修改mrglobal.conf vlan filter配置

install_config/group_vars/all.yml

@@ -68,9 +68,20 @@ mrtunnat:
   lcore_id: 38
 
 ########################################
-tsg_tun_mode:
+nic_mgr:
-  ethname: eth0
+  name: eth0
-  tun_name: eth0.100
+nic_data_incoming:
-  internal_interface: "eth2"
+  name: tun_kni
+  address: 127.0.0.1
+nic_inner_ctrl:
+  name: eth0.100
+nic_traffic_mirror:
+  name: lo
+  use_mrzcpd: 0
+
+nic_transparent_mode:
+  enable: 1
+  mode: pcap
+  internel_interface: "eth2"
   external_interface: "eth3"
 

roles/clotho/templates/clotho.conf.j2

@@ -2,10 +2,6 @@
 BROKER_LIST={{ log_kafkabrokers.address }}
 
 [SYSTEM]
-{% if tsg_access_type == 0 %}
-NIC_NAME={{ tsg_tun_mode.ethname }}
-{% else %}
 NIC_NAME={{ nic_mgr.name }}
-{% endif %}
 LOG_LEVEL=10
 LOG_PATH=log/clotho

roles/firewall/tasks/main.yml

@@ -10,17 +10,17 @@
     state: present
   vars:
     fw_packages:
-      - /tmp/ansible_deploy/dns-2.0.2.5effe72-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/dns-debug-1.0.0.-1.el7.x86_64.rpm
-      - /tmp/ansible_deploy/ftp-1.0.4.5d3a283-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/ftp-debug-1.0.2.1cddd55-1.el7.centos.x86_64.rpm
-      - /tmp/ansible_deploy/http-2.0.1.e8f12ee-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/http-debug-1.0.0.-1.el7.x86_64.rpm
-      - /tmp/ansible_deploy/mail-1.0.3.cbc6034-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/mail-debug-1.0.0.-1.el7.x86_64.rpm
-      - /tmp/ansible_deploy/ssl-1.0.0.73e5273-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/ssl-debug-1.0.0.-1.el7.x86_64.rpm
       - /tmp/ansible_deploy/tsg_conn_record-1.0.0.2155660-1.el7.centos.x86_64.rpm
       - /tmp/ansible_deploy/fw_dns_plug-debug-1.0.3.ea8e0f6-1.el7.centos.x86_64.rpm
-      - /tmp/ansible_deploy/fw_ftp_plug-1.0.3.73372b5-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/fw_ftp_plug-debug-1.0.1.a5c1e05-1.el7.centos.x86_64.rpm
-      - /tmp/ansible_deploy/fw_ssl_plug-1.0.3.30fcf35-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/fw_http_plug-debug-1.0.8.620f455-1.el7.centos.x86_64.rpm
-      - /tmp/ansible_deploy/fw_mail_plug-1.0.4.03e1b53-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/fw_mail_plug-debug-1.0.2.f513698-1.el7.centos.x86_64.rpm
-      - /tmp/ansible_deploy/fw_http_plug-1.0.14.2f3b011-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/fw_ssl_plug-1.0.1.d232f96-1.el7.centos.x86_64.rpm
       - /tmp/ansible_deploy/capture_packet_plug-debug-1.0.0.-1.el7.x86_64.rpm
       - /tmp/ansible_deploy/clotho-debug-1.0.0.-1.el7.x86_64.rpm
 

roles/firewall/templates/capture_packet_plug.conf.j2

@@ -15,11 +15,7 @@ INC_CFG_DIR=capture_packet_rule/inc/index/
 FULL_CFG_DIR=capture_packet_rule/full/index/
 
 [LOG]
-{% if tsg_access_type == 0 %}
-NIC_NAME={{ tsg_tun_mode.ethname }}
-{% else %}
 NIC_NAME={{ nic_mgr.name }}
-{% endif %}
 BROKER_LIST={{ log_kafkabrokers.address }}
 FIELD_FILE=conf/capture_packet_log_field.conf
 

roles/firewall/templates/main.conf.j2

@@ -24,11 +24,7 @@ IP_ADDR_TABLE=TSG_SECURITY_ADDR
 
 [TSG_LOG]
 MODE=1
-{% if tsg_access_type == 0 %}
-NIC_NAME={{ tsg_tun_mode.ethname }}
-{% else %}
 NIC_NAME={{ nic_mgr.name }}
-{% endif %}
 MAX_SERVICE=1
 LOG_LEVEL=10
 LOG_PATH=./tsglog/tsglog

roles/framework/tasks/main.yml

@@ -7,32 +7,9 @@
   yum:
     name: "{{ packages }}"
     state: present
-    skip_broken: yes
   vars:
     packages:
-      - /tmp/ansible_deploy/libMESA_field_stat-1.0.1.852c2df-1.el7.x86_64.rpm
+      - /tmp/ansible_deploy/framework-debug-2.0.17.1e678c4-1.el7.centos.x86_64.rpm
-      - /tmp/ansible_deploy/libMESA_field_stat2-2.8.6.c183ed6-1.el7.x86_64.rpm
-      - /tmp/ansible_deploy/libMESA_handle_logger-1.0.8.bd5f0ac-1.el7.x86_64.rpm
-      - /tmp/ansible_deploy/libMESA_htable-3.10.11.6275308-1.el7.x86_64.rpm
-      - /tmp/ansible_deploy/libMESA_prof_load-1.0.5.bf755de-1.el7.x86_64.rpm
-      - /tmp/ansible_deploy/libWiredLB-2.0.3.c7d131b-1.el7.x86_64.rpm
-      - /tmp/ansible_deploy/libcjson-1.7.8.542ad7f-1.el7.x86_64.rpm
-      - /tmp/ansible_deploy/libdocumentanalyze-2.0.4.efdfc29-1.el7.x86_64.rpm
-      - /tmp/ansible_deploy/libmaatframe-2.8.1.8729ebf-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/librulescan-2.1.7.c27f70d-1.el7.x86_64.rpm
-      - /tmp/ansible_deploy/libwiredcfg-2.0.2.7ce1eea-1.el7.x86_64.rpm
-      - /tmp/ansible_deploy/lz4-1.7.5-3.el7.x86_64.rpm
-      - /tmp/ansible_deploy/librdkafka-0.11.4-1.el7.x86_64.rpm
-
-- name: "mkdir /etc/ld.so.conf.d/"
-  file:
-    path: /etc/ld.so.conf.d/
-    state: directory
-
-- name: "copy framework.conf to destination server"
-  copy:
-    src: "{{ role_path }}/files/framework.conf"
-    dest: /etc/ld.so.conf.d/
 
 - name: "update ld"
   command: ldconfig

roles/kni/templates/kni.conf.j2

@@ -2,11 +2,7 @@
 log_path = ./log/kni/kni.log
 log_level = {{ kni.global.log_level }}
 tfe_node_count = {{ kni.global.tfe_node_count }}
-{% if tsg_access_type == 0 %}
-manage_eth = {{ tsg_tun_mode.ethname }}
-{% else %}
 manage_eth = {{ nic_mgr.name }}
-{% endif %}
 {% if tsg_access_type == 0 %}
 deploy_mode = tun
 {% else %}
@@ -34,20 +30,12 @@ ip_addr = 192.168.100.4
 {% endif %}
 
 [tfe_cmsg_receiver]
-{% if tsg_access_type == 0 %}
-listen_eth = {{ tsg_tun_mode.tun_name }}
-{% else %}
 listen_eth = {{ nic_inner_ctrl.name }}
-{% endif %}
 listen_port = 2475
 
 [watch_dog]
 switch = {{ kni.watch_dog.switch }}
-{% if tsg_access_type == 0 %}
-listen_eth = {{ tsg_tun_mode.tun_name }}
-{% else %}
 listen_eth = {{ nic_inner_ctrl.name }}
-{% endif %}
 listen_port = 2476
 keepalive_idle = 2
 keepalive_intvl = 1

roles/mrzcpd/tasks/main.yml

@@ -6,7 +6,7 @@
 
 - name: "install mrzcpd"
   yum:
-    name: /tmp/ansible_deploy/mrzcpd-4.3.19.f936069-1.el7.x86_64.rpm
+    name: /tmp/ansible_deploy/mrzcpd-4.3.18.f543325-1.el7.x86_64.rpm
     state: present
 
