update dpi 20.08.1

install_config/group_vars/all.yml

@@ -5,6 +5,14 @@ tsg_access_type: 4
 #####0: Tun_mode;  1: normal; 2: ADC;
 tsg_running_type: 1 
 
+#Common combination mode:
+#1:Server or PC tun mode:      0 + 0
+#2:Server with Inline device:  1 + 1
+#3:ADC with Inline device:     1 + 2
+#4:ADC with Allot:             2 + 2
+#5:ADC tun mode:               3 + 1
+#6:ATCA:                       4 + 1
+
 ########################################
 maat_redis_server:
   address: "192.168.40.168"
@@ -60,7 +68,6 @@ tfe:
   nr_threads: 32
   mc_cache_eth: lo 
   keykeeper:
-    mode: "normal"
     no_cache: 0
 
 ########################################
@@ -70,6 +77,7 @@ mrzcpd:
 mrtunnat:
   lcore_id: 38
 
+#############ATCA config################
 nic_data_incoming:
   ethname: enp1s0
   vf0_name: enp1s2
@@ -81,10 +89,13 @@ VlanFlipping:
   vlanID_2: 101
   vlanID_3: 103
   vlanID_4: 104
-########################################
+
+#############Server or PC tun mode######
 server:
   ethname: eth0
   tun_name: eth0.100
   internal_interface: "eth2"
   external_interface: "eth3"
 
+
+

install_config/hosts

@@ -5,19 +5,19 @@ package_source=local
 [pc-as-tun-mode]
 
 [blade-mxn]
-192.168.40.170
+1.1.1.1 device_id=1
 
 [blade-00]
-192.168.40.166 vvipv4_1= vvipv4_2= vvipv6_1= vvipv6_2=
+1.1.1.1 device_id=1 vvipv4_1= vvipv4_2= vvipv6_1= vvipv6_2=
 
 [blade-01]
-192.168.40.167
+1.1.1.1 device_id=1
 
 [blade-02]
-192.168.40.168
+1.1.1.1 device_id=1
 
 [blade-03]
-192.168.40.169
+1.1.1.1 device_id=1
 
 [Functional_Host:children]
 blade-00

roles/certstore/tasks/main.yml

@@ -10,7 +10,7 @@
 - name: install certstore
   yum:
     name:
-      - /tmp/ansible_deploy/certstore-v20.05.0f61dde-1.el7.centos.x86_64.rpm
+      - /tmp/ansible_deploy/certstore-2.1.2.20200828.f507b3e-1.el7.x86_64.rpm
     state: present
 
 - name: template certstore configure file

roles/firewall/tasks/main.yml

@@ -11,21 +11,22 @@
     skip_broken: yes
   vars:
     fw_packages:
-      - /tmp/ansible_deploy/dns-2.0.2.5effe72-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/ftp-1.0.4.5d3a283-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/http-2.0.1.e8f12ee-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/mail-1.0.3.cbc6034-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/ssl-1.0.0.73e5273-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/tsg_conn_record-1.0.0.2155660-1.el7.centos.x86_64.rpm
-      - /tmp/ansible_deploy/fw_dns_plug-debug-1.0.3.ea8e0f6-1.el7.centos.x86_64.rpm
-      - /tmp/ansible_deploy/fw_ftp_plug-1.1.0.74c9a05-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/fw_ssl_plug-1.0.3.30fcf35-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/fw_mail_plug-1.1.0.a42c5a0-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/fw_http_plug-1.2.0.a7e63c0-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/capture_packet_plug-debug-1.0.0.-1.el7.x86_64.rpm
+      - /tmp/ansible_deploy/capture_packet_plug-3.0.2.09f193c-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/clotho-debug-1.0.0.-1.el7.x86_64.rpm
-      - /tmp/ansible_deploy/quic-1.1.4.9c2e0ba-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/fw_quic_plug-1.0.1.e8cded4-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/dns-2.0.6.d8317e9-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/ftp-1.0.6.2710506-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/fw_dns_plug-3.0.0.0a5d574-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/fw_ftp_plug-3.0.0.7a867ea-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/fw_http_plug-3.0.0.1ca1c65-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/fw_mail_plug-3.0.0.3b4e481-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/fw_quic_plug-3.0.0.b06d39c-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/fw_ssl_plug-3.0.1.7ea9976-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/http-2.0.3.9218b4b-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/mail-1.0.7.9e3be05-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/quic-1.1.6.d6755d8-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/ssl-1.0.3.e8482a4-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/tsg_conn_record-1.0.2.2afb19a-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/tsg_conn_sketch-2.0.v2.0_alpha.af621ca-2.el7.x86_64.rpm
 
 - name: "Template the tsgconf/main.conf"
   template:

roles/framework/tasks/main.yml

@@ -18,7 +18,7 @@
       - /tmp/ansible_deploy/libWiredLB-2.0.3.c7d131b-1.el7.x86_64.rpm
       - /tmp/ansible_deploy/libcjson-1.7.8.542ad7f-1.el7.x86_64.rpm
       - /tmp/ansible_deploy/libdocumentanalyze-2.0.4.efdfc29-1.el7.x86_64.rpm
-      - /tmp/ansible_deploy/libmaatframe-2.9.2.7519c63-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/libmaatframe-3.0.3.5931b44-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/librulescan-2.2.0.900d2b3-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/libwiredcfg-2.0.2.7ce1eea-1.el7.x86_64.rpm
       - /tmp/ansible_deploy/lz4-1.7.5-3.el7.x86_64.rpm

roles/kni/tasks/main.yml

@@ -7,7 +7,7 @@
 - name: "install kni rpms from localhost"
   yum:
     name:
-      - /tmp/ansible_deploy/kni-20.06-1.el7.x86_64.rpm
+      - /tmp/ansible_deploy/kni-20.07-1.el7.x86_64.rpm
     state: present
 
 - name: Template the kni.conf

roles/mrzcpd/tasks/main.yml

@@ -6,7 +6,7 @@
 
 - name: "install mrzcpd"
   yum:
-    name: /tmp/ansible_deploy/mrzcpd-4.3.21.26314ca-1.el7.x86_64.rpm
+    name: /tmp/ansible_deploy/mrzcpd-4.3.25.d88306e-1.el7.x86_64.rpm
     state: present
 
 - name: "update sysconfig/mrzcpd"

roles/mrzcpd/templates/mrglobal.conf.ATCA_40G.j2

@@ -1,7 +1,7 @@
 [device]
 device={{nic_data_incoming.vf0_name}},{{ nic_data_incoming.vf1_name }},vxlan_user,vxlan_fwd
 sz_tunnel=8192
-sz_buffer=0
+sz_buffer=32
 
 [device:{{nic_data_incoming.vf0_name}}]
 mtu=4096
@@ -22,12 +22,15 @@ vlan-id-allow=4095
 vlan-pvid=0
 vlan-pvid-mode=2
 hw_strip_crc=1
+sz_tunnel=8192
+sz_buffer=0
 
 [service]
 # lcore id for i/o service, use comma to split
 iocore={{ mrzcpd.iocore }}
 distmode=2
 hashmode=0
+idle_threshold=10000
 
