增加docker环境基础安装

.gitlab-ci.yml

@@ -0,0 +1,35 @@
+stages:
+- build
+    
+.build_tar:
+  image: "git.mesalab.cn:7443/mesa_platform/build-env:self-test-env"
+  variables:
+    GIT_STRATEGY: "clone"
+    BUILD_PADDING_PREFIX: /tmp/padding_for_PACK_TAR_BUILD_DIRS_PREFIX/
+    TESTING_VERSION_BUILD: 0
+  before_script:
+    - dockerd > /dev/null &
+    - docker info
+    - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
+    - mkdir -p $BUILD_PADDING_PREFIX/$CI_PROJECT_NAMESPACE/
+    - ln -s $CI_PROJECT_DIR $BUILD_PADDING_PREFIX/$CI_PROJECT_PATH
+    - cd $BUILD_PADDING_PREFIX/$CI_PROJECT_PATH
+    - pwd
+    - chmod +x ./ci/travis.sh
+  script:
+    - yum makecache
+    - ./ci/travis.sh
+  tags:
+  - share
+    
+file_build:
+  stage: build
+  variables:
+    VER_NAME: $CI_COMMIT_REF_NAME
+    PULP3_REPO_NAME: install-package-stable
+    PULP3_DIST_NAME: install-package-stable
+
+  extends: .build_tar
+  only:
+    - tags
+

buildPackage.yml

@@ -0,0 +1,3 @@
+- hosts: local
+  roles:
+    - package-build

build_config/group_vars/local.yml

@@ -0,0 +1,10 @@
+tarpath:
+  src:
+    - /tmp/padding_for_PACK_TAR_BUILD_DIRS_PREFIX/tsg/tsg-scripts/install_config
+    - /tmp/padding_for_PACK_TAR_BUILD_DIRS_PREFIX/tsg/tsg-scripts/deploy.yml
+    - /tmp/padding_for_PACK_TAR_BUILD_DIRS_PREFIX/tsg/tsg-scripts/roles/tsg-diagnose
+  destdict: /tmp/padding_for_PACK_TAR_BUILD_DIRS_PREFIX/tsg/tsg-scripts/build/
+
+tsgDiagnoseDockerFile: 
+  unarchiveUrl: https://repo.internal.geedge.net/pulp/content/install/stable/package/docker-rpm-test-docker-ce-7.tar.gz
+  unarchiveDest: /tmp/padding_for_PACK_TAR_BUILD_DIRS_PREFIX/tsg/tsg-scripts/roles/tsg-diagnose/files

build_config/hosts

@@ -0,0 +1,2 @@
+[local]
+localhost ansible_connection=local

ci/travis.sh

@@ -0,0 +1,14 @@
+#!/usr/bin/env sh
+mkdir build || true
+
+cat ./customize.yml >> ./build_config/group_vars/local.yml
+cat ./customize.yml >> ./install_config/group_vars/all.yml
+
+ansible-playbook -i ./build_config -e tarname=tsg-scripts-${VER_NAME}.tar.gz  buildPackage.yml
+
+ls -halt ./build/tsg-scripts-${VER_NAME}.tar.gz
+
+cd build
+cp ~/file_upload_tools.py ./
+
+python3 file_upload_tools.py ${PULP3_REPO_NAME} ${PULP3_DIST_NAME} *.tar.gz

