晚上服务器部署模式

# Conflicts:
#	roles/sapp/tasks/main.yml

更新firewall相关RPM包

adc_deploy.yml

@@ -0,0 +1,110 @@
+- hosts:
+    - adc_mcn0
+    - adc_mcn1
+    - adc_mcn2
+    - adc_mcn3
+    - packet_dump_server
+  remote_user: root
+  vars_files:
+    - install_config/group_vars/adc_global.yml
+  roles:
+    - framework
+
+- hosts: packet_dump_server
+  remote_user: root
+  vars_files:
+    - install_config/group_vars/adc_global.yml
+  roles:
+    - packet_dump
+
+- hosts: adc_mcn0
+  remote_user: root
+  vars_files:
+    - install_config/group_vars/adc_global.yml
+    - install_config/group_vars/adc_mcn0.yml
+  roles:
+    - telegraf_collect
+    - kernel-ml
+    - mrzcpd
+    - sapp
+    - tsg_master
+    - kni
+    - firewall
+#    - tsg_app
+    - http_healthcheck
+    - redis
+    - cert-redis
+    - maat-redis
+    - certstore
+    - telegraf_statistic
+#    - tsg_device_tag
+
+- hosts: adc_mcn1
+  remote_user: root
+  vars_files:
+    - install_config/group_vars/adc_global.yml
+    - install_config/group_vars/adc_mcn1.yml
+  roles:
+    - telegraf_collect
+    - kernel-ml
+    - mrzcpd
+    - tfe
+
+- hosts: adc_mcn2
+  remote_user: root
+  vars_files:
+    - install_config/group_vars/adc_global.yml
+    - install_config/group_vars/adc_mcn2.yml
+  roles:
+    - telegraf_collect
+    - kernel-ml
+    - mrzcpd
+    - tfe
+
+- hosts: adc_mcn3
+  remote_user: root
+  vars_files:
+    - install_config/group_vars/adc_global.yml
+    - install_config/group_vars/adc_mcn3.yml
+  roles:
+    - telegraf_collect
+    - kernel-ml
+    - mrzcpd
+    - tfe
+
+- hosts: adc_mcn0
+  remote_user: root
+  roles:
+    - tsg-diagnose
+
+- hosts: 
+    - adc_mcn1
+    - adc_mcn2
+    - adc_mcn3
+  remote_user: root
+  roles:
+    - tsg-diagnose_sync_ca
+    
+- hosts: adc_mcn0
+  remote_user: root
+  roles:
+    - tsg-diagnose_stop_sync
+
+
+- hosts:
+    - adc_mcn0
+    - adc_mcn1
+    - adc_mcn2
+    - adc_mcn3
+  remote_user: root
+  vars_files:
+    - install_config/group_vars/adc_global.yml
+  roles:
+    #- reboot
+
+- hosts: app_global
+  remote_user: root
+  vars_files:
+    - install_config/group_vars/app_global.yml
+  roles:
+    - app_global

deploy.yml

@@ -1,53 +0,0 @@
-- hosts: Functional_Host
-  roles:
-    - framework
-    - kernel-ml
-
-- hosts: blade-00
-  roles:
-#    - tsg-env-mcn0
-    - mrzcpd
-    - sapp
-    - kni
-    - firewall
-    - http_healthcheck
-    - clotho
-    - certstore
-    - cert-redis
-
-- hosts: blade-01
-  roles:
-#    - tsg-env-mcn1
-    - mrzcpd
-    - tfe
-
-- hosts: blade-02
-  roles:
-#    - tsg-env-mcn2
-    - mrzcpd
-    - tfe
-
-- hosts: blade-03
-  roles:
-#    - tsg-env-mcn3
-    - mrzcpd
-    - tfe
-
-- hosts: blade-mxn
-  roles:
-#    - tsg-env-mxn
-
-- hosts: pc-as-tun-mode
-  roles:
-    - kernel-ml
-    - framework
-    - mrzcpd
-    - tsg-env-tun-mode
-    - sapp
-    - kni
-    - firewall
-    - http_healthcheck
-    - clotho
-    - certstore
-    - cert-redis
-    - tfe

install_config/group_vars/adc_global.yml

@@ -0,0 +1,127 @@
+#########################################
+#####1: Inline_device;  2: Allot;  3: ADC_Tun_mode;
+tsg_access_type: 2
+#####2: ADC;
+tsg_running_type: 2
+
+########################################
+#Deploy_finished_reboot
+Deploy_finished_reboot: 0
+
+########################################
+#TSG Cluster Mode
+tsg_cluster_mode: 0
+
+########################################
+#IP Config
+maat_redis_city_server:
+  address: "10.9.62.253"
+  port: 7002
+
+maat_redis_server:
+  address: "192.168.100.1"
+  port: 7002
+  port_num: 1
+  db: 0
+
+dynamic_maat_redis_server:
+  address: "192.168.100.1"
+  port: 7002
+  port_num: 1
+  db: 1
+
+cert_store_server:
+  address: "192.168.100.1"
+  port: 9991
+
+log_kafkabrokers:
+  address: "10.9.61.4:9092,10.9.61.5:9092,10.9.61.6:9092"
+
+telegraf_kafkabrokers:
+  address: "\"10.9.61.4:9092\",\"10.9.61.5:9092\",\"10.9.61.6:9092\""
+
+monitor_outputs_influxdb:
+  url: "http://127.0.0.1:58086"
+
+log_minio:
+  address: "10.9.62.253"
+  port: 9090
+
+#########################################
+#Log Level Config
+#日志等级 10:DEBUG 20:INFO 30:FATAL
+fw_ftp_log_level: 10
+fw_mail_log_level: 10
+fw_http_log_level: 10
+fw_dns_log_level: 10
+fw_quic_log_level: 10
+capture_packet_log_level: 10
+tsg_log_level: 10
+tsg_master_log_level: 10
+kni_log_level: 10
+
+#日志等级 DEBUG INFO FATAL
+tfe_log_level: FATAL
+tfe_http_log_level: FATAL
+pangu_log_level: FATAL
+doh_log_level: FATAL
+
+certstore_log_level: 30
+packet_dump_log_level: 10
+
+#######################################
+#Sapp Performance Config
+#Sapp工作在ADC计算板0时，建议使用如下30+8的配置，以保证更高的处理性能
+sapp:
+  worker_threads: 42
+  send_only_threads_max: 1
+  bind_mask: 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43
+  inbound_route_dir: 1
+
+########################################
+#Kni Config
+kni:
+  global:
+    tfe_node_count: 3
+  watch_dog:
+    switch: 1
+  maat:
+    readconf_mode: 2
+  send_logger:
+    switch: 1
+  tfe_nodes:
+    tfe0_enabled: 1
+    tfe1_enabled: 1
+    tfe2_enabled: 1
+
+########################################
+#Tfe Config
+tfe:
+  nr_threads: 32
+  mirror_enable: 1
+
+########################################
+#Marsio Config
+#marsio工作在ADC计算板时，建议使用如下配置，以保证更高的处理性能
+mrzcpd:
+  iocore: 52,53,54,55
+
+mrtunnat:
+  lcore_id: 48,49,50,51 
+
+#########################################
+#Tsg_app
+tsg_app_enable: 0
+app_global_ip: "1.1.1.1"
+applog_level: 10
+app_master_log_level: 10
+app_sketch_local_log_level: 10
+app_control_plug_log_level: 10
+
+
+breakpad_upload_url: http://10.4.63.4:9000/api/2/minidump/?sentry_key=3556bac347c74585a994eb6823faf5c6
+
+data_center: Kyzylorda
+tsg_master_entrance_id: 9
+nic_mgr: 
+   name: em1

install_config/group_vars/adc_mcn0.yml

@@ -0,0 +1,41 @@
+#########################################
+#Mcn0管理口网卡名
+nic_mgr:
+  name: ens1f3
+
+#########################################
+#Mcn0流量接入网卡，固定配置
+nic_data_incoming:
+  name: ens1f4
+
+#########################################
+#Mcn0其他数据口网卡名配置，固定配置
+nic_inner_ctrl:
+  name: ens1.100
+nic_to_tfe:
+  tfe0:
+      name: ens1f5
+  tfe1:
+      name: ens1f6
+  tfe2:
+      name: ens1f7
+
+#########################################
+#串联设备接入相关配置
+inline_device_config:
+  keepalive_ip: 192.168.1.30
+  keepalive_mask: 255.255.255.252
+
+#########################################
+#Allot接入相关配置
+AllotAccess:
+  #virturlInterface_1: ens1f2.103
+  #virturlInterface_2: ens1f2.104
+  virturlID_1: 1201
+  virturlID_2: 1202
+  virturlID_3: 1301
+  virturlID_4: 1302
+  #vvipv4_mask: 24
+  #vvipv6_mask: 64
+ 
+bladename: mcn0

install_config/group_vars/adc_mcn1.yml

@@ -0,0 +1,19 @@
+#########################################
+#Mcn1管理口网卡名
+nic_mgr:
+  name: ens1f3
+
+#########################################
+#Mcn1流量接入网卡，固定配置
+nic_data_incoming:
+  name: ens1f1
+
+#########################################
+#Mcn1其他数据口网卡名配置，固定配置
+nic_inner_ctrl:
+  name: ens1.100
+nic_traffic_mirror:
+  name: ens1f2
+  use_mrzcpd: 1
+
+bladename: mcn1

install_config/group_vars/adc_mcn2.yml

@@ -0,0 +1,19 @@
+#########################################
+#Mcn2管理口网卡名
+nic_mgr:
+  name: ens8f3
+
+#########################################
+#Mcn2流量接入网卡，固定配置
+nic_data_incoming:
+  name: ens8f1
+
+#########################################
+#Mcn2其他数据口网卡名配置，固定配置
+nic_inner_ctrl:
+  name: ens8.100
+nic_traffic_mirror:
+  name: ens8f2
+  use_mrzcpd: 1
+
+bladename: mcn2

install_config/group_vars/adc_mcn3.yml

@@ -0,0 +1,19 @@
+#########################################
+#Mcn3管理口网卡名
+nic_mgr:
+  name: ens8f3
+
+#########################################
+#Mcn3流量接入网卡，固定配置
+nic_data_incoming:
+  name: ens8f1
+
+#########################################
+#Mcn3其他数据口网卡名配置，固定配置
+nic_inner_ctrl:
+  name: ens8.100
+nic_traffic_mirror:
+  name: ens8f2
+  use_mrzcpd: 1
+
+bladename: mcn3

install_config/group_vars/all.yml

@@ -1,76 +0,0 @@
-########################################
-tsg_access_type: 0
-
-########################################
-maat_redis_server:
-  address: "192.168.40.168"
-  port: 7002
-  db: 0
-
-dynamic_maat_redis_server:
-  address: "192.168.40.168"
-  port: 7002
-  db: 0
-
-cert_store_server:
-  address: "192.168.100.1"
-  port: 9991
-
-log_kafkabrokers:
-  address: "192.168.40.169:9092"
-
-log_minio:
-  address: "192.168.40.168;"
-  port: 9090
-
-fs_remote:
-  switch: 1
-  address: "192.168.100.1"
-  port: 58125
-  
-########################################
-sapp:
-  worker_threads: 16
-  bind_mask: 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16
-
-########################################
-kni:
-  global:
-    log_level: 30
-    tfe_node_count: 3
-  watch_dog:
-    switch: 1
-  maat:
-    readconf_mode: 2
-  send_logger:
-    switch: 1
-  tfe_nodes:
-    - tfe0:
-        enabled: 1
-    - tfe1:
-        enabled: 1
-    - tfe2:
-        enabled: 1
-
-########################################
-tfe:
-  nr_threads: 32
-  mc_cache_eth: lo 
-  keykeeper:
-    mode: "normal"
-    no_cache: 0
-
-########################################
-mrzcpd:
-  iocore: 39
-
-mrtunnat:
-  lcore_id: 38
-
-########################################
-tsg_tun_mode:
-  ethname: eth0
-  tun_name: eth0.100
-  internal_interface: "eth2"
-  external_interface: "eth3"
-

install_config/group_vars/app_global.yml

@@ -0,0 +1,10 @@
+#########################################
+app_sketch_global_log_level: 10
+
+maat_redis_server:
+  address: "192.168.40.168"
+  port: 7002
+  db: 0
+
+file_stat_ip: "1.1.1.1"
+  

install_config/group_vars/blade-00.yml

@@ -1,23 +0,0 @@
-nic_mgr:
-    name: enp6s0
-nic_data_incoming:
-    name: ens1f4
-    ip: 192.168.1.30
-    mask: 255.255.255.252
-nic_inner_ctrl:
-    name: ens1.100
-nic_to_tfe:
-    tfe0:
-        name: ens1f5
-    tfe1:
-        name: ens1f6
-    tfe2:
-        name: ens1f7
-
-AllotAccess:
-    virturlInterface_1: ens1f2.103
-    virturlInterface_2: ens1f2.104
-    virturlID_1: 103
-    virturlID_2: 104
-    vvipv4_mask: 24
-    vvipv6_mask: 64

install_config/group_vars/blade-01.yml

@@ -1,11 +0,0 @@
-nic_mgr:
-    name: enp6s0
-nic_data_incoming:
-    name: ens1f1
-    mac: AA:BB:CC:DD:EE:FF
-    address: 127.0.0.1
-nic_inner_ctrl:
-    name: ens1.100
-nic_traffic_mirror:
-    name: ens1f2
-    use_mrzcpd: 1

install_config/group_vars/blade-02.yml

@@ -1,10 +0,0 @@
-nic_mgr:
-    name: enp6s0
-nic_data_incoming:
-    name: ens8f1
-    mac: AA:BB:CC:DD:EE:FF
-nic_inner_ctrl:
-    name: ens8.100
-nic_traffic_mirror:
-    name: ens8f2
-    use_mrzcpd: 1

install_config/group_vars/blade-03.yml

@@ -1,10 +0,0 @@
-nic_mgr:
-    name: enp6s0
-nic_data_incoming:
-    name: ens8f1
-    mac: AA:BB:CC:DD:EE:FF
-nic_inner_ctrl:
-    name: ens8.100
-nic_traffic_mirror:
-    name: ens8f2
-    use_mrzcpd: 1

install_config/group_vars/server_as_tun_mode.yml

@@ -0,0 +1,167 @@
+#########################################
+#####0: Pcap;  1: Inline_device;  4: ATCA_Vlan_Flipping;  5:ATCA_VXLAN;
+tsg_access_type: 0
+#####0: Tun_mode;  1: normal;
+tsg_running_type: 0
+
+########################################
+#Deploy_finished_reboot
+Deploy_finished_reboot: 0
+
+########################################
+#TSG Cluster Mode
+tsg_cluster_mode: 0
+
+########################################
+#Server Basic Config
+nic_mgr:
+  name: eth0
+
+nic_inner_ctrl:
+  name: eth0.100
+
+#########################################
+#IP Config
+#maat_redis_city_serve相关配置只在部署集群模式时使用
+maat_redis_city_server:
+  address: ""
+  port: 
+
+maat_redis_server:
+  address: "#Bifang IP#"
+  port: 7002
+  port_num: 1
+  db: 0
+
+dynamic_maat_redis_server:
+  address: "#Bifang IP#"
+  port: 7002
+  port_num: 1
+  db: 1
+
+cert_store_server:
+  address: "192.168.100.1"
+  port: 9991
+
+log_kafkabrokers:
+  address: "10.9.61.4:9092,10.9.61.5:9092,10.9.61.6:9092"
+
+telegraf_kafkabrokers:
+  address: "\"10.9.61.4:9092\",\"10.9.61.5:9092\",\"10.9.61.6:9092\""
+
+monitor_outputs_influxdb:
+  url: "http://127.0.0.1:58086"
+
+log_minio:
+  address: "10.9.62.253"
+  port: 9090
+#########################################
+#Log Level Config
+#日志等级 10:DEBUG 20:INFO 30:FATAL
+fw_ftp_log_level: 10
+fw_mail_log_level: 10
+fw_http_log_level: 10
+fw_dns_log_level: 10
+fw_quic_log_level: 10
+capture_packet_log_level: 10
+tsg_log_level: 10
+tsg_master_log_level: 10
+kni_log_level: 10
+
+#日志等级 DEBUG INFO FATAL
+tfe_log_level: FATAL
+tfe_http_log_level: FATAL
+pangu_log_level: FATAL
+doh_log_level: FATAL
+
+certstore_log_level: 10
+packet_dump_log_level: 10
+
+#########################################
+#Sapp Performance Config
+#如果tsg_access_type=0，sapp跑在pcap模式，则以下配置可忽略
+sapp:
+  worker_threads: 23
+  send_only_threads_max: 1
+  bind_mask: 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24
+  inbound_route_dir: 1
+
+#########################################
+#Sapp Double-Arm Config
+packet_io:
+  internal_interface: eth2
+  external_interface: eth3
+
+
+#########################################
+#Kni Config
+kni:
+  global:
+    tfe_node_count: 1
+  watch_dog:
+    switch: 1
+  maat:
+    readconf_mode: 2
+  send_logger:
+    switch: 1
+  tfe_nodes:
+    tfe0_enabled: 1
+    tfe1_enabled: 0
+    tfe2_enabled: 0
+
+#########################################
+#Tfe Config
+tfe:
+  nr_threads: 32
+  mirror_enable: 1
+
+#########################################
+#Marsio Config
+mrzcpd:
+  iocore: 39
+
+mrtunnat:
+  lcore_id: 38
+
+#########################################
+#Tsg_app
+tsg_app_enable: 1
+app_global_ip: "1.1.1.1"
+applog_level: 10
+app_master_log_level: 10
+app_sketch_local_log_level: 10
+app_control_plug_log_level: 10
+
+#########################################
+#ATCA Config
+#下列配置只在tsg_access_type=4时生效
+ATCA_data_incoming:
+  ethname: enp1s0
+  vf0_name: enp1s2
+  vf1_name: enp1s2f1
+  vf2_name: enp1s2f2
+
+ATCA_VlanFlipping:
+  vlanID_1: 100
+  vlanID_2: 101
+  vlanID_3: 103
+  vlanID_4: 104
+
+#下列配置只在tsg_access_type=5时生效
+ATCA_VXLAN:
+  keepalive_ip: "10.254.19.1"
+  keepalive_mask: "255.255.255.252"
+
+#########################################
+#Inline Device Config
+inline_device_config:
+  keepalive_ip: 192.168.1.30
+  keepalive_mask: 255.255.255.252
+  data_incoming: eth5
+
+#########################################
+#新增配置项,均为默认值不用改
+breakpad_upload_url: http://127.0.0.1:9000/api/2/minidump/?sentry_key=3556bac347c74585a994eb6823faf5c6
+
+data_center: Beijing
+tsg_master_entrance_id: 0

install_config/hosts

@@ -1,26 +1,47 @@
-[all:vars]
-ansible_user=root
-package_source=local
+###################
+#   For example   #
+###################
+#变量device_id根据设备序号设置即可
+#变量vvipv4_1、vvipv4_2、vvipv6_1、vvipv6_2为Allot相关配置，其他环境可不填或直接删除变量
+#
+#20.09版本新增APP部署
+#[app_global]
+#0.0.0.0
+#[server-as-tun-mode]
+#1.1.1.1 device_id=device_1
+#
+#[adc_mxn]
+#10.3.72.1
+#10.3.72.2
+#
+#[adc_mcn0]
+#10.3.73.1 device_id=device_1 vvipv4_1=10.3.61.1 vvipv4_2=10.3.62.1 vvipv6_1=fc00::61:1 vvipv6_2=fc00::62:1
+#10.3.73.2 device_id=device_2 vvipv4_1=10.3.61.2 vvipv4_2=10.3.62.2 vvipv6_1=fc00::61:2 vvipv6_2=fc00::62:2
+#
+#[adc_mcn1]
+#10.3.74.1 device_id=device_1
+#10.3.74.2 device_id=device_2
+#
+#[adc_mcn2]
+#10.3.75.1 device_id=device_1
+#10.3.75.2 device_id=device_2
+#
+#[adc_mcn3]
+#10.3.76.1 device_id=device_1
+#10.3.76.2 device_id=device_2
+#[app_global]
 
-[pc-as-tun-mode]
+#[server-as-tun-mode]
+#p
+#[adc_mxn]
+[adc_mcn0]
+10.9.51.[1:15]
+[adc_mcn1]
+10.9.52.[1:15]
+[adc_mcn2]
+10.9.53.[1:15]
+[adc_mcn3]
+10.9.54.[1:14]
+[packet_dump_server]
+10.9.61.3
 
-[blade-mxn]
-192.168.40.170
-
-[blade-00]
-192.168.40.166 vvipv4_1= vvipv4_2= vvipv6_1= vvipv6_2=
-
-[blade-01]
-192.168.40.167
-
-[blade-02]
-192.168.40.168
-
-[blade-03]
-192.168.40.169
-
-[Functional_Host:children]
-blade-00
-blade-01
-blade-02
-blade-03

roles/app_global/tasks/main.yml

@@ -0,0 +1,36 @@
+- name: "copy app_global rpm to destination server"
+  copy:
+    src: "{{ role_path }}/files/"
+    dest: /tmp/ansible_deploy/
+
+- name: "install app rpms from localhost"
+  yum:
+    name:
+      - /tmp/ansible_deploy/emqx-centos7-v4.1.2.x86_64.rpm
+      - /tmp/ansible_deploy/app-sketch-global-1.0.3.202010.a7b2e40-1.el7.x86_64.rpm
+    state: present
+
+- name: "template the app_sketch_global.conf"
+  template:
+    src: "{{ role_path }}/templates/app_sketch_global.conf.j2"
+    dest: /opt/tsg/app-sketch-global/conf/app_sketch_global.conf
+
+- name: "template the zlog.conf"
+  template:
+    src: "{{ role_path }}/templates/zlog.conf.j2"
+    dest: /opt/tsg/app-sketch-global/conf/zlog.conf
+
+- name: "Start emqx"
+  systemd:
+    name: emqx.service
+    state: started
+    enabled: yes
+    daemon_reload: yes
+    
+
+- name: "Start app-sketch-global"
+  systemd:
+    name: app-sketch-global.service
+    state: started
+    enabled: yes
+    daemon_reload: yes

roles/app_global/templates/app_sketch_global.conf.j2

@@ -0,0 +1,41 @@
+[SYSTEM]
+#1:print on screen, 0:don't
+DEBUG_SWITCH = 1
+RUN_LOG_PATH = "conf/zlog.conf"
+
+[breakpad]
+disable_coredump=0
+enable_breakpad=1
+breakpad_minidump_dir=/tmp/app-sketch-global/crashreport
+enable_breakpad_upload=0
+breakpad_upload_url={{ breakpad_upload_url }}
+
+[CONFIG]
+#Number of running threads
+thread-nu = 1
+timeout = 3600
+address="tcp://127.0.0.1:1883"
+topic_name="APP_SIGNATURE_ID"
+client_name="ExampleClientSub"
+
+[maat]
+# 0:json 1: redis 2: iris
+maat_input_mode=1
+table_info=./resource/table_info.conf
+json_cfg_file=./resource/gtest.json
+stat_file=logs/verify-policy.status
+full_cfg_dir=verify-policy/
+inc_cfg_dir=verify-policy/
+
+maat_redis_server={{ maat_redis_server.address }}
+maat_redis_port_range={{ maat_redis_server.port }}
+maat_redis_db_index={{ maat_redis_server.db }}
+effect_interval_s=1
+accept_tags={"tags":[{"tag":"location","value":"Astana"}]}
+
+[stat]
+statsd_server={{ file_stat_ip }}
+statsd_port=8100
+statsd_cycle=5
+# FS_OUTPUT_STATSD=1, FS_OUTPUT_INFLUX_LINE=2
+statsd_format=2

roles/app_global/templates/zlog.conf.j2

@@ -0,0 +1,12 @@
+[global]
+default format = "%d(%c), %V, %F, %U, %m%n"
+[levels]
+DEBUG=10
+INFO=20
+FATAL=30
+[rules]
+*.fatal        "./logs/error.log.%d(%F)";
+*.{{ app_sketch_global_log_level }}		"./logs/app_sketch_global.log.%d(%F)"
+
+
+

roles/cert-redis/files/cert-redis.conf

@@ -160,7 +160,7 @@ loglevel notice
 # Specify the log file name. Also the empty string can be used to force
 # Redis to log on the standard output. Note that if you use standard
 # output for logging but daemonize, logs will be sent to /dev/null
-logfile "/home/tsg/cert-redis/6379/6379.log"
+#logfile "/opt/tsg/cert-redis/6379/6379.log"
 
 # To enable logging to the system logger, just set 'syslog-enabled' to yes,
 # and optionally update the other syslog parameters to suit your needs.
@@ -244,7 +244,7 @@ dbfilename dump.rdb
 # The Append Only File will also be created inside this directory.
 #
 # Note that you must specify a directory here, not a file name.
-dir /home/tsg/cert-redis/6379/
+#dir /opt/tsg/cert-redis/6379/
 
 ################################# REPLICATION #################################
 

roles/cert-redis/files/cert-redis.service

@@ -0,0 +1,12 @@
+[Unit]
+Description=Redis persistent key-value database
+After=network.target
+
+[Service]
+ExecStart=/usr/bin/redis-server /etc/cert-redis.conf --supervised systemd
+ExecStop=/usr/libexec/redis-shutdown cert-redis
+Type=notify
+
+[Install]
+WantedBy=multi-user.target
+

roles/cert-redis/files/cert-redis/cert-redis.service

@@ -1,16 +0,0 @@
-[Unit]
-Description=Redis persistent key-value database
-After=network.target
-After=network-online.target
-Wants=network-online.target
-
-[Service]
-ExecStart=/usr/local/bin/start-cert-redis
-ExecStop=killall redis-server
-Type=forking
-RuntimeDirectory=redis
-RuntimeDirectoryMode=0755
-
-[Install]
-WantedBy=multi-user.target
-

roles/cert-redis/files/cert-redis/install.sh

@@ -1,6 +0,0 @@
-#!/bin/bash
-#
-cp -rf redis-server /usr/local/bin/
-cp -rf redis-cli /usr/local/bin
-cp -rf cert-redis.service /usr/lib/systemd/system/
-cp -rf start-cert-redis /usr/local/bin

roles/cert-redis/files/cert-redis/start-cert-redis

@@ -1,4 +0,0 @@
-#!/bin/bash
-#
-
-/usr/local/bin/redis-server /home/tsg/cert-redis/6379/6379.conf

roles/cert-redis/tasks/main.yml

@@ -1,11 +1,11 @@
-- name: "copy cert-redis to destination server"
+- name: "copy cert-redis file to dest"
   copy:
     src: "{{ role_path }}/files/"
-    dest: /home/tsg
-    mode: 0755
-
-- name: "install cert-redis"
-  shell: cd /home/tsg/cert-redis;sh install.sh
+    dest: "{{ item.dest }}"
+    mode: "{{ item.mode }}"
+  with_items:
+    - { src: "cert-redis.conf" , dest: "/etc" , mode: "0644" } 
+    - { src: "cert-redis.service" , dest: "/usr/lib/systemd/system" , mode: "0644" }
 
 - name: "start cert-redis"
   systemd:

roles/certstore/files/memory.conf

@@ -0,0 +1,2 @@
+[Service]
+MemoryMax=10G

roles/certstore/tasks/main.yml

@@ -3,20 +3,31 @@
     src: "{{ role_path }}/files/"
     dest: "/tmp/ansible_deploy/"
 
-- name: Ensures /home/tsg exists
-  file: path=/home/tsg state=directory
+- name: "Ensures /opt/tsg exists"
+  file: path=/opt/tsg state=directory
   tags: mkdir
 
-- name: install certstore
+- name: "install certstore"
   yum:
     name:
-      - /tmp/ansible_deploy/certstore-v20.04.3989072-1.el7.x86_64.rpm
+      - /tmp/ansible_deploy/certstore-2.1.3.202010.81eef83-1.el7.x86_64.rpm
     state: present
 
-- name: template certstore configure file
+- name: "template certstore configure file"
   template:
     src: "{{ role_path }}/templates/cert_store.ini.j2"
-    dest: /home/tsg/certstore/conf/cert_store.ini
+    dest: /opt/tsg/certstore/conf/cert_store.ini
+
+- name: "template certstore zlog file"
+  template:
+    src: "{{ role_path }}/templates/zlog.conf.j2"
+    dest: /opt/tsg/certstore/conf/zlog.conf
+
+- name: "copy memory limit file to certstore.service.d"
+  copy:
+    src: "{{ role_path }}/files/memory.conf"
+    dest: /etc/systemd/system/certstore.service.d/
+    mode: 0644
 
 - name: "start certstore"
   systemd:

roles/certstore/templates/cert_store.ini.j2

@@ -1,9 +1,15 @@
 [SYSTEM]
 #1:print on screen, 0:don't
 DEBUG_SWITCH = 1
-#10:DEBUG, 20:INFO, 30:FATAL
-RUN_LOG_LEVEL = 10
-RUN_LOG_PATH = ./logs
+RUN_LOG_PATH = "conf/zlog.conf"
+
+[breakpad]
+disable_coredump=0
+enable_breakpad=1
+breakpad_minidump_dir=/tmp/certstore/crashreport
+enable_breakpad_upload=1
+breakpad_upload_url= {{ breakpad_upload_url }}
+
 [CONFIG]
 #Number of running threads
 thread-nu = 4
@@ -14,8 +20,9 @@ expire_after = 30
 #Local default root certificate path
 local_debug = 1
 ca_path = ./cert/tango-ca-v3-trust-ca.pem
-untrusted_ca_path = ./cert/mesalab-ca-untrust.pem
-[NTC_MAAT]
+untrusted_ca_path = ./cert/tango-ca-v3-untrust-ca.pem
+
+[MAAT]
 #Configure the load mode,
 #0: using the configuration distribution network
 #1: using local json
@@ -31,15 +38,21 @@ inc_cfg_dir=./rule/inc/index
 full_cfg_dir=./rule/full/index
 #Json file path when json schema is used
 pxy_obj_keyring=./conf/pxy_obj_keyring.json
+
 [LIBEVENT]
 #Local monitor port number, default is 9991
 port = 9991
+
 [CERTSTORE_REDIS]
 #The Redis server IP address and port number where the certificate is stored locally
 ip = 127.0.0.1
 port = 6379
+
 [MAAT_REDIS]
 #Maat monitors the Redsi server IP address and port number
 ip = {{ maat_redis_server.address }}
 port = {{ maat_redis_server.port }}
 dbindex =  {{ maat_redis_server.db }}
+[stat]
+statsd_server=127.0.0.1
+statsd_port=58100

roles/certstore/templates/zlog.conf.j2

@@ -0,0 +1,10 @@
+[global]
+default format = "%d(%c), %V, %F, %U, %m%n"
+[levels]
+DEBUG=10
+INFO=20
+FATAL=30
+[rules]
+*.fatal        "./logs/error.log.%d(%F)";
+*.{{ certstore_log_level }}        "./logs/certstore.log.%d(%F)"
+

roles/clotho/files/clotho.service

@@ -1,13 +0,0 @@
-[Unit]
-Description=clotho
-After=network.target
-After=network-online.target
-Wants=network-online.target
-
-[Service]
-ExecStart=/home/mesasoft/clotho/clotho
-ExecStop=killall clotho
-Type=forking
-
-[Install]
-WantedBy=multi-user.target

roles/clotho/tasks/main.yml

@@ -1,29 +0,0 @@
-- name: "copy clotho rpm to destination server"
-  copy:
-    src: "{{ role_path }}/files/clotho-debug-1.0.0.-1.el7.x86_64.rpm"
-    dest: /tmp/ansible_deploy/
-
-- name: "copy  clotho.service to destination server"
-  copy:
-    src: "{{ role_path }}/files/clotho.service"
-    dest: /usr/lib/systemd/system
-    mode: 0755
-
-- name: "install clotho rpm from localhost"
-  yum:
-    name:
-      - /tmp/ansible_deploy/clotho-debug-1.0.0.-1.el7.x86_64.rpm
-    state: present
-
-- name: "Template the clotho.conf"
-  template:
-    src: "{{ role_path }}/templates/clotho.conf.j2"
-    dest: /home/mesasoft/clotho/conf/clotho.conf 
-  tags: template
- 
-- name: "start clotho"
-  systemd:
-    name: clotho.service
-    enabled: yes
-    daemon_reload: yes
-

roles/clotho/templates/clotho.conf.j2

@@ -1,11 +0,0 @@
-[KAFKA]
-BROKER_LIST={{ log_kafkabrokers.address }}
-
-[SYSTEM]
-{% if tsg_access_type == 0 %}
-NIC_NAME={{ tsg_tun_mode.ethname }}
-{% else %}
-NIC_NAME={{ nic_mgr.name }}
-{% endif %}
-LOG_LEVEL=10
-LOG_PATH=log/clotho

roles/firewall/tasks/main.yml

@@ -8,21 +8,24 @@
   yum:
     name: "{{ fw_packages }}"
     state: present
+    skip_broken: yes
   vars:
     fw_packages:
-      - /tmp/ansible_deploy/dns-2.0.2.5effe72-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/ftp-1.0.4.5d3a283-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/http-2.0.1.e8f12ee-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/mail-1.0.3.cbc6034-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/ssl-1.0.0.73e5273-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/tsg_conn_record-1.0.0.2155660-1.el7.centos.x86_64.rpm
-      - /tmp/ansible_deploy/fw_dns_plug-debug-1.0.3.ea8e0f6-1.el7.centos.x86_64.rpm
-      - /tmp/ansible_deploy/fw_ftp_plug-1.0.3.73372b5-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/fw_ssl_plug-1.0.3.30fcf35-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/fw_mail_plug-1.0.4.03e1b53-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/fw_http_plug-1.0.14.2f3b011-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/capture_packet_plug-debug-1.0.0.-1.el7.x86_64.rpm
-      - /tmp/ansible_deploy/clotho-debug-1.0.0.-1.el7.x86_64.rpm
+      - /tmp/ansible_deploy/capture_packet_plug-3.0.4.42574b7-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/conn_telemetry-1.0.2.8d6da43-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/dns-2.0.9.b639626-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/ftp-1.0.8.13d5fda-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/fw_dns_plug-3.0.2.dab58fa-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/fw_ftp_plug-3.0.1.0a78573-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/fw_http_plug-3.0.1.0c7e082-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/fw_mail_plug-3.0.1.02465eb-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/fw_quic_plug-3.0.1.b790ee1-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/fw_ssl_plug-3.0.4.a0b19ee-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/http-2.0.5.c61ad9a-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/mail-1.0.9.c1d3bde-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/quic-1.1.10.c2b90a0-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/ssl-1.0.9.69f3742-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/tsg_conn_sketch-2.0.6.abb4f4d-2.el7.x86_64.rpm
 
 - name: "Template the tsgconf/main.conf"
   template:
@@ -37,6 +40,12 @@
     dest: /home/mesasoft/sapp_run/tsgconf/maat.conf
   tags: template
 
+- name: "Template the tsgconf/tsg_log_field.conf"
+  template:
+    src: "{{ role_path }}/templates/tsg_log_field.conf.j2"
+    dest: /home/mesasoft/sapp_run/tsgconf/tsg_log_field.conf
+  tags: template
+
 - name: "Template the conf/capture_packet_plug.conf.j2"
   template:
     src: "{{ role_path }}/templates/capture_packet_plug.conf.j2"

roles/firewall/templates/capture_packet_plug.conf.j2

@@ -1,29 +1,28 @@
-[MAAT]
-MAAT_MODE=2
-#EFFECTIVE_FLAG=
-STAT_SWITCH=1
-PERF_SWITCH=1
-TABLE_INFO=conf/capture_packet_tableinfo.conf
-STAT_FILE=capture_packet_maat.status
-EFFECT_INTERVAL_S=1
-REDIS_IP={{ maat_redis_server.address }}
-REDIS_PORT_NUM=1
-REDIS_PORT={{ maat_redis_server.port }}
-REDIS_INDEX=0
-JSON_CFG_FILE=conf/capture_packet_maat.json
-INC_CFG_DIR=capture_packet_rule/inc/index/
-FULL_CFG_DIR=capture_packet_rule/full/index/
-
-[LOG]
-{% if tsg_access_type == 0 %}
-NIC_NAME={{ tsg_tun_mode.ethname }}
-{% else %}
-NIC_NAME={{ nic_mgr.name }}
-{% endif %}
-BROKER_LIST={{ log_kafkabrokers.address }}
-FIELD_FILE=conf/capture_packet_log_field.conf
-
-[SYSTEM]
-LOG_LEVEL=10
-LOG_PATH=./tsglog/capture_packet_plug/capture_packet
-
+[MAAT]
+MAAT_MODE=2
+#EFFECTIVE_FLAG=
+STAT_SWITCH=1
+PERF_SWITCH=1
+TABLE_INFO=conf/capture_packet_tableinfo.conf
+STAT_FILE=capture_packet_maat.status
+EFFECT_INTERVAL_S=1
+REDIS_IP={{ maat_redis_server.address }}
+REDIS_PORT_NUM={{ maat_redis_server.port_num }}
+REDIS_PORT={{ maat_redis_server.port }}
+REDIS_INDEX={{ maat_redis_server.db }}
+JSON_CFG_FILE=conf/capture_packet_maat.json
+INC_CFG_DIR=capture_packet_rule/inc/index/
+FULL_CFG_DIR=capture_packet_rule/full/index/
+EFFECTIVE_RANGE_FILE=/opt/tsg/etc/tsg_device_tag.json
+
+ACCEPT_TAGS={"tags":[{"tag":"data_center","value":"{{ data_center }}"}]}
+
+[LOG]
+NIC_NAME={{ nic_mgr.name }}
+BROKER_LIST={{ log_kafkabrokers.address }}
+FIELD_FILE=conf/capture_packet_log_field.conf
+
+[SYSTEM]
+LOG_LEVEL={{ capture_packet_log_level }}
+LOG_PATH=./tsglog/capture_packet_plug/capture_packet
+

roles/firewall/templates/maat.conf.j2

@@ -1,4 +1,5 @@
 [STATIC]
+###0:location 1:json 2:redis
 MAAT_MODE=2
 STAT_SWITCH=1
 PERF_SWITCH=1
@@ -6,14 +7,16 @@ TABLE_INFO=tsgconf/tsg_static_tableinfo.conf
 STAT_FILE=tsg_static_maat.status
 EFFECT_INTERVAL_S=1
 REDIS_IP={{ maat_redis_server.address }}
-REDIS_PORT_NUM=1
-REDIS_PORT=7002
-REDIS_INDEX=0
+REDIS_PORT_NUM={{ maat_redis_server.port_num }}
+REDIS_PORT={{ maat_redis_server.port }}
+REDIS_INDEX={{ maat_redis_server.db }}
 JSON_CFG_FILE=tsgconf/tsg_maat.json
 INC_CFG_DIR=tsgrule/inc/index/
 FULL_CFG_DIR=tsgrule/full/index/
+EFFECTIVE_RANGE_FILE=/opt/tsg/etc/tsg_device_tag.json
 
 [DYNAMIC]
+###0:location 1:json 2:redis
 MAAT_MODE=2
 STAT_SWITCH=1
 PERF_SWITCH=1
@@ -21,10 +24,13 @@ TABLE_INFO=tsgconf/tsg_dynamic_tableinfo.conf
 STAT_FILE=tsg_dynamic_maat.status
 EFFECT_INTERVAL_S=1
 REDIS_IP={{ dynamic_maat_redis_server.address }}
-REDIS_PORT_NUM=1
-REDIS_PORT=7002
-REDIS_INDEX=1
+REDIS_PORT_NUM={{ dynamic_maat_redis_server.port_num }}
+REDIS_PORT={{ dynamic_maat_redis_server.port }}
+REDIS_INDEX={{ dynamic_maat_redis_server.db }}
 JSON_CFG_FILE=tsgconf/tsg_maat.json
 INC_CFG_DIR=tsgrule/inc/index/
 FULL_CFG_DIR=tsgrule/full/index/
+EFFECTIVE_RANGE_FILE=/opt/tsg/etc/tsg_device_tag.json
 
+[MAAT]
+ACCEPT_TAGS={"tags":[{"tag":"data_center","value":"{{ data_center }}"}]}

roles/firewall/templates/main.conf.j2

@@ -1,55 +1,57 @@
 [FTP_PLUG]
-LOG_PATH=./tsglog/fw_ftp_plug/fw_ftp_plug
-LOG_LEVEL=10
+LOG_PATH="./tsglog/fw_ftp_plug/fw_ftp_plug"
+LOG_LEVEL={{ fw_ftp_log_level }}
 TIMEOUT=600
 
 [MAIL_PLUG]
-LOG_PATH=./tsglog/fw_mail_plug/fw_mail_plug
-LOG_LEVEL=10
+LOG_PATH="./tsglog/fw_mail_plug/fw_mail_plug"
+LOG_LEVEL={{ fw_mail_log_level }}
 TIMEOUT=600
 
 [HTTP_PLUG]
-LOG_PATH=./tsglog/fw_http_plug/fw_http_plug
-LOG_LEVEL=10
+LOG_PATH="./tsglog/fw_http_plug/fw_http_plug"
+LOG_LEVEL={{ fw_http_log_level }}
 
 [DNS_PLUG]
-LOG_PATH=./tsglog/fw_dns_plug/fw_dns_plug
-LOG_LEVEL=10
+LOG_PATH="./tsglog/fw_dns_plug/fw_dns_plug"
+LOG_LEVEL={{ fw_dns_log_level }}
+
+[QUIC_PLUG]
+LOG_PATH="./tsglog/fw_quic_plug/fw_quic_plug"
+LOG_LEVEL={{ fw_quic_log_level }}
 
 [MAAT]
-PROFILE=./tsgconf/maat.conf
-SUBSCRIBER_ID_TABLE=TSG_OBJ_SUBSCRIBER_ID
-CB_SUBSCRIBER_IP_TABLE=TSG_DYN_SUBSCRIBER_IP
-IP_ADDR_TABLE=TSG_SECURITY_ADDR
+PROFILE="./tsgconf/maat.conf"
+SUBSCRIBER_ID_TABLE="TSG_OBJ_SUBSCRIBER_ID"
+CB_SUBSCRIBER_IP_TABLE="TSG_DYN_SUBSCRIBER_IP"
+IP_ADDR_TABLE="TSG_SECURITY_ADDR"
 
 [TSG_LOG]
 MODE=1
-{% if tsg_access_type == 0 %}
-NIC_NAME={{ tsg_tun_mode.ethname }}
-{% else %}
-NIC_NAME={{ nic_mgr.name }}
-{% endif %}
+NIC_NAME="{{ nic_mgr.name }}"
 MAX_SERVICE=1
-LOG_LEVEL=10
-LOG_PATH=./tsglog/tsglog
-BROKER_LIST={{ log_kafkabrokers.address }}
-COMMON_FIELD_FILE=tsgconf/tsg_log_field.conf
+LOG_LEVEL={{ tsg_log_level }}
+LOG_PATH="./tsglog/tsglog"
+BROKER_LIST="{{ log_kafkabrokers.address }}"
+COMMON_FIELD_FILE="tsgconf/tsg_log_field.conf"
 
 [STATISTIC]
-CYCLE=0
+CYCLE=5
 TELEGRAF_PORT=8100
-TELEGRAF_IP=127.0.0.1
-OUTPUT_PATH=./tsg_statistic.log
-APP_NAME=statistic
+TELEGRAF_IP="127.0.0.1"
+OUTPUT_PATH="./tsg_statistic.log"
+APP_NAME="statistic"
 
 [FIELD_STAT]
-CYCLE=3
-TELEGRAF_PORT=8125
-TELEGRAF_IP=127.0.0.1
-OUTPUT_PATH=./tsg_stat.log
-APP_NAME=tsg_master
+CYCLE=5
+TELEGRAF_PORT=8100
+TELEGRAF_IP="127.0.0.1"
+OUTPUT_PATH="./tsg_stat.log"
+APP_NAME="tsg_master"
 
 [SYSTEM]
-LOG_LEVEL=10
-LOG_PATH=./tsglog/tsg_master
-POLICY_PRIORITY_LABEL=POLICY_PRIORITY
+ENTRANCE_ID={{ tsg_master_entrance_id }}
+LOG_LEVEL={{ tsg_master_log_level }}
+LOG_PATH="./tsglog/tsg_master"
+POLICY_PRIORITY_LABEL="POLICY_PRIORITY"
+DEVICE_ID_COMMAND="hostname | awk -F'-' '{print $3}'| awk -F'adc' '{print $2}'"

roles/firewall/templates/tsg_log_field.conf.j2

@@ -0,0 +1,52 @@
+#TYPE：1:UCHAR,2:USHORT,3:ULONG,4:ULOG,5:USTRING,6:FILE,7:UBASE64,8:PACKET
+#TYPE	TOPIC	SERVICE
+TOPIC	SECURITY-EVENT-LOG	0
+TOPIC	CONNECTION-RECORD-LOG	1
+TOPIC	CONNECTION-SKETCH	2
+
+#TYPE		FIELD		VALUE
+LONG   		common_policy_id	1
+LONG   		common_service		2
+LONG   		common_action		3
+LONG   		common_start_time	4
+LONG   		common_end_time		5
+STRING		common_l4_protocol	6
+LONG   		common_address_type	7
+STRING		common_server_ip	8
+STRING		common_client_ip	9
+LONG   		common_server_port	10
+LONG   		common_client_port	11
+LONG   		common_stream_dir	12
+STRING		common_address_list	13
+LONG   		common_entrance_id	14	
+LONG   		common_device_id	15	
+LONG   		common_link_id		16	
+STRING		common_isp		17	
+LONG   		common_encapsulation	18	
+LONG   		common_direction	19	
+STRING		common_sled_ip		20	
+STRING		common_user_tags	21
+STRING		common_user_region	22
+STRING		common_app_label	23
+LONG		common_app_id		24
+LONG		common_protocol_id	25
+LONG		common_c2s_pkt_num	26
+LONG		common_s2c_pkt_num	27
+LONG		common_c2s_byte_num	28
+LONG		common_s2c_byte_num	29	
+LONG		common_con_duration_ms	30
+LONG		common_has_dup_traffic	31
+STRING		common_stream_error	32
+STRING		common_stream_trace_id	33
+STRING		common_schema_type	34
+STRING		http_host		35
+STRING		ssl_sni			36
+LONG		common_establish_latency_ms	37
+STRING		common_sub_action		38
+STRING		common_client_asn	39
+STRING		common_server_asn	40
+STRING		common_client_location	41
+STRING		common_server_location	42
+STRING		quic_sni			43
+STRING		ssl_ja3_fingerprint		44
+STRING		common_data_center	45

roles/framework/tasks/main.yml

@@ -10,19 +10,21 @@
     skip_broken: yes
   vars:
     packages:
-      - /tmp/ansible_deploy/libMESA_field_stat-1.0.1.852c2df-1.el7.x86_64.rpm
-      - /tmp/ansible_deploy/libMESA_field_stat2-2.8.6.c183ed6-1.el7.x86_64.rpm
-      - /tmp/ansible_deploy/libMESA_handle_logger-1.0.8.bd5f0ac-1.el7.x86_64.rpm
-      - /tmp/ansible_deploy/libMESA_htable-3.10.11.6275308-1.el7.x86_64.rpm
-      - /tmp/ansible_deploy/libMESA_prof_load-1.0.5.bf755de-1.el7.x86_64.rpm
-      - /tmp/ansible_deploy/libWiredLB-2.0.3.c7d131b-1.el7.x86_64.rpm
-      - /tmp/ansible_deploy/libcjson-1.7.8.542ad7f-1.el7.x86_64.rpm
-      - /tmp/ansible_deploy/libdocumentanalyze-2.0.4.efdfc29-1.el7.x86_64.rpm
-      - /tmp/ansible_deploy/libmaatframe-2.8.1.8729ebf-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/librulescan-2.1.7.c27f70d-1.el7.x86_64.rpm
-      - /tmp/ansible_deploy/libwiredcfg-2.0.2.7ce1eea-1.el7.x86_64.rpm
-      - /tmp/ansible_deploy/lz4-1.7.5-3.el7.x86_64.rpm
+      - /tmp/ansible_deploy/libcjson-1.7.10.ab2896f-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/libdocumentanalyze-2.0.6.2d1abe0-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/libmaatframe-3.1.3.4fbcf21-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/libMESA_field_stat-1.0.2.6d45eed-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/libMESA_field_stat2-2.9.4.4e2dd78-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/libMESA_handle_logger-2.0.7.cb4ad71-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/libMESA_htable-3.10.12.cf4ccfc-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/libMESA_prof_load-1.0.6.c6da36a-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/librdkafka-0.11.4-1.el7.x86_64.rpm
+      - /tmp/ansible_deploy/librulescan-2.2.1.1716a7b-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/libtsglua-1.0.8.0dbf2e6-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/libwiredcfg-2.0.6.67ae0ab-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/libWiredLB-2.0.5.4629165-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/lz4-1.7.5-3.el7.x86_64.rpm
+      - /tmp/ansible_deploy/libbreakpad_mini-1.0.2.a56ef00-2.el7.x86_64.rpm
 
 - name: "mkdir /etc/ld.so.conf.d/"
   file: