Compare commits
26 Commits
tsg-versio
...
test-docke
| Author | SHA1 | Date | |
|---|---|---|---|
|
ed15d48272 | ||
|
|
8364667a79 | ||
|
|
799f3e4a2f | ||
|
|
a75a3a44f4 | ||
|
|
beffa2443f | ||
|
|
a6f43fbaa0 | ||
|
|
3356920496 | ||
|
|
6dfccaaf53 | ||
|
|
988ea5c6b3 | ||
|
|
ad148140fa | ||
|
|
2c197d969d | ||
|
|
06bb553d57 | ||
|
|
3f3ff290c2 | ||
|
|
cb497593e7 | ||
|
|
662486eed3 | ||
|
|
9fc6d3f40c | ||
|
|
2c2efeade0 | ||
|
|
e6fbb265a8 | ||
|
|
e1dc6b5f62 | ||
|
|
e67c3feb23 | ||
|
|
32dca71844 | ||
|
|
a54f8ce853 | ||
|
|
f3076ea577 | ||
|
|
e0d3ff7927 | ||
|
|
829dd78560 | ||
|
|
792ce3da1a |
35
.gitlab-ci.yml
Normal file
35
.gitlab-ci.yml
Normal file
@@ -0,0 +1,35 @@
|
||||
stages:
|
||||
- build
|
||||
|
||||
.build_tar:
|
||||
image: "git.mesalab.cn:7443/mesa_platform/build-env:self-test-env"
|
||||
variables:
|
||||
GIT_STRATEGY: "clone"
|
||||
BUILD_PADDING_PREFIX: /tmp/padding_for_PACK_TAR_BUILD_DIRS_PREFIX/
|
||||
TESTING_VERSION_BUILD: 0
|
||||
before_script:
|
||||
- dockerd > /dev/null &
|
||||
- docker info
|
||||
- docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
|
||||
- mkdir -p $BUILD_PADDING_PREFIX/$CI_PROJECT_NAMESPACE/
|
||||
- ln -s $CI_PROJECT_DIR $BUILD_PADDING_PREFIX/$CI_PROJECT_PATH
|
||||
- cd $BUILD_PADDING_PREFIX/$CI_PROJECT_PATH
|
||||
- pwd
|
||||
- chmod +x ./ci/travis.sh
|
||||
script:
|
||||
- yum makecache
|
||||
- ./ci/travis.sh
|
||||
tags:
|
||||
- share
|
||||
|
||||
file_build:
|
||||
stage: build
|
||||
variables:
|
||||
VER_NAME: $CI_COMMIT_REF_NAME
|
||||
PULP3_REPO_NAME: install-package-stable
|
||||
PULP3_DIST_NAME: install-package-stable
|
||||
|
||||
extends: .build_tar
|
||||
only:
|
||||
- tags
|
||||
|
||||
3
buildPackage.yml
Normal file
3
buildPackage.yml
Normal file
@@ -0,0 +1,3 @@
|
||||
- hosts: local
|
||||
roles:
|
||||
- package-build
|
||||
10
build_config/group_vars/local.yml
Normal file
10
build_config/group_vars/local.yml
Normal file
@@ -0,0 +1,10 @@
|
||||
tarpath:
|
||||
src:
|
||||
- /tmp/padding_for_PACK_TAR_BUILD_DIRS_PREFIX/tsg/tsg-scripts/install_config
|
||||
- /tmp/padding_for_PACK_TAR_BUILD_DIRS_PREFIX/tsg/tsg-scripts/deploy.yml
|
||||
- /tmp/padding_for_PACK_TAR_BUILD_DIRS_PREFIX/tsg/tsg-scripts/roles/tsg-diagnose
|
||||
destdict: /tmp/padding_for_PACK_TAR_BUILD_DIRS_PREFIX/tsg/tsg-scripts/build/
|
||||
|
||||
tsgDiagnoseDockerFile:
|
||||
unarchiveUrl: https://repo.internal.geedge.net/pulp/content/install/stable/package/docker-rpm-test-docker-ce-7.tar.gz
|
||||
unarchiveDest: /tmp/padding_for_PACK_TAR_BUILD_DIRS_PREFIX/tsg/tsg-scripts/roles/tsg-diagnose/files
|
||||
2
build_config/hosts
Normal file
2
build_config/hosts
Normal file
@@ -0,0 +1,2 @@
|
||||
[local]
|
||||
localhost ansible_connection=local
|
||||
14
ci/travis.sh
Normal file
14
ci/travis.sh
Normal file
@@ -0,0 +1,14 @@
|
||||
#!/usr/bin/env sh
|
||||
mkdir build || true
|
||||
|
||||
cat ./customize.yml >> ./build_config/group_vars/local.yml
|
||||
cat ./customize.yml >> ./install_config/group_vars/all.yml
|
||||
|
||||
ansible-playbook -i ./build_config -e tarname=tsg-scripts-${VER_NAME}.tar.gz buildPackage.yml
|
||||
|
||||
ls -halt ./build/tsg-scripts-${VER_NAME}.tar.gz
|
||||
|
||||
cd build
|
||||
cp ~/file_upload_tools.py ./
|
||||
|
||||
python3 file_upload_tools.py ${PULP3_REPO_NAME} ${PULP3_DIST_NAME} *.tar.gz
|
||||
52
customize.yml
Normal file
52
customize.yml
Normal file
@@ -0,0 +1,52 @@
|
||||
rpmdict:
|
||||
tsgDiagnose:
|
||||
fullname: "tsg-diagnose-test_edit_name-1.el7.x86_64.rpm"
|
||||
name: "tsg-diagnose"
|
||||
downpath: "/tmp/padding_for_PACK_TAR_BUILD_DIRS_PREFIX/tsg/tsg-scripts/roles/tsg-diagnose/files/rpms"
|
||||
|
||||
dockerEnvRpm:
|
||||
dockerCe:
|
||||
- container-selinux-2.119.2-1.911c772.el7_8.noarch.rpm
|
||||
- selinux-policy-targeted-3.13.1-266.el7_8.1.noarch.rpm
|
||||
- selinux-policy-3.13.1-266.el7_8.1.noarch.rpm
|
||||
- containerd.io-1.2.13-3.2.el7.x86_64.rpm
|
||||
- policycoreutils-python-2.5-34.el7.x86_64.rpm
|
||||
- policycoreutils-2.5-34.el7.x86_64.rpm
|
||||
- libselinux-utils-2.5-15.el7.x86_64.rpm
|
||||
- libselinux-python-2.5-15.el7.x86_64.rpm
|
||||
- libseccomp-2.3.1-4.el7.x86_64.rpm
|
||||
- iptables-1.4.21-34.el7.x86_64.rpm
|
||||
- libcgroup-0.41-21.el7.x86_64.rpm
|
||||
- audit-libs-python-2.8.5-4.el7.x86_64.rpm
|
||||
- setools-libs-3.3.8-4.el7.x86_64.rpm
|
||||
- libsemanage-python-2.5-14.el7.x86_64.rpm
|
||||
- checkpolicy-2.5-8.el7.x86_64.rpm
|
||||
- libnetfilter_conntrack-1.0.6-1.el7_3.x86_64.rpm
|
||||
- python-IPy-0.75-6.el7.noarch.rpm
|
||||
- libnfnetlink-1.0.1-4.el7.x86_64.rpm
|
||||
- libmnl-1.0.3-7.el7.x86_64.rpm
|
||||
- docker-ce-cli-19.03.12-3.el7.x86_64.rpm
|
||||
- docker-ce-19.03.12-3.el7.x86_64.rpm
|
||||
dockerCompose:
|
||||
- libtirpc-0.2.4-0.16.el7.x86_64.rpm
|
||||
- libyaml-0.1.4-11.el7_0.x86_64.rpm
|
||||
- python3-3.6.8-13.el7.x86_64.rpm
|
||||
- python36-cached_property-1.5.1-2.el7.noarch.rpm
|
||||
- python36-chardet-3.0.4-1.el7.noarch.rpm
|
||||
- python36-docker-2.6.1-3.el7.noarch.rpm
|
||||
- python36-dockerpty-0.4.1-18.el7.noarch.rpm
|
||||
- python36-docker-pycreds-0.2.1-2.el7.noarch.rpm
|
||||
- python36-docopt-0.6.2-8.el7.noarch.rpm
|
||||
- python36-idna-2.7-2.el7.noarch.rpm
|
||||
- python36-jsonschema-2.5.1-4.el7.noarch.rpm
|
||||
- python36-pysocks-1.6.8-7.el7.noarch.rpm
|
||||
- python36-PyYAML-3.13-1.el7.x86_64.rpm
|
||||
- python36-requests-2.14.2-2.el7.noarch.rpm
|
||||
- python36-six-1.14.0-2.el7.noarch.rpm
|
||||
- python36-texttable-1.6.2-1.el7.noarch.rpm
|
||||
- python36-urllib3-1.25.6-1.el7.noarch.rpm
|
||||
- python36-websocket-client-0.47.0-2.el7.noarch.rpm
|
||||
- python3-libs-3.6.8-13.el7.x86_64.rpm
|
||||
- python3-pip-9.0.3-7.el7_7.noarch.rpm
|
||||
- python3-setuptools-39.2.0-10.el7.noarch.rpm
|
||||
- docker-compose-1.18.0-4.el7.noarch.rpm
|
||||
@@ -8,12 +8,15 @@
|
||||
# - tsg-env-mcn0
|
||||
- mrzcpd
|
||||
- sapp
|
||||
- tsg_master
|
||||
- kni
|
||||
- firewall
|
||||
- http_healthcheck
|
||||
- clotho
|
||||
- certstore
|
||||
- cert-redis
|
||||
- telegraf_statistic
|
||||
- tsg-diagnose
|
||||
|
||||
- hosts: blade-01
|
||||
roles:
|
||||
@@ -44,6 +47,7 @@
|
||||
- mrzcpd
|
||||
- tsg-env-tun-mode
|
||||
- sapp
|
||||
- tsg_master
|
||||
- kni
|
||||
- firewall
|
||||
- http_healthcheck
|
||||
@@ -51,3 +55,5 @@
|
||||
- certstore
|
||||
- cert-redis
|
||||
- tfe
|
||||
- telegraf_statistic
|
||||
- proxy_status
|
||||
|
||||
@@ -1,5 +1,9 @@
|
||||
########################################
|
||||
tsg_access_type: 0
|
||||
#########################################
|
||||
#####0: Pcap; 1: Inline_device; 2: Allot; 3: ADC_Tun_mode; 4: ATCA;
|
||||
tsg_access_type: 4
|
||||
|
||||
#####0: Tun_mode; 1: normal; 2: ADC;
|
||||
tsg_running_type: 1
|
||||
|
||||
########################################
|
||||
maat_redis_server:
|
||||
@@ -17,7 +21,7 @@ cert_store_server:
|
||||
port: 9991
|
||||
|
||||
log_kafkabrokers:
|
||||
address: "192.168.40.169:9092"
|
||||
address: "1.1.1.1:9092,2.2.2.2:9092"
|
||||
|
||||
log_minio:
|
||||
address: "192.168.40.168;"
|
||||
@@ -31,7 +35,9 @@ fs_remote:
|
||||
########################################
|
||||
sapp:
|
||||
worker_threads: 16
|
||||
send_only_threads_max: 8
|
||||
bind_mask: 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16
|
||||
inbound_route_dir: 1
|
||||
|
||||
########################################
|
||||
kni:
|
||||
@@ -45,12 +51,9 @@ kni:
|
||||
send_logger:
|
||||
switch: 1
|
||||
tfe_nodes:
|
||||
- tfe0:
|
||||
enabled: 1
|
||||
- tfe1:
|
||||
enabled: 1
|
||||
- tfe2:
|
||||
enabled: 1
|
||||
tfe0_enabled: 1
|
||||
tfe1_enabled: 1
|
||||
tfe2_enabled: 1
|
||||
|
||||
########################################
|
||||
tfe:
|
||||
@@ -67,8 +70,19 @@ mrzcpd:
|
||||
mrtunnat:
|
||||
lcore_id: 38
|
||||
|
||||
nic_data_incoming:
|
||||
ethname: enp1s0
|
||||
vf0_name: enp1s2
|
||||
vf1_name: enp1s2f1
|
||||
vf2_name: enp1s2f2
|
||||
|
||||
VlanFlipping:
|
||||
vlanID_1: 100
|
||||
vlanID_2: 101
|
||||
vlanID_3: 103
|
||||
vlanID_4: 104
|
||||
########################################
|
||||
tsg_tun_mode:
|
||||
server:
|
||||
ethname: eth0
|
||||
tun_name: eth0.100
|
||||
internal_interface: "eth2"
|
||||
|
||||
Binary file not shown.
Binary file not shown.
@@ -10,7 +10,7 @@
|
||||
- name: install certstore
|
||||
yum:
|
||||
name:
|
||||
- /tmp/ansible_deploy/certstore-v20.04.3989072-1.el7.x86_64.rpm
|
||||
- /tmp/ansible_deploy/certstore-v20.05.0f61dde-1.el7.centos.x86_64.rpm
|
||||
state: present
|
||||
|
||||
- name: template certstore configure file
|
||||
|
||||
@@ -15,7 +15,7 @@ expire_after = 30
|
||||
local_debug = 1
|
||||
ca_path = ./cert/tango-ca-v3-trust-ca.pem
|
||||
untrusted_ca_path = ./cert/mesalab-ca-untrust.pem
|
||||
[NTC_MAAT]
|
||||
[MAAT]
|
||||
#Configure the load mode,
|
||||
#0: using the configuration distribution network
|
||||
#1: using local json
|
||||
@@ -43,3 +43,6 @@ port = 6379
|
||||
ip = {{ maat_redis_server.address }}
|
||||
port = {{ maat_redis_server.port }}
|
||||
dbindex = {{ maat_redis_server.db }}
|
||||
[stat]
|
||||
statsd_server=192.168.100.1
|
||||
statsd_port=8126
|
||||
|
||||
@@ -2,8 +2,8 @@
|
||||
BROKER_LIST={{ log_kafkabrokers.address }}
|
||||
|
||||
[SYSTEM]
|
||||
{% if tsg_access_type == 0 %}
|
||||
NIC_NAME={{ tsg_tun_mode.ethname }}
|
||||
{% if tsg_running_type == 0 or 1 %}
|
||||
NIC_NAME={{ server.ethname }}
|
||||
{% else %}
|
||||
NIC_NAME={{ nic_mgr.name }}
|
||||
{% endif %}
|
||||
|
||||
0
roles/firewall/files/ftp-1.0.4.5d3a283-2.el7.x86_64.rpm
Normal file → Executable file
0
roles/firewall/files/ftp-1.0.4.5d3a283-2.el7.x86_64.rpm
Normal file → Executable file
Binary file not shown.
BIN
roles/firewall/files/fw_ftp_plug-1.1.0.74c9a05-2.el7.x86_64.rpm
Normal file
BIN
roles/firewall/files/fw_ftp_plug-1.1.0.74c9a05-2.el7.x86_64.rpm
Normal file
Binary file not shown.
Binary file not shown.
BIN
roles/firewall/files/fw_http_plug-1.2.0.a7e63c0-2.el7.x86_64.rpm
Normal file
BIN
roles/firewall/files/fw_http_plug-1.2.0.a7e63c0-2.el7.x86_64.rpm
Normal file
Binary file not shown.
Binary file not shown.
BIN
roles/firewall/files/fw_mail_plug-1.1.0.a42c5a0-2.el7.x86_64.rpm
Normal file
BIN
roles/firewall/files/fw_mail_plug-1.1.0.a42c5a0-2.el7.x86_64.rpm
Normal file
Binary file not shown.
BIN
roles/firewall/files/fw_quic_plug-1.0.1.e8cded4-2.el7.x86_64.rpm
Normal file
BIN
roles/firewall/files/fw_quic_plug-1.0.1.e8cded4-2.el7.x86_64.rpm
Normal file
Binary file not shown.
BIN
roles/firewall/files/quic-1.1.4.9c2e0ba-2.el7.x86_64.rpm
Normal file
BIN
roles/firewall/files/quic-1.1.4.9c2e0ba-2.el7.x86_64.rpm
Normal file
Binary file not shown.
@@ -8,6 +8,7 @@
|
||||
yum:
|
||||
name: "{{ fw_packages }}"
|
||||
state: present
|
||||
skip_broken: yes
|
||||
vars:
|
||||
fw_packages:
|
||||
- /tmp/ansible_deploy/dns-2.0.2.5effe72-2.el7.x86_64.rpm
|
||||
@@ -17,12 +18,14 @@
|
||||
- /tmp/ansible_deploy/ssl-1.0.0.73e5273-2.el7.x86_64.rpm
|
||||
- /tmp/ansible_deploy/tsg_conn_record-1.0.0.2155660-1.el7.centos.x86_64.rpm
|
||||
- /tmp/ansible_deploy/fw_dns_plug-debug-1.0.3.ea8e0f6-1.el7.centos.x86_64.rpm
|
||||
- /tmp/ansible_deploy/fw_ftp_plug-1.0.3.73372b5-2.el7.x86_64.rpm
|
||||
- /tmp/ansible_deploy/fw_ftp_plug-1.1.0.74c9a05-2.el7.x86_64.rpm
|
||||
- /tmp/ansible_deploy/fw_ssl_plug-1.0.3.30fcf35-2.el7.x86_64.rpm
|
||||
- /tmp/ansible_deploy/fw_mail_plug-1.0.4.03e1b53-2.el7.x86_64.rpm
|
||||
- /tmp/ansible_deploy/fw_http_plug-1.0.14.2f3b011-2.el7.x86_64.rpm
|
||||
- /tmp/ansible_deploy/fw_mail_plug-1.1.0.a42c5a0-2.el7.x86_64.rpm
|
||||
- /tmp/ansible_deploy/fw_http_plug-1.2.0.a7e63c0-2.el7.x86_64.rpm
|
||||
- /tmp/ansible_deploy/capture_packet_plug-debug-1.0.0.-1.el7.x86_64.rpm
|
||||
- /tmp/ansible_deploy/clotho-debug-1.0.0.-1.el7.x86_64.rpm
|
||||
- /tmp/ansible_deploy/quic-1.1.4.9c2e0ba-2.el7.x86_64.rpm
|
||||
- /tmp/ansible_deploy/fw_quic_plug-1.0.1.e8cded4-2.el7.x86_64.rpm
|
||||
|
||||
- name: "Template the tsgconf/main.conf"
|
||||
template:
|
||||
|
||||
@@ -15,8 +15,8 @@ INC_CFG_DIR=capture_packet_rule/inc/index/
|
||||
FULL_CFG_DIR=capture_packet_rule/full/index/
|
||||
|
||||
[LOG]
|
||||
{% if tsg_access_type == 0 %}
|
||||
NIC_NAME={{ tsg_tun_mode.ethname }}
|
||||
{% if tsg_running_type == 0 or 1 %}
|
||||
NIC_NAME={{ server.ethname }}
|
||||
{% else %}
|
||||
NIC_NAME={{ nic_mgr.name }}
|
||||
{% endif %}
|
||||
|
||||
@@ -1,4 +1,5 @@
|
||||
[STATIC]
|
||||
###0:location 1:json 2:redis
|
||||
MAAT_MODE=2
|
||||
STAT_SWITCH=1
|
||||
PERF_SWITCH=1
|
||||
@@ -14,6 +15,7 @@ INC_CFG_DIR=tsgrule/inc/index/
|
||||
FULL_CFG_DIR=tsgrule/full/index/
|
||||
|
||||
[DYNAMIC]
|
||||
###0:location 1:json 2:redis
|
||||
MAAT_MODE=2
|
||||
STAT_SWITCH=1
|
||||
PERF_SWITCH=1
|
||||
|
||||
@@ -24,8 +24,8 @@ IP_ADDR_TABLE=TSG_SECURITY_ADDR
|
||||
|
||||
[TSG_LOG]
|
||||
MODE=1
|
||||
{% if tsg_access_type == 0 %}
|
||||
NIC_NAME={{ tsg_tun_mode.ethname }}
|
||||
{% if tsg_running_type == 0 or 1 %}
|
||||
NIC_NAME={{ server.ethname }}
|
||||
{% else %}
|
||||
NIC_NAME={{ nic_mgr.name }}
|
||||
{% endif %}
|
||||
@@ -36,7 +36,7 @@ BROKER_LIST={{ log_kafkabrokers.address }}
|
||||
COMMON_FIELD_FILE=tsgconf/tsg_log_field.conf
|
||||
|
||||
[STATISTIC]
|
||||
CYCLE=0
|
||||
CYCLE=1
|
||||
TELEGRAF_PORT=8100
|
||||
TELEGRAF_IP=127.0.0.1
|
||||
OUTPUT_PATH=./tsg_statistic.log
|
||||
|
||||
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
BIN
roles/framework/files/librulescan-2.2.0.900d2b3-2.el7.x86_64.rpm
Normal file
BIN
roles/framework/files/librulescan-2.2.0.900d2b3-2.el7.x86_64.rpm
Normal file
Binary file not shown.
@@ -11,15 +11,15 @@
|
||||
vars:
|
||||
packages:
|
||||
- /tmp/ansible_deploy/libMESA_field_stat-1.0.1.852c2df-1.el7.x86_64.rpm
|
||||
- /tmp/ansible_deploy/libMESA_field_stat2-2.8.6.c183ed6-1.el7.x86_64.rpm
|
||||
- /tmp/ansible_deploy/libMESA_handle_logger-1.0.8.bd5f0ac-1.el7.x86_64.rpm
|
||||
- /tmp/ansible_deploy/libMESA_field_stat2-2.9.0.16ecf3b-2.el7.x86_64.rpm
|
||||
- /tmp/ansible_deploy/libMESA_handle_logger-1.0.9.304259e-2.el7.x86_64.rpm
|
||||
- /tmp/ansible_deploy/libMESA_htable-3.10.11.6275308-1.el7.x86_64.rpm
|
||||
- /tmp/ansible_deploy/libMESA_prof_load-1.0.5.bf755de-1.el7.x86_64.rpm
|
||||
- /tmp/ansible_deploy/libWiredLB-2.0.3.c7d131b-1.el7.x86_64.rpm
|
||||
- /tmp/ansible_deploy/libcjson-1.7.8.542ad7f-1.el7.x86_64.rpm
|
||||
- /tmp/ansible_deploy/libdocumentanalyze-2.0.4.efdfc29-1.el7.x86_64.rpm
|
||||
- /tmp/ansible_deploy/libmaatframe-2.8.1.8729ebf-2.el7.x86_64.rpm
|
||||
- /tmp/ansible_deploy/librulescan-2.1.7.c27f70d-1.el7.x86_64.rpm
|
||||
- /tmp/ansible_deploy/libmaatframe-2.9.2.7519c63-2.el7.x86_64.rpm
|
||||
- /tmp/ansible_deploy/librulescan-2.2.0.900d2b3-2.el7.x86_64.rpm
|
||||
- /tmp/ansible_deploy/libwiredcfg-2.0.2.7ce1eea-1.el7.x86_64.rpm
|
||||
- /tmp/ansible_deploy/lz4-1.7.5-3.el7.x86_64.rpm
|
||||
- /tmp/ansible_deploy/librdkafka-0.11.4-1.el7.x86_64.rpm
|
||||
|
||||
8
roles/kernel-ml/files/grub
Normal file
8
roles/kernel-ml/files/grub
Normal file
@@ -0,0 +1,8 @@
|
||||
GRUB_TIMEOUT=5
|
||||
GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)"
|
||||
GRUB_DEFAULT=saved
|
||||
GRUB_DISABLE_SUBMENU=true
|
||||
GRUB_TERMINAL="serial console"
|
||||
GRUB_SERIAL_COMMAND="serial --speed=115200"
|
||||
GRUB_CMDLINE_LINUX="crashkernel=auto console=ttyS0,115200 intel_iommu=on iommu=pt pci=realloc,assign-busses"
|
||||
GRUB_DISABLE_RECOVERY="true"
|
||||
@@ -17,6 +17,20 @@
|
||||
command: /usr/sbin/grub2-set-default 0
|
||||
when: t_kernel_ml.changed
|
||||
|
||||
- name: "copy /etc/default/grub"
|
||||
copy:
|
||||
src: "{{ role_path }}/files/grub"
|
||||
dest: "/etc/default"
|
||||
when:
|
||||
- tsg_access_type == 4
|
||||
- t_kernel_ml.changed
|
||||
|
||||
- name: "grub2-mkconfig"
|
||||
shell: grub2-mkconfig -o /boot/grub2/grub.cfg
|
||||
when:
|
||||
- tsg_access_type == 4
|
||||
- t_kernel_ml.changed
|
||||
|
||||
- name: "reboot"
|
||||
reboot:
|
||||
when: t_kernel_ml.changed
|
||||
|
||||
Binary file not shown.
BIN
roles/kni/files/kni-20.06-1.el7.x86_64.rpm
Normal file
BIN
roles/kni/files/kni-20.06-1.el7.x86_64.rpm
Normal file
Binary file not shown.
@@ -7,7 +7,7 @@
|
||||
- name: "install kni rpms from localhost"
|
||||
yum:
|
||||
name:
|
||||
- /tmp/ansible_deploy/kni-20.04-1.el7.x86_64.rpm
|
||||
- /tmp/ansible_deploy/kni-20.06-1.el7.x86_64.rpm
|
||||
state: present
|
||||
|
||||
- name: Template the kni.conf
|
||||
|
||||
@@ -2,12 +2,12 @@
|
||||
log_path = ./log/kni/kni.log
|
||||
log_level = {{ kni.global.log_level }}
|
||||
tfe_node_count = {{ kni.global.tfe_node_count }}
|
||||
{% if tsg_access_type == 0 %}
|
||||
manage_eth = {{ tsg_tun_mode.ethname }}
|
||||
{% if tsg_running_type == 0 or 1 %}
|
||||
manage_eth = {{ server.ethname }}
|
||||
{% else %}
|
||||
manage_eth = {{ nic_mgr.name }}
|
||||
{% endif %}
|
||||
{% if tsg_access_type == 0 %}
|
||||
{% if tsg_running_type == 0 %}
|
||||
deploy_mode = tun
|
||||
{% else %}
|
||||
deploy_mode = normal
|
||||
@@ -15,27 +15,31 @@ deploy_mode = normal
|
||||
tun_name = tun_kni
|
||||
src_mac_addr = 00:0e:c6:d6:72:c1
|
||||
dst_mac_addr = fe:65:b7:03:50:bd
|
||||
{% if tsg_access_type == 0 %}
|
||||
{% else %}
|
||||
{% if tsg_access_type == 4 %}
|
||||
[tfe0]
|
||||
enabled = 1
|
||||
dev_eth_symbol = {{ nic_data_incoming.vf1_name }}
|
||||
ip_addr = 192.168.100.1
|
||||
{% elif tsg_running_type == 2 %}
|
||||
[tfe0]
|
||||
enabled = {{ kni.tfe_nodes.tfe0_enabled }}
|
||||
dev_eth_symbol = {{ nic_to_tfe.tfe0.name }}
|
||||
ip_addr = 192.168.100.2
|
||||
|
||||
[tfe1]
|
||||
enabled = 1
|
||||
enabled = {{ kni.tfe_nodes.tfe1_enabled }}
|
||||
dev_eth_symbol = {{ nic_to_tfe.tfe1.name }}
|
||||
ip_addr = 192.168.100.3
|
||||
|
||||
[tfe2]
|
||||
enabled = 1
|
||||
enabled = {{ kni.tfe_nodes.tfe2_enabled }}
|
||||
dev_eth_symbol = {{ nic_to_tfe.tfe2.name }}
|
||||
ip_addr = 192.168.100.4
|
||||
{% endif %}
|
||||
|
||||
[tfe_cmsg_receiver]
|
||||
{% if tsg_access_type == 0 %}
|
||||
listen_eth = {{ tsg_tun_mode.tun_name }}
|
||||
{% if tsg_running_type == 0 or 1%}
|
||||
listen_eth = {{ server.tun_name }}
|
||||
{% else %}
|
||||
listen_eth = {{ nic_inner_ctrl.name }}
|
||||
{% endif %}
|
||||
@@ -43,8 +47,8 @@ listen_port = 2475
|
||||
|
||||
[watch_dog]
|
||||
switch = {{ kni.watch_dog.switch }}
|
||||
{% if tsg_access_type == 0 %}
|
||||
listen_eth = {{ tsg_tun_mode.tun_name }}
|
||||
{% if tsg_running_type == 0 or 1 %}
|
||||
listen_eth = {{ server.tun_name }}
|
||||
{% else %}
|
||||
listen_eth = {{ nic_inner_ctrl.name }}
|
||||
{% endif %}
|
||||
|
||||
BIN
roles/mrzcpd/files/mrzcpd-4.3.19.f936069-1.el7.x86_64.rpm → roles/mrzcpd/files/mrzcpd-4.3.21.26314ca-1.el7.x86_64.rpm
Executable file → Normal file
BIN
roles/mrzcpd/files/mrzcpd-4.3.19.f936069-1.el7.x86_64.rpm → roles/mrzcpd/files/mrzcpd-4.3.21.26314ca-1.el7.x86_64.rpm
Executable file → Normal file
Binary file not shown.
@@ -6,7 +6,7 @@
|
||||
|
||||
- name: "install mrzcpd"
|
||||
yum:
|
||||
name: /tmp/ansible_deploy/mrzcpd-4.3.19.f936069-1.el7.x86_64.rpm
|
||||
name: /tmp/ansible_deploy/mrzcpd-4.3.21.26314ca-1.el7.x86_64.rpm
|
||||
state: present
|
||||
|
||||
- name: "update sysconfig/mrzcpd"
|
||||
@@ -52,6 +52,15 @@
|
||||
- nic_traffic_mirror is not defined
|
||||
- tsg_access_type == 3
|
||||
|
||||
|
||||
- name: "update mrglobal.conf.ATCA_40G - blade00"
|
||||
template:
|
||||
src: "{{ role_path }}/templates/mrglobal.conf.ATCA_40G.j2"
|
||||
dest: /opt/mrzcpd/etc/mrglobal.conf
|
||||
when:
|
||||
- nic_traffic_mirror is not defined
|
||||
- tsg_access_type == 4
|
||||
|
||||
- name: "update mrtunnat.conf.inline - blade00"
|
||||
template:
|
||||
src: "{{ role_path }}/templates/mrtunnat.conf.inline.j2"
|
||||
@@ -76,24 +85,38 @@
|
||||
- nic_traffic_mirror is not defined
|
||||
- tsg_access_type == 3
|
||||
|
||||
- name: "update mrtunnat.conf.ATCA_40G - blade00"
|
||||
template:
|
||||
src: "{{ role_path }}/templates/mrtunnat.conf.ATCA_40G.j2"
|
||||
dest: /opt/mrzcpd/etc/mrtunnat.conf
|
||||
when:
|
||||
- nic_traffic_mirror is not defined
|
||||
- tsg_access_type == 4
|
||||
|
||||
- name: "enable mrenv"
|
||||
systemd:
|
||||
name: mrenv
|
||||
enabled: yes
|
||||
daemon_reload: yes
|
||||
when:
|
||||
- tsg_access_type != 0
|
||||
|
||||
- name: "enable mrzcpd"
|
||||
systemd:
|
||||
name: mrzcpd
|
||||
enabled: yes
|
||||
daemon_reload: yes
|
||||
when:
|
||||
- tsg_access_type != 0
|
||||
|
||||
- name: "enable mrtunnat on master"
|
||||
systemd:
|
||||
name: mrtunnat
|
||||
enabled: yes
|
||||
daemon_reload: yes
|
||||
when: nic_traffic_mirror is not defined
|
||||
when:
|
||||
- nic_traffic_mirror is not defined
|
||||
- tsg_access_type != 0
|
||||
|
||||
- name: "disable mrtunnat on slave"
|
||||
systemd:
|
||||
|
||||
56
roles/mrzcpd/templates/mrglobal.conf.ATCA_40G.j2
Normal file
56
roles/mrzcpd/templates/mrglobal.conf.ATCA_40G.j2
Normal file
@@ -0,0 +1,56 @@
|
||||
[device]
|
||||
device={{nic_data_incoming.vf0_name}},{{ nic_data_incoming.vf1_name }},vxlan_user,vxlan_fwd
|
||||
sz_tunnel=8192
|
||||
sz_buffer=0
|
||||
|
||||
[device:{{nic_data_incoming.vf0_name}}]
|
||||
mtu=4096
|
||||
clear_tx_flags=1
|
||||
vlan-filter=1
|
||||
vlan-strip=1
|
||||
vlan-id-allow={{ VlanFlipping.vlanID_1 }},{{ VlanFlipping.vlanID_2 }},{{ VlanFlipping.vlanID_3 }},{{ VlanFlipping.vlanID_4 }}
|
||||
vlan-pvid=0
|
||||
vlan-pvid-mode=2
|
||||
hw_strip_crc=1
|
||||
|
||||
[device:{{ nic_data_incoming.vf1_name }}]
|
||||
mtu=4096
|
||||
clear_tx_flags=1
|
||||
vlan-filter=1
|
||||
vlan-strip=1
|
||||
vlan-id-allow=4095
|
||||
vlan-pvid=0
|
||||
vlan-pvid-mode=2
|
||||
hw_strip_crc=1
|
||||
|
||||
[service]
|
||||
# lcore id for i/o service, use comma to split
|
||||
iocore={{ mrzcpd.iocore }}
|
||||
distmode=2
|
||||
hashmode=0
|
||||
|
||||
[eal]
|
||||
virtaddr=0x7f40c4a00000
|
||||
loglevel=7
|
||||
|
||||
[keepalive]
|
||||
check_spinlock=0
|
||||
|
||||
[ctrlzone]
|
||||
ctrlzone0=tunnat,64
|
||||
|
||||
[pool]
|
||||
create_mode=3
|
||||
sz_direct_pktmbuf=4194304
|
||||
sz_indirect_pktmbuf=8192
|
||||
sz_cache=256
|
||||
sz_data=4096
|
||||
|
||||
[forward]
|
||||
nr_forward_rule=6
|
||||
forward_rule_0=pv,{{nic_data_incoming.vf0_name}},{{nic_data_incoming.vf0_name}}
|
||||
forward_rule_1=vp,{{nic_data_incoming.vf0_name}},{{nic_data_incoming.vf0_name}}
|
||||
forward_rule_2=vv,vxlan_fwd,vxlan_user
|
||||
forward_rule_3=vv,vxlan_user,vxlan_fwd
|
||||
forward_rule_4=pv,{{ nic_data_incoming.vf1_name }},{{ nic_data_incoming.vf1_name }}
|
||||
forward_rule_5=vp,{{ nic_data_incoming.vf1_name }},{{ nic_data_incoming.vf1_name }}
|
||||
23
roles/mrzcpd/templates/mrtunnat.conf.ATCA_40G.j2
Normal file
23
roles/mrzcpd/templates/mrtunnat.conf.ATCA_40G.j2
Normal file
@@ -0,0 +1,23 @@
|
||||
[tunnat]
|
||||
lcore_id={{ mrtunnat.lcore_id }}
|
||||
appsym=tunnat
|
||||
phydev={{nic_data_incoming.vf0_name}}
|
||||
virtdev=vxlan_fwd
|
||||
nr_max_sessions=524280
|
||||
nr_slots=1048576
|
||||
expire_time=60
|
||||
reverse_tunnel=0
|
||||
use_recent_tunnel=0
|
||||
use_link_info_table=1
|
||||
use_tuple4_as_sskey=0
|
||||
ctrlzone_addr_info_type=2
|
||||
|
||||
[vlan_flipping]
|
||||
enable=1
|
||||
c_router_vlan_id_0={{ VlanFlipping.vlanID_1 }}
|
||||
i_router_vlan_id_0={{ VlanFlipping.vlanID_2 }}
|
||||
en_mac_flipping_0=0
|
||||
en_mac_flipping_0=0
|
||||
c_router_vlan_id_1={{ VlanFlipping.vlanID_3 }}
|
||||
i_router_vlan_id_1={{ VlanFlipping.vlanID_4 }}
|
||||
en_mac_flipping_1=0
|
||||
6
roles/package-build/tasks/DockerEnvDownload.yml
Normal file
6
roles/package-build/tasks/DockerEnvDownload.yml
Normal file
@@ -0,0 +1,6 @@
|
||||
---
|
||||
- name: 'Unarchive docker env rpm file from remote host'
|
||||
unarchive:
|
||||
src: "{{ tsgDiagnoseDockerFile.unarchiveUrl }}"
|
||||
dest: "{{ tsgDiagnoseDockerFile.unarchiveDest }}"
|
||||
remote_src: yes
|
||||
8
roles/package-build/tasks/RpmDownload.yml
Normal file
8
roles/package-build/tasks/RpmDownload.yml
Normal file
@@ -0,0 +1,8 @@
|
||||
---
|
||||
- name: "download rpm package by rpm list"
|
||||
yum:
|
||||
name: "{{ item.value.name }}"
|
||||
state: present
|
||||
download_only: true
|
||||
download_dir: "{{ item.value.downpath }}"
|
||||
with_dict: "{{ rpmdict }}"
|
||||
6
roles/package-build/tasks/TarBuild.yml
Normal file
6
roles/package-build/tasks/TarBuild.yml
Normal file
@@ -0,0 +1,6 @@
|
||||
---
|
||||
- name: "build install tar package"
|
||||
archive:
|
||||
path: "{{ tarpath.src }}"
|
||||
dest: "{{ tarpath.destdict }}{{ tarname }}"
|
||||
format: gz
|
||||
4
roles/package-build/tasks/main.yml
Normal file
4
roles/package-build/tasks/main.yml
Normal file
@@ -0,0 +1,4 @@
|
||||
---
|
||||
- include: DockerEnvDownload.yml
|
||||
- include: RpmDownload.yml
|
||||
- include: TarBuild.yml
|
||||
11
roles/proxy_status/files/proxy-status.service
Normal file
11
roles/proxy_status/files/proxy-status.service
Normal file
@@ -0,0 +1,11 @@
|
||||
[Unit]
|
||||
Description=proxy status
|
||||
|
||||
[Service]
|
||||
ExecStart=/opt/proxy_status/proxy_start
|
||||
ExecStop=/opt/proxy_status/proxy_stop
|
||||
Type=oneshot
|
||||
RemainAfterExit=yes
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
12
roles/proxy_status/files/proxy_start
Executable file
12
roles/proxy_status/files/proxy_start
Executable file
@@ -0,0 +1,12 @@
|
||||
#!/bin/bash
|
||||
#
|
||||
|
||||
systemctl start tsg-env-tun-mode.service &>/dev/null &
|
||||
sleep 2
|
||||
systemctl start sapp.service &>/dev/null &
|
||||
sleep 5
|
||||
systemctl start tfe-env.service &>/dev/null &
|
||||
sleep 5
|
||||
systemctl start tfe.service &>/dev/null &
|
||||
systemctl start certstore.service &>/dev/null &
|
||||
systemctl start cert-redis.service &>/dev/null &
|
||||
65
roles/proxy_status/files/proxy_status
Executable file
65
roles/proxy_status/files/proxy_status
Executable file
@@ -0,0 +1,65 @@
|
||||
#!/bin/bash
|
||||
#
|
||||
|
||||
systemctl status tsg-env-tun-mode &>/dev/null
|
||||
if [ $? -eq 0 ];then
|
||||
echo -e "\033[32m tsg-env-tun-mode is running \033[0m"
|
||||
else
|
||||
echo -e "\033[31m tsg-env-tun-mode is down \033[0m"
|
||||
fi
|
||||
|
||||
systemctl status mrzcpd &>/dev/null
|
||||
if [ $? -eq 0 ];then
|
||||
echo -e "\033[32m mrzcpd is running \033[0m"
|
||||
else
|
||||
echo -e "\033[31m mrzcpd is down \033[0m"
|
||||
fi
|
||||
|
||||
systemctl status mrenv &>/dev/null
|
||||
if [ $? -eq 0 ];then
|
||||
echo -e "\033[32m mrenv is running \033[0m"
|
||||
else
|
||||
echo -e "\033[31m mrenv is down \033[0m"
|
||||
fi
|
||||
|
||||
systemctl status mrtunnat &>/dev/null
|
||||
if [ $? -eq 0 ];then
|
||||
echo -e "\033[32m mrtunnat is running \033[0m"
|
||||
else
|
||||
echo -e "\033[31m mrtunnat is down \033[0m"
|
||||
fi
|
||||
|
||||
systemctl status sapp &>/dev/null
|
||||
if [ $? -eq 0 ];then
|
||||
echo -e "\033[32m sapp is running \033[0m"
|
||||
else
|
||||
echo -e "\033[31m sapp is down \033[0m"
|
||||
fi
|
||||
|
||||
systemctl status tfe-env &>/dev/null
|
||||
if [ $? -eq 0 ];then
|
||||
echo -e "\033[32m tfe-env is running \033[0m"
|
||||
else
|
||||
echo -e "\033[31m tfe-env is down \033[0m"
|
||||
fi
|
||||
|
||||
systemctl status tfe &>/dev/null
|
||||
if [ $? -eq 0 ];then
|
||||
echo -e "\033[32m tfe is running \033[0m"
|
||||
else
|
||||
echo -e "\033[31m tfe is down \033[0m"
|
||||
fi
|
||||
|
||||
systemctl status certstore &>/dev/null
|
||||
if [ $? -eq 0 ];then
|
||||
echo -e "\033[32m certstore is running \033[0m"
|
||||
else
|
||||
echo -e "\033[31m certstore is down \033[0m"
|
||||
fi
|
||||
|
||||
systemctl status cert-redis &>/dev/null
|
||||
if [ $? -eq 0 ];then
|
||||
echo -e "\033[32m cert-redis is running \033[0m"
|
||||
else
|
||||
echo -e "\033[31m cert-redis is down \033[0m"
|
||||
fi
|
||||
12
roles/proxy_status/files/proxy_stop
Executable file
12
roles/proxy_status/files/proxy_stop
Executable file
@@ -0,0 +1,12 @@
|
||||
#!/bin/bash
|
||||
#
|
||||
|
||||
systemctl stop tsg-env-tun-mode.service &>/dev/null &
|
||||
systemctl stop mrzcpd.service &>/dev/null &
|
||||
systemctl stop mrtunnat.service &>/dev/null &
|
||||
systemctl stop sapp.service &>/dev/null &
|
||||
systemctl stop tfe-env.service &>/dev/null &
|
||||
systemctl stop tfe.service &>/dev/null &
|
||||
systemctl stop certstore.service &>/dev/null &
|
||||
systemctl stop cert-redis.service &>/dev/null &
|
||||
|
||||
24
roles/proxy_status/tasks/main.yml
Normal file
24
roles/proxy_status/tasks/main.yml
Normal file
@@ -0,0 +1,24 @@
|
||||
---
|
||||
- name: "create /opt/proxy_status"
|
||||
file:
|
||||
path: /opt/proxy_status
|
||||
state: directory
|
||||
|
||||
- name: "copy files"
|
||||
copy:
|
||||
src: "{{ role_path }}/files/"
|
||||
dest: /opt/proxy_status
|
||||
mode: 0755
|
||||
|
||||
- name: "copy proxy-status.service"
|
||||
copy:
|
||||
src: "{{ role_path }}/files/proxy-status.service"
|
||||
dest: "/usr/lib/systemd/system/"
|
||||
mode: 0755
|
||||
|
||||
- name: "enable proxy-status"
|
||||
systemd:
|
||||
name: proxy-status
|
||||
enabled: yes
|
||||
daemon_reload: yes
|
||||
|
||||
Binary file not shown.
BIN
roles/sapp/files/sapp-4.0.14.91cbc1b-x86_64.rpm
Executable file
BIN
roles/sapp/files/sapp-4.0.14.91cbc1b-x86_64.rpm
Executable file
Binary file not shown.
Binary file not shown.
@@ -7,8 +7,7 @@
|
||||
- name: "install sapp rpms from localhost"
|
||||
yum:
|
||||
name:
|
||||
- /tmp/ansible_deploy/tsg_master-1.0.6.7c22c8d-2.el7.x86_64.rpm
|
||||
- /tmp/ansible_deploy/sapp-4.0.12.f8435d8-x86_64.rpm
|
||||
- /tmp/ansible_deploy/sapp-4.0.14.91cbc1b-x86_64.rpm
|
||||
state: present
|
||||
skip_broken: yes
|
||||
|
||||
@@ -41,6 +40,13 @@
|
||||
dest: /home/mesasoft/sapp_run/etc/gdev.conf
|
||||
when: tsg_access_type == 1
|
||||
|
||||
|
||||
- name: "copy sapp.service destination server"
|
||||
copy:
|
||||
src: "{{ role_path }}/files/sapp.service"
|
||||
dest: /usr/lib/systemd/system/
|
||||
mode: 0755
|
||||
|
||||
- name: "enable sapp"
|
||||
systemd:
|
||||
name: sapp
|
||||
|
||||
@@ -14,6 +14,9 @@ worker_threads=1
|
||||
{% else %}
|
||||
worker_threads={{ sapp.worker_threads }}
|
||||
{% endif %}
|
||||
{% if tsg_access_type == 4 %}
|
||||
send_only_threads_max={{ sapp.send_only_threads_max }}
|
||||
{% endif %}
|
||||
### note, bind_mask, if you do not want to bind thread to special CPU core, keep it empty as []
|
||||
{% if tsg_access_type == 0 %}
|
||||
bind_mask=[]
|
||||
@@ -22,6 +25,13 @@ bind_mask=[{{ sapp.bind_mask }}]
|
||||
{% endif %}
|
||||
|
||||
[PACKET_IO]
|
||||
{% if tsg_access_type == 4 %}
|
||||
### note, used to represent inbound or outbound direction value,
|
||||
##### because it comes from other device, so it needs to be specified manually,
|
||||
##### if inbound_route_dir=1, then outbound_route_dir=0, vice versa,
|
||||
##### in other words, outbound_route_dir = 1 ^ inbound_route_dir;
|
||||
inbound_route_dir={{ sapp.inbound_route_dir }}
|
||||
{% endif %}
|
||||
### note, BSD_packet_filter, if you do not want to set any filter rule, keep it empty as ""
|
||||
BSD_packet_filter=""
|
||||
|
||||
@@ -37,7 +47,7 @@ BSD_packet_filter=""
|
||||
[packet_io.internal.interface]
|
||||
{% if tsg_access_type == 0 %}
|
||||
type=pcap
|
||||
name={{tsg_tun_mode.internal_interface}}
|
||||
name={{server.internal_interface}}
|
||||
{% else %}
|
||||
type=marsio
|
||||
name=vxlan_user
|
||||
@@ -46,7 +56,7 @@ BSD_packet_filter=""
|
||||
[packet_io.external.interface]
|
||||
{% if tsg_access_type == 0 %}
|
||||
type=pcap
|
||||
name={{tsg_tun_mode.external_interface}}
|
||||
name={{server.external_interface}}
|
||||
{% else %}
|
||||
type=pcap
|
||||
name=lo
|
||||
|
||||
BIN
roles/telegraf_statistic/files/telegraf-1.13.0-1.x86_64.rpm
Normal file
BIN
roles/telegraf_statistic/files/telegraf-1.13.0-1.x86_64.rpm
Normal file
Binary file not shown.
16
roles/telegraf_statistic/files/telegraf_statistic.service
Executable file
16
roles/telegraf_statistic/files/telegraf_statistic.service
Executable file
@@ -0,0 +1,16 @@
|
||||
[Unit]
|
||||
Description=Statistic information
|
||||
Documentation=https://github.com/influxdata/telegraf
|
||||
After=network.target
|
||||
|
||||
[Service]
|
||||
EnvironmentFile=-/etc/default/telegraf
|
||||
User=telegraf
|
||||
ExecStart=/usr/bin/telegraf -config /etc/telegraf/telegraf_statistic.conf -config-directory /etc/telegraf/telegraf_statistic.d $TELEGRAF_OPTS
|
||||
ExecReload=/bin/kill -HUP $MAINPID
|
||||
Restart=on-failure
|
||||
RestartForceExitStatus=SIGPIPE
|
||||
KillMode=control-group
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
28
roles/telegraf_statistic/tasks/main.yml
Normal file
28
roles/telegraf_statistic/tasks/main.yml
Normal file
@@ -0,0 +1,28 @@
|
||||
- name: "copy telegraf.rpm to destination server"
|
||||
copy:
|
||||
src: "{{ role_path }}/files/telegraf-1.13.0-1.x86_64.rpm"
|
||||
dest: /tmp
|
||||
|
||||
- name: "install telegraf"
|
||||
yum:
|
||||
name:
|
||||
- /tmp/telegraf-1.13.0-1.x86_64.rpm
|
||||
state: present
|
||||
|
||||
- name: "Templates telegraf.conf"
|
||||
template:
|
||||
src: "{{role_path}}/templates/telegraf_statistic.conf.j2"
|
||||
dest: /etc/telegraf/telegraf_statistic.conf
|
||||
tags: template
|
||||
|
||||
- name: "copy telegraf_statistic.service to destination server"
|
||||
copy:
|
||||
src: "{{ role_path }}/files/telegraf_statistic.service"
|
||||
dest: /usr/lib/systemd/system
|
||||
mode: 0755
|
||||
|
||||
- name: "Start telegraf"
|
||||
systemd:
|
||||
name: telegraf_statistic.service
|
||||
state: started
|
||||
enabled: yes
|
||||
29
roles/telegraf_statistic/templates/telegraf_statistic.conf.j2
Executable file
29
roles/telegraf_statistic/templates/telegraf_statistic.conf.j2
Executable file
@@ -0,0 +1,29 @@
|
||||
[global_tags]
|
||||
[agent]
|
||||
interval = "30s"
|
||||
round_interval = true
|
||||
metric_batch_size = 1000
|
||||
metric_buffer_limit = 10000
|
||||
collection_jitter = "0s"
|
||||
flush_interval = "10s"
|
||||
flush_jitter = "0s"
|
||||
precision = ""
|
||||
debug = false
|
||||
quiet = false
|
||||
logfile = ""
|
||||
hostname = ""
|
||||
omit_hostname = false
|
||||
[[outputs.file]]
|
||||
files = ["stdout", "/tmp/metrics.out"]
|
||||
data_format = "json"
|
||||
[[outputs.kafka]]
|
||||
brokers = ["192.168.40.186:9092"]
|
||||
topic = "TRAFFIC-METRICS-LOG"
|
||||
data_format = "json"
|
||||
[[outputs.prometheus_client]]
|
||||
listen = ":9273"
|
||||
path = "/metrics"
|
||||
[[inputs.tcp_listener]]
|
||||
[[inputs.udp_listener]]
|
||||
ServiceAddress= ":8100"
|
||||
data_format = "influx"
|
||||
Binary file not shown.
BIN
roles/tfe/files/tfe-4.3.5.0db794c-1.el7.x86_64.rpm
Normal file
BIN
roles/tfe/files/tfe-4.3.5.0db794c-1.el7.x86_64.rpm
Normal file
Binary file not shown.
22
roles/tfe/files/tfe.service
Executable file
22
roles/tfe/files/tfe.service
Executable file
@@ -0,0 +1,22 @@
|
||||
[Unit]
|
||||
Description=Tango Frontend Engine
|
||||
Requires=tfe-env.service
|
||||
After=tfe-env.service
|
||||
|
||||
|
||||
[Service]
|
||||
Type=notify
|
||||
ExecStart=/opt/tsg/tfe/bin/tfe
|
||||
WorkingDirectory=/opt/tsg/tfe/
|
||||
TimeoutSec=3600s
|
||||
RestartSec=10s
|
||||
Restart=always
|
||||
LimitNOFILE=524288
|
||||
LimitNPROC=infinity
|
||||
LimitCORE=infinity
|
||||
TasksMax=infinity
|
||||
Delegate=yes
|
||||
KillMode=process
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
@@ -4,11 +4,17 @@
|
||||
src: "{{ role_path }}/files/"
|
||||
dest: /tmp/ansible_deploy/
|
||||
|
||||
- name: "copy tfe.service to destination server"
|
||||
copy:
|
||||
src: "{{ role_path }}/files/tfe.service"
|
||||
dest: /usr/lib/systemd/system/
|
||||
mode: 0755
|
||||
|
||||
- name: "install tfe rpms from localhost"
|
||||
yum:
|
||||
name:
|
||||
- /tmp/ansible_deploy/tfe-kmod-v1.0.5.20200408-1dkms.noarch.rpm
|
||||
- /tmp/ansible_deploy/tfe-4.3.2.374930d-1.el7.x86_64.rpm
|
||||
- /tmp/ansible_deploy/tfe-4.3.5.0db794c-1.el7.x86_64.rpm
|
||||
state: present
|
||||
|
||||
- name: "template tfe-env config"
|
||||
|
||||
@@ -2,12 +2,13 @@
|
||||
log_level=30
|
||||
|
||||
[log]
|
||||
{% if tsg_access_type == 0 %}
|
||||
nic_name={{ tsg_tun_mode.ethname }}
|
||||
{% if tsg_running_type == 0 or 1 %}
|
||||
nic_name={{ server.ethname }}
|
||||
{% else %}
|
||||
nic_name={{ nic_mgr.name }}
|
||||
{% endif %}
|
||||
entrance_id=0
|
||||
device_id_filepath=/opt/tsg/etc/tsg_sn.json
|
||||
kafka_brokerlist= {{ log_kafkabrokers.address }}
|
||||
kafka_topic=PROXY-EVENT-LOG
|
||||
|
||||
|
||||
@@ -1,14 +1,20 @@
|
||||
{% if tsg_access_type == 0 %}
|
||||
TFE_DEVICE_DATA_INCOMING={{ tsg_tun_mode.tun_name }}
|
||||
{% if tsg_access_type == 4 %}
|
||||
TFE_DEVICE_DATA_INCOMING={ nic_data_incoming.vf2_name }}
|
||||
{% elif tsg_running_type == 0 %}
|
||||
TFE_DEVICE_DATA_INCOMING=tun_kni
|
||||
{% else %}
|
||||
TFE_DEVICE_DATA_INCOMING={{ nic_data_incoming.name }}
|
||||
{% endif %}
|
||||
TFE_LOCAL_MAC_DATA_INCOMING=fe:65:b7:03:50:bd
|
||||
{% if tsg_access_type == 4 %}
|
||||
TFE_PEER_MAC_DATA_INCOMING=00:0e:c6:d6:72:c1
|
||||
{% else %}
|
||||
TFE_PEER_MAC_DATA_INCOMING=aa:bb:cc:dd:ee:ff
|
||||
{% endif %}
|
||||
TFE_LOCAL_IP_DATA_INCOMING=172.16.241.2
|
||||
TFE_PEER_IP_DATA_INCOMING=172.16.241.1
|
||||
|
||||
{% if tsg_access_type == 0 %}
|
||||
TFE_WATCHDOG_DEVICE={{ tsg_tun_mode.tun_name }}
|
||||
{% if tsg_running_type == 0 or 1 %}
|
||||
TFE_WATCHDOG_DEVICE={{ server.tun_name }}
|
||||
TFE_WATCHDOG_IP=192.168.100.1
|
||||
{% endif %}
|
||||
|
||||
@@ -31,8 +31,8 @@ service_cache_expire_seconds=600
|
||||
# default 0
|
||||
mc_cache_enable=1
|
||||
# default eth0
|
||||
{% if tsg_access_type == 0 %}
|
||||
mc_cache_eth={{ tsg_tun_mode.tun_name }}
|
||||
{% if tsg_running_type == 0 or 1 %}
|
||||
mc_cache_eth={{ server.tun_name }}
|
||||
{% else %}
|
||||
mc_cache_eth={{ nic_inner_ctrl.name }}
|
||||
{% endif %}
|
||||
@@ -50,12 +50,13 @@ cert_store_host= {{ cert_store_server.address }}
|
||||
cert_store_port= {{ cert_store_server.port }}
|
||||
ca_path=resource/tfe/tango-ca-v3-trust-ca.pem
|
||||
untrusted_ca_path=resource/tfe/tango-ca-v3-untrust-ca.pem
|
||||
enable_health_check=0
|
||||
|
||||
[debug]
|
||||
passthrough_all_tcp=0
|
||||
|
||||
[traffic_mirror]
|
||||
{% if tsg_access_type == 0 %}
|
||||
{% if tsg_running_type == 0 or 1 %}
|
||||
device=lo
|
||||
{% else %}
|
||||
device={{ nic_traffic_mirror.name }}
|
||||
@@ -78,11 +79,11 @@ tcp_ttl_upstream=75
|
||||
tcp_ttl_downstream=70
|
||||
|
||||
[log]
|
||||
level=30
|
||||
level=10
|
||||
|
||||
[stat]
|
||||
statsd_server={{ fs_remote.address }}
|
||||
statsd_port={{ fs_remote.port }}
|
||||
|
||||
[http]
|
||||
loglevel=30
|
||||
loglevel=10
|
||||
|
||||
0
roles/tsg-diagnose/files/rpms/.gitkeep
Normal file
0
roles/tsg-diagnose/files/rpms/.gitkeep
Normal file
19
roles/tsg-diagnose/tasks/DockerEnv.yml
Normal file
19
roles/tsg-diagnose/tasks/DockerEnv.yml
Normal file
@@ -0,0 +1,19 @@
|
||||
---
|
||||
- name: "Install docker-ce"
|
||||
yum:
|
||||
name: "/tmp/ansible_deploy/tsg-diagnose/rpms/rpm-docker/docker-ce/{{ item }}"
|
||||
state: present
|
||||
with_items: "{{ dockerEnvRpm.dockerCe }}"
|
||||
|
||||
- name: "Install docker-compose"
|
||||
yum:
|
||||
name: "/tmp/ansible_deploy/tsg-diagnose/rpms/rpm-docker/docker-compose/{{ item }}"
|
||||
state: present
|
||||
with_items: "{{ dockerEnvRpm.dockerCompose }}"
|
||||
|
||||
- name: 'Docker service start'
|
||||
systemd:
|
||||
name: docker
|
||||
enabled: yes
|
||||
daemon_reload: yes
|
||||
|
||||
12
roles/tsg-diagnose/tasks/TsgDiagnose.yml
Normal file
12
roles/tsg-diagnose/tasks/TsgDiagnose.yml
Normal file
@@ -0,0 +1,12 @@
|
||||
---
|
||||
- name: "Install tsg-diagnose rpm package"
|
||||
yum:
|
||||
name:
|
||||
- "/tmp/ansible_deploy/tsg-diagnose/rpms/{{rpmdict.tsgDiagnose.fullname}}"
|
||||
state: present
|
||||
|
||||
- name: 'Tsg-diagnose service start'
|
||||
systemd:
|
||||
name: tsg-diagnose
|
||||
enabled: yes
|
||||
daemon_reload: yes
|
||||
14
roles/tsg-diagnose/tasks/main.yml
Normal file
14
roles/tsg-diagnose/tasks/main.yml
Normal file
@@ -0,0 +1,14 @@
|
||||
---
|
||||
- name: 'Copy tsg-diagnose file to device'
|
||||
copy:
|
||||
src: "{{item.src}}"
|
||||
dest: "{{item.dest}}"
|
||||
mode: "{{item.mode}}"
|
||||
with_items:
|
||||
- { src: "{{ role_path }}/files/", dest: "/tmp/ansible_deploy/tsg-diagnose", mode: '0755' }
|
||||
|
||||
- name: 'Install docker env rpm'
|
||||
include: DockerEnv.yml
|
||||
|
||||
- name: 'Install Tsg-diagnose'
|
||||
include: TsgDiagnose.yml
|
||||
@@ -1,11 +1,27 @@
|
||||
#!/bin/bash
|
||||
modprobe 8021q
|
||||
vconfig add {{ tsg_tun_mode.ethname }} 100
|
||||
vconfig set_flag {{ tsg_tun_mode.ethname }}.100 1 1
|
||||
ifconfig {{ tsg_tun_mode.ethname }}.100 192.168.100.1 netmask 255.255.255.0 up
|
||||
ethtool -K {{ tsg_tun_mode.internal_interface }} tso off
|
||||
ethtool -K {{ tsg_tun_mode.internal_interface }} gso off
|
||||
ethtool -K {{ tsg_tun_mode.internal_interface }} gro off
|
||||
ethtool -K {{ tsg_tun_mode.external_interface }} tso off
|
||||
ethtool -K {{ tsg_tun_mode.external_interface }} gso off
|
||||
ethtool -K {{ tsg_tun_mode.external_interface }} gro off
|
||||
vconfig add {{ server.ethname }} 100
|
||||
vconfig set_flag {{ server.ethname }}.100 1 1
|
||||
ifconfig {{ server.ethname }}.100 192.168.100.1 netmask 255.255.255.0 up
|
||||
{% if tsg_access_type == 0 %}
|
||||
ethtool -K {{ server.internal_interface }} tso off
|
||||
ethtool -K {{ server.internal_interface }} gso off
|
||||
ethtool -K {{ server.internal_interface }} gro off
|
||||
ethtool -K {{ server.external_interface }} tso off
|
||||
ethtool -K {{ server.external_interface }} gso off
|
||||
ethtool -K {{ server.external_interface }} gro off
|
||||
{% elif tsg_access_type == 4 %}
|
||||
echo 3 > /sys/class/net/{{ nic_data_incoming.ethname }}/device/sriov_numvfs
|
||||
ip link set {{ nic_data_incoming.ethname }} vf 1 vlan 4095
|
||||
ip link set {{ nic_data_incoming.ethname }} vf 2 vlan 4095
|
||||
ip link set {{ nic_data_incoming.ethname }} vf 0 trust on
|
||||
ip link set {{ nic_data_incoming.ethname }} vf 1 trust on
|
||||
ip link set {{ nic_data_incoming.ethname }} vf 2 trust on
|
||||
ip link set {{ nic_data_incoming.ethname }} vf 1 mac 00:0e:c6:d6:72:c1
|
||||
ip link set {{ nic_data_incoming.ethname }} vf 2 mac fe:65:b7:03:50:bd
|
||||
ip link set {{ nic_data_incoming.ethname }} vf 0 spoofchk off
|
||||
ip link set {{ nic_data_incoming.vf0_name }} up
|
||||
ip link set {{ nic_data_incoming.vf1_name }} up
|
||||
ip link set {{ nic_data_incoming.vf2_name }} up
|
||||
{% endif %}
|
||||
|
||||
|
||||
@@ -1,5 +1,8 @@
|
||||
#!/bin/bash
|
||||
#
|
||||
echo 0 >/sys/class/net/ens1/device/sriov_numvfs
|
||||
ifconfig {{ tsg_tun_mode.ethname }}.100 down
|
||||
vconfig rem {{ tsg_tun_mode.ethname }}.100
|
||||
echo 0 >/sys/class/net/{{ server.ethname }}/device/sriov_numvfs
|
||||
ifconfig {{ server.ethname }}.100 down
|
||||
vconfig rem {{ server.ethname }}.100
|
||||
{% if tsg_access_type == 4 %}
|
||||
echo 0 >/sys/class/net/{{ nic_data_incoming.ethname }}/device/sriov_numvfs
|
||||
{% endif %}
|
||||
|
||||
BIN
roles/tsg_master/files/tsg_master-1.3.3.65833d7-2.el7.x86_64.rpm
Normal file
BIN
roles/tsg_master/files/tsg_master-1.3.3.65833d7-2.el7.x86_64.rpm
Normal file
Binary file not shown.
Binary file not shown.
@@ -6,5 +6,6 @@
|
||||
- name: "install tsg_master from localhost"
|
||||
yum:
|
||||
name:
|
||||
- /tmp/ansible_deploy/tsg_master-debug-1.0.3.a4e2a7c-1.el7.centos.x86_64.rpm
|
||||
- /tmp/ansible_deploy/tsg_master-1.3.3.65833d7-2.el7.x86_64.rpm
|
||||
state: present
|
||||
skip_broken: yes
|
||||
|
||||
Reference in New Issue
Block a user