增加docker环境基础安装

1、修改自检项目名称为tsg-diagnose 2、删除自检多余操作
删除构建包过程中，从docker register 下载 docker image 并生成tar的过程
2020-07-22 12:14:03 +08:00 · 2020-07-20 16:57:16 +08:00 · 2020-07-16 20:20:51 +08:00 · 2020-07-15 10:52:28 +08:00 · 2020-07-14 23:08:16 +08:00 · 2020-07-14 19:51:39 +08:00
152 changed files with 1893 additions and 609 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +0,0 @@
-.vscode
-*.retry
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -0,0 +1,35 @@
+stages:
+- build
+    
+.build_tar:
+  image: "git.mesalab.cn:7443/mesa_platform/build-env:self-test-env"
+  variables:
+    GIT_STRATEGY: "clone"
+    BUILD_PADDING_PREFIX: /tmp/padding_for_PACK_TAR_BUILD_DIRS_PREFIX/
+    TESTING_VERSION_BUILD: 0
+  before_script:
+    - dockerd > /dev/null &
+    - docker info
+    - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
+    - mkdir -p $BUILD_PADDING_PREFIX/$CI_PROJECT_NAMESPACE/
+    - ln -s $CI_PROJECT_DIR $BUILD_PADDING_PREFIX/$CI_PROJECT_PATH
+    - cd $BUILD_PADDING_PREFIX/$CI_PROJECT_PATH
+    - pwd
+    - chmod +x ./ci/travis.sh
+  script:
+    - yum makecache
+    - ./ci/travis.sh
+  tags:
+  - share
+    
+file_build:
+  stage: build
+  variables:
+    VER_NAME: $CI_COMMIT_REF_NAME
+    PULP3_REPO_NAME: install-package-stable
+    PULP3_DIST_NAME: install-package-stable
+
+  extends: .build_tar
+  only:
+    - tags
+
--- a/adc_inline_device_access/group_vars/all.yml
+++ b/adc_inline_device_access/group_vars/all.yml
@@ -1,74 +0,0 @@
-maat_redis_server:
-    address: "192.168.41.206"
-    port: 7002
-    db: 0
-
-dynamic_maat_redis_server:
-    address: "192.168.41.206"
-    port: 7002
-    db: 1
-
-cert_store_server:
-    address: "192.168.100.1"
-    port: 9991
-
-log_kafkabrokers:
-    address: "192.168.41.204:9092"
-
-log_minio:
-    address: "192.168.41.206"
-    port: 9090
-
-fs_remote:
-    switch: 1
-    address: "192.168.100.1"
-    port: 58125
-
-nic_transparent_mode:
-    enable: 0
-
-run_as_tun_mode: 0
-package_source: "local"
-
-install_dns_debug: "yes"
-install_ftp_debug: "yes"
-install_http_debug: "yes"
-install_mail_debug: "yes"
-install_ssl_debug: "yes"
-install_fw_dns_plug_debug: "yes"
-install_fw_ftp_plug_debug: "yes"
-install_fw_http_plug_debug: "yes"
-install_fw_mail_plug_debug: "yes"
-install_tsg_master: "yes"
-
-kni:
-    global:
-        log_level: 10
-        tfe_node_count: 3
-    watch_dog:
-        switch: 1
-    maat:
-        readconf_mode: 2
-    send_logger:
-        switch: 1
-    tfe_nodes:
-        - tfe0:
-              enabled: 1
-        - tfe1:
-              enabled: 1
-        - tfe2:
-              enabled: 1
-tfe:
-    nr_threads: 16
-    mc_cache_eth: ens1.100
-    keykeeper:
-        mode: "normal"
-        no_cache: 0
-
-mrzcpd:
-    iocore: 47
-
-mrtunnat:
-    lcore_id: 46
-
-
--- a/adc_inline_device_access/hosts
+++ b/adc_inline_device_access/hosts
@@ -1,24 +0,0 @@
-[all:vars]
-ansible_user=root
-package_source=local
-
-[blade-mxn]
-192.168.40.170
-
-[blade-00]
-192.168.40.166
-
-[blade-01]
-192.168.40.167
-
-[blade-02]
-192.168.40.168
-
-[blade-03]
-192.168.40.169
-
-[Functional_Host:children]
-blade-00
-blade-01
-blade-02
-blade-03
--- a/adc_tera_access/group_vars/all.yml
+++ b/adc_tera_access/group_vars/all.yml
@@ -1,73 +0,0 @@
-maat_redis_server:
-    address: "192.168.41.206"
-    port: 7002
-    db: 0
-
-dynamic_maat_redis_server:
-    address: "192.168.41.206"
-    port: 7002
-    db: 1
-
-cert_store_server:
-    address: "192.168.100.1"
-    port: 9991
-
-log_kafkabrokers:
-    address: "192.168.41.204:9092"
-
-log_minio:
-    address: "192.168.41.206"
-    port: 9090
-
-fs_remote:
-    switch: 1
-    address: "192.168.100.1"
-    port: 58125
-
-nic_transparent_mode:
-    enable: 0
-
-run_as_tun_mode: 0
-package_source: "local"
-
-install_dns_debug: "yes"
-install_ftp_debug: "yes"
-install_http_debug: "yes"
-install_mail_debug: "yes"
-install_ssl_debug: "yes"
-install_fw_dns_plug_debug: "yes"
-install_fw_ftp_plug_debug: "yes"
-install_fw_http_plug_debug: "yes"
-install_fw_mail_plug_debug: "yes"
-install_tsg_master: "yes"
-
-kni:
-    global:
-        log_level: 10
-        tfe_node_count: 3
-    watch_dog:
-        switch: 1
-    maat:
-        readconf_mode: 2
-    send_logger:
-        switch: 1
-    tfe_nodes:
-        - tfe0:
-              enabled: 1
-        - tfe1:
-              enabled: 1
-        - tfe2:
-              enabled: 1
-tfe:
-    nr_threads: 16
-    keykeeper:
-        mode: "normal"
-        no_cache: 0
-
-mrzcpd:
-    iocore: 47
-
-mrtunnat:
-    lcore_id: 46
-
-
--- a/adc_tera_access/group_vars/blade-00.yml
+++ b/adc_tera_access/group_vars/blade-00.yml
@@ -1,14 +0,0 @@
-nic_mgr:
-    name: enp6s0
-nic_data_incoming:
-    name: ens1f4
-    address: 127.0.0.1
-nic_inner_ctrl:
-    name: ens1.100
-nic_to_tfe:
-    tfe0:
-        name: ens1f5
-    tfe1:
-        name: ens1f6
-    tfe2:
-        name: ens1f7
--- a/adc_tera_access/group_vars/blade-01.yml
+++ b/adc_tera_access/group_vars/blade-01.yml
@@ -1,11 +0,0 @@
-nic_mgr:
-    name: enp6s0
-nic_data_incoming:
-    name: ens1f1
-    mac: AA:BB:CC:DD:EE:FF
-    address: 127.0.0.1
-nic_inner_ctrl:
-    name: ens1.100
-nic_traffic_mirror:
-    name: ens1f2
-    use_mrzcpd: 1
--- a/adc_tera_access/group_vars/blade-02.yml
+++ b/adc_tera_access/group_vars/blade-02.yml
@@ -1,10 +0,0 @@
-nic_mgr:
-    name: enp6s0
-nic_data_incoming:
-    name: ens8f1
-    mac: AA:BB:CC:DD:EE:FF
-nic_inner_ctrl:
-    name: ens8.100
-nic_traffic_mirror:
-    name: ens8f2
-    use_mrzcpd: 1
--- a/adc_tera_access/group_vars/blade-03.yml
+++ b/adc_tera_access/group_vars/blade-03.yml
@@ -1,10 +0,0 @@
-nic_mgr:
-    name: enp6s0
-nic_data_incoming:
-    name: ens8f1
-    mac: AA:BB:CC:DD:EE:FF
-nic_inner_ctrl:
-    name: ens8.100
-nic_traffic_mirror:
-    name: ens8f2
-    use_mrzcpd: 1
--- a/buildPackage.yml
+++ b/buildPackage.yml
@@ -0,0 +1,3 @@
+- hosts: local
+  roles:
+    - package-build
--- a/build_config/group_vars/local.yml
+++ b/build_config/group_vars/local.yml
@@ -0,0 +1,10 @@
+tarpath:
+  src:
+    - /tmp/padding_for_PACK_TAR_BUILD_DIRS_PREFIX/tsg/tsg-scripts/install_config
+    - /tmp/padding_for_PACK_TAR_BUILD_DIRS_PREFIX/tsg/tsg-scripts/deploy.yml
+    - /tmp/padding_for_PACK_TAR_BUILD_DIRS_PREFIX/tsg/tsg-scripts/roles/tsg-diagnose
+  destdict: /tmp/padding_for_PACK_TAR_BUILD_DIRS_PREFIX/tsg/tsg-scripts/build/
+
+tsgDiagnoseDockerFile: 
+  unarchiveUrl: https://repo.internal.geedge.net/pulp/content/install/stable/package/docker-rpm-test-docker-ce-7.tar.gz
+  unarchiveDest: /tmp/padding_for_PACK_TAR_BUILD_DIRS_PREFIX/tsg/tsg-scripts/roles/tsg-diagnose/files
--- a/build_config/hosts
+++ b/build_config/hosts
@@ -0,0 +1,2 @@
+[local]
+localhost ansible_connection=local
--- a/ci/travis.sh
+++ b/ci/travis.sh
@@ -0,0 +1,14 @@
+#!/usr/bin/env sh
+mkdir build || true
+
+cat ./customize.yml >> ./build_config/group_vars/local.yml
+cat ./customize.yml >> ./install_config/group_vars/all.yml
+
+ansible-playbook -i ./build_config -e tarname=tsg-scripts-${VER_NAME}.tar.gz  buildPackage.yml
+
+ls -halt ./build/tsg-scripts-${VER_NAME}.tar.gz
+
+cd build
+cp ~/file_upload_tools.py ./
+
+python3 file_upload_tools.py ${PULP3_REPO_NAME} ${PULP3_DIST_NAME} *.tar.gz
--- a/clear_redis_cache.yml
+++ b/clear_redis_cache.yml
@@ -1,6 +0,0 @@
- hosts: blade-00
-  tasks:
-  - name: "killall certstore"
-    command: "killall certstore"
-  - name: "clear redis cache"
-    command: "redis-cli flushdb"
--- a/customize.yml
+++ b/customize.yml
@@ -0,0 +1,52 @@
+rpmdict:
+  tsgDiagnose:
+    fullname: "tsg-diagnose-test_edit_name-1.el7.x86_64.rpm"
+    name: "tsg-diagnose"
+    downpath: "/tmp/padding_for_PACK_TAR_BUILD_DIRS_PREFIX/tsg/tsg-scripts/roles/tsg-diagnose/files/rpms"
+
+dockerEnvRpm:
+  dockerCe:
+    - container-selinux-2.119.2-1.911c772.el7_8.noarch.rpm
+    - selinux-policy-targeted-3.13.1-266.el7_8.1.noarch.rpm
+    - selinux-policy-3.13.1-266.el7_8.1.noarch.rpm
+    - containerd.io-1.2.13-3.2.el7.x86_64.rpm
+    - policycoreutils-python-2.5-34.el7.x86_64.rpm
+    - policycoreutils-2.5-34.el7.x86_64.rpm
+    - libselinux-utils-2.5-15.el7.x86_64.rpm
+    - libselinux-python-2.5-15.el7.x86_64.rpm
+    - libseccomp-2.3.1-4.el7.x86_64.rpm
+    - iptables-1.4.21-34.el7.x86_64.rpm
+    - libcgroup-0.41-21.el7.x86_64.rpm
+    - audit-libs-python-2.8.5-4.el7.x86_64.rpm
+    - setools-libs-3.3.8-4.el7.x86_64.rpm
+    - libsemanage-python-2.5-14.el7.x86_64.rpm
+    - checkpolicy-2.5-8.el7.x86_64.rpm
+    - libnetfilter_conntrack-1.0.6-1.el7_3.x86_64.rpm
+    - python-IPy-0.75-6.el7.noarch.rpm
+    - libnfnetlink-1.0.1-4.el7.x86_64.rpm
+    - libmnl-1.0.3-7.el7.x86_64.rpm
+    - docker-ce-cli-19.03.12-3.el7.x86_64.rpm
+    - docker-ce-19.03.12-3.el7.x86_64.rpm
+  dockerCompose:
+    - libtirpc-0.2.4-0.16.el7.x86_64.rpm
+    - libyaml-0.1.4-11.el7_0.x86_64.rpm
+    - python3-3.6.8-13.el7.x86_64.rpm
+    - python36-cached_property-1.5.1-2.el7.noarch.rpm
+    - python36-chardet-3.0.4-1.el7.noarch.rpm
+    - python36-docker-2.6.1-3.el7.noarch.rpm
+    - python36-dockerpty-0.4.1-18.el7.noarch.rpm
+    - python36-docker-pycreds-0.2.1-2.el7.noarch.rpm
+    - python36-docopt-0.6.2-8.el7.noarch.rpm
+    - python36-idna-2.7-2.el7.noarch.rpm
+    - python36-jsonschema-2.5.1-4.el7.noarch.rpm
+    - python36-pysocks-1.6.8-7.el7.noarch.rpm
+    - python36-PyYAML-3.13-1.el7.x86_64.rpm
+    - python36-requests-2.14.2-2.el7.noarch.rpm
+    - python36-six-1.14.0-2.el7.noarch.rpm
+    - python36-texttable-1.6.2-1.el7.noarch.rpm
+    - python36-urllib3-1.25.6-1.el7.noarch.rpm
+    - python36-websocket-client-0.47.0-2.el7.noarch.rpm
+    - python3-libs-3.6.8-13.el7.x86_64.rpm
+    - python3-pip-9.0.3-7.el7_7.noarch.rpm
+    - python3-setuptools-39.2.0-10.el7.noarch.rpm
+    - docker-compose-1.18.0-4.el7.noarch.rpm
--- a/deploy.yml
+++ b/deploy.yml
@@ -5,35 +5,40 @@

 - hosts: blade-00
  roles:
-    - tsg-env-mcn0
+#    - tsg-env-mcn0
    - mrzcpd
    - sapp
+    - tsg_master
    - kni
    - firewall
+    - http_healthcheck
+    - clotho
    - certstore
    - cert-redis
+    - telegraf_statistic
+    - tsg-diagnose

 - hosts: blade-01
  roles:
-    - tsg-env-mcn1
+#    - tsg-env-mcn1
    - mrzcpd
    - tfe

 - hosts: blade-02
  roles:
-    - tsg-env-mcn2
+#    - tsg-env-mcn2
    - mrzcpd
    - tfe

 - hosts: blade-03
  roles:
-    - tsg-env-mcn3
+#    - tsg-env-mcn3
    - mrzcpd
    - tfe

 - hosts: blade-mxn
  roles:
-    - tsg-env-mxn
+#    - tsg-env-mxn

 - hosts: pc-as-tun-mode
  roles:
@@ -42,8 +47,13 @@
    - mrzcpd
    - tsg-env-tun-mode
    - sapp
+    - tsg_master
    - kni
    - firewall
+    - http_healthcheck
+    - clotho
    - certstore
    - cert-redis
    - tfe
+    - telegraf_statistic
+    - proxy_status
--- a/install_config/group_vars/all.yml
+++ b/install_config/group_vars/all.yml
@@ -0,0 +1,90 @@
+#########################################
+#####0: Pcap; 1: Inline_device;  2: Allot;  3: ADC_Tun_mode;  4: ATCA;
+tsg_access_type: 4
+
+#####0: Tun_mode;  1: normal; 2: ADC;
+tsg_running_type: 1 
+
+########################################
+maat_redis_server:
+  address: "192.168.40.168"
+  port: 7002
+  db: 0
+
+dynamic_maat_redis_server:
+  address: "192.168.40.168"
+  port: 7002
+  db: 0
+
+cert_store_server:
+  address: "192.168.100.1"
+  port: 9991
+
+log_kafkabrokers:
+  address: "1.1.1.1:9092,2.2.2.2:9092"
+
+log_minio:
+  address: "192.168.40.168;"
+  port: 9090
+
+fs_remote:
+  switch: 1
+  address: "192.168.100.1"
+  port: 58125
+  
+########################################
+sapp:
+  worker_threads: 16
+  send_only_threads_max: 8
+  bind_mask: 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16
+  inbound_route_dir: 1
+
+########################################
+kni:
+  global:
+    log_level: 30
+    tfe_node_count: 3
+  watch_dog:
+    switch: 1
+  maat:
+    readconf_mode: 2
+  send_logger:
+    switch: 1
+  tfe_nodes:
+    tfe0_enabled: 1
+    tfe1_enabled: 1
+    tfe2_enabled: 1
+
+########################################
+tfe:
+  nr_threads: 32
+  mc_cache_eth: lo 
+  keykeeper:
+    mode: "normal"
+    no_cache: 0
+
+########################################
+mrzcpd:
+  iocore: 39
+
+mrtunnat:
+  lcore_id: 38
+
+nic_data_incoming:
+  ethname: enp1s0
+  vf0_name: enp1s2
+  vf1_name: enp1s2f1
+  vf2_name: enp1s2f2
+
+VlanFlipping:
+  vlanID_1: 100
+  vlanID_2: 101
+  vlanID_3: 103
+  vlanID_4: 104
+########################################
+server:
+  ethname: eth0
+  tun_name: eth0.100
+  internal_interface: "eth2"
+  external_interface: "eth3"
+
--- a/adc_inline_device_access/group_vars/blade-00.yml
+++ b/adc_inline_device_access/group_vars/blade-00.yml
@@ -13,3 +13,11 @@ nic_to_tfe:
        name: ens1f6
    tfe2:
        name: ens1f7
+
+AllotAccess:
+    virturlInterface_1: ens1f2.103
+    virturlInterface_2: ens1f2.104
+    virturlID_1: 103
+    virturlID_2: 104
+    vvipv4_mask: 24
+    vvipv6_mask: 64
--- a/adc_inline_device_access/group_vars/blade-01.yml
+++ b/adc_inline_device_access/group_vars/blade-01.yml
--- a/adc_inline_device_access/group_vars/blade-02.yml
+++ b/adc_inline_device_access/group_vars/blade-02.yml
--- a/adc_inline_device_access/group_vars/blade-03.yml
+++ b/adc_inline_device_access/group_vars/blade-03.yml
--- a/adc_tera_access/hosts
+++ b/adc_tera_access/hosts
@@ -2,11 +2,13 @@
 ansible_user=root
 package_source=local

+[pc-as-tun-mode]
+
 [blade-mxn]
 192.168.40.170

 [blade-00]
-192.168.40.166
+192.168.40.166 vvipv4_1= vvipv4_2= vvipv6_1= vvipv6_2=

 [blade-01]
 192.168.40.167
@@ -17,14 +19,8 @@ package_source=local
 [blade-03]
 192.168.40.169

-
 [Functional_Host:children]
 blade-00
 blade-01
 blade-02
 blade-03
-
-[Slave_Host:children]
-blade-01
-blade-02
-blade-03
--- a/pc_double_arm_access/group_vars/all.yml
+++ b/pc_double_arm_access/group_vars/all.yml
@@ -1,88 +0,0 @@
-maat_redis_server:
-  address: "192.168.40.168"
-  port: 7002
-  db: 0
-
-dynamic_maat_redis_server:
-  address: "192.168.40.168"
-  port: 7002
-  db: 0
-
-cert_store_server:
-  address: "127.0.0.1"
-  port: 9991
-
-log_kafkabrokers:
-  address: "192.168.40.169:9092"
-
-log_minio:
-  address: "192.168.40.168;"
-  port: 9090
-
-fs_remote:
-  switch: 1
-  address: "127.0.0.1"
-  port: 8125
-  
-install_dns_debug: "yes"
-install_ftp_debug: "yes"
-install_http_debug: "yes"
-install_mail_debug: "yes"
-install_ssl_debug: "yes"
-install_fw_dns_plug_debug: "yes"
-install_fw_ftp_plug_debug: "yes"
-install_fw_http_plug_debug: "yes"
-install_fw_mail_plug_debug: "yes"
-install_tsg_master: "yes"
-
-sapp:
-  worker_threads: 16
-
-kni:
-  global:
-    log_level: 30
-    tfe_node_count: 3
-  watch_dog:
-    switch: 1
-  maat:
-    readconf_mode: 2
-  send_logger:
-    switch: 1
-  tfe_nodes:
-    - tfe0:
-        enabled: 1
-    - tfe1:
-        enabled: 1
-    - tfe2:
-        enabled: 1
-tfe:
-  nr_threads: 32
-  mc_cache_eth: lo 
-  keykeeper:
-    mode: "normal"
-    no_cache: 0
-
-mrzcpd:
-  iocore: 39
-
-mrtunnat:
-  lcore_id: 38
-
-nic_mgr:
-  name: eth0
-nic_data_incoming:
-  name: tun_kni
-  address: 127.0.0.1
-nic_inner_ctrl:
-  name: eth0.100
-nic_traffic_mirror:
-  name: lo
-  use_mrzcpd: 0
-
-nic_transparent_mode:
-  enable: 1
-  mode: pcap
-  internel_interface: "eth2"
-  external_interface: "eth3"
-
-run_as_tun_mode: 1
--- a/pc_double_arm_access/hosts
+++ b/pc_double_arm_access/hosts
@@ -1,6 +0,0 @@
-[all:vars]
-ansible_user=root
-package_source=local
-
-[pc-as-tun-mode]
-192.168.40.138
--- a/pulp-install.yml
+++ b/pulp-install.yml
@@ -1,3 +0,0 @@
- hosts: blade-0*
-  roles:
-    - pulp-consumer
--- a/roles/certstore/files/certstore-base-online-20200119.tar.gz
+++ b/roles/certstore/files/certstore-base-online-20200119.tar.gz
--- a/roles/certstore/files/certstore-v20.05.0f61dde-1.el7.centos.x86_64.rpm
+++ b/roles/certstore/files/certstore-v20.05.0f61dde-1.el7.centos.x86_64.rpm
--- a/roles/certstore/files/jemalloc-3.6.0-1.el7.x86_64.rpm
+++ b/roles/certstore/files/jemalloc-3.6.0-1.el7.x86_64.rpm
--- a/roles/certstore/tasks/main.yml
+++ b/roles/certstore/tasks/main.yml
@@ -1,5 +1,4 @@
---
- name: "copy redis and dependency to destination"
+- name: "copy certstore rpm to destination"
  synchronize:
    src: "{{ role_path }}/files/"
    dest: "/tmp/ansible_deploy/"
@@ -9,18 +8,19 @@
  tags: mkdir

 - name: install certstore
-  unarchive:
-    src: "{{ role_path }}/files/certstore-base-online-20200119.tar.gz"
-    dest: /home/tsg
+  yum:
+    name:
+      - /tmp/ansible_deploy/certstore-v20.05.0f61dde-1.el7.centos.x86_64.rpm
+    state: present

 - name: template certstore configure file
  template:
    src: "{{ role_path }}/templates/cert_store.ini.j2"
-    dest: /home/tsg/certstore-base/conf/cert_store.ini
+    dest: /home/tsg/certstore/conf/cert_store.ini

- name: bootup certstore
-  blockinfile:
-    marker: "## {mark} bootstrap certstore"
-    path: /etc/rc.d/rc.local
-    block: |
-      cd /home/tsg/certstore-base; ./r2_certstore
+- name: "start certstore"
+  systemd:
+    name: certstore.service
+    state: started
+    enabled: yes
+    daemon_reload: yes
--- a/roles/certstore/templates/cert_store.ini.j2
+++ b/roles/certstore/templates/cert_store.ini.j2
@@ -2,7 +2,7 @@
 #1:print on screen, 0:don't
 DEBUG_SWITCH = 1
 #10:DEBUG, 20:INFO, 30:FATAL
-RUN_LOG_LEVEL = 30
+RUN_LOG_LEVEL = 10
 RUN_LOG_PATH = ./logs
 [CONFIG]
 #Number of running threads
@@ -15,7 +15,7 @@ expire_after = 30
 local_debug = 1
 ca_path = ./cert/tango-ca-v3-trust-ca.pem
 untrusted_ca_path = ./cert/mesalab-ca-untrust.pem
-[NTC_MAAT]
+[MAAT]
 #Configure the load mode,
 #0: using the configuration distribution network
 #1: using local json
@@ -42,4 +42,7 @@ port = 6379
 #Maat monitors the Redsi server IP address and port number
 ip = {{ maat_redis_server.address }}
 port = {{ maat_redis_server.port }}
-dbindex =  {{ maat_redis_server.db }}
+dbindex =  {{ maat_redis_server.db }}
+[stat]
+statsd_server=192.168.100.1
+statsd_port=8126
--- a/roles/clotho/files/clotho-debug-1.0.0.-1.el7.x86_64.rpm
+++ b/roles/clotho/files/clotho-debug-1.0.0.-1.el7.x86_64.rpm
--- a/roles/clotho/files/clotho.service
+++ b/roles/clotho/files/clotho.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=clotho
+After=network.target
+After=network-online.target
+Wants=network-online.target
+
+[Service]
+ExecStart=/home/mesasoft/clotho/clotho
+ExecStop=killall clotho
+Type=forking
+
+[Install]
+WantedBy=multi-user.target
--- a/roles/clotho/tasks/main.yml
+++ b/roles/clotho/tasks/main.yml
@@ -0,0 +1,29 @@
+- name: "copy clotho rpm to destination server"
+  copy:
+    src: "{{ role_path }}/files/clotho-debug-1.0.0.-1.el7.x86_64.rpm"
+    dest: /tmp/ansible_deploy/
+
+- name: "copy  clotho.service to destination server"
+  copy:
+    src: "{{ role_path }}/files/clotho.service"
+    dest: /usr/lib/systemd/system
+    mode: 0755
+
+- name: "install clotho rpm from localhost"
+  yum:
+    name:
+      - /tmp/ansible_deploy/clotho-debug-1.0.0.-1.el7.x86_64.rpm
+    state: present
+
+- name: "Template the clotho.conf"
+  template:
+    src: "{{ role_path }}/templates/clotho.conf.j2"
+    dest: /home/mesasoft/clotho/conf/clotho.conf 
+  tags: template
+ 
+- name: "start clotho"
+  systemd:
+    name: clotho.service
+    enabled: yes
+    daemon_reload: yes
+
--- a/roles/clotho/templates/clotho.conf.j2
+++ b/roles/clotho/templates/clotho.conf.j2
@@ -0,0 +1,11 @@
+[KAFKA]
+BROKER_LIST={{ log_kafkabrokers.address }}
+
+[SYSTEM]
+{% if tsg_running_type == 0 or 1 %}
+NIC_NAME={{ server.ethname }}
+{% else %}
+NIC_NAME={{ nic_mgr.name }}
+{% endif %}
+LOG_LEVEL=10
+LOG_PATH=log/clotho
--- a/roles/firewall/files/capture_packet_plug-debug-1.0.0.-1.el7.x86_64.rpm
+++ b/roles/firewall/files/capture_packet_plug-debug-1.0.0.-1.el7.x86_64.rpm
--- a/roles/firewall/files/clotho-debug-1.0.0.-1.el7.x86_64.rpm
+++ b/roles/firewall/files/clotho-debug-1.0.0.-1.el7.x86_64.rpm
--- a/roles/firewall/files/dns-2.0.2.5effe72-2.el7.x86_64.rpm
+++ b/roles/firewall/files/dns-2.0.2.5effe72-2.el7.x86_64.rpm
--- a/roles/firewall/files/dns-debug-1.0.0.-1.el7.x86_64.rpm
+++ b/roles/firewall/files/dns-debug-1.0.0.-1.el7.x86_64.rpm
--- a/roles/firewall/files/ftp-1.0.4.5d3a283-2.el7.x86_64.rpm
+++ b/roles/firewall/files/ftp-1.0.4.5d3a283-2.el7.x86_64.rpm
--- a/roles/firewall/files/ftp-debug-1.0.0.-1.el7.x86_64.rpm
+++ b/roles/firewall/files/ftp-debug-1.0.0.-1.el7.x86_64.rpm
--- a/roles/firewall/files/fw_dns_plug-debug-1.0.2.1c9d36d-1.el7.centos.x86_64.rpm
+++ b/roles/firewall/files/fw_dns_plug-debug-1.0.2.1c9d36d-1.el7.centos.x86_64.rpm
--- a/roles/firewall/files/fw_dns_plug-debug-1.0.3.ea8e0f6-1.el7.centos.x86_64.rpm
+++ b/roles/firewall/files/fw_dns_plug-debug-1.0.3.ea8e0f6-1.el7.centos.x86_64.rpm
--- a/roles/firewall/files/fw_ftp_plug-1.1.0.74c9a05-2.el7.x86_64.rpm
+++ b/roles/firewall/files/fw_ftp_plug-1.1.0.74c9a05-2.el7.x86_64.rpm
--- a/roles/firewall/files/fw_ftp_plug-debug-1.0.0.bd656e4-1.el7.centos.x86_64.rpm
+++ b/roles/firewall/files/fw_ftp_plug-debug-1.0.0.bd656e4-1.el7.centos.x86_64.rpm
--- a/roles/firewall/files/fw_http_plug-1.2.0.a7e63c0-2.el7.x86_64.rpm
+++ b/roles/firewall/files/fw_http_plug-1.2.0.a7e63c0-2.el7.x86_64.rpm
--- a/roles/firewall/files/fw_http_plug-debug-1.0.3.3c95e78-1.el7.centos.x86_64.rpm
+++ b/roles/firewall/files/fw_http_plug-debug-1.0.3.3c95e78-1.el7.centos.x86_64.rpm
--- a/roles/firewall/files/fw_mail_plug-1.1.0.a42c5a0-2.el7.x86_64.rpm
+++ b/roles/firewall/files/fw_mail_plug-1.1.0.a42c5a0-2.el7.x86_64.rpm
--- a/roles/firewall/files/fw_mail_plug-debug-1.0.1.8792ed8-1.el7.centos.x86_64.rpm
+++ b/roles/firewall/files/fw_mail_plug-debug-1.0.1.8792ed8-1.el7.centos.x86_64.rpm
--- a/roles/firewall/files/fw_quic_plug-1.0.1.e8cded4-2.el7.x86_64.rpm
+++ b/roles/firewall/files/fw_quic_plug-1.0.1.e8cded4-2.el7.x86_64.rpm
--- a/roles/firewall/files/fw_ssl_plug-1.0.3.30fcf35-2.el7.x86_64.rpm
+++ b/roles/firewall/files/fw_ssl_plug-1.0.3.30fcf35-2.el7.x86_64.rpm
--- a/roles/firewall/files/http-2.0.1.e8f12ee-2.el7.x86_64.rpm
+++ b/roles/firewall/files/http-2.0.1.e8f12ee-2.el7.x86_64.rpm
--- a/roles/firewall/files/http-debug-1.0.0.-1.el7.x86_64.rpm
+++ b/roles/firewall/files/http-debug-1.0.0.-1.el7.x86_64.rpm
--- a/roles/firewall/files/mail-1.0.3.cbc6034-2.el7.x86_64.rpm
+++ b/roles/firewall/files/mail-1.0.3.cbc6034-2.el7.x86_64.rpm
--- a/roles/firewall/files/mail-debug-1.0.0.-1.el7.x86_64.rpm
+++ b/roles/firewall/files/mail-debug-1.0.0.-1.el7.x86_64.rpm
--- a/roles/firewall/files/quic-1.1.4.9c2e0ba-2.el7.x86_64.rpm
+++ b/roles/firewall/files/quic-1.1.4.9c2e0ba-2.el7.x86_64.rpm
--- a/roles/firewall/files/ssl-1.0.0.73e5273-2.el7.x86_64.rpm
+++ b/roles/firewall/files/ssl-1.0.0.73e5273-2.el7.x86_64.rpm
--- a/roles/firewall/files/ssl-debug-1.0.0.-1.el7.x86_64.rpm
+++ b/roles/firewall/files/ssl-debug-1.0.0.-1.el7.x86_64.rpm
--- a/roles/firewall/files/tsg_conn_record-1.0.0.2155660-1.el7.centos.x86_64.rpm
+++ b/roles/firewall/files/tsg_conn_record-1.0.0.2155660-1.el7.centos.x86_64.rpm
--- a/roles/firewall/files/tsg_master-debug-1.0.1.f624b67-1.el7.centos.x86_64.rpm
+++ b/roles/firewall/files/tsg_master-debug-1.0.1.f624b67-1.el7.centos.x86_64.rpm
--- a/roles/firewall/tasks/main.yml
+++ b/roles/firewall/tasks/main.yml
@@ -4,86 +4,44 @@
    src: "{{ role_path }}/files/"
    dest: /tmp/ansible_deploy/

- name: "install dns-debug rpms from localhost"
+- name: "install firewall packages"
  yum:
-    name:
-      - /tmp/ansible_deploy/dns-debug-1.0.0.-1.el7.x86_64.rpm
+    name: "{{ fw_packages }}"
    state: present
-  when: install_dns_debug == "yes"
+    skip_broken: yes
+  vars:
+    fw_packages:
+      - /tmp/ansible_deploy/dns-2.0.2.5effe72-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/ftp-1.0.4.5d3a283-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/http-2.0.1.e8f12ee-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/mail-1.0.3.cbc6034-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/ssl-1.0.0.73e5273-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/tsg_conn_record-1.0.0.2155660-1.el7.centos.x86_64.rpm
+      - /tmp/ansible_deploy/fw_dns_plug-debug-1.0.3.ea8e0f6-1.el7.centos.x86_64.rpm
+      - /tmp/ansible_deploy/fw_ftp_plug-1.1.0.74c9a05-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/fw_ssl_plug-1.0.3.30fcf35-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/fw_mail_plug-1.1.0.a42c5a0-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/fw_http_plug-1.2.0.a7e63c0-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/capture_packet_plug-debug-1.0.0.-1.el7.x86_64.rpm
+      - /tmp/ansible_deploy/clotho-debug-1.0.0.-1.el7.x86_64.rpm
+      - /tmp/ansible_deploy/quic-1.1.4.9c2e0ba-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/fw_quic_plug-1.0.1.e8cded4-2.el7.x86_64.rpm

