update

2、同步修改deploy.yml
3、为tsgconf/main.conf增加一个kafka的动态配置
4、修改tfe.conf中mc_default_eth的动态配置变量
5、原certstore中的r2、r3文件含有dos字符，修复该问题

.gitignore

@@ -1,2 +0,0 @@
-.vscode
-*.retry

adc_inline_device_access/group_vars/all.yml

@@ -1,75 +0,0 @@
-maat_redis_server:
-    address: "192.168.41.206"
-    port: 7002
-    db: 0
-
-dynamic_maat_redis_server:
-    address: "192.168.41.206"
-    port: 7002
-    db: 1
-
-cert_store_server:
-    address: "192.168.100.1"
-    port: 9991
-
-log_kafkabrokers:
-    address: "192.168.41.204:9092"
-
-log_minio:
-    address: "192.168.41.206"
-    port: 9090
-
-fs_remote:
-    switch: 1
-    address: "192.168.100.1"
-    port: 58125
-
-nic_transparent_mode:
-    enable: 0
-
-run_as_tun_mode: 0
-package_source: "local"
-
-install_dns_debug: "yes"
-install_ftp_debug: "yes"
-install_http_debug: "yes"
-install_mail_debug: "yes"
-install_ssl_debug: "yes"
-install_fw_dns_plug_debug: "yes"
-install_fw_ftp_plug_debug: "yes"
-install_fw_http_plug_debug: "yes"
-install_fw_mail_plug_debug: "yes"
-install_tsg_master: "yes"
-
-kni:
-    global:
-        log_level: 10
-        tfe_node_count: 3
-    watch_dog:
-        switch: 1
-    maat:
-        readconf_mode: 2
-    send_logger:
-        switch: 1
-    tfe_nodes:
-        - tfe0:
-              enabled: 1
-        - tfe1:
-              enabled: 1
-        - tfe2:
-              enabled: 1
-tfe:
-    nr_threads: 16
-    kni_ip: 192.168.100.1
-    mc_cache_eth: ens1.100
-    keykeeper:
-        mode: "normal"
-        no_cache: 0
-
-mrzcpd:
-    iocore: 47
-
-mrtunnat:
-    lcore_id: 46
-
-

adc_inline_device_access/group_vars/blade-00.yml

@@ -1,15 +0,0 @@
-nic_mgr:
-    name: enp6s0
-nic_data_incoming:
-    name: ens1f4
-    ip: 192.168.1.30
-    mask: 255.255.255.252
-nic_inner_ctrl:
-    name: ens1.100
-nic_to_tfe:
-    tfe0:
-        name: ens1f5
-    tfe1:
-        name: ens1f6
-    tfe2:
-        name: ens1f7

adc_inline_device_access/group_vars/blade-01.yml

@@ -1,11 +0,0 @@
-nic_mgr:
-    name: enp6s0
-nic_data_incoming:
-    name: ens1f1
-    mac: AA:BB:CC:DD:EE:FF
-    address: 127.0.0.1
-nic_inner_ctrl:
-    name: ens1.100
-nic_traffic_mirror:
-    name: ens1f2
-    use_mrzcpd: 1

adc_inline_device_access/group_vars/blade-02.yml

@@ -1,10 +0,0 @@
-nic_mgr:
-    name: enp6s0
-nic_data_incoming:
-    name: ens8f1
-    mac: AA:BB:CC:DD:EE:FF
-nic_inner_ctrl:
-    name: ens8.100
-nic_traffic_mirror:
-    name: ens8f2
-    use_mrzcpd: 1

adc_inline_device_access/group_vars/blade-03.yml

@@ -1,10 +0,0 @@
-nic_mgr:
-    name: enp6s0
-nic_data_incoming:
-    name: ens8f1
-    mac: AA:BB:CC:DD:EE:FF
-nic_inner_ctrl:
-    name: ens8.100
-nic_traffic_mirror:
-    name: ens8f2
-    use_mrzcpd: 1

adc_inline_device_access/hosts

@@ -1,24 +0,0 @@
-[all:vars]
-ansible_user=root
-package_source=local
-
-[blade-mxn]
-192.168.40.170
-
-[blade-00]
-192.168.40.166
-
-[blade-01]
-192.168.40.167
-
-[blade-02]
-192.168.40.168
-
-[blade-03]
-192.168.40.169
-
-[Functional_Host:children]
-blade-00
-blade-01
-blade-02
-blade-03

adc_tera_access/group_vars/all.yml

@@ -1,73 +0,0 @@
-maat_redis_server:
-    address: "192.168.41.206"
-    port: 7002
-    db: 0
-
-dynamic_maat_redis_server:
-    address: "192.168.41.206"
-    port: 7002
-    db: 1
-
-cert_store_server:
-    address: "192.168.100.1"
-    port: 9991
-
-log_kafkabrokers:
-    address: "192.168.41.204:9092"
-
-log_minio:
-    address: "192.168.41.206"
-    port: 9090
-
-fs_remote:
-    switch: 1
-    address: "192.168.100.1"
-    port: 58125
-
-nic_transparent_mode:
-    enable: 0
-
-run_as_tun_mode: 0
-package_source: "local"
-
-install_dns_debug: "yes"
-install_ftp_debug: "yes"
-install_http_debug: "yes"
-install_mail_debug: "yes"
-install_ssl_debug: "yes"
-install_fw_dns_plug_debug: "yes"
-install_fw_ftp_plug_debug: "yes"
-install_fw_http_plug_debug: "yes"
-install_fw_mail_plug_debug: "yes"
-install_tsg_master: "yes"
-
-kni:
-    global:
-        log_level: 10
-        tfe_node_count: 3
-    watch_dog:
-        switch: 1
-    maat:
-        readconf_mode: 2
-    send_logger:
-        switch: 1
-    tfe_nodes:
-        - tfe0:
-              enabled: 1
-        - tfe1:
-              enabled: 1
-        - tfe2:
-              enabled: 1
-tfe:
-    nr_threads: 16
-    keykeeper:
-        mode: "normal"
-        no_cache: 0
-
-mrzcpd:
-    iocore: 47
-
-mrtunnat:
-    lcore_id: 46
-
-

adc_tera_access/group_vars/blade-00.yml

@@ -1,14 +0,0 @@
-nic_mgr:
-    name: enp6s0
-nic_data_incoming:
-    name: ens1f4
-    address: 127.0.0.1
-nic_inner_ctrl:
-    name: ens1.100
-nic_to_tfe:
-    tfe0:
-        name: ens1f5
-    tfe1:
-        name: ens1f6
-    tfe2:
-        name: ens1f7

adc_tera_access/group_vars/blade-01.yml

@@ -1,11 +0,0 @@
-nic_mgr:
-    name: enp6s0
-nic_data_incoming:
-    name: ens1f1
-    mac: AA:BB:CC:DD:EE:FF
-    address: 127.0.0.1
-nic_inner_ctrl:
-    name: ens1.100
-nic_traffic_mirror:
-    name: ens1f2
-    use_mrzcpd: 1

adc_tera_access/group_vars/blade-02.yml

@@ -1,10 +0,0 @@
-nic_mgr:
-    name: enp6s0
-nic_data_incoming:
-    name: ens8f1
-    mac: AA:BB:CC:DD:EE:FF
-nic_inner_ctrl:
-    name: ens8.100
-nic_traffic_mirror:
-    name: ens8f2
-    use_mrzcpd: 1

adc_tera_access/group_vars/blade-03.yml

@@ -1,10 +0,0 @@
-nic_mgr:
-    name: enp6s0
-nic_data_incoming:
-    name: ens8f1
-    mac: AA:BB:CC:DD:EE:FF
-nic_inner_ctrl:
-    name: ens8.100
-nic_traffic_mirror:
-    name: ens8f2
-    use_mrzcpd: 1

adc_tera_access/hosts

@@ -1,30 +0,0 @@
-[all:vars]
-ansible_user=root
-package_source=local
-
-[blade-mxn]
-192.168.40.170
-
-[blade-00]
-192.168.40.166
-
-[blade-01]
-192.168.40.167
-
-[blade-02]
-192.168.40.168
-
-[blade-03]
-192.168.40.169
-
-
-[Functional_Host:children]
-blade-00
-blade-01
-blade-02
-blade-03
-
-[Slave_Host:children]
-blade-01
-blade-02
-blade-03

clear_redis_cache.yml

@@ -1,6 +0,0 @@
-- hosts: blade-00
-  tasks:
-  - name: "killall certstore"
-    command: "killall certstore"
-  - name: "clear redis cache"
-    command: "redis-cli flushdb"

deploy.yml

@@ -1,41 +1,83 @@
-- hosts: Functional_Host
+- hosts: adc_mxn
+  remote_user: root
   roles:
+#    - tsg-env-mxn
+
+- hosts: adc_mcn0
+  remote_user: root
+  vars_files:
+    - install_config/group_vars/adc_global.yml
+    - install_config/group_vars/adc_mcn0.yml
+  roles:
+#    - tsg-env-mcn0
     - framework
     - kernel-ml
-
-- hosts: blade-00
-  roles:
-    - tsg-env-mcn0
     - mrzcpd
+    - sapp
+    - tsg_master
     - kni
+    - firewall
+    - http_healthcheck
+    - clotho
     - certstore
+    - cert-redis
+    - telegraf_statistic
+    - tsg_device_tag
 
-- hosts: blade-01
+- hosts: adc_mcn1
+  remote_user: root
+  vars_files:
+    - install_config/group_vars/adc_global.yml
+    - install_config/group_vars/adc_mcn1.yml
   roles:
-    - tsg-env-mcn1
-    - mrzcpd
-    - tfe
-
-- hosts: blade-02
-  roles:
-    - tsg-env-mcn2
-    - mrzcpd
-    - tfe
-
-- hosts: blade-03
-  roles:
-    - tsg-env-mcn3
-    - mrzcpd
-    - tfe
-
-- hosts: blade-mxn
-  roles:
-    - tsg-env-mxn
-
-- hosts: pc-as-tun-mode
-  roles:
-    - mrzcpd
+#    - tsg-env-mcn1
     - framework
-    - kni
-    - certstore
+    - kernel-ml
+    - mrzcpd
     - tfe
+
+- hosts: adc_mcn2
+  remote_user: root
+  vars_files:
+    - install_config/group_vars/adc_global.yml
+    - install_config/group_vars/adc_mcn2.yml
+  roles:
+#    - tsg-env-mcn2
+    - framework
+    - kernel-ml
+    - mrzcpd
+    - tfe
+
+- hosts: adc_mcn3
+  remote_user: root
+  vars_files:
+    - install_config/group_vars/adc_global.yml
+    - install_config/group_vars/adc_mcn3.yml
+  roles:
+#    - tsg-env-mcn3
+    - framework
+    - kernel-ml
+    - mrzcpd
+    - tfe
+
+- hosts: server-as-tun-mode
+  remote_user: root
+  vars_files:
+    - install_config/group_vars/server_as_tun_mode.yml
+  roles:
+    - kernel-ml
+    - framework
+    - mrzcpd
+    - tsg-env-tun-mode
+    - sapp
+    - tsg_master
+    - kni
+    - firewall
+    - http_healthcheck
+    - clotho
+    - certstore
+    - cert-redis
+    - tfe
+    - telegraf_statistic
+    - proxy_status
+    - tsg_device_tag

env-prod-astana/group_vars/all.yml

@@ -1,60 +0,0 @@
-maat_redis_server:
-    address: "10.4.35.1"
-    port: 6379
-    db: 0
-
-dynamic_maat_redis_server:
-    address: "10.4.35.1"
-    port: 6379
-    db: 1
-
-cert_store_server:
-    address: "192.168.100.1"
-    port: 9991
-
-log_kafkabrokers:
-    address: "10.4.35.7:9092,10.4.35.8:9092,10.4.35.9:9092,10.4.35.10:9092,10.4.35.11:9092"
-
-log_minio:
-    address: "10.4.35.1;"
-    port: 9000
-
-fs_remote:
-    switch: 1
-    address: "192.168.100.1"
-    port: 58125
-
-nic_transparent_mode:
-    enable: 0
-
-run_as_tun_mode: 0
-package_source: "local"
-
-kni:
-    global:
-        log_level: 10
-        tfe_node_count: 3
-    watch_dog:
-        switch: 1
-    send_logger:
-        switch: 1
-    tfe_nodes:
-        - tfe0:
-              enabled: 1
-        - tfe1:
-              enabled: 1
-        - tfe2:
-              enabled: 1
-tfe:
-    nr_threads: 16
-    keykeeper:
-        mode: "normal"
-        no_cache: 0
-
-mrzcpd:
-    iocore: 55
-
-mrtunnat:
-    lcore_id: 54
-
-

env-prod-astana/group_vars/blade-00.yml

@@ -1,14 +0,0 @@
-nic_mgr:
-    name: enp7s0
-nic_data_incoming:
-    name: ens1f4
-    address: 127.0.0.1
-nic_inner_ctrl:
-    name: ens1.100
-nic_to_tfe:
-    tfe0:
-        name: ens1f5
-    tfe1:
-        name: ens1f6
-    tfe2:
-        name: ens1f7

env-prod-astana/group_vars/blade-01.yml

@@ -1,11 +0,0 @@
-nic_mgr:
-    name: enp7s0
-nic_data_incoming:
-    name: ens1f1
-    mac: AA:BB:CC:DD:EE:FF
-    address: 127.0.0.1
-nic_inner_ctrl:
-    name: ens1.100
-nic_traffic_mirror:
-    name: ens1f2
-    use_mrzcpd: 1

env-prod-astana/group_vars/blade-02.yml

@@ -1,10 +0,0 @@
-nic_mgr:
-    name: enp7s0
-nic_data_incoming:
-    name: ens8f1
-    mac: AA:BB:CC:DD:EE:FF
-nic_inner_ctrl:
-    name: ens8.100
-nic_traffic_mirror:
-    name: ens8f2
-    use_mrzcpd: 1

env-prod-astana/group_vars/blade-03.yml

@@ -1,10 +0,0 @@
-nic_mgr:
-    name: enp7s0
-nic_data_incoming:
-    name: ens8f1
-    mac: AA:BB:CC:DD:EE:FF
-nic_inner_ctrl:
-    name: ens8.100
-nic_traffic_mirror:
-    name: ens8f2
-    use_mrzcpd: 1

env-prod-astana/hosts

@@ -1,100 +0,0 @@
-[all:vars]
-ansible_user=root
-
-[blade-mxn]
-10.4.164.23
-#10.4.164.24
-10.4.164.25
-10.4.164.26
-10.4.164.27
-10.4.164.28
-10.4.164.29
-
-[blade-00]
-10.4.39.9
-#10.4.39.13
-10.4.39.17
-10.4.39.21
-10.4.39.25
-10.4.39.29
-10.4.39.33
-
-[blade-01]
-10.4.39.10
-#10.4.39.14
-10.4.39.18
-10.4.39.22
-10.4.39.26
-10.4.39.30
-10.4.39.34
-
-[blade-02]
-10.4.39.11
-#10.4.39.15
-10.4.39.19
-10.4.39.23
-10.4.39.27
-10.4.39.31
-10.4.39.35
-
-[blade-03]
-10.4.39.12
-#10.4.39.16
-10.4.39.20
-10.4.39.24
-10.4.39.28
-10.4.39.32
-10.4.39.36
-
-[astana-adc-3]
-10.4.164.23
-10.4.39.9
-10.4.39.10
-10.4.39.11
-10.4.39.12
-
-[astana-adc-5]
-10.4.164.25
-10.4.39.17
-10.4.39.18
-10.4.39.19
-10.4.39.20
-
-[astana-adc-6]
-10.4.164.26
-10.4.39.21
-10.4.39.22
-10.4.39.23
-10.4.39.24
-
-[astana-adc-7]
-10.4.164.27
-10.4.39.25
-10.4.39.26
-10.4.39.27
-10.4.39.28
-
-[astana-adc-8]
-10.4.164.28
-10.4.39.29
-10.4.39.30
-10.4.39.31
-10.4.39.32
-
-[astana-adc-9]
-10.4.164.29
-10.4.39.33
-10.4.39.34
-10.4.39.35
-10.4.39.36
-
-[Functional_Host:children]
-blade-00
-blade-01
-blade-02
-blade-03
-
-[Slave_Host:children]
-blade-01
-blade-02
-blade-03

env-stage-hy/group_vars/all.yml

@@ -1,45 +0,0 @@
-maat_redis_server:
-    address: 192.168.100.3
-    port: 7002
-    db: 0
-
-dynamic_maat_redis_server:
-    address: 192.168.100.3
-    port: 7002
-    db: 0
-    
-cert_store_server:
-    address: 192.168.100.1
-    port: 9991
-
-log_kafkabrokers:
-    address: "192.168.100.4:9092"
-
-log_minio:
-    address: "192.168.100.4;"
-    port: 9000
-
-fs_remote:
-    switch: 0
-    address: "192.168.10.152"
-    port: 8125
-
-kni:
-    global:
-        log_level: 30
-        tfe_node_count: 3
-    watch_dog:
-        switch: 1
-    tfe_nodes:
-        - tfe0:
-              enabled: 1
-        - tfe1:
-              enabled: 1
-        - tfe2:
-              enabled: 1
-              
-tfe:
-    nr_threads: 32
-    keykeeper:
-        mode: "debug"
-        no_cache: 0

env-stage-hy/group_vars/blade-00.yml

@@ -1,13 +0,0 @@
-nic_mgr:
-    name: enp7s0
-nic_data_incoming:
-    name: ens1f4
-nic_inner_ctrl:
-    name: ens1.100
-nic_to_tfe:
-    tfe0:
-        name: ens1f5
-    tfe1:
-        name: ens1f6
-    tfe2:
-        name: ens1f7

env-stage-hy/group_vars/blade-01.yml

@@ -1,10 +0,0 @@
-nic_mgr:
-    name: enp7s0
-nic_data_incoming:
-    name: ens1f1
-    mac: AA:BB:CC:DD:EE:FF
-nic_inner_ctrl:
-    name: ens1.100
-nic_traffic_mirror:
-    name: ens1f2
-    use_mrzcpd: 1

env-stage-hy/group_vars/blade-02.yml

@@ -1,10 +0,0 @@
-nic_mgr:
-    name: enp7s0
-nic_data_incoming:
-    name: ens8f1
-    mac: AA:BB:CC:DD:EE:FF
-nic_inner_ctrl:
-    name: ens1.100
-nic_traffic_mirror:
-    name: ens8f2
-    use_mrzcpd: 1

env-stage-hy/group_vars/blade-03.yml

@@ -1,10 +0,0 @@
-nic_mgr:
-    name: enp7s0
-nic_data_incoming:
-    name: ens8f1
-    mac: AA:BB:CC:DD:EE:FF
-nic_inner_ctrl:
-    name: ens1.100
-nic_traffic_mirror:
-    name: ens8f2
-    use_mrzcpd: 1

env-stage-hy/hosts

@@ -1,12 +0,0 @@
-[all:vars]
-ansible_user=root
-
-[blade-00]
-192.168.10.41
-
-[blade-01]
-192.168.10.42
-
-[Functional_Host:children]
-blade-00
-blade-01

env-stage-pc/group_vars/all.yml

@@ -1,76 +0,0 @@
-maat_redis_server:
-  address: "192.168.40.83"
-  port: 7002
-  db: 0
-
-dynamic_maat_redis_server:
-  address: "192.168.40.83"
-  port: 7002
-  db: 0
-
-cert_store_server:
-  address: "127.0.0.1"
-  port: 9991
-
-log_kafkabrokers:
-  address: "192.168.40.85:9092"
-
-log_minio:
-  address: "192.168.40.85;"
-  port: 9000
-
-fs_remote:
-  switch: 1
-  address: "127.0.0.1"
-  port: 8125
-
-kni:
-  global:
-    log_level: 30
-    tfe_node_count: 3
-  watch_dog:
-    switch: 1
-  tfe_nodes:
-    - tfe0:
-        enabled: 1
-    - tfe1:
-        enabled: 1
-    - tfe2:
-        enabled: 1
-tfe:
-  nr_threads: 32
-  keykeeper:
-    mode: "normal"
-    no_cache: 0
-
-mrzcpd:
-  iocore: 47
-
-mrtunnat:
-  lcore_id: 46
-
-nic_mgr:
-  name: eth0
-nic_data_incoming:
-  name: tun_kni
-  address: 127.0.0.1
-nic_inner_ctrl:
-  name: lo
-nic_to_tfe:
-  tfe0:
-    name: lo
-  tfe1:
-    name: lo
-  tfe2:
-    name: lo
-nic_traffic_mirror:
-  name: lo
-  use_mrzcpd: 0
-
-nic_transparent_mode:
-  enable: 1
-  mode: pcap
-  internel_interface: "enp0s20f0u3"
-  external_interface: "enp0s20f0u4"
-
-run_as_tun_mode: 1

env-stage-pc/hosts

@@ -1,6 +0,0 @@
-[all:vars]
-ansible_user=root
-package_source=local
-
-[pc-as-tun-mode]
-192.168.40.85

env-stage-xxg/group_vars/all.yml

@@ -1,55 +0,0 @@
-maat_redis_server:
-    address: "192.168.40.120"
-    port: 7002
-    db: 0
-
-dynamic_maat_redis_server:
-    address: "192.168.40.120"
-    port: 7002
-    db: 1
-
-cert_store_server:
-    address: "192.168.40.161"
-    port: 9991
-
-log_kafkabrokers:
-    address: "192.168.40.119:9092"
-
-log_minio:
-    address: "192.168.40.223;"
-    port: 9000
-
-fs_remote:
-    switch: 1
-    address: "192.168.100.1"
-    port: 8125
-
-nic_transparent_mode:
-    enable: 0
-
-kni:
-    global:
-        log_level: 30
-        tfe_node_count: 3
-    watch_dog:
-        switch: 1
-    tfe_nodes:
-        - tfe0:
-              enabled: 1
-        - tfe1:
-              enabled: 1
-        - tfe2:
-              enabled: 1
-tfe:
-    nr_threads: 32
-    keykeeper:
-        mode: "normal"
-        no_cache: 0
-
-mrzcpd:
-    iocore: 47
-
-mrtunnat:
-    lcore_id: 46
-
-run_as_tun_mode: 1

env-stage-xxg/group_vars/blade-00.yml

@@ -1,14 +0,0 @@
-nic_mgr:
-    name: enp6s0
-nic_data_incoming:
-    name: ens1f4
-    address: 127.0.0.1
-nic_inner_ctrl:
-    name: ens1.100
-nic_to_tfe:
-    tfe0:
-        name: ens1f5
-    tfe1:
-        name: ens1f6
-    tfe2:
-        name: ens1f7

env-stage-xxg/group_vars/blade-01.yml

@@ -1,11 +0,0 @@
-nic_mgr:
-    name: enp6s0
-nic_data_incoming:
-    name: ens1f1
-    mac: AA:BB:CC:DD:EE:FF
-    address: 127.0.0.1
-nic_inner_ctrl:
-    name: ens1.100
-nic_traffic_mirror:
-    name: ens1f2
-    use_mrzcpd: 1

env-stage-xxg/group_vars/blade-02.yml

@@ -1,10 +0,0 @@
-nic_mgr:
-    name: enp6s0
-nic_data_incoming:
-    name: ens8f1
-    mac: AA:BB:CC:DD:EE:FF
-nic_inner_ctrl:
-    name: ens8.100
-nic_traffic_mirror:
-    name: ens8f2
-    use_mrzcpd: 1

env-stage-xxg/group_vars/blade-03.yml

@@ -1,10 +0,0 @@
-nic_mgr:
-    name: enp6s0
-nic_data_incoming:
-    name: ens8f1
-    mac: AA:BB:CC:DD:EE:FF
-nic_inner_ctrl:
-    name: ens8.100
-nic_traffic_mirror:
-    name: ens8f2
-    use_mrzcpd: 1

env-stage-xxg/hosts

@@ -1,24 +0,0 @@
-[all:vars]
-ansible_user=root
-package_source=pulp
-
-[blade-mxn]
-192.168.40.25
-
-[blade-00]
-192.168.40.21
-
-[blade-01]
-192.168.40.22
-
-[blade-02]
-192.168.40.23
-
-[blade-03]
-192.168.40.24
-
-[Functional_Host:children]
-blade-00
-blade-01
-blade-02
-blade-03

install_config/group_vars/adc_global.yml

@@ -0,0 +1,89 @@
+#########################################
+#####1: Inline_device;  2: Allot;  3: ADC_Tun_mode;
+tsg_access_type: 3
+#####2: ADC;
+tsg_running_type: 2
+
+########################################
+#IP Config
+maat_redis_server:
+  address: "192.168.40.168"
+  port: 7002
+  db: 0
+
+dynamic_maat_redis_server:
+  address: "192.168.40.168"
+  port: 7002
+  db: 0
+
+cert_store_server:
+  address: "192.168.100.1"
+  port: 9991
+
+log_kafkabrokers:
+  address: "1.1.1.1:9092,2.2.2.2:9092"
+
+log_minio:
+  address: "192.168.40.168;"
+  port: 9090
+
+#########################################
+#Log Level Config
+#日志等级 10:DEBUG 20:INFO 30:FATAL
+fw_ftp_log_level: 30
+fw_mail_log_level: 30
+fw_http_log_level: 30
+fw_dns_log_level: 30
+fw_quic_log_level: 30
+capture_packet_log_level: 30
+tsg_log_level: 30
+tsg_master_log_level: 30
+kni_log_level: 30
+tfe_log_level: 30
+tfe_http_log_level: 30
+pangu_log_level: 30
+doh_log_level: 30
+certstore_log_level: 30
+clotho_log_level: 10
+
+#######################################
+#Sapp Performance Config
+#Sapp工作在ADC计算板0时，建议使用如下30+8的配置，以保证更高的处理性能
+sapp:
+  worker_threads: 30
+  send_only_threads_max: 8
+  bind_mask: 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37
+  inbound_route_dir: 1
+
+########################################
+#Kni Config
+kni:
+  global:
+    tfe_node_count: 3
+  watch_dog:
+    switch: 1
+  maat:
+    readconf_mode: 2
+  send_logger:
+    switch: 1
+  tfe_nodes:
+    tfe0_enabled: 1
+    tfe1_enabled: 1
+    tfe2_enabled: 1
+
+########################################
+#Tfe Config
+tfe:
+  nr_threads: 32
+  mc_cache_eth: lo 
+  keykeeper:
+    no_cache: 0
+
+########################################
+#Marsio Config
+#marsio工作在ADC计算板时，建议使用如下配置，以保证更高的处理性能
+mrzcpd:
+  iocore: 44,45,46,47
+
+mrtunnat:
+  lcore_id: 40,41,42,43

install_config/group_vars/adc_mcn0.yml

@@ -0,0 +1,37 @@
+#########################################
+#Mcn0管理口网卡名
+nic_mgr:
+  name: enp6s0
+
+#########################################
+#Mcn0流量接入网卡，固定配置
+nic_data_incoming:
+  name: ens1f4
+
+#########################################
+#Mcn0其他数据口网卡名配置，固定配置
+nic_inner_ctrl:
+  name: ens1.100
+nic_to_tfe:
+  tfe0:
+      name: ens1f5
+  tfe1:
+      name: ens1f6
+  tfe2:
+      name: ens1f7
+
+#########################################
+#串联设备接入相关配置
+inline_device_config:
+  keepalive_ip: 192.168.1.30
+  keepalive_mask: 255.255.255.252
+
+#########################################
+#Allot接入相关配置
+AllotAccess:
+  virturlInterface_1: ens1f2.103
+  virturlInterface_2: ens1f2.104
+  virturlID_1: 103
+  virturlID_2: 104
+  vvipv4_mask: 24
+  vvipv6_mask: 64

install_config/group_vars/adc_mcn1.yml

@@ -0,0 +1,17 @@
+#########################################
+#Mcn1管理口网卡名
+nic_mgr:
+  name: enp6s0
+
+#########################################
+#Mcn1流量接入网卡，固定配置
+nic_data_incoming:
+  name: ens1f1
+
+#########################################
+#Mcn1其他数据口网卡名配置，固定配置
+nic_inner_ctrl:
+  name: ens1.100
+nic_traffic_mirror:
+  name: ens1f2
+  use_mrzcpd: 1

install_config/group_vars/adc_mcn2.yml

@@ -0,0 +1,17 @@
+#########################################
+#Mcn2管理口网卡名
+nic_mgr:
+  name: enp6s0
+
+#########################################
+#Mcn2流量接入网卡，固定配置
+nic_data_incoming:
+  name: ens8f1
+
+#########################################
+#Mcn2其他数据口网卡名配置，固定配置
+nic_inner_ctrl:
+  name: ens8.100
+nic_traffic_mirror:
+  name: ens8f2
+  use_mrzcpd: 1

install_config/group_vars/adc_mcn3.yml

@@ -0,0 +1,17 @@
+#########################################
+#Mcn3管理口网卡名
+nic_mgr:
+  name: enp6s0
+
+#########################################
+#Mcn3流量接入网卡，固定配置
+nic_data_incoming:
+  name: ens8f1
+
+#########################################
+#Mcn3其他数据口网卡名配置，固定配置
+nic_inner_ctrl:
+  name: ens8.100
+nic_traffic_mirror:
+  name: ens8f2
+  use_mrzcpd: 1

install_config/group_vars/server_as_tun_mode.yml

@@ -0,0 +1,130 @@
+#########################################
+#####0: Pcap;  1: Inline_device;  4: ATCA_Vlan_Flipping;  5:ATCA_VXLAN;
+tsg_access_type: 1
+#####0: Tun_mode;  1: normal;
+tsg_running_type: 1
+
+########################################
+#Server Basic Config
+nic_mgr:
+  name: eth0
+
+nic_inner_ctrl:
+  name: eth0.100
+
+#########################################
+#IP Config
+maat_redis_server:
+  address: "192.168.40.168"
+  port: 7002
+  db: 0
+
+dynamic_maat_redis_server:
+  address: "192.168.40.168"
+  port: 7002
+  db: 0
+
+cert_store_server:
+  address: "192.168.100.1"
+  port: 9991
+
+log_kafkabrokers:
+  address: "1.1.1.1:9092,2.2.2.2:9092"
+
+log_minio:
+  address: "192.168.40.168;"
+  port: 9090
+
+#########################################
+#Log Level Config
+#日志等级 10:DEBUG 20:INFO 30:FATAL
+fw_ftp_log_level: 10
+fw_mail_log_level: 10
+fw_http_log_level: 10
+fw_dns_log_level: 10
+fw_quic_log_level: 10
+capture_packet_log_level: 10
+tsg_log_level: 10
+tsg_master_log_level: 10
+kni_log_level: 10
+tfe_log_level: 10
+tfe_http_log_level: 10
+pangu_log_level: 10
+doh_log_level: 10
+certstore_log_level: 10
+clotho_log_level: 10
+
+#########################################
+#Sapp Performance Config
+#如果tsg_access_type=0，sapp跑在pcap模式，则以下配置可忽略
+sapp:
+  worker_threads: 16
+  send_only_threads_max: 8
+  bind_mask: 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23
+  inbound_route_dir: 1
+
+#########################################
+#Sapp Double-Arm Config
+packet_io:
+  internal_interface: eth2
+  external_interface: eth3
+
+
+#########################################
+#Kni Config
+kni:
+  global:
+    tfe_node_count: 1
+  watch_dog:
+    switch: 1
+  maat:
+    readconf_mode: 2
+  send_logger:
+    switch: 1
+  tfe_nodes:
+    tfe0_enabled: 1
+    tfe1_enabled: 0
+    tfe2_enabled: 0
+
+#########################################
+#Tfe Config
+tfe:
+  nr_threads: 32
+  mc_cache_eth: lo 
+  keykeeper:
+    no_cache: 0
+
+#########################################
+#Marsio Config
+mrzcpd:
+  iocore: 39
+
+mrtunnat:
+  lcore_id: 38
+
+#########################################
+#ATCA Config
+#下列配置只在tsg_access_type=4时生效
+ATCA_data_incoming:
+  ethname: enp1s0
+  vf0_name: enp1s2
+  vf1_name: enp1s2f1
+  vf2_name: enp1s2f2
+
+ATCA_VlanFlipping:
+  vlanID_1: 100
+  vlanID_2: 101
+  vlanID_3: 103
+  vlanID_4: 104
+
+#下列配置只在tsg_access_type=5时生效
+ATCA_VXLAN:
+  keepalive_ip: "10.254.19.1"
+  keepalive_mask: "255.255.255.252"
+
+#########################################
+#Inline Device Config
+inline_device_config:
+  keepalive_ip: 192.168.1.30
+  keepalive_mask: 255.255.255.252
+  data_incoming: eth5

install_config/hosts

@@ -0,0 +1,36 @@
+###################
+#   For example   #
+###################
+#变量device_id根据设备序号设置即可
+#变量vvipv4_1、vvipv4_2、vvipv6_1、vvipv6_2为Allot相关配置，其他环境可不填或直接删除变量
+#
+#[server-as-tun-mode]
+#1.1.1.1 device_id=device_1
+#
+#[adc_mxn]
+#10.3.72.1
+#10.3.72.2
+#
+#[adc_mcn0]
+#10.3.73.1 device_id=device_1 vvipv4_1=10.3.61.1 vvipv4_2=10.3.62.1 vvipv6_1=fc00::61:1 vvipv6_2=fc00::62:1
+#10.3.73.2 device_id=device_2 vvipv4_1=10.3.61.2 vvipv4_2=10.3.62.2 vvipv6_1=fc00::61:2 vvipv6_2=fc00::62:2
+#
+#[adc_mcn1]
+#10.3.74.1 device_id=device_1
+#10.3.74.2 device_id=device_2
+#
+#[adc_mcn2]
+#10.3.75.1 device_id=device_1
+#10.3.75.2 device_id=device_2
+#
+#[adc_mcn3]
+#10.3.76.1 device_id=device_1
+#10.3.76.2 device_id=device_2
+
+[server-as-tun-mode]
+[adc_mxn]
+[adc_mcn0]
+[adc_mcn1]
+[adc_mcn2]
+[adc_mcn3]
+

pc_double_arm_access/group_vars/all.yml

@@ -1,91 +0,0 @@
-maat_redis_server:
-  address: "192.168.40.83"
-  port: 7002
-  db: 0
-
-dynamic_maat_redis_server:
-  address: "192.168.40.83"
-  port: 7002
-  db: 0
-
-cert_store_server:
-  address: "127.0.0.1"
-  port: 9991
-
-log_kafkabrokers:
-  address: "192.168.40.85:9092"
-
-log_minio:
-  address: "192.168.40.85;"
-  port: 9090
-
-fs_remote:
-  switch: 1
-  address: "127.0.0.1"
-  port: 8125
-  
-install_dns_debug: "yes"
-install_ftp_debug: "yes"
-install_http_debug: "yes"
-install_mail_debug: "yes"
-install_ssl_debug: "yes"
-install_fw_dns_plug_debug: "yes"
-install_fw_ftp_plug_debug: "yes"
-install_fw_http_plug_debug: "yes"
-install_fw_mail_plug_debug: "yes"
-install_tsg_master: "yes"
-
-kni:
-  global:
-    log_level: 30
-    tfe_node_count: 3
-  watch_dog:
-    switch: 1
-  maat:
-    readconf_mode: 2
-  send_logger:
-    switch: 1
-  tfe_nodes:
-    - tfe0:
-        enabled: 1
-    - tfe1:
-        enabled: 1
-    - tfe2:
-        enabled: 1
-tfe:
-  nr_threads: 32
-  keykeeper:
-    mode: "normal"
-    no_cache: 0
-
-mrzcpd:
-  iocore: 39
-
-mrtunnat:
-  lcore_id: 38
-
-nic_mgr:
-  name: eth0
-nic_data_incoming:
-  name: tun_kni
-  address: 127.0.0.1
-nic_inner_ctrl:
-  name: lo
-nic_to_tfe:
-  tfe0:
-    name: lo
-  tfe1:
-    name: lo
-  tfe2:
-    name: lo
-nic_traffic_mirror:
-  name: lo
-  use_mrzcpd: 0
-
-nic_transparent_mode:
-  enable: 1
-  mode: pcap
-  internel_interface: "eth2"
-  external_interface: "eth3"
-
-run_as_tun_mode: 1

pc_double_arm_access/hosts

@@ -1,6 +0,0 @@
-[all:vars]
-ansible_user=root
-package_source=local
-
-[pc-as-tun-mode]
-192.168.40.139

pulp-install.yml

@@ -1,3 +0,0 @@
-- hosts: blade-0*
-  roles:
-    - pulp-consumer

rc.local

@@ -1,13 +0,0 @@
-#!/bin/bash
-# THIS FILE IS ADDED FOR COMPATIBILITY PURPOSES
-#
-# It is highly advisable to create own systemd services or udev rules
-# to run scripts during boot instead of using this file.
-#
-# In contrast to previous versions due to parallel execution during boot
-# this script will NOT be run after all other services.
-#
-# Please note that you must run 'chmod +x /etc/rc.d/rc.local' to ensure
-# that this script will be executed during boot.
-
-touch /var/lock/subsys/local

roles/cert-redis/files/cert-redis/cert-redis.service

@@ -0,0 +1,16 @@
+[Unit]
+Description=Redis persistent key-value database
+After=network.target
+After=network-online.target
+Wants=network-online.target
+
+[Service]
+ExecStart=/usr/local/bin/start-cert-redis
+ExecStop=killall redis-server
+Type=forking
+RuntimeDirectory=redis
+RuntimeDirectoryMode=0755
+
+[Install]
+WantedBy=multi-user.target
+

roles/cert-redis/files/cert-redis/install.sh

@@ -0,0 +1,6 @@
+#!/bin/bash
+#
+cp -rf redis-server /usr/local/bin/
+cp -rf redis-cli /usr/local/bin
+cp -rf cert-redis.service /usr/lib/systemd/system/
+cp -rf start-cert-redis /usr/local/bin

roles/cert-redis/files/cert-redis/start-cert-redis

@@ -0,0 +1,4 @@
+#!/bin/bash
+#
+
+/usr/local/bin/redis-server /home/tsg/cert-redis/6379/6379.conf

roles/cert-redis/tasks/main.yml

@@ -0,0 +1,15 @@
+- name: "copy cert-redis to destination server"
+  copy:
+    src: "{{ role_path }}/files/"
+    dest: /home/tsg
+    mode: 0755
+
+- name: "install cert-redis"
+  shell: cd /home/tsg/cert-redis;sh install.sh
+
+- name: "start cert-redis"
+  systemd:
+    name: cert-redis.service
+    state: started
+    daemon_reload: yes
+    enabled: yes

roles/certstore/tasks/main.yml

@@ -1,39 +1,26 @@
----
-- name: "copy redis and dependency to destination"
+- name: "copy certstore rpm to destination"
   synchronize:
     src: "{{ role_path }}/files/"
     dest: "/tmp/ansible_deploy/"
 
-#- name: "install redis"
-#  yum:
-#    name:
-#      - /tmp/ansible_deploy/jemalloc-3.6.0-1.el7.x86_64.rpm
-#      - /tmp/ansible_deploy/redis-3.2.12-2.el7.x86_64.rpm
-#    state: present
-
-#- name: "enable redis"
-#  systemd:
-#    name: redis
-#    enabled: yes
-#    state: started
-
 - name: Ensures /home/tsg exists
   file: path=/home/tsg state=directory
   tags: mkdir
 
 - name: install certstore
-  unarchive:
-    src: "{{ role_path }}/files/certstore-base-online-20200108.tar.gz"
-    dest: /home/tsg
+  yum:
+    name:
+      - /tmp/ansible_deploy/certstore-2.1.2.20200828.f507b3e-1.el7.x86_64.rpm
+    state: present
 
 - name: template certstore configure file
   template:
     src: "{{ role_path }}/templates/cert_store.ini.j2"
-    dest: /home/tsg/certstore-base/conf/cert_store.ini
+    dest: /home/tsg/certstore/conf/cert_store.ini
 
-- name: bootup certstore
-  blockinfile:
-    marker: "## {mark} bootstrap certstore"
-    path: /etc/rc.d/rc.local
-    block: |
-      cd /home/tsg/certstore-base; ./r2_certstore
+- name: "start certstore"
+  systemd:
+    name: certstore.service
+    state: started
+    enabled: yes
+    daemon_reload: yes

roles/certstore/templates/cert_store.ini.j2

@@ -2,7 +2,7 @@
 #1:print on screen, 0:don't
 DEBUG_SWITCH = 1
 #10:DEBUG, 20:INFO, 30:FATAL
-RUN_LOG_LEVEL = 30
+RUN_LOG_LEVEL = {{ certstore_log_level }}
 RUN_LOG_PATH = ./logs
 [CONFIG]
 #Number of running threads
@@ -15,7 +15,7 @@ expire_after = 30
 local_debug = 1
 ca_path = ./cert/tango-ca-v3-trust-ca.pem
 untrusted_ca_path = ./cert/mesalab-ca-untrust.pem
-[NTC_MAAT]
+[MAAT]
 #Configure the load mode,
 #0: using the configuration distribution network
 #1: using local json
@@ -42,4 +42,7 @@ port = 6379
 #Maat monitors the Redsi server IP address and port number
 ip = {{ maat_redis_server.address }}
 port = {{ maat_redis_server.port }}
-dbindex =  {{ maat_redis_server.db }}
+dbindex =  {{ maat_redis_server.db }}
+[stat]
+statsd_server=192.168.100.1
+statsd_port=8126

roles/clotho/files/clotho.service

@@ -0,0 +1,13 @@
+[Unit]
+Description=clotho
+After=network.target
+After=network-online.target
+Wants=network-online.target
+
+[Service]
+ExecStart=/home/mesasoft/clotho/clotho
+ExecStop=killall clotho
+Type=forking
+
+[Install]
+WantedBy=multi-user.target

roles/clotho/tasks/main.yml

@@ -0,0 +1,29 @@
+- name: "copy clotho rpm to destination server"
+  copy:
+    src: "{{ role_path }}/files/clotho-debug-1.0.0.-1.el7.x86_64.rpm"
+    dest: /tmp/ansible_deploy/
+
+- name: "copy  clotho.service to destination server"
+  copy:
+    src: "{{ role_path }}/files/clotho.service"
+    dest: /usr/lib/systemd/system
+    mode: 0755
+
+- name: "install clotho rpm from localhost"
+  yum:
+    name:
+      - /tmp/ansible_deploy/clotho-debug-1.0.0.-1.el7.x86_64.rpm
+    state: present
+
+- name: "Template the clotho.conf"
+  template:
+    src: "{{ role_path }}/templates/clotho.conf.j2"
+    dest: /home/mesasoft/clotho/conf/clotho.conf 
+  tags: template
+ 
+- name: "start clotho"
+  systemd:
+    name: clotho.service
+    enabled: yes
+    daemon_reload: yes
+

roles/clotho/templates/clotho.conf.j2

@@ -0,0 +1,7 @@
+[KAFKA]
+BROKER_LIST={{ log_kafkabrokers.address }}
+
+[SYSTEM]
+NIC_NAME={{ nic_mgr.name }}
+LOG_LEVEL={{ clotho_log_level }}
+LOG_PATH=log/clotho

roles/firewall/tasks/main.yml

@@ -0,0 +1,48 @@
+---
+- name: "copy firewall rpms to destination server"
+  copy:
+    src: "{{ role_path }}/files/"
+    dest: /tmp/ansible_deploy/
+
+- name: "install firewall packages"
+  yum:
+    name: "{{ fw_packages }}"
+    state: present
+    skip_broken: yes
+  vars:
+    fw_packages:
+      - /tmp/ansible_deploy/capture_packet_plug-3.0.2.09f193c-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/clotho-debug-1.0.0.-1.el7.x86_64.rpm
+      - /tmp/ansible_deploy/dns-2.0.6.d8317e9-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/ftp-1.0.6.2710506-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/fw_dns_plug-3.0.0.0a5d574-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/fw_ftp_plug-3.0.0.7a867ea-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/fw_http_plug-3.0.0.1ca1c65-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/fw_mail_plug-3.0.0.3b4e481-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/fw_quic_plug-3.0.0.b06d39c-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/fw_ssl_plug-3.0.1.7ea9976-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/http-2.0.3.9218b4b-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/mail-1.0.7.9e3be05-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/quic-1.1.6.d6755d8-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/ssl-1.0.3.e8482a4-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/tsg_conn_record-1.0.2.2afb19a-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/tsg_conn_sketch-2.0.v2.0_alpha.af621ca-2.el7.x86_64.rpm
+
+- name: "Template the tsgconf/main.conf"
+  template:
+    src: "{{ role_path }}/templates/main.conf.j2"
+    dest: /home/mesasoft/sapp_run/tsgconf/main.conf
+  tags: template
+
+
+- name: "Template the tsgconf/maat.conf"
+  template:
+    src: "{{ role_path }}/templates/maat.conf.j2"
+    dest: /home/mesasoft/sapp_run/tsgconf/maat.conf
+  tags: template
+
+- name: "Template the conf/capture_packet_plug.conf.j2"
+  template:
+    src: "{{ role_path }}/templates/capture_packet_plug.conf.j2"
+    dest: /home/mesasoft/sapp_run/conf/capture_packet_plug.conf
+  tags: template

roles/firewall/templates/capture_packet_plug.conf.j2

@@ -0,0 +1,25 @@
+[MAAT]
+MAAT_MODE=2
+#EFFECTIVE_FLAG=
+STAT_SWITCH=1
+PERF_SWITCH=1
+TABLE_INFO=conf/capture_packet_tableinfo.conf
+STAT_FILE=capture_packet_maat.status
+EFFECT_INTERVAL_S=1
+REDIS_IP={{ maat_redis_server.address }}
+REDIS_PORT_NUM=1
+REDIS_PORT={{ maat_redis_server.port }}
+REDIS_INDEX=0
+JSON_CFG_FILE=conf/capture_packet_maat.json
+INC_CFG_DIR=capture_packet_rule/inc/index/
+FULL_CFG_DIR=capture_packet_rule/full/index/
+
+[LOG]
+NIC_NAME={{ nic_mgr.name }}
+BROKER_LIST={{ log_kafkabrokers.address }}
+FIELD_FILE=conf/capture_packet_log_field.conf
+
+[SYSTEM]
+LOG_LEVEL={{ capture_packet_log_level }}
+LOG_PATH=./tsglog/capture_packet_plug/capture_packet
+

roles/firewall/templates/maat.conf.j2

@@ -0,0 +1,32 @@
+[STATIC]
+###0:location 1:json 2:redis
+MAAT_MODE=2
+STAT_SWITCH=1
+PERF_SWITCH=1
+TABLE_INFO=tsgconf/tsg_static_tableinfo.conf
+STAT_FILE=tsg_static_maat.status
+EFFECT_INTERVAL_S=1
+REDIS_IP={{ maat_redis_server.address }}
+REDIS_PORT_NUM=1
+REDIS_PORT=7002
+REDIS_INDEX=0
+JSON_CFG_FILE=tsgconf/tsg_maat.json
+INC_CFG_DIR=tsgrule/inc/index/
+FULL_CFG_DIR=tsgrule/full/index/
+
+[DYNAMIC]
+###0:location 1:json 2:redis
+MAAT_MODE=2
+STAT_SWITCH=1
+PERF_SWITCH=1
+TABLE_INFO=tsgconf/tsg_dynamic_tableinfo.conf
+STAT_FILE=tsg_dynamic_maat.status
+EFFECT_INTERVAL_S=1
+REDIS_IP={{ dynamic_maat_redis_server.address }}
+REDIS_PORT_NUM=1
+REDIS_PORT=7002
+REDIS_INDEX=1
+JSON_CFG_FILE=tsgconf/tsg_maat.json
+INC_CFG_DIR=tsgrule/inc/index/
+FULL_CFG_DIR=tsgrule/full/index/
+

roles/firewall/templates/main.conf.j2

@@ -0,0 +1,55 @@
+[FTP_PLUG]
+LOG_PATH=./tsglog/fw_ftp_plug/fw_ftp_plug
+LOG_LEVEL={{ fw_ftp_log_level }}
+TIMEOUT=600
+
+[MAIL_PLUG]
+LOG_PATH=./tsglog/fw_mail_plug/fw_mail_plug
+LOG_LEVEL={{ fw_mail_log_level }}
+TIMEOUT=600
+
+[HTTP_PLUG]
+LOG_PATH=./tsglog/fw_http_plug/fw_http_plug
+LOG_LEVEL={{ fw_http_log_level }}
+
+[DNS_PLUG]
+LOG_PATH=./tsglog/fw_dns_plug/fw_dns_plug
+LOG_LEVEL={{ fw_dns_log_level }}
+
+[QUIC_PLUG]
+LOG_PATH=./tsglog/fw_quic_plug/fw_quic_plug
+LOG_LEVEL={{ fw_quic_log_level }}
+
+[MAAT]
+PROFILE=./tsgconf/maat.conf
+SUBSCRIBER_ID_TABLE=TSG_OBJ_SUBSCRIBER_ID
+CB_SUBSCRIBER_IP_TABLE=TSG_DYN_SUBSCRIBER_IP
+IP_ADDR_TABLE=TSG_SECURITY_ADDR
+
+[TSG_LOG]
+MODE=1
+NIC_NAME={{ nic_mgr.name }}
+MAX_SERVICE=1
+LOG_LEVEL={{ tsg_log_level }}
+LOG_PATH=./tsglog/tsglog
+BROKER_LIST={{ log_kafkabrokers.address }}
+COMMON_FIELD_FILE=tsgconf/tsg_log_field.conf
+
+[STATISTIC]
+CYCLE=5
+TELEGRAF_PORT=8100
+TELEGRAF_IP=127.0.0.1
+OUTPUT_PATH=./tsg_statistic.log
+APP_NAME=statistic
+
+[FIELD_STAT]
+CYCLE=5
+TELEGRAF_PORT=8100
+TELEGRAF_IP=127.0.0.1
+OUTPUT_PATH=./tsg_stat.log
+APP_NAME=tsg_master
+
+[SYSTEM]
+LOG_LEVEL={{ tsg_master_log_level }}
+LOG_PATH=./tsglog/tsg_master
+POLICY_PRIORITY_LABEL=POLICY_PRIORITY