gfwleak/solutions-tsg-scripts
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: gfwleak:scripts-https-self-check
Branches Tags
gfwleak:tsg-version20.11.rc1-deploy gfwleak:tsg-version21.09-ansible gfwleak:tsg-version-21.06-deploy-to-mirror-traffic gfwleak:tsg-version21.05-deploy gfwleak:tsg-deploy-K18-in-KZ-update-version-21.04 gfwleak:tsg-version21.04-deploy gfwleak:tsg-version21.03-deploy gfwleak:tsg-deploy-K18-in-KZ gfwleak:tsg-version21.02-deploy gfwleak:dpi-platform-version20.11.rc3-deploy gfwleak:dpi-version20.11.rc3-deploy gfwleak:tsg-version20.11-deploy gfwleak:tfe-4.3.16 gfwleak:tsg-version20.11.rc1-deploy-firewall gfwleak:tsg-app-global-version.20.11.02 gfwleak:tsg-version20.09-deploy gfwleak:tsg-version20.08.2-deploy gfwleak:tsg-version20.08-deploy gfwleak:tsg-version20.07-deploy gfwleak:tsg-version20.08.1-deploy gfwleak:tsg-version20.07.rc1-deploy gfwleak:self-test-and-make-static-package gfwleak:tsg-version20.06.01-deploy gfwleak:tsg-version20.06-deploy gfwleak:tsg-version20.05.01-deploy gfwleak:tsg-version20.5-deploy gfwleak:tsg-version20.5-Temp gfwleak:tsg-version20.4.01-deploy gfwleak:tsg-version20.4-deploy gfwleak:Tsg-v3.0-firewall gfwleak:master gfwleak:scripts-https-self-check gfwleak:Feature-kni-3.0
gfwleak:test-docker-env-install-1 gfwleak:test-docker-env-install gfwleak:two-job-2 gfwleak:two-job
..
compare: gfwleak:tsg-version20.4-deploy
Branches Tags
gfwleak:tsg-version21.09-ansible gfwleak:tsg-version-21.06-deploy-to-mirror-traffic gfwleak:tsg-version21.05-deploy gfwleak:tsg-deploy-K18-in-KZ-update-version-21.04 gfwleak:tsg-version21.04-deploy gfwleak:tsg-version21.03-deploy gfwleak:tsg-deploy-K18-in-KZ gfwleak:tsg-version21.02-deploy gfwleak:dpi-platform-version20.11.rc3-deploy gfwleak:dpi-version20.11.rc3-deploy gfwleak:tsg-version20.11-deploy gfwleak:tfe-4.3.16 gfwleak:tsg-version20.11.rc1-deploy gfwleak:tsg-version20.11.rc1-deploy-firewall gfwleak:tsg-app-global-version.20.11.02 gfwleak:tsg-version20.09-deploy gfwleak:tsg-version20.08.2-deploy gfwleak:tsg-version20.08-deploy gfwleak:tsg-version20.07-deploy gfwleak:tsg-version20.08.1-deploy gfwleak:tsg-version20.07.rc1-deploy gfwleak:self-test-and-make-static-package gfwleak:tsg-version20.06.01-deploy gfwleak:tsg-version20.06-deploy gfwleak:tsg-version20.05.01-deploy gfwleak:tsg-version20.5-deploy gfwleak:tsg-version20.5-Temp gfwleak:tsg-version20.4.01-deploy gfwleak:tsg-version20.4-deploy gfwleak:Tsg-v3.0-firewall gfwleak:master gfwleak:scripts-https-self-check gfwleak:Feature-kni-3.0
gfwleak:test-docker-env-install-1 gfwleak:test-docker-env-install gfwleak:two-job-2 gfwleak:two-job

17 Commits
scripts-ht ... tsg-versio

Author SHA1 Message Date
zhangzhihan
6dc5a5113d sapp更新4.0.8 2020-04-29 14:59:53 +08:00
zhangzhihan
8dd9d58e07 更新sapp,优化部署 2020-04-28 17:54:17 +08:00
zhangzhihan
0c4a1306e9 更新ftp和fw_http插件 2020-04-28 13:12:16 +08:00
zhangzhihan
d8ded2517a sapp更新至4.0.11 2020-04-27 16:31:07 +08:00
zhangzhihan
5382ab72a2 修复20.4部署bug 2020-04-27 10:49:24 +08:00
zhangzhihan
f8ba0f2019 功能端部署剧本升级,适配20.4版本 2020-04-26 02:09:50 +08:00
zhangzhihan
633624c5a5 功能端部署剧本升级,适配20.04版本 2020-04-26 02:06:47 +08:00
zhangzhihan
9cad585759 新建Tsg-v3.0分支 2020-04-03 17:47:36 +08:00
zhangzhihan
2cdb69e410 删除过期文件 2020-04-03 17:17:15 +08:00
zhangzhihan
beb4590a5d 优化双臂模式部署 2020-04-01 10:31:23 +08:00
zhangzhihan
6e8fd65797 修改双臂模式部署内容 2020-03-30 13:51:32 +08:00
zhangzhihan
0d32f30299 修改部分部署bug,调整双臂模式部署 2020-03-30 13:35:40 +08:00
zhangzhihan
f498412f66 修改双臂模式部署部分内容 2020-03-28 14:37:28 +08:00
zhangzhihan
dbb89f7b7e 修改双臂模式部署部分内容 2020-03-28 13:09:51 +08:00
zhangzhihan
cfca4e5d64 改进双臂部署部分内容 2020-03-28 12:59:59 +08:00
zhangzhihan
bf5a401af9 删除: tsg-scripts.zip 2020-01-20 01:11:02 +08:00
zhangzhihan
a402dc2e89 1、增加cert-redis的安装包及task 
2、同步修改deploy.yml
3、为tsgconf/main.conf增加一个kafka的动态配置
4、修改tfe.conf中mc_default_eth的动态配置变量
5、原certstore中的r2、r3文件含有dos字符,修复该问题
 2020-01-20 01:03:39 +08:00
338 changed files with 2370 additions and 23220 deletions
Expand all files Collapse all files

2
.gitignore vendored
View File

@@ -1,2 +0,0 @@
.vscode
*.retry

74
adc_inline_device_access/group_vars/all.yml
View File

@@ -1,74 +0,0 @@
maat_redis_server:
address: "192.168.41.206"
port: 7002
db: 0
dynamic_maat_redis_server:
address: "192.168.41.206"
port: 7002
db: 1
cert_store_server:
address: "192.168.100.1"
port: 9991
log_kafkabrokers:
address: "192.168.41.204:9092"
log_minio:
address: "192.168.41.206"
port: 9090
fs_remote:
switch: 1
address: "192.168.100.1"
port: 58125
nic_transparent_mode:
enable: 0
run_as_tun_mode: 0
package_source: "local"
install_dns_debug: "yes"
install_ftp_debug: "yes"
install_http_debug: "yes"
install_mail_debug: "yes"
install_ssl_debug: "yes"
install_fw_dns_plug_debug: "yes"
install_fw_ftp_plug_debug: "yes"
install_fw_http_plug_debug: "yes"
install_fw_mail_plug_debug: "yes"
install_tsg_master: "yes"
kni:
global:
log_level: 10
tfe_node_count: 3
watch_dog:
switch: 1
maat:
readconf_mode: 2
send_logger:
switch: 1
tfe_nodes:
- tfe0:
enabled: 1
- tfe1:
enabled: 1
- tfe2:
enabled: 1
tfe:
nr_threads: 16
mc_cache_eth: ens1.100
keykeeper:
mode: "normal"
no_cache: 0
mrzcpd:
iocore: 47
mrtunnat:
lcore_id: 46

24
adc_inline_device_access/hosts
View File

@@ -1,24 +0,0 @@
[all:vars]
ansible_user=root
package_source=local
[blade-mxn]
192.168.40.170
[blade-00]
192.168.40.166
[blade-01]
192.168.40.167
[blade-02]
192.168.40.168
[blade-03]
192.168.40.169
[Functional_Host:children]
blade-00
blade-01
blade-02
blade-03

74
adc_tera_access/group_vars/all.yml
View File

@@ -1,74 +0,0 @@
maat_redis_server:
address: "192.168.41.206"
port: 7002
db: 0
dynamic_maat_redis_server:
address: "192.168.41.206"
port: 7002
db: 1
cert_store_server:
address: "192.168.100.1"
port: 9991
log_kafkabrokers:
address: "192.168.41.204:9092"
log_minio:
address: "192.168.41.206"
port: 9090
fs_remote:
switch: 1
address: "192.168.100.1"
port: 58125
nic_transparent_mode:
enable: 0
run_as_tun_mode: 0
package_source: "local"
install_dns_debug: "yes"
install_ftp_debug: "yes"
install_http_debug: "yes"
install_mail_debug: "yes"
install_ssl_debug: "yes"
install_fw_dns_plug_debug: "yes"
install_fw_ftp_plug_debug: "yes"
install_fw_http_plug_debug: "yes"
install_fw_mail_plug_debug: "yes"
install_tsg_master: "yes"
kni:
global:
log_level: 10
tfe_node_count: 3
watch_dog:
switch: 1
maat:
readconf_mode: 2
send_logger:
switch: 1
tfe_nodes:
- tfe0:
enabled: 1
- tfe1:
enabled: 1
- tfe2:
enabled: 1
tfe:
nr_threads: 16
mc_cache_eth: ens1.100
keykeeper:
mode: "normal"
no_cache: 0
mrzcpd:
iocore: 47
mrtunnat:
lcore_id: 46

14
adc_tera_access/group_vars/blade-00.yml
View File

@@ -1,14 +0,0 @@
nic_mgr:
name: enp6s0
nic_data_incoming:
name: ens1f4
address: 127.0.0.1
nic_inner_ctrl:
name: ens1.100
nic_to_tfe:
tfe0:
name: ens1f5
tfe1:
name: ens1f6
tfe2:
name: ens1f7

11
adc_tera_access/group_vars/blade-01.yml
View File

@@ -1,11 +0,0 @@
nic_mgr:
name: enp6s0
nic_data_incoming:
name: ens1f1
mac: AA:BB:CC:DD:EE:FF
address: 127.0.0.1
nic_inner_ctrl:
name: ens1.100
nic_traffic_mirror:
name: ens1f2
use_mrzcpd: 1

10
adc_tera_access/group_vars/blade-02.yml
View File

@@ -1,10 +0,0 @@
nic_mgr:
name: enp6s0
nic_data_incoming:
name: ens8f1
mac: AA:BB:CC:DD:EE:FF
nic_inner_ctrl:
name: ens8.100
nic_traffic_mirror:
name: ens8f2
use_mrzcpd: 1

10
adc_tera_access/group_vars/blade-03.yml
View File

@@ -1,10 +0,0 @@
nic_mgr:
name: enp6s0
nic_data_incoming:
name: ens8f1
mac: AA:BB:CC:DD:EE:FF
nic_inner_ctrl:
name: ens8.100
nic_traffic_mirror:
name: ens8f2
use_mrzcpd: 1

6
clear_redis_cache.yml
View File

@@ -1,6 +0,0 @@
- hosts: blade-00
tasks:
- name: "killall certstore"
command: "killall certstore"
- name: "clear redis cache"
command: "redis-cli flushdb"

24
deploy.yml
View File

@@ -1,7 +1,3 @@
- hosts: all
roles:
- groups-by-IPMB-addr
- hosts: Functional_Host - hosts: Functional_Host
roles: roles:
- framework - framework
@@ -9,41 +5,49 @@
- hosts: blade-00 - hosts: blade-00
roles: roles:
- tsg-env-mcn0 # - tsg-env-mcn0
- mrzcpd - mrzcpd
- sapp - sapp
- kni - kni
- firewall - firewall
- http_healthcheck
- clotho
- certstore - certstore
- cert-redis
- hosts: blade-01 - hosts: blade-01
roles: roles:
- tsg-env-mcn1 # - tsg-env-mcn1
- mrzcpd - mrzcpd
- tfe - tfe
- hosts: blade-02 - hosts: blade-02
roles: roles:
- tsg-env-mcn2 # - tsg-env-mcn2
- mrzcpd - mrzcpd
- tfe - tfe
- hosts: blade-03 - hosts: blade-03
roles: roles:
- tsg-env-mcn3 # - tsg-env-mcn3
- mrzcpd - mrzcpd
- tfe - tfe
- hosts: blade-mxn - hosts: blade-mxn
roles: roles:
- tsg-env-mxn # - tsg-env-mxn
- hosts: pc-as-tun-mode - hosts: pc-as-tun-mode
roles: roles:
- mrzcpd - kernel-ml
- framework - framework
- mrzcpd
- tsg-env-tun-mode
- sapp - sapp
- kni - kni
- firewall - firewall
- http_healthcheck
- clotho
- certstore - certstore
- cert-redis
- tfe - tfe

60
env-prod-astana/group_vars/all.yml
View File

@@ -1,60 +0,0 @@
maat_redis_server:
address: "10.4.35.1"
port: 6379
db: 0
dynamic_maat_redis_server:
address: "10.4.35.1"
port: 6379
db: 1
cert_store_server:
address: "192.168.100.1"
port: 9991
log_kafkabrokers:
address: "10.4.35.7:9092,10.4.35.8:9092,10.4.35.9:9092,10.4.35.10:9092,10.4.35.11:9092"
log_minio:
address: "10.4.35.1;"
port: 9000
fs_remote:
switch: 1
address: "192.168.100.1"
port: 58125
nic_transparent_mode:
enable: 0
run_as_tun_mode: 0
package_source: "local"
kni:
global:
log_level: 10
tfe_node_count: 3
watch_dog:
switch: 1
send_logger:
switch: 1
tfe_nodes:
- tfe0:
enabled: 1
- tfe1:
enabled: 1
- tfe2:
enabled: 1
tfe:
nr_threads: 16
keykeeper:
mode: "normal"
no_cache: 0
mrzcpd:
iocore: 55
mrtunnat:
lcore_id: 54

14
env-prod-astana/group_vars/blade-00.yml
View File

@@ -1,14 +0,0 @@
nic_mgr:
name: enp7s0
nic_data_incoming:
name: ens1f4
address: 127.0.0.1
nic_inner_ctrl:
name: ens1.100
nic_to_tfe:
tfe0:
name: ens1f5
tfe1:
name: ens1f6
tfe2:
name: ens1f7

11
env-prod-astana/group_vars/blade-01.yml
View File

@@ -1,11 +0,0 @@
nic_mgr:
name: enp7s0
nic_data_incoming:
name: ens1f1
mac: AA:BB:CC:DD:EE:FF
address: 127.0.0.1
nic_inner_ctrl:
name: ens1.100
nic_traffic_mirror:
name: ens1f2
use_mrzcpd: 1

10
env-prod-astana/group_vars/blade-02.yml
View File

@@ -1,10 +0,0 @@
nic_mgr:
name: enp7s0
nic_data_incoming:
name: ens8f1
mac: AA:BB:CC:DD:EE:FF
nic_inner_ctrl:
name: ens8.100
nic_traffic_mirror:
name: ens8f2
use_mrzcpd: 1