customize.yml

@@ -0,0 +1,52 @@
+rpmdict:
+  tsgDiagnose:
+    fullname: "tsg-diagnose-test_edit_name-1.el7.x86_64.rpm"
+    name: "tsg-diagnose"
+    downpath: "/tmp/padding_for_PACK_TAR_BUILD_DIRS_PREFIX/tsg/tsg-scripts/roles/tsg-diagnose/files/rpms"
+
+dockerEnvRpm:
+  dockerCe:
+    - container-selinux-2.119.2-1.911c772.el7_8.noarch.rpm
+    - selinux-policy-targeted-3.13.1-266.el7_8.1.noarch.rpm
+    - selinux-policy-3.13.1-266.el7_8.1.noarch.rpm
+    - containerd.io-1.2.13-3.2.el7.x86_64.rpm
+    - policycoreutils-python-2.5-34.el7.x86_64.rpm
+    - policycoreutils-2.5-34.el7.x86_64.rpm
+    - libselinux-utils-2.5-15.el7.x86_64.rpm
+    - libselinux-python-2.5-15.el7.x86_64.rpm
+    - libseccomp-2.3.1-4.el7.x86_64.rpm
+    - iptables-1.4.21-34.el7.x86_64.rpm
+    - libcgroup-0.41-21.el7.x86_64.rpm
+    - audit-libs-python-2.8.5-4.el7.x86_64.rpm
+    - setools-libs-3.3.8-4.el7.x86_64.rpm
+    - libsemanage-python-2.5-14.el7.x86_64.rpm
+    - checkpolicy-2.5-8.el7.x86_64.rpm
+    - libnetfilter_conntrack-1.0.6-1.el7_3.x86_64.rpm
+    - python-IPy-0.75-6.el7.noarch.rpm
+    - libnfnetlink-1.0.1-4.el7.x86_64.rpm
+    - libmnl-1.0.3-7.el7.x86_64.rpm
+    - docker-ce-cli-19.03.12-3.el7.x86_64.rpm
+    - docker-ce-19.03.12-3.el7.x86_64.rpm
+  dockerCompose:
+    - libtirpc-0.2.4-0.16.el7.x86_64.rpm
+    - libyaml-0.1.4-11.el7_0.x86_64.rpm
+    - python3-3.6.8-13.el7.x86_64.rpm
+    - python36-cached_property-1.5.1-2.el7.noarch.rpm
+    - python36-chardet-3.0.4-1.el7.noarch.rpm
+    - python36-docker-2.6.1-3.el7.noarch.rpm
+    - python36-dockerpty-0.4.1-18.el7.noarch.rpm
+    - python36-docker-pycreds-0.2.1-2.el7.noarch.rpm
+    - python36-docopt-0.6.2-8.el7.noarch.rpm
+    - python36-idna-2.7-2.el7.noarch.rpm
+    - python36-jsonschema-2.5.1-4.el7.noarch.rpm
+    - python36-pysocks-1.6.8-7.el7.noarch.rpm
+    - python36-PyYAML-3.13-1.el7.x86_64.rpm
+    - python36-requests-2.14.2-2.el7.noarch.rpm
+    - python36-six-1.14.0-2.el7.noarch.rpm
+    - python36-texttable-1.6.2-1.el7.noarch.rpm
+    - python36-urllib3-1.25.6-1.el7.noarch.rpm
+    - python36-websocket-client-0.47.0-2.el7.noarch.rpm
+    - python3-libs-3.6.8-13.el7.x86_64.rpm
+    - python3-pip-9.0.3-7.el7_7.noarch.rpm
+    - python3-setuptools-39.2.0-10.el7.noarch.rpm
+    - docker-compose-1.18.0-4.el7.noarch.rpm

deploy.yml

@@ -16,6 +16,7 @@
     - certstore
     - cert-redis
     - telegraf_statistic
+    - tsg-diagnose
 
 - hosts: blade-01
   roles:

install_config/group_vars/all.yml

@@ -60,6 +60,7 @@ tfe:
   nr_threads: 32
   mc_cache_eth: lo 
   keykeeper:
+    mode: "normal"
     no_cache: 0
 
 ########################################

install_config/hosts

@@ -5,19 +5,19 @@ package_source=local
 [pc-as-tun-mode]
 
 [blade-mxn]
-1.1.1.1 device_id=1
+192.168.40.170
 
 [blade-00]
-1.1.1.1 device_id=1 vvipv4_1= vvipv4_2= vvipv6_1= vvipv6_2=
+192.168.40.166 vvipv4_1= vvipv4_2= vvipv6_1= vvipv6_2=
 
 [blade-01]
-1.1.1.1 device_id=1
+192.168.40.167
 
 [blade-02]
-1.1.1.1 device_id=1
+192.168.40.168
 
 [blade-03]
-1.1.1.1 device_id=1
+192.168.40.169
 
 [Functional_Host:children]
 blade-00

roles/certstore/tasks/main.yml

@@ -10,7 +10,7 @@
 - name: install certstore
   yum:
     name:
-      - /tmp/ansible_deploy/certstore-2.1.2.20200728.7515a19-1.el7.x86_64.rpm
+      - /tmp/ansible_deploy/certstore-v20.05.0f61dde-1.el7.centos.x86_64.rpm
     state: present
 
 - name: template certstore configure file

roles/firewall/tasks/main.yml

@@ -11,22 +11,21 @@
     skip_broken: yes
   vars:
     fw_packages:
-      - /tmp/ansible_deploy/capture_packet_plug-3.0.2.09f193c-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/dns-2.0.2.5effe72-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/clotho-debug-1.0.0.-1.el7.x86_64.rpm
+      - /tmp/ansible_deploy/ftp-1.0.4.5d3a283-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/dns-2.0.6.d8317e9-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/http-2.0.1.e8f12ee-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/ftp-1.0.6.2710506-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/mail-1.0.3.cbc6034-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/fw_dns_plug-3.0.0.0a5d574-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/ssl-1.0.0.73e5273-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/fw_ftp_plug-3.0.0.7a867ea-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/fw_http_plug-3.0.0.1ca1c65-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/fw_mail_plug-3.0.0.3b4e481-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/fw_quic_plug-3.0.0.b06d39c-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/fw_ssl_plug-3.0.1.7ea9976-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/http-2.0.3.9218b4b-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/mail-1.0.7.9e3be05-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/quic-1.1.6.d6755d8-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/ssl-1.0.3.e8482a4-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/tsg_conn_record-1.0.0.2155660-1.el7.centos.x86_64.rpm
-      - /tmp/ansible_deploy/tsg_conn_sketch-2.0.v2.0_alpha.af621ca-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/fw_dns_plug-debug-1.0.3.ea8e0f6-1.el7.centos.x86_64.rpm
+      - /tmp/ansible_deploy/fw_ftp_plug-1.1.0.74c9a05-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/fw_ssl_plug-1.0.3.30fcf35-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/fw_mail_plug-1.1.0.a42c5a0-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/fw_http_plug-1.2.0.a7e63c0-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/capture_packet_plug-debug-1.0.0.-1.el7.x86_64.rpm
+      - /tmp/ansible_deploy/clotho-debug-1.0.0.-1.el7.x86_64.rpm
+      - /tmp/ansible_deploy/quic-1.1.4.9c2e0ba-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/fw_quic_plug-1.0.1.e8cded4-2.el7.x86_64.rpm
 
 - name: "Template the tsgconf/main.conf"
   template:

roles/framework/tasks/main.yml

@@ -18,7 +18,7 @@
       - /tmp/ansible_deploy/libWiredLB-2.0.3.c7d131b-1.el7.x86_64.rpm
       - /tmp/ansible_deploy/libcjson-1.7.8.542ad7f-1.el7.x86_64.rpm
       - /tmp/ansible_deploy/libdocumentanalyze-2.0.4.efdfc29-1.el7.x86_64.rpm
-      - /tmp/ansible_deploy/libmaatframe-3.0.2.dc1fced-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/libmaatframe-2.9.2.7519c63-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/librulescan-2.2.0.900d2b3-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/libwiredcfg-2.0.2.7ce1eea-1.el7.x86_64.rpm
       - /tmp/ansible_deploy/lz4-1.7.5-3.el7.x86_64.rpm

roles/kni/tasks/main.yml

@@ -7,7 +7,7 @@
 - name: "install kni rpms from localhost"
   yum:
     name:
-      - /tmp/ansible_deploy/kni-20.07-1.el7.x86_64.rpm
+      - /tmp/ansible_deploy/kni-20.06-1.el7.x86_64.rpm
     state: present
 
 - name: Template the kni.conf

roles/mrzcpd/tasks/main.yml

@@ -6,7 +6,7 @@
 
 - name: "install mrzcpd"
   yum:
-    name: /tmp/ansible_deploy/mrzcpd-4.3.25.d88306e-1.el7.x86_64.rpm
+    name: /tmp/ansible_deploy/mrzcpd-4.3.21.26314ca-1.el7.x86_64.rpm
     state: present
 
 - name: "update sysconfig/mrzcpd"

roles/mrzcpd/templates/mrglobal.conf.ATCA_40G.j2

@@ -1,7 +1,7 @@
 [device]
 device={{nic_data_incoming.vf0_name}},{{ nic_data_incoming.vf1_name }},vxlan_user,vxlan_fwd
 sz_tunnel=8192
-sz_buffer=32
+sz_buffer=0
 
