feature:新增部署packet_dump的操作

bugfix:修改部署过程出现配置文件路径错误和变量缺失问题
同步tsg-os配置文件
2021-07-22 17:31:28 +08:00 · 2021-07-22 17:17:28 +08:00 · 2021-07-21 11:40:30 +08:00 · 2021-07-21 10:21:07 +08:00 · 2021-07-06 15:09:02 +08:00 · 2021-07-06 14:48:40 +08:00
240 changed files with 680 additions and 6612 deletions
--- a/deploy.yml
+++ b/deploy.yml
@@ -1,128 +0,0 @@
 - hosts:
    - adc_mcn0
    - adc_mcn1
    - adc_mcn2
    - adc_mcn3
  remote_user: root
  vars_files:
    - install_config/group_vars/adc_global.yml
  roles:
    - framework
    - kernel-ml
    - telegraf_collect
 - hosts: adc_mxn
  remote_user: root
  roles:
 #    - tsg-env-mxn
 - hosts: adc_mcn0
  remote_user: root
  vars_files:
    - install_config/group_vars/adc_global.yml
    - install_config/group_vars/adc_mcn0.yml
  roles:
 #    - tsg-env-mcn0
    - mrzcpd
    - sapp
    - tsg_master
    - kni
    - firewall
    - tsg_app
    - http_healthcheck
    - packet_dump
    - certstore
    - cert-redis
    - telegraf_statistic
 #    - tsg_device_tag
 - hosts: adc_mcn1
  remote_user: root
  vars_files:
    - install_config/group_vars/adc_global.yml
    - install_config/group_vars/adc_mcn1.yml
  roles:
 #    - tsg-env-mcn1
    - mrzcpd
    - tfe
 - hosts: adc_mcn2
  remote_user: root
  vars_files:
    - install_config/group_vars/adc_global.yml
    - install_config/group_vars/adc_mcn2.yml
  roles:
 #    - tsg-env-mcn2
    - mrzcpd
    - tfe
 - hosts: adc_mcn3
  remote_user: root
  vars_files:
    - install_config/group_vars/adc_global.yml
    - install_config/group_vars/adc_mcn3.yml
  roles:
 #    - tsg-env-mcn3
    - mrzcpd
    - tfe
 - hosts: adc_mcn0
  remote_user: root
  roles:
    - tsg-diagnose
 - hosts: 
    - adc_mcn1
    - adc_mcn2
    - adc_mcn3
  remote_user: root
  roles:
    - tsg-diagnose_sync_ca
 - hosts: adc_mcn0
  remote_user: root
  roles:
    - tsg-diagnose_stop_sync
 - hosts:
    - adc_mcn0
    - adc_mcn1
    - adc_mcn2
    - adc_mcn3
  remote_user: root
  vars_files:
    - install_config/group_vars/adc_global.yml
  roles:
    - reboot
 - hosts: server-as-tun-mode
  remote_user: root
  vars_files:
    - install_config/group_vars/server_as_tun_mode.yml
  roles:
    - kernel-ml
    - framework
    - mrzcpd
    - tsg-env-tun-mode
    - sapp
    - tsg_master
    - kni
    - firewall
    - tsg_app
    - http_healthcheck
    - packet_dump
    - certstore
    - cert-redis
    - tfe
    - telegraf_statistic
    - telegraf_collect
    - proxy_status
 #    - tsg_device_tag
    - reboot
 - hosts: app_global
  remote_user: root
  vars_files:
    - install_config/group_vars/app_global.yml
  roles:
    - app_global
--- a/install_config/group_vars/adc_global.yml
+++ b/install_config/group_vars/adc_global.yml
@@ -1,111 +0,0 @@
 #########################################
 #####1: Inline_device;  2: Allot;  3: ADC_Tun_mode;
 tsg_access_type: 3
 #####2: ADC;
 tsg_running_type: 2
 ########################################
 #Deploy_finished_reboot
 Deploy_finished_reboot: 1
 ########################################
 #IP Config
 maat_redis_server:
  address: "192.168.40.168"
  port: 7002
  db: 0
 dynamic_maat_redis_server:
  address: "192.168.40.168"
  port: 7002
  db: 0
 cert_store_server:
  address: "192.168.100.1"
  port: 9991
 log_kafkabrokers:
  address: "1.1.1.1:9092,2.2.2.2:9092"
 monitor_outputs_influxdb:
  url: "http://192.168.41.182:58086"
 log_minio:
  address: "192.168.40.168;"
  port: 9090
 #########################################
 #Log Level Config
 #日志等级 10:DEBUG 20:INFO 30:FATAL
 fw_ftp_log_level: 10
 fw_mail_log_level: 10
 fw_http_log_level: 10
 fw_dns_log_level: 10
 fw_quic_log_level: 10
 capture_packet_log_level: 10
 tsg_log_level: 10
 tsg_master_log_level: 10
 kni_log_level: 10
 #日志等级 DEBUG INFO FATAL
 tfe_log_level: DEBUG
 tfe_http_log_level: DEBUG
 pangu_log_level: DEBUG
 doh_log_level: DEBUG
 certstore_log_level: 10
 packet_dump_log_level: 10
 #######################################
 #Sapp Performance Config
 #Sapp工作在ADC计算板0时，建议使用如下30+8的配置，以保证更高的处理性能
 sapp:
  worker_threads: 37
  send_only_threads_max: 1
  bind_mask: 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38
  inbound_route_dir: 1
 ########################################
 #Kni Config
 kni:
  global:
    tfe_node_count: 3
  watch_dog:
    switch: 1
  maat:
    readconf_mode: 2
  send_logger:
    switch: 1
  tfe_nodes:
    tfe0_enabled: 1
    tfe1_enabled: 1
    tfe2_enabled: 1
 ########################################
 #Tfe Config
 tfe:
  nr_threads: 32
  mirror_enable: 1
 ########################################
 #Marsio Config
 #marsio工作在ADC计算板时，建议使用如下配置，以保证更高的处理性能
 mrzcpd:
  iocore: 52,53,54,55
 mrtunnat:
  lcore_id: 48,49,50,51 
 #########################################
 #Tsg_app
 tsg_app_enable: 0
 app_global_ip: "1.1.1.1"
 applog_level: 10
 app_master_log_level: 10
 app_sketch_local_log_level: 10
 app_control_plug_log_level: 10
 breakpad_upload_url: http://127.0.0.1/
 tsg_master_entrance_id: 0
--- a/install_config/group_vars/adc_mcn0.yml
+++ b/install_config/group_vars/adc_mcn0.yml
@@ -1,39 +0,0 @@
 #########################################
 #Mcn0管理口网卡名
 nic_mgr:
  name: ens1f3
 #########################################
 #Mcn0流量接入网卡，固定配置
 nic_data_incoming:
  name: ens1f4
 #########################################
 #Mcn0其他数据口网卡名配置，固定配置
 nic_inner_ctrl:
  name: ens1.100
 nic_to_tfe:
  tfe0:
      name: ens1f5
  tfe1:
      name: ens1f6
  tfe2:
      name: ens1f7
 #########################################
 #串联设备接入相关配置
 inline_device_config:
  keepalive_ip: 192.168.1.30
  keepalive_mask: 255.255.255.252
 #########################################
 #Allot接入相关配置
 AllotAccess:
  virturlInterface_1: ens1f2.103
  virturlInterface_2: ens1f2.104
  virturlID_1: 103
  virturlID_2: 104
  vvipv4_mask: 24
  vvipv6_mask: 64
 bladename: mcn0
--- a/install_config/group_vars/adc_mcn1.yml
+++ b/install_config/group_vars/adc_mcn1.yml
@@ -1,19 +0,0 @@
 #########################################
 #Mcn1管理口网卡名
 nic_mgr:
  name: ens1f3
 #########################################
 #Mcn1流量接入网卡，固定配置
 nic_data_incoming:
  name: ens1f1
 #########################################
 #Mcn1其他数据口网卡名配置，固定配置
 nic_inner_ctrl:
  name: ens1.100
 nic_traffic_mirror:
  name: ens1f2
  use_mrzcpd: 1
 bladename: mcn1
--- a/install_config/group_vars/adc_mcn2.yml
+++ b/install_config/group_vars/adc_mcn2.yml
@@ -1,19 +0,0 @@
 #########################################
 #Mcn2管理口网卡名
 nic_mgr:
  name: ens8f3
 #########################################
 #Mcn2流量接入网卡，固定配置
 nic_data_incoming:
  name: ens8f1
 #########################################
 #Mcn2其他数据口网卡名配置，固定配置
 nic_inner_ctrl:
  name: ens8.100
 nic_traffic_mirror:
  name: ens8f2
  use_mrzcpd: 1
 bladename: mcn2
--- a/install_config/group_vars/adc_mcn3.yml
+++ b/install_config/group_vars/adc_mcn3.yml
@@ -1,19 +0,0 @@
 #########################################
 #Mcn3管理口网卡名
 nic_mgr:
  name: ens8f3
 #########################################
 #Mcn3流量接入网卡，固定配置
 nic_data_incoming:
  name: ens8f1
 #########################################
 #Mcn3其他数据口网卡名配置，固定配置
 nic_inner_ctrl:
  name: ens8.100
 nic_traffic_mirror:
  name: ens8f2
  use_mrzcpd: 1
 bladename: mcn3
--- a/install_config/group_vars/app_global.yml
+++ b/install_config/group_vars/app_global.yml
@@ -1,10 +0,0 @@
 #########################################
 app_sketch_global_log_level: 10
 maat_redis_server:
  address: "192.168.40.168"
  port: 7002
  db: 0
 file_stat_ip: "1.1.1.1"
--- a/install_config/group_vars/mirror_traffic.yml
+++ b/install_config/group_vars/mirror_traffic.yml
@@ -0,0 +1,93 @@
 ########################################
 #Server Basic Config
 nic_mgr:
  name: eth0
 #########################################
 #IP Config
 maat_redis_server:
  address: "#Bifang IP#"
  port: 7002
  port_num: 1
  db: 0
 dynamic_maat_redis_server:
  address: "#Bifang IP#"
  port: 7002
  port_num: 1
  db: 1
 log_kafkabrokers:
  address: ['1.1.1.1:9092','2.2.2.2:9092']
 #log_minio:
 #  address: "10.9.62.253"
 #  port: 9090
 #########################################
 #Log Level Config
 #日志等级 10:DEBUG 20:INFO 30:FATAL
 fw_voip_log_level: 10
 fw_ftp_log_level: 10
 fw_mail_log_level: 10
 fw_http_log_level: 10
 fw_dns_log_level: 10
 fw_quic_log_level: 10
 app_control_log_level: 10
 capture_packet_log_level: 10
