sapp更新4.0.8

.gitignore

@@ -1,2 +0,0 @@
-.vscode
-*.retry

adc_inline_device_access/group_vars/all.yml

@@ -1,74 +0,0 @@
-maat_redis_server:
-    address: "192.168.41.206"
-    port: 7002
-    db: 0
-
-dynamic_maat_redis_server:
-    address: "192.168.41.206"
-    port: 7002
-    db: 1
-
-cert_store_server:
-    address: "192.168.100.1"
-    port: 9991
-
-log_kafkabrokers:
-    address: "192.168.41.204:9092"
-
-log_minio:
-    address: "192.168.41.206"
-    port: 9090
-
-fs_remote:
-    switch: 1
-    address: "192.168.100.1"
-    port: 58125
-
-nic_transparent_mode:
-    enable: 0
-
-run_as_tun_mode: 0
-package_source: "local"
-
-install_dns_debug: "yes"
-install_ftp_debug: "yes"
-install_http_debug: "yes"
-install_mail_debug: "yes"
-install_ssl_debug: "yes"
-install_fw_dns_plug_debug: "yes"
-install_fw_ftp_plug_debug: "yes"
-install_fw_http_plug_debug: "yes"
-install_fw_mail_plug_debug: "yes"
-install_tsg_master: "yes"
-
-kni:
-    global:
-        log_level: 10
-        tfe_node_count: 3
-    watch_dog:
-        switch: 1
-    maat:
-        readconf_mode: 2
-    send_logger:
-        switch: 1
-    tfe_nodes:
-        - tfe0:
-              enabled: 1
-        - tfe1:
-              enabled: 1
-        - tfe2:
-              enabled: 1
-tfe:
-    nr_threads: 16
-    mc_cache_eth: ens1.100
-    keykeeper:
-        mode: "normal"
-        no_cache: 0
-
-mrzcpd:
-    iocore: 47
-
-mrtunnat:
-    lcore_id: 46
-
-

adc_inline_device_access/hosts

@@ -1,24 +0,0 @@
-[all:vars]
-ansible_user=root
-package_source=local
-
-[blade-mxn]
-192.168.40.170
-
-[blade-00]
-192.168.40.166
-
-[blade-01]
-192.168.40.167
-
-[blade-02]
-192.168.40.168
-
-[blade-03]
-192.168.40.169
-
-[Functional_Host:children]
-blade-00
-blade-01
-blade-02
-blade-03

adc_tera_access/group_vars/all.yml

@@ -1,73 +0,0 @@
-maat_redis_server:
-    address: "192.168.41.206"
-    port: 7002
-    db: 0
-
-dynamic_maat_redis_server:
-    address: "192.168.41.206"
-    port: 7002
-    db: 1
-
-cert_store_server:
-    address: "192.168.100.1"
-    port: 9991
-
-log_kafkabrokers:
-    address: "192.168.41.204:9092"
-
-log_minio:
-    address: "192.168.41.206"
-    port: 9090
-
-fs_remote:
-    switch: 1
-    address: "192.168.100.1"
-    port: 58125
-
-nic_transparent_mode:
-    enable: 0
-
-run_as_tun_mode: 0
-package_source: "local"
-
-install_dns_debug: "yes"
-install_ftp_debug: "yes"
-install_http_debug: "yes"
-install_mail_debug: "yes"
-install_ssl_debug: "yes"
-install_fw_dns_plug_debug: "yes"
-install_fw_ftp_plug_debug: "yes"
-install_fw_http_plug_debug: "yes"
-install_fw_mail_plug_debug: "yes"
-install_tsg_master: "yes"
-
-kni:
-    global:
-        log_level: 10
-        tfe_node_count: 3
-    watch_dog:
-        switch: 1
-    maat:
-        readconf_mode: 2
-    send_logger:
-        switch: 1
-    tfe_nodes:
-        - tfe0:
-              enabled: 1
-        - tfe1:
-              enabled: 1
-        - tfe2:
-              enabled: 1
-tfe:
-    nr_threads: 16
-    keykeeper:
-        mode: "normal"
-        no_cache: 0
-
-mrzcpd:
-    iocore: 47
-
-mrtunnat:
-    lcore_id: 46
-
-

adc_tera_access/group_vars/blade-00.yml

@@ -1,14 +0,0 @@
-nic_mgr:
-    name: enp6s0
-nic_data_incoming:
-    name: ens1f4
-    address: 127.0.0.1
-nic_inner_ctrl:
-    name: ens1.100
-nic_to_tfe:
-    tfe0:
-        name: ens1f5
-    tfe1:
-        name: ens1f6
-    tfe2:
-        name: ens1f7

adc_tera_access/group_vars/blade-01.yml

@@ -1,11 +0,0 @@
-nic_mgr:
-    name: enp6s0
-nic_data_incoming:
-    name: ens1f1
-    mac: AA:BB:CC:DD:EE:FF
-    address: 127.0.0.1
-nic_inner_ctrl:
-    name: ens1.100
-nic_traffic_mirror:
-    name: ens1f2
-    use_mrzcpd: 1

adc_tera_access/group_vars/blade-02.yml

@@ -1,10 +0,0 @@
-nic_mgr:
-    name: enp6s0
-nic_data_incoming:
-    name: ens8f1
-    mac: AA:BB:CC:DD:EE:FF
-nic_inner_ctrl:
-    name: ens8.100
-nic_traffic_mirror:
-    name: ens8f2
-    use_mrzcpd: 1

adc_tera_access/group_vars/blade-03.yml

@@ -1,10 +0,0 @@
-nic_mgr:
-    name: enp6s0
-nic_data_incoming:
-    name: ens8f1
-    mac: AA:BB:CC:DD:EE:FF
-nic_inner_ctrl:
-    name: ens8.100
-nic_traffic_mirror:
-    name: ens8f2
-    use_mrzcpd: 1

clear_redis_cache.yml

@@ -1,6 +0,0 @@
-- hosts: blade-00
-  tasks:
-  - name: "killall certstore"
-    command: "killall certstore"
-  - name: "clear redis cache"
-    command: "redis-cli flushdb"

deploy.yml

@@ -5,35 +5,37 @@
 
 - hosts: blade-00
   roles:
-    - tsg-env-mcn0
+#    - tsg-env-mcn0
     - mrzcpd
     - sapp
     - kni
     - firewall
+    - http_healthcheck
+    - clotho
     - certstore
     - cert-redis
 
 - hosts: blade-01
   roles:
-    - tsg-env-mcn1
+#    - tsg-env-mcn1
     - mrzcpd
     - tfe
 
 - hosts: blade-02
   roles:
-    - tsg-env-mcn2
+#    - tsg-env-mcn2
     - mrzcpd
     - tfe
 
 - hosts: blade-03
   roles:
-    - tsg-env-mcn3
+#    - tsg-env-mcn3
     - mrzcpd
     - tfe
 
 - hosts: blade-mxn
   roles:
-    - tsg-env-mxn
+#    - tsg-env-mxn
 
 - hosts: pc-as-tun-mode
   roles:
@@ -44,6 +46,8 @@
     - sapp
     - kni
     - firewall
+    - http_healthcheck
+    - clotho
     - certstore
     - cert-redis
     - tfe

install_config/group_vars/all.yml

@@ -1,3 +1,7 @@
+########################################
+tsg_access_type: 0
+
+########################################
 maat_redis_server:
   address: "192.168.40.168"
   port: 7002
@@ -24,20 +28,12 @@ fs_remote:
   address: "127.0.0.1"
   port: 8125
   
-install_dns_debug: "yes"
-install_ftp_debug: "yes"
-install_http_debug: "yes"
-install_mail_debug: "yes"
-install_ssl_debug: "yes"
-install_fw_dns_plug_debug: "yes"
-install_fw_ftp_plug_debug: "yes"
-install_fw_http_plug_debug: "yes"
-install_fw_mail_plug_debug: "yes"
-install_tsg_master: "yes"
-
+########################################
 sapp:
   worker_threads: 16
+  bind_mask: 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16
 
+########################################
 kni:
   global:
     log_level: 30
@@ -55,6 +51,8 @@ kni:
         enabled: 1
     - tfe2:
         enabled: 1
+
+########################################
 tfe:
   nr_threads: 32
   mc_cache_eth: lo 
@@ -62,12 +60,14 @@ tfe:
     mode: "normal"
     no_cache: 0
 
+########################################
 mrzcpd:
   iocore: 39
 
 mrtunnat:
   lcore_id: 38
 
+########################################
 nic_mgr:
   name: eth0
 nic_data_incoming:
@@ -85,4 +85,3 @@ nic_transparent_mode:
   internel_interface: "eth2"
   external_interface: "eth3"
 
-run_as_tun_mode: 1

install_config/group_vars/blade-00.yml

@@ -13,3 +13,11 @@ nic_to_tfe:
         name: ens1f6
     tfe2:
         name: ens1f7
+
+AllotAccess:
+    virturlInterface_1: ens1f2.103
+    virturlInterface_2: ens1f2.104
+    virturlID_1: 103
+    virturlID_2: 104
+    vvipv4_mask: 24
+    vvipv6_mask: 64

install_config/hosts

@@ -2,11 +2,13 @@
 ansible_user=root
 package_source=local
 
+[pc-as-tun-mode]
+
 [blade-mxn]
 192.168.40.170
 
 [blade-00]
-192.168.40.166
+192.168.40.166 vvipv4_1= vvipv4_2= vvipv6_1= vvipv6_2=
 
 [blade-01]
 192.168.40.167
@@ -17,14 +19,8 @@ package_source=local
 [blade-03]
 192.168.40.169
 
-
 [Functional_Host:children]
 blade-00
 blade-01
 blade-02
 blade-03
-
-[Slave_Host:children]
-blade-01
-blade-02
-blade-03

pc_double_arm_access/hosts

@@ -1,6 +0,0 @@
-[all:vars]
-ansible_user=root
-package_source=local
-
-[pc-as-tun-mode]
-192.168.40.138

pulp-install.yml

@@ -1,3 +0,0 @@
-- hosts: blade-0*
-  roles:
-    - pulp-consumer

roles/certstore/tasks/main.yml

@@ -1,5 +1,4 @@
----
-- name: "copy redis and dependency to destination"
+- name: "copy certstore rpm to destination"
   synchronize:
     src: "{{ role_path }}/files/"
     dest: "/tmp/ansible_deploy/"
@@ -9,18 +8,19 @@
   tags: mkdir
 
 - name: install certstore
-  unarchive:
-    src: "{{ role_path }}/files/certstore-base-online-20200119.tar.gz"
-    dest: /home/tsg
+  yum:
+    name:
+      - /tmp/ansible_deploy/certstore-v20.04.3989072-1.el7.x86_64.rpm
+    state: present
 
 - name: template certstore configure file
   template:
     src: "{{ role_path }}/templates/cert_store.ini.j2"
-    dest: /home/tsg/certstore-base/conf/cert_store.ini
+    dest: /home/tsg/certstore/conf/cert_store.ini
 
-- name: bootup certstore
-  blockinfile:
-    marker: "## {mark} bootstrap certstore"
-    path: /etc/rc.d/rc.local
-    block: |
-      cd /home/tsg/certstore-base; ./r2_certstore
+- name: "start certstore"
+  systemd:
+    name: certstore.service
+    state: started
+    enabled: yes
+    daemon_reload: yes

roles/certstore/templates/cert_store.ini.j2

@@ -2,7 +2,7 @@
 #1:print on screen, 0:don't
 DEBUG_SWITCH = 1
 #10:DEBUG, 20:INFO, 30:FATAL
-RUN_LOG_LEVEL = 30
+RUN_LOG_LEVEL = 10
 RUN_LOG_PATH = ./logs
 [CONFIG]
 #Number of running threads
@@ -42,4 +42,4 @@ port = 6379
 #Maat monitors the Redsi server IP address and port number
 ip = {{ maat_redis_server.address }}
 port = {{ maat_redis_server.port }}
-dbindex =  {{ maat_redis_server.db }}
+dbindex =  {{ maat_redis_server.db }}

roles/clotho/files/clotho.service

@@ -0,0 +1,13 @@
+[Unit]
+Description=clotho
+After=network.target
+After=network-online.target
+Wants=network-online.target
+
+[Service]
+ExecStart=/home/mesasoft/clotho/clotho
+ExecStop=killall clotho
+Type=forking
+
+[Install]
+WantedBy=multi-user.target

roles/clotho/tasks/main.yml

@@ -0,0 +1,29 @@
+- name: "copy clotho rpm to destination server"
+  copy:
+    src: "{{ role_path }}/files/clotho-debug-1.0.0.-1.el7.x86_64.rpm"
+    dest: /tmp/ansible_deploy/
+
+- name: "copy  clotho.service to destination server"
+  copy:
+    src: "{{ role_path }}/files/clotho.service"
+    dest: /usr/lib/systemd/system
+    mode: 0755
+
+- name: "install clotho rpm from localhost"
+  yum:
+    name:
+      - /tmp/ansible_deploy/clotho-debug-1.0.0.-1.el7.x86_64.rpm
+    state: present
+
+- name: "Template the clotho.conf"
+  template:
+    src: "{{ role_path }}/templates/clotho.conf.j2"
+    dest: /home/mesasoft/clotho/conf/clotho.conf 
+  tags: template
+ 
+- name: "start clotho"
+  systemd:
+    name: clotho.service
+    enabled: yes
+    daemon_reload: yes
+

roles/clotho/templates/clotho.conf.j2

@@ -0,0 +1,7 @@
+[KAFKA]
+BROKER_LIST={{ log_kafkabrokers.address }}
+
+[SYSTEM]
+NIC_NAME={{ nic_mgr.name }}
+LOG_LEVEL=10
+LOG_PATH=log/clotho

roles/firewall/tasks/main.yml

@@ -4,86 +4,41 @@
     src: "{{ role_path }}/files/"
     dest: /tmp/ansible_deploy/
 
-- name: "install dns-debug rpms from localhost"
+- name: "install firewall packages"
   yum:
-    name:
+    name: "{{ fw_packages }}"
+    state: present
+  vars:
+    fw_packages:
       - /tmp/ansible_deploy/dns-debug-1.0.0.-1.el7.x86_64.rpm
-    state: present
-  when: install_dns_debug == "yes"
-
-- name: "install ftp-debug rpms from localhost"
-  yum:
-    name:
-      - /tmp/ansible_deploy/ftp-debug-1.0.0.-1.el7.x86_64.rpm
-    state: present
-  when: install_ftp_debug == "yes"
-
-- name: "install http-debug rpms from localhost"
-  yum:
-    name:
+      - /tmp/ansible_deploy/ftp-debug-1.0.2.1cddd55-1.el7.centos.x86_64.rpm
       - /tmp/ansible_deploy/http-debug-1.0.0.-1.el7.x86_64.rpm
-    state: present
-  when: install_http_debug == "yes"
- 
-- name: "install mail-debug rpms from localhost"
-  yum:
-    name:
       - /tmp/ansible_deploy/mail-debug-1.0.0.-1.el7.x86_64.rpm
-    state: present
-  when: install_mail_debug == "yes"
-
-- name: "install ssl-debug rpms from localhost"
-  yum:
-    name:   
       - /tmp/ansible_deploy/ssl-debug-1.0.0.-1.el7.x86_64.rpm
-    state: present
-  when: install_ssl_debug == "yes"
+      - /tmp/ansible_deploy/tsg_conn_record-1.0.0.2155660-1.el7.centos.x86_64.rpm
+      - /tmp/ansible_deploy/fw_dns_plug-debug-1.0.3.ea8e0f6-1.el7.centos.x86_64.rpm
+      - /tmp/ansible_deploy/fw_ftp_plug-debug-1.0.1.a5c1e05-1.el7.centos.x86_64.rpm
+      - /tmp/ansible_deploy/fw_http_plug-debug-1.0.8.620f455-1.el7.centos.x86_64.rpm
+      - /tmp/ansible_deploy/fw_mail_plug-debug-1.0.2.f513698-1.el7.centos.x86_64.rpm
+      - /tmp/ansible_deploy/fw_ssl_plug-1.0.1.d232f96-1.el7.centos.x86_64.rpm
+      - /tmp/ansible_deploy/capture_packet_plug-debug-1.0.0.-1.el7.x86_64.rpm
+      - /tmp/ansible_deploy/clotho-debug-1.0.0.-1.el7.x86_64.rpm
 
-- name: "install fw_dns_plug-debug rpms from localhost"
-  yum:
-    name:
-      - /tmp/ansible_deploy/fw_dns_plug-debug-1.0.2.1c9d36d-1.el7.centos.x86_64.rpm
-    state: present
-  when: install_fw_dns_plug_debug == "yes" 
- 
-- name: "install fw_ftp_plug-debug rpms from localhost"
-  yum:
-    name:
-      - /tmp/ansible_deploy/fw_ftp_plug-debug-1.0.0.bd656e4-1.el7.centos.x86_64.rpm
-    state: present
-  when: install_fw_ftp_plug_debug == "yes"
-  
-- name: "install fw_http_plug-debug rpms from localhost"
-  yum:
-    name:
-      - /tmp/ansible_deploy/fw_http_plug-debug-1.0.3.3c95e78-1.el7.centos.x86_64.rpm
-    state: present
-  when: install_fw_http_plug_debug == "yes" 
- 
-- name: "install fw_mail_plug-debug rpms from localhost"
-  yum:
-    name:
-      - /tmp/ansible_deploy/fw_mail_plug-debug-1.0.1.8792ed8-1.el7.centos.x86_64.rpm
-    state: present
-  when: install_fw_mail_plug_debug == "yes"
-
-- name: "install tsg-master rpms from localhost"
-  yum:
-    name:
-      - /tmp/ansible_deploy/tsg_master-debug-1.0.1.f624b67-1.el7.centos.x86_64.rpm
-    state: present
-  when: install_tsg_master == "yes" 
-
-- name: Template the tsgconf/main.conf
+- name: "Template the tsgconf/main.conf"
   template:
     src: "{{ role_path }}/templates/main.conf.j2"
     dest: /home/mesasoft/sapp_run/tsgconf/main.conf
   tags: template
 
 
-- name: Template the tsgconf/maat.conf
+- name: "Template the tsgconf/maat.conf"
   template:
     src: "{{ role_path }}/templates/maat.conf.j2"
     dest: /home/mesasoft/sapp_run/tsgconf/maat.conf
   tags: template
 
+- name: "Template the conf/capture_packet_plug.conf.j2"
+  template:
+    src: "{{ role_path }}/templates/capture_packet_plug.conf.j2"
+    dest: /home/mesasoft/sapp_run/conf/capture_packet_plug.conf
+  tags: template

roles/firewall/templates/capture_packet_plug.conf.j2

@@ -0,0 +1,25 @@
+[MAAT]
+MAAT_MODE=2
+#EFFECTIVE_FLAG=
+STAT_SWITCH=1
+PERF_SWITCH=1
+TABLE_INFO=conf/capture_packet_tableinfo.conf
+STAT_FILE=capture_packet_maat.status
+EFFECT_INTERVAL_S=1
+REDIS_IP={{ maat_redis_server.address }}
+REDIS_PORT_NUM=1
+REDIS_PORT={{ maat_redis_server.port }}
+REDIS_INDEX=0
+JSON_CFG_FILE=conf/capture_packet_maat.json
+INC_CFG_DIR=capture_packet_rule/inc/index/
+FULL_CFG_DIR=capture_packet_rule/full/index/
+
+[LOG]
+NIC_NAME={{ nic_mgr.name }}
+BROKER_LIST={{ log_kafkabrokers.address }}
+FIELD_FILE=conf/capture_packet_log_field.conf
+
+[SYSTEM]
+LOG_LEVEL=10
+LOG_PATH=./tsglog/capture_packet_plug/capture_packet
+

roles/firewall/templates/main.conf.j2

@@ -2,21 +2,25 @@
 LOG_PATH=./tsglog/fw_ftp_plug/fw_ftp_plug
 LOG_LEVEL=10
 TIMEOUT=600
+
 [MAIL_PLUG]
 LOG_PATH=./tsglog/fw_mail_plug/fw_mail_plug
 LOG_LEVEL=10
 TIMEOUT=600
+
 [HTTP_PLUG]
 LOG_PATH=./tsglog/fw_http_plug/fw_http_plug
 LOG_LEVEL=10
+
 [DNS_PLUG]
 LOG_PATH=./tsglog/fw_dns_plug/fw_dns_plug
 LOG_LEVEL=10
+
 [MAAT]
 PROFILE=./tsgconf/maat.conf
-IP_ADDR_TABLE=TSG_OBJ_IP_ADDR
 SUBSCRIBER_ID_TABLE=TSG_OBJ_SUBSCRIBER_ID
 CB_SUBSCRIBER_IP_TABLE=TSG_DYN_SUBSCRIBER_IP
+IP_ADDR_TABLE=TSG_SECURITY_ADDR
 
 [TSG_LOG]
 MODE=1

roles/framework/tasks/main.yml

@@ -1,4 +1,3 @@
----
 - name: "copy framework rpms to destination server"
   synchronize:
     src: "{{ role_path }}/files/"
@@ -10,35 +9,7 @@
     state: present
   vars:
     packages:
-      - /tmp/ansible_deploy/dkms/dkms-2.7.1-1.el7.noarch.rpm
-      - /tmp/ansible_deploy/framework/framework-2.0.11.aad8b7e-1.el7.centos.x86_64.rpm
-
-- name: "install framework ld.conf"
-  synchronize:
-    src: "{{ role_path }}/files/framework/framework.conf"
-    dest: /etc/ld.so.conf.d/framework.conf
-
-- name: "install/update rulescan library"
-  synchronize:
-    src: "{{ role_path }}/files/rulescan/librulescan.so"
-    dest: /opt/MESA/lib/librulescan.so
-
-- name: "install/update maat library files"
-  synchronize:
-    src: "{{ role_path }}/files/maat/lib/"
-    dest: /opt/MESA/lib/
-
-- name: "create maat library symbol links - A"
-  file:
-    src: "libmaatframe.so.2.8"
-    path: /opt/MESA/lib/libmaatframe.so.2
-    state: link
-
-- name: "create maat library symbol links - B"
-  file:
-    src: "libmaatframe.so.2"
-    path: /opt/MESA/lib/libmaatframe.so
-    state: link
+      - /tmp/ansible_deploy/framework-debug-2.0.17.1e678c4-1.el7.centos.x86_64.rpm
 
 - name: "update ld"
   command: ldconfig

roles/http_healthcheck/tasks/main.yml

@@ -0,0 +1,10 @@
+- name: "copy http_healthcheck rpm to destination server"
+  copy:
+    src: "{{ role_path }}/files/"
+    dest: /tmp/ansible_deploy/
+
+- name: "install http_healthcheck from localhost"
+  yum:
+    name:
+      - /tmp/ansible_deploy/http_healthcheck-20.04-1.el7.x86_64.rpm
+    state: present

roles/kernel-ml/tasks/main.yml

@@ -9,6 +9,7 @@
     name:
       - /tmp/ansible_deploy/kernel/kernel-ml-5.1.8-1.el7.elrepo.x86_64.rpm
       - /tmp/ansible_deploy/kernel/kernel-ml-devel-5.1.8-1.el7.elrepo.x86_64.rpm
+      - /tmp/ansible_deploy/dkms-2.7.1-1.el7.noarch.rpm
     state: present
   register: t_kernel_ml
 

roles/kni/tasks/main.yml

@@ -7,7 +7,7 @@
 - name: "install kni rpms from localhost"
   yum:
     name:
-      - /tmp/ansible_deploy/kni-3.0.2.57bfa41-1.el7.x86_64.rpm
+      - /tmp/ansible_deploy/kni-20.04-1.el7.x86_64.rpm
     state: present
 
 - name: Template the kni.conf

roles/kni/templates/kni.conf.j2

@@ -3,7 +3,7 @@ log_path = ./log/kni/kni.log
 log_level = {{ kni.global.log_level }}
 tfe_node_count = {{ kni.global.tfe_node_count }}
 manage_eth = {{ nic_mgr.name }}
-{% if run_as_tun_mode %}
+{% if tsg_access_type == 0 %}
 deploy_mode = tun
 {% else %}
 deploy_mode = normal
@@ -11,7 +11,7 @@ deploy_mode = normal
 tun_name = tun_kni
 src_mac_addr = 00:0e:c6:d6:72:c1
 dst_mac_addr = fe:65:b7:03:50:bd
-{% if run_as_tun_mode %}
+{% if tsg_access_type == 0 %}
 {% else %}
 [tfe0]
 enabled = 1

roles/mrzcpd/tasks/main.yml

@@ -6,7 +6,7 @@
 
 - name: "install mrzcpd"
   yum:
-    name: /tmp/ansible_deploy/mrzcpd-4.3.15.7b8ad9e-1.el7.x86_64.rpm
+    name: /tmp/ansible_deploy/mrzcpd-4.3.18.f543325-1.el7.x86_64.rpm
     state: present
 
 - name: "update sysconfig/mrzcpd"
@@ -20,17 +20,37 @@
     dest: /opt/mrzcpd/etc/mrglobal.conf
   when: nic_traffic_mirror is defined
 
-- name: "update mrglobal.conf - master blade"
+- name: "update mrglobal.conf.inline - blade00"
   template:
     src: "{{ role_path }}/templates/mrglobal.conf.inline.j2"
     dest: /opt/mrzcpd/etc/mrglobal.conf
-  when: nic_traffic_mirror is not defined
+  when: 
+    - nic_traffic_mirror is not defined
+    - tsg_access_type == 1
 
-- name: "update mrtunnat.conf - master blade"
+- name: "update mrglobal.conf.allot - blade00"
+  template:
+    src: "{{ role_path }}/templates/mrglobal.conf.allot_access.j2"
+    dest: /opt/mrzcpd/etc/mrglobal.conf
+  when: 
+    - nic_traffic_mirror is not defined
+    - tsg_access_type == 2
+
+- name: "update mrtunnat.conf.inline - blade00"
   template:
     src: "{{ role_path }}/templates/mrtunnat.conf.inline.j2"
     dest: /opt/mrzcpd/etc/mrtunnat.conf
-  when: nic_traffic_mirror is not defined
+  when: 
+    - nic_traffic_mirror is not defined
+    - tsg_access_type == 1
+
+- name: "update mrtunnat.conf.allot_access - blade00"
+  template:
+    src: "{{ role_path }}/templates/mrtunnat.conf.allot_access.j2"
+    dest: /opt/mrzcpd/etc/mrtunnat.conf
+  when: 
+    - nic_traffic_mirror is not defined
+    - tsg_access_type == 2
 
 - name: "enable mrenv"
   systemd:
@@ -38,13 +58,6 @@
     enabled: yes
     daemon_reload: yes
 
-#- name: "mask mrenv"
-#  systemd:
-#    name: mrenv
-#    masked: yes
-#    daemon_reload: yes
-#  when: nic_traffic_mirror.use_mrzcpd == 0
-
 - name: "enable mrzcpd"
   systemd:
     name: mrzcpd
@@ -64,11 +77,3 @@
     enabled: 0
     daemon_reload: yes
   when: nic_traffic_mirror is defined
-
-
-#- name: "mask mrzcpd"
-#  systemd:
-#    name: mrzcpd
-#    masked: yes
-#    daemon_reload: yes
-#  when: nic_traffic_mirror.use_mrzcpd == 0

roles/mrzcpd/templates/mrglobal.conf.allot_access.j2

@@ -0,0 +1,68 @@
+[device]
+device=ens1f4,ens1f5,ens1f6,ens1f7,vxlan_user,vxlan_fwd
+sz_tunnel=8192
+sz_buffer=0
+
+[device:ens1f4]
+jumbo_frame=1
+max_rx_pkt_len=15360
+clear_tx_flags=1
+vlan-filter=0
+vlan-id-allow={{ AllotAccess.virturlID_1 }},{{ AllotAccess.virturlID_2 }}
+vlan-pvid=0
+vlan-pvid-mode=2
+
+[device:ens1f5]
+jumbo_frame=1
+max_rx_pkt_len=15360
+clear_tx_flags=1
+promisc=1
+
+[device:ens1f6]
+jumbo_frame=1
+max_rx_pkt_len=15360
+clear_tx_flags=1
+promisc=1
+
+[device:ens1f7]
+jumbo_frame=1
+max_rx_pkt_len=15360
+clear_tx_flags=1
+promisc=1
+
+[service]
+# lcore id for i/o service, use comma to split
+iocore={{ mrzcpd.iocore }}
+distmode=2
+hashmode=0
+
+[eal]
+virtaddr=0x7f40c4a00000
+loglevel=7
+
+[keepalive]
+check_spinlock=0
+
+[ctrlzone]
+ctrlzone0=tunnat,64
+
+[pool]
+create_mode=3
+sz_direct_pktmbuf=4194304
+sz_indirect_pktmbuf=8192
+sz_cache=256
+sz_data=4096
+
+[forward]
+nr_forward_rule=10
+forward_rule_0=pv,ens1f4,ens1f4
+forward_rule_1=vp,ens1f4,ens1f4
+forward_rule_2=vv,vxlan_fwd,vxlan_user
+forward_rule_3=vv,vxlan_user,vxlan_fwd
+forward_rule_4=pv,ens1f5,ens1f5
+forward_rule_5=vp,ens1f5,ens1f5
+forward_rule_6=pv,ens1f6,ens1f6
+forward_rule_7=vp,ens1f6,ens1f6
+forward_rule_8=pv,ens1f7,ens1f7
+forward_rule_9=vp,ens1f7,ens1f7
+

roles/mrzcpd/templates/mrtunnat.conf.allot_access.j2

@@ -0,0 +1,19 @@
+[tunnat]
+lcore_id={{ mrtunnat.lcore_id }}
+appsym=tunnat
+phydev=ens1f4
+virtdev=vxlan_fwd
+nr_max_sessions=524280
+nr_slots=1048576
+expire_time=60
+reverse_tunnel=0
+use_recent_tunnel=0
+use_tuple4_as_sskey=1
+ctrlzone_addr_info_type=2
+
+[vlan_flipping]
+enable=1
+c_router_vlan_id_0={{ AllotAccess.virturlID_1 }}
+i_router_vlan_id_0={{ AllotAccess.virturlID_2 }}
+en_mac_flipping_0=1
+

roles/pulp-consumer/tasks/main.yml

@@ -1,29 +0,0 @@
----
-- name: "Install EPEL"
-  yum:
-    name: http://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
-    state: present
-
-- name: "Install Pulp Consumer Tools Repo"
-  get_url:
-    url: https://repos.fedorapeople.org/repos/pulp/pulp/rhel-pulp.repo
-    dest: /etc/yum.repos.d/rhel-pulp.repo
-
-- name: "Install Pulp Consumer Tools"
-  yum:
-    name:
-      - pulp-admin-client
-      - pulp-rpm-admin-extensions
-      - pulp-consumer-client
-      - pulp-rpm-consumer-extensions
-      - pulp-agent
-      - pulp-rpm-handlers
-      - pulp-rpm-yumplugins
-      - python-gofer-qpid
-    state: present
-    update_cache: yes
-
-- name: "Start Pulp Message Service"
-  systemd:
-    state: started
-    name: goferd

roles/sapp/tasks/main.yml

@@ -7,9 +7,19 @@
 - name: "install sapp rpms from localhost"
   yum:
     name:
-      - /tmp/ansible_deploy/sapp-4.0.5.3385992-1.el7.x86_64.rpm
+    #  - /tmp/ansible_deploy/sapp-4.0.11.347f7b7-x86_64.rpm
+      - /tmp/ansible_deploy/tsg_master-debug-1.0.3.a4e2a7c-1.el7.centos.x86_64.rpm
     state: present
 
+- name: "judge sapp"
+  shell: rpm -qa |grep sapp
+  register: return
+  ignore_errors: true
+
+- name: "install sapp rpms from localhost"
+  shell: cd /tmp/ansible_deploy;rpm -ivh sapp-4.0.8.fb5bce9-1.el7.x86_64.rpm
+  when: return.rc != 0
+
 - name: make dir
   file:
     path: /home/mesasoft/sapp_run/tsgconf
@@ -37,7 +47,7 @@
   template:
     src: "{{ role_path }}/templates/gdev.conf.j2"
     dest: /home/mesasoft/sapp_run/etc/gdev.conf
-  tags: template
+  when: tsg_access_type == 1
   
 - name: "enable sapp"
   systemd:

roles/sapp/templates/conflist.inf.j2

@@ -1,5 +1,14 @@
 [platform]
+{% if tsg_access_type == 1 %}
 ./plug/platform/g_device_plug/g_device_plug.inf
+#./plug/platform/http_healthcheck/http_healthcheck.inf
+{% elif tsg_access_type == 2 %}
+#./plug/platform/g_device_plug/g_device_plug.inf
+./plug/platform/http_healthcheck/http_healthcheck.inf
+{% else %}
+#./plug/platform/g_device_plug/g_device_plug.inf
+#./plug/platform/http_healthcheck/http_healthcheck.inf
+{% endif %}
 ./plug/platform/tsg_master/tsg_master.inf
 
 [protocol]
@@ -16,4 +25,5 @@
 ./plug/business/fw_dns_plug/fw_dns_plug.inf
 ./plug/business/fw_mail_plug/fw_mail_plug.inf
 ./plug/business/fw_ftp_plug/fw_ftp_plug.inf
-./plug/business/tsg_conn_record/tsg_conn_record.inf
+./plug/business/tsg_conn_record/tsg_conn_record.inf
+./plug/business/capture_packet_plug/capture_packet_plug.inf

roles/sapp/templates/gdev.conf.j2

@@ -1,5 +1,5 @@
 [Module]
 pcapdevice={{ nic_data_incoming.name }}
 sendto_gdev_card={{ nic_data_incoming.name }}
-sendto_gdev_ip={{ nic_data_incoming.address }}
-gdev_status_switch=1
+sendto_gdev_ip={{ nic_data_incoming.ip }}
+gdev_status_switch=1

roles/sapp/templates/project_list.conf.j2

@@ -1,4 +1,7 @@
 tcp_flow_stat           struct
 udp_flow_stat           struct
 tcp_deduce_flow_stat    struct
-POLICY_PRIORITY	struct
+POLICY_PRIORITY	struct
+ESTABLISH_LATENCY	long
+MAIL_IDENTIFY	int
+

roles/sapp/templates/sapp.toml.j2

@@ -9,16 +9,16 @@
 instance_name = "sapp4"
 
 [CPU]
-{% if run_as_tun_mode %}
+{% if tsg_access_type == 0 %}
 worker_threads=1
 {% else %}
 worker_threads={{ sapp.worker_threads }}
 {% endif %}
 ### note, bind_mask, if you do not want to bind thread to special CPU core, keep it empty as []
-{% if run_as_tun_mode %}
+{% if tsg_access_type == 0 %}
 bind_mask=[]
 {% else %}
-bind_mask=[1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16]
+bind_mask=[{{ sapp.bind_mask }}]
 {% endif %}
 
 [PACKET_IO]
@@ -27,7 +27,7 @@ BSD_packet_filter=""
    
 ### note, depolyment.mode options: [mirror, inline, transparent]
     [packet_io.depolyment]
-    {% if nic_transparent_mode.enable %}
+    {% if nic_transparent_mode.enable == 1 %}
     mode=transparent
     {% else %}
     mode=inline
@@ -35,7 +35,7 @@ BSD_packet_filter=""
 
 ### note, interface.type options: [pag,pcap,marsio]
     [packet_io.internal.interface]
-    {% if nic_transparent_mode.enable %}
+    {% if nic_transparent_mode.enable == 1 %}
     type={{nic_transparent_mode.mode}}
     name={{nic_transparent_mode.internel_interface}}
     {% else %}

roles/tfe/tasks/main.yml

@@ -7,18 +7,9 @@
 - name: "install tfe rpms from localhost"
   yum:
     name:
-      - /tmp/ansible_deploy/tfe-kmod-v1.0.4.20190923-1dkms.noarch.rpm
-      - /tmp/ansible_deploy/tfe-4.3.0.202001081429550800.92060ee-1.el7.x86_64.rpm
+      - /tmp/ansible_deploy/tfe-kmod-v1.0.5.20200408-1dkms.noarch.rpm
+      - /tmp/ansible_deploy/tfe-4.3.1.cc89b5b-1.el7.x86_64.rpm
     state: present
-  when: package_source == "local"
-
-- name: "install tfe rpms from pulp"
-  yum:
-    name:
-      - /tmp/ansible_deploy/tfe-kmod-v1.0.4.20190923-1dkms.noarch.rpm
-      - tfe
-    state: latest
-  when: package_source == "pulp"
 
 - name: "template tfe-env config"
   template:
@@ -56,14 +47,6 @@
     name: tfe-env
     enabled: yes
     daemon_reload: yes
-  when: not run_as_tun_mode
-
-- name: "enable tfe-env-tun"
-  systemd:
-    name: tfe-env-tun-mode
-    enabled: yes
-    daemon_reload: yes
-  when: run_as_tun_mode
 
 - name: "enable tfe"
   systemd:

roles/tfe/templates/tfe-env-config.j2

@@ -5,7 +5,7 @@ TFE_PEER_MAC_DATA_INCOMING=aa:bb:cc:dd:ee:ff
 TFE_LOCAL_IP_DATA_INCOMING=172.16.241.2
 TFE_PEER_IP_DATA_INCOMING=172.16.241.1
 
-{% if run_as_tun_mode %}
+{% if tsg_access_type == 0 %}
 TFE_WATCHDOG_DEVICE={{ nic_inner_ctrl.name }}
 TFE_WATCHDOG_IP=192.168.100.1
 {% endif %}

roles/tsg-env-mcn0/tasks/main.yml

@@ -2,8 +2,16 @@
 - name: "copy setup script"
   copy:
     src: "{{ role_path }}/files/setup"
-    dest: "/opt/tsg/env/"   
+    dest: /opt/tsg/env/   
     mode: 0755   
+  when: tsg_access_type == 1
+
+- name: "Template setup script"
+  template:
+    src: "{{ role_path }}/templates/setup.AllotAccess.j2"
+    dest: /opt/tsg/env/setup
+    mode: 0755
+  when: tsg_access_type == 2
 
 - name: "copy switch_control_client_non_block"
   copy:

roles/tsg-env-mcn0/templates/setup.AllotAccess.j2

@@ -0,0 +1,144 @@
+#!/bin/bash
+# set -x
+
+CURRENT_PATH=`dirname $0`
+TP_SVR=192.168.100.5
+TP_PORT=10000
+REMOTE_CONTROL_BIN=switch_control_client_non_block
+
+function get_netdev_by_pci()
+{
+  DEV_LIST=`ifconfig -a |grep flags |awk -F: '{print $1}'`
+  for i in ${DEV_LIST}
+  do
+    ethtool -i ${i} |grep bus-info |grep "$1" > /dev/null 2>&1
+    if [ $? -eq 0 ];then
+      TARGET=${i}
+      break
+    fi
+  done
+
+  echo ${TARGET}
+}
+
+function pf_setup()
+{
+  ifconfig ens1 up
+
+  modprobe 8021q
+  vconfig add ens1 100
+  vconfig set_flag ens1.100 1 1
+  ifconfig ens1.100 192.168.100.1 netmask 255.255.255.0 up
+  sleep 1
+}
+
+function vf_setup()
+{
+  echo 8 > /sys/class/net/ens1/device/sriov_numvfs
+  sleep 5
+
+  ifconfig ens1f3 up
+  ip link set ens1 vf 2 vlan 200
+  ifconfig ens1f3 192.168.200.1 netmask 255.255.255.0
+
+  ifconfig ens1f1 up
+  ifconfig ens1f2 up
+  ifconfig ens1f3 up
+  ifconfig ens1f4 up
+  ifconfig ens1f5 up
+  ifconfig ens1f6 up
+  ifconfig ens1f7 up
+  ifconfig enp1s1 up
+
+  sleep 5
+}
+
+function bring_down_pfvf()
+{
+  echo 0 > /sys/class/net/ens1/device/sriov_numvfs
+  ifconfig ens1 down
+  sleep 3
+}
+
+function AllotAccessNetworkModel()
+{
+  ip link add link ens1f2 name {{ AllotAccess.virturlInterface_1 }} type vlan id {{ AllotAccess.virturlID_1 }}
+  ip link add link ens1f2 name {{ AllotAccess.virturlInterface_2 }} type vlan id {{ AllotAccess.virturlID_2 }}
+  ip addr add {{ vvipv4_1 }}/{{ AllotAccess.vvipv4_mask }} dev {{ AllotAccess.virturlInterface_1 }}
+  ip addr add {{ vvipv4_2 }}/{{ AllotAccess.vvipv4_mask }} dev {{ AllotAccess.virturlInterface_2 }}
+  ip -6addr add {{ vvipv6_1 }}/{{ AllotAccess.vvipv6_mask }} dev {{ AllotAccess.virturlInterface_1 }}
+  ip -6addr add {{ vvipv6_2 }}/{{ AllotAccess.vvipv6_mask }} dev {{ AllotAccess.virturlInterface_2 }}
+}
+
+# Main loop
+while :
+do
+  FAIL_FLAG=0
+
+  # Make sure PF is valid
+  ping ${TP_SVR} -c 1 
+  if [ $? -ne 0 ];then
+    echo "Please make sure switch board is up."
+    bring_down_pfvf
+    pf_setup
+    continue
+  fi
+
+  # Make sure TestPoint is up.
+  ${CURRENT_PATH}/${REMOTE_CONTROL_BIN} -s ${TP_SVR} -n ${TP_PORT} -c "show version"
+  if [ $? -ne 0 ];then
+    echo "Cannot reach TestPoint!"
+    echo "Please make sure TestPoint is up and in remote-listen mode."
+    sleep 5
+    continue
+  fi
+
+  # Create VFs and get MAC addresses
+  vf_setup
+
+  PF=`get_netdev_by_pci 01:00.0`
+  VF1=`get_netdev_by_pci 01:00.1`
+  VF2=`get_netdev_by_pci 01:00.2`
+  VF3=`get_netdev_by_pci 01:00.3`
+  VF4=`get_netdev_by_pci 01:00.4`
+  VF5=`get_netdev_by_pci 01:00.5`
+  VF6=`get_netdev_by_pci 01:00.6`
+  VF7=`get_netdev_by_pci 01:00.7`
+  VF8=`get_netdev_by_pci 01:01.0`
+
+  MAC1=`ifconfig ${VF1} |grep ether |awk -F' ' '{print $2}'`
+  MAC2=`ifconfig ${VF2} |grep ether |awk -F' ' '{print $2}'`
+  MAC3=`ifconfig ${VF3} |grep ether |awk -F' ' '{print $2}'`
+  MAC4=`ifconfig ${VF4} |grep ether |awk -F' ' '{print $2}'`
+  MAC5=`ifconfig ${VF5} |grep ether |awk -F' ' '{print $2}'`
+  MAC6=`ifconfig ${VF6} |grep ether |awk -F' ' '{print $2}'`
+  MAC7=`ifconfig ${VF7} |grep ether |awk -F' ' '{print $2}'`
+  MAC8=`ifconfig ${VF8} |grep ether |awk -F' ' '{print $2}'`
+  MAC9=`ifconfig ${PF} |grep ether |awk -F' ' '{print $2}'`
+
+  # Make sure VFs are valid
+  MAC_TABLE=`${CURRENT_PATH}/${REMOTE_CONTROL_BIN} -s ${TP_SVR} -n ${TP_PORT} -c "show mac table all"`
+
+  for i in ${MAC1} ${MAC2} ${MAC3} ${MAC4} ${MAC5} ${MAC6} ${MAC7} ${MAC8} ${MAC9}
+  do 
+    echo ${MAC_TABLE} |grep ${i} > /dev/null 2>&1
+    if [ $? -ne 0 ];then
+      echo "MAC ${i} is not in table!"
+      FAIL_FLAG=1
+      break
+    fi
+  done
+
+  if [ ${FAIL_FLAG} -eq 1 ];then
+      bring_down_pfvf
+      continue
+  fi
+
+  # Set_AllotAccessNetworkModel
+  AllotAccessNetworkModel
+
+  echo "PF/VF setup successful."
+  exit 0
+done
+
+

roles/tsg-env-mxn/tasks/main.yml

@@ -23,3 +23,10 @@
     enabled: yes
     daemon_reload: yes
 
+- name: "Template PM1.13_vlan_mac_flipping_saved_startup"
+  template:
+    src: "{{ role_path }}/templates/PM1.13_vlan_mac_flipping_saved_startup"
+    dest: /usr/local/testpoint/perl/Config/libertyTrail/saved_startup
+  when: tsg_access_type == 2
+
+    

roles/tsg-env-mxn/templates/PM1.13_inline_access_saved_startup

@@ -0,0 +1,148 @@
+# TestPoint History
+load ./Config/libertyTrail/testpoint_startup
+
+add vlan port 1 0
+
+create vlan 100
+add vlan port 100 0,11,37,39,41,43
+set port config 11 pvid 100
+set port config 11 mask 0,37,39,41,43
+set port config 0,11,39,37,41,43 learning on
+
+create vlan 200
+add vlan port 200 0,37,39,9,10,41,43
+set port config 0 mask 9..44
+set port config 37 mask 0..36,38..44
+set port config 39 mask 0..38,40..44
+set port config 41 mask 0..40,42..44
+set port config 43 mask 0..44
+set port config 0,39,37,41,43 learning on
+
+create vlan 1000
+add vlan port 1000 43
+create vlan 1001
+add vlan port 1001 43
+
+create lag
+add lag 9261 9,10
+add vlan port 200 9261
+set port config 9261 pvid 200
+set port config 9261 parser_cfg L4
+set port config 9261 learning on
+set port config 9261 mask 0,11..44
+
+create vlan all
+create lag
+add vlan port all 43
+add lag 9293 1,2,3,4
+add vlan port all 9293
+set port config 9293 parser_cfg L4
+set port config 9293 learning on
+set port config 9293 mask 0,5..44
+set vlan tagging all 1,2,3,4 tag
+set vlan tagging 1 1,2,3,4 untag
+
+create lag
+add lag 9325 5,6,7,8
+add vlan port all 9325
+set port config 9325 parser_cfg L4
+set port config 9325 learning on
+set port config 9325 mask 0..4,9..44
+set vlan tagging all 5,6,7,8 tag
+set vlan tagging 1 5,6,7,8 untag
+
+set port 37,39,41,43 powerdown
+set port 37,39,41,43 up
+set port 1..36 up
+
+set port config 11 parser_cfg L4
+set port config 37..44 parser_cfg L4
+
+set port config 11..36 max_frame_size 15360
+set switch reserved_mac all switch
+
+set switch config hashing l234 use_smac on
+set switch config hashing l234 use_dmac on
+set switch config hashing l234 use_l34 on 
+set switch config hashing l34 use_dip on
+set switch config hashing l34 use_sip on
+set switch config hashing l234 symmetric on 
+set switch config hashing l34 symmetric on
+
+
+set port config 9261,9293,9325 max_frame_size 15360
+create acl 1
+
+create acl-rule 1 61
+add acl-rule condition 1 61 src-glort 0x5803
+add acl-rule condition 1 61 vlan 1000
+add acl-rule action 1 61 redirect 7220
+add acl-rule action 1 61 vlan 1
+
+create acl-rule 1 62
+add acl-rule condition 1 62 src-glort 0x5803
+add acl-rule condition 1 62 vlan 1001
+add acl-rule action 1 62 redirect 7213
+add acl-rule action 1 62 vlan 1
+
+create acl-rule 1 100
+add acl-rule condition 1 100 src-glort 0x5803
+add acl-rule action 1 100 redirect 9293
+
+create acl-rule 1 101
+add acl-rule condition 1 101 src-port 1
+add acl-rule action 1 101 redirect 7216
+create acl-rule 1 102
+add acl-rule condition 1 102 src-port 2
+add acl-rule action 1 102 redirect 7216
+create acl-rule 1 103
+add acl-rule condition 1 103 src-port 3
+add acl-rule action 1 103 redirect 7216
+create acl-rule 1 104
+add acl-rule condition 1 104 src-port 4
+add acl-rule action 1 104 redirect 7216
+
+create acl-rule 1 200
+add acl-rule condition 1 200 src-glort 0x5804
+add acl-rule action 1 200 redirect 6189
+create acl-rule 1 201
+add acl-rule condition 1 201 src-glort 0x5805
+add acl-rule action 1 201 redirect 5165
+create acl-rule 1 202
+add acl-rule condition 1 202 src-glort 0x5806
+add acl-rule action 1 202 redirect 4141
+create acl-rule 1 203
+add acl-rule condition 1 203 src-glort 0x5000
+add acl-rule action 1 203 redirect 7217
+create acl-rule 1 204
+add acl-rule condition 1 204 src-glort 0x4800
+add acl-rule action 1 204 redirect 7218
+create acl-rule 1 205
+add acl-rule condition 1 205 src-glort 0x4000
+add acl-rule action 1 205 redirect 7219
+
+create acl-rule 1 301
+add acl-rule condition 1 301 src-glort 0x5807
+add acl-rule action 1 301 redirect 7216
+add acl-rule action 1 301 vlan 1000
+
+create acl-rule 1 302
+add acl-rule condition 1 302 src-glort 0x5800
+add acl-rule action 1 302 redirect 7216
+add acl-rule action 1 302 vlan 1001
+
+create acl-rule 1 401
+add acl-rule condition 1 401 src-glort 0x5001
+add acl-rule action 1 401 redirect 9325
+create acl-rule 1 402
+add acl-rule condition 1 402 src-glort 0x4801
+add acl-rule action 1 402 redirect 9325
+create acl-rule 1 403
+add acl-rule condition 1 403 src-glort 0x4001
+add acl-rule action 1 403  redirect 9325
+create acl-rule 1 404
+add acl-rule condition 1 404 src-glort 0x5801
+add acl-rule action 1 404  redirect 9325
+
+apply acl
+remote listen

roles/tsg-env-mxn/templates/PM1.13_vlan_mac_flipping_saved_startup

@@ -0,0 +1,347 @@
+# TestPoint History
+load ./Config/libertyTrail/testpoint_startup
+
+add vlan port 1 0
+
+create vlan 100
+add vlan port 100 0,11,37,39,41,43
+set port config 11 pvid 100
+set port config 11 mask 0,37,39,41,43
+set port config 0,11,39,37,41,43 learning on
+
+create vlan 200
+add vlan port 200 0,37,39,9,10,41,43
+set port config 0 mask 9..44
+set port config 37 mask 0..36,38..44
+set port config 39 mask 0..38,40..44
+set port config 41 mask 0..40,42..44
+set port config 43 mask 0..44
+set port config 0,39,37,41,43 learning on
+
+create vlan 4000
+add vlan port 4000 43
+create vlan 4001
+add vlan port 4001 43
+
+create lag
+add lag 9261 9,10
+add vlan port 200 9261
+set port config 9261 pvid 200
+set port config 9261 parser_cfg L4
+set port config 9261 learning on
+set port config 9261 mask 0,11..44
+
+create vlan all
+create lag
+add vlan port all 43
+add lag 9293 1,2,3,4
+add vlan port all 9293
+set port config 9293 parser_cfg L4
+set port config 9293 learning on
+set port config 9293 mask 0,5..44
+set vlan tagging all 1,2,3,4 tag
+set vlan tagging 1 1,2,3,4 untag
+
+create lag
+add lag 9325 5,6,7,8
+add vlan port all 9325
+set port config 9325 parser_cfg L4
+set port config 9325 learning on
+set port config 9325 mask 0..4,9..44
+set vlan tagging all 5,6,7,8 tag
+set vlan tagging 1 5,6,7,8 untag
+
+set port 37,39,41,43 powerdown
+set port 37,39,41,43 up
+set port 1..36 up
+
+set port config 11 parser_cfg L4
+set port config 37..44 parser_cfg L4
+
+set port config 11..36 max_frame_size 15360
+set switch reserved_mac all switch
+
+set switch config hashing l234 use_smac on
+set switch config hashing l234 use_dmac on
+set switch config hashing l234 use_l34 on 
+set switch config hashing l34 use_dip on
+set switch config hashing l34 use_sip on
+set switch config hashing l234 symmetric on 
+set switch config hashing l34 symmetric on
+
+
+set port config 9261,9293,9325 max_frame_size 15360
+create acl 1
+
+# Redirect all ARP request to ens1f2
+create acl-rule 1 40
+add acl-rule condition 1 40 src-port 1
+add acl-rule condition 1 40 ethtype 0x0806
+add acl-rule action 1 40 redirect 7214
+ 
+create acl-rule 1 41
+add acl-rule condition 1 41 src-port 2
+add acl-rule condition 1 41 ethtype 0x0806
+add acl-rule action 1 41 redirect 7214
+ 
+create acl-rule 1 42
+add acl-rule condition 1 42 src-port 3
+add acl-rule condition 1 42 ethtype 0x0806
+add acl-rule action 1 42 redirect 7214
+ 
+create acl-rule 1 43
+add acl-rule condition 1 43 src-port 4
+add acl-rule condition 1 43 ethtype 0x0806
+add acl-rule action 1 43 redirect 7214
+
+# Redirect all ICMPv4 to ens1f2 -- 10.0.0.0/8
+create acl-rule 1 44
+add acl-rule condition 1 44 src-port 1
+add acl-rule condition 1 44 protocol 0x1/0xff
+add acl-rule condition 1 44 sip 10.0.0.0/8
+add acl-rule condition 1 44 dip 10.0.0.0/8
+add acl-rule action 1 44 redirect 7214
+ 
+create acl-rule 1 45
+add acl-rule condition 1 45 src-port 2
+add acl-rule condition 1 45 protocol 0x1/0xff3
+add acl-rule condition 1 45 sip 10.0.0.0/8
+add acl-rule condition 1 45 dip 10.0.0.0/8
+add acl-rule action 1 45 redirect 7214
+ 
+create acl-rule 1 46
+add acl-rule condition 1 46 src-port 3
+add acl-rule condition 1 46 protocol 0x1/0xff
+add acl-rule condition 1 46 sip 10.0.0.0/8
+add acl-rule condition 1 46 dip 10.0.0.0/8
+add acl-rule action 1 46 redirect 7214
+ 
+create acl-rule 1 47
+add acl-rule condition 1 47 src-port 4
+add acl-rule condition 1 47 protocol 0x1/0xff
+add acl-rule condition 1 47 sip 10.0.0.0/8
+add acl-rule condition 1 47 dip 10.0.0.0/8
+add acl-rule action 1 47 redirect 7214
+
+# Redirect all ICMPv4 to ens1f2 -- 192.168.0.0/16
+create acl-rule 1 48
+add acl-rule condition 1 48 src-port 1
+add acl-rule condition 1 48 protocol 0x1/0xff
+add acl-rule condition 1 48 sip 192.168.0.0/16
+add acl-rule condition 1 48 dip 192.168.0.0/16
+add acl-rule action 1 48 redirect 7214
+ 
+create acl-rule 1 49
+add acl-rule condition 1 49 src-port 2
+add acl-rule condition 1 49 protocol 0x1/0xff3
+add acl-rule condition 1 49 sip 192.168.0.0/16
+add acl-rule condition 1 49 dip 192.168.0.0/16
+add acl-rule action 1 49 redirect 7214
+ 
+create acl-rule 1 50
+add acl-rule condition 1 50 src-port 3
+add acl-rule condition 1 50 protocol 0x1/0xff
+add acl-rule condition 1 50 sip 192.168.0.0/16
+add acl-rule condition 1 50 dip 192.168.0.0/16
+add acl-rule action 1 50 redirect 7214
+ 
+create acl-rule 1 51
+add acl-rule condition 1 51 src-port 4
+add acl-rule condition 1 51 protocol 0x1/0xff
+add acl-rule condition 1 51 sip 192.168.0.0/16
+add acl-rule condition 1 51 dip 192.168.0.0/16
+add acl-rule action 1 51 redirect 7214
+
+# Redirect all TCP with port 51218, for health check - 192.168.0.0/24
+create acl-rule 1 60
+add acl-rule condition 1 60 src-port 1
+add acl-rule condition 1 60 protocol 0x6/0xff
+add acl-rule condition 1 60 sip 192.168.0.0/16
+add acl-rule condition 1 60 dip 192.168.0.0/16
+add acl-rule condition 1 60 l4-dst-port 51218/0xffff
+add acl-rule action 1 60 redirect 7214
+ 
+create acl-rule 1 61
+add acl-rule condition 1 61 src-port 2
+add acl-rule condition 1 61 protocol 0x6/0xff
+add acl-rule condition 1 61 sip 192.168.0.0/16
+add acl-rule condition 1 61 dip 192.168.0.0/16
+add acl-rule condition 1 61 l4-dst-port 51218/0xffff
+add acl-rule action 1 61 redirect 7214
+
+create acl-rule 1 62
+add acl-rule condition 1 62 src-port 3
+add acl-rule condition 1 62 protocol 0x6/0xff
+add acl-rule condition 1 62 sip 192.168.0.0/16
+add acl-rule condition 1 62 dip 192.168.0.0/16
+add acl-rule condition 1 62 l4-dst-port 51218/0xffff
+add acl-rule action 1 62 redirect 7214
+ 
+create acl-rule 1 63
+add acl-rule condition 1 63 src-port 4
+add acl-rule condition 1 63 protocol 0x6/0xff
+add acl-rule condition 1 63 sip 192.168.0.0/16
+add acl-rule condition 1 63 dip 192.168.0.0/16
+add acl-rule condition 1 63 l4-dst-port 51218/0xffff
+add acl-rule action 1 63 redirect 7214
+
+# Redirect all TCP with port 51218, for health check - 10.0.0.0/8
+create acl-rule 1 64
+add acl-rule condition 1 64 src-port 1
+add acl-rule condition 1 64 protocol 0x6/0xff
+add acl-rule condition 1 64 sip 10.0.0.0/8
+add acl-rule condition 1 64 dip 10.0.0.0/8
+add acl-rule condition 1 64 l4-dst-port 51218/0xffff
+add acl-rule action 1 64 redirect 7214
+ 
+create acl-rule 1 65
+add acl-rule condition 1 65 src-port 2
+add acl-rule condition 1 65 protocol 0x6/0xff
+add acl-rule condition 1 65 sip 10.0.0.0/8
+add acl-rule condition 1 65 dip 10.0.0.0/8
+add acl-rule condition 1 65 l4-dst-port 51218/0xffff
+add acl-rule action 1 65 redirect 7214
+ 
+create acl-rule 1 66
+add acl-rule condition 1 66 src-port 3
+add acl-rule condition 1 66 protocol 0x6/0xff
+add acl-rule condition 1 66 sip 10.0.0.0/8
+add acl-rule condition 1 66 dip 10.0.0.0/8
+add acl-rule condition 1 66 l4-dst-port 51218/0xffff
+add acl-rule action 1 66 redirect 7214
+ 
+create acl-rule 1 67
+add acl-rule condition 1 67 src-port 4
+add acl-rule condition 1 67 protocol 0x6/0xff
+add acl-rule condition 1 67 sip 10.0.0.0/8
+add acl-rule condition 1 67 dip 10.0.0.0/8
+add acl-rule condition 1 67 l4-dst-port 51218/0xffff
+add acl-rule action 1 67 redirect 7214
+
+# Redirect all ICMPv6 link-scope packets
+create acl-rule 1 70
+add acl-rule condition 1 70 src-port 1
+add acl-rule condition 1 70 frame-type ipv6
+add acl-rule condition 1 70 ttl 255
+add acl-rule action 1 70 redirect 7214
+ 
+create acl-rule 1 71
+add acl-rule condition 1 71 src-port 2
+add acl-rule condition 1 71 frame-type ipv6
+add acl-rule condition 1 71 ttl 255
+add acl-rule action 1 71 redirect 7214
+ 
+create acl-rule 1 72
+add acl-rule condition 1 72 src-port 3
+add acl-rule condition 1 72 frame-type ipv6
+add acl-rule condition 1 72 ttl 255
+add acl-rule action 1 72 redirect 7214
+ 
+create acl-rule 1 73
+add acl-rule condition 1 73 src-port 4
+add acl-rule condition 1 73 frame-type ipv6
+add acl-rule condition 1 73 ttl 255
+add acl-rule action 1 73 redirect 7214
+
+create acl-rule 1 74
+add acl-rule condition 1 74 src-port 1
+add acl-rule condition 1 74 frame-type ipv6
+add acl-rule condition 1 74 sip fc00::/7
+add acl-rule condition 1 74 dip fc00::/7
+add acl-rule action 1 74 redirect 7214
+ 
+create acl-rule 1 75
+add acl-rule condition 1 75 src-port 2
+add acl-rule condition 1 75 frame-type ipv6
+add acl-rule condition 1 75 sip fc00::/7
+add acl-rule condition 1 75 dip fc00::/7
+add acl-rule action 1 75 redirect 7214
+ 
+create acl-rule 1 76
+add acl-rule condition 1 76 src-port 3
+add acl-rule condition 1 76 frame-type ipv6
+add acl-rule condition 1 76 sip fc00::/7
+add acl-rule condition 1 76 dip fc00::/7
+add acl-rule action 1 76 redirect 7214
+ 
+create acl-rule 1 77
+add acl-rule condition 1 77 src-port 4
+add acl-rule condition 1 77 frame-type ipv6
+add acl-rule condition 1 77 sip fc00::/7
+add acl-rule condition 1 77 dip fc00::/7
+add acl-rule action 1 77 redirect 7214
+
+create acl-rule 1 80
+add acl-rule condition 1 80 src-glort 0x5801
+add acl-rule action 1 80 redirect 9293
+
+create acl-rule 1 90
+add acl-rule condition 1 90 src-glort 0x5803
+add acl-rule condition 1 90 vlan 4000
+add acl-rule action 1 90 redirect 7220
+add acl-rule action 1 90 vlan 1
+
+create acl-rule 1 91
+add acl-rule condition 1 91 src-glort 0x5803
+add acl-rule condition 1 91 vlan 4001
+add acl-rule action 1 91 redirect 7213
+add acl-rule action 1 91 vlan 1
+
+create acl-rule 1 100
+add acl-rule condition 1 100 src-glort 0x5803
+add acl-rule action 1 100 redirect 9293
+
+create acl-rule 1 101
+add acl-rule condition 1 101 src-port 1
+add acl-rule action 1 101 redirect 7216
+create acl-rule 1 102
+add acl-rule condition 1 102 src-port 2
+add acl-rule action 1 102 redirect 7216
+create acl-rule 1 103
+add acl-rule condition 1 103 src-port 3
+add acl-rule action 1 103 redirect 7216
+create acl-rule 1 104
+add acl-rule condition 1 104 src-port 4
+add acl-rule action 1 104 redirect 7216
+
+create acl-rule 1 200
+add acl-rule condition 1 200 src-glort 0x5804
+add acl-rule action 1 200 redirect 6189
+create acl-rule 1 201
+add acl-rule condition 1 201 src-glort 0x5805
+add acl-rule action 1 201 redirect 5165
+create acl-rule 1 202
+add acl-rule condition 1 202 src-glort 0x5806
+add acl-rule action 1 202 redirect 4141
+create acl-rule 1 203
+add acl-rule condition 1 203 src-glort 0x5000
+add acl-rule action 1 203 redirect 7217
+create acl-rule 1 204
+add acl-rule condition 1 204 src-glort 0x4800
+add acl-rule action 1 204 redirect 7218
+create acl-rule 1 205
+add acl-rule condition 1 205 src-glort 0x4000
+add acl-rule action 1 205 redirect 7219
+
+create acl-rule 1 301
+add acl-rule condition 1 301 src-glort 0x5807
+add acl-rule action 1 301 redirect 7216
+add acl-rule action 1 301 vlan 4000
+
+create acl-rule 1 302
+add acl-rule condition 1 302 src-glort 0x5800
+add acl-rule action 1 302 redirect 7216
+add acl-rule action 1 302 vlan 4001
+
+create acl-rule 1 401
+add acl-rule condition 1 401 src-glort 0x5001
+add acl-rule action 1 401 redirect 9325
+create acl-rule 1 402
+add acl-rule condition 1 402 src-glort 0x4801
+add acl-rule action 1 402 redirect 9325
+create acl-rule 1 403
+add acl-rule condition 1 403 src-glort 0x4001
+add acl-rule action 1 403  redirect 9325
+
+apply acl
+remote listen

