修改获取 dockerenv 环境包是url错误问题

.gitlab-ci.yml

@@ -0,0 +1,35 @@
+stages:
+- build
+    
+.build_tar:
+  image: "git.mesalab.cn:7443/mesa_platform/build-env:self-test-env"
+  variables:
+    GIT_STRATEGY: "clone"
+    BUILD_PADDING_PREFIX: /tmp/padding_for_PACK_TAR_BUILD_DIRS_PREFIX/
+    TESTING_VERSION_BUILD: 0
+  before_script:
+    - dockerd > /dev/null &
+    - docker info
+    - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
+    - mkdir -p $BUILD_PADDING_PREFIX/$CI_PROJECT_NAMESPACE/
+    - ln -s $CI_PROJECT_DIR $BUILD_PADDING_PREFIX/$CI_PROJECT_PATH
+    - cd $BUILD_PADDING_PREFIX/$CI_PROJECT_PATH
+    - pwd
+    - chmod +x ./ci/travis.sh
+  script:
+    - yum makecache
+    - ./ci/travis.sh
+  tags:
+  - share
+    
+file_build:
+  stage: build
+  variables:
+    VER_NAME: $CI_COMMIT_REF_NAME
+    PULP3_REPO_NAME: install-package-stable
+    PULP3_DIST_NAME: install-package-stable
+
+  extends: .build_tar
+  only:
+    - tags
+

buildPackage.yml

@@ -0,0 +1,3 @@
+- hosts: local
+  roles:
+    - package-build

build_config/group_vars/local.yml

@@ -0,0 +1,10 @@
+tarpath:
+  src:
+    - /tmp/padding_for_PACK_TAR_BUILD_DIRS_PREFIX/tsg/tsg-scripts/install_config
+    - /tmp/padding_for_PACK_TAR_BUILD_DIRS_PREFIX/tsg/tsg-scripts/deploy.yml
+    - /tmp/padding_for_PACK_TAR_BUILD_DIRS_PREFIX/tsg/tsg-scripts/roles/tsg-diagnose
+  destdict: /tmp/padding_for_PACK_TAR_BUILD_DIRS_PREFIX/tsg/tsg-scripts/build/
+
+tsgDiagnoseDockerFile: 
+  unarchiveUrl: http://repo.internal.geedge.net/pulp/content/install/stable/package/docker-rpm-test-docker-ce-7.tar.gz
+  unarchiveDest: /tmp/padding_for_PACK_TAR_BUILD_DIRS_PREFIX/tsg/tsg-scripts/roles/tsg-diagnose/files

build_config/hosts

@@ -0,0 +1,2 @@
+[local]
+localhost ansible_connection=local

ci/travis.sh

@@ -0,0 +1,14 @@
+#!/usr/bin/env sh
+mkdir build || true
+
+cat ./customize.yml >> ./build_config/group_vars/local.yml
+cat ./customize.yml >> ./install_config/group_vars/all.yml
+
+ansible-playbook -i ./build_config -e tarname=tsg-scripts-${VER_NAME}.tar.gz  buildPackage.yml
+
+ls -halt ./build/tsg-scripts-${VER_NAME}.tar.gz
+
+cd build
+cp ~/file_upload_tools.py ./
+
+python3 file_upload_tools.py ${PULP3_REPO_NAME} ${PULP3_DIST_NAME} *.tar.gz

customize.yml

@@ -0,0 +1,52 @@
+rpmdict:
+  tsgDiagnose:
+    fullname: "tsg-diagnose-test_edit_name-1.el7.x86_64.rpm"
+    name: "tsg-diagnose"
+    downpath: "/tmp/padding_for_PACK_TAR_BUILD_DIRS_PREFIX/tsg/tsg-scripts/roles/tsg-diagnose/files/rpms"
+
+dockerEnvRpm:
+  dockerCe:
+    - container-selinux-2.119.2-1.911c772.el7_8.noarch.rpm
+    - selinux-policy-targeted-3.13.1-266.el7_8.1.noarch.rpm
+    - selinux-policy-3.13.1-266.el7_8.1.noarch.rpm
+    - containerd.io-1.2.13-3.2.el7.x86_64.rpm
+    - policycoreutils-python-2.5-34.el7.x86_64.rpm
+    - policycoreutils-2.5-34.el7.x86_64.rpm
+    - libselinux-utils-2.5-15.el7.x86_64.rpm
+    - libselinux-python-2.5-15.el7.x86_64.rpm
+    - libseccomp-2.3.1-4.el7.x86_64.rpm
+    - iptables-1.4.21-34.el7.x86_64.rpm
+    - libcgroup-0.41-21.el7.x86_64.rpm
+    - audit-libs-python-2.8.5-4.el7.x86_64.rpm
+    - setools-libs-3.3.8-4.el7.x86_64.rpm
+    - libsemanage-python-2.5-14.el7.x86_64.rpm
+    - checkpolicy-2.5-8.el7.x86_64.rpm
+    - libnetfilter_conntrack-1.0.6-1.el7_3.x86_64.rpm
+    - python-IPy-0.75-6.el7.noarch.rpm
+    - libnfnetlink-1.0.1-4.el7.x86_64.rpm
+    - libmnl-1.0.3-7.el7.x86_64.rpm
+    - docker-ce-cli-19.03.12-3.el7.x86_64.rpm
+    - docker-ce-19.03.12-3.el7.x86_64.rpm
+  dockerCompose:
+    - libtirpc-0.2.4-0.16.el7.x86_64.rpm
+    - libyaml-0.1.4-11.el7_0.x86_64.rpm
+    - python3-3.6.8-13.el7.x86_64.rpm
+    - python36-cached_property-1.5.1-2.el7.noarch.rpm
+    - python36-chardet-3.0.4-1.el7.noarch.rpm
+    - python36-docker-2.6.1-3.el7.noarch.rpm
+    - python36-dockerpty-0.4.1-18.el7.noarch.rpm
+    - python36-docker-pycreds-0.2.1-2.el7.noarch.rpm
+    - python36-docopt-0.6.2-8.el7.noarch.rpm
+    - python36-idna-2.7-2.el7.noarch.rpm
+    - python36-jsonschema-2.5.1-4.el7.noarch.rpm
+    - python36-pysocks-1.6.8-7.el7.noarch.rpm
+    - python36-PyYAML-3.13-1.el7.x86_64.rpm
+    - python36-requests-2.14.2-2.el7.noarch.rpm
+    - python36-six-1.14.0-2.el7.noarch.rpm
+    - python36-texttable-1.6.2-1.el7.noarch.rpm
+    - python36-urllib3-1.25.6-1.el7.noarch.rpm
+    - python36-websocket-client-0.47.0-2.el7.noarch.rpm
+    - python3-libs-3.6.8-13.el7.x86_64.rpm
+    - python3-pip-9.0.3-7.el7_7.noarch.rpm
+    - python3-setuptools-39.2.0-10.el7.noarch.rpm
+    - docker-compose-1.18.0-4.el7.noarch.rpm

deploy.yml

@@ -16,6 +16,7 @@
     - certstore
     - cert-redis
     - telegraf_statistic
+    - tsg-diagnose
 
 - hosts: blade-01
   roles:
@@ -55,3 +56,4 @@
     - cert-redis
     - tfe
     - telegraf_statistic
+    - proxy_status

install_config/group_vars/all.yml

@@ -1,9 +1,9 @@
 #########################################
 #####0: Pcap; 1: Inline_device;  2: Allot;  3: ADC_Tun_mode;  4: ATCA;
-tsg_access_type: 0
+tsg_access_type: 4
 
-#####0: Tun_mode;  1: ADC;
-tsg_running_type: 0 
+#####0: Tun_mode;  1: normal; 2: ADC;
+tsg_running_type: 1 
 
 ########################################
 maat_redis_server:
@@ -21,7 +21,7 @@ cert_store_server:
   port: 9991
 
 log_kafkabrokers:
-  address: "192.168.40.169:9092"
+  address: "1.1.1.1:9092,2.2.2.2:9092"
 
 log_minio:
   address: "192.168.40.168;"
@@ -35,7 +35,9 @@ fs_remote:
 ########################################
 sapp:
   worker_threads: 16
+  send_only_threads_max: 8
   bind_mask: 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16
+  inbound_route_dir: 1
 
 ########################################
 kni:
@@ -49,12 +51,9 @@ kni:
   send_logger:
     switch: 1
   tfe_nodes:
-    - tfe0:
-        enabled: 1
-    - tfe1:
-        enabled: 1
-    - tfe2:
-        enabled: 1
+    tfe0_enabled: 1
+    tfe1_enabled: 1
+    tfe2_enabled: 1
 
 ########################################
 tfe:
@@ -72,7 +71,7 @@ mrtunnat:
   lcore_id: 38
 
 nic_data_incoming:
-  name: enp1s0
+  ethname: enp1s0
   vf0_name: enp1s2
   vf1_name: enp1s2f1
   vf2_name: enp1s2f2
@@ -80,8 +79,10 @@ nic_data_incoming:
 VlanFlipping:
   vlanID_1: 100
   vlanID_2: 101
+  vlanID_3: 103
+  vlanID_4: 104
 ########################################
-tsg_tun_mode:
+server:
   ethname: eth0
   tun_name: eth0.100
   internal_interface: "eth2"

roles/clotho/templates/clotho.conf.j2

@@ -2,8 +2,8 @@
 BROKER_LIST={{ log_kafkabrokers.address }}
 
 [SYSTEM]
-{% if tsg_running_type == 0 %}
-NIC_NAME={{ tsg_tun_mode.ethname }}
+{% if tsg_running_type == 0 or 1 %}
+NIC_NAME={{ server.ethname }}
 {% else %}
 NIC_NAME={{ nic_mgr.name }}
 {% endif %}

roles/firewall/tasks/main.yml

@@ -8,6 +8,7 @@
   yum:
     name: "{{ fw_packages }}"
     state: present
+    skip_broken: yes
   vars:
     fw_packages:
       - /tmp/ansible_deploy/dns-2.0.2.5effe72-2.el7.x86_64.rpm
@@ -20,7 +21,7 @@
       - /tmp/ansible_deploy/fw_ftp_plug-1.1.0.74c9a05-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/fw_ssl_plug-1.0.3.30fcf35-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/fw_mail_plug-1.1.0.a42c5a0-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/fw_http_plug-1.1.1.d5a0b10-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/fw_http_plug-1.2.0.a7e63c0-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/capture_packet_plug-debug-1.0.0.-1.el7.x86_64.rpm
       - /tmp/ansible_deploy/clotho-debug-1.0.0.-1.el7.x86_64.rpm
       - /tmp/ansible_deploy/quic-1.1.4.9c2e0ba-2.el7.x86_64.rpm

roles/firewall/templates/capture_packet_plug.conf.j2

@@ -15,8 +15,8 @@ INC_CFG_DIR=capture_packet_rule/inc/index/
 FULL_CFG_DIR=capture_packet_rule/full/index/
 
 [LOG]
-{% if tsg_running_type == 0 %}
-NIC_NAME={{ tsg_tun_mode.ethname }}
+{% if tsg_running_type == 0 or 1 %}
+NIC_NAME={{ server.ethname }}
 {% else %}
 NIC_NAME={{ nic_mgr.name }}
 {% endif %}

roles/firewall/templates/maat.conf.j2

@@ -1,4 +1,5 @@
 [STATIC]
+###0:location 1:json 2:redis
 MAAT_MODE=2
 STAT_SWITCH=1
 PERF_SWITCH=1
@@ -14,6 +15,7 @@ INC_CFG_DIR=tsgrule/inc/index/
 FULL_CFG_DIR=tsgrule/full/index/
 
 [DYNAMIC]
+###0:location 1:json 2:redis
 MAAT_MODE=2
 STAT_SWITCH=1
 PERF_SWITCH=1

roles/firewall/templates/main.conf.j2

@@ -24,8 +24,8 @@ IP_ADDR_TABLE=TSG_SECURITY_ADDR
 
 [TSG_LOG]
 MODE=1
-{% if tsg_running_type == 0 %}
-NIC_NAME={{ tsg_tun_mode.ethname }}
+{% if tsg_running_type == 0 or 1 %}
+NIC_NAME={{ server.ethname }}
 {% else %}
 NIC_NAME={{ nic_mgr.name }}
 {% endif %}

roles/framework/tasks/main.yml

@@ -12,14 +12,14 @@
     packages:
       - /tmp/ansible_deploy/libMESA_field_stat-1.0.1.852c2df-1.el7.x86_64.rpm
       - /tmp/ansible_deploy/libMESA_field_stat2-2.9.0.16ecf3b-2.el7.x86_64.rpm
-      - /tmp/ansible_deploylibMESA_handle_logger-1.0.9.304259e-2.el7.x86_64.rpm/
+      - /tmp/ansible_deploy/libMESA_handle_logger-1.0.9.304259e-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/libMESA_htable-3.10.11.6275308-1.el7.x86_64.rpm
       - /tmp/ansible_deploy/libMESA_prof_load-1.0.5.bf755de-1.el7.x86_64.rpm
       - /tmp/ansible_deploy/libWiredLB-2.0.3.c7d131b-1.el7.x86_64.rpm
       - /tmp/ansible_deploy/libcjson-1.7.8.542ad7f-1.el7.x86_64.rpm
       - /tmp/ansible_deploy/libdocumentanalyze-2.0.4.efdfc29-1.el7.x86_64.rpm
       - /tmp/ansible_deploy/libmaatframe-2.9.2.7519c63-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/librulescan-devel-2.2.0.900d2b3-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/librulescan-2.2.0.900d2b3-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/libwiredcfg-2.0.2.7ce1eea-1.el7.x86_64.rpm
       - /tmp/ansible_deploy/lz4-1.7.5-3.el7.x86_64.rpm
       - /tmp/ansible_deploy/librdkafka-0.11.4-1.el7.x86_64.rpm

roles/kni/templates/kni.conf.j2

@@ -2,8 +2,8 @@
 log_path = ./log/kni/kni.log
 log_level = {{ kni.global.log_level }}
 tfe_node_count = {{ kni.global.tfe_node_count }}
-{% if tsg_running_type == 0 %}
-manage_eth = {{ tsg_tun_mode.ethname }}
+{% if tsg_running_type == 0 or 1 %}
+manage_eth = {{ server.ethname }}
 {% else %}
 manage_eth = {{ nic_mgr.name }}
 {% endif %}
@@ -20,26 +20,26 @@ dst_mac_addr = fe:65:b7:03:50:bd
 enabled = 1
 dev_eth_symbol = {{ nic_data_incoming.vf1_name }}
 ip_addr = 192.168.100.1
-{% elif tsg_running_type == 1 %}
+{% elif tsg_running_type == 2 %}
 [tfe0]
-enabled = 1
+enabled = {{ kni.tfe_nodes.tfe0_enabled }}
 dev_eth_symbol = {{ nic_to_tfe.tfe0.name }}
 ip_addr = 192.168.100.2
 
 [tfe1]
-enabled = 1
+enabled = {{ kni.tfe_nodes.tfe1_enabled }}
 dev_eth_symbol = {{ nic_to_tfe.tfe1.name }}
 ip_addr = 192.168.100.3
 
 [tfe2]
-enabled = 1
+enabled = {{ kni.tfe_nodes.tfe2_enabled }}
 dev_eth_symbol = {{ nic_to_tfe.tfe2.name }}
 ip_addr = 192.168.100.4
 {% endif %}
 
 [tfe_cmsg_receiver]
-{% if tsg_running_type == 0 %}
-listen_eth = {{ tsg_tun_mode.tun_name }}
+{% if tsg_running_type == 0 or 1%}
+listen_eth = {{ server.tun_name }}
 {% else %}
 listen_eth = {{ nic_inner_ctrl.name }}
 {% endif %}
@@ -47,8 +47,8 @@ listen_port = 2475
 
 [watch_dog]
 switch = {{ kni.watch_dog.switch }}
-{% if tsg_running_type == 0 %}
-listen_eth = {{ tsg_tun_mode.tun_name }}
+{% if tsg_running_type == 0 or 1 %}
+listen_eth = {{ server.tun_name }}
 {% else %}
 listen_eth = {{ nic_inner_ctrl.name }}
 {% endif %}

roles/mrzcpd/templates/mrglobal.conf.ATCA_40G.j2

@@ -8,7 +8,7 @@ mtu=4096
 clear_tx_flags=1
 vlan-filter=1
 vlan-strip=1
-vlan-id-allow={{ VlanFlipping.vlanID_1 }},{{ VlanFlipping.vlanID_2 }}
+vlan-id-allow={{ VlanFlipping.vlanID_1 }},{{ VlanFlipping.vlanID_2 }},{{ VlanFlipping.vlanID_3 }},{{ VlanFlipping.vlanID_4 }}
 vlan-pvid=0
 vlan-pvid-mode=2
 hw_strip_crc=1

roles/mrzcpd/templates/mrtunnat.conf.ATCA_40G.j2

@@ -8,6 +8,7 @@ nr_slots=1048576
 expire_time=60
 reverse_tunnel=0
 use_recent_tunnel=0
+use_link_info_table=1
 use_tuple4_as_sskey=0
 ctrlzone_addr_info_type=2
 
@@ -16,4 +17,7 @@ enable=1
 c_router_vlan_id_0={{ VlanFlipping.vlanID_1 }}
 i_router_vlan_id_0={{ VlanFlipping.vlanID_2 }}
 en_mac_flipping_0=0
-
+en_mac_flipping_0=0
+c_router_vlan_id_1={{ VlanFlipping.vlanID_3 }}
+i_router_vlan_id_1={{ VlanFlipping.vlanID_4 }}
+en_mac_flipping_1=0

roles/package-build/tasks/DockerEnvDownload.yml

@@ -0,0 +1,6 @@
+---
+- name: 'Unarchive docker env rpm file from remote host'
+  unarchive:
+    src: "{{ tsgDiagnoseDockerFile.unarchiveUrl }}"
+    dest: "{{ tsgDiagnoseDockerFile.unarchiveDest }}"
+    remote_src: yes

roles/package-build/tasks/RpmDownload.yml

@@ -0,0 +1,8 @@
+---
+- name: "download rpm package by rpm list"
+  yum:
+    name: "{{ item.value.name }}"
+    state: present
+    download_only: true
+    download_dir: "{{ item.value.downpath }}"
+  with_dict: "{{ rpmdict }}"

roles/package-build/tasks/TarBuild.yml

@@ -0,0 +1,6 @@
+---
+- name: "build install tar package"
+  archive:
+    path: "{{ tarpath.src }}" 
+    dest: "{{ tarpath.destdict }}{{ tarname }}"
+    format: gz

roles/package-build/tasks/main.yml

@@ -0,0 +1,4 @@
+---
+- include: DockerEnvDownload.yml
+- include: RpmDownload.yml
+- include: TarBuild.yml 

roles/proxy_status/files/proxy-status.service

@@ -0,0 +1,11 @@
+[Unit]
+Description=proxy status
+
+[Service]
+ExecStart=/opt/proxy_status/proxy_start
+ExecStop=/opt/proxy_status/proxy_stop
+Type=oneshot
+RemainAfterExit=yes
+
+[Install]
+WantedBy=multi-user.target

roles/proxy_status/files/proxy_start

@@ -0,0 +1,12 @@
+#!/bin/bash
+#
+
+systemctl start tsg-env-tun-mode.service &>/dev/null &
+sleep 2
+systemctl start sapp.service &>/dev/null &
+sleep 5
+systemctl start tfe-env.service &>/dev/null &
+sleep 5
+systemctl start tfe.service &>/dev/null &
+systemctl start certstore.service &>/dev/null &
+systemctl start cert-redis.service &>/dev/null &

roles/proxy_status/files/proxy_status

@@ -0,0 +1,65 @@
+#!/bin/bash
+#
+
+systemctl status tsg-env-tun-mode &>/dev/null
+if [ $? -eq 0 ];then
+	echo -e "\033[32m tsg-env-tun-mode is running \033[0m"
+else
+        echo -e "\033[31m tsg-env-tun-mode is down \033[0m"
+fi
+
+systemctl status mrzcpd &>/dev/null
+if [ $? -eq 0 ];then
+	echo -e "\033[32m mrzcpd is running \033[0m"
+else
+        echo -e "\033[31m mrzcpd is down \033[0m"
+fi
+
+systemctl status mrenv &>/dev/null
+if [ $? -eq 0 ];then
+	echo -e "\033[32m mrenv is running \033[0m"
+else
+        echo -e "\033[31m mrenv is down \033[0m"
+fi
+
+systemctl status mrtunnat &>/dev/null
+if [ $? -eq 0 ];then
+	echo -e "\033[32m mrtunnat is running \033[0m"
+else
+        echo -e "\033[31m mrtunnat is down \033[0m"
+fi
+
+systemctl status sapp &>/dev/null
+if [ $? -eq 0 ];then
+	echo -e "\033[32m sapp is running \033[0m"
+else
+        echo -e "\033[31m sapp is down \033[0m"
+fi
+
+systemctl status tfe-env &>/dev/null
+if [ $? -eq 0 ];then
+	echo -e "\033[32m tfe-env is running \033[0m"
+else
+        echo -e "\033[31m tfe-env is down \033[0m"
+fi
+
+systemctl status tfe &>/dev/null
+if [ $? -eq 0 ];then
+	echo -e "\033[32m tfe is running \033[0m"
+else
+        echo -e "\033[31m tfe is down \033[0m"
+fi
+
+systemctl status certstore &>/dev/null
+if [ $? -eq 0 ];then
+	echo -e "\033[32m certstore is running \033[0m"
+else
+        echo -e "\033[31m certstore is down \033[0m"
+fi
+
+systemctl status cert-redis &>/dev/null
+if [ $? -eq 0 ];then
+	echo -e "\033[32m cert-redis is running \033[0m"
+else
+        echo -e "\033[31m cert-redis is down \033[0m"
+fi

roles/proxy_status/files/proxy_stop

@@ -0,0 +1,12 @@
+#!/bin/bash
+#
+
+systemctl stop tsg-env-tun-mode.service &>/dev/null &
+systemctl stop mrzcpd.service &>/dev/null &
+systemctl stop mrtunnat.service &>/dev/null &
+systemctl stop sapp.service &>/dev/null &
+systemctl stop tfe-env.service &>/dev/null &
+systemctl stop tfe.service &>/dev/null &
+systemctl stop certstore.service &>/dev/null &
+systemctl stop cert-redis.service &>/dev/null &
+

roles/proxy_status/tasks/main.yml

@@ -0,0 +1,24 @@
+---
+- name: "create /opt/proxy_status"
+  file:
+    path: /opt/proxy_status
+    state: directory
+
+- name: "copy files"
+  copy:
+    src: "{{ role_path }}/files/" 
+    dest: /opt/proxy_status
+    mode: 0755
+
+- name: "copy proxy-status.service"
+  copy:
+    src: "{{ role_path }}/files/proxy-status.service"
+    dest: "/usr/lib/systemd/system/"   
+    mode: 0755  
+
+- name: "enable proxy-status"
+  systemd:
+    name: proxy-status
+    enabled: yes
+    daemon_reload: yes
+

roles/sapp/templates/sapp.toml.j2

@@ -9,19 +9,29 @@
 instance_name = "sapp4"
 
 [CPU]
-{% if tsg_running_type == 0 %}
+{% if tsg_access_type == 0 %}
 worker_threads=1
 {% else %}
 worker_threads={{ sapp.worker_threads }}
 {% endif %}
+{% if tsg_access_type == 4 %}
+send_only_threads_max={{ sapp.send_only_threads_max }}
+{% endif %}
 ### note, bind_mask, if you do not want to bind thread to special CPU core, keep it empty as []
-{% if tsg_running_type == 0 %}
+{% if tsg_access_type == 0 %}
 bind_mask=[]
 {% else %}
 bind_mask=[{{ sapp.bind_mask }}]
 {% endif %}
 
 [PACKET_IO]
+{% if tsg_access_type == 4 %}
+### note, used to represent inbound or outbound direction value,
+##### because it comes from other device, so it needs to be specified manually,
+##### if inbound_route_dir=1, then outbound_route_dir=0, vice versa,
+##### in other words, outbound_route_dir = 1 ^ inbound_route_dir;
+inbound_route_dir={{ sapp.inbound_route_dir }}
+{% endif %}
 ### note, BSD_packet_filter, if you do not want to set any filter rule, keep it empty as ""
 BSD_packet_filter=""
    
@@ -37,7 +47,7 @@ BSD_packet_filter=""
     [packet_io.internal.interface]
     {% if tsg_access_type == 0 %}
     type=pcap
-    name={{tsg_tun_mode.internal_interface}}
+    name={{server.internal_interface}}
     {% else %}
     type=marsio
     name=vxlan_user
@@ -46,7 +56,7 @@ BSD_packet_filter=""
     [packet_io.external.interface]
     {% if tsg_access_type == 0 %}
     type=pcap
-    name={{tsg_tun_mode.external_interface}}
+    name={{server.external_interface}}
     {% else %}
     type=pcap
     name=lo

roles/telegraf_statistic/templates/telegraf_statistic.conf.j2

@@ -17,7 +17,7 @@
     files = ["stdout", "/tmp/metrics.out"]
        data_format = "json"
  [[outputs.kafka]]
-   brokers = ["{{ log_kafkabrokers.address }}"]
+   brokers = ["192.168.40.186:9092"]
    topic = "TRAFFIC-METRICS-LOG"
     data_format = "json"
  [[outputs.prometheus_client]]

roles/tfe/files/tfe.service

@@ -0,0 +1,22 @@
+[Unit]
+Description=Tango Frontend Engine
+Requires=tfe-env.service
+After=tfe-env.service
+
+
+[Service]
+Type=notify
+ExecStart=/opt/tsg/tfe/bin/tfe
+WorkingDirectory=/opt/tsg/tfe/
+TimeoutSec=3600s
+RestartSec=10s
+Restart=always
+LimitNOFILE=524288
+LimitNPROC=infinity
+LimitCORE=infinity
+TasksMax=infinity
+Delegate=yes
+KillMode=process
+
+[Install]
+WantedBy=multi-user.target

roles/tfe/tasks/main.yml

@@ -4,11 +4,17 @@
     src: "{{ role_path }}/files/"
     dest: /tmp/ansible_deploy/
 
+- name: "copy tfe.service to destination server"
+  copy:
+    src: "{{ role_path }}/files/tfe.service"
+    dest: /usr/lib/systemd/system/
+    mode: 0755
+ 
 - name: "install tfe rpms from localhost"
   yum:
     name:
       - /tmp/ansible_deploy/tfe-kmod-v1.0.5.20200408-1dkms.noarch.rpm
-      - /tmp/ansible_deploy/tfe-4.3.4.82f04dc-1.el7.x86_64.rpm
+      - /tmp/ansible_deploy/tfe-4.3.5.0db794c-1.el7.x86_64.rpm
     state: present
 
 - name: "template tfe-env config"

roles/tfe/templates/pangu_pxy.conf.j2

@@ -2,8 +2,8 @@
 log_level=30
 
 [log]
-{% if tsg_running_type == 0 %}
-nic_name={{ tsg_tun_mode.ethname }}
+{% if tsg_running_type == 0 or 1 %}
+nic_name={{ server.ethname }}
 {% else %}
 nic_name={{ nic_mgr.name }}
 {% endif %}

roles/tfe/templates/tfe-env-config.j2

@@ -1,7 +1,7 @@
-{% if tsg_running_type == 0 %}
+{% if tsg_access_type == 4 %}
+TFE_DEVICE_DATA_INCOMING={ nic_data_incoming.vf2_name }}
+{% elif tsg_running_type == 0 %}
 TFE_DEVICE_DATA_INCOMING=tun_kni
-{% elif tsg_access_type == 4 %}
-TFE_DEVICE_DATA_INCOMING={{ nic_data_incoming.vf2_name }}
 {% else %}
 TFE_DEVICE_DATA_INCOMING={{ nic_data_incoming.name }}
 {% endif %}
@@ -14,7 +14,7 @@ TFE_PEER_MAC_DATA_INCOMING=aa:bb:cc:dd:ee:ff
 TFE_LOCAL_IP_DATA_INCOMING=172.16.241.2
 TFE_PEER_IP_DATA_INCOMING=172.16.241.1
 
-{% if tsg_running_type == 0 %}
-TFE_WATCHDOG_DEVICE={{ tsg_tun_mode.tun_name }}
+{% if tsg_running_type == 0 or 1 %}
+TFE_WATCHDOG_DEVICE={{ server.tun_name }}
 TFE_WATCHDOG_IP=192.168.100.1
 {% endif %}

roles/tfe/templates/tfe.conf.j2

@@ -31,8 +31,8 @@ service_cache_expire_seconds=600
 # default 0
 mc_cache_enable=1
 # default eth0
-{% if tsg_running_type == 0 %}
-mc_cache_eth={{ tsg_tun_mode.tun_name }}
+{% if tsg_running_type == 0 or 1 %}
+mc_cache_eth={{ server.tun_name }}
 {% else %}
 mc_cache_eth={{ nic_inner_ctrl.name }}
 {% endif %}
@@ -56,7 +56,7 @@ enable_health_check=0
 passthrough_all_tcp=0
 
 [traffic_mirror]
-{% if tsg_running_type == 0 %}
+{% if tsg_running_type == 0 or 1 %}
 device=lo
 {% else %}
 device={{ nic_traffic_mirror.name }}

roles/tsg-diagnose/tasks/DockerEnv.yml

@@ -0,0 +1,19 @@
+--- 
+- name: "Install docker-ce"
+  yum:
+    name: "/tmp/ansible_deploy/tsg-diagnose/rpms/rpm-docker/docker-ce/{{ item }}"
+    state: present
+    with_items: "{{ dockerEnvRpm.dockerCe }}"
+
+- name: "Install docker-compose"
+  yum:
+    name: "/tmp/ansible_deploy/tsg-diagnose/rpms/rpm-docker/docker-compose/{{ item }}"
+    state: present
+    with_items: "{{ dockerEnvRpm.dockerCompose }}"
+
+- name: 'Docker service start'
+  systemd:
+    name: docker
+    enabled: yes
+    daemon_reload: yes
+

roles/tsg-diagnose/tasks/TsgDiagnose.yml

@@ -0,0 +1,12 @@
+--- 
+- name: "Install tsg-diagnose rpm package"
+  yum:
+    name:
+      - "/tmp/ansible_deploy/tsg-diagnose/rpms/{{rpmdict.tsgDiagnose.fullname}}"
+    state: present
+    
+- name: 'Tsg-diagnose service start'
+  systemd:
+    name: tsg-diagnose
+    enabled: yes
+    daemon_reload: yes

roles/tsg-diagnose/tasks/main.yml

@@ -0,0 +1,14 @@
+--- 
+- name: 'Copy tsg-diagnose file to device'
+  copy: 
+    src: "{{item.src}}"
+    dest: "{{item.dest}}"
+    mode: "{{item.mode}}"
+  with_items:
+    - { src: "{{ role_path }}/files/", dest: "/tmp/ansible_deploy/tsg-diagnose", mode: '0755' }
+    
+- name: 'Install docker env rpm'
+  include: DockerEnv.yml
+
+- name: 'Install Tsg-diagnose'
+  include: TsgDiagnose.yml

roles/tsg-env-tun-mode/templates/setup.j2

@@ -1,25 +1,25 @@
 #!/bin/bash
 modprobe 8021q
-vconfig add {{ tsg_tun_mode.ethname }} 100
-vconfig set_flag {{ tsg_tun_mode.ethname }}.100 1 1
-ifconfig {{ tsg_tun_mode.ethname }}.100 192.168.100.1 netmask 255.255.255.0 up
+vconfig add {{ server.ethname }} 100
+vconfig set_flag {{ server.ethname }}.100 1 1
+ifconfig {{ server.ethname }}.100 192.168.100.1 netmask 255.255.255.0 up
 {% if tsg_access_type == 0 %}
-ethtool -K {{ tsg_tun_mode.internal_interface }} tso off
-ethtool -K {{ tsg_tun_mode.internal_interface }} gso off
-ethtool -K {{ tsg_tun_mode.internal_interface }} gro off
-ethtool -K {{ tsg_tun_mode.external_interface }} tso off
-ethtool -K {{ tsg_tun_mode.external_interface }} gso off
-ethtool -K {{ tsg_tun_mode.external_interface }} gro off
+ethtool -K {{ server.internal_interface }} tso off
+ethtool -K {{ server.internal_interface }} gso off
+ethtool -K {{ server.internal_interface }} gro off
+ethtool -K {{ server.external_interface }} tso off
+ethtool -K {{ server.external_interface }} gso off
+ethtool -K {{ server.external_interface }} gro off
 {% elif tsg_access_type == 4 %}
-echo 3 > /sys/class/net/{{ nic_data_incoming.name }}/device/sriov_numvfs
-ip link set {{ nic_data_incoming.name }} vf 1 vlan 4095
-ip link set {{ nic_data_incoming.name }} vf 2 vlan 4095
-ip link set {{ nic_data_incoming.name }} vf 0 trust on
-ip link set {{ nic_data_incoming.name }} vf 1 trust on
-ip link set {{ nic_data_incoming.name }} vf 2 trust on
-ip link set {{ nic_data_incoming.name }} vf 1 mac 00:0e:c6:d6:72:c1
-ip link set {{ nic_data_incoming.name }} vf 2 mac fe:65:b7:03:50:bd
-ip link set {{ nic_data_incoming.name }} vf 0 spoofchk off
+echo 3 > /sys/class/net/{{ nic_data_incoming.ethname }}/device/sriov_numvfs
+ip link set {{ nic_data_incoming.ethname }} vf 1 vlan 4095
+ip link set {{ nic_data_incoming.ethname }} vf 2 vlan 4095
+ip link set {{ nic_data_incoming.ethname }} vf 0 trust on
+ip link set {{ nic_data_incoming.ethname }} vf 1 trust on
+ip link set {{ nic_data_incoming.ethname }} vf 2 trust on
+ip link set {{ nic_data_incoming.ethname }} vf 1 mac 00:0e:c6:d6:72:c1
+ip link set {{ nic_data_incoming.ethname }} vf 2 mac fe:65:b7:03:50:bd
+ip link set {{ nic_data_incoming.ethname }} vf 0 spoofchk off
 ip link set {{ nic_data_incoming.vf0_name }} up
 ip link set {{ nic_data_incoming.vf1_name }} up
 ip link set {{ nic_data_incoming.vf2_name }} up

roles/tsg-env-tun-mode/templates/tsg-env_stop.j2

@@ -1,8 +1,8 @@
 #!/bin/bash
 #
-echo 0 >/sys/class/net/{{ tsg_tun_mode.ethname }}/device/sriov_numvfs
-ifconfig {{ tsg_tun_mode.ethname }}.100 down
-vconfig rem {{ tsg_tun_mode.ethname }}.100
+echo 0 >/sys/class/net/{{ server.ethname }}/device/sriov_numvfs
+ifconfig {{ server.ethname }}.100 down
+vconfig rem {{ server.ethname }}.100
 {% if tsg_access_type == 4 %}
-echo 0 >/sys/class/net/{{ nic_data_incoming.name }}/device/sriov_numvfs
+echo 0 >/sys/class/net/{{ nic_data_incoming.ethname }}/device/sriov_numvfs
 {% endif %}

roles/tsg_master/tasks/main.yml

@@ -6,6 +6,6 @@
 - name: "install tsg_master from localhost"
   yum:
     name:
-      - /tmp/ansible_deploy/tsg_master-1.2.8.2aa222c-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/tsg_master-1.3.3.65833d7-2.el7.x86_64.rpm
     state: present
     skip_broken: yes