增加docker环境基础安装

.gitlab-ci.yml

@@ -0,0 +1,35 @@
+stages:
+- build
+    
+.build_tar:
+  image: "git.mesalab.cn:7443/mesa_platform/build-env:self-test-env"
+  variables:
+    GIT_STRATEGY: "clone"
+    BUILD_PADDING_PREFIX: /tmp/padding_for_PACK_TAR_BUILD_DIRS_PREFIX/
+    TESTING_VERSION_BUILD: 0
+  before_script:
+    - dockerd > /dev/null &
+    - docker info
+    - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
+    - mkdir -p $BUILD_PADDING_PREFIX/$CI_PROJECT_NAMESPACE/
+    - ln -s $CI_PROJECT_DIR $BUILD_PADDING_PREFIX/$CI_PROJECT_PATH
+    - cd $BUILD_PADDING_PREFIX/$CI_PROJECT_PATH
+    - pwd
+    - chmod +x ./ci/travis.sh
+  script:
+    - yum makecache
+    - ./ci/travis.sh
+  tags:
+  - share
+    
+file_build:
+  stage: build
+  variables:
+    VER_NAME: $CI_COMMIT_REF_NAME
+    PULP3_REPO_NAME: install-package-stable
+    PULP3_DIST_NAME: install-package-stable
+
+  extends: .build_tar
+  only:
+    - tags
+

buildPackage.yml

@@ -0,0 +1,3 @@
+- hosts: local
+  roles:
+    - package-build

build_config/group_vars/local.yml

@@ -0,0 +1,10 @@
+tarpath:
+  src:
+    - /tmp/padding_for_PACK_TAR_BUILD_DIRS_PREFIX/tsg/tsg-scripts/install_config
+    - /tmp/padding_for_PACK_TAR_BUILD_DIRS_PREFIX/tsg/tsg-scripts/deploy.yml
+    - /tmp/padding_for_PACK_TAR_BUILD_DIRS_PREFIX/tsg/tsg-scripts/roles/tsg-diagnose
+  destdict: /tmp/padding_for_PACK_TAR_BUILD_DIRS_PREFIX/tsg/tsg-scripts/build/
+
+tsgDiagnoseDockerFile: 
+  unarchiveUrl: https://repo.internal.geedge.net/pulp/content/install/stable/package/docker-rpm-test-docker-ce-7.tar.gz
+  unarchiveDest: /tmp/padding_for_PACK_TAR_BUILD_DIRS_PREFIX/tsg/tsg-scripts/roles/tsg-diagnose/files

build_config/hosts

@@ -0,0 +1,2 @@
+[local]
+localhost ansible_connection=local

ci/travis.sh

@@ -0,0 +1,14 @@
+#!/usr/bin/env sh
+mkdir build || true
+
+cat ./customize.yml >> ./build_config/group_vars/local.yml
+cat ./customize.yml >> ./install_config/group_vars/all.yml
+
+ansible-playbook -i ./build_config -e tarname=tsg-scripts-${VER_NAME}.tar.gz  buildPackage.yml
+
+ls -halt ./build/tsg-scripts-${VER_NAME}.tar.gz
+
+cd build
+cp ~/file_upload_tools.py ./
+
+python3 file_upload_tools.py ${PULP3_REPO_NAME} ${PULP3_DIST_NAME} *.tar.gz

customize.yml

@@ -0,0 +1,52 @@
+rpmdict:
+  tsgDiagnose:
+    fullname: "tsg-diagnose-test_edit_name-1.el7.x86_64.rpm"
+    name: "tsg-diagnose"
+    downpath: "/tmp/padding_for_PACK_TAR_BUILD_DIRS_PREFIX/tsg/tsg-scripts/roles/tsg-diagnose/files/rpms"
+
+dockerEnvRpm:
+  dockerCe:
+    - container-selinux-2.119.2-1.911c772.el7_8.noarch.rpm
+    - selinux-policy-targeted-3.13.1-266.el7_8.1.noarch.rpm
+    - selinux-policy-3.13.1-266.el7_8.1.noarch.rpm
+    - containerd.io-1.2.13-3.2.el7.x86_64.rpm
+    - policycoreutils-python-2.5-34.el7.x86_64.rpm
+    - policycoreutils-2.5-34.el7.x86_64.rpm
+    - libselinux-utils-2.5-15.el7.x86_64.rpm
+    - libselinux-python-2.5-15.el7.x86_64.rpm
+    - libseccomp-2.3.1-4.el7.x86_64.rpm
+    - iptables-1.4.21-34.el7.x86_64.rpm
+    - libcgroup-0.41-21.el7.x86_64.rpm
+    - audit-libs-python-2.8.5-4.el7.x86_64.rpm
+    - setools-libs-3.3.8-4.el7.x86_64.rpm
+    - libsemanage-python-2.5-14.el7.x86_64.rpm
+    - checkpolicy-2.5-8.el7.x86_64.rpm
+    - libnetfilter_conntrack-1.0.6-1.el7_3.x86_64.rpm
+    - python-IPy-0.75-6.el7.noarch.rpm
+    - libnfnetlink-1.0.1-4.el7.x86_64.rpm
+    - libmnl-1.0.3-7.el7.x86_64.rpm
+    - docker-ce-cli-19.03.12-3.el7.x86_64.rpm
+    - docker-ce-19.03.12-3.el7.x86_64.rpm
+  dockerCompose:
+    - libtirpc-0.2.4-0.16.el7.x86_64.rpm
+    - libyaml-0.1.4-11.el7_0.x86_64.rpm
+    - python3-3.6.8-13.el7.x86_64.rpm
+    - python36-cached_property-1.5.1-2.el7.noarch.rpm
+    - python36-chardet-3.0.4-1.el7.noarch.rpm
+    - python36-docker-2.6.1-3.el7.noarch.rpm
+    - python36-dockerpty-0.4.1-18.el7.noarch.rpm
+    - python36-docker-pycreds-0.2.1-2.el7.noarch.rpm
+    - python36-docopt-0.6.2-8.el7.noarch.rpm
+    - python36-idna-2.7-2.el7.noarch.rpm
+    - python36-jsonschema-2.5.1-4.el7.noarch.rpm
+    - python36-pysocks-1.6.8-7.el7.noarch.rpm
+    - python36-PyYAML-3.13-1.el7.x86_64.rpm
+    - python36-requests-2.14.2-2.el7.noarch.rpm
+    - python36-six-1.14.0-2.el7.noarch.rpm
+    - python36-texttable-1.6.2-1.el7.noarch.rpm
+    - python36-urllib3-1.25.6-1.el7.noarch.rpm
+    - python36-websocket-client-0.47.0-2.el7.noarch.rpm
+    - python3-libs-3.6.8-13.el7.x86_64.rpm
+    - python3-pip-9.0.3-7.el7_7.noarch.rpm
+    - python3-setuptools-39.2.0-10.el7.noarch.rpm
+    - docker-compose-1.18.0-4.el7.noarch.rpm

deploy.yml

@@ -0,0 +1,59 @@
+- hosts: Functional_Host
+  roles:
+    - framework
+    - kernel-ml
+
+- hosts: blade-00
+  roles:
+#    - tsg-env-mcn0
+    - mrzcpd
+    - sapp
+    - tsg_master
+    - kni
+    - firewall
+    - http_healthcheck
+    - clotho
+    - certstore
+    - cert-redis
+    - telegraf_statistic
+    - tsg-diagnose
+
+- hosts: blade-01
+  roles:
+#    - tsg-env-mcn1
+    - mrzcpd
+    - tfe
+
+- hosts: blade-02
+  roles:
+#    - tsg-env-mcn2
+    - mrzcpd
+    - tfe
+
+- hosts: blade-03
+  roles:
+#    - tsg-env-mcn3
+    - mrzcpd
+    - tfe
+
+- hosts: blade-mxn
+  roles:
+#    - tsg-env-mxn
+
+- hosts: pc-as-tun-mode
+  roles:
+    - kernel-ml
+    - framework
+    - mrzcpd
+    - tsg-env-tun-mode
+    - sapp
+    - tsg_master
+    - kni
+    - firewall
+    - http_healthcheck
+    - clotho
+    - certstore
+    - cert-redis
+    - tfe
+    - telegraf_statistic
+    - proxy_status

install_config/group_vars/all.yml

@@ -0,0 +1,90 @@
+#########################################
+#####0: Pcap; 1: Inline_device;  2: Allot;  3: ADC_Tun_mode;  4: ATCA;
+tsg_access_type: 4
+
+#####0: Tun_mode;  1: normal; 2: ADC;
+tsg_running_type: 1 
+
+########################################
+maat_redis_server:
+  address: "192.168.40.168"
+  port: 7002
+  db: 0
+
+dynamic_maat_redis_server:
+  address: "192.168.40.168"
+  port: 7002
+  db: 0
+
+cert_store_server:
+  address: "192.168.100.1"
+  port: 9991
+
+log_kafkabrokers:
+  address: "1.1.1.1:9092,2.2.2.2:9092"
+
+log_minio:
+  address: "192.168.40.168;"
+  port: 9090
+
+fs_remote:
+  switch: 1
+  address: "192.168.100.1"
+  port: 58125
+  
+########################################
+sapp:
+  worker_threads: 16
+  send_only_threads_max: 8
+  bind_mask: 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16
+  inbound_route_dir: 1
+
+########################################
+kni:
+  global:
+    log_level: 30
+    tfe_node_count: 3
+  watch_dog:
+    switch: 1
+  maat:
+    readconf_mode: 2
+  send_logger:
+    switch: 1
+  tfe_nodes:
+    tfe0_enabled: 1
+    tfe1_enabled: 1
+    tfe2_enabled: 1
+
+########################################
+tfe:
+  nr_threads: 32
+  mc_cache_eth: lo 
+  keykeeper:
+    mode: "normal"
+    no_cache: 0
+
+########################################
+mrzcpd:
+  iocore: 39
+
+mrtunnat:
+  lcore_id: 38
+
+nic_data_incoming:
+  ethname: enp1s0
+  vf0_name: enp1s2
+  vf1_name: enp1s2f1
+  vf2_name: enp1s2f2
+
+VlanFlipping:
+  vlanID_1: 100
+  vlanID_2: 101
+  vlanID_3: 103
+  vlanID_4: 104
+########################################
+server:
+  ethname: eth0
+  tun_name: eth0.100
+  internal_interface: "eth2"
+  external_interface: "eth3"
+

install_config/group_vars/blade-00.yml

@@ -0,0 +1,23 @@
+nic_mgr:
+    name: enp6s0
+nic_data_incoming:
+    name: ens1f4
+    ip: 192.168.1.30
+    mask: 255.255.255.252
+nic_inner_ctrl:
+    name: ens1.100
+nic_to_tfe:
+    tfe0:
+        name: ens1f5
+    tfe1:
+        name: ens1f6
+    tfe2:
+        name: ens1f7
+
+AllotAccess:
+    virturlInterface_1: ens1f2.103
+    virturlInterface_2: ens1f2.104
+    virturlID_1: 103
+    virturlID_2: 104
+    vvipv4_mask: 24
+    vvipv6_mask: 64

install_config/group_vars/blade-01.yml

@@ -0,0 +1,11 @@
+nic_mgr:
+    name: enp6s0
+nic_data_incoming:
+    name: ens1f1
+    mac: AA:BB:CC:DD:EE:FF
+    address: 127.0.0.1
+nic_inner_ctrl:
+    name: ens1.100
+nic_traffic_mirror:
+    name: ens1f2
+    use_mrzcpd: 1

install_config/group_vars/blade-02.yml

@@ -0,0 +1,10 @@
+nic_mgr:
+    name: enp6s0
+nic_data_incoming:
+    name: ens8f1
+    mac: AA:BB:CC:DD:EE:FF
+nic_inner_ctrl:
+    name: ens8.100
+nic_traffic_mirror:
+    name: ens8f2
+    use_mrzcpd: 1

install_config/group_vars/blade-03.yml

@@ -0,0 +1,10 @@
+nic_mgr:
+    name: enp6s0
+nic_data_incoming:
+    name: ens8f1
+    mac: AA:BB:CC:DD:EE:FF
+nic_inner_ctrl:
+    name: ens8.100
+nic_traffic_mirror:
+    name: ens8f2
+    use_mrzcpd: 1

install_config/group_vars/mirror_traffic.yml

@@ -1,93 +0,0 @@
-########################################
-#Server Basic Config
-nic_mgr:
-  name: eth0
-
-#########################################
-#IP Config
-maat_redis_server:
-  address: "#Bifang IP#"
-  port: 7002
-  port_num: 1
-  db: 0
-
-dynamic_maat_redis_server:
-  address: "#Bifang IP#"
-  port: 7002
-  port_num: 1
-  db: 1
-
-
-log_kafkabrokers:
-  address: ['1.1.1.1:9092','2.2.2.2:9092']
-
-
-#log_minio:
-#  address: "10.9.62.253"
-#  port: 9090
-
-#########################################
-#Log Level Config
-#日志等级 10:DEBUG 20:INFO 30:FATAL
-fw_voip_log_level: 10
-fw_ftp_log_level: 10
-fw_mail_log_level: 10
-fw_http_log_level: 10
-fw_dns_log_level: 10
-fw_quic_log_level: 10
-app_control_log_level: 10
-capture_packet_log_level: 10
-tsg_log_level: 10
-tsg_master_log_level: 10
-kni_log_level: 10
-
-#日志等级 DEBUG INFO FATAL
-tfe_log_level: FATAL
-tfe_http_log_level: FATAL
-pangu_log_level: FATAL
-doh_log_level: FATAL
-
-certstore_log_level: 10
-packet_dump_log_level: 10
-
-#########################################
-#Sapp Performance Config
-#如果tsg_access_type=0，sapp跑在pcap模式，则以下配置可忽略
-sapp:
-  worker_threads: 23
-  send_only_threads_max: 1
-  bind_mask: 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24
-  inbound_route_dir: 1
-  prometheus_enable: 1
-  prometheus_port: 9273
-  prometheus_url_path: "/metrics"
-
-#########################################
-#Marsio Config
-mrzcpd:
-  iocore: 39
-
-
-#########################################
-#新增配置项,均为默认值不用改
-breakpad_upload_url: http://127.0.0.1:9000/api/2/minidump/?sentry_key=3556bac347c74585a994eb6823faf5c6
-
-data_center: Beijing
-tsg_master_entrance_id: 0
-
-
-firewall:
-  hos_serverip: "192.168.40.223"
-  hos_serverport: 9098
-  hos_accesskeyid: "default"
-  hos_secretkey: "default"
-  hos_poolsize: 100
-  hos_thread_sum: 32
-  hos_cache_size: 102400
-  hos_fs2_serverip: "127.0.0.1"
-  hos_fs2_serverport: 10086
-  APP_SKETCH_BROKER_IP: "192.168.40.161"
-  APP_SKETCH_BROKER_PORT: 1883
-
-
-data_incoming_nic_list: ['eth0', 'eth1']

install_config/group_vars/packet_dump_server.yml

@@ -1,22 +0,0 @@
-nic_mgr:
-  name: eth0
-
-log_kafkabrokers:
-  address: ['1.1.1.1:9092','2.2.2.2:9092']
-
-packet_dump_log_level: 10
-
-breakpad_upload_url: http://127.0.0.1:9000/api/2/minidump/?sentry_key=3556bac347c74585a994eb6823faf5c6
-
-dump_rtp_pcap:
-  aws_access_key_id: "default"
-  aws_secret_access_key: "default"
-  aws_session_token: "c21f969b5f03d33d43e04f8f136e7682"
-  consume_bootstrap_servers: ['192.168.44.14:9092']
-  endpoint_url: "http://192.168.44.67:9098/hos/"
-  produce_bootstrap_servers: "192.168.44.14:9092"
-  queue_size: 5000000
-  coroutine_max_num: 200
-  coroutine_num: 100
-  qfull_mode: 0
-  qfull_interval: 5

install_config/hosts

@@ -1,3 +1,26 @@
-[mirror_traffic]
-[packet_dump_server]
+[all:vars]
+ansible_user=root
+package_source=local
 
+[pc-as-tun-mode]
+
+[blade-mxn]
+192.168.40.170
+
+[blade-00]
+192.168.40.166 vvipv4_1= vvipv4_2= vvipv6_1= vvipv6_2=
+
+[blade-01]
+192.168.40.167
+
+[blade-02]
+192.168.40.168
+
+[blade-03]
+192.168.40.169
+
+[Functional_Host:children]
+blade-00
+blade-01
+blade-02
+blade-03

mirror_traffic.yml

@@ -1,12 +0,0 @@
-- hosts: mirror_traffic
-  remote_user: root
-  vars_files:
-    - install_config/group_vars/mirror_traffic.yml
-  roles:
-    - {role: framework, tags: framework}
-    - {role: kernel-ml, tags: kernel-ml}
-    - {role: mrzcpd, tags: mrzcpd}
-    - {role: sapp, tags: sapp}
-    - {role: tsg_master, tags: tsg_master}
-    - {role: firewall, tags: firewall}
-    - {role: telegraf_statistic, tags: telegraf_statistic}

packet_dump_server.yml

@@ -1,8 +0,0 @@
-- hosts: packet_dump_server
-  remote_user: root
-  vars_files:
-    - install_config/group_vars/packet_dump_server.yml
-  roles:
-    - {role: framework, tags: framework}
-    - {role: packet_dump, tags: packet_dump}
-    - {role: dump_rtp_pcap, tags: dump_rtp_pcap}

roles/cert-redis/files/cert-redis/cert-redis.service

@@ -0,0 +1,16 @@
+[Unit]
+Description=Redis persistent key-value database
+After=network.target
+After=network-online.target
+Wants=network-online.target
+
+[Service]
+ExecStart=/usr/local/bin/start-cert-redis
+ExecStop=killall redis-server
+Type=forking
+RuntimeDirectory=redis
+RuntimeDirectoryMode=0755
+
+[Install]
+WantedBy=multi-user.target
+

roles/cert-redis/files/cert-redis/install.sh

@@ -0,0 +1,6 @@
+#!/bin/bash
+#
+cp -rf redis-server /usr/local/bin/
+cp -rf redis-cli /usr/local/bin
+cp -rf cert-redis.service /usr/lib/systemd/system/
+cp -rf start-cert-redis /usr/local/bin

roles/cert-redis/files/cert-redis/start-cert-redis

@@ -0,0 +1,4 @@
+#!/bin/bash
+#
+
+/usr/local/bin/redis-server /home/tsg/cert-redis/6379/6379.conf

roles/cert-redis/tasks/main.yml

@@ -0,0 +1,15 @@
+- name: "copy cert-redis to destination server"
+  copy:
+    src: "{{ role_path }}/files/"
+    dest: /home/tsg
+    mode: 0755
+
+- name: "install cert-redis"
+  shell: cd /home/tsg/cert-redis;sh install.sh
+
+- name: "start cert-redis"
+  systemd:
+    name: cert-redis.service
+    state: started
+    daemon_reload: yes
+    enabled: yes

roles/certstore/tasks/main.yml

@@ -0,0 +1,26 @@
+- name: "copy certstore rpm to destination"
+  synchronize:
+    src: "{{ role_path }}/files/"
+    dest: "/tmp/ansible_deploy/"
+
+- name: Ensures /home/tsg exists
+  file: path=/home/tsg state=directory
+  tags: mkdir
+
+- name: install certstore
+  yum:
+    name:
+      - /tmp/ansible_deploy/certstore-v20.05.0f61dde-1.el7.centos.x86_64.rpm
+    state: present
+
+- name: template certstore configure file
+  template:
+    src: "{{ role_path }}/templates/cert_store.ini.j2"
+    dest: /home/tsg/certstore/conf/cert_store.ini
+
+- name: "start certstore"
+  systemd:
+    name: certstore.service
+    state: started
+    enabled: yes
+    daemon_reload: yes

roles/certstore/templates/cert_store.ini.j2

@@ -0,0 +1,48 @@
+[SYSTEM]
+#1:print on screen, 0:don't
+DEBUG_SWITCH = 1
+#10:DEBUG, 20:INFO, 30:FATAL
+RUN_LOG_LEVEL = 10
+RUN_LOG_PATH = ./logs
+[CONFIG]
+#Number of running threads
+thread-nu = 4
+#1 rsync, 0 sync
+mode=1
+#Local default root certificate is valid for 30 days by default
+expire_after = 30
+#Local default root certificate path
+local_debug = 1
+ca_path = ./cert/tango-ca-v3-trust-ca.pem
+untrusted_ca_path = ./cert/mesalab-ca-untrust.pem
+[MAAT]
+#Configure the load mode,
+#0: using the configuration distribution network
+#1: using local json
+#2: using Redis reads
+maat_json_switch=2
+#When the loading mode is sent to the network, set the scanning configuration modification interval (s).
+effective_interval=1
+#Specify the location of the configuration library table file
+table_info=./conf/table_info.conf
+#Incremental profile path
+inc_cfg_dir=./rule/inc/index
+#Full profile path
+full_cfg_dir=./rule/full/index
+#Json file path when json schema is used
+pxy_obj_keyring=./conf/pxy_obj_keyring.json
+[LIBEVENT]
+#Local monitor port number, default is 9991
+port = 9991
+[CERTSTORE_REDIS]
+#The Redis server IP address and port number where the certificate is stored locally
+ip = 127.0.0.1
+port = 6379
+[MAAT_REDIS]
+#Maat monitors the Redsi server IP address and port number
+ip = {{ maat_redis_server.address }}
+port = {{ maat_redis_server.port }}
+dbindex =  {{ maat_redis_server.db }}
+[stat]
+statsd_server=192.168.100.1
+statsd_port=8126

roles/clotho/files/clotho.service

@@ -0,0 +1,13 @@
+[Unit]
+Description=clotho
+After=network.target
+After=network-online.target
+Wants=network-online.target
+
+[Service]
+ExecStart=/home/mesasoft/clotho/clotho
+ExecStop=killall clotho
+Type=forking
+
+[Install]
+WantedBy=multi-user.target

roles/clotho/tasks/main.yml

@@ -0,0 +1,29 @@
+- name: "copy clotho rpm to destination server"
+  copy:
+    src: "{{ role_path }}/files/clotho-debug-1.0.0.-1.el7.x86_64.rpm"
+    dest: /tmp/ansible_deploy/
+
+- name: "copy  clotho.service to destination server"
+  copy:
+    src: "{{ role_path }}/files/clotho.service"
+    dest: /usr/lib/systemd/system
+    mode: 0755
+
+- name: "install clotho rpm from localhost"
+  yum:
+    name:
+      - /tmp/ansible_deploy/clotho-debug-1.0.0.-1.el7.x86_64.rpm
+    state: present
+
+- name: "Template the clotho.conf"
+  template:
+    src: "{{ role_path }}/templates/clotho.conf.j2"
+    dest: /home/mesasoft/clotho/conf/clotho.conf 
+  tags: template
+ 
+- name: "start clotho"
+  systemd:
+    name: clotho.service
+    enabled: yes
+    daemon_reload: yes
+

roles/clotho/templates/clotho.conf.j2

@@ -0,0 +1,11 @@
+[KAFKA]
+BROKER_LIST={{ log_kafkabrokers.address }}
+
+[SYSTEM]
+{% if tsg_running_type == 0 or 1 %}
+NIC_NAME={{ server.ethname }}
+{% else %}
+NIC_NAME={{ nic_mgr.name }}
+{% endif %}
+LOG_LEVEL=10
+LOG_PATH=log/clotho

roles/dump_rtp_pcap/tasks/main.yml

@@ -1,22 +0,0 @@
-- name: "dump-rtp-pcap: copy dump-rtp-pcap rpm package to destination"
-  copy:
-    src: "{{ role_path }}/files/"
-    dest: /tmp/ansible_deploy/
-
-- name: "dump-rtp-pcap: install dump-rtp-pcap rpm from localhost"
-  yum:
-    name:
-      - /tmp/ansible_deploy/dump_rtp_pcap-1.0.2.445da24-2.el7.x86_64.rpm
-    state: present
-
-- name: "dump-rtp-pcap: Template the dump_rtp_pcap.json"
-  template:
-    src: "{{ role_path }}/templates/dump_rtp_pcap.json.j2"
-    dest: /home/mesasoft/dump_rtp_pcap/dump_rtp_pcap.json
-  tags: template
- 
-- name: "start dump_rtp_pcap"
-  systemd:
-    name: dump_rtp_pcap.service
-    enabled: yes
-    daemon_reload: yes

roles/dump_rtp_pcap/templates/dump_rtp_pcap.json.j2

@@ -1,23 +0,0 @@
-{
-    "endian":"little",
-    "aws_access_key_id": "{{ dump_rtp_pcap.aws_access_key_id }}",
-    "aws_secret_access_key": "{{ dump_rtp_pcap.aws_secret_access_key }}",
-    "aws_session_token": "{{ dump_rtp_pcap.aws_session_token }}",
-    "bucket_name": "rtp-log",
-    "consume_auto_offset_reset":"latest",
-    "consume_bootstrap_servers": ["{{ dump_rtp_pcap.consume_bootstrap_servers | join("\",\"") }}"],
-    "consume_topic": "INTERNAL-RTP-LOG",
-    "endpoint_url": "{{ dump_rtp_pcap.endpoint_url }}",
-    "file_prefix":"rtp_log",
-    "group_id": "rtp-log-1",
-    "produce_bootstrap_servers": "{{ dump_rtp_pcap.produce_bootstrap_servers }}",
-    "produce_topic": "VOIP-RECORD-LOG",
-    "region_name": "us-east-1",
-    "save_speed_emit_interval":30,
-    "upload_speed_emit_interval":30,
-    "queue_size":{{ dump_rtp_pcap.queue_size }},
-    "coroutine_max_num":{{ dump_rtp_pcap.coroutine_max_num }},
-    "coroutine_num":{{ dump_rtp_pcap.coroutine_num }},
-    "qfull_mode":{{ dump_rtp_pcap.qfull_mode }},
-    "qfull_interval":{{ dump_rtp_pcap.qfull_interval }}
-}

roles/firewall/tasks/main.yml

@@ -11,28 +11,21 @@
     skip_broken: yes
   vars:
     fw_packages:
-      - /tmp/ansible_deploy/capture_packet_plug-3.0.6.a2db4a4-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/conn_telemetry-1.0.2.8d6da43-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/dns-2.0.12.e083fec-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/ftp-1.0.8.13d5fda-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/fw_dns_plug-3.0.6.57c2feb-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/fw_ftp_plug-3.0.1.0a78573-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/fw_http_plug-3.2.5.30df450-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/fw_mail_plug-3.1.1.777fa90-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/fw_quic_plug-3.0.4.947ef77-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/fw_ssl_plug-3.1.1.d9e9de4-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/http-2.0.5.c61ad9a-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/mail-1.0.11.48abeae-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/quic-1.1.17.8c22b4d-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/ssl-2.0.2.1389716-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/tsg_conn_sketch-2.1.41.906e62b-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/rtp-1.0.4.91b4ab7-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/mesa_sip-1.1.1.0721ead-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/fw_voip_plug-1.0.6.341fe83-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/gtp-1.0.4.8804e43-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/gtp_signaling_plug-1.0.2.2dfced5-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/app_proto_identify-2.0.1.dd683eb-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/app_proto_engine-devel-2.0.4.95a943e-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/dns-2.0.2.5effe72-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/ftp-1.0.4.5d3a283-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/http-2.0.1.e8f12ee-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/mail-1.0.3.cbc6034-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/ssl-1.0.0.73e5273-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/tsg_conn_record-1.0.0.2155660-1.el7.centos.x86_64.rpm
+      - /tmp/ansible_deploy/fw_dns_plug-debug-1.0.3.ea8e0f6-1.el7.centos.x86_64.rpm
+      - /tmp/ansible_deploy/fw_ftp_plug-1.1.0.74c9a05-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/fw_ssl_plug-1.0.3.30fcf35-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/fw_mail_plug-1.1.0.a42c5a0-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/fw_http_plug-1.2.0.a7e63c0-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/capture_packet_plug-debug-1.0.0.-1.el7.x86_64.rpm
+      - /tmp/ansible_deploy/clotho-debug-1.0.0.-1.el7.x86_64.rpm
+      - /tmp/ansible_deploy/quic-1.1.4.9c2e0ba-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/fw_quic_plug-1.0.1.e8cded4-2.el7.x86_64.rpm
 
 - name: "Template the tsgconf/main.conf"
   template:
@@ -47,22 +40,8 @@
     dest: /home/mesasoft/sapp_run/tsgconf/maat.conf
   tags: template
 
-
 - name: "Template the conf/capture_packet_plug.conf.j2"
   template:
     src: "{{ role_path }}/templates/capture_packet_plug.conf.j2"
     dest: /home/mesasoft/sapp_run/conf/capture_packet_plug.conf
   tags: template
-
- 
-- name: "Template the /home/mesasoft/sapp_run/plug/business/tsg_conn_sketch/tsg_conn_sketch.inf"
-  template:
-    src: "{{ role_path }}/templates/tsg_conn_sketch.inf.j2"
-    dest: /home/mesasoft/sapp_run/plug/business/tsg_conn_sketch/tsg_conn_sketch.inf
-  tags: template
-
-- name: "Template the conf/http/http.conf"
-  template:
-    src: "{{ role_path }}/templates/http.conf.j2"
-    dest:  /home/mesasoft/sapp_run/conf/http/http.conf
-  tags: template

roles/firewall/templates/capture_packet_plug.conf.j2

@@ -7,20 +7,23 @@ TABLE_INFO=conf/capture_packet_tableinfo.conf
 STAT_FILE=capture_packet_maat.status
 EFFECT_INTERVAL_S=1
 REDIS_IP={{ maat_redis_server.address }}
-REDIS_PORT_NUM={{ maat_redis_server.port_num }}
+REDIS_PORT_NUM=1
 REDIS_PORT={{ maat_redis_server.port }}
-REDIS_INDEX={{ maat_redis_server.db }}
+REDIS_INDEX=0
 JSON_CFG_FILE=conf/capture_packet_maat.json
 INC_CFG_DIR=capture_packet_rule/inc/index/
 FULL_CFG_DIR=capture_packet_rule/full/index/
-EFFECTIVE_RANGE_FILE=/opt/tsg/etc/tsg_device_tag.json
-ACCEPT_TAGS={"tags":[{"tag":"data_center","value":"{{ data_center }}"}]}
 
 [LOG]
+{% if tsg_running_type == 0 or 1 %}
+NIC_NAME={{ server.ethname }}
+{% else %}
 NIC_NAME={{ nic_mgr.name }}
-BROKER_LIST={{ log_kafkabrokers.address | join(",") }}
+{% endif %}
+BROKER_LIST={{ log_kafkabrokers.address }}
 FIELD_FILE=conf/capture_packet_log_field.conf
 
 [SYSTEM]
-LOG_LEVEL=30
+LOG_LEVEL=10
 LOG_PATH=./tsglog/capture_packet_plug/capture_packet
+

roles/firewall/templates/http.conf.j2

@@ -1,43 +0,0 @@
-#http_special
-#all regions
-1	HTTP_ALL
-2	HTTP_OTHER_REGIONS
-#http state
-3	HTTP_STATE
-4	HTTP_REQ_LINE
-5	HTTP_RES_LINE	
-6	HTTP_CONTENT            
-7	HTTP_UNGZIP_CONTENT
-8	HTTP_MESSAGE_URL
-9	HTTP_URI
-#http_request
-10	HTTP_HOST
-11	HTTP_REFERER
-12	HTTP_USER_AGENT
-13	HTTP_COOKIE
-14	HTTP_PROXY_AUTHORIZATION
-15	HTTP_AUTHORIZATION
-#http_response
-16	HTTP_LOCATION
-17	HTTP_SERVER
-18	HTTP_ETAG
-#http_general
-19	HTTP_DATE
-20	HTTP_TRAILER
-21	HTTP_TRANSFER_ENCODING
-22	HTTP_VIA
-23	HTTP_PRAGMA
-24	HTTP_CONNECTION
-#http_content
-25	HTTP_CONT_ENCODING
-26	HTTP_CONT_LANGUAGE
-27	HTTP_CONT_LOCATION
-28	HTTP_CONT_DISPOSITION
-29	HTTP_CONT_RANGE
-30	HTTP_CONT_LENGTH
-31	HTTP_CONT_TYPE
-32	HTTP_CHARSET
-33	HTTP_EXPIRES
-34	HTTP_X_FLASH_VERSION
-35	HTTP_TRANSFER_LENGTH
-36	Set-Cookie

roles/firewall/templates/maat.conf.j2

@@ -7,13 +7,12 @@ TABLE_INFO=tsgconf/tsg_static_tableinfo.conf
 STAT_FILE=tsg_static_maat.status
 EFFECT_INTERVAL_S=1
 REDIS_IP={{ maat_redis_server.address }}
-REDIS_PORT_NUM={{ maat_redis_server.port_num }}
-REDIS_PORT={{ maat_redis_server.port }}
-REDIS_INDEX={{ maat_redis_server.db }}
+REDIS_PORT_NUM=1
+REDIS_PORT=7002
+REDIS_INDEX=0
 JSON_CFG_FILE=tsgconf/tsg_maat.json
 INC_CFG_DIR=tsgrule/inc/index/
 FULL_CFG_DIR=tsgrule/full/index/
-EFFECTIVE_RANGE_FILE=/opt/tsg/etc/tsg_device_tag.json
 
 [DYNAMIC]
 ###0:location 1:json 2:redis
@@ -24,45 +23,10 @@ TABLE_INFO=tsgconf/tsg_dynamic_tableinfo.conf
 STAT_FILE=tsg_dynamic_maat.status
 EFFECT_INTERVAL_S=1
 REDIS_IP={{ dynamic_maat_redis_server.address }}
-REDIS_PORT_NUM={{ dynamic_maat_redis_server.port_num }}
-REDIS_PORT={{ dynamic_maat_redis_server.port }}
-REDIS_INDEX={{ dynamic_maat_redis_server.db }}
+REDIS_PORT_NUM=1
+REDIS_PORT=7002
+REDIS_INDEX=1
 JSON_CFG_FILE=tsgconf/tsg_maat.json
 INC_CFG_DIR=tsgrule/inc/index/
 FULL_CFG_DIR=tsgrule/full/index/
-EFFECTIVE_RANGE_FILE=/opt/tsg/etc/tsg_device_tag.json
 
-[APP_SIGNATURE_MAAT]
-MAAT_MODE=2
-STAT_SWITCH=1
-PERF_SWITCH=1
-TABLE_INFO=tsgconf/app_sketch_tableinfo.conf
-STAT_FILE=app_sketch_maat.status
-EFFECT_INTERVAL_S=1
-REDIS_IP={{ maat_redis_server.address }}
-REDIS_PORT_NUM={{ maat_redis_server.port_num }}
-REDIS_PORT={{ maat_redis_server.port }}
-REDIS_INDEX={{ maat_redis_server.db }}
-JSON_CFG_FILE=tsgconf/app_sketch_maat.json
-INC_CFG_DIR=tsgrule/inc/index/
-FULL_CFG_DIR=tsgrule/full/index/
-EFFECTIVE_RANGE_FILE=/opt/tsg/etc/tsg_device_tag.json
-
-[CAPTURE]
-MAAT_MODE=2
-STAT_SWITCH=1
-PERF_SWITCH=1
-TABLE_INFO=tsgconf/app_sketch_tableinfo.conf
-STAT_FILE=app_sketch_maat.status
-EFFECT_INTERVAL_S=1
-REDIS_IP={{ maat_redis_server.address }}
-REDIS_PORT_NUM={{ maat_redis_server.port_num }}
-REDIS_PORT={{ maat_redis_server.port }}
-REDIS_INDEX={{ maat_redis_server.db }}
-JSON_CFG_FILE=tsgconf/app_sketch_maat.json
-INC_CFG_DIR=tsgrule/inc/index/
-FULL_CFG_DIR=tsgrule/full/index/
-EFFECTIVE_RANGE_FILE=/opt/tsg/etc/tsg_device_tag.json
-
-[MAAT]
-ACCEPT_TAGS={"tags":[{"tag":"data_center","value":"{{ data_center }}"}]}

roles/firewall/templates/main.conf.j2

@@ -1,103 +1,55 @@
-[VOIP_PLUG]
-TIMEOUT=300
-LOG_PATH="./tsglog/fw_voip_plug/fw_voip_plug"
-LOG_LEVEL={{ fw_voip_log_level }}
-TABLE_TO=TSG_FIELD_SIP_RESPONDER_DESCRIPTION
-TABLE_FROM=TSG_FIELD_SIP_ORIGINATOR_DESCRIPTION
-
 [FTP_PLUG]
-LOG_PATH="./tsglog/fw_ftp_plug/fw_ftp_plug"
-LOG_LEVEL={{ fw_ftp_log_level }}
+LOG_PATH=./tsglog/fw_ftp_plug/fw_ftp_plug
+LOG_LEVEL=10
 TIMEOUT=600
 
 [MAIL_PLUG]
-LOG_PATH="./tsglog/fw_mail_plug/fw_mail_plug"
-LOG_LEVEL={{ fw_mail_log_level }}
+LOG_PATH=./tsglog/fw_mail_plug/fw_mail_plug
+LOG_LEVEL=10
 TIMEOUT=600
 
 [HTTP_PLUG]
-LOG_PATH="./tsglog/fw_http_plug/fw_http_plug"
-LOG_LEVEL={{ fw_http_log_level }}
+LOG_PATH=./tsglog/fw_http_plug/fw_http_plug
+LOG_LEVEL=10
 
 [DNS_PLUG]
-LOG_PATH="./tsglog/fw_dns_plug/fw_dns_plug"
-LOG_LEVEL={{ fw_dns_log_level }}
-
-[QUIC_PLUG]
-LOG_PATH="./tsglog/fw_quic_plug/fw_quic_plug"
-LOG_LEVEL={{ fw_quic_log_level }}
-
-[CONTROL_PLUG]
-LOG_PATH="./tsglog/app_control_plug/app_control_plug"
-LOG_LEVEL={{ app_control_log_level }}
+LOG_PATH=./tsglog/fw_dns_plug/fw_dns_plug
+LOG_LEVEL=10
 
 [MAAT]
-PROFILE="./tsgconf/maat.conf"
-SUBSCRIBER_ID_TABLE="TSG_OBJ_SUBSCRIBER_ID"
-CB_SUBSCRIBER_IP_TABLE="TSG_DYN_SUBSCRIBER_IP"
-IP_ADDR_TABLE="TSG_SECURITY_ADDR"
+PROFILE=./tsgconf/maat.conf
+SUBSCRIBER_ID_TABLE=TSG_OBJ_SUBSCRIBER_ID
+CB_SUBSCRIBER_IP_TABLE=TSG_DYN_SUBSCRIBER_IP
+IP_ADDR_TABLE=TSG_SECURITY_ADDR
 
 [TSG_LOG]
 MODE=1
-NIC_NAME="{{ nic_mgr.name }}"
+{% if tsg_running_type == 0 or 1 %}
+NIC_NAME={{ server.ethname }}
+{% else %}
+NIC_NAME={{ nic_mgr.name }}
+{% endif %}
 MAX_SERVICE=1
-LOG_LEVEL={{ tsg_log_level }}
-LOG_PATH="./tsglog/tsglog"
-BROKER_LIST="{{ log_kafkabrokers.address | join(",") }}"
-COMMON_FIELD_FILE="tsgconf/tsg_log_field.conf"
+LOG_LEVEL=10
+LOG_PATH=./tsglog/tsglog
+BROKER_LIST={{ log_kafkabrokers.address }}
+COMMON_FIELD_FILE=tsgconf/tsg_log_field.conf
 
 [STATISTIC]
-CYCLE=5
+CYCLE=1
 TELEGRAF_PORT=8100
-TELEGRAF_IP="127.0.0.1"
-OUTPUT_PATH="./tsg_statistic.log"
-APP_NAME="statistic"
+TELEGRAF_IP=127.0.0.1
+OUTPUT_PATH=./tsg_statistic.log
+APP_NAME=statistic
 
 [FIELD_STAT]
-CYCLE=5
-TELEGRAF_PORT=8100
-TELEGRAF_IP="127.0.0.1"
-OUTPUT_PATH="./tsg_stat.log"
-APP_NAME="tsg_master"
+CYCLE=3
+TELEGRAF_PORT=8125
+TELEGRAF_IP=127.0.0.1
+OUTPUT_PATH=./tsg_stat.log
+APP_NAME=tsg_master
 
 [SYSTEM]
-NIC_NAME="{{ nic_mgr.name }}"
-ENTRANCE_ID={{ tsg_master_entrance_id }}
-LOG_LEVEL={{ tsg_master_log_level }}
-LOG_PATH="./tsglog/tsg_master"
-POLICY_PRIORITY_LABEL="POLICY_PRIORITY"
-L7_PROTOCOL_FILE="./tsgconf/tsg_l7_protocol.conf"
-DEVICE_ID_COMMAND="hostname | awk -F'-' '{print $3}'| awk -F'adc' '{print $2}'"
-
-[TSG_CONN_SKETCH]
-log_service=2
-live_service=6
-transaction_service=7
-live_service_switch=1
-transaction_service_switch=1
-live_intervals_time = 30
-
-[HOS_CONF]
-hos_serverip="{{ firewall.hos_serverip }}"
-hos_serverport={{ firewall.hos_serverport }}
-hos_accesskeyid="default"
-hos_secretkey="default"
-hos_poolsize=100
-hos_thread_sum=32
-hos_cache_size=102400
-hos_fs2_serverip="127.0.0.1"
-hos_fs2_serverport=10086
-
-[APP_SKETCH_LOCAL]
 LOG_LEVEL=10
-LOG_PATH="./tsglog/app_sketch_local/app_sketch_local"
-
-[APP_SKETCH_FEEDBACK]
-QOS=1
-PUBLISH_TOPIC="APP_SIGNATURE_ID"
-#CLIENT_ID=
-BROKER_IP="{{ firewall.APP_SKETCH_BROKER_IP }}"
-BROKER_PORT="{{ firewall.APP_SKETCH_BROKER_PORT }}"
-
-[APP_PROTO_ENGINE]
-license_path=/data/app_proto_engine/license
+LOG_PATH=./tsglog/tsg_master
+POLICY_PRIORITY_LABEL=POLICY_PRIORITY

roles/firewall/templates/tsg_conn_sketch.inf.j2

@@ -1,46 +0,0 @@
-[PLUGINFO]
-PLUGNAME=TSG_CONN_SKETCH
-SO_PATH=./plug/business/tsg_conn_sketch/tsg_conn_sketch.so
-INIT_FUNC=tsg_conn_record_init
-DESTROY_FUNC=tsg_conn_record_destroy
-
-
-[TCP]
-FUNC_FLAG=ALL
-FUNC_NAME=tsg_record_tcp_entry
-
-[TCP_ALL]
-FUNC_FLAG=ALL
-FUNC_NAME=tsg_record_tcpall_entry
-
-[UDP]
-FUNC_FLAG=ALL
-FUNC_NAME=tsg_record_udp_entry
-
-[HTTP]
-FUNC_FLAG=ALL
-FUNC_NAME=tsg_record_http_entry
-
-[SSL]
-FUNC_FLAG=SSL_CLIENT_HELLO,SSL_SERVER_HELLO,SSL_APPLICATION_DATA,SSL_CERTIFICATE_DETAIL
-FUNC_NAME=tsg_record_ssl_entry
-
-[DNS]
-FUNC_FLAG=ALL
-FUNC_NAME=tsg_record_dns_entry
-
-[MAIL]
-FUNC_FLAG=ALL
-FUNC_NAME=tsg_record_mail_entry
-
-[RTP]
-FUNC_FLAG=ALL
-FUNC_NAME=tsg_record_rtp_entry
-
-[SIP]
-FUNC_FLAG=ALL
-FUNC_NAME=tsg_record_sip_entry
-
-[FTP]
-FUNC_FLAG=ALL
-FUNC_NAME=tsg_record_ftp_entry