roles/tsg_master/tasks/main.yml

@@ -0,0 +1,10 @@
+- name: "copy tsg_master rpm to destination server"
+  copy:
+    src: "{{ role_path }}/files/"
+    dest: /tmp/ansible_deploy/
+
+- name: "install tsg_master from localhost"
+  yum:
+    name:
+      - /tmp/ansible_deploy/tsg_master-debug-1.0.3.a4e2a7c-1.el7.centos.x86_64.rpm
+    state: present

tsg-clear-coredumps.yml

@@ -1,30 +0,0 @@
-- hosts: blade-00
-  tasks:
-  - name: "blade incpt - find corefiles to delete"
-    find:
-      paths: 
-        - /
-        - /home/tsg/certstore-base/
-        - /home/mesasoft/sapp_run/
-      patterns: core.*
-    register: blade_incpt_corefiles_to_delete
-
-  - name: "blade incpt cleanup coredump"
-    file:
-      state: absent
-      path: '{{ item.path }}'
-    with_items: "{{ blade_incpt_corefiles_to_delete.files }}"
-
-- hosts: blade-01:blade-02:blade-03
-  tasks:
-  - name: "find corefiles to delete"
-    find:
-      paths: /opt/tsg/tfe/
-      patterns: core.*
-    register: ctrl_corefiles_to_delete
-
-  - name: "cleanup coredump"
-    file:
-      state: absent
-      path: '{{ item.path }}'
-    with_items: "{{ ctrl_corefiles_to_delete.files }}"

tsg-reboot.yml

@@ -1,9 +0,0 @@
-#- hosts: all
-#  tasks:
-#  - name: "reboot all"
-#    reboot:
-
-- hosts: Functional_Host
-  tasks:
-  - name: "reboot all compute blade"
-    reboot: