OMPUB-159:新增v21.06适配mirror流量的DPI安装包

roles/adc_exporter/tasks/main.yml

@@ -1,72 +0,0 @@
-- name: "copy freeipmi tools"
-  copy:
-    src: '{{ role_path }}/files/freeipmi-1.5.7-3.el7.x86_64.rpm'
-    dest: /tmp/ansible_deploy/
-
-- name: "Install freeipmi rpm package"
-  yum:
-    name:
-      - "/tmp/ansible_deploy/freeipmi-1.5.7-3.el7.x86_64.rpm"
-    state: present
-
-- name: "mkdir /opt/adc-exporter/"
-  file:
-    path: /opt/adc-exporter/
-    state: directory
-
-- name: "copy node_exporter"
-  copy:
-    src: '{{ role_path }}/files/node_exporter'
-    dest: /opt/adc-exporter/node_exporter
-    mode: 0755
-
-- name: "copy systemd_exporter"
-  copy:
-    src: '{{ role_path }}/files/systemd_exporter'
-    dest: /opt/adc-exporter/systemd_exporter
-    mode: 0755
-
-- name: "copy ipmi_exporter"
-  copy:
-    src: '{{ role_path }}/files/ipmi_exporter'
-    dest: /opt/adc-exporter/ipmi_exporter
-    mode: 0755
-
-- name: "templates adc-exporter-node.service"
-  template:
-    src: "{{role_path}}/templates/adc-exporter-node.service.j2"
-    dest: /usr/lib/systemd/system/adc-exporter-node.service
-  tags: template
-
-- name: "templates adc-exporter-systemd.service"
-  template:
-    src: "{{role_path}}/templates/adc-exporter-systemd.service.j2"
-    dest: /usr/lib/systemd/system/adc-exporter-systemd.service
-  tags: template
-
-- name: "templates adc-exporter-ipmi.service"
-  template:
-    src: "{{role_path}}/templates/adc-exporter-ipmi.service.j2"
-    dest: /usr/lib/systemd/system/adc-exporter-ipmi.service
-  tags: template
-
-- name: 'adc-exporter-node service start'
-  systemd:
-    name: adc-exporter-node
-    enabled: yes
-    daemon_reload: yes
-    state: started
-
-- name: 'adc-exporter-systemd service start'
-  systemd:
-    name: adc-exporter-systemd
-    enabled: yes
-    daemon_reload: yes
-    state: restarted
-
-- name: 'adc-exporter-ipmi service start'
-  systemd:
-    name: adc-exporter-ipmi
-    enabled: yes
-    daemon_reload: yes
-    state: restarted

roles/adc_exporter/templates/adc-exporter-ipmi.service.j2

@@ -1,11 +0,0 @@
-[Unit]
-Description=IPMI Exporter
-After=network.target
-
-[Service]
-Type=simple
-ExecStart=/opt/adc-exporter/ipmi_exporter
-Restart=always
-
-[Install]
-WantedBy=multi-user.target

roles/adc_exporter/templates/adc-exporter-node.service.j2

@@ -1,11 +0,0 @@
-[Unit]
-Description=Node Exporter
-After=network.target
-
-[Service]
-Type=simple
-ExecStart=/opt/adc-exporter/node_exporter
-Restart=always
-
-[Install]
-WantedBy=multi-user.target

roles/adc_exporter/templates/adc-exporter-systemd.service.j2

@@ -1,11 +0,0 @@
-[Unit]
-Description=Systemd Exporter
-After=network.target
-
-[Service]
-Type=simple
-ExecStart=/opt/adc-exporter/systemd_exporter --web.disable-exporter-metrics
-Restart=always
-
-[Install]
-WantedBy=multi-user.target

roles/adc_exporter_ping/tasks/main.yml

@@ -1,23 +0,0 @@
-- name: "mkdir /opt/adc-exporter/"
-  file:
-    path: /opt/adc-exporter/
-    state: directory
-
-- name: "copy ping_exporter"
-  copy:
-    src: '{{ role_path }}/files/ping_exporter'
-    dest: /opt/adc-exporter/ping_exporter
-    mode: 0755
-
-- name: "templates ping_exporter.service"
-  template:
-    src: "{{role_path}}/templates/adc-exporter-ping.service.j2"
-    dest: /usr/lib/systemd/system/adc-exporter-ping.service
-  tags: template
-
-- name: 'adc-exporter-ping service start'
-  systemd:
-    name: adc-exporter-ping
-    enabled: yes
-    daemon_reload: yes
-    state: restarted

roles/adc_exporter_ping/templates/adc-exporter-ping.service.j2

@@ -1,11 +0,0 @@
-[Unit]
-Description=Ping Exporter
-After=network.target
-
-[Service]
-Type=simple
-ExecStart=/opt/adc-exporter/ping_exporter {{ ping_test.target|join(" ")}} --ping.size=512 --ping.interval=0.5s
-Restart=always
-
-[Install]
-WantedBy=multi-user.target

roles/adc_exporter_proxy/tasks/main.yml

@@ -1,34 +0,0 @@
-- name: "mkdir /opt/adc-exporter-proxy/"
-  file:
-    path: /opt/adc-exporter-proxy/
-    state: directory
-
-- name: "copy file to device"
-  copy:
-    src: '{{ role_path }}/files/'
-    dest: /tmp/ansible_deploy/
-    
-- name: "unarchive adc-exporter-proxy(NGINX)"
-  unarchive:
-    src: /tmp/ansible_deploy/adc_exporter_proxy.tar.gz
-    dest: /opt/adc-exporter-proxy
-    remote_src: yes
-
-- name: "templates adc-exporter-proxy.service"
-  template:
-    src: "{{role_path}}/templates/adc-exporter-proxy.service.j2"
-    dest: /usr/lib/systemd/system/adc-exporter-proxy.service
-  tags: template
-
-- name: "template nginx.conf"
-  template:
-    src: "{{role_path}}/templates/nginx.conf.j2"
-    dest: /opt/adc-exporter-proxy/adc-exporter-proxy/conf/nginx.conf
-  tags: template
-
-- name: 'adc-exporter-proxy service start'
-  systemd:
-    name: adc-exporter-proxy
-    enabled: yes
-    daemon_reload: yes
-    state: restarted

roles/adc_exporter_proxy/templates/adc-exporter-proxy.service.j2

@@ -1,12 +0,0 @@
-[Unit]
-Description=ADC Exporter Proxy (NGINX) for NEZHA
-After=network.target remote-fs.target nss-lookup.target
-
-[Service]
-Type=simple
-ExecStart=/opt/adc-exporter-proxy/adc-exporter-proxy/sbin/nginx -p /opt/adc-exporter-proxy/adc-exporter-proxy
-ExecReload=/opt/adc-exporter-proxy/adc-exporter-proxy/sbin/nginx -p /opt/adc-exporter-proxy/adc-exporter-proxy -s reload
-ExecStop=/opt/adc-exporter-proxy/adc-exporter-proxy/sbin/nginx -p /opt/adc-exporter-proxy/adc-exporter-proxy -s stop
-
-[Install]
-WantedBy=multi-user.target

roles/adc_exporter_proxy/templates/nginx.conf.j2

@@ -1,152 +0,0 @@
-
-user  nobody;
-worker_processes  1;
-daemon off;
-
-error_log  logs/error.log;
-error_log  logs/error.log  notice;
-error_log  logs/error.log  info;
-pid        logs/nginx.pid;
-
-
-events {
-    worker_connections  1024;
-}
-
-http {
-    include       mime.types;
-    default_type  application/octet-stream;
-
-    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
-                      '$status $body_bytes_sent "$http_referer" '
-                      '"$http_user_agent" "$http_x_forwarded_for"';
-
-    #access_log  logs/access.log  main;
-
-    sendfile        on;
-    tcp_nopush     on;
-
-    keepalive_timeout  65;
-    gzip  on;
-
-    server {
-	    listen       9000;
-	    server_name  localhost;
-
-	    location /metrics/blade/mcn0/node_exporter {
-		    proxy_pass   http://192.168.100.1:9100/metrics;
-	    }
-
-	    location /metrics/blade/mcn1/node_exporter {
-		    proxy_pass   http://192.168.100.2:9100/metrics;
-	    }
-
-	    location /metrics/blade/mcn2/node_exporter {
-		    proxy_pass   http://192.168.100.3:9100/metrics;
-	    }
-
-	    location /metrics/blade/mcn3/node_exporter {
-		    proxy_pass   http://192.168.100.4:9100/metrics;
-	    }
-
-	    location /metrics/blade/mxn/node_exporter {
-		    proxy_pass   http://192.168.100.5:9100/metrics;
-	    }
-
-            location /metrics/blade/mcn0/systemd_exporter {
-                    proxy_pass   http://192.168.100.1:9558/metrics;
-            }
-
-            location /metrics/blade/mcn1/systemd_exporter {
-                    proxy_pass   http://192.168.100.2:9558/metrics;
-            }
-
-            location /metrics/blade/mcn2/systemd_exporter {
-                    proxy_pass   http://192.168.100.3:9558/metrics;
-            }
-
-            location /metrics/blade/mcn3/systemd_exporter {
-                    proxy_pass   http://192.168.100.4:9558/metrics;
-            }
-
-	    location /metrics/blade/mcn0/ipmi_exporter {
-		    proxy_pass   http://192.168.100.1:9290/metrics;
-	    }
-
-	    location /metrics/blade/mcn1/ipmi_exporter {
-		    proxy_pass   http://192.168.100.2:9290/metrics;
-	    }
-
-	    location /metrics/blade/mcn2/ipmi_exporter {
-		    proxy_pass   http://192.168.100.3:9290/metrics;
-	    }
-
-	    location /metrics/blade/mcn3/ipmi_exporter {
-		    proxy_pass   http://192.168.100.4:9290/metrics;
-	    }
-
-	    location /metrics/blade/mxn/ipmi_exporter {
-		    proxy_pass   http://192.168.100.5:9290/metrics;
-	    }
-
-            location /metrics/blade/mcn0/certstore {
-                    proxy_pass   http://192.168.100.1:9002/metrics;
-            }
-
-            location /metrics/blade/mcn1/tfe {
-                    proxy_pass   http://192.168.100.2:9001/metrics;
-            }
-
-            location /metrics/blade/mcn2/tfe {
-                    proxy_pass   http://192.168.100.3:9001/metrics;
-            }
-
-            location /metrics/blade/mcn3/tfe {
-                    proxy_pass   http://192.168.100.4:9001/metrics;
-            }
-
-            location /metrics/blade/mcn0/sapp {
-                    proxy_pass   http://192.168.100.1:9273/metrics;
-            }
-
-            location /metrics/blade/mcn0/mrapm_device {
-                    proxy_pass   http://192.168.100.1:8901/metrics;
-            }
-
-	    location /metrics/blade/mcn0/mrapm_stream {
-                    proxy_pass   http://192.168.100.1:8902/metrics;
-            }
-
-	    location /metrics/blade/mcn1/mrapm_device {
-                    proxy_pass   http://192.168.100.2:8901/metrics;
-            }
-
-	    location /metrics/blade/mcn1/mrapm_stream {
-                    proxy_pass   http://192.168.100.2:8902/metrics;
-            }
-
-            location /metrics/blade/mcn2/mrapm_device {
-                    proxy_pass   http://192.168.100.3:8901/metrics;
-            }
-
-	    location /metrics/blade/mcn2/mrapm_stream {
-                    proxy_pass   http://192.168.100.3:8902/metrics;
-            }
-
-            location /metrics/blade/mcn3/mrapm_device {
-                    proxy_pass   http://192.168.100.4:8901/metrics;
-            }
-
-	    location /metrics/blade/mcn3/mrapm_stream {
-                    proxy_pass   http://192.168.100.4:8902/metrics;
-            }
-
-            location /metrics/blade/mcn0/maat_redis {
-                    proxy_pass   http://192.168.100.1:9121/metrics;
-            }
-
-            location /metrics/blade/mcn0/ping_exporter {
-                    proxy_pass   http://192.168.100.1:9427/metrics;
-            }
-    }
-}