 [eal]
 virtaddr=0x7f40c4a00000

roles/mrzcpd/templates/mrglobal.conf.server_inline.j2

@@ -0,0 +1,70 @@
+[device]
+device={{nic_data_incoming.name}},{{nic_to_tfe.tfe0.name}},{{nic_to_tfe.tfe1.name}},{{nic_to_tfe.tfe2.name}},vxlan_user,vxlan_fwd
+sz_tunnel=8192
+sz_buffer=0
+
+[device:{{nic_data_incoming.name}}]
+in_addr={{nic_data_incoming.ip}}
+in_mask={{nic_data_incoming.mask}}
+gateway={{nic_data_incoming.gw}}
+jumbo_frame=1
+max_rx_pkt_len=15360
+clear_tx_flags=1
+#vlan-filter=1
+#vlan-id-allow=1301,1302,2301,2302,1501,1502,2501,2502,1601,1602,2601,2602,1701,1702,2701,2702,1801,1802,2801,2802,1901,1902,2901,2902
+#vlan-pvid=0
+#vlan-pvid-mode=0
+
+[device:{{nic_to_tfe.tfe0.name}}]
+jumbo_frame=1
+max_rx_pkt_len=15360
+clear_tx_flags=1
+promisc=1
+
+[device:{{nic_to_tfe.tfe1.name}}]
+jumbo_frame=1
+max_rx_pkt_len=15360
+clear_tx_flags=1
+promisc=1
+
+[device:{{nic_to_tfe.tfe2.name}}]
+jumbo_frame=1
+max_rx_pkt_len=15360
+clear_tx_flags=1
+promisc=1
+
+[service]
+# lcore id for i/o service, use comma to split
+iocore={{ mrzcpd.iocore }}
+distmode=2
+hashmode=0
+
+[eal]
+virtaddr=0x7f40c4a00000
+loglevel=7
+
+[keepalive]
+check_spinlock=0
+
+[ctrlzone]
+ctrlzone0=tunnat,64
+
+[pool]
+create_mode=3
+sz_direct_pktmbuf=4194304
+sz_indirect_pktmbuf=8192
+sz_cache=256
+sz_data=4096
+
+[forward]
+nr_forward_rule=10
+forward_rule_0=pv,{{nic_data_incoming.name}},{{nic_data_incoming.name}}
+forward_rule_1=vp,{{nic_data_incoming.name}},{{nic_data_incoming.name}}
+forward_rule_2=vv,vxlan_fwd,vxlan_user
+forward_rule_3=vv,vxlan_user,vxlan_fwd
+forward_rule_4=pv,{{nic_to_tfe.tfe0.name}},{{nic_to_tfe.tfe0.name}}
+forward_rule_5=vp,{{nic_to_tfe.tfe0.name}},{{nic_to_tfe.tfe0.name}}
+forward_rule_6=pv,{{nic_to_tfe.tfe1.name}},{{nic_to_tfe.tfe1.name}}
+forward_rule_7=vp,{{nic_to_tfe.tfe1.name}},{{nic_to_tfe.tfe1.name}}
+forward_rule_8=pv,{{nic_to_tfe.tfe2.name}},{{nic_to_tfe.tfe2.name}}
+forward_rule_9=vp,{{nic_to_tfe.tfe2.name}},{{nic_to_tfe.tfe2.name}}

roles/mrzcpd/templates/mrtunnat.conf.ATCA_40G.j2

@@ -11,6 +11,7 @@ use_recent_tunnel=0
 use_link_info_table=1
 use_tuple4_as_sskey=0
 ctrlzone_addr_info_type=2
+idle_threshold=10000
 
 [vlan_flipping]
 enable=1

roles/sapp/tasks/main.yml

@@ -7,7 +7,7 @@
 - name: "install sapp rpms from localhost"
   yum:
     name:
-      - /tmp/ansible_deploy/sapp-4.0.14.91cbc1b-x86_64.rpm
+      - /tmp/ansible_deploy/sapp-4.1.2.69e7edf-2.el7.x86_64.rpm
     state: present
     skip_broken: yes
 

roles/sapp/templates/conflist.inf.j2

@@ -25,5 +25,7 @@
 ./plug/business/fw_dns_plug/fw_dns_plug.inf
 ./plug/business/fw_mail_plug/fw_mail_plug.inf
 ./plug/business/fw_ftp_plug/fw_ftp_plug.inf
+./plug/business/fw_quic_plug/fw_quic_plug.inf
 ./plug/business/tsg_conn_record/tsg_conn_record.inf
+./plug/business/tsg_conn_sketch/tsg_conn_sketch.inf
 ./plug/business/capture_packet_plug/capture_packet_plug.inf

roles/tfe/tasks/main.yml

@@ -14,7 +14,7 @@
   yum:
     name:
       - /tmp/ansible_deploy/tfe-kmod-v1.0.5.20200408-1dkms.noarch.rpm
-      - /tmp/ansible_deploy/tfe-4.3.5.0db794c-1.el7.x86_64.rpm
+      - /tmp/ansible_deploy/tfe-4.3.9.4d7957e-1.el7.x86_64.rpm
     state: present
 
