Upload New File

# Conflicts:
#	roles/sapp/tasks/main.yml

更新firewall相关RPM包

deploy.yml

@@ -9,6 +9,7 @@
   roles:
     - framework
     - kernel-ml
+    - telegraf_collect
 
 - hosts: adc_mxn
   remote_user: root
@@ -114,6 +115,7 @@
     - cert-redis
     - tfe
     - telegraf_statistic
+    - telegraf_collect
     - proxy_status
 #    - tsg_device_tag
     - reboot

install_config/group_vars/adc_global.yml

@@ -107,3 +107,5 @@ app_control_plug_log_level: 10
 
 
 breakpad_upload_url: http://127.0.0.1/
+
+tsg_master_entrance_id: 0

install_config/group_vars/server_as_tun_mode.yml

@@ -60,7 +60,7 @@ pangu_log_level: DEBUG
 doh_log_level: DEBUG
 
 certstore_log_level: 10
-clotho_log_level: 10
+packet_dump_log_level: 10
 
 #########################################
 #Sapp Performance Config

roles/app_global/tasks/main.yml

@@ -7,7 +7,7 @@
   yum:
     name:
       - /tmp/ansible_deploy/emqx-centos7-v4.1.2.x86_64.rpm
-      - /tmp/ansible_deploy/app-sketch-global-1.0.2.20200918.ab44d17-1.el7.x86_64.rpm
+      - /tmp/ansible_deploy/app-sketch-global-1.0.3.202010.a7b2e40-1.el7.x86_64.rpm
     state: present
 
 - name: "template the app_sketch_global.conf"
@@ -25,9 +25,12 @@
     name: emqx.service
     state: started
     enabled: yes
+    daemon_reload: yes
+    
 
 - name: "Start app-sketch-global"
   systemd:
     name: app-sketch-global.service
     state: started
     enabled: yes
+    daemon_reload: yes

roles/certstore/files/memory.conf

@@ -0,0 +1,2 @@
+[Service]
+MemoryMax=10G

roles/certstore/tasks/main.yml

@@ -10,7 +10,7 @@
 - name: install certstore
   yum:
     name:
-      - /tmp/ansible_deploy/certstore-2.1.2.20200923.a36312c-1.el7.x86_64.rpm
+      - /tmp/ansible_deploy/certstore-2.1.3.202010.81eef83-1.el7.x86_64.rpm
     state: present
 
 - name: template certstore configure file
@@ -23,6 +23,12 @@
     src: "{{ role_path }}/templates/zlog.conf.j2"
     dest: /opt/tsg/certstore/conf/zlog.conf
 
+- name: "copy memory limit file to certstore.service.d"
+  copy:
+    src: "{{ role_path }}/files/memory.conf"
+    dest: /etc/systemd/system/certstore.service.d/
+    mode: 0644
+
 - name: "start certstore"
   systemd:
     name: certstore.service

roles/kni/tasks/main.yml

@@ -7,8 +7,9 @@
 - name: "install kni rpms from localhost"
   yum:
     name:
-      - /tmp/ansible_deploy/kni-20.10.20201014.6d458ba-1.el7.x86_64.rpm
+      - /tmp/ansible_deploy/kni-20.10.20201019.3f20d93-2.el7.x86_64.rpm
     state: present
+    skip_broken: yes
 
 - name: Template the kni.conf
   template:

roles/mrzcpd/files/memory.conf

@@ -0,0 +1,2 @@
+[Service]
+MemoryMax=100G

roles/mrzcpd/tasks/main.yml

@@ -161,12 +161,18 @@
     daemon_reload: yes
   when: nic_traffic_mirror is defined
 
+- name: "copy memory limit file to tfe.service.d"
+  copy:
+    src: "{{ role_path }}/files/memory.conf"
+    dest: /etc/systemd/system/mrzcpd.service.d/
+    mode: 0644
 
 - name: "mask mrzcpd on server_tun_mode"
   systemd:
     name: mrzcpd
     enabled: no
     masked: yes
+    daemon_reload: yes
   when: 
     - tsg_access_type == 0
 
@@ -175,5 +181,6 @@
     name: mrtunnat
     enabled: no
     masked: yes
+    daemon_reload: yes
   when: 
     - tsg_access_type == 0

roles/packet_dump/files/packet_dump.service

@@ -0,0 +1,19 @@
+[Unit]
+Description=packet dump service
+After=After=network.target
+
+[Service]
+Type=fork
+WorkingDirectory=/home/mesasoft/packet_dump
+ExecStart=/home/mesasoft/packet_dump/packet_dump
+TimeoutSec=60s
+RestartSec=10s
+Restart=always
+LimitNOFILE=524288
+LimitNPROC=infinity
+LimitCORE=infinity
+TasksMax=infinity
+Delegate=yes
+
+[Install]
+WantedBy=multi-user.target

roles/packet_dump/templates/packet_dump.conf.j2

@@ -11,4 +11,4 @@ disable_coredump=0
 enable_breakpad=1
 breakpad_minidump_dir=/tmp/packet_dump/crashreport
 enable_breakpad_upload=0
-breakpad_upload_url={{ breakpad_upload }}
+breakpad_upload_url={{ breakpad_upload_url }}

roles/proxy_status/tasks/main.yml

@@ -14,7 +14,7 @@
   copy:
     src: "{{ role_path }}/files/proxy-status.service"
     dest: "/usr/lib/systemd/system/"   
-    mode: 0755  
+    mode: 0644
 
 - name: "enable proxy-status"
   systemd:

roles/sapp/files/memory.conf

@@ -0,0 +1,2 @@
+[Service]
+MemoryMax=100G

roles/sapp/templates/conflist.inf.j2

@@ -11,7 +11,7 @@
 {% endif %}
 ./plug/platform/tsg_master/tsg_master.inf
 {% if tsg_app_enable == 1 %}
-./plug/business/app_proto_identify/app_proto_identify.inf
+./plug/platform/app_proto_identify/app_proto_identify.inf
 ./plug/platform/app_master/app_master.inf
 {% endif %}
 
@@ -24,6 +24,8 @@
 ./plug/protocol/quic/quic.inf
 
 [business]
+./plug/business/tsg_conn_sketch/tsg_conn_sketch.inf
+./plug/business/capture_packet_plug/capture_packet_plug.inf
 ./plug/business/kni/kni.inf
 ./plug/business/fw_ssl_plug/fw_ssl_plug.inf
 ./plug/business/fw_http_plug/fw_http_plug.inf
@@ -31,8 +33,7 @@
 ./plug/business/fw_mail_plug/fw_mail_plug.inf
 ./plug/business/fw_ftp_plug/fw_ftp_plug.inf
 ./plug/business/fw_quic_plug/fw_quic_plug.inf
-./plug/business/tsg_conn_sketch/tsg_conn_sketch.inf
+./plug/business/conn_telemetry/conn_telemetry.inf
-./plug/business/capture_packet_plug/capture_packet_plug.inf
 {% if tsg_app_enable == 1 %}
 ./plug/business/app_sketch_local/app_sketch_local.inf
 ./plug/business/app_control_plug/app_control_plug.inf

roles/telegraf_collect/tasks/main.yml

@@ -19,7 +19,7 @@
   copy:
     src: "{{ role_path }}/files/telegraf_collect.service"
     dest: /usr/lib/systemd/system
-    mode: 0755
+    mode: 0644
 
 - name: "Start telegraf_collect"
   systemd:

roles/telegraf_collect/templates/telegraf_collect.conf.j2

@@ -1,5 +1,5 @@
 [global_tags]
-	blade = {{bladename}}
+	blade = "{{bladename}}"
 [agent]
 	interval = "5s"
 	round_interval = true

roles/telegraf_statistic/tasks/main.yml

@@ -19,10 +19,11 @@
   copy:
     src: "{{ role_path }}/files/telegraf_statistic.service"
     dest: /usr/lib/systemd/system
-    mode: 0755
+    mode: 0644
 
 - name: "Start telegraf"
   systemd:
     name: telegraf_statistic.service
     state: started
     enabled: yes
+    daemon_reload: yes

roles/telegraf_statistic/templates/telegraf_statistic.conf.j2

@@ -56,4 +56,4 @@
 
 [[outputs.influxdb]]
    urls = ["{{ monitor_outputs_influxdb.url }}"]
-   database = "tsg_stat
+   database = "tsg_stat"

roles/tfe/files/memory.conf

@@ -0,0 +1,2 @@
+[Service]
+MemoryMax=100G

roles/tfe/tasks/main.yml

@@ -8,13 +8,13 @@
   copy:
     src: "{{ role_path }}/files/tfe.service"
     dest: /usr/lib/systemd/system/
-    mode: 0755
+    mode: 0644
  
 - name: "install tfe rpms from localhost"
   yum:
     name:
       - /tmp/ansible_deploy/tfe-kmod-v1.0.5.20200408-1dkms.noarch.rpm
-      - /tmp/ansible_deploy/tfe-4.3.12.be94218-1.el7.x86_64.rpm
+      - /tmp/ansible_deploy/tfe-4.3.14.13d2607-1.el7.x86_64.rpm
     state: present
 
 - name: "template tfe-env config"
@@ -63,6 +63,12 @@
     src: "{{ role_path }}/templates/require-mrzcpd.conf.j2"
     dest: /etc/systemd/system/tfe.service.d/require-mrzcpd.conf
 
+- name: "copy memory limit file to tfe.service.d"
+  copy:
+    src: "{{ role_path }}/files/memory.conf"
+    dest: /etc/systemd/system/tfe.service.d/
+    mode: 0644
+
 - name: "enable tfe-env"
   systemd:
     name: tfe-env

roles/tsg-diagnose/files/memory.conf

@@ -0,0 +1,2 @@
+[Service]
+MemoryMax=100G

roles/tsg-diagnose/tasks/main.yml

@@ -28,6 +28,12 @@
 - name: "tsg-diagnose init certs"
   shell: /bin/sh /opt/tsg/tsg-diagnose/deploy/init_certs/init_badssl_certs.sh
 
+- name: "copy memory limit file to tsg-diagnose.service.d"
+  copy:
+    src: "{{ role_path }}/files/memory.conf"
+    dest: /etc/systemd/system/tsg-diagnose.service.d/
+    mode: 0644
+
 - name: 'Tsg-diagnose service start'
   systemd:
     name: tsg-diagnose

roles/tsg-diagnose_sync_ca/tasks/main.yml

@@ -2,5 +2,5 @@
   shell: rsync -avzP --delete 192.168.100.1::blade0toother /tmp/sync/
 
 - name: "tsg-diagnose: add badssl ca file to tfe tls-ca-bundle"
-  shell: cat /tmp/sync/ca-root.crt >> /opt/tsg/tfe/resource/tfe/tsg_diagnose_ca.pem && cat /tmp/sync/wpr_cert.pem >> /opt/tsg/tfe/resource/tfe/tsg_diagnose_ca.pem
+  shell: cat /tmp/sync/ca-root.crt > /opt/tsg/tfe/resource/tfe/tsg_diagnose_ca.pem && cat /tmp/sync/wpr_cert.pem >> /opt/tsg/tfe/resource/tfe/tsg_diagnose_ca.pem
 

uninstall/roles/packet_dump/tasks/main.yml

@@ -0,0 +1,16 @@
+####################
+#Uninstall packet_dump
+- name: "[uninstall packet_dump] stop packet_dump"
+  systemd:
+    name: packet_dump
+    state: stopped
+    enabled: no
+  when: uninstall.packet_dump == 1
+  ignore_errors: true
+
+- name: "[uninstall packet_dump] uninstall packet_dump"
+  yum:
+    name:
+      - "{{ packet_dump }}"
+    state: absent
+  when: uninstall.packet_dump == 1

uninstall/rpm_list.sh

@@ -41,6 +41,7 @@ tfe=`rpm -qa |grep ^tfe-4`
 tfe_kmod=`rpm -qa |grep ^tfe-kmod`
 http_healthcheck=`rpm -qa |grep ^http_healthcheck`
 clotho=`rpm -qa |grep ^clotho`
+packet_dump=`rpm -qa |grep ^packet_dump`
 certstore=`rpm -qa |grep ^certstore`
 
 
@@ -125,6 +126,9 @@ http_healthcheck: $http_healthcheck
 #clotho
 clotho: $clotho
 
+#packet_dump
+packet_dump: $packet_dump
+
 #####################
 #certstore
 certstore: $certstore

uninstall/uninstall_tsg.yml

@@ -17,6 +17,7 @@
     - certstore
     - cert_redis
     - clotho
+    - packet_dump
     - http_healthcheck
     - framework
     - telegraf_statistic
@@ -45,6 +46,7 @@
     - certstore
     - cert_redis
     - clotho
+    - packet_dump
     - http_healthcheck
     - framework
     - telegraf_statistic