roles/app_global/tasks/main.yml

@@ -1,36 +0,0 @@
-- name: "copy app_global rpm to destination server"
-  copy:
-    src: "{{ role_path }}/files/"
-    dest: /tmp/ansible_deploy/
-
-- name: "install app rpms from localhost"
-  yum:
-    name:
-      - /tmp/ansible_deploy/emqx-centos7-v4.1.2.x86_64.rpm
-      - /tmp/ansible_deploy/app-sketch-global-1.0.3.202010.a7b2e40-1.el7.x86_64.rpm
-    state: present
-
-- name: "template the app_sketch_global.conf"
-  template:
-    src: "{{ role_path }}/templates/app_sketch_global.conf.j2"
-    dest: /opt/tsg/app-sketch-global/conf/app_sketch_global.conf
-
-- name: "template the zlog.conf"
-  template:
-    src: "{{ role_path }}/templates/zlog.conf.j2"
-    dest: /opt/tsg/app-sketch-global/conf/zlog.conf
-
-- name: "Start emqx"
-  systemd:
-    name: emqx.service
-    state: started
-    enabled: yes
-    daemon_reload: yes
-    
-
-- name: "Start app-sketch-global"
-  systemd:
-    name: app-sketch-global.service
-    state: started
-    enabled: yes
-    daemon_reload: yes

roles/app_global/templates/app_sketch_global.conf.j2

@@ -1,41 +0,0 @@
-[SYSTEM]
-#1:print on screen, 0:don't
-DEBUG_SWITCH = 1
-RUN_LOG_PATH = "conf/zlog.conf"
-
-[breakpad]
-disable_coredump=0
-enable_breakpad=1
-breakpad_minidump_dir=/tmp/app-sketch-global/crashreport
-enable_breakpad_upload=0
-breakpad_upload_url={{ breakpad_upload_url }}
-
-[CONFIG]
-#Number of running threads
-thread-nu = 1
-timeout = 3600
-address="tcp://127.0.0.1:1883"
-topic_name="APP_SIGNATURE_ID"
-client_name="ExampleClientSub"
-
-[maat]
-# 0:json 1: redis 2: iris
-maat_input_mode=1
-table_info=./resource/table_info.conf
-json_cfg_file=./resource/gtest.json
-stat_file=logs/verify-policy.status
-full_cfg_dir=verify-policy/
-inc_cfg_dir=verify-policy/
-
-maat_redis_server={{ maat_redis_server.address }}
-maat_redis_port_range={{ maat_redis_server.port }}
-maat_redis_db_index={{ maat_redis_server.db }}
-effect_interval_s=1
-accept_tags={"tags":[{"tag":"location","value":"Astana"}]}
-
-[stat]
-statsd_server={{ file_stat_ip }}
-statsd_port=8100
-statsd_cycle=5
-# FS_OUTPUT_STATSD=1, FS_OUTPUT_INFLUX_LINE=2
-statsd_format=2

roles/app_global/templates/zlog.conf.j2

@@ -1,12 +0,0 @@
-[global]
-default format = "%d(%c), %V, %F, %U, %m%n"
-[levels]
-DEBUG=10
-INFO=20
-FATAL=30
-[rules]
-*.fatal        "./logs/error.log.%d(%F)";
-*.{{ app_sketch_global_log_level }}		"./logs/app_sketch_global.log.%d(%F)"
-
-
-

roles/cert-redis/files/cert-redis.service

@@ -1,12 +0,0 @@
-[Unit]
-Description=Redis persistent key-value database
-After=network.target
-
-[Service]
-ExecStart=/usr/bin/redis-server /etc/cert-redis.conf --supervised systemd
-ExecStop=/usr/libexec/redis-shutdown cert-redis
-Type=notify
-
-[Install]
-WantedBy=multi-user.target
-

roles/cert-redis/tasks/main.yml

@@ -1,15 +0,0 @@
-- name: "copy cert-redis file to dest"
-  copy:
-    src: "{{ role_path }}/files/"
-    dest: "{{ item.dest }}"
-    mode: "{{ item.mode }}"
-  with_items:
-    - { src: "cert-redis.conf" , dest: "/etc" , mode: "0644" } 
-    - { src: "cert-redis.service" , dest: "/usr/lib/systemd/system" , mode: "0644" }
-
-- name: "start cert-redis"
-  systemd:
-    name: cert-redis.service
-    state: started
-    daemon_reload: yes
-    enabled: yes

roles/certstore/files/memory.conf

@@ -1,3 +0,0 @@
-[Service]
-MemoryLimit=16G
-ExecStartPost=/bin/bash -c "echo 16G > /sys/fs/cgroup/memory/system.slice/certstore.service/memory.memsw.limit_in_bytes"

roles/certstore/tasks/main.yml

@@ -1,37 +0,0 @@
-- name: "copy certstore rpm to destination"
-  synchronize:
-    src: "{{ role_path }}/files/"
-    dest: "/tmp/ansible_deploy/"
-
-- name: Ensures /opt/tsg exists
-  file: path=/opt/tsg state=directory
-  tags: mkdir
-
-- name: install certstore
-  yum:
-    name:
-      - /tmp/ansible_deploy/certstore-2.1.7.20210422.3f0c7ed-1.el7.x86_64.rpm
-    state: present
-
-- name: template certstore configure file
-  template:
-    src: "{{ role_path }}/templates/cert_store.ini.j2"
-    dest: /opt/tsg/certstore/conf/cert_store.ini
-
-- name: template certstore zlog file
-  template:
-    src: "{{ role_path }}/templates/zlog.conf.j2"
-    dest: /opt/tsg/certstore/conf/zlog.conf
-
-- name: "copy memory limit file to certstore.service.d"
-  copy:
-    src: "{{ role_path }}/files/memory.conf"
-    dest: /etc/systemd/system/certstore.service.d/
-    mode: 0644
-
-- name: "start certstore"
-  systemd:
-    name: certstore.service
-    state: started
-    enabled: yes
-    daemon_reload: yes

roles/certstore/templates/cert_store.ini.j2

@@ -1,60 +0,0 @@
-[SYSTEM]
-#1:print on screen, 0:don't
-DEBUG_SWITCH = 1
-RUN_LOG_PATH = "conf/zlog.conf"
-
-[breakpad]
-disable_coredump=0
-enable_breakpad=1
-breakpad_minidump_dir=/tmp/certstore/crashreport
-enable_breakpad_upload=1
-breakpad_upload_url= {{ breakpad_upload_url }}
-
-[CONFIG]
-#Number of running threads
-thread-nu = 4
-#1 rsync, 0 sync
-mode=1
-#Local default root certificate is valid for 30 days by default
-expire_after = 30
-#Local default root certificate path
-local_debug = 1
-ca_path = ./cert/tango-ca-v3-trust-ca.pem
-untrusted_ca_path = ./cert/tango-ca-v3-untrust-ca.pem
-
-[MAAT]
-#Configure the load mode,
-#0: using the configuration distribution network
-#1: using local json
-#2: using Redis reads
-maat_json_switch=2
-#When the loading mode is sent to the network, set the scanning configuration modification interval (s).
-effective_interval=1
-#Specify the location of the configuration library table file
-table_info=./conf/table_info.conf
-#Incremental profile path
-inc_cfg_dir=./rule/inc/index
-#Full profile path
-full_cfg_dir=./rule/full/index
-#Json file path when json schema is used
-pxy_obj_keyring=./conf/pxy_obj_keyring.json
-
-[LIBEVENT]
-#Local monitor port number, default is 9991
-port = 9991
-
-[CERTSTORE_REDIS]
-#The Redis server IP address and port number where the certificate is stored locally
-ip = 127.0.0.1
-port = 6379
-
-[MAAT_REDIS]
-#Maat monitors the Redsi server IP address and port number
-ip = {{ maat_redis_server.address }}
-port = {{ maat_redis_server.port }}
-dbindex =  {{ maat_redis_server.db }}
-[stat]
-statsd_server=127.0.0.1
-statsd_port=8100
-statsd_set_prometheus_port=9002
-statsd_set_prometheus_url_path=/metrics

roles/certstore/templates/zlog.conf.j2

@@ -1,10 +0,0 @@
-[global]
-default format = "%d(%c), %V, %F, %U, %m%n"
-[levels]
-DEBUG=10
-INFO=20
-FATAL=30
-[rules]
-*.fatal        "./logs/error.log.%d(%F)";
-*.{{ certstore_log_level }}        "./logs/certstore.log.%d(%F)"
-

roles/docker-env/files/daemon.json

@@ -1 +0,0 @@
-{"iptables":false,"bridge": "none"}

roles/docker-env/tasks/docker-ce.yml

@@ -1,43 +0,0 @@
----
-- name: "docker-ce: copy docker-ce.zip to dest device"
-  copy:
-    src: '{{ role_path }}/files/docker-ce.zip'
-    dest: /tmp/ansible_deploy/
-    
-- name: "docker-ce: unarchive docker-ce.zip"
-  unarchive:
-    src: /tmp/ansible_deploy/docker-ce.zip
-    dest: /tmp/ansible_deploy/
-    remote_src: yes
-
-- name: "docker-ce: install docker-ce rpm package and dependencies"
-  yum:
-    name:
-      - /tmp/ansible_deploy/docker-ce/container-selinux-2.119.2-1.911c772.el7_8.noarch.rpm
-      - /tmp/ansible_deploy/docker-ce/docker-ce-19.03.13-3.el7.x86_64.rpm
-      - /tmp/ansible_deploy/docker-ce/docker-ce-cli-19.03.13-3.el7.x86_64.rpm
-      - /tmp/ansible_deploy/docker-ce/containerd.io-1.3.7-3.1.el7.x86_64.rpm
-      - /tmp/ansible_deploy/docker-ce/selinux-policy-targeted-3.13.1-266.el7_8.1.noarch.rpm
-      - /tmp/ansible_deploy/docker-ce/selinux-policy-3.13.1-266.el7_8.1.noarch.rpm
-      - /tmp/ansible_deploy/docker-ce/policycoreutils-python-2.5-34.el7.x86_64.rpm
-      - /tmp/ansible_deploy/docker-ce/policycoreutils-2.5-34.el7.x86_64.rpm
-      - /tmp/ansible_deploy/docker-ce/libselinux-utils-2.5-15.el7.x86_64.rpm
-      - /tmp/ansible_deploy/docker-ce/libselinux-python-2.5-15.el7.x86_64.rpm
-      - /tmp/ansible_deploy/docker-ce/libselinux-2.5-15.el7.x86_64.rpm
-      - /tmp/ansible_deploy/docker-ce/setools-libs-3.3.8-4.el7.x86_64.rpm
-      - /tmp/ansible_deploy/docker-ce/libsepol-2.5-10.el7.x86_64.rpm
-      - /tmp/ansible_deploy/docker-ce/libsemanage-python-2.5-14.el7.x86_64.rpm
-      - /tmp/ansible_deploy/docker-ce/libsemanage-2.5-14.el7.x86_64.rpm
-    state: present
-
-- name: "docker-ce: copy daemon.json to target"
-  copy:
-    src: '{{ role_path }}/files/daemon.json'
-    dest: /etc/docker/
-
-- name: "docker-ce: systemctl start docker and enabled docker"
-  systemd:
-    name: docker
-    enabled: yes
-    daemon_reload: yes
-    state: started

roles/docker-env/tasks/docker-compose.yml

@@ -1,18 +0,0 @@
----
-- name: "docker-compose: copy docker-compose.zip to dest device"
-  copy:
-    src: '{{ role_path }}/files/docker-compose.zip'
-    dest: /tmp/ansible_deploy/
-
-- name: "docker-compose: unarchive docker-compose.zip"
-  unarchive:
-    src: /tmp/ansible_deploy/docker-compose.zip
-    dest: /tmp/ansible_deploy/
-    remote_src: yes
-
-- name: "docker-compose: install docker-compose using pip3"
-  pip:
-    requirements: /tmp/ansible_deploy/docker-compose/requirements.txt
-    extra_args: "--no-index --find-links=file:///tmp/ansible_deploy/docker-compose"
-    state: forcereinstall
-    executable: pip3

roles/docker-env/tasks/main.yml

@@ -1,4 +0,0 @@
----
-- include: docker-ce.yml
-- include: python3.yml 
-- include: docker-compose.yml 

roles/docker-env/tasks/python3.yml

@@ -1,21 +0,0 @@
----
-- name: "python3: copy python3.zip to dest device"
-  copy:
-    src: '{{ role_path }}/files/python3.zip'
-    dest: /tmp/ansible_deploy/
-    
-- name: "python3: unarchive python3.zip"
-  unarchive:
-    src: /tmp/ansible_deploy/python3.zip
-    dest: /tmp/ansible_deploy/
-    remote_src: yes
-
-- name: "python3: install python3 rpm package and dependencies"
-  yum:
-    name:
-      - /tmp/ansible_deploy/python3/python3-libs-3.6.8-13.el7.x86_64.rpm
-      - /tmp/ansible_deploy/python3/python3-3.6.8-13.el7.x86_64.rpm
-      - /tmp/ansible_deploy/python3/python3-pip-9.0.3-7.el7_7.noarch.rpm
-      - /tmp/ansible_deploy/python3/python3-setuptools-39.2.0-10.el7.noarch.rpm
-      - /tmp/ansible_deploy/python3/libtirpc-0.2.4-0.16.el7.x86_64.rpm
-    state: present

roles/dump_rtp_pcap/tasks/main.yml

@@ -1,22 +0,0 @@
-- name: "dump-rtp-pcap: copy dump-rtp-pcap rpm package to destination"
-  copy:
-    src: "{{ role_path }}/files/"
-    dest: /tmp/ansible_deploy/
-
-- name: "dump-rtp-pcap: install dump-rtp-pcap rpm from localhost"
-  yum:
-    name:
-      - /tmp/ansible_deploy/dump_rtp_pcap-1.0.2.445da24-2.el7.x86_64.rpm
-    state: present
-
-- name: "dump-rtp-pcap: Template the dump_rtp_pcap.json"
-  template:
-    src: "{{ role_path }}/templates/dump_rtp_pcap.json.j2"
-    dest: /home/mesasoft/dump_rtp_pcap/dump_rtp_pcap.json
-  tags: template
- 
-- name: "start dump_rtp_pcap"
-  systemd:
-    name: dump_rtp_pcap.service
-    enabled: yes
-    daemon_reload: yes

roles/dump_rtp_pcap/templates/dump_rtp_pcap.json.j2

@@ -1,23 +0,0 @@
-{
-    "endian":"little",
-    "aws_access_key_id": "{{ dump_rtp_pcap.aws_access_key_id }}",
-    "aws_secret_access_key": "{{ dump_rtp_pcap.aws_secret_access_key }}",
-    "aws_session_token": "{{ dump_rtp_pcap.aws_session_token }}",
-    "bucket_name": "rtp-log",
-    "consume_auto_offset_reset":"latest",
-    "consume_bootstrap_servers": ["{{ dump_rtp_pcap.consume_bootstrap_servers | join("\",\"") }}"],
-    "consume_topic": "INTERNAL-RTP-LOG",
-    "endpoint_url": "{{ dump_rtp_pcap.endpoint_url }}",
-    "file_prefix":"rtp_log",
-    "group_id": "rtp-log-1",
-    "produce_bootstrap_servers": "{{ dump_rtp_pcap.produce_bootstrap_servers }}",
-    "produce_topic": "VOIP-RECORD-LOG",
-    "region_name": "us-east-1",
-    "save_speed_emit_interval":30,
-    "upload_speed_emit_interval":30,
-    "queue_size":{{ dump_rtp_pcap.queue_size }},
-    "coroutine_max_num":{{ dump_rtp_pcap.coroutine_max_num }},
-    "coroutine_num":{{ dump_rtp_pcap.coroutine_num }},
-    "qfull_mode":{{ dump_rtp_pcap.qfull_mode }},
-    "qfull_interval":{{ dump_rtp_pcap.qfull_interval }}
-}

roles/firewall/tasks/main.yml

@@ -11,27 +11,25 @@
     skip_broken: yes
   vars:
     fw_packages:
-      - /tmp/ansible_deploy/capture_packet_plug-3.0.6.a2db4a4-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/conn_telemetry-1.0.2.8d6da43-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/dns-2.0.11.2265b5c-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/dns-2.0.12.e083fec-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/ftp-1.0.8.13d5fda-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/fw_dns_plug-3.0.5.2a25c20-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/fw_dns_plug-3.0.6.57c2feb-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/fw_ftp_plug-3.0.1.0a78573-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/fw_http_plug-3.2.3.6b8c95d-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/fw_mail_plug-3.1.1.777fa90-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/fw_quic_plug-3.0.4.947ef77-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/fw_ssl_plug-3.0.6.a121701-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/fw_ssl_plug-3.1.1.d9e9de4-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/http-2.0.5.c61ad9a-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/mail-1.0.9.c1d3bde-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/mail-1.0.11.48abeae-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/quic-1.1.17.8c22b4d-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/ssl-1.0.12.16b8fb5-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/tsg_conn_sketch-2.1.33.68c9aaf-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/ssl-2.0.2.1389716-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/tsg_conn_sketch-2.1.41.906e62b-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/rtp-1.0.4.91b4ab7-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/mesa_sip-1.1.0.cfebc76-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/mesa_sip-1.1.1.0721ead-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/fw_voip_plug-1.0.6.341fe83-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/app_proto_identify-2.0.1.dd683eb-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/gtp-1.0.4.8804e43-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/gtp_signaling_plug-1.0.1.6e51cc4-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/gtp_signaling_plug-1.0.2.2dfced5-2.el7.x86_64.rpm
 
 - name: "Template the tsgconf/main.conf"
   template:
@@ -46,11 +44,6 @@
     dest: /home/mesasoft/sapp_run/tsgconf/maat.conf
   tags: template
 
-- name: "Template the conf/capture_packet_plug.conf.j2"
-  template:
-    src: "{{ role_path }}/templates/capture_packet_plug.conf.j2"
-    dest: /home/mesasoft/sapp_run/conf/capture_packet_plug.conf
-  tags: template
 
 - name: "Template the tsgconf/app_l7_proto_id.conf"
   template:
@@ -63,3 +56,8 @@
     dest: /home/mesasoft/sapp_run/plug/business/tsg_conn_sketch/tsg_conn_sketch.inf
   tags: template
 
+- name: "Template the conf/http/http.conf"
+  template:
+    src: "{{ role_path }}/templates/http.conf.j2"
+    dest:  /home/mesasoft/sapp_run/conf/http/http.conf
+  tags: template

roles/firewall/templates/app_l7_proto_id.conf.j2

@@ -1,51 +0,0 @@
-#TYPE：1:UCHAR,2:USHORT,3:USTRING,4:ULOG,5:USTRING,6:FILE,7:UBASE64,8:PACKET
-#TYPE	FIELD		VALUE
-STRING	UNCATEGORIZED	100
-STRING	UNCATEGORIZED	101
-STRING	UNKNOWN_OTHER	102
-STRING	DNS		103
-STRING	FTP		104
-STRING	FTPS		105
-STRING	HTTP		106
-STRING	HTTPS		107
-STRING	ICMP		108
-STRING	IKE		109
-STRING	MAIL		110
-STRING	IMAPS		111
-STRING	IPSEC		112
-STRING	XMPP		113
-STRING	L2TP		114
-STRING	NTP		115
-STRING	POP3S		117
-STRING	PPTP		118
-STRING	QUIC		119
-STRING	SIP		120
-STRING	SMB		121
-STRING	SMTPS		123
-STRING	SPDY		124
-STRING	SSH		125
-STRING	SSL		126
-STRING	SOCKS		127
-STRING	TELNET		128
-STRING	DHCP		129
-STRING	RADIUS		130
-STRING	OPENVPN		131
-STRING	STUN		132
-STRING	TEREDO		133
-STRING	DTLS		134
-STRING	DoH		135
-STRING	ISAKMP		136
-STRING	MDNS		137
-STRING	NETBIOS		138
-STRING	NETFLOW		139
-STRING	RDP		140
-STRING	RTCP		141
-STRING	RTP		142
-STRING	SLP		143
-STRING	SNMP		144
-STRING	SSDP		145
-STRING	TFTP		146
-STRING	BJNP		147
-STRING	LDAP		148
-STRING	RTMP		149
-STRING	RTSP		150

roles/firewall/templates/capture_packet_plug.conf.j2

@@ -1,28 +0,0 @@
-[MAAT]
-MAAT_MODE=2
-#EFFECTIVE_FLAG=
-STAT_SWITCH=1
-PERF_SWITCH=1
-TABLE_INFO=conf/capture_packet_tableinfo.conf
-STAT_FILE=capture_packet_maat.status
-EFFECT_INTERVAL_S=1
-REDIS_IP={{ maat_redis_server.address }}
-REDIS_PORT_NUM={{ maat_redis_server.port_num }}
-REDIS_PORT={{ maat_redis_server.port }}
-REDIS_INDEX={{ maat_redis_server.db }}
-JSON_CFG_FILE=conf/capture_packet_maat.json
-INC_CFG_DIR=capture_packet_rule/inc/index/
-FULL_CFG_DIR=capture_packet_rule/full/index/
-EFFECTIVE_RANGE_FILE=/opt/tsg/etc/tsg_device_tag.json
-
-ACCEPT_TAGS={"tags":[{"tag":"data_center","value":"{{ data_center }}"}]}
-
-[LOG]
-NIC_NAME={{ nic_mgr.name }}
-BROKER_LIST={{ log_kafkabrokers.address | join(",") }}
-FIELD_FILE=conf/capture_packet_log_field.conf
-
-[SYSTEM]
-LOG_LEVEL={{ capture_packet_log_level }}
-LOG_PATH=./tsglog/capture_packet_plug/capture_packet
-

roles/firewall/templates/http.conf.j2

@@ -0,0 +1,43 @@
+#http_special
+#all regions
+1	HTTP_ALL
+2	HTTP_OTHER_REGIONS
+#http state
+3	HTTP_STATE
+4	HTTP_REQ_LINE
+5	HTTP_RES_LINE	
+6	HTTP_CONTENT            
+7	HTTP_UNGZIP_CONTENT
+8	HTTP_MESSAGE_URL
+9	HTTP_URI
+#http_request
+10	HTTP_HOST
+11	HTTP_REFERER
+12	HTTP_USER_AGENT
+13	HTTP_COOKIE
+14	HTTP_PROXY_AUTHORIZATION
+15	HTTP_AUTHORIZATION
+#http_response
+16	HTTP_LOCATION
+17	HTTP_SERVER
+18	HTTP_ETAG
+#http_general
+19	HTTP_DATE
+20	HTTP_TRAILER
+21	HTTP_TRANSFER_ENCODING
+22	HTTP_VIA
+23	HTTP_PRAGMA
+24	HTTP_CONNECTION
+#http_content
+25	HTTP_CONT_ENCODING
+26	HTTP_CONT_LANGUAGE
+27	HTTP_CONT_LOCATION
+28	HTTP_CONT_DISPOSITION
+29	HTTP_CONT_RANGE
+30	HTTP_CONT_LENGTH
+31	HTTP_CONT_TYPE
+32	HTTP_CHARSET
+33	HTTP_EXPIRES
+34	HTTP_X_FLASH_VERSION
+35	HTTP_TRANSFER_LENGTH
+36	Set-Cookie

roles/firewall/templates/maat.conf.j2

@@ -32,21 +32,5 @@ INC_CFG_DIR=tsgrule/inc/index/
 FULL_CFG_DIR=tsgrule/full/index/
 EFFECTIVE_RANGE_FILE=/opt/tsg/etc/tsg_device_tag.json
 
-[APP_SIGNATURE_MAAT]
-MAAT_MODE=2
-STAT_SWITCH=1
-PERF_SWITCH=1
-TABLE_INFO=tsgconf/app_sketch_tableinfo.conf
-STAT_FILE=app_sketch_maat.status
-EFFECT_INTERVAL_S=1
-REDIS_IP={{ maat_redis_server.address }}
-REDIS_PORT_NUM={{ maat_redis_server.port_num }}
-REDIS_PORT={{ maat_redis_server.port }}
-REDIS_INDEX={{ maat_redis_server.db }}
-JSON_CFG_FILE=tsgconf/app_sketch_maat.json
-INC_CFG_DIR=tsgrule/inc/index/
-FULL_CFG_DIR=tsgrule/full/index/
-EFFECTIVE_RANGE_FILE=/opt/tsg/etc/tsg_device_tag.json
-
 [MAAT]
 ACCEPT_TAGS={"tags":[{"tag":"data_center","value":"{{ data_center }}"}]}

roles/firewall/templates/main.conf.j2

@@ -66,11 +66,16 @@ ENTRANCE_ID={{ tsg_master_entrance_id }}
 LOG_LEVEL={{ tsg_master_log_level }}
 LOG_PATH="./tsglog/tsg_master"
 POLICY_PRIORITY_LABEL="POLICY_PRIORITY"
+L7_PROTOCOL_FILE="./tsgconf/tsg_l7_protocol.conf"
 DEVICE_ID_COMMAND="hostname | awk -F'-' '{print $3}'| awk -F'adc' '{print $2}'"
 
 [TSG_CONN_SKETCH]
 log_service=2
-
+live_service=6
+transaction_service=7
+live_service_switch=1
+transaction_service_switch=1
+live_intervals_time = 30
 
 [HOS_CONF]
 hos_serverip="{{ firewall.hos_serverip }}"
@@ -82,14 +87,3 @@ hos_thread_sum={{ firewall.hos_thread_sum }}
 hos_cache_size={{ firewall.hos_cache_size }}
 hos_fs2_serverip="{{ firewall.hos_fs2_serverip }}"
 hos_fs2_serverport={{ firewall.hos_fs2_serverport }}
-
-[APP_SKETCH_LOCAL]
-LOG_LEVEL={{ firewall.APP_SKETCH_LOG_LEVEL }}
-LOG_PATH="{{ firewall.APP_SKETCH_LOG_PATH }}"
-L7_PROTOCOL_LABEL="{{ firewall.APP_SKETCH_L7_PROTOCOL_LABEL }}"
-
-[APP_SKETCH_FEEDBACK]
-QOS={{ firewall.APP_SKETCH_QOS }}
-PUBLISH_TOPIC="{{ firewall.APP_SKETCH_PUBLISH_TOPIC }}"
-#CLIENT_ID=
-BROKER_LIST="{{ firewall.APP_SKETCH_BROKER_LIST }}"

roles/firewall/templates/tsg_conn_sketch.inf.j2

@@ -25,11 +25,22 @@ FUNC_NAME=tsg_record_http_entry
 FUNC_FLAG=SSL_CLIENT_HELLO,SSL_SERVER_HELLO,SSL_APPLICATION_DATA,SSL_CERTIFICATE_DETAIL
 FUNC_NAME=tsg_record_ssl_entry
 
-#[DNS]
-#FUNC_FLAG=ALL
-#FUNC_NAME=tsg_record_dns_entry
+[DNS]
+FUNC_FLAG=ALL
+FUNC_NAME=tsg_record_dns_entry
 
 [MAIL]
 FUNC_FLAG=ALL
 FUNC_NAME=tsg_record_mail_entry
 
+[RTP]
+FUNC_FLAG=ALL
+FUNC_NAME=tsg_record_rtp_entry
+
+[SIP]
+FUNC_FLAG=ALL
+FUNC_NAME=tsg_record_sip_entry
+
+[FTP]
+FUNC_FLAG=ALL
+FUNC_NAME=tsg_record_ftp_entry

roles/framework/tasks/main.yml

@@ -12,10 +12,10 @@
     packages:
       - /tmp/ansible_deploy/libcjson-1.7.10.ab2896f-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/libdocumentanalyze-2.0.6.2d1abe0-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/libmaatframe-3.1.22.3.1.22.3.1.22.6b91622-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/libmaatframe-3.2.1.8bf48ba-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/libMESA_field_stat-1.0.2.6d45eed-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/libMESA_field_stat2-2.9.10.72ac4f1-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/libMESA_handle_logger-2.0.7.cb4ad71-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/libMESA_handle_logger-2.0.8.f76af2f-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/libMESA_htable-3.10.12.cf4ccfc-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/libMESA_prof_load-1.0.6.c6da36a-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/librdkafka-0.11.4-1.el7.x86_64.rpm
@@ -30,7 +30,7 @@
       - /tmp/ansible_deploy/libaws-checksums-1.0.6.8b09ac1-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/libaws-cpp-sdk-core-1.0.8.a3fe079-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/libaws-cpp-sdk-s3-2.0.0.f3c33ea-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/libhos-client-cpp-1.0.24.20e6f94-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/libhos-client-cpp-1.0.26.a8573f5-2.el7.x86_64.rpm
 
 - name: "mkdir /etc/ld.so.conf.d/"
   file:
@@ -44,3 +44,9 @@
 
 - name: "update ld"
   command: ldconfig
+
+- name: "copy maat_redis_tool to destination"
+  copy:
+    src: "{{ role_path }}/files/maat_redis_tool"
+    dest: /opt/MESA/bin/
+    mode: 0755

roles/http_healthcheck/tasks/main.yml

@@ -1,10 +0,0 @@
-- name: "copy http_healthcheck rpm to destination server"
-  copy:
-    src: "{{ role_path }}/files/"
-    dest: /tmp/ansible_deploy/
-
-- name: "install http_healthcheck from localhost"
-  yum:
-    name:
-      - /tmp/ansible_deploy/http_healthcheck-20.04-1.el7.x86_64.rpm
-    state: present

roles/kernel-ml/tasks/main.yml

@@ -20,26 +20,7 @@
   command: /usr/sbin/grub2-set-default 0
   when: t_kernel_ml.changed
 
-- name: "copy /etc/default/grub"
-  copy:
-    src: "{{ role_path }}/files/grub"
-    dest: "/etc/default"
-  when: 
-    - tsg_access_type == 4 or tsg_access_type == 5
-    - t_kernel_ml.changed
 
-- name: "BIOS:grub2-mkconfig"
-  shell: grub2-mkconfig -o /boot/grub2/grub.cfg
-  when:
-    - tsg_access_type == 4 or tsg_access_type == 5
-    - t_kernel_ml.changed
-
-- name: "UEFI:grub2-mkconfig"
-  shell: grub2-mkconfig  -o /boot/efi/EFI/centos/grub.cfg
-  when:
-    - tsg_access_type == 4 or tsg_access_type == 5
-    - t_kernel_ml.changed
-
-- name: "reboot"
-  reboot:
-  when: t_kernel_ml.changed
+#- name: "reboot"
+#  reboot:
+#  when: t_kernel_ml.changed

roles/kni/tasks/main.yml

@@ -1,24 +0,0 @@
----
-- name: "copy kni to destination server"
-  copy:
-    src: "{{ role_path }}/files/"
-    dest: /tmp/ansible_deploy/
-
-- name: "install kni rpms from localhost"
-  yum:
-    name:
-      - /tmp/ansible_deploy/kni-21.05.01.e7573e5-2.el7.x86_64.rpm
-    state: present
-#    skip_broken: yes
-
-- name: Template the kni.conf
-  template:
-    src: "{{ role_path }}/templates/kni.conf.j2"
-    dest: /home/mesasoft/sapp_run/etc/kni/kni.conf
-  tags: template
- 
-- name: "enable sapp"
-  systemd:
-    name: sapp
-    enabled: yes
-    daemon_reload: yes

roles/kni/templates/kni.conf.j2

@@ -1,144 +0,0 @@
-[global]
-log_path = ./log/kni/kni.log
-log_level = {{ kni_log_level }}
-tfe_node_count = {{ kni.global.tfe_node_count }}
-manage_eth = {{ nic_mgr.name }}
-{% if tsg_running_type == 0 %}
-deploy_mode = tun
-{% else %}
-deploy_mode = normal
-{% endif %}
-tun_name = tun_kni
-src_mac_addr = 00:0e:c6:d6:72:c1
-dst_mac_addr = fe:65:b7:03:50:bd
-{% if tsg_access_type == 4 or tsg_access_type == 5 %}
-[tfe0]
-enabled = 1
-dev_eth_symbol = {{ ATCA_data_incoming.vf1_name }}
-ip_addr = 192.168.100.1
-{% elif tsg_running_type == 2 %}
-[tfe0]
-enabled = {{ kni.tfe_nodes.tfe0_enabled }}
-dev_eth_symbol = {{ nic_to_tfe.tfe0.name }}
-ip_addr = 192.168.100.2
-
-[tfe1]
-enabled = {{ kni.tfe_nodes.tfe1_enabled }}
-dev_eth_symbol = {{ nic_to_tfe.tfe1.name }}
-ip_addr = 192.168.100.3
-
-[tfe2]
-enabled = {{ kni.tfe_nodes.tfe2_enabled }}
-dev_eth_symbol = {{ nic_to_tfe.tfe2.name }}
-ip_addr = 192.168.100.4
-{% endif %}
-
-[tfe_cmsg_receiver]
-listen_eth = {{ nic_inner_ctrl.name }}
-listen_port = 2475
-
-[watch_dog]
-switch = {{ kni.watch_dog.switch }}
-listen_eth = {{ nic_inner_ctrl.name }}
-listen_port = 2476
-keepalive_idle = 2
-keepalive_intvl = 1
-keepalive_cnt = 3
-
-[marsio]
-appsym = knifw
-
-[dup_traffic]
-switch = 0
-action = 2
-capacity = 10000000
-error_rate = 0.00001
-expiry_time = 60
-
-[traceid2pme_htable]
-mho_screen_print_ctrl = 0
-mho_thread_safe = 1
-mho_mutex_num = 160
-mho_hash_slot_size = 640000
-mho_hash_max_element_num = 2560000
-mho_expire_time = 30
-mho_eliminate_type = LRU
-
-#per thread
-[tuple2stream_htable]
-mho_screen_print_ctrl = 0
-mho_thread_safe = 0
-mho_mutex_num = 160
-mho_hash_slot_size = 80000
-mho_hash_max_element_num = 320000
-mho_expire_time = 0
-mho_eliminate_type = LRU
-
-[field_stat]
-remote_switch = 1
-remote_ip = 127.0.0.1
-remote_port = 58100
-local_path = ./fs2_kni.status
-stat_cycle = 1
-print_mode = 1
-# 1:FS_OUTPUT_STATSD; 2:FS_OUTPUT_INFLUX_LINE
-statsd_format = 2
-APP_NAME = fs2_kni
-
-#self test Shunt rules security policy id
-[tsg_diagnose]
-enabled = 1
-security_policy_id = 3,10
-
-
-[ssl_dynamic_bypass]
-enabled = 0
-
-#kni dynamic bypass
-[traceid2sslinfo_htable]
-mho_screen_print_ctrl = 0
-mho_thread_safe = 1
-mho_mutex_num = 160
-mho_hash_slot_size = 80000
-mho_hash_max_element_num = 320000
-mho_expire_time = 300
-mho_eliminate_type = FIFO
-
-[sslinfo2bypass_htable]
-mho_screen_print_ctrl = 0
-mho_thread_safe = 1
-mho_mutex_num = 160
-mho_hash_slot_size = 640000
-mho_hash_max_element_num = 2560000
-mho_expire_time = 300
-mho_eliminate_type = FIFO
-
-[proxy_tcp_option]
-enabled = 1
-maat_table_compile = PXY_TCP_OPTION_COMPILE
-maat_table_addr = PXY_TCP_OPTION_ADDR
-maat_table_fqdn = PXY_TCP_OPTION_SERVER_FQDN
-enable_override = 0
-client_tcp_maxseg_enable = 0
-client_tcp_maxseg = 1460
-client_tcp_nodelay =  1
-client_tcp_ttl = 70
-client_tcp_keepalive_enable = 1
-client_tcp_keepalive_keepcnt = 8
-client_tcp_keepalive_keepidle = 30
-client_tcp_keepalive_keepintvl = 15
-client_tcp_user_timeout = 600
-server_tcp_maxseg_enable = 0
-server_tcp_maxseg = 1460
-server_tcp_nodelay = 1
-server_tcp_ttl = 75
-server_tcp_keepalive_enable = 1
-server_tcp_keepalive_keepcnt = 8
-server_tcp_keepalive_keepidle = 30
-server_tcp_keepalive_keepintvl = 15
-server_tcp_user_timeout = 600
-bypass_duplicated_packet = 0
-tcp_passthrough = 0
-
-[share_session_attribute]
-SESSION_ATTRIBUTE_LABEL=TSG_MASTER_INTERNAL_LABEL

roles/maat-redis/files/maat-redis-exporter.service

@@ -1,11 +0,0 @@
-[Unit]
-Description=Redis Exporter for MAAT-REDIS
-After=network.target
-
-[Service]
-ExecStart=/usr/bin/redis_exporter -redis.addr=redis://localhost:7002 -redis-only-metrics
-Type=simple
-
-[Install]
-WantedBy=multi-user.target
-

roles/maat-redis/files/maat-redis.service

@@ -1,12 +0,0 @@
-[Unit]
-Description=Redis persistent key-value database
-After=network.target
-
-[Service]
-ExecStart=/usr/bin/redis-server /etc/maat-redis.conf --supervised systemd
-ExecStop=/usr/libexec/redis-shutdown maat-redis
-Type=notify
-
-[Install]
-WantedBy=multi-user.target
-

roles/maat-redis/tasks/main.yml

@@ -1,31 +0,0 @@
-- name: "copy maat-redis file to dest"
-  copy:
-    src: "{{ role_path }}/files/maat-redis.service"
-    dest: "/usr/lib/systemd/system"
-    mode: 0644
-
-- name: "copy maat-redis exporter file to dest"
-  copy:
-    src: "{{ role_path }}/files/maat-redis-exporter.service"
-    dest: "/usr/lib/systemd/system"
-    mode: 0644
-
-- name: "Template the maat-redis.conf"
-  template:
-    src: "{{ role_path }}/templates/maat-redis.conf.j2"
-    dest: /etc/maat-redis.conf
-  tags: template
-
-- name: "start maat-redis"
-  systemd:
-    name: maat-redis.service
-    state: started
-    daemon_reload: yes
-    enabled: yes
-
-- name: "start maat-redis exporter"
-  systemd:
-    name: maat-redis-exporter.service
-    state: started
-    daemon_reload: yes
-    enabled: yes

roles/mrzcpd/tasks/main.yml

@@ -6,7 +6,7 @@
 
 - name: "install mrzcpd"
   yum:
-    name: /tmp/ansible_deploy/mrzcpd-4.3.30.4627eb7-1.el7.x86_64.rpm
+    name: /tmp/ansible_deploy/mrzcpd-4.4.5.cebe25a-1.el7.x86_64.rpm
     state: present
 
 - name: "update sysconfig/mrzcpd"
@@ -18,132 +18,18 @@
   template:
     src: "{{ role_path }}/templates/traffic_mirror/mrglobal.conf.traffic_mirror.j2"
     dest: /opt/mrzcpd/etc/mrglobal.conf
-  when: nic_traffic_mirror is defined
-
-
-- name: "copy mrapp.sapp4.conf to destination server"
-  template:
-    src: "{{ role_path }}/templates/mrapp.sapp4.conf "
-    dest: /opt/mrzcpd/etc/mrapp.sapp4.conf 
-  when: 
-    - tsg_access_type == 4 or tsg_access_type == 5
-
-- name: "update mrglobal.conf.adc_inline"
-  template:
-    src: "{{ role_path }}/templates/adc_inline/mrglobal.conf.adc_inline.j2"
-    dest: /opt/mrzcpd/etc/mrglobal.conf
-  when: 
-    - nic_traffic_mirror is not defined
-    - tsg_access_type == 1
-    - tsg_running_type == 2
-
-- name: "update mrglobal.conf.server_inline"
-  template:
-    src: "{{ role_path }}/templates/server_inline/mrglobal.conf.server_inline.j2"
-    dest: /opt/mrzcpd/etc/mrglobal.conf
-  when: 
-    - nic_traffic_mirror is not defined
-    - tsg_access_type == 1
-    - tsg_running_type != 2
-
-- name: "update mrglobal.conf.allot - mcn0"
-  template:
-    src: "{{ role_path }}/templates/allot_access/mrglobal.conf.allot_access.j2"
-    dest: /opt/mrzcpd/etc/mrglobal.conf
-  when: 
-    - nic_traffic_mirror is not defined
-    - tsg_access_type == 2
-
-- name: "update mrglobal.conf.adc_tun_mode - mcn0"
-  template:
-    src: "{{ role_path }}/templates/adc_tun_mode/mrglobal.conf.adc_tun_mode.j2"
-    dest: /opt/mrzcpd/etc/mrglobal.conf
-  when: 
-    - nic_traffic_mirror is not defined
-    - tsg_access_type == 3
-
-
-- name: "update mrglobal.conf.ATCA_Vlan_Flipping"
-  template:
-    src: "{{ role_path }}/templates/ATCA_Vlan_Flipping/mrglobal.conf.ATCA_Vlan_Flipping.j2"
-    dest: /opt/mrzcpd/etc/mrglobal.conf
-  when: 
-    - nic_traffic_mirror is not defined
-    - tsg_access_type == 4
-
-- name: "update mrglobal.conf.ATCA_VXLAN"
-  template:
-    src: "{{ role_path }}/templates/ATCA_VXLAN/mrglobal.conf.ATCA_VXLAN.j2"
-    dest: /opt/mrzcpd/etc/mrglobal.conf
-  when:
-    - nic_traffic_mirror is not defined
-    - tsg_access_type == 5
-
-- name: "update mrtunnat.conf.adc_inline"
-  template:
-    src: "{{ role_path }}/templates/adc_inline/mrtunnat.conf.adc_inline.j2"
-    dest: /opt/mrzcpd/etc/mrtunnat.conf
-  when: 
-    - nic_traffic_mirror is not defined
-    - tsg_access_type == 1
-    - tsg_running_type == 2 
-
-- name: "update mrtunnat.conf.server_inline"
-  template:
-    src: "{{ role_path }}/templates/server_inline/mrtunnat.conf.server_inline.j2"
-    dest: /opt/mrzcpd/etc/mrtunnat.conf
-  when: 
-    - nic_traffic_mirror is not defined
-    - tsg_access_type == 1
-    - tsg_running_type != 2 
-
-- name: "update mrtunnat.conf.allot_access - mcn0"
-  template:
-    src: "{{ role_path }}/templates/allot_access/mrtunnat.conf.allot_access.j2"
-    dest: /opt/mrzcpd/etc/mrtunnat.conf
-  when: 
-    - nic_traffic_mirror is not defined
-    - tsg_access_type == 2
-
-- name: "update mrtunnat.conf.adc_tun_mode - mcn0"
-  template:
-    src: "{{ role_path }}/templates/adc_tun_mode/mrtunnat.conf.adc_tun_mode.j2"
-    dest: /opt/mrzcpd/etc/mrtunnat.conf
-  when: 
-    - nic_traffic_mirror is not defined
-    - tsg_access_type == 3
-
-- name: "update mrtunnat.conf.ATCA_Vlan_Flipping"
-  template:
-    src: "{{ role_path }}/templates/ATCA_Vlan_Flipping/mrtunnat.conf.ATCA_Vlan_Flipping.j2"
-    dest: /opt/mrzcpd/etc/mrtunnat.conf
-  when: 
-    - nic_traffic_mirror is not defined
-    - tsg_access_type == 4
-
-- name: "update mrtunnat.conf.ATCA_VXLAN"
-  template:
-    src: "{{ role_path }}/templates/ATCA_VXLAN/mrtunnat.conf.ATCA_VXLAN.j2"
-    dest: /opt/mrzcpd/etc/mrtunnat.conf
-  when:
-    - nic_traffic_mirror is not defined
-    - tsg_access_type == 5
 
 - name: "enable mrenv"
   systemd:
     name: mrenv
     enabled: yes
     daemon_reload: yes
-  when: 
-    - tsg_access_type != 0
 
 - name: "enable mrzcpd"
   systemd:
     name: mrzcpd
     enabled: yes
     daemon_reload: yes
-  when: 
-    - tsg_access_type != 0
 
 - name: "enable prometheus output - monit_device"
   systemd:
@@ -157,36 +43,8 @@
     enabled: yes
     daemon_reload: yes
 
-- name: "enable mrtunnat on master"
-  systemd:
-    name: mrtunnat
-    enabled: no
-    daemon_reload: yes
-  when: 
-    - nic_traffic_mirror is not defined
-    - tsg_access_type != 0
-
 - name: "disable mrtunnat on slave"
   systemd:
     name: mrtunnat
     enabled: no
     daemon_reload: yes
-  when: nic_traffic_mirror is defined
-
-- name: "mask mrzcpd on server_tun_mode"
-  systemd:
-    name: mrzcpd
-    enabled: no
-    masked: yes
-    daemon_reload: yes
-  when: 
-    - tsg_access_type == 0
-
-- name: "mask mrtunnat on server_tun_mode"
-  systemd:
-    name: mrtunnat
-    enabled: no
-    masked: yes
-    daemon_reload: yes
-  when: 
-    - tsg_access_type == 0

roles/mrzcpd/templates/ATCA_VXLAN/mrglobal.conf.ATCA_VXLAN.j2

@@ -1,57 +0,0 @@
-[device]
-device={{ATCA_data_incoming.vf0_name}},{{ ATCA_data_incoming.vf1_name }},vxlan_user,vxlan_fwd
-sz_tunnel=8192
-sz_buffer=32
-
-[device:{{ATCA_data_incoming.vf0_name}}]
-mtu=4096
-clear_tx_flags=1
-hw_strip_crc=1
-in_addr={{ ATCA_VXLAN.keepalive_ip }}
-in_mask={{ ATCA_VXLAN.keepalive_mask }}
-#rssmode=3
-
-[device:{{ ATCA_data_incoming.vf1_name }}]
-mtu=4096
-clear_tx_flags=1
-vlan-filter=1
-vlan-strip=1
-vlan-id-allow=4095
-vlan-pvid=0
-vlan-pvid-mode=2
-hw_strip_crc=1
-sz_tunnel=8192
-sz_buffer=0
-
-[service]
-# lcore id for i/o service, use comma to split
-iocore={{ mrzcpd.iocore }}
-distmode=1
-hashmode=0
-idle_threshold=10000
-
-[eal]
-virtaddr=0x7f40c4a00000
-loglevel=7
-
-[keepalive]
-check_spinlock=0
-
-[ctrlzone]
-ctrlzone0=tunnat,64
-
-[pool]
-create_mode=3
-sz_direct_pktmbuf=4194304
-sz_indirect_pktmbuf=8192
-sz_cache=256
-sz_data=4096
-
-[forward]
-nr_forward_rule=6
-forward_rule_0=pv,{{ATCA_data_incoming.vf0_name}},{{ATCA_data_incoming.vf0_name}}
-forward_rule_1=vp,{{ATCA_data_incoming.vf0_name}},{{ATCA_data_incoming.vf0_name}}
-forward_rule_2=vv,vxlan_fwd,vxlan_user
-forward_rule_3=vv,vxlan_user,vxlan_fwd
-forward_rule_4=pv,{{ ATCA_data_incoming.vf1_name }},{{ ATCA_data_incoming.vf1_name }}
-forward_rule_5=vp,{{ ATCA_data_incoming.vf1_name }},{{ ATCA_data_incoming.vf1_name }}

roles/mrzcpd/templates/ATCA_VXLAN/mrtunnat.conf.ATCA_VXLAN.j2

@@ -1,20 +0,0 @@
-[tunnat]
-lcore_id={{ mrtunnat.lcore_id }}
-appsym=tunnat
-phydev={{ATCA_data_incoming.vf0_name}}
-virtdev=vxlan_fwd
-nr_max_sessions=524280
-nr_slots=1048576
-expire_time=60
-reverse_tunnel=0
-use_recent_tunnel=0
-use_link_info_table=1
-use_tuple4_as_sskey=0
-ctrlzone_addr_info_type=2
-idle_threshold=10000
-
-[vlan_flipping]
-enable=0
-c_router_vlan_id_0=1000
-i_router_vlan_id_0=1001
-en_mac_flipping_0=0

roles/mrzcpd/templates/ATCA_Vlan_Flipping/mrglobal.conf.ATCA_Vlan_Flipping.j2

@@ -1,60 +0,0 @@
-[device]
-device={{ATCA_data_incoming.vf0_name}},{{ ATCA_data_incoming.vf1_name }},vxlan_user,vxlan_fwd
-sz_tunnel=8192
-sz_buffer=32
-
-[device:{{ATCA_data_incoming.vf0_name}}]
-mtu=4096
-clear_tx_flags=1
-vlan-filter=1
-vlan-strip=1
-vlan-id-allow={{ ATCA_VlanFlipping.vlanID_1 }},{{ ATCA_VlanFlipping.vlanID_2 }},{{ ATCA_VlanFlipping.vlanID_3 }},{{ ATCA_VlanFlipping.vlanID_4 }}
-vlan-pvid=0
-vlan-pvid-mode=2
-hw_strip_crc=1
-#rssmode=3
-
-[device:{{ ATCA_data_incoming.vf1_name }}]
-mtu=4096
-clear_tx_flags=1
-vlan-filter=1
-vlan-strip=1
-vlan-id-allow=4095
-vlan-pvid=0
-vlan-pvid-mode=2
-hw_strip_crc=1
-sz_tunnel=8192
-sz_buffer=0
-
-[service]
-# lcore id for i/o service, use comma to split
-iocore={{ mrzcpd.iocore }}
-distmode=1
-hashmode=0
-idle_threshold=10000
-
-[eal]
-virtaddr=0x7f40c4a00000
-loglevel=7
-
-[keepalive]
-check_spinlock=0
-
-[ctrlzone]
-ctrlzone0=tunnat,64
-
-[pool]
-create_mode=3
-sz_direct_pktmbuf=4194304
-sz_indirect_pktmbuf=8192
-sz_cache=256
-sz_data=4096
-
-[forward]
-nr_forward_rule=6
-forward_rule_0=pv,{{ATCA_data_incoming.vf0_name}},{{ATCA_data_incoming.vf0_name}}
-forward_rule_1=vp,{{ATCA_data_incoming.vf0_name}},{{ATCA_data_incoming.vf0_name}}
-forward_rule_2=vv,vxlan_fwd,vxlan_user
-forward_rule_3=vv,vxlan_user,vxlan_fwd
-forward_rule_4=pv,{{ ATCA_data_incoming.vf1_name }},{{ ATCA_data_incoming.vf1_name }}
-forward_rule_5=vp,{{ ATCA_data_incoming.vf1_name }},{{ ATCA_data_incoming.vf1_name }}

roles/mrzcpd/templates/ATCA_Vlan_Flipping/mrtunnat.conf.ATCA_Vlan_Flipping.j2

@@ -1,23 +0,0 @@
-[tunnat]
-lcore_id={{ mrtunnat.lcore_id }}
-appsym=tunnat
-phydev={{ATCA_data_incoming.vf0_name}}
-virtdev=vxlan_fwd
-nr_max_sessions=524280
-nr_slots=1048576
-expire_time=60
-reverse_tunnel=0
-use_recent_tunnel=0
-use_link_info_table=1
-use_tuple4_as_sskey=0
-ctrlzone_addr_info_type=2
-idle_threshold=10000
-
-[vlan_flipping]
-enable=1
-c_router_vlan_id_0={{ ATCA_VlanFlipping.vlanID_1 }}
-i_router_vlan_id_0={{ ATCA_VlanFlipping.vlanID_2 }}
-en_mac_flipping_0=0
-c_router_vlan_id_1={{ ATCA_VlanFlipping.vlanID_3 }}
-i_router_vlan_id_1={{ ATCA_VlanFlipping.vlanID_4 }}
-en_mac_flipping_1=0

roles/mrzcpd/templates/adc_inline/mrglobal.conf.adc_inline.j2

@@ -1,67 +0,0 @@
-[device]
-device={{nic_data_incoming.name}},{{nic_to_tfe.tfe0.name}},{{nic_to_tfe.tfe1.name}},{{nic_to_tfe.tfe2.name}},vxlan_user,vxlan_fwd
-sz_tunnel=8192
-sz_buffer=0
-
-[device:{{nic_data_incoming.name}}]
-in_addr={{inline_device_config.keepalive_ip}}
-in_mask={{inline_device_config.keepalive_mask}}
-jumbo_frame=1
-max_rx_pkt_len=15360
-clear_tx_flags=1
-vlan-filter=1
-vlan-id-allow=1000,1001,4000,4001
-
-[device:{{nic_to_tfe.tfe0.name}}]
-jumbo_frame=1
-max_rx_pkt_len=15360
-clear_tx_flags=1
-promisc=1
-
-[device:{{nic_to_tfe.tfe1.name}}]
-jumbo_frame=1
-max_rx_pkt_len=15360
-clear_tx_flags=1
-promisc=1
-
-[device:{{nic_to_tfe.tfe2.name}}]
-jumbo_frame=1
-max_rx_pkt_len=15360
-clear_tx_flags=1
-promisc=1
-
-[service]
-# lcore id for i/o service, use comma to split
-iocore={{ mcn0_mrzcpd.iocore }}
-distmode=2
-hashmode=0
-
-[eal]
-virtaddr=0x7f40c4a00000
-loglevel=7
-
-[keepalive]
-check_spinlock=0
-
-[ctrlzone]
-ctrlzone0=tunnat,64
-
-[pool]
-create_mode=3
-sz_direct_pktmbuf=4194304
-sz_indirect_pktmbuf=8192
-sz_cache=256
-sz_data=4096
-
-[forward]
-nr_forward_rule=10
-forward_rule_0=pv,{{nic_data_incoming.name}},{{nic_data_incoming.name}}
-forward_rule_1=vp,{{nic_data_incoming.name}},{{nic_data_incoming.name}}
-forward_rule_2=vv,vxlan_fwd,vxlan_user
-forward_rule_3=vv,vxlan_user,vxlan_fwd
-forward_rule_4=pv,{{nic_to_tfe.tfe0.name}},{{nic_to_tfe.tfe0.name}}
-forward_rule_5=vp,{{nic_to_tfe.tfe0.name}},{{nic_to_tfe.tfe0.name}}
-forward_rule_6=pv,{{nic_to_tfe.tfe1.name}},{{nic_to_tfe.tfe1.name}}
-forward_rule_7=vp,{{nic_to_tfe.tfe1.name}},{{nic_to_tfe.tfe1.name}}
-forward_rule_8=pv,{{nic_to_tfe.tfe2.name}},{{nic_to_tfe.tfe2.name}}
-forward_rule_9=vp,{{nic_to_tfe.tfe2.name}},{{nic_to_tfe.tfe2.name}}

roles/mrzcpd/templates/adc_inline/mrtunnat.conf.adc_inline.j2

@@ -1,21 +0,0 @@
-[tunnat]
-lcore_id={{ mrtunnat.lcore_id }}
-appsym=tunnat
-phydev={{nic_data_incoming.name}}
-virtdev=vxlan_fwd
-nr_max_sessions=524280
-nr_slots=1048576
-expire_time=60
-reverse_tunnel=0
-use_recent_tunnel=0
-use_tuple4_as_sskey=1
-ctrlzone_addr_info_type=2
-
-[vlan_flipping]
-enable=1
-c_router_vlan_id_0=1000
-i_router_vlan_id_0=1001
-en_mac_flipping_0=0
-c_router_vlan_id_1=4000
-i_router_vlan_id_1=4001
-en_mac_flipping_1=0

roles/mrzcpd/templates/adc_tun_mode/mrglobal.conf.adc_tun_mode.j2

@@ -1,68 +0,0 @@
-[device]
-device={{nic_data_incoming.name}},{{nic_to_tfe.tfe0.name}},{{nic_to_tfe.tfe1.name}},{{nic_to_tfe.tfe2.name}},vxlan_user,vxlan_fwd
-sz_tunnel=8192
-sz_buffer=0
-
-[device:{{nic_data_incoming.name}}]
-jumbo_frame=1
-max_rx_pkt_len=15360
-clear_tx_flags=1
-vlan-filter=1
-vlan-id-allow=1000,1001,2000,2001,4000,4001
-vlan-pvid=0
-vlan-pvid-mode=2
-promisc=1
-
-[device:{{nic_to_tfe.tfe0.name}}]
-jumbo_frame=1
-max_rx_pkt_len=15360
-clear_tx_flags=1
-promisc=1
-
-[device:{{nic_to_tfe.tfe1.name}}]
-jumbo_frame=1
-max_rx_pkt_len=15360
-clear_tx_flags=1
-promisc=1
-
-[device:{{nic_to_tfe.tfe2.name}}]
-jumbo_frame=1
-max_rx_pkt_len=15360
-clear_tx_flags=1
-promisc=1
-
-[service]
-# lcore id for i/o service, use comma to split
-iocore={{ mrzcpd.iocore }}
-distmode=2
-hashmode=0
-
-[eal]
-virtaddr=0x7f40c4a00000
-loglevel=7
-
-[keepalive]
-check_spinlock=0
-
-[ctrlzone]
-ctrlzone0=tunnat,64
-
-[pool]
-create_mode=3
-sz_direct_pktmbuf=4194304
-sz_indirect_pktmbuf=8192
-sz_cache=256
-sz_data=4096
-
-[forward]
-nr_forward_rule=10
-forward_rule_0=pv,{{nic_data_incoming.name}},{{nic_data_incoming.name}}
-forward_rule_1=vp,{{nic_data_incoming.name}},{{nic_data_incoming.name}}
-forward_rule_2=vv,vxlan_fwd,vxlan_user
-forward_rule_3=vv,vxlan_user,vxlan_fwd
-forward_rule_4=pv,{{nic_to_tfe.tfe0.name}},{{nic_to_tfe.tfe0.name}}
-forward_rule_5=vp,{{nic_to_tfe.tfe0.name}},{{nic_to_tfe.tfe0.name}}
-forward_rule_6=pv,{{nic_to_tfe.tfe1.name}},{{nic_to_tfe.tfe1.name}}
-forward_rule_7=vp,{{nic_to_tfe.tfe1.name}},{{nic_to_tfe.tfe1.name}}
-forward_rule_8=pv,{{nic_to_tfe.tfe2.name}},{{nic_to_tfe.tfe2.name}}
-forward_rule_9=vp,{{nic_to_tfe.tfe2.name}},{{nic_to_tfe.tfe2.name}}

roles/mrzcpd/templates/adc_tun_mode/mrtunnat.conf.adc_tun_mode.j2

@@ -1,24 +0,0 @@
-[tunnat]
-lcore_id={{ mrtunnat.lcore_id }}
-appsym=tunnat
-phydev={{nic_data_incoming.name}}
-virtdev=vxlan_fwd
-nr_max_sessions=524280
-nr_slots=1048576
-expire_time=60
-reverse_tunnel=0
-use_recent_tunnel=0
-use_tuple4_as_sskey=1
-ctrlzone_addr_info_type=2
-
-[vlan_flipping]
-enable=1
-c_router_vlan_id_0=1000
-i_router_vlan_id_0=1001
-en_mac_flipping_0=0
-c_router_vlan_id_1=2000
-i_router_vlan_id_1=2001
-en_mac_flipping_1=0
-c_router_vlan_id_2=4000
-i_router_vlan_id_2=4001
-en_mac_flipping_2=0

roles/mrzcpd/templates/allot_access/mrglobal.conf.allot_access.j2

@@ -1,69 +0,0 @@
-[device]
-device=ens1f4,ens1f5,ens1f6,ens1f7,vxlan_user,vxlan_fwd
-sz_tunnel=8192
-sz_buffer=0
-
-[device:ens1f4]
-jumbo_frame=1
-max_rx_pkt_len=15360
-clear_tx_flags=1
-vlan-filter=1
-vlan-id-allow={{ AllotAccess.virturlID_1 }},{{ AllotAccess.virturlID_2 }},{{ AllotAccess.virturlID_3 }},{{ AllotAccess.virturlID_4 }},4000,4001
-vlan-pvid=0
-vlan-pvid-mode=2
-promisc=1
-
-[device:ens1f5]
-jumbo_frame=1
-max_rx_pkt_len=15360
-clear_tx_flags=1
-promisc=1
-
-[device:ens1f6]
-jumbo_frame=1
-max_rx_pkt_len=15360
-clear_tx_flags=1
-promisc=1
-
-[device:ens1f7]
-jumbo_frame=1
-max_rx_pkt_len=15360
-clear_tx_flags=1
-promisc=1
-
-[service]
-# lcore id for i/o service, use comma to split
-iocore={{ mcn0_mrzcpd.iocore }}
-distmode=2
-hashmode=0
-
-[eal]
-virtaddr=0x7f40c4a00000
-loglevel=7
-
-[keepalive]
-check_spinlock=0
-
-[ctrlzone]
-ctrlzone0=tunnat,64
-
-[pool]
-create_mode=3
-sz_direct_pktmbuf=4194304
-sz_indirect_pktmbuf=8192
-sz_cache=256
-sz_data=4096
-
-[forward]
-nr_forward_rule=10
-forward_rule_0=pv,ens1f4,ens1f4
-forward_rule_1=vp,ens1f4,ens1f4
-forward_rule_2=vv,vxlan_fwd,vxlan_user
-forward_rule_3=vv,vxlan_user,vxlan_fwd
-forward_rule_4=pv,ens1f5,ens1f5
-forward_rule_5=vp,ens1f5,ens1f5
-forward_rule_6=pv,ens1f6,ens1f6
-forward_rule_7=vp,ens1f6,ens1f6
-forward_rule_8=pv,ens1f7,ens1f7
-forward_rule_9=vp,ens1f7,ens1f7
-

roles/mrzcpd/templates/allot_access/mrtunnat.conf.allot_access.j2

@@ -1,25 +0,0 @@
-[tunnat]
-lcore_id={{ mrtunnat.lcore_id }}
-appsym=tunnat
-phydev=ens1f4
-virtdev=vxlan_fwd
-nr_max_sessions=524280
-nr_slots=1048576
-expire_time=60
-reverse_tunnel=0
-use_recent_tunnel=0
-use_tuple4_as_sskey=1
-ctrlzone_addr_info_type=2
-
-[vlan_flipping]
-enable=1
-c_router_vlan_id_0={{ AllotAccess.virturlID_1 }}
-i_router_vlan_id_0={{ AllotAccess.virturlID_2 }}
-en_mac_flipping_0=1
-c_router_vlan_id_1={{ AllotAccess.virturlID_3 }}
-i_router_vlan_id_1={{ AllotAccess.virturlID_4 }}
-en_mac_flipping_1=1
-c_router_vlan_id_2=4000
-i_router_vlan_id_2=4001
-en_mac_flipping_2=0
-

roles/mrzcpd/templates/mrapp.sapp4.conf

@@ -1,2 +0,0 @@
-[bpfdump:vxlan_user]
-enable=1

roles/mrzcpd/templates/server_inline/mrglobal.conf.server_inline.j2

@@ -1,47 +0,0 @@
-[device]
-device={{inline_device_config.data_incoming}},vxlan_user,vxlan_fwd
-sz_tunnel=8192
-sz_buffer=0
-
-[device:{{inline_device_config.data_incoming}}]
-in_addr={{inline_device_config.keepalive_ip}}
-in_mask={{inline_device_config.keepalive_mask}}
-jumbo_frame=1
-max_rx_pkt_len=15360
-clear_tx_flags=1
-
-#[device:]
-#jumbo_frame=1
-#max_rx_pkt_len=15360
-#clear_tx_flags=1
-#promisc=1
-
-[service]
-# lcore id for i/o service, use comma to split
-iocore={{ mrzcpd.iocore }}
-distmode=2
-hashmode=0
-
-[eal]
-virtaddr=0x7f40c4a00000
-loglevel=7
-
-[keepalive]
-check_spinlock=0
-
-[ctrlzone]
-ctrlzone0=tunnat,64
-
-[pool]
-create_mode=3
-sz_direct_pktmbuf=4194304
-sz_indirect_pktmbuf=8192
-sz_cache=256
-sz_data=4096
-
-[forward]
-nr_forward_rule=4
-forward_rule_0=pv,{{inline_device_config.data_incoming}},{{inline_device_config.data_incoming}}
-forward_rule_1=vp,{{inline_device_config.data_incoming}},{{inline_device_config.data_incoming}}
-forward_rule_2=vv,vxlan_fwd,vxlan_user
-forward_rule_3=vv,vxlan_user,vxlan_fwd

roles/mrzcpd/templates/server_inline/mrtunnat.conf.server_inline.j2

@@ -1,18 +0,0 @@
-[tunnat]
-lcore_id={{ mrtunnat.lcore_id }}
-appsym=tunnat
-phydev={{inline_device_config.data_incoming}}
-virtdev=vxlan_fwd
-nr_max_sessions=524280
-nr_slots=1048576
-expire_time=60
-reverse_tunnel=0
-use_recent_tunnel=0
-use_tuple4_as_sskey=1
-ctrlzone_addr_info_type=2
-
-[vlan_flipping]
-enable=0
-c_router_vlan_id_0=1000
-i_router_vlan_id_0=1001
-en_mac_flipping_0=0

roles/mrzcpd/templates/traffic_mirror/mrglobal.conf.traffic_mirror.j2

@@ -1,23 +1,30 @@
 [device]
-device={{nic_traffic_mirror.name}}
+device={{ data_incoming_nic_list | join(",") }},vxlan_user,vxlan_fwd
 sz_tunnel=8192
 sz_buffer=0
 
-[device:{{nic_traffic_mirror.name}}]
-jumbo_frame=1
-max_rx_pkt_len=15360
+{% for nic_name in data_incomint_nic_list %}
+[device:{{  nic_name  }}]
+mtu=4096
 clear_tx_flags=1
-promisc=1
+
+{% endfor %}
 
 [service]
-iocore={{ mcn123_mrzcpd.iocore }}
+# lcore id for i/o service, use comma to split
+iocore={{ mrzcpd.iocore }}
+distmode=2
+hashmode=0
 
 [eal]
-virtaddr=0x7d0000000000
+virtaddr=0x7f40c4a00000
 loglevel=7
 
 [keepalive]
-check_spinlock=1
+check_spinlock=0
+
+[ctrlzone]
+ctrlzone0=tunnat,64
 
 [pool]
 create_mode=3

roles/packet_dump/files/packet_dump.service

@@ -1,19 +0,0 @@
-[Unit]
-Description=packet dump service
-After=After=network.target
-
-[Service]
-Type=fork
-WorkingDirectory=/home/mesasoft/packet_dump
-ExecStart=/home/mesasoft/packet_dump/packet_dump
-TimeoutSec=60s
-RestartSec=10s
-Restart=always
-LimitNOFILE=524288
-LimitNPROC=infinity
-LimitCORE=infinity
-TasksMax=infinity
-Delegate=yes
-
-[Install]
-WantedBy=multi-user.target