- name: "install ftp-debug rpms from localhost"
-  yum:
-    name:
-      - /tmp/ansible_deploy/ftp-debug-1.0.0.-1.el7.x86_64.rpm
-    state: present
-  when: install_ftp_debug == "yes"
-
- name: "install http-debug rpms from localhost"
-  yum:
-    name:
-      - /tmp/ansible_deploy/http-debug-1.0.0.-1.el7.x86_64.rpm
-    state: present
-  when: install_http_debug == "yes"
- 
- name: "install mail-debug rpms from localhost"
-  yum:
-    name:
-      - /tmp/ansible_deploy/mail-debug-1.0.0.-1.el7.x86_64.rpm
-    state: present
-  when: install_mail_debug == "yes"
-
- name: "install ssl-debug rpms from localhost"
-  yum:
-    name:   
-      - /tmp/ansible_deploy/ssl-debug-1.0.0.-1.el7.x86_64.rpm
-    state: present
-  when: install_ssl_debug == "yes"
-
- name: "install fw_dns_plug-debug rpms from localhost"
-  yum:
-    name:
-      - /tmp/ansible_deploy/fw_dns_plug-debug-1.0.2.1c9d36d-1.el7.centos.x86_64.rpm
-    state: present
-  when: install_fw_dns_plug_debug == "yes" 
- 
- name: "install fw_ftp_plug-debug rpms from localhost"
-  yum:
-    name:
-      - /tmp/ansible_deploy/fw_ftp_plug-debug-1.0.0.bd656e4-1.el7.centos.x86_64.rpm
-    state: present
-  when: install_fw_ftp_plug_debug == "yes"
-  
- name: "install fw_http_plug-debug rpms from localhost"
-  yum:
-    name:
-      - /tmp/ansible_deploy/fw_http_plug-debug-1.0.3.3c95e78-1.el7.centos.x86_64.rpm
-    state: present
-  when: install_fw_http_plug_debug == "yes" 
- 
- name: "install fw_mail_plug-debug rpms from localhost"
-  yum:
-    name:
-      - /tmp/ansible_deploy/fw_mail_plug-debug-1.0.1.8792ed8-1.el7.centos.x86_64.rpm
-    state: present
-  when: install_fw_mail_plug_debug == "yes"
-
- name: "install tsg-master rpms from localhost"
-  yum:
-    name:
-      - /tmp/ansible_deploy/tsg_master-debug-1.0.1.f624b67-1.el7.centos.x86_64.rpm
-    state: present
-  when: install_tsg_master == "yes" 
-
- name: Template the tsgconf/main.conf
+- name: "Template the tsgconf/main.conf"
  template:
    src: "{{ role_path }}/templates/main.conf.j2"
    dest: /home/mesasoft/sapp_run/tsgconf/main.conf
  tags: template


- name: Template the tsgconf/maat.conf
+- name: "Template the tsgconf/maat.conf"
  template:
    src: "{{ role_path }}/templates/maat.conf.j2"
    dest: /home/mesasoft/sapp_run/tsgconf/maat.conf
  tags: template

+- name: "Template the conf/capture_packet_plug.conf.j2"
+  template:
+    src: "{{ role_path }}/templates/capture_packet_plug.conf.j2"
+    dest: /home/mesasoft/sapp_run/conf/capture_packet_plug.conf
+  tags: template
--- a/roles/firewall/templates/capture_packet_plug.conf.j2
+++ b/roles/firewall/templates/capture_packet_plug.conf.j2
@@ -0,0 +1,29 @@
+[MAAT]
+MAAT_MODE=2
+#EFFECTIVE_FLAG=
+STAT_SWITCH=1
+PERF_SWITCH=1
+TABLE_INFO=conf/capture_packet_tableinfo.conf
+STAT_FILE=capture_packet_maat.status
+EFFECT_INTERVAL_S=1
+REDIS_IP={{ maat_redis_server.address }}
+REDIS_PORT_NUM=1
+REDIS_PORT={{ maat_redis_server.port }}
+REDIS_INDEX=0
+JSON_CFG_FILE=conf/capture_packet_maat.json
+INC_CFG_DIR=capture_packet_rule/inc/index/
+FULL_CFG_DIR=capture_packet_rule/full/index/
+
+[LOG]
+{% if tsg_running_type == 0 or 1 %}
+NIC_NAME={{ server.ethname }}
+{% else %}
+NIC_NAME={{ nic_mgr.name }}
+{% endif %}
+BROKER_LIST={{ log_kafkabrokers.address }}
+FIELD_FILE=conf/capture_packet_log_field.conf
+
+[SYSTEM]
+LOG_LEVEL=10
+LOG_PATH=./tsglog/capture_packet_plug/capture_packet
+
--- a/roles/firewall/templates/maat.conf.j2
+++ b/roles/firewall/templates/maat.conf.j2
@@ -1,4 +1,5 @@
 [STATIC]
+###0:location 1:json 2:redis
 MAAT_MODE=2
 STAT_SWITCH=1
 PERF_SWITCH=1
@@ -14,6 +15,7 @@ INC_CFG_DIR=tsgrule/inc/index/
 FULL_CFG_DIR=tsgrule/full/index/

 [DYNAMIC]
+###0:location 1:json 2:redis
 MAAT_MODE=2
 STAT_SWITCH=1
 PERF_SWITCH=1
--- a/roles/firewall/templates/main.conf.j2
+++ b/roles/firewall/templates/main.conf.j2
@@ -2,25 +2,33 @@
 LOG_PATH=./tsglog/fw_ftp_plug/fw_ftp_plug
 LOG_LEVEL=10
 TIMEOUT=600
+
 [MAIL_PLUG]
 LOG_PATH=./tsglog/fw_mail_plug/fw_mail_plug
 LOG_LEVEL=10
 TIMEOUT=600
+
 [HTTP_PLUG]
 LOG_PATH=./tsglog/fw_http_plug/fw_http_plug
 LOG_LEVEL=10
+
 [DNS_PLUG]
 LOG_PATH=./tsglog/fw_dns_plug/fw_dns_plug
 LOG_LEVEL=10
+
 [MAAT]
 PROFILE=./tsgconf/maat.conf
-IP_ADDR_TABLE=TSG_OBJ_IP_ADDR
 SUBSCRIBER_ID_TABLE=TSG_OBJ_SUBSCRIBER_ID
 CB_SUBSCRIBER_IP_TABLE=TSG_DYN_SUBSCRIBER_IP
+IP_ADDR_TABLE=TSG_SECURITY_ADDR

 [TSG_LOG]
 MODE=1
+{% if tsg_running_type == 0 or 1 %}
+NIC_NAME={{ server.ethname }}
+{% else %}
 NIC_NAME={{ nic_mgr.name }}
+{% endif %}
 MAX_SERVICE=1
 LOG_LEVEL=10
 LOG_PATH=./tsglog/tsglog
@@ -28,7 +36,7 @@ BROKER_LIST={{ log_kafkabrokers.address }}
 COMMON_FIELD_FILE=tsgconf/tsg_log_field.conf

 [STATISTIC]
-CYCLE=0
+CYCLE=1
 TELEGRAF_PORT=8100
 TELEGRAF_IP=127.0.0.1
 OUTPUT_PATH=./tsg_statistic.log
--- a/roles/framework/files/framework/framework.conf
+++ b/roles/framework/files/framework/framework.conf
--- a/roles/framework/files/framework/framework-2.0.11.aad8b7e-1.el7.centos.x86_64.rpm
+++ b/roles/framework/files/framework/framework-2.0.11.aad8b7e-1.el7.centos.x86_64.rpm
--- a/roles/framework/files/kernel/kernel-ml-5.1.8-1.el7.elrepo.x86_64.rpm
+++ b/roles/framework/files/kernel/kernel-ml-5.1.8-1.el7.elrepo.x86_64.rpm
--- a/roles/framework/files/kernel/kernel-ml-devel-5.1.8-1.el7.elrepo.x86_64.rpm
+++ b/roles/framework/files/kernel/kernel-ml-devel-5.1.8-1.el7.elrepo.x86_64.rpm
--- a/roles/framework/files/libMESA_field_stat-1.0.1.852c2df-1.el7.x86_64.rpm
+++ b/roles/framework/files/libMESA_field_stat-1.0.1.852c2df-1.el7.x86_64.rpm
--- a/roles/framework/files/libMESA_field_stat2-2.9.0.16ecf3b-2.el7.x86_64.rpm
+++ b/roles/framework/files/libMESA_field_stat2-2.9.0.16ecf3b-2.el7.x86_64.rpm
--- a/roles/framework/files/libMESA_handle_logger-1.0.9.304259e-2.el7.x86_64.rpm
+++ b/roles/framework/files/libMESA_handle_logger-1.0.9.304259e-2.el7.x86_64.rpm
--- a/roles/framework/files/libMESA_htable-3.10.11.6275308-1.el7.x86_64.rpm
+++ b/roles/framework/files/libMESA_htable-3.10.11.6275308-1.el7.x86_64.rpm
--- a/roles/framework/files/libMESA_prof_load-1.0.5.bf755de-1.el7.x86_64.rpm
+++ b/roles/framework/files/libMESA_prof_load-1.0.5.bf755de-1.el7.x86_64.rpm
--- a/roles/framework/files/libWiredLB-2.0.3.c7d131b-1.el7.x86_64.rpm
+++ b/roles/framework/files/libWiredLB-2.0.3.c7d131b-1.el7.x86_64.rpm
--- a/roles/framework/files/libcjson-1.7.8.542ad7f-1.el7.x86_64.rpm
+++ b/roles/framework/files/libcjson-1.7.8.542ad7f-1.el7.x86_64.rpm
--- a/roles/framework/files/libdocumentanalyze-2.0.4.efdfc29-1.el7.x86_64.rpm
+++ b/roles/framework/files/libdocumentanalyze-2.0.4.efdfc29-1.el7.x86_64.rpm
--- a/roles/framework/files/libmaatframe-2.9.2.7519c63-2.el7.x86_64.rpm
+++ b/roles/framework/files/libmaatframe-2.9.2.7519c63-2.el7.x86_64.rpm
--- a/roles/framework/files/librdkafka-0.11.4-1.el7.x86_64.rpm
+++ b/roles/framework/files/librdkafka-0.11.4-1.el7.x86_64.rpm
--- a/roles/framework/files/librulescan-2.2.0.900d2b3-2.el7.x86_64.rpm
+++ b/roles/framework/files/librulescan-2.2.0.900d2b3-2.el7.x86_64.rpm
--- a/roles/framework/files/libwiredcfg-2.0.2.7ce1eea-1.el7.x86_64.rpm
+++ b/roles/framework/files/libwiredcfg-2.0.2.7ce1eea-1.el7.x86_64.rpm
--- a/roles/framework/files/lz4-1.7.5-3.el7.x86_64.rpm
+++ b/roles/framework/files/lz4-1.7.5-3.el7.x86_64.rpm
--- a/roles/framework/files/maat/lib/libmaatframe.so.2.8
+++ b/roles/framework/files/maat/lib/libmaatframe.so.2.8
--- a/roles/framework/files/rulescan/librulescan.so
+++ b/roles/framework/files/rulescan/librulescan.so
--- a/roles/framework/tasks/main.yml
+++ b/roles/framework/tasks/main.yml
@@ -1,4 +1,3 @@
---
 - name: "copy framework rpms to destination server"
  synchronize:
    src: "{{ role_path }}/files/"
@@ -8,37 +7,32 @@
  yum:
    name: "{{ packages }}"
    state: present
+    skip_broken: yes
  vars:
    packages:
-      - /tmp/ansible_deploy/dkms/dkms-2.7.1-1.el7.noarch.rpm
-      - /tmp/ansible_deploy/framework/framework-2.0.11.aad8b7e-1.el7.centos.x86_64.rpm
+      - /tmp/ansible_deploy/libMESA_field_stat-1.0.1.852c2df-1.el7.x86_64.rpm
+      - /tmp/ansible_deploy/libMESA_field_stat2-2.9.0.16ecf3b-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/libMESA_handle_logger-1.0.9.304259e-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/libMESA_htable-3.10.11.6275308-1.el7.x86_64.rpm
+      - /tmp/ansible_deploy/libMESA_prof_load-1.0.5.bf755de-1.el7.x86_64.rpm
+      - /tmp/ansible_deploy/libWiredLB-2.0.3.c7d131b-1.el7.x86_64.rpm
+      - /tmp/ansible_deploy/libcjson-1.7.8.542ad7f-1.el7.x86_64.rpm
+      - /tmp/ansible_deploy/libdocumentanalyze-2.0.4.efdfc29-1.el7.x86_64.rpm
+      - /tmp/ansible_deploy/libmaatframe-2.9.2.7519c63-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/librulescan-2.2.0.900d2b3-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/libwiredcfg-2.0.2.7ce1eea-1.el7.x86_64.rpm
+      - /tmp/ansible_deploy/lz4-1.7.5-3.el7.x86_64.rpm
+      - /tmp/ansible_deploy/librdkafka-0.11.4-1.el7.x86_64.rpm

- name: "install framework ld.conf"
-  synchronize:
-    src: "{{ role_path }}/files/framework/framework.conf"
-    dest: /etc/ld.so.conf.d/framework.conf
-
- name: "install/update rulescan library"
-  synchronize:
-    src: "{{ role_path }}/files/rulescan/librulescan.so"
-    dest: /opt/MESA/lib/librulescan.so
-
- name: "install/update maat library files"
-  synchronize:
-    src: "{{ role_path }}/files/maat/lib/"
-    dest: /opt/MESA/lib/
-
- name: "create maat library symbol links - A"
+- name: "mkdir /etc/ld.so.conf.d/"
  file:
-    src: "libmaatframe.so.2.8"
-    path: /opt/MESA/lib/libmaatframe.so.2
-    state: link
+    path: /etc/ld.so.conf.d/
+    state: directory

- name: "create maat library symbol links - B"
-  file:
-    src: "libmaatframe.so.2"
-    path: /opt/MESA/lib/libmaatframe.so
-    state: link
+- name: "copy framework.conf to destination server"
+  copy:
+    src: "{{ role_path }}/files/framework.conf"
+    dest: /etc/ld.so.conf.d/

 - name: "update ld"
  command: ldconfig
--- a/roles/http_healthcheck/files/http_healthcheck-20.04-1.el7.x86_64.rpm
+++ b/roles/http_healthcheck/files/http_healthcheck-20.04-1.el7.x86_64.rpm
--- a/roles/http_healthcheck/tasks/main.yml
+++ b/roles/http_healthcheck/tasks/main.yml
@@ -0,0 +1,10 @@
+- name: "copy http_healthcheck rpm to destination server"
+  copy:
+    src: "{{ role_path }}/files/"
+    dest: /tmp/ansible_deploy/
+
+- name: "install http_healthcheck from localhost"
+  yum:
+    name:
+      - /tmp/ansible_deploy/http_healthcheck-20.04-1.el7.x86_64.rpm
+    state: present
--- a/roles/framework/files/dkms/dkms-2.7.1-1.el7.noarch.rpm
+++ b/roles/framework/files/dkms/dkms-2.7.1-1.el7.noarch.rpm
--- a/roles/kernel-ml/files/grub
+++ b/roles/kernel-ml/files/grub
@@ -0,0 +1,8 @@
+GRUB_TIMEOUT=5
+GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)"
+GRUB_DEFAULT=saved
+GRUB_DISABLE_SUBMENU=true
+GRUB_TERMINAL="serial console"
+GRUB_SERIAL_COMMAND="serial --speed=115200"
+GRUB_CMDLINE_LINUX="crashkernel=auto console=ttyS0,115200 intel_iommu=on iommu=pt pci=realloc,assign-busses"
+GRUB_DISABLE_RECOVERY="true"
--- a/roles/kernel-ml/tasks/main.yml
+++ b/roles/kernel-ml/tasks/main.yml
@@ -9,6 +9,7 @@
    name:
      - /tmp/ansible_deploy/kernel/kernel-ml-5.1.8-1.el7.elrepo.x86_64.rpm
      - /tmp/ansible_deploy/kernel/kernel-ml-devel-5.1.8-1.el7.elrepo.x86_64.rpm
+      - /tmp/ansible_deploy/dkms-2.7.1-1.el7.noarch.rpm
    state: present
  register: t_kernel_ml

@@ -16,6 +17,20 @@
  command: /usr/sbin/grub2-set-default 0
  when: t_kernel_ml.changed

+- name: "copy /etc/default/grub"
+  copy:
+    src: "{{ role_path }}/files/grub"
+    dest: "/etc/default"
+  when: 
+    - tsg_access_type == 4
+    - t_kernel_ml.changed
+
+- name: "grub2-mkconfig"
+  shell: grub2-mkconfig -o /boot/grub2/grub.cfg
+  when:
+    - tsg_access_type == 4
+    - t_kernel_ml.changed
+
 - name: "reboot"
  reboot:
  when: t_kernel_ml.changed
--- a/roles/kni/files/kni-20.06-1.el7.x86_64.rpm
+++ b/roles/kni/files/kni-20.06-1.el7.x86_64.rpm
--- a/roles/kni/files/kni-3.0.2.57bfa41-1.el7.x86_64.rpm
+++ b/roles/kni/files/kni-3.0.2.57bfa41-1.el7.x86_64.rpm
--- a/roles/kni/files/kni-debug-3.0.1.f81dd69-1.el7.x86_64.rpm
+++ b/roles/kni/files/kni-debug-3.0.1.f81dd69-1.el7.x86_64.rpm
--- a/roles/kni/files/kni-debug-debuginfo-3.0.1.f81dd69-1.el7.x86_64.rpm
+++ b/roles/kni/files/kni-debug-debuginfo-3.0.1.f81dd69-1.el7.x86_64.rpm
--- a/roles/kni/files/kni-debuginfo-3.0.2.57bfa41-1.el7.x86_64.rpm
+++ b/roles/kni/files/kni-debuginfo-3.0.2.57bfa41-1.el7.x86_64.rpm
--- a/roles/kni/tasks/main.yml
+++ b/roles/kni/tasks/main.yml
@@ -7,7 +7,7 @@
 - name: "install kni rpms from localhost"
  yum:
    name:
-      - /tmp/ansible_deploy/kni-3.0.2.57bfa41-1.el7.x86_64.rpm
+      - /tmp/ansible_deploy/kni-20.06-1.el7.x86_64.rpm
    state: present

