Compare commits
3 Commits
test-docke
...
tsg-versio
| Author | SHA1 | Date | |
|---|---|---|---|
|
86c3968c83 | ||
|
|
324fe13b05 | ||
|
|
41b93a6d31 |
@@ -1,35 +0,0 @@
|
||||
stages:
|
||||
- build
|
||||
|
||||
.build_tar:
|
||||
image: "git.mesalab.cn:7443/mesa_platform/build-env:self-test-env"
|
||||
variables:
|
||||
GIT_STRATEGY: "clone"
|
||||
BUILD_PADDING_PREFIX: /tmp/padding_for_PACK_TAR_BUILD_DIRS_PREFIX/
|
||||
TESTING_VERSION_BUILD: 0
|
||||
before_script:
|
||||
- dockerd > /dev/null &
|
||||
- docker info
|
||||
- docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
|
||||
- mkdir -p $BUILD_PADDING_PREFIX/$CI_PROJECT_NAMESPACE/
|
||||
- ln -s $CI_PROJECT_DIR $BUILD_PADDING_PREFIX/$CI_PROJECT_PATH
|
||||
- cd $BUILD_PADDING_PREFIX/$CI_PROJECT_PATH
|
||||
- pwd
|
||||
- chmod +x ./ci/travis.sh
|
||||
script:
|
||||
- yum makecache
|
||||
- ./ci/travis.sh
|
||||
tags:
|
||||
- share
|
||||
|
||||
file_build:
|
||||
stage: build
|
||||
variables:
|
||||
VER_NAME: $CI_COMMIT_REF_NAME
|
||||
PULP3_REPO_NAME: install-package-stable
|
||||
PULP3_DIST_NAME: install-package-stable
|
||||
|
||||
extends: .build_tar
|
||||
only:
|
||||
- tags
|
||||
|
||||
@@ -1,3 +0,0 @@
|
||||
- hosts: local
|
||||
roles:
|
||||
- package-build
|
||||
@@ -1,10 +0,0 @@
|
||||
tarpath:
|
||||
src:
|
||||
- /tmp/padding_for_PACK_TAR_BUILD_DIRS_PREFIX/tsg/tsg-scripts/install_config
|
||||
- /tmp/padding_for_PACK_TAR_BUILD_DIRS_PREFIX/tsg/tsg-scripts/deploy.yml
|
||||
- /tmp/padding_for_PACK_TAR_BUILD_DIRS_PREFIX/tsg/tsg-scripts/roles/tsg-diagnose
|
||||
destdict: /tmp/padding_for_PACK_TAR_BUILD_DIRS_PREFIX/tsg/tsg-scripts/build/
|
||||
|
||||
tsgDiagnoseDockerFile:
|
||||
unarchiveUrl: http://repo.internal.geedge.net/pulp/content/install/stable/package/docker-rpm-test-docker-ce-7.tar.gz
|
||||
unarchiveDest: /tmp/padding_for_PACK_TAR_BUILD_DIRS_PREFIX/tsg/tsg-scripts/roles/tsg-diagnose/files
|
||||
@@ -1,2 +0,0 @@
|
||||
[local]
|
||||
localhost ansible_connection=local
|
||||
14
ci/travis.sh
14
ci/travis.sh
@@ -1,14 +0,0 @@
|
||||
#!/usr/bin/env sh
|
||||
mkdir build || true
|
||||
|
||||
cat ./customize.yml >> ./build_config/group_vars/local.yml
|
||||
cat ./customize.yml >> ./install_config/group_vars/all.yml
|
||||
|
||||
ansible-playbook -i ./build_config -e tarname=tsg-scripts-${VER_NAME}.tar.gz buildPackage.yml
|
||||
|
||||
ls -halt ./build/tsg-scripts-${VER_NAME}.tar.gz
|
||||
|
||||
cd build
|
||||
cp ~/file_upload_tools.py ./
|
||||
|
||||
python3 file_upload_tools.py ${PULP3_REPO_NAME} ${PULP3_DIST_NAME} *.tar.gz
|
||||
@@ -1,52 +0,0 @@
|
||||
rpmdict:
|
||||
tsgDiagnose:
|
||||
fullname: "tsg-diagnose-test_edit_name-1.el7.x86_64.rpm"
|
||||
name: "tsg-diagnose"
|
||||
downpath: "/tmp/padding_for_PACK_TAR_BUILD_DIRS_PREFIX/tsg/tsg-scripts/roles/tsg-diagnose/files/rpms"
|
||||
|
||||
dockerEnvRpm:
|
||||
dockerCe:
|
||||
- container-selinux-2.119.2-1.911c772.el7_8.noarch.rpm
|
||||
- selinux-policy-targeted-3.13.1-266.el7_8.1.noarch.rpm
|
||||
- selinux-policy-3.13.1-266.el7_8.1.noarch.rpm
|
||||
- containerd.io-1.2.13-3.2.el7.x86_64.rpm
|
||||
- policycoreutils-python-2.5-34.el7.x86_64.rpm
|
||||
- policycoreutils-2.5-34.el7.x86_64.rpm
|
||||
- libselinux-utils-2.5-15.el7.x86_64.rpm
|
||||
- libselinux-python-2.5-15.el7.x86_64.rpm
|
||||
- libseccomp-2.3.1-4.el7.x86_64.rpm
|
||||
- iptables-1.4.21-34.el7.x86_64.rpm
|
||||
- libcgroup-0.41-21.el7.x86_64.rpm
|
||||
- audit-libs-python-2.8.5-4.el7.x86_64.rpm
|
||||
- setools-libs-3.3.8-4.el7.x86_64.rpm
|
||||
- libsemanage-python-2.5-14.el7.x86_64.rpm
|
||||
- checkpolicy-2.5-8.el7.x86_64.rpm
|
||||
- libnetfilter_conntrack-1.0.6-1.el7_3.x86_64.rpm
|
||||
- python-IPy-0.75-6.el7.noarch.rpm
|
||||
- libnfnetlink-1.0.1-4.el7.x86_64.rpm
|
||||
- libmnl-1.0.3-7.el7.x86_64.rpm
|
||||
- docker-ce-cli-19.03.12-3.el7.x86_64.rpm
|
||||
- docker-ce-19.03.12-3.el7.x86_64.rpm
|
||||
dockerCompose:
|
||||
- libtirpc-0.2.4-0.16.el7.x86_64.rpm
|
||||
- libyaml-0.1.4-11.el7_0.x86_64.rpm
|
||||
- python3-3.6.8-13.el7.x86_64.rpm
|
||||
- python36-cached_property-1.5.1-2.el7.noarch.rpm
|
||||
- python36-chardet-3.0.4-1.el7.noarch.rpm
|
||||
- python36-docker-2.6.1-3.el7.noarch.rpm
|
||||
- python36-dockerpty-0.4.1-18.el7.noarch.rpm
|
||||
- python36-docker-pycreds-0.2.1-2.el7.noarch.rpm
|
||||
- python36-docopt-0.6.2-8.el7.noarch.rpm
|
||||
- python36-idna-2.7-2.el7.noarch.rpm
|
||||
- python36-jsonschema-2.5.1-4.el7.noarch.rpm
|
||||
- python36-pysocks-1.6.8-7.el7.noarch.rpm
|
||||
- python36-PyYAML-3.13-1.el7.x86_64.rpm
|
||||
- python36-requests-2.14.2-2.el7.noarch.rpm
|
||||
- python36-six-1.14.0-2.el7.noarch.rpm
|
||||
- python36-texttable-1.6.2-1.el7.noarch.rpm
|
||||
- python36-urllib3-1.25.6-1.el7.noarch.rpm
|
||||
- python36-websocket-client-0.47.0-2.el7.noarch.rpm
|
||||
- python3-libs-3.6.8-13.el7.x86_64.rpm
|
||||
- python3-pip-9.0.3-7.el7_7.noarch.rpm
|
||||
- python3-setuptools-39.2.0-10.el7.noarch.rpm
|
||||
- docker-compose-1.18.0-4.el7.noarch.rpm
|
||||
@@ -8,15 +8,12 @@
|
||||
# - tsg-env-mcn0
|
||||
- mrzcpd
|
||||
- sapp
|
||||
- tsg_master
|
||||
- kni
|
||||
- firewall
|
||||
- http_healthcheck
|
||||
- clotho
|
||||
- certstore
|
||||
- cert-redis
|
||||
- telegraf_statistic
|
||||
- tsg-diagnose
|
||||
|
||||
- hosts: blade-01
|
||||
roles:
|
||||
@@ -47,7 +44,6 @@
|
||||
- mrzcpd
|
||||
- tsg-env-tun-mode
|
||||
- sapp
|
||||
- tsg_master
|
||||
- kni
|
||||
- firewall
|
||||
- http_healthcheck
|
||||
@@ -55,5 +51,3 @@
|
||||
- certstore
|
||||
- cert-redis
|
||||
- tfe
|
||||
- telegraf_statistic
|
||||
- proxy_status
|
||||
|
||||
@@ -1,9 +1,5 @@
|
||||
#########################################
|
||||
#####0: Pcap; 1: Inline_device; 2: Allot; 3: ADC_Tun_mode; 4: ATCA;
|
||||
tsg_access_type: 4
|
||||
|
||||
#####0: Tun_mode; 1: normal; 2: ADC;
|
||||
tsg_running_type: 1
|
||||
########################################
|
||||
tsg_access_type: 0
|
||||
|
||||
########################################
|
||||
maat_redis_server:
|
||||
@@ -21,7 +17,7 @@ cert_store_server:
|
||||
port: 9991
|
||||
|
||||
log_kafkabrokers:
|
||||
address: "1.1.1.1:9092,2.2.2.2:9092"
|
||||
address: "192.168.40.169:9092"
|
||||
|
||||
log_minio:
|
||||
address: "192.168.40.168;"
|
||||
@@ -35,9 +31,7 @@ fs_remote:
|
||||
########################################
|
||||
sapp:
|
||||
worker_threads: 16
|
||||
send_only_threads_max: 8
|
||||
bind_mask: 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16
|
||||
inbound_route_dir: 1
|
||||
|
||||
########################################
|
||||
kni:
|
||||
@@ -51,9 +45,12 @@ kni:
|
||||
send_logger:
|
||||
switch: 1
|
||||
tfe_nodes:
|
||||
tfe0_enabled: 1
|
||||
tfe1_enabled: 1
|
||||
tfe2_enabled: 1
|
||||
- tfe0:
|
||||
enabled: 1
|
||||
- tfe1:
|
||||
enabled: 1
|
||||
- tfe2:
|
||||
enabled: 1
|
||||
|
||||
########################################
|
||||
tfe:
|
||||
@@ -70,21 +67,21 @@ mrzcpd:
|
||||
mrtunnat:
|
||||
lcore_id: 38
|
||||
|
||||
nic_data_incoming:
|
||||
ethname: enp1s0
|
||||
vf0_name: enp1s2
|
||||
vf1_name: enp1s2f1
|
||||
vf2_name: enp1s2f2
|
||||
|
||||
VlanFlipping:
|
||||
vlanID_1: 100
|
||||
vlanID_2: 101
|
||||
vlanID_3: 103
|
||||
vlanID_4: 104
|
||||
########################################
|
||||
server:
|
||||
ethname: eth0
|
||||
tun_name: eth0.100
|
||||
internal_interface: "eth2"
|
||||
nic_mgr:
|
||||
name: eth0
|
||||
nic_data_incoming:
|
||||
name: tun_kni
|
||||
address: 127.0.0.1
|
||||
nic_inner_ctrl:
|
||||
name: eth0.100
|
||||
nic_traffic_mirror:
|
||||
name: lo
|
||||
use_mrzcpd: 0
|
||||
|
||||
nic_transparent_mode:
|
||||
enable: 1
|
||||
mode: pcap
|
||||
internel_interface: "eth2"
|
||||
external_interface: "eth3"
|
||||
|
||||
|
||||
BIN
roles/certstore/files/certstore-v20.04.3989072-1.el7.x86_64.rpm
Normal file
BIN
roles/certstore/files/certstore-v20.04.3989072-1.el7.x86_64.rpm
Normal file
Binary file not shown.
Binary file not shown.
@@ -10,7 +10,7 @@
|
||||
- name: install certstore
|
||||
yum:
|
||||
name:
|
||||
- /tmp/ansible_deploy/certstore-v20.05.0f61dde-1.el7.centos.x86_64.rpm
|
||||
- /tmp/ansible_deploy/certstore-v20.04.3989072-1.el7.x86_64.rpm
|
||||
state: present
|
||||
|
||||
- name: template certstore configure file
|
||||
|
||||
@@ -15,7 +15,7 @@ expire_after = 30
|
||||
local_debug = 1
|
||||
ca_path = ./cert/tango-ca-v3-trust-ca.pem
|
||||
untrusted_ca_path = ./cert/mesalab-ca-untrust.pem
|
||||
[MAAT]
|
||||
[NTC_MAAT]
|
||||
#Configure the load mode,
|
||||
#0: using the configuration distribution network
|
||||
#1: using local json
|
||||
@@ -43,6 +43,3 @@ port = 6379
|
||||
ip = {{ maat_redis_server.address }}
|
||||
port = {{ maat_redis_server.port }}
|
||||
dbindex = {{ maat_redis_server.db }}
|
||||
[stat]
|
||||
statsd_server=192.168.100.1
|
||||
statsd_port=8126
|
||||
|
||||
@@ -2,10 +2,6 @@
|
||||
BROKER_LIST={{ log_kafkabrokers.address }}
|
||||
|
||||
[SYSTEM]
|
||||
{% if tsg_running_type == 0 or 1 %}
|
||||
NIC_NAME={{ server.ethname }}
|
||||
{% else %}
|
||||
NIC_NAME={{ nic_mgr.name }}
|
||||
{% endif %}
|
||||
LOG_LEVEL=10
|
||||
LOG_PATH=log/clotho
|
||||
|
||||
Binary file not shown.
BIN
roles/firewall/files/dns-debug-1.0.0.-1.el7.x86_64.rpm
Normal file
BIN
roles/firewall/files/dns-debug-1.0.0.-1.el7.x86_64.rpm
Normal file
Binary file not shown.
Binary file not shown.
BIN
roles/firewall/files/ftp-debug-1.0.2.1cddd55-1.el7.centos.x86_64.rpm
Executable file
BIN
roles/firewall/files/ftp-debug-1.0.2.1cddd55-1.el7.centos.x86_64.rpm
Executable file
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
BIN
roles/firewall/files/http-debug-1.0.0.-1.el7.x86_64.rpm
Normal file
BIN
roles/firewall/files/http-debug-1.0.0.-1.el7.x86_64.rpm
Normal file
Binary file not shown.
Binary file not shown.
BIN
roles/firewall/files/mail-debug-1.0.0.-1.el7.x86_64.rpm
Normal file
BIN
roles/firewall/files/mail-debug-1.0.0.-1.el7.x86_64.rpm
Normal file
Binary file not shown.
Binary file not shown.
Binary file not shown.
BIN
roles/firewall/files/ssl-debug-1.0.0.-1.el7.x86_64.rpm
Normal file
BIN
roles/firewall/files/ssl-debug-1.0.0.-1.el7.x86_64.rpm
Normal file
Binary file not shown.
@@ -8,24 +8,21 @@
|
||||
yum:
|
||||
name: "{{ fw_packages }}"
|
||||
state: present
|
||||
skip_broken: yes
|
||||
vars:
|
||||
fw_packages:
|
||||
- /tmp/ansible_deploy/dns-2.0.2.5effe72-2.el7.x86_64.rpm
|
||||
- /tmp/ansible_deploy/ftp-1.0.4.5d3a283-2.el7.x86_64.rpm
|
||||
- /tmp/ansible_deploy/http-2.0.1.e8f12ee-2.el7.x86_64.rpm
|
||||
- /tmp/ansible_deploy/mail-1.0.3.cbc6034-2.el7.x86_64.rpm
|
||||
- /tmp/ansible_deploy/ssl-1.0.0.73e5273-2.el7.x86_64.rpm
|
||||
- /tmp/ansible_deploy/dns-debug-1.0.0.-1.el7.x86_64.rpm
|
||||
- /tmp/ansible_deploy/ftp-debug-1.0.2.1cddd55-1.el7.centos.x86_64.rpm
|
||||
- /tmp/ansible_deploy/http-debug-1.0.0.-1.el7.x86_64.rpm
|
||||
- /tmp/ansible_deploy/mail-debug-1.0.0.-1.el7.x86_64.rpm
|
||||
- /tmp/ansible_deploy/ssl-debug-1.0.0.-1.el7.x86_64.rpm
|
||||
- /tmp/ansible_deploy/tsg_conn_record-1.0.0.2155660-1.el7.centos.x86_64.rpm
|
||||
- /tmp/ansible_deploy/fw_dns_plug-debug-1.0.3.ea8e0f6-1.el7.centos.x86_64.rpm
|
||||
- /tmp/ansible_deploy/fw_ftp_plug-1.1.0.74c9a05-2.el7.x86_64.rpm
|
||||
- /tmp/ansible_deploy/fw_ssl_plug-1.0.3.30fcf35-2.el7.x86_64.rpm
|
||||
- /tmp/ansible_deploy/fw_mail_plug-1.1.0.a42c5a0-2.el7.x86_64.rpm
|
||||
- /tmp/ansible_deploy/fw_http_plug-1.2.0.a7e63c0-2.el7.x86_64.rpm
|
||||
- /tmp/ansible_deploy/fw_ftp_plug-debug-1.0.1.a5c1e05-1.el7.centos.x86_64.rpm
|
||||
- /tmp/ansible_deploy/fw_http_plug-debug-1.0.8.620f455-1.el7.centos.x86_64.rpm
|
||||
- /tmp/ansible_deploy/fw_mail_plug-debug-1.0.2.f513698-1.el7.centos.x86_64.rpm
|
||||
- /tmp/ansible_deploy/fw_ssl_plug-1.0.1.d232f96-1.el7.centos.x86_64.rpm
|
||||
- /tmp/ansible_deploy/capture_packet_plug-debug-1.0.0.-1.el7.x86_64.rpm
|
||||
- /tmp/ansible_deploy/clotho-debug-1.0.0.-1.el7.x86_64.rpm
|
||||
- /tmp/ansible_deploy/quic-1.1.4.9c2e0ba-2.el7.x86_64.rpm
|
||||
- /tmp/ansible_deploy/fw_quic_plug-1.0.1.e8cded4-2.el7.x86_64.rpm
|
||||
|
||||
- name: "Template the tsgconf/main.conf"
|
||||
template:
|
||||
|
||||
@@ -15,11 +15,7 @@ INC_CFG_DIR=capture_packet_rule/inc/index/
|
||||
FULL_CFG_DIR=capture_packet_rule/full/index/
|
||||
|
||||
[LOG]
|
||||
{% if tsg_running_type == 0 or 1 %}
|
||||
NIC_NAME={{ server.ethname }}
|
||||
{% else %}
|
||||
NIC_NAME={{ nic_mgr.name }}
|
||||
{% endif %}
|
||||
BROKER_LIST={{ log_kafkabrokers.address }}
|
||||
FIELD_FILE=conf/capture_packet_log_field.conf
|
||||
|
||||
|
||||
@@ -1,5 +1,4 @@
|
||||
[STATIC]
|
||||
###0:location 1:json 2:redis
|
||||
MAAT_MODE=2
|
||||
STAT_SWITCH=1
|
||||
PERF_SWITCH=1
|
||||
@@ -15,7 +14,6 @@ INC_CFG_DIR=tsgrule/inc/index/
|
||||
FULL_CFG_DIR=tsgrule/full/index/
|
||||
|
||||
[DYNAMIC]
|
||||
###0:location 1:json 2:redis
|
||||
MAAT_MODE=2
|
||||
STAT_SWITCH=1
|
||||
PERF_SWITCH=1
|
||||
|
||||
@@ -24,11 +24,7 @@ IP_ADDR_TABLE=TSG_SECURITY_ADDR
|
||||
|
||||
[TSG_LOG]
|
||||
MODE=1
|
||||
{% if tsg_running_type == 0 or 1 %}
|
||||
NIC_NAME={{ server.ethname }}
|
||||
{% else %}
|
||||
NIC_NAME={{ nic_mgr.name }}
|
||||
{% endif %}
|
||||
MAX_SERVICE=1
|
||||
LOG_LEVEL=10
|
||||
LOG_PATH=./tsglog/tsglog
|
||||
@@ -36,7 +32,7 @@ BROKER_LIST={{ log_kafkabrokers.address }}
|
||||
COMMON_FIELD_FILE=tsgconf/tsg_log_field.conf
|
||||
|
||||
[STATISTIC]
|
||||
CYCLE=1
|
||||
CYCLE=0
|
||||
TELEGRAF_PORT=8100
|
||||
TELEGRAF_IP=127.0.0.1
|
||||
OUTPUT_PATH=./tsg_statistic.log
|
||||
|
||||
BIN
roles/framework/files/framework-debug-2.0.17.1e678c4-1.el7.centos.x86_64.rpm
Executable file
BIN
roles/framework/files/framework-debug-2.0.17.1e678c4-1.el7.centos.x86_64.rpm
Executable file
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
@@ -7,32 +7,9 @@
|
||||
yum:
|
||||
name: "{{ packages }}"
|
||||
state: present
|
||||
skip_broken: yes
|
||||
vars:
|
||||
packages:
|
||||
- /tmp/ansible_deploy/libMESA_field_stat-1.0.1.852c2df-1.el7.x86_64.rpm
|
||||
- /tmp/ansible_deploy/libMESA_field_stat2-2.9.0.16ecf3b-2.el7.x86_64.rpm
|
||||
- /tmp/ansible_deploy/libMESA_handle_logger-1.0.9.304259e-2.el7.x86_64.rpm
|
||||
- /tmp/ansible_deploy/libMESA_htable-3.10.11.6275308-1.el7.x86_64.rpm
|
||||
- /tmp/ansible_deploy/libMESA_prof_load-1.0.5.bf755de-1.el7.x86_64.rpm
|
||||
- /tmp/ansible_deploy/libWiredLB-2.0.3.c7d131b-1.el7.x86_64.rpm
|
||||
- /tmp/ansible_deploy/libcjson-1.7.8.542ad7f-1.el7.x86_64.rpm
|
||||
- /tmp/ansible_deploy/libdocumentanalyze-2.0.4.efdfc29-1.el7.x86_64.rpm
|
||||
- /tmp/ansible_deploy/libmaatframe-2.9.2.7519c63-2.el7.x86_64.rpm
|
||||
- /tmp/ansible_deploy/librulescan-2.2.0.900d2b3-2.el7.x86_64.rpm
|
||||
- /tmp/ansible_deploy/libwiredcfg-2.0.2.7ce1eea-1.el7.x86_64.rpm
|
||||
- /tmp/ansible_deploy/lz4-1.7.5-3.el7.x86_64.rpm
|
||||
- /tmp/ansible_deploy/librdkafka-0.11.4-1.el7.x86_64.rpm
|
||||
|
||||
- name: "mkdir /etc/ld.so.conf.d/"
|
||||
file:
|
||||
path: /etc/ld.so.conf.d/
|
||||
state: directory
|
||||
|
||||
- name: "copy framework.conf to destination server"
|
||||
copy:
|
||||
src: "{{ role_path }}/files/framework.conf"
|
||||
dest: /etc/ld.so.conf.d/
|
||||
- /tmp/ansible_deploy/framework-debug-2.0.17.1e678c4-1.el7.centos.x86_64.rpm
|
||||
|
||||
- name: "update ld"
|
||||
command: ldconfig
|
||||
|
||||
@@ -1,8 +0,0 @@
|
||||
GRUB_TIMEOUT=5
|
||||
GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)"
|
||||
GRUB_DEFAULT=saved
|
||||
GRUB_DISABLE_SUBMENU=true
|
||||
GRUB_TERMINAL="serial console"
|
||||
GRUB_SERIAL_COMMAND="serial --speed=115200"
|
||||
GRUB_CMDLINE_LINUX="crashkernel=auto console=ttyS0,115200 intel_iommu=on iommu=pt pci=realloc,assign-busses"
|
||||
GRUB_DISABLE_RECOVERY="true"
|
||||
@@ -17,20 +17,6 @@
|
||||
command: /usr/sbin/grub2-set-default 0
|
||||
when: t_kernel_ml.changed
|
||||
|
||||
- name: "copy /etc/default/grub"
|
||||
copy:
|
||||
src: "{{ role_path }}/files/grub"
|
||||
dest: "/etc/default"
|
||||
when:
|
||||
- tsg_access_type == 4
|
||||
- t_kernel_ml.changed
|
||||
|
||||
- name: "grub2-mkconfig"
|
||||
shell: grub2-mkconfig -o /boot/grub2/grub.cfg
|
||||
when:
|
||||
- tsg_access_type == 4
|
||||
- t_kernel_ml.changed
|
||||
|
||||
- name: "reboot"
|
||||
reboot:
|
||||
when: t_kernel_ml.changed
|
||||
|
||||
BIN
roles/kni/files/kni-20.04-1.el7.x86_64.rpm
Normal file
BIN
roles/kni/files/kni-20.04-1.el7.x86_64.rpm
Normal file
Binary file not shown.
Binary file not shown.
@@ -7,7 +7,7 @@
|
||||
- name: "install kni rpms from localhost"
|
||||
yum:
|
||||
name:
|
||||
- /tmp/ansible_deploy/kni-20.06-1.el7.x86_64.rpm
|
||||
- /tmp/ansible_deploy/kni-20.04-1.el7.x86_64.rpm
|
||||
state: present
|
||||
|
||||
- name: Template the kni.conf
|
||||
|
||||
@@ -2,12 +2,8 @@
|
||||
log_path = ./log/kni/kni.log
|
||||
log_level = {{ kni.global.log_level }}
|
||||
tfe_node_count = {{ kni.global.tfe_node_count }}
|
||||
{% if tsg_running_type == 0 or 1 %}
|
||||
manage_eth = {{ server.ethname }}
|
||||
{% else %}
|
||||
manage_eth = {{ nic_mgr.name }}
|
||||
{% endif %}
|
||||
{% if tsg_running_type == 0 %}
|
||||
{% if tsg_access_type == 0 %}
|
||||
deploy_mode = tun
|
||||
{% else %}
|
||||
deploy_mode = normal
|
||||
@@ -15,43 +11,31 @@ deploy_mode = normal
|
||||
tun_name = tun_kni
|
||||
src_mac_addr = 00:0e:c6:d6:72:c1
|
||||
dst_mac_addr = fe:65:b7:03:50:bd
|
||||
{% if tsg_access_type == 4 %}
|
||||
{% if tsg_access_type == 0 %}
|
||||
{% else %}
|
||||
[tfe0]
|
||||
enabled = 1
|
||||
dev_eth_symbol = {{ nic_data_incoming.vf1_name }}
|
||||
ip_addr = 192.168.100.1
|
||||
{% elif tsg_running_type == 2 %}
|
||||
[tfe0]
|
||||
enabled = {{ kni.tfe_nodes.tfe0_enabled }}
|
||||
dev_eth_symbol = {{ nic_to_tfe.tfe0.name }}
|
||||
ip_addr = 192.168.100.2
|
||||
|
||||
[tfe1]
|
||||
enabled = {{ kni.tfe_nodes.tfe1_enabled }}
|
||||
enabled = 1
|
||||
dev_eth_symbol = {{ nic_to_tfe.tfe1.name }}
|
||||
ip_addr = 192.168.100.3
|
||||
|
||||
[tfe2]
|
||||
enabled = {{ kni.tfe_nodes.tfe2_enabled }}
|
||||
enabled = 1
|
||||
dev_eth_symbol = {{ nic_to_tfe.tfe2.name }}
|
||||
ip_addr = 192.168.100.4
|
||||
{% endif %}
|
||||
|
||||
[tfe_cmsg_receiver]
|
||||
{% if tsg_running_type == 0 or 1%}
|
||||
listen_eth = {{ server.tun_name }}
|
||||
{% else %}
|
||||
listen_eth = {{ nic_inner_ctrl.name }}
|
||||
{% endif %}
|
||||
listen_port = 2475
|
||||
|
||||
[watch_dog]
|
||||
switch = {{ kni.watch_dog.switch }}
|
||||
{% if tsg_running_type == 0 or 1 %}
|
||||
listen_eth = {{ server.tun_name }}
|
||||
{% else %}
|
||||
listen_eth = {{ nic_inner_ctrl.name }}
|
||||
{% endif %}
|
||||
listen_port = 2476
|
||||
keepalive_idle = 2
|
||||
keepalive_intvl = 1
|
||||
|
||||
Binary file not shown.
@@ -6,7 +6,7 @@
|
||||
|
||||
- name: "install mrzcpd"
|
||||
yum:
|
||||
name: /tmp/ansible_deploy/mrzcpd-4.3.21.26314ca-1.el7.x86_64.rpm
|
||||
name: /tmp/ansible_deploy/mrzcpd-4.3.18.f543325-1.el7.x86_64.rpm
|
||||
state: present
|
||||
|
||||
- name: "update sysconfig/mrzcpd"
|
||||
@@ -20,14 +20,6 @@
|
||||
dest: /opt/mrzcpd/etc/mrglobal.conf
|
||||
when: nic_traffic_mirror is defined
|
||||
|
||||
|
||||
- name: "update mrglobal.conf.tun_mode - tun_server"
|
||||
template:
|
||||
src: "{{ role_path }}/templates/mrglobal.conf.tun_mode.j2"
|
||||
dest: /opt/mrzcpd/etc/mrglobal.conf
|
||||
when:
|
||||
- tsg_access_type == 0
|
||||
|
||||
- name: "update mrglobal.conf.inline - blade00"
|
||||
template:
|
||||
src: "{{ role_path }}/templates/mrglobal.conf.inline.j2"
|
||||
@@ -44,23 +36,6 @@
|
||||
- nic_traffic_mirror is not defined
|
||||
- tsg_access_type == 2
|
||||
|
||||
- name: "update mrglobal.conf.allot - blade00"
|
||||
template:
|
||||
src: "{{ role_path }}/templates/mrglobal.conf.adc_tun_mode.j2"
|
||||
dest: /opt/mrzcpd/etc/mrglobal.conf
|
||||
when:
|
||||
- nic_traffic_mirror is not defined
|
||||
- tsg_access_type == 3
|
||||
|
||||
|
||||
- name: "update mrglobal.conf.ATCA_40G - blade00"
|
||||
template:
|
||||
src: "{{ role_path }}/templates/mrglobal.conf.ATCA_40G.j2"
|
||||
dest: /opt/mrzcpd/etc/mrglobal.conf
|
||||
when:
|
||||
- nic_traffic_mirror is not defined
|
||||
- tsg_access_type == 4
|
||||
|
||||
- name: "update mrtunnat.conf.inline - blade00"
|
||||
template:
|
||||
src: "{{ role_path }}/templates/mrtunnat.conf.inline.j2"
|
||||
@@ -77,50 +52,28 @@
|
||||
- nic_traffic_mirror is not defined
|
||||
- tsg_access_type == 2
|
||||
|
||||
- name: "update mrtunnat.conf.allot_access - blade00"
|
||||
template:
|
||||
src: "{{ role_path }}/templates/mrtunnat.conf.adc_tun_mode.j2"
|
||||
dest: /opt/mrzcpd/etc/mrtunnat.conf
|
||||
when:
|
||||
- nic_traffic_mirror is not defined
|
||||
- tsg_access_type == 3
|
||||
|
||||
- name: "update mrtunnat.conf.ATCA_40G - blade00"
|
||||
template:
|
||||
src: "{{ role_path }}/templates/mrtunnat.conf.ATCA_40G.j2"
|
||||
dest: /opt/mrzcpd/etc/mrtunnat.conf
|
||||
when:
|
||||
- nic_traffic_mirror is not defined
|
||||
- tsg_access_type == 4
|
||||
|
||||
- name: "enable mrenv"
|
||||
systemd:
|
||||
name: mrenv
|
||||
enabled: yes
|
||||
daemon_reload: yes
|
||||
when:
|
||||
- tsg_access_type != 0
|
||||
|
||||
- name: "enable mrzcpd"
|
||||
systemd:
|
||||
name: mrzcpd
|
||||
enabled: yes
|
||||
enabled: 1
|
||||
daemon_reload: yes
|
||||
when:
|
||||
- tsg_access_type != 0
|
||||
|
||||
- name: "enable mrtunnat on master"
|
||||
systemd:
|
||||
name: mrtunnat
|
||||
enabled: yes
|
||||
enabled: 1
|
||||
daemon_reload: yes
|
||||
when:
|
||||
- nic_traffic_mirror is not defined
|
||||
- tsg_access_type != 0
|
||||
when: nic_traffic_mirror is not defined
|
||||
|
||||
- name: "disable mrtunnat on slave"
|
||||
systemd:
|
||||
name: mrtunnat
|
||||
enabled: no
|
||||
enabled: 0
|
||||
daemon_reload: yes
|
||||
when: nic_traffic_mirror is defined
|
||||
|
||||
@@ -1,56 +0,0 @@
|
||||
[device]
|
||||
device={{nic_data_incoming.vf0_name}},{{ nic_data_incoming.vf1_name }},vxlan_user,vxlan_fwd
|
||||
sz_tunnel=8192
|
||||
sz_buffer=0
|
||||
|
||||
[device:{{nic_data_incoming.vf0_name}}]
|
||||
mtu=4096
|
||||
clear_tx_flags=1
|
||||
vlan-filter=1
|
||||
vlan-strip=1
|
||||
vlan-id-allow={{ VlanFlipping.vlanID_1 }},{{ VlanFlipping.vlanID_2 }},{{ VlanFlipping.vlanID_3 }},{{ VlanFlipping.vlanID_4 }}
|
||||
vlan-pvid=0
|
||||
vlan-pvid-mode=2
|
||||
hw_strip_crc=1
|
||||
|
||||
[device:{{ nic_data_incoming.vf1_name }}]
|
||||
mtu=4096
|
||||
clear_tx_flags=1
|
||||
vlan-filter=1
|
||||
vlan-strip=1
|
||||
vlan-id-allow=4095
|
||||
vlan-pvid=0
|
||||
vlan-pvid-mode=2
|
||||
hw_strip_crc=1
|
||||
|
||||
[service]
|
||||
# lcore id for i/o service, use comma to split
|
||||
iocore={{ mrzcpd.iocore }}
|
||||
distmode=2
|
||||
hashmode=0
|
||||
|
||||
[eal]
|
||||
virtaddr=0x7f40c4a00000
|
||||
loglevel=7
|
||||
|
||||
[keepalive]
|
||||
check_spinlock=0
|
||||
|
||||
[ctrlzone]
|
||||
ctrlzone0=tunnat,64
|
||||
|
||||
[pool]
|
||||
create_mode=3
|
||||
sz_direct_pktmbuf=4194304
|
||||
sz_indirect_pktmbuf=8192
|
||||
sz_cache=256
|
||||
sz_data=4096
|
||||
|
||||
[forward]
|
||||
nr_forward_rule=6
|
||||
forward_rule_0=pv,{{nic_data_incoming.vf0_name}},{{nic_data_incoming.vf0_name}}
|
||||
forward_rule_1=vp,{{nic_data_incoming.vf0_name}},{{nic_data_incoming.vf0_name}}
|
||||
forward_rule_2=vv,vxlan_fwd,vxlan_user
|
||||
forward_rule_3=vv,vxlan_user,vxlan_fwd
|
||||
forward_rule_4=pv,{{ nic_data_incoming.vf1_name }},{{ nic_data_incoming.vf1_name }}
|
||||
forward_rule_5=vp,{{ nic_data_incoming.vf1_name }},{{ nic_data_incoming.vf1_name }}
|
||||
@@ -1,67 +0,0 @@
|
||||
[device]
|
||||
device={{nic_data_incoming.name}},{{nic_to_tfe.tfe0.name}},{{nic_to_tfe.tfe1.name}},{{nic_to_tfe.tfe2.name}},vxlan_user,vxlan_fwd
|
||||
sz_tunnel=8192
|
||||
sz_buffer=0
|
||||
|
||||
[device:{{nic_data_incoming.name}}]
|
||||
jumbo_frame=1
|
||||
max_rx_pkt_len=15360
|
||||
clear_tx_flags=1
|
||||
vlan-filter=1
|
||||
vlan-id-allow=1000,1001,2000,2001,4000,4001
|
||||
#vlan-pvid=0
|
||||
#vlan-pvid-mode=0
|
||||
|
||||
[device:{{nic_to_tfe.tfe0.name}}]
|
||||
jumbo_frame=1
|
||||
max_rx_pkt_len=15360
|
||||
clear_tx_flags=1
|
||||
promisc=1
|
||||
|
||||
[device:{{nic_to_tfe.tfe1.name}}]
|
||||
jumbo_frame=1
|
||||
max_rx_pkt_len=15360
|
||||
clear_tx_flags=1
|
||||
promisc=1
|
||||
|
||||
[device:{{nic_to_tfe.tfe2.name}}]
|
||||
jumbo_frame=1
|
||||
max_rx_pkt_len=15360
|
||||
clear_tx_flags=1
|
||||
promisc=1
|
||||
|
||||
[service]
|
||||
# lcore id for i/o service, use comma to split
|
||||
iocore={{ mrzcpd.iocore }}
|
||||
distmode=2
|
||||
hashmode=0
|
||||
|
||||
[eal]
|
||||
virtaddr=0x7f40c4a00000
|
||||
loglevel=7
|
||||
|
||||
[keepalive]
|
||||
check_spinlock=0
|
||||
|
||||
[ctrlzone]
|
||||
ctrlzone0=tunnat,64
|
||||
|
||||
[pool]
|
||||
create_mode=3
|
||||
sz_direct_pktmbuf=4194304
|
||||
sz_indirect_pktmbuf=8192
|
||||
sz_cache=256
|
||||
sz_data=4096
|
||||
|
||||
[forward]
|
||||
nr_forward_rule=10
|
||||
forward_rule_0=pv,{{nic_data_incoming.name}},{{nic_data_incoming.name}}
|
||||
forward_rule_1=vp,{{nic_data_incoming.name}},{{nic_data_incoming.name}}
|
||||
forward_rule_2=vv,vxlan_fwd,vxlan_user
|
||||
forward_rule_3=vv,vxlan_user,vxlan_fwd
|
||||
forward_rule_4=pv,{{nic_to_tfe.tfe0.name}},{{nic_to_tfe.tfe0.name}}
|
||||
forward_rule_5=vp,{{nic_to_tfe.tfe0.name}},{{nic_to_tfe.tfe0.name}}
|
||||
forward_rule_6=pv,{{nic_to_tfe.tfe1.name}},{{nic_to_tfe.tfe1.name}}
|
||||
forward_rule_7=vp,{{nic_to_tfe.tfe1.name}},{{nic_to_tfe.tfe1.name}}
|
||||
forward_rule_8=pv,{{nic_to_tfe.tfe2.name}},{{nic_to_tfe.tfe2.name}}
|
||||
forward_rule_9=vp,{{nic_to_tfe.tfe2.name}},{{nic_to_tfe.tfe2.name}}
|
||||
@@ -4,16 +4,29 @@ sz_tunnel=8192
|
||||
sz_buffer=0
|
||||
|
||||
[device:{{nic_data_incoming.name}}]
|
||||
{% if nic_data_incoming.ip is defined %}
|
||||
in_addr={{nic_data_incoming.ip}}
|
||||
{% endif %}
|
||||
{% if nic_data_incoming.mask is defined %}
|
||||
in_mask={{nic_data_incoming.mask}}
|
||||
{% endif %}
|
||||
{% if nic_data_incoming.gw is defined %}
|
||||
gateway={{nic_data_incoming.gw}}
|
||||
{% endif %}
|
||||
jumbo_frame=1
|
||||
max_rx_pkt_len=15360
|
||||
clear_tx_flags=1
|
||||
{% if nic_data_incoming.ip is defined %}
|
||||
#vlan-filter=1
|
||||
#vlan-id-allow=1301,1302,2301,2302,1501,1502,2501,2502,1601,1602,2601,2602,1701,1702,2701,2702,1801,1802,2801,2802,1901,1902,2901,2902
|
||||
#vlan-id-allow=3811,3812,3813,3814,3821,3822,3823,3824,3831,3832,3833,3834,3841,3842,3843,3844
|
||||
#vlan-pvid=0
|
||||
#vlan-pvid-mode=0
|
||||
{% else %}
|
||||
vlan-filter=0
|
||||
vlan-id-allow=3811,3812,3813,3814,3821,3822,3823,3824,3831,3832,3833,3834,3841,3842,3843,3844
|
||||
vlan-pvid=0
|
||||
vlan-pvid-mode=0
|
||||
{% endif %}
|
||||
|
||||
[device:{{nic_to_tfe.tfe0.name}}]
|
||||
jumbo_frame=1
|
||||
|
||||
@@ -1,28 +0,0 @@
|
||||
[device]
|
||||
device=fake
|
||||
sz_tunnel=8192
|
||||
sz_buffer=0
|
||||
|
||||
[device:lo]
|
||||
jumbo_frame=1
|
||||
max_rx_pkt_len=15360
|
||||
clear_tx_flags=1
|
||||
promisc=1
|
||||
|
||||
[service]
|
||||
iocore={{ mrzcpd.iocore }}
|
||||
|
||||
[eal]
|
||||
virtaddr=0x7d0000000000
|
||||
loglevel=7
|
||||
|
||||
[keepalive]
|
||||
check_spinlock=1
|
||||
|
||||
[pool]
|
||||
create_mode=3
|
||||
sz_direct_pktmbuf=4194304
|
||||
sz_indirect_pktmbuf=8192
|
||||
sz_cache=256
|
||||
sz_data=4096
|
||||
|
||||
@@ -1,23 +0,0 @@
|
||||
[tunnat]
|
||||
lcore_id={{ mrtunnat.lcore_id }}
|
||||
appsym=tunnat
|
||||
phydev={{nic_data_incoming.vf0_name}}
|
||||
virtdev=vxlan_fwd
|
||||
nr_max_sessions=524280
|
||||
nr_slots=1048576
|
||||
expire_time=60
|
||||
reverse_tunnel=0
|
||||
use_recent_tunnel=0
|
||||
use_link_info_table=1
|
||||
use_tuple4_as_sskey=0
|
||||
ctrlzone_addr_info_type=2
|
||||
|
||||
[vlan_flipping]
|
||||
enable=1
|
||||
c_router_vlan_id_0={{ VlanFlipping.vlanID_1 }}
|
||||
i_router_vlan_id_0={{ VlanFlipping.vlanID_2 }}
|
||||
en_mac_flipping_0=0
|
||||
en_mac_flipping_0=0
|
||||
c_router_vlan_id_1={{ VlanFlipping.vlanID_3 }}
|
||||
i_router_vlan_id_1={{ VlanFlipping.vlanID_4 }}
|
||||
en_mac_flipping_1=0
|
||||
@@ -1,24 +0,0 @@
|
||||
[tunnat]
|
||||
lcore_id={{ mrtunnat.lcore_id }}
|
||||
appsym=tunnat
|
||||
phydev={{nic_data_incoming.name}}
|
||||
virtdev=vxlan_fwd
|
||||
nr_max_sessions=524280
|
||||
nr_slots=1048576
|
||||
expire_time=60
|
||||
reverse_tunnel=0
|
||||
use_recent_tunnel=0
|
||||
use_tuple4_as_sskey=1
|
||||
ctrlzone_addr_info_type=2
|
||||
|
||||
[vlan_flipping]
|
||||
enable=1
|
||||
c_router_vlan_id_0=4000
|
||||
i_router_vlan_id_0=4001
|
||||
en_mac_flipping_0=0
|
||||
c_router_vlan_id_1=1000
|
||||
i_router_vlan_id_1=1001
|
||||
en_mac_flipping_1=0
|
||||
c_router_vlan_id_2=2000
|
||||
i_router_vlan_id_2=2001
|
||||
en_mac_flipping_2=0
|
||||
@@ -1,6 +0,0 @@
|
||||
---
|
||||
- name: 'Unarchive docker env rpm file from remote host'
|
||||
unarchive:
|
||||
src: "{{ tsgDiagnoseDockerFile.unarchiveUrl }}"
|
||||
dest: "{{ tsgDiagnoseDockerFile.unarchiveDest }}"
|
||||
remote_src: yes
|
||||
@@ -1,8 +0,0 @@
|
||||
---
|
||||
- name: "download rpm package by rpm list"
|
||||
yum:
|
||||
name: "{{ item.value.name }}"
|
||||
state: present
|
||||
download_only: true
|
||||
download_dir: "{{ item.value.downpath }}"
|
||||
with_dict: "{{ rpmdict }}"
|
||||
@@ -1,6 +0,0 @@
|
||||
---
|
||||
- name: "build install tar package"
|
||||
archive:
|
||||
path: "{{ tarpath.src }}"
|
||||
dest: "{{ tarpath.destdict }}{{ tarname }}"
|
||||
format: gz
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
- include: DockerEnvDownload.yml
|
||||
- include: RpmDownload.yml
|
||||
- include: TarBuild.yml
|
||||
@@ -1,11 +0,0 @@
|
||||
[Unit]
|
||||
Description=proxy status
|
||||
|
||||
[Service]
|
||||
ExecStart=/opt/proxy_status/proxy_start
|
||||
ExecStop=/opt/proxy_status/proxy_stop
|
||||
Type=oneshot
|
||||
RemainAfterExit=yes
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
@@ -1,12 +0,0 @@
|
||||
#!/bin/bash
|
||||
#
|
||||
|
||||
systemctl start tsg-env-tun-mode.service &>/dev/null &
|
||||
sleep 2
|
||||
systemctl start sapp.service &>/dev/null &
|
||||
sleep 5
|
||||
systemctl start tfe-env.service &>/dev/null &
|
||||
sleep 5
|
||||
systemctl start tfe.service &>/dev/null &
|
||||
systemctl start certstore.service &>/dev/null &
|
||||
systemctl start cert-redis.service &>/dev/null &
|
||||
@@ -1,65 +0,0 @@
|
||||
#!/bin/bash
|
||||
#
|
||||
|
||||
systemctl status tsg-env-tun-mode &>/dev/null
|
||||
if [ $? -eq 0 ];then
|
||||
echo -e "\033[32m tsg-env-tun-mode is running \033[0m"
|
||||
else
|
||||
echo -e "\033[31m tsg-env-tun-mode is down \033[0m"
|
||||
fi
|
||||
|
||||
systemctl status mrzcpd &>/dev/null
|
||||
if [ $? -eq 0 ];then
|
||||
echo -e "\033[32m mrzcpd is running \033[0m"
|
||||
else
|
||||
echo -e "\033[31m mrzcpd is down \033[0m"
|
||||
fi
|
||||
|
||||
systemctl status mrenv &>/dev/null
|
||||
if [ $? -eq 0 ];then
|
||||
echo -e "\033[32m mrenv is running \033[0m"
|
||||
else
|
||||
echo -e "\033[31m mrenv is down \033[0m"
|
||||
fi
|
||||
|
||||
systemctl status mrtunnat &>/dev/null
|
||||
if [ $? -eq 0 ];then
|
||||
echo -e "\033[32m mrtunnat is running \033[0m"
|
||||
else
|
||||
echo -e "\033[31m mrtunnat is down \033[0m"
|
||||
fi
|
||||
|
||||
systemctl status sapp &>/dev/null
|
||||
if [ $? -eq 0 ];then
|
||||
echo -e "\033[32m sapp is running \033[0m"
|
||||
else
|
||||
echo -e "\033[31m sapp is down \033[0m"
|
||||
fi
|
||||
|
||||
systemctl status tfe-env &>/dev/null
|
||||
if [ $? -eq 0 ];then
|
||||
echo -e "\033[32m tfe-env is running \033[0m"
|
||||
else
|
||||
echo -e "\033[31m tfe-env is down \033[0m"
|
||||
fi
|
||||
|
||||
systemctl status tfe &>/dev/null
|
||||
if [ $? -eq 0 ];then
|
||||
echo -e "\033[32m tfe is running \033[0m"
|
||||
else
|
||||
echo -e "\033[31m tfe is down \033[0m"
|
||||
fi
|
||||
|
||||
systemctl status certstore &>/dev/null
|
||||
if [ $? -eq 0 ];then
|
||||
echo -e "\033[32m certstore is running \033[0m"
|
||||
else
|
||||
echo -e "\033[31m certstore is down \033[0m"
|
||||
fi
|
||||
|
||||
systemctl status cert-redis &>/dev/null
|
||||
if [ $? -eq 0 ];then
|
||||
echo -e "\033[32m cert-redis is running \033[0m"
|
||||
else
|
||||
echo -e "\033[31m cert-redis is down \033[0m"
|
||||
fi
|
||||
@@ -1,12 +0,0 @@
|
||||
#!/bin/bash
|
||||
#
|
||||
|
||||
systemctl stop tsg-env-tun-mode.service &>/dev/null &
|
||||
systemctl stop mrzcpd.service &>/dev/null &
|
||||
systemctl stop mrtunnat.service &>/dev/null &
|
||||
systemctl stop sapp.service &>/dev/null &
|
||||
systemctl stop tfe-env.service &>/dev/null &
|
||||
systemctl stop tfe.service &>/dev/null &
|
||||
systemctl stop certstore.service &>/dev/null &
|
||||
systemctl stop cert-redis.service &>/dev/null &
|
||||
|
||||
@@ -1,24 +0,0 @@
|
||||
---
|
||||
- name: "create /opt/proxy_status"
|
||||
file:
|
||||
path: /opt/proxy_status
|
||||
state: directory
|
||||
|
||||
- name: "copy files"
|
||||
copy:
|
||||
src: "{{ role_path }}/files/"
|
||||
dest: /opt/proxy_status
|
||||
mode: 0755
|
||||
|
||||
- name: "copy proxy-status.service"
|
||||
copy:
|
||||
src: "{{ role_path }}/files/proxy-status.service"
|
||||
dest: "/usr/lib/systemd/system/"
|
||||
mode: 0755
|
||||
|
||||
- name: "enable proxy-status"
|
||||
systemd:
|
||||
name: proxy-status
|
||||
enabled: yes
|
||||
daemon_reload: yes
|
||||
|
||||
Binary file not shown.
BIN
roles/sapp/files/sapp-4.0.8.fb5bce9-1.el7.x86_64.rpm
Normal file
BIN
roles/sapp/files/sapp-4.0.8.fb5bce9-1.el7.x86_64.rpm
Normal file
Binary file not shown.
Binary file not shown.
@@ -7,11 +7,20 @@
|
||||
- name: "install sapp rpms from localhost"
|
||||
yum:
|
||||
name:
|
||||
- /tmp/ansible_deploy/sapp-4.0.14.91cbc1b-x86_64.rpm
|
||||
# - /tmp/ansible_deploy/sapp-4.0.11.347f7b7-x86_64.rpm
|
||||
- /tmp/ansible_deploy/tsg_master-debug-1.0.3.a4e2a7c-1.el7.centos.x86_64.rpm
|
||||
state: present
|
||||
skip_broken: yes
|
||||
|
||||
- name: "mkdir tsgconf"
|
||||
- name: "judge sapp"
|
||||
shell: rpm -qa |grep sapp
|
||||
register: return
|
||||
ignore_errors: true
|
||||
|
||||
- name: "install sapp rpms from localhost"
|
||||
shell: cd /tmp/ansible_deploy;rpm -ivh sapp-4.0.8.fb5bce9-1.el7.x86_64.rpm
|
||||
when: return.rc != 0
|
||||
|
||||
- name: make dir
|
||||
file:
|
||||
path: /home/mesasoft/sapp_run/tsgconf
|
||||
state: directory
|
||||
@@ -40,13 +49,6 @@
|
||||
dest: /home/mesasoft/sapp_run/etc/gdev.conf
|
||||
when: tsg_access_type == 1
|
||||
|
||||
|
||||
- name: "copy sapp.service destination server"
|
||||
copy:
|
||||
src: "{{ role_path }}/files/sapp.service"
|
||||
dest: /usr/lib/systemd/system/
|
||||
mode: 0755
|
||||
|
||||
- name: "enable sapp"
|
||||
systemd:
|
||||
name: sapp
|
||||
|
||||
@@ -14,9 +14,6 @@ worker_threads=1
|
||||
{% else %}
|
||||
worker_threads={{ sapp.worker_threads }}
|
||||
{% endif %}
|
||||
{% if tsg_access_type == 4 %}
|
||||
send_only_threads_max={{ sapp.send_only_threads_max }}
|
||||
{% endif %}
|
||||
### note, bind_mask, if you do not want to bind thread to special CPU core, keep it empty as []
|
||||
{% if tsg_access_type == 0 %}
|
||||
bind_mask=[]
|
||||
@@ -25,19 +22,12 @@ bind_mask=[{{ sapp.bind_mask }}]
|
||||
{% endif %}
|
||||
|
||||
[PACKET_IO]
|
||||
{% if tsg_access_type == 4 %}
|
||||
### note, used to represent inbound or outbound direction value,
|
||||
##### because it comes from other device, so it needs to be specified manually,
|
||||
##### if inbound_route_dir=1, then outbound_route_dir=0, vice versa,
|
||||
##### in other words, outbound_route_dir = 1 ^ inbound_route_dir;
|
||||
inbound_route_dir={{ sapp.inbound_route_dir }}
|
||||
{% endif %}
|
||||
### note, BSD_packet_filter, if you do not want to set any filter rule, keep it empty as ""
|
||||
BSD_packet_filter=""
|
||||
|
||||
### note, depolyment.mode options: [mirror, inline, transparent]
|
||||
[packet_io.depolyment]
|
||||
{% if tsg_access_type == 0 %}
|
||||
{% if nic_transparent_mode.enable == 1 %}
|
||||
mode=transparent
|
||||
{% else %}
|
||||
mode=inline
|
||||
@@ -45,18 +35,18 @@ BSD_packet_filter=""
|
||||
|
||||
### note, interface.type options: [pag,pcap,marsio]
|
||||
[packet_io.internal.interface]
|
||||
{% if tsg_access_type == 0 %}
|
||||
type=pcap
|
||||
name={{server.internal_interface}}
|
||||
{% if nic_transparent_mode.enable == 1 %}
|
||||
type={{nic_transparent_mode.mode}}
|
||||
name={{nic_transparent_mode.internel_interface}}
|
||||
{% else %}
|
||||
type=marsio
|
||||
name=vxlan_user
|
||||
{% endif %}
|
||||
|
||||
[packet_io.external.interface]
|
||||
{% if tsg_access_type == 0 %}
|
||||
type=pcap
|
||||
name={{server.external_interface}}
|
||||
{% if nic_transparent_mode.enable %}
|
||||
type={{nic_transparent_mode.mode}}
|
||||
name={{nic_transparent_mode.external_interface}}
|
||||
{% else %}
|
||||
type=pcap
|
||||
name=lo
|
||||
|
||||
Binary file not shown.
@@ -1,16 +0,0 @@
|
||||
[Unit]
|
||||
Description=Statistic information
|
||||
Documentation=https://github.com/influxdata/telegraf
|
||||
After=network.target
|
||||
|
||||
[Service]
|
||||
EnvironmentFile=-/etc/default/telegraf
|
||||
User=telegraf
|
||||
ExecStart=/usr/bin/telegraf -config /etc/telegraf/telegraf_statistic.conf -config-directory /etc/telegraf/telegraf_statistic.d $TELEGRAF_OPTS
|
||||
ExecReload=/bin/kill -HUP $MAINPID
|
||||
Restart=on-failure
|
||||
RestartForceExitStatus=SIGPIPE
|
||||
KillMode=control-group
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
@@ -1,28 +0,0 @@
|
||||
- name: "copy telegraf.rpm to destination server"
|
||||
copy:
|
||||
src: "{{ role_path }}/files/telegraf-1.13.0-1.x86_64.rpm"
|
||||
dest: /tmp
|
||||
|
||||
- name: "install telegraf"
|
||||
yum:
|
||||
name:
|
||||
- /tmp/telegraf-1.13.0-1.x86_64.rpm
|
||||
state: present
|
||||
|
||||
- name: "Templates telegraf.conf"
|
||||
template:
|
||||
src: "{{role_path}}/templates/telegraf_statistic.conf.j2"
|
||||
dest: /etc/telegraf/telegraf_statistic.conf
|
||||
tags: template
|
||||
|
||||
- name: "copy telegraf_statistic.service to destination server"
|
||||
copy:
|
||||
src: "{{ role_path }}/files/telegraf_statistic.service"
|
||||
dest: /usr/lib/systemd/system
|
||||
mode: 0755
|
||||
|
||||
- name: "Start telegraf"
|
||||
systemd:
|
||||
name: telegraf_statistic.service
|
||||
state: started
|
||||
enabled: yes
|
||||
@@ -1,29 +0,0 @@
|
||||
[global_tags]
|
||||
[agent]
|
||||
interval = "30s"
|
||||
round_interval = true
|
||||
metric_batch_size = 1000
|
||||
metric_buffer_limit = 10000
|
||||
collection_jitter = "0s"
|
||||
flush_interval = "10s"
|
||||
flush_jitter = "0s"
|
||||
precision = ""
|
||||
debug = false
|
||||
quiet = false
|
||||
logfile = ""
|
||||
hostname = ""
|
||||
omit_hostname = false
|
||||
[[outputs.file]]
|
||||
files = ["stdout", "/tmp/metrics.out"]
|
||||
data_format = "json"
|
||||
[[outputs.kafka]]
|
||||
brokers = ["192.168.40.186:9092"]
|
||||
topic = "TRAFFIC-METRICS-LOG"
|
||||
data_format = "json"
|
||||
[[outputs.prometheus_client]]
|
||||
listen = ":9273"
|
||||
path = "/metrics"
|
||||
[[inputs.tcp_listener]]
|
||||
[[inputs.udp_listener]]
|
||||
ServiceAddress= ":8100"
|
||||
data_format = "influx"
|
||||
BIN
roles/tfe/files/tfe-4.3.1.cc89b5b-1.el7.x86_64.rpm
Executable file
BIN
roles/tfe/files/tfe-4.3.1.cc89b5b-1.el7.x86_64.rpm
Executable file
Binary file not shown.
Binary file not shown.
@@ -1,22 +0,0 @@
|
||||
[Unit]
|
||||
Description=Tango Frontend Engine
|
||||
Requires=tfe-env.service
|
||||
After=tfe-env.service
|
||||
|
||||
|
||||
[Service]
|
||||
Type=notify
|
||||
ExecStart=/opt/tsg/tfe/bin/tfe
|
||||
WorkingDirectory=/opt/tsg/tfe/
|
||||
TimeoutSec=3600s
|
||||
RestartSec=10s
|
||||
Restart=always
|
||||
LimitNOFILE=524288
|
||||
LimitNPROC=infinity
|
||||
LimitCORE=infinity
|
||||
TasksMax=infinity
|
||||
Delegate=yes
|
||||
KillMode=process
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
@@ -4,17 +4,11 @@
|
||||
src: "{{ role_path }}/files/"
|
||||
dest: /tmp/ansible_deploy/
|
||||
|
||||
- name: "copy tfe.service to destination server"
|
||||
copy:
|
||||
src: "{{ role_path }}/files/tfe.service"
|
||||
dest: /usr/lib/systemd/system/
|
||||
mode: 0755
|
||||
|
||||
- name: "install tfe rpms from localhost"
|
||||
yum:
|
||||
name:
|
||||
- /tmp/ansible_deploy/tfe-kmod-v1.0.5.20200408-1dkms.noarch.rpm
|
||||
- /tmp/ansible_deploy/tfe-4.3.5.0db794c-1.el7.x86_64.rpm
|
||||
- /tmp/ansible_deploy/tfe-4.3.1.cc89b5b-1.el7.x86_64.rpm
|
||||
state: present
|
||||
|
||||
- name: "template tfe-env config"
|
||||
|
||||
@@ -2,13 +2,8 @@
|
||||
log_level=30
|
||||
|
||||
[log]
|
||||
{% if tsg_running_type == 0 or 1 %}
|
||||
nic_name={{ server.ethname }}
|
||||
{% else %}
|
||||
nic_name={{ nic_mgr.name }}
|
||||
{% endif %}
|
||||
nic_name= {{ nic_mgr.name }}
|
||||
entrance_id=0
|
||||
device_id_filepath=/opt/tsg/etc/tsg_sn.json
|
||||
kafka_brokerlist= {{ log_kafkabrokers.address }}
|
||||
kafka_topic=PROXY-EVENT-LOG
|
||||
|
||||
|
||||
@@ -1,20 +1,11 @@
|
||||
{% if tsg_access_type == 4 %}
|
||||
TFE_DEVICE_DATA_INCOMING={ nic_data_incoming.vf2_name }}
|
||||
{% elif tsg_running_type == 0 %}
|
||||
TFE_DEVICE_DATA_INCOMING=tun_kni
|
||||
{% else %}
|
||||
TFE_DEVICE_DATA_INCOMING={{ nic_data_incoming.name }}
|
||||
{% endif %}
|
||||
|
||||
TFE_DEVICE_DATA_INCOMING={{nic_data_incoming.name}}
|
||||
TFE_LOCAL_MAC_DATA_INCOMING=fe:65:b7:03:50:bd
|
||||
{% if tsg_access_type == 4 %}
|
||||
TFE_PEER_MAC_DATA_INCOMING=00:0e:c6:d6:72:c1
|
||||
{% else %}
|
||||
TFE_PEER_MAC_DATA_INCOMING=aa:bb:cc:dd:ee:ff
|
||||
{% endif %}
|
||||
TFE_LOCAL_IP_DATA_INCOMING=172.16.241.2
|
||||
TFE_PEER_IP_DATA_INCOMING=172.16.241.1
|
||||
|
||||
{% if tsg_running_type == 0 or 1 %}
|
||||
TFE_WATCHDOG_DEVICE={{ server.tun_name }}
|
||||
{% if tsg_access_type == 0 %}
|
||||
TFE_WATCHDOG_DEVICE={{ nic_inner_ctrl.name }}
|
||||
TFE_WATCHDOG_IP=192.168.100.1
|
||||
{% endif %}
|
||||
|
||||
@@ -4,7 +4,6 @@ enable_breakpad=1
|
||||
enable_breakpad_upload=0
|
||||
breakpad_minidump_dir=/run/tfe/crashreport/
|
||||
breakpad_upload_url=http://127.0.0.1:9000/
|
||||
disable_coredump=0
|
||||
|
||||
[kni]
|
||||
ip=192.168.100.1
|
||||
@@ -31,11 +30,7 @@ service_cache_expire_seconds=600
|
||||
# default 0
|
||||
mc_cache_enable=1
|
||||
# default eth0
|
||||
{% if tsg_running_type == 0 or 1 %}
|
||||
mc_cache_eth={{ server.tun_name }}
|
||||
{% else %}
|
||||
mc_cache_eth={{ nic_inner_ctrl.name }}
|
||||
{% endif %}
|
||||
# default NULL
|
||||
mc_cache_broker_list={{ log_kafkabrokers.address }}
|
||||
# default PXY-EXCH-INTERMEDIA-CERT
|
||||
@@ -50,17 +45,12 @@ cert_store_host= {{ cert_store_server.address }}
|
||||
cert_store_port= {{ cert_store_server.port }}
|
||||
ca_path=resource/tfe/tango-ca-v3-trust-ca.pem
|
||||
untrusted_ca_path=resource/tfe/tango-ca-v3-untrust-ca.pem
|
||||
enable_health_check=0
|
||||
|
||||
[debug]
|
||||
passthrough_all_tcp=0
|
||||
|
||||
[traffic_mirror]
|
||||
{% if tsg_running_type == 0 or 1 %}
|
||||
device=lo
|
||||
{% else %}
|
||||
device={{ nic_traffic_mirror.name }}
|
||||
{% endif %}
|
||||
type=0
|
||||
|
||||
[ratelimit]
|
||||
@@ -79,11 +69,11 @@ tcp_ttl_upstream=75
|
||||
tcp_ttl_downstream=70
|
||||
|
||||
[log]
|
||||
level=10
|
||||
level=30
|
||||
|
||||
[stat]
|
||||
statsd_server={{ fs_remote.address }}
|
||||
statsd_port={{ fs_remote.port }}
|
||||
|
||||
[http]
|
||||
loglevel=10
|
||||
loglevel=30
|
||||
|
||||
@@ -1,19 +0,0 @@
|
||||
---
|
||||
- name: "Install docker-ce"
|
||||
yum:
|
||||
name: "/tmp/ansible_deploy/tsg-diagnose/rpms/rpm-docker/docker-ce/{{ item }}"
|
||||
state: present
|
||||
with_items: "{{ dockerEnvRpm.dockerCe }}"
|
||||
|
||||
- name: "Install docker-compose"
|
||||
yum:
|
||||
name: "/tmp/ansible_deploy/tsg-diagnose/rpms/rpm-docker/docker-compose/{{ item }}"
|
||||
state: present
|
||||
with_items: "{{ dockerEnvRpm.dockerCompose }}"
|
||||
|
||||
- name: 'Docker service start'
|
||||
systemd:
|
||||
name: docker
|
||||
enabled: yes
|
||||
daemon_reload: yes
|
||||
|
||||
@@ -1,12 +0,0 @@
|
||||
---
|
||||
- name: "Install tsg-diagnose rpm package"
|
||||
yum:
|
||||
name:
|
||||
- "/tmp/ansible_deploy/tsg-diagnose/rpms/{{rpmdict.tsgDiagnose.fullname}}"
|
||||
state: present
|
||||
|
||||
- name: 'Tsg-diagnose service start'
|
||||
systemd:
|
||||
name: tsg-diagnose
|
||||
enabled: yes
|
||||
daemon_reload: yes
|
||||
@@ -1,14 +0,0 @@
|
||||
---
|
||||
- name: 'Copy tsg-diagnose file to device'
|
||||
copy:
|
||||
src: "{{item.src}}"
|
||||
dest: "{{item.dest}}"
|
||||
mode: "{{item.mode}}"
|
||||
with_items:
|
||||
- { src: "{{ role_path }}/files/", dest: "/tmp/ansible_deploy/tsg-diagnose", mode: '0755' }
|
||||
|
||||
- name: 'Install docker env rpm'
|
||||
include: DockerEnv.yml
|
||||
|
||||
- name: 'Install Tsg-diagnose'
|
||||
include: TsgDiagnose.yml
|
||||
@@ -1,27 +1,12 @@
|
||||
#!/bin/bash
|
||||
modprobe 8021q
|
||||
vconfig add {{ server.ethname }} 100
|
||||
vconfig set_flag {{ server.ethname }}.100 1 1
|
||||
ifconfig {{ server.ethname }}.100 192.168.100.1 netmask 255.255.255.0 up
|
||||
{% if tsg_access_type == 0 %}
|
||||
ethtool -K {{ server.internal_interface }} tso off
|
||||
ethtool -K {{ server.internal_interface }} gso off
|
||||
ethtool -K {{ server.internal_interface }} gro off
|
||||
ethtool -K {{ server.external_interface }} tso off
|
||||
ethtool -K {{ server.external_interface }} gso off
|
||||
ethtool -K {{ server.external_interface }} gro off
|
||||
{% elif tsg_access_type == 4 %}
|
||||
echo 3 > /sys/class/net/{{ nic_data_incoming.ethname }}/device/sriov_numvfs
|
||||
ip link set {{ nic_data_incoming.ethname }} vf 1 vlan 4095
|
||||
ip link set {{ nic_data_incoming.ethname }} vf 2 vlan 4095
|
||||
ip link set {{ nic_data_incoming.ethname }} vf 0 trust on
|
||||
ip link set {{ nic_data_incoming.ethname }} vf 1 trust on
|
||||
ip link set {{ nic_data_incoming.ethname }} vf 2 trust on
|
||||
ip link set {{ nic_data_incoming.ethname }} vf 1 mac 00:0e:c6:d6:72:c1
|
||||
ip link set {{ nic_data_incoming.ethname }} vf 2 mac fe:65:b7:03:50:bd
|
||||
ip link set {{ nic_data_incoming.ethname }} vf 0 spoofchk off
|
||||
ip link set {{ nic_data_incoming.vf0_name }} up
|
||||
ip link set {{ nic_data_incoming.vf1_name }} up
|
||||
ip link set {{ nic_data_incoming.vf2_name }} up
|
||||
{% endif %}
|
||||
vconfig add {{ nic_mgr.name }} 100
|
||||
vconfig set_flag {{ nic_mgr.name }}.100 1 1
|
||||
ifconfig {{ nic_mgr.name }}.100 192.168.100.1 netmask 255.255.255.0 up
|
||||
ethtool -K {{ nic_transparent_mode.internel_interface }} tso off
|
||||
ethtool -K {{ nic_transparent_mode.internel_interface }} gso off
|
||||
ethtool -K {{ nic_transparent_mode.internel_interface }} gro off
|
||||
ethtool -K {{ nic_transparent_mode.externel_interface }} tso off
|
||||
ethtool -K {{ nic_transparent_mode.externel_interface }} gso off
|
||||
ethtool -K {{ nic_transparent_mode.externel_interface }} gro off
|
||||
|
||||
|
||||
@@ -1,8 +1,5 @@
|
||||
#!/bin/bash
|
||||
#
|
||||
echo 0 >/sys/class/net/{{ server.ethname }}/device/sriov_numvfs
|
||||
ifconfig {{ server.ethname }}.100 down
|
||||
vconfig rem {{ server.ethname }}.100
|
||||
{% if tsg_access_type == 4 %}
|
||||
echo 0 >/sys/class/net/{{ nic_data_incoming.ethname }}/device/sriov_numvfs
|
||||
{% endif %}
|
||||
echo 0 >/sys/class/net/ens1/device/sriov_numvfs
|
||||
ifconfig {{ nic_mgr.name }}.100 down
|
||||
vconfig rem {{ nic_mgr.name }}.100
|
||||
|
||||
Binary file not shown.
Binary file not shown.
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user