gfwleak/solutions-tsg-scripts
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

OMPUB-159:新增v21.06适配mirror流量的DPI安装包

Browse Source
This commit is contained in:
fumingwei
2021-07-06 14:48:40 +08:00
parent 3322c11ad9
commit e3977b920e
236 changed files with 218 additions and 9473 deletions
Download Patch File Download Diff File Expand all files Collapse all files

155
install_config/group_vars/adc_global.yml
View File

@@ -1,155 +0,0 @@
#########################################
#####0: pcap; 1: Inline_device; 2: Allot; 3: ADC_Tun_mode; 4:ATCA_Vlan_Flipping 5:ATCA_VXLAN
tsg_access_type: 2
#####2: ADC; 0:Tun_mode; 1: normal;
tsg_running_type: 2
#####deploy mode: cluster, single
deploy_mode: "cluster"
########################################
#Deploy_finished_reboot
Deploy_finished_reboot: 0
########################################
#IP Config
maat_redis_city_server:
address: "10.4.62.253"
port: 7002
maat_redis_server:
address: "192.168.100.1"
port: 7002
port_num: 1
db: 0
dynamic_maat_redis_server:
address: "192.168.100.1"
port: 7002
port_num: 1
db: 1
cert_store_server:
address: "192.168.100.1"
port: 9991
log_kafkabrokers:
address: ['1.1.1.1:9092','2.2.2.2:9092']
#log_minio:
# address: "10.4.62.253"
# port: 9090
pangu_pxy:
log_cache:
address: "10.9.62.253"
port: 9090
#########################################
#Log Level Config
#日志等级 10:DEBUG 20:INFO 30:FATAL
fw_voip_log_level: 10
fw_ftp_log_level: 10
fw_mail_log_level: 10
fw_http_log_level: 10
fw_dns_log_level: 10
fw_quic_log_level: 10
app_control_log_level: 10
capture_packet_log_level: 10
tsg_log_level: 10
tsg_master_log_level: 10
kni_log_level: 10
#日志等级 DEBUG INFO FATAL
tfe_log_level: FATAL
tfe_http_log_level: FATAL
pangu_log_level: FATAL
doh_log_level: FATAL
certstore_log_level: FATAL
packet_dump_log_level: 10
#######################################
#Sapp Performance Config
#Sapp工作在ADC计算板0时建议使用如下30+8的配置以保证更高的处理性能
sapp:
worker_threads: 42
send_only_threads_max: 1
bind_mask: 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43
inbound_route_dir: 1
prometheus_enable: 1
prometheus_port: 9273
prometheus_url_path: "/metrics"
########################################
#Kni Config
kni:
global:
tfe_node_count: 3
watch_dog:
switch: 1
maat:
readconf_mode: 2
send_logger:
switch: 1
tfe_nodes:
tfe0_enabled: 1
tfe1_enabled: 1
tfe2_enabled: 1
########################################
#Tfe Config
tfe:
nr_threads: 32
mirror_enable: 1
########################################
#Marsio Config
#marsio工作在ADC计算板时建议使用如下配置以保证更高的处理性能
mcn0_mrzcpd:
iocore: 52,53,54,55
mcn123_mrzcpd:
iocore: 54,55
mrtunnat:
lcore_id: 48,49,50,51
#########################################
#Tsg_app
tsg_app:
enable: 0
breakpad_upload_url: http://10.4.63.4:9000/api/2/minidump/?sentry_key=3203b43fd5384a7dbe6a48ecb1f3c595
data_center: Kyzylorda
tsg_master_entrance_id: 9
nic_mgr:
name: em1
firewall:
hos_serverip: "192.168.40.223"
hos_serverport: 9098
hos_accesskeyid: "default"
hos_secretkey: "default"
hos_poolsize: 100
hos_thread_sum: 32
hos_cache_size: 102400
hos_fs2_serverip: "127.0.0.1"
hos_fs2_serverport: 10086
APP_SKETCH_LOG_LEVEL: 10
APP_SKETCH_LOG_PATH: "./tsglog/app_sketch_local/app_sketch_local"
APP_SKETCH_L7_PROTOCOL_LABEL: "BASIC_PROTO_LABEL"
APP_SKETCH_QOS: 1
APP_SKETCH_PUBLISH_TOPIC: "APP_SIGNATURE_ID"
APP_SKETCH_BROKER_LIST: "tcp://192.168.40.161:1883"
dump_rtp_pcap:
aws_access_key_id: "default"
aws_secret_access_key: "default"
aws_session_token: "c21f969b5f03d33d43e04f8f136e7682"
consume_bootstrap_servers: ['192.168.44.14:9092']
endpoint_url: "http://192.168.44.67:9098/hos/"
produce_bootstrap_servers: "192.168.44.14:9092"
queue_size: 5000000
coroutine_max_num: 200
coroutine_num: 100
qfull_mode: 0
qfull_interval: 5

41
install_config/group_vars/adc_mcn0.yml
View File

@@ -1,41 +0,0 @@
#########################################
#Mcn0管理口网卡名
nic_mgr:
name: ens1f3
#########################################
#Mcn0流量接入网卡固定配置
nic_data_incoming:
name: ens1f4
#########################################
#Mcn0其他数据口网卡名配置固定配置
nic_inner_ctrl:
name: ens1.100
nic_to_tfe:
tfe0:
name: ens1f5
tfe1:
name: ens1f6
tfe2:
name: ens1f7
#########################################
#串联设备接入相关配置
inline_device_config:
keepalive_ip: 192.168.1.30
keepalive_mask: 255.255.255.252
#########################################
#Allot接入相关配置
AllotAccess:
#virturlInterface_1: ens1f2.103
#virturlInterface_2: ens1f2.104
virturlID_1: 1201
virturlID_2: 1202
virturlID_3: 1301
virturlID_4: 1302
#vvipv4_mask: 24
#vvipv6_mask: 64
bladename: mcn0

19
install_config/group_vars/adc_mcn1.yml
View File

@@ -1,19 +0,0 @@
#########################################
#Mcn1管理口网卡名
nic_mgr:
name: ens1f3
#########################################
#Mcn1流量接入网卡固定配置
nic_data_incoming:
name: ens1f1
#########################################
#Mcn1其他数据口网卡名配置固定配置
nic_inner_ctrl:
name: ens1.100
nic_traffic_mirror:
name: ens1f2
use_mrzcpd: 1
bladename: mcn1

19
install_config/group_vars/adc_mcn2.yml
View File

@@ -1,19 +0,0 @@
#########################################
#Mcn2管理口网卡名
nic_mgr:
name: ens8f3
#########################################
#Mcn2流量接入网卡固定配置
nic_data_incoming:
name: ens8f1
#########################################
#Mcn2其他数据口网卡名配置固定配置
nic_inner_ctrl:
name: ens8.100
nic_traffic_mirror:
name: ens8f2
use_mrzcpd: 1
bladename: mcn2

19
install_config/group_vars/adc_mcn3.yml
View File

@@ -1,19 +0,0 @@
#########################################
#Mcn3管理口网卡名
nic_mgr:
name: ens8f3
#########################################
#Mcn3流量接入网卡固定配置
nic_data_incoming:
name: ens8f1
#########################################
#Mcn3其他数据口网卡名配置固定配置
nic_inner_ctrl:
name: ens8.100
nic_traffic_mirror:
name: ens8f2
use_mrzcpd: 1
bladename: mcn3

10
install_config/group_vars/app_global.yml
View File

@@ -1,10 +0,0 @@
#########################################
app_sketch_global_log_level: 10
maat_redis_server:
address: "192.168.40.168"
port: 7002
db: 0
file_stat_ip: "1.1.1.1"

91
install_config/group_vars/mirror_traffic.yml Normal file
View File

@@ -0,0 +1,91 @@
########################################
#Server Basic Config
nic_mgr:
name: eth0
#########################################
#IP Config
maat_redis_server:
address: "#Bifang IP#"
port: 7002
port_num: 1
db: 0
dynamic_maat_redis_server:
address: "#Bifang IP#"
port: 7002
port_num: 1
db: 1
log_kafkabrokers:
address: ['1.1.1.1:9092','2.2.2.2:9092']
#log_minio:
# address: "10.9.62.253"
# port: 9090
#########################################
#Log Level Config
#日志等级 10:DEBUG 20:INFO 30:FATAL
fw_voip_log_level: 10
fw_ftp_log_level: 10
fw_mail_log_level: 10
fw_http_log_level: 10
fw_dns_log_level: 10
fw_quic_log_level: 10
app_control_log_level: 10
capture_packet_log_level: 10
tsg_log_level: 10
tsg_master_log_level: 10
kni_log_level: 10
#日志等级 DEBUG INFO FATAL
tfe_log_level: FATAL
tfe_http_log_level: FATAL
pangu_log_level: FATAL
doh_log_level: FATAL
certstore_log_level: 10
packet_dump_log_level: 10
#########################################
#Sapp Performance Config
#如果tsg_access_type=0sapp跑在pcap模式则以下配置可忽略
sapp:
worker_threads: 23
send_only_threads_max: 1
bind_mask: 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24
inbound_route_dir: 1
prometheus_enable: 1
prometheus_port: 9273
prometheus_url_path: "/metrics"
#########################################
#Marsio Config
mrzcpd:
iocore: 39
#########################################
#新增配置项,均为默认值不用改
breakpad_upload_url: http://127.0.0.1:9000/api/2/minidump/?sentry_key=3556bac347c74585a994eb6823faf5c6
data_center: Beijing
tsg_master_entrance_id: 0
firewall:
hos_serverip: "192.168.40.223"
hos_serverport: 9098
hos_accesskeyid: "default"
hos_secretkey: "default"
hos_poolsize: 100
hos_thread_sum: 32
hos_cache_size: 102400
hos_fs2_serverip: "127.0.0.1"
hos_fs2_serverport: 10086
data_incoming_nic_list: ['eth0', 'eth1']

200
install_config/group_vars/server_as_tun_mode.yml
View File

@@ -1,200 +0,0 @@
#########################################
#####0: Pcap; 1: Inline_device; 5:ATCA_VXLAN;
tsg_access_type: 0
#####0: Tun_mode; 1: normal;
tsg_running_type: 0
#####deploy mode: cluster, single
deploy_mode: "single"
########################################
#Deploy_finished_reboot
Deploy_finished_reboot: 0
########################################
#Server Basic Config
nic_mgr:
name: eth0
nic_inner_ctrl:
name: eth0.100
#########################################
#IP Config
#maat_redis_city_serve相关配置只在部署集群模式时使用
maat_redis_city_server:
address: ""
port:
maat_redis_server:
address: "#Bifang IP#"
port: 7002
port_num: 1
db: 0
dynamic_maat_redis_server:
address: "#Bifang IP#"
port: 7002
port_num: 1
db: 1
cert_store_server:
address: "192.168.100.1"
port: 9991
log_kafkabrokers:
address: ['1.1.1.1:9092','2.2.2.2:9092']
#log_minio:
# address: "10.9.62.253"
# port: 9090
#########################################
#Log Level Config
#日志等级 10:DEBUG 20:INFO 30:FATAL
fw_voip_log_level: 10
fw_ftp_log_level: 10
fw_mail_log_level: 10
fw_http_log_level: 10
fw_dns_log_level: 10
fw_quic_log_level: 10
app_control_log_level: 10
capture_packet_log_level: 10
tsg_log_level: 10
tsg_master_log_level: 10
kni_log_level: 10
#日志等级 DEBUG INFO FATAL
tfe_log_level: FATAL
tfe_http_log_level: FATAL
pangu_log_level: FATAL
doh_log_level: FATAL
certstore_log_level: 10
packet_dump_log_level: 10
#########################################
#Sapp Performance Config
#如果tsg_access_type=0sapp跑在pcap模式则以下配置可忽略
sapp:
worker_threads: 23
send_only_threads_max: 1
bind_mask: 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24
inbound_route_dir: 1
prometheus_enable: 1
prometheus_port: 9273
prometheus_url_path: "/metrics"
#########################################
#Sapp Double-Arm Config
packet_io:
internal_interface: eth2
external_interface: eth3
#########################################
#Kni Config
kni:
global:
tfe_node_count: 1
watch_dog:
switch: 1
maat:
readconf_mode: 2
send_logger:
switch: 1
tfe_nodes:
tfe0_enabled: 1
tfe1_enabled: 0
tfe2_enabled: 0
#########################################
#Tfe Config
tfe:
nr_threads: 32
mirror_enable: 1
#########################################
#Marsio Config
mrzcpd:
iocore: 39
mrtunnat:
lcore_id: 38
#########################################
#Tsg_app
tsg_app:
enable: 1
#########################################
#ATCA Config
#下列配置只在tsg_access_type=4 or 5时生效
ATCA_data_incoming:
ethname: enp1s0
vf0_name: enp1s2
vf1_name: enp1s2f1
vf2_name: enp1s2f2
ATCA_VlanFlipping:
vlanID_1: 100
vlanID_2: 101
vlanID_3: 103
vlanID_4: 104
#下列配置只在tsg_access_type=5时生效
ATCA_VXLAN:
keepalive_ip: "10.254.19.1"
keepalive_mask: "255.255.255.252"
#########################################
#Inline Device Config
inline_device_config:
keepalive_ip: 192.168.1.30
keepalive_mask: 255.255.255.252
data_incoming: eth5
#########################################
#新增配置项,均为默认值不用改
breakpad_upload_url: http://127.0.0.1:9000/api/2/minidump/?sentry_key=3556bac347c74585a994eb6823faf5c6
data_center: Beijing
tsg_master_entrance_id: 0
pangu_pxy:
log_cache:
address: "10.9.62.253"
port: 9090
firewall:
hos_serverip: "192.168.40.223"
hos_serverport: 9098
hos_accesskeyid: "default"
hos_secretkey: "default"
hos_poolsize: 100
hos_thread_sum: 32
hos_cache_size: 102400
hos_fs2_serverip: "127.0.0.1"
hos_fs2_serverport: 10086
APP_SKETCH_LOG_LEVEL: 10
APP_SKETCH_LOG_PATH: "./tsglog/app_sketch_local/app_sketch_local"
APP_SKETCH_L7_PROTOCOL_LABEL: "BASIC_PROTO_LABEL"
APP_SKETCH_QOS: 1
APP_SKETCH_PUBLISH_TOPIC: "APP_SIGNATURE_ID"
APP_SKETCH_BROKER_LIST: "tcp://192.168.40.161:1883"
dump_rtp_pcap:
aws_access_key_id: "default"
aws_secret_access_key: "default"
aws_session_token: "c21f969b5f03d33d43e04f8f136e7682"
consume_bootstrap_servers: ['192.168.44.14:9092']
endpoint_url: "http://192.168.44.67:9098/hos/"
produce_bootstrap_servers: "192.168.44.14:9092"
queue_size: 5000000
coroutine_max_num: 200
coroutine_num: 100
qfull_mode: 0
qfull_interval: 5