更新 TFE 20.11 版配置文件，升级 tfe 到 4.3.11

install_config/group_vars/adc_global.yml

@@ -46,10 +46,13 @@ capture_packet_log_level: 10
 tsg_log_level: 10
 tsg_master_log_level: 10
 kni_log_level: 10
-tfe_log_level: 10
-tfe_http_log_level: 10
-pangu_log_level: 10
-doh_log_level: 10
+
+#日志等级 DEBUG INFO FATAL
+tfe_log_level: DEBUG
+tfe_http_log_level: DEBUG
+pangu_log_level: DEBUG
+doh_log_level: DEBUG
+
 certstore_log_level: 10
 clotho_log_level: 10
 

install_config/group_vars/server_as_tun_mode.yml

@@ -51,10 +51,14 @@ capture_packet_log_level: 10
 tsg_log_level: 10
 tsg_master_log_level: 10
 kni_log_level: 10
-tfe_log_level: 10
-tfe_http_log_level: 10
-pangu_log_level: 10
-doh_log_level: 10
+
+
+#日志等级 DEBUG INFO FATAL
+tfe_log_level: DEBUG
+tfe_http_log_level: DEBUG
+pangu_log_level: DEBUG
+doh_log_level: DEBUG
+
 certstore_log_level: 10
 clotho_log_level: 10
 

roles/tfe/tasks/main.yml

@@ -27,6 +27,11 @@
     src: "{{ role_path }}/templates/tfe.conf.j2"
     dest: /opt/tsg/tfe/conf/tfe/tfe.conf
 
+- name: "template the zlog.conf"
+  template:
+    src: "{{ role_path }}/templates/zlog.conf.j2"
+    dest: /opt/tsg/tfe/conf/tfe/zlog.conf
+
 - name: "template the future.conf"
   template:
     src: "{{ role_path }}/templates/future.conf.j2"

roles/tfe/templates/doh.conf.j2

@@ -1,27 +1,13 @@
 [doh]
-# default 1
 enable=1
 
-[log]
-# default 10
-# RLOG_LV_DEBUG : 10
-# RLOG_LV_INFO  : 20
-# RLOG_LV_FATAL : 30
-log_level={{ doh_log_level }}
-
 [maat]
-# default TSG_OBJ_APP_ID
 table_appid=TSG_OBJ_APP_ID
-# default TSG_SECURITY_ADDR
 table_addr=TSG_SECURITY_ADDR
-# default TSG_FIELD_DOH_QNAME
 table_qname=TSG_FIELD_DOH_QNAME
-# default TSG_FIELD_HTTP_HOST
 table_host=TSG_FIELD_DOH_HOST
 
 [kafka]
-# default 0
 ENTRANCE_ID=0
-# default 1
 # if enable "en_sendlog", the iterm "tfe.conf [kafka] enable" must set 1
 en_sendlog=1

roles/tfe/templates/future.conf.j2

@@ -1,9 +1,10 @@
 [STAT]
 no_stats=0
-statsd_server=192.168.100.1
-statsd_port=8100
+statsd_server=127.0.0.1
+statsd_port=58100
 histogram_bins=0.50,0.80,0.9,0.95
 statsd_cycle=5
 # FS_OUTPUT_STATSD=1, FS_OUTPUT_INFLUX_LINE=2
 statsd_format=2
-print_diff=1
+# printf diff Not available
+# print_diff=1

roles/tfe/templates/pangu_pxy.conf.j2

@@ -1,5 +1,5 @@
 [debug]
-log_level={{ pangu_log_level }}
+enable_plugin=1
 
 [log]
 # default 1, if enable "en_sendlog", the iterm "tfe.conf [kafka] enable" must set 1

roles/tfe/templates/tfe.conf.j2

@@ -6,7 +6,7 @@ enable_kni_v2=1
 # Only when (disable_coredump == 1 || (enable_breakpad == 1 && enable_breakpad_upload == 1)) is satisfied, the core will not be generated locally
 disable_coredump=0
 enable_breakpad=1
-enable_breakpad_upload=0
+enable_breakpad_upload=1
 breakpad_upload_url=http://sentry.mesalab.cn:9000/api/3/minidump/?sentry_key=e8e446bb3bd8435c97f4c01770ca7025
 # must be /run/tfe/crashreport，due to tmpfile limit
 breakpad_minidump_dir=/run/tfe/crashreport
@@ -35,8 +35,10 @@ watchdog_switch=1
 watchdog_port=2476
 
 [ssl]
-ssl_max_version=tls13
-ssl_min_version=ssl3
+ssl_ja3_debug=0
+# ssl version Not available, configured via TSG website
+# ssl_max_version=tls13
+# ssl_min_version=ssl3
 ssl_compression=1
 no_ssl2=1
 no_ssl3=0
@@ -48,7 +50,7 @@ no_cert_verify=0
 
 # session ticket
 no_session_ticket=0
-stek_group_num=4
+stek_group_num=4096
 stek_rotation_time=3600
 
 # session cache
@@ -68,12 +70,10 @@ service_cache_fail_time_window=30
 check_cert_crl=0
 {% if tsg_running_type == 2 %}
 trusted_cert_load_local=1
-#trusted_cert_file=resource/tfe/tls-ca-bundle.pem
 trusted_cert_file=resource/tfe/tsg_diagnose_ca.pem
 {% else %}
-trusted_cert_load_local=0
+trusted_cert_load_local=1
 trusted_cert_file=resource/tfe/tls-ca-bundle.pem
-#trusted_cert_file=resource/tfe/tsg_diagnose_ca.pem
 {% endif %}
 trusted_cert_dir=resource/tfe/trusted_storage
 
@@ -131,21 +131,14 @@ tcp_user_timeout=600
 tcp_ttl_upstream=75
 tcp_ttl_downstream=70
 
-[log]
-level={{ tfe_log_level }}
-location=log/tfe.log
-
 [stat]
-statsd_server=192.168.100.1
-statsd_port=8100
+statsd_server=127.0.0.1
+statsd_port=58100
 statsd_cycle=5
 # 1:FS_OUTPUT_STATSD; 2:FS_OUTPUT_INFLUX_LINE
 statsd_format=2
 histogram_bins=0.5,0.8,0.9,0.95
 
-[http]
-loglevel={{ tfe_http_log_level }}
-
 [traffic_mirror]
 {% if tsg_running_type != 2 %}
 enable={{ tfe.mirror_enable }}
@@ -159,7 +152,6 @@ device={{ nic_traffic_mirror.name }}
 type=1
 {% endif %}
 
-
 [kafka]
 enable=1
 NIC_NAME={{ nic_mgr.name }}

roles/tfe/templates/zlog.conf.j2

@@ -0,0 +1,20 @@
+# kill -s SIGHUP "pid"
+
+[global]
+
+default format = "%d(%c), %V, %F, %U, %m%n"
+
+[levels]
+
+DEBUG=10
+INFO=20
+FATAL=30
+
+[rules]
+
+*.fatal                         "./log/error.log.%d(%F)";
+tfe.{{ tfe_log_level }}         "./log/tfe.log.%d(%F)";
+http.{{ tfe_http_log_level }}   "./log/http.log.%d(%F)";
+http2.{{ tfe_http_log_level }}  "./log/http2.log.%d(%F)";
+doh.{{ doh_log_level }}         "./log/doh_pxy.log.%d(%F)";
+pangu.{{ pangu_log_level }}     "./log/pangu_pxy.log.%d(%F)";