feature:新增部署packet_dump的操作

rpm包

adc_deploy.yml

@@ -1,90 +0,0 @@
-- hosts: adc_mxn
-  remote_user: root
-  roles:
-    - {role: adc_exporter, tags: adc_exporter}
-    - {role: adc_exporter_proxy, tags: adc_exporter_proxy}
-#    - {role: switch_rule, tags: switch_rule}
-
-- hosts: adc_mcn0
-  remote_user: root
-  vars_files:
-    - install_config/group_vars/adc_global.yml
-    - install_config/group_vars/adc_mcn0.yml
-  roles:
-    - {role: framework, tags: framework}
-    - {role: kernel-ml, tags: kernel-ml}
-    - {role: mrzcpd, tags: mrzcpd}
-    - {role: sapp, tags: sapp}
-    - {role: tsg_master, tags: tsg_master}
-    - {role: kni, tags: kni}
-    - {role: firewall, tags: firewall}
-#    - tsg_app
-    - {role: http_healthcheck,tags: http_healthcheck}
-    - {role: redis, tags: redis}
-    - {role: cert-redis, tags: cert-redis}
-    - {role: maat-redis, tags: maat-redis, when: deploy_mode == "cluster"}
-    - {role: certstore, tags: certstore}
-    - {role: telegraf_statistic, tags: telegraf_statistic}
-    - {role: app_proto_identify, tags: app_proto_identify}
-    - {role: adc_exporter, tags: adc_exporter}
-#    - {role: switch_control, tags: switch_control}
-    - {role: tsg-env-patch, tags: tsg-env-patch}
-
-- hosts: adc_mcn1
-  remote_user: root
-  vars_files:
-    - install_config/group_vars/adc_global.yml
-    - install_config/group_vars/adc_mcn1.yml
-  roles:
-#    - tsg-env-mcn1
-    - {role: framework, tags: framework}
-    - {role: kernel-ml, tags: kernel-ml}
-    - {role: mrzcpd, tags: mrzcpd}
-    - {role: tfe, tags: tfe}
-    - {role: adc_exporter, tags: adc_exporter}
-#    - {role: switch_control, tags: switch_control}
-    - {role: tsg-env-patch, tags: tsg-env-patch}
-
-- hosts: adc_mcn2
-  remote_user: root
-  vars_files:
-    - install_config/group_vars/adc_global.yml
-    - install_config/group_vars/adc_mcn2.yml
-  roles:
-#    - tsg-env-mcn2
-    - {role: framework, tags: framework}
-    - {role: kernel-ml, tags: kernel-ml}
-    - {role: mrzcpd, tags: mrzcpd}
-    - {role: tfe, tags: tfe}
-    - {role: adc_exporter, tags: adc_exporter}
-#    - {role: switch_control, tags: switch_control}
-    - {role: tsg-env-patch, tags: tsg-env-path}
-
-- hosts: adc_mcn3
-  remote_user: root
-  vars_files:
-    - install_config/group_vars/adc_global.yml
-    - install_config/group_vars/adc_mcn3.yml
-  roles:
-    - {role: framework, tags: framework}
-    - {role: kernel-ml, tags: kernel-ml}
-    - {role: mrzcpd, tags: mrzcpd}
-    - {role: tfe, tags: tfe}
-#    - {role: adc_exporter, tags: adc_exporter}
-    - {role: switch_control, tags: switch_control}
-    - {role: tsg-env-patch, tags: tsg-env-patch}
-    
-- hosts: packet_dump_server
-  remote_user: root
-  vars_files:
-    - install_config/group_vars/adc_global.yml
-  roles:
-    - {role: framework, tags: framework}
-    - {role: packet_dump, tags: packet_dump}
-
-- hosts: app_global
-  remote_user: root
-  vars_files:
-    - install_config/group_vars/app_global.yml
-  roles:
-    - {role: app_global, tags: app_global}

install_config/group_vars/adc_global.yml

@@ -1,124 +0,0 @@
-#########################################
-#####1: Inline_device;  2: Allot;  3: ADC_Tun_mode;
-tsg_access_type: 2
-#####2: ADC;
-tsg_running_type: 2
-#####deploy mode: cluster, single
-deploy_mode: "cluster"
-########################################
-#Deploy_finished_reboot
-Deploy_finished_reboot: 0
-
-########################################
-#IP Config
-maat_redis_city_server:
-  address: "10.4.62.253"
-  port: 7002
-
-maat_redis_server:
-  address: "192.168.100.1"
-  port: 7002
-  port_num: 1
-  db: 0
-
-dynamic_maat_redis_server:
-  address: "192.168.100.1"
-  port: 7002
-  port_num: 1
-  db: 1
-
-cert_store_server:
-  address: "192.168.100.1"
-  port: 9991
-
-log_kafkabrokers:
-  address: ['1.1.1.1:9092','2.2.2.2:9092']
-
-log_minio:
-  address: "10.4.62.253"
-  port: 9090
-
-#########################################
-#Log Level Config
-#日志等级 10:DEBUG 20:INFO 30:FATAL
-fw_ftp_log_level: 10
-fw_mail_log_level: 10
-fw_http_log_level: 10
-fw_dns_log_level: 10
-fw_quic_log_level: 10
-app_control_log_level: 10
-capture_packet_log_level: 10
-tsg_log_level: 10
-tsg_master_log_level: 10
-kni_log_level: 10
-
-#日志等级 DEBUG INFO FATAL
-tfe_log_level: FATAL
-tfe_http_log_level: FATAL
-pangu_log_level: FATAL
-doh_log_level: FATAL
-
-certstore_log_level: FATAL
-packet_dump_log_level: 10
-
-#######################################
-#Sapp Performance Config
-#Sapp工作在ADC计算板0时，建议使用如下30+8的配置，以保证更高的处理性能
-sapp:
-  worker_threads: 42
-  send_only_threads_max: 1
-  bind_mask: 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43
-  inbound_route_dir: 1
-
-########################################
-#Kni Config
-kni:
-  global:
-    tfe_node_count: 3
-  watch_dog:
-    switch: 1
-  maat:
-    readconf_mode: 2
-  send_logger:
-    switch: 1
-  tfe_nodes:
-    tfe0_enabled: 1
-    tfe1_enabled: 1
-    tfe2_enabled: 1
-
-########################################
-#Tfe Config
-tfe:
-  nr_threads: 32
-  mirror_enable: 1
-
-########################################
-#Marsio Config
-#marsio工作在ADC计算板时，建议使用如下配置，以保证更高的处理性能
-mcn0_mrzcpd:
-  iocore: 52,53,54,55
-
-mcn123_mrzcpd:
-  iocore: 54,55
-
-mrtunnat:
-  lcore_id: 48,49,50,51 
-
-#########################################
-#Tsg_app
-tsg_app_enable: 0
-app_global_ip: "1.1.1.1"
-applog_level: 10
-app_master_log_level: 10
-app_sketch_local_log_level: 10
-app_control_plug_log_level: 10
-
-breakpad_upload_url: http://10.4.63.4:9000/api/2/minidump/?sentry_key=3203b43fd5384a7dbe6a48ecb1f3c595
-data_center: Kyzylorda
-tsg_master_entrance_id: 9
-nic_mgr: 
-   name: em1
-   
-sapp_prometheus_enable: 1
-sapp_prometheus_port: 9273
-sapp_prometheus_url_path: "/metrics"

install_config/group_vars/adc_mcn0.yml

@@ -1,41 +0,0 @@
-#########################################
-#Mcn0管理口网卡名
-nic_mgr:
-  name: ens1f3
-
-#########################################
-#Mcn0流量接入网卡，固定配置
-nic_data_incoming:
-  name: ens1f4
-
-#########################################
-#Mcn0其他数据口网卡名配置，固定配置
-nic_inner_ctrl:
-  name: ens1.100
-nic_to_tfe:
-  tfe0:
-      name: ens1f5
-  tfe1:
-      name: ens1f6
-  tfe2:
-      name: ens1f7
-
-#########################################
-#串联设备接入相关配置
-inline_device_config:
-  keepalive_ip: 192.168.1.30
-  keepalive_mask: 255.255.255.252
-
-#########################################
-#Allot接入相关配置
-AllotAccess:
-  #virturlInterface_1: ens1f2.103
-  #virturlInterface_2: ens1f2.104
-  virturlID_1: 1201
-  virturlID_2: 1202
-  virturlID_3: 1301
-  virturlID_4: 1302
-  #vvipv4_mask: 24
-  #vvipv6_mask: 64
-
-bladename: mcn0

