增加docker环境基础安装

.gitlab-ci.yml

@@ -0,0 +1,35 @@
+stages:
+- build
+    
+.build_tar:
+  image: "git.mesalab.cn:7443/mesa_platform/build-env:self-test-env"
+  variables:
+    GIT_STRATEGY: "clone"
+    BUILD_PADDING_PREFIX: /tmp/padding_for_PACK_TAR_BUILD_DIRS_PREFIX/
+    TESTING_VERSION_BUILD: 0
+  before_script:
+    - dockerd > /dev/null &
+    - docker info
+    - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
+    - mkdir -p $BUILD_PADDING_PREFIX/$CI_PROJECT_NAMESPACE/
+    - ln -s $CI_PROJECT_DIR $BUILD_PADDING_PREFIX/$CI_PROJECT_PATH
+    - cd $BUILD_PADDING_PREFIX/$CI_PROJECT_PATH
+    - pwd
+    - chmod +x ./ci/travis.sh
+  script:
+    - yum makecache
+    - ./ci/travis.sh
+  tags:
+  - share
+    
+file_build:
+  stage: build
+  variables:
+    VER_NAME: $CI_COMMIT_REF_NAME
+    PULP3_REPO_NAME: install-package-stable
+    PULP3_DIST_NAME: install-package-stable
+
+  extends: .build_tar
+  only:
+    - tags
+

buildPackage.yml

@@ -0,0 +1,3 @@
+- hosts: local
+  roles:
+    - package-build

build_config/group_vars/local.yml

@@ -0,0 +1,10 @@
+tarpath:
+  src:
+    - /tmp/padding_for_PACK_TAR_BUILD_DIRS_PREFIX/tsg/tsg-scripts/install_config
+    - /tmp/padding_for_PACK_TAR_BUILD_DIRS_PREFIX/tsg/tsg-scripts/deploy.yml
+    - /tmp/padding_for_PACK_TAR_BUILD_DIRS_PREFIX/tsg/tsg-scripts/roles/tsg-diagnose
+  destdict: /tmp/padding_for_PACK_TAR_BUILD_DIRS_PREFIX/tsg/tsg-scripts/build/
+
+tsgDiagnoseDockerFile: 
+  unarchiveUrl: https://repo.internal.geedge.net/pulp/content/install/stable/package/docker-rpm-test-docker-ce-7.tar.gz
+  unarchiveDest: /tmp/padding_for_PACK_TAR_BUILD_DIRS_PREFIX/tsg/tsg-scripts/roles/tsg-diagnose/files

build_config/hosts

@@ -0,0 +1,2 @@
+[local]
+localhost ansible_connection=local

ci/travis.sh

@@ -0,0 +1,14 @@
+#!/usr/bin/env sh
+mkdir build || true
+
+cat ./customize.yml >> ./build_config/group_vars/local.yml
+cat ./customize.yml >> ./install_config/group_vars/all.yml
+
+ansible-playbook -i ./build_config -e tarname=tsg-scripts-${VER_NAME}.tar.gz  buildPackage.yml
+
+ls -halt ./build/tsg-scripts-${VER_NAME}.tar.gz
+
+cd build
+cp ~/file_upload_tools.py ./
+
+python3 file_upload_tools.py ${PULP3_REPO_NAME} ${PULP3_DIST_NAME} *.tar.gz

customize.yml

@@ -0,0 +1,52 @@
+rpmdict:
+  tsgDiagnose:
+    fullname: "tsg-diagnose-test_edit_name-1.el7.x86_64.rpm"
+    name: "tsg-diagnose"
+    downpath: "/tmp/padding_for_PACK_TAR_BUILD_DIRS_PREFIX/tsg/tsg-scripts/roles/tsg-diagnose/files/rpms"
+
+dockerEnvRpm:
+  dockerCe:
+    - container-selinux-2.119.2-1.911c772.el7_8.noarch.rpm
+    - selinux-policy-targeted-3.13.1-266.el7_8.1.noarch.rpm
+    - selinux-policy-3.13.1-266.el7_8.1.noarch.rpm
+    - containerd.io-1.2.13-3.2.el7.x86_64.rpm
+    - policycoreutils-python-2.5-34.el7.x86_64.rpm
+    - policycoreutils-2.5-34.el7.x86_64.rpm
+    - libselinux-utils-2.5-15.el7.x86_64.rpm
+    - libselinux-python-2.5-15.el7.x86_64.rpm
+    - libseccomp-2.3.1-4.el7.x86_64.rpm
+    - iptables-1.4.21-34.el7.x86_64.rpm
+    - libcgroup-0.41-21.el7.x86_64.rpm
+    - audit-libs-python-2.8.5-4.el7.x86_64.rpm
+    - setools-libs-3.3.8-4.el7.x86_64.rpm
+    - libsemanage-python-2.5-14.el7.x86_64.rpm
+    - checkpolicy-2.5-8.el7.x86_64.rpm
+    - libnetfilter_conntrack-1.0.6-1.el7_3.x86_64.rpm
+    - python-IPy-0.75-6.el7.noarch.rpm
+    - libnfnetlink-1.0.1-4.el7.x86_64.rpm
+    - libmnl-1.0.3-7.el7.x86_64.rpm
+    - docker-ce-cli-19.03.12-3.el7.x86_64.rpm
+    - docker-ce-19.03.12-3.el7.x86_64.rpm
+  dockerCompose:
+    - libtirpc-0.2.4-0.16.el7.x86_64.rpm
+    - libyaml-0.1.4-11.el7_0.x86_64.rpm
+    - python3-3.6.8-13.el7.x86_64.rpm
+    - python36-cached_property-1.5.1-2.el7.noarch.rpm
+    - python36-chardet-3.0.4-1.el7.noarch.rpm
+    - python36-docker-2.6.1-3.el7.noarch.rpm
+    - python36-dockerpty-0.4.1-18.el7.noarch.rpm
+    - python36-docker-pycreds-0.2.1-2.el7.noarch.rpm
+    - python36-docopt-0.6.2-8.el7.noarch.rpm
+    - python36-idna-2.7-2.el7.noarch.rpm
+    - python36-jsonschema-2.5.1-4.el7.noarch.rpm
+    - python36-pysocks-1.6.8-7.el7.noarch.rpm
+    - python36-PyYAML-3.13-1.el7.x86_64.rpm
+    - python36-requests-2.14.2-2.el7.noarch.rpm
+    - python36-six-1.14.0-2.el7.noarch.rpm
+    - python36-texttable-1.6.2-1.el7.noarch.rpm
+    - python36-urllib3-1.25.6-1.el7.noarch.rpm
+    - python36-websocket-client-0.47.0-2.el7.noarch.rpm
+    - python3-libs-3.6.8-13.el7.x86_64.rpm
+    - python3-pip-9.0.3-7.el7_7.noarch.rpm
+    - python3-setuptools-39.2.0-10.el7.noarch.rpm
+    - docker-compose-1.18.0-4.el7.noarch.rpm

deploy.yml

@@ -1,25 +1,9 @@
-- hosts:
+- hosts: Functional_Host
-    - adc_mcn0
-    - adc_mcn1
-    - adc_mcn2
-    - adc_mcn3
-  remote_user: root
-  vars_files:
-    - install_config/group_vars/adc_global.yml
   roles:
     - framework
     - kernel-ml
 
-- hosts: adc_mxn
+- hosts: blade-00
-  remote_user: root
-  roles:
-#    - tsg-env-mxn
-
-- hosts: adc_mcn0
-  remote_user: root
-  vars_files:
-    - install_config/group_vars/adc_global.yml
-    - install_config/group_vars/adc_mcn0.yml
   roles:
 #    - tsg-env-mcn0
     - mrzcpd
@@ -27,77 +11,36 @@
     - tsg_master
     - kni
     - firewall
-    - tsg_app
     - http_healthcheck
     - clotho
     - certstore
     - cert-redis
     - telegraf_statistic
-#    - tsg_device_tag
+    - tsg-diagnose
 
-- hosts: adc_mcn1
+- hosts: blade-01
-  remote_user: root
-  vars_files:
-    - install_config/group_vars/adc_global.yml
-    - install_config/group_vars/adc_mcn1.yml
   roles:
 #    - tsg-env-mcn1
     - mrzcpd
     - tfe
 
-- hosts: adc_mcn2
+- hosts: blade-02
-  remote_user: root
-  vars_files:
-    - install_config/group_vars/adc_global.yml
-    - install_config/group_vars/adc_mcn2.yml
   roles:
 #    - tsg-env-mcn2
     - mrzcpd
     - tfe
 
-- hosts: adc_mcn3
+- hosts: blade-03
-  remote_user: root
-  vars_files:
-    - install_config/group_vars/adc_global.yml
-    - install_config/group_vars/adc_mcn3.yml
   roles:
 #    - tsg-env-mcn3
     - mrzcpd
     - tfe
 
-- hosts: adc_mcn0
+- hosts: blade-mxn
-  remote_user: root
   roles:
-    - tsg-diagnose
+#    - tsg-env-mxn
 
-- hosts: 
+- hosts: pc-as-tun-mode
-    - adc_mcn1
-    - adc_mcn2
-    - adc_mcn3
-  remote_user: root
-  roles:
-    - tsg-diagnose_sync_ca
-    
-- hosts: adc_mcn0
-  remote_user: root
-  roles:
-    - tsg-diagnose_stop_sync
-
-- hosts:
-    - adc_mcn0
-    - adc_mcn1
-    - adc_mcn2
-    - adc_mcn3
-  remote_user: root
-  vars_files:
-    - install_config/group_vars/adc_global.yml
-  roles:
-    - reboot
-
-- hosts: server-as-tun-mode
-  remote_user: root
-  vars_files:
-    - install_config/group_vars/server_as_tun_mode.yml
   roles:
     - kernel-ml
     - framework
@@ -107,7 +50,6 @@
     - tsg_master
     - kni
     - firewall
-    - tsg_app
     - http_healthcheck
     - clotho
     - certstore
@@ -115,12 +57,3 @@
     - tfe
     - telegraf_statistic
     - proxy_status
-#    - tsg_device_tag
-    - reboot
-
-- hosts: app_global
-  remote_user: root
-  vars_files:
-    - install_config/group_vars/app_global.yml
-  roles:
-    - app_global

install_config/group_vars/adc_global.yml

@@ -1,100 +0,0 @@
-#########################################
-#####1: Inline_device;  2: Allot;  3: ADC_Tun_mode;
-tsg_access_type: 3
-#####2: ADC;
-tsg_running_type: 2
-
-########################################
-#Deploy_finished_reboot
-Deploy_finished_reboot: 1
-
-########################################
-#IP Config
-maat_redis_server:
-  address: "192.168.40.168"
-  port: 7002
-  db: 0
-
-dynamic_maat_redis_server:
-  address: "192.168.40.168"
-  port: 7002
-  db: 0
-
-cert_store_server:
-  address: "192.168.100.1"
-  port: 9991
-
-log_kafkabrokers:
-  address: "1.1.1.1:9092,2.2.2.2:9092"
-
-log_minio:
-  address: "192.168.40.168;"
-  port: 9090
-
-#########################################
-#Log Level Config
-#日志等级 10:DEBUG 20:INFO 30:FATAL
-fw_ftp_log_level: 10
-fw_mail_log_level: 10
-fw_http_log_level: 10
-fw_dns_log_level: 10
-fw_quic_log_level: 10
-capture_packet_log_level: 10
-tsg_log_level: 10
-tsg_master_log_level: 10
-kni_log_level: 10
-tfe_log_level: 10
-tfe_http_log_level: 10
-pangu_log_level: 10
-doh_log_level: 10
-certstore_log_level: 10
-clotho_log_level: 10
-
-#######################################
-#Sapp Performance Config
-#Sapp工作在ADC计算板0时，建议使用如下30+8的配置，以保证更高的处理性能
-sapp:
-  worker_threads: 37
-  send_only_threads_max: 1
-  bind_mask: 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38
-  inbound_route_dir: 1
-
-########################################
-#Kni Config
-kni:
-  global:
-    tfe_node_count: 3
-  watch_dog:
-    switch: 1
-  maat:
-    readconf_mode: 2
-  send_logger:
-    switch: 1
-  tfe_nodes:
-    tfe0_enabled: 1
-    tfe1_enabled: 1
-    tfe2_enabled: 1
-
-########################################
-#Tfe Config
-tfe:
-  nr_threads: 32
-  mirror_enable: 1
-
-########################################
-#Marsio Config
-#marsio工作在ADC计算板时，建议使用如下配置，以保证更高的处理性能
-mrzcpd:
-  iocore: 52,53,54,55
-
-mrtunnat:
-  lcore_id: 48,49,50,51 
-
-#########################################
-#Tsg_app
-tsg_app_enable: 0
-app_global_ip: "1.1.1.1"
-applog_level: 10
-app_master_log_level: 10
-app_sketch_local_log_level: 10
-app_control_plug_log_level: 10

install_config/group_vars/adc_mcn0.yml

@@ -1,37 +0,0 @@
-#########################################
-#Mcn0管理口网卡名
-nic_mgr:
-  name: ens1f3
-
-#########################################
-#Mcn0流量接入网卡，固定配置
-nic_data_incoming:
-  name: ens1f4
-
-#########################################
-#Mcn0其他数据口网卡名配置，固定配置
-nic_inner_ctrl:
-  name: ens1.100
-nic_to_tfe:
-  tfe0:
-      name: ens1f5
-  tfe1:
-      name: ens1f6
-  tfe2:
-      name: ens1f7
-
-#########################################
-#串联设备接入相关配置
-inline_device_config:
-  keepalive_ip: 192.168.1.30
-  keepalive_mask: 255.255.255.252
-
-#########################################
-#Allot接入相关配置
-AllotAccess:
-  virturlInterface_1: ens1f2.103
-  virturlInterface_2: ens1f2.104
-  virturlID_1: 103
-  virturlID_2: 104
-  vvipv4_mask: 24
-  vvipv6_mask: 64

install_config/group_vars/adc_mcn1.yml

@@ -1,17 +0,0 @@
-#########################################
-#Mcn1管理口网卡名
-nic_mgr:
-  name: ens1f3
-
-#########################################
-#Mcn1流量接入网卡，固定配置
-nic_data_incoming:
-  name: ens1f1
-
-#########################################
-#Mcn1其他数据口网卡名配置，固定配置
-nic_inner_ctrl:
-  name: ens1.100
-nic_traffic_mirror:
-  name: ens1f2
-  use_mrzcpd: 1

install_config/group_vars/adc_mcn2.yml

@@ -1,17 +0,0 @@
-#########################################
-#Mcn2管理口网卡名
-nic_mgr:
-  name: ens8f3
-
-#########################################
-#Mcn2流量接入网卡，固定配置
-nic_data_incoming:
-  name: ens8f1
-
-#########################################
-#Mcn2其他数据口网卡名配置，固定配置
-nic_inner_ctrl:
-  name: ens8.100
-nic_traffic_mirror:
-  name: ens8f2
-  use_mrzcpd: 1

install_config/group_vars/adc_mcn3.yml

@@ -1,17 +0,0 @@
-#########################################
-#Mcn3管理口网卡名
-nic_mgr:
-  name: ens8f3
-
-#########################################
-#Mcn3流量接入网卡，固定配置
-nic_data_incoming:
-  name: ens8f1
-
-#########################################
-#Mcn3其他数据口网卡名配置，固定配置
-nic_inner_ctrl:
-  name: ens8.100
-nic_traffic_mirror:
-  name: ens8f2
-  use_mrzcpd: 1

install_config/group_vars/all.yml

@@ -0,0 +1,90 @@
+#########################################
+#####0: Pcap; 1: Inline_device;  2: Allot;  3: ADC_Tun_mode;  4: ATCA;
+tsg_access_type: 4
+
+#####0: Tun_mode;  1: normal; 2: ADC;
+tsg_running_type: 1 
+
+########################################
+maat_redis_server:
+  address: "192.168.40.168"
+  port: 7002
+  db: 0
+
+dynamic_maat_redis_server:
+  address: "192.168.40.168"
+  port: 7002
+  db: 0
+
+cert_store_server:
+  address: "192.168.100.1"
+  port: 9991
+
+log_kafkabrokers:
+  address: "1.1.1.1:9092,2.2.2.2:9092"
+
+log_minio:
+  address: "192.168.40.168;"
+  port: 9090
+
+fs_remote:
+  switch: 1
+  address: "192.168.100.1"
+  port: 58125
+  
+########################################
+sapp:
+  worker_threads: 16
+  send_only_threads_max: 8
+  bind_mask: 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16
+  inbound_route_dir: 1
+
+########################################
+kni:
+  global:
+    log_level: 30
+    tfe_node_count: 3
+  watch_dog:
+    switch: 1
+  maat:
+    readconf_mode: 2
+  send_logger:
+    switch: 1
+  tfe_nodes:
+    tfe0_enabled: 1
+    tfe1_enabled: 1
+    tfe2_enabled: 1
+
+########################################
+tfe:
+  nr_threads: 32
+  mc_cache_eth: lo 
+  keykeeper:
+    mode: "normal"
+    no_cache: 0
+
+########################################
+mrzcpd:
+  iocore: 39
+
+mrtunnat:
+  lcore_id: 38
+
+nic_data_incoming:
+  ethname: enp1s0
+  vf0_name: enp1s2
+  vf1_name: enp1s2f1
+  vf2_name: enp1s2f2
+
+VlanFlipping:
+  vlanID_1: 100
+  vlanID_2: 101
+  vlanID_3: 103
+  vlanID_4: 104
+########################################
+server:
+  ethname: eth0
+  tun_name: eth0.100
+  internal_interface: "eth2"
+  external_interface: "eth3"
+

install_config/group_vars/app_global.yml

@@ -1,10 +0,0 @@
-#########################################
-app_sketch_global_log_level: 10
-
-maat_redis_server:
-  address: "192.168.40.168"
-  port: 7002
-  db: 0
-
-file_stat_ip: "1.1.1.1"
-  

install_config/group_vars/blade-00.yml

@@ -0,0 +1,23 @@
+nic_mgr:
+    name: enp6s0
+nic_data_incoming:
+    name: ens1f4
+    ip: 192.168.1.30
+    mask: 255.255.255.252
+nic_inner_ctrl:
+    name: ens1.100
+nic_to_tfe:
+    tfe0:
+        name: ens1f5
+    tfe1:
+        name: ens1f6
+    tfe2:
+        name: ens1f7
+
+AllotAccess:
+    virturlInterface_1: ens1f2.103
+    virturlInterface_2: ens1f2.104
+    virturlID_1: 103
+    virturlID_2: 104
+    vvipv4_mask: 24
+    vvipv6_mask: 64

install_config/group_vars/blade-01.yml

@@ -0,0 +1,11 @@
+nic_mgr:
+    name: enp6s0
+nic_data_incoming:
+    name: ens1f1
+    mac: AA:BB:CC:DD:EE:FF
+    address: 127.0.0.1
+nic_inner_ctrl:
+    name: ens1.100
+nic_traffic_mirror:
+    name: ens1f2
+    use_mrzcpd: 1

install_config/group_vars/blade-02.yml

@@ -0,0 +1,10 @@
+nic_mgr:
+    name: enp6s0
+nic_data_incoming:
+    name: ens8f1
+    mac: AA:BB:CC:DD:EE:FF
+nic_inner_ctrl:
+    name: ens8.100
+nic_traffic_mirror:
+    name: ens8f2
+    use_mrzcpd: 1

install_config/group_vars/blade-03.yml

@@ -0,0 +1,10 @@
+nic_mgr:
+    name: enp6s0
+nic_data_incoming:
+    name: ens8f1
+    mac: AA:BB:CC:DD:EE:FF
+nic_inner_ctrl:
+    name: ens8.100
+nic_traffic_mirror:
+    name: ens8f2
+    use_mrzcpd: 1

install_config/group_vars/server_as_tun_mode.yml

@@ -1,141 +0,0 @@
-#########################################
-#####0: Pcap;  1: Inline_device;  4: ATCA_Vlan_Flipping;  5:ATCA_VXLAN;
-tsg_access_type: 1
-#####0: Tun_mode;  1: normal;
-tsg_running_type: 1
-
-########################################
-#Deploy_finished_reboot
-Deploy_finished_reboot: 1
-
-########################################
-#Server Basic Config
-nic_mgr:
-  name: eth0
-
-nic_inner_ctrl:
-  name: eth0.100
-
-#########################################
-#IP Config
-maat_redis_server:
-  address: "192.168.40.168"
-  port: 7002
-  db: 0
-
-dynamic_maat_redis_server:
-  address: "192.168.40.168"
-  port: 7002
-  db: 0
-
-cert_store_server:
-  address: "192.168.100.1"
-  port: 9991
-
-log_kafkabrokers:
-  address: "1.1.1.1:9092,2.2.2.2:9092"
-
-log_minio:
-  address: "192.168.40.168;"
-  port: 9090
-
-#########################################
-#Log Level Config
-#日志等级 10:DEBUG 20:INFO 30:FATAL
-fw_ftp_log_level: 10
-fw_mail_log_level: 10
-fw_http_log_level: 10
-fw_dns_log_level: 10
-fw_quic_log_level: 10
-capture_packet_log_level: 10
-tsg_log_level: 10
-tsg_master_log_level: 10
-kni_log_level: 10
-tfe_log_level: 10
-tfe_http_log_level: 10
-pangu_log_level: 10
-doh_log_level: 10
-certstore_log_level: 10
-clotho_log_level: 10
-
-#########################################
-#Sapp Performance Config
-#如果tsg_access_type=0，sapp跑在pcap模式，则以下配置可忽略
-sapp:
-  worker_threads: 23
-  send_only_threads_max: 1
-  bind_mask: 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24
-  inbound_route_dir: 1
-
-#########################################
-#Sapp Double-Arm Config
-packet_io:
-  internal_interface: eth2
-  external_interface: eth3
-
-
-#########################################
-#Kni Config
-kni:
-  global:
-    tfe_node_count: 1
-  watch_dog:
-    switch: 1
-  maat:
-    readconf_mode: 2
-  send_logger:
-    switch: 1
-  tfe_nodes:
-    tfe0_enabled: 1
-    tfe1_enabled: 0
-    tfe2_enabled: 0
-
-#########################################
-#Tfe Config
-tfe:
-  nr_threads: 32
-  mirror_enable: 1
-
-#########################################
-#Marsio Config
-mrzcpd:
-  iocore: 39
-
-mrtunnat:
-  lcore_id: 38
-
-#########################################
-#Tsg_app
-tsg_app_enable: 1
-app_global_ip: "1.1.1.1"
-applog_level: 10
-app_master_log_level: 10
-app_sketch_local_log_level: 10
-app_control_plug_log_level: 10
-
-#########################################
-#ATCA Config
-#下列配置只在tsg_access_type=4时生效
-ATCA_data_incoming:
-  ethname: enp1s0
-  vf0_name: enp1s2
-  vf1_name: enp1s2f1
-  vf2_name: enp1s2f2
-
-ATCA_VlanFlipping:
-  vlanID_1: 100
-  vlanID_2: 101
-  vlanID_3: 103
-  vlanID_4: 104
-
-#下列配置只在tsg_access_type=5时生效
-ATCA_VXLAN:
-  keepalive_ip: "10.254.19.1"
-  keepalive_mask: "255.255.255.252"
-
-#########################################
-#Inline Device Config
-inline_device_config:
-  keepalive_ip: 192.168.1.30
-  keepalive_mask: 255.255.255.252
-  data_incoming: eth5

install_config/hosts

@@ -1,41 +1,26 @@
-###################
+[all:vars]
-#   For example   #
+ansible_user=root
-###################
+package_source=local
-#变量device_id根据设备序号设置即可
-#变量vvipv4_1、vvipv4_2、vvipv6_1、vvipv6_2为Allot相关配置，其他环境可不填或直接删除变量
-#
-#20.09版本新增APP部署
-#[app_global]
-#0.0.0.0
 
-#[server-as-tun-mode]
+[pc-as-tun-mode]
-#1.1.1.1 device_id=device_1
-#
-#[adc_mxn]
-#10.3.72.1
-#10.3.72.2
-#
-#[adc_mcn0]
-#10.3.73.1 device_id=device_1 vvipv4_1=10.3.61.1 vvipv4_2=10.3.62.1 vvipv6_1=fc00::61:1 vvipv6_2=fc00::62:1
-#10.3.73.2 device_id=device_2 vvipv4_1=10.3.61.2 vvipv4_2=10.3.62.2 vvipv6_1=fc00::61:2 vvipv6_2=fc00::62:2
-#
-#[adc_mcn1]
-#10.3.74.1 device_id=device_1
-#10.3.74.2 device_id=device_2
-#
-#[adc_mcn2]
-#10.3.75.1 device_id=device_1
-#10.3.75.2 device_id=device_2
-#
-#[adc_mcn3]
-#10.3.76.1 device_id=device_1
-#10.3.76.2 device_id=device_2
 
-[app_global]
+[blade-mxn]
-[server-as-tun-mode]
+192.168.40.170
-[adc_mxn]
-[adc_mcn0]
-[adc_mcn1]
-[adc_mcn2]
-[adc_mcn3]
 
+[blade-00]
+192.168.40.166 vvipv4_1= vvipv4_2= vvipv6_1= vvipv6_2=
+
+[blade-01]
+192.168.40.167
+
+[blade-02]
+192.168.40.168
+
+[blade-03]
+192.168.40.169
+
+[Functional_Host:children]
+blade-00
+blade-01
+blade-02
+blade-03

roles/app_global/tasks/main.yml

@@ -1,28 +0,0 @@
-- name: "copy app_global rpm to destination server"
-  copy:
-    src: "{{ role_path }}/files/"
-    dest: /tmp/ansible_deploy/
-
-- name: "install app rpms from localhost"
-  yum:
-    name:
-      - /tmp/ansible_deploy/emqx-centos7-v4.1.2.x86_64.rpm
-      - /tmp/ansible_deploy/app-sketch-global-1.0.2.20200918.c702d02-1.el7.x86_64.rpm
-    state: present
-
-- name: "template the app_sketch_global.conf"
-  template:
-    src: "{{ role_path }}/templates/app_sketch_global.conf.j2"
-    dest: /opt/tsg/app-sketch-global/conf/app_sketch_global.conf
-
-- name: "Start emqx"
-  systemd:
-    name: emqx.service
-    state: started
-    enabled: yes
-
-- name: "Start app-sketch-global"
-  systemd:
-    name: app-sketch-global.service
-    state: started
-    enabled: yes

roles/app_global/templates/app_sketch_global.conf.j2

@@ -1,36 +0,0 @@
-[SYSTEM]
-#1:print on screen, 0:don't
-DEBUG_SWITCH = 1
-#10:DEBUG, 20:INFO, 30:FATAL
-RUN_LOG_LEVEL = {{ app_sketch_global_log_level }}
-RUN_LOG_PATH = ./logs
-
-[CONFIG]
-#Number of running threads
-thread-nu = 1
-timeout = 3600
-address="tcp://127.0.0.1:1883"
-topic_name="APP_SIGNATURE_ID"
-client_name="ExampleClientSub"
-
-[maat]
-# 0:json 1: redis 2: iris
-maat_input_mode=1
-table_info=./resource/table_info.conf
-json_cfg_file=./resource/gtest.json
-stat_file=logs/verify-policy.status
-full_cfg_dir=verify-policy/
-inc_cfg_dir=verify-policy/
-
-maat_redis_server={{ maat_redis_server.address }}
-maat_redis_port_range={{ maat_redis_server.port }}
-maat_redis_db_index={{ maat_redis_server.db }}
-effect_interval_s=1
-accept_tags={"tags":[{"tag":"location","value":"Astana"}]}
-
-[stat]
-statsd_server={{ file_stat_ip }}
-statsd_port=8100
-statsd_cycle=5
-# FS_OUTPUT_STATSD=1, FS_OUTPUT_INFLUX_LINE=2
-statsd_format=2

roles/cert-redis/files/cert-redis/6379/6379.conf

@@ -160,7 +160,7 @@ loglevel notice
 # Specify the log file name. Also the empty string can be used to force
 # Redis to log on the standard output. Note that if you use standard
 # output for logging but daemonize, logs will be sent to /dev/null
-logfile "/opt/tsg/cert-redis/6379/6379.log"
+logfile "/home/tsg/cert-redis/6379/6379.log"
 
 # To enable logging to the system logger, just set 'syslog-enabled' to yes,
 # and optionally update the other syslog parameters to suit your needs.
@@ -244,7 +244,7 @@ dbfilename dump.rdb
 # The Append Only File will also be created inside this directory.
 #
 # Note that you must specify a directory here, not a file name.
-dir /opt/tsg/cert-redis/6379/
+dir /home/tsg/cert-redis/6379/
 
 ################################# REPLICATION #################################
 

roles/cert-redis/files/cert-redis/start-cert-redis

@@ -1,4 +1,4 @@
 #!/bin/bash
 #
 
-/usr/local/bin/redis-server /opt/tsg/cert-redis/6379/6379.conf
+/usr/local/bin/redis-server /home/tsg/cert-redis/6379/6379.conf

roles/cert-redis/tasks/main.yml

@@ -1,11 +1,11 @@
 - name: "copy cert-redis to destination server"
   copy:
     src: "{{ role_path }}/files/"
-    dest: /opt/tsg
+    dest: /home/tsg
     mode: 0755
 
 - name: "install cert-redis"
-  shell: cd /opt/tsg/cert-redis;sh install.sh
+  shell: cd /home/tsg/cert-redis;sh install.sh
 
 - name: "start cert-redis"
   systemd:

roles/certstore/tasks/main.yml

@@ -3,20 +3,20 @@
     src: "{{ role_path }}/files/"
     dest: "/tmp/ansible_deploy/"
 
-- name: Ensures /opt/tsg exists
+- name: Ensures /home/tsg exists
-  file: path=/opt/tsg state=directory
+  file: path=/home/tsg state=directory
   tags: mkdir
 
 - name: install certstore
   yum:
     name:
-      - /tmp/ansible_deploy/certstore-2.1.2.202009.87fcacf-1.el7.x86_64.rpm
+      - /tmp/ansible_deploy/certstore-v20.05.0f61dde-1.el7.centos.x86_64.rpm
     state: present
 
 - name: template certstore configure file
   template:
     src: "{{ role_path }}/templates/cert_store.ini.j2"
-    dest: /opt/tsg/certstore/conf/cert_store.ini
+    dest: /home/tsg/certstore/conf/cert_store.ini
 
 - name: "start certstore"
   systemd:

roles/certstore/templates/cert_store.ini.j2

@@ -2,7 +2,7 @@
 #1:print on screen, 0:don't
 DEBUG_SWITCH = 1
 #10:DEBUG, 20:INFO, 30:FATAL
-RUN_LOG_LEVEL = {{ certstore_log_level }}
+RUN_LOG_LEVEL = 10
 RUN_LOG_PATH = ./logs
 [CONFIG]
 #Number of running threads

roles/clotho/templates/clotho.conf.j2

@@ -2,6 +2,10 @@
 BROKER_LIST={{ log_kafkabrokers.address }}
 
 [SYSTEM]
+{% if tsg_running_type == 0 or 1 %}
+NIC_NAME={{ server.ethname }}
+{% else %}
 NIC_NAME={{ nic_mgr.name }}
-LOG_LEVEL={{ clotho_log_level }}
+{% endif %}
+LOG_LEVEL=10
 LOG_PATH=log/clotho

roles/firewall/tasks/main.yml

@@ -11,20 +11,21 @@
     skip_broken: yes
   vars:
     fw_packages:
-      - /tmp/ansible_deploy/capture_packet_plug-3.0.2.09f193c-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/dns-2.0.2.5effe72-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/dns-2.0.8.beb1d09-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/ftp-1.0.4.5d3a283-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/ftp-1.0.6.2710506-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/http-2.0.1.e8f12ee-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/fw_dns_plug-3.0.1.453c533-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/mail-1.0.3.cbc6034-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/fw_ftp_plug-3.0.0.7a867ea-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/ssl-1.0.0.73e5273-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/fw_http_plug-3.0.0.1ca1c65-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/tsg_conn_record-1.0.0.2155660-1.el7.centos.x86_64.rpm
-      - /tmp/ansible_deploy/fw_mail_plug-3.0.0.3b4e481-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/fw_dns_plug-debug-1.0.3.ea8e0f6-1.el7.centos.x86_64.rpm
-      - /tmp/ansible_deploy/fw_quic_plug-3.0.0.b06d39c-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/fw_ftp_plug-1.1.0.74c9a05-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/fw_ssl_plug-3.0.1.7ea9976-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/fw_ssl_plug-1.0.3.30fcf35-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/http-2.0.3.9218b4b-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/fw_mail_plug-1.1.0.a42c5a0-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/mail-1.0.7.9e3be05-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/fw_http_plug-1.2.0.a7e63c0-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/quic-1.1.9.810857d-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/capture_packet_plug-debug-1.0.0.-1.el7.x86_64.rpm
-      - /tmp/ansible_deploy/ssl-1.0.8.0068bd9-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/clotho-debug-1.0.0.-1.el7.x86_64.rpm
-      - /tmp/ansible_deploy/tsg_conn_sketch-2.0.5.63c1e51-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/quic-1.1.4.9c2e0ba-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/fw_quic_plug-1.0.1.e8cded4-2.el7.x86_64.rpm
 
 - name: "Template the tsgconf/main.conf"
   template:

roles/firewall/templates/capture_packet_plug.conf.j2

@@ -15,11 +15,15 @@ INC_CFG_DIR=capture_packet_rule/inc/index/
 FULL_CFG_DIR=capture_packet_rule/full/index/
 
 [LOG]
+{% if tsg_running_type == 0 or 1 %}
+NIC_NAME={{ server.ethname }}
+{% else %}
 NIC_NAME={{ nic_mgr.name }}
+{% endif %}
 BROKER_LIST={{ log_kafkabrokers.address }}
 FIELD_FILE=conf/capture_packet_log_field.conf
 
 [SYSTEM]
-LOG_LEVEL={{ capture_packet_log_level }}
+LOG_LEVEL=10
 LOG_PATH=./tsglog/capture_packet_plug/capture_packet
 

roles/firewall/templates/main.conf.j2

@@ -1,24 +1,20 @@
 [FTP_PLUG]
 LOG_PATH=./tsglog/fw_ftp_plug/fw_ftp_plug
-LOG_LEVEL={{ fw_ftp_log_level }}
+LOG_LEVEL=10
 TIMEOUT=600
 
 [MAIL_PLUG]
 LOG_PATH=./tsglog/fw_mail_plug/fw_mail_plug
-LOG_LEVEL={{ fw_mail_log_level }}
+LOG_LEVEL=10
 TIMEOUT=600
 
 [HTTP_PLUG]
 LOG_PATH=./tsglog/fw_http_plug/fw_http_plug
-LOG_LEVEL={{ fw_http_log_level }}
+LOG_LEVEL=10
 
 [DNS_PLUG]
 LOG_PATH=./tsglog/fw_dns_plug/fw_dns_plug
-LOG_LEVEL={{ fw_dns_log_level }}
+LOG_LEVEL=10
-
-[QUIC_PLUG]
-LOG_PATH=./tsglog/fw_quic_plug/fw_quic_plug
-LOG_LEVEL={{ fw_quic_log_level }}
 
 [MAAT]
 PROFILE=./tsgconf/maat.conf
@@ -28,28 +24,32 @@ IP_ADDR_TABLE=TSG_SECURITY_ADDR
 
 [TSG_LOG]
 MODE=1
+{% if tsg_running_type == 0 or 1 %}
+NIC_NAME={{ server.ethname }}
+{% else %}
 NIC_NAME={{ nic_mgr.name }}
+{% endif %}
 MAX_SERVICE=1
-LOG_LEVEL={{ tsg_log_level }}
+LOG_LEVEL=10
 LOG_PATH=./tsglog/tsglog
 BROKER_LIST={{ log_kafkabrokers.address }}
 COMMON_FIELD_FILE=tsgconf/tsg_log_field.conf
 
 [STATISTIC]
-CYCLE=5
+CYCLE=1
 TELEGRAF_PORT=8100
 TELEGRAF_IP=127.0.0.1
 OUTPUT_PATH=./tsg_statistic.log
 APP_NAME=statistic
 
 [FIELD_STAT]
-CYCLE=5
+CYCLE=3
-TELEGRAF_PORT=8100
+TELEGRAF_PORT=8125
 TELEGRAF_IP=127.0.0.1
 OUTPUT_PATH=./tsg_stat.log
 APP_NAME=tsg_master
 
 [SYSTEM]
-LOG_LEVEL={{ tsg_master_log_level }}
+LOG_LEVEL=10
 LOG_PATH=./tsglog/tsg_master
 POLICY_PRIORITY_LABEL=POLICY_PRIORITY

roles/framework/tasks/main.yml

@@ -11,19 +11,18 @@
   vars:
     packages:
       - /tmp/ansible_deploy/libMESA_field_stat-1.0.1.852c2df-1.el7.x86_64.rpm
-      - /tmp/ansible_deploy/libMESA_field_stat2-2.9.1.d80b5fb-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/libMESA_field_stat2-2.9.0.16ecf3b-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/libMESA_handle_logger-2.0.4.1502550-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/libMESA_handle_logger-1.0.9.304259e-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/libMESA_htable-3.10.11.6275308-1.el7.x86_64.rpm
       - /tmp/ansible_deploy/libMESA_prof_load-1.0.5.bf755de-1.el7.x86_64.rpm
       - /tmp/ansible_deploy/libWiredLB-2.0.3.c7d131b-1.el7.x86_64.rpm
       - /tmp/ansible_deploy/libcjson-1.7.8.542ad7f-1.el7.x86_64.rpm
       - /tmp/ansible_deploy/libdocumentanalyze-2.0.4.efdfc29-1.el7.x86_64.rpm
-      - /tmp/ansible_deploy/libmaatframe-3.0.7.34de556-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/libmaatframe-2.9.2.7519c63-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/librulescan-2.2.0.900d2b3-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/libwiredcfg-2.0.2.7ce1eea-1.el7.x86_64.rpm
       - /tmp/ansible_deploy/lz4-1.7.5-3.el7.x86_64.rpm
       - /tmp/ansible_deploy/librdkafka-0.11.4-1.el7.x86_64.rpm
-      - /tmp/ansible_deploy/libtsglua-1.0.7.0864e4a-2.el7.x86_64.rpm
 
 - name: "mkdir /etc/ld.so.conf.d/"
   file:

roles/kernel-ml/tasks/main.yml

@@ -7,9 +7,6 @@
 - name: "install kernels-ml"
   yum:
     name:
-      - /tmp/ansible_deploy/pkgconfig-0.27.1-4.el7.x86_64.rpm
-      - /tmp/ansible_deploy/zlib-devel-1.2.7-17.el7.x86_64.rpm
-      - /tmp/ansible_deploy/elfutils-libelf-devel-0.168-8.el7.x86_64.rpm
       - /tmp/ansible_deploy/kernel/kernel-ml-5.1.8-1.el7.elrepo.x86_64.rpm
       - /tmp/ansible_deploy/kernel/kernel-ml-devel-5.1.8-1.el7.elrepo.x86_64.rpm
       - /tmp/ansible_deploy/dkms-2.7.1-1.el7.noarch.rpm
@@ -28,18 +25,12 @@
     - tsg_access_type == 4
     - t_kernel_ml.changed
 
-- name: "BIOS:grub2-mkconfig"
+- name: "grub2-mkconfig"
   shell: grub2-mkconfig -o /boot/grub2/grub.cfg
   when:
     - tsg_access_type == 4
     - t_kernel_ml.changed
 
-- name: "UEFI:grub2-mkconfig"
+- name: "reboot"
-  shell: grub2-mkconfig  -o /boot/efi/EFI/centos/grub.cfg
+  reboot:
-  when:
+  when: t_kernel_ml.changed
-    - tsg_access_type == 4
-    - t_kernel_ml.changed
-
-#- name: "reboot"
-#  reboot:
-#  when: t_kernel_ml.changed

roles/kni/tasks/main.yml

@@ -7,7 +7,7 @@
 - name: "install kni rpms from localhost"
   yum:
     name:
-      - /tmp/ansible_deploy/kni-20.09-1.el7.x86_64.rpm
+      - /tmp/ansible_deploy/kni-20.06-1.el7.x86_64.rpm
     state: present
 
 - name: Template the kni.conf

roles/kni/templates/kni.conf.j2

@@ -1,9 +1,13 @@
 [global]
 log_path = ./log/kni/kni.log
-log_level = {{ kni_log_level }}
+log_level = {{ kni.global.log_level }}
 tfe_node_count = {{ kni.global.tfe_node_count }}
+{% if tsg_running_type == 0 or 1 %}
+manage_eth = {{ server.ethname }}
+{% else %}
 manage_eth = {{ nic_mgr.name }}
-{% if tsg_running_type != 2 %}
+{% endif %}
+{% if tsg_running_type == 0 %}
 deploy_mode = tun
 {% else %}
 deploy_mode = normal
@@ -14,7 +18,7 @@ dst_mac_addr = fe:65:b7:03:50:bd
 {% if tsg_access_type == 4 %}
 [tfe0]
 enabled = 1
-dev_eth_symbol = {{ ATCA_data_incoming.vf1_name }}
+dev_eth_symbol = {{ nic_data_incoming.vf1_name }}
 ip_addr = 192.168.100.1
 {% elif tsg_running_type == 2 %}
 [tfe0]
@@ -34,12 +38,20 @@ ip_addr = 192.168.100.4
 {% endif %}
 
 [tfe_cmsg_receiver]
+{% if tsg_running_type == 0 or 1%}
+listen_eth = {{ server.tun_name }}
+{% else %}
 listen_eth = {{ nic_inner_ctrl.name }}
+{% endif %}
 listen_port = 2475
 
 [watch_dog]
 switch = {{ kni.watch_dog.switch }}
+{% if tsg_running_type == 0 or 1 %}
+listen_eth = {{ server.tun_name }}
+{% else %}
 listen_eth = {{ nic_inner_ctrl.name }}
+{% endif %}
 listen_port = 2476
 keepalive_idle = 2
 keepalive_intvl = 1
@@ -75,61 +87,9 @@ mho_expire_time = 0
 mho_eliminate_type = LRU
 
 [field_stat]
-remote_switch = 1
+remote_switch = {{ fs_remote.switch }}
-remote_ip = 127.0.0.1
+remote_ip = {{ fs_remote.address }}
-remote_port = 8100
+remote_port = {{ fs_remote.port }}
 local_path = ./fs2_kni.status
 stat_cycle = 1
 print_mode = 1
-
-[ssl_dynamic_bypass]
-enabled = 1
-
-#kni dynamic bypass
-[traceid2sslinfo_htable]
-mho_screen_print_ctrl = 0
-mho_thread_safe = 1
-mho_mutex_num = 160
-mho_hash_slot_size = 80000
-mho_hash_max_element_num = 320000
-mho_expire_time = 300
-mho_eliminate_type = FIFO
-
-[sslinfo2bypass_htable]
-mho_screen_print_ctrl = 0
-mho_thread_safe = 1
-mho_mutex_num = 160
-mho_hash_slot_size = 640000
-mho_hash_max_element_num = 2560000
-mho_expire_time = 300
-mho_eliminate_type = FIFO
-
-[proxy_tcp_option]
-enabled = 1
-maat_table_compile = PXY_TCP_OPTION_COMPILE
-maat_table_addr = PXY_TCP_OPTION_ADDR
-maat_table_fqdn = PXY_TCP_OPTION_SERVER_FQDN
-enable_override = 0
-client_tcp_maxseg_enable = 0
-client_tcp_maxseg = 1460
-client_tcp_nodelay =  1
-client_tcp_ttl = 70
-client_tcp_keepalive_enable = 1
-client_tcp_keepalive_keepcnt = 8
-client_tcp_keepalive_keepidle = 30
-client_tcp_keepalive_keepintvl = 15
-client_tcp_user_timeout = 600
-server_tcp_maxseg_enable = 0
-server_tcp_maxseg = 1460
-server_tcp_nodelay = 1
-server_tcp_ttl = 75
-server_tcp_keepalive_enable = 1
-server_tcp_keepalive_keepcnt = 8
-server_tcp_keepalive_keepidle = 30
-server_tcp_keepalive_keepintvl = 15
-server_tcp_user_timeout = 600
-bypass_duplicated_packet = 0
-tcp_passthrough = 0
-
-[share_session_attribute]
-SESSION_ATTRIBUTE_LABEL=TSG_MASTER_INTERNAL_LABEL

roles/mrzcpd/tasks/main.yml

@@ -6,7 +6,7 @@
 
 - name: "install mrzcpd"
   yum:
-    name: /tmp/ansible_deploy/mrzcpd-4.3.25.d88306e-1.el7.x86_64.rpm
+    name: /tmp/ansible_deploy/mrzcpd-4.3.21.26314ca-1.el7.x86_64.rpm
     state: present
 
 - name: "update sysconfig/mrzcpd"
@@ -14,121 +14,85 @@
     src: "{{ role_path }}/templates/mrzcpd.j2"
     dest: /etc/sysconfig/mrzcpd
 
-- name: "update mrglobal.conf - traffic_mirror"
+- name: "update mrglobal.conf - slave blade"
   template:
-    src: "{{ role_path }}/templates/traffic_mirror/mrglobal.conf.traffic_mirror.j2"
+    src: "{{ role_path }}/templates/mrglobal.conf.traffic_mirror.j2"
     dest: /opt/mrzcpd/etc/mrglobal.conf
   when: nic_traffic_mirror is defined
 
 
-- name: "copy mrapp.sapp4.conf to destination server"
+- name: "update mrglobal.conf.tun_mode - tun_server"
   template:
-    src: "{{ role_path }}/templates/mrapp.sapp4.conf "
+    src: "{{ role_path }}/templates/mrglobal.conf.tun_mode.j2"
-    dest: /opt/mrzcpd/etc/mrapp.sapp4.conf 
+    dest: /opt/mrzcpd/etc/mrglobal.conf
   when: 
-    - tsg_access_type == 4
+    - tsg_access_type == 0
 
-- name: "update mrglobal.conf.adc_inline"
+- name: "update mrglobal.conf.inline - blade00"
   template:
-    src: "{{ role_path }}/templates/adc_inline/mrglobal.conf.adc_inline.j2"
+    src: "{{ role_path }}/templates/mrglobal.conf.inline.j2"
     dest: /opt/mrzcpd/etc/mrglobal.conf
   when: 
     - nic_traffic_mirror is not defined
     - tsg_access_type == 1
-    - tsg_running_type == 2
 
-- name: "update mrglobal.conf.server_inline"
+- name: "update mrglobal.conf.allot - blade00"
   template:
-    src: "{{ role_path }}/templates/server_inline/mrglobal.conf.server_inline.j2"
+    src: "{{ role_path }}/templates/mrglobal.conf.allot_access.j2"
-    dest: /opt/mrzcpd/etc/mrglobal.conf
-  when: 
-    - nic_traffic_mirror is not defined
-    - tsg_access_type == 1
-    - tsg_running_type != 2
-
-- name: "update mrglobal.conf.allot - mcn0"
-  template:
-    src: "{{ role_path }}/templates/allot_access/mrglobal.conf.allot_access.j2"
     dest: /opt/mrzcpd/etc/mrglobal.conf
   when: 
     - nic_traffic_mirror is not defined
     - tsg_access_type == 2
 
-- name: "update mrglobal.conf.adc_tun_mode - mcn0"
+- name: "update mrglobal.conf.allot - blade00"
   template:
-    src: "{{ role_path }}/templates/adc_tun_mode/mrglobal.conf.adc_tun_mode.j2"
+    src: "{{ role_path }}/templates/mrglobal.conf.adc_tun_mode.j2"
     dest: /opt/mrzcpd/etc/mrglobal.conf
   when: 
     - nic_traffic_mirror is not defined
     - tsg_access_type == 3
 
 
-- name: "update mrglobal.conf.ATCA_Vlan_Flipping"
+- name: "update mrglobal.conf.ATCA_40G - blade00"
   template:
-    src: "{{ role_path }}/templates/ATCA_Vlan_Flipping/mrglobal.conf.ATCA_Vlan_Flipping.j2"
+    src: "{{ role_path }}/templates/mrglobal.conf.ATCA_40G.j2"
     dest: /opt/mrzcpd/etc/mrglobal.conf
   when: 
     - nic_traffic_mirror is not defined
-    - tsg_access_type == 4
+    - tsg_access_type == 4   
 
-- name: "update mrglobal.conf.ATCA_VXLAN"
+- name: "update mrtunnat.conf.inline - blade00"
   template:
-    src: "{{ role_path }}/templates/ATCA_VXLAN/mrglobal.conf.ATCA_VXLAN.j2"
+    src: "{{ role_path }}/templates/mrtunnat.conf.inline.j2"
-    dest: /opt/mrzcpd/etc/mrglobal.conf
-  when:
-    - nic_traffic_mirror is not defined
-    - tsg_access_type == 5
-
-- name: "update mrtunnat.conf.adc_inline"
-  template:
-    src: "{{ role_path }}/templates/adc_inline/mrtunnat.conf.adc_inline.j2"
     dest: /opt/mrzcpd/etc/mrtunnat.conf
   when: 
     - nic_traffic_mirror is not defined
     - tsg_access_type == 1
-    - tsg_running_type == 2 
 
-- name: "update mrtunnat.conf.server_inline"
+- name: "update mrtunnat.conf.allot_access - blade00"
   template:
-    src: "{{ role_path }}/templates/server_inline/mrtunnat.conf.server_inline.j2"
+    src: "{{ role_path }}/templates/mrtunnat.conf.allot_access.j2"
-    dest: /opt/mrzcpd/etc/mrtunnat.conf
-  when: 
-    - nic_traffic_mirror is not defined
-    - tsg_access_type == 1
-    - tsg_running_type != 2 
-
-- name: "update mrtunnat.conf.allot_access - mcn0"
-  template:
-    src: "{{ role_path }}/templates/allot_access/mrtunnat.conf.allot_access.j2"
     dest: /opt/mrzcpd/etc/mrtunnat.conf
   when: 
     - nic_traffic_mirror is not defined
     - tsg_access_type == 2
 
-- name: "update mrtunnat.conf.adc_tun_mode - mcn0"
+- name: "update mrtunnat.conf.allot_access - blade00"
   template:
-    src: "{{ role_path }}/templates/adc_tun_mode/mrtunnat.conf.adc_tun_mode.j2"
+    src: "{{ role_path }}/templates/mrtunnat.conf.adc_tun_mode.j2"
     dest: /opt/mrzcpd/etc/mrtunnat.conf
   when: 
     - nic_traffic_mirror is not defined
     - tsg_access_type == 3
 
-- name: "update mrtunnat.conf.ATCA_Vlan_Flipping"
+- name: "update mrtunnat.conf.ATCA_40G - blade00"
   template:
-    src: "{{ role_path }}/templates/ATCA_Vlan_Flipping/mrtunnat.conf.ATCA_Vlan_Flipping.j2"
+    src: "{{ role_path }}/templates/mrtunnat.conf.ATCA_40G.j2"
     dest: /opt/mrzcpd/etc/mrtunnat.conf
   when: 
     - nic_traffic_mirror is not defined
     - tsg_access_type == 4
 
-- name: "update mrtunnat.conf.ATCA_VXLAN"
-  template:
-    src: "{{ role_path }}/templates/ATCA_VXLAN/mrtunnat.conf.ATCA_VXLAN.j2"
-    dest: /opt/mrzcpd/etc/mrtunnat.conf
-  when:
-    - nic_traffic_mirror is not defined
-    - tsg_access_type == 5
-
 - name: "enable mrenv"
   systemd:
     name: mrenv
@@ -160,20 +124,3 @@
     enabled: no
     daemon_reload: yes
   when: nic_traffic_mirror is defined
-
-
-- name: "mask mrzcpd on server_tun_mode"
-  systemd:
-    name: mrzcpd
-    enabled: no
-    masked: yes
-  when: 
-    - tsg_access_type == 0
-
-- name: "mask mrtunnat on server_tun_mode"
-  systemd:
-    name: mrtunnat
-    enabled: no
-    masked: yes
-  when: 
-    - tsg_access_type == 0

roles/mrzcpd/templates/ATCA_VXLAN/mrglobal.conf.ATCA_VXLAN.j2

@@ -1,57 +0,0 @@
-[device]
-device={{ATCA_data_incoming.vf0_name}},{{ ATCA_data_incoming.vf1_name }},vxlan_user,vxlan_fwd
-sz_tunnel=8192
-sz_buffer=32
-
-[device:{{ATCA_data_incoming.vf0_name}}]
-mtu=4096
-clear_tx_flags=1
-hw_strip_crc=1
-in_addr={{ ATCA_VXLAN.keepalive_ip }}
-in_mask={{ ATCA_VXLAN.keepalive_mask }}
-#rssmode=3
-
-[device:{{ ATCA_data_incoming.vf1_name }}]
-mtu=4096
-clear_tx_flags=1
-vlan-filter=1
-vlan-strip=1
-vlan-id-allow=4095
-vlan-pvid=0
-vlan-pvid-mode=2
-hw_strip_crc=1
-sz_tunnel=8192
-sz_buffer=0
-
-[service]
-# lcore id for i/o service, use comma to split
-iocore={{ mrzcpd.iocore }}
-distmode=1
-hashmode=0
-idle_threshold=10000
-
-[eal]
-virtaddr=0x7f40c4a00000
-loglevel=7
-
-[keepalive]
-check_spinlock=0
-
-[ctrlzone]
-ctrlzone0=tunnat,64
-
-[pool]
-create_mode=3
-sz_direct_pktmbuf=4194304
-sz_indirect_pktmbuf=8192
-sz_cache=256
-sz_data=4096
-
-[forward]
-nr_forward_rule=6
-forward_rule_0=pv,{{ATCA_data_incoming.vf0_name}},{{ATCA_data_incoming.vf0_name}}
-forward_rule_1=vp,{{ATCA_data_incoming.vf0_name}},{{ATCA_data_incoming.vf0_name}}
-forward_rule_2=vv,vxlan_fwd,vxlan_user
-forward_rule_3=vv,vxlan_user,vxlan_fwd
-forward_rule_4=pv,{{ ATCA_data_incoming.vf1_name }},{{ ATCA_data_incoming.vf1_name }}
-forward_rule_5=vp,{{ ATCA_data_incoming.vf1_name }},{{ ATCA_data_incoming.vf1_name }}

roles/mrzcpd/templates/ATCA_VXLAN/mrtunnat.conf.ATCA_VXLAN.j2

@@ -1,20 +0,0 @@
-[tunnat]
-lcore_id={{ mrtunnat.lcore_id }}
-appsym=tunnat
-phydev={{ATCA_data_incoming.vf0_name}}
-virtdev=vxlan_fwd
-nr_max_sessions=524280
-nr_slots=1048576
-expire_time=60
-reverse_tunnel=0
-use_recent_tunnel=0
-use_link_info_table=1
-use_tuple4_as_sskey=0
-ctrlzone_addr_info_type=2
-idle_threshold=10000
-
-[vlan_flipping]
-enable=0
-c_router_vlan_id_0=1000
-i_router_vlan_id_0=1001
-en_mac_flipping_0=0

roles/mrzcpd/templates/ATCA_Vlan_Flipping/mrglobal.conf.ATCA_Vlan_Flipping.j2

@@ -1,60 +0,0 @@
-[device]
-device={{ATCA_data_incoming.vf0_name}},{{ ATCA_data_incoming.vf1_name }},vxlan_user,vxlan_fwd
-sz_tunnel=8192
-sz_buffer=32
-
-[device:{{ATCA_data_incoming.vf0_name}}]
-mtu=4096
-clear_tx_flags=1
-vlan-filter=1
-vlan-strip=1
-vlan-id-allow={{ ATCA_VlanFlipping.vlanID_1 }},{{ ATCA_VlanFlipping.vlanID_2 }},{{ ATCA_VlanFlipping.vlanID_3 }},{{ ATCA_VlanFlipping.vlanID_4 }}
-vlan-pvid=0
-vlan-pvid-mode=2
-hw_strip_crc=1
-#rssmode=3
-
-[device:{{ ATCA_data_incoming.vf1_name }}]
-mtu=4096
-clear_tx_flags=1
-vlan-filter=1
-vlan-strip=1
-vlan-id-allow=4095
-vlan-pvid=0
-vlan-pvid-mode=2
-hw_strip_crc=1
-sz_tunnel=8192
-sz_buffer=0
-
-[service]
-# lcore id for i/o service, use comma to split
-iocore={{ mrzcpd.iocore }}
-distmode=1
-hashmode=0
-idle_threshold=10000
-
-[eal]
-virtaddr=0x7f40c4a00000
-loglevel=7
-
-[keepalive]
-check_spinlock=0
-
-[ctrlzone]
-ctrlzone0=tunnat,64
-
-[pool]
-create_mode=3
-sz_direct_pktmbuf=4194304
-sz_indirect_pktmbuf=8192
-sz_cache=256
-sz_data=4096
-
-[forward]
-nr_forward_rule=6
-forward_rule_0=pv,{{ATCA_data_incoming.vf0_name}},{{ATCA_data_incoming.vf0_name}}
-forward_rule_1=vp,{{ATCA_data_incoming.vf0_name}},{{ATCA_data_incoming.vf0_name}}
-forward_rule_2=vv,vxlan_fwd,vxlan_user
-forward_rule_3=vv,vxlan_user,vxlan_fwd
-forward_rule_4=pv,{{ ATCA_data_incoming.vf1_name }},{{ ATCA_data_incoming.vf1_name }}
-forward_rule_5=vp,{{ ATCA_data_incoming.vf1_name }},{{ ATCA_data_incoming.vf1_name }}

roles/mrzcpd/templates/adc_inline/mrtunnat.conf.adc_inline.j2

@@ -1,21 +0,0 @@
-[tunnat]
-lcore_id={{ mrtunnat.lcore_id }}
-appsym=tunnat
-phydev={{nic_data_incoming.name}}
-virtdev=vxlan_fwd
-nr_max_sessions=524280
-nr_slots=1048576
-expire_time=60
-reverse_tunnel=0
-use_recent_tunnel=0
-use_tuple4_as_sskey=1
-ctrlzone_addr_info_type=2
-
-[vlan_flipping]
-enable=1
-c_router_vlan_id_0=1000
-i_router_vlan_id_0=1001
-en_mac_flipping_0=0
-c_router_vlan_id_1=4000
-i_router_vlan_id_1=4001
-en_mac_flipping_1=0

roles/mrzcpd/templates/mrapp.sapp4.conf

@@ -1,2 +0,0 @@
-[bpfdump:vxlan_user]
-enable=1

roles/mrzcpd/templates/mrglobal.conf.ATCA_40G.j2

@@ -0,0 +1,56 @@
+[device]
+device={{nic_data_incoming.vf0_name}},{{ nic_data_incoming.vf1_name }},vxlan_user,vxlan_fwd
+sz_tunnel=8192
+sz_buffer=0
+
+[device:{{nic_data_incoming.vf0_name}}]
+mtu=4096
+clear_tx_flags=1
+vlan-filter=1
+vlan-strip=1
+vlan-id-allow={{ VlanFlipping.vlanID_1 }},{{ VlanFlipping.vlanID_2 }},{{ VlanFlipping.vlanID_3 }},{{ VlanFlipping.vlanID_4 }}
+vlan-pvid=0
+vlan-pvid-mode=2
+hw_strip_crc=1
+
+[device:{{ nic_data_incoming.vf1_name }}]
+mtu=4096
+clear_tx_flags=1
+vlan-filter=1
+vlan-strip=1
+vlan-id-allow=4095
+vlan-pvid=0
+vlan-pvid-mode=2
+hw_strip_crc=1
+
+[service]
+# lcore id for i/o service, use comma to split
+iocore={{ mrzcpd.iocore }}
+distmode=2
+hashmode=0
+
+[eal]
+virtaddr=0x7f40c4a00000
+loglevel=7
+
+[keepalive]
+check_spinlock=0
+
+[ctrlzone]
+ctrlzone0=tunnat,64
+
+[pool]
+create_mode=3
+sz_direct_pktmbuf=4194304
+sz_indirect_pktmbuf=8192
+sz_cache=256
+sz_data=4096
+
+[forward]
+nr_forward_rule=6
+forward_rule_0=pv,{{nic_data_incoming.vf0_name}},{{nic_data_incoming.vf0_name}}
+forward_rule_1=vp,{{nic_data_incoming.vf0_name}},{{nic_data_incoming.vf0_name}}
+forward_rule_2=vv,vxlan_fwd,vxlan_user
+forward_rule_3=vv,vxlan_user,vxlan_fwd
+forward_rule_4=pv,{{ nic_data_incoming.vf1_name }},{{ nic_data_incoming.vf1_name }}
+forward_rule_5=vp,{{ nic_data_incoming.vf1_name }},{{ nic_data_incoming.vf1_name }}

roles/mrzcpd/templates/mrglobal.conf.adc_tun_mode.j2

@@ -9,9 +9,8 @@ max_rx_pkt_len=15360
 clear_tx_flags=1
 vlan-filter=1
 vlan-id-allow=1000,1001,2000,2001,4000,4001
-vlan-pvid=0
+#vlan-pvid=0
-vlan-pvid-mode=2
+#vlan-pvid-mode=0
-promisc=1
 
 [device:{{nic_to_tfe.tfe0.name}}]
 jumbo_frame=1

roles/mrzcpd/templates/mrglobal.conf.allot_access.j2

@@ -8,10 +8,9 @@ jumbo_frame=1
 max_rx_pkt_len=15360
 clear_tx_flags=1
 vlan-filter=1
-vlan-id-allow={{ AllotAccess.virturlID_1 }},{{ AllotAccess.virturlID_2 }},4000,4001,1000,1001
+vlan-id-allow={{ AllotAccess.virturlID_1 }},{{ AllotAccess.virturlID_2 }}
 vlan-pvid=0
 vlan-pvid-mode=2
-promisc=1
 
 [device:ens1f5]
 jumbo_frame=1

roles/mrzcpd/templates/mrglobal.conf.inline.j2

@@ -4,13 +4,16 @@ sz_tunnel=8192
 sz_buffer=0
 
 [device:{{nic_data_incoming.name}}]
-in_addr={{inline_device_config.keepalive_ip}}
+in_addr={{nic_data_incoming.ip}}
-in_mask={{inline_device_config.keepalive_mask}}
+in_mask={{nic_data_incoming.mask}}
+gateway={{nic_data_incoming.gw}}
 jumbo_frame=1
 max_rx_pkt_len=15360
 clear_tx_flags=1
-vlan-filter=1
+#vlan-filter=1
-vlan-id-allow=1000,1001,4000,4001
+#vlan-id-allow=1301,1302,2301,2302,1501,1502,2501,2502,1601,1602,2601,2602,1701,1702,2701,2702,1801,1802,2801,2802,1901,1902,2901,2902
+#vlan-pvid=0
+#vlan-pvid-mode=0
 
 [device:{{nic_to_tfe.tfe0.name}}]
 jumbo_frame=1

roles/mrzcpd/templates/mrglobal.conf.traffic_mirror.j2

@@ -1,5 +1,5 @@
 [device]
-device={{nic_traffic_mirror.name}}
+device=fake
 sz_tunnel=8192
 sz_buffer=0
 

roles/mrzcpd/templates/mrglobal.conf.tun_mode.j2

@@ -0,0 +1,28 @@
+[device]
+device=fake
+sz_tunnel=8192
+sz_buffer=0
+
+[device:lo]
+jumbo_frame=1
+max_rx_pkt_len=15360
+clear_tx_flags=1
+promisc=1
+
+[service]
+iocore={{ mrzcpd.iocore }}
+
+[eal]
+virtaddr=0x7d0000000000
+loglevel=7
+
+[keepalive]
+check_spinlock=1
+
+[pool]
+create_mode=3
+sz_direct_pktmbuf=4194304
+sz_indirect_pktmbuf=8192
+sz_cache=256
+sz_data=4096
+

roles/mrzcpd/templates/mrtunnat.conf.ATCA_40G.j2

@@ -1,7 +1,7 @@
 [tunnat]
 lcore_id={{ mrtunnat.lcore_id }}
 appsym=tunnat
-phydev={{ATCA_data_incoming.vf0_name}}
+phydev={{nic_data_incoming.vf0_name}}
 virtdev=vxlan_fwd
 nr_max_sessions=524280
 nr_slots=1048576
@@ -11,13 +11,13 @@ use_recent_tunnel=0
 use_link_info_table=1
 use_tuple4_as_sskey=0
 ctrlzone_addr_info_type=2
-idle_threshold=10000
 
 [vlan_flipping]
 enable=1
-c_router_vlan_id_0={{ ATCA_VlanFlipping.vlanID_1 }}
+c_router_vlan_id_0={{ VlanFlipping.vlanID_1 }}
-i_router_vlan_id_0={{ ATCA_VlanFlipping.vlanID_2 }}
+i_router_vlan_id_0={{ VlanFlipping.vlanID_2 }}
 en_mac_flipping_0=0
-c_router_vlan_id_1={{ ATCA_VlanFlipping.vlanID_3 }}
+en_mac_flipping_0=0
-i_router_vlan_id_1={{ ATCA_VlanFlipping.vlanID_4 }}
+c_router_vlan_id_1={{ VlanFlipping.vlanID_3 }}
+i_router_vlan_id_1={{ VlanFlipping.vlanID_4 }}
 en_mac_flipping_1=0

roles/mrzcpd/templates/mrtunnat.conf.adc_tun_mode.j2

@@ -13,12 +13,12 @@ ctrlzone_addr_info_type=2
 
 [vlan_flipping]
 enable=1
-c_router_vlan_id_0=1000
+c_router_vlan_id_0=4000
-i_router_vlan_id_0=1001
+i_router_vlan_id_0=4001
 en_mac_flipping_0=0
-c_router_vlan_id_1=2000
+c_router_vlan_id_1=1000
-i_router_vlan_id_1=2001
+i_router_vlan_id_1=1001
 en_mac_flipping_1=0
-c_router_vlan_id_2=4000
+c_router_vlan_id_2=2000
-i_router_vlan_id_2=4001
+i_router_vlan_id_2=2001
 en_mac_flipping_2=0

roles/mrzcpd/templates/mrtunnat.conf.allot_access.j2

@@ -16,10 +16,4 @@ enable=1
 c_router_vlan_id_0={{ AllotAccess.virturlID_1 }}
 i_router_vlan_id_0={{ AllotAccess.virturlID_2 }}
 en_mac_flipping_0=1
-c_router_vlan_id_1=1000
-i_router_vlan_id_1=1001
-en_mac_flipping_1=0
-c_router_vlan_id_2=4000
-i_router_vlan_id_2=4001
-en_mac_flipping_2=0
 

roles/mrzcpd/templates/mrtunnat.conf.inline.j2

@@ -0,0 +1,31 @@
+[tunnat]
+lcore_id={{ mrtunnat.lcore_id }}
+appsym=tunnat
+phydev={{nic_data_incoming.name}}
+virtdev=vxlan_fwd
+nr_max_sessions=524280
+nr_slots=1048576
+expire_time=60
+reverse_tunnel=0
+use_recent_tunnel=0
+use_tuple4_as_sskey=1
+ctrlzone_addr_info_type=2
+
+[vlan_flipping]
+enable=1
+c_router_vlan_id_0=3811
+i_router_vlan_id_0=3812
+c_router_vlan_id_1=3813
+i_router_vlan_id_1=3814
+c_router_vlan_id_2=3821
+i_router_vlan_id_2=3822
+c_router_vlan_id_3=3823
+i_router_vlan_id_3=3824
+c_router_vlan_id_4=3831
+i_router_vlan_id_4=3832
+c_router_vlan_id_5=3833
+i_router_vlan_id_5=3834
+c_router_vlan_id_6=3841
+i_router_vlan_id_6=3842
+c_router_vlan_id_7=3843
+i_router_vlan_id_7=3844

roles/mrzcpd/templates/server_inline/mrglobal.conf.server_inline.j2

@@ -1,47 +0,0 @@
-[device]
-device={{inline_device_config.data_incoming}},vxlan_user,vxlan_fwd
-sz_tunnel=8192
-sz_buffer=0
-
-[device:{{inline_device_config.data_incoming}}]
-in_addr={{inline_device_config.keepalive_ip}}
-in_mask={{inline_device_config.keepalive_mask}}
-jumbo_frame=1
-max_rx_pkt_len=15360
-clear_tx_flags=1
-
-#[device:]
-#jumbo_frame=1
-#max_rx_pkt_len=15360
-#clear_tx_flags=1
-#promisc=1
-
-[service]
-# lcore id for i/o service, use comma to split
-iocore={{ mrzcpd.iocore }}
-distmode=2
-hashmode=0
-
-[eal]
-virtaddr=0x7f40c4a00000
-loglevel=7
-
-[keepalive]
-check_spinlock=0
-
-[ctrlzone]
-ctrlzone0=tunnat,64
-
-[pool]
-create_mode=3
-sz_direct_pktmbuf=4194304
-sz_indirect_pktmbuf=8192
-sz_cache=256
-sz_data=4096
-
-[forward]
-nr_forward_rule=4
-forward_rule_0=pv,{{inline_device_config.data_incoming}},{{inline_device_config.data_incoming}}
-forward_rule_1=vp,{{inline_device_config.data_incoming}},{{inline_device_config.data_incoming}}
-forward_rule_2=vv,vxlan_fwd,vxlan_user
-forward_rule_3=vv,vxlan_user,vxlan_fwd

roles/mrzcpd/templates/server_inline/mrtunnat.conf.server_inline.j2

@@ -1,18 +0,0 @@
-[tunnat]
-lcore_id={{ mrtunnat.lcore_id }}
-appsym=tunnat
-phydev={{inline_device_config.data_incoming}}
-virtdev=vxlan_fwd
-nr_max_sessions=524280
-nr_slots=1048576
-expire_time=60
-reverse_tunnel=0
-use_recent_tunnel=0
-use_tuple4_as_sskey=1
-ctrlzone_addr_info_type=2
-
-[vlan_flipping]
-enable=0
-c_router_vlan_id_0=1000
-i_router_vlan_id_0=1001
-en_mac_flipping_0=0

roles/package-build/tasks/DockerEnvDownload.yml

@@ -0,0 +1,6 @@
+---
+- name: 'Unarchive docker env rpm file from remote host'
+  unarchive:
+    src: "{{ tsgDiagnoseDockerFile.unarchiveUrl }}"
+    dest: "{{ tsgDiagnoseDockerFile.unarchiveDest }}"
+    remote_src: yes