feature:新增部署packet_dump的操作

rpm包

.gitignore

@@ -1,2 +0,0 @@
-.vscode
-*.retry

adc_inline_device_access/group_vars/all.yml

@@ -1,74 +0,0 @@
-maat_redis_server:
-    address: "192.168.41.206"
-    port: 7002
-    db: 0
-
-dynamic_maat_redis_server:
-    address: "192.168.41.206"
-    port: 7002
-    db: 1
-
-cert_store_server:
-    address: "192.168.100.1"
-    port: 9991
-
-log_kafkabrokers:
-    address: "192.168.41.204:9092"
-
-log_minio:
-    address: "192.168.41.206"
-    port: 9090
-
-fs_remote:
-    switch: 1
-    address: "192.168.100.1"
-    port: 58125
-
-nic_transparent_mode:
-    enable: 0
-
-run_as_tun_mode: 0
-package_source: "local"
-
-install_dns_debug: "yes"
-install_ftp_debug: "yes"
-install_http_debug: "yes"
-install_mail_debug: "yes"
-install_ssl_debug: "yes"
-install_fw_dns_plug_debug: "yes"
-install_fw_ftp_plug_debug: "yes"
-install_fw_http_plug_debug: "yes"
-install_fw_mail_plug_debug: "yes"
-install_tsg_master: "yes"
-
-kni:
-    global:
-        log_level: 10
-        tfe_node_count: 3
-    watch_dog:
-        switch: 1
-    maat:
-        readconf_mode: 2
-    send_logger:
-        switch: 1
-    tfe_nodes:
-        - tfe0:
-              enabled: 1
-        - tfe1:
-              enabled: 1
-        - tfe2:
-              enabled: 1
-tfe:
-    nr_threads: 16
-    mc_cache_eth: ens1.100
-    keykeeper:
-        mode: "normal"
-        no_cache: 0
-
-mrzcpd:
-    iocore: 47
-
-mrtunnat:
-    lcore_id: 46
-
-

adc_inline_device_access/group_vars/blade-00.yml

@@ -1,15 +0,0 @@
-nic_mgr:
-    name: enp6s0
-nic_data_incoming:
-    name: ens1f4
-    ip: 192.168.1.30
-    mask: 255.255.255.252
-nic_inner_ctrl:
-    name: ens1.100
-nic_to_tfe:
-    tfe0:
-        name: ens1f5
-    tfe1:
-        name: ens1f6
-    tfe2:
-        name: ens1f7

adc_inline_device_access/group_vars/blade-01.yml

@@ -1,11 +0,0 @@
-nic_mgr:
-    name: enp6s0
-nic_data_incoming:
-    name: ens1f1
-    mac: AA:BB:CC:DD:EE:FF
-    address: 127.0.0.1
-nic_inner_ctrl:
-    name: ens1.100
-nic_traffic_mirror:
-    name: ens1f2
-    use_mrzcpd: 1

adc_inline_device_access/group_vars/blade-02.yml

@@ -1,10 +0,0 @@
-nic_mgr:
-    name: enp6s0
-nic_data_incoming:
-    name: ens8f1
-    mac: AA:BB:CC:DD:EE:FF
-nic_inner_ctrl:
-    name: ens8.100
-nic_traffic_mirror:
-    name: ens8f2
-    use_mrzcpd: 1

adc_inline_device_access/group_vars/blade-03.yml

@@ -1,10 +0,0 @@
-nic_mgr:
-    name: enp6s0
-nic_data_incoming:
-    name: ens8f1
-    mac: AA:BB:CC:DD:EE:FF
-nic_inner_ctrl:
-    name: ens8.100
-nic_traffic_mirror:
-    name: ens8f2
-    use_mrzcpd: 1

adc_inline_device_access/hosts

@@ -1,24 +0,0 @@
-[all:vars]
-ansible_user=root
-package_source=local
-
-[blade-mxn]
-192.168.40.170
-
-[blade-00]
-192.168.40.166
-
-[blade-01]
-192.168.40.167
-
-[blade-02]
-192.168.40.168
-
-[blade-03]
-192.168.40.169
-
-[Functional_Host:children]
-blade-00
-blade-01
-blade-02
-blade-03

adc_tera_access/group_vars/all.yml

@@ -1,73 +0,0 @@
-maat_redis_server:
-    address: "192.168.41.206"
-    port: 7002
-    db: 0
-
-dynamic_maat_redis_server:
-    address: "192.168.41.206"
-    port: 7002
-    db: 1
-
-cert_store_server:
-    address: "192.168.100.1"
-    port: 9991
-
-log_kafkabrokers:
-    address: "192.168.41.204:9092"
-
-log_minio:
-    address: "192.168.41.206"
-    port: 9090
-
-fs_remote:
-    switch: 1
-    address: "192.168.100.1"
-    port: 58125
-
-nic_transparent_mode:
-    enable: 0
-
-run_as_tun_mode: 0
-package_source: "local"
-
-install_dns_debug: "yes"
-install_ftp_debug: "yes"
-install_http_debug: "yes"
-install_mail_debug: "yes"
-install_ssl_debug: "yes"
-install_fw_dns_plug_debug: "yes"
-install_fw_ftp_plug_debug: "yes"
-install_fw_http_plug_debug: "yes"
-install_fw_mail_plug_debug: "yes"
-install_tsg_master: "yes"
-
-kni:
-    global:
-        log_level: 10
-        tfe_node_count: 3
-    watch_dog:
-        switch: 1
-    maat:
-        readconf_mode: 2
-    send_logger:
-        switch: 1
-    tfe_nodes:
-        - tfe0:
-              enabled: 1
-        - tfe1:
-              enabled: 1
-        - tfe2:
-              enabled: 1
-tfe:
-    nr_threads: 16
-    keykeeper:
-        mode: "normal"
-        no_cache: 0
-
-mrzcpd:
-    iocore: 47
-
-mrtunnat:
-    lcore_id: 46
-
-

adc_tera_access/group_vars/blade-00.yml

@@ -1,14 +0,0 @@
-nic_mgr:
-    name: enp6s0
-nic_data_incoming:
-    name: ens1f4
-    address: 127.0.0.1
-nic_inner_ctrl:
-    name: ens1.100
-nic_to_tfe:
-    tfe0:
-        name: ens1f5
-    tfe1:
-        name: ens1f6
-    tfe2:
-        name: ens1f7

adc_tera_access/group_vars/blade-01.yml

@@ -1,11 +0,0 @@
-nic_mgr:
-    name: enp6s0
-nic_data_incoming:
-    name: ens1f1
-    mac: AA:BB:CC:DD:EE:FF
-    address: 127.0.0.1
-nic_inner_ctrl:
-    name: ens1.100
-nic_traffic_mirror:
-    name: ens1f2
-    use_mrzcpd: 1

adc_tera_access/group_vars/blade-02.yml

@@ -1,10 +0,0 @@
-nic_mgr:
-    name: enp6s0
-nic_data_incoming:
-    name: ens8f1
-    mac: AA:BB:CC:DD:EE:FF
-nic_inner_ctrl:
-    name: ens8.100
-nic_traffic_mirror:
-    name: ens8f2
-    use_mrzcpd: 1

adc_tera_access/group_vars/blade-03.yml

@@ -1,10 +0,0 @@
-nic_mgr:
-    name: enp6s0
-nic_data_incoming:
-    name: ens8f1
-    mac: AA:BB:CC:DD:EE:FF
-nic_inner_ctrl:
-    name: ens8.100
-nic_traffic_mirror:
-    name: ens8f2
-    use_mrzcpd: 1

adc_tera_access/hosts

@@ -1,30 +0,0 @@
-[all:vars]
-ansible_user=root
-package_source=local
-
-[blade-mxn]
-192.168.40.170
-
-[blade-00]
-192.168.40.166
-
-[blade-01]
-192.168.40.167
-
-[blade-02]
-192.168.40.168
-
-[blade-03]
-192.168.40.169
-
-
-[Functional_Host:children]
-blade-00
-blade-01
-blade-02
-blade-03
-
-[Slave_Host:children]
-blade-01
-blade-02
-blade-03

clear_redis_cache.yml

@@ -1,6 +0,0 @@
-- hosts: blade-00
-  tasks:
-  - name: "killall certstore"
-    command: "killall certstore"
-  - name: "clear redis cache"
-    command: "redis-cli flushdb"

deploy.yml

@@ -1,49 +0,0 @@
-- hosts: Functional_Host
-  roles:
-    - framework
-    - kernel-ml
-
-- hosts: blade-00
-  roles:
-    - tsg-env-mcn0
-    - mrzcpd
-    - sapp
-    - kni
-    - firewall
-    - certstore
-    - cert-redis
-
-- hosts: blade-01
-  roles:
-    - tsg-env-mcn1
-    - mrzcpd
-    - tfe
-
-- hosts: blade-02
-  roles:
-    - tsg-env-mcn2
-    - mrzcpd
-    - tfe
-
-- hosts: blade-03
-  roles:
-    - tsg-env-mcn3
-    - mrzcpd
-    - tfe
-
-- hosts: blade-mxn
-  roles:
-    - tsg-env-mxn
-
-- hosts: pc-as-tun-mode
-  roles:
-    - kernel-ml
-    - framework
-    - mrzcpd
-    - tsg-env-tun-mode
-    - sapp
-    - kni
-    - firewall
-    - certstore
-    - cert-redis
-    - tfe

install_config/group_vars/mirror_traffic.yml

@@ -0,0 +1,93 @@
+########################################
+#Server Basic Config
+nic_mgr:
+  name: eth0
+
+#########################################
+#IP Config
+maat_redis_server:
+  address: "#Bifang IP#"
+  port: 7002
+  port_num: 1
+  db: 0
+
+dynamic_maat_redis_server:
+  address: "#Bifang IP#"
+  port: 7002
+  port_num: 1
+  db: 1
+
+
+log_kafkabrokers:
+  address: ['1.1.1.1:9092','2.2.2.2:9092']
+
+
+#log_minio:
+#  address: "10.9.62.253"
+#  port: 9090
+
+#########################################
+#Log Level Config
+#日志等级 10:DEBUG 20:INFO 30:FATAL
+fw_voip_log_level: 10
+fw_ftp_log_level: 10
+fw_mail_log_level: 10
+fw_http_log_level: 10
+fw_dns_log_level: 10
+fw_quic_log_level: 10
+app_control_log_level: 10
+capture_packet_log_level: 10
+tsg_log_level: 10
+tsg_master_log_level: 10
+kni_log_level: 10
+
+#日志等级 DEBUG INFO FATAL
+tfe_log_level: FATAL
+tfe_http_log_level: FATAL
+pangu_log_level: FATAL
+doh_log_level: FATAL
+
+certstore_log_level: 10
+packet_dump_log_level: 10
+
+#########################################
+#Sapp Performance Config
+#如果tsg_access_type=0，sapp跑在pcap模式，则以下配置可忽略
+sapp:
+  worker_threads: 23
+  send_only_threads_max: 1
+  bind_mask: 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24
+  inbound_route_dir: 1
+  prometheus_enable: 1
+  prometheus_port: 9273
+  prometheus_url_path: "/metrics"
+
+#########################################
+#Marsio Config
+mrzcpd:
+  iocore: 39
+
+
+#########################################
+#新增配置项,均为默认值不用改
+breakpad_upload_url: http://127.0.0.1:9000/api/2/minidump/?sentry_key=3556bac347c74585a994eb6823faf5c6
+
+data_center: Beijing
+tsg_master_entrance_id: 0
+
+
+firewall:
+  hos_serverip: "192.168.40.223"
+  hos_serverport: 9098
+  hos_accesskeyid: "default"
+  hos_secretkey: "default"
+  hos_poolsize: 100
+  hos_thread_sum: 32
+  hos_cache_size: 102400
+  hos_fs2_serverip: "127.0.0.1"
+  hos_fs2_serverport: 10086
+  APP_SKETCH_BROKER_IP: "192.168.40.161"
+  APP_SKETCH_BROKER_PORT: 1883
+
+
+data_incoming_nic_list: ['eth0', 'eth1']

install_config/group_vars/packet_dump_server.yml

@@ -0,0 +1,22 @@
+nic_mgr:
+  name: eth0
+
+log_kafkabrokers:
+  address: ['1.1.1.1:9092','2.2.2.2:9092']
+
+packet_dump_log_level: 10
+
+breakpad_upload_url: http://127.0.0.1:9000/api/2/minidump/?sentry_key=3556bac347c74585a994eb6823faf5c6
+
+dump_rtp_pcap:
+  aws_access_key_id: "default"
+  aws_secret_access_key: "default"
+  aws_session_token: "c21f969b5f03d33d43e04f8f136e7682"
+  consume_bootstrap_servers: ['192.168.44.14:9092']
+  endpoint_url: "http://192.168.44.67:9098/hos/"
+  produce_bootstrap_servers: "192.168.44.14:9092"
+  queue_size: 5000000
+  coroutine_max_num: 200
+  coroutine_num: 100
+  qfull_mode: 0
+  qfull_interval: 5

install_config/hosts

@@ -0,0 +1,3 @@
+[mirror_traffic]
+[packet_dump_server]
+

mirror_traffic.yml

@@ -0,0 +1,12 @@
+- hosts: mirror_traffic
+  remote_user: root
+  vars_files:
+    - install_config/group_vars/mirror_traffic.yml
+  roles:
+    - {role: framework, tags: framework}
+    - {role: kernel-ml, tags: kernel-ml}
+    - {role: mrzcpd, tags: mrzcpd}
+    - {role: sapp, tags: sapp}
+    - {role: tsg_master, tags: tsg_master}
+    - {role: firewall, tags: firewall}
+    - {role: telegraf_statistic, tags: telegraf_statistic}

packet_dump_server.yml

@@ -0,0 +1,8 @@
+- hosts: packet_dump_server
+  remote_user: root
+  vars_files:
+    - install_config/group_vars/packet_dump_server.yml
+  roles:
+    - {role: framework, tags: framework}
+    - {role: packet_dump, tags: packet_dump}
+    - {role: dump_rtp_pcap, tags: dump_rtp_pcap}

pc_double_arm_access/group_vars/all.yml

@@ -1,88 +0,0 @@
-maat_redis_server:
-  address: "192.168.40.168"
-  port: 7002
-  db: 0
-
-dynamic_maat_redis_server:
-  address: "192.168.40.168"
-  port: 7002
-  db: 0
-
-cert_store_server:
-  address: "127.0.0.1"
-  port: 9991
-
-log_kafkabrokers:
-  address: "192.168.40.169:9092"
-
-log_minio:
-  address: "192.168.40.168;"
-  port: 9090
-
-fs_remote:
-  switch: 1
-  address: "127.0.0.1"
-  port: 8125
-  
-install_dns_debug: "yes"
-install_ftp_debug: "yes"
-install_http_debug: "yes"
-install_mail_debug: "yes"
-install_ssl_debug: "yes"
-install_fw_dns_plug_debug: "yes"
-install_fw_ftp_plug_debug: "yes"
-install_fw_http_plug_debug: "yes"
-install_fw_mail_plug_debug: "yes"
-install_tsg_master: "yes"
-
-sapp:
-  worker_threads: 16
-
-kni:
-  global:
-    log_level: 30
-    tfe_node_count: 3
-  watch_dog:
-    switch: 1
-  maat:
-    readconf_mode: 2
-  send_logger:
-    switch: 1
-  tfe_nodes:
-    - tfe0:
-        enabled: 1
-    - tfe1:
-        enabled: 1
-    - tfe2:
-        enabled: 1
-tfe:
-  nr_threads: 32
-  mc_cache_eth: lo 
-  keykeeper:
-    mode: "normal"
-    no_cache: 0
-
-mrzcpd:
-  iocore: 39
-
-mrtunnat:
-  lcore_id: 38
-
-nic_mgr:
-  name: eth0
-nic_data_incoming:
-  name: tun_kni
-  address: 127.0.0.1
-nic_inner_ctrl:
-  name: eth0.100
-nic_traffic_mirror:
-  name: lo
-  use_mrzcpd: 0
-
-nic_transparent_mode:
-  enable: 1
-  mode: pcap
-  internel_interface: "eth2"
-  external_interface: "eth3"
-
-run_as_tun_mode: 1

pc_double_arm_access/hosts

@@ -1,6 +0,0 @@
-[all:vars]
-ansible_user=root
-package_source=local
-
-[pc-as-tun-mode]
-192.168.40.138

pulp-install.yml

@@ -1,3 +0,0 @@
-- hosts: blade-0*
-  roles:
-    - pulp-consumer

roles/cert-redis/files/cert-redis/cert-redis.service

@@ -1,16 +0,0 @@
-[Unit]
-Description=Redis persistent key-value database
-After=network.target
-After=network-online.target
-Wants=network-online.target
-
-[Service]
-ExecStart=/usr/local/bin/start-cert-redis
-ExecStop=killall redis-server
-Type=forking
-RuntimeDirectory=redis
-RuntimeDirectoryMode=0755
-
-[Install]
-WantedBy=multi-user.target
-

roles/cert-redis/files/cert-redis/install.sh

@@ -1,6 +0,0 @@
-#!/bin/bash
-#
-cp -rf redis-server /usr/local/bin/
-cp -rf redis-cli /usr/local/bin
-cp -rf cert-redis.service /usr/lib/systemd/system/
-cp -rf start-cert-redis /usr/local/bin

roles/cert-redis/files/cert-redis/start-cert-redis

@@ -1,4 +0,0 @@
-#!/bin/bash
-#
-
-/usr/local/bin/redis-server /home/tsg/cert-redis/6379/6379.conf

roles/cert-redis/tasks/main.yml

@@ -1,15 +0,0 @@
-- name: "copy cert-redis to destination server"
-  copy:
-    src: "{{ role_path }}/files/"
-    dest: /home/tsg
-    mode: 0755
-
-- name: "install cert-redis"
-  shell: cd /home/tsg/cert-redis;sh install.sh
-
-- name: "start cert-redis"
-  systemd:
-    name: cert-redis.service
-    state: started
-    daemon_reload: yes
-    enabled: yes

roles/certstore/tasks/main.yml

@@ -1,26 +0,0 @@
----
-- name: "copy redis and dependency to destination"
-  synchronize:
-    src: "{{ role_path }}/files/"
-    dest: "/tmp/ansible_deploy/"
-
-- name: Ensures /home/tsg exists
-  file: path=/home/tsg state=directory
-  tags: mkdir
-
-- name: install certstore
-  unarchive:
-    src: "{{ role_path }}/files/certstore-base-online-20200119.tar.gz"
-    dest: /home/tsg
-
-- name: template certstore configure file
-  template:
-    src: "{{ role_path }}/templates/cert_store.ini.j2"
-    dest: /home/tsg/certstore-base/conf/cert_store.ini
-
-- name: bootup certstore
-  blockinfile:
-    marker: "## {mark} bootstrap certstore"
-    path: /etc/rc.d/rc.local
-    block: |
-      cd /home/tsg/certstore-base; ./r2_certstore

roles/certstore/templates/cert_store.ini.j2

@@ -1,45 +0,0 @@
-[SYSTEM]
-#1:print on screen, 0:don't
-DEBUG_SWITCH = 1
-#10:DEBUG, 20:INFO, 30:FATAL
-RUN_LOG_LEVEL = 30
-RUN_LOG_PATH = ./logs
-[CONFIG]
-#Number of running threads
-thread-nu = 4
-#1 rsync, 0 sync
-mode=1
-#Local default root certificate is valid for 30 days by default
-expire_after = 30
-#Local default root certificate path
-local_debug = 1
-ca_path = ./cert/tango-ca-v3-trust-ca.pem
-untrusted_ca_path = ./cert/mesalab-ca-untrust.pem
-[NTC_MAAT]
-#Configure the load mode,
-#0: using the configuration distribution network
-#1: using local json
-#2: using Redis reads
-maat_json_switch=2
-#When the loading mode is sent to the network, set the scanning configuration modification interval (s).
-effective_interval=1
-#Specify the location of the configuration library table file
-table_info=./conf/table_info.conf
-#Incremental profile path
-inc_cfg_dir=./rule/inc/index
-#Full profile path
-full_cfg_dir=./rule/full/index
-#Json file path when json schema is used
-pxy_obj_keyring=./conf/pxy_obj_keyring.json
-[LIBEVENT]
-#Local monitor port number, default is 9991
-port = 9991
-[CERTSTORE_REDIS]
-#The Redis server IP address and port number where the certificate is stored locally
-ip = 127.0.0.1
-port = 6379
-[MAAT_REDIS]
-#Maat monitors the Redsi server IP address and port number
-ip = {{ maat_redis_server.address }}
-port = {{ maat_redis_server.port }}
-dbindex =  {{ maat_redis_server.db }}

roles/dump_rtp_pcap/tasks/main.yml

@@ -0,0 +1,22 @@
+- name: "dump-rtp-pcap: copy dump-rtp-pcap rpm package to destination"
+  copy:
+    src: "{{ role_path }}/files/"
+    dest: /tmp/ansible_deploy/
+
+- name: "dump-rtp-pcap: install dump-rtp-pcap rpm from localhost"
+  yum:
+    name:
+      - /tmp/ansible_deploy/dump_rtp_pcap-1.0.2.445da24-2.el7.x86_64.rpm
+    state: present
+
+- name: "dump-rtp-pcap: Template the dump_rtp_pcap.json"
+  template:
+    src: "{{ role_path }}/templates/dump_rtp_pcap.json.j2"
+    dest: /home/mesasoft/dump_rtp_pcap/dump_rtp_pcap.json
+  tags: template
+ 
+- name: "start dump_rtp_pcap"
+  systemd:
+    name: dump_rtp_pcap.service
+    enabled: yes
+    daemon_reload: yes

roles/dump_rtp_pcap/templates/dump_rtp_pcap.json.j2

@@ -0,0 +1,23 @@
+{
+    "endian":"little",
+    "aws_access_key_id": "{{ dump_rtp_pcap.aws_access_key_id }}",
+    "aws_secret_access_key": "{{ dump_rtp_pcap.aws_secret_access_key }}",
+    "aws_session_token": "{{ dump_rtp_pcap.aws_session_token }}",
+    "bucket_name": "rtp-log",
+    "consume_auto_offset_reset":"latest",
+    "consume_bootstrap_servers": ["{{ dump_rtp_pcap.consume_bootstrap_servers | join("\",\"") }}"],
+    "consume_topic": "INTERNAL-RTP-LOG",
+    "endpoint_url": "{{ dump_rtp_pcap.endpoint_url }}",
+    "file_prefix":"rtp_log",
+    "group_id": "rtp-log-1",
+    "produce_bootstrap_servers": "{{ dump_rtp_pcap.produce_bootstrap_servers }}",
+    "produce_topic": "VOIP-RECORD-LOG",
+    "region_name": "us-east-1",
+    "save_speed_emit_interval":30,
+    "upload_speed_emit_interval":30,
+    "queue_size":{{ dump_rtp_pcap.queue_size }},
+    "coroutine_max_num":{{ dump_rtp_pcap.coroutine_max_num }},
+    "coroutine_num":{{ dump_rtp_pcap.coroutine_num }},
+    "qfull_mode":{{ dump_rtp_pcap.qfull_mode }},
+    "qfull_interval":{{ dump_rtp_pcap.qfull_interval }}
+}

roles/firewall/tasks/main.yml

@@ -4,86 +4,65 @@
     src: "{{ role_path }}/files/"
     dest: /tmp/ansible_deploy/
 
-- name: "install dns-debug rpms from localhost"
+- name: "install firewall packages"
   yum:
-    name:
-      - /tmp/ansible_deploy/dns-debug-1.0.0.-1.el7.x86_64.rpm
+    name: "{{ fw_packages }}"
     state: present
-  when: install_dns_debug == "yes"
+    skip_broken: yes
+  vars:
+    fw_packages:
+      - /tmp/ansible_deploy/capture_packet_plug-3.0.6.a2db4a4-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/conn_telemetry-1.0.2.8d6da43-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/dns-2.0.12.e083fec-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/ftp-1.0.8.13d5fda-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/fw_dns_plug-3.0.6.57c2feb-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/fw_ftp_plug-3.0.1.0a78573-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/fw_http_plug-3.2.5.30df450-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/fw_mail_plug-3.1.1.777fa90-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/fw_quic_plug-3.0.4.947ef77-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/fw_ssl_plug-3.1.1.d9e9de4-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/http-2.0.5.c61ad9a-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/mail-1.0.11.48abeae-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/quic-1.1.17.8c22b4d-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/ssl-2.0.2.1389716-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/tsg_conn_sketch-2.1.41.906e62b-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/rtp-1.0.4.91b4ab7-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/mesa_sip-1.1.1.0721ead-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/fw_voip_plug-1.0.6.341fe83-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/gtp-1.0.4.8804e43-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/gtp_signaling_plug-1.0.2.2dfced5-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/app_proto_identify-2.0.1.dd683eb-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/app_proto_engine-devel-2.0.4.95a943e-2.el7.x86_64.rpm
 
-- name: "install ftp-debug rpms from localhost"
-  yum:
-    name:
-      - /tmp/ansible_deploy/ftp-debug-1.0.0.-1.el7.x86_64.rpm
-    state: present
-  when: install_ftp_debug == "yes"
-
-- name: "install http-debug rpms from localhost"
-  yum:
-    name:
-      - /tmp/ansible_deploy/http-debug-1.0.0.-1.el7.x86_64.rpm
-    state: present
-  when: install_http_debug == "yes"
- 
-- name: "install mail-debug rpms from localhost"
-  yum:
-    name:
-      - /tmp/ansible_deploy/mail-debug-1.0.0.-1.el7.x86_64.rpm
-    state: present
-  when: install_mail_debug == "yes"
-
-- name: "install ssl-debug rpms from localhost"
-  yum:
-    name:   
-      - /tmp/ansible_deploy/ssl-debug-1.0.0.-1.el7.x86_64.rpm
-    state: present
-  when: install_ssl_debug == "yes"
-
-- name: "install fw_dns_plug-debug rpms from localhost"
-  yum:
-    name:
-      - /tmp/ansible_deploy/fw_dns_plug-debug-1.0.2.1c9d36d-1.el7.centos.x86_64.rpm
-    state: present
-  when: install_fw_dns_plug_debug == "yes" 
- 
-- name: "install fw_ftp_plug-debug rpms from localhost"
-  yum:
-    name:
-      - /tmp/ansible_deploy/fw_ftp_plug-debug-1.0.0.bd656e4-1.el7.centos.x86_64.rpm
-    state: present
-  when: install_fw_ftp_plug_debug == "yes"
-  
-- name: "install fw_http_plug-debug rpms from localhost"
-  yum:
-    name:
-      - /tmp/ansible_deploy/fw_http_plug-debug-1.0.3.3c95e78-1.el7.centos.x86_64.rpm
-    state: present
-  when: install_fw_http_plug_debug == "yes" 
- 
-- name: "install fw_mail_plug-debug rpms from localhost"
-  yum:
-    name:
-      - /tmp/ansible_deploy/fw_mail_plug-debug-1.0.1.8792ed8-1.el7.centos.x86_64.rpm
-    state: present
-  when: install_fw_mail_plug_debug == "yes"
-
-- name: "install tsg-master rpms from localhost"
-  yum:
-    name:
-      - /tmp/ansible_deploy/tsg_master-debug-1.0.1.f624b67-1.el7.centos.x86_64.rpm
-    state: present
-  when: install_tsg_master == "yes" 
-
-- name: Template the tsgconf/main.conf
+- name: "Template the tsgconf/main.conf"
   template:
     src: "{{ role_path }}/templates/main.conf.j2"
     dest: /home/mesasoft/sapp_run/tsgconf/main.conf
   tags: template
 
 
-- name: Template the tsgconf/maat.conf
+- name: "Template the tsgconf/maat.conf"
   template:
     src: "{{ role_path }}/templates/maat.conf.j2"
     dest: /home/mesasoft/sapp_run/tsgconf/maat.conf
   tags: template
 
+
+- name: "Template the conf/capture_packet_plug.conf.j2"
+  template:
+    src: "{{ role_path }}/templates/capture_packet_plug.conf.j2"
+    dest: /home/mesasoft/sapp_run/conf/capture_packet_plug.conf
+  tags: template
+
+ 
+- name: "Template the /home/mesasoft/sapp_run/plug/business/tsg_conn_sketch/tsg_conn_sketch.inf"
+  template:
+    src: "{{ role_path }}/templates/tsg_conn_sketch.inf.j2"
+    dest: /home/mesasoft/sapp_run/plug/business/tsg_conn_sketch/tsg_conn_sketch.inf
+  tags: template
+
+- name: "Template the conf/http/http.conf"
+  template:
+    src: "{{ role_path }}/templates/http.conf.j2"
+    dest:  /home/mesasoft/sapp_run/conf/http/http.conf
+  tags: template

roles/firewall/templates/capture_packet_plug.conf.j2

@@ -0,0 +1,26 @@
+[MAAT]
+MAAT_MODE=2
+#EFFECTIVE_FLAG=
+STAT_SWITCH=1
+PERF_SWITCH=1
+TABLE_INFO=conf/capture_packet_tableinfo.conf
+STAT_FILE=capture_packet_maat.status
+EFFECT_INTERVAL_S=1
+REDIS_IP={{ maat_redis_server.address }}
+REDIS_PORT_NUM={{ maat_redis_server.port_num }}
+REDIS_PORT={{ maat_redis_server.port }}
+REDIS_INDEX={{ maat_redis_server.db }}
+JSON_CFG_FILE=conf/capture_packet_maat.json
+INC_CFG_DIR=capture_packet_rule/inc/index/
+FULL_CFG_DIR=capture_packet_rule/full/index/
+EFFECTIVE_RANGE_FILE=/opt/tsg/etc/tsg_device_tag.json
+ACCEPT_TAGS={"tags":[{"tag":"data_center","value":"{{ data_center }}"}]}
+
+[LOG]
+NIC_NAME={{ nic_mgr.name }}
+BROKER_LIST={{ log_kafkabrokers.address | join(",") }}
+FIELD_FILE=conf/capture_packet_log_field.conf
+
+[SYSTEM]
+LOG_LEVEL=30
+LOG_PATH=./tsglog/capture_packet_plug/capture_packet

roles/firewall/templates/http.conf.j2

@@ -0,0 +1,43 @@
+#http_special
+#all regions
+1	HTTP_ALL
+2	HTTP_OTHER_REGIONS
+#http state
+3	HTTP_STATE
+4	HTTP_REQ_LINE
+5	HTTP_RES_LINE	
+6	HTTP_CONTENT            
+7	HTTP_UNGZIP_CONTENT
+8	HTTP_MESSAGE_URL
+9	HTTP_URI
+#http_request
+10	HTTP_HOST
+11	HTTP_REFERER
+12	HTTP_USER_AGENT
+13	HTTP_COOKIE
+14	HTTP_PROXY_AUTHORIZATION
+15	HTTP_AUTHORIZATION
+#http_response
+16	HTTP_LOCATION
+17	HTTP_SERVER
+18	HTTP_ETAG
+#http_general
+19	HTTP_DATE
+20	HTTP_TRAILER
+21	HTTP_TRANSFER_ENCODING
+22	HTTP_VIA
+23	HTTP_PRAGMA
+24	HTTP_CONNECTION
+#http_content
+25	HTTP_CONT_ENCODING
+26	HTTP_CONT_LANGUAGE
+27	HTTP_CONT_LOCATION
+28	HTTP_CONT_DISPOSITION
+29	HTTP_CONT_RANGE
+30	HTTP_CONT_LENGTH
+31	HTTP_CONT_TYPE
+32	HTTP_CHARSET
+33	HTTP_EXPIRES
+34	HTTP_X_FLASH_VERSION
+35	HTTP_TRANSFER_LENGTH
+36	Set-Cookie

roles/firewall/templates/maat.conf.j2

@@ -1,4 +1,5 @@
 [STATIC]
+###0:location 1:json 2:redis
 MAAT_MODE=2
 STAT_SWITCH=1
 PERF_SWITCH=1
@@ -6,14 +7,16 @@ TABLE_INFO=tsgconf/tsg_static_tableinfo.conf
 STAT_FILE=tsg_static_maat.status
 EFFECT_INTERVAL_S=1
 REDIS_IP={{ maat_redis_server.address }}
-REDIS_PORT_NUM=1
-REDIS_PORT=7002
-REDIS_INDEX=0
+REDIS_PORT_NUM={{ maat_redis_server.port_num }}
+REDIS_PORT={{ maat_redis_server.port }}
+REDIS_INDEX={{ maat_redis_server.db }}
 JSON_CFG_FILE=tsgconf/tsg_maat.json
 INC_CFG_DIR=tsgrule/inc/index/
 FULL_CFG_DIR=tsgrule/full/index/
+EFFECTIVE_RANGE_FILE=/opt/tsg/etc/tsg_device_tag.json
 
 [DYNAMIC]
+###0:location 1:json 2:redis
 MAAT_MODE=2
 STAT_SWITCH=1
 PERF_SWITCH=1
@@ -21,10 +24,45 @@ TABLE_INFO=tsgconf/tsg_dynamic_tableinfo.conf
 STAT_FILE=tsg_dynamic_maat.status
 EFFECT_INTERVAL_S=1
 REDIS_IP={{ dynamic_maat_redis_server.address }}
-REDIS_PORT_NUM=1
-REDIS_PORT=7002
-REDIS_INDEX=1
+REDIS_PORT_NUM={{ dynamic_maat_redis_server.port_num }}
+REDIS_PORT={{ dynamic_maat_redis_server.port }}
+REDIS_INDEX={{ dynamic_maat_redis_server.db }}
 JSON_CFG_FILE=tsgconf/tsg_maat.json
 INC_CFG_DIR=tsgrule/inc/index/
 FULL_CFG_DIR=tsgrule/full/index/
+EFFECTIVE_RANGE_FILE=/opt/tsg/etc/tsg_device_tag.json
 
+[APP_SIGNATURE_MAAT]
+MAAT_MODE=2
+STAT_SWITCH=1
+PERF_SWITCH=1
+TABLE_INFO=tsgconf/app_sketch_tableinfo.conf
+STAT_FILE=app_sketch_maat.status
+EFFECT_INTERVAL_S=1
+REDIS_IP={{ maat_redis_server.address }}
+REDIS_PORT_NUM={{ maat_redis_server.port_num }}
+REDIS_PORT={{ maat_redis_server.port }}
+REDIS_INDEX={{ maat_redis_server.db }}
+JSON_CFG_FILE=tsgconf/app_sketch_maat.json
+INC_CFG_DIR=tsgrule/inc/index/
+FULL_CFG_DIR=tsgrule/full/index/
+EFFECTIVE_RANGE_FILE=/opt/tsg/etc/tsg_device_tag.json
+
+[CAPTURE]
+MAAT_MODE=2
+STAT_SWITCH=1
+PERF_SWITCH=1
+TABLE_INFO=tsgconf/app_sketch_tableinfo.conf
+STAT_FILE=app_sketch_maat.status
+EFFECT_INTERVAL_S=1
+REDIS_IP={{ maat_redis_server.address }}
+REDIS_PORT_NUM={{ maat_redis_server.port_num }}
+REDIS_PORT={{ maat_redis_server.port }}
+REDIS_INDEX={{ maat_redis_server.db }}
+JSON_CFG_FILE=tsgconf/app_sketch_maat.json
+INC_CFG_DIR=tsgrule/inc/index/
+FULL_CFG_DIR=tsgrule/full/index/
+EFFECTIVE_RANGE_FILE=/opt/tsg/etc/tsg_device_tag.json
+
+[MAAT]
+ACCEPT_TAGS={"tags":[{"tag":"data_center","value":"{{ data_center }}"}]}

roles/firewall/templates/main.conf.j2

@@ -1,47 +1,103 @@
+[VOIP_PLUG]
+TIMEOUT=300
+LOG_PATH="./tsglog/fw_voip_plug/fw_voip_plug"
+LOG_LEVEL={{ fw_voip_log_level }}
+TABLE_TO=TSG_FIELD_SIP_RESPONDER_DESCRIPTION
+TABLE_FROM=TSG_FIELD_SIP_ORIGINATOR_DESCRIPTION
+
 [FTP_PLUG]
-LOG_PATH=./tsglog/fw_ftp_plug/fw_ftp_plug
-LOG_LEVEL=10
+LOG_PATH="./tsglog/fw_ftp_plug/fw_ftp_plug"
+LOG_LEVEL={{ fw_ftp_log_level }}
 TIMEOUT=600
+
 [MAIL_PLUG]
-LOG_PATH=./tsglog/fw_mail_plug/fw_mail_plug
-LOG_LEVEL=10
+LOG_PATH="./tsglog/fw_mail_plug/fw_mail_plug"
+LOG_LEVEL={{ fw_mail_log_level }}
 TIMEOUT=600
+
 [HTTP_PLUG]
-LOG_PATH=./tsglog/fw_http_plug/fw_http_plug
-LOG_LEVEL=10
+LOG_PATH="./tsglog/fw_http_plug/fw_http_plug"
+LOG_LEVEL={{ fw_http_log_level }}
+
 [DNS_PLUG]
-LOG_PATH=./tsglog/fw_dns_plug/fw_dns_plug
-LOG_LEVEL=10
+LOG_PATH="./tsglog/fw_dns_plug/fw_dns_plug"
+LOG_LEVEL={{ fw_dns_log_level }}
+
+[QUIC_PLUG]
+LOG_PATH="./tsglog/fw_quic_plug/fw_quic_plug"
+LOG_LEVEL={{ fw_quic_log_level }}
+
+[CONTROL_PLUG]
+LOG_PATH="./tsglog/app_control_plug/app_control_plug"
+LOG_LEVEL={{ app_control_log_level }}
+
 [MAAT]
-PROFILE=./tsgconf/maat.conf
-IP_ADDR_TABLE=TSG_OBJ_IP_ADDR
-SUBSCRIBER_ID_TABLE=TSG_OBJ_SUBSCRIBER_ID
-CB_SUBSCRIBER_IP_TABLE=TSG_DYN_SUBSCRIBER_IP
+PROFILE="./tsgconf/maat.conf"
+SUBSCRIBER_ID_TABLE="TSG_OBJ_SUBSCRIBER_ID"
+CB_SUBSCRIBER_IP_TABLE="TSG_DYN_SUBSCRIBER_IP"
+IP_ADDR_TABLE="TSG_SECURITY_ADDR"
 
 [TSG_LOG]
 MODE=1
-NIC_NAME={{ nic_mgr.name }}
+NIC_NAME="{{ nic_mgr.name }}"
 MAX_SERVICE=1
-LOG_LEVEL=10
-LOG_PATH=./tsglog/tsglog
-BROKER_LIST={{ log_kafkabrokers.address }}
-COMMON_FIELD_FILE=tsgconf/tsg_log_field.conf
+LOG_LEVEL={{ tsg_log_level }}
+LOG_PATH="./tsglog/tsglog"
+BROKER_LIST="{{ log_kafkabrokers.address | join(",") }}"
+COMMON_FIELD_FILE="tsgconf/tsg_log_field.conf"
 
 [STATISTIC]
-CYCLE=0
+CYCLE=5
 TELEGRAF_PORT=8100
-TELEGRAF_IP=127.0.0.1
-OUTPUT_PATH=./tsg_statistic.log
-APP_NAME=statistic
+TELEGRAF_IP="127.0.0.1"
+OUTPUT_PATH="./tsg_statistic.log"
+APP_NAME="statistic"
 
 [FIELD_STAT]
-CYCLE=3
-TELEGRAF_PORT=8125
-TELEGRAF_IP=127.0.0.1
-OUTPUT_PATH=./tsg_stat.log
-APP_NAME=tsg_master
+CYCLE=5
+TELEGRAF_PORT=8100
+TELEGRAF_IP="127.0.0.1"
+OUTPUT_PATH="./tsg_stat.log"
+APP_NAME="tsg_master"
 
 [SYSTEM]
+NIC_NAME="{{ nic_mgr.name }}"
+ENTRANCE_ID={{ tsg_master_entrance_id }}
+LOG_LEVEL={{ tsg_master_log_level }}
+LOG_PATH="./tsglog/tsg_master"
+POLICY_PRIORITY_LABEL="POLICY_PRIORITY"
+L7_PROTOCOL_FILE="./tsgconf/tsg_l7_protocol.conf"
+DEVICE_ID_COMMAND="hostname | awk -F'-' '{print $3}'| awk -F'adc' '{print $2}'"
+
+[TSG_CONN_SKETCH]
+log_service=2
+live_service=6
+transaction_service=7
+live_service_switch=1
+transaction_service_switch=1
+live_intervals_time = 30
+
+[HOS_CONF]
+hos_serverip="{{ firewall.hos_serverip }}"
+hos_serverport={{ firewall.hos_serverport }}
+hos_accesskeyid="default"
+hos_secretkey="default"
+hos_poolsize=100
+hos_thread_sum=32
+hos_cache_size=102400
+hos_fs2_serverip="127.0.0.1"
+hos_fs2_serverport=10086
+
+[APP_SKETCH_LOCAL]
 LOG_LEVEL=10
-LOG_PATH=./tsglog/tsg_master
-POLICY_PRIORITY_LABEL=POLICY_PRIORITY
+LOG_PATH="./tsglog/app_sketch_local/app_sketch_local"
+
+[APP_SKETCH_FEEDBACK]
+QOS=1
+PUBLISH_TOPIC="APP_SIGNATURE_ID"
+#CLIENT_ID=
+BROKER_IP="{{ firewall.APP_SKETCH_BROKER_IP }}"
+BROKER_PORT="{{ firewall.APP_SKETCH_BROKER_PORT }}"
+
+[APP_PROTO_ENGINE]
+license_path=/data/app_proto_engine/license

roles/firewall/templates/tsg_conn_sketch.inf.j2

@@ -0,0 +1,46 @@
+[PLUGINFO]
+PLUGNAME=TSG_CONN_SKETCH
+SO_PATH=./plug/business/tsg_conn_sketch/tsg_conn_sketch.so
+INIT_FUNC=tsg_conn_record_init
+DESTROY_FUNC=tsg_conn_record_destroy
+
+
+[TCP]
+FUNC_FLAG=ALL
+FUNC_NAME=tsg_record_tcp_entry
+
+[TCP_ALL]
+FUNC_FLAG=ALL
+FUNC_NAME=tsg_record_tcpall_entry
+
+[UDP]
+FUNC_FLAG=ALL
+FUNC_NAME=tsg_record_udp_entry
+
+[HTTP]
+FUNC_FLAG=ALL
+FUNC_NAME=tsg_record_http_entry
+
+[SSL]
+FUNC_FLAG=SSL_CLIENT_HELLO,SSL_SERVER_HELLO,SSL_APPLICATION_DATA,SSL_CERTIFICATE_DETAIL
+FUNC_NAME=tsg_record_ssl_entry
+
+[DNS]
+FUNC_FLAG=ALL
+FUNC_NAME=tsg_record_dns_entry
+
+[MAIL]
+FUNC_FLAG=ALL
+FUNC_NAME=tsg_record_mail_entry
+
+[RTP]
+FUNC_FLAG=ALL
+FUNC_NAME=tsg_record_rtp_entry
+
+[SIP]
+FUNC_FLAG=ALL
+FUNC_NAME=tsg_record_sip_entry
+
+[FTP]
+FUNC_FLAG=ALL
+FUNC_NAME=tsg_record_ftp_entry