 [device:{{nic_data_incoming.vf0_name}}]
 mtu=4096
@@ -22,15 +22,12 @@ vlan-id-allow=4095
 vlan-pvid=0
 vlan-pvid-mode=2
 hw_strip_crc=1
-sz_tunnel=8192
-sz_buffer=0
 
 [service]
 # lcore id for i/o service, use comma to split
 iocore={{ mrzcpd.iocore }}
 distmode=2
 hashmode=0
-idle_threshold=10000
 
 [eal]
 virtaddr=0x7f40c4a00000

roles/mrzcpd/templates/mrtunnat.conf.ATCA_40G.j2

@@ -11,7 +11,6 @@ use_recent_tunnel=0
 use_link_info_table=1
 use_tuple4_as_sskey=0
 ctrlzone_addr_info_type=2
-idle_threshold=10000
 
 [vlan_flipping]
 enable=1

roles/package-build/tasks/DockerEnvDownload.yml

@@ -0,0 +1,6 @@
+---
+- name: 'Unarchive docker env rpm file from remote host'
+  unarchive:
+    src: "{{ tsgDiagnoseDockerFile.unarchiveUrl }}"
+    dest: "{{ tsgDiagnoseDockerFile.unarchiveDest }}"
+    remote_src: yes

roles/package-build/tasks/RpmDownload.yml

@@ -0,0 +1,8 @@
+---
+- name: "download rpm package by rpm list"
+  yum:
+    name: "{{ item.value.name }}"
+    state: present
+    download_only: true
+    download_dir: "{{ item.value.downpath }}"
+  with_dict: "{{ rpmdict }}"

roles/package-build/tasks/TarBuild.yml

@@ -0,0 +1,6 @@
+---
+- name: "build install tar package"
+  archive:
+    path: "{{ tarpath.src }}" 
+    dest: "{{ tarpath.destdict }}{{ tarname }}"
+    format: gz

roles/package-build/tasks/main.yml

@@ -0,0 +1,4 @@
+---
+- include: DockerEnvDownload.yml
+- include: RpmDownload.yml
+- include: TarBuild.yml 

roles/sapp/tasks/main.yml

@@ -7,7 +7,7 @@
 - name: "install sapp rpms from localhost"
   yum:
     name:
-      - /tmp/ansible_deploy/sapp-4.0.18.bb2effd-x86_64...rpm
+      - /tmp/ansible_deploy/sapp-4.0.14.91cbc1b-x86_64.rpm
     state: present
     skip_broken: yes
 

roles/sapp/templates/conflist.inf.j2

@@ -25,7 +25,5 @@
 ./plug/business/fw_dns_plug/fw_dns_plug.inf
 ./plug/business/fw_mail_plug/fw_mail_plug.inf
 ./plug/business/fw_ftp_plug/fw_ftp_plug.inf
-./plug/business/fw_quic_plug/fw_quic_plug.inf
 ./plug/business/tsg_conn_record/tsg_conn_record.inf
-./plug/business/tsg_conn_sketch/tsg_conn_sketch.inf
 ./plug/business/capture_packet_plug/capture_packet_plug.inf

roles/tfe/tasks/main.yml

@@ -14,7 +14,7 @@
   yum:
     name:
       - /tmp/ansible_deploy/tfe-kmod-v1.0.5.20200408-1dkms.noarch.rpm
-      - /tmp/ansible_deploy/tfe-4.3.7.39bff00-1.el7.x86_64.rpm
+      - /tmp/ansible_deploy/tfe-4.3.5.0db794c-1.el7.x86_64.rpm
     state: present
 
 - name: "template tfe-env config"
@@ -37,16 +37,6 @@
     src: "{{ role_path }}/templates/pangu_pxy.conf.j2"
     dest: /opt/tsg/tfe/conf/pangu/pangu_pxy.conf
 
-- name: "create conf/doh/"
-  file:
-    path: /opt/tsg/tfe/conf/doh/ 
-    state: directory
-
-- name: "template the doh.conf"
-  template:
-    src: "{{ role_path }}/templates/doh.conf.j2"
-    dest: /opt/tsg/tfe/conf/doh/doh.conf
-
 - name: "create a override conf - first step, create dir"
   file:
     path: /etc/systemd/system/tfe.service.d/

roles/tfe/templates/doh.conf.j2

@@ -1,26 +0,0 @@
-[doh]
-# default 1
-enable=1
-
-[log]
-# default 10
-# RLOG_LV_DEBUG : 10
-# RLOG_LV_INFO  : 20
-# RLOG_LV_FATAL : 30
-log_level=10
-
-[maat]
-# default TSG_OBJ_APP_ID
-table_appid=TSG_OBJ_APP_ID
-# default TSG_SECURITY_ADDR
-table_addr=TSG_SECURITY_ADDR
-# default TSG_FIELD_DOH_QNAME
-table_qname=TSG_FIELD_DOH_QNAME
-# default TSG_FIELD_HTTP_HOST
-table_host=TSG_FIELD_DOH_HOST
-
-[kafka]
-# default 0
-ENTRANCE_ID=0
-# default 1
-en_sendlog=1

