update

deploy.yml

@@ -55,3 +55,4 @@
     - cert-redis
     - tfe
     - telegraf_statistic
+    - proxy_status

install_config/group_vars/all.yml

@@ -1,9 +1,9 @@
 #########################################
 #####0: Pcap; 1: Inline_device;  2: Allot;  3: ADC_Tun_mode;  4: ATCA;
-tsg_access_type: 0
+tsg_access_type: 4
 
-#####0: Tun_mode;  1: ADC;
+#####0: Tun_mode;  1: normal; 2: ADC;
-tsg_running_type: 0 
+tsg_running_type: 1 
 
 ########################################
 maat_redis_server:
@@ -21,7 +21,7 @@ cert_store_server:
   port: 9991
 
 log_kafkabrokers:
-  address: "192.168.40.169:9092"
+  address: "1.1.1.1:9092,2.2.2.2:9092"
 
 log_minio:
   address: "192.168.40.168;"
@@ -35,7 +35,9 @@ fs_remote:
 ########################################
 sapp:
   worker_threads: 16
+  send_only_threads_max: 8
   bind_mask: 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16
+  inbound_route_dir: 1
 
 ########################################
 kni:
@@ -49,12 +51,9 @@ kni:
   send_logger:
     switch: 1
   tfe_nodes:
-    - tfe0:
+    tfe0_enabled: 1
-        enabled: 1
+    tfe1_enabled: 1
-    - tfe1:
+    tfe2_enabled: 1
-        enabled: 1
-    - tfe2:
-        enabled: 1
 
 ########################################
 tfe:
@@ -72,7 +71,7 @@ mrtunnat:
   lcore_id: 38
 
 nic_data_incoming:
-  name: enp1s0
+  ethname: enp1s0
   vf0_name: enp1s2
   vf1_name: enp1s2f1
   vf2_name: enp1s2f2
@@ -80,8 +79,10 @@ nic_data_incoming:
 VlanFlipping:
   vlanID_1: 100
   vlanID_2: 101
+  vlanID_3: 103
+  vlanID_4: 104
 ########################################
-tsg_tun_mode:
+server:
   ethname: eth0
   tun_name: eth0.100
   internal_interface: "eth2"

roles/clotho/templates/clotho.conf.j2

@@ -2,8 +2,8 @@
 BROKER_LIST={{ log_kafkabrokers.address }}
 
 [SYSTEM]
-{% if tsg_running_type == 0 %}
+{% if tsg_running_type == 0 or 1 %}
-NIC_NAME={{ tsg_tun_mode.ethname }}
+NIC_NAME={{ server.ethname }}
 {% else %}
 NIC_NAME={{ nic_mgr.name }}
 {% endif %}

roles/firewall/tasks/main.yml

@@ -8,6 +8,7 @@
   yum:
     name: "{{ fw_packages }}"
     state: present
+    skip_broken: yes
   vars:
     fw_packages:
       - /tmp/ansible_deploy/dns-2.0.2.5effe72-2.el7.x86_64.rpm
@@ -20,7 +21,7 @@
       - /tmp/ansible_deploy/fw_ftp_plug-1.1.0.74c9a05-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/fw_ssl_plug-1.0.3.30fcf35-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/fw_mail_plug-1.1.0.a42c5a0-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/fw_http_plug-1.1.1.d5a0b10-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/fw_http_plug-1.2.0.a7e63c0-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/capture_packet_plug-debug-1.0.0.-1.el7.x86_64.rpm
       - /tmp/ansible_deploy/clotho-debug-1.0.0.-1.el7.x86_64.rpm
       - /tmp/ansible_deploy/quic-1.1.4.9c2e0ba-2.el7.x86_64.rpm

roles/firewall/templates/capture_packet_plug.conf.j2

@@ -15,8 +15,8 @@ INC_CFG_DIR=capture_packet_rule/inc/index/
 FULL_CFG_DIR=capture_packet_rule/full/index/
 
 [LOG]
-{% if tsg_running_type == 0 %}
+{% if tsg_running_type == 0 or 1 %}
-NIC_NAME={{ tsg_tun_mode.ethname }}
+NIC_NAME={{ server.ethname }}
 {% else %}
 NIC_NAME={{ nic_mgr.name }}
 {% endif %}

roles/firewall/templates/maat.conf.j2

@@ -1,4 +1,5 @@
 [STATIC]
+###0:location 1:json 2:redis
 MAAT_MODE=2
 STAT_SWITCH=1
 PERF_SWITCH=1
@@ -14,6 +15,7 @@ INC_CFG_DIR=tsgrule/inc/index/
 FULL_CFG_DIR=tsgrule/full/index/
 