 tsg_log_level: 10
 tsg_master_log_level: 10
 kni_log_level: 10
 #日志等级 DEBUG INFO FATAL
 tfe_log_level: FATAL
 tfe_http_log_level: FATAL
 pangu_log_level: FATAL
 doh_log_level: FATAL
 certstore_log_level: 10
 packet_dump_log_level: 10
 #########################################
 #Sapp Performance Config
 #如果tsg_access_type=0，sapp跑在pcap模式，则以下配置可忽略
 sapp:
  worker_threads: 23
  send_only_threads_max: 1
  bind_mask: 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24
  inbound_route_dir: 1
  prometheus_enable: 1
  prometheus_port: 9273
  prometheus_url_path: "/metrics"
 #########################################
 #Marsio Config
 mrzcpd:
  iocore: 39
 #########################################
 #新增配置项,均为默认值不用改
 breakpad_upload_url: http://127.0.0.1:9000/api/2/minidump/?sentry_key=3556bac347c74585a994eb6823faf5c6
 data_center: Beijing
 tsg_master_entrance_id: 0
 firewall:
  hos_serverip: "192.168.40.223"
  hos_serverport: 9098
  hos_accesskeyid: "default"
  hos_secretkey: "default"
  hos_poolsize: 100
  hos_thread_sum: 32
  hos_cache_size: 102400
  hos_fs2_serverip: "127.0.0.1"
  hos_fs2_serverport: 10086
  APP_SKETCH_BROKER_IP: "192.168.40.161"
  APP_SKETCH_BROKER_PORT: 1883
 data_incoming_nic_list: ['eth0', 'eth1']
--- a/install_config/group_vars/packet_dump_server.yml
+++ b/install_config/group_vars/packet_dump_server.yml
@@ -0,0 +1,22 @@
 nic_mgr:
  name: eth0
 log_kafkabrokers:
  address: ['1.1.1.1:9092','2.2.2.2:9092']
 packet_dump_log_level: 10
 breakpad_upload_url: http://127.0.0.1:9000/api/2/minidump/?sentry_key=3556bac347c74585a994eb6823faf5c6
 dump_rtp_pcap:
  aws_access_key_id: "default"
  aws_secret_access_key: "default"
  aws_session_token: "c21f969b5f03d33d43e04f8f136e7682"
  consume_bootstrap_servers: ['192.168.44.14:9092']
  endpoint_url: "http://192.168.44.67:9098/hos/"
  produce_bootstrap_servers: "192.168.44.14:9092"
  queue_size: 5000000
  coroutine_max_num: 200
  coroutine_num: 100
  qfull_mode: 0
  qfull_interval: 5
--- a/install_config/group_vars/server_as_tun_mode.yml
+++ b/install_config/group_vars/server_as_tun_mode.yml
@@ -1,145 +0,0 @@
 #########################################
 #####0: Pcap;  1: Inline_device;  4: ATCA_Vlan_Flipping;  5:ATCA_VXLAN;
 tsg_access_type: 1
 #####0: Tun_mode;  1: normal;
 tsg_running_type: 1
 ########################################
 #Deploy_finished_reboot
 Deploy_finished_reboot: 1
 ########################################
 #Server Basic Config
 nic_mgr:
  name: eth0
 nic_inner_ctrl:
  name: eth0.100
 #########################################
 #IP Config
 maat_redis_server:
  address: "192.168.40.168"
  port: 7002
  db: 0
 dynamic_maat_redis_server:
  address: "192.168.40.168"
  port: 7002
  db: 0
 cert_store_server:
  address: "192.168.100.1"
  port: 9991
 log_kafkabrokers:
  address: "1.1.1.1:9092,2.2.2.2:9092"
 log_minio:
  address: "192.168.40.168;"
  port: 9090
 #########################################
 #Log Level Config
 #日志等级 10:DEBUG 20:INFO 30:FATAL
 fw_ftp_log_level: 10
 fw_mail_log_level: 10
 fw_http_log_level: 10
 fw_dns_log_level: 10
 fw_quic_log_level: 10
 capture_packet_log_level: 10
 tsg_log_level: 10
 tsg_master_log_level: 10
 kni_log_level: 10
 #日志等级 DEBUG INFO FATAL
 tfe_log_level: DEBUG
 tfe_http_log_level: DEBUG
 pangu_log_level: DEBUG
 doh_log_level: DEBUG
 certstore_log_level: 10
 packet_dump_log_level: 10
 #########################################
 #Sapp Performance Config
 #如果tsg_access_type=0，sapp跑在pcap模式，则以下配置可忽略
 sapp:
  worker_threads: 23
  send_only_threads_max: 1
  bind_mask: 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24
  inbound_route_dir: 1
 #########################################
 #Sapp Double-Arm Config
 packet_io:
  internal_interface: eth2
  external_interface: eth3
 #########################################
 #Kni Config
 kni:
  global:
    tfe_node_count: 1
  watch_dog:
    switch: 1
  maat:
    readconf_mode: 2
  send_logger:
    switch: 1
  tfe_nodes:
    tfe0_enabled: 1
    tfe1_enabled: 0
    tfe2_enabled: 0
 #########################################
 #Tfe Config
 tfe:
  nr_threads: 32
  mirror_enable: 1
 #########################################
 #Marsio Config
 mrzcpd:
  iocore: 39
 mrtunnat:
  lcore_id: 38
 #########################################
 #Tsg_app
 tsg_app_enable: 1
 app_global_ip: "1.1.1.1"
 applog_level: 10
 app_master_log_level: 10
 app_sketch_local_log_level: 10
 app_control_plug_log_level: 10
 #########################################
 #ATCA Config
 #下列配置只在tsg_access_type=4时生效
 ATCA_data_incoming:
  ethname: enp1s0
  vf0_name: enp1s2
  vf1_name: enp1s2f1
  vf2_name: enp1s2f2
 ATCA_VlanFlipping:
  vlanID_1: 100
  vlanID_2: 101
  vlanID_3: 103
  vlanID_4: 104
 #下列配置只在tsg_access_type=5时生效
 ATCA_VXLAN:
  keepalive_ip: "10.254.19.1"
  keepalive_mask: "255.255.255.252"
 #########################################
 #Inline Device Config
 inline_device_config:
  keepalive_ip: 192.168.1.30
  keepalive_mask: 255.255.255.252
  data_incoming: eth5
--- a/install_config/hosts
+++ b/install_config/hosts
@@ -1,41 +1,3 @@
-###################
+[mirror_traffic]
-#   For example   #
+[packet_dump_server]
 ###################
 #变量device_id根据设备序号设置即可
 #变量vvipv4_1、vvipv4_2、vvipv6_1、vvipv6_2为Allot相关配置，其他环境可不填或直接删除变量
 #
 #20.09版本新增APP部署
 #[app_global]
 #0.0.0.0
 #[server-as-tun-mode]
 #1.1.1.1 device_id=device_1
 #
 #[adc_mxn]
 #10.3.72.1
 #10.3.72.2
 #
 #[adc_mcn0]
 #10.3.73.1 device_id=device_1 vvipv4_1=10.3.61.1 vvipv4_2=10.3.62.1 vvipv6_1=fc00::61:1 vvipv6_2=fc00::62:1
 #10.3.73.2 device_id=device_2 vvipv4_1=10.3.61.2 vvipv4_2=10.3.62.2 vvipv6_1=fc00::61:2 vvipv6_2=fc00::62:2
 #
 #[adc_mcn1]
 #10.3.74.1 device_id=device_1
 #10.3.74.2 device_id=device_2
 #
 #[adc_mcn2]
 #10.3.75.1 device_id=device_1
 #10.3.75.2 device_id=device_2
 #
 #[adc_mcn3]
 #10.3.76.1 device_id=device_1
 #10.3.76.2 device_id=device_2
 [app_global]
 [server-as-tun-mode]
 [adc_mxn]
 [adc_mcn0]
 [adc_mcn1]
 [adc_mcn2]
 [adc_mcn3]
--- a/mirror_traffic.yml
+++ b/mirror_traffic.yml
@@ -0,0 +1,12 @@
 - hosts: mirror_traffic
  remote_user: root
  vars_files:
    - install_config/group_vars/mirror_traffic.yml
  roles:
    - {role: framework, tags: framework}
    - {role: kernel-ml, tags: kernel-ml}
    - {role: mrzcpd, tags: mrzcpd}
    - {role: sapp, tags: sapp}
    - {role: tsg_master, tags: tsg_master}
    - {role: firewall, tags: firewall}
    - {role: telegraf_statistic, tags: telegraf_statistic}
--- a/packet_dump_server.yml
+++ b/packet_dump_server.yml
@@ -0,0 +1,8 @@
 - hosts: packet_dump_server
  remote_user: root
  vars_files:
    - install_config/group_vars/packet_dump_server.yml
  roles:
    - {role: framework, tags: framework}
    - {role: packet_dump, tags: packet_dump}
    - {role: dump_rtp_pcap, tags: dump_rtp_pcap}
--- a/roles/app_global/files/app-sketch-global-1.0.3.202010.a7b2e40-1.el7.x86_64.rpm
+++ b/roles/app_global/files/app-sketch-global-1.0.3.202010.a7b2e40-1.el7.x86_64.rpm
--- a/roles/app_global/tasks/main.yml
+++ b/roles/app_global/tasks/main.yml
@@ -1,36 +0,0 @@
 - name: "copy app_global rpm to destination server"
  copy:
    src: "{{ role_path }}/files/"
    dest: /tmp/ansible_deploy/
 - name: "install app rpms from localhost"
  yum:
    name:
      - /tmp/ansible_deploy/emqx-centos7-v4.1.2.x86_64.rpm
      - /tmp/ansible_deploy/app-sketch-global-1.0.3.202010.a7b2e40-1.el7.x86_64.rpm
    state: present
 - name: "template the app_sketch_global.conf"
  template:
    src: "{{ role_path }}/templates/app_sketch_global.conf.j2"
    dest: /opt/tsg/app-sketch-global/conf/app_sketch_global.conf
 - name: "template the zlog.conf"
  template:
    src: "{{ role_path }}/templates/zlog.conf.j2"
    dest: /opt/tsg/app-sketch-global/conf/zlog.conf
 - name: "Start emqx"
  systemd:
    name: emqx.service
    state: started
    enabled: yes
    daemon_reload: yes
 - name: "Start app-sketch-global"
  systemd:
    name: app-sketch-global.service
    state: started
    enabled: yes
    daemon_reload: yes
--- a/roles/app_global/templates/app_sketch_global.conf.j2
+++ b/roles/app_global/templates/app_sketch_global.conf.j2
@@ -1,41 +0,0 @@
 [SYSTEM]
 #1:print on screen, 0:don't
 DEBUG_SWITCH = 1
 RUN_LOG_PATH = "conf/zlog.conf"
 [breakpad]
 disable_coredump=0
 enable_breakpad=1
 breakpad_minidump_dir=/tmp/app-sketch-global/crashreport
 enable_breakpad_upload=0
 breakpad_upload_url={{ breakpad_upload_url }}
 [CONFIG]
 #Number of running threads
 thread-nu = 1
 timeout = 3600
 address="tcp://127.0.0.1:1883"
 topic_name="APP_SIGNATURE_ID"
 client_name="ExampleClientSub"
 [maat]
 # 0:json 1: redis 2: iris
 maat_input_mode=1
 table_info=./resource/table_info.conf
 json_cfg_file=./resource/gtest.json
 stat_file=logs/verify-policy.status
 full_cfg_dir=verify-policy/
 inc_cfg_dir=verify-policy/
 maat_redis_server={{ maat_redis_server.address }}
 maat_redis_port_range={{ maat_redis_server.port }}
 maat_redis_db_index={{ maat_redis_server.db }}
 effect_interval_s=1
 accept_tags={"tags":[{"tag":"location","value":"Astana"}]}
 [stat]
 statsd_server={{ file_stat_ip }}
 statsd_port=8100
 statsd_cycle=5
 # FS_OUTPUT_STATSD=1, FS_OUTPUT_INFLUX_LINE=2
 statsd_format=2
--- a/roles/app_global/templates/zlog.conf.j2
+++ b/roles/app_global/templates/zlog.conf.j2
@@ -1,12 +0,0 @@
 [global]
 default format = "%d(%c), %V, %F, %U, %m%n"
 [levels]
 DEBUG=10
 INFO=20
 FATAL=30
 [rules]
 *.fatal        "./logs/error.log.%d(%F)";
 *.{{ app_sketch_global_log_level }}		"./logs/app_sketch_global.log.%d(%F)"
--- a/roles/cert-redis/files/cert-redis/6379/6379.conf
+++ b/roles/cert-redis/files/cert-redis/6379/6379.conf
--- a/roles/cert-redis/files/cert-redis/6379/dump.rdb
+++ b/roles/cert-redis/files/cert-redis/6379/dump.rdb
--- a/roles/cert-redis/files/cert-redis/cert-redis.service
+++ b/roles/cert-redis/files/cert-redis/cert-redis.service
@@ -1,16 +0,0 @@
 [Unit]
 Description=Redis persistent key-value database
 After=network.target
 After=network-online.target
 Wants=network-online.target
 [Service]
 ExecStart=/usr/local/bin/start-cert-redis
 ExecStop=killall redis-server
 Type=forking
 RuntimeDirectory=redis
 RuntimeDirectoryMode=0755
 [Install]
 WantedBy=multi-user.target
--- a/roles/cert-redis/files/cert-redis/install.sh
+++ b/roles/cert-redis/files/cert-redis/install.sh
@@ -1,6 +0,0 @@
 #!/bin/bash
 #
 cp -rf redis-server /usr/local/bin/
 cp -rf redis-cli /usr/local/bin
 cp -rf cert-redis.service /usr/lib/systemd/system/
 cp -rf start-cert-redis /usr/local/bin
--- a/roles/cert-redis/files/cert-redis/redis-cli
+++ b/roles/cert-redis/files/cert-redis/redis-cli
--- a/roles/cert-redis/files/cert-redis/redis-server
+++ b/roles/cert-redis/files/cert-redis/redis-server
--- a/roles/cert-redis/files/cert-redis/start-cert-redis
+++ b/roles/cert-redis/files/cert-redis/start-cert-redis
@@ -1,4 +0,0 @@
 #!/bin/bash
 #
 /usr/local/bin/redis-server /opt/tsg/cert-redis/6379/6379.conf
--- a/roles/cert-redis/tasks/main.yml
+++ b/roles/cert-redis/tasks/main.yml
@@ -1,15 +0,0 @@
 - name: "copy cert-redis to destination server"
  copy:
    src: "{{ role_path }}/files/"
    dest: /opt/tsg
    mode: 0755
 - name: "install cert-redis"
  shell: cd /opt/tsg/cert-redis;sh install.sh
 - name: "start cert-redis"
  systemd:
    name: cert-redis.service
    state: started
    daemon_reload: yes
    enabled: yes
--- a/roles/certstore/files/certstore-2.1.3.202010.81eef83-1.el7.x86_64.rpm
+++ b/roles/certstore/files/certstore-2.1.3.202010.81eef83-1.el7.x86_64.rpm
--- a/roles/certstore/files/memory.conf
+++ b/roles/certstore/files/memory.conf
@@ -1,2 +0,0 @@
 [Service]
 MemoryMax=10G
--- a/roles/certstore/tasks/main.yml
+++ b/roles/certstore/tasks/main.yml
@@ -1,37 +0,0 @@
 - name: "copy certstore rpm to destination"
  synchronize:
    src: "{{ role_path }}/files/"
    dest: "/tmp/ansible_deploy/"
 - name: Ensures /opt/tsg exists
  file: path=/opt/tsg state=directory
  tags: mkdir
 - name: install certstore
  yum:
    name:
      - /tmp/ansible_deploy/certstore-2.1.3.202010.81eef83-1.el7.x86_64.rpm
    state: present
 - name: template certstore configure file
  template:
    src: "{{ role_path }}/templates/cert_store.ini.j2"
    dest: /opt/tsg/certstore/conf/cert_store.ini
 - name: template certstore zlog file
  template:
    src: "{{ role_path }}/templates/zlog.conf.j2"
    dest: /opt/tsg/certstore/conf/zlog.conf
 - name: "copy memory limit file to certstore.service.d"
  copy:
    src: "{{ role_path }}/files/memory.conf"
    dest: /etc/systemd/system/certstore.service.d/
    mode: 0644
 - name: "start certstore"
  systemd:
    name: certstore.service
    state: started
    enabled: yes
    daemon_reload: yes
--- a/roles/certstore/templates/cert_store.ini.j2
+++ b/roles/certstore/templates/cert_store.ini.j2
@@ -1,58 +0,0 @@
 [SYSTEM]
 #1:print on screen, 0:don't
 DEBUG_SWITCH = 1
 RUN_LOG_PATH = "conf/zlog.conf"
 [breakpad]
 disable_coredump=0
 enable_breakpad=1
 breakpad_minidump_dir=/tmp/certstore/crashreport
 enable_breakpad_upload=0
 breakpad_upload_url= {{ breakpad_upload_url }}
 [CONFIG]
 #Number of running threads
 thread-nu = 4
 #1 rsync, 0 sync
 mode=1
 #Local default root certificate is valid for 30 days by default
 expire_after = 30
 #Local default root certificate path
 local_debug = 1
 ca_path = ./cert/tango-ca-v3-trust-ca.pem
 untrusted_ca_path = ./cert/tango-ca-v3-untrust-ca.pem
 [MAAT]
 #Configure the load mode,
 #0: using the configuration distribution network
 #1: using local json
 #2: using Redis reads
 maat_json_switch=2
 #When the loading mode is sent to the network, set the scanning configuration modification interval (s).
 effective_interval=1
 #Specify the location of the configuration library table file
 table_info=./conf/table_info.conf
 #Incremental profile path
 inc_cfg_dir=./rule/inc/index
 #Full profile path
 full_cfg_dir=./rule/full/index
 #Json file path when json schema is used
 pxy_obj_keyring=./conf/pxy_obj_keyring.json
 [LIBEVENT]
 #Local monitor port number, default is 9991
 port = 9991
 [CERTSTORE_REDIS]
 #The Redis server IP address and port number where the certificate is stored locally
 ip = 127.0.0.1
 port = 6379
 [MAAT_REDIS]
 #Maat monitors the Redsi server IP address and port number
 ip = {{ maat_redis_server.address }}
 port = {{ maat_redis_server.port }}
 dbindex =  {{ maat_redis_server.db }}
 [stat]
 statsd_server=127.0.0.1
 statsd_port=58100
--- a/roles/certstore/templates/zlog.conf.j2
+++ b/roles/certstore/templates/zlog.conf.j2
@@ -1,10 +0,0 @@
 [global]
 default format = "%d(%c), %V, %F, %U, %m%n"
 [levels]
 DEBUG=10
 INFO=20
 FATAL=30
 [rules]
 *.fatal        "./logs/error.log.%d(%F)";
 *.{{ certstore_log_level }}        "./logs/certstore.log.%d(%F)"
--- a/roles/dump_rtp_pcap/files/dump_rtp_pcap-1.0.2.445da24-2.el7.x86_64.rpm
+++ b/roles/dump_rtp_pcap/files/dump_rtp_pcap-1.0.2.445da24-2.el7.x86_64.rpm
--- a/roles/dump_rtp_pcap/tasks/main.yml
+++ b/roles/dump_rtp_pcap/tasks/main.yml
@@ -0,0 +1,22 @@
 - name: "dump-rtp-pcap: copy dump-rtp-pcap rpm package to destination"
  copy:
    src: "{{ role_path }}/files/"
    dest: /tmp/ansible_deploy/
 - name: "dump-rtp-pcap: install dump-rtp-pcap rpm from localhost"
  yum:
    name:
      - /tmp/ansible_deploy/dump_rtp_pcap-1.0.2.445da24-2.el7.x86_64.rpm
    state: present
 - name: "dump-rtp-pcap: Template the dump_rtp_pcap.json"
  template:
    src: "{{ role_path }}/templates/dump_rtp_pcap.json.j2"
    dest: /home/mesasoft/dump_rtp_pcap/dump_rtp_pcap.json
  tags: template
 - name: "start dump_rtp_pcap"
  systemd:
    name: dump_rtp_pcap.service
    enabled: yes
    daemon_reload: yes
--- a/roles/dump_rtp_pcap/templates/dump_rtp_pcap.json.j2
+++ b/roles/dump_rtp_pcap/templates/dump_rtp_pcap.json.j2
@@ -0,0 +1,23 @@
 {
    "endian":"little",
    "aws_access_key_id": "{{ dump_rtp_pcap.aws_access_key_id }}",
    "aws_secret_access_key": "{{ dump_rtp_pcap.aws_secret_access_key }}",
    "aws_session_token": "{{ dump_rtp_pcap.aws_session_token }}",
    "bucket_name": "rtp-log",
    "consume_auto_offset_reset":"latest",
    "consume_bootstrap_servers": ["{{ dump_rtp_pcap.consume_bootstrap_servers | join("\",\"") }}"],
    "consume_topic": "INTERNAL-RTP-LOG",
    "endpoint_url": "{{ dump_rtp_pcap.endpoint_url }}",
    "file_prefix":"rtp_log",
    "group_id": "rtp-log-1",
    "produce_bootstrap_servers": "{{ dump_rtp_pcap.produce_bootstrap_servers }}",
    "produce_topic": "VOIP-RECORD-LOG",
    "region_name": "us-east-1",
    "save_speed_emit_interval":30,
    "upload_speed_emit_interval":30,
    "queue_size":{{ dump_rtp_pcap.queue_size }},
