新建Tsg-v3.0分支

2、同步修改deploy.yml
3、为tsgconf/main.conf增加一个kafka的动态配置
4、修改tfe.conf中mc_default_eth的动态配置变量
5、原certstore中的r2、r3文件含有dos字符，修复该问题

.gitignore

@@ -1,2 +0,0 @@
-.vscode
-*.retry

adc_tera_access/group_vars/all.yml

@@ -60,7 +60,6 @@ kni:
               enabled: 1
 tfe:
     nr_threads: 16
-    mc_cache_eth: ens1.100
     keykeeper:
         mode: "normal"
         no_cache: 0

deploy.yml

@@ -1,7 +1,3 @@
-- hosts: all
-  roles:
-   - groups-by-IPMB-addr
-
 - hosts: Functional_Host
   roles:
     - framework
@@ -15,6 +11,7 @@
     - kni
     - firewall
     - certstore
+    - cert-redis
 
 - hosts: blade-01
   roles:
@@ -40,10 +37,13 @@
 
 - hosts: pc-as-tun-mode
   roles:
-    - mrzcpd
+    - kernel-ml
     - framework
+    - mrzcpd
+    - tsg-env-tun-mode
     - sapp
     - kni
     - firewall
     - certstore
+    - cert-redis
     - tfe

env-prod-astana/group_vars/all.yml

@@ -1,60 +0,0 @@
-maat_redis_server:
-    address: "10.4.35.1"
-    port: 6379
-    db: 0
-
-dynamic_maat_redis_server:
-    address: "10.4.35.1"
-    port: 6379
-    db: 1
-
-cert_store_server:
-    address: "192.168.100.1"
-    port: 9991
-
-log_kafkabrokers:
-    address: "10.4.35.7:9092,10.4.35.8:9092,10.4.35.9:9092,10.4.35.10:9092,10.4.35.11:9092"
-
-log_minio:
-    address: "10.4.35.1;"
-    port: 9000
-
-fs_remote:
-    switch: 1
-    address: "192.168.100.1"
-    port: 58125
-
-nic_transparent_mode:
-    enable: 0
-
-run_as_tun_mode: 0
-package_source: "local"
-
-kni:
-    global:
-        log_level: 10
-        tfe_node_count: 3
-    watch_dog:
-        switch: 1
-    send_logger:
-        switch: 1
-    tfe_nodes:
-        - tfe0:
-              enabled: 1
-        - tfe1:
-              enabled: 1
-        - tfe2:
-              enabled: 1
-tfe:
-    nr_threads: 16
-    keykeeper:
-        mode: "normal"
-        no_cache: 0
-
-mrzcpd:
-    iocore: 55
-
-mrtunnat:
-    lcore_id: 54
-
-

env-prod-astana/group_vars/blade-00.yml

@@ -1,14 +0,0 @@
-nic_mgr:
-    name: enp7s0
-nic_data_incoming:
-    name: ens1f4
-    address: 127.0.0.1
-nic_inner_ctrl:
-    name: ens1.100
-nic_to_tfe:
-    tfe0:
-        name: ens1f5
-    tfe1:
-        name: ens1f6
-    tfe2:
-        name: ens1f7

env-prod-astana/group_vars/blade-01.yml

@@ -1,11 +0,0 @@
-nic_mgr:
-    name: enp7s0
-nic_data_incoming:
-    name: ens1f1
-    mac: AA:BB:CC:DD:EE:FF
-    address: 127.0.0.1
-nic_inner_ctrl:
-    name: ens1.100
-nic_traffic_mirror:
-    name: ens1f2
-    use_mrzcpd: 1

env-prod-astana/group_vars/blade-02.yml

@@ -1,10 +0,0 @@
-nic_mgr:
-    name: enp7s0
-nic_data_incoming:
-    name: ens8f1
-    mac: AA:BB:CC:DD:EE:FF
-nic_inner_ctrl:
-    name: ens8.100
-nic_traffic_mirror:
-    name: ens8f2
-    use_mrzcpd: 1

env-prod-astana/group_vars/blade-03.yml

@@ -1,10 +0,0 @@
-nic_mgr:
-    name: enp7s0
-nic_data_incoming:
-    name: ens8f1
-    mac: AA:BB:CC:DD:EE:FF
-nic_inner_ctrl:
-    name: ens8.100
-nic_traffic_mirror:
-    name: ens8f2
-    use_mrzcpd: 1

env-prod-astana/hosts

@@ -1,100 +0,0 @@
-[all:vars]
-ansible_user=root
-
-[blade-mxn]
-10.4.164.23
-#10.4.164.24
-10.4.164.25
-10.4.164.26
-10.4.164.27
-10.4.164.28
-10.4.164.29
-
-[blade-00]
-10.4.39.9
-#10.4.39.13
-10.4.39.17
-10.4.39.21
-10.4.39.25
-10.4.39.29
-10.4.39.33
-
-[blade-01]
-10.4.39.10
-#10.4.39.14
-10.4.39.18
-10.4.39.22
-10.4.39.26
-10.4.39.30
-10.4.39.34
-
-[blade-02]
-10.4.39.11
-#10.4.39.15
-10.4.39.19
-10.4.39.23
-10.4.39.27
-10.4.39.31
-10.4.39.35
-
-[blade-03]
-10.4.39.12
-#10.4.39.16
-10.4.39.20
-10.4.39.24
-10.4.39.28
-10.4.39.32
-10.4.39.36
-
-[astana-adc-3]
-10.4.164.23
-10.4.39.9
-10.4.39.10
-10.4.39.11
-10.4.39.12
-
-[astana-adc-5]
-10.4.164.25
-10.4.39.17
-10.4.39.18
-10.4.39.19
-10.4.39.20
-
-[astana-adc-6]
-10.4.164.26
-10.4.39.21
-10.4.39.22
-10.4.39.23
-10.4.39.24
-
-[astana-adc-7]
-10.4.164.27
-10.4.39.25
-10.4.39.26
-10.4.39.27
-10.4.39.28
-
-[astana-adc-8]
-10.4.164.28
-10.4.39.29
-10.4.39.30
-10.4.39.31
-10.4.39.32
-
-[astana-adc-9]
-10.4.164.29
-10.4.39.33
-10.4.39.34
-10.4.39.35
-10.4.39.36
-
-[Functional_Host:children]
-blade-00
-blade-01
-blade-02
-blade-03
-
-[Slave_Host:children]
-blade-01
-blade-02
-blade-03

env-stage-hy/group_vars/all.yml

@@ -1,45 +0,0 @@
-maat_redis_server:
-    address: 192.168.100.3
-    port: 7002
-    db: 0
-
-dynamic_maat_redis_server:
-    address: 192.168.100.3
-    port: 7002
-    db: 0
-    
-cert_store_server:
-    address: 192.168.100.1
-    port: 9991
-
-log_kafkabrokers:
-    address: "192.168.100.4:9092"
-
-log_minio:
-    address: "192.168.100.4;"
-    port: 9000
-
-fs_remote:
-    switch: 0
-    address: "192.168.10.152"
-    port: 8125
-
-kni:
-    global:
-        log_level: 30
-        tfe_node_count: 3
-    watch_dog:
-        switch: 1
-    tfe_nodes:
-        - tfe0:
-              enabled: 1
-        - tfe1:
-              enabled: 1
-        - tfe2:
-              enabled: 1
-              
-tfe:
-    nr_threads: 32
-    keykeeper:
-        mode: "debug"
-        no_cache: 0

env-stage-hy/group_vars/blade-00.yml

@@ -1,13 +0,0 @@
-nic_mgr:
-    name: enp7s0
-nic_data_incoming:
-    name: ens1f4
-nic_inner_ctrl:
-    name: ens1.100
-nic_to_tfe:
-    tfe0:
-        name: ens1f5
-    tfe1:
-        name: ens1f6
-    tfe2:
-        name: ens1f7

env-stage-hy/group_vars/blade-01.yml

@@ -1,10 +0,0 @@
-nic_mgr:
-    name: enp7s0
-nic_data_incoming:
-    name: ens1f1
-    mac: AA:BB:CC:DD:EE:FF
-nic_inner_ctrl:
-    name: ens1.100
-nic_traffic_mirror:
-    name: ens1f2
-    use_mrzcpd: 1

env-stage-hy/group_vars/blade-02.yml

@@ -1,10 +0,0 @@
-nic_mgr:
-    name: enp7s0
-nic_data_incoming:
-    name: ens8f1
-    mac: AA:BB:CC:DD:EE:FF
-nic_inner_ctrl:
-    name: ens1.100
-nic_traffic_mirror:
-    name: ens8f2
-    use_mrzcpd: 1

env-stage-hy/group_vars/blade-03.yml

@@ -1,10 +0,0 @@
-nic_mgr:
-    name: enp7s0
-nic_data_incoming:
-    name: ens8f1
-    mac: AA:BB:CC:DD:EE:FF
-nic_inner_ctrl:
-    name: ens1.100
-nic_traffic_mirror:
-    name: ens8f2
-    use_mrzcpd: 1

env-stage-hy/hosts

@@ -1,12 +0,0 @@
-[all:vars]
-ansible_user=root
-
-[blade-00]
-192.168.10.41
-
-[blade-01]
-192.168.10.42
-
-[Functional_Host:children]
-blade-00
-blade-01

env-stage-pc/group_vars/all.yml

@@ -1,76 +0,0 @@
-maat_redis_server:
-  address: "192.168.40.83"
-  port: 7002
-  db: 0
-
-dynamic_maat_redis_server:
-  address: "192.168.40.83"
-  port: 7002
-  db: 0
-
-cert_store_server:
-  address: "127.0.0.1"
-  port: 9991
-
-log_kafkabrokers:
-  address: "192.168.40.85:9092"
-
-log_minio:
-  address: "192.168.40.85;"
-  port: 9000
-
-fs_remote:
-  switch: 1
-  address: "127.0.0.1"
-  port: 8125
-
-kni:
-  global:
-    log_level: 30
-    tfe_node_count: 3
-  watch_dog:
-    switch: 1
-  tfe_nodes:
-    - tfe0:
-        enabled: 1
-    - tfe1:
-        enabled: 1
-    - tfe2:
-        enabled: 1
-tfe:
-  nr_threads: 32
-  keykeeper:
-    mode: "normal"
-    no_cache: 0
-
-mrzcpd:
-  iocore: 47
-
-mrtunnat:
-  lcore_id: 46
-
-nic_mgr:
-  name: eth0
-nic_data_incoming:
-  name: tun_kni
-  address: 127.0.0.1
-nic_inner_ctrl:
-  name: lo
-nic_to_tfe:
-  tfe0:
-    name: lo
-  tfe1:
-    name: lo
-  tfe2:
-    name: lo
-nic_traffic_mirror:
-  name: lo
-  use_mrzcpd: 0
-
-nic_transparent_mode:
-  enable: 1
-  mode: pcap
-  internel_interface: "enp0s20f0u3"
-  external_interface: "enp0s20f0u4"
-
-run_as_tun_mode: 1

env-stage-pc/hosts

@@ -1,6 +0,0 @@
-[all:vars]
-ansible_user=root
-package_source=local
-
-[pc-as-tun-mode]
-192.168.40.85

env-stage-xxg/group_vars/all.yml

@@ -1,55 +0,0 @@
-maat_redis_server:
-    address: "192.168.40.120"
-    port: 7002
-    db: 0
-
-dynamic_maat_redis_server:
-    address: "192.168.40.120"
-    port: 7002
-    db: 1
-
-cert_store_server:
-    address: "192.168.40.161"
-    port: 9991
-
-log_kafkabrokers:
-    address: "192.168.40.119:9092"
-
-log_minio:
-    address: "192.168.40.223;"
-    port: 9000
-
-fs_remote:
-    switch: 1
-    address: "192.168.100.1"
-    port: 8125
-
-nic_transparent_mode:
-    enable: 0
-
-kni:
-    global:
-        log_level: 30
-        tfe_node_count: 3
-    watch_dog:
-        switch: 1
-    tfe_nodes:
-        - tfe0:
-              enabled: 1
-        - tfe1:
-              enabled: 1
-        - tfe2:
-              enabled: 1
-tfe:
-    nr_threads: 32
-    keykeeper:
-        mode: "normal"
-        no_cache: 0
-
-mrzcpd:
-    iocore: 47
-
-mrtunnat:
-    lcore_id: 46
-
-run_as_tun_mode: 1

env-stage-xxg/group_vars/blade-00.yml

@@ -1,14 +0,0 @@
-nic_mgr:
-    name: enp6s0
-nic_data_incoming:
-    name: ens1f4
-    address: 127.0.0.1
-nic_inner_ctrl:
-    name: ens1.100
-nic_to_tfe:
-    tfe0:
-        name: ens1f5
-    tfe1:
-        name: ens1f6
-    tfe2:
-        name: ens1f7

env-stage-xxg/group_vars/blade-01.yml

@@ -1,11 +0,0 @@
-nic_mgr:
-    name: enp6s0
-nic_data_incoming:
-    name: ens1f1
-    mac: AA:BB:CC:DD:EE:FF
-    address: 127.0.0.1
-nic_inner_ctrl:
-    name: ens1.100
-nic_traffic_mirror:
-    name: ens1f2
-    use_mrzcpd: 1

env-stage-xxg/group_vars/blade-02.yml

@@ -1,10 +0,0 @@
-nic_mgr:
-    name: enp6s0
-nic_data_incoming:
-    name: ens8f1
-    mac: AA:BB:CC:DD:EE:FF
-nic_inner_ctrl:
-    name: ens8.100
-nic_traffic_mirror:
-    name: ens8f2
-    use_mrzcpd: 1

env-stage-xxg/group_vars/blade-03.yml

@@ -1,10 +0,0 @@
-nic_mgr:
-    name: enp6s0
-nic_data_incoming:
-    name: ens8f1
-    mac: AA:BB:CC:DD:EE:FF
-nic_inner_ctrl:
-    name: ens8.100
-nic_traffic_mirror:
-    name: ens8f2
-    use_mrzcpd: 1

env-stage-xxg/hosts

@@ -1,24 +0,0 @@
-[all:vars]
-ansible_user=root
-package_source=pulp
-
-[blade-mxn]
-192.168.40.25
-
-[blade-00]
-192.168.40.21
-
-[blade-01]
-192.168.40.22
-
-[blade-02]
-192.168.40.23
-
-[blade-03]
-192.168.40.24
-
-[Functional_Host:children]
-blade-00
-blade-01
-blade-02
-blade-03

pc_double_arm_access/group_vars/all.yml

@@ -1,10 +1,10 @@
 maat_redis_server:
-  address: "192.168.40.83"
+  address: "192.168.40.168"
   port: 7002
   db: 0
 
 dynamic_maat_redis_server:
-  address: "192.168.40.83"
+  address: "192.168.40.168"
   port: 7002
   db: 0
 
@@ -13,10 +13,10 @@ cert_store_server:
   port: 9991
 
 log_kafkabrokers:
-  address: "192.168.40.85:9092"
+  address: "192.168.40.169:9092"
 
 log_minio:
-  address: "192.168.40.85;"
+  address: "192.168.40.168;"
   port: 9090
 
 fs_remote:
@@ -35,6 +35,9 @@ install_fw_http_plug_debug: "yes"
 install_fw_mail_plug_debug: "yes"
 install_tsg_master: "yes"
 
+sapp:
+  worker_threads: 16
+
 kni:
   global:
     log_level: 30
@@ -54,7 +57,7 @@ kni:
         enabled: 1
 tfe:
   nr_threads: 32
-  mc_cache_eth: ens1.100
+  mc_cache_eth: lo 
   keykeeper:
     mode: "normal"
     no_cache: 0
@@ -71,14 +74,7 @@ nic_data_incoming:
   name: tun_kni
   address: 127.0.0.1
 nic_inner_ctrl:
-  name: lo
+  name: eth0.100
-nic_to_tfe:
-  tfe0:
-    name: lo
-  tfe1:
-    name: lo
-  tfe2:
-    name: lo
 nic_traffic_mirror:
   name: lo
   use_mrzcpd: 0

pc_double_arm_access/hosts

@@ -3,4 +3,4 @@ ansible_user=root
 package_source=local
 
 [pc-as-tun-mode]
-192.168.40.139
+192.168.40.138

rc.local

@@ -1,13 +0,0 @@
-#!/bin/bash
-# THIS FILE IS ADDED FOR COMPATIBILITY PURPOSES
-#
-# It is highly advisable to create own systemd services or udev rules
-# to run scripts during boot instead of using this file.
-#
-# In contrast to previous versions due to parallel execution during boot
-# this script will NOT be run after all other services.
-#
-# Please note that you must run 'chmod +x /etc/rc.d/rc.local' to ensure
-# that this script will be executed during boot.
-
-touch /var/lock/subsys/local

roles/cert-redis/files/cert-redis/cert-redis.service

@@ -0,0 +1,16 @@
+[Unit]
+Description=Redis persistent key-value database
+After=network.target
+After=network-online.target
+Wants=network-online.target
+
+[Service]
+ExecStart=/usr/local/bin/start-cert-redis
+ExecStop=killall redis-server
+Type=forking
+RuntimeDirectory=redis
+RuntimeDirectoryMode=0755
+
+[Install]
+WantedBy=multi-user.target
+

roles/cert-redis/files/cert-redis/install.sh

@@ -0,0 +1,6 @@
+#!/bin/bash
+#
+cp -rf redis-server /usr/local/bin/
+cp -rf redis-cli /usr/local/bin
+cp -rf cert-redis.service /usr/lib/systemd/system/
+cp -rf start-cert-redis /usr/local/bin

roles/cert-redis/files/cert-redis/start-cert-redis

@@ -0,0 +1,4 @@
+#!/bin/bash
+#
+
+/usr/local/bin/redis-server /home/tsg/cert-redis/6379/6379.conf

roles/cert-redis/tasks/main.yml

@@ -0,0 +1,15 @@
+- name: "copy cert-redis to destination server"
+  copy:
+    src: "{{ role_path }}/files/"
+    dest: /home/tsg
+    mode: 0755
+
+- name: "install cert-redis"
+  shell: cd /home/tsg/cert-redis;sh install.sh
+
+- name: "start cert-redis"
+  systemd:
+    name: cert-redis.service
+    state: started
+    daemon_reload: yes
+    enabled: yes

roles/certstore/tasks/main.yml

@@ -4,26 +4,13 @@
     src: "{{ role_path }}/files/"
     dest: "/tmp/ansible_deploy/"
 
-#- name: "install redis"
-#  yum:
-#    name:
-#      - /tmp/ansible_deploy/jemalloc-3.6.0-1.el7.x86_64.rpm
-#      - /tmp/ansible_deploy/redis-3.2.12-2.el7.x86_64.rpm
-#    state: present
-
-#- name: "enable redis"
-#  systemd:
-#    name: redis
-#    enabled: yes
-#    state: started
-
 - name: Ensures /home/tsg exists
   file: path=/home/tsg state=directory
   tags: mkdir
 
 - name: install certstore
   unarchive:
-    src: "{{ role_path }}/files/certstore-base-online-20200108.tar.gz"
+    src: "{{ role_path }}/files/certstore-base-online-20200119.tar.gz"
     dest: /home/tsg
 
 - name: template certstore configure file

roles/firewall/tasks/main.yml

@@ -73,3 +73,17 @@
       - /tmp/ansible_deploy/tsg_master-debug-1.0.1.f624b67-1.el7.centos.x86_64.rpm
     state: present
   when: install_tsg_master == "yes" 
+
+- name: Template the tsgconf/main.conf
+  template:
+    src: "{{ role_path }}/templates/main.conf.j2"
+    dest: /home/mesasoft/sapp_run/tsgconf/main.conf
+  tags: template
+
+
+- name: Template the tsgconf/maat.conf
+  template:
+    src: "{{ role_path }}/templates/maat.conf.j2"
+    dest: /home/mesasoft/sapp_run/tsgconf/maat.conf
+  tags: template
+

roles/firewall/templates/maat.conf.j2

@@ -0,0 +1,30 @@
+[STATIC]
+MAAT_MODE=2
+STAT_SWITCH=1
+PERF_SWITCH=1
+TABLE_INFO=tsgconf/tsg_static_tableinfo.conf
+STAT_FILE=tsg_static_maat.status
+EFFECT_INTERVAL_S=1
+REDIS_IP={{ maat_redis_server.address }}
+REDIS_PORT_NUM=1
+REDIS_PORT=7002
+REDIS_INDEX=0
+JSON_CFG_FILE=tsgconf/tsg_maat.json
+INC_CFG_DIR=tsgrule/inc/index/
+FULL_CFG_DIR=tsgrule/full/index/
+
+[DYNAMIC]
+MAAT_MODE=2
+STAT_SWITCH=1
+PERF_SWITCH=1
+TABLE_INFO=tsgconf/tsg_dynamic_tableinfo.conf
+STAT_FILE=tsg_dynamic_maat.status
+EFFECT_INTERVAL_S=1
+REDIS_IP={{ dynamic_maat_redis_server.address }}
+REDIS_PORT_NUM=1
+REDIS_PORT=7002
+REDIS_INDEX=1
+JSON_CFG_FILE=tsgconf/tsg_maat.json
+INC_CFG_DIR=tsgrule/inc/index/
+FULL_CFG_DIR=tsgrule/full/index/
+

roles/firewall/templates/main.conf.j2

@@ -0,0 +1,47 @@
+[FTP_PLUG]
+LOG_PATH=./tsglog/fw_ftp_plug/fw_ftp_plug
+LOG_LEVEL=10
+TIMEOUT=600
+[MAIL_PLUG]
+LOG_PATH=./tsglog/fw_mail_plug/fw_mail_plug
+LOG_LEVEL=10
+TIMEOUT=600
+[HTTP_PLUG]
+LOG_PATH=./tsglog/fw_http_plug/fw_http_plug
+LOG_LEVEL=10
+[DNS_PLUG]
+LOG_PATH=./tsglog/fw_dns_plug/fw_dns_plug
+LOG_LEVEL=10
+[MAAT]
+PROFILE=./tsgconf/maat.conf
+IP_ADDR_TABLE=TSG_OBJ_IP_ADDR
+SUBSCRIBER_ID_TABLE=TSG_OBJ_SUBSCRIBER_ID
+CB_SUBSCRIBER_IP_TABLE=TSG_DYN_SUBSCRIBER_IP
+
+[TSG_LOG]
+MODE=1
+NIC_NAME={{ nic_mgr.name }}
+MAX_SERVICE=1
+LOG_LEVEL=10
+LOG_PATH=./tsglog/tsglog
+BROKER_LIST={{ log_kafkabrokers.address }}
+COMMON_FIELD_FILE=tsgconf/tsg_log_field.conf
+
+[STATISTIC]
+CYCLE=0
+TELEGRAF_PORT=8100
+TELEGRAF_IP=127.0.0.1
+OUTPUT_PATH=./tsg_statistic.log
+APP_NAME=statistic
+
+[FIELD_STAT]
+CYCLE=3
+TELEGRAF_PORT=8125
+TELEGRAF_IP=127.0.0.1
+OUTPUT_PATH=./tsg_stat.log
+APP_NAME=tsg_master
+
+[SYSTEM]
+LOG_LEVEL=10
+LOG_PATH=./tsglog/tsg_master
+POLICY_PRIORITY_LABEL=POLICY_PRIORITY

roles/groups-by-IPMB-addr/files/groups_by_IPMB_addr.fact

@@ -1,38 +0,0 @@
-#!/usr/bin/python
-import json
-import os
-import re
-
-class GroupsByIPMB(object):
-
-    def __init__(self,IPMB_cmd_str):
-        self.IPMB_cmd_str = IPMB_cmd_str
-        self.IPMB_num_str = None 
-        self.IPMB_cmd_ret_str = None
-
-    def groups_exec_IPMB_command(self):
-        opt_handler = os.popen(self.IPMB_cmd_str)
-        self.IPMB_cmd_ret_str = opt_handler.read()
-        opt_handler.close()
-
-    def groups_split_IPMB_ret_str(self):
-        info_list = re.split(' |\n',self.IPMB_cmd_ret_str)
-        if info_list [5] == '90':
-            self.IPMB_num_str = 'IPMB_num_blade_00'
-        if info_list [5] == '80':
-            self.IPMB_num_str = 'IPMB_num_blade_01'
-        if info_list [5] == '88':
-            self.IPMB_num_str = 'IPMB_num_blade_02'
-        if info_list [5] == '98':
-            self.IPMB_num_str = 'IPMB_num_blade_03' 
-
-    def groups_print_IPMB_num_str(self):
-            print (json.dumps(self.IPMB_num_str))
-
-
-if __name__ == '__main__':
-    IPMB_cmd_str = 'ipmitool raw 0x2e 0x32 0x13 0x5f 0x00'        
-    groups_by_IPMB = GroupsByIPMB(IPMB_cmd_str)
-    groups_by_IPMB.groups_exec_IPMB_command()
-    groups_by_IPMB.groups_split_IPMB_ret_str()
-    groups_by_IPMB.groups_print_IPMB_num_str()

roles/groups-by-IPMB-addr/tasks/main.yml

@@ -1,25 +0,0 @@
---- 
-
-- name: 'copy groups-by-IPMB-addr.fact to host'
-  copy:
-    src: "{{ role_path }}/files/groups_by_IPMB_addr.fact"
-    dest: "/etc/ansible/facts.d/groups_by_IPMB_addr.fact"
-    mode: "0755"  
-
-- name: 'Gathers facts from remote hosts'
-  setup:
-    filter: 'ansible_local'
-    fact_path: /etc/ansible/facts.d
- 
-- name: "debug"
-  debug: var=ansible_local 
- 
-- name: 'group by gathers facts'
-  group_by:
-    key: '{{item.key}}'
-  when: ansible_local.groups_by_IPMB_addr == item.value
-  with_items:
-   - { key: 'blade-00', value: 'IPMB_num_blade_00' }
-   - { key: 'blade-01', value: 'IPMB_num_blade_01' }
-   - { key: 'blade-02', value: 'IPMB_num_blade_02' }
-   - { key: 'blade-03', value: 'IPMB_num_blade_03' }

roles/kni/templates/kni.conf.j2

@@ -11,7 +11,8 @@ deploy_mode = normal
 tun_name = tun_kni
 src_mac_addr = 00:0e:c6:d6:72:c1
 dst_mac_addr = fe:65:b7:03:50:bd
-
+{% if run_as_tun_mode %}
+{% else %}
 [tfe0]
 enabled = 1
 dev_eth_symbol = {{ nic_to_tfe.tfe0.name }}
@@ -26,6 +27,7 @@ ip_addr = 192.168.100.3
 enabled = 1
 dev_eth_symbol = {{ nic_to_tfe.tfe2.name }}
 ip_addr = 192.168.100.4
+{% endif %}
 
 [tfe_cmsg_receiver]
 listen_eth = {{ nic_inner_ctrl.name }}

roles/sapp/tasks/main.yml

@@ -10,6 +10,11 @@
       - /tmp/ansible_deploy/sapp-4.0.5.3385992-1.el7.x86_64.rpm
     state: present
 
+- name: make dir
+  file:
+    path: /home/mesasoft/sapp_run/tsgconf
+    state: directory
+
 - name: Template the sapp.toml
   template:
     src: "{{ role_path }}/templates/sapp.toml.j2"

roles/sapp/templates/sapp.toml.j2

@@ -9,10 +9,17 @@
 instance_name = "sapp4"
 
 [CPU]
-worker_threads=16
+{% if run_as_tun_mode %}
+worker_threads=1
+{% else %}
+worker_threads={{ sapp.worker_threads }}
+{% endif %}
 ### note, bind_mask, if you do not want to bind thread to special CPU core, keep it empty as []
+{% if run_as_tun_mode %}
+bind_mask=[]
+{% else %}
 bind_mask=[1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16]
-#bind_mask=[]
+{% endif %}
 
 [PACKET_IO]
 ### note, BSD_packet_filter, if you do not want to set any filter rule, keep it empty as ""

roles/ssl-self-check/files/env_install/pip/docker_compose_req.txt

@@ -1,37 +0,0 @@
-attrs==19.3.0
-backports.shutil-get-terminal-size==1.0.0
-backports.ssl-match-hostname==3.5.0.1
-bcrypt==3.1.7
-cached-property==1.5.1
-certifi==2019.11.28
-cffi==1.13.2
-chardet==3.0.4
-configparser==4.0.2
-contextlib2==0.6.0.post1
-cryptography==2.8
-docker==4.1.0
-docker-compose==1.25.0
-dockerpty==0.4.1
-docopt==0.6.2
-enum34==1.1.6
-functools32==3.2.3.post2
-idna==2.8
-importlib-metadata==1.3.0
-ipaddress==1.0.23
-jsonschema==3.2.0
-more-itertools==5.0.0
-paramiko==2.7.1
-pathlib2==2.3.5
-pycparser==2.19
-PyNaCl==1.3.0
-pyrsistent==0.15.6
-PyYAML==3.13
-requests==2.22.0
-scandir==1.10.0
-setuptools==42.0.2
-six==1.13.0
-subprocess32==3.5.4
-texttable==1.6.2
-urllib3==1.25.7
-websocket-client==0.57.0
-zipp==0.6.0

roles/ssl-self-check/files/ssl_self_check/certs/Makefile

@@ -1,132 +0,0 @@
-################ Definitions ################
-
-export TEST_DOMAIN = badssl.test
-export TEST_DOMAIN_SELF_TEST =  badssl.self-test.geedge.net 
-export PROD_DOMAIN = badssl.com
-
-################ Main ################
-
-# This should bring up a full test server in docker from a bare repo.
-# Certs are generated outside the docker container, for persistence.
-.PHONY: test
-test: certs-test docker-build
-
-# Convenience alias.
-.PHONY: serve
-serve: test
-
-# This should properly deploy from any state of the repo.
-.PHONY: deploy
-deploy: certs-prod jekyll-prod upload nginx
-
-################ Jekyll ################
-
-.PHONY: jekyll-test
-jekyll-test:
-	DOMAIN=${TEST_DOMAIN_SELF_TEST} jekyll build
-
-.PHONY: jekyll-prod
-jekyll-prod:
-	DOMAIN=${PROD_DOMAIN} jekyll build
-
-################ Certs ################
-
-.PHONY: certs-test
-certs-test:
-	cd certs && make test O=sets/test D=badssl.self-test.geedge.net
-	cd certs/sets && rm -rf current && cp -R test current
-
-	rm -rf common/certs/*.crt
-	cp certs/sets/current/gen/crt/ca-root.crt common/certs
-	cp certs/sets/current/gen/crt/ca-untrusted-root.crt common/certs
-	cp certs/sets/current/gen/crt/client.p12 common/certs/${TEST_DOMAIN}-client.p12
-	cp certs/sets/current/gen/crt/client.pem common/certs/${TEST_DOMAIN}-client.pem
-
-.PHONY: certs-prod
-certs-prod:
-	cd certs && make prod O=sets/prod D=badssl.com
-	cd certs/sets && rm -rf current && cp -R prod current
-
-	rm -rf common/certs/*.crt
-	cp certs/sets/current/gen/crt/ca-untrusted-root.crt common/certs
-	cp certs/sets/current/gen/crt/client.p12 common/certs/${PROD_DOMAIN}-client.p12
-	cp certs/sets/current/gen/crt/client.pem common/certs/${PROD_DOMAIN}-client.pem
-
-.PHONY: clean-certs
-clean-certs:
-	rm -rf certs/sets/current
-	rm -rf certs/sets/*/gen
-	rm -rf common/certs/*.crt
-
-################ Installation ################
-
-.PHONY: install-keys
-install-keys:
-	mkdir -p /etc/keys
-	cp ./certs/sets/current/gen/key/*.key /etc/keys
-	chmod 640 /etc/keys/*.key
-	chmod 750 /etc/keys
-
-.PHONY: link
-link:
-	if [ ! -d /var/www ]; then mkdir -p /var/www; fi
-	if [ ! -d /var/www/badssl ]; then ln -sf "`pwd`" /var/www/badssl; fi
-	# Add the badssl.conf include to /etc/nginx/nginx.conf only if it is not already in the config.
-	# If /etc/nginx/nginx.conf does not exist, instead warn the user that it must be manually added.
-	if [ -f /etc/nginx/nginx.conf ]; then \
-		if ! grep -q "include /var/www/badssl/_site/nginx.conf" /etc/nginx/nginx.conf; then \
-			sed -i '/# Virtual Host Configs/a\\tinclude /var/www/badssl/_site/nginx.conf;' /etc/nginx/nginx.conf; \
-		fi \
-	else \
-		@echo "Please add `pwd`/_site/nginx.conf to your nginx.conf configuration."; \
-	fi
-
-.PHONY: install
-install: install-keys link
-
-.PHONY: clean
-clean: clean-certs
-	rm -rf _site
-	rm -f /etc/keys/*.key
-
-################ Docker ################
-
-.PHONY: inside-docker
-inside-docker: jekyll-test install
-
-.PHONY: docker-build
-docker-build:
-	docker build -t badssl:ssl-self-test .
-
-.PHONY: docker-run
-docker-run:
-	docker run -it -p 80:80 -p 443:443 -p 1000-1024:1000-1024 badssl
-
-################ Deployment ################
-
-.PHONY: upload
-upload:
-	rsync -avz \
-		--exclude .DS_Store \
-		--exclude .git \
-		--exclude _site/domains-local-only \
-		--delete  --delete-excluded \
-		./ \
-		badssl.com:~/badssl/
-	echo "\nDone deploying.\n"
-
-.PHONY: nginx
-nginx:
-	ssh badssl.com "sudo nginx -t ; sudo service nginx reload"
-
-##
-
-.PHONY: list-hosts
-list-hosts:
-	@echo "#### start of badssl.self-test.geedge.net hosts ####"
-	@grep -r "server_name.*{{ site.domain }}" . \
-		| sed "s/.*server_name \([^\{]*\).*/127.0.0.1 \1badssl.self-test.geedge.net/g" \
-		| sort \
-		| uniq \
-		| grep -v "\*"
-	@echo "#### end of badssl.self-test.geedge.net hosts ####"

roles/ssl-self-check/files/ssl_self_check/certs/certs/.gitignore

@@ -1,6 +0,0 @@
-/src/crt/*.srl
-*.key
-sets/current
-sets/*/gen
-sets/*/pregen/crt
-sets/*/pregen/key

roles/ssl-self-check/files/ssl_self_check/certs/certs/Makefile

@@ -1,474 +0,0 @@
-# chain     :: pem <= []crt
-# dhparam   :: pem <= int (#bits)
-# gen-ca    :: crt <= conf, key
-# gen-csr   :: csr <= conf, key
-# gen-key    :: key <= int (#bits)
-# gen-ecckey :: key <= string (ECC Prime)
-# self-sign :: crt <= days, hash, extensions, conf, csr, key (self)
-# sign      :: crt <= days, hash, extensions, conf, csr, key (CA), crt (CA)
-
-# TODO:
-# Generate the expired cert in the past.
-
-# Note: Files and paths must not contain spaces.
-
-D = badssl.com
-MAIN_CERT_TYPE = rsa2048
-DAYS_DEFAULT = 730
-HASH_DEFAULT = sha256
-
-SIGN_CA_DEFAULTS = 3650 $(HASH_DEFAULT) req_v3_ca
-SIGN_LEAF_DEFAULTS = $(DAYS_DEFAULT) $(HASH_DEFAULT) req_v3_usr
-
-# These variables will keep track of all chain targets.
-CHAINS_PROD =
-# These are chains that we can't get public versions of (usually due to Baseline Requirements).
-CHAINS_LOCAL_ONLY =
-
-O = sets/test
-
-.PHONY: all
-all: test
-
-.PHONY: test
-test: prod chains-local
-
-.PHONY: prod
-prod: chains-prod dhparams
-
-.PHONY: clean
-clean:
-	rm -rf $(O)/gen
-
-################################
-$(O)/gen/key/ca-root.key:
-	./tool gen-key $@ $(D) 4096
-$(O)/gen/crt/ca-root.crt: src/conf/ca-root.conf $(O)/gen/key/ca-root.key
-	./tool gen-ca $@ $(D) $^
-
-################################
-$(O)/gen/key/client-ca-root.key:
-	./tool gen-key $@ $(D) 4096
-$(O)/gen/crt/client-ca-root.crt: src/conf/client-ca-root.conf $(O)/gen/key/client-ca-root.key
-	./tool gen-ca $@ $(D) $^
-$(O)/gen/chain/client-ca-root.pem: $(O)/gen/crt/client-ca-root.crt
-	./tool chain $@ $(D) $^
-CHAINS_PROD += $(O)/gen/chain/client-ca-root.pem
-
-$(O)/gen/key/client-ca-untrusted-root.key:
-	./tool gen-key $@ $(D) 4096
-$(O)/gen/crt/client-ca-untrusted-root.crt: src/conf/client-ca-untrusted-root.conf $(O)/gen/key/client-ca-untrusted-root.key
-	./tool gen-ca $@ $(D) $^
-$(O)/gen/chain/client-ca-untrusted-root.pem: $(O)/gen/crt/client-ca-untrusted-root.crt
-	./tool chain $@ $(D) $^
-CHAINS_PROD += $(O)/gen/chain/client-ca-untrusted-root.pem
-
-$(O)/gen/key/client.key:
-	./tool gen-key $@ $(D) 2048
-$(O)/gen/csr/client.csr: src/conf/client.conf $(O)/gen/key/client.key
-	./tool gen-csr $@ $(D) $^
-$(O)/gen/crt/client.crt: src/conf/client.conf $(O)/gen/csr/client.csr $(O)/gen/key/client-ca-root.key $(O)/gen/crt/client-ca-root.crt
-	./tool sign $@ $(D) $(SIGN_LEAF_DEFAULTS) $^
-$(O)/gen/crt/client.p12: $(O)/gen/crt/client.crt $(O)/gen/key/client.key
-	./tool gen-pkcs12-p12 $@ $(D) $^
-$(O)/gen/crt/client.pem: $(O)/gen/crt/client.p12
-	./tool pkcs12-convert-p12-pem $@ $(D) $^
-CHAINS_PROD += $(O)/gen/crt/client.pem
-
-################################
-$(O)/gen/key/ca-untrusted-root.key:
-	./tool gen-key $@ $(D) 4096
-$(O)/gen/crt/ca-untrusted-root.crt: src/conf/ca-untrusted-root.conf $(O)/gen/key/ca-untrusted-root.key
-	./tool gen-ca $@ $(D) $^
-
-################################
-$(O)/gen/key/ca-intermediate.key:
-	./tool gen-key $@ $(D) 4096
-$(O)/gen/csr/ca-intermediate.csr: src/conf/ca-intermediate.conf $(O)/gen/key/ca-intermediate.key
-	./tool gen-csr $@ $(D) $^
-$(O)/gen/crt/ca-intermediate.crt: src/conf/ca-intermediate.conf $(O)/gen/csr/ca-intermediate.csr $(O)/gen/key/ca-root.key $(O)/gen/crt/ca-root.crt
-	./tool sign $@ $(D) $(SIGN_CA_DEFAULTS) $^
-
-################################
-$(O)/gen/key/ca-sha1-intermediate.key:
-	./tool gen-key $@ $(D) 4096
-$(O)/gen/csr/ca-sha1-intermediate.csr: src/conf/ca-intermediate.conf $(O)/gen/key/ca-sha1-intermediate.key
-	./tool gen-csr $@ $(D) $^
-$(O)/gen/crt/ca-sha1-intermediate.crt: src/conf/ca-intermediate.conf $(O)/gen/csr/ca-sha1-intermediate.csr $(O)/gen/key/ca-root.key $(O)/gen/crt/ca-root.crt
-	./tool sign $@ $(D) 3650 sha1 req_v3_ca $^
-
-################################
-$(O)/gen/key/leaf-main.key: $(O)/gen/key/leaf-$(MAIN_CERT_TYPE).key
-	cp $< $@
-$(O)/gen/csr/wildcard-main.csr: $(O)/gen/csr/wildcard-$(MAIN_CERT_TYPE).csr
-	cp $< $@
-$(O)/gen/crt/wildcard-main.crt: $(O)/gen/crt/wildcard-$(MAIN_CERT_TYPE).crt
-	cp $< $@
-
-################################
-$(O)/gen/csr/fallback.csr: src/conf/fallback.conf $(O)/gen/key/leaf-main.key
-	./tool gen-csr $@ $(D) $^
-$(O)/gen/crt/fallback.crt: src/conf/fallback.conf $(O)/gen/csr/fallback.csr $(O)/gen/key/ca-intermediate.key $(O)/gen/crt/ca-intermediate.crt
-	./tool sign $@ $(D) $(SIGN_LEAF_DEFAULTS) $^
-CHAINS_PROD += $(O)/gen/chain/fallback.pem
-$(O)/gen/chain/fallback.pem: $(O)/gen/crt/fallback.crt
-	./tool chain $@ $(D) $^
-
-################################
-CHAINS_PROD += $(O)/gen/chain/wildcard-incomplete-chain.pem
-$(O)/gen/chain/wildcard-incomplete-chain.pem: $(O)/gen/crt/wildcard-main.crt
-	./tool chain $@ $(D) $^
-
-################################
-$(O)/gen/crt/wildcard-sha1-2016.crt: src/conf/wildcard.conf $(O)/gen/csr/wildcard-main.csr $(O)/gen/key/ca-intermediate.key $(O)/gen/crt/ca-intermediate.crt
-	# TODO: date calculations
-	./tool sign $@ $(D) 10 sha1 req_v3_usr $^
-CHAINS_PROD += $(O)/gen/chain/wildcard-sha1-2016.pem
-$(O)/gen/chain/wildcard-sha1-2016.pem: $(O)/gen/crt/wildcard-sha1-2016.crt $(O)/gen/crt/ca-intermediate.crt
-	./tool chain $@ $(D) $^
-
-################################
-$(O)/gen/crt/wildcard-sha1-2017.crt: src/conf/wildcard.conf $(O)/gen/csr/wildcard-main.csr $(O)/gen/key/ca-intermediate.key $(O)/gen/crt/ca-intermediate.crt
-	# TODO: date calculations
-	./tool sign $@ $(D) 200 sha1 req_v3_usr $^
-CHAINS_PROD += $(O)/gen/chain/wildcard-sha1-2017.pem
-$(O)/gen/chain/wildcard-sha1-2017.pem: $(O)/gen/crt/wildcard-sha1-2017.crt $(O)/gen/crt/ca-intermediate.crt
-	./tool chain $@ $(D) $^
-
-################################
-$(O)/gen/crt/wildcard-sha1-intermediate.crt: src/conf/wildcard.conf $(O)/gen/csr/wildcard-main.csr $(O)/gen/key/ca-sha1-intermediate.key $(O)/gen/crt/ca-sha1-intermediate.crt
-	./tool sign $@ $(D) $(SIGN_LEAF_DEFAULTS) $^
-CHAINS_PROD += $(O)/gen/chain/wildcard-sha1-intermediate.pem
-$(O)/gen/chain/wildcard-sha1-intermediate.pem: $(O)/gen/crt/wildcard-sha1-intermediate.crt $(O)/gen/crt/ca-sha1-intermediate.crt
-	./tool chain $@ $(D) $^
-
-################################
-$(O)/gen/crt/wildcard-md5.crt: src/conf/wildcard.conf $(O)/gen/csr/wildcard-main.csr $(O)/gen/key/ca-intermediate.key $(O)/gen/crt/ca-intermediate.crt
-	./tool sign $@ $(D) $(DAYS_DEFAULT) md5 req_v3_usr $^
-CHAINS_PROD += $(O)/gen/chain/wildcard-md5.pem
-$(O)/gen/chain/wildcard-md5.pem: $(O)/gen/crt/wildcard-md5.crt $(O)/gen/crt/ca-intermediate.crt
-	./tool chain $@ $(D) $^
-
-################################
-$(O)/gen/crt/wildcard-sha384.crt: src/conf/wildcard.conf $(O)/gen/csr/wildcard-main.csr $(O)/gen/key/ca-intermediate.key $(O)/gen/crt/ca-intermediate.crt
-	./tool sign $@ $(D) $(DAYS_DEFAULT) sha384 req_v3_usr $^
-CHAINS_PROD += $(O)/gen/chain/wildcard-sha384.pem
-$(O)/gen/chain/wildcard-sha384.pem: $(O)/gen/crt/wildcard-sha384.crt $(O)/gen/crt/ca-intermediate.crt
-	./tool chain $@ $(D) $^
-
-################################
-$(O)/gen/crt/wildcard-sha512.crt: src/conf/wildcard.conf $(O)/gen/csr/wildcard-main.csr $(O)/gen/key/ca-intermediate.key $(O)/gen/crt/ca-intermediate.crt
-	./tool sign $@ $(D) $(DAYS_DEFAULT) sha512 req_v3_usr $^
-CHAINS_PROD += $(O)/gen/chain/wildcard-sha512.pem
-$(O)/gen/chain/wildcard-sha512.pem: $(O)/gen/crt/wildcard-sha512.crt $(O)/gen/crt/ca-intermediate.crt
-	./tool chain $@ $(D) $^
-
-################################
-$(O)/gen/crt/wildcard-expired.crt: src/conf/wildcard.conf $(O)/gen/csr/wildcard-main.csr $(O)/gen/key/ca-intermediate.key $(O)/gen/crt/ca-intermediate.crt
-	# Too lazy to setup the loathsome mess that is openssl ca when I could just wait a day
-	./tool sign $@ $(D) 1 sha256 req_v3_usr $^
-CHAINS_PROD += $(O)/gen/chain/wildcard-expired.pem
-$(O)/gen/chain/wildcard-expired.pem: $(O)/gen/crt/wildcard-expired.crt $(O)/gen/crt/ca-intermediate.crt
-	./tool chain $@ $(D) $^
-
-################################
-$(O)/gen/crt/wildcard-untrusted-root.crt: src/conf/wildcard.conf $(O)/gen/csr/wildcard-main.csr $(O)/gen/key/ca-untrusted-root.key $(O)/gen/crt/ca-untrusted-root.crt
-	./tool sign $@ $(D) $(SIGN_LEAF_DEFAULTS) $^
-CHAINS_PROD += $(O)/gen/chain/wildcard-untrusted-root.pem
-$(O)/gen/chain/wildcard-untrusted-root.pem: $(O)/gen/crt/wildcard-untrusted-root.crt $(O)/gen/crt/ca-untrusted-root.crt
-	./tool chain $@ $(D) $^
-
-################################
-$(O)/gen/crt/wildcard-self-signed.crt: src/conf/wildcard.conf $(O)/gen/csr/wildcard-main.csr $(O)/gen/key/leaf-main.key
-	./tool self-sign $@ $(D) $(SIGN_LEAF_DEFAULTS) $^
-CHAINS_PROD += $(O)/gen/chain/wildcard-self-signed.pem
-$(O)/gen/chain/wildcard-self-signed.pem: $(O)/gen/crt/wildcard-self-signed.crt
-	./tool chain $@ $(D) $^
-
-################################
-$(O)/gen/key/leaf-rsa512.key:
-	./tool gen-key $@ $(D) 512
-$(O)/gen/csr/wildcard-rsa512.csr: src/conf/wildcard.conf $(O)/gen/key/leaf-rsa512.key
-	./tool gen-csr $@ $(D) $^
-$(O)/gen/crt/wildcard-rsa512.crt: src/conf/wildcard.conf $(O)/gen/csr/wildcard-rsa512.csr $(O)/gen/key/ca-intermediate.key $(O)/gen/crt/ca-intermediate.crt
-	./tool sign $@ $(D) $(SIGN_LEAF_DEFAULTS) $^
-CHAINS_LOCAL_ONLY += $(O)/gen/chain/wildcard-rsa512.pem
-$(O)/gen/chain/wildcard-rsa512.pem: $(O)/gen/crt/wildcard-rsa512.crt $(O)/gen/crt/ca-intermediate.crt
-	./tool chain $@ $(D) $^
-
-################################
-$(O)/gen/key/leaf-rsa1024.key:
-	./tool gen-key $@ $(D) 1024
-$(O)/gen/csr/wildcard-rsa1024.csr: src/conf/wildcard.conf $(O)/gen/key/leaf-rsa1024.key
-	./tool gen-csr $@ $(D) $^
-$(O)/gen/crt/wildcard-rsa1024.crt: src/conf/wildcard.conf $(O)/gen/csr/wildcard-rsa1024.csr $(O)/gen/key/ca-intermediate.key $(O)/gen/crt/ca-intermediate.crt
-	./tool sign $@ $(D) $(SIGN_LEAF_DEFAULTS) $^
-CHAINS_LOCAL_ONLY += $(O)/gen/chain/wildcard-rsa1024.pem
-$(O)/gen/chain/wildcard-rsa1024.pem: $(O)/gen/crt/wildcard-rsa1024.crt $(O)/gen/crt/ca-intermediate.crt
-	./tool chain $@ $(D) $^
-
-################################
-$(O)/gen/key/leaf-rsa2048.key:
-	./tool gen-key $@ $(D) 2048
-$(O)/gen/csr/wildcard-rsa2048.csr: src/conf/wildcard.conf $(O)/gen/key/leaf-rsa2048.key
-	./tool gen-csr $@ $(D) $^
-$(O)/gen/crt/wildcard-rsa2048.crt: src/conf/wildcard.conf $(O)/gen/csr/wildcard-rsa2048.csr $(O)/gen/key/ca-intermediate.key $(O)/gen/crt/ca-intermediate.crt
-	./tool sign $@ $(D) $(SIGN_LEAF_DEFAULTS) $^
-CHAINS_PROD += $(O)/gen/chain/wildcard-rsa2048.pem
-$(O)/gen/chain/wildcard-rsa2048.pem: $(O)/gen/crt/wildcard-rsa2048.crt $(O)/gen/crt/ca-intermediate.crt
-	./tool chain $@ $(D) $^
-
-################################
-$(O)/gen/key/leaf-rsa3072.key:
-	./tool gen-key $@ $(D) 3072
-$(O)/gen/csr/wildcard-rsa3072.csr: src/conf/wildcard.conf $(O)/gen/key/leaf-rsa3072.key
-	./tool gen-csr $@ $(D) $^
-$(O)/gen/crt/wildcard-rsa3072.crt: src/conf/wildcard.conf $(O)/gen/csr/wildcard-rsa3072.csr $(O)/gen/key/ca-intermediate.key $(O)/gen/crt/ca-intermediate.crt
-	./tool sign $@ $(D) $(SIGN_LEAF_DEFAULTS) $^
-CHAINS_LOCAL_ONLY += $(O)/gen/chain/wildcard-rsa3072.pem
-$(O)/gen/chain/wildcard-rsa3072.pem: $(O)/gen/crt/wildcard-rsa3072.crt $(O)/gen/crt/ca-intermediate.crt
-	./tool chain $@ $(D) $^
-
-################################
-$(O)/gen/key/leaf-rsa8192.key:
-	./tool gen-key $@ $(D) 8192
-$(O)/gen/csr/wildcard-rsa8192.csr: src/conf/wildcard.conf $(O)/gen/key/leaf-rsa8192.key
-	./tool gen-csr $@ $(D) $^
-$(O)/gen/crt/wildcard-rsa8192.crt: src/conf/wildcard.conf $(O)/gen/csr/wildcard-rsa8192.csr $(O)/gen/key/ca-intermediate.key $(O)/gen/crt/ca-intermediate.crt
-	./tool sign $@ $(D) $(SIGN_LEAF_DEFAULTS) $^
-CHAINS_PROD += $(O)/gen/chain/wildcard-rsa8192.pem
-$(O)/gen/chain/wildcard-rsa8192.pem: $(O)/gen/crt/wildcard-rsa8192.crt $(O)/gen/crt/ca-intermediate.crt
-	./tool chain $@ $(D) $^
-
-################################
-$(O)/gen/key/leaf-rsa4096.key:
-	./tool gen-key $@ $(D) 4096
-$(O)/gen/csr/wildcard-rsa4096.csr: src/conf/wildcard.conf $(O)/gen/key/leaf-rsa4096.key
-	./tool gen-csr $@ $(D) $^
-$(O)/gen/crt/wildcard-rsa4096.crt: src/conf/wildcard.conf $(O)/gen/csr/wildcard-rsa4096.csr $(O)/gen/key/ca-intermediate.key $(O)/gen/crt/ca-intermediate.crt
-	./tool sign $@ $(D) $(SIGN_LEAF_DEFAULTS) $^
-CHAINS_PROD += $(O)/gen/chain/wildcard-rsa4096.pem
-$(O)/gen/chain/wildcard-rsa4096.pem: $(O)/gen/crt/wildcard-rsa4096.crt $(O)/gen/crt/ca-intermediate.crt
-	./tool chain $@ $(D) $^
-
-################################
-$(O)/gen/key/leaf-ecc256.key:
-	./tool gen-ecckey $@ $(D) prime256v1
-$(O)/gen/csr/wildcard-ecc256.csr: src/conf/wildcard.conf $(O)/gen/key/leaf-ecc256.key
-	./tool gen-csr $@ $(D) $^
-$(O)/gen/crt/wildcard-ecc256.crt: src/conf/wildcard.conf $(O)/gen/csr/wildcard-ecc256.csr $(O)/gen/key/ca-intermediate.key $(O)/gen/crt/ca-intermediate.crt
-	./tool sign $@ $(D) $(SIGN_LEAF_DEFAULTS) $^
-CHAINS_PROD += $(O)/gen/chain/wildcard-ecc256.pem
-$(O)/gen/chain/wildcard-ecc256.pem: $(O)/gen/crt/wildcard-ecc256.crt $(O)/gen/crt/ca-intermediate.crt
-	./tool chain $@ $(D) $^
-
-################################
-$(O)/gen/key/leaf-ecc384.key:
-	./tool gen-ecckey $@ $(D) secp384r1
-$(O)/gen/csr/wildcard-ecc384.csr: src/conf/wildcard.conf $(O)/gen/key/leaf-ecc384.key
-	./tool gen-csr $@ $(D) $^
-$(O)/gen/crt/wildcard-ecc384.crt: src/conf/wildcard.conf $(O)/gen/csr/wildcard-ecc384.csr $(O)/gen/key/ca-intermediate.key $(O)/gen/crt/ca-intermediate.crt
-	./tool sign $@ $(D) $(SIGN_LEAF_DEFAULTS) $^
-CHAINS_PROD += $(O)/gen/chain/wildcard-ecc384.pem
-$(O)/gen/chain/wildcard-ecc384.pem: $(O)/gen/crt/wildcard-ecc384.crt $(O)/gen/crt/ca-intermediate.crt
-	./tool chain $@ $(D) $^
-
-################################
-$(O)/gen/csr/subdomain-no-common-name.csr: src/conf/subdomain-no-common-name.conf $(O)/gen/key/leaf-main.key
-	./tool gen-csr $@ $(D) $^
-$(O)/gen/crt/subdomain-no-common-name.crt: src/conf/subdomain-no-common-name.conf $(O)/gen/csr/subdomain-no-common-name.csr $(O)/gen/key/ca-intermediate.key $(O)/gen/crt/ca-intermediate.crt
-	./tool sign $@ $(D) $(SIGN_LEAF_DEFAULTS) $^
-CHAINS_PROD += $(O)/gen/chain/subdomain-no-common-name.pem
-$(O)/gen/chain/subdomain-no-common-name.pem: $(O)/gen/crt/subdomain-no-common-name.crt $(O)/gen/crt/ca-intermediate.crt
-	./tool chain $@ $(D) $^
-
-################################
-$(O)/gen/csr/subdomain-no-san.csr: src/conf/subdomain-no-san.conf $(O)/gen/key/leaf-main.key
-	./tool gen-csr $@ $(D) $^
-$(O)/gen/crt/subdomain-no-san.crt: src/conf/subdomain-no-san.conf $(O)/gen/csr/subdomain-no-san.csr $(O)/gen/key/ca-intermediate.key $(O)/gen/crt/ca-intermediate.crt
-	./tool sign $@ $(D) $(SIGN_LEAF_DEFAULTS) $^
-CHAINS_LOCAL_ONLY += $(O)/gen/chain/subdomain-no-san.pem
-$(O)/gen/chain/subdomain-no-san.pem: $(O)/gen/crt/subdomain-no-san.crt $(O)/gen/crt/ca-intermediate.crt
-	./tool chain $@ $(D) $^
-
-################################
-$(O)/gen/csr/subdomain-no-subject.csr: src/conf/subdomain-no-subject.conf $(O)/gen/key/leaf-main.key
-	./tool gen-csr-no-subject $@ $(D) $^
-$(O)/gen/crt/subdomain-no-subject.crt: src/conf/subdomain-no-subject.conf $(O)/gen/csr/subdomain-no-subject.csr $(O)/gen/key/ca-intermediate.key $(O)/gen/crt/ca-intermediate.crt
-	./tool sign $@ $(D) $(SIGN_LEAF_DEFAULTS) $^
-CHAINS_PROD += $(O)/gen/chain/subdomain-no-subject.pem
-$(O)/gen/chain/subdomain-no-subject.pem: $(O)/gen/crt/subdomain-no-subject.crt $(O)/gen/crt/ca-intermediate.crt
-	./tool chain $@ $(D) $^
-
-################################
-$(O)/gen/csr/subdomain-1000-sans.csr: src/conf/subdomain-1000-sans.conf $(O)/gen/key/leaf-main.key
-	./tool gen-csr $@ $(D) $^
-$(O)/gen/crt/subdomain-1000-sans.crt: src/conf/subdomain-1000-sans.conf $(O)/gen/csr/subdomain-1000-sans.csr $(O)/gen/key/ca-intermediate.key $(O)/gen/crt/ca-intermediate.crt
-	./tool sign $@ $(D) $(SIGN_LEAF_DEFAULTS) $^
-CHAINS_PROD += $(O)/gen/chain/subdomain-1000-sans.pem
-$(O)/gen/chain/subdomain-1000-sans.pem: $(O)/gen/crt/subdomain-1000-sans.crt $(O)/gen/crt/ca-intermediate.crt
-	./tool chain $@ $(D) $^
-
-################################
-$(O)/gen/csr/subdomain-10000-sans.csr: src/conf/subdomain-10000-sans.conf $(O)/gen/key/leaf-main.key
-	./tool gen-csr $@ $(D) $^
-$(O)/gen/crt/subdomain-10000-sans.crt: src/conf/subdomain-10000-sans.conf $(O)/gen/csr/subdomain-10000-sans.csr $(O)/gen/key/ca-intermediate.key $(O)/gen/crt/ca-intermediate.crt
-	./tool sign $@ $(D) $(SIGN_LEAF_DEFAULTS) $^
-CHAINS_PROD += $(O)/gen/chain/subdomain-10000-sans.pem
-$(O)/gen/chain/subdomain-10000-sans.pem: $(O)/gen/crt/subdomain-10000-sans.crt $(O)/gen/crt/ca-intermediate.crt
-	./tool chain $@ $(D) $^
-
-################################
-$(O)/gen/csr/subdomain-xn--n1aae7f7o.csr: src/conf/subdomain-xn--n1aae7f7o.conf $(O)/gen/key/leaf-main.key
-	./tool gen-csr $@ $(D) $^
-$(O)/gen/crt/subdomain-xn--n1aae7f7o.crt: src/conf/subdomain-xn--n1aae7f7o.conf $(O)/gen/csr/subdomain-xn--n1aae7f7o.csr $(O)/gen/key/ca-intermediate.key $(O)/gen/crt/ca-intermediate.crt
-	./tool sign $@ $(D) $(SIGN_LEAF_DEFAULTS) $^
-CHAINS_PROD += $(O)/gen/chain/subdomain-xn--n1aae7f7o.pem
-$(O)/gen/chain/subdomain-xn--n1aae7f7o.pem: $(O)/gen/crt/subdomain-xn--n1aae7f7o.crt $(O)/gen/crt/ca-intermediate.crt
-	./tool chain $@ $(D) $^
-
-################################
-$(O)/gen/csr/subdomain-extended-validation.csr: src/conf/subdomain-extended-validation.conf $(O)/gen/key/leaf-main.key
-	./tool gen-csr $@ $(D) $^
-$(O)/gen/crt/subdomain-extended-validation.crt: src/conf/subdomain-extended-validation.conf $(O)/gen/csr/subdomain-extended-validation.csr $(O)/gen/key/ca-intermediate.key $(O)/gen/crt/ca-intermediate.crt
-	./tool sign $@ $(D) $(SIGN_LEAF_DEFAULTS) $^
-CHAINS_PROD += $(O)/gen/chain/subdomain-extended-validation.pem
-$(O)/gen/chain/subdomain-extended-validation.pem: $(O)/gen/crt/subdomain-extended-validation.crt $(O)/gen/crt/ca-intermediate.crt
-	./tool chain $@ $(D) $^
-
-################################
-# Note: this is just a regular cert in `test`.
-# Getting a real-world cert without SCTs may be extra work in the future.
-$(O)/gen/csr/subdomain-preloaded-expect-ct.csr: src/conf/subdomain-preloaded-expect-ct.conf $(O)/gen/key/leaf-main.key
-	./tool gen-csr $@ $(D) $^
-$(O)/gen/crt/subdomain-preloaded-expect-ct.crt: src/conf/subdomain-preloaded-expect-ct.conf $(O)/gen/csr/subdomain-preloaded-expect-ct.csr $(O)/gen/key/ca-intermediate.key $(O)/gen/crt/ca-intermediate.crt
-	./tool sign $@ $(D) $(SIGN_LEAF_DEFAULTS) $^
-CHAINS_PROD += $(O)/gen/chain/subdomain-preloaded-expect-ct.pem
-$(O)/gen/chain/subdomain-preloaded-expect-ct.pem: $(O)/gen/crt/subdomain-preloaded-expect-ct.crt $(O)/gen/crt/ca-intermediate.crt
-	./tool chain $@ $(D) $^
-
-################################
-# Note: this is just a regular cert in `test`
-$(O)/gen/csr/subdomain-invalid-expected-sct.csr: src/conf/subdomain-invalid-expected-sct.conf $(O)/gen/key/leaf-main.key
-	./tool gen-csr $@ $(D) $^
-$(O)/gen/crt/subdomain-invalid-expected-sct.crt: src/conf/subdomain-invalid-expected-sct.conf $(O)/gen/csr/subdomain-invalid-expected-sct.csr $(O)/gen/key/ca-intermediate.key $(O)/gen/crt/ca-intermediate.crt
-	./tool sign $@ $(D) $(SIGN_LEAF_DEFAULTS) $^
-CHAINS_PROD += $(O)/gen/chain/subdomain-invalid-expected-sct.pem
-$(O)/gen/chain/subdomain-invalid-expected-sct.pem: $(O)/gen/crt/subdomain-invalid-expected-sct.crt $(O)/gen/crt/ca-intermediate.crt
-	./tool chain $@ $(D) $^
-
-################################
-# Note: this is just a regular cert in `test`
-$(O)/gen/csr/subdomain-no-sct.csr: src/conf/subdomain-no-sct.conf $(O)/gen/key/leaf-main.key
-	./tool gen-csr $@ $(D) $^
-$(O)/gen/crt/subdomain-no-sct.crt: src/conf/subdomain-no-sct.conf $(O)/gen/csr/subdomain-no-sct.csr $(O)/gen/key/ca-intermediate.key $(O)/gen/crt/ca-intermediate.crt
-	./tool sign $@ $(D) $(SIGN_LEAF_DEFAULTS) $^
-CHAINS_PROD += $(O)/gen/chain/subdomain-no-sct.pem
-$(O)/gen/chain/subdomain-no-sct.pem: $(O)/gen/crt/subdomain-no-sct.crt $(O)/gen/crt/ca-intermediate.crt
-	./tool chain $@ $(D) $^
-
-################################
-$(O)/gen/csr/subdomain-superfish.csr: src/conf/subdomain-superfish.conf $(O)/gen/key/leaf-main.key
-	./tool gen-csr $@ $(D) $^
-$(O)/gen/crt/subdomain-superfish.crt: src/conf/subdomain-superfish.conf $(O)/gen/csr/subdomain-superfish.csr src/key/ca-superfish.key src/crt/ca-superfish.crt
-	./tool sign $@ $(D) $(SIGN_LEAF_DEFAULTS) $^
-CHAINS_PROD += $(O)/gen/chain/subdomain-superfish.pem
-$(O)/gen/chain/subdomain-superfish.pem: $(O)/gen/crt/subdomain-superfish.crt
-	./tool chain $@ $(D) $^
-
-################################
-$(O)/gen/csr/subdomain-mitm-software.csr: src/conf/subdomain-mitm-software.conf $(O)/gen/key/leaf-main.key
-	./tool gen-csr $@ $(D) $^
-$(O)/gen/crt/subdomain-mitm-software.crt: src/conf/subdomain-mitm-software.conf $(O)/gen/csr/subdomain-mitm-software.csr src/key/ca-mitm-software.key src/crt/ca-mitm-software.crt
-	./tool sign $@ $(D) $(SIGN_LEAF_DEFAULTS) $^
-CHAINS_PROD += $(O)/gen/chain/subdomain-mitm-software.pem
-$(O)/gen/chain/subdomain-mitm-software.pem: $(O)/gen/crt/subdomain-mitm-software.crt
-	./tool chain $@ $(D) $^
-
-################################
-$(O)/gen/csr/subdomain-edellroot.csr: src/conf/subdomain-edellroot.conf $(O)/gen/key/leaf-main.key
-	./tool gen-csr $@ $(D) $^
-$(O)/gen/crt/subdomain-edellroot.crt: src/conf/subdomain-edellroot.conf $(O)/gen/csr/subdomain-edellroot.csr src/key/ca-edellroot.key src/crt/ca-edellroot.crt
-	./tool sign $@ $(D) $(SIGN_LEAF_DEFAULTS) $^
-CHAINS_PROD += $(O)/gen/chain/subdomain-edellroot.pem
-$(O)/gen/chain/subdomain-edellroot.pem: $(O)/gen/crt/subdomain-edellroot.crt
-	./tool chain $@ $(D) $^
-
-################################
-$(O)/gen/csr/subdomain-dsdtestprovider.csr: src/conf/subdomain-dsdtestprovider.conf $(O)/gen/key/leaf-main.key
-	./tool gen-csr $@ $(D) $^
-$(O)/gen/crt/subdomain-dsdtestprovider.crt: src/conf/subdomain-dsdtestprovider.conf $(O)/gen/csr/subdomain-dsdtestprovider.csr src/key/ca-dsdtestprovider.key src/crt/ca-dsdtestprovider.crt
-	./tool sign $@ $(D) $(SIGN_LEAF_DEFAULTS) $^
-CHAINS_PROD += $(O)/gen/chain/subdomain-dsdtestprovider.pem
-$(O)/gen/chain/subdomain-dsdtestprovider.pem: $(O)/gen/crt/subdomain-dsdtestprovider.crt
-	./tool chain $@ $(D) $^
-
-################################
-$(O)/gen/csr/subdomain-preact-cli.csr: src/conf/subdomain-preact-cli.conf $(O)/gen/key/leaf-main.key
-	./tool gen-csr $@ $(D) $^
-$(O)/gen/crt/subdomain-preact-cli.crt: src/conf/subdomain-preact-cli.conf $(O)/gen/csr/subdomain-preact-cli.csr src/key/ca-preact-cli.key src/crt/ca-preact-cli.crt
-	./tool sign $@ $(D) $(SIGN_LEAF_DEFAULTS) $^
-CHAINS_PROD += $(O)/gen/chain/subdomain-preact-cli.pem
-$(O)/gen/chain/subdomain-preact-cli.pem: $(O)/gen/crt/subdomain-preact-cli.crt
-	./tool chain $@ $(D) $^
-
-################################
-$(O)/gen/csr/subdomain-webpack-dev-server.csr: src/conf/subdomain-webpack-dev-server.conf $(O)/gen/key/leaf-main.key
-	./tool gen-csr $@ $(D) $^
-$(O)/gen/crt/subdomain-webpack-dev-server.crt: src/conf/subdomain-webpack-dev-server.conf $(O)/gen/csr/subdomain-webpack-dev-server.csr src/key/ca-webpack-dev-server.key src/crt/ca-webpack-dev-server.crt
-	./tool sign $@ $(D) $(SIGN_LEAF_DEFAULTS) $^
-CHAINS_PROD += $(O)/gen/chain/subdomain-webpack-dev-server.pem
-$(O)/gen/chain/subdomain-webpack-dev-server.pem: $(O)/gen/crt/subdomain-webpack-dev-server.crt
-	./tool chain $@ $(D) $^
-
-################################
-$(O)/gen/key/leaf-revoked.key:
-	./tool gen-key $@ $(D) 2048
-
-################################
-$(O)/gen/csr/subdomain-revoked.csr: src/conf/subdomain-revoked.conf $(O)/gen/key/leaf-revoked.key
-	./tool gen-csr $@ $(D) $^
-$(O)/gen/crt/subdomain-revoked.crt: src/conf/subdomain-revoked.conf $(O)/gen/csr/subdomain-revoked.csr $(O)/gen/key/ca-intermediate.key $(O)/gen/crt/ca-intermediate.crt
-	./tool sign $@ $(D) $(SIGN_LEAF_DEFAULTS) $^
-CHAINS_PROD += $(O)/gen/chain/subdomain-revoked.pem
-$(O)/gen/chain/subdomain-revoked.pem: $(O)/gen/crt/subdomain-revoked.crt $(O)/gen/crt/ca-intermediate.crt
-	./tool chain $@ $(D) $^
-
-
-################################
-$(O)/gen/key/leaf-captive-portal.key:
-	./tool gen-key $@ $(D) 2048
-
-################################
-$(O)/gen/csr/subdomain-captive-portal.csr: src/conf/subdomain-captive-portal.conf $(O)/gen/key/leaf-captive-portal.key
-	./tool gen-csr $@ $(D) $^
-$(O)/gen/crt/subdomain-captive-portal.crt: src/conf/subdomain-captive-portal.conf $(O)/gen/csr/subdomain-captive-portal.csr $(O)/gen/key/ca-intermediate.key $(O)/gen/crt/ca-intermediate.crt
-	./tool sign $@ $(D) $(SIGN_LEAF_DEFAULTS) $^
-CHAINS_PROD += $(O)/gen/chain/subdomain-captive-portal.pem
-$(O)/gen/chain/subdomain-captive-portal.pem: $(O)/gen/crt/subdomain-captive-portal.crt $(O)/gen/crt/ca-intermediate.crt
-	./tool chain $@ $(D) $^
-
-
-################################
-$(O)/gen/dhparam/dh480.pem:
-	./tool dhparam $@ $(D) 480
-$(O)/gen/dhparam/dh512.pem:
-	./tool dhparam $@ $(D) 512
-$(O)/gen/dhparam/dh1024.pem:
-	./tool dhparam $@ $(D) 1024
-$(O)/gen/dhparam/dh2048.pem:
-	./tool dhparam $@ $(D) 2048
-$(O)/gen/dhparam/dh-composite.pem: src/dhparam/dh-composite.pem
-	cp $^ $@
-$(O)/gen/dhparam/dh-small-subgroup.pem: src/dhparam/dh-small-subgroup.pem
-	cp $^ $@
-
-################################
-.PHONY: chains-prod
-chains-prod: $(CHAINS_PROD)
-
-.PHONY: chains-local
-chains-local: chains-prod $(CHAINS_LOCAL_ONLY)
-
-.PHONY: dhparams
-dhparams: $(O)/gen/dhparam/dh480.pem $(O)/gen/dhparam/dh512.pem $(O)/gen/dhparam/dh1024.pem $(O)/gen/dhparam/dh2048.pem $(O)/gen/dhparam/dh-composite.pem $(O)/gen/dhparam/dh-small-subgroup.pem

roles/ssl-self-check/files/ssl_self_check/certs/certs/sets/prod/pregen/chain/backup/wildcard-sha256-rsa2048-embeded-sct.crt

@@ -1,67 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIHGDCCBgCgAwIBAgIQAfICAx39qY79/w9yvlEGDTANBgkqhkiG9w0BAQsFADBN
-MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMScwJQYDVQQDEx5E
-aWdpQ2VydCBTSEEyIFNlY3VyZSBTZXJ2ZXIgQ0EwHhcNMTcwMzE4MDAwMDAwWhcN
-MjAwMzI1MTIwMDAwWjBnMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5p
-YTEVMBMGA1UEBxMMV2FsbnV0IENyZWVrMRUwEwYDVQQKEwxMdWNhcyBHYXJyb24x
-FTATBgNVBAMMDCouYmFkc3NsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
-AQoCggEBAMIE7PiM7gTCs9hQ1XBYzJMY61yoaEmwIrX5lZ6xKyx2PmzAS2BMTOqy
-tMAPgLaw+XLJhgL5XEFdEyt/ccRLvOmULlA3pmccYYz2QULFRtMWhyefdOsKnRFS
-JiFzbIRMeVXk0WvoBj1IFVKtsyjbqv9u/2CVSndrOfEk0TG23U3AxPxTuW1CrbV8
-/q71FdIzSOciccfCFHpsKOo3St/qbLVytH5aohbcabFXRNsKEqveww9HdFxBIuGa
-+RuT5q0iBikusbpJHAwnnqP7i/dAcgCskgjZjFeEU4EFy+b+a1SYQCeFxxC7c3Dv
-aRhBB0VVfPlkPz0sw6l865MaTIbRyoUCAwEAAaOCA9gwggPUMB8GA1UdIwQYMBaA
-FA+AYRyCMWHVLyjnjUY4tCzhxtniMB0GA1UdDgQWBBSd7sF7gQs6R2lxGH0RN5O8
-pRs/+zAjBgNVHREEHDAaggwqLmJhZHNzbC5jb22CCmJhZHNzbC5jb20wDgYDVR0P
-AQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBrBgNVHR8E
-ZDBiMC+gLaArhilodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vc3NjYS1zaGEyLWc1
-LmNybDAvoC2gK4YpaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL3NzY2Etc2hhMi1n
-NS5jcmwwTAYDVR0gBEUwQzA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0
-cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAIBgZngQwBAgMwfAYIKwYBBQUHAQEE
-cDBuMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wRgYIKwYB
-BQUHMAKGOmh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFNIQTJT
-ZWN1cmVTZXJ2ZXJDQS5jcnQwDAYDVR0TAQH/BAIwADCCAfUGCisGAQQB1nkCBAIE
-ggHlBIIB4QHfAHYApLkJkLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BAAAAFa
-36pBXQAABAMARzBFAiEAzR4KqC0zoD8FzR8Jk0wH3CMLf/j0s/sMFySg5gsIP3oC
-IHaSYDQXuInRJq1WHUHIwcdt7AscZAFWgEaCzh+8+QvCAHYAVhQGmi/XwuzT9eG9
-RLI+x0Z2ubyZEVzA75SYVdaJ0N0AAAFa36pCiAAABAMARzBFAiBPti1ehDk+YdyW
-s4qjScmz9kuzTWor6jQYk8/GZDwRHwIhAPvbr23VquHaId4nvBHit7YGdJXpu7En
-UZRQrU1P0lLVAHUA7ku9t3XOYLrhQmkfq+GeZqMPfl+wctiDAMR7iXqo/csAAAFa
-36pEWQAABAMARjBEAiBUQkeTNpBWju4/OXnxjOOlowEXos1XsItqfLkajzv6cQIg
-QLzLDhSKvxVRNq/4Z1rfbh8iEYM6Hj52NpO9+L0565oAdgC72d+8H4pxtZOUI5eq
-kntHOFeVCqtS6BqQlmQ2jh7RhQAAAVrfqkIWAAAEAwBHMEUCIHhqWRiCNNf8h3i2
-ADwso5l22FFp8H6jBBp+6B2PaBSUAiEAmk8vYlhgaLLc0Gkc+MkUIZ9sEoLR+tOF
-BLatSTQk1EowDQYJKoZIhvcNAQELBQADggEBAGl6hl3sDaxY762cJc5fxNG9Kc/Q
-Wvf5YzTLNxIuxEfTsj/Zgm+Q2hFl9enYRj4M1Weo/sw/8Jw9DGSuypOiYXCz9Ikx
-0Fc2j/Oq939JU5+ok1AikAeXna4DFTtw8ByIchrU6tbZa/JocSM0WZl7WIrgOtvw
-T+qCyI9JgYCnWRbPRfhZrlKxqQpwoP++aFV0HOBR9nj/Rzisq8ZGn7f6HKVxlqHS
-lBdhbmcHA/nHgbpwU2bmonivndvnpQHI8Fxd4BzbcRYM+ZIkATWA5/aOvH/EEIb6
-kwipaXsqHLfaJq1SY5G097HgWHWCkCUD/pxX6psTTavqftLenSd7piK3+fw=
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIIElDCCA3ygAwIBAgIQAf2j627KdciIQ4tyS8+8kTANBgkqhkiG9w0BAQsFADBh
-MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
-d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD
-QTAeFw0xMzAzMDgxMjAwMDBaFw0yMzAzMDgxMjAwMDBaME0xCzAJBgNVBAYTAlVT
-MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxJzAlBgNVBAMTHkRpZ2lDZXJ0IFNIQTIg
-U2VjdXJlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
-ANyuWJBNwcQwFZA1W248ghX1LFy949v/cUP6ZCWA1O4Yok3wZtAKc24RmDYXZK83
-nf36QYSvx6+M/hpzTc8zl5CilodTgyu5pnVILR1WN3vaMTIa16yrBvSqXUu3R0bd
-KpPDkC55gIDvEwRqFDu1m5K+wgdlTvza/P96rtxcflUxDOg5B6TXvi/TC2rSsd9f
-/ld0Uzs1gN2ujkSYs58O09rg1/RrKatEp0tYhG2SS4HD2nOLEpdIkARFdRrdNzGX
-kujNVA075ME/OV4uuPNcfhCOhkEAjUVmR7ChZc6gqikJTvOX6+guqw9ypzAO+sf0
-/RR3w6RbKFfCs/mC/bdFWJsCAwEAAaOCAVowggFWMBIGA1UdEwEB/wQIMAYBAf8C
-AQAwDgYDVR0PAQH/BAQDAgGGMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYY
-aHR0cDovL29jc3AuZGlnaWNlcnQuY29tMHsGA1UdHwR0MHIwN6A1oDOGMWh0dHA6
-Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RDQS5jcmwwN6A1
-oDOGMWh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RD
-QS5jcmwwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8v
-d3d3LmRpZ2ljZXJ0LmNvbS9DUFMwHQYDVR0OBBYEFA+AYRyCMWHVLyjnjUY4tCzh
-xtniMB8GA1UdIwQYMBaAFAPeUDVW0Uy7ZvCj4hsbw5eyPdFVMA0GCSqGSIb3DQEB
-CwUAA4IBAQAjPt9L0jFCpbZ+QlwaRMxp0Wi0XUvgBCFsS+JtzLHgl4+mUwnNqipl
-5TlPHoOlblyYoiQm5vuh7ZPHLgLGTUq/sELfeNqzqPlt/yGFUzZgTHbO7Djc1lGA
-8MXW5dRNJ2Srm8c+cftIl7gzbckTB+6WohsYFfZcTEDts8Ls/3HB40f/1LkAtDdC
-2iDJ6m6K7hQGrn2iWZiIqBtvLfTyyRRfJs8sjX7tN8Cp1Tm5gr8ZDOo0rwAhaPit
-c+LJMto4JQtV05od8GiG7S5BNO98pVAdvzr508EIDObtHopYJeS4d60tbvVS3bR0
-j6tJLp07kzQoH3jOlOrHvdPJbRzeXDLz
------END CERTIFICATE-----

roles/ssl-self-check/files/ssl_self_check/certs/certs/sets/prod/pregen/chain/fallback.pem

@@ -1,29 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIE8DCCAtigAwIBAgIJAM28Wkrsl2exMA0GCSqGSIb3DQEBCwUAMH8xCzAJBgNV
-BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNp
-c2NvMQ8wDQYDVQQKDAZCYWRTU0wxMjAwBgNVBAMMKUJhZFNTTCBJbnRlcm1lZGlh
-dGUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTE2MDgwODIxMTcwNVoXDTE4MDgw
-ODIxMTcwNVowgagxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYw
-FAYDVQQHDA1TYW4gRnJhbmNpc2NvMTYwNAYDVQQKDC1CYWRTU0wgRmFsbGJhY2su
-IFVua25vd24gc3ViZG9tYWluIG9yIG5vIFNOSS4xNDAyBgNVBAMMK2JhZHNzbC1m
-YWxsYmFjay11bmtub3duLXN1YmRvbWFpbi1vci1uby1zbmkwggEiMA0GCSqGSIb3
-DQEBAQUAA4IBDwAwggEKAoIBAQDCBOz4jO4EwrPYUNVwWMyTGOtcqGhJsCK1+ZWe
-sSssdj5swEtgTEzqsrTAD4C2sPlyyYYC+VxBXRMrf3HES7zplC5QN6ZnHGGM9kFC
-xUbTFocnn3TrCp0RUiYhc2yETHlV5NFr6AY9SBVSrbMo26r/bv9glUp3aznxJNEx
-tt1NwMT8U7ltQq21fP6u9RXSM0jnInHHwhR6bCjqN0rf6my1crR+WqIW3GmxV0Tb
-ChKr3sMPR3RcQSLhmvkbk+atIgYpLrG6SRwMJ56j+4v3QHIArJII2YxXhFOBBcvm
-/mtUmEAnhccQu3Nw72kYQQdFVXz5ZD89LMOpfOuTGkyG0cqFAgMBAAGjRTBDMAkG
-A1UdEwQCMAAwNgYDVR0RBC8wLYIrYmFkc3NsLWZhbGxiYWNrLXVua25vd24tc3Vi
-ZG9tYWluLW9yLW5vLXNuaTANBgkqhkiG9w0BAQsFAAOCAgEAsuFs0K86D2IB20nB
-QNb+4vs2Z6kECmVUuD0vEUBR/dovFE4PfzTr6uUwRoRdjToewx9VCwvTL7toq3dd
-oOwHakRjoxvq+lKvPq+0FMTlKYRjOL6Cq3wZNcsyiTYr7odyKbZs383rEBbcNu0N
-c666/ozs4y4W7ufeMFrKak9UenrrPlUe0nrEHV3IMSF32iV85nXm95f7aLFvM6Lm
-EzAGgWopuRqD+J0QEt3WNODWqBSZ9EYyx9l2l+KI1QcMalG20QXuxDNHmTEzMaCj
-4Zl8k0szexR8rbcQEgJ9J+izxsecLRVp70siGEYDkhq0DgIDOjmmu8ath4yznX6A
-pYEGtYTDUxIvsWxwkraBBJAfVxkp2OSg7DiZEVlMM8QxbSeLCz+63kE/d5iJfqde
-cGqX7rKEsVW4VLfHPF8sfCyXVi5sWrXrDvJm3zx2b3XToU7EbNONO1C85NsUOWy4
-JccoiguV8V6C723IgzkSgJMlpblJ6FVxC6ZX5XJ0ZsMI9TIjibM2L1Z9DkWRCT6D
-QjuKbYUeURhScofQBiIx73V7VXnFoc1qHAUd/pGhfkCUnUcuBV1SzCEhjiwjnVKx
-HJKvc9OYjJD0ZuvZw9gBrY7qKyBX8g+sglEGFNhruH8/OhqrV8pBXX/EWY0fUZTh
-iywmc6GTT7X94Ze2F7iB45jh7WQ=
------END CERTIFICATE-----