 [DYNAMIC]
+###0:location 1:json 2:redis
 MAAT_MODE=2
 STAT_SWITCH=1
 PERF_SWITCH=1

roles/firewall/templates/main.conf.j2

@@ -24,8 +24,8 @@ IP_ADDR_TABLE=TSG_SECURITY_ADDR
 
 [TSG_LOG]
 MODE=1
-{% if tsg_running_type == 0 %}
+{% if tsg_running_type == 0 or 1 %}
-NIC_NAME={{ tsg_tun_mode.ethname }}
+NIC_NAME={{ server.ethname }}
 {% else %}
 NIC_NAME={{ nic_mgr.name }}
 {% endif %}

roles/framework/tasks/main.yml

@@ -12,14 +12,14 @@
     packages:
       - /tmp/ansible_deploy/libMESA_field_stat-1.0.1.852c2df-1.el7.x86_64.rpm
       - /tmp/ansible_deploy/libMESA_field_stat2-2.9.0.16ecf3b-2.el7.x86_64.rpm
-      - /tmp/ansible_deploylibMESA_handle_logger-1.0.9.304259e-2.el7.x86_64.rpm/
+      - /tmp/ansible_deploy/libMESA_handle_logger-1.0.9.304259e-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/libMESA_htable-3.10.11.6275308-1.el7.x86_64.rpm
       - /tmp/ansible_deploy/libMESA_prof_load-1.0.5.bf755de-1.el7.x86_64.rpm
       - /tmp/ansible_deploy/libWiredLB-2.0.3.c7d131b-1.el7.x86_64.rpm
       - /tmp/ansible_deploy/libcjson-1.7.8.542ad7f-1.el7.x86_64.rpm
       - /tmp/ansible_deploy/libdocumentanalyze-2.0.4.efdfc29-1.el7.x86_64.rpm
       - /tmp/ansible_deploy/libmaatframe-2.9.2.7519c63-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/librulescan-devel-2.2.0.900d2b3-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/librulescan-2.2.0.900d2b3-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/libwiredcfg-2.0.2.7ce1eea-1.el7.x86_64.rpm
       - /tmp/ansible_deploy/lz4-1.7.5-3.el7.x86_64.rpm
       - /tmp/ansible_deploy/librdkafka-0.11.4-1.el7.x86_64.rpm

roles/kni/templates/kni.conf.j2

@@ -2,8 +2,8 @@
 log_path = ./log/kni/kni.log
 log_level = {{ kni.global.log_level }}
 tfe_node_count = {{ kni.global.tfe_node_count }}
-{% if tsg_running_type == 0 %}
+{% if tsg_running_type == 0 or 1 %}
-manage_eth = {{ tsg_tun_mode.ethname }}
+manage_eth = {{ server.ethname }}
 {% else %}
 manage_eth = {{ nic_mgr.name }}
 {% endif %}
@@ -20,26 +20,26 @@ dst_mac_addr = fe:65:b7:03:50:bd
 enabled = 1
 dev_eth_symbol = {{ nic_data_incoming.vf1_name }}
 ip_addr = 192.168.100.1
-{% elif tsg_running_type == 1 %}
+{% elif tsg_running_type == 2 %}
 [tfe0]
-enabled = 1
+enabled = {{ kni.tfe_nodes.tfe0_enabled }}
 dev_eth_symbol = {{ nic_to_tfe.tfe0.name }}
 ip_addr = 192.168.100.2
 
 [tfe1]
-enabled = 1
+enabled = {{ kni.tfe_nodes.tfe1_enabled }}
 dev_eth_symbol = {{ nic_to_tfe.tfe1.name }}
 ip_addr = 192.168.100.3
 
 [tfe2]
-enabled = 1
+enabled = {{ kni.tfe_nodes.tfe2_enabled }}
 dev_eth_symbol = {{ nic_to_tfe.tfe2.name }}
 ip_addr = 192.168.100.4
 {% endif %}
 
 [tfe_cmsg_receiver]
-{% if tsg_running_type == 0 %}
+{% if tsg_running_type == 0 or 1%}
-listen_eth = {{ tsg_tun_mode.tun_name }}
+listen_eth = {{ server.tun_name }}
 {% else %}
 listen_eth = {{ nic_inner_ctrl.name }}
 {% endif %}
@@ -47,8 +47,8 @@ listen_port = 2475
 
 [watch_dog]
 switch = {{ kni.watch_dog.switch }}
-{% if tsg_running_type == 0 %}
+{% if tsg_running_type == 0 or 1 %}
-listen_eth = {{ tsg_tun_mode.tun_name }}
+listen_eth = {{ server.tun_name }}
 {% else %}
 listen_eth = {{ nic_inner_ctrl.name }}
 {% endif %}

roles/mrzcpd/templates/mrglobal.conf.ATCA_40G.j2

@@ -8,7 +8,7 @@ mtu=4096
 clear_tx_flags=1
 vlan-filter=1
 vlan-strip=1
-vlan-id-allow={{ VlanFlipping.vlanID_1 }},{{ VlanFlipping.vlanID_2 }}
+vlan-id-allow={{ VlanFlipping.vlanID_1 }},{{ VlanFlipping.vlanID_2 }},{{ VlanFlipping.vlanID_3 }},{{ VlanFlipping.vlanID_4 }}
 vlan-pvid=0
 vlan-pvid-mode=2
 hw_strip_crc=1

roles/mrzcpd/templates/mrtunnat.conf.ATCA_40G.j2

@@ -8,6 +8,7 @@ nr_slots=1048576
 expire_time=60
 reverse_tunnel=0
 use_recent_tunnel=0
+use_link_info_table=1
 use_tuple4_as_sskey=0
 ctrlzone_addr_info_type=2
 
@@ -16,4 +17,7 @@ enable=1
 c_router_vlan_id_0={{ VlanFlipping.vlanID_1 }}
 i_router_vlan_id_0={{ VlanFlipping.vlanID_2 }}
 en_mac_flipping_0=0
-
+en_mac_flipping_0=0
+c_router_vlan_id_1={{ VlanFlipping.vlanID_3 }}
+i_router_vlan_id_1={{ VlanFlipping.vlanID_4 }}
+en_mac_flipping_1=0

roles/proxy_status/files/proxy-status.service

@@ -0,0 +1,11 @@
+[Unit]
+Description=proxy status
+
+[Service]
+ExecStart=/opt/proxy_status/proxy_start
+ExecStop=/opt/proxy_status/proxy_stop
+Type=oneshot
+RemainAfterExit=yes
+
+[Install]
+WantedBy=multi-user.target

roles/proxy_status/files/proxy_start

@@ -0,0 +1,12 @@
+#!/bin/bash
+#
+
+systemctl start tsg-env-tun-mode.service &>/dev/null &
+sleep 2
+systemctl start sapp.service &>/dev/null &
+sleep 5
+systemctl start tfe-env.service &>/dev/null &
+sleep 5
+systemctl start tfe.service &>/dev/null &
+systemctl start certstore.service &>/dev/null &
+systemctl start cert-redis.service &>/dev/null &

roles/proxy_status/files/proxy_status

@@ -0,0 +1,65 @@
+#!/bin/bash
+#
+
+systemctl status tsg-env-tun-mode &>/dev/null
+if [ $? -eq 0 ];then
+	echo -e "\033[32m tsg-env-tun-mode is running \033[0m"
+else
+        echo -e "\033[31m tsg-env-tun-mode is down \033[0m"
+fi
+
+systemctl status mrzcpd &>/dev/null
+if [ $? -eq 0 ];then
+	echo -e "\033[32m mrzcpd is running \033[0m"
+else
+        echo -e "\033[31m mrzcpd is down \033[0m"
+fi
+
+systemctl status mrenv &>/dev/null
+if [ $? -eq 0 ];then
+	echo -e "\033[32m mrenv is running \033[0m"
+else
+        echo -e "\033[31m mrenv is down \033[0m"
+fi
+
+systemctl status mrtunnat &>/dev/null
+if [ $? -eq 0 ];then
+	echo -e "\033[32m mrtunnat is running \033[0m"
+else
+        echo -e "\033[31m mrtunnat is down \033[0m"
+fi
+
+systemctl status sapp &>/dev/null
+if [ $? -eq 0 ];then
+	echo -e "\033[32m sapp is running \033[0m"
+else
+        echo -e "\033[31m sapp is down \033[0m"
+fi
+
+systemctl status tfe-env &>/dev/null
+if [ $? -eq 0 ];then
+	echo -e "\033[32m tfe-env is running \033[0m"
+else
+        echo -e "\033[31m tfe-env is down \033[0m"
+fi
+
+systemctl status tfe &>/dev/null
+if [ $? -eq 0 ];then
+	echo -e "\033[32m tfe is running \033[0m"
+else
+        echo -e "\033[31m tfe is down \033[0m"
+fi
+
+systemctl status certstore &>/dev/null
+if [ $? -eq 0 ];then
+	echo -e "\033[32m certstore is running \033[0m"
+else
+        echo -e "\033[31m certstore is down \033[0m"
+fi
+
+systemctl status cert-redis &>/dev/null
+if [ $? -eq 0 ];then
+	echo -e "\033[32m cert-redis is running \033[0m"
+else
+        echo -e "\033[31m cert-redis is down \033[0m"
+fi

roles/proxy_status/files/proxy_stop

@@ -0,0 +1,12 @@
+#!/bin/bash
+#
+
+systemctl stop tsg-env-tun-mode.service &>/dev/null &
+systemctl stop mrzcpd.service &>/dev/null &
+systemctl stop mrtunnat.service &>/dev/null &
+systemctl stop sapp.service &>/dev/null &
+systemctl stop tfe-env.service &>/dev/null &
+systemctl stop tfe.service &>/dev/null &
+systemctl stop certstore.service &>/dev/null &
+systemctl stop cert-redis.service &>/dev/null &
+

roles/proxy_status/tasks/main.yml

@@ -0,0 +1,24 @@
+---
+- name: "create /opt/proxy_status"
+  file:
+    path: /opt/proxy_status
+    state: directory
+
+- name: "copy files"
+  copy:
+    src: "{{ role_path }}/files/" 
+    dest: /opt/proxy_status
+    mode: 0755
+
+- name: "copy proxy-status.service"
+  copy:
+    src: "{{ role_path }}/files/proxy-status.service"
+    dest: "/usr/lib/systemd/system/"   
+    mode: 0755  
+
+- name: "enable proxy-status"
+  systemd:
+    name: proxy-status
+    enabled: yes
+    daemon_reload: yes
+

roles/sapp/templates/sapp.toml.j2

@@ -9,19 +9,29 @@
 instance_name = "sapp4"
 
 [CPU]
-{% if tsg_running_type == 0 %}
+{% if tsg_access_type == 0 %}
 worker_threads=1
 {% else %}
 worker_threads={{ sapp.worker_threads }}
 {% endif %}
+{% if tsg_access_type == 4 %}
+send_only_threads_max={{ sapp.send_only_threads_max }}
+{% endif %}
 ### note, bind_mask, if you do not want to bind thread to special CPU core, keep it empty as []
-{% if tsg_running_type == 0 %}
+{% if tsg_access_type == 0 %}
 bind_mask=[]
 {% else %}
 bind_mask=[{{ sapp.bind_mask }}]
 {% endif %}
 
 [PACKET_IO]
+{% if tsg_access_type == 4 %}
+### note, used to represent inbound or outbound direction value,
+##### because it comes from other device, so it needs to be specified manually,
+##### if inbound_route_dir=1, then outbound_route_dir=0, vice versa,
+##### in other words, outbound_route_dir = 1 ^ inbound_route_dir;
+inbound_route_dir={{ sapp.inbound_route_dir }}
+{% endif %}
 ### note, BSD_packet_filter, if you do not want to set any filter rule, keep it empty as ""
 BSD_packet_filter=""
    
@@ -37,7 +47,7 @@ BSD_packet_filter=""
     [packet_io.internal.interface]
     {% if tsg_access_type == 0 %}
     type=pcap
-    name={{tsg_tun_mode.internal_interface}}
+    name={{server.internal_interface}}
     {% else %}
     type=marsio
     name=vxlan_user
@@ -46,7 +56,7 @@ BSD_packet_filter=""
     [packet_io.external.interface]
     {% if tsg_access_type == 0 %}
     type=pcap
-    name={{tsg_tun_mode.external_interface}}
+    name={{server.external_interface}}
     {% else %}
     type=pcap
     name=lo

roles/telegraf_statistic/templates/telegraf_statistic.conf.j2

@@ -17,7 +17,7 @@
     files = ["stdout", "/tmp/metrics.out"]
        data_format = "json"
  [[outputs.kafka]]
-   brokers = ["{{ log_kafkabrokers.address }}"]
+   brokers = ["192.168.40.186:9092"]
    topic = "TRAFFIC-METRICS-LOG"
     data_format = "json"
  [[outputs.prometheus_client]]

roles/tfe/files/tfe.service

@@ -0,0 +1,22 @@
+[Unit]
+Description=Tango Frontend Engine
+Requires=tfe-env.service
+After=tfe-env.service
+
+
+[Service]
+Type=notify
+ExecStart=/opt/tsg/tfe/bin/tfe
+WorkingDirectory=/opt/tsg/tfe/
+TimeoutSec=3600s
+RestartSec=10s
+Restart=always
+LimitNOFILE=524288
+LimitNPROC=infinity
+LimitCORE=infinity
+TasksMax=infinity
+Delegate=yes
+KillMode=process
+
+[Install]
+WantedBy=multi-user.target

roles/tfe/tasks/main.yml

@@ -4,11 +4,17 @@
     src: "{{ role_path }}/files/"
     dest: /tmp/ansible_deploy/
 
+- name: "copy tfe.service to destination server"
+  copy:
+    src: "{{ role_path }}/files/tfe.service"
+    dest: /usr/lib/systemd/system/
+    mode: 0755
+ 
 - name: "install tfe rpms from localhost"
   yum:
     name:
       - /tmp/ansible_deploy/tfe-kmod-v1.0.5.20200408-1dkms.noarch.rpm
-      - /tmp/ansible_deploy/tfe-4.3.4.82f04dc-1.el7.x86_64.rpm
+      - /tmp/ansible_deploy/tfe-4.3.5.0db794c-1.el7.x86_64.rpm
     state: present
 
 - name: "template tfe-env config"

roles/tfe/templates/pangu_pxy.conf.j2

@@ -2,8 +2,8 @@
 log_level=30
 
 [log]
-{% if tsg_running_type == 0 %}
+{% if tsg_running_type == 0 or 1 %}
-nic_name={{ tsg_tun_mode.ethname }}
+nic_name={{ server.ethname }}
 {% else %}
 nic_name={{ nic_mgr.name }}
 {% endif %}

roles/tfe/templates/tfe-env-config.j2

@@ -1,7 +1,7 @@
-{% if tsg_running_type == 0 %}
+{% if tsg_access_type == 4 %}
+TFE_DEVICE_DATA_INCOMING={ nic_data_incoming.vf2_name }}
+{% elif tsg_running_type == 0 %}
 TFE_DEVICE_DATA_INCOMING=tun_kni
-{% elif tsg_access_type == 4 %}
-TFE_DEVICE_DATA_INCOMING={{ nic_data_incoming.vf2_name }}
 {% else %}
 TFE_DEVICE_DATA_INCOMING={{ nic_data_incoming.name }}
 {% endif %}
@@ -14,7 +14,7 @@ TFE_PEER_MAC_DATA_INCOMING=aa:bb:cc:dd:ee:ff
 TFE_LOCAL_IP_DATA_INCOMING=172.16.241.2
 TFE_PEER_IP_DATA_INCOMING=172.16.241.1
 
-{% if tsg_running_type == 0 %}
+{% if tsg_running_type == 0 or 1 %}
-TFE_WATCHDOG_DEVICE={{ tsg_tun_mode.tun_name }}
+TFE_WATCHDOG_DEVICE={{ server.tun_name }}
 TFE_WATCHDOG_IP=192.168.100.1
 {% endif %}

roles/tfe/templates/tfe.conf.j2

@@ -31,8 +31,8 @@ service_cache_expire_seconds=600
 # default 0
 mc_cache_enable=1
 # default eth0
-{% if tsg_running_type == 0 %}
+{% if tsg_running_type == 0 or 1 %}
-mc_cache_eth={{ tsg_tun_mode.tun_name }}
+mc_cache_eth={{ server.tun_name }}
 {% else %}
 mc_cache_eth={{ nic_inner_ctrl.name }}
 {% endif %}
@@ -56,7 +56,7 @@ enable_health_check=0
 passthrough_all_tcp=0
 
 [traffic_mirror]
-{% if tsg_running_type == 0 %}
+{% if tsg_running_type == 0 or 1 %}
 device=lo
 {% else %}
 device={{ nic_traffic_mirror.name }}

roles/tsg-env-tun-mode/templates/setup.j2

@@ -1,25 +1,25 @@
 #!/bin/bash
 modprobe 8021q
-vconfig add {{ tsg_tun_mode.ethname }} 100
+vconfig add {{ server.ethname }} 100
-vconfig set_flag {{ tsg_tun_mode.ethname }}.100 1 1
+vconfig set_flag {{ server.ethname }}.100 1 1
-ifconfig {{ tsg_tun_mode.ethname }}.100 192.168.100.1 netmask 255.255.255.0 up
+ifconfig {{ server.ethname }}.100 192.168.100.1 netmask 255.255.255.0 up
 {% if tsg_access_type == 0 %}
-ethtool -K {{ tsg_tun_mode.internal_interface }} tso off
+ethtool -K {{ server.internal_interface }} tso off
-ethtool -K {{ tsg_tun_mode.internal_interface }} gso off
+ethtool -K {{ server.internal_interface }} gso off
-ethtool -K {{ tsg_tun_mode.internal_interface }} gro off
+ethtool -K {{ server.internal_interface }} gro off
-ethtool -K {{ tsg_tun_mode.external_interface }} tso off
+ethtool -K {{ server.external_interface }} tso off
-ethtool -K {{ tsg_tun_mode.external_interface }} gso off
+ethtool -K {{ server.external_interface }} gso off
-ethtool -K {{ tsg_tun_mode.external_interface }} gro off
+ethtool -K {{ server.external_interface }} gro off
 {% elif tsg_access_type == 4 %}
-echo 3 > /sys/class/net/{{ nic_data_incoming.name }}/device/sriov_numvfs
+echo 3 > /sys/class/net/{{ nic_data_incoming.ethname }}/device/sriov_numvfs
-ip link set {{ nic_data_incoming.name }} vf 1 vlan 4095
+ip link set {{ nic_data_incoming.ethname }} vf 1 vlan 4095
-ip link set {{ nic_data_incoming.name }} vf 2 vlan 4095
+ip link set {{ nic_data_incoming.ethname }} vf 2 vlan 4095
-ip link set {{ nic_data_incoming.name }} vf 0 trust on
+ip link set {{ nic_data_incoming.ethname }} vf 0 trust on
-ip link set {{ nic_data_incoming.name }} vf 1 trust on
+ip link set {{ nic_data_incoming.ethname }} vf 1 trust on
-ip link set {{ nic_data_incoming.name }} vf 2 trust on
+ip link set {{ nic_data_incoming.ethname }} vf 2 trust on
-ip link set {{ nic_data_incoming.name }} vf 1 mac 00:0e:c6:d6:72:c1
+ip link set {{ nic_data_incoming.ethname }} vf 1 mac 00:0e:c6:d6:72:c1
-ip link set {{ nic_data_incoming.name }} vf 2 mac fe:65:b7:03:50:bd
+ip link set {{ nic_data_incoming.ethname }} vf 2 mac fe:65:b7:03:50:bd
-ip link set {{ nic_data_incoming.name }} vf 0 spoofchk off
+ip link set {{ nic_data_incoming.ethname }} vf 0 spoofchk off
 ip link set {{ nic_data_incoming.vf0_name }} up
 ip link set {{ nic_data_incoming.vf1_name }} up
 ip link set {{ nic_data_incoming.vf2_name }} up

roles/tsg-env-tun-mode/templates/tsg-env_stop.j2

@@ -1,8 +1,8 @@
 #!/bin/bash
 #
-echo 0 >/sys/class/net/{{ tsg_tun_mode.ethname }}/device/sriov_numvfs
+echo 0 >/sys/class/net/{{ server.ethname }}/device/sriov_numvfs
-ifconfig {{ tsg_tun_mode.ethname }}.100 down
+ifconfig {{ server.ethname }}.100 down
-vconfig rem {{ tsg_tun_mode.ethname }}.100
+vconfig rem {{ server.ethname }}.100
 {% if tsg_access_type == 4 %}
-echo 0 >/sys/class/net/{{ nic_data_incoming.name }}/device/sriov_numvfs
+echo 0 >/sys/class/net/{{ nic_data_incoming.ethname }}/device/sriov_numvfs
 {% endif %}

roles/tsg_master/tasks/main.yml

@@ -6,6 +6,6 @@
 - name: "install tsg_master from localhost"
   yum:
     name:
-      - /tmp/ansible_deploy/tsg_master-1.2.8.2aa222c-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/tsg_master-1.3.3.65833d7-2.el7.x86_64.rpm
     state: present
     skip_broken: yes