roles/tfe/templates/pangu_pxy.conf.j2

@@ -1,107 +1,129 @@
-[debug]
+[debug]
-log_level=10
+log_level=30
-
+
-[log]
+[log]
-entrance_id=0
+{% if tsg_running_type == 0 or 1 %}
-
+nic_name={{ server.ethname }}
-#Addresses of minio. Format is defined by WiredLB.
+{% else %}
-#minio_ip_list=192.168.10.61-64;
+nic_name={{ nic_mgr.name }}
-minio_ip_list= {{ log_minio.address }}
+{% endif %}
-minio_listen_port= {{ log_minio.port }}
+entrance_id=0
-#Maximum number of connections opened by per host.
+device_id_filepath=/opt/tsg/etc/tsg_sn.json
-#MAX_CONNECTION_PER_HOST=1
+kafka_brokerlist= {{ log_kafkabrokers.address }}
-#Maximum number of requests in a pipeline.
+kafka_topic=PROXY-EVENT-LOG
-#MAX_CNNT_PIPELINE_NUM=20
+
-#Maximum parellel sessions(http and redis) is allowed to open.
+#Addresses of minio. Format is defined by WiredLB.
-#MAX_CURL_SESSION_NUM=100
+#minio_ip_list=192.168.10.61-64;
-#Maximum time the request is allowed to take(seconds).
+minio_ip_list= {{ log_minio.address }}
-#MAX_CURL_TRANSFER_TIMEOUT_S=0
+minio_listen_port= {{ log_minio.port }}
-
+#Maximum number of connections opened by per host.
-#Bucket name in minio.
+#MAX_CONNECTION_PER_HOST=1
-cache_bucket_name=proxybucket
+#Maximum number of requests in a pipeline.
-#Maximum size of memory used by tango_cache_client. Upload will fail if the current size of memory used exceeds this value.
+#MAX_CNNT_PIPELINE_NUM=20
-max_used_memroy_size_mb=5120
+#Maximum parellel sessions(http and redis) is allowed to open.
-#Default TTL of objects, i.e. the time after which the object will expire(minumun 60s, i.e. 1 minute).
+#MAX_CURL_SESSION_NUM=100
-cache_default_ttl_second=3600
+#Maximum time the request is allowed to take(seconds).
-#Whether to hash the object key before cache actions. GET/PUT may be faster if you open it.
+#MAX_CURL_TRANSFER_TIMEOUT_S=0
-cache_object_key_hash_switch=1
+
-
+#Bucket name in minio.
-#Store way: 0-MINIO; 1-META in REDIS, object in minio; 2-META and small object in Redis, large object in minio;
+cache_bucket_name=proxybucket
-cache_store_object_way=0
+#Maximum size of memory used by tango_cache_client. Upload will fail if the current size of memory used exceeds this value.
-#If CACHE_STORE_OBJECT_WAY is 2 and the size of a object is not bigger than this value, object will be stored in redis.
+max_used_memroy_size_mb=5120
-redis_cache_object_size=1024000
+#Default TTL of objects, i.e. the time after which the object will expire(minumun 60s, i.e. 1 minute).
-#Configs of WiredLB for Minios load balancer.
+cache_default_ttl_second=3600
-#WIREDLB_OVERRIDE=1
+#Whether to hash the object key before cache actions. GET/PUT may be faster if you open it.
-wiredlb_health_port=42310
+cache_object_key_hash_switch=1
-#If CACHE_STORE_OBJECT_WAY is not 0, we will use redis to store meta and object.
+
-redis_cluster_ip_list=192.168.10.62-63;
+#Store way: 0-MINIO; 1-META in REDIS, object in minio; 2-META and small object in Redis, large object in minio;
-redis_cluster_port_range=6379
+cache_store_object_way=0
-#wired load balancer configuration
+#If CACHE_STORE_OBJECT_WAY is 2 and the size of a object is not bigger than this value, object will be stored in redis.
-
+redis_cache_object_size=1024000
-wiredlb_override=1
+#Configs of WiredLB for Minios load balancer.
-wiredlb_topic=MinioFileLog
+#WIREDLB_OVERRIDE=1
-wiredlb_datacenter=k18consul-tse
+wiredlb_health_port=42310
-wiredlb_health_port=52102
+#If CACHE_STORE_OBJECT_WAY is not 0, we will use redis to store meta and object.
-wiredlb_group=FileLog
+redis_cluster_ip_list=192.168.10.62-63;
-
+redis_cluster_port_range=6379
-log_fsstat_appname=tango_log_file
+#wired load balancer configuration
-log_fsstat_filepath=./tango_log_file.fs
+
-log_fsstat_interval=10
+wiredlb_override=1
-log_fsstat_trig=1
+wiredlb_topic=MinioFileLog
-log_fsstat_dst_ip=10.4.20.202
+wiredlb_datacenter=k18consul-tse
-log_fsstat_dst_port=8125
+wiredlb_health_port=52102
-
+wiredlb_group=FileLog
-[ratelimit]
+
-enable=0
+log_fsstat_appname=tango_log_file
-token_name=ratelimit
+log_fsstat_filepath=./tango_log_file.fs
-redis_server={{ maat_redis_server.address }}
+log_fsstat_interval=10
-redis_port={{ maat_redis_server.port }}
+log_fsstat_trig=1
-redis_db_index=6
+log_fsstat_dst_ip=10.4.20.202
-
+log_fsstat_dst_port=8125
-[tango_cache]
+[maat]
-enable_cache=0
+# 0:json 1: redis 2: iris
-minio_ip_list=192.168.10.61-64;
+maat_input_mode=1
-minio_listen_port=9000
+table_info=resource/pangu/table_info.conf
-
+json_cfg_file=resource/pangu/pangu_http.json
-#max_connection_per_host=1
+stat_file=log/pangu_scan.status
-max_cnnt_pipeline_num=20
+full_cfg_dir=pangu_policy/full/index/
-#max_curl_session_num=100
+inc_cfg_dir=pangu_policy/inc/index/
-
+
-cache_bucket_name=proxybucket
+maat_redis_server={{ maat_redis_server.address }}
-max_used_memory_size_mb=10240
+maat_redis_port_range={{ maat_redis_server.port }}
-cache_default_ttl_second=3600
+maat_redis_db_index={{ maat_redis_server.db }}
-cache_object_key_hash_switch=1
+effect_interval_s=1
-
+#accept_tags={"tags":[{"tag":"location","value":"Astana"}]}
-#1-minio，2-redis
+
-#Store way: 0-MINIO; 1-META in REDIS, object in minio; 2-META and small object in Redis, large object in minio;
+[dynamic_maat]
-cache_store_object_way=0
+maat_input_mode=1
-#If CACHE_STORE_OBJECT_WAY is 2 and the size of a object is not bigger than this value, object will be stored in redis.
+table_info=resource/pangu/dynamic_maat_table_info.conf
-redis_cache_object_size=102400
+maat_redis_server={{ dynamic_maat_redis_server.address }}
-#If CACHE_STORE_OBJECT_WAY is not 0, we will use redis to store meta and object.
+maat_redis_port_range={{ dynamic_maat_redis_server.port }}
-redis_cluster_ip_list=192.168.10.62-63;
+maat_redis_db_index={{ dynamic_maat_redis_server.db }}
-redis_cluster_port_range=6379
+effect_interval_s=1
-#wired load balancer configuration
+
-wiredlb_override=1
+[tango_cache]
-wiredlb_topic=MinioCache
+enable_cache=0
-wiredlb_datacenter=k18consul-tse
+minio_ip_list=192.168.10.61-64;
-wiredlb_health_port=52101
+minio_listen_port=9000
-wiredlb_group=TangoCache
+
-
+#max_connection_per_host=1
-cache_undefined_obj=1
+max_cnnt_pipeline_num=20
-query_undefined_obj=0
+#max_curl_session_num=100
-statsd_server=192.168.10.72
+
-statsd_port=8126
+cache_bucket_name=proxybucket
-histogram_bins=0.20,0.40,0.6,0.8
+max_used_memory_size_mb=10240
-
+cache_default_ttl_second=3600
-log_fsstat_appname=tango_cache
+cache_object_key_hash_switch=1
-log_fsstat_filepath=./tango_cache_client.fs
+
-log_fsstat_interval=10
+#1-minio，2-redis
-log_fsstat_trig=1
+#Store way: 0-MINIO; 1-META in REDIS, object in minio; 2-META and small object in Redis, large object in minio;
-log_fsstat_dst_ip=10.4.20.201
+cache_store_object_way=0
-log_fsstat_dst_port=8125
+#If CACHE_STORE_OBJECT_WAY is 2 and the size of a object is not bigger than this value, object will be stored in redis.
-
+redis_cache_object_size=102400
-
+#If CACHE_STORE_OBJECT_WAY is not 0, we will use redis to store meta and object.
-[traffic_mirror]
+redis_cluster_ip_list=192.168.10.62-63;
-table_info=resource/pangu/table_info_traffic_mirror.conf
+redis_cluster_port_range=6379
-stat_file=log/traffic_mirror.status
+#wired load balancer configuration
-
+wiredlb_override=1
+wiredlb_topic=MinioCache
+wiredlb_datacenter=k18consul-tse
+wiredlb_health_port=52101
+wiredlb_group=TangoCache
+
+cache_undefined_obj=1
+query_undefined_obj=0
+statsd_server={{fs_remote.address}}
+statsd_port={{fs_remote.port}}
+histogram_bins=0.20,0.40,0.6,0.8
+
+log_fsstat_appname=tango_cache
+log_fsstat_filepath=./tango_cache_client.fs
+log_fsstat_interval=10
+log_fsstat_trig=1
+log_fsstat_dst_ip=10.4.20.201
+log_fsstat_dst_port=8125
+
+
+[traffic_mirror]
+table_info=resource/pangu/table_info_traffic_mirror.conf
+stat_file=log/traffic_mirror.status

roles/tfe/templates/tfe.conf.j2

@@ -1,15 +1,14 @@
 [system]
 nr_worker_threads={{ tfe.nr_threads }}
-enable_breakpad=0
+enable_breakpad=1
 enable_breakpad_upload=0
 breakpad_minidump_dir=/run/tfe/crashreport/
 breakpad_upload_url=http://127.0.0.1:9000/
 disable_coredump=0
 
-
 [kni]
 ip=192.168.100.1
-cmsg_port=2475
+scm_port=2475
 watchdog_switch=1
 watchdog_port=2476
 
@@ -45,17 +44,15 @@ mc_cache_topic=PXY-EXCH-INTERMEDIA-CERT
 [key_keeper]
 #Mode: debug - generate cert with ca_path, normal - generate cert with cert store
 #0 on cache 1 off cache
-mode= normal
+mode= {{ tfe.keykeeper.mode }}
 no_cache=0
 cert_store_host= {{ cert_store_server.address }}
 cert_store_port= {{ cert_store_server.port }}
 ca_path=resource/tfe/tango-ca-v3-trust-ca.pem
 untrusted_ca_path=resource/tfe/tango-ca-v3-untrust-ca.pem
-# health_check only for "mode=normal"
+enable_health_check=0
-# default 1
-enable_health_check=1
 
-[debug]
+[debug]	
 passthrough_all_tcp=0
 
 [traffic_mirror]
@@ -87,45 +84,6 @@ level=10
 [stat]
 statsd_server={{ fs_remote.address }}
 statsd_port={{ fs_remote.port }}
-statsd_cycle=5
-# FS_OUTPUT_STATSD=1, FS_OUTPUT_INFLUX_LINE=2
-statsd_format=2
 
 [http]
 loglevel=10
-
-[kafka]
-enable=1
-{% if tsg_running_type == 0 or 1 %}
-nic_name={{ server.ethname }}
-{% else %}
-nic_name={{ nic_mgr.name }}
-{% endif %}
-kafka_brokerlist={{ log_kafkabrokers.address }}
-kafka_topic=PROXY-EVENT-LOG
-device_id_filepath=/opt/tsg/etc/tsg_sn.json
-
-[maat]
-# 0:json 1: redis 2: iris
-maat_input_mode=1
-table_info=resource/pangu/table_info.conf
-json_cfg_file=resource/pangu/pangu_http.json
-stat_file=log/pangu_scan.status
-full_cfg_dir=pangu_policy/full/index/
-inc_cfg_dir=pangu_policy/inc/index/
-
-maat_redis_server={{ maat_redis_server.address }}
-maat_redis_port_range={{ maat_redis_server.port }}
-maat_redis_db_index={{ maat_redis_server.db }}
-effect_interval_s=1
-#accept_tags={"tags":[{"tag":"location","value":"Astana"}]}
-accept_path=/opt/tsg/etc/tsg_device_tag.json
-
-[dynamic_maat]
-maat_input_mode=1
-table_info=resource/pangu/dynamic_maat_table_info.conf
-maat_redis_server={{ dynamic_maat_redis_server.address }}
-maat_redis_port_range={{ dynamic_maat_redis_server.port }}
-maat_redis_db_index={{ dynamic_maat_redis_server.db }}
-effect_interval_s=1
-

roles/tsg-diagnose/tasks/DockerEnv.yml

@@ -0,0 +1,19 @@
+--- 
+- name: "Install docker-ce"
+  yum:
+    name: "/tmp/ansible_deploy/tsg-diagnose/rpms/rpm-docker/docker-ce/{{ item }}"
+    state: present
+    with_items: "{{ dockerEnvRpm.dockerCe }}"
+
+- name: "Install docker-compose"
+  yum:
+    name: "/tmp/ansible_deploy/tsg-diagnose/rpms/rpm-docker/docker-compose/{{ item }}"
+    state: present
+    with_items: "{{ dockerEnvRpm.dockerCompose }}"
+
+- name: 'Docker service start'
+  systemd:
+    name: docker
+    enabled: yes
+    daemon_reload: yes
+

roles/tsg-diagnose/tasks/TsgDiagnose.yml

@@ -0,0 +1,12 @@
+--- 
+- name: "Install tsg-diagnose rpm package"
+  yum:
+    name:
+      - "/tmp/ansible_deploy/tsg-diagnose/rpms/{{rpmdict.tsgDiagnose.fullname}}"
+    state: present
+    
+- name: 'Tsg-diagnose service start'
+  systemd:
+    name: tsg-diagnose
+    enabled: yes
+    daemon_reload: yes

roles/tsg-diagnose/tasks/main.yml

@@ -0,0 +1,14 @@
+--- 
+- name: 'Copy tsg-diagnose file to device'
+  copy: 
+    src: "{{item.src}}"
+    dest: "{{item.dest}}"
+    mode: "{{item.mode}}"
+  with_items:
+    - { src: "{{ role_path }}/files/", dest: "/tmp/ansible_deploy/tsg-diagnose", mode: '0755' }
+    
+- name: 'Install docker env rpm'
+  include: DockerEnv.yml
+
+- name: 'Install Tsg-diagnose'
+  include: TsgDiagnose.yml

roles/tsg_device_tag/tasks/main.yml

@@ -1,9 +0,0 @@
-- name: "create /opt/tsg/etc/"
-  file:
-    path: /opt/proxy_status
-    state: directory
-
-- name: "Template tsg_device_tag.json"
-  template:
-    src: "{{ role_path }}/templates/tsg_device_tag.json.j2"
-    dest: /opt/tsg/etc/tsg_device_tag.json

roles/tsg_device_tag/templates/tsg_device_tag.json.j2

@@ -1,2 +0,0 @@
-[MAAT]
-ACCEPT_TAGS={"tags":[{"tag":"device_id","value":"{{ device_id }}"}]}

roles/tsg_master/tasks/main.yml

@@ -6,6 +6,6 @@
 - name: "install tsg_master from localhost"
   yum:
     name:
-      - /tmp/ansible_deploy/tsg_master-3.0.4.40fa047-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/tsg_master-1.3.3.65833d7-2.el7.x86_64.rpm
     state: present
     skip_broken: yes