feature:新增部署packet_dump的操作

rpm包

adc_deploy.yml

@@ -1,110 +0,0 @@
-- hosts:
-    - adc_mcn0
-    - adc_mcn1
-    - adc_mcn2
-    - adc_mcn3
-    - packet_dump_server
-  remote_user: root
-  vars_files:
-    - install_config/group_vars/adc_global.yml
-  roles:
-    - framework
-
-- hosts: packet_dump_server
-  remote_user: root
-  vars_files:
-    - install_config/group_vars/adc_global.yml
-  roles:
-    - packet_dump
-
-- hosts: adc_mcn0
-  remote_user: root
-  vars_files:
-    - install_config/group_vars/adc_global.yml
-    - install_config/group_vars/adc_mcn0.yml
-  roles:
-    - telegraf_collect
-    - kernel-ml
-    - mrzcpd
-    - sapp
-    - tsg_master
-    - kni
-    - firewall
-#    - tsg_app
-    - http_healthcheck
-    - redis
-    - cert-redis
-    - maat-redis
-    - certstore
-    - telegraf_statistic
-#    - tsg_device_tag
-
-- hosts: adc_mcn1
-  remote_user: root
-  vars_files:
-    - install_config/group_vars/adc_global.yml
-    - install_config/group_vars/adc_mcn1.yml
-  roles:
-    - telegraf_collect
-    - kernel-ml
-    - mrzcpd
-    - tfe
-
-- hosts: adc_mcn2
-  remote_user: root
-  vars_files:
-    - install_config/group_vars/adc_global.yml
-    - install_config/group_vars/adc_mcn2.yml
-  roles:
-    - telegraf_collect
-    - kernel-ml
-    - mrzcpd
-    - tfe
-
-- hosts: adc_mcn3
-  remote_user: root
-  vars_files:
-    - install_config/group_vars/adc_global.yml
-    - install_config/group_vars/adc_mcn3.yml
-  roles:
-    - telegraf_collect
-    - kernel-ml
-    - mrzcpd
-    - tfe
-
-- hosts: adc_mcn0
-  remote_user: root
-  roles:
-    - tsg-diagnose
-
-- hosts: 
-    - adc_mcn1
-    - adc_mcn2
-    - adc_mcn3
-  remote_user: root
-  roles:
-    - tsg-diagnose_sync_ca
-    
-- hosts: adc_mcn0
-  remote_user: root
-  roles:
-    - tsg-diagnose_stop_sync
-
-
-- hosts:
-    - adc_mcn0
-    - adc_mcn1
-    - adc_mcn2
-    - adc_mcn3
-  remote_user: root
-  vars_files:
-    - install_config/group_vars/adc_global.yml
-  roles:
-    #- reboot
-
-- hosts: app_global
-  remote_user: root
-  vars_files:
-    - install_config/group_vars/app_global.yml
-  roles:
-    - app_global

install_config/group_vars/adc_global.yml

@@ -1,127 +0,0 @@
-#########################################
-#####1: Inline_device;  2: Allot;  3: ADC_Tun_mode;
-tsg_access_type: 2
-#####2: ADC;
-tsg_running_type: 2
-
-########################################
-#Deploy_finished_reboot
-Deploy_finished_reboot: 0
-
-########################################
-#TSG Cluster Mode
-tsg_cluster_mode: 0
-
-########################################
-#IP Config
-maat_redis_city_server:
-  address: "10.9.62.253"
-  port: 7002
-
-maat_redis_server:
-  address: "192.168.100.1"
-  port: 7002
-  port_num: 1
-  db: 0
-
-dynamic_maat_redis_server:
-  address: "192.168.100.1"
-  port: 7002
-  port_num: 1
-  db: 1
-
-cert_store_server:
-  address: "192.168.100.1"
-  port: 9991
-
-log_kafkabrokers:
-  address: "10.9.61.4:9092,10.9.61.5:9092,10.9.61.6:9092"
-
-telegraf_kafkabrokers:
-  address: "\"10.9.61.4:9092\",\"10.9.61.5:9092\",\"10.9.61.6:9092\""
-
-monitor_outputs_influxdb:
-  url: "http://127.0.0.1:58086"
-
-log_minio:
-  address: "10.9.62.253"
-  port: 9090
-
-#########################################
-#Log Level Config
-#日志等级 10:DEBUG 20:INFO 30:FATAL
-fw_ftp_log_level: 10
-fw_mail_log_level: 10
-fw_http_log_level: 10
-fw_dns_log_level: 10
-fw_quic_log_level: 10
-capture_packet_log_level: 10
-tsg_log_level: 10
-tsg_master_log_level: 10
-kni_log_level: 10
-
-#日志等级 DEBUG INFO FATAL
-tfe_log_level: FATAL
-tfe_http_log_level: FATAL
-pangu_log_level: FATAL
-doh_log_level: FATAL
-
-certstore_log_level: 30
-packet_dump_log_level: 10
-
-#######################################
-#Sapp Performance Config
-#Sapp工作在ADC计算板0时，建议使用如下30+8的配置，以保证更高的处理性能
-sapp:
-  worker_threads: 42
-  send_only_threads_max: 1
-  bind_mask: 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43
-  inbound_route_dir: 1
-
-########################################
-#Kni Config
-kni:
-  global:
-    tfe_node_count: 3
-  watch_dog:
-    switch: 1
-  maat:
-    readconf_mode: 2
-  send_logger:
-    switch: 1
-  tfe_nodes:
-    tfe0_enabled: 1
-    tfe1_enabled: 1
-    tfe2_enabled: 1
-
-########################################
-#Tfe Config
-tfe:
-  nr_threads: 32
-  mirror_enable: 1
-
-########################################
-#Marsio Config
-#marsio工作在ADC计算板时，建议使用如下配置，以保证更高的处理性能
-mrzcpd:
-  iocore: 52,53,54,55
-
-mrtunnat:
-  lcore_id: 48,49,50,51 
-
-#########################################
-#Tsg_app
-tsg_app_enable: 0
-app_global_ip: "1.1.1.1"
-applog_level: 10
-app_master_log_level: 10
-app_sketch_local_log_level: 10
-app_control_plug_log_level: 10
-
-
-breakpad_upload_url: http://10.4.63.4:9000/api/2/minidump/?sentry_key=3556bac347c74585a994eb6823faf5c6
-
-data_center: Kyzylorda
-tsg_master_entrance_id: 9
-nic_mgr: 
-   name: em1

install_config/group_vars/adc_mcn0.yml

@@ -1,41 +0,0 @@
-#########################################
-#Mcn0管理口网卡名
-nic_mgr:
-  name: ens1f3
-
-#########################################
-#Mcn0流量接入网卡，固定配置
-nic_data_incoming:
-  name: ens1f4
-
-#########################################
-#Mcn0其他数据口网卡名配置，固定配置
-nic_inner_ctrl:
-  name: ens1.100
-nic_to_tfe:
-  tfe0:
-      name: ens1f5
-  tfe1:
-      name: ens1f6
-  tfe2:
-      name: ens1f7
-
-#########################################
-#串联设备接入相关配置
-inline_device_config:
-  keepalive_ip: 192.168.1.30
-  keepalive_mask: 255.255.255.252
-
-#########################################
-#Allot接入相关配置
-AllotAccess:
-  #virturlInterface_1: ens1f2.103
-  #virturlInterface_2: ens1f2.104
-  virturlID_1: 1201
-  virturlID_2: 1202
-  virturlID_3: 1301
-  virturlID_4: 1302
-  #vvipv4_mask: 24
-  #vvipv6_mask: 64
- 
-bladename: mcn0

install_config/group_vars/adc_mcn1.yml

@@ -1,19 +0,0 @@
-#########################################
-#Mcn1管理口网卡名
-nic_mgr:
-  name: ens1f3
-
-#########################################
-#Mcn1流量接入网卡，固定配置
-nic_data_incoming:
-  name: ens1f1
-
-#########################################
-#Mcn1其他数据口网卡名配置，固定配置
-nic_inner_ctrl:
-  name: ens1.100
-nic_traffic_mirror:
-  name: ens1f2
-  use_mrzcpd: 1
-
-bladename: mcn1

install_config/group_vars/adc_mcn2.yml

@@ -1,19 +0,0 @@
-#########################################
-#Mcn2管理口网卡名
-nic_mgr:
-  name: ens8f3
-
-#########################################
-#Mcn2流量接入网卡，固定配置
-nic_data_incoming:
-  name: ens8f1
-
-#########################################
-#Mcn2其他数据口网卡名配置，固定配置
-nic_inner_ctrl:
-  name: ens8.100
-nic_traffic_mirror:
-  name: ens8f2
-  use_mrzcpd: 1
-
-bladename: mcn2

install_config/group_vars/adc_mcn3.yml

@@ -1,19 +0,0 @@
-#########################################
-#Mcn3管理口网卡名
-nic_mgr:
-  name: ens8f3
-
-#########################################
-#Mcn3流量接入网卡，固定配置
-nic_data_incoming:
-  name: ens8f1
-
-#########################################
-#Mcn3其他数据口网卡名配置，固定配置
-nic_inner_ctrl:
-  name: ens8.100
-nic_traffic_mirror:
-  name: ens8f2
-  use_mrzcpd: 1
-
-bladename: mcn3

install_config/group_vars/app_global.yml

@@ -1,10 +0,0 @@
-#########################################
-app_sketch_global_log_level: 10
-
-maat_redis_server:
-  address: "192.168.40.168"
-  port: 7002
-  db: 0
-
-file_stat_ip: "1.1.1.1"
-  

install_config/group_vars/mirror_traffic.yml

@@ -0,0 +1,93 @@
+########################################
+#Server Basic Config
+nic_mgr:
+  name: eth0
+
+#########################################
+#IP Config
+maat_redis_server:
+  address: "#Bifang IP#"
+  port: 7002
+  port_num: 1
+  db: 0
+
+dynamic_maat_redis_server:
+  address: "#Bifang IP#"
+  port: 7002
+  port_num: 1
+  db: 1
+
+
+log_kafkabrokers:
+  address: ['1.1.1.1:9092','2.2.2.2:9092']
+
+
+#log_minio:
+#  address: "10.9.62.253"
+#  port: 9090
+
+#########################################
+#Log Level Config
+#日志等级 10:DEBUG 20:INFO 30:FATAL
+fw_voip_log_level: 10
+fw_ftp_log_level: 10
+fw_mail_log_level: 10
+fw_http_log_level: 10
+fw_dns_log_level: 10
+fw_quic_log_level: 10
+app_control_log_level: 10
+capture_packet_log_level: 10
+tsg_log_level: 10
+tsg_master_log_level: 10
+kni_log_level: 10
+
+#日志等级 DEBUG INFO FATAL
+tfe_log_level: FATAL
+tfe_http_log_level: FATAL
+pangu_log_level: FATAL
+doh_log_level: FATAL
+
+certstore_log_level: 10
+packet_dump_log_level: 10
+
+#########################################
+#Sapp Performance Config
+#如果tsg_access_type=0，sapp跑在pcap模式，则以下配置可忽略
+sapp:
+  worker_threads: 23
+  send_only_threads_max: 1
+  bind_mask: 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24
+  inbound_route_dir: 1
+  prometheus_enable: 1
+  prometheus_port: 9273
+  prometheus_url_path: "/metrics"
+
+#########################################
+#Marsio Config
+mrzcpd:
+  iocore: 39
+
+
+#########################################
+#新增配置项,均为默认值不用改
+breakpad_upload_url: http://127.0.0.1:9000/api/2/minidump/?sentry_key=3556bac347c74585a994eb6823faf5c6
+
+data_center: Beijing
+tsg_master_entrance_id: 0
+
+
+firewall:
+  hos_serverip: "192.168.40.223"
+  hos_serverport: 9098
+  hos_accesskeyid: "default"
+  hos_secretkey: "default"
+  hos_poolsize: 100
+  hos_thread_sum: 32
+  hos_cache_size: 102400
+  hos_fs2_serverip: "127.0.0.1"
+  hos_fs2_serverport: 10086
+  APP_SKETCH_BROKER_IP: "192.168.40.161"
+  APP_SKETCH_BROKER_PORT: 1883
+
+
+data_incoming_nic_list: ['eth0', 'eth1']

install_config/group_vars/packet_dump_server.yml

@@ -0,0 +1,22 @@
+nic_mgr:
+  name: eth0
+
+log_kafkabrokers:
+  address: ['1.1.1.1:9092','2.2.2.2:9092']
+
+packet_dump_log_level: 10
+
+breakpad_upload_url: http://127.0.0.1:9000/api/2/minidump/?sentry_key=3556bac347c74585a994eb6823faf5c6
+
+dump_rtp_pcap:
+  aws_access_key_id: "default"
+  aws_secret_access_key: "default"
+  aws_session_token: "c21f969b5f03d33d43e04f8f136e7682"
+  consume_bootstrap_servers: ['192.168.44.14:9092']
+  endpoint_url: "http://192.168.44.67:9098/hos/"
+  produce_bootstrap_servers: "192.168.44.14:9092"
+  queue_size: 5000000
+  coroutine_max_num: 200
+  coroutine_num: 100
+  qfull_mode: 0
+  qfull_interval: 5

install_config/group_vars/server_as_tun_mode.yml

@@ -1,167 +0,0 @@
-#########################################
-#####0: Pcap;  1: Inline_device;  4: ATCA_Vlan_Flipping;  5:ATCA_VXLAN;
-tsg_access_type: 0
-#####0: Tun_mode;  1: normal;
-tsg_running_type: 0
-
-########################################
-#Deploy_finished_reboot
-Deploy_finished_reboot: 0
-
-########################################
-#TSG Cluster Mode
-tsg_cluster_mode: 0
-
-########################################
-#Server Basic Config
-nic_mgr:
-  name: eth0
-
-nic_inner_ctrl:
-  name: eth0.100
-
-#########################################
-#IP Config
-#maat_redis_city_serve相关配置只在部署集群模式时使用
-maat_redis_city_server:
-  address: ""
-  port: 
-
-maat_redis_server:
-  address: "#Bifang IP#"
-  port: 7002
-  port_num: 1
-  db: 0
-
-dynamic_maat_redis_server:
-  address: "#Bifang IP#"
-  port: 7002
-  port_num: 1
-  db: 1
-
-cert_store_server:
-  address: "192.168.100.1"
-  port: 9991
-
-log_kafkabrokers:
-  address: "10.9.61.4:9092,10.9.61.5:9092,10.9.61.6:9092"
-
-telegraf_kafkabrokers:
-  address: "\"10.9.61.4:9092\",\"10.9.61.5:9092\",\"10.9.61.6:9092\""
-
-monitor_outputs_influxdb:
-  url: "http://127.0.0.1:58086"
-
-log_minio:
-  address: "10.9.62.253"
-  port: 9090
-#########################################
-#Log Level Config
-#日志等级 10:DEBUG 20:INFO 30:FATAL
-fw_ftp_log_level: 10
-fw_mail_log_level: 10
-fw_http_log_level: 10
-fw_dns_log_level: 10
-fw_quic_log_level: 10
-capture_packet_log_level: 10
-tsg_log_level: 10
-tsg_master_log_level: 10
-kni_log_level: 10
-
-#日志等级 DEBUG INFO FATAL
-tfe_log_level: FATAL
-tfe_http_log_level: FATAL
-pangu_log_level: FATAL
-doh_log_level: FATAL
-
-certstore_log_level: 10
-packet_dump_log_level: 10
-
-#########################################
-#Sapp Performance Config
-#如果tsg_access_type=0，sapp跑在pcap模式，则以下配置可忽略
-sapp:
-  worker_threads: 23
-  send_only_threads_max: 1
-  bind_mask: 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24
-  inbound_route_dir: 1
-
-#########################################
-#Sapp Double-Arm Config
-packet_io:
-  internal_interface: eth2
-  external_interface: eth3
-
-
-#########################################
-#Kni Config
-kni:
-  global:
-    tfe_node_count: 1
-  watch_dog:
-    switch: 1
-  maat:
-    readconf_mode: 2
-  send_logger:
-    switch: 1
-  tfe_nodes:
-    tfe0_enabled: 1
-    tfe1_enabled: 0
-    tfe2_enabled: 0
-
-#########################################
-#Tfe Config
-tfe:
-  nr_threads: 32
-  mirror_enable: 1
-
-#########################################
-#Marsio Config
-mrzcpd:
-  iocore: 39
-
-mrtunnat:
-  lcore_id: 38
-
-#########################################
-#Tsg_app
-tsg_app_enable: 1
-app_global_ip: "1.1.1.1"
-applog_level: 10
-app_master_log_level: 10
-app_sketch_local_log_level: 10
-app_control_plug_log_level: 10
-
-#########################################
-#ATCA Config
-#下列配置只在tsg_access_type=4时生效
-ATCA_data_incoming:
-  ethname: enp1s0
-  vf0_name: enp1s2
-  vf1_name: enp1s2f1
-  vf2_name: enp1s2f2
-
-ATCA_VlanFlipping:
-  vlanID_1: 100
-  vlanID_2: 101
-  vlanID_3: 103
-  vlanID_4: 104
-
-#下列配置只在tsg_access_type=5时生效
-ATCA_VXLAN:
-  keepalive_ip: "10.254.19.1"
-  keepalive_mask: "255.255.255.252"
-
-#########################################
-#Inline Device Config
-inline_device_config:
-  keepalive_ip: 192.168.1.30
-  keepalive_mask: 255.255.255.252
-  data_incoming: eth5
-
-#########################################
-#新增配置项,均为默认值不用改
-breakpad_upload_url: http://127.0.0.1:9000/api/2/minidump/?sentry_key=3556bac347c74585a994eb6823faf5c6
-
-data_center: Beijing
-tsg_master_entrance_id: 0

install_config/hosts

@@ -1,47 +1,3 @@
-###################
-#   For example   #
-###################
-#变量device_id根据设备序号设置即可
-#变量vvipv4_1、vvipv4_2、vvipv6_1、vvipv6_2为Allot相关配置，其他环境可不填或直接删除变量
-#
-#20.09版本新增APP部署
-#[app_global]
-#0.0.0.0
-#[server-as-tun-mode]
-#1.1.1.1 device_id=device_1
-#
-#[adc_mxn]
-#10.3.72.1
-#10.3.72.2
-#
-#[adc_mcn0]
-#10.3.73.1 device_id=device_1 vvipv4_1=10.3.61.1 vvipv4_2=10.3.62.1 vvipv6_1=fc00::61:1 vvipv6_2=fc00::62:1
-#10.3.73.2 device_id=device_2 vvipv4_1=10.3.61.2 vvipv4_2=10.3.62.2 vvipv6_1=fc00::61:2 vvipv6_2=fc00::62:2
-#
-#[adc_mcn1]
-#10.3.74.1 device_id=device_1
-#10.3.74.2 device_id=device_2
-#
-#[adc_mcn2]
-#10.3.75.1 device_id=device_1
-#10.3.75.2 device_id=device_2
-#
-#[adc_mcn3]
-#10.3.76.1 device_id=device_1
-#10.3.76.2 device_id=device_2
-#[app_global]
-
-#[server-as-tun-mode]
-#p
-#[adc_mxn]
-[adc_mcn0]
-10.9.51.[1:15]
-[adc_mcn1]
-10.9.52.[1:15]
-[adc_mcn2]
-10.9.53.[1:15]
-[adc_mcn3]
-10.9.54.[1:14]
+[mirror_traffic]
 [packet_dump_server]
-10.9.61.3
 

mirror_traffic.yml

@@ -0,0 +1,12 @@
+- hosts: mirror_traffic
+  remote_user: root
+  vars_files:
+    - install_config/group_vars/mirror_traffic.yml
+  roles:
+    - {role: framework, tags: framework}
+    - {role: kernel-ml, tags: kernel-ml}
+    - {role: mrzcpd, tags: mrzcpd}
+    - {role: sapp, tags: sapp}
+    - {role: tsg_master, tags: tsg_master}
+    - {role: firewall, tags: firewall}
+    - {role: telegraf_statistic, tags: telegraf_statistic}

packet_dump_server.yml

@@ -0,0 +1,8 @@
+- hosts: packet_dump_server
+  remote_user: root
+  vars_files:
+    - install_config/group_vars/packet_dump_server.yml
+  roles:
+    - {role: framework, tags: framework}
+    - {role: packet_dump, tags: packet_dump}
+    - {role: dump_rtp_pcap, tags: dump_rtp_pcap}

roles/app_global/tasks/main.yml

@@ -1,36 +0,0 @@
-- name: "copy app_global rpm to destination server"
-  copy:
-    src: "{{ role_path }}/files/"
-    dest: /tmp/ansible_deploy/
-
-- name: "install app rpms from localhost"
-  yum:
-    name:
-      - /tmp/ansible_deploy/emqx-centos7-v4.1.2.x86_64.rpm
-      - /tmp/ansible_deploy/app-sketch-global-1.0.3.202010.a7b2e40-1.el7.x86_64.rpm
-    state: present
-
-- name: "template the app_sketch_global.conf"
-  template:
-    src: "{{ role_path }}/templates/app_sketch_global.conf.j2"
-    dest: /opt/tsg/app-sketch-global/conf/app_sketch_global.conf
-
-- name: "template the zlog.conf"
-  template:
-    src: "{{ role_path }}/templates/zlog.conf.j2"
-    dest: /opt/tsg/app-sketch-global/conf/zlog.conf
-
-- name: "Start emqx"
-  systemd:
-    name: emqx.service
-    state: started
-    enabled: yes
-    daemon_reload: yes
-    
-
-- name: "Start app-sketch-global"
-  systemd:
-    name: app-sketch-global.service
-    state: started
-    enabled: yes
-    daemon_reload: yes

roles/app_global/templates/app_sketch_global.conf.j2

@@ -1,41 +0,0 @@
-[SYSTEM]
-#1:print on screen, 0:don't
-DEBUG_SWITCH = 1
-RUN_LOG_PATH = "conf/zlog.conf"
-
-[breakpad]
-disable_coredump=0
-enable_breakpad=1
-breakpad_minidump_dir=/tmp/app-sketch-global/crashreport
-enable_breakpad_upload=0
-breakpad_upload_url={{ breakpad_upload_url }}
-
-[CONFIG]
-#Number of running threads
-thread-nu = 1
-timeout = 3600
-address="tcp://127.0.0.1:1883"
-topic_name="APP_SIGNATURE_ID"
-client_name="ExampleClientSub"
-
-[maat]
-# 0:json 1: redis 2: iris
-maat_input_mode=1
-table_info=./resource/table_info.conf
-json_cfg_file=./resource/gtest.json
-stat_file=logs/verify-policy.status
-full_cfg_dir=verify-policy/
-inc_cfg_dir=verify-policy/
-
-maat_redis_server={{ maat_redis_server.address }}
-maat_redis_port_range={{ maat_redis_server.port }}
-maat_redis_db_index={{ maat_redis_server.db }}
-effect_interval_s=1
-accept_tags={"tags":[{"tag":"location","value":"Astana"}]}
-
-[stat]
-statsd_server={{ file_stat_ip }}
-statsd_port=8100
-statsd_cycle=5
-# FS_OUTPUT_STATSD=1, FS_OUTPUT_INFLUX_LINE=2
-statsd_format=2

roles/app_global/templates/zlog.conf.j2

@@ -1,12 +0,0 @@
-[global]
-default format = "%d(%c), %V, %F, %U, %m%n"
-[levels]
-DEBUG=10
-INFO=20
-FATAL=30
-[rules]
-*.fatal        "./logs/error.log.%d(%F)";
-*.{{ app_sketch_global_log_level }}		"./logs/app_sketch_global.log.%d(%F)"
-
-
-

roles/cert-redis/files/cert-redis.service

@@ -1,12 +0,0 @@
-[Unit]
-Description=Redis persistent key-value database
-After=network.target
-
-[Service]
-ExecStart=/usr/bin/redis-server /etc/cert-redis.conf --supervised systemd
-ExecStop=/usr/libexec/redis-shutdown cert-redis
-Type=notify
-
-[Install]
-WantedBy=multi-user.target
-

roles/cert-redis/tasks/main.yml

@@ -1,15 +0,0 @@
-- name: "copy cert-redis file to dest"
-  copy:
-    src: "{{ role_path }}/files/"
-    dest: "{{ item.dest }}"
-    mode: "{{ item.mode }}"
-  with_items:
-    - { src: "cert-redis.conf" , dest: "/etc" , mode: "0644" } 
-    - { src: "cert-redis.service" , dest: "/usr/lib/systemd/system" , mode: "0644" }
-
-- name: "start cert-redis"
-  systemd:
-    name: cert-redis.service
-    state: started
-    daemon_reload: yes
-    enabled: yes

roles/certstore/files/memory.conf

@@ -1,2 +0,0 @@
-[Service]
-MemoryMax=10G

roles/certstore/tasks/main.yml

@@ -1,37 +0,0 @@
-- name: "copy certstore rpm to destination"
-  synchronize:
-    src: "{{ role_path }}/files/"
-    dest: "/tmp/ansible_deploy/"
-
-- name: "Ensures /opt/tsg exists"
-  file: path=/opt/tsg state=directory
-  tags: mkdir
-
-- name: "install certstore"
-  yum:
-    name:
-      - /tmp/ansible_deploy/certstore-2.1.3.202010.81eef83-1.el7.x86_64.rpm
-    state: present
-
-- name: "template certstore configure file"
-  template:
-    src: "{{ role_path }}/templates/cert_store.ini.j2"
-    dest: /opt/tsg/certstore/conf/cert_store.ini
-
-- name: "template certstore zlog file"
-  template:
-    src: "{{ role_path }}/templates/zlog.conf.j2"
-    dest: /opt/tsg/certstore/conf/zlog.conf
-
-- name: "copy memory limit file to certstore.service.d"
-  copy:
-    src: "{{ role_path }}/files/memory.conf"
-    dest: /etc/systemd/system/certstore.service.d/
-    mode: 0644
-
-- name: "start certstore"
-  systemd:
-    name: certstore.service
-    state: started
-    enabled: yes
-    daemon_reload: yes

roles/certstore/templates/cert_store.ini.j2

@@ -1,58 +0,0 @@
-[SYSTEM]
-#1:print on screen, 0:don't
-DEBUG_SWITCH = 1
-RUN_LOG_PATH = "conf/zlog.conf"
-
-[breakpad]
-disable_coredump=0
-enable_breakpad=1
-breakpad_minidump_dir=/tmp/certstore/crashreport
-enable_breakpad_upload=1
-breakpad_upload_url= {{ breakpad_upload_url }}
-
-[CONFIG]
-#Number of running threads
-thread-nu = 4
-#1 rsync, 0 sync
-mode=1
-#Local default root certificate is valid for 30 days by default
-expire_after = 30
-#Local default root certificate path
-local_debug = 1
-ca_path = ./cert/tango-ca-v3-trust-ca.pem
-untrusted_ca_path = ./cert/tango-ca-v3-untrust-ca.pem
-
-[MAAT]
-#Configure the load mode,
-#0: using the configuration distribution network
-#1: using local json
-#2: using Redis reads
-maat_json_switch=2
-#When the loading mode is sent to the network, set the scanning configuration modification interval (s).
-effective_interval=1
-#Specify the location of the configuration library table file
-table_info=./conf/table_info.conf
-#Incremental profile path
-inc_cfg_dir=./rule/inc/index
-#Full profile path
-full_cfg_dir=./rule/full/index
-#Json file path when json schema is used
-pxy_obj_keyring=./conf/pxy_obj_keyring.json
-
-[LIBEVENT]
-#Local monitor port number, default is 9991
-port = 9991
-
-[CERTSTORE_REDIS]
-#The Redis server IP address and port number where the certificate is stored locally
-ip = 127.0.0.1
-port = 6379
-
-[MAAT_REDIS]
-#Maat monitors the Redsi server IP address and port number
-ip = {{ maat_redis_server.address }}
-port = {{ maat_redis_server.port }}
-dbindex =  {{ maat_redis_server.db }}
-[stat]
-statsd_server=127.0.0.1
-statsd_port=58100

roles/certstore/templates/zlog.conf.j2

@@ -1,10 +0,0 @@
-[global]
-default format = "%d(%c), %V, %F, %U, %m%n"
-[levels]
-DEBUG=10
-INFO=20
-FATAL=30
-[rules]
-*.fatal        "./logs/error.log.%d(%F)";
-*.{{ certstore_log_level }}        "./logs/certstore.log.%d(%F)"
-

roles/dump_rtp_pcap/tasks/main.yml

@@ -0,0 +1,22 @@
+- name: "dump-rtp-pcap: copy dump-rtp-pcap rpm package to destination"
+  copy:
+    src: "{{ role_path }}/files/"
+    dest: /tmp/ansible_deploy/
+
+- name: "dump-rtp-pcap: install dump-rtp-pcap rpm from localhost"
+  yum:
+    name:
+      - /tmp/ansible_deploy/dump_rtp_pcap-1.0.2.445da24-2.el7.x86_64.rpm
+    state: present
+
+- name: "dump-rtp-pcap: Template the dump_rtp_pcap.json"
+  template:
+    src: "{{ role_path }}/templates/dump_rtp_pcap.json.j2"
+    dest: /home/mesasoft/dump_rtp_pcap/dump_rtp_pcap.json
+  tags: template
+ 
+- name: "start dump_rtp_pcap"
+  systemd:
+    name: dump_rtp_pcap.service
+    enabled: yes
+    daemon_reload: yes

roles/dump_rtp_pcap/templates/dump_rtp_pcap.json.j2

@@ -0,0 +1,23 @@
+{
+    "endian":"little",
+    "aws_access_key_id": "{{ dump_rtp_pcap.aws_access_key_id }}",
+    "aws_secret_access_key": "{{ dump_rtp_pcap.aws_secret_access_key }}",
+    "aws_session_token": "{{ dump_rtp_pcap.aws_session_token }}",
+    "bucket_name": "rtp-log",
+    "consume_auto_offset_reset":"latest",
+    "consume_bootstrap_servers": ["{{ dump_rtp_pcap.consume_bootstrap_servers | join("\",\"") }}"],
+    "consume_topic": "INTERNAL-RTP-LOG",
+    "endpoint_url": "{{ dump_rtp_pcap.endpoint_url }}",
+    "file_prefix":"rtp_log",
+    "group_id": "rtp-log-1",
+    "produce_bootstrap_servers": "{{ dump_rtp_pcap.produce_bootstrap_servers }}",
+    "produce_topic": "VOIP-RECORD-LOG",
+    "region_name": "us-east-1",
+    "save_speed_emit_interval":30,
+    "upload_speed_emit_interval":30,
+    "queue_size":{{ dump_rtp_pcap.queue_size }},
+    "coroutine_max_num":{{ dump_rtp_pcap.coroutine_max_num }},
+    "coroutine_num":{{ dump_rtp_pcap.coroutine_num }},
+    "qfull_mode":{{ dump_rtp_pcap.qfull_mode }},
+    "qfull_interval":{{ dump_rtp_pcap.qfull_interval }}
+}

roles/firewall/tasks/main.yml

@@ -11,21 +11,28 @@
     skip_broken: yes
   vars:
     fw_packages:
-      - /tmp/ansible_deploy/capture_packet_plug-3.0.4.42574b7-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/capture_packet_plug-3.0.6.a2db4a4-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/conn_telemetry-1.0.2.8d6da43-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/dns-2.0.9.b639626-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/dns-2.0.12.e083fec-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/ftp-1.0.8.13d5fda-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/fw_dns_plug-3.0.2.dab58fa-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/fw_dns_plug-3.0.6.57c2feb-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/fw_ftp_plug-3.0.1.0a78573-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/fw_http_plug-3.0.1.0c7e082-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/fw_mail_plug-3.0.1.02465eb-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/fw_quic_plug-3.0.1.b790ee1-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/fw_ssl_plug-3.0.4.a0b19ee-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/fw_http_plug-3.2.5.30df450-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/fw_mail_plug-3.1.1.777fa90-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/fw_quic_plug-3.0.4.947ef77-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/fw_ssl_plug-3.1.1.d9e9de4-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/http-2.0.5.c61ad9a-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/mail-1.0.9.c1d3bde-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/quic-1.1.10.c2b90a0-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/ssl-1.0.9.69f3742-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/tsg_conn_sketch-2.0.6.abb4f4d-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/mail-1.0.11.48abeae-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/quic-1.1.17.8c22b4d-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/ssl-2.0.2.1389716-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/tsg_conn_sketch-2.1.41.906e62b-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/rtp-1.0.4.91b4ab7-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/mesa_sip-1.1.1.0721ead-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/fw_voip_plug-1.0.6.341fe83-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/gtp-1.0.4.8804e43-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/gtp_signaling_plug-1.0.2.2dfced5-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/app_proto_identify-2.0.1.dd683eb-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/app_proto_engine-devel-2.0.4.95a943e-2.el7.x86_64.rpm
 
 - name: "Template the tsgconf/main.conf"
   template:
@@ -40,14 +47,22 @@
     dest: /home/mesasoft/sapp_run/tsgconf/maat.conf
   tags: template
 
-- name: "Template the tsgconf/tsg_log_field.conf"
-  template:
-    src: "{{ role_path }}/templates/tsg_log_field.conf.j2"
-    dest: /home/mesasoft/sapp_run/tsgconf/tsg_log_field.conf
-  tags: template
 
 - name: "Template the conf/capture_packet_plug.conf.j2"
   template:
     src: "{{ role_path }}/templates/capture_packet_plug.conf.j2"
     dest: /home/mesasoft/sapp_run/conf/capture_packet_plug.conf
   tags: template
+
+ 
+- name: "Template the /home/mesasoft/sapp_run/plug/business/tsg_conn_sketch/tsg_conn_sketch.inf"
+  template:
+    src: "{{ role_path }}/templates/tsg_conn_sketch.inf.j2"
+    dest: /home/mesasoft/sapp_run/plug/business/tsg_conn_sketch/tsg_conn_sketch.inf
+  tags: template
+
+- name: "Template the conf/http/http.conf"
+  template:
+    src: "{{ role_path }}/templates/http.conf.j2"
+    dest:  /home/mesasoft/sapp_run/conf/http/http.conf
+  tags: template

roles/firewall/templates/capture_packet_plug.conf.j2

@@ -14,15 +14,13 @@ JSON_CFG_FILE=conf/capture_packet_maat.json
 INC_CFG_DIR=capture_packet_rule/inc/index/
 FULL_CFG_DIR=capture_packet_rule/full/index/
 EFFECTIVE_RANGE_FILE=/opt/tsg/etc/tsg_device_tag.json
-
 ACCEPT_TAGS={"tags":[{"tag":"data_center","value":"{{ data_center }}"}]}
 
 [LOG]
 NIC_NAME={{ nic_mgr.name }}
-BROKER_LIST={{ log_kafkabrokers.address }}
+BROKER_LIST={{ log_kafkabrokers.address | join(",") }}
 FIELD_FILE=conf/capture_packet_log_field.conf
 
 [SYSTEM]
-LOG_LEVEL={{ capture_packet_log_level }}
-LOG_PATH=./tsglog/capture_packet_plug/capture_packet
-
+LOG_LEVEL=30
+LOG_PATH=./tsglog/capture_packet_plug/capture_packet

roles/firewall/templates/http.conf.j2

@@ -0,0 +1,43 @@
+#http_special
+#all regions
+1	HTTP_ALL
+2	HTTP_OTHER_REGIONS
+#http state
+3	HTTP_STATE
+4	HTTP_REQ_LINE
+5	HTTP_RES_LINE	
+6	HTTP_CONTENT            
+7	HTTP_UNGZIP_CONTENT
+8	HTTP_MESSAGE_URL
+9	HTTP_URI
+#http_request
+10	HTTP_HOST
+11	HTTP_REFERER
+12	HTTP_USER_AGENT
+13	HTTP_COOKIE
+14	HTTP_PROXY_AUTHORIZATION
+15	HTTP_AUTHORIZATION
+#http_response
+16	HTTP_LOCATION
+17	HTTP_SERVER
+18	HTTP_ETAG
+#http_general
+19	HTTP_DATE
+20	HTTP_TRAILER
+21	HTTP_TRANSFER_ENCODING
+22	HTTP_VIA
+23	HTTP_PRAGMA
+24	HTTP_CONNECTION
+#http_content
+25	HTTP_CONT_ENCODING
+26	HTTP_CONT_LANGUAGE
+27	HTTP_CONT_LOCATION
+28	HTTP_CONT_DISPOSITION
+29	HTTP_CONT_RANGE
+30	HTTP_CONT_LENGTH
+31	HTTP_CONT_TYPE
+32	HTTP_CHARSET
+33	HTTP_EXPIRES
+34	HTTP_X_FLASH_VERSION
+35	HTTP_TRANSFER_LENGTH
+36	Set-Cookie

roles/firewall/templates/maat.conf.j2

@@ -32,5 +32,37 @@ INC_CFG_DIR=tsgrule/inc/index/
 FULL_CFG_DIR=tsgrule/full/index/
 EFFECTIVE_RANGE_FILE=/opt/tsg/etc/tsg_device_tag.json
 
+[APP_SIGNATURE_MAAT]
+MAAT_MODE=2
+STAT_SWITCH=1
+PERF_SWITCH=1
+TABLE_INFO=tsgconf/app_sketch_tableinfo.conf
+STAT_FILE=app_sketch_maat.status
+EFFECT_INTERVAL_S=1
+REDIS_IP={{ maat_redis_server.address }}
+REDIS_PORT_NUM={{ maat_redis_server.port_num }}
+REDIS_PORT={{ maat_redis_server.port }}
+REDIS_INDEX={{ maat_redis_server.db }}
+JSON_CFG_FILE=tsgconf/app_sketch_maat.json
+INC_CFG_DIR=tsgrule/inc/index/
+FULL_CFG_DIR=tsgrule/full/index/
+EFFECTIVE_RANGE_FILE=/opt/tsg/etc/tsg_device_tag.json
+
+[CAPTURE]
+MAAT_MODE=2
+STAT_SWITCH=1
+PERF_SWITCH=1
+TABLE_INFO=tsgconf/app_sketch_tableinfo.conf
+STAT_FILE=app_sketch_maat.status
+EFFECT_INTERVAL_S=1
+REDIS_IP={{ maat_redis_server.address }}
+REDIS_PORT_NUM={{ maat_redis_server.port_num }}
+REDIS_PORT={{ maat_redis_server.port }}
+REDIS_INDEX={{ maat_redis_server.db }}
+JSON_CFG_FILE=tsgconf/app_sketch_maat.json
+INC_CFG_DIR=tsgrule/inc/index/
+FULL_CFG_DIR=tsgrule/full/index/
+EFFECTIVE_RANGE_FILE=/opt/tsg/etc/tsg_device_tag.json
+
 [MAAT]
 ACCEPT_TAGS={"tags":[{"tag":"data_center","value":"{{ data_center }}"}]}

roles/firewall/templates/main.conf.j2

@@ -1,3 +1,10 @@
+[VOIP_PLUG]
+TIMEOUT=300
+LOG_PATH="./tsglog/fw_voip_plug/fw_voip_plug"
+LOG_LEVEL={{ fw_voip_log_level }}
+TABLE_TO=TSG_FIELD_SIP_RESPONDER_DESCRIPTION
+TABLE_FROM=TSG_FIELD_SIP_ORIGINATOR_DESCRIPTION
+
 [FTP_PLUG]
 LOG_PATH="./tsglog/fw_ftp_plug/fw_ftp_plug"
 LOG_LEVEL={{ fw_ftp_log_level }}
@@ -20,6 +27,10 @@ LOG_LEVEL={{ fw_dns_log_level }}
 LOG_PATH="./tsglog/fw_quic_plug/fw_quic_plug"
 LOG_LEVEL={{ fw_quic_log_level }}
 
+[CONTROL_PLUG]
+LOG_PATH="./tsglog/app_control_plug/app_control_plug"
+LOG_LEVEL={{ app_control_log_level }}
+
 [MAAT]
 PROFILE="./tsgconf/maat.conf"
 SUBSCRIBER_ID_TABLE="TSG_OBJ_SUBSCRIBER_ID"
@@ -32,7 +43,7 @@ NIC_NAME="{{ nic_mgr.name }}"
 MAX_SERVICE=1
 LOG_LEVEL={{ tsg_log_level }}
 LOG_PATH="./tsglog/tsglog"
-BROKER_LIST="{{ log_kafkabrokers.address }}"
+BROKER_LIST="{{ log_kafkabrokers.address | join(",") }}"
 COMMON_FIELD_FILE="tsgconf/tsg_log_field.conf"
 
 [STATISTIC]
@@ -50,8 +61,43 @@ OUTPUT_PATH="./tsg_stat.log"
 APP_NAME="tsg_master"
 
 [SYSTEM]
+NIC_NAME="{{ nic_mgr.name }}"
 ENTRANCE_ID={{ tsg_master_entrance_id }}
 LOG_LEVEL={{ tsg_master_log_level }}
 LOG_PATH="./tsglog/tsg_master"
 POLICY_PRIORITY_LABEL="POLICY_PRIORITY"
+L7_PROTOCOL_FILE="./tsgconf/tsg_l7_protocol.conf"
 DEVICE_ID_COMMAND="hostname | awk -F'-' '{print $3}'| awk -F'adc' '{print $2}'"
+
+[TSG_CONN_SKETCH]
+log_service=2
+live_service=6
+transaction_service=7
+live_service_switch=1
+transaction_service_switch=1
+live_intervals_time = 30
+
+[HOS_CONF]
+hos_serverip="{{ firewall.hos_serverip }}"
+hos_serverport={{ firewall.hos_serverport }}
+hos_accesskeyid="default"
+hos_secretkey="default"
+hos_poolsize=100
+hos_thread_sum=32
+hos_cache_size=102400
+hos_fs2_serverip="127.0.0.1"
+hos_fs2_serverport=10086
+
+[APP_SKETCH_LOCAL]
+LOG_LEVEL=10
+LOG_PATH="./tsglog/app_sketch_local/app_sketch_local"
+
+[APP_SKETCH_FEEDBACK]
+QOS=1
+PUBLISH_TOPIC="APP_SIGNATURE_ID"
+#CLIENT_ID=
+BROKER_IP="{{ firewall.APP_SKETCH_BROKER_IP }}"
+BROKER_PORT="{{ firewall.APP_SKETCH_BROKER_PORT }}"
+
+[APP_PROTO_ENGINE]
+license_path=/data/app_proto_engine/license

roles/firewall/templates/tsg_conn_sketch.inf.j2

@@ -0,0 +1,46 @@
+[PLUGINFO]
+PLUGNAME=TSG_CONN_SKETCH
+SO_PATH=./plug/business/tsg_conn_sketch/tsg_conn_sketch.so
+INIT_FUNC=tsg_conn_record_init
+DESTROY_FUNC=tsg_conn_record_destroy
+
+
+[TCP]
+FUNC_FLAG=ALL
+FUNC_NAME=tsg_record_tcp_entry
+
+[TCP_ALL]
+FUNC_FLAG=ALL
+FUNC_NAME=tsg_record_tcpall_entry
+
+[UDP]
+FUNC_FLAG=ALL
+FUNC_NAME=tsg_record_udp_entry
+
+[HTTP]
+FUNC_FLAG=ALL
+FUNC_NAME=tsg_record_http_entry
+
+[SSL]
+FUNC_FLAG=SSL_CLIENT_HELLO,SSL_SERVER_HELLO,SSL_APPLICATION_DATA,SSL_CERTIFICATE_DETAIL
+FUNC_NAME=tsg_record_ssl_entry
+
+[DNS]
+FUNC_FLAG=ALL
+FUNC_NAME=tsg_record_dns_entry
+
+[MAIL]
+FUNC_FLAG=ALL
+FUNC_NAME=tsg_record_mail_entry
+
+[RTP]
+FUNC_FLAG=ALL
+FUNC_NAME=tsg_record_rtp_entry
+
+[SIP]
+FUNC_FLAG=ALL
+FUNC_NAME=tsg_record_sip_entry
+
+[FTP]
+FUNC_FLAG=ALL
+FUNC_NAME=tsg_record_ftp_entry

roles/firewall/templates/tsg_log_field.conf.j2

@@ -1,52 +0,0 @@
-#TYPE：1:UCHAR,2:USHORT,3:ULONG,4:ULOG,5:USTRING,6:FILE,7:UBASE64,8:PACKET
-#TYPE	TOPIC	SERVICE
-TOPIC	SECURITY-EVENT-LOG	0
-TOPIC	CONNECTION-RECORD-LOG	1
-TOPIC	CONNECTION-SKETCH	2
-
-#TYPE		FIELD		VALUE
-LONG   		common_policy_id	1
-LONG   		common_service		2
-LONG   		common_action		3
-LONG   		common_start_time	4
-LONG   		common_end_time		5
-STRING		common_l4_protocol	6
-LONG   		common_address_type	7
-STRING		common_server_ip	8
-STRING		common_client_ip	9
-LONG   		common_server_port	10
-LONG   		common_client_port	11
-LONG   		common_stream_dir	12
-STRING		common_address_list	13
-LONG   		common_entrance_id	14	
-LONG   		common_device_id	15	
-LONG   		common_link_id		16	
-STRING		common_isp		17	
-LONG   		common_encapsulation	18	
-LONG   		common_direction	19	
-STRING		common_sled_ip		20	
-STRING		common_user_tags	21
-STRING		common_user_region	22
-STRING		common_app_label	23
-LONG		common_app_id		24
-LONG		common_protocol_id	25
-LONG		common_c2s_pkt_num	26
-LONG		common_s2c_pkt_num	27
-LONG		common_c2s_byte_num	28
-LONG		common_s2c_byte_num	29	
-LONG		common_con_duration_ms	30
-LONG		common_has_dup_traffic	31
-STRING		common_stream_error	32
-STRING		common_stream_trace_id	33
-STRING		common_schema_type	34
-STRING		http_host		35
-STRING		ssl_sni			36
-LONG		common_establish_latency_ms	37
-STRING		common_sub_action		38
-STRING		common_client_asn	39
-STRING		common_server_asn	40
-STRING		common_client_location	41
-STRING		common_server_location	42
-STRING		quic_sni			43
-STRING		ssl_ja3_fingerprint		44
-STRING		common_data_center	45

