删除过期文件

2、同步修改deploy.yml
3、为tsgconf/main.conf增加一个kafka的动态配置
4、修改tfe.conf中mc_default_eth的动态配置变量
5、原certstore中的r2、r3文件含有dos字符，修复该问题

adc_tera_access/group_vars/all.yml

@@ -60,7 +60,6 @@ kni:
               enabled: 1
 tfe:
     nr_threads: 16
-    mc_cache_eth: ens1.100
     keykeeper:
         mode: "normal"
         no_cache: 0

deploy.yml

@@ -11,6 +11,7 @@
     - kni
     - firewall
     - certstore
+    - cert-redis
 
 - hosts: blade-01
   roles:
@@ -36,10 +37,13 @@
 
 - hosts: pc-as-tun-mode
   roles:
-    - mrzcpd
+    - kernel-ml
     - framework
+    - mrzcpd
+    - tsg-env-tun-mode
     - sapp
     - kni
     - firewall
     - certstore
+    - cert-redis
     - tfe

env-prod-astana/group_vars/all.yml

@@ -1,60 +0,0 @@
-maat_redis_server:
-    address: "10.4.35.1"
-    port: 6379
-    db: 0
-
-dynamic_maat_redis_server:
-    address: "10.4.35.1"
-    port: 6379
-    db: 1
-
-cert_store_server:
-    address: "192.168.100.1"
-    port: 9991
-
-log_kafkabrokers:
-    address: "10.4.35.7:9092,10.4.35.8:9092,10.4.35.9:9092,10.4.35.10:9092,10.4.35.11:9092"
-
-log_minio:
-    address: "10.4.35.1;"
-    port: 9000
-
-fs_remote:
-    switch: 1
-    address: "192.168.100.1"
-    port: 58125
-
-nic_transparent_mode:
-    enable: 0
-
-run_as_tun_mode: 0
-package_source: "local"
-
-kni:
-    global:
-        log_level: 10
-        tfe_node_count: 3
-    watch_dog:
-        switch: 1
-    send_logger:
-        switch: 1
-    tfe_nodes:
-        - tfe0:
-              enabled: 1
-        - tfe1:
-              enabled: 1
-        - tfe2:
-              enabled: 1
-tfe:
-    nr_threads: 16
-    keykeeper:
-        mode: "normal"
-        no_cache: 0
-
-mrzcpd:
-    iocore: 55
-
-mrtunnat:
-    lcore_id: 54
-
-

env-prod-astana/group_vars/blade-00.yml

@@ -1,14 +0,0 @@
-nic_mgr:
-    name: enp7s0
-nic_data_incoming:
-    name: ens1f4
-    address: 127.0.0.1
-nic_inner_ctrl:
-    name: ens1.100
-nic_to_tfe:
-    tfe0:
-        name: ens1f5
-    tfe1:
-        name: ens1f6
-    tfe2:
-        name: ens1f7

env-prod-astana/group_vars/blade-01.yml

@@ -1,11 +0,0 @@
-nic_mgr:
-    name: enp7s0
-nic_data_incoming:
-    name: ens1f1
-    mac: AA:BB:CC:DD:EE:FF
-    address: 127.0.0.1
-nic_inner_ctrl:
-    name: ens1.100
-nic_traffic_mirror:
-    name: ens1f2
-    use_mrzcpd: 1

env-prod-astana/group_vars/blade-02.yml

@@ -1,10 +0,0 @@
-nic_mgr:
-    name: enp7s0
-nic_data_incoming:
-    name: ens8f1
-    mac: AA:BB:CC:DD:EE:FF
-nic_inner_ctrl:
-    name: ens8.100
-nic_traffic_mirror:
-    name: ens8f2
-    use_mrzcpd: 1

env-prod-astana/group_vars/blade-03.yml

@@ -1,10 +0,0 @@
-nic_mgr:
-    name: enp7s0
-nic_data_incoming:
-    name: ens8f1
-    mac: AA:BB:CC:DD:EE:FF
-nic_inner_ctrl:
-    name: ens8.100
-nic_traffic_mirror:
-    name: ens8f2
-    use_mrzcpd: 1

env-prod-astana/hosts

@@ -1,100 +0,0 @@
-[all:vars]
-ansible_user=root
-
-[blade-mxn]
-10.4.164.23
-#10.4.164.24
-10.4.164.25
-10.4.164.26
-10.4.164.27
-10.4.164.28
-10.4.164.29
-
-[blade-00]
-10.4.39.9
-#10.4.39.13
-10.4.39.17
-10.4.39.21
-10.4.39.25
-10.4.39.29
-10.4.39.33
-
-[blade-01]
-10.4.39.10
-#10.4.39.14
-10.4.39.18
-10.4.39.22
-10.4.39.26
-10.4.39.30
-10.4.39.34
-
-[blade-02]
-10.4.39.11
-#10.4.39.15
-10.4.39.19
-10.4.39.23
-10.4.39.27
-10.4.39.31
-10.4.39.35
-
-[blade-03]
-10.4.39.12
-#10.4.39.16
-10.4.39.20
-10.4.39.24
-10.4.39.28
-10.4.39.32
-10.4.39.36
-
-[astana-adc-3]
-10.4.164.23
-10.4.39.9
-10.4.39.10
-10.4.39.11
-10.4.39.12
-
-[astana-adc-5]
-10.4.164.25
-10.4.39.17
-10.4.39.18
-10.4.39.19
-10.4.39.20
-
-[astana-adc-6]
-10.4.164.26
-10.4.39.21
-10.4.39.22
-10.4.39.23
-10.4.39.24
-
-[astana-adc-7]
-10.4.164.27
-10.4.39.25
-10.4.39.26
-10.4.39.27
-10.4.39.28
-
-[astana-adc-8]
-10.4.164.28
-10.4.39.29
-10.4.39.30
-10.4.39.31
-10.4.39.32
-
-[astana-adc-9]
-10.4.164.29
-10.4.39.33
-10.4.39.34
-10.4.39.35
-10.4.39.36
-
-[Functional_Host:children]
-blade-00
-blade-01
-blade-02
-blade-03
-
-[Slave_Host:children]
-blade-01
-blade-02
-blade-03

env-stage-hy/group_vars/all.yml

@@ -1,45 +0,0 @@
-maat_redis_server:
-    address: 192.168.100.3
-    port: 7002
-    db: 0
-
-dynamic_maat_redis_server:
-    address: 192.168.100.3
-    port: 7002
-    db: 0
-    
-cert_store_server:
-    address: 192.168.100.1
-    port: 9991
-
-log_kafkabrokers:
-    address: "192.168.100.4:9092"
-
-log_minio:
-    address: "192.168.100.4;"
-    port: 9000
-
-fs_remote:
-    switch: 0
-    address: "192.168.10.152"
-    port: 8125
-
-kni:
-    global:
-        log_level: 30
-        tfe_node_count: 3
-    watch_dog:
-        switch: 1
-    tfe_nodes:
-        - tfe0:
-              enabled: 1
-        - tfe1:
-              enabled: 1
-        - tfe2:
-              enabled: 1
-              
-tfe:
-    nr_threads: 32
-    keykeeper:
-        mode: "debug"
-        no_cache: 0

env-stage-hy/group_vars/blade-00.yml

@@ -1,13 +0,0 @@
-nic_mgr:
-    name: enp7s0
-nic_data_incoming:
-    name: ens1f4
-nic_inner_ctrl:
-    name: ens1.100
-nic_to_tfe:
-    tfe0:
-        name: ens1f5
-    tfe1:
-        name: ens1f6
-    tfe2:
-        name: ens1f7

env-stage-hy/group_vars/blade-01.yml

@@ -1,10 +0,0 @@
-nic_mgr:
-    name: enp7s0
-nic_data_incoming:
-    name: ens1f1
-    mac: AA:BB:CC:DD:EE:FF
-nic_inner_ctrl:
-    name: ens1.100
-nic_traffic_mirror:
-    name: ens1f2
-    use_mrzcpd: 1

env-stage-hy/group_vars/blade-02.yml

@@ -1,10 +0,0 @@
-nic_mgr:
-    name: enp7s0
-nic_data_incoming:
-    name: ens8f1
-    mac: AA:BB:CC:DD:EE:FF
-nic_inner_ctrl:
-    name: ens1.100
-nic_traffic_mirror:
-    name: ens8f2
-    use_mrzcpd: 1

env-stage-hy/group_vars/blade-03.yml

@@ -1,10 +0,0 @@
-nic_mgr:
-    name: enp7s0
-nic_data_incoming:
-    name: ens8f1
-    mac: AA:BB:CC:DD:EE:FF
-nic_inner_ctrl:
-    name: ens1.100
-nic_traffic_mirror:
-    name: ens8f2
-    use_mrzcpd: 1

env-stage-hy/hosts

@@ -1,12 +0,0 @@
-[all:vars]
-ansible_user=root
-
-[blade-00]
-192.168.10.41
-
-[blade-01]
-192.168.10.42
-
-[Functional_Host:children]
-blade-00
-blade-01

env-stage-pc/group_vars/all.yml

@@ -1,76 +0,0 @@
-maat_redis_server:
-  address: "192.168.40.83"
-  port: 7002
-  db: 0
-
-dynamic_maat_redis_server:
-  address: "192.168.40.83"
-  port: 7002
-  db: 0
-
-cert_store_server:
-  address: "127.0.0.1"
-  port: 9991
-
-log_kafkabrokers:
-  address: "192.168.40.85:9092"
-
-log_minio:
-  address: "192.168.40.85;"
-  port: 9000
-
-fs_remote:
-  switch: 1
-  address: "127.0.0.1"
-  port: 8125
-
-kni:
-  global:
-    log_level: 30
-    tfe_node_count: 3
-  watch_dog:
-    switch: 1
-  tfe_nodes:
-    - tfe0:
-        enabled: 1
-    - tfe1:
-        enabled: 1
-    - tfe2:
-        enabled: 1
-tfe:
-  nr_threads: 32
-  keykeeper:
-    mode: "normal"
-    no_cache: 0
-
-mrzcpd:
-  iocore: 47
-
-mrtunnat:
-  lcore_id: 46
-
-nic_mgr:
-  name: eth0
-nic_data_incoming:
-  name: tun_kni
-  address: 127.0.0.1
-nic_inner_ctrl:
-  name: lo
-nic_to_tfe:
-  tfe0:
-    name: lo
-  tfe1:
-    name: lo
-  tfe2:
-    name: lo
-nic_traffic_mirror:
-  name: lo
-  use_mrzcpd: 0
-
-nic_transparent_mode:
-  enable: 1
-  mode: pcap
-  internel_interface: "enp0s20f0u3"
-  external_interface: "enp0s20f0u4"
-
-run_as_tun_mode: 1

env-stage-pc/hosts

@@ -1,6 +0,0 @@
-[all:vars]
-ansible_user=root
-package_source=local
-
-[pc-as-tun-mode]
-192.168.40.85

env-stage-xxg/group_vars/all.yml

@@ -1,55 +0,0 @@
-maat_redis_server:
-    address: "192.168.40.120"
-    port: 7002
-    db: 0
-
-dynamic_maat_redis_server:
-    address: "192.168.40.120"
-    port: 7002
-    db: 1
-
-cert_store_server:
-    address: "192.168.40.161"
-    port: 9991
-
-log_kafkabrokers:
-    address: "192.168.40.119:9092"
-
-log_minio:
-    address: "192.168.40.223;"
-    port: 9000
-
-fs_remote:
-    switch: 1
-    address: "192.168.100.1"
-    port: 8125
-
-nic_transparent_mode:
-    enable: 0
-
-kni:
-    global:
-        log_level: 30
-        tfe_node_count: 3
-    watch_dog:
-        switch: 1
-    tfe_nodes:
-        - tfe0:
-              enabled: 1
-        - tfe1:
-              enabled: 1
-        - tfe2:
-              enabled: 1
-tfe:
-    nr_threads: 32
-    keykeeper:
-        mode: "normal"
-        no_cache: 0
-
-mrzcpd:
-    iocore: 47
-
-mrtunnat:
-    lcore_id: 46
-
-run_as_tun_mode: 1

env-stage-xxg/group_vars/blade-00.yml

@@ -1,14 +0,0 @@
-nic_mgr:
-    name: enp6s0
-nic_data_incoming:
-    name: ens1f4
-    address: 127.0.0.1
-nic_inner_ctrl:
-    name: ens1.100
-nic_to_tfe:
-    tfe0:
-        name: ens1f5
-    tfe1:
-        name: ens1f6
-    tfe2:
-        name: ens1f7

env-stage-xxg/group_vars/blade-01.yml

@@ -1,11 +0,0 @@
-nic_mgr:
-    name: enp6s0
-nic_data_incoming:
-    name: ens1f1
-    mac: AA:BB:CC:DD:EE:FF
-    address: 127.0.0.1
-nic_inner_ctrl:
-    name: ens1.100
-nic_traffic_mirror:
-    name: ens1f2
-    use_mrzcpd: 1

env-stage-xxg/group_vars/blade-02.yml

@@ -1,10 +0,0 @@
-nic_mgr:
-    name: enp6s0
-nic_data_incoming:
-    name: ens8f1
-    mac: AA:BB:CC:DD:EE:FF
-nic_inner_ctrl:
-    name: ens8.100
-nic_traffic_mirror:
-    name: ens8f2
-    use_mrzcpd: 1

env-stage-xxg/group_vars/blade-03.yml

@@ -1,10 +0,0 @@
-nic_mgr:
-    name: enp6s0
-nic_data_incoming:
-    name: ens8f1
-    mac: AA:BB:CC:DD:EE:FF
-nic_inner_ctrl:
-    name: ens8.100
-nic_traffic_mirror:
-    name: ens8f2
-    use_mrzcpd: 1

env-stage-xxg/hosts

@@ -1,24 +0,0 @@
-[all:vars]
-ansible_user=root
-package_source=pulp
-
-[blade-mxn]
-192.168.40.25
-
-[blade-00]
-192.168.40.21
-
-[blade-01]
-192.168.40.22
-
-[blade-02]
-192.168.40.23
-
-[blade-03]
-192.168.40.24
-
-[Functional_Host:children]
-blade-00
-blade-01
-blade-02
-blade-03

pc_double_arm_access/group_vars/all.yml

@@ -1,10 +1,10 @@
 maat_redis_server:
-  address: "192.168.40.83"
+  address: "192.168.40.168"
   port: 7002
   db: 0
 
 dynamic_maat_redis_server:
-  address: "192.168.40.83"
+  address: "192.168.40.168"
   port: 7002
   db: 0
 
@@ -13,10 +13,10 @@ cert_store_server:
   port: 9991
 
 log_kafkabrokers:
-  address: "192.168.40.85:9092"
+  address: "192.168.40.169:9092"
 
 log_minio:
-  address: "192.168.40.85;"
+  address: "192.168.40.168;"
   port: 9090
 
 fs_remote:
@@ -35,6 +35,9 @@ install_fw_http_plug_debug: "yes"
 install_fw_mail_plug_debug: "yes"
 install_tsg_master: "yes"
 
