diff --git a/install_config/group_vars/all.yml b/install_config/group_vars/all.yml new file mode 100644 index 0000000..5c65e0c --- /dev/null +++ b/install_config/group_vars/all.yml @@ -0,0 +1,87 @@ +######################################## +tsg_access_type: 0 + +######################################## +maat_redis_server: + address: "192.168.40.168" + port: 7002 + db: 0 + +dynamic_maat_redis_server: + address: "192.168.40.168" + port: 7002 + db: 0 + +cert_store_server: + address: "127.0.0.1" + port: 9991 + +log_kafkabrokers: + address: "192.168.40.169:9092" + +log_minio: + address: "192.168.40.168;" + port: 9090 + +fs_remote: + switch: 1 + address: "127.0.0.1" + port: 8125 + +######################################## +sapp: + worker_threads: 16 + bind_mask: 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16 + +######################################## +kni: + global: + log_level: 30 + tfe_node_count: 3 + watch_dog: + switch: 1 + maat: + readconf_mode: 2 + send_logger: + switch: 1 + tfe_nodes: + - tfe0: + enabled: 1 + - tfe1: + enabled: 1 + - tfe2: + enabled: 1 + +######################################## +tfe: + nr_threads: 32 + mc_cache_eth: lo + keykeeper: + mode: "normal" + no_cache: 0 + +######################################## +mrzcpd: + iocore: 39 + +mrtunnat: + lcore_id: 38 + +######################################## +nic_mgr: + name: eth0 +nic_data_incoming: + name: tun_kni + address: 127.0.0.1 +nic_inner_ctrl: + name: eth0.100 +nic_traffic_mirror: + name: lo + use_mrzcpd: 0 + +nic_transparent_mode: + enable: 1 + mode: pcap + internel_interface: "eth2" + external_interface: "eth3" + diff --git a/install_config/group_vars/blade-00.yml b/install_config/group_vars/blade-00.yml new file mode 100644 index 0000000..d236c2b --- /dev/null +++ b/install_config/group_vars/blade-00.yml @@ -0,0 +1,23 @@ +nic_mgr: + name: enp6s0 +nic_data_incoming: + name: ens1f4 + ip: 192.168.1.30 + mask: 255.255.255.252 +nic_inner_ctrl: + name: ens1.100 +nic_to_tfe: + tfe0: + name: ens1f5 + tfe1: + name: ens1f6 + tfe2: + name: ens1f7 + +AllotAccess: + virturlInterface_1: ens1f2.103 + virturlInterface_2: ens1f2.104 + virturlID_1: 103 + virturlID_2: 104 + vvipv4_mask: 24 + vvipv6_mask: 64 diff --git a/install_config/group_vars/blade-01.yml b/install_config/group_vars/blade-01.yml new file mode 100644 index 0000000..baec084 --- /dev/null +++ b/install_config/group_vars/blade-01.yml @@ -0,0 +1,11 @@ +nic_mgr: + name: enp6s0 +nic_data_incoming: + name: ens1f1 + mac: AA:BB:CC:DD:EE:FF + address: 127.0.0.1 +nic_inner_ctrl: + name: ens1.100 +nic_traffic_mirror: + name: ens1f2 + use_mrzcpd: 1 diff --git a/install_config/group_vars/blade-02.yml b/install_config/group_vars/blade-02.yml new file mode 100644 index 0000000..0d98ac5 --- /dev/null +++ b/install_config/group_vars/blade-02.yml @@ -0,0 +1,10 @@ +nic_mgr: + name: enp6s0 +nic_data_incoming: + name: ens8f1 + mac: AA:BB:CC:DD:EE:FF +nic_inner_ctrl: + name: ens8.100 +nic_traffic_mirror: + name: ens8f2 + use_mrzcpd: 1 diff --git a/install_config/group_vars/blade-03.yml b/install_config/group_vars/blade-03.yml new file mode 100644 index 0000000..0d98ac5 --- /dev/null +++ b/install_config/group_vars/blade-03.yml @@ -0,0 +1,10 @@ +nic_mgr: + name: enp6s0 +nic_data_incoming: + name: ens8f1 + mac: AA:BB:CC:DD:EE:FF +nic_inner_ctrl: + name: ens8.100 +nic_traffic_mirror: + name: ens8f2 + use_mrzcpd: 1 diff --git a/install_config/hosts b/install_config/hosts new file mode 100644 index 0000000..2ee4e69 --- /dev/null +++ b/install_config/hosts @@ -0,0 +1,26 @@ +[all:vars] +ansible_user=root +package_source=local + +[pc-as-tun-mode] + +[blade-mxn] +192.168.40.170 + +[blade-00] +192.168.40.166 vvipv4_1= vvipv4_2= vvipv6_1= vvipv6_2= + +[blade-01] +192.168.40.167 + +[blade-02] +192.168.40.168 + +[blade-03] +192.168.40.169 + +[Functional_Host:children] +blade-00 +blade-01 +blade-02 +blade-03 diff --git a/roles/certstore/files/certstore-v20.04.3989072-1.el7.x86_64.rpm b/roles/certstore/files/certstore-v20.04.3989072-1.el7.x86_64.rpm new file mode 100644 index 0000000..9061d15 Binary files /dev/null and b/roles/certstore/files/certstore-v20.04.3989072-1.el7.x86_64.rpm differ diff --git a/roles/clotho/files/clotho-debug-1.0.0.-1.el7.x86_64.rpm b/roles/clotho/files/clotho-debug-1.0.0.-1.el7.x86_64.rpm new file mode 100644 index 0000000..6601627 Binary files /dev/null and b/roles/clotho/files/clotho-debug-1.0.0.-1.el7.x86_64.rpm differ diff --git a/roles/clotho/files/clotho.service b/roles/clotho/files/clotho.service new file mode 100644 index 0000000..860fe46 --- /dev/null +++ b/roles/clotho/files/clotho.service @@ -0,0 +1,13 @@ +[Unit] +Description=clotho +After=network.target +After=network-online.target +Wants=network-online.target + +[Service] +ExecStart=/home/mesasoft/clotho/clotho +ExecStop=killall clotho +Type=forking + +[Install] +WantedBy=multi-user.target diff --git a/roles/clotho/tasks/main.yml b/roles/clotho/tasks/main.yml new file mode 100644 index 0000000..30f7b28 --- /dev/null +++ b/roles/clotho/tasks/main.yml @@ -0,0 +1,30 @@ +- name: "copy clotho rpm to destination server" + copy: + src: "{{ role_path }}/files/clotho-debug-1.0.0.-1.el7.x86_64.rpm" + dest: /tmp/ansible_deploy/ + +- name: "copy clotho.service to destination server" + copy: + src: "{{ role_path }}/files/clotho.service" + dest: /usr/lib/systemd/system + mode: 0755 + +- name: "install clotho rpm from localhost" + yum: + name: + - /tmp/ansible_deploy/clotho-debug-1.0.0.-1.el7.x86_64.rpm + state: present + +- name: "Template the clotho.conf" + template: + src: "{{ role_path }}/templates/clotho.conf.j2" + dest: /home/mesasoft/clotho/conf/clotho.conf + tags: template + +- name: "start clotho" + systemd: + name: clotho.service + enabled: yes + state: started + daemon_reload: yes + diff --git a/roles/clotho/templates/clotho.conf.j2 b/roles/clotho/templates/clotho.conf.j2 new file mode 100644 index 0000000..b85c316 --- /dev/null +++ b/roles/clotho/templates/clotho.conf.j2 @@ -0,0 +1,7 @@ +[KAFKA] +BROKER_LIST={{ log_kafkabrokers.address }} + +[SYSTEM] +NIC_NAME={{ nic_mgr.name }} +LOG_LEVEL=10 +LOG_PATH=log/clotho diff --git a/roles/firewall/files/capture_packet_plug-debug-1.0.0.-1.el7.x86_64.rpm b/roles/firewall/files/capture_packet_plug-debug-1.0.0.-1.el7.x86_64.rpm new file mode 100644 index 0000000..0876b5d Binary files /dev/null and b/roles/firewall/files/capture_packet_plug-debug-1.0.0.-1.el7.x86_64.rpm differ diff --git a/roles/firewall/files/clotho-debug-1.0.0.-1.el7.x86_64.rpm b/roles/firewall/files/clotho-debug-1.0.0.-1.el7.x86_64.rpm new file mode 100644 index 0000000..6601627 Binary files /dev/null and b/roles/firewall/files/clotho-debug-1.0.0.-1.el7.x86_64.rpm differ diff --git a/roles/firewall/files/fw_dns_plug-debug-1.0.3.ea8e0f6-1.el7.centos.x86_64.rpm b/roles/firewall/files/fw_dns_plug-debug-1.0.3.ea8e0f6-1.el7.centos.x86_64.rpm new file mode 100644 index 0000000..73504d3 Binary files /dev/null and b/roles/firewall/files/fw_dns_plug-debug-1.0.3.ea8e0f6-1.el7.centos.x86_64.rpm differ diff --git a/roles/firewall/files/fw_ftp_plug-debug-1.0.1.a5c1e05-1.el7.centos.x86_64.rpm b/roles/firewall/files/fw_ftp_plug-debug-1.0.1.a5c1e05-1.el7.centos.x86_64.rpm new file mode 100644 index 0000000..de29362 Binary files /dev/null and b/roles/firewall/files/fw_ftp_plug-debug-1.0.1.a5c1e05-1.el7.centos.x86_64.rpm differ diff --git a/roles/firewall/files/fw_http_plug-debug-1.0.6.7b34485-1.el7.centos.x86_64.rpm b/roles/firewall/files/fw_http_plug-debug-1.0.6.7b34485-1.el7.centos.x86_64.rpm new file mode 100644 index 0000000..d25be26 Binary files /dev/null and b/roles/firewall/files/fw_http_plug-debug-1.0.6.7b34485-1.el7.centos.x86_64.rpm differ diff --git a/roles/firewall/files/fw_mail_plug-debug-1.0.2.f513698-1.el7.centos.x86_64.rpm b/roles/firewall/files/fw_mail_plug-debug-1.0.2.f513698-1.el7.centos.x86_64.rpm new file mode 100644 index 0000000..9e9cf56 Binary files /dev/null and b/roles/firewall/files/fw_mail_plug-debug-1.0.2.f513698-1.el7.centos.x86_64.rpm differ diff --git a/roles/firewall/files/fw_ssl_plug-1.0.1.d232f96-1.el7.centos.x86_64.rpm b/roles/firewall/files/fw_ssl_plug-1.0.1.d232f96-1.el7.centos.x86_64.rpm new file mode 100644 index 0000000..38df0fc Binary files /dev/null and b/roles/firewall/files/fw_ssl_plug-1.0.1.d232f96-1.el7.centos.x86_64.rpm differ diff --git a/roles/firewall/files/tsg_conn_record-1.0.0.2155660-1.el7.centos.x86_64.rpm b/roles/firewall/files/tsg_conn_record-1.0.0.2155660-1.el7.centos.x86_64.rpm new file mode 100644 index 0000000..37745d0 Binary files /dev/null and b/roles/firewall/files/tsg_conn_record-1.0.0.2155660-1.el7.centos.x86_64.rpm differ diff --git a/roles/firewall/templates/capture_packet_plug.conf.j2 b/roles/firewall/templates/capture_packet_plug.conf.j2 new file mode 100644 index 0000000..aa9e6c5 --- /dev/null +++ b/roles/firewall/templates/capture_packet_plug.conf.j2 @@ -0,0 +1,25 @@ +[MAAT] +MAAT_MODE=2 +#EFFECTIVE_FLAG= +STAT_SWITCH=1 +PERF_SWITCH=1 +TABLE_INFO=conf/capture_packet_tableinfo.conf +STAT_FILE=capture_packet_maat.status +EFFECT_INTERVAL_S=1 +REDIS_IP={{ maat_redis_server.address }} +REDIS_PORT_NUM=1 +REDIS_PORT={{ maat_redis_server.port }} +REDIS_INDEX=0 +JSON_CFG_FILE=conf/capture_packet_maat.json +INC_CFG_DIR=capture_packet_rule/inc/index/ +FULL_CFG_DIR=capture_packet_rule/full/index/ + +[LOG] +NIC_NAME={{ nic_mgr.name }} +BROKER_LIST={{ log_kafkabrokers.address }} +FIELD_FILE=conf/capture_packet_log_field.conf + +[SYSTEM] +LOG_LEVEL=10 +LOG_PATH=./tsglog/capture_packet_plug/capture_packet + diff --git a/roles/framework/files/framework-debug-2.0.17.1e678c4-1.el7.centos.x86_64.rpm b/roles/framework/files/framework-debug-2.0.17.1e678c4-1.el7.centos.x86_64.rpm new file mode 100755 index 0000000..ec80489 Binary files /dev/null and b/roles/framework/files/framework-debug-2.0.17.1e678c4-1.el7.centos.x86_64.rpm differ diff --git a/roles/framework/files/framework.conf b/roles/framework/files/framework.conf new file mode 100644 index 0000000..446277c --- /dev/null +++ b/roles/framework/files/framework.conf @@ -0,0 +1 @@ +/opt/MESA/lib/ diff --git a/roles/framework/files/libmaatframe-2.8.0.5a450d2-1.el7.x86_64.rpm b/roles/framework/files/libmaatframe-2.8.0.5a450d2-1.el7.x86_64.rpm new file mode 100644 index 0000000..372f30d Binary files /dev/null and b/roles/framework/files/libmaatframe-2.8.0.5a450d2-1.el7.x86_64.rpm differ diff --git a/roles/http_healthcheck/files/http_healthcheck-20.04-1.el7.x86_64.rpm b/roles/http_healthcheck/files/http_healthcheck-20.04-1.el7.x86_64.rpm new file mode 100644 index 0000000..eff24ad Binary files /dev/null and b/roles/http_healthcheck/files/http_healthcheck-20.04-1.el7.x86_64.rpm differ diff --git a/roles/http_healthcheck/tasks/main.yml b/roles/http_healthcheck/tasks/main.yml new file mode 100644 index 0000000..82f34c4 --- /dev/null +++ b/roles/http_healthcheck/tasks/main.yml @@ -0,0 +1,10 @@ +- name: "copy http_healthcheck rpm to destination server" + copy: + src: "{{ role_path }}/files/" + dest: /tmp/ansible_deploy/ + +- name: "install http_healthcheck from localhost" + yum: + name: + - /tmp/ansible_deploy/http_healthcheck-20.04-1.el7.x86_64.rpm + state: present diff --git a/roles/kernel-ml/files/dkms-2.7.1-1.el7.noarch.rpm b/roles/kernel-ml/files/dkms-2.7.1-1.el7.noarch.rpm new file mode 100644 index 0000000..e5a68ba Binary files /dev/null and b/roles/kernel-ml/files/dkms-2.7.1-1.el7.noarch.rpm differ diff --git a/roles/kni/files/kni-20.04-1.el7.x86_64.rpm b/roles/kni/files/kni-20.04-1.el7.x86_64.rpm new file mode 100644 index 0000000..197bebe Binary files /dev/null and b/roles/kni/files/kni-20.04-1.el7.x86_64.rpm differ diff --git a/roles/mrzcpd/files/mrzcpd-4.3.17.f543325-1.el7.x86_64.rpm b/roles/mrzcpd/files/mrzcpd-4.3.17.f543325-1.el7.x86_64.rpm new file mode 100644 index 0000000..caa34c1 Binary files /dev/null and b/roles/mrzcpd/files/mrzcpd-4.3.17.f543325-1.el7.x86_64.rpm differ diff --git a/roles/mrzcpd/templates/mrglobal.conf.allot_access.j2 b/roles/mrzcpd/templates/mrglobal.conf.allot_access.j2 new file mode 100644 index 0000000..a4ab0ad --- /dev/null +++ b/roles/mrzcpd/templates/mrglobal.conf.allot_access.j2 @@ -0,0 +1,68 @@ +[device] +device=ens1f4,ens1f5,ens1f6,ens1f7,vxlan_user,vxlan_fwd +sz_tunnel=8192 +sz_buffer=0 + +[device:ens1f4] +jumbo_frame=1 +max_rx_pkt_len=15360 +clear_tx_flags=1 +vlan-filter=0 +vlan-id-allow={{ AllotAccess.virturlID_1 }},{{ AllotAccess.virturlID_2 }} +vlan-pvid=0 +vlan-pvid-mode=2 + +[device:ens1f5] +jumbo_frame=1 +max_rx_pkt_len=15360 +clear_tx_flags=1 +promisc=1 + +[device:ens1f6] +jumbo_frame=1 +max_rx_pkt_len=15360 +clear_tx_flags=1 +promisc=1 + +[device:ens1f7] +jumbo_frame=1 +max_rx_pkt_len=15360 +clear_tx_flags=1 +promisc=1 + +[service] +# lcore id for i/o service, use comma to split +iocore={{ mrzcpd.iocore }} +distmode=2 +hashmode=0 + +[eal] +virtaddr=0x7f40c4a00000 +loglevel=7 + +[keepalive] +check_spinlock=0 + +[ctrlzone] +ctrlzone0=tunnat,64 + +[pool] +create_mode=3 +sz_direct_pktmbuf=4194304 +sz_indirect_pktmbuf=8192 +sz_cache=256 +sz_data=4096 + +[forward] +nr_forward_rule=10 +forward_rule_0=pv,ens1f4,ens1f4 +forward_rule_1=vp,ens1f4,ens1f4 +forward_rule_2=vv,vxlan_fwd,vxlan_user +forward_rule_3=vv,vxlan_user,vxlan_fwd +forward_rule_4=pv,ens1f5,ens1f5 +forward_rule_5=vp,ens1f5,ens1f5 +forward_rule_6=pv,ens1f6,ens1f6 +forward_rule_7=vp,ens1f6,ens1f6 +forward_rule_8=pv,ens1f7,ens1f7 +forward_rule_9=vp,ens1f7,ens1f7 + diff --git a/roles/mrzcpd/templates/mrtunnat.conf.allot_access.j2 b/roles/mrzcpd/templates/mrtunnat.conf.allot_access.j2 new file mode 100644 index 0000000..8e6f9cb --- /dev/null +++ b/roles/mrzcpd/templates/mrtunnat.conf.allot_access.j2 @@ -0,0 +1,19 @@ +[tunnat] +lcore_id={{ mrtunnat.lcore_id }} +appsym=tunnat +phydev=ens1f4 +virtdev=vxlan_fwd +nr_max_sessions=524280 +nr_slots=1048576 +expire_time=60 +reverse_tunnel=0 +use_recent_tunnel=0 +use_tuple4_as_sskey=1 +ctrlzone_addr_info_type=2 + +[vlan_flipping] +enable=1 +c_router_vlan_id_0={{ AllotAccess.virturlID_1 }} +i_router_vlan_id_0={{ AllotAccess.virturlID_2 }} +en_mac_flipping_0=1 + diff --git a/roles/sapp/files/tsg_master-debug-1.0.3.a4e2a7c-1.el7.centos.x86_64.rpm b/roles/sapp/files/tsg_master-debug-1.0.3.a4e2a7c-1.el7.centos.x86_64.rpm new file mode 100644 index 0000000..b81cfd6 Binary files /dev/null and b/roles/sapp/files/tsg_master-debug-1.0.3.a4e2a7c-1.el7.centos.x86_64.rpm differ diff --git a/roles/tfe/files/tfe-4.3.1.cc89b5b-1.el7.x86_64.rpm b/roles/tfe/files/tfe-4.3.1.cc89b5b-1.el7.x86_64.rpm new file mode 100755 index 0000000..7f8410d Binary files /dev/null and b/roles/tfe/files/tfe-4.3.1.cc89b5b-1.el7.x86_64.rpm differ diff --git a/roles/tfe/files/tfe-kmod-v1.0.5.20200408-1dkms.noarch.rpm b/roles/tfe/files/tfe-kmod-v1.0.5.20200408-1dkms.noarch.rpm new file mode 100755 index 0000000..bae4165 Binary files /dev/null and b/roles/tfe/files/tfe-kmod-v1.0.5.20200408-1dkms.noarch.rpm differ diff --git a/roles/tsg-env-mcn0/templates/setup.AllotAccess.j2 b/roles/tsg-env-mcn0/templates/setup.AllotAccess.j2 new file mode 100644 index 0000000..c07c2ca --- /dev/null +++ b/roles/tsg-env-mcn0/templates/setup.AllotAccess.j2 @@ -0,0 +1,144 @@ +#!/bin/bash +# set -x + +CURRENT_PATH=`dirname $0` +TP_SVR=192.168.100.5 +TP_PORT=10000 +REMOTE_CONTROL_BIN=switch_control_client_non_block + +function get_netdev_by_pci() +{ + DEV_LIST=`ifconfig -a |grep flags |awk -F: '{print $1}'` + for i in ${DEV_LIST} + do + ethtool -i ${i} |grep bus-info |grep "$1" > /dev/null 2>&1 + if [ $? -eq 0 ];then + TARGET=${i} + break + fi + done + + echo ${TARGET} +} + +function pf_setup() +{ + ifconfig ens1 up + + modprobe 8021q + vconfig add ens1 100 + vconfig set_flag ens1.100 1 1 + ifconfig ens1.100 192.168.100.1 netmask 255.255.255.0 up + sleep 1 +} + +function vf_setup() +{ + echo 8 > /sys/class/net/ens1/device/sriov_numvfs + sleep 5 + + ifconfig ens1f3 up + ip link set ens1 vf 2 vlan 200 + ifconfig ens1f3 192.168.200.1 netmask 255.255.255.0 + + ifconfig ens1f1 up + ifconfig ens1f2 up + ifconfig ens1f3 up + ifconfig ens1f4 up + ifconfig ens1f5 up + ifconfig ens1f6 up + ifconfig ens1f7 up + ifconfig enp1s1 up + + sleep 5 +} + +function bring_down_pfvf() +{ + echo 0 > /sys/class/net/ens1/device/sriov_numvfs + ifconfig ens1 down + sleep 3 +} + +function AllotAccessNetworkModel() +{ + ip link add link ens1f2 name {{ AllotAccess.virturlInterface_1 }} type vlan id {{ AllotAccess.virturlID_1 }} + ip link add link ens1f2 name {{ AllotAccess.virturlInterface_2 }} type vlan id {{ AllotAccess.virturlID_2 }} + ip addr add {{ vvipv4_1 }}/{{ AllotAccess.vvipv4_mask }} dev {{ AllotAccess.virturlInterface_1 }} + ip addr add {{ vvipv4_2 }}/{{ AllotAccess.vvipv4_mask }} dev {{ AllotAccess.virturlInterface_2 }} + ip -6addr add {{ vvipv6_1 }}/{{ AllotAccess.vvipv6_mask }} dev {{ AllotAccess.virturlInterface_1 }} + ip -6addr add {{ vvipv6_2 }}/{{ AllotAccess.vvipv6_mask }} dev {{ AllotAccess.virturlInterface_2 }} +} + +# Main loop +while : +do + FAIL_FLAG=0 + + # Make sure PF is valid + ping ${TP_SVR} -c 1 + if [ $? -ne 0 ];then + echo "Please make sure switch board is up." + bring_down_pfvf + pf_setup + continue + fi + + # Make sure TestPoint is up. + ${CURRENT_PATH}/${REMOTE_CONTROL_BIN} -s ${TP_SVR} -n ${TP_PORT} -c "show version" + if [ $? -ne 0 ];then + echo "Cannot reach TestPoint!" + echo "Please make sure TestPoint is up and in remote-listen mode." + sleep 5 + continue + fi + + # Create VFs and get MAC addresses + vf_setup + + PF=`get_netdev_by_pci 01:00.0` + VF1=`get_netdev_by_pci 01:00.1` + VF2=`get_netdev_by_pci 01:00.2` + VF3=`get_netdev_by_pci 01:00.3` + VF4=`get_netdev_by_pci 01:00.4` + VF5=`get_netdev_by_pci 01:00.5` + VF6=`get_netdev_by_pci 01:00.6` + VF7=`get_netdev_by_pci 01:00.7` + VF8=`get_netdev_by_pci 01:01.0` + + MAC1=`ifconfig ${VF1} |grep ether |awk -F' ' '{print $2}'` + MAC2=`ifconfig ${VF2} |grep ether |awk -F' ' '{print $2}'` + MAC3=`ifconfig ${VF3} |grep ether |awk -F' ' '{print $2}'` + MAC4=`ifconfig ${VF4} |grep ether |awk -F' ' '{print $2}'` + MAC5=`ifconfig ${VF5} |grep ether |awk -F' ' '{print $2}'` + MAC6=`ifconfig ${VF6} |grep ether |awk -F' ' '{print $2}'` + MAC7=`ifconfig ${VF7} |grep ether |awk -F' ' '{print $2}'` + MAC8=`ifconfig ${VF8} |grep ether |awk -F' ' '{print $2}'` + MAC9=`ifconfig ${PF} |grep ether |awk -F' ' '{print $2}'` + + # Make sure VFs are valid + MAC_TABLE=`${CURRENT_PATH}/${REMOTE_CONTROL_BIN} -s ${TP_SVR} -n ${TP_PORT} -c "show mac table all"` + + for i in ${MAC1} ${MAC2} ${MAC3} ${MAC4} ${MAC5} ${MAC6} ${MAC7} ${MAC8} ${MAC9} + do + echo ${MAC_TABLE} |grep ${i} > /dev/null 2>&1 + if [ $? -ne 0 ];then + echo "MAC ${i} is not in table!" + FAIL_FLAG=1 + break + fi + done + + if [ ${FAIL_FLAG} -eq 1 ];then + bring_down_pfvf + continue + fi + + # Set_AllotAccessNetworkModel + AllotAccessNetworkModel + + echo "PF/VF setup successful." + exit 0 +done + + diff --git a/roles/tsg-env-mxn/templates/PM1.13_inline_access_saved_startup b/roles/tsg-env-mxn/templates/PM1.13_inline_access_saved_startup new file mode 100755 index 0000000..c143a6e --- /dev/null +++ b/roles/tsg-env-mxn/templates/PM1.13_inline_access_saved_startup @@ -0,0 +1,148 @@ +# TestPoint History +load ./Config/libertyTrail/testpoint_startup + +add vlan port 1 0 + +create vlan 100 +add vlan port 100 0,11,37,39,41,43 +set port config 11 pvid 100 +set port config 11 mask 0,37,39,41,43 +set port config 0,11,39,37,41,43 learning on + +create vlan 200 +add vlan port 200 0,37,39,9,10,41,43 +set port config 0 mask 9..44 +set port config 37 mask 0..36,38..44 +set port config 39 mask 0..38,40..44 +set port config 41 mask 0..40,42..44 +set port config 43 mask 0..44 +set port config 0,39,37,41,43 learning on + +create vlan 1000 +add vlan port 1000 43 +create vlan 1001 +add vlan port 1001 43 + +create lag +add lag 9261 9,10 +add vlan port 200 9261 +set port config 9261 pvid 200 +set port config 9261 parser_cfg L4 +set port config 9261 learning on +set port config 9261 mask 0,11..44 + +create vlan all +create lag +add vlan port all 43 +add lag 9293 1,2,3,4 +add vlan port all 9293 +set port config 9293 parser_cfg L4 +set port config 9293 learning on +set port config 9293 mask 0,5..44 +set vlan tagging all 1,2,3,4 tag +set vlan tagging 1 1,2,3,4 untag + +create lag +add lag 9325 5,6,7,8 +add vlan port all 9325 +set port config 9325 parser_cfg L4 +set port config 9325 learning on +set port config 9325 mask 0..4,9..44 +set vlan tagging all 5,6,7,8 tag +set vlan tagging 1 5,6,7,8 untag + +set port 37,39,41,43 powerdown +set port 37,39,41,43 up +set port 1..36 up + +set port config 11 parser_cfg L4 +set port config 37..44 parser_cfg L4 + +set port config 11..36 max_frame_size 15360 +set switch reserved_mac all switch + +set switch config hashing l234 use_smac on +set switch config hashing l234 use_dmac on +set switch config hashing l234 use_l34 on +set switch config hashing l34 use_dip on +set switch config hashing l34 use_sip on +set switch config hashing l234 symmetric on +set switch config hashing l34 symmetric on + + +set port config 9261,9293,9325 max_frame_size 15360 +create acl 1 + +create acl-rule 1 61 +add acl-rule condition 1 61 src-glort 0x5803 +add acl-rule condition 1 61 vlan 1000 +add acl-rule action 1 61 redirect 7220 +add acl-rule action 1 61 vlan 1 + +create acl-rule 1 62 +add acl-rule condition 1 62 src-glort 0x5803 +add acl-rule condition 1 62 vlan 1001 +add acl-rule action 1 62 redirect 7213 +add acl-rule action 1 62 vlan 1 + +create acl-rule 1 100 +add acl-rule condition 1 100 src-glort 0x5803 +add acl-rule action 1 100 redirect 9293 + +create acl-rule 1 101 +add acl-rule condition 1 101 src-port 1 +add acl-rule action 1 101 redirect 7216 +create acl-rule 1 102 +add acl-rule condition 1 102 src-port 2 +add acl-rule action 1 102 redirect 7216 +create acl-rule 1 103 +add acl-rule condition 1 103 src-port 3 +add acl-rule action 1 103 redirect 7216 +create acl-rule 1 104 +add acl-rule condition 1 104 src-port 4 +add acl-rule action 1 104 redirect 7216 + +create acl-rule 1 200 +add acl-rule condition 1 200 src-glort 0x5804 +add acl-rule action 1 200 redirect 6189 +create acl-rule 1 201 +add acl-rule condition 1 201 src-glort 0x5805 +add acl-rule action 1 201 redirect 5165 +create acl-rule 1 202 +add acl-rule condition 1 202 src-glort 0x5806 +add acl-rule action 1 202 redirect 4141 +create acl-rule 1 203 +add acl-rule condition 1 203 src-glort 0x5000 +add acl-rule action 1 203 redirect 7217 +create acl-rule 1 204 +add acl-rule condition 1 204 src-glort 0x4800 +add acl-rule action 1 204 redirect 7218 +create acl-rule 1 205 +add acl-rule condition 1 205 src-glort 0x4000 +add acl-rule action 1 205 redirect 7219 + +create acl-rule 1 301 +add acl-rule condition 1 301 src-glort 0x5807 +add acl-rule action 1 301 redirect 7216 +add acl-rule action 1 301 vlan 1000 + +create acl-rule 1 302 +add acl-rule condition 1 302 src-glort 0x5800 +add acl-rule action 1 302 redirect 7216 +add acl-rule action 1 302 vlan 1001 + +create acl-rule 1 401 +add acl-rule condition 1 401 src-glort 0x5001 +add acl-rule action 1 401 redirect 9325 +create acl-rule 1 402 +add acl-rule condition 1 402 src-glort 0x4801 +add acl-rule action 1 402 redirect 9325 +create acl-rule 1 403 +add acl-rule condition 1 403 src-glort 0x4001 +add acl-rule action 1 403 redirect 9325 +create acl-rule 1 404 +add acl-rule condition 1 404 src-glort 0x5801 +add acl-rule action 1 404 redirect 9325 + +apply acl +remote listen diff --git a/roles/tsg-env-mxn/templates/PM1.13_vlan_mac_flipping_saved_startup b/roles/tsg-env-mxn/templates/PM1.13_vlan_mac_flipping_saved_startup new file mode 100644 index 0000000..18e5429 --- /dev/null +++ b/roles/tsg-env-mxn/templates/PM1.13_vlan_mac_flipping_saved_startup @@ -0,0 +1,347 @@ +# TestPoint History +load ./Config/libertyTrail/testpoint_startup + +add vlan port 1 0 + +create vlan 100 +add vlan port 100 0,11,37,39,41,43 +set port config 11 pvid 100 +set port config 11 mask 0,37,39,41,43 +set port config 0,11,39,37,41,43 learning on + +create vlan 200 +add vlan port 200 0,37,39,9,10,41,43 +set port config 0 mask 9..44 +set port config 37 mask 0..36,38..44 +set port config 39 mask 0..38,40..44 +set port config 41 mask 0..40,42..44 +set port config 43 mask 0..44 +set port config 0,39,37,41,43 learning on + +create vlan 4000 +add vlan port 4000 43 +create vlan 4001 +add vlan port 4001 43 + +create lag +add lag 9261 9,10 +add vlan port 200 9261 +set port config 9261 pvid 200 +set port config 9261 parser_cfg L4 +set port config 9261 learning on +set port config 9261 mask 0,11..44 + +create vlan all +create lag +add vlan port all 43 +add lag 9293 1,2,3,4 +add vlan port all 9293 +set port config 9293 parser_cfg L4 +set port config 9293 learning on +set port config 9293 mask 0,5..44 +set vlan tagging all 1,2,3,4 tag +set vlan tagging 1 1,2,3,4 untag + +create lag +add lag 9325 5,6,7,8 +add vlan port all 9325 +set port config 9325 parser_cfg L4 +set port config 9325 learning on +set port config 9325 mask 0..4,9..44 +set vlan tagging all 5,6,7,8 tag +set vlan tagging 1 5,6,7,8 untag + +set port 37,39,41,43 powerdown +set port 37,39,41,43 up +set port 1..36 up + +set port config 11 parser_cfg L4 +set port config 37..44 parser_cfg L4 + +set port config 11..36 max_frame_size 15360 +set switch reserved_mac all switch + +set switch config hashing l234 use_smac on +set switch config hashing l234 use_dmac on +set switch config hashing l234 use_l34 on +set switch config hashing l34 use_dip on +set switch config hashing l34 use_sip on +set switch config hashing l234 symmetric on +set switch config hashing l34 symmetric on + + +set port config 9261,9293,9325 max_frame_size 15360 +create acl 1 + +# Redirect all ARP request to ens1f2 +create acl-rule 1 40 +add acl-rule condition 1 40 src-port 1 +add acl-rule condition 1 40 ethtype 0x0806 +add acl-rule action 1 40 redirect 7214 + +create acl-rule 1 41 +add acl-rule condition 1 41 src-port 2 +add acl-rule condition 1 41 ethtype 0x0806 +add acl-rule action 1 41 redirect 7214 + +create acl-rule 1 42 +add acl-rule condition 1 42 src-port 3 +add acl-rule condition 1 42 ethtype 0x0806 +add acl-rule action 1 42 redirect 7214 + +create acl-rule 1 43 +add acl-rule condition 1 43 src-port 4 +add acl-rule condition 1 43 ethtype 0x0806 +add acl-rule action 1 43 redirect 7214 + +# Redirect all ICMPv4 to ens1f2 -- 10.0.0.0/8 +create acl-rule 1 44 +add acl-rule condition 1 44 src-port 1 +add acl-rule condition 1 44 protocol 0x1/0xff +add acl-rule condition 1 44 sip 10.0.0.0/8 +add acl-rule condition 1 44 dip 10.0.0.0/8 +add acl-rule action 1 44 redirect 7214 + +create acl-rule 1 45 +add acl-rule condition 1 45 src-port 2 +add acl-rule condition 1 45 protocol 0x1/0xff3 +add acl-rule condition 1 45 sip 10.0.0.0/8 +add acl-rule condition 1 45 dip 10.0.0.0/8 +add acl-rule action 1 45 redirect 7214 + +create acl-rule 1 46 +add acl-rule condition 1 46 src-port 3 +add acl-rule condition 1 46 protocol 0x1/0xff +add acl-rule condition 1 46 sip 10.0.0.0/8 +add acl-rule condition 1 46 dip 10.0.0.0/8 +add acl-rule action 1 46 redirect 7214 + +create acl-rule 1 47 +add acl-rule condition 1 47 src-port 4 +add acl-rule condition 1 47 protocol 0x1/0xff +add acl-rule condition 1 47 sip 10.0.0.0/8 +add acl-rule condition 1 47 dip 10.0.0.0/8 +add acl-rule action 1 47 redirect 7214 + +# Redirect all ICMPv4 to ens1f2 -- 192.168.0.0/16 +create acl-rule 1 48 +add acl-rule condition 1 48 src-port 1 +add acl-rule condition 1 48 protocol 0x1/0xff +add acl-rule condition 1 48 sip 192.168.0.0/16 +add acl-rule condition 1 48 dip 192.168.0.0/16 +add acl-rule action 1 48 redirect 7214 + +create acl-rule 1 49 +add acl-rule condition 1 49 src-port 2 +add acl-rule condition 1 49 protocol 0x1/0xff3 +add acl-rule condition 1 49 sip 192.168.0.0/16 +add acl-rule condition 1 49 dip 192.168.0.0/16 +add acl-rule action 1 49 redirect 7214 + +create acl-rule 1 50 +add acl-rule condition 1 50 src-port 3 +add acl-rule condition 1 50 protocol 0x1/0xff +add acl-rule condition 1 50 sip 192.168.0.0/16 +add acl-rule condition 1 50 dip 192.168.0.0/16 +add acl-rule action 1 50 redirect 7214 + +create acl-rule 1 51 +add acl-rule condition 1 51 src-port 4 +add acl-rule condition 1 51 protocol 0x1/0xff +add acl-rule condition 1 51 sip 192.168.0.0/16 +add acl-rule condition 1 51 dip 192.168.0.0/16 +add acl-rule action 1 51 redirect 7214 + +# Redirect all TCP with port 51218, for health check - 192.168.0.0/24 +create acl-rule 1 60 +add acl-rule condition 1 60 src-port 1 +add acl-rule condition 1 60 protocol 0x6/0xff +add acl-rule condition 1 60 sip 192.168.0.0/16 +add acl-rule condition 1 60 dip 192.168.0.0/16 +add acl-rule condition 1 60 l4-dst-port 51218/0xffff +add acl-rule action 1 60 redirect 7214 + +create acl-rule 1 61 +add acl-rule condition 1 61 src-port 2 +add acl-rule condition 1 61 protocol 0x6/0xff +add acl-rule condition 1 61 sip 192.168.0.0/16 +add acl-rule condition 1 61 dip 192.168.0.0/16 +add acl-rule condition 1 61 l4-dst-port 51218/0xffff +add acl-rule action 1 61 redirect 7214 + +create acl-rule 1 62 +add acl-rule condition 1 62 src-port 3 +add acl-rule condition 1 62 protocol 0x6/0xff +add acl-rule condition 1 62 sip 192.168.0.0/16 +add acl-rule condition 1 62 dip 192.168.0.0/16 +add acl-rule condition 1 62 l4-dst-port 51218/0xffff +add acl-rule action 1 62 redirect 7214 + +create acl-rule 1 63 +add acl-rule condition 1 63 src-port 4 +add acl-rule condition 1 63 protocol 0x6/0xff +add acl-rule condition 1 63 sip 192.168.0.0/16 +add acl-rule condition 1 63 dip 192.168.0.0/16 +add acl-rule condition 1 63 l4-dst-port 51218/0xffff +add acl-rule action 1 63 redirect 7214 + +# Redirect all TCP with port 51218, for health check - 10.0.0.0/8 +create acl-rule 1 64 +add acl-rule condition 1 64 src-port 1 +add acl-rule condition 1 64 protocol 0x6/0xff +add acl-rule condition 1 64 sip 10.0.0.0/8 +add acl-rule condition 1 64 dip 10.0.0.0/8 +add acl-rule condition 1 64 l4-dst-port 51218/0xffff +add acl-rule action 1 64 redirect 7214 + +create acl-rule 1 65 +add acl-rule condition 1 65 src-port 2 +add acl-rule condition 1 65 protocol 0x6/0xff +add acl-rule condition 1 65 sip 10.0.0.0/8 +add acl-rule condition 1 65 dip 10.0.0.0/8 +add acl-rule condition 1 65 l4-dst-port 51218/0xffff +add acl-rule action 1 65 redirect 7214 + +create acl-rule 1 66 +add acl-rule condition 1 66 src-port 3 +add acl-rule condition 1 66 protocol 0x6/0xff +add acl-rule condition 1 66 sip 10.0.0.0/8 +add acl-rule condition 1 66 dip 10.0.0.0/8 +add acl-rule condition 1 66 l4-dst-port 51218/0xffff +add acl-rule action 1 66 redirect 7214 + +create acl-rule 1 67 +add acl-rule condition 1 67 src-port 4 +add acl-rule condition 1 67 protocol 0x6/0xff +add acl-rule condition 1 67 sip 10.0.0.0/8 +add acl-rule condition 1 67 dip 10.0.0.0/8 +add acl-rule condition 1 67 l4-dst-port 51218/0xffff +add acl-rule action 1 67 redirect 7214 + +# Redirect all ICMPv6 link-scope packets +create acl-rule 1 70 +add acl-rule condition 1 70 src-port 1 +add acl-rule condition 1 70 frame-type ipv6 +add acl-rule condition 1 70 ttl 255 +add acl-rule action 1 70 redirect 7214 + +create acl-rule 1 71 +add acl-rule condition 1 71 src-port 2 +add acl-rule condition 1 71 frame-type ipv6 +add acl-rule condition 1 71 ttl 255 +add acl-rule action 1 71 redirect 7214 + +create acl-rule 1 72 +add acl-rule condition 1 72 src-port 3 +add acl-rule condition 1 72 frame-type ipv6 +add acl-rule condition 1 72 ttl 255 +add acl-rule action 1 72 redirect 7214 + +create acl-rule 1 73 +add acl-rule condition 1 73 src-port 4 +add acl-rule condition 1 73 frame-type ipv6 +add acl-rule condition 1 73 ttl 255 +add acl-rule action 1 73 redirect 7214 + +create acl-rule 1 74 +add acl-rule condition 1 74 src-port 1 +add acl-rule condition 1 74 frame-type ipv6 +add acl-rule condition 1 74 sip fc00::/7 +add acl-rule condition 1 74 dip fc00::/7 +add acl-rule action 1 74 redirect 7214 + +create acl-rule 1 75 +add acl-rule condition 1 75 src-port 2 +add acl-rule condition 1 75 frame-type ipv6 +add acl-rule condition 1 75 sip fc00::/7 +add acl-rule condition 1 75 dip fc00::/7 +add acl-rule action 1 75 redirect 7214 + +create acl-rule 1 76 +add acl-rule condition 1 76 src-port 3 +add acl-rule condition 1 76 frame-type ipv6 +add acl-rule condition 1 76 sip fc00::/7 +add acl-rule condition 1 76 dip fc00::/7 +add acl-rule action 1 76 redirect 7214 + +create acl-rule 1 77 +add acl-rule condition 1 77 src-port 4 +add acl-rule condition 1 77 frame-type ipv6 +add acl-rule condition 1 77 sip fc00::/7 +add acl-rule condition 1 77 dip fc00::/7 +add acl-rule action 1 77 redirect 7214 + +create acl-rule 1 80 +add acl-rule condition 1 80 src-glort 0x5801 +add acl-rule action 1 80 redirect 9293 + +create acl-rule 1 90 +add acl-rule condition 1 90 src-glort 0x5803 +add acl-rule condition 1 90 vlan 4000 +add acl-rule action 1 90 redirect 7220 +add acl-rule action 1 90 vlan 1 + +create acl-rule 1 91 +add acl-rule condition 1 91 src-glort 0x5803 +add acl-rule condition 1 91 vlan 4001 +add acl-rule action 1 91 redirect 7213 +add acl-rule action 1 91 vlan 1 + +create acl-rule 1 100 +add acl-rule condition 1 100 src-glort 0x5803 +add acl-rule action 1 100 redirect 9293 + +create acl-rule 1 101 +add acl-rule condition 1 101 src-port 1 +add acl-rule action 1 101 redirect 7216 +create acl-rule 1 102 +add acl-rule condition 1 102 src-port 2 +add acl-rule action 1 102 redirect 7216 +create acl-rule 1 103 +add acl-rule condition 1 103 src-port 3 +add acl-rule action 1 103 redirect 7216 +create acl-rule 1 104 +add acl-rule condition 1 104 src-port 4 +add acl-rule action 1 104 redirect 7216 + +create acl-rule 1 200 +add acl-rule condition 1 200 src-glort 0x5804 +add acl-rule action 1 200 redirect 6189 +create acl-rule 1 201 +add acl-rule condition 1 201 src-glort 0x5805 +add acl-rule action 1 201 redirect 5165 +create acl-rule 1 202 +add acl-rule condition 1 202 src-glort 0x5806 +add acl-rule action 1 202 redirect 4141 +create acl-rule 1 203 +add acl-rule condition 1 203 src-glort 0x5000 +add acl-rule action 1 203 redirect 7217 +create acl-rule 1 204 +add acl-rule condition 1 204 src-glort 0x4800 +add acl-rule action 1 204 redirect 7218 +create acl-rule 1 205 +add acl-rule condition 1 205 src-glort 0x4000 +add acl-rule action 1 205 redirect 7219 + +create acl-rule 1 301 +add acl-rule condition 1 301 src-glort 0x5807 +add acl-rule action 1 301 redirect 7216 +add acl-rule action 1 301 vlan 4000 + +create acl-rule 1 302 +add acl-rule condition 1 302 src-glort 0x5800 +add acl-rule action 1 302 redirect 7216 +add acl-rule action 1 302 vlan 4001 + +create acl-rule 1 401 +add acl-rule condition 1 401 src-glort 0x5001 +add acl-rule action 1 401 redirect 9325 +create acl-rule 1 402 +add acl-rule condition 1 402 src-glort 0x4801 +add acl-rule action 1 402 redirect 9325 +create acl-rule 1 403 +add acl-rule condition 1 403 src-glort 0x4001 +add acl-rule action 1 403 redirect 9325 + +apply acl +remote listen diff --git a/roles/tsg_master/files/tsg_master-debug-1.0.3.a4e2a7c-1.el7.centos.x86_64.rpm b/roles/tsg_master/files/tsg_master-debug-1.0.3.a4e2a7c-1.el7.centos.x86_64.rpm new file mode 100644 index 0000000..b81cfd6 Binary files /dev/null and b/roles/tsg_master/files/tsg_master-debug-1.0.3.a4e2a7c-1.el7.centos.x86_64.rpm differ diff --git a/roles/tsg_master/tasks/main.yml b/roles/tsg_master/tasks/main.yml new file mode 100644 index 0000000..5c57052 --- /dev/null +++ b/roles/tsg_master/tasks/main.yml @@ -0,0 +1,10 @@ +- name: "copy tsg_master rpm to destination server" + copy: + src: "{{ role_path }}/files/" + dest: /tmp/ansible_deploy/ + +- name: "install tsg_master from localhost" + yum: + name: + - /tmp/ansible_deploy/tsg_master-debug-1.0.3.a4e2a7c-1.el7.centos.x86_64.rpm + state: present