修改main.yml中的voip引用的table info表项

adc_deploy.yml

@@ -90,6 +90,7 @@
   roles:
     - {role: framework, tags: framework}
     - {role: packet_dump, tags: packet_dump}
+    - {role: dump_rtp_pcap, tags: dump_rtp_pcap}
 
 - hosts: app_global
   remote_user: root

install_config/group_vars/adc_global.yml

@@ -34,9 +34,13 @@ cert_store_server:
 log_kafkabrokers:
   address: ['1.1.1.1:9092','2.2.2.2:9092']
 
-log_minio:
-  address: "10.4.62.253"
-  port: 9090
+#log_minio:
+#  address: "10.4.62.253"
+#  port: 9090
+pangu_pxy:
+  log_cache:
+    address: "10.9.62.253"
+    port: 9090
 
 #########################################
 #Log Level Config
@@ -70,6 +74,9 @@ sapp:
   send_only_threads_max: 1
   bind_mask: 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43
   inbound_route_dir: 1
+  prometheus_enable: 1
+  prometheus_port: 9273
+  prometheus_url_path: "/metrics"
 
 ########################################
 #Kni Config
@@ -107,38 +114,42 @@ mrtunnat:
 
 #########################################
 #Tsg_app
-tsg_app_enable: 0
-app_global_ip: "1.1.1.1"
-applog_level: 10
-app_master_log_level: 10
-app_sketch_local_log_level: 10
-app_control_plug_log_level: 10
+tsg_app:
+  enable: 0
 
 breakpad_upload_url: http://10.4.63.4:9000/api/2/minidump/?sentry_key=3203b43fd5384a7dbe6a48ecb1f3c595
 data_center: Kyzylorda
 tsg_master_entrance_id: 9
 nic_mgr: 
    name: em1
-   
-sapp_prometheus_enable: 1
-sapp_prometheus_port: 9273
-sapp_prometheus_url_path: "/metrics"
+
+firewall:
+  hos_serverip: "192.168.40.223"
+  hos_serverport: 9098
+  hos_accesskeyid: "default"
+  hos_secretkey: "default"
+  hos_poolsize: 100
+  hos_thread_sum: 32
+  hos_cache_size: 102400
+  hos_fs2_serverip: "127.0.0.1"
+  hos_fs2_serverport: 10086
+  APP_SKETCH_LOG_LEVEL: 10
+  APP_SKETCH_LOG_PATH: "./tsglog/app_sketch_local/app_sketch_local"
+  APP_SKETCH_L7_PROTOCOL_LABEL: "BASIC_PROTO_LABEL"
+  APP_SKETCH_QOS: 1
+  APP_SKETCH_PUBLISH_TOPIC: "APP_SIGNATURE_ID"
+  APP_SKETCH_BROKER_LIST: "tcp://192.168.40.161:1883"
 
 
-hos_serverip: "192.168.40.223"
-hos_serverport: 9098
-hos_accesskeyid: "default"
-hos_secretkey: "default"
-hos_poolsize: 100
-hos_thread_sum: 32
-hos_cache_size: 102400
-hos_fs2_serverip: "127.0.0.1"
-hos_fs2_serverport: 10086
-
-APP_SKETCH_LOG_LEVEL: 10
-APP_SKETCH_LOG_PATH: "./tsglog/app_sketch_local/app_sketch_local"
-APP_SKETCH_L7_PROTOCOL_LABEL: "BASIC_PROTO_LABEL"
-APP_SKETCH_QOS: 1
-APP_SKETCH_PUBLISH_TOPIC: "APP_SIGNATURE_ID"
-APP_SKETCH_BROKER_LIST: "tcp://192.168.40.161:1883"
-
+dump_rtp_pcap:
+  aws_access_key_id: "default"
+  aws_secret_access_key: "default"
+  aws_session_token: "c21f969b5f03d33d43e04f8f136e7682"
+  consume_bootstrap_servers: ['192.168.44.14:9092']
+  endpoint_url: "http://192.168.44.67:9098/hos/"
+  produce_bootstrap_servers: "192.168.44.14:9092"
+  queue_size: 5000000
+  coroutine_max_num: 200
+  coroutine_num: 100
+  qfull_mode: 0
+  qfull_interval: 5

install_config/group_vars/server_as_tun_mode.yml

@@ -45,9 +45,10 @@ cert_store_server:
 log_kafkabrokers:
   address: ['1.1.1.1:9092','2.2.2.2:9092']
 
-log_minio:
-  address: "10.9.62.253"
-  port: 9090
+
+#log_minio:
+#  address: "10.9.62.253"
+#  port: 9090
 
 #########################################
 #Log Level Config
@@ -81,6 +82,10 @@ sapp:
   send_only_threads_max: 1
   bind_mask: 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24
   inbound_route_dir: 1
+  prometheus_enable: 1
+  prometheus_port: 9273
+  prometheus_url_path: "/metrics"
+
 
 #########################################
 #Sapp Double-Arm Config
@@ -121,16 +126,12 @@ mrtunnat:
 
 #########################################
 #Tsg_app
-tsg_app_enable: 1
-app_global_ip: "1.1.1.1"
-applog_level: 10
-app_master_log_level: 10
-app_sketch_local_log_level: 10
-app_control_plug_log_level: 10
+tsg_app:
+  enable: 1
 
 #########################################
 #ATCA Config
-#下列配置只在tsg_access_type=4时生效
+#下列配置只在tsg_access_type=4 or 5时生效
 ATCA_data_incoming:
   ethname: enp1s0
   vf0_name: enp1s2
@@ -162,23 +163,38 @@ breakpad_upload_url: http://127.0.0.1:9000/api/2/minidump/?sentry_key=3556bac347
 data_center: Beijing
 tsg_master_entrance_id: 0
 
-sapp_prometheus_enable: 1
-sapp_prometheus_port: 9273
-sapp_prometheus_url_path: "/metrics"
+pangu_pxy:
+  log_cache:
+    address: "10.9.62.253"
+    port: 9090
 
-hos_serverip: "192.168.40.223"
-hos_serverport: 9098
-hos_accesskeyid: "default"
-hos_secretkey: "default"
-hos_poolsize: 100
-hos_thread_sum: 32
-hos_cache_size: 102400
-hos_fs2_serverip: "127.0.0.1"
-hos_fs2_serverport: 10086
+firewall:
+  hos_serverip: "192.168.40.223"
+  hos_serverport: 9098
+  hos_accesskeyid: "default"
+  hos_secretkey: "default"
+  hos_poolsize: 100
+  hos_thread_sum: 32
+  hos_cache_size: 102400
+  hos_fs2_serverip: "127.0.0.1"
+  hos_fs2_serverport: 10086
+  APP_SKETCH_LOG_LEVEL: 10
+  APP_SKETCH_LOG_PATH: "./tsglog/app_sketch_local/app_sketch_local"
+  APP_SKETCH_L7_PROTOCOL_LABEL: "BASIC_PROTO_LABEL"
+  APP_SKETCH_QOS: 1
+  APP_SKETCH_PUBLISH_TOPIC: "APP_SIGNATURE_ID"
+  APP_SKETCH_BROKER_LIST: "tcp://192.168.40.161:1883"
 
-APP_SKETCH_LOG_LEVEL: 10
-APP_SKETCH_LOG_PATH: "./tsglog/app_sketch_local/app_sketch_local"
-APP_SKETCH_L7_PROTOCOL_LABEL: "BASIC_PROTO_LABEL"
-APP_SKETCH_QOS: 1
-APP_SKETCH_PUBLISH_TOPIC: "APP_SIGNATURE_ID"
-APP_SKETCH_BROKER_LIST: "tcp://192.168.40.161:1883"
+
+dump_rtp_pcap:
+  aws_access_key_id: "default"
+  aws_secret_access_key: "default"
+  aws_session_token: "c21f969b5f03d33d43e04f8f136e7682"
+  consume_bootstrap_servers: ['192.168.44.14:9092']
+  endpoint_url: "http://192.168.44.67:9098/hos/"
+  produce_bootstrap_servers: "192.168.44.14:9092"
+  queue_size: 5000000
+  coroutine_max_num: 200
+  coroutine_num: 100
+  qfull_mode: 0
+  qfull_interval: 5

roles/certstore/tasks/main.yml

@@ -10,7 +10,7 @@
 - name: install certstore
   yum:
     name:
-      - /tmp/ansible_deploy/certstore-2.1.6.20201215.f2e9ba7-1.el7.x86_64.rpm
+      - /tmp/ansible_deploy/certstore-2.1.7.20210422.3f0c7ed-1.el7.x86_64.rpm
     state: present
 
 - name: template certstore configure file

roles/dump_rtp_pcap/tasks/main.yml

@@ -0,0 +1,22 @@
+- name: "dump-rtp-pcap: copy dump-rtp-pcap rpm package to destination"
+  copy:
+    src: "{{ role_path }}/files/"
+    dest: /tmp/ansible_deploy/
+
+- name: "dump-rtp-pcap: install dump-rtp-pcap rpm from localhost"
+  yum:
+    name:
+      - /tmp/ansible_deploy/dump_rtp_pcap-1.0.2.445da24-2.el7.x86_64.rpm
+    state: present
+
+- name: "dump-rtp-pcap: Template the dump_rtp_pcap.json"
+  template:
+    src: "{{ role_path }}/templates/dump_rtp_pcap.json.j2"
+    dest: /home/mesasoft/dump_rtp_pcap/dump_rtp_pcap.json
+  tags: template
+ 
+- name: "start dump_rtp_pcap"
+  systemd:
+    name: dump_rtp_pcap.service
+    enabled: yes
+    daemon_reload: yes

roles/dump_rtp_pcap/templates/dump_rtp_pcap.json.j2

@@ -0,0 +1,23 @@
+{
+    "endian":"little",
+    "aws_access_key_id": "{{ dump_rtp_pcap.aws_access_key_id }}",
+    "aws_secret_access_key": "{{ dump_rtp_pcap.aws_secret_access_key }}",
+    "aws_session_token": "{{ dump_rtp_pcap.aws_session_token }}",
+    "bucket_name": "rtp-log",
+    "consume_auto_offset_reset":"latest",
+    "consume_bootstrap_servers": ["{{ dump_rtp_pcap.consume_bootstrap_servers | join("\",\"") }}"],
+    "consume_topic": "INTERNAL-RTP-LOG",
+    "endpoint_url": "{{ dump_rtp_pcap.endpoint_url }}",
+    "file_prefix":"rtp_log",
+    "group_id": "rtp-log-1",
+    "produce_bootstrap_servers": "{{ dump_rtp_pcap.produce_bootstrap_servers }}",
+    "produce_topic": "VOIP-RECORD-LOG",
+    "region_name": "us-east-1",
+    "save_speed_emit_interval":30,
+    "upload_speed_emit_interval":30,
+    "queue_size":{{ dump_rtp_pcap.queue_size }},
+    "coroutine_max_num":{{ dump_rtp_pcap.coroutine_max_num }},
+    "coroutine_num":{{ dump_rtp_pcap.coroutine_num }},
+    "qfull_mode":{{ dump_rtp_pcap.qfull_mode }},
+    "qfull_interval":{{ dump_rtp_pcap.qfull_interval }}
+}

roles/firewall/tasks/main.yml

@@ -15,21 +15,21 @@
       - /tmp/ansible_deploy/conn_telemetry-1.0.2.8d6da43-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/dns-2.0.11.2265b5c-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/ftp-1.0.8.13d5fda-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/fw_dns_plug-3.0.2.dab58fa-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/fw_dns_plug-3.0.5.2a25c20-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/fw_ftp_plug-3.0.1.0a78573-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/fw_http_plug-3.1.5.69f6482-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/fw_mail_plug-3.0.2.7401550-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/fw_http_plug-3.1.11.b0f7b8f-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/fw_mail_plug-3.0.9.d496513-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/fw_quic_plug-3.0.4.947ef77-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/fw_ssl_plug-3.0.6.a121701-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/http-2.0.5.c61ad9a-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/mail-1.0.9.c1d3bde-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/quic-1.1.17.8c22b4d-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/ssl-1.0.12.16b8fb5-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/tsg_conn_sketch-2.1.4.f333054-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/tsg_conn_sketch-2.1.16.7b1b2d5-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/rtp-1.0.4.91b4ab7-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/mesa_sip-1.0.9.ede6893-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/fw_voip_plug-1.0.2.090e5da-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/app_proto_identify-1.0.9.a6581a6-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/mesa_sip-1.0.15.77d2f1a-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/fw_voip_plug-1.0.6.341fe83-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/app_proto_identify-1.0.10.1eeff1d-2.el7.x86_64.rpm
 
 - name: "Template the tsgconf/main.conf"
   template:

roles/firewall/templates/main.conf.j2

@@ -2,8 +2,8 @@
 TIMEOUT=300
 LOG_PATH="./tsglog/fw_voip_plug/fw_voip_plug"
 LOG_LEVEL={{ fw_voip_log_level }}
-TABLE_TO=TSG_FIELD_SIP_TO
-TABLE_FROM=TSG_FIELD_SIP_FROM
+TABLE_TO=TSG_FIELD_SIP_RESPONDER_DESCRIPTION
+TABLE_FROM=TSG_FIELD_SIP_ORIGINATOR_DESCRIPTION
 
 [FTP_PLUG]
 LOG_PATH="./tsglog/fw_ftp_plug/fw_ftp_plug"
@@ -73,23 +73,23 @@ log_service=2
 
 
 [HOS_CONF]
-hos_serverip="{{ hos_serverip }}"
-hos_serverport={{ hos_serverport }}
-hos_accesskeyid="{{ hos_accesskeyid }}"
-hos_secretkey="{{ hos_secretkey }}"
-hos_poolsize={{ hos_poolsize }}
-hos_thread_sum={{ hos_thread_sum }}
-hos_cache_size={{ hos_cache_size }}
-hos_fs2_serverip="{{ hos_fs2_serverip }}"
-hos_fs2_serverport={{ hos_fs2_serverport }}
+hos_serverip="{{ firewall.hos_serverip }}"
+hos_serverport={{ firewall.hos_serverport }}
+hos_accesskeyid="{{ firewall.hos_accesskeyid }}"
+hos_secretkey="{{ firewall.hos_secretkey }}"
+hos_poolsize={{ firewall.hos_poolsize }}
+hos_thread_sum={{ firewall.hos_thread_sum }}
+hos_cache_size={{ firewall.hos_cache_size }}
+hos_fs2_serverip="{{ firewall.hos_fs2_serverip }}"
+hos_fs2_serverport={{ firewall.hos_fs2_serverport }}
 
 [APP_SKETCH_LOCAL]
-LOG_LEVEL={{ APP_SKETCH_LOG_LEVEL }}
-LOG_PATH="{{ APP_SKETCH_LOG_PATH }}"
-L7_PROTOCOL_LABEL="{{ APP_SKETCH_L7_PROTOCOL_LABEL }}"
+LOG_LEVEL={{ firewall.APP_SKETCH_LOG_LEVEL }}
+LOG_PATH="{{ firewall.APP_SKETCH_LOG_PATH }}"
+L7_PROTOCOL_LABEL="{{ firewall.APP_SKETCH_L7_PROTOCOL_LABEL }}"
 
 [APP_SKETCH_FEEDBACK]
-QOS={{ APP_SKETCH_QOS }}
-PUBLISH_TOPIC="{{ APP_SKETCH_PUBLISH_TOPIC }}"
+QOS={{ firewall.APP_SKETCH_QOS }}
+PUBLISH_TOPIC="{{ firewall.APP_SKETCH_PUBLISH_TOPIC }}"
 #CLIENT_ID=
-BROKER_LIST="{{ APP_SKETCH_BROKER_LIST }}"
+BROKER_LIST="{{ firewall.APP_SKETCH_BROKER_LIST }}"

roles/framework/tasks/main.yml

@@ -12,7 +12,7 @@
     packages:
       - /tmp/ansible_deploy/libcjson-1.7.10.ab2896f-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/libdocumentanalyze-2.0.6.2d1abe0-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/libmaatframe-3.1.14.673eeb9-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/libmaatframe-3.1.19.66c294f-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/libMESA_field_stat-1.0.2.6d45eed-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/libMESA_field_stat2-2.9.10.72ac4f1-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/libMESA_handle_logger-2.0.7.cb4ad71-2.el7.x86_64.rpm
@@ -30,7 +30,7 @@
       - /tmp/ansible_deploy/libaws-checksums-1.0.6.8b09ac1-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/libaws-cpp-sdk-core-1.0.8.a3fe079-2.el7.x86_64.rpm
       - /tmp/ansible_deploy/libaws-cpp-sdk-s3-2.0.0.f3c33ea-2.el7.x86_64.rpm
-      - /tmp/ansible_deploy/libhos-client-cpp-1.0.24.20e6f94-2.el7.x86_64.rpm  
+      - /tmp/ansible_deploy/libhos-client-cpp-1.0.24.20e6f94-2.el7.x86_64.rpm
 
 - name: "mkdir /etc/ld.so.conf.d/"
   file:

roles/kernel-ml/tasks/main.yml

@@ -25,19 +25,19 @@
     src: "{{ role_path }}/files/grub"
     dest: "/etc/default"
   when: 
-    - tsg_access_type == 4
+    - tsg_access_type == 4 or tsg_access_type == 5
     - t_kernel_ml.changed
 
 - name: "BIOS:grub2-mkconfig"
   shell: grub2-mkconfig -o /boot/grub2/grub.cfg
   when:
-    - tsg_access_type == 4
+    - tsg_access_type == 4 or tsg_access_type == 5
     - t_kernel_ml.changed
 
 - name: "UEFI:grub2-mkconfig"
   shell: grub2-mkconfig  -o /boot/efi/EFI/centos/grub.cfg
   when:
-    - tsg_access_type == 4
+    - tsg_access_type == 4 or tsg_access_type == 5
     - t_kernel_ml.changed
 
 - name: "reboot"

roles/kni/templates/kni.conf.j2

@@ -3,7 +3,7 @@ log_path = ./log/kni/kni.log
 log_level = {{ kni_log_level }}
 tfe_node_count = {{ kni.global.tfe_node_count }}
 manage_eth = {{ nic_mgr.name }}
-{% if tsg_running_type != 2 %}
+{% if tsg_running_type == 0 %}
 deploy_mode = tun
 {% else %}
 deploy_mode = normal
@@ -11,7 +11,7 @@ deploy_mode = normal
 tun_name = tun_kni
 src_mac_addr = 00:0e:c6:d6:72:c1
 dst_mac_addr = fe:65:b7:03:50:bd
-{% if tsg_access_type == 4 %}
+{% if tsg_access_type == 4 or tsg_access_type == 5 %}
 [tfe0]
 enabled = 1
 dev_eth_symbol = {{ ATCA_data_incoming.vf1_name }}

roles/mrzcpd/tasks/main.yml

@@ -26,7 +26,7 @@
     src: "{{ role_path }}/templates/mrapp.sapp4.conf "
     dest: /opt/mrzcpd/etc/mrapp.sapp4.conf 
   when: 
-    - tsg_access_type == 4
+    - tsg_access_type == 4 or tsg_access_type == 5
 
 - name: "update mrglobal.conf.adc_inline"
   template:

roles/packet_dump/tasks/main.yml

@@ -25,7 +25,24 @@
   file:
     path: /var/www/html/troubleshooting
     state: directory
- 
+
+- name: "mkdir /opt/packet-dump-exporter/"
+  file:
+    path: /opt/packet-dump-exporter/
+    state: directory
+
+- name: "copy systemd_exporter"
+  copy:
+    src: '{{ role_path }}/files/systemd_exporter'
+    dest: /opt/packet-dump-exporter/systemd_exporter
+    mode: 0755
+
+- name: "templates packet-dump-exporter-systemd.service"
+  template:
+    src: "{{role_path}}/templates/packet-dump-exporter-systemd.service.j2"
+    dest: /usr/lib/systemd/system/packet-dump-exporter-systemd.service
+  tags: template
+
 - name: "start packet_dump"
   systemd:
     name: packet_dump.service
@@ -37,3 +54,10 @@
     name: httpd
     enabled: yes
     daemon_reload: yes
+
+- name: 'packet-dump-exporter-systemd service start'
+  systemd:
+    name: packet-dump-exporter-systemd
+    enabled: yes
+    daemon_reload: yes
+    state: restarted

roles/packet_dump/templates/packet-dump-exporter-systemd.service.j2

@@ -0,0 +1,11 @@
+[Unit]
+Description=Systemd Exporter
+After=network.target
+
+[Service]
+Type=simple
+ExecStart=/opt/packet-dump-exporter/systemd_exporter --web.disable-exporter-metrics
+Restart=always
+
+[Install]
+WantedBy=multi-user.target

roles/sapp/tasks/main.yml

@@ -13,13 +13,13 @@
 - name: "install sapp rpms from localhost"
   yum:
     name:
-      - /tmp/ansible_deploy/sapp-4.2.26.fc1a6aa-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/sapp-4.2.32.91bc8e3-2.el7.x86_64.rpm
     state: present
  
 - name: "install tcpdump_mesa rpms from localhost"
   yum:
     name:
-      - /tmp/ansible_deploy/tcpdump_mesa-1.0.2.0c5a950-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/tcpdump_mesa-1.0.4.4ef2936-2.el7.x86_64.rpm
     state: present
     skip_broken: yes
 

roles/sapp/templates/asymmetric_addr_layer.conf.j2

@@ -0,0 +1,7 @@
+#layer name definition:  ipv4, ipv6, ethernet,vlan, arp, gre, mpls, pppoe, tcp, udp, l2tp, ppp, pptp, gtp
+#pattern: asymmetric_layer_name[layer index]
+vlan[*]
+mpls[*]
+gre[*]
+gtp[*]
+

roles/sapp/templates/asymmetric_presence_layer.conf.j2

@@ -0,0 +1,8 @@
+#layer name definition:  ipv4, ipv6, ethernet,vlan, arp, gre, mpls, pppoe, tcp, udp, l2tp, ppp, pptp, gtp
+#pattern: asymmetric_layer_name    under_of_this_asymmetric_layer[layer_index]   upper_of_this_asymmetric_layer[layer_index]
+{% if tsg_access_type == 2 and tsg_running_type == 2 %}
+mpls    ethernet[0]    ipv4[1]
+mpls    ethernet[0]    ipv6[1]
+{% else %}
+#
+{% endif %}

roles/sapp/templates/conflist.inf.j2

@@ -8,11 +8,13 @@
 {% endif %}
 ./plug/platform/app_proto_identify/app_proto_identify.inf
 ./plug/platform/tsg_master/tsg_master.inf
-{% if tsg_app_enable == 1 %}
+{% if tsg_app.enable == 1 %}
 ./plug/platform/app_master/app_master.inf
 {% endif %}
 
 [protocol]
+./plug/protocol/mesa_sip/mesa_sip.inf
+./plug/protocol/rtp/rtp.inf
 ./plug/protocol/ssl/ssl.inf
 ./plug/protocol/http/http.inf
 ./plug/protocol/dns/dns.inf
@@ -31,11 +33,10 @@
 ./plug/business/fw_mail_plug/fw_mail_plug.inf
 ./plug/business/fw_ftp_plug/fw_ftp_plug.inf
 ./plug/business/fw_quic_plug/fw_quic_plug.inf
+./plug/business/fw_voip_plug/fw_voip_plug.inf
 ./plug/business/conn_telemetry/conn_telemetry.inf
-./plug/business/app_control_plug/app_control_plug.inf
-{% if tsg_app_enable == 1 %}
+{% if tsg_app.enable == 1 %}
 ./plug/business/app_sketch_local/app_sketch_local.inf
-./plug/business/app_control_plug/app_control_plug.inf
 {% endif %}
 {% if tsg_access_type == 2 %}
 ./plug/platform/http_healthcheck/http_healthcheck.inf

roles/sapp/templates/sapp.service.j2

@@ -17,6 +17,7 @@ LimitCORE=0
 TasksMax=infinity
 Delegate=yes
 KillMode=process
+WatchdogSec=10s
 
 [Install]
 WantedBy=multi-user.target

roles/sapp/templates/sapp.toml.j2

@@ -33,7 +33,11 @@ dictator_enable=0
     l2_l3_tunnel_support=1
 
 ### note, optional value is [none, vxlan]
+    {% if tsg_access_type == 5 %}
+    overlay_mode=vxlan
+    {% else %}
     overlay_mode=none
+    {% endif %}
     stream_compare_layer_cfg_file="etc/stream_compare_layer.conf"
     vlan_flipping_cfg_file="etc/vlan_flipping_map.conf"
     asymmetric_presence_layer_cfg_file="etc/asymmetric_presence_layer.conf"
@@ -42,7 +46,7 @@ dictator_enable=0
 
     [packet_io.feature]
 	
-	{% if tsg_access_type == 4 %}
+	{% if tsg_access_type == 4 or tsg_access_type == 5 %}
 	### note, used to represent inbound or outbound direction value,
 	### because it comes from Third party device, so it needs to be specified manually,
 	### if inbound_route_dir=1, then outbound_route_dir=0, vice versa,
@@ -89,8 +93,12 @@ dictator_enable=0
     name={{packet_io.internal_interface}}
     {% else %}
     type=marsio
+    {% if tsg_access_type == 4 or tsg_access_type == 5 %}
+    name={{ATCA_data_incoming.vf0_name}}
+    {% else %}
     name={{nic_data_incoming.name}}
     {% endif %}
+    {% endif %}
 
     [packet_io.external.interface]
     {% if tsg_access_type == 0 %}
@@ -114,6 +122,8 @@ dictator_enable=0
     treat_vlan_as_mac_in_mac=0
     reverse_ethernet_addr=1
 
+[DUPLICATE_PKT]
+    duplicate_pkt_distinguish=0
 	
 [STREAM]
 ### note, stream_id_base_time format is "%Y-%m-%d %H:%M:%S" 
@@ -179,9 +189,9 @@ dictator_enable=0
         app_name=sapp
      
         [profiling.log.prometheus]
-        prometheus_enabled={{ sapp_prometheus_enable }}
-        prometheus_port={{ sapp_prometheus_port }}
-        prometheus_url_path="{{ sapp_prometheus_url_path }}"
+        prometheus_enabled={{ sapp.prometheus_enable }}
+        prometheus_port={{ sapp.prometheus_port }}
+        prometheus_url_path="{{ sapp.prometheus_url_path }}"
 
 [TOOLS]
     [tools.pkt_dump]

roles/sapp/templates/vlan_flipping_map.conf.j2

@@ -6,6 +6,11 @@
 #配置文件格式, pattern:
 #来自C路由器vlan_id	  	来自I路由器vlan_id   	是否开启mac地址翻转
 #C_router_vlan_id  I_router_vlan_id mac_flipping_enable
+{% if tsg_access_type == 2 and tsg_running_type == 2 %}
 1301	1302	1
 1201	1202	1
 4000	4001	0
+{% else %}
+4000	4001	0
+{% endif %}
+

roles/tfe/tasks/main.yml

@@ -14,7 +14,7 @@
   yum:
     name:
       - /tmp/ansible_deploy/tfe-kmod-v1.0.5.20200408-1dkms.noarch.rpm
-      - /tmp/ansible_deploy/tfe-4.3.30.62dde9e-1.el7.x86_64.rpm
+      - /tmp/ansible_deploy/tfe-4.4.01.3e020b9-1.el7.x86_64.rpm
     state: present
 
 - name: "tfe:copy cert file to device"

roles/tfe/templates/pangu_pxy.conf.j2

@@ -6,40 +6,26 @@ enable_plugin=1
 en_sendlog=1
 entrance_id=0
 
-#Addresses of minio. Format is defined by WiredLB.
-#minio_ip_list=192.168.10.61-64;
-minio_ip_list= {{ log_minio.address }}
-minio_listen_port= {{ log_minio.port }}
-#Maximum number of connections opened by per host.
-#MAX_CONNECTION_PER_HOST=1
-#Maximum number of requests in a pipeline.
-#MAX_CNNT_PIPELINE_NUM=20
-#Maximum parellel sessions(http and redis) is allowed to open.
-#MAX_CURL_SESSION_NUM=100
-#Maximum time the request is allowed to take(seconds).
-#MAX_CURL_TRANSFER_TIMEOUT_S=0
+#Addresses of hos, Bucket name in hos. Format is defined by WiredLB.
+cache_ip_list = {{ pangu_pxy.log_cache.address }}
+cache_listen_port = {{ pangu_pxy.log_cache.port }}
+cache_bucket_name=hos/proxy_hos_bucket
+cache_token=c21f969b5f03d33d43e04f8f136e7682
 
-#Bucket name in minio.
-cache_bucket_name=proxybucket
-#Maximum size of memory used by tango_cache_client. Upload will fail if the current size of memory used exceeds this value.
+#Refer to the pangu_cahche definition
 max_used_memroy_size_mb=5120
-#Default TTL of objects, i.e. the time after which the object will expire(minumun 60s, i.e. 1 minute).
 cache_default_ttl_second=3600
-#Whether to hash the object key before cache actions. GET/PUT may be faster if you open it.
 cache_object_key_hash_switch=1
 
-#Store way: 0-MINIO; 1-META in REDIS, object in minio; 2-META and small object in Redis, large object in minio;
 cache_store_object_way=0
-#If CACHE_STORE_OBJECT_WAY is 2 and the size of a object is not bigger than this value, object will be stored in redis.
 redis_cache_object_size=1024000
-#Configs of WiredLB for Minios load balancer.
-#WIREDLB_OVERRIDE=1
-#wiredlb_health_port=42310
+
 #If CACHE_STORE_OBJECT_WAY is not 0, we will use redis to store meta and object.
 redis_cluster_ip_list=192.168.10.62-63;
 redis_cluster_port_range=6379
 #wired load balancer configuration
 
+#Configs of WiredLB for Minios load balancer.
 wiredlb_override=1
 wiredlb_topic=MinioFileLog
 wiredlb_datacenter=k18consul-tse
@@ -54,6 +40,7 @@ log_fsstat_dst_ip=10.4.20.202
 log_fsstat_dst_port=8125
 
 [ratelimit]
+#hijack flow control
 enable=0
 token_name=ratelimit
 redis_server={{ maat_redis_server.address }}
@@ -62,32 +49,27 @@ redis_db_index=6
 
 [tango_cache]
 enable_cache=0
-minio_ip_list=192.168.10.61-64;
-minio_listen_port=9000
+cache_ip_list=192.168.10.61-64;
+cache_listen_port=9000
+cache_bucket_name=hos/proxy_hos_bucket
+cache_token=c21f969b5f03d33d43e04f8f136e7682
 
-#max_connection_per_host=1
 max_cnnt_pipeline_num=20
-#max_curl_session_num=100
-
-cache_bucket_name=proxybucket
+#Maximum size of memory used by tango_cache_client. Upload will fail if the current size of memory used exceeds this value.
 max_used_memory_size_mb=10240
+#Default TTL of objects, i.e. the time after which the object will expire(minumun 60s, i.e. 1 minute).
 cache_default_ttl_second=3600
+#Whether to hash the object key before cache actions. GET/PUT may be faster if you open it.
 cache_object_key_hash_switch=1
-
-#1-minio，2-redis
-#Store way: 0-MINIO; 1-META in REDIS, object in minio; 2-META and small object in Redis, large object in minio;
-cache_store_object_way=0
+#Store way: 0-HOS; 1-META in REDIS, object in hos; 2-META and small object in Redis, large object in hos;
+cache_store_object_way=2
 #If CACHE_STORE_OBJECT_WAY is 2 and the size of a object is not bigger than this value, object will be stored in redis.
 redis_cache_object_size=102400
 #If CACHE_STORE_OBJECT_WAY is not 0, we will use redis to store meta and object.
 redis_cluster_ip_list=192.168.10.62-63;
 redis_cluster_port_range=6379
-#wired load balancer configuration
-wiredlb_override=1
-wiredlb_topic=MinioCache
-wiredlb_datacenter=k18consul-tse
-wiredlb_health_port=52101
-wiredlb_group=TangoCache
+
+#Configs of WiredLB for Minios load balancer.Refer to the definition at log
 
 cache_undefined_obj=1
 query_undefined_obj=0

roles/tfe/templates/tfe-env-config.j2

@@ -1,4 +1,4 @@
-{% if tsg_access_type == 4 %}
+{% if tsg_access_type == 4 or tsg_access_type == 5 %}
 TFE_DEVICE_DATA_INCOMING={{ ATCA_data_incoming.vf2_name }}
 {% elif tsg_running_type != 2 %}
 TFE_DEVICE_DATA_INCOMING=tun_kni
@@ -6,7 +6,7 @@ TFE_DEVICE_DATA_INCOMING=tun_kni
 TFE_DEVICE_DATA_INCOMING={{ nic_data_incoming.name }}
 {% endif %}
 TFE_LOCAL_MAC_DATA_INCOMING=fe:65:b7:03:50:bd
-{% if tsg_access_type == 4 %}
+{% if tsg_access_type == 4 or tsg_access_type == 5 %}
 TFE_PEER_MAC_DATA_INCOMING=00:0e:c6:d6:72:c1
 {% else %}
 TFE_PEER_MAC_DATA_INCOMING=aa:bb:cc:dd:ee:ff

roles/tsg-env-tun-mode/templates/setup.j2

@@ -10,7 +10,7 @@ ethtool -K {{ packet_io.internal_interface }} gro off
 ethtool -K {{ packet_io.external_interface }} tso off
 ethtool -K {{ packet_io.external_interface }} gso off
 ethtool -K {{ packet_io.external_interface }} gro off
-{% elif tsg_access_type == 4 %}
+{% elif tsg_access_type == 4 or tsg_access_type == 5 %}
 echo 3 > /sys/class/net/{{ ATCA_data_incoming.ethname }}/device/sriov_numvfs
 ip link set {{ ATCA_data_incoming.ethname }} vf 1 vlan 4095
 ip link set {{ ATCA_data_incoming.ethname }} vf 2 vlan 4095

roles/tsg-env-tun-mode/templates/tsg-env_stop.j2

@@ -3,6 +3,6 @@
 echo 0 >/sys/class/net/{{ nic_mgr.name }}/device/sriov_numvfs
 ifconfig {{ nic_mgr.name }}.100 down
 vconfig rem {{ nic_mgr.name }}.100
-{% if tsg_access_type == 4 %}
+{% if tsg_access_type == 4 or tsg_access_type == 5 %}
 echo 0 >/sys/class/net/{{ ATCA_data_incoming.ethname }}/device/sriov_numvfs
 {% endif %}

roles/tsg_app/tasks/main.yml

@@ -11,6 +11,6 @@
     skip_broken: yes
   vars:
     app_packages:
-      - /tmp/ansible_deploy/app_sketch_local-2.0.2.edf4fb0-2.el7.x86_64.rpm
-  when: tsg_app_enable == 1
+      - /tmp/ansible_deploy/app_sketch_local-2.0.5.ff1622f-2.el7.x86_64.rpm
+  when: tsg_app.enable == 1
 

roles/tsg_master/tasks/main.yml

@@ -6,6 +6,6 @@
 - name: "install tsg_master from localhost"
   yum:
     name:
-      - /tmp/ansible_deploy/tsg_master-3.4.6.3851946-2.el7.x86_64.rpm
+      - /tmp/ansible_deploy/tsg_master-3.4.12.441b0d1-2.el7.x86_64.rpm
     state: present
     skip_broken: yes

server_deploy.yml

@@ -23,10 +23,11 @@
 - hosts: packet_dump_server
   remote_user: root
   vars_files:
-    - install_config/group_vars/adc_global.yml
+    - install_config/group_vars/server_as_tun_mode.yml
   roles:
     - {role: framework, tags: framework}
     - {role: packet_dump, tags: packet_dump}
+    - {role: dump_rtp_pcap, tags: dump_rtp_pcap}
 
 - hosts: app_global
   remote_user: root