gfwleak/solutions-tsg-scripts
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

merge into: gfwleak:tsg-version20.4.01-deploy
Branches Tags
gfwleak:tsg-version20.11.rc1-deploy gfwleak:tsg-version21.09-ansible gfwleak:tsg-version-21.06-deploy-to-mirror-traffic gfwleak:tsg-version21.05-deploy gfwleak:tsg-deploy-K18-in-KZ-update-version-21.04 gfwleak:tsg-version21.04-deploy gfwleak:tsg-version21.03-deploy gfwleak:tsg-deploy-K18-in-KZ gfwleak:tsg-version21.02-deploy gfwleak:dpi-platform-version20.11.rc3-deploy gfwleak:dpi-version20.11.rc3-deploy gfwleak:tsg-version20.11-deploy gfwleak:tfe-4.3.16 gfwleak:tsg-version20.11.rc1-deploy-firewall gfwleak:tsg-app-global-version.20.11.02 gfwleak:tsg-version20.09-deploy gfwleak:tsg-version20.08.2-deploy gfwleak:tsg-version20.08-deploy gfwleak:tsg-version20.07-deploy gfwleak:tsg-version20.08.1-deploy gfwleak:tsg-version20.07.rc1-deploy gfwleak:self-test-and-make-static-package gfwleak:tsg-version20.06.01-deploy gfwleak:tsg-version20.06-deploy gfwleak:tsg-version20.05.01-deploy gfwleak:tsg-version20.5-deploy gfwleak:tsg-version20.5-Temp gfwleak:tsg-version20.4.01-deploy gfwleak:tsg-version20.4-deploy gfwleak:Tsg-v3.0-firewall gfwleak:master gfwleak:scripts-https-self-check gfwleak:Feature-kni-3.0
gfwleak:test-docker-env-install-1 gfwleak:test-docker-env-install gfwleak:two-job-2 gfwleak:two-job
...
pull from: gfwleak:tsg-version20.06-deploy
Branches Tags
gfwleak:tsg-version21.09-ansible gfwleak:tsg-version-21.06-deploy-to-mirror-traffic gfwleak:tsg-version21.05-deploy gfwleak:tsg-deploy-K18-in-KZ-update-version-21.04 gfwleak:tsg-version21.04-deploy gfwleak:tsg-version21.03-deploy gfwleak:tsg-deploy-K18-in-KZ gfwleak:tsg-version21.02-deploy gfwleak:dpi-platform-version20.11.rc3-deploy gfwleak:dpi-version20.11.rc3-deploy gfwleak:tsg-version20.11-deploy gfwleak:tfe-4.3.16 gfwleak:tsg-version20.11.rc1-deploy gfwleak:tsg-version20.11.rc1-deploy-firewall gfwleak:tsg-app-global-version.20.11.02 gfwleak:tsg-version20.09-deploy gfwleak:tsg-version20.08.2-deploy gfwleak:tsg-version20.08-deploy gfwleak:tsg-version20.07-deploy gfwleak:tsg-version20.08.1-deploy gfwleak:tsg-version20.07.rc1-deploy gfwleak:self-test-and-make-static-package gfwleak:tsg-version20.06.01-deploy gfwleak:tsg-version20.06-deploy gfwleak:tsg-version20.05.01-deploy gfwleak:tsg-version20.5-deploy gfwleak:tsg-version20.5-Temp gfwleak:tsg-version20.4.01-deploy gfwleak:tsg-version20.4-deploy gfwleak:Tsg-v3.0-firewall gfwleak:master gfwleak:scripts-https-self-check gfwleak:Feature-kni-3.0
gfwleak:test-docker-env-install-1 gfwleak:test-docker-env-install gfwleak:two-job-2 gfwleak:two-job

16 Commits
tsg-versio ... tsg-versio

Author SHA1 Message Date
zhangzhihan
e67c3feb23 uodate 20.06 2020-06-14 13:07:04 +08:00
zhangzhihan
32dca71844 update 2020-06-11 17:23:57 +08:00
zhangzhihan
a54f8ce853 update 2020-06-11 17:15:58 +08:00
zhangzhihan
f3076ea577 update 2020-06-11 13:18:05 +08:00
zhangzhihan
e0d3ff7927 update 2020-06-11 13:17:06 +08:00
zhangzhihan
829dd78560 update 2020-06-09 13:10:38 +08:00
zhangzhihan
792ce3da1a 20.05.01 2020-05-28 17:27:31 +08:00
zhangzhihan
aad31a42bb 20200522 2020-05-22 11:08:29 +08:00
zhangzhihan
35c6127063 20200522 2020-05-22 09:27:29 +08:00
zhangzhihan
17221ed921 20200521 2020-05-21 15:30:04 +08:00
zhangzhihan
037489a9b4 20200521 2020-05-21 15:11:12 +08:00
zhangzhihan
faae89e6e5 tsgv20.05更新 2020-05-18 18:52:52 +08:00
zhangzhihan
cd5d4b9a42 更新mrglobal.conf vlan filter 2020-05-08 11:15:05 +08:00
zhangzhihan
37847b9fba 修正部署中bug 2020-05-07 20:50:17 +08:00
zhangzhihan
ed2956f0de v20.5临时版本 2020-04-30 21:58:38 +08:00
zhangzhihan
624489cc60 v20.5临时版本 2020-04-30 21:53:59 +08:00
85 changed files with 536 additions and 92 deletions
Expand all files Collapse all files

BIN
.DS_Store vendored Normal file
View File

Binary file not shown.

4
deploy.yml
View File

@@ -8,12 +8,14 @@
# - tsg-env-mcn0 # - tsg-env-mcn0
- mrzcpd - mrzcpd
- sapp - sapp
- tsg_master
- kni - kni
- firewall - firewall
- http_healthcheck - http_healthcheck
- clotho - clotho
- certstore - certstore
- cert-redis - cert-redis
- telegraf_statistic
- hosts: blade-01 - hosts: blade-01
roles: roles:
@@ -44,6 +46,7 @@
- mrzcpd - mrzcpd
- tsg-env-tun-mode - tsg-env-tun-mode
- sapp - sapp
- tsg_master
- kni - kni
- firewall - firewall
- http_healthcheck - http_healthcheck
@@ -51,3 +54,4 @@
- certstore - certstore
- cert-redis - cert-redis
- tfe - tfe
- telegraf_statistic

38
install_config/group_vars/all.yml
View File

@@ -1,6 +1,10 @@
######################################## #########################################
#####0: Pcap; 1: Inline_device; 2: Allot; 3: ADC_Tun_mode; 4: ATCA;
tsg_access_type: 0 tsg_access_type: 0
#####0: Tun_mode; 1: ADC;
tsg_running_type: 0
######################################## ########################################
maat_redis_server: maat_redis_server:
address: "192.168.40.168" address: "192.168.40.168"
@@ -13,7 +17,7 @@ dynamic_maat_redis_server:
db: 0 db: 0
cert_store_server: cert_store_server:
address: "127.0.0.1" address: "192.168.100.1"
port: 9991 port: 9991
log_kafkabrokers: log_kafkabrokers:
@@ -25,8 +29,8 @@ log_minio:
fs_remote: fs_remote:
switch: 1 switch: 1
address: "127.0.0.1" address: "192.168.100.1"
port: 8125 port: 58125
######################################## ########################################
sapp: sapp:
@@ -67,21 +71,19 @@ mrzcpd:
mrtunnat: mrtunnat:
lcore_id: 38 lcore_id: 38
########################################
nic_mgr:
name: eth0
nic_data_incoming: nic_data_incoming:
name: tun_kni name: enp1s0
address: 127.0.0.1 vf0_name: enp1s2
nic_inner_ctrl: vf1_name: enp1s2f1
name: eth0.100 vf2_name: enp1s2f2
nic_traffic_mirror:
name: lo
use_mrzcpd: 0
nic_transparent_mode: VlanFlipping:
enable: 1 vlanID_1: 100
mode: pcap vlanID_2: 101
internel_interface: "eth2" ########################################
tsg_tun_mode:
ethname: eth0
tun_name: eth0.100
internal_interface: "eth2"
external_interface: "eth3" external_interface: "eth3"

BIN
roles/.DS_Store vendored Normal file
View File

Binary file not shown.

BIN
roles/certstore/files/certstore-v20.04.3989072-1.el7.x86_64.rpm
View File

Binary file not shown.

BIN
roles/certstore/files/certstore-v20.05.0f61dde-1.el7.centos.x86_64.rpm Normal file
View File

Binary file not shown.

2
roles/certstore/tasks/main.yml
View File

@@ -10,7 +10,7 @@
- name: install certstore - name: install certstore
yum: yum:
name: name:
- /tmp/ansible_deploy/certstore-v20.04.3989072-1.el7.x86_64.rpm - /tmp/ansible_deploy/certstore-v20.05.0f61dde-1.el7.centos.x86_64.rpm
state: present state: present
- name: template certstore configure file - name: template certstore configure file

5
roles/certstore/templates/cert_store.ini.j2
View File

@@ -15,7 +15,7 @@ expire_after = 30
local_debug = 1 local_debug = 1
ca_path = ./cert/tango-ca-v3-trust-ca.pem ca_path = ./cert/tango-ca-v3-trust-ca.pem
untrusted_ca_path = ./cert/mesalab-ca-untrust.pem untrusted_ca_path = ./cert/mesalab-ca-untrust.pem
[NTC_MAAT] [MAAT]
#Configure the load mode, #Configure the load mode,
#0: using the configuration distribution network #0: using the configuration distribution network
#1: using local json #1: using local json
@@ -43,3 +43,6 @@ port = 6379
ip = {{ maat_redis_server.address }} ip = {{ maat_redis_server.address }}
port = {{ maat_redis_server.port }} port = {{ maat_redis_server.port }}
dbindex = {{ maat_redis_server.db }} dbindex = {{ maat_redis_server.db }}
[stat]
statsd_server=192.168.100.1
statsd_port=8126

4
roles/clotho/templates/clotho.conf.j2
View File

@@ -2,6 +2,10 @@
BROKER_LIST={{ log_kafkabrokers.address }} BROKER_LIST={{ log_kafkabrokers.address }}
[SYSTEM] [SYSTEM]
{% if tsg_running_type == 0 %}
NIC_NAME={{ tsg_tun_mode.ethname }}
{% else %}
NIC_NAME={{ nic_mgr.name }} NIC_NAME={{ nic_mgr.name }}
{% endif %}
LOG_LEVEL=10 LOG_LEVEL=10
LOG_PATH=log/clotho LOG_PATH=log/clotho

BIN
roles/firewall/files/dns-2.0.2.5effe72-2.el7.x86_64.rpm Normal file
View File

Binary file not shown.

BIN
roles/firewall/files/dns-debug-1.0.0.-1.el7.x86_64.rpm
View File

Binary file not shown.

BIN
roles/firewall/files/ftp-1.0.4.5d3a283-2.el7.x86_64.rpm Executable file
View File

Binary file not shown.

BIN
roles/firewall/files/fw_ftp_plug-1.1.0.74c9a05-2.el7.x86_64.rpm Normal file
View File

Binary file not shown.

BIN
roles/firewall/files/fw_ftp_plug-debug-1.0.1.a5c1e05-1.el7.centos.x86_64.rpm
View File

Binary file not shown.

BIN
roles/firewall/files/fw_http_plug-1.1.1.d5a0b10-2.el7.x86_64.rpm Normal file
View File

Binary file not shown.

BIN
roles/firewall/files/fw_mail_plug-1.1.0.a42c5a0-2.el7.x86_64.rpm Normal file
View File

Binary file not shown.

BIN
roles/firewall/files/fw_mail_plug-debug-1.0.2.f513698-1.el7.centos.x86_64.rpm
View File

Binary file not shown.

BIN
roles/firewall/files/fw_quic_plug-1.0.1.e8cded4-2.el7.x86_64.rpm Normal file
View File

Binary file not shown.

BIN
roles/firewall/files/fw_ssl_plug-1.0.1.d232f96-1.el7.centos.x86_64.rpm
View File

Binary file not shown.

BIN
roles/firewall/files/fw_ssl_plug-1.0.3.30fcf35-2.el7.x86_64.rpm Normal file
View File

Binary file not shown.

BIN
roles/firewall/files/http-2.0.1.e8f12ee-2.el7.x86_64.rpm Normal file
View File

Binary file not shown.

BIN
roles/firewall/files/http-debug-1.0.0.-1.el7.x86_64.rpm
View File

Binary file not shown.

BIN
roles/firewall/files/mail-1.0.3.cbc6034-2.el7.x86_64.rpm Normal file
View File

Binary file not shown.

BIN
roles/firewall/files/mail-debug-1.0.0.-1.el7.x86_64.rpm
View File

Binary file not shown.

BIN
roles/firewall/files/quic-1.1.4.9c2e0ba-2.el7.x86_64.rpm Normal file
View File

Binary file not shown.

BIN
roles/firewall/files/ssl-1.0.0.73e5273-2.el7.x86_64.rpm Normal file
View File

Binary file not shown.

BIN
roles/firewall/files/ssl-debug-1.0.0.-1.el7.x86_64.rpm
View File

Binary file not shown.

20
roles/firewall/tasks/main.yml
View File

@@ -10,19 +10,21 @@
state: present state: present
vars: vars:
fw_packages: fw_packages:
- /tmp/ansible_deploy/dns-debug-1.0.0.-1.el7.x86_64.rpm - /tmp/ansible_deploy/dns-2.0.2.5effe72-2.el7.x86_64.rpm
- /tmp/ansible_deploy/ftp-debug-1.0.2.1cddd55-1.el7.centos.x86_64.rpm - /tmp/ansible_deploy/ftp-1.0.4.5d3a283-2.el7.x86_64.rpm
- /tmp/ansible_deploy/http-debug-1.0.0.-1.el7.x86_64.rpm - /tmp/ansible_deploy/http-2.0.1.e8f12ee-2.el7.x86_64.rpm
- /tmp/ansible_deploy/mail-debug-1.0.0.-1.el7.x86_64.rpm - /tmp/ansible_deploy/mail-1.0.3.cbc6034-2.el7.x86_64.rpm
- /tmp/ansible_deploy/ssl-debug-1.0.0.-1.el7.x86_64.rpm - /tmp/ansible_deploy/ssl-1.0.0.73e5273-2.el7.x86_64.rpm
- /tmp/ansible_deploy/tsg_conn_record-1.0.0.2155660-1.el7.centos.x86_64.rpm - /tmp/ansible_deploy/tsg_conn_record-1.0.0.2155660-1.el7.centos.x86_64.rpm
- /tmp/ansible_deploy/fw_dns_plug-debug-1.0.3.ea8e0f6-1.el7.centos.x86_64.rpm - /tmp/ansible_deploy/fw_dns_plug-debug-1.0.3.ea8e0f6-1.el7.centos.x86_64.rpm
- /tmp/ansible_deploy/fw_ftp_plug-debug-1.0.1.a5c1e05-1.el7.centos.x86_64.rpm - /tmp/ansible_deploy/fw_ftp_plug-1.1.0.74c9a05-2.el7.x86_64.rpm
- /tmp/ansible_deploy/fw_http_plug-debug-1.0.8.620f455-1.el7.centos.x86_64.rpm - /tmp/ansible_deploy/fw_ssl_plug-1.0.3.30fcf35-2.el7.x86_64.rpm
- /tmp/ansible_deploy/fw_mail_plug-debug-1.0.2.f513698-1.el7.centos.x86_64.rpm - /tmp/ansible_deploy/fw_mail_plug-1.1.0.a42c5a0-2.el7.x86_64.rpm
- /tmp/ansible_deploy/fw_ssl_plug-1.0.1.d232f96-1.el7.centos.x86_64.rpm - /tmp/ansible_deploy/fw_http_plug-1.1.1.d5a0b10-2.el7.x86_64.rpm
- /tmp/ansible_deploy/capture_packet_plug-debug-1.0.0.-1.el7.x86_64.rpm - /tmp/ansible_deploy/capture_packet_plug-debug-1.0.0.-1.el7.x86_64.rpm
- /tmp/ansible_deploy/clotho-debug-1.0.0.-1.el7.x86_64.rpm - /tmp/ansible_deploy/clotho-debug-1.0.0.-1.el7.x86_64.rpm
- /tmp/ansible_deploy/quic-1.1.4.9c2e0ba-2.el7.x86_64.rpm
- /tmp/ansible_deploy/fw_quic_plug-1.0.1.e8cded4-2.el7.x86_64.rpm
- name: "Template the tsgconf/main.conf" - name: "Template the tsgconf/main.conf"
template: template:

4
roles/firewall/templates/capture_packet_plug.conf.j2
View File

@@ -15,7 +15,11 @@ INC_CFG_DIR=capture_packet_rule/inc/index/
FULL_CFG_DIR=capture_packet_rule/full/index/ FULL_CFG_DIR=capture_packet_rule/full/index/
[LOG] [LOG]
{% if tsg_running_type == 0 %}
NIC_NAME={{ tsg_tun_mode.ethname }}
{% else %}
NIC_NAME={{ nic_mgr.name }} NIC_NAME={{ nic_mgr.name }}
{% endif %}
BROKER_LIST={{ log_kafkabrokers.address }} BROKER_LIST={{ log_kafkabrokers.address }}
FIELD_FILE=conf/capture_packet_log_field.conf FIELD_FILE=conf/capture_packet_log_field.conf

6
roles/firewall/templates/main.conf.j2
View File

@@ -24,7 +24,11 @@ IP_ADDR_TABLE=TSG_SECURITY_ADDR
[TSG_LOG] [TSG_LOG]
MODE=1 MODE=1
{% if tsg_running_type == 0 %}
NIC_NAME={{ tsg_tun_mode.ethname }}
{% else %}
NIC_NAME={{ nic_mgr.name }} NIC_NAME={{ nic_mgr.name }}
{% endif %}
MAX_SERVICE=1 MAX_SERVICE=1
LOG_LEVEL=10 LOG_LEVEL=10
LOG_PATH=./tsglog/tsglog LOG_PATH=./tsglog/tsglog
@@ -32,7 +36,7 @@ BROKER_LIST={{ log_kafkabrokers.address }}
COMMON_FIELD_FILE=tsgconf/tsg_log_field.conf COMMON_FIELD_FILE=tsgconf/tsg_log_field.conf
[STATISTIC] [STATISTIC]
CYCLE=0 CYCLE=1
TELEGRAF_PORT=8100 TELEGRAF_PORT=8100
TELEGRAF_IP=127.0.0.1 TELEGRAF_IP=127.0.0.1
OUTPUT_PATH=./tsg_statistic.log OUTPUT_PATH=./tsg_statistic.log

BIN
roles/framework/.DS_Store vendored Normal file
View File

Binary file not shown.

BIN
roles/framework/files/framework-debug-2.0.17.1e678c4-1.el7.centos.x86_64.rpm
View File

Binary file not shown.

BIN
roles/framework/files/libMESA_field_stat-1.0.1.852c2df-1.el7.x86_64.rpm Normal file
View File

Binary file not shown.

BIN
roles/framework/files/libMESA_field_stat2-2.9.0.16ecf3b-2.el7.x86_64.rpm Normal file
View File

Binary file not shown.

BIN
roles/framework/files/libMESA_handle_logger-1.0.9.304259e-2.el7.x86_64.rpm Normal file
View File

Binary file not shown.

BIN
roles/framework/files/libMESA_htable-3.10.11.6275308-1.el7.x86_64.rpm Normal file
View File

Binary file not shown.

BIN
roles/framework/files/libMESA_prof_load-1.0.5.bf755de-1.el7.x86_64.rpm Normal file
View File

Binary file not shown.

BIN
roles/framework/files/libWiredLB-2.0.3.c7d131b-1.el7.x86_64.rpm Normal file
View File

Binary file not shown.

BIN
roles/framework/files/libcjson-1.7.8.542ad7f-1.el7.x86_64.rpm Normal file
View File

Binary file not shown.

BIN
roles/framework/files/libdocumentanalyze-2.0.4.efdfc29-1.el7.x86_64.rpm Normal file
View File

Binary file not shown.

BIN
roles/framework/files/libmaatframe-2.8.0.5a450d2-1.el7.x86_64.rpm
View File

Binary file not shown.

BIN
roles/framework/files/libmaatframe-2.9.2.7519c63-2.el7.x86_64.rpm Normal file
View File

Binary file not shown.

BIN
roles/framework/files/librdkafka-0.11.4-1.el7.x86_64.rpm Executable file
View File

Binary file not shown.

BIN
roles/framework/files/librulescan-devel-2.2.0.900d2b3-2.el7.x86_64.rpm Normal file
View File

Binary file not shown.

BIN
roles/framework/files/libwiredcfg-2.0.2.7ce1eea-1.el7.x86_64.rpm Normal file
View File

Binary file not shown.

BIN
roles/framework/files/lz4-1.7.5-3.el7.x86_64.rpm Normal file
View File

Binary file not shown.

25
roles/framework/tasks/main.yml
View File

@@ -7,9 +7,32 @@
yum: yum:
name: "{{ packages }}" name: "{{ packages }}"
state: present state: present
skip_broken: yes
vars: vars:
packages: packages:
- /tmp/ansible_deploy/framework-debug-2.0.17.1e678c4-1.el7.centos.x86_64.rpm - /tmp/ansible_deploy/libMESA_field_stat-1.0.1.852c2df-1.el7.x86_64.rpm
- /tmp/ansible_deploy/libMESA_field_stat2-2.9.0.16ecf3b-2.el7.x86_64.rpm
- /tmp/ansible_deploylibMESA_handle_logger-1.0.9.304259e-2.el7.x86_64.rpm/
- /tmp/ansible_deploy/libMESA_htable-3.10.11.6275308-1.el7.x86_64.rpm
- /tmp/ansible_deploy/libMESA_prof_load-1.0.5.bf755de-1.el7.x86_64.rpm
- /tmp/ansible_deploy/libWiredLB-2.0.3.c7d131b-1.el7.x86_64.rpm
- /tmp/ansible_deploy/libcjson-1.7.8.542ad7f-1.el7.x86_64.rpm
- /tmp/ansible_deploy/libdocumentanalyze-2.0.4.efdfc29-1.el7.x86_64.rpm
- /tmp/ansible_deploy/libmaatframe-2.9.2.7519c63-2.el7.x86_64.rpm
- /tmp/ansible_deploy/librulescan-devel-2.2.0.900d2b3-2.el7.x86_64.rpm
- /tmp/ansible_deploy/libwiredcfg-2.0.2.7ce1eea-1.el7.x86_64.rpm
- /tmp/ansible_deploy/lz4-1.7.5-3.el7.x86_64.rpm
- /tmp/ansible_deploy/librdkafka-0.11.4-1.el7.x86_64.rpm
- name: "mkdir /etc/ld.so.conf.d/"
file:
path: /etc/ld.so.conf.d/
state: directory
- name: "copy framework.conf to destination server"
copy:
src: "{{ role_path }}/files/framework.conf"
dest: /etc/ld.so.conf.d/
- name: "update ld" - name: "update ld"
command: ldconfig command: ldconfig

8
roles/kernel-ml/files/grub Normal file
View File

@@ -0,0 +1,8 @@
GRUB_TIMEOUT=5
GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)"
GRUB_DEFAULT=saved
GRUB_DISABLE_SUBMENU=true
GRUB_TERMINAL="serial console"
GRUB_SERIAL_COMMAND="serial --speed=115200"
GRUB_CMDLINE_LINUX="crashkernel=auto console=ttyS0,115200 intel_iommu=on iommu=pt pci=realloc,assign-busses"
GRUB_DISABLE_RECOVERY="true"

14
roles/kernel-ml/tasks/main.yml
View File

@@ -17,6 +17,20 @@
command: /usr/sbin/grub2-set-default 0 command: /usr/sbin/grub2-set-default 0
when: t_kernel_ml.changed when: t_kernel_ml.changed
- name: "copy /etc/default/grub"
copy:
src: "{{ role_path }}/files/grub"
dest: "/etc/default"
when:
- tsg_access_type == 4
- t_kernel_ml.changed
- name: "grub2-mkconfig"
shell: grub2-mkconfig -o /boot/grub2/grub.cfg
when:
- tsg_access_type == 4
- t_kernel_ml.changed
- name: "reboot" - name: "reboot"
reboot: reboot:
when: t_kernel_ml.changed when: t_kernel_ml.changed

BIN
roles/kni/files/kni-20.04-1.el7.x86_64.rpm
View File

Binary file not shown.

BIN
roles/kni/files/kni-20.06-1.el7.x86_64.rpm Normal file
View File

Binary file not shown.

2
roles/kni/tasks/main.yml
View File

@@ -7,7 +7,7 @@
- name: "install kni rpms from localhost" - name: "install kni rpms from localhost"
yum: yum:
name: name:
- /tmp/ansible_deploy/kni-20.04-1.el7.x86_64.rpm - /tmp/ansible_deploy/kni-20.06-1.el7.x86_64.rpm
state: present state: present
- name: Template the kni.conf - name: Template the kni.conf

22
roles/kni/templates/kni.conf.j2
View File

@@ -2,8 +2,12 @@
log_path = ./log/kni/kni.log log_path = ./log/kni/kni.log
log_level = {{ kni.global.log_level }} log_level = {{ kni.global.log_level }}
tfe_node_count = {{ kni.global.tfe_node_count }} tfe_node_count = {{ kni.global.tfe_node_count }}
{% if tsg_running_type == 0 %}
manage_eth = {{ tsg_tun_mode.ethname }}
{% else %}
manage_eth = {{ nic_mgr.name }} manage_eth = {{ nic_mgr.name }}
{% if tsg_access_type == 0 %} {% endif %}
{% if tsg_running_type == 0 %}
deploy_mode = tun deploy_mode = tun
{% else %} {% else %}
deploy_mode = normal deploy_mode = normal
@@ -11,8 +15,12 @@ deploy_mode = normal
tun_name = tun_kni tun_name = tun_kni
src_mac_addr = 00:0e:c6:d6:72:c1 src_mac_addr = 00:0e:c6:d6:72:c1
dst_mac_addr = fe:65:b7:03:50:bd dst_mac_addr = fe:65:b7:03:50:bd
{% if tsg_access_type == 0 %} {% if tsg_access_type == 4 %}
{% else %} [tfe0]
enabled = 1
dev_eth_symbol = {{ nic_data_incoming.vf1_name }}
ip_addr = 192.168.100.1
{% elif tsg_running_type == 1 %}
[tfe0] [tfe0]
enabled = 1 enabled = 1
dev_eth_symbol = {{ nic_to_tfe.tfe0.name }} dev_eth_symbol = {{ nic_to_tfe.tfe0.name }}
@@ -30,12 +38,20 @@ ip_addr = 192.168.100.4
{% endif %} {% endif %}
[tfe_cmsg_receiver] [tfe_cmsg_receiver]
{% if tsg_running_type == 0 %}
listen_eth = {{ tsg_tun_mode.tun_name }}
{% else %}
listen_eth = {{ nic_inner_ctrl.name }} listen_eth = {{ nic_inner_ctrl.name }}
{% endif %}
listen_port = 2475 listen_port = 2475
[watch_dog] [watch_dog]
switch = {{ kni.watch_dog.switch }} switch = {{ kni.watch_dog.switch }}
{% if tsg_running_type == 0 %}
listen_eth = {{ tsg_tun_mode.tun_name }}
{% else %}
listen_eth = {{ nic_inner_ctrl.name }} listen_eth = {{ nic_inner_ctrl.name }}
{% endif %}
listen_port = 2476 listen_port = 2476
keepalive_idle = 2 keepalive_idle = 2
keepalive_intvl = 1 keepalive_intvl = 1

BIN
roles/mrzcpd/.DS_Store vendored Normal file
View File

Binary file not shown.

BIN
roles/mrzcpd/files/mrzcpd-4.3.21.26314ca-1.el7.x86_64.rpm Normal file
View File

Binary file not shown.

57
roles/mrzcpd/tasks/main.yml
View File

@@ -6,7 +6,7 @@
- name: "install mrzcpd" - name: "install mrzcpd"
yum: yum:
name: /tmp/ansible_deploy/mrzcpd-4.3.18.f543325-1.el7.x86_64.rpm name: /tmp/ansible_deploy/mrzcpd-4.3.21.26314ca-1.el7.x86_64.rpm
state: present state: present
- name: "update sysconfig/mrzcpd" - name: "update sysconfig/mrzcpd"
@@ -20,6 +20,14 @@
dest: /opt/mrzcpd/etc/mrglobal.conf dest: /opt/mrzcpd/etc/mrglobal.conf
when: nic_traffic_mirror is defined when: nic_traffic_mirror is defined
- name: "update mrglobal.conf.tun_mode - tun_server"
template:
src: "{{ role_path }}/templates/mrglobal.conf.tun_mode.j2"
dest: /opt/mrzcpd/etc/mrglobal.conf
when:
- tsg_access_type == 0
- name: "update mrglobal.conf.inline - blade00" - name: "update mrglobal.conf.inline - blade00"
template: template:
src: "{{ role_path }}/templates/mrglobal.conf.inline.j2" src: "{{ role_path }}/templates/mrglobal.conf.inline.j2"
@@ -36,6 +44,23 @@
- nic_traffic_mirror is not defined - nic_traffic_mirror is not defined
- tsg_access_type == 2 - tsg_access_type == 2
- name: "update mrglobal.conf.allot - blade00"
template:
src: "{{ role_path }}/templates/mrglobal.conf.adc_tun_mode.j2"
dest: /opt/mrzcpd/etc/mrglobal.conf
when:
- nic_traffic_mirror is not defined
- tsg_access_type == 3
- name: "update mrglobal.conf.ATCA_40G - blade00"
template:
src: "{{ role_path }}/templates/mrglobal.conf.ATCA_40G.j2"
dest: /opt/mrzcpd/etc/mrglobal.conf
when:
- nic_traffic_mirror is not defined
- tsg_access_type == 4
- name: "update mrtunnat.conf.inline - blade00" - name: "update mrtunnat.conf.inline - blade00"
template: template:
src: "{{ role_path }}/templates/mrtunnat.conf.inline.j2" src: "{{ role_path }}/templates/mrtunnat.conf.inline.j2"
@@ -52,28 +77,50 @@
- nic_traffic_mirror is not defined - nic_traffic_mirror is not defined
- tsg_access_type == 2 - tsg_access_type == 2
- name: "update mrtunnat.conf.allot_access - blade00"
template:
src: "{{ role_path }}/templates/mrtunnat.conf.adc_tun_mode.j2"
dest: /opt/mrzcpd/etc/mrtunnat.conf
when:
- nic_traffic_mirror is not defined
- tsg_access_type == 3
- name: "update mrtunnat.conf.ATCA_40G - blade00"
template:
src: "{{ role_path }}/templates/mrtunnat.conf.ATCA_40G.j2"
dest: /opt/mrzcpd/etc/mrtunnat.conf
when:
- nic_traffic_mirror is not defined
- tsg_access_type == 4
- name: "enable mrenv" - name: "enable mrenv"
systemd: systemd:
name: mrenv name: mrenv
enabled: yes enabled: yes
daemon_reload: yes daemon_reload: yes
when:
- tsg_access_type != 0
- name: "enable mrzcpd" - name: "enable mrzcpd"
systemd: systemd:
name: mrzcpd name: mrzcpd
enabled: 1 enabled: yes
daemon_reload: yes daemon_reload: yes
when:
- tsg_access_type != 0
- name: "enable mrtunnat on master" - name: "enable mrtunnat on master"
systemd: systemd:
name: mrtunnat name: mrtunnat
enabled: 1 enabled: yes
daemon_reload: yes daemon_reload: yes
when: nic_traffic_mirror is not defined when:
- nic_traffic_mirror is not defined
- tsg_access_type != 0
- name: "disable mrtunnat on slave" - name: "disable mrtunnat on slave"
systemd: systemd:
name: mrtunnat name: mrtunnat
enabled: 0 enabled: no
daemon_reload: yes daemon_reload: yes
when: nic_traffic_mirror is defined when: nic_traffic_mirror is defined

56
roles/mrzcpd/templates/mrglobal.conf.ATCA_40G.j2 Normal file
View File

@@ -0,0 +1,56 @@
[device]
device={{nic_data_incoming.vf0_name}},{{ nic_data_incoming.vf1_name }},vxlan_user,vxlan_fwd
sz_tunnel=8192
sz_buffer=0
[device:{{nic_data_incoming.vf0_name}}]
mtu=4096
clear_tx_flags=1
vlan-filter=1
vlan-strip=1
vlan-id-allow={{ VlanFlipping.vlanID_1 }},{{ VlanFlipping.vlanID_2 }}
vlan-pvid=0
vlan-pvid-mode=2
hw_strip_crc=1
[device:{{ nic_data_incoming.vf1_name }}]
mtu=4096
clear_tx_flags=1
vlan-filter=1
vlan-strip=1
vlan-id-allow=4095
vlan-pvid=0
vlan-pvid-mode=2
hw_strip_crc=1
[service]
# lcore id for i/o service, use comma to split
iocore={{ mrzcpd.iocore }}
distmode=2
hashmode=0
[eal]
virtaddr=0x7f40c4a00000
loglevel=7
[keepalive]
check_spinlock=0
[ctrlzone]
ctrlzone0=tunnat,64
[pool]
create_mode=3
sz_direct_pktmbuf=4194304
sz_indirect_pktmbuf=8192
sz_cache=256
sz_data=4096
[forward]
nr_forward_rule=6
forward_rule_0=pv,{{nic_data_incoming.vf0_name}},{{nic_data_incoming.vf0_name}}
forward_rule_1=vp,{{nic_data_incoming.vf0_name}},{{nic_data_incoming.vf0_name}}
forward_rule_2=vv,vxlan_fwd,vxlan_user
forward_rule_3=vv,vxlan_user,vxlan_fwd
forward_rule_4=pv,{{ nic_data_incoming.vf1_name }},{{ nic_data_incoming.vf1_name }}
forward_rule_5=vp,{{ nic_data_incoming.vf1_name }},{{ nic_data_incoming.vf1_name }}

67
roles/mrzcpd/templates/mrglobal.conf.adc_tun_mode.j2 Normal file
View File

@@ -0,0 +1,67 @@
[device]
device={{nic_data_incoming.name}},{{nic_to_tfe.tfe0.name}},{{nic_to_tfe.tfe1.name}},{{nic_to_tfe.tfe2.name}},vxlan_user,vxlan_fwd
sz_tunnel=8192
sz_buffer=0
[device:{{nic_data_incoming.name}}]
jumbo_frame=1
max_rx_pkt_len=15360
clear_tx_flags=1
vlan-filter=1
vlan-id-allow=1000,1001,2000,2001,4000,4001
#vlan-pvid=0
#vlan-pvid-mode=0
[device:{{nic_to_tfe.tfe0.name}}]
jumbo_frame=1
max_rx_pkt_len=15360
clear_tx_flags=1
promisc=1
[device:{{nic_to_tfe.tfe1.name}}]
jumbo_frame=1
max_rx_pkt_len=15360
clear_tx_flags=1
promisc=1
[device:{{nic_to_tfe.tfe2.name}}]
jumbo_frame=1
max_rx_pkt_len=15360
clear_tx_flags=1
promisc=1
[service]
# lcore id for i/o service, use comma to split
iocore={{ mrzcpd.iocore }}
distmode=2
hashmode=0
[eal]
virtaddr=0x7f40c4a00000
loglevel=7
[keepalive]
check_spinlock=0
[ctrlzone]
ctrlzone0=tunnat,64
[pool]
create_mode=3
sz_direct_pktmbuf=4194304
sz_indirect_pktmbuf=8192
sz_cache=256
sz_data=4096
[forward]
nr_forward_rule=10
forward_rule_0=pv,{{nic_data_incoming.name}},{{nic_data_incoming.name}}
forward_rule_1=vp,{{nic_data_incoming.name}},{{nic_data_incoming.name}}
forward_rule_2=vv,vxlan_fwd,vxlan_user
forward_rule_3=vv,vxlan_user,vxlan_fwd
forward_rule_4=pv,{{nic_to_tfe.tfe0.name}},{{nic_to_tfe.tfe0.name}}
forward_rule_5=vp,{{nic_to_tfe.tfe0.name}},{{nic_to_tfe.tfe0.name}}
forward_rule_6=pv,{{nic_to_tfe.tfe1.name}},{{nic_to_tfe.tfe1.name}}
forward_rule_7=vp,{{nic_to_tfe.tfe1.name}},{{nic_to_tfe.tfe1.name}}
forward_rule_8=pv,{{nic_to_tfe.tfe2.name}},{{nic_to_tfe.tfe2.name}}
forward_rule_9=vp,{{nic_to_tfe.tfe2.name}},{{nic_to_tfe.tfe2.name}}

2
roles/mrzcpd/templates/mrglobal.conf.allot_access.j2
View File

@@ -7,7 +7,7 @@ sz_buffer=0
jumbo_frame=1 jumbo_frame=1
max_rx_pkt_len=15360 max_rx_pkt_len=15360
clear_tx_flags=1 clear_tx_flags=1
vlan-filter=0 vlan-filter=1
vlan-id-allow={{ AllotAccess.virturlID_1 }},{{ AllotAccess.virturlID_2 }} vlan-id-allow={{ AllotAccess.virturlID_1 }},{{ AllotAccess.virturlID_2 }}
vlan-pvid=0 vlan-pvid=0
vlan-pvid-mode=2 vlan-pvid-mode=2

15
roles/mrzcpd/templates/mrglobal.conf.inline.j2
View File

@@ -4,29 +4,16 @@ sz_tunnel=8192
sz_buffer=0 sz_buffer=0
[device:{{nic_data_incoming.name}}] [device:{{nic_data_incoming.name}}]
{% if nic_data_incoming.ip is defined %}
in_addr={{nic_data_incoming.ip}} in_addr={{nic_data_incoming.ip}}
{% endif %}
{% if nic_data_incoming.mask is defined %}
in_mask={{nic_data_incoming.mask}} in_mask={{nic_data_incoming.mask}}
{% endif %}
{% if nic_data_incoming.gw is defined %}
gateway={{nic_data_incoming.gw}} gateway={{nic_data_incoming.gw}}
{% endif %}
jumbo_frame=1 jumbo_frame=1
max_rx_pkt_len=15360 max_rx_pkt_len=15360
clear_tx_flags=1 clear_tx_flags=1
{% if nic_data_incoming.ip is defined %}
#vlan-filter=1 #vlan-filter=1
#vlan-id-allow=3811,3812,3813,3814,3821,3822,3823,3824,3831,3832,3833,3834,3841,3842,3843,3844 #vlan-id-allow=1301,1302,2301,2302,1501,1502,2501,2502,1601,1602,2601,2602,1701,1702,2701,2702,1801,1802,2801,2802,1901,1902,2901,2902
#vlan-pvid=0 #vlan-pvid=0
#vlan-pvid-mode=0 #vlan-pvid-mode=0
{% else %}
vlan-filter=1
vlan-id-allow=3811,3812,3813,3814,3821,3822,3823,3824,3831,3832,3833,3834,3841,3842,3843,3844
vlan-pvid=0
vlan-pvid-mode=0
{% endif %}
[device:{{nic_to_tfe.tfe0.name}}] [device:{{nic_to_tfe.tfe0.name}}]
jumbo_frame=1 jumbo_frame=1

28
roles/mrzcpd/templates/mrglobal.conf.tun_mode.j2 Normal file
View File

@@ -0,0 +1,28 @@
[device]
device=fake
sz_tunnel=8192
sz_buffer=0
[device:lo]
jumbo_frame=1
max_rx_pkt_len=15360
clear_tx_flags=1
promisc=1
[service]
iocore={{ mrzcpd.iocore }}
[eal]
virtaddr=0x7d0000000000
loglevel=7
[keepalive]
check_spinlock=1
[pool]
create_mode=3
sz_direct_pktmbuf=4194304
sz_indirect_pktmbuf=8192
sz_cache=256
sz_data=4096

19
roles/mrzcpd/templates/mrtunnat.conf.ATCA_40G.j2 Normal file
View File

@@ -0,0 +1,19 @@
[tunnat]
lcore_id={{ mrtunnat.lcore_id }}
appsym=tunnat
phydev={{nic_data_incoming.vf0_name}}
virtdev=vxlan_fwd
nr_max_sessions=524280
nr_slots=1048576
expire_time=60
reverse_tunnel=0
use_recent_tunnel=0
use_tuple4_as_sskey=0
ctrlzone_addr_info_type=2
[vlan_flipping]
enable=1
c_router_vlan_id_0={{ VlanFlipping.vlanID_1 }}
i_router_vlan_id_0={{ VlanFlipping.vlanID_2 }}
en_mac_flipping_0=0

24
roles/mrzcpd/templates/mrtunnat.conf.adc_tun_mode.j2 Normal file
View File

@@ -0,0 +1,24 @@
[tunnat]
lcore_id={{ mrtunnat.lcore_id }}
appsym=tunnat
phydev={{nic_data_incoming.name}}
virtdev=vxlan_fwd
nr_max_sessions=524280
nr_slots=1048576
expire_time=60
reverse_tunnel=0
use_recent_tunnel=0
use_tuple4_as_sskey=1
ctrlzone_addr_info_type=2
[vlan_flipping]
enable=1
c_router_vlan_id_0=4000
i_router_vlan_id_0=4001
en_mac_flipping_0=0
c_router_vlan_id_1=1000
i_router_vlan_id_1=1001
en_mac_flipping_1=0
c_router_vlan_id_2=2000
i_router_vlan_id_2=2001
en_mac_flipping_2=0

BIN
roles/sapp/.DS_Store vendored Normal file
View File

Binary file not shown.

BIN
roles/sapp/files/sapp-4.0.14.91cbc1b-x86_64.rpm Executable file
View File

Binary file not shown.

11
roles/sapp/files/sapp.service Executable file
View File

@@ -0,0 +1,11 @@
[Unit]
Description=sapp service
Requires=mrzcpd.service
After=mrzcpd.service
[Service]
WorkingDirectory=/home/mesasoft/sapp_run
ExecStart=/home/mesasoft/sapp_run/sapp
Restart=always
RestartSec=5s
[Install]
WantedBy=multi-user.target

BIN
roles/sapp/files/tsg_master-debug-1.0.3.a4e2a7c-1.el7.centos.x86_64.rpm
View File

Binary file not shown.

22
roles/sapp/tasks/main.yml
View File

@@ -7,20 +7,11 @@
- name: "install sapp rpms from localhost" - name: "install sapp rpms from localhost"
yum: yum:
name: name:
# - /tmp/ansible_deploy/sapp-4.0.11.347f7b7-x86_64.rpm - /tmp/ansible_deploy/sapp-4.0.14.91cbc1b-x86_64.rpm
- /tmp/ansible_deploy/tsg_master-debug-1.0.3.a4e2a7c-1.el7.centos.x86_64.rpm
state: present state: present
skip_broken: yes
- name: "judge sapp" - name: "mkdir tsgconf"
shell: rpm -qa |grep sapp
register: return
ignore_errors: true
- name: "install sapp rpms from localhost"
shell: cd /tmp/ansible_deploy;rpm -ivh sapp-4.0.8.fb5bce9-1.el7.x86_64.rpm
when: return.rc != 0
- name: make dir
file: file:
path: /home/mesasoft/sapp_run/tsgconf path: /home/mesasoft/sapp_run/tsgconf
state: directory state: directory
@@ -49,6 +40,13 @@
dest: /home/mesasoft/sapp_run/etc/gdev.conf dest: /home/mesasoft/sapp_run/etc/gdev.conf
when: tsg_access_type == 1 when: tsg_access_type == 1
- name: "copy sapp.service destination server"
copy:
src: "{{ role_path }}/files/sapp.service"
dest: /usr/lib/systemd/system/
mode: 0755
- name: "enable sapp" - name: "enable sapp"
systemd: systemd:
name: sapp name: sapp

2
roles/sapp/templates/conflist.inf.j2
View File

@@ -20,7 +20,7 @@
[business] [business]
./plug/business/kni/kni.inf ./plug/business/kni/kni.inf
./plug/business/fw_ssl/fw_ssl.inf ./plug/business/fw_ssl_plug/fw_ssl_plug.inf
./plug/business/fw_http_plug/fw_http_plug.inf ./plug/business/fw_http_plug/fw_http_plug.inf
./plug/business/fw_dns_plug/fw_dns_plug.inf ./plug/business/fw_dns_plug/fw_dns_plug.inf
./plug/business/fw_mail_plug/fw_mail_plug.inf ./plug/business/fw_mail_plug/fw_mail_plug.inf

18
roles/sapp/templates/sapp.toml.j2
View File

@@ -9,13 +9,13 @@
instance_name = "sapp4" instance_name = "sapp4"
[CPU] [CPU]
{% if tsg_access_type == 0 %} {% if tsg_running_type == 0 %}
worker_threads=1 worker_threads=1
{% else %} {% else %}
worker_threads={{ sapp.worker_threads }} worker_threads={{ sapp.worker_threads }}
{% endif %} {% endif %}
### note, bind_mask, if you do not want to bind thread to special CPU core, keep it empty as [] ### note, bind_mask, if you do not want to bind thread to special CPU core, keep it empty as []
{% if tsg_access_type == 0 %} {% if tsg_running_type == 0 %}
bind_mask=[] bind_mask=[]
{% else %} {% else %}
bind_mask=[{{ sapp.bind_mask }}] bind_mask=[{{ sapp.bind_mask }}]
@@ -27,7 +27,7 @@ BSD_packet_filter=""
### note, depolyment.mode options: [mirror, inline, transparent] ### note, depolyment.mode options: [mirror, inline, transparent]
[packet_io.depolyment] [packet_io.depolyment]
{% if nic_transparent_mode.enable == 1 %} {% if tsg_access_type == 0 %}
mode=transparent mode=transparent
{% else %} {% else %}
mode=inline mode=inline
@@ -35,18 +35,18 @@ BSD_packet_filter=""
### note, interface.type options: [pag,pcap,marsio] ### note, interface.type options: [pag,pcap,marsio]
[packet_io.internal.interface] [packet_io.internal.interface]
{% if nic_transparent_mode.enable == 1 %} {% if tsg_access_type == 0 %}
type={{nic_transparent_mode.mode}} type=pcap
name={{nic_transparent_mode.internel_interface}} name={{tsg_tun_mode.internal_interface}}
{% else %} {% else %}
type=marsio type=marsio
name=vxlan_user name=vxlan_user
{% endif %} {% endif %}
[packet_io.external.interface] [packet_io.external.interface]
{% if nic_transparent_mode.enable %} {% if tsg_access_type == 0 %}
type={{nic_transparent_mode.mode}} type=pcap
name={{nic_transparent_mode.external_interface}} name={{tsg_tun_mode.external_interface}}
{% else %} {% else %}
type=pcap type=pcap
name=lo name=lo

BIN
roles/telegraf_statistic/files/telegraf-1.13.0-1.x86_64.rpm Normal file
View File

Binary file not shown.

16
roles/telegraf_statistic/files/telegraf_statistic.service Executable file
View File

@@ -0,0 +1,16 @@
[Unit]
Description=Statistic information
Documentation=https://github.com/influxdata/telegraf
After=network.target
[Service]
EnvironmentFile=-/etc/default/telegraf
User=telegraf
ExecStart=/usr/bin/telegraf -config /etc/telegraf/telegraf_statistic.conf -config-directory /etc/telegraf/telegraf_statistic.d $TELEGRAF_OPTS
ExecReload=/bin/kill -HUP $MAINPID
Restart=on-failure
RestartForceExitStatus=SIGPIPE
KillMode=control-group
[Install]
WantedBy=multi-user.target

28
roles/telegraf_statistic/tasks/main.yml Normal file
View File

@@ -0,0 +1,28 @@
- name: "copy telegraf.rpm to destination server"
copy:
src: "{{ role_path }}/files/telegraf-1.13.0-1.x86_64.rpm"
dest: /tmp
- name: "install telegraf"
yum:
name:
- /tmp/telegraf-1.13.0-1.x86_64.rpm
state: present
- name: "Templates telegraf.conf"
template:
src: "{{role_path}}/templates/telegraf_statistic.conf.j2"
dest: /etc/telegraf/telegraf_statistic.conf
tags: template
- name: "copy telegraf_statistic.service to destination server"
copy:
src: "{{ role_path }}/files/telegraf_statistic.service"
dest: /usr/lib/systemd/system
mode: 0755
- name: "Start telegraf"
systemd:
name: telegraf_statistic.service
state: started
enabled: yes

29
roles/telegraf_statistic/templates/telegraf_statistic.conf.j2 Executable file
View File

@@ -0,0 +1,29 @@
[global_tags]
[agent]
interval = "30s"
round_interval = true
metric_batch_size = 1000
metric_buffer_limit = 10000
collection_jitter = "0s"
flush_interval = "10s"
flush_jitter = "0s"
precision = ""
debug = false
quiet = false
logfile = ""
hostname = ""
omit_hostname = false
[[outputs.file]]
files = ["stdout", "/tmp/metrics.out"]
data_format = "json"
[[outputs.kafka]]
brokers = ["{{ log_kafkabrokers.address }}"]
topic = "TRAFFIC-METRICS-LOG"
data_format = "json"
[[outputs.prometheus_client]]
listen = ":9273"
path = "/metrics"
[[inputs.tcp_listener]]
[[inputs.udp_listener]]
ServiceAddress= ":8100"
data_format = "influx"

BIN
roles/tfe/files/tfe-4.3.1.cc89b5b-1.el7.x86_64.rpm
View File

Binary file not shown.

BIN
roles/tfe/files/tfe-4.3.4.82f04dc-1.el7.x86_64.rpm Normal file
View File

Binary file not shown.

2
roles/tfe/tasks/main.yml
View File

@@ -8,7 +8,7 @@
yum: yum:
name: name:
- /tmp/ansible_deploy/tfe-kmod-v1.0.5.20200408-1dkms.noarch.rpm - /tmp/ansible_deploy/tfe-kmod-v1.0.5.20200408-1dkms.noarch.rpm
- /tmp/ansible_deploy/tfe-4.3.1.cc89b5b-1.el7.x86_64.rpm - /tmp/ansible_deploy/tfe-4.3.4.82f04dc-1.el7.x86_64.rpm
state: present state: present
- name: "template tfe-env config" - name: "template tfe-env config"

7
roles/tfe/templates/pangu_pxy.conf.j2
View File

@@ -2,8 +2,13 @@
log_level=30 log_level=30
[log] [log]
nic_name= {{ nic_mgr.name }} {% if tsg_running_type == 0 %}
nic_name={{ tsg_tun_mode.ethname }}
{% else %}
nic_name={{ nic_mgr.name }}
{% endif %}
entrance_id=0 entrance_id=0
device_id_filepath=/opt/tsg/etc/tsg_sn.json
kafka_brokerlist= {{ log_kafkabrokers.address }} kafka_brokerlist= {{ log_kafkabrokers.address }}
kafka_topic=PROXY-EVENT-LOG kafka_topic=PROXY-EVENT-LOG

17
roles/tfe/templates/tfe-env-config.j2
View File

@@ -1,11 +1,20 @@
{% if tsg_running_type == 0 %}
TFE_DEVICE_DATA_INCOMING={{nic_data_incoming.name}} TFE_DEVICE_DATA_INCOMING=tun_kni
{% elif tsg_access_type == 4 %}
TFE_DEVICE_DATA_INCOMING={{ nic_data_incoming.vf2_name }}
{% else %}
TFE_DEVICE_DATA_INCOMING={{ nic_data_incoming.name }}
{% endif %}
TFE_LOCAL_MAC_DATA_INCOMING=fe:65:b7:03:50:bd TFE_LOCAL_MAC_DATA_INCOMING=fe:65:b7:03:50:bd
{% if tsg_access_type == 4 %}
TFE_PEER_MAC_DATA_INCOMING=00:0e:c6:d6:72:c1
{% else %}
TFE_PEER_MAC_DATA_INCOMING=aa:bb:cc:dd:ee:ff TFE_PEER_MAC_DATA_INCOMING=aa:bb:cc:dd:ee:ff
{% endif %}
TFE_LOCAL_IP_DATA_INCOMING=172.16.241.2 TFE_LOCAL_IP_DATA_INCOMING=172.16.241.2
TFE_PEER_IP_DATA_INCOMING=172.16.241.1 TFE_PEER_IP_DATA_INCOMING=172.16.241.1
{% if tsg_access_type == 0 %} {% if tsg_running_type == 0 %}
TFE_WATCHDOG_DEVICE={{ nic_inner_ctrl.name }} TFE_WATCHDOG_DEVICE={{ tsg_tun_mode.tun_name }}
TFE_WATCHDOG_IP=192.168.100.1 TFE_WATCHDOG_IP=192.168.100.1
{% endif %} {% endif %}

14
roles/tfe/templates/tfe.conf.j2
View File

@@ -4,6 +4,7 @@ enable_breakpad=1
enable_breakpad_upload=0 enable_breakpad_upload=0
breakpad_minidump_dir=/run/tfe/crashreport/ breakpad_minidump_dir=/run/tfe/crashreport/
breakpad_upload_url=http://127.0.0.1:9000/ breakpad_upload_url=http://127.0.0.1:9000/
disable_coredump=0
[kni] [kni]
ip=192.168.100.1 ip=192.168.100.1
@@ -30,7 +31,11 @@ service_cache_expire_seconds=600
# default 0 # default 0
mc_cache_enable=1 mc_cache_enable=1
# default eth0 # default eth0
{% if tsg_running_type == 0 %}
mc_cache_eth={{ tsg_tun_mode.tun_name }}
{% else %}
mc_cache_eth={{ nic_inner_ctrl.name }} mc_cache_eth={{ nic_inner_ctrl.name }}
{% endif %}
# default NULL # default NULL
mc_cache_broker_list={{ log_kafkabrokers.address }} mc_cache_broker_list={{ log_kafkabrokers.address }}
# default PXY-EXCH-INTERMEDIA-CERT # default PXY-EXCH-INTERMEDIA-CERT
@@ -45,12 +50,17 @@ cert_store_host= {{ cert_store_server.address }}
cert_store_port= {{ cert_store_server.port }} cert_store_port= {{ cert_store_server.port }}
ca_path=resource/tfe/tango-ca-v3-trust-ca.pem ca_path=resource/tfe/tango-ca-v3-trust-ca.pem
untrusted_ca_path=resource/tfe/tango-ca-v3-untrust-ca.pem untrusted_ca_path=resource/tfe/tango-ca-v3-untrust-ca.pem
enable_health_check=0
[debug] [debug]
passthrough_all_tcp=0 passthrough_all_tcp=0
[traffic_mirror] [traffic_mirror]
{% if tsg_running_type == 0 %}
device=lo
{% else %}
device={{ nic_traffic_mirror.name }} device={{ nic_traffic_mirror.name }}
{% endif %}
type=0 type=0
[ratelimit] [ratelimit]
@@ -69,11 +79,11 @@ tcp_ttl_upstream=75
tcp_ttl_downstream=70 tcp_ttl_downstream=70
[log] [log]
level=30 level=10
[stat] [stat]
statsd_server={{ fs_remote.address }} statsd_server={{ fs_remote.address }}
statsd_port={{ fs_remote.port }} statsd_port={{ fs_remote.port }}
[http] [http]
loglevel=30 loglevel=10

28
roles/tsg-env-tun-mode/templates/setup.j2
View File

@@ -1,5 +1,27 @@
#!/bin/bash #!/bin/bash
modprobe 8021q modprobe 8021q
vconfig add {{ nic_mgr.name }} 100 vconfig add {{ tsg_tun_mode.ethname }} 100
vconfig set_flag {{ nic_mgr.name }}.100 1 1 vconfig set_flag {{ tsg_tun_mode.ethname }}.100 1 1
ifconfig {{ nic_mgr.name }}.100 192.168.100.1 netmask 255.255.255.0 up ifconfig {{ tsg_tun_mode.ethname }}.100 192.168.100.1 netmask 255.255.255.0 up
{% if tsg_access_type == 0 %}
ethtool -K {{ tsg_tun_mode.internal_interface }} tso off
ethtool -K {{ tsg_tun_mode.internal_interface }} gso off
ethtool -K {{ tsg_tun_mode.internal_interface }} gro off
ethtool -K {{ tsg_tun_mode.external_interface }} tso off
ethtool -K {{ tsg_tun_mode.external_interface }} gso off
ethtool -K {{ tsg_tun_mode.external_interface }} gro off
{% elif tsg_access_type == 4 %}
echo 3 > /sys/class/net/{{ nic_data_incoming.name }}/device/sriov_numvfs
ip link set {{ nic_data_incoming.name }} vf 1 vlan 4095
ip link set {{ nic_data_incoming.name }} vf 2 vlan 4095
ip link set {{ nic_data_incoming.name }} vf 0 trust on
ip link set {{ nic_data_incoming.name }} vf 1 trust on
ip link set {{ nic_data_incoming.name }} vf 2 trust on
ip link set {{ nic_data_incoming.name }} vf 1 mac 00:0e:c6:d6:72:c1
ip link set {{ nic_data_incoming.name }} vf 2 mac fe:65:b7:03:50:bd
ip link set {{ nic_data_incoming.name }} vf 0 spoofchk off
ip link set {{ nic_data_incoming.vf0_name }} up
ip link set {{ nic_data_incoming.vf1_name }} up
ip link set {{ nic_data_incoming.vf2_name }} up
{% endif %}

9
roles/tsg-env-tun-mode/templates/tsg-env_stop.j2
View File

@@ -1,5 +1,8 @@
#!/bin/bash #!/bin/bash
# #
echo 0 >/sys/class/net/ens1/device/sriov_numvfs echo 0 >/sys/class/net/{{ tsg_tun_mode.ethname }}/device/sriov_numvfs
ifconfig {{ nic_mgr.name }}.100 down ifconfig {{ tsg_tun_mode.ethname }}.100 down
vconfig rem {{ nic_mgr.name }}.100 vconfig rem {{ tsg_tun_mode.ethname }}.100
{% if tsg_access_type == 4 %}
echo 0 >/sys/class/net/{{ nic_data_incoming.name }}/device/sriov_numvfs
{% endif %}

BIN
roles/tsg_master/files/tsg_master-1.2.8.2aa222c-2.el7.x86_64.rpm Normal file
View File

Binary file not shown.

BIN
roles/tsg_master/files/tsg_master-debug-1.0.3.a4e2a7c-1.el7.centos.x86_64.rpm
View File

Binary file not shown.

3
roles/tsg_master/tasks/main.yml
View File

@@ -6,5 +6,6 @@
- name: "install tsg_master from localhost" - name: "install tsg_master from localhost"
yum: yum:
name: name:
- /tmp/ansible_deploy/tsg_master-debug-1.0.3.a4e2a7c-1.el7.centos.x86_64.rpm - /tmp/ansible_deploy/tsg_master-1.2.8.2aa222c-2.el7.x86_64.rpm
state: present state: present
skip_broken: yes