 - name: Template the kni.conf
--- a/roles/kni/templates/kni.conf.j2
+++ b/roles/kni/templates/kni.conf.j2
@@ -2,8 +2,12 @@
 log_path = ./log/kni/kni.log
 log_level = {{ kni.global.log_level }}
 tfe_node_count = {{ kni.global.tfe_node_count }}
+{% if tsg_running_type == 0 or 1 %}
+manage_eth = {{ server.ethname }}
+{% else %}
 manage_eth = {{ nic_mgr.name }}
-{% if run_as_tun_mode %}
+{% endif %}
+{% if tsg_running_type == 0 %}
 deploy_mode = tun
 {% else %}
 deploy_mode = normal
@@ -11,31 +15,43 @@ deploy_mode = normal
 tun_name = tun_kni
 src_mac_addr = 00:0e:c6:d6:72:c1
 dst_mac_addr = fe:65:b7:03:50:bd
-{% if run_as_tun_mode %}
-{% else %}
+{% if tsg_access_type == 4 %}
 [tfe0]
 enabled = 1
+dev_eth_symbol = {{ nic_data_incoming.vf1_name }}
+ip_addr = 192.168.100.1
+{% elif tsg_running_type == 2 %}
+[tfe0]
+enabled = {{ kni.tfe_nodes.tfe0_enabled }}
 dev_eth_symbol = {{ nic_to_tfe.tfe0.name }}
 ip_addr = 192.168.100.2

 [tfe1]
-enabled = 1
+enabled = {{ kni.tfe_nodes.tfe1_enabled }}
 dev_eth_symbol = {{ nic_to_tfe.tfe1.name }}
 ip_addr = 192.168.100.3

 [tfe2]
-enabled = 1
+enabled = {{ kni.tfe_nodes.tfe2_enabled }}
 dev_eth_symbol = {{ nic_to_tfe.tfe2.name }}
 ip_addr = 192.168.100.4
 {% endif %}

 [tfe_cmsg_receiver]
+{% if tsg_running_type == 0 or 1%}
+listen_eth = {{ server.tun_name }}
+{% else %}
 listen_eth = {{ nic_inner_ctrl.name }}
+{% endif %}
 listen_port = 2475

 [watch_dog]
 switch = {{ kni.watch_dog.switch }}
+{% if tsg_running_type == 0 or 1 %}
+listen_eth = {{ server.tun_name }}
+{% else %}
 listen_eth = {{ nic_inner_ctrl.name }}
+{% endif %}
 listen_port = 2476
 keepalive_idle = 2
 keepalive_intvl = 1
--- a/roles/mrzcpd/files/mrzcpd-4.3.14.79e262c-1.el7.x86_64.rpm
+++ b/roles/mrzcpd/files/mrzcpd-4.3.14.79e262c-1.el7.x86_64.rpm
--- a/roles/mrzcpd/files/mrzcpd-4.3.21.26314ca-1.el7.x86_64.rpm
+++ b/roles/mrzcpd/files/mrzcpd-4.3.21.26314ca-1.el7.x86_64.rpm
--- a/roles/mrzcpd/tasks/main.yml
+++ b/roles/mrzcpd/tasks/main.yml
@@ -6,7 +6,7 @@

 - name: "install mrzcpd"
  yum:
-    name: /tmp/ansible_deploy/mrzcpd-4.3.15.7b8ad9e-1.el7.x86_64.rpm
+    name: /tmp/ansible_deploy/mrzcpd-4.3.21.26314ca-1.el7.x86_64.rpm
    state: present

 - name: "update sysconfig/mrzcpd"
@@ -20,55 +20,107 @@
    dest: /opt/mrzcpd/etc/mrglobal.conf
  when: nic_traffic_mirror is defined

- name: "update mrglobal.conf - master blade"
+
+- name: "update mrglobal.conf.tun_mode - tun_server"
+  template:
+    src: "{{ role_path }}/templates/mrglobal.conf.tun_mode.j2"
+    dest: /opt/mrzcpd/etc/mrglobal.conf
+  when: 
+    - tsg_access_type == 0
+
+- name: "update mrglobal.conf.inline - blade00"
  template:
    src: "{{ role_path }}/templates/mrglobal.conf.inline.j2"
    dest: /opt/mrzcpd/etc/mrglobal.conf
-  when: nic_traffic_mirror is not defined
+  when: 
+    - nic_traffic_mirror is not defined
+    - tsg_access_type == 1

- name: "update mrtunnat.conf - master blade"
+- name: "update mrglobal.conf.allot - blade00"
+  template:
+    src: "{{ role_path }}/templates/mrglobal.conf.allot_access.j2"
+    dest: /opt/mrzcpd/etc/mrglobal.conf
+  when: 
+    - nic_traffic_mirror is not defined
+    - tsg_access_type == 2
+
+- name: "update mrglobal.conf.allot - blade00"
+  template:
+    src: "{{ role_path }}/templates/mrglobal.conf.adc_tun_mode.j2"
+    dest: /opt/mrzcpd/etc/mrglobal.conf
+  when: 
+    - nic_traffic_mirror is not defined
+    - tsg_access_type == 3
+
+
+- name: "update mrglobal.conf.ATCA_40G - blade00"
+  template:
+    src: "{{ role_path }}/templates/mrglobal.conf.ATCA_40G.j2"
+    dest: /opt/mrzcpd/etc/mrglobal.conf
+  when: 
+    - nic_traffic_mirror is not defined
+    - tsg_access_type == 4   
+
+- name: "update mrtunnat.conf.inline - blade00"
  template:
    src: "{{ role_path }}/templates/mrtunnat.conf.inline.j2"
    dest: /opt/mrzcpd/etc/mrtunnat.conf
-  when: nic_traffic_mirror is not defined
+  when: 
+    - nic_traffic_mirror is not defined
+    - tsg_access_type == 1
+
+- name: "update mrtunnat.conf.allot_access - blade00"
+  template:
+    src: "{{ role_path }}/templates/mrtunnat.conf.allot_access.j2"
+    dest: /opt/mrzcpd/etc/mrtunnat.conf
+  when: 
+    - nic_traffic_mirror is not defined
+    - tsg_access_type == 2
+
+- name: "update mrtunnat.conf.allot_access - blade00"
+  template:
+    src: "{{ role_path }}/templates/mrtunnat.conf.adc_tun_mode.j2"
+    dest: /opt/mrzcpd/etc/mrtunnat.conf
+  when: 
+    - nic_traffic_mirror is not defined
+    - tsg_access_type == 3
+
+- name: "update mrtunnat.conf.ATCA_40G - blade00"
+  template:
+    src: "{{ role_path }}/templates/mrtunnat.conf.ATCA_40G.j2"
+    dest: /opt/mrzcpd/etc/mrtunnat.conf
+  when: 
+    - nic_traffic_mirror is not defined
+    - tsg_access_type == 4

 - name: "enable mrenv"
  systemd:
    name: mrenv
    enabled: yes
    daemon_reload: yes
-
-#- name: "mask mrenv"
-#  systemd:
-#    name: mrenv
-#    masked: yes
-#    daemon_reload: yes
-#  when: nic_traffic_mirror.use_mrzcpd == 0
+  when: 
+    - tsg_access_type != 0

 - name: "enable mrzcpd"
  systemd:
    name: mrzcpd
-    enabled: 1
+    enabled: yes
    daemon_reload: yes
+  when: 
+    - tsg_access_type != 0

 - name: "enable mrtunnat on master"
  systemd:
    name: mrtunnat
-    enabled: 1
+    enabled: yes
    daemon_reload: yes
-  when: nic_traffic_mirror is not defined
+  when: 
+    - nic_traffic_mirror is not defined
+    - tsg_access_type != 0

