update

2020-09-14 21:55:36 +08:00 · 2020-09-14 21:48:27 +08:00 · 2020-09-10 20:19:30 +08:00 · 2020-09-10 20:12:17 +08:00 · 2020-09-10 03:22:39 +08:00 · 2020-09-04 10:55:01 +08:00
65 changed files with 2424 additions and 478 deletions
--- a/deploy.yml
+++ b/deploy.yml
@@ -1,11 +1,17 @@
- hosts: Functional_Host
+- hosts: adc_mxn
+  remote_user: root
  roles:
-    - framework
-    - kernel-ml
+#    - tsg-env-mxn

- hosts: blade-00
+- hosts: adc_mcn0
+  remote_user: root
+  vars_files:
+    - install_config/group_vars/adc_global.yml
+    - install_config/group_vars/adc_mcn0.yml
  roles:
 #    - tsg-env-mcn0
+    - framework
+    - kernel-ml
    - mrzcpd
    - sapp
    - tsg_master
@@ -16,30 +22,48 @@
    - certstore
    - cert-redis
    - telegraf_statistic
+    - tsg_device_tag

- hosts: blade-01
+- hosts: adc_mcn1
+  remote_user: root
+  vars_files:
+    - install_config/group_vars/adc_global.yml
+    - install_config/group_vars/adc_mcn1.yml
  roles:
 #    - tsg-env-mcn1
+    - framework
+    - kernel-ml
    - mrzcpd
    - tfe

- hosts: blade-02
+- hosts: adc_mcn2
+  remote_user: root
+  vars_files:
+    - install_config/group_vars/adc_global.yml
+    - install_config/group_vars/adc_mcn2.yml
  roles:
 #    - tsg-env-mcn2
+    - framework
+    - kernel-ml
    - mrzcpd
    - tfe

- hosts: blade-03
+- hosts: adc_mcn3
+  remote_user: root
+  vars_files:
+    - install_config/group_vars/adc_global.yml
+    - install_config/group_vars/adc_mcn3.yml
  roles:
 #    - tsg-env-mcn3
+    - framework
+    - kernel-ml
    - mrzcpd
    - tfe

- hosts: blade-mxn
-  roles:
-#    - tsg-env-mxn
-
- hosts: pc-as-tun-mode
+- hosts: server-as-tun-mode
+  remote_user: root
+  vars_files:
+    - install_config/group_vars/server_as_tun_mode.yml
  roles:
    - kernel-ml
    - framework
@@ -56,3 +80,4 @@
    - tfe
    - telegraf_statistic
    - proxy_status
+    - tsg_device_tag
--- a/install_config/group_vars/adc_global.yml
+++ b/install_config/group_vars/adc_global.yml
@@ -0,0 +1,89 @@
+#########################################
+#####1: Inline_device;  2: Allot;  3: ADC_Tun_mode;
+tsg_access_type: 3
+#####2: ADC;
+tsg_running_type: 2
+
+########################################
+#IP Config
+maat_redis_server:
+  address: "192.168.40.168"
+  port: 7002
+  db: 0
+
+dynamic_maat_redis_server:
+  address: "192.168.40.168"
+  port: 7002
+  db: 0
+
+cert_store_server:
+  address: "192.168.100.1"
+  port: 9991
+
+log_kafkabrokers:
+  address: "1.1.1.1:9092,2.2.2.2:9092"
+
+log_minio:
+  address: "192.168.40.168;"
+  port: 9090
+
+#########################################
+#Log Level Config
+#日志等级 10:DEBUG 20:INFO 30:FATAL
+fw_ftp_log_level: 30
+fw_mail_log_level: 30
+fw_http_log_level: 30
+fw_dns_log_level: 30
+fw_quic_log_level: 30
+capture_packet_log_level: 30
+tsg_log_level: 30
+tsg_master_log_level: 30
+kni_log_level: 30
+tfe_log_level: 30
+tfe_http_log_level: 30
+pangu_log_level: 30
+doh_log_level: 30
+certstore_log_level: 30
+clotho_log_level: 10
+
+#######################################
+#Sapp Performance Config
+#Sapp工作在ADC计算板0时，建议使用如下30+8的配置，以保证更高的处理性能
+sapp:
+  worker_threads: 30
+  send_only_threads_max: 8
+  bind_mask: 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37
+  inbound_route_dir: 1
+
+########################################
+#Kni Config
+kni:
+  global:
+    tfe_node_count: 3
+  watch_dog:
+    switch: 1
+  maat:
+    readconf_mode: 2
+  send_logger:
+    switch: 1
+  tfe_nodes:
+    tfe0_enabled: 1
+    tfe1_enabled: 1
+    tfe2_enabled: 1
+
+########################################
+#Tfe Config
+tfe:
+  nr_threads: 32
+  mc_cache_eth: lo 
+  keykeeper:
+    no_cache: 0
+
+########################################
+#Marsio Config
+#marsio工作在ADC计算板时，建议使用如下配置，以保证更高的处理性能
+mrzcpd:
+  iocore: 44,45,46,47
+
+mrtunnat:
+  lcore_id: 40,41,42,43
--- a/install_config/group_vars/adc_mcn0.yml
+++ b/install_config/group_vars/adc_mcn0.yml
@@ -0,0 +1,37 @@
+#########################################
+#Mcn0管理口网卡名
+nic_mgr:
+  name: enp6s0
+
+#########################################
+#Mcn0流量接入网卡，固定配置
+nic_data_incoming:
+  name: ens1f4
+
+#########################################
+#Mcn0其他数据口网卡名配置，固定配置
+nic_inner_ctrl:
+  name: ens1.100
+nic_to_tfe:
+  tfe0:
+      name: ens1f5
+  tfe1:
+      name: ens1f6
+  tfe2:
+      name: ens1f7
+
+#########################################
+#串联设备接入相关配置
+inline_device_config:
+  keepalive_ip: 192.168.1.30
+  keepalive_mask: 255.255.255.252
+
+#########################################
+#Allot接入相关配置
+AllotAccess:
+  virturlInterface_1: ens1f2.103
+  virturlInterface_2: ens1f2.104
+  virturlID_1: 103
+  virturlID_2: 104
+  vvipv4_mask: 24
+  vvipv6_mask: 64
--- a/install_config/group_vars/adc_mcn1.yml
+++ b/install_config/group_vars/adc_mcn1.yml
@@ -0,0 +1,17 @@
+#########################################
+#Mcn1管理口网卡名
+nic_mgr:
+  name: enp6s0
+
+#########################################
+#Mcn1流量接入网卡，固定配置
+nic_data_incoming:
+  name: ens1f1
+
+#########################################
+#Mcn1其他数据口网卡名配置，固定配置
+nic_inner_ctrl:
+  name: ens1.100
+nic_traffic_mirror:
+  name: ens1f2
+  use_mrzcpd: 1
--- a/install_config/group_vars/adc_mcn2.yml
+++ b/install_config/group_vars/adc_mcn2.yml
@@ -0,0 +1,17 @@
+#########################################
+#Mcn2管理口网卡名
+nic_mgr:
+  name: enp6s0
+
+#########################################
+#Mcn2流量接入网卡，固定配置
+nic_data_incoming:
+  name: ens8f1
+
+#########################################
+#Mcn2其他数据口网卡名配置，固定配置
+nic_inner_ctrl:
+  name: ens8.100
+nic_traffic_mirror:
+  name: ens8f2
+  use_mrzcpd: 1
--- a/install_config/group_vars/adc_mcn3.yml
+++ b/install_config/group_vars/adc_mcn3.yml
@@ -0,0 +1,17 @@
+#########################################
+#Mcn3管理口网卡名
+nic_mgr:
+  name: enp6s0
+
+#########################################
+#Mcn3流量接入网卡，固定配置
+nic_data_incoming:
+  name: ens8f1
+
+#########################################
+#Mcn3其他数据口网卡名配置，固定配置
+nic_inner_ctrl:
+  name: ens8.100
+nic_traffic_mirror:
+  name: ens8f2
+  use_mrzcpd: 1
--- a/install_config/group_vars/all.yml
+++ b/install_config/group_vars/all.yml
@@ -1,101 +0,0 @@
-#########################################
-#####0: Pcap; 1: Inline_device;  2: Allot;  3: ADC_Tun_mode;  4: ATCA;
-tsg_access_type: 4
-
-#####0: Tun_mode;  1: normal; 2: ADC;
-tsg_running_type: 1 
-
-#Common combination mode:
-#1:Server or PC tun mode:      0 + 0
-#2:Server with Inline device:  1 + 1
-#3:ADC with Inline device:     1 + 2
-#4:ADC with Allot:             2 + 2
-#5:ADC tun mode:               3 + 1
-#6:ATCA:                       4 + 1
-
-########################################
-maat_redis_server:
-  address: "192.168.40.168"
-  port: 7002
-  db: 0
-
-dynamic_maat_redis_server:
-  address: "192.168.40.168"
-  port: 7002
-  db: 0
-
-cert_store_server:
-  address: "192.168.100.1"
-  port: 9991
-
-log_kafkabrokers:
-  address: "1.1.1.1:9092,2.2.2.2:9092"
-
-log_minio:
-  address: "192.168.40.168;"
-  port: 9090
-
-fs_remote:
-  switch: 1
-  address: "192.168.100.1"
-  port: 58125
-  
-########################################
-sapp:
-  worker_threads: 16
-  send_only_threads_max: 8
-  bind_mask: 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16
-  inbound_route_dir: 1
-
-########################################
-kni:
-  global:
-    log_level: 30
-    tfe_node_count: 3
-  watch_dog:
-    switch: 1
-  maat:
-    readconf_mode: 2
-  send_logger:
-    switch: 1
-  tfe_nodes:
-    tfe0_enabled: 1
-    tfe1_enabled: 1
-    tfe2_enabled: 1
-
-########################################
-tfe:
-  nr_threads: 32
-  mc_cache_eth: lo 
-  keykeeper:
-    no_cache: 0
-
-########################################
-mrzcpd:
-  iocore: 39
-
-mrtunnat:
-  lcore_id: 38
-
-#############ATCA config################
-nic_data_incoming:
-  ethname: enp1s0
-  vf0_name: enp1s2
-  vf1_name: enp1s2f1
-  vf2_name: enp1s2f2
-
-VlanFlipping:
-  vlanID_1: 100
-  vlanID_2: 101
-  vlanID_3: 103
-  vlanID_4: 104
-
-#############Server or PC tun mode######
-server:
-  ethname: eth0
-  tun_name: eth0.100
-  internal_interface: "eth2"
-  external_interface: "eth3"
-
-
-
--- a/install_config/group_vars/blade-00.yml
+++ b/install_config/group_vars/blade-00.yml
@@ -1,23 +0,0 @@
-nic_mgr:
-    name: enp6s0
-nic_data_incoming:
-    name: ens1f4
-    ip: 192.168.1.30
-    mask: 255.255.255.252
-nic_inner_ctrl:
-    name: ens1.100
-nic_to_tfe:
-    tfe0:
-        name: ens1f5
-    tfe1:
-        name: ens1f6
-    tfe2:
-        name: ens1f7
-
-AllotAccess:
-    virturlInterface_1: ens1f2.103
-    virturlInterface_2: ens1f2.104
-    virturlID_1: 103
-    virturlID_2: 104
-    vvipv4_mask: 24
-    vvipv6_mask: 64
--- a/install_config/group_vars/blade-01.yml
+++ b/install_config/group_vars/blade-01.yml
@@ -1,11 +0,0 @@
-nic_mgr:
-    name: enp6s0
-nic_data_incoming:
-    name: ens1f1
-    mac: AA:BB:CC:DD:EE:FF
-    address: 127.0.0.1
-nic_inner_ctrl:
-    name: ens1.100
-nic_traffic_mirror:
-    name: ens1f2
-    use_mrzcpd: 1
--- a/install_config/group_vars/blade-02.yml
+++ b/install_config/group_vars/blade-02.yml
@@ -1,10 +0,0 @@
-nic_mgr:
-    name: enp6s0
-nic_data_incoming:
-    name: ens8f1
-    mac: AA:BB:CC:DD:EE:FF
-nic_inner_ctrl:
-    name: ens8.100
-nic_traffic_mirror:
-    name: ens8f2
-    use_mrzcpd: 1
--- a/install_config/group_vars/blade-03.yml
+++ b/install_config/group_vars/blade-03.yml
@@ -1,10 +0,0 @@
-nic_mgr:
-    name: enp6s0
-nic_data_incoming:
-    name: ens8f1
-    mac: AA:BB:CC:DD:EE:FF
-nic_inner_ctrl:
-    name: ens8.100
-nic_traffic_mirror:
-    name: ens8f2
-    use_mrzcpd: 1
--- a/install_config/group_vars/server_as_tun_mode.yml
+++ b/install_config/group_vars/server_as_tun_mode.yml
@@ -0,0 +1,130 @@
+#########################################
+#####0: Pcap;  1: Inline_device;  4: ATCA_Vlan_Flipping;  5:ATCA_VXLAN;
+tsg_access_type: 1
+#####0: Tun_mode;  1: normal;
+tsg_running_type: 1
+
+########################################
+#Server Basic Config
+nic_mgr:
+  name: eth0
+
+nic_inner_ctrl:
+  name: eth0.100
+
+#########################################
+#IP Config
+maat_redis_server:
+  address: "192.168.40.168"
+  port: 7002
+  db: 0
+
+dynamic_maat_redis_server:
+  address: "192.168.40.168"
+  port: 7002
+  db: 0
+
+cert_store_server:
+  address: "192.168.100.1"
+  port: 9991
+
+log_kafkabrokers:
+  address: "1.1.1.1:9092,2.2.2.2:9092"
+
+log_minio:
+  address: "192.168.40.168;"
+  port: 9090
+
+#########################################
+#Log Level Config
+#日志等级 10:DEBUG 20:INFO 30:FATAL
+fw_ftp_log_level: 10
+fw_mail_log_level: 10
+fw_http_log_level: 10
+fw_dns_log_level: 10
+fw_quic_log_level: 10
+capture_packet_log_level: 10
+tsg_log_level: 10
+tsg_master_log_level: 10
+kni_log_level: 10
+tfe_log_level: 10
+tfe_http_log_level: 10
+pangu_log_level: 10
+doh_log_level: 10
+certstore_log_level: 10
+clotho_log_level: 10
+
+#########################################
+#Sapp Performance Config
+#如果tsg_access_type=0，sapp跑在pcap模式，则以下配置可忽略
+sapp:
+  worker_threads: 16
+  send_only_threads_max: 8
+  bind_mask: 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23
+  inbound_route_dir: 1
+
+#########################################
+#Sapp Double-Arm Config
+packet_io:
+  internal_interface: eth2
+  external_interface: eth3
+
+
+#########################################
+#Kni Config
+kni:
+  global:
+    tfe_node_count: 1
+  watch_dog:
+    switch: 1
+  maat:
+    readconf_mode: 2
+  send_logger:
+    switch: 1
+  tfe_nodes:
+    tfe0_enabled: 1
+    tfe1_enabled: 0
+    tfe2_enabled: 0
+
+#########################################
+#Tfe Config
+tfe:
+  nr_threads: 32
+  mc_cache_eth: lo 
+  keykeeper:
+    no_cache: 0
+
+#########################################
+#Marsio Config
+mrzcpd:
+  iocore: 39
+
+mrtunnat:
+  lcore_id: 38
+
+#########################################
+#ATCA Config
+#下列配置只在tsg_access_type=4时生效
+ATCA_data_incoming:
+  ethname: enp1s0
+  vf0_name: enp1s2
+  vf1_name: enp1s2f1
+  vf2_name: enp1s2f2
+
+ATCA_VlanFlipping:
+  vlanID_1: 100
+  vlanID_2: 101
+  vlanID_3: 103
+  vlanID_4: 104
+
+#下列配置只在tsg_access_type=5时生效
+ATCA_VXLAN:
+  keepalive_ip: "10.254.19.1"
+  keepalive_mask: "255.255.255.252"
+
+#########################################
+#Inline Device Config
+inline_device_config:
+  keepalive_ip: 192.168.1.30
+  keepalive_mask: 255.255.255.252
+  data_incoming: eth5
--- a/install_config/hosts
+++ b/install_config/hosts
@@ -1,26 +1,36 @@
-[all:vars]
-ansible_user=root
-package_source=local
+###################
+#   For example   #
+###################
+#变量device_id根据设备序号设置即可
+#变量vvipv4_1、vvipv4_2、vvipv6_1、vvipv6_2为Allot相关配置，其他环境可不填或直接删除变量
+#
+#[server-as-tun-mode]
+#1.1.1.1 device_id=device_1
+#
+#[adc_mxn]
+#10.3.72.1
+#10.3.72.2
+#
+#[adc_mcn0]
+#10.3.73.1 device_id=device_1 vvipv4_1=10.3.61.1 vvipv4_2=10.3.62.1 vvipv6_1=fc00::61:1 vvipv6_2=fc00::62:1
+#10.3.73.2 device_id=device_2 vvipv4_1=10.3.61.2 vvipv4_2=10.3.62.2 vvipv6_1=fc00::61:2 vvipv6_2=fc00::62:2
+#
+#[adc_mcn1]
+#10.3.74.1 device_id=device_1
+#10.3.74.2 device_id=device_2
+#
+#[adc_mcn2]
+#10.3.75.1 device_id=device_1
+#10.3.75.2 device_id=device_2
+#
+#[adc_mcn3]
+#10.3.76.1 device_id=device_1
+#10.3.76.2 device_id=device_2

-[pc-as-tun-mode]
+[server-as-tun-mode]
+[adc_mxn]
+[adc_mcn0]
+[adc_mcn1]
+[adc_mcn2]
+[adc_mcn3]

-[blade-mxn]
-1.1.1.1 device_id=1
-
-[blade-00]
-1.1.1.1 device_id=1 vvipv4_1= vvipv4_2= vvipv6_1= vvipv6_2=
-
-[blade-01]
-1.1.1.1 device_id=1
-
-[blade-02]
-1.1.1.1 device_id=1
-
-[blade-03]
-1.1.1.1 device_id=1
-
-[Functional_Host:children]
-blade-00
-blade-01
-blade-02
-blade-03
--- a/roles/certstore/templates/cert_store.ini.j2
+++ b/roles/certstore/templates/cert_store.ini.j2
@@ -2,7 +2,7 @@
 #1:print on screen, 0:don't
 DEBUG_SWITCH = 1
 #10:DEBUG, 20:INFO, 30:FATAL
-RUN_LOG_LEVEL = 10
+RUN_LOG_LEVEL = {{ certstore_log_level }}
 RUN_LOG_PATH = ./logs
 [CONFIG]
 #Number of running threads
--- a/roles/clotho/templates/clotho.conf.j2
+++ b/roles/clotho/templates/clotho.conf.j2
@@ -2,10 +2,6 @@
 BROKER_LIST={{ log_kafkabrokers.address }}

 [SYSTEM]
-{% if tsg_running_type == 0 or 1 %}
-NIC_NAME={{ server.ethname }}
-{% else %}
 NIC_NAME={{ nic_mgr.name }}
-{% endif %}
-LOG_LEVEL=10
+LOG_LEVEL={{ clotho_log_level }}
 LOG_PATH=log/clotho
--- a/roles/firewall/templates/capture_packet_plug.conf.j2
+++ b/roles/firewall/templates/capture_packet_plug.conf.j2
@@ -15,15 +15,11 @@ INC_CFG_DIR=capture_packet_rule/inc/index/
 FULL_CFG_DIR=capture_packet_rule/full/index/

 [LOG]
-{% if tsg_running_type == 0 or 1 %}
-NIC_NAME={{ server.ethname }}
-{% else %}
 NIC_NAME={{ nic_mgr.name }}
-{% endif %}
 BROKER_LIST={{ log_kafkabrokers.address }}
 FIELD_FILE=conf/capture_packet_log_field.conf

 [SYSTEM]
-LOG_LEVEL=10
+LOG_LEVEL={{ capture_packet_log_level }}
 LOG_PATH=./tsglog/capture_packet_plug/capture_packet

--- a/roles/firewall/templates/main.conf.j2
+++ b/roles/firewall/templates/main.conf.j2
@@ -1,20 +1,24 @@
 [FTP_PLUG]
 LOG_PATH=./tsglog/fw_ftp_plug/fw_ftp_plug
-LOG_LEVEL=10
+LOG_LEVEL={{ fw_ftp_log_level }}
 TIMEOUT=600

 [MAIL_PLUG]
 LOG_PATH=./tsglog/fw_mail_plug/fw_mail_plug
-LOG_LEVEL=10
+LOG_LEVEL={{ fw_mail_log_level }}
 TIMEOUT=600

 [HTTP_PLUG]
 LOG_PATH=./tsglog/fw_http_plug/fw_http_plug
-LOG_LEVEL=10
+LOG_LEVEL={{ fw_http_log_level }}

 [DNS_PLUG]
 LOG_PATH=./tsglog/fw_dns_plug/fw_dns_plug
-LOG_LEVEL=10
+LOG_LEVEL={{ fw_dns_log_level }}
+
+[QUIC_PLUG]
+LOG_PATH=./tsglog/fw_quic_plug/fw_quic_plug
+LOG_LEVEL={{ fw_quic_log_level }}

 [MAAT]
 PROFILE=./tsgconf/maat.conf
@@ -24,32 +28,28 @@ IP_ADDR_TABLE=TSG_SECURITY_ADDR

 [TSG_LOG]
 MODE=1
-{% if tsg_running_type == 0 or 1 %}
-NIC_NAME={{ server.ethname }}
-{% else %}
 NIC_NAME={{ nic_mgr.name }}
-{% endif %}
 MAX_SERVICE=1
-LOG_LEVEL=10
+LOG_LEVEL={{ tsg_log_level }}
 LOG_PATH=./tsglog/tsglog
 BROKER_LIST={{ log_kafkabrokers.address }}
 COMMON_FIELD_FILE=tsgconf/tsg_log_field.conf

 [STATISTIC]
-CYCLE=1
+CYCLE=5
 TELEGRAF_PORT=8100
 TELEGRAF_IP=127.0.0.1
 OUTPUT_PATH=./tsg_statistic.log
 APP_NAME=statistic

 [FIELD_STAT]
-CYCLE=3
-TELEGRAF_PORT=8125
+CYCLE=5
+TELEGRAF_PORT=8100
 TELEGRAF_IP=127.0.0.1
 OUTPUT_PATH=./tsg_stat.log
 APP_NAME=tsg_master

 [SYSTEM]
-LOG_LEVEL=10
+LOG_LEVEL={{ tsg_master_log_level }}
 LOG_PATH=./tsglog/tsg_master
 POLICY_PRIORITY_LABEL=POLICY_PRIORITY
--- a/roles/kernel-ml/files/elfutils-libelf-devel-0.168-8.el7.x86_64.rpm
+++ b/roles/kernel-ml/files/elfutils-libelf-devel-0.168-8.el7.x86_64.rpm
--- a/roles/kernel-ml/files/pkgconfig-0.27.1-4.el7.x86_64.rpm
+++ b/roles/kernel-ml/files/pkgconfig-0.27.1-4.el7.x86_64.rpm
--- a/roles/kernel-ml/files/zlib-devel-1.2.7-17.el7.x86_64.rpm
+++ b/roles/kernel-ml/files/zlib-devel-1.2.7-17.el7.x86_64.rpm
--- a/roles/kernel-ml/tasks/main.yml
+++ b/roles/kernel-ml/tasks/main.yml
@@ -7,6 +7,9 @@
 - name: "install kernels-ml"
  yum:
    name:
+      - /tmp/ansible_deploy/pkgconfig-0.27.1-4.el7.x86_64.rpm
+      - /tmp/ansible_deploy/zlib-devel-1.2.7-17.el7.x86_64.rpm
+      - /tmp/ansible_deploy/elfutils-libelf-devel-0.168-8.el7.x86_64.rpm
      - /tmp/ansible_deploy/kernel/kernel-ml-5.1.8-1.el7.elrepo.x86_64.rpm
      - /tmp/ansible_deploy/kernel/kernel-ml-devel-5.1.8-1.el7.elrepo.x86_64.rpm
      - /tmp/ansible_deploy/dkms-2.7.1-1.el7.noarch.rpm
@@ -25,12 +28,18 @@
    - tsg_access_type == 4
    - t_kernel_ml.changed

- name: "grub2-mkconfig"
+- name: "BIOS:grub2-mkconfig"
  shell: grub2-mkconfig -o /boot/grub2/grub.cfg
  when:
    - tsg_access_type == 4
    - t_kernel_ml.changed

+- name: "UEFI:grub2-mkconfig"
+  shell: grub2-mkconfig  -o /boot/efi/EFI/centos/grub.cfg
+  when:
+    - tsg_access_type == 4
+    - t_kernel_ml.changed
+
 - name: "reboot"
  reboot:
  when: t_kernel_ml.changed
--- a/roles/kni/templates/kni.conf.j2
+++ b/roles/kni/templates/kni.conf.j2
@@ -1,13 +1,9 @@
 [global]
 log_path = ./log/kni/kni.log
-log_level = {{ kni.global.log_level }}
+log_level = {{ kni_log_level }}
 tfe_node_count = {{ kni.global.tfe_node_count }}
-{% if tsg_running_type == 0 or 1 %}
-manage_eth = {{ server.ethname }}
-{% else %}
 manage_eth = {{ nic_mgr.name }}
-{% endif %}
-{% if tsg_running_type == 0 %}
+{% if tsg_running_type != 2 %}
 deploy_mode = tun
 {% else %}
 deploy_mode = normal
@@ -18,7 +14,7 @@ dst_mac_addr = fe:65:b7:03:50:bd
 {% if tsg_access_type == 4 %}
 [tfe0]
 enabled = 1
-dev_eth_symbol = {{ nic_data_incoming.vf1_name }}
+dev_eth_symbol = {{ ATCA_data_incoming.vf1_name }}
 ip_addr = 192.168.100.1
 {% elif tsg_running_type == 2 %}
 [tfe0]
@@ -38,20 +34,12 @@ ip_addr = 192.168.100.4
 {% endif %}

 [tfe_cmsg_receiver]
-{% if tsg_running_type == 0 or 1%}
-listen_eth = {{ server.tun_name }}
-{% else %}
 listen_eth = {{ nic_inner_ctrl.name }}
-{% endif %}
 listen_port = 2475

 [watch_dog]
 switch = {{ kni.watch_dog.switch }}
-{% if tsg_running_type == 0 or 1 %}
-listen_eth = {{ server.tun_name }}
-{% else %}
 listen_eth = {{ nic_inner_ctrl.name }}
-{% endif %}
 listen_port = 2476
 keepalive_idle = 2
 keepalive_intvl = 1
@@ -87,9 +75,9 @@ mho_expire_time = 0
 mho_eliminate_type = LRU

 [field_stat]
-remote_switch = {{ fs_remote.switch }}
-remote_ip = {{ fs_remote.address }}
-remote_port = {{ fs_remote.port }}
+remote_switch = 1
+remote_ip = 127.0.0.1
+remote_port = 8100
 local_path = ./fs2_kni.status
 stat_cycle = 1
 print_mode = 1
--- a/roles/mrzcpd/tasks/main.yml
+++ b/roles/mrzcpd/tasks/main.yml
@@ -14,85 +14,121 @@
    src: "{{ role_path }}/templates/mrzcpd.j2"
    dest: /etc/sysconfig/mrzcpd

- name: "update mrglobal.conf - slave blade"
+- name: "update mrglobal.conf - traffic_mirror"
  template:
-    src: "{{ role_path }}/templates/mrglobal.conf.traffic_mirror.j2"
+    src: "{{ role_path }}/templates/traffic_mirror/mrglobal.conf.traffic_mirror.j2"
    dest: /opt/mrzcpd/etc/mrglobal.conf
  when: nic_traffic_mirror is defined


- name: "update mrglobal.conf.tun_mode - tun_server"
+- name: "copy mrapp.sapp4.conf to destination server"
  template:
-    src: "{{ role_path }}/templates/mrglobal.conf.tun_mode.j2"
-    dest: /opt/mrzcpd/etc/mrglobal.conf
+    src: "{{ role_path }}/templates/mrapp.sapp4.conf "
+    dest: /opt/mrzcpd/etc/mrapp.sapp4.conf 
  when: 
-    - tsg_access_type == 0
+    - tsg_access_type == 4

- name: "update mrglobal.conf.inline - blade00"
+- name: "update mrglobal.conf.adc_inline"
  template:
-    src: "{{ role_path }}/templates/mrglobal.conf.inline.j2"
+    src: "{{ role_path }}/templates/adc_inline/mrglobal.conf.adc_inline.j2"
    dest: /opt/mrzcpd/etc/mrglobal.conf
  when: 
    - nic_traffic_mirror is not defined
    - tsg_access_type == 1
+    - tsg_running_type == 2

- name: "update mrglobal.conf.allot - blade00"
+- name: "update mrglobal.conf.server_inline"
  template:
-    src: "{{ role_path }}/templates/mrglobal.conf.allot_access.j2"
+    src: "{{ role_path }}/templates/server_inline/mrglobal.conf.server_inline.j2"
+    dest: /opt/mrzcpd/etc/mrglobal.conf
+  when: 
+    - nic_traffic_mirror is not defined
+    - tsg_access_type == 1
+    - tsg_running_type != 2
+
+- name: "update mrglobal.conf.allot - mcn0"
+  template:
+    src: "{{ role_path }}/templates/allot_access/mrglobal.conf.allot_access.j2"
    dest: /opt/mrzcpd/etc/mrglobal.conf
  when: 
    - nic_traffic_mirror is not defined
    - tsg_access_type == 2

- name: "update mrglobal.conf.allot - blade00"
+- name: "update mrglobal.conf.adc_tun_mode - mcn0"
  template:
-    src: "{{ role_path }}/templates/mrglobal.conf.adc_tun_mode.j2"
+    src: "{{ role_path }}/templates/adc_tun_mode/mrglobal.conf.adc_tun_mode.j2"
    dest: /opt/mrzcpd/etc/mrglobal.conf
  when: 
    - nic_traffic_mirror is not defined
    - tsg_access_type == 3


- name: "update mrglobal.conf.ATCA_40G - blade00"
+- name: "update mrglobal.conf.ATCA_Vlan_Flipping"
  template:
-    src: "{{ role_path }}/templates/mrglobal.conf.ATCA_40G.j2"
+    src: "{{ role_path }}/templates/ATCA_Vlan_Flipping/mrglobal.conf.ATCA_Vlan_Flipping.j2"
    dest: /opt/mrzcpd/etc/mrglobal.conf
  when: 
    - nic_traffic_mirror is not defined
    - tsg_access_type == 4

- name: "update mrtunnat.conf.inline - blade00"
+- name: "update mrglobal.conf.ATCA_VXLAN"
  template:
-    src: "{{ role_path }}/templates/mrtunnat.conf.inline.j2"
+    src: "{{ role_path }}/templates/ATCA_VXLAN/mrglobal.conf.ATCA_VXLAN.j2"
+    dest: /opt/mrzcpd/etc/mrglobal.conf
+  when:
+    - nic_traffic_mirror is not defined
+    - tsg_access_type == 5
+
+- name: "update mrtunnat.conf.adc_inline"
+  template:
+    src: "{{ role_path }}/templates/adc_inline/mrtunnat.conf.adc_inline.j2"
    dest: /opt/mrzcpd/etc/mrtunnat.conf
  when: 
    - nic_traffic_mirror is not defined
    - tsg_access_type == 1
+    - tsg_running_type == 2 

- name: "update mrtunnat.conf.allot_access - blade00"
+- name: "update mrtunnat.conf.server_inline"
  template:
-    src: "{{ role_path }}/templates/mrtunnat.conf.allot_access.j2"
+    src: "{{ role_path }}/templates/server_inline/mrtunnat.conf.server_inline.j2"
+    dest: /opt/mrzcpd/etc/mrtunnat.conf
+  when: 
+    - nic_traffic_mirror is not defined
+    - tsg_access_type == 1
+    - tsg_running_type != 2 
+
+- name: "update mrtunnat.conf.allot_access - mcn0"
+  template:
+    src: "{{ role_path }}/templates/allot_access/mrtunnat.conf.allot_access.j2"
    dest: /opt/mrzcpd/etc/mrtunnat.conf
  when: 
    - nic_traffic_mirror is not defined
    - tsg_access_type == 2

- name: "update mrtunnat.conf.allot_access - blade00"
+- name: "update mrtunnat.conf.adc_tun_mode - mcn0"
  template:
-    src: "{{ role_path }}/templates/mrtunnat.conf.adc_tun_mode.j2"
+    src: "{{ role_path }}/templates/adc_tun_mode/mrtunnat.conf.adc_tun_mode.j2"
    dest: /opt/mrzcpd/etc/mrtunnat.conf
  when: 
    - nic_traffic_mirror is not defined
    - tsg_access_type == 3

- name: "update mrtunnat.conf.ATCA_40G - blade00"
+- name: "update mrtunnat.conf.ATCA_Vlan_Flipping"
  template:
-    src: "{{ role_path }}/templates/mrtunnat.conf.ATCA_40G.j2"
+    src: "{{ role_path }}/templates/ATCA_Vlan_Flipping/mrtunnat.conf.ATCA_Vlan_Flipping.j2"
    dest: /opt/mrzcpd/etc/mrtunnat.conf
  when: 
    - nic_traffic_mirror is not defined
    - tsg_access_type == 4

+- name: "update mrtunnat.conf.ATCA_VXLAN"
+  template:
+    src: "{{ role_path }}/templates/ATCA_VXLAN/mrtunnat.conf.ATCA_VXLAN.j2"
+    dest: /opt/mrzcpd/etc/mrtunnat.conf
+  when:
+    - nic_traffic_mirror is not defined
+    - tsg_access_type == 5
+
 - name: "enable mrenv"
  systemd:
    name: mrenv
@@ -124,3 +160,20 @@
    enabled: no
    daemon_reload: yes
  when: nic_traffic_mirror is defined
+
+
+- name: "mask mrzcpd on server_tun_mode"
+  systemd:
+    name: mrzcpd
+    enabled: no
+    masked: yes
+  when: 
+    - tsg_access_type == 0
+
+- name: "mask mrtunnat on server_tun_mode"
+  systemd:
+    name: mrtunnat
+    enabled: no
+    masked: yes
+  when: 
+    - tsg_access_type == 0
--- a/roles/mrzcpd/templates/ATCA_VXLAN/mrglobal.conf.ATCA_VXLAN.j2
+++ b/roles/mrzcpd/templates/ATCA_VXLAN/mrglobal.conf.ATCA_VXLAN.j2
@@ -0,0 +1,57 @@
+[device]
+device={{ATCA_data_incoming.vf0_name}},{{ ATCA_data_incoming.vf1_name }},vxlan_user,vxlan_fwd
+sz_tunnel=8192
+sz_buffer=32
+
+[device:{{ATCA_data_incoming.vf0_name}}]
+mtu=4096
+clear_tx_flags=1
+hw_strip_crc=1
+in_addr={{ ATCA_VXLAN.keepalive_ip }}
+in_mask={{ ATCA_VXLAN.keepalive_mask }}
+#rssmode=3
+
+[device:{{ ATCA_data_incoming.vf1_name }}]
+mtu=4096
+clear_tx_flags=1
+vlan-filter=1
+vlan-strip=1
+vlan-id-allow=4095
+vlan-pvid=0
+vlan-pvid-mode=2
+hw_strip_crc=1
+sz_tunnel=8192
+sz_buffer=0
+
+[service]
+# lcore id for i/o service, use comma to split
+iocore={{ mrzcpd.iocore }}
+distmode=1
+hashmode=0
+idle_threshold=10000
+
+[eal]
+virtaddr=0x7f40c4a00000
+loglevel=7
+
+[keepalive]
+check_spinlock=0
+
+[ctrlzone]
+ctrlzone0=tunnat,64
+
+[pool]
+create_mode=3
+sz_direct_pktmbuf=4194304
+sz_indirect_pktmbuf=8192
+sz_cache=256
+sz_data=4096
+
+[forward]
+nr_forward_rule=6
+forward_rule_0=pv,{{ATCA_data_incoming.vf0_name}},{{ATCA_data_incoming.vf0_name}}
+forward_rule_1=vp,{{ATCA_data_incoming.vf0_name}},{{ATCA_data_incoming.vf0_name}}
+forward_rule_2=vv,vxlan_fwd,vxlan_user
+forward_rule_3=vv,vxlan_user,vxlan_fwd
+forward_rule_4=pv,{{ ATCA_data_incoming.vf1_name }},{{ ATCA_data_incoming.vf1_name }}
+forward_rule_5=vp,{{ ATCA_data_incoming.vf1_name }},{{ ATCA_data_incoming.vf1_name }}
--- a/roles/mrzcpd/templates/ATCA_VXLAN/mrtunnat.conf.ATCA_VXLAN.j2
+++ b/roles/mrzcpd/templates/ATCA_VXLAN/mrtunnat.conf.ATCA_VXLAN.j2
@@ -0,0 +1,20 @@
+[tunnat]
+lcore_id={{ mrtunnat.lcore_id }}
+appsym=tunnat
+phydev={{ATCA_data_incoming.vf0_name}}
+virtdev=vxlan_fwd
+nr_max_sessions=524280
+nr_slots=1048576
+expire_time=60
+reverse_tunnel=0
+use_recent_tunnel=0
+use_link_info_table=1
+use_tuple4_as_sskey=0
+ctrlzone_addr_info_type=2
+idle_threshold=10000
+
+[vlan_flipping]
+enable=0
+c_router_vlan_id_0=1000
+i_router_vlan_id_0=1001
+en_mac_flipping_0=0
--- a/roles/mrzcpd/templates/ATCA_Vlan_Flipping/mrglobal.conf.ATCA_Vlan_Flipping.j2
+++ b/roles/mrzcpd/templates/ATCA_Vlan_Flipping/mrglobal.conf.ATCA_Vlan_Flipping.j2
@@ -1,19 +1,20 @@
 [device]
-device={{nic_data_incoming.vf0_name}},{{ nic_data_incoming.vf1_name }},vxlan_user,vxlan_fwd
+device={{ATCA_data_incoming.vf0_name}},{{ ATCA_data_incoming.vf1_name }},vxlan_user,vxlan_fwd
 sz_tunnel=8192
 sz_buffer=32

-[device:{{nic_data_incoming.vf0_name}}]
+[device:{{ATCA_data_incoming.vf0_name}}]
 mtu=4096
 clear_tx_flags=1
 vlan-filter=1
 vlan-strip=1
-vlan-id-allow={{ VlanFlipping.vlanID_1 }},{{ VlanFlipping.vlanID_2 }},{{ VlanFlipping.vlanID_3 }},{{ VlanFlipping.vlanID_4 }}
+vlan-id-allow={{ ATCA_VlanFlipping.vlanID_1 }},{{ ATCA_VlanFlipping.vlanID_2 }},{{ ATCA_VlanFlipping.vlanID_3 }},{{ ATCA_VlanFlipping.vlanID_4 }}
 vlan-pvid=0
 vlan-pvid-mode=2
 hw_strip_crc=1
+#rssmode=3

-[device:{{ nic_data_incoming.vf1_name }}]
+[device:{{ ATCA_data_incoming.vf1_name }}]
 mtu=4096
 clear_tx_flags=1
 vlan-filter=1
@@ -28,7 +29,7 @@ sz_buffer=0
 [service]
 # lcore id for i/o service, use comma to split
 iocore={{ mrzcpd.iocore }}
-distmode=2
+distmode=1
 hashmode=0
 idle_threshold=10000

@@ -51,9 +52,9 @@ sz_data=4096

 [forward]
 nr_forward_rule=6
-forward_rule_0=pv,{{nic_data_incoming.vf0_name}},{{nic_data_incoming.vf0_name}}
-forward_rule_1=vp,{{nic_data_incoming.vf0_name}},{{nic_data_incoming.vf0_name}}
+forward_rule_0=pv,{{ATCA_data_incoming.vf0_name}},{{ATCA_data_incoming.vf0_name}}
+forward_rule_1=vp,{{ATCA_data_incoming.vf0_name}},{{ATCA_data_incoming.vf0_name}}
 forward_rule_2=vv,vxlan_fwd,vxlan_user
 forward_rule_3=vv,vxlan_user,vxlan_fwd
-forward_rule_4=pv,{{ nic_data_incoming.vf1_name }},{{ nic_data_incoming.vf1_name }}
-forward_rule_5=vp,{{ nic_data_incoming.vf1_name }},{{ nic_data_incoming.vf1_name }}
+forward_rule_4=pv,{{ ATCA_data_incoming.vf1_name }},{{ ATCA_data_incoming.vf1_name }}
+forward_rule_5=vp,{{ ATCA_data_incoming.vf1_name }},{{ ATCA_data_incoming.vf1_name }}
--- a/roles/mrzcpd/templates/ATCA_Vlan_Flipping/mrtunnat.conf.ATCA_Vlan_Flipping.j2
+++ b/roles/mrzcpd/templates/ATCA_Vlan_Flipping/mrtunnat.conf.ATCA_Vlan_Flipping.j2
@@ -1,7 +1,7 @@
 [tunnat]
 lcore_id={{ mrtunnat.lcore_id }}
 appsym=tunnat
-phydev={{nic_data_incoming.vf0_name}}
+phydev={{ATCA_data_incoming.vf0_name}}
 virtdev=vxlan_fwd
 nr_max_sessions=524280
 nr_slots=1048576
@@ -15,10 +15,9 @@ idle_threshold=10000

 [vlan_flipping]
 enable=1
-c_router_vlan_id_0={{ VlanFlipping.vlanID_1 }}
-i_router_vlan_id_0={{ VlanFlipping.vlanID_2 }}
+c_router_vlan_id_0={{ ATCA_VlanFlipping.vlanID_1 }}
+i_router_vlan_id_0={{ ATCA_VlanFlipping.vlanID_2 }}
 en_mac_flipping_0=0
-en_mac_flipping_0=0
-c_router_vlan_id_1={{ VlanFlipping.vlanID_3 }}
-i_router_vlan_id_1={{ VlanFlipping.vlanID_4 }}
+c_router_vlan_id_1={{ ATCA_VlanFlipping.vlanID_3 }}
+i_router_vlan_id_1={{ ATCA_VlanFlipping.vlanID_4 }}
 en_mac_flipping_1=0
--- a/roles/mrzcpd/templates/adc_inline/mrglobal.conf.adc_inline.j2
+++ b/roles/mrzcpd/templates/adc_inline/mrglobal.conf.adc_inline.j2
@@ -4,16 +4,13 @@ sz_tunnel=8192
 sz_buffer=0

 [device:{{nic_data_incoming.name}}]
-in_addr={{nic_data_incoming.ip}}
-in_mask={{nic_data_incoming.mask}}
-gateway={{nic_data_incoming.gw}}
+in_addr={{inline_device_config.keepalive_ip}}
+in_mask={{inline_device_config.keepalive_mask}}
 jumbo_frame=1
 max_rx_pkt_len=15360
 clear_tx_flags=1
-#vlan-filter=1
-#vlan-id-allow=1301,1302,2301,2302,1501,1502,2501,2502,1601,1602,2601,2602,1701,1702,2701,2702,1801,1802,2801,2802,1901,1902,2901,2902
-#vlan-pvid=0
-#vlan-pvid-mode=0
+vlan-filter=1
+vlan-id-allow=1000,1001

 [device:{{nic_to_tfe.tfe0.name}}]
 jumbo_frame=1
--- a/roles/mrzcpd/templates/adc_inline/mrtunnat.conf.adc_inline.j2
+++ b/roles/mrzcpd/templates/adc_inline/mrtunnat.conf.adc_inline.j2
@@ -0,0 +1,18 @@
+[tunnat]
+lcore_id={{ mrtunnat.lcore_id }}
+appsym=tunnat
+phydev={{nic_data_incoming.name}}
+virtdev=vxlan_fwd
+nr_max_sessions=524280
+nr_slots=1048576
+expire_time=60
+reverse_tunnel=0
+use_recent_tunnel=0
+use_tuple4_as_sskey=1
+ctrlzone_addr_info_type=2
+
+[vlan_flipping]
+enable=1
+c_router_vlan_id_0=1000
+i_router_vlan_id_0=1001
+en_mac_flipping_0=0
--- a/roles/mrzcpd/templates/adc_tun_mode/mrglobal.conf.adc_tun_mode.j2
+++ b/roles/mrzcpd/templates/adc_tun_mode/mrglobal.conf.adc_tun_mode.j2
@@ -8,9 +8,10 @@ jumbo_frame=1
 max_rx_pkt_len=15360
 clear_tx_flags=1
 vlan-filter=1
-vlan-id-allow=1000,1001,2000,2001,4000,4001
-#vlan-pvid=0
-#vlan-pvid-mode=0
+vlan-id-allow=1000,1001,2000,2001
+vlan-pvid=0
+vlan-pvid-mode=2
+promisc=1

 [device:{{nic_to_tfe.tfe0.name}}]
 jumbo_frame=1
--- a/roles/mrzcpd/templates/adc_tun_mode/mrtunnat.conf.adc_tun_mode.j2
+++ b/roles/mrzcpd/templates/adc_tun_mode/mrtunnat.conf.adc_tun_mode.j2
@@ -13,12 +13,9 @@ ctrlzone_addr_info_type=2

 [vlan_flipping]
 enable=1
-c_router_vlan_id_0=4000
-i_router_vlan_id_0=4001
+c_router_vlan_id_0=1000
+i_router_vlan_id_0=1001
 en_mac_flipping_0=0
-c_router_vlan_id_1=1000
-i_router_vlan_id_1=1001
+c_router_vlan_id_1=2000
+i_router_vlan_id_1=2001
 en_mac_flipping_1=0
-c_router_vlan_id_2=2000
-i_router_vlan_id_2=2001
-en_mac_flipping_2=0
--- a/roles/mrzcpd/templates/allot_access/mrglobal.conf.allot_access.j2
+++ b/roles/mrzcpd/templates/allot_access/mrglobal.conf.allot_access.j2
@@ -11,6 +11,7 @@ vlan-filter=1
 vlan-id-allow={{ AllotAccess.virturlID_1 }},{{ AllotAccess.virturlID_2 }}
 vlan-pvid=0
 vlan-pvid-mode=2
+promisc=1

 [device:ens1f5]
 jumbo_frame=1
--- a/roles/mrzcpd/templates/allot_access/mrtunnat.conf.allot_access.j2
+++ b/roles/mrzcpd/templates/allot_access/mrtunnat.conf.allot_access.j2
--- a/roles/mrzcpd/templates/mrapp.sapp4.conf
+++ b/roles/mrzcpd/templates/mrapp.sapp4.conf
@@ -0,0 +1,2 @@
+[bpfdump:vxlan_user]
+enable=1
--- a/roles/mrzcpd/templates/mrglobal.conf.server_inline.j2
+++ b/roles/mrzcpd/templates/mrglobal.conf.server_inline.j2
@@ -1,70 +0,0 @@
-[device]
-device={{nic_data_incoming.name}},{{nic_to_tfe.tfe0.name}},{{nic_to_tfe.tfe1.name}},{{nic_to_tfe.tfe2.name}},vxlan_user,vxlan_fwd
-sz_tunnel=8192
-sz_buffer=0
-
-[device:{{nic_data_incoming.name}}]
-in_addr={{nic_data_incoming.ip}}
-in_mask={{nic_data_incoming.mask}}
-gateway={{nic_data_incoming.gw}}
-jumbo_frame=1
-max_rx_pkt_len=15360
-clear_tx_flags=1
-#vlan-filter=1
-#vlan-id-allow=1301,1302,2301,2302,1501,1502,2501,2502,1601,1602,2601,2602,1701,1702,2701,2702,1801,1802,2801,2802,1901,1902,2901,2902
-#vlan-pvid=0
-#vlan-pvid-mode=0
-
-[device:{{nic_to_tfe.tfe0.name}}]
-jumbo_frame=1
-max_rx_pkt_len=15360
-clear_tx_flags=1
-promisc=1
-
-[device:{{nic_to_tfe.tfe1.name}}]
-jumbo_frame=1
-max_rx_pkt_len=15360
-clear_tx_flags=1
-promisc=1
-
-[device:{{nic_to_tfe.tfe2.name}}]
-jumbo_frame=1
-max_rx_pkt_len=15360
-clear_tx_flags=1
-promisc=1
-
-[service]
-# lcore id for i/o service, use comma to split
-iocore={{ mrzcpd.iocore }}
-distmode=2
-hashmode=0
-
-[eal]
-virtaddr=0x7f40c4a00000
-loglevel=7
-
-[keepalive]
-check_spinlock=0
-
-[ctrlzone]
-ctrlzone0=tunnat,64
-
-[pool]
-create_mode=3
-sz_direct_pktmbuf=4194304
-sz_indirect_pktmbuf=8192
-sz_cache=256
-sz_data=4096
-
-[forward]
-nr_forward_rule=10
-forward_rule_0=pv,{{nic_data_incoming.name}},{{nic_data_incoming.name}}
-forward_rule_1=vp,{{nic_data_incoming.name}},{{nic_data_incoming.name}}
-forward_rule_2=vv,vxlan_fwd,vxlan_user
-forward_rule_3=vv,vxlan_user,vxlan_fwd
-forward_rule_4=pv,{{nic_to_tfe.tfe0.name}},{{nic_to_tfe.tfe0.name}}
-forward_rule_5=vp,{{nic_to_tfe.tfe0.name}},{{nic_to_tfe.tfe0.name}}
-forward_rule_6=pv,{{nic_to_tfe.tfe1.name}},{{nic_to_tfe.tfe1.name}}
-forward_rule_7=vp,{{nic_to_tfe.tfe1.name}},{{nic_to_tfe.tfe1.name}}
-forward_rule_8=pv,{{nic_to_tfe.tfe2.name}},{{nic_to_tfe.tfe2.name}}
-forward_rule_9=vp,{{nic_to_tfe.tfe2.name}},{{nic_to_tfe.tfe2.name}}
--- a/roles/mrzcpd/templates/mrglobal.conf.tun_mode.j2
+++ b/roles/mrzcpd/templates/mrglobal.conf.tun_mode.j2
@@ -1,28 +0,0 @@
-[device]
-device=fake
-sz_tunnel=8192
-sz_buffer=0
-
-[device:lo]
-jumbo_frame=1
-max_rx_pkt_len=15360
-clear_tx_flags=1
-promisc=1
-
-[service]
-iocore={{ mrzcpd.iocore }}
-
-[eal]
-virtaddr=0x7d0000000000
-loglevel=7
-
-[keepalive]
-check_spinlock=1
-
-[pool]
-create_mode=3
-sz_direct_pktmbuf=4194304
-sz_indirect_pktmbuf=8192
-sz_cache=256
-sz_data=4096
-
--- a/roles/mrzcpd/templates/mrtunnat.conf.inline.j2
+++ b/roles/mrzcpd/templates/mrtunnat.conf.inline.j2
@@ -1,31 +0,0 @@
-[tunnat]
-lcore_id={{ mrtunnat.lcore_id }}
-appsym=tunnat
-phydev={{nic_data_incoming.name}}
-virtdev=vxlan_fwd
-nr_max_sessions=524280
-nr_slots=1048576
-expire_time=60
-reverse_tunnel=0
-use_recent_tunnel=0
-use_tuple4_as_sskey=1
-ctrlzone_addr_info_type=2
-
-[vlan_flipping]
-enable=1
-c_router_vlan_id_0=3811
-i_router_vlan_id_0=3812
-c_router_vlan_id_1=3813
-i_router_vlan_id_1=3814
-c_router_vlan_id_2=3821
-i_router_vlan_id_2=3822
-c_router_vlan_id_3=3823
-i_router_vlan_id_3=3824
-c_router_vlan_id_4=3831
-i_router_vlan_id_4=3832
-c_router_vlan_id_5=3833
-i_router_vlan_id_5=3834
-c_router_vlan_id_6=3841
-i_router_vlan_id_6=3842
-c_router_vlan_id_7=3843
-i_router_vlan_id_7=3844
--- a/roles/mrzcpd/templates/server_inline/mrglobal.conf.server_inline.j2
+++ b/roles/mrzcpd/templates/server_inline/mrglobal.conf.server_inline.j2
@@ -0,0 +1,47 @@
+[device]
+device={{inline_device_config.data_incoming}},vxlan_user,vxlan_fwd
+sz_tunnel=8192
+sz_buffer=0
+
+[device:{{inline_device_config.data_incoming}}]
+in_addr={{inline_device_config.keepalive_ip}}
+in_mask={{inline_device_config.keepalive_mask}}
+jumbo_frame=1
+max_rx_pkt_len=15360
+clear_tx_flags=1
+
+#[device:]
+#jumbo_frame=1
+#max_rx_pkt_len=15360
+#clear_tx_flags=1
+#promisc=1
+
+[service]
+# lcore id for i/o service, use comma to split
+iocore={{ mrzcpd.iocore }}
+distmode=2
+hashmode=0
+
+[eal]
+virtaddr=0x7f40c4a00000
+loglevel=7
+
+[keepalive]
+check_spinlock=0
+
+[ctrlzone]
+ctrlzone0=tunnat,64
+
+[pool]
+create_mode=3
+sz_direct_pktmbuf=4194304
+sz_indirect_pktmbuf=8192
+sz_cache=256
+sz_data=4096
+
+[forward]
+nr_forward_rule=4
+forward_rule_0=pv,{{inline_device_config.data_incoming}},{{inline_device_config.data_incoming}}
+forward_rule_1=vp,{{inline_device_config.data_incoming}},{{inline_device_config.data_incoming}}
+forward_rule_2=vv,vxlan_fwd,vxlan_user
+forward_rule_3=vv,vxlan_user,vxlan_fwd
--- a/roles/mrzcpd/templates/server_inline/mrtunnat.conf.server_inline.j2
+++ b/roles/mrzcpd/templates/server_inline/mrtunnat.conf.server_inline.j2
@@ -0,0 +1,18 @@
+[tunnat]
+lcore_id={{ mrtunnat.lcore_id }}
+appsym=tunnat
+phydev={{inline_device_config.data_incoming}}
+virtdev=vxlan_fwd
+nr_max_sessions=524280
+nr_slots=1048576
+expire_time=60
+reverse_tunnel=0
+use_recent_tunnel=0
+use_tuple4_as_sskey=1
+ctrlzone_addr_info_type=2
+
+[vlan_flipping]
+enable=0
+c_router_vlan_id_0=1000
+i_router_vlan_id_0=1001
+en_mac_flipping_0=0
--- a/roles/mrzcpd/templates/traffic_mirror/mrglobal.conf.traffic_mirror.j2
+++ b/roles/mrzcpd/templates/traffic_mirror/mrglobal.conf.traffic_mirror.j2
--- a/roles/sapp/tasks/main.yml
+++ b/roles/sapp/tasks/main.yml
@@ -41,10 +41,10 @@
  when: tsg_access_type == 1
  

- name: "copy sapp.service destination server"
-  copy:
-    src: "{{ role_path }}/files/sapp.service"
-    dest: /usr/lib/systemd/system/
+- name: "Template sapp.service destination server"
+  template:
+    src: "{{ role_path }}/templates/sapp.service.j2"
+    dest: /usr/lib/systemd/system/sapp.service
    mode: 0755

 - name: "enable sapp"
--- a/roles/sapp/templates/conflist.inf.j2
+++ b/roles/sapp/templates/conflist.inf.j2
@@ -17,6 +17,7 @@
 ./plug/protocol/dns/dns.inf
 ./plug/protocol/mail/mail.inf
 ./plug/protocol/ftp/ftp.inf
+./plug/protocol/quic/quic.inf

 [business]
 ./plug/business/kni/kni.inf
--- a/roles/sapp/templates/gdev.conf.j2
+++ b/roles/sapp/templates/gdev.conf.j2
@@ -1,5 +1,11 @@
 [Module]
+{% if tsg_running_type == 2 %}
 pcapdevice={{ nic_data_incoming.name }}
 sendto_gdev_card={{ nic_data_incoming.name }}
-sendto_gdev_ip={{ nic_data_incoming.ip }}
+sendto_gdev_ip={{ inline_device_config.keepalive_ip }}
+{% else %}
+pcapdevice={{ inline_device_config.data_incoming }}
+sendto_gdev_card={{ inline_device_config.data_incoming }}
+sendto_gdev_ip={{ inline_device_config.keepalive_ip }}
+{% endif %}
 gdev_status_switch=1
--- a/roles/sapp/templates/sapp.service.j2
+++ b/roles/sapp/templates/sapp.service.j2
@@ -1,7 +1,9 @@
 [Unit]
 Description=sapp service
+{% if tsg_running_type != 0 %}
 Requires=mrzcpd.service
 After=mrzcpd.service
+{% endif %}
 [Service]
 WorkingDirectory=/home/mesasoft/sapp_run
 ExecStart=/home/mesasoft/sapp_run/sapp
--- a/roles/sapp/templates/sapp.toml.j2
+++ b/roles/sapp/templates/sapp.toml.j2
@@ -47,7 +47,7 @@ BSD_packet_filter=""
    [packet_io.internal.interface]
    {% if tsg_access_type == 0 %}
    type=pcap
-    name={{server.internal_interface}}
+    name={{packet_io.internal_interface}}
    {% else %}
    type=marsio
    name=vxlan_user
@@ -56,7 +56,7 @@ BSD_packet_filter=""
    [packet_io.external.interface]
    {% if tsg_access_type == 0 %}
    type=pcap
-    name={{server.external_interface}}
+    name={{packet_io.external_interface}}
    {% else %}
    type=pcap
    name=lo
@@ -108,8 +108,8 @@ BSD_packet_filter=""
     
        [profiling.log.remote]
        enabled=1
-        server_ip={{ fs_remote.address }}
-        server_port={{ fs_remote.port }}
+        server_ip=127.0.0.1
+        server_port=8100

        [profiling.log.remote.field_stat2]
 ### note, is valid when "remote_send_out_type=field_stat2"	 
--- a/roles/telegraf_statistic/templates/telegraf_statistic.conf.j2
+++ b/roles/telegraf_statistic/templates/telegraf_statistic.conf.j2
@@ -1,6 +1,6 @@
 [global_tags]
 [agent]
-  interval = "30s"
+  interval = "5s"
  round_interval = true
  metric_batch_size = 1000
  metric_buffer_limit = 10000
@@ -17,7 +17,7 @@
    files = ["stdout", "/tmp/metrics.out"]
       data_format = "json"
 [[outputs.kafka]]
-   brokers = ["192.168.40.186:9092"]
+   brokers = ["{{ log_kafkabrokers.address }}"]
   topic = "TRAFFIC-METRICS-LOG"
    data_format = "json"
 [[outputs.prometheus_client]]
--- a/roles/tfe/files/tfe.service
+++ b/roles/tfe/files/tfe.service
@@ -8,7 +8,7 @@ After=tfe-env.service
 Type=notify
 ExecStart=/opt/tsg/tfe/bin/tfe
 WorkingDirectory=/opt/tsg/tfe/
-TimeoutSec=3600s
+TimeoutSec=7200s
 RestartSec=10s
 Restart=always
 LimitNOFILE=524288
--- a/roles/tfe/templates/doh.conf.j2
+++ b/roles/tfe/templates/doh.conf.j2
@@ -7,7 +7,7 @@ enable=1
 # RLOG_LV_DEBUG : 10
 # RLOG_LV_INFO  : 20
 # RLOG_LV_FATAL : 30
-log_level=10
+log_level={{ doh_log_level }}

 [maat]
 # default TSG_OBJ_APP_ID
--- a/roles/tfe/templates/future.conf.j2
+++ b/roles/tfe/templates/future.conf.j2
@@ -1,5 +1,5 @@
 [STAT]
 no_stats=0
-statsd_server={{ fs_remote.address }}
-statsd_port={{ fs_remote.port }}
+statsd_server=127.0.0.1
+statsd_port=8100
 histogram_bins=0.50,0.80,0.9,0.95
--- a/roles/tfe/templates/pangu_pxy.conf.j2
+++ b/roles/tfe/templates/pangu_pxy.conf.j2
@@ -1,7 +1,9 @@
 [debug]
-log_level=10
+log_level={{ pangu_log_level }}

 [log]
+# default 1, if enable "en_sendlog", the iterm "tfe.conf [kafka] enable" must set 1
+en_sendlog=1
 entrance_id=0

 #Addresses of minio. Format is defined by WiredLB.
--- a/roles/tfe/templates/tfe-env-config.j2
+++ b/roles/tfe/templates/tfe-env-config.j2
@@ -1,6 +1,6 @@
 {% if tsg_access_type == 4 %}
-TFE_DEVICE_DATA_INCOMING={ nic_data_incoming.vf2_name }}
-{% elif tsg_running_type == 0 %}
+TFE_DEVICE_DATA_INCOMING={{ ATCA_data_incoming.vf2_name }}
+{% elif tsg_running_type != 2 %}
 TFE_DEVICE_DATA_INCOMING=tun_kni
 {% else %}
 TFE_DEVICE_DATA_INCOMING={{ nic_data_incoming.name }}
@@ -14,7 +14,7 @@ TFE_PEER_MAC_DATA_INCOMING=aa:bb:cc:dd:ee:ff
 TFE_LOCAL_IP_DATA_INCOMING=172.16.241.2
 TFE_PEER_IP_DATA_INCOMING=172.16.241.1

-{% if tsg_running_type == 0 or 1 %}
-TFE_WATCHDOG_DEVICE={{ server.tun_name }}
+{% if tsg_running_type != 2 %}
+TFE_WATCHDOG_DEVICE={{ nic_inner_ctrl.name }}
 TFE_WATCHDOG_IP=192.168.100.1
 {% endif %}
--- a/roles/tfe/templates/tfe.conf.j2
+++ b/roles/tfe/templates/tfe.conf.j2
@@ -32,11 +32,7 @@ service_cache_expire_seconds=600
 # default 0
 mc_cache_enable=1
 # default eth0
-{% if tsg_running_type == 0 or 1 %}
-mc_cache_eth={{ server.tun_name }}
-{% else %}
 mc_cache_eth={{ nic_inner_ctrl.name }}
-{% endif %}
 # default NULL
 mc_cache_broker_list={{ log_kafkabrokers.address }}
 # default PXY-EXCH-INTERMEDIA-CERT
@@ -59,12 +55,14 @@ enable_health_check=1
 passthrough_all_tcp=0

 [traffic_mirror]
-{% if tsg_running_type == 0 or 1 %}
+{% if tsg_running_type != 2 %}
 device=lo
+type=0
 {% else %}
 device={{ nic_traffic_mirror.name }}
+type=1
 {% endif %}
-type=0
+

 [ratelimit]
 #read_rate=200000
@@ -82,25 +80,21 @@ tcp_ttl_upstream=75
 tcp_ttl_downstream=70

 [log]
-level=10
+level={{ tfe_log_level }}

 [stat]
-statsd_server={{ fs_remote.address }}
-statsd_port={{ fs_remote.port }}
+statsd_server=127.0.0.1
+statsd_port=8100
 statsd_cycle=5
 # FS_OUTPUT_STATSD=1, FS_OUTPUT_INFLUX_LINE=2
 statsd_format=2

 [http]
-loglevel=10
+loglevel={{ tfe_http_log_level }}

 [kafka]
 enable=1
-{% if tsg_running_type == 0 or 1 %}
-nic_name={{ server.ethname }}
-{% else %}
 nic_name={{ nic_mgr.name }}
-{% endif %}
 kafka_brokerlist={{ log_kafkabrokers.address }}
 kafka_topic=PROXY-EVENT-LOG
 device_id_filepath=/opt/tsg/etc/tsg_sn.json
--- a/roles/tsg-env-tun-mode/templates/setup.j2
+++ b/roles/tsg-env-tun-mode/templates/setup.j2
@@ -1,27 +1,27 @@
 #!/bin/bash
 modprobe 8021q
-vconfig add {{ server.ethname }} 100
-vconfig set_flag {{ server.ethname }}.100 1 1
-ifconfig {{ server.ethname }}.100 192.168.100.1 netmask 255.255.255.0 up
+vconfig add {{ nic_mgr.name }} 100
+vconfig set_flag {{ nic_mgr.name }}.100 1 1
+ifconfig {{ nic_mgr.name }}.100 192.168.100.1 netmask 255.255.255.0 up
 {% if tsg_access_type == 0 %}
-ethtool -K {{ server.internal_interface }} tso off
-ethtool -K {{ server.internal_interface }} gso off
-ethtool -K {{ server.internal_interface }} gro off
-ethtool -K {{ server.external_interface }} tso off
-ethtool -K {{ server.external_interface }} gso off
-ethtool -K {{ server.external_interface }} gro off
+ethtool -K {{ packet_io.internal_interface }} tso off
+ethtool -K {{ packet_io.internal_interface }} gso off
+ethtool -K {{ packet_io.internal_interface }} gro off
+ethtool -K {{ packet_io.external_interface }} tso off
+ethtool -K {{ packet_io.external_interface }} gso off
+ethtool -K {{ packet_io.external_interface }} gro off
 {% elif tsg_access_type == 4 %}
-echo 3 > /sys/class/net/{{ nic_data_incoming.ethname }}/device/sriov_numvfs
-ip link set {{ nic_data_incoming.ethname }} vf 1 vlan 4095
-ip link set {{ nic_data_incoming.ethname }} vf 2 vlan 4095
-ip link set {{ nic_data_incoming.ethname }} vf 0 trust on
-ip link set {{ nic_data_incoming.ethname }} vf 1 trust on
-ip link set {{ nic_data_incoming.ethname }} vf 2 trust on
-ip link set {{ nic_data_incoming.ethname }} vf 1 mac 00:0e:c6:d6:72:c1
-ip link set {{ nic_data_incoming.ethname }} vf 2 mac fe:65:b7:03:50:bd
-ip link set {{ nic_data_incoming.ethname }} vf 0 spoofchk off
-ip link set {{ nic_data_incoming.vf0_name }} up
-ip link set {{ nic_data_incoming.vf1_name }} up
-ip link set {{ nic_data_incoming.vf2_name }} up
+echo 3 > /sys/class/net/{{ ATCA_data_incoming.ethname }}/device/sriov_numvfs
+ip link set {{ ATCA_data_incoming.ethname }} vf 1 vlan 4095
+ip link set {{ ATCA_data_incoming.ethname }} vf 2 vlan 4095
+ip link set {{ ATCA_data_incoming.ethname }} vf 0 trust on
+ip link set {{ ATCA_data_incoming.ethname }} vf 1 trust on
+ip link set {{ ATCA_data_incoming.ethname }} vf 2 trust on
+ip link set {{ ATCA_data_incoming.ethname }} vf 1 mac 00:0e:c6:d6:72:c1
+ip link set {{ ATCA_data_incoming.ethname }} vf 2 mac fe:65:b7:03:50:bd
+ip link set {{ ATCA_data_incoming.ethname }} vf 0 spoofchk off
+ip link set {{ ATCA_data_incoming.vf0_name }} up
+ip link set {{ ATCA_data_incoming.vf1_name }} up
+ip link set {{ ATCA_data_incoming.vf2_name }} up
 {% endif %}

--- a/roles/tsg-env-tun-mode/templates/tsg-env_stop.j2
+++ b/roles/tsg-env-tun-mode/templates/tsg-env_stop.j2
@@ -1,8 +1,8 @@
 #!/bin/bash
 #
-echo 0 >/sys/class/net/{{ server.ethname }}/device/sriov_numvfs
-ifconfig {{ server.ethname }}.100 down
-vconfig rem {{ server.ethname }}.100
+echo 0 >/sys/class/net/{{ nic_mgr.name }}/device/sriov_numvfs
+ifconfig {{ nic_mgr.name }}.100 down
+vconfig rem {{ nic_mgr.name }}.100
 {% if tsg_access_type == 4 %}
-echo 0 >/sys/class/net/{{ nic_data_incoming.ethname }}/device/sriov_numvfs
+echo 0 >/sys/class/net/{{ ATCA_data_incoming.ethname }}/device/sriov_numvfs
 {% endif %}
--- a/roles/tsg_device_tag/tasks/main.yml
+++ b/roles/tsg_device_tag/tasks/main.yml
@@ -1,6 +1,6 @@
 - name: "create /opt/tsg/etc/"
  file:
-    path: /opt/proxy_status
+    path: /opt/tsg/etc
    state: directory

 - name: "Template tsg_device_tag.json"
--- a/uninstall/roles/package_list/20.06.1.yml
+++ b/uninstall/roles/package_list/20.06.1.yml
@@ -0,0 +1,82 @@
+####################
+#marsio
+mrzcpd: mrzcpd-4.3.21.26314ca-1.el7.x86_64
+
+####################
+#kernel
+origin_kernel: CentOS Linux (3.10.0-693.el7.x86_64) 7 (Core)
+#默认为CentOS 7.4内核，如果系统版本变更，请手动更改origin_kernel值
+
+kernel_ml: kernel-ml-5.1.8-1.el7.elrepo.x86_64
+kernel_ml_devel: kernel-ml-devel-5.1.8-1.el7.elrepo.x86_64
+dkms: dkms-2.7.1-1.el7.noarch
+elfutils_libelf_devel: null
+pkgconfig: null
+zlib_devel: null
+
+####################
+#framework
+libcjson: libcjson-1.7.8.542ad7f-1.x86_64
+libdocument: libdocumentanalyze-2.0.4.efdfc29-1.x86_64
+libmaatframe: libmaatframe-2.9.2.7519c63-1.x86_64
+libMESA_field_stat: libMESA_field_stat-1.0.1.852c2df-1.x86_64
+libMESA_field_stat2: libMESA_field_stat2-2.9.0.16ecf3b-1.x86_64
+libMESA_handle_logger: libMESA_handle_logger-1.0.9.304259e-1.x86_64
+libMESA_htable: libMESA_htable-3.10.11.6275308-1.x86_64
+libMESA_prof_load: libMESA_prof_load-1.0.5.bf755de-1.x86_64
+librdkafka: librdkafka-0.11.4-1.el7.x86_64
+librulescan: librulescan-2.2.0.900d2b3-1.x86_64
+libwiredcfg: libwiredcfg-2.0.2.7ce1eea-1.x86_64
+libWiredLB: libWiredLB-2.0.3.c7d131b-1.x86_64
+lz4: lz4-1.7.5-3.el7.x86_64
+
+####################
+#sapp
+sapp: sapp-4.0.14.91cbc1b-1.x86_64
+
+####################
+#tsg_master
+tsg_master: tsg_master-1.3.3.65833d7-1.x86_64
+
+####################
+#kni
+kni: kni-20.06-1.el7.x86_64
+
+####################
+#firewall
+capture_packet_plug: capture_packet_plug-debug-1.0.0.-1.el7.x86_64
+dns: dns-2.0.2.5effe72-1.x86_64
+ftp: ftp-1.0.4.5d3a283-1.x86_64
+http: http-2.0.1.e8f12ee-1.x86_64
+quic: quic-1.1.4.9c2e0ba-1.x86_64
+ssl: ssl-1.0.0.73e5273-1.x86_64
+mail: mail-1.0.3.cbc6034-1.x86_64
+fw_dns: fw_dns_plug-debug-1.0.3.ea8e0f6-1.el7.centos.x86_64
+fw_ftp: fw_ftp_plug-1.1.0.74c9a05-1.x86_6
+fw_http: fw_http_plug-1.2.0.a7e63c0-1.x86_64
+fw_quic: fw_quic_plug-1.0.1.e8cded4-1.x86_64
+fw_ssl: fw_ssl_plug-1.0.3.30fcf35-1.x86_64
+fw_mail: fw_mail_plug-1.1.0.a42c5a0-1.x86_64
+tsg_conn_record: tsg_conn_record-1.0.0.2155660-1.el7.centos.x86_64
+tsg_conn_sketch: null
+
+####################
+#tfe
+tfe: tfe-4.3.5.0db794c-1.el7.x86_64
+tfe_kmod: tfe-kmod-v1.0.5.20200408-1dkms.noarch
+
+####################
+#http_healthcheck
+http_healthcheck: http_healthcheck-20.04-1.el7.x86_64
+
+#####################
+#clotho
+clotho: clotho-debug-1.0.0.-1.el7.x86_64
+
+#####################
+#certstore
+certstore: certstore-2.1.2.0f61dde-1.el7.centos.x86_64
+
+#####################
+#telegraf 
+telegraf_statistic: telegraf-1.13.0-1.x86_64
--- a/uninstall/roles/package_list/20.07.rc1.yml
+++ b/uninstall/roles/package_list/20.07.rc1.yml
@@ -0,0 +1,82 @@
+####################
+#marsio
+mrzcpd: mrzcpd-4.3.25.d88306e-1.el7.x86_64
+
+####################
+#kernel
+origin_kernel: CentOS Linux (3.10.0-693.el7.x86_64) 7 (Core)
+#默认为CentOS 7.4内核，如果系统版本变更，请手动更改origin_kernel值
+
+kernel_ml: kernel-ml-5.1.8-1.el7.elrepo.x86_64
+kernel_ml_devel: kernel-ml-devel-5.1.8-1.el7.elrepo.x86_64
+dkms: dkms-2.7.1-1.el7.noarch
+elfutils_libelf_devel: null
+pkgconfig: null
+zlib_devel: null
+
+####################
+#framework
+libcjson: libcjson-1.7.8.542ad7f-1.x86_64
+libdocument: libdocumentanalyze-2.0.4.efdfc29-1.x86_64
+libmaatframe: libmaatframe-3.0.2.dc1fced-1.x86_64
+libMESA_field_stat: libMESA_field_stat-1.0.1.852c2df-1.x86_64
+libMESA_field_stat2: libMESA_field_stat2-2.9.0.16ecf3b-1.x86_64
+libMESA_handle_logger: libMESA_handle_logger-1.0.9.304259e-1.x86_64
+libMESA_htable: libMESA_htable-3.10.11.6275308-1.x86_64
+libMESA_prof_load: libMESA_prof_load-1.0.5.bf755de-1.x86_64
+librdkafka: librdkafka-0.11.4-1.el7.x86_64
+librulescan: librulescan-2.2.0.900d2b3-1.x86_64
+libwiredcfg: libwiredcfg-2.0.2.7ce1eea-1.x86_64
+libWiredLB: libWiredLB-2.0.3.c7d131b-1.x86_64
+lz4: lz4-1.7.5-3.el7.x86_64
+
+####################
+#sapp
+sapp: sapp-4.0.18.bb2effd-1.x86_64
+
+####################
+#tsg_master
+tsg_master: tsg_master-3.0.3.3c9cf15-1.x86_64
+
+####################
+#kni
+kni: kni-20.07-1.el7.x86_64
+
+####################
+#firewall
+capture_packet_plug: capture_packet_plug-3.0.2.09f193c-1.x86_64
+dns: dns-2.0.6.d8317e9-1.x86_64
+ftp: ftp-1.0.6.2710506-1.x86_64
+http: http-2.0.3.9218b4b-1.x86_64
+quic: quic-1.1.6.d6755d8-1.x86_64
+ssl: ssl-1.0.3.e8482a4-1.x86_64
+mail: mail-1.0.7.9e3be05-1.x86_64
+fw_dns: fw_dns_plug-3.0.0.0a5d574-1.x86_64
+fw_ftp: fw_ftp_plug-3.0.0.7a867ea-1.x86_64
+fw_http: fw_http_plug-3.0.0.1ca1c65-1.x86_64
+fw_quic: fw_quic_plug-3.0.0.b06d39c-1.x86_64
+fw_ssl: fw_ssl_plug-3.0.0.3a29c3f-1.x86_64
+fw_mail: fw_mail_plug-3.0.0.3b4e481-1.x86_64 
+tsg_conn_record: tsg_conn_record-1.0.0.2155660-1.el7.centos.x86_64
+tsg_conn_sketch: tsg_conn_sketch-2.0.v2.0_alpha.af621ca-1.x86_64
+
+####################
+#tfe
+tfe: tfe-4.3.7.39bff00-1.el7.x86_64
+tfe_kmod: tfe-kmod-v1.0.5.20200408-1dkms.noarch
+
+####################
+#http_healthcheck
+http_healthcheck: http_healthcheck-20.04-1.el7.x86_64
+
+#####################
+#clotho
+clotho: clotho-debug-1.0.0.-1.el7.x86_64
+
+#####################
+#certstore
+certstore: certstore-2.1.2.0f61dde-1.el7.centos.x86_64
+
+#####################
+#telegraf 
+telegraf_statistic: telegraf-1.13.0-1.x86_64
--- a/uninstall/roles/package_list/20.07.yml
+++ b/uninstall/roles/package_list/20.07.yml
@@ -0,0 +1,82 @@
+####################
+#marsio
+mrzcpd: mrzcpd-4.3.25.d88306e-1.el7.x86_64
+
+####################
+#kernel
+origin_kernel: CentOS Linux (3.10.0-693.el7.x86_64) 7 (Core)
+#默认为CentOS 7.4内核，如果系统版本变更，请手动更改origin_kernel值
+
+kernel_ml: kernel-ml-5.1.8-1.el7.elrepo.x86_64
+kernel_ml_devel: kernel-ml-devel-5.1.8-1.el7.elrepo.x86_64
+dkms: dkms-2.7.1-1.el7.noarch
+elfutils_libelf_devel: null
+pkgconfig: null
+zlib_devel: null
+
+####################
+#framework
+libcjson: libcjson-1.7.8.542ad7f-1.x86_64
+libdocument: libdocumentanalyze-2.0.4.efdfc29-1.x86_64
+libmaatframe: libmaatframe-3.0.2.dc1fced-1.x86_64
+libMESA_field_stat: libMESA_field_stat-1.0.1.852c2df-1.x86_64
+libMESA_field_stat2: libMESA_field_stat2-2.9.0.16ecf3b-1.x86_64
+libMESA_handle_logger: libMESA_handle_logger-1.0.9.304259e-1.x86_64
+libMESA_htable: libMESA_htable-3.10.11.6275308-1.x86_64
+libMESA_prof_load: libMESA_prof_load-1.0.5.bf755de-1.x86_64
+librdkafka: librdkafka-0.11.4-1.el7.x86_64
+librulescan: librulescan-2.2.0.900d2b3-1.x86_64
+libwiredcfg: libwiredcfg-2.0.2.7ce1eea-1.x86_64
+libWiredLB: libWiredLB-2.0.3.c7d131b-1.x86_64
+lz4: lz4-1.7.5-3.el7.x86_64
+
+####################
+#sapp
+sapp: sapp-4.0.18.bb2effd-1.x86_64
+
+####################
+#tsg_master
+tsg_master: tsg_master-3.0.4.40fa047-1.x86_64
+
+####################
+#kni
+kni: kni-20.07-1.el7.x86_64
+
+####################
+#firewall
+capture_packet_plug: capture_packet_plug-3.0.2.09f193c-1.x86_64
+dns: dns-2.0.6.d8317e9-1.x86_64
+ftp: ftp-1.0.6.2710506-1.x86_64
+http: http-2.0.3.9218b4b-1.x86_64
+quic: quic-1.1.6.d6755d8-1.x86_64
+ssl: ssl-1.0.3.e8482a4-1.x86_64
+mail: mail-1.0.7.9e3be05-1.x86_64
+fw_dns: fw_dns_plug-3.0.0.0a5d574-1.x86_64
+fw_ftp: fw_ftp_plug-3.0.0.7a867ea-1.x86_64
+fw_http: fw_http_plug-3.0.0.1ca1c65-1.x86_64
+fw_quic: fw_quic_plug-3.0.0.b06d39c-1.x86_64
+fw_ssl: fw_ssl_plug-3.0.1.7ea9976-1.x86_64
+fw_mail: fw_mail_plug-3.0.0.3b4e481-1.x86_64 
+tsg_conn_record: tsg_conn_record-1.0.0.2155660-1.el7.centos.x86_64
+tsg_conn_sketch: tsg_conn_sketch-2.0.v2.0_alpha.af621ca-1.x86_64
+
+####################
+#tfe
+tfe: tfe-4.3.8.11b62a2-1.el7.x86_64
+tfe_kmod: tfe-kmod-v1.0.5.20200408-1dkms.noarch
+
+####################
+#http_healthcheck
+http_healthcheck: http_healthcheck-20.04-1.el7.x86_64
+
+#####################
+#clotho
+clotho: clotho-debug-1.0.0.-1.el7.x86_64
+
+#####################
+#certstore
+certstore: certstore-2.1.2.0f61dde-1.el7.centos.x86_64
+
+#####################
+#telegraf 
+telegraf_statistic: telegraf-1.13.0-1.x86_64
--- a/uninstall/roles/package_list/20.08.yml
+++ b/uninstall/roles/package_list/20.08.yml
@@ -0,0 +1,82 @@
+####################
+#marsio
+mrzcpd: mrzcpd-4.3.25.d88306e-1.el7.x86_64
+
+####################
+#kernel
+origin_kernel: CentOS Linux (3.10.0-693.el7.x86_64) 7 (Core)
+#默认为CentOS 7.4内核，如果系统版本变更，请手动更改origin_kernel值
+
+kernel_ml: kernel-ml-5.1.8-1.el7.elrepo.x86_64
+kernel_ml_devel: kernel-ml-devel-5.1.8-1.el7.elrepo.x86_64
+dkms: dkms-2.7.1-1.el7.noarch
+elfutils_libelf_devel: elfutils-libelf-devel-0.168-8.el7.x86_64
+pkgconfig: pkgconfig-0.27.1-4.el7.x86_64
+zlib_devel: zlib-devel-1.2.7-17.el7.x86_64
+
+####################
+#framework
+libcjson: libcjson-1.7.8.542ad7f-1.x86_64
+libdocument: libdocumentanalyze-2.0.4.efdfc29-1.x86_64
+libmaatframe: libmaatframe-3.0.3.5931b44-1.x86_64
+libMESA_field_stat: libMESA_field_stat-1.0.1.852c2df-1.x86_64
+libMESA_field_stat2: libMESA_field_stat2-2.9.0.16ecf3b-1.x86_64
+libMESA_handle_logger: libMESA_handle_logger-1.0.9.304259e-1.x86_64
+libMESA_htable: libMESA_htable-3.10.11.6275308-1.x86_64
+libMESA_prof_load: libMESA_prof_load-1.0.5.bf755de-1.x86_64
+librdkafka: librdkafka-0.11.4-1.el7.x86_64
+librulescan: librulescan-2.2.0.900d2b3-1.x86_64
+libwiredcfg: libwiredcfg-2.0.2.7ce1eea-1.x86_64
+libWiredLB: libWiredLB-2.0.3.c7d131b-1.x86_64
+lz4: lz4-1.7.5-3.el7.x86_64
+
+####################
+#sapp
+sapp: sapp-4.0.20.b59c12a-1.x86_64
+
+####################
+#tsg_master
+tsg_master: tsg_master-3.1.2.7002e1b-1.x86_64
+
+####################
+#kni
+kni: kni-20.07-1.el7.x86_64
+
+####################
+#firewall
+capture_packet_plug: capture_packet_plug-3.0.2.09f193c-1.x86_64
+dns: dns-2.0.6.d8317e9-1.x86_64
+ftp: ftp-1.0.6.2710506-1.x86_64
+http: http-2.0.3.9218b4b-1.x86_64
+quic: quic-1.1.6.d6755d8-1.x86_64
+ssl: ssl-1.0.3.e8482a4-1.x86_64
+mail: mail-1.0.7.9e3be05-1.x86_64
+fw_dns: fw_dns_plug-3.0.0.0a5d574-1.x86_64
+fw_ftp: fw_ftp_plug-3.0.0.7a867ea-1.x86_64
+fw_http: fw_http_plug-3.0.0.1ca1c65-1.x86_64
+fw_quic: fw_quic_plug-3.0.0.b06d39c-1.x86_64
+fw_ssl: fw_ssl_plug-3.0.1.7ea9976-1.x86_64
+fw_mail: fw_mail_plug-3.0.0.3b4e481-1.x86_64
+tsg_conn_record: tsg_conn_record-1.0.2.2afb19a-1.x86_64
+tsg_conn_sketch: tsg_conn_sketch-2.0.v2.0_alpha.af621ca-1.x86_64
+
+####################
+#tfe
+tfe: tfe-4.3.9.4d7957e-1.el7.x86_64
+tfe_kmod: tfe-kmod-v1.0.5.20200408-1dkms.noarch
+
+####################
+#http_healthcheck
+http_healthcheck: http_healthcheck-20.04-1.el7.x86_64
+
+#####################
+#clotho
+clotho: clotho-debug-1.0.0.-1.el7.x86_64
+
+#####################
+#certstore
+certstore: certstore-2.1.2.20200828.f507b3e-1.el7.x86_64
+
+#####################
+#telegraf 
+telegraf_statistic: telegraf-1.13.0-1.x86_64
--- a/uninstall/roles/uninstall_adc_mcn0/tasks/main.yml
+++ b/uninstall/roles/uninstall_adc_mcn0/tasks/main.yml
@@ -0,0 +1,504 @@
+####################
+#Uninstall Kernel
+- name: "reset default kernel"
+  shell: grub2-set-default '{{ origin_kernel }}'
+  when: uninstall.kernel == 1
+
+- name: "reboot"
+  reboot:
+  when: uninstall.kernel == 1
+
+- name: "uninstall tfe-kmod and kernel"
+  yum:
+    name:
+      - "{{ tfe_kmod }}"
+      - "{{ dkms }}"
+      - "{{ kernel_ml }}"
+      - "{{ kernel_ml_devel }}"
+      - "{{ elfutils_libelf_devel }}"
+      - "{{ zlib_devel }}"
+    state: absent
+  when: uninstall.kernel == 1
+  ignore_errors: true
+
+####################
+#Uninstall Marsio
+- name: stop mrzcpd
+  systemd:
+    name: mrzcpd
+    state: stopped
+    enabled: no
+  when: 
+    - backup.marsio == 1
+    - uninstall.marsio == 1
+  ignore_errors: true
+
+- name: stop mrtunnat
+  systemd:
+    name: mrtunnat
+    state: stopped
+    enabled: no
+  when: 
+    - backup.marsio == 1
+    - uninstall.marsio == 1
+  ignore_errors: true
+
+- name: create backup_dest_path
+  file:
+    path: "{{ backup_dest_path }}"
+    state: directory
+  when: backup.marsio == 1
+
+- name: backup /opt/mrzcpd to destination path
+  archive:
+    path: /opt/mrzcpd
+    dest: "{{ backup_dest_path }}/mrzcpd_{{ uninstall_version }}_{{ date }}.zip"
+    format: zip
+  when: backup.marsio == 1
+
+- name: uninstall mrzcpd
+  yum:
+    name:
+      - "{{ mrzcpd }}"
+    state: absent
+  when: uninstall.marsio == 1
+
+- name: remove marsio files
+  file:
+    path: /opt/mrzcpd
+    state: absent
+  when: remove.marsio == 1
+
+- name: remove mrzcpd.service
+  file:
+    path: /usr/lib/systemd/system/mrzcpd.service
+    state: absent
+  when: remove.marsio == 1
+
+- name: remove mrtunnat.service
+  file:
+    path: /usr/lib/systemd/system/mrtunnat.service
+    state: absent
+  when: remove.marsio == 1
+
+####################
+#Uninstall kni
+- name: stop sapp
+  systemd:
+    name: sapp
+    state: stopped
+    enabled: no
+  when:
+    - backup.kni == 1
+    - uninstall.kni == 1
+  ignore_errors: true
+
+- name: create backup_dest_path
+  file:
+    path: "{{ backup_dest_path }}"
+    state: directory
+  when: backup.kni == 1
+
+- name: backup sapp_run/etc/kni/ to destination path
+  archive:
+    path: /home/mesasoft/sapp_run/etc/kni
+    dest: "{{ backup_dest_path }}/kni_{{ uninstall_version }}_{{ date }}.zip"
+    format: zip
+  when: backup.kni == 1
+
+- name: backup sapp_run/plug to destination path
+  archive:
+    path: /home/mesasoft/sapp_run/plug
+    dest: "{{ backup_dest_path }}/sapp_plug_{{ uninstall_version }}_{{ date }}.zip"
+    format: zip
+  when: backup.sapp_plug == 1
+
+- name: "judge plug.zip"
+  shell: "ls {{ backup_dest_path }}/sapp_plug_{{ uninstall_version }}_{{ date }}.zip"
+  register: return
+  ignore_errors: true
+
+- name: uninstall kni
+  yum:
+    name:
+      - "{{ kni }}"
+    state: absent
+  when: uninstall.kni == 1
+
+- name: remove kni files
+  file:
+    path: /home/mesasoft/sapp_run/etc/kni/
+    state: absent
+  when: remove.kni == 1
+
+####################
+#Uninstall tsg_master
+- name: stop sapp
+  systemd:
+    name: sapp
+    state: stopped
+    enabled: no
+  when:
+    - backup.sapp_tsgconf == 1
+    - uninstall.tsgmaster == 1
+  ignore_errors: true
+
+- name: create backup_dest_path
+  file:
+    path: "{{ backup_dest_path }}"
+    state: directory
+  when: backup.sapp_tsgconf == 1
+
+- name: backup sapp_run/tsgconf/ to destination path
+  archive:
+    path: /home/mesasoft/sapp_run/tsgconf
+    dest: "{{ backup_dest_path }}/tsgconf_{{ uninstall_version }}_{{ date }}.zip"
+    format: zip
+  when: backup.sapp_tsgconf == 1
+
+- name: backup sapp_run/plug to destination path
+  archive:
+    path: /home/mesasoft/sapp_run/plug
+    dest: "{{ backup_dest_path }}/sapp_plug_{{ uninstall_version }}_{{ date }}.zip"
+    format: zip
+  when: 
+    - backup.sapp_plug == 1
+    - return.rc != 0
+
+- name: uninstall tsg_master
+  yum:
+    name:
+      - "{{ tsg_master }}"
+    state: absent
+  when: uninstall.tsgmaster == 1
+
+####################
+#Uninstall firewall
+- name: stop sapp
+  systemd:
+    name: sapp
+    state: stopped
+    enabled: no
+  when:
+    - backup.sapp_conf == 1
+    - uninstall.firewall == 1
+  ignore_errors: true
+
+- name: create backup_dest_path
+  file:
+    path: "{{ backup_dest_path }}"
+    state: directory
+  when: backup.sapp_conf == 1
+
+- name: create /home/mesasoft/sapp_runetc/
+  file:
+    path: /home/mesasoft/sapp_runetc/
+    state: directory
+  when: backup.sapp_conf == 1
+
+- name: create entrylist.conf
+  file:
+    path: /home/mesasoft/sapp_runetc/entrylist.conf
+    state: touch
+  when: backup.sapp_conf == 1
+
+- name: backup sapp_run/conf/ to destination path
+  archive:
+    path: /home/mesasoft/sapp_run/conf
+    dest: "{{ backup_dest_path }}/sapp_conf_{{ uninstall_version }}_{{ date }}.zip"
+    format: zip
+  when: backup.sapp_conf == 1
+
+- name: backup sapp_run/plug to destination path
+  archive:
+    path: /home/mesasoft/sapp_run/plug
+    dest: "{{ backup_dest_path }}/sapp_plug_{{ uninstall_version }}_{{ date }}.zip"
+    format: zip
+  when:
+    - backup.sapp_plug == 1
+    - return.rc != 0
+
+- name: uninstall firewall
+  yum:
+    name:
+      - "{{ capture_packet_plug }}"
+      - "{{ dns }}"
+      - "{{ ftp }}"
+      - "{{ http }}"
+      - "{{ quic }}"
+      - "{{ ssl }}"
+      - "{{ mail }}"
+      - "{{ fw_dns }}"
+      - "{{ fw_ftp }}"
+      - "{{ fw_http }}"
+      - "{{ fw_ssl }}"
+      - "{{ fw_mail }}"
+      - "{{ tsg_conn_record }}"
+    state: absent
+  when: uninstall.firewall == 1
+
+- name: uninstall firewall
+  yum:
+    name:
+      - "{{ fw_quic }}"
+      - "{{ tsg_conn_sketch }}"
+    state: absent
+  when: uninstall.firewall == 1
+  ignore_errors: true
+
+- name: remove /home/mesasoft/sapp_runetc
+  file:
+    path: /home/mesasoft/sapp_runetc
+    state: absent
+  when: uninstall.firewall == 1
+
+####################
+#Uninstall sapp
+- name: stop sapp
+  systemd:
+    name: sapp
+    state: stopped
+    enabled: no
+  when:
+    - backup.sapp_etc == 1
+    - uninstall.sapp == 1
+  ignore_errors: true
+
+- name: create backup_dest_path
+  file:
+    path: "{{ backup_dest_path }}"
+    state: directory
+  when: backup.sapp_etc == 1
+
+- name: backup sapp_run/etc to destination path
+  archive:
+    path: /home/mesasoft/sapp_run/etc
+    dest: "{{ backup_dest_path }}/sapp_etc_{{ uninstall_version }}_{{ date }}.zip"
+    format: zip
+  when: backup.sapp_etc == 1
+
+- name: uninstall sapp
+  yum:
+    name:
+      - "{{ sapp }}"
+    state: absent
+  when: uninstall.sapp == 1
+
+#- name: remove /home/mesasoft/sapp_run
+#  file:
+#    path: /home/mesasoft/sapp_run
+#    state: absent
+#  when: 
+#    - remove.sapp == 1
+#    - backup.sapp_plug == 1
+#    - backup.sapp_tsgconf == 1
+#    - backup.sapp_etc == 1 
+#    - backup.sapp_conf == 1
+
+- name: remove sapp.service
+  file:
+    path: /usr/lib/systemd/system/sapp.service
+    state: absent
+  when: remove.sapp == 1
+
+####################
+#Uninstall Certstore
+- name: stop certstore
+  systemd:
+    name: certstore
+    state: stopped
+    enabled: no
+  when: 
+    - backup.certstore == 1
+    - uninstall.certstore == 1
+  ignore_errors: true
+
+- name: create backup_dest_path
+  file:
+    path: "{{ backup_dest_path }}"
+    state: directory
+  when: backup.certstore == 1
+  
+- name: backup /home/tsg/certstore to destination path
+  archive:
+    path: /home/tsg/certstore
+    dest: "{{ backup_dest_path }}/certstore_{{ uninstall_version }}_{{ date }}.zip"
+    format: zip
+  when: backup.certstore == 1
+
+- name: uninstall certstore
+  yum:
+    name:
+      - "{{ certstore }}"
+    state: absent
+  when: uninstall.certstore == 1
+
+- name: remove certstore files
+  file:
+    path: /home/tsg/certstore
+    state: absent
+  when: remove.certstore == 1
+
+- name: remove certstore.service
+  file:
+    path: /usr/lib/systemd/system/certstore.service
+    state: absent
+  when: remove.certstore == 1
+
+####################
+#Uninstall cert-redis
+- name: stop cert-redis
+  systemd:
+    name: cert-redis
+    state: stopped
+    enabled: no
+  when: uninstall.certredis == 1 
+  ignore_errors: true
+
+- name: remove cert-redis files
+  file:
+    path: /home/tsg/cert-redis
+    state: absent
+  when: remove.certredis == 1
+
+####################
+#Uninstall clotho
+- name: stop clotho
+  systemd:
+    name: clotho
+    state: stopped
+    enabled: no
+  when: uninstall.clotho == 1
+  ignore_errors: true
+
+- name: uninstall clotho
+  yum:
+    name:
+      - "{{ clotho }}"
+    state: absent
+  when: uninstall.clotho == 1
+
+- name: remove clotho files
+  file:
+    path: /home/mesasoft/clotho
+    state: absent
+  when: remove.clotho == 1
+
+- name: remove clotho.service
+  file:
+    path: /usr/lib/systemd/system/clotho.service
+    state: absent
+  when: remove.clotho == 1
+
+####################
+#Uninstall http_healthcheck
+- name: uninstall http_healthcheck
+  yum:
+    name:
+      - "{{ http_healthcheck }}"
+    state: absent
+  when: uninstall.http_healthcheck == 1
+
+- name: remove http_healthcheck files
+  file:
+    path: /home/mesasoft/http_healthcheck
+    state: absent
+  when: remove.http_healthcheck == 1
+
+####################
+#Uninstall framework
+- name: create backup_dest_path
+  file:
+    path: "{{ backup_dest_path }}"
+    state: directory
+  when: backup.framework == 1
+
+- name: backup /home/tsg/certstore to destination path
+  archive:
+    path: /opt/MESA
+    dest: "{{ backup_dest_path }}/opt_MESA_{{ uninstall_version }}_{{ date }}.zip"
+    format: zip
+  when: backup.framework == 1
+
+- name: uninstall framework
+  yum:
+    name:
+      - "{{ libcjson }}"
+      - "{{ libdocument }}"
+      - "{{ libmaatframe }}"
+      - "{{ libMESA_field_stat }}"
+      - "{{ libMESA_field_stat2 }}"
+      - "{{ libMESA_handle_logger }}"
+      - "{{ libMESA_htable }}"
+      - "{{ libMESA_prof_load }}"
+      - "{{ librdkafka }}"
+      - "{{ librulescan }}"
+      - "{{ libwiredcfg }}"
+      - "{{ libWiredLB }}"
+      - "{{ lz4 }}"
+    state: absent
+  when: uninstall.framework == 1
+
+- name: remove framework files
+  file:
+    path: /opt/MESA
+    state: absent
+  when: remove.framework == 1
+
+####################
+#Uninstall telegraf_statistic
+- name: stop telegraf_statistic
+  systemd:
+    name: telegraf_statistic
+    state: stopped
+    enabled: no
+  when: uninstall.telegraf_statistic == 1
+  ignore_errors: true
+
+- name: uninstall telegraf_statistic
+  yum:
+    name:
+      - "{{ telegraf_statistic }}"
+    state: absent
+  when: uninstall.telegraf_statistic == 1
+
+- name: remove telegraf_statistic files
+  file:
+    path: /etc/telegraf/telegraf_statistic.conf
+    state: absent
+  when: remove.telegraf_statistic == 1
+
+- name: remove /tmp/metrics.out
+  file:
+    path: /tmp/metrics.out
+    state: absent 
+  when: remove.telegraf_statistic == 1
+
+####################
+#Remove other tsg files
+- name: remove /home/mesasoft
+  file:
+    path: /home/mesasoft
+    state: absent
+  when:
+    - remove.kni == 1
+    - remove.sapp == 1
+    - remove.clotho == 1
+
+- name: remove /home/tsg
+  file:
+    path: /home/tsg
+    state: absent
+  when:
+    - remove.certstore == 1
+    - remove.certredis == 1
+
+- name: remove /opt/proxy_status
+  file:
+    path: /opt/proxy_status
+    state: absent
+
+- name: remove /tmp/ansible_deploy
+  file:
+    path: /tmp/ansible_deploy
+    state: absent
--- a/uninstall/roles/uninstall_adc_mcn123/tasks/main.yml
+++ b/uninstall/roles/uninstall_adc_mcn123/tasks/main.yml
@@ -0,0 +1,189 @@
+####################
+#Uninstall Kernel
+- name: "reset default kernel"
+  shell: grub2-set-default '{{ origin_kernel }}'
+  when: uninstall.kernel == 1
+
+- name: "reboot"
+  reboot:
+  when: uninstall.kernel == 1
+
+- name: "uninstall tfe-kmod and kernel"
+  yum:
+    name:
+      - "{{ tfe_kmod }}"
+      - "{{ dkms }}"
+      - "{{ kernel_ml }}"
+      - "{{ kernel_ml_devel }}"
+      - "{{ elfutils_libelf_devel }}"
+      - "{{ zlib_devel }}"
+    state: absent
+  when: uninstall.kernel == 1
+  ignore_errors: true
+
+####################
+#Uninstall Marsio
+- name: stop mrzcpd
+  systemd:
+    name: mrzcpd
+    state: stopped
+    enabled: no
+  when: 
+    - backup.marsio == 1
+    - uninstall.marsio == 1
+  ignore_errors: true
+
+- name: stop mrtunnat
+  systemd:
+    name: mrtunnat
+    state: stopped
+    enabled: no
+  when: 
+    - backup.marsio == 1
+    - uninstall.marsio == 1
+  ignore_errors: true
+
+- name: create backup_dest_path
+  file:
+    path: "{{ backup_dest_path }}"
+    state: directory
+  when: backup.marsio == 1
+
+- name: backup /opt/mrzcpd to destination path
+  archive:
+    path: /opt/mrzcpd
+    dest: "{{ backup_dest_path }}/mrzcpd_{{ uninstall_version }}_{{ date }}.zip"
+    format: zip
+  when: backup.marsio == 1
+
+- name: uninstall mrzcpd
+  yum:
+    name:
+      - "{{ mrzcpd }}"
+    state: absent
+  when: uninstall.marsio == 1
+
+- name: remove marsio files
+  file:
+    path: /opt/mrzcpd
+    state: absent
+  when: remove.marsio == 1
+
+- name: remove mrzcpd.service
+  file:
+    path: /usr/lib/systemd/system/mrzcpd.service
+    state: absent
+  when: remove.marsio == 1
+
+- name: remove mrtunnat.service
+  file:
+    path: /usr/lib/systemd/system/mrtunnat.service
+    state: absent
+  when: remove.marsio == 1
+
+####################
+#Uninstall tfe
+- name: stop tfe
+  systemd:
+    name: tfe
+    state: stopped
+    enabled: no
+  when:
+    - backup.tfe == 1
+    - uninstall.tfe == 1
+  ignore_errors: true 
+
+- name: stop tfe-env
+  systemd:
+    name: tfe-env
+    state: stopped
+    enabled: no
+  when:
+    - backup.tfe == 1
+    - uninstall.tfe == 1
+  ignore_errors: true
+
+- name: create backup_dest_path
+  file:
+    path: "{{ backup_dest_path }}"
+    state: directory
+  when: backup.tfe == 1
+
+- name: backup /opt/tsg/tfe/conf to destination path
+  archive:
+    path: /opt/tsg/tfe/conf
+    dest: "{{ backup_dest_path }}/tfe_conf_{{ uninstall_version }}_{{ date }}.zip"
+    format: zip
+  when: backup.tfe == 1
+
+- name: uninstall tfe
+  yum:
+    name:
+      - "{{ tfe }}"
+    state: absent
+  when: uninstall.tfe == 1
+
+- name: remove /opt/tsg/tfe
+  file:
+    path: /opt/tsg/tfe
+    state: absent
+  when: remove.tfe == 1
+
+- name: remove tfe.service
+  file:
+    path: /usr/lib/systemd/system/tfe.service
+    state: absent
+  when: remove.tfe == 1
+
+- name: remove tfe-env.service
+  file:
+    path: /usr/lib/systemd/system/tfe-env.service
+    state: absent
+  when: remove.tfe == 1
+
+- name: remove tfe-env-tun-mode.service
+  file:
+    path: /usr/lib/systemd/system/tfe-env-tun-mode.service
+    state: absent
+  when: remove.tfe == 1
+
+####################
+#Uninstall framework
+- name: create backup_dest_path
+  file:
+    path: "{{ backup_dest_path }}"
+    state: directory
+  when: backup.framework == 1
+
+- name: backup /home/tsg/certstore to destination path
+  archive:
+    path: /opt/MESA
+    dest: "{{ backup_dest_path }}/opt_MESA_{{ uninstall_version }}_{{ date }}.zip"
+    format: zip
+  when: backup.framework == 1
+
+- name: uninstall framework
+  yum:
+    name:
+      - "{{ libcjson }}"
+      - "{{ libdocument }}"
+      - "{{ libmaatframe }}"
+      - "{{ libMESA_field_stat }}"
+      - "{{ libMESA_field_stat2 }}"
+      - "{{ libMESA_handle_logger }}"
+      - "{{ libMESA_htable }}"
+      - "{{ libMESA_prof_load }}"
+      - "{{ librdkafka }}"
+      - "{{ librulescan }}"
+      - "{{ libwiredcfg }}"
+      - "{{ libWiredLB }}"
+      - "{{ lz4 }}"
+    state: absent
+  when: uninstall.framework == 1
+
+- name: remove framework files
+  file:
+    path: /opt/MESA
+    state: absent
+  when: remove.framework == 1
+
--- a/uninstall/roles/uninstall_server/tasks/main.yml
+++ b/uninstall/roles/uninstall_server/tasks/main.yml
@@ -0,0 +1,570 @@
+####################
+#Uninstall Kernel
+- name: "reset default kernel"
+  shell: grub2-set-default '{{ origin_kernel }}'
+  when: uninstall.kernel == 1
+
+- name: "reboot"
+  reboot:
+  when: uninstall.kernel == 1
+
+- name: "uninstall tfe-kmod and kernel"
+  yum:
+    name:
+      - "{{ tfe_kmod }}"
+      - "{{ dkms }}"
+      - "{{ kernel_ml }}"
+      - "{{ kernel_ml_devel }}"
+      - "{{ elfutils_libelf_devel }}"
+      - "{{ zlib_devel }}"
+    state: absent
+  when: uninstall.kernel == 1
+  ignore_errors: true
+
+####################
+#Uninstall Marsio
+- name: stop mrzcpd
+  systemd:
+    name: mrzcpd
+    state: stopped
+    enabled: no
+  when: 
+    - backup.marsio == 1
+    - uninstall.marsio == 1
+  ignore_errors: true
+
+- name: stop mrtunnat
+  systemd:
+    name: mrtunnat
+    state: stopped
+    enabled: no
+  when: 
+    - backup.marsio == 1
+    - uninstall.marsio == 1
+  ignore_errors: true
+
+- name: create backup_dest_path
+  file:
+    path: "{{ backup_dest_path }}"
+    state: directory
+  when: backup.marsio == 1
+
+- name: backup /opt/mrzcpd to destination path
+  archive:
+    path: /opt/mrzcpd
+    dest: "{{ backup_dest_path }}/mrzcpd_{{ uninstall_version }}_{{ date }}.zip"
+    format: zip
+  when: backup.marsio == 1
+
+- name: uninstall mrzcpd
+  yum:
+    name:
+      - "{{ mrzcpd }}"
+    state: absent
+  when: uninstall.marsio == 1
+
+- name: remove marsio files
+  file:
+    path: /opt/mrzcpd
+    state: absent
+  when: remove.marsio == 1
+
+- name: remove mrzcpd.service
+  file:
+    path: /usr/lib/systemd/system/mrzcpd.service
+    state: absent
+  when: remove.marsio == 1
+
+- name: remove mrtunnat.service
+  file:
+    path: /usr/lib/systemd/system/mrtunnat.service
+    state: absent
+  when: remove.marsio == 1
+
+####################
+#Uninstall kni
+- name: stop sapp
+  systemd:
+    name: sapp
+    state: stopped
+    enabled: no
+  when:
+    - backup.kni == 1
+    - uninstall.kni == 1
+  ignore_errors: true
+
+- name: create backup_dest_path
+  file:
+    path: "{{ backup_dest_path }}"
+    state: directory
+  when: backup.kni == 1
+
+- name: backup sapp_run/etc/kni/ to destination path
+  archive:
+    path: /home/mesasoft/sapp_run/etc/kni
+    dest: "{{ backup_dest_path }}/kni_{{ uninstall_version }}_{{ date }}.zip"
+    format: zip
+  when: backup.kni == 1
+
+- name: backup sapp_run/plug to destination path
+  archive:
+    path: /home/mesasoft/sapp_run/plug
+    dest: "{{ backup_dest_path }}/sapp_plug_{{ uninstall_version }}_{{ date }}.zip"
+    format: zip
+  when: backup.sapp_plug == 1
+
+- name: "judge plug.zip"
+  shell: "ls {{ backup_dest_path }}/sapp_plug_{{ uninstall_version }}_{{ date }}.zip"
+  register: return
+  ignore_errors: true
+
+- name: uninstall kni
+  yum:
+    name:
+      - "{{ kni }}"
+    state: absent
+  when: uninstall.kni == 1
+
+- name: remove kni files
+  file:
+    path: /home/mesasoft/sapp_run/etc/kni/
+    state: absent
+  when: remove.kni == 1
+
+####################
+#Uninstall tsg_master
+- name: stop sapp
+  systemd:
+    name: sapp
+    state: stopped
+    enabled: no
+  when:
+    - backup.sapp_tsgconf == 1
+    - uninstall.tsgmaster == 1
+  ignore_errors: true
+
+- name: create backup_dest_path
+  file:
+    path: "{{ backup_dest_path }}"
+    state: directory
+  when: backup.sapp_tsgconf == 1
+
+- name: backup sapp_run/tsgconf/ to destination path
+  archive:
+    path: /home/mesasoft/sapp_run/tsgconf
+    dest: "{{ backup_dest_path }}/tsgconf_{{ uninstall_version }}_{{ date }}.zip"
+    format: zip
+  when: backup.sapp_tsgconf == 1
+
+- name: backup sapp_run/plug to destination path
+  archive:
+    path: /home/mesasoft/sapp_run/plug
+    dest: "{{ backup_dest_path }}/sapp_plug_{{ uninstall_version }}_{{ date }}.zip"
+    format: zip
+  when: 
+    - backup.sapp_plug == 1
+    - return.rc != 0
+
+- name: uninstall tsg_master
+  yum:
+    name:
+      - "{{ tsg_master }}"
+    state: absent
+  when: uninstall.tsgmaster == 1
+
+####################
+#Uninstall firewall
+- name: stop sapp
+  systemd:
+    name: sapp
+    state: stopped
+    enabled: no
+  when:
+    - backup.sapp_conf == 1
+    - uninstall.firewall == 1
+  ignore_errors: true
+
+- name: create backup_dest_path
+  file:
+    path: "{{ backup_dest_path }}"
+    state: directory
+  when: backup.sapp_conf == 1
+
+- name: create /home/mesasoft/sapp_runetc/
+  file:
+    path: /home/mesasoft/sapp_runetc/
+    state: directory
+  when: backup.sapp_conf == 1
+
+- name: create entrylist.conf
+  file:
+    path: /home/mesasoft/sapp_runetc/entrylist.conf
+    state: touch
+  when: backup.sapp_conf == 1
+
+- name: backup sapp_run/conf/ to destination path
+  archive:
+    path: /home/mesasoft/sapp_run/conf
+    dest: "{{ backup_dest_path }}/sapp_conf_{{ uninstall_version }}_{{ date }}.zip"
+    format: zip
+  when: backup.sapp_conf == 1
+
+- name: backup sapp_run/plug to destination path
+  archive:
+    path: /home/mesasoft/sapp_run/plug
+    dest: "{{ backup_dest_path }}/sapp_plug_{{ uninstall_version }}_{{ date }}.zip"
+    format: zip
+  when:
+    - backup.sapp_plug == 1
+    - return.rc != 0
+
+- name: uninstall firewall
+  yum:
+    name:
+      - "{{ capture_packet_plug }}"
+      - "{{ dns }}"
+      - "{{ ftp }}"
+      - "{{ http }}"
+      - "{{ quic }}"
+      - "{{ ssl }}"
+      - "{{ mail }}"
+      - "{{ fw_dns }}"
+      - "{{ fw_ftp }}"
+      - "{{ fw_http }}"
+      - "{{ fw_ssl }}"
+      - "{{ fw_mail }}"
+      - "{{ tsg_conn_record }}"
+    state: absent
+  when: uninstall.firewall == 1
+
+- name: uninstall firewall
+  yum:
+    name:
+      - "{{ fw_quic }}"
+      - "{{ tsg_conn_sketch }}"
+    state: absent
+  when: uninstall.firewall == 1
+  ignore_errors: true
+
+- name: remove /home/mesasoft/sapp_runetc
+  file:
+    path: /home/mesasoft/sapp_runetc
+    state: absent
+  when: uninstall.firewall == 1
+
+####################
+#Uninstall sapp
+- name: stop sapp
+  systemd:
+    name: sapp
+    state: stopped
+    enabled: no
+  when:
+    - backup.sapp_etc == 1
+    - uninstall.sapp == 1
+  ignore_errors: true
+
+- name: create backup_dest_path
+  file:
+    path: "{{ backup_dest_path }}"
+    state: directory
+  when: backup.sapp_etc == 1
+
+- name: backup sapp_run/etc to destination path
+  archive:
+    path: /home/mesasoft/sapp_run/etc
+    dest: "{{ backup_dest_path }}/sapp_etc_{{ uninstall_version }}_{{ date }}.zip"
+    format: zip
+  when: backup.sapp_etc == 1
+
+- name: uninstall sapp
+  yum:
+    name:
+      - "{{ sapp }}"
+    state: absent
+  when: uninstall.sapp == 1
+
+#- name: remove /home/mesasoft/sapp_run
+#  file:
+#    path: /home/mesasoft/sapp_run
+#    state: absent
+#  when: 
+#    - remove.sapp == 1
+#    - backup.sapp_plug == 1
+#    - backup.sapp_tsgconf == 1
+#    - backup.sapp_etc == 1 
+#    - backup.sapp_conf == 1
+
+- name: remove sapp.service
+  file:
+    path: /usr/lib/systemd/system/sapp.service
+    state: absent
+  when: remove.sapp == 1
+
+####################
+#Uninstall tfe
+- name: stop tfe
+  systemd:
+    name: tfe
+    state: stopped
+    enabled: no
+  when:
+    - backup.tfe == 1
+    - uninstall.tfe == 1
+  ignore_errors: true 
+
+- name: stop tfe-env
+  systemd:
+    name: tfe-env
+    state: stopped
+    enabled: no
+  when:
+    - backup.tfe == 1
+    - uninstall.tfe == 1
+  ignore_errors: true
+
+- name: create backup_dest_path
+  file:
+    path: "{{ backup_dest_path }}"
+    state: directory
+  when: backup.tfe == 1
+
+- name: backup /opt/tsg/tfe/conf to destination path
+  archive:
+    path: /opt/tsg/tfe/conf
+    dest: "{{ backup_dest_path }}/tfe_conf_{{ uninstall_version }}_{{ date }}.zip"
+    format: zip
+  when: backup.tfe == 1
+
+- name: uninstall tfe
+  yum:
+    name:
+      - "{{ tfe }}"
+    state: absent
+  when: uninstall.tfe == 1
+
+- name: remove /opt/tsg/tfe
+  file:
+    path: /opt/tsg/tfe
+    state: absent
+  when: remove.tfe == 1
+
+- name: remove tfe.service
+  file:
+    path: /usr/lib/systemd/system/tfe.service
+    state: absent
+  when: remove.tfe == 1
+
+- name: remove tfe-env.service
+  file:
+    path: /usr/lib/systemd/system/tfe-env.service
+    state: absent
+  when: remove.tfe == 1
+
+- name: remove tfe-env-tun-mode.service
+  file:
+    path: /usr/lib/systemd/system/tfe-env-tun-mode.service
+    state: absent
+  when: remove.tfe == 1
+
+####################
+#Uninstall Certstore
+- name: stop certstore
+  systemd:
+    name: certstore
+    state: stopped
+    enabled: no
+  when: 
+    - backup.certstore == 1
+    - uninstall.certstore == 1
+  ignore_errors: true
+
+- name: create backup_dest_path
+  file:
+    path: "{{ backup_dest_path }}"
+    state: directory
+  when: backup.certstore == 1
+  
+- name: backup /home/tsg/certstore to destination path
+  archive:
+    path: /home/tsg/certstore
+    dest: "{{ backup_dest_path }}/certstore_{{ uninstall_version }}_{{ date }}.zip"
+    format: zip
+  when: backup.certstore == 1
+
+- name: uninstall certstore
+  yum:
+    name:
+      - "{{ certstore }}"
+    state: absent
+  when: uninstall.certstore == 1
+
+- name: remove certstore files
+  file:
+    path: /home/tsg/certstore
+    state: absent
+  when: remove.certstore == 1
+
+- name: remove certstore.service
+  file:
+    path: /usr/lib/systemd/system/certstore.service
+    state: absent
+  when: remove.certstore == 1
+
+####################
+#Uninstall cert-redis
+- name: stop cert-redis
+  systemd:
+    name: cert-redis
+    state: stopped
+    enabled: no
+  when: uninstall.certredis == 1 
+  ignore_errors: true
+
+- name: remove cert-redis files
+  file:
+    path: /home/tsg/cert-redis
+    state: absent
+  when: remove.certredis == 1
+
+####################
+#Uninstall clotho
+- name: stop clotho
+  systemd:
+    name: clotho
+    state: stopped
+    enabled: no
+  when: uninstall.clotho == 1
+  ignore_errors: true
+
+- name: uninstall clotho
+  yum:
+    name:
+      - "{{ clotho }}"
+    state: absent
+  when: uninstall.clotho == 1
+
+- name: remove clotho files
+  file:
+    path: /home/mesasoft/clotho
+    state: absent
+  when: remove.clotho == 1
+
+- name: remove clotho.service
+  file:
+    path: /usr/lib/systemd/system/clotho.service
+    state: absent
+  when: remove.clotho == 1
+
+####################
+#Uninstall http_healthcheck
+- name: uninstall http_healthcheck
+  yum:
+    name:
+      - "{{ http_healthcheck }}"
+    state: absent
+  when: uninstall.http_healthcheck == 1
+
+- name: remove http_healthcheck files
+  file:
+    path: /home/mesasoft/http_healthcheck
+    state: absent
+  when: remove.http_healthcheck == 1
+
+####################
+#Uninstall framework
+- name: create backup_dest_path
+  file:
+    path: "{{ backup_dest_path }}"
+    state: directory
+  when: backup.framework == 1
+
+- name: backup /home/tsg/certstore to destination path
+  archive:
+    path: /opt/MESA
+    dest: "{{ backup_dest_path }}/opt_MESA_{{ uninstall_version }}_{{ date }}.zip"
+    format: zip
+  when: backup.framework == 1
+
+- name: uninstall framework
+  yum:
+    name:
+      - "{{ libcjson }}"
+      - "{{ libdocument }}"
+      - "{{ libmaatframe }}"
+      - "{{ libMESA_field_stat }}"
+      - "{{ libMESA_field_stat2 }}"
+      - "{{ libMESA_handle_logger }}"
+      - "{{ libMESA_htable }}"
+      - "{{ libMESA_prof_load }}"
+      - "{{ librdkafka }}"
+      - "{{ librulescan }}"
+      - "{{ libwiredcfg }}"
+      - "{{ libWiredLB }}"
+      - "{{ lz4 }}"
+    state: absent
+  when: uninstall.framework == 1
+
+- name: remove framework files
+  file:
+    path: /opt/MESA
+    state: absent
+  when: remove.framework == 1
+
+####################
+#Uninstall telegraf_statistic
+- name: stop telegraf_statistic
+  systemd:
+    name: telegraf_statistic
+    state: stopped
+    enabled: no
+  when: uninstall.telegraf_statistic == 1
+  ignore_errors: true
+
+- name: uninstall telegraf_statistic
+  yum:
+    name:
+      - "{{ telegraf_statistic }}"
+    state: absent
+  when: uninstall.telegraf_statistic == 1
+
+- name: remove telegraf_statistic files
+  file:
+    path: /etc/telegraf/telegraf_statistic.conf
+    state: absent
+  when: remove.telegraf_statistic == 1
+
+- name: remove /tmp/metrics.out
+  file:
+    path: /tmp/metrics.out
+    state: absent 
+  when: remove.telegraf_statistic == 1
+
+####################
+#Remove other tsg files
+- name: remove /home/mesasoft
+  file:
+    path: /home/mesasoft
+    state: absent
+  when:
+    - remove.kni == 1
+    - remove.sapp == 1
+    - remove.clotho == 1
+
+- name: remove /home/tsg
+  file:
+    path: /home/tsg
+    state: absent
+  when:
+    - remove.certstore == 1
+    - remove.certredis == 1
+
+- name: remove /opt/proxy_status
+  file:
+    path: /opt/proxy_status
+    state: absent
+
+- name: remove /tmp/ansible_deploy
+  file:
+    path: /tmp/ansible_deploy
+    state: absent
--- a/uninstall/uninstall_config/group_vars/uninstall_vars.yml
+++ b/uninstall/uninstall_config/group_vars/uninstall_vars.yml
@@ -0,0 +1,52 @@
+####################
+#Uninstall the target TSG version
+#Support 20.08 / 20.07 / 20.07.rc1 / 20.06.1
+uninstall_version: 20.08
+
+####################
+#Backup
+backup_dest_path: /root/backup_data
+date: 20200914
+backup:
+  marsio: 1
+  tfe: 1
+  sapp_plug: 1
+  sapp_tsgconf: 1
+  sapp_conf: 1
+  sapp_etc: 1
+  kni: 1
+  certstore: 1
+  framework: 1
+
+####################
+#Uninstall list
+uninstall:
+  kernel: 0
+  framework: 1
+  marsio: 1
+  sapp: 1
+  tsgmaster: 1
+  firewall: 1
+  kni: 1
+  tfe: 1
+  certstore: 1
+  certredis: 1
+  clotho: 1
+  http_healthcheck: 1
+  telegraf_statistic: 1
+  tsg_env_tun_mode: 0
+
+####################
+#Remove list
+remove:
+  marsio: 1
+  kni: 1
+  certstore: 1
+  sapp: 1
+  tfe: 1
+  certredis: 1
+  clotho: 1
+  http_healthcheck: 1
+  framework: 1
+  telegraf_statistic: 1
+
--- a/uninstall/uninstall_config/hosts
+++ b/uninstall/uninstall_config/hosts
@@ -0,0 +1,17 @@
+####################
+#   For example    #
+####################
+#
+#[uninstall_server]
+#1.1.1.1
+#
+#[uninstall_adc_mcn0]
+#10.3.72.1
+#
+#[uninstall_adc_mcn123]
+#10.3.73.1
+#10.3.74.1
+#10.3.75.1
+[uninstall_server]
+[uninstall_adc_mcn0]
+[uninstall_adc_mcn123]
--- a/uninstall/uninstall_tsg.yml
+++ b/uninstall/uninstall_tsg.yml
@@ -0,0 +1,23 @@
+- hosts: uninstall_server
+  remote_user: root
+  roles:
+   - uninstall_server
+  vars_files:
+    - uninstall_config/group_vars/uninstall_vars.yml
+    - roles/package_list/20.08.yml
+
+- hosts: uninstall_adc_mcn0
+  remote_user: root
+  roles:
+   - uninstall_adc_mcn0
+  vars_files:
+    - uninstall_config/group_vars/uninstall_vars.yml
+    - roles/package_list/20.08.yml
+
+- hosts: uninstall_adc_mcn123
+  remote_user: root
+  roles:
+   - uninstall_adc_mcn123
+  vars_files:
+    - uninstall_config/group_vars/uninstall_vars.yml
+    - roles/package_list/20.08.yml
Author	SHA1	Message	Date
zhangzhihan	27d3231a6e	update	2020-09-14 21:55:36 +08:00
zhangzhihan	b4735332f4	update	2020-09-14 21:48:27 +08:00
zhangzhihan	f70cf73628	update	2020-09-10 20:19:30 +08:00
zhangzhihan	1d0943fdb0	update	2020-09-10 20:12:17 +08:00
zhangzhihan	1d210d18c4	update new 20.08	2020-09-10 03:22:39 +08:00
zhangzhihan	e088bc922b	update	2020-09-04 10:55:01 +08:00
zhangzhihan	845a73e69f	update	2020-09-03 20:20:04 +08:00