install_config/group_vars/adc_mcn1.yml

@@ -1,19 +0,0 @@
-#########################################
-#Mcn1管理口网卡名
-nic_mgr:
-  name: ens1f3
-
-#########################################
-#Mcn1流量接入网卡，固定配置
-nic_data_incoming:
-  name: ens1f1
-
-#########################################
-#Mcn1其他数据口网卡名配置，固定配置
-nic_inner_ctrl:
-  name: ens1.100
-nic_traffic_mirror:
-  name: ens1f2
-  use_mrzcpd: 1
-
-bladename: mcn1

install_config/group_vars/adc_mcn2.yml

@@ -1,19 +0,0 @@
-#########################################
-#Mcn2管理口网卡名
-nic_mgr:
-  name: ens8f3
-
-#########################################
-#Mcn2流量接入网卡，固定配置
-nic_data_incoming:
-  name: ens8f1
-
-#########################################
-#Mcn2其他数据口网卡名配置，固定配置
-nic_inner_ctrl:
-  name: ens8.100
-nic_traffic_mirror:
-  name: ens8f2
-  use_mrzcpd: 1
-  
-bladename: mcn2

install_config/group_vars/adc_mcn3.yml

@@ -1,19 +0,0 @@
-#########################################
-#Mcn3管理口网卡名
-nic_mgr:
-  name: ens8f3
-
-#########################################
-#Mcn3流量接入网卡，固定配置
-nic_data_incoming:
-  name: ens8f1
-
-#########################################
-#Mcn3其他数据口网卡名配置，固定配置
-nic_inner_ctrl:
-  name: ens8.100
-nic_traffic_mirror:
-  name: ens8f2
-  use_mrzcpd: 1
-  
-bladename: mcn3

install_config/group_vars/app_global.yml

@@ -1,10 +0,0 @@
-#########################################
-app_sketch_global_log_level: 10
-
-maat_redis_server:
-  address: "192.168.40.168"
-  port: 7002
-  db: 0
-
-file_stat_ip: "1.1.1.1"
-  

install_config/group_vars/mirror_traffic.yml

@@ -0,0 +1,93 @@
+########################################
+#Server Basic Config
+nic_mgr:
+  name: eth0
+
+#########################################
+#IP Config
+maat_redis_server:
+  address: "#Bifang IP#"
+  port: 7002
+  port_num: 1
+  db: 0
+
+dynamic_maat_redis_server:
+  address: "#Bifang IP#"
+  port: 7002
+  port_num: 1
+  db: 1
+
+
+log_kafkabrokers:
+  address: ['1.1.1.1:9092','2.2.2.2:9092']
+
+
+#log_minio:
+#  address: "10.9.62.253"
+#  port: 9090
+
+#########################################
+#Log Level Config
+#日志等级 10:DEBUG 20:INFO 30:FATAL
+fw_voip_log_level: 10
+fw_ftp_log_level: 10
+fw_mail_log_level: 10
+fw_http_log_level: 10
+fw_dns_log_level: 10
+fw_quic_log_level: 10
+app_control_log_level: 10
+capture_packet_log_level: 10
+tsg_log_level: 10
+tsg_master_log_level: 10
+kni_log_level: 10
+
+#日志等级 DEBUG INFO FATAL
+tfe_log_level: FATAL
+tfe_http_log_level: FATAL
+pangu_log_level: FATAL
+doh_log_level: FATAL
+
+certstore_log_level: 10
+packet_dump_log_level: 10
+
+#########################################
+#Sapp Performance Config
+#如果tsg_access_type=0，sapp跑在pcap模式，则以下配置可忽略
+sapp:
+  worker_threads: 23
+  send_only_threads_max: 1
+  bind_mask: 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24
+  inbound_route_dir: 1
+  prometheus_enable: 1
+  prometheus_port: 9273
+  prometheus_url_path: "/metrics"
+
+#########################################
+#Marsio Config
+mrzcpd:
+  iocore: 39
+
+
+#########################################
+#新增配置项,均为默认值不用改
+breakpad_upload_url: http://127.0.0.1:9000/api/2/minidump/?sentry_key=3556bac347c74585a994eb6823faf5c6
+
+data_center: Beijing
+tsg_master_entrance_id: 0
+
+
+firewall:
+  hos_serverip: "192.168.40.223"
+  hos_serverport: 9098
+  hos_accesskeyid: "default"
+  hos_secretkey: "default"
+  hos_poolsize: 100
+  hos_thread_sum: 32
+  hos_cache_size: 102400
+  hos_fs2_serverip: "127.0.0.1"
+  hos_fs2_serverport: 10086
+  APP_SKETCH_BROKER_IP: "192.168.40.161"
+  APP_SKETCH_BROKER_PORT: 1883
+
+
+data_incoming_nic_list: ['eth0', 'eth1']

install_config/group_vars/packet_dump_server.yml

@@ -0,0 +1,22 @@
+nic_mgr:
+  name: eth0
+
+log_kafkabrokers:
+  address: ['1.1.1.1:9092','2.2.2.2:9092']
+
+packet_dump_log_level: 10
+
+breakpad_upload_url: http://127.0.0.1:9000/api/2/minidump/?sentry_key=3556bac347c74585a994eb6823faf5c6
+
+dump_rtp_pcap:
+  aws_access_key_id: "default"
+  aws_secret_access_key: "default"
+  aws_session_token: "c21f969b5f03d33d43e04f8f136e7682"
+  consume_bootstrap_servers: ['192.168.44.14:9092']
+  endpoint_url: "http://192.168.44.67:9098/hos/"
+  produce_bootstrap_servers: "192.168.44.14:9092"
+  queue_size: 5000000
+  coroutine_max_num: 200
+  coroutine_num: 100
+  qfull_mode: 0
+  qfull_interval: 5

install_config/group_vars/server_as_tun_mode.yml

@@ -1,166 +0,0 @@
-#########################################
-#####0: Pcap;  1: Inline_device;   5:ATCA_VXLAN;
-tsg_access_type: 0
-#####0: Tun_mode;  1: normal;
-tsg_running_type: 0
-
-#####deploy mode: cluster, single
-deploy_mode: "single"
-
-########################################
-#Deploy_finished_reboot
-Deploy_finished_reboot: 0
-
-########################################
-#Server Basic Config
-nic_mgr:
-  name: eth0
-
-nic_inner_ctrl:
-  name: eth0.100
-
-#########################################
-#IP Config
-#maat_redis_city_serve相关配置只在部署集群模式时使用
-maat_redis_city_server:
-  address: ""
-  port: 
-
-maat_redis_server:
-  address: "#Bifang IP#"
-  port: 7002
-  port_num: 1
-  db: 0
-
-dynamic_maat_redis_server:
-  address: "#Bifang IP#"
-  port: 7002
-  port_num: 1
-  db: 1
-
-cert_store_server:
-  address: "192.168.100.1"
-  port: 9991
-
-log_kafkabrokers:
-  address: ['1.1.1.1:9092','2.2.2.2:9092']
-
-log_minio:
-  address: "10.9.62.253"
-  port: 9090
-
-#########################################
-#Log Level Config
-#日志等级 10:DEBUG 20:INFO 30:FATAL
-fw_ftp_log_level: 10
-fw_mail_log_level: 10
-fw_http_log_level: 10
-fw_dns_log_level: 10
-fw_quic_log_level: 10
-app_control_log_level: 10
-capture_packet_log_level: 10
-tsg_log_level: 10
-tsg_master_log_level: 10
-kni_log_level: 10
-
-#日志等级 DEBUG INFO FATAL
-tfe_log_level: FATAL
-tfe_http_log_level: FATAL
-pangu_log_level: FATAL
-doh_log_level: FATAL
-
-certstore_log_level: 10
-packet_dump_log_level: 10
-
-#########################################
-#Sapp Performance Config
-#如果tsg_access_type=0，sapp跑在pcap模式，则以下配置可忽略
-sapp:
-  worker_threads: 23
-  send_only_threads_max: 1
-  bind_mask: 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24
-  inbound_route_dir: 1
-
-#########################################
-#Sapp Double-Arm Config
-packet_io:
-  internal_interface: eth2
-  external_interface: eth3
-
-
-#########################################
-#Kni Config
-kni:
-  global:
-    tfe_node_count: 1
-  watch_dog:
-    switch: 1
-  maat:
-    readconf_mode: 2
-  send_logger:
-    switch: 1
-  tfe_nodes:
-    tfe0_enabled: 1
-    tfe1_enabled: 0
-    tfe2_enabled: 0
-
-#########################################
-#Tfe Config
-tfe:
-  nr_threads: 32
-  mirror_enable: 1
-
-#########################################
-#Marsio Config
-mrzcpd:
-  iocore: 39
-
-mrtunnat:
-  lcore_id: 38
-
-#########################################
-#Tsg_app
-tsg_app_enable: 1
-app_global_ip: "1.1.1.1"
-applog_level: 10
-app_master_log_level: 10
-app_sketch_local_log_level: 10
-app_control_plug_log_level: 10
-
-#########################################
-#ATCA Config
-#下列配置只在tsg_access_type=4时生效
-ATCA_data_incoming:
-  ethname: enp1s0
-  vf0_name: enp1s2
-  vf1_name: enp1s2f1
-  vf2_name: enp1s2f2
-
-ATCA_VlanFlipping:
-  vlanID_1: 100
-  vlanID_2: 101
-  vlanID_3: 103
-  vlanID_4: 104
-
-#下列配置只在tsg_access_type=5时生效
-ATCA_VXLAN:
-  keepalive_ip: "10.254.19.1"
-  keepalive_mask: "255.255.255.252"
-
-#########################################
-#Inline Device Config
-inline_device_config:
-  keepalive_ip: 192.168.1.30
-  keepalive_mask: 255.255.255.252
-  data_incoming: eth5
-
-#########################################
-#新增配置项,均为默认值不用改
-breakpad_upload_url: http://127.0.0.1:9000/api/2/minidump/?sentry_key=3556bac347c74585a994eb6823faf5c6
-
-data_center: Beijing
-tsg_master_entrance_id: 0
-
-sapp_prometheus_enable: 1
-sapp_prometheus_port: 9273
-sapp_prometheus_url_path: "/metrics"

install_config/hosts

@@ -1,45 +1,3 @@
-###################
-#   For example   #
-###################
-#变量device_id根据设备序号设置即可
-#变量vvipv4_1、vvipv4_2、vvipv6_1、vvipv6_2为Allot相关配置，其他环境可不填或直接删除变量
-#
-#20.09版本新增APP部署
-#[app_global]
-#0.0.0.0
-
-#[server_as_tun_mode]
-#1.1.1.1 device_id=device_1
-#
-#[adc_mxn]
-#10.3.72.1
-#10.3.72.2
-#
-#[adc_mcn0]
-#10.3.73.1 device_id=device_1 vvipv4_1=10.3.61.1 vvipv4_2=10.3.62.1 vvipv6_1=fc00::61:1 vvipv6_2=fc00::62:1
-#10.3.73.2 device_id=device_2 vvipv4_1=10.3.61.2 vvipv4_2=10.3.62.2 vvipv6_1=fc00::61:2 vvipv6_2=fc00::62:2
-#
-#[adc_mcn1]
-#10.3.74.1 device_id=device_1
-#10.3.74.2 device_id=device_2
-#
-#[adc_mcn2]
-#10.3.75.1 device_id=device_1
-#10.3.75.2 device_id=device_2
-#
-#[adc_mcn3]
-#10.3.76.1 device_id=device_1
-#10.3.76.2 device_id=device_2
-
-#[app_global]
-#[server_as_tun_mode]
-#broken warning:
-#10.4.52.71
-[adc_mcn0]
-[adc_mcn1]
-[adc_mcn2]
-[adc_mcn3]
-[app_global]
-[server_as_tun_mode]
-
+[mirror_traffic]
+[packet_dump_server]
 

mirror_traffic.yml

@@ -0,0 +1,12 @@
+- hosts: mirror_traffic
+  remote_user: root
+  vars_files:
+    - install_config/group_vars/mirror_traffic.yml
+  roles:
+    - {role: framework, tags: framework}
+    - {role: kernel-ml, tags: kernel-ml}
+    - {role: mrzcpd, tags: mrzcpd}
+    - {role: sapp, tags: sapp}
+    - {role: tsg_master, tags: tsg_master}
+    - {role: firewall, tags: firewall}
+    - {role: telegraf_statistic, tags: telegraf_statistic}

packet_dump_server.yml

@@ -0,0 +1,8 @@
+- hosts: packet_dump_server
+  remote_user: root
+  vars_files:
+    - install_config/group_vars/packet_dump_server.yml
+  roles:
+    - {role: framework, tags: framework}
+    - {role: packet_dump, tags: packet_dump}
+    - {role: dump_rtp_pcap, tags: dump_rtp_pcap}

roles/adc_exporter/tasks/main.yml

@@ -1,72 +0,0 @@
-- name: "copy freeipmi tools"
-  copy:
-    src: '{{ role_path }}/files/freeipmi-1.5.7-3.el7.x86_64.rpm'
-    dest: /tmp/ansible_deploy/
-
-- name: "Install freeipmi rpm package"
-  yum:
-    name:
-      - "/tmp/ansible_deploy/freeipmi-1.5.7-3.el7.x86_64.rpm"
-    state: present
-
-- name: "mkdir /opt/adc-exporter/"
-  file:
-    path: /opt/adc-exporter/
-    state: directory
-
-- name: "copy node_exporter"
-  copy:
-    src: '{{ role_path }}/files/node_exporter'
-    dest: /opt/adc-exporter/node_exporter
-    mode: 0755
-
-- name: "copy systemd_exporter"
-  copy:
-    src: '{{ role_path }}/files/systemd_exporter'
-    dest: /opt/adc-exporter/systemd_exporter
-    mode: 0755
-
-- name: "copy ipmi_exporter"
-  copy:
-    src: '{{ role_path }}/files/ipmi_exporter'
-    dest: /opt/adc-exporter/ipmi_exporter
-    mode: 0755
-
-- name: "templates adc-exporter-node.service"
-  template:
-    src: "{{role_path}}/templates/adc-exporter-node.service.j2"
-    dest: /usr/lib/systemd/system/adc-exporter-node.service
-  tags: template
-
-- name: "templates adc-exporter-systemd.service"
-  template:
-    src: "{{role_path}}/templates/adc-exporter-systemd.service.j2"
-    dest: /usr/lib/systemd/system/adc-exporter-systemd.service
-  tags: template
-
-- name: "templates adc-exporter-ipmi.service"
-  template:
-    src: "{{role_path}}/templates/adc-exporter-ipmi.service.j2"
-    dest: /usr/lib/systemd/system/adc-exporter-ipmi.service
-  tags: template
-
-- name: 'adc-exporter-node service start'
-  systemd:
-    name: adc-exporter-node
-    enabled: yes
-    daemon_reload: yes
-    state: started
-
-- name: 'adc-exporter-systemd service start'
-  systemd:
-    name: adc-exporter-systemd
-    enabled: yes
-    daemon_reload: yes
-    state: restarted
-
-- name: 'adc-exporter-ipmi service start'
-  systemd:
-    name: adc-exporter-ipmi
-    enabled: yes
-    daemon_reload: yes
-    state: restarted

roles/adc_exporter/templates/adc-exporter-ipmi.service.j2

@@ -1,11 +0,0 @@
-[Unit]
-Description=IPMI Exporter
-After=network.target
-
-[Service]
-Type=simple
-ExecStart=/opt/adc-exporter/ipmi_exporter
-Restart=always
-
-[Install]
-WantedBy=multi-user.target

roles/adc_exporter/templates/adc-exporter-node.service.j2

@@ -1,11 +0,0 @@
-[Unit]
-Description=Node Exporter
-After=network.target
-
-[Service]
-Type=simple
-ExecStart=/opt/adc-exporter/node_exporter
-Restart=always
-
-[Install]
-WantedBy=multi-user.target

roles/adc_exporter_ping/tasks/main.yml

@@ -1,23 +0,0 @@
-- name: "mkdir /opt/adc-exporter/"
-  file:
-    path: /opt/adc-exporter/
-    state: directory
-
-- name: "copy ping_exporter"
-  copy:
-    src: '{{ role_path }}/files/ping_exporter'
-    dest: /opt/adc-exporter/ping_exporter
-    mode: 0755
-
-- name: "templates ping_exporter.service"
-  template:
-    src: "{{role_path}}/templates/adc-exporter-ping.service.j2"
-    dest: /usr/lib/systemd/system/adc-exporter-ping.service
-  tags: template
-
-- name: 'adc-exporter-ping service start'
-  systemd:
-    name: adc-exporter-ping
-    enabled: yes
-    daemon_reload: yes
-    state: restarted

roles/adc_exporter_ping/templates/adc-exporter-ping.service.j2

@@ -1,11 +0,0 @@
-[Unit]
-Description=Ping Exporter
-After=network.target
-
-[Service]
-Type=simple
-ExecStart=/opt/adc-exporter/ping_exporter {{ ping_test.target|join(" ")}} --ping.size=512 --ping.interval=0.5s
-Restart=always
-
-[Install]
-WantedBy=multi-user.target

