diff --git a/adc_deploy.yml b/adc_deploy.yml deleted file mode 100644 index 5fc13be..0000000 --- a/adc_deploy.yml +++ /dev/null @@ -1,100 +0,0 @@ -- hosts: adc_mxn - remote_user: root - roles: - - {role: adc_exporter, tags: adc_exporter} - - {role: adc_exporter_proxy, tags: adc_exporter_proxy} -# - {role: switch_rule, tags: switch_rule} - -- hosts: adc_mcn0 - remote_user: root - vars_files: - - install_config/group_vars/adc_global.yml - - install_config/group_vars/adc_mcn0.yml - roles: - - {role: framework, tags: framework} - - {role: kernel-ml, tags: kernel-ml} - - {role: mrzcpd, tags: mrzcpd} - - {role: sapp, tags: sapp} - - {role: tsg_master, tags: tsg_master} - - {role: kni, tags: kni} - - {role: firewall, tags: firewall} - - {role: tsg_app, tags: tsg_app} - - {role: http_healthcheck,tags: http_healthcheck} - - {role: redis, tags: redis} - - {role: cert-redis, tags: cert-redis} - - {role: maat-redis, tags: maat-redis, when: deploy_mode == "cluster"} - - {role: certstore, tags: certstore} - - {role: telegraf_statistic, tags: telegraf_statistic} - - {role: adc_exporter, tags: adc_exporter} -# - {role: switch_control, tags: switch_control} - - {role: tsg-env-patch, tags: tsg-env-patch} - - {role: docker-env, tags: docker-env} - - {role: tsg-diagnose, tags: tsg-diagnose} - -- hosts: adc_mcn1 - remote_user: root - vars_files: - - install_config/group_vars/adc_global.yml - - install_config/group_vars/adc_mcn1.yml - roles: -# - tsg-env-mcn1 - - {role: framework, tags: framework} - - {role: kernel-ml, tags: kernel-ml} - - {role: mrzcpd, tags: mrzcpd} - - {role: tfe, tags: tfe} - - {role: adc_exporter, tags: adc_exporter} -# - {role: switch_control, tags: switch_control} - - {role: tsg-env-patch, tags: tsg-env-patch} - - {role: tsg-diagnose_sync_ca, tags: tsg-diagnose_sync_ca} - -- hosts: adc_mcn2 - remote_user: root - vars_files: - - install_config/group_vars/adc_global.yml - - install_config/group_vars/adc_mcn2.yml - roles: -# - tsg-env-mcn2 - - {role: framework, tags: framework} - - {role: kernel-ml, tags: kernel-ml} - - {role: mrzcpd, tags: mrzcpd} - - {role: tfe, tags: tfe} - - {role: adc_exporter, tags: adc_exporter} -# - {role: switch_control, tags: switch_control} - - {role: tsg-env-patch, tags: tsg-env-path} - - {role: tsg-diagnose_sync_ca, tags: tsg-diagnose_sync_ca} - -- hosts: adc_mcn3 - remote_user: root - vars_files: - - install_config/group_vars/adc_global.yml - - install_config/group_vars/adc_mcn3.yml - roles: - - {role: framework, tags: framework} - - {role: kernel-ml, tags: kernel-ml} - - {role: mrzcpd, tags: mrzcpd} - - {role: tfe, tags: tfe} - - {role: adc_exporter, tags: adc_exporter} -# - {role: switch_control, tags: switch_control} - - {role: tsg-env-patch, tags: tsg-env-patch} - - {role: tsg-diagnose_sync_ca, tags: tsg-diagnose_sync_ca} - -- hosts: adc_mcn0 - remote_user: root - roles: - - {role: tsg-diagnose_stop_sync, tags: tsg-diagnose_stop_sync} - -- hosts: packet_dump_server - remote_user: root - vars_files: - - install_config/group_vars/adc_global.yml - roles: - - {role: framework, tags: framework} - - {role: packet_dump, tags: packet_dump} - - {role: dump_rtp_pcap, tags: dump_rtp_pcap} - -- hosts: app_global - remote_user: root - vars_files: - - install_config/group_vars/app_global.yml - roles: - - {role: app_global, tags: app_global} diff --git a/install_config/group_vars/adc_global.yml b/install_config/group_vars/adc_global.yml deleted file mode 100644 index 27e5177..0000000 --- a/install_config/group_vars/adc_global.yml +++ /dev/null @@ -1,155 +0,0 @@ -######################################### -#####0: pcap; 1: Inline_device; 2: Allot; 3: ADC_Tun_mode; 4:ATCA_Vlan_Flipping 5:ATCA_VXLAN -tsg_access_type: 2 -#####2: ADC; 0:Tun_mode; 1: normal; -tsg_running_type: 2 -#####deploy mode: cluster, single -deploy_mode: "cluster" -######################################## -#Deploy_finished_reboot -Deploy_finished_reboot: 0 - -######################################## -#IP Config -maat_redis_city_server: - address: "10.4.62.253" - port: 7002 - -maat_redis_server: - address: "192.168.100.1" - port: 7002 - port_num: 1 - db: 0 - -dynamic_maat_redis_server: - address: "192.168.100.1" - port: 7002 - port_num: 1 - db: 1 - -cert_store_server: - address: "192.168.100.1" - port: 9991 - -log_kafkabrokers: - address: ['1.1.1.1:9092','2.2.2.2:9092'] - -#log_minio: -# address: "10.4.62.253" -# port: 9090 -pangu_pxy: - log_cache: - address: "10.9.62.253" - port: 9090 - -######################################### -#Log Level Config -#日志等级 10:DEBUG 20:INFO 30:FATAL -fw_voip_log_level: 10 -fw_ftp_log_level: 10 -fw_mail_log_level: 10 -fw_http_log_level: 10 -fw_dns_log_level: 10 -fw_quic_log_level: 10 -app_control_log_level: 10 -capture_packet_log_level: 10 -tsg_log_level: 10 -tsg_master_log_level: 10 -kni_log_level: 10 - -#日志等级 DEBUG INFO FATAL -tfe_log_level: FATAL -tfe_http_log_level: FATAL -pangu_log_level: FATAL -doh_log_level: FATAL - -certstore_log_level: FATAL -packet_dump_log_level: 10 - -####################################### -#Sapp Performance Config -#Sapp工作在ADC计算板0时,建议使用如下30+8的配置,以保证更高的处理性能 -sapp: - worker_threads: 42 - send_only_threads_max: 1 - bind_mask: 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43 - inbound_route_dir: 1 - prometheus_enable: 1 - prometheus_port: 9273 - prometheus_url_path: "/metrics" - -######################################## -#Kni Config -kni: - global: - tfe_node_count: 3 - watch_dog: - switch: 1 - maat: - readconf_mode: 2 - send_logger: - switch: 1 - tfe_nodes: - tfe0_enabled: 1 - tfe1_enabled: 1 - tfe2_enabled: 1 - -######################################## -#Tfe Config -tfe: - nr_threads: 32 - mirror_enable: 1 - -######################################## -#Marsio Config -#marsio工作在ADC计算板时,建议使用如下配置,以保证更高的处理性能 -mcn0_mrzcpd: - iocore: 52,53,54,55 - -mcn123_mrzcpd: - iocore: 54,55 - -mrtunnat: - lcore_id: 48,49,50,51 - -######################################### -#Tsg_app -tsg_app: - enable: 0 - -breakpad_upload_url: http://10.4.63.4:9000/api/2/minidump/?sentry_key=3203b43fd5384a7dbe6a48ecb1f3c595 -data_center: Kyzylorda -tsg_master_entrance_id: 9 -nic_mgr: - name: em1 - -firewall: - hos_serverip: "192.168.40.223" - hos_serverport: 9098 - hos_accesskeyid: "default" - hos_secretkey: "default" - hos_poolsize: 100 - hos_thread_sum: 32 - hos_cache_size: 102400 - hos_fs2_serverip: "127.0.0.1" - hos_fs2_serverport: 10086 - APP_SKETCH_LOG_LEVEL: 10 - APP_SKETCH_LOG_PATH: "./tsglog/app_sketch_local/app_sketch_local" - APP_SKETCH_L7_PROTOCOL_LABEL: "BASIC_PROTO_LABEL" - APP_SKETCH_QOS: 1 - APP_SKETCH_PUBLISH_TOPIC: "APP_SIGNATURE_ID" - APP_SKETCH_BROKER_LIST: "tcp://192.168.40.161:1883" - - -dump_rtp_pcap: - aws_access_key_id: "default" - aws_secret_access_key: "default" - aws_session_token: "c21f969b5f03d33d43e04f8f136e7682" - consume_bootstrap_servers: ['192.168.44.14:9092'] - endpoint_url: "http://192.168.44.67:9098/hos/" - produce_bootstrap_servers: "192.168.44.14:9092" - queue_size: 5000000 - coroutine_max_num: 200 - coroutine_num: 100 - qfull_mode: 0 - qfull_interval: 5 diff --git a/install_config/group_vars/adc_mcn0.yml b/install_config/group_vars/adc_mcn0.yml deleted file mode 100644 index 60bfaf0..0000000 --- a/install_config/group_vars/adc_mcn0.yml +++ /dev/null @@ -1,41 +0,0 @@ -######################################### -#Mcn0管理口网卡名 -nic_mgr: - name: ens1f3 - -######################################### -#Mcn0流量接入网卡,固定配置 -nic_data_incoming: - name: ens1f4 - -######################################### -#Mcn0其他数据口网卡名配置,固定配置 -nic_inner_ctrl: - name: ens1.100 -nic_to_tfe: - tfe0: - name: ens1f5 - tfe1: - name: ens1f6 - tfe2: - name: ens1f7 - -######################################### -#串联设备接入相关配置 -inline_device_config: - keepalive_ip: 192.168.1.30 - keepalive_mask: 255.255.255.252 - -######################################### -#Allot接入相关配置 -AllotAccess: - #virturlInterface_1: ens1f2.103 - #virturlInterface_2: ens1f2.104 - virturlID_1: 1201 - virturlID_2: 1202 - virturlID_3: 1301 - virturlID_4: 1302 - #vvipv4_mask: 24 - #vvipv6_mask: 64 - -bladename: mcn0 diff --git a/install_config/group_vars/adc_mcn1.yml b/install_config/group_vars/adc_mcn1.yml deleted file mode 100644 index 72fe442..0000000 --- a/install_config/group_vars/adc_mcn1.yml +++ /dev/null @@ -1,19 +0,0 @@ -######################################### -#Mcn1管理口网卡名 -nic_mgr: - name: ens1f3 - -######################################### -#Mcn1流量接入网卡,固定配置 -nic_data_incoming: - name: ens1f1 - -######################################### -#Mcn1其他数据口网卡名配置,固定配置 -nic_inner_ctrl: - name: ens1.100 -nic_traffic_mirror: - name: ens1f2 - use_mrzcpd: 1 - -bladename: mcn1 \ No newline at end of file diff --git a/install_config/group_vars/adc_mcn2.yml b/install_config/group_vars/adc_mcn2.yml deleted file mode 100644 index ff33049..0000000 --- a/install_config/group_vars/adc_mcn2.yml +++ /dev/null @@ -1,19 +0,0 @@ -######################################### -#Mcn2管理口网卡名 -nic_mgr: - name: ens8f3 - -######################################### -#Mcn2流量接入网卡,固定配置 -nic_data_incoming: - name: ens8f1 - -######################################### -#Mcn2其他数据口网卡名配置,固定配置 -nic_inner_ctrl: - name: ens8.100 -nic_traffic_mirror: - name: ens8f2 - use_mrzcpd: 1 - -bladename: mcn2 \ No newline at end of file diff --git a/install_config/group_vars/adc_mcn3.yml b/install_config/group_vars/adc_mcn3.yml deleted file mode 100644 index 51b1e09..0000000 --- a/install_config/group_vars/adc_mcn3.yml +++ /dev/null @@ -1,19 +0,0 @@ -######################################### -#Mcn3管理口网卡名 -nic_mgr: - name: ens8f3 - -######################################### -#Mcn3流量接入网卡,固定配置 -nic_data_incoming: - name: ens8f1 - -######################################### -#Mcn3其他数据口网卡名配置,固定配置 -nic_inner_ctrl: - name: ens8.100 -nic_traffic_mirror: - name: ens8f2 - use_mrzcpd: 1 - -bladename: mcn3 \ No newline at end of file diff --git a/install_config/group_vars/app_global.yml b/install_config/group_vars/app_global.yml deleted file mode 100644 index 4a10d21..0000000 --- a/install_config/group_vars/app_global.yml +++ /dev/null @@ -1,10 +0,0 @@ -######################################### -app_sketch_global_log_level: 10 - -maat_redis_server: - address: "192.168.40.168" - port: 7002 - db: 0 - -file_stat_ip: "1.1.1.1" - diff --git a/install_config/group_vars/mirror_traffic.yml b/install_config/group_vars/mirror_traffic.yml new file mode 100644 index 0000000..58b6a6d --- /dev/null +++ b/install_config/group_vars/mirror_traffic.yml @@ -0,0 +1,91 @@ +######################################## +#Server Basic Config +nic_mgr: + name: eth0 + +######################################### +#IP Config +maat_redis_server: + address: "#Bifang IP#" + port: 7002 + port_num: 1 + db: 0 + +dynamic_maat_redis_server: + address: "#Bifang IP#" + port: 7002 + port_num: 1 + db: 1 + + +log_kafkabrokers: + address: ['1.1.1.1:9092','2.2.2.2:9092'] + + +#log_minio: +# address: "10.9.62.253" +# port: 9090 + +######################################### +#Log Level Config +#日志等级 10:DEBUG 20:INFO 30:FATAL +fw_voip_log_level: 10 +fw_ftp_log_level: 10 +fw_mail_log_level: 10 +fw_http_log_level: 10 +fw_dns_log_level: 10 +fw_quic_log_level: 10 +app_control_log_level: 10 +capture_packet_log_level: 10 +tsg_log_level: 10 +tsg_master_log_level: 10 +kni_log_level: 10 + +#日志等级 DEBUG INFO FATAL +tfe_log_level: FATAL +tfe_http_log_level: FATAL +pangu_log_level: FATAL +doh_log_level: FATAL + +certstore_log_level: 10 +packet_dump_log_level: 10 + +######################################### +#Sapp Performance Config +#如果tsg_access_type=0,sapp跑在pcap模式,则以下配置可忽略 +sapp: + worker_threads: 23 + send_only_threads_max: 1 + bind_mask: 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24 + inbound_route_dir: 1 + prometheus_enable: 1 + prometheus_port: 9273 + prometheus_url_path: "/metrics" + +######################################### +#Marsio Config +mrzcpd: + iocore: 39 + + +######################################### +#新增配置项,均为默认值不用改 +breakpad_upload_url: http://127.0.0.1:9000/api/2/minidump/?sentry_key=3556bac347c74585a994eb6823faf5c6 + +data_center: Beijing +tsg_master_entrance_id: 0 + + +firewall: + hos_serverip: "192.168.40.223" + hos_serverport: 9098 + hos_accesskeyid: "default" + hos_secretkey: "default" + hos_poolsize: 100 + hos_thread_sum: 32 + hos_cache_size: 102400 + hos_fs2_serverip: "127.0.0.1" + hos_fs2_serverport: 10086 + + +data_incoming_nic_list: ['eth0', 'eth1'] diff --git a/install_config/group_vars/server_as_tun_mode.yml b/install_config/group_vars/server_as_tun_mode.yml deleted file mode 100644 index 556bde3..0000000 --- a/install_config/group_vars/server_as_tun_mode.yml +++ /dev/null @@ -1,200 +0,0 @@ -######################################### -#####0: Pcap; 1: Inline_device; 5:ATCA_VXLAN; -tsg_access_type: 0 -#####0: Tun_mode; 1: normal; -tsg_running_type: 0 - -#####deploy mode: cluster, single -deploy_mode: "single" - -######################################## -#Deploy_finished_reboot -Deploy_finished_reboot: 0 - -######################################## -#Server Basic Config -nic_mgr: - name: eth0 - -nic_inner_ctrl: - name: eth0.100 - -######################################### -#IP Config -#maat_redis_city_serve相关配置只在部署集群模式时使用 -maat_redis_city_server: - address: "" - port: - -maat_redis_server: - address: "#Bifang IP#" - port: 7002 - port_num: 1 - db: 0 - -dynamic_maat_redis_server: - address: "#Bifang IP#" - port: 7002 - port_num: 1 - db: 1 - -cert_store_server: - address: "192.168.100.1" - port: 9991 - -log_kafkabrokers: - address: ['1.1.1.1:9092','2.2.2.2:9092'] - - -#log_minio: -# address: "10.9.62.253" -# port: 9090 - -######################################### -#Log Level Config -#日志等级 10:DEBUG 20:INFO 30:FATAL -fw_voip_log_level: 10 -fw_ftp_log_level: 10 -fw_mail_log_level: 10 -fw_http_log_level: 10 -fw_dns_log_level: 10 -fw_quic_log_level: 10 -app_control_log_level: 10 -capture_packet_log_level: 10 -tsg_log_level: 10 -tsg_master_log_level: 10 -kni_log_level: 10 - -#日志等级 DEBUG INFO FATAL -tfe_log_level: FATAL -tfe_http_log_level: FATAL -pangu_log_level: FATAL -doh_log_level: FATAL - -certstore_log_level: 10 -packet_dump_log_level: 10 - -######################################### -#Sapp Performance Config -#如果tsg_access_type=0,sapp跑在pcap模式,则以下配置可忽略 -sapp: - worker_threads: 23 - send_only_threads_max: 1 - bind_mask: 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24 - inbound_route_dir: 1 - prometheus_enable: 1 - prometheus_port: 9273 - prometheus_url_path: "/metrics" - - -######################################### -#Sapp Double-Arm Config -packet_io: - internal_interface: eth2 - external_interface: eth3 - - -######################################### -#Kni Config -kni: - global: - tfe_node_count: 1 - watch_dog: - switch: 1 - maat: - readconf_mode: 2 - send_logger: - switch: 1 - tfe_nodes: - tfe0_enabled: 1 - tfe1_enabled: 0 - tfe2_enabled: 0 - -######################################### -#Tfe Config -tfe: - nr_threads: 32 - mirror_enable: 1 - -######################################### -#Marsio Config -mrzcpd: - iocore: 39 - -mrtunnat: - lcore_id: 38 - -######################################### -#Tsg_app -tsg_app: - enable: 1 - -######################################### -#ATCA Config -#下列配置只在tsg_access_type=4 or 5时生效 -ATCA_data_incoming: - ethname: enp1s0 - vf0_name: enp1s2 - vf1_name: enp1s2f1 - vf2_name: enp1s2f2 - -ATCA_VlanFlipping: - vlanID_1: 100 - vlanID_2: 101 - vlanID_3: 103 - vlanID_4: 104 - -#下列配置只在tsg_access_type=5时生效 -ATCA_VXLAN: - keepalive_ip: "10.254.19.1" - keepalive_mask: "255.255.255.252" - -######################################### -#Inline Device Config -inline_device_config: - keepalive_ip: 192.168.1.30 - keepalive_mask: 255.255.255.252 - data_incoming: eth5 - -######################################### -#新增配置项,均为默认值不用改 -breakpad_upload_url: http://127.0.0.1:9000/api/2/minidump/?sentry_key=3556bac347c74585a994eb6823faf5c6 - -data_center: Beijing -tsg_master_entrance_id: 0 - -pangu_pxy: - log_cache: - address: "10.9.62.253" - port: 9090 - -firewall: - hos_serverip: "192.168.40.223" - hos_serverport: 9098 - hos_accesskeyid: "default" - hos_secretkey: "default" - hos_poolsize: 100 - hos_thread_sum: 32 - hos_cache_size: 102400 - hos_fs2_serverip: "127.0.0.1" - hos_fs2_serverport: 10086 - APP_SKETCH_LOG_LEVEL: 10 - APP_SKETCH_LOG_PATH: "./tsglog/app_sketch_local/app_sketch_local" - APP_SKETCH_L7_PROTOCOL_LABEL: "BASIC_PROTO_LABEL" - APP_SKETCH_QOS: 1 - APP_SKETCH_PUBLISH_TOPIC: "APP_SIGNATURE_ID" - APP_SKETCH_BROKER_LIST: "tcp://192.168.40.161:1883" - - -dump_rtp_pcap: - aws_access_key_id: "default" - aws_secret_access_key: "default" - aws_session_token: "c21f969b5f03d33d43e04f8f136e7682" - consume_bootstrap_servers: ['192.168.44.14:9092'] - endpoint_url: "http://192.168.44.67:9098/hos/" - produce_bootstrap_servers: "192.168.44.14:9092" - queue_size: 5000000 - coroutine_max_num: 200 - coroutine_num: 100 - qfull_mode: 0 - qfull_interval: 5 diff --git a/install_config/hosts b/install_config/hosts index 0fe8b50..ab8e1fb 100644 --- a/install_config/hosts +++ b/install_config/hosts @@ -1,45 +1,3 @@ -################### -# For example # -################### -#变量device_id根据设备序号设置即可 -#变量vvipv4_1、vvipv4_2、vvipv6_1、vvipv6_2为Allot相关配置,其他环境可不填或直接删除变量 -# -#20.09版本新增APP部署 -#[app_global] -#0.0.0.0 - -#[server_as_tun_mode] -#1.1.1.1 device_id=device_1 -# -#[adc_mxn] -#10.3.72.1 -#10.3.72.2 -# -#[adc_mcn0] -#10.3.73.1 device_id=device_1 vvipv4_1=10.3.61.1 vvipv4_2=10.3.62.1 vvipv6_1=fc00::61:1 vvipv6_2=fc00::62:1 -#10.3.73.2 device_id=device_2 vvipv4_1=10.3.61.2 vvipv4_2=10.3.62.2 vvipv6_1=fc00::61:2 vvipv6_2=fc00::62:2 -# -#[adc_mcn1] -#10.3.74.1 device_id=device_1 -#10.3.74.2 device_id=device_2 -# -#[adc_mcn2] -#10.3.75.1 device_id=device_1 -#10.3.75.2 device_id=device_2 -# -#[adc_mcn3] -#10.3.76.1 device_id=device_1 -#10.3.76.2 device_id=device_2 - -#[app_global] -#[server_as_tun_mode] -#broken warning: -#10.4.52.71 -[adc_mcn0] -[adc_mcn1] -[adc_mcn2] -[adc_mcn3] -[app_global] -[server_as_tun_mode] +[mirror_traffic] diff --git a/mirror_traffic.yml b/mirror_traffic.yml new file mode 100644 index 0000000..3cf3c88 --- /dev/null +++ b/mirror_traffic.yml @@ -0,0 +1,13 @@ +- hosts: mirror_taffic + remote_user: root + vars_files: + - install_config/group_vars/mirror_taffic.yml + roles: + - {role: framework, tags: framework} + - {role: kernel-ml, tags: kernel-ml} + - {role: mrzcpd, tags: mrzcpd} + - {role: sapp, tags: sapp} + - {role: tsg_master, tags: tsg_master} + - {role: kni, tags: kni} + - {role: firewall, tags: firewall} + - {role: telegraf_statistic, tags: telegraf_statistic} diff --git a/roles/adc_exporter/files/freeipmi-1.5.7-3.el7.x86_64.rpm b/roles/adc_exporter/files/freeipmi-1.5.7-3.el7.x86_64.rpm deleted file mode 100644 index 17c5b2d..0000000 Binary files a/roles/adc_exporter/files/freeipmi-1.5.7-3.el7.x86_64.rpm and /dev/null differ diff --git a/roles/adc_exporter/files/ipmi_exporter b/roles/adc_exporter/files/ipmi_exporter deleted file mode 100644 index f57b94a..0000000 Binary files a/roles/adc_exporter/files/ipmi_exporter and /dev/null differ diff --git a/roles/adc_exporter/files/node_exporter b/roles/adc_exporter/files/node_exporter deleted file mode 100644 index b0a8b64..0000000 Binary files a/roles/adc_exporter/files/node_exporter and /dev/null differ diff --git a/roles/adc_exporter/files/systemd_exporter b/roles/adc_exporter/files/systemd_exporter deleted file mode 100644 index b075967..0000000 Binary files a/roles/adc_exporter/files/systemd_exporter and /dev/null differ diff --git a/roles/adc_exporter/tasks/main.yml b/roles/adc_exporter/tasks/main.yml deleted file mode 100644 index 826ada9..0000000 --- a/roles/adc_exporter/tasks/main.yml +++ /dev/null @@ -1,72 +0,0 @@ -- name: "copy freeipmi tools" - copy: - src: '{{ role_path }}/files/freeipmi-1.5.7-3.el7.x86_64.rpm' - dest: /tmp/ansible_deploy/ - -- name: "Install freeipmi rpm package" - yum: - name: - - "/tmp/ansible_deploy/freeipmi-1.5.7-3.el7.x86_64.rpm" - state: present - -- name: "mkdir /opt/adc-exporter/" - file: - path: /opt/adc-exporter/ - state: directory - -- name: "copy node_exporter" - copy: - src: '{{ role_path }}/files/node_exporter' - dest: /opt/adc-exporter/node_exporter - mode: 0755 - -- name: "copy systemd_exporter" - copy: - src: '{{ role_path }}/files/systemd_exporter' - dest: /opt/adc-exporter/systemd_exporter - mode: 0755 - -- name: "copy ipmi_exporter" - copy: - src: '{{ role_path }}/files/ipmi_exporter' - dest: /opt/adc-exporter/ipmi_exporter - mode: 0755 - -- name: "templates adc-exporter-node.service" - template: - src: "{{role_path}}/templates/adc-exporter-node.service.j2" - dest: /usr/lib/systemd/system/adc-exporter-node.service - tags: template - -- name: "templates adc-exporter-systemd.service" - template: - src: "{{role_path}}/templates/adc-exporter-systemd.service.j2" - dest: /usr/lib/systemd/system/adc-exporter-systemd.service - tags: template - -- name: "templates adc-exporter-ipmi.service" - template: - src: "{{role_path}}/templates/adc-exporter-ipmi.service.j2" - dest: /usr/lib/systemd/system/adc-exporter-ipmi.service - tags: template - -- name: 'adc-exporter-node service start' - systemd: - name: adc-exporter-node - enabled: yes - daemon_reload: yes - state: started - -- name: 'adc-exporter-systemd service start' - systemd: - name: adc-exporter-systemd - enabled: yes - daemon_reload: yes - state: restarted - -- name: 'adc-exporter-ipmi service start' - systemd: - name: adc-exporter-ipmi - enabled: yes - daemon_reload: yes - state: restarted diff --git a/roles/adc_exporter/templates/adc-exporter-ipmi.service.j2 b/roles/adc_exporter/templates/adc-exporter-ipmi.service.j2 deleted file mode 100644 index c9eeb3d..0000000 --- a/roles/adc_exporter/templates/adc-exporter-ipmi.service.j2 +++ /dev/null @@ -1,11 +0,0 @@ -[Unit] -Description=IPMI Exporter -After=network.target - -[Service] -Type=simple -ExecStart=/opt/adc-exporter/ipmi_exporter -Restart=always - -[Install] -WantedBy=multi-user.target diff --git a/roles/adc_exporter/templates/adc-exporter-node.service.j2 b/roles/adc_exporter/templates/adc-exporter-node.service.j2 deleted file mode 100644 index b28ed3e..0000000 --- a/roles/adc_exporter/templates/adc-exporter-node.service.j2 +++ /dev/null @@ -1,11 +0,0 @@ -[Unit] -Description=Node Exporter -After=network.target - -[Service] -Type=simple -ExecStart=/opt/adc-exporter/node_exporter -Restart=always - -[Install] -WantedBy=multi-user.target diff --git a/roles/adc_exporter/templates/adc-exporter-systemd.service.j2 b/roles/adc_exporter/templates/adc-exporter-systemd.service.j2 deleted file mode 100644 index d5e2f11..0000000 --- a/roles/adc_exporter/templates/adc-exporter-systemd.service.j2 +++ /dev/null @@ -1,11 +0,0 @@ -[Unit] -Description=Systemd Exporter -After=network.target - -[Service] -Type=simple -ExecStart=/opt/adc-exporter/systemd_exporter --web.disable-exporter-metrics -Restart=always - -[Install] -WantedBy=multi-user.target diff --git a/roles/adc_exporter_ping/files/ping_exporter b/roles/adc_exporter_ping/files/ping_exporter deleted file mode 100644 index a2915fd..0000000 Binary files a/roles/adc_exporter_ping/files/ping_exporter and /dev/null differ diff --git a/roles/adc_exporter_ping/tasks/main.yml b/roles/adc_exporter_ping/tasks/main.yml deleted file mode 100644 index e951705..0000000 --- a/roles/adc_exporter_ping/tasks/main.yml +++ /dev/null @@ -1,23 +0,0 @@ -- name: "mkdir /opt/adc-exporter/" - file: - path: /opt/adc-exporter/ - state: directory - -- name: "copy ping_exporter" - copy: - src: '{{ role_path }}/files/ping_exporter' - dest: /opt/adc-exporter/ping_exporter - mode: 0755 - -- name: "templates ping_exporter.service" - template: - src: "{{role_path}}/templates/adc-exporter-ping.service.j2" - dest: /usr/lib/systemd/system/adc-exporter-ping.service - tags: template - -- name: 'adc-exporter-ping service start' - systemd: - name: adc-exporter-ping - enabled: yes - daemon_reload: yes - state: restarted diff --git a/roles/adc_exporter_ping/templates/adc-exporter-ping.service.j2 b/roles/adc_exporter_ping/templates/adc-exporter-ping.service.j2 deleted file mode 100644 index ebaf8e4..0000000 --- a/roles/adc_exporter_ping/templates/adc-exporter-ping.service.j2 +++ /dev/null @@ -1,11 +0,0 @@ -[Unit] -Description=Ping Exporter -After=network.target - -[Service] -Type=simple -ExecStart=/opt/adc-exporter/ping_exporter {{ ping_test.target|join(" ")}} --ping.size=512 --ping.interval=0.5s -Restart=always - -[Install] -WantedBy=multi-user.target diff --git a/roles/adc_exporter_proxy/files/adc_exporter_proxy.tar.gz b/roles/adc_exporter_proxy/files/adc_exporter_proxy.tar.gz deleted file mode 100644 index 9b31207..0000000 Binary files a/roles/adc_exporter_proxy/files/adc_exporter_proxy.tar.gz and /dev/null differ diff --git a/roles/adc_exporter_proxy/tasks/main.yml b/roles/adc_exporter_proxy/tasks/main.yml deleted file mode 100644 index 78582fc..0000000 --- a/roles/adc_exporter_proxy/tasks/main.yml +++ /dev/null @@ -1,34 +0,0 @@ -- name: "mkdir /opt/adc-exporter-proxy/" - file: - path: /opt/adc-exporter-proxy/ - state: directory - -- name: "copy file to device" - copy: - src: '{{ role_path }}/files/' - dest: /tmp/ansible_deploy/ - -- name: "unarchive adc-exporter-proxy(NGINX)" - unarchive: - src: /tmp/ansible_deploy/adc_exporter_proxy.tar.gz - dest: /opt/adc-exporter-proxy - remote_src: yes - -- name: "templates adc-exporter-proxy.service" - template: - src: "{{role_path}}/templates/adc-exporter-proxy.service.j2" - dest: /usr/lib/systemd/system/adc-exporter-proxy.service - tags: template - -- name: "template nginx.conf" - template: - src: "{{role_path}}/templates/nginx.conf.j2" - dest: /opt/adc-exporter-proxy/adc-exporter-proxy/conf/nginx.conf - tags: template - -- name: 'adc-exporter-proxy service start' - systemd: - name: adc-exporter-proxy - enabled: yes - daemon_reload: yes - state: restarted diff --git a/roles/adc_exporter_proxy/templates/adc-exporter-proxy.service.j2 b/roles/adc_exporter_proxy/templates/adc-exporter-proxy.service.j2 deleted file mode 100644 index 203ae14..0000000 --- a/roles/adc_exporter_proxy/templates/adc-exporter-proxy.service.j2 +++ /dev/null @@ -1,12 +0,0 @@ -[Unit] -Description=ADC Exporter Proxy (NGINX) for NEZHA -After=network.target remote-fs.target nss-lookup.target - -[Service] -Type=simple -ExecStart=/opt/adc-exporter-proxy/adc-exporter-proxy/sbin/nginx -p /opt/adc-exporter-proxy/adc-exporter-proxy -ExecReload=/opt/adc-exporter-proxy/adc-exporter-proxy/sbin/nginx -p /opt/adc-exporter-proxy/adc-exporter-proxy -s reload -ExecStop=/opt/adc-exporter-proxy/adc-exporter-proxy/sbin/nginx -p /opt/adc-exporter-proxy/adc-exporter-proxy -s stop - -[Install] -WantedBy=multi-user.target diff --git a/roles/adc_exporter_proxy/templates/nginx.conf.j2 b/roles/adc_exporter_proxy/templates/nginx.conf.j2 deleted file mode 100644 index 646282e..0000000 --- a/roles/adc_exporter_proxy/templates/nginx.conf.j2 +++ /dev/null @@ -1,152 +0,0 @@ - -user nobody; -worker_processes 1; -daemon off; - -error_log logs/error.log; -error_log logs/error.log notice; -error_log logs/error.log info; -pid logs/nginx.pid; - - -events { - worker_connections 1024; -} - -http { - include mime.types; - default_type application/octet-stream; - - log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"'; - - #access_log logs/access.log main; - - sendfile on; - tcp_nopush on; - - keepalive_timeout 65; - gzip on; - - server { - listen 9000; - server_name localhost; - - location /metrics/blade/mcn0/node_exporter { - proxy_pass http://192.168.100.1:9100/metrics; - } - - location /metrics/blade/mcn1/node_exporter { - proxy_pass http://192.168.100.2:9100/metrics; - } - - location /metrics/blade/mcn2/node_exporter { - proxy_pass http://192.168.100.3:9100/metrics; - } - - location /metrics/blade/mcn3/node_exporter { - proxy_pass http://192.168.100.4:9100/metrics; - } - - location /metrics/blade/mxn/node_exporter { - proxy_pass http://192.168.100.5:9100/metrics; - } - - location /metrics/blade/mcn0/systemd_exporter { - proxy_pass http://192.168.100.1:9558/metrics; - } - - location /metrics/blade/mcn1/systemd_exporter { - proxy_pass http://192.168.100.2:9558/metrics; - } - - location /metrics/blade/mcn2/systemd_exporter { - proxy_pass http://192.168.100.3:9558/metrics; - } - - location /metrics/blade/mcn3/systemd_exporter { - proxy_pass http://192.168.100.4:9558/metrics; - } - - location /metrics/blade/mcn0/ipmi_exporter { - proxy_pass http://192.168.100.1:9290/metrics; - } - - location /metrics/blade/mcn1/ipmi_exporter { - proxy_pass http://192.168.100.2:9290/metrics; - } - - location /metrics/blade/mcn2/ipmi_exporter { - proxy_pass http://192.168.100.3:9290/metrics; - } - - location /metrics/blade/mcn3/ipmi_exporter { - proxy_pass http://192.168.100.4:9290/metrics; - } - - location /metrics/blade/mxn/ipmi_exporter { - proxy_pass http://192.168.100.5:9290/metrics; - } - - location /metrics/blade/mcn0/certstore { - proxy_pass http://192.168.100.1:9002/metrics; - } - - location /metrics/blade/mcn1/tfe { - proxy_pass http://192.168.100.2:9001/metrics; - } - - location /metrics/blade/mcn2/tfe { - proxy_pass http://192.168.100.3:9001/metrics; - } - - location /metrics/blade/mcn3/tfe { - proxy_pass http://192.168.100.4:9001/metrics; - } - - location /metrics/blade/mcn0/sapp { - proxy_pass http://192.168.100.1:9273/metrics; - } - - location /metrics/blade/mcn0/mrapm_device { - proxy_pass http://192.168.100.1:8901/metrics; - } - - location /metrics/blade/mcn0/mrapm_stream { - proxy_pass http://192.168.100.1:8902/metrics; - } - - location /metrics/blade/mcn1/mrapm_device { - proxy_pass http://192.168.100.2:8901/metrics; - } - - location /metrics/blade/mcn1/mrapm_stream { - proxy_pass http://192.168.100.2:8902/metrics; - } - - location /metrics/blade/mcn2/mrapm_device { - proxy_pass http://192.168.100.3:8901/metrics; - } - - location /metrics/blade/mcn2/mrapm_stream { - proxy_pass http://192.168.100.3:8902/metrics; - } - - location /metrics/blade/mcn3/mrapm_device { - proxy_pass http://192.168.100.4:8901/metrics; - } - - location /metrics/blade/mcn3/mrapm_stream { - proxy_pass http://192.168.100.4:8902/metrics; - } - - location /metrics/blade/mcn0/maat_redis { - proxy_pass http://192.168.100.1:9121/metrics; - } - - location /metrics/blade/mcn0/ping_exporter { - proxy_pass http://192.168.100.1:9427/metrics; - } - } -} diff --git a/roles/app_global/files/app-sketch-global-1.0.3.202010.a7b2e40-1.el7.x86_64.rpm b/roles/app_global/files/app-sketch-global-1.0.3.202010.a7b2e40-1.el7.x86_64.rpm deleted file mode 100644 index fe7937b..0000000 Binary files a/roles/app_global/files/app-sketch-global-1.0.3.202010.a7b2e40-1.el7.x86_64.rpm and /dev/null differ diff --git a/roles/app_global/files/emqx-centos7-v4.1.2.x86_64.rpm b/roles/app_global/files/emqx-centos7-v4.1.2.x86_64.rpm deleted file mode 100755 index cb690d9..0000000 Binary files a/roles/app_global/files/emqx-centos7-v4.1.2.x86_64.rpm and /dev/null differ diff --git a/roles/app_global/tasks/main.yml b/roles/app_global/tasks/main.yml deleted file mode 100644 index fa90ab4..0000000 --- a/roles/app_global/tasks/main.yml +++ /dev/null @@ -1,36 +0,0 @@ -- name: "copy app_global rpm to destination server" - copy: - src: "{{ role_path }}/files/" - dest: /tmp/ansible_deploy/ - -- name: "install app rpms from localhost" - yum: - name: - - /tmp/ansible_deploy/emqx-centos7-v4.1.2.x86_64.rpm - - /tmp/ansible_deploy/app-sketch-global-1.0.3.202010.a7b2e40-1.el7.x86_64.rpm - state: present - -- name: "template the app_sketch_global.conf" - template: - src: "{{ role_path }}/templates/app_sketch_global.conf.j2" - dest: /opt/tsg/app-sketch-global/conf/app_sketch_global.conf - -- name: "template the zlog.conf" - template: - src: "{{ role_path }}/templates/zlog.conf.j2" - dest: /opt/tsg/app-sketch-global/conf/zlog.conf - -- name: "Start emqx" - systemd: - name: emqx.service - state: started - enabled: yes - daemon_reload: yes - - -- name: "Start app-sketch-global" - systemd: - name: app-sketch-global.service - state: started - enabled: yes - daemon_reload: yes diff --git a/roles/app_global/templates/app_sketch_global.conf.j2 b/roles/app_global/templates/app_sketch_global.conf.j2 deleted file mode 100644 index 7709425..0000000 --- a/roles/app_global/templates/app_sketch_global.conf.j2 +++ /dev/null @@ -1,41 +0,0 @@ -[SYSTEM] -#1:print on screen, 0:don't -DEBUG_SWITCH = 1 -RUN_LOG_PATH = "conf/zlog.conf" - -[breakpad] -disable_coredump=0 -enable_breakpad=1 -breakpad_minidump_dir=/tmp/app-sketch-global/crashreport -enable_breakpad_upload=0 -breakpad_upload_url={{ breakpad_upload_url }} - -[CONFIG] -#Number of running threads -thread-nu = 1 -timeout = 3600 -address="tcp://127.0.0.1:1883" -topic_name="APP_SIGNATURE_ID" -client_name="ExampleClientSub" - -[maat] -# 0:json 1: redis 2: iris -maat_input_mode=1 -table_info=./resource/table_info.conf -json_cfg_file=./resource/gtest.json -stat_file=logs/verify-policy.status -full_cfg_dir=verify-policy/ -inc_cfg_dir=verify-policy/ - -maat_redis_server={{ maat_redis_server.address }} -maat_redis_port_range={{ maat_redis_server.port }} -maat_redis_db_index={{ maat_redis_server.db }} -effect_interval_s=1 -accept_tags={"tags":[{"tag":"location","value":"Astana"}]} - -[stat] -statsd_server={{ file_stat_ip }} -statsd_port=8100 -statsd_cycle=5 -# FS_OUTPUT_STATSD=1, FS_OUTPUT_INFLUX_LINE=2 -statsd_format=2 diff --git a/roles/app_global/templates/zlog.conf.j2 b/roles/app_global/templates/zlog.conf.j2 deleted file mode 100644 index 0ff890d..0000000 --- a/roles/app_global/templates/zlog.conf.j2 +++ /dev/null @@ -1,12 +0,0 @@ -[global] -default format = "%d(%c), %V, %F, %U, %m%n" -[levels] -DEBUG=10 -INFO=20 -FATAL=30 -[rules] -*.fatal "./logs/error.log.%d(%F)"; -*.{{ app_sketch_global_log_level }} "./logs/app_sketch_global.log.%d(%F)" - - - diff --git a/roles/cert-redis/files/cert-redis.conf b/roles/cert-redis/files/cert-redis.conf deleted file mode 100644 index 7a7c947..0000000 --- a/roles/cert-redis/files/cert-redis.conf +++ /dev/null @@ -1,1052 +0,0 @@ -# Redis configuration file example. -# -# Note that in order to read the configuration file, Redis must be -# started with the file path as first argument: -# -# ./redis-server /path/to/redis.conf - -# Note on units: when memory size is needed, it is possible to specify -# it in the usual form of 1k 5GB 4M and so forth: -# -# 1k => 1000 bytes -# 1kb => 1024 bytes -# 1m => 1000000 bytes -# 1mb => 1024*1024 bytes -# 1g => 1000000000 bytes -# 1gb => 1024*1024*1024 bytes -# -# units are case insensitive so 1GB 1Gb 1gB are all the same. - -################################## INCLUDES ################################### - -# Include one or more other config files here. This is useful if you -# have a standard template that goes to all Redis servers but also need -# to customize a few per-server settings. Include files can include -# other files, so use this wisely. -# -# Notice option "include" won't be rewritten by command "CONFIG REWRITE" -# from admin or Redis Sentinel. Since Redis always uses the last processed -# line as value of a configuration directive, you'd better put includes -# at the beginning of this file to avoid overwriting config change at runtime. -# -# If instead you are interested in using includes to override configuration -# options, it is better to use include as the last line. -# -# include /path/to/local.conf -# include /path/to/other.conf - -################################## NETWORK ##################################### - -# By default, if no "bind" configuration directive is specified, Redis listens -# for connections from all the network interfaces available on the server. -# It is possible to listen to just one or multiple selected interfaces using -# the "bind" configuration directive, followed by one or more IP addresses. -# -# Examples: -# -# bind 192.168.1.100 10.0.0.1 -# bind $ip ::1 -# -# ~~~ WARNING ~~~ If the computer running Redis is directly exposed to the -# internet, binding to all the interfaces is dangerous and will expose the -# instance to everybody on the internet. So by default we uncomment the -# following bind directive, that will force Redis to listen only into -# the IPv4 lookback interface address (this means Redis will be able to -# accept connections only from clients running into the same computer it -# is running). -# -# IF YOU ARE SURE YOU WANT YOUR INSTANCE TO LISTEN TO ALL THE INTERFACES -# JUST COMMENT THE FOLLOWING LINE. -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -bind 0.0.0.0 - -# Protected mode is a layer of security protection, in order to avoid that -# Redis instances left open on the internet are accessed and exploited. -# -# When protected mode is on and if: -# -# 1) The server is not binding explicitly to a set of addresses using the -# "bind" directive. -# 2) No password is configured. -# -# The server only accepts connections from clients connecting from the -# IPv4 and IPv6 loopback addresses 127.0.0.1 and ::1, and from Unix domain -# sockets. -# -# By default protected mode is enabled. You should disable it only if -# you are sure you want clients from other hosts to connect to Redis -# even if no authentication is configured, nor a specific set of interfaces -# are explicitly listed using the "bind" directive. -protected-mode yes - -# Accept connections on the specified port, default is 6379 (IANA #815344). -# If port 0 is specified Redis will not listen on a TCP socket. -port 6379 - -# TCP listen() backlog. -# -# In high requests-per-second environments you need an high backlog in order -# to avoid slow clients connections issues. Note that the Linux kernel -# will silently truncate it to the value of /proc/sys/net/core/somaxconn so -# make sure to raise both the value of somaxconn and tcp_max_syn_backlog -# in order to get the desired effect. -tcp-backlog 511 - -# Unix socket. -# -# Specify the path for the Unix socket that will be used to listen for -# incoming connections. There is no default, so Redis will not listen -# on a unix socket when not specified. -# -# unixsocket /tmp/redis.sock -# unixsocketperm 700 - -# Close the connection after a client is idle for N seconds (0 to disable) -timeout 0 - -# TCP keepalive. -# -# If non-zero, use SO_KEEPALIVE to send TCP ACKs to clients in absence -# of communication. This is useful for two reasons: -# -# 1) Detect dead peers. -# 2) Take the connection alive from the point of view of network -# equipment in the middle. -# -# On Linux, the specified value (in seconds) is the period used to send ACKs. -# Note that to close the connection the double of the time is needed. -# On other kernels the period depends on the kernel configuration. -# -# A reasonable value for this option is 300 seconds, which is the new -# Redis default starting with Redis 3.2.1. -tcp-keepalive 300 - -################################# GENERAL ##################################### - -# By default Redis does not run as a daemon. Use 'yes' if you need it. -# Note that Redis will write a pid file in /var/run/redis.pid when daemonized. -daemonize yes - -# If you run Redis from upstart or systemd, Redis can interact with your -# supervision tree. Options: -# supervised no - no supervision interaction -# supervised upstart - signal upstart by putting Redis into SIGSTOP mode -# supervised systemd - signal systemd by writing READY=1 to $NOTIFY_SOCKET -# supervised auto - detect upstart or systemd method based on -# UPSTART_JOB or NOTIFY_SOCKET environment variables -# Note: these supervision methods only signal "process is ready." -# They do not enable continuous liveness pings back to your supervisor. -supervised no - -# If a pid file is specified, Redis writes it where specified at startup -# and removes it at exit. -# -# When the server runs non daemonized, no pid file is created if none is -# specified in the configuration. When the server is daemonized, the pid file -# is used even if not specified, defaulting to "/var/run/redis.pid". -# -# Creating a pid file is best effort: if Redis is not able to create it -# nothing bad happens, the server will start and run normally. -pidfile /var/run/redis_6379.pid - -# Specify the server verbosity level. -# This can be one of: -# debug (a lot of information, useful for development/testing) -# verbose (many rarely useful info, but not a mess like the debug level) -# notice (moderately verbose, what you want in production probably) -# warning (only very important / critical messages are logged) -loglevel notice - -# Specify the log file name. Also the empty string can be used to force -# Redis to log on the standard output. Note that if you use standard -# output for logging but daemonize, logs will be sent to /dev/null -#logfile "/opt/tsg/cert-redis/6379/6379.log" - -# To enable logging to the system logger, just set 'syslog-enabled' to yes, -# and optionally update the other syslog parameters to suit your needs. -# syslog-enabled no - -# Specify the syslog identity. -# syslog-ident redis - -# Specify the syslog facility. Must be USER or between LOCAL0-LOCAL7. -# syslog-facility local0 - -# Set the number of databases. The default database is DB 0, you can select -# a different one on a per-connection basis using SELECT where -# dbid is a number between 0 and 'databases'-1 -databases 16 - -################################ SNAPSHOTTING ################################ -# -# Save the DB on disk: -# -# save -# -# Will save the DB if both the given number of seconds and the given -# number of write operations against the DB occurred. -# -# In the example below the behaviour will be to save: -# after 900 sec (15 min) if at least 1 key changed -# after 300 sec (5 min) if at least 10 keys changed -# after 60 sec if at least 10000 keys changed -# -# Note: you can disable saving completely by commenting out all "save" lines. -# -# It is also possible to remove all the previously configured save -# points by adding a save directive with a single empty string argument -# like in the following example: -# -# save "" - -save 900 1 -save 300 10 -save 60 10000 - -# By default Redis will stop accepting writes if RDB snapshots are enabled -# (at least one save point) and the latest background save failed. -# This will make the user aware (in a hard way) that data is not persisting -# on disk properly, otherwise chances are that no one will notice and some -# disaster will happen. -# -# If the background saving process will start working again Redis will -# automatically allow writes again. -# -# However if you have setup your proper monitoring of the Redis server -# and persistence, you may want to disable this feature so that Redis will -# continue to work as usual even if there are problems with disk, -# permissions, and so forth. -stop-writes-on-bgsave-error yes - -# Compress string objects using LZF when dump .rdb databases? -# For default that's set to 'yes' as it's almost always a win. -# If you want to save some CPU in the saving child set it to 'no' but -# the dataset will likely be bigger if you have compressible values or keys. -rdbcompression yes - -# Since version 5 of RDB a CRC64 checksum is placed at the end of the file. -# This makes the format more resistant to corruption but there is a performance -# hit to pay (around 10%) when saving and loading RDB files, so you can disable it -# for maximum performances. -# -# RDB files created with checksum disabled have a checksum of zero that will -# tell the loading code to skip the check. -rdbchecksum yes - -# The filename where to dump the DB -dbfilename dump.rdb - -# The working directory. -# -# The DB will be written inside this directory, with the filename specified -# above using the 'dbfilename' configuration directive. -# -# The Append Only File will also be created inside this directory. -# -# Note that you must specify a directory here, not a file name. -#dir /opt/tsg/cert-redis/6379/ - -################################# REPLICATION ################################# - -# Master-Slave replication. Use slaveof to make a Redis instance a copy of -# another Redis server. A few things to understand ASAP about Redis replication. -# -# 1) Redis replication is asynchronous, but you can configure a master to -# stop accepting writes if it appears to be not connected with at least -# a given number of slaves. -# 2) Redis slaves are able to perform a partial resynchronization with the -# master if the replication link is lost for a relatively small amount of -# time. You may want to configure the replication backlog size (see the next -# sections of this file) with a sensible value depending on your needs. -# 3) Replication is automatic and does not need user intervention. After a -# network partition slaves automatically try to reconnect to masters -# and resynchronize with them. -# -# slaveof - -# If the master is password protected (using the "requirepass" configuration -# directive below) it is possible to tell the slave to authenticate before -# starting the replication synchronization process, otherwise the master will -# refuse the slave request. -# -# masterauth - -# When a slave loses its connection with the master, or when the replication -# is still in progress, the slave can act in two different ways: -# -# 1) if slave-serve-stale-data is set to 'yes' (the default) the slave will -# still reply to client requests, possibly with out of date data, or the -# data set may just be empty if this is the first synchronization. -# -# 2) if slave-serve-stale-data is set to 'no' the slave will reply with -# an error "SYNC with master in progress" to all the kind of commands -# but to INFO and SLAVEOF. -# -slave-serve-stale-data yes - -# You can configure a slave instance to accept writes or not. Writing against -# a slave instance may be useful to store some ephemeral data (because data -# written on a slave will be easily deleted after resync with the master) but -# may also cause problems if clients are writing to it because of a -# misconfiguration. -# -# Since Redis 2.6 by default slaves are read-only. -# -# Note: read only slaves are not designed to be exposed to untrusted clients -# on the internet. It's just a protection layer against misuse of the instance. -# Still a read only slave exports by default all the administrative commands -# such as CONFIG, DEBUG, and so forth. To a limited extent you can improve -# security of read only slaves using 'rename-command' to shadow all the -# administrative / dangerous commands. -slave-read-only yes - -# Replication SYNC strategy: disk or socket. -# -# ------------------------------------------------------- -# WARNING: DISKLESS REPLICATION IS EXPERIMENTAL CURRENTLY -# ------------------------------------------------------- -# -# New slaves and reconnecting slaves that are not able to continue the replication -# process just receiving differences, need to do what is called a "full -# synchronization". An RDB file is transmitted from the master to the slaves. -# The transmission can happen in two different ways: -# -# 1) Disk-backed: The Redis master creates a new process that writes the RDB -# file on disk. Later the file is transferred by the parent -# process to the slaves incrementally. -# 2) Diskless: The Redis master creates a new process that directly writes the -# RDB file to slave sockets, without touching the disk at all. -# -# With disk-backed replication, while the RDB file is generated, more slaves -# can be queued and served with the RDB file as soon as the current child producing -# the RDB file finishes its work. With diskless replication instead once -# the transfer starts, new slaves arriving will be queued and a new transfer -# will start when the current one terminates. -# -# When diskless replication is used, the master waits a configurable amount of -# time (in seconds) before starting the transfer in the hope that multiple slaves -# will arrive and the transfer can be parallelized. -# -# With slow disks and fast (large bandwidth) networks, diskless replication -# works better. -repl-diskless-sync no - -# When diskless replication is enabled, it is possible to configure the delay -# the server waits in order to spawn the child that transfers the RDB via socket -# to the slaves. -# -# This is important since once the transfer starts, it is not possible to serve -# new slaves arriving, that will be queued for the next RDB transfer, so the server -# waits a delay in order to let more slaves arrive. -# -# The delay is specified in seconds, and by default is 5 seconds. To disable -# it entirely just set it to 0 seconds and the transfer will start ASAP. -repl-diskless-sync-delay 5 - -# Slaves send PINGs to server in a predefined interval. It's possible to change -# this interval with the repl_ping_slave_period option. The default value is 10 -# seconds. -# -# repl-ping-slave-period 10 - -# The following option sets the replication timeout for: -# -# 1) Bulk transfer I/O during SYNC, from the point of view of slave. -# 2) Master timeout from the point of view of slaves (data, pings). -# 3) Slave timeout from the point of view of masters (REPLCONF ACK pings). -# -# It is important to make sure that this value is greater than the value -# specified for repl-ping-slave-period otherwise a timeout will be detected -# every time there is low traffic between the master and the slave. -# -# repl-timeout 60 - -# Disable TCP_NODELAY on the slave socket after SYNC? -# -# If you select "yes" Redis will use a smaller number of TCP packets and -# less bandwidth to send data to slaves. But this can add a delay for -# the data to appear on the slave side, up to 40 milliseconds with -# Linux kernels using a default configuration. -# -# If you select "no" the delay for data to appear on the slave side will -# be reduced but more bandwidth will be used for replication. -# -# By default we optimize for low latency, but in very high traffic conditions -# or when the master and slaves are many hops away, turning this to "yes" may -# be a good idea. -repl-disable-tcp-nodelay no - -# Set the replication backlog size. The backlog is a buffer that accumulates -# slave data when slaves are disconnected for some time, so that when a slave -# wants to reconnect again, often a full resync is not needed, but a partial -# resync is enough, just passing the portion of data the slave missed while -# disconnected. -# -# The bigger the replication backlog, the longer the time the slave can be -# disconnected and later be able to perform a partial resynchronization. -# -# The backlog is only allocated once there is at least a slave connected. -# -# repl-backlog-size 1mb - -# After a master has no longer connected slaves for some time, the backlog -# will be freed. The following option configures the amount of seconds that -# need to elapse, starting from the time the last slave disconnected, for -# the backlog buffer to be freed. -# -# A value of 0 means to never release the backlog. -# -# repl-backlog-ttl 3600 - -# The slave priority is an integer number published by Redis in the INFO output. -# It is used by Redis Sentinel in order to select a slave to promote into a -# master if the master is no longer working correctly. -# -# A slave with a low priority number is considered better for promotion, so -# for instance if there are three slaves with priority 10, 100, 25 Sentinel will -# pick the one with priority 10, that is the lowest. -# -# However a special priority of 0 marks the slave as not able to perform the -# role of master, so a slave with priority of 0 will never be selected by -# Redis Sentinel for promotion. -# -# By default the priority is 100. -slave-priority 100 - -# It is possible for a master to stop accepting writes if there are less than -# N slaves connected, having a lag less or equal than M seconds. -# -# The N slaves need to be in "online" state. -# -# The lag in seconds, that must be <= the specified value, is calculated from -# the last ping received from the slave, that is usually sent every second. -# -# This option does not GUARANTEE that N replicas will accept the write, but -# will limit the window of exposure for lost writes in case not enough slaves -# are available, to the specified number of seconds. -# -# For example to require at least 3 slaves with a lag <= 10 seconds use: -# -# min-slaves-to-write 3 -# min-slaves-max-lag 10 -# -# Setting one or the other to 0 disables the feature. -# -# By default min-slaves-to-write is set to 0 (feature disabled) and -# min-slaves-max-lag is set to 10. - -# A Redis master is able to list the address and port of the attached -# slaves in different ways. For example the "INFO replication" section -# offers this information, which is used, among other tools, by -# Redis Sentinel in order to discover slave instances. -# Another place where this info is available is in the output of the -# "ROLE" command of a masteer. -# -# The listed IP and address normally reported by a slave is obtained -# in the following way: -# -# IP: The address is auto detected by checking the peer address -# of the socket used by the slave to connect with the master. -# -# Port: The port is communicated by the slave during the replication -# handshake, and is normally the port that the slave is using to -# list for connections. -# -# However when port forwarding or Network Address Translation (NAT) is -# used, the slave may be actually reachable via different IP and port -# pairs. The following two options can be used by a slave in order to -# report to its master a specific set of IP and port, so that both INFO -# and ROLE will report those values. -# -# There is no need to use both the options if you need to override just -# the port or the IP address. -# -# slave-announce-ip 5.5.5.5 -# slave-announce-port 1234 - -################################## SECURITY ################################### - -# Require clients to issue AUTH before processing any other -# commands. This might be useful in environments in which you do not trust -# others with access to the host running redis-server. -# -# This should stay commented out for backward compatibility and because most -# people do not need auth (e.g. they run their own servers). -# -# Warning: since Redis is pretty fast an outside user can try up to -# 150k passwords per second against a good box. This means that you should -# use a very strong password otherwise it will be very easy to break. -# -# requirepass foobared - -# Command renaming. -# -# It is possible to change the name of dangerous commands in a shared -# environment. For instance the CONFIG command may be renamed into something -# hard to guess so that it will still be available for internal-use tools -# but not available for general clients. -# -# Example: -# -# rename-command CONFIG b840fc02d524045429941cc15f59e41cb7be6c52 -# -# It is also possible to completely kill a command by renaming it into -# an empty string: -# -# rename-command CONFIG "" -# -# Please note that changing the name of commands that are logged into the -# AOF file or transmitted to slaves may cause problems. - -################################### LIMITS #################################### - -# Set the max number of connected clients at the same time. By default -# this limit is set to 10000 clients, however if the Redis server is not -# able to configure the process file limit to allow for the specified limit -# the max number of allowed clients is set to the current file limit -# minus 32 (as Redis reserves a few file descriptors for internal uses). -# -# Once the limit is reached Redis will close all the new connections sending -# an error 'max number of clients reached'. -# -# maxclients 10000 - -# Don't use more memory than the specified amount of bytes. -# When the memory limit is reached Redis will try to remove keys -# according to the eviction policy selected (see maxmemory-policy). -# -# If Redis can't remove keys according to the policy, or if the policy is -# set to 'noeviction', Redis will start to reply with errors to commands -# that would use more memory, like SET, LPUSH, and so on, and will continue -# to reply to read-only commands like GET. -# -# This option is usually useful when using Redis as an LRU cache, or to set -# a hard memory limit for an instance (using the 'noeviction' policy). -# -# WARNING: If you have slaves attached to an instance with maxmemory on, -# the size of the output buffers needed to feed the slaves are subtracted -# from the used memory count, so that network problems / resyncs will -# not trigger a loop where keys are evicted, and in turn the output -# buffer of slaves is full with DELs of keys evicted triggering the deletion -# of more keys, and so forth until the database is completely emptied. -# -# In short... if you have slaves attached it is suggested that you set a lower -# limit for maxmemory so that there is some free RAM on the system for slave -# output buffers (but this is not needed if the policy is 'noeviction'). -# -# maxmemory - -# MAXMEMORY POLICY: how Redis will select what to remove when maxmemory -# is reached. You can select among five behaviors: -# -# volatile-lru -> remove the key with an expire set using an LRU algorithm -# allkeys-lru -> remove any key according to the LRU algorithm -# volatile-random -> remove a random key with an expire set -# allkeys-random -> remove a random key, any key -# volatile-ttl -> remove the key with the nearest expire time (minor TTL) -# noeviction -> don't expire at all, just return an error on write operations -# -# Note: with any of the above policies, Redis will return an error on write -# operations, when there are no suitable keys for eviction. -# -# At the date of writing these commands are: set setnx setex append -# incr decr rpush lpush rpushx lpushx linsert lset rpoplpush sadd -# sinter sinterstore sunion sunionstore sdiff sdiffstore zadd zincrby -# zunionstore zinterstore hset hsetnx hmset hincrby incrby decrby -# getset mset msetnx exec sort -# -# The default is: -# -# maxmemory-policy noeviction - -# LRU and minimal TTL algorithms are not precise algorithms but approximated -# algorithms (in order to save memory), so you can tune it for speed or -# accuracy. For default Redis will check five keys and pick the one that was -# used less recently, you can change the sample size using the following -# configuration directive. -# -# The default of 5 produces good enough results. 10 Approximates very closely -# true LRU but costs a bit more CPU. 3 is very fast but not very accurate. -# -# maxmemory-samples 5 - -############################## APPEND ONLY MODE ############################### - -# By default Redis asynchronously dumps the dataset on disk. This mode is -# good enough in many applications, but an issue with the Redis process or -# a power outage may result into a few minutes of writes lost (depending on -# the configured save points). -# -# The Append Only File is an alternative persistence mode that provides -# much better durability. For instance using the default data fsync policy -# (see later in the config file) Redis can lose just one second of writes in a -# dramatic event like a server power outage, or a single write if something -# wrong with the Redis process itself happens, but the operating system is -# still running correctly. -# -# AOF and RDB persistence can be enabled at the same time without problems. -# If the AOF is enabled on startup Redis will load the AOF, that is the file -# with the better durability guarantees. -# -# Please check http://redis.io/topics/persistence for more information. - -appendonly no - -# The name of the append only file (default: "appendonly.aof") - -appendfilename "appendonly.aof" - -# The fsync() call tells the Operating System to actually write data on disk -# instead of waiting for more data in the output buffer. Some OS will really flush -# data on disk, some other OS will just try to do it ASAP. -# -# Redis supports three different modes: -# -# no: don't fsync, just let the OS flush the data when it wants. Faster. -# always: fsync after every write to the append only log. Slow, Safest. -# everysec: fsync only one time every second. Compromise. -# -# The default is "everysec", as that's usually the right compromise between -# speed and data safety. It's up to you to understand if you can relax this to -# "no" that will let the operating system flush the output buffer when -# it wants, for better performances (but if you can live with the idea of -# some data loss consider the default persistence mode that's snapshotting), -# or on the contrary, use "always" that's very slow but a bit safer than -# everysec. -# -# More details please check the following article: -# http://antirez.com/post/redis-persistence-demystified.html -# -# If unsure, use "everysec". - -# appendfsync always -appendfsync everysec -# appendfsync no - -# When the AOF fsync policy is set to always or everysec, and a background -# saving process (a background save or AOF log background rewriting) is -# performing a lot of I/O against the disk, in some Linux configurations -# Redis may block too long on the fsync() call. Note that there is no fix for -# this currently, as even performing fsync in a different thread will block -# our synchronous write(2) call. -# -# In order to mitigate this problem it's possible to use the following option -# that will prevent fsync() from being called in the main process while a -# BGSAVE or BGREWRITEAOF is in progress. -# -# This means that while another child is saving, the durability of Redis is -# the same as "appendfsync none". In practical terms, this means that it is -# possible to lose up to 30 seconds of log in the worst scenario (with the -# default Linux settings). -# -# If you have latency problems turn this to "yes". Otherwise leave it as -# "no" that is the safest pick from the point of view of durability. - -no-appendfsync-on-rewrite no - -# Automatic rewrite of the append only file. -# Redis is able to automatically rewrite the log file implicitly calling -# BGREWRITEAOF when the AOF log size grows by the specified percentage. -# -# This is how it works: Redis remembers the size of the AOF file after the -# latest rewrite (if no rewrite has happened since the restart, the size of -# the AOF at startup is used). -# -# This base size is compared to the current size. If the current size is -# bigger than the specified percentage, the rewrite is triggered. Also -# you need to specify a minimal size for the AOF file to be rewritten, this -# is useful to avoid rewriting the AOF file even if the percentage increase -# is reached but it is still pretty small. -# -# Specify a percentage of zero in order to disable the automatic AOF -# rewrite feature. - -auto-aof-rewrite-percentage 100 -auto-aof-rewrite-min-size 64mb - -# An AOF file may be found to be truncated at the end during the Redis -# startup process, when the AOF data gets loaded back into memory. -# This may happen when the system where Redis is running -# crashes, especially when an ext4 filesystem is mounted without the -# data=ordered option (however this can't happen when Redis itself -# crashes or aborts but the operating system still works correctly). -# -# Redis can either exit with an error when this happens, or load as much -# data as possible (the default now) and start if the AOF file is found -# to be truncated at the end. The following option controls this behavior. -# -# If aof-load-truncated is set to yes, a truncated AOF file is loaded and -# the Redis server starts emitting a log to inform the user of the event. -# Otherwise if the option is set to no, the server aborts with an error -# and refuses to start. When the option is set to no, the user requires -# to fix the AOF file using the "redis-check-aof" utility before to restart -# the server. -# -# Note that if the AOF file will be found to be corrupted in the middle -# the server will still exit with an error. This option only applies when -# Redis will try to read more data from the AOF file but not enough bytes -# will be found. -aof-load-truncated yes - -################################ LUA SCRIPTING ############################### - -# Max execution time of a Lua script in milliseconds. -# -# If the maximum execution time is reached Redis will log that a script is -# still in execution after the maximum allowed time and will start to -# reply to queries with an error. -# -# When a long running script exceeds the maximum execution time only the -# SCRIPT KILL and SHUTDOWN NOSAVE commands are available. The first can be -# used to stop a script that did not yet called write commands. The second -# is the only way to shut down the server in the case a write command was -# already issued by the script but the user doesn't want to wait for the natural -# termination of the script. -# -# Set it to 0 or a negative value for unlimited execution without warnings. -lua-time-limit 5000 - -################################ REDIS CLUSTER ############################### -# -# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# WARNING EXPERIMENTAL: Redis Cluster is considered to be stable code, however -# in order to mark it as "mature" we need to wait for a non trivial percentage -# of users to deploy it in production. -# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# -# Normal Redis instances can't be part of a Redis Cluster; only nodes that are -# started as cluster nodes can. In order to start a Redis instance as a -# cluster node enable the cluster support uncommenting the following: -# -# cluster-enabled yes - -# Every cluster node has a cluster configuration file. This file is not -# intended to be edited by hand. It is created and updated by Redis nodes. -# Every Redis Cluster node requires a different cluster configuration file. -# Make sure that instances running in the same system do not have -# overlapping cluster configuration file names. -# -# cluster-config-file nodes-6379.conf - -# Cluster node timeout is the amount of milliseconds a node must be unreachable -# for it to be considered in failure state. -# Most other internal time limits are multiple of the node timeout. -# -# cluster-node-timeout 15000 - -# A slave of a failing master will avoid to start a failover if its data -# looks too old. -# -# There is no simple way for a slave to actually have a exact measure of -# its "data age", so the following two checks are performed: -# -# 1) If there are multiple slaves able to failover, they exchange messages -# in order to try to give an advantage to the slave with the best -# replication offset (more data from the master processed). -# Slaves will try to get their rank by offset, and apply to the start -# of the failover a delay proportional to their rank. -# -# 2) Every single slave computes the time of the last interaction with -# its master. This can be the last ping or command received (if the master -# is still in the "connected" state), or the time that elapsed since the -# disconnection with the master (if the replication link is currently down). -# If the last interaction is too old, the slave will not try to failover -# at all. -# -# The point "2" can be tuned by user. Specifically a slave will not perform -# the failover if, since the last interaction with the master, the time -# elapsed is greater than: -# -# (node-timeout * slave-validity-factor) + repl-ping-slave-period -# -# So for example if node-timeout is 30 seconds, and the slave-validity-factor -# is 10, and assuming a default repl-ping-slave-period of 10 seconds, the -# slave will not try to failover if it was not able to talk with the master -# for longer than 310 seconds. -# -# A large slave-validity-factor may allow slaves with too old data to failover -# a master, while a too small value may prevent the cluster from being able to -# elect a slave at all. -# -# For maximum availability, it is possible to set the slave-validity-factor -# to a value of 0, which means, that slaves will always try to failover the -# master regardless of the last time they interacted with the master. -# (However they'll always try to apply a delay proportional to their -# offset rank). -# -# Zero is the only value able to guarantee that when all the partitions heal -# the cluster will always be able to continue. -# -# cluster-slave-validity-factor 10 - -# Cluster slaves are able to migrate to orphaned masters, that are masters -# that are left without working slaves. This improves the cluster ability -# to resist to failures as otherwise an orphaned master can't be failed over -# in case of failure if it has no working slaves. -# -# Slaves migrate to orphaned masters only if there are still at least a -# given number of other working slaves for their old master. This number -# is the "migration barrier". A migration barrier of 1 means that a slave -# will migrate only if there is at least 1 other working slave for its master -# and so forth. It usually reflects the number of slaves you want for every -# master in your cluster. -# -# Default is 1 (slaves migrate only if their masters remain with at least -# one slave). To disable migration just set it to a very large value. -# A value of 0 can be set but is useful only for debugging and dangerous -# in production. -# -# cluster-migration-barrier 1 - -# By default Redis Cluster nodes stop accepting queries if they detect there -# is at least an hash slot uncovered (no available node is serving it). -# This way if the cluster is partially down (for example a range of hash slots -# are no longer covered) all the cluster becomes, eventually, unavailable. -# It automatically returns available as soon as all the slots are covered again. -# -# However sometimes you want the subset of the cluster which is working, -# to continue to accept queries for the part of the key space that is still -# covered. In order to do so, just set the cluster-require-full-coverage -# option to no. -# -# cluster-require-full-coverage yes - -# In order to setup your cluster make sure to read the documentation -# available at http://redis.io web site. - -################################## SLOW LOG ################################### - -# The Redis Slow Log is a system to log queries that exceeded a specified -# execution time. The execution time does not include the I/O operations -# like talking with the client, sending the reply and so forth, -# but just the time needed to actually execute the command (this is the only -# stage of command execution where the thread is blocked and can not serve -# other requests in the meantime). -# -# You can configure the slow log with two parameters: one tells Redis -# what is the execution time, in microseconds, to exceed in order for the -# command to get logged, and the other parameter is the length of the -# slow log. When a new command is logged the oldest one is removed from the -# queue of logged commands. - -# The following time is expressed in microseconds, so 1000000 is equivalent -# to one second. Note that a negative number disables the slow log, while -# a value of zero forces the logging of every command. -slowlog-log-slower-than 10000 - -# There is no limit to this length. Just be aware that it will consume memory. -# You can reclaim memory used by the slow log with SLOWLOG RESET. -slowlog-max-len 128 - -################################ LATENCY MONITOR ############################## - -# The Redis latency monitoring subsystem samples different operations -# at runtime in order to collect data related to possible sources of -# latency of a Redis instance. -# -# Via the LATENCY command this information is available to the user that can -# print graphs and obtain reports. -# -# The system only logs operations that were performed in a time equal or -# greater than the amount of milliseconds specified via the -# latency-monitor-threshold configuration directive. When its value is set -# to zero, the latency monitor is turned off. -# -# By default latency monitoring is disabled since it is mostly not needed -# if you don't have latency issues, and collecting data has a performance -# impact, that while very small, can be measured under big load. Latency -# monitoring can easily be enabled at runtime using the command -# "CONFIG SET latency-monitor-threshold " if needed. -latency-monitor-threshold 0 - -############################# EVENT NOTIFICATION ############################## - -# Redis can notify Pub/Sub clients about events happening in the key space. -# This feature is documented at http://redis.io/topics/notifications -# -# For instance if keyspace events notification is enabled, and a client -# performs a DEL operation on key "foo" stored in the Database 0, two -# messages will be published via Pub/Sub: -# -# PUBLISH __keyspace@0__:foo del -# PUBLISH __keyevent@0__:del foo -# -# It is possible to select the events that Redis will notify among a set -# of classes. Every class is identified by a single character: -# -# K Keyspace events, published with __keyspace@__ prefix. -# E Keyevent events, published with __keyevent@__ prefix. -# g Generic commands (non-type specific) like DEL, EXPIRE, RENAME, ... -# $ String commands -# l List commands -# s Set commands -# h Hash commands -# z Sorted set commands -# x Expired events (events generated every time a key expires) -# e Evicted events (events generated when a key is evicted for maxmemory) -# A Alias for g$lshzxe, so that the "AKE" string means all the events. -# -# The "notify-keyspace-events" takes as argument a string that is composed -# of zero or multiple characters. The empty string means that notifications -# are disabled. -# -# Example: to enable list and generic events, from the point of view of the -# event name, use: -# -# notify-keyspace-events Elg -# -# Example 2: to get the stream of the expired keys subscribing to channel -# name __keyevent@0__:expired use: -# -# notify-keyspace-events Ex -# -# By default all notifications are disabled because most users don't need -# this feature and the feature has some overhead. Note that if you don't -# specify at least one of K or E, no events will be delivered. -notify-keyspace-events "" - -############################### ADVANCED CONFIG ############################### - -# Hashes are encoded using a memory efficient data structure when they have a -# small number of entries, and the biggest entry does not exceed a given -# threshold. These thresholds can be configured using the following directives. -hash-max-ziplist-entries 512 -hash-max-ziplist-value 64 - -# Lists are also encoded in a special way to save a lot of space. -# The number of entries allowed per internal list node can be specified -# as a fixed maximum size or a maximum number of elements. -# For a fixed maximum size, use -5 through -1, meaning: -# -5: max size: 64 Kb <-- not recommended for normal workloads -# -4: max size: 32 Kb <-- not recommended -# -3: max size: 16 Kb <-- probably not recommended -# -2: max size: 8 Kb <-- good -# -1: max size: 4 Kb <-- good -# Positive numbers mean store up to _exactly_ that number of elements -# per list node. -# The highest performing option is usually -2 (8 Kb size) or -1 (4 Kb size), -# but if your use case is unique, adjust the settings as necessary. -list-max-ziplist-size -2 - -# Lists may also be compressed. -# Compress depth is the number of quicklist ziplist nodes from *each* side of -# the list to *exclude* from compression. The head and tail of the list -# are always uncompressed for fast push/pop operations. Settings are: -# 0: disable all list compression -# 1: depth 1 means "don't start compressing until after 1 node into the list, -# going from either the head or tail" -# So: [head]->node->node->...->node->[tail] -# [head], [tail] will always be uncompressed; inner nodes will compress. -# 2: [head]->[next]->node->node->...->node->[prev]->[tail] -# 2 here means: don't compress head or head->next or tail->prev or tail, -# but compress all nodes between them. -# 3: [head]->[next]->[next]->node->node->...->node->[prev]->[prev]->[tail] -# etc. -list-compress-depth 0 - -# Sets have a special encoding in just one case: when a set is composed -# of just strings that happen to be integers in radix 10 in the range -# of 64 bit signed integers. -# The following configuration setting sets the limit in the size of the -# set in order to use this special memory saving encoding. -set-max-intset-entries 512 - -# Similarly to hashes and lists, sorted sets are also specially encoded in -# order to save a lot of space. This encoding is only used when the length and -# elements of a sorted set are below the following limits: -zset-max-ziplist-entries 128 -zset-max-ziplist-value 64 - -# HyperLogLog sparse representation bytes limit. The limit includes the -# 16 bytes header. When an HyperLogLog using the sparse representation crosses -# this limit, it is converted into the dense representation. -# -# A value greater than 16000 is totally useless, since at that point the -# dense representation is more memory efficient. -# -# The suggested value is ~ 3000 in order to have the benefits of -# the space efficient encoding without slowing down too much PFADD, -# which is O(N) with the sparse encoding. The value can be raised to -# ~ 10000 when CPU is not a concern, but space is, and the data set is -# composed of many HyperLogLogs with cardinality in the 0 - 15000 range. -hll-sparse-max-bytes 3000 - -# Active rehashing uses 1 millisecond every 100 milliseconds of CPU time in -# order to help rehashing the main Redis hash table (the one mapping top-level -# keys to values). The hash table implementation Redis uses (see dict.c) -# performs a lazy rehashing: the more operation you run into a hash table -# that is rehashing, the more rehashing "steps" are performed, so if the -# server is idle the rehashing is never complete and some more memory is used -# by the hash table. -# -# The default is to use this millisecond 10 times every second in order to -# actively rehash the main dictionaries, freeing memory when possible. -# -# If unsure: -# use "activerehashing no" if you have hard latency requirements and it is -# not a good thing in your environment that Redis can reply from time to time -# to queries with 2 milliseconds delay. -# -# use "activerehashing yes" if you don't have such hard requirements but -# want to free memory asap when possible. -activerehashing yes - -# The client output buffer limits can be used to force disconnection of clients -# that are not reading data from the server fast enough for some reason (a -# common reason is that a Pub/Sub client can't consume messages as fast as the -# publisher can produce them). -# -# The limit can be set differently for the three different classes of clients: -# -# normal -> normal clients including MONITOR clients -# slave -> slave clients -# pubsub -> clients subscribed to at least one pubsub channel or pattern -# -# The syntax of every client-output-buffer-limit directive is the following: -# -# client-output-buffer-limit -# -# A client is immediately disconnected once the hard limit is reached, or if -# the soft limit is reached and remains reached for the specified number of -# seconds (continuously). -# So for instance if the hard limit is 32 megabytes and the soft limit is -# 16 megabytes / 10 seconds, the client will get disconnected immediately -# if the size of the output buffers reach 32 megabytes, but will also get -# disconnected if the client reaches 16 megabytes and continuously overcomes -# the limit for 10 seconds. -# -# By default normal clients are not limited because they don't receive data -# without asking (in a push way), but just after a request, so only -# asynchronous clients may create a scenario where data is requested faster -# than it can read. -# -# Instead there is a default limit for pubsub and slave clients, since -# subscribers and slaves receive data in a push fashion. -# -# Both the hard or the soft limit can be disabled by setting them to zero. -client-output-buffer-limit normal 0 0 0 -client-output-buffer-limit slave 256mb 64mb 60 -client-output-buffer-limit pubsub 32mb 8mb 60 - -# Redis calls an internal function to perform many background tasks, like -# closing connections of clients in timeout, purging expired keys that are -# never requested, and so forth. -# -# Not all tasks are performed with the same frequency, but Redis checks for -# tasks to perform according to the specified "hz" value. -# -# By default "hz" is set to 10. Raising the value will use more CPU when -# Redis is idle, but at the same time will make Redis more responsive when -# there are many keys expiring at the same time, and timeouts may be -# handled with more precision. -# -# The range is between 1 and 500, however a value over 100 is usually not -# a good idea. Most users should use the default of 10 and raise this up to -# 100 only in environments where very low latency is required. -hz 10 - -# When a child rewrites the AOF file, if the following option is enabled -# the file will be fsync-ed every 32 MB of data generated. This is useful -# in order to commit the file to the disk more incrementally and avoid -# big latency spikes. -aof-rewrite-incremental-fsync yes diff --git a/roles/cert-redis/files/cert-redis.service b/roles/cert-redis/files/cert-redis.service deleted file mode 100644 index 8e44672..0000000 --- a/roles/cert-redis/files/cert-redis.service +++ /dev/null @@ -1,12 +0,0 @@ -[Unit] -Description=Redis persistent key-value database -After=network.target - -[Service] -ExecStart=/usr/bin/redis-server /etc/cert-redis.conf --supervised systemd -ExecStop=/usr/libexec/redis-shutdown cert-redis -Type=notify - -[Install] -WantedBy=multi-user.target - diff --git a/roles/cert-redis/tasks/main.yml b/roles/cert-redis/tasks/main.yml deleted file mode 100644 index c8caa71..0000000 --- a/roles/cert-redis/tasks/main.yml +++ /dev/null @@ -1,15 +0,0 @@ -- name: "copy cert-redis file to dest" - copy: - src: "{{ role_path }}/files/" - dest: "{{ item.dest }}" - mode: "{{ item.mode }}" - with_items: - - { src: "cert-redis.conf" , dest: "/etc" , mode: "0644" } - - { src: "cert-redis.service" , dest: "/usr/lib/systemd/system" , mode: "0644" } - -- name: "start cert-redis" - systemd: - name: cert-redis.service - state: started - daemon_reload: yes - enabled: yes diff --git a/roles/certstore/files/certstore-2.1.7.20210422.3f0c7ed-1.el7.x86_64.rpm b/roles/certstore/files/certstore-2.1.7.20210422.3f0c7ed-1.el7.x86_64.rpm deleted file mode 100644 index 8fb96eb..0000000 Binary files a/roles/certstore/files/certstore-2.1.7.20210422.3f0c7ed-1.el7.x86_64.rpm and /dev/null differ diff --git a/roles/certstore/files/memory.conf b/roles/certstore/files/memory.conf deleted file mode 100644 index c9bd857..0000000 --- a/roles/certstore/files/memory.conf +++ /dev/null @@ -1,3 +0,0 @@ -[Service] -MemoryLimit=16G -ExecStartPost=/bin/bash -c "echo 16G > /sys/fs/cgroup/memory/system.slice/certstore.service/memory.memsw.limit_in_bytes" diff --git a/roles/certstore/tasks/main.yml b/roles/certstore/tasks/main.yml deleted file mode 100644 index ed25613..0000000 --- a/roles/certstore/tasks/main.yml +++ /dev/null @@ -1,37 +0,0 @@ -- name: "copy certstore rpm to destination" - synchronize: - src: "{{ role_path }}/files/" - dest: "/tmp/ansible_deploy/" - -- name: Ensures /opt/tsg exists - file: path=/opt/tsg state=directory - tags: mkdir - -- name: install certstore - yum: - name: - - /tmp/ansible_deploy/certstore-2.1.7.20210422.3f0c7ed-1.el7.x86_64.rpm - state: present - -- name: template certstore configure file - template: - src: "{{ role_path }}/templates/cert_store.ini.j2" - dest: /opt/tsg/certstore/conf/cert_store.ini - -- name: template certstore zlog file - template: - src: "{{ role_path }}/templates/zlog.conf.j2" - dest: /opt/tsg/certstore/conf/zlog.conf - -- name: "copy memory limit file to certstore.service.d" - copy: - src: "{{ role_path }}/files/memory.conf" - dest: /etc/systemd/system/certstore.service.d/ - mode: 0644 - -- name: "start certstore" - systemd: - name: certstore.service - state: started - enabled: yes - daemon_reload: yes diff --git a/roles/certstore/templates/cert_store.ini.j2 b/roles/certstore/templates/cert_store.ini.j2 deleted file mode 100644 index e2ced45..0000000 --- a/roles/certstore/templates/cert_store.ini.j2 +++ /dev/null @@ -1,60 +0,0 @@ -[SYSTEM] -#1:print on screen, 0:don't -DEBUG_SWITCH = 1 -RUN_LOG_PATH = "conf/zlog.conf" - -[breakpad] -disable_coredump=0 -enable_breakpad=1 -breakpad_minidump_dir=/tmp/certstore/crashreport -enable_breakpad_upload=1 -breakpad_upload_url= {{ breakpad_upload_url }} - -[CONFIG] -#Number of running threads -thread-nu = 4 -#1 rsync, 0 sync -mode=1 -#Local default root certificate is valid for 30 days by default -expire_after = 30 -#Local default root certificate path -local_debug = 1 -ca_path = ./cert/tango-ca-v3-trust-ca.pem -untrusted_ca_path = ./cert/tango-ca-v3-untrust-ca.pem - -[MAAT] -#Configure the load mode, -#0: using the configuration distribution network -#1: using local json -#2: using Redis reads -maat_json_switch=2 -#When the loading mode is sent to the network, set the scanning configuration modification interval (s). -effective_interval=1 -#Specify the location of the configuration library table file -table_info=./conf/table_info.conf -#Incremental profile path -inc_cfg_dir=./rule/inc/index -#Full profile path -full_cfg_dir=./rule/full/index -#Json file path when json schema is used -pxy_obj_keyring=./conf/pxy_obj_keyring.json - -[LIBEVENT] -#Local monitor port number, default is 9991 -port = 9991 - -[CERTSTORE_REDIS] -#The Redis server IP address and port number where the certificate is stored locally -ip = 127.0.0.1 -port = 6379 - -[MAAT_REDIS] -#Maat monitors the Redsi server IP address and port number -ip = {{ maat_redis_server.address }} -port = {{ maat_redis_server.port }} -dbindex = {{ maat_redis_server.db }} -[stat] -statsd_server=127.0.0.1 -statsd_port=8100 -statsd_set_prometheus_port=9002 -statsd_set_prometheus_url_path=/metrics diff --git a/roles/certstore/templates/zlog.conf.j2 b/roles/certstore/templates/zlog.conf.j2 deleted file mode 100644 index 02f5f96..0000000 --- a/roles/certstore/templates/zlog.conf.j2 +++ /dev/null @@ -1,10 +0,0 @@ -[global] -default format = "%d(%c), %V, %F, %U, %m%n" -[levels] -DEBUG=10 -INFO=20 -FATAL=30 -[rules] -*.fatal "./logs/error.log.%d(%F)"; -*.{{ certstore_log_level }} "./logs/certstore.log.%d(%F)" - diff --git a/roles/docker-env/files/daemon.json b/roles/docker-env/files/daemon.json deleted file mode 100644 index c34d29f..0000000 --- a/roles/docker-env/files/daemon.json +++ /dev/null @@ -1 +0,0 @@ -{"iptables":false,"bridge": "none"} diff --git a/roles/docker-env/files/docker-ce.zip b/roles/docker-env/files/docker-ce.zip deleted file mode 100644 index 1a35c99..0000000 Binary files a/roles/docker-env/files/docker-ce.zip and /dev/null differ diff --git a/roles/docker-env/files/docker-compose.zip b/roles/docker-env/files/docker-compose.zip deleted file mode 100644 index 0498c86..0000000 Binary files a/roles/docker-env/files/docker-compose.zip and /dev/null differ diff --git a/roles/docker-env/files/python3.zip b/roles/docker-env/files/python3.zip deleted file mode 100644 index 5338198..0000000 Binary files a/roles/docker-env/files/python3.zip and /dev/null differ diff --git a/roles/docker-env/tasks/docker-ce.yml b/roles/docker-env/tasks/docker-ce.yml deleted file mode 100644 index bd6b8cc..0000000 --- a/roles/docker-env/tasks/docker-ce.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- -- name: "docker-ce: copy docker-ce.zip to dest device" - copy: - src: '{{ role_path }}/files/docker-ce.zip' - dest: /tmp/ansible_deploy/ - -- name: "docker-ce: unarchive docker-ce.zip" - unarchive: - src: /tmp/ansible_deploy/docker-ce.zip - dest: /tmp/ansible_deploy/ - remote_src: yes - -- name: "docker-ce: install docker-ce rpm package and dependencies" - yum: - name: - - /tmp/ansible_deploy/docker-ce/container-selinux-2.119.2-1.911c772.el7_8.noarch.rpm - - /tmp/ansible_deploy/docker-ce/docker-ce-19.03.13-3.el7.x86_64.rpm - - /tmp/ansible_deploy/docker-ce/docker-ce-cli-19.03.13-3.el7.x86_64.rpm - - /tmp/ansible_deploy/docker-ce/containerd.io-1.3.7-3.1.el7.x86_64.rpm - - /tmp/ansible_deploy/docker-ce/selinux-policy-targeted-3.13.1-266.el7_8.1.noarch.rpm - - /tmp/ansible_deploy/docker-ce/selinux-policy-3.13.1-266.el7_8.1.noarch.rpm - - /tmp/ansible_deploy/docker-ce/policycoreutils-python-2.5-34.el7.x86_64.rpm - - /tmp/ansible_deploy/docker-ce/policycoreutils-2.5-34.el7.x86_64.rpm - - /tmp/ansible_deploy/docker-ce/libselinux-utils-2.5-15.el7.x86_64.rpm - - /tmp/ansible_deploy/docker-ce/libselinux-python-2.5-15.el7.x86_64.rpm - - /tmp/ansible_deploy/docker-ce/libselinux-2.5-15.el7.x86_64.rpm - - /tmp/ansible_deploy/docker-ce/setools-libs-3.3.8-4.el7.x86_64.rpm - - /tmp/ansible_deploy/docker-ce/libsepol-2.5-10.el7.x86_64.rpm - - /tmp/ansible_deploy/docker-ce/libsemanage-python-2.5-14.el7.x86_64.rpm - - /tmp/ansible_deploy/docker-ce/libsemanage-2.5-14.el7.x86_64.rpm - state: present - -- name: "docker-ce: copy daemon.json to target" - copy: - src: '{{ role_path }}/files/daemon.json' - dest: /etc/docker/ - -- name: "docker-ce: systemctl start docker and enabled docker" - systemd: - name: docker - enabled: yes - daemon_reload: yes - state: started diff --git a/roles/docker-env/tasks/docker-compose.yml b/roles/docker-env/tasks/docker-compose.yml deleted file mode 100644 index 083b0f1..0000000 --- a/roles/docker-env/tasks/docker-compose.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- -- name: "docker-compose: copy docker-compose.zip to dest device" - copy: - src: '{{ role_path }}/files/docker-compose.zip' - dest: /tmp/ansible_deploy/ - -- name: "docker-compose: unarchive docker-compose.zip" - unarchive: - src: /tmp/ansible_deploy/docker-compose.zip - dest: /tmp/ansible_deploy/ - remote_src: yes - -- name: "docker-compose: install docker-compose using pip3" - pip: - requirements: /tmp/ansible_deploy/docker-compose/requirements.txt - extra_args: "--no-index --find-links=file:///tmp/ansible_deploy/docker-compose" - state: forcereinstall - executable: pip3 diff --git a/roles/docker-env/tasks/main.yml b/roles/docker-env/tasks/main.yml deleted file mode 100644 index 11ad454..0000000 --- a/roles/docker-env/tasks/main.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- include: docker-ce.yml -- include: python3.yml -- include: docker-compose.yml diff --git a/roles/docker-env/tasks/python3.yml b/roles/docker-env/tasks/python3.yml deleted file mode 100644 index 27b9347..0000000 --- a/roles/docker-env/tasks/python3.