+sapp:
+  worker_threads: 16
+
 kni:
   global:
     log_level: 30
@@ -54,7 +57,7 @@ kni:
         enabled: 1
 tfe:
   nr_threads: 32
-  mc_cache_eth: ens1.100
+  mc_cache_eth: lo 
   keykeeper:
     mode: "normal"
     no_cache: 0
@@ -71,14 +74,7 @@ nic_data_incoming:
   name: tun_kni
   address: 127.0.0.1
 nic_inner_ctrl:
-  name: lo
-nic_to_tfe:
-  tfe0:
-    name: lo
-  tfe1:
-    name: lo
-  tfe2:
-    name: lo
+  name: eth0.100
 nic_traffic_mirror:
   name: lo
   use_mrzcpd: 0

pc_double_arm_access/hosts

@@ -3,4 +3,4 @@ ansible_user=root
 package_source=local
 
 [pc-as-tun-mode]
-192.168.40.139
+192.168.40.138

rc.local

@@ -1,13 +0,0 @@
-#!/bin/bash
-# THIS FILE IS ADDED FOR COMPATIBILITY PURPOSES
-#
-# It is highly advisable to create own systemd services or udev rules
-# to run scripts during boot instead of using this file.
-#
-# In contrast to previous versions due to parallel execution during boot
-# this script will NOT be run after all other services.
-#
-# Please note that you must run 'chmod +x /etc/rc.d/rc.local' to ensure
-# that this script will be executed during boot.
-
-touch /var/lock/subsys/local

roles/cert-redis/files/cert-redis/cert-redis.service

@@ -0,0 +1,16 @@
+[Unit]
+Description=Redis persistent key-value database
+After=network.target
+After=network-online.target
+Wants=network-online.target
+
+[Service]
+ExecStart=/usr/local/bin/start-cert-redis
+ExecStop=killall redis-server
+Type=forking
+RuntimeDirectory=redis
+RuntimeDirectoryMode=0755
+
+[Install]
+WantedBy=multi-user.target
+

roles/cert-redis/files/cert-redis/install.sh

@@ -0,0 +1,6 @@
+#!/bin/bash
+#
+cp -rf redis-server /usr/local/bin/
+cp -rf redis-cli /usr/local/bin
+cp -rf cert-redis.service /usr/lib/systemd/system/
+cp -rf start-cert-redis /usr/local/bin

roles/cert-redis/files/cert-redis/start-cert-redis

@@ -0,0 +1,4 @@
+#!/bin/bash
+#
+
+/usr/local/bin/redis-server /home/tsg/cert-redis/6379/6379.conf

roles/cert-redis/tasks/main.yml

@@ -0,0 +1,15 @@
+- name: "copy cert-redis to destination server"
+  copy:
+    src: "{{ role_path }}/files/"
+    dest: /home/tsg
+    mode: 0755
+
+- name: "install cert-redis"
+  shell: cd /home/tsg/cert-redis;sh install.sh
+
+- name: "start cert-redis"
+  systemd:
+    name: cert-redis.service
+    state: started
+    daemon_reload: yes
+    enabled: yes

roles/certstore/tasks/main.yml

@@ -4,26 +4,13 @@
     src: "{{ role_path }}/files/"
     dest: "/tmp/ansible_deploy/"
 
-#- name: "install redis"
-#  yum:
-#    name:
-#      - /tmp/ansible_deploy/jemalloc-3.6.0-1.el7.x86_64.rpm
-#      - /tmp/ansible_deploy/redis-3.2.12-2.el7.x86_64.rpm
-#    state: present
-
-#- name: "enable redis"
-#  systemd:
-#    name: redis
-#    enabled: yes
-#    state: started
-
 - name: Ensures /home/tsg exists
   file: path=/home/tsg state=directory
   tags: mkdir
 
 - name: install certstore
   unarchive:
-    src: "{{ role_path }}/files/certstore-base-online-20200108.tar.gz"
+    src: "{{ role_path }}/files/certstore-base-online-20200119.tar.gz"
     dest: /home/tsg
 
 - name: template certstore configure file

roles/firewall/tasks/main.yml

@@ -73,3 +73,17 @@
       - /tmp/ansible_deploy/tsg_master-debug-1.0.1.f624b67-1.el7.centos.x86_64.rpm
     state: present
   when: install_tsg_master == "yes" 
+
+- name: Template the tsgconf/main.conf
+  template:
+    src: "{{ role_path }}/templates/main.conf.j2"
+    dest: /home/mesasoft/sapp_run/tsgconf/main.conf
+  tags: template
+
+
+- name: Template the tsgconf/maat.conf
+  template:
+    src: "{{ role_path }}/templates/maat.conf.j2"
+    dest: /home/mesasoft/sapp_run/tsgconf/maat.conf
+  tags: template
+

roles/firewall/templates/maat.conf.j2

@@ -0,0 +1,30 @@
+[STATIC]
+MAAT_MODE=2
+STAT_SWITCH=1
+PERF_SWITCH=1
+TABLE_INFO=tsgconf/tsg_static_tableinfo.conf
+STAT_FILE=tsg_static_maat.status
+EFFECT_INTERVAL_S=1
+REDIS_IP={{ maat_redis_server.address }}
+REDIS_PORT_NUM=1
+REDIS_PORT=7002
+REDIS_INDEX=0
+JSON_CFG_FILE=tsgconf/tsg_maat.json
+INC_CFG_DIR=tsgrule/inc/index/
+FULL_CFG_DIR=tsgrule/full/index/
+
+[DYNAMIC]
+MAAT_MODE=2
+STAT_SWITCH=1
+PERF_SWITCH=1
+TABLE_INFO=tsgconf/tsg_dynamic_tableinfo.conf
+STAT_FILE=tsg_dynamic_maat.status
+EFFECT_INTERVAL_S=1
+REDIS_IP={{ dynamic_maat_redis_server.address }}
+REDIS_PORT_NUM=1
+REDIS_PORT=7002
+REDIS_INDEX=1
+JSON_CFG_FILE=tsgconf/tsg_maat.json
+INC_CFG_DIR=tsgrule/inc/index/
+FULL_CFG_DIR=tsgrule/full/index/
+

roles/firewall/templates/main.conf.j2

@@ -0,0 +1,47 @@
+[FTP_PLUG]
+LOG_PATH=./tsglog/fw_ftp_plug/fw_ftp_plug
+LOG_LEVEL=10
+TIMEOUT=600
+[MAIL_PLUG]
+LOG_PATH=./tsglog/fw_mail_plug/fw_mail_plug
+LOG_LEVEL=10
+TIMEOUT=600
+[HTTP_PLUG]
+LOG_PATH=./tsglog/fw_http_plug/fw_http_plug
+LOG_LEVEL=10
+[DNS_PLUG]
+LOG_PATH=./tsglog/fw_dns_plug/fw_dns_plug
+LOG_LEVEL=10
+[MAAT]
+PROFILE=./tsgconf/maat.conf
+IP_ADDR_TABLE=TSG_OBJ_IP_ADDR
+SUBSCRIBER_ID_TABLE=TSG_OBJ_SUBSCRIBER_ID
+CB_SUBSCRIBER_IP_TABLE=TSG_DYN_SUBSCRIBER_IP
+
+[TSG_LOG]
+MODE=1
+NIC_NAME={{ nic_mgr.name }}
+MAX_SERVICE=1
+LOG_LEVEL=10
+LOG_PATH=./tsglog/tsglog
+BROKER_LIST={{ log_kafkabrokers.address }}
+COMMON_FIELD_FILE=tsgconf/tsg_log_field.conf
+
+[STATISTIC]
+CYCLE=0
+TELEGRAF_PORT=8100
+TELEGRAF_IP=127.0.0.1
+OUTPUT_PATH=./tsg_statistic.log
+APP_NAME=statistic
+
+[FIELD_STAT]
+CYCLE=3
+TELEGRAF_PORT=8125
+TELEGRAF_IP=127.0.0.1
+OUTPUT_PATH=./tsg_stat.log
+APP_NAME=tsg_master
+
+[SYSTEM]
+LOG_LEVEL=10
+LOG_PATH=./tsglog/tsg_master
+POLICY_PRIORITY_LABEL=POLICY_PRIORITY

roles/kni/templates/kni.conf.j2

@@ -11,7 +11,8 @@ deploy_mode = normal
 tun_name = tun_kni
 src_mac_addr = 00:0e:c6:d6:72:c1
 dst_mac_addr = fe:65:b7:03:50:bd
-
+{% if run_as_tun_mode %}
+{% else %}
 [tfe0]
 enabled = 1
 dev_eth_symbol = {{ nic_to_tfe.tfe0.name }}
@@ -26,6 +27,7 @@ ip_addr = 192.168.100.3
 enabled = 1
 dev_eth_symbol = {{ nic_to_tfe.tfe2.name }}
 ip_addr = 192.168.100.4
+{% endif %}
 
 [tfe_cmsg_receiver]
 listen_eth = {{ nic_inner_ctrl.name }}

roles/sapp/tasks/main.yml

@@ -10,6 +10,11 @@
       - /tmp/ansible_deploy/sapp-4.0.5.3385992-1.el7.x86_64.rpm
     state: present
 
+- name: make dir
+  file:
+    path: /home/mesasoft/sapp_run/tsgconf
+    state: directory
+
 - name: Template the sapp.toml
   template:
     src: "{{ role_path }}/templates/sapp.toml.j2"

roles/sapp/templates/sapp.toml.j2

@@ -9,10 +9,17 @@
 instance_name = "sapp4"
 
 [CPU]
-worker_threads=16
+{% if run_as_tun_mode %}
+worker_threads=1
+{% else %}
+worker_threads={{ sapp.worker_threads }}
+{% endif %}
 ### note, bind_mask, if you do not want to bind thread to special CPU core, keep it empty as []
+{% if run_as_tun_mode %}
+bind_mask=[]
+{% else %}
 bind_mask=[1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16]
-#bind_mask=[]
+{% endif %}
 
 [PACKET_IO]
 ### note, BSD_packet_filter, if you do not want to set any filter rule, keep it empty as ""

roles/tfe/templates/tfe-env-config.j2

@@ -6,6 +6,6 @@ TFE_LOCAL_IP_DATA_INCOMING=172.16.241.2
 TFE_PEER_IP_DATA_INCOMING=172.16.241.1
 
 {% if run_as_tun_mode %}
-TFE_WATCHDOG_DEVICE=lo
-TFE_WATCHDOG_IP=127.0.0.1
-{% endif %}
+TFE_WATCHDOG_DEVICE={{ nic_inner_ctrl.name }}
+TFE_WATCHDOG_IP=192.168.100.1
+{% endif %}

roles/tfe/templates/tfe.conf.j2

@@ -30,7 +30,7 @@ service_cache_expire_seconds=600
 # default 0
 mc_cache_enable=1
 # default eth0
-mc_cache_eth={{ tfe.mc_cache_eth }}
+mc_cache_eth={{ nic_inner_ctrl.name }}
 # default NULL
 mc_cache_broker_list={{ log_kafkabrokers.address }}
 # default PXY-EXCH-INTERMEDIA-CERT

roles/tsg-env-tun-mode/files/tsg-env-tun-mode.service

@@ -0,0 +1,15 @@
+[Unit]
+Description=tsg tun mode env init
+Requires=network.target
+After=network.target
+Before=mrenv.service
+
+[Service]
+ExecStart=/opt/tsg/env/setup
+ExecStop=/opt/tsg/env/tsg-env_stop
+Type=oneshot
+RemainAfterExit=yes
+
+[Install]
+WantedBy=multi-user.target
+RequiredBy=mrenv.service

roles/tsg-env-tun-mode/tasks/main.yml

@@ -0,0 +1,41 @@
+---
+- name: "copy vconfig-1.9-16.el7.x86_64.rpm"
+  copy:
+    src: "{{ role_path }}/files/vconfig-1.9-16.el7.x86_64.rpm"
+    dest: /tmp
+
+- name: "create /opt/tsg/env"
+  file:
+    path: /opt/tsg/env
+    state: directory
+
+- name: "template setup script"
+  template:
+    src: "{{ role_path }}/templates/setup.j2"
+    dest: "/opt/tsg/env/setup"   
+    mode: 0755   
+
+- name: "copy tsg-env-tun-mode.service"
+  copy:
+    src: "{{ role_path }}/files/tsg-env-tun-mode.service"
+    dest: "/usr/lib/systemd/system/"   
+    mode: 0644  
+
+- name: "template tsg-env_stop"
+  template:
+    src: "{{ role_path }}/templates/tsg-env_stop.j2"
+    dest: "/opt/tsg/env/tsg-env_stop"   
+    mode: 0755 
+    
+- name: "install vconfig rpms from localhost"
+  yum:
+    name:
+      - /tmp/vconfig-1.9-16.el7.x86_64.rpm
+    state: present
+
+- name: "enable tsg-env-tun-mode"
+  systemd:
+    name: tsg-env-tun-mode
+    enabled: yes
+    daemon_reload: yes
+

roles/tsg-env-tun-mode/templates/setup.j2

@@ -0,0 +1,5 @@
+#!/bin/bash
+modprobe 8021q
+vconfig add {{ nic_mgr.name }} 100
+vconfig set_flag {{ nic_mgr.name }}.100 1 1
+ifconfig {{ nic_mgr.name }}.100 192.168.100.1 netmask 255.255.255.0 up

roles/tsg-env-tun-mode/templates/tsg-env_stop.j2

@@ -0,0 +1,5 @@
+#!/bin/bash
+#
+echo 0 >/sys/class/net/ens1/device/sriov_numvfs
+ifconfig {{ nic_mgr.name }}.100 down
+vconfig rem {{ nic_mgr.name }}.100

tsg-201907-uninstall.yml

@@ -1,48 +0,0 @@
-- hosts: all
-  tasks:
-  - name: "empty rc.local"
-    copy:
-      src: rc.local
-      dest: /etc/rc.d/rc.local 
-      mode: 755
-
-- hosts: Functional_Host
-  tasks:
-   - name: "remove framework rpms"
-     yum: 
-       name: framework
-       state: absent
-   - name: "remove framework files"
-     file:
-       path: /opt/MESA/
-       state: absent
-       force: 1
-
-- hosts: blade-00
-  tasks:
-  - name: "remove certstore"
-    file:
-      path: /home/tsg/certstore-base/
-      state: absent
-      force: 1
-
-  - name: "remove kni"
-    file:
-      path: /home/tsg/kni/
-      state: absent
-      force: 1
-
-- hosts: Slave_Host
-  tasks:
-  - name: "remove tfe rpms"
-    yum:
-      name:
-        - tfe
-        - tfe-kmod
-      state: absent
-
-  - name: "remove tfe"
-    file:
-      path: /home/tsg/tfe
-      state: absent
-      force: 1

tsg-restart.yml

@@ -1,15 +0,0 @@
-- hosts: blade-00:blade-01:blade-02:blade-03
-  tasks:
-  - name: "restart mrzcpd"
-    systemd:
-      name: mrzcpd
-      daemon_reload: 1
-      state: restarted
-
-#- hosts: blade-01:blade-02:blade-03
-#  tasks:
-#  - name: "restart tfe"
-#    systemd:
-#      name: tfe
-#      daemon_reload: 1
-#      state: restarted