roles/framework/tasks/main.yml

@@ -12,19 +12,25 @@
     packages:
       - /tmp/ansible_deploy/libcjson-1.7.10.ab2896f-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/libdocumentanalyze-2.0.6.2d1abe0-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/libmaatframe-3.1.3.4fbcf21-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/libmaatframe-3.2.1.8bf48ba-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/libMESA_field_stat-1.0.2.6d45eed-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/libMESA_field_stat2-2.9.4.4e2dd78-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/libMESA_handle_logger-2.0.7.cb4ad71-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/libMESA_field_stat2-2.9.10.72ac4f1-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/libMESA_handle_logger-2.0.8.f76af2f-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/libMESA_htable-3.10.12.cf4ccfc-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/libMESA_prof_load-1.0.6.c6da36a-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/librdkafka-0.11.4-1.el7.x86_64.rpm
-      - /tmp/ansible_deploy/librulescan-2.2.1.1716a7b-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/librulescan-2.2.3.93a68a2-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/libtsglua-1.0.8.0dbf2e6-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/libwiredcfg-2.0.6.67ae0ab-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/libWiredLB-2.0.5.4629165-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/lz4-1.7.5-3.el7.x86_64.rpm
       - /tmp/ansible_deploy/libbreakpad_mini-1.0.2.a56ef00-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/libaws-c-common-1.0.3.fa2adf0-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/libaws-c-event-stream-1.0.6.67fd944-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/libaws-checksums-1.0.6.8b09ac1-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/libaws-cpp-sdk-core-1.0.8.a3fe079-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/libaws-cpp-sdk-s3-2.0.0.f3c33ea-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/libhos-client-cpp-1.0.26.a8573f5-2.el7.x86_64.rpm
 
 - name: "mkdir /etc/ld.so.conf.d/"
   file:
@@ -38,3 +44,9 @@
 
 - name: "update ld"
   command: ldconfig
+
+- name: "copy maat_redis_tool to destination"
+  copy:
+    src: "{{ role_path }}/files/maat_redis_tool"
+    dest: /opt/MESA/bin/
+    mode: 0755

roles/http_healthcheck/tasks/main.yml

@@ -1,10 +0,0 @@
-- name: "copy http_healthcheck rpm to destination server"
-  copy:
-    src: "{{ role_path }}/files/"
-    dest: /tmp/ansible_deploy/
-
-- name: "install http_healthcheck from localhost"
-  yum:
-    name:
-      - /tmp/ansible_deploy/http_healthcheck-20.04-1.el7.x86_64.rpm
-    state: present

roles/kernel-ml/tasks/main.yml

@@ -20,25 +20,6 @@
   command: /usr/sbin/grub2-set-default 0
   when: t_kernel_ml.changed
 
-- name: "copy /etc/default/grub"
-  copy:
-    src: "{{ role_path }}/files/grub"
-    dest: "/etc/default"
-  when: 
-    - tsg_access_type == 4
-    - t_kernel_ml.changed
-
-- name: "BIOS:grub2-mkconfig"
-  shell: grub2-mkconfig -o /boot/grub2/grub.cfg
-  when:
-    - tsg_access_type == 4
-    - t_kernel_ml.changed
-
-- name: "UEFI:grub2-mkconfig"
-  shell: grub2-mkconfig  -o /boot/efi/EFI/centos/grub.cfg
-  when:
-    - tsg_access_type == 4
-    - t_kernel_ml.changed
 
 #- name: "reboot"
 #  reboot:

roles/kni/tasks/main.yml

@@ -1,24 +0,0 @@
----
-- name: "copy kni to destination server"
-  copy:
-    src: "{{ role_path }}/files/"
-    dest: /tmp/ansible_deploy/
-
-- name: "install kni rpms from localhost"
-  yum:
-    name:
-      - /tmp/ansible_deploy/kni-20.10.20201024.a43de2a-2.el7.x86_64.rpm
-    state: present
-#    skip_broken: yes
-
-- name: Template the kni.conf
-  template:
-    src: "{{ role_path }}/templates/kni.conf.j2"
-    dest: /home/mesasoft/sapp_run/etc/kni/kni.conf
-  tags: template
- 
-- name: "enable sapp"
-  systemd:
-    name: sapp
-    enabled: yes
-    daemon_reload: yes

roles/kni/templates/kni.conf.j2

@@ -1,144 +0,0 @@
-[global]
-log_path = ./log/kni/kni.log
-log_level = {{ kni_log_level }}
-tfe_node_count = {{ kni.global.tfe_node_count }}
-manage_eth = {{ nic_mgr.name }}
-{% if tsg_running_type != 2 %}
-deploy_mode = tun
-{% else %}
-deploy_mode = normal
-{% endif %}
-tun_name = tun_kni
-src_mac_addr = 00:0e:c6:d6:72:c1
-dst_mac_addr = fe:65:b7:03:50:bd
-{% if tsg_access_type == 4 %}
-[tfe0]
-enabled = 1
-dev_eth_symbol = {{ ATCA_data_incoming.vf1_name }}
-ip_addr = 192.168.100.1
-{% elif tsg_running_type == 2 %}
-[tfe0]
-enabled = {{ kni.tfe_nodes.tfe0_enabled }}
-dev_eth_symbol = {{ nic_to_tfe.tfe0.name }}
-ip_addr = 192.168.100.2
-
-[tfe1]
-enabled = {{ kni.tfe_nodes.tfe1_enabled }}
-dev_eth_symbol = {{ nic_to_tfe.tfe1.name }}
-ip_addr = 192.168.100.3
-
-[tfe2]
-enabled = {{ kni.tfe_nodes.tfe2_enabled }}
-dev_eth_symbol = {{ nic_to_tfe.tfe2.name }}
-ip_addr = 192.168.100.4
-{% endif %}
-
-[tfe_cmsg_receiver]
-listen_eth = {{ nic_inner_ctrl.name }}
-listen_port = 2475
-
-[watch_dog]
-switch = {{ kni.watch_dog.switch }}
-listen_eth = {{ nic_inner_ctrl.name }}
-listen_port = 2476
-keepalive_idle = 2
-keepalive_intvl = 1
-keepalive_cnt = 3
-
-[marsio]
-appsym = knifw
-
-[dup_traffic]
-switch = 1
-action = 2
-capacity = 10000000
-error_rate = 0.00001
-expiry_time = 60
-
-[traceid2pme_htable]
-mho_screen_print_ctrl = 0
-mho_thread_safe = 1
-mho_mutex_num = 160
-mho_hash_slot_size = 640000
-mho_hash_max_element_num = 2560000
-mho_expire_time = 30
-mho_eliminate_type = LRU
-
-#per thread
-[tuple2stream_htable]
-mho_screen_print_ctrl = 0
-mho_thread_safe = 0
-mho_mutex_num = 160
-mho_hash_slot_size = 80000
-mho_hash_max_element_num = 320000
-mho_expire_time = 0
-mho_eliminate_type = LRU
-
-[field_stat]
-remote_switch = 1
-remote_ip = 127.0.0.1
-remote_port = 58100
-local_path = ./fs2_kni.status
-stat_cycle = 1
-print_mode = 1
-# 1:FS_OUTPUT_STATSD; 2:FS_OUTPUT_INFLUX_LINE
-statsd_format = 2
-APP_NAME = fs2_kni
-
-#self test Shunt rules security policy id
-[tsg_diagnose]
-enabled = 1
-security_policy_id = 3,10
-
-
-[ssl_dynamic_bypass]
-enabled = 1
-
-#kni dynamic bypass
-[traceid2sslinfo_htable]
-mho_screen_print_ctrl = 0
-mho_thread_safe = 1
-mho_mutex_num = 160
-mho_hash_slot_size = 80000
-mho_hash_max_element_num = 320000
-mho_expire_time = 300
-mho_eliminate_type = FIFO
-
-[sslinfo2bypass_htable]
-mho_screen_print_ctrl = 0
-mho_thread_safe = 1
-mho_mutex_num = 160
-mho_hash_slot_size = 640000
-mho_hash_max_element_num = 2560000
-mho_expire_time = 300
-mho_eliminate_type = FIFO
-
-[proxy_tcp_option]
-enabled = 1
-maat_table_compile = PXY_TCP_OPTION_COMPILE
-maat_table_addr = PXY_TCP_OPTION_ADDR
-maat_table_fqdn = PXY_TCP_OPTION_SERVER_FQDN
-enable_override = 0
-client_tcp_maxseg_enable = 0
-client_tcp_maxseg = 1460
-client_tcp_nodelay =  1
-client_tcp_ttl = 70
-client_tcp_keepalive_enable = 1
-client_tcp_keepalive_keepcnt = 8
-client_tcp_keepalive_keepidle = 30
-client_tcp_keepalive_keepintvl = 15
-client_tcp_user_timeout = 600
-server_tcp_maxseg_enable = 0
-server_tcp_maxseg = 1460
-server_tcp_nodelay = 1
-server_tcp_ttl = 75
-server_tcp_keepalive_enable = 1
-server_tcp_keepalive_keepcnt = 8
-server_tcp_keepalive_keepidle = 30
-server_tcp_keepalive_keepintvl = 15
-server_tcp_user_timeout = 600
-bypass_duplicated_packet = 0
-tcp_passthrough = 0
-
-[share_session_attribute]
-SESSION_ATTRIBUTE_LABEL=TSG_MASTER_INTERNAL_LABEL

roles/maat-redis/files/maat-redis.service

@@ -1,12 +0,0 @@
-[Unit]
-Description=Redis persistent key-value database
-After=network.target
-
-[Service]
-ExecStart=/usr/bin/redis-server /etc/maat-redis.conf --supervised systemd
-ExecStop=/usr/libexec/redis-shutdown maat-redis
-Type=notify
-
-[Install]
-WantedBy=multi-user.target
-

roles/maat-redis/tasks/main.yml

@@ -1,21 +0,0 @@
-- name: "copy maat-redis file to dest"
-  copy:
-    src: "{{ role_path }}/files/maat-redis.service"
-    dest: "/usr/lib/systemd/system"
-    mode: 0644
-  when: tsg_cluster_mode == 1
-
-- name: "Template the maat-redis.conf"
-  template:
-    src: "{{ role_path }}/templates/maat-redis.conf.j2"
-    dest: /etc/maat-redis.conf
-  tags: template
-  when: tsg_cluster_mode == 1
-
-- name: "start maat-redis"
-  systemd:
-    name: maat-redis.service
-    state: started
-    daemon_reload: yes
-    enabled: yes
-  when: tsg_cluster_mode == 1

roles/mrzcpd/files/memory.conf

@@ -1,2 +0,0 @@
-[Service]
-MemoryMax=100G

roles/mrzcpd/tasks/main.yml

@@ -6,7 +6,7 @@
 
 - name: "install mrzcpd"
   yum:
-    name: /tmp/ansible_deploy/mrzcpd-4.3.28.2d13de4-1.el7.x86_64.rpm
+    name: /tmp/ansible_deploy/mrzcpd-4.4.5.cebe25a-1.el7.x86_64.rpm
     state: present
 
 - name: "update sysconfig/mrzcpd"
@@ -18,169 +18,33 @@
   template:
     src: "{{ role_path }}/templates/traffic_mirror/mrglobal.conf.traffic_mirror.j2"
     dest: /opt/mrzcpd/etc/mrglobal.conf
-  when: nic_traffic_mirror is defined
-
-
-- name: "copy mrapp.sapp4.conf to destination server"
-  template:
-    src: "{{ role_path }}/templates/mrapp.sapp4.conf "
-    dest: /opt/mrzcpd/etc/mrapp.sapp4.conf 
-  when: 
-    - tsg_access_type == 4
-
-- name: "update mrglobal.conf.adc_inline"
-  template:
-    src: "{{ role_path }}/templates/adc_inline/mrglobal.conf.adc_inline.j2"
-    dest: /opt/mrzcpd/etc/mrglobal.conf
-  when: 
-    - nic_traffic_mirror is not defined
-    - tsg_access_type == 1
-    - tsg_running_type == 2
-
-- name: "update mrglobal.conf.server_inline"
-  template:
-    src: "{{ role_path }}/templates/server_inline/mrglobal.conf.server_inline.j2"
-    dest: /opt/mrzcpd/etc/mrglobal.conf
-  when: 
-    - nic_traffic_mirror is not defined
-    - tsg_access_type == 1
-    - tsg_running_type != 2
-
-- name: "update mrglobal.conf.allot - mcn0"
-  template:
-    src: "{{ role_path }}/templates/allot_access/mrglobal.conf.allot_access.j2"
-    dest: /opt/mrzcpd/etc/mrglobal.conf
-  when: 
-    - nic_traffic_mirror is not defined
-    - tsg_access_type == 2
-
-- name: "update mrglobal.conf.adc_tun_mode - mcn0"
-  template:
-    src: "{{ role_path }}/templates/adc_tun_mode/mrglobal.conf.adc_tun_mode.j2"
-    dest: /opt/mrzcpd/etc/mrglobal.conf
-  when: 
-    - nic_traffic_mirror is not defined
-    - tsg_access_type == 3
-
-
-- name: "update mrglobal.conf.ATCA_Vlan_Flipping"
-  template:
-    src: "{{ role_path }}/templates/ATCA_Vlan_Flipping/mrglobal.conf.ATCA_Vlan_Flipping.j2"
-    dest: /opt/mrzcpd/etc/mrglobal.conf
-  when: 
-    - nic_traffic_mirror is not defined
-    - tsg_access_type == 4
-
-- name: "update mrglobal.conf.ATCA_VXLAN"
-  template:
-    src: "{{ role_path }}/templates/ATCA_VXLAN/mrglobal.conf.ATCA_VXLAN.j2"
-    dest: /opt/mrzcpd/etc/mrglobal.conf
-  when:
-    - nic_traffic_mirror is not defined
-    - tsg_access_type == 5
-
-- name: "update mrtunnat.conf.adc_inline"
-  template:
-    src: "{{ role_path }}/templates/adc_inline/mrtunnat.conf.adc_inline.j2"
-    dest: /opt/mrzcpd/etc/mrtunnat.conf
-  when: 
-    - nic_traffic_mirror is not defined
-    - tsg_access_type == 1
-    - tsg_running_type == 2 
-
-- name: "update mrtunnat.conf.server_inline"
-  template:
-    src: "{{ role_path }}/templates/server_inline/mrtunnat.conf.server_inline.j2"
-    dest: /opt/mrzcpd/etc/mrtunnat.conf
-  when: 
-    - nic_traffic_mirror is not defined
-    - tsg_access_type == 1
-    - tsg_running_type != 2 
-
-- name: "update mrtunnat.conf.allot_access - mcn0"
-  template:
-    src: "{{ role_path }}/templates/allot_access/mrtunnat.conf.allot_access.j2"
-    dest: /opt/mrzcpd/etc/mrtunnat.conf
-  when: 
-    - nic_traffic_mirror is not defined
-    - tsg_access_type == 2
-
-- name: "update mrtunnat.conf.adc_tun_mode - mcn0"
-  template:
-    src: "{{ role_path }}/templates/adc_tun_mode/mrtunnat.conf.adc_tun_mode.j2"
-    dest: /opt/mrzcpd/etc/mrtunnat.conf
-  when: 
-    - nic_traffic_mirror is not defined
-    - tsg_access_type == 3
-
-- name: "update mrtunnat.conf.ATCA_Vlan_Flipping"
-  template:
-    src: "{{ role_path }}/templates/ATCA_Vlan_Flipping/mrtunnat.conf.ATCA_Vlan_Flipping.j2"
-    dest: /opt/mrzcpd/etc/mrtunnat.conf
-  when: 
-    - nic_traffic_mirror is not defined
-    - tsg_access_type == 4
-
-- name: "update mrtunnat.conf.ATCA_VXLAN"
-  template:
-    src: "{{ role_path }}/templates/ATCA_VXLAN/mrtunnat.conf.ATCA_VXLAN.j2"
-    dest: /opt/mrzcpd/etc/mrtunnat.conf
-  when:
-    - nic_traffic_mirror is not defined
-    - tsg_access_type == 5
 
 - name: "enable mrenv"
   systemd:
     name: mrenv
     enabled: yes
     daemon_reload: yes
-  when: 
-    - tsg_access_type != 0
 
 - name: "enable mrzcpd"
   systemd:
     name: mrzcpd
     enabled: yes
     daemon_reload: yes
-  when: 
-    - tsg_access_type != 0
 
-- name: "enable mrtunnat on master"
+- name: "enable prometheus output - monit_device"
   systemd:
-    name: mrtunnat
+    name: mrapm_device
+    enabled: yes
+    daemon_reload: yes
+
+- name: "enable prometheus output - monit_stream"
+  systemd:
+    name: mrapm_stream
     enabled: yes
     daemon_reload: yes
-  when: 
-    - nic_traffic_mirror is not defined
-    - tsg_access_type != 0
 
 - name: "disable mrtunnat on slave"
   systemd:
     name: mrtunnat
     enabled: no
     daemon_reload: yes
-  when: nic_traffic_mirror is defined
-
-- name: "copy memory limit file to tfe.service.d"
-  copy:
-    src: "{{ role_path }}/files/memory.conf"
-    dest: /etc/systemd/system/mrzcpd.service.d/
-    mode: 0644
-
-- name: "mask mrzcpd on server_tun_mode"
-  systemd:
-    name: mrzcpd
-    enabled: no
-    masked: yes
-    daemon_reload: yes
-  when: 
-    - tsg_access_type == 0
-
-- name: "mask mrtunnat on server_tun_mode"
-  systemd:
-    name: mrtunnat
-    enabled: no
-    masked: yes
-    daemon_reload: yes
-  when: 
-    - tsg_access_type == 0

roles/mrzcpd/templates/ATCA_VXLAN/mrglobal.conf.ATCA_VXLAN.j2

@@ -1,57 +0,0 @@
-[device]
-device={{ATCA_data_incoming.vf0_name}},{{ ATCA_data_incoming.vf1_name }},vxlan_user,vxlan_fwd
-sz_tunnel=8192
-sz_buffer=32
-
-[device:{{ATCA_data_incoming.vf0_name}}]
-mtu=4096
-clear_tx_flags=1
-hw_strip_crc=1
-in_addr={{ ATCA_VXLAN.keepalive_ip }}
-in_mask={{ ATCA_VXLAN.keepalive_mask }}
-#rssmode=3
-
-[device:{{ ATCA_data_incoming.vf1_name }}]
-mtu=4096
-clear_tx_flags=1
-vlan-filter=1
-vlan-strip=1
-vlan-id-allow=4095
-vlan-pvid=0
-vlan-pvid-mode=2
-hw_strip_crc=1
-sz_tunnel=8192
-sz_buffer=0
-
-[service]
-# lcore id for i/o service, use comma to split
-iocore={{ mrzcpd.iocore }}
-distmode=1
-hashmode=0
-idle_threshold=10000
-
-[eal]
-virtaddr=0x7f40c4a00000
-loglevel=7
-
-[keepalive]
-check_spinlock=0
-
-[ctrlzone]
-ctrlzone0=tunnat,64
-
-[pool]
-create_mode=3
-sz_direct_pktmbuf=4194304
-sz_indirect_pktmbuf=8192
-sz_cache=256
-sz_data=4096
-
-[forward]
-nr_forward_rule=6
-forward_rule_0=pv,{{ATCA_data_incoming.vf0_name}},{{ATCA_data_incoming.vf0_name}}
-forward_rule_1=vp,{{ATCA_data_incoming.vf0_name}},{{ATCA_data_incoming.vf0_name}}
-forward_rule_2=vv,vxlan_fwd,vxlan_user
-forward_rule_3=vv,vxlan_user,vxlan_fwd
-forward_rule_4=pv,{{ ATCA_data_incoming.vf1_name }},{{ ATCA_data_incoming.vf1_name }}
-forward_rule_5=vp,{{ ATCA_data_incoming.vf1_name }},{{ ATCA_data_incoming.vf1_name }}

roles/mrzcpd/templates/ATCA_VXLAN/mrtunnat.conf.ATCA_VXLAN.j2

@@ -1,20 +0,0 @@
-[tunnat]
-lcore_id={{ mrtunnat.lcore_id }}
-appsym=tunnat
-phydev={{ATCA_data_incoming.vf0_name}}
-virtdev=vxlan_fwd
-nr_max_sessions=524280
-nr_slots=1048576
-expire_time=60
-reverse_tunnel=0
-use_recent_tunnel=0
-use_link_info_table=1
-use_tuple4_as_sskey=0
-ctrlzone_addr_info_type=2
-idle_threshold=10000
-
-[vlan_flipping]
-enable=0
-c_router_vlan_id_0=1000
-i_router_vlan_id_0=1001
-en_mac_flipping_0=0

roles/mrzcpd/templates/ATCA_Vlan_Flipping/mrglobal.conf.ATCA_Vlan_Flipping.j2

@@ -1,60 +0,0 @@
-[device]
-device={{ATCA_data_incoming.vf0_name}},{{ ATCA_data_incoming.vf1_name }},vxlan_user,vxlan_fwd
-sz_tunnel=8192
-sz_buffer=32
-
-[device:{{ATCA_data_incoming.vf0_name}}]
-mtu=4096
-clear_tx_flags=1
-vlan-filter=1
-vlan-strip=1
-vlan-id-allow={{ ATCA_VlanFlipping.vlanID_1 }},{{ ATCA_VlanFlipping.vlanID_2 }},{{ ATCA_VlanFlipping.vlanID_3 }},{{ ATCA_VlanFlipping.vlanID_4 }}
-vlan-pvid=0
-vlan-pvid-mode=2
-hw_strip_crc=1
-#rssmode=3
-
-[device:{{ ATCA_data_incoming.vf1_name }}]
-mtu=4096
-clear_tx_flags=1
-vlan-filter=1
-vlan-strip=1
-vlan-id-allow=4095
-vlan-pvid=0
-vlan-pvid-mode=2
-hw_strip_crc=1
-sz_tunnel=8192
-sz_buffer=0
-
-[service]
-# lcore id for i/o service, use comma to split
-iocore={{ mrzcpd.iocore }}
-distmode=1
-hashmode=0
-idle_threshold=10000
-
-[eal]
-virtaddr=0x7f40c4a00000
-loglevel=7
-
-[keepalive]
-check_spinlock=0
-
-[ctrlzone]
-ctrlzone0=tunnat,64
-
-[pool]
-create_mode=3
-sz_direct_pktmbuf=4194304
-sz_indirect_pktmbuf=8192
-sz_cache=256
-sz_data=4096
-
-[forward]
-nr_forward_rule=6
-forward_rule_0=pv,{{ATCA_data_incoming.vf0_name}},{{ATCA_data_incoming.vf0_name}}
-forward_rule_1=vp,{{ATCA_data_incoming.vf0_name}},{{ATCA_data_incoming.vf0_name}}
-forward_rule_2=vv,vxlan_fwd,vxlan_user
-forward_rule_3=vv,vxlan_user,vxlan_fwd
-forward_rule_4=pv,{{ ATCA_data_incoming.vf1_name }},{{ ATCA_data_incoming.vf1_name }}
-forward_rule_5=vp,{{ ATCA_data_incoming.vf1_name }},{{ ATCA_data_incoming.vf1_name }}

roles/mrzcpd/templates/ATCA_Vlan_Flipping/mrtunnat.conf.ATCA_Vlan_Flipping.j2

@@ -1,23 +0,0 @@
-[tunnat]
-lcore_id={{ mrtunnat.lcore_id }}
-appsym=tunnat
-phydev={{ATCA_data_incoming.vf0_name}}
-virtdev=vxlan_fwd
-nr_max_sessions=524280
-nr_slots=1048576
-expire_time=60
-reverse_tunnel=0
-use_recent_tunnel=0
-use_link_info_table=1
-use_tuple4_as_sskey=0
-ctrlzone_addr_info_type=2
-idle_threshold=10000
-
-[vlan_flipping]
-enable=1
-c_router_vlan_id_0={{ ATCA_VlanFlipping.vlanID_1 }}
-i_router_vlan_id_0={{ ATCA_VlanFlipping.vlanID_2 }}
-en_mac_flipping_0=0
-c_router_vlan_id_1={{ ATCA_VlanFlipping.vlanID_3 }}
-i_router_vlan_id_1={{ ATCA_VlanFlipping.vlanID_4 }}
-en_mac_flipping_1=0

roles/mrzcpd/templates/adc_inline/mrglobal.conf.adc_inline.j2

@@ -1,67 +0,0 @@
-[device]
-device={{nic_data_incoming.name}},{{nic_to_tfe.tfe0.name}},{{nic_to_tfe.tfe1.name}},{{nic_to_tfe.tfe2.name}},vxlan_user,vxlan_fwd
-sz_tunnel=8192
-sz_buffer=0
-
-[device:{{nic_data_incoming.name}}]
-in_addr={{inline_device_config.keepalive_ip}}
-in_mask={{inline_device_config.keepalive_mask}}
-jumbo_frame=1
-max_rx_pkt_len=15360
-clear_tx_flags=1
-vlan-filter=1
-vlan-id-allow=1000,1001,4000,4001
-
-[device:{{nic_to_tfe.tfe0.name}}]
-jumbo_frame=1
-max_rx_pkt_len=15360
-clear_tx_flags=1
-promisc=1
-
-[device:{{nic_to_tfe.tfe1.name}}]
-jumbo_frame=1
-max_rx_pkt_len=15360
-clear_tx_flags=1
-promisc=1
-
-[device:{{nic_to_tfe.tfe2.name}}]
-jumbo_frame=1
-max_rx_pkt_len=15360
-clear_tx_flags=1
-promisc=1
-
-[service]
-# lcore id for i/o service, use comma to split
-iocore={{ mrzcpd.iocore }}
-distmode=2
-hashmode=0
-
-[eal]
-virtaddr=0x7f40c4a00000
-loglevel=7
-
-[keepalive]
-check_spinlock=0
-
-[ctrlzone]
-ctrlzone0=tunnat,64
-
-[pool]
-create_mode=3
-sz_direct_pktmbuf=4194304
-sz_indirect_pktmbuf=8192
-sz_cache=256
-sz_data=4096
-
-[forward]
-nr_forward_rule=10
-forward_rule_0=pv,{{nic_data_incoming.name}},{{nic_data_incoming.name}}
-forward_rule_1=vp,{{nic_data_incoming.name}},{{nic_data_incoming.name}}
-forward_rule_2=vv,vxlan_fwd,vxlan_user
-forward_rule_3=vv,vxlan_user,vxlan_fwd
-forward_rule_4=pv,{{nic_to_tfe.tfe0.name}},{{nic_to_tfe.tfe0.name}}
-forward_rule_5=vp,{{nic_to_tfe.tfe0.name}},{{nic_to_tfe.tfe0.name}}
-forward_rule_6=pv,{{nic_to_tfe.tfe1.name}},{{nic_to_tfe.tfe1.name}}
-forward_rule_7=vp,{{nic_to_tfe.tfe1.name}},{{nic_to_tfe.tfe1.name}}
-forward_rule_8=pv,{{nic_to_tfe.tfe2.name}},{{nic_to_tfe.tfe2.name}}
-forward_rule_9=vp,{{nic_to_tfe.tfe2.name}},{{nic_to_tfe.tfe2.name}}