diff --git a/roles/clotho/templates/clotho.conf.j2 b/roles/clotho/templates/clotho.conf.j2 index b85c316..0638aa3 100644 --- a/roles/clotho/templates/clotho.conf.j2 +++ b/roles/clotho/templates/clotho.conf.j2 @@ -2,6 +2,10 @@ BROKER_LIST={{ log_kafkabrokers.address }} [SYSTEM] +{% if tsg_access_typ == 0 %} +NIC_NAME={{ tsg_tun_mode.ethname }} +{% else %} NIC_NAME={{ nic_mgr.name }} +{% endif %} LOG_LEVEL=10 LOG_PATH=log/clotho diff --git a/roles/firewall/files/dns-2.0.2.5effe72-2.el7.x86_64.rpm b/roles/firewall/files/dns-2.0.2.5effe72-2.el7.x86_64.rpm new file mode 100644 index 0000000..dcf47d0 Binary files /dev/null and b/roles/firewall/files/dns-2.0.2.5effe72-2.el7.x86_64.rpm differ diff --git a/roles/firewall/files/dns-debug-1.0.0.-1.el7.x86_64.rpm b/roles/firewall/files/dns-debug-1.0.0.-1.el7.x86_64.rpm deleted file mode 100644 index bc464cc..0000000 Binary files a/roles/firewall/files/dns-debug-1.0.0.-1.el7.x86_64.rpm and /dev/null differ diff --git a/roles/firewall/files/ftp-1.0.4.5d3a283-2.el7.x86_64.rpm b/roles/firewall/files/ftp-1.0.4.5d3a283-2.el7.x86_64.rpm new file mode 100644 index 0000000..e0f5a90 Binary files /dev/null and b/roles/firewall/files/ftp-1.0.4.5d3a283-2.el7.x86_64.rpm differ diff --git a/roles/firewall/files/ftp-debug-1.0.2.1cddd55-1.el7.centos.x86_64.rpm b/roles/firewall/files/ftp-debug-1.0.2.1cddd55-1.el7.centos.x86_64.rpm deleted file mode 100755 index 07696bb..0000000 Binary files a/roles/firewall/files/ftp-debug-1.0.2.1cddd55-1.el7.centos.x86_64.rpm and /dev/null differ diff --git a/roles/firewall/files/fw_ftp_plug-1.0.3.73372b5-2.el7.x86_64.rpm b/roles/firewall/files/fw_ftp_plug-1.0.3.73372b5-2.el7.x86_64.rpm new file mode 100644 index 0000000..056e182 Binary files /dev/null and b/roles/firewall/files/fw_ftp_plug-1.0.3.73372b5-2.el7.x86_64.rpm differ diff --git a/roles/firewall/files/fw_ftp_plug-debug-1.0.1.a5c1e05-1.el7.centos.x86_64.rpm b/roles/firewall/files/fw_ftp_plug-debug-1.0.1.a5c1e05-1.el7.centos.x86_64.rpm deleted file mode 100644 index de29362..0000000 Binary files a/roles/firewall/files/fw_ftp_plug-debug-1.0.1.a5c1e05-1.el7.centos.x86_64.rpm and /dev/null differ diff --git a/roles/firewall/files/fw_http_plug-1.0.14.2f3b011-2.el7.x86_64.rpm b/roles/firewall/files/fw_http_plug-1.0.14.2f3b011-2.el7.x86_64.rpm new file mode 100644 index 0000000..54bae55 Binary files /dev/null and b/roles/firewall/files/fw_http_plug-1.0.14.2f3b011-2.el7.x86_64.rpm differ diff --git a/roles/firewall/files/fw_http_plug-debug-1.0.0.-1.el7.x86_64.rpm b/roles/firewall/files/fw_http_plug-debug-1.0.0.-1.el7.x86_64.rpm deleted file mode 100755 index cf78897..0000000 Binary files a/roles/firewall/files/fw_http_plug-debug-1.0.0.-1.el7.x86_64.rpm and /dev/null differ diff --git a/roles/firewall/files/fw_mail_plug-1.0.4.03e1b53-2.el7.x86_64.rpm b/roles/firewall/files/fw_mail_plug-1.0.4.03e1b53-2.el7.x86_64.rpm new file mode 100644 index 0000000..93df525 Binary files /dev/null and b/roles/firewall/files/fw_mail_plug-1.0.4.03e1b53-2.el7.x86_64.rpm differ diff --git a/roles/firewall/files/fw_mail_plug-debug-1.0.0.-1.el7.x86_64.rpm b/roles/firewall/files/fw_mail_plug-debug-1.0.0.-1.el7.x86_64.rpm deleted file mode 100644 index d04d29e..0000000 Binary files a/roles/firewall/files/fw_mail_plug-debug-1.0.0.-1.el7.x86_64.rpm and /dev/null differ diff --git a/roles/firewall/files/fw_ssl_plug-1.0.0.-1.el7.x86_64.rpm b/roles/firewall/files/fw_ssl_plug-1.0.0.-1.el7.x86_64.rpm deleted file mode 100644 index 033b4d1..0000000 Binary files a/roles/firewall/files/fw_ssl_plug-1.0.0.-1.el7.x86_64.rpm and /dev/null differ diff --git a/roles/firewall/files/fw_ssl_plug-1.0.3.30fcf35-2.el7.x86_64.rpm b/roles/firewall/files/fw_ssl_plug-1.0.3.30fcf35-2.el7.x86_64.rpm new file mode 100644 index 0000000..3fffca4 Binary files /dev/null and b/roles/firewall/files/fw_ssl_plug-1.0.3.30fcf35-2.el7.x86_64.rpm differ diff --git a/roles/firewall/files/http-2.0.1.e8f12ee-2.el7.x86_64.rpm b/roles/firewall/files/http-2.0.1.e8f12ee-2.el7.x86_64.rpm new file mode 100644 index 0000000..5d10ae6 Binary files /dev/null and b/roles/firewall/files/http-2.0.1.e8f12ee-2.el7.x86_64.rpm differ diff --git a/roles/firewall/files/http-debug-1.0.0.-1.el7.x86_64.rpm b/roles/firewall/files/http-debug-1.0.0.-1.el7.x86_64.rpm deleted file mode 100644 index 0c5dd35..0000000 Binary files a/roles/firewall/files/http-debug-1.0.0.-1.el7.x86_64.rpm and /dev/null differ diff --git a/roles/firewall/files/mail-1.0.3.cbc6034-2.el7.x86_64.rpm b/roles/firewall/files/mail-1.0.3.cbc6034-2.el7.x86_64.rpm new file mode 100644 index 0000000..f24a0ac Binary files /dev/null and b/roles/firewall/files/mail-1.0.3.cbc6034-2.el7.x86_64.rpm differ diff --git a/roles/firewall/files/mail-debug-1.0.0.-1.el7.x86_64.rpm b/roles/firewall/files/mail-debug-1.0.0.-1.el7.x86_64.rpm deleted file mode 100644 index 44b1dea..0000000 Binary files a/roles/firewall/files/mail-debug-1.0.0.-1.el7.x86_64.rpm and /dev/null differ diff --git a/roles/firewall/files/ssl-1.0.0.73e5273-2.el7.x86_64.rpm b/roles/firewall/files/ssl-1.0.0.73e5273-2.el7.x86_64.rpm new file mode 100644 index 0000000..6d0a2b4 Binary files /dev/null and b/roles/firewall/files/ssl-1.0.0.73e5273-2.el7.x86_64.rpm differ diff --git a/roles/firewall/files/ssl-debug-1.0.0.-1.el7.x86_64.rpm b/roles/firewall/files/ssl-debug-1.0.0.-1.el7.x86_64.rpm deleted file mode 100644 index 82d11ad..0000000 Binary files a/roles/firewall/files/ssl-debug-1.0.0.-1.el7.x86_64.rpm and /dev/null differ diff --git a/roles/firewall/tasks/main.yml b/roles/firewall/tasks/main.yml index b5ff6bc..f4a6b39 100644 --- a/roles/firewall/tasks/main.yml +++ b/roles/firewall/tasks/main.yml @@ -10,17 +10,17 @@ state: present vars: fw_packages: - - /tmp/ansible_deploy/dns-debug-1.0.0.-1.el7.x86_64.rpm - - /tmp/ansible_deploy/ftp-debug-1.0.2.1cddd55-1.el7.centos.x86_64.rpm - - /tmp/ansible_deploy/http-debug-1.0.0.-1.el7.x86_64.rpm - - /tmp/ansible_deploy/mail-debug-1.0.0.-1.el7.x86_64.rpm - - /tmp/ansible_deploy/ssl-debug-1.0.0.-1.el7.x86_64.rpm + - /tmp/ansible_deploy/dns-2.0.2.5effe72-2.el7.x86_64.rpm + - /tmp/ansible_deploy/ftp-1.0.4.5d3a283-2.el7.x86_64.rpm + - /tmp/ansible_deploy/http-2.0.1.e8f12ee-2.el7.x86_64.rpm + - /tmp/ansible_deploy/mail-1.0.3.cbc6034-2.el7.x86_64.rpm + - /tmp/ansible_deploy/ssl-1.0.0.73e5273-2.el7.x86_64.rpm - /tmp/ansible_deploy/tsg_conn_record-1.0.0.2155660-1.el7.centos.x86_64.rpm - /tmp/ansible_deploy/fw_dns_plug-debug-1.0.3.ea8e0f6-1.el7.centos.x86_64.rpm - - /tmp/ansible_deploy/fw_ftp_plug-debug-1.0.1.a5c1e05-1.el7.centos.x86_64.rpm - - /tmp/ansible_deploy/fw_ssl_plug-1.0.0.-1.el7.x86_64.rpm - - /tmp/ansible_deploy/fw_mail_plug-debug-1.0.0.-1.el7.x86_64.rpm - - /tmp/ansible_deploy/fw_http_plug-debug-1.0.0.-1.el7.x86_64.rpm + - /tmp/ansible_deploy/fw_ftp_plug-1.0.3.73372b5-2.el7.x86_64.rpm + - /tmp/ansible_deploy/fw_ssl_plug-1.0.3.30fcf35-2.el7.x86_64.rpm + - /tmp/ansible_deploy/fw_mail_plug-1.0.4.03e1b53-2.el7.x86_64.rpm + - /tmp/ansible_deploy/fw_http_plug-1.0.14.2f3b011-2.el7.x86_64.rpm - /tmp/ansible_deploy/capture_packet_plug-debug-1.0.0.-1.el7.x86_64.rpm - /tmp/ansible_deploy/clotho-debug-1.0.0.-1.el7.x86_64.rpm diff --git a/roles/firewall/templates/capture_packet_plug.conf.j2 b/roles/firewall/templates/capture_packet_plug.conf.j2 index aa9e6c5..aefa19f 100644 --- a/roles/firewall/templates/capture_packet_plug.conf.j2 +++ b/roles/firewall/templates/capture_packet_plug.conf.j2 @@ -15,7 +15,11 @@ INC_CFG_DIR=capture_packet_rule/inc/index/ FULL_CFG_DIR=capture_packet_rule/full/index/ [LOG] +{% if tsg_access_type == 0 %} +NIC_NAME={{ tsg_tun_mode.ethname }} +{% else %} NIC_NAME={{ nic_mgr.name }} +{% endif %} BROKER_LIST={{ log_kafkabrokers.address }} FIELD_FILE=conf/capture_packet_log_field.conf diff --git a/roles/firewall/templates/main.conf.j2 b/roles/firewall/templates/main.conf.j2 index 87f561c..4538399 100644 --- a/roles/firewall/templates/main.conf.j2 +++ b/roles/firewall/templates/main.conf.j2 @@ -24,7 +24,11 @@ IP_ADDR_TABLE=TSG_SECURITY_ADDR [TSG_LOG] MODE=1 +{% if tsg_access_type == 0 %} +NIC_NAME={{ tsg_tun_mode.ethname }} +{% else %} NIC_NAME={{ nic_mgr.name }} +{% endif %} MAX_SERVICE=1 LOG_LEVEL=10 LOG_PATH=./tsglog/tsglog diff --git a/roles/framework/files/framework-debug-2.0.17.1e678c4-1.el7.centos.x86_64.rpm b/roles/framework/files/framework-debug-2.0.17.1e678c4-1.el7.centos.x86_64.rpm deleted file mode 100755 index ec80489..0000000 Binary files a/roles/framework/files/framework-debug-2.0.17.1e678c4-1.el7.centos.x86_64.rpm and /dev/null differ diff --git a/roles/framework/files/libMESA_field_stat-1.0.1.852c2df-1.el7.x86_64.rpm b/roles/framework/files/libMESA_field_stat-1.0.1.852c2df-1.el7.x86_64.rpm new file mode 100644 index 0000000..7075af8 Binary files /dev/null and b/roles/framework/files/libMESA_field_stat-1.0.1.852c2df-1.el7.x86_64.rpm differ diff --git a/roles/framework/files/libMESA_field_stat2-2.8.6.c183ed6-1.el7.x86_64.rpm b/roles/framework/files/libMESA_field_stat2-2.8.6.c183ed6-1.el7.x86_64.rpm new file mode 100644 index 0000000..019ef51 Binary files /dev/null and b/roles/framework/files/libMESA_field_stat2-2.8.6.c183ed6-1.el7.x86_64.rpm differ diff --git a/roles/framework/files/libMESA_handle_logger-1.0.8.bd5f0ac-1.el7.x86_64.rpm b/roles/framework/files/libMESA_handle_logger-1.0.8.bd5f0ac-1.el7.x86_64.rpm new file mode 100644 index 0000000..d619e6c Binary files /dev/null and b/roles/framework/files/libMESA_handle_logger-1.0.8.bd5f0ac-1.el7.x86_64.rpm differ diff --git a/roles/framework/files/libMESA_htable-3.10.11.6275308-1.el7.x86_64.rpm b/roles/framework/files/libMESA_htable-3.10.11.6275308-1.el7.x86_64.rpm new file mode 100644 index 0000000..be1eef3 Binary files /dev/null and b/roles/framework/files/libMESA_htable-3.10.11.6275308-1.el7.x86_64.rpm differ diff --git a/roles/framework/files/libMESA_prof_load-1.0.5.bf755de-1.el7.x86_64.rpm b/roles/framework/files/libMESA_prof_load-1.0.5.bf755de-1.el7.x86_64.rpm new file mode 100644 index 0000000..30cf381 Binary files /dev/null and b/roles/framework/files/libMESA_prof_load-1.0.5.bf755de-1.el7.x86_64.rpm differ diff --git a/roles/framework/files/libWiredLB-2.0.3.c7d131b-1.el7.x86_64.rpm b/roles/framework/files/libWiredLB-2.0.3.c7d131b-1.el7.x86_64.rpm new file mode 100644 index 0000000..5218635 Binary files /dev/null and b/roles/framework/files/libWiredLB-2.0.3.c7d131b-1.el7.x86_64.rpm differ diff --git a/roles/framework/files/libcjson-1.7.8.542ad7f-1.el7.x86_64.rpm b/roles/framework/files/libcjson-1.7.8.542ad7f-1.el7.x86_64.rpm new file mode 100644 index 0000000..005d21f Binary files /dev/null and b/roles/framework/files/libcjson-1.7.8.542ad7f-1.el7.x86_64.rpm differ diff --git a/roles/framework/files/libdocumentanalyze-2.0.4.efdfc29-1.el7.x86_64.rpm b/roles/framework/files/libdocumentanalyze-2.0.4.efdfc29-1.el7.x86_64.rpm new file mode 100644 index 0000000..d5fc04d Binary files /dev/null and b/roles/framework/files/libdocumentanalyze-2.0.4.efdfc29-1.el7.x86_64.rpm differ diff --git a/roles/framework/files/libmaatframe-2.8.0.5a450d2-1.el7.x86_64.rpm b/roles/framework/files/libmaatframe-2.8.0.5a450d2-1.el7.x86_64.rpm deleted file mode 100644 index 372f30d..0000000 Binary files a/roles/framework/files/libmaatframe-2.8.0.5a450d2-1.el7.x86_64.rpm and /dev/null differ diff --git a/roles/framework/files/libmaatframe-2.8.1.8729ebf-2.el7.x86_64.rpm b/roles/framework/files/libmaatframe-2.8.1.8729ebf-2.el7.x86_64.rpm new file mode 100644 index 0000000..6a1f74f Binary files /dev/null and b/roles/framework/files/libmaatframe-2.8.1.8729ebf-2.el7.x86_64.rpm differ diff --git a/roles/framework/files/librulescan-2.1.7.c27f70d-1.el7.x86_64.rpm b/roles/framework/files/librulescan-2.1.7.c27f70d-1.el7.x86_64.rpm new file mode 100644 index 0000000..21fe4cb Binary files /dev/null and b/roles/framework/files/librulescan-2.1.7.c27f70d-1.el7.x86_64.rpm differ diff --git a/roles/framework/files/libwiredcfg-2.0.2.7ce1eea-1.el7.x86_64.rpm b/roles/framework/files/libwiredcfg-2.0.2.7ce1eea-1.el7.x86_64.rpm new file mode 100644 index 0000000..db703cc Binary files /dev/null and b/roles/framework/files/libwiredcfg-2.0.2.7ce1eea-1.el7.x86_64.rpm differ diff --git a/roles/framework/tasks/main.yml b/roles/framework/tasks/main.yml index bb42da9..5617b6b 100644 --- a/roles/framework/tasks/main.yml +++ b/roles/framework/tasks/main.yml @@ -9,7 +9,26 @@ state: present vars: packages: - - /tmp/ansible_deploy/framework-debug-2.0.17.1e678c4-1.el7.centos.x86_64.rpm + - /tmp/ansible_deploy/libMESA_field_stat-1.0.1.852c2df-1.el7.x86_64.rpm + - /tmp/ansible_deploy/libMESA_field_stat2-2.8.6.c183ed6-1.el7.x86_64.rpm + - /tmp/ansible_deploy/libMESA_handle_logger-1.0.8.bd5f0ac-1.el7.x86_64.rpm + - /tmp/ansible_deploy/libMESA_htable-3.10.11.6275308-1.el7.x86_64.rpm + - /tmp/ansible_deploy/libMESA_prof_load-1.0.5.bf755de-1.el7.x86_64.rpm + - /tmp/ansible_deploy/libWiredLB-2.0.3.c7d131b-1.el7.x86_64.rpm + - /tmp/ansible_deploy/libcjson-1.7.8.542ad7f-1.el7.x86_64.rpm + - /tmp/ansible_deploy/libdocumentanalyze-2.0.4.efdfc29-1.el7.x86_64.rpm + - /tmp/ansible_deploy/libmaatframe-2.8.1.8729ebf-2.el7.x86_64.rpm + - /tmp/ansible_deploy/librulescan-2.1.7.c27f70d-1.el7.x86_64.rpm + - /tmp/ansible_deploy/libwiredcfg-2.0.2.7ce1eea-1.el7.x86_64.rpm + +- name: "mkdir /etc/ld.so.conf.d/" + file: + path: /etc/ld.so.conf.d/ + state: directory + +- name: "copy framework.conf to destination server" + copy: "{{ role_path }}/files/framework.conf" + dest: /etc/ld.so.conf.d/ - name: "update ld" command: ldconfig diff --git a/roles/kni/templates/kni.conf.j2 b/roles/kni/templates/kni.conf.j2 index 680d767..9d0ba36 100644 --- a/roles/kni/templates/kni.conf.j2 +++ b/roles/kni/templates/kni.conf.j2 @@ -2,7 +2,11 @@ log_path = ./log/kni/kni.log log_level = {{ kni.global.log_level }} tfe_node_count = {{ kni.global.tfe_node_count }} +{% if tsg_access_type == 0 %} +manage_eth = {{ tsg_tun_mode.ethname }} +{% else %} manage_eth = {{ nic_mgr.name }} +{% endif %} {% if tsg_access_type == 0 %} deploy_mode = tun {% else %} @@ -30,12 +34,20 @@ ip_addr = 192.168.100.4 {% endif %} [tfe_cmsg_receiver] +{% if tsg_access_type == 0 %} +listen_eth = {{ tsg_tun_mode.tun_name }} +{% else %} listen_eth = {{ nic_inner_ctrl.name }} +{% endif %} listen_port = 2475 [watch_dog] switch = {{ kni.watch_dog.switch }} +{% if tsg_access_type == 0 %} +listen_eth = {{ tsg_tun_mode.tun_name }} +{% else %} listen_eth = {{ nic_inner_ctrl.name }} +{% endif %} listen_port = 2476 keepalive_idle = 2 keepalive_intvl = 1 diff --git a/roles/mrzcpd/files/mrzcpd-4.3.18.f543325-1.el7.x86_64.rpm b/roles/mrzcpd/files/mrzcpd-4.3.19.f936069-1.el7.x86_64.rpm old mode 100644 new mode 100755 similarity index 83% rename from roles/mrzcpd/files/mrzcpd-4.3.18.f543325-1.el7.x86_64.rpm rename to roles/mrzcpd/files/mrzcpd-4.3.19.f936069-1.el7.x86_64.rpm index 3c91957..723306d Binary files a/roles/mrzcpd/files/mrzcpd-4.3.18.f543325-1.el7.x86_64.rpm and b/roles/mrzcpd/files/mrzcpd-4.3.19.f936069-1.el7.x86_64.rpm differ diff --git a/roles/mrzcpd/tasks/main.yml b/roles/mrzcpd/tasks/main.yml index 6fb1448..4b6e626 100644 --- a/roles/mrzcpd/tasks/main.yml +++ b/roles/mrzcpd/tasks/main.yml @@ -6,7 +6,7 @@ - name: "install mrzcpd" yum: - name: /tmp/ansible_deploy/mrzcpd-4.3.18.f543325-1.el7.x86_64.rpm + name: /tmp/ansible_deploy/mrzcpd-4.3.19.f936069-1.el7.x86_64.rpm state: present - name: "update sysconfig/mrzcpd" @@ -20,6 +20,15 @@ dest: /opt/mrzcpd/etc/mrglobal.conf when: nic_traffic_mirror is defined + +- name: "update mrglobal.conf.tun_mode - tun_server" + template: + src: "{{ role_path }}/templates/mrglobal.conf.tun_mode.j2" + dest: /opt/mrzcpd/etc/mrglobal.conf + when: + - nic_traffic_mirror is not defined + - tsg_access_type == 0 + - name: "update mrglobal.conf.inline - blade00" template: src: "{{ role_path }}/templates/mrglobal.conf.inline.j2" @@ -36,6 +45,14 @@ - nic_traffic_mirror is not defined - tsg_access_type == 2 +- name: "update mrglobal.conf.allot - blade00" + template: + src: "{{ role_path }}/templates/mrglobal.conf.adc_tun_mode.j2" + dest: /opt/mrzcpd/etc/mrglobal.conf + when: + - nic_traffic_mirror is not defined + - tsg_access_type == 3 + - name: "update mrtunnat.conf.inline - blade00" template: src: "{{ role_path }}/templates/mrtunnat.conf.inline.j2" @@ -52,6 +69,14 @@ - nic_traffic_mirror is not defined - tsg_access_type == 2 +- name: "update mrtunnat.conf.allot_access - blade00" + template: + src: "{{ role_path }}/templates/mrtunnat.conf.adc_tun_mode.j2" + dest: /opt/mrzcpd/etc/mrtunnat.conf + when: + - nic_traffic_mirror is not defined + - tsg_access_type == 3 + - name: "enable mrenv" systemd: name: mrenv @@ -61,19 +86,19 @@ - name: "enable mrzcpd" systemd: name: mrzcpd - enabled: 1 + enabled: yes daemon_reload: yes - name: "enable mrtunnat on master" systemd: name: mrtunnat - enabled: 1 + enabled: yes daemon_reload: yes when: nic_traffic_mirror is not defined - name: "disable mrtunnat on slave" systemd: name: mrtunnat - enabled: 0 + enabled: no daemon_reload: yes when: nic_traffic_mirror is defined diff --git a/roles/mrzcpd/templates/mrglobal.conf.adc_tun_mode.j2 b/roles/mrzcpd/templates/mrglobal.conf.adc_tun_mode.j2 new file mode 100644 index 0000000..fc9600d --- /dev/null +++ b/roles/mrzcpd/templates/mrglobal.conf.adc_tun_mode.j2 @@ -0,0 +1,67 @@ +[device] +device={{nic_data_incoming.name}},{{nic_to_tfe.tfe0.name}},{{nic_to_tfe.tfe1.name}},{{nic_to_tfe.tfe2.name}},vxlan_user,vxlan_fwd +sz_tunnel=8192 +sz_buffer=0 + +[device:{{nic_data_incoming.name}}] +jumbo_frame=1 +max_rx_pkt_len=15360 +clear_tx_flags=1 +vlan-filter=1 +vlan-id-allow=1000,1001,2000,2001,4000,4001 +#vlan-pvid=0 +#vlan-pvid-mode=0 + +[device:{{nic_to_tfe.tfe0.name}}] +jumbo_frame=1 +max_rx_pkt_len=15360 +clear_tx_flags=1 +promisc=1 + +[device:{{nic_to_tfe.tfe1.name}}] +jumbo_frame=1 +max_rx_pkt_len=15360 +clear_tx_flags=1 +promisc=1 + +[device:{{nic_to_tfe.tfe2.name}}] +jumbo_frame=1 +max_rx_pkt_len=15360 +clear_tx_flags=1 +promisc=1 + +[service] +# lcore id for i/o service, use comma to split +iocore={{ mrzcpd.iocore }} +distmode=2 +hashmode=0 + +[eal] +virtaddr=0x7f40c4a00000 +loglevel=7 + +[keepalive] +check_spinlock=0 + +[ctrlzone] +ctrlzone0=tunnat,64 + +[pool] +create_mode=3 +sz_direct_pktmbuf=4194304 +sz_indirect_pktmbuf=8192 +sz_cache=256 +sz_data=4096 + +[forward] +nr_forward_rule=10 +forward_rule_0=pv,{{nic_data_incoming.name}},{{nic_data_incoming.name}} +forward_rule_1=vp,{{nic_data_incoming.name}},{{nic_data_incoming.name}} +forward_rule_2=vv,vxlan_fwd,vxlan_user +forward_rule_3=vv,vxlan_user,vxlan_fwd +forward_rule_4=pv,{{nic_to_tfe.tfe0.name}},{{nic_to_tfe.tfe0.name}} +forward_rule_5=vp,{{nic_to_tfe.tfe0.name}},{{nic_to_tfe.tfe0.name}} +forward_rule_6=pv,{{nic_to_tfe.tfe1.name}},{{nic_to_tfe.tfe1.name}} +forward_rule_7=vp,{{nic_to_tfe.tfe1.name}},{{nic_to_tfe.tfe1.name}} +forward_rule_8=pv,{{nic_to_tfe.tfe2.name}},{{nic_to_tfe.tfe2.name}} +forward_rule_9=vp,{{nic_to_tfe.tfe2.name}},{{nic_to_tfe.tfe2.name}} diff --git a/roles/mrzcpd/templates/mrglobal.conf.inline.j2 b/roles/mrzcpd/templates/mrglobal.conf.inline.j2 index 5d5862b..fb4aa35 100644 --- a/roles/mrzcpd/templates/mrglobal.conf.inline.j2 +++ b/roles/mrzcpd/templates/mrglobal.conf.inline.j2 @@ -4,29 +4,16 @@ sz_tunnel=8192 sz_buffer=0 [device:{{nic_data_incoming.name}}] -{% if nic_data_incoming.ip is defined %} in_addr={{nic_data_incoming.ip}} -{% endif %} -{% if nic_data_incoming.mask is defined %} in_mask={{nic_data_incoming.mask}} -{% endif %} -{% if nic_data_incoming.gw is defined %} gateway={{nic_data_incoming.gw}} -{% endif %} jumbo_frame=1 max_rx_pkt_len=15360 clear_tx_flags=1 -{% if nic_data_incoming.ip is defined %} #vlan-filter=1 -#vlan-id-allow=3811,3812,3813,3814,3821,3822,3823,3824,3831,3832,3833,3834,3841,3842,3843,3844 +#vlan-id-allow=1301,1302,2301,2302,1501,1502,2501,2502,1601,1602,2601,2602,1701,1702,2701,2702,1801,1802,2801,2802,1901,1902,2901,2902 #vlan-pvid=0 #vlan-pvid-mode=0 -{% else %} -vlan-filter=0 -vlan-id-allow=3811,3812,3813,3814,3821,3822,3823,3824,3831,3832,3833,3834,3841,3842,3843,3844 -vlan-pvid=0 -vlan-pvid-mode=0 -{% endif %} [device:{{nic_to_tfe.tfe0.name}}] jumbo_frame=1 diff --git a/roles/mrzcpd/templates/mrglobal.conf.tun_mode.j2 b/roles/mrzcpd/templates/mrglobal.conf.tun_mode.j2 new file mode 100644 index 0000000..af2d528 --- /dev/null +++ b/roles/mrzcpd/templates/mrglobal.conf.tun_mode.j2 @@ -0,0 +1,28 @@ +[device] +device=fake +sz_tunnel=8192 +sz_buffer=0 + +[device:lo] +jumbo_frame=1 +max_rx_pkt_len=15360 +clear_tx_flags=1 +promisc=1 + +[service] +iocore={{ mrzcpd.iocore }} + +[eal] +virtaddr=0x7d0000000000 +loglevel=7 + +[keepalive] +check_spinlock=1 + +[pool] +create_mode=3 +sz_direct_pktmbuf=4194304 +sz_indirect_pktmbuf=8192 +sz_cache=256 +sz_data=4096 + diff --git a/roles/mrzcpd/templates/mrtunnat.conf.adc_tun_mode.j2 b/roles/mrzcpd/templates/mrtunnat.conf.adc_tun_mode.j2 new file mode 100644 index 0000000..29d8310 --- /dev/null +++ b/roles/mrzcpd/templates/mrtunnat.conf.adc_tun_mode.j2 @@ -0,0 +1,24 @@ +[tunnat] +lcore_id={{ mrtunnat.lcore_id }} +appsym=tunnat +phydev={{nic_data_incoming.name}} +virtdev=vxlan_fwd +nr_max_sessions=524280 +nr_slots=1048576 +expire_time=60 +reverse_tunnel=0 +use_recent_tunnel=0 +use_tuple4_as_sskey=1 +ctrlzone_addr_info_type=2 + +[vlan_flipping] +enable=1 +c_router_vlan_id_0=4000 +i_router_vlan_id_0=4001 +en_mac_flipping_0=0 +c_router_vlan_id_1=1000 +i_router_vlan_id_1=1001 +en_mac_flipping_1=0 +c_router_vlan_id_2=2000 +i_router_vlan_id_2=2001 +en_mac_flipping_2=0 diff --git a/roles/sapp/files/sapp-4.0.12.f8435d8-x86_64.rpm b/roles/sapp/files/sapp-4.0.12.f8435d8-x86_64.rpm new file mode 100644 index 0000000..aad4d1e Binary files /dev/null and b/roles/sapp/files/sapp-4.0.12.f8435d8-x86_64.rpm differ diff --git a/roles/sapp/files/sapp-4.0.8.fb5bce9-1.el7.x86_64.rpm b/roles/sapp/files/sapp-4.0.8.fb5bce9-1.el7.x86_64.rpm deleted file mode 100644 index 712cb9d..0000000 Binary files a/roles/sapp/files/sapp-4.0.8.fb5bce9-1.el7.x86_64.rpm and /dev/null differ diff --git a/roles/sapp/files/tsg_master-1.0.6.7c22c8d-2.el7.x86_64.rpm b/roles/sapp/files/tsg_master-1.0.6.7c22c8d-2.el7.x86_64.rpm new file mode 100644 index 0000000..27d8e69 Binary files /dev/null and b/roles/sapp/files/tsg_master-1.0.6.7c22c8d-2.el7.x86_64.rpm differ diff --git a/roles/sapp/files/tsg_master-debug-1.0.0.-1.el7.x86_64.rpm b/roles/sapp/files/tsg_master-debug-1.0.0.-1.el7.x86_64.rpm deleted file mode 100644 index 9d334b7..0000000 Binary files a/roles/sapp/files/tsg_master-debug-1.0.0.-1.el7.x86_64.rpm and /dev/null differ diff --git a/roles/sapp/tasks/main.yml b/roles/sapp/tasks/main.yml index a5d19f2..edbdf8c 100644 --- a/roles/sapp/tasks/main.yml +++ b/roles/sapp/tasks/main.yml @@ -7,8 +7,7 @@ - name: "install sapp rpms from localhost" yum: name: - # - /tmp/ansible_deploy/sapp-4.0.11.347f7b7-x86_64.rpm - - /tmp/ansible_deploy/tsg_master-debug-1.0.0.-1.el7.x86_64.rpm + - /tmp/ansible_deploy/tsg_master-1.0.6.7c22c8d-2.el7.x86_64.rpm state: present - name: "judge sapp" @@ -17,7 +16,7 @@ ignore_errors: true - name: "install sapp rpms from localhost" - shell: cd /tmp/ansible_deploy;rpm -ivh sapp-4.0.8.fb5bce9-1.el7.x86_64.rpm + shell: cd /tmp/ansible_deploy;rpm -ivh sapp-4.0.12.f8435d8-x86_64.rpm when: return.rc != 0 - name: make dir diff --git a/roles/sapp/templates/sapp.toml.j2 b/roles/sapp/templates/sapp.toml.j2 index b65494d..028ad13 100644 --- a/roles/sapp/templates/sapp.toml.j2 +++ b/roles/sapp/templates/sapp.toml.j2 @@ -27,7 +27,7 @@ BSD_packet_filter="" ### note, depolyment.mode options: [mirror, inline, transparent] [packet_io.depolyment] - {% if nic_transparent_mode.enable == 1 %} + {% if tsg_access_type == 0 %} mode=transparent {% else %} mode=inline @@ -35,18 +35,18 @@ BSD_packet_filter="" ### note, interface.type options: [pag,pcap,marsio] [packet_io.internal.interface] - {% if nic_transparent_mode.enable == 1 %} - type={{nic_transparent_mode.mode}} - name={{nic_transparent_mode.internel_interface}} + {% if tsg_access_type == 0 %} + type=pcap + name={{tsg_tun_mode.internel_interface}} {% else %} type=marsio name=vxlan_user {% endif %} [packet_io.external.interface] - {% if nic_transparent_mode.enable %} - type={{nic_transparent_mode.mode}} - name={{nic_transparent_mode.external_interface}} + {% if tsg_access_type == 0 %} + type=pcap + name={{tsg_tun_mode.external_interface}} {% else %} type=pcap name=lo diff --git a/roles/tfe/files/tfe-4.3.1.202004291711100800.374930d-1.el7.x86_64.rpm b/roles/tfe/files/tfe-4.3.1.202004291711100800.374930d-1.el7.x86_64.rpm deleted file mode 100755 index 065549f..0000000 Binary files a/roles/tfe/files/tfe-4.3.1.202004291711100800.374930d-1.el7.x86_64.rpm and /dev/null differ diff --git a/roles/tfe/files/tfe-4.3.2.374930d-1.el7.x86_64.rpm b/roles/tfe/files/tfe-4.3.2.374930d-1.el7.x86_64.rpm new file mode 100755 index 0000000..fbf2b90 Binary files /dev/null and b/roles/tfe/files/tfe-4.3.2.374930d-1.el7.x86_64.rpm differ diff --git a/roles/tfe/tasks/main.yml b/roles/tfe/tasks/main.yml index 485abbc..9b0552b 100644 --- a/roles/tfe/tasks/main.yml +++ b/roles/tfe/tasks/main.yml @@ -8,7 +8,7 @@ yum: name: - /tmp/ansible_deploy/tfe-kmod-v1.0.5.20200408-1dkms.noarch.rpm - - /tmp/ansible_deploy/tfe-4.3.1.202004291711100800.374930d-1.el7.x86_64.rpm + - /tmp/ansible_deploy/tfe-4.3.2.374930d-1.el7.x86_64.rpm state: present - name: "template tfe-env config" diff --git a/roles/tfe/templates/pangu_pxy.conf.j2 b/roles/tfe/templates/pangu_pxy.conf.j2 index 46aa3c1..35730c0 100644 --- a/roles/tfe/templates/pangu_pxy.conf.j2 +++ b/roles/tfe/templates/pangu_pxy.conf.j2 @@ -2,7 +2,11 @@ log_level=30 [log] -nic_name= {{ nic_mgr.name }} +{% if tsg_access_type == 0 %} +nic_name={{ tsg_tun_mode.ethname }} +{% else %} +nic_name={{ nic_mgr.name }} +{% endif %} entrance_id=0 kafka_brokerlist= {{ log_kafkabrokers.address }} kafka_topic=PROXY-EVENT-LOG diff --git a/roles/tfe/templates/tfe-env-config.j2 b/roles/tfe/templates/tfe-env-config.j2 index 2874c27..edc4dd0 100644 --- a/roles/tfe/templates/tfe-env-config.j2 +++ b/roles/tfe/templates/tfe-env-config.j2 @@ -1,11 +1,14 @@ - -TFE_DEVICE_DATA_INCOMING={{nic_data_incoming.name}} +{% if tsg_access_type == 0 %} +TFE_DEVICE_DATA_INCOMING={{ tsg_tun_mode.tun_name }} +{% else %} +TFE_DEVICE_DATA_INCOMING={{ nic_data_incoming.name }} +{% endif %} TFE_LOCAL_MAC_DATA_INCOMING=fe:65:b7:03:50:bd TFE_PEER_MAC_DATA_INCOMING=aa:bb:cc:dd:ee:ff TFE_LOCAL_IP_DATA_INCOMING=172.16.241.2 TFE_PEER_IP_DATA_INCOMING=172.16.241.1 {% if tsg_access_type == 0 %} -TFE_WATCHDOG_DEVICE={{ nic_inner_ctrl.name }} +TFE_WATCHDOG_DEVICE={{ tsg_tun_mode.tun_name }} TFE_WATCHDOG_IP=192.168.100.1 {% endif %} diff --git a/roles/tfe/templates/tfe.conf.j2 b/roles/tfe/templates/tfe.conf.j2 index a8ebffd..62d2fd4 100644 --- a/roles/tfe/templates/tfe.conf.j2 +++ b/roles/tfe/templates/tfe.conf.j2 @@ -4,6 +4,7 @@ enable_breakpad=1 enable_breakpad_upload=0 breakpad_minidump_dir=/run/tfe/crashreport/ breakpad_upload_url=http://127.0.0.1:9000/ +disable_coredump=0 [kni] ip=192.168.100.1 @@ -30,7 +31,11 @@ service_cache_expire_seconds=600 # default 0 mc_cache_enable=1 # default eth0 +{% if tsg_access_type == 0 %} +mc_cache_eth={{ tsg_tun_mode.tun_name }} +{% else %} mc_cache_eth={{ nic_inner_ctrl.name }} +{% endif %} # default NULL mc_cache_broker_list={{ log_kafkabrokers.address }} # default PXY-EXCH-INTERMEDIA-CERT diff --git a/roles/tsg-env-tun-mode/templates/setup.j2 b/roles/tsg-env-tun-mode/templates/setup.j2 index 5b88ab0..0d26092 100644 --- a/roles/tsg-env-tun-mode/templates/setup.j2 +++ b/roles/tsg-env-tun-mode/templates/setup.j2 @@ -1,11 +1,11 @@ #!/bin/bash modprobe 8021q -vconfig add {{ nic_mgr.name }} 100 -vconfig set_flag {{ nic_mgr.name }}.100 1 1 -ifconfig {{ nic_mgr.name }}.100 192.168.100.1 netmask 255.255.255.0 up -ethtool -K {{ nic_transparent_mode.internel_interface }} tso off -ethtool -K {{ nic_transparent_mode.internel_interface }} gso off -ethtool -K {{ nic_transparent_mode.internel_interface }} gro off -ethtool -K {{ nic_transparent_mode.externel_interface }} tso off -ethtool -K {{ nic_transparent_mode.externel_interface }} gso off -ethtool -K {{ nic_transparent_mode.externel_interface }} gro off +vconfig add {{ tsg_tun_mode.ethname }} 100 +vconfig set_flag {{ tsg_tun_mode.ethname }}.100 1 1 +ifconfig {{ tsg_tun_mode.ethname }}.100 192.168.100.1 netmask 255.255.255.0 up +ethtool -K {{ tsg_tun_mode.internel_interface }} tso off +ethtool -K {{ tsg_tun_mode.internel_interface }} gso off +ethtool -K {{ tsg_tun_mode.internel_interface }} gro off +ethtool -K {{ tsg_tun_mode.externel_interface }} tso off +ethtool -K {{ tsg_tun_mode.externel_interface }} gso off +ethtool -K {{ tsg_tun_mode.externel_interface }} gro off diff --git a/roles/tsg-env-tun-mode/templates/tsg-env_stop.j2 b/roles/tsg-env-tun-mode/templates/tsg-env_stop.j2 index 1ab740b..9976a0a 100644 --- a/roles/tsg-env-tun-mode/templates/tsg-env_stop.j2 +++ b/roles/tsg-env-tun-mode/templates/tsg-env_stop.j2 @@ -1,5 +1,5 @@ #!/bin/bash # echo 0 >/sys/class/net/ens1/device/sriov_numvfs -ifconfig {{ nic_mgr.name }}.100 down -vconfig rem {{ nic_mgr.name }}.100 +ifconfig {{ tsg_tun_mode.ethname }}.100 down +vconfig rem {{ tsg_tun_mode.ethname }}.100