10
env-prod-astana/group_vars/blade-03.yml
View File

@@ -1,10 +0,0 @@
nic_mgr:
name: enp7s0
nic_data_incoming:
name: ens8f1
mac: AA:BB:CC:DD:EE:FF
nic_inner_ctrl:
name: ens8.100
nic_traffic_mirror:
name: ens8f2
use_mrzcpd: 1

100
env-prod-astana/hosts
View File

@@ -1,100 +0,0 @@
[all:vars]
ansible_user=root
[blade-mxn]
10.4.164.23
#10.4.164.24
10.4.164.25
10.4.164.26
10.4.164.27
10.4.164.28
10.4.164.29
[blade-00]
10.4.39.9
#10.4.39.13
10.4.39.17
10.4.39.21
10.4.39.25
10.4.39.29
10.4.39.33
[blade-01]
10.4.39.10
#10.4.39.14
10.4.39.18
10.4.39.22
10.4.39.26
10.4.39.30
10.4.39.34
[blade-02]
10.4.39.11
#10.4.39.15
10.4.39.19
10.4.39.23
10.4.39.27
10.4.39.31
10.4.39.35
[blade-03]
10.4.39.12
#10.4.39.16
10.4.39.20
10.4.39.24
10.4.39.28
10.4.39.32
10.4.39.36
[astana-adc-3]
10.4.164.23
10.4.39.9
10.4.39.10
10.4.39.11
10.4.39.12
[astana-adc-5]
10.4.164.25
10.4.39.17
10.4.39.18
10.4.39.19
10.4.39.20
[astana-adc-6]
10.4.164.26
10.4.39.21
10.4.39.22
10.4.39.23
10.4.39.24
[astana-adc-7]
10.4.164.27
10.4.39.25
10.4.39.26
10.4.39.27
10.4.39.28
[astana-adc-8]
10.4.164.28
10.4.39.29
10.4.39.30
10.4.39.31
10.4.39.32
[astana-adc-9]
10.4.164.29
10.4.39.33
10.4.39.34
10.4.39.35
10.4.39.36
[Functional_Host:children]
blade-00
blade-01
blade-02
blade-03
[Slave_Host:children]
blade-01
blade-02
blade-03

45
env-stage-hy/group_vars/all.yml
View File

@@ -1,45 +0,0 @@
maat_redis_server:
address: 192.168.100.3
port: 7002
db: 0
dynamic_maat_redis_server:
address: 192.168.100.3
port: 7002
db: 0
cert_store_server:
address: 192.168.100.1
port: 9991
log_kafkabrokers:
address: "192.168.100.4:9092"
log_minio:
address: "192.168.100.4;"
port: 9000
fs_remote:
switch: 0
address: "192.168.10.152"
port: 8125
kni:
global:
log_level: 30
tfe_node_count: 3
watch_dog:
switch: 1
tfe_nodes:
- tfe0:
enabled: 1
- tfe1:
enabled: 1
- tfe2:
enabled: 1
tfe:
nr_threads: 32
keykeeper:
mode: "debug"
no_cache: 0

13
env-stage-hy/group_vars/blade-00.yml
View File

@@ -1,13 +0,0 @@
nic_mgr:
name: enp7s0
nic_data_incoming:
name: ens1f4
nic_inner_ctrl:
name: ens1.100
nic_to_tfe:
tfe0:
name: ens1f5
tfe1:
name: ens1f6
tfe2:
name: ens1f7

10
env-stage-hy/group_vars/blade-01.yml
View File

@@ -1,10 +0,0 @@
nic_mgr:
name: enp7s0
nic_data_incoming:
name: ens1f1
mac: AA:BB:CC:DD:EE:FF
nic_inner_ctrl:
name: ens1.100
nic_traffic_mirror:
name: ens1f2
use_mrzcpd: 1

10
env-stage-hy/group_vars/blade-02.yml
View File

@@ -1,10 +0,0 @@
nic_mgr:
name: enp7s0
nic_data_incoming:
name: ens8f1
mac: AA:BB:CC:DD:EE:FF
nic_inner_ctrl:
name: ens1.100
nic_traffic_mirror:
name: ens8f2
use_mrzcpd: 1

10
env-stage-hy/group_vars/blade-03.yml
View File

@@ -1,10 +0,0 @@
nic_mgr:
name: enp7s0
nic_data_incoming:
name: ens8f1
mac: AA:BB:CC:DD:EE:FF
nic_inner_ctrl:
name: ens1.100
nic_traffic_mirror:
name: ens8f2
use_mrzcpd: 1

12
env-stage-hy/hosts
View File

@@ -1,12 +0,0 @@
[all:vars]
ansible_user=root
[blade-00]
192.168.10.41
[blade-01]
192.168.10.42
[Functional_Host:children]
blade-00
blade-01

76
env-stage-pc/group_vars/all.yml
View File

@@ -1,76 +0,0 @@
maat_redis_server:
address: "192.168.40.83"
port: 7002
db: 0
dynamic_maat_redis_server:
address: "192.168.40.83"
port: 7002
db: 0
cert_store_server:
address: "127.0.0.1"
port: 9991
log_kafkabrokers:
address: "192.168.40.85:9092"
log_minio:
address: "192.168.40.85;"
port: 9000
fs_remote:
switch: 1
address: "127.0.0.1"
port: 8125
kni:
global:
log_level: 30
tfe_node_count: 3
watch_dog:
switch: 1
tfe_nodes:
- tfe0:
enabled: 1
- tfe1:
enabled: 1
- tfe2:
enabled: 1
tfe:
nr_threads: 32
keykeeper:
mode: "normal"
no_cache: 0
mrzcpd:
iocore: 47
mrtunnat:
lcore_id: 46
nic_mgr:
name: eth0
nic_data_incoming:
name: tun_kni
address: 127.0.0.1
nic_inner_ctrl:
name: lo
nic_to_tfe:
tfe0:
name: lo
tfe1:
name: lo
tfe2:
name: lo
nic_traffic_mirror:
name: lo
use_mrzcpd: 0
nic_transparent_mode:
enable: 1
mode: pcap
internel_interface: "enp0s20f0u3"
external_interface: "enp0s20f0u4"
run_as_tun_mode: 1

6
env-stage-pc/hosts
View File

@@ -1,6 +0,0 @@
[all:vars]
ansible_user=root
package_source=local
[pc-as-tun-mode]
192.168.40.85

55
env-stage-xxg/group_vars/all.yml
View File

@@ -1,55 +0,0 @@
maat_redis_server:
address: "192.168.40.120"
port: 7002
db: 0
dynamic_maat_redis_server:
address: "192.168.40.120"
port: 7002
db: 1
cert_store_server:
address: "192.168.40.161"
port: 9991
log_kafkabrokers:
address: "192.168.40.119:9092"
log_minio:
address: "192.168.40.223;"
port: 9000
fs_remote:
switch: 1
address: "192.168.100.1"
port: 8125
nic_transparent_mode:
enable: 0
kni:
global:
log_level: 30
tfe_node_count: 3
watch_dog:
switch: 1
tfe_nodes:
- tfe0:
enabled: 1
- tfe1:
enabled: 1
- tfe2:
enabled: 1
tfe:
nr_threads: 32
keykeeper:
mode: "normal"
no_cache: 0
mrzcpd:
iocore: 47
mrtunnat:
lcore_id: 46
run_as_tun_mode: 1

14
env-stage-xxg/group_vars/blade-00.yml
View File

@@ -1,14 +0,0 @@
nic_mgr:
name: enp6s0
nic_data_incoming:
name: ens1f4
address: 127.0.0.1
nic_inner_ctrl:
name: ens1.100
nic_to_tfe:
tfe0:
name: ens1f5
tfe1:
name: ens1f6
tfe2:
name: ens1f7

