update dpi 20.08.1

deploy.yml

@@ -1,26 +1,9 @@
-- hosts:
+- hosts: Functional_Host
-    - adc_mcn0
-    - adc_mcn1
-    - adc_mcn2
-    - adc_mcn3
-  remote_user: root
-  vars_files:
-    - install_config/group_vars/adc_global.yml
   roles:
     - framework
     - kernel-ml
-    - telegraf_collect
 
-- hosts: adc_mxn
+- hosts: blade-00
-  remote_user: root
-  roles:
-#    - tsg-env-mxn
-
-- hosts: adc_mcn0
-  remote_user: root
-  vars_files:
-    - install_config/group_vars/adc_global.yml
-    - install_config/group_vars/adc_mcn0.yml
   roles:
 #    - tsg-env-mcn0
     - mrzcpd
@@ -28,77 +11,35 @@
     - tsg_master
     - kni
     - firewall
-    - tsg_app
     - http_healthcheck
-    - packet_dump
+    - clotho
     - certstore
     - cert-redis
     - telegraf_statistic
-#    - tsg_device_tag
 
-- hosts: adc_mcn1
+- hosts: blade-01
-  remote_user: root
-  vars_files:
-    - install_config/group_vars/adc_global.yml
-    - install_config/group_vars/adc_mcn1.yml
   roles:
 #    - tsg-env-mcn1
     - mrzcpd
     - tfe
 
-- hosts: adc_mcn2
+- hosts: blade-02
-  remote_user: root
-  vars_files:
-    - install_config/group_vars/adc_global.yml
-    - install_config/group_vars/adc_mcn2.yml
   roles:
 #    - tsg-env-mcn2
     - mrzcpd
     - tfe
 
-- hosts: adc_mcn3
+- hosts: blade-03
-  remote_user: root
-  vars_files:
-    - install_config/group_vars/adc_global.yml
-    - install_config/group_vars/adc_mcn3.yml
   roles:
 #    - tsg-env-mcn3
     - mrzcpd
     - tfe
 
-- hosts: adc_mcn0
+- hosts: blade-mxn
-  remote_user: root
   roles:
-    - tsg-diagnose
+#    - tsg-env-mxn
 
-- hosts: 
+- hosts: pc-as-tun-mode
-    - adc_mcn1
-    - adc_mcn2
-    - adc_mcn3
-  remote_user: root
-  roles:
-    - tsg-diagnose_sync_ca
-    
-- hosts: adc_mcn0
-  remote_user: root
-  roles:
-    - tsg-diagnose_stop_sync
-
-- hosts:
-    - adc_mcn0
-    - adc_mcn1
-    - adc_mcn2
-    - adc_mcn3
-  remote_user: root
-  vars_files:
-    - install_config/group_vars/adc_global.yml
-  roles:
-    - reboot
-
-- hosts: server-as-tun-mode
-  remote_user: root
-  vars_files:
-    - install_config/group_vars/server_as_tun_mode.yml
   roles:
     - kernel-ml
     - framework
@@ -108,21 +49,10 @@
     - tsg_master
     - kni
     - firewall
-    - tsg_app
     - http_healthcheck
-    - packet_dump
+    - clotho
     - certstore
     - cert-redis
     - tfe
     - telegraf_statistic
-    - telegraf_collect
     - proxy_status
-#    - tsg_device_tag
-    - reboot
-
-- hosts: app_global
-  remote_user: root
-  vars_files:
-    - install_config/group_vars/app_global.yml
-  roles:
-    - app_global

install_config/group_vars/adc_global.yml

@@ -1,111 +0,0 @@
-#########################################
-#####1: Inline_device;  2: Allot;  3: ADC_Tun_mode;
-tsg_access_type: 3
-#####2: ADC;
-tsg_running_type: 2
-
-########################################
-#Deploy_finished_reboot
-Deploy_finished_reboot: 1
-
-########################################
-#IP Config
-maat_redis_server:
-  address: "192.168.40.168"
-  port: 7002
-  db: 0
-
-dynamic_maat_redis_server:
-  address: "192.168.40.168"
-  port: 7002
-  db: 0
-
-cert_store_server:
-  address: "192.168.100.1"
-  port: 9991
-
-log_kafkabrokers:
-  address: "1.1.1.1:9092,2.2.2.2:9092"
-
-monitor_outputs_influxdb:
-  url: "http://192.168.41.182:58086"
-
-log_minio:
-  address: "192.168.40.168;"
-  port: 9090
-
-#########################################
-#Log Level Config
-#日志等级 10:DEBUG 20:INFO 30:FATAL
-fw_ftp_log_level: 10
-fw_mail_log_level: 10
-fw_http_log_level: 10
-fw_dns_log_level: 10
-fw_quic_log_level: 10
-capture_packet_log_level: 10
-tsg_log_level: 10
-tsg_master_log_level: 10
-kni_log_level: 10
-
-#日志等级 DEBUG INFO FATAL
-tfe_log_level: DEBUG
-tfe_http_log_level: DEBUG
-pangu_log_level: DEBUG
-doh_log_level: DEBUG
-
-certstore_log_level: 10
-packet_dump_log_level: 10
-
-#######################################
-#Sapp Performance Config
-#Sapp工作在ADC计算板0时，建议使用如下30+8的配置，以保证更高的处理性能
-sapp:
-  worker_threads: 37
-  send_only_threads_max: 1
-  bind_mask: 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38
-  inbound_route_dir: 1
-
-########################################
-#Kni Config
-kni:
-  global:
-    tfe_node_count: 3
-  watch_dog:
-    switch: 1
-  maat:
-    readconf_mode: 2
-  send_logger:
-    switch: 1
-  tfe_nodes:
-    tfe0_enabled: 1
-    tfe1_enabled: 1
-    tfe2_enabled: 1
-
-########################################
-#Tfe Config
-tfe:
-  nr_threads: 32
-  mirror_enable: 1
-
-########################################
-#Marsio Config
-#marsio工作在ADC计算板时，建议使用如下配置，以保证更高的处理性能
-mrzcpd:
-  iocore: 52,53,54,55
-
-mrtunnat:
-  lcore_id: 48,49,50,51 
-
-#########################################
-#Tsg_app
-tsg_app_enable: 0
-app_global_ip: "1.1.1.1"
-applog_level: 10
-app_master_log_level: 10
-app_sketch_local_log_level: 10
-app_control_plug_log_level: 10
-
-
-breakpad_upload_url: http://127.0.0.1/
-
-tsg_master_entrance_id: 0

install_config/group_vars/adc_mcn0.yml

@@ -1,39 +0,0 @@
-#########################################
-#Mcn0管理口网卡名
-nic_mgr:
-  name: ens1f3
-
-#########################################
-#Mcn0流量接入网卡，固定配置
-nic_data_incoming:
-  name: ens1f4
-
-#########################################
-#Mcn0其他数据口网卡名配置，固定配置
-nic_inner_ctrl:
-  name: ens1.100
-nic_to_tfe:
-  tfe0:
-      name: ens1f5
-  tfe1:
-      name: ens1f6
-  tfe2:
-      name: ens1f7
-
-#########################################
-#串联设备接入相关配置
-inline_device_config:
-  keepalive_ip: 192.168.1.30
-  keepalive_mask: 255.255.255.252
-
-#########################################
-#Allot接入相关配置
-AllotAccess:
-  virturlInterface_1: ens1f2.103
-  virturlInterface_2: ens1f2.104
-  virturlID_1: 103
-  virturlID_2: 104
-  vvipv4_mask: 24
-  vvipv6_mask: 64
-
-bladename: mcn0

install_config/group_vars/adc_mcn1.yml

@@ -1,19 +0,0 @@
-#########################################
-#Mcn1管理口网卡名
-nic_mgr:
-  name: ens1f3
-
-#########################################
-#Mcn1流量接入网卡，固定配置
-nic_data_incoming:
-  name: ens1f1
-
-#########################################
-#Mcn1其他数据口网卡名配置，固定配置
-nic_inner_ctrl:
-  name: ens1.100
-nic_traffic_mirror:
-  name: ens1f2
-  use_mrzcpd: 1
-
-bladename: mcn1

install_config/group_vars/adc_mcn2.yml

@@ -1,19 +0,0 @@
-#########################################
-#Mcn2管理口网卡名
-nic_mgr:
-  name: ens8f3
-
-#########################################
-#Mcn2流量接入网卡，固定配置
-nic_data_incoming:
-  name: ens8f1
-
-#########################################
-#Mcn2其他数据口网卡名配置，固定配置
-nic_inner_ctrl:
-  name: ens8.100
-nic_traffic_mirror:
-  name: ens8f2
-  use_mrzcpd: 1
-  
-bladename: mcn2

install_config/group_vars/adc_mcn3.yml

@@ -1,19 +0,0 @@
-#########################################
-#Mcn3管理口网卡名
-nic_mgr:
-  name: ens8f3
-
-#########################################
-#Mcn3流量接入网卡，固定配置
-nic_data_incoming:
-  name: ens8f1
-
-#########################################
-#Mcn3其他数据口网卡名配置，固定配置
-nic_inner_ctrl:
-  name: ens8.100
-nic_traffic_mirror:
-  name: ens8f2
-  use_mrzcpd: 1
-  
-bladename: mcn3

install_config/group_vars/all.yml

@@ -0,0 +1,101 @@
+#########################################
+#####0: Pcap; 1: Inline_device;  2: Allot;  3: ADC_Tun_mode;  4: ATCA;
+tsg_access_type: 4
+
+#####0: Tun_mode;  1: normal; 2: ADC;
+tsg_running_type: 1 
+
+#Common combination mode:
+#1:Server or PC tun mode:      0 + 0
+#2:Server with Inline device:  1 + 1
+#3:ADC with Inline device:     1 + 2
+#4:ADC with Allot:             2 + 2
+#5:ADC tun mode:               3 + 1
+#6:ATCA:                       4 + 1
+
+########################################
+maat_redis_server:
+  address: "192.168.40.168"
+  port: 7002
+  db: 0
+
+dynamic_maat_redis_server:
+  address: "192.168.40.168"
+  port: 7002
+  db: 0
+
+cert_store_server:
+  address: "192.168.100.1"
+  port: 9991
+
+log_kafkabrokers:
+  address: "1.1.1.1:9092,2.2.2.2:9092"
+
+log_minio:
+  address: "192.168.40.168;"
+  port: 9090
+
+fs_remote:
+  switch: 1
+  address: "192.168.100.1"
+  port: 58125
+  
+########################################
+sapp:
+  worker_threads: 16
+  send_only_threads_max: 8
+  bind_mask: 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16
+  inbound_route_dir: 1
+
+########################################
+kni:
+  global:
+    log_level: 30
+    tfe_node_count: 3
+  watch_dog:
+    switch: 1
+  maat:
+    readconf_mode: 2
+  send_logger:
+    switch: 1
+  tfe_nodes:
+    tfe0_enabled: 1
+    tfe1_enabled: 1
+    tfe2_enabled: 1
+
+########################################
+tfe:
+  nr_threads: 32
+  mc_cache_eth: lo 
+  keykeeper:
+    no_cache: 0
+
+########################################
+mrzcpd:
+  iocore: 39
+
+mrtunnat:
+  lcore_id: 38
+
+#############ATCA config################
+nic_data_incoming:
+  ethname: enp1s0
+  vf0_name: enp1s2
+  vf1_name: enp1s2f1
+  vf2_name: enp1s2f2
+
+VlanFlipping:
+  vlanID_1: 100
+  vlanID_2: 101
+  vlanID_3: 103
+  vlanID_4: 104
+
+#############Server or PC tun mode######
+server:
+  ethname: eth0
+  tun_name: eth0.100
+  internal_interface: "eth2"
+  external_interface: "eth3"
+
+
+

install_config/group_vars/app_global.yml

@@ -1,10 +0,0 @@
-#########################################
-app_sketch_global_log_level: 10
-
-maat_redis_server:
-  address: "192.168.40.168"
-  port: 7002
-  db: 0
-
-file_stat_ip: "1.1.1.1"
-  

install_config/group_vars/blade-00.yml

@@ -0,0 +1,23 @@
+nic_mgr:
+    name: enp6s0
+nic_data_incoming:
+    name: ens1f4
+    ip: 192.168.1.30
+    mask: 255.255.255.252
+nic_inner_ctrl:
+    name: ens1.100
+nic_to_tfe:
+    tfe0:
+        name: ens1f5
+    tfe1:
+        name: ens1f6
+    tfe2:
+        name: ens1f7
+
+AllotAccess:
+    virturlInterface_1: ens1f2.103
+    virturlInterface_2: ens1f2.104
+    virturlID_1: 103
+    virturlID_2: 104
+    vvipv4_mask: 24
+    vvipv6_mask: 64

install_config/group_vars/blade-01.yml

@@ -0,0 +1,11 @@
+nic_mgr:
+    name: enp6s0
+nic_data_incoming:
+    name: ens1f1
+    mac: AA:BB:CC:DD:EE:FF
+    address: 127.0.0.1
+nic_inner_ctrl:
+    name: ens1.100
+nic_traffic_mirror:
+    name: ens1f2
+    use_mrzcpd: 1

install_config/group_vars/blade-02.yml

@@ -0,0 +1,10 @@
+nic_mgr:
+    name: enp6s0
+nic_data_incoming:
+    name: ens8f1
+    mac: AA:BB:CC:DD:EE:FF
+nic_inner_ctrl:
+    name: ens8.100
+nic_traffic_mirror:
+    name: ens8f2
+    use_mrzcpd: 1

install_config/group_vars/blade-03.yml

@@ -0,0 +1,10 @@
+nic_mgr:
+    name: enp6s0
+nic_data_incoming:
+    name: ens8f1
+    mac: AA:BB:CC:DD:EE:FF
+nic_inner_ctrl:
+    name: ens8.100
+nic_traffic_mirror:
+    name: ens8f2
+    use_mrzcpd: 1

install_config/group_vars/server_as_tun_mode.yml

@@ -1,145 +0,0 @@
-#########################################
-#####0: Pcap;  1: Inline_device;  4: ATCA_Vlan_Flipping;  5:ATCA_VXLAN;
-tsg_access_type: 1
-#####0: Tun_mode;  1: normal;
-tsg_running_type: 1
-
-########################################
-#Deploy_finished_reboot
-Deploy_finished_reboot: 1
-
-########################################
-#Server Basic Config
-nic_mgr:
-  name: eth0
-
-nic_inner_ctrl:
-  name: eth0.100
-
-#########################################
-#IP Config
-maat_redis_server:
-  address: "192.168.40.168"
-  port: 7002
-  db: 0
-
-dynamic_maat_redis_server:
-  address: "192.168.40.168"
-  port: 7002
-  db: 0
-
-cert_store_server:
-  address: "192.168.100.1"
-  port: 9991
-
-log_kafkabrokers:
-  address: "1.1.1.1:9092,2.2.2.2:9092"
-
-log_minio:
-  address: "192.168.40.168;"
-  port: 9090
-
-#########################################
-#Log Level Config
-#日志等级 10:DEBUG 20:INFO 30:FATAL
-fw_ftp_log_level: 10
-fw_mail_log_level: 10
-fw_http_log_level: 10
-fw_dns_log_level: 10
-fw_quic_log_level: 10
-capture_packet_log_level: 10
-tsg_log_level: 10
-tsg_master_log_level: 10
-kni_log_level: 10
-
-
-#日志等级 DEBUG INFO FATAL
-tfe_log_level: DEBUG
-tfe_http_log_level: DEBUG
-pangu_log_level: DEBUG
-doh_log_level: DEBUG
-
-certstore_log_level: 10
-packet_dump_log_level: 10
-
-#########################################
-#Sapp Performance Config
-#如果tsg_access_type=0，sapp跑在pcap模式，则以下配置可忽略
-sapp:
-  worker_threads: 23
-  send_only_threads_max: 1
-  bind_mask: 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24
-  inbound_route_dir: 1
-
-#########################################
-#Sapp Double-Arm Config
-packet_io:
-  internal_interface: eth2
-  external_interface: eth3
-
-
-#########################################
-#Kni Config
-kni:
-  global:
-    tfe_node_count: 1
-  watch_dog:
-    switch: 1
-  maat:
-    readconf_mode: 2
-  send_logger:
-    switch: 1
-  tfe_nodes:
-    tfe0_enabled: 1
-    tfe1_enabled: 0
-    tfe2_enabled: 0
-
-#########################################
-#Tfe Config
-tfe:
-  nr_threads: 32
-  mirror_enable: 1
-
-#########################################
-#Marsio Config
-mrzcpd:
-  iocore: 39
-
-mrtunnat:
-  lcore_id: 38
-
-#########################################
-#Tsg_app
-tsg_app_enable: 1
-app_global_ip: "1.1.1.1"
-applog_level: 10
-app_master_log_level: 10
-app_sketch_local_log_level: 10
-app_control_plug_log_level: 10
-
-#########################################
-#ATCA Config
-#下列配置只在tsg_access_type=4时生效
-ATCA_data_incoming:
-  ethname: enp1s0
-  vf0_name: enp1s2
-  vf1_name: enp1s2f1
-  vf2_name: enp1s2f2
-
-ATCA_VlanFlipping:
-  vlanID_1: 100
-  vlanID_2: 101
-  vlanID_3: 103
-  vlanID_4: 104
-
-#下列配置只在tsg_access_type=5时生效
-ATCA_VXLAN:
-  keepalive_ip: "10.254.19.1"
-  keepalive_mask: "255.255.255.252"
-
-#########################################
-#Inline Device Config
-inline_device_config:
-  keepalive_ip: 192.168.1.30
-  keepalive_mask: 255.255.255.252
-  data_incoming: eth5

install_config/hosts

@@ -1,41 +1,26 @@
-###################
+[all:vars]
-#   For example   #
+ansible_user=root
-###################
+package_source=local
-#变量device_id根据设备序号设置即可
-#变量vvipv4_1、vvipv4_2、vvipv6_1、vvipv6_2为Allot相关配置，其他环境可不填或直接删除变量
-#
-#20.09版本新增APP部署
-#[app_global]
-#0.0.0.0
 
-#[server-as-tun-mode]
+[pc-as-tun-mode]
-#1.1.1.1 device_id=device_1
-#
-#[adc_mxn]
-#10.3.72.1
-#10.3.72.2
-#
-#[adc_mcn0]
-#10.3.73.1 device_id=device_1 vvipv4_1=10.3.61.1 vvipv4_2=10.3.62.1 vvipv6_1=fc00::61:1 vvipv6_2=fc00::62:1
-#10.3.73.2 device_id=device_2 vvipv4_1=10.3.61.2 vvipv4_2=10.3.62.2 vvipv6_1=fc00::61:2 vvipv6_2=fc00::62:2
-#
-#[adc_mcn1]
-#10.3.74.1 device_id=device_1
-#10.3.74.2 device_id=device_2
-#
-#[adc_mcn2]
-#10.3.75.1 device_id=device_1
-#10.3.75.2 device_id=device_2
-#
-#[adc_mcn3]
-#10.3.76.1 device_id=device_1
-#10.3.76.2 device_id=device_2
 
-[app_global]
+[blade-mxn]
-[server-as-tun-mode]
+1.1.1.1 device_id=1
-[adc_mxn]
-[adc_mcn0]
-[adc_mcn1]
-[adc_mcn2]
-[adc_mcn3]
 
+[blade-00]
+1.1.1.1 device_id=1 vvipv4_1= vvipv4_2= vvipv6_1= vvipv6_2=
+
+[blade-01]
+1.1.1.1 device_id=1
+
+[blade-02]
+1.1.1.1 device_id=1
+
+[blade-03]
+1.1.1.1 device_id=1
+
+[Functional_Host:children]
+blade-00
+blade-01
+blade-02
+blade-03

roles/app_global/tasks/main.yml

@@ -1,36 +0,0 @@
-- name: "copy app_global rpm to destination server"
-  copy:
-    src: "{{ role_path }}/files/"
-    dest: /tmp/ansible_deploy/
-
-- name: "install app rpms from localhost"
-  yum:
-    name:
-      - /tmp/ansible_deploy/emqx-centos7-v4.1.2.x86_64.rpm
-      - /tmp/ansible_deploy/app-sketch-global-1.0.3.202010.a7b2e40-1.el7.x86_64.rpm
-    state: present
-
-- name: "template the app_sketch_global.conf"
-  template:
-    src: "{{ role_path }}/templates/app_sketch_global.conf.j2"
-    dest: /opt/tsg/app-sketch-global/conf/app_sketch_global.conf
-
-- name: "template the zlog.conf"
-  template:
-    src: "{{ role_path }}/templates/zlog.conf.j2"
-    dest: /opt/tsg/app-sketch-global/conf/zlog.conf
-
-- name: "Start emqx"
-  systemd:
-    name: emqx.service
-    state: started
-    enabled: yes
-    daemon_reload: yes
-    
-
-- name: "Start app-sketch-global"
-  systemd:
-    name: app-sketch-global.service
-    state: started
-    enabled: yes
-    daemon_reload: yes

roles/app_global/templates/app_sketch_global.conf.j2

@@ -1,41 +0,0 @@
-[SYSTEM]
-#1:print on screen, 0:don't
-DEBUG_SWITCH = 1
-RUN_LOG_PATH = "conf/zlog.conf"
-
-[breakpad]
-disable_coredump=0
-enable_breakpad=1
-breakpad_minidump_dir=/tmp/app-sketch-global/crashreport
-enable_breakpad_upload=0
-breakpad_upload_url={{ breakpad_upload_url }}
-
-[CONFIG]
-#Number of running threads
-thread-nu = 1
-timeout = 3600
-address="tcp://127.0.0.1:1883"
-topic_name="APP_SIGNATURE_ID"
-client_name="ExampleClientSub"
-
-[maat]
-# 0:json 1: redis 2: iris
-maat_input_mode=1
-table_info=./resource/table_info.conf
-json_cfg_file=./resource/gtest.json
-stat_file=logs/verify-policy.status
-full_cfg_dir=verify-policy/
-inc_cfg_dir=verify-policy/
-
-maat_redis_server={{ maat_redis_server.address }}
-maat_redis_port_range={{ maat_redis_server.port }}
-maat_redis_db_index={{ maat_redis_server.db }}
-effect_interval_s=1
-accept_tags={"tags":[{"tag":"location","value":"Astana"}]}
-
-[stat]
-statsd_server={{ file_stat_ip }}
-statsd_port=8100
-statsd_cycle=5
-# FS_OUTPUT_STATSD=1, FS_OUTPUT_INFLUX_LINE=2
-statsd_format=2

roles/app_global/templates/zlog.conf.j2

@@ -1,12 +0,0 @@
-[global]
-default format = "%d(%c), %V, %F, %U, %m%n"
-[levels]
-DEBUG=10
-INFO=20
-FATAL=30
-[rules]
-*.fatal        "./logs/error.log.%d(%F)";
-*.{{ app_sketch_global_log_level }}		"./logs/app_sketch_global.log.%d(%F)"
-
-
-

roles/cert-redis/files/cert-redis/6379/6379.conf

@@ -160,7 +160,7 @@ loglevel notice
 # Specify the log file name. Also the empty string can be used to force
 # Redis to log on the standard output. Note that if you use standard
 # output for logging but daemonize, logs will be sent to /dev/null
-logfile "/opt/tsg/cert-redis/6379/6379.log"
+logfile "/home/tsg/cert-redis/6379/6379.log"
 
 # To enable logging to the system logger, just set 'syslog-enabled' to yes,
 # and optionally update the other syslog parameters to suit your needs.
@@ -244,7 +244,7 @@ dbfilename dump.rdb
 # The Append Only File will also be created inside this directory.
 #
 # Note that you must specify a directory here, not a file name.
-dir /opt/tsg/cert-redis/6379/
+dir /home/tsg/cert-redis/6379/
 
 ################################# REPLICATION #################################
 

roles/cert-redis/files/cert-redis/start-cert-redis

@@ -1,4 +1,4 @@
 #!/bin/bash
 #
 
-/usr/local/bin/redis-server /opt/tsg/cert-redis/6379/6379.conf
+/usr/local/bin/redis-server /home/tsg/cert-redis/6379/6379.conf

roles/cert-redis/tasks/main.yml

@@ -1,11 +1,11 @@
 - name: "copy cert-redis to destination server"
   copy:
     src: "{{ role_path }}/files/"
-    dest: /opt/tsg
+    dest: /home/tsg
     mode: 0755
 
 - name: "install cert-redis"
-  shell: cd /opt/tsg/cert-redis;sh install.sh
+  shell: cd /home/tsg/cert-redis;sh install.sh
 
 - name: "start cert-redis"
   systemd:

roles/certstore/files/memory.conf

@@ -1,2 +0,0 @@
-[Service]
-MemoryMax=10G

roles/certstore/tasks/main.yml

@@ -3,31 +3,20 @@
     src: "{{ role_path }}/files/"
     dest: "/tmp/ansible_deploy/"
 
-- name: Ensures /opt/tsg exists
+- name: Ensures /home/tsg exists
-  file: path=/opt/tsg state=directory
+  file: path=/home/tsg state=directory
   tags: mkdir
 
 - name: install certstore
   yum:
     name:
-      - /tmp/ansible_deploy/certstore-2.1.3.202010.81eef83-1.el7.x86_64.rpm
+      - /tmp/ansible_deploy/certstore-2.1.2.20200828.f507b3e-1.el7.x86_64.rpm
     state: present
 
 - name: template certstore configure file
   template:
     src: "{{ role_path }}/templates/cert_store.ini.j2"
-    dest: /opt/tsg/certstore/conf/cert_store.ini
+    dest: /home/tsg/certstore/conf/cert_store.ini
-
-- name: template certstore zlog file
-  template:
-    src: "{{ role_path }}/templates/zlog.conf.j2"
-    dest: /opt/tsg/certstore/conf/zlog.conf
-
-- name: "copy memory limit file to certstore.service.d"
-  copy:
-    src: "{{ role_path }}/files/memory.conf"
-    dest: /etc/systemd/system/certstore.service.d/
-    mode: 0644
 
 - name: "start certstore"
   systemd:

roles/certstore/templates/cert_store.ini.j2

@@ -1,15 +1,9 @@
 [SYSTEM]
 #1:print on screen, 0:don't
 DEBUG_SWITCH = 1
-RUN_LOG_PATH = "conf/zlog.conf"
+#10:DEBUG, 20:INFO, 30:FATAL
-
+RUN_LOG_LEVEL = 10
-[breakpad]
+RUN_LOG_PATH = ./logs
-disable_coredump=0
-enable_breakpad=1
-breakpad_minidump_dir=/tmp/certstore/crashreport
-enable_breakpad_upload=0
-breakpad_upload_url= {{ breakpad_upload_url }}
-
 [CONFIG]
 #Number of running threads
 thread-nu = 4
@@ -20,8 +14,7 @@ expire_after = 30
 #Local default root certificate path
 local_debug = 1
 ca_path = ./cert/tango-ca-v3-trust-ca.pem
-untrusted_ca_path = ./cert/tango-ca-v3-untrust-ca.pem
+untrusted_ca_path = ./cert/mesalab-ca-untrust.pem
-
 [MAAT]
 #Configure the load mode,
 #0: using the configuration distribution network
@@ -38,21 +31,18 @@ inc_cfg_dir=./rule/inc/index
 full_cfg_dir=./rule/full/index
 #Json file path when json schema is used
 pxy_obj_keyring=./conf/pxy_obj_keyring.json
-
 [LIBEVENT]
 #Local monitor port number, default is 9991
 port = 9991
-
 [CERTSTORE_REDIS]
 #The Redis server IP address and port number where the certificate is stored locally
 ip = 127.0.0.1
 port = 6379
-
 [MAAT_REDIS]
 #Maat monitors the Redsi server IP address and port number
 ip = {{ maat_redis_server.address }}
 port = {{ maat_redis_server.port }}
 dbindex =  {{ maat_redis_server.db }}
 [stat]
-statsd_server=127.0.0.1
+statsd_server=192.168.100.1
-statsd_port=58100
+statsd_port=8126

roles/certstore/templates/zlog.conf.j2

@@ -1,10 +0,0 @@
-[global]
-default format = "%d(%c), %V, %F, %U, %m%n"
-[levels]
-DEBUG=10
-INFO=20
-FATAL=30
-[rules]
-*.fatal        "./logs/error.log.%d(%F)";
-*.{{ certstore_log_level }}        "./logs/certstore.log.%d(%F)"
-

roles/clotho/files/clotho.service

@@ -0,0 +1,13 @@
+[Unit]
+Description=clotho
+After=network.target
+After=network-online.target
+Wants=network-online.target
+
+[Service]
+ExecStart=/home/mesasoft/clotho/clotho
+ExecStop=killall clotho
+Type=forking
+
+[Install]
+WantedBy=multi-user.target

roles/clotho/tasks/main.yml

@@ -0,0 +1,29 @@
+- name: "copy clotho rpm to destination server"
+  copy:
+    src: "{{ role_path }}/files/clotho-debug-1.0.0.-1.el7.x86_64.rpm"
+    dest: /tmp/ansible_deploy/
+
+- name: "copy  clotho.service to destination server"
+  copy:
+    src: "{{ role_path }}/files/clotho.service"
+    dest: /usr/lib/systemd/system
+    mode: 0755
+
+- name: "install clotho rpm from localhost"
+  yum:
+    name:
+      - /tmp/ansible_deploy/clotho-debug-1.0.0.-1.el7.x86_64.rpm
+    state: present
+
+- name: "Template the clotho.conf"
+  template:
+    src: "{{ role_path }}/templates/clotho.conf.j2"
+    dest: /home/mesasoft/clotho/conf/clotho.conf 
+  tags: template
+ 
+- name: "start clotho"
+  systemd:
+    name: clotho.service
+    enabled: yes
+    daemon_reload: yes
+

roles/clotho/templates/clotho.conf.j2

@@ -0,0 +1,11 @@
+[KAFKA]
+BROKER_LIST={{ log_kafkabrokers.address }}
+
+[SYSTEM]
+{% if tsg_running_type == 0 or 1 %}
+NIC_NAME={{ server.ethname }}
+{% else %}
+NIC_NAME={{ nic_mgr.name }}
+{% endif %}
+LOG_LEVEL=10
+LOG_PATH=log/clotho

roles/firewall/tasks/main.yml

@@ -11,21 +11,22 @@
     skip_broken: yes
   vars:
     fw_packages:
-      - /tmp/ansible_deploy/capture_packet_plug-3.0.4.42574b7-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/capture_packet_plug-3.0.2.09f193c-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/conn_telemetry-1.0.2.8d6da43-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/clotho-debug-1.0.0.-1.el7.x86_64.rpm
-      - /tmp/ansible_deploy/dns-2.0.9.b639626-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/dns-2.0.6.d8317e9-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/ftp-1.0.8.13d5fda-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/ftp-1.0.6.2710506-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/fw_dns_plug-3.0.2.dab58fa-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/fw_dns_plug-3.0.0.0a5d574-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/fw_ftp_plug-3.0.1.0a78573-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/fw_ftp_plug-3.0.0.7a867ea-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/fw_http_plug-3.0.1.0c7e082-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/fw_http_plug-3.0.0.1ca1c65-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/fw_mail_plug-3.0.1.02465eb-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/fw_mail_plug-3.0.0.3b4e481-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/fw_quic_plug-3.0.1.b790ee1-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/fw_quic_plug-3.0.0.b06d39c-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/fw_ssl_plug-3.0.4.a0b19ee-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/fw_ssl_plug-3.0.1.7ea9976-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/http-2.0.5.c61ad9a-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/http-2.0.3.9218b4b-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/mail-1.0.9.c1d3bde-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/mail-1.0.7.9e3be05-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/quic-1.1.10.c2b90a0-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/quic-1.1.6.d6755d8-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/ssl-1.0.9.69f3742-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/ssl-1.0.3.e8482a4-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/tsg_conn_sketch-2.0.6.abb4f4d-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/tsg_conn_record-1.0.2.2afb19a-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/tsg_conn_sketch-2.0.v2.0_alpha.af621ca-2.el7.x86_64.rpm
 
 - name: "Template the tsgconf/main.conf"
   template:

roles/firewall/templates/capture_packet_plug.conf.j2

@@ -15,11 +15,15 @@ INC_CFG_DIR=capture_packet_rule/inc/index/
 FULL_CFG_DIR=capture_packet_rule/full/index/
 
 [LOG]
+{% if tsg_running_type == 0 or 1 %}
+NIC_NAME={{ server.ethname }}
+{% else %}
 NIC_NAME={{ nic_mgr.name }}
+{% endif %}
 BROKER_LIST={{ log_kafkabrokers.address }}
 FIELD_FILE=conf/capture_packet_log_field.conf
 
 [SYSTEM]
-LOG_LEVEL={{ capture_packet_log_level }}
+LOG_LEVEL=10
 LOG_PATH=./tsglog/capture_packet_plug/capture_packet
 

roles/firewall/templates/main.conf.j2

@@ -1,57 +1,55 @@
 [FTP_PLUG]
-LOG_PATH="./tsglog/fw_ftp_plug/fw_ftp_plug"
+LOG_PATH=./tsglog/fw_ftp_plug/fw_ftp_plug
-LOG_LEVEL={{ fw_ftp_log_level }}
+LOG_LEVEL=10
 TIMEOUT=600
 
 [MAIL_PLUG]
-LOG_PATH="./tsglog/fw_mail_plug/fw_mail_plug"
+LOG_PATH=./tsglog/fw_mail_plug/fw_mail_plug
-LOG_LEVEL={{ fw_mail_log_level }}
+LOG_LEVEL=10
 TIMEOUT=600
 
 [HTTP_PLUG]
-LOG_PATH="./tsglog/fw_http_plug/fw_http_plug"
+LOG_PATH=./tsglog/fw_http_plug/fw_http_plug
-LOG_LEVEL={{ fw_http_log_level }}
+LOG_LEVEL=10
 
 [DNS_PLUG]
-LOG_PATH="./tsglog/fw_dns_plug/fw_dns_plug"
+LOG_PATH=./tsglog/fw_dns_plug/fw_dns_plug
-LOG_LEVEL={{ fw_dns_log_level }}
+LOG_LEVEL=10
-
-[QUIC_PLUG]
-LOG_PATH="./tsglog/fw_quic_plug/fw_quic_plug"
-LOG_LEVEL={{ fw_quic_log_level }}
 
 [MAAT]
-PROFILE="./tsgconf/maat.conf"
+PROFILE=./tsgconf/maat.conf
-SUBSCRIBER_ID_TABLE="TSG_OBJ_SUBSCRIBER_ID"
+SUBSCRIBER_ID_TABLE=TSG_OBJ_SUBSCRIBER_ID
-CB_SUBSCRIBER_IP_TABLE="TSG_DYN_SUBSCRIBER_IP"
+CB_SUBSCRIBER_IP_TABLE=TSG_DYN_SUBSCRIBER_IP
-IP_ADDR_TABLE="TSG_SECURITY_ADDR"
+IP_ADDR_TABLE=TSG_SECURITY_ADDR
 
 [TSG_LOG]
 MODE=1
-NIC_NAME="{{ nic_mgr.name }}"
+{% if tsg_running_type == 0 or 1 %}
+NIC_NAME={{ server.ethname }}
+{% else %}
+NIC_NAME={{ nic_mgr.name }}
+{% endif %}
 MAX_SERVICE=1
-LOG_LEVEL={{ tsg_log_level }}
+LOG_LEVEL=10
-LOG_PATH="./tsglog/tsglog"
+LOG_PATH=./tsglog/tsglog
-BROKER_LIST="{{ log_kafkabrokers.address }}"
+BROKER_LIST={{ log_kafkabrokers.address }}
-COMMON_FIELD_FILE="tsgconf/tsg_log_field.conf"
+COMMON_FIELD_FILE=tsgconf/tsg_log_field.conf
 
 [STATISTIC]
-CYCLE=5
+CYCLE=1
 TELEGRAF_PORT=8100
-TELEGRAF_IP="127.0.0.1"
+TELEGRAF_IP=127.0.0.1
-OUTPUT_PATH="./tsg_statistic.log"
+OUTPUT_PATH=./tsg_statistic.log
-APP_NAME="statistic"
+APP_NAME=statistic
 
 [FIELD_STAT]
-CYCLE=5
+CYCLE=3
-TELEGRAF_PORT=8100
+TELEGRAF_PORT=8125
-TELEGRAF_IP="127.0.0.1"
+TELEGRAF_IP=127.0.0.1
-OUTPUT_PATH="./tsg_stat.log"
+OUTPUT_PATH=./tsg_stat.log
-APP_NAME="tsg_master"
+APP_NAME=tsg_master
 
 [SYSTEM]
-ENTRANCE_ID={{ tsg_master_entrance_id }}
+LOG_LEVEL=10
-LOG_LEVEL={{ tsg_master_log_level }}
+LOG_PATH=./tsglog/tsg_master
-LOG_PATH="./tsglog/tsg_master"
+POLICY_PRIORITY_LABEL=POLICY_PRIORITY
-POLICY_PRIORITY_LABEL="POLICY_PRIORITY"
-DEVICE_ID_COMMAND="hostname | awk -F'-' '{print $3}'| awk -F'ADC' '{print $2}'"

roles/framework/tasks/main.yml

@@ -10,21 +10,19 @@
     skip_broken: yes
   vars:
     packages:
-      - /tmp/ansible_deploy/libcjson-1.7.10.ab2896f-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/libMESA_field_stat-1.0.1.852c2df-1.el7.x86_64.rpm
-      - /tmp/ansible_deploy/libdocumentanalyze-2.0.6.2d1abe0-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/libMESA_field_stat2-2.9.0.16ecf3b-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/libmaatframe-3.1.3.4fbcf21-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/libMESA_handle_logger-1.0.9.304259e-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/libMESA_field_stat-1.0.2.6d45eed-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/libMESA_htable-3.10.11.6275308-1.el7.x86_64.rpm
-      - /tmp/ansible_deploy/libMESA_field_stat2-2.9.4.4e2dd78-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/libMESA_prof_load-1.0.5.bf755de-1.el7.x86_64.rpm
-      - /tmp/ansible_deploy/libMESA_handle_logger-2.0.7.cb4ad71-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/libWiredLB-2.0.3.c7d131b-1.el7.x86_64.rpm
-      - /tmp/ansible_deploy/libMESA_htable-3.10.12.cf4ccfc-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/libcjson-1.7.8.542ad7f-1.el7.x86_64.rpm
-      - /tmp/ansible_deploy/libMESA_prof_load-1.0.6.c6da36a-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/libdocumentanalyze-2.0.4.efdfc29-1.el7.x86_64.rpm
-      - /tmp/ansible_deploy/librdkafka-0.11.4-1.el7.x86_64.rpm
+      - /tmp/ansible_deploy/libmaatframe-3.0.3.5931b44-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/librulescan-2.2.1.1716a7b-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/librulescan-2.2.0.900d2b3-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/libtsglua-1.0.8.0dbf2e6-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/libwiredcfg-2.0.2.7ce1eea-1.el7.x86_64.rpm
-      - /tmp/ansible_deploy/libwiredcfg-2.0.6.67ae0ab-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/libWiredLB-2.0.5.4629165-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/lz4-1.7.5-3.el7.x86_64.rpm
-      - /tmp/ansible_deploy/libbreakpad_mini-1.0.2.a56ef00-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/librdkafka-0.11.4-1.el7.x86_64.rpm
 
 - name: "mkdir /etc/ld.so.conf.d/"
   file:

roles/kernel-ml/tasks/main.yml

@@ -7,9 +7,6 @@
 - name: "install kernels-ml"
   yum:
     name:
-      - /tmp/ansible_deploy/pkgconfig-0.27.1-4.el7.x86_64.rpm
-      - /tmp/ansible_deploy/zlib-devel-1.2.7-17.el7.x86_64.rpm
-      - /tmp/ansible_deploy/elfutils-libelf-devel-0.168-8.el7.x86_64.rpm
       - /tmp/ansible_deploy/kernel/kernel-ml-5.1.8-1.el7.elrepo.x86_64.rpm
       - /tmp/ansible_deploy/kernel/kernel-ml-devel-5.1.8-1.el7.elrepo.x86_64.rpm
       - /tmp/ansible_deploy/dkms-2.7.1-1.el7.noarch.rpm
@@ -28,18 +25,12 @@
     - tsg_access_type == 4
     - t_kernel_ml.changed
 
-- name: "BIOS:grub2-mkconfig"
+- name: "grub2-mkconfig"
   shell: grub2-mkconfig -o /boot/grub2/grub.cfg
   when:
     - tsg_access_type == 4
     - t_kernel_ml.changed
 
-- name: "UEFI:grub2-mkconfig"
+- name: "reboot"
-  shell: grub2-mkconfig  -o /boot/efi/EFI/centos/grub.cfg
+  reboot:
-  when:
+  when: t_kernel_ml.changed
-    - tsg_access_type == 4
-    - t_kernel_ml.changed
-
-#- name: "reboot"
-#  reboot:
-#  when: t_kernel_ml.changed

roles/kni/tasks/main.yml

@@ -7,9 +7,8 @@
 - name: "install kni rpms from localhost"
   yum:
     name:
-      - /tmp/ansible_deploy/kni-20.10.20201019.3f20d93-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/kni-20.07-1.el7.x86_64.rpm
     state: present
-    skip_broken: yes
 
 - name: Template the kni.conf
   template: