app-sketch-global升级

deploy.yml

@@ -9,6 +9,7 @@
   roles:
     - framework
     - kernel-ml
+    - telegraf_collect
 
 - hosts: adc_mxn
   remote_user: root
@@ -114,6 +115,7 @@
     - cert-redis
     - tfe
     - telegraf_statistic
+    - telegraf_collect
     - proxy_status
 #    - tsg_device_tag
     - reboot

install_config/group_vars/server_as_tun_mode.yml

@@ -60,7 +60,7 @@ pangu_log_level: DEBUG
 doh_log_level: DEBUG
 
 certstore_log_level: 10
-clotho_log_level: 10
+packet_dump_log_level: 10
 
 #########################################
 #Sapp Performance Config

roles/app_global/tasks/main.yml

@@ -7,7 +7,7 @@
   yum:
     name:
       - /tmp/ansible_deploy/emqx-centos7-v4.1.2.x86_64.rpm
-      - /tmp/ansible_deploy/app-sketch-global-1.0.2.20200918.ab44d17-1.el7.x86_64.rpm
+      - /tmp/ansible_deploy/app-sketch-global-1.0.3.202010.a7b2e40-1.el7.x86_64.rpm
     state: present
 
 - name: "template the app_sketch_global.conf"
@@ -25,9 +25,12 @@
     name: emqx.service
     state: started
     enabled: yes
+    daemon_reload: yes
+    
 
 - name: "Start app-sketch-global"
   systemd:
     name: app-sketch-global.service
     state: started
     enabled: yes
+    daemon_reload: yes

roles/certstore/files/memory.conf

@@ -0,0 +1,2 @@
+[Service]
+MemoryMax=10G

roles/certstore/tasks/main.yml

@@ -10,7 +10,7 @@
 - name: install certstore
   yum:
     name:
-      - /tmp/ansible_deploy/certstore-2.1.2.20200923.a36312c-1.el7.x86_64.rpm
+      - /tmp/ansible_deploy/certstore-2.1.3.202010.81eef83-1.el7.x86_64.rpm
     state: present
 
 - name: template certstore configure file
@@ -23,6 +23,12 @@
     src: "{{ role_path }}/templates/zlog.conf.j2"
     dest: /opt/tsg/certstore/conf/zlog.conf
 
+- name: "copy memory limit file to certstore.service.d"
+  copy:
+    src: "{{ role_path }}/files/memory.conf"
+    dest: /etc/systemd/system/certstore.service.d/
+    mode: 0644
+
 - name: "start certstore"
   systemd:
     name: certstore.service

roles/firewall/tasks/main.yml

@@ -11,7 +11,7 @@
     skip_broken: yes
   vars:
     fw_packages:
-      - /tmp/ansible_deploy/capture_packet_plug-3.0.4.42574b7-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/capture_packet_plug-3.0.3.cc6f3cf-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/conn_telemetry-1.0.2.8d6da43-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/dns-2.0.9.b639626-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/ftp-1.0.8.13d5fda-2.el7.x86_64.rpm

roles/firewall/templates/main.conf.j2

@@ -1,57 +1,55 @@
 [FTP_PLUG]
-LOG_PATH="./tsglog/fw_ftp_plug/fw_ftp_plug"
+LOG_PATH=./tsglog/fw_ftp_plug/fw_ftp_plug
 LOG_LEVEL={{ fw_ftp_log_level }}
 TIMEOUT=600
 
 [MAIL_PLUG]
-LOG_PATH="./tsglog/fw_mail_plug/fw_mail_plug"
+LOG_PATH=./tsglog/fw_mail_plug/fw_mail_plug
 LOG_LEVEL={{ fw_mail_log_level }}
 TIMEOUT=600
 
 [HTTP_PLUG]
-LOG_PATH="./tsglog/fw_http_plug/fw_http_plug"
+LOG_PATH=./tsglog/fw_http_plug/fw_http_plug
 LOG_LEVEL={{ fw_http_log_level }}
 
 [DNS_PLUG]
-LOG_PATH="./tsglog/fw_dns_plug/fw_dns_plug"
+LOG_PATH=./tsglog/fw_dns_plug/fw_dns_plug
 LOG_LEVEL={{ fw_dns_log_level }}
 
 [QUIC_PLUG]
-LOG_PATH="./tsglog/fw_quic_plug/fw_quic_plug"
+LOG_PATH=./tsglog/fw_quic_plug/fw_quic_plug
 LOG_LEVEL={{ fw_quic_log_level }}
 
 [MAAT]
-PROFILE="./tsgconf/maat.conf"
-SUBSCRIBER_ID_TABLE="TSG_OBJ_SUBSCRIBER_ID"
-CB_SUBSCRIBER_IP_TABLE="TSG_DYN_SUBSCRIBER_IP"
-IP_ADDR_TABLE="TSG_SECURITY_ADDR"
+PROFILE=./tsgconf/maat.conf
+SUBSCRIBER_ID_TABLE=TSG_OBJ_SUBSCRIBER_ID
+CB_SUBSCRIBER_IP_TABLE=TSG_DYN_SUBSCRIBER_IP
+IP_ADDR_TABLE=TSG_SECURITY_ADDR
 
 [TSG_LOG]
 MODE=1
-NIC_NAME="{{ nic_mgr.name }}"
+NIC_NAME={{ nic_mgr.name }}
 MAX_SERVICE=1
 LOG_LEVEL={{ tsg_log_level }}
-LOG_PATH="./tsglog/tsglog"
-BROKER_LIST="{{ log_kafkabrokers.address }}"
-COMMON_FIELD_FILE="tsgconf/tsg_log_field.conf"
+LOG_PATH=./tsglog/tsglog
+BROKER_LIST={{ log_kafkabrokers.address }}
+COMMON_FIELD_FILE=tsgconf/tsg_log_field.conf
 
 [STATISTIC]
 CYCLE=5
 TELEGRAF_PORT=8100
-TELEGRAF_IP="127.0.0.1"
-OUTPUT_PATH="./tsg_statistic.log"
-APP_NAME="statistic"
+TELEGRAF_IP=127.0.0.1
+OUTPUT_PATH=./tsg_statistic.log
+APP_NAME=statistic
 
 [FIELD_STAT]
 CYCLE=5
 TELEGRAF_PORT=8100
-TELEGRAF_IP="127.0.0.1"
-OUTPUT_PATH="./tsg_stat.log"
-APP_NAME="tsg_master"
+TELEGRAF_IP=127.0.0.1
+OUTPUT_PATH=./tsg_stat.log
+APP_NAME=tsg_master
 
 [SYSTEM]
-ENTRANCE_ID={{ tsg_master_entrance_id }}
 LOG_LEVEL={{ tsg_master_log_level }}
-LOG_PATH="./tsglog/tsg_master"
-POLICY_PRIORITY_LABEL="POLICY_PRIORITY"
-DEVICE_ID_COMMAND="hostname | awk -F'-' '{print $3}'| awk -F'ADC' '{print $2}'"
+LOG_PATH=./tsglog/tsg_master
+POLICY_PRIORITY_LABEL=POLICY_PRIORITY

roles/framework/tasks/main.yml

@@ -12,7 +12,7 @@
     packages:
       - /tmp/ansible_deploy/libcjson-1.7.10.ab2896f-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/libdocumentanalyze-2.0.6.2d1abe0-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/libmaatframe-3.1.3.4fbcf21-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/libmaatframe-3.1.1.b6ea144-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/libMESA_field_stat-1.0.2.6d45eed-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/libMESA_field_stat2-2.9.4.4e2dd78-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/libMESA_handle_logger-2.0.7.cb4ad71-2.el7.x86_64.rpm
@@ -24,7 +24,7 @@
       - /tmp/ansible_deploy/libwiredcfg-2.0.6.67ae0ab-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/libWiredLB-2.0.5.4629165-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/lz4-1.7.5-3.el7.x86_64.rpm
-      - /tmp/ansible_deploy/libbreakpad_mini-1.0.2.a56ef00-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/libbreakpad_mini-1.0.1.cb61125-2.el7.x86_64.rpm
 
 - name: "mkdir /etc/ld.so.conf.d/"
   file:

roles/kni/tasks/main.yml

@@ -7,7 +7,7 @@
 - name: "install kni rpms from localhost"
   yum:
     name:
-      - /tmp/ansible_deploy/kni-20.10.20201014.6d458ba-1.el7.x86_64.rpm
+      - /tmp/ansible_deploy/kni-20.10.20201019.3f20d93-2.el7.x86_64.rpm
     state: present
 
 - name: Template the kni.conf

roles/mrzcpd/files/memory.conf

@@ -0,0 +1,2 @@
+[Service]
+MemoryMax=100G

roles/mrzcpd/tasks/main.yml

@@ -161,12 +161,18 @@
     daemon_reload: yes
   when: nic_traffic_mirror is defined
 
+- name: "copy memory limit file to tfe.service.d"
+  copy:
+    src: "{{ role_path }}/files/memory.conf"
+    dest: /etc/systemd/system/mrzcpd.service.d/
+    mode: 0644
 
 - name: "mask mrzcpd on server_tun_mode"
   systemd:
     name: mrzcpd
     enabled: no
     masked: yes
+    daemon_reload: yes
   when: 
     - tsg_access_type == 0
 
@@ -175,5 +181,6 @@
     name: mrtunnat
     enabled: no
     masked: yes
+    daemon_reload: yes
   when: 
     - tsg_access_type == 0

roles/packet_dump/files/packet_dump.service

@@ -0,0 +1,19 @@
+[Unit]
+Description=packet dump service
+After=After=network.target
+
+[Service]
+Type=fork
+WorkingDirectory=/home/mesasoft/packet_dump
+ExecStart=/home/mesasoft/packet_dump/packet_dump
+TimeoutSec=60s
+RestartSec=10s
+Restart=always
+LimitNOFILE=524288
+LimitNPROC=infinity
+LimitCORE=infinity
+TasksMax=infinity
+Delegate=yes
+
+[Install]
+WantedBy=multi-user.target

roles/packet_dump/tasks/main.yml

@@ -1,6 +1,6 @@
 - name: "copy packet_dump rpm to destination server"
   copy:
-    src: "{{ role_path }}/files/packet_dump-1.0.4.82e85d1-2.el7.x86_64.rpm"
+    src: "{{ role_path }}/files/packet_dump-1.0.3.a3f1a99-2.el7.x86_64.rpm"
     dest: /tmp/ansible_deploy/
 
 - name: "copy  packet_dump.service to destination server"
@@ -12,7 +12,7 @@
 - name: "install packet_dump rpm from localhost"
   yum:
     name:
-      - /tmp/ansible_deploy/packet_dump-1.0.4.82e85d1-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/packet_dump-1.0.3.a3f1a99-2.el7.x86_64.rpm
     state: present
 
 - name: "Template the packet_dump.conf"

roles/packet_dump/templates/packet_dump.conf.j2

@@ -11,4 +11,4 @@ disable_coredump=0
 enable_breakpad=1
 breakpad_minidump_dir=/tmp/packet_dump/crashreport
 enable_breakpad_upload=0
-breakpad_upload_url={{ breakpad_upload }}
+breakpad_upload_url={{ breakpad_upload_url }}

roles/proxy_status/tasks/main.yml

@@ -14,7 +14,7 @@
   copy:
     src: "{{ role_path }}/files/proxy-status.service"
     dest: "/usr/lib/systemd/system/"   
-    mode: 0755  
+    mode: 0644
 
 - name: "enable proxy-status"
   systemd:

roles/sapp/files/memory.conf

@@ -0,0 +1,2 @@
+[Service]
+MemoryMax=100G

roles/sapp/tasks/main.yml

@@ -13,7 +13,7 @@
 - name: "install sapp rpms from localhost"
   yum:
     name:
-      - /tmp/ansible_deploy/sapp-4.1.13.ed89137-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/sapp-4.1.12.b8f6ea4-2.el7.x86_64.rpm
     state: present
     skip_broken: yes
 
@@ -51,7 +51,13 @@
   template:
     src: "{{ role_path }}/templates/sapp.service.j2"
     dest: /usr/lib/systemd/system/sapp.service
-    mode: 0755
+    mode: 0644
+
+- name: "copy memory limit file to sapp.service.d"
+  copy:
+    src: "{{ role_path }}/files/memory.conf"
+    dest: /etc/systemd/system/sapp.service.d/
+    mode: 0644
 
 - name: "enable sapp"
   systemd:

roles/telegraf_collect/tasks/main.yml

@@ -19,7 +19,7 @@
   copy:
     src: "{{ role_path }}/files/telegraf_collect.service"
     dest: /usr/lib/systemd/system
-    mode: 0755
+    mode: 0644
 
 - name: "Start telegraf_collect"
   systemd:

roles/telegraf_collect/templates/telegraf_collect.conf.j2

@@ -1,5 +1,5 @@
 [global_tags]
-	blade = {{bladename}}
+	blade = "{{bladename}}"
 [agent]
 	interval = "5s"
 	round_interval = true

roles/telegraf_statistic/tasks/main.yml

@@ -19,10 +19,11 @@
   copy:
     src: "{{ role_path }}/files/telegraf_statistic.service"
     dest: /usr/lib/systemd/system
-    mode: 0755
+    mode: 0644
 
 - name: "Start telegraf"
   systemd:
     name: telegraf_statistic.service
     state: started
     enabled: yes
+    daemon_reload: yes

roles/telegraf_statistic/templates/telegraf_statistic.conf.j2

@@ -56,4 +56,4 @@
 
 [[outputs.influxdb]]
    urls = ["{{ monitor_outputs_influxdb.url }}"]
-   database = "tsg_stat
+   database = "tsg_stat"

roles/tfe/files/memory.conf

@@ -0,0 +1,2 @@
+[Service]
+MemoryMax=100G

roles/tfe/tasks/main.yml

@@ -8,13 +8,13 @@
   copy:
     src: "{{ role_path }}/files/tfe.service"
     dest: /usr/lib/systemd/system/
-    mode: 0755
+    mode: 0644
  
 - name: "install tfe rpms from localhost"
   yum:
     name:
       - /tmp/ansible_deploy/tfe-kmod-v1.0.5.20200408-1dkms.noarch.rpm
-      - /tmp/ansible_deploy/tfe-4.3.12.be94218-1.el7.x86_64.rpm
+      - /tmp/ansible_deploy/tfe-4.3.14.13d2607-1.el7.x86_64.rpm
     state: present
 
 - name: "template tfe-env config"
@@ -63,6 +63,12 @@
     src: "{{ role_path }}/templates/require-mrzcpd.conf.j2"
     dest: /etc/systemd/system/tfe.service.d/require-mrzcpd.conf
 
+- name: "copy memory limit file to tfe.service.d"
+  copy:
+    src: "{{ role_path }}/files/memory.conf"
+    dest: /etc/systemd/system/tfe.service.d/
+    mode: 0644
+
 - name: "enable tfe-env"
   systemd:
     name: tfe-env

roles/tsg-diagnose/files/memory.conf

@@ -0,0 +1,2 @@
+[Service]
+MemoryMax=100G

roles/tsg-diagnose/tasks/main.yml

@@ -28,6 +28,12 @@
 - name: "tsg-diagnose init certs"
   shell: /bin/sh /opt/tsg/tsg-diagnose/deploy/init_certs/init_badssl_certs.sh
 
+- name: "copy memory limit file to tsg-diagnose.service.d"
+  copy:
+    src: "{{ role_path }}/files/memory.conf"
+    dest: /etc/systemd/system/tsg-diagnose.service.d/
+    mode: 0644
+
 - name: 'Tsg-diagnose service start'
   systemd:
     name: tsg-diagnose

roles/tsg_app/tasks/main.yml

@@ -13,7 +13,7 @@
     app_packages:
       - /tmp/ansible_deploy/app_master-1.0.5.5a4fb22-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/app_control_plug-1.0.3.447fc53-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/app_proto_identify-1.0.5.5c5342a-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/app_proto_identify-1.0.4.fd3ac1a-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/app_sketch_local-1.0.4.0edaf58-2.el7.x86_64.rpm
   when: tsg_app_enable == 1
 

roles/tsg_master/tasks/main.yml

@@ -6,6 +6,6 @@
 - name: "install tsg_master from localhost"
   yum:
     name:
-      - /tmp/ansible_deploy/tsg_master-3.3.4.d27a197-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/tsg_master-3.3.3.46322d0-2.el7.x86_64.rpm
     state: present
     skip_broken: yes

uninstall/roles/packet_dump/tasks/main.yml

@@ -0,0 +1,16 @@
+####################
+#Uninstall packet_dump
+- name: "[uninstall packet_dump] stop packet_dump"
+  systemd:
+    name: packet_dump
+    state: stopped
+    enabled: no
+  when: uninstall.packet_dump == 1
+  ignore_errors: true
+
+- name: "[uninstall packet_dump] uninstall packet_dump"
+  yum:
+    name:
+      - "{{ packet_dump }}"
+    state: absent
+  when: uninstall.packet_dump == 1

uninstall/rpm_list.sh

@@ -41,6 +41,7 @@ tfe=`rpm -qa |grep ^tfe-4`
 tfe_kmod=`rpm -qa |grep ^tfe-kmod`
 http_healthcheck=`rpm -qa |grep ^http_healthcheck`
 clotho=`rpm -qa |grep ^clotho`
+packet_dump=`rpm -qa |grep ^packet_dump`
 certstore=`rpm -qa |grep ^certstore`
 
 
@@ -125,6 +126,9 @@ http_healthcheck: $http_healthcheck
 #clotho
 clotho: $clotho
 
+#packet_dump
+packet_dump: $packet_dump
+
 #####################
 #certstore
 certstore: $certstore

uninstall/uninstall_tsg.yml

@@ -17,6 +17,7 @@
     - certstore
     - cert_redis
     - clotho
+    - packet_dump
     - http_healthcheck
     - framework
     - telegraf_statistic
@@ -45,6 +46,7 @@
     - certstore
     - cert_redis
     - clotho
+    - packet_dump
     - http_healthcheck
     - framework
     - telegraf_statistic