]
+        command_port=12345
+
+        [tools.pkt_dump.storage]
+### note, file path must be double quotation mark extension, for example,  path="/dev/shm/pkt_dump"
+        path="/dev/shm/pkt_dump"
+### note, file size unit: MB
+        file_size_max_per_thread=10000 
+
+### note:
+### These configurations format is complex and difficult to describe with toml grammar,
+### so, create a Independent config file to description specific information.
+[SPECIAL_CONFIG_LINK]	 
+    project_list_path="./etc/project_list.conf"
+    plugin_path="./etc/plugin.conf"
+    entrylist_path="./etc/entrylist.conf"
+    send_raw_pkt_path="./etc/send_raw_pkt.conf"
+    vxlan_sport_service_map_path="./etc/vxlan_sport_service_map.conf"