diff --git a/deploy.yml b/deploy.yml index 3ab14c2..55205d7 100644 --- a/deploy.yml +++ b/deploy.yml @@ -55,3 +55,4 @@ - cert-redis - tfe - telegraf_statistic + - proxy_status diff --git a/roles/firewall/files/fw_http_plug-1.1.1.d5a0b10-2.el7.x86_64.rpm b/roles/firewall/files/fw_http_plug-1.1.1.d5a0b10-2.el7.x86_64.rpm deleted file mode 100644 index 377fde6..0000000 Binary files a/roles/firewall/files/fw_http_plug-1.1.1.d5a0b10-2.el7.x86_64.rpm and /dev/null differ diff --git a/roles/firewall/files/fw_http_plug-1.2.0.a7e63c0-2.el7.x86_64.rpm b/roles/firewall/files/fw_http_plug-1.2.0.a7e63c0-2.el7.x86_64.rpm new file mode 100644 index 0000000..d4a9845 Binary files /dev/null and b/roles/firewall/files/fw_http_plug-1.2.0.a7e63c0-2.el7.x86_64.rpm differ diff --git a/roles/firewall/tasks/main.yml b/roles/firewall/tasks/main.yml index edeef78..6668dab 100644 --- a/roles/firewall/tasks/main.yml +++ b/roles/firewall/tasks/main.yml @@ -20,7 +20,7 @@ - /tmp/ansible_deploy/fw_ftp_plug-1.1.0.74c9a05-2.el7.x86_64.rpm - /tmp/ansible_deploy/fw_ssl_plug-1.0.3.30fcf35-2.el7.x86_64.rpm - /tmp/ansible_deploy/fw_mail_plug-1.1.0.a42c5a0-2.el7.x86_64.rpm - - /tmp/ansible_deploy/fw_http_plug-1.1.1.d5a0b10-2.el7.x86_64.rpm + - /tmp/ansible_deploy/fw_http_plug-1.2.0.a7e63c0-2.el7.x86_64.rpm - /tmp/ansible_deploy/capture_packet_plug-debug-1.0.0.-1.el7.x86_64.rpm - /tmp/ansible_deploy/clotho-debug-1.0.0.-1.el7.x86_64.rpm - /tmp/ansible_deploy/quic-1.1.4.9c2e0ba-2.el7.x86_64.rpm diff --git a/roles/firewall/templates/maat.conf.j2 b/roles/firewall/templates/maat.conf.j2 index f723e36..64ff1bb 100644 --- a/roles/firewall/templates/maat.conf.j2 +++ b/roles/firewall/templates/maat.conf.j2 @@ -1,4 +1,5 @@ [STATIC] +###0:location 1:json 2:redis MAAT_MODE=2 STAT_SWITCH=1 PERF_SWITCH=1 @@ -14,6 +15,7 @@ INC_CFG_DIR=tsgrule/inc/index/ FULL_CFG_DIR=tsgrule/full/index/ [DYNAMIC] +###0:location 1:json 2:redis MAAT_MODE=2 STAT_SWITCH=1 PERF_SWITCH=1 diff --git a/roles/framework/files/librulescan-2.2.0.900d2b3-2.el7.x86_64.rpm b/roles/framework/files/librulescan-2.2.0.900d2b3-2.el7.x86_64.rpm new file mode 100644 index 0000000..54dadd8 Binary files /dev/null and b/roles/framework/files/librulescan-2.2.0.900d2b3-2.el7.x86_64.rpm differ diff --git a/roles/framework/files/librulescan-devel-2.2.0.900d2b3-2.el7.x86_64.rpm b/roles/framework/files/librulescan-devel-2.2.0.900d2b3-2.el7.x86_64.rpm deleted file mode 100644 index 0b12e51..0000000 Binary files a/roles/framework/files/librulescan-devel-2.2.0.900d2b3-2.el7.x86_64.rpm and /dev/null differ diff --git a/roles/framework/tasks/main.yml b/roles/framework/tasks/main.yml index b63f393..f1ac7f8 100644 --- a/roles/framework/tasks/main.yml +++ b/roles/framework/tasks/main.yml @@ -4,22 +4,23 @@ dest: "/tmp/ansible_deploy/" - name: "install framework packages" - yum: - name: "{{ packages }}" - state: present - skip_broken: yes +# yum: +# name: "{{ packages }}" +# state: present +# skip_broken: yes + shell: "rpm -ivh /tmp/ansible_deploy/{{ packages }}" vars: packages: - /tmp/ansible_deploy/libMESA_field_stat-1.0.1.852c2df-1.el7.x86_64.rpm - /tmp/ansible_deploy/libMESA_field_stat2-2.9.0.16ecf3b-2.el7.x86_64.rpm - - /tmp/ansible_deploylibMESA_handle_logger-1.0.9.304259e-2.el7.x86_64.rpm/ + - /tmp/ansible_deploy/libMESA_handle_logger-1.0.9.304259e-2.el7.x86_64.rpm - /tmp/ansible_deploy/libMESA_htable-3.10.11.6275308-1.el7.x86_64.rpm - /tmp/ansible_deploy/libMESA_prof_load-1.0.5.bf755de-1.el7.x86_64.rpm - /tmp/ansible_deploy/libWiredLB-2.0.3.c7d131b-1.el7.x86_64.rpm - /tmp/ansible_deploy/libcjson-1.7.8.542ad7f-1.el7.x86_64.rpm - /tmp/ansible_deploy/libdocumentanalyze-2.0.4.efdfc29-1.el7.x86_64.rpm - /tmp/ansible_deploy/libmaatframe-2.9.2.7519c63-2.el7.x86_64.rpm - - /tmp/ansible_deploy/librulescan-devel-2.2.0.900d2b3-2.el7.x86_64.rpm + - /tmp/ansible_deploy/librulescan-2.2.0.900d2b3-2.el7.x86_64.rpm - /tmp/ansible_deploy/libwiredcfg-2.0.2.7ce1eea-1.el7.x86_64.rpm - /tmp/ansible_deploy/lz4-1.7.5-3.el7.x86_64.rpm - /tmp/ansible_deploy/librdkafka-0.11.4-1.el7.x86_64.rpm diff --git a/roles/proxy_status/.DS_Store b/roles/proxy_status/.DS_Store new file mode 100644 index 0000000..5008ddf Binary files /dev/null and b/roles/proxy_status/.DS_Store differ diff --git a/roles/proxy_status/files/proxy-status.service b/roles/proxy_status/files/proxy-status.service new file mode 100644 index 0000000..1e5b381 --- /dev/null +++ b/roles/proxy_status/files/proxy-status.service @@ -0,0 +1,11 @@ +[Unit] +Description=proxy status + +[Service] +ExecStart=/opt/proxy_status/proxy_start +ExecStop=/opt/proxy_status/proxy_stop +Type=oneshot +RemainAfterExit=yes + +[Install] +WantedBy=multi-user.target diff --git a/roles/proxy_status/files/proxy_start b/roles/proxy_status/files/proxy_start new file mode 100755 index 0000000..b096235 --- /dev/null +++ b/roles/proxy_status/files/proxy_start @@ -0,0 +1,12 @@ +#!/bin/bash +# + +systemctl start tsg-env-tun-mode.service &>/dev/null & +sleep 2 +systemctl start sapp.service &>/dev/null & +sleep 5 +systemctl start tfe-env.service &>/dev/null & +sleep 5 +systemctl start tfe.service &>/dev/null & +systemctl start certstore.service &>/dev/null & +systemctl start cert-redis.service &>/dev/null & diff --git a/roles/proxy_status/files/proxy_status b/roles/proxy_status/files/proxy_status new file mode 100755 index 0000000..0e760be --- /dev/null +++ b/roles/proxy_status/files/proxy_status @@ -0,0 +1,65 @@ +#!/bin/bash +# + +systemctl status tsg-env-tun-mode &>/dev/null +if [ $? -eq 0 ];then + echo -e "\033[32m tsg-env-tun-mode is running \033[0m" +else + echo -e "\033[31m tsg-env-tun-mode is down \033[0m" +fi + +systemctl status mrzcpd &>/dev/null +if [ $? -eq 0 ];then + echo -e "\033[32m mrzcpd is running \033[0m" +else + echo -e "\033[31m mrzcpd is down \033[0m" +fi + +systemctl status mrenv &>/dev/null +if [ $? -eq 0 ];then + echo -e "\033[32m mrenv is running \033[0m" +else + echo -e "\033[31m mrenv is down \033[0m" +fi + +systemctl status mrtunnat &>/dev/null +if [ $? -eq 0 ];then + echo -e "\033[32m mrtunnat is running \033[0m" +else + echo -e "\033[31m mrtunnat is down \033[0m" +fi + +systemctl status sapp &>/dev/null +if [ $? -eq 0 ];then + echo -e "\033[32m sapp is running \033[0m" +else + echo -e "\033[31m sapp is down \033[0m" +fi + +systemctl status tfe-env &>/dev/null +if [ $? -eq 0 ];then + echo -e "\033[32m tfe-env is running \033[0m" +else + echo -e "\033[31m tfe-env is down \033[0m" +fi + +systemctl status tfe &>/dev/null +if [ $? -eq 0 ];then + echo -e "\033[32m tfe is running \033[0m" +else + echo -e "\033[31m tfe is down \033[0m" +fi + +systemctl status certstore &>/dev/null +if [ $? -eq 0 ];then + echo -e "\033[32m certstore is running \033[0m" +else + echo -e "\033[31m certstore is down \033[0m" +fi + +systemctl status cert-redis &>/dev/null +if [ $? -eq 0 ];then + echo -e "\033[32m cert-redis is running \033[0m" +else + echo -e "\033[31m cert-redis is down \033[0m" +fi diff --git a/roles/proxy_status/files/proxy_stop b/roles/proxy_status/files/proxy_stop new file mode 100755 index 0000000..b7b7cd9 --- /dev/null +++ b/roles/proxy_status/files/proxy_stop @@ -0,0 +1,12 @@ +#!/bin/bash +# + +systemctl stop tsg-env-tun-mode.service &>/dev/null & +systemctl stop mrzcpd.service &>/dev/null & +systemctl stop mrtunnat.service &>/dev/null & +systemctl stop sapp.service &>/dev/null & +systemctl stop tfe-env.service &>/dev/null & +systemctl stop tfe.service &>/dev/null & +systemctl stop certstore.service &>/dev/null & +systemctl stop cert-redis.service &>/dev/null & + diff --git a/roles/proxy_status/tasks/main.yml b/roles/proxy_status/tasks/main.yml new file mode 100644 index 0000000..0b6fe9f --- /dev/null +++ b/roles/proxy_status/tasks/main.yml @@ -0,0 +1,27 @@ +--- +- name: "create /opt/proxy_status" + file: + path: /opt/proxy_status + state: directory + +- name: "copy files" + copy: + src: + - "{{ role_path }}/files/proxy_start" + - "{{ role_path }}/files/proxy_status" + - "{{ role_path }}/files/proxy_stop" + dest: /opt/proxy_status + mode: 0755 + +- name: "copy proxy-status.service" + copy: + src: "{{ role_path }}/files/proxy-status.service" + dest: "/usr/lib/systemd/system/" + mode: 0755 + +- name: "enable proxy-status" + systemd: + name: proxy-status + enabled: yes + daemon_reload: yes + diff --git a/roles/sapp/templates/sapp.toml.j2 b/roles/sapp/templates/sapp.toml.j2 index dc037df..d8c18e4 100644 --- a/roles/sapp/templates/sapp.toml.j2 +++ b/roles/sapp/templates/sapp.toml.j2 @@ -9,13 +9,13 @@ instance_name = "sapp4" [CPU] -{% if tsg_running_type == 0 %} +{% if tsg_access_type == 0 %} worker_threads=1 {% else %} worker_threads={{ sapp.worker_threads }} {% endif %} ### note, bind_mask, if you do not want to bind thread to special CPU core, keep it empty as [] -{% if tsg_running_type == 0 %} +{% if tsg_access_type == 0 %} bind_mask=[] {% else %} bind_mask=[{{ sapp.bind_mask }}] diff --git a/roles/tfe/files/tfe-4.3.4.82f04dc-1.el7.x86_64.rpm b/roles/tfe/files/tfe-4.3.4.82f04dc-1.el7.x86_64.rpm deleted file mode 100644 index 0beb8aa..0000000 Binary files a/roles/tfe/files/tfe-4.3.4.82f04dc-1.el7.x86_64.rpm