 - name: "disable mrtunnat on slave"
  systemd:
    name: mrtunnat
-    enabled: 0
+    enabled: no
    daemon_reload: yes
  when: nic_traffic_mirror is defined
-
-
-#- name: "mask mrzcpd"
-#  systemd:
-#    name: mrzcpd
-#    masked: yes
-#    daemon_reload: yes
-#  when: nic_traffic_mirror.use_mrzcpd == 0
--- a/roles/mrzcpd/templates/mrglobal.conf.ATCA_40G.j2
+++ b/roles/mrzcpd/templates/mrglobal.conf.ATCA_40G.j2
@@ -0,0 +1,56 @@
+[device]
+device={{nic_data_incoming.vf0_name}},{{ nic_data_incoming.vf1_name }},vxlan_user,vxlan_fwd
+sz_tunnel=8192
+sz_buffer=0
+
+[device:{{nic_data_incoming.vf0_name}}]
+mtu=4096
+clear_tx_flags=1
+vlan-filter=1
+vlan-strip=1
+vlan-id-allow={{ VlanFlipping.vlanID_1 }},{{ VlanFlipping.vlanID_2 }},{{ VlanFlipping.vlanID_3 }},{{ VlanFlipping.vlanID_4 }}
+vlan-pvid=0
+vlan-pvid-mode=2
+hw_strip_crc=1
+
+[device:{{ nic_data_incoming.vf1_name }}]
+mtu=4096
+clear_tx_flags=1
+vlan-filter=1
+vlan-strip=1
+vlan-id-allow=4095
+vlan-pvid=0
+vlan-pvid-mode=2
+hw_strip_crc=1
+
+[service]
+# lcore id for i/o service, use comma to split
+iocore={{ mrzcpd.iocore }}
+distmode=2
+hashmode=0
+
+[eal]
+virtaddr=0x7f40c4a00000
+loglevel=7
+
+[keepalive]
+check_spinlock=0
+
+[ctrlzone]
+ctrlzone0=tunnat,64
+
+[pool]
+create_mode=3
+sz_direct_pktmbuf=4194304
+sz_indirect_pktmbuf=8192
+sz_cache=256
+sz_data=4096
+
+[forward]
+nr_forward_rule=6
+forward_rule_0=pv,{{nic_data_incoming.vf0_name}},{{nic_data_incoming.vf0_name}}
+forward_rule_1=vp,{{nic_data_incoming.vf0_name}},{{nic_data_incoming.vf0_name}}
+forward_rule_2=vv,vxlan_fwd,vxlan_user
+forward_rule_3=vv,vxlan_user,vxlan_fwd
+forward_rule_4=pv,{{ nic_data_incoming.vf1_name }},{{ nic_data_incoming.vf1_name }}
+forward_rule_5=vp,{{ nic_data_incoming.vf1_name }},{{ nic_data_incoming.vf1_name }}
--- a/roles/mrzcpd/templates/mrglobal.conf.adc_tun_mode.j2
+++ b/roles/mrzcpd/templates/mrglobal.conf.adc_tun_mode.j2
@@ -0,0 +1,67 @@
+[device]
+device={{nic_data_incoming.name}},{{nic_to_tfe.tfe0.name}},{{nic_to_tfe.tfe1.name}},{{nic_to_tfe.tfe2.name}},vxlan_user,vxlan_fwd
+sz_tunnel=8192
+sz_buffer=0
+
+[device:{{nic_data_incoming.name}}]
+jumbo_frame=1
+max_rx_pkt_len=15360
+clear_tx_flags=1
+vlan-filter=1
+vlan-id-allow=1000,1001,2000,2001,4000,4001
+#vlan-pvid=0
+#vlan-pvid-mode=0
+
+[device:{{nic_to_tfe.tfe0.name}}]
+jumbo_frame=1
+max_rx_pkt_len=15360
+clear_tx_flags=1
+promisc=1
+
+[device:{{nic_to_tfe.tfe1.name}}]
+jumbo_frame=1
+max_rx_pkt_len=15360
+clear_tx_flags=1
+promisc=1
+
+[device:{{nic_to_tfe.tfe2.name}}]
+jumbo_frame=1
+max_rx_pkt_len=15360
+clear_tx_flags=1
+promisc=1
+
+[service]
+# lcore id for i/o service, use comma to split
+iocore={{ mrzcpd.iocore }}
+distmode=2
+hashmode=0
+
+[eal]
+virtaddr=0x7f40c4a00000
+loglevel=7
+
+[keepalive]
+check_spinlock=0
+
+[ctrlzone]
+ctrlzone0=tunnat,64
+
+[pool]
+create_mode=3
+sz_direct_pktmbuf=4194304
+sz_indirect_pktmbuf=8192
+sz_cache=256
+sz_data=4096
+
+[forward]
+nr_forward_rule=10
+forward_rule_0=pv,{{nic_data_incoming.name}},{{nic_data_incoming.name}}
+forward_rule_1=vp,{{nic_data_incoming.name}},{{nic_data_incoming.name}}
+forward_rule_2=vv,vxlan_fwd,vxlan_user
+forward_rule_3=vv,vxlan_user,vxlan_fwd
+forward_rule_4=pv,{{nic_to_tfe.tfe0.name}},{{nic_to_tfe.tfe0.name}}
+forward_rule_5=vp,{{nic_to_tfe.tfe0.name}},{{nic_to_tfe.tfe0.name}}
+forward_rule_6=pv,{{nic_to_tfe.tfe1.name}},{{nic_to_tfe.tfe1.name}}
+forward_rule_7=vp,{{nic_to_tfe.tfe1.name}},{{nic_to_tfe.tfe1.name}}
+forward_rule_8=pv,{{nic_to_tfe.tfe2.name}},{{nic_to_tfe.tfe2.name}}
+forward_rule_9=vp,{{nic_to_tfe.tfe2.name}},{{nic_to_tfe.tfe2.name}}
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
fumingwei	ed15d48272	增加docker环境基础安装	2020-07-22 12:14:03 +08:00
fumingwei	8364667a79	1、修改自检项目名称为tsg-diagnose 2、删除自检多余操作	2020-07-20 16:57:16 +08:00
fumingwei	799f3e4a2f	删除构建包过程中，从docker register 下载 docker image 并生成tar的过程	2020-07-16 20:20:51 +08:00
fumingwei	a75a3a44f4	删除调试信息	2020-07-15 10:52:28 +08:00
付明卫	beffa2443f	upload file sha256 not match	2020-07-14 23:08:16 +08:00
fumingwei	a6f43fbaa0	修改调用upload脚本错误问题	2020-07-14 19:51:39 +08:00
fumingwei	3356920496	1、删除gitlab的 artifact 2、新增upload tar包到pulp file 存储 3、将共用变量从group_var 目录分离出来	2020-07-14 19:46:06 +08:00
root	6dfccaaf53	增加调试信息	2020-07-07 19:58:29 +08:00
root	988ea5c6b3	修改'dict object' has no attribute 'downpath'错误	2020-07-07 08:24:28 +08:00
root	ad148140fa	修改下载rpm失败问题	2020-07-07 08:12:05 +08:00
root	2c197d969d	修改 include 错误问题	2020-07-07 08:05:24 +08:00
root	06bb553d57	新建空文件，保持文件夹存在	2020-07-07 07:35:51 +08:00
root	3f3ff290c2	添加debug信息	2020-07-07 07:24:35 +08:00
root	cb497593e7	修改ansible 路径错误	2020-07-07 06:59:50 +08:00
root	662486eed3	增加debug 信息	2020-07-07 06:38:17 +08:00
root	9fc6d3f40c	增加自检打包和roles 规则	2020-07-07 06:23:37 +08:00
root	2c2efeade0	数据面离线安装包制作	2020-07-07 05:48:01 +08:00
zhangzhihan	e6fbb265a8	update	2020-06-24 18:08:40 +08:00
zhangzhihan	e1dc6b5f62	update 20.06.01	2020-06-22 10:34:56 +08:00
zhangzhihan	e67c3feb23	uodate 20.06	2020-06-14 13:07:04 +08:00
zhangzhihan	32dca71844	update	2020-06-11 17:23:57 +08:00
zhangzhihan	a54f8ce853	update	2020-06-11 17:15:58 +08:00
zhangzhihan	f3076ea577	update	2020-06-11 13:18:05 +08:00
zhangzhihan	e0d3ff7927	update	2020-06-11 13:17:06 +08:00
zhangzhihan	829dd78560	update	2020-06-09 13:10:38 +08:00
zhangzhihan	792ce3da1a	20.05.01	2020-05-28 17:27:31 +08:00
zhangzhihan	aad31a42bb	20200522	2020-05-22 11:08:29 +08:00
zhangzhihan	35c6127063	20200522	2020-05-22 09:27:29 +08:00
zhangzhihan	17221ed921	20200521	2020-05-21 15:30:04 +08:00
zhangzhihan	037489a9b4	20200521	2020-05-21 15:11:12 +08:00
zhangzhihan	faae89e6e5	tsgv20.05更新	2020-05-18 18:52:52 +08:00
zhangzhihan	cd5d4b9a42	更新mrglobal.conf vlan filter	2020-05-08 11:15:05 +08:00
zhangzhihan	37847b9fba	修正部署中bug	2020-05-07 20:50:17 +08:00
zhangzhihan	ed2956f0de	v20.5临时版本	2020-04-30 21:58:38 +08:00
zhangzhihan	624489cc60	v20.5临时版本	2020-04-30 21:53:59 +08:00
zhangzhihan	6dc5a5113d	sapp更新4.0.8	2020-04-29 14:59:53 +08:00
zhangzhihan	8dd9d58e07	更新sapp，优化部署	2020-04-28 17:54:17 +08:00
zhangzhihan	0c4a1306e9	更新ftp和fw_http插件	2020-04-28 13:12:16 +08:00
zhangzhihan	d8ded2517a	sapp更新至4.0.11	2020-04-27 16:31:07 +08:00
zhangzhihan	5382ab72a2	修复20.4部署bug	2020-04-27 10:49:24 +08:00
zhangzhihan	f8ba0f2019	功能端部署剧本升级，适配20.4版本	2020-04-26 02:09:50 +08:00
zhangzhihan	633624c5a5	功能端部署剧本升级，适配20.04版本	2020-04-26 02:06:47 +08:00
zhangzhihan	9cad585759	新建Tsg-v3.0分支	2020-04-03 17:47:36 +08:00