 - name: "template tfe-env config"
@@ -37,6 +37,16 @@
     src: "{{ role_path }}/templates/pangu_pxy.conf.j2"
     dest: /opt/tsg/tfe/conf/pangu/pangu_pxy.conf
 
+- name: "create conf/doh/"
+  file:
+    path: /opt/tsg/tfe/conf/doh/ 
+    state: directory
+
+- name: "template the doh.conf"
+  template:
+    src: "{{ role_path }}/templates/doh.conf.j2"
+    dest: /opt/tsg/tfe/conf/doh/doh.conf
+
 - name: "create a override conf - first step, create dir"
   file:
     path: /etc/systemd/system/tfe.service.d/

roles/tfe/templates/doh.conf.j2

@@ -0,0 +1,26 @@
+[doh]
+# default 1
+enable=1
+
+[log]
+# default 10
+# RLOG_LV_DEBUG : 10
+# RLOG_LV_INFO  : 20
+# RLOG_LV_FATAL : 30
+log_level=10
+
+[maat]
+# default TSG_OBJ_APP_ID
+table_appid=TSG_OBJ_APP_ID
+# default TSG_SECURITY_ADDR
+table_addr=TSG_SECURITY_ADDR
+# default TSG_FIELD_DOH_QNAME
+table_qname=TSG_FIELD_DOH_QNAME
+# default TSG_FIELD_HTTP_HOST
+table_host=TSG_FIELD_DOH_HOST
+
+[kafka]
+# default 0
+ENTRANCE_ID=0
+# default 1
+en_sendlog=1

roles/tfe/templates/pangu_pxy.conf.j2

@@ -1,129 +1,107 @@
-[debug]
-log_level=30
-
-[log]
-{% if tsg_running_type == 0 or 1 %}
-nic_name={{ server.ethname }}
-{% else %}
-nic_name={{ nic_mgr.name }}
-{% endif %}
-entrance_id=0
-device_id_filepath=/opt/tsg/etc/tsg_sn.json
-kafka_brokerlist= {{ log_kafkabrokers.address }}
-kafka_topic=PROXY-EVENT-LOG
-
-#Addresses of minio. Format is defined by WiredLB.
-#minio_ip_list=192.168.10.61-64;
-minio_ip_list= {{ log_minio.address }}
-minio_listen_port= {{ log_minio.port }}
-#Maximum number of connections opened by per host.
-#MAX_CONNECTION_PER_HOST=1
-#Maximum number of requests in a pipeline.
-#MAX_CNNT_PIPELINE_NUM=20
-#Maximum parellel sessions(http and redis) is allowed to open.
-#MAX_CURL_SESSION_NUM=100
-#Maximum time the request is allowed to take(seconds).
-#MAX_CURL_TRANSFER_TIMEOUT_S=0
-
-#Bucket name in minio.
-cache_bucket_name=proxybucket
-#Maximum size of memory used by tango_cache_client. Upload will fail if the current size of memory used exceeds this value.
-max_used_memroy_size_mb=5120
-#Default TTL of objects, i.e. the time after which the object will expire(minumun 60s, i.e. 1 minute).
-cache_default_ttl_second=3600
-#Whether to hash the object key before cache actions. GET/PUT may be faster if you open it.
-cache_object_key_hash_switch=1
-
-#Store way: 0-MINIO; 1-META in REDIS, object in minio; 2-META and small object in Redis, large object in minio;
-cache_store_object_way=0
-#If CACHE_STORE_OBJECT_WAY is 2 and the size of a object is not bigger than this value, object will be stored in redis.
-redis_cache_object_size=1024000
-#Configs of WiredLB for Minios load balancer.
-#WIREDLB_OVERRIDE=1
-wiredlb_health_port=42310
-#If CACHE_STORE_OBJECT_WAY is not 0, we will use redis to store meta and object.
-redis_cluster_ip_list=192.168.10.62-63;
-redis_cluster_port_range=6379
-#wired load balancer configuration
-
-wiredlb_override=1
-wiredlb_topic=MinioFileLog
-wiredlb_datacenter=k18consul-tse
-wiredlb_health_port=52102
-wiredlb_group=FileLog
-
-log_fsstat_appname=tango_log_file
-log_fsstat_filepath=./tango_log_file.fs
-log_fsstat_interval=10
-log_fsstat_trig=1
-log_fsstat_dst_ip=10.4.20.202
-log_fsstat_dst_port=8125
-[maat]
-# 0:json 1: redis 2: iris
-maat_input_mode=1
-table_info=resource/pangu/table_info.conf
-json_cfg_file=resource/pangu/pangu_http.json
-stat_file=log/pangu_scan.status
-full_cfg_dir=pangu_policy/full/index/
-inc_cfg_dir=pangu_policy/inc/index/
-
-maat_redis_server={{ maat_redis_server.address }}
-maat_redis_port_range={{ maat_redis_server.port }}
-maat_redis_db_index={{ maat_redis_server.db }}
-effect_interval_s=1
-#accept_tags={"tags":[{"tag":"location","value":"Astana"}]}
-
-[dynamic_maat]
-maat_input_mode=1
-table_info=resource/pangu/dynamic_maat_table_info.conf
-maat_redis_server={{ dynamic_maat_redis_server.address }}
-maat_redis_port_range={{ dynamic_maat_redis_server.port }}
-maat_redis_db_index={{ dynamic_maat_redis_server.db }}
-effect_interval_s=1
-
-[tango_cache]
-enable_cache=0
-minio_ip_list=192.168.10.61-64;
-minio_listen_port=9000
-
-#max_connection_per_host=1
-max_cnnt_pipeline_num=20
-#max_curl_session_num=100
-
-cache_bucket_name=proxybucket
-max_used_memory_size_mb=10240
-cache_default_ttl_second=3600
-cache_object_key_hash_switch=1
-
-#1-minio，2-redis
-#Store way: 0-MINIO; 1-META in REDIS, object in minio; 2-META and small object in Redis, large object in minio;
-cache_store_object_way=0
-#If CACHE_STORE_OBJECT_WAY is 2 and the size of a object is not bigger than this value, object will be stored in redis.
-redis_cache_object_size=102400
-#If CACHE_STORE_OBJECT_WAY is not 0, we will use redis to store meta and object.
-redis_cluster_ip_list=192.168.10.62-63;
-redis_cluster_port_range=6379
-#wired load balancer configuration
-wiredlb_override=1
-wiredlb_topic=MinioCache
-wiredlb_datacenter=k18consul-tse
-wiredlb_health_port=52101
-wiredlb_group=TangoCache
-
-cache_undefined_obj=1
-query_undefined_obj=0
-statsd_server={{fs_remote.address}}
-statsd_port={{fs_remote.port}}
-histogram_bins=0.20,0.40,0.6,0.8
-
-log_fsstat_appname=tango_cache
-log_fsstat_filepath=./tango_cache_client.fs
-log_fsstat_interval=10
-log_fsstat_trig=1
-log_fsstat_dst_ip=10.4.20.201
-log_fsstat_dst_port=8125
-
-
-[traffic_mirror]
-table_info=resource/pangu/table_info_traffic_mirror.conf
-stat_file=log/traffic_mirror.status
+[debug]
+log_level=10
+
+[log]
+entrance_id=0
+
+#Addresses of minio. Format is defined by WiredLB.
+#minio_ip_list=192.168.10.61-64;
+minio_ip_list= {{ log_minio.address }}
+minio_listen_port= {{ log_minio.port }}
+#Maximum number of connections opened by per host.
+#MAX_CONNECTION_PER_HOST=1
+#Maximum number of requests in a pipeline.
+#MAX_CNNT_PIPELINE_NUM=20
+#Maximum parellel sessions(http and redis) is allowed to open.
+#MAX_CURL_SESSION_NUM=100
+#Maximum time the request is allowed to take(seconds).
+#MAX_CURL_TRANSFER_TIMEOUT_S=0
+
+#Bucket name in minio.
+cache_bucket_name=proxybucket
+#Maximum size of memory used by tango_cache_client. Upload will fail if the current size of memory used exceeds this value.
+max_used_memroy_size_mb=5120
+#Default TTL of objects, i.e. the time after which the object will expire(minumun 60s, i.e. 1 minute).
+cache_default_ttl_second=3600
+#Whether to hash the object key before cache actions. GET/PUT may be faster if you open it.
+cache_object_key_hash_switch=1
+
+#Store way: 0-MINIO; 1-META in REDIS, object in minio; 2-META and small object in Redis, large object in minio;
+cache_store_object_way=0
+#If CACHE_STORE_OBJECT_WAY is 2 and the size of a object is not bigger than this value, object will be stored in redis.
+redis_cache_object_size=1024000
+#Configs of WiredLB for Minios load balancer.
+#WIREDLB_OVERRIDE=1
+wiredlb_health_port=42310
+#If CACHE_STORE_OBJECT_WAY is not 0, we will use redis to store meta and object.
+redis_cluster_ip_list=192.168.10.62-63;
+redis_cluster_port_range=6379
+#wired load balancer configuration
+
+wiredlb_override=1
+wiredlb_topic=MinioFileLog
+wiredlb_datacenter=k18consul-tse
+wiredlb_health_port=52102
+wiredlb_group=FileLog
+
+log_fsstat_appname=tango_log_file
+log_fsstat_filepath=./tango_log_file.fs
+log_fsstat_interval=10
+log_fsstat_trig=1
+log_fsstat_dst_ip=10.4.20.202
+log_fsstat_dst_port=8125
+
+[ratelimit]
+enable=0
+token_name=ratelimit
+redis_server={{ maat_redis_server.address }}
+redis_port={{ maat_redis_server.port }}
+redis_db_index=6
+
+[tango_cache]
+enable_cache=0
+minio_ip_list=192.168.10.61-64;
+minio_listen_port=9000
+
+#max_connection_per_host=1
+max_cnnt_pipeline_num=20
+#max_curl_session_num=100
+
+cache_bucket_name=proxybucket
+max_used_memory_size_mb=10240
+cache_default_ttl_second=3600
+cache_object_key_hash_switch=1
+
+#1-minio，2-redis
+#Store way: 0-MINIO; 1-META in REDIS, object in minio; 2-META and small object in Redis, large object in minio;
+cache_store_object_way=0
+#If CACHE_STORE_OBJECT_WAY is 2 and the size of a object is not bigger than this value, object will be stored in redis.
+redis_cache_object_size=102400
+#If CACHE_STORE_OBJECT_WAY is not 0, we will use redis to store meta and object.
+redis_cluster_ip_list=192.168.10.62-63;
+redis_cluster_port_range=6379
+#wired load balancer configuration
+wiredlb_override=1
+wiredlb_topic=MinioCache
+wiredlb_datacenter=k18consul-tse
+wiredlb_health_port=52101
+wiredlb_group=TangoCache
+
+cache_undefined_obj=1
+query_undefined_obj=0
+statsd_server=192.168.10.72
+statsd_port=8126
+histogram_bins=0.20,0.40,0.6,0.8
+
+log_fsstat_appname=tango_cache
+log_fsstat_filepath=./tango_cache_client.fs
+log_fsstat_interval=10
+log_fsstat_trig=1
+log_fsstat_dst_ip=10.4.20.201
+log_fsstat_dst_port=8125
+
+
+[traffic_mirror]
+table_info=resource/pangu/table_info_traffic_mirror.conf
+stat_file=log/traffic_mirror.status
+

roles/tfe/templates/tfe.conf.j2

@@ -1,14 +1,15 @@
 [system]
 nr_worker_threads={{ tfe.nr_threads }}
-enable_breakpad=1
+enable_breakpad=0
 enable_breakpad_upload=0
 breakpad_minidump_dir=/run/tfe/crashreport/
 breakpad_upload_url=http://127.0.0.1:9000/
 disable_coredump=0
 
+
 [kni]
 ip=192.168.100.1
-scm_port=2475
+cmsg_port=2475
 watchdog_switch=1
 watchdog_port=2476
 
@@ -44,15 +45,17 @@ mc_cache_topic=PXY-EXCH-INTERMEDIA-CERT
 [key_keeper]
 #Mode: debug - generate cert with ca_path, normal - generate cert with cert store
 #0 on cache 1 off cache
-mode= {{ tfe.keykeeper.mode }}
+mode= normal
 no_cache=0
 cert_store_host= {{ cert_store_server.address }}
 cert_store_port= {{ cert_store_server.port }}
 ca_path=resource/tfe/tango-ca-v3-trust-ca.pem
 untrusted_ca_path=resource/tfe/tango-ca-v3-untrust-ca.pem
-enable_health_check=0
+# health_check only for "mode=normal"
+# default 1
+enable_health_check=1
 
-[debug]	
+[debug]
 passthrough_all_tcp=0
 
 [traffic_mirror]
@@ -84,6 +87,45 @@ level=10
 [stat]
 statsd_server={{ fs_remote.address }}
 statsd_port={{ fs_remote.port }}
+statsd_cycle=5
+# FS_OUTPUT_STATSD=1, FS_OUTPUT_INFLUX_LINE=2
+statsd_format=2
 
 [http]
 loglevel=10
+
+[kafka]
+enable=1
+{% if tsg_running_type == 0 or 1 %}
+nic_name={{ server.ethname }}
+{% else %}
+nic_name={{ nic_mgr.name }}
+{% endif %}
+kafka_brokerlist={{ log_kafkabrokers.address }}
+kafka_topic=PROXY-EVENT-LOG
+device_id_filepath=/opt/tsg/etc/tsg_sn.json
+
+[maat]
+# 0:json 1: redis 2: iris
+maat_input_mode=1
+table_info=resource/pangu/table_info.conf
+json_cfg_file=resource/pangu/pangu_http.json
+stat_file=log/pangu_scan.status
+full_cfg_dir=pangu_policy/full/index/
+inc_cfg_dir=pangu_policy/inc/index/
+
+maat_redis_server={{ maat_redis_server.address }}
+maat_redis_port_range={{ maat_redis_server.port }}
+maat_redis_db_index={{ maat_redis_server.db }}
+effect_interval_s=1
+#accept_tags={"tags":[{"tag":"location","value":"Astana"}]}
+accept_path=/opt/tsg/etc/tsg_device_tag.json
+
+[dynamic_maat]
+maat_input_mode=1
+table_info=resource/pangu/dynamic_maat_table_info.conf
+maat_redis_server={{ dynamic_maat_redis_server.address }}
+maat_redis_port_range={{ dynamic_maat_redis_server.port }}
+maat_redis_db_index={{ dynamic_maat_redis_server.db }}
+effect_interval_s=1
+

roles/tsg_device_tag/tasks/main.yml

@@ -0,0 +1,9 @@
+- name: "create /opt/tsg/etc/"
+  file:
+    path: /opt/proxy_status
+    state: directory
+
+- name: "Template tsg_device_tag.json"
+  template:
+    src: "{{ role_path }}/templates/tsg_device_tag.json.j2"
+    dest: /opt/tsg/etc/tsg_device_tag.json

roles/tsg_device_tag/templates/tsg_device_tag.json.j2

@@ -0,0 +1,2 @@
+[MAAT]
+ACCEPT_TAGS={"tags":[{"tag":"device_id","value":"{{ device_id }}"}]}

roles/tsg_master/tasks/main.yml

@@ -6,6 +6,6 @@
 - name: "install tsg_master from localhost"
   yum:
     name:
-      - /tmp/ansible_deploy/tsg_master-1.3.3.65833d7-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/tsg_master-3.1.2.7002e1b-2.el7.x86_64.rpm
     state: present
     skip_broken: yes