roles/adc_exporter_proxy/tasks/main.yml

@@ -1,34 +0,0 @@
-- name: "mkdir /opt/adc-exporter-proxy/"
-  file:
-    path: /opt/adc-exporter-proxy/
-    state: directory
-
-- name: "copy file to device"
-  copy:
-    src: '{{ role_path }}/files/'
-    dest: /tmp/ansible_deploy/
-    
-- name: "unarchive adc-exporter-proxy(NGINX)"
-  unarchive:
-    src: /tmp/ansible_deploy/adc_exporter_proxy.tar.gz
-    dest: /opt/adc-exporter-proxy
-    remote_src: yes
-
-- name: "templates adc-exporter-proxy.service"
-  template:
-    src: "{{role_path}}/templates/adc-exporter-proxy.service.j2"
-    dest: /usr/lib/systemd/system/adc-exporter-proxy.service
-  tags: template
-
-- name: "template nginx.conf"
-  template:
-    src: "{{role_path}}/templates/nginx.conf.j2"
-    dest: /opt/adc-exporter-proxy/adc-exporter-proxy/conf/nginx.conf
-  tags: template
-
-- name: 'adc-exporter-proxy service start'
-  systemd:
-    name: adc-exporter-proxy
-    enabled: yes
-    daemon_reload: yes
-    state: restarted

roles/adc_exporter_proxy/templates/adc-exporter-proxy.service.j2

@@ -1,12 +0,0 @@
-[Unit]
-Description=ADC Exporter Proxy (NGINX) for NEZHA
-After=network.target remote-fs.target nss-lookup.target
-
-[Service]
-Type=simple
-ExecStart=/opt/adc-exporter-proxy/adc-exporter-proxy/sbin/nginx -p /opt/adc-exporter-proxy/adc-exporter-proxy
-ExecReload=/opt/adc-exporter-proxy/adc-exporter-proxy/sbin/nginx -p /opt/adc-exporter-proxy/adc-exporter-proxy -s reload
-ExecStop=/opt/adc-exporter-proxy/adc-exporter-proxy/sbin/nginx -p /opt/adc-exporter-proxy/adc-exporter-proxy -s stop
-
-[Install]
-WantedBy=multi-user.target

roles/adc_exporter_proxy/templates/nginx.conf.j2

@@ -1,152 +0,0 @@
-
-user  nobody;
-worker_processes  1;
-daemon off;
-
-error_log  logs/error.log;
-error_log  logs/error.log  notice;
-error_log  logs/error.log  info;
-pid        logs/nginx.pid;
-
-
-events {
-    worker_connections  1024;
-}
-
-http {
-    include       mime.types;
-    default_type  application/octet-stream;
-
-    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
-                      '$status $body_bytes_sent "$http_referer" '
-                      '"$http_user_agent" "$http_x_forwarded_for"';
-
-    #access_log  logs/access.log  main;
-
-    sendfile        on;
-    tcp_nopush     on;
-
-    keepalive_timeout  65;
-    gzip  on;
-
-    server {
-	    listen       9000;
-	    server_name  localhost;
-
-	    location /metrics/blade/mcn0/node_exporter {
-		    proxy_pass   http://192.168.100.1:9100/metrics;
-	    }
-
-	    location /metrics/blade/mcn1/node_exporter {
-		    proxy_pass   http://192.168.100.2:9100/metrics;
-	    }
-
-	    location /metrics/blade/mcn2/node_exporter {
-		    proxy_pass   http://192.168.100.3:9100/metrics;
-	    }
-
-	    location /metrics/blade/mcn3/node_exporter {
-		    proxy_pass   http://192.168.100.4:9100/metrics;
-	    }
-
-	    location /metrics/blade/mxn/node_exporter {
-		    proxy_pass   http://192.168.100.5:9100/metrics;
-	    }
-
-            location /metrics/blade/mcn0/systemd_exporter {
-                    proxy_pass   http://192.168.100.1:9558/metrics;
-            }
-
-            location /metrics/blade/mcn1/systemd_exporter {
-                    proxy_pass   http://192.168.100.2:9558/metrics;
-            }
-
-            location /metrics/blade/mcn2/systemd_exporter {
-                    proxy_pass   http://192.168.100.3:9558/metrics;
-            }
-
-            location /metrics/blade/mcn3/systemd_exporter {
-                    proxy_pass   http://192.168.100.4:9558/metrics;
-            }
-
-	    location /metrics/blade/mcn0/ipmi_exporter {
-		    proxy_pass   http://192.168.100.1:9290/metrics;
-	    }
-
-	    location /metrics/blade/mcn1/ipmi_exporter {
-		    proxy_pass   http://192.168.100.2:9290/metrics;
-	    }
-
-	    location /metrics/blade/mcn2/ipmi_exporter {
-		    proxy_pass   http://192.168.100.3:9290/metrics;
-	    }
-
-	    location /metrics/blade/mcn3/ipmi_exporter {
-		    proxy_pass   http://192.168.100.4:9290/metrics;
-	    }
-
-	    location /metrics/blade/mxn/ipmi_exporter {
-		    proxy_pass   http://192.168.100.5:9290/metrics;
-	    }
-
-            location /metrics/blade/mcn0/certstore {
-                    proxy_pass   http://192.168.100.1:9002/metrics;
-            }
-
-            location /metrics/blade/mcn1/tfe {
-                    proxy_pass   http://192.168.100.2:9001/metrics;
-            }
-
-            location /metrics/blade/mcn2/tfe {
-                    proxy_pass   http://192.168.100.3:9001/metrics;
-            }
-
-            location /metrics/blade/mcn3/tfe {
-                    proxy_pass   http://192.168.100.4:9001/metrics;
-            }
-
-            location /metrics/blade/mcn0/sapp {
-                    proxy_pass   http://192.168.100.1:9273/metrics;
-            }
-
-            location /metrics/blade/mcn0/mrapm_device {
-                    proxy_pass   http://192.168.100.1:8901/metrics;
-            }
-
-	    location /metrics/blade/mcn0/mrapm_stream {
-                    proxy_pass   http://192.168.100.1:8902/metrics;
-            }
-
-	    location /metrics/blade/mcn1/mrapm_device {
-                    proxy_pass   http://192.168.100.2:8901/metrics;
-            }
-
-	    location /metrics/blade/mcn1/mrapm_stream {
-                    proxy_pass   http://192.168.100.2:8902/metrics;
-            }
-
-            location /metrics/blade/mcn2/mrapm_device {
-                    proxy_pass   http://192.168.100.3:8901/metrics;
-            }
-
-	    location /metrics/blade/mcn2/mrapm_stream {
-                    proxy_pass   http://192.168.100.3:8902/metrics;
-            }
-
-            location /metrics/blade/mcn3/mrapm_device {
-                    proxy_pass   http://192.168.100.4:8901/metrics;
-            }
-
-	    location /metrics/blade/mcn3/mrapm_stream {
-                    proxy_pass   http://192.168.100.4:8902/metrics;
-            }
-
-            location /metrics/blade/mcn0/maat_redis {
-                    proxy_pass   http://192.168.100.1:9121/metrics;
-            }
-
-            location /metrics/blade/mcn0/ping_exporter {
-                    proxy_pass   http://192.168.100.1:9427/metrics;
-            }
-    }
-}

roles/app_global/tasks/main.yml

@@ -1,36 +0,0 @@
-- name: "copy app_global rpm to destination server"
-  copy:
-    src: "{{ role_path }}/files/"
-    dest: /tmp/ansible_deploy/
-
-- name: "install app rpms from localhost"
-  yum:
-    name:
-      - /tmp/ansible_deploy/emqx-centos7-v4.1.2.x86_64.rpm
-      - /tmp/ansible_deploy/app-sketch-global-1.0.3.202010.a7b2e40-1.el7.x86_64.rpm
-    state: present
-
-- name: "template the app_sketch_global.conf"
-  template:
-    src: "{{ role_path }}/templates/app_sketch_global.conf.j2"
-    dest: /opt/tsg/app-sketch-global/conf/app_sketch_global.conf
-
-- name: "template the zlog.conf"
-  template:
-    src: "{{ role_path }}/templates/zlog.conf.j2"
-    dest: /opt/tsg/app-sketch-global/conf/zlog.conf
-
-- name: "Start emqx"
-  systemd:
-    name: emqx.service
-    state: started
-    enabled: yes
-    daemon_reload: yes
-    
-
-- name: "Start app-sketch-global"
-  systemd:
-    name: app-sketch-global.service
-    state: started
-    enabled: yes
-    daemon_reload: yes

roles/app_global/templates/app_sketch_global.conf.j2

@@ -1,41 +0,0 @@
-[SYSTEM]
-#1:print on screen, 0:don't
-DEBUG_SWITCH = 1
-RUN_LOG_PATH = "conf/zlog.conf"
-
-[breakpad]
-disable_coredump=0
-enable_breakpad=1
-breakpad_minidump_dir=/tmp/app-sketch-global/crashreport
-enable_breakpad_upload=0
-breakpad_upload_url={{ breakpad_upload_url }}
-
-[CONFIG]
-#Number of running threads
-thread-nu = 1
-timeout = 3600
-address="tcp://127.0.0.1:1883"
-topic_name="APP_SIGNATURE_ID"
-client_name="ExampleClientSub"
-
-[maat]
-# 0:json 1: redis 2: iris
-maat_input_mode=1
-table_info=./resource/table_info.conf
-json_cfg_file=./resource/gtest.json
-stat_file=logs/verify-policy.status
-full_cfg_dir=verify-policy/
-inc_cfg_dir=verify-policy/
-
-maat_redis_server={{ maat_redis_server.address }}
-maat_redis_port_range={{ maat_redis_server.port }}
-maat_redis_db_index={{ maat_redis_server.db }}
-effect_interval_s=1
-accept_tags={"tags":[{"tag":"location","value":"Astana"}]}
-
-[stat]
-statsd_server={{ file_stat_ip }}
-statsd_port=8100
-statsd_cycle=5
-# FS_OUTPUT_STATSD=1, FS_OUTPUT_INFLUX_LINE=2
-statsd_format=2

roles/app_global/templates/zlog.conf.j2

@@ -1,12 +0,0 @@
-[global]
-default format = "%d(%c), %V, %F, %U, %m%n"
-[levels]
-DEBUG=10
-INFO=20
-FATAL=30
-[rules]
-*.fatal        "./logs/error.log.%d(%F)";
-*.{{ app_sketch_global_log_level }}		"./logs/app_sketch_global.log.%d(%F)"
-
-
-

roles/app_proto_identify/tasks/main.yml

@@ -1,14 +0,0 @@
----
-- name: "copy app_proto_identify rpm package destination server"
-  copy:
-    src: "{{ role_path }}/files/"
-    dest: /tmp/ansible_deploy/
-
-- name: "install app_proto_identify"
-  yum:
-    name: "{{ app_packages }}"
-    state: present
-    skip_broken: yes
-  vars:
-    app_packages:
-      - /tmp/ansible_deploy/app_proto_identify-1.0.7.a5113ba-2.el7.x86_64.rpm

roles/cert-redis/files/cert-redis.service

@@ -1,12 +0,0 @@
-[Unit]
-Description=Redis persistent key-value database
-After=network.target
-
-[Service]
-ExecStart=/usr/bin/redis-server /etc/cert-redis.conf --supervised systemd
-ExecStop=/usr/libexec/redis-shutdown cert-redis
-Type=notify
-
-[Install]
-WantedBy=multi-user.target
-

roles/cert-redis/tasks/main.yml

@@ -1,15 +0,0 @@
-- name: "copy cert-redis file to dest"
-  copy:
-    src: "{{ role_path }}/files/"
-    dest: "{{ item.dest }}"
-    mode: "{{ item.mode }}"
-  with_items:
-    - { src: "cert-redis.conf" , dest: "/etc" , mode: "0644" } 
-    - { src: "cert-redis.service" , dest: "/usr/lib/systemd/system" , mode: "0644" }
-
-- name: "start cert-redis"
-  systemd:
-    name: cert-redis.service
-    state: started
-    daemon_reload: yes
-    enabled: yes

roles/certstore/files/memory.conf

@@ -1,3 +0,0 @@
-[Service]
-MemoryLimit=16G
-ExecStartPost=/bin/bash -c "echo 16G > /sys/fs/cgroup/memory/system.slice/certstore.service/memory.memsw.limit_in_bytes"

roles/certstore/tasks/main.yml

@@ -1,37 +0,0 @@
-- name: "copy certstore rpm to destination"
-  synchronize:
-    src: "{{ role_path }}/files/"
-    dest: "/tmp/ansible_deploy/"
-
-- name: Ensures /opt/tsg exists
-  file: path=/opt/tsg state=directory
-  tags: mkdir
-
-- name: install certstore
-  yum:
-    name:
-      - /tmp/ansible_deploy/certstore-2.1.6.20201215.f2e9ba7-1.el7.x86_64.rpm
-    state: present
-
-- name: template certstore configure file
-  template:
-    src: "{{ role_path }}/templates/cert_store.ini.j2"
-    dest: /opt/tsg/certstore/conf/cert_store.ini
-
-- name: template certstore zlog file
-  template:
-    src: "{{ role_path }}/templates/zlog.conf.j2"
-    dest: /opt/tsg/certstore/conf/zlog.conf
-
-- name: "copy memory limit file to certstore.service.d"
-  copy:
-    src: "{{ role_path }}/files/memory.conf"
-    dest: /etc/systemd/system/certstore.service.d/
-    mode: 0644
-
-- name: "start certstore"
-  systemd:
-    name: certstore.service
-    state: started
-    enabled: yes
-    daemon_reload: yes

roles/certstore/templates/cert_store.ini.j2

@@ -1,60 +0,0 @@
-[SYSTEM]
-#1:print on screen, 0:don't
-DEBUG_SWITCH = 1
-RUN_LOG_PATH = "conf/zlog.conf"
-
-[breakpad]
-disable_coredump=0
-enable_breakpad=1
-breakpad_minidump_dir=/tmp/certstore/crashreport
-enable_breakpad_upload=1
-breakpad_upload_url= {{ breakpad_upload_url }}
-
-[CONFIG]
-#Number of running threads
-thread-nu = 4
-#1 rsync, 0 sync
-mode=1
-#Local default root certificate is valid for 30 days by default
-expire_after = 30
-#Local default root certificate path
-local_debug = 1
-ca_path = ./cert/tango-ca-v3-trust-ca.pem
-untrusted_ca_path = ./cert/tango-ca-v3-untrust-ca.pem
-
-[MAAT]
-#Configure the load mode,
-#0: using the configuration distribution network
-#1: using local json
-#2: using Redis reads
-maat_json_switch=2
-#When the loading mode is sent to the network, set the scanning configuration modification interval (s).
-effective_interval=1
-#Specify the location of the configuration library table file
-table_info=./conf/table_info.conf
-#Incremental profile path
-inc_cfg_dir=./rule/inc/index
-#Full profile path
-full_cfg_dir=./rule/full/index
-#Json file path when json schema is used
-pxy_obj_keyring=./conf/pxy_obj_keyring.json
-
-[LIBEVENT]
-#Local monitor port number, default is 9991
-port = 9991
-
-[CERTSTORE_REDIS]
-#The Redis server IP address and port number where the certificate is stored locally
-ip = 127.0.0.1
-port = 6379
-
-[MAAT_REDIS]
-#Maat monitors the Redsi server IP address and port number
-ip = {{ maat_redis_server.address }}
-port = {{ maat_redis_server.port }}
-dbindex =  {{ maat_redis_server.db }}
-[stat]
-statsd_server=127.0.0.1
-statsd_port=8100
-statsd_set_prometheus_port=9002
-statsd_set_prometheus_url_path=/metrics

roles/certstore/templates/zlog.conf.j2

@@ -1,10 +0,0 @@
-[global]
-default format = "%d(%c), %V, %F, %U, %m%n"
-[levels]
-DEBUG=10
-INFO=20
-FATAL=30
-[rules]
-*.fatal        "./logs/error.log.%d(%F)";
-*.{{ certstore_log_level }}        "./logs/certstore.log.%d(%F)"
-

roles/dump_rtp_pcap/tasks/main.yml

@@ -0,0 +1,22 @@
+- name: "dump-rtp-pcap: copy dump-rtp-pcap rpm package to destination"
+  copy:
+    src: "{{ role_path }}/files/"
+    dest: /tmp/ansible_deploy/
+
+- name: "dump-rtp-pcap: install dump-rtp-pcap rpm from localhost"
+  yum:
+    name:
+      - /tmp/ansible_deploy/dump_rtp_pcap-1.0.2.445da24-2.el7.x86_64.rpm
+    state: present
+
+- name: "dump-rtp-pcap: Template the dump_rtp_pcap.json"
+  template:
+    src: "{{ role_path }}/templates/dump_rtp_pcap.json.j2"
+    dest: /home/mesasoft/dump_rtp_pcap/dump_rtp_pcap.json
+  tags: template
+ 
+- name: "start dump_rtp_pcap"
+  systemd:
+    name: dump_rtp_pcap.service
+    enabled: yes
+    daemon_reload: yes

roles/dump_rtp_pcap/templates/dump_rtp_pcap.json.j2

@@ -0,0 +1,23 @@
+{
+    "endian":"little",
+    "aws_access_key_id": "{{ dump_rtp_pcap.aws_access_key_id }}",
+    "aws_secret_access_key": "{{ dump_rtp_pcap.aws_secret_access_key }}",
+    "aws_session_token": "{{ dump_rtp_pcap.aws_session_token }}",
+    "bucket_name": "rtp-log",
+    "consume_auto_offset_reset":"latest",
+    "consume_bootstrap_servers": ["{{ dump_rtp_pcap.consume_bootstrap_servers | join("\",\"") }}"],
+    "consume_topic": "INTERNAL-RTP-LOG",
+    "endpoint_url": "{{ dump_rtp_pcap.endpoint_url }}",
+    "file_prefix":"rtp_log",
+    "group_id": "rtp-log-1",
+    "produce_bootstrap_servers": "{{ dump_rtp_pcap.produce_bootstrap_servers }}",
+    "produce_topic": "VOIP-RECORD-LOG",
+    "region_name": "us-east-1",
+    "save_speed_emit_interval":30,
+    "upload_speed_emit_interval":30,
+    "queue_size":{{ dump_rtp_pcap.queue_size }},
+    "coroutine_max_num":{{ dump_rtp_pcap.coroutine_max_num }},
+    "coroutine_num":{{ dump_rtp_pcap.coroutine_num }},
+    "qfull_mode":{{ dump_rtp_pcap.qfull_mode }},
+    "qfull_interval":{{ dump_rtp_pcap.qfull_interval }}
+}

roles/firewall/tasks/main.yml

@@ -13,20 +13,26 @@
     fw_packages:
       - /tmp/ansible_deploy/capture_packet_plug-3.0.6.a2db4a4-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/conn_telemetry-1.0.2.8d6da43-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/dns-2.0.9.b639626-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/dns-2.0.12.e083fec-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/ftp-1.0.8.13d5fda-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/fw_dns_plug-3.0.2.dab58fa-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/fw_dns_plug-3.0.6.57c2feb-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/fw_ftp_plug-3.0.1.0a78573-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/fw_http_plug-3.0.4.484b54d-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/fw_mail_plug-3.0.2.7401550-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/fw_http_plug-3.2.5.30df450-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/fw_mail_plug-3.1.1.777fa90-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/fw_quic_plug-3.0.4.947ef77-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/fw_ssl_plug-3.0.6.a121701-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/fw_ssl_plug-3.1.1.d9e9de4-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/http-2.0.5.c61ad9a-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/mail-1.0.9.c1d3bde-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/mail-1.0.11.48abeae-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/quic-1.1.17.8c22b4d-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/ssl-1.0.12.16b8fb5-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/tsg_conn_sketch-2.0.12.0ad5a3b-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/app_control_plug-1.0.9.97846eb-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/ssl-2.0.2.1389716-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/tsg_conn_sketch-2.1.41.906e62b-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/rtp-1.0.4.91b4ab7-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/mesa_sip-1.1.1.0721ead-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/fw_voip_plug-1.0.6.341fe83-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/gtp-1.0.4.8804e43-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/gtp_signaling_plug-1.0.2.2dfced5-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/app_proto_identify-2.0.1.dd683eb-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/app_proto_engine-devel-2.0.4.95a943e-2.el7.x86_64.rpm
 
 - name: "Template the tsgconf/main.conf"
   template:
@@ -41,16 +47,13 @@
     dest: /home/mesasoft/sapp_run/tsgconf/maat.conf
   tags: template
 
+
 - name: "Template the conf/capture_packet_plug.conf.j2"
   template:
     src: "{{ role_path }}/templates/capture_packet_plug.conf.j2"
     dest: /home/mesasoft/sapp_run/conf/capture_packet_plug.conf
   tags: template
 
-- name: "Template the tsgconf/app_l7_proto_id.conf"
-  template:
-    src: "{{ role_path }}/templates/app_l7_proto_id.conf.j2"
-    dest: /home/mesasoft/sapp_run/tsgconf/app_l7_proto_id.conf
  
 - name: "Template the /home/mesasoft/sapp_run/plug/business/tsg_conn_sketch/tsg_conn_sketch.inf"
   template:
@@ -58,3 +61,8 @@
     dest: /home/mesasoft/sapp_run/plug/business/tsg_conn_sketch/tsg_conn_sketch.inf
   tags: template
 
+- name: "Template the conf/http/http.conf"
+  template:
+    src: "{{ role_path }}/templates/http.conf.j2"
+    dest:  /home/mesasoft/sapp_run/conf/http/http.conf
+  tags: template

roles/firewall/templates/app_l7_proto_id.conf.j2

@@ -1,51 +0,0 @@
-#TYPE：1:UCHAR,2:USHORT,3:USTRING,4:ULOG,5:USTRING,6:FILE,7:UBASE64,8:PACKET
-#TYPE	FIELD		VALUE
-STRING	UNCATEGORIZED	100
-STRING	UNCATEGORIZED	101
-STRING	UNKNOWN_OTHER	102
-STRING	DNS		103
-STRING	FTP		104
-STRING	FTPS		105
-STRING	HTTP		106
-STRING	HTTPS		107
-STRING	ICMP		108
-STRING	IKE		109
-STRING	MAIL		110
-STRING	IMAPS		111
-STRING	IPSEC		112
-STRING	XMPP		113
-STRING	L2TP		114
-STRING	NTP		115
-STRING	POP3S		117
-STRING	PPTP		118
-STRING	QUIC		119
-STRING	SIP		120
-STRING	SMB		121
-STRING	SMTPS		123
-STRING	SPDY		124
-STRING	SSH		125
-STRING	SSL		126
-STRING	SOCKS		127
-STRING	TELNET		128
-STRING	DHCP		129
-STRING	RADIUS		130
-STRING	OPENVPN		131
-STRING	STUN		132
-STRING	TEREDO		133
-STRING	DTLS		134
-STRING	DoH		135
-STRING	ISAKMP		136
-STRING	MDNS		137
-STRING	NETBIOS		138
-STRING	NETFLOW		139
-STRING	RDP		140
-STRING	RTCP		141
-STRING	RTP		142
-STRING	SLP		143
-STRING	SNMP		144
-STRING	SSDP		145
-STRING	TFTP		146
-STRING	BJNP		147
-STRING	LDAP		148
-STRING	RTMP		149
-STRING	RTSP		150

roles/firewall/templates/capture_packet_plug.conf.j2

@@ -14,7 +14,6 @@ JSON_CFG_FILE=conf/capture_packet_maat.json
 INC_CFG_DIR=capture_packet_rule/inc/index/
 FULL_CFG_DIR=capture_packet_rule/full/index/
 EFFECTIVE_RANGE_FILE=/opt/tsg/etc/tsg_device_tag.json
-
 ACCEPT_TAGS={"tags":[{"tag":"data_center","value":"{{ data_center }}"}]}
 
 [LOG]
@@ -23,6 +22,5 @@ BROKER_LIST={{ log_kafkabrokers.address | join(",") }}
 FIELD_FILE=conf/capture_packet_log_field.conf
 
 [SYSTEM]
-LOG_LEVEL={{ capture_packet_log_level }}
+LOG_LEVEL=30
 LOG_PATH=./tsglog/capture_packet_plug/capture_packet
-

roles/firewall/templates/http.conf.j2

@@ -0,0 +1,43 @@
+#http_special
+#all regions
+1	HTTP_ALL
+2	HTTP_OTHER_REGIONS
+#http state
+3	HTTP_STATE
+4	HTTP_REQ_LINE
+5	HTTP_RES_LINE	
+6	HTTP_CONTENT            
+7	HTTP_UNGZIP_CONTENT
+8	HTTP_MESSAGE_URL
+9	HTTP_URI
+#http_request
+10	HTTP_HOST
+11	HTTP_REFERER
+12	HTTP_USER_AGENT
+13	HTTP_COOKIE
+14	HTTP_PROXY_AUTHORIZATION
+15	HTTP_AUTHORIZATION
+#http_response
+16	HTTP_LOCATION
+17	HTTP_SERVER
+18	HTTP_ETAG
+#http_general
+19	HTTP_DATE
+20	HTTP_TRAILER
+21	HTTP_TRANSFER_ENCODING
+22	HTTP_VIA
+23	HTTP_PRAGMA
+24	HTTP_CONNECTION
+#http_content
+25	HTTP_CONT_ENCODING
+26	HTTP_CONT_LANGUAGE
+27	HTTP_CONT_LOCATION
+28	HTTP_CONT_DISPOSITION
+29	HTTP_CONT_RANGE
+30	HTTP_CONT_LENGTH
+31	HTTP_CONT_TYPE
+32	HTTP_CHARSET
+33	HTTP_EXPIRES
+34	HTTP_X_FLASH_VERSION
+35	HTTP_TRANSFER_LENGTH
+36	Set-Cookie

roles/firewall/templates/maat.conf.j2

@@ -32,5 +32,37 @@ INC_CFG_DIR=tsgrule/inc/index/
 FULL_CFG_DIR=tsgrule/full/index/
 EFFECTIVE_RANGE_FILE=/opt/tsg/etc/tsg_device_tag.json
 
+[APP_SIGNATURE_MAAT]
+MAAT_MODE=2
+STAT_SWITCH=1
+PERF_SWITCH=1
+TABLE_INFO=tsgconf/app_sketch_tableinfo.conf
+STAT_FILE=app_sketch_maat.status
+EFFECT_INTERVAL_S=1
+REDIS_IP={{ maat_redis_server.address }}
+REDIS_PORT_NUM={{ maat_redis_server.port_num }}
+REDIS_PORT={{ maat_redis_server.port }}
+REDIS_INDEX={{ maat_redis_server.db }}
+JSON_CFG_FILE=tsgconf/app_sketch_maat.json
+INC_CFG_DIR=tsgrule/inc/index/
+FULL_CFG_DIR=tsgrule/full/index/
+EFFECTIVE_RANGE_FILE=/opt/tsg/etc/tsg_device_tag.json
+
+[CAPTURE]
+MAAT_MODE=2
+STAT_SWITCH=1
+PERF_SWITCH=1
+TABLE_INFO=tsgconf/app_sketch_tableinfo.conf
+STAT_FILE=app_sketch_maat.status
+EFFECT_INTERVAL_S=1
+REDIS_IP={{ maat_redis_server.address }}
+REDIS_PORT_NUM={{ maat_redis_server.port_num }}
+REDIS_PORT={{ maat_redis_server.port }}
+REDIS_INDEX={{ maat_redis_server.db }}
+JSON_CFG_FILE=tsgconf/app_sketch_maat.json
+INC_CFG_DIR=tsgrule/inc/index/
+FULL_CFG_DIR=tsgrule/full/index/
+EFFECTIVE_RANGE_FILE=/opt/tsg/etc/tsg_device_tag.json
+
 [MAAT]
 ACCEPT_TAGS={"tags":[{"tag":"data_center","value":"{{ data_center }}"}]}

roles/firewall/templates/main.conf.j2

@@ -1,3 +1,10 @@
+[VOIP_PLUG]
+TIMEOUT=300
+LOG_PATH="./tsglog/fw_voip_plug/fw_voip_plug"
+LOG_LEVEL={{ fw_voip_log_level }}
+TABLE_TO=TSG_FIELD_SIP_RESPONDER_DESCRIPTION
+TABLE_FROM=TSG_FIELD_SIP_ORIGINATOR_DESCRIPTION
+
 [FTP_PLUG]
 LOG_PATH="./tsglog/fw_ftp_plug/fw_ftp_plug"
 LOG_LEVEL={{ fw_ftp_log_level }}
@@ -54,11 +61,43 @@ OUTPUT_PATH="./tsg_stat.log"
 APP_NAME="tsg_master"
 
 [SYSTEM]
+NIC_NAME="{{ nic_mgr.name }}"
 ENTRANCE_ID={{ tsg_master_entrance_id }}
 LOG_LEVEL={{ tsg_master_log_level }}
 LOG_PATH="./tsglog/tsg_master"
 POLICY_PRIORITY_LABEL="POLICY_PRIORITY"
+L7_PROTOCOL_FILE="./tsgconf/tsg_l7_protocol.conf"
 DEVICE_ID_COMMAND="hostname | awk -F'-' '{print $3}'| awk -F'adc' '{print $2}'"
 
 [TSG_CONN_SKETCH]
 log_service=2
+live_service=6
+transaction_service=7
+live_service_switch=1
+transaction_service_switch=1
+live_intervals_time = 30
+
+[HOS_CONF]
+hos_serverip="{{ firewall.hos_serverip }}"
+hos_serverport={{ firewall.hos_serverport }}
+hos_accesskeyid="default"
+hos_secretkey="default"
+hos_poolsize=100
+hos_thread_sum=32
+hos_cache_size=102400
+hos_fs2_serverip="127.0.0.1"
+hos_fs2_serverport=10086
+
+[APP_SKETCH_LOCAL]
+LOG_LEVEL=10
+LOG_PATH="./tsglog/app_sketch_local/app_sketch_local"
+
+[APP_SKETCH_FEEDBACK]
+QOS=1
+PUBLISH_TOPIC="APP_SIGNATURE_ID"
+#CLIENT_ID=
+BROKER_IP="{{ firewall.APP_SKETCH_BROKER_IP }}"
+BROKER_PORT="{{ firewall.APP_SKETCH_BROKER_PORT }}"
+
+[APP_PROTO_ENGINE]
+license_path=/data/app_proto_engine/license

roles/firewall/templates/tsg_conn_sketch.inf.j2

@@ -25,11 +25,22 @@ FUNC_NAME=tsg_record_http_entry
 FUNC_FLAG=SSL_CLIENT_HELLO,SSL_SERVER_HELLO,SSL_APPLICATION_DATA,SSL_CERTIFICATE_DETAIL
 FUNC_NAME=tsg_record_ssl_entry
 
-#[DNS]
-#FUNC_FLAG=ALL
-#FUNC_NAME=tsg_record_dns_entry
+[DNS]
+FUNC_FLAG=ALL
+FUNC_NAME=tsg_record_dns_entry
 
 [MAIL]
 FUNC_FLAG=ALL
 FUNC_NAME=tsg_record_mail_entry
 
+[RTP]
+FUNC_FLAG=ALL
+FUNC_NAME=tsg_record_rtp_entry
+
+[SIP]
+FUNC_FLAG=ALL
+FUNC_NAME=tsg_record_sip_entry
+
+[FTP]
+FUNC_FLAG=ALL
+FUNC_NAME=tsg_record_ftp_entry

roles/framework/tasks/main.yml

@@ -12,19 +12,25 @@
     packages:
       - /tmp/ansible_deploy/libcjson-1.7.10.ab2896f-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/libdocumentanalyze-2.0.6.2d1abe0-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/libmaatframe-3.1.10.653727e-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/libmaatframe-3.2.1.8bf48ba-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/libMESA_field_stat-1.0.2.6d45eed-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/libMESA_field_stat2-2.9.10.72ac4f1-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/libMESA_handle_logger-2.0.7.cb4ad71-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/libMESA_handle_logger-2.0.8.f76af2f-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/libMESA_htable-3.10.12.cf4ccfc-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/libMESA_prof_load-1.0.6.c6da36a-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/librdkafka-0.11.4-1.el7.x86_64.rpm
-      - /tmp/ansible_deploy/librulescan-2.2.2.e5a4457-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/librulescan-2.2.3.93a68a2-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/libtsglua-1.0.8.0dbf2e6-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/libwiredcfg-2.0.6.67ae0ab-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/libWiredLB-2.0.5.4629165-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/lz4-1.7.5-3.el7.x86_64.rpm
       - /tmp/ansible_deploy/libbreakpad_mini-1.0.2.a56ef00-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/libaws-c-common-1.0.3.fa2adf0-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/libaws-c-event-stream-1.0.6.67fd944-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/libaws-checksums-1.0.6.8b09ac1-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/libaws-cpp-sdk-core-1.0.8.a3fe079-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/libaws-cpp-sdk-s3-2.0.0.f3c33ea-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/libhos-client-cpp-1.0.26.a8573f5-2.el7.x86_64.rpm
 
 - name: "mkdir /etc/ld.so.conf.d/"
   file:
@@ -38,3 +44,9 @@
 
 - name: "update ld"
   command: ldconfig
+
+- name: "copy maat_redis_tool to destination"
+  copy:
+    src: "{{ role_path }}/files/maat_redis_tool"
+    dest: /opt/MESA/bin/
+    mode: 0755

roles/http_healthcheck/tasks/main.yml

@@ -1,10 +0,0 @@
-- name: "copy http_healthcheck rpm to destination server"
-  copy:
-    src: "{{ role_path }}/files/"
-    dest: /tmp/ansible_deploy/
-
-- name: "install http_healthcheck from localhost"
-  yum:
-    name:
-      - /tmp/ansible_deploy/http_healthcheck-20.04-1.el7.x86_64.rpm
-    state: present

roles/kernel-ml/tasks/main.yml

@@ -20,26 +20,7 @@
   command: /usr/sbin/grub2-set-default 0
   when: t_kernel_ml.changed
 
-- name: "copy /etc/default/grub"
-  copy:
-    src: "{{ role_path }}/files/grub"
-    dest: "/etc/default"
-  when: 
-    - tsg_access_type == 4
-    - t_kernel_ml.changed
 
-- name: "BIOS:grub2-mkconfig"
-  shell: grub2-mkconfig -o /boot/grub2/grub.cfg
-  when:
-    - tsg_access_type == 4
-    - t_kernel_ml.changed
-
-- name: "UEFI:grub2-mkconfig"
-  shell: grub2-mkconfig  -o /boot/efi/EFI/centos/grub.cfg
-  when:
-    - tsg_access_type == 4
-    - t_kernel_ml.changed
-
-- name: "reboot"
-  reboot:
-  when: t_kernel_ml.changed
+#- name: "reboot"
+#  reboot:
+#  when: t_kernel_ml.changed

roles/kni/tasks/main.yml

@@ -1,24 +0,0 @@
----
-- name: "copy kni to destination server"
-  copy:
-    src: "{{ role_path }}/files/"
-    dest: /tmp/ansible_deploy/
-
-- name: "install kni rpms from localhost"
-  yum:
-    name:
-      - /tmp/ansible_deploy/kni-20.12.01.13e663f-2.el7.x86_64.rpm
-    state: present
-#    skip_broken: yes
-
-- name: Template the kni.conf
-  template:
-    src: "{{ role_path }}/templates/kni.conf.j2"
-    dest: /home/mesasoft/sapp_run/etc/kni/kni.conf
-  tags: template
- 
-- name: "enable sapp"
-  systemd:
-    name: sapp
-    enabled: yes
-    daemon_reload: yes

roles/kni/templates/kni.conf.j2

@@ -1,144 +0,0 @@
-[global]
-log_path = ./log/kni/kni.log
-log_level = {{ kni_log_level }}
-tfe_node_count = {{ kni.global.tfe_node_count }}
-manage_eth = {{ nic_mgr.name }}
-{% if tsg_running_type != 2 %}
-deploy_mode = tun
-{% else %}
-deploy_mode = normal
-{% endif %}
-tun_name = tun_kni
-src_mac_addr = 00:0e:c6:d6:72:c1
-dst_mac_addr = fe:65:b7:03:50:bd
-{% if tsg_access_type == 4 %}
-[tfe0]
-enabled = 1
-dev_eth_symbol = {{ ATCA_data_incoming.vf1_name }}
-ip_addr = 192.168.100.1
-{% elif tsg_running_type == 2 %}
-[tfe0]
-enabled = {{ kni.tfe_nodes.tfe0_enabled }}
-dev_eth_symbol = {{ nic_to_tfe.tfe0.name }}
-ip_addr = 192.168.100.2
-
-[tfe1]
-enabled = {{ kni.tfe_nodes.tfe1_enabled }}
-dev_eth_symbol = {{ nic_to_tfe.tfe1.name }}
-ip_addr = 192.168.100.3
-
-[tfe2]
-enabled = {{ kni.tfe_nodes.tfe2_enabled }}
-dev_eth_symbol = {{ nic_to_tfe.tfe2.name }}
-ip_addr = 192.168.100.4
-{% endif %}
-
-[tfe_cmsg_receiver]
-listen_eth = {{ nic_inner_ctrl.name }}
-listen_port = 2475
-
-[watch_dog]
-switch = {{ kni.watch_dog.switch }}
-listen_eth = {{ nic_inner_ctrl.name }}
-listen_port = 2476
-keepalive_idle = 2
-keepalive_intvl = 1
-keepalive_cnt = 3
-
-[marsio]
-appsym = knifw
-
-[dup_traffic]
-switch = 1
-action = 2
-capacity = 10000000
-error_rate = 0.00001
-expiry_time = 60
-
-[traceid2pme_htable]
-mho_screen_print_ctrl = 0
-mho_thread_safe = 1
-mho_mutex_num = 160
-mho_hash_slot_size = 640000
-mho_hash_max_element_num = 2560000
-mho_expire_time = 30
-mho_eliminate_type = LRU
-
-#per thread
-[tuple2stream_htable]
-mho_screen_print_ctrl = 0
-mho_thread_safe = 0
-mho_mutex_num = 160
-mho_hash_slot_size = 80000
-mho_hash_max_element_num = 320000
-mho_expire_time = 0
-mho_eliminate_type = LRU
-
-[field_stat]
-remote_switch = 1
-remote_ip = 127.0.0.1
-remote_port = 58100
-local_path = ./fs2_kni.status
-stat_cycle = 1
-print_mode = 1
-# 1:FS_OUTPUT_STATSD; 2:FS_OUTPUT_INFLUX_LINE
-statsd_format = 2
-APP_NAME = fs2_kni
-
-#self test Shunt rules security policy id
-[tsg_diagnose]
-enabled = 1
-security_policy_id = 3,10
-
-
-[ssl_dynamic_bypass]
-enabled = 0
-
-#kni dynamic bypass
-[traceid2sslinfo_htable]
-mho_screen_print_ctrl = 0
-mho_thread_safe = 1
-mho_mutex_num = 160
-mho_hash_slot_size = 80000
-mho_hash_max_element_num = 320000
-mho_expire_time = 300
-mho_eliminate_type = FIFO
-
-[sslinfo2bypass_htable]
-mho_screen_print_ctrl = 0
-mho_thread_safe = 1
-mho_mutex_num = 160
-mho_hash_slot_size = 640000
-mho_hash_max_element_num = 2560000
-mho_expire_time = 300
-mho_eliminate_type = FIFO
-
-[proxy_tcp_option]
-enabled = 1
-maat_table_compile = PXY_TCP_OPTION_COMPILE
-maat_table_addr = PXY_TCP_OPTION_ADDR
-maat_table_fqdn = PXY_TCP_OPTION_SERVER_FQDN
-enable_override = 0
-client_tcp_maxseg_enable = 0
-client_tcp_maxseg = 1460
-client_tcp_nodelay =  1
-client_tcp_ttl = 70
-client_tcp_keepalive_enable = 1
-client_tcp_keepalive_keepcnt = 8
-client_tcp_keepalive_keepidle = 30
-client_tcp_keepalive_keepintvl = 15
-client_tcp_user_timeout = 600
-server_tcp_maxseg_enable = 0
-server_tcp_maxseg = 1460
-server_tcp_nodelay = 1
-server_tcp_ttl = 75
-server_tcp_keepalive_enable = 1
-server_tcp_keepalive_keepcnt = 8
-server_tcp_keepalive_keepidle = 30
-server_tcp_keepalive_keepintvl = 15
-server_tcp_user_timeout = 600
-bypass_duplicated_packet = 0
-tcp_passthrough = 0
-
-[share_session_attribute]
-SESSION_ATTRIBUTE_LABEL=TSG_MASTER_INTERNAL_LABEL

roles/maat-redis/files/maat-redis-exporter.service

@@ -1,11 +0,0 @@
-[Unit]
-Description=Redis Exporter for MAAT-REDIS
-After=network.target
-
-[Service]
-ExecStart=/usr/bin/redis_exporter -redis.addr=redis://localhost:7002 -redis-only-metrics
-Type=simple
-
-[Install]
-WantedBy=multi-user.target
-

roles/maat-redis/files/maat-redis.service

@@ -1,12 +0,0 @@
-[Unit]
-Description=Redis persistent key-value database
-After=network.target
-
-[Service]
-ExecStart=/usr/bin/redis-server /etc/maat-redis.conf --supervised systemd
-ExecStop=/usr/libexec/redis-shutdown maat-redis
-Type=notify
-
-[Install]
-WantedBy=multi-user.target
-

roles/maat-redis/tasks/main.yml

@@ -1,31 +0,0 @@
-- name: "copy maat-redis file to dest"
-  copy:
-    src: "{{ role_path }}/files/maat-redis.service"
-    dest: "/usr/lib/systemd/system"
-    mode: 0644
-
-- name: "copy maat-redis exporter file to dest"
-  copy:
-    src: "{{ role_path }}/files/maat-redis-exporter.service"
-    dest: "/usr/lib/systemd/system"
-    mode: 0644
-
-- name: "Template the maat-redis.conf"
-  template:
-    src: "{{ role_path }}/templates/maat-redis.conf.j2"
-    dest: /etc/maat-redis.conf
-  tags: template
-
-- name: "start maat-redis"
-  systemd:
-    name: maat-redis.service
-    state: started
-    daemon_reload: yes
-    enabled: yes
-
-- name: "start maat-redis exporter"
-  systemd:
-    name: maat-redis-exporter.service
-    state: started
-    daemon_reload: yes
-    enabled: yes