gfwleak/solutions-tsg-scripts
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

merge into: gfwleak:tsg-version21.05-deploy
Branches Tags
gfwleak:tsg-version20.11.rc1-deploy gfwleak:tsg-version21.09-ansible gfwleak:tsg-version-21.06-deploy-to-mirror-traffic gfwleak:tsg-version21.05-deploy gfwleak:tsg-deploy-K18-in-KZ-update-version-21.04 gfwleak:tsg-version21.04-deploy gfwleak:tsg-version21.03-deploy gfwleak:tsg-deploy-K18-in-KZ gfwleak:tsg-version21.02-deploy gfwleak:dpi-platform-version20.11.rc3-deploy gfwleak:dpi-version20.11.rc3-deploy gfwleak:tsg-version20.11-deploy gfwleak:tfe-4.3.16 gfwleak:tsg-version20.11.rc1-deploy-firewall gfwleak:tsg-app-global-version.20.11.02 gfwleak:tsg-version20.09-deploy gfwleak:tsg-version20.08.2-deploy gfwleak:tsg-version20.08-deploy gfwleak:tsg-version20.07-deploy gfwleak:tsg-version20.08.1-deploy gfwleak:tsg-version20.07.rc1-deploy gfwleak:self-test-and-make-static-package gfwleak:tsg-version20.06.01-deploy gfwleak:tsg-version20.06-deploy gfwleak:tsg-version20.05.01-deploy gfwleak:tsg-version20.5-deploy gfwleak:tsg-version20.5-Temp gfwleak:tsg-version20.4.01-deploy gfwleak:tsg-version20.4-deploy gfwleak:Tsg-v3.0-firewall gfwleak:master gfwleak:scripts-https-self-check gfwleak:Feature-kni-3.0
gfwleak:test-docker-env-install-1 gfwleak:test-docker-env-install gfwleak:two-job-2 gfwleak:two-job
...
pull from: gfwleak:tsg-version-21.06-deploy-to-mirror-traffic
Branches Tags
gfwleak:tsg-version21.09-ansible gfwleak:tsg-version-21.06-deploy-to-mirror-traffic gfwleak:tsg-version21.05-deploy gfwleak:tsg-deploy-K18-in-KZ-update-version-21.04 gfwleak:tsg-version21.04-deploy gfwleak:tsg-version21.03-deploy gfwleak:tsg-deploy-K18-in-KZ gfwleak:tsg-version21.02-deploy gfwleak:dpi-platform-version20.11.rc3-deploy gfwleak:dpi-version20.11.rc3-deploy gfwleak:tsg-version20.11-deploy gfwleak:tfe-4.3.16 gfwleak:tsg-version20.11.rc1-deploy gfwleak:tsg-version20.11.rc1-deploy-firewall gfwleak:tsg-app-global-version.20.11.02 gfwleak:tsg-version20.09-deploy gfwleak:tsg-version20.08.2-deploy gfwleak:tsg-version20.08-deploy gfwleak:tsg-version20.07-deploy gfwleak:tsg-version20.08.1-deploy gfwleak:tsg-version20.07.rc1-deploy gfwleak:self-test-and-make-static-package gfwleak:tsg-version20.06.01-deploy gfwleak:tsg-version20.06-deploy gfwleak:tsg-version20.05.01-deploy gfwleak:tsg-version20.5-deploy gfwleak:tsg-version20.5-Temp gfwleak:tsg-version20.4.01-deploy gfwleak:tsg-version20.4-deploy gfwleak:Tsg-v3.0-firewall gfwleak:master gfwleak:scripts-https-self-check gfwleak:Feature-kni-3.0
gfwleak:test-docker-env-install-1 gfwleak:test-docker-env-install gfwleak:two-job-2 gfwleak:two-job

6 Commits
tsg-versio ... tsg-versio

Author SHA1 Message Date
fumingwei
c810c89082 feature:新增部署packet_dump的操作 2021-07-22 17:31:28 +08:00
fumingwei
58f1bc8044 bugfix:修改部署过程出现配置文件路径错误和变量缺失问题 2021-07-22 17:17:28 +08:00
fumingwei
7fe7cc953e 同步tsg-os配置文件 2021-07-21 11:40:30 +08:00
fumingwei
e2fe322a06 firewall插件和tsg-os同步 2021-07-21 10:21:07 +08:00
fumingwei
5729ad8653 bugfix:删除多余kni插件 2021-07-06 15:09:02 +08:00
fumingwei
e3977b920e OMPUB-159:新增v21.06适配mirror流量的DPI安装包 2021-07-06 14:48:40 +08:00
230 changed files with 289 additions and 9276 deletions
Expand all files Collapse all files

100
adc_deploy.yml
View File

@@ -1,100 +0,0 @@
- hosts: adc_mxn
remote_user: root
roles:
- {role: adc_exporter, tags: adc_exporter}
- {role: adc_exporter_proxy, tags: adc_exporter_proxy}
# - {role: switch_rule, tags: switch_rule}
- hosts: adc_mcn0
remote_user: root
vars_files:
- install_config/group_vars/adc_global.yml
- install_config/group_vars/adc_mcn0.yml
roles:
- {role: framework, tags: framework}
- {role: kernel-ml, tags: kernel-ml}
- {role: mrzcpd, tags: mrzcpd}
- {role: sapp, tags: sapp}
- {role: tsg_master, tags: tsg_master}
- {role: kni, tags: kni}
- {role: firewall, tags: firewall}
- {role: tsg_app, tags: tsg_app}
- {role: http_healthcheck,tags: http_healthcheck}
- {role: redis, tags: redis}
- {role: cert-redis, tags: cert-redis}
- {role: maat-redis, tags: maat-redis, when: deploy_mode == "cluster"}
- {role: certstore, tags: certstore}
- {role: telegraf_statistic, tags: telegraf_statistic}
- {role: adc_exporter, tags: adc_exporter}
# - {role: switch_control, tags: switch_control}
- {role: tsg-env-patch, tags: tsg-env-patch}
- {role: docker-env, tags: docker-env}
- {role: tsg-diagnose, tags: tsg-diagnose}
- hosts: adc_mcn1
remote_user: root
vars_files:
- install_config/group_vars/adc_global.yml
- install_config/group_vars/adc_mcn1.yml
roles:
# - tsg-env-mcn1
- {role: framework, tags: framework}
- {role: kernel-ml, tags: kernel-ml}
- {role: mrzcpd, tags: mrzcpd}
- {role: tfe, tags: tfe}
- {role: adc_exporter, tags: adc_exporter}
# - {role: switch_control, tags: switch_control}
- {role: tsg-env-patch, tags: tsg-env-patch}
- {role: tsg-diagnose_sync_ca, tags: tsg-diagnose_sync_ca}
- hosts: adc_mcn2
remote_user: root
vars_files:
- install_config/group_vars/adc_global.yml
- install_config/group_vars/adc_mcn2.yml
roles:
# - tsg-env-mcn2
- {role: framework, tags: framework}
- {role: kernel-ml, tags: kernel-ml}
- {role: mrzcpd, tags: mrzcpd}
- {role: tfe, tags: tfe}
- {role: adc_exporter, tags: adc_exporter}
# - {role: switch_control, tags: switch_control}
- {role: tsg-env-patch, tags: tsg-env-path}
- {role: tsg-diagnose_sync_ca, tags: tsg-diagnose_sync_ca}
- hosts: adc_mcn3
remote_user: root
vars_files:
- install_config/group_vars/adc_global.yml
- install_config/group_vars/adc_mcn3.yml
roles:
- {role: framework, tags: framework}
- {role: kernel-ml, tags: kernel-ml}
- {role: mrzcpd, tags: mrzcpd}
- {role: tfe, tags: tfe}
- {role: adc_exporter, tags: adc_exporter}
# - {role: switch_control, tags: switch_control}
- {role: tsg-env-patch, tags: tsg-env-patch}
- {role: tsg-diagnose_sync_ca, tags: tsg-diagnose_sync_ca}
- hosts: adc_mcn0
remote_user: root
roles:
- {role: tsg-diagnose_stop_sync, tags: tsg-diagnose_stop_sync}
- hosts: packet_dump_server
remote_user: root
vars_files:
- install_config/group_vars/adc_global.yml
roles:
- {role: framework, tags: framework}
- {role: packet_dump, tags: packet_dump}
- {role: dump_rtp_pcap, tags: dump_rtp_pcap}
- hosts: app_global
remote_user: root
vars_files:
- install_config/group_vars/app_global.yml
roles:
- {role: app_global, tags: app_global}

155
install_config/group_vars/adc_global.yml
View File

@@ -1,155 +0,0 @@
#########################################
#####0: pcap; 1: Inline_device; 2: Allot; 3: ADC_Tun_mode; 4:ATCA_Vlan_Flipping 5:ATCA_VXLAN
tsg_access_type: 2
#####2: ADC; 0:Tun_mode; 1: normal;
tsg_running_type: 2
#####deploy mode: cluster, single
deploy_mode: "cluster"
########################################
#Deploy_finished_reboot
Deploy_finished_reboot: 0
########################################
#IP Config
maat_redis_city_server:
address: "10.4.62.253"
port: 7002
maat_redis_server:
address: "192.168.100.1"
port: 7002
port_num: 1
db: 0
dynamic_maat_redis_server:
address: "192.168.100.1"
port: 7002
port_num: 1
db: 1
cert_store_server:
address: "192.168.100.1"
port: 9991
log_kafkabrokers:
address: ['1.1.1.1:9092','2.2.2.2:9092']
#log_minio:
# address: "10.4.62.253"
# port: 9090
pangu_pxy:
log_cache:
address: "10.9.62.253"
port: 9090
#########################################
#Log Level Config
#日志等级 10:DEBUG 20:INFO 30:FATAL
fw_voip_log_level: 10
fw_ftp_log_level: 10
fw_mail_log_level: 10
fw_http_log_level: 10
fw_dns_log_level: 10
fw_quic_log_level: 10
app_control_log_level: 10
capture_packet_log_level: 10
tsg_log_level: 10
tsg_master_log_level: 10
kni_log_level: 10
#日志等级 DEBUG INFO FATAL
tfe_log_level: FATAL
tfe_http_log_level: FATAL
pangu_log_level: FATAL
doh_log_level: FATAL
certstore_log_level: FATAL
packet_dump_log_level: 10
#######################################
#Sapp Performance Config
#Sapp工作在ADC计算板0时建议使用如下30+8的配置以保证更高的处理性能
sapp:
worker_threads: 42
send_only_threads_max: 1
bind_mask: 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43
inbound_route_dir: 1
prometheus_enable: 1
prometheus_port: 9273
prometheus_url_path: "/metrics"
########################################
#Kni Config
kni:
global:
tfe_node_count: 3
watch_dog:
switch: 1
maat:
readconf_mode: 2
send_logger:
switch: 1
tfe_nodes:
tfe0_enabled: 1
tfe1_enabled: 1
tfe2_enabled: 1
########################################
#Tfe Config
tfe:
nr_threads: 32
mirror_enable: 1
########################################
#Marsio Config
#marsio工作在ADC计算板时建议使用如下配置以保证更高的处理性能
mcn0_mrzcpd:
iocore: 52,53,54,55
mcn123_mrzcpd:
iocore: 54,55
mrtunnat:
lcore_id: 48,49,50,51
#########################################
#Tsg_app
tsg_app:
enable: 0
breakpad_upload_url: http://10.4.63.4:9000/api/2/minidump/?sentry_key=3203b43fd5384a7dbe6a48ecb1f3c595
data_center: Kyzylorda
tsg_master_entrance_id: 9
nic_mgr:
name: em1
firewall:
hos_serverip: "192.168.40.223"
hos_serverport: 9098
hos_accesskeyid: "default"
hos_secretkey: "default"
hos_poolsize: 100
hos_thread_sum: 32
hos_cache_size: 102400
hos_fs2_serverip: "127.0.0.1"
hos_fs2_serverport: 10086
APP_SKETCH_LOG_LEVEL: 10
APP_SKETCH_LOG_PATH: "./tsglog/app_sketch_local/app_sketch_local"
APP_SKETCH_L7_PROTOCOL_LABEL: "BASIC_PROTO_LABEL"
APP_SKETCH_QOS: 1
APP_SKETCH_PUBLISH_TOPIC: "APP_SIGNATURE_ID"
APP_SKETCH_BROKER_LIST: "tcp://192.168.40.161:1883"
dump_rtp_pcap:
aws_access_key_id: "default"
aws_secret_access_key: "default"
aws_session_token: "c21f969b5f03d33d43e04f8f136e7682"
consume_bootstrap_servers: ['192.168.44.14:9092']
endpoint_url: "http://192.168.44.67:9098/hos/"
produce_bootstrap_servers: "192.168.44.14:9092"
queue_size: 5000000
coroutine_max_num: 200
coroutine_num: 100
qfull_mode: 0
qfull_interval: 5

