update

deploy.yml

@@ -1,15 +1,3 @@
-- hosts:
-    - adc_mcn0
-    - adc_mcn1
-    - adc_mcn2
-    - adc_mcn3
-  remote_user: root
-  vars_files:
-    - install_config/group_vars/adc_global.yml
-  roles:
-    - framework
-    - kernel-ml
-
 - hosts: adc_mxn
   remote_user: root
   roles:
@@ -22,18 +10,19 @@
     - install_config/group_vars/adc_mcn0.yml
   roles:
 #    - tsg-env-mcn0
+    - framework
+    - kernel-ml
     - mrzcpd
     - sapp
     - tsg_master
     - kni
     - firewall
-    - tsg_app
     - http_healthcheck
     - clotho
     - certstore
     - cert-redis
     - telegraf_statistic
-#    - tsg_device_tag
+    - tsg_device_tag
 
 - hosts: adc_mcn1
   remote_user: root
@@ -42,6 +31,8 @@
     - install_config/group_vars/adc_mcn1.yml
   roles:
 #    - tsg-env-mcn1
+    - framework
+    - kernel-ml
     - mrzcpd
     - tfe
 
@@ -52,6 +43,8 @@
     - install_config/group_vars/adc_mcn2.yml
   roles:
 #    - tsg-env-mcn2
+    - framework
+    - kernel-ml
     - mrzcpd
     - tfe
 
@@ -62,38 +55,11 @@
     - install_config/group_vars/adc_mcn3.yml
   roles:
 #    - tsg-env-mcn3
+    - framework
+    - kernel-ml
     - mrzcpd
     - tfe
 
-- hosts: adc_mcn0
-  remote_user: root
-  roles:
-    - tsg-diagnose
-
-- hosts: 
-    - adc_mcn1
-    - adc_mcn2
-    - adc_mcn3
-  remote_user: root
-  roles:
-    - tsg-diagnose_sync_ca
-    
-- hosts: adc_mcn0
-  remote_user: root
-  roles:
-    - tsg-diagnose_stop_sync
-
-- hosts:
-    - adc_mcn0
-    - adc_mcn1
-    - adc_mcn2
-    - adc_mcn3
-  remote_user: root
-  vars_files:
-    - install_config/group_vars/adc_global.yml
-  roles:
-    - reboot
-
 - hosts: server-as-tun-mode
   remote_user: root
   vars_files:
@@ -107,7 +73,6 @@
     - tsg_master
     - kni
     - firewall
-    - tsg_app
     - http_healthcheck
     - clotho
     - certstore
@@ -115,12 +80,4 @@
     - tfe
     - telegraf_statistic
     - proxy_status
-#    - tsg_device_tag
-    - reboot
-
-- hosts: app_global
-  remote_user: root
-  vars_files:
-    - install_config/group_vars/app_global.yml
-  roles:
-    - app_global
+    - tsg_device_tag

install_config/group_vars/adc_global.yml

@@ -4,10 +4,6 @@ tsg_access_type: 3
 #####2: ADC;
 tsg_running_type: 2
 
-########################################
-#Deploy_finished_reboot
-Deploy_finished_reboot: 1
-
 ########################################
 #IP Config
 maat_redis_server:
@@ -34,29 +30,29 @@ log_minio:
 #########################################
 #Log Level Config
 #日志等级 10:DEBUG 20:INFO 30:FATAL
-fw_ftp_log_level: 10
-fw_mail_log_level: 10
-fw_http_log_level: 10
-fw_dns_log_level: 10
-fw_quic_log_level: 10
-capture_packet_log_level: 10
-tsg_log_level: 10
-tsg_master_log_level: 10
-kni_log_level: 10
-tfe_log_level: 10
-tfe_http_log_level: 10
-pangu_log_level: 10
-doh_log_level: 10
-certstore_log_level: 10
+fw_ftp_log_level: 30
+fw_mail_log_level: 30
+fw_http_log_level: 30
+fw_dns_log_level: 30
+fw_quic_log_level: 30
+capture_packet_log_level: 30
+tsg_log_level: 30
+tsg_master_log_level: 30
+kni_log_level: 30
+tfe_log_level: 30
+tfe_http_log_level: 30
+pangu_log_level: 30
+doh_log_level: 30
+certstore_log_level: 30
 clotho_log_level: 10
 
 #######################################
 #Sapp Performance Config
 #Sapp工作在ADC计算板0时，建议使用如下30+8的配置，以保证更高的处理性能
 sapp:
-  worker_threads: 37
-  send_only_threads_max: 1
-  bind_mask: 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38
+  worker_threads: 30
+  send_only_threads_max: 8
+  bind_mask: 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37
   inbound_route_dir: 1
 
 ########################################
@@ -79,22 +75,15 @@ kni:
 #Tfe Config
 tfe:
   nr_threads: 32
-  mirror_enable: 1
+  mc_cache_eth: lo 
+  keykeeper:
+    no_cache: 0
 
 ########################################
 #Marsio Config
 #marsio工作在ADC计算板时，建议使用如下配置，以保证更高的处理性能
 mrzcpd:
-  iocore: 52,53,54,55
+  iocore: 44,45,46,47
 
 mrtunnat:
-  lcore_id: 48,49,50,51 
-
-#########################################
-#Tsg_app
-tsg_app_enable: 0
-app_global_ip: "1.1.1.1"
-applog_level: 10
-app_master_log_level: 10
-app_sketch_local_log_level: 10
-app_control_plug_log_level: 10
+  lcore_id: 40,41,42,43

install_config/group_vars/adc_mcn0.yml

@@ -1,7 +1,7 @@
 #########################################
 #Mcn0管理口网卡名
 nic_mgr:
-  name: ens1f3
+  name: enp6s0
 
 #########################################
 #Mcn0流量接入网卡，固定配置

install_config/group_vars/adc_mcn1.yml

@@ -1,7 +1,7 @@
 #########################################
 #Mcn1管理口网卡名
 nic_mgr:
-  name: ens1f3
+  name: enp6s0
 
 #########################################
 #Mcn1流量接入网卡，固定配置

install_config/group_vars/adc_mcn2.yml

@@ -1,7 +1,7 @@
 #########################################
 #Mcn2管理口网卡名
 nic_mgr:
-  name: ens8f3
+  name: enp6s0
 
 #########################################
 #Mcn2流量接入网卡，固定配置

install_config/group_vars/adc_mcn3.yml

@@ -1,7 +1,7 @@
 #########################################
 #Mcn3管理口网卡名
 nic_mgr:
-  name: ens8f3
+  name: enp6s0
 
 #########################################
 #Mcn3流量接入网卡，固定配置

install_config/group_vars/app_global.yml

@@ -1,10 +0,0 @@
-#########################################
-app_sketch_global_log_level: 10
-
-maat_redis_server:
-  address: "192.168.40.168"
-  port: 7002
-  db: 0
-
-file_stat_ip: "1.1.1.1"
-  

install_config/group_vars/server_as_tun_mode.yml

@@ -4,10 +4,6 @@ tsg_access_type: 1
 #####0: Tun_mode;  1: normal;
 tsg_running_type: 1
 
-########################################
-#Deploy_finished_reboot
-Deploy_finished_reboot: 1
-
 ########################################
 #Server Basic Config
 nic_mgr:
@@ -62,9 +58,9 @@ clotho_log_level: 10
 #Sapp Performance Config
 #如果tsg_access_type=0，sapp跑在pcap模式，则以下配置可忽略
 sapp:
-  worker_threads: 23
-  send_only_threads_max: 1
-  bind_mask: 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24
+  worker_threads: 16
+  send_only_threads_max: 8
+  bind_mask: 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23
   inbound_route_dir: 1
 
 #########################################
@@ -94,7 +90,9 @@ kni:
 #Tfe Config
 tfe:
   nr_threads: 32
-  mirror_enable: 1
+  mc_cache_eth: lo 
+  keykeeper:
+    no_cache: 0
 
 #########################################
 #Marsio Config
@@ -104,15 +102,6 @@ mrzcpd:
 mrtunnat:
   lcore_id: 38
 
-#########################################
-#Tsg_app
-tsg_app_enable: 1
-app_global_ip: "1.1.1.1"
-applog_level: 10
-app_master_log_level: 10
-app_sketch_local_log_level: 10
-app_control_plug_log_level: 10
-
 #########################################
 #ATCA Config
 #下列配置只在tsg_access_type=4时生效

install_config/hosts

@@ -4,10 +4,6 @@
 #变量device_id根据设备序号设置即可
 #变量vvipv4_1、vvipv4_2、vvipv6_1、vvipv6_2为Allot相关配置，其他环境可不填或直接删除变量
 #
-#20.09版本新增APP部署
-#[app_global]
-#0.0.0.0
-
 #[server-as-tun-mode]
 #1.1.1.1 device_id=device_1
 #
@@ -31,7 +27,6 @@
 #10.3.76.1 device_id=device_1
 #10.3.76.2 device_id=device_2
 
-[app_global]
 [server-as-tun-mode]
 [adc_mxn]
 [adc_mcn0]

roles/app_global/tasks/main.yml

@@ -1,28 +0,0 @@
-- name: "copy app_global rpm to destination server"
-  copy:
-    src: "{{ role_path }}/files/"
-    dest: /tmp/ansible_deploy/
-
-- name: "install app rpms from localhost"
-  yum:
-    name:
-      - /tmp/ansible_deploy/emqx-centos7-v4.1.2.x86_64.rpm
-      - /tmp/ansible_deploy/app-sketch-global-1.0.2.20200918.c702d02-1.el7.x86_64.rpm
-    state: present
-
-- name: "template the app_sketch_global.conf"
-  template:
-    src: "{{ role_path }}/templates/app_sketch_global.conf.j2"
-    dest: /opt/tsg/app-sketch-global/conf/app_sketch_global.conf
-
-- name: "Start emqx"
-  systemd:
-    name: emqx.service
-    state: started
-    enabled: yes
-
-- name: "Start app-sketch-global"
-  systemd:
-    name: app-sketch-global.service
-    state: started
-    enabled: yes

roles/app_global/templates/app_sketch_global.conf.j2

@@ -1,36 +0,0 @@
-[SYSTEM]
-#1:print on screen, 0:don't
-DEBUG_SWITCH = 1
-#10:DEBUG, 20:INFO, 30:FATAL
-RUN_LOG_LEVEL = {{ app_sketch_global_log_level }}
-RUN_LOG_PATH = ./logs
-
-[CONFIG]
-#Number of running threads
-thread-nu = 1
-timeout = 3600
-address="tcp://127.0.0.1:1883"
-topic_name="APP_SIGNATURE_ID"
-client_name="ExampleClientSub"
-
-[maat]
-# 0:json 1: redis 2: iris
-maat_input_mode=1
-table_info=./resource/table_info.conf
-json_cfg_file=./resource/gtest.json
-stat_file=logs/verify-policy.status
-full_cfg_dir=verify-policy/
-inc_cfg_dir=verify-policy/
-
-maat_redis_server={{ maat_redis_server.address }}
-maat_redis_port_range={{ maat_redis_server.port }}
-maat_redis_db_index={{ maat_redis_server.db }}
-effect_interval_s=1
-accept_tags={"tags":[{"tag":"location","value":"Astana"}]}
-
-[stat]
-statsd_server={{ file_stat_ip }}
-statsd_port=8100
-statsd_cycle=5
-# FS_OUTPUT_STATSD=1, FS_OUTPUT_INFLUX_LINE=2
-statsd_format=2

roles/cert-redis/files/cert-redis/6379/6379.conf

@@ -160,7 +160,7 @@ loglevel notice
 # Specify the log file name. Also the empty string can be used to force
 # Redis to log on the standard output. Note that if you use standard
 # output for logging but daemonize, logs will be sent to /dev/null
-logfile "/opt/tsg/cert-redis/6379/6379.log"
+logfile "/home/tsg/cert-redis/6379/6379.log"
 
 # To enable logging to the system logger, just set 'syslog-enabled' to yes,
 # and optionally update the other syslog parameters to suit your needs.
@@ -244,7 +244,7 @@ dbfilename dump.rdb
 # The Append Only File will also be created inside this directory.
 #
 # Note that you must specify a directory here, not a file name.
-dir /opt/tsg/cert-redis/6379/
+dir /home/tsg/cert-redis/6379/
 
 ################################# REPLICATION #################################
 

roles/cert-redis/files/cert-redis/start-cert-redis

@@ -1,4 +1,4 @@
 #!/bin/bash
 #
 
-/usr/local/bin/redis-server /opt/tsg/cert-redis/6379/6379.conf
+/usr/local/bin/redis-server /home/tsg/cert-redis/6379/6379.conf

roles/cert-redis/tasks/main.yml

@@ -1,11 +1,11 @@
 - name: "copy cert-redis to destination server"
   copy:
     src: "{{ role_path }}/files/"
-    dest: /opt/tsg
+    dest: /home/tsg
     mode: 0755
 
 - name: "install cert-redis"
-  shell: cd /opt/tsg/cert-redis;sh install.sh
+  shell: cd /home/tsg/cert-redis;sh install.sh
 
 - name: "start cert-redis"
   systemd:

roles/certstore/tasks/main.yml

@@ -3,20 +3,20 @@
     src: "{{ role_path }}/files/"
     dest: "/tmp/ansible_deploy/"
 
-- name: Ensures /opt/tsg exists
-  file: path=/opt/tsg state=directory
+- name: Ensures /home/tsg exists
+  file: path=/home/tsg state=directory
   tags: mkdir
 
 - name: install certstore
   yum:
     name:
-      - /tmp/ansible_deploy/certstore-2.1.2.202009.87fcacf-1.el7.x86_64.rpm
+      - /tmp/ansible_deploy/certstore-2.1.2.20200828.f507b3e-1.el7.x86_64.rpm
     state: present
 
 - name: template certstore configure file
   template:
     src: "{{ role_path }}/templates/cert_store.ini.j2"
-    dest: /opt/tsg/certstore/conf/cert_store.ini
+    dest: /home/tsg/certstore/conf/cert_store.ini
 
 - name: "start certstore"
   systemd:

roles/firewall/tasks/main.yml

@@ -12,9 +12,10 @@
   vars:
     fw_packages:
       - /tmp/ansible_deploy/capture_packet_plug-3.0.2.09f193c-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/dns-2.0.8.beb1d09-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/clotho-debug-1.0.0.-1.el7.x86_64.rpm
+      - /tmp/ansible_deploy/dns-2.0.6.d8317e9-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/ftp-1.0.6.2710506-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/fw_dns_plug-3.0.1.453c533-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/fw_dns_plug-3.0.0.0a5d574-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/fw_ftp_plug-3.0.0.7a867ea-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/fw_http_plug-3.0.0.1ca1c65-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/fw_mail_plug-3.0.0.3b4e481-2.el7.x86_64.rpm
@@ -22,9 +23,10 @@
       - /tmp/ansible_deploy/fw_ssl_plug-3.0.1.7ea9976-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/http-2.0.3.9218b4b-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/mail-1.0.7.9e3be05-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/quic-1.1.9.810857d-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/ssl-1.0.8.0068bd9-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/tsg_conn_sketch-2.0.5.63c1e51-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/quic-1.1.6.d6755d8-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/ssl-1.0.3.e8482a4-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/tsg_conn_record-1.0.2.2afb19a-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/tsg_conn_sketch-2.0.v2.0_alpha.af621ca-2.el7.x86_64.rpm
 
 - name: "Template the tsgconf/main.conf"
   template:

roles/framework/tasks/main.yml

@@ -11,19 +11,18 @@
   vars:
     packages:
       - /tmp/ansible_deploy/libMESA_field_stat-1.0.1.852c2df-1.el7.x86_64.rpm
-      - /tmp/ansible_deploy/libMESA_field_stat2-2.9.1.d80b5fb-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/libMESA_handle_logger-2.0.4.1502550-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/libMESA_field_stat2-2.9.0.16ecf3b-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/libMESA_handle_logger-1.0.9.304259e-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/libMESA_htable-3.10.11.6275308-1.el7.x86_64.rpm
       - /tmp/ansible_deploy/libMESA_prof_load-1.0.5.bf755de-1.el7.x86_64.rpm
       - /tmp/ansible_deploy/libWiredLB-2.0.3.c7d131b-1.el7.x86_64.rpm
       - /tmp/ansible_deploy/libcjson-1.7.8.542ad7f-1.el7.x86_64.rpm
       - /tmp/ansible_deploy/libdocumentanalyze-2.0.4.efdfc29-1.el7.x86_64.rpm
-      - /tmp/ansible_deploy/libmaatframe-3.0.7.34de556-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/libmaatframe-3.0.4.7d6bc27-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/librulescan-2.2.0.900d2b3-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/libwiredcfg-2.0.2.7ce1eea-1.el7.x86_64.rpm
       - /tmp/ansible_deploy/lz4-1.7.5-3.el7.x86_64.rpm
       - /tmp/ansible_deploy/librdkafka-0.11.4-1.el7.x86_64.rpm
-      - /tmp/ansible_deploy/libtsglua-1.0.7.0864e4a-2.el7.x86_64.rpm
 
 - name: "mkdir /etc/ld.so.conf.d/"
   file:

roles/kernel-ml/tasks/main.yml

@@ -40,6 +40,6 @@
     - tsg_access_type == 4
     - t_kernel_ml.changed
 
-#- name: "reboot"
-#  reboot:
-#  when: t_kernel_ml.changed
+- name: "reboot"
+  reboot:
+  when: t_kernel_ml.changed

roles/kni/tasks/main.yml

@@ -7,7 +7,7 @@
 - name: "install kni rpms from localhost"
   yum:
     name:
-      - /tmp/ansible_deploy/kni-20.09-1.el7.x86_64.rpm
+      - /tmp/ansible_deploy/kni-20.07-1.el7.x86_64.rpm
     state: present
 
 - name: Template the kni.conf

roles/kni/templates/kni.conf.j2

@@ -81,55 +81,3 @@ remote_port = 8100
 local_path = ./fs2_kni.status
 stat_cycle = 1
 print_mode = 1
-
-[ssl_dynamic_bypass]
-enabled = 1
-
-#kni dynamic bypass
-[traceid2sslinfo_htable]
-mho_screen_print_ctrl = 0
-mho_thread_safe = 1
-mho_mutex_num = 160
-mho_hash_slot_size = 80000
-mho_hash_max_element_num = 320000
-mho_expire_time = 300
-mho_eliminate_type = FIFO
-
-[sslinfo2bypass_htable]
-mho_screen_print_ctrl = 0
-mho_thread_safe = 1
-mho_mutex_num = 160
-mho_hash_slot_size = 640000
-mho_hash_max_element_num = 2560000
-mho_expire_time = 300
-mho_eliminate_type = FIFO
-
-[proxy_tcp_option]
-enabled = 1
-maat_table_compile = PXY_TCP_OPTION_COMPILE
-maat_table_addr = PXY_TCP_OPTION_ADDR
-maat_table_fqdn = PXY_TCP_OPTION_SERVER_FQDN
-enable_override = 0
-client_tcp_maxseg_enable = 0
-client_tcp_maxseg = 1460
-client_tcp_nodelay =  1
-client_tcp_ttl = 70
-client_tcp_keepalive_enable = 1
-client_tcp_keepalive_keepcnt = 8
-client_tcp_keepalive_keepidle = 30
-client_tcp_keepalive_keepintvl = 15
-client_tcp_user_timeout = 600
-server_tcp_maxseg_enable = 0
-server_tcp_maxseg = 1460
-server_tcp_nodelay = 1
-server_tcp_ttl = 75
-server_tcp_keepalive_enable = 1
-server_tcp_keepalive_keepcnt = 8
-server_tcp_keepalive_keepidle = 30
-server_tcp_keepalive_keepintvl = 15
-server_tcp_user_timeout = 600
-bypass_duplicated_packet = 0
-tcp_passthrough = 0
-
-[share_session_attribute]
-SESSION_ATTRIBUTE_LABEL=TSG_MASTER_INTERNAL_LABEL

roles/mrzcpd/templates/adc_inline/mrglobal.conf.adc_inline.j2

@@ -10,7 +10,7 @@ jumbo_frame=1
 max_rx_pkt_len=15360
 clear_tx_flags=1
 vlan-filter=1
-vlan-id-allow=1000,1001,4000,4001
+vlan-id-allow=1000,1001
 
 [device:{{nic_to_tfe.tfe0.name}}]
 jumbo_frame=1

roles/mrzcpd/templates/adc_inline/mrtunnat.conf.adc_inline.j2

@@ -16,6 +16,3 @@ enable=1
 c_router_vlan_id_0=1000
 i_router_vlan_id_0=1001
 en_mac_flipping_0=0
-c_router_vlan_id_1=4000
-i_router_vlan_id_1=4001
-en_mac_flipping_1=0

roles/mrzcpd/templates/adc_tun_mode/mrglobal.conf.adc_tun_mode.j2

@@ -8,7 +8,7 @@ jumbo_frame=1
 max_rx_pkt_len=15360
 clear_tx_flags=1
 vlan-filter=1
-vlan-id-allow=1000,1001,2000,2001,4000,4001
+vlan-id-allow=1000,1001,2000,2001
 vlan-pvid=0
 vlan-pvid-mode=2
 promisc=1

roles/mrzcpd/templates/adc_tun_mode/mrtunnat.conf.adc_tun_mode.j2

@@ -19,6 +19,3 @@ en_mac_flipping_0=0
 c_router_vlan_id_1=2000
 i_router_vlan_id_1=2001
 en_mac_flipping_1=0
-c_router_vlan_id_2=4000
-i_router_vlan_id_2=4001
-en_mac_flipping_2=0

roles/mrzcpd/templates/allot_access/mrglobal.conf.allot_access.j2

@@ -8,7 +8,7 @@ jumbo_frame=1
 max_rx_pkt_len=15360
 clear_tx_flags=1
 vlan-filter=1
-vlan-id-allow={{ AllotAccess.virturlID_1 }},{{ AllotAccess.virturlID_2 }},4000,4001,1000,1001
+vlan-id-allow={{ AllotAccess.virturlID_1 }},{{ AllotAccess.virturlID_2 }}
 vlan-pvid=0
 vlan-pvid-mode=2
 promisc=1

roles/mrzcpd/templates/allot_access/mrtunnat.conf.allot_access.j2

@@ -16,10 +16,4 @@ enable=1
 c_router_vlan_id_0={{ AllotAccess.virturlID_1 }}
 i_router_vlan_id_0={{ AllotAccess.virturlID_2 }}
 en_mac_flipping_0=1
-c_router_vlan_id_1=1000
-i_router_vlan_id_1=1001
-en_mac_flipping_1=0
-c_router_vlan_id_2=4000
-i_router_vlan_id_2=4001
-en_mac_flipping_2=0
 

roles/mrzcpd/templates/traffic_mirror/mrglobal.conf.traffic_mirror.j2

@@ -1,5 +1,5 @@
 [device]
-device={{nic_traffic_mirror.name}}
+device=fake
 sz_tunnel=8192
 sz_buffer=0
 

roles/reboot/tasks/main.yml

@@ -1,3 +0,0 @@
-- name: "reboot"
-  reboot:
-  when: Deploy_finished_reboot == 1

roles/sapp/tasks/main.yml

@@ -4,16 +4,10 @@
     src: "{{ role_path }}/files/"
     dest: /tmp/ansible_deploy/
 
-- name: "copy maat_redis_tool to destination server"
-  copy:
-    src: "{{ role_path }}/files/maat_redis_tool"
-    dest: /usr/local/bin
-    mode: 0755
-
 - name: "install sapp rpms from localhost"
   yum:
     name:
-      - /tmp/ansible_deploy/sapp-4.1.7.4f2839a-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/sapp-4.0.20.b59c12a-2.el7.x86_64.rpm
     state: present
     skip_broken: yes
 

roles/sapp/templates/conflist.inf.j2

@@ -10,9 +10,6 @@
 #./plug/platform/http_healthcheck/http_healthcheck.inf
 {% endif %}
 ./plug/platform/tsg_master/tsg_master.inf
-{% if tsg_app_enable == 1 %}
-./plug/platform/app_master/app_master.inf
-{% endif %}
 
 [protocol]
 ./plug/protocol/ssl/ssl.inf
@@ -30,10 +27,6 @@
 ./plug/business/fw_mail_plug/fw_mail_plug.inf
 ./plug/business/fw_ftp_plug/fw_ftp_plug.inf
 ./plug/business/fw_quic_plug/fw_quic_plug.inf
+./plug/business/tsg_conn_record/tsg_conn_record.inf
 ./plug/business/tsg_conn_sketch/tsg_conn_sketch.inf
 ./plug/business/capture_packet_plug/capture_packet_plug.inf
-{% if tsg_app_enable == 1 %}
-./plug/business/app_sketch_local/app_sketch_local.inf
-./plug/business/app_control_plug/app_control_plug.inf
-./plug/business/app_proto_identify/app_proto_identify.inf
-{% endif %}

roles/sapp/templates/project_list.conf.j2

@@ -4,17 +4,4 @@ tcp_deduce_flow_stat    struct
 POLICY_PRIORITY	struct
 ESTABLISH_LATENCY	long
 MAIL_IDENTIFY	int
-TSG_MASTER_INTERNAL_LABEL	struct
-APP_ID_LABEL	struct
-BASIC_PROTO_LABEL	struct
-USER_DEFINED_ATTRIBUTE	struct
-SKETCH_TRANS_LAYER_CTX_LABEL    struct
-SKETCH_PROTO_CTX_LABEL   struct
-common_link_info_c2s	struct
-common_link_info_s2c	struct
-common_link_info struct
-JA3_FINGERPRINT_LABEL	struct
-DKPT_PRO_V2	struct
-DPKT_PROJECT_V2	struct
-PPROJECT_PRO_V2	struct
-DPKT_BHSTAT_PROJECT	struct
+

roles/sapp/templates/sapp.toml.j2

@@ -14,7 +14,9 @@ worker_threads=1
 {% else %}
 worker_threads={{ sapp.worker_threads }}
 {% endif %}
+{% if tsg_access_type == 4 %}
 send_only_threads_max={{ sapp.send_only_threads_max }}
+{% endif %}
 ### note, bind_mask, if you do not want to bind thread to special CPU core, keep it empty as []
 {% if tsg_access_type == 0 %}
 bind_mask=[]

roles/tfe/tasks/main.yml

@@ -14,7 +14,7 @@
   yum:
     name:
       - /tmp/ansible_deploy/tfe-kmod-v1.0.5.20200408-1dkms.noarch.rpm
-      - /tmp/ansible_deploy/tfe-4.3.10.fb02543-1.el7.x86_64.rpm
+      - /tmp/ansible_deploy/tfe-4.3.9.4d7957e-1.el7.x86_64.rpm
     state: present
 
 - name: "template tfe-env config"

roles/tfe/templates/doh.conf.j2

@@ -23,5 +23,4 @@ table_host=TSG_FIELD_DOH_HOST
 # default 0
 ENTRANCE_ID=0
 # default 1
-# if enable "en_sendlog", the iterm "tfe.conf [kafka] enable" must set 1
 en_sendlog=1

roles/tfe/templates/future.conf.j2

@@ -1,9 +1,5 @@
 [STAT]
 no_stats=0
-statsd_server=192.168.100.1
+statsd_server=127.0.0.1
 statsd_port=8100
 histogram_bins=0.50,0.80,0.9,0.95
-statsd_cycle=5
-# FS_OUTPUT_STATSD=1, FS_OUTPUT_INFLUX_LINE=2
-statsd_format=2
-print_diff=1

roles/tfe/templates/tfe.conf.j2

@@ -1,128 +1,76 @@
 [system]
 nr_worker_threads={{ tfe.nr_threads }}
-enable_kni_v1=0
-enable_kni_v2=1
-
-# Only when (disable_coredump == 1 || (enable_breakpad == 1 && enable_breakpad_upload == 1)) is satisfied, the core will not be generated locally
-disable_coredump=0
-enable_breakpad=1
+enable_breakpad=0
 enable_breakpad_upload=0
-breakpad_upload_url=http://sentry.mesalab.cn:9000/api/3/minidump/?sentry_key=e8e446bb3bd8435c97f4c01770ca7025
-# must be /run/tfe/crashreport，due to tmpfile limit
-breakpad_minidump_dir=/run/tfe/crashreport
+breakpad_minidump_dir=/run/tfe/crashreport/
+breakpad_upload_url=http://127.0.0.1:9000/
+disable_coredump=0
 
-# ask for at least (1 + nr_worker_threads) masks
-# the first  mask for acceptor thread
-# the others mask for worker   thread
-enable_cpu_affinity=0
-cpu_affinity_mask=1-9
-# LEAST_CONN = 0; ROUND_ROBIN = 1
-load_balance=1
 
 [kni]
-# kni v1
-#uxdomain=/var/run/.tfe_kni_acceptor_handler
-# kni v2
-#scm_socket_file=/var/run/.tfe_kmod_scm_socket
-
-# send cmsg
-send_switch=1
 ip=192.168.100.1
 cmsg_port=2475
-
-# watch dog
 watchdog_switch=1
 watchdog_port=2476
 
 [ssl]
 ssl_max_version=tls13
 ssl_min_version=ssl3
-ssl_compression=1
-no_ssl2=1
-no_ssl3=0
-no_tls10=0
-no_tls11=0
-no_tls12=0
-default_ciphers=ALL:-aNULL
-no_cert_verify=0
-
-# session ticket
+no_session_cache=0
 no_session_ticket=0
+log_master_key=0
+trusted_cert_load_local=1
+trusted_cert_file=resource/tfe/tls-ca-bundle.pem
+trusted_cert_dir=resource/tfe/trusted_storage
+key_log_file=log/sslkeylog.log
+no_alpn=0
 stek_group_num=4
 stek_rotation_time=3600
+service_cache_expire_seconds=600
 
-# session cache
-no_session_cache=0
-session_cache_slots=4194304
-session_cache_expire_seconds=1800
-
-# service cache
-service_cache_slots=4194304
-service_cache_expire_seconds=300
-service_cache_fail_as_pinning_cnt=4
-service_cache_fail_as_proto_err_cnt=5
-service_cache_succ_as_app_not_pinning_cnt=0
-service_cache_fail_time_window=30
-
-# cert
-check_cert_crl=0
-{% if tsg_running_type == 2 %}
-trusted_cert_load_local=1
-#trusted_cert_file=resource/tfe/tls-ca-bundle.pem
-trusted_cert_file=resource/tfe/tsg_diagnose_ca.pem
-{% else %}
-trusted_cert_load_local=0
-trusted_cert_file=resource/tfe/tls-ca-bundle.pem
-#trusted_cert_file=resource/tfe/tsg_diagnose_ca.pem
-{% endif %}
-trusted_cert_dir=resource/tfe/trusted_storage
-
-# master key
-log_master_key=0
-key_log_file=log/sslkeylog.log
-
-# mid cert cache
+# SSL mid cert cache
+# default 0
 mc_cache_enable=1
-mc_cache_eth={{ nic_mgr.name }}
+# default eth0
+mc_cache_eth={{ nic_inner_ctrl.name }}
+# default NULL
 mc_cache_broker_list={{ log_kafkabrokers.address }}
+# default PXY-EXCH-INTERMEDIA-CERT
 mc_cache_topic=PXY-EXCH-INTERMEDIA-CERT
 
 [key_keeper]
 #Mode: debug - generate cert with ca_path, normal - generate cert with cert store
 #0 on cache 1 off cache
+mode= normal
 no_cache=0
-mode=normal
-cert_store_host={{ cert_store_server.address }}
-cert_store_port={{ cert_store_server.port }}
+cert_store_host= {{ cert_store_server.address }}
+cert_store_port= {{ cert_store_server.port }}
 ca_path=resource/tfe/tango-ca-v3-trust-ca.pem
 untrusted_ca_path=resource/tfe/tango-ca-v3-untrust-ca.pem
-hash_slot_size=131072
-hash_expire_seconds=300
-cert_expire_time=24
-
-# health_check only for "mode=normal" default 1
+# health_check only for "mode=normal"
+# default 1
 enable_health_check=1
 
 [debug]
-# 1 : enforce tcp passthrough
-# 0 : Whether to passthrough depends on the tcp_options in cmsg
 passthrough_all_tcp=0
 
+[traffic_mirror]
+{% if tsg_running_type != 2 %}
+device=lo
+type=0
+{% else %}
+device={{ nic_traffic_mirror.name }}
+type=1
+{% endif %}
+
+
 [ratelimit]
-read_rate=0
-read_burst=0
-write_rate=0
-write_burst=0
+#read_rate=200000
+#read_burst=200000
+#write_rate=200000
+#write_burst=200000
 
 [tcp]
-# read rcv_buff/snd_buff options from tfe conf
-sz_rcv_buffer=-1
-sz_snd_buffer=-1
-
-# 1 : use tcp_options in tfe.conf
-# 0 : use tcp_options in cmsg
-enable_overwrite=0
-tcp_nodelay=1
 so_keepalive=1
 tcp_keepcnt=8
 tcp_keepintvl=15
@@ -133,66 +81,45 @@ tcp_ttl_downstream=70
 
 [log]
 level={{ tfe_log_level }}
-location=log/tfe.log
 
 [stat]
-statsd_server=192.168.100.1
+statsd_server=127.0.0.1
 statsd_port=8100
 statsd_cycle=5
-# 1:FS_OUTPUT_STATSD; 2:FS_OUTPUT_INFLUX_LINE
+# FS_OUTPUT_STATSD=1, FS_OUTPUT_INFLUX_LINE=2
 statsd_format=2
-histogram_bins=0.5,0.8,0.9,0.95
 
 [http]
 loglevel={{ tfe_http_log_level }}
 
-[traffic_mirror]
-{% if tsg_running_type != 2 %}
-enable={{ tfe.mirror_enable }}
-device=lo
-# 0:TRAFFIC_MIRROR_ETHDEV_AF_PACKET; 1:TRAFFIC_MIRROR_ETHDEV_MARSIO
-type=0
-{% else %}
-enable={{ tfe.mirror_enable }}
-device={{ nic_traffic_mirror.name }}
-# 0:TRAFFIC_MIRROR_ETHDEV_AF_PACKET; 1:TRAFFIC_MIRROR_ETHDEV_MARSIO
-type=1
-{% endif %}
-
-
 [kafka]
 enable=1
-NIC_NAME={{ nic_mgr.name }}
+nic_name={{ nic_mgr.name }}
 kafka_brokerlist={{ log_kafkabrokers.address }}
 kafka_topic=PROXY-EVENT-LOG
 device_id_filepath=/opt/tsg/etc/tsg_sn.json
 
 [maat]
-# 0:json 1:redis 2:iris
+# 0:json 1: redis 2: iris
 maat_input_mode=1
-stat_switch=1
-perf_switch=1
 table_info=resource/pangu/table_info.conf
-accept_path=/opt/tsg/etc/tsg_device_tag.json
-stat_file=log/pangu_scan.fs2
-effect_interval_s=1
-deferred_load_on=0
-
-# Pangu uses accept_tags to support the effective range of the device.
-# Traffic mirroring does not need to support the effective range of the device,
-# but pangu and traffic mirroring use the same maat configuration file.
-# Therefore, there is no need to set accept_tags in tfe.conf,
-# just set accept_tags in the tfe_resource_init() code
-# accept_tags={"tags":[{"tag":"device_id","value":"device_1"}]}
-
-# json mode conf iterm
 json_cfg_file=resource/pangu/pangu_http.json
+stat_file=log/pangu_scan.status
+full_cfg_dir=pangu_policy/full/index/
+inc_cfg_dir=pangu_policy/inc/index/
 
-# redis mode conf iterm
 maat_redis_server={{ maat_redis_server.address }}
 maat_redis_port_range={{ maat_redis_server.port }}
 maat_redis_db_index={{ maat_redis_server.db }}
+effect_interval_s=1
+#accept_tags={"tags":[{"tag":"location","value":"Astana"}]}
+accept_path=/opt/tsg/etc/tsg_device_tag.json
+
+[dynamic_maat]
+maat_input_mode=1
+table_info=resource/pangu/dynamic_maat_table_info.conf
+maat_redis_server={{ dynamic_maat_redis_server.address }}
+maat_redis_port_range={{ dynamic_maat_redis_server.port }}
+maat_redis_db_index={{ dynamic_maat_redis_server.db }}
+effect_interval_s=1
 
-# iris mode conf iterm
-full_cfg_dir=pangu_policy/full/index/
-inc_cfg_dir=pangu_policy/inc/index/

roles/tsg-diagnose/tasks/main.yml

@@ -1,38 +0,0 @@
-- name: "Tsg-diagnose:copy file to device"
-  copy:
-    src: '{{ role_path }}/files/'
-    dest: /tmp/ansible_deploy/
-    
-- name: "unarchive install_docker.zip"
-  unarchive:
-    src: /tmp/ansible_deploy/install_docker.zip
-    dest: /tmp/ansible_deploy/
-    remote_src: yes
-
-- name: "exec docker install shell"
-  shell: cd /tmp/ansible_deploy/install_docker; sh setup_docker.sh
-
-- name: 'Docker service start and enable'
-  systemd:
-    name: docker
-    enabled: yes
-    state: started
-    daemon_reload: yes
-
-- name: "Install tsg-diagnose rpm package"
-  yum:
-    name:
-      - "/tmp/ansible_deploy/tsg-diagnose-20.09-1.el7.x86_64.rpm"
-    state: present
-  
-- name: "tsg-diagnose init certs"
-  shell: /bin/sh /opt/tsg/tsg-diagnose/deploy/init_certs/init_badssl_certs.sh
-
-- name: 'Tsg-diagnose service start'
-  systemd:
-    name: tsg-diagnose
-    enabled: yes
-    daemon_reload: yes
-
-- name: "tsg-diagnose init rsync deamon"
-  shell: /bin/sh /opt/tsg/tsg-diagnose/deploy/rsync/init_rsyncd.sh

roles/tsg-diagnose_stop_sync/tasks/main.yml

@@ -1,3 +0,0 @@
-- name: "tsg-diagnose:  stop rsync deamon process"
-  shell: killall -9 rsync
-

roles/tsg-diagnose_sync_ca/tasks/main.yml

@@ -1,6 +0,0 @@
-- name: "tsg-diagnose: rsync badssl ca certs"
-  shell: rsync -avzP --delete 192.168.100.1::blade0toother /tmp/sync/
-
-- name: "tsg-diagnose: add badssl ca file to tfe tls-ca-bundle"
-  shell: cat  /tmp/sync/ca-root.crt >> /opt/tsg/tfe/resource/tfe/tsg_diagnose_ca.pem
-

roles/tsg_app/tasks/main.yml

@@ -1,38 +0,0 @@
----
-- name: "copy tsg_app rpms to destination server"
-  copy:
-    src: "{{ role_path }}/files/"
-    dest: /tmp/ansible_deploy/
-
-- name: "install tsg_app packages"
-  yum:
-    name: "{{ app_packages }}"
-    state: present
-    skip_broken: yes
-  vars:
-    app_packages:
-      - /tmp/ansible_deploy/app_master-1.0.5.5a4fb22-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/app_control_plug-1.0.3.447fc53-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/app_proto_identify-1.0.3.6c893f2-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/app_sketch_local-1.0.4.0edaf58-2.el7.x86_64.rpm
-  when: tsg_app_enable == 1
-
-- name: "mkdir appconf"
-  file:
-    path: /home/mesasoft/sapp_run/appconf
-    state: directory
-  when: tsg_app_enable == 1
-
-- name: "Template the appconf/main.conf"
-  template:
-    src: "{{ role_path }}/templates/main.conf.j2"
-    dest: /home/mesasoft/sapp_run/appconf/main.conf
-  tags: template
-  when: tsg_app_enable == 1
-
-- name: "Template the appconf/maat.conf"
-  template:
-    src: "{{ role_path }}/templates/maat.conf.j2"
-    dest: /home/mesasoft/sapp_run/appconf/maat.conf
-  tags: template
-  when: tsg_app_enable == 1

roles/tsg_app/templates/maat.conf.j2

@@ -1,34 +0,0 @@
-[APP_SIGNATURE_MAAT]
-MAAT_MODE=2
-STAT_SWITCH=1
-PERF_SWITCH=1
-TABLE_INFO=appconf/app_id_tableinfo.conf
-STAT_FILE=app_id_maat.status
-EFFECT_INTERVAL_S=1
-REDIS_IP={{ maat_redis_server.address }}
-REDIS_PORT_NUM=1
-REDIS_PORT={{ maat_redis_server.port }}
-REDIS_INDEX={{ maat_redis_server.db }}
-JSON_CFG_FILE=appconf/app_id_maat.json
-INC_CFG_DIR=apprule/inc/index/
-FULL_CFG_DIR=apprule/full/index/
-EFFECTIVE_RANGE_FILE=/opt/app/etc/app_device_tag.json
-
-[APP_ACTION_MAAT]
-MAAT_MODE=2
-STAT_SWITCH=1
-PERF_SWITCH=1
-TABLE_INFO=appconf/app_action_tableinfo.conf
-STAT_FILE=app_action_maat.status
-EFFECT_INTERVAL_S=1
-REDIS_IP={{ maat_redis_server.address }}
-REDIS_PORT_NUM=1
-REDIS_PORT={{ maat_redis_server.port }}
-REDIS_INDEX={{ maat_redis_server.db }}
-JSON_CFG_FILE=appconf/app_action_maat.json
-INC_CFG_DIR=apprule/inc/index/
-FULL_CFG_DIR=apprule/full/index/
-EFFECTIVE_RANGE_FILE=/opt/tsg/etc/tsg_device_tag.json
-
-[MAAT]
-ACCEPT_TAGS={"tags":[{"tag":"device_id","value":"device_1"}]}

roles/tsg_app/templates/main.conf.j2

@@ -1,39 +0,0 @@
-[FEEDBACK]
-QOS=1
-PUBLISH_TOPIC=APP_SIGNATURE_ID
-#CLIENT_ID=
-BROKER_LIST=tcp://{{ app_global_ip }}:1883
-
-[LUA]
-ENABLE=1
-
-[MAAT]
-PROFILE=./appconf/maat.conf
-
-[APP_LOG]
-MODE=1
-LOG_LEVEL={{ applog_level }}
-LOG_PATH=./applog/applog
-BROKER_LIST={{ log_kafkabrokers.address }}
-COMMON_FIELD_FILE=appconf/app_log_field.conf
-
-[FIELD_STAT]
-CYCLE=5
-TELEGRAF_PORT=8100
-TELEGRAF_IP=127.0.0.1
-OUTPUT_PATH=./app_stat.log
-APP_NAME=app_master
-
-[SYSTEM]
-LOG_LEVEL={{ app_master_log_level }}
-LOG_PATH=./applog/app_master
-NIC_NAME={{ nic_mgr.name }}
-
-[APP_SKETCH_LOCAL]
-LOG_LEVEL={{ app_sketch_local_log_level }}
-LOG_PATH=./applog/app_sketch_local/app_sketch_local
-
-[CONTROL_PLUG]
-LOG_LEVEL={{ app_control_plug_log_level }}
-LOG_PATH=./applog/app_control_plug/app_control_plug
-

roles/tsg_master/tasks/main.yml

@@ -6,6 +6,6 @@
 - name: "install tsg_master from localhost"
   yum:
     name:
-      - /tmp/ansible_deploy/tsg_master-3.2.9.d1a6f00-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/tsg_master-3.2.4.a73f956-2.el7.x86_64.rpm
     state: present
     skip_broken: yes

uninstall/roles/backup_framework_config/tasks/main.yml

@@ -1,21 +0,0 @@
-- name: "create backup_dest_path"
-  file:
-    path: "{{ backup_dest_path }}"
-    state: directory
-  ignore_errors: true
-
-- name: "optMESA_{{ uninstall_version }}_{{ date }}.zip exist?"
-  shell: "ls {{ backup_dest_path }}/optMESA_{{ uninstall_version }}_{{ date }}.zip"
-  register: optMESA_directory
-  ignore_errors: true
-
-- name: "backup /opt/MESA to destination path"
-  archive:
-    path: /opt/MESA
-    dest: "{{ backup_dest_path }}/optMESA_{{ uninstall_version }}_{{ date }}.zip"
-    format: zip
-  when:
-    - optMESA_directory.rc != 0 
-    - backup.framework == 1
-  ignore_errors: true
-

uninstall/roles/backup_marsio_config/tasks/main.yml

@@ -1,20 +0,0 @@
-- name: "create backup_dest_path"
-  file:
-    path: "{{ backup_dest_path }}"
-    state: directory
-  ignore_errors: true
-
-- name: "mrzcpd_{{ uninstall_version }}_{{ date }}.zip exist?"
-  shell: "ls {{ backup_dest_path }}/mrzcpd_{{ uninstall_version }}_{{ date }}.zip"
-  register: mrzcpd_directory
-  ignore_errors: true
-
-- name: "backup /opt/mrzcpd to destination path"
-  archive:
-    path: /opt/mrzcpd
-    dest: "{{ backup_dest_path }}/mrzcpd_{{ uninstall_version }}_{{ date }}.zip"
-    format: zip
-  when:
-    - mrzcpd_directory.rc != 0 
-    - backup.marsio == 1
-  ignore_errors: true

uninstall/roles/backup_sapp_config/tasks/main.yml

@@ -1,82 +0,0 @@
-- name: "create backup_dest_path"
-  file:
-    path: "{{ backup_dest_path }}"
-    state: directory
-  ignore_errors: true
-
-- name: "sapp_etc_{{ uninstall_version }}_{{ date }}.zip exist?"
-  shell: "ls {{ backup_dest_path }}/sapp_etc_{{ uninstall_version }}_{{ date }}.zip"
-  register: sapp_etc
-  ignore_errors: true
-
-- name: "sapp_plug_{{ uninstall_version }}_{{ date }}.zip exist?"
-  shell: "ls {{ backup_dest_path }}/sapp_plug_{{ uninstall_version }}_{{ date }}.zip"
-  register: sapp_plug
-  ignore_errors: true
-
-- name: "sapp_tsgconf_{{ uninstall_version }}_{{ date }}.zip exist?"
-  shell: "ls {{ backup_dest_path }}/sapp_tsgconf_{{ uninstall_version }}_{{ date }}.zip"
-  register: sapp_tsgconf
-  ignore_errors: true
-
-- name: "sapp_appconf_{{ uninstall_version }}_{{ date }}.zip exist?"
-  shell: "ls {{ backup_dest_path }}/sapp_appconf_{{ uninstall_version }}_{{ date }}.zip"
-  register: sapp_appconf
-  ignore_errors: true
-
-- name: "sapp_conf_{{ uninstall_version }}_{{ date }}.zip exist?"
-  shell: "ls {{ backup_dest_path }}/sapp_conf_{{ uninstall_version }}_{{ date }}.zip"
-  register: sapp_conf
-  ignore_errors: true
-
-- name: "backup sapp_run/etc to destination path"
-  archive:
-    path: /home/mesasoft/sapp_run/etc
-    dest: "{{ backup_dest_path }}/sapp_etc_{{ uninstall_version }}_{{ date }}.zip"
-    format: zip
-  when:
-    - sapp_etc.rc != 0 
-    - backup.sapp_etc == 1
-  ignore_errors: true
-
-- name: "backup sapp_run/plug to destination path"
-  archive:
-    path: /home/mesasoft/sapp_run/plug
-    dest: "{{ backup_dest_path }}/sapp_plug_{{ uninstall_version }}_{{ date }}.zip"
-    format: zip
-  when:
-    - sapp_plug.rc != 0 
-    - backup.sapp_plug == 1
-  ignore_errors: true
-
-- name: "backup sapp_run/tsgconf/ to destination path"
-  archive:
-    path: /home/mesasoft/sapp_run/tsgconf
-    dest: "{{ backup_dest_path }}/sapp_tsgconf_{{ uninstall_version }}_{{ date }}.zip"
-    format: zip
-  when:
-    - sapp_tsgconf.rc != 0 
-    - backup.sapp_tsgconf == 1
-  ignore_errors: true
-
-- name: "backup sapp_run/appconf/ to destination path"
-  archive:
-    path: /home/mesasoft/sapp_run/appconf
-    dest: "{{ backup_dest_path }}/sapp_appconf_{{ uninstall_version }}_{{ date }}.zip"
-    format: zip
-  when:
-    - sapp_appconf.rc != 0 
-    - backup.sapp_appconf == 1
-  ignore_errors: true
-
-- name: "backup sapp_run/conf/ to destination path"
-  archive:
-    path: /home/mesasoft/sapp_run/conf
-    dest: "{{ backup_dest_path }}/sapp_conf_{{ uninstall_version }}_{{ date }}.zip"
-    format: zip
-  when:
-    - sapp_conf.rc != 0 
-    - backup.sapp_conf == 1
-  ignore_errors: true
-
-

uninstall/roles/backup_tfe_config/tasks/main.yml

@@ -1,20 +0,0 @@
-- name: "create backup_dest_path"
-  file:
-    path: "{{ backup_dest_path }}"
-    state: directory
-  ignore_errors: true
-
-- name: "tfe_conf_{{ uninstall_version }}_{{ date }}.zip exist?"
-  shell: "ls {{ backup_dest_path }}/tfe_conf_{{ uninstall_version }}_{{ date }}.zip"
-  register: tfeconf_directory
-  ignore_errors: true
-
-- name: "backup /opt/tsg/tfe/conf to destination path"
-  archive:
-    path: /opt/tsg/tfe/conf
-    dest: "{{ backup_dest_path }}/tfe_conf_{{ uninstall_version }}_{{ date }}.zip"
-    format: zip
-  when:
-    - tfeconf_directory.rc != 0 
-    - backup.tfe == 1
-  ignore_errors: true

uninstall/roles/backup_tsgenv_config/tasks/main.yml

@@ -1,20 +0,0 @@
-- name: "create backup_dest_path"
-  file:
-    path: "{{ backup_dest_path }}"
-    state: directory
-  ignore_errors: true
-
-- name: "tsg_env_{{ uninstall_version }}_{{ date }}.zip exist?"
-  shell: "ls {{ backup_dest_path }}/tsg_env_{{ uninstall_version }}_{{ date }}.zip"
-  register: tsgenv_directory
-  ignore_errors: true
-
-- name: "backup /opt/tsg/env to destination path"
-  archive:
-    path: /opt/tsg/env
-    dest: "{{ backup_dest_path }}/tsg_env_{{ uninstall_version }}_{{ date }}.zip"
-    format: zip
-  when:
-    - tsgenv_directory.rc != 0 
-    - backup.tsg_env == 1
-  ignore_errors: true

uninstall/roles/cert_redis/tasks/main.yml

@@ -1,7 +0,0 @@
-- name: "[uninstall cert_redis] stop cert-redis"
-  systemd:
-    name: cert-redis
-    state: stopped
-    enabled: no
-  when: uninstall.certredis == 1
-  ignore_errors: true

uninstall/roles/certstore/tasks/main.yml

@@ -1,16 +0,0 @@
-- name: "[uninstall certstore] stop certstore"
-  systemd:
-    name: certstore
-    state: stopped
-    enabled: no
-  when:
-    - uninstall.certstore == 1
-  ignore_errors: true
-
-- name: "[uninstall certstore] uninstall certstore"
-  yum:
-    name:
-      - "{{ certstore }}"
-    state: absent
-  when: uninstall.certstore == 1
-

uninstall/roles/clotho/tasks/main.yml

@@ -1,16 +0,0 @@
-####################
-#Uninstall clotho
-- name: "[uninstall clotho] stop clotho"
-  systemd:
-    name: clotho
-    state: stopped
-    enabled: no
-  when: uninstall.clotho == 1
-  ignore_errors: true
-
-- name: "[uninstall clotho] uninstall clotho"
-  yum:
-    name:
-      - "{{ clotho }}"
-    state: absent
-  when: uninstall.clotho == 1

uninstall/roles/firewall/tasks/main.yml

@@ -1,72 +0,0 @@
-####################
-#Uninstall firewall
-- name: "[uninstall firewall] stop sapp"
-  systemd:
-    name: sapp
-    state: stopped
-    enabled: no
-  when:
-    - uninstall.firewall == 1
-  ignore_errors: true
-
-- name: "[uninstall firewall] create /home/mesasoft/sapp_runetc/"
-  file:
-    path: /home/mesasoft/sapp_runetc/
-    state: directory
-  when: uninstall.firewall == 1
-
-- name: "[uninstall firewall] create entrylist.conf"
-  file:
-    path: /home/mesasoft/sapp_runetc/entrylist.conf
-    state: touch
-  when: uninstall.firewall == 1
-
-- name: "[uninstall firewall] uninstall firewall"
-  yum:
-    name:
-      - "{{ capture_packet_plug }}"
-      - "{{ dns }}"
-      - "{{ ftp }}"
-      - "{{ http }}"
-      - "{{ quic }}"
-      - "{{ ssl }}"
-      - "{{ mail }}"
-      - "{{ fw_dns }}"
-      - "{{ fw_ftp }}"
-      - "{{ fw_http }}"
-      - "{{ fw_ssl }}"
-      - "{{ fw_mail }}"
-    state: absent
-  when: uninstall.firewall == 1
-
-- name: "[uninstall firewall] uninstall fw_quic"
-  yum:
-    name:
-      - "{{ fw_quic }}"
-    state: absent
-  when: uninstall.firewall == 1
-  ignore_errors: true
-
-- name: "[uninstall firewall] uninstall tsg_conn_record"
-  yum:
-    name:
-      - "{{ tsg_conn_record }}"
-    state: absent
-  when: uninstall.firewall == 1
-  ignore_errors: true
-
-- name: "[uninstall firewall] uninstall tsg_conn_sketch"
-  yum:
-    name:
-      - "{{ tsg_conn_sketch }}"
-    state: absent
-  when: uninstall.firewall == 1
-  ignore_errors: true
-
-
-- name: "[uninstall firewall] remove /home/mesasoft/sapp_runetc"
-  file:
-    path: /home/mesasoft/sapp_runetc
-    state: absent
-  when: uninstall.firewall == 1
-

uninstall/roles/framework/tasks/main.yml

@@ -1,40 +0,0 @@
-- name: "[uninstall framework] create project_list.conf"
-  file:
-    path: /home/mesasoft/sapp_run/etc/project_list.conf
-    state: touch
-  when: uninstall.framework == 1
-  ignore_errors: true
-
-- name: "[uninstall framework] create conflist.inf"
-  file:
-    path: /home/mesasoft/sapp_run/plug/conflist.inf
-    state: touch
-  when: uninstall.framework == 1
-  ignore_errors: true
-
-- name: "[uninstall framework] uninstall framework"
-  yum:
-    name:
-      - "{{ libcjson }}"
-      - "{{ libdocument }}"
-      - "{{ libmaatframe }}"
-      - "{{ libMESA_field_stat }}"
-      - "{{ libMESA_field_stat2 }}"
-      - "{{ libMESA_handle_logger }}"
-      - "{{ libMESA_htable }}"
-      - "{{ libMESA_prof_load }}"
-      - "{{ librdkafka }}"
-      - "{{ librulescan }}"
-      - "{{ libwiredcfg }}"
-      - "{{ libWiredLB }}"
-      - "{{ lz4 }}"
-    state: absent
-  when: uninstall.framework == 1
-
-- name: "[uninstall framework] uninstall framework"
-  yum:
-    name:
-      - "{{ libtsglua }}"
-    state: absent
-  when: uninstall.framework == 1
-  ignore_errors: true

uninstall/roles/http_healthcheck/tasks/main.yml

@@ -1,9 +0,0 @@
-####################
-#Uninstall http_healthcheck
-- name: "[uninstall http_healthcheck] uninstall http_healthcheck"
-  yum:
-    name:
-      - "{{ http_healthcheck }}"
-    state: absent
-  when: uninstall.http_healthcheck == 1
-