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -- name: "python3: copy python3.zip to dest device" - copy: - src: '{{ role_path }}/files/python3.zip' - dest: /tmp/ansible_deploy/ - -- name: "python3: unarchive python3.zip" - unarchive: - src: /tmp/ansible_deploy/python3.zip - dest: /tmp/ansible_deploy/ - remote_src: yes - -- name: "python3: install python3 rpm package and dependencies" - yum: - name: - - /tmp/ansible_deploy/python3/python3-libs-3.6.8-13.el7.x86_64.rpm - - /tmp/ansible_deploy/python3/python3-3.6.8-13.el7.x86_64.rpm - - /tmp/ansible_deploy/python3/python3-pip-9.0.3-7.el7_7.noarch.rpm - - /tmp/ansible_deploy/python3/python3-setuptools-39.2.0-10.el7.noarch.rpm - - /tmp/ansible_deploy/python3/libtirpc-0.2.4-0.16.el7.x86_64.rpm - state: present diff --git a/roles/dump_rtp_pcap/files/dump_rtp_pcap-1.0.2.445da24-2.el7.x86_64.rpm b/roles/dump_rtp_pcap/files/dump_rtp_pcap-1.0.2.445da24-2.el7.x86_64.rpm deleted file mode 100644 index 5e83bb1..0000000 Binary files a/roles/dump_rtp_pcap/files/dump_rtp_pcap-1.0.2.445da24-2.el7.x86_64.rpm and /dev/null differ diff --git a/roles/dump_rtp_pcap/tasks/main.yml b/roles/dump_rtp_pcap/tasks/main.yml deleted file mode 100644 index 5f863fb..0000000 --- a/roles/dump_rtp_pcap/tasks/main.yml +++ /dev/null @@ -1,22 +0,0 @@ -- name: "dump-rtp-pcap: copy dump-rtp-pcap rpm package to destination" - copy: - src: "{{ role_path }}/files/" - dest: /tmp/ansible_deploy/ - -- name: "dump-rtp-pcap: install dump-rtp-pcap rpm from localhost" - yum: - name: - - /tmp/ansible_deploy/dump_rtp_pcap-1.0.2.445da24-2.el7.x86_64.rpm - state: present - -- name: "dump-rtp-pcap: Template the dump_rtp_pcap.json" - template: - src: "{{ role_path }}/templates/dump_rtp_pcap.json.j2" - dest: /home/mesasoft/dump_rtp_pcap/dump_rtp_pcap.json - tags: template - -- name: "start dump_rtp_pcap" - systemd: - name: dump_rtp_pcap.service - enabled: yes - daemon_reload: yes diff --git a/roles/dump_rtp_pcap/templates/dump_rtp_pcap.json.j2 b/roles/dump_rtp_pcap/templates/dump_rtp_pcap.json.j2 deleted file mode 100644 index 08dfdcf..0000000 --- a/roles/dump_rtp_pcap/templates/dump_rtp_pcap.json.j2 +++ /dev/null @@ -1,23 +0,0 @@ -{ - "endian":"little", - "aws_access_key_id": "{{ dump_rtp_pcap.aws_access_key_id }}", - "aws_secret_access_key": "{{ dump_rtp_pcap.aws_secret_access_key }}", - "aws_session_token": "{{ dump_rtp_pcap.aws_session_token }}", - "bucket_name": "rtp-log", - "consume_auto_offset_reset":"latest", - "consume_bootstrap_servers": ["{{ dump_rtp_pcap.consume_bootstrap_servers | join("\",\"") }}"], - "consume_topic": "INTERNAL-RTP-LOG", - "endpoint_url": "{{ dump_rtp_pcap.endpoint_url }}", - "file_prefix":"rtp_log", - "group_id": "rtp-log-1", - "produce_bootstrap_servers": "{{ dump_rtp_pcap.produce_bootstrap_servers }}", - "produce_topic": "VOIP-RECORD-LOG", - "region_name": "us-east-1", - "save_speed_emit_interval":30, - "upload_speed_emit_interval":30, - "queue_size":{{ dump_rtp_pcap.queue_size }}, - "coroutine_max_num":{{ dump_rtp_pcap.coroutine_max_num }}, - "coroutine_num":{{ dump_rtp_pcap.coroutine_num }}, - "qfull_mode":{{ dump_rtp_pcap.qfull_mode }}, - "qfull_interval":{{ dump_rtp_pcap.qfull_interval }} -} diff --git a/roles/firewall/files/app_proto_identify-2.0.1.dd683eb-2.el7.x86_64.rpm b/roles/firewall/files/app_proto_identify-2.0.1.dd683eb-2.el7.x86_64.rpm deleted file mode 100644 index e6d6467..0000000 Binary files a/roles/firewall/files/app_proto_identify-2.0.1.dd683eb-2.el7.x86_64.rpm and /dev/null differ diff --git a/roles/firewall/files/capture_packet_plug-3.0.6.a2db4a4-2.el7.x86_64.rpm b/roles/firewall/files/capture_packet_plug-3.0.6.a2db4a4-2.el7.x86_64.rpm deleted file mode 100644 index a40e226..0000000 Binary files a/roles/firewall/files/capture_packet_plug-3.0.6.a2db4a4-2.el7.x86_64.rpm and /dev/null differ diff --git a/roles/firewall/files/dns-2.0.11.2265b5c-2.el7.x86_64.rpm b/roles/firewall/files/dns-2.0.11.2265b5c-2.el7.x86_64.rpm deleted file mode 100644 index 7b67c2f..0000000 Binary files a/roles/firewall/files/dns-2.0.11.2265b5c-2.el7.x86_64.rpm and /dev/null differ diff --git a/roles/firewall/files/dns-2.0.12.e083fec-2.el7.x86_64.rpm b/roles/firewall/files/dns-2.0.12.e083fec-2.el7.x86_64.rpm new file mode 100644 index 0000000..93b2e2e Binary files /dev/null and b/roles/firewall/files/dns-2.0.12.e083fec-2.el7.x86_64.rpm differ diff --git a/roles/firewall/files/fw_dns_plug-3.0.5.2a25c20-2.el7.x86_64.rpm b/roles/firewall/files/fw_dns_plug-3.0.5.2a25c20-2.el7.x86_64.rpm deleted file mode 100644 index ec20368..0000000 Binary files a/roles/firewall/files/fw_dns_plug-3.0.5.2a25c20-2.el7.x86_64.rpm and /dev/null differ diff --git a/roles/firewall/files/fw_dns_plug-3.0.6.57c2feb-2.el7.x86_64.rpm b/roles/firewall/files/fw_dns_plug-3.0.6.57c2feb-2.el7.x86_64.rpm new file mode 100644 index 0000000..7a2db83 Binary files /dev/null and b/roles/firewall/files/fw_dns_plug-3.0.6.57c2feb-2.el7.x86_64.rpm differ diff --git a/roles/firewall/files/fw_ssl_plug-3.0.6.a121701-2.el7.x86_64.rpm b/roles/firewall/files/fw_ssl_plug-3.0.6.a121701-2.el7.x86_64.rpm deleted file mode 100644 index 2473cc4..0000000 Binary files a/roles/firewall/files/fw_ssl_plug-3.0.6.a121701-2.el7.x86_64.rpm and /dev/null differ diff --git a/roles/firewall/files/fw_ssl_plug-3.1.1.d9e9de4-2.el7.x86_64.rpm b/roles/firewall/files/fw_ssl_plug-3.1.1.d9e9de4-2.el7.x86_64.rpm new file mode 100644 index 0000000..6b705dd Binary files /dev/null and b/roles/firewall/files/fw_ssl_plug-3.1.1.d9e9de4-2.el7.x86_64.rpm differ diff --git a/roles/firewall/files/gtp_signaling_plug-1.0.1.6e51cc4-2.el7.x86_64.rpm b/roles/firewall/files/gtp_signaling_plug-1.0.1.6e51cc4-2.el7.x86_64.rpm deleted file mode 100644 index 64fbd48..0000000 Binary files a/roles/firewall/files/gtp_signaling_plug-1.0.1.6e51cc4-2.el7.x86_64.rpm and /dev/null differ diff --git a/roles/firewall/files/gtp_signaling_plug-1.0.2.2dfced5-2.el7.x86_64.rpm b/roles/firewall/files/gtp_signaling_plug-1.0.2.2dfced5-2.el7.x86_64.rpm new file mode 100644 index 0000000..75bf566 Binary files /dev/null and b/roles/firewall/files/gtp_signaling_plug-1.0.2.2dfced5-2.el7.x86_64.rpm differ diff --git a/roles/firewall/files/mail-1.0.11.48abeae-2.el7.x86_64.rpm b/roles/firewall/files/mail-1.0.11.48abeae-2.el7.x86_64.rpm new file mode 100644 index 0000000..b78f97c Binary files /dev/null and b/roles/firewall/files/mail-1.0.11.48abeae-2.el7.x86_64.rpm differ diff --git a/roles/firewall/files/mail-1.0.9.c1d3bde-2.el7.x86_64.rpm b/roles/firewall/files/mail-1.0.9.c1d3bde-2.el7.x86_64.rpm deleted file mode 100644 index 1eace4e..0000000 Binary files a/roles/firewall/files/mail-1.0.9.c1d3bde-2.el7.x86_64.rpm and /dev/null differ diff --git a/roles/firewall/files/mesa_sip-1.1.0.cfebc76-2.el7.x86_64.rpm b/roles/firewall/files/mesa_sip-1.1.0.cfebc76-2.el7.x86_64.rpm deleted file mode 100644 index a295851..0000000 Binary files a/roles/firewall/files/mesa_sip-1.1.0.cfebc76-2.el7.x86_64.rpm and /dev/null differ diff --git a/roles/firewall/files/mesa_sip-1.1.1.0721ead-2.el7.x86_64.rpm b/roles/firewall/files/mesa_sip-1.1.1.0721ead-2.el7.x86_64.rpm new file mode 100644 index 0000000..98b6442 Binary files /dev/null and b/roles/firewall/files/mesa_sip-1.1.1.0721ead-2.el7.x86_64.rpm differ diff --git a/roles/firewall/files/ssl-1.0.12.16b8fb5-2.el7.x86_64.rpm b/roles/firewall/files/ssl-1.0.12.16b8fb5-2.el7.x86_64.rpm deleted file mode 100644 index 7d92f28..0000000 Binary files a/roles/firewall/files/ssl-1.0.12.16b8fb5-2.el7.x86_64.rpm and /dev/null differ diff --git a/roles/firewall/files/ssl-2.0.2.1389716-2.el7.x86_64.rpm b/roles/firewall/files/ssl-2.0.2.1389716-2.el7.x86_64.rpm new file mode 100644 index 0000000..431d34b Binary files /dev/null and b/roles/firewall/files/ssl-2.0.2.1389716-2.el7.x86_64.rpm differ diff --git a/roles/firewall/files/tsg_conn_sketch-2.1.33.68c9aaf-2.el7.x86_64.rpm b/roles/firewall/files/tsg_conn_sketch-2.1.33.68c9aaf-2.el7.x86_64.rpm deleted file mode 100644 index 5b4ac20..0000000 Binary files a/roles/firewall/files/tsg_conn_sketch-2.1.33.68c9aaf-2.el7.x86_64.rpm and /dev/null differ diff --git a/roles/firewall/files/tsg_conn_sketch-2.1.41.906e62b-2.el7.x86_64.rpm b/roles/firewall/files/tsg_conn_sketch-2.1.41.906e62b-2.el7.x86_64.rpm new file mode 100644 index 0000000..a845e08 Binary files /dev/null and b/roles/firewall/files/tsg_conn_sketch-2.1.41.906e62b-2.el7.x86_64.rpm differ diff --git a/roles/firewall/tasks/main.yml b/roles/firewall/tasks/main.yml index 0303b67..15027ae 100644 --- a/roles/firewall/tasks/main.yml +++ b/roles/firewall/tasks/main.yml @@ -11,27 +11,25 @@ skip_broken: yes vars: fw_packages: - - /tmp/ansible_deploy/capture_packet_plug-3.0.6.a2db4a4-2.el7.x86_64.rpm - /tmp/ansible_deploy/conn_telemetry-1.0.2.8d6da43-2.el7.x86_64.rpm - - /tmp/ansible_deploy/dns-2.0.11.2265b5c-2.el7.x86_64.rpm + - /tmp/ansible_deploy/dns-2.0.12.e083fec-2.el7.x86_64.rpm - /tmp/ansible_deploy/ftp-1.0.8.13d5fda-2.el7.x86_64.rpm - - /tmp/ansible_deploy/fw_dns_plug-3.0.5.2a25c20-2.el7.x86_64.rpm + - /tmp/ansible_deploy/fw_dns_plug-3.0.6.57c2feb-2.el7.x86_64.rpm - /tmp/ansible_deploy/fw_ftp_plug-3.0.1.0a78573-2.el7.x86_64.rpm - /tmp/ansible_deploy/fw_http_plug-3.2.3.6b8c95d-2.el7.x86_64.rpm - /tmp/ansible_deploy/fw_mail_plug-3.1.1.777fa90-2.el7.x86_64.rpm - /tmp/ansible_deploy/fw_quic_plug-3.0.4.947ef77-2.el7.x86_64.rpm - - /tmp/ansible_deploy/fw_ssl_plug-3.0.6.a121701-2.el7.x86_64.rpm + - /tmp/ansible_deploy/fw_ssl_plug-3.1.1.d9e9de4-2.el7.x86_64.rpm - /tmp/ansible_deploy/http-2.0.5.c61ad9a-2.el7.x86_64.rpm - - /tmp/ansible_deploy/mail-1.0.9.c1d3bde-2.el7.x86_64.rpm + - /tmp/ansible_deploy/mail-1.0.11.48abeae-2.el7.x86_64.rpm - /tmp/ansible_deploy/quic-1.1.17.8c22b4d-2.el7.x86_64.rpm - - /tmp/ansible_deploy/ssl-1.0.12.16b8fb5-2.el7.x86_64.rpm - - /tmp/ansible_deploy/tsg_conn_sketch-2.1.33.68c9aaf-2.el7.x86_64.rpm + - /tmp/ansible_deploy/ssl-2.0.2.1389716-2.el7.x86_64.rpm + - /tmp/ansible_deploy/tsg_conn_sketch-2.1.41.906e62b-2.el7.x86_64.rpm - /tmp/ansible_deploy/rtp-1.0.4.91b4ab7-2.el7.x86_64.rpm - - /tmp/ansible_deploy/mesa_sip-1.1.0.cfebc76-2.el7.x86_64.rpm + - /tmp/ansible_deploy/mesa_sip-1.1.1.0721ead-2.el7.x86_64.rpm - /tmp/ansible_deploy/fw_voip_plug-1.0.6.341fe83-2.el7.x86_64.rpm - - /tmp/ansible_deploy/app_proto_identify-2.0.1.dd683eb-2.el7.x86_64.rpm - /tmp/ansible_deploy/gtp-1.0.4.8804e43-2.el7.x86_64.rpm - - /tmp/ansible_deploy/gtp_signaling_plug-1.0.1.6e51cc4-2.el7.x86_64.rpm + - /tmp/ansible_deploy/gtp_signaling_plug-1.0.2.2dfced5-2.el7.x86_64.rpm - name: "Template the tsgconf/main.conf" template: @@ -46,11 +44,6 @@ dest: /home/mesasoft/sapp_run/tsgconf/maat.conf tags: template -- name: "Template the conf/capture_packet_plug.conf.j2" - template: - src: "{{ role_path }}/templates/capture_packet_plug.conf.j2" - dest: /home/mesasoft/sapp_run/conf/capture_packet_plug.conf - tags: template - name: "Template the tsgconf/app_l7_proto_id.conf" template: @@ -63,3 +56,8 @@ dest: /home/mesasoft/sapp_run/plug/business/tsg_conn_sketch/tsg_conn_sketch.inf tags: template +- name: "Template the conf/http/http.conf" + template: + src: "{{ role_path }}/templates/http.conf.j2" + dest: /home/mesasoft/sapp_run/conf/http/http.conf + tags: template \ No newline at end of file diff --git a/roles/firewall/templates/app_l7_proto_id.conf.j2 b/roles/firewall/templates/app_l7_proto_id.conf.j2 deleted file mode 100644 index 714f943..0000000 --- a/roles/firewall/templates/app_l7_proto_id.conf.j2 +++ /dev/null @@ -1,51 +0,0 @@ -#TYPE:1:UCHAR,2:USHORT,3:USTRING,4:ULOG,5:USTRING,6:FILE,7:UBASE64,8:PACKET -#TYPE FIELD VALUE -STRING UNCATEGORIZED 100 -STRING UNCATEGORIZED 101 -STRING UNKNOWN_OTHER 102 -STRING DNS 103 -STRING FTP 104 -STRING FTPS 105 -STRING HTTP 106 -STRING HTTPS 107 -STRING ICMP 108 -STRING IKE 109 -STRING MAIL 110 -STRING IMAPS 111 -STRING IPSEC 112 -STRING XMPP 113 -STRING L2TP 114 -STRING NTP 115 -STRING POP3S 117 -STRING PPTP 118 -STRING QUIC 119 -STRING SIP 120 -STRING SMB 121 -STRING SMTPS 123 -STRING SPDY 124 -STRING SSH 125 -STRING SSL 126 -STRING SOCKS 127 -STRING TELNET 128 -STRING DHCP 129 -STRING RADIUS 130 -STRING OPENVPN 131 -STRING STUN 132 -STRING TEREDO 133 -STRING DTLS 134 -STRING DoH 135 -STRING ISAKMP 136 -STRING MDNS 137 -STRING NETBIOS 138 -STRING NETFLOW 139 -STRING RDP 140 -STRING RTCP 141 -STRING RTP 142 -STRING SLP 143 -STRING SNMP 144 -STRING SSDP 145 -STRING TFTP 146 -STRING BJNP 147 -STRING LDAP 148 -STRING RTMP 149 -STRING RTSP 150 diff --git a/roles/firewall/templates/capture_packet_plug.conf.j2 b/roles/firewall/templates/capture_packet_plug.conf.j2 deleted file mode 100644 index 4da1182..0000000 --- a/roles/firewall/templates/capture_packet_plug.conf.j2 +++ /dev/null @@ -1,28 +0,0 @@ -[MAAT] -MAAT_MODE=2 -#EFFECTIVE_FLAG= -STAT_SWITCH=1 -PERF_SWITCH=1 -TABLE_INFO=conf/capture_packet_tableinfo.conf -STAT_FILE=capture_packet_maat.status -EFFECT_INTERVAL_S=1 -REDIS_IP={{ maat_redis_server.address }} -REDIS_PORT_NUM={{ maat_redis_server.port_num }} -REDIS_PORT={{ maat_redis_server.port }} -REDIS_INDEX={{ maat_redis_server.db }} -JSON_CFG_FILE=conf/capture_packet_maat.json -INC_CFG_DIR=capture_packet_rule/inc/index/ -FULL_CFG_DIR=capture_packet_rule/full/index/ -EFFECTIVE_RANGE_FILE=/opt/tsg/etc/tsg_device_tag.json - -ACCEPT_TAGS={"tags":[{"tag":"data_center","value":"{{ data_center }}"}]} - -[LOG] -NIC_NAME={{ nic_mgr.name }} -BROKER_LIST={{ log_kafkabrokers.address | join(",") }} -FIELD_FILE=conf/capture_packet_log_field.conf - -[SYSTEM] -LOG_LEVEL={{ capture_packet_log_level }} -LOG_PATH=./tsglog/capture_packet_plug/capture_packet - diff --git a/roles/firewall/templates/http.conf.j2 b/roles/firewall/templates/http.conf.j2 new file mode 100644 index 0000000..7310e49 --- /dev/null +++ b/roles/firewall/templates/http.conf.j2 @@ -0,0 +1,43 @@ +#http_special +#all regions +1 HTTP_ALL +2 HTTP_OTHER_REGIONS +#http state +3 HTTP_STATE +4 HTTP_REQ_LINE +5 HTTP_RES_LINE +6 HTTP_CONTENT +7 HTTP_UNGZIP_CONTENT +8 HTTP_MESSAGE_URL +9 HTTP_URI +#http_request +10 HTTP_HOST +11 HTTP_REFERER +12 HTTP_USER_AGENT +13 HTTP_COOKIE +14 HTTP_PROXY_AUTHORIZATION +15 HTTP_AUTHORIZATION +#http_response +16 HTTP_LOCATION +17 HTTP_SERVER +18 HTTP_ETAG +#http_general +19 HTTP_DATE +20 HTTP_TRAILER +21 HTTP_TRANSFER_ENCODING +22 HTTP_VIA +23 HTTP_PRAGMA +24 HTTP_CONNECTION +#http_content +25 HTTP_CONT_ENCODING +26 HTTP_CONT_LANGUAGE +27 HTTP_CONT_LOCATION +28 HTTP_CONT_DISPOSITION +29 HTTP_CONT_RANGE +30 HTTP_CONT_LENGTH +31 HTTP_CONT_TYPE +32 HTTP_CHARSET +33 HTTP_EXPIRES +34 HTTP_X_FLASH_VERSION +35 HTTP_TRANSFER_LENGTH +36 Set-Cookie diff --git a/roles/firewall/templates/maat.conf.j2 b/roles/firewall/templates/maat.conf.j2 index 974bd9d..baa29f6 100644 --- a/roles/firewall/templates/maat.conf.j2 +++ b/roles/firewall/templates/maat.conf.j2 @@ -32,21 +32,5 @@ INC_CFG_DIR=tsgrule/inc/index/ FULL_CFG_DIR=tsgrule/full/index/ EFFECTIVE_RANGE_FILE=/opt/tsg/etc/tsg_device_tag.json -[APP_SIGNATURE_MAAT] -MAAT_MODE=2 -STAT_SWITCH=1 -PERF_SWITCH=1 -TABLE_INFO=tsgconf/app_sketch_tableinfo.conf -STAT_FILE=app_sketch_maat.status -EFFECT_INTERVAL_S=1 -REDIS_IP={{ maat_redis_server.address }} -REDIS_PORT_NUM={{ maat_redis_server.port_num }} -REDIS_PORT={{ maat_redis_server.port }} -REDIS_INDEX={{ maat_redis_server.db }} -JSON_CFG_FILE=tsgconf/app_sketch_maat.json -INC_CFG_DIR=tsgrule/inc/index/ -FULL_CFG_DIR=tsgrule/full/index/ -EFFECTIVE_RANGE_FILE=/opt/tsg/etc/tsg_device_tag.json - [MAAT] ACCEPT_TAGS={"tags":[{"tag":"data_center","value":"{{ data_center }}"}]} diff --git a/roles/firewall/templates/main.conf.j2 b/roles/firewall/templates/main.conf.j2 index 5087b35..6112ff3 100644 --- a/roles/firewall/templates/main.conf.j2 +++ b/roles/firewall/templates/main.conf.j2 @@ -66,11 +66,16 @@ ENTRANCE_ID={{ tsg_master_entrance_id }} LOG_LEVEL={{ tsg_master_log_level }} LOG_PATH="./tsglog/tsg_master" POLICY_PRIORITY_LABEL="POLICY_PRIORITY" +L7_PROTOCOL_FILE="./tsgconf/tsg_l7_protocol.conf" DEVICE_ID_COMMAND="hostname | awk -F'-' '{print $3}'| awk -F'adc' '{print $2}'" [TSG_CONN_SKETCH] log_service=2 - +live_service=6 +transaction_service=7 +live_service_switch=1 +transaction_service_switch=1 +live_intervals_time = 30 [HOS_CONF] hos_serverip="{{ firewall.hos_serverip }}" @@ -82,14 +87,3 @@ hos_thread_sum={{ firewall.hos_thread_sum }} hos_cache_size={{ firewall.hos_cache_size }} hos_fs2_serverip="{{ firewall.hos_fs2_serverip }}" hos_fs2_serverport={{ firewall.hos_fs2_serverport }} - -[APP_SKETCH_LOCAL] -LOG_LEVEL={{ firewall.APP_SKETCH_LOG_LEVEL }} -LOG_PATH="{{ firewall.APP_SKETCH_LOG_PATH }}" -L7_PROTOCOL_LABEL="{{ firewall.APP_SKETCH_L7_PROTOCOL_LABEL }}" - -[APP_SKETCH_FEEDBACK] -QOS={{ firewall.APP_SKETCH_QOS }} -PUBLISH_TOPIC="{{ firewall.APP_SKETCH_PUBLISH_TOPIC }}" -#CLIENT_ID= -BROKER_LIST="{{ firewall.APP_SKETCH_BROKER_LIST }}" diff --git a/roles/firewall/templates/tsg_conn_sketch.inf.j2 b/roles/firewall/templates/tsg_conn_sketch.inf.j2 index 170f1e7..28f7cb7 100644 --- a/roles/firewall/templates/tsg_conn_sketch.inf.j2 +++ b/roles/firewall/templates/tsg_conn_sketch.inf.j2 @@ -25,11 +25,22 @@ FUNC_NAME=tsg_record_http_entry FUNC_FLAG=SSL_CLIENT_HELLO,SSL_SERVER_HELLO,SSL_APPLICATION_DATA,SSL_CERTIFICATE_DETAIL FUNC_NAME=tsg_record_ssl_entry -#[DNS] -#FUNC_FLAG=ALL -#FUNC_NAME=tsg_record_dns_entry +[DNS] +FUNC_FLAG=ALL +FUNC_NAME=tsg_record_dns_entry [MAIL] FUNC_FLAG=ALL FUNC_NAME=tsg_record_mail_entry +[RTP] +FUNC_FLAG=ALL +FUNC_NAME=tsg_record_rtp_entry + +[SIP] +FUNC_FLAG=ALL +FUNC_NAME=tsg_record_sip_entry + +[FTP] +FUNC_FLAG=ALL +FUNC_NAME=tsg_record_ftp_entry diff --git a/roles/framework/files/libMESA_handle_logger-2.0.7.cb4ad71-2.el7.x86_64.rpm b/roles/framework/files/libMESA_handle_logger-2.0.7.cb4ad71-2.el7.x86_64.rpm deleted file mode 100644 index dd04541..0000000 Binary files a/roles/framework/files/libMESA_handle_logger-2.0.7.cb4ad71-2.el7.x86_64.rpm and /dev/null differ diff --git a/roles/framework/files/libMESA_handle_logger-2.0.8.f76af2f-2.el7.x86_64.rpm b/roles/framework/files/libMESA_handle_logger-2.0.8.f76af2f-2.el7.x86_64.rpm new file mode 100644 index 0000000..fc9f5a0 Binary files /dev/null and b/roles/framework/files/libMESA_handle_logger-2.0.8.f76af2f-2.el7.x86_64.rpm differ diff --git a/roles/framework/files/libhos-client-cpp-1.0.24.20e6f94-2.el7.x86_64.rpm b/roles/framework/files/libhos-client-cpp-1.0.24.20e6f94-2.el7.x86_64.rpm deleted file mode 100644 index 5bfe9ca..0000000 Binary files a/roles/framework/files/libhos-client-cpp-1.0.24.20e6f94-2.el7.x86_64.rpm and /dev/null differ diff --git a/roles/framework/files/libhos-client-cpp-1.0.26.a8573f5-2.el7.x86_64.rpm b/roles/framework/files/libhos-client-cpp-1.0.26.a8573f5-2.el7.x86_64.rpm new file mode 100644 index 0000000..a05fbd3 Binary files /dev/null and b/roles/framework/files/libhos-client-cpp-1.0.26.a8573f5-2.el7.x86_64.rpm differ diff --git a/roles/framework/files/libmaatframe-3.1.22.3.1.22.3.1.22.6b91622-2.el7.x86_64.rpm b/roles/framework/files/libmaatframe-3.1.22.3.1.22.3.1.22.6b91622-2.el7.x86_64.rpm deleted file mode 100644 index c304b38..0000000 Binary files a/roles/framework/files/libmaatframe-3.1.22.3.1.22.3.1.22.6b91622-2.el7.x86_64.rpm and /dev/null differ diff --git a/roles/framework/files/libmaatframe-3.2.1.8bf48ba-2.el7.x86_64.rpm b/roles/framework/files/libmaatframe-3.2.1.8bf48ba-2.el7.x86_64.rpm new file mode 100644 index 0000000..cf2acf7 Binary files /dev/null and b/roles/framework/files/libmaatframe-3.2.1.8bf48ba-2.el7.x86_64.rpm differ diff --git a/roles/sapp/files/maat_redis_tool b/roles/framework/files/maat_redis_tool old mode 100755 new mode 100644 similarity index 100% rename from roles/sapp/files/maat_redis_tool rename to roles/framework/files/maat_redis_tool diff --git a/roles/framework/tasks/main.yml b/roles/framework/tasks/main.yml index 08a8316..66d3ce7 100644 --- a/roles/framework/tasks/main.yml +++ b/roles/framework/tasks/main.yml @@ -12,10 +12,10 @@ packages: - /tmp/ansible_deploy/libcjson-1.7.10.ab2896f-2.el7.x86_64.rpm - /tmp/ansible_deploy/libdocumentanalyze-2.0.6.2d1abe0-2.el7.x86_64.rpm - - /tmp/ansible_deploy/libmaatframe-3.1.22.3.1.22.3.1.22.6b91622-2.el7.x86_64.rpm + - /tmp/ansible_deploy/libmaatframe-3.2.1.8bf48ba-2.el7.x86_64.rpm - /tmp/ansible_deploy/libMESA_field_stat-1.0.2.6d45eed-2.el7.x86_64.rpm - /tmp/ansible_deploy/libMESA_field_stat2-2.9.10.72ac4f1-2.el7.x86_64.rpm - - /tmp/ansible_deploy/libMESA_handle_logger-2.0.7.cb4ad71-2.el7.x86_64.rpm + - /tmp/ansible_deploy/libMESA_handle_logger-2.0.8.f76af2f-2.el7.x86_64.rpm - /tmp/ansible_deploy/libMESA_htable-3.10.12.cf4ccfc-2.el7.x86_64.rpm - /tmp/ansible_deploy/libMESA_prof_load-1.0.6.c6da36a-2.el7.x86_64.rpm - /tmp/ansible_deploy/librdkafka-0.11.4-1.el7.x86_64.rpm @@ -30,7 +30,7 @@ - /tmp/ansible_deploy/libaws-checksums-1.0.6.8b09ac1-2.el7.x86_64.rpm - /tmp/ansible_deploy/libaws-cpp-sdk-core-1.0.8.a3fe079-2.el7.x86_64.rpm - /tmp/ansible_deploy/libaws-cpp-sdk-s3-2.0.0.f3c33ea-2.el7.x86_64.rpm - - /tmp/ansible_deploy/libhos-client-cpp-1.0.24.20e6f94-2.el7.x86_64.rpm + - /tmp/ansible_deploy/libhos-client-cpp-1.0.26.a8573f5-2.el7.x86_64.rpm - name: "mkdir /etc/ld.so.conf.d/" file: @@ -44,3 +44,9 @@ - name: "update ld" command: ldconfig + +- name: "copy maat_redis_tool to destination" + copy: + src: "{{ role_path }}/files/maat_redis_tool" + dest: /opt/MESA/bin/ + mode: 0755 diff --git a/roles/http_healthcheck/files/http_healthcheck-20.04-1.el7.x86_64.rpm b/roles/http_healthcheck/files/http_healthcheck-20.04-1.el7.x86_64.rpm deleted file mode 100644 index eff24ad..0000000 Binary files a/roles/http_healthcheck/files/http_healthcheck-20.04-1.el7.x86_64.rpm and /dev/null differ diff --git a/roles/http_healthcheck/tasks/main.yml b/roles/http_healthcheck/tasks/main.yml deleted file mode 100644 index 82f34c4..0000000 --- a/roles/http_healthcheck/tasks/main.yml +++ /dev/null @@ -1,10 +0,0 @@ -- name: "copy http_healthcheck rpm to destination server" - copy: - src: "{{ role_path }}/files/" - dest: /tmp/ansible_deploy/ - -- name: "install http_healthcheck from localhost" - yum: - name: - - /tmp/ansible_deploy/http_healthcheck-20.04-1.el7.x86_64.rpm - state: present diff --git a/roles/kernel-ml/tasks/main.yml b/roles/kernel-ml/tasks/main.yml index 9aab721..2866980 100644 --- a/roles/kernel-ml/tasks/main.yml +++ b/roles/kernel-ml/tasks/main.yml @@ -20,26 +20,7 @@ command: /usr/sbin/grub2-set-default 0 when: t_kernel_ml.changed -- name: "copy /etc/default/grub" - copy: - src: "{{ role_path }}/files/grub" - dest: "/etc/default" - when: - - tsg_access_type == 4 or tsg_access_type == 5 - - t_kernel_ml.changed -- name: "BIOS:grub2-mkconfig" - shell: grub2-mkconfig -o /boot/grub2/grub.cfg - when: - - tsg_access_type == 4 or tsg_access_type == 5 - - t_kernel_ml.changed - -- name: "UEFI:grub2-mkconfig" - shell: grub2-mkconfig -o /boot/efi/EFI/centos/grub.cfg - when: - - tsg_access_type == 4 or tsg_access_type == 5 - - t_kernel_ml.changed - -- name: "reboot" - reboot: - when: t_kernel_ml.changed +#- name: "reboot" +# reboot: +# when: t_kernel_ml.changed diff --git a/roles/kni/files/kni-21.05.01.e7573e5-2.el7.x86_64.rpm b/roles/kni/files/kni-21.05.01.e7573e5-2.el7.x86_64.rpm deleted file mode 100644 index 2b5aed1..0000000 Binary files a/roles/kni/files/kni-21.05.01.e7573e5-2.el7.x86_64.rpm and /dev/null differ diff --git a/roles/kni/tasks/main.yml b/roles/kni/tasks/main.yml deleted file mode 100644 index 96bb70a..0000000 --- a/roles/kni/tasks/main.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -- name: "copy kni to destination server" - copy: - src: "{{ role_path }}/files/" - dest: /tmp/ansible_deploy/ - -- name: "install kni rpms from localhost" - yum: - name: - - /tmp/ansible_deploy/kni-21.05.01.e7573e5-2.el7.x86_64.rpm - state: present -# skip_broken: yes - -- name: Template the kni.conf - template: - src: "{{ role_path }}/templates/kni.conf.j2" - dest: /home/mesasoft/sapp_run/etc/kni/kni.conf - tags: template - -- name: "enable sapp" - systemd: - name: sapp - enabled: yes - daemon_reload: yes diff --git a/roles/kni/templates/kni.conf.j2 b/roles/kni/templates/kni.conf.j2 deleted file mode 100644 index e0a5a22..0000000 --- a/roles/kni/templates/kni.conf.j2 +++ /dev/null @@ -1,144 +0,0 @@ -[global] -log_path = ./log/kni/kni.log -log_level = {{ kni_log_level }} -tfe_node_count = {{ kni.global.tfe_node_count }} -manage_eth = {{ nic_mgr.name }} -{% if tsg_running_type == 0 %} -deploy_mode = tun -{% else %} -deploy_mode = normal -{% endif %} -tun_name = tun_kni -src_mac_addr = 00:0e:c6:d6:72:c1 -dst_mac_addr = fe:65:b7:03:50:bd -{% if tsg_access_type == 4 or tsg_access_type == 5 %} -[tfe0] -enabled = 1 -dev_eth_symbol = {{ ATCA_data_incoming.vf1_name }} -ip_addr = 192.168.100.1 -{% elif tsg_running_type == 2 %} -[tfe0] -enabled = {{ kni.tfe_nodes.tfe0_enabled }} -dev_eth_symbol = {{ nic_to_tfe.tfe0.name }} -ip_addr = 192.168.100.2 - -[tfe1] -enabled = {{ kni.tfe_nodes.tfe1_enabled }} -dev_eth_symbol = {{ nic_to_tfe.tfe1.name }} -ip_addr = 192.168.100.3 - -[tfe2] -enabled = {{ kni.tfe_nodes.tfe2_enabled }} -dev_eth_symbol = {{ nic_to_tfe.tfe2.name }} -ip_addr = 192.168.100.4 -{% endif %} - -[tfe_cmsg_receiver] -listen_eth = {{ nic_inner_ctrl.name }} -listen_port = 2475 - -[watch_dog] -switch = {{ kni.watch_dog.switch }} -listen_eth = {{ nic_inner_ctrl.name }} -listen_port = 2476 -keepalive_idle = 2 -keepalive_intvl = 1 -keepalive_cnt = 3 - -[marsio] -appsym = knifw - -[dup_traffic] -switch = 0 -action = 2 -capacity = 10000000 -error_rate = 0.00001 -expiry_time = 60 - -[traceid2pme_htable] -mho_screen_print_ctrl = 0 -mho_thread_safe = 1 -mho_mutex_num = 160 -mho_hash_slot_size = 640000 -mho_hash_max_element_num = 2560000 -mho_expire_time = 30 -mho_eliminate_type = LRU - -#per thread -[tuple2stream_htable] -mho_screen_print_ctrl = 0 -mho_thread_safe = 0 -mho_mutex_num = 160 -mho_hash_slot_size = 80000 -mho_hash_max_element_num = 320000 -mho_expire_time = 0 -mho_eliminate_type = LRU - -[field_stat] -remote_switch = 1 -remote_ip = 127.0.0.1 -remote_port = 58100 -local_path = ./fs2_kni.status -stat_cycle = 1 -print_mode = 1 -# 1:FS_OUTPUT_STATSD; 2:FS_OUTPUT_INFLUX_LINE -statsd_format = 2 -APP_NAME = fs2_kni - -#self test Shunt rules security policy id -[tsg_diagnose] -enabled = 1 -security_policy_id = 3,10 - - -[ssl_dynamic_bypass] -enabled = 0 - -#kni dynamic bypass -[traceid2sslinfo_htable] -mho_screen_print_ctrl = 0 -mho_thread_safe = 1 -mho_mutex_num = 160 -mho_hash_slot_size = 80000 -mho_hash_max_element_num = 320000 -mho_expire_time = 300 -mho_eliminate_type = FIFO - -[sslinfo2bypass_htable] -mho_screen_print_ctrl = 0 -mho_thread_safe = 1 -mho_mutex_num = 160 -mho_hash_slot_size = 640000 -mho_hash_max_element_num = 2560000 -mho_expire_time = 300 -mho_eliminate_type = FIFO - -[proxy_tcp_option] -enabled = 1 -maat_table_compile = PXY_TCP_OPTION_COMPILE -maat_table_addr = PXY_TCP_OPTION_ADDR -maat_table_fqdn = PXY_TCP_OPTION_SERVER_FQDN -enable_override = 0 -client_tcp_maxseg_enable = 0 -client_tcp_maxseg = 1460 -client_tcp_nodelay = 1 -client_tcp_ttl = 70 -client_tcp_keepalive_enable = 1 -client_tcp_keepalive_keepcnt = 8 -client_tcp_keepalive_keepidle = 30 -client_tcp_keepalive_keepintvl = 15 -client_tcp_user_timeout = 600 -server_tcp_maxseg_enable = 0 -server_tcp_maxseg = 1460 -server_tcp_nodelay = 1 -server_tcp_ttl = 75 -server_tcp_keepalive_enable = 1 -server_tcp_keepalive_keepcnt = 8 -server_tcp_keepalive_keepidle = 30 -server_tcp_keepalive_keepintvl = 15 -server_tcp_user_timeout = 600 -bypass_duplicated_packet = 0 -tcp_passthrough = 0 - -[share_session_attribute] -SESSION_ATTRIBUTE_LABEL=TSG_MASTER_INTERNAL_LABEL diff --git a/roles/maat-redis/files/maat-redis-exporter.service b/roles/maat-redis/files/maat-redis-exporter.service deleted file mode 100644 index c3d09f9..0000000 --- a/roles/maat-redis/files/maat-redis-exporter.service +++ /dev/null @@ -1,11 +0,0 @@ -[Unit] -Description=Redis Exporter for MAAT-REDIS -After=network.target - -[Service] -ExecStart=/usr/bin/redis_exporter -redis.addr=redis://localhost:7002 -redis-only-metrics -Type=simple - -[Install] -WantedBy=multi-user.target - diff --git a/roles/maat-redis/files/maat-redis.service b/roles/maat-redis/files/maat-redis.service deleted file mode 100644 index 1a04aef..0000000 --- a/roles/maat-redis/files/maat-redis.service +++ /dev/null @@ -1,12 +0,0 @@ -[Unit] -Description=Redis persistent key-value database -After=network.target - -[Service] -ExecStart=/usr/bin/redis-server /etc/maat-redis.conf --supervised systemd -ExecStop=/usr/libexec/redis-shutdown maat-redis -Type=notify - -[Install] -WantedBy=multi-user.target - diff --git a/roles/maat-redis/tasks/main.yml b/roles/maat-redis/tasks/main.yml deleted file mode 100644 index c4a0a5f..0000000 --- a/roles/maat-redis/tasks/main.yml +++ /dev/null @@ -1,31 +0,0 @@ -- name: "copy maat-redis file to dest" - copy: - src: "{{ role_path }}/files/maat-redis.service" - dest: "/usr/lib/systemd/system" - mode: 0644 - -- name: "copy maat-redis exporter file to dest" - copy: - src: "{{ role_path }}/files/maat-redis-exporter.service" - dest: "/usr/lib/systemd/system" - mode: 0644 - -- name: "Template the maat-redis.conf" - template: - src: "{{ role_path }}/templates/maat-redis.conf.j2" - dest: /etc/maat-redis.conf - tags: template - -- name: "start maat-redis" - systemd: - name: maat-redis.service - state: started - daemon_reload: yes - enabled: yes - -- name: "start maat-redis exporter" - systemd: - name: maat-redis-exporter.service - state: started - daemon_reload: yes - enabled: yes diff --git a/roles/maat-redis/templates/maat-redis.conf.j2 b/roles/maat-redis/templates/maat-redis.conf.j2 deleted file mode 100644 index 960ba10..0000000 --- a/roles/maat-redis/templates/maat-redis.conf.j2 +++ /dev/null @@ -1,1317 +0,0 @@ -# Redis configuration file example. -# -# Note that in order to read the configuration file, Redis must be -# started with the file path as first argument: -# -# ./redis-server /path/to/redis.conf - -# Note on units: when memory size is needed, it is possible to specify -# it in the usual form of 1k 5GB 4M and so forth: -# -# 1k => 1000 bytes -# 1kb => 1024 bytes -# 1m => 1000000 bytes -# 1mb => 1024*1024 bytes -# 1g => 1000000000 bytes -# 1gb => 1024*1024*1024 bytes -# -# units are case insensitive so 1GB 1Gb 1gB are all the same. - -################################## INCLUDES ################################### - -# Include one or more other config files here. This is useful if you -# have a standard template that goes to all Redis servers but also need -# to customize a few per-server settings. Include files can include -# other files, so use this wisely. -# -# Notice option "include" won't be rewritten by command "CONFIG REWRITE" -# from admin or Redis Sentinel. Since Redis always uses the last processed -# line as value of a configuration directive, you'd better put includes -# at the beginning of this file to avoid overwriting config change at runtime. -# -# If instead you are interested in using includes to override configuration -# options, it is better to use include as the last line. -# -# include /path/to/local.conf -# include /path/to/other.conf - -################################## MODULES ##################################### - -# Load modules at startup. If the server is not able to load modules -# it will abort. It is possible to use multiple loadmodule directives. -# -# loadmodule /path/to/my_module.so -# loadmodule /path/to/other_module.so - -################################## NETWORK ##################################### - -# By default, if no "bind" configuration directive is specified, Redis listens -# for connections from all the network interfaces available on the server. -# It is possible to listen to just one or multiple selected interfaces using -# the "bind" configuration directive, followed by one or more IP addresses. -# -# Examples: -# -# bind 192.168.1.100 10.0.0.1 -# bind 127.0.0.1 ::1 -# -# ~~~ WARNING ~~~ If the computer running Redis is directly exposed to the -# internet, binding to all the interfaces is dangerous and will expose the -# instance to everybody on the internet. So by default we uncomment the -# following bind directive, that will force Redis to listen only into -# the IPv4 lookback interface address (this means Redis will be able to -# accept connections only from clients running into the same computer it -# is running). -# -# IF YOU ARE SURE YOU WANT YOUR INSTANCE TO LISTEN TO ALL THE INTERFACES -# JUST COMMENT THE FOLLOWING LINE. -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -#bind 127.0.0.1 - -# Protected mode is a layer of security protection, in order to avoid that -# Redis instances left open on the internet are accessed and exploited. -# -# When protected mode is on and if: -# -# 1) The server is not binding explicitly to a set of addresses using the -# "bind" directive. -# 2) No password is configured. -# -# The server only accepts connections from clients connecting from the -# IPv4 and IPv6 loopback addresses 127.0.0.1 and ::1, and from Unix domain -# sockets. -# -# By default protected mode is enabled. You should disable it only if -# you are sure you want clients from other hosts to connect to Redis -# even if no authentication is configured, nor a specific set of interfaces -# are explicitly listed using the "bind" directive. -protected-mode no - -# Accept connections on the specified port, default is 6379 (IANA #815344). -# If port 0 is specified Redis will not listen on a TCP socket. -port {{ maat_redis_city_server.port }} - -# TCP listen() backlog. -# -# In high requests-per-second environments you need an high backlog in order -# to avoid slow clients connections issues. Note that the Linux kernel -# will silently truncate it to the value of /proc/sys/net/core/somaxconn so -# make sure to raise both the value of somaxconn and tcp_max_syn_backlog -# in order to get the desired effect. -tcp-backlog 511 - -# Unix socket. -# -# Specify the path for the Unix socket that will be used to listen for -# incoming connections. There is no default, so Redis will not listen -# on a unix socket when not specified. -# -# unixsocket /tmp/redis.sock -# unixsocketperm 700 - -# Close the connection after a client is idle for N seconds (0 to disable) -timeout 0 - -# TCP keepalive. -# -# If non-zero, use SO_KEEPALIVE to send TCP ACKs to clients in absence -# of communication. This is useful for two reasons: -# -# 1) Detect dead peers. -# 2) Take the connection alive from the point of view of network -# equipment in the middle. -# -# On Linux, the specified value (in seconds) is the period used to send ACKs. -# Note that to close the connection the double of the time is needed. -# On other kernels the period depends on the kernel configuration. -# -# A reasonable value for this option is 300 seconds, which is the new -# Redis default starting with Redis 3.2.1. -tcp-keepalive 300 - -################################# GENERAL ##################################### - -# By default Redis does not run as a daemon. Use 'yes' if you need it. -# Note that Redis will write a pid file in /var/run/redis.pid when daemonized. -daemonize no - -# If you run Redis from upstart or systemd, Redis can interact with your -# supervision tree. Options: -# supervised no - no supervision interaction -# supervised upstart - signal upstart by putting Redis into SIGSTOP mode -# supervised systemd - signal systemd by writing READY=1 to $NOTIFY_SOCKET -# supervised auto - detect upstart or systemd method based on -# UPSTART_JOB or NOTIFY_SOCKET environment variables -# Note: these supervision methods only signal "process is ready." -# They do not enable continuous liveness pings back to your supervisor. -supervised no - -# If a pid file is specified, Redis writes it where specified at startup -# and removes it at exit. -# -# When the server runs non daemonized, no pid file is created if none is -# specified in the configuration. When the server is daemonized, the pid file -# is used even if not specified, defaulting to "/var/run/redis.pid". -# -# Creating a pid file is best effort: if Redis is not able to create it -# nothing bad happens, the server will start and run normally. -pidfile /var/run/redis_{{ maat_redis_city_server.port }}.pid - -# Specify the server verbosity level. -# This can be one of: -# debug (a lot of information, useful for development/testing) -# verbose (many rarely useful info, but not a mess like the debug level) -# notice (moderately verbose, what you want in production probably) -# warning (only very important / critical messages are logged) -loglevel notice - -# Specify the log file name. Also the empty string can be used to force -# Redis to log on the standard output. Note that if you use standard -# output for logging but daemonize, logs will be sent to /dev/null -logfile /var/log/redis/redis.log - -# To enable logging to the system logger, just set 'syslog-enabled' to yes, -# and optionally update the other syslog parameters to suit your needs. -# syslog-enabled no - -# Specify the syslog identity. -# syslog-ident redis - -# Specify the syslog facility. Must be USER or between LOCAL0-LOCAL7. -# syslog-facility local0 - -# Set the number of databases. The default database is DB 0, you can select -# a different one on a per-connection basis using SELECT where -# dbid is a number between 0 and 'databases'-1 -databases 16 - -# By default Redis shows an ASCII art logo only when started to log to the -# standard output and if the standard output is a TTY. Basically this means -# that normally a logo is displayed only in interactive sessions. -# -# However it is possible to force the pre-4.0 behavior and always show a -# ASCII art logo in startup logs by setting the following option to yes. -always-show-logo yes - -################################ SNAPSHOTTING ################################ -# -# Save the DB on disk: -# -# save -# -# Will save the DB if both the given number of seconds and the given -# number of write operations against the DB occurred. -# -# In the example below the behaviour will be to save: -# after 900 sec (15 min) if at least 1 key changed -# after 300 sec (5 min) if at least 10 keys changed -# after 60 sec if at least 10000 keys changed -# -# Note: you can disable saving completely by commenting out all "save" lines. -# -# It is also possible to remove all the previously configured save -# points by adding a save directive with a single empty string argument -# like in the following example: -# -# save "" - -save 900 1 -save 300 10 -save 60 10000 - -# By default Redis will stop accepting writes if RDB snapshots are enabled -# (at least one save point) and the latest background save failed. -# This will make the user aware (in a hard way) that data is not persisting -# on disk properly, otherwise chances are that no one will notice and some -# disaster will happen. -# -# If the background saving process will start working again Redis will -# automatically allow writes again. -# -# However if you have setup your proper monitoring of the Redis server -# and persistence, you may want to disable this feature so that Redis will -# continue to work as usual even if there are problems with disk, -# permissions, and so forth. -stop-writes-on-bgsave-error yes - -# Compress string objects using LZF when dump .rdb databases? -# For default that's set to 'yes' as it's almost always a win. -# If you want to save some CPU in the saving child set it to 'no' but -# the dataset will likely be bigger if you have compressible values or keys. -rdbcompression yes - -# Since version 5 of RDB a CRC64 checksum is placed at the end of the file. -# This makes the format more resistant to corruption but there is a performance -# hit to pay (around 10%) when saving and loading RDB files, so you can disable it -# for maximum performances. -# -# RDB files created with checksum disabled have a checksum of zero that will -# tell the loading code to skip the check. -rdbchecksum yes - -# The filename where to dump the DB -dbfilename dump.rdb - -# The working directory. -# -# The DB will be written inside this directory, with the filename specified -# above using the 'dbfilename' configuration directive. -# -# The Append Only File will also be created inside this directory. -# -# Note that you must specify a directory here, not a file name. -dir /var/lib/redis - -################################# REPLICATION ################################# - -# Master-Slave replication. Use slaveof to make a Redis instance a copy of -# another Redis server. A few things to understand ASAP about Redis replication. -# -# 1) Redis replication is asynchronous, but you can configure a master to -# stop accepting writes if it appears to be not connected with at least -# a given number of slaves. -# 2) Redis slaves are able to perform a partial resynchronization with the -# master if the replication link is lost for a relatively small amount of -# time. You may want to configure the replication backlog size (see the next -# sections of this file) with a sensible value depending on your needs. -# 3) Replication is automatic and does not need user intervention. After a -# network partition slaves automatically try to reconnect to masters -# and resynchronize with them. -# - slaveof {{ maat_redis_city_server.address }} {{ maat_redis_city_server.port }} - -# If the master is password protected (using the "requirepass" configuration -# directive below) it is possible to tell the slave to authenticate before -# starting the replication synchronization process, otherwise the master will -# refuse the slave request. -# -# masterauth - -# When a slave loses its connection with the master, or when the replication -# is still in progress, the slave can act in two different ways: -# -# 1) if slave-serve-stale-data is set to 'yes' (the default) the slave will -# still reply to client requests, possibly with out of date data, or the -# data set may just be empty if this is the first synchronization. -# -# 2) if slave-serve-stale-data is set to 'no' the slave will reply with -# an error "SYNC with master in progress" to all the kind of commands -# but to INFO and SLAVEOF. -# -slave-serve-stale-data yes - -# You can configure a slave instance to accept writes or not. Writing against -# a slave instance may be useful to store some ephemeral data (because data -# written on a slave will be easily deleted after resync with the master) but -# may also cause problems if clients are writing to it because of a -# misconfiguration. -# -# Since Redis 2.6 by default slaves are read-only. -# -# Note: read only slaves are not designed to be exposed to untrusted clients -# on the internet. It's just a protection layer against misuse of the instance. -# Still a read only slave exports by default all the administrative commands -# such as CONFIG, DEBUG, and so forth. To a limited extent you can improve -# security of read only slaves using 'rename-command' to shadow all the -# administrative / dangerous commands. -slave-read-only yes - -# Replication SYNC strategy: disk or socket. -# -# ------------------------------------------------------- -# WARNING: DISKLESS REPLICATION IS EXPERIMENTAL CURRENTLY -# ------------------------------------------------------- -# -# New slaves and reconnecting slaves that are not able to continue the replication -# process just receiving differences, need to do what is called a "full -# synchronization". An RDB file is transmitted from the master to the slaves. -# The transmission can happen in two different ways: -# -# 1) Disk-backed: The Redis master creates a new process that writes the RDB -# file on disk. Later the file is transferred by the parent -# process to the slaves incrementally. -# 2) Diskless: The Redis master creates a new process that directly writes the -# RDB file to slave sockets, without touching the disk at all. -# -# With disk-backed replication, while the RDB file is generated, more slaves -# can be queued and served with the RDB file as soon as the current child producing -# the RDB file finishes its work. With diskless replication instead once -# the transfer starts, new slaves arriving will be queued and a new transfer -# will start when the current one terminates. -# -# When diskless replication is used, the master waits a configurable amount of -# time (in seconds) before starting the transfer in the hope that multiple slaves -# will arrive and the transfer can be parallelized. -# -# With slow disks and fast (large bandwidth) networks, diskless replication -# works better. -repl-diskless-sync no - -# When diskless replication is enabled, it is possible to configure the delay -# the server waits in order to spawn the child that transfers the RDB via socket -# to the slaves. -# -# This is important since once the transfer starts, it is not possible to serve -# new slaves arriving, that will be queued for the next RDB transfer, so the server -# waits a delay in order to let more slaves arrive. -# -# The delay is specified in seconds, and by default is 5 seconds. To disable -# it entirely just set it to 0 seconds and the transfer will start ASAP. -repl-diskless-sync-delay 5 - -# Slaves send PINGs to server in a predefined interval. It's possible to change -# this interval with the repl_ping_slave_period option. The default value is 10 -# seconds. -# -# repl-ping-slave-period 10 - -# The following option sets the replication timeout for: -# -# 1) Bulk transfer I/O during SYNC, from the point of view of slave. -# 2) Master timeout from the point of view of slaves (data, pings). -# 3) Slave timeout from the point of view of masters (REPLCONF ACK pings). -# -# It is important to make sure that this value is greater than the value -# specified for repl-ping-slave-period otherwise a timeout will be detected -# every time there is low traffic between the master and the slave. -# -# repl-timeout 60 - -# Disable TCP_NODELAY on the slave socket after SYNC? -# -# If you select "yes" Redis will use a smaller number of TCP packets and -# less bandwidth to send data to slaves. But this can add a delay for -# the data to appear on the slave side, up to 40 milliseconds with -# Linux kernels using a default configuration. -# -# If you select "no" the delay for data to appear on the slave side will -# be reduced but more bandwidth will be used for replication. -# -# By default we optimize for low latency, but in very high traffic conditions -# or when the master and slaves are many hops away, turning this to "yes" may -# be a good idea. -repl-disable-tcp-nodelay no - -# Set the replication backlog size. The backlog is a buffer that accumulates -# slave data when slaves are disconnected for some time, so that when a slave -# wants to reconnect again, often a full resync is not needed, but a partial -# resync is enough, just passing the portion of data the slave missed while -# disconnected. -# -# The bigger the replication backlog, the longer the time the slave can be -# disconnected and later be able to perform a partial resynchronization. -# -# The backlog is only allocated once there is at least a slave connected. -# -# repl-backlog-size 1mb - -# After a master has no longer connected slaves for some time, the backlog -# will be freed. The following option configures the amount of seconds that -# need to elapse, starting from the time the last slave disconnected, for -# the backlog buffer to be freed. -# -# Note that slaves never free the backlog for timeout, since they may be -# promoted to masters later, and should be able to correctly "partially -# resynchronize" with the slaves: hence they should always accumulate backlog. -# -# A value of 0 means to never release the backlog. -# -# repl-backlog-ttl 3600 - -# The slave priority is an integer number published by Redis in the INFO output. -# It is used by Redis Sentinel in order to select a slave to promote into a -# master if the master is no longer working correctly. -# -# A slave with a low priority number is considered better for promotion, so -# for instance if there are three slaves with priority 10, 100, 25 Sentinel will -# pick the one with priority 10, that is the lowest. -# -# However a special priority of 0 marks the slave as not able to perform the -# role of master, so a slave with priority of 0 will never be selected by -# Redis Sentinel for promotion. -# -# By default the priority is 100. -slave-priority 100 - -# It is possible for a master to stop accepting writes if there are less than -# N slaves connected, having a lag less or equal than M seconds. -# -# The N slaves need to be in "online" state. -# -# The lag in seconds, that must be <= the specified value, is calculated from -# the last ping received from the slave, that is usually sent every second. -# -# This option does not GUARANTEE that N replicas will accept the write, but -# will limit the window of exposure for lost writes in case not enough slaves -# are available, to the specified number of seconds. -# -# For example to require at least 3 slaves with a lag <= 10 seconds use: -# -# min-slaves-to-write 3 -# min-slaves-max-lag 10 -# -# Setting one or the other to 0 disables the feature. -# -# By default min-slaves-to-write is set to 0 (feature disabled) and -# min-slaves-max-lag is set to 10. - -# A Redis master is able to list the address and port of the attached -# slaves in different ways. For example the "INFO replication" section -# offers this information, which is used, among other tools, by -# Redis Sentinel in order to discover slave instances. -# Another place where this info is available is in the output of the -# "ROLE" command of a master. -# -# The listed IP and address normally reported by a slave is obtained -# in the following way: -# -# IP: The address is auto detected by checking the peer address -# of the socket used by the slave to connect with the master. -# -# Port: The port is communicated by the slave during the replication -# handshake, and is normally the port that the slave is using to -# list for connections. -# -# However when port forwarding or Network Address Translation (NAT) is -# used, the slave may be actually reachable via different IP and port -# pairs. The following two options can be used by a slave in order to -# report to its master a specific set of IP and port, so that both INFO -# and ROLE will report those values. -# -# There is no need to use both the options if you need to override just -# the port or the IP address. -# -# slave-announce-ip 5.5.5.5 -# slave-announce-port 1234 - -################################## SECURITY ################################### - -# Require clients to issue AUTH before processing any other -# commands. This might be useful in environments in which you do not trust -# others with access to the host running redis-server. -# -# This should stay commented out for backward compatibility and because most -# people do not need auth (e.g. they run their own servers). -# -# Warning: since Redis is pretty fast an outside user can try up to -# 150k passwords per second against a good box. This means that you should -# use a very strong password otherwise it will be very easy to break. -# -# requirepass foobared - -# Command renaming. -# -# It is possible to change the name of dangerous commands in a shared -# environment. For instance the CONFIG command may be renamed into something -# hard to guess so that it will still be available for internal-use tools -# but not available for general clients. -# -# Example: -# -# rename-command CONFIG b840fc02d524045429941cc15f59e41cb7be6c52 -# -# It is also possible to completely kill a command by renaming it into -# an empty string: -# -# rename-command CONFIG "" -# -# Please note that changing the name of commands that are logged into the -# AOF file or transmitted to slaves may cause problems. - -################################### CLIENTS #################################### - -# Set the max number of connected clients at the same time. By default -# this limit is set to 10000 clients, however if the Redis server is not -# able to configure the process file limit to allow for the specified limit -# the max number of allowed clients is set to the current file limit -# minus 32 (as Redis reserves a few file descriptors for internal uses). -# -# Once the limit is reached Redis will close all the new connections sending -# an error 'max number of clients reached'. -# -# maxclients 10000 - -############################## MEMORY MANAGEMENT ################################ - -# Set a memory usage limit to the specified amount of bytes. -# When the memory limit is reached Redis will try to remove keys -# according to the eviction policy selected (see maxmemory-policy). -# -# If Redis can't remove keys according to the policy, or if the policy is -# set to 'noeviction', Redis will start to reply with errors to commands -# that would use more memory, like SET, LPUSH, and so on, and will continue -# to reply to read-only commands like GET. -# -# This option is usually useful when using Redis as an LRU or LFU cache, or to -# set a hard memory limit for an instance (using the 'noeviction' policy). -# -# WARNING: If you have slaves attached to an instance with maxmemory on, -# the size of the output buffers needed to feed the slaves are subtracted -# from the used memory count, so that network problems / resyncs will -# not trigger a loop where keys are evicted, and in turn the output -# buffer of slaves is full with DELs of keys evicted triggering the deletion -# of more keys, and so forth until the database is completely emptied. -# -# In short... if you have slaves attached it is suggested that you set a lower -# limit for maxmemory so that there is some free RAM on the system for slave -# output buffers (but this is not needed if the policy is 'noeviction'). -# -# maxmemory - -# MAXMEMORY POLICY: how Redis will select what to remove when maxmemory -# is reached. You can select among five behaviors: -# -# volatile-lru -> Evict using approximated LRU among the keys with an expire set. -# allkeys-lru -> Evict any key using approximated LRU. -# volatile-lfu -> Evict using approximated LFU among the keys with an expire set. -# allkeys-lfu -> Evict any key using approximated LFU. -# volatile-random -> Remove a random key among the ones with an expire set. -# allkeys-random -> Remove a random key, any key. -# volatile-ttl -> Remove the key with the nearest expire time (minor TTL) -# noeviction -> Don't evict anything, just return an error on write operations. -# -# LRU means Least Recently Used -# LFU means Least Frequently Used -# -# Both LRU, LFU and volatile-ttl are implemented using approximated -# randomized algorithms. -# -# Note: with any of the above policies, Redis will return an error on write -# operations, when there are no suitable keys for eviction. -# -# At the date of writing these commands are: set setnx setex append -# incr decr rpush lpush rpushx lpushx linsert lset rpoplpush sadd -# sinter sinterstore sunion sunionstore sdiff sdiffstore zadd zincrby -# zunionstore zinterstore hset hsetnx hmset hincrby incrby decrby -# getset mset msetnx exec sort -# -# The default is: -# -# maxmemory-policy noeviction - -# LRU, LFU and minimal TTL algorithms are not precise algorithms but approximated -# algorithms (in order to save memory), so you can tune it for speed or -# accuracy. For default Redis will check five keys and pick the one that was -# used less recently, you can change the sample size using the following -# configuration directive. -# -# The default of 5 produces good enough results. 10 Approximates very closely -# true LRU but costs more CPU. 3 is faster but not very accurate. -# -# maxmemory-samples 5 - -############################# LAZY FREEING #################################### - -# Redis has two primitives to delete keys. One is called DEL and is a blocking -# deletion of the object. It means that the server stops processing new commands -# in order to reclaim all the memory associated with an object in a synchronous -# way. If the key deleted is associated with a small object, the time needed -# in order to execute the DEL command is very small and comparable to most other -# O(1) or O(log_N) commands in Redis. However if the key is associated with an -# aggregated value containing millions of elements, the server can block for -# a long time (even seconds) in order to complete the operation. -# -# For the above reasons Redis also offers non blocking deletion primitives -# such as UNLINK (non blocking DEL) and the ASYNC option of FLUSHALL and -# FLUSHDB commands, in order to reclaim memory in background. Those commands -# are executed in constant time. Another thread will incrementally free the -# object in the background as fast as possible. -# -# DEL, UNLINK and ASYNC option of FLUSHALL and FLUSHDB are user-controlled. -# It's up to the design of the application to understand when it is a good -# idea to use one or the other. However the Redis server sometimes has to -# delete keys or flush the whole database as a side effect of other operations. -# Specifically Redis deletes objects independently of a user call in the -# following scenarios: -# -# 1) On eviction, because of the maxmemory and maxmemory policy configurations, -# in order to make room for new data, without going over the specified -# memory limit. -# 2) Because of expire: when a key with an associated time to live (see the -# EXPIRE command) must be deleted from memory. -# 3) Because of a side effect of a command that stores data on a key that may -# already exist. For example the RENAME command may delete the old key -# content when it is replaced with another one. Similarly SUNIONSTORE -# or SORT with STORE option may delete existing keys. The SET command -# itself removes any old content of the specified key in order to replace -# it with the specified string. -# 4) During replication, when a slave performs a full resynchronization with -# its master, the content of the whole database is removed in order to -# load the RDB file just transfered. -# -# In all the above cases the default is to delete objects in a blocking way, -# like if DEL was called. However you can configure each case specifically -# in order to instead release memory in a non-blocking way like if UNLINK -# was called, using the following configuration directives: - -lazyfree-lazy-eviction no -lazyfree-lazy-expire no -lazyfree-lazy-server-del no -slave-lazy-flush no - -############################## APPEND ONLY MODE ############################### - -# By default Redis asynchronously dumps the dataset on disk. This mode is -# good enough in many applications, but an issue with the Redis process or -# a power outage may result into a few minutes of writes lost (depending on -# the configured save points). -# -# The Append Only File is an alternative persistence mode that provides -# much better durability. For instance using the default data fsync policy -# (see later in the config file) Redis can lose just one second of writes in a -# dramatic event like a server power outage, or a single write if something -# wrong with the Redis process itself happens, but the operating system is -# still running correctly. -# -# AOF and RDB persistence can be enabled at the same time without problems. -# If the AOF is enabled on startup Redis will load the AOF, that is the file -# with the better durability guarantees. -# -# Please check http://redis.io/topics/persistence for more information. - -appendonly no - -# The name of the append only file (default: "appendonly.aof") - -appendfilename "appendonly.aof" - -# The fsync() call tells the Operating System to actually write data on disk -# instead of waiting for more data in the output buffer. Some OS will really flush -# data on disk, some other OS will just try to do it ASAP. -# -# Redis supports three different modes: -# -# no: don't fsync, just let the OS flush the data when it wants. Faster. -# always: fsync after every write to the append only log. Slow, Safest. -# everysec: fsync only one time every second. Compromise. -# -# The default is "everysec", as that's usually the right compromise between -# speed and data safety. It's up to you to understand if you can relax this to -# "no" that will let the operating system flush the output buffer when -# it wants, for better performances (but if you can live with the idea of -# some data loss consider the default persistence mode that's snapshotting), -# or on the contrary, use "always" that's very slow but a bit safer than -# everysec. -# -# More details please check the following article: -# http://antirez.com/post/redis-persistence-demystified.html -# -# If unsure, use "everysec". - -# appendfsync always -appendfsync everysec -# appendfsync no - -# When the AOF fsync policy is set to always or everysec, and a background -# saving process (a background save or AOF log background rewriting) is -# performing a lot of I/O against the disk, in some Linux configurations -# Redis may block too long on the fsync() call. Note that there is no fix for -# this currently, as even performing fsync in a different thread will block -# our synchronous write(2) call. -# -# In order to mitigate this problem it's possible to use the following option -# that will prevent fsync() from being called in the main process while a -# BGSAVE or BGREWRITEAOF is in progress. -# -# This means that while another child is saving, the durability of Redis is -# the same as "appendfsync none". In practical terms, this means that it is -# possible to lose up to 30 seconds of log in the worst scenario (with the -# default Linux settings). -# -# If you have latency problems turn this to "yes". Otherwise leave it as -# "no" that is the safest pick from the point of view of durability. - -no-appendfsync-on-rewrite no - -# Automatic rewrite of the append only file. -# Redis is able to automatically rewrite the log file implicitly calling -# BGREWRITEAOF when the AOF log size grows by the specified percentage. -# -# This is how it works: Redis remembers the size of the AOF file after the -# latest rewrite (if no rewrite has happened since the restart, the size of -# the AOF at startup is used). -# -# This base size is compared to the current size. If the current size is -# bigger than the specified percentage, the rewrite is triggered. Also -# you need to specify a minimal size for the AOF file to be rewritten, this -# is useful to avoid rewriting the AOF file even if the percentage increase -# is reached but it is still pretty small. -# -# Specify a percentage of zero in order to disable the automatic AOF -# rewrite feature. - -auto-aof-rewrite-percentage 100 -auto-aof-rewrite-min-size 64mb - -# An AOF file may be found to be truncated at the end during the Redis -# startup process, when the AOF data gets loaded back into memory. -# This may happen when the system where Redis is running -# crashes, especially when an ext4 filesystem is mounted without the -# data=ordered option (however this can't happen when Redis itself -# crashes or aborts but the operating system still works correctly). -# -# Redis can either exit with an error when this happens, or load as much -# data as possible (the default now) and start if the AOF file is found -# to be truncated at the end. The following option controls this behavior. -# -# If aof-load-truncated is set to yes, a truncated AOF file is loaded and -# the Redis server starts emitting a log to inform the user of the event. -# Otherwise if the option is set to no, the server aborts with an error -# and refuses to start. When the option is set to no, the user requires -# to fix the AOF file using the "redis-check-aof" utility before to restart -# the server. -# -# Note that if the AOF file will be found to be corrupted in the middle -# the server will still exit with an error. This option only applies when -# Redis will try to read more data from the AOF file but not enough bytes -# will be found. -aof-load-truncated yes - -# When rewriting the AOF file, Redis is able to use an RDB preamble in the -# AOF file for faster rewrites and recoveries. When this option is turned -# on the rewritten AOF file is composed of two different stanzas: -# -# [RDB file][AOF tail] -# -# When loading Redis recognizes that the AOF file starts with the "REDIS" -# string and loads the prefixed RDB file, and continues loading the AOF -# tail. -# -# This is currently turned off by default in order to avoid the surprise -# of a format change, but will at some point be used as the default. -aof-use-rdb-preamble no - -################################ LUA SCRIPTING ############################### - -# Max execution time of a Lua script in milliseconds. -# -# If the maximum execution time is reached Redis will log that a script is -# still in execution after the maximum allowed time and will start to -# reply to queries with an error. -# -# When a long running script exceeds the maximum execution time only the -# SCRIPT KILL and SHUTDOWN NOSAVE commands are available. The first can be -# used to stop a script that did not yet called write commands. The second -# is the only way to shut down the server in the case a write command was -# already issued by the script but the user doesn't want to wait for the natural -# termination of the script. -# -# Set it to 0 or a negative value for unlimited execution without warnings. -lua-time-limit 5000 - -################################ REDIS CLUSTER ############################### -# -# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# WARNING EXPERIMENTAL: Redis Cluster is considered to be stable code, however -# in order to mark it as "mature" we need to wait for a non trivial percentage -# of users to deploy it in production. -# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# -# Normal Redis instances can't be part of a Redis Cluster; only nodes that are -# started as cluster nodes can. In order to start a Redis instance as a -# cluster node enable the cluster support uncommenting the following: -# -# cluster-enabled yes - -# Every cluster node has a cluster configuration file. This file is not -# intended to be edited by hand. It is created and updated by Redis nodes. -# Every Redis Cluster node requires a different cluster configuration file. -# Make sure that instances running in the same system do not have -# overlapping cluster configuration file names. -# -# cluster-config-file nodes-6379.conf - -# Cluster node timeout is the amount of milliseconds a node must be unreachable -# for it to be considered in failure state. -# Most other internal time limits are multiple of the node timeout. -# -# cluster-node-timeout 15000 - -# A slave of a failing master will avoid to start a failover if its data -# looks too old. -# -# There is no simple way for a slave to actually have an exact measure of -# its "data age", so the following two checks are performed: -# -# 1) If there are multiple slaves able to failover, they exchange messages -# in order to try to give an advantage to the slave with the best -# replication offset (more data from the master processed). -# Slaves will try to get their rank by offset, and apply to the start -# of the failover a delay proportional to their rank. -# -# 2) Every single slave computes the time of the last interaction with -# its master. This can be the last ping or command received (if the master -# is still in the "connected" state), or the time that elapsed since the -# disconnection with the master (if the replication link is currently down). -# If the last interaction is too old, the slave will not try to failover -# at all. -# -# The point "2" can be tuned by user. Specifically a slave will not perform -# the failover if, since the last interaction with the master, the time -# elapsed is greater than: -# -# (node-timeout * slave-validity-factor) + repl-ping-slave-period -# -# So for example if node-timeout is 30 seconds, and the slave-validity-factor -# is 10, and assuming a default repl-ping-slave-period of 10 seconds, the -# slave will not try to failover if it was not able to talk with the master -# for longer than 310 seconds. -# -# A large slave-validity-factor may allow slaves with too old data to failover -# a master, while a too small value may prevent the cluster from being able to -# elect a slave at all. -# -# For maximum availability, it is possible to set the slave-validity-factor -# to a value of 0, which means, that slaves will always try to failover the -# master regardless of the last time they interacted with the master. -# (However they'll always try to apply a delay proportional to their -# offset rank). -# -# Zero is the only value able to guarantee that when all the partitions heal -# the cluster will always be able to continue. -# -# cluster-slave-validity-factor 10 - -# Cluster slaves are able to migrate to orphaned masters, that are masters -# that are left without working slaves. This improves the cluster ability -# to resist to failures as otherwise an orphaned master can't be failed over -# in case of failure if it has no working slaves. -# -# Slaves migrate to orphaned masters only if there are still at least a -# given number of other working slaves for their old master. This number -# is the "migration barrier". A migration barrier of 1 means that a slave -# will migrate only if there is at least 1 other working slave for its master -# and so forth. It usually reflects the number of slaves you want for every -# master in your cluster. -# -# Default is 1 (slaves migrate only if their masters remain with at least -# one slave). To disable migration just set it to a very large value. -# A value of 0 can be set but is useful only for debugging and dangerous -# in production. -# -# cluster-migration-barrier 1 - -# By default Redis Cluster nodes stop accepting queries if they detect there -# is at least an hash slot uncovered (no available node is serving it). -# This way if the cluster is partially down (for example a range of hash slots -# are no longer covered) all the cluster becomes, eventually, unavailable. -# It automatically returns available as soon as all the slots are covered again. -# -# However sometimes you want the subset of the cluster which is working, -# to continue to accept queries for the part of the key space that is still -# covered. In order to do so, just set the cluster-require-full-coverage -# option to no. -# -# cluster-require-full-coverage yes - -# This option, when set to yes, prevents slaves from trying to failover its -# master during master failures. However the master can still perform a -# manual failover, if forced to do so. -# -# This is useful in different scenarios, especially in the case of multiple -# data center operations, where we want one side to never be promoted if not -# in the case of a total DC failure. -# -# cluster-slave-no-failover no - -# In order to setup your cluster make sure to read the documentation -# available at http://redis.io web site. - -########################## CLUSTER DOCKER/NAT support ######################## - -# In certain deployments, Redis Cluster nodes address discovery fails, because -# addresses are NAT-ted or because ports are forwarded (the typical case is -# Docker and other containers). -# -# In order to make Redis Cluster working in such environments, a static -# configuration where each node knows its public address is needed. The -# following two options are used for this scope, and are: -# -# * cluster-announce-ip -# * cluster-announce-port -# * cluster-announce-bus-port -# -# Each instruct the node about its address, client port, and cluster message -# bus port. The information is then published in the header of the bus packets -# so that other nodes will be able to correctly map the address of the node -# publishing the information. -# -# If the above options are not used, the normal Redis Cluster auto-detection -# will be used instead. -# -# Note that when remapped, the bus port may not be at the fixed offset of -# clients port + 10000, so you can specify any port and bus-port depending -# on how they get remapped. If the bus-port is not set, a fixed offset of -# 10000 will be used as usually. -# -# Example: -# -# cluster-announce-ip 10.1.1.5 -# cluster-announce-port 6379 -# cluster-announce-bus-port 6380 - -################################## SLOW LOG ################################### - -# The Redis Slow Log is a system to log queries that exceeded a specified -# execution time. The execution time does not include the I/O operations -# like talking with the client, sending the reply and so forth, -# but just the time needed to actually execute the command (this is the only -# stage of command execution where the thread is blocked and can not serve -# other requests in the meantime). -# -# You can configure the slow log with two parameters: one tells Redis -# what is the execution time, in microseconds, to exceed in order for the -# command to get logged, and the other parameter is the length of the -# slow log. When a new command is logged the oldest one is removed from the -# queue of logged commands. - -# The following time is expressed in microseconds, so 1000000 is equivalent -# to one second. Note that a negative number disables the slow log, while -# a value of zero forces the logging of every command. -slowlog-log-slower-than 10000 - -# There is no limit to this length. Just be aware that it will consume memory. -# You can reclaim memory used by the slow log with SLOWLOG RESET. -slowlog-max-len 128 - -################################ LATENCY MONITOR ############################## - -# The Redis latency monitoring subsystem samples different operations -# at runtime in order to collect data related to possible sources of -# latency of a Redis instance. -# -# Via the LATENCY command this information is available to the user that can -# print graphs and obtain reports. -# -# The system only logs operations that were performed in a time equal or -# greater than the amount of milliseconds specified via the -# latency-monitor-threshold configuration directive. When its value is set -# to zero, the latency monitor is turned off. -# -# By default latency monitoring is disabled since it is mostly not needed -# if you don't have latency issues, and collecting data has a performance -# impact, that while very small, can be measured under big load. Latency -# monitoring can easily be enabled at runtime using the command -# "CONFIG SET latency-monitor-threshold " if needed. -latency-monitor-threshold 0 - -############################# EVENT NOTIFICATION ############################## - -# Redis can notify Pub/Sub clients about events happening in the key space. -# This feature is documented at http://redis.io/topics/notifications -# -# For instance if keyspace events notification is enabled, and a client -# performs a DEL operation on key "foo" stored in the Database 0, two -# messages will be published via Pub/Sub: -# -# PUBLISH __keyspace@0__:foo del -# PUBLISH __keyevent@0__:del foo -# -# It is possible to select the events that Redis will notify among a set -# of classes. Every class is identified by a single character: -# -# K Keyspace events, published with __keyspace@__ prefix. -# E Keyevent events, published with __keyevent@__ prefix. -# g Generic commands (non-type specific) like DEL, EXPIRE, RENAME, ... -# $ String commands -# l List commands -# s Set commands -# h Hash commands -# z Sorted set commands -# x Expired events (events generated every time a key expires) -# e Evicted events (events generated when a key is evicted for maxmemory) -# A Alias for g$lshzxe, so that the "AKE" string means all the events. -# -# The "notify-keyspace-events" takes as argument a string that is composed -# of zero or multiple characters. The empty string means that notifications -# are disabled. -# -# Example: to enable list and generic events, from the point of view of the -# event name, use: -# -# notify-keyspace-events Elg -# -# Example 2: to get the stream of the expired keys subscribing to channel -# name __keyevent@0__:expired use: -# -# notify-keyspace-events Ex -# -# By default all notifications are disabled because most users don't need -# this feature and the feature has some overhead. Note that if you don't -# specify at least one of K or E, no events will be delivered. -notify-keyspace-events "" - -############################### ADVANCED CONFIG ############################### - -# Hashes are encoded using a memory efficient data structure when they have a -# small number of entries, and the biggest entry does not exceed a given -# threshold. These thresholds can be configured using the following directives. -hash-max-ziplist-entries 512 -hash-max-ziplist-value 64 - -# Lists are also encoded in a special way to save a lot of space. -# The number of entries allowed per internal list node can be specified -# as a fixed maximum size or a maximum number of elements. -# For a fixed maximum size, use -5 through -1, meaning: -# -5: max size: 64 Kb <-- not recommended for normal workloads -# -4: max size: 32 Kb <-- not recommended -# -3: max size: 16 Kb <-- probably not recommended -# -2: max size: 8 Kb <-- good -# -1: max size: 4 Kb <-- good -# Positive numbers mean store up to _exactly_ that number of elements -# per list node. -# The highest performing option is usually -2 (8 Kb size) or -1 (4 Kb size), -# but if your use case is unique, adjust the settings as necessary. -list-max-ziplist-size -2 - -# Lists may also be compressed. -# Compress depth is the number of quicklist ziplist nodes from *each* side of -# the list to *exclude* from compression. The head and tail of the list -# are always uncompressed for fast push/pop operations. Settings are: -# 0: disable all list compression -# 1: depth 1 means "don't start compressing until after 1 node into the list, -# going from either the head or tail" -# So: [head]->node->node->...->node->[tail] -# [head], [tail] will always be uncompressed; inner nodes will compress. -# 2: [head]->[next]->node->node->...->node->[prev]->[tail] -# 2 here means: don't compress head or head->next or tail->prev or tail, -# but compress all nodes between them. -# 3: [head]->[next]->[next]->node->node->...->node->[prev]->[prev]->[tail] -# etc. -list-compress-depth 0 - -# Sets have a special encoding in just one case: when a set is composed -# of just strings that happen to be integers in radix 10 in the range -# of 64 bit signed integers. -# The following configuration setting sets the limit in the size of the -# set in order to use this special memory saving encoding. -set-max-intset-entries 512 - -# Similarly to hashes and lists, sorted sets are also specially encoded in -# order to save a lot of space. This encoding is only used when the length and -# elements of a sorted set are below the following limits: -zset-max-ziplist-entries 128 -zset-max-ziplist-value 64 - -# HyperLogLog sparse representation bytes limit. The limit includes the -# 16 bytes header. When an HyperLogLog using the sparse representation crosses -# this limit, it is converted into the dense representation. -# -# A value greater than 16000 is totally useless, since at that point the -# dense representation is more memory efficient. -# -# The suggested value is ~ 3000 in order to have the benefits of -# the space efficient encoding without slowing down too much PFADD, -# which is O(N) with the sparse encoding. The value can be raised to -# ~ 10000 when CPU is not a concern, but space is, and the data set is -# composed of many HyperLogLogs with cardinality in the 0 - 15000 range. -hll-sparse-max-bytes 3000 - -# Active rehashing uses 1 millisecond every 100 milliseconds of CPU time in -# order to help rehashing the main Redis hash table (the one mapping top-level -# keys to values). The hash table implementation Redis uses (see dict.c) -# performs a lazy rehashing: the more operation you run into a hash table -# that is rehashing, the more rehashing "steps" are performed, so if the -# server is idle the rehashing is never complete and some more memory is used -# by the hash table. -# -# The default is to use this millisecond 10 times every second in order to -# actively rehash the main dictionaries, freeing memory when possible. -# -# If unsure: -# use "activerehashing no" if you have hard latency requirements and it is -# not a good thing in your environment that Redis can reply from time to time -# to queries with 2 milliseconds delay. -# -# use "activerehashing yes" if you don't have such hard requirements but -# want to free memory asap when possible. -activerehashing yes - -# The client output buffer limits can be used to force disconnection of clients -# that are not reading data from the server fast enough for some reason (a -# common reason is that a Pub/Sub client can't consume messages as fast as the -# publisher can produce them). -# -# The limit can be set differently for the three different classes of clients: -# -# normal -> normal clients including MONITOR clients -# slave -> slave clients -# pubsub -> clients subscribed to at least one pubsub channel or pattern -# -# The syntax of every client-output-buffer-limit directive is the following: -# -# client-output-buffer-limit -# -# A client is immediately disconnected once the hard limit is reached, or if -# the soft limit is reached and remains reached for the specified number of -# seconds (continuously). -# So for instance if the hard limit is 32 megabytes and the soft limit is -# 16 megabytes / 10 seconds, the client will get disconnected immediately -# if the size of the output buffers reach 32 megabytes, but will also get -# disconnected if the client reaches 16 megabytes and continuously overcomes -# the limit for 10 seconds. -# -# By default normal clients are not limited because they don't receive data -# without asking (in a push way), but just after a request, so only -# asynchronous clients may create a scenario where data is requested faster -# than it can read. -# -# Instead there is a default limit for pubsub and slave clients, since -# subscribers and slaves receive data in a push fashion. -# -# Both the hard or the soft limit can be disabled by setting them to zero. -client-output-buffer-limit normal 0 0 0 -client-output-buffer-limit slave 256mb 64mb 60 -client-output-buffer-limit pubsub 32mb 8mb 60 - -# Client query buffers accumulate new commands. They are limited to a fixed -# amount by default in order to avoid that a protocol desynchronization (for -# instance due to a bug in the client) will lead to unbound memory usage in -# the query buffer. However you can configure it here if you have very special -# needs, such us huge multi/exec requests or alike. -# -# client-query-buffer-limit 1gb - -# In the Redis protocol, bulk requests, that are, elements representing single -# strings, are normally limited ot 512 mb. However you can change this limit -# here. -# -# proto-max-bulk-len 512mb - -# Redis calls an internal function to perform many background tasks, like -# closing connections of clients in timeout, purging expired keys that are -# never requested, and so forth. -# -# Not all tasks are performed with the same frequency, but Redis checks for -# tasks to perform according to the specified "hz" value. -# -# By default "hz" is set to 10. Raising the value will use more CPU when -# Redis is idle, but at the same time will make Redis more responsive when -# there are many keys expiring at the same time, and timeouts may be -# handled with more precision. -# -# The range is between 1 and 500, however a value over 100 is usually not -# a good idea. Most users should use the default of 10 and raise this up to -# 100 only in environments where very low latency is required. -hz 10 - -# When a child rewrites the AOF file, if the following option is enabled -# the file will be fsync-ed every 32 MB of data generated. This is useful -# in order to commit the file to the disk more incrementally and avoid -# big latency spikes. -aof-rewrite-incremental-fsync yes - -# Redis LFU eviction (see maxmemory setting) can be tuned. However it is a good -# idea to start with the default settings and only change them after investigating -# how to improve the performances and how the keys LFU change over time, which -# is possible to inspect via the OBJECT FREQ command. -# -# There are two tunable parameters in the Redis LFU implementation: the -# counter logarithm factor and the counter decay time. It is important to -# understand what the two parameters mean before changing them. -# -# The LFU counter is just 8 bits per key, it's maximum value is 255, so Redis -# uses a probabilistic increment with logarithmic behavior. Given the value -# of the old counter, when a key is accessed, the counter is incremented in -# this way: -# -# 1. A random number R between 0 and 1 is extracted. -# 2. A probability P is calculated as 1/(old_value*lfu_log_factor+1). -# 3. The counter is incremented only if R < P. -# -# The default lfu-log-factor is 10. This is a table of how the frequency -# counter changes with a different number of accesses with different -# logarithmic factors: -# -# +--------+------------+------------+------------+------------+------------+ -# | factor | 100 hits | 1000 hits | 100K hits | 1M hits | 10M hits | -# +--------+------------+------------+------------+------------+------------+ -# | 0 | 104 | 255 | 255 | 255 | 255 | -# +--------+------------+------------+------------+------------+------------+ -# | 1 | 18 | 49 | 255 | 255 | 255 | -# +--------+------------+------------+------------+------------+------------+ -# | 10 | 10 | 18 | 142 | 255 | 255 | -# +--------+------------+------------+------------+------------+------------+ -# | 100 | 8 | 11 | 49 | 143 | 255 | -# +--------+------------+------------+------------+------------+------------+ -# -# NOTE: The above table was obtained by running the following commands: -# -# redis-benchmark -n 1000000 incr foo -# redis-cli object freq foo -# -# NOTE 2: The counter initial value is 5 in order to give new objects a chance -# to accumulate hits. -# -# The counter decay time is the time, in minutes, that must elapse in order -# for the key counter to be divided by two (or decremented if it has a value -# less <= 10). -# -# The default value for the lfu-decay-time is 1. A Special value of 0 means to -# decay the counter every time it happens to be scanned. -# -# lfu-log-factor 10 -# lfu-decay-time 1 - -########################### ACTIVE DEFRAGMENTATION ####################### -# -# WARNING THIS FEATURE IS EXPERIMENTAL. However it was stress tested -# even in production and manually tested by multiple engineers for some -# time. -# -# What is active defragmentation? -# ------------------------------- -# -# Active (online) defragmentation allows a Redis server to compact the -# spaces left between small allocations and deallocations of data in memory, -# thus allowing to reclaim back memory. -# -# Fragmentation is a natural process that happens with every allocator (but -# less so with Jemalloc, fortunately) and certain workloads. Normally a server -# restart is needed in order to lower the fragmentation, or at least to flush -# away all the data and create it again. However thanks to this feature -# implemented by Oran Agra for Redis 4.0 this process can happen at runtime -# in an "hot" way, while the server is running. -# -# Basically when the fragmentation is over a certain level (see the -# configuration options below) Redis will start to create new copies of the -# values in contiguous memory regions by exploiting certain specific Jemalloc -# features (in order to understand if an allocation is causing fragmentation -# and to allocate it in a better place), and at the same time, will release the -# old copies of the data. This process, repeated incrementally for all the keys -# will cause the fragmentation to drop back to normal values. -# -# Important things to understand: -# -# 1. This feature is disabled by default, and only works if you compiled Redis -# to use the copy of Jemalloc we ship with the source code of Redis. -# This is the default with Linux builds. -# -# 2. You never need to enable this feature if you don't have fragmentation -# issues. -# -# 3. Once you experience fragmentation, you can enable this feature when -# needed with the command "CONFIG SET activedefrag yes". -# -# The configuration parameters are able to fine tune the behavior of the -# defragmentation process. If you are not sure about what they mean it is -# a good idea to leave the defaults untouched. - -# Enabled active defragmentation -# activedefrag yes - -# Minimum amount of fragmentation waste to start active defrag -# active-defrag-ignore-bytes 100mb - -# Minimum percentage of fragmentation to start active defrag -# active-defrag-threshold-lower 10 - -# Maximum percentage of fragmentation at which we use maximum effort -# active-defrag-threshold-upper 100 - -# Minimal effort for defrag in CPU percentage -# active-defrag-cycle-min 25 - -# Maximal effort for defrag in CPU percentage -# active-defrag-cycle-max 75 - diff --git a/roles/mrzcpd/files/mrzcpd-4.3.30.4627eb7-1.el7.x86_64.rpm b/roles/mrzcpd/files/mrzcpd-4.4.5.cebe25a-1.el7.x86_64.rpm similarity index 63% rename from roles/mrzcpd/files/mrzcpd-4.3.30.4627eb7-1.el7.x86_64.rpm rename to roles/mrzcpd/files/mrzcpd-4.4.5.cebe25a-1.el7.x86_64.rpm index 9d2dd37..8edb17f 100644 Binary files a/roles/mrzcpd/files/mrzcpd-4.3.30.4627eb7-1.el7.x86_64.rpm and b/roles/mrzcpd/files/mrzcpd-4.4.5.cebe25a-1.el7.x86_64.rpm differ diff --git a/roles/mrzcpd/tasks/main.yml b/roles/mrzcpd/tasks/main.yml index 4110839..a131cdf 100644 --- a/roles/mrzcpd/tasks/main.yml +++ b/roles/mrzcpd/tasks/main.yml @@ -6,7 +6,7 @@ - name: "install mrzcpd" yum: - name: /tmp/ansible_deploy/mrzcpd-4.3.30.4627eb7-1.el7.x86_64.rpm + name: /tmp/ansible_deploy/mrzcpd-4.4.5.cebe25a-1.el7.x86_64.rpm state: present - name: "update sysconfig/mrzcpd" @@ -18,132 +18,18 @@ template: src: "{{ role_path }}/templates/traffic_mirror/mrglobal.conf.traffic_mirror.j2" dest: /opt/mrzcpd/etc/mrglobal.conf - when: nic_traffic_mirror is defined - - -- name: "copy mrapp.sapp4.conf to destination server" - template: - src: "{{ role_path }}/templates/mrapp.sapp4.conf " - dest: /opt/mrzcpd/etc/mrapp.sapp4.conf - when: - - tsg_access_type == 4 or tsg_access_type == 5 - -- name: "update mrglobal.conf.adc_inline" - template: - src: "{{ role_path }}/templates/adc_inline/mrglobal.conf.adc_inline.j2" - dest: /opt/mrzcpd/etc/mrglobal.conf - when: - - nic_traffic_mirror is not defined - - tsg_access_type == 1 - - tsg_running_type == 2 - -- name: "update mrglobal.conf.server_inline" - template: - src: "{{ role_path }}/templates/server_inline/mrglobal.conf.server_inline.j2" - dest: /opt/mrzcpd/etc/mrglobal.conf - when: - - nic_traffic_mirror is not defined - - tsg_access_type == 1 - - tsg_running_type != 2 - -- name: "update mrglobal.conf.allot - mcn0" - template: - src: "{{ role_path }}/templates/allot_access/mrglobal.conf.allot_access.j2" - dest: /opt/mrzcpd/etc/mrglobal.conf - when: - - nic_traffic_mirror is not defined - - tsg_access_type == 2 - -- name: "update mrglobal.conf.adc_tun_mode - mcn0" - template: - src: "{{ role_path }}/templates/adc_tun_mode/mrglobal.conf.adc_tun_mode.j2" - dest: /opt/mrzcpd/etc/mrglobal.conf - when: - - nic_traffic_mirror is not defined - - tsg_access_type == 3 - - -- name: "update mrglobal.conf.ATCA_Vlan_Flipping" - template: - src: "{{ role_path }}/templates/ATCA_Vlan_Flipping/mrglobal.conf.ATCA_Vlan_Flipping.j2" - dest: /opt/mrzcpd/etc/mrglobal.conf - when: - - nic_traffic_mirror is not defined - - tsg_access_type == 4 - -- name: "update mrglobal.conf.ATCA_VXLAN" - template: - src: "{{ role_path }}/templates/ATCA_VXLAN/mrglobal.conf.ATCA_VXLAN.j2" - dest: /opt/mrzcpd/etc/mrglobal.conf - when: - - nic_traffic_mirror is not defined - - tsg_access_type == 5 - -- name: "update mrtunnat.conf.adc_inline" - template: - src: "{{ role_path }}/templates/adc_inline/mrtunnat.conf.adc_inline.j2" - dest: /opt/mrzcpd/etc/mrtunnat.conf - when: - - nic_traffic_mirror is not defined - - tsg_access_type == 1 - - tsg_running_type == 2 - -- name: "update mrtunnat.conf.server_inline" - template: - src: "{{ role_path }}/templates/server_inline/mrtunnat.conf.server_inline.j2" - dest: /opt/mrzcpd/etc/mrtunnat.conf - when: - - nic_traffic_mirror is not defined - - tsg_access_type == 1 - - tsg_running_type != 2 - -- name: "update mrtunnat.conf.allot_access - mcn0" - template: - src: "{{ role_path }}/templates/allot_access/mrtunnat.conf.allot_access.j2" - dest: /opt/mrzcpd/etc/mrtunnat.conf - when: - - nic_traffic_mirror is not defined - - tsg_access_type == 2 - -- name: "update mrtunnat.conf.adc_tun_mode - mcn0" - template: - src: "{{ role_path }}/templates/adc_tun_mode/mrtunnat.conf.adc_tun_mode.j2" - dest: /opt/mrzcpd/etc/mrtunnat.conf - when: - - nic_traffic_mirror is not defined - - tsg_access_type == 3 - -- name: "update mrtunnat.conf.ATCA_Vlan_Flipping" - template: - src: "{{ role_path }}/templates/ATCA_Vlan_Flipping/mrtunnat.conf.ATCA_Vlan_Flipping.j2" - dest: /opt/mrzcpd/etc/mrtunnat.conf - when: - - nic_traffic_mirror is not defined - - tsg_access_type == 4 - -- name: "update mrtunnat.conf.ATCA_VXLAN" - template: - src: "{{ role_path }}/templates/ATCA_VXLAN/mrtunnat.conf.ATCA_VXLAN.j2" - dest: /opt/mrzcpd/etc/mrtunnat.conf - when: - - nic_traffic_mirror is not defined - - tsg_access_type == 5 - name: "enable mrenv" systemd: name: mrenv enabled: yes daemon_reload: yes - when: - - tsg_access_type != 0 - name: "enable mrzcpd" systemd: name: mrzcpd enabled: yes daemon_reload: yes - when: - - tsg_access_type != 0 - name: "enable prometheus output - monit_device" systemd: @@ -157,36 +43,8 @@ enabled: yes daemon_reload: yes -- name: "enable mrtunnat on master" - systemd: - name: mrtunnat - enabled: no - daemon_reload: yes - when: - - nic_traffic_mirror is not defined - - tsg_access_type != 0 - - name: "disable mrtunnat on slave" systemd: name: mrtunnat enabled: no daemon_reload: yes - when: nic_traffic_mirror is defined - -- name: "mask mrzcpd on server_tun_mode" - systemd: - name: mrzcpd - enabled: no - masked: yes - daemon_reload: yes - when: - - tsg_access_type == 0 - -- name: "mask mrtunnat on server_tun_mode" - systemd: - name: mrtunnat - enabled: no - masked: yes - daemon_reload: yes - when: - - tsg_access_type == 0 diff --git a/roles/mrzcpd/templates/ATCA_VXLAN/mrglobal.conf.ATCA_VXLAN.j2 b/roles/mrzcpd/templates/ATCA_VXLAN/mrglobal.conf.ATCA_VXLAN.j2 deleted file mode 100644 index f012661..0000000 --- a/roles/mrzcpd/templates/ATCA_VXLAN/mrglobal.conf.ATCA_VXLAN.j2 +++ /dev/null @@ -1,57 +0,0 @@ -[device] -device={{ATCA_data_incoming.vf0_name}},{{ ATCA_data_incoming.vf1_name }},vxlan_user,vxlan_fwd -sz_tunnel=8192 -sz_buffer=32 - -[device:{{ATCA_data_incoming.vf0_name}}] -mtu=4096 -clear_tx_flags=1 -hw_strip_crc=1 -in_addr={{ ATCA_VXLAN.keepalive_ip }} -in_mask={{ ATCA_VXLAN.keepalive_mask }} -#rssmode=3 - -[device:{{ ATCA_data_incoming.vf1_name }}] -mtu=4096 -clear_tx_flags=1 -vlan-filter=1 -vlan-strip=1 -vlan-id-allow=4095 -vlan-pvid=0 -vlan-pvid-mode=2 -hw_strip_crc=1 -sz_tunnel=8192 -sz_buffer=0 - -[service] -# lcore id for i/o service, use comma to split -iocore={{ mrzcpd.iocore }} -distmode=1 -hashmode=0 -idle_threshold=10000 - -[eal] -virtaddr=0x7f40c4a00000 -loglevel=7 - -[keepalive] -check_spinlock=0 - -[ctrlzone] -ctrlzone0=tunnat,64 - -[pool] -create_mode=3 -sz_direct_pktmbuf=4194304 -sz_indirect_pktmbuf=8192 -sz_cache=256 -sz_data=4096 - -[forward] -nr_forward_rule=6 -forward_rule_0=pv,{{ATCA_data_incoming.vf0_name}},{{ATCA_data_incoming.vf0_name}} -forward_rule_1=vp,{{ATCA_data_incoming.vf0_name}},{{ATCA_data_incoming.vf0_name}} -forward_rule_2=vv,vxlan_fwd,vxlan_user -forward_rule_3=vv,vxlan_user,vxlan_fwd -forward_rule_4=pv,{{ ATCA_data_incoming.vf1_name }},{{ ATCA_data_incoming.vf1_name }} -forward_rule_5=vp,{{ ATCA_data_incoming.vf1_name }},{{ ATCA_data_incoming.vf1_name }} diff --git a/roles/mrzcpd/templates/ATCA_VXLAN/mrtunnat.conf.ATCA_VXLAN.j2 b/roles/mrzcpd/templates/ATCA_VXLAN/mrtunnat.conf.ATCA_VXLAN.j2 deleted file mode 100644 index ac710dd..0000000 --- a/roles/mrzcpd/templates/ATCA_VXLAN/mrtunnat.conf.ATCA_VXLAN.j2 +++ /dev/null @@ -1,20 +0,0 @@ -[tunnat] -lcore_id={{ mrtunnat.lcore_id }} -appsym=tunnat -phydev={{ATCA_data_incoming.vf0_name}} -virtdev=vxlan_fwd -nr_max_sessions=524280 -nr_slots=1048576 -expire_time=60 -reverse_tunnel=0 -use_recent_tunnel=0 -use_link_info_table=1 -use_tuple4_as_sskey=0 -ctrlzone_addr_info_type=2 -idle_threshold=10000 - -[vlan_flipping] -enable=0 -c_router_vlan_id_0=1000 -i_router_vlan_id_0=1001 -en_mac_flipping_0=0 diff --git a/roles/mrzcpd/templates/ATCA_Vlan_Flipping/mrglobal.conf.ATCA_Vlan_Flipping.j2 b/roles/mrzcpd/templates/ATCA_Vlan_Flipping/mrglobal.conf.ATCA_Vlan_Flipping.j2 deleted file mode 100644 index 01e6543..0000000 --- a/roles/mrzcpd/templates/ATCA_Vlan_Flipping/mrglobal.conf.ATCA_Vlan_Flipping.j2 +++ /dev/null @@ -1,60 +0,0 @@ -[device] -device={{ATCA_data_incoming.vf0_name}},{{ ATCA_data_incoming.vf1_name }},vxlan_user,vxlan_fwd -sz_tunnel=8192 -sz_buffer=32 - -[device:{{ATCA_data_incoming.vf0_name}}] -mtu=4096 -clear_tx_flags=1 -vlan-filter=1 -vlan-strip=1 -vlan-id-allow={{ ATCA_VlanFlipping.vlanID_1 }},{{ ATCA_VlanFlipping.vlanID_2 }},{{ ATCA_VlanFlipping.vlanID_3 }},{{ ATCA_VlanFlipping.vlanID_4 }} -vlan-pvid=0 -vlan-pvid-mode=2 -hw_strip_crc=1 -#rssmode=3 - -[device:{{ ATCA_data_incoming.vf1_name }}] -mtu=4096 -clear_tx_flags=1 -vlan-filter=1 -vlan-strip=1 -vlan-id-allow=4095 -vlan-pvid=0 -vlan-pvid-mode=2 -hw_strip_crc=1 -sz_tunnel=8192 -sz_buffer=0 - -[service] -# lcore id for i/o service, use comma to split -iocore={{ mrzcpd.iocore }} -distmode=1 -hashmode=0 -idle_threshold=10000 - -[eal] -virtaddr=0x7f40c4a00000 -loglevel=7 - -[keepalive] -check_spinlock=0 - -[ctrlzone] -ctrlzone0=tunnat,64 - -[pool] -create_mode=3 -sz_direct_pktmbuf=4194304 -sz_indirect_pktmbuf=8192 -sz_cache=256 -sz_data=4096 - -[forward] -nr_forward_rule=6 -forward_rule_0=pv,{{ATCA_data_incoming.vf0_name}},{{ATCA_data_incoming.vf0_name}} -forward_rule_1=vp,{{ATCA_data_incoming.vf0_name}},{{ATCA_data_incoming.vf0_name}} -forward_rule_2=vv,vxlan_fwd,vxlan_user -forward_rule_3=vv,vxlan_user,vxlan_fwd -forward_rule_4=pv,{{ ATCA_data_incoming.vf1_name }},{{ ATCA_data_incoming.vf1_name }} -forward_rule_5=vp,{{ ATCA_data_incoming.vf1_name }},{{ ATCA_data_incoming.vf1_name }} diff --git a/roles/mrzcpd/templates/ATCA_Vlan_Flipping/mrtunnat.conf.ATCA_Vlan_Flipping.j2 b/roles/mrzcpd/templates/ATCA_Vlan_Flipping/mrtunnat.conf.ATCA_Vlan_Flipping.j2 deleted file mode 100644 index 95f1734..0000000 --- a/roles/mrzcpd/templates/ATCA_Vlan_Flipping/mrtunnat.conf.ATCA_Vlan_Flipping.j2 +++ /dev/null @@ -1,23 +0,0 @@ -[tunnat] -lcore_id={{ mrtunnat.lcore_id }} -appsym=tunnat -phydev={{ATCA_data_incoming.vf0_name}} -virtdev=vxlan_fwd -nr_max_sessions=524280 -nr_slots=1048576 -expire_time=60 -reverse_tunnel=0 -use_recent_tunnel=0 -use_link_info_table=1 -use_tuple4_as_sskey=0 -ctrlzone_addr_info_type=2 -idle_threshold=10000 - -[vlan_flipping] -enable=1 -c_router_vlan_id_0={{ ATCA_VlanFlipping.vlanID_1 }} -i_router_vlan_id_0={{ ATCA_VlanFlipping.vlanID_2 }} -en_mac_flipping_0=0 -c_router_vlan_id_1={{ ATCA_VlanFlipping.vlanID_3 }} -i_router_vlan_id_1={{ ATCA_VlanFlipping.vlanID_4 }} -en_mac_flipping_1=0 diff --git a/roles/mrzcpd/templates/adc_inline/mrglobal.conf.adc_inline.j2 b/roles/mrzcpd/templates/adc_inline/mrglobal.conf.adc_inline.j2 deleted file mode 100644 index a80a483..0000000 --- a/roles/mrzcpd/templates/adc_inline/mrglobal.conf.adc_inline.j2 +++ /dev/null @@ -1,67 +0,0 @@ -[device] -device={{nic_data_incoming.name}},{{nic_to_tfe.tfe0.name}},{{nic_to_tfe.tfe1.name}},{{nic_to_tfe.tfe2.name}},vxlan_user,vxlan_fwd -sz_tunnel=8192 -sz_buffer=0 - -[device:{{nic_data_incoming.name}}] -in_addr={{inline_device_config.keepalive_ip}} -in_mask={{inline_device_config.keepalive_mask}} -jumbo_frame=1 -max_rx_pkt_len=15360 -clear_tx_flags=1 -vlan-filter=1 -vlan-id-allow=1000,1001,4000,4001 - -[device:{{nic_to_tfe.tfe0.name}}] -jumbo_frame=1 -max_rx_pkt_len=15360 -clear_tx_flags=1 -promisc=1 - -[device:{{nic_to_tfe.tfe1.name}}] -jumbo_frame=1 -max_rx_pkt_len=15360 -clear_tx_flags=1 -promisc=1 - -[device:{{nic_to_tfe.tfe2.name}}] -jumbo_frame=1 -max_rx_pkt_len=15360 -clear_tx_flags=1 -promisc=1 - -[service] -# lcore id for i/o service, use comma to split -iocore={{ mcn0_mrzcpd.iocore }} -distmode=2 -hashmode=0 - -[eal] -virtaddr=0x7f40c4a00000 -loglevel=7 - -[keepalive] -check_spinlock=0 - -[ctrlzone] -ctrlzone0=tunnat,64 - -[pool] -create_mode=3 -sz_direct_pktmbuf=4194304 -sz_indirect_pktmbuf=8192 -sz_cache=256 -sz_data=4096 - -[forward] -nr_forward_rule=10 -forward_rule_0=pv,{{nic_data_incoming.name}},{{nic_data_incoming.name}} -forward_rule_1=vp,{{nic_data_incoming.name}},{{nic_data_incoming.name}} -forward_rule_2=vv,vxlan_fwd,vxlan_user -forward_rule_3=vv,vxlan_user,vxlan_fwd -forward_rule_4=pv,{{nic_to_tfe.tfe0.name}},{{nic_to_tfe.tfe0.name}} -forward_rule_5=vp,{{nic_to_tfe.tfe0.name}},{{nic_to_tfe.tfe0.name}} -forward_rule_6=pv,{{nic_to_tfe.tfe1.name}},{{nic_to_tfe.tfe1.name}} -forward_rule_7=vp,{{nic_to_tfe.tfe1.name}},{{nic_to_tfe.tfe1.name}} -forward_rule_8=pv,{{nic_to_tfe.tfe2.name}},{{nic_to_tfe.tfe2.name}} -forward_rule_9=vp,{{nic_to_tfe.tfe2.name}},{{nic_to_tfe.tfe2.name}} diff --git a/roles/mrzcpd/templates/adc_inline/mrtunnat.conf.adc_inline.j2 b/roles/mrzcpd/templates/adc_inline/mrtunnat.conf.adc_inline.j2 deleted file mode 100644 index 6c8f5be..0000000 --- a/roles/mrzcpd/templates/adc_inline/mrtunnat.conf.adc_inline.j2 +++ /dev/null @@ -1,21 +0,0 @@ -[tunnat] -lcore_id={{ mrtunnat.lcore_id }} -appsym=tunnat -phydev={{nic_data_incoming.name}} -virtdev=vxlan_fwd -nr_max_sessions=524280 -nr_slots=1048576 -expire_time=60 -reverse_tunnel=0 -use_recent_tunnel=0 -use_tuple4_as_sskey=1 -ctrlzone_addr_info_type=2 - -[vlan_flipping] -enable=1 -c_router_vlan_id_0=1000 -i_router_vlan_id_0=1001 -en_mac_flipping_0=0 -c_router_vlan_id_1=4000 -i_router_vlan_id_1=4001 -en_mac_flipping_1=0 diff --git a/roles/mrzcpd/templates/adc_tun_mode/mrglobal.conf.adc_tun_mode.j2 b/roles/mrzcpd/templates/adc_tun_mode/mrglobal.conf.adc_tun_mode.j2 deleted file mode 100644 index 032a1c4..0000000 --- a/roles/mrzcpd/templates/adc_tun_mode/mrglobal.conf.adc_tun_mode.j2 +++ /dev/null @@ -1,68 +0,0 @@ -[device] -device={{nic_data_incoming.name}},{{nic_to_tfe.tfe0.name}},{{nic_to_tfe.tfe1.name}},{{nic_to_tfe.tfe2.name}},vxlan_user,vxlan_fwd -sz_tunnel=8192 -sz_buffer=0 - -[device:{{nic_data_incoming.name}}] -jumbo_frame=1 -max_rx_pkt_len=15360 -clear_tx_flags=1 -vlan-filter=1 -vlan-id-allow=1000,1001,2000,2001,4000,4001 -vlan-pvid=0 -vlan-pvid-mode=2 -promisc=1 - -[device:{{nic_to_tfe.tfe0.name}}] -jumbo_frame=1 -max_rx_pkt_len=15360 -clear_tx_flags=1 -promisc=1 - -[device:{{nic_to_tfe.tfe1.name}}] -jumbo_frame=1 -max_rx_pkt_len=15360 -clear_tx_flags=1 -promisc=1 - -[device:{{nic_to_tfe.tfe2.name}}] -jumbo_frame=1 -max_rx_pkt_len=15360 -clear_tx_flags=1 -promisc=1 - -[service] -# lcore id for i/o service, use comma to split -iocore={{ mrzcpd.iocore }} -distmode=2 -hashmode=0 - -[eal] -virtaddr=0x7f40c4a00000 -loglevel=7 - -[keepalive] -check_spinlock=0 - -[ctrlzone] -ctrlzone0=tunnat,64 - -[pool] -create_mode=3 -sz_direct_pktmbuf=4194304 -sz_indirect_pktmbuf=8192 -sz_cache=256 -sz_data=4096 - -[forward] -nr_forward_rule=10 -forward_rule_0=pv,{{nic_data_incoming.name}},{{nic_data_incoming.name}} -forward_rule_1=vp,{{nic_data_incoming.name}},{{nic_data_incoming.name}} -forward_rule_2=vv,vxlan_fwd,vxlan_user -forward_rule_3=vv,vxlan_user,vxlan_fwd -forward_rule_4=pv,{{nic_to_tfe.tfe0.name}},{{nic_to_tfe.tfe0.name}} -forward_rule_5=vp,{{nic_to_tfe.tfe0.name}},{{nic_to_tfe.tfe0.name}} -forward_rule_6=pv,{{nic_to_tfe.tfe1.name}},{{nic_to_tfe.tfe1.name}} -forward_rule_7=vp,{{nic_to_tfe.tfe1.name}},{{nic_to_tfe.tfe1.name}} -forward_rule_8=pv,{{nic_to_tfe.tfe2.name}},{{nic_to_tfe.tfe2.name}} -forward_rule_9=vp,{{nic_to_tfe.tfe2.name}},{{nic_to_tfe.tfe2.name}} diff --git a/roles/mrzcpd/templates/adc_tun_mode/mrtunnat.conf.adc_tun_mode.j2 b/roles/mrzcpd/templates/adc_tun_mode/mrtunnat.conf.adc_tun_mode.j2 deleted file mode 100644 index 19971c6..0000000 --- a/roles/mrzcpd/templates/adc_tun_mode/mrtunnat.conf.adc_tun_mode.j2 +++ /dev/null @@ -1,24 +0,0 @@ -[tunnat] -lcore_id={{ mrtunnat.lcore_id }} -appsym=tunnat -phydev={{nic_data_incoming.name}} -virtdev=vxlan_fwd -nr_max_sessions=524280 -nr_slots=1048576 -expire_time=60 -reverse_tunnel=0 -use_recent_tunnel=0 -use_tuple4_as_sskey=1 -ctrlzone_addr_info_type=2 - -[vlan_flipping] -enable=1 -c_router_vlan_id_0=1000 -i_router_vlan_id_0=1001 -en_mac_flipping_0=0 -c_router_vlan_id_1=2000 -i_router_vlan_id_1=2001 -en_mac_flipping_1=0 -c_router_vlan_id_2=4000 -i_router_vlan_id_2=4001 -en_mac_flipping_2=0 diff --git a/roles/mrzcpd/templates/allot_access/mrglobal.conf.allot_access.j2 b/roles/mrzcpd/templates/allot_access/mrglobal.conf.allot_access.j2 deleted file mode 100644 index 245aecc..0000000 --- a/roles/mrzcpd/templates/allot_access/mrglobal.conf.allot_access.j2 +++ /dev/null @@ -1,69 +0,0 @@ -[device] -device=ens1f4,ens1f5,ens1f6,ens1f7,vxlan_user,vxlan_fwd -sz_tunnel=8192 -sz_buffer=0 - -[device:ens1f4] -jumbo_frame=1 -max_rx_pkt_len=15360 -clear_tx_flags=1 -vlan-filter=1 -vlan-id-allow={{ AllotAccess.virturlID_1 }},{{ AllotAccess.virturlID_2 }},{{ AllotAccess.virturlID_3 }},{{ AllotAccess.virturlID_4 }},4000,4001 -vlan-pvid=0 -vlan-pvid-mode=2 -promisc=1 - -[device:ens1f5] -jumbo_frame=1 -max_rx_pkt_len=15360 -clear_tx_flags=1 -promisc=1 - -[device:ens1f6] -jumbo_frame=1 -max_rx_pkt_len=15360 -clear_tx_flags=1 -promisc=1 - -[device:ens1f7] -jumbo_frame=1 -max_rx_pkt_len=15360 -clear_tx_flags=1 -promisc=1 - -[service] -# lcore id for i/o service, use comma to split -iocore={{ mcn0_mrzcpd.iocore }} -distmode=2 -hashmode=0 - -[eal] -virtaddr=0x7f40c4a00000 -loglevel=7 - -[keepalive] -check_spinlock=0 - -[ctrlzone] -ctrlzone0=tunnat,64 - -[pool] -create_mode=3 -sz_direct_pktmbuf=4194304 -sz_indirect_pktmbuf=8192 -sz_cache=256 -sz_data=4096 - -[forward] -nr_forward_rule=10 -forward_rule_0=pv,ens1f4,ens1f4 -forward_rule_1=vp,ens1f4,ens1f4 -forward_rule_2=vv,vxlan_fwd,vxlan_user -forward_rule_3=vv,vxlan_user,vxlan_fwd -forward_rule_4=pv,ens1f5,ens1f5 -forward_rule_5=vp,ens1f5,ens1f5 -forward_rule_6=pv,ens1f6,ens1f6 -forward_rule_7=vp,ens1f6,ens1f6 -forward_rule_8=pv,ens1f7,ens1f7 -forward_rule_9=vp,ens1f7,ens1f7 - diff --git a/roles/mrzcpd/templates/allot_access/mrtunnat.conf.allot_access.j2 b/roles/mrzcpd/templates/allot_access/mrtunnat.conf.allot_access.j2 deleted file mode 100644 index a0841d6..0000000 --- a/roles/mrzcpd/templates/allot_access/mrtunnat.conf.allot_access.j2 +++ /dev/null @@ -1,25 +0,0 @@ -[tunnat] -lcore_id={{ mrtunnat.lcore_id }} -appsym=tunnat -phydev=ens1f4 -virtdev=vxlan_fwd -nr_max_sessions=524280 -nr_slots=1048576 -expire_time=60 -reverse_tunnel=0 -use_recent_tunnel=0 -use_tuple4_as_sskey=1 -ctrlzone_addr_info_type=2 - -[vlan_flipping] -enable=1 -c_router_vlan_id_0={{ AllotAccess.virturlID_1 }} -i_router_vlan_id_0={{ AllotAccess.virturlID_2 }} -en_mac_flipping_0=1 -c_router_vlan_id_1={{ AllotAccess.virturlID_3 }} -i_router_vlan_id_1={{ AllotAccess.virturlID_4 }} -en_mac_flipping_1=1 -c_router_vlan_id_2=4000 -i_router_vlan_id_2=4001 -en_mac_flipping_2=0 - diff --git a/roles/mrzcpd/templates/mrapp.sapp4.conf b/roles/mrzcpd/templates/mrapp.sapp4.conf deleted file mode 100644 index 6f6c944..0000000 --- a/roles/mrzcpd/templates/mrapp.sapp4.conf +++ /dev/null @@ -1,2 +0,0 @@ -[bpfdump:vxlan_user] -enable=1 diff --git a/roles/mrzcpd/templates/server_inline/mrglobal.conf.server_inline.j2 b/roles/mrzcpd/templates/server_inline/mrglobal.conf.server_inline.j2 deleted file mode 100644 index b5cef2d..0000000 --- a/roles/mrzcpd/templates/server_inline/mrglobal.conf.server_inline.j2 +++ /dev/null @@ -1,47 +0,0 @@ -[device] -device={{inline_device_config.data_incoming}},vxlan_user,vxlan_fwd -sz_tunnel=8192 -sz_buffer=0 - -[device:{{inline_device_config.data_incoming}}] -in_addr={{inline_device_config.keepalive_ip}} -in_mask={{inline_device_config.keepalive_mask}} -jumbo_frame=1 -max_rx_pkt_len=15360 -clear_tx_flags=1 - -#[device:] -#jumbo_frame=1 -#max_rx_pkt_len=15360 -#clear_tx_flags=1 -#promisc=1 - -[service] -# lcore id for i/o service, use comma to split -iocore={{ mrzcpd.iocore }} -distmode=2 -hashmode=0 - -[eal] -virtaddr=0x7f40c4a00000 -loglevel=7 - -[keepalive] -check_spinlock=0 - -[ctrlzone] -ctrlzone0=tunnat,64 - -[pool] -create_mode=3 -sz_direct_pktmbuf=4194304 -sz_indirect_pktmbuf=8192 -sz_cache=256 -sz_data=4096 - -[forward] -nr_forward_rule=4 -forward_rule_0=pv,{{inline_device_config.data_incoming}},{{inline_device_config.data_incoming}} -forward_rule_1=vp,{{inline_device_config.data_incoming}},{{inline_device_config.data_incoming}} -forward_rule_2=vv,vxlan_fwd,vxlan_user -forward_rule_3=vv,vxlan_user,vxlan_fwd diff --git a/roles/mrzcpd/templates/server_inline/mrtunnat.conf.server_inline.j2 b/roles/mrzcpd/templates/server_inline/mrtunnat.conf.server_inline.j2 deleted file mode 100644 index 7f09bae..0000000 --- a/roles/mrzcpd/templates/server_inline/mrtunnat.conf.server_inline.j2 +++ /dev/null @@ -1,18 +0,0 @@ -[tunnat] -lcore_id={{ mrtunnat.lcore_id }} -appsym=tunnat -phydev={{inline_device_config.data_incoming}} -virtdev=vxlan_fwd -nr_max_sessions=524280 -nr_slots=1048576 -expire_time=60 -reverse_tunnel=0 -use_recent_tunnel=0 -use_tuple4_as_sskey=1 -ctrlzone_addr_info_type=2 - -[vlan_flipping] -enable=0 -c_router_vlan_id_0=1000 -i_router_vlan_id_0=1001 -en_mac_flipping_0=0 diff --git a/roles/mrzcpd/templates/traffic_mirror/mrglobal.conf.traffic_mirror.j2 b/roles/mrzcpd/templates/traffic_mirror/mrglobal.conf.traffic_mirror.j2 index 00e70ab..1e31f2a 100644 --- a/roles/mrzcpd/templates/traffic_mirror/mrglobal.conf.traffic_mirror.j2 +++ b/roles/mrzcpd/templates/traffic_mirror/mrglobal.conf.traffic_mirror.j2 @@ -1,23 +1,30 @@ [device] -device={{nic_traffic_mirror.name}} +device={{ data_incoming_nic_list | join(",") }},vxlan_user,vxlan_fwd sz_tunnel=8192 sz_buffer=0 -[device:{{nic_traffic_mirror.name}}] -jumbo_frame=1 -max_rx_pkt_len=15360 +{% for nic_name in data_incomint_nic_list %} +[device:{{ nic_name }}] +mtu=4096 clear_tx_flags=1 -promisc=1 + +{% endfor %} [service] -iocore={{ mcn123_mrzcpd.iocore }} +# lcore id for i/o service, use comma to split +iocore={{ mrzcpd.iocore }} +distmode=2 +hashmode=0 [eal] -virtaddr=0x7d0000000000 +virtaddr=0x7f40c4a00000 loglevel=7 [keepalive] -check_spinlock=1 +check_spinlock=0 + +[ctrlzone] +ctrlzone0=tunnat,64 [pool] create_mode=3 diff --git a/roles/packet_dump/files/packet_dump-1.0.8.2e723ab-2.el7.x86_64.rpm b/roles/packet_dump/files/packet_dump-1.0.8.2e723ab-2.el7.x86_64.rpm deleted file mode 100644 index cb35f20..0000000 Binary files a/roles/packet_dump/files/packet_dump-1.0.8.2e723ab-2.el7.x86_64.rpm and /dev/null differ diff --git a/roles/packet_dump/files/packet_dump.service b/roles/packet_dump/files/packet_dump.service deleted file mode 100644 index 7afe11c..0000000 --- a/roles/packet_dump/files/packet_dump.service +++ /dev/null @@ -1,19 +0,0 @@ -[Unit] -Description=packet dump service -After=After=network.target - -[Service] -Type=fork -WorkingDirectory=/home/mesasoft/packet_dump -ExecStart=/home/mesasoft/packet_dump/packet_dump -TimeoutSec=60s -RestartSec=10s -Restart=always -LimitNOFILE=524288 -LimitNPROC=infinity -LimitCORE=infinity -TasksMax=infinity -Delegate=yes - -[Install] -WantedBy=multi-user.target diff --git a/roles/packet_dump/files/systemd_exporter b/roles/packet_dump/files/systemd_exporter deleted file mode 100644 index b075967..0000000 Binary files a/roles/packet_dump/files/systemd_exporter and /dev/null differ diff --git a/roles/packet_dump/tasks/main.yml b/roles/packet_dump/tasks/main.yml deleted file mode 100644 index fc15304..0000000 --- a/roles/packet_dump/tasks/main.yml +++ /dev/null @@ -1,63 +0,0 @@ -- name: "copy packet_dump rpm to destination server" - copy: - src: "{{ role_path }}/files/packet_dump-1.0.8.2e723ab-2.el7.x86_64.rpm" - dest: /tmp/ansible_deploy/ - -- name: "copy packet_dump.service to destination server" - copy: - src: "{{ role_path }}/files/packet_dump.service" - dest: /usr/lib/systemd/system - mode: 0755 - -- name: "install packet_dump rpm from localhost" - yum: - name: - - /tmp/ansible_deploy/packet_dump-1.0.8.2e723ab-2.el7.x86_64.rpm - state: present - -- name: "Template the packet_dump.conf" - template: - src: "{{ role_path }}/templates/packet_dump.conf.j2" - dest: /home/mesasoft/packet_dump/conf/packet_dump.conf - tags: template - -- name: "create /var/www/html/troubleshooting" - file: - path: /var/www/html/troubleshooting - state: directory - -- name: "mkdir /opt/packet-dump-exporter/" - file: - path: /opt/packet-dump-exporter/ - state: directory - -- name: "copy systemd_exporter" - copy: - src: '{{ role_path }}/files/systemd_exporter' - dest: /opt/packet-dump-exporter/systemd_exporter - mode: 0755 - -- name: "templates packet-dump-exporter-systemd.service" - template: - src: "{{role_path}}/templates/packet-dump-exporter-systemd.service.j2" - dest: /usr/lib/systemd/system/packet-dump-exporter-systemd.service - tags: template - -- name: "start packet_dump" - systemd: - name: packet_dump.service - enabled: yes - daemon_reload: yes - -- name: "enable httpd" - systemd: - name: httpd - enabled: yes - daemon_reload: yes - -- name: 'packet-dump-exporter-systemd service start' - systemd: - name: packet-dump-exporter-systemd - enabled: yes - daemon_reload: yes - state: restarted diff --git a/roles/packet_dump/templates/packet-dump-exporter-systemd.service.j2 b/roles/packet_dump/templates/packet-dump-exporter-systemd.service.j2 deleted file mode 100644 index 2e99629..0000000 --- a/roles/packet_dump/templates/packet-dump-exporter-systemd.service.j2 +++ /dev/null @@ -1,11 +0,0 @@ -[Unit] -Description=Systemd Exporter -After=network.target - -[Service] -Type=simple -ExecStart=/opt/packet-dump-exporter/systemd_exporter --web.disable-exporter-metrics -Restart=always - -[Install] -WantedBy=multi-user.target diff --git a/roles/packet_dump/templates/packet_dump.conf.j2 b/roles/packet_dump/templates/packet_dump.conf.j2 deleted file mode 100644 index a0727ed..0000000 --- a/roles/packet_dump/templates/packet_dump.conf.j2 +++ /dev/null @@ -1,17 +0,0 @@ -[KAFKA] -BROKER_LIST={{ log_kafkabrokers.address | join(",")}} -KAFKA_OFFSET=largest - -[SYSTEM] -NIC_NAME={{ nic_mgr.name }} -LOG_LEVEL={{ packet_dump_log_level }} -LOG_PATH=log/packet_dump -PCAPNG_FILEPATH_PREFIX=/troubleshooting/ -PCAPNG_BASEPATH_PREFIX=/var/www/html/ - -[breakpad] -disable_coredump=1 -enable_breakpad=1 -breakpad_minidump_dir=/tmp/packet_dump/crashreport -enable_breakpad_upload=1 -breakpad_upload_url={{ breakpad_upload_url }} diff --git a/roles/proxy_status/files/proxy-status.service b/roles/proxy_status/files/proxy-status.service deleted file mode 100644 index 1e5b381..0000000 --- a/roles/proxy_status/files/proxy-status.service +++ /dev/null @@ -1,11 +0,0 @@ -[Unit] -Description=proxy status - -[Service] -ExecStart=/opt/proxy_status/proxy_start -ExecStop=/opt/proxy_status/proxy_stop -Type=oneshot -RemainAfterExit=yes - -[Install] -WantedBy=multi-user.target diff --git a/roles/proxy_status/files/proxy_start b/roles/proxy_status/files/proxy_start deleted file mode 100755 index b096235..0000000 --- a/roles/proxy_status/files/proxy_start +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/bash -# - -systemctl start tsg-env-tun-mode.service &>/dev/null & -sleep 2 -systemctl start sapp.service &>/dev/null & -sleep 5 -systemctl start tfe-env.service &>/dev/null & -sleep 5 -systemctl start tfe.service &>/dev/null & -systemctl start certstore.service &>/dev/null & -systemctl start cert-redis.service &>/dev/null & diff --git a/roles/proxy_status/files/proxy_status b/roles/proxy_status/files/proxy_status deleted file mode 100755 index 0e760be..0000000 --- a/roles/proxy_status/files/proxy_status +++ /dev/null @@ -1,65 +0,0 @@ -#!/bin/bash -# - -systemctl status tsg-env-tun-mode &>/dev/null -if [ $? -eq 0 ];then - echo -e "\033[32m tsg-env-tun-mode is running \033[0m" -else - echo -e "\033[31m tsg-env-tun-mode is down \033[0m" -fi - -systemctl status mrzcpd &>/dev/null -if [ $? -eq 0 ];then - echo -e "\033[32m mrzcpd is running \033[0m" -else - echo -e "\033[31m mrzcpd is down \033[0m" -fi - -systemctl status mrenv &>/dev/null -if [ $? -eq 0 ];then - echo -e "\033[32m mrenv is running \033[0m" -else - echo -e "\033[31m mrenv is down \033[0m" -fi - -systemctl status mrtunnat &>/dev/null -if [ $? -eq 0 ];then - echo -e "\033[32m mrtunnat is running \033[0m" -else - echo -e "\033[31m mrtunnat is down \033[0m" -fi - -systemctl status sapp &>/dev/null -if [ $? -eq 0 ];then - echo -e "\033[32m sapp is running \033[0m" -else - echo -e "\033[31m sapp is down \033[0m" -fi - -systemctl status tfe-env &>/dev/null -if [ $? -eq 0 ];then - echo -e "\033[32m tfe-env is running \033[0m" -else - echo -e "\033[31m tfe-env is down \033[0m" -fi - -systemctl status tfe &>/dev/null -if [ $? -eq 0 ];then - echo -e "\033[32m tfe is running \033[0m" -else - echo -e "\033[31m tfe is down \033[0m" -fi - -systemctl status certstore &>/dev/null -if [ $? -eq 0 ];then - echo -e "\033[32m certstore is running \033[0m" -else - echo -e "\033[31m certstore is down \033[0m" -fi - -systemctl status cert-redis &>/dev/null -if [ $? -eq 0 ];then - echo -e "\033[32m cert-redis is running \033[0m" -else - echo -e "\033[31m cert-redis is down \033[0m" -fi diff --git a/roles/proxy_status/files/proxy_stop b/roles/proxy_status/files/proxy_stop deleted file mode 100755 index b7b7cd9..0000000 --- a/roles/proxy_status/files/proxy_stop +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/bash -# - -systemctl stop tsg-env-tun-mode.service &>/dev/null & -systemctl stop mrzcpd.service &>/dev/null & -systemctl stop mrtunnat.service &>/dev/null & -systemctl stop sapp.service &>/dev/null & -systemctl stop tfe-env.service &>/dev/null & -systemctl stop tfe.service &>/dev/null & -systemctl stop certstore.service &>/dev/null & -systemctl stop cert-redis.service &>/dev/null & - diff --git a/roles/proxy_status/tasks/main.yml b/roles/proxy_status/tasks/main.yml deleted file mode 100644 index aa4e750..0000000 --- a/roles/proxy_status/tasks/main.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -- name: "create /opt/proxy_status" - file: - path: /opt/proxy_status - state: directory - -- name: "copy files" - copy: - src: "{{ role_path }}/files/" - dest: /opt/proxy_status - mode: 0755 - -- name: "copy proxy-status.service" - copy: - src: "{{ role_path }}/files/proxy-status.service" - dest: "/usr/lib/systemd/system/" - mode: 0644 - -- name: "enable proxy-status" - systemd: - name: proxy-status - enabled: yes - daemon_reload: yes - diff --git a/roles/radius/files/ntc_radius_plug-1.0.1.57ab95a-2.el7.x86_64.rpm b/roles/radius/files/ntc_radius_plug-1.0.1.57ab95a-2.el7.x86_64.rpm deleted file mode 100644 index 36c4111..0000000 Binary files a/roles/radius/files/ntc_radius_plug-1.0.1.57ab95a-2.el7.x86_64.rpm and /dev/null differ diff --git a/roles/radius/files/radius-1.0.2.7bddf74-2.el7.x86_64.rpm b/roles/radius/files/radius-1.0.2.7bddf74-2.el7.x86_64.rpm deleted file mode 100644 index 18053a2..0000000 Binary files a/roles/radius/files/radius-1.0.2.7bddf74-2.el7.x86_64.rpm and /dev/null differ diff --git a/roles/radius/tasks/main.yml b/roles/radius/tasks/main.yml deleted file mode 100644 index 9c1bacf..0000000 --- a/roles/radius/tasks/main.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -- name: "copy radius rpms to destination server" - copy: - src: "{{ role_path }}/files/" - dest: /tmp/ansible_deploy/ - -- name: "install firewall packages" - yum: - name: "{{ radius_packages }}" - state: present - skip_broken: yes - vars: - radius_packages: - - /tmp/ansible_deploy/radius-1.0.2.7bddf74-2.el7.x86_64.rpm - - /tmp/ansible_deploy/ntc_radius_plug-1.0.1.57ab95a-2.el7.x86_64.rpm - - -- name: "Template the conf/radius/radius.conf" - template: - src: "{{ role_path }}/templates/radius.conf.j2" - dest: /home/mesasoft/sapp_run/conf/radius/radius.conf - tags: template - diff --git a/roles/radius/templates/radius.conf b/roles/radius/templates/radius.conf deleted file mode 100644 index db92a48..0000000 --- a/roles/radius/templates/radius.conf +++ /dev/null @@ -1,14 +0,0 @@ -[RADIUS_PLUG] -DEVICE_ID=0 -BROKERLIST={{ log_kafkabrokers.address | join(",") }} -COLLECT_TOPIC=RADIUS-RECORD-LOG -SERVICE_ID=162 -NIC_NAME={{ nic_mgr.name }} -LOG_PATH=./log/ntc_radius_plug/ntc_radius_plug -LOG_LEVEL=10 -[CONFIG] -LOG_PATH=./log/radius/radius -FS_SERVER_IP=127.0.0.1 -FS_SERVER_PORT=8125 -STAT_CYCLE=30 -LOG_LEVEL={{ tsg_log_level }} diff --git a/roles/reboot/tasks/main.yml b/roles/reboot/tasks/main.yml deleted file mode 100644 index 777560a..0000000 --- a/roles/reboot/tasks/main.yml +++ /dev/null @@ -1,3 +0,0 @@ -- name: "reboot" - reboot: -# when: Deploy_finished_reboot == 1 diff --git a/roles/redis/files/jemalloc-3.6.0-1.el7.x86_64.rpm b/roles/redis/files/jemalloc-3.6.0-1.el7.x86_64.rpm deleted file mode 100644 index 506a429..0000000 Binary files a/roles/redis/files/jemalloc-3.6.0-1.el7.x86_64.rpm and /dev/null differ diff --git a/roles/redis/files/redis40u-4.0.14-1.ius.centos7.x86_64.rpm b/roles/redis/files/redis40u-4.0.14-1.ius.centos7.x86_64.rpm deleted file mode 100644 index b19dc6a..0000000 Binary files a/roles/redis/files/redis40u-4.0.14-1.ius.centos7.x86_64.rpm and /dev/null differ diff --git a/roles/redis/files/redis_exporter b/roles/redis/files/redis_exporter deleted file mode 100644 index 4a6fe69..0000000 Binary files a/roles/redis/files/redis_exporter and /dev/null differ diff --git a/roles/redis/tasks/main.yml b/roles/redis/tasks/main.yml deleted file mode 100644 index 4c00bbb..0000000 --- a/roles/redis/tasks/main.yml +++ /dev/null @@ -1,18 +0,0 @@ -- name: "redis rpm install:copy file to device" - copy: - src: '{{ role_path }}/files/' - dest: /tmp/ansible_deploy/ - - -- name: "redis rpm install:install redis" - yum: - name: - - "/tmp/ansible_deploy/jemalloc-3.6.0-1.el7.x86_64.rpm" - - "/tmp/ansible_deploy/redis40u-4.0.14-1.ius.centos7.x86_64.rpm" - state: present - -- name: "redis exporter" - copy: - src: '{{ role_path }}/files/' - dest: /usr/bin/ - mode: 0755 diff --git a/roles/sapp/files/sapp-4.2.35.b0d7518-2.el7.x86_64.rpm b/roles/sapp/files/sapp-4.2.35.b0d7518-2.el7.x86_64.rpm deleted file mode 100644 index a8ca743..0000000 Binary files a/roles/sapp/files/sapp-4.2.35.b0d7518-2.el7.x86_64.rpm and /dev/null differ diff --git a/roles/sapp/files/sapp-4.2.37.ead1db6-2.el7.x86_64.rpm b/roles/sapp/files/sapp-4.2.37.ead1db6-2.el7.x86_64.rpm new file mode 100644 index 0000000..4a41261 Binary files /dev/null and b/roles/sapp/files/sapp-4.2.37.ead1db6-2.el7.x86_64.rpm differ diff --git a/roles/sapp/files/tcpdump_mesa-1.0.4.4ef2936-2.el7.x86_64.rpm b/roles/sapp/files/tcpdump_mesa-1.0.4.4ef2936-2.el7.x86_64.rpm deleted file mode 100644 index 18a3133..0000000 Binary files a/roles/sapp/files/tcpdump_mesa-1.0.4.4ef2936-2.el7.x86_64.rpm and /dev/null differ diff --git a/roles/sapp/files/tcpdump_mesa-1.0.5.793bb53-2.el7.x86_64.rpm b/roles/sapp/files/tcpdump_mesa-1.0.5.793bb53-2.el7.x86_64.rpm new file mode 100644 index 0000000..77cd21d Binary files /dev/null and b/roles/sapp/files/tcpdump_mesa-1.0.5.793bb53-2.el7.x86_64.rpm differ diff --git a/roles/sapp/files/tera_fake_promisc_setup.conf b/roles/sapp/files/tera_fake_promisc_setup.conf deleted file mode 100644 index f505012..0000000 --- a/roles/sapp/files/tera_fake_promisc_setup.conf +++ /dev/null @@ -1,2 +0,0 @@ -[Service] -ExecStartPre=/bin/bash tera_fake_promisc_setup.sh diff --git a/roles/sapp/files/tera_fake_promisc_setup.sh b/roles/sapp/files/tera_fake_promisc_setup.sh deleted file mode 100644 index 4e8665a..0000000 --- a/roles/sapp/files/tera_fake_promisc_setup.sh +++ /dev/null @@ -1,4 +0,0 @@ -set -ex -dp_adapter_ether_addr=$(ifconfig ens1f2 | grep ether | awk '{print $2}') -bpf_rule="ether dst $dp_adapter_ether_addr or ether dst 02:42:c0:a8:fd:03 or ether dst 02:42:c0:a8:fd:83 or ether dst 02:42:c0:a8:fd:82" -sed -i "/BSD_packet_filter=/s/=.*/=\"$bpf_rule\"/" etc/sapp.toml diff --git a/roles/sapp/tasks/main.yml b/roles/sapp/tasks/main.yml index c250169..df5d112 100644 --- a/roles/sapp/tasks/main.yml +++ b/roles/sapp/tasks/main.yml @@ -4,22 +4,16 @@ src: "{{ role_path }}/files/" dest: /tmp/ansible_deploy/ -- name: "copy maat_redis_tool to destination server" - copy: - src: "{{ role_path }}/files/maat_redis_tool" - dest: /usr/local/bin - mode: 0755 - - name: "install sapp rpms from localhost" yum: name: - - /tmp/ansible_deploy/sapp-4.2.35.b0d7518-2.el7.x86_64.rpm + - /tmp/ansible_deploy/sapp-4.2.37.ead1db6-2.el7.x86_64.rpm state: present - name: "install tcpdump_mesa rpms from localhost" yum: name: - - /tmp/ansible_deploy/tcpdump_mesa-1.0.4.4ef2936-2.el7.x86_64.rpm + - /tmp/ansible_deploy/tcpdump_mesa-1.0.5.793bb53-2.el7.x86_64.rpm state: present skip_broken: yes @@ -58,18 +52,6 @@ dest: /etc/tmpfiles.d/sapp_tmpfile.conf tags: template -- name: Template the gdev.conf - template: - src: "{{ role_path }}/templates/gdev.conf.j2" - dest: /home/mesasoft/sapp_run/etc/gdev.conf - when: tsg_access_type == 1 - -- name: Template the vlan_flipping_map.conf - template: - src: "{{ role_path }}/templates/vlan_flipping_map.conf.j2" - dest: /home/mesasoft/sapp_run/etc/vlan_flipping_map.conf - when: tsg_access_type == 2 - - name: "Template sapp.service destination server" template: @@ -83,19 +65,6 @@ dest: /etc/systemd/system/sapp.service.d/ mode: 0644 -- name: "copy fake promisc tools for tera mode - service file" - copy: - src: "{{ role_path }}/files/tera_fake_promisc_setup.conf" - dest: /etc/systemd/system/sapp.service.d/ - mode: 0644 - when: tsg_access_type == 2 - -- name: "copy fake promisc tools for tera mode - scripts" - copy: - src: "{{ role_path }}/files/tera_fake_promisc_setup.sh" - dest: /home/mesasoft/sapp_run/tera_fake_promisc_setup.sh - mode: 0755 - when: tsg_access_type == 2 - name: "enable sapp" systemd: diff --git a/roles/sapp/templates/asymmetric_presence_layer.conf.j2 b/roles/sapp/templates/asymmetric_presence_layer.conf.j2 index 5f2e4b7..a547391 100644 --- a/roles/sapp/templates/asymmetric_presence_layer.conf.j2 +++ b/roles/sapp/templates/asymmetric_presence_layer.conf.j2 @@ -1,8 +1,3 @@ #layer name definition: ipv4, ipv6, ethernet,vlan, arp, gre, mpls, pppoe, tcp, udp, l2tp, ppp, pptp, gtp #pattern: asymmetric_layer_name under_of_this_asymmetric_layer[layer_index] upper_of_this_asymmetric_layer[layer_index] -{% if tsg_access_type == 2 and tsg_running_type == 2 %} -mpls ethernet[0] ipv4[1] -mpls ethernet[0] ipv6[1] -{% else %} -# -{% endif %} \ No newline at end of file +# \ No newline at end of file diff --git a/roles/sapp/templates/conflist.inf.j2 b/roles/sapp/templates/conflist.inf.j2 index 3db2ef1..87cdee7 100644 --- a/roles/sapp/templates/conflist.inf.j2 +++ b/roles/sapp/templates/conflist.inf.j2 @@ -1,16 +1,5 @@ [platform] -{% if tsg_access_type == 1 %} -./plug/platform/g_device_plug/g_device_plug.inf -#./plug/platform/http_healthcheck/http_healthcheck.inf -{% else %} -#./plug/platform/g_device_plug/g_device_plug.inf -#./plug/platform/http_healthcheck/http_healthcheck.inf -{% endif %} -./plug/platform/app_proto_identify/app_proto_identify.inf ./plug/platform/tsg_master/tsg_master.inf -{% if tsg_app.enable == 1 %} -./plug/platform/app_master/app_master.inf -{% endif %} [protocol] ./plug/protocol/mesa_sip/mesa_sip.inf @@ -26,8 +15,6 @@ [business] ./plug/business/tsg_conn_sketch/tsg_conn_sketch.inf -./plug/business/capture_packet_plug/capture_packet_plug.inf -./plug/business/kni/kni.inf ./plug/business/fw_ssl_plug/fw_ssl_plug.inf ./plug/business/fw_http_plug/fw_http_plug.inf ./plug/business/fw_dns_plug/fw_dns_plug.inf @@ -36,10 +23,4 @@ ./plug/business/fw_quic_plug/fw_quic_plug.inf ./plug/business/fw_voip_plug/fw_voip_plug.inf ./plug/business/conn_telemetry/conn_telemetry.inf -{% if tsg_app.enable == 1 %} -./plug/business/app_sketch_local/app_sketch_local.inf -{% endif %} -{% if tsg_access_type == 2 %} -./plug/platform/http_healthcheck/http_healthcheck.inf -{% endif %} -./plug/business/gtp_signaling_plug/gtp_signaling_plug.inf +./plug/business/gtp_signaling_plug/gtp_signaling_plug.inf \ No newline at end of file diff --git a/roles/sapp/templates/gdev.conf.j2 b/roles/sapp/templates/gdev.conf.j2 deleted file mode 100644 index 0ce756a..0000000 --- a/roles/sapp/templates/gdev.conf.j2 +++ /dev/null @@ -1,11 +0,0 @@ -[Module] -{% if tsg_running_type == 2 %} -pcapdevice={{ nic_data_incoming.name }} -sendto_gdev_card={{ nic_data_incoming.name }} -sendto_gdev_ip={{ inline_device_config.keepalive_ip }} -{% else %} -pcapdevice={{ inline_device_config.data_incoming }} -sendto_gdev_card={{ inline_device_config.data_incoming }} -sendto_gdev_ip={{ inline_device_config.keepalive_ip }} -{% endif %} -gdev_status_switch=1 diff --git a/roles/sapp/templates/sapp.service.j2 b/roles/sapp/templates/sapp.service.j2 index d79edba..451d892 100755 --- a/roles/sapp/templates/sapp.service.j2 +++ b/roles/sapp/templates/sapp.service.j2 @@ -1,9 +1,7 @@ [Unit] Description=sapp service -{% if tsg_running_type != 0 %} Requires=mrzcpd.service After=mrzcpd.service -{% endif %} [Service] Type=notify WorkingDirectory=/home/mesasoft/sapp_run diff --git a/roles/sapp/templates/sapp.toml.j2 b/roles/sapp/templates/sapp.toml.j2 index 5fecc42..5e30c86 100644 --- a/roles/sapp/templates/sapp.toml.j2 +++ b/roles/sapp/templates/sapp.toml.j2 @@ -9,18 +9,10 @@ instance_name = "sapp4" [CPU] -{% if tsg_access_type == 0 %} -worker_threads=1 -{% else %} worker_threads={{ sapp.worker_threads }} -{% endif %} send_only_threads_max={{ sapp.send_only_threads_max }} ### note, bind_mask, if you do not want to bind thread to special CPU core, keep it empty as [] -{% if tsg_access_type == 0 %} -bind_mask=[] -{% else %} bind_mask=[{{ sapp.bind_mask }}] -{% endif %} [MEM] dictator_enable=0 @@ -33,11 +25,7 @@ dictator_enable=0 l2_l3_tunnel_support=1 ### note, optional value is [none, vxlan] - {% if tsg_access_type == 5 or tsg_access_type == 1 %} - overlay_mode=vxlan - {% else %} overlay_mode=none - {% endif %} stream_compare_layer_cfg_file="etc/stream_compare_layer.conf" vlan_flipping_cfg_file="etc/vlan_flipping_map.conf" asymmetric_presence_layer_cfg_file="etc/asymmetric_presence_layer.conf" @@ -46,14 +34,12 @@ dictator_enable=0 [packet_io.feature] - {% if tsg_access_type == 4 or tsg_access_type == 5 %} ### note, used to represent inbound or outbound direction value, ### because it comes from Third party device, so it needs to be specified manually, ### if inbound_route_dir=1, then outbound_route_dir=0, vice versa, ### in other words, outbound_route_dir = 1 ^ inbound_route_dir; - inbound_route_dir={{ sapp.inbound_route_dir }} - {% endif %} - + inbound_route_dir=1 + ### note, BSD_packet_filter, if you do not want to set any filter rule, keep it empty as "" BSD_packet_filter="" @@ -80,34 +66,16 @@ dictator_enable=0 ### note, depolyment.mode options: [mirror, inline, transparent] [packet_io.depolyment] - {% if tsg_access_type == 0 %} - mode=transparent - {% else %} - mode=inline - {% endif %} + mode=mirror ### note, interface.type options: [pag,pcap,marsio] [packet_io.internal.interface] - {% if tsg_access_type == 0 %} - type=pcap - name={{packet_io.internal_interface}} - {% else %} type=marsio - {% if tsg_access_type == 4 or tsg_access_type == 5 %} - name={{ATCA_data_incoming.vf0_name}} - {% else %} - name={{nic_data_incoming.name}} - {% endif %} - {% endif %} + name={{ data_incoming_nic_list | join(",") }} [packet_io.external.interface] - {% if tsg_access_type == 0 %} - type=pcap - name={{packet_io.external_interface}} - {% else %} type=pcap name=lo - {% endif %} [packet_io.polling] ### note, polling_priority = call sapp_recv_pkt every call polling_entry times, diff --git a/roles/sapp/templates/vlan_flipping_map.conf.j2 b/roles/sapp/templates/vlan_flipping_map.conf.j2 deleted file mode 100644 index ebfd593..0000000 --- a/roles/sapp/templates/vlan_flipping_map.conf.j2 +++ /dev/null @@ -1,16 +0,0 @@ -#for inline a device vlan flipping -#数据包来自C路由器端, 即C2I(I2E)方向, -#数据包来自I路由器端, 即I2C(E2I)方向, -#平台会根据vlan_id,设置当前包route_dir的值, 以便上层业务插件做两个方向的流量统计, -#如果一对vlan_id写反了, 网络是通的, 但是I2E,E2I的流量统计就颠倒了. -#配置文件格式, pattern: -#来自C路由器vlan_id 来自I路由器vlan_id 是否开启mac地址翻转 -#C_router_vlan_id I_router_vlan_id mac_flipping_enable -{% if tsg_access_type == 2 and tsg_running_type == 2 %} -1301 1302 1 -1201 1202 1 -4000 4001 0 -{% else %} -4000 4001 0 -{% endif %} - diff --git a/roles/switch_control/files/switch_control_client_non_block b/roles/switch_control/files/switch_control_client_non_block deleted file mode 100644 index cb34506..0000000 Binary files a/roles/switch_control/files/switch_control_client_non_block and /dev/null differ diff --git a/roles/switch_control/tasks/main.yml b/roles/switch_control/tasks/main.yml deleted file mode 100644 index adcc3a9..0000000 --- a/roles/switch_control/tasks/main.yml +++ /dev/null @@ -1,5 +0,0 @@ -- name: "copy switch_control_client_non_block" - copy: - src: '{{ role_path }}/files/switch_control_client_non_block' - dest: /opt/tsg/env/switch_control_client_non_block - mode: 0755 diff --git a/roles/switch_rule/files/saved_startup b/roles/switch_rule/files/saved_startup deleted file mode 100644 index 8eded30..0000000 --- a/roles/switch_rule/files/saved_startup +++ /dev/null @@ -1,347 +0,0 @@ -# TestPoint History -load ./Config/libertyTrail/testpoint_startup - -add vlan port 1 0 - -create vlan 100 -add vlan port 100 0,11,37,39,41,43 -set port config 11 pvid 100 -set port config 11 mask 0,37,39,41,43 -set port config 0,11,39,37,41,43 learning on - -create vlan 200 -add vlan port 200 0,37,39,9,10,41,43 -set port config 0 mask 9..44 -set port config 37 mask 0..36,38..44 -set port config 39 mask 0..38,40..44 -set port config 41 mask 0..40,42..44 -set port config 43 mask 0..44 -set port config 0,39,37,41,43 learning on - -create vlan 4000 -add vlan port 4000 43 -create vlan 4001 -add vlan port 4001 43 - -create lag -add lag 9261 9,10 -add vlan port 200 9261 -set port config 9261 pvid 200 -set port config 9261 parser_cfg L4 -set port config 9261 learning on -set port config 9261 mask 0,11..44 - -create vlan all -create lag -add vlan port all 43 -add lag 9293 1,2,3,4 -add vlan port all 9293 -set port config 9293 parser_cfg L4 -set port config 9293 learning on -set port config 9293 mask 0,11..44 -set vlan tagging all 1,2,3,4 tag -set vlan tagging 1 1,2,3,4 untag - -create lag -add lag 9325 5,6,7,8 -add vlan port all 9325 -set port config 9325 parser_cfg L4 -set port config 9325 learning on -set port config 9325 mask 0,11..44 -set vlan tagging all 5,6,7,8 tag -set vlan tagging 1 5,6,7,8 untag - -set port 37,39,41,43 powerdown -set port 37,39,41,43 up -set port 1..36 up - -set port config 11 parser_cfg L4 -set port config 37..44 parser_cfg L4 - -set port config 11..36 max_frame_size 15360 -set switch reserved_mac all switch - -set switch config hashing l234 use_smac on -set switch config hashing l234 use_dmac on -set switch config hashing l234 use_l34 on -set switch config hashing l34 use_dip on -set switch config hashing l34 use_sip on -set switch config hashing l234 symmetric on -set switch config hashing l34 symmetric on - - -set port config 9261,9293,9325 max_frame_size 15360 -create acl 1 - -# Redirect all ARP request to ens1f2 -create acl-rule 1 40 -add acl-rule condition 1 40 src-port 1 -add acl-rule condition 1 40 ethtype 0x0806 -add acl-rule action 1 40 redirect 7214 - -create acl-rule 1 41 -add acl-rule condition 1 41 src-port 2 -add acl-rule condition 1 41 ethtype 0x0806 -add acl-rule action 1 41 redirect 7214 - -create acl-rule 1 42 -add acl-rule condition 1 42 src-port 3 -add acl-rule condition 1 42 ethtype 0x0806 -add acl-rule action 1 42 redirect 7214 - -create acl-rule 1 43 -add acl-rule condition 1 43 src-port 4 -add acl-rule condition 1 43 ethtype 0x0806 -add acl-rule action 1 43 redirect 7214 - -# Redirect all ICMPv4 to ens1f2 -- 10.0.0.0/8 -create acl-rule 1 44 -add acl-rule condition 1 44 src-port 1 -add acl-rule condition 1 44 protocol 0x1/0xff -add acl-rule condition 1 44 sip 10.0.0.0/8 -add acl-rule condition 1 44 dip 10.0.0.0/8 -add acl-rule action 1 44 redirect 7214 - -create acl-rule 1 45 -add acl-rule condition 1 45 src-port 2 -add acl-rule condition 1 45 protocol 0x1/0xff3 -add acl-rule condition 1 45 sip 10.0.0.0/8 -add acl-rule condition 1 45 dip 10.0.0.0/8 -add acl-rule action 1 45 redirect 7214 - -create acl-rule 1 46 -add acl-rule condition 1 46 src-port 3 -add acl-rule condition 1 46 protocol 0x1/0xff -add acl-rule condition 1 46 sip 10.0.0.0/8 -add acl-rule condition 1 46 dip 10.0.0.0/8 -add acl-rule action 1 46 redirect 7214 - -create acl-rule 1 47 -add acl-rule condition 1 47 src-port 4 -add acl-rule condition 1 47 protocol 0x1/0xff -add acl-rule condition 1 47 sip 10.0.0.0/8 -add acl-rule condition 1 47 dip 10.0.0.0/8 -add acl-rule action 1 47 redirect 7214 - -# Redirect all ICMPv4 to ens1f2 -- 192.168.0.0/16 -create acl-rule 1 48 -add acl-rule condition 1 48 src-port 1 -add acl-rule condition 1 48 protocol 0x1/0xff -add acl-rule condition 1 48 sip 192.168.0.0/16 -add acl-rule condition 1 48 dip 192.168.0.0/16 -add acl-rule action 1 48 redirect 7214 - -create acl-rule 1 49 -add acl-rule condition 1 49 src-port 2 -add acl-rule condition 1 49 protocol 0x1/0xff3 -add acl-rule condition 1 49 sip 192.168.0.0/16 -add acl-rule condition 1 49 dip 192.168.0.0/16 -add acl-rule action 1 49 redirect 7214 - -create acl-rule 1 50 -add acl-rule condition 1 50 src-port 3 -add acl-rule condition 1 50 protocol 0x1/0xff -add acl-rule condition 1 50 sip 192.168.0.0/16 -add acl-rule condition 1 50 dip 192.168.0.0/16 -add acl-rule action 1 50 redirect 7214 - -create acl-rule 1 51 -add acl-rule condition 1 51 src-port 4 -add acl-rule condition 1 51 protocol 0x1/0xff -add acl-rule condition 1 51 sip 192.168.0.0/16 -add acl-rule condition 1 51 dip 192.168.0.0/16 -add acl-rule action 1 51 redirect 7214 - -# Redirect all TCP with port 51218, for health check - 192.168.0.0/24 -create acl-rule 1 60 -add acl-rule condition 1 60 src-port 1 -add acl-rule condition 1 60 protocol 0x6/0xff -add acl-rule condition 1 60 sip 192.168.0.0/16 -add acl-rule condition 1 60 dip 192.168.0.0/16 -add acl-rule condition 1 60 l4-dst-port 51218/0xffff -add acl-rule action 1 60 redirect 7214 - -create acl-rule 1 61 -add acl-rule condition 1 61 src-port 2 -add acl-rule condition 1 61 protocol 0x6/0xff -add acl-rule condition 1 61 sip 192.168.0.0/16 -add acl-rule condition 1 61 dip 192.168.0.0/16 -add acl-rule condition 1 61 l4-dst-port 51218/0xffff -add acl-rule action 1 61 redirect 7214 - -create acl-rule 1 62 -add acl-rule condition 1 62 src-port 3 -add acl-rule condition 1 62 protocol 0x6/0xff -add acl-rule condition 1 62 sip 192.168.0.0/16 -add acl-rule condition 1 62 dip 192.168.0.0/16 -add acl-rule condition 1 62 l4-dst-port 51218/0xffff -add acl-rule action 1 62 redirect 7214 - -create acl-rule 1 63 -add acl-rule condition 1 63 src-port 4 -add acl-rule condition 1 63 protocol 0x6/0xff -add acl-rule condition 1 63 sip 192.168.0.0/16 -add acl-rule condition 1 63 dip 192.168.0.0/16 -add acl-rule condition 1 63 l4-dst-port 51218/0xffff -add acl-rule action 1 63 redirect 7214 - -# Redirect all TCP with port 51218, for health check - 10.0.0.0/8 -create acl-rule 1 64 -add acl-rule condition 1 64 src-port 1 -add acl-rule condition 1 64 protocol 0x6/0xff -add acl-rule condition 1 64 sip 10.0.0.0/8 -add acl-rule condition 1 64 dip 10.0.0.0/8 -add acl-rule condition 1 64 l4-dst-port 51218/0xffff -add acl-rule action 1 64 redirect 7214 - -create acl-rule 1 65 -add acl-rule condition 1 65 src-port 2 -add acl-rule condition 1 65 protocol 0x6/0xff -add acl-rule condition 1 65 sip 10.0.0.0/8 -add acl-rule condition 1 65 dip 10.0.0.0/8 -add acl-rule condition 1 65 l4-dst-port 51218/0xffff -add acl-rule action 1 65 redirect 7214 - -create acl-rule 1 66 -add acl-rule condition 1 66 src-port 3 -add acl-rule condition 1 66 protocol 0x6/0xff -add acl-rule condition 1 66 sip 10.0.0.0/8 -add acl-rule condition 1 66 dip 10.0.0.0/8 -add acl-rule condition 1 66 l4-dst-port 51218/0xffff -add acl-rule action 1 66 redirect 7214 - -create acl-rule 1 67 -add acl-rule condition 1 67 src-port 4 -add acl-rule condition 1 67 protocol 0x6/0xff -add acl-rule condition 1 67 sip 10.0.0.0/8 -add acl-rule condition 1 67 dip 10.0.0.0/8 -add acl-rule condition 1 67 l4-dst-port 51218/0xffff -add acl-rule action 1 67 redirect 7214 - -# Redirect all ICMPv6 link-scope packets -create acl-rule 1 70 -add acl-rule condition 1 70 src-port 1 -add acl-rule condition 1 70 frame-type ipv6 -add acl-rule condition 1 70 ttl 255 -add acl-rule action 1 70 redirect 7214 - -create acl-rule 1 71 -add acl-rule condition 1 71 src-port 2 -add acl-rule condition 1 71 frame-type ipv6 -add acl-rule condition 1 71 ttl 255 -add acl-rule action 1 71 redirect 7214 - -create acl-rule 1 72 -add acl-rule condition 1 72 src-port 3 -add acl-rule condition 1 72 frame-type ipv6 -add acl-rule condition 1 72 ttl 255 -add acl-rule action 1 72 redirect 7214 - -create acl-rule 1 73 -add acl-rule condition 1 73 src-port 4 -add acl-rule condition 1 73 frame-type ipv6 -add acl-rule condition 1 73 ttl 255 -add acl-rule action 1 73 redirect 7214 - -create acl-rule 1 74 -add acl-rule condition 1 74 src-port 1 -add acl-rule condition 1 74 frame-type ipv6 -add acl-rule condition 1 74 sip fc00::/7 -add acl-rule condition 1 74 dip fc00::/7 -add acl-rule action 1 74 redirect 7214 - -create acl-rule 1 75 -add acl-rule condition 1 75 src-port 2 -add acl-rule condition 1 75 frame-type ipv6 -add acl-rule condition 1 75 sip fc00::/7 -add acl-rule condition 1 75 dip fc00::/7 -add acl-rule action 1 75 redirect 7214 - -create acl-rule 1 76 -add acl-rule condition 1 76 src-port 3 -add acl-rule condition 1 76 frame-type ipv6 -add acl-rule condition 1 76 sip fc00::/7 -add acl-rule condition 1 76 dip fc00::/7 -add acl-rule action 1 76 redirect 7214 - -create acl-rule 1 77 -add acl-rule condition 1 77 src-port 4 -add acl-rule condition 1 77 frame-type ipv6 -add acl-rule condition 1 77 sip fc00::/7 -add acl-rule condition 1 77 dip fc00::/7 -add acl-rule action 1 77 redirect 7214 - -create acl-rule 1 80 -add acl-rule condition 1 80 src-glort 0x5801 -add acl-rule action 1 80 redirect 9293 - -create acl-rule 1 90 -add acl-rule condition 1 90 src-glort 0x5803 -add acl-rule condition 1 90 vlan 4000 -add acl-rule action 1 90 redirect 7220 -add acl-rule action 1 90 vlan 1 - -create acl-rule 1 91 -add acl-rule condition 1 91 src-glort 0x5803 -add acl-rule condition 1 91 vlan 4001 -add acl-rule action 1 91 redirect 7213 -add acl-rule action 1 91 vlan 1 - -create acl-rule 1 100 -add acl-rule condition 1 100 src-glort 0x5803 -add acl-rule action 1 100 redirect 9293 - -create acl-rule 1 101 -add acl-rule condition 1 101 src-port 1 -add acl-rule action 1 101 redirect 7216 -create acl-rule 1 102 -add acl-rule condition 1 102 src-port 2 -add acl-rule action 1 102 redirect 7216 -create acl-rule 1 103 -add acl-rule condition 1 103 src-port 3 -add acl-rule action 1 103 redirect 7216 -create acl-rule 1 104 -add acl-rule condition 1 104 src-port 4 -add acl-rule action 1 104 redirect 7216 - -create acl-rule 1 200 -add acl-rule condition 1 200 src-glort 0x5804 -add acl-rule action 1 200 redirect 6189 -create acl-rule 1 201 -add acl-rule condition 1 201 src-glort 0x5805 -add acl-rule action 1 201 redirect 5165 -create acl-rule 1 202 -add acl-rule condition 1 202 src-glort 0x5806 -add acl-rule action 1 202 redirect 4141 -create acl-rule 1 203 -add acl-rule condition 1 203 src-glort 0x5000 -add acl-rule action 1 203 redirect 7217 -create acl-rule 1 204 -add acl-rule condition 1 204 src-glort 0x4800 -add acl-rule action 1 204 redirect 7218 -create acl-rule 1 205 -add acl-rule condition 1 205 src-glort 0x4000 -add acl-rule action 1 205 redirect 7219 - -create acl-rule 1 301 -add acl-rule condition 1 301 src-glort 0x5807 -add acl-rule action 1 301 redirect 7216 -add acl-rule action 1 301 vlan 4000 - -create acl-rule 1 302 -add acl-rule condition 1 302 src-glort 0x5800 -add acl-rule action 1 302 redirect 7216 -add acl-rule action 1 302 vlan 4001 - -create acl-rule 1 401 -add acl-rule condition 1 401 src-glort 0x5001 -add acl-rule action 1 401 redirect 9325 -create acl-rule 1 402 -add acl-rule condition 1 402 src-glort 0x4801 -add acl-rule action 1 402 redirect 9325 -create acl-rule 1 403 -add acl-rule condition 1 403 src-glort 0x4001 -add acl-rule action 1 403 redirect 9325 - -apply acl -remote listen diff --git a/roles/switch_rule/tasks/main.yml b/roles/switch_rule/tasks/main.yml deleted file mode 100644 index ac02628..0000000 --- a/roles/switch_rule/tasks/main.yml +++ /dev/null @@ -1,5 +0,0 @@ -- name: "copy switch_rule" - copy: - src: '{{ role_path }}/files/saved_startup' - dest: /usr/local/testpoint/perl/Config/libertyTrail/saved_startup - mode: 0755 diff --git a/roles/tfe/files/memory.conf b/roles/tfe/files/memory.conf deleted file mode 100644 index 1593247..0000000 --- a/roles/tfe/files/memory.conf +++ /dev/null @@ -1,3 +0,0 @@ -[Service] -MemoryLimit=100G -ExecStartPost=/bin/bash -c "echo 100G > /sys/fs/cgroup/memory/system.slice/tfe.service/memory.memsw.limit_in_bytes" diff --git a/roles/tfe/files/tfe-4.5.01.91facad-1.el7.x86_64.rpm b/roles/tfe/files/tfe-4.5.01.91facad-1.el7.x86_64.rpm deleted file mode 100644 index edf6923..0000000 Binary files a/roles/tfe/files/tfe-4.5.01.91facad-1.el7.x86_64.rpm and /dev/null differ diff --git a/roles/tfe/files/tfe-kmod-v1.0.5.20200408-1dkms.noarch.rpm b/roles/tfe/files/tfe-kmod-v1.0.5.20200408-1dkms.noarch.rpm deleted file mode 100755 index bae4165..0000000 Binary files a/roles/tfe/files/tfe-kmod-v1.0.5.20200408-1dkms.noarch.rpm and /dev/null differ diff --git a/roles/tfe/files/tfe.service b/roles/tfe/files/tfe.service deleted file mode 100755 index 16bbab9..0000000 --- a/roles/tfe/files/tfe.service +++ /dev/null @@ -1,22 +0,0 @@ -[Unit] -Description=Tango Frontend Engine -Requires=tfe-env.service -After=tfe-env.service - - -[Service] -Type=notify -ExecStart=/opt/tsg/tfe/bin/tfe -WorkingDirectory=/opt/tsg/tfe/ -TimeoutSec=900s -RestartSec=10s -Restart=always -LimitNOFILE=524288 -LimitNPROC=infinity -LimitCORE=infinity -TasksMax=infinity -Delegate=yes -KillMode=process - -[Install] -WantedBy=multi-user.target diff --git a/roles/tfe/files/tsg_diagnose_ca.pem b/roles/tfe/files/tsg_diagnose_ca.pem deleted file mode 100644 index 0d1f838..0000000 --- a/roles/tfe/files/tsg_diagnose_ca.pem +++ /dev/null @@ -1,49 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIGWzCCBEOgAwIBAgIJAMimxpHS+4hRMA0GCSqGSIb3DQEBCwUAMHcxCzAJBgNV -BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNp -c2NvMQ8wDQYDVQQKDAZCYWRTU0wxKjAoBgNVBAMMIUJhZFNTTCBSb290IENlcnRp -ZmljYXRlIEF1dGhvcml0eTAeFw0yMDEwMjYwODQ3NDZaFw00MDEwMjEwODQ3NDZa -MHcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1T -YW4gRnJhbmNpc2NvMQ8wDQYDVQQKDAZCYWRTU0wxKjAoBgNVBAMMIUJhZFNTTCBS -b290IENlcnRpZmljYXRlIEF1dGhvcml0eTCCAiIwDQYJKoZIhvcNAQEBBQADggIP -ADCCAgoCggIBAKnefEvaekYAdlfFtpnaPaKYgl+X3FOXUEiYLHuX9YZjuhjVAf/I -19iW7+k6mln3jSxD05YZQk/jUVTTVjYgQftHzlZiJG086AGhG86QwDIPb9nQIGy8 -3DscFFQGGOoYPdV9E+s1cFDTIFGqqqlJ5T5jpjnAL/3WR2LxrgzPVkBjcOTJnkU6 -Gv2jqwQYGSz8+A6FYsGLqO6Pv7uKY1OPELNcTGnSwD1uctsMHn/Xqx4nMaBoMuSc -TZQEneSagGDgF1dVqEFhVEPo4VXiVthhS82xA3xK69UKfKLFkjjy+icH8LllKUFo -Psu+w/9V3OZ4xfzjEdpoRwRUmOesS5wlEkd3rLKEWXG/A8Uul5iCZ2Dez9nE6wi7 -w7JD7R1InPoD+7KXtT2JWS+9sj+Vre7XIjSEQuBRGiTOXnDcuYjFOkvCqS7OToUc -fOJAlKHCndqBnzLoLJHU2ozrqgz8SU0Iv1CPW6YXLtRFFX3K9WUvX7XNTonh+oWS -6IGifWnVcYh2N5peUuNVT4heD4QfIDpCvjwUAp2IWr1GnEjvjhPaHialRotHhfCi -t3T0F58IhFQ6+CLQwE57Yd+7zGbc7osqTe1hbiK2wcciTuajmGZyfev8atFey+Y5 -N/7jD3U0a6u4Z+DyGcc08Pj94cM5AJ7SA45LKwt6xhmGLzhemmdGLJLNAgMBAAGj -gekwgeYwHQYDVR0OBBYEFMGs0F0ycvMIQgM6oTyOBrxzjCPKMIGpBgNVHSMEgaEw -gZ6AFMGs0F0ycvMIQgM6oTyOBrxzjCPKoXukeTB3MQswCQYDVQQGEwJVUzETMBEG -A1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzEPMA0GA1UE -CgwGQmFkU1NMMSowKAYDVQQDDCFCYWRTU0wgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRo -b3JpdHmCCQDIpsaR0vuIUTAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkq -hkiG9w0BAQsFAAOCAgEAeZzR9GKvTRiKfRqCzjhylk+7IbymWjxNTc2LQ3+O6lww -kw6Z2ybzvR3i/IZ7Hw+DBo1MXku9qHW/1uKR2BssoLHU1p1iHCBrZ1nw9MXxqXa3 -PhgxUZZu39NdXFc12fY/SYP8XQkNVzQCNouOvb75hj087ZDHvGztHIaB3VNUs1p+ -qMvGm8RVUGfDDqynUBZ814N32eCu+13N+dGL7yxASzD6Y3/myhVjixUuoUG3zFTW -NnIWspbC8MxhP/3QUMYi4KJM4KDiJQxPhGkMBwlhgAz/QPEJApKq0Cl0Reez7Gyd -KdnrqvCKhf8K53Su8L1GeRvzzKb7Hi+kMWIZVJPGz2DHgOymP5RCsIuWG6cDgx5E -3LfZYEPG63ezj+qMZmkdEMnD9SVBi85dOTOJ+OJgxxX2OahUKPUdDP89ZmHdOjR9 -CqUxnA+eqRNz1TajnjRFXir3/20SoBtrHBck3bxpmZwsF7A6Sg5RdlvQjK2Oy6g0 -9LrkPUgu9O/sBfz8uyG/HlQD7EuUNo0NQHqznnde3T+w5wY2vL3XUAl39qcpNPF6 -auCS8+aygYYmCUooZVzKlXGU3VUPGwcfmLE4gnPLT0+pnHtBS8tKLOzXAJjYQ3s+ -QpP3aO4lJvoZ6Oes/JRxNPW8dmaLxTKPqsaPEWWuoSYr0higPTBXQNg+++PYRY4= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIB8jCCAVugAwIBAgIJAP3GpXchIMWHMA0GCSqGSIb3DQEBCwUAMBExDzANBgNV -BAsMBkdFRURHRTAgFw0yMDAzMDkxNjEyNTlaGA8yMDUwMDMwMjE2MTI1OVowETEP -MA0GA1UECwwGR0VFREdFMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCraZpH -Fca2Iu+9E9HzKbEi2Akdk4RrUJxkQjB2Tr7fGxwPDXqdGvSoXDdgnSA0I0bbNqMs -drgiCWimjnGiWfY0sssKg7plNTQ4i7Zz7P9Isyf6TuxvB09CzdhH2FQ3lLRTb8pv -BA0E28CCYiZhtX1/3RlDSvxaRKOM3yEt0q+FRQIDAQABo1AwTjAdBgNVHQ4EFgQU -NqrpSlpCuMBJlCLZEE/D5ZpBy8swHwYDVR0jBBgwFoAUNqrpSlpCuMBJlCLZEE/D -5ZpBy8swDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOBgQBsybFxUAjzhJ5H -VbSLhyillxtAJ3vEKtLrMVnAgRUEwamyu1JQGndF9kh8RapSmHhmuZM9iTc+NsNb -DKGKmEOY0vQMw83xE7EGYj4Nhww9UMyGglmTLbd3yB+uJA97beNVduU2mifDHGmN -4buMiPl3AozGRl9p5UCzZM5XxMMw1A== ------END CERTIFICATE----- diff --git a/roles/tfe/tasks/main.yml b/roles/tfe/tasks/main.yml deleted file mode 100644 index 4ff64ea..0000000 --- a/roles/tfe/tasks/main.yml +++ /dev/null @@ -1,93 +0,0 @@ ---- -- name: "copy tfe program to destination server" - copy: - src: "{{ role_path }}/files/" - dest: /tmp/ansible_deploy/ - -- name: "copy tfe.service to destination server" - copy: - src: "{{ role_path }}/files/tfe.service" - dest: /usr/lib/systemd/system/ - mode: 0644 - -- name: "install tfe rpms from localhost" - yum: - name: - - /tmp/ansible_deploy/tfe-4.5.01.91facad-1.el7.x86_64.rpm - state: present - -- name: "tfe:copy cert file to device" - copy: - src: '{{ role_path }}/files/tsg_diagnose_ca.pem' - dest: /opt/tsg/tfe/resource/tfe/ - -- name: "template tfe-env config" - template: - src: "{{ role_path }}/templates/tfe-env-config.j2" - dest: /etc/sysconfig/tfe-env-config - -- name: "template the tfe.conf" - template: - src: "{{ role_path }}/templates/tfe.conf.j2" - dest: /opt/tsg/tfe/conf/tfe/tfe.conf - -- name: "template the zlog.conf" - template: - src: "{{ role_path }}/templates/zlog.conf.j2" - dest: /opt/tsg/tfe/conf/tfe/zlog.conf - -- name: "template the future.conf" - template: - src: "{{ role_path }}/templates/future.conf.j2" - dest: /opt/tsg/tfe/conf/tfe/future.conf - -- name: "template the pangu_pxy.conf" - template: - src: "{{ role_path }}/templates/pangu_pxy.conf.j2" - dest: /opt/tsg/tfe/conf/pangu/pangu_pxy.conf - -- name: "create conf/doh/" - file: - path: /opt/tsg/tfe/conf/doh/ - state: directory - -- name: "template the doh.conf" - template: - src: "{{ role_path }}/templates/doh.conf.j2" - dest: /opt/tsg/tfe/conf/doh/doh.conf - -- name: "create a override conf - first step, create dir" - file: - path: /etc/systemd/system/tfe.service.d/ - state: directory - mode: '0755' - -- name: "create a override conf - second step, copy a override service file" - template: - src: "{{ role_path }}/templates/require-mrzcpd.conf.j2" - dest: /etc/systemd/system/tfe.service.d/require-mrzcpd.conf - -- name: "copy memory limit file to tfe.service.d" - copy: - src: "{{ role_path }}/files/memory.conf" - dest: /etc/systemd/system/tfe.service.d/ - mode: 0644 - -- name: "enable tfe-env-tun-mode" - systemd: - name: tfe-env-tun-mode - enabled: yes - daemon_reload: yes - when: tsg_running_type == 0 - -- name: "enable tfe-env" - systemd: - name: tfe-env - enabled: yes - daemon_reload: yes - -- name: "enable tfe" - systemd: - name: tfe - enabled: yes - daemon_reload: yes diff --git a/roles/tfe/templates/doh.conf.j2 b/roles/tfe/templates/doh.conf.j2 deleted file mode 100755 index bcfa406..0000000 --- a/roles/tfe/templates/doh.conf.j2 +++ /dev/null @@ -1,13 +0,0 @@ -[doh] -enable=1 - -[maat] -table_appid=TSG_OBJ_APP_ID -table_addr=TSG_SECURITY_ADDR -table_qname=TSG_FIELD_DOH_QNAME -table_host=TSG_FIELD_DOH_HOST - -[kafka] -ENTRANCE_ID=0 -# if enable "en_sendlog", the iterm "tfe.conf [kafka] enable" must set 1 -en_sendlog=1 diff --git a/roles/tfe/templates/future.conf.j2 b/roles/tfe/templates/future.conf.j2 deleted file mode 100755 index a90dcf0..0000000 --- a/roles/tfe/templates/future.conf.j2 +++ /dev/null @@ -1,10 +0,0 @@ -[STAT] -no_stats=0 -statsd_server=192.168.100.1 -statsd_port=8100 -histogram_bins=0.50,0.80,0.9,0.95 -statsd_cycle=5 -# FS_OUTPUT_STATSD=1, FS_OUTPUT_INFLUX_LINE=2 -statsd_format=2 -# printf diff Not available -# print_diff=1 diff --git a/roles/tfe/templates/pangu_pxy.conf.j2 b/roles/tfe/templates/pangu_pxy.conf.j2 deleted file mode 100644 index 8843fe2..0000000 --- a/roles/tfe/templates/pangu_pxy.conf.j2 +++ /dev/null @@ -1,87 +0,0 @@ -[debug] -enable_plugin=1 - -[log] -# default 1, if enable "en_sendlog", the iterm "tfe.conf [kafka] enable" must set 1 -en_sendlog=1 -entrance_id=0 - -#Addresses of hos, Bucket name in hos. Format is defined by WiredLB. -cache_ip_list = {{ pangu_pxy.log_cache.address }} -cache_listen_port = {{ pangu_pxy.log_cache.port }} -cache_bucket_name=hos/proxy_hos_bucket -cache_token=c21f969b5f03d33d43e04f8f136e7682 - -#Refer to the pangu_cahche definition -max_used_memroy_size_mb=5120 -cache_default_ttl_second=3600 -cache_object_key_hash_switch=1 - -cache_store_object_way=0 -redis_cache_object_size=1024000 - -#If CACHE_STORE_OBJECT_WAY is not 0, we will use redis to store meta and object. -redis_cluster_ip_list=192.168.10.62-63; -redis_cluster_port_range=6379 -#wired load balancer configuration - -#Configs of WiredLB for Minios load balancer. -wiredlb_override=1 -wiredlb_topic=MinioFileLog -wiredlb_datacenter=k18consul-tse -wiredlb_health_port=8560 -wiredlb_group=FileLog - -log_fsstat_appname=tango_log_file -log_fsstat_filepath=./tango_log_file.fs -log_fsstat_interval=10 -log_fsstat_trig=1 -log_fsstat_dst_ip=10.4.20.202 -log_fsstat_dst_port=8125 - -[ratelimit] -#hijack flow control -enable=0 -token_name=ratelimit -redis_server={{ maat_redis_server.address }} -redis_port={{ maat_redis_server.port }} -redis_db_index=6 - -[tango_cache] -enable_cache=0 -cache_ip_list=192.168.10.61-64; -cache_listen_port=9000 -cache_bucket_name=hos/proxy_hos_bucket -cache_token=c21f969b5f03d33d43e04f8f136e7682 - -max_cnnt_pipeline_num=20 -#Maximum size of memory used by tango_cache_client. Upload will fail if the current size of memory used exceeds this value. -max_used_memory_size_mb=10240 -#Default TTL of objects, i.e. the time after which the object will expire(minumun 60s, i.e. 1 minute). -cache_default_ttl_second=3600 -#Whether to hash the object key before cache actions. GET/PUT may be faster if you open it. -cache_object_key_hash_switch=1 -#Store way: 0-HOS; 1-META in REDIS, object in hos; 2-META and small object in Redis, large object in hos; -cache_store_object_way=2 -#If CACHE_STORE_OBJECT_WAY is 2 and the size of a object is not bigger than this value, object will be stored in redis. -redis_cache_object_size=102400 -#If CACHE_STORE_OBJECT_WAY is not 0, we will use redis to store meta and object. -redis_cluster_ip_list=192.168.10.62-63; -redis_cluster_port_range=6379 - -#Configs of WiredLB for Minios load balancer.Refer to the definition at log - -cache_undefined_obj=1 -query_undefined_obj=0 -statsd_server=192.168.10.72 -statsd_port=8126 -histogram_bins=0.20,0.40,0.6,0.8 - -log_fsstat_appname=tango_cache -log_fsstat_filepath=./tango_cache_client.fs -log_fsstat_interval=10 -log_fsstat_trig=1 -log_fsstat_dst_ip=10.4.20.201 -log_fsstat_dst_port=8125 - - diff --git a/roles/tfe/templates/require-mrzcpd.conf.j2 b/roles/tfe/templates/require-mrzcpd.conf.j2 deleted file mode 100644 index 49e7c1b..0000000 --- a/roles/tfe/templates/require-mrzcpd.conf.j2 +++ /dev/null @@ -1,3 +0,0 @@ -[Unit] -Requires=tfe-env.service mrzcpd.service -After=tfe-env.service mrzcpd.service diff --git a/roles/tfe/templates/tfe-env-config.j2 b/roles/tfe/templates/tfe-env-config.j2 deleted file mode 100644 index 4302dcf..0000000 --- a/roles/tfe/templates/tfe-env-config.j2 +++ /dev/null @@ -1,20 +0,0 @@ -{% if tsg_access_type == 4 or tsg_access_type == 5 %} -TFE_DEVICE_DATA_INCOMING={{ ATCA_data_incoming.vf2_name }} -{% elif tsg_running_type != 2 %} -TFE_DEVICE_DATA_INCOMING=tun_kni -{% else %} -TFE_DEVICE_DATA_INCOMING={{ nic_data_incoming.name }} -{% endif %} -TFE_LOCAL_MAC_DATA_INCOMING=fe:65:b7:03:50:bd -{% if tsg_access_type == 4 or tsg_access_type == 5 %} -TFE_PEER_MAC_DATA_INCOMING=00:0e:c6:d6:72:c1 -{% else %} -TFE_PEER_MAC_DATA_INCOMING=aa:bb:cc:dd:ee:ff -{% endif %} -TFE_LOCAL_IP_DATA_INCOMING=172.16.241.2 -TFE_PEER_IP_DATA_INCOMING=172.16.241.1 - -{% if tsg_running_type != 2 %} -TFE_WATCHDOG_DEVICE={{ nic_inner_ctrl.name }} -TFE_WATCHDOG_IP=192.168.100.1 -{% endif %} diff --git a/roles/tfe/templates/tfe.conf.j2 b/roles/tfe/templates/tfe.conf.j2 deleted file mode 100644 index 219b23d..0000000 --- a/roles/tfe/templates/tfe.conf.j2 +++ /dev/null @@ -1,197 +0,0 @@ -[system] -nr_worker_threads={{ tfe.nr_threads }} -enable_kni_v1=0 -enable_kni_v2=0 -enable_kni_v3=1 - -# Only when (disable_coredump == 1 || (enable_breakpad == 1 && enable_breakpad_upload == 1)) is satisfied, the core will not be generated locally -disable_coredump=0 -enable_breakpad=1 -enable_breakpad_upload=1 -breakpad_upload_url={{ breakpad_upload_url }} -# must be /run/tfe/crashreport,due to tmpfile limit -breakpad_minidump_dir=/run/tfe/crashreport - -# ask for at least (1 + nr_worker_threads) masks -# the first mask for acceptor thread -# the others mask for worker thread -enable_cpu_affinity=0 -cpu_affinity_mask=1-9 -# LEAST_CONN = 0; ROUND_ROBIN = 1 -load_balance=1 - -[nfq] -queue_id=1 -queue_maxlen=655350 -queue_rcvbufsiz=983025000 -queue_no_enobufs=1 - -[kni] -# kni v1 -#uxdomain=/var/run/.tfe_kni_acceptor_handler -# kni v2 -#scm_socket_file=/var/run/.tfe_kmod_scm_socket - -# send cmsg -send_switch=1 -ip=192.168.100.1 -cmsg_port=2475 - -# watch dog -watchdog_switch=1 -watchdog_port=2476 - -[ssl] -ssl_ja3_debug=0 -# ssl version Not available, configured via TSG website -# ssl_max_version=tls13 -# ssl_min_version=ssl3 -ssl_compression=1 -no_ssl2=1 -no_ssl3=0 -no_tls10=0 -no_tls11=0 -no_tls12=0 -default_ciphers=ALL:-aNULL -no_cert_verify=0 - -# session ticket -no_session_ticket=0 -stek_group_num=4096 -stek_rotation_time=3600 - -# session cache -no_session_cache=0 -session_cache_slots=4194304 -session_cache_expire_seconds=1800 - -# service cache -service_cache_slots=4194304 -service_cache_expire_seconds=300 -service_cache_fail_as_pinning_cnt=4 -service_cache_fail_as_proto_err_cnt=5 -#service_cache_succ_as_app_not_pinning_cnt=0 -service_cache_fail_time_window=30 - -# cert -check_cert_crl=0 -{% if tsg_running_type == 2 %} -trusted_cert_load_local=1 -trusted_cert_file=resource/tfe/tsg_diagnose_ca.pem -{% else %} -trusted_cert_load_local=1 -trusted_cert_file=resource/tfe/tls-ca-bundle.pem -{% endif %} -trusted_cert_dir=resource/tfe/trusted_storage - -# master key -log_master_key=0 -key_log_file=log/sslkeylog.log - -# mid cert cache -mc_cache_enable=1 -mc_cache_eth={{ nic_mgr.name }} -mc_cache_broker_list={{ log_kafkabrokers.address | join(",") }} -mc_cache_topic=PXY-EXCH-INTERMEDIA-CERT - -ssl_ja3_table=PXY_SSL_FINGERPRINT - -[key_keeper] -#Mode: debug - generate cert with ca_path, normal - generate cert with cert store -#0 on cache 1 off cache -no_cache=0 -mode=normal -cert_store_host={{ cert_store_server.address }} -cert_store_port={{ cert_store_server.port }} -ca_path=resource/tfe/tango-ca-v3-trust-ca.pem -untrusted_ca_path=resource/tfe/tango-ca-v3-untrust-ca.pem -hash_slot_size=131072 -hash_expire_seconds=300 -cert_expire_time=24 - -# health_check only for "mode=normal" default 1 -enable_health_check=1 - -[debug] -# 1 : enforce tcp passthrough -# 0 : Whether to passthrough depends on the tcp_options in cmsg -passthrough_all_tcp=0 - -[ratelimit] -read_rate=0 -read_burst=0 -write_rate=0 -write_burst=0 - -[tcp] -# read rcv_buff/snd_buff options from tfe conf -sz_rcv_buffer=-1 -sz_snd_buffer=-1 - -# 1 : use tcp_options in tfe.conf -# 0 : use tcp_options in cmsg -enable_overwrite=0 -tcp_nodelay=1 -so_keepalive=1 -tcp_keepcnt=8 -tcp_keepintvl=15 -tcp_keepidle=30 -tcp_user_timeout=600 -tcp_ttl_upstream=75 -tcp_ttl_downstream=70 - -[stat] -statsd_server=192.168.100.1 -statsd_port=8100 -statsd_cycle=5 -# 1:FS_OUTPUT_STATSD; 2:FS_OUTPUT_INFLUX_LINE -statsd_format=2 -histogram_bins=0.5,0.8,0.9,0.95 -statsd_set_prometheus_port=9001 -statsd_set_prometheus_url_path=/metrics - -[traffic_mirror] -{% if tsg_running_type != 2 %} -enable={{ tfe.mirror_enable }} -device=lo -# 0:TRAFFIC_MIRROR_ETHDEV_AF_PACKET; 1:TRAFFIC_MIRROR_ETHDEV_MARSIO -type=0 -{% else %} -enable={{ tfe.mirror_enable }} -device={{ nic_traffic_mirror.name }} -# 0:TRAFFIC_MIRROR_ETHDEV_AF_PACKET; 1:TRAFFIC_MIRROR_ETHDEV_MARSIO -type=1 -{% endif %} -table_info=resource/pangu/table_info_traffic_mirror.conf -stat_file=log/traffic_mirror.status - -[kafka] -enable=1 -NIC_NAME={{ nic_mgr.name }} -kafka_brokerlist={{ log_kafkabrokers.address | join(",") }} -kafka_topic=PROXY-EVENT-LOG -device_id_filepath=/opt/tsg/etc/tsg_sn.json - -[maat] -# 0:json 1:redis 2:iris -maat_input_mode=1 -stat_switch=1 -perf_switch=1 -table_info=resource/pangu/table_info.conf -accept_path=/opt/tsg/etc/tsg_device_tag.json -stat_file=log/pangu_scan.fs2 -effect_interval_s=1 -deferred_load_on=0 - -# json mode conf iterm -json_cfg_file=resource/pangu/pangu_http.json - -# redis mode conf iterm -maat_redis_server={{ maat_redis_server.address }} -maat_redis_port_range={{ maat_redis_server.port }} -maat_redis_db_index={{ maat_redis_server.db }} - -# iris mode conf iterm -full_cfg_dir=pangu_policy/full/index/ -inc_cfg_dir=pangu_policy/inc/index/ -accept_tag_key=data_center diff --git a/roles/tfe/templates/zlog.conf.j2 b/roles/tfe/templates/zlog.conf.j2 deleted file mode 100644 index 5688880..0000000 --- a/roles/tfe/templates/zlog.conf.j2 +++ /dev/null @@ -1,20 +0,0 @@ -# kill -s SIGHUP "pid" - -[global] - -default format = "%d(%c), %V, %F, %U, %m%n" - -[levels] - -DEBUG=10 -INFO=20 -FATAL=30 - -[rules] - -*.fatal "./log/error.log.%d(%F)"; -tfe.{{ tfe_log_level }} "./log/tfe.log.%d(%F)"; -http.{{ tfe_http_log_level }} "./log/http.log.%d(%F)"; -http2.{{ tfe_http_log_level }} "./log/http2.log.%d(%F)"; -doh.{{ doh_log_level }} "./log/doh_pxy.log.%d(%F)"; -pangu.{{ pangu_log_level }} "./log/pangu_pxy.log.%d(%F)"; \ No newline at end of file diff --git a/roles/tsg-diagnose/files/tsg-diagnose-21.03.01.39beba7-1.el7.x86_64.rpm b/roles/tsg-diagnose/files/tsg-diagnose-21.03.01.39beba7-1.el7.x86_64.rpm deleted file mode 100644 index 01fe940..0000000 Binary files a/roles/tsg-diagnose/files/tsg-diagnose-21.03.01.39beba7-1.el7.x86_64.rpm and /dev/null differ diff --git a/roles/tsg-diagnose/files/tsg-diagnose-certs.tgz b/roles/tsg-diagnose/files/tsg-diagnose-certs.tgz deleted file mode 100644 index 5e61e27..0000000 Binary files a/roles/tsg-diagnose/files/tsg-diagnose-certs.tgz and /dev/null differ diff --git a/roles/tsg-diagnose/tasks/main.yml b/roles/tsg-diagnose/tasks/main.yml deleted file mode 100644 index 86b178b..0000000 --- a/roles/tsg-diagnose/tasks/main.yml +++ /dev/null @@ -1,38 +0,0 @@ -- name: "Tsg-diagnose:copy file to device" - copy: - src: '{{ role_path }}/files/' - dest: /tmp/ansible_deploy/ - -- name: "Install tsg-diagnose rpm package" - yum: - name: - - "/tmp/ansible_deploy/tsg-diagnose-21.03.01.39beba7-1.el7.x86_64.rpm" - state: present - -- name: "Templates tsg-diagnose.config" - template: - src: "{{role_path}}/templates/tsg-diagnose.config.j2" - dest: /opt/tsg/tsg-diagnose/etc/tsg-diagnose.config - tags: template - -- name: "tsg-diagnose:mkdir -p .badssl_cert_dict" - file: - path: /opt/tsg/tsg-diagnose/.badssl_cert_dict - state: directory - - -- name: "tsg-diagnose: unarchive certs" - unarchive: - src: /tmp/ansible_deploy/tsg-diagnose-certs.tgz - dest: /opt/tsg/tsg-diagnose/.badssl_cert_dict - remote_src: yes - -- name: 'Tsg-diagnose service start' - systemd: - name: tsg-diagnose - enabled: yes - daemon_reload: yes - state: started - -- name: "tsg-diagnose init rsync deamon" - shell: /bin/sh /opt/tsg/tsg-diagnose/deploy/rsync/init_rsyncd.sh diff --git a/roles/tsg-diagnose/templates/tsg-diagnose.config.j2 b/roles/tsg-diagnose/templates/tsg-diagnose.config.j2 deleted file mode 100644 index 907150e..0000000 --- a/roles/tsg-diagnose/templates/tsg-diagnose.config.j2 +++ /dev/null @@ -1,135 +0,0 @@ -[test_securityPolicy_bypass] -# enabled = 1 run this case -enabled = 1 -#Connection TIMEOUT, in seconds -conn_timeout = 1 -#max_recv_speed_large byte/s -max_recv_speed_large = 6553600 - -[test_securityPolicy_intercept] -enabled = 1 -conn_timeout = 1 -max_recv_speed_large = 6553600 - -[test_securityPolicy_intercept_certerrExpired] -enabled = 1 -conn_timeout = 1 -max_recv_speed_large = 6553600 - -[test_securityPolicy_intercept_certerrSelf_signed] -enabled = 1 -conn_timeout = 1 -max_recv_speed_large = 6553600 - -[test_securityPolicy_intercept_certerrUntrusted_root] -enabled = 1 -conn_timeout = 1 -max_recv_speed_large = 6553600 - -[test_proxyPolicy_ssl_redirect] -enabled = 1 -conn_timeout = 1 -max_recv_speed_large = 6553600 - -[test_proxyPolicy_ssl_block] -enabled = 1 -conn_timeout = 1 -max_recv_speed_large = 6553600 - -[test_proxyPolicy_ssl_replace] -enabled = 1 -conn_timeout = 1 -max_recv_speed_large = 6553600 - -[test_proxyPolicy_ssl_hijack] -enabled = 1 -conn_timeout = 1 -max_recv_speed_large = 6553600 - -[test_proxyPolicy_ssl_insert] -enabled = 1 -conn_timeout = 1 -max_recv_speed_large = 6553600 - -[test_proxyPolicy_http_redirect] -enabled = 1 -conn_timeout = 1 -max_recv_speed_large = 6553600 - -[test_proxyPolicy_http_block] -enabled = 1 -conn_timeout = 1 -max_recv_speed_large = 6553600 - -[test_proxyPolicy_http_replace] -enabled = 1 -conn_timeout = 1 -max_recv_speed_large = 6553600 - -[test_proxyPolicy_http_hijack] -enabled = 1 -conn_timeout = 1 -max_recv_speed_large = 6553600 - -[test_proxyPolicy_http_insert] -enabled = 1 -conn_timeout = 1 -max_recv_speed_large = 6553600 - -[test_https_con_traffic_1k] -enabled = 1 -conn_timeout = 1 -max_recv_speed_large = 6553600 - -[test_https_con_traffic_4k] -enabled = 1 -conn_timeout = 1 -max_recv_speed_large = 6553600 - -[test_https_con_traffic_16k] -enabled = 1 -conn_timeout = 1 -max_recv_speed_large = 6553600 - -[test_https_con_traffic_64k] -enabled = 1 -conn_timeout = 1 -max_recv_speed_large = 6553600 - -[test_https_con_traffic_256k] -enabled = 1 -conn_timeout = 1 -max_recv_speed_large = 6553600 - -[test_https_con_traffic_1M] -enabled = 1 -conn_timeout = 1 -max_recv_speed_large = 6553600 - -[test_https_con_traffic_4M] -enabled = 1 -conn_timeout = 1 -max_recv_speed_large = 6553600 - -[test_https_con_traffic_16M] -enabled = 1 -conn_timeout = 4 -max_recv_speed_large = 6553600 - -[test_https_con_traffic_64M] -enabled = 1 -conn_timeout = 12 -max_recv_speed_large = 6553600 - -[start_time_random_delay_range] -enabled = 1 -#Left_edge is the left edge of the randomly generated time in seconds -left_edge = 0 -#Left_edge is the right edge of the randomly generated time in seconds -right_edge = 30 - -[telegraf] -host = 192.51.100.1 -port = 58100 -tags_key = app_name -tags_value = tsg-diagnose diff --git a/roles/tsg-diagnose_stop_sync/tasks/main.yml b/roles/tsg-diagnose_stop_sync/tasks/main.yml deleted file mode 100644 index 1633c16..0000000 --- a/roles/tsg-diagnose_stop_sync/tasks/main.yml +++ /dev/null @@ -1,3 +0,0 @@ -- name: "tsg-diagnose: stop rsync deamon process" - shell: killall -9 rsync - diff --git a/roles/tsg-diagnose_sync_ca/files/tsg_diagnose_ca.pem b/roles/tsg-diagnose_sync_ca/files/tsg_diagnose_ca.pem deleted file mode 100644 index 0d1f838..0000000 --- a/roles/tsg-diagnose_sync_ca/files/tsg_diagnose_ca.pem +++ /dev/null @@ -1,49 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIGWzCCBEOgAwIBAgIJAMimxpHS+4hRMA0GCSqGSIb3DQEBCwUAMHcxCzAJBgNV -BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNp -c2NvMQ8wDQYDVQQKDAZCYWRTU0wxKjAoBgNVBAMMIUJhZFNTTCBSb290IENlcnRp -ZmljYXRlIEF1dGhvcml0eTAeFw0yMDEwMjYwODQ3NDZaFw00MDEwMjEwODQ3NDZa -MHcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1T -YW4gRnJhbmNpc2NvMQ8wDQYDVQQKDAZCYWRTU0wxKjAoBgNVBAMMIUJhZFNTTCBS -b290IENlcnRpZmljYXRlIEF1dGhvcml0eTCCAiIwDQYJKoZIhvcNAQEBBQADggIP -ADCCAgoCggIBAKnefEvaekYAdlfFtpnaPaKYgl+X3FOXUEiYLHuX9YZjuhjVAf/I -19iW7+k6mln3jSxD05YZQk/jUVTTVjYgQftHzlZiJG086AGhG86QwDIPb9nQIGy8 -3DscFFQGGOoYPdV9E+s1cFDTIFGqqqlJ5T5jpjnAL/3WR2LxrgzPVkBjcOTJnkU6 -Gv2jqwQYGSz8+A6FYsGLqO6Pv7uKY1OPELNcTGnSwD1uctsMHn/Xqx4nMaBoMuSc -TZQEneSagGDgF1dVqEFhVEPo4VXiVthhS82xA3xK69UKfKLFkjjy+icH8LllKUFo -Psu+w/9V3OZ4xfzjEdpoRwRUmOesS5wlEkd3rLKEWXG/A8Uul5iCZ2Dez9nE6wi7 -w7JD7R1InPoD+7KXtT2JWS+9sj+Vre7XIjSEQuBRGiTOXnDcuYjFOkvCqS7OToUc -fOJAlKHCndqBnzLoLJHU2ozrqgz8SU0Iv1CPW6YXLtRFFX3K9WUvX7XNTonh+oWS -6IGifWnVcYh2N5peUuNVT4heD4QfIDpCvjwUAp2IWr1GnEjvjhPaHialRotHhfCi -t3T0F58IhFQ6+CLQwE57Yd+7zGbc7osqTe1hbiK2wcciTuajmGZyfev8atFey+Y5 -N/7jD3U0a6u4Z+DyGcc08Pj94cM5AJ7SA45LKwt6xhmGLzhemmdGLJLNAgMBAAGj -gekwgeYwHQYDVR0OBBYEFMGs0F0ycvMIQgM6oTyOBrxzjCPKMIGpBgNVHSMEgaEw -gZ6AFMGs0F0ycvMIQgM6oTyOBrxzjCPKoXukeTB3MQswCQYDVQQGEwJVUzETMBEG -A1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzEPMA0GA1UE -CgwGQmFkU1NMMSowKAYDVQQDDCFCYWRTU0wgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRo -b3JpdHmCCQDIpsaR0vuIUTAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkq -hkiG9w0BAQsFAAOCAgEAeZzR9GKvTRiKfRqCzjhylk+7IbymWjxNTc2LQ3+O6lww -kw6Z2ybzvR3i/IZ7Hw+DBo1MXku9qHW/1uKR2BssoLHU1p1iHCBrZ1nw9MXxqXa3 -PhgxUZZu39NdXFc12fY/SYP8XQkNVzQCNouOvb75hj087ZDHvGztHIaB3VNUs1p+ -qMvGm8RVUGfDDqynUBZ814N32eCu+13N+dGL7yxASzD6Y3/myhVjixUuoUG3zFTW -NnIWspbC8MxhP/3QUMYi4KJM4KDiJQxPhGkMBwlhgAz/QPEJApKq0Cl0Reez7Gyd -KdnrqvCKhf8K53Su8L1GeRvzzKb7Hi+kMWIZVJPGz2DHgOymP5RCsIuWG6cDgx5E -3LfZYEPG63ezj+qMZmkdEMnD9SVBi85dOTOJ+OJgxxX2OahUKPUdDP89ZmHdOjR9 -CqUxnA+eqRNz1TajnjRFXir3/20SoBtrHBck3bxpmZwsF7A6Sg5RdlvQjK2Oy6g0 -9LrkPUgu9O/sBfz8uyG/HlQD7EuUNo0NQHqznnde3T+w5wY2vL3XUAl39qcpNPF6 -auCS8+aygYYmCUooZVzKlXGU3VUPGwcfmLE4gnPLT0+pnHtBS8tKLOzXAJjYQ3s+ -QpP3aO4lJvoZ6Oes/JRxNPW8dmaLxTKPqsaPEWWuoSYr0higPTBXQNg+++PYRY4= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIB8jCCAVugAwIBAgIJAP3GpXchIMWHMA0GCSqGSIb3DQEBCwUAMBExDzANBgNV -BAsMBkdFRURHRTAgFw0yMDAzMDkxNjEyNTlaGA8yMDUwMDMwMjE2MTI1OVowETEP -MA0GA1UECwwGR0VFREdFMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCraZpH -Fca2Iu+9E9HzKbEi2Akdk4RrUJxkQjB2Tr7fGxwPDXqdGvSoXDdgnSA0I0bbNqMs -drgiCWimjnGiWfY0sssKg7plNTQ4i7Zz7P9Isyf6TuxvB09CzdhH2FQ3lLRTb8pv -BA0E28CCYiZhtX1/3RlDSvxaRKOM3yEt0q+FRQIDAQABo1AwTjAdBgNVHQ4EFgQU -NqrpSlpCuMBJlCLZEE/D5ZpBy8swHwYDVR0jBBgwFoAUNqrpSlpCuMBJlCLZEE/D -5ZpBy8swDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOBgQBsybFxUAjzhJ5H -VbSLhyillxtAJ3vEKtLrMVnAgRUEwamyu1JQGndF9kh8RapSmHhmuZM9iTc+NsNb -DKGKmEOY0vQMw83xE7EGYj4Nhww9UMyGglmTLbd3yB+uJA97beNVduU2mifDHGmN -4buMiPl3AozGRl9p5UCzZM5XxMMw1A== ------END CERTIFICATE----- diff --git a/roles/tsg-diagnose_sync_ca/tasks/main.yml b/roles/tsg-diagnose_sync_ca/tasks/main.yml deleted file mode 100644 index 2922f6f..0000000 --- a/roles/tsg-diagnose_sync_ca/tasks/main.yml +++ /dev/null @@ -1,15 +0,0 @@ -- name: "tsg-diagnose: rsync badssl ca certs" - shell: rsync -avzP --delete 192.168.100.1::blade0toother /tmp/sync/ - ignore_errors: true - -- name: "tsg-diagnose: add badssl ca file to tfe tls-ca-bundle" - shell: cat /tmp/sync/ca-root.crt > /opt/tsg/tfe/resource/tfe/tsg_diagnose_ca.pem && cat /tmp/sync/wpr_cert.pem >> /opt/tsg/tfe/resource/tfe/tsg_diagnose_ca.pem - ignore_errors: true - register: result_tsg_diagnose_sync_cert_shell - -- name: "Tsg-diagnose:copy cert file to device" - copy: - src: '{{ role_path }}/files/tsg_diagnose_ca.pem' - dest: /opt/tsg/tfe/resource/tfe/ - when: result_tsg_diagnose_sync_cert_shell.rc==1 - diff --git a/roles/tsg-env-mcn0/files/setup b/roles/tsg-env-mcn0/files/setup deleted file mode 100644 index 473e5a0..0000000 --- a/roles/tsg-env-mcn0/files/setup +++ /dev/null @@ -1,132 +0,0 @@ -#!/bin/bash -# set -x - -CURRENT_PATH=`dirname $0` -TP_SVR=192.168.100.5 -TP_PORT=10000 -REMOTE_CONTROL_BIN=switch_control_client_non_block - -function get_netdev_by_pci() -{ - DEV_LIST=`ifconfig -a |grep flags |awk -F: '{print $1}'` - for i in ${DEV_LIST} - do - ethtool -i ${i} |grep bus-info |grep "$1" > /dev/null 2>&1 - if [ $? -eq 0 ];then - TARGET=${i} - break - fi - done - - echo ${TARGET} -} - -function pf_setup() -{ - ifconfig ens1 up - - modprobe 8021q - vconfig add ens1 100 - vconfig set_flag ens1.100 1 1 - ifconfig ens1.100 192.168.100.1 netmask 255.255.255.0 up - sleep 1 -} - -function vf_setup() -{ - echo 8 > /sys/class/net/ens1/device/sriov_numvfs - sleep 5 - - ifconfig ens1f3 up - ip link set ens1 vf 2 vlan 200 - ifconfig ens1f3 192.168.200.1 netmask 255.255.255.0 - - ifconfig ens1f1 up - ifconfig ens1f2 up - ifconfig ens1f3 up - ifconfig ens1f4 up - ifconfig ens1f5 up - ifconfig ens1f6 up - ifconfig ens1f7 up - ifconfig enp1s1 up - - sleep 5 -} - -function bring_down_pfvf() -{ - echo 0 > /sys/class/net/ens1/device/sriov_numvfs - ifconfig ens1 down - sleep 3 -} - - -# Main loop -while : -do - FAIL_FLAG=0 - - # Make sure PF is valid - ping ${TP_SVR} -c 1 - if [ $? -ne 0 ];then - echo "Please make sure switch board is up." - bring_down_pfvf - pf_setup - continue - fi - - # Make sure TestPoint is up. - ${CURRENT_PATH}/${REMOTE_CONTROL_BIN} -s ${TP_SVR} -n ${TP_PORT} -c "show version" - if [ $? -ne 0 ];then - echo "Cannot reach TestPoint!" - echo "Please make sure TestPoint is up and in remote-listen mode." - sleep 5 - continue - fi - - # Create VFs and get MAC addresses - vf_setup - - PF=`get_netdev_by_pci 01:00.0` - VF1=`get_netdev_by_pci 01:00.1` - VF2=`get_netdev_by_pci 01:00.2` - VF3=`get_netdev_by_pci 01:00.3` - VF4=`get_netdev_by_pci 01:00.4` - VF5=`get_netdev_by_pci 01:00.5` - VF6=`get_netdev_by_pci 01:00.6` - VF7=`get_netdev_by_pci 01:00.7` - VF8=`get_netdev_by_pci 01:01.0` - - MAC1=`ifconfig ${VF1} |grep ether |awk -F' ' '{print $2}'` - MAC2=`ifconfig ${VF2} |grep ether |awk -F' ' '{print $2}'` - MAC3=`ifconfig ${VF3} |grep ether |awk -F' ' '{print $2}'` - MAC4=`ifconfig ${VF4} |grep ether |awk -F' ' '{print $2}'` - MAC5=`ifconfig ${VF5} |grep ether |awk -F' ' '{print $2}'` - MAC6=`ifconfig ${VF6} |grep ether |awk -F' ' '{print $2}'` - MAC7=`ifconfig ${VF7} |grep ether |awk -F' ' '{print $2}'` - MAC8=`ifconfig ${VF8} |grep ether |awk -F' ' '{print $2}'` - MAC9=`ifconfig ${PF} |grep ether |awk -F' ' '{print $2}'` - - # Make sure VFs are valid - MAC_TABLE=`${CURRENT_PATH}/${REMOTE_CONTROL_BIN} -s ${TP_SVR} -n ${TP_PORT} -c "show mac table all"` - - for i in ${MAC1} ${MAC2} ${MAC3} ${MAC4} ${MAC5} ${MAC6} ${MAC7} ${MAC8} ${MAC9} - do - echo ${MAC_TABLE} |grep ${i} > /dev/null 2>&1 - if [ $? -ne 0 ];then - echo "MAC ${i} is not in table!" - FAIL_FLAG=1 - break - fi - done - - if [ ${FAIL_FLAG} -eq 1 ];then - bring_down_pfvf - continue - fi - - echo "PF/VF setup successful." - exit 0 -done - - diff --git a/roles/tsg-env-mcn0/files/switch_control_client_non_block b/roles/tsg-env-mcn0/files/switch_control_client_non_block deleted file mode 100644 index 5cdba48..0000000 Binary files a/roles/tsg-env-mcn0/files/switch_control_client_non_block and /dev/null differ diff --git a/roles/tsg-env-mcn0/files/tsg-env.service b/roles/tsg-env-mcn0/files/tsg-env.service deleted file mode 100644 index e100bb8..0000000 --- a/roles/tsg-env-mcn0/files/tsg-env.service +++ /dev/null @@ -1,15 +0,0 @@ -[Unit] -Description=tsg sled-mcn0 env init -Requires=network.target -After=network.target -Before=mrenv.service - -[Service] -ExecStart=/opt/tsg/env/setup -ExecStop=/opt/tsg/env/tsg-env_stop -Type=oneshot -RemainAfterExit=yes - -[Install] -WantedBy=multi-user.target -RequiredBy=mrenv.service diff --git a/roles/tsg-env-mcn0/files/tsg-env_stop b/roles/tsg-env-mcn0/files/tsg-env_stop deleted file mode 100644 index 1048f28..0000000 --- a/roles/tsg-env-mcn0/files/tsg-env_stop +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/bash -# -echo 0 >/sys/class/net/ens1/device/sriov_numvfs -ifconfig ens1.100 down -vconfig rem ens1.100 -ifconfig ens1 down diff --git a/roles/tsg-env-mcn0/tasks/main.yml b/roles/tsg-env-mcn0/tasks/main.yml deleted file mode 100644 index 7c9ecea..0000000 --- a/roles/tsg-env-mcn0/tasks/main.yml +++ /dev/null @@ -1,39 +0,0 @@ ---- -- name: "copy setup script" - copy: - src: "{{ role_path }}/files/setup" - dest: /opt/tsg/env/ - mode: 0755 - when: tsg_access_type == 1 - -- name: "Template setup script" - template: - src: "{{ role_path }}/templates/setup.AllotAccess.j2" - dest: /opt/tsg/env/setup - mode: 0755 - when: tsg_access_type == 2 - -- name: "copy switch_control_client_non_block" - copy: - src: "{{ role_path }}/files/switch_control_client_non_block" - dest: "/opt/tsg/env/" - mode: 0755 - -- name: "copy tsg-env.service" - copy: - src: "{{ role_path }}/files/tsg-env.service" - dest: "/usr/lib/systemd/system/" - mode: 0644 - -- name: "copy tsg-env_stop" - copy: - src: "{{ role_path }}/files/tsg-env_stop" - dest: "/opt/tsg/env/" - mode: 0755 - -- name: "enable tsg-env" - systemd: - name: tsg-env - enabled: yes - daemon_reload: yes - diff --git a/roles/tsg-env-mcn0/templates/setup.AllotAccess.j2 b/roles/tsg-env-mcn0/templates/setup.AllotAccess.j2 deleted file mode 100644 index c07c2ca..0000000 --- a/roles/tsg-env-mcn0/templates/setup.AllotAccess.j2 +++ /dev/null @@ -1,144 +0,0 @@ -#!/bin/bash -# set -x - -CURRENT_PATH=`dirname $0` -TP_SVR=192.168.100.5 -TP_PORT=10000 -REMOTE_CONTROL_BIN=switch_control_client_non_block - -function get_netdev_by_pci() -{ - DEV_LIST=`ifconfig -a |grep flags |awk -F: '{print $1}'` - for i in ${DEV_LIST} - do - ethtool -i ${i} |grep bus-info |grep "$1" > /dev/null 2>&1 - if [ $? -eq 0 ];then - TARGET=${i} - break - fi - done - - echo ${TARGET} -} - -function pf_setup() -{ - ifconfig ens1 up - - modprobe 8021q - vconfig add ens1 100 - vconfig set_flag ens1.100 1 1 - ifconfig ens1.100 192.168.100.1 netmask 255.255.255.0 up - sleep 1 -} - -function vf_setup() -{ - echo 8 > /sys/class/net/ens1/device/sriov_numvfs - sleep 5 - - ifconfig ens1f3 up - ip link set ens1 vf 2 vlan 200 - ifconfig ens1f3 192.168.200.1 netmask 255.255.255.0 - - ifconfig ens1f1 up - ifconfig ens1f2 up - ifconfig ens1f3 up - ifconfig ens1f4 up - ifconfig ens1f5 up - ifconfig ens1f6 up - ifconfig ens1f7 up - ifconfig enp1s1 up - - sleep 5 -} - -function bring_down_pfvf() -{ - echo 0 > /sys/class/net/ens1/device/sriov_numvfs - ifconfig ens1 down - sleep 3 -} - -function AllotAccessNetworkModel() -{ - ip link add link ens1f2 name {{ AllotAccess.virturlInterface_1 }} type vlan id {{ AllotAccess.virturlID_1 }} - ip link add link ens1f2 name {{ AllotAccess.virturlInterface_2 }} type vlan id {{ AllotAccess.virturlID_2 }} - ip addr add {{ vvipv4_1 }}/{{ AllotAccess.vvipv4_mask }} dev {{ AllotAccess.virturlInterface_1 }} - ip addr add {{ vvipv4_2 }}/{{ AllotAccess.vvipv4_mask }} dev {{ AllotAccess.virturlInterface_2 }} - ip -6addr add {{ vvipv6_1 }}/{{ AllotAccess.vvipv6_mask }} dev {{ AllotAccess.virturlInterface_1 }} - ip -6addr add {{ vvipv6_2 }}/{{ AllotAccess.vvipv6_mask }} dev {{ AllotAccess.virturlInterface_2 }} -} - -# Main loop -while : -do - FAIL_FLAG=0 - - # Make sure PF is valid - ping ${TP_SVR} -c 1 - if [ $? -ne 0 ];then - echo "Please make sure switch board is up." - bring_down_pfvf - pf_setup - continue - fi - - # Make sure TestPoint is up. - ${CURRENT_PATH}/${REMOTE_CONTROL_BIN} -s ${TP_SVR} -n ${TP_PORT} -c "show version" - if [ $? -ne 0 ];then - echo "Cannot reach TestPoint!" - echo "Please make sure TestPoint is up and in remote-listen mode." - sleep 5 - continue - fi - - # Create VFs and get MAC addresses - vf_setup - - PF=`get_netdev_by_pci 01:00.0` - VF1=`get_netdev_by_pci 01:00.1` - VF2=`get_netdev_by_pci 01:00.2` - VF3=`get_netdev_by_pci 01:00.3` - VF4=`get_netdev_by_pci 01:00.4` - VF5=`get_netdev_by_pci 01:00.5` - VF6=`get_netdev_by_pci 01:00.6` - VF7=`get_netdev_by_pci 01:00.7` - VF8=`get_netdev_by_pci 01:01.0` - - MAC1=`ifconfig ${VF1} |grep ether |awk -F' ' '{print $2}'` - MAC2=`ifconfig ${VF2} |grep ether |awk -F' ' '{print $2}'` - MAC3=`ifconfig ${VF3} |grep ether |awk -F' ' '{print $2}'` - MAC4=`ifconfig ${VF4} |grep ether |awk -F' ' '{print $2}'` - MAC5=`ifconfig ${VF5} |grep ether |awk -F' ' '{print $2}'` - MAC6=`ifconfig ${VF6} |grep ether |awk -F' ' '{print $2}'` - MAC7=`ifconfig ${VF7} |grep ether |awk -F' ' '{print $2}'` - MAC8=`ifconfig ${VF8} |grep ether |awk -F' ' '{print $2}'` - MAC9=`ifconfig ${PF} |grep ether |awk -F' ' '{print $2}'` - - # Make sure VFs are valid - MAC_TABLE=`${CURRENT_PATH}/${REMOTE_CONTROL_BIN} -s ${TP_SVR} -n ${TP_PORT} -c "show mac table all"` - - for i in ${MAC1} ${MAC2} ${MAC3} ${MAC4} ${MAC5} ${MAC6} ${MAC7} ${MAC8} ${MAC9} - do - echo ${MAC_TABLE} |grep ${i} > /dev/null 2>&1 - if [ $? -ne 0 ];then - echo "MAC ${i} is not in table!" - FAIL_FLAG=1 - break - fi - done - - if [ ${FAIL_FLAG} -eq 1 ];then - bring_down_pfvf - continue - fi - - # Set_AllotAccessNetworkModel - AllotAccessNetworkModel - - echo "PF/VF setup successful." - exit 0 -done - - diff --git a/roles/tsg-env-mcn1/files/setup b/roles/tsg-env-mcn1/files/setup deleted file mode 100644 index 09331cd..0000000 --- a/roles/tsg-env-mcn1/files/setup +++ /dev/null @@ -1,115 +0,0 @@ -#!/bin/bash -# set -x - -CURRENT_PATH=`dirname $0` -TP_SVR=192.168.100.5 -TP_PORT=10000 -REMOTE_CONTROL_BIN=switch_control_client_non_block -modprobe 8021q - -function get_netdev_by_pci() -{ - DEV_LIST=`ifconfig -a |grep flags |awk -F: '{print $1}'` - for i in ${DEV_LIST} - do - ethtool -i ${i} |grep bus-info |grep "$1" > /dev/null 2>&1 - if [ $? -eq 0 ];then - TARGET=${i} - break - fi - done - - echo ${TARGET} -} - -function pf_setup() -{ - ifconfig ens1 up - vconfig add ens1 100 - vconfig set_flag ens1.100 1 1 - ifconfig ens1.100 192.168.100.2 netmask 255.255.255.0 up - sleep 1 -} - -function vf_setup() -{ - echo 4 > /sys/class/net/ens1/device/sriov_numvfs - sleep 5 - - ifconfig ens1f3 up - ip link set ens1 vf 2 vlan 200 - ifconfig ens1f3 192.168.200.2 netmask 255.255.255.0 - - ifconfig ens1f1 up - ifconfig ens1f2 up - ifconfig ens1f3 up - ifconfig ens1f4 up - sleep 5 -} - -function bring_down_pfvf() -{ - echo 0 > /sys/class/net/ens1/device/sriov_numvfs - ifconfig ens1 down - sleep 3 -} - -# Main loop -while : -do - FAIL_FLAG=0 - - # Make sure PF is valid - ping ${TP_SVR} -c 1 - if [ $? -ne 0 ];then - echo "Please make sure switch board is up." - bring_down_pfvf - pf_setup - continue - fi - - # Make sure TestPoint is up. - ${CURRENT_PATH}/${REMOTE_CONTROL_BIN} -s ${TP_SVR} -n ${TP_PORT} -c "show version" - if [ $? -ne 0 ];then - echo "Cannot reach TestPoint!" - echo "Please make sure TestPoint is up and in remote-listen mode." - sleep 5 - continue - fi - - # Create VFs and get MAC addresses - vf_setup - - PF=`get_netdev_by_pci 01:00.0` - VF1=`get_netdev_by_pci 01:00.1` - VF2=`get_netdev_by_pci 01:00.2` - VF3=`get_netdev_by_pci 01:00.3` - VF4=`get_netdev_by_pci 01:00.4` - - MAC0=`ifconfig ${PF} |grep ether |awk -F' ' '{print $2}'` - MAC1=`ifconfig ${VF1} |grep ether |awk -F' ' '{print $2}'` - MAC2=`ifconfig ${VF2} |grep ether |awk -F' ' '{print $2}'` - MAC3=`ifconfig ${VF3} |grep ether |awk -F' ' '{print $2}'` - MAC4=`ifconfig ${VF4} |grep ether |awk -F' ' '{print $2}'` - - # Make sure VFs are valid - MAC_TABLE=`${CURRENT_PATH}/${REMOTE_CONTROL_BIN} -s ${TP_SVR} -n ${TP_PORT} -c "show mac table all"` - - for i in ${MAC0} ${MAC1} ${MAC2} ${MAC3} ${MAC4} - do - echo ${MAC_TABLE} |grep ${i} > /dev/null 2>&1 - if [ $? -ne 0 ];then - echo "MAC ${i} is not in table!" - FAIL_FLAG=1 - break - fi - done - - if [ ${FAIL_FLAG} -eq 1 ];then - bring_down_pfvf - continue - fi - - echo "PF/VF setup successful." - exit 0 -done diff --git a/roles/tsg-env-mcn1/files/switch_control_client_non_block b/roles/tsg-env-mcn1/files/switch_control_client_non_block deleted file mode 100644 index 5cdba48..0000000 Binary files a/roles/tsg-env-mcn1/files/switch_control_client_non_block and /dev/null differ diff --git a/roles/tsg-env-mcn1/files/tsg-env.service b/roles/tsg-env-mcn1/files/tsg-env.service deleted file mode 100644 index c8ce8a8..0000000 --- a/roles/tsg-env-mcn1/files/tsg-env.service +++ /dev/null @@ -1,15 +0,0 @@ -[Unit] -Description=tsg sled-mcn1 env init -Requires=network.target -After=network.target -Before=tfe-env.service mrenv.service - -[Service] -ExecStart=/opt/tsg/env/setup -ExecStop=/opt/tsg/env/tsg-env_stop -Type=oneshot -RemainAfterExit=yes - -[Install] -WantedBy=multi-user.target -RequiredBy=tfe-env.service mrenv.service \ No newline at end of file diff --git a/roles/tsg-env-mcn1/files/tsg-env_stop b/roles/tsg-env-mcn1/files/tsg-env_stop deleted file mode 100644 index 1048f28..0000000 --- a/roles/tsg-env-mcn1/files/tsg-env_stop +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/bash -# -echo 0 >/sys/class/net/ens1/device/sriov_numvfs -ifconfig ens1.100 down -vconfig rem ens1.100 -ifconfig ens1 down diff --git a/roles/tsg-env-mcn1/tasks/main.yml b/roles/tsg-env-mcn1/tasks/main.yml deleted file mode 100644 index aeeca23..0000000 --- a/roles/tsg-env-mcn1/tasks/main.yml +++ /dev/null @@ -1,30 +0,0 @@ ---- -- name: "copy setup script" - copy: - src: "{{ role_path }}/files/setup" - dest: "/opt/tsg/env/" - mode: 0755 - -- name: "copy switch_control_client_non_block" - copy: - src: "{{ role_path }}/files/switch_control_client_non_block" - dest: "/opt/tsg/env/" - mode: 0755 - -- name: "copy tsg-env.service" - copy: - src: "{{ role_path }}/files/tsg-env.service" - dest: "/usr/lib/systemd/system/" - mode: 0644 - -- name: "copy tsg-env_stop" - copy: - src: "{{ role_path }}/files/tsg-env_stop" - dest: "/opt/tsg/env/" - mode: 0755 - -- name: "enable tsg-env" - systemd: - name: tsg-env - enabled: yes - daemon_reload: yes diff --git a/roles/tsg-env-mcn2/files/setup b/roles/tsg-env-mcn2/files/setup deleted file mode 100644 index 8d3985a..0000000 --- a/roles/tsg-env-mcn2/files/setup +++ /dev/null @@ -1,115 +0,0 @@ -#!/bin/bash -# set -x - -CURRENT_PATH=`dirname $0` -TP_SVR=192.168.100.5 -TP_PORT=10000 -REMOTE_CONTROL_BIN=switch_control_client_non_block -modprobe 8021q - -function get_netdev_by_pci() -{ - DEV_LIST=`ifconfig -a |grep flags |awk -F: '{print $1}'` - for i in ${DEV_LIST} - do - ethtool -i ${i} |grep bus-info |grep "$1" > /dev/null 2>&1 - if [ $? -eq 0 ];then - TARGET=${i} - break - fi - done - - echo ${TARGET} -} - -function pf_setup() -{ - ifconfig ens8 up - vconfig add ens8 100 - vconfig set_flag ens8.100 1 1 - ifconfig ens8.100 192.168.100.3 netmask 255.255.255.0 up - sleep 1 -} - -function vf_setup() -{ - echo 4 > /sys/class/net/ens8/device/sriov_numvfs - sleep 5 - - ifconfig ens8f3 up - ip link set ens8 vf 2 vlan 200 - ifconfig ens8f3 192.168.200.3 netmask 255.255.255.0 - - ifconfig ens8f1 up - ifconfig ens8f2 up - ifconfig ens8f3 up - ifconfig ens8f4 up - sleep 5 -} - -function bring_down_pfvf() -{ - echo 0 > /sys/class/net/ens8/device/sriov_numvfs - ifconfig ens8 down - sleep 3 -} - -# Main loop -while : -do - FAIL_FLAG=0 - - # Make sure PF is valid - ping ${TP_SVR} -c 1 - if [ $? -ne 0 ];then - echo "Please make sure switch board is up." - bring_down_pfvf - pf_setup - continue - fi - - # Make sure TestPoint is up. - ${CURRENT_PATH}/${REMOTE_CONTROL_BIN} -s ${TP_SVR} -n ${TP_PORT} -c "show version" - if [ $? -ne 0 ];then - echo "Cannot reach TestPoint!" - echo "Please make sure TestPoint is up and in remote-listen mode." - sleep 5 - continue - fi - - # Create VFs and get MAC addresses - vf_setup - - PF=`get_netdev_by_pci 85:00.0` - VF1=`get_netdev_by_pci 85:00.1` - VF2=`get_netdev_by_pci 85:00.2` - VF3=`get_netdev_by_pci 85:00.3` - VF4=`get_netdev_by_pci 85:00.4` - - MAC0=`ifconfig ${PF} |grep ether |awk -F' ' '{print $2}'` - MAC1=`ifconfig ${VF1} |grep ether |awk -F' ' '{print $2}'` - MAC2=`ifconfig ${VF2} |grep ether |awk -F' ' '{print $2}'` - MAC3=`ifconfig ${VF3} |grep ether |awk -F' ' '{print $2}'` - MAC4=`ifconfig ${VF4} |grep ether |awk -F' ' '{print $2}'` - - # Make sure VFs are valid - MAC_TABLE=`${CURRENT_PATH}/${REMOTE_CONTROL_BIN} -s ${TP_SVR} -n ${TP_PORT} -c "show mac table all"` - - for i in ${MAC0} ${MAC1} ${MAC2} ${MAC3} ${MAC4} - do - echo ${MAC_TABLE} |grep ${i} > /dev/null 2>&1 - if [ $? -ne 0 ];then - echo "MAC ${i} is not in table!" - FAIL_FLAG=1 - break - fi - done - - if [ ${FAIL_FLAG} -eq 1 ];then - bring_down_pfvf - continue - fi - - echo "PF/VF setup successful." - exit 0 -done diff --git a/roles/tsg-env-mcn2/files/switch_control_client_non_block b/roles/tsg-env-mcn2/files/switch_control_client_non_block deleted file mode 100644 index 5cdba48..0000000 Binary files a/roles/tsg-env-mcn2/files/switch_control_client_non_block and /dev/null differ diff --git a/roles/tsg-env-mcn2/files/tsg-env.service b/roles/tsg-env-mcn2/files/tsg-env.service deleted file mode 100644 index 7ff9bc1..0000000 --- a/roles/tsg-env-mcn2/files/tsg-env.service +++ /dev/null @@ -1,15 +0,0 @@ -[Unit] -Description=tsg sled-mcn3 env init -Requires=network.target -After=network.target -Before=tfe-env.service mrenv.service - -[Service] -ExecStart=/opt/tsg/env/setup -ExecStop=/opt/tsg/env/tsg-env_stop -Type=oneshot -RemainAfterExit=yes - -[Install] -WantedBy=multi-user.target -RequiredBy=tfe-env.service mrenv.service diff --git a/roles/tsg-env-mcn2/files/tsg-env_stop b/roles/tsg-env-mcn2/files/tsg-env_stop deleted file mode 100644 index c5ce519..0000000 --- a/roles/tsg-env-mcn2/files/tsg-env_stop +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/bash -# -echo 0 >/sys/class/net/ens8/device/sriov_numvfs -ifconfig ens8.100 down -vconfig rem ens8.100 -ifconfig ens8 down diff --git a/roles/tsg-env-mcn2/tasks/main.yml b/roles/tsg-env-mcn2/tasks/main.yml deleted file mode 100644 index 521fd43..0000000 --- a/roles/tsg-env-mcn2/tasks/main.yml +++ /dev/null @@ -1,30 +0,0 @@ ---- -- name: "copy setup script" - copy: - src: "{{ role_path }}/files/setup" - dest: "/opt/tsg/env/" - mode: 0755 - -- name: "copy switch_control_client_non_block" - copy: - src: "{{ role_path }}/files/switch_control_client_non_block" - dest: "/opt/tsg/env/" - mode: 0755 - -- name: "copy tsg-env.service" - copy: - src: "{{ role_path }}/files/tsg-env.service" - dest: "/usr/lib/systemd/system/" - mode: 0644 - -- name: "copy tsg-env_stop" - copy: - src: "{{ role_path }}/files/tsg-env_stop" - dest: "/opt/tsg/env/" - mode: 0755 - -- name: "enable tsg-env" - systemd: - name: tsg-env - enabled: yes - daemon_reload: yes diff --git a/roles/tsg-env-mcn3/files/setup b/roles/tsg-env-mcn3/files/setup deleted file mode 100644 index fd4845d..0000000 --- a/roles/tsg-env-mcn3/files/setup +++ /dev/null @@ -1,115 +0,0 @@ -#!/bin/bash -# set -x - -CURRENT_PATH=`dirname $0` -TP_SVR=192.168.100.5 -TP_PORT=10000 -REMOTE_CONTROL_BIN=switch_control_client_non_block -modprobe 8021q - -function get_netdev_by_pci() -{ - DEV_LIST=`ifconfig -a |grep flags |awk -F: '{print $1}'` - for i in ${DEV_LIST} - do - ethtool -i ${i} |grep bus-info |grep "$1" > /dev/null 2>&1 - if [ $? -eq 0 ];then - TARGET=${i} - break - fi - done - - echo ${TARGET} -} - -function pf_setup() -{ - ifconfig ens8 up - vconfig add ens8 100 - vconfig set_flag ens8.100 1 1 - ifconfig ens8.100 192.168.100.4 netmask 255.255.255.0 up - sleep 1 -} - -function vf_setup() -{ - echo 4 > /sys/class/net/ens8/device/sriov_numvfs - sleep 5 - - ifconfig ens8f3 up - ip link set ens8 vf 2 vlan 200 - ifconfig ens8f3 192.168.200.4 netmask 255.255.255.0 - - ifconfig ens8f1 up - ifconfig ens8f2 up - ifconfig ens8f3 up - ifconfig ens8f4 up - sleep 5 -} - -function bring_down_pfvf() -{ - echo 0 > /sys/class/net/ens8/device/sriov_numvfs - ifconfig ens8 down - sleep 3 -} - -# Main loop -while : -do - FAIL_FLAG=0 - - # Make sure PF is valid - ping ${TP_SVR} -c 1 - if [ $? -ne 0 ];then - echo "Please make sure switch board is up." - bring_down_pfvf - pf_setup - continue - fi - - # Make sure TestPoint is up. - ${CURRENT_PATH}/${REMOTE_CONTROL_BIN} -s ${TP_SVR} -n ${TP_PORT} -c "show version" - if [ $? -ne 0 ];then - echo "Cannot reach TestPoint!" - echo "Please make sure TestPoint is up and in remote-listen mode." - sleep 5 - continue - fi - - # Create VFs and get MAC addresses - vf_setup - - PF=`get_netdev_by_pci 85:00.0` - VF1=`get_netdev_by_pci 85:00.1` - VF2=`get_netdev_by_pci 85:00.2` - VF3=`get_netdev_by_pci 85:00.3` - VF4=`get_netdev_by_pci 85:00.4` - - MAC0=`ifconfig ${PF} |grep ether |awk -F' ' '{print $2}'` - MAC1=`ifconfig ${VF1} |grep ether |awk -F' ' '{print $2}'` - MAC2=`ifconfig ${VF2} |grep ether |awk -F' ' '{print $2}'` - MAC3=`ifconfig ${VF3} |grep ether |awk -F' ' '{print $2}'` - MAC4=`ifconfig ${VF4} |grep ether |awk -F' ' '{print $2}'` - - # Make sure VFs are valid - MAC_TABLE=`${CURRENT_PATH}/${REMOTE_CONTROL_BIN} -s ${TP_SVR} -n ${TP_PORT} -c "show mac table all"` - - for i in ${MAC0} ${MAC1} ${MAC2} ${MAC3} ${MAC4} - do - echo ${MAC_TABLE} |grep ${i} > /dev/null 2>&1 - if [ $? -ne 0 ];then - echo "MAC ${i} is not in table!" - FAIL_FLAG=1 - break - fi - done - - if [ ${FAIL_FLAG} -eq 1 ];then - bring_down_pfvf - continue - fi - - echo "PF/VF setup successful." - exit 0 -done diff --git a/roles/tsg-env-mcn3/files/switch_control_client_non_block b/roles/tsg-env-mcn3/files/switch_control_client_non_block deleted file mode 100644 index 5cdba48..0000000 Binary files a/roles/tsg-env-mcn3/files/switch_control_client_non_block and /dev/null differ diff --git a/roles/tsg-env-mcn3/files/tsg-env.service b/roles/tsg-env-mcn3/files/tsg-env.service deleted file mode 100644 index 7ff9bc1..0000000 --- a/roles/tsg-env-mcn3/files/tsg-env.service +++ /dev/null @@ -1,15 +0,0 @@ -[Unit] -Description=tsg sled-mcn3 env init -Requires=network.target -After=network.target -Before=tfe-env.service mrenv.service - -[Service] -ExecStart=/opt/tsg/env/setup -ExecStop=/opt/tsg/env/tsg-env_stop -Type=oneshot -RemainAfterExit=yes - -[Install] -WantedBy=multi-user.target -RequiredBy=tfe-env.service mrenv.service diff --git a/roles/tsg-env-mcn3/files/tsg-env_stop b/roles/tsg-env-mcn3/files/tsg-env_stop deleted file mode 100644 index c5ce519..0000000 --- a/roles/tsg-env-mcn3/files/tsg-env_stop +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/bash -# -echo 0 >/sys/class/net/ens8/device/sriov_numvfs -ifconfig ens8.100 down -vconfig rem ens8.100 -ifconfig ens8 down diff --git a/roles/tsg-env-mcn3/tasks/main.yml b/roles/tsg-env-mcn3/tasks/main.yml deleted file mode 100644 index aeeca23..0000000 --- a/roles/tsg-env-mcn3/tasks/main.yml +++ /dev/null @@ -1,30 +0,0 @@ ---- -- name: "copy setup script" - copy: - src: "{{ role_path }}/files/setup" - dest: "/opt/tsg/env/" - mode: 0755 - -- name: "copy switch_control_client_non_block" - copy: - src: "{{ role_path }}/files/switch_control_client_non_block" - dest: "/opt/tsg/env/" - mode: 0755 - -- name: "copy tsg-env.service" - copy: - src: "{{ role_path }}/files/tsg-env.service" - dest: "/usr/lib/systemd/system/" - mode: 0644 - -- name: "copy tsg-env_stop" - copy: - src: "{{ role_path }}/files/tsg-env_stop" - dest: "/opt/tsg/env/" - mode: 0755 - -- name: "enable tsg-env" - systemd: - name: tsg-env - enabled: yes - daemon_reload: yes diff --git a/roles/tsg-env-mxn/files/setup b/roles/tsg-env-mxn/files/setup deleted file mode 100644 index 12603cb..0000000 --- a/roles/tsg-env-mxn/files/setup +++ /dev/null @@ -1,17 +0,0 @@ -#!/bin/bash - -/usr/local/bin/open_intf.inst -vconfig add ens1 100 -vconfig set_flag ens1.100 1 1 -ifconfig ens1.100 192.168.100.5 netmask 255.255.255.0 up - -vconfig add ens1 200 -vconfig set_flag ens1.200 1 1 -ifconfig ens1.200 192.168.200.5 netmask 255.255.255.0 up - -echo 1 > /proc/sys/net/ipv6/conf/default/disable_ipv6 - -/usr/local/testpoint/testpoint.sh start full & - -echo 1 > /proc/sys/net/ipv6/conf/all/disable_ipv6 -echo 1 > /proc/sys/net/ipv6/conf/default/disable_ipv6 diff --git a/roles/tsg-env-mxn/files/stop b/roles/tsg-env-mxn/files/stop deleted file mode 100644 index 04ff992..0000000 --- a/roles/tsg-env-mxn/files/stop +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/sh -echo 0 > /sys/class/net/ens1/device/sriov_numvfs -ifconfig ens1.100 down -vconfig rem ens1.100 -ifconfig ens1 down \ No newline at end of file diff --git a/roles/tsg-env-mxn/files/tsg-env.service b/roles/tsg-env-mxn/files/tsg-env.service deleted file mode 100644 index fc655b3..0000000 --- a/roles/tsg-env-mxn/files/tsg-env.service +++ /dev/null @@ -1,13 +0,0 @@ -[Unit] -Description=tsg sled-mxn env init -Requires=network.target -After=network.target - -[Service] -ExecStart=/opt/tsg/env/setup -ExecStop=/opt/tsg/env/stop -Type=oneshot -RemainAfterExit=yes - -[Install] -WantedBy=multi-user.target diff --git a/roles/tsg-env-mxn/tasks/main.yml b/roles/tsg-env-mxn/tasks/main.yml deleted file mode 100644 index 15760a2..0000000 --- a/roles/tsg-env-mxn/tasks/main.yml +++ /dev/null @@ -1,32 +0,0 @@ ---- -- name: "copy setup script" - copy: - src: "{{ role_path }}/files/setup" - dest: "/opt/tsg/env/" - mode: 0755 - -- name: "copy stop script" - copy: - src: "{{ role_path }}/files/stop" - dest: "/opt/tsg/env/" - mode: 0755 - -- name: "copy tsg-env.service" - copy: - src: "{{ role_path }}/files/tsg-env.service" - dest: "/usr/lib/systemd/system/" - mode: 0644 - -- name: "enable tsg-env" - systemd: - name: tsg-env - enabled: yes - daemon_reload: yes - -- name: "Template PM1.13_vlan_mac_flipping_saved_startup" - template: - src: "{{ role_path }}/templates/PM1.13_vlan_mac_flipping_saved_startup" - dest: /usr/local/testpoint/perl/Config/libertyTrail/saved_startup - when: tsg_access_type == 2 - - diff --git a/roles/tsg-env-mxn/templates/PM1.13_inline_access_saved_startup b/roles/tsg-env-mxn/templates/PM1.13_inline_access_saved_startup deleted file mode 100755 index c143a6e..0000000 --- a/roles/tsg-env-mxn/templates/PM1.13_inline_access_saved_startup +++ /dev/null @@ -1,148 +0,0 @@ -# TestPoint History -load ./Config/libertyTrail/testpoint_startup - -add vlan port 1 0 - -create vlan 100 -add vlan port 100 0,11,37,39,41,43 -set port config 11 pvid 100 -set port config 11 mask 0,37,39,41,43 -set port config 0,11,39,37,41,43 learning on - -create vlan 200 -add vlan port 200 0,37,39,9,10,41,43 -set port config 0 mask 9..44 -set port config 37 mask 0..36,38..44 -set port config 39 mask 0..38,40..44 -set port config 41 mask 0..40,42..44 -set port config 43 mask 0..44 -set port config 0,39,37,41,43 learning on - -create vlan 1000 -add vlan port 1000 43 -create vlan 1001 -add vlan port 1001 43 - -create lag -add lag 9261 9,10 -add vlan port 200 9261 -set port config 9261 pvid 200 -set port config 9261 parser_cfg L4 -set port config 9261 learning on -set port config 9261 mask 0,11..44 - -create vlan all -create lag -add vlan port all 43 -add lag 9293 1,2,3,4 -add vlan port all 9293 -set port config 9293 parser_cfg L4 -set port config 9293 learning on -set port config 9293 mask 0,5..44 -set vlan tagging all 1,2,3,4 tag -set vlan tagging 1 1,2,3,4 untag - -create lag -add lag 9325 5,6,7,8 -add vlan port all 9325 -set port config 9325 parser_cfg L4 -set port config 9325 learning on -set port config 9325 mask 0..4,9..44 -set vlan tagging all 5,6,7,8 tag -set vlan tagging 1 5,6,7,8 untag - -set port 37,39,41,43 powerdown -set port 37,39,41,43 up -set port 1..36 up - -set port config 11 parser_cfg L4 -set port config 37..44 parser_cfg L4 - -set port config 11..36 max_frame_size 15360 -set switch reserved_mac all switch - -set switch config hashing l234 use_smac on -set switch config hashing l234 use_dmac on -set switch config hashing l234 use_l34 on -set switch config hashing l34 use_dip on -set switch config hashing l34 use_sip on -set switch config hashing l234 symmetric on -set switch config hashing l34 symmetric on - - -set port config 9261,9293,9325 max_frame_size 15360 -create acl 1 - -create acl-rule 1 61 -add acl-rule condition 1 61 src-glort 0x5803 -add acl-rule condition 1 61 vlan 1000 -add acl-rule action 1 61 redirect 7220 -add acl-rule action 1 61 vlan 1 - -create acl-rule 1 62 -add acl-rule condition 1 62 src-glort 0x5803 -add acl-rule condition 1 62 vlan 1001 -add acl-rule action 1 62 redirect 7213 -add acl-rule action 1 62 vlan 1 - -create acl-rule 1 100 -add acl-rule condition 1 100 src-glort 0x5803 -add acl-rule action 1 100 redirect 9293 - -create acl-rule 1 101 -add acl-rule condition 1 101 src-port 1 -add acl-rule action 1 101 redirect 7216 -create acl-rule 1 102 -add acl-rule condition 1 102 src-port 2 -add acl-rule action 1 102 redirect 7216 -create acl-rule 1 103 -add acl-rule condition 1 103 src-port 3 -add acl-rule action 1 103 redirect 7216 -create acl-rule 1 104 -add acl-rule condition 1 104 src-port 4 -add acl-rule action 1 104 redirect 7216 - -create acl-rule 1 200 -add acl-rule condition 1 200 src-glort 0x5804 -add acl-rule action 1 200 redirect 6189 -create acl-rule 1 201 -add acl-rule condition 1 201 src-glort 0x5805 -add acl-rule action 1 201 redirect 5165 -create acl-rule 1 202 -add acl-rule condition 1 202 src-glort 0x5806 -add acl-rule action 1 202 redirect 4141 -create acl-rule 1 203 -add acl-rule condition 1 203 src-glort 0x5000 -add acl-rule action 1 203 redirect 7217 -create acl-rule 1 204 -add acl-rule condition 1 204 src-glort 0x4800 -add acl-rule action 1 204 redirect 7218 -create acl-rule 1 205 -add acl-rule condition 1 205 src-glort 0x4000 -add acl-rule action 1 205 redirect 7219 - -create acl-rule 1 301 -add acl-rule condition 1 301 src-glort 0x5807 -add acl-rule action 1 301 redirect 7216 -add acl-rule action 1 301 vlan 1000 - -create acl-rule 1 302 -add acl-rule condition 1 302 src-glort 0x5800 -add acl-rule action 1 302 redirect 7216 -add acl-rule action 1 302 vlan 1001 - -create acl-rule 1 401 -add acl-rule condition 1 401 src-glort 0x5001 -add acl-rule action 1 401 redirect 9325 -create acl-rule 1 402 -add acl-rule condition 1 402 src-glort 0x4801 -add acl-rule action 1 402 redirect 9325 -create acl-rule 1 403 -add acl-rule condition 1 403 src-glort 0x4001 -add acl-rule action 1 403 redirect 9325 -create acl-rule 1 404 -add acl-rule condition 1 404 src-glort 0x5801 -add acl-rule action 1 404 redirect 9325 - -apply acl -remote listen diff --git a/roles/tsg-env-mxn/templates/PM1.13_vlan_mac_flipping_saved_startup b/roles/tsg-env-mxn/templates/PM1.13_vlan_mac_flipping_saved_startup deleted file mode 100644 index 18e5429..0000000 --- a/roles/tsg-env-mxn/templates/PM1.13_vlan_mac_flipping_saved_startup +++ /dev/null @@ -1,347 +0,0 @@ -# TestPoint History -load ./Config/libertyTrail/testpoint_startup - -add vlan port 1 0 - -create vlan 100 -add vlan port 100 0,11,37,39,41,43 -set port config 11 pvid 100 -set port config 11 mask 0,37,39,41,43 -set port config 0,11,39,37,41,43 learning on - -create vlan 200 -add vlan port 200 0,37,39,9,10,41,43 -set port config 0 mask 9..44 -set port config 37 mask 0..36,38..44 -set port config 39 mask 0..38,40..44 -set port config 41 mask 0..40,42..44 -set port config 43 mask 0..44 -set port config 0,39,37,41,43 learning on - -create vlan 4000 -add vlan port 4000 43 -create vlan 4001 -add vlan port 4001 43 - -create lag -add lag 9261 9,10 -add vlan port 200 9261 -set port config 9261 pvid 200 -set port config 9261 parser_cfg L4 -set port config 9261 learning on -set port config 9261 mask 0,11..44 - -create vlan all -create lag -add vlan port all 43 -add lag 9293 1,2,3,4 -add vlan port all 9293 -set port config 9293 parser_cfg L4 -set port config 9293 learning on -set port config 9293 mask 0,5..44 -set vlan tagging all 1,2,3,4 tag -set vlan tagging 1 1,2,3,4 untag - -create lag -add lag 9325 5,6,7,8 -add vlan port all 9325 -set port config 9325 parser_cfg L4 -set port config 9325 learning on -set port config 9325 mask 0..4,9..44 -set vlan tagging all 5,6,7,8 tag -set vlan tagging 1 5,6,7,8 untag - -set port 37,39,41,43 powerdown -set port 37,39,41,43 up -set port 1..36 up - -set port config 11 parser_cfg L4 -set port config 37..44 parser_cfg L4 - -set port config 11..36 max_frame_size 15360 -set switch reserved_mac all switch - -set switch config hashing l234 use_smac on -set switch config hashing l234 use_dmac on -set switch config hashing l234 use_l34 on -set switch config hashing l34 use_dip on -set switch config hashing l34 use_sip on -set switch config hashing l234 symmetric on -set switch config hashing l34 symmetric on - - -set port config 9261,9293,9325 max_frame_size 15360 -create acl 1 - -# Redirect all ARP request to ens1f2 -create acl-rule 1 40 -add acl-rule condition 1 40 src-port 1 -add acl-rule condition 1 40 ethtype 0x0806 -add acl-rule action 1 40 redirect 7214 - -create acl-rule 1 41 -add acl-rule condition 1 41 src-port 2 -add acl-rule condition 1 41 ethtype 0x0806 -add acl-rule action 1 41 redirect 7214 - -create acl-rule 1 42 -add acl-rule condition 1 42 src-port 3 -add acl-rule condition 1 42 ethtype 0x0806 -add acl-rule action 1 42 redirect 7214 - -create acl-rule 1 43 -add acl-rule condition 1 43 src-port 4 -add acl-rule condition 1 43 ethtype 0x0806 -add acl-rule action 1 43 redirect 7214 - -# Redirect all ICMPv4 to ens1f2 -- 10.0.0.0/8 -create acl-rule 1 44 -add acl-rule condition 1 44 src-port 1 -add acl-rule condition 1 44 protocol 0x1/0xff -add acl-rule condition 1 44 sip 10.0.0.0/8 -add acl-rule condition 1 44 dip 10.0.0.0/8 -add acl-rule action 1 44 redirect 7214 - -create acl-rule 1 45 -add acl-rule condition 1 45 src-port 2 -add acl-rule condition 1 45 protocol 0x1/0xff3 -add acl-rule condition 1 45 sip 10.0.0.0/8 -add acl-rule condition 1 45 dip 10.0.0.0/8 -add acl-rule action 1 45 redirect 7214 - -create acl-rule 1 46 -add acl-rule condition 1 46 src-port 3 -add acl-rule condition 1 46 protocol 0x1/0xff -add acl-rule condition 1 46 sip 10.0.0.0/8 -add acl-rule condition 1 46 dip 10.0.0.0/8 -add acl-rule action 1 46 redirect 7214 - -create acl-rule 1 47 -add acl-rule condition 1 47 src-port 4 -add acl-rule condition 1 47 protocol 0x1/0xff -add acl-rule condition 1 47 sip 10.0.0.0/8 -add acl-rule condition 1 47 dip 10.0.0.0/8 -add acl-rule action 1 47 redirect 7214 - -# Redirect all ICMPv4 to ens1f2 -- 192.168.0.0/16 -create acl-rule 1 48 -add acl-rule condition 1 48 src-port 1 -add acl-rule condition 1 48 protocol 0x1/0xff -add acl-rule condition 1 48 sip 192.168.0.0/16 -add acl-rule condition 1 48 dip 192.168.0.0/16 -add acl-rule action 1 48 redirect 7214 - -create acl-rule 1 49 -add acl-rule condition 1 49 src-port 2 -add acl-rule condition 1 49 protocol 0x1/0xff3 -add acl-rule condition 1 49 sip 192.168.0.0/16 -add acl-rule condition 1 49 dip 192.168.0.0/16 -add acl-rule action 1 49 redirect 7214 - -create acl-rule 1 50 -add acl-rule condition 1 50 src-port 3 -add acl-rule condition 1 50 protocol 0x1/0xff -add acl-rule condition 1 50 sip 192.168.0.0/16 -add acl-rule condition 1 50 dip 192.168.0.0/16 -add acl-rule action 1 50 redirect 7214 - -create acl-rule 1 51 -add acl-rule condition 1 51 src-port 4 -add acl-rule condition 1 51 protocol 0x1/0xff -add acl-rule condition 1 51 sip 192.168.0.0/16 -add acl-rule condition 1 51 dip 192.168.0.0/16 -add acl-rule action 1 51 redirect 7214 - -# Redirect all TCP with port 51218, for health check - 192.168.0.0/24 -create acl-rule 1 60 -add acl-rule condition 1 60 src-port 1 -add acl-rule condition 1 60 protocol 0x6/0xff -add acl-rule condition 1 60 sip 192.168.0.0/16 -add acl-rule condition 1 60 dip 192.168.0.0/16 -add acl-rule condition 1 60 l4-dst-port 51218/0xffff -add acl-rule action 1 60 redirect 7214 - -create acl-rule 1 61 -add acl-rule condition 1 61 src-port 2 -add acl-rule condition 1 61 protocol 0x6/0xff -add acl-rule condition 1 61 sip 192.168.0.0/16 -add acl-rule condition 1 61 dip 192.168.0.0/16 -add acl-rule condition 1 61 l4-dst-port 51218/0xffff -add acl-rule action 1 61 redirect 7214 - -create acl-rule 1 62 -add acl-rule condition 1 62 src-port 3 -add acl-rule condition 1 62 protocol 0x6/0xff -add acl-rule condition 1 62 sip 192.168.0.0/16 -add acl-rule condition 1 62 dip 192.168.0.0/16 -add acl-rule condition 1 62 l4-dst-port 51218/0xffff -add acl-rule action 1 62 redirect 7214 - -create acl-rule 1 63 -add acl-rule condition 1 63 src-port 4 -add acl-rule condition 1 63 protocol 0x6/0xff -add acl-rule condition 1 63 sip 192.168.0.0/16 -add acl-rule condition 1 63 dip 192.168.0.0/16 -add acl-rule condition 1 63 l4-dst-port 51218/0xffff -add acl-rule action 1 63 redirect 7214 - -# Redirect all TCP with port 51218, for health check - 10.0.0.0/8 -create acl-rule 1 64 -add acl-rule condition 1 64 src-port 1 -add acl-rule condition 1 64 protocol 0x6/0xff -add acl-rule condition 1 64 sip 10.0.0.0/8 -add acl-rule condition 1 64 dip 10.0.0.0/8 -add acl-rule condition 1 64 l4-dst-port 51218/0xffff -add acl-rule action 1 64 redirect 7214 - -create acl-rule 1 65 -add acl-rule condition 1 65 src-port 2 -add acl-rule condition 1 65 protocol 0x6/0xff -add acl-rule condition 1 65 sip 10.0.0.0/8 -add acl-rule condition 1 65 dip 10.0.0.0/8 -add acl-rule condition 1 65 l4-dst-port 51218/0xffff -add acl-rule action 1 65 redirect 7214 - -create acl-rule 1 66 -add acl-rule condition 1 66 src-port 3 -add acl-rule condition 1 66 protocol 0x6/0xff -add acl-rule condition 1 66 sip 10.0.0.0/8 -add acl-rule condition 1 66 dip 10.0.0.0/8 -add acl-rule condition 1 66 l4-dst-port 51218/0xffff -add acl-rule action 1 66 redirect 7214 - -create acl-rule 1 67 -add acl-rule condition 1 67 src-port 4 -add acl-rule condition 1 67 protocol 0x6/0xff -add acl-rule condition 1 67 sip 10.0.0.0/8 -add acl-rule condition 1 67 dip 10.0.0.0/8 -add acl-rule condition 1 67 l4-dst-port 51218/0xffff -add acl-rule action 1 67 redirect 7214 - -# Redirect all ICMPv6 link-scope packets -create acl-rule 1 70 -add acl-rule condition 1 70 src-port 1 -add acl-rule condition 1 70 frame-type ipv6 -add acl-rule condition 1 70 ttl 255 -add acl-rule action 1 70 redirect 7214 - -create acl-rule 1 71 -add acl-rule condition 1 71 src-port 2 -add acl-rule condition 1 71 frame-type ipv6 -add acl-rule condition 1 71 ttl 255 -add acl-rule action 1 71 redirect 7214 - -create acl-rule 1 72 -add acl-rule condition 1 72 src-port 3 -add acl-rule condition 1 72 frame-type ipv6 -add acl-rule condition 1 72 ttl 255 -add acl-rule action 1 72 redirect 7214 - -create acl-rule 1 73 -add acl-rule condition 1 73 src-port 4 -add acl-rule condition 1 73 frame-type ipv6 -add acl-rule condition 1 73 ttl 255 -add acl-rule action 1 73 redirect 7214 - -create acl-rule 1 74 -add acl-rule condition 1 74 src-port 1 -add acl-rule condition 1 74 frame-type ipv6 -add acl-rule condition 1 74 sip fc00::/7 -add acl-rule condition 1 74 dip fc00::/7 -add acl-rule action 1 74 redirect 7214 - -create acl-rule 1 75 -add acl-rule condition 1 75 src-port 2 -add acl-rule condition 1 75 frame-type ipv6 -add acl-rule condition 1 75 sip fc00::/7 -add acl-rule condition 1 75 dip fc00::/7 -add acl-rule action 1 75 redirect 7214 - -create acl-rule 1 76 -add acl-rule condition 1 76 src-port 3 -add acl-rule condition 1 76 frame-type ipv6 -add acl-rule condition 1 76 sip fc00::/7 -add acl-rule condition 1 76 dip fc00::/7 -add acl-rule action 1 76 redirect 7214 - -create acl-rule 1 77 -add acl-rule condition 1 77 src-port 4 -add acl-rule condition 1 77 frame-type ipv6 -add acl-rule condition 1 77 sip fc00::/7 -add acl-rule condition 1 77 dip fc00::/7 -add acl-rule action 1 77 redirect 7214 - -create acl-rule 1 80 -add acl-rule condition 1 80 src-glort 0x5801 -add acl-rule action 1 80 redirect 9293 - -create acl-rule 1 90 -add acl-rule condition 1 90 src-glort 0x5803 -add acl-rule condition 1 90 vlan 4000 -add acl-rule action 1 90 redirect 7220 -add acl-rule action 1 90 vlan 1 - -create acl-rule 1 91 -add acl-rule condition 1 91 src-glort 0x5803 -add acl-rule condition 1 91 vlan 4001 -add acl-rule action 1 91 redirect 7213 -add acl-rule action 1 91 vlan 1 - -create acl-rule 1 100 -add acl-rule condition 1 100 src-glort 0x5803 -add acl-rule action 1 100 redirect 9293 - -create acl-rule 1 101 -add acl-rule condition 1 101 src-port 1 -add acl-rule action 1 101 redirect 7216 -create acl-rule 1 102 -add acl-rule condition 1 102 src-port 2 -add acl-rule action 1 102 redirect 7216 -create acl-rule 1 103 -add acl-rule condition 1 103 src-port 3 -add acl-rule action 1 103 redirect 7216 -create acl-rule 1 104 -add acl-rule condition 1 104 src-port 4 -add acl-rule action 1 104 redirect 7216 - -create acl-rule 1 200 -add acl-rule condition 1 200 src-glort 0x5804 -add acl-rule action 1 200 redirect 6189 -create acl-rule 1 201 -add acl-rule condition 1 201 src-glort 0x5805 -add acl-rule action 1 201 redirect 5165 -create acl-rule 1 202 -add acl-rule condition 1 202 src-glort 0x5806 -add acl-rule action 1 202 redirect 4141 -create acl-rule 1 203 -add acl-rule condition 1 203 src-glort 0x5000 -add acl-rule action 1 203 redirect 7217 -create acl-rule 1 204 -add acl-rule condition 1 204 src-glort 0x4800 -add acl-rule action 1 204 redirect 7218 -create acl-rule 1 205 -add acl-rule condition 1 205 src-glort 0x4000 -add acl-rule action 1 205 redirect 7219 - -create acl-rule 1 301 -add acl-rule condition 1 301 src-glort 0x5807 -add acl-rule action 1 301 redirect 7216 -add acl-rule action 1 301 vlan 4000 - -create acl-rule 1 302 -add acl-rule condition 1 302 src-glort 0x5800 -add acl-rule action 1 302 redirect 7216 -add acl-rule action 1 302 vlan 4001 - -create acl-rule 1 401 -add acl-rule condition 1 401 src-glort 0x5001 -add acl-rule action 1 401 redirect 9325 -create acl-rule 1 402 -add acl-rule condition 1 402 src-glort 0x4801 -add acl-rule action 1 402 redirect 9325 -create acl-rule 1 403 -add acl-rule condition 1 403 src-glort 0x4001 -add acl-rule action 1 403 redirect 9325 - -apply acl -remote listen diff --git a/roles/tsg-env-patch/files/replace_switch_non_block_with_nc_v2.patch b/roles/tsg-env-patch/files/replace_switch_non_block_with_nc_v2.patch deleted file mode 100644 index a149c6d..0000000 --- a/roles/tsg-env-patch/files/replace_switch_non_block_with_nc_v2.patch +++ /dev/null @@ -1,8 +0,0 @@ -99c99 -< ${CURRENT_PATH}/${REMOTE_CONTROL_BIN} -s ${TP_SVR} -n ${TP_PORT} -c "show version" ---- -> echo "show version" | nc ${TP_SVR} ${TP_PORT} -136c136 -< MAC_TABLE=`${CURRENT_PATH}/${REMOTE_CONTROL_BIN} -s ${TP_SVR} -n ${TP_PORT} -c "show mac table all"` ---- -> MAC_TABLE=$(echo "show mac table all" | nc ${TP_SVR} ${TP_PORT}) diff --git a/roles/tsg-env-patch/tasks/main.yml b/roles/tsg-env-patch/tasks/main.yml deleted file mode 100644 index cc4f163..0000000 --- a/roles/tsg-env-patch/tasks/main.yml +++ /dev/null @@ -1,5 +0,0 @@ -- name: "patch setup scripts in tsg-env" - patch: - src: "{{ role_path }}/files/replace_switch_non_block_with_nc_v2.patch" - dest: /opt/tsg/env/setup - backup: true diff --git a/roles/tsg-env-patch/templates/maat-redis.conf.j2 b/roles/tsg-env-patch/templates/maat-redis.conf.j2 deleted file mode 100644 index 960ba10..0000000 --- a/roles/tsg-env-patch/templates/maat-redis.conf.j2 +++ /dev/null @@ -1,1317 +0,0 @@ -# Redis configuration file example. -# -# Note that in order to read the configuration file, Redis must be -# started with the file path as first argument: -# -# ./redis-server /path/to/redis.conf - -# Note on units: when memory size is needed, it is possible to specify -# it in the usual form of 1k 5GB 4M and so forth: -# -# 1k => 1000 bytes -# 1kb => 1024 bytes -# 1m => 1000000 bytes -# 1mb => 1024*1024 bytes -# 1g => 1000000000 bytes -# 1gb => 1024*1024*1024 bytes -# -# units are case insensitive so 1GB 1Gb 1gB are all the same. - -################################## INCLUDES ################################### - -# Include one or more other config files here. This is useful if you -# have a standard template that goes to all Redis servers but also need -# to customize a few per-server settings. Include files can include -# other files, so use this wisely. -# -# Notice option "include" won't be rewritten by command "CONFIG REWRITE" -# from admin or Redis Sentinel. Since Redis always uses the last processed -# line as value of a configuration directive, you'd better put includes -# at the beginning of this file to avoid overwriting config change at runtime. -# -# If instead you are interested in using includes to override configuration -# options, it is better to use include as the last line. -# -# include /path/to/local.conf -# include /path/to/other.conf - -################################## MODULES ##################################### - -# Load modules at startup. If the server is not able to load modules -# it will abort. It is possible to use multiple loadmodule directives. -# -# loadmodule /path/to/my_module.so -# loadmodule /path/to/other_module.so - -################################## NETWORK ##################################### - -# By default, if no "bind" configuration directive is specified, Redis listens -# for connections from all the network interfaces available on the server. -# It is possible to listen to just one or multiple selected interfaces using -# the "bind" configuration directive, followed by one or more IP addresses. -# -# Examples: -# -# bind 192.168.1.100 10.0.0.1 -# bind 127.0.0.1 ::1 -# -# ~~~ WARNING ~~~ If the computer running Redis is directly exposed to the -# internet, binding to all the interfaces is dangerous and will expose the -# instance to everybody on the internet. So by default we uncomment the -# following bind directive, that will force Redis to listen only into -# the IPv4 lookback interface address (this means Redis will be able to -# accept connections only from clients running into the same computer it -# is running). -# -# IF YOU ARE SURE YOU WANT YOUR INSTANCE TO LISTEN TO ALL THE INTERFACES -# JUST COMMENT THE FOLLOWING LINE. -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -#bind 127.0.0.1 - -# Protected mode is a layer of security protection, in order to avoid that -# Redis instances left open on the internet are accessed and exploited. -# -# When protected mode is on and if: -# -# 1) The server is not binding explicitly to a set of addresses using the -# "bind" directive. -# 2) No password is configured. -# -# The server only accepts connections from clients connecting from the -# IPv4 and IPv6 loopback addresses 127.0.0.1 and ::1, and from Unix domain -# sockets. -# -# By default protected mode is enabled. You should disable it only if -# you are sure you want clients from other hosts to connect to Redis -# even if no authentication is configured, nor a specific set of interfaces -# are explicitly listed using the "bind" directive. -protected-mode no - -# Accept connections on the specified port, default is 6379 (IANA #815344). -# If port 0 is specified Redis will not listen on a TCP socket. -port {{ maat_redis_city_server.port }} - -# TCP listen() backlog. -# -# In high requests-per-second environments you need an high backlog in order -# to avoid slow clients connections issues. Note that the Linux kernel -# will silently truncate it to the value of /proc/sys/net/core/somaxconn so -# make sure to raise both the value of somaxconn and tcp_max_syn_backlog -# in order to get the desired effect. -tcp-backlog 511 - -# Unix socket. -# -# Specify the path for the Unix socket that will be used to listen for -# incoming connections. There is no default, so Redis will not listen -# on a unix socket when not specified. -# -# unixsocket /tmp/redis.sock -# unixsocketperm 700 - -# Close the connection after a client is idle for N seconds (0 to disable) -timeout 0 - -# TCP keepalive. -# -# If non-zero, use SO_KEEPALIVE to send TCP ACKs to clients in absence -# of communication. This is useful for two reasons: -# -# 1) Detect dead peers. -# 2) Take the connection alive from the point of view of network -# equipment in the middle. -# -# On Linux, the specified value (in seconds) is the period used to send ACKs. -# Note that to close the connection the double of the time is needed. -# On other kernels the period depends on the kernel configuration. -# -# A reasonable value for this option is 300 seconds, which is the new -# Redis default starting with Redis 3.2.1. -tcp-keepalive 300 - -################################# GENERAL ##################################### - -# By default Redis does not run as a daemon. Use 'yes' if you need it. -# Note that Redis will write a pid file in /var/run/redis.pid when daemonized. -daemonize no - -# If you run Redis from upstart or systemd, Redis can interact with your -# supervision tree. Options: -# supervised no - no supervision interaction -# supervised upstart - signal upstart by putting Redis into SIGSTOP mode -# supervised systemd - signal systemd by writing READY=1 to $NOTIFY_SOCKET -# supervised auto - detect upstart or systemd method based on -# UPSTART_JOB or NOTIFY_SOCKET environment variables -# Note: these supervision methods only signal "process is ready." -# They do not enable continuous liveness pings back to your supervisor. -supervised no - -# If a pid file is specified, Redis writes it where specified at startup -# and removes it at exit. -# -# When the server runs non daemonized, no pid file is created if none is -# specified in the configuration. When the server is daemonized, the pid file -# is used even if not specified, defaulting to "/var/run/redis.pid". -# -# Creating a pid file is best effort: if Redis is not able to create it -# nothing bad happens, the server will start and run normally. -pidfile /var/run/redis_{{ maat_redis_city_server.port }}.pid - -# Specify the server verbosity level. -# This can be one of: -# debug (a lot of information, useful for development/testing) -# verbose (many rarely useful info, but not a mess like the debug level) -# notice (moderately verbose, what you want in production probably) -# warning (only very important / critical messages are logged) -loglevel notice - -# Specify the log file name. Also the empty string can be used to force -# Redis to log on the standard output. Note that if you use standard -# output for logging but daemonize, logs will be sent to /dev/null -logfile /var/log/redis/redis.log - -# To enable logging to the system logger, just set 'syslog-enabled' to yes, -# and optionally update the other syslog parameters to suit your needs. -# syslog-enabled no - -# Specify the syslog identity. -# syslog-ident redis - -# Specify the syslog facility. Must be USER or between LOCAL0-LOCAL7. -# syslog-facility local0 - -# Set the number of databases. The default database is DB 0, you can select -# a different one on a per-connection basis using SELECT where -# dbid is a number between 0 and 'databases'-1 -databases 16 - -# By default Redis shows an ASCII art logo only when started to log to the -# standard output and if the standard output is a TTY. Basically this means -# that normally a logo is displayed only in interactive sessions. -# -# However it is possible to force the pre-4.0 behavior and always show a -# ASCII art logo in startup logs by setting the following option to yes. -always-show-logo yes - -################################ SNAPSHOTTING ################################ -# -# Save the DB on disk: -# -# save -# -# Will save the DB if both the given number of seconds and the given -# number of write operations against the DB occurred. -# -# In the example below the behaviour will be to save: -# after 900 sec (15 min) if at least 1 key changed -# after 300 sec (5 min) if at least 10 keys changed -# after 60 sec if at least 10000 keys changed -# -# Note: you can disable saving completely by commenting out all "save" lines. -# -# It is also possible to remove all the previously configured save -# points by adding a save directive with a single empty string argument -# like in the following example: -# -# save "" - -save 900 1 -save 300 10 -save 60 10000 - -# By default Redis will stop accepting writes if RDB snapshots are enabled -# (at least one save point) and the latest background save failed. -# This will make the user aware (in a hard way) that data is not persisting -# on disk properly, otherwise chances are that no one will notice and some -# disaster will happen. -# -# If the background saving process will start working again Redis will -# automatically allow writes again. -# -# However if you have setup your proper monitoring of the Redis server -# and persistence, you may want to disable this feature so that Redis will -# continue to work as usual even if there are problems with disk, -# permissions, and so forth. -stop-writes-on-bgsave-error yes - -# Compress string objects using LZF when dump .rdb databases? -# For default that's set to 'yes' as it's almost always a win. -# If you want to save some CPU in the saving child set it to 'no' but -# the dataset will likely be bigger if you have compressible values or keys. -rdbcompression yes - -# Since version 5 of RDB a CRC64 checksum is placed at the end of the file. -# This makes the format more resistant to corruption but there is a performance -# hit to pay (around 10%) when saving and loading RDB files, so you can disable it -# for maximum performances. -# -# RDB files created with checksum disabled have a checksum of zero that will -# tell the loading code to skip the check. -rdbchecksum yes - -# The filename where to dump the DB -dbfilename dump.rdb - -# The working directory. -# -# The DB will be written inside this directory, with the filename specified -# above using the 'dbfilename' configuration directive. -# -# The Append Only File will also be created inside this directory. -# -# Note that you must specify a directory here, not a file name. -dir /var/lib/redis - -################################# REPLICATION ################################# - -# Master-Slave replication. Use slaveof to make a Redis instance a copy of -# another Redis server. A few things to understand ASAP about Redis replication. -# -# 1) Redis replication is asynchronous, but you can configure a master to -# stop accepting writes if it appears to be not connected with at least -# a given number of slaves. -# 2) Redis slaves are able to perform a partial resynchronization with the -# master if the replication link is lost for a relatively small amount of -# time. You may want to configure the replication backlog size (see the next -# sections of this file) with a sensible value depending on your needs. -# 3) Replication is automatic and does not need user intervention. After a -# network partition slaves automatically try to reconnect to masters -# and resynchronize with them. -# - slaveof {{ maat_redis_city_server.address }} {{ maat_redis_city_server.port }} - -# If the master is password protected (using the "requirepass" configuration -# directive below) it is possible to tell the slave to authenticate before -# starting the replication synchronization process, otherwise the master will -# refuse the slave request. -# -# masterauth - -# When a slave loses its connection with the master, or when the replication -# is still in progress, the slave can act in two different ways: -# -# 1) if slave-serve-stale-data is set to 'yes' (the default) the slave will -# still reply to client requests, possibly with out of date data, or the -# data set may just be empty if this is the first synchronization. -# -# 2) if slave-serve-stale-data is set to 'no' the slave will reply with -# an error "SYNC with master in progress" to all the kind of commands -# but to INFO and SLAVEOF. -# -slave-serve-stale-data yes - -# You can configure a slave instance to accept writes or not. Writing against -# a slave instance may be useful to store some ephemeral data (because data -# written on a slave will be easily deleted after resync with the master) but -# may also cause problems if clients are writing to it because of a -# misconfiguration. -# -# Since Redis 2.6 by default slaves are read-only. -# -# Note: read only slaves are not designed to be exposed to untrusted clients -# on the internet. It's just a protection layer against misuse of the instance. -# Still a read only slave exports by default all the administrative commands -# such as CONFIG, DEBUG, and so forth. To a limited extent you can improve -# security of read only slaves using 'rename-command' to shadow all the -# administrative / dangerous commands. -slave-read-only yes - -# Replication SYNC strategy: disk or socket. -# -# ------------------------------------------------------- -# WARNING: DISKLESS REPLICATION IS EXPERIMENTAL CURRENTLY -# ------------------------------------------------------- -# -# New slaves and reconnecting slaves that are not able to continue the replication -# process just receiving differences, need to do what is called a "full -# synchronization". An RDB file is transmitted from the master to the slaves. -# The transmission can happen in two different ways: -# -# 1) Disk-backed: The Redis master creates a new process that writes the RDB -# file on disk. Later the file is transferred by the parent -# process to the slaves incrementally. -# 2) Diskless: The Redis master creates a new process that directly writes the -# RDB file to slave sockets, without touching the disk at all. -# -# With disk-backed replication, while the RDB file is generated, more slaves -# can be queued and served with the RDB file as soon as the current child producing -# the RDB file finishes its work. With diskless replication instead once -# the transfer starts, new slaves arriving will be queued and a new transfer -# will start when the current one terminates. -# -# When diskless replication is used, the master waits a configurable amount of -# time (in seconds) before starting the transfer in the hope that multiple slaves -# will arrive and the transfer can be parallelized. -# -# With slow disks and fast (large bandwidth) networks, diskless replication -# works better. -repl-diskless-sync no - -# When diskless replication is enabled, it is possible to configure the delay -# the server waits in order to spawn the child that transfers the RDB via socket -# to the slaves. -# -# This is important since once the transfer starts, it is not possible to serve -# new slaves arriving, that will be queued for the next RDB transfer, so the server -# waits a delay in order to let more slaves arrive. -# -# The delay is specified in seconds, and by default is 5 seconds. To disable -# it entirely just set it to 0 seconds and the transfer will start ASAP. -repl-diskless-sync-delay 5 - -# Slaves send PINGs to server in a predefined interval. It's possible to change -# this interval with the repl_ping_slave_period option. The default value is 10 -# seconds. -# -# repl-ping-slave-period 10 - -# The following option sets the replication timeout for: -# -# 1) Bulk transfer I/O during SYNC, from the point of view of slave. -# 2) Master timeout from the point of view of slaves (data, pings). -# 3) Slave timeout from the point of view of masters (REPLCONF ACK pings). -# -# It is important to make sure that this value is greater than the value -# specified for repl-ping-slave-period otherwise a timeout will be detected -# every time there is low traffic between the master and the slave. -# -# repl-timeout 60 - -# Disable TCP_NODELAY on the slave socket after SYNC? -# -# If you select "yes" Redis will use a smaller number of TCP packets and -# less bandwidth to send data to slaves. But this can add a delay for -# the data to appear on the slave side, up to 40 milliseconds with -# Linux kernels using a default configuration. -# -# If you select "no" the delay for data to appear on the slave side will -# be reduced but more bandwidth will be used for replication. -# -# By default we optimize for low latency, but in very high traffic conditions -# or when the master and slaves are many hops away, turning this to "yes" may -# be a good idea. -repl-disable-tcp-nodelay no - -# Set the replication backlog size. The backlog is a buffer that accumulates -# slave data when slaves are disconnected for some time, so that when a slave -# wants to reconnect again, often a full resync is not needed, but a partial -# resync is enough, just passing the portion of data the slave missed while -# disconnected. -# -# The bigger the replication backlog, the longer the time the slave can be -# disconnected and later be able to perform a partial resynchronization. -# -# The backlog is only allocated once there is at least a slave connected. -# -# repl-backlog-size 1mb - -# After a master has no longer connected slaves for some time, the backlog -# will be freed. The following option configures the amount of seconds that -# need to elapse, starting from the time the last slave disconnected, for -# the backlog buffer to be freed. -# -# Note that slaves never free the backlog for timeout, since they may be -# promoted to masters later, and should be able to correctly "partially -# resynchronize" with the slaves: hence they should always accumulate backlog. -# -# A value of 0 means to never release the backlog. -# -# repl-backlog-ttl 3600 - -# The slave priority is an integer number published by Redis in the INFO output. -# It is used by Redis Sentinel in order to select a slave to promote into a -# master if the master is no longer working correctly. -# -# A slave with a low priority number is considered better for promotion, so -# for instance if there are three slaves with priority 10, 100, 25 Sentinel will -# pick the one with priority 10, that is the lowest. -# -# However a special priority of 0 marks the slave as not able to perform the -# role of master, so a slave with priority of 0 will never be selected by -# Redis Sentinel for promotion. -# -# By default the priority is 100. -slave-priority 100 - -# It is possible for a master to stop accepting writes if there are less than -# N slaves connected, having a lag less or equal than M seconds. -# -# The N slaves need to be in "online" state. -# -# The lag in seconds, that must be <= the specified value, is calculated from -# the last ping received from the slave, that is usually sent every second. -# -# This option does not GUARANTEE that N replicas will accept the write, but -# will limit the window of exposure for lost writes in case not enough slaves -# are available, to the specified number of seconds. -# -# For example to require at least 3 slaves with a lag <= 10 seconds use: -# -# min-slaves-to-write 3 -# min-slaves-max-lag 10 -# -# Setting one or the other to 0 disables the feature. -# -# By default min-slaves-to-write is set to 0 (feature disabled) and -# min-slaves-max-lag is set to 10. - -# A Redis master is able to list the address and port of the attached -# slaves in different ways. For example the "INFO replication" section -# offers this information, which is used, among other tools, by -# Redis Sentinel in order to discover slave instances. -# Another place where this info is available is in the output of the -# "ROLE" command of a master. -# -# The listed IP and address normally reported by a slave is obtained -# in the following way: -# -# IP: The address is auto detected by checking the peer address -# of the socket used by the slave to connect with the master. -# -# Port: The port is communicated by the slave during the replication -# handshake, and is normally the port that the slave is using to -# list for connections. -# -# However when port forwarding or Network Address Translation (NAT) is -# used, the slave may be actually reachable via different IP and port -# pairs. The following two options can be used by a slave in order to -# report to its master a specific set of IP and port, so that both INFO -# and ROLE will report those values. -# -# There is no need to use both the options if you need to override just -# the port or the IP address. -# -# slave-announce-ip 5.5.5.5 -# slave-announce-port 1234 - -################################## SECURITY ################################### - -# Require clients to issue AUTH before processing any other -# commands. This might be useful in environments in which you do not trust -# others with access to the host running redis-server. -# -# This should stay commented out for backward compatibility and because most -# people do not need auth (e.g. they run their own servers). -# -# Warning: since Redis is pretty fast an outside user can try up to -# 150k passwords per second against a good box. This means that you should -# use a very strong password otherwise it will be very easy to break. -# -# requirepass foobared - -# Command renaming. -# -# It is possible to change the name of dangerous commands in a shared -# environment. For instance the CONFIG command may be renamed into something -# hard to guess so that it will still be available for internal-use tools -# but not available for general clients. -# -# Example: -# -# rename-command CONFIG b840fc02d524045429941cc15f59e41cb7be6c52 -# -# It is also possible to completely kill a command by renaming it into -# an empty string: -# -# rename-command CONFIG "" -# -# Please note that changing the name of commands that are logged into the -# AOF file or transmitted to slaves may cause problems. - -################################### CLIENTS #################################### - -# Set the max number of connected clients at the same time. By default -# this limit is set to 10000 clients, however if the Redis server is not -# able to configure the process file limit to allow for the specified limit -# the max number of allowed clients is set to the current file limit -# minus 32 (as Redis reserves a few file descriptors for internal uses). -# -# Once the limit is reached Redis will close all the new connections sending -# an error 'max number of clients reached'. -# -# maxclients 10000 - -############################## MEMORY MANAGEMENT ################################ - -# Set a memory usage limit to the specified amount of bytes. -# When the memory limit is reached Redis will try to remove keys -# according to the eviction policy selected (see maxmemory-policy). -# -# If Redis can't remove keys according to the policy, or if the policy is -# set to 'noeviction', Redis will start to reply with errors to commands -# that would use more memory, like SET, LPUSH, and so on, and will continue -# to reply to read-only commands like GET. -# -# This option is usually useful when using Redis as an LRU or LFU cache, or to -# set a hard memory limit for an instance (using the 'noeviction' policy). -# -# WARNING: If you have slaves attached to an instance with maxmemory on, -# the size of the output buffers needed to feed the slaves are subtracted -# from the used memory count, so that network problems / resyncs will -# not trigger a loop where keys are evicted, and in turn the output -# buffer of slaves is full with DELs of keys evicted triggering the deletion -# of more keys, and so forth until the database is completely emptied. -# -# In short... if you have slaves attached it is suggested that you set a lower -# limit for maxmemory so that there is some free RAM on the system for slave -# output buffers (but this is not needed if the policy is 'noeviction'). -# -# maxmemory - -# MAXMEMORY POLICY: how Redis will select what to remove when maxmemory -# is reached. You can select among five behaviors: -# -# volatile-lru -> Evict using approximated LRU among the keys with an expire set. -# allkeys-lru -> Evict any key using approximated LRU. -# volatile-lfu -> Evict using approximated LFU among the keys with an expire set. -# allkeys-lfu -> Evict any key using approximated LFU. -# volatile-random -> Remove a random key among the ones with an expire set. -# allkeys-random -> Remove a random key, any key. -# volatile-ttl -> Remove the key with the nearest expire time (minor TTL) -# noeviction -> Don't evict anything, just return an error on write operations. -# -# LRU means Least Recently Used -# LFU means Least Frequently Used -# -# Both LRU, LFU and volatile-ttl are implemented using approximated -# randomized algorithms. -# -# Note: with any of the above policies, Redis will return an error on write -# operations, when there are no suitable keys for eviction. -# -# At the date of writing these commands are: set setnx setex append -# incr decr rpush lpush rpushx lpushx linsert lset rpoplpush sadd -# sinter sinterstore sunion sunionstore sdiff sdiffstore zadd zincrby -# zunionstore zinterstore hset hsetnx hmset hincrby incrby decrby -# getset mset msetnx exec sort -# -# The default is: -# -# maxmemory-policy noeviction - -# LRU, LFU and minimal TTL algorithms are not precise algorithms but approximated -# algorithms (in order to save memory), so you can tune it for speed or -# accuracy. For default Redis will check five keys and pick the one that was -# used less recently, you can change the sample size using the following -# configuration directive. -# -# The default of 5 produces good enough results. 10 Approximates very closely -# true LRU but costs more CPU. 3 is faster but not very accurate. -# -# maxmemory-samples 5 - -############################# LAZY FREEING #################################### - -# Redis has two primitives to delete keys. One is called DEL and is a blocking -# deletion of the object. It means that the server stops processing new commands -# in order to reclaim all the memory associated with an object in a synchronous -# way. If the key deleted is associated with a small object, the time needed -# in order to execute the DEL command is very small and comparable to most other -# O(1) or O(log_N) commands in Redis. However if the key is associated with an -# aggregated value containing millions of elements, the server can block for -# a long time (even seconds) in order to complete the operation. -# -# For the above reasons Redis also offers non blocking deletion primitives -# such as UNLINK (non blocking DEL) and the ASYNC option of FLUSHALL and -# FLUSHDB commands, in order to reclaim memory in background. Those commands -# are executed in constant time. Another thread will incrementally free the -# object in the background as fast as possible. -# -# DEL, UNLINK and ASYNC option of FLUSHALL and FLUSHDB are user-controlled. -# It's up to the design of the application to understand when it is a good -# idea to use one or the other. However the Redis server sometimes has to -# delete keys or flush the whole database as a side effect of other operations. -# Specifically Redis deletes objects independently of a user call in the -# following scenarios: -# -# 1) On eviction, because of the maxmemory and maxmemory policy configurations, -# in order to make room for new data, without going over the specified -# memory limit. -# 2) Because of expire: when a key with an associated time to live (see the -# EXPIRE command) must be deleted from memory. -# 3) Because of a side effect of a command that stores data on a key that may -# already exist. For example the RENAME command may delete the old key -# content when it is replaced with another one. Similarly SUNIONSTORE -# or SORT with STORE option may delete existing keys. The SET command -# itself removes any old content of the specified key in order to replace -# it with the specified string. -# 4) During replication, when a slave performs a full resynchronization with -# its master, the content of the whole database is removed in order to -# load the RDB file just transfered. -# -# In all the above cases the default is to delete objects in a blocking way, -# like if DEL was called. However you can configure each case specifically -# in order to instead release memory in a non-blocking way like if UNLINK -# was called, using the following configuration directives: - -lazyfree-lazy-eviction no -lazyfree-lazy-expire no -lazyfree-lazy-server-del no -slave-lazy-flush no - -############################## APPEND ONLY MODE ############################### - -# By default Redis asynchronously dumps the dataset on disk. This mode is -# good enough in many applications, but an issue with the Redis process or -# a power outage may result into a few minutes of writes lost (depending on -# the configured save points). -# -# The Append Only File is an alternative persistence mode that provides -# much better durability. For instance using the default data fsync policy -# (see later in the config file) Redis can lose just one second of writes in a -# dramatic event like a server power outage, or a single write if something -# wrong with the Redis process itself happens, but the operating system is -# still running correctly. -# -# AOF and RDB persistence can be enabled at the same time without problems. -# If the AOF is enabled on startup Redis will load the AOF, that is the file -# with the better durability guarantees. -# -# Please check http://redis.io/topics/persistence for more information. - -appendonly no - -# The name of the append only file (default: "appendonly.aof") - -appendfilename "appendonly.aof" - -# The fsync() call tells the Operating System to actually write data on disk -# instead of waiting for more data in the output buffer. Some OS will really flush -# data on disk, some other OS will just try to do it ASAP. -# -# Redis supports three different modes: -# -# no: don't fsync, just let the OS flush the data when it wants. Faster. -# always: fsync after every write to the append only log. Slow, Safest. -# everysec: fsync only one time every second. Compromise. -# -# The default is "everysec", as that's usually the right compromise between -# speed and data safety. It's up to you to understand if you can relax this to -# "no" that will let the operating system flush the output buffer when -# it wants, for better performances (but if you can live with the idea of -# some data loss consider the default persistence mode that's snapshotting), -# or on the contrary, use "always" that's very slow but a bit safer than -# everysec. -# -# More details please check the following article: -# http://antirez.com/post/redis-persistence-demystified.html -# -# If unsure, use "everysec". - -# appendfsync always -appendfsync everysec -# appendfsync no - -# When the AOF fsync policy is set to always or everysec, and a background -# saving process (a background save or AOF log background rewriting) is -# performing a lot of I/O against the disk, in some Linux configurations -# Redis may block too long on the fsync() call. Note that there is no fix for -# this currently, as even performing fsync in a different thread will block -# our synchronous write(2) call. -# -# In order to mitigate this problem it's possible to use the following option -# that will prevent fsync() from being called in the main process while a -# BGSAVE or BGREWRITEAOF is in progress. -# -# This means that while another child is saving, the durability of Redis is -# the same as "appendfsync none". In practical terms, this means that it is -# possible to lose up to 30 seconds of log in the worst scenario (with the -# default Linux settings). -# -# If you have latency problems turn this to "yes". Otherwise leave it as -# "no" that is the safest pick from the point of view of durability. - -no-appendfsync-on-rewrite no - -# Automatic rewrite of the append only file. -# Redis is able to automatically rewrite the log file implicitly calling -# BGREWRITEAOF when the AOF log size grows by the specified percentage. -# -# This is how it works: Redis remembers the size of the AOF file after the -# latest rewrite (if no rewrite has happened since the restart, the size of -# the AOF at startup is used). -# -# This base size is compared to the current size. If the current size is -# bigger than the specified percentage, the rewrite is triggered. Also -# you need to specify a minimal size for the AOF file to be rewritten, this -# is useful to avoid rewriting the AOF file even if the percentage increase -# is reached but it is still pretty small. -# -# Specify a percentage of zero in order to disable the automatic AOF -# rewrite feature. - -auto-aof-rewrite-percentage 100 -auto-aof-rewrite-min-size 64mb - -# An AOF file may be found to be truncated at the end during the Redis -# startup process, when the AOF data gets loaded back into memory. -# This may happen when the system where Redis is running -# crashes, especially when an ext4 filesystem is mounted without the -# data=ordered option (however this can't happen when Redis itself -# crashes or aborts but the operating system still works correctly). -# -# Redis can either exit with an error when this happens, or load as much -# data as possible (the default now) and start if the AOF file is found -# to be truncated at the end. The following option controls this behavior. -# -# If aof-load-truncated is set to yes, a truncated AOF file is loaded and -# the Redis server starts emitting a log to inform the user of the event. -# Otherwise if the option is set to no, the server aborts with an error -# and refuses to start. When the option is set to no, the user requires -# to fix the AOF file using the "redis-check-aof" utility before to restart -# the server. -# -# Note that if the AOF file will be found to be corrupted in the middle -# the server will still exit with an error. This option only applies when -# Redis will try to read more data from the AOF file but not enough bytes -# will be found. -aof-load-truncated yes - -# When rewriting the AOF file, Redis is able to use an RDB preamble in the -# AOF file for faster rewrites and recoveries. When this option is turned -# on the rewritten AOF file is composed of two different stanzas: -# -# [RDB file][AOF tail] -# -# When loading Redis recognizes that the AOF file starts with the "REDIS" -# string and loads the prefixed RDB file, and continues loading the AOF -# tail. -# -# This is currently turned off by default in order to avoid the surprise -# of a format change, but will at some point be used as the default. -aof-use-rdb-preamble no - -################################ LUA SCRIPTING ############################### - -# Max execution time of a Lua script in milliseconds. -# -# If the maximum execution time is reached Redis will log that a script is -# still in execution after the maximum allowed time and will start to -# reply to queries with an error. -# -# When a long running script exceeds the maximum execution time only the -# SCRIPT KILL and SHUTDOWN NOSAVE commands are available. The first can be -# used to stop a script that did not yet called write commands. The second -# is the only way to shut down the server in the case a write command was -# already issued by the script but the user doesn't want to wait for the natural -# termination of the script. -# -# Set it to 0 or a negative value for unlimited execution without warnings. -lua-time-limit 5000 - -################################ REDIS CLUSTER ############################### -# -# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# WARNING EXPERIMENTAL: Redis Cluster is considered to be stable code, however -# in order to mark it as "mature" we need to wait for a non trivial percentage -# of users to deploy it in production. -# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# -# Normal Redis instances can't be part of a Redis Cluster; only nodes that are -# started as cluster nodes can. In order to start a Redis instance as a -# cluster node enable the cluster support uncommenting the following: -# -# cluster-enabled yes - -# Every cluster node has a cluster configuration file. This file is not -# intended to be edited by hand. It is created and updated by Redis nodes. -# Every Redis Cluster node requires a different cluster configuration file. -# Make sure that instances running in the same system do not have -# overlapping cluster configuration file names. -# -# cluster-config-file nodes-6379.conf - -# Cluster node timeout is the amount of milliseconds a node must be unreachable -# for it to be considered in failure state. -# Most other internal time limits are multiple of the node timeout. -# -# cluster-node-timeout 15000 - -# A slave of a failing master will avoid to start a failover if its data -# looks too old. -# -# There is no simple way for a slave to actually have an exact measure of -# its "data age", so the following two checks are performed: -# -# 1) If there are multiple slaves able to failover, they exchange messages -# in order to try to give an advantage to the slave with the best -# replication offset (more data from the master processed). -# Slaves will try to get their rank by offset, and apply to the start -# of the failover a delay proportional to their rank. -# -# 2) Every single slave computes the time of the last interaction with -# its master. This can be the last ping or command received (if the master -# is still in the "connected" state), or the time that elapsed since the -# disconnection with the master (if the replication link is currently down). -# If the last interaction is too old, the slave will not try to failover -# at all. -# -# The point "2" can be tuned by user. Specifically a slave will not perform -# the failover if, since the last interaction with the master, the time -# elapsed is greater than: -# -# (node-timeout * slave-validity-factor) + repl-ping-slave-period -# -# So for example if node-timeout is 30 seconds, and the slave-validity-factor -# is 10, and assuming a default repl-ping-slave-period of 10 seconds, the -# slave will not try to failover if it was not able to talk with the master -# for longer than 310 seconds. -# -# A large slave-validity-factor may allow slaves with too old data to failover -# a master, while a too small value may prevent the cluster from being able to -# elect a slave at all. -# -# For maximum availability, it is possible to set the slave-validity-factor -# to a value of 0, which means, that slaves will always try to failover the -# master regardless of the last time they interacted with the master. -# (However they'll always try to apply a delay proportional to their -# offset rank). -# -# Zero is the only value able to guarantee that when all the partitions heal -# the cluster will always be able to continue. -# -# cluster-slave-validity-factor 10 - -# Cluster slaves are able to migrate to orphaned masters, that are masters -# that are left without working slaves. This improves the cluster ability -# to resist to failures as otherwise an orphaned master can't be failed over -# in case of failure if it has no working slaves. -# -# Slaves migrate to orphaned masters only if there are still at least a -# given number of other working slaves for their old master. This number -# is the "migration barrier". A migration barrier of 1 means that a slave -# will migrate only if there is at least 1 other working slave for its master -# and so forth. It usually reflects the number of slaves you want for every -# master in your cluster. -# -# Default is 1 (slaves migrate only if their masters remain with at least -# one slave). To disable migration just set it to a very large value. -# A value of 0 can be set but is useful only for debugging and dangerous -# in production. -# -# cluster-migration-barrier 1 - -# By default Redis Cluster nodes stop accepting queries if they detect there -# is at least an hash slot uncovered (no available node is serving it). -# This way if the cluster is partially down (for example a range of hash slots -# are no longer covered) all the cluster becomes, eventually, unavailable. -# It automatically returns available as soon as all the slots are covered again. -# -# However sometimes you want the subset of the cluster which is working, -# to continue to accept queries for the part of the key space that is still -# covered. In order to do so, just set the cluster-require-full-coverage -# option to no. -# -# cluster-require-full-coverage yes - -# This option, when set to yes, prevents slaves from trying to failover its -# master during master failures. However the master can still perform a -# manual failover, if forced to do so. -# -# This is useful in different scenarios, especially in the case of multiple -# data center operations, where we want one side to never be promoted if not -# in the case of a total DC failure. -# -# cluster-slave-no-failover no - -# In order to setup your cluster make sure to read the documentation -# available at http://redis.io web site. - -########################## CLUSTER DOCKER/NAT support ######################## - -# In certain deployments, Redis Cluster nodes address discovery fails, because -# addresses are NAT-ted or because ports are forwarded (the typical case is -# Docker and other containers). -# -# In order to make Redis Cluster working in such environments, a static -# configuration where each node knows its public address is needed. The -# following two options are used for this scope, and are: -# -# * cluster-announce-ip -# * cluster-announce-port -# * cluster-announce-bus-port -# -# Each instruct the node about its address, client port, and cluster message -# bus port. The information is then published in the header of the bus packets -# so that other nodes will be able to correctly map the address of the node -# publishing the information. -# -# If the above options are not used, the normal Redis Cluster auto-detection -# will be used instead. -# -# Note that when remapped, the bus port may not be at the fixed offset of -# clients port + 10000, so you can specify any port and bus-port depending -# on how they get remapped. If the bus-port is not set, a fixed offset of -# 10000 will be used as usually. -# -# Example: -# -# cluster-announce-ip 10.1.1.5 -# cluster-announce-port 6379 -# cluster-announce-bus-port 6380 - -################################## SLOW LOG ################################### - -# The Redis Slow Log is a system to log queries that exceeded a specified -# execution time. The execution time does not include the I/O operations -# like talking with the client, sending the reply and so forth, -# but just the time needed to actually execute the command (this is the only -# stage of command execution where the thread is blocked and can not serve -# other requests in the meantime). -# -# You can configure the slow log with two parameters: one tells Redis -# what is the execution time, in microseconds, to exceed in order for the -# command to get logged, and the other parameter is the length of the -# slow log. When a new command is logged the oldest one is removed from the -# queue of logged commands. - -# The following time is expressed in microseconds, so 1000000 is equivalent -# to one second. Note that a negative number disables the slow log, while -# a value of zero forces the logging of every command. -slowlog-log-slower-than 10000 - -# There is no limit to this length. Just be aware that it will consume memory. -# You can reclaim memory used by the slow log with SLOWLOG RESET. -slowlog-max-len 128 - -################################ LATENCY MONITOR ############################## - -# The Redis latency monitoring subsystem samples different operations -# at runtime in order to collect data related to possible sources of -# latency of a Redis instance. -# -# Via the LATENCY command this information is available to the user that can -# print graphs and obtain reports. -# -# The system only logs operations that were performed in a time equal or -# greater than the amount of milliseconds specified via the -# latency-monitor-threshold configuration directive. When its value is set -# to zero, the latency monitor is turned off. -# -# By default latency monitoring is disabled since it is mostly not needed -# if you don't have latency issues, and collecting data has a performance -# impact, that while very small, can be measured under big load. Latency -# monitoring can easily be enabled at runtime using the command -# "CONFIG SET latency-monitor-threshold " if needed. -latency-monitor-threshold 0 - -############################# EVENT NOTIFICATION ############################## - -# Redis can notify Pub/Sub clients about events happening in the key space. -# This feature is documented at http://redis.io/topics/notifications -# -# For instance if keyspace events notification is enabled, and a client -# performs a DEL operation on key "foo" stored in the Database 0, two -# messages will be published via Pub/Sub: -# -# PUBLISH __keyspace@0__:foo del -# PUBLISH __keyevent@0__:del foo -# -# It is possible to select the events that Redis will notify among a set -# of classes. Every class is identified by a single character: -# -# K Keyspace events, published with __keyspace@__ prefix. -# E Keyevent events, published with __keyevent@__ prefix. -# g Generic commands (non-type specific) like DEL, EXPIRE, RENAME, ... -# $ String commands -# l List commands -# s Set commands -# h Hash commands -# z Sorted set commands -# x Expired events (events generated every time a key expires) -# e Evicted events (events generated when a key is evicted for maxmemory) -# A Alias for g$lshzxe, so that the "AKE" string means all the events. -# -# The "notify-keyspace-events" takes as argument a string that is composed -# of zero or multiple characters. The empty string means that notifications -# are disabled. -# -# Example: to enable list and generic events, from the point of view of the -# event name, use: -# -# notify-keyspace-events Elg -# -# Example 2: to get the stream of the expired keys subscribing to channel -# name __keyevent@0__:expired use: -# -# notify-keyspace-events Ex -# -# By default all notifications are disabled because most users don't need -# this feature and the feature has some overhead. Note that if you don't -# specify at least one of K or E, no events will be delivered. -notify-keyspace-events "" - -############################### ADVANCED CONFIG ############################### - -# Hashes are encoded using a memory efficient data structure when they have a -# small number of entries, and the biggest entry does not exceed a given -# threshold. These thresholds can be configured using the following directives. -hash-max-ziplist-entries 512 -hash-max-ziplist-value 64 - -# Lists are also encoded in a special way to save a lot of space. -# The number of entries allowed per internal list node can be specified -# as a fixed maximum size or a maximum number of elements. -# For a fixed maximum size, use -5 through -1, meaning: -# -5: max size: 64 Kb <-- not recommended for normal workloads -# -4: max size: 32 Kb <-- not recommended -# -3: max size: 16 Kb <-- probably not recommended -# -2: max size: 8 Kb <-- good -# -1: max size: 4 Kb <-- good -# Positive numbers mean store up to _exactly_ that number of elements -# per list node. -# The highest performing option is usually -2 (8 Kb size) or -1 (4 Kb size), -# but if your use case is unique, adjust the settings as necessary. -list-max-ziplist-size -2 - -# Lists may also be compressed. -# Compress depth is the number of quicklist ziplist nodes from *each* side of -# the list to *exclude* from compression. The head and tail of the list -# are always uncompressed for fast push/pop operations. Settings are: -# 0: disable all list compression -# 1: depth 1 means "don't start compressing until after 1 node into the list, -# going from either the head or tail" -# So: [head]->node->node->...->node->[tail] -# [head], [tail] will always be uncompressed; inner nodes will compress. -# 2: [head]->[next]->node->node->...->node->[prev]->[tail] -# 2 here means: don't compress head or head->next or tail->prev or tail, -# but compress all nodes between them. -# 3: [head]->[next]->[next]->node->node->...->node->[prev]->[prev]->[tail] -# etc. -list-compress-depth 0 - -# Sets have a special encoding in just one case: when a set is composed -# of just strings that happen to be integers in radix 10 in the range -# of 64 bit signed integers. -# The following configuration setting sets the limit in the size of the -# set in order to use this special memory saving encoding. -set-max-intset-entries 512 - -# Similarly to hashes and lists, sorted sets are also specially encoded in -# order to save a lot of space. This encoding is only used when the length and -# elements of a sorted set are below the following limits: -zset-max-ziplist-entries 128 -zset-max-ziplist-value 64 - -# HyperLogLog sparse representation bytes limit. The limit includes the -# 16 bytes header. When an HyperLogLog using the sparse representation crosses -# this limit, it is converted into the dense representation. -# -# A value greater than 16000 is totally useless, since at that point the -# dense representation is more memory efficient. -# -# The suggested value is ~ 3000 in order to have the benefits of -# the space efficient encoding without slowing down too much PFADD, -# which is O(N) with the sparse encoding. The value can be raised to -# ~ 10000 when CPU is not a concern, but space is, and the data set is -# composed of many HyperLogLogs with cardinality in the 0 - 15000 range. -hll-sparse-max-bytes 3000 - -# Active rehashing uses 1 millisecond every 100 milliseconds of CPU time in -# order to help rehashing the main Redis hash table (the one mapping top-level -# keys to values). The hash table implementation Redis uses (see dict.c) -# performs a lazy rehashing: the more operation you run into a hash table -# that is rehashing, the more rehashing "steps" are performed, so if the -# server is idle the rehashing is never complete and some more memory is used -# by the hash table. -# -# The default is to use this millisecond 10 times every second in order to -# actively rehash the main dictionaries, freeing memory when possible. -# -# If unsure: -# use "activerehashing no" if you have hard latency requirements and it is -# not a good thing in your environment that Redis can reply from time to time -# to queries with 2 milliseconds delay. -# -# use "activerehashing yes" if you don't have such hard requirements but -# want to free memory asap when possible. -activerehashing yes - -# The client output buffer limits can be used to force disconnection of clients -# that are not reading data from the server fast enough for some reason (a -# common reason is that a Pub/Sub client can't consume messages as fast as the -# publisher can produce them). -# -# The limit can be set differently for the three different classes of clients: -# -# normal -> normal clients including MONITOR clients -# slave -> slave clients -# pubsub -> clients subscribed to at least one pubsub channel or pattern -# -# The syntax of every client-output-buffer-limit directive is the following: -# -# client-output-buffer-limit -# -# A client is immediately disconnected once the hard limit is reached, or if -# the soft limit is reached and remains reached for the specified number of -# seconds (continuously). -# So for instance if the hard limit is 32 megabytes and the soft limit is -# 16 megabytes / 10 seconds, the client will get disconnected immediately -# if the size of the output buffers reach 32 megabytes, but will also get -# disconnected if the client reaches 16 megabytes and continuously overcomes -# the limit for 10 seconds. -# -# By default normal clients are not limited because they don't receive data -# without asking (in a push way), but just after a request, so only -# asynchronous clients may create a scenario where data is requested faster -# than it can read. -# -# Instead there is a default limit for pubsub and slave clients, since -# subscribers and slaves receive data in a push fashion. -# -# Both the hard or the soft limit can be disabled by setting them to zero. -client-output-buffer-limit normal 0 0 0 -client-output-buffer-limit slave 256mb 64mb 60 -client-output-buffer-limit pubsub 32mb 8mb 60 - -# Client query buffers accumulate new commands. They are limited to a fixed -# amount by default in order to avoid that a protocol desynchronization (for -# instance due to a bug in the client) will lead to unbound memory usage in -# the query buffer. However you can configure it here if you have very special -# needs, such us huge multi/exec requests or alike. -# -# client-query-buffer-limit 1gb - -# In the Redis protocol, bulk requests, that are, elements representing single -# strings, are normally limited ot 512 mb. However you can change this limit -# here. -# -# proto-max-bulk-len 512mb - -# Redis calls an internal function to perform many background tasks, like -# closing connections of clients in timeout, purging expired keys that are -# never requested, and so forth. -# -# Not all tasks are performed with the same frequency, but Redis checks for -# tasks to perform according to the specified "hz" value. -# -# By default "hz" is set to 10. Raising the value will use more CPU when -# Redis is idle, but at the same time will make Redis more responsive when -# there are many keys expiring at the same time, and timeouts may be -# handled with more precision. -# -# The range is between 1 and 500, however a value over 100 is usually not -# a good idea. Most users should use the default of 10 and raise this up to -# 100 only in environments where very low latency is required. -hz 10 - -# When a child rewrites the AOF file, if the following option is enabled -# the file will be fsync-ed every 32 MB of data generated. This is useful -# in order to commit the file to the disk more incrementally and avoid -# big latency spikes. -aof-rewrite-incremental-fsync yes - -# Redis LFU eviction (see maxmemory setting) can be tuned. However it is a good -# idea to start with the default settings and only change them after investigating -# how to improve the performances and how the keys LFU change over time, which -# is possible to inspect via the OBJECT FREQ command. -# -# There are two tunable parameters in the Redis LFU implementation: the -# counter logarithm factor and the counter decay time. It is important to -# understand what the two parameters mean before changing them. -# -# The LFU counter is just 8 bits per key, it's maximum value is 255, so Redis -# uses a probabilistic increment with logarithmic behavior. Given the value -# of the old counter, when a key is accessed, the counter is incremented in -# this way: -# -# 1. A random number R between 0 and 1 is extracted. -# 2. A probability P is calculated as 1/(old_value*lfu_log_factor+1). -# 3. The counter is incremented only if R < P. -# -# The default lfu-log-factor is 10. This is a table of how the frequency -# counter changes with a different number of accesses with different -# logarithmic factors: -# -# +--------+------------+------------+------------+------------+------------+ -# | factor | 100 hits | 1000 hits | 100K hits | 1M hits | 10M hits | -# +--------+------------+------------+------------+------------+------------+ -# | 0 | 104 | 255 | 255 | 255 | 255 | -# +--------+------------+------------+------------+------------+------------+ -# | 1 | 18 | 49 | 255 | 255 | 255 | -# +--------+------------+------------+------------+------------+------------+ -# | 10 | 10 | 18 | 142 | 255 | 255 | -# +--------+------------+------------+------------+------------+------------+ -# | 100 | 8 | 11 | 49 | 143 | 255 | -# +--------+------------+------------+------------+------------+------------+ -# -# NOTE: The above table was obtained by running the following commands: -# -# redis-benchmark -n 1000000 incr foo -# redis-cli object freq foo -# -# NOTE 2: The counter initial value is 5 in order to give new objects a chance -# to accumulate hits. -# -# The counter decay time is the time, in minutes, that must elapse in order -# for the key counter to be divided by two (or decremented if it has a value -# less <= 10). -# -# The default value for the lfu-decay-time is 1. A Special value of 0 means to -# decay the counter every time it happens to be scanned. -# -# lfu-log-factor 10 -# lfu-decay-time 1 - -########################### ACTIVE DEFRAGMENTATION ####################### -# -# WARNING THIS FEATURE IS EXPERIMENTAL. However it was stress tested -# even in production and manually tested by multiple engineers for some -# time. -# -# What is active defragmentation? -# ------------------------------- -# -# Active (online) defragmentation allows a Redis server to compact the -# spaces left between small allocations and deallocations of data in memory, -# thus allowing to reclaim back memory. -# -# Fragmentation is a natural process that happens with every allocator (but -# less so with Jemalloc, fortunately) and certain workloads. Normally a server -# restart is needed in order to lower the fragmentation, or at least to flush -# away all the data and create it again. However thanks to this feature -# implemented by Oran Agra for Redis 4.0 this process can happen at runtime -# in an "hot" way, while the server is running. -# -# Basically when the fragmentation is over a certain level (see the -# configuration options below) Redis will start to create new copies of the -# values in contiguous memory regions by exploiting certain specific Jemalloc -# features (in order to understand if an allocation is causing fragmentation -# and to allocate it in a better place), and at the same time, will release the -# old copies of the data. This process, repeated incrementally for all the keys -# will cause the fragmentation to drop back to normal values. -# -# Important things to understand: -# -# 1. This feature is disabled by default, and only works if you compiled Redis -# to use the copy of Jemalloc we ship with the source code of Redis. -# This is the default with Linux builds. -# -# 2. You never need to enable this feature if you don't have fragmentation -# issues. -# -# 3. Once you experience fragmentation, you can enable this feature when -# needed with the command "CONFIG SET activedefrag yes". -# -# The configuration parameters are able to fine tune the behavior of the -# defragmentation process. If you are not sure about what they mean it is -# a good idea to leave the defaults untouched. - -# Enabled active defragmentation -# activedefrag yes - -# Minimum amount of fragmentation waste to start active defrag -# active-defrag-ignore-bytes 100mb - -# Minimum percentage of fragmentation to start active defrag -# active-defrag-threshold-lower 10 - -# Maximum percentage of fragmentation at which we use maximum effort -# active-defrag-threshold-upper 100 - -# Minimal effort for defrag in CPU percentage -# active-defrag-cycle-min 25 - -# Maximal effort for defrag in CPU percentage -# active-defrag-cycle-max 75 - diff --git a/roles/tsg-env-tun-mode/files/tsg-env-tun-mode.service b/roles/tsg-env-tun-mode/files/tsg-env-tun-mode.service deleted file mode 100644 index d5faeb2..0000000 --- a/roles/tsg-env-tun-mode/files/tsg-env-tun-mode.service +++ /dev/null @@ -1,15 +0,0 @@ -[Unit] -Description=tsg tun mode env init -Requires=network.target -After=network.target -Before=mrenv.service - -[Service] -ExecStart=/opt/tsg/env/setup -ExecStop=/opt/tsg/env/tsg-env_stop -Type=oneshot -RemainAfterExit=yes - -[Install] -WantedBy=multi-user.target -RequiredBy=mrenv.service diff --git a/roles/tsg-env-tun-mode/files/vconfig-1.9-16.el7.x86_64.rpm b/roles/tsg-env-tun-mode/files/vconfig-1.9-16.el7.x86_64.rpm deleted file mode 100755 index 19310d6..0000000 Binary files a/roles/tsg-env-tun-mode/files/vconfig-1.9-16.el7.x86_64.rpm and /dev/null differ diff --git a/roles/tsg-env-tun-mode/tasks/main.yml b/roles/tsg-env-tun-mode/tasks/main.yml deleted file mode 100644 index 2678a92..0000000 --- a/roles/tsg-env-tun-mode/tasks/main.yml +++ /dev/null @@ -1,41 +0,0 @@ ---- -- name: "copy vconfig-1.9-16.el7.x86_64.rpm" - copy: - src: "{{ role_path }}/files/vconfig-1.9-16.el7.x86_64.rpm" - dest: /tmp - -- name: "create /opt/tsg/env" - file: - path: /opt/tsg/env - state: directory - -- name: "template setup script" - template: - src: "{{ role_path }}/templates/setup.j2" - dest: "/opt/tsg/env/setup" - mode: 0755 - -- name: "copy tsg-env-tun-mode.service" - copy: - src: "{{ role_path }}/files/tsg-env-tun-mode.service" - dest: "/usr/lib/systemd/system/" - mode: 0644 - -- name: "template tsg-env_stop" - template: - src: "{{ role_path }}/templates/tsg-env_stop.j2" - dest: "/opt/tsg/env/tsg-env_stop" - mode: 0755 - -- name: "install vconfig rpms from localhost" - yum: - name: - - /tmp/vconfig-1.9-16.el7.x86_64.rpm - state: present - -- name: "enable tsg-env-tun-mode" - systemd: - name: tsg-env-tun-mode - enabled: yes - daemon_reload: yes - diff --git a/roles/tsg-env-tun-mode/templates/setup.j2 b/roles/tsg-env-tun-mode/templates/setup.j2 deleted file mode 100644 index 92dfbf4..0000000 --- a/roles/tsg-env-tun-mode/templates/setup.j2 +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash -modprobe 8021q -vconfig add {{ nic_mgr.name }} 100 -vconfig set_flag {{ nic_mgr.name }}.100 1 1 -ifconfig {{ nic_mgr.name }}.100 192.168.100.1 netmask 255.255.255.0 up -{% if tsg_access_type == 0 %} -ethtool -K {{ packet_io.internal_interface }} tso off -ethtool -K {{ packet_io.internal_interface }} gso off -ethtool -K {{ packet_io.internal_interface }} gro off -ethtool -K {{ packet_io.external_interface }} tso off -ethtool -K {{ packet_io.external_interface }} gso off -ethtool -K {{ packet_io.external_interface }} gro off -{% elif tsg_access_type == 4 or tsg_access_type == 5 %} -echo 3 > /sys/class/net/{{ ATCA_data_incoming.ethname }}/device/sriov_numvfs -ip link set {{ ATCA_data_incoming.ethname }} vf 1 vlan 4095 -ip link set {{ ATCA_data_incoming.ethname }} vf 2 vlan 4095 -ip link set {{ ATCA_data_incoming.ethname }} vf 0 trust on -ip link set {{ ATCA_data_incoming.ethname }} vf 1 trust on -ip link set {{ ATCA_data_incoming.ethname }} vf 2 trust on -ip link set {{ ATCA_data_incoming.ethname }} vf 1 mac 00:0e:c6:d6:72:c1 -ip link set {{ ATCA_data_incoming.ethname }} vf 2 mac fe:65:b7:03:50:bd -ip link set {{ ATCA_data_incoming.ethname }} vf 0 spoofchk off -ip link set {{ ATCA_data_incoming.vf0_name }} up -ip link set {{ ATCA_data_incoming.vf1_name }} up -ip link set {{ ATCA_data_incoming.vf2_name }} up -{% endif %} - diff --git a/roles/tsg-env-tun-mode/templates/tsg-env_stop.j2 b/roles/tsg-env-tun-mode/templates/tsg-env_stop.j2 deleted file mode 100644 index 323b30c..0000000 --- a/roles/tsg-env-tun-mode/templates/tsg-env_stop.j2 +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/bash -# -echo 0 >/sys/class/net/{{ nic_mgr.name }}/device/sriov_numvfs -ifconfig {{ nic_mgr.name }}.100 down -vconfig rem {{ nic_mgr.name }}.100 -{% if tsg_access_type == 4 or tsg_access_type == 5 %} -echo 0 >/sys/class/net/{{ ATCA_data_incoming.ethname }}/device/sriov_numvfs -{% endif %} diff --git a/roles/tsg_app/files/app_sketch_local-3.0.5.92c645f-2.el7.x86_64.rpm b/roles/tsg_app/files/app_sketch_local-3.0.5.92c645f-2.el7.x86_64.rpm deleted file mode 100644 index c1648bf..0000000 Binary files a/roles/tsg_app/files/app_sketch_local-3.0.5.92c645f-2.el7.x86_64.rpm and /dev/null differ diff --git a/roles/tsg_app/tasks/main.yml b/roles/tsg_app/tasks/main.yml deleted file mode 100644 index 01c1fd6..0000000 --- a/roles/tsg_app/tasks/main.yml +++ /dev/null @@ -1,16 +0,0 @@ ---- -- name: "copy tsg_app rpms to destination server" - copy: - src: "{{ role_path }}/files/" - dest: /tmp/ansible_deploy/ - -- name: "install tsg_app packages" - yum: - name: "{{ app_packages }}" - state: present - skip_broken: yes - vars: - app_packages: - - /tmp/ansible_deploy/app_sketch_local-3.0.5.92c645f-2.el7.x86_64.rpm - when: tsg_app.enable == 1 - diff --git a/roles/tsg_device_tag/tasks/main.yml b/roles/tsg_device_tag/tasks/main.yml deleted file mode 100644 index 28f7ac7..0000000 --- a/roles/tsg_device_tag/tasks/main.yml +++ /dev/null @@ -1,9 +0,0 @@ -- name: "create /opt/tsg/etc/" - file: - path: /opt/tsg/etc - state: directory - -- name: "Template tsg_device_tag.json" - template: - src: "{{ role_path }}/templates/tsg_device_tag.json.j2" - dest: /opt/tsg/etc/tsg_device_tag.json diff --git a/roles/tsg_device_tag/templates/tsg_device_tag.json.j2 b/roles/tsg_device_tag/templates/tsg_device_tag.json.j2 deleted file mode 100644 index de84658..0000000 --- a/roles/tsg_device_tag/templates/tsg_device_tag.json.j2 +++ /dev/null @@ -1,2 +0,0 @@ -[MAAT] -ACCEPT_TAGS={"tags":[{"tag":"device_id","value":"{{ device_id }}"}]} diff --git a/roles/tsg_master/files/tsg_master-4.2.3.6c3f53d-2.el7.x86_64.rpm b/roles/tsg_master/files/tsg_master-4.2.3.6c3f53d-2.el7.x86_64.rpm deleted file mode 100644 index f44d71d..0000000 Binary files a/roles/tsg_master/files/tsg_master-4.2.3.6c3f53d-2.el7.x86_64.rpm and /dev/null differ diff --git a/roles/tsg_master/files/tsg_master-4.2.8.a35b9e2-2.el7.x86_64.rpm b/roles/tsg_master/files/tsg_master-4.2.8.a35b9e2-2.el7.x86_64.rpm new file mode 100644 index 0000000..2c63738 Binary files /dev/null and b/roles/tsg_master/files/tsg_master-4.2.8.a35b9e2-2.el7.x86_64.rpm differ diff --git a/roles/tsg_master/tasks/main.yml b/roles/tsg_master/tasks/main.yml index 54e7a9c..e2ae38f 100644 --- a/roles/tsg_master/tasks/main.yml +++ b/roles/tsg_master/tasks/main.yml @@ -6,6 +6,5 @@ - name: "install tsg_master from localhost" yum: name: - - /tmp/ansible_deploy/tsg_master-4.2.3.6c3f53d-2.el7.x86_64.rpm + - /tmp/ansible_deploy/tsg_master-4.2.8.a35b9e2-2.el7.x86_64.rpm state: present - skip_broken: yes diff --git a/server_deploy.yml b/server_deploy.yml deleted file mode 100644 index ec0f7fe..0000000 --- a/server_deploy.yml +++ /dev/null @@ -1,37 +0,0 @@ -- hosts: server_as_tun_mode - remote_user: root - vars_files: - - install_config/group_vars/server_as_tun_mode.yml - roles: - - {role: framework, tags: framework} - - {role: kernel-ml, tags: kernel-ml} - - {role: mrzcpd, tags: mrzcpd} - - {role: tsg-env-tun-mode, tags: tsg-env-tun-mode} - - {role: sapp, tags: sapp} - - {role: tsg_master, tags: tsg_master} - - {role: kni, tags: kni} - - {role: firewall, tags: firewall} - - {role: tsg_app, tags: tsg_app} - - {role: http_healthcheck,tags: http_healthcheck} - - {role: certstore, tags: certstore} - - {role: redis, tags: redis} - - {role: cert-redis, tags: cert-redis} - - {role: maat-redis, tags: maat-redis, when: deploy_mode == "cluster"} - - {role: tfe, tags: tfe} - - {role: telegraf_statistic, tags: telegraf_statistic} - -- hosts: packet_dump_server - remote_user: root - vars_files: - - install_config/group_vars/server_as_tun_mode.yml - roles: - - {role: framework, tags: framework} - - {role: packet_dump, tags: packet_dump} - - {role: dump_rtp_pcap, tags: dump_rtp_pcap} - -- hosts: app_global - remote_user: root - vars_files: - - install_config/group_vars/app_global.yml - roles: - - {role: app_global, tags: app_global} diff --git a/tasks/diabled_tsg-monitor.yml b/tasks/diabled_tsg-monitor.yml deleted file mode 100644 index 538063f..0000000 --- a/tasks/diabled_tsg-monitor.yml +++ /dev/null @@ -1,13 +0,0 @@ -- hosts: - - adc_mcn0 - - adc_mcn1 - - adc_mcn2 - - adc_mcn3 - remote_user: root - tasks: - - name: 'Tsg-monitor service start' - systemd: - name: tsg-monitor - enabled: no - state: stopped - daemon_reload: yes diff --git a/tasks/option-tsg-diagnose/start_tsg_diagnose.yml b/tasks/option-tsg-diagnose/start_tsg_diagnose.yml deleted file mode 100644 index 791e97b..0000000 --- a/tasks/option-tsg-diagnose/start_tsg_diagnose.yml +++ /dev/null @@ -1,8 +0,0 @@ -- hosts: adc_mcn0 - remote_user: root - tasks: - - name: 'mcn0 start tsg-diagnose service' - systemd: - name: tsg-diagnose - state: started - enabled: yes diff --git a/tasks/option-tsg-diagnose/stop_tsg_diagnose.yml b/tasks/option-tsg-diagnose/stop_tsg_diagnose.yml deleted file mode 100644 index c2fa938..0000000 --- a/tasks/option-tsg-diagnose/stop_tsg_diagnose.yml +++ /dev/null @@ -1,8 +0,0 @@ -- hosts: adc_mcn0 - remote_user: root - tasks: - - name: 'mcn0 stop tsg-diagnose service' - systemd: - name: tsg-diagnose - state: stopped - enabled: no diff --git a/tasks/reboot/reboot_adc.yml b/tasks/reboot/reboot_adc.yml deleted file mode 100644 index db38bac..0000000 --- a/tasks/reboot/reboot_adc.yml +++ /dev/null @@ -1,9 +0,0 @@ -- hosts: - - adc_mcn0 - - adc_mcn1 - - adc_mcn2 - - adc_mcn3 - remote_user: root - tasks: - - name: "reboot" - reboot: diff --git a/tasks/reboot/reboot_adc_mcn_by_ipmitool.yml b/tasks/reboot/reboot_adc_mcn_by_ipmitool.yml deleted file mode 100644 index 040a85e..0000000 --- a/tasks/reboot/reboot_adc_mcn_by_ipmitool.yml +++ /dev/null @@ -1,11 +0,0 @@ -- hosts: adc_mxn - remote_user: root - tasks: - - name: "reboot adc in mxn by ipmitool" - shell: "{{ item }}" - ignore_errors: true - with_items: - - ipmitool -t 0x90 chassis power reset - - ipmitool -t 0x80 chassis power reset - - ipmitool -t 0x98 chassis power reset - - ipmitool -t 0x88 chassis power reset diff --git a/tasks/reboot/reboot_adc_mcn_by_ssh.yml b/tasks/reboot/reboot_adc_mcn_by_ssh.yml deleted file mode 100644 index d901da3..0000000 --- a/tasks/reboot/reboot_adc_mcn_by_ssh.yml +++ /dev/null @@ -1,13 +0,0 @@ -- hosts: adc_mxn - remote_user: root - tasks: - - name: "reboot adc mcn*" - shell: "{{ item }}" - ignore_errors: true - with_items: - - ssh 192.168.100.1 reboot - - ssh 192.168.100.2 reboot - - ssh 192.168.100.3 reboot - - ssh 192.168.100.4 reboot - - reboot - diff --git a/tasks/remove_mrzcpd_system_edit.yml b/tasks/remove_mrzcpd_system_edit.yml deleted file mode 100644 index 77cbb92..0000000 --- a/tasks/remove_mrzcpd_system_edit.yml +++ /dev/null @@ -1,9 +0,0 @@ -- hosts: - - adc_mcn0 - - adc_mcn1 - - adc_mcn2 - - adc_mcn3 - remote_user: root - tasks: - - name: 'remove mrzcpd system edit memory config' - shell: rm /etc/systemd/system/mrzcpd.service.d/memory.conf diff --git a/tasks/reset_maat_redis.yml b/tasks/reset_maat_redis.yml deleted file mode 100644 index 90ef462..0000000 --- a/tasks/reset_maat_redis.yml +++ /dev/null @@ -1,5 +0,0 @@ -- hosts: adc_mcn3 - remote_user: root - tasks: - - name: 'reset maat-redis' - shell: systemctl daemon-reload; systemctl reset-failed maat-redis diff --git a/tasks/restart_process/restart_adc-exporter-systemd.yml b/tasks/restart_process/restart_adc-exporter-systemd.yml deleted file mode 100644 index 625abba..0000000 --- a/tasks/restart_process/restart_adc-exporter-systemd.yml +++ /dev/null @@ -1,15 +0,0 @@ -- hosts: - - adc_mxn - - adc_mcn0 - - adc_mcn1 - - adc_mcn2 - - adc_mcn3 - remote_user: root - tasks: - - name: 'adc-exporter-systemd service start' - systemd: - name: adc-exporter-systemd - enabled: yes - daemon_reload: yes - state: restarted - diff --git a/tasks/restart_process/restart_certstore.yml b/tasks/restart_process/restart_certstore.yml deleted file mode 100644 index ddb1baf..0000000 --- a/tasks/restart_process/restart_certstore.yml +++ /dev/null @@ -1,11 +0,0 @@ -- hosts: - - adc_mcn0 - remote_user: root - tasks: - - name: 'certstore service start' - systemd: - name: certstore - enabled: yes - daemon_reload: yes - state: restarted - diff --git a/tasks/restart_process/restart_mrzcpd.yml b/tasks/restart_process/restart_mrzcpd.yml deleted file mode 100644 index 39e12ed..0000000 --- a/tasks/restart_process/restart_mrzcpd.yml +++ /dev/null @@ -1,14 +0,0 @@ -- hosts: - - adc_mcn0 - - adc_mcn1 - - adc_mcn2 - - adc_mcn3 - remote_user: root - tasks: - - name: 'mrzcpd service start' - systemd: - name: mrzcpd - enabled: yes - daemon_reload: yes - state: restarted - diff --git a/tasks/restart_process/restart_process.yml b/tasks/restart_process/restart_process.yml deleted file mode 100644 index 4df97bd..0000000 --- a/tasks/restart_process/restart_process.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -- include: restart_telegraf_statistic.yml -- include: restart_mrzcpd.yml -- include: restart_sapp.yml -- include: restart_certstore.yml -- include: restart_tfe.yml -- include: restart_adc-exporter-systemd.yml diff --git a/tasks/restart_process/restart_sapp.yml b/tasks/restart_process/restart_sapp.yml deleted file mode 100644 index 71775fd..0000000 --- a/tasks/restart_process/restart_sapp.yml +++ /dev/null @@ -1,11 +0,0 @@ -- hosts: - - adc_mcn0 - remote_user: root - tasks: - - name: 'sapp service start' - systemd: - name: sapp - enabled: yes - daemon_reload: yes - state: restarted - diff --git a/tasks/restart_process/restart_sapp_tfe_certstore.yml b/tasks/restart_process/restart_sapp_tfe_certstore.yml deleted file mode 100644 index dd10ef2..0000000 --- a/tasks/restart_process/restart_sapp_tfe_certstore.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- include: restart_sapp.yml -- include: restart_certstore.yml -- include: restart_tfe.yml diff --git a/tasks/restart_process/restart_telegraf_statistic.yml b/tasks/restart_process/restart_telegraf_statistic.yml deleted file mode 100644 index da182db..0000000 --- a/tasks/restart_process/restart_telegraf_statistic.yml +++ /dev/null @@ -1,11 +0,0 @@ -- hosts: - - adc_mcn0 - remote_user: root - tasks: - - name: 'telegraf_statistic service start' - systemd: - name: telegraf_statistic - enabled: yes - daemon_reload: yes - state: restarted - diff --git a/tasks/restart_process/restart_tfe.yml b/tasks/restart_process/restart_tfe.yml deleted file mode 100644 index 2754d8f..0000000 --- a/tasks/restart_process/restart_tfe.yml +++ /dev/null @@ -1,13 +0,0 @@ -- hosts: - - adc_mcn1 - - adc_mcn2 - - adc_mcn3 - remote_user: root - tasks: - - name: 'tfe service start' - systemd: - name: tfe - enabled: yes - daemon_reload: yes - state: restarted - diff --git a/tasks/stop_telegraf_collect.yml b/tasks/stop_telegraf_collect.yml deleted file mode 100644 index 3c3f2b4..0000000 --- a/tasks/stop_telegraf_collect.yml +++ /dev/null @@ -1,15 +0,0 @@ -- hosts: - - adc_mcn0 - - adc_mcn1 - - adc_mcn2 - - adc_mcn3 - remote_user: root - tasks: - - name: 'mcn* stop telegraf_collect service' - systemd: - name: telegraf_collect - state: stopped - enabled: no - - - name: 'telegraf_collect config file and service file' - shell: rm /etc/telegraf/telegraf_collect.conf; rm /usr/lib/systemd/system/telegraf_collect.service; systemctl daemon-reload diff --git a/tasks/uninstall/uninstall_maat_redis.yml b/tasks/uninstall/uninstall_maat_redis.yml deleted file mode 100644 index 378f031..0000000 --- a/tasks/uninstall/uninstall_maat_redis.yml +++ /dev/null @@ -1,24 +0,0 @@ -- hosts: host_uninstall_redis - remote_user: root - tasks: - - name: "maat-redis-uninstall: stop maat-redis service" - systemd: - name: "{{ item }}" - state: stopped - with_items: - - maat-redis.service - - redis.service - - - name: "maat-redis-uninstall: rm maat-redis.conf and maat-redis.service" - file: - path: "{{ item }}" - state: absent - with_items: - - /etc/maat-redis.conf - - /usr/lib/systemd/system/maat-redis.service - - - name: remove redis - yum: - name: redis - state: absent - diff --git a/tasks/uninstall/uninstall_node-exporter.yml b/tasks/uninstall/uninstall_node-exporter.yml deleted file mode 100644 index e30e809..0000000 --- a/tasks/uninstall/uninstall_node-exporter.yml +++ /dev/null @@ -1,26 +0,0 @@ -- hosts: adc_mxn - remote_user: root - tasks: - - - name: "stop node-exporter service" - shell: systemctl stop node-exporter - ignore_errors: true - - - name: "disable node-exporter service" - shell: systemctl disable node-exporter - ignore_errors: true - - - name: "remove node-exporter service" - shell: rm /usr/lib/systemd/system/node-exporter.service - ignore_errors: true - - - name: 'reset node-exporter in mxn' - shell: systemctl daemon-reload; systemctl reset-failed node-exporter - ignore_errors: true - - - - name: 'start adc-exporter-node service' - systemd: - name: adc-exporter-node - state: started - enabled: yes diff --git a/tasks/uninstall/uninstall_redis40u.yml b/tasks/uninstall/uninstall_redis40u.yml deleted file mode 100644 index 54f54c6..0000000 --- a/tasks/uninstall/uninstall_redis40u.yml +++ /dev/null @@ -1,14 +0,0 @@ -- hosts: adc_mcn3 - remote_user: root - tasks: - - name: 'redis service stop' - systemd: - name: redis - enabled: no - daemon_reload: yes - state: stopped - - - name: remove the redis40u - yum: - name: redis40u - state: absent diff --git a/tasks/uninstall/uninstall_rpm_node-exporter.yml b/tasks/uninstall/uninstall_rpm_node-exporter.yml deleted file mode 100644 index 07955c7..0000000 --- a/tasks/uninstall/uninstall_rpm_node-exporter.yml +++ /dev/null @@ -1,7 +0,0 @@ -- hosts: adc_mxn - remote_user: root - tasks: - - name: remove the node-exporter - yum: - name: node-exporter - state: absent diff --git a/tasks/verify/verify_process_md5_hash.yml b/tasks/verify/verify_process_md5_hash.yml deleted file mode 100644 index 1163412..0000000 --- a/tasks/verify/verify_process_md5_hash.yml +++ /dev/null @@ -1,13 +0,0 @@ -- hosts: adc_mcn0 - remote_user: root - tasks: - - name: "verify sapp md5 in mcn0" - shell: md5sum /home/mesasoft/sapp_run/sapp - register: sapp_md5sum - - - name: assert - assert: - that: - - sapp_md5sum.stdout.find('1ca2eb92e4269066c6a056e41bb394b3') != -1 - fail_msg: "FAIL" - success_msg: "PASS" diff --git a/tasks/verify/verify_systemctl_sapp.yml b/tasks/verify/verify_systemctl_sapp.yml deleted file mode 100644 index 37c0496..0000000 --- a/tasks/verify/verify_systemctl_sapp.yml +++ /dev/null @@ -1,13 +0,0 @@ -- hosts: adc_mcn0 - remote_user: root - tasks: - - name: "register systemctl status sapp result" - shell: systemctl status sapp - register: sapp_results - - - name: assert - assert: - that: - - sapp_results.stdout.find('active (running)') != -1 - fail_msg: "FAIL" - success_msg: "PASS" diff --git a/tasks/verify/verify_systemctl_tfe.yml b/tasks/verify/verify_systemctl_tfe.yml deleted file mode 100644 index 4204c15..0000000 --- a/tasks/verify/verify_systemctl_tfe.yml +++ /dev/null @@ -1,16 +0,0 @@ -- hosts: - - adc_mcn1 - - adc_mcn2 - - adc_mcn3 - remote_user: root - tasks: - - name: "register systemctl status tfe result" - shell: systemctl status tfe - register: tfe_results - - - name: assert - assert: - that: - - tfe_results.stdout.find('active (running)') != -1 - fail_msg: "FAIL" - success_msg: "PASS" diff --git a/tasks/verify/verify_tfe_md5_hash.yml b/tasks/verify/verify_tfe_md5_hash.yml deleted file mode 100644 index 80e23be..0000000 --- a/tasks/verify/verify_tfe_md5_hash.yml +++ /dev/null @@ -1,16 +0,0 @@ -- hosts: - - adc_mcn1 - - adc_mcn2 - - adc_mcn3 - remote_user: root - tasks: - - name: "verify tfe md5 in mcn0" - shell: md5sum /opt/tsg/tfe/bin/tfe - register: tfe_md5sum - - - name: assert - assert: - that: - - tfe_md5sum.stdout.find('0f45d2844dbff2edbde44bab0359cead') != -1 - fail_msg: "FAIL" - success_msg: "PASS" diff --git a/tasks/verify/verify_tsg_diagnose.yml b/tasks/verify/verify_tsg_diagnose.yml deleted file mode 100644 index 0a927bb..0000000 --- a/tasks/verify/verify_tsg_diagnose.yml +++ /dev/null @@ -1,13 +0,0 @@ -- hosts: adc_mcn0 - remote_user: root - tasks: - - name: "register tsg-diagnose exec result" - shell: docker exec -it unittest_tsg-diagnose /bin/sh -c 'python3 /root/unittest/tsg_diagnose.py' - register: tsgdiagnoseresults - - - name: assert - assert: - that: - - tsgdiagnoseresults.stdout.find('FAIL') == -1 - fail_msg: "FAIL" - success_msg: "PASS" diff --git a/tasks/verify/verify_tsg_diagnose_once.yml b/tasks/verify/verify_tsg_diagnose_once.yml deleted file mode 100644 index 9b8f9ae..0000000 --- a/tasks/verify/verify_tsg_diagnose_once.yml +++ /dev/null @@ -1,31 +0,0 @@ -- hosts: adc_mcn0 - remote_user: root - tasks: - - name: 'mcn0 start tsg-diagnose service' - systemd: - name: tsg-diagnose - state: started - enabled: yes - -- hosts: adc_mcn0 - remote_user: root - tasks: - - name: "register tsg-diagnose exec result" - shell: docker exec -it unittest_tsg-diagnose /bin/sh -c 'python3 /root/unittest/tsg_diagnose.py' - register: tsgdiagnoseresults - - - name: assert - assert: - that: - - tsgdiagnoseresults.stdout.find('FAIL') == -1 - fail_msg: "FAIL" - success_msg: "PASS" - -- hosts: adc_mcn0 - remote_user: root - tasks: - - name: 'mcn0 stop tsg-diagnose service' - systemd: - name: tsg-diagnose - state: stopped - enabled: no