11
env-stage-xxg/group_vars/blade-01.yml
View File

@@ -1,11 +0,0 @@
nic_mgr:
name: enp6s0
nic_data_incoming:
name: ens1f1
mac: AA:BB:CC:DD:EE:FF
address: 127.0.0.1
nic_inner_ctrl:
name: ens1.100
nic_traffic_mirror:
name: ens1f2
use_mrzcpd: 1

10
env-stage-xxg/group_vars/blade-02.yml
View File

@@ -1,10 +0,0 @@
nic_mgr:
name: enp6s0
nic_data_incoming:
name: ens8f1
mac: AA:BB:CC:DD:EE:FF
nic_inner_ctrl:
name: ens8.100
nic_traffic_mirror:
name: ens8f2
use_mrzcpd: 1

10
env-stage-xxg/group_vars/blade-03.yml
View File

@@ -1,10 +0,0 @@
nic_mgr:
name: enp6s0
nic_data_incoming:
name: ens8f1
mac: AA:BB:CC:DD:EE:FF
nic_inner_ctrl:
name: ens8.100
nic_traffic_mirror:
name: ens8f2
use_mrzcpd: 1

24
env-stage-xxg/hosts
View File

@@ -1,24 +0,0 @@
[all:vars]
ansible_user=root
package_source=pulp
[blade-mxn]
192.168.40.25
[blade-00]
192.168.40.21
[blade-01]
192.168.40.22
[blade-02]
192.168.40.23
[blade-03]
192.168.40.24
[Functional_Host:children]
blade-00
blade-01
blade-02
blade-03

43
pc_double_arm_access/group_vars/all.yml → install_config/group_vars/all.yml
View File

@@ -1,10 +1,14 @@
########################################
tsg_access_type: 0
########################################
maat_redis_server: maat_redis_server:
address: "192.168.40.83" address: "192.168.40.168"
port: 7002 port: 7002
db: 0 db: 0
dynamic_maat_redis_server: dynamic_maat_redis_server:
address: "192.168.40.83" address: "192.168.40.168"
port: 7002 port: 7002
db: 0 db: 0
@@ -13,10 +17,10 @@ cert_store_server:
port: 9991 port: 9991
log_kafkabrokers: log_kafkabrokers:
address: "192.168.40.85:9092" address: "192.168.40.169:9092"
log_minio: log_minio:
address: "192.168.40.85;" address: "192.168.40.168;"
port: 9090 port: 9090
fs_remote: fs_remote:
@@ -24,17 +28,12 @@ fs_remote:
address: "127.0.0.1" address: "127.0.0.1"
port: 8125 port: 8125
install_dns_debug: "yes" ########################################
install_ftp_debug: "yes" sapp:
install_http_debug: "yes" worker_threads: 16
install_mail_debug: "yes" bind_mask: 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16
install_ssl_debug: "yes"
install_fw_dns_plug_debug: "yes"
install_fw_ftp_plug_debug: "yes"
install_fw_http_plug_debug: "yes"
install_fw_mail_plug_debug: "yes"
install_tsg_master: "yes"
########################################
kni: kni:
global: global:
log_level: 30 log_level: 30
@@ -52,33 +51,30 @@ kni:
enabled: 1 enabled: 1
- tfe2: - tfe2:
enabled: 1 enabled: 1
########################################
tfe: tfe:
nr_threads: 32 nr_threads: 32
mc_cache_eth: ens1.100 mc_cache_eth: lo
keykeeper: keykeeper:
mode: "normal" mode: "normal"
no_cache: 0 no_cache: 0
########################################
mrzcpd: mrzcpd:
iocore: 39 iocore: 39
mrtunnat: mrtunnat:
lcore_id: 38 lcore_id: 38
########################################
nic_mgr: nic_mgr:
name: eth0 name: eth0
nic_data_incoming: nic_data_incoming:
name: tun_kni name: tun_kni
address: 127.0.0.1 address: 127.0.0.1
nic_inner_ctrl: nic_inner_ctrl:
name: lo name: eth0.100
nic_to_tfe:
tfe0:
name: lo
tfe1:
name: lo
tfe2:
name: lo
nic_traffic_mirror: nic_traffic_mirror:
name: lo name: lo
use_mrzcpd: 0 use_mrzcpd: 0
@@ -89,4 +85,3 @@ nic_transparent_mode:
internel_interface: "eth2" internel_interface: "eth2"
external_interface: "eth3" external_interface: "eth3"
run_as_tun_mode: 1

8
adc_inline_device_access/group_vars/blade-00.yml → install_config/group_vars/blade-00.yml
View File

@@ -13,3 +13,11 @@ nic_to_tfe:
name: ens1f6 name: ens1f6
tfe2: tfe2:
name: ens1f7 name: ens1f7
AllotAccess:
virturlInterface_1: ens1f2.103
virturlInterface_2: ens1f2.104
virturlID_1: 103
virturlID_2: 104
vvipv4_mask: 24
vvipv6_mask: 64

0
adc_inline_device_access/group_vars/blade-01.yml → install_config/group_vars/blade-01.yml
View File

0
adc_inline_device_access/group_vars/blade-02.yml → install_config/group_vars/blade-02.yml
View File

0
adc_inline_device_access/group_vars/blade-03.yml → install_config/group_vars/blade-03.yml
View File

10
adc_tera_access/hosts → install_config/hosts
View File

@@ -2,11 +2,13 @@
ansible_user=root ansible_user=root
package_source=local package_source=local
[pc-as-tun-mode]
[blade-mxn] [blade-mxn]
192.168.40.170 192.168.40.170
[blade-00] [blade-00]
192.168.40.166 192.168.40.166 vvipv4_1= vvipv4_2= vvipv6_1= vvipv6_2=
[blade-01] [blade-01]
192.168.40.167 192.168.40.167
@@ -17,14 +19,8 @@ package_source=local
[blade-03] [blade-03]
192.168.40.169 192.168.40.169
[Functional_Host:children] [Functional_Host:children]
blade-00 blade-00
blade-01 blade-01
blade-02 blade-02
blade-03 blade-03
[Slave_Host:children]
blade-01
blade-02
blade-03

6
pc_double_arm_access/hosts
View File

@@ -1,6 +0,0 @@
[all:vars]
ansible_user=root
package_source=local
[pc-as-tun-mode]
192.168.40.139

3
pulp-install.yml
View File

@@ -1,3 +0,0 @@
- hosts: blade-0*
roles:
- pulp-consumer

13
rc.local
View File

@@ -1,13 +0,0 @@
#!/bin/bash
# THIS FILE IS ADDED FOR COMPATIBILITY PURPOSES
#
# It is highly advisable to create own systemd services or udev rules
# to run scripts during boot instead of using this file.
#
# In contrast to previous versions due to parallel execution during boot
# this script will NOT be run after all other services.
#
# Please note that you must run 'chmod +x /etc/rc.d/rc.local' to ensure
# that this script will be executed during boot.
touch /var/lock/subsys/local

1052
roles/cert-redis/files/cert-redis/6379/6379.conf Normal file
View File

File diff suppressed because it is too large Load Diff

BIN
roles/cert-redis/files/cert-redis/6379/dump.rdb Normal file
View File

Binary file not shown.

16
roles/cert-redis/files/cert-redis/cert-redis.service Normal file
View File

@@ -0,0 +1,16 @@
[Unit]
Description=Redis persistent key-value database
After=network.target
After=network-online.target
Wants=network-online.target
[Service]
ExecStart=/usr/local/bin/start-cert-redis
ExecStop=killall redis-server
Type=forking
RuntimeDirectory=redis
RuntimeDirectoryMode=0755
[Install]
WantedBy=multi-user.target

6
roles/cert-redis/files/cert-redis/install.sh Executable file
View File

@@ -0,0 +1,6 @@
#!/bin/bash
#
cp -rf redis-server /usr/local/bin/
cp -rf redis-cli /usr/local/bin
cp -rf cert-redis.service /usr/lib/systemd/system/
cp -rf start-cert-redis /usr/local/bin

BIN
roles/cert-redis/files/cert-redis/redis-cli Executable file
View File

Binary file not shown.

BIN
roles/cert-redis/files/cert-redis/redis-server Executable file
View File

Binary file not shown.

4
roles/cert-redis/files/cert-redis/start-cert-redis Executable file
View File

@@ -0,0 +1,4 @@
#!/bin/bash
#
/usr/local/bin/redis-server /home/tsg/cert-redis/6379/6379.conf

15
roles/cert-redis/tasks/main.yml Normal file
View File

@@ -0,0 +1,15 @@
- name: "copy cert-redis to destination server"
copy:
src: "{{ role_path }}/files/"
dest: /home/tsg
mode: 0755
- name: "install cert-redis"
shell: cd /home/tsg/cert-redis;sh install.sh
- name: "start cert-redis"
systemd:
name: cert-redis.service
state: started
daemon_reload: yes
enabled: yes

BIN
roles/certstore/files/certstore-base-online-20200108.tar.gz
View File

Binary file not shown.

BIN
roles/certstore/files/certstore-v20.04.3989072-1.el7.x86_64.rpm Normal file
View File

Binary file not shown.

BIN
roles/certstore/files/jemalloc-3.6.0-1.el7.x86_64.rpm
View File

Binary file not shown.

BIN
roles/certstore/files/redis-3.2.12-2.el7.x86_64.rpm
View File

Binary file not shown.

37
roles/certstore/tasks/main.yml
View File

@@ -1,39 +1,26 @@
--- - name: "copy certstore rpm to destination"
- name: "copy redis and dependency to destination"
synchronize: synchronize:
src: "{{ role_path }}/files/" src: "{{ role_path }}/files/"
dest: "/tmp/ansible_deploy/" dest: "/tmp/ansible_deploy/"
#- name: "install redis"
# yum:
# name:
# - /tmp/ansible_deploy/jemalloc-3.6.0-1.el7.x86_64.rpm
# - /tmp/ansible_deploy/redis-3.2.12-2.el7.x86_64.rpm
# state: present
#- name: "enable redis"
# systemd:
# name: redis
# enabled: yes
# state: started
- name: Ensures /home/tsg exists - name: Ensures /home/tsg exists
file: path=/home/tsg state=directory file: path=/home/tsg state=directory
tags: mkdir tags: mkdir
- name: install certstore - name: install certstore
unarchive: yum:
src: "{{ role_path }}/files/certstore-base-online-20200108.tar.gz" name:
dest: /home/tsg - /tmp/ansible_deploy/certstore-v20.04.3989072-1.el7.x86_64.rpm
state: present
- name: template certstore configure file - name: template certstore configure file
template: template:
src: "{{ role_path }}/templates/cert_store.ini.j2" src: "{{ role_path }}/templates/cert_store.ini.j2"
dest: /home/tsg/certstore-base/conf/cert_store.ini dest: /home/tsg/certstore/conf/cert_store.ini
- name: bootup certstore - name: "start certstore"
blockinfile: systemd:
marker: "## {mark} bootstrap certstore" name: certstore.service
path: /etc/rc.d/rc.local state: started
block: | enabled: yes
cd /home/tsg/certstore-base; ./r2_certstore daemon_reload: yes

2
roles/certstore/templates/cert_store.ini.j2
View File

@@ -2,7 +2,7 @@
#1:print on screen, 0:don't #1:print on screen, 0:don't
DEBUG_SWITCH = 1 DEBUG_SWITCH = 1
#10:DEBUG, 20:INFO, 30:FATAL #10:DEBUG, 20:INFO, 30:FATAL
RUN_LOG_LEVEL = 30 RUN_LOG_LEVEL = 10
RUN_LOG_PATH = ./logs RUN_LOG_PATH = ./logs
[CONFIG] [CONFIG]
#Number of running threads #Number of running threads

BIN
roles/clotho/files/clotho-debug-1.0.0.-1.el7.x86_64.rpm Normal file
View File

Binary file not shown.

13
roles/clotho/files/clotho.service Normal file
View File

@@ -0,0 +1,13 @@
[Unit]
Description=clotho
After=network.target
After=network-online.target
Wants=network-online.target
[Service]
ExecStart=/home/mesasoft/clotho/clotho
ExecStop=killall clotho
Type=forking
[Install]
WantedBy=multi-user.target

29
roles/clotho/tasks/main.yml Normal file
View File

@@ -0,0 +1,29 @@
- name: "copy clotho rpm to destination server"
copy:
src: "{{ role_path }}/files/clotho-debug-1.0.0.-1.el7.x86_64.rpm"
dest: /tmp/ansible_deploy/
- name: "copy clotho.service to destination server"
copy:
src: "{{ role_path }}/files/clotho.service"
dest: /usr/lib/systemd/system
mode: 0755
- name: "install clotho rpm from localhost"
yum:
name:
- /tmp/ansible_deploy/clotho-debug-1.0.0.-1.el7.x86_64.rpm
state: present
- name: "Template the clotho.conf"
template:
src: "{{ role_path }}/templates/clotho.conf.j2"
dest: /home/mesasoft/clotho/conf/clotho.conf
tags: template
- name: "start clotho"
systemd:
name: clotho.service
enabled: yes
daemon_reload: yes

7
roles/clotho/templates/clotho.conf.j2 Normal file
View File

@@ -0,0 +1,7 @@
[KAFKA]
BROKER_LIST={{ log_kafkabrokers.address }}
[SYSTEM]
NIC_NAME={{ nic_mgr.name }}
LOG_LEVEL=10
LOG_PATH=log/clotho

BIN
roles/firewall/files/capture_packet_plug-debug-1.0.0.-1.el7.x86_64.rpm Normal file
View File

Binary file not shown.

BIN
roles/firewall/files/clotho-debug-1.0.0.-1.el7.x86_64.rpm Normal file
View File

Binary file not shown.

BIN
roles/firewall/files/ftp-debug-1.0.0.-1.el7.x86_64.rpm
View File

Binary file not shown.

BIN
roles/firewall/files/fw_dns_plug-debug-1.0.2.1c9d36d-1.el7.centos.x86_64.rpm
View File

Binary file not shown.

BIN
roles/firewall/files/fw_dns_plug-debug-1.0.3.ea8e0f6-1.el7.centos.x86_64.rpm Normal file
View File

Binary file not shown.

BIN
roles/firewall/files/fw_ftp_plug-debug-1.0.0.bd656e4-1.el7.centos.x86_64.rpm
View File

Binary file not shown.

BIN
roles/firewall/files/fw_ftp_plug-debug-1.0.1.a5c1e05-1.el7.centos.x86_64.rpm Normal file
View File

Binary file not shown.

BIN
roles/firewall/files/fw_http_plug-debug-1.0.3.3c95e78-1.el7.centos.x86_64.rpm
View File

Binary file not shown.

BIN
roles/firewall/files/fw_mail_plug-debug-1.0.1.8792ed8-1.el7.centos.x86_64.rpm
View File

Binary file not shown.

BIN
roles/firewall/files/fw_mail_plug-debug-1.0.2.f513698-1.el7.centos.x86_64.rpm Normal file
View File

Binary file not shown.

BIN
roles/firewall/files/fw_ssl_plug-1.0.1.d232f96-1.el7.centos.x86_64.rpm Normal file
View File

Binary file not shown.

BIN
roles/firewall/files/mail-debug-1.0.0.-1.el7.x86_64.rpm
View File

Binary file not shown.

