修改deploy.yml对groups-by-IPMB-addr的支持

.gitignore

@@ -0,0 +1,2 @@
+.vscode
+*.retry

adc_inline_device_access/group_vars/all.yml

@@ -0,0 +1,74 @@
+maat_redis_server:
+    address: "192.168.41.206"
+    port: 7002
+    db: 0
+
+dynamic_maat_redis_server:
+    address: "192.168.41.206"
+    port: 7002
+    db: 1
+
+cert_store_server:
+    address: "192.168.100.1"
+    port: 9991
+
+log_kafkabrokers:
+    address: "192.168.41.204:9092"
+
+log_minio:
+    address: "192.168.41.206"
+    port: 9090
+
+fs_remote:
+    switch: 1
+    address: "192.168.100.1"
+    port: 58125
+
+nic_transparent_mode:
+    enable: 0
+
+run_as_tun_mode: 0
+package_source: "local"
+
+install_dns_debug: "yes"
+install_ftp_debug: "yes"
+install_http_debug: "yes"
+install_mail_debug: "yes"
+install_ssl_debug: "yes"
+install_fw_dns_plug_debug: "yes"
+install_fw_ftp_plug_debug: "yes"
+install_fw_http_plug_debug: "yes"
+install_fw_mail_plug_debug: "yes"
+install_tsg_master: "yes"
+
+kni:
+    global:
+        log_level: 10
+        tfe_node_count: 3
+    watch_dog:
+        switch: 1
+    maat:
+        readconf_mode: 2
+    send_logger:
+        switch: 1
+    tfe_nodes:
+        - tfe0:
+              enabled: 1
+        - tfe1:
+              enabled: 1
+        - tfe2:
+              enabled: 1
+tfe:
+    nr_threads: 16
+    mc_cache_eth: ens1.100
+    keykeeper:
+        mode: "normal"
+        no_cache: 0
+
+mrzcpd:
+    iocore: 47
+
+mrtunnat:
+    lcore_id: 46
+
+

adc_inline_device_access/group_vars/blade-00.yml

@@ -13,11 +13,3 @@ nic_to_tfe:
         name: ens1f6
     tfe2:
         name: ens1f7
-
-AllotAccess:
-    virturlInterface_1: ens1f2.103
-    virturlInterface_2: ens1f2.104
-    virturlID_1: 103
-    virturlID_2: 104
-    vvipv4_mask: 24
-    vvipv6_mask: 64

adc_inline_device_access/hosts

@@ -0,0 +1,24 @@
+[all:vars]
+ansible_user=root
+package_source=local
+
+[blade-mxn]
+192.168.40.170
+
+[blade-00]
+192.168.40.166
+
+[blade-01]
+192.168.40.167
+
+[blade-02]
+192.168.40.168
+
+[blade-03]
+192.168.40.169
+
+[Functional_Host:children]
+blade-00
+blade-01
+blade-02
+blade-03

adc_tera_access/group_vars/all.yml

@@ -0,0 +1,74 @@
+maat_redis_server:
+    address: "192.168.41.206"
+    port: 7002
+    db: 0
+
+dynamic_maat_redis_server:
+    address: "192.168.41.206"
+    port: 7002
+    db: 1
+
+cert_store_server:
+    address: "192.168.100.1"
+    port: 9991
+
+log_kafkabrokers:
+    address: "192.168.41.204:9092"
+
+log_minio:
+    address: "192.168.41.206"
+    port: 9090
+
+fs_remote:
+    switch: 1
+    address: "192.168.100.1"
+    port: 58125
+
+nic_transparent_mode:
+    enable: 0
+
+run_as_tun_mode: 0
+package_source: "local"
+
+install_dns_debug: "yes"
+install_ftp_debug: "yes"
+install_http_debug: "yes"
+install_mail_debug: "yes"
+install_ssl_debug: "yes"
+install_fw_dns_plug_debug: "yes"
+install_fw_ftp_plug_debug: "yes"
+install_fw_http_plug_debug: "yes"
+install_fw_mail_plug_debug: "yes"
+install_tsg_master: "yes"
+
+kni:
+    global:
+        log_level: 10
+        tfe_node_count: 3
+    watch_dog:
+        switch: 1
+    maat:
+        readconf_mode: 2
+    send_logger:
+        switch: 1
+    tfe_nodes:
+        - tfe0:
+              enabled: 1
+        - tfe1:
+              enabled: 1
+        - tfe2:
+              enabled: 1
+tfe:
+    nr_threads: 16
+    mc_cache_eth: ens1.100
+    keykeeper:
+        mode: "normal"
+        no_cache: 0
+
+mrzcpd:
+    iocore: 47
+
+mrtunnat:
+    lcore_id: 46
+
+

adc_tera_access/group_vars/blade-00.yml

@@ -0,0 +1,14 @@
+nic_mgr:
+    name: enp6s0
+nic_data_incoming:
+    name: ens1f4
+    address: 127.0.0.1
+nic_inner_ctrl:
+    name: ens1.100
+nic_to_tfe:
+    tfe0:
+        name: ens1f5
+    tfe1:
+        name: ens1f6
+    tfe2:
+        name: ens1f7

adc_tera_access/group_vars/blade-01.yml

@@ -0,0 +1,11 @@
+nic_mgr:
+    name: enp6s0
+nic_data_incoming:
+    name: ens1f1
+    mac: AA:BB:CC:DD:EE:FF
+    address: 127.0.0.1
+nic_inner_ctrl:
+    name: ens1.100
+nic_traffic_mirror:
+    name: ens1f2
+    use_mrzcpd: 1

adc_tera_access/group_vars/blade-02.yml

@@ -0,0 +1,10 @@
+nic_mgr:
+    name: enp6s0
+nic_data_incoming:
+    name: ens8f1
+    mac: AA:BB:CC:DD:EE:FF
+nic_inner_ctrl:
+    name: ens8.100
+nic_traffic_mirror:
+    name: ens8f2
+    use_mrzcpd: 1

adc_tera_access/group_vars/blade-03.yml

@@ -0,0 +1,10 @@
+nic_mgr:
+    name: enp6s0
+nic_data_incoming:
+    name: ens8f1
+    mac: AA:BB:CC:DD:EE:FF
+nic_inner_ctrl:
+    name: ens8.100
+nic_traffic_mirror:
+    name: ens8f2
+    use_mrzcpd: 1

adc_tera_access/hosts

@@ -2,13 +2,11 @@
 ansible_user=root
 package_source=local
 
-[pc-as-tun-mode]
-
 [blade-mxn]
 192.168.40.170
 
 [blade-00]
-192.168.40.166 vvipv4_1= vvipv4_2= vvipv6_1= vvipv6_2=
+192.168.40.166
 
 [blade-01]
 192.168.40.167
@@ -19,8 +17,14 @@ package_source=local
 [blade-03]
 192.168.40.169
 
+
 [Functional_Host:children]
 blade-00
 blade-01
 blade-02
 blade-03
+
+[Slave_Host:children]
+blade-01
+blade-02
+blade-03

clear_redis_cache.yml

@@ -0,0 +1,6 @@
+- hosts: blade-00
+  tasks:
+  - name: "killall certstore"
+    command: "killall certstore"
+  - name: "clear redis cache"
+    command: "redis-cli flushdb"

deploy.yml

@@ -1,3 +1,7 @@
+- hosts: all
+  roles:
+   - groups-by-IPMB-addr
+
 - hosts: Functional_Host
   roles:
     - framework
@@ -5,49 +9,41 @@
 
 - hosts: blade-00
   roles:
-#    - tsg-env-mcn0
+    - tsg-env-mcn0
     - mrzcpd
     - sapp
     - kni
     - firewall
-    - http_healthcheck
-    - clotho
     - certstore
-    - cert-redis
 
 - hosts: blade-01
   roles:
-#    - tsg-env-mcn1
+    - tsg-env-mcn1
     - mrzcpd
     - tfe
 
 - hosts: blade-02
   roles:
-#    - tsg-env-mcn2
+    - tsg-env-mcn2
     - mrzcpd
     - tfe
 
 - hosts: blade-03
   roles:
-#    - tsg-env-mcn3
+    - tsg-env-mcn3
     - mrzcpd
     - tfe
 
 - hosts: blade-mxn
   roles:
-#    - tsg-env-mxn
+    - tsg-env-mxn
 
 - hosts: pc-as-tun-mode
   roles:
-    - kernel-ml
-    - framework
     - mrzcpd
-    - tsg-env-tun-mode
+    - framework
     - sapp
     - kni
     - firewall
-    - http_healthcheck
-    - clotho
     - certstore
-    - cert-redis
     - tfe

env-prod-astana/group_vars/all.yml

@@ -0,0 +1,60 @@
+maat_redis_server:
+    address: "10.4.35.1"
+    port: 6379
+    db: 0
+
+dynamic_maat_redis_server:
+    address: "10.4.35.1"
+    port: 6379
+    db: 1
+
+cert_store_server:
+    address: "192.168.100.1"
+    port: 9991
+
+log_kafkabrokers:
+    address: "10.4.35.7:9092,10.4.35.8:9092,10.4.35.9:9092,10.4.35.10:9092,10.4.35.11:9092"
+
+log_minio:
+    address: "10.4.35.1;"
+    port: 9000
+
+fs_remote:
+    switch: 1
+    address: "192.168.100.1"
+    port: 58125
+
+nic_transparent_mode:
+    enable: 0
+
+run_as_tun_mode: 0
+package_source: "local"
+
+kni:
+    global:
+        log_level: 10
+        tfe_node_count: 3
+    watch_dog:
+        switch: 1
+    send_logger:
+        switch: 1
+    tfe_nodes:
+        - tfe0:
+              enabled: 1
+        - tfe1:
+              enabled: 1
+        - tfe2:
+              enabled: 1
+tfe:
+    nr_threads: 16
+    keykeeper:
+        mode: "normal"
+        no_cache: 0
+
+mrzcpd:
+    iocore: 55
+
+mrtunnat:
+    lcore_id: 54
+
+

env-prod-astana/group_vars/blade-00.yml

@@ -0,0 +1,14 @@
+nic_mgr:
+    name: enp7s0
+nic_data_incoming:
+    name: ens1f4
+    address: 127.0.0.1
+nic_inner_ctrl:
+    name: ens1.100
+nic_to_tfe:
+    tfe0:
+        name: ens1f5
+    tfe1:
+        name: ens1f6
+    tfe2:
+        name: ens1f7

env-prod-astana/group_vars/blade-01.yml

@@ -0,0 +1,11 @@
+nic_mgr:
+    name: enp7s0
+nic_data_incoming:
+    name: ens1f1
+    mac: AA:BB:CC:DD:EE:FF
+    address: 127.0.0.1
+nic_inner_ctrl:
+    name: ens1.100
+nic_traffic_mirror:
+    name: ens1f2
+    use_mrzcpd: 1

env-prod-astana/group_vars/blade-02.yml

@@ -0,0 +1,10 @@
+nic_mgr:
+    name: enp7s0
+nic_data_incoming:
+    name: ens8f1
+    mac: AA:BB:CC:DD:EE:FF
+nic_inner_ctrl:
+    name: ens8.100
+nic_traffic_mirror:
+    name: ens8f2
+    use_mrzcpd: 1

env-prod-astana/group_vars/blade-03.yml

@@ -0,0 +1,10 @@
+nic_mgr:
+    name: enp7s0
+nic_data_incoming:
+    name: ens8f1
+    mac: AA:BB:CC:DD:EE:FF
+nic_inner_ctrl:
+    name: ens8.100
+nic_traffic_mirror:
+    name: ens8f2
+    use_mrzcpd: 1

env-prod-astana/hosts

@@ -0,0 +1,100 @@
+[all:vars]
+ansible_user=root
+
+[blade-mxn]
+10.4.164.23
+#10.4.164.24
+10.4.164.25
+10.4.164.26
+10.4.164.27
+10.4.164.28
+10.4.164.29
+
+[blade-00]
+10.4.39.9
+#10.4.39.13
+10.4.39.17
+10.4.39.21
+10.4.39.25
+10.4.39.29
+10.4.39.33
+
+[blade-01]
+10.4.39.10
+#10.4.39.14
+10.4.39.18
+10.4.39.22
+10.4.39.26
+10.4.39.30
+10.4.39.34
+
+[blade-02]
+10.4.39.11
+#10.4.39.15
+10.4.39.19
+10.4.39.23
+10.4.39.27
+10.4.39.31
+10.4.39.35
+
+[blade-03]
+10.4.39.12
+#10.4.39.16
+10.4.39.20
+10.4.39.24
+10.4.39.28
+10.4.39.32
+10.4.39.36
+
+[astana-adc-3]
+10.4.164.23
+10.4.39.9
+10.4.39.10
+10.4.39.11
+10.4.39.12
+
+[astana-adc-5]
+10.4.164.25
+10.4.39.17
+10.4.39.18
+10.4.39.19
+10.4.39.20
+
+[astana-adc-6]
+10.4.164.26
+10.4.39.21
+10.4.39.22
+10.4.39.23
+10.4.39.24
+
+[astana-adc-7]
+10.4.164.27
+10.4.39.25
+10.4.39.26
+10.4.39.27
+10.4.39.28
+
+[astana-adc-8]
+10.4.164.28
+10.4.39.29
+10.4.39.30
+10.4.39.31
+10.4.39.32
+
+[astana-adc-9]
+10.4.164.29
+10.4.39.33
+10.4.39.34
+10.4.39.35
+10.4.39.36
+
+[Functional_Host:children]
+blade-00
+blade-01
+blade-02
+blade-03
+
+[Slave_Host:children]
+blade-01
+blade-02
+blade-03

env-stage-hy/group_vars/all.yml

@@ -0,0 +1,45 @@
+maat_redis_server:
+    address: 192.168.100.3
+    port: 7002
+    db: 0
+
+dynamic_maat_redis_server:
+    address: 192.168.100.3
+    port: 7002
+    db: 0
+    
+cert_store_server:
+    address: 192.168.100.1
+    port: 9991
+
+log_kafkabrokers:
+    address: "192.168.100.4:9092"
+
+log_minio:
+    address: "192.168.100.4;"
+    port: 9000
+
+fs_remote:
+    switch: 0
+    address: "192.168.10.152"
+    port: 8125
+
+kni:
+    global:
+        log_level: 30
+        tfe_node_count: 3
+    watch_dog:
+        switch: 1
+    tfe_nodes:
+        - tfe0:
+              enabled: 1
+        - tfe1:
+              enabled: 1
+        - tfe2:
+              enabled: 1
+              
+tfe:
+    nr_threads: 32
+    keykeeper:
+        mode: "debug"
+        no_cache: 0

env-stage-hy/group_vars/blade-00.yml

@@ -0,0 +1,13 @@
+nic_mgr:
+    name: enp7s0
+nic_data_incoming:
+    name: ens1f4
+nic_inner_ctrl:
+    name: ens1.100
+nic_to_tfe:
+    tfe0:
+        name: ens1f5
+    tfe1:
+        name: ens1f6
+    tfe2:
+        name: ens1f7

env-stage-hy/group_vars/blade-01.yml

@@ -0,0 +1,10 @@
+nic_mgr:
+    name: enp7s0
+nic_data_incoming:
+    name: ens1f1
+    mac: AA:BB:CC:DD:EE:FF
+nic_inner_ctrl:
+    name: ens1.100
+nic_traffic_mirror:
+    name: ens1f2
+    use_mrzcpd: 1

env-stage-hy/group_vars/blade-02.yml

@@ -0,0 +1,10 @@
+nic_mgr:
+    name: enp7s0
+nic_data_incoming:
+    name: ens8f1
+    mac: AA:BB:CC:DD:EE:FF
+nic_inner_ctrl:
+    name: ens1.100
+nic_traffic_mirror:
+    name: ens8f2
+    use_mrzcpd: 1

env-stage-hy/group_vars/blade-03.yml

@@ -0,0 +1,10 @@
+nic_mgr:
+    name: enp7s0
+nic_data_incoming:
+    name: ens8f1
+    mac: AA:BB:CC:DD:EE:FF
+nic_inner_ctrl:
+    name: ens1.100
+nic_traffic_mirror:
+    name: ens8f2
+    use_mrzcpd: 1

env-stage-hy/hosts

@@ -0,0 +1,12 @@
+[all:vars]
+ansible_user=root
+
+[blade-00]
+192.168.10.41
+
+[blade-01]
+192.168.10.42
+
+[Functional_Host:children]
+blade-00
+blade-01

env-stage-pc/group_vars/all.yml

@@ -0,0 +1,76 @@
+maat_redis_server:
+  address: "192.168.40.83"
+  port: 7002
+  db: 0
+
+dynamic_maat_redis_server:
+  address: "192.168.40.83"
+  port: 7002
+  db: 0
+
+cert_store_server:
+  address: "127.0.0.1"
+  port: 9991
+
+log_kafkabrokers:
+  address: "192.168.40.85:9092"
+
+log_minio:
+  address: "192.168.40.85;"
+  port: 9000
+
+fs_remote:
+  switch: 1
+  address: "127.0.0.1"
+  port: 8125
+
+kni:
+  global:
+    log_level: 30
+    tfe_node_count: 3
+  watch_dog:
+    switch: 1
+  tfe_nodes:
+    - tfe0:
+        enabled: 1
+    - tfe1:
+        enabled: 1
+    - tfe2:
+        enabled: 1
+tfe:
+  nr_threads: 32
+  keykeeper:
+    mode: "normal"
+    no_cache: 0
+
+mrzcpd:
+  iocore: 47
+
+mrtunnat:
+  lcore_id: 46
+
+nic_mgr:
+  name: eth0
+nic_data_incoming:
+  name: tun_kni
+  address: 127.0.0.1
+nic_inner_ctrl:
+  name: lo
+nic_to_tfe:
+  tfe0:
+    name: lo
+  tfe1:
+    name: lo
+  tfe2:
+    name: lo
+nic_traffic_mirror:
+  name: lo
+  use_mrzcpd: 0
+
+nic_transparent_mode:
+  enable: 1
+  mode: pcap
+  internel_interface: "enp0s20f0u3"
+  external_interface: "enp0s20f0u4"
+
+run_as_tun_mode: 1

env-stage-pc/hosts

@@ -0,0 +1,6 @@
+[all:vars]
+ansible_user=root
+package_source=local
+
+[pc-as-tun-mode]
+192.168.40.85

env-stage-xxg/group_vars/all.yml

@@ -0,0 +1,55 @@
+maat_redis_server:
+    address: "192.168.40.120"
+    port: 7002
+    db: 0
+
+dynamic_maat_redis_server:
+    address: "192.168.40.120"
+    port: 7002
+    db: 1
+
+cert_store_server:
+    address: "192.168.40.161"
+    port: 9991
+
+log_kafkabrokers:
+    address: "192.168.40.119:9092"
+
+log_minio:
+    address: "192.168.40.223;"
+    port: 9000
+
+fs_remote:
+    switch: 1
+    address: "192.168.100.1"
+    port: 8125
+
+nic_transparent_mode:
+    enable: 0
+
+kni:
+    global:
+        log_level: 30
+        tfe_node_count: 3
+    watch_dog:
+        switch: 1
+    tfe_nodes:
+        - tfe0:
+              enabled: 1
+        - tfe1:
+              enabled: 1
+        - tfe2:
+              enabled: 1
+tfe:
+    nr_threads: 32
+    keykeeper:
+        mode: "normal"
+        no_cache: 0
+
+mrzcpd:
+    iocore: 47
+
+mrtunnat:
+    lcore_id: 46
+
+run_as_tun_mode: 1

env-stage-xxg/group_vars/blade-00.yml

@@ -0,0 +1,14 @@
+nic_mgr:
+    name: enp6s0
+nic_data_incoming:
+    name: ens1f4
+    address: 127.0.0.1
+nic_inner_ctrl:
+    name: ens1.100
+nic_to_tfe:
+    tfe0:
+        name: ens1f5
+    tfe1:
+        name: ens1f6
+    tfe2:
+        name: ens1f7

env-stage-xxg/group_vars/blade-01.yml

@@ -0,0 +1,11 @@
+nic_mgr:
+    name: enp6s0
+nic_data_incoming:
+    name: ens1f1
+    mac: AA:BB:CC:DD:EE:FF
+    address: 127.0.0.1
+nic_inner_ctrl:
+    name: ens1.100
+nic_traffic_mirror:
+    name: ens1f2
+    use_mrzcpd: 1

env-stage-xxg/group_vars/blade-02.yml

@@ -0,0 +1,10 @@
+nic_mgr:
+    name: enp6s0
+nic_data_incoming:
+    name: ens8f1
+    mac: AA:BB:CC:DD:EE:FF
+nic_inner_ctrl:
+    name: ens8.100
+nic_traffic_mirror:
+    name: ens8f2
+    use_mrzcpd: 1

env-stage-xxg/group_vars/blade-03.yml

@@ -0,0 +1,10 @@
+nic_mgr:
+    name: enp6s0
+nic_data_incoming:
+    name: ens8f1
+    mac: AA:BB:CC:DD:EE:FF
+nic_inner_ctrl:
+    name: ens8.100
+nic_traffic_mirror:
+    name: ens8f2
+    use_mrzcpd: 1

env-stage-xxg/hosts

@@ -0,0 +1,24 @@
+[all:vars]
+ansible_user=root
+package_source=pulp
+
+[blade-mxn]
+192.168.40.25
+
+[blade-00]
+192.168.40.21
+
+[blade-01]
+192.168.40.22
+
+[blade-02]
+192.168.40.23
+
+[blade-03]
+192.168.40.24
+
+[Functional_Host:children]
+blade-00
+blade-01
+blade-02
+blade-03

pc_double_arm_access/group_vars/all.yml

@@ -1,14 +1,10 @@
-########################################
-tsg_access_type: 0
-
-########################################
 maat_redis_server:
-  address: "192.168.40.168"
+  address: "192.168.40.83"
   port: 7002
   db: 0
 
 dynamic_maat_redis_server:
-  address: "192.168.40.168"
+  address: "192.168.40.83"
   port: 7002
   db: 0
 
@@ -17,10 +13,10 @@ cert_store_server:
   port: 9991
 
 log_kafkabrokers:
-  address: "192.168.40.169:9092"
+  address: "192.168.40.85:9092"
 
 log_minio:
-  address: "192.168.40.168;"
+  address: "192.168.40.85;"
   port: 9090
 
 fs_remote:
@@ -28,12 +24,17 @@ fs_remote:
   address: "127.0.0.1"
   port: 8125
   
-########################################
+install_dns_debug: "yes"
-sapp:
+install_ftp_debug: "yes"
-  worker_threads: 16
+install_http_debug: "yes"
-  bind_mask: 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16
+install_mail_debug: "yes"
+install_ssl_debug: "yes"
+install_fw_dns_plug_debug: "yes"
+install_fw_ftp_plug_debug: "yes"
+install_fw_http_plug_debug: "yes"
+install_fw_mail_plug_debug: "yes"
+install_tsg_master: "yes"
 
-########################################
 kni:
   global:
     log_level: 30
@@ -51,30 +52,33 @@ kni:
         enabled: 1
     - tfe2:
         enabled: 1
-
-########################################
 tfe:
   nr_threads: 32
-  mc_cache_eth: lo 
+  mc_cache_eth: ens1.100
   keykeeper:
     mode: "normal"
     no_cache: 0
 
-########################################
 mrzcpd:
   iocore: 39
 
 mrtunnat:
   lcore_id: 38
 
-########################################
 nic_mgr:
   name: eth0
 nic_data_incoming:
   name: tun_kni
   address: 127.0.0.1
 nic_inner_ctrl:
-  name: eth0.100
+  name: lo
+nic_to_tfe:
+  tfe0:
+    name: lo
+  tfe1:
+    name: lo
+  tfe2:
+    name: lo
 nic_traffic_mirror:
   name: lo
   use_mrzcpd: 0
@@ -85,3 +89,4 @@ nic_transparent_mode:
   internel_interface: "eth2"
   external_interface: "eth3"
 
+run_as_tun_mode: 1

pc_double_arm_access/hosts

@@ -0,0 +1,6 @@
+[all:vars]
+ansible_user=root
+package_source=local
+
+[pc-as-tun-mode]
+192.168.40.139

pulp-install.yml

@@ -0,0 +1,3 @@
+- hosts: blade-0*
+  roles:
+    - pulp-consumer

rc.local

@@ -0,0 +1,13 @@
+#!/bin/bash
+# THIS FILE IS ADDED FOR COMPATIBILITY PURPOSES
+#
+# It is highly advisable to create own systemd services or udev rules
+# to run scripts during boot instead of using this file.
+#
+# In contrast to previous versions due to parallel execution during boot
+# this script will NOT be run after all other services.
+#
+# Please note that you must run 'chmod +x /etc/rc.d/rc.local' to ensure
+# that this script will be executed during boot.
+
+touch /var/lock/subsys/local

roles/cert-redis/files/cert-redis/cert-redis.service

@@ -1,16 +0,0 @@
-[Unit]
-Description=Redis persistent key-value database
-After=network.target
-After=network-online.target
-Wants=network-online.target
-
-[Service]
-ExecStart=/usr/local/bin/start-cert-redis
-ExecStop=killall redis-server
-Type=forking
-RuntimeDirectory=redis
-RuntimeDirectoryMode=0755
-
-[Install]
-WantedBy=multi-user.target
-

roles/cert-redis/files/cert-redis/install.sh

@@ -1,6 +0,0 @@
-#!/bin/bash
-#
-cp -rf redis-server /usr/local/bin/
-cp -rf redis-cli /usr/local/bin
-cp -rf cert-redis.service /usr/lib/systemd/system/
-cp -rf start-cert-redis /usr/local/bin

roles/cert-redis/files/cert-redis/start-cert-redis

@@ -1,4 +0,0 @@
-#!/bin/bash
-#
-
-/usr/local/bin/redis-server /home/tsg/cert-redis/6379/6379.conf

roles/cert-redis/tasks/main.yml

@@ -1,15 +0,0 @@
-- name: "copy cert-redis to destination server"
-  copy:
-    src: "{{ role_path }}/files/"
-    dest: /home/tsg
-    mode: 0755
-
-- name: "install cert-redis"
-  shell: cd /home/tsg/cert-redis;sh install.sh
-
-- name: "start cert-redis"
-  systemd:
-    name: cert-redis.service
-    state: started
-    daemon_reload: yes
-    enabled: yes

roles/certstore/tasks/main.yml

@@ -1,26 +1,39 @@
-- name: "copy certstore rpm to destination"
+---
+- name: "copy redis and dependency to destination"
   synchronize:
     src: "{{ role_path }}/files/"
     dest: "/tmp/ansible_deploy/"
 
+#- name: "install redis"
+#  yum:
+#    name:
+#      - /tmp/ansible_deploy/jemalloc-3.6.0-1.el7.x86_64.rpm
+#      - /tmp/ansible_deploy/redis-3.2.12-2.el7.x86_64.rpm
+#    state: present
+
+#- name: "enable redis"
+#  systemd:
+#    name: redis
+#    enabled: yes
+#    state: started
+
 - name: Ensures /home/tsg exists
   file: path=/home/tsg state=directory
   tags: mkdir
 
 - name: install certstore
-  yum:
+  unarchive:
-    name:
+    src: "{{ role_path }}/files/certstore-base-online-20200108.tar.gz"
-      - /tmp/ansible_deploy/certstore-v20.04.3989072-1.el7.x86_64.rpm
+    dest: /home/tsg
-    state: present
 
 - name: template certstore configure file
   template:
     src: "{{ role_path }}/templates/cert_store.ini.j2"
-    dest: /home/tsg/certstore/conf/cert_store.ini
+    dest: /home/tsg/certstore-base/conf/cert_store.ini
 
-- name: "start certstore"
+- name: bootup certstore
-  systemd:
+  blockinfile:
-    name: certstore.service
+    marker: "## {mark} bootstrap certstore"
-    state: started
+    path: /etc/rc.d/rc.local
-    enabled: yes
+    block: |
-    daemon_reload: yes
+      cd /home/tsg/certstore-base; ./r2_certstore

roles/certstore/templates/cert_store.ini.j2

@@ -2,7 +2,7 @@
 #1:print on screen, 0:don't
 DEBUG_SWITCH = 1
 #10:DEBUG, 20:INFO, 30:FATAL
-RUN_LOG_LEVEL = 10
+RUN_LOG_LEVEL = 30
 RUN_LOG_PATH = ./logs
 [CONFIG]
 #Number of running threads

roles/clotho/files/clotho.service

@@ -1,13 +0,0 @@
-[Unit]
-Description=clotho
-After=network.target
-After=network-online.target
-Wants=network-online.target
-
-[Service]
-ExecStart=/home/mesasoft/clotho/clotho
-ExecStop=killall clotho
-Type=forking
-
-[Install]
-WantedBy=multi-user.target

roles/clotho/tasks/main.yml

@@ -1,29 +0,0 @@
-- name: "copy clotho rpm to destination server"
-  copy:
-    src: "{{ role_path }}/files/clotho-debug-1.0.0.-1.el7.x86_64.rpm"
-    dest: /tmp/ansible_deploy/
-
-- name: "copy  clotho.service to destination server"
-  copy:
-    src: "{{ role_path }}/files/clotho.service"
-    dest: /usr/lib/systemd/system
-    mode: 0755
-
-- name: "install clotho rpm from localhost"
-  yum:
-    name:
-      - /tmp/ansible_deploy/clotho-debug-1.0.0.-1.el7.x86_64.rpm
-    state: present
-
-- name: "Template the clotho.conf"
-  template:
-    src: "{{ role_path }}/templates/clotho.conf.j2"
-    dest: /home/mesasoft/clotho/conf/clotho.conf 
-  tags: template
- 
-- name: "start clotho"
-  systemd:
-    name: clotho.service
-    enabled: yes
-    daemon_reload: yes
-

roles/clotho/templates/clotho.conf.j2

@@ -1,7 +0,0 @@
-[KAFKA]
-BROKER_LIST={{ log_kafkabrokers.address }}
-
-[SYSTEM]
-NIC_NAME={{ nic_mgr.name }}
-LOG_LEVEL=10
-LOG_PATH=log/clotho

roles/firewall/tasks/main.yml

@@ -4,41 +4,72 @@
     src: "{{ role_path }}/files/"
     dest: /tmp/ansible_deploy/
 
-- name: "install firewall packages"
+- name: "install dns-debug rpms from localhost"
   yum:
-    name: "{{ fw_packages }}"
+    name:
-    state: present
-  vars:
-    fw_packages:
       - /tmp/ansible_deploy/dns-debug-1.0.0.-1.el7.x86_64.rpm
-      - /tmp/ansible_deploy/ftp-debug-1.0.2.1cddd55-1.el7.centos.x86_64.rpm
+    state: present
+  when: install_dns_debug == "yes"
+
+- name: "install ftp-debug rpms from localhost"
+  yum:
+    name:
+      - /tmp/ansible_deploy/ftp-debug-1.0.0.-1.el7.x86_64.rpm
+    state: present
+  when: install_ftp_debug == "yes"
+
+- name: "install http-debug rpms from localhost"
+  yum:
+    name:
       - /tmp/ansible_deploy/http-debug-1.0.0.-1.el7.x86_64.rpm
+    state: present
+  when: install_http_debug == "yes"
+ 
+- name: "install mail-debug rpms from localhost"
+  yum:
+    name:
       - /tmp/ansible_deploy/mail-debug-1.0.0.-1.el7.x86_64.rpm
+    state: present
+  when: install_mail_debug == "yes"
+
+- name: "install ssl-debug rpms from localhost"
+  yum:
+    name:   
       - /tmp/ansible_deploy/ssl-debug-1.0.0.-1.el7.x86_64.rpm
-      - /tmp/ansible_deploy/tsg_conn_record-1.0.0.2155660-1.el7.centos.x86_64.rpm
+    state: present
-      - /tmp/ansible_deploy/fw_dns_plug-debug-1.0.3.ea8e0f6-1.el7.centos.x86_64.rpm
+  when: install_ssl_debug == "yes"
-      - /tmp/ansible_deploy/fw_ftp_plug-debug-1.0.1.a5c1e05-1.el7.centos.x86_64.rpm
-      - /tmp/ansible_deploy/fw_http_plug-debug-1.0.8.620f455-1.el7.centos.x86_64.rpm
-      - /tmp/ansible_deploy/fw_mail_plug-debug-1.0.2.f513698-1.el7.centos.x86_64.rpm
-      - /tmp/ansible_deploy/fw_ssl_plug-1.0.1.d232f96-1.el7.centos.x86_64.rpm
-      - /tmp/ansible_deploy/capture_packet_plug-debug-1.0.0.-1.el7.x86_64.rpm
-      - /tmp/ansible_deploy/clotho-debug-1.0.0.-1.el7.x86_64.rpm
 
-- name: "Template the tsgconf/main.conf"
+- name: "install fw_dns_plug-debug rpms from localhost"
-  template:
+  yum:
-    src: "{{ role_path }}/templates/main.conf.j2"
+    name:
-    dest: /home/mesasoft/sapp_run/tsgconf/main.conf
+      - /tmp/ansible_deploy/fw_dns_plug-debug-1.0.2.1c9d36d-1.el7.centos.x86_64.rpm
-  tags: template
+    state: present
+  when: install_fw_dns_plug_debug == "yes" 
  
+- name: "install fw_ftp_plug-debug rpms from localhost"
+  yum:
+    name:
+      - /tmp/ansible_deploy/fw_ftp_plug-debug-1.0.0.bd656e4-1.el7.centos.x86_64.rpm
+    state: present
+  when: install_fw_ftp_plug_debug == "yes"
   
-- name: "Template the tsgconf/maat.conf"
+- name: "install fw_http_plug-debug rpms from localhost"
-  template:
+  yum:
-    src: "{{ role_path }}/templates/maat.conf.j2"
+    name:
-    dest: /home/mesasoft/sapp_run/tsgconf/maat.conf
+      - /tmp/ansible_deploy/fw_http_plug-debug-1.0.3.3c95e78-1.el7.centos.x86_64.rpm
-  tags: template
+    state: present
+  when: install_fw_http_plug_debug == "yes" 
  
-- name: "Template the conf/capture_packet_plug.conf.j2"
+- name: "install fw_mail_plug-debug rpms from localhost"
-  template:
+  yum:
-    src: "{{ role_path }}/templates/capture_packet_plug.conf.j2"
+    name:
-    dest: /home/mesasoft/sapp_run/conf/capture_packet_plug.conf
+      - /tmp/ansible_deploy/fw_mail_plug-debug-1.0.1.8792ed8-1.el7.centos.x86_64.rpm
-  tags: template
+    state: present
+  when: install_fw_mail_plug_debug == "yes"
+
+- name: "install tsg-master rpms from localhost"
+  yum:
+    name:
+      - /tmp/ansible_deploy/tsg_master-debug-1.0.1.f624b67-1.el7.centos.x86_64.rpm
+    state: present
+  when: install_tsg_master == "yes" 

roles/firewall/templates/capture_packet_plug.conf.j2

@@ -1,25 +0,0 @@
-[MAAT]
-MAAT_MODE=2
-#EFFECTIVE_FLAG=
-STAT_SWITCH=1
-PERF_SWITCH=1
-TABLE_INFO=conf/capture_packet_tableinfo.conf
-STAT_FILE=capture_packet_maat.status
-EFFECT_INTERVAL_S=1
-REDIS_IP={{ maat_redis_server.address }}
-REDIS_PORT_NUM=1
-REDIS_PORT={{ maat_redis_server.port }}
-REDIS_INDEX=0
-JSON_CFG_FILE=conf/capture_packet_maat.json
-INC_CFG_DIR=capture_packet_rule/inc/index/
-FULL_CFG_DIR=capture_packet_rule/full/index/
-
-[LOG]
-NIC_NAME={{ nic_mgr.name }}
-BROKER_LIST={{ log_kafkabrokers.address }}
-FIELD_FILE=conf/capture_packet_log_field.conf
-
-[SYSTEM]
-LOG_LEVEL=10
-LOG_PATH=./tsglog/capture_packet_plug/capture_packet
-

roles/firewall/templates/maat.conf.j2

@@ -1,30 +0,0 @@
-[STATIC]
-MAAT_MODE=2
-STAT_SWITCH=1
-PERF_SWITCH=1
-TABLE_INFO=tsgconf/tsg_static_tableinfo.conf
-STAT_FILE=tsg_static_maat.status
-EFFECT_INTERVAL_S=1
-REDIS_IP={{ maat_redis_server.address }}
-REDIS_PORT_NUM=1
-REDIS_PORT=7002
-REDIS_INDEX=0
-JSON_CFG_FILE=tsgconf/tsg_maat.json
-INC_CFG_DIR=tsgrule/inc/index/
-FULL_CFG_DIR=tsgrule/full/index/
-
-[DYNAMIC]
-MAAT_MODE=2
-STAT_SWITCH=1
-PERF_SWITCH=1
-TABLE_INFO=tsgconf/tsg_dynamic_tableinfo.conf
-STAT_FILE=tsg_dynamic_maat.status
-EFFECT_INTERVAL_S=1
-REDIS_IP={{ dynamic_maat_redis_server.address }}
-REDIS_PORT_NUM=1
-REDIS_PORT=7002
-REDIS_INDEX=1
-JSON_CFG_FILE=tsgconf/tsg_maat.json
-INC_CFG_DIR=tsgrule/inc/index/
-FULL_CFG_DIR=tsgrule/full/index/
-

roles/firewall/templates/main.conf.j2

@@ -1,51 +0,0 @@
-[FTP_PLUG]
-LOG_PATH=./tsglog/fw_ftp_plug/fw_ftp_plug
-LOG_LEVEL=10
-TIMEOUT=600
-
-[MAIL_PLUG]
-LOG_PATH=./tsglog/fw_mail_plug/fw_mail_plug
-LOG_LEVEL=10
-TIMEOUT=600
-
-[HTTP_PLUG]
-LOG_PATH=./tsglog/fw_http_plug/fw_http_plug
-LOG_LEVEL=10
-
-[DNS_PLUG]
-LOG_PATH=./tsglog/fw_dns_plug/fw_dns_plug
-LOG_LEVEL=10
-
-[MAAT]
-PROFILE=./tsgconf/maat.conf
-SUBSCRIBER_ID_TABLE=TSG_OBJ_SUBSCRIBER_ID
-CB_SUBSCRIBER_IP_TABLE=TSG_DYN_SUBSCRIBER_IP
-IP_ADDR_TABLE=TSG_SECURITY_ADDR
-
-[TSG_LOG]
-MODE=1
-NIC_NAME={{ nic_mgr.name }}
-MAX_SERVICE=1
-LOG_LEVEL=10
-LOG_PATH=./tsglog/tsglog
-BROKER_LIST={{ log_kafkabrokers.address }}
-COMMON_FIELD_FILE=tsgconf/tsg_log_field.conf
-
-[STATISTIC]
-CYCLE=0
-TELEGRAF_PORT=8100
-TELEGRAF_IP=127.0.0.1
-OUTPUT_PATH=./tsg_statistic.log
-APP_NAME=statistic
-
-[FIELD_STAT]
-CYCLE=3
-TELEGRAF_PORT=8125
-TELEGRAF_IP=127.0.0.1
-OUTPUT_PATH=./tsg_stat.log
-APP_NAME=tsg_master
-
-[SYSTEM]
-LOG_LEVEL=10
-LOG_PATH=./tsglog/tsg_master
-POLICY_PRIORITY_LABEL=POLICY_PRIORITY

roles/framework/tasks/main.yml

@@ -1,3 +1,4 @@
+---
 - name: "copy framework rpms to destination server"
   synchronize:
     src: "{{ role_path }}/files/"
@@ -9,7 +10,35 @@
     state: present
   vars:
     packages:
-      - /tmp/ansible_deploy/framework-debug-2.0.17.1e678c4-1.el7.centos.x86_64.rpm
+      - /tmp/ansible_deploy/dkms/dkms-2.7.1-1.el7.noarch.rpm
+      - /tmp/ansible_deploy/framework/framework-2.0.11.aad8b7e-1.el7.centos.x86_64.rpm
+
+- name: "install framework ld.conf"
+  synchronize:
+    src: "{{ role_path }}/files/framework/framework.conf"
+    dest: /etc/ld.so.conf.d/framework.conf
+
+- name: "install/update rulescan library"
+  synchronize:
+    src: "{{ role_path }}/files/rulescan/librulescan.so"
+    dest: /opt/MESA/lib/librulescan.so
+
+- name: "install/update maat library files"
+  synchronize:
+    src: "{{ role_path }}/files/maat/lib/"
+    dest: /opt/MESA/lib/
+
+- name: "create maat library symbol links - A"
+  file:
+    src: "libmaatframe.so.2.8"
+    path: /opt/MESA/lib/libmaatframe.so.2
+    state: link
+
+- name: "create maat library symbol links - B"
+  file:
+    src: "libmaatframe.so.2"
+    path: /opt/MESA/lib/libmaatframe.so
+    state: link
 
 - name: "update ld"
   command: ldconfig

roles/groups-by-IPMB-addr/files/groups_by_IPMB_addr.fact

@@ -0,0 +1,38 @@
+#!/usr/bin/python
+import json
+import os
+import re
+
+class GroupsByIPMB(object):
+
+    def __init__(self,IPMB_cmd_str):
+        self.IPMB_cmd_str = IPMB_cmd_str
+        self.IPMB_num_str = None 
+        self.IPMB_cmd_ret_str = None
+
+    def groups_exec_IPMB_command(self):
+        opt_handler = os.popen(self.IPMB_cmd_str)
+        self.IPMB_cmd_ret_str = opt_handler.read()
+        opt_handler.close()
+
+    def groups_split_IPMB_ret_str(self):
+        info_list = re.split(' |\n',self.IPMB_cmd_ret_str)
+        if info_list [5] == '90':
+            self.IPMB_num_str = 'IPMB_num_blade_00'
+        if info_list [5] == '80':
+            self.IPMB_num_str = 'IPMB_num_blade_01'
+        if info_list [5] == '88':
+            self.IPMB_num_str = 'IPMB_num_blade_02'
+        if info_list [5] == '98':
+            self.IPMB_num_str = 'IPMB_num_blade_03' 
+
+    def groups_print_IPMB_num_str(self):
+            print (json.dumps(self.IPMB_num_str))
+
+
+if __name__ == '__main__':
+    IPMB_cmd_str = 'ipmitool raw 0x2e 0x32 0x13 0x5f 0x00'        
+    groups_by_IPMB = GroupsByIPMB(IPMB_cmd_str)
+    groups_by_IPMB.groups_exec_IPMB_command()
+    groups_by_IPMB.groups_split_IPMB_ret_str()
+    groups_by_IPMB.groups_print_IPMB_num_str()

roles/groups-by-IPMB-addr/tasks/main.yml

@@ -0,0 +1,25 @@
+--- 
+
+- name: 'copy groups-by-IPMB-addr.fact to host'
+  copy:
+    src: "{{ role_path }}/files/groups_by_IPMB_addr.fact"
+    dest: "/etc/ansible/facts.d/groups_by_IPMB_addr.fact"
+    mode: "0755"  
+
+- name: 'Gathers facts from remote hosts'
+  setup:
+    filter: 'ansible_local'
+    fact_path: /etc/ansible/facts.d
+ 
+- name: "debug"
+  debug: var=ansible_local 
+ 
+- name: 'group by gathers facts'
+  group_by:
+    key: '{{item.key}}'
+  when: ansible_local.groups_by_IPMB_addr == item.value
+  with_items:
+   - { key: 'blade-00', value: 'IPMB_num_blade_00' }
+   - { key: 'blade-01', value: 'IPMB_num_blade_01' }
+   - { key: 'blade-02', value: 'IPMB_num_blade_02' }
+   - { key: 'blade-03', value: 'IPMB_num_blade_03' }

roles/http_healthcheck/tasks/main.yml

@@ -1,10 +0,0 @@
-- name: "copy http_healthcheck rpm to destination server"
-  copy:
-    src: "{{ role_path }}/files/"
-    dest: /tmp/ansible_deploy/
-
-- name: "install http_healthcheck from localhost"
-  yum:
-    name:
-      - /tmp/ansible_deploy/http_healthcheck-20.04-1.el7.x86_64.rpm
-    state: present

roles/kernel-ml/tasks/main.yml

@@ -9,7 +9,6 @@
     name:
       - /tmp/ansible_deploy/kernel/kernel-ml-5.1.8-1.el7.elrepo.x86_64.rpm
       - /tmp/ansible_deploy/kernel/kernel-ml-devel-5.1.8-1.el7.elrepo.x86_64.rpm
-      - /tmp/ansible_deploy/dkms-2.7.1-1.el7.noarch.rpm
     state: present
   register: t_kernel_ml
 

roles/kni/tasks/main.yml

@@ -7,7 +7,7 @@
 - name: "install kni rpms from localhost"
   yum:
     name:
-      - /tmp/ansible_deploy/kni-20.04-1.el7.x86_64.rpm
+      - /tmp/ansible_deploy/kni-3.0.2.57bfa41-1.el7.x86_64.rpm
     state: present
 
 - name: Template the kni.conf

roles/kni/templates/kni.conf.j2

@@ -3,7 +3,7 @@ log_path = ./log/kni/kni.log
 log_level = {{ kni.global.log_level }}
 tfe_node_count = {{ kni.global.tfe_node_count }}
 manage_eth = {{ nic_mgr.name }}
-{% if tsg_access_type == 0 %}
+{% if run_as_tun_mode %}
 deploy_mode = tun
 {% else %}
 deploy_mode = normal
@@ -11,8 +11,7 @@ deploy_mode = normal
 tun_name = tun_kni
 src_mac_addr = 00:0e:c6:d6:72:c1
 dst_mac_addr = fe:65:b7:03:50:bd
-{% if tsg_access_type == 0 %}
+
-{% else %}
 [tfe0]
 enabled = 1
 dev_eth_symbol = {{ nic_to_tfe.tfe0.name }}
@@ -27,7 +26,6 @@ ip_addr = 192.168.100.3
 enabled = 1
 dev_eth_symbol = {{ nic_to_tfe.tfe2.name }}
 ip_addr = 192.168.100.4
-{% endif %}
 
 [tfe_cmsg_receiver]
 listen_eth = {{ nic_inner_ctrl.name }}

roles/mrzcpd/tasks/main.yml

@@ -6,7 +6,7 @@
 
 - name: "install mrzcpd"
   yum:
-    name: /tmp/ansible_deploy/mrzcpd-4.3.18.f543325-1.el7.x86_64.rpm
+    name: /tmp/ansible_deploy/mrzcpd-4.3.15.7b8ad9e-1.el7.x86_64.rpm
     state: present
 
 - name: "update sysconfig/mrzcpd"
@@ -20,37 +20,17 @@
     dest: /opt/mrzcpd/etc/mrglobal.conf
   when: nic_traffic_mirror is defined
 
-- name: "update mrglobal.conf.inline - blade00"
+- name: "update mrglobal.conf - master blade"
   template:
     src: "{{ role_path }}/templates/mrglobal.conf.inline.j2"
     dest: /opt/mrzcpd/etc/mrglobal.conf
-  when: 
+  when: nic_traffic_mirror is not defined
-    - nic_traffic_mirror is not defined
-    - tsg_access_type == 1
 
-- name: "update mrglobal.conf.allot - blade00"
+- name: "update mrtunnat.conf - master blade"
-  template:
-    src: "{{ role_path }}/templates/mrglobal.conf.allot_access.j2"
-    dest: /opt/mrzcpd/etc/mrglobal.conf
-  when: 
-    - nic_traffic_mirror is not defined
-    - tsg_access_type == 2
-
-- name: "update mrtunnat.conf.inline - blade00"
   template:
     src: "{{ role_path }}/templates/mrtunnat.conf.inline.j2"
     dest: /opt/mrzcpd/etc/mrtunnat.conf
-  when: 
+  when: nic_traffic_mirror is not defined
-    - nic_traffic_mirror is not defined
-    - tsg_access_type == 1
-
-- name: "update mrtunnat.conf.allot_access - blade00"
-  template:
-    src: "{{ role_path }}/templates/mrtunnat.conf.allot_access.j2"
-    dest: /opt/mrzcpd/etc/mrtunnat.conf
-  when: 
-    - nic_traffic_mirror is not defined
-    - tsg_access_type == 2
 
 - name: "enable mrenv"
   systemd:
@@ -58,6 +38,13 @@
     enabled: yes
     daemon_reload: yes
 
+#- name: "mask mrenv"
+#  systemd:
+#    name: mrenv
+#    masked: yes
+#    daemon_reload: yes
+#  when: nic_traffic_mirror.use_mrzcpd == 0
+
 - name: "enable mrzcpd"
   systemd:
     name: mrzcpd
@@ -77,3 +64,11 @@
     enabled: 0
     daemon_reload: yes
   when: nic_traffic_mirror is defined
+
+
+#- name: "mask mrzcpd"
+#  systemd:
+#    name: mrzcpd
+#    masked: yes
+#    daemon_reload: yes
+#  when: nic_traffic_mirror.use_mrzcpd == 0