and /dev/null differ diff --git a/roles/tfe/files/tfe-4.3.5.0db794c-1.el7.x86_64.rpm b/roles/tfe/files/tfe-4.3.5.0db794c-1.el7.x86_64.rpm new file mode 100644 index 0000000..28234cf Binary files /dev/null and b/roles/tfe/files/tfe-4.3.5.0db794c-1.el7.x86_64.rpm differ diff --git a/roles/tfe/files/tfe.service b/roles/tfe/files/tfe.service new file mode 100755 index 0000000..c64a43d --- /dev/null +++ b/roles/tfe/files/tfe.service @@ -0,0 +1,22 @@ +[Unit] +Description=Tango Frontend Engine +Requires=tfe-env.service +After=tfe-env.service + + +[Service] +Type=notify +ExecStart=/opt/tsg/tfe/bin/tfe +WorkingDirectory=/opt/tsg/tfe/ +TimeoutSec=3600s +RestartSec=10s +Restart=always +LimitNOFILE=524288 +LimitNPROC=infinity +LimitCORE=infinity +TasksMax=infinity +Delegate=yes +KillMode=process + +[Install] +WantedBy=multi-user.target diff --git a/roles/tfe/tasks/main.yml b/roles/tfe/tasks/main.yml index a4108be..5356aa2 100644 --- a/roles/tfe/tasks/main.yml +++ b/roles/tfe/tasks/main.yml @@ -4,11 +4,17 @@ src: "{{ role_path }}/files/" dest: /tmp/ansible_deploy/ +- name: "copy tfe.service to destination server" + copy: + src: "{{ role_path }}/files/tfe.service" + dest: /usr/lib/systemd/system/ + mode: 0755 + - name: "install tfe rpms from localhost" yum: name: - /tmp/ansible_deploy/tfe-kmod-v1.0.5.20200408-1dkms.noarch.rpm - - /tmp/ansible_deploy/tfe-4.3.4.82f04dc-1.el7.x86_64.rpm + - /tmp/ansible_deploy/tfe-4.3.5.0db794c-1.el7.x86_64.rpm state: present - name: "template tfe-env config" diff --git a/roles/tfe/templates/tfe-env-config.j2 b/roles/tfe/templates/tfe-env-config.j2 index 6176eac..9712e35 100644 --- a/roles/tfe/templates/tfe-env-config.j2 +++ b/roles/tfe/templates/tfe-env-config.j2 @@ -1,7 +1,7 @@ -{% if tsg_running_type == 0 %} +{% if tsg_access_type == 4 %} +TFE_DEVICE_DATA_INCOMING={ nic_data_incoming.vf2_name }} +{% elif tsg_running_type == 0 %} TFE_DEVICE_DATA_INCOMING=tun_kni -{% elif tsg_access_type == 4 %} -TFE_DEVICE_DATA_INCOMING={{ nic_data_incoming.vf2_name }} {% else %} TFE_DEVICE_DATA_INCOMING={{ nic_data_incoming.name }} {% endif %} diff --git a/roles/tsg_master/files/tsg_master-1.2.8.2aa222c-2.el7.x86_64.rpm b/roles/tsg_master/files/tsg_master-1.3.3.65833d7-2.el7.x86_64.rpm similarity index 51% rename from roles/tsg_master/files/tsg_master-1.2.8.2aa222c-2.el7.x86_64.rpm rename to roles/tsg_master/files/tsg_master-1.3.3.65833d7-2.el7.x86_64.rpm index 385e43d..0c7893c 100644 Binary files a/roles/tsg_master/files/tsg_master-1.2.8.2aa222c-2.el7.x86_64.rpm and b/roles/tsg_master/files/tsg_master-1.3.3.65833d7-2.el7.x86_64.rpm differ diff --git a/roles/tsg_master/tasks/main.yml b/roles/tsg_master/tasks/main.yml index 07459bd..3e75555 100644 --- a/roles/tsg_master/tasks/main.yml +++ b/roles/tsg_master/tasks/main.yml @@ -6,6 +6,6 @@ - name: "install tsg_master from localhost" yum: name: - - /tmp/ansible_deploy/tsg_master-1.2.8.2aa222c-2.el7.x86_64.rpm + - /tmp/ansible_deploy/tsg_master-1.3.3.65833d7-2.el7.x86_64.rpm state: present skip_broken: yes