BIN
roles/firewall/files/tsg_conn_record-1.0.0.2155660-1.el7.centos.x86_64.rpm Normal file
View File

Binary file not shown.

BIN
roles/firewall/files/tsg_master-debug-1.0.1.f624b67-1.el7.centos.x86_64.rpm
View File

Binary file not shown.

89
roles/firewall/tasks/main.yml
View File

@@ -4,72 +4,41 @@
src: "{{ role_path }}/files/" src: "{{ role_path }}/files/"
dest: /tmp/ansible_deploy/ dest: /tmp/ansible_deploy/
- name: "install dns-debug rpms from localhost" - name: "install firewall packages"
yum: yum:
name: name: "{{ fw_packages }}"
state: present
vars:
fw_packages:
- /tmp/ansible_deploy/dns-debug-1.0.0.-1.el7.x86_64.rpm - /tmp/ansible_deploy/dns-debug-1.0.0.-1.el7.x86_64.rpm
state: present - /tmp/ansible_deploy/ftp-debug-1.0.2.1cddd55-1.el7.centos.x86_64.rpm
when: install_dns_debug == "yes"
- name: "install ftp-debug rpms from localhost"
yum:
name:
- /tmp/ansible_deploy/ftp-debug-1.0.0.-1.el7.x86_64.rpm
state: present
when: install_ftp_debug == "yes"
- name: "install http-debug rpms from localhost"
yum:
name:
- /tmp/ansible_deploy/http-debug-1.0.0.-1.el7.x86_64.rpm - /tmp/ansible_deploy/http-debug-1.0.0.-1.el7.x86_64.rpm
state: present
when: install_http_debug == "yes"
- name: "install mail-debug rpms from localhost"
yum:
name:
- /tmp/ansible_deploy/mail-debug-1.0.0.-1.el7.x86_64.rpm - /tmp/ansible_deploy/mail-debug-1.0.0.-1.el7.x86_64.rpm
state: present
when: install_mail_debug == "yes"
- name: "install ssl-debug rpms from localhost"
yum:
name:
- /tmp/ansible_deploy/ssl-debug-1.0.0.-1.el7.x86_64.rpm - /tmp/ansible_deploy/ssl-debug-1.0.0.-1.el7.x86_64.rpm
state: present - /tmp/ansible_deploy/tsg_conn_record-1.0.0.2155660-1.el7.centos.x86_64.rpm
when: install_ssl_debug == "yes" - /tmp/ansible_deploy/fw_dns_plug-debug-1.0.3.ea8e0f6-1.el7.centos.x86_64.rpm
- /tmp/ansible_deploy/fw_ftp_plug-debug-1.0.1.a5c1e05-1.el7.centos.x86_64.rpm
- /tmp/ansible_deploy/fw_http_plug-debug-1.0.8.620f455-1.el7.centos.x86_64.rpm
- /tmp/ansible_deploy/fw_mail_plug-debug-1.0.2.f513698-1.el7.centos.x86_64.rpm
- /tmp/ansible_deploy/fw_ssl_plug-1.0.1.d232f96-1.el7.centos.x86_64.rpm
- /tmp/ansible_deploy/capture_packet_plug-debug-1.0.0.-1.el7.x86_64.rpm
- /tmp/ansible_deploy/clotho-debug-1.0.0.-1.el7.x86_64.rpm
- name: "install fw_dns_plug-debug rpms from localhost" - name: "Template the tsgconf/main.conf"
yum: template:
name: src: "{{ role_path }}/templates/main.conf.j2"
- /tmp/ansible_deploy/fw_dns_plug-debug-1.0.2.1c9d36d-1.el7.centos.x86_64.rpm dest: /home/mesasoft/sapp_run/tsgconf/main.conf
state: present tags: template
when: install_fw_dns_plug_debug == "yes"
- name: "install fw_ftp_plug-debug rpms from localhost"
yum:
name:
- /tmp/ansible_deploy/fw_ftp_plug-debug-1.0.0.bd656e4-1.el7.centos.x86_64.rpm
state: present
when: install_fw_ftp_plug_debug == "yes"
- name: "install fw_http_plug-debug rpms from localhost" - name: "Template the tsgconf/maat.conf"
yum: template:
name: src: "{{ role_path }}/templates/maat.conf.j2"
- /tmp/ansible_deploy/fw_http_plug-debug-1.0.3.3c95e78-1.el7.centos.x86_64.rpm dest: /home/mesasoft/sapp_run/tsgconf/maat.conf
state: present tags: template
when: install_fw_http_plug_debug == "yes"
- name: "install fw_mail_plug-debug rpms from localhost" - name: "Template the conf/capture_packet_plug.conf.j2"
yum: template:
name: src: "{{ role_path }}/templates/capture_packet_plug.conf.j2"
- /tmp/ansible_deploy/fw_mail_plug-debug-1.0.1.8792ed8-1.el7.centos.x86_64.rpm dest: /home/mesasoft/sapp_run/conf/capture_packet_plug.conf
state: present tags: template
when: install_fw_mail_plug_debug == "yes"
- name: "install tsg-master rpms from localhost"
yum:
name:
- /tmp/ansible_deploy/tsg_master-debug-1.0.1.f624b67-1.el7.centos.x86_64.rpm
state: present
when: install_tsg_master == "yes"

25
roles/firewall/templates/capture_packet_plug.conf.j2 Normal file
View File

@@ -0,0 +1,25 @@
[MAAT]
MAAT_MODE=2
#EFFECTIVE_FLAG=
STAT_SWITCH=1
PERF_SWITCH=1
TABLE_INFO=conf/capture_packet_tableinfo.conf
STAT_FILE=capture_packet_maat.status
EFFECT_INTERVAL_S=1
REDIS_IP={{ maat_redis_server.address }}
REDIS_PORT_NUM=1
REDIS_PORT={{ maat_redis_server.port }}
REDIS_INDEX=0
JSON_CFG_FILE=conf/capture_packet_maat.json
INC_CFG_DIR=capture_packet_rule/inc/index/
FULL_CFG_DIR=capture_packet_rule/full/index/
[LOG]
NIC_NAME={{ nic_mgr.name }}
BROKER_LIST={{ log_kafkabrokers.address }}
FIELD_FILE=conf/capture_packet_log_field.conf
[SYSTEM]
LOG_LEVEL=10
LOG_PATH=./tsglog/capture_packet_plug/capture_packet

30
roles/firewall/templates/maat.conf.j2 Normal file
View File

@@ -0,0 +1,30 @@
[STATIC]
MAAT_MODE=2
STAT_SWITCH=1
PERF_SWITCH=1
TABLE_INFO=tsgconf/tsg_static_tableinfo.conf
STAT_FILE=tsg_static_maat.status
EFFECT_INTERVAL_S=1
REDIS_IP={{ maat_redis_server.address }}
REDIS_PORT_NUM=1
REDIS_PORT=7002
REDIS_INDEX=0
JSON_CFG_FILE=tsgconf/tsg_maat.json
INC_CFG_DIR=tsgrule/inc/index/
FULL_CFG_DIR=tsgrule/full/index/
[DYNAMIC]
MAAT_MODE=2
STAT_SWITCH=1
PERF_SWITCH=1
TABLE_INFO=tsgconf/tsg_dynamic_tableinfo.conf
STAT_FILE=tsg_dynamic_maat.status
EFFECT_INTERVAL_S=1
REDIS_IP={{ dynamic_maat_redis_server.address }}
REDIS_PORT_NUM=1
REDIS_PORT=7002
REDIS_INDEX=1
JSON_CFG_FILE=tsgconf/tsg_maat.json
INC_CFG_DIR=tsgrule/inc/index/
FULL_CFG_DIR=tsgrule/full/index/

51
roles/firewall/templates/main.conf.j2 Normal file
View File

@@ -0,0 +1,51 @@
[FTP_PLUG]
LOG_PATH=./tsglog/fw_ftp_plug/fw_ftp_plug
LOG_LEVEL=10
TIMEOUT=600
[MAIL_PLUG]
LOG_PATH=./tsglog/fw_mail_plug/fw_mail_plug
LOG_LEVEL=10
TIMEOUT=600
[HTTP_PLUG]
LOG_PATH=./tsglog/fw_http_plug/fw_http_plug
LOG_LEVEL=10
[DNS_PLUG]
LOG_PATH=./tsglog/fw_dns_plug/fw_dns_plug
LOG_LEVEL=10
[MAAT]
PROFILE=./tsgconf/maat.conf
SUBSCRIBER_ID_TABLE=TSG_OBJ_SUBSCRIBER_ID
CB_SUBSCRIBER_IP_TABLE=TSG_DYN_SUBSCRIBER_IP
IP_ADDR_TABLE=TSG_SECURITY_ADDR
[TSG_LOG]
MODE=1
NIC_NAME={{ nic_mgr.name }}
MAX_SERVICE=1
LOG_LEVEL=10
LOG_PATH=./tsglog/tsglog
BROKER_LIST={{ log_kafkabrokers.address }}
COMMON_FIELD_FILE=tsgconf/tsg_log_field.conf
[STATISTIC]
CYCLE=0
TELEGRAF_PORT=8100
TELEGRAF_IP=127.0.0.1
OUTPUT_PATH=./tsg_statistic.log
APP_NAME=statistic
[FIELD_STAT]
CYCLE=3
TELEGRAF_PORT=8125
TELEGRAF_IP=127.0.0.1
OUTPUT_PATH=./tsg_stat.log
APP_NAME=tsg_master
[SYSTEM]
LOG_LEVEL=10
LOG_PATH=./tsglog/tsg_master
POLICY_PRIORITY_LABEL=POLICY_PRIORITY

BIN
roles/framework/files/framework-debug-2.0.17.1e678c4-1.el7.centos.x86_64.rpm Executable file
View File

Binary file not shown.

0
roles/framework/files/framework/framework.conf → roles/framework/files/framework.conf
View File

BIN
roles/framework/files/framework/framework-2.0.11.aad8b7e-1.el7.centos.x86_64.rpm
View File

Binary file not shown.

BIN
roles/framework/files/kernel/kernel-ml-5.1.8-1.el7.elrepo.x86_64.rpm
View File

Binary file not shown.

BIN
roles/framework/files/kernel/kernel-ml-devel-5.1.8-1.el7.elrepo.x86_64.rpm
View File

Binary file not shown.

BIN
roles/framework/files/libmaatframe-2.8.0.5a450d2-1.el7.x86_64.rpm Normal file
View File

Binary file not shown.

BIN
roles/framework/files/maat/lib/libmaatframe.so.2.8
View File

Binary file not shown.

BIN
roles/framework/files/rulescan/librulescan.so
View File

Binary file not shown.

31
roles/framework/tasks/main.yml
View File

@@ -1,4 +1,3 @@
---
- name: "copy framework rpms to destination server" - name: "copy framework rpms to destination server"
synchronize: synchronize:
src: "{{ role_path }}/files/" src: "{{ role_path }}/files/"
@@ -10,35 +9,7 @@
state: present state: present
vars: vars:
packages: packages:
- /tmp/ansible_deploy/dkms/dkms-2.7.1-1.el7.noarch.rpm - /tmp/ansible_deploy/framework-debug-2.0.17.1e678c4-1.el7.centos.x86_64.rpm
- /tmp/ansible_deploy/framework/framework-2.0.11.aad8b7e-1.el7.centos.x86_64.rpm
- name: "install framework ld.conf"
synchronize:
src: "{{ role_path }}/files/framework/framework.conf"
dest: /etc/ld.so.conf.d/framework.conf
- name: "install/update rulescan library"
synchronize:
src: "{{ role_path }}/files/rulescan/librulescan.so"
dest: /opt/MESA/lib/librulescan.so
- name: "install/update maat library files"
synchronize:
src: "{{ role_path }}/files/maat/lib/"
dest: /opt/MESA/lib/
- name: "create maat library symbol links - A"
file:
src: "libmaatframe.so.2.8"
path: /opt/MESA/lib/libmaatframe.so.2
state: link
- name: "create maat library symbol links - B"
file:
src: "libmaatframe.so.2"
path: /opt/MESA/lib/libmaatframe.so
state: link
- name: "update ld" - name: "update ld"
command: ldconfig command: ldconfig

38
roles/groups-by-IPMB-addr/files/groups_by_IPMB_addr.fact
View File

@@ -1,38 +0,0 @@
#!/usr/bin/python
import json
import os
import re
class GroupsByIPMB(object):
def __init__(self,IPMB_cmd_str):
self.IPMB_cmd_str = IPMB_cmd_str
self.IPMB_num_str = None
self.IPMB_cmd_ret_str = None
def groups_exec_IPMB_command(self):
opt_handler = os.popen(self.IPMB_cmd_str)
self.IPMB_cmd_ret_str = opt_handler.read()
opt_handler.close()
def groups_split_IPMB_ret_str(self):
info_list = re.split(' |\n',self.IPMB_cmd_ret_str)
if info_list [5] == '90':
self.IPMB_num_str = 'IPMB_num_blade_00'
if info_list [5] == '80':
self.IPMB_num_str = 'IPMB_num_blade_01'
if info_list [5] == '88':
self.IPMB_num_str = 'IPMB_num_blade_02'
if info_list [5] == '98':
self.IPMB_num_str = 'IPMB_num_blade_03'
def groups_print_IPMB_num_str(self):
print (json.dumps(self.IPMB_num_str))
if __name__ == '__main__':
IPMB_cmd_str = 'ipmitool raw 0x2e 0x32 0x13 0x5f 0x00'
groups_by_IPMB = GroupsByIPMB(IPMB_cmd_str)
groups_by_IPMB.groups_exec_IPMB_command()
groups_by_IPMB.groups_split_IPMB_ret_str()
groups_by_IPMB.groups_print_IPMB_num_str()

25
roles/groups-by-IPMB-addr/tasks/main.yml
View File

@@ -1,25 +0,0 @@
---
- name: 'copy groups-by-IPMB-addr.fact to host'
copy:
src: "{{ role_path }}/files/groups_by_IPMB_addr.fact"
dest: "/etc/ansible/facts.d/groups_by_IPMB_addr.fact"
mode: "0755"
- name: 'Gathers facts from remote hosts'
setup:
filter: 'ansible_local'
fact_path: /etc/ansible/facts.d
- name: "debug"
debug: var=ansible_local
- name: 'group by gathers facts'
group_by:
key: '{{item.key}}'
when: ansible_local.groups_by_IPMB_addr == item.value
with_items:
- { key: 'blade-00', value: 'IPMB_num_blade_00' }
- { key: 'blade-01', value: 'IPMB_num_blade_01' }
- { key: 'blade-02', value: 'IPMB_num_blade_02' }
- { key: 'blade-03', value: 'IPMB_num_blade_03' }

BIN
roles/http_healthcheck/files/http_healthcheck-20.04-1.el7.x86_64.rpm Normal file
View File

Binary file not shown.

10
roles/http_healthcheck/tasks/main.yml Normal file
View File

@@ -0,0 +1,10 @@
- name: "copy http_healthcheck rpm to destination server"
copy:
src: "{{ role_path }}/files/"
dest: /tmp/ansible_deploy/
- name: "install http_healthcheck from localhost"
yum:
name:
- /tmp/ansible_deploy/http_healthcheck-20.04-1.el7.x86_64.rpm
state: present

0
roles/framework/files/dkms/dkms-2.7.1-1.el7.noarch.rpm → roles/kernel-ml/files/dkms-2.7.1-1.el7.noarch.rpm
View File

1
roles/kernel-ml/tasks/main.yml
View File

@@ -9,6 +9,7 @@
name: name:
- /tmp/ansible_deploy/kernel/kernel-ml-5.1.8-1.el7.elrepo.x86_64.rpm - /tmp/ansible_deploy/kernel/kernel-ml-5.1.8-1.el7.elrepo.x86_64.rpm
- /tmp/ansible_deploy/kernel/kernel-ml-devel-5.1.8-1.el7.elrepo.x86_64.rpm - /tmp/ansible_deploy/kernel/kernel-ml-devel-5.1.8-1.el7.elrepo.x86_64.rpm
- /tmp/ansible_deploy/dkms-2.7.1-1.el7.noarch.rpm
state: present state: present
register: t_kernel_ml register: t_kernel_ml

BIN
roles/kni/files/kni-20.04-1.el7.x86_64.rpm Normal file
View File

Binary file not shown.

BIN
roles/kni/files/kni-3.0.2.57bfa41-1.el7.x86_64.rpm
View File

Binary file not shown.

BIN
roles/kni/files/kni-debug-3.0.1.f81dd69-1.el7.x86_64.rpm
View File

Binary file not shown.

BIN
roles/kni/files/kni-debug-debuginfo-3.0.1.f81dd69-1.el7.x86_64.rpm
View File

Binary file not shown.

BIN
roles/kni/files/kni-debuginfo-3.0.2.57bfa41-1.el7.x86_64.rpm
View File

Binary file not shown.

2
roles/kni/tasks/main.yml
View File

@@ -7,7 +7,7 @@
- name: "install kni rpms from localhost" - name: "install kni rpms from localhost"
yum: yum:
name: name:
- /tmp/ansible_deploy/kni-3.0.2.57bfa41-1.el7.x86_64.rpm - /tmp/ansible_deploy/kni-20.04-1.el7.x86_64.rpm
state: present state: present
- name: Template the kni.conf - name: Template the kni.conf

6
roles/kni/templates/kni.conf.j2
View File

@@ -3,7 +3,7 @@ log_path = ./log/kni/kni.log
log_level = {{ kni.global.log_level }} log_level = {{ kni.global.log_level }}
tfe_node_count = {{ kni.global.tfe_node_count }} tfe_node_count = {{ kni.global.tfe_node_count }}
manage_eth = {{ nic_mgr.name }} manage_eth = {{ nic_mgr.name }}
{% if run_as_tun_mode %} {% if tsg_access_type == 0 %}
deploy_mode = tun deploy_mode = tun
{% else %} {% else %}
deploy_mode = normal deploy_mode = normal
@@ -11,7 +11,8 @@ deploy_mode = normal
tun_name = tun_kni tun_name = tun_kni
src_mac_addr = 00:0e:c6:d6:72:c1 src_mac_addr = 00:0e:c6:d6:72:c1
dst_mac_addr = fe:65:b7:03:50:bd dst_mac_addr = fe:65:b7:03:50:bd
{% if tsg_access_type == 0 %}
{% else %}
[tfe0] [tfe0]
enabled = 1 enabled = 1
dev_eth_symbol = {{ nic_to_tfe.tfe0.name }} dev_eth_symbol = {{ nic_to_tfe.tfe0.name }}
@@ -26,6 +27,7 @@ ip_addr = 192.168.100.3
enabled = 1 enabled = 1
dev_eth_symbol = {{ nic_to_tfe.tfe2.name }} dev_eth_symbol = {{ nic_to_tfe.tfe2.name }}
ip_addr = 192.168.100.4 ip_addr = 192.168.100.4
{% endif %}
[tfe_cmsg_receiver] [tfe_cmsg_receiver]
listen_eth = {{ nic_inner_ctrl.name }} listen_eth = {{ nic_inner_ctrl.name }}

BIN
roles/mrzcpd/files/mrzcpd-4.3.14.79e262c-1.el7.x86_64.rpm
View File

Binary file not shown.

BIN
roles/mrzcpd/files/mrzcpd-4.3.15.7b8ad9e-1.el7.x86_64.rpm
View File

Binary file not shown.

45
roles/mrzcpd/tasks/main.yml
View File

@@ -6,7 +6,7 @@
- name: "install mrzcpd" - name: "install mrzcpd"
yum: yum:
name: /tmp/ansible_deploy/mrzcpd-4.3.15.7b8ad9e-1.el7.x86_64.rpm name: /tmp/ansible_deploy/mrzcpd-4.3.18.f543325-1.el7.x86_64.rpm
state: present state: present
- name: "update sysconfig/mrzcpd" - name: "update sysconfig/mrzcpd"
@@ -20,17 +20,37 @@
dest: /opt/mrzcpd/etc/mrglobal.conf dest: /opt/mrzcpd/etc/mrglobal.conf
when: nic_traffic_mirror is defined when: nic_traffic_mirror is defined
- name: "update mrglobal.conf - master blade" - name: "update mrglobal.conf.inline - blade00"
template: template:
src: "{{ role_path }}/templates/mrglobal.conf.inline.j2" src: "{{ role_path }}/templates/mrglobal.conf.inline.j2"
dest: /opt/mrzcpd/etc/mrglobal.conf dest: /opt/mrzcpd/etc/mrglobal.conf
when: nic_traffic_mirror is not defined when:
- nic_traffic_mirror is not defined
- tsg_access_type == 1
- name: "update mrtunnat.conf - master blade" - name: "update mrglobal.conf.allot - blade00"
template:
src: "{{ role_path }}/templates/mrglobal.conf.allot_access.j2"
dest: /opt/mrzcpd/etc/mrglobal.conf
when:
- nic_traffic_mirror is not defined
- tsg_access_type == 2
- name: "update mrtunnat.conf.inline - blade00"
template: template:
src: "{{ role_path }}/templates/mrtunnat.conf.inline.j2" src: "{{ role_path }}/templates/mrtunnat.conf.inline.j2"
dest: /opt/mrzcpd/etc/mrtunnat.conf dest: /opt/mrzcpd/etc/mrtunnat.conf
when: nic_traffic_mirror is not defined when:
- nic_traffic_mirror is not defined
- tsg_access_type == 1
- name: "update mrtunnat.conf.allot_access - blade00"
template:
src: "{{ role_path }}/templates/mrtunnat.conf.allot_access.j2"
dest: /opt/mrzcpd/etc/mrtunnat.conf
when:
- nic_traffic_mirror is not defined
- tsg_access_type == 2
- name: "enable mrenv" - name: "enable mrenv"
systemd: systemd:
@@ -38,13 +58,6 @@
enabled: yes enabled: yes
daemon_reload: yes daemon_reload: yes
#- name: "mask mrenv"
# systemd:
# name: mrenv
# masked: yes
# daemon_reload: yes
# when: nic_traffic_mirror.use_mrzcpd == 0
- name: "enable mrzcpd" - name: "enable mrzcpd"
systemd: systemd:
name: mrzcpd name: mrzcpd
@@ -64,11 +77,3 @@
enabled: 0 enabled: 0
daemon_reload: yes daemon_reload: yes
when: nic_traffic_mirror is defined when: nic_traffic_mirror is defined
#- name: "mask mrzcpd"
# systemd:
# name: mrzcpd
# masked: yes
# daemon_reload: yes
# when: nic_traffic_mirror.use_mrzcpd == 0

Some files were not shown because too many files have changed in this diff Show More