diff --git a/.DS_Store b/.DS_Store deleted file mode 100644 index f27c20a..0000000 Binary files a/.DS_Store and /dev/null differ diff --git a/install_config/group_vars/all.yml b/install_config/group_vars/all.yml index 295a37d..442e8be 100644 --- a/install_config/group_vars/all.yml +++ b/install_config/group_vars/all.yml @@ -1,9 +1,9 @@ ######################################### #####0: Pcap; 1: Inline_device; 2: Allot; 3: ADC_Tun_mode; 4: ATCA; -tsg_access_type: 0 +tsg_access_type: 4 -#####0: Tun_mode; 1: ADC; -tsg_running_type: 0 +#####0: Tun_mode; 1: normal; 2: ADC; +tsg_running_type: 1 ######################################## maat_redis_server: @@ -21,7 +21,7 @@ cert_store_server: port: 9991 log_kafkabrokers: - address: "192.168.40.169:9092" + address: "1.1.1.1:9092,2.2.2.2:9092" log_minio: address: "192.168.40.168;" @@ -35,7 +35,9 @@ fs_remote: ######################################## sapp: worker_threads: 16 + send_only_threads_max: 8 bind_mask: 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16 + inbound_route_dir: 1 ######################################## kni: @@ -49,12 +51,9 @@ kni: send_logger: switch: 1 tfe_nodes: - - tfe0: - enabled: 1 - - tfe1: - enabled: 1 - - tfe2: - enabled: 1 + tfe0_enabled: 1 + tfe1_enabled: 1 + tfe2_enabled: 1 ######################################## tfe: @@ -72,7 +71,7 @@ mrtunnat: lcore_id: 38 nic_data_incoming: - name: enp1s0 + ethname: enp1s0 vf0_name: enp1s2 vf1_name: enp1s2f1 vf2_name: enp1s2f2 @@ -80,8 +79,10 @@ nic_data_incoming: VlanFlipping: vlanID_1: 100 vlanID_2: 101 + vlanID_3: 103 + vlanID_4: 104 ######################################## -tsg_tun_mode: +server: ethname: eth0 tun_name: eth0.100 internal_interface: "eth2" diff --git a/roles/.DS_Store b/roles/.DS_Store deleted file mode 100644 index b3d2c07..0000000 Binary files a/roles/.DS_Store and /dev/null differ diff --git a/roles/clotho/templates/clotho.conf.j2 b/roles/clotho/templates/clotho.conf.j2 index 399d0a3..3644367 100644 --- a/roles/clotho/templates/clotho.conf.j2 +++ b/roles/clotho/templates/clotho.conf.j2 @@ -2,8 +2,8 @@ BROKER_LIST={{ log_kafkabrokers.address }} [SYSTEM] -{% if tsg_running_type == 0 %} -NIC_NAME={{ tsg_tun_mode.ethname }} +{% if tsg_running_type == 0 or 1 %} +NIC_NAME={{ server.ethname }} {% else %} NIC_NAME={{ nic_mgr.name }} {% endif %} diff --git a/roles/firewall/tasks/main.yml b/roles/firewall/tasks/main.yml index 6668dab..a6c4c00 100644 --- a/roles/firewall/tasks/main.yml +++ b/roles/firewall/tasks/main.yml @@ -8,6 +8,7 @@ yum: name: "{{ fw_packages }}" state: present + skip_broken: yes vars: fw_packages: - /tmp/ansible_deploy/dns-2.0.2.5effe72-2.el7.x86_64.rpm diff --git a/roles/firewall/templates/capture_packet_plug.conf.j2 b/roles/firewall/templates/capture_packet_plug.conf.j2 index 9cd6d10..6da4c3c 100644 --- a/roles/firewall/templates/capture_packet_plug.conf.j2 +++ b/roles/firewall/templates/capture_packet_plug.conf.j2 @@ -15,8 +15,8 @@ INC_CFG_DIR=capture_packet_rule/inc/index/ FULL_CFG_DIR=capture_packet_rule/full/index/ [LOG] -{% if tsg_running_type == 0 %} -NIC_NAME={{ tsg_tun_mode.ethname }} +{% if tsg_running_type == 0 or 1 %} +NIC_NAME={{ server.ethname }} {% else %} NIC_NAME={{ nic_mgr.name }} {% endif %} diff --git a/roles/firewall/templates/main.conf.j2 b/roles/firewall/templates/main.conf.j2 index 9077021..9cbaec8 100644 --- a/roles/firewall/templates/main.conf.j2 +++ b/roles/firewall/templates/main.conf.j2 @@ -24,8 +24,8 @@ IP_ADDR_TABLE=TSG_SECURITY_ADDR [TSG_LOG] MODE=1 -{% if tsg_running_type == 0 %} -NIC_NAME={{ tsg_tun_mode.ethname }} +{% if tsg_running_type == 0 or 1 %} +NIC_NAME={{ server.ethname }} {% else %} NIC_NAME={{ nic_mgr.name }} {% endif %} diff --git a/roles/framework/.DS_Store b/roles/framework/.DS_Store deleted file mode 100644 index 0070367..0000000 Binary files a/roles/framework/.DS_Store and /dev/null differ diff --git a/roles/framework/tasks/main.yml b/roles/framework/tasks/main.yml index f1ac7f8..ed8fb4b 100644 --- a/roles/framework/tasks/main.yml +++ b/roles/framework/tasks/main.yml @@ -4,11 +4,10 @@ dest: "/tmp/ansible_deploy/" - name: "install framework packages" -# yum: -# name: "{{ packages }}" -# state: present -# skip_broken: yes - shell: "rpm -ivh /tmp/ansible_deploy/{{ packages }}" + yum: + name: "{{ packages }}" + state: present + skip_broken: yes vars: packages: - /tmp/ansible_deploy/libMESA_field_stat-1.0.1.852c2df-1.el7.x86_64.rpm diff --git a/roles/kni/templates/kni.conf.j2 b/roles/kni/templates/kni.conf.j2 index a48cfc9..0c84c50 100644 --- a/roles/kni/templates/kni.conf.j2 +++ b/roles/kni/templates/kni.conf.j2 @@ -2,8 +2,8 @@ log_path = ./log/kni/kni.log log_level = {{ kni.global.log_level }} tfe_node_count = {{ kni.global.tfe_node_count }} -{% if tsg_running_type == 0 %} -manage_eth = {{ tsg_tun_mode.ethname }} +{% if tsg_running_type == 0 or 1 %} +manage_eth = {{ server.ethname }} {% else %} manage_eth = {{ nic_mgr.name }} {% endif %} @@ -20,26 +20,26 @@ dst_mac_addr = fe:65:b7:03:50:bd enabled = 1 dev_eth_symbol = {{ nic_data_incoming.vf1_name }} ip_addr = 192.168.100.1 -{% elif tsg_running_type == 1 %} +{% elif tsg_running_type == 2 %} [tfe0] -enabled = 1 +enabled = {{ kni.tfe_nodes.tfe0_enabled }} dev_eth_symbol = {{ nic_to_tfe.tfe0.name }} ip_addr = 192.168.100.2 [tfe1] -enabled = 1 +enabled = {{ kni.tfe_nodes.tfe1_enabled }} dev_eth_symbol = {{ nic_to_tfe.tfe1.name }} ip_addr = 192.168.100.3 [tfe2] -enabled = 1 +enabled = {{ kni.tfe_nodes.tfe2_enabled }} dev_eth_symbol = {{ nic_to_tfe.tfe2.name }} ip_addr = 192.168.100.4 {% endif %} [tfe_cmsg_receiver] -{% if tsg_running_type == 0 %} -listen_eth = {{ tsg_tun_mode.tun_name }} +{% if tsg_running_type == 0 or 1%} +listen_eth = {{ server.tun_name }} {% else %} listen_eth = {{ nic_inner_ctrl.name }} {% endif %} @@ -47,8 +47,8 @@ listen_port = 2475 [watch_dog] switch = {{ kni.watch_dog.switch }} -{% if tsg_running_type == 0 %} -listen_eth = {{ tsg_tun_mode.tun_name }} +{% if tsg_running_type == 0 or 1 %} +listen_eth = {{ server.tun_name }} {% else %} listen_eth = {{ nic_inner_ctrl.name }} {% endif %} diff --git a/roles/mrzcpd/.DS_Store b/roles/mrzcpd/.DS_Store deleted file mode 100644 index 9c4f059..0000000 Binary files a/roles/mrzcpd/.DS_Store and /dev/null differ diff --git a/roles/mrzcpd/templates/mrglobal.conf.ATCA_40G.j2 b/roles/mrzcpd/templates/mrglobal.conf.ATCA_40G.j2 index 995aead..c5f5b4e 100644 --- a/roles/mrzcpd/templates/mrglobal.conf.ATCA_40G.j2 +++ b/roles/mrzcpd/templates/mrglobal.conf.ATCA_40G.j2 @@ -8,7 +8,7 @@ mtu=4096 clear_tx_flags=1 vlan-filter=1 vlan-strip=1 -vlan-id-allow={{ VlanFlipping.vlanID_1 }},{{ VlanFlipping.vlanID_2 }} +vlan-id-allow={{ VlanFlipping.vlanID_1 }},{{ VlanFlipping.vlanID_2 }},{{ VlanFlipping.vlanID_3 }},{{ VlanFlipping.vlanID_4 }} vlan-pvid=0 vlan-pvid-mode=2 hw_strip_crc=1 diff --git a/roles/mrzcpd/templates/mrtunnat.conf.ATCA_40G.j2 b/roles/mrzcpd/templates/mrtunnat.conf.ATCA_40G.j2 index 220eb46..c2f658c 100644 --- a/roles/mrzcpd/templates/mrtunnat.conf.ATCA_40G.j2 +++ b/roles/mrzcpd/templates/mrtunnat.conf.ATCA_40G.j2 @@ -8,6 +8,7 @@ nr_slots=1048576 expire_time=60 reverse_tunnel=0 use_recent_tunnel=0 +use_link_info_table=1 use_tuple4_as_sskey=0 ctrlzone_addr_info_type=2 @@ -16,4 +17,7 @@ enable=1 c_router_vlan_id_0={{ VlanFlipping.vlanID_1 }} i_router_vlan_id_0={{ VlanFlipping.vlanID_2 }} en_mac_flipping_0=0 - +en_mac_flipping_0=0 +c_router_vlan_id_1={{ VlanFlipping.vlanID_3 }} +i_router_vlan_id_1={{ VlanFlipping.vlanID_4 }} +en_mac_flipping_1=0 diff --git a/roles/proxy_status/.DS_Store b/roles/proxy_status/.DS_Store deleted file mode 100644 index 5008ddf..0000000 Binary files a/roles/proxy_status/.DS_Store and /dev/null differ diff --git a/roles/proxy_status/tasks/main.yml b/roles/proxy_status/tasks/main.yml index 0b6fe9f..8403fa9 100644 --- a/roles/proxy_status/tasks/main.yml +++ b/roles/proxy_status/tasks/main.yml @@ -6,10 +6,7 @@ - name: "copy files" copy: - src: - - "{{ role_path }}/files/proxy_start" - - "{{ role_path }}/files/proxy_status" - - "{{ role_path }}/files/proxy_stop" + src: "{{ role_path }}/files/" dest: /opt/proxy_status mode: 0755 diff --git a/roles/sapp/.DS_Store b/roles/sapp/.DS_Store deleted file mode 100644 index 9c4f059..0000000 Binary files a/roles/sapp/.DS_Store and /dev/null differ diff --git a/roles/sapp/templates/sapp.toml.j2 b/roles/sapp/templates/sapp.toml.j2 index d8c18e4..f7febdf 100644 --- a/roles/sapp/templates/sapp.toml.j2 +++ b/roles/sapp/templates/sapp.toml.j2 @@ -14,6 +14,9 @@ worker_threads=1 {% else %} worker_threads={{ sapp.worker_threads }} {% endif %} +{% if tsg_access_type == 4 %} +send_only_threads_max={{ sapp.send_only_threads_max }} +{% endif %} ### note, bind_mask, if you do not want to bind thread to special CPU core, keep it empty as [] {% if tsg_access_type == 0 %} bind_mask=[] @@ -22,6 +25,13 @@ bind_mask=[{{ sapp.bind_mask }}] {% endif %} [PACKET_IO] +{% if tsg_access_type == 4 %} +### note, used to represent inbound or outbound direction value, +##### because it comes from other device, so it needs to be specified manually, +##### if inbound_route_dir=1, then outbound_route_dir=0, vice versa, +##### in other words, outbound_route_dir = 1 ^ inbound_route_dir; +inbound_route_dir={{ sapp.inbound_route_dir }} +{% endif %} ### note, BSD_packet_filter, if you do not want to set any filter rule, keep it empty as "" BSD_packet_filter="" @@ -37,7 +47,7 @@ BSD_packet_filter="" [packet_io.internal.interface] {% if tsg_access_type == 0 %} type=pcap - name={{tsg_tun_mode.internal_interface}} + name={{server.internal_interface}} {% else %} type=marsio name=vxlan_user @@ -46,7 +56,7 @@ BSD_packet_filter="" [packet_io.external.interface] {% if tsg_access_type == 0 %} type=pcap - name={{tsg_tun_mode.external_interface}} + name={{server.external_interface}} {% else %} type=pcap name=lo diff --git a/roles/telegraf_statistic/templates/telegraf_statistic.conf.j2 b/roles/telegraf_statistic/templates/telegraf_statistic.conf.j2 index c89150b..6585bf2 100755 --- a/roles/telegraf_statistic/templates/telegraf_statistic.conf.j2 +++ b/roles/telegraf_statistic/templates/telegraf_statistic.conf.j2 @@ -17,7 +17,7 @@ files = ["stdout", "/tmp/metrics.out"] data_format = "json" [[outputs.kafka]] - brokers = ["{{ log_kafkabrokers.address }}"] + brokers = ["192.168.40.186:9092"] topic = "TRAFFIC-METRICS-LOG" data_format = "json" [[outputs.prometheus_client]] diff --git a/roles/tfe/templates/pangu_pxy.conf.j2 b/roles/tfe/templates/pangu_pxy.conf.j2 index 1e442f9..8790677 100644 --- a/roles/tfe/templates/pangu_pxy.conf.j2 +++ b/roles/tfe/templates/pangu_pxy.conf.j2 @@ -2,8 +2,8 @@ log_level=30 [log] -{% if tsg_running_type == 0 %} -nic_name={{ tsg_tun_mode.ethname }} +{% if tsg_running_type == 0 or 1 %} +nic_name={{ server.ethname }} {% else %} nic_name={{ nic_mgr.name }} {% endif %} diff --git a/roles/tfe/templates/tfe-env-config.j2 b/roles/tfe/templates/tfe-env-config.j2 index 9712e35..172ef12 100644 --- a/roles/tfe/templates/tfe-env-config.j2 +++ b/roles/tfe/templates/tfe-env-config.j2 @@ -14,7 +14,7 @@ TFE_PEER_MAC_DATA_INCOMING=aa:bb:cc:dd:ee:ff TFE_LOCAL_IP_DATA_INCOMING=172.16.241.2 TFE_PEER_IP_DATA_INCOMING=172.16.241.1 -{% if tsg_running_type == 0 %} -TFE_WATCHDOG_DEVICE={{ tsg_tun_mode.tun_name }} +{% if tsg_running_type == 0 or 1 %} +TFE_WATCHDOG_DEVICE={{ server.tun_name }} TFE_WATCHDOG_IP=192.168.100.1 {% endif %} diff --git a/roles/tfe/templates/tfe.conf.j2 b/roles/tfe/templates/tfe.conf.j2 index a6bb455..02beb08 100644 --- a/roles/tfe/templates/tfe.conf.j2 +++ b/roles/tfe/templates/tfe.conf.j2 @@ -31,8 +31,8 @@ service_cache_expire_seconds=600 # default 0 mc_cache_enable=1 # default eth0 -{% if tsg_running_type == 0 %} -mc_cache_eth={{ tsg_tun_mode.tun_name }} +{% if tsg_running_type == 0 or 1 %} +mc_cache_eth={{ server.tun_name }} {% else %} mc_cache_eth={{ nic_inner_ctrl.name }} {% endif %} @@ -56,7 +56,7 @@ enable_health_check=0 passthrough_all_tcp=0 [traffic_mirror] -{% if tsg_running_type == 0 %} +{% if tsg_running_type == 0 or 1 %} device=lo {% else %} device={{ nic_traffic_mirror.name }} diff --git a/roles/tsg-env-tun-mode/templates/setup.j2 b/roles/tsg-env-tun-mode/templates/setup.j2 index d0e6b63..f5aa26f 100644 --- a/roles/tsg-env-tun-mode/templates/setup.j2 +++ b/roles/tsg-env-tun-mode/templates/setup.j2 @@ -1,25 +1,25 @@ #!/bin/bash modprobe 8021q -vconfig add {{ tsg_tun_mode.ethname }} 100 -vconfig set_flag {{ tsg_tun_mode.ethname }}.100 1 1 -ifconfig {{ tsg_tun_mode.ethname }}.100 192.168.100.1 netmask 255.255.255.0 up +vconfig add {{ server.ethname }} 100 +vconfig set_flag {{ server.ethname }}.100 1 1 +ifconfig {{ server.ethname }}.100 192.168.100.1 netmask 255.255.255.0 up {% if tsg_access_type == 0 %} -ethtool -K {{ tsg_tun_mode.internal_interface }} tso off -ethtool -K {{ tsg_tun_mode.internal_interface }} gso off -ethtool -K {{ tsg_tun_mode.internal_interface }} gro off -ethtool -K {{ tsg_tun_mode.external_interface }} tso off -ethtool -K {{ tsg_tun_mode.external_interface }} gso off -ethtool -K {{ tsg_tun_mode.external_interface }} gro off +ethtool -K {{ server.internal_interface }} tso off +ethtool -K {{ server.internal_interface }} gso off +ethtool -K {{ server.internal_interface }} gro off +ethtool -K {{ server.external_interface }} tso off +ethtool -K {{ server.external_interface }} gso off +ethtool -K {{ server.external_interface }} gro off {% elif tsg_access_type == 4 %} -echo 3 > /sys/class/net/{{ nic_data_incoming.name }}/device/sriov_numvfs -ip link set {{ nic_data_incoming.name }} vf 1 vlan 4095 -ip link set {{ nic_data_incoming.name }} vf 2 vlan 4095 -ip link set {{ nic_data_incoming.name }} vf 0 trust on -ip link set {{ nic_data_incoming.name }} vf 1 trust on -ip link set {{ nic_data_incoming.name }} vf 2 trust on -ip link set {{ nic_data_incoming.name }} vf 1 mac 00:0e:c6:d6:72:c1 -ip link set {{ nic_data_incoming.name }} vf 2 mac fe:65:b7:03:50:bd -ip link set {{ nic_data_incoming.name }} vf 0 spoofchk off +echo 3 > /sys/class/net/{{ nic_data_incoming.ethname }}/device/sriov_numvfs +ip link set {{ nic_data_incoming.ethname }} vf 1 vlan 4095 +ip link set {{ nic_data_incoming.ethname }} vf 2 vlan 4095 +ip link set {{ nic_data_incoming.ethname }} vf 0 trust on +ip link set {{ nic_data_incoming.ethname }} vf 1 trust on +ip link set {{ nic_data_incoming.ethname }} vf 2 trust on +ip link set {{ nic_data_incoming.ethname }} vf 1 mac 00:0e:c6:d6:72:c1 +ip link set {{ nic_data_incoming.ethname }} vf 2 mac fe:65:b7:03:50:bd +ip link set {{ nic_data_incoming.ethname }} vf 0 spoofchk off ip link set {{ nic_data_incoming.vf0_name }} up ip link set {{ nic_data_incoming.vf1_name }} up ip link set {{ nic_data_incoming.vf2_name }} up diff --git a/roles/tsg-env-tun-mode/templates/tsg-env_stop.j2 b/roles/tsg-env-tun-mode/templates/tsg-env_stop.j2 index 7393749..8d7a9ce 100644 --- a/roles/tsg-env-tun-mode/templates/tsg-env_stop.j2 +++ b/roles/tsg-env-tun-mode/templates/tsg-env_stop.j2 @@ -1,8 +1,8 @@ #!/bin/bash # -echo 0 >/sys/class/net/{{ tsg_tun_mode.ethname }}/device/sriov_numvfs -ifconfig {{ tsg_tun_mode.ethname }}.100 down -vconfig rem {{ tsg_tun_mode.ethname }}.100 +echo 0 >/sys/class/net/{{ server.ethname }}/device/sriov_numvfs +ifconfig {{ server.ethname }}.100 down +vconfig rem {{ server.ethname }}.100 {% if tsg_access_type == 4 %} -echo 0 >/sys/class/net/{{ nic_data_incoming.name }}/device/sriov_numvfs +echo 0 >/sys/class/net/{{ nic_data_incoming.ethname }}/device/sriov_numvfs {% endif %}