 - name: "update sysconfig/mrzcpd"
@@ -20,14 +20,6 @@
     dest: /opt/mrzcpd/etc/mrglobal.conf
   when: nic_traffic_mirror is defined
 
-
-- name: "update mrglobal.conf.tun_mode - tun_server"
-  template:
-    src: "{{ role_path }}/templates/mrglobal.conf.tun_mode.j2"
-    dest: /opt/mrzcpd/etc/mrglobal.conf
-  when: 
-    - tsg_access_type == 0
-
 - name: "update mrglobal.conf.inline - blade00"
   template:
     src: "{{ role_path }}/templates/mrglobal.conf.inline.j2"
@@ -44,14 +36,6 @@
     - nic_traffic_mirror is not defined
     - tsg_access_type == 2
 
-- name: "update mrglobal.conf.allot - blade00"
-  template:
-    src: "{{ role_path }}/templates/mrglobal.conf.adc_tun_mode.j2"
-    dest: /opt/mrzcpd/etc/mrglobal.conf
-  when: 
-    - nic_traffic_mirror is not defined
-    - tsg_access_type == 3
-
 - name: "update mrtunnat.conf.inline - blade00"
   template:
     src: "{{ role_path }}/templates/mrtunnat.conf.inline.j2"
@@ -68,14 +52,6 @@
     - nic_traffic_mirror is not defined
     - tsg_access_type == 2
 
-- name: "update mrtunnat.conf.allot_access - blade00"
-  template:
-    src: "{{ role_path }}/templates/mrtunnat.conf.adc_tun_mode.j2"
-    dest: /opt/mrzcpd/etc/mrtunnat.conf
-  when: 
-    - nic_traffic_mirror is not defined
-    - tsg_access_type == 3
-
 - name: "enable mrenv"
   systemd:
     name: mrenv
@@ -85,19 +61,19 @@
 - name: "enable mrzcpd"
   systemd:
     name: mrzcpd
-    enabled: yes
+    enabled: 1
     daemon_reload: yes
 
 - name: "enable mrtunnat on master"
   systemd:
     name: mrtunnat
-    enabled: yes
+    enabled: 1
     daemon_reload: yes
   when: nic_traffic_mirror is not defined
 
 - name: "disable mrtunnat on slave"
   systemd:
     name: mrtunnat
-    enabled: no
+    enabled: 0
     daemon_reload: yes
   when: nic_traffic_mirror is defined

roles/mrzcpd/templates/mrglobal.conf.adc_tun_mode.j2

@@ -1,67 +0,0 @@
-[device]
-device={{nic_data_incoming.name}},{{nic_to_tfe.tfe0.name}},{{nic_to_tfe.tfe1.name}},{{nic_to_tfe.tfe2.name}},vxlan_user,vxlan_fwd
-sz_tunnel=8192
-sz_buffer=0
-
-[device:{{nic_data_incoming.name}}]
-jumbo_frame=1
-max_rx_pkt_len=15360
-clear_tx_flags=1
-vlan-filter=1
-vlan-id-allow=1000,1001,2000,2001,4000,4001
-#vlan-pvid=0
-#vlan-pvid-mode=0
-
-[device:{{nic_to_tfe.tfe0.name}}]
-jumbo_frame=1
-max_rx_pkt_len=15360
-clear_tx_flags=1
-promisc=1
-
-[device:{{nic_to_tfe.tfe1.name}}]
-jumbo_frame=1
-max_rx_pkt_len=15360
-clear_tx_flags=1
-promisc=1
-
-[device:{{nic_to_tfe.tfe2.name}}]
-jumbo_frame=1
-max_rx_pkt_len=15360
-clear_tx_flags=1
-promisc=1
-
-[service]
-# lcore id for i/o service, use comma to split
-iocore={{ mrzcpd.iocore }}
-distmode=2
-hashmode=0
-
-[eal]
-virtaddr=0x7f40c4a00000
-loglevel=7
-
-[keepalive]
-check_spinlock=0
-
-[ctrlzone]
-ctrlzone0=tunnat,64
-
-[pool]
-create_mode=3
-sz_direct_pktmbuf=4194304
-sz_indirect_pktmbuf=8192
-sz_cache=256
-sz_data=4096
-
-[forward]
-nr_forward_rule=10
-forward_rule_0=pv,{{nic_data_incoming.name}},{{nic_data_incoming.name}}
-forward_rule_1=vp,{{nic_data_incoming.name}},{{nic_data_incoming.name}}
-forward_rule_2=vv,vxlan_fwd,vxlan_user
-forward_rule_3=vv,vxlan_user,vxlan_fwd
-forward_rule_4=pv,{{nic_to_tfe.tfe0.name}},{{nic_to_tfe.tfe0.name}}
-forward_rule_5=vp,{{nic_to_tfe.tfe0.name}},{{nic_to_tfe.tfe0.name}}
-forward_rule_6=pv,{{nic_to_tfe.tfe1.name}},{{nic_to_tfe.tfe1.name}}
-forward_rule_7=vp,{{nic_to_tfe.tfe1.name}},{{nic_to_tfe.tfe1.name}}
-forward_rule_8=pv,{{nic_to_tfe.tfe2.name}},{{nic_to_tfe.tfe2.name}}
-forward_rule_9=vp,{{nic_to_tfe.tfe2.name}},{{nic_to_tfe.tfe2.name}}

roles/mrzcpd/templates/mrglobal.conf.inline.j2

@@ -4,16 +4,29 @@ sz_tunnel=8192
 sz_buffer=0
 
 [device:{{nic_data_incoming.name}}]
+{% if nic_data_incoming.ip is defined %}
 in_addr={{nic_data_incoming.ip}}
+{% endif %}
+{% if nic_data_incoming.mask is defined %}
 in_mask={{nic_data_incoming.mask}}
+{% endif %}
+{% if nic_data_incoming.gw is defined %}
 gateway={{nic_data_incoming.gw}}
+{% endif %}
 jumbo_frame=1
 max_rx_pkt_len=15360
 clear_tx_flags=1
+{% if nic_data_incoming.ip is defined %}
 #vlan-filter=1
-#vlan-id-allow=1301,1302,2301,2302,1501,1502,2501,2502,1601,1602,2601,2602,1701,1702,2701,2702,1801,1802,2801,2802,1901,1902,2901,2902
+#vlan-id-allow=3811,3812,3813,3814,3821,3822,3823,3824,3831,3832,3833,3834,3841,3842,3843,3844
 #vlan-pvid=0
 #vlan-pvid-mode=0
+{% else %}
+vlan-filter=0
+vlan-id-allow=3811,3812,3813,3814,3821,3822,3823,3824,3831,3832,3833,3834,3841,3842,3843,3844
+vlan-pvid=0
+vlan-pvid-mode=0
+{% endif %}
 
 [device:{{nic_to_tfe.tfe0.name}}]
 jumbo_frame=1

roles/mrzcpd/templates/mrglobal.conf.tun_mode.j2

@@ -1,28 +0,0 @@
-[device]
-device=fake
-sz_tunnel=8192
-sz_buffer=0
-
-[device:lo]
-jumbo_frame=1
-max_rx_pkt_len=15360
-clear_tx_flags=1
-promisc=1
-
-[service]
-iocore={{ mrzcpd.iocore }}
-
-[eal]
-virtaddr=0x7d0000000000
-loglevel=7
-
-[keepalive]
-check_spinlock=1
-
-[pool]
-create_mode=3
-sz_direct_pktmbuf=4194304
-sz_indirect_pktmbuf=8192
-sz_cache=256
-sz_data=4096
-

roles/mrzcpd/templates/mrtunnat.conf.adc_tun_mode.j2

@@ -1,24 +0,0 @@
-[tunnat]
-lcore_id={{ mrtunnat.lcore_id }}
-appsym=tunnat
-phydev={{nic_data_incoming.name}}
-virtdev=vxlan_fwd
-nr_max_sessions=524280
-nr_slots=1048576
-expire_time=60
-reverse_tunnel=0
-use_recent_tunnel=0
-use_tuple4_as_sskey=1
-ctrlzone_addr_info_type=2
-
-[vlan_flipping]
-enable=1
-c_router_vlan_id_0=4000
-i_router_vlan_id_0=4001
-en_mac_flipping_0=0
-c_router_vlan_id_1=1000
-i_router_vlan_id_1=1001
-en_mac_flipping_1=0
-c_router_vlan_id_2=2000
-i_router_vlan_id_2=2001
-en_mac_flipping_2=0

roles/sapp/tasks/main.yml

@@ -7,12 +7,20 @@
 - name: "install sapp rpms from localhost"
   yum:
     name:
-      - /tmp/ansible_deploy/tsg_master-1.0.6.7c22c8d-2.el7.x86_64.rpm
+    #  - /tmp/ansible_deploy/sapp-4.0.11.347f7b7-x86_64.rpm
-      - /tmp/ansible_deploy/sapp-4.0.12.f8435d8-x86_64.rpm
+      - /tmp/ansible_deploy/tsg_master-debug-1.0.3.a4e2a7c-1.el7.centos.x86_64.rpm
     state: present
-    skip_broken: yes
 
-- name: "mkdir tsgconf"
+- name: "judge sapp"
+  shell: rpm -qa |grep sapp
+  register: return
+  ignore_errors: true
+
+- name: "install sapp rpms from localhost"
+  shell: cd /tmp/ansible_deploy;rpm -ivh sapp-4.0.8.fb5bce9-1.el7.x86_64.rpm
+  when: return.rc != 0
+
+- name: make dir
   file:
     path: /home/mesasoft/sapp_run/tsgconf
     state: directory

roles/sapp/templates/sapp.toml.j2

@@ -27,7 +27,7 @@ BSD_packet_filter=""
    
 ### note, depolyment.mode options: [mirror, inline, transparent]
     [packet_io.depolyment]
-    {% if tsg_access_type == 0 %}
+    {% if nic_transparent_mode.enable == 1 %}
     mode=transparent
     {% else %}
     mode=inline
@@ -35,18 +35,18 @@ BSD_packet_filter=""
 
 ### note, interface.type options: [pag,pcap,marsio]
     [packet_io.internal.interface]
-    {% if tsg_access_type == 0 %}
+    {% if nic_transparent_mode.enable == 1 %}
-    type=pcap
+    type={{nic_transparent_mode.mode}}
-    name={{tsg_tun_mode.internal_interface}}
+    name={{nic_transparent_mode.internel_interface}}
     {% else %}
     type=marsio
     name=vxlan_user
     {% endif %}
 
     [packet_io.external.interface]
-    {% if tsg_access_type == 0 %}
+    {% if nic_transparent_mode.enable %}
-    type=pcap
+    type={{nic_transparent_mode.mode}}
-    name={{tsg_tun_mode.external_interface}}
+    name={{nic_transparent_mode.external_interface}}
     {% else %}
     type=pcap
     name=lo

roles/tfe/tasks/main.yml

@@ -8,7 +8,7 @@
   yum:
     name:
       - /tmp/ansible_deploy/tfe-kmod-v1.0.5.20200408-1dkms.noarch.rpm
-      - /tmp/ansible_deploy/tfe-4.3.2.374930d-1.el7.x86_64.rpm
+      - /tmp/ansible_deploy/tfe-4.3.1.cc89b5b-1.el7.x86_64.rpm
     state: present
 
 - name: "template tfe-env config"

roles/tfe/templates/pangu_pxy.conf.j2

@@ -2,11 +2,7 @@
 log_level=30
 
 [log]
-{% if tsg_access_type == 0 %}
+nic_name= {{ nic_mgr.name }}
-nic_name={{ tsg_tun_mode.ethname }}
-{% else %}
-nic_name={{ nic_mgr.name }}
-{% endif %}
 entrance_id=0
 kafka_brokerlist= {{ log_kafkabrokers.address }}
 kafka_topic=PROXY-EVENT-LOG

roles/tfe/templates/tfe-env-config.j2

@@ -1,14 +1,11 @@
-{% if tsg_access_type == 0 %}
+
-TFE_DEVICE_DATA_INCOMING={{ tsg_tun_mode.tun_name }}
+TFE_DEVICE_DATA_INCOMING={{nic_data_incoming.name}}
-{% else %}
-TFE_DEVICE_DATA_INCOMING={{ nic_data_incoming.name }}
-{% endif %}
 TFE_LOCAL_MAC_DATA_INCOMING=fe:65:b7:03:50:bd
 TFE_PEER_MAC_DATA_INCOMING=aa:bb:cc:dd:ee:ff
 TFE_LOCAL_IP_DATA_INCOMING=172.16.241.2
 TFE_PEER_IP_DATA_INCOMING=172.16.241.1
 
 {% if tsg_access_type == 0 %}
-TFE_WATCHDOG_DEVICE={{ tsg_tun_mode.tun_name }}
+TFE_WATCHDOG_DEVICE={{ nic_inner_ctrl.name }}
 TFE_WATCHDOG_IP=192.168.100.1
 {% endif %}

roles/tfe/templates/tfe.conf.j2

@@ -4,7 +4,6 @@ enable_breakpad=1
 enable_breakpad_upload=0
 breakpad_minidump_dir=/run/tfe/crashreport/
 breakpad_upload_url=http://127.0.0.1:9000/
-disable_coredump=0
 
 [kni]
 ip=192.168.100.1
@@ -31,11 +30,7 @@ service_cache_expire_seconds=600
 # default 0
 mc_cache_enable=1
 # default eth0
-{% if tsg_access_type == 0 %}
-mc_cache_eth={{ tsg_tun_mode.tun_name }}
-{% else %}
 mc_cache_eth={{ nic_inner_ctrl.name }}
-{% endif %}
 # default NULL
 mc_cache_broker_list={{ log_kafkabrokers.address }}
 # default PXY-EXCH-INTERMEDIA-CERT
@@ -55,11 +50,7 @@ untrusted_ca_path=resource/tfe/tango-ca-v3-untrust-ca.pem
 passthrough_all_tcp=0
 
 [traffic_mirror]
-{% if tsg_access_type == 0 %}
-device=lo
-{% else %}
 device={{ nic_traffic_mirror.name }}
-{% endif %}
 type=0
 
 [ratelimit]

roles/tsg-env-tun-mode/templates/setup.j2

@@ -1,11 +1,12 @@
 #!/bin/bash
 modprobe 8021q
-vconfig add {{ tsg_tun_mode.ethname }} 100
+vconfig add {{ nic_mgr.name }} 100
-vconfig set_flag {{ tsg_tun_mode.ethname }}.100 1 1
+vconfig set_flag {{ nic_mgr.name }}.100 1 1
-ifconfig {{ tsg_tun_mode.ethname }}.100 192.168.100.1 netmask 255.255.255.0 up
+ifconfig {{ nic_mgr.name }}.100 192.168.100.1 netmask 255.255.255.0 up
-ethtool -K {{ tsg_tun_mode.internal_interface }} tso off
+ethtool -K {{ nic_transparent_mode.internel_interface }} tso off
-ethtool -K {{ tsg_tun_mode.internal_interface }} gso off
+ethtool -K {{ nic_transparent_mode.internel_interface }} gso off
-ethtool -K {{ tsg_tun_mode.internal_interface }} gro off
+ethtool -K {{ nic_transparent_mode.internel_interface }} gro off
-ethtool -K {{ tsg_tun_mode.external_interface }} tso off
+ethtool -K {{ nic_transparent_mode.externel_interface }} tso off
-ethtool -K {{ tsg_tun_mode.external_interface }} gso off
+ethtool -K {{ nic_transparent_mode.externel_interface }} gso off
-ethtool -K {{ tsg_tun_mode.external_interface }} gro off
+ethtool -K {{ nic_transparent_mode.externel_interface }} gro off
+

roles/tsg-env-tun-mode/templates/tsg-env_stop.j2

@@ -1,5 +1,5 @@
 #!/bin/bash
 #
 echo 0 >/sys/class/net/ens1/device/sriov_numvfs
-ifconfig {{ tsg_tun_mode.ethname }}.100 down
+ifconfig {{ nic_mgr.name }}.100 down
-vconfig rem {{ tsg_tun_mode.ethname }}.100
+vconfig rem {{ nic_mgr.name }}.100