20200522

install_config/group_vars/all.yml

@@ -68,20 +68,9 @@ mrtunnat:
   lcore_id: 38
 
 ########################################
-nic_mgr:
+tsg_tun_mode:
-  name: eth0
+  ethname: eth0
-nic_data_incoming:
+  tun_name: eth0.100
-  name: tun_kni
+  internal_interface: "eth2"
-  address: 127.0.0.1
-nic_inner_ctrl:
-  name: eth0.100
-nic_traffic_mirror:
-  name: lo
-  use_mrzcpd: 0
-
-nic_transparent_mode:
-  enable: 1
-  mode: pcap
-  internel_interface: "eth2"
   external_interface: "eth3"
 

roles/clotho/templates/clotho.conf.j2

@@ -2,6 +2,10 @@
 BROKER_LIST={{ log_kafkabrokers.address }}
 
 [SYSTEM]
+{% if tsg_access_type == 0 %}
+NIC_NAME={{ tsg_tun_mode.ethname }}
+{% else %}
 NIC_NAME={{ nic_mgr.name }}
+{% endif %}
 LOG_LEVEL=10
 LOG_PATH=log/clotho

roles/firewall/tasks/main.yml

@@ -10,17 +10,17 @@
     state: present
   vars:
     fw_packages:
-      - /tmp/ansible_deploy/dns-debug-1.0.0.-1.el7.x86_64.rpm
+      - /tmp/ansible_deploy/dns-2.0.2.5effe72-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/ftp-debug-1.0.2.1cddd55-1.el7.centos.x86_64.rpm
+      - /tmp/ansible_deploy/ftp-1.0.4.5d3a283-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/http-debug-1.0.0.-1.el7.x86_64.rpm
+      - /tmp/ansible_deploy/http-2.0.1.e8f12ee-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/mail-debug-1.0.0.-1.el7.x86_64.rpm
+      - /tmp/ansible_deploy/mail-1.0.3.cbc6034-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/ssl-debug-1.0.0.-1.el7.x86_64.rpm
+      - /tmp/ansible_deploy/ssl-1.0.0.73e5273-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/tsg_conn_record-1.0.0.2155660-1.el7.centos.x86_64.rpm
       - /tmp/ansible_deploy/fw_dns_plug-debug-1.0.3.ea8e0f6-1.el7.centos.x86_64.rpm
-      - /tmp/ansible_deploy/fw_ftp_plug-debug-1.0.1.a5c1e05-1.el7.centos.x86_64.rpm
+      - /tmp/ansible_deploy/fw_ftp_plug-1.0.3.73372b5-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/fw_ssl_plug-1.0.0.-1.el7.x86_64.rpm
+      - /tmp/ansible_deploy/fw_ssl_plug-1.0.3.30fcf35-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/fw_mail_plug-debug-1.0.0.-1.el7.x86_64.rpm
+      - /tmp/ansible_deploy/fw_mail_plug-1.0.4.03e1b53-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/fw_http_plug-debug-1.0.0.-1.el7.x86_64.rpm
+      - /tmp/ansible_deploy/fw_http_plug-1.0.14.2f3b011-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/capture_packet_plug-debug-1.0.0.-1.el7.x86_64.rpm
       - /tmp/ansible_deploy/clotho-debug-1.0.0.-1.el7.x86_64.rpm
 

roles/firewall/templates/capture_packet_plug.conf.j2

@@ -15,7 +15,11 @@ INC_CFG_DIR=capture_packet_rule/inc/index/
 FULL_CFG_DIR=capture_packet_rule/full/index/
 
 [LOG]
+{% if tsg_access_type == 0 %}
+NIC_NAME={{ tsg_tun_mode.ethname }}
+{% else %}
 NIC_NAME={{ nic_mgr.name }}
+{% endif %}
 BROKER_LIST={{ log_kafkabrokers.address }}
 FIELD_FILE=conf/capture_packet_log_field.conf
 

roles/firewall/templates/main.conf.j2

@@ -24,7 +24,11 @@ IP_ADDR_TABLE=TSG_SECURITY_ADDR
 
 [TSG_LOG]
 MODE=1
+{% if tsg_access_type == 0 %}
+NIC_NAME={{ tsg_tun_mode.ethname }}
+{% else %}
 NIC_NAME={{ nic_mgr.name }}
+{% endif %}
 MAX_SERVICE=1
 LOG_LEVEL=10
 LOG_PATH=./tsglog/tsglog

roles/framework/tasks/main.yml

@@ -7,9 +7,32 @@
   yum:
     name: "{{ packages }}"
     state: present
+    skip_broken: yes
   vars:
     packages:
-      - /tmp/ansible_deploy/framework-debug-2.0.17.1e678c4-1.el7.centos.x86_64.rpm
+      - /tmp/ansible_deploy/libMESA_field_stat-1.0.1.852c2df-1.el7.x86_64.rpm
+      - /tmp/ansible_deploy/libMESA_field_stat2-2.8.6.c183ed6-1.el7.x86_64.rpm
+      - /tmp/ansible_deploy/libMESA_handle_logger-1.0.8.bd5f0ac-1.el7.x86_64.rpm
+      - /tmp/ansible_deploy/libMESA_htable-3.10.11.6275308-1.el7.x86_64.rpm
+      - /tmp/ansible_deploy/libMESA_prof_load-1.0.5.bf755de-1.el7.x86_64.rpm
+      - /tmp/ansible_deploy/libWiredLB-2.0.3.c7d131b-1.el7.x86_64.rpm
+      - /tmp/ansible_deploy/libcjson-1.7.8.542ad7f-1.el7.x86_64.rpm
+      - /tmp/ansible_deploy/libdocumentanalyze-2.0.4.efdfc29-1.el7.x86_64.rpm
+      - /tmp/ansible_deploy/libmaatframe-2.8.1.8729ebf-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/librulescan-2.1.7.c27f70d-1.el7.x86_64.rpm
+      - /tmp/ansible_deploy/libwiredcfg-2.0.2.7ce1eea-1.el7.x86_64.rpm
+      - /tmp/ansible_deploy/lz4-1.7.5-3.el7.x86_64.rpm
+      - /tmp/ansible_deploy/librdkafka-0.11.4-1.el7.x86_64.rpm
+
+- name: "mkdir /etc/ld.so.conf.d/"
+  file:
+    path: /etc/ld.so.conf.d/
+    state: directory
+
+- name: "copy framework.conf to destination server"
+  copy:
+    src: "{{ role_path }}/files/framework.conf"
+    dest: /etc/ld.so.conf.d/
 
 - name: "update ld"
   command: ldconfig

roles/kni/templates/kni.conf.j2

@@ -2,7 +2,11 @@
 log_path = ./log/kni/kni.log
 log_level = {{ kni.global.log_level }}
 tfe_node_count = {{ kni.global.tfe_node_count }}
+{% if tsg_access_type == 0 %}
+manage_eth = {{ tsg_tun_mode.ethname }}
+{% else %}
 manage_eth = {{ nic_mgr.name }}
+{% endif %}
 {% if tsg_access_type == 0 %}
 deploy_mode = tun
 {% else %}
@@ -30,12 +34,20 @@ ip_addr = 192.168.100.4
 {% endif %}
 
 [tfe_cmsg_receiver]
+{% if tsg_access_type == 0 %}
+listen_eth = {{ tsg_tun_mode.tun_name }}
+{% else %}
 listen_eth = {{ nic_inner_ctrl.name }}
+{% endif %}
 listen_port = 2475
 
 [watch_dog]
 switch = {{ kni.watch_dog.switch }}
+{% if tsg_access_type == 0 %}
+listen_eth = {{ tsg_tun_mode.tun_name }}
+{% else %}
 listen_eth = {{ nic_inner_ctrl.name }}
+{% endif %}
 listen_port = 2476
 keepalive_idle = 2
 keepalive_intvl = 1

roles/mrzcpd/tasks/main.yml

@@ -6,7 +6,7 @@
 
 - name: "install mrzcpd"
   yum:
-    name: /tmp/ansible_deploy/mrzcpd-4.3.18.f543325-1.el7.x86_64.rpm
+    name: /tmp/ansible_deploy/mrzcpd-4.3.19.f936069-1.el7.x86_64.rpm
     state: present
 
 - name: "update sysconfig/mrzcpd"
@@ -20,6 +20,14 @@
     dest: /opt/mrzcpd/etc/mrglobal.conf
   when: nic_traffic_mirror is defined
 
+
+- name: "update mrglobal.conf.tun_mode - tun_server"
+  template:
+    src: "{{ role_path }}/templates/mrglobal.conf.tun_mode.j2"
+    dest: /opt/mrzcpd/etc/mrglobal.conf
+  when: 
+    - tsg_access_type == 0
+
 - name: "update mrglobal.conf.inline - blade00"
   template:
     src: "{{ role_path }}/templates/mrglobal.conf.inline.j2"
@@ -36,6 +44,14 @@
     - nic_traffic_mirror is not defined
     - tsg_access_type == 2
 
+- name: "update mrglobal.conf.allot - blade00"
+  template:
+    src: "{{ role_path }}/templates/mrglobal.conf.adc_tun_mode.j2"
+    dest: /opt/mrzcpd/etc/mrglobal.conf
+  when: 
+    - nic_traffic_mirror is not defined
+    - tsg_access_type == 3
+
 - name: "update mrtunnat.conf.inline - blade00"
   template:
     src: "{{ role_path }}/templates/mrtunnat.conf.inline.j2"
@@ -52,6 +68,14 @@
     - nic_traffic_mirror is not defined
     - tsg_access_type == 2
 
+- name: "update mrtunnat.conf.allot_access - blade00"
+  template:
+    src: "{{ role_path }}/templates/mrtunnat.conf.adc_tun_mode.j2"
+    dest: /opt/mrzcpd/etc/mrtunnat.conf
+  when: 
+    - nic_traffic_mirror is not defined
+    - tsg_access_type == 3
+
 - name: "enable mrenv"
   systemd:
     name: mrenv
@@ -61,19 +85,19 @@
 - name: "enable mrzcpd"
   systemd:
     name: mrzcpd
-    enabled: 1
+    enabled: yes
     daemon_reload: yes
 
 - name: "enable mrtunnat on master"
   systemd:
     name: mrtunnat
-    enabled: 1
+    enabled: yes
     daemon_reload: yes
   when: nic_traffic_mirror is not defined
 
 - name: "disable mrtunnat on slave"
   systemd:
     name: mrtunnat
-    enabled: 0
+    enabled: no
     daemon_reload: yes
   when: nic_traffic_mirror is defined

roles/mrzcpd/templates/mrglobal.conf.adc_tun_mode.j2

@@ -0,0 +1,67 @@
+[device]
+device={{nic_data_incoming.name}},{{nic_to_tfe.tfe0.name}},{{nic_to_tfe.tfe1.name}},{{nic_to_tfe.tfe2.name}},vxlan_user,vxlan_fwd
+sz_tunnel=8192
+sz_buffer=0
+
+[device:{{nic_data_incoming.name}}]
+jumbo_frame=1
+max_rx_pkt_len=15360
+clear_tx_flags=1
+vlan-filter=1
+vlan-id-allow=1000,1001,2000,2001,4000,4001
+#vlan-pvid=0
+#vlan-pvid-mode=0
+
+[device:{{nic_to_tfe.tfe0.name}}]
+jumbo_frame=1
+max_rx_pkt_len=15360
+clear_tx_flags=1
+promisc=1
+
+[device:{{nic_to_tfe.tfe1.name}}]
+jumbo_frame=1
+max_rx_pkt_len=15360
+clear_tx_flags=1
+promisc=1
+
+[device:{{nic_to_tfe.tfe2.name}}]
+jumbo_frame=1
+max_rx_pkt_len=15360
+clear_tx_flags=1
+promisc=1
+
+[service]
+# lcore id for i/o service, use comma to split
+iocore={{ mrzcpd.iocore }}
+distmode=2
+hashmode=0
+
+[eal]
+virtaddr=0x7f40c4a00000
+loglevel=7
+
+[keepalive]
+check_spinlock=0
+
+[ctrlzone]
+ctrlzone0=tunnat,64
+
+[pool]
+create_mode=3
+sz_direct_pktmbuf=4194304
+sz_indirect_pktmbuf=8192
+sz_cache=256
+sz_data=4096
+
+[forward]
+nr_forward_rule=10
+forward_rule_0=pv,{{nic_data_incoming.name}},{{nic_data_incoming.name}}
+forward_rule_1=vp,{{nic_data_incoming.name}},{{nic_data_incoming.name}}
+forward_rule_2=vv,vxlan_fwd,vxlan_user
+forward_rule_3=vv,vxlan_user,vxlan_fwd
+forward_rule_4=pv,{{nic_to_tfe.tfe0.name}},{{nic_to_tfe.tfe0.name}}
+forward_rule_5=vp,{{nic_to_tfe.tfe0.name}},{{nic_to_tfe.tfe0.name}}
+forward_rule_6=pv,{{nic_to_tfe.tfe1.name}},{{nic_to_tfe.tfe1.name}}
+forward_rule_7=vp,{{nic_to_tfe.tfe1.name}},{{nic_to_tfe.tfe1.name}}
+forward_rule_8=pv,{{nic_to_tfe.tfe2.name}},{{nic_to_tfe.tfe2.name}}
+forward_rule_9=vp,{{nic_to_tfe.tfe2.name}},{{nic_to_tfe.tfe2.name}}

roles/mrzcpd/templates/mrglobal.conf.inline.j2

@@ -4,29 +4,16 @@ sz_tunnel=8192
 sz_buffer=0
 
 [device:{{nic_data_incoming.name}}]
-{% if nic_data_incoming.ip is defined %}
 in_addr={{nic_data_incoming.ip}}
-{% endif %}
-{% if nic_data_incoming.mask is defined %}
 in_mask={{nic_data_incoming.mask}}
-{% endif %}
-{% if nic_data_incoming.gw is defined %}
 gateway={{nic_data_incoming.gw}}
-{% endif %}
 jumbo_frame=1
 max_rx_pkt_len=15360
 clear_tx_flags=1
-{% if nic_data_incoming.ip is defined %}
 #vlan-filter=1
-#vlan-id-allow=3811,3812,3813,3814,3821,3822,3823,3824,3831,3832,3833,3834,3841,3842,3843,3844
+#vlan-id-allow=1301,1302,2301,2302,1501,1502,2501,2502,1601,1602,2601,2602,1701,1702,2701,2702,1801,1802,2801,2802,1901,1902,2901,2902
 #vlan-pvid=0
 #vlan-pvid-mode=0
-{% else %}
-vlan-filter=0
-vlan-id-allow=3811,3812,3813,3814,3821,3822,3823,3824,3831,3832,3833,3834,3841,3842,3843,3844
-vlan-pvid=0
-vlan-pvid-mode=0
-{% endif %}
 
 [device:{{nic_to_tfe.tfe0.name}}]
 jumbo_frame=1

roles/mrzcpd/templates/mrglobal.conf.tun_mode.j2

@@ -0,0 +1,28 @@
+[device]
+device=fake
+sz_tunnel=8192
+sz_buffer=0
+
+[device:lo]
+jumbo_frame=1
+max_rx_pkt_len=15360
+clear_tx_flags=1
+promisc=1
+
+[service]
+iocore={{ mrzcpd.iocore }}
+
+[eal]
+virtaddr=0x7d0000000000
+loglevel=7
+
+[keepalive]
+check_spinlock=1
+
+[pool]
+create_mode=3
+sz_direct_pktmbuf=4194304
+sz_indirect_pktmbuf=8192
+sz_cache=256
+sz_data=4096
+

roles/mrzcpd/templates/mrtunnat.conf.adc_tun_mode.j2

@@ -0,0 +1,24 @@
+[tunnat]
+lcore_id={{ mrtunnat.lcore_id }}
+appsym=tunnat
+phydev={{nic_data_incoming.name}}
+virtdev=vxlan_fwd
+nr_max_sessions=524280
+nr_slots=1048576
+expire_time=60
+reverse_tunnel=0
+use_recent_tunnel=0
+use_tuple4_as_sskey=1
+ctrlzone_addr_info_type=2
+
+[vlan_flipping]
+enable=1
+c_router_vlan_id_0=4000
+i_router_vlan_id_0=4001
+en_mac_flipping_0=0
+c_router_vlan_id_1=1000
+i_router_vlan_id_1=1001
+en_mac_flipping_1=0
+c_router_vlan_id_2=2000
+i_router_vlan_id_2=2001
+en_mac_flipping_2=0

roles/sapp/tasks/main.yml

@@ -7,20 +7,12 @@
 - name: "install sapp rpms from localhost"
   yum:
     name:
-    #  - /tmp/ansible_deploy/sapp-4.0.11.347f7b7-x86_64.rpm
+      - /tmp/ansible_deploy/tsg_master-1.0.6.7c22c8d-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/tsg_master-debug-1.0.0.-1.el7.x86_64.rpm
+      - /tmp/ansible_deploy/sapp-4.0.12.f8435d8-x86_64.rpm
     state: present
+    skip_broken: yes
 
-- name: "judge sapp"
+- name: "mkdir tsgconf"
-  shell: rpm -qa |grep sapp
-  register: return
-  ignore_errors: true
-
-- name: "install sapp rpms from localhost"
-  shell: cd /tmp/ansible_deploy;rpm -ivh sapp-4.0.8.fb5bce9-1.el7.x86_64.rpm
-  when: return.rc != 0
-
-- name: make dir
   file:
     path: /home/mesasoft/sapp_run/tsgconf
     state: directory

roles/sapp/templates/sapp.toml.j2

@@ -27,7 +27,7 @@ BSD_packet_filter=""
    
 ### note, depolyment.mode options: [mirror, inline, transparent]
     [packet_io.depolyment]
-    {% if nic_transparent_mode.enable == 1 %}
+    {% if tsg_access_type == 0 %}
     mode=transparent
     {% else %}
     mode=inline
@@ -35,18 +35,18 @@ BSD_packet_filter=""
 
 ### note, interface.type options: [pag,pcap,marsio]
     [packet_io.internal.interface]
-    {% if nic_transparent_mode.enable == 1 %}
+    {% if tsg_access_type == 0 %}
-    type={{nic_transparent_mode.mode}}
+    type=pcap
-    name={{nic_transparent_mode.internel_interface}}
+    name={{tsg_tun_mode.internal_interface}}
     {% else %}
     type=marsio
     name=vxlan_user
     {% endif %}
 
     [packet_io.external.interface]
-    {% if nic_transparent_mode.enable %}
+    {% if tsg_access_type == 0 %}
-    type={{nic_transparent_mode.mode}}
+    type=pcap
-    name={{nic_transparent_mode.external_interface}}
+    name={{tsg_tun_mode.external_interface}}
     {% else %}
     type=pcap
     name=lo

roles/tfe/tasks/main.yml

@@ -8,7 +8,7 @@
   yum:
     name:
       - /tmp/ansible_deploy/tfe-kmod-v1.0.5.20200408-1dkms.noarch.rpm
-      - /tmp/ansible_deploy/tfe-4.3.1.202004291711100800.374930d-1.el7.x86_64.rpm
+      - /tmp/ansible_deploy/tfe-4.3.2.374930d-1.el7.x86_64.rpm
     state: present
 
 - name: "template tfe-env config"

roles/tfe/templates/pangu_pxy.conf.j2

@@ -2,7 +2,11 @@
 log_level=30
 
 [log]
-nic_name= {{ nic_mgr.name }}
+{% if tsg_access_type == 0 %}
+nic_name={{ tsg_tun_mode.ethname }}
+{% else %}
+nic_name={{ nic_mgr.name }}
+{% endif %}
 entrance_id=0
 kafka_brokerlist= {{ log_kafkabrokers.address }}
 kafka_topic=PROXY-EVENT-LOG

roles/tfe/templates/tfe-env-config.j2

@@ -1,11 +1,14 @@
-
+{% if tsg_access_type == 0 %}
-TFE_DEVICE_DATA_INCOMING={{nic_data_incoming.name}}
+TFE_DEVICE_DATA_INCOMING={{ tsg_tun_mode.tun_name }}
+{% else %}
+TFE_DEVICE_DATA_INCOMING={{ nic_data_incoming.name }}
+{% endif %}
 TFE_LOCAL_MAC_DATA_INCOMING=fe:65:b7:03:50:bd
 TFE_PEER_MAC_DATA_INCOMING=aa:bb:cc:dd:ee:ff
 TFE_LOCAL_IP_DATA_INCOMING=172.16.241.2
 TFE_PEER_IP_DATA_INCOMING=172.16.241.1
 
 {% if tsg_access_type == 0 %}
-TFE_WATCHDOG_DEVICE={{ nic_inner_ctrl.name }}
+TFE_WATCHDOG_DEVICE={{ tsg_tun_mode.tun_name }}
 TFE_WATCHDOG_IP=192.168.100.1
 {% endif %}

roles/tfe/templates/tfe.conf.j2

@@ -4,6 +4,7 @@ enable_breakpad=1
 enable_breakpad_upload=0
 breakpad_minidump_dir=/run/tfe/crashreport/
 breakpad_upload_url=http://127.0.0.1:9000/
+disable_coredump=0
 
 [kni]
 ip=192.168.100.1
@@ -30,7 +31,11 @@ service_cache_expire_seconds=600
 # default 0
 mc_cache_enable=1
 # default eth0
+{% if tsg_access_type == 0 %}
+mc_cache_eth={{ tsg_tun_mode.tun_name }}
+{% else %}
 mc_cache_eth={{ nic_inner_ctrl.name }}
+{% endif %}
 # default NULL
 mc_cache_broker_list={{ log_kafkabrokers.address }}
 # default PXY-EXCH-INTERMEDIA-CERT
@@ -50,7 +55,11 @@ untrusted_ca_path=resource/tfe/tango-ca-v3-untrust-ca.pem
 passthrough_all_tcp=0
 
 [traffic_mirror]
+{% if tsg_access_type == 0 %}
+device=lo
+{% else %}
 device={{ nic_traffic_mirror.name }}
+{% endif %}
 type=0
 
 [ratelimit]

roles/tsg-env-tun-mode/templates/setup.j2

@@ -1,11 +1,11 @@
 #!/bin/bash
 modprobe 8021q
-vconfig add {{ nic_mgr.name }} 100
+vconfig add {{ tsg_tun_mode.ethname }} 100
-vconfig set_flag {{ nic_mgr.name }}.100 1 1
+vconfig set_flag {{ tsg_tun_mode.ethname }}.100 1 1
-ifconfig {{ nic_mgr.name }}.100 192.168.100.1 netmask 255.255.255.0 up
+ifconfig {{ tsg_tun_mode.ethname }}.100 192.168.100.1 netmask 255.255.255.0 up
-ethtool -K {{ nic_transparent_mode.internel_interface }} tso off
+ethtool -K {{ tsg_tun_mode.internal_interface }} tso off
-ethtool -K {{ nic_transparent_mode.internel_interface }} gso off
+ethtool -K {{ tsg_tun_mode.internal_interface }} gso off
-ethtool -K {{ nic_transparent_mode.internel_interface }} gro off
+ethtool -K {{ tsg_tun_mode.internal_interface }} gro off
-ethtool -K {{ nic_transparent_mode.externel_interface }} tso off
+ethtool -K {{ tsg_tun_mode.external_interface }} tso off
-ethtool -K {{ nic_transparent_mode.externel_interface }} gso off
+ethtool -K {{ tsg_tun_mode.external_interface }} gso off
-ethtool -K {{ nic_transparent_mode.externel_interface }} gro off
+ethtool -K {{ tsg_tun_mode.external_interface }} gro off

roles/tsg-env-tun-mode/templates/tsg-env_stop.j2

@@ -1,5 +1,5 @@
 #!/bin/bash
 #
 echo 0 >/sys/class/net/ens1/device/sriov_numvfs
-ifconfig {{ nic_mgr.name }}.100 down
+ifconfig {{ tsg_tun_mode.ethname }}.100 down
-vconfig rem {{ nic_mgr.name }}.100
+vconfig rem {{ tsg_tun_mode.ethname }}.100