41
install_config/group_vars/adc_mcn0.yml
View File

@@ -1,41 +0,0 @@
#########################################
#Mcn0管理口网卡名
nic_mgr:
name: ens1f3
#########################################
#Mcn0流量接入网卡固定配置
nic_data_incoming:
name: ens1f4
#########################################
#Mcn0其他数据口网卡名配置固定配置
nic_inner_ctrl:
name: ens1.100
nic_to_tfe:
tfe0:
name: ens1f5
tfe1:
name: ens1f6
tfe2:
name: ens1f7
#########################################
#串联设备接入相关配置
inline_device_config:
keepalive_ip: 192.168.1.30
keepalive_mask: 255.255.255.252
#########################################
#Allot接入相关配置
AllotAccess:
#virturlInterface_1: ens1f2.103
#virturlInterface_2: ens1f2.104
virturlID_1: 1201
virturlID_2: 1202
virturlID_3: 1301
virturlID_4: 1302
#vvipv4_mask: 24
#vvipv6_mask: 64
bladename: mcn0

19
install_config/group_vars/adc_mcn1.yml
View File

@@ -1,19 +0,0 @@
#########################################
#Mcn1管理口网卡名
nic_mgr:
name: ens1f3
#########################################
#Mcn1流量接入网卡固定配置
nic_data_incoming:
name: ens1f1
#########################################
#Mcn1其他数据口网卡名配置固定配置
nic_inner_ctrl:
name: ens1.100
nic_traffic_mirror:
name: ens1f2
use_mrzcpd: 1
bladename: mcn1

19
install_config/group_vars/adc_mcn2.yml
View File

@@ -1,19 +0,0 @@
#########################################
#Mcn2管理口网卡名
nic_mgr:
name: ens8f3
#########################################
#Mcn2流量接入网卡固定配置
nic_data_incoming:
name: ens8f1
#########################################
#Mcn2其他数据口网卡名配置固定配置
nic_inner_ctrl:
name: ens8.100
nic_traffic_mirror:
name: ens8f2
use_mrzcpd: 1
bladename: mcn2

19
install_config/group_vars/adc_mcn3.yml
View File

@@ -1,19 +0,0 @@
#########################################
#Mcn3管理口网卡名
nic_mgr:
name: ens8f3
#########################################
#Mcn3流量接入网卡固定配置
nic_data_incoming:
name: ens8f1
#########################################
#Mcn3其他数据口网卡名配置固定配置
nic_inner_ctrl:
name: ens8.100
nic_traffic_mirror:
name: ens8f2
use_mrzcpd: 1
bladename: mcn3

10
install_config/group_vars/app_global.yml
View File

@@ -1,10 +0,0 @@
#########################################
app_sketch_global_log_level: 10
maat_redis_server:
address: "192.168.40.168"
port: 7002
db: 0
file_stat_ip: "1.1.1.1"

93
install_config/group_vars/mirror_traffic.yml Normal file
View File

@@ -0,0 +1,93 @@
########################################
#Server Basic Config
nic_mgr:
name: eth0
#########################################
#IP Config
maat_redis_server:
address: "#Bifang IP#"
port: 7002
port_num: 1
db: 0
dynamic_maat_redis_server:
address: "#Bifang IP#"
port: 7002
port_num: 1
db: 1
log_kafkabrokers:
address: ['1.1.1.1:9092','2.2.2.2:9092']
#log_minio:
# address: "10.9.62.253"
# port: 9090
#########################################
#Log Level Config
#日志等级 10:DEBUG 20:INFO 30:FATAL
fw_voip_log_level: 10
fw_ftp_log_level: 10
fw_mail_log_level: 10
fw_http_log_level: 10
fw_dns_log_level: 10
fw_quic_log_level: 10
app_control_log_level: 10
capture_packet_log_level: 10
tsg_log_level: 10
tsg_master_log_level: 10
kni_log_level: 10
#日志等级 DEBUG INFO FATAL
tfe_log_level: FATAL
tfe_http_log_level: FATAL
pangu_log_level: FATAL
doh_log_level: FATAL
certstore_log_level: 10
packet_dump_log_level: 10
#########################################
#Sapp Performance Config
#如果tsg_access_type=0sapp跑在pcap模式则以下配置可忽略
sapp:
worker_threads: 23
send_only_threads_max: 1
bind_mask: 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24
inbound_route_dir: 1
prometheus_enable: 1
prometheus_port: 9273
prometheus_url_path: "/metrics"
#########################################
#Marsio Config
mrzcpd:
iocore: 39
#########################################
#新增配置项,均为默认值不用改
breakpad_upload_url: http://127.0.0.1:9000/api/2/minidump/?sentry_key=3556bac347c74585a994eb6823faf5c6
data_center: Beijing
tsg_master_entrance_id: 0
firewall:
hos_serverip: "192.168.40.223"
hos_serverport: 9098
hos_accesskeyid: "default"
hos_secretkey: "default"
hos_poolsize: 100
hos_thread_sum: 32
hos_cache_size: 102400
hos_fs2_serverip: "127.0.0.1"
hos_fs2_serverport: 10086
APP_SKETCH_BROKER_IP: "192.168.40.161"
APP_SKETCH_BROKER_PORT: 1883
data_incoming_nic_list: ['eth0', 'eth1']

22
install_config/group_vars/packet_dump_server.yml Normal file
View File

@@ -0,0 +1,22 @@
nic_mgr:
name: eth0
log_kafkabrokers:
address: ['1.1.1.1:9092','2.2.2.2:9092']
packet_dump_log_level: 10
breakpad_upload_url: http://127.0.0.1:9000/api/2/minidump/?sentry_key=3556bac347c74585a994eb6823faf5c6
dump_rtp_pcap:
aws_access_key_id: "default"
aws_secret_access_key: "default"
aws_session_token: "c21f969b5f03d33d43e04f8f136e7682"
consume_bootstrap_servers: ['192.168.44.14:9092']
endpoint_url: "http://192.168.44.67:9098/hos/"
produce_bootstrap_servers: "192.168.44.14:9092"
queue_size: 5000000
coroutine_max_num: 200
coroutine_num: 100
qfull_mode: 0
qfull_interval: 5

200
install_config/group_vars/server_as_tun_mode.yml
View File

@@ -1,200 +0,0 @@
#########################################
#####0: Pcap; 1: Inline_device; 5:ATCA_VXLAN;
tsg_access_type: 0
#####0: Tun_mode; 1: normal;
tsg_running_type: 0
#####deploy mode: cluster, single
deploy_mode: "single"
########################################
#Deploy_finished_reboot
Deploy_finished_reboot: 0
########################################
#Server Basic Config
nic_mgr:
name: eth0
nic_inner_ctrl:
name: eth0.100
#########################################
#IP Config
#maat_redis_city_serve相关配置只在部署集群模式时使用
maat_redis_city_server:
address: ""
port:
maat_redis_server:
address: "#Bifang IP#"
port: 7002
port_num: 1
db: 0
dynamic_maat_redis_server:
address: "#Bifang IP#"
port: 7002
port_num: 1
db: 1
cert_store_server:
address: "192.168.100.1"
port: 9991
log_kafkabrokers:
address: ['1.1.1.1:9092','2.2.2.2:9092']
#log_minio:
# address: "10.9.62.253"
# port: 9090
#########################################
#Log Level Config
#日志等级 10:DEBUG 20:INFO 30:FATAL
fw_voip_log_level: 10
fw_ftp_log_level: 10
fw_mail_log_level: 10
fw_http_log_level: 10
fw_dns_log_level: 10
fw_quic_log_level: 10
app_control_log_level: 10
capture_packet_log_level: 10
tsg_log_level: 10
tsg_master_log_level: 10
kni_log_level: 10
#日志等级 DEBUG INFO FATAL
tfe_log_level: FATAL
tfe_http_log_level: FATAL
pangu_log_level: FATAL
doh_log_level: FATAL
certstore_log_level: 10
packet_dump_log_level: 10
#########################################
#Sapp Performance Config
#如果tsg_access_type=0sapp跑在pcap模式则以下配置可忽略
sapp:
worker_threads: 23
send_only_threads_max: 1
bind_mask: 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24
inbound_route_dir: 1
prometheus_enable: 1
prometheus_port: 9273
prometheus_url_path: "/metrics"
#########################################
#Sapp Double-Arm Config
packet_io:
internal_interface: eth2
external_interface: eth3
#########################################
#Kni Config
kni:
global:
tfe_node_count: 1
watch_dog:
switch: 1
maat:
readconf_mode: 2
send_logger:
switch: 1
tfe_nodes:
tfe0_enabled: 1
tfe1_enabled: 0
tfe2_enabled: 0
#########################################
#Tfe Config
tfe:
nr_threads: 32
mirror_enable: 1
#########################################
#Marsio Config
mrzcpd:
iocore: 39
mrtunnat:
lcore_id: 38
#########################################
#Tsg_app
tsg_app:
enable: 1
#########################################
#ATCA Config
#下列配置只在tsg_access_type=4 or 5时生效
ATCA_data_incoming:
ethname: enp1s0
vf0_name: enp1s2
vf1_name: enp1s2f1
vf2_name: enp1s2f2
ATCA_VlanFlipping:
vlanID_1: 100
vlanID_2: 101
vlanID_3: 103
vlanID_4: 104
#下列配置只在tsg_access_type=5时生效
ATCA_VXLAN:
keepalive_ip: "10.254.19.1"
keepalive_mask: "255.255.255.252"
#########################################
#Inline Device Config
inline_device_config:
keepalive_ip: 192.168.1.30
keepalive_mask: 255.255.255.252
data_incoming: eth5
#########################################
#新增配置项,均为默认值不用改
breakpad_upload_url: http://127.0.0.1:9000/api/2/minidump/?sentry_key=3556bac347c74585a994eb6823faf5c6
data_center: Beijing
tsg_master_entrance_id: 0
pangu_pxy:
log_cache:
address: "10.9.62.253"
port: 9090
firewall:
hos_serverip: "192.168.40.223"
hos_serverport: 9098
hos_accesskeyid: "default"
hos_secretkey: "default"
hos_poolsize: 100
hos_thread_sum: 32
hos_cache_size: 102400
hos_fs2_serverip: "127.0.0.1"
hos_fs2_serverport: 10086
APP_SKETCH_LOG_LEVEL: 10
APP_SKETCH_LOG_PATH: "./tsglog/app_sketch_local/app_sketch_local"
APP_SKETCH_L7_PROTOCOL_LABEL: "BASIC_PROTO_LABEL"
APP_SKETCH_QOS: 1
APP_SKETCH_PUBLISH_TOPIC: "APP_SIGNATURE_ID"
APP_SKETCH_BROKER_LIST: "tcp://192.168.40.161:1883"
dump_rtp_pcap:
aws_access_key_id: "default"
aws_secret_access_key: "default"
aws_session_token: "c21f969b5f03d33d43e04f8f136e7682"
consume_bootstrap_servers: ['192.168.44.14:9092']
endpoint_url: "http://192.168.44.67:9098/hos/"
produce_bootstrap_servers: "192.168.44.14:9092"
queue_size: 5000000
coroutine_max_num: 200
coroutine_num: 100
qfull_mode: 0
qfull_interval: 5

46
install_config/hosts
View File

@@ -1,45 +1,3 @@
###################
# For example #
###################
#变量device_id根据设备序号设置即可
#变量vvipv4_1、vvipv4_2、vvipv6_1、vvipv6_2为Allot相关配置其他环境可不填或直接删除变量
#
#20.09版本新增APP部署
#[app_global]
#0.0.0.0
#[server_as_tun_mode]
#1.1.1.1 device_id=device_1
#
#[adc_mxn]
#10.3.72.1
#10.3.72.2
#
#[adc_mcn0]
#10.3.73.1 device_id=device_1 vvipv4_1=10.3.61.1 vvipv4_2=10.3.62.1 vvipv6_1=fc00::61:1 vvipv6_2=fc00::62:1
#10.3.73.2 device_id=device_2 vvipv4_1=10.3.61.2 vvipv4_2=10.3.62.2 vvipv6_1=fc00::61:2 vvipv6_2=fc00::62:2
#
#[adc_mcn1]
#10.3.74.1 device_id=device_1
#10.3.74.2 device_id=device_2
#
#[adc_mcn2]
#10.3.75.1 device_id=device_1
#10.3.75.2 device_id=device_2
#
#[adc_mcn3]
#10.3.76.1 device_id=device_1
#10.3.76.2 device_id=device_2
#[app_global]
#[server_as_tun_mode]
#broken warning:
#10.4.52.71
[adc_mcn0]
[adc_mcn1]
[adc_mcn2]
[adc_mcn3]
[app_global]
[server_as_tun_mode]
[mirror_traffic]
[packet_dump_server]

12
mirror_traffic.yml Normal file
View File

@@ -0,0 +1,12 @@
- hosts: mirror_traffic
remote_user: root
vars_files:
- install_config/group_vars/mirror_traffic.yml
roles:
- {role: framework, tags: framework}
- {role: kernel-ml, tags: kernel-ml}
- {role: mrzcpd, tags: mrzcpd}
- {role: sapp, tags: sapp}
- {role: tsg_master, tags: tsg_master}
- {role: firewall, tags: firewall}
- {role: telegraf_statistic, tags: telegraf_statistic}

8
packet_dump_server.yml Normal file
View File

@@ -0,0 +1,8 @@
- hosts: packet_dump_server
remote_user: root
vars_files:
- install_config/group_vars/packet_dump_server.yml
roles:
- {role: framework, tags: framework}
- {role: packet_dump, tags: packet_dump}
- {role: dump_rtp_pcap, tags: dump_rtp_pcap}

BIN
roles/adc_exporter/files/freeipmi-1.5.7-3.el7.x86_64.rpm
View File

Binary file not shown.

BIN
roles/adc_exporter/files/ipmi_exporter
View File

Binary file not shown.

BIN
roles/adc_exporter/files/node_exporter
View File

Binary file not shown.

BIN
roles/adc_exporter/files/systemd_exporter
View File

Binary file not shown.

72
roles/adc_exporter/tasks/main.yml
View File

@@ -1,72 +0,0 @@
- name: "copy freeipmi tools"
copy:
src: '{{ role_path }}/files/freeipmi-1.5.7-3.el7.x86_64.rpm'
dest: /tmp/ansible_deploy/
- name: "Install freeipmi rpm package"
yum:
name:
- "/tmp/ansible_deploy/freeipmi-1.5.7-3.el7.x86_64.rpm"
state: present
- name: "mkdir /opt/adc-exporter/"
file:
path: /opt/adc-exporter/
state: directory
- name: "copy node_exporter"
copy:
src: '{{ role_path }}/files/node_exporter'
dest: /opt/adc-exporter/node_exporter
mode: 0755
- name: "copy systemd_exporter"
copy:
src: '{{ role_path }}/files/systemd_exporter'
dest: /opt/adc-exporter/systemd_exporter
mode: 0755
- name: "copy ipmi_exporter"
copy:
src: '{{ role_path }}/files/ipmi_exporter'
dest: /opt/adc-exporter/ipmi_exporter
mode: 0755
- name: "templates adc-exporter-node.service"
template:
src: "{{role_path}}/templates/adc-exporter-node.service.j2"
dest: /usr/lib/systemd/system/adc-exporter-node.service
tags: template
- name: "templates adc-exporter-systemd.service"
template:
src: "{{role_path}}/templates/adc-exporter-systemd.service.j2"
dest: /usr/lib/systemd/system/adc-exporter-systemd.service
tags: template
- name: "templates adc-exporter-ipmi.service"
template:
src: "{{role_path}}/templates/adc-exporter-ipmi.service.j2"
dest: /usr/lib/systemd/system/adc-exporter-ipmi.service
tags: template
- name: 'adc-exporter-node service start'
systemd:
name: adc-exporter-node
enabled: yes
daemon_reload: yes
state: started
- name: 'adc-exporter-systemd service start'
systemd:
name: adc-exporter-systemd
enabled: yes
daemon_reload: yes
state: restarted
- name: 'adc-exporter-ipmi service start'
systemd:
name: adc-exporter-ipmi
enabled: yes
daemon_reload: yes
state: restarted

11
roles/adc_exporter/templates/adc-exporter-ipmi.service.j2
View File

@@ -1,11 +0,0 @@
[Unit]
Description=IPMI Exporter
After=network.target
[Service]
Type=simple
ExecStart=/opt/adc-exporter/ipmi_exporter
Restart=always
[Install]
WantedBy=multi-user.target

11
roles/adc_exporter/templates/adc-exporter-node.service.j2
View File

@@ -1,11 +0,0 @@
[Unit]
Description=Node Exporter
After=network.target
[Service]
Type=simple
ExecStart=/opt/adc-exporter/node_exporter
Restart=always
[Install]
WantedBy=multi-user.target

11
roles/adc_exporter/templates/adc-exporter-systemd.service.j2
View File

@@ -1,11 +0,0 @@
[Unit]
Description=Systemd Exporter
After=network.target
[Service]
Type=simple
ExecStart=/opt/adc-exporter/systemd_exporter --web.disable-exporter-metrics
Restart=always
[Install]
WantedBy=multi-user.target

BIN
roles/adc_exporter_ping/files/ping_exporter
View File

Binary file not shown.

23
roles/adc_exporter_ping/tasks/main.yml
View File

@@ -1,23 +0,0 @@
- name: "mkdir /opt/adc-exporter/"
file:
path: /opt/adc-exporter/
state: directory
- name: "copy ping_exporter"
copy:
src: '{{ role_path }}/files/ping_exporter'
dest: /opt/adc-exporter/ping_exporter
mode: 0755
- name: "templates ping_exporter.service"
template:
src: "{{role_path}}/templates/adc-exporter-ping.service.j2"
dest: /usr/lib/systemd/system/adc-exporter-ping.service
tags: template
- name: 'adc-exporter-ping service start'
systemd:
name: adc-exporter-ping
enabled: yes
daemon_reload: yes
state: restarted

11
roles/adc_exporter_ping/templates/adc-exporter-ping.service.j2
View File

@@ -1,11 +0,0 @@
[Unit]
Description=Ping Exporter
After=network.target
[Service]
Type=simple
ExecStart=/opt/adc-exporter/ping_exporter {{ ping_test.target|join(" ")}} --ping.size=512 --ping.interval=0.5s
Restart=always
[Install]
WantedBy=multi-user.target

BIN
roles/adc_exporter_proxy/files/adc_exporter_proxy.tar.gz
View File

Binary file not shown.

34
roles/adc_exporter_proxy/tasks/main.yml
View File

@@ -1,34 +0,0 @@
- name: "mkdir /opt/adc-exporter-proxy/"
file:
path: /opt/adc-exporter-proxy/
state: directory
- name: "copy file to device"
copy:
src: '{{ role_path }}/files/'
dest: /tmp/ansible_deploy/
- name: "unarchive adc-exporter-proxy(NGINX)"
unarchive:
src: /tmp/ansible_deploy/adc_exporter_proxy.tar.gz
dest: /opt/adc-exporter-proxy
remote_src: yes
- name: "templates adc-exporter-proxy.service"
template:
src: "{{role_path}}/templates/adc-exporter-proxy.service.j2"
dest: /usr/lib/systemd/system/adc-exporter-proxy.service
tags: template
- name: "template nginx.conf"
template:
src: "{{role_path}}/templates/nginx.conf.j2"
dest: /opt/adc-exporter-proxy/adc-exporter-proxy/conf/nginx.conf
tags: template
- name: 'adc-exporter-proxy service start'
systemd:
name: adc-exporter-proxy
enabled: yes
daemon_reload: yes
state: restarted

12
roles/adc_exporter_proxy/templates/adc-exporter-proxy.service.j2
View File

@@ -1,12 +0,0 @@
[Unit]
Description=ADC Exporter Proxy (NGINX) for NEZHA
After=network.target remote-fs.target nss-lookup.target
[Service]
Type=simple
ExecStart=/opt/adc-exporter-proxy/adc-exporter-proxy/sbin/nginx -p /opt/adc-exporter-proxy/adc-exporter-proxy
ExecReload=/opt/adc-exporter-proxy/adc-exporter-proxy/sbin/nginx -p /opt/adc-exporter-proxy/adc-exporter-proxy -s reload
ExecStop=/opt/adc-exporter-proxy/adc-exporter-proxy/sbin/nginx -p /opt/adc-exporter-proxy/adc-exporter-proxy -s stop
[Install]
WantedBy=multi-user.target

152
roles/adc_exporter_proxy/templates/nginx.conf.j2
View File

@@ -1,152 +0,0 @@
user nobody;
worker_processes 1;
daemon off;
error_log logs/error.log;
error_log logs/error.log notice;
error_log logs/error.log info;
pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
tcp_nopush on;
keepalive_timeout 65;
gzip on;
server {
listen 9000;
server_name localhost;
location /metrics/blade/mcn0/node_exporter {
proxy_pass http://192.168.100.1:9100/metrics;
}
location /metrics/blade/mcn1/node_exporter {
proxy_pass http://192.168.100.2:9100/metrics;
}
location /metrics/blade/mcn2/node_exporter {
proxy_pass http://192.168.100.3:9100/metrics;
}
location /metrics/blade/mcn3/node_exporter {
proxy_pass http://192.168.100.4:9100/metrics;
}
location /metrics/blade/mxn/node_exporter {
proxy_pass http://192.168.100.5:9100/metrics;
}
location /metrics/blade/mcn0/systemd_exporter {
proxy_pass http://192.168.100.1:9558/metrics;
}
location /metrics/blade/mcn1/systemd_exporter {
proxy_pass http://192.168.100.2:9558/metrics;
}
location /metrics/blade/mcn2/systemd_exporter {
proxy_pass http://192.168.100.3:9558/metrics;
}
location /metrics/blade/mcn3/systemd_exporter {
proxy_pass http://192.168.100.4:9558/metrics;
}
location /metrics/blade/mcn0/ipmi_exporter {
proxy_pass http://192.168.100.1:9290/metrics;
}
location /metrics/blade/mcn1/ipmi_exporter {
proxy_pass http://192.168.100.2:9290/metrics;
}
location /metrics/blade/mcn2/ipmi_exporter {
proxy_pass http://192.168.100.3:9290/metrics;
}
location /metrics/blade/mcn3/ipmi_exporter {
proxy_pass http://192.168.100.4:9290/metrics;
}
location /metrics/blade/mxn/ipmi_exporter {
proxy_pass http://192.168.100.5:9290/metrics;
}
location /metrics/blade/mcn0/certstore {
proxy_pass http://192.168.100.1:9002/metrics;
}
location /metrics/blade/mcn1/tfe {
proxy_pass http://192.168.100.2:9001/metrics;
}
location /metrics/blade/mcn2/tfe {
proxy_pass http://192.168.100.3:9001/metrics;
}
location /metrics/blade/mcn3/tfe {
proxy_pass http://192.168.100.4:9001/metrics;
}
location /metrics/blade/mcn0/sapp {
proxy_pass http://192.168.100.1:9273/metrics;
}
location /metrics/blade/mcn0/mrapm_device {
proxy_pass http://192.168.100.1:8901/metrics;
}
location /metrics/blade/mcn0/mrapm_stream {
proxy_pass http://192.168.100.1:8902/metrics;
}
location /metrics/blade/mcn1/mrapm_device {
proxy_pass http://192.168.100.2:8901/metrics;
}
location /metrics/blade/mcn1/mrapm_stream {
proxy_pass http://192.168.100.2:8902/metrics;
}
location /metrics/blade/mcn2/mrapm_device {
proxy_pass http://192.168.100.3:8901/metrics;
}
location /metrics/blade/mcn2/mrapm_stream {
proxy_pass http://192.168.100.3:8902/metrics;
}
location /metrics/blade/mcn3/mrapm_device {
proxy_pass http://192.168.100.4:8901/metrics;
}
location /metrics/blade/mcn3/mrapm_stream {
proxy_pass http://192.168.100.4:8902/metrics;
}
location /metrics/blade/mcn0/maat_redis {
proxy_pass http://192.168.100.1:9121/metrics;
}
location /metrics/blade/mcn0/ping_exporter {
proxy_pass http://192.168.100.1:9427/metrics;
}
}
}

BIN
roles/app_global/files/app-sketch-global-1.0.3.202010.a7b2e40-1.el7.x86_64.rpm
View File

Binary file not shown.

BIN
roles/app_global/files/emqx-centos7-v4.1.2.x86_64.rpm
View File

Binary file not shown.

36
roles/app_global/tasks/main.yml
View File

@@ -1,36 +0,0 @@
- name: "copy app_global rpm to destination server"
copy:
src: "{{ role_path }}/files/"
dest: /tmp/ansible_deploy/
- name: "install app rpms from localhost"
yum:
name:
- /tmp/ansible_deploy/emqx-centos7-v4.1.2.x86_64.rpm
- /tmp/ansible_deploy/app-sketch-global-1.0.3.202010.a7b2e40-1.el7.x86_64.rpm
state: present
- name: "template the app_sketch_global.conf"
template:
src: "{{ role_path }}/templates/app_sketch_global.conf.j2"
dest: /opt/tsg/app-sketch-global/conf/app_sketch_global.conf
- name: "template the zlog.conf"
template:
src: "{{ role_path }}/templates/zlog.conf.j2"
dest: /opt/tsg/app-sketch-global/conf/zlog.conf
- name: "Start emqx"
systemd:
name: emqx.service
state: started
enabled: yes
daemon_reload: yes
- name: "Start app-sketch-global"
systemd:
name: app-sketch-global.service
state: started
enabled: yes
daemon_reload: yes

41
roles/app_global/templates/app_sketch_global.conf.j2
View File

@@ -1,41 +0,0 @@
[SYSTEM]
#1:print on screen, 0:don't
DEBUG_SWITCH = 1
RUN_LOG_PATH = "conf/zlog.conf"
[breakpad]
disable_coredump=0
enable_breakpad=1
breakpad_minidump_dir=/tmp/app-sketch-global/crashreport
enable_breakpad_upload=0
breakpad_upload_url={{ breakpad_upload_url }}
[CONFIG]
#Number of running threads
thread-nu = 1
timeout = 3600
address="tcp://127.0.0.1:1883"
topic_name="APP_SIGNATURE_ID"
client_name="ExampleClientSub"
[maat]
# 0:json 1: redis 2: iris
maat_input_mode=1
table_info=./resource/table_info.conf
json_cfg_file=./resource/gtest.json
stat_file=logs/verify-policy.status
full_cfg_dir=verify-policy/
inc_cfg_dir=verify-policy/
maat_redis_server={{ maat_redis_server.address }}
maat_redis_port_range={{ maat_redis_server.port }}
maat_redis_db_index={{ maat_redis_server.db }}
effect_interval_s=1
accept_tags={"tags":[{"tag":"location","value":"Astana"}]}
[stat]
statsd_server={{ file_stat_ip }}
statsd_port=8100
statsd_cycle=5
# FS_OUTPUT_STATSD=1, FS_OUTPUT_INFLUX_LINE=2
statsd_format=2

12
roles/app_global/templates/zlog.conf.j2
View File

@@ -1,12 +0,0 @@
[global]
default format = "%d(%c), %V, %F, %U, %m%n"
[levels]
DEBUG=10
INFO=20
FATAL=30
[rules]
*.fatal "./logs/error.log.%d(%F)";
*.{{ app_sketch_global_log_level }} "./logs/app_sketch_global.log.%d(%F)"

1052
roles/cert-redis/files/cert-redis.conf
View File

File diff suppressed because it is too large Load Diff

12
roles/cert-redis/files/cert-redis.service
View File

@@ -1,12 +0,0 @@
[Unit]
Description=Redis persistent key-value database
After=network.target
[Service]
ExecStart=/usr/bin/redis-server /etc/cert-redis.conf --supervised systemd
ExecStop=/usr/libexec/redis-shutdown cert-redis
Type=notify
[Install]
WantedBy=multi-user.target

15
roles/cert-redis/tasks/main.yml
View File

@@ -1,15 +0,0 @@
- name: "copy cert-redis file to dest"
copy:
src: "{{ role_path }}/files/"
dest: "{{ item.dest }}"
mode: "{{ item.mode }}"
with_items:
- { src: "cert-redis.conf" , dest: "/etc" , mode: "0644" }
- { src: "cert-redis.service" , dest: "/usr/lib/systemd/system" , mode: "0644" }
- name: "start cert-redis"
systemd:
name: cert-redis.service
state: started
daemon_reload: yes
enabled: yes

BIN
roles/certstore/files/certstore-2.1.7.20210422.3f0c7ed-1.el7.x86_64.rpm
View File

Binary file not shown.

3
roles/certstore/files/memory.conf
View File

@@ -1,3 +0,0 @@
[Service]
MemoryLimit=16G
ExecStartPost=/bin/bash -c "echo 16G > /sys/fs/cgroup/memory/system.slice/certstore.service/memory.memsw.limit_in_bytes"

37
roles/certstore/tasks/main.yml
View File

@@ -1,37 +0,0 @@
- name: "copy certstore rpm to destination"
synchronize:
src: "{{ role_path }}/files/"
dest: "/tmp/ansible_deploy/"
- name: Ensures /opt/tsg exists
file: path=/opt/tsg state=directory
tags: mkdir
- name: install certstore
yum:
name:
- /tmp/ansible_deploy/certstore-2.1.7.20210422.3f0c7ed-1.el7.x86_64.rpm
state: present
- name: template certstore configure file
template:
src: "{{ role_path }}/templates/cert_store.ini.j2"
dest: /opt/tsg/certstore/conf/cert_store.ini
- name: template certstore zlog file
template:
src: "{{ role_path }}/templates/zlog.conf.j2"
dest: /opt/tsg/certstore/conf/zlog.conf
- name: "copy memory limit file to certstore.service.d"
copy:
src: "{{ role_path }}/files/memory.conf"
dest: /etc/systemd/system/certstore.service.d/
mode: 0644
- name: "start certstore"
systemd:
name: certstore.service
state: started
enabled: yes
daemon_reload: yes

60
roles/certstore/templates/cert_store.ini.j2
View File

@@ -1,60 +0,0 @@
[SYSTEM]
#1:print on screen, 0:don't
DEBUG_SWITCH = 1
RUN_LOG_PATH = "conf/zlog.conf"
[breakpad]
disable_coredump=0
enable_breakpad=1
breakpad_minidump_dir=/tmp/certstore/crashreport
enable_breakpad_upload=1
breakpad_upload_url= {{ breakpad_upload_url }}
[CONFIG]
#Number of running threads
thread-nu = 4
#1 rsync, 0 sync
mode=1
#Local default root certificate is valid for 30 days by default
expire_after = 30
#Local default root certificate path
local_debug = 1
ca_path = ./cert/tango-ca-v3-trust-ca.pem
untrusted_ca_path = ./cert/tango-ca-v3-untrust-ca.pem
[MAAT]
#Configure the load mode,
#0: using the configuration distribution network
#1: using local json
#2: using Redis reads
maat_json_switch=2
#When the loading mode is sent to the network, set the scanning configuration modification interval (s).
effective_interval=1
#Specify the location of the configuration library table file
table_info=./conf/table_info.conf
#Incremental profile path
inc_cfg_dir=./rule/inc/index
#Full profile path
full_cfg_dir=./rule/full/index
#Json file path when json schema is used
pxy_obj_keyring=./conf/pxy_obj_keyring.json
[LIBEVENT]
#Local monitor port number, default is 9991
port = 9991
[CERTSTORE_REDIS]
#The Redis server IP address and port number where the certificate is stored locally
ip = 127.0.0.1
port = 6379
[MAAT_REDIS]
#Maat monitors the Redsi server IP address and port number
ip = {{ maat_redis_server.address }}
port = {{ maat_redis_server.port }}
dbindex = {{ maat_redis_server.db }}
[stat]
statsd_server=127.0.0.1
statsd_port=8100
statsd_set_prometheus_port=9002
statsd_set_prometheus_url_path=/metrics

10
roles/certstore/templates/zlog.conf.j2
View File

@@ -1,10 +0,0 @@
[global]
default format = "%d(%c), %V, %F, %U, %m%n"
[levels]
DEBUG=10
INFO=20
FATAL=30
[rules]
*.fatal "./logs/error.log.%d(%F)";
*.{{ certstore_log_level }} "./logs/certstore.log.%d(%F)"

1
roles/docker-env/files/daemon.json
View File

@@ -1 +0,0 @@
{"iptables":false,"bridge": "none"}

BIN
roles/docker-env/files/docker-ce.zip
View File

Binary file not shown.

BIN
roles/docker-env/files/docker-compose.zip
View File

Binary file not shown.

BIN
roles/docker-env/files/python3.zip
View File

Binary file not shown.

43
roles/docker-env/tasks/docker-ce.yml
View File

@@ -1,43 +0,0 @@
---
- name: "docker-ce: copy docker-ce.zip to dest device"
copy:
src: '{{ role_path }}/files/docker-ce.zip'
dest: /tmp/ansible_deploy/
- name: "docker-ce: unarchive docker-ce.zip"
unarchive:
src: /tmp/ansible_deploy/docker-ce.zip
dest: /tmp/ansible_deploy/
remote_src: yes
- name: "docker-ce: install docker-ce rpm package and dependencies"
yum:
name:
- /tmp/ansible_deploy/docker-ce/container-selinux-2.119.2-1.911c772.el7_8.noarch.rpm
- /tmp/ansible_deploy/docker-ce/docker-ce-19.03.13-3.el7.x86_64.rpm
- /tmp/ansible_deploy/docker-ce/docker-ce-cli-19.03.13-3.el7.x86_64.rpm
- /tmp/ansible_deploy/docker-ce/containerd.io-1.3.7-3.1.el7.x86_64.rpm
- /tmp/ansible_deploy/docker-ce/selinux-policy-targeted-3.13.1-266.el7_8.1.noarch.rpm
- /tmp/ansible_deploy/docker-ce/selinux-policy-3.13.1-266.el7_8.1.noarch.rpm
- /tmp/ansible_deploy/docker-ce/policycoreutils-python-2.5-34.el7.x86_64.rpm
- /tmp/ansible_deploy/docker-ce/policycoreutils-2.5-34.el7.x86_64.rpm
- /tmp/ansible_deploy/docker-ce/libselinux-utils-2.5-15.el7.x86_64.rpm
- /tmp/ansible_deploy/docker-ce/libselinux-python-2.5-15.el7.x86_64.rpm
- /tmp/ansible_deploy/docker-ce/libselinux-2.5-15.el7.x86_64.rpm
- /tmp/ansible_deploy/docker-ce/setools-libs-3.3.8-4.el7.x86_64.rpm
- /tmp/ansible_deploy/docker-ce/libsepol-2.5-10.el7.x86_64.rpm
- /tmp/ansible_deploy/docker-ce/libsemanage-python-2.5-14.el7.x86_64.rpm
- /tmp/ansible_deploy/docker-ce/libsemanage-2.5-14.el7.x86_64.rpm
state: present
- name: "docker-ce: copy daemon.json to target"
copy:
src: '{{ role_path }}/files/daemon.json'
dest: /etc/docker/
- name: "docker-ce: systemctl start docker and enabled docker"
systemd:
name: docker
enabled: yes
daemon_reload: yes
state: started

18
roles/docker-env/tasks/docker-compose.yml
View File

@@ -1,18 +0,0 @@
---
- name: "docker-compose: copy docker-compose.zip to dest device"
copy:
src: '{{ role_path }}/files/docker-compose.zip'
dest: /tmp/ansible_deploy/
- name: "docker-compose: unarchive docker-compose.zip"
unarchive:
src: /tmp/ansible_deploy/docker-compose.zip
dest: /tmp/ansible_deploy/
remote_src: yes
- name: "docker-compose: install docker-compose using pip3"
pip:
requirements: /tmp/ansible_deploy/docker-compose/requirements.txt
extra_args: "--no-index --find-links=file:///tmp/ansible_deploy/docker-compose"
state: forcereinstall
executable: pip3

4
roles/docker-env/tasks/main.yml
View File

@@ -1,4 +0,0 @@
---
- include: docker-ce.yml
- include: python3.yml
- include: docker-compose.yml

21
roles/docker-env/tasks/python3.yml
View File

@@ -1,21 +0,0 @@
---
- name: "python3: copy python3.zip to dest device"
copy:
src: '{{ role_path }}/files/python3.zip'
dest: /tmp/ansible_deploy/
- name: "python3: unarchive python3.zip"
unarchive:
src: /tmp/ansible_deploy/python3.zip
dest: /tmp/ansible_deploy/
remote_src: yes
- name: "python3: install python3 rpm package and dependencies"
yum:
name:
- /tmp/ansible_deploy/python3/python3-libs-3.6.8-13.el7.x86_64.rpm
- /tmp/ansible_deploy/python3/python3-3.6.8-13.el7.x86_64.rpm
- /tmp/ansible_deploy/python3/python3-pip-9.0.3-7.el7_7.noarch.rpm
- /tmp/ansible_deploy/python3/python3-setuptools-39.2.0-10.el7.noarch.rpm
- /tmp/ansible_deploy/python3/libtirpc-0.2.4-0.16.el7.x86_64.rpm
state: present

BIN
roles/firewall/files/app_proto_engine-devel-2.0.4.95a943e-2.el7.x86_64.rpm Normal file
View File

Binary file not shown.

BIN
roles/firewall/files/dns-2.0.11.2265b5c-2.el7.x86_64.rpm
View File

Binary file not shown.

BIN
roles/firewall/files/dns-2.0.12.e083fec-2.el7.x86_64.rpm Normal file
View File

Binary file not shown.

BIN
roles/firewall/files/fw_dns_plug-3.0.5.2a25c20-2.el7.x86_64.rpm
View File

Binary file not shown.

BIN
roles/firewall/files/fw_dns_plug-3.0.6.57c2feb-2.el7.x86_64.rpm Normal file
View File

Binary file not shown.

BIN
roles/firewall/files/fw_http_plug-3.2.5.30df450-2.el7.x86_64.rpm Normal file
View File

Binary file not shown.

BIN
roles/firewall/files/fw_ssl_plug-3.0.6.a121701-2.el7.x86_64.rpm
View File

Binary file not shown.

BIN
roles/firewall/files/fw_ssl_plug-3.1.1.d9e9de4-2.el7.x86_64.rpm Normal file
View File

Binary file not shown.

BIN
roles/firewall/files/gtp_signaling_plug-1.0.1.6e51cc4-2.el7.x86_64.rpm
View File

Binary file not shown.

BIN
roles/firewall/files/gtp_signaling_plug-1.0.2.2dfced5-2.el7.x86_64.rpm Normal file
View File

Binary file not shown.

BIN
roles/firewall/files/mail-1.0.11.48abeae-2.el7.x86_64.rpm Normal file
View File

Binary file not shown.

BIN
roles/firewall/files/mail-1.0.9.c1d3bde-2.el7.x86_64.rpm
View File

Binary file not shown.

BIN
roles/firewall/files/mesa_sip-1.1.0.cfebc76-2.el7.x86_64.rpm
View File

Binary file not shown.

BIN
roles/firewall/files/mesa_sip-1.1.1.0721ead-2.el7.x86_64.rpm Normal file
View File

Binary file not shown.

BIN
roles/firewall/files/ssl-1.0.12.16b8fb5-2.el7.x86_64.rpm
View File

Binary file not shown.

BIN
roles/firewall/files/ssl-2.0.2.1389716-2.el7.x86_64.rpm Normal file
View File

Binary file not shown.

BIN
roles/firewall/files/tsg_conn_sketch-2.1.33.68c9aaf-2.el7.x86_64.rpm
View File

Binary file not shown.

BIN
roles/firewall/files/tsg_conn_sketch-2.1.41.906e62b-2.el7.x86_64.rpm Normal file
View File

Binary file not shown.

31
roles/firewall/tasks/main.yml
View File

@@ -13,25 +13,26 @@
fw_packages:
- /tmp/ansible_deploy/capture_packet_plug-3.0.6.a2db4a4-2.el7.x86_64.rpm
- /tmp/ansible_deploy/conn_telemetry-1.0.2.8d6da43-2.el7.x86_64.rpm
- /tmp/ansible_deploy/dns-2.0.11.2265b5c-2.el7.x86_64.rpm
- /tmp/ansible_deploy/dns-2.0.12.e083fec-2.el7.x86_64.rpm
- /tmp/ansible_deploy/ftp-1.0.8.13d5fda-2.el7.x86_64.rpm
- /tmp/ansible_deploy/fw_dns_plug-3.0.5.2a25c20-2.el7.x86_64.rpm
- /tmp/ansible_deploy/fw_dns_plug-3.0.6.57c2feb-2.el7.x86_64.rpm
- /tmp/ansible_deploy/fw_ftp_plug-3.0.1.0a78573-2.el7.x86_64.rpm
- /tmp/ansible_deploy/fw_http_plug-3.2.3.6b8c95d-2.el7.x86_64.rpm
- /tmp/ansible_deploy/fw_http_plug-3.2.5.30df450-2.el7.x86_64.rpm
- /tmp/ansible_deploy/fw_mail_plug-3.1.1.777fa90-2.el7.x86_64.rpm
- /tmp/ansible_deploy/fw_quic_plug-3.0.4.947ef77-2.el7.x86_64.rpm
- /tmp/ansible_deploy/fw_ssl_plug-3.0.6.a121701-2.el7.x86_64.rpm
- /tmp/ansible_deploy/fw_ssl_plug-3.1.1.d9e9de4-2.el7.x86_64.rpm
- /tmp/ansible_deploy/http-2.0.5.c61ad9a-2.el7.x86_64.rpm
- /tmp/ansible_deploy/mail-1.0.9.c1d3bde-2.el7.x86_64.rpm
- /tmp/ansible_deploy/mail-1.0.11.48abeae-2.el7.x86_64.rpm
- /tmp/ansible_deploy/quic-1.1.17.8c22b4d-2.el7.x86_64.rpm
- /tmp/ansible_deploy/ssl-1.0.12.16b8fb5-2.el7.x86_64.rpm
- /tmp/ansible_deploy/tsg_conn_sketch-2.1.33.68c9aaf-2.el7.x86_64.rpm
- /tmp/ansible_deploy/ssl-2.0.2.1389716-2.el7.x86_64.rpm
- /tmp/ansible_deploy/tsg_conn_sketch-2.1.41.906e62b-2.el7.x86_64.rpm
- /tmp/ansible_deploy/rtp-1.0.4.91b4ab7-2.el7.x86_64.rpm
- /tmp/ansible_deploy/mesa_sip-1.1.0.cfebc76-2.el7.x86_64.rpm
- /tmp/ansible_deploy/mesa_sip-1.1.1.0721ead-2.el7.x86_64.rpm
- /tmp/ansible_deploy/fw_voip_plug-1.0.6.341fe83-2.el7.x86_64.rpm
- /tmp/ansible_deploy/app_proto_identify-2.0.1.dd683eb-2.el7.x86_64.rpm
- /tmp/ansible_deploy/gtp-1.0.4.8804e43-2.el7.x86_64.rpm
- /tmp/ansible_deploy/gtp_signaling_plug-1.0.1.6e51cc4-2.el7.x86_64.rpm
- /tmp/ansible_deploy/gtp_signaling_plug-1.0.2.2dfced5-2.el7.x86_64.rpm
- /tmp/ansible_deploy/app_proto_identify-2.0.1.dd683eb-2.el7.x86_64.rpm
- /tmp/ansible_deploy/app_proto_engine-devel-2.0.4.95a943e-2.el7.x86_64.rpm
- name: "Template the tsgconf/main.conf"
template:
@@ -46,16 +47,13 @@
dest: /home/mesasoft/sapp_run/tsgconf/maat.conf
tags: template
- name: "Template the conf/capture_packet_plug.conf.j2"
template:
src: "{{ role_path }}/templates/capture_packet_plug.conf.j2"
dest: /home/mesasoft/sapp_run/conf/capture_packet_plug.conf
tags: template
- name: "Template the tsgconf/app_l7_proto_id.conf"
template:
src: "{{ role_path }}/templates/app_l7_proto_id.conf.j2"
dest: /home/mesasoft/sapp_run/tsgconf/app_l7_proto_id.conf
- name: "Template the /home/mesasoft/sapp_run/plug/business/tsg_conn_sketch/tsg_conn_sketch.inf"
template:
@@ -63,3 +61,8 @@
dest: /home/mesasoft/sapp_run/plug/business/tsg_conn_sketch/tsg_conn_sketch.inf
tags: template
- name: "Template the conf/http/http.conf"
template:
src: "{{ role_path }}/templates/http.conf.j2"
dest: /home/mesasoft/sapp_run/conf/http/http.conf
tags: template

51
roles/firewall/templates/app_l7_proto_id.conf.j2
View File

@@ -1,51 +0,0 @@
#TYPE1:UCHAR,2:USHORT,3:USTRING,4:ULOG,5:USTRING,6:FILE,7:UBASE64,8:PACKET
#TYPE FIELD VALUE
STRING UNCATEGORIZED 100
STRING UNCATEGORIZED 101
STRING UNKNOWN_OTHER 102
STRING DNS 103
STRING FTP 104
STRING FTPS 105
STRING HTTP 106
STRING HTTPS 107
STRING ICMP 108
STRING IKE 109
STRING MAIL 110
STRING IMAPS 111
STRING IPSEC 112
STRING XMPP 113
STRING L2TP 114
STRING NTP 115
STRING POP3S 117
STRING PPTP 118
STRING QUIC 119
STRING SIP 120
STRING SMB 121
STRING SMTPS 123
STRING SPDY 124
STRING SSH 125
STRING SSL 126
STRING SOCKS 127
STRING TELNET 128
STRING DHCP 129
STRING RADIUS 130
STRING OPENVPN 131
STRING STUN 132
STRING TEREDO 133
STRING DTLS 134
STRING DoH 135
STRING ISAKMP 136
STRING MDNS 137
STRING NETBIOS 138
STRING NETFLOW 139
STRING RDP 140
STRING RTCP 141
STRING RTP 142
STRING SLP 143
STRING SNMP 144
STRING SSDP 145
STRING TFTP 146
STRING BJNP 147
STRING LDAP 148
STRING RTMP 149
STRING RTSP 150

6
roles/firewall/templates/capture_packet_plug.conf.j2
View File

@@ -14,7 +14,6 @@ JSON_CFG_FILE=conf/capture_packet_maat.json
INC_CFG_DIR=capture_packet_rule/inc/index/
FULL_CFG_DIR=capture_packet_rule/full/index/
EFFECTIVE_RANGE_FILE=/opt/tsg/etc/tsg_device_tag.json
ACCEPT_TAGS={"tags":[{"tag":"data_center","value":"{{ data_center }}"}]}
[LOG]
@@ -23,6 +22,5 @@ BROKER_LIST={{ log_kafkabrokers.address | join(",") }}
FIELD_FILE=conf/capture_packet_log_field.conf
[SYSTEM]
LOG_LEVEL={{ capture_packet_log_level }}
LOG_PATH=./tsglog/capture_packet_plug/capture_packet
LOG_LEVEL=30
LOG_PATH=./tsglog/capture_packet_plug/capture_packet

43
roles/firewall/templates/http.conf.j2 Normal file
View File

@@ -0,0 +1,43 @@
#http_special
#all regions
1 HTTP_ALL
2 HTTP_OTHER_REGIONS
#http state
3 HTTP_STATE
4 HTTP_REQ_LINE
5 HTTP_RES_LINE
6 HTTP_CONTENT
7 HTTP_UNGZIP_CONTENT
8 HTTP_MESSAGE_URL
9 HTTP_URI
#http_request
10 HTTP_HOST
11 HTTP_REFERER
12 HTTP_USER_AGENT
13 HTTP_COOKIE
14 HTTP_PROXY_AUTHORIZATION
15 HTTP_AUTHORIZATION
#http_response
16 HTTP_LOCATION
17 HTTP_SERVER
18 HTTP_ETAG
#http_general
19 HTTP_DATE
20 HTTP_TRAILER
21 HTTP_TRANSFER_ENCODING
22 HTTP_VIA
23 HTTP_PRAGMA
24 HTTP_CONNECTION
#http_content
25 HTTP_CONT_ENCODING
26 HTTP_CONT_LANGUAGE
27 HTTP_CONT_LOCATION
28 HTTP_CONT_DISPOSITION
29 HTTP_CONT_RANGE
30 HTTP_CONT_LENGTH
31 HTTP_CONT_TYPE
32 HTTP_CHARSET
33 HTTP_EXPIRES
34 HTTP_X_FLASH_VERSION
35 HTTP_TRANSFER_LENGTH
36 Set-Cookie

16
roles/firewall/templates/maat.conf.j2
View File

@@ -48,5 +48,21 @@ INC_CFG_DIR=tsgrule/inc/index/
FULL_CFG_DIR=tsgrule/full/index/
EFFECTIVE_RANGE_FILE=/opt/tsg/etc/tsg_device_tag.json
[CAPTURE]
MAAT_MODE=2
STAT_SWITCH=1
PERF_SWITCH=1
TABLE_INFO=tsgconf/app_sketch_tableinfo.conf
STAT_FILE=app_sketch_maat.status
EFFECT_INTERVAL_S=1
REDIS_IP={{ maat_redis_server.address }}
REDIS_PORT_NUM={{ maat_redis_server.port_num }}
REDIS_PORT={{ maat_redis_server.port }}
REDIS_INDEX={{ maat_redis_server.db }}
JSON_CFG_FILE=tsgconf/app_sketch_maat.json
INC_CFG_DIR=tsgrule/inc/index/
FULL_CFG_DIR=tsgrule/full/index/
EFFECTIVE_RANGE_FILE=/opt/tsg/etc/tsg_device_tag.json
[MAAT]
ACCEPT_TAGS={"tags":[{"tag":"data_center","value":"{{ data_center }}"}]}

36
roles/firewall/templates/main.conf.j2
View File

@@ -66,30 +66,38 @@ ENTRANCE_ID={{ tsg_master_entrance_id }}
LOG_LEVEL={{ tsg_master_log_level }}
LOG_PATH="./tsglog/tsg_master"
POLICY_PRIORITY_LABEL="POLICY_PRIORITY"
L7_PROTOCOL_FILE="./tsgconf/tsg_l7_protocol.conf"
DEVICE_ID_COMMAND="hostname | awk -F'-' '{print $3}'| awk -F'adc' '{print $2}'"
[TSG_CONN_SKETCH]
log_service=2
live_service=6
transaction_service=7
live_service_switch=1
transaction_service_switch=1
live_intervals_time = 30
[HOS_CONF]
hos_serverip="{{ firewall.hos_serverip }}"
hos_serverport={{ firewall.hos_serverport }}
hos_accesskeyid="{{ firewall.hos_accesskeyid }}"
hos_secretkey="{{ firewall.hos_secretkey }}"
hos_poolsize={{ firewall.hos_poolsize }}
hos_thread_sum={{ firewall.hos_thread_sum }}
hos_cache_size={{ firewall.hos_cache_size }}
hos_fs2_serverip="{{ firewall.hos_fs2_serverip }}"
hos_fs2_serverport={{ firewall.hos_fs2_serverport }}
hos_accesskeyid="default"
hos_secretkey="default"
hos_poolsize=100
hos_thread_sum=32
hos_cache_size=102400
hos_fs2_serverip="127.0.0.1"
hos_fs2_serverport=10086
[APP_SKETCH_LOCAL]
LOG_LEVEL={{ firewall.APP_SKETCH_LOG_LEVEL }}
LOG_PATH="{{ firewall.APP_SKETCH_LOG_PATH }}"
L7_PROTOCOL_LABEL="{{ firewall.APP_SKETCH_L7_PROTOCOL_LABEL }}"
LOG_LEVEL=10
LOG_PATH="./tsglog/app_sketch_local/app_sketch_local"
[APP_SKETCH_FEEDBACK]
QOS={{ firewall.APP_SKETCH_QOS }}
PUBLISH_TOPIC="{{ firewall.APP_SKETCH_PUBLISH_TOPIC }}"
QOS=1
PUBLISH_TOPIC="APP_SIGNATURE_ID"
#CLIENT_ID=
BROKER_LIST="{{ firewall.APP_SKETCH_BROKER_LIST }}"
BROKER_IP="{{ firewall.APP_SKETCH_BROKER_IP }}"
BROKER_PORT="{{ firewall.APP_SKETCH_BROKER_PORT }}"
[APP_PROTO_ENGINE]
license_path=/data/app_proto_engine/license

17
roles/firewall/templates/tsg_conn_sketch.inf.j2
View File

@@ -25,11 +25,22 @@ FUNC_NAME=tsg_record_http_entry
FUNC_FLAG=SSL_CLIENT_HELLO,SSL_SERVER_HELLO,SSL_APPLICATION_DATA,SSL_CERTIFICATE_DETAIL
FUNC_NAME=tsg_record_ssl_entry
#[DNS]
#FUNC_FLAG=ALL
#FUNC_NAME=tsg_record_dns_entry
[DNS]
FUNC_FLAG=ALL
FUNC_NAME=tsg_record_dns_entry
[MAIL]
FUNC_FLAG=ALL
FUNC_NAME=tsg_record_mail_entry
[RTP]
FUNC_FLAG=ALL
FUNC_NAME=tsg_record_rtp_entry
[SIP]
FUNC_FLAG=ALL
FUNC_NAME=tsg_record_sip_entry
[FTP]
FUNC_FLAG=ALL
FUNC_NAME=tsg_record_ftp_entry

BIN
roles/framework/files/libMESA_handle_logger-2.0.7.cb4ad71-2.el7.x86_64.rpm
View File

Binary file not shown.

BIN
roles/framework/files/libMESA_handle_logger-2.0.8.f76af2f-2.el7.x86_64.rpm Normal file
View File

Binary file not shown.

BIN
roles/framework/files/libhos-client-cpp-1.0.24.20e6f94-2.el7.x86_64.rpm
View File

Binary file not shown.

BIN
roles/framework/files/libhos-client-cpp-1.0.26.a8573f5-2.el7.x86_64.rpm Normal file
View File

Binary file not shown.

BIN
roles/framework/files/libmaatframe-3.1.22.3.1.22.3.1.22.6b91622-2.el7.x86_64.rpm
View File

Binary file not shown.

BIN
roles/framework/files/libmaatframe-3.2.1.8bf48ba-2.el7.x86_64.rpm Normal file
View File

Binary file not shown.

0
roles/sapp/files/maat_redis_tool → roles/framework/files/maat_redis_tool Executable file → Normal file
View File

12
roles/framework/tasks/main.yml
View File

@@ -12,10 +12,10 @@
packages:
- /tmp/ansible_deploy/libcjson-1.7.10.ab2896f-2.el7.x86_64.rpm
- /tmp/ansible_deploy/libdocumentanalyze-2.0.6.2d1abe0-2.el7.x86_64.rpm
- /tmp/ansible_deploy/libmaatframe-3.1.22.3.1.22.3.1.22.6b91622-2.el7.x86_64.rpm
- /tmp/ansible_deploy/libmaatframe-3.2.1.8bf48ba-2.el7.x86_64.rpm
- /tmp/ansible_deploy/libMESA_field_stat-1.0.2.6d45eed-2.el7.x86_64.rpm
- /tmp/ansible_deploy/libMESA_field_stat2-2.9.10.72ac4f1-2.el7.x86_64.rpm
- /tmp/ansible_deploy/libMESA_handle_logger-2.0.7.cb4ad71-2.el7.x86_64.rpm
- /tmp/ansible_deploy/libMESA_handle_logger-2.0.8.f76af2f-2.el7.x86_64.rpm
- /tmp/ansible_deploy/libMESA_htable-3.10.12.cf4ccfc-2.el7.x86_64.rpm
- /tmp/ansible_deploy/libMESA_prof_load-1.0.6.c6da36a-2.el7.x86_64.rpm
- /tmp/ansible_deploy/librdkafka-0.11.4-1.el7.x86_64.rpm
@@ -30,7 +30,7 @@
- /tmp/ansible_deploy/libaws-checksums-1.0.6.8b09ac1-2.el7.x86_64.rpm
- /tmp/ansible_deploy/libaws-cpp-sdk-core-1.0.8.a3fe079-2.el7.x86_64.rpm
- /tmp/ansible_deploy/libaws-cpp-sdk-s3-2.0.0.f3c33ea-2.el7.x86_64.rpm
- /tmp/ansible_deploy/libhos-client-cpp-1.0.24.20e6f94-2.el7.x86_64.rpm
- /tmp/ansible_deploy/libhos-client-cpp-1.0.26.a8573f5-2.el7.x86_64.rpm
- name: "mkdir /etc/ld.so.conf.d/"
file:
@@ -44,3 +44,9 @@
- name: "update ld"
command: ldconfig
- name: "copy maat_redis_tool to destination"
copy:
src: "{{ role_path }}/files/maat_redis_tool"
dest: /opt/MESA/bin/
mode: 0755

BIN
roles/http_healthcheck/files/http_healthcheck-20.04-1.el7.x86_64.rpm
View File

Binary file not shown.

10
roles/http_healthcheck/tasks/main.yml
View File

@@ -1,10 +0,0 @@
- name: "copy http_healthcheck rpm to destination server"
copy:
src: "{{ role_path }}/files/"
dest: /tmp/ansible_deploy/
- name: "install http_healthcheck from localhost"
yum:
name:
- /tmp/ansible_deploy/http_healthcheck-20.04-1.el7.x86_64.rpm
state: present

25
roles/kernel-ml/tasks/main.yml
View File

@@ -20,26 +20,7 @@
command: /usr/sbin/grub2-set-default 0
when: t_kernel_ml.changed
- name: "copy /etc/default/grub"
copy:
src: "{{ role_path }}/files/grub"
dest: "/etc/default"
when:
- tsg_access_type == 4 or tsg_access_type == 5
- t_kernel_ml.changed
- name: "BIOS:grub2-mkconfig"
shell: grub2-mkconfig -o /boot/grub2/grub.cfg
when:
- tsg_access_type == 4 or tsg_access_type == 5
- t_kernel_ml.changed
- name: "UEFI:grub2-mkconfig"
shell: grub2-mkconfig -o /boot/efi/EFI/centos/grub.cfg
when:
- tsg_access_type == 4 or tsg_access_type == 5
- t_kernel_ml.changed
- name: "reboot"
reboot:
when: t_kernel_ml.changed
#- name: "reboot"
# reboot:
# when: t_kernel_ml.changed

BIN
roles/kni/files/kni-21.05.01.e7573e5-2.el7.x86_64.rpm
View File

Binary file not shown.

24
roles/kni/tasks/main.yml
View File

@@ -1,24 +0,0 @@
---
- name: "copy kni to destination server"
copy:
src: "{{ role_path }}/files/"
dest: /tmp/ansible_deploy/
- name: "install kni rpms from localhost"
yum:
name:
- /tmp/ansible_deploy/kni-21.05.01.e7573e5-2.el7.x86_64.rpm
state: present
# skip_broken: yes
- name: Template the kni.conf
template:
src: "{{ role_path }}/templates/kni.conf.j2"
dest: /home/mesasoft/sapp_run/etc/kni/kni.conf
tags: template
- name: "enable sapp"
systemd:
name: sapp
enabled: yes
daemon_reload: yes

144
roles/kni/templates/kni.conf.j2
View File

@@ -1,144 +0,0 @@
[global]
log_path = ./log/kni/kni.log
log_level = {{ kni_log_level }}
tfe_node_count = {{ kni.global.tfe_node_count }}
manage_eth = {{ nic_mgr.name }}
{% if tsg_running_type == 0 %}
deploy_mode = tun
{% else %}
deploy_mode = normal
{% endif %}
tun_name = tun_kni
src_mac_addr = 00:0e:c6:d6:72:c1
dst_mac_addr = fe:65:b7:03:50:bd
{% if tsg_access_type == 4 or tsg_access_type == 5 %}
[tfe0]
enabled = 1
dev_eth_symbol = {{ ATCA_data_incoming.vf1_name }}
ip_addr = 192.168.100.1
{% elif tsg_running_type == 2 %}
[tfe0]
enabled = {{ kni.tfe_nodes.tfe0_enabled }}
dev_eth_symbol = {{ nic_to_tfe.tfe0.name }}
ip_addr = 192.168.100.2
[tfe1]
enabled = {{ kni.tfe_nodes.tfe1_enabled }}
dev_eth_symbol = {{ nic_to_tfe.tfe1.name }}
ip_addr = 192.168.100.3
[tfe2]
enabled = {{ kni.tfe_nodes.tfe2_enabled }}
dev_eth_symbol = {{ nic_to_tfe.tfe2.name }}
ip_addr = 192.168.100.4
{% endif %}
[tfe_cmsg_receiver]
listen_eth = {{ nic_inner_ctrl.name }}
listen_port = 2475
[watch_dog]
switch = {{ kni.watch_dog.switch }}
listen_eth = {{ nic_inner_ctrl.name }}
listen_port = 2476
keepalive_idle = 2
keepalive_intvl = 1
keepalive_cnt = 3
[marsio]
appsym = knifw
[dup_traffic]
switch = 0
action = 2
capacity = 10000000
error_rate = 0.00001
expiry_time = 60
[traceid2pme_htable]
mho_screen_print_ctrl = 0
mho_thread_safe = 1
mho_mutex_num = 160
mho_hash_slot_size = 640000
mho_hash_max_element_num = 2560000
mho_expire_time = 30
mho_eliminate_type = LRU
#per thread
[tuple2stream_htable]
mho_screen_print_ctrl = 0
mho_thread_safe = 0
mho_mutex_num = 160
mho_hash_slot_size = 80000
mho_hash_max_element_num = 320000
mho_expire_time = 0
mho_eliminate_type = LRU
[field_stat]
remote_switch = 1
remote_ip = 127.0.0.1
remote_port = 58100
local_path = ./fs2_kni.status
stat_cycle = 1
print_mode = 1
# 1:FS_OUTPUT_STATSD; 2:FS_OUTPUT_INFLUX_LINE
statsd_format = 2
APP_NAME = fs2_kni
#self test Shunt rules security policy id
[tsg_diagnose]
enabled = 1
security_policy_id = 3,10
[ssl_dynamic_bypass]
enabled = 0
#kni dynamic bypass
[traceid2sslinfo_htable]
mho_screen_print_ctrl = 0
mho_thread_safe = 1
mho_mutex_num = 160
mho_hash_slot_size = 80000
mho_hash_max_element_num = 320000
mho_expire_time = 300
mho_eliminate_type = FIFO
[sslinfo2bypass_htable]
mho_screen_print_ctrl = 0
mho_thread_safe = 1
mho_mutex_num = 160
mho_hash_slot_size = 640000
mho_hash_max_element_num = 2560000
mho_expire_time = 300
mho_eliminate_type = FIFO
[proxy_tcp_option]
enabled = 1
maat_table_compile = PXY_TCP_OPTION_COMPILE
maat_table_addr = PXY_TCP_OPTION_ADDR
maat_table_fqdn = PXY_TCP_OPTION_SERVER_FQDN
enable_override = 0
client_tcp_maxseg_enable = 0
client_tcp_maxseg = 1460
client_tcp_nodelay = 1
client_tcp_ttl = 70
client_tcp_keepalive_enable = 1
client_tcp_keepalive_keepcnt = 8
client_tcp_keepalive_keepidle = 30
client_tcp_keepalive_keepintvl = 15
client_tcp_user_timeout = 600
server_tcp_maxseg_enable = 0
server_tcp_maxseg = 1460
server_tcp_nodelay = 1
server_tcp_ttl = 75
server_tcp_keepalive_enable = 1
server_tcp_keepalive_keepcnt = 8
server_tcp_keepalive_keepidle = 30
server_tcp_keepalive_keepintvl = 15
server_tcp_user_timeout = 600
bypass_duplicated_packet = 0
tcp_passthrough = 0
[share_session_attribute]
SESSION_ATTRIBUTE_LABEL=TSG_MASTER_INTERNAL_LABEL

11
roles/maat-redis/files/maat-redis-exporter.service
View File

@@ -1,11 +0,0 @@
[Unit]
Description=Redis Exporter for MAAT-REDIS
After=network.target
[Service]
ExecStart=/usr/bin/redis_exporter -redis.addr=redis://localhost:7002 -redis-only-metrics
Type=simple
[Install]
WantedBy=multi-user.target

12
roles/maat-redis/files/maat-redis.service
View File

@@ -1,12 +0,0 @@
[Unit]
Description=Redis persistent key-value database
After=network.target
[Service]
ExecStart=/usr/bin/redis-server /etc/maat-redis.conf --supervised systemd
ExecStop=/usr/libexec/redis-shutdown maat-redis
Type=notify
[Install]
WantedBy=multi-user.target

31
roles/maat-redis/tasks/main.yml
View File

@@ -1,31 +0,0 @@
- name: "copy maat-redis file to dest"
copy:
src: "{{ role_path }}/files/maat-redis.service"
dest: "/usr/lib/systemd/system"
mode: 0644
- name: "copy maat-redis exporter file to dest"
copy:
src: "{{ role_path }}/files/maat-redis-exporter.service"
dest: "/usr/lib/systemd/system"
mode: 0644
- name: "Template the maat-redis.conf"
template:
src: "{{ role_path }}/templates/maat-redis.conf.j2"
dest: /etc/maat-redis.conf
tags: template
- name: "start maat-redis"
systemd:
name: maat-redis.service
state: started
daemon_reload: yes
enabled: yes
- name: "start maat-redis exporter"
systemd:
name: maat-redis-exporter.service
state: started
daemon_reload: yes
enabled: yes

1317
roles/maat-redis/templates/maat-redis.conf.j2
View File

File diff suppressed because it is too large Load Diff

BIN
roles/mrzcpd/files/mrzcpd-4.3.30.4627eb7-1.el7.x86_64.rpm → roles/mrzcpd/files/mrzcpd-4.4.5.cebe25a-1.el7.x86_64.rpm
View File

Binary file not shown.

144
roles/mrzcpd/tasks/main.yml
View File

@@ -6,7 +6,7 @@
- name: "install mrzcpd"
yum:
name: /tmp/ansible_deploy/mrzcpd-4.3.30.4627eb7-1.el7.x86_64.rpm
name: /tmp/ansible_deploy/mrzcpd-4.4.5.cebe25a-1.el7.x86_64.rpm
state: present
- name: "update sysconfig/mrzcpd"
@@ -18,132 +18,18 @@
template:
src: "{{ role_path }}/templates/traffic_mirror/mrglobal.conf.traffic_mirror.j2"
dest: /opt/mrzcpd/etc/mrglobal.conf
when: nic_traffic_mirror is defined
- name: "copy mrapp.sapp4.conf to destination server"
template:
src: "{{ role_path }}/templates/mrapp.sapp4.conf "
dest: /opt/mrzcpd/etc/mrapp.sapp4.conf
when:
- tsg_access_type == 4 or tsg_access_type == 5
- name: "update mrglobal.conf.adc_inline"
template:
src: "{{ role_path }}/templates/adc_inline/mrglobal.conf.adc_inline.j2"
dest: /opt/mrzcpd/etc/mrglobal.conf
when:
- nic_traffic_mirror is not defined
- tsg_access_type == 1
- tsg_running_type == 2
- name: "update mrglobal.conf.server_inline"
template:
src: "{{ role_path }}/templates/server_inline/mrglobal.conf.server_inline.j2"
dest: /opt/mrzcpd/etc/mrglobal.conf
when:
- nic_traffic_mirror is not defined
- tsg_access_type == 1
- tsg_running_type != 2
- name: "update mrglobal.conf.allot - mcn0"
template:
src: "{{ role_path }}/templates/allot_access/mrglobal.conf.allot_access.j2"
dest: /opt/mrzcpd/etc/mrglobal.conf
when:
- nic_traffic_mirror is not defined
- tsg_access_type == 2
- name: "update mrglobal.conf.adc_tun_mode - mcn0"
template:
src: "{{ role_path }}/templates/adc_tun_mode/mrglobal.conf.adc_tun_mode.j2"
dest: /opt/mrzcpd/etc/mrglobal.conf
when:
- nic_traffic_mirror is not defined
- tsg_access_type == 3
- name: "update mrglobal.conf.ATCA_Vlan_Flipping"
template:
src: "{{ role_path }}/templates/ATCA_Vlan_Flipping/mrglobal.conf.ATCA_Vlan_Flipping.j2"
dest: /opt/mrzcpd/etc/mrglobal.conf
when:
- nic_traffic_mirror is not defined
- tsg_access_type == 4
- name: "update mrglobal.conf.ATCA_VXLAN"
template:
src: "{{ role_path }}/templates/ATCA_VXLAN/mrglobal.conf.ATCA_VXLAN.j2"
dest: /opt/mrzcpd/etc/mrglobal.conf
when:
- nic_traffic_mirror is not defined
- tsg_access_type == 5
- name: "update mrtunnat.conf.adc_inline"
template:
src: "{{ role_path }}/templates/adc_inline/mrtunnat.conf.adc_inline.j2"
dest: /opt/mrzcpd/etc/mrtunnat.conf
when:
- nic_traffic_mirror is not defined
- tsg_access_type == 1
- tsg_running_type == 2
- name: "update mrtunnat.conf.server_inline"
template:
src: "{{ role_path }}/templates/server_inline/mrtunnat.conf.server_inline.j2"
dest: /opt/mrzcpd/etc/mrtunnat.conf
when:
- nic_traffic_mirror is not defined
- tsg_access_type == 1
- tsg_running_type != 2
- name: "update mrtunnat.conf.allot_access - mcn0"
template:
src: "{{ role_path }}/templates/allot_access/mrtunnat.conf.allot_access.j2"
dest: /opt/mrzcpd/etc/mrtunnat.conf
when:
- nic_traffic_mirror is not defined
- tsg_access_type == 2
- name: "update mrtunnat.conf.adc_tun_mode - mcn0"
template:
src: "{{ role_path }}/templates/adc_tun_mode/mrtunnat.conf.adc_tun_mode.j2"
dest: /opt/mrzcpd/etc/mrtunnat.conf
when:
- nic_traffic_mirror is not defined
- tsg_access_type == 3
- name: "update mrtunnat.conf.ATCA_Vlan_Flipping"
template:
src: "{{ role_path }}/templates/ATCA_Vlan_Flipping/mrtunnat.conf.ATCA_Vlan_Flipping.j2"
dest: /opt/mrzcpd/etc/mrtunnat.conf
when:
- nic_traffic_mirror is not defined
- tsg_access_type == 4
- name: "update mrtunnat.conf.ATCA_VXLAN"
template:
src: "{{ role_path }}/templates/ATCA_VXLAN/mrtunnat.conf.ATCA_VXLAN.j2"
dest: /opt/mrzcpd/etc/mrtunnat.conf
when:
- nic_traffic_mirror is not defined
- tsg_access_type == 5
- name: "enable mrenv"
systemd:
name: mrenv
enabled: yes
daemon_reload: yes
when:
- tsg_access_type != 0
- name: "enable mrzcpd"
systemd:
name: mrzcpd
enabled: yes
daemon_reload: yes
when:
- tsg_access_type != 0
- name: "enable prometheus output - monit_device"
systemd:
@@ -157,36 +43,8 @@
enabled: yes
daemon_reload: yes
- name: "enable mrtunnat on master"
systemd:
name: mrtunnat
enabled: no
daemon_reload: yes
when:
- nic_traffic_mirror is not defined
- tsg_access_type != 0
- name: "disable mrtunnat on slave"
systemd:
name: mrtunnat
enabled: no
daemon_reload: yes
when: nic_traffic_mirror is defined
- name: "mask mrzcpd on server_tun_mode"
systemd:
name: mrzcpd
enabled: no
masked: yes
daemon_reload: yes
when:
- tsg_access_type == 0
- name: "mask mrtunnat on server_tun_mode"
systemd:
name: mrtunnat
enabled: no
masked: yes
daemon_reload: yes
when:
- tsg_access_type == 0

57
roles/mrzcpd/templates/ATCA_VXLAN/mrglobal.conf.ATCA_VXLAN.j2
View File

@@ -1,57 +0,0 @@
[device]
device={{ATCA_data_incoming.vf0_name}},{{ ATCA_data_incoming.vf1_name }},vxlan_user,vxlan_fwd
sz_tunnel=8192
sz_buffer=32
[device:{{ATCA_data_incoming.vf0_name}}]
mtu=4096
clear_tx_flags=1
hw_strip_crc=1
in_addr={{ ATCA_VXLAN.keepalive_ip }}
in_mask={{ ATCA_VXLAN.keepalive_mask }}
#rssmode=3
[device:{{ ATCA_data_incoming.vf1_name }}]
mtu=4096
clear_tx_flags=1
vlan-filter=1
vlan-strip=1
vlan-id-allow=4095
vlan-pvid=0
vlan-pvid-mode=2
hw_strip_crc=1
sz_tunnel=8192
sz_buffer=0
[service]
# lcore id for i/o service, use comma to split
iocore={{ mrzcpd.iocore }}
distmode=1
hashmode=0
idle_threshold=10000
[eal]
virtaddr=0x7f40c4a00000
loglevel=7
[keepalive]
check_spinlock=0
[ctrlzone]
ctrlzone0=tunnat,64
[pool]
create_mode=3
sz_direct_pktmbuf=4194304
sz_indirect_pktmbuf=8192
sz_cache=256
sz_data=4096
[forward]
nr_forward_rule=6
forward_rule_0=pv,{{ATCA_data_incoming.vf0_name}},{{ATCA_data_incoming.vf0_name}}
forward_rule_1=vp,{{ATCA_data_incoming.vf0_name}},{{ATCA_data_incoming.vf0_name}}
forward_rule_2=vv,vxlan_fwd,vxlan_user
forward_rule_3=vv,vxlan_user,vxlan_fwd
forward_rule_4=pv,{{ ATCA_data_incoming.vf1_name }},{{ ATCA_data_incoming.vf1_name }}
forward_rule_5=vp,{{ ATCA_data_incoming.vf1_name }},{{ ATCA_data_incoming.vf1_name }}

20
roles/mrzcpd/templates/ATCA_VXLAN/mrtunnat.conf.ATCA_VXLAN.j2
View File

@@ -1,20 +0,0 @@
[tunnat]
lcore_id={{ mrtunnat.lcore_id }}
appsym=tunnat
phydev={{ATCA_data_incoming.vf0_name}}
virtdev=vxlan_fwd
nr_max_sessions=524280
nr_slots=1048576
expire_time=60
reverse_tunnel=0
use_recent_tunnel=0
use_link_info_table=1
use_tuple4_as_sskey=0
ctrlzone_addr_info_type=2
idle_threshold=10000
[vlan_flipping]
enable=0
c_router_vlan_id_0=1000
i_router_vlan_id_0=1001
en_mac_flipping_0=0

60
roles/mrzcpd/templates/ATCA_Vlan_Flipping/mrglobal.conf.ATCA_Vlan_Flipping.j2
View File

@@ -1,60 +0,0 @@
[device]
device={{ATCA_data_incoming.vf0_name}},{{ ATCA_data_incoming.vf1_name }},vxlan_user,vxlan_fwd
sz_tunnel=8192
sz_buffer=32
[device:{{ATCA_data_incoming.vf0_name}}]
mtu=4096
clear_tx_flags=1
vlan-filter=1
vlan-strip=1
vlan-id-allow={{ ATCA_VlanFlipping.vlanID_1 }},{{ ATCA_VlanFlipping.vlanID_2 }},{{ ATCA_VlanFlipping.vlanID_3 }},{{ ATCA_VlanFlipping.vlanID_4 }}
vlan-pvid=0
vlan-pvid-mode=2
hw_strip_crc=1
#rssmode=3
[device:{{ ATCA_data_incoming.vf1_name }}]
mtu=4096
clear_tx_flags=1
vlan-filter=1
vlan-strip=1
vlan-id-allow=4095
vlan-pvid=0
vlan-pvid-mode=2
hw_strip_crc=1
sz_tunnel=8192
sz_buffer=0
[service]
# lcore id for i/o service, use comma to split
iocore={{ mrzcpd.iocore }}
distmode=1
hashmode=0
idle_threshold=10000
[eal]
virtaddr=0x7f40c4a00000
loglevel=7
[keepalive]
check_spinlock=0
[ctrlzone]
ctrlzone0=tunnat,64
[pool]
create_mode=3
sz_direct_pktmbuf=4194304
sz_indirect_pktmbuf=8192
sz_cache=256
sz_data=4096
[forward]
nr_forward_rule=6
forward_rule_0=pv,{{ATCA_data_incoming.vf0_name}},{{ATCA_data_incoming.vf0_name}}
forward_rule_1=vp,{{ATCA_data_incoming.vf0_name}},{{ATCA_data_incoming.vf0_name}}
forward_rule_2=vv,vxlan_fwd,vxlan_user
forward_rule_3=vv,vxlan_user,vxlan_fwd
forward_rule_4=pv,{{ ATCA_data_incoming.vf1_name }},{{ ATCA_data_incoming.vf1_name }}
forward_rule_5=vp,{{ ATCA_data_incoming.vf1_name }},{{ ATCA_data_incoming.vf1_name }}

23
roles/mrzcpd/templates/ATCA_Vlan_Flipping/mrtunnat.conf.ATCA_Vlan_Flipping.j2
View File

@@ -1,23 +0,0 @@
[tunnat]
lcore_id={{ mrtunnat.lcore_id }}
appsym=tunnat
phydev={{ATCA_data_incoming.vf0_name}}
virtdev=vxlan_fwd
nr_max_sessions=524280
nr_slots=1048576
expire_time=60
reverse_tunnel=0
use_recent_tunnel=0
use_link_info_table=1
use_tuple4_as_sskey=0
ctrlzone_addr_info_type=2
idle_threshold=10000
[vlan_flipping]
enable=1
c_router_vlan_id_0={{ ATCA_VlanFlipping.vlanID_1 }}
i_router_vlan_id_0={{ ATCA_VlanFlipping.vlanID_2 }}
en_mac_flipping_0=0
c_router_vlan_id_1={{ ATCA_VlanFlipping.vlanID_3 }}
i_router_vlan_id_1={{ ATCA_VlanFlipping.vlanID_4 }}
en_mac_flipping_1=0

67
roles/mrzcpd/templates/adc_inline/mrglobal.conf.adc_inline.j2
View File

@@ -1,67 +0,0 @@
[device]
device={{nic_data_incoming.name}},{{nic_to_tfe.tfe0.name}},{{nic_to_tfe.tfe1.name}},{{nic_to_tfe.tfe2.name}},vxlan_user,vxlan_fwd
sz_tunnel=8192
sz_buffer=0
[device:{{nic_data_incoming.name}}]
in_addr={{inline_device_config.keepalive_ip}}
in_mask={{inline_device_config.keepalive_mask}}
jumbo_frame=1
max_rx_pkt_len=15360
clear_tx_flags=1
vlan-filter=1
vlan-id-allow=1000,1001,4000,4001
[device:{{nic_to_tfe.tfe0.name}}]
jumbo_frame=1
max_rx_pkt_len=15360
clear_tx_flags=1
promisc=1
[device:{{nic_to_tfe.tfe1.name}}]
jumbo_frame=1
max_rx_pkt_len=15360
clear_tx_flags=1
promisc=1
[device:{{nic_to_tfe.tfe2.name}}]
jumbo_frame=1
max_rx_pkt_len=15360
clear_tx_flags=1
promisc=1
[service]
# lcore id for i/o service, use comma to split
iocore={{ mcn0_mrzcpd.iocore }}
distmode=2
hashmode=0
[eal]
virtaddr=0x7f40c4a00000
loglevel=7
[keepalive]
check_spinlock=0
[ctrlzone]
ctrlzone0=tunnat,64
[pool]
create_mode=3
sz_direct_pktmbuf=4194304
sz_indirect_pktmbuf=8192
sz_cache=256
sz_data=4096
[forward]
nr_forward_rule=10
forward_rule_0=pv,{{nic_data_incoming.name}},{{nic_data_incoming.name}}
forward_rule_1=vp,{{nic_data_incoming.name}},{{nic_data_incoming.name}}
forward_rule_2=vv,vxlan_fwd,vxlan_user
forward_rule_3=vv,vxlan_user,vxlan_fwd
forward_rule_4=pv,{{nic_to_tfe.tfe0.name}},{{nic_to_tfe.tfe0.name}}
forward_rule_5=vp,{{nic_to_tfe.tfe0.name}},{{nic_to_tfe.tfe0.name}}
forward_rule_6=pv,{{nic_to_tfe.tfe1.name}},{{nic_to_tfe.tfe1.name}}
forward_rule_7=vp,{{nic_to_tfe.tfe1.name}},{{nic_to_tfe.tfe1.name}}
forward_rule_8=pv,{{nic_to_tfe.tfe2.name}},{{nic_to_tfe.tfe2.name}}
forward_rule_9=vp,{{nic_to_tfe.tfe2.name}},{{nic_to_tfe.tfe2.name}}

21
roles/mrzcpd/templates/adc_inline/mrtunnat.conf.adc_inline.j2
View File

@@ -1,21 +0,0 @@
[tunnat]
lcore_id={{ mrtunnat.lcore_id }}
appsym=tunnat
phydev={{nic_data_incoming.name}}
virtdev=vxlan_fwd
nr_max_sessions=524280
nr_slots=1048576
expire_time=60
reverse_tunnel=0
use_recent_tunnel=0
use_tuple4_as_sskey=1
ctrlzone_addr_info_type=2
[vlan_flipping]
enable=1
c_router_vlan_id_0=1000
i_router_vlan_id_0=1001
en_mac_flipping_0=0
c_router_vlan_id_1=4000
i_router_vlan_id_1=4001
en_mac_flipping_1=0

Some files were not shown because too many files have changed in this diff Show More