    "coroutine_max_num":{{ dump_rtp_pcap.coroutine_max_num }},
    "coroutine_num":{{ dump_rtp_pcap.coroutine_num }},
    "qfull_mode":{{ dump_rtp_pcap.qfull_mode }},
    "qfull_interval":{{ dump_rtp_pcap.qfull_interval }}
 }
--- a/roles/firewall/files/app_proto_engine-devel-2.0.4.95a943e-2.el7.x86_64.rpm
+++ b/roles/firewall/files/app_proto_engine-devel-2.0.4.95a943e-2.el7.x86_64.rpm
--- a/roles/firewall/files/app_proto_identify-2.0.1.dd683eb-2.el7.x86_64.rpm
+++ b/roles/firewall/files/app_proto_identify-2.0.1.dd683eb-2.el7.x86_64.rpm
--- a/roles/firewall/files/capture_packet_plug-3.0.4.42574b7-2.el7.x86_64.rpm
+++ b/roles/firewall/files/capture_packet_plug-3.0.4.42574b7-2.el7.x86_64.rpm
--- a/roles/firewall/files/capture_packet_plug-3.0.6.a2db4a4-2.el7.x86_64.rpm
+++ b/roles/firewall/files/capture_packet_plug-3.0.6.a2db4a4-2.el7.x86_64.rpm
--- a/roles/firewall/files/dns-2.0.12.e083fec-2.el7.x86_64.rpm
+++ b/roles/firewall/files/dns-2.0.12.e083fec-2.el7.x86_64.rpm
--- a/roles/firewall/files/dns-2.0.9.b639626-2.el7.x86_64.rpm
+++ b/roles/firewall/files/dns-2.0.9.b639626-2.el7.x86_64.rpm
--- a/roles/firewall/files/fw_dns_plug-3.0.2.dab58fa-2.el7.x86_64.rpm
+++ b/roles/firewall/files/fw_dns_plug-3.0.2.dab58fa-2.el7.x86_64.rpm
--- a/roles/firewall/files/fw_dns_plug-3.0.6.57c2feb-2.el7.x86_64.rpm
+++ b/roles/firewall/files/fw_dns_plug-3.0.6.57c2feb-2.el7.x86_64.rpm
--- a/roles/firewall/files/fw_http_plug-3.0.1.0c7e082-2.el7.x86_64.rpm
+++ b/roles/firewall/files/fw_http_plug-3.0.1.0c7e082-2.el7.x86_64.rpm
--- a/roles/firewall/files/fw_http_plug-3.2.3.6b8c95d-2.el7.x86_64.rpm
+++ b/roles/firewall/files/fw_http_plug-3.2.3.6b8c95d-2.el7.x86_64.rpm
--- a/roles/firewall/files/fw_http_plug-3.2.5.30df450-2.el7.x86_64.rpm
+++ b/roles/firewall/files/fw_http_plug-3.2.5.30df450-2.el7.x86_64.rpm
--- a/roles/firewall/files/fw_mail_plug-3.0.1.02465eb-2.el7.x86_64.rpm
+++ b/roles/firewall/files/fw_mail_plug-3.0.1.02465eb-2.el7.x86_64.rpm
--- a/roles/firewall/files/fw_mail_plug-3.1.1.777fa90-2.el7.x86_64.rpm
+++ b/roles/firewall/files/fw_mail_plug-3.1.1.777fa90-2.el7.x86_64.rpm
--- a/roles/firewall/files/fw_quic_plug-3.0.1.b790ee1-2.el7.x86_64.rpm
+++ b/roles/firewall/files/fw_quic_plug-3.0.1.b790ee1-2.el7.x86_64.rpm
--- a/roles/firewall/files/fw_quic_plug-3.0.4.947ef77-2.el7.x86_64.rpm
+++ b/roles/firewall/files/fw_quic_plug-3.0.4.947ef77-2.el7.x86_64.rpm
--- a/roles/firewall/files/fw_ssl_plug-3.0.4.a0b19ee-2.el7.x86_64.rpm
+++ b/roles/firewall/files/fw_ssl_plug-3.0.4.a0b19ee-2.el7.x86_64.rpm
--- a/roles/firewall/files/fw_ssl_plug-3.1.1.d9e9de4-2.el7.x86_64.rpm
+++ b/roles/firewall/files/fw_ssl_plug-3.1.1.d9e9de4-2.el7.x86_64.rpm
--- a/roles/firewall/files/fw_voip_plug-1.0.6.341fe83-2.el7.x86_64.rpm
+++ b/roles/firewall/files/fw_voip_plug-1.0.6.341fe83-2.el7.x86_64.rpm
--- a/roles/firewall/files/gtp-1.0.4.8804e43-2.el7.x86_64.rpm
+++ b/roles/firewall/files/gtp-1.0.4.8804e43-2.el7.x86_64.rpm
--- a/roles/firewall/files/gtp_signaling_plug-1.0.2.2dfced5-2.el7.x86_64.rpm
+++ b/roles/firewall/files/gtp_signaling_plug-1.0.2.2dfced5-2.el7.x86_64.rpm
--- a/roles/firewall/files/mail-1.0.11.48abeae-2.el7.x86_64.rpm
+++ b/roles/firewall/files/mail-1.0.11.48abeae-2.el7.x86_64.rpm
--- a/roles/firewall/files/mail-1.0.9.c1d3bde-2.el7.x86_64.rpm
+++ b/roles/firewall/files/mail-1.0.9.c1d3bde-2.el7.x86_64.rpm
--- a/roles/firewall/files/mesa_sip-1.1.1.0721ead-2.el7.x86_64.rpm
+++ b/roles/firewall/files/mesa_sip-1.1.1.0721ead-2.el7.x86_64.rpm
--- a/roles/firewall/files/quic-1.1.10.c2b90a0-2.el7.x86_64.rpm
+++ b/roles/firewall/files/quic-1.1.10.c2b90a0-2.el7.x86_64.rpm
--- a/roles/firewall/files/quic-1.1.17.8c22b4d-2.el7.x86_64.rpm
+++ b/roles/firewall/files/quic-1.1.17.8c22b4d-2.el7.x86_64.rpm
--- a/roles/firewall/files/rtp-1.0.4.91b4ab7-2.el7.x86_64.rpm
+++ b/roles/firewall/files/rtp-1.0.4.91b4ab7-2.el7.x86_64.rpm
--- a/roles/firewall/files/ssl-1.0.9.69f3742-2.el7.x86_64.rpm
+++ b/roles/firewall/files/ssl-1.0.9.69f3742-2.el7.x86_64.rpm
--- a/roles/firewall/files/ssl-2.0.2.1389716-2.el7.x86_64.rpm
+++ b/roles/firewall/files/ssl-2.0.2.1389716-2.el7.x86_64.rpm
--- a/roles/firewall/files/tsg_conn_sketch-2.0.6.abb4f4d-2.el7.x86_64.rpm
+++ b/roles/firewall/files/tsg_conn_sketch-2.0.6.abb4f4d-2.el7.x86_64.rpm
--- a/roles/firewall/files/tsg_conn_sketch-2.1.41.906e62b-2.el7.x86_64.rpm
+++ b/roles/firewall/files/tsg_conn_sketch-2.1.41.906e62b-2.el7.x86_64.rpm
--- a/roles/firewall/files/tsg_master-3.3.0.5fcfdae-2.el7.x86_64.rpm
+++ b/roles/firewall/files/tsg_master-3.3.0.5fcfdae-2.el7.x86_64.rpm
--- a/roles/firewall/tasks/main.yml
+++ b/roles/firewall/tasks/main.yml
@@ -11,21 +11,28 @@
    skip_broken: yes
  vars:
    fw_packages:
-      - /tmp/ansible_deploy/capture_packet_plug-3.0.4.42574b7-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/capture_packet_plug-3.0.6.a2db4a4-2.el7.x86_64.rpm
      - /tmp/ansible_deploy/conn_telemetry-1.0.2.8d6da43-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/dns-2.0.9.b639626-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/dns-2.0.12.e083fec-2.el7.x86_64.rpm
      - /tmp/ansible_deploy/ftp-1.0.8.13d5fda-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/fw_dns_plug-3.0.2.dab58fa-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/fw_dns_plug-3.0.6.57c2feb-2.el7.x86_64.rpm
      - /tmp/ansible_deploy/fw_ftp_plug-3.0.1.0a78573-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/fw_http_plug-3.0.1.0c7e082-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/fw_http_plug-3.2.5.30df450-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/fw_mail_plug-3.0.1.02465eb-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/fw_mail_plug-3.1.1.777fa90-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/fw_quic_plug-3.0.1.b790ee1-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/fw_quic_plug-3.0.4.947ef77-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/fw_ssl_plug-3.0.4.a0b19ee-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/fw_ssl_plug-3.1.1.d9e9de4-2.el7.x86_64.rpm
      - /tmp/ansible_deploy/http-2.0.5.c61ad9a-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/mail-1.0.9.c1d3bde-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/mail-1.0.11.48abeae-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/quic-1.1.10.c2b90a0-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/quic-1.1.17.8c22b4d-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/ssl-1.0.9.69f3742-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/ssl-2.0.2.1389716-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/tsg_conn_sketch-2.0.6.abb4f4d-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/tsg_conn_sketch-2.1.41.906e62b-2.el7.x86_64.rpm
      - /tmp/ansible_deploy/rtp-1.0.4.91b4ab7-2.el7.x86_64.rpm
      - /tmp/ansible_deploy/mesa_sip-1.1.1.0721ead-2.el7.x86_64.rpm
      - /tmp/ansible_deploy/fw_voip_plug-1.0.6.341fe83-2.el7.x86_64.rpm
      - /tmp/ansible_deploy/gtp-1.0.4.8804e43-2.el7.x86_64.rpm
      - /tmp/ansible_deploy/gtp_signaling_plug-1.0.2.2dfced5-2.el7.x86_64.rpm
      - /tmp/ansible_deploy/app_proto_identify-2.0.1.dd683eb-2.el7.x86_64.rpm
      - /tmp/ansible_deploy/app_proto_engine-devel-2.0.4.95a943e-2.el7.x86_64.rpm
 - name: "Template the tsgconf/main.conf"
  template:
@@ -40,8 +47,22 @@
    dest: /home/mesasoft/sapp_run/tsgconf/maat.conf
  tags: template
 - name: "Template the conf/capture_packet_plug.conf.j2"
  template:
    src: "{{ role_path }}/templates/capture_packet_plug.conf.j2"
    dest: /home/mesasoft/sapp_run/conf/capture_packet_plug.conf
  tags: template
 - name: "Template the /home/mesasoft/sapp_run/plug/business/tsg_conn_sketch/tsg_conn_sketch.inf"
  template:
    src: "{{ role_path }}/templates/tsg_conn_sketch.inf.j2"
    dest: /home/mesasoft/sapp_run/plug/business/tsg_conn_sketch/tsg_conn_sketch.inf
  tags: template
 - name: "Template the conf/http/http.conf"
  template:
    src: "{{ role_path }}/templates/http.conf.j2"
    dest:  /home/mesasoft/sapp_run/conf/http/http.conf
  tags: template
--- a/roles/firewall/templates/capture_packet_plug.conf.j2
+++ b/roles/firewall/templates/capture_packet_plug.conf.j2
@@ -1,25 +1,26 @@
-[MAAT]
+[MAAT]
-MAAT_MODE=2
+MAAT_MODE=2
-#EFFECTIVE_FLAG=
+#EFFECTIVE_FLAG=
-STAT_SWITCH=1
+STAT_SWITCH=1
-PERF_SWITCH=1
+PERF_SWITCH=1
-TABLE_INFO=conf/capture_packet_tableinfo.conf
+TABLE_INFO=conf/capture_packet_tableinfo.conf
-STAT_FILE=capture_packet_maat.status
+STAT_FILE=capture_packet_maat.status
-EFFECT_INTERVAL_S=1
+EFFECT_INTERVAL_S=1
-REDIS_IP={{ maat_redis_server.address }}
+REDIS_IP={{ maat_redis_server.address }}
-REDIS_PORT_NUM=1
+REDIS_PORT_NUM={{ maat_redis_server.port_num }}
-REDIS_PORT={{ maat_redis_server.port }}
+REDIS_PORT={{ maat_redis_server.port }}
-REDIS_INDEX=0
+REDIS_INDEX={{ maat_redis_server.db }}
-JSON_CFG_FILE=conf/capture_packet_maat.json
+JSON_CFG_FILE=conf/capture_packet_maat.json
-INC_CFG_DIR=capture_packet_rule/inc/index/
+INC_CFG_DIR=capture_packet_rule/inc/index/
-FULL_CFG_DIR=capture_packet_rule/full/index/
+FULL_CFG_DIR=capture_packet_rule/full/index/
-
+EFFECTIVE_RANGE_FILE=/opt/tsg/etc/tsg_device_tag.json
-[LOG]
+ACCEPT_TAGS={"tags":[{"tag":"data_center","value":"{{ data_center }}"}]}
-NIC_NAME={{ nic_mgr.name }}
+
-BROKER_LIST={{ log_kafkabrokers.address }}
+[LOG]
-FIELD_FILE=conf/capture_packet_log_field.conf
+NIC_NAME={{ nic_mgr.name }}
-
+BROKER_LIST={{ log_kafkabrokers.address | join(",") }}
-[SYSTEM]
+FIELD_FILE=conf/capture_packet_log_field.conf
-LOG_LEVEL={{ capture_packet_log_level }}
+
-LOG_PATH=./tsglog/capture_packet_plug/capture_packet
+[SYSTEM]
-
+LOG_LEVEL=30
 LOG_PATH=./tsglog/capture_packet_plug/capture_packet
--- a/roles/firewall/templates/http.conf.j2
+++ b/roles/firewall/templates/http.conf.j2
@@ -0,0 +1,43 @@
 #http_special
 #all regions
 1	HTTP_ALL
 2	HTTP_OTHER_REGIONS
 #http state
 3	HTTP_STATE
 4	HTTP_REQ_LINE
 5	HTTP_RES_LINE	
 6	HTTP_CONTENT            
 7	HTTP_UNGZIP_CONTENT
 8	HTTP_MESSAGE_URL
 9	HTTP_URI
 #http_request
 10	HTTP_HOST
 11	HTTP_REFERER
 12	HTTP_USER_AGENT
 13	HTTP_COOKIE
 14	HTTP_PROXY_AUTHORIZATION
 15	HTTP_AUTHORIZATION
 #http_response
 16	HTTP_LOCATION
 17	HTTP_SERVER
 18	HTTP_ETAG
 #http_general
 19	HTTP_DATE
 20	HTTP_TRAILER
 21	HTTP_TRANSFER_ENCODING
 22	HTTP_VIA
 23	HTTP_PRAGMA
 24	HTTP_CONNECTION
 #http_content
 25	HTTP_CONT_ENCODING
 26	HTTP_CONT_LANGUAGE
 27	HTTP_CONT_LOCATION
 28	HTTP_CONT_DISPOSITION
 29	HTTP_CONT_RANGE
 30	HTTP_CONT_LENGTH
 31	HTTP_CONT_TYPE
 32	HTTP_CHARSET
 33	HTTP_EXPIRES
 34	HTTP_X_FLASH_VERSION
 35	HTTP_TRANSFER_LENGTH
 36	Set-Cookie
--- a/roles/firewall/templates/maat.conf.j2
+++ b/roles/firewall/templates/maat.conf.j2
@@ -7,12 +7,13 @@ TABLE_INFO=tsgconf/tsg_static_tableinfo.conf
 STAT_FILE=tsg_static_maat.status
 EFFECT_INTERVAL_S=1
 REDIS_IP={{ maat_redis_server.address }}
-REDIS_PORT_NUM=1
+REDIS_PORT_NUM={{ maat_redis_server.port_num }}
-REDIS_PORT=7002
+REDIS_PORT={{ maat_redis_server.port }}
-REDIS_INDEX=0
+REDIS_INDEX={{ maat_redis_server.db }}
 JSON_CFG_FILE=tsgconf/tsg_maat.json
 INC_CFG_DIR=tsgrule/inc/index/
 FULL_CFG_DIR=tsgrule/full/index/
 EFFECTIVE_RANGE_FILE=/opt/tsg/etc/tsg_device_tag.json
 [DYNAMIC]
 ###0:location 1:json 2:redis
@@ -23,10 +24,45 @@ TABLE_INFO=tsgconf/tsg_dynamic_tableinfo.conf
 STAT_FILE=tsg_dynamic_maat.status
 EFFECT_INTERVAL_S=1
 REDIS_IP={{ dynamic_maat_redis_server.address }}
-REDIS_PORT_NUM=1
+REDIS_PORT_NUM={{ dynamic_maat_redis_server.port_num }}
-REDIS_PORT=7002
+REDIS_PORT={{ dynamic_maat_redis_server.port }}
-REDIS_INDEX=1
+REDIS_INDEX={{ dynamic_maat_redis_server.db }}
 JSON_CFG_FILE=tsgconf/tsg_maat.json
 INC_CFG_DIR=tsgrule/inc/index/
 FULL_CFG_DIR=tsgrule/full/index/
 EFFECTIVE_RANGE_FILE=/opt/tsg/etc/tsg_device_tag.json
 [APP_SIGNATURE_MAAT]
 MAAT_MODE=2
 STAT_SWITCH=1
 PERF_SWITCH=1
 TABLE_INFO=tsgconf/app_sketch_tableinfo.conf
 STAT_FILE=app_sketch_maat.status
 EFFECT_INTERVAL_S=1
 REDIS_IP={{ maat_redis_server.address }}
 REDIS_PORT_NUM={{ maat_redis_server.port_num }}
 REDIS_PORT={{ maat_redis_server.port }}
 REDIS_INDEX={{ maat_redis_server.db }}
 JSON_CFG_FILE=tsgconf/app_sketch_maat.json
 INC_CFG_DIR=tsgrule/inc/index/
 FULL_CFG_DIR=tsgrule/full/index/
 EFFECTIVE_RANGE_FILE=/opt/tsg/etc/tsg_device_tag.json
 [CAPTURE]
 MAAT_MODE=2
 STAT_SWITCH=1
 PERF_SWITCH=1
 TABLE_INFO=tsgconf/app_sketch_tableinfo.conf
 STAT_FILE=app_sketch_maat.status
 EFFECT_INTERVAL_S=1
 REDIS_IP={{ maat_redis_server.address }}
 REDIS_PORT_NUM={{ maat_redis_server.port_num }}
 REDIS_PORT={{ maat_redis_server.port }}
 REDIS_INDEX={{ maat_redis_server.db }}
 JSON_CFG_FILE=tsgconf/app_sketch_maat.json
 INC_CFG_DIR=tsgrule/inc/index/
 FULL_CFG_DIR=tsgrule/full/index/
 EFFECTIVE_RANGE_FILE=/opt/tsg/etc/tsg_device_tag.json
 [MAAT]
 ACCEPT_TAGS={"tags":[{"tag":"data_center","value":"{{ data_center }}"}]}
--- a/roles/firewall/templates/main.conf.j2
+++ b/roles/firewall/templates/main.conf.j2
@@ -1,3 +1,10 @@
 [VOIP_PLUG]
 TIMEOUT=300
 LOG_PATH="./tsglog/fw_voip_plug/fw_voip_plug"
 LOG_LEVEL={{ fw_voip_log_level }}
 TABLE_TO=TSG_FIELD_SIP_RESPONDER_DESCRIPTION
 TABLE_FROM=TSG_FIELD_SIP_ORIGINATOR_DESCRIPTION
 [FTP_PLUG]
 LOG_PATH="./tsglog/fw_ftp_plug/fw_ftp_plug"
 LOG_LEVEL={{ fw_ftp_log_level }}
@@ -20,6 +27,10 @@ LOG_LEVEL={{ fw_dns_log_level }}
 LOG_PATH="./tsglog/fw_quic_plug/fw_quic_plug"
 LOG_LEVEL={{ fw_quic_log_level }}
 [CONTROL_PLUG]
 LOG_PATH="./tsglog/app_control_plug/app_control_plug"
 LOG_LEVEL={{ app_control_log_level }}
 [MAAT]
 PROFILE="./tsgconf/maat.conf"
 SUBSCRIBER_ID_TABLE="TSG_OBJ_SUBSCRIBER_ID"
@@ -32,7 +43,7 @@ NIC_NAME="{{ nic_mgr.name }}"
 MAX_SERVICE=1
 LOG_LEVEL={{ tsg_log_level }}
 LOG_PATH="./tsglog/tsglog"
-BROKER_LIST="{{ log_kafkabrokers.address }}"
+BROKER_LIST="{{ log_kafkabrokers.address | join(",") }}"
 COMMON_FIELD_FILE="tsgconf/tsg_log_field.conf"
 [STATISTIC]
@@ -50,8 +61,43 @@ OUTPUT_PATH="./tsg_stat.log"
 APP_NAME="tsg_master"
 [SYSTEM]
 NIC_NAME="{{ nic_mgr.name }}"
 ENTRANCE_ID={{ tsg_master_entrance_id }}
 LOG_LEVEL={{ tsg_master_log_level }}
 LOG_PATH="./tsglog/tsg_master"
 POLICY_PRIORITY_LABEL="POLICY_PRIORITY"
-DEVICE_ID_COMMAND="hostname | awk -F'-' '{print $3}'| awk -F'ADC' '{print $2}'"
+L7_PROTOCOL_FILE="./tsgconf/tsg_l7_protocol.conf"
 DEVICE_ID_COMMAND="hostname | awk -F'-' '{print $3}'| awk -F'adc' '{print $2}'"
 [TSG_CONN_SKETCH]
 log_service=2
 live_service=6
 transaction_service=7
 live_service_switch=1
 transaction_service_switch=1
 live_intervals_time = 30
 [HOS_CONF]
 hos_serverip="{{ firewall.hos_serverip }}"
 hos_serverport={{ firewall.hos_serverport }}
 hos_accesskeyid="default"
 hos_secretkey="default"
 hos_poolsize=100
 hos_thread_sum=32
 hos_cache_size=102400
 hos_fs2_serverip="127.0.0.1"
 hos_fs2_serverport=10086
 [APP_SKETCH_LOCAL]
 LOG_LEVEL=10
 LOG_PATH="./tsglog/app_sketch_local/app_sketch_local"
 [APP_SKETCH_FEEDBACK]
 QOS=1
 PUBLISH_TOPIC="APP_SIGNATURE_ID"
 #CLIENT_ID=
 BROKER_IP="{{ firewall.APP_SKETCH_BROKER_IP }}"
 BROKER_PORT="{{ firewall.APP_SKETCH_BROKER_PORT }}"
 [APP_PROTO_ENGINE]
 license_path=/data/app_proto_engine/license
--- a/roles/firewall/templates/tsg_conn_sketch.inf.j2
+++ b/roles/firewall/templates/tsg_conn_sketch.inf.j2
@@ -0,0 +1,46 @@
 [PLUGINFO]
 PLUGNAME=TSG_CONN_SKETCH
 SO_PATH=./plug/business/tsg_conn_sketch/tsg_conn_sketch.so
 INIT_FUNC=tsg_conn_record_init
 DESTROY_FUNC=tsg_conn_record_destroy
 [TCP]
 FUNC_FLAG=ALL
 FUNC_NAME=tsg_record_tcp_entry
 [TCP_ALL]
 FUNC_FLAG=ALL
 FUNC_NAME=tsg_record_tcpall_entry
 [UDP]
 FUNC_FLAG=ALL
 FUNC_NAME=tsg_record_udp_entry
 [HTTP]
 FUNC_FLAG=ALL
 FUNC_NAME=tsg_record_http_entry
 [SSL]
 FUNC_FLAG=SSL_CLIENT_HELLO,SSL_SERVER_HELLO,SSL_APPLICATION_DATA,SSL_CERTIFICATE_DETAIL
 FUNC_NAME=tsg_record_ssl_entry
 [DNS]
 FUNC_FLAG=ALL
 FUNC_NAME=tsg_record_dns_entry
 [MAIL]
 FUNC_FLAG=ALL
 FUNC_NAME=tsg_record_mail_entry
 [RTP]
 FUNC_FLAG=ALL
 FUNC_NAME=tsg_record_rtp_entry
 [SIP]
 FUNC_FLAG=ALL
 FUNC_NAME=tsg_record_sip_entry
 [FTP]
 FUNC_FLAG=ALL
 FUNC_NAME=tsg_record_ftp_entry
--- a/roles/framework/files/libMESA_field_stat2-2.9.10.72ac4f1-2.el7.x86_64.rpm
+++ b/roles/framework/files/libMESA_field_stat2-2.9.10.72ac4f1-2.el7.x86_64.rpm
--- a/roles/framework/files/libMESA_field_stat2-2.9.4.4e2dd78-2.el7.x86_64.rpm
+++ b/roles/framework/files/libMESA_field_stat2-2.9.4.4e2dd78-2.el7.x86_64.rpm
--- a/roles/framework/files/libMESA_handle_logger-2.0.7.cb4ad71-2.el7.x86_64.rpm
+++ b/roles/framework/files/libMESA_handle_logger-2.0.7.cb4ad71-2.el7.x86_64.rpm
--- a/roles/framework/files/libMESA_handle_logger-2.0.8.f76af2f-2.el7.x86_64.rpm
+++ b/roles/framework/files/libMESA_handle_logger-2.0.8.f76af2f-2.el7.x86_64.rpm
--- a/roles/framework/files/libaws-c-common-1.0.3.fa2adf0-2.el7.x86_64.rpm
+++ b/roles/framework/files/libaws-c-common-1.0.3.fa2adf0-2.el7.x86_64.rpm
--- a/roles/framework/files/libaws-c-event-stream-1.0.6.67fd944-2.el7.x86_64.rpm
+++ b/roles/framework/files/libaws-c-event-stream-1.0.6.67fd944-2.el7.x86_64.rpm
--- a/roles/framework/files/libaws-checksums-1.0.6.8b09ac1-2.el7.x86_64.rpm
+++ b/roles/framework/files/libaws-checksums-1.0.6.8b09ac1-2.el7.x86_64.rpm
--- a/roles/framework/files/libaws-cpp-sdk-core-1.0.8.a3fe079-2.el7.x86_64.rpm
+++ b/roles/framework/files/libaws-cpp-sdk-core-1.0.8.a3fe079-2.el7.x86_64.rpm
--- a/roles/framework/files/libaws-cpp-sdk-s3-2.0.0.f3c33ea-2.el7.x86_64.rpm
+++ b/roles/framework/files/libaws-cpp-sdk-s3-2.0.0.f3c33ea-2.el7.x86_64.rpm
--- a/roles/framework/files/libhos-client-cpp-1.0.26.a8573f5-2.el7.x86_64.rpm
+++ b/roles/framework/files/libhos-client-cpp-1.0.26.a8573f5-2.el7.x86_64.rpm
--- a/roles/framework/files/libmaatframe-3.1.3.4fbcf21-2.el7.x86_64.rpm
+++ b/roles/framework/files/libmaatframe-3.1.3.4fbcf21-2.el7.x86_64.rpm
--- a/roles/framework/files/libmaatframe-3.2.1.8bf48ba-2.el7.x86_64.rpm
+++ b/roles/framework/files/libmaatframe-3.2.1.8bf48ba-2.el7.x86_64.rpm
--- a/roles/framework/files/librulescan-2.2.1.1716a7b-2.el7.x86_64.rpm
+++ b/roles/framework/files/librulescan-2.2.1.1716a7b-2.el7.x86_64.rpm
--- a/roles/framework/files/librulescan-2.2.3.93a68a2-2.el7.x86_64.rpm
+++ b/roles/framework/files/librulescan-2.2.3.93a68a2-2.el7.x86_64.rpm
--- a/roles/framework/files/maat_redis_tool
+++ b/roles/framework/files/maat_redis_tool
--- a/roles/framework/tasks/main.yml
+++ b/roles/framework/tasks/main.yml
@@ -12,19 +12,25 @@
    packages:
      - /tmp/ansible_deploy/libcjson-1.7.10.ab2896f-2.el7.x86_64.rpm
      - /tmp/ansible_deploy/libdocumentanalyze-2.0.6.2d1abe0-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/libmaatframe-3.1.3.4fbcf21-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/libmaatframe-3.2.1.8bf48ba-2.el7.x86_64.rpm
      - /tmp/ansible_deploy/libMESA_field_stat-1.0.2.6d45eed-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/libMESA_field_stat2-2.9.4.4e2dd78-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/libMESA_field_stat2-2.9.10.72ac4f1-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/libMESA_handle_logger-2.0.7.cb4ad71-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/libMESA_handle_logger-2.0.8.f76af2f-2.el7.x86_64.rpm
      - /tmp/ansible_deploy/libMESA_htable-3.10.12.cf4ccfc-2.el7.x86_64.rpm
      - /tmp/ansible_deploy/libMESA_prof_load-1.0.6.c6da36a-2.el7.x86_64.rpm
      - /tmp/ansible_deploy/librdkafka-0.11.4-1.el7.x86_64.rpm
-      - /tmp/ansible_deploy/librulescan-2.2.1.1716a7b-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/librulescan-2.2.3.93a68a2-2.el7.x86_64.rpm
      - /tmp/ansible_deploy/libtsglua-1.0.8.0dbf2e6-2.el7.x86_64.rpm
      - /tmp/ansible_deploy/libwiredcfg-2.0.6.67ae0ab-2.el7.x86_64.rpm
      - /tmp/ansible_deploy/libWiredLB-2.0.5.4629165-2.el7.x86_64.rpm
      - /tmp/ansible_deploy/lz4-1.7.5-3.el7.x86_64.rpm
      - /tmp/ansible_deploy/libbreakpad_mini-1.0.2.a56ef00-2.el7.x86_64.rpm
      - /tmp/ansible_deploy/libaws-c-common-1.0.3.fa2adf0-2.el7.x86_64.rpm
      - /tmp/ansible_deploy/libaws-c-event-stream-1.0.6.67fd944-2.el7.x86_64.rpm
      - /tmp/ansible_deploy/libaws-checksums-1.0.6.8b09ac1-2.el7.x86_64.rpm
      - /tmp/ansible_deploy/libaws-cpp-sdk-core-1.0.8.a3fe079-2.el7.x86_64.rpm
      - /tmp/ansible_deploy/libaws-cpp-sdk-s3-2.0.0.f3c33ea-2.el7.x86_64.rpm
      - /tmp/ansible_deploy/libhos-client-cpp-1.0.26.a8573f5-2.el7.x86_64.rpm
 - name: "mkdir /etc/ld.so.conf.d/"
  file:
@@ -38,3 +44,9 @@
 - name: "update ld"
  command: ldconfig
 - name: "copy maat_redis_tool to destination"
  copy:
    src: "{{ role_path }}/files/maat_redis_tool"
    dest: /opt/MESA/bin/
    mode: 0755
--- a/roles/http_healthcheck/files/http_healthcheck-20.04-1.el7.x86_64.rpm
+++ b/roles/http_healthcheck/files/http_healthcheck-20.04-1.el7.x86_64.rpm
--- a/roles/http_healthcheck/tasks/main.yml
+++ b/roles/http_healthcheck/tasks/main.yml
@@ -1,10 +0,0 @@
 - name: "copy http_healthcheck rpm to destination server"
  copy:
    src: "{{ role_path }}/files/"
    dest: /tmp/ansible_deploy/
 - name: "install http_healthcheck from localhost"
  yum:
    name:
      - /tmp/ansible_deploy/http_healthcheck-20.04-1.el7.x86_64.rpm
    state: present
--- a/roles/kernel-ml/tasks/main.yml
+++ b/roles/kernel-ml/tasks/main.yml
@@ -20,25 +20,6 @@
  command: /usr/sbin/grub2-set-default 0
  when: t_kernel_ml.changed
 - name: "copy /etc/default/grub"
  copy:
    src: "{{ role_path }}/files/grub"
    dest: "/etc/default"
  when: 
    - tsg_access_type == 4
    - t_kernel_ml.changed
 - name: "BIOS:grub2-mkconfig"
  shell: grub2-mkconfig -o /boot/grub2/grub.cfg
  when:
    - tsg_access_type == 4
    - t_kernel_ml.changed
 - name: "UEFI:grub2-mkconfig"
  shell: grub2-mkconfig  -o /boot/efi/EFI/centos/grub.cfg
  when:
    - tsg_access_type == 4
    - t_kernel_ml.changed
 #- name: "reboot"
 #  reboot:
--- a/roles/kni/files/kni-20.10.20201019.3f20d93-2.el7.x86_64.rpm
+++ b/roles/kni/files/kni-20.10.20201019.3f20d93-2.el7.x86_64.rpm
--- a/roles/kni/tasks/main.yml
+++ b/roles/kni/tasks/main.yml
@@ -1,24 +0,0 @@
 ---
 - name: "copy kni to destination server"
  copy:
    src: "{{ role_path }}/files/"
    dest: /tmp/ansible_deploy/
 - name: "install kni rpms from localhost"
  yum:
    name:
      - /tmp/ansible_deploy/kni-20.10.20201019.3f20d93-2.el7.x86_64.rpm
    state: present
    skip_broken: yes
 - name: Template the kni.conf
  template:
    src: "{{ role_path }}/templates/kni.conf.j2"
    dest: /home/mesasoft/sapp_run/etc/kni/kni.conf
  tags: template
 - name: "enable sapp"
  systemd:
    name: sapp
    enabled: yes
    daemon_reload: yes
--- a/roles/kni/templates/kni.conf.j2
+++ b/roles/kni/templates/kni.conf.j2
@@ -1,144 +0,0 @@
 [global]
 log_path = ./log/kni/kni.log
 log_level = {{ kni_log_level }}
 tfe_node_count = {{ kni.global.tfe_node_count }}
 manage_eth = {{ nic_mgr.name }}
 {% if tsg_running_type != 2 %}
 deploy_mode = tun
 {% else %}
 deploy_mode = normal
 {% endif %}
 tun_name = tun_kni
 src_mac_addr = 00:0e:c6:d6:72:c1
 dst_mac_addr = fe:65:b7:03:50:bd
 {% if tsg_access_type == 4 %}
 [tfe0]
 enabled = 1
 dev_eth_symbol = {{ ATCA_data_incoming.vf1_name }}
 ip_addr = 192.168.100.1
 {% elif tsg_running_type == 2 %}
 [tfe0]
 enabled = {{ kni.tfe_nodes.tfe0_enabled }}
 dev_eth_symbol = {{ nic_to_tfe.tfe0.name }}
 ip_addr = 192.168.100.2
 [tfe1]
 enabled = {{ kni.tfe_nodes.tfe1_enabled }}
 dev_eth_symbol = {{ nic_to_tfe.tfe1.name }}
 ip_addr = 192.168.100.3
 [tfe2]
 enabled = {{ kni.tfe_nodes.tfe2_enabled }}
 dev_eth_symbol = {{ nic_to_tfe.tfe2.name }}
 ip_addr = 192.168.100.4
 {% endif %}
 [tfe_cmsg_receiver]
 listen_eth = {{ nic_inner_ctrl.name }}
 listen_port = 2475
 [watch_dog]
 switch = {{ kni.watch_dog.switch }}
 listen_eth = {{ nic_inner_ctrl.name }}
 listen_port = 2476
 keepalive_idle = 2
 keepalive_intvl = 1
 keepalive_cnt = 3
 [marsio]
 appsym = knifw
 [dup_traffic]
 switch = 1
 action = 2
 capacity = 10000000
 error_rate = 0.00001
 expiry_time = 60
 [traceid2pme_htable]
 mho_screen_print_ctrl = 0
 mho_thread_safe = 1
 mho_mutex_num = 160
 mho_hash_slot_size = 640000
 mho_hash_max_element_num = 2560000
 mho_expire_time = 30
 mho_eliminate_type = LRU
 #per thread
 [tuple2stream_htable]
 mho_screen_print_ctrl = 0
 mho_thread_safe = 0
 mho_mutex_num = 160
 mho_hash_slot_size = 80000
 mho_hash_max_element_num = 320000
 mho_expire_time = 0
 mho_eliminate_type = LRU
 [field_stat]
 remote_switch = 1
 remote_ip = 127.0.0.1
 remote_port = 58100
 local_path = ./fs2_kni.status
 stat_cycle = 1
 print_mode = 1
 # 1:FS_OUTPUT_STATSD; 2:FS_OUTPUT_INFLUX_LINE
 statsd_format = 2
 APP_NAME = fs2_kni
 #self test Shunt rules security policy id
 [tsg_diagnose]
 enabled = 1
 security_policy_id = 3,10
 [ssl_dynamic_bypass]
 enabled = 1
 #kni dynamic bypass
 [traceid2sslinfo_htable]
 mho_screen_print_ctrl = 0
 mho_thread_safe = 1
 mho_mutex_num = 160
 mho_hash_slot_size = 80000
 mho_hash_max_element_num = 320000
 mho_expire_time = 300
 mho_eliminate_type = FIFO
 [sslinfo2bypass_htable]
 mho_screen_print_ctrl = 0
 mho_thread_safe = 1
 mho_mutex_num = 160
 mho_hash_slot_size = 640000
 mho_hash_max_element_num = 2560000
 mho_expire_time = 300
 mho_eliminate_type = FIFO
 [proxy_tcp_option]
 enabled = 1
 maat_table_compile = PXY_TCP_OPTION_COMPILE
 maat_table_addr = PXY_TCP_OPTION_ADDR
 maat_table_fqdn = PXY_TCP_OPTION_SERVER_FQDN
 enable_override = 0
 client_tcp_maxseg_enable = 0
 client_tcp_maxseg = 1460
 client_tcp_nodelay =  1
 client_tcp_ttl = 70
 client_tcp_keepalive_enable = 1
 client_tcp_keepalive_keepcnt = 8
 client_tcp_keepalive_keepidle = 30
 client_tcp_keepalive_keepintvl = 15
 client_tcp_user_timeout = 600
 server_tcp_maxseg_enable = 0
 server_tcp_maxseg = 1460
 server_tcp_nodelay = 1
 server_tcp_ttl = 75
 server_tcp_keepalive_enable = 1
 server_tcp_keepalive_keepcnt = 8
 server_tcp_keepalive_keepidle = 30
 server_tcp_keepalive_keepintvl = 15
 server_tcp_user_timeout = 600
 bypass_duplicated_packet = 0
 tcp_passthrough = 0
 [share_session_attribute]
 SESSION_ATTRIBUTE_LABEL=TSG_MASTER_INTERNAL_LABEL
--- a/roles/mrzcpd/files/memory.conf
+++ b/roles/mrzcpd/files/memory.conf
@@ -1,2 +0,0 @@
 [Service]
 MemoryMax=100G
--- a/roles/mrzcpd/files/mrzcpd-4.3.28.2d13de4-1.el7.x86_64.rpm
+++ b/roles/mrzcpd/files/mrzcpd-4.3.28.2d13de4-1.el7.x86_64.rpm
--- a/roles/mrzcpd/tasks/main.yml
+++ b/roles/mrzcpd/tasks/main.yml
@@ -6,7 +6,7 @@
 - name: "install mrzcpd"
  yum:
-    name: /tmp/ansible_deploy/mrzcpd-4.3.28.2d13de4-1.el7.x86_64.rpm
+    name: /tmp/ansible_deploy/mrzcpd-4.4.5.cebe25a-1.el7.x86_64.rpm
    state: present
 - name: "update sysconfig/mrzcpd"
@@ -18,169 +18,33 @@
  template:
    src: "{{ role_path }}/templates/traffic_mirror/mrglobal.conf.traffic_mirror.j2"
    dest: /opt/mrzcpd/etc/mrglobal.conf
  when: nic_traffic_mirror is defined
 - name: "copy mrapp.sapp4.conf to destination server"
  template:
    src: "{{ role_path }}/templates/mrapp.sapp4.conf "
    dest: /opt/mrzcpd/etc/mrapp.sapp4.conf 
  when: 
    - tsg_access_type == 4
 - name: "update mrglobal.conf.adc_inline"
  template:
    src: "{{ role_path }}/templates/adc_inline/mrglobal.conf.adc_inline.j2"
    dest: /opt/mrzcpd/etc/mrglobal.conf
  when: 
    - nic_traffic_mirror is not defined
    - tsg_access_type == 1
    - tsg_running_type == 2
 - name: "update mrglobal.conf.server_inline"
  template:
    src: "{{ role_path }}/templates/server_inline/mrglobal.conf.server_inline.j2"
    dest: /opt/mrzcpd/etc/mrglobal.conf
  when: 
    - nic_traffic_mirror is not defined
    - tsg_access_type == 1
    - tsg_running_type != 2
 - name: "update mrglobal.conf.allot - mcn0"
  template:
    src: "{{ role_path }}/templates/allot_access/mrglobal.conf.allot_access.j2"
    dest: /opt/mrzcpd/etc/mrglobal.conf
  when: 
    - nic_traffic_mirror is not defined
    - tsg_access_type == 2
 - name: "update mrglobal.conf.adc_tun_mode - mcn0"
  template:
    src: "{{ role_path }}/templates/adc_tun_mode/mrglobal.conf.adc_tun_mode.j2"
    dest: /opt/mrzcpd/etc/mrglobal.conf
  when: 
    - nic_traffic_mirror is not defined
    - tsg_access_type == 3
 - name: "update mrglobal.conf.ATCA_Vlan_Flipping"
  template:
    src: "{{ role_path }}/templates/ATCA_Vlan_Flipping/mrglobal.conf.ATCA_Vlan_Flipping.j2"
    dest: /opt/mrzcpd/etc/mrglobal.conf
  when: 
    - nic_traffic_mirror is not defined
    - tsg_access_type == 4
 - name: "update mrglobal.conf.ATCA_VXLAN"
  template:
    src: "{{ role_path }}/templates/ATCA_VXLAN/mrglobal.conf.ATCA_VXLAN.j2"
    dest: /opt/mrzcpd/etc/mrglobal.conf
  when:
    - nic_traffic_mirror is not defined
    - tsg_access_type == 5
 - name: "update mrtunnat.conf.adc_inline"
  template:
    src: "{{ role_path }}/templates/adc_inline/mrtunnat.conf.adc_inline.j2"
    dest: /opt/mrzcpd/etc/mrtunnat.conf
  when: 
    - nic_traffic_mirror is not defined
    - tsg_access_type == 1
    - tsg_running_type == 2 
 - name: "update mrtunnat.conf.server_inline"
  template:
    src: "{{ role_path }}/templates/server_inline/mrtunnat.conf.server_inline.j2"
    dest: /opt/mrzcpd/etc/mrtunnat.conf
  when: 
    - nic_traffic_mirror is not defined
    - tsg_access_type == 1
    - tsg_running_type != 2 
 - name: "update mrtunnat.conf.allot_access - mcn0"
  template:
    src: "{{ role_path }}/templates/allot_access/mrtunnat.conf.allot_access.j2"
    dest: /opt/mrzcpd/etc/mrtunnat.conf
  when: 
    - nic_traffic_mirror is not defined
    - tsg_access_type == 2
 - name: "update mrtunnat.conf.adc_tun_mode - mcn0"
  template:
    src: "{{ role_path }}/templates/adc_tun_mode/mrtunnat.conf.adc_tun_mode.j2"
    dest: /opt/mrzcpd/etc/mrtunnat.conf
  when: 
    - nic_traffic_mirror is not defined
    - tsg_access_type == 3
 - name: "update mrtunnat.conf.ATCA_Vlan_Flipping"
  template:
    src: "{{ role_path }}/templates/ATCA_Vlan_Flipping/mrtunnat.conf.ATCA_Vlan_Flipping.j2"
    dest: /opt/mrzcpd/etc/mrtunnat.conf
  when: 
    - nic_traffic_mirror is not defined
    - tsg_access_type == 4
 - name: "update mrtunnat.conf.ATCA_VXLAN"
  template:
    src: "{{ role_path }}/templates/ATCA_VXLAN/mrtunnat.conf.ATCA_VXLAN.j2"
    dest: /opt/mrzcpd/etc/mrtunnat.conf
  when:
    - nic_traffic_mirror is not defined
    - tsg_access_type == 5
 - name: "enable mrenv"
  systemd:
    name: mrenv
    enabled: yes
    daemon_reload: yes
  when: 
    - tsg_access_type != 0
 - name: "enable mrzcpd"
  systemd:
    name: mrzcpd
    enabled: yes
    daemon_reload: yes
  when: 
    - tsg_access_type != 0
- name: "enable mrtunnat on master"
+- name: "enable prometheus output - monit_device"
  systemd:
-    name: mrtunnat
+    name: mrapm_device
    enabled: yes
    daemon_reload: yes
 - name: "enable prometheus output - monit_stream"
  systemd:
    name: mrapm_stream
    enabled: yes
    daemon_reload: yes
  when: 
    - nic_traffic_mirror is not defined
    - tsg_access_type != 0
 - name: "disable mrtunnat on slave"
  systemd:
    name: mrtunnat
    enabled: no
    daemon_reload: yes
  when: nic_traffic_mirror is defined
 - name: "copy memory limit file to tfe.service.d"
  copy:
    src: "{{ role_path }}/files/memory.conf"
    dest: /etc/systemd/system/mrzcpd.service.d/
    mode: 0644
 - name: "mask mrzcpd on server_tun_mode"
  systemd:
    name: mrzcpd
    enabled: no
    masked: yes
    daemon_reload: yes
  when: 
    - tsg_access_type == 0
 - name: "mask mrtunnat on server_tun_mode"
  systemd:
    name: mrtunnat
    enabled: no
    masked: yes
    daemon_reload: yes
  when: 
    - tsg_access_type == 0
--- a/roles/mrzcpd/templates/ATCA_VXLAN/mrglobal.conf.ATCA_VXLAN.j2
+++ b/roles/mrzcpd/templates/ATCA_VXLAN/mrglobal.conf.ATCA_VXLAN.j2
@@ -1,57 +0,0 @@
 [device]
 device={{ATCA_data_incoming.vf0_name}},{{ ATCA_data_incoming.vf1_name }},vxlan_user,vxlan_fwd
 sz_tunnel=8192
 sz_buffer=32
 [device:{{ATCA_data_incoming.vf0_name}}]
 mtu=4096
 clear_tx_flags=1
 hw_strip_crc=1
 in_addr={{ ATCA_VXLAN.keepalive_ip }}
 in_mask={{ ATCA_VXLAN.keepalive_mask }}
 #rssmode=3
 [device:{{ ATCA_data_incoming.vf1_name }}]
 mtu=4096
 clear_tx_flags=1
 vlan-filter=1
 vlan-strip=1
 vlan-id-allow=4095
 vlan-pvid=0
 vlan-pvid-mode=2
 hw_strip_crc=1
 sz_tunnel=8192
 sz_buffer=0
 [service]
 # lcore id for i/o service, use comma to split
 iocore={{ mrzcpd.iocore }}
 distmode=1
 hashmode=0
 idle_threshold=10000
 [eal]
 virtaddr=0x7f40c4a00000
 loglevel=7
 [keepalive]
 check_spinlock=0
 [ctrlzone]
 ctrlzone0=tunnat,64
 [pool]
 create_mode=3
 sz_direct_pktmbuf=4194304
 sz_indirect_pktmbuf=8192
 sz_cache=256
 sz_data=4096
 [forward]
 nr_forward_rule=6
 forward_rule_0=pv,{{ATCA_data_incoming.vf0_name}},{{ATCA_data_incoming.vf0_name}}
 forward_rule_1=vp,{{ATCA_data_incoming.vf0_name}},{{ATCA_data_incoming.vf0_name}}
 forward_rule_2=vv,vxlan_fwd,vxlan_user
 forward_rule_3=vv,vxlan_user,vxlan_fwd
 forward_rule_4=pv,{{ ATCA_data_incoming.vf1_name }},{{ ATCA_data_incoming.vf1_name }}
 forward_rule_5=vp,{{ ATCA_data_incoming.vf1_name }},{{ ATCA_data_incoming.vf1_name }}
--- a/roles/mrzcpd/templates/ATCA_VXLAN/mrtunnat.conf.ATCA_VXLAN.j2
+++ b/roles/mrzcpd/templates/ATCA_VXLAN/mrtunnat.conf.ATCA_VXLAN.j2
@@ -1,20 +0,0 @@
 [tunnat]
 lcore_id={{ mrtunnat.lcore_id }}
 appsym=tunnat
 phydev={{ATCA_data_incoming.vf0_name}}
 virtdev=vxlan_fwd
 nr_max_sessions=524280
 nr_slots=1048576
 expire_time=60
 reverse_tunnel=0
 use_recent_tunnel=0
 use_link_info_table=1
 use_tuple4_as_sskey=0
 ctrlzone_addr_info_type=2
 idle_threshold=10000
 [vlan_flipping]
 enable=0
 c_router_vlan_id_0=1000
 i_router_vlan_id_0=1001
 en_mac_flipping_0=0
--- a/roles/mrzcpd/templates/ATCA_Vlan_Flipping/mrglobal.conf.ATCA_Vlan_Flipping.j2
+++ b/roles/mrzcpd/templates/ATCA_Vlan_Flipping/mrglobal.conf.ATCA_Vlan_Flipping.j2
@@ -1,60 +0,0 @@
 [device]
 device={{ATCA_data_incoming.vf0_name}},{{ ATCA_data_incoming.vf1_name }},vxlan_user,vxlan_fwd
 sz_tunnel=8192
 sz_buffer=32
 [device:{{ATCA_data_incoming.vf0_name}}]
 mtu=4096
 clear_tx_flags=1
 vlan-filter=1
 vlan-strip=1
 vlan-id-allow={{ ATCA_VlanFlipping.vlanID_1 }},{{ ATCA_VlanFlipping.vlanID_2 }},{{ ATCA_VlanFlipping.vlanID_3 }},{{ ATCA_VlanFlipping.vlanID_4 }}
 vlan-pvid=0
 vlan-pvid-mode=2
 hw_strip_crc=1
 #rssmode=3
 [device:{{ ATCA_data_incoming.vf1_name }}]
 mtu=4096
 clear_tx_flags=1
 vlan-filter=1
 vlan-strip=1
 vlan-id-allow=4095
 vlan-pvid=0
 vlan-pvid-mode=2
 hw_strip_crc=1
 sz_tunnel=8192
 sz_buffer=0
 [service]
 # lcore id for i/o service, use comma to split
 iocore={{ mrzcpd.iocore }}
 distmode=1
 hashmode=0
 idle_threshold=10000
 [eal]
 virtaddr=0x7f40c4a00000
 loglevel=7
 [keepalive]
 check_spinlock=0
 [ctrlzone]
 ctrlzone0=tunnat,64
 [pool]
 create_mode=3
 sz_direct_pktmbuf=4194304
 sz_indirect_pktmbuf=8192
 sz_cache=256
 sz_data=4096
 [forward]
 nr_forward_rule=6
 forward_rule_0=pv,{{ATCA_data_incoming.vf0_name}},{{ATCA_data_incoming.vf0_name}}
 forward_rule_1=vp,{{ATCA_data_incoming.vf0_name}},{{ATCA_data_incoming.vf0_name}}
 forward_rule_2=vv,vxlan_fwd,vxlan_user
 forward_rule_3=vv,vxlan_user,vxlan_fwd
 forward_rule_4=pv,{{ ATCA_data_incoming.vf1_name }},{{ ATCA_data_incoming.vf1_name }}
 forward_rule_5=vp,{{ ATCA_data_incoming.vf1_name }},{{ ATCA_data_incoming.vf1_name }}
--- a/roles/mrzcpd/templates/ATCA_Vlan_Flipping/mrtunnat.conf.ATCA_Vlan_Flipping.j2
+++ b/roles/mrzcpd/templates/ATCA_Vlan_Flipping/mrtunnat.conf.ATCA_Vlan_Flipping.j2
@@ -1,23 +0,0 @@
 [tunnat]
 lcore_id={{ mrtunnat.lcore_id }}
 appsym=tunnat
 phydev={{ATCA_data_incoming.vf0_name}}
 virtdev=vxlan_fwd
 nr_max_sessions=524280
 nr_slots=1048576
 expire_time=60
 reverse_tunnel=0
 use_recent_tunnel=0
 use_link_info_table=1
 use_tuple4_as_sskey=0
 ctrlzone_addr_info_type=2
 idle_threshold=10000
 [vlan_flipping]
 enable=1
 c_router_vlan_id_0={{ ATCA_VlanFlipping.vlanID_1 }}
 i_router_vlan_id_0={{ ATCA_VlanFlipping.vlanID_2 }}
 en_mac_flipping_0=0
 c_router_vlan_id_1={{ ATCA_VlanFlipping.vlanID_3 }}
 i_router_vlan_id_1={{ ATCA_VlanFlipping.vlanID_4 }}
 en_mac_flipping_1=0
--- a/roles/mrzcpd/templates/adc_inline/mrglobal.conf.adc_inline.j2
+++ b/roles/mrzcpd/templates/adc_inline/mrglobal.conf.adc_inline.j2
@@ -1,67 +0,0 @@
 [device]
 device={{nic_data_incoming.name}},{{nic_to_tfe.tfe0.name}},{{nic_to_tfe.tfe1.name}},{{nic_to_tfe.tfe2.name}},vxlan_user,vxlan_fwd
 sz_tunnel=8192
 sz_buffer=0
 [device:{{nic_data_incoming.name}}]
 in_addr={{inline_device_config.keepalive_ip}}
 in_mask={{inline_device_config.keepalive_mask}}
 jumbo_frame=1
 max_rx_pkt_len=15360
 clear_tx_flags=1
 vlan-filter=1
 vlan-id-allow=1000,1001,4000,4001
 [device:{{nic_to_tfe.tfe0.name}}]
 jumbo_frame=1
 max_rx_pkt_len=15360
 clear_tx_flags=1
 promisc=1
 [device:{{nic_to_tfe.tfe1.name}}]
 jumbo_frame=1
 max_rx_pkt_len=15360
 clear_tx_flags=1
 promisc=1
 [device:{{nic_to_tfe.tfe2.name}}]
 jumbo_frame=1
 max_rx_pkt_len=15360
 clear_tx_flags=1
 promisc=1
 [service]
 # lcore id for i/o service, use comma to split
 iocore={{ mrzcpd.iocore }}
 distmode=2
 hashmode=0
 [eal]
 virtaddr=0x7f40c4a00000
 loglevel=7
 [keepalive]
 check_spinlock=0
 [ctrlzone]
 ctrlzone0=tunnat,64
 [pool]
 create_mode=3
 sz_direct_pktmbuf=4194304
 sz_indirect_pktmbuf=8192
 sz_cache=256
 sz_data=4096
 [forward]
 nr_forward_rule=10
 forward_rule_0=pv,{{nic_data_incoming.name}},{{nic_data_incoming.name}}
 forward_rule_1=vp,{{nic_data_incoming.name}},{{nic_data_incoming.name}}
 forward_rule_2=vv,vxlan_fwd,vxlan_user
 forward_rule_3=vv,vxlan_user,vxlan_fwd
 forward_rule_4=pv,{{nic_to_tfe.tfe0.name}},{{nic_to_tfe.tfe0.name}}
 forward_rule_5=vp,{{nic_to_tfe.tfe0.name}},{{nic_to_tfe.tfe0.name}}
 forward_rule_6=pv,{{nic_to_tfe.tfe1.name}},{{nic_to_tfe.tfe1.name}}
 forward_rule_7=vp,{{nic_to_tfe.tfe1.name}},{{nic_to_tfe.tfe1.name}}
 forward_rule_8=pv,{{nic_to_tfe.tfe2.name}},{{nic_to_tfe.tfe2.name}}
 forward_rule_9=vp,{{nic_to_tfe.tfe2.name}},{{nic_to_tfe.tfe2.name}}
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
fumingwei	c810c89082	feature:新增部署packet_dump的操作	2021-07-22 17:31:28 +08:00
fumingwei	58f1bc8044	bugfix:修改部署过程出现配置文件路径错误和变量缺失问题	2021-07-22 17:17:28 +08:00
fumingwei	7fe7cc953e	同步tsg-os配置文件	2021-07-21 11:40:30 +08:00
fumingwei	e2fe322a06	firewall插件和tsg-os同步	2021-07-21 10:21:07 +08:00
fumingwei	5729ad8653	bugfix:删除多余kni插件	2021-07-06 15:09:02 +08:00
fumingwei	e3977b920e	OMPUB-159:新增v21.06适配mirror流量的DPI安装包	2021-07-06 14:48:40 +08:00
fumingwei	3322c11ad9	更新gtp rpm包版本由v1.0.3到v1.0.4	2021-06-08 10:04:04 +08:00
fumingwei	c3085983cf	注释掉mcn3上安装switch_control，新增mcn3上的adc_exporter	2021-06-02 16:50:46 +08:00
fumingwei	1f30b045be	v21.05: 更新tfe	2021-06-01 17:22:01 +08:00
fumingwei	6bf568fcbe	v21.05:新增gtp_signaling_plug插件	2021-06-01 16:35:09 +08:00
fumingwei	a013eff4ab	v21.05:新增gtp插件	2021-06-01 16:32:54 +08:00
fumingwei	35e543676d	v21.05: 更新kni	2021-06-01 16:29:11 +08:00
fumingwei	605a42c867	v21.05:更新librulescan安装包	2021-06-01 16:27:13 +08:00
fumingwei	13cbc426a7	v21.05:更新fw_mail_plug 插件	2021-06-01 16:24:53 +08:00
fumingwei	b59eeb68f5	v21.05: 更新:tsg_conn_sketch 插件	2021-06-01 16:22:40 +08:00
fumingwei	4740eeb48b	v21.05:更新libmaatframe	2021-06-01 16:20:41 +08:00
fumingwei	f0637faf7a	v21.05: 更新sapp	2021-06-01 16:16:07 +08:00
fumingwei	04b88b791f	v21.05:更新app_proto_identify插件	2021-06-01 15:57:37 +08:00
fumingwei	b7d6f32f8e	v21.05:更新app_sketch_local 插件	2021-06-01 15:55:43 +08:00
fumingwei	19743438a6	更新fw_http_plug插件	2021-06-01 15:53:54 +08:00
fumingwei	b7216727f8	更新v21.05 tsg_master插件	2021-06-01 15:52:17 +08:00
fumingwei	5515d7dd7a	更新mesa_sip插件	2021-06-01 15:50:32 +08:00
fumingwei	20b3719fbe	修改main.yml中的voip引用的table info表项	2021-05-19 18:19:05 +08:00
fumingwei	e15494d7e4	增加安装内核后，重启操作	2021-05-06 15:02:39 +08:00
fumingwei	628b0bbf04	修改变量log_mino 为 pangu_pxy.log_cache	2021-04-27 18:42:21 +08:00
fumingwei	b0dc10d139	增加sapp conflist的mesa_sip,rtp,fw_voip_plug 插件	2021-04-27 10:14:06 +08:00
fumingwei	f64240fcbf	增加package-dump 监控	2021-04-26 18:13:53 +08:00
fumingwei	ff90a94d4b	修改packet_dump_server 使用的配置文件	2021-04-26 11:45:09 +08:00
fumingwei	fb1c66c76c	1、新增dump_rtp_pcap安装2、整合配置变量	2021-04-25 17:19:23 +08:00
fumingwei	6e495828f0	修改和增加sapp的配置文件	2021-04-23 18:07:30 +08:00
fumingwei	2c58349922	21.04 版本更新，更新记录：https://docs.geedge.net/pages/viewpage.action?pageId=28803144	2021-04-22 19:45:01 +08:00
fumingwei	04cea8afd4	Merge branch 'tsg-version21.04-deploy' of https://git.mesalab.cn/tsg/tsg-scripts into tsg-version21.04-deploy	2021-04-17 10:09:35 +08:00
fumingwei	9dcd0cfbdd	修改atca vxlan流量属性接入配置	2021-04-17 10:08:40 +08:00
fumingwei	8338693e40	更新hos-client-cpp rpm 包	2021-04-16 17:54:39 +08:00
fumingwei	88664464f9	修复21.03 bug，相关链接：https://docs.geedge.net/pages/viewpage.action?pageId=30869129	2021-04-16 15:52:37 +08:00
fumingwei	6a98bc17b8	修改atca vxlan流量属性接入配置	2021-04-13 09:42:11 +08:00
fumingwei	1ed3568b7f	增加支持hos 公共库的rpm包	2021-03-23 16:49:12 +08:00
fumingwei	0a16f4dc3d	增加在tun模式下开启tfe-env-tun-mode service	2021-03-23 09:30:22 +08:00
fumingwei	131bb95a1e	i更新mesa_ip 到最新版本	2021-03-19 15:14:14 +08:00
fumingwei	14b3be388a	21.03 版本更新，更新内容请参考；https://docs.geedge.net/pages/viewpage.action?pageId=23042804	2021-03-19 14:24:42 +08:00
fumingwei	f8d24abd4c	修改自检部署脚本位置	2021-02-08 09:23:58 +08:00
fumingwei	bd3bcd1e91	添加自检安装部署	2021-02-08 09:21:47 +08:00
fumingwei	41f8a0c8da	更新tsg_master，sapp，libmaatframe，tfe，app_control_plug，app_master rpm包	2021-02-07 19:47:38 +08:00
fumingwei	6dfaf41870	20.11.rc3 rebase version 20.11	2021-01-31 22:50:33 +08:00
fumingwei	bcf5049ecb	晚上服务器部署模式	2021-01-29 19:41:26 +08:00
fumingwei	5267b73590	tsg scripts version 20.11